Managing HP servers through firewalls with Insight Management 7.2

ManualsBrandsHP ManualsSoftwareInsight Software

White paper| HP Insight Management 7.2

14 | March 2013

may be specified in a configuration file. The target system need not be actively listening to the

chosen port, but the firewall must be configured to allow these requests to pass.

Next, the CMS attempts to identify a number of management protocols such as SNMP, HTTP, and

WBEM. The protocols used for asset management depend on the types of systems being

managed (Table 1):

• ProLiant servers provide management data through SNMP, giving complete coverage of

the hardware instrumentation. Integrity servers running Windows also provide this

SNMP instrumentation.

• ProLiant and Integrity servers running Microsoft Windows 2003or 2008 also expose

much data through the Insight Providers and WMI. The HP Insight Providers include

server providers (information about processors, memory, peripheral devices, computer

system information, and sensor information); network providers (network controller

information and indications); and storage providers (storage controller information and

indications). WMI on Integrity currently does not cover detailed hardware information

such as controllers, DIMMs, and physical disks.

• ProLiant and Integrity servers running Linux can also provide management data through

WBEM. While that data is not currently as rich as the SNMP information, WBEM provides

basic hardware and operating system information.

• HP 9000 and Integrity servers running HP-UX provide management data with WBEM. HP

recommends WBEM for asset management and makes it available on 11.x versions of

HP-UX. (These systems also support SNMP, but SNMP is not required for asset

management.)

Table 1: Protocols used for asset management of industry-standard servers

Server

SNMP

WBEM

WMI

SSH

WS-MAN

ProLiant Windows Y Y

ProLiant Linux Y Y Y

HP 9000 HP-UX Y

Y (11.x)

HP Integrity HP-UX Y

HP Integrity Linux Y Y Y

HP Integrity Windows Y Y

Other devices Y Y

When WMI Mapper is installed

Not required for asset management

Selecting the protocols that must be enabled through the firewall depends on the types of

systems managed. Issues associated with each protocol are discussed in the following paragraphs.

Ideally, WBEM is used to manage servers located through a firewall.

SNMP

SNMP gives the best management coverage but at the highest risk. While no “set” operations are

necessary for asset management, SNMP is UDP-based; therefore, in many environments it is not

considered a suitable protocol to pass through the firewall. Because SNMPv1 has a simple, clear-

text ”community,” it provides a low level of security. However, SNMP may be suitable for some

environments in which the network containing the managed systems is relatively controlled. Do

not use the default, ”Public or Private,” for the community string. It should be customized

accordingly.