Live Op�cs security tech brief

In This Briefing
Collector Security
Protocols Used
Securing the Online Analy�cs Portal

© 2021 Dell
Security Overview
Briefing to understand security implemented while collecting and processingperformance metrics 2021

The integrity of the Live Op�cs collector, security of the customer environment, and protec�on of customer data are issues of paramount
concern in all elements of design of the Live Op�cs applica�on. Security overrides all other concerns. As an example, many
frequently-requested usability features have been rejected, as such features would compromise our strict security requirements.

Live Op�cs security areas can be divided into the following categories:
Collector Integrity
Collector Informa�on-Gathering Protocols
Collector Live Op�cs Web Service Security
SIOKIT file security
Live Op�cs Web Applica�on Security
Collector Security
Security begins with the Live Op�cs collectors. This sec�on covers security issues
pertaining directly to the Live Op�cs collectors.

Collector Integrity

The Live Op�cs collectors are na�ve binary executables for the Windows and Linux pla�orms. These executables run in customer environ-
ments, o�en at elevated privilege levels. Guaranteeing the integrity of these collectors is of cri�cal concern.

With the introduc�on of Live Op�cs, Dell has moved the Live Op�cs collector download to a login-protected, HTTPS (SSL) download
link. By downloading the collectors directly, users know they are ge�ng the collector directly from Dell. The Windows collector is
digitally signed by Dell. The collector’s internal meta-data is also signed to guarantee that the collector and the End User meta-data
iden�fying the collector has not been altered.

Collector Informa�on-Gathering Protocols

As the collector gathers informa�on from the target servers or hardware appliance, the security ramifica�ons of the underlying protocols
are scru�nized.

First, any creden�als provided to the collector for remote server access are never
persisted in any kind of file or sent back to Dell in any format. Creden�als are
encrypted in memory using OS-defined methods, in the event that the collector’s
memory is paged to disk, or if the collector memory should otherwise be accessed.

For local Windows collec�on, the collector uses the PDH protocol and other Windows
system API calls. The PDH protocol also could be used for remote collec�on.
However, this protocol is not sufficiently secure when used remotely. So, for remote
collec�on, the collector uses the remote WMI protocols. These protocols use the
Windows remote Kerberos authen�ca�on to securely access the remote systems.
Passwords are never transmi�ed in plain text.

© 2021 Dell
Security: con�nued
For remote Linux collec�on, the collector uses SSH to establish an encrypted secure shell with the target Unix system. The Windows
collector only supports the latest SSH 2.0 key exchange methods.

The Linux collector uses the SSH module installed on the system where the collector runs. We advise users to update their SSH and
underlying OpenSSL libraries to the most recent libraries.

For VMware collec�on, Live Op�cs uses VMware’s SOAP based HTTPS API. This method uses HTTPS/SSL which is an encrypted communica-
�on stream. Live Op�cs uses the OpenSSL library for SSL communica�on. The library is updated rou�nely with the most recent updates
from the OpenSSL development team.

Live Op�cs Web Service API Communica�on

Live Op�cs communicates (op�onally) with Live Op�cs analy�cs servers using a SOAP based HTTPS protocol. The SSL stream is encrypted
using the OpenSSL library. Again, the SSL libraries are updated to have the latest security patches from the SSL team. Addi�onally, the Live
Op�cs Web Service API requires SSL Client Cer�ficate Authen�ca�on. The SSL Client Cer�ficate is embedded into the Live Op�cs collector
as a part of the signed meta-data including the collector build.

Live Op�cs SIOKIT File Security

Live Op�cs SIOKIT files are encrypted with 2048 bit RSA and 256-AES keys. The key pairs are generated per collector. The private keys are
secured within the Dell EMC Live Op�cs datacenter. The public keys are embedded into the collector.

Live Op�cs Web Applica�on Security

The Live Op�cs web applica�on was designed following the strict Dell EMC guidelines and has been scru�nized by both the internal Dell
EMC Security Team as well as outside security experts.

Access to the site is via the secure and encrypted HTTPS framework. Latest security patches are rou�nely applied to all Live Op�cs servers
.
While we do not disclose the design of our environment, the Live Op�cs datacenter consists of mul�ple layers of firewalled servers and
communica�on frameworks. Data is securely stored behind numerous firewalled networks.

Dell Security policy prevents us from lis�ng the exact methods we use to secure the site, but we can disclose that the Dell Security team
rou�nely runs numerous leading 3rd party security applica�ons that scan both the site and source code for vulnerabili�es.

Anonymizing Data At the Source

The design of the Live Op�cs program allows each End User to own their own data, yet share it to trusted technical consultants to
collaborate in infrastructure decision making processes or support cases. Most o�en the data is sent “as is”, however, if one feels the need
to mask server names by providing an alias then this can be accomplished in the collector itself prior to star�ng any data collec�on
process.

To accomplish this you would use the /anon switch and start the collector from the command line. Similarly, in Linux/Unix variants you
would use -- anon.

