HP System Management Homepage HP Part Number: 436304-007 Published: February 2008 Edition: 15
© Copyright 2004-2008 Hewlett-Packard
Table of Contents 1 Product Overview...........................................................................................................7 HP SIM....................................................................................................................................................7 Integrated Management Tools................................................................................................................7 HP-UX System Administration Manager (SAM) Deprecation.................
Related Topics.......................................................................................................................................23 5 The Settings Page.........................................................................................................25 Menus Category (HP-UX only).............................................................................................................25 System Management Homepage Category..........................................................
Related Topics..................................................................................................................................42 Error Log...............................................................................................................................................42 Related Topics..................................................................................................................................42 9 Troubleshooting.............................................
1 Product Overview The HP System Management Homepage (HP SMH) is a Web-based interface that consolidates and simplifies single system management for HP servers on HP-UX, Linux, and Microsoft® Windows® operating systems.
Additional Resources For additional resources, go to these links: • • • HP SMH on the Software Depot home. Go to http://www.hp.com/go/softwaredepot and select Security and manageability. Look for the HP System Management Homepage link for the HP-UX version. For Linux, go to the Software Depot Home and select Linux. Now, look for the HP Integrity Essentials Foundation Pack for Linux. HP ProLiant Essentials software page at http://www.hp.com/servers/manage.
2 Getting Started To get started with HP System Management Homepage (HP SMH), use the following information as a guideline for configuring HP SMH and then setting up users and security properly. To configure HP SMH: • • • On HP-UX Operating Environments, HP SMH is installed with default settings. You can change the configuration by modifying the environment variables and tag values set in the /opt/hpsmh/lbin/envvars, /opt/hpsmh/conf.common/smhpd.xml, and /opt/hpsmh/conf/timeout.conf files.
1. Navigate to https://hostname:2381/. NOTE: If you are browsing to an HP-UX server, by default you must instead use the URI: http://hostname:2301/. By default, HP-UX is installed with the autostart feature enabled. A daemon listens on port 2301 and only starts HP SMH on port 2381 when requested, then stops it again after a timeout period. You can also configure HP SMH to always be running on port 2381. See the smhstartconfig(1M) command for more information.
1. Navigate to https://hostname:2381/. NOTE: If you are browsing to an HP-UX server, by default you must instead use the URI: http://hostname:2301/. By default, HP-UX is installed with the autostart feature enabled. A daemon listens on port 2301 and only starts HP SMH on port 2381 when requested, then stops it again after a timeout period. You can also configure HP SMH to always be running on port 2381. See the smhstartconfig(1M) command for more information.
1. Navigate to https://hostname:50000/. The first time you browse to this link, the Security Alert dialog box is displayed, asking you to indicate whether to trust the server. If you do not import the certificate, the Security Alert is displayed every time you browse to HP SIM.
Configuring Firewall Settings Windows Some operating systems, including Windows XP with Service Pack 2 and Windows Server 2003 SBS, implement a firewall that prevents browsers from accessing the ports required for the Version Control Repository Manager access. To resolve this issue, you must configure the firewall with exceptions to allow browsers to access the ports used by HP Systems Insight Manager and Version Control Repository Manager.
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT The following list displays the new value in the ipt
1. 2. 3. 4. 5. 6. Using the YAST2 utility, select Security & Users→Firewall. The Firewall Configuration (Step 1 of 4): Basic Settings window appears. Click Next. The Firewall Configuration (Step 2 of 4): Services window appears. In the Additional Services field, enter 2301:2381 and click Next. The Firewall Configuration (Step 3 of 4): Features window appears. Click Next. The Firewall Configuration (Step 4 of 4): Logging Options window appears. Click Next.
Configuring SMH Session Timeout The HP SMH session timeout setting enables you to configure the HP SMH GUI timeout in minutes. An HP SMH GUI session is stopped after the session timeout time period has elapsed without any user activity. If the session timeout is not defined, then it is set to 15 minutes. To modify the session timeout setting, execute the following steps: 1. As a precautionary measure, copy the existing smhpd.xml file into a different directory.
2. Manually add the following tag: a. Open the smhpd.xml file in the \hp\hpsmh\conf directory on the boot drive (/opt/hp/hpsmh/conf for Linux Itanium and Linux x86 and x86_64) with a text editor. b. Add the following line between the and tags: any value between 10 and 3600 c. 3. Save and close the file. Restart the HP SMH service.
3. Leave Automatically Import Management Server Certificate selected, enter your HP SMH credentials, and click Login to automatically import the certificate. The certificate is added to the Trusted Certificates List. NOTE: Deselect Automatically Import Management Server Certificate if you do not want to import the certificate. Deselecting this option still requires you to enter log-in credentials. However, administrator credentials are not required to log in.
