HPE Community
Server Management - Systems Insight Manager
1836772 Members
2163 Online
110109 Solutions
New Discussion

Service Account for HP SIM

 
SOLVED
Go to solution
Corey_23
New Member

‎08-26-2004 02:33 AM

‎08-26-2004 02:33 AM

Service Account for HP SIM

Hello all,

We are currently in the process of cleaning up service accounts throughout our domain environment. On one of our current servers running HP Insight Manager version 4, the service account for all Systems Insight Manager services is runnnig using the local administrator account. We would like to use a domain account, however part of corporate policy is to use or create service accounts allowing only the necessary rights.

So my question is, could someone please point me in a direction that explains what rights are required for the HP SIM to function correctly so we can create or use an existing domain based service account as opposed to simply using a domain admin account(though this is the easy thing to do, in our case its frowned upon). I have checked the three available documents available for download and nowhere did I even see it mention about changing the service accounts.

If HP SIM must continue to retain the local administrator account, could someone point me to some documentation or explain why that is the case?

I am new to HP SIM and have been asked to look into this, however it appears documentation on this matter is not easy to come by.

Any help is sincerely appreciated.

Thanks kindly in advance.
0 Kudos
Reply
7 REPLIES 7
Gordon Leonard
Honored Contributor

‎08-27-2004 12:01 AM

‎08-27-2004 12:01 AM

Solution

Re: Service Account for HP SIM

Create a domain account that belongs to the local Admin group on the SIM server.

my 2 cents
Reply
Corey_23
New Member

‎08-27-2004 01:04 AM

‎08-27-2004 01:04 AM

Re: Service Account for HP SIM

Hi Gordon,

I will look into this solution, thanks for the idea...I did not think of this one.
0 Kudos
Reply
Corey_23
New Member

‎08-27-2004 02:50 AM

‎08-27-2004 02:50 AM

Re: Service Account for HP SIM

I got thinking about this after my reply - how would this account change effect all other servers running the SIM agent? All of our servers running the agent are currently using the local admin account as well, in which the local admin password is the same across these servers running the agents as it is on the SIM server itself. By changing the service account that SIM runs under on the SIM server, how will this effect the servers running the agent?

Will the service account for the agent on each server also have to be changed to use the same domain based service account as the SIM server?

Thanks kindly in advance.
0 Kudos
Reply
Gordon Leonard
Honored Contributor

‎08-27-2004 03:03 AM

‎08-27-2004 03:03 AM

Re: Service Account for HP SIM

The agents run under a "Local System Account" account. When you configure the agents you set the "Administrator" password this is not the same as the Windows Administrator. The web agents have three fixed accounts (Administrator, Operator, and User) none of them have any tie into any windows accounts.
Reply
Corey_23
New Member

‎08-27-2004 03:06 AM

‎08-27-2004 03:06 AM

Re: Service Account for HP SIM

Hi Gordon,

Thanks for the speedy reply. So in other words I need not be concerned about the service accounts under which the agent runs? How then, does the agent authenticate with the SIM server during each poll, verifying that it is a trusted agent for the service? Is this done using an account built into the SIM database, much like when adding a user to acccess the SIM via web interface?

Please excuse my ignorance as I am rather new to this system.

Thanks kindly in advance.
0 Kudos
Reply
Gordon Leonard
Honored Contributor

‎08-27-2004 03:32 AM

‎08-27-2004 03:32 AM

Re: Service Account for HP SIM

How many point is this question worth? :)

The agents never call SIM. They send traps through SNMP (SNMP uses a community string and a trap destination). SIM call the agents. Security is based off SNMP and TRUST. SIM must know the correct community string to not only read but to read & create. The second part is TRUST. Ever noticed when you configure the agents you can Trust All, Trust by Name, Trust by Certificate. This means when a SIM server is connecting to me the agent will trust by [All, Name, Certificate]. If you click on the server link from the SIM console and it redirects you to the agent login page it does *not* trust this SIM server, if it does trust the SIM server you would go directly to the agent page showing the device information (Nic, HD, etc).
Reply
Corey_23
New Member

‎08-27-2004 04:46 AM

‎08-27-2004 04:46 AM

Re: Service Account for HP SIM

Hi Gord,

Thanks for the speedy and insightful replies, your help is much appreciated and you have answered my questions well.

Thanks again.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.