Managing HP servers through firewalls with Insight Management 7.2
White paper| HP Insight Management 7.2
18 | March 2013
Configuration management
First configure HP web agents on managed systems in a DMZ to trust-by-certificate the HP SIM
server. This authenticates all Version Control commands and all Replicate Agent Setting
commands to the agent as coming from the specified CMS; these commands require HTTPS over
port 2381.
Systems must be discoverable by the CMS. See the Asset management
section for more information. Systems must also be identifiable, which minimally requires HTTP
access over port 2301. Table 3 identifies the protocols used for configuration management when
managing through a firewall.
Note: HP does not recommend enabling management protocols such as SNMP or DMI on systems
outside the firewall or directly connected to the Internet.
Table 3: Summary of protocols used for configuration management
CMS
Managed
system
Port
Protocol
1
Description
In
2
Out In Out
Y Y Y Y 7,8 ICMP Ping
Y Y 22 TCP SSH: This port
establishes a
connection through
SSH using Command
line Interface.
Y Y 161 UDP SNMP Agent/Poll:
Used for managing
devices on IP
networks
Y Y 162 UDP SNMP Trap listener
Y
3
Y 80 TCP HTTP :Management
processor and other
devices; standard web
server
Y
Y
3
Y Y 280 HTTP Web server for HP SIM;
web agent auto-start
port
Y
3
Y 443 TCP SSL Graphical User
Interface
Y 1433 TCP Microsoft SQL Server
database
Y Y 2301 HTTP Web agent; web
server
Y
4
2367 RMI HP SIM RMI connection
Y Y 2381 HTTPS Web agent; web
server
Y 5432 PostgreSQL Server
database