HP Insight Management Agents architecture for Windows servers
14
subsequently using the Configure and Repair Agents capability in HP SIM, you are automatically
logged into the System Management Homepage when accessing it through HP SIM. This is part of
the HP SIM single sign-on functionality.
Figure 7: SIM management console and SMH for a ProLiant server
HTTPS, single sign-on, and secure task execution
An additional role of the SMH framework is to provide a secure communications environment for
the Insight Management Agents architecture. SNMP does not provide secure, encrypted
communications between the managed server and the remote requesting process. To address this,
the SMH framework implements HTTPS, a separate SSL-based secure communications link and
protocol between each managed server and the HP SIM server. While HP SIM continues to use the
standard SNMP service to retrieve basic MIB information, all sensitive traffic (including threshold
Sets, configuration data, and other commands) is sent over this secure HTTPS link.
A configurable trust relationship also provides certificate-based authentication between the
managed servers and the SIM server. This authentication eliminates the need for a user to log in to
each managed server and forms the basis for the Insight Manager single sign-on functionality.
Without the SMH framework, SIM single sign-on would not be possible. The trust model also allows
SIM to perform automated tasks on managed servers without storing the credentials of the user
who sets up the task. This is called Secure Task Execution.
Replicate Agent Settings capability
The SMH framework implements the remote configuration capabilities of the Insight Management
Agents architecture using the Configure Agent Settings functionality, which is part of the Replicate
Agent Settings capability. To accomplish this, the service establishes a protocol that allows HP SIM