HP StorageWorks Command View XP Advanced Edition Device Manager Server Installation and Configuration Guide (December 2005)
Command View XP AE Device Manager Server Properties 126
accepted. You can restrict the Device Manager server access to designated clients and/or to subnets
such as a Local Area Network (LAN) or Wide Area Network (WAN), by using asterisks as a wildcard
character. For example, a Device Manager server would only accept connections from the host
machine itself and other client users on a LAN if this directive was set as:
server.http.security.clientIP=127.0.0.1,192.168.*.*
White space (the space following the comma delimiter) is ignored, as are any invalid dotted-decimal
IP entries, so that no runtime error is raised if an invalid or incorrectly formatted network address is
detected in this list.
Client machines that are not on the access list will be denied access to the server, however access
from Web Client cannot be restricted. No HTTP response message (stating a reason for the failure to
establish a connection) will be returned to the intruder, in order to reduce vulnerability to certain denial
of service attacks that attempt to overload a server by flooding it with a large number of simultaneous
(bogus) requests.
Default: *.*.*.*
7-8-4 server.https.security.keystore
This property assigns the name of the Keystore file that contains the keypair and associated Server
Certificate used for establishing an encrypted communication via Secure Sockets Layer(SSL) or
Transport Layer Security. The default setting is Keystore, and this file is assumed to be located in the
Device Manager server’s installation directory.
The Keystore file shipped with a Device Manager server is an empty placeholder file that does not
contain the required keypair and associated Server Certificate needed to run the Device Manager
server in secure mode. If you attempt to start the server in secure mode with an empty Keystore file,
the server will log a fatal exception and fail. A keypair and associated self-signed or trusted certificate
must first be installed into the Keystore before encrypted communications can be started. Refer to
section
6-2-3 for more information about Server Certificates.
Default: keystore
7-8-5 server.https.keystore.passphrase
This property contains the logon password for the Keystore file that contains a keypair and associated
Server Certificate used for SSL/TLS connections. The logon password is used to check the integrity of
the Keystore data. Refer to
6-2-6 for instructions on using HiKeytool to change the password.
Default: passphrase
7-8-6 server.https.keystore.keypass
This file contains the password for recovering the keypair and associated Server Certificate used for
encrypting SSL/TLS connections from the Device Manager server’s Keystore (refer also to the
server.https.security.keystore property in section
7-8-4 ). Refer to 6-2-7 for instructions on how to use
HiKeytool to change the Keystore password.
Default: passphrase
7-8-7 server.http.security.unprotected
This property designates a comma-delimited list of any non-protected file resources under the server’s
document root. When files or directories are designated as unprotected, they are not subject to
Access Control List checks (user authentication), regardless of the security mode setting for the
server. Entire directories (including nested sub-directories) can be flagged as unprotected by using an
asterisk as a wildcard character. If this directive is empty all resources are protected, so that every
request to the Device Manager server will require user authentication.
This property allows anyone to view the index.html front page via a browser, without user
authentication being required. More importantly, it allows the Java™ Web Start application to update
its JAR file and deploy (via the HiCommand.jnlp file) to the end-user’s system without raising a series
of logon dialogs. Similarly, the GUI’s help files (and certain client installation information) can be