3 Navigating the Software The HP System Management Homepage (HP SMH) displays all HP Web-enabled System Management Software that provides information. In addition, HP SMH displays various categories (in boxes) that have borders defining the status of the items. Refer to the “The Home Page” for more information. The HP SMH interface is separated into two frames: • Header Frame The header frame is constantly visible regardless of which page you are viewing. A link shows the path you are currently viewing.
HP SMH Pages The HP System Management Homepage (HP SMH) displays up to five tabbed pages that enable you to access and configure settings related to participating HP Web-enabled System Management Software. The Tasks page and the Tools page are only visible if HP Web-enabled System Management Software provides information for them.
4 The Home Page The Home page provides the system, subsystem, and status view of the server. It displays groupings of systems and their status. The information on the Home page is provided by the integrated agents or management utilities. For HP-UX, these include information provided by integrated Web-Based Enterprise Management (WBEM) property pages and management utilities.
no HP Web-enabled System Management Software is installed that provides this information, then none is displayed. • Other Agents Lists the visible HP Web-enabled System Management Software that does not participate in HP SMH. The name of the HP Web-enabled System Management Software provides a link so that you can still access the agents if they provide a user interface. If no HP Web-enabled System Management Software is installed that provides this information, then none is displayed.
Network The Network category contains links that show basic network system configuration, usage, state, and other information. Software The System Software category contains links that show information about the Software Distributor bundles and products, including patch products. NOTE: This category is not available on Linux Itanium. Storage The Storage category contains links that show basic storage system configuration, usage, state, and other information.
5 The Settings Page The Settings page contains links to the settings and configuration pages of the HP System Management Homepage (HP SMH) and other integrated management tools (that are found on the Tools page). Menus Category (HP-UX only) This category provides links that enable you to add and remove custom menus to any page and category for HP SMH. You can use these menus for running commands, launching X applications, or launching into a separate Web page or Web site. See “Menus”.
Related Topics • The Settings Page Add Custom Menu The Add Custom Menu link displays options for you to configure and add custom menus. To add a Custom Menu to HP SMH (HP-UX only): 1. 2. 3. 4. 5. 6. 7. Select Settings→Menus→Add Custom Menu. For Type, specify whether the menu will be a command execution, an X application launch, or a link to another Web site or Web application. For Page, specify which page within the HP SMH pages the menu should be under.
Related Topics • The Settings Page Security The Security link provides the following options for you to manage the security of HP SMH itself: • IP Binding • IP Restricted Login Restricted Login. • Local Server Certificate Select Settings→System Management Homepage→Security →Local Server Certificate.
NOTE: HP SMH always binds to 127.0.0.1. If IP Binding is enabled and no subnet/mask pairs are configured, then HP SMH is only available to 127.0.0.1. If IP Binding is not enabled, you bind to all addresses. To configure IP Binding: 1. 2. 3. 4. 5. 6. Click Settings→System Management Homepage→Security. Click IP Binding. Select IP Binding box to enable IP binding. Enter the Subnet IP Address. Enter the Netmask.
6. Click Save Configuration to save the current configurations, or click Reset Values to cancel all changes. If Save Configuration is clicked, the following message appears: Setting this value requires restarting the HP System Management Homepage which may require you to log in again. 7. Click OK.
6. Use a secure method to send PKCS #10 certificate request data to a certificate authority and request the certificate request reply data in the form of PKCS #7 format. Request that the reply data is in Base64-encoded format. If your organization has its own Public Key Infrastructure (PKI) or Certificate Server implemented, send the PKCS #10 data to the CA manager and request the PKCS #7 reply data. NOTE: A third-party certificate signer generally charges a fee. 7.
4. Click Set Multiple Names. The following message appears: Setting this value requires restarting the HP System Management Homepage which may require you to login again. 5. Click OK. The server will be restarted and the user will be redirected to the login page on the next request. When this happens, the new certificate with the alternative names set will be negotiated with the browser.
Related Topics • • • • • • • Security IP Binding IP Restricted Login Local Server Certificate Trust Mode Trusted Management Servers User Groups Trust Mode The Trust Mode link provides options to enable you to select the security required by your system. There are some situations that require a higher level of security than others.
2. 3. 4. 5. Click Trust Mode. Select Trust by Certificate to require trusted certificates. Click Save Configuration to save the current configurations or Reset Values to cancel all changes. Click Trusted Certificate to access the Trusted Management server certificate. To trust by name: 1. 2. 3. 4. 5. Select Settings→System Management Homepage→Security. Click Trust Mode. Select Trust by Name to trust HP SIM by names. Enter the HP SIM certificate name.
