HP Systems Insight Manager 5.3 with SP1 Installation and Configuration Guide for Microsoft Windows
Table Of Contents
- HP Systems Insight Manager 5.3 with SP1 Installation and Configuration Guide for Microsoft Windows
- Table of Contents
- 1 Product overview
- 2 Installation overview and requirements
- 3 Installing HP SIM on the Central Management Server (CMS) for the first time
- 4 Configuring HP SIM using the First Time Wizard
- Using the First Time Wizard
- Configuring the managed environment
- Enabling automatic system discovery
- Configuring System Automatic Discovery task sign in credentials
- Configuring managed systems
- Configuring the WMI Mapper Proxy
- Configuring privilege elevation
- Configuring e-mail settings
- First Time Wizard summary
- Finishing the First Time Wizard
- Operating-system-specific collections, reports, and tools
- 5 Configuring HP SIM using the Options menu
- 6 Setting up and configuring managed systems
- 7 Initializing the Remote Support Software Manager
- 8 Upgrading HP Systems Insight Manager
- 9 Uninstalling HP Systems Insight Manager
- 10 Using the graphical user interface
- 11 Using the command line interface
- 12 Configuration options
- 13 Troubleshooting
- glossary
- Index
supported for system inventory collection where the information is not available from WBEM and SNMP. A
Windows CMS uses DMI to gather information from third-party servers. DMI is not a secure protocol.
Therefore, anyone with access to your network can intercept and view DMI transactions.
SNMP SNMP is a set of protocols for managing complex networks. SNMP works by sending messages,
called protocol data units (PDUs), to different parts of a network. SNMP-compliant devices, called agents,
store data about themselves in Management Information Bases (MIBs) and return this data to the SNMP
requesters. SNMP is available in several versions. SNMP Version 1, used by HP SIM, is not a secure protocol.
Therefore, anyone with access to your network can intercept and view SNMP transactions.
HP SIM keeps a database of read and write community names for managed systems running SNMP. The
community name must match those configured on the management system. The SNMP community names
and passwords can be set from the CLI or GUI. For more information, see the "Administering systems and
events" section in the
HP Systems Insight Manager 5.3 Technical Reference Guide
at http://
h18013.www1.hp.com/products/servers/management/hpsim/infolibrary.html.
HP SIM does not use SNMP SetRequests. By default, the supported operating system platforms have SNMP
SetRequests disabled. For improved security, do not enable SNMP SetRequests on the CMS or the managed
systems. Even SNMP GetRequest responses can be spoofed, so all information from SNMP should be regarded
as insecure.
Web server security
HP SIM uses the Tomcat web server on the CMS. Tomcat features that are not required by HP SIM are turned
off by default. These features include Server Side Includes and Common Gateway Interface scripts.
Self-signed certificates
The self-signed certificates used for WBEM and web server authentication make it possible for another system
to impersonate the CMS if the valid certificate is not securely imported into the client or browser, which is
known as
spoofing
. To prevent the possibility of spoofing, use a certificate signed by a trusted Certificate
Authority (CA) or securely export the certificate by browsing locally to the CMS and then securely importing
it into your browser. You can also obtain the server certificate by browsing remotely and saving it in the
browser the first time you access HP SIM, but this option is less secure and still susceptible to a possible
"man-in-the-middle" attack. Information about importing CA-signed certificates is available in the "Administering
systems and events" section of the
HP Systems Insight Manager 5.3 Technical Reference Guide
at http://
h18013.www1.hp.com/products/servers/management/hpsim/infolibrary.html.
X application security
The data exchanged between an X client (or application) running on a managed system and an X server
on the network client is transmitted in clear text over the network. HP does not recommend X clients in
environments in which security is a concern.
Managing servers behind a firewall
HP SIM supports managing servers that are located behind a firewall when using the SSH, HTTPS, and
WBEM protocols. HP does not recommend the SNMP and DMI protocols for this purpose because they are
not secure protocols. The firewall must be configured to allow this traffic through the firewall. The following
ports are used:
• WBEM uses HTTPS over port 5989
• Web Agents use HTTPS over port 2381
• DTF uses SSH-2 over port 22
For a complete list of ports used by HP SIM, see the
Understanding HP SIM Security
white paper. This white
paper is available at http://www.hp.com/go/hpsim/.
14 Product overview