HP Systems Insight Manager 5.2 Installation and Configuration Guide for HP-UX

ManualsBrandsHP ManualsSoftwareHP Systems Insight Manager 5.x Linux Software

The SSH-2 protocol is used by the HP SIM

Distributed Task Facility

(DTF) to communicate with managed

systems. The DTF improves operator efficiency by replicating operations across the systems or system groups

within the management domain using a single command. This functionality reduces the load on administrators

in multisystem environments. X Window and CLI tools use the DTF to execute and support the following tasks:

• Executing scripts, commands, and applications remotely on managed systems

• Copying files to managed systems

The DTF connects the CMS to the SSH server software running on each managed system. The DTF tells the

SSH server what tasks must be performed on the system. The SSH server then performs the tasks and returns

the results to the DTF. The DTF consolidates the feedback it receives from all the managed systems.

WBEM WBEM is an industry standard that simplifies system management. It is based on a set of

management and Internet standard technologies developed to unify the management of enterprise computing

environments. It provides access to both software data and hardware data that is readable by

WBEM-compliant applications.

HP SIM keeps a database of passwords for managed systems running WBEM. The database contains the

user names and passwords for each managed system, which are required to provide user authentication for

tools using this protocol. These accounts do not need to have other access capabilities, such as login rights.

They are only used for WBEM access by HP SIM. The WBEM user name and password can be set from the

CLI or GUI. For more information, see the "Administering the Software" section in the

HP Systems Insight

Manager 5.2 User Guide

at http://h18013.www1.hp.com/products/servers/management/hpsim/

infolibrary.html.

HP SIM uses HTTPS to access WBEM data, providing a secure path for system management data.

HTTPS HTTPS is simply HTTP over SSL, a protocol that supports sending data securely over the Web.

HTTPS is used to access WBEM data as explained in the previous section, and it is used to access ProLiant

agent information. Digital certificates are used instead of user names and passwords to establish trust between

the agent and the CMS. The certificate of the CMS should be loaded into each agent to be managed by

that CMS.

DMI (HP-UX 11.0 and older managed systems only) In today's HP SIM environment DMI is only used to

collect inventory data from HP-UX 11.0 systems. DMI is an industry-standard protocol, primarily used in

client management, established by the

Desktop Management Task Force

. DMI provides an efficient means

of reporting client system problems. DMI-compliant computers can send status information to a CMS over a

network. DMI is supported for system inventory collection where the information is not available from WBEM

and SNMP. An HP-UX CMS uses DMI to gather system information from other HP-UX systems. DMI is not a

secure protocol. Therefore, anyone with access to your network can intercept and view DMI transactions.

SNMP SNMP is a set of protocols for managing complex networks. SNMP works by sending messages,

called protocol data units (PDUs), to different parts of a network. SNMP-compliant devices, called agents,

store data about themselves in Management Information Bases (MIBs) and return this data to the SNMP

requesters. SNMP is available in several versions. SNMP Version 1, used by HP SIM, is not a secure protocol.

Therefore, anyone with access to your network can intercept and view SNMP transactions.

HP SIM keeps a database of read and write community names for managed systems running SNMP. The

community name must match those configured on the management system. The SNMP community names

and passwords can be set from the CLI or GUI. For more information, see the "Administering the Software"

section in the

HP Systems Insight Manager 5.2 User Guide

at http://h18013.www1.hp.com/products/

servers/management/hpsim/infolibrary.html.

HP SIM does not use SNMP SetRequests. By default, the supported operating system platforms have SNMP

SetRequests disabled. For improved security, do not enable SNMP SetRequests on the CMS or the managed

systems. Even SNMP GetRequest responses can be spoofed, so all information from SNMP should be regarded

as insecure.

Web server security

HP SIM uses the Tomcat web server on the CMS. Tomcat features that are not required by HP SIM are turned

off by default. These features include Server Side Includes and Common Gateway Interface scripts.

Self-signed certificates

The self-signed certificates used for WBEM and web server authentication make it possible for another system

to impersonate the CMS if the valid certificate is not securely imported into the client or browser, which is

Secure data transmission 15