Manualshelf

HP WBEM Services Version A.02.07, Release Notes, March 2008

ManualsBrandsHP ManualsSoftwareHP-UX 11i WBEM Software
11121314151617181920
Table Of Contents
HP WBEM Services Version A.02.07, Release Notes
Security
Chapter 112
Security
HP WBEM Services supports four connection points
HTTP port
HTTPS (HTTP Secure) port
HTTPS port for Export Connections
a Unix domain socket for local connections
HP WBEM Services uses dedicated ports for CIM-XML traffic. The ports 5988 (HTTP TCP/IP
communication) and 5989 (HTTPS TCP/IP communication) are dedicated for CIM-XML
communications between CIM Clients and the CIM Server. The port defined by the service
name wbem-exp-https (HTTPS TCP/IP communication) is dedicated for CIM-XML
communication between the Indication sender and the CIM Server (Indication receiver). The
HTTP and the two HTTPS connection points may be disabled using the cimconfig command
line utility. However, the Unix domain socket connection is always enabled when the CIM
Server is running.
Security Considerations
Keep in mind the following security considerations if you plan to make use of SNMP as well as
PRM and WLM:
You can use tools such as Process Resource Manager (PRM) and Workload Manager
(WLM) to limit computing resources used by the WBEM Services processes. You can
purchase these products from http://www.software.hp.com.
However, limiting or restricting the computing resources of the WBEM Services processes,
depending on the configured limits and WBEM Services utilization, may constantly reach
its limits, causing undesirable results.
Due to known security vulnerabilities and limitations of the SNMP protocol, we do not
recommend the utilization of the SNMP indication handler.
SSL Support
With HTTPS connections enabled, HP WBEM Services uses SSL (Secure Sockets Layer) for
all communications, with server-side certificates that are trusted by the management
application. HP WBEM Services uses OpenSSL to support HTTPS connections.