beautypg.com

How to: configuration checklist, General, Configuring the cms – HP Systems Insight Manager User Manual

Page 106: Strong security, Configuring managed systems, General configuring the cms, Strong security configuring managed systems

background image

NOTE:

On a Windows system, the operating system account must have administrator-level access

on the CMS for all of the commands to work properly.

How to: configuration checklist

General

Access to the CMS must be restricted, both at the network operating system-level and at the
physical-level.

A strict separation between the contents provided by unrelated sites must be maintained on
the client side to prevent the loss of data confidentiality or integrity. HP recommends you avoid
links or resources that have arrived from unauthorized sites when a valid HP SIM session is
running on browsers.

Configure firewalls to allow desired ports and protocols

Review lockdown versus ease of use

After configuring the CMS and managed systems, run discovery on the CMS

User account policies (password, lockout, and so on) must be configured and enforced by
your environment.

CMS must be configured on the local intranet.

Configuring the CMS

Inspect SSL server certificate and update if desired

Configure passwords and SNMP community strings (See the

“Configuring managed systems”

(page 106)

section below)

Configure user accounts, based on operating system accounts that will access HP SIM

Review and configure toolboxes if defaults are not appropriate

Review and configure authorizations for users

Configure system link configuration format

Review audit log

Strong security

NOTE:

How-to: lockdown versus ease of use for more details.

Enable Require Trusted Certificates, inspect and import desired system SSL certificates or root
signing certificates

Require only known SSH keys, inspect and import desired system SSH public keys

Configuring managed systems

Configure SNMP community strings, which are required at the CMS.

For WBEM on HP-UX and Linux, configure the WBEM password. This password is required
at the CMS. For the highest level of security, a different user name and password can be used
for each managed system; each user name and password pair must be entered into the CMS
to enable access.

For HP-UX, certificates can be used instead of username and password for WBEM
authentication. For more information, see the HP SIM online help.

106 Understanding HP SIM security