Problem solve Get help with specific problems with your technologies, process and projects.

Blade server security on a storage area network (SAN)

VARs should understand why blade chassis can actually add to blade server security, and why using PXE security best practices will harden your customers' blade server.

I am consulting for a company that uses virtualized servers running on blades, and I have some real concerns. The blades don't have a hard disk, so all the data is going off to a storage area network (SAN). Do you have any suggestions about how to make this data more secure?

To answer this question, I went to a great source, Anne Skamarock, co-author of Blade Servers and Virtualization: Transforming Enterprise Computing While Cutting Costs. She says: "The person who asks this question doesn't discuss what the distances are for the SAN or what protocols are being used but, again, this has little to do with the blades and everything to do with implementing network and SAN security. Depending on what their bladed architecture is, the blade chassis can actually add to the security because the first set of network switches are often housed within the blade chassis, adding to physical security.

"If the blades are completely diskless, that means they are booting via Preboot Execution Environment (PXE). This is probably the area where the concern lies due to the http-like nature of PXE. This environment, at least today, does not provide a way for detecting and disallowing unknown servers from performing remote installations. Because of this, one would follow the same best practices to secure the PXE as they would to secure their overall network such as:

  • Physical security
  • Firewalls
  • Auditing and monitoring for intrusions
  • Strong password protocols/procedures"

Dig Deeper on Cybersecurity risk assessment and management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.