Manualshelf

Managing HP servers through firewalls with Insight Management 7.2

ManualsBrandsHP ManualsSoftwareInsight Software
11121314151617181920
White paper| HP Insight Management 7.2
15 | March 2013
Using SNMPv3, you can securely collect management information from SNMP agents without fear
that the data has been tampered with. Also, confidential information, such as SNMP set packets
that change a device's configuration, can be encrypted to prevent their contents from being
exposed on the wire. Also, the group-based administrative model allows different users to access
the same SNMP agent with varying access privileges.
DMI
DMI is similar in design to SNMP. Each managed component must have a MIF file that specifies the
location of the component, name of vendor and model, firmware revision number, IRQ line, I/O
port address, and so on.
DMI is an RPC-based protocol. To operate, DMI requires opening a number of ports through a
firewall. Therefore, HP does not recommend using DMI through firewalls. It is being replaced by
WBEM.
Note: DMI is not supported on HP-UX systems running HP-UX 11.23 (11iv2) and HP-UX 11.31
(11iv3). You must use WBEM for this operating system.
WBEM
WBEM is one of the newest management protocols. HP Management products communicate to
systems either directly by using the WBEM protocol or to the Windows WMI systems by using the
WMI Mapper Proxy.
WBEM uses HTTPS to provide a secure TCP connection from the CMS to the managed system.
WBEM uses its own port (5989 for SSL connections) and is supported through firewalls. The CMS
can use trusted certificates to authenticate the managed system, while the managed system uses
usernames and passwords to authenticate the CMS.
Note: Configure firewalls to allow the CMS to communicate with managed systems through
default port 5989. If you have modified the default port setting of your WBEM provider, the
respective WBEM provider port must be configured in the firewall.
WMI
WMI is Microsoft’s implementation of WBEM. WMI runs over DCOM, which in turn uses RPC. The
WMI Mapper is an application that provides translation from WMI (a DCOM-based interface) to a
standardized WBEM interface (CIM XML/HTTP). This is a two-way translation. The WMI Mapper is
required for HP Insight Control to manage Windows computers, including ProLiant servers running
the Insight Providers for Windows. The WMI Mapper service runs separately from the HP SIM
service. For Windows systems behind a firewall, HP recommends installing the WMI Mapper on a
managed system in the secure network (Figure 4) and disabling direct remote access to WMI. This
mapper allows standard WBEM requests through the firewall, and they are mapped to WMI
requests on the managed system.