HPE Community
Server Management - Systems Insight Manager
1833064 Members
2895 Online
110049 Solutions
New Discussion

Re: VCA and VCRM security

 
Pagnotta
Frequent Advisor

‎08-09-2005 03:03 AM

‎08-09-2005 03:03 AM

VCA and VCRM security

Dear All,

I'd like to know if there could be a way for strengthening the security of this pair of services working together to maintain the hp software up to date.

As far as I undserstand the deployment of hp software (drivers, agents, settings,..) can be started via HP SIM "Deploy software..." and that thereafter two communication channels (SSL)are created for starting up the deployment and for downloading the software from VCRM, that is

VCRM to VCA via SSL "startup"
VCA to VCRM via SSL "download"

The second communication is done via SSL for encryption but needs a username/password for login. Now what I would like to strengthen is this username/password that must be setup on each system. In fact that user MUST BE, as far as know, a VCRM's server local admin which means that this credential is stored on each remote system that you want to keep up to date via this VCA-VCRM pair.

Is there a posibility to reduce the privileges givent to that user ? I mean avoid this user account to be a local admin of the VCRM server ?

Thanks for help

Angelo
0 Kudos
Reply
4 REPLIES 4
David Claypool
Honored Contributor

‎08-09-2005 03:23 AM

‎08-09-2005 03:23 AM

Re: VCA and VCRM security

A valid login to the VCRM is all that is necessary. It does not need any Operating System privileges.
0 Kudos
Reply
Rich Purvis
Honored Contributor

‎08-09-2005 08:01 AM

‎08-09-2005 08:01 AM

Re: VCA and VCRM security

David is correct they do not have to have any priviledges - you can create a user account called VCAdmin and place it in a group called SMHAdmins. No special priviledges on the account is needed - the group has no special abilities. You then configure the System Management Homepage on the system running VCRM to treat SMHAdmins as having Administrator or Operator level access for SMH - that is an SMH only designation *not* the OS. This way you have an ID that has little or no access to the OS but has Admin access for your Version Control and System Management Homepage.

-Rich
Why does my tivo keep recording Nickelodeon?
0 Kudos
Reply
Pagnotta
Frequent Advisor

‎08-09-2005 08:48 PM

‎08-09-2005 08:48 PM

Re: VCA and VCRM security

Hi,

Cool but how do I grant Administrator or
¨Operator privileges ?

I tried to create a new user and grant authorizations via [operator-template]... without success.. I had to add the user as an OS local admin....

Is there a good document that explain the authorizations and authorizations granularity of SIM ?

Regards

Angelo
0 Kudos
Reply
Rich Purvis
Honored Contributor

‎08-10-2005 02:34 AM

‎08-10-2005 02:34 AM

Re: VCA and VCRM security

You have to create an OS group and place the user account you want in it. Then you configure the System Management Homepage to recognize that OS group as Administrator or Operator - this can be done multiple ways one is through the SMH itself through:
settings -> system management homepage -> security ->user groups

This document:
http://h200005.www2.hp.com/bc/docs/support/SupportManual/c00293375/c00293375.pdf

in chapter 2 talks about it specifically for Version Control.

-Rich

Why does my tivo keep recording Nickelodeon?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.