HP-UX Workload Manager A.03.00 Release Notes for HP-UX 11i v1 and HP-UX 11i v2
HP-UX Workload Manager Release Notes
Security
41
Security
This section highlights security items you should be aware of.
Data collectors
Data collectors invoked by WLM run as root and can pose a security threat. Hewlett-Packard
makes no claims of any kind with regard to the security of data collectors not provided by
Hewlett-Packard. Furthermore, Hewlett-Packard shall not be liable for any security breaches
resulting from the use of said data collectors.
wlmgui and wlmcomd
WLM and the WLM GUI allow you to set up secure communications as described in the
wlmcert(1M) man page. If you choose not to use secure communications, here are several
security tips:
• Do not use wlmgui over the Internet. Use wlmgui and wlmcomd only on trusted LANs
where you trust all the users: All data exchanged between wlmcomd and wlmgui, including
the user’s password, is transmitted without encryption over the network.
• Restrict communications between wlmcomd and wlmgui to only authorized users to
improve security.
• Rely—only to the extent that you trust your intranet—on the monitoring information
from wlmgui to decide on a course of action.
• The WLM GUI sends data to wlmcomd over the network without verifying the recipient.
• Each connection to wlmcomd represents a separate process on the system. As such, each
connection consumes resources, such as open file descriptors, a process ID, memory, and so
forth. A large number of connections could result in denial of service. You can restrict
connections by deploying wlmcomd on systems behind a firewall that blocks access to the
port being used.