Manualshelf

HP WBEM Services for HP-UX System Administrator Guide (5900-1624, April 2011)

ManualsBrandsHP ManualsSoftwareHP-UX 11i WBEM Software
31323334353637383940
3 Security considerations
This chapter describes the security aspects of working with HP WBEM Services.
In any network, security is always of prime importance. For HP WBEM Services, security is first
checked at the communication channels. HP WBEM Services supports the following connection
points:
HTTP port 5988
HTTP Secure (HTTPS) port 5989
HTTPS port for Export Connections
A UNIX domain socket for local connections
Ports 5988 (HTTP TCP/IP communication) and 5989 (HTTPS TCP/IP communication) are dedicated
for CIM-XML communications between CIM clients and the CIM Server. The port defined by the
service name wbem-exp-https (HTTPS port for Export Connections) is dedicated for CIM-XML
communication between the Indication sender and the CIM Server which acts as the Indication
receiver. You can disable the HTTP and the two HTTPS connection points using the cimconfig
command line utility. However, the UNIX domain socket connection is always enabled when the
CIM Server is running.
Guidelines for using SNMP, PRM, and WLM
For HP WBEM Services, you can make use of SNMP as well as Process Resource Manager (PRM)
and Workload Manager (WLM). Following are some of the security considerations that you must
keep in mind while using SNMP as well as PRM and WLM:
You can use the tools available with Process Resource Manager (PRM) and Workload Manager
(WLM) to limit computing resources used by the processes of HP WBEM Services. You can
purchase these products from http://www.software.hp.com.
However, by limiting or restricting the computing resources of the WBEM Services processes,
depending on the configured limits and WBEM Services utilization, it might constantly reach
its limits, resulting in issues.
Due to known security vulnerabilities and limitations of the SNMP protocol, HP does not
recommend the use of the SNMP indication handler.
Configuring SSL
When HTTPS connections are enabled, HP WBEM Services uses the Secure Sockets Layer (SSL)
for communication. To enable this communication, the server-side certificates are trusted by the
management application. HP WBEM Services uses OpenSSL to support HTTPS connections.
NOTE: OpenSSL is an open source cryptography toolkit that implements network protocols and
related cryptography standards of SSL v2/v3 and Transport Layer Security (TLS). For more
information on OpenSSL, see the information available at: http://www.openssl.org.
HP WBEM Services supports only SSL v3 and TLS protocols.
On the HTTPS port, CIM clients are required to use SSL to establish connections with the CIM Server
and to send CIM requests.
To disable the HTTPS port, use the cimconfig command to set the planned value of the CIM
Server configuration property enableHttpsConnection to false. Ensure that the planned
value for enableHttpConnection is set to true and restart the CIM Server.
Guidelines for using SNMP, PRM, and WLM 33