Manualshelf

HP Systems Insight Manager 5.3 Technical Reference Guide

ManualsBrandsHP ManualsSoftwareHP Systems Insight Manager for HP-UX
161162163164165166167168169170
At the HP SIM server, you must also specify the user authorization for the managed system and have executed
a System Identification task. If you have enabled the Require option on the Trusted System Certificates
page, you must import the certificates of trusted managed systems into HP SIM, or a root CA certificate. See
“Trusted certificatesand “Server certificatesfor complete details.
Certificates
HP SIM allows secure and authorized management from the
CMS
. User authorizations for managed systems
and the CMS can be configured, helping ensure that only authorized users perform state-changing operations.
Communication between the CMS, managed systems, and the browser is secured using SSL and certificates,
helping to authenticate systems and protect user credentials and management data.
A new SSL certificate is created during CMS initialization that is used as a client credential in WBEM requests
(instead of the CMS certificate). To authenticate using the WBEM certificate, select Use certificate instead
in the WBEM settings section of the System Protocol Settings page. See “Setting protocols and
credentials for a system or groups of systemsfor more information. To configure the WBEM certificate, use
the Configure or Repair Agents task. See “Windows CMS” for more information.
NOTE: The WBEM client certificate authentication feature is supported only on HP-UX systems, that have
WBEM Services 2.5 installed for HP SIM.
Credentials
There are three types of security credentials in HP SIM:
System Credentials Credentials used by identification to access managed systems. These credentials
include WBEM, WS-MAN, and SSH credentials, Sign-in, SNMP community string, and Single Sign-On
credentials.
Global Credentials Global credentials are system credentials that apply to all systems.
Trusted Systems Credentials used to manage the public SSH keys, stored in the known_hosts file,
from the
CMS
and to set trust relationships.
Privilege elevation
Privilege elevation enables you to sign in as an unprivileged user and elevate the privilege to run a tool and
support running tools on operating systems, such as AIX and Solaris.
Related procedures
Configuring the system link
Configuring sign-in events
Changing the HP SIM default SSL port
Setting protocols and credentials for a system or groups of systems
Windows CMS
HP-UX and Linux CMS
Global credentials
Related topics
Server certificates
Trusted certificates
Possible certificate errors
Users and authorizations
About login
About secure task execution
164 Networking and security