IT Operations Management (ITOM)
cancel

Conversations with a Product Manager: Stand it up and secure it with Server Automation 10.50

Conversations with a Product Manager: Stand it up and secure it with Server Automation 10.50

NimishShelat

HPE Server Automation (SA) is HPE’s server lifecycle task automation solution. The latest release continues to provide Server Administrators with an easy and reliable option to manage server environments. Here to answer some questions on the latest release is Cosmin Rus, Product Manager on the Data Center Automation team.

Liam Bucher: Can you highlight a few of the main goals in this release and how those will impact users?

Cosmin Rus: The three main themes our team wanted to focus on within this release; modernizing the infrastructure, enhancing scalability, and improving security performance of the platform, making integration with other components of the Data Center Automation suite easier and more stable. We’ve also added in key features for hardware compatibility, patching capabilities, and compliance protocols.

LB: Speaking to hardware compatibility, users can now install and validate SA agents on IBM VIOS Servers. Discuss the importance for the unique partition capabilities installed on these servers?

CR: This is extremely important for customers with large IBM hardware environments. VIOS is a special partition on an IBM Power Server, and as it is an appliance, the performance dictates the systems which carry the workload. IBM VIOS is strict regarding the approved software that can be installed, and the list now includes the HPE SA Agent. HPE’s SA Agent being recognized means fewer tools are required to manage those environments.

LB: You mentioned enhancing scalability and patching was a large focus in this release, what stands out to you?

CR: Red Hat Satellite v6 comes to mind first, allowing users to more easily import packages in areas without internet access using the latest satellite version. This feature is important for customers who use the RH satellite as an alternative to downloading patches from the public Red Hat content delivery network.

Nimish6.jpgLB: Red Hat capabilities seem to be an area of focus from the team in this release, can you elaborate more?

CR: Red Hat is one of the most widely used Operating Systems, making it important to continue improving SA integration and compatibility. Also in this release is the ability for RPM Rollback via YUM history. Once a patch is executed, a rollback point is created, allowing you to return to that previous state. It’s important to note this is not targeted as a back-up point for the system, but meant for small packages and software non-essential to the OS, such as kernel packages or content libraries.

LB: What about integration with SuSE Manager?

CR: SuSE is an equivalent of Red Hat Satellite, used for importing patches on other OS. In the context of SA, we are using it as a proxy for patch implementations and other policy updates. In future releases we’d like to continue improving this tool with connections to the SUSE customer center.

LB: SA 10.50 introduces new compatibility support for SE Linux. Can you describe the changes for controls and security enforcement?

CR: SE Linux is commonly used in the government and finance sectors. SA 10.50 improves support for users and environments where high security standards and strict requirements are placed on the machines. SELinux can enforce rules on files and processes in a Linux system, based on defined policies.

LB: Are there any other specific scalability or performance upgrades you’d like to mention about this release?

CR: I must mention that there were enhancements made to the replication mechanism, allowing users to attach and remediate larger patch policies on a larger number of servers. I also want to call out the dynamic patch policy for Red Hat; updating patch policies by discovering what is applicable to the managed servers against what is available in the SA repository.

LB: Continuing with security and compliance, there is an update from SSLv3/TLS 1.0 to TLS v1.1 in this release.

CR: The last year or so presented some large vulnerabilities found in open SSL software and other protocols, most recognizably, the Heartbleed Bug. Many vulnerabilities were related to SSLv3 and even TLS1.0 had some; although, it would have been difficult to exploit within SA. Because of this, we updated the cryptographic protocols to improve security and support users who are required to be in compliance with new PCI regulations starting in January, 2017. We’ve also provided enhancements for configuration, making it easy to remove and replace cryptographic protocols.

LB: Thank you, Cosmin, for sharing more details on the newest release of HPE SA. To our readers, head over to the HPE Data Center Automation page and download your free 90-day trial to experience the power behind the HPE DCA Suite.

See more in Conversations with a Product Manager: Operations Orchestration, the life of the party.

  • infrastructure management
0 Kudos
About the Author

NimishShelat

Nimish Shelat is currently focused on Datacenter Automation and IT Process Automation solutions. Shelat strives to help customers, traditional IT and Cloud based IT, transform to Service Centric model. The scope of these solutions spans across server, network, database and middleware infrastructure. The solutions are optimized for tasks like provisioning, patching, compliance, remediation and processes like Self-healing Incidence Remediation and Rapid Service Fulfilment, Change Management and Disaster Recovery. Shelat has 23 years of experience in IT, 20 of these have been at HP spanning across networking, printing , storage and enterprise software businesses. Prior to his current role as a Manager of Product Marketing and Technical Marketing, Shelat has held positions as Software Sales Specialist, Product Manager, Business Strategist, Project Manager and Programmer Analyst. Shelat has a B.S in Computer Science. He has earned his MBA from University of California, Davis with a focus on Marketing and Finance.