ProLiant Essentials Vulnerability and Patch Management Pack Planning Guide
If you do not have the server capacity to operate and maintain both the HP SIM and Vulnerability and
Patch Management Pack applications on a single server or if it is necessary for the VPM server to be
located in the demilitarized zone (DMZ) so it has Internet accessibility, you can split these
applications by migrating to a distributed server configuration.
Distributed configuration
When HP SIM and the Vulnerability and Patch Management Pack create too great of a load for a
single system or when it is necessary for the VPM server to be in the DMZ to access patches and
updates from the Internet, each component can be installed on separate systems, with the vulnerability
scanning and patching functions relegated to a second host system. In this distributed configuration,
additional security settings should be established and synchronized across applications before
their installation.
See the HP ProLiant Essentials Vulnerability and Patch Management Pack Server Security
Recommendations white paper at
http://www.hp.com/go/vpm for additional information about
Vulnerability and Patch Management Pack security.
Figure 3. A distributed configuration across two systems
12