Manualshelf

HP Insight Control Server Provisioning 7.3 Update 1 Administrator Guide

ManualsBrandsHP ManualsSoftwareHP Insight Control including 1yr 24x7 Technical Support and Updates Single Server License
61626364656667686970
Always log out before closing the browser.
In the browser, a memory-based cookie stores the authenticated user’s session ID.
Memory-based cookies are deleted when you close the browser. When you log out, the session
on the appliance is invalidated.
Avoid clicking links outside the appliance UI.
While logged in to the appliance, avoid clicking links in email or instant messages. The links
might be malicious and take advantage of your login session.
Use separate browsers for appliance and non-appliance use.
Do not use the same browser instance (for example, separate tabs in the same browser) to
browse to other websites.
Nonbrowser clients
The appliance supports an extensive number of REST APIs. Any client, not just a browser, can issue
requests for REST APIs. The caller must ensure that they take appropriate security measures regarding
the confidentiality of credentials, including:
The session token, which is used for data requests.
Responses beyond the encryption of the credentials on the wire using HTTPS.
Passwords
Passwords are likely displayed and stored in clear text by a client like cURL. You can download
cURL at the following web address:
http://curl.haxx.se/download.html
Take care to prevent unauthorized users from:
Viewing displayed passwords
Viewing session identifiers
Having access to saved data
SSL connection
The client should specify HTTPS as the protocol to ensure SSL is used on the network to protect
sensitive data. If the client specifies HTTP, it will be redirected to HTTPS to ensure that SSL is used.
The appliance certificate, which the client requires, allows the SSL connection to succeed. A
convenient way to obtain a certificate is to use a browser pointed at the appliance; for more
information on obtaining a certificate with a browser, see “Managing certificates from a browser
(page 66)
Port list
The following table lists the ports that need to be open for Insight Control server provisioning.
NOTE: The OS installation configuration files shipped with Insight Control server provisioning
all have the firewall disabled by default. If your installation requires that the firewall be enabled,
be sure to include port 1002 in the list of open ports, as this is the port the SA agent uses to
communicate with the appliance.
In the following table, Web browser refers to the web browser an administrator would be using
to access these systems.
68 Security considerations