HPE Community
Server Management - Systems Insight Manager
1833276 Members
3013 Online
110051 Solutions
New Discussion

Re: Secure comms between CMS and agents

 
Colin Moors
Frequent Advisor

‎09-13-2004 08:15 PM

‎09-13-2004 08:15 PM

Secure comms between CMS and agents

Hi all,

I have set up HP SIM and it is in production. I have received a request from the net security team to allow management of their servers in the DMZ. I'd like the opinions of the experts here as to what information I can gather and the best way of going about it.

The only proviso is that SNMP *must not* be used, as the security guys are naturally concerned about the lack of security. Obviously, security of communication is their top priority.

Any thoughts, ideas or links to info would be greatly appreciated.

-C-
0 Kudos
Reply
5 REPLIES 5
Ivan KOVAC
Respected Contributor

‎09-14-2004 01:44 AM

‎09-14-2004 01:44 AM

Re: Secure comms between CMS and agents

Hello

I am also looking for solution to manage servers in DMZ.

I am not yet find solution for HP Management Agents wich need SNMP for successfuly installation.

My solution wich are not yet testing is:
Use SNMP for properly work HP Agents. Trap destination is only localhost. On firewall disable port 161 and 162 wich is used by SNMP.
For comunicating with Web Agents use one options wich HP suggest in document HP SIM Installation and User Guide page 12:
- WBEM uses HTTPS over port 5989
- Web agents use HTTPS over port 2381
- DTF uses SSH-2 over port 22

I so research solution with WMI (Windows Management Instrumentation). The SNMP provider allows client applications to access SNMP information through WMI. The SNMP provider acts as a gateway to systems and devices that use SNMP for management.

Maybe can help guys from HP development team.

Ivan
0 Kudos
Reply
Ivan KOVAC
Respected Contributor

‎09-23-2004 04:43 AM

‎09-23-2004 04:43 AM

Re: Secure comms between CMS and agents

Hello Colin,

Are you see the document Managing HP servers through firewalls with HP SIM


http://h18004.www1.hp.com/products/servers/management/hpsim/infolibrary.html

ivan
0 Kudos
Reply
Colin Moors
Frequent Advisor

‎09-23-2004 07:34 PM

‎09-23-2004 07:34 PM

Re: Secure comms between CMS and agents

Thanks Ivan. I will take a look at it this evening. Between WBEM and SSH, the *must* be a way of securely monitoring these servers. I'll let you know if I discover a good solution.

-C-
0 Kudos
Reply
David Claypool
Honored Contributor

‎09-24-2004 01:23 AM

‎09-24-2004 01:23 AM

Re: Secure comms between CMS and agents

HP SIM has a goal of being able to totally eliminate SNMP from your environment if you wish...but that's not true today. While HP SIM can talk WBEM and receive WBEM indications, the Insight agents do not. At this time, ProLiant management still relies heavily on SNMP.
0 Kudos
Reply
Colin Moors
Frequent Advisor

‎09-24-2004 01:31 AM

‎09-24-2004 01:31 AM

Re: Secure comms between CMS and agents

Reading through the white paper, I think the better solution for us may be a separate mini-network for management. Agents could be installed on all servers and iLO active. If all this happens within the DMZ, we could use a machine on our side as a VPN gateway to the CMS. It should give us full control with no security risks. Anyone see a problem with that?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.