How to: configuration checklist, General, Configuring the cms – HP Systems Insight Manager User Manual
Page 106: Strong security, Configuring managed systems, General configuring the cms, Strong security configuring managed systems
NOTE:
On a Windows system, the operating system account must have administrator-level access
on the CMS for all of the commands to work properly.
How to: configuration checklist
General
•
Access to the CMS must be restricted, both at the network operating system-level and at the
physical-level.
•
A strict separation between the contents provided by unrelated sites must be maintained on
the client side to prevent the loss of data confidentiality or integrity. HP recommends you avoid
links or resources that have arrived from unauthorized sites when a valid HP SIM session is
running on browsers.
•
Configure firewalls to allow desired ports and protocols
•
Review lockdown versus ease of use
•
After configuring the CMS and managed systems, run discovery on the CMS
•
User account policies (password, lockout, and so on) must be configured and enforced by
your environment.
•
CMS must be configured on the local intranet.
Configuring the CMS
•
Inspect SSL server certificate and update if desired
•
Configure passwords and SNMP community strings (See the
section below)
•
Configure user accounts, based on operating system accounts that will access HP SIM
•
Review and configure toolboxes if defaults are not appropriate
•
Review and configure authorizations for users
•
Configure system link configuration format
•
Review audit log
Strong security
NOTE:
How-to: lockdown versus ease of use for more details.
•
Enable Require Trusted Certificates, inspect and import desired system SSL certificates or root
signing certificates
•
Require only known SSH keys, inspect and import desired system SSH public keys
Configuring managed systems
•
Configure SNMP community strings, which are required at the CMS.
•
For WBEM on HP-UX and Linux, configure the WBEM password. This password is required
at the CMS. For the highest level of security, a different user name and password can be used
for each managed system; each user name and password pair must be entered into the CMS
to enable access.
For HP-UX, certificates can be used instead of username and password for WBEM
authentication. For more information, see the HP SIM online help.
106 Understanding HP SIM security