HP Systems Insight Manager 7.0 User Guide
Table Of Contents
- Systems Insight Manager 7.0 User Guide
- Table of Contents
- Part I Introduction
- Part II Setting up HP SIM
- 3 Setting up managed systems
- 4 Credentials
- 5 WMI Mapper Proxy
- 6 Discovery
- 7 Manage Communications
- 8 Automatic event handling
- 9 Users and Authorizations
- 10 Managed environment
- Part III HP SIM basic features
- 11 Basic and advanced searches
- 12 Monitoring systems
- 13 Event management
- 14 Reporting in HP SIM
- 15 HP SIM tools
- Part IV HP SIM advanced features
- 16 Collections in HP SIM
- 17 HP SIM custom tools
- 18 Federated Search
- 19 CMS reconfigure tools
- 20 Understanding HP SIM security
- 21 Privilege elevation
- 22 Contract and warranty
- 23 License Manager
- 24 Storage integration using SMI-S
- 25 Managing MSCS clusters
- 26 HP SIM Audit log
- 27 HP Version Control and HP SIM
- 28 Compiling and customizing MIBs
- A Important Notes
- System and object names must be unique
- Setting the Primary DNS Suffix for the CMS
- Distributed Systems Administration Utilities menu options not available
- Virtual machine guest memory reservation size
- Insight Remote Support Advanced compatibility
- Database firewall settings
- Annotating the portal UI
- Security bulletins
- Validating RPM signatures
- Central Management Server
- Complex systems displaying inconsistency with the number of nPars within the complex
- Configure or Repair Agents
- Data collection reports
- B Troubleshooting
- Authentication
- Browser
- Central Management Server
- Complex
- Configure or Repair Agents
- Container View
- Credentials
- Data Collection
- Database
- Discovery
- iLO
- Linux servers
- Event
- Host name
- HP Insight Control power management
- Insight Control virtual machine management
- HP Smart Update Manager
- Systems Insight Manager
- Identification
- Installation
- License Manager
- Locale
- Managed Environment
- HP MIBs
- Onboard Administrator
- OpenSSH
- Performance
- Ports used by HP SIM.
- Privilege elevation
- Property pages
- Reporting
- Security
- Sign-in
- SNMP settings
- SSH communication
- System Page
- System status
- Target selection wizard
- Tasks
- Tools
- Upgrade
- UUID
- Virtual identifiers
- Virtual machines
- VMware
- WBEM
- WBEM indications
- WMI Mapper
- C Protocols used by HP SIM
- D Data Collection
- E Default system tasks
- Biweekly Data Collection
- System Identification
- Old Noisy Events
- Events Older Than 90 Days
- Status Polling for Non Servers
- Status Polling for Servers
- Status Polling for Systems No Longer Disabled
- Hardware Status Polling for Superdome 2 Onboard Administrator
- Data Collection
- Hardware Status Polling
- Version Status Polling
- Version Status Polling for Systems no Longer Disabled
- Check Event Configuration
- Status polling
- F Host file extensions
- G System Type Manager rules
- H Custom tool definition files
- I Out-of-the-box MIB support in HP SIM
- J Support and other resources
- Glossary
- Index

20 Understanding HP SIM security
This chapter provides an overview of the security features available in the HP SIM framework. HP
SIM runs on a CMS and communicates with managed systems using various protocols. You can
browse to the CMS or directly to the managed system.
Securing communication
Secure Sockets Layer (SSL)
SSL is an industry-standard protocol for securing communications across the Internet. It provides
for encryption to prevent eavesdropping as well as data integrity to prevent modification, and it
can also authenticate both the client and the server, leveraging public-key technology. All
communications between the browser and the CMS are protected by SSL. HP SIM supports both
SSL 3 and TLS 1.0 and enforces stronger cipher suites for the HP SIM SSL web server and the
partner application SOAP servers. HP SIM does not enforce stronger cipher suites for the WBEM
indication receiver..
Secure Shell (SSH)
SSH is an industry-standard protocol for securing communications. It provides for encryption to
prevent eavesdropping plus data integrity to prevent modification, and it can also authenticate
both the client and the server utilizing several mechanisms, including key-based authentication. HP
SIM supports SSH 2.
Hyper Text Transfer Protocol Secure (HTTPS)
HTTPS refers to HTTP communications over SSL. All communications between the browser and HP
SIM are carried out over HTTPS. HTTPS is also used for much of the communication between the
CMS and the managed system.
Secure Task Execution (STE) and Single Sign-On (SSO)
STE is a mechanism for securely executing a command against a managed system using the Web
agents. It provides authentication, authorization, privacy, and integrity in a single request. SSO
provides the same features but is performed when browsing a system. STE and SSO are implemented
in very similar ways. SSL is used for all communication during the STE and SSO exchange. A
single-use value is requested from the system prior to issuing the STE or SSO request to help prevent
against replay or delay intercept attacks. Afterwards, HP SIM issues the digitally signed STE or
SSO request. The managed system uses the digital signature to authenticate the HP SIM server.
Note that the managed system must have a copy of the CMS SSL certificate imported into the Web
agent and be configured to trust by certificate to validate the digital signature. SSL can optionally
authenticate the system to HP SIM, using the system's certificate, to prevent HP SIM from inadvertently
providing sensitive data to an unknown system.
NOTE: For SSO to web agents, the Replicate Agent Settings and Install Software and Firmware
tools each provide administrator-level access to the web agents. HP System Management Homepage
As Administrator, System Management Homepage As Operator, and System Management
Homepage As User each provide SSO access at the described level.
Distributed Task Facility (DTF)
DTF is used for custom command tools and multiple- and single-system aware tools. Commands
are issued securely to the managed system using SSH. Each managed system must have the CMS
SSH public key in its trusted key store so that it can authenticate the CMS. Managed systems are
also authenticated to the CMS by their SSH public key.
Securing communication 117