Managing HP Servers through Firewalls with Insight Management 7.0
27
Appendix A: Configuring a separate management network
To configure a separate management network using HP Systems Insight Manager, install HP Systems
Insight Manger on the secondary network by completing the following steps:
1. Configure SNMP to accept packets only from the IP addresses used on the management network,
or bind SNMP to the secondary network interface (if the operating system allows this):
• On Windows systems:
From the Control Panel, open the Services menu.
Open the Properties for the SNMP Service.
Under the Security tab, add IP addresses to the list of IP Addresses that can accept SNMP
packets.
• On systems running Linux or HP-UX:
Modify the configuration file snmpd.conf to accept SNMP packets only from the
desired hosts.
Do the same with any other OS service needed on the network.
2. If a firewall is used on the CMS or managed systems, configure the firewall rules to only allow
SNMP WMI and WBEM requests from address in the management network. Use the ports in
Appendix B: Modifying default ports to determine which rules to configure.
3. Configure the HP Insight Management Agents to allow access only from IP addresses on the
management network:
Log into the agent with administrator privileges.
Go to the Settings/Options page, and modify the IP Restricted Logins settings.
4. Configure HP Systems Insight Manager to discover the systems on the secondary network:
In HP Insight Manager, go to Options Discovery Automatic Discovery.
Add the IP addresses for the systems on the secondary network.
You can disable WMI, WBEM, and DMI on the primary network by configuring a firewall on the
system to disable each of the protocols on the primary NIC. The method of accomplishing this varies
for each firewall.