Command-line interface, How to: configuration checklist, General – HP Systems Insight Manager User Manual
Page 84: Configuring the cms, Strong security, Configuring managed systems
Command-line interface
Much of Systems Insight Manager’s functionality can be accessed through the command line. To access the
command-line interface, you must be logged on to the CMS using an operating system account that is a
valid Systems Insight Manager user account. That account’s authorizations and privileges within Systems
Insight Manager apply to the command line interface as well.
NOTE:
On a Windows system, the operating system account must have administrator-level access on the
CMS for all of the commands to work properly.
How to: configuration checklist
General
•
Configure firewalls to allow desired ports and protocols
•
Review lockdown versus ease of use
•
After configuring the CMS and managed systems, run discovery on the CMS
Configuring the CMS
•
Inspect SSL server certificate and update if desired
•
Configure passwords and SNMP community strings (See the
section
below)
•
Configure user accounts, based on operating system accounts that will access Systems Insight Manager
•
Review and configure toolboxes if defaults are not appropriate
•
Review and configure authorizations for users
•
Configure system link configuration format
•
Review audit log
Strong security
NOTE:
How-to: lockdown versus ease of use for more details.
•
Enable Require Trusted Certificates, inspect and import desired system SSL certificates or root signing
certificates
•
Require only known SSH keys, inspect and import desired system SSH public keys
Configuring managed systems
•
Configure SNMP community strings, which are required at the CMS.
•
For WBEM on HP-UX and Linux, configure the WBEM password. This password is required at the CMS.
For the highest level of security, a different user name and password can be used for each managed
system; each user name and password pair must be entered into the CMS to enable access.
For HP-UX, certificates can be used instead of username and password for WBEM authentication. For
more information, see the Systems Insight Manager online help.
•
The CMS requires a user name and password to access WMI data on Windows systems. By default,
a domain administrator account can be used for this, but you should use an account with limited
privileges for WMI access. You can configure the accounts accepted by each Windows managed
system by using the Computer Management tool:
1.
Select the WMI Control item.
2.
Right-click WMI Control, and then select Security.
3.
Select the Security tab, select Root namespace, and then click Security>
84
Understanding Systems Insight Manager security