I wanted to educate myself on Tandem / HP NonStop systems. These are my notes.
I've worked with Solaris, AIX, and Linux. I've also worked with HP-UX on HP/9000's on PA-RISC and Itanium. I've worked with HP/3000 administrators. But I wasn't as familiar with "Tandem"s as I'd like. So, I did some research.
I've worked with Solaris, AIX, and Linux. I've also worked with HP-UX on HP/9000's on PA-RISC and Itanium. I've worked with HP/3000 administrators. But I wasn't as familiar with "Tandem"s as I'd like. So, I did some research.
First, they stopped using the "Tandem" name when they were bought by Compaq 20 years ago. They're HP NonStop systems now.
The notes in the graphics have lots of other information. I created all of the graphics myself. License notes are below.
Virtualization you know
Most security professionals are familiar with VMware ESXi, Hyper-V, QEMU, or other virtualization style technologies which let you run multiple OS instances and applications on a single piece of hardware. Like this:
Tandem / HP NonStop Virtualization
Virtualization on Tandem (now called HP NonStop) is totally different. Today, we'd call them clusters. The idea is that one OS image runs across multiple hardware servers. Servers are connected to multiple network ports and storage devices. Each network and storage device is connected to multiple servers. That way, if one server, NIC, RAID card, disk, DIMM, CPU, or any other component dies, the application stays up. Way cool stuff.
Summary / Implications
In the ESXi environment that most people are familiar with, you could have "high security" and "low security" VM's running in the same cluster. The Hypervisor should keep an adversary from jumping from a compromised low security VM to a high security one. NonStop OS provides no such segmentation. If your application is exposed to the Internet, per say, then the whole OS and everything that runs in it is also exposed.
Each deployment will have to consider that with their organization's risk appetite.
Resources
- http://www8.hp.com/h20195/V2/
GetDocument.aspx?docname=4AA4- 2988ENW&cc=us&lc=en - http://h20223.www2.hp.com/
NonStopComputing/cache/76809- 0-0-0-121.html - http://en.wikipedia.org/wiki/
Tandem_Computers - http://www.serverwatch.com/
server-news/hp-extends- itanium-nonstop-servers.html - http://www.scribd.com/doc/
237725464/HP-NonStop-Server- Virtualization-Primer#scribd - http://en.wikipedia.org/wiki/
Itanium#Itanium_9500_. 28Poulson.29:_2012 - http://www.tandsoft.com/pdf/
N2TUG%202013%20Vendor% 20Presentation.pdf - http://www.isaca.org/Groups/
Professional-English/hp- nonstop-tandem/Pages/Overview. aspx
Thanks for reading!
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
