Server Management - Systems Insight Manager
cancel
Showing results for 
Search instead for 
Did you mean: 

Secure communications question

SOLVED
Go to solution
Brad Klein
Advisor

Secure communications question

HP is investigating enhancing the communication between the central management server (CMS) and managed systems and we’re trying to understand expectations that customers have in terms of how secure this communication needs to be.

1. Do you use HP SIM today?
2. Do you require management traffic to be encrypted and/or authenticated?
3. Do you use CA-issued certificates with your management software and firmware (iLO, OA, SMH, SIM)? If so, what vendor’s CA do you use?
4. If you do use CA-issued certificates, how much attention do you as an administrator typically spend performing PKI/certificate related tasks? How much time for CMS certificate management? How much per managed system?
5. If our management software included a CA, would you use it in your environment?
6. Any general comment on this topic?

Thanks very much in advance for any feedback...
3 REPLIES
Rob Buxton
Honored Contributor
Solution

Re: Secure communications question

1. Yes
2. No more than is current, Trusted certs or SNMP community names etc.
3. No we just use included certs. We only get certs for external facing apps.
4. As above is no, typically I want as little hassle as possible when managing client systems and connectivity.
5. Depends on complexity and ease of distribution etc. to end points. If it made things easier - yes.
6. Simplicity in managing SIM and the associated managed devices is key. Also the fact a large number of managed devices are not servers needs to be taken into account.
Michael Leu
Honored Contributor

Re: Secure communications question

Thanks for asking.

1. Yes, 5.3
2. No more than today, because we use SNMP/WBEM read-only.
3. CA-issued cert only on SIM, from our company CA. Other devices would be nice, but too much paperwork/effort required.
4. Took a few weeks to smuggle our cert into SIM without a CSR. ;-)
5. No. Company has it's own CA.
6. As Rob said, simplicity is important. IMHO today too many different tools are glued together in SIM/RSA.
More information would be nice, like seeing which certs are used for WBEM subscription.
BPE
Esteemed Contributor

Re: Secure communications question

1. Yes
2. not really, but nice to have (see also 6)
3. not very often
6. At the moment most devices deployed in bigger quantities still use SNMP. The major task of SIM in our environment is HP HW monitoring. We are happy if get enough information on how to monitor the different devices. If I look back the last 2-3 years encryption would only make debugging more complex. If you include the feature, you should offer the option to run without encryption otherwise SIM is in danger at smaller and medium installations.