HP StorageWorks Command View XP Advanced Edition Device Manager Server Installation and Configuration Guide (December 2005)
Command View XP AE Device Manager Server Properties 125
NOTE: When the client is accessing the server through a proxy server and the connection timeout of the
proxy is shorter than the timeout of this property, the notification message may be lost, because the timeout
of the proxy server cuts the connection before the Device Manager server can send the response to Web
Client. If this is the case, please set the timeout for this property to a time shorter than the timeout of the
proxy
Default: 300 seconds
7-7-3 client.outputhorcmfunction.enabled
This property enables Web Client to use RAID Manager XP to create a configuration definition file.
Set this property to true to enable the use of this function.
Default: false
7-8 Security Properties
Server security properties are contained in the server.properties and security.properties files. These
files include whether secure-socket encryption is being utilized, the location and passwords for the
Server Certificate TrustStore, and a list of permitted client IP addresses. This group also contains a
number of properties that support the hardening of the Device Manager server.
In Windows
®
, the default directory for the security properties file is as follows:
• c:\Program Files\CVXPAE\DeviceManager\HiCommandServer\config
CAUTION: Do not use a text editor to edit these properties. Refer to 6 for more information on changing
security properties.
7-8-1 server.http.secure
This property sets the security level of the Device Manager server. See section 6-2-2 for instructions
on how to use HiKeytool to set the security level, as follows:
• 1 = Basic Authentication. The Device Manager server is operating in protected mode, and client
applications attempting to connect with the server must submit an authorized user’s logon ID
and password and be authenticated against the Access Control List (ACL).
NOTE: These requirements do not apply to requests for files that are intentionally designated as being
excluded from ACL security protection (see the server.http.security.unprotected property in section
7-8-7 ).
• 2 = Secure Socket (TLS/SSL). In this security mode, the server opens an additional secure
HTTP listener on a port designated by the server.https.port property. All communications via this
port are strongly encrypted using Secure Socket Layer (SSL) or Transport Layer Security (TLS).
Refer to
6 for further information on SSL and TLS. In order for a server to use the secure HTTP
protocol, a keypair and associated Server Certificate must be present in the Device Manager
server Keystore. This setting is strongly recommended if a Device Manager server is exposed to
any public network or Internet.
Default: 1
7-8-2 server.http.security.realm
This property sets the security realm message for the Device Manager server’s authentication
challenge.
Default: Device Manager Security
7-8-3 server.http.security.clientIP
This property implements an IP address filter, which helps harden a server against malicious attacks.
The default value is *.*.*.* which means that an HTTP connection from any client IP address will be