beautypg.com

5 choosing a security certificate policy, 7 determining your backup policy, 8 choosing a policy for the audit log – HP OneView User Manual

Page 80: 9 determining your vsphere client policy

background image

The default SNMP read community string, public, is easily guessed. You can make your SNMP
environment more secure by changing the SNMP read community string to use a strong password.
If you use the appliance REST APIs, you can avoid manually refreshing managed devices by
changing the SNMP read community string before you add devices to the appliance.

For more information about changing the SNMP read community string, see

“Managing the

appliance settings” (page 155)

.

7.2.5 Choosing a security certificate policy

The appliance supports self-signed certificates and certificates issued by a certificate authority.

The appliance is configured initially with a self-signed certificate. To replace self-signed certificates
with certificates issued by your organization’s certificate authority, see

“Managing SSL certificates”

(page 157)

.

For more information about certificates, see

“Appliance access over SSL” (page 50)

.

7.2.6 Determining roles and restrictions for authorized users

Access to the appliance is controlled by roles, which describe what a user is permitted to see and
do on the appliance. Each user must be associated with at least one role. Determine the roles and
responsibilities for authorized users of the appliance, and choose appropriate user roles to limit
access to the appliance.

Consider limiting the number of local accounts and integrating the appliance with an enterprise
directory solution such as Microsoft Active Directory or OpenLDAP.

For more information about users and user roles, see

“Managing users and authentication”

(page 143)

.

7.2.7 Determining your backup policy

A backup file is an encrypted snapshot of the appliance configuration and management data at
the time the backup file was created. HP recommends that you create regular backups, preferably
once a day and after you make hardware or software configuration changes in the managed
environment.

As an alternative to using Settings

→Actions→Create backup from the appliance UI, you can write

and run a script to automatically create and download an appliance backup file. You can schedule
the backup script to run automatically in interactive or batch mode on a regular basis. Only a user
with Backup administrator or Infrastructure administrator privileges can run the script interactively.

For more information, see

“Sample backup script” (page 271)

.

7.2.8 Choosing a policy for the audit log

Choose a policy for downloading and examining the audit log.

The audit log contains a record of actions performed on the appliance, which you can use for
individual accountability. As the audit log gets larger, older information is deleted. To maintain a
long-term audit history, you must periodically download and save the audit log.

For more information about the audit log, see

“Understanding the audit log” (page 48)

.

7.2.9 Determining your vSphere client policy

Ensure that only authorized users have access to the appliance console. Use the hypervisor
management software to prevent unauthorized users from attempting to log in to the appliance to
reset the administrator password or edit services access.

For more information, see

“Access to the appliance console” (page 53)

.

80

Planning your data center resources