beautypg.com

Command-line interface, How to: configuration checklist, General – HP Systems Insight Manager User Manual

Page 84: Configuring the cms, Strong security, Configuring managed systems

background image

Command-line interface

Much of Systems Insight Manager’s functionality can be accessed through the command line. To access the
command-line interface, you must be logged on to the CMS using an operating system account that is a
valid Systems Insight Manager user account. That account’s authorizations and privileges within Systems
Insight Manager apply to the command line interface as well.

NOTE:

On a Windows system, the operating system account must have administrator-level access on the

CMS for all of the commands to work properly.

How to: configuration checklist

General

Configure firewalls to allow desired ports and protocols

Review lockdown versus ease of use

After configuring the CMS and managed systems, run discovery on the CMS

Configuring the CMS

Inspect SSL server certificate and update if desired

Configure passwords and SNMP community strings (See the

Configuring managed systems

section

below)

Configure user accounts, based on operating system accounts that will access Systems Insight Manager

Review and configure toolboxes if defaults are not appropriate

Review and configure authorizations for users

Configure system link configuration format

Review audit log

Strong security

NOTE:

How-to: lockdown versus ease of use for more details.

Enable Require Trusted Certificates, inspect and import desired system SSL certificates or root signing
certificates

Require only known SSH keys, inspect and import desired system SSH public keys

Configuring managed systems

Configure SNMP community strings, which are required at the CMS.

For WBEM on HP-UX and Linux, configure the WBEM password. This password is required at the CMS.
For the highest level of security, a different user name and password can be used for each managed
system; each user name and password pair must be entered into the CMS to enable access.

For HP-UX, certificates can be used instead of username and password for WBEM authentication. For
more information, see the Systems Insight Manager online help.

The CMS requires a user name and password to access WMI data on Windows systems. By default,
a domain administrator account can be used for this, but you should use an account with limited
privileges for WMI access. You can configure the accounts accepted by each Windows managed
system by using the Computer Management tool:
1.

Select the WMI Control item.

2.

Right-click WMI Control, and then select Security.

3.

Select the Security tab, select Root namespace, and then click Security>

84

Understanding Systems Insight Manager security