Manualshelf

HP Servicecontrol Manager 3.0 User's Guide

ManualsBrandsHP ManualsSoftwareHP-UX 11i v2 Foundation OE LTU
21222324252627282930
HP Servicecontrol Manager Introduction
Security and Access
Chapter 1
21
SNMP Transactions
SNMP Versions 1 and 2 are not secure protocols. Therefore, anyone with access to your
network will be able to intercept and view SNMP transactions. SCM does not use SNMP
SetRequests. By default, the supported operating system platforms have SNMP
SetRequests disabled. For improved security, do not enable SNMP SetRequests on the
CMS or on the managed nodes. Even SNMP GetRequest responses can be spoofed, so all
information from SNMP should be regarded as untrusted.
SCM keeps a database of read and write community names for managed nodes running
SNMP. The community name must match those configured on the management node.
The SNMP community names and passwords can be set from the command line or the
graphical user interface. For more information, see administering nodes - editing node
security or administering node groups - editing node group security in the SCM online
help.
Managing Servers Behind a Firewall
SCM supports managing servers that are located behind a firewall when using the
WBEM protocol. The firewall must be configured to allow the WBEM traffic through the
firewall. This traffic uses HTTPS over TCP port 5989. SNMP and DTF communications
are not recommended through a firewall because the data exchanged between the CMS
and the managed nodes is not encrypted.
Ports Used
If your CMS or managed nodes are using a host-based firewall such as IPFilter, you will
need to allow these new ports access through the firewall. The Bastille product on
HP-UX can help with the IPFilter configuration.
The following information is provided to assist in using SCM in a secured environment.
Its completeness has not been verified, so some experimentation may be needed to apply
it. The outbound traffic on these sockets are only in response to inbound connections. See
reference - ports in the SCM online help for information on configuring the ports that are
configurable.
SCM uses the following fixed ports on the CMS only:
Service Port Protocol Used By Configurable?
HTTP 280
Inbound/Outbound
TCP Apache
Tomcat
No
HTTPS 50000
Inbound/Outbound
TCP Apache
Tomcat
Yes
HTTPS 50005
Local host only
TCP Apache
Tomcat
Yes
RMI Anonymous
(see section below)
Inbound/Outbound
TCP Apache, SCM
Daemons
Yes