HP Systems Insight Manager 5.2 Update 2 Technical Reference Guide
8 Networking and security
HP Systems Insight Manager (HP SIM) provides the following security options:
• User and Authorizations. Select Options→Security→Users and Authorizations.
• Server Certificate. Select Options→Security→Certificates→Server Certificate.
• Trusted Certificate. Select Options→Security→Certificates→Trusted Certificate.
• Login Event Settings. Select Options→Security→Login Event Settings.
• System Link Configuration. Select Options→Security→System Link Configuration.
Secure Sockets Layer and certificates
Secure Sockets Layer
(SSL) is used between the browser and HP Systems Insight Manager (HP SIM) to ensure
data integrity and privacy. An integral part of SSL is a
certificate
, which is a public document used to identify
the HP SIM server. When HP SIM is installed, it creates a
self-signed certificate
. Your browser might initially
display a security alert when you browse to HP SIM, describing the certificate as untrusted. This designation
occurs because the certificate is self-signed (signed by the HP SIM server) and the signer is not in the browser's
list of
Certification Authorities
(CA). By securely importing the HP SIM server certificate into the browser, the
browser can authenticate the HP SIM server to which you are browsing. See “Server certificates” for more
information about importing certificates into your browser.
HP SIM also supports the ability to use a certificate from a third-party CA or your own internal CA or Public
Key Infrastructure (PKI). In this case, you can import the CA certificate into your browser. See “Importing a
CA-signed certificate” for more information.
Sign-in and accounts
A user name, domain name (for Windows CMS), and password are required before you can access any
feature of HP SIM. HP SIM uses the user authorizations of the underlying operating system (Windows, Linux,
or HP-UX) and relies on the operating system to authenticate users.
The user that is installing HP SIM must be either a system administrator (for Windows) or root user (for Linux
and HP-UX). This user is given administrative access to HP SIM.
After signing in with this account, create additional accounts for other users. Each account can be set up
with different configuration rights and authorizations. You can also restrict the IP addresses from which each
account can sign-in. See “Users and authorizations” for more information.
Audit settings can also be configured to log a notice for different types of security events, including sign-in
and sign out events. See “Configuring sign-in events” for more information.
Single Login, Replicate Agent Settings, and Install Software and Firmware
To take advantage of
single login
or to execute Replicate Agent Settings or Install Software and Firmware
tasks on the managed systems, set up a trust relationship between HP SIM and the desired managed systems.
A trust relationship enables the managed system to specify which HP SIM servers can issue commands to
the system. Without an established trust relationship, these commands fail. See “Setting up trust relationships”
for more information.
Setting up a trust relationship on the managed system requires that you browse to the system, set the trust
mode, and add HP SIM to the Trusted System Certificates list. Managed systems can also be set up with an
appropriate certificate during deployment. See “Initial ProLiant Support Pack Install” for more information.
At the HP SIM server, you must also specify the user authorization for the managed system and have executed
a System Identification task. If you have enabled the Require option on the Trusted System Certificates
page, you must import the certificates of trusted managed systems into HP SIM, or a root CA certificate. See
“Trusted certificates” and “Server certificates” for complete details.
Secure Sockets Layer and certificates 161