Manualshelf

Managing your HP servers through firewalls with HP SIM (481364-002, February 2008)

ManualsBrandsHP ManualsSoftwareHP Systems Insight Manager 6.x Linux Software
12345678910
7
feature. Administrators can set up and configure the Agent Event Notifier during the agent
deployment. In Linux operating systems, if a hardware problem occurs, emails are automatically
sent to the root email on the managed system.
The Insight Agents for Microsoft Windows also create Windows Event Log entries. A management
tool such as HP OpenView Operations or Microsoft Operations Manager operating in the same
environment can then collect the log entries and send them back to a centralized server. The Insight
Agents for Linux also create entries in the syslog. Administrators can write a script to look for these
entries and take appropriate action.
Case 2: separate management network
In some computing environments, system administrators create a separate, secondary network parallel
to the primary or production network (Figure 2). The chief benefit to this approach is that
management traffic flows through the secondary network, while the limited access from the production
(primary) network maintains security. Configuring a separate management network using HP Systems
Insight Manager allows secure access to the systems in the DMZ.
The secondary network can also be used for other operations that would be inappropriate for the
primary network, such as tape backups, deployments using Rapid Deployment pack, or application
maintenance.
Note:
Do not connect the management network to the corporate
(internal) network. Compromising one of the systems in the
DMZ could allow a hacker to get onto the management
network. However, it may be beneficial to allow VPN
access to the management network.
Figure 2 Parallel primary (production) and secondary (management) networks
Servers inside the DMZ and on the internal network can use iLO 2 processors. Because the network
connection to iLO 2 is completely isolated from the network ports on the server, there is no possibility
for data to flow from the DMZ network to the iLO management network, or vice-versa. Therefore, if