beautypg.com

Configuring the cms, Strong security, Configuring managed systems – HP Systems Insight Manager User Manual

Page 100

background image

Configuring the CMS

Inspect SSL server certificate and update if desired

Configure passwords and SNMP community strings (See the

“Configuring managed systems”

(page 100)

section below)

Configure user accounts, based on operating system accounts that will access Systems Insight
Manager

Review and configure toolboxes if defaults are not appropriate

Review and configure authorizations for users

Configure system link configuration format

Review audit log

Strong security

NOTE:

How-to: lockdown versus ease of use for more details.

Enable Require Trusted Certificates, inspect and import desired system SSL certificates or root
signing certificates

Require only known SSH keys, inspect and import desired system SSH public keys

Configuring managed systems

Configure SNMP community strings, which are required at the CMS.

For WBEM on HP-UX and Linux, configure the WBEM password. This password is required
at the CMS. For the highest level of security, a different user name and password can be used
for each managed system; each user name and password pair must be entered into the CMS
to enable access.

For HP-UX, certificates can be used instead of username and password for WBEM
authentication. For more information, see the Systems Insight Manager online help.

The CMS requires a user name and password to access WMI data on Windows systems. By
default, a domain administrator account can be used for this, but you should use an account
with limited privileges for WMI access. You can configure the accounts accepted by each
Windows managed system by using the Computer Management tool:
1.

Select the WMI Control item.

2.

Right-click WMI Control, and then select Security.

3.

Select the Security tab, select Root namespace, and then click Security>

4.

Add a user to access WMI data along with their access rights. The enable account and
remote enable permissions options must be enabled for correct operation of Systems
Insight Manager.

5.

The user name and password specified here must be configured in the CMS.

Set up user accounts for Insight Web Agents

Add the CMS SSH public key to the system's trusted key store by running mxagentconfig
on the CMS.

Configure trust relationship option for Insight Web Agents; import the CMS SSL certificate if
set to trust by certificate.

100 Understanding Systems Insight Manager security