beautypg.com

HP Insight Control Software for Linux User Manual

Page 23

background image

The SSH service also enables file transfer with the scp or sftp commands over the same
port as SSH.

pdsh Keys

The pdsh command uses public host keys to authenticate remote hosts and supports public
key authentication to authenticate users.

cmfd Keys

The console command uses SSL keys to connect to the console management facility daemon
(cmfd) for console access.

secure boot mechanism

Virtual media support is provided as the secure boot mechanism. PXE booting provides no
authentication or encryption.

Data used to authenticate either the CMS or a managed system, or used to setup login
credentials on a management processor must be secured. This information is secured with the
virtual media mechanism. Specifically, the data includes the SSH public key and any

certificates

needed to secure the communication between the CMS and the managed system. An auxiliary
RAM disk that can be appended to the normal Insight Control for Linux RAM disk is created
for this purpose.

This auxiliary RAM disk is used in one of two ways:

It becomes part of the virtual media ISO boot image when booting a managed system
using virtual media.

It is added in the pxelinux.cfg boot configuration file when booting by PXE.

HTTPS

Communication between the CMS and a managed node is performed using

HTTPS

.

Digital signature

HP software, firmware, drivers, applications, and other executables are delivered with an
electronic cryptographic signature. This electronic signature gives you an industry standard
method to verify the integrity and authenticity of the code you received before you deploy it.

This digital signature is then used in a signature verification process to verify and validate the
following:

To verify and validate the authenticity of the code.

That HP created the code in question.

To verify and validate integrity of the code.

That the code in question was not altered since it was originally signed.

For the procedure to validate RPMs, see

“Validating RPM signatures” (page 24)

.

Privilege elevation

Insight Control for Linux monitoring operations do not work when HP SIM is configured for
privilege elevation. However, Insight Control for Linux OS installation and image capture and
deployment operations, which are not affected by HP SIM privilege elevation, will work.

Access to system monitoring information

HP recommends the use of a trusted network environment because metric data that Nagios
collects from Supermon and mond is not encrypted.

Issues relating to scalable deployment

The scalable deployment feature of Insight Control for Linux uses HTTP to transfer a Linux
image from the CMS to a group leader and FTP to transfer that image from the group leader

2.1 Integrated security features

23

See also other documents in the category HP Software: