beautypg.com

4 credentials – HP Systems Insight Manager User Manual

Page 34

background image

4 Credentials

In HP SIM, credentials are used to enable the CMS to communicate with managed systems, through
WBEM, WS-MAN, SSH, and SNMP. However, the Sign-in credential is used unless you configure
the other protocols. The Sign-in credential is protocol independent and can be tied to systems
through the discovery credential. In HP SIM, there are three different types of credentials:

System credentials

Credentials used by

identification

to access managed systems. These credentials include

WBEM, WS-MAN, and SSH credentials, Sign-in, SNMP community string, and

Single Sign-On

(SSO) credentials.

Discovery task credentials

Credentials used by a discovery task that apply to all systems discovered by that task.

Global Credentials

Global credentials are system credentials that apply to all systems.

During the identification process (done automatically during discovery), credentials are tried,
starting with System Credentials. If they do not work, and the Try Others setting is chosen for them,
then Discovery credentials are used. Similarly, if those do not work and the Try Others setting is
chosen, then Global Credentials are tried. As soon as a credential is found that works, HP SIM
notes that credential as working and continues to use it for regular communications with the
managed system as long as it continues to work. If it should fail, then the process is repeated the
next time identification is run. To see the working credentials for any managed system, go to the
System Credentials page (Options

→Security→Credentials→System Credentials). These working

credentials appear in the Credentials that are in use table.

When a discovery credential is used to successfully communicate with a system, a credential
reference is created for that system. If the credential is later changed on that same discovery task,
the credential that is used on all systems referencing it changes. This enables credentials to be
changed in one place (usually passwords for an account) and immediately be available for use
in HP SIM. The same is true for global credentials.

Because of this, if a global or discovery credential is deleted, you are asked if all references to
that credential should be removed or if copies should be made as system credentials for each
system that is referencing the current credential.

However, when a credential is overwritten, instead of deleted and then re-added, the credential
is changed and each system referencing it uses the new username/password values.

If the intent is not to change what is currently in use, you must add a new credential. For discovery
tasks, a new discovery task must be created with its own credentials, instead of editing an existing
discovery task, if the systems require different credentials than contained in the existing discovery
task.

Example XML file to add more than 10 WBEM username and password
pairs

To save time and effort, create an XML file that defines your system authorizations before running
discovery. For example: