Getting Started with Security in HP Systems Insight Manager
Secure Sockets Layer (SSL) and Certificates
SSL is used between the browser and HP Systems Insight Manager to ensure data integrity and privacy. An integral part of SSL is a certificate, which is a public document used to identify the HP Systems Insight Manager server. When HP Systems Insight Manager is installed, it creates a self-signed certificate. Your browser might initially display a security alert when you browse to HP Systems Insight Manager, describing the certificate as untrusted. This designation occurs because the certificate is self-signed (signed by the HP Systems Insight Manager server) and the signer is not in the browser list of Certification Authorities. By securely importing the HP Systems Insight Manager Server Certificate into the browser, the browser can authenticate the HP Systems Insight Manager server to which you are browsing. Refer to the topic Administering the Software - Server Certificates for more information about importing certificates into your browser.
HP Systems Insight Manager also supports the ability to use a certificate from a third-party Certificate Authority (CA) or your own internal CA or Public Key Infrastructure (PKI). In this case, you can import the CA certificate into your browser. Refer to Server Certificates - Importing a CA-Signed Certificate for more information.
Login and Accounts
A username, domain name (for Windows CMS), and password are required before accessing any feature of HP Systems Insight Manager. HP Systems Insight Manager uses the user authorizations of the underlying operating system (Windows, Linux, or HP-UX), and relies on the operating system to authenticate users.
The user installing HP Systems Insight Manager must be an administrator of the system (for Windows) or root (for Linux and HP-UX). This user is given administrative access to HP Systems Insight Manager.
After logging in with this account, create additional accounts for other users. Each account can be setup with different configuration rights and authorizations. You can also restrict the IP addresses from which each account can log in. Refer to Administering the Software - Users and Authorizations for more information.
Audit settings can also be configured to log a notice for different types of login and logout events. For more information regarding authorizations, refer to Administering the Software - Users and Authorizations for more details. For more information regarding user accounts, refer to Administering the Software - Users and Authorizations for more details.
Single Login, Replicate Agent Settings, and Install Software and Firmware
To take advantage of single login or to execute Replicate Agent Settings or Install Software and Firmware tasks against managed systems, set up a trust relationship between HP Systems Insight Manager and the desired managed systems. A trust relationship allows the managed system to specify which HP Systems Insight Manager servers can issue commands to the system. Without an established trust relationship, these commands fail.
Setting up a trust relationship at the managed system involves browsing to the system, setting the trust mode, and adding HP Systems Insight Manager to the Trusted Management Servers List. Managed systems can also be set up with an appropriate certificate during deployment. Refer to Version Control - Initial ProLiant Support Pack Install for more information. At the HP Systems Insight Manager server, you must also specify users' authorization for the managed system, and have executed a System Identification Task. If you have enabled the Require Trusted Certificates option in Security Options, you must import the certificates of trusted managed systems into HP Systems Insight Manager or a root CA certificate. Refer to Networking and Security - About Trust Relationships and Administering the Software - Server Certificates for complete details.
HP Systems Insight Manager allows for secure and authorized management from the central management server (CMS). Users' authorizations for managed systems and the CMS can be configured, helping ensure only authorized users perform state-changing operations. Communication between the CMS, managed systems, and the browser is secured using SSL and certificates, helping to authenticate systems and protect user credentials and management data.
HP Systems Insight Manager provides the following security options:
About Networking and Security