Manualshelf

HP Insight Control Server Provisioning 7.3 Update 1 Administrator Guide

ManualsBrandsHP ManualsSoftwareHP Insight Control including 1yr 24x7 Technical Support and Updates Single Server License
61626364656667686970
saver/system lock mechanism of the operating system will provide some protection but the UI
should not be left open and unprotected. If the browser UI is closed without logging out, the session
token will remain valid for 24 hours before it times out due to inactivity. The browser session is
stored in a session cookie stored in memory and will not be retained after the browser closes. It is
a best practice to always log off before closing the browser.
Authentication for appliance access
Access to the appliance requires authentication using a user name and password. User accounts
are configured on the appliance or in an enterprise directory. All access (browser and REST APIs),
including authentication, occurs over SSL to protect the credentials during transmission over the
network.
Controlling access for authorized users
Access to the appliance is controlled by roles, which describe what an authenticated user is
permitted to do on the appliance. Each user must be associated with at least one role.
Specifying user accounts and roles
User login accounts on the appliance must be assigned a role, which determines what the user
has permission to do.
The appliance provides the following roles:
The Infrastructure administrator has full access to view, create, edit, or remove any resources
managed by the appliance, including management of the appliance itself.
The Infrastructure administrator can also manage information provided by the appliance in
the form of activities, events, notifications, and logs.
All privileges are granted to this role so that the Infrastructure administrator can perform any
action on the appliance, including management of deployment content (operating system
build plans and scripts).
The Server administrator runs operating system build plans, and adds, deletes, and modifies
servers.
The Server administrator cannot modify deployment content (operating system build plans,
scripts, configuration files, or packages), manage user accounts, or change appliance settings.
The Backup administrator role is provided for scripts using REST APIs to log in to the appliance.
By using this role for backup scripts, you do not expose the Infrastructure administrator
credentials for backup operations.
The Backup administrator cannot restore the appliance from a backup file.
Users with the Read only role can only view appliance information, such as network settings.
For information on how to add, delete, and edit user accounts, see the online help.
Protecting credentials
Local user account passwords are stored using a salted hash; that is, they are combined with a
random string, and then the combined value is stored as a hash. A hash is a one-way algorithm
that maps a string to a unique value so that the original string cannot be retrieved from the hash.
Passwords are masked in the browser. When transmitted between appliance and the browser over
the network, passwords are protected by SSL.
Local user account passwords must be a minimum of eight characters, with at least one uppercase
character. The appliance does not enforce additional password complexity rules. Password strength
and expiration are dictated by the site security policy (see “Best practices for maintaining a secure
appliance” (page 60)). If you integrate an external authentication directory service (also known
Authentication for appliance access 63