HPE Community
Server Management - Systems Insight Manager
1829035 Members
2470 Online
109986 Solutions
New Discussion

WMI mapper as proxy in DMZ

 
Corey Adam
Occasional Advisor

‎02-24-2006 09:20 PM

‎02-24-2006 09:20 PM

WMI mapper as proxy in DMZ

I want to use the WMI mapper to manage Windows hosts behind a firewall. The whitepaper on SIM and firewalls discusses, but doesn't state how it works. I thought that a DMZ for example, would only need one Windows host running the WMI mapper. Then CMS would talk to that host with WBEM through the firewall and the host with the mapper would proxy WMI for the other Windows hosts on that DMZ. If this assumption is correct, and setup is as simple as described, then why isn't it working? I'd like to know more specifics on how it works, if my assumptions are correct, and some ideas on what is wrong.
0 Kudos
Reply
7 REPLIES 7
Aravindh Rajaram
Honored Contributor

‎02-28-2006 04:56 AM

‎02-28-2006 04:56 AM

Re: WMI mapper as proxy in DMZ

You are right. One system with WMI Mapper installed on the network is enough and the same can act as a proxy to collect WBEM data from other machines. It uses port 5989. So make sure that it is open. Also, you have to make the WMI mapper proxy settings in SIM (Options->Protocol Settings->WMI Mapper Proxy). And finally, make sure that you have entered the appropriate credentials in the Global/System protocol settings page.
0 Kudos
Reply
Corey Adam
Occasional Advisor

‎02-28-2006 12:18 PM

‎02-28-2006 12:18 PM

Re: WMI mapper as proxy in DMZ

Thanks for the validation. I think authentication was a big part of my problem because I have multiple authentication domains. Thanks!
0 Kudos
Reply
Justin BRady_1
New Member

‎07-20-2008 08:31 PM

‎07-20-2008 08:31 PM

Re: WMI mapper as proxy in DMZ

Is there a more thorough guide for using the WMI proxy. I am bit confused how I can access or see the servers that are proxied.

If SIM servers A and C are seperated by a firewall and SIM server A has several hosts in its Database, how can I see them from server C. Do I add them in manually even though I have no direct connection to them?
0 Kudos
Reply
justin brady_2
Occasional Advisor

‎08-27-2008 08:05 PM

‎08-27-2008 08:05 PM

Re: WMI mapper as proxy in DMZ


I have been trying to get any information about the wmi mapper proxy from HP for over 3 months with no success. HP could you please update the forum with some more information on functionality and requirements to use the mapper proxy in a firewalled environment.

Regards,
Justin.

0 Kudos
Reply
VRC
Valued Contributor

‎09-22-2008 11:15 PM

‎09-22-2008 11:15 PM

Re: WMI mapper as proxy in DMZ

You need atleast one communication channel to talk to the managed system from HPSIM, either by allowing ping across firewall or by allowing access to some other service like http. Only if HPSIM gets a reply from the system, it will proceed to add it else it will stop communicating with the system. For more information please check out the below pdf,

http://h10018.www1.hp.com/wwsolutions/misc/hpsim-helpfiles/MANAGINGHPServers-withHPSIM.pdf

Hope this helps.

-VRC
0 Kudos
Reply
justin brady_2
Occasional Advisor

‎09-23-2008 12:18 AM

‎09-23-2008 12:18 AM

Re: WMI mapper as proxy in DMZ

VRC,

So basically you would need to open a one to many ping rule into a untrusted zone which is pretty useless. If the WMI proxy could also help you discover servers via a one to one firewall rule it would