Configuring the cms, Strong security, Configuring managed systems – HP Systems Insight Manager User Manual
Page 100
Configuring the CMS
•
Inspect SSL server certificate and update if desired
•
Configure passwords and SNMP community strings (See the
section below)
•
Configure user accounts, based on operating system accounts that will access Systems Insight
Manager
•
Review and configure toolboxes if defaults are not appropriate
•
Review and configure authorizations for users
•
Configure system link configuration format
•
Review audit log
Strong security
NOTE:
How-to: lockdown versus ease of use for more details.
•
Enable Require Trusted Certificates, inspect and import desired system SSL certificates or root
signing certificates
•
Require only known SSH keys, inspect and import desired system SSH public keys
Configuring managed systems
•
Configure SNMP community strings, which are required at the CMS.
•
For WBEM on HP-UX and Linux, configure the WBEM password. This password is required
at the CMS. For the highest level of security, a different user name and password can be used
for each managed system; each user name and password pair must be entered into the CMS
to enable access.
For HP-UX, certificates can be used instead of username and password for WBEM
authentication. For more information, see the Systems Insight Manager online help.
•
The CMS requires a user name and password to access WMI data on Windows systems. By
default, a domain administrator account can be used for this, but you should use an account
with limited privileges for WMI access. You can configure the accounts accepted by each
Windows managed system by using the Computer Management tool:
1.
Select the WMI Control item.
2.
Right-click WMI Control, and then select Security.
3.
Select the Security tab, select Root namespace, and then click Security>
4.
Add a user to access WMI data along with their access rights. The enable account and
remote enable permissions options must be enabled for correct operation of Systems
Insight Manager.
5.
The user name and password specified here must be configured in the CMS.
•
Set up user accounts for Insight Web Agents
•
Add the CMS SSH public key to the system's trusted key store by running mxagentconfig
on the CMS.
•
Configure trust relationship option for Insight Web Agents; import the CMS SSL certificate if
set to trust by certificate.
100 Understanding Systems Insight Manager security