Server Management - Systems Insight Manager
1748266 Members
3091 Online
108760 Solutions
New Discussion юеВ

snmpv3 and Insight SIM 5.0 or future release

 
Pagnotta
Frequent Advisor

snmpv3 and Insight SIM 5.0 or future release

Is it possible to use snmpv3 protocol within Insight manager 5.0 (or future release) on Microsoft Windows Operating System ?

Angelo
6 REPLIES 6
David Claypool
Honored Contributor

Re: snmpv3 and Insight SIM 5.0 or future release

SNMPv3 has not been widely adopted and Microsoft does not support or provide an SNMP layer for it. HP SIM supports WBEM/WMI and our future direction is to move more away from SNMP towards that.
Pagnotta
Frequent Advisor

Re: snmpv3 and Insight SIM 5.0 or future release


Hi, thanks for the information.

I tried to disable (not configure it) snmp in order to test if wmi/wbem could replce entirely snmp, but it didnt work at that time..

Do you know if snmp can be now disabled and replace by wmi/wbem ? we use insight SIM 5.0
and management agents 7.30

angelo
David Claypool
Honored Contributor

Re: snmpv3 and Insight SIM 5.0 or future release

For ProLiant server management, it is not practical to not use SNMP at this time.

SNMPv2 is considered 'unsecure' because community strings are the only security and they are passed in clear text and can be sniffed on the wire. Well, first of all, if you have people on your corporate network (I'm not talking about systems outside your firewall) that are sniffing your network, you have a bigger problem than SNMP.

HP SIM does not need a WRITE community string and does not use SNMP for any transactions with the target devices (it uses HTTPS). Since a WRITE community string is never passed on the wire, sniffing will only reveal a READ community string and what can you learn from that? That the system has 40% utilization? Has a drive array configured RAID 5? This is harmless.

HP SIM and the agents also provide a number of ways to 'lock down' SNMP like binding to a specific IP address or requiring a specific host or set of hosts that requires an SNMP read to be initiated by.

Clearly there are areas where the potential 'risk' of SNMP isn't acceptable, like in banking or defense. IMHO, the current hysteria around SNMP in most commercial organizations is unfounded and imprudent.
Pagnotta
Frequent Advisor

Re: snmpv3 and Insight SIM 5.0 or future release

thanks for your help
James A. Baker
Occasional Advisor

Re: snmpv3 and Insight SIM 5.0 or future release

David,
I cannot locate specific technical documentation regarding SNMP v2 and v3 in relation to SIM which leads me to believe that it is not supported. SSH would then be the only option for encryption of SIM SNMP traffic correct?

I have the "Understanding HP SIM security" doc which includes a reference to an "HP Systems Insight Manager Technical Reference Guide" which I cannot locate.

Not trying to perpetuate the hysteria by any means - just attempting to define my options.

Thanks!

j

David Claypool
Honored Contributor

Re: snmpv3 and Insight SIM 5.0 or future release

If you are managing ProLiant servers running Windows, the SNMP stack in Windows is SNMP v2. It is not possible to manage ProLiant servers without the use of SNMP at this time.