HP Systems Insight Manager 5.3 Technical Reference Guide

ManualsBrandsHP ManualsSoftwareHP Systems Insight Manager for HP-UX

161

162

163

164

165

166

167

168

169

170

9 Networking and security

HP SIM provides the following security options:

• User and Authorizations. Select Options→Security→Users and Authorizations.

• Server Certificate. Select Options→Security→Certificates→Server Certificate.

• Global Credentials. Select Options→Security→Credentials→Global Credentials.

• Systems Credentials. Select Options→Security→Credentials→Systems Credentials.

• Trusted Certificate Select Options→Security→Credentials→Trust Relationships.

• SSH Host Keys Select Options→Security→SSH Host Keys.

• Sign-In Event Settings Select Options→Security→Sign-In Event Settings.

• System Link Configuration Select Options→Security→System Link Configuration.

• Privilege Elevation Select Options→Security→Privilege Elevation.

Secure Sockets Layer and certificates

SSL

is used between the browser and HP SIM to ensure data integrity and privacy. An integral part of SSL

is a

certificate

, which is a public document used to identify the HP SIM server. When HP SIM is installed, it

creates a

self-signed certificate

. Your browser might initially display a security alert when you browse to HP

SIM, describing the certificate as untrusted. This designation occurs because the certificate is self-signed

(signed by the HP SIM server) and the signer is not in the browser's list of

CAs

. By securely importing the

HP SIM server certificate into the browser, the browser can authenticate the HP SIM server to which you are

browsing. See “Server certificates” for more information about importing certificates into your browser.

HP SIM also supports the ability to use a certificate from a third-party CA or your own internal CA or PKI.

In this case, you can import the CA certificate into your browser. See “Importing a CA-signed certificate”

for more information.

Sign-in and accounts

A user name, domain name (for Windows CMS), and password are required before you can access any

feature of HP SIM. HP SIM uses the user authorizations of the underlying operating system (Windows, Linux,

or HP-UX) and relies on the operating system to authenticate users.

The user that is installing HP SIM must be either a system administrator (for Windows) or root user (for Linux

and HP-UX). This user has administrative access to HP SIM.

After signing in with this account, create additional accounts for other users. Each account can have different

configuration rights and authorizations. You can restrict the IP addresses from which each account can

sign-in. See “Users and authorizations” for more information.

Audit settings can be configured to log a notice for different types of security events, including sign-in and

sign-out events. See “Configuring sign-in events” for more information.

Single Sign On, Replicate Agent Settings, and Install Software and

Firmware

To take advantage of

Single Sign On

or to execute Replicate Agent Settings or Install Software and Firmware

tasks on the managed systems, set up a trust relationship between HP SIM and the desired managed systems.

A trust relationship enables the managed system to specify which HP SIM servers can issue commands to

the system. Without an established trust relationship, these commands fail. See “Setting up trust relationships”

for more information.

Setting up a trust relationship on the managed system requires that you browse to the system, set the trust

mode, and add HP SIM to the Trusted System Certificates list. Managed systems can also be set up with an

appropriate certificate during deployment. See “Initial ProLiant Support Pack Install” for more information.

Secure Sockets Layer and certificates 163