HP Systems Insight Manager 7.1 User Guide

ManualsBrandsHP ManualsSoftwareHP Systems Insight Manager for HP-UX

101

102

103

104

105

106

107

108

109

110

Internet zone, causing improper operation. Ensure systems are being placed into the correct Internet

zone when browsing. You might need to configure Internet Explorer, or use a different name format

when browsing.

System link format

To facilitate navigation to managed systems, HP SIM provides the System Link Configuration option

to configure how links to managed systems are formed. Go to Options→Security→System Link

Configuration.

The following options are available:

• Use the system name

• Use the system IP address

• Use the system full DNS name

If you need full DNS names to resolve the system on your network, keep in mind that the browser

might display a warning if the name in the system's certificate does not match the name in the

browser.

Operating-system dependencies

User accounts and authentication

HP SIM accounts are authenticated against the CMS host operating system. Any operating system

features that affect user authentication affect signing into HP SIM. The operating system of the CMS

can implement a lock-out policy to disable an account after a specified number of invalid sign in

attempts. Additionally, an account can be manually disabled in the Microsoft Windows domain.

Any account that cannot authenticate against the operating system prevents signing into HP SIM

using that account. For automatic sign-in to HP SIM, user accounts must be domain accounts.

NOTE: A user who is already signed into HP SIM is not re-authenticated against the operating

system until the next sign in attempt and continues to remain signed into HP SIM, retaining all rights

and privileges therein, until signing out of HP SIM.

IMPORTANT: If creating operating system accounts exclusively for HP SIM accounts, give users

the most limited set of operating system privileges required. Any root or administrator accounts

should be properly guarded. Configure any password restrictions, lock-out policies, and so on, in

the operating system.

File system

Access to the file system should be restricted to protect the object code of HP SIM. Inadvertent

modifications to the object code can adversely affect the operation of HP SIM. Malicious

modification can allow for covert attacks, such as capturing sign in credentials or modifying

commands to managed systems. Read-level access to the file system should also be controlled to

protect sensitive data such as private keys and passwords, which are stored in a recoverable

format on the file system. HP SIM does not store user account passwords for users signing into HP

SIM.

IMPORTANT: HP SIM sets appropriate restrictions on the application files. These restrictions

should not be changed because this could affect the operation of HP SIM or allow unintended

access to the files.

Background processes

On Windows, HP SIM is installed and runs as a Windows service. The service account requires

administrator privileges on the CMS and the database, and can be either a local or a domain

104 Understanding HP SIM security