topic Re: VCA and VCRM security in Server Management - Systems Insight Manager

VCA and VCRM security

Pagnotta — Tue, 09 Aug 2005 10:03:57 GMT

Dear All,

I'd like to know if there could be a way for strengthening the security of this pair of services working together to maintain the hp software up to date.

As far as I undserstand the deployment of hp software (drivers, agents, settings,..) can be started via HP SIM "Deploy software..." and that thereafter two communication channels (SSL)are created for starting up the deployment and for downloading the software from VCRM, that is

VCRM to VCA via SSL "startup"
VCA to VCRM via SSL "download"

The second communication is done via SSL for encryption but needs a username/password for login. Now what I would like to strengthen is this username/password that must be setup on each system. In fact that user MUST BE, as far as know, a VCRM's server local admin which means that this credential is stored on each remote system that you want to keep up to date via this VCA-VCRM pair.

Is there a posibility to reduce the privileges givent to that user ? I mean avoid this user account to be a local admin of the VCRM server ?

Thanks for help

Angelo

Re: VCA and VCRM security

David Claypool — Tue, 09 Aug 2005 10:23:58 GMT

A valid login to the VCRM is all that is necessary. It does not need any Operating System privileges.

Re: VCA and VCRM security

Rich Purvis — Tue, 09 Aug 2005 15:01:27 GMT

David is correct they do not have to have any priviledges - you can create a user account called VCAdmin and place it in a group called SMHAdmins. No special priviledges on the account is needed - the group has no special abilities. You then configure the System Management Homepage on the system running VCRM to treat SMHAdmins as having Administrator or Operator level access for SMH - that is an SMH only designation *not* the OS. This way you have an ID that has little or no access to the OS but has Admin access for your Version Control and System Management Homepage.

-Rich

Re: VCA and VCRM security

Pagnotta — Wed, 10 Aug 2005 03:48:48 GMT

Hi,

Cool but how do I grant Administrator or
Â¨Operator privileges ?

I tried to create a new user and grant authorizations via [operator-template]... without success.. I had to add the user as an OS local admin....

Is there a good document that explain the authorizations and authorizations granularity of SIM ?

Regards

Angelo

Re: VCA and VCRM security

Rich Purvis — Wed, 10 Aug 2005 09:34:15 GMT

You have to create an OS group and place the user account you want in it. Then you configure the System Management Homepage to recognize that OS group as Administrator or Operator - this can be done multiple ways one is through the SMH itself through:
settings -> system management homepage -> security ->user groups

This document:
http://h200005.www2.hp.com/bc/docs/support/SupportManual/c00293375/c00293375.pdf

in chapter 2 talks about it specifically for Version Control.

-Rich