Manualshelf

Understanding HP Systems Insight Manager 6.3 Security

ManualsBrandsHP ManualsSoftwareHP Systems Insight Manager 5.x HP-UX Software
11121314151617181920
Require only known SSH keys, inspect and import desired system SSH public keys.
Configure managed systems
Configure SNMP community strings, which are required at the CMS.
For WBEM on HP-UX and Linux, configure the WBEM password. This password is required at the
CMS. For the highest level of security, a different user name and password can be used for each
managed system; each user name and password pair must be entered into the CMS to enable
access.
The CMS requires a user name and password to access WMI data on Windows systems. By
default, a domain administrator account can be used for this, but you should use an account with
limited privileges for WMI access. You can configure the accounts accepted by each Windows
managed system by using the Computer Management tool:
1. First select the WMI Control item
2. Right-click WMI Control and select Properties
3. Select the Security tab, select Root namespace, and click Security.
4. Add a user to access WMI data along with their access rights. The enable account and
remote enable permissions must be enabled for correct operation of HP SIM.
5. The user name and password specified here must be configured in the CMS.
Set up user accounts for Insight Web Agents.
Add CMS SSH public key to the system’s trusted key store by running mxagentconfig on the
CMS.
Configure trust relationship option for Insight Web Agents; import CMS SSL certificate if set to trust
by certificate.
Configuring the CMS for managed systems
The CMS must be configured with the user name and password used for WBEM and WMI access
and for the SNMP community names. These can be set using the Global Credentials page if a
common user name and password or community name is used across all the systems in the network,
or individually for systems using the System Credentials page. Both of these are accessible from
the OptionsÆSecurityÆCredentials (OptionsÆProtocol Settings *) menu. The command
line tool mxnodesecurity can also be used to configure these settings. Refer to the man page or
online documentation for details.
IMPORTANT: Any passwords specified in the Global Credentials (Global Protocol Settings *)
page are used during system identification. Sensitive passwords, such as root or domain administrator
passwords, should not be specified here if there is a risk of sending these to untrustworthy systems.
* For versions prior to HP SIM 5.3.
How-to: lockdown versus ease of use
Moderate
The Insight Management Agents should be configured to trust by certificate. This requires distributing
the HP SIM certificate, which includes the public key, to all the managed systems. Once the systems
have been configured to trust the HP SIM system, they will accept secure commands from that
particular system only.