Manualshelf

HP Insight Control Server Provisioning 7.2 Administrator Guide

ManualsBrandsHP ManualsSoftwareHP Insight Control including 1yr 24x7 Technical Support and Updates Single Server License
21222324252627282930
Object Type,
Object Descriptor,
Message
Sample audit entries showing a user login and logout:
2012-11-16 14:55:20.706 CST,Authentication,,,administrator,jrWI9ych,,,
SUCCESS,LOGIN,INFO,CREDENTIAL,,Authentication SUCCESS
2012-11-16 14:58:15.201 CST,Authentication,,,MISSING_UID,jrWI9ych,,,
SUCCESS,LOGOUT,INFO,CREDENTIAL,,TERMINATING SESSION
The audit logs are periodically rolled over to prevent them from growing too large, so you may
wish to monitor them and periodically download them to maintain a long-term audit history.
Additional detailed audit information for deployment targets is included in the audit log zip file.
While all operations performed via the appliance UI or REST interface are included in the audit
log, operations performed as part of the Matrix Operating Environment go through a different
interface. While those operations are logged in the Matrix Operating Environment audit logs they
are also logged on the Insight Control server provisioning appliance so the operations performed
via that interface can be reconciled with those performed in the Matrix Operating Environment
and those performed via the appliance UI.
The file containing the additional audit information inside the audit-logs-<date>.zip file is
deployment-audit-logs.zip. Inside that file are zipped a set of system logs under the path
var/opt/opsware/ogfs/mnt/audit/event/<system name>/audit.log.0. In those
audit logs, actions performed via the appliance UI will be recorded as being performed by user
applianceserviceaccount, while those performed via the Matrix Operating Environment will
be recorded as being performed by user matrixuser. There may be additional actions recorded
against internal users including detuser, integration, and buildmgr.
4.7 Communication protocols
4.7.1 SSL
All access to the appliance using the browser interface uses HTTPS (HTTP over SSL). This encrypts
data over the network and helps to ensure data integrity. Refer to Algorithms (page 30) for a
list of supported cipher suites.
4.8 Certificate management
A certificate is used to authenticate the appliance over SSL. The certificate contains a public key,
and the appliance maintains the corresponding private key which is uniquely tied to the public
key. The name of the appliance is also contained in the certificate and is used by the browser to
identify the appliance.
There are two name fields in the certificate.
The Common Name (CN) is a required field; by default the fully-qualified name is used.
The Alternative Name field is optional, but recommended as it allows for multiple names
(including IP addresses) to minimize name mismatch warnings from the browser. By default,
this field is populated with the fully-qualified name, a short name, and the system’s IP address.
These fields can be changed when you manually create a self-signed certificate or certificate signing
request.
NOTE: If you do use the Alternative Name field, the name from the Common Name field must
be included.
26 Security considerations