| Setting | Address range | |
|---|---|---|
| DS8000® Black network (eth0) | DS8000 Gray network (eth3) | |
| Default | 172.16.0.0 to 172.16.255.255 | 172.17.0.0 to 172.17.255.255 |
| Option 1 | 10.235.158.0 to 10.235.159.255 (10.235.158.0/23) | 10.236.158.0 to 10.236.159.255 (10.236.158.0/23) |
| Option 2 | 192.168.162.0 to 192.168.163.255 (192.168.162.0/23) | 192.168.164.0 to 192.168.165.255 (192.168.164.0/23) |
| Option 3 | 9.15.132.0 to 9.15.133.255 (9.15.132.0/23) | 9.16.132.0 to 9.16.133.255 (9.16.132.0/23) |
The HMC does not route traffic between the networks. There is no IP forwarding configured on the HMC. On the HMC, a firewall is configured to only enable ports and traffic that are needed for the DS8000 connectivity. All security-sensitive configuration changes (network, firewall, remote support) can only be performed on the local HMC. For audit purposes, each network node keeps log files of user activity and authentication.
The VPN is a point-to-point connection, initiated by a proprietary VPN client on the HMC and connected to the VPN server within the IBM Demilitarized Zone (DMZ). The connectivity entry point into the IBM infrastructure is also secured by a Demilitarized Zone (DMZ). The VPN employs the IPSec protocol with Triple DES encryption algorithm (168-bit). Triple DES (3DES) is a strong form of encryption that allows sensitive information to be transmitted over untrusted networks.