Internet explorer zones, System link format, Operating-system dependencies – HP Systems Insight Manager User Manual

the managed systems without any user interaction. The session times-out after 20 minutes if the browser is
closed or navigates to another site.

An active mode is also supported where the session times out after 20 minutes if the user does not interact
with Systems Insight Manager, by clicking a menu item, link or button. You can enable active mode by
editing the globalsettings.props file and change the EnableSessionKeepAlive setting to false.

Best security practices include care when visiting other websites. You should use a new browser window
when accessing other sites; when you are finished using Systems Insight Manager you should both sign out
and close the browser window.

Internet Explorer zones

Internet Explorer supports several zones that can each be configured with different security settings. The
name used to browse to Systems Insight Manager or managed systems can affect which browser zone
Internet Explorer places the system. For example, browsing by IP address or full Domain Name System (DNS)
(for example, hpsim.mycorp.com) can place the system into the browser’s more restrictive Internet zone,
causing improper operation. Ensure systems are being placed into the correct Internet zone when browsing.
You might need to configure Internet Explorer, or use a different name format when browsing.

System link format

To facilitate navigation to managed systems, Systems Insight Manager provides the System Link Configuration
option to configure how links to managed systems are formed. Go to Options

→Security→System Link

Configuration

.

The following options are available:

•

Use the system name

•

Use the system IP address

•

Use the system full DNS name

If you need full DNS names to resolve the system on your network, keep in mind that the browser might
display a warning if the name in the system’s certificate does not match the name in the browser.

Operating-system dependencies

User accounts and authentication

Systems Insight Manager accounts are authenticated against the CMS host operating system. Any operating
system features that affect user authentication affect signing into Systems Insight Manager. The operating
system of the CMS can implement a lock-out policy to disable an account after a specified number of invalid
sign in attempts. Additionally, an account can be manually disabled in the Microsoft Windows domain. Any
account that cannot authenticate against the operating system prevents signing into Systems Insight Manager
using that account. For automatic sign-in to Systems Insight Manager,

user accounts

must be domain accounts.

NOTE:

A user who is already signed into Systems Insight Manager is not re-authenticated against the

operating system until the next sign in attempt and continues to remain signed into Systems Insight Manager,
retaining all rights and privileges therein, until signing out of Systems Insight Manager.

IMPORTANT:

If creating operating system accounts exclusively for Systems Insight Manager accounts, give

users the most limited set of operating system privileges required. Any root or administrator accounts should
be properly guarded. Configure any password restrictions, lock-out policies, and so on, in the operating
system.

File system

Access to the file system should be restricted to protect the object code of Systems Insight Manager. Inadvertent
modifications to the object code can adversely affect the operation of Systems Insight Manager. Malicious
modification can allow for covert attacks, such as capturing sign in credentials or modifying commands to
managed systems. Read-level access to the file system should also be controlled to protect sensitive data

80

Understanding Systems Insight Manager security