In environments in which virtual PCs are used (hereafter, virtual PC environments) and environments in which Server Based Computing is used (hereafter, SBC environments), using the automatic quarantining function of Resource Orchestrator enables security risks to be handled more quickly than in environments in which the function is not used.
Virtual PC environments and SBC environment servers are managed by Resource Orchestrator as L-Servers.
- Virtual PC environments and SBC environment servers operating on VM hosts are managed as virtual L-Servers.
- SBC environment servers operating on physical servers are managed as physical L-Servers.
- Virtual L-Servers and physical L-Servers are collectively referred to as "L-Servers".
The automatic quarantining function provides the following functionality so that corrective action is taken quickly when security risks are detected on L-Servers managed using Resource Orchestrator.
- Action targeting security risks detected on L-Servers can be performed automatically, or manually at the discretion of an administrator.
- The following actions can be performed in response to security risks. Which action is performed can either be selected (hereafter, "action selection") during system preparations.
- Automatically performed actions
-
- Transfer from the operation network to the quarantine network
- Reboot
- Reboot after transferring from the operation network to the quarantine network
- Actions performed at the discretion of an administrator
-
- Sending of mail notifications to the administrator. The administrator can choose whether to perform the same operation as would be performed automatically, according to the content of the email notification which will change based on the situation.
- After transfer to the quarantine network, once security risks have been resolved, the L-Server is recovered from the quarantine network to the operation network.
- When actions are performed automatically when security risks are detected, an email notification is sent to the administrator so that quarantining of the L-Servers on which security risks are detected can begin immediately.
- Message notifications are sent to users to inform them of the reason why they can no longer use virtual PCs when security risks are detected.
* The types of security risks which can cause an L-Server to be quarantined are "viruses" and "malware".
This function does not handle "spyware", "grayware", or "C&C callbacks".
This function does not handle "outbreaks" (occurrences of mass infections or mass failures).
Figure 1.1 Automatic Quarantining Function
