HP Vulnerability and Patch Manager 6.
© Copyright 2010 Hewlett-Packard Development Company, L.P. Legal Notices Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice.
Table of Contents 1 Overview..................................................................................................5 Supported target systems..........................................................................................................................5 Supported applications............................................................................................................................6 2 Requirements.........................................................................
List of Tables 2-1 2-2 2-3 Hardware requirements......................................................................................................................8 Software requirements.......................................................................................................................9 VPM Acquisition Utility requirements....................................................................................................
1 Overview The HP Vulnerability and Patch Manager extends the functionality of HP Systems Insight Manager (HP SIM) to provide vulnerability and patch management for target systems. IMPORTANT: HP is phasing out the HP Vulnerability and Patch Manager software (VPM) from Insight Control. Technical support will be offered based on the Technical Support and Upgrade offerings for HP Insight Control sold through November 2009.
• • Windows Vista Business, 32-bit • Windows Vista Business, 64-bit • Windows Vista Enterprise, 32-bit • Windows Vista Enterprise, 64-bit • Windows XP Professional, SP2 • Windows XP Professional, SP3 • Windows XP Professional x64 Edition SP1 Linux systems: NOTE: You must have a valid subscription to the Red Hat Network for patch acquisitions. A valid Red Hat network license is required for each system patched. For more information, see http:// www.redhat.com.
2 Requirements Vulnerability and Patch Manger server requirements The Vulnerability and Patch Manger server, the server on which Vulnerability and Patch Manager is installed, must meet the following hardware and software requirements. Requirements listed for the Vulnerability and Patch Manger server are independent of requirements for HP SIM and any other applications that coexist on the Vulnerability and Patch Manger server.
Hardware The Vulnerability and Patch Manger server, the server on which the Vulnerability and Patch Manger software is installed, must meet the following hardware requirements. Requirements listed for the Vulnerability and Patch Manger server are independent of requirements for Systems Insight Manager and any other applications that coexist on the Vulnerability and Patch Manger server.
Table 2-2 Software requirements Component Specification Operating system (32-bit and 64-bit versions)* • Microsoft Windows Server 2003, Standard Edition SP2, 32-bit • Windows Server 2003, Enterprise Edition SP2, 32-bit • Windows Server 2003, Enterprise Edition SP2, 64 bit • Windows Server 2003, Standard Edition SP2, 64 bit • Windows Server 2008, Standard/Enterprise Edition SP1, 32 bit • Windows Server 2008, Standard/Enterprise Edition SP1, 64 bit • Windows 2003 R2, Standard/Enterprise Editio
3 Installation and configuration New versions of HP Vulnerability and Patch Manager are automatically installed over a previous version. Any scheduled tasks, scan reports, and patch updates are retained. Be sure to have the following items available before beginning the installation: • Location and credentials for HP SIM (user name, password, and domain) • Credentials for the Microsoft SQL Server database if an existing SQL Server database will be used • HP SIM 5.
4. Select the components to install, and click Next. The HP Systems Insight Manager Credentials screen appears. 5. Enter the same credentials used to install HP SIM, and click Next. When the installation is complete, log in to HP SIM from an account with administrator privileges to access Vulnerability and Patch Manager.
NOTE: Vulnerability and Patch Manger installation takes between 30 and 50 minutes due to the additional time taken by the new SQL-based scanner installation. NOTE: The setup fails to begin the installation process if special characters like [ ] ( ) \ , * ! @ ; + \` “ { } space $ are used in the account password that is used to install Vulnerability and Patch Manager.
11. On the Vulnerability and Patch Manger server, create a directory named data at C:\Program Files\HP\VPM\Radia\Integration Server. 12. Copy downloaded files from the VPM Acquisition Utility server destination directory to the Vulnerability and Patch Manger server data directory. 13. From Systems Insight Manager, configure the import setting by selecting Options→Vulnerability and Patch Manager→Settings. 14. To start the import process, select Options→Vulnerability and Patch Manager→Acquire Updates.
8. Copy the file created by the rhn_register tool from /etc/sysconfig/rhn/systemid to \radia\IntegrationServer\etc. IMPORTANT: In a Red Hat Linux environment, configure the network connectivity between the CMS and the target systems by editing the correct /etc/hosts file. Verify that both CMS and target systems can reach each other by using the ping command execution with the host name.
3. Click Schedule, and then select a time to acquire daily Vulnerability and Patch Manger updates. Updates might not be available daily, but scheduling the event daily ensures that you obtain critical updates promptly. Updates to scan definitions are usually available a few days after new patches are released. 4. To run the patch acquisition, click Run Now. The vulnerability and patch acquisition process begins.
4 Licensing The VPM Patch Agent is automatically deployed when systems are licensed to allow patches to be applied to the systems. VPM Patch Agent updates might be acquired as part of the normal acquisition process. Agents installed on target systems are automatically updated the next time patches are applied or validated.
5 Troubleshooting This chapter identifies and provides solutions for commonly encountered Vulnerability and Patch Manger installation issues. Viewing Vulnerability and Patch Manger installation logs The Vulnerability and Patch Manger installation logs, which list the details of the installation of each Vulnerability and Patch Manger component, are located at &HOMEDRIVE&:\vpmsetuplogs, where HOMEDRIVE is usually the C drive. You can view the following logs: • vmpsetup.
Proceed with the Vulnerability and Patch Manger installation. If necessary, the installation account credentials can be changed back after the installation completes. Repeat steps 2 through 6 after the password has been changed, and then to update the Vulnerability and Patch Manger password.
• TCP 5989—WBEM/WMI Mapper secure • TCP 50000—HTTPS • TCP 50001—Secure SOAP • TCP and UDP 53—DNS The following ports are used by the Virtual Machine Management Pack and must be open: • 1125 • 1126 • 40420 Modifying firewall configuration settings To ensure that Vulnerability and Patch Manger can obtain updates, be sure that your firewall is configured for access to ftp://ftp.hp.com/pub/essentials/vpm/.
All target systems do not have the same administrator credentials For target systems that have individual administrator credentials, configure WBEM credentials individually to enable access to these target systems. 1. From within Systems Insight Manager, select Options→Discovery→Configure global credentials. 2. Select the system to configure, and then click Apply. 3. Enter the appropriate WBEM credentials, and then click Run Now.
6 Support and other resources Information to collect before contacting HP Be sure to have the following information available before you contact HP: • Software product name • Hardware product model number • Operating system type and version • Applicable error message • Third-party hardware or software • Technical support registration number (if applicable) How to contact HP Use the following methods to contact HP technical support: • In the United States, see the Customer Service / Contact HP U
Command user input computer output Enter term variable value Command name or qualified command phrase. Commands and other text that you type. Text displayed by the computer. The name of a keyboard key. Note that Return and Enter both refer to the same key. A sequence such as Ctrl+A indicates that you must hold down the key labeled Ctrl while pressing the A key. Defined use of an important word or phrase. The name of an environment variable, for example PATH or errno.
Index A acquiring updates, 12 acquisition utility, 12 administrator credentials, 20 administrator credentials changed, 20 C configuration problems, 17 configure a DNS server, 19 D DNS settings, 19 F firewall settings, 19 H hardware requirements, 8 I infrastructure, 7 installation failure, 18 installation logs, 17 installation problems, 17 installing MSDE, 17 L licensing Vulnerability and Patch Manger, 16 M Microsoft Data Engine (MSDE) troubleshooting, 17 Microsoft Data Engine (MSDE) updating, 17 mult
