Toptools authentication and unicenter, Toptools considerations, Device security – HP TopTools User Manual

HP Toptools for Unicenter

User Guide

HP printers may be configured to send traps directly to Unicenter, or customers may implement the HP JetDirect
Trap Proxy Server to automate reception, filtering, and forwarding of printer alerts to Unicenter. The JetDirect Trap
Proxy Server software is included in the Contributed Library on the HP Toptools Enterprise Products CD.

HP Netservers, Toptools Remote Control cards, and printers are managed through DSM. HP PC and networking
product alerts may be viewed from the Event Console.

The following sections will provide specific information about using HP Toptools for Unicenter, and how to manage
specific HP devices. For more information on how HP Toptools for Unicenter works (such as the discovery or event
management process), refer to the Theory of Operation section of this Guide.

5.2 toptools Authentication and Unicenter

As Unicenter and Toptools are both applications that provide extensive management access to valuable network
resources, it is important to consider security when deploying HP Toptools for Unicenter.

5.2.1 toptools Considerations

Because Toptools is a web-based application, security is configured through file and web server application
permissions.

If you install the Toptools server on the same system as Unicenter, security settings for access to Toptools will not
be an issue. However, if the Toptools server is installed on a separate system, authentication for requests from the
system running Unicenter may occur.

By default, only users in one of the Toptools groups (“toptools”, “toptools operator”, “toptools admin”) on the
Toptools server are permitted access to Toptools pages. You must add Unicenter users to one of the Toptools
groups. If no additional users are added, then the first attempt to launch a browser on the Unicenter system will
result in an authentication prompt. Once you have added users to one or more of the Toptools groups on the
Toptools server subsequent Toptools page requests will be authenticated using Basic Authentication.

Basic Authentication prompts you for a password. Care must be exercised in this approach in order to avoid
permitting unauthorized access to Toptools. Users logging into the user account used to operate Unicenter can now
gain access to the Toptools actions (such as locking or rebooting all the HP devices in your organization).

More information on configuring Microsoft IIS and browser security is also located in the Requirements and
Installation sections of this Guide.

5.2.2 Device Security

In addition to securing the Toptools and Unicenter applications, security can be implemented at managed devices
through deploying passwords on managed device agents (SNMP, webagent, DMI). Passwords are typically stored
in the databases of the management consoles (e.g. Unicenter or Toptools server) which should also be secured
through login and file permission restrictions.

SNMP managed devices such as HP Netservers and ProCurve switches can be configured with SNMP communities
that must be entered into Unicenter. HP Toptools for Unicenter synchronizes SNMP communities between
Unicenter and Toptools.

If you enable login security to a webagent device, you will be prompted to enter the account and password to the
agent each time you try to access management information on the device (e.g. HP Toptools Remote Control card
pages).

Every desktop that runs DMI or WMI in an organization should be protected by the use of a DMI or WMI password.
An intruder could easily just invoke the DMI or WMI operations such as flashing the BIOS, locking out the

Page

43