Manualshelf

HP-UX WBEM Services Release Notes, September 2010

ManualsBrandsHP ManualsSoftwareHP-UX 11i WBEM Software
12345678910
Security
HP WBEM Services supports four connection points
HTTP port
HTTPS (HTTP Secure) port
HTTPS port for Export Connections
a Unix domain socket for local connections
HP WBEM Services uses dedicated ports for CIM-XML traffic. The ports 5988 (HTTP TCP/IP
communication) and 5989 (HTTPS TCP/IP communication) are dedicated for CIM-XML
communications between CIM Clients and the CIM Server. The port defined by the service name
wbem-exp-https (HTTPS TCP/IP communication) is dedicated for CIM-XML communication
between the Indication sender and the CIM Server (Indication receiver). The HTTP and the two
HTTPS connection points may be disabled using the cimconfig command line utility. However,
the Unix domain socket connection is always enabled when the CIM Server is running.
Security Considerations
Keep in mind the following security considerations if you plan to make use of SNMP as well as
PRM and WLM:
You can use tools such as Process Resource Manager (PRM) and Workload Manager (WLM)
to limit computing resources used by the WBEM Services processes. You can purchase these
products from http://www.software.hp.com.
However, limiting or restricting the computing resources of the WBEM Services processes,
depending on the configured limits and WBEM Services utilization, may constantly reach
its limits, causing undesirable results.
Due to known security vulnerabilities and limitations of the SNMP protocol, we do not
recommend the utilization of the SNMP indication handler.
SSL Support
With HTTPS connections enabled, HP WBEM Services uses SSL (Secure Sockets Layer) for all
communications, with server-side certificates that are trusted by the management application.
HP WBEM Services uses OpenSSL to support HTTPS connections.
NOTE: OpenSSL is an open source cryptography toolkit that implements the network protocols
and related cryptography standards of SSL v2/v3 and TLS (Transport Layer Security). For more
information about OpenSSL, go to http://www.openssl.org.
HP WBEM Services supports only SSL v3 and TLS protocols.
On the HTTPS port, CIM clients are required to use SSL to establish connections with the CIM
Server and to send CIM requests.
To disable the HTTPS port, use the cimconfig command to set the planned value of the CIM
Server configuration property enableHttpsConnection to false. Be sure the planned value
for enableHttpConnection is set to true and restart the CIM Server.
To disable the Export HTTPS port, use the cimconfig command to set the planned value of the
configuration property enableSSLExportClientVerification to false and restart the
CIM Server.
Local User Authentication
The CIM Server automatically authenticates local connections - that is connections established
using the connectLocal method in the CIMClient interface. This eliminates the need for the
user to specify a user name or password when issuing management commands on the local
system.
8 HP WBEM Services Version A.02.09 Release Notes