2. In the Add Certificate From Server area, enter the name or IP address of the HP SIM system that contains the certificate to be added. This step is optional as the Base64-encoded certificate used in the next step provides the server name. 3. 4. In the Import Certificate Data area, cut and paste the Base64-encoded certificate into the text box. Click Import Certificate Data. To add a certificate from a server: 1. 2. 3. 4. Select Settings→System Management Homepage→Security→Trusted Management Servers.
The User Groups window enables you to add user groups to HP SMH. The following levels of user group authorizations are available: • Administrator Users with Administrator access can view all information provided through HP SMH. The appropriate default user group, Administrators for Windows operating systems and root for HP-UX and Linux, always has administrative access. • Operator Users with Operator access can view and set most information provided through HP SMH.
6 The Tasks Page The Tasks page displays links to routine tasks provided by participating HP Web-enabled System Management Software. NOTE: If no tasks are provided by the HP Web-enabled System Management Software, the Tasks page is not visible. System (HP-UX only) This category provides four built-in tasks to enable easy execution of commands on a system without having to log in. • • • • The Launch X Application link displays options for you to launch an X application.
7 The Tools Page The Tools page displays links to system management tools provided by participating HP Web-enabled System Management Software. For HP-UX, the Tools page provides an entry point into management tools that are analogous to the System Administration Manager (SAM) main page, also known as the SAM Functional Area Launcher (or FAL). For HP-UX this also includes categories and menus for several X-based management applications.
8 The Logs Page At a minimum, the Logs page provides the following log categories: • • • • System Management Homepage Log System Management Homepage Legacy Log (Linux and Windows only) SAM Log Viewer (HP-UX only) System Management Homepage Error Log (HP-UX only) Any logs contained in the installed HP Web-enabled System Management Software can be displayed on this page. For example, if the HP Version Control Agent is installed, a link to the Version Control Agent log is displayed on the Logs page.
security-related events that occurred prior to the installation of the new version. HP-UX does not include a Legacy Log. To access the System Management Homepage Legacy Log, select Logs→System Management Homepage→System Management Homepage Legacy Log. NOTE: You must have administrative access to HP SMH to access the System Management Homepage Legacy Log. Related Topics • • • • The Logs Page System Management Homepage Log SAM Log Error Log SAM Log The SAM Log link provides access to the SAM Log Viewer.
9 Troubleshooting NOTE: If noted, a topic may only apply to the HP-UX, Linux, or Windows operating system. Access Problems SMH Documentation Unclear on Treatment of securetty Solution: The HP System Management Homepage (HP SMH) does not use /etc/securetty. Refer to the login(1)for details on /etc/securetty. After entering a hostname on Linux, HP SMH does not start. Solution: Hostnames that are 64 characters or longer in length are not supported on Linux.
Solution: There are two possible warnings that might be seen including: • Warning #1: The name on the security certificate is invalid or does not match the name of the site. This warning occurs when you browse to HP SMH using an IP address. This warning also occurs if you browse locally using localhost for the machine name. • Warning #2: The security certificate was issued by a company you have not chosen to trust. View the cert to determine whether you want to trust the CA.
NOTE: On Linux for Itanium, this behavior is found until version 2.1.7. Solution: The use of the browser's Back button is not the supported method of navigating within HP SMH. You can navigate within HP SMH using the breadcrumb links and the navigation buttons and links presented inside the HP SMH pages. Clustering Problems I cannot browse to the HP SMH on my cluster IP address after a cluster fail over has occurred. Solution: Install HP SMH 2.1.4 or later (which is available in SmartStart 7.
NOTE: The word localhost does not work in all languages. In addition, if you have a proxy server configured in your browser, you might need to add 127.0.0.1 to the browser list of addresses that should not be proxied. When I use the IP Restricted Login feature on Windows 2000 Advanced Server, entering my server IP address does not have the desired effect. How can I be sure that the local machine IP addresses are recognized by this feature? Solution: On Microsoft Windows NT 4.
NOTE: On Linux, the group must be previously created using system tools as groupadd. When trying to login to HP SMH on a Windows system using an administrative account defined in the Backup Operators group, the login fails. Solution: On Windows systems within the pre-defined user groups, only Administrators, Users, Guests and Power Users are recognized. Any other groups predefined by Windows, such as Backup Operators, are not recognized.
Solution: These issues can be resolved two different ways by adjusting the Internet Explorer settings: • Configure the Internet Explorer Privacy settings from Medium to Low. HP does not recommend using this option. To change the settings: 1. 2. 3. 4. 5. In Internet Explorer, click Tools → Internet Options. Click Privacy. Click and drag the slide bar to Low. Click Apply. Click OK. The changes are saved. or • Add the IP address of the target HP SMH to the Local Intranet's zone. To change the settings: 1.
