HPE Community
Server Management - Systems Insight Manager
1833493 Members
2956 Online
110052 Solutions
New Discussion

Re: SNMP and SIM

 
Bill L'Hotta
Occasional Contributor

‎12-02-2005 11:21 AM

‎12-02-2005 11:21 AM

SNMP and SIM

Is there a way to deploy SIM without enabling SNMP on every server you want to view at the SIM console? Our security staff doesn't allow us to enable SNMP.

Thanks in advance.
0 Kudos
Reply
6 REPLIES 6
Aravindh Rajaram
Honored Contributor

‎12-02-2005 08:38 PM

‎12-02-2005 08:38 PM

Re: SNMP and SIM

make use of WBEM/WMI. you can get a reasonable amount of data.
0 Kudos
Reply
Safi
Occasional Advisor

‎12-02-2005 10:03 PM

‎12-02-2005 10:03 PM

Re: SNMP and SIM

If the problem is security u can define the snmp service to be private(only the group u define can see it).
Any other way(WMI,NTPerfmon,COda) won't get u hardware data.
0 Kudos
Reply
Rob Buxton
Honored Contributor

‎12-04-2005 11:09 AM

‎12-04-2005 11:09 AM

Re: SNMP and SIM

It's not going to be easy.

SNMP can be made a lot more secure, having a blanket policy of the type described on an internal network would be quite restrictive.

SNMP can be configured to only allow connections from selected hosts and you can dispense with the default community names and create your own.
You only need a Read Only SNMP name to get a lot of functionality.

I've heard a few people say SNMP is not secure, but I've never found a definitive reference that says why.
0 Kudos
Reply
David Claypool
Honored Contributor

‎12-04-2005 05:52 PM

‎12-04-2005 05:52 PM

Re: SNMP and SIM

Ask the network infrastructure people if they are allowed to use SNMP and I'll bet the answer is yes.
0 Kudos
Reply
Stefan Laemmer
Valued Contributor

‎12-05-2005 12:10 AM

‎12-05-2005 12:10 AM

Re: SNMP and SIM

Rob:
SNMP & Security: SNMP sends it's requests and answers unencrypted over the wire, so if you have someone sniffing the wire they'll "see" the community, passwords etc. Thats why it's considered unsecured..
0 Kudos
Reply
David Claypool
Honored Contributor

‎12-05-2005 01:32 AM

‎12-05-2005 01:32 AM

Re: SNMP and SIM

Stefan:

First of all, in a corporate LAN environment (not outside the firewall on the wide open Internet), if you have people sniffing your wire, you have a bigger problem than SNMP.

SNMP in and of itself is not evil. HP SIM uses it in a controlled and relatively 'safe' fashion:

- Only read operations are performed by HP SIM using SNMP (any write operation is performed using an HTTP connection with SSL)

- Additionally, the HP Management Agents use SNMP for sending events as SNMP traps

- While the HP Insight Management Agents require a local write string, it is only used for intra-agent communication--it is never used across the wire

If sniffing SNMP tells you a system's community string which lets you discover a system is running Windows or has 512MB of memory, it is not a very useful item of information to cause harm...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.