Manualshelf

Managing HP servers through firewalls with Insight Management 7.2

ManualsBrandsHP ManualsSoftwareInsight Software
11121314151617181920
White paper| HP Insight Management 7.2
13 | March 2013
Case 3: Managing through a
firewall using a single
network
In other computing environments, a firewall commonly separates the central management server
(CMS) and the managed server. In such an environment (Figure
3), two networks are given
different levels of trust. For example, the managed server may be in a DMZ, while the CMS resides
in a more trusted portion of the intranet. The firewall is used to control traffic between these two
networks. The firewall permits the exchange of only specific types of traffic between specific
systems.
In some situations, the firewall may simply restrict communication between specific IP addresses.
For example, the firewall may allow the exchange of any IP packets between the managed system
and the CMS. However, because host names and IP addresses can be spoofed, a higher level of
restriction can be imposed through the firewall; that is, the firewall can permit only non-spoofable
protocols.
In this case study, HP assumes that the firewall is configured to allow only requests from the CMS
to the managed server and returned responses. Typically, this means the firewall does not permit
UDP traffic, because connectionless protocols cannot easily be configured to block incoming
packets. Only specific TCP ports are opened, and they can be filtered for certain types of traffic.
Figure 3: Firewall separating central management server from managed server
Asset management
HP Insight Management provides asset management services by first discovering and identifying
the managed systems, gathering data from instrumentation running on each managed system,
storing this data in a SQL database, and finally providing reporting capabilities on this gathered
data. These steps require communication between the CMS and managed system as described in
the following paragraphs.
First the managed systems and the instrumentation running on them is identified. HP Insight
Management offers an automatic discovery mechanism using IP ping sweep, or you can manually
add systems by name or address. In either case, the CMS attempts to contact the managed
system using a ping. If this fails, no further requests are sent to the system.
HP Insight Management normally uses an ICMP echo to ping a system. However, some network
administrators turn off ICMP through firewalls. In this situation, you can configure HP Insight
Management to use a TCP port to ping systems. Port 80 is used by default, but an alternative port