HP recommends the following actions: 1. 2. 3. 4. Select Start→Settings Control Panel. Double-click Windows Firewall to configure the firewall settings. Select Exceptions. Click Add Port. You must enter the product name and the port number. Add the following exceptions to the firewall protection: 5. 6. Product Port Number HP SMH Insecure Port: 2301 HP SMH Secure Port: 2381 HP SIM Insecure Port: 280 HP SIM Secure Port: 50000 Click OK to save your settings and close the Add a Port dialog box.
Why can't I use a Windows 2003 certificate authority to grant my third-party certificate into the HP SMH? Solution: To use a Windows 2003 certificate authority to create a certificate for HP SMH: 1. 2. 3. Create the PKCS #10 data packet by clicking Settings→HP System Management Homepage→Security→Local Server Certificate page. Press the Ctrl+ C keys to copy the data into a buffer. Navigate to http://W2003CA/certsrv where W2003CA is the name of your Windows 2003 certificate authority system. • • • • 4.
Refer to ipf(5) for more information. • DMZ.config A tight lockdown. Launching Partition Manager under this configuration requires the use of SSH. Bastille also impacts using Partition Manager to remotely manage a system where Bastille is enabled. After the normal transfer of certificates, Partition Manager will work as described above if the HOST.config or MANDMZ.config configurations are used. However, the DMZ.
• • • link. The support for Linux Integrity is found by selecting the Linux link on Software Depot home. Look for the HP Integrity Essentials Pack for Linux link. Access the HP ProLiant Essentials software page at http://www.hp.com/servers/manage. You will find a wealth of Systems Management Products and service-related information. Access the HP IT Resource Center for maintenance and support, forums, and training and education of HP products at http://itrc.hp.com.
10 Legal Notices Warranty The information in this document is subject to change without notice. Hewlett-Packard makes no warranty of any kind with regard to this manual, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Hewlett-Packard shall not be held liable for errors contained herein or direct, indirect, special, incidental, or consequential damages in connection with the furnishing, performance, or use of this material.
Revision History Revision History Revision 16 March 2008 MPN: 436304-009. The sixteenth revision added new functionality and defect fixes for the HP-UX SMH v2.2.8 release, and the online help was produced in nine languages for the HP-UX release. Revision Edition 15 February 2008 MPN: 436304-007. The fifteenth revision added new hardware support for Windows and Linux as well as adding new functionality for controlling the size of log files for the HP SMH v2.1.
Glossary Accounts for Users & Groups tool (ugweb) The HP-UX Accounts for Users and Groups (ugweb) tool is used to manage user accounts and group accounts on the local system. This tool can also be used to manage user accounts on a NIS system. The ugweb tool can be launched from the HP-UX System Administration Manager (SAM) tool or from HP SMH. CA See certificate authority. caution A note to indicate that failure to follow directions could result in damage to equipment or loss of information.
deployment, performance management, and workload management enable systems administrators to pick the value added software required to deliver complete lifecycle management of their hardware assets. To obtain more information about HP SIM, go to http://www.hp.com/go/hpsim. HP Version Control Agent (VCA) An Insight Management Agent that is installed on a system to enable the customer to see the HP software installed on that server.
Public Key Infrastructure (PKI) Public Key Infrastructure is the combination of software, encryption technologies, and services that enables enterprises to protect the security of their communications and business transactions on the Internet. Red Hat Package Manager (RPM) The Red Hat Package Manager is a powerful package manager that can be used to build, install, query, verify, update, and uninstall individual software packages.
URI Provides methods to access a resource on the Internet. A Uniform Resource Locator (URL) is a type of Uniform Resource Indicator (URI). URL A global address of resources on the World Wide Web. A Uniform Resource Locator (URL) is a type of Uniform Resource Indicator (URI). user A network user with a valid login on the HP System Management Homepage. user accounts Accounts used to log in to HP System Management Homepage (HP SMH).
Index troubleshooting, 43 user groups, 34 A access trust relationships, 13 C certificates auto import certificate, 17 trust mode, 32 trusted management server certificates, 33 copyright notice, 53 credits HP SMH, 26 L legal notices, 53 logs error log, 42 HP SMH, 41 HP SMH legacy log, 41 SAM log, 42 System Management Homepage log, 41 M error log, 42 menu HP SMH, 26 menus HP SMH, 25 F N firewall configuring firewall settings, 13 navigating HP SMH, 19 G O getting started configuring timeout, 15 lo
settings HP SMH, 25 T tasks HP SMH, 37 timeout configuring timeout settings, 15 tools HP SMH, 39 trademark notices, 53 troubleshooting HP SMH, 43 reference, 51 U U.S.
