HP Systems Insight Manager 7.0 User Guide
Table Of Contents
- Systems Insight Manager 7.0 User Guide
- Table of Contents
- Part I Introduction
- Part II Setting up HP SIM
- 3 Setting up managed systems
- 4 Credentials
- 5 WMI Mapper Proxy
- 6 Discovery
- 7 Manage Communications
- 8 Automatic event handling
- 9 Users and Authorizations
- 10 Managed environment
- Part III HP SIM basic features
- 11 Basic and advanced searches
- 12 Monitoring systems
- 13 Event management
- 14 Reporting in HP SIM
- 15 HP SIM tools
- Part IV HP SIM advanced features
- 16 Collections in HP SIM
- 17 HP SIM custom tools
- 18 Federated Search
- 19 CMS reconfigure tools
- 20 Understanding HP SIM security
- 21 Privilege elevation
- 22 Contract and warranty
- 23 License Manager
- 24 Storage integration using SMI-S
- 25 Managing MSCS clusters
- 26 HP SIM Audit log
- 27 HP Version Control and HP SIM
- 28 Compiling and customizing MIBs
- A Important Notes
- System and object names must be unique
- Setting the Primary DNS Suffix for the CMS
- Distributed Systems Administration Utilities menu options not available
- Virtual machine guest memory reservation size
- Insight Remote Support Advanced compatibility
- Database firewall settings
- Annotating the portal UI
- Security bulletins
- Validating RPM signatures
- Central Management Server
- Complex systems displaying inconsistency with the number of nPars within the complex
- Configure or Repair Agents
- Data collection reports
- B Troubleshooting
- Authentication
- Browser
- Central Management Server
- Complex
- Configure or Repair Agents
- Container View
- Credentials
- Data Collection
- Database
- Discovery
- iLO
- Linux servers
- Event
- Host name
- HP Insight Control power management
- Insight Control virtual machine management
- HP Smart Update Manager
- Systems Insight Manager
- Identification
- Installation
- License Manager
- Locale
- Managed Environment
- HP MIBs
- Onboard Administrator
- OpenSSH
- Performance
- Ports used by HP SIM.
- Privilege elevation
- Property pages
- Reporting
- Security
- Sign-in
- SNMP settings
- SSH communication
- System Page
- System status
- Target selection wizard
- Tasks
- Tools
- Upgrade
- UUID
- Virtual identifiers
- Virtual machines
- VMware
- WBEM
- WBEM indications
- WMI Mapper
- C Protocols used by HP SIM
- D Data Collection
- E Default system tasks
- Biweekly Data Collection
- System Identification
- Old Noisy Events
- Events Older Than 90 Days
- Status Polling for Non Servers
- Status Polling for Servers
- Status Polling for Systems No Longer Disabled
- Hardware Status Polling for Superdome 2 Onboard Administrator
- Data Collection
- Hardware Status Polling
- Version Status Polling
- Version Status Polling for Systems no Longer Disabled
- Check Event Configuration
- Status polling
- F Host file extensions
- G System Type Manager rules
- H Custom tool definition files
- I Out-of-the-box MIB support in HP SIM
- J Support and other resources
- Glossary
- Index
Passwords
Passwords configured on the HP SIM System Credentials and Global Credentials pages are
stored in the database encrypted using 128-bit Blowfish. These passwords can be further managed
using the CLI command mxnodesecurity. A few passwords might be stored in a file on the CMS
that are also encrypted using the same 128-bit Blowfish key. These passwords can be managed
using the mxpassword command. The password file and the Blowfish key file are restricted with
operating system file permissions to administrators or root.
Prior to HP SIM 5.3, passwords configured on the HP SIM protocol settings pages are stored in a
local file on the CMS, restricted with operating system file permissions to administrators or root.
These passwords can be further managed using the mxnodesecurity command.
For User accounts, HP SIM relies on the customer environment (for example, Windows Operating
System) to govern credential policy (expiration, lockout, and so on).
Browser
SSL
All communication between the browser and the CMS or any managed server occurs using HTTPS
over SSL. Any navigation using HTTP (not using SSL) is automatically redirected to HTTPS.
Cookies
Although cookies are required to maintain a logged in session, only a session identifier is maintained
in the cookie. No confidential information is in the cookie. The cookie is marked as secure, so it
is only transmitted over SSL.
A strict separation between the content provided by unrelated sites must be maintained on the
client side to prevent the loss of data confidentiality or integrity. HP recommends you avoid links
or resources that have arrived from unauthorized sites when a valid HP SIM session is running on
browsers.
Passwords
Password fields displayed by HP SIM do not display the password. Passwords between the browser
and the CMS are transmitted over SSL.
Password warnings
There are several types of warnings that can be displayed by the browser or by the Java plug-in
on the browser, most having to do with the SSL server certificate.
• Untrusted system
This warning indicates the certificate was issued by an untrusted system. Since certificates are
by default self-signed, this is likely if you have not already imported the certificate into your
browser. In the case of CA-signed certificates, the signing root certificate must be imported.
The certificate can be imported before browsing if you have obtained the certificate by some
other secure method. The certificate can also be imported when you get the warning, but is
susceptible to spoofing since the host system is not authenticated. Do this if you can
independently confirm the authenticity of the certificate or you are comfortable that the system
has not been compromised.
• Invalid certificate>
If the certificate is invalid because it is not yet valid or it has expired, it could be a date or
time problem, which could be resolved by correcting the system's date and time. If the certificate
is invalid for some other reason, it might need to be regenerated.
120 Understanding HP SIM security