Safe and Powerful: Security in HP-UX System Management Homepage (SMH)
5
Common HTTP and HTTPS service for HP Insight Management Agents and utilities, for
reduced complexity and system resource requirements.
Certificate-based authentication which is considered to be a very safe and secure mode
of authentication. Certificates signed by CAs such as VeriSign can be used for this.
Simplified architecture for implementing HTTP security and HP management updates.
Greater access control through NIC binding and advanced configuration features for
individual and groups of users.
Broader operating system and browser support.
Facility to launch X application and Run a command. It is available in SMH -> Tasks ->
Launch X Application -> Launch X Application as Root -> Run Command -> Run
Command as Root.
Managing SMH security
The Security menu
The Security link in SMH provides options for you to manage the security of SMH itself. For
more information about configuring all of these powerful security settings, refer the System
Management Homepage User Guide. The security options in SMH are as follows:
IP Binding
Settings → System Management Homepage → Security → IP Binding
IP Binding specifies the IP addresses that SMH accepts requests from and controls the nets
and subnets that requests are processed.
Administrators can configure SMH to bind only to addresses specified in the IP Binding
window. You can define up to five subnet IP addresses and netmasks.
An IP address on the server is bound if it matches one of the entered IP Binding addresses
after the mask is applied.
IP Restricted Login
Settings → System Management Homepage → Security → IP Restricted Login
IP Restricted login enables SMH to restrict login access based on the IP address of a system
from which the sign-in is attempted.
Local Server Certificate
Settings → System Management Homepage → Security → Local Server Certificate
The Local Server Certificate link enables you to use certificates that are not generated by HP.
Multihomed Certificate
Settings → System Management Homepage → Security → Local Server Certificate
SMH allows the setting of multihomed or multiple names to certificates that are not generated
by HP. Through this functionality, the certificate for SMH can contain additional information
for the machine, such as other names in the network and IPs that are available. In the same
way, it is possible to create a request certified to be signed by a Certificate Authority (CA).
Two kinds of values are acceptable as alternative names: