BladeSystem Management Software

System Insight Manager (SIM) SNMP Security Document

 
chuckk281
Trusted Contributor

System Insight Manager (SIM) SNMP Security Document

Sami had a customer requirement:

 

****************

 

SNMP is not allowed in the customer’s network. Does SIM work without SNMP properly? What is the effect for having SIM working with WBEM only?

 

****************

 

Dave replied:

 

****************

 

SIM will first use WBEM for most OS’s that can use it. It will use SNMP as a backup.

 

Most network switches amongst other devices can only use SNMP.

 

Consider the following.  Other protocols may be available for certain things, but basic communications about hardware status and faults are

 

ProLiant Windows

ProLiant WBEM (WMI) Providers available

ProLiant Linux

ProLiant SNMP Agents only

ProLiant ESX 4.x

ProLiant SNMP Agents only

ProLiant ESXi 4.x

ProLiant WBEM Providers only

ProLiant ESXi 5 (vSphere 5)

ProLiant WBEM Providers only

Onboard Administrator

SNMP only

iLO, iLO 2, iLO3

SNMP only

BladeSystem interconnects

SNMP only

 

Anyone who claims that they don’t have SNMP on their network is misinformed. 

 

The hysteria around SNMP security is much ado about nothing, and usually is due to a security “expert” and a recent consulting engagement. 

 

When used responsibly as we do in ProLiant and BladeSystem products, SNMP is fast, effective, and does not pose any undue security threat.  No management protocol, including encrypted “secure” ones, should be exposed unprotected to the open Internet.  So, following that guideline, if your fear around SNMP is someone sniffing your network, then honestly if someone is sniffing your corporate network, you have a bigger problem than SNMP (with one big exception:  any kind of educational institution).

 

*****************

 

Comments? Do you have a security issue using SNMP?