Security – HP Insight Management Agents User Manual

Security

Provides following options and also contains notes which describe the usage of the each of the
option available and also procedure to set the values

•

Anonymous/Local Access —Enables the administrator to set options that allow anonymous
users to access SMH pages or to allow automatic login to SMH when running in a local
console as administrator or anonymous user.

•

IP Binding —Enables you to control the addresses that SMH is bound to. IP Binding specifies
the IP addresses that HP SMH accepts requests from and controls the nets and subnets that
requests are processed. Administrators can configure HP SMH to only bind to addresses
specified in the IP Binding window. Five subnet IP addresses and netmasks can be defined.

•

IP Restricted Login—Enables you to add addresses from where SMH is accessible or blocked.
IP Restricted login enables HP SMH to restrict login access based on the IP address of a
system from which the signing in is attempted. For Linux and Windows, you can set a
restricted address at installation. From all operating systems, administrators can set a
restricted address from the IP Restricted login page.

•

Kerberos Authorization—Allows an authorized user to configure the Kerberos authenticated
access to HP SMH and their respective access level. Users with Administrator access can
view and set all information provided through the System Management Homepage. Users
with Operator access can view and set most information provided through the System
Management Homepage. Some web applications limit access to the most critical information
to administrators only. Users with User access can view most information provided through
the System Management Homepage. Some web applications restrict viewing of critical
information from individuals with User access.

•

Local Server Certificate
— Current Certificate—SMH allows setting a certificate with alternative names in addition

to the Common Name (CN). Server names are separated by semi-colons without blank
spaces. Any changes in Alternative Names here affect only the current certificate

— Create PKCS #10 Data—The System Management Homepage can create Certificate

Request (PKCS #10) data which can be sent to a Certificate Authority (CA) at a later
time. This data is base64 encoded. The CA processes this request and return a response
file (PKCS #7) which can be imported into the System Management Homepage. Use
the top-left box to create the PKCS #10 Certificate Request data.

The two following fields may be optionally specified. If not specified, they are
automatically filled in with "Hewlett-Packard Company" for the Organization and
"Hewlett-Packard Network Management Software (SMH)" for the Organizational Unit.

SMH allows you to add alternative names to the Certificate Request, in addition to the
Common Name (CN).

— Import PKCS #7 Data—The System Management Homepage imports base64 encoded

PKCS #7 data which a Certificate Authority returned based upon an earlier Certificate
Request (PKCS #10). Cut-and-paste the PKCS #7 information into the text box in the
left and press the button to import it into the System Management Homepage

•

Port 2301—Option to enable port id : 2301

•

Timeouts—Users with Administrator access can set the session timeout to between 1 and
60 minutes (the default value is 15 minutes). When a session timeout occurs, the user has to
log in again. Users with Administrator access can set the user interface timeout to between
10 and 3600 seconds (the default value is 20 seconds). This is the maximum amount of time
the System Management Homepage waits for requested information

•

Trust Mode—The Trust Mode provides options to enable you to select the security required
by your system. Some situations require a higher level of security than others. Other Trust

System Management Homepage tabs

25