HP SIM V5.1 User Guide (356920-009, January 2007)
8 Networking and security
HP Systems Insight Manager (HP SIM) provides the following security options:
• User and Authorizations. Select Options→Security→Users and Authorizations.
• Server Certificate. Select Options→Security→Certificates→Server Certificate.
• Trusted Certificate. Select Options→Security→Certificates→Trusted Certificate.
• Login Event Settings. Select Options→Security→Login Event Settings.
• System Link Configuration. Select Options→Security→System Link Configuration.
Secure Sockets Layer and certificates
Secure Sockets Layer
(SSL) is used between the browser and HP SIM to ensure data integrity and privacy.
An integral part of SSL is a
certificate
, which is a public document used to identify the HP SIM server. When
HP SIM is installed, it creates a
self-signed certificate
. Your browser might initially display a security alert
when you browse to HP SIM, describing the certificate as untrusted. This designation occurs because the
certificate is self-signed (signed by the HP SIM server) and the signer is not in the browser's list of
Certification
Authorities
. By securely importing the HP SIM server certificate into the browser, the browser can authenticate
the HP SIM server to which you are browsing. See “Server certificates” for more information about importing
certificates into your browser.
HP SIM also supports the ability to use a certificate from a third-party Certificate Authority (CA) or your own
internal CA or Public Key Infrastructure (PKI). In this case, you can import the CA certificate into your browser.
See “Importing a CA-signed certificate” for more information.
Sign in and accounts
A user name, domain name (for Windows CMS), and password are required before accessing any feature
of HP SIM. HP SIM uses the user authorizations of the underlying operating system (Windows, Linux, or
HP-UX) and relies on the operating system to authenticate users.
The user installing HP SIM must be an administrator of the system (for Windows) or root (for Linux and HP-UX).
This user is given administrative access to HP SIM.
After signing in with this account, create additional accounts for other users. Each account can be set up
with different configuration rights and authorizations. You can also restrict the IP addresses from which each
account can sign in. See “Users and authorizations” for more information.
Audit settings can also be configured to log a notice for different types of security events including sign in
and sign out events. See “Configuring login events” for more information.
Single Login, Replicate Agent Settings, and Install Software and Firmware
To take advantage of
single login
or to execute Replicate Agent Settings or Install Software and Firmware
tasks against managed systems, set up a trust relationship between HP SIM and the desired managed systems.
A trust relationship enables the managed system to specify which HP SIM servers can issue commands to
the system. Without an established trust relationship, these commands fail.
Setting up a trust relationship at the managed system involves browsing to the system, setting the trust mode,
and adding HP SIM to the Trusted System Certificates list. Managed systems can also be set up with an
appropriate certificate during deployment. See “Initial ProLiant Support Pack Install” for more information.
At the HP SIM server, you must also specify users' authorization for the managed system and have executed
a System Identification Task. If you have enabled the Require option on the Trusted System Certificates
page, you must import the certificates of trusted managed systems into HP SIM or a root CA certificate. See
“Trusted certificates” and “Server certificates” for complete details.
Secure Sockets Layer and certificates 149