HP Systems Insight Manager 5.3 with SP1 Installation and Configuration Guide for Microsoft Windows
Table Of Contents
- HP Systems Insight Manager 5.3 with SP1 Installation and Configuration Guide for Microsoft Windows
- Table of Contents
- 1 Product overview
- 2 Installation overview and requirements
- 3 Installing HP SIM on the Central Management Server (CMS) for the first time
- 4 Configuring HP SIM using the First Time Wizard
- Using the First Time Wizard
- Configuring the managed environment
- Enabling automatic system discovery
- Configuring System Automatic Discovery task sign in credentials
- Configuring managed systems
- Configuring the WMI Mapper Proxy
- Configuring privilege elevation
- Configuring e-mail settings
- First Time Wizard summary
- Finishing the First Time Wizard
- Operating-system-specific collections, reports, and tools
- 5 Configuring HP SIM using the Options menu
- 6 Setting up and configuring managed systems
- 7 Initializing the Remote Support Software Manager
- 8 Upgrading HP Systems Insight Manager
- 9 Uninstalling HP Systems Insight Manager
- 10 Using the graphical user interface
- 11 Using the command line interface
- 12 Configuration options
- 13 Troubleshooting
- glossary
- Index
Secure data transmission
The security of the transaction depends on your networking environment and the management protocol that
each tool is using.
Management protocols
The basic supported management protocols and applications are
SSH
,
Web-Based Enterprise Management
(WBEM)
,
Secure HTTP (HTTPS)
,
Desktop Management Interface (DMI)
, and
SNMP
. Tools are not limited to
these protocols, and they can provide a custom management protocol. SSH is the only protocol that must
be installed on every managed system. Tools require specific protocols, and they can only be run on a
managed system if the protocol they require is installed and configured correctly.
SSH SSH is a program that enables you to log in to another system over a network and execute commands
on that system. It also enables you to move files from one system to another, and it provides authentication
and secure communications over insecure channels. SSH uses a public/private key pair to provide a secure
mechanism to authenticate and encrypt communication. SSH keys are used to identify the execute-as user
on the managed system. Typically, the execute-as user is either root or administrator, but other users can be
configured, depending on the tool that will be executed on the managed system. The private key is kept
secure on the CMS, while the public key is installed on each managed system.
The SSH-2 protocol is used by the Distributed Task Facility (DTF) to communicate with managed systems.
The DTF improves operator efficiency by replicating operations across the systems or system groups within
the management domain using a single command. This functionality reduces the load on administrators in
multisystem environments. X Window and CLI tools use the DTF to execute and support the following tasks:
• Executing scripts, commands, and applications remotely on managed systems
• Copying files to managed systems
The DTF connects the CMS to the SSH server software running on each managed system. The DTF tells the
SSH server what tasks must be performed on the system. The SSH server then performs the tasks and returns
the results to the DTF. The DTF consolidates the feedback it receives from all the managed systems.
WBEM WBEM is an industry standard that simplifies system management. It is based on a set of
management and Internet standard technologies developed to unify the management of enterprise computing
environments. It provides access to both software data and hardware data that is readable by
WBEM-compliant applications.
HP SIM keeps a database of passwords for managed systems running WBEM. The database contains the
user names and passwords for each managed system, which are required to provide user authentication for
tools using this protocol. These accounts do not need to have other access capabilities, such as login rights.
They are only used for WBEM access by HP SIM. The WBEM user name and password can be set from the
CLI or GUI. For more information, see the "Administering systems and events" section in the
HP Systems
Insight Manager 5.3 Technical Reference Guide
at http://h18013.www1.hp.com/products/servers/
management/hpsim/infolibrary.html.
HP SIM uses HTTPS to access WBEM data, providing a secure path for system management data. For access
to Windows management data instrumented in
Windows Management Instrumentation
(WMI), a WMI
Mapper running on a Windows system converts the HTTPS WBEM requests into WMI requests, which use
Distributed Component Object Model
and NT security.
A new SSL certificate is created during CMS initialization that is used as a client credential in WBEM requests
(instead of the CMS certificate).
NOTE: The WBEM client certificate authentication feature is supported only on HP-UX systems, that have
WBEM Services 2.5 installed for HP SIM.
HTTPS HTTPS is simply HTTP over SSL, a protocol that supports sending data securely over the Web. HTTPS
is used to access WBEM data as explained in the previous section, and it is used to access ProLiant agent
information. Digital certificates are used instead of user names and passwords to establish trust between the
agent and the CMS. The certificate of the CMS should be loaded into each agent to be managed by that
CMS.
Desktop Management Interface DMI is an industry-standard protocol, primarily used in client management,
established by the
Desktop Management Task Force
. DMI provides an efficient means of reporting client
system problems. DMI-compliant computers can send status information to a CMS over a network. DMI is
Secure data transmission 13