HP Insight Management 7.3 Getting Started Guide
Table Of Contents
- HP Insight Management 7.3 Getting Started Guide
- Contents
- 1 Introduction to HP Insight Management
- 2 HP Insight Management component descriptions
- 3 Getting started
- 4 Insight Management documentation
- Insight Management documentation on the World Wide Web
- Documentation website quick reference
- QuickSpecs
- Online help
- Insight Management documentation titles
- Systems Insight management documentation titles
- Insight Control documentation titles
- Matrix Operating Environment documentation titles
- HP Insight Remote Support documentation titles
- HP iLO and iLO4 documentation titles
- 5 Support and other resources
- Information to collect before contacting HP
- How to contact HP
- Security bulletin and alert policy for non-HP owned software components
- Registering for software technical support and update service
- HP authorized resellers
- New and changed information in this edition
- Related information
- Typographic conventions
- 6 Documentation feedback
- Index
The following security practices are recommended by HP in a virtualized environment. This is only
a partial list because differing security policies and implementation practices make it difficult to
provide a complete and definitive list. However, these recommendations are a good starting point:
• Use a separate management network. For security and performance reasons, HP recommends:
Establishing a private management network separate from the data network◦
◦ Granting access to the management network only to administrators
◦ Using a firewall to restrict traffic into the management network
• Eliminate or disable nonessential services. Configure all host systems, management systems,
and network devices so that nonessential services are either eliminated or disabled, including
networking ports when not in use. This can significantly reduce the number of attack vectors
in your environment.
• Ensure that a process is in place to periodically check for and install patches for all software
in your environment.
• Address the use of virtualization in your corporate security policy and processes. For example:
Educate administrators about changes to their roles and responsibilities in a virtual
environment.
◦
◦ If an Intrusion Detection System (IDS) is being used in your environment, ensure that the
IDS solution has visibility into network traffic in the virtual switch (within a hypervisor).
◦ Mitigate potential sniffing of VLAN traffic by turning off promiscuous mode in the hypervisor
and by encrypting traffic flowing over the VLAN.
NOTE: In many cases, if promiscuous mode is disabled in the hypervisor, it cannot be
used on a VM guest (the guest can enable it, but it will not be functional).
• Maintain zones of trust (DMZ separate from production machines).
• Clearly define administrative roles and responsibilities (host administrator, network
administrator, and virtualization administrator). Use the Systems Insight Manager toolbox and
Virtual Connect role capabilities to distinguish these roles.
• Achieve a higher level of security for components that are delivered with certificates signed
by the provider (for instance Systems Insight Manager and HP System Management Homepage),
by populating them with trusted certificates at deployment time.
• Implement directory services. Directory services enable a consistent authentication and
authorization process throughout the environment. You can also use directories for role-based
access control.
• Do not use local accounts. However, if you use local accounts, HP recommends that you
periodically change the passwords as follows:
◦ Change default passwords immediately to a more relevant and secure password
◦ Change management device passwords with the same frequency and according to the
same guidelines as server administrative passwords
◦ Choose passwords that include at least three of these four characteristics: numeric
characters, special characters, lowercase characters, and uppercase characters
• Protect SNMP traffic. Although only read-only access through SNMP is used by the Insight
Management components, HP recommends that administrators reset the community strings
according to the same guidelines as administrative passwords. HP also recommends that
administrators set firewalls or routers to accept only specific source and destination addresses.
Recommendations for security policies and practices 7