Understanding HP SIM 5.1 and 5.2 security (481362-003, January 2009)

ManualsBrandsHP ManualsSoftwareHP Systems Insight Manager 6.x Linux Software

5. For SSH, turn on the option to accept SSH connections only from specified systems. Select

OptionsÆSecurityÆSSH Keys and enable the option The central management

server will accept an SSH connection only if the key is in list below. Afterwards,

you must manually import each managed system’s public SSH key into the list of keys in HP

SIM.

Note: To configure this in previous version of HP SIM, add or modify the following line in H

mx.properties:

MX_SSH_ADD_UNKNOWN_HOSTS=false

and then restart HP SIM.

Afterwards, you must manually import each managed system’s public SSH key into the list of

keys in HP SIM.

Port listing

The following ports and protocols are used by the HP SIM solution. If you have an application

firewall, the core HP SIM process is mxdomainmgr, and the Distributed Task Facility (DTF) is

mxdtf.

CMS Managed

System

Port

Protocol

Description

Out In Out

ICMP

Ping

Y Y 22 SSH SSH server (for DTF)

Y Y 161 SNMP SNMP Agent

Y Y 162 SNMP Trap Trap listener

Y 80 HTTP

Management processor and other devices;

standard Web server

Y 280 HTTP

Web server for HP SIM; Web agent auto-start

port

Y 443 HTTPS

Management processor and other devices;

standard Web server

Y 1443 TCP Microsoft SQL Server database

Y Y 2301 HTTP Web agent Web server

2367 RMI HP SIM RMI connection

Y Y 2381 HTTPS Web agent Web server

Y 5432 ProstgreSQL Server database

Y Y 5988 HTTP WBEM service

Y Y 5989 HTTPS WBEM service

Y 50000 HTTPS HP SIM Web server

Y 50001 HTTPS

HP SIM SOAP (configurable

)

Y 50002 HTTPS

HP SIM SOAP with client certificate