Managing HP Servers through Firewalls with Insight Management 7.0

computing environment, the administrator has to allow the protocols required to communicate

between the systems through the connected firewall.

Selecting the protocols that must be enabled through the firewall depends on the types of system to

be managed. Issues associated with each protocol are discussed in the following paragraphs. Ideally,

BEM will be used to manage servers located through a firewall.

Configuration Management

HP web agents on managed systems in a DMZ should first be configured to trust-by-certificate the HP

SIM server. This will authenticate all Version Control (VC) commands and all Replicate Agent Settings

(RAS) commands to the agent as coming from the specified CMS; these commands require HTTPS

over port 2381.

Systems must be discoverable by the CMS. Refer to the Asset Management section for more

information. Systems must also be identifiable, which minimally requires HTTP access over port 2301.

Table 3 identifies the protocols used for configuration management when managing through a

firewall.

Note

HP does not recommended enabling management protocols such as SNMP

or DMI on systems outside the firewall or directly connected to the Internet.

Table 3 Summary of protocols used for configuration management

CMS Managed

System

Port

Protocol

Description

Out In Out ICMP Ping

Y Y 22 SSH SSH server (for DTF)

Y Y 161 SNMP (UDP) SNMP Agent

Y Y 162 SNMP Trap (UDP) Trap listener

Y 80 HTTP

Management processor and other devices;

standard Web server

Y Y 280 HTTP

Web server for HP SIM; Web agent auto-

start port

Y 443 HTTPS

Management processor and other devices;

standard Web server

Y 1433 TCP Microsoft SQL Server database

Y Y 2301 HTTP Web agent Web server

2367 RMI HP SIM RMI connection

Y Y 2381 HTTPS Web agent Web server

Y 5432 ProstgreSQL Server database

Y Y 5988 HTTP WBEM service

Y Y 5989 HTTPS WBEM service