HP Integrity Virtual Machines

The newest solution in HP's partitioning continuum is called HP Integrity Virtual Machines. This is a fully virtualized environment for running applications. You can run what is called the virtual machine host on any Integrity system or nPartition. On top of the VM host, you run virtual machines, which present themselves to the operating system inside the VM as a physical server. However, all of the resources of that system are virtualized. The physical CPUs, memory, and I/O devices are managed by the VM and what the VMs see is a virtual resource that is mapped on top of the physical devices in the system. This allows the physical resources to be shared by multiple OS images. The virtualization that is provided by Integrity VM is so complete that the operating systems running inside the VMs run without modification. This means that all the operating systems that are supported on Integrity hardware will run inside VMs. This includes HP-UX initially and future versions will support unmodified versions of Linux, Windows, and OpenVMs. Features The major features of Integrity VM include: OS isolation: Each partition runs its own full copy of the operating system. This means that the OS can be patched and tuned specifically for the applications that will be running there. Sub-CPU or whole-CPU granularity: Since the system is virtualized, each virtual CPU inside a VM can represent a portion of a CPU or a whole CPU on the physical system. Differentiated CPU controls: You can give differentiated access

Each incident, whether it was timely and thorough, and whether it resulted in effective corrective actions.Question 11 - ID: 6813097Which of the following is the MOST effective control for protecting the confidentiality and integrity of data stored unencrypted on virtual machines?Select oneA.Review logical access controls on virtual machines regularly.B.Restrict access to images and snapshots of virtual machines.C.Monitor access to stored images and snapshots of virtual machines.D.Limit creation of virtual machine images and snapshots.Answer and explanation:The most effective control for protecting the confidentiality and integrity of data stored unencrypted on virtual machines is to monitor access to stored images and snapshots of virtual machines. Images and snapshots are copies of virtual machines that can be used for backup, restoration, or cloning purposes. If data stored on virtual machines are unencrypted, they may be exposed or compromised if unauthorized or malicious users access or copy the images or snapshots. Therefore, monitoring access to stored images and snapshots can help detect and prevent any unauthorized or suspicious activities, and provide audit trails for accountability and investigation. Restricting access to images and snapshots of virtual machines, limiting creation of virtual machine images and snapshots, and reviewing logical access controls on virtual machines regularly are not the most effective controls for protecting the confidentiality and integrity of data stored unencrypted on virtual machines. These controls may help reduce the risk or impact of data exposure or compromise, but they do not provide sufficient visibility or assurance of data protection. Restricting access to images and snapshots may not prevent authorized users from abusing their privileges or credentials. Limiting creation of virtual machine images and snapshots may not address the existing copies that may contain sensitive data. Reviewing logical access controls on virtual machines regularly may not reflect the actual access activities on images and snapshots.Question 12 - ID: 8413078Which of the following is the MOST effective way to maintain network integrity when using mobile devices?Select oneA.Implement outbound firewall rules.B.Perform network reviews.C.Review access control lists.D.Implement network access control.Answer and explanation:The most effective way to maintain network integrity when using mobile devices is to implement network access control.

Major security-related concern. Next, we explore approaches that leverage different protocols and techniques in order to provide secure communication within virtual networks.5.3.1 VLANs and VPNsThe security goals approached by Cabuk et al. [5] include integrity, data isolation, confidentiality, and information flow control. Other than integrity, the remaining three goals, are directly related, and are tackled by a data confidentiality mechanism. The framework uses TVDs to control data access. However, virtual machines that belong to different TVDs may be hosted in the same physical machine. Therefore, it is necessary to ensure proper isolation, preventing a TVD from accessing data that belongs to another TVD.The proposed solution for this challenge employs a combination of VLANs and VPNs. VLANs are used to identify packets belonging to different networks, allowing VLAN-enabled devices to route packets to the appropriate network interfaces, thus providing adequate isolation. Untrusted physical channels, however, may require a higher level of security. Therefore, if necessary, VPNs are used to provide data confidentiality by means of end-to-end cryptography.5.3.2 Tunneling and cryptographyWolinsky et al. [19] make use of tunneling in order to isolate network traffic between virtual machines (in this case, virtual workstations). Two tunneling approaches are employed. In the first approach, the host system runs a tunneling software that captures packets incoming from physical interfaces and forwards them to virtual machines. In the second approach, the tunneling software runs inside virtual machines, and traffic is restricted within virtual networks through the use of firewall rules. According to the authors, while the second approach is easier to deploy, malicious users may be able to subvert this firewall, compromising the system. Although the focus of Wolinsky et al. is isolation between virtual workstations, we believe that the techniques used to achieve such isolation could be extended to virtual routers in network virtualization environments.Fernandes and Duarte [26,31] deal with data confidentiality in communications between a virtual router and the Virtual Machine Monitor (VMM) hosting it. After the authentication process, described in Section 2, virtual routers use symmetrical cryptography in order to securely communicate with the VMM.Huang et al. [22] present a framework that provides secure routing. In the environment presented by the authors, routing information that is propagated through a virtual network is confidential and needs to be kept secret from unauthorized network entities. Routing information is categorized in groups, and group keys are assigned to virtual routers. Therefore, routing information can be encrypted, ensuring that only routers with the correct key are able to decrypt this information. Thus, routing information relative to a given group is protected against unauthorized access from other groups, other virtual networks or the physical network itself.Similarly to the previously described approach, Fukushima et al. [24] aim to protect sensitive

