Manualshelf

Managing HP Servers through Firewalls with Insight Management 7.0

ManualsBrandsHP ManualsSoftwareInsight Software
11121314151617181920
12
that change a device's configuration, can be encrypted to prevent their contents from being exposed
on the wire. Also, the group-based administrative model allows different users to access the same
SNMP agent with varying access privileges.
DMI
DMI is similar in design to SNMP. Each component to be managed must have a Management
Information Format (MIF) file that specifies the location of the component, name of vendor and model,
firmware revision number, interrupt request line (IRQ), I/O port address, and so on.
DMI is a remote procedure call (RPC-based protocol). To operate, DMI requires opening a number of
ports through a firewall. Therefore, DMI is not recommended for use through firewalls. It is largely
being replaced by WBEM.
Note
DMI is not supported on HP-UX systems running HP-UX 11.23 (11iv2) and
HP-UX 11.31 (11iv3). You must use WBEM for this operating system.
WBEM
Web-Based Enterprise Management (WBEM) is one of the newest management protocols. HP
Management products will communicate to systems either directly using the WBEM protocol, or to the
Windows WMI systems, using the WMI Mapper Proxy.
WBEM uses HTTPS to provide a secure TCP connection from the CMS to the managed system. WBEM
uses its own port (5989 for SSL connections) and is supported through firewalls. The CMS can use
trusted certificates to authenticate the managed system, while the managed system uses user names
and passwords to authenticate the CMS.
Note
Firewalls should be configured to allow the CMS to communicate with
managed systems through default port 5989. If you have modified the
default port setting for your WBEM provider, you must configure your
firewall for the port number your WBEM provider on which it is actually
configured.
WMI
WMI is Microsoft’s implementation of WBEM. WMI runs over DCOM, which in turn, uses RPC. The
WMI Mapper is an application that provides translation from WMI (a DCOM-based interface) to a
standardized WBEM interface (CIM XML/HTTP). This is a two-way translation. The WMI Mapper is
required for HP Insight Control to manage Windows computers, including ProLiant servers running the
Insight Providers for Windows. The WMI Mapper service runs separately from the HP SIM service. For
Windows systems behind a firewall, HP recommends installing the WMI Mapper on a managed
system in the secure network (Figure 4) and disabling direct remote access to WMI. This mapper
allows standard WBEM requests through the firewall, and they are mapped to WMI requests on the
managed system.