- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- Server Management - Systems Insight Manager
- >
- Set wbem in order to replace less secure SNMP prot...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-10-2005 06:41 PM
02-10-2005 06:41 PM
Set wbem in order to replace less secure SNMP protocol
I'm trying to set up wbem in order to replace SNMP which is a less secure protocol(no authentication at all). Here is how I started for testing:
1 Installation of wbem mapper on a system (downloaded from HP web site "Pegasus WMI Mappwr")
2 checked that service is listening on 5989
3 Tried to stop SNMP service without success because HP services are dependent on SNMP service. I changed the community string in order to prevent an SNMP exchange
4 I simulated a Hardware problem, removing one disk of a RAID array
At that point I expected the simulated hardware problem to show up in HP SIM CMS console...surprise the hardware problem doesn't appear... the "Hardware Status Polling Task" runs every five minutes (default)
Can anyone help me ? Is it really possible to get rid of SNMP protocol ?
Regards
Angelo
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-11-2005 05:29 AM
02-11-2005 05:29 AM
Re: Set wbem in order to replace less secure SNMP protocol
If you're working with a ProLiant running Linux, eliminating SNMP is not practical at this time. HP SIM expects to be able to gather data, status poll and receive events via SNMP. WBEM Services has not yet been instrumented for all of the features present in ProLiant servers and the Linux WBEM services do not yet send "WBEM Indications," which is the WBEM equivalent of SNMP traps.
Much hoo-haw has been made about SNMP and its relative lack of security stemming from the community string being passed in clear text as well as the data. However, keeping this in mind, our management communications are like spies in the field: don't communicate anything of value over an un-secured line. That's why HP SIM uses secure HTTPS for important operations such as software/firmware updates, agent configuration tasks, replicating disk thresholds and the like.
HP SIM needs only a read community string (although the agents need a read/write community string to be present for inter-agent communication, but that r/w string never goes out over the wire). Best practice also dictates that it's best to set your SNMP service to respond to requests made by localhost and the HP SIM server so other systems cannot do SNMP gets without authorization. Additionally, the new System Management Homepage 2.0 (due out with the 7.2 PSP and also distributed with HP SIM 4.2) strengthens security by going from built-in accounts to OS accounts and adding the ability to selectively bind to an IP address.
If you are inside your firewall and you're worried about a hacker sniffing your network, you've got bigger problems than SNMP. If you're outside the firewall on the internet, we don't recommend locading any management software on an unprotected system; that's just inviting a DoS attack.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-13-2005 02:12 PM
02-13-2005 02:12 PM
Re: Set wbem in order to replace less secure SNMP protocol
You can restrict which hosts can communicate. You can remove the default public and private community names and create your own. Note SNMP Community names are case sensitive so there's quite a bit of room for invention.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-13-2005 06:51 PM
02-13-2005 06:51 PM
Re: Set wbem in order to replace less secure SNMP protocol
Which tasks on HP SIM need an SNMP write community string ?
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-14-2005 05:39 AM
02-14-2005 05:39 AM
Re: Set wbem in order to replace less secure SNMP protocol
The same issues apply for Windows' implementation of WBEM, WMI.
"Which tasks on HP SIM need an SNMP write community tring ?"
HP SIM needs only a read community string (although the agents need a read/write community string to be present for inter-agent communication, but that r/w string never goes out over the wire).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-14-2005 06:43 PM
02-14-2005 06:43 PM
Re: Set wbem in order to replace less secure SNMP protocol
When you say that the write community string never goes on the wire, does this mean that it travels through HP agents that uses HTTPS using port 2381 ?
Is it possible to get a white paper or such describing all the agents used on HP systems, I mean storage, Nic, web, diagnostics server, event, foundation, and so on... and the communication protocols used by those agents ? I need this because on our network there is a will to identify and restrict the communication between systems and I have to know exactly what is doing what with HP Agens and HP SIM ?
Regards
Angelo
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-15-2005 02:35 AM
02-15-2005 02:35 AM
Re: Set wbem in order to replace less secure SNMP protocol
"Managing HP servers through firewalls with HP Systems Insight Manager" and "Understanding HP Systems Insight Manager Security"
from http://www.hp.com/go/hpsim --> Information Library