Multi-platform development product enabling installation on cross-platform desktop and server applications including Microsoft Windows, Linux, Mac OS X, Solaris, AIX, HP-UX and the IBM iSeries.InstallAnywhere is a multiplatform development solution for application producers who need to deliver a professional and consistent cross installation experience for physical, virtual and cloud environments. From a single project file and build environment, InstallAnywhere creates reliable installations for on-premises platformsWindows, Linux, Apple OS X, Solaris, AIX , HP-UX and IBM iSeries and enables you to take existing and new software products to a virtual and cloud infrastructure.InstallAnywhere is available in the following editions: InstallAnywhere Premier Edition InstallAnywhere Professional Edition Premier with Virtualisation and Cloud InstallAnywhere – FeaturesCurrent Features:Multiplatform Installations: Save time by creating a single installation project to build installations for each of the platforms you support.Enterprise-Ready Virtual Appliances: Build faster and easier by creating virtual appliances directly from existing virtual machines, includes support for building 64-bit virtual appliances. Multi-Tier Virtual Appliances: Simplify evaluations and production deployments of multi-tier applications by bundling several virtual machines into a single enterprise-ready virtual appliance.Cloud-Ready Virtual Appliances: Reuse existing installation project information to simplify the process of creating Amazon Machine Images. These images can be shared with customers or deployed directly to Amazon EC2 to facilitate cloud migrations.Support For The Latest Platform: Support for the latest platforms, including: Windows 8 and Windows 8.1, Windows Server 2012 and Windows Server 2012 R2, Apple OS X Mountain Lion (10.8), Apple OS X Mavericks’ (10.9), SUSE Linux 11.3, Ubuntu 12.04, Solaris 11 Sparc, HP-UX 11i, AIX 7.1, IBM i5/OS, Z/OS, RHEL 6 and Fedora 16Pure 64-Bit Installations: Support Windows Server Core in the modern data center by creating pure 64-bit installations for Windows Servers that have disabled the 32-bit subsystem (WoW64).Java 7 Support for Apple OS X: Supports using Oracle Java 7

When I was trying to find a way to create an Integrity VM, I had to do alot of research. It was difficult to find updated information and correct syntax for later builds of HP-UX and later versions of the VM software. Being the thoughtful and forward thinking internet citizen that I am, I figured I’d give back a little…So, without further adieu, here is the steps necessary to create an HP-UX Integrity VM on HP-UX 11.31 using HPVM version 6.xCreate a virtual switch firsthpvmnet -c -S -n The LanID references the numeric portion of the name. Run netstat -in to find yoursExample: hpvmnet -c -S vswitch1 -n 10Boot up the switch by running: hpvmnet -b -S Run hpvmnet to see a statusNow, create the virtual machinehpvmcreate -P -l -O HPUX -a network:avio_lan::vswitch:This creates the VM with a default network connection.hpvmmodify -P -a dvd:avio_stor::file:/path/to/HPUX1131.isoThis will create a virtual DVD device connected to an iso for installation later. If you’re going to install from ignite or something else, dont worry about this parthpvmmodify -P -a disk:avio_stor::lv:/dev/vgname/rdeviceThis is adding storage for the VM to use. You could also add a disk image file instead of a real logical volume if you wantedTo create a disk image file, run something like hpvmdevmgmt -A -S 10G /path/to/vmdir/diskimage.fdYour VM is now created! You can run hpvmstart -P to boot the VM upIf you need to install via an iso, just connect to the console by using hpvmconsole -P and then selecting boot to file from the boot menu, and then selecting removable media. Or, just wait and it should boot automatically if you added the DVD device.hpvmstart, hpvmstatus, hpvmstop are useful commands to manage your VMs

To the physical CPUs to specific VMs. You will be able to define specific CPU entitlements for each VM. For example, you can assign a four-CPU VM 50% of four physical CPUs, another VM can get 25%, and a third 25%. I/O device sharing: Integrity VM provides fully virtualized I/O, which means multiple virtual SCSI cards can represent a single physical SCSI or fibre channel card. Supports HP-UX initially, and will eventually support Linux, Windows, and OpenVMS: Because the system is fully virtualized, it is possible to run any of the operating systems that are supported on the Integrity platform inside a VM. Support for the full line of Integrity Servers: From 1 to 128 processor systems are supported for use with Integrity VM. Software-fault isolation: Software faults in one VM can't impact other VMs. Security isolation: It is not possible for a process inside a VM to access the memory or devices allocated to another VM. High-Level Architecture HP Integrity VM is implemented by running what is called the VM host on top of the hardware rather than running a standard operating system. Figure 2-13 shows the high-level architecture of a system running Integrity VM. Figure 2-13. High-Level Architecture of Integrity VM The VM host runs on top of the hardware and boots the various VMs, which each run their own copy of an operating system, which boot normally and start up whatever application workloads are intended to run in that VM. Resource Virtualization Each VM will have a