This will provide source side randomiza�on of all server name, LUNs, or any other informa�on that might be unique to internal naming
conven�ons.

© 2021 Dell
Security: con�nued
Collec�on and Web Service Protocols

Live Op�cs uses the following protocols to gather informa�on from the supported target pla�orms and communicate with Live Op�cs Web
Services:
Microso� Windows PDH performance counter API
Only used for local Windows system collec�on
Microso� Windows Registry APIs and other local system calls
Only used for local Windows system collec�on
Microso� Windows Remote WMI

SSH

On Linux, the local ssh client is used

On Windows, a proprietary SSH stack implementa�on is used.
Used for remote Linux (and Solaris/HP-UX) collec�on
Uses bash shell commands on the target system to collect data (screen scraping)

VMware vSphere SDK API

HTTPS/SOAP XML protocol for communica�ng with vCenter servers

Live Op�cs Web Services API Client
HTTP/SOAL XML protocol compa�ble with Microso� WCF Web Services that communicates with the Live Op�cs Web Services.

Linux Collec�on Details

Wherever possible, Live Op�cs tries to read the kernel sysfs files directly to get informa�on rather than relying on the user-space
tools. This is because the kernel file formats rarely change, while the user tools change frequently, making screen scraping difficult.

Such kernel files include:

/proc/net/dev
/sys/block/*
/dev/*
/dev/mapper/*
Whenever possible, Live Op�cs tries to use tools that typically do not require root privileges.

Live Op�cs uses a variety of bash and sh commands too numerous to list here.

© 2021 Dell
Security: con�nued
Data Gathered by Live Op�cs during a Host or OS level scan

The collectors gather informa�on about each host system During the monitoring session, Live Op�cs collects stats for
that they monitor: the following:

Opera�ng System and version Disk performance

Hostname IOPS (reads/writes)
Domain Name of the server MB/s Throughput (read/write)
Date and �me Avg. IO Size (reads/writes)
List of Installed Applica�ons (op�onal) Avg. Latency (reads/writes)
Adver�sed Capacity Avg. Queue Depth
Used Capacity
Serial Numbers (Shared Cluster Disk Informa�on) Server performance
Memory usage
List of network interfaces Virtual Memory Hard Page Faults per sec
Nego�ated Speed CPU usage

CPU Configura�on Network performance

Number of sockets Bytes received
Number of cores Bytes sent
Clock speed
Model
Server Model

© 2021 Dell
Windows PDH Collec�on Details
For Windows local collec�on, Live Op�cs uses the Microso� PDH API. This API accesses the system performance counters. These are the
same performance counters that PerfMon accesses. The following counters are used by Live Op�cs:

PhysicalDisk/Disk Reads/sec Processor/% Processor Time

PhysicalDisk/Disk Writes/sec Memory/Page Faults/sec
PhysicalDisk/Disk Read Bytes/sec Memory/Available Kbytes
PhysicalDisk/Avg. Disk sec/Read Network Interface/Bytes Received/sec
PhysicalDisk/Avg. Disk sec/Write Network Interface Bytes Sent/sec

Windows Remote WMI Collec�on Details

For remote Windows collec�on, Live Op�cs uses Microso� WMI. WMI is notoriously unreliable. In many cases, we have to run Live Op�cs
locally in order to bypass firewall and configura�on issues associated with WMI. Live Op�cs uses the following WMI classes:

Win32_ComputerSystem Win32_PerfForma�edData_PerfDisk_PhysicalDisk
Win32_DiskDrivePhysicalMedia MSCluster_Disk
Win32_DiskDriveToDiskPar��on MSCluster_DiskPar��on
Win32_DiskPar��on MSCluster_DiskToDiskPar��on
Win32_LogicalDisk StdRegProv
Win32_LogicalDiskToPar��on
Win32_NetworkAdapter
Win32_NetworkAdpaterConfigura�on
Win32_Opera�ngSystem
Win32_PerfRawData_PerfOS_Processor
Win32_PerfRawData_Tcpip_NetworkInterface
Win32_PhysicalMedia
Win32_Processor
Win32_SystemEnclosure
Win32_PerfRawData_HvStats_HyperVHypervisorLogi-
calProcessor
Win32_PerfRawData_PerfDisk_PhysicalDisk

© 2021 Dell
Understanding more about Live Op�cs
The Live Op�cs team is happy to conduct local or online training.

Our contact informa�on can be found on the right in the blue area below!

The Live Op�cs site is located at https://www.liveoptics.com

The Live Op�cs support site is located at https://support.liveoptics.com or by emailing [email protected]

The Live Op�cs support site also has a vast library of other insigh�ul a�ributes of Live Op�cs and can be located here:

https://support.liveoptics.com/hc/en-us/community/topics

Contact Us

The Live Op�cs team can be contacted at the following address:

General Manager:
Sam Kirchoff
@SJKirchoff
Samuel.Kirchoff@Dell.com

Social Media
@runLiveOp�cs
#LiveOp�cs

© 2021 Dell