Background processes, Windows cygwin, Hp-ux and linux – HP Systems Insight Manager User Manual

such as private keys and passwords, which are stored in a recoverable format on the file system. Systems
Insight Manager does not store user account passwords for users signing into Systems Insight Manager.

IMPORTANT:

Systems Insight Manager sets appropriate restrictions on the application files. These restrictions

should not be changed because this could affect the operation of Systems Insight Manager or allow unintended
access to the files.

Background processes

On Windows, Systems Insight Manager is installed and runs as a Windows service. The service account
requires administrator privileges on the CMS and the database, and can be either a local or a domain
account. For automatic sign-in to Systems Insight Manager, a domain account must be used. On UNIX,
Systems Insight Manager is installed and runs as daemons running as root.

Windows Cygwin

The version of

Cygwin

provided with the

SSH server

for Windows, for CMS and the managed systems, has

been modified with security enhancements to restrict access to the shared memory segment. As a result, it
does not interoperate with the generally available version of Cygwin. Only administrative users can connect
to a system running the modified SSH server.

HP-UX and Linux

The device /dev/random command is used, if available on the CMS, as a source for random numbers
within Systems Insight Manager.

Systems Insight Manager database

Access to the database server should be restricted to protect Systems Insight Manager data. Specify
appropriate non-blank passwords for all database accounts, including the system administrator (sa) account
for SQL Server. Changes to the operating data, such as authorizations, tasks, and collection information,
can affect the operation of HP SIM. System data contains detailed information about the managed systems,
some of which might be considered restricted including asset information, configuration, and so on. Task
data might contain extremely sensitive data, such as user names and passwords.

SQL Server and MSDE

Systems Insight Manager uses only Windows authentication with SQL Server and MSDE. The installation of
MSDE with previous versions of Systems Insight Manager creates a random password for the sa account,
though it is not used for Systems Insight Manager.

Remote SQL Server

SQL Server supports advanced security features, including SSL encryption during sign in and data
communication. More information can be found in SQL Server documentation and the Microsoft website.

PostgreSQL

PostgreSQL uses a password that is randomly generated when Systems Insight Manager is installed. This
password can be changed through the command line. See the mxpassword manpage for more information.

Oracle

The Oracle database administrator must create a user (preferably with a non-blank password) for Systems
Insight Manager to use when connecting to Oracle. The Oracle user must have, at the minimum, the Connect
and DBA roles, which allow Systems Insight Manager to have the correct privileges to create and delete
Systems Insight Manager tables and views, along with read/write access to the Systems Insight Manager
tables. Changes to the operating data, such as authorizations, tasks, and collection information, can affect
the operation of Systems Insight Manager. System data contains detailed information about the managed
systems, some of which might be considered restricted, including asset information, configuration, and so
on. Task data can contain extremely sensitive data, such as user names and passwords.

Systems Insight Manager database

83