HP Systems Insight Manager 7.0 User Guide
Table Of Contents
- Systems Insight Manager 7.0 User Guide
- Table of Contents
- Part I Introduction
- Part II Setting up HP SIM
- 3 Setting up managed systems
- 4 Credentials
- 5 WMI Mapper Proxy
- 6 Discovery
- 7 Manage Communications
- 8 Automatic event handling
- 9 Users and Authorizations
- 10 Managed environment
- Part III HP SIM basic features
- 11 Basic and advanced searches
- 12 Monitoring systems
- 13 Event management
- 14 Reporting in HP SIM
- 15 HP SIM tools
- Part IV HP SIM advanced features
- 16 Collections in HP SIM
- 17 HP SIM custom tools
- 18 Federated Search
- 19 CMS reconfigure tools
- 20 Understanding HP SIM security
- 21 Privilege elevation
- 22 Contract and warranty
- 23 License Manager
- 24 Storage integration using SMI-S
- 25 Managing MSCS clusters
- 26 HP SIM Audit log
- 27 HP Version Control and HP SIM
- 28 Compiling and customizing MIBs
- A Important Notes
- System and object names must be unique
- Setting the Primary DNS Suffix for the CMS
- Distributed Systems Administration Utilities menu options not available
- Virtual machine guest memory reservation size
- Insight Remote Support Advanced compatibility
- Database firewall settings
- Annotating the portal UI
- Security bulletins
- Validating RPM signatures
- Central Management Server
- Complex systems displaying inconsistency with the number of nPars within the complex
- Configure or Repair Agents
- Data collection reports
- B Troubleshooting
- Authentication
- Browser
- Central Management Server
- Complex
- Configure or Repair Agents
- Container View
- Credentials
- Data Collection
- Database
- Discovery
- iLO
- Linux servers
- Event
- Host name
- HP Insight Control power management
- Insight Control virtual machine management
- HP Smart Update Manager
- Systems Insight Manager
- Identification
- Installation
- License Manager
- Locale
- Managed Environment
- HP MIBs
- Onboard Administrator
- OpenSSH
- Performance
- Ports used by HP SIM.
- Privilege elevation
- Property pages
- Reporting
- Security
- Sign-in
- SNMP settings
- SSH communication
- System Page
- System status
- Target selection wizard
- Tasks
- Tools
- Upgrade
- UUID
- Virtual identifiers
- Virtual machines
- VMware
- WBEM
- WBEM indications
- WMI Mapper
- C Protocols used by HP SIM
- D Data Collection
- E Default system tasks
- Biweekly Data Collection
- System Identification
- Old Noisy Events
- Events Older Than 90 Days
- Status Polling for Non Servers
- Status Polling for Servers
- Status Polling for Systems No Longer Disabled
- Hardware Status Polling for Superdome 2 Onboard Administrator
- Data Collection
- Hardware Status Polling
- Version Status Polling
- Version Status Polling for Systems no Longer Disabled
- Check Event Configuration
- Status polling
- F Host file extensions
- G System Type Manager rules
- H Custom tool definition files
- I Out-of-the-box MIB support in HP SIM
- J Support and other resources
- Glossary
- Index
In HP SIM, the Privilege Elevation feature enables tools to be run against HP-UX, Linux, and ESX
managed systems by first signing in as a non-root user, and then requesting privilege elevation to
run root-level tools. This can be configured under Options→Security→Privilege Elevation.
WBEM
All WBEM access is over HTTPS for security. HP SIM is configured with a user name and password
for WBEM agent access. Using SSL, HP SIM can optionally authenticate the managed system using
its SSL certificate.
For HP-UX, certificates can be used instead of username and password for WBEM authentication.
You can configure WBEM authentication from the System Credentials→WBEM tab by selecting
Options→Security→Credentials→System Credentials. For more information, see the HP SIM
online help.
LDAP
When configured to use a directory service, HP SIM can be configured to use LDAP with SSL
(default) or without SSL, which would transmit credentials in clear-text. To enable LDAP over SSL
in Microsoft Active Directory, refer to http://support.microsoft.com/
default.aspx?scid=kb;en-us;321051. Additionally, the directory server can be authenticated using
the Trusted Certificate list in HP SIM.
RMI
Java RMI is secured by requiring digitally signed requests using the CMS private key, which should
only be available to the local system. All communications use localhost to prevent the communication
from being visible on the network.
Credentials management
SSL certificates
There are several certificates used by HP SIM.
HP SIM main certificate
The HP SIM main certificate is used by the HP SIM SSL web server, the partner application SOAP
interface, and the WBEM indications receiver. This certificate is used to authenticate HP SIM in
the browser, in partner applications that communicate with HP SIM through SOAP, and in WBEM
agents that deliver indications to HP SIM.
By default the SIM main certificate is self-signed. Public Key Infrastructure (PKI) support is provided
so that the main certificate may be signed by an internal certificate server or by a third-party
Certificate Authority (CA).
HP SIM Single Sigon-On (SSO) certificate
This certificate is used to enable the trust relationship with managed systems for SSO. Managed
systems include System Management Homepage, Onboard Administrator, Integrated Lights-Out,
and CV.
The HP SIM SSO trust model uses the SSO certificate as a client certificate and uses the key to
encrypt the SSO client URL.
Key Length
In HP SIM 7.0 the main certificate, by default, uses a 2,048-bit key. The HP SIM SSO default
certificate uses a 1,024-bit key. The main certificate can be configured on managed systems to
replace the default HP SIM SSO certificate if the longer key is required. However, some SSO
118 Understanding HP SIM security