HP Web Jetadmin - Understanding SNMPv3 and HP Web Jetadmin
2
OVERVIEW
SNMPv3 (Simple Network Management Protocol, version 3) is a secure management protocol that is
used to encrypt data and require user authentication on devices being managed from within
applications like HP Web Jetadmin. HP Web
Jetadmin is fully compatible with SNMPv3, but
there are some administrative best practices and
rules that should be understood and followed. This
document relates to HP Web Jetadmin 10.x
versions. HP recommends keeping your HP Web
Jetadmin installation at the latest version available
at www.hp.com
. More information, including Self
Help, can be found by visiting
www.hp.com/go/wja
.
INTRODUCTION TO SNMPV3
SNMP is the primary means HP Web Jetadmin uses to communicate with and manage devices. As the
administrator manages devices with HP Web Jetadmin features, HP Web Jetadmin communicates with
the devices through functions known as “Set and Get” operations. Of course, this description is
merely preliminary, as the SNMP communication protocol is based on a very structured and mature
RFC (Request for Comment, Internet Engineering Task Force). Basic SNMP will be called SNMPv1/2
in this document.
SNMPv3 provides a layer of security for device management communication, including cryptographic
authentication and data confidentiality (encryption). SNMPv1/2 transmits all data on the network
(including data that may be sensitive) in plain text. This means that tools such as network sniffers may
be used to monitor the SNMPv1/2 transmissions, such as Get and Set SNMP Community Names.
SNMPv3 adds data encryption, reducing the risk of data being sniffed from the network. Also, with
SNMPv3, authentication between the device and HP Web Jetadmin is enforced.
SNMPv1/2 Get and Set Community Names are passed through the network as clear text characters.
In practice, these items have been used as passwords, but actually provide only limited security value.
In environments with elevated security risks, SNMPv3 should be given serious consideration over the
less secure Get and Set items. SNMPv3 credentials make sniffing data very difficult, which adds
security to device management communication.
USING HP WEB JETADMIN TO
MANAGE SNMPv3 SETTINGS
All HP devices that are capable of management via
applications such as HP Web Jetadmin are set to
SNMPv1/2 by default. In order to enable
SNMPv3, the device must first be configured by an
application such as HP Web Jetadmin.
In Figure 1, a device is set up for SNMPv3 using
HP Web Jetadmin’s SNMP Version Access Control
configuration item. Note that in this figure only one
device (within a device list) is selected for the
SNMPv3 setup. To communicate with an SNMPv3
device, HP Web Jetadmin must have these
elements:
Figure 1—SNMP setup (single device)
Best practices
When using HP Web Jetadmin to manage
SNMPv3 devices, HP Web Jetadmin should
be the only configuration agent used in
setting up SNMPv3. Notes later on in this
document will show the complexities that
exist when SNMPv3 settings are managed
from outside of HP Web Jetadmin.