HPE Community
Server Management - Systems Insight Manager
1753823 Members
8919 Online
108805 Solutions
New Discussion

Secure communications question

 
SOLVED
Go to solution
Brad Klein
Advisor

‎10-11-2010 12:17 PM

‎10-11-2010 12:17 PM

Secure communications question

HP is investigating enhancing the communication between the central management server (CMS) and managed systems and we’re trying to understand expectations that customers have in terms of how secure this communication needs to be.

1. Do you use HP SIM today?
2. Do you require management traffic to be encrypted and/or authenticated?
3. Do you use CA-issued certificates with your management software and firmware (iLO, OA, SMH, SIM)? If so, what vendor’s CA do you use?
4. If you do use CA-issued certificates, how much attention do you as an administrator typically spend performing PKI/certificate related tasks? How much time for CMS certificate management? How much per managed system?
5. If our management software included a CA, would you use it in your environment?
6. Any general comment on this topic?

Thanks very much in advance for any feedback...
0 Kudos
Reply
3 REPLIES 3
Rob Buxton
Honored Contributor

‎10-11-2010 11:14 PM

‎10-11-2010 11:14 PM

Solution

Re: Secure communications question

1. Yes
2. No more than is current, Trusted certs or SNMP community names etc.
3. No we just use included certs. We only get certs for external facing apps.
4. As above is no, typically I want as little hassle as possible when managing client systems and connectivity.
5. Depends on complexity and ease of distribution etc. to end points. If it made things easier - yes.
6. Simplicity in managing SIM and the associated managed devices is key. Also the fact a large number of managed devices are not servers needs to be taken into account.
Reply
Michael Leu
Honored Contributor

‎10-12-2010 04:39 AM

‎10-12-2010 04:39 AM

Re: Secure communications question

Thanks for asking.

1. Yes, 5.3
2. No more than today, because we use SNMP/WBEM read-only.
3. CA-issued cert only on SIM, from our company CA. Other devices would be nice, but too much paperwork/effort required.
4. Took a few weeks to smuggle our cert into SIM without a CSR. ;-)
5. No. Company has it's own CA.
6. As Rob said, simplicity is important. IMHO today too many different tools are glued together in SIM/RSA.
More information would be nice, like seeing which certs are used for WBEM subscription.
Reply
BPE
Esteemed Contributor

‎10-12-2010 02:16 PM

‎10-12-2010 02:16 PM

Re: Secure communications question

1. Yes
2. not really, but nice to have (see also 6)
3. not very often
6. At the moment most devices deployed in bigger quantities still use SNMP. The major task of SIM in our environment is HP HW monitoring. We are happy if get enough information on how to monitor the different devices. If I look back the last 2-3 years encryption would only make debugging more complex. If you include the feature, you should offer the option to run without encryption otherwise SIM is in danger at smaller and medium installations.
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.