Management http server section, Security – HP Insight Management Agents User Manual

HP Insight Management Agents for Servers 17

Management HTTP Server section

The Management HTTP Server section provides links allowing you to configure your Management HTTP Server

settings. The Management HTTP Server section provides links to:

•

Security

•

UI Properties

•

User Preferences

Security

Provides following options and also contains notes which describe the usage of the each of the option available and

also procedure to set the values

•

Anonymous/Local Access —Enables the administrator to set options that allow anonymous users to access SMH

pages or to allow automatic login to SMH when running in a local console as administrator or anonymous user.

•

IP Binding —Enables you to control the addresses that SMH is bound to. IP Binding specifies the IP addresses

that HP SMH accepts requests from and controls the nets and subnets that requests are processed.

Administrators can configure HP SMH to only bind to addresses specified in the IP Binding window. Five subnet

IP addresses and netmasks can be defined.

•

IP Restricted Login—Enables you to add addresses from where SMH is accessible or blocked. IP Restricted login

enables HP SMH to restrict login access based on the IP address of a system from which the signing in is

attempted. For Linux and Windows, you can set a restricted address at installation. From all operating systems,

administrators can set a restricted address from the IP Restricted login page.

•

Kerberos Authorization—Allows an authorized user to configure the Kerberos authenticated access to HP SMH

and their respective access level. Users with Administrator access can view and set all information provided

through the System Management Homepage. Users with Operator access can view and set most information

provided through the System Management Homepage. Some web applications limit access to the most critical

information to administrators only. Users with User access can view most information provided through the

System Management Homepage. Some web applications restrict viewing of critical information from individuals

with User access.

•

Local Server Certificate

•

Current Certificate—SMH allows setting a certificate with alternative names in addition to the Common

Name (CN). Server names are separated by semi-colons without blank spaces. Any changes in Alternative

Names here affect only the current certificate

•

Create PKCS #10 Data—The System Management Homepage can create Certificate Request (PKCS #10)

data which can be sent to a Certificate Authority (CA) at a later time. This data is base64 encoded. The CA

processes this request and return a response file (PKCS #7) which can be imported into the System

Management Homepage. Use the top-left box to create the PKCS #10 Certificate Request data.

The two following fields may be optionally specified. If not specified, they are automatically filled in with

"Hewlett-Packard Company" for the Organization and "Hewlett-Packard Network Management Software

(SMH)" for the Organizational Unit.

SMH allows you to add alternative names to the Certificate Request, in addition to the Common Name

(CN).

•

Import PKCS #7 Data—The System Management Homepage imports base64 encoded PKCS #7 data which

a Certificate Authority returned based upon an earlier Certificate Request (PKCS #10). Cut-and-paste the

PKCS #7 information into the text box in the left and press the button to import it into the System

Management Homepage

•

Port 2301—Option to enable port id : 2301

•

Timeouts—Users with Administrator access can set the session timeout to between 1 and 60 minutes (the default

value is 15 minutes). When a session timeout occurs, the user has to log in again. Users with Administrator

access can set the user interface timeout to between 10 and 3600 seconds (the default value is 20 seconds).

This is the maximum amount of time the System Management Homepage waits for requested information

•

Trust Mode—The Trust Mode provides options to enable you to select the security required by your system.

Some situations require a higher level of security than others. Other Trust Modes are considered less secure than

certificate based trust modes. The following are the security options in the Trust Mode:

•

Trust by Certificate—Sets HP SMH to accept configuration changes only from HP SIM servers with trusted

certificates. This mode requires the submitted server to provide authentication by means of certificates. This

mode is the strongest method of security because it requires certificate data and verifies the digital signature

before allowing access. If you do not want to enable remote configuration changes, leave Trust by