How to Harden the Security of your ThinkSystem Server and Management Applications

This paper provides guidance to securely deploy Lenovo® servers and management applications within an organization. For servers, it focuses on security hardening of ThinkSystem™ servers, but the guidance can be applied to other servers as well. It also focuses on the primary applications used to manage Lenovo ThinkSystem servers such as Lenovo XClarity™ Controller and Lenovo XClarity Administrator. The paper provides guidance and recommendations for configuring the servers and applications, so they are secure and hardened.

This paper is targeted at individuals responsible for the security of servers and applications used to manage them. Readers should be familiar with ThinkSystem Server configuration using the F1-System Setup menus or OneCLI and the Lenovo management software used to manage the ThinkSystem server.

Introduction
Hardening UEFI
Hardening Lenovo XClarity Controller
Hardening Lenovo XClarity Administrator
Hardening Lenovo XClarity Orchestrator
Hardening Chassis Management Module
Hardening System Management Module
Hardening Fan and Power Controller

To view the document, click the Download PDF button.

Changes in the March 22, 2024 update:

• Added a recommendation about storing your passwords:
  • “Set an administrator password” on page 9
  • “Set a Power-On Password” on page 10
  • “Change the Default Account Username and Password” on page 25

Related product families

Product families related to this document are the following:

• Lenovo XClarity