Manualshelf

Understanding HP Systems Insight Manager 6.3 Security

ManualsBrandsHP ManualsSoftwareHP Systems Insight Manager for Windows
12345678910
Best security practices include care when visiting other websites. You should use a new browser
window when accessing other sites; when you are finished using HP SIM you should both sign out
and close the browser window.
Internet Explorer zones
Internet Explorer supports several zones that can each be configured with different security settings.
The name used to browse to HP SIM or managed systems can affect which browser zone Internet
Explorer places the system. For example, browsing by IP address or full Domain Name System (DNS)
(for example, hpsim.mycorp.com) can place the system into the browser’s more restrictive Internet
zone, causing improper operation. Ensure systems are being placed into the correct Internet zone
when browsing. You might need to configure Internet Explorer, or use a different name format when
browsing.
System link format
To facilitate navigation to managed systems, HP SIM provides the System Link Configuration
option to configure how links to managed systems are formed. Go to OptionsÆSecurityÆSystem
Link Configuration.
Three options are available:
Use the system name
Use the system IP address
Use the system full DNS name
If you need full DNS names to resolve the system on your network, keep in mind that the browser
might display a warning if the name in the system’s certificate does not match the name in the
browser.
Operating-system dependencies
User accounts and authentication
HP SIM accounts are authenticated against the CMS host operating system. Any operating system
features that affect user authentication affect signing into HP SIM. The operating system of the CMS
can implement a lock-out policy to disable an account after a specified number of invalid sign in
attempts. Additionally, an account can be manually disabled in the Microsoft Windows domain. Any
account that cannot authenticate against the operating system prevents signing into HP SIM using that
account. For automatic sign-in to HP SIM, user accounts must be domain accounts.
Note: A user who is already signed into HP SIM is not re-authenticated against the operating system
until the next sign in attempt and continues to remain signed into HP SIM, retaining all rights and
privileges therein, until signing out of HP SIM.
IMPORTANT: If creating operating system accounts exclusively for HP SIM accounts, give users the
most limited set of operating system privileges required. Any root or administrator accounts should be
properly guarded. Configure any password restrictions, lock-out policies, and so on, in the operating
system.
File system
Access to the file system should be restricted to protect the object code of HP SIM. Inadvertent
modifications to the object code can adversely affect the operation of HP SIM. Malicious modification