HPE Community
Server Management - Systems Insight Manager
1824941 Members
3627 Online
109678 Solutions
New Discussion юеВ

CMS Trust Information

 
Annette Jones_2
Regular Advisor

тАО09-14-2006 01:20 AM

тАО09-14-2006 01:20 AM

CMS Trust Information

Hi, can someone help clear up how the above works. My thinking is that the trust between CMS and managed server is done via a login/password, which in turn allows the CMS certificate to be imported to the managed server.
The WBEM details the user/password that is used to continue the established trust, and the need for a password that is non expiry.

I just wanted to clarify that this is the case, and not that once a trust has been established remains forever more. If pushing firmware updates from the CMS and its the trust and WBEM details that allow this push to go ahead.

If a trust can remain once established without WBEM details, then a user and non expiry password is not required, which I thought it was needed. Can someone clarify this for me please.

I have setup our environment with a few WBEM userids, all of which have non expiry passwords, but someone has mentioned that once you've setup the trust it remains permanent and any pushes that you make do not use these userid anyway.

Regards

A
0 Kudos
Reply
4 REPLIES 4
Aravindh Rajaram
Honored Contributor

тАО09-14-2006 02:40 AM

тАО09-14-2006 02:40 AM

Re: CMS Trust Information

Trust relationship is essentially between the CMS and the System Management Homepage on the managed node. One of the ways of establishing it is as explained by you (trust between CMS and managed server is done via a login/password, which in turn allows the CMS certificate to be imported to the managed server). The other way is to login to the SMH page and specifying the trust mode (Trust by name (of CMS), Trust by certificate (of CMS), Trust all (CMS on the network)).

WBEM user credentials supplied in SIM has NO part to play with trust relationship.

For Install Software/Firmware task to execute successfully, trust relationship is a must.
0 Kudos
Reply
Annette Jones_2
Regular Advisor

тАО09-14-2006 03:30 AM

тАО09-14-2006 03:30 AM

Re: CMS Trust Information

Thanks for the reply, I have an environment that uses "Trust by certificate". Can you tell me what the WBEM credentials are used for if they are not needed for any kind of software pushes.

Without a username and password the trust cannot take place, but I thought that if you use the CMS to drill into any managed server data that it used the WBEM credentials, if this is not the case then its just down to the trust status.

0 Kudos
Reply
Aravindh Rajaram
Honored Contributor

тАО09-14-2006 04:03 AM

тАО09-14-2006 04:03 AM

Re: CMS Trust Information

The WBEM credentials are used to collect only the management data from the managed node (using WMI service in windows managed node).

I think that the software/firmware install happens through the VCA residing on the managed node, which can pull the required software/firmware (selected during the task creation in CMS) from the VCRM server using the credentials supplied in the VCA's agent settings page and then installs the software.So, trust relationship may just enable the CMS to supply commands to VCA.

This should be logically correct...
0 Kudos
Reply
Annette Jones_2
Regular Advisor

тАО09-14-2006 04:25 AM

тАО09-14-2006 04:25 AM

Re: CMS Trust Information

Ok, this like you say sounds logical, however I guess this connect credential will then require the non expiry password, else you would need to update the agent settings constantly.

So the WBEM credentails will be required as well as the VCA agent settings, and as like I have the same userid/password can be used for both with non expiry password.

I always thought updates were pushed from the CMS, but only the schedule is on the CMS which contact the managed server, who in turn will contact the VCRM for the updates.

I wanted to know if non expiry passwords could be managed effectively in the WBEM and software updates arena, but I guess it coould work, but rather painfully best to keep with non expiry.

Regards

A
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.