HP Systems Insight Manager 7.0 User Guide
Table Of Contents
- Systems Insight Manager 7.0 User Guide
- Table of Contents
- Part I Introduction
- Part II Setting up HP SIM
- 3 Setting up managed systems
- 4 Credentials
- 5 WMI Mapper Proxy
- 6 Discovery
- 7 Manage Communications
- 8 Automatic event handling
- 9 Users and Authorizations
- 10 Managed environment
- Part III HP SIM basic features
- 11 Basic and advanced searches
- 12 Monitoring systems
- 13 Event management
- 14 Reporting in HP SIM
- 15 HP SIM tools
- Part IV HP SIM advanced features
- 16 Collections in HP SIM
- 17 HP SIM custom tools
- 18 Federated Search
- 19 CMS reconfigure tools
- 20 Understanding HP SIM security
- 21 Privilege elevation
- 22 Contract and warranty
- 23 License Manager
- 24 Storage integration using SMI-S
- 25 Managing MSCS clusters
- 26 HP SIM Audit log
- 27 HP Version Control and HP SIM
- 28 Compiling and customizing MIBs
- A Important Notes
- System and object names must be unique
- Setting the Primary DNS Suffix for the CMS
- Distributed Systems Administration Utilities menu options not available
- Virtual machine guest memory reservation size
- Insight Remote Support Advanced compatibility
- Database firewall settings
- Annotating the portal UI
- Security bulletins
- Validating RPM signatures
- Central Management Server
- Complex systems displaying inconsistency with the number of nPars within the complex
- Configure or Repair Agents
- Data collection reports
- B Troubleshooting
- Authentication
- Browser
- Central Management Server
- Complex
- Configure or Repair Agents
- Container View
- Credentials
- Data Collection
- Database
- Discovery
- iLO
- Linux servers
- Event
- Host name
- HP Insight Control power management
- Insight Control virtual machine management
- HP Smart Update Manager
- Systems Insight Manager
- Identification
- Installation
- License Manager
- Locale
- Managed Environment
- HP MIBs
- Onboard Administrator
- OpenSSH
- Performance
- Ports used by HP SIM.
- Privilege elevation
- Property pages
- Reporting
- Security
- Sign-in
- SNMP settings
- SSH communication
- System Page
- System status
- Target selection wizard
- Tasks
- Tools
- Upgrade
- UUID
- Virtual identifiers
- Virtual machines
- VMware
- WBEM
- WBEM indications
- WMI Mapper
- C Protocols used by HP SIM
- D Data Collection
- E Default system tasks
- Biweekly Data Collection
- System Identification
- Old Noisy Events
- Events Older Than 90 Days
- Status Polling for Non Servers
- Status Polling for Servers
- Status Polling for Systems No Longer Disabled
- Hardware Status Polling for Superdome 2 Onboard Administrator
- Data Collection
- Hardware Status Polling
- Version Status Polling
- Version Status Polling for Systems no Longer Disabled
- Check Event Configuration
- Status polling
- F Host file extensions
- G System Type Manager rules
- H Custom tool definition files
- I Out-of-the-box MIB support in HP SIM
- J Support and other resources
- Glossary
- Index
21 Privilege elevation
Privilege elevation enables users without root privileges to run tools requiring root privileges on
HP-UX, Linux, and VMware ESX managed systems. To use this feature with HP SIM, a privilege
elevation utility such as su, sudo, or Powerbroker must be installed on the managed system. Typically,
these utilities are used to sign in as a normal user, then when you want to run a program requiring
root, prefix the command line for that program with the privilege elevation utility's executable. For
example sudo rm /private/var/db/.setupFile. Some of these utilities can be configured
to prompt the user for a password before allowing root access.
For HP SIM to run tools on managed systems using privilege elevation, HP SIM must be configured
to know which user to use to sign in to the managed systems, how to prefix the command line that
it will run, and whether or not the privilege elevation utility will prompt for a password. This is
configured either from the First Time Wizard, or from the Options menu by selecting
Options→Security→Privilege Elevation. You can configure different values of these settings
for Unix and Linux systems versus VMware ESX systems.
Once you have configured HP SIM to use privilege elevation, it determines if a tool needs privilege
elevation by looking at the tool's execute-as parameter. This is the user the tool should be run as
on the managed system. If this parameter is specified as root in the tool's tool definition file (tdef),
then HP SIM will invoke privilege elevation. If this parameter is not specified in the tdef, then HP
SIM defaults the value of execute-as to be the identity of the user invoking the tool within HP
SIM. If this user is logged in as root, then privilege elevation will also be used.
When HP SIM determines that privilege elevation should be used, it uses SSH to sign in to the
remote system with the user that was configured in the privilege elevation settings page (a specific
user, the user who is currently signed into HP SIM, or a user specified at runtime). If the user must
be specified at runtime, or if a password is required for privilege elevation, these prompts appear
on the Task Wizard page that collects any parameters necessary to run a tool. After HP SIM is
signed into the remote system through SSH, it invokes the command for the tool, prefixed by the
privilege elevation utility executable, and supplies the password if required.
127