HP-UX Secure Resource Partitions

HP-UX Secure Resource Partitions (SRP) are used to consolidate multiple applications within a single image of the HP-UX 11i operating system. This is an effective way to lower the total cost of ownership (TCO). One instance of HP-UX 11i is licensed, thus reducing initial software license costs contrasted to multiple servers running multiple instances of the software. Application software licensing and recurring costs may also be reduced depending on the licensing metrics. Due to reduced software instances and reduced server count, TCO may also be lowered for the recurring costs of maintenance and support, IT operations, administration and facilities costs.

SRP uses a combination of Security Containment compartments and HP Process Resource Manager to provide controlled isolation of execution environments and system resources. SRPs can be started and stopped in the same manner as a single system. User log-in can be directed to a specified SRP, and each SRP can be assigned a private IP address. CPU, memory, and disk resources can be managed and scheduled on a per-SRP basis.

Security is improved and business costs associated with unplanned downtime or loss of assets due to security breaches provide additional TCO and customer service benefits. Secure partitioning is achieved utilizing Security Containment compartments.

Get started

Analyst reports

White papers

Security Containment compartments provide for the isolation of files, and process and networking I/O, associated with each application. Multiple application instances run securely and isolated in a consolidated environment. Compartments provide for the isolation of files and process associated with each application. Three core technologies are used for this isolation: compartments; fine-grained privileges; and role-based access control. Together, these three components provide a highly secure operating environment without requiring applications to be modified.

These components are in the Common Criteria evaluated configuration of HP-UX 11i v3 certified against the COTS Compartmentalized Protection Profile - Operating Systems (CCOPP-OS). SRP’s can be configured in a vPars and nPar which are also in the evaluated configuration. The benefit is a third-party evaluation of protections against an approved protection profile. SRP is a safe method of partitioning insuring that an application within an SRP is isolated.

HP Process Resource Manager (PRM) is a resource management tool used to control the amount of resources that processes belonging to an SRP compartment can use during peak system load. PRM manages the allocation of CPU, real memory, and disk I/O bandwidth resources.

The establishment of Secure Resource Partitions is simplified with new SRP v2 features. Increased flexibility is offered for the base SRP configuration and life-cycle management of SRP adds changes and drops.

Establishment of an SRP is simplified with a Base SRP Template providing a guided set-up process. This process coordinates the establishment of compartments, and compartment log-in. The flexibility of optional configuration choices are presented for the implementation of Role Based Access Control (RBAC), enablement of IPFilter, IPSec, SSH and the set-up of HP Process Resource Manager (PRM).

SRP v2 now includes application templates tailored for specific applications. Using the guided set-up feature of the template, the application is tailored to an SRP. This process incorporates industry best practices, and requires minimal additional knowledge up and above normal application set-up.

Oracle SRP Template incorporates a guided process to set-up Oracle in an SRP. This is an easy, best practices method to operate Oracle applications in an SRP and realize the benefits of database consolidations. The Base SRP Template asks a few questions to establish the SRP. Then a few more questions from the Oracle SRP template guides the set up of the SRP compartment rules to control access to the Oracle files and networking paths. With a very short guided set-up, customers can consolidate Oracle under one-instance of HP-UX 11i and reduce the number of servers running Oracle to an efficient workload server profile. The business value is to shorten the implementation cycle of workload consolidation thereby reducing time to market, implementing the business value quicker and reducing TCO costs.

Apache SRP Template is used to set-up Apache in an SRP. Other components of the HP-UX 11i Web Server Suite such as Tomcat and Webmin may be set up in an SRP, but are not guided with this template.

Secure Shell SRP Template guides the set up of secured remote login, file transfer and remote command execution for an SRP.

SRP v2 is available for software download from HP Software Depot.