Security – HP Insight Management Agents User Manual
Page 23
Security
Provides following options and also contains notes which describe the usage of the each of the
option available and also procedure to set the values
•
Anonymous/Local Access —Enables the administrator to set options that allow anonymous
users to access SMH pages or to allow automatic login to SMH when running in a local
console as administrator or anonymous user.
•
IP Binding —Enables you to control the addresses that SMH is bound to. IP Binding specifies
the IP addresses that HP SMH accepts requests from and controls the nets and subnets that
requests are processed. Administrators can configure HP SMH to only bind to addresses
specified in the IP Binding window. Five subnet IP addresses and netmasks can be defined.
•
IP Restricted Login—Enables you to add addresses from where SMH is accessible or blocked.
IP Restricted login enables HP SMH to restrict login access based on the IP address of a system
from which the signing in is attempted. For Linux and Windows, you can set a restricted
address at installation. From all operating systems, administrators can set a restricted address
from the IP Restricted login page.
•
Kerberos Authorization—Allows an authorized user to configure the Kerberos authenticated
access to HP SMH and their respective access level. Users with Administrator access can view
and set all information provided through the System Management Homepage. Users with
Operator access can view and set most information provided through the System Management
Homepage. Some web applications limit access to the most critical information to administrators
only. Users with User access can view most information provided through the System
Management Homepage. Some web applications restrict viewing of critical information from
individuals with User access.
•
Local Server Certificate
Current Certificate—SMH allows setting a certificate with alternative names in addition
to the Common Name (CN). Server names are separated by semi-colons without blank
spaces. Any changes in Alternative Names here affect only the current certificate
◦
◦
Create PKCS #10 Data—The System Management Homepage can create Certificate
Request (PKCS #10) data which can be sent to a Certificate Authority (CA) at a later
time. This data is base64 encoded. The CA processes this request and return a response
file (PKCS #7) which can be imported into the System Management Homepage. Use the
top-left box to create the PKCS #10 Certificate Request data.
The two following fields may be optionally specified. If not specified, they are automatically
filled in with "Hewlett-Packard Company" for the Organization and "Hewlett-Packard
Network Management Software (SMH)" for the Organizational Unit.
SMH allows you to add alternative names to the Certificate Request, in addition to the
Common Name (CN).
◦
Import PKCS #7 Data—The System Management Homepage imports base64 encoded
PKCS #7 data which a Certificate Authority returned based upon an earlier Certificate
Request (PKCS #10). Cut-and-paste the PKCS #7 information into the text box in the left
and press the button to import it into the System Management Homepage
•
Port 2301—Option to enable port id : 2301
•
Timeouts—Users with Administrator access can set the session timeout to between 1 and 60
minutes (the default value is 15 minutes). When a session timeout occurs, the user has to log
in again. Users with Administrator access can set the user interface timeout to between 10
and 3600 seconds (the default value is 20 seconds). This is the maximum amount of time the
System Management Homepage waits for requested information
•
Trust Mode—The Trust Mode provides options to enable you to select the security required by
your system. Some situations require a higher level of security than others. Other Trust Modes
System Management Homepage tabs
23