skip to main content

How to Harden the Security of your ThinkSystem Server and Management Applications

Planning / Implementation

21 Sep 2022
Form Number
PDF size
59 pages, 1.5 MB


This paper provides guidance to securely deploy Lenovo® servers and management applications within an organization. For servers, it focuses on security hardening of ThinkSystem™ servers, but the guidance can be applied to other servers as well. It also focuses on the primary applications used to manage Lenovo ThinkSystem servers such as Lenovo XClarity™ Controller and Lenovo XClarity Administrator. The paper provides guidance and recommendations for configuring the servers and applications, so they are secure and hardened.

This paper is targeted at individuals responsible for the security of servers and applications used to manage them. Readers should be familiar with ThinkSystem Server configuration using the F1-System Setup menus or OneCLI and the Lenovo management software used to manage the ThinkSystem server.

Table of Contents

Hardening UEFI
Hardening Lenovo XClarity Controller
Hardening Lenovo XClarity Administrator
Hardening Lenovo XClarity Orchestrator
Hardening Chassis Management Module
Hardening System Management Module
Hardening Fan and Power Controller

To view the document, click the Download PDF button.

Change History

Changes in the September 21, 2022:

  • Added a note regarding the use of VMware ESXi - “Disable IPMI over Keyboard Controller Style (KCS) Access” on page 20

Related product families

Product families related to this document are the following: