HP Systems Insight Manager 5.2 Installation and Configuration Guide for HP-UX

ManualsBrandsHP ManualsSoftwareHP Systems Insight Manager 4.x Linux Software

Managed systems

Systems that comprise a management domain are called

managed systems

. A system can be any device

on the network that can communicate with HP SIM, including servers, desktops, laptops, printers, workstations,

hubs,

storage systems

, storage area networks (SANs), and routers. In most cases, these devices have an IP

address associated with them. A managed system can be managed by more than one CMS, if desired.

Managed systems to be managed must have one or more

management agents

installed. There is a wide

variety of agents, , or

Web-Based Enterprise Management

(WBEM) providers for HP-UX. These agents

provide management information and alerts (indications) to the CMS. The

SSH

agent (service) then enables

the HP SIM CMS to log into the managed system to execute commands through scripts.

Web-browser clients

HP SIM can be accessed from any supported browser client. The network client can be part of the management

domain. However, you must be running a compatible browser to access the

GUI

or an

SSH

client application

to securely access the

CLI

. Access to the web server on the CMS can be restricted to specific IP address

ranges for specific users.

Default toolboxes

The All Tools

toolbox

is a default toolbox installed with HP SIM. The All Tools toolbox provides complete

access to all tools for the authorized system or system group. When a tool is added to HP SIM, the tool is

automatically added to this toolbox. Tools cannot be removed from the All Tools toolbox, and the All Tools

toolbox cannot be deleted from HP SIM. If you do not want a user to have access to all available tools for

a specific system or system group, they should not be authorized for the All Tools toolbox on that system

or system group.

CAUTION: Users assigned to the All Tools toolbox on the

Central Management Server

can execute

commands as any user. Therefore, these users could grant the administrative rights user privilege to themselves.

Another default toolbox is the Monitor Tools

toolbox

. This toolbox contains tools that display the state of

managed systems but not tools that change the state of managed systems.

HP SIM can have up to 32 defined toolboxes, including the default toolboxes. All toolboxes other than All

Tools and Monitor Tools can be enabled, disabled, or deleted.

User security

A user's capability is controlled by two things, authorizations and CMS configuration rights.

Authorizations control what tools a user can run on the managed node.

Authorizations = user + toolbox + system.

Authorizations

After a

user

is added to HP SIM, he or she can be

authorized

to use a

toolbox

on one or more systems in

the

management domain

Each toolbox is associated with a set of tools that a user might need for a particular

task

, such as database

administration or software management. Authorizing a user for a toolbox on a

system

system group

enables the user to run the associated set of tools on that system or systems that are members of the system

group.

IMPORTANT: Authorization for a toolbox can enable users with non-privileged access (for example, non-root

users) to run tools as root or as another specified user. Be careful when granting users permission to run

Default toolboxes 11