1

I have a server (HP DL380pG8) in one of data centers in my country. As I was thinking about securing my data, I was thinking about what if, someone in data center, extracts one of disks which are active in raid 1, and replaces that with another disk. Is this a common issue? What can I do to monitor this from ESXi? I know its rare and maybe no one can do it in front of security cameras, guards, etc. But I want to make sure, data is not accessible this way (some alarm in ESXi, as soon as missing one disk or something similar) thanks.

FarhadGh
  • 53
  • 3

3 Answers3

3

This is a discussion you need to have with your datacenter about security, access controls and their internal processes.

We can't help you other than saying that it's unlikely that someone would want your data enough to do this.

As for an alert, you won't be able to receive one in ESXi unless you have a vCenter server and the HP management agents installed in ESXi.

Alternatively, you can configure your ILO4 to send AlertMail on hardware health events.
This would send an email on disk removal or failure.

ewwhite
  • 197,159
  • 92
  • 443
  • 809
2

Pity it's a Gen8 not a Gen9 as with most if not all Gen9 disk controllers you can buy (quite cheaply) a licence to encrypt any disk connected to the controller - this isn't a special disk, any disk will work - in fact the licence isn't even verified, you could just switch this feature on and buy the licence later. This is with Px4x series controllers btw, like the P440ar etc. You can buy one of these and add it to a Gen8 btw.

Chopper3
  • 101,299
  • 9
  • 108
  • 239
  • Thanks. I'm not expert in hardware topics. your answer and Ewwithes answer was useful. But I think yours is more reachable for me. – FarhadGh Feb 20 '16 at 12:52
1

Definitely not common but if you have sensitive data on the server you would need to do something about it.

There's self-encrypting "FDE" disks where the disk's key stays in your controller and the disk will not be readable. Those disks are not much more expensive than ones without that feature. In that case make sure you backup your raid controller's config to some other location or you will find that you'll also be locked out if the controller failed (and just you to blame). You'll have to make a choice and test / document very hard if you wanna do that: it's NOT common to do outside of high security systems, be it corporate engineering, military or anything like that. You can do it, but then you also gotta be on top of it.

I'd instead start with contracty stuff, like getting it in writing that the ISP will shred failed disks within a defined time (costs money!). And also, the easiest thing: Make note of your disks' serial numbers and if you see one have a weird intermittent failure, check if it still has the same serial. On LSI you can also disable auto-rebuild of LUNs which means you got to manually ACK and start a rebuild. puts your data at a higher risk because the rebuild only takes off once you got around to doing it. But gives more security and that IS a common thing for professional environments. (Typical hosting outfits will have autorebuild enabled, locked down datacenter might not)

In order of easyness to being effective:

  • contractual stuff (enterprises would have)
  • inventory tracking (hard proof, need to have. also good vs. mistakes)
  • monitoring (always good but it's like a camera. you can only watch the crime ;)
  • disabling automagic (but more reaction time + risk)
  • hw encryption (but more effort in backups)

Also keep in mind that any legal intervention tops any contract. (But I assume you're not stupid and not putting up a server for illegal stuff) The same risk comes with any bad guy with physical access.

Florian Heigl
  • 1,479
  • 12
  • 20