HP Web Jetadmin - Understanding SNMPv3 and HP Web Jetadmin

ManualsBrandsHP ManualsSoftwareHP Web Jetadmin Software

specific discovery or to a discovery

template. Figure 4 (on the previous page)

shows the device discovery settings

interface that allows adding SNMPv3 and

other credentials. This pane is available as

“live” discoveries are run or in the Create

Discovery Template wizard when you wish

to store discovery settings. Another way to

ensure SNMPv3 credentials are included in

a discovery is to add them to the Global

SNMPv3 Credentials feature (Figure 5). This

feature can be understood as a global try-

list. Any time HP Web Jetadmin encounters

a device with a credentials set, it first looks into the Credentials Store. If nothing is found in the Store,

it attempts whatever the administrator has configured within the global feature. The global feature is

not restricted to SNMPv3 credentials. Any of the other credential types like SNMP Community Names

or File System Password can be added.

NOTE HP Web Jetadmin discoveries are slowed when many credentials are added to the Global

SNMPv3 Credentials feature. For each device that lacks credentials in the Credentials Store,

HP Web Jetadmin must go through each global value until it either finds a working credential

or exhausts the list.

SNMPv3 PASSPHRASES VS. KEYS

The HP EWS management interface allows access to

many device settings. Both device and HP Jetdirect

management settings can be viewed and adjusted from

HP EWS. While you may expect these to be identical to

the settings found in the HP Web Jetadmin configuration

interface, this isn’t always the case. For example,

HP EWS shows SNMPv3 credentials as hexadecimal

keys, while HP Web Jetadmin has credentials configured

with passphrases. This is a significant difference and

managing SNMPv3 from both interfaces on the same

device or even within the same fleet is not recommended.

When the SNMPv3 credential is configured from within HP Web Jetadmin, the user adds a user

identity and two passphrases to the interface. The passphrases are designed with human usability in

mind and can be simple, easy to remember strings of letters and/or numbers. (The example given on

page 3 was “oncewasasmallcat”.) When HP Web Jetadmin sets up the device for SNMPv3 security,

it transposes that phrase into a hex key using a secure hash technique of MD5 or DES, depending on

the phrase. This is done in order to make it nearly impossible to derive the user passphrases from

network utilities. So, while HP Web Jetadmin allows the

user to work with friendly passphrases, the SNMPv3

communication between Jetdirect and HP Web Jetadmin

uses very cryptic strings that prevent tampering with

devices and data.

The HP EWS interface, however, requires the user to

enter hexadecimal keys rather than passphrases. For

security reasons, it doesn’t disclose the key values that

are currently stored on the device. This means it is

extremely difficult to manage SNMPv3 credentials from

Figure 5—Global SNMPv3 Credentials

Best practices

If HP Web Jetadmin is initially used to

configure SNMPv3 on devices,

HP Web Jetadmin must always be used

instead of HP EWS. Administrators can

continue to use HP EWS as a

management interface with the

exception of SNMPv3 settings.

Best practices

Use the Global SNMPv3 Credentials

feature to ensure HP Web Jetadmin has

enough information to discover your

SNMPv3 protected devices. Limit the

values you add to the global feature to

avoid discovery performance issues.