Manualshelf

HP Adaptive Infrastructure Solution Security for BladeSystem Matrix

ManualsBrandsHP ManualsSoftwareHP Insight Server Migration X2X Unlimited Migration 1yr Supp/Updates SW License
11121314151617181920
serves as a proxy to mediate and support privileged operations to be performed on the managed
systems.
To perform administrative activities on a managed system an administrative user first authenticates to
HP SIM with valid credentials. When the user attempts to execute a command for a managed system
the HP SIM authorization is verified to ensure that the requested command is authorized to run by the
user on the specified system. There is a trust relationship between HP SIM and the managed system
such that the access decision is made by HP SIM on the CMS platform. The actual execution of a
specific tool through HP SIM will execute on the HP SIM CMS or on the managed system, depending
on the particular tool executed. Execution of remote commands on the managed system is facilitated
by the SSH secure network protocol. Audit information for the requested command execution is
written to the HP SIM audit trail. If the authorization policy grants access, HP SIM acts as a proxy to
the managed host and authenticates (either using a login and password or SSH keys) to a privileged
login account on the managed system.
Figure 4: A Full Rights user has access to more menu items and available systems
Different accounts might associate with different tools, but the account must have the appropriate
privileges to carry out the requested task. The configuration of the privileged account enables the
managed host to control what actions HP SIM can perform. For instance, for a system running an
instance of HP-UX or Windows, HP SIM utilizes a connection to a specific user account associated
with the tool being executed and the operating system to determine the privileges granted to the
account. A default account configured for tools might not be privileged. This default account enables
HP SIM users such as those with observation responsibilities to check certain attributes of the
managed systems, but does not allow modification of system parameters. The username of the
account (on the HP SIM CMS) that initiated the command execution might be passed to the managed
host. However, the audit trail on the managed host might not reflect all of the information required to
15