Manualshelf

HP Insight Software 6.0 Getting Started Guide

ManualsBrandsHP ManualsSoftwareHP-UX Matrix Operating Environment
12345678910
NOTE: In many cases, if promiscuous mode is disabled in the hypervisor, it cannot be used on
a VM guest (the guest can enable it, but it will not be functional).
Maintain zones of trust (DMZ separate from production machines).
Clearly define administrative roles and responsibilities (host administrator, network administrator, and
virtualization administrator). Use the Systems Insight Manager toolbox and Virtual Connect role
capabilities to distinguish these roles.
Achieve a higher level of security for components that are delivered with certificates signed by the
provider (for instance Systems Insight Manager and System Management Homepage), by populating
them with trusted certificates at deployment time.
Implement directory services. Directory services enable a consistent authentication and authorization
process throughout the environment. You can also use directories for role-based access control.
Do not use local accounts. However, if you use local accounts, HP recommends that you periodically
change the passwords as follows:
Change default passwords immediately to a more relevant and secure password
Change management device passwords with the same frequency and according to the same
guidelines as server administrative passwords
Choose passwords that include at least three of these four characteristics: numeric characters,
special characters, lowercase characters, and uppercase characters
Protect SNMP traffic. Even though only read-only access through SNMP is used by the Insight software
products, HP recommends that administrators reset the community strings according to the same guidelines
as administrative passwords. HP also recommends that administrators set firewalls or routers to accept
only specific source and destination addresses. If SNMP is not desired, administrators disable this
feature at the host. Administrators can also disable the iLO SNMP pass-through.
Use WBEM, when available, because it provides a greater degree of security than SNMP.
See the following sources for more information about security:
Managing your HP Servers through Firewalls with HP SIM
white paper:
http://h10018.www1.hp.com/wwsolutions/misc/hpsim-helpfiles/MANAGINGHPServers-withHPSIM.pdf
Secure Shell (SSH) in HP SIM
white paper:
http://h10018.www1.hp.com/wwsolutions/misc/hpsim-helpfiles/hpsim_5_ssh.pdf
HP Systems Insight Manager User Guide
:
http://www.hp.com/go/foundationmgmt/docs
Recommendations for security policies and practices 9