Manualshelf

HP Insight Control for Linux 6.2 User Guide

ManualsBrandsHP ManualsSoftwareHP Insight Control for Linux v2.0 Media Kit
21222324252627282930
Standard Linux deployment, which uses SSH to push an image to the target systems is a
less scalable but more secure method than large scale deployment.
HP recommends the use of a dedicated management LAN for large scale Linux deployments.
For more information on scalable deployment, see Section 10.4 (page 115)
Logging RAM disk connections and operations
With a few minor modifications, you can log who has connected to the RAM disk . For more
information, see Logging RAM disk connections and operations (page 216).
2.2 Validating RPM signatures
The RPMs for HP Insight Control for Linux, HP Insight Control virtual machine management,
and HP Insight Control power management are digitally signed with a private key. You have
the option of using the public key shipped on the Insight Control for Linux ISO image to validate
and verify the RPMs.
Although this verification process is optional for you, it ensures that HP is the creator of the code
and that the code was not modified since it was signed.
For more information on validating RPM signatures, see the HP Insight Control for Linux Installation
Guide.
2.3 Trusted certificates
Insight Control for Linux conforms to the security features of HP SIM. There is a Trusted
Certificates tab under OptionsSecurityCredentialsTrusted Systems. By selecting that
tab, you access a web page that allows you to determine how SSL/HTTPS connections are handled;
there are two options, depending on the button selected:
Always Accept
This button is preselected by default. The CMS establishes SSL connections with managed
systems without validating them against certificates in the HP SIM trusted certificate list.
Require
When this button is selected, the CMS only establishes SSL connections with managed
systems whose certificates are represented in the HP SIM trusted certificate list.
When performing any operation that communicates with an iLO-based management processor,
Insight Control for Linux has the ability to verify whether the target iLO is a trusted system,
meaning that it is presenting a certificate that Insight Control for Linux trusts. To enable this
security mechanism, make sure the Require radio button is selected.
Use the Import button to import the iLO’s self-signed certificate. You can obtain the iLO’s
self-signed certificate by connecting to the iLO using your browser. In Microsoft Internet Explorer
for Windows Vista, for example:
1. Select PageSecurity Repor t.
2. Select View Certificates.
3. Select the Details tab.
4. Select the Copy to File... button.
5. In the Certificate Export Wizard, select the Base-64 encoded X.509 (.CER) radio button
and proceed to save your file. This is the file that you specify in HP SIM when you select
the Importbutton.
You must repeat this procedure for every iLO whose certificate you want to add to the HP SIM
trust storage.
2.2 Validating RPM signatures 27