Manualshelf

HP Management Integration Framework Administrator Guide (T5494-96539, October 2012)

ManualsBrandsHP ManualsSoftwareHP StorageWorks Command View EVA V4.0 Media Kit
48495051525354555657
A HP MIF security environment overview
This information is intended for customers who want to understand the level of protection that HP
MIF security provides.
See also the HP Management Integration Framework Maintenance & Service Guide. The guide
includes information on using HP MIF command line utilities.
HP MIF privilege mechanisms
Users of a group have access to the SPoG interface if the group has the View HP Storage
privilege. See SPoG quick tour and SPoG interface.
Users of a group have access to HP MIF Security and Configuration interfaces if the group
has the Manage HP Security privilege. Users do not need to be in the Administrators group
to have this privilege. See HP MIF Interface quick tours.
If a domain user is part of the HP Security Admins group in the domain controller, and the
corresponding privilege mapping exists in HP MIF, the domain user is allowed access to the
HP MIF Security and Configuration interfaces on the local machine.
HP MIF security environment assumptions
For installing HP MIF, it is assumed that the user account has sufficient privileges to create
environment variables and files in the file system where the HP MIF XF and XFROOT directories
reside. The local user or domain user needs to be a member of the local administrators group
in a machine to be able to perform installation of HP MIF.
The HP MIF service listens on port 2374 for SPoG access. The HP MIF registry service listens
on port 9000. These port numbers should not be blocked by other network security applications,
firewall settings, or antivirus software.
By default, HP MIF internally uses randomly available free ports that are reported by the
machine's operating system. Thus, free port numbers should not be blocked by other network
security applications, firewall settings, or antivirus software. For information on specifying
custom port numbers, refer to “Secured web service port” (page 27).
HP MIF does not protect data at rest from users that have physical access to a machine. For
example, users can delete the HP MIF XFROOT directory, which will reset a user-customized
MIF configuration to the default settings.
HP MIF-aware applications, like HP P6000 Command View, that reside on the same machine
as HP MIF can establish trust relationships with HP MIF.
HP MIF Management Group security certificates do not expire until the Management Group
name changes as part of certain Management Group operations, such as using the Import
Machines wizard and Move Machine wizard. See Management Group certificates and
Management Groups.
HP MIF uses self-signed security certificates. There is no option to use a certificate authority.
HTTP protocol
HP MIF uses HTTP protocol for:
Establishing links between navigation tree objects
Associating tabs in the content pane for an object
Aggregating navigation tree information across a Management Group
Helping populate the SPoG
Use by tools for HP MIF installation
Navigation tree related information (with HP MIF-aware applications)
HP MIF privilege mechanisms 53