HP Systems Insight Manager 7.0 User Guide
Table Of Contents
- Systems Insight Manager 7.0 User Guide
- Table of Contents
- Part I Introduction
- Part II Setting up HP SIM
- 3 Setting up managed systems
- 4 Credentials
- 5 WMI Mapper Proxy
- 6 Discovery
- 7 Manage Communications
- 8 Automatic event handling
- 9 Users and Authorizations
- 10 Managed environment
- Part III HP SIM basic features
- 11 Basic and advanced searches
- 12 Monitoring systems
- 13 Event management
- 14 Reporting in HP SIM
- 15 HP SIM tools
- Part IV HP SIM advanced features
- 16 Collections in HP SIM
- 17 HP SIM custom tools
- 18 Federated Search
- 19 CMS reconfigure tools
- 20 Understanding HP SIM security
- 21 Privilege elevation
- 22 Contract and warranty
- 23 License Manager
- 24 Storage integration using SMI-S
- 25 Managing MSCS clusters
- 26 HP SIM Audit log
- 27 HP Version Control and HP SIM
- 28 Compiling and customizing MIBs
- A Important Notes
- System and object names must be unique
- Setting the Primary DNS Suffix for the CMS
- Distributed Systems Administration Utilities menu options not available
- Virtual machine guest memory reservation size
- Insight Remote Support Advanced compatibility
- Database firewall settings
- Annotating the portal UI
- Security bulletins
- Validating RPM signatures
- Central Management Server
- Complex systems displaying inconsistency with the number of nPars within the complex
- Configure or Repair Agents
- Data collection reports
- B Troubleshooting
- Authentication
- Browser
- Central Management Server
- Complex
- Configure or Repair Agents
- Container View
- Credentials
- Data Collection
- Database
- Discovery
- iLO
- Linux servers
- Event
- Host name
- HP Insight Control power management
- Insight Control virtual machine management
- HP Smart Update Manager
- Systems Insight Manager
- Identification
- Installation
- License Manager
- Locale
- Managed Environment
- HP MIBs
- Onboard Administrator
- OpenSSH
- Performance
- Ports used by HP SIM.
- Privilege elevation
- Property pages
- Reporting
- Security
- Sign-in
- SNMP settings
- SSH communication
- System Page
- System status
- Target selection wizard
- Tasks
- Tools
- Upgrade
- UUID
- Virtual identifiers
- Virtual machines
- VMware
- WBEM
- WBEM indications
- WMI Mapper
- C Protocols used by HP SIM
- D Data Collection
- E Default system tasks
- Biweekly Data Collection
- System Identification
- Old Noisy Events
- Events Older Than 90 Days
- Status Polling for Non Servers
- Status Polling for Servers
- Status Polling for Systems No Longer Disabled
- Hardware Status Polling for Superdome 2 Onboard Administrator
- Data Collection
- Hardware Status Polling
- Version Status Polling
- Version Status Polling for Systems no Longer Disabled
- Check Event Configuration
- Status polling
- F Host file extensions
- G System Type Manager rules
- H Custom tool definition files
- I Out-of-the-box MIB support in HP SIM
- J Support and other resources
- Glossary
- Index
Operating-system dependencies
User accounts and authentication
HP SIM accounts are authenticated against the CMS host operating system. Any operating system
features that affect user authentication affect signing into HP SIM. The operating system of the CMS
can implement a lock-out policy to disable an account after a specified number of invalid sign in
attempts. Additionally, an account can be manually disabled in the Microsoft Windows domain.
Any account that cannot authenticate against the operating system prevents signing into HP SIM
using that account. For automatic sign-in to HP SIM, user accounts must be domain accounts.
NOTE: A user who is already signed into HP SIM is not re-authenticated against the operating
system until the next sign in attempt and continues to remain signed into HP SIM, retaining all rights
and privileges therein, until signing out of HP SIM.
IMPORTANT: If creating operating system accounts exclusively for HP SIM accounts, give users
the most limited set of operating system privileges required. Any root or administrator accounts
should be properly guarded. Configure any password restrictions, lock-out policies, and so on, in
the operating system.
File system
Access to the file system should be restricted to protect the object code of HP SIM. Inadvertent
modifications to the object code can adversely affect the operation of HP SIM. Malicious
modification can allow for covert attacks, such as capturing sign in credentials or modifying
commands to managed systems. Read-level access to the file system should also be controlled to
protect sensitive data such as private keys and passwords, which are stored in a recoverable
format on the file system. HP SIM does not store user account passwords for users signing into HP
SIM.
IMPORTANT: HP SIM sets appropriate restrictions on the application files. These restrictions
should not be changed because this could affect the operation of HP SIM or allow unintended
access to the files.
Background processes
On Windows, HP SIM is installed and runs as a Windows service. The service account requires
administrator privileges on the CMS and the database, and can be either a local or a domain
account. For automatic sign-in to HP SIM, a domain account must be used. On UNIX, HP SIM is
installed and runs as daemons running as root.
Windows Cygwin
The version of Cygwin provided with the SSH server for Windows, for CMS and the managed
systems, has been modified with security enhancements to restrict access to the shared memory
segment. As a result, it does not interoperate with the generally available version of Cygwin. Only
administrative users can connect to a system running the modified SSH server.
HP-UX and Linux
The device /dev/random command is used, if available on the CMS, as a source for random
numbers within HP SIM.
122 Understanding HP SIM security