HP Systems Insight Manager (HP SIM) provides the following security options:
Secure Sockets Layer and Certificates
Secure Sockets Layer (SSL) is used between the browser and HP SIM to ensure data integrity and privacy. An integral part of SSL is a certificate, which is a public document used to identify the HP SIM server. When HP SIM is installed, it creates a self-signed certificate. Your browser might initially display a security alert when you browse to HP SIM, describing the certificate as untrusted. This designation occurs because the certificate is self-signed (signed by the HP SIM server) and the signer is not in the browser's list of Certification Authorities. By securely importing the HP SIM server certificate into the browser, the browser can authenticate the HP SIM server to which you are browsing. Refer to Networking and Security - Server Certificates for more information about importing certificates into your browser. HP SIM also supports the ability to use a certificate from a third-party Certificate Authority (CA) or your own internal CA or Public Key Infrastructure (PKI). In this case, you can import the CA certificate into your browser. Refer to Server Certificates - Importing a CA-Signed Certificate for more information.
Login and AccountsA user name, domain name (for Windows CMS), and password are required before accessing any feature of HP SIM. HP SIM uses the user authorizations of the underlying operating system (Windows, Linux, or HP-UX) and relies on the operating system to authenticate users. The user installing HP SIM must be an administrator of the system (for Windows) or root (for Linux and HP-UX). This user is given administrative access to HP SIM. After logging in with this account, create additional accounts for other users. Each account can be set up with different configuration rights and authorizations. You can also restrict the IP addresses from which each account can log in. Refer to HP Systems Insight Manager Technical Reference Guide - Users and Authorizations for more information. Audit settings can also be configured to log a notice for different types of login and logout events. Refer to Networking and Security - Configuring Login Events for more information.
Single Login, Replicate Agent Settings, and Install Software and FirmwareTo take advantage of single login or to execute Replicate Agent Settings or Install Software and Firmware tasks against managed systems, set up a trust relationship between HP SIM and the desired managed systems. A trust relationship allows the managed system to specify which HP SIM servers can issue commands to the system. Without an established trust relationship, these commands fail. Setting up a trust relationship at the managed system involves browsing to the system, setting the trust mode, and adding HP SIM to the Trusted System Certificates list. Managed systems can also be set up with an appropriate certificate during deployment. Refer to Version Control - Initial ProLiant Support Pack Install for more information. At the HP SIM server, you must also specify users' authorization for the managed system and have executed a System Identification Task. If you have enabled the Require trusted certificates option on the Trusted System Certificates page, you must import the certificates of trusted managed systems into HP SIM or a root CA certificate. Refer to Networking and Security - Trusted Certificates and Networking and Security - Server Certificates for complete details.
CertificatesHP SIM allows for secure and authorized management from the central management server (CMS). Users' authorizations for managed systems and the CMS can be configured, helping ensure only authorized users perform state-changing operations. Communication between the CMS, managed systems, and the browser is secured using SSL and certificates, helping to authenticate systems and protect user credentials and management data.
Related Procedures
Related Topics
|