HP Systems Insight Manager 7.3 User Guide

ManualsBrandsHP ManualsSoftwareHP Systems Insight Manager 4.x HP-UX Software

111

112

113

114

115

116

117

118

119

120

NOTE: On a Windows system, the operating system account must have administrator-level access

on the CMS for all of the commands to work properly.

How to: configuration checklist

General

• Access to the CMS must be restricted, both at the network operating system-level and at the

physical-level.

• A strict separation between the contents provided by unrelated sites must be maintained on

the client side to prevent the loss of data confidentiality or integrity. HP recommends you avoid

links or resources that have arrived from unauthorized sites when a valid HP SIM session is

running on browsers.

• Configure firewalls to allow desired ports and protocols

• Review lockdown versus ease of use

• After configuring the CMS and managed systems, run discovery on the CMS

• User account policies (password, lockout, and so on) must be configured and enforced by

your environment.

• CMS must be configured on the local intranet.

Configuring the CMS

• Inspect SSL server certificate and update if desired

• Configure passwords and SNMP community strings (See the “Configuring managed systems”

(page 115) section below)

• Configure user accounts, based on operating system accounts that will access HP SIM

• Review and configure toolboxes if defaults are not appropriate

• Review and configure authorizations for users

• Configure system link configuration format

• Review audit log

Strong security

NOTE: How-to: lockdown versus ease of use for more details.

• Enable Require Trusted Certificates, inspect and import desired system SSL certificates or root

signing certificates

• Require only known SSH keys, inspect and import desired system SSH public keys

Configuring managed systems

• Configure SNMP community strings, which are required at the CMS.

• For WBEM on HP-UX and Linux, configure the WBEM password. This password is required

at the CMS. For the highest level of security, a different user name and password can be used

for each managed system; each user name and password pair must be entered into the CMS

to enable access.

For HP-UX, certificates can be used instead of username and password for WBEM

authentication. For more information, see the HP SIM online help.

How to: configuration checklist 115