HP Servicecontrol Manager 3.0 User's Guide
HP Servicecontrol Manager Introduction
Security and Access
Chapter 1
19
Security and Access
SCM utilizes several technologies to provide secure access and secure transactions. The
security model is graphically represented in Figure 1-7.
To simplify the image, each managed node in Figure 1-7 is only running one
management application or protocol. Normally, managed nodes are running multiple
management applications and protocols.
Figure 1-7 SCM Security
Secure Access
You can access SCM via a command line or a Web browser. Both of these user interfaces
can be accessed from anywhere on your network.
When you access SCM from the command line interface, your operating system login
automatically logs you on to SCM. Once you are logged on, you will have access to use
the SCM commands based on your authorizations. If you access SCM from any system
other than the CMS, make sure you use an Secure Shell (SecSH). Programs like telnet,
rlogin, and ftp do not provide encrypted access. When you use one of these applications
to access SCM, your data including your password is transmitted across the network
unencrypted. In addition, these protocols are not spoof-protected.
When you access the SCM from a Web browser, you log on using the secure HTML log-on
screen. The user name and password for the log-on screen are the same as your CMS
operating system user name and password. Your information is securely transmitted
using the SSL protocol. SSL provides data encryption and server authentication by using
a public and private key technology. The Web server on the CMS uses a certificate for
server authentication. By default, this certificate is self-signed, but it may be replaced by
a certificate that is signed by a trusted certificate authority.
CMS
Client
Web
Secure
Shell
Browser
HTTPS
SecSH
Tomcat Web
Server
SCM
password database
for WBEM and SNMP
Managed Node
running SNMP
Managed Node
running WBEM
Managed Node
running DTF Agent
Database
OR
J
a
v
a
R
M
I
H
T
T
P
S
SN
M
P
digitally signed
using a public key
Managed Node
running SNMP
Certificate
self-signed
certificate
CA-signed or
Certificate
self-signed
certificate
CA-signed or