Automated Remote Support Security With TSM and OSM on NonStop Servers

ManualsBrandsHP ManualsServerHP Integrity NonStop Service Information

HP NonStop S-Series and NS-Series Server Automated Remote Support

Page 4 of 7

D. NSC Console Access and Notification

Destinations

The ND application receives, displays, and allows

you to take action on Incident Reports. It also

allows you to configure remote access and

automatic notification information, including

sending Incident Reports to the service provider

automatically.

The system manager determines which NSC

Consoles will be used with a particular

NonStop™ S-Series or NS-Series server for

remote access and automatic notification.

Configuration screens are provided in the ND

application to establish this.

• The destination workstation is one to

which TSM application notifications will

be sent

• A primary workstation and a backup

workstation are used for notification of

Incident Reports.

Once the system manager has configured the

NSC Consoles, there is no other security

required at this level. Notifications will only be

sent to the designated NSC Consoles; they are

not broadcast.

Note that systems are shipped with

manufacturing supplied IP addresses on both the

NonStop™ S-Series and NS-Series server(s) (for

the NSK service LAN and the SP or ME) and the

NSC Console. The system will work out-of-the-

box if a private service LAN is set up, including

just one NonStop™ S-Series or NS-Series server

and a single NSC Console. This allows for initial

setup and confirmation that the system is

running. The NSC Console and the server can

either be left with the manufacturing-defined IP

addresses or merged into your private service

LAN environment. Changing of the IP addresses

is required if:

• A second backup NSC Console is to be

set up for use with one or more HP

NonStop™ S-Series or NS-Series

servers, or

• A second (or more) HP NonStop server

is to be added to the private service

LAN utilizing the same primary (and/or

backup) NSC Console.

The configuration of IP addresses is entirely at

the discretion of the system manager. However,

the service LAN based on the Ethernet ports on

the two Processor Multifunction CRUs of group 1

(in slots 50 and 55) on S-Series servers or P-

switches on NS-Series servers must be kept in

the same subnet.

E. Notification Director Application

Security

The Notification Director (ND) handles all of the

processing for Incident Reports (IR). When an IR

is authorized (either manually or automatically),

and if there is an attachment list, the ND uses

FTP to copy all files in the attachment list from

the NonStop™ S-Series or NS-Series server. In

addition, the ND writes pertinent information

regarding the delivery of the IR back to the

NonStop™ S-Series or NS-Series server. This

includes authorization, notification, and

confirmation information.

The ND, at the primary and backup NSC

Consoles, must be running at all times to provide

for delivery of IRs. The user must log into the ND

when it is started and enter an NSK user-name

and password. This NSK logon will be used to

ensure NSK security whenever an IR arrives. In

all cases, the user names and passwords the ND

needs are encrypted and stored on the client.

The actions used to write back information about

the delivery of the IR are done using the NSK

username and password entered for that system

in the ND. This NSK username and password

does not need to be a member of the SUPER

group. NSK security will operate the same as for

the Service Connection Application.

F. Secure Sockets Layer (SSL)

Security

With G06.27, Secure Sockets Layer (SSL) was

introduced in OSM.

SSL provides secure communication between the

OSM server and OSM client applications, such

as OSM Service Connection and OSM

Notification Director.

With SSL enabled, all the data communication

between OSM server and OSM clients is

encrypted.

SSL also allows the OSM server to communicate

with HP Systems Insight Manager (SIM) product

over a secure connection

G. Service Processor/Maintenance

Entity Security

The security for the SP/ME sessions are provided

by an RPC session, which is established

between the application on the NSC Console and

the Service Processor/Maintenance Entity on the

NonStop™ Himalaya S-Series/NS-Series server.

A username and password are provided in a

Connect dialog. This is not NSK security, but