HPE Community
Server Management - Systems Insight Manager
1826421 Members
4153 Online
109692 Solutions
New Discussion

WBEM password

 
SOLVED
Go to solution
Ulrik Ivers
Frequent Advisor

‎03-18-2004 08:19 PM

‎03-18-2004 08:19 PM

WBEM password

Maybe this is a really stupid question...

I haven't been able to fully understand how WBEM is used by the Agents.

When the documentation talks about "WBEM Password", is that the same as the passwords configured to access the agents via https on port 2381?

/U.
0 Kudos
Reply
6 REPLIES 6
David Claypool
Honored Contributor

‎03-19-2004 01:04 AM

‎03-19-2004 01:04 AM

Re: WBEM password

WBEM and WMI (Windows Management Instrumentation, a WBEM implementation) use operating system security for login/password. The WBEM password needs to be a valid OS password for those systems.
Reply
Ulrik Ivers
Frequent Advisor

‎03-19-2004 02:12 AM

‎03-19-2004 02:12 AM

Re: WBEM password

I see...

1. What priviligies do the user account need on the managed server?

2. Do SIM use BOTH SNMP and WBEM?

3. Can WBEM be used INSTEAD of SNMP when using SIM to monitor HP Proliant Servers running Windows? Would be nice to be able to skip the unsecure SNMP protocol.

/U.
0 Kudos
Reply
David Claypool
Honored Contributor

‎03-19-2004 02:34 AM

‎03-19-2004 02:34 AM

Solution

Re: WBEM password

The short answer is that our ultimate goal is to enable environments that don't require SNMP, though in most heterogeneous environments the eradication of SNMP is not practical because it is the most common.

Specific answers to your questions:

1. What priviligies do the user account need on the managed server?

It does not need administrative privileges.

2. Do SIM use BOTH SNMP and WBEM?

hpSIM uses one, the other or both, depending on what a system is identified as having during Device Identification.

3. Can WBEM be used INSTEAD of SNMP when using SIM to monitor HP Proliant Servers running Windows? Would be nice to be able to skip the unsecure SNMP protocol.

The ProLiant Insight agents are today instrumented for HTTP access and SNMP, not WBEM. The information you get using WBEM (or, since we're talking about Windows, WMI) from a ProLiant is information from the operating system, not the Insight agents, so the depth and quality of information is not as good (e.g. no drive array information). Also, while hpSIM has the ability to receive alerts through WBEM, nothing is out there that sends alerts that way, so SNMP traps are still the best method.

SNMP has gotten an undeservedly bad reputation as being insecure because it is a clear text protocol, sending the community string and data without encryption. However, we have a "do no harm" approach in SNMP, meaning that our agents do not allow you to do anything worse than clearning a log or setting a threshold through SNMP. Using SNMP on a corporate network (note: not unprotected on the internet, which we don't advocate using our agents at all on) does not introduce any additional risk.

If you have employees that are sniffing your network intending to do harm, you have a much bigger problem than SNMP being used.
Reply
Ulrik Ivers
Frequent Advisor

‎03-19-2004 02:44 AM

‎03-19-2004 02:44 AM

Re: WBEM password

Thanks for the much soght after information!

A follow up question regarding SNMP:

I seem to recall having seen a documentation on what the requirements are regarding SNMP communities and their rights, but I can't seem to find it again.

So, as I understand it the HP agents talk to the SNMP Agent locally on the server and needs a SNMP community with READ WRIRE rights. And the SIM server needs a community with READ rights on the server.

Is that correct or do the SIM server also need to know a READ WRITE community on the managed server?

/U.
0 Kudos
Reply
David Claypool
Honored Contributor

‎03-19-2004 02:56 AM

‎03-19-2004 02:56 AM

Re: WBEM password

That would seem to be true, though I have never set it up that way. If I have a chance in the lab, I'll try it and report back. If you want to try it out, please report back here for the community.

One last thing about WBEM...it is a particularly useful thing when dealing with systems that don't have a ProLiant Insight agent. That includes:

- HP rx (Integrity) and rp servers [although Insight agents are available for HP-UX on SuperDome and will be phased in through the whole rx line]
- ProLiant 100 series
- non-HP systems (including, by the way, "virtual machines" hosted in VMware)
0 Kudos
Reply
Ed Cox
Respected Contributor

‎03-22-2004 10:09 AM

‎03-22-2004 10:09 AM

Re: WBEM password

Ulrik,
HP SIM (and IM 7) can use the Read Only SNMP string on your server to get overall SNMP Status information. That is how the icon colors change for each server.
Internally on the target servers you can set up a separate community string (something other than the Read Only string) and that way when you connect to the port :2381 web interface you have the ability to set thresholds, clear logs and turn on the UID (a.k.a. the Blue Light Special). And since it's through the web browser it's SSL encrypted.
So ...
As long as IM 7 or SIM has access to the Read Only string it can update your overall status and it won't use your additional Read\Write string for it's polling.
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.