Manualshelf

HP Systems Insight Manager 7.2 Technical Reference Guide

ManualsBrandsHP ManualsSoftwareHP Systems Insight Manager 6.x Windows Software
21222324252627282930
HP SIM is installed, it creates a self-signed certificate. Your browser might initially display a security
alert when you browse to HP SIM, describing the certificate as untrusted. This designation occurs
because the certificate is self-signed (signed by the HP SIM server) and the signer is not in the
browser list of CAs. By securely importing the HP SIM server certificate into the browser, the browser
can authenticate the HP SIM server to which you are browsing.
HP SIM also supports the ability to use a certificate from a third-party CA or your own internal CA
or PKI. In this case, you can import the CA certificate into your browser. For more information, see
Importing a CA-signed certificate.
Sign-in and accounts
A user name, domain name (for Windows CMS), and password are required before you can
access any feature of HP SIM. HP SIM uses the user authorizations of the underlying operating
system (Windows, Linux, or HP-UX) and relies on the operating system to authenticate users.
The user that is installing HP SIM must be either a system administrator (for Windows) or root user
(for Linux and HP-UX). This user has administrative access to HP SIM.
After signing in with this account, create additional accounts for other users. Each account can
have different configuration rights and authorizations. You can restrict the IP addresses from which
each account can sign-in. For more information, see Users and authorizations.
Audit settings can be configured to log a notice for different types of security events, including
sign-in and sign-out events. For more information, see Configuring sign-in events.
Single Sign On, Replicate Agent Settings, and Install Software and Firmware
To take advantage of Single Sign On or to execute Replicate Agent Settings or Install Software
and Firmware tasks on the managed systems, set up a trust relationship between HP SIM and the
desired managed systems. A trust relationship enables the managed system to specify which HP
SIM servers can issue commands to the system. Without an established trust relationship, these
commands fail.
Setting up a trust relationship on the managed system requires that you browse to the system, set
the trust mode, and add HP SIM to the Trusted System Certificates list. Managed systems can also
be set up with an appropriate certificate during deployment. At the HP SIM server, you must also
specify the user authorization for the managed system and have executed a System Identification
task. If you have enabled the Require option on the Trusted System Certificates page, you must
import the certificates of trusted managed systems into HP SIM, or a root CA certificate.
Certificates
HP SIM allows secure and authorized management from the CMS. User authorizations for managed
systems and the CMS can be configured, helping ensure that only authorized users perform
state-changing operations. Communication between the CMS, managed systems, and the browser
is secured using SSL and certificates, helping to authenticate systems and protect user credentials
and management data.
A new SSL certificate is created during CMS initialization that is used as a client credential in
WBEM requests (instead of the CMS certificate). To authenticate using the WBEM certificate, select
Use certificate instead in the WBEM settings section of the System Protocol Settings page. See
Setting protocols and credentials for a system or group of systems for more information. To configure
the WBEM certificate, use the Configure or Repair Agents task. See Configuring managed systems
from a Windows CMS for more information.
NOTE: The WBEM client certificate authentication feature is supported only on HP-UX systems,
that have WBEM Services 2.5 installed for HP SIM.
Security 25