Manualshelf

Understanding HP Systems Insight Manager 6.3 Security

ManualsBrandsHP ManualsSoftwareHP Systems Insight Manager for Windows
11121314151617181920
3. Take the certificate from the HP SIM system and import it into the Insight Management Agents
of each system. This allows the managed systems to trust the HP SIM system. This certificate
can be distributed using any of the methods available to distribute the HP SIM certificate.
However, the option to pull the certificate directly from the HP SIM system over the network
must be avoided due to the potential man-in-the-middle attack.
IMPORTANT: As in the Moderate option, you must redistribute the HP SIM SSL certificate to
the managed systems whenever a new HP SIM SSL certificate is generated.
4. Once these steps have been completed, you can turn on the option in HP SIM to enable
Require Trusted Certificates. Select OptionsÆSecurityÆCertificatesÆTrusted
SystemsÆTrusted Certificates (OptionsÆSecurityÆCertificatesÆ Trusted
Certificates *). The warnings presented around this option make it clear that any managed
system that does not have a certificate signed by your certificate server will not be sent secure
commands from the HP SIM system, although it will be monitored for hardware status.
5. For SSH, turn on the option to accept SSH connections only from specified systems. Select
OptionsÆSecurityÆCredentialsÆTrusted SystemsÆSSH Host Keys
(OptionsÆSecurityÆSSH Keys *) and enable the option The central management
server will accept an SSH connection only if the key is in list below. Afterwards,
you must manually import each managed system’s public SSH key into the list of keys in HP
SIM.
Note: To configure this in previous version of HP SIM, add or modify the following line in H
mx.properties:
MX_SSH_ADD_UNKNOWN_HOSTS=false
and then restart HP SIM.
Afterwards, you must manually import each managed system’s public SSH key into the list of
keys in HP SIM.
* For versions prior to HP SIM 5.3
Port listing
The following ports and protocols are used by the HP SIM solution. If you have an application
firewall, the core HP SIM process is mxdomainmgr, and the Distributed Task Facility (DTF) is
mxdtf.
CMS Managed
System
Port
Protocol
1
Description
In
2
Out In Out
ICMP
1
Ping
Y Y 22 SSH SSH server (for DTF)
Y Y 161 SNMP SNMP Agent
Y Y 162 SNMP Trap Trap listener
Y
4
Y 80 HTTP
Management processor and other devices;
standard Web server
Y
Y
4
Y 280 HTTP
Web server for HP SIM; Web agent auto-start
port