Managing HP servers through firewalls with Insight Management 7.2

White paper| HP Insight Management 7.2

42 | March 2013

Appendix A: Configuring a

separate management

network

To configure a separate management network using HP SIM, install HP SIM on the secondary

network by completing the following steps:

1. Configure SNMP to accept packets only from the IP addresses used on the management

network, or bind SNMP to the secondary network interface (if the operating system

allows this):

• On Windows systems:

a. From the Control Panel, open the Services menu.

b. Open the Properties for the SNMP Service.

c. Under the Security tab, add IP addresses to the list of IP addresses

that can accept SNMP packets.

• On systems running Linux or HP-UX:

a. Modify the configuration file snmpd.conf to accept SNMP packets

only from the designated hosts.

b. Do the same with any other OS service needed on the network.

c. If a firewall is used on the CMS or managed systems, configure the

firewall rules to allow only SNMP, WMI, and WBEM requests from

addresses in the management network. Use the ports in Appendix B:

Modifying default ports to determine which rules to configure.

2. Configure the HP Insight Management Agents to allow access only from IP addresses on

the management network:

a. Log onto the agent with administrator privileges.

b. Go to the Settings/Options page, and modify the IP Restricted Logins

settings.

3. Configure HP SIM to discover the systems on the secondary network:

a. In HP SIM, go to OptionsDiscoveryAutomatic Discovery.

b. Add the IP addresses for the systems on the secondary network.

You can disable WMI, WBEM, and DMI on the primary network by configuring a firewall on the

system to disable each of the protocols on the primary NIC. The method of accomplishing this

varies for each firewall.