Understanding HP SIM 5.1 and 5.2 security (481362-003, January 2009)

Overview

This document is provided as an overview of the security features available in the HP Systems Insight

Manager (HP SIM) framework. More detailed documentation can be found in the HP Systems Insight

Manager Technical Reference Guide.

Architecture overview

HP SIM runs on a central management server (CMS) and communicates with managed systems using

various protocols. The customer can browse to the CMS or directly to the managed system.

Figure 1. Architecture overview

Communication protocols

Simple Network Management Protocol (SNMP)

SNMP v1 is one of the primary protocols used to gather data about systems. SNMP traps are used to

notify HP SIM of status changes or other events on a system. SNMP is not a guaranteed protocol;

there are no assurances that any request, response, or trap will reach its destination. SNMP security is

limited to a clear-text community string included with the request, similar to a password. SNMP data is

not encrypted, so the entire payload can be easily snooped on the network.

The operating system of the managed system may provide additional security capabilities for SNMP

such as IP address restrictions for valid requests.

Hyper Text Transfer Protocol (HTTP)

HTTP is another primary protocol used to acquire data about managed systems during identification.

HTTP is not a secure protocol and can be easily viewed on the network. The secure version of HTTP is

called HTTPS and is described later.

Web-Based Enterprise Management (WBEM)

WBEM is another protocol used to acquire data about managed systems. It is primarily XML over

HTTP or HTTPS.