Managing your HP servers through firewalls with HP SIM (481364-002, February 2008)

Appendix A: Configuring a separate management network

To configure a separate management network using HP Systems Insight Manager, install HP Systems

Insight Manger on the secondary network by completing the following steps:

Configure SNMP to accept packets only from the IP addresses used on the management network,

or bind SNMP to the secondary network interface (if the operating system allows this):

•

On Windows systems:

From the Control Panel, open the Services menu.

Open the Properties for the SNMP Service.

Under the Security tab, add IP addresses to the list of IP Addresses that can accept SNMP

packets.

•

On systems running Linux or HP-UX:

Modify the configuration file “snmpd.conf” to accept SNMP packets only from the

desired hosts.

Do the same with any other OS service needed on the network.

If a firewall is used on the CMS or managed systems, configure the firewall rules to only allow

SNMP WMI and WBEM requests from address in the management network. Use the ports in

Appendix A to determine which rules to configure.

Configure the HP Insight Management Agents to allow access only from IP addresses on the

management network:

Log into the Agent with administrator privileges.

Go to the Settings/Options page, and modify the IP Restricted Logins settings.

Configure HP Systems Insight Manager to discover the systems on the secondary network:

In HP Insight Manager, go to Options | Discovery |Automatic Discovery.

Add the IP addresses for the systems on the secondary network.

You can disable WMI, WBEM, and DMI on the primary network by configuring a firewall on the

system to disable each of the protocols on the primary NIC. The method of accomplishing this varies

for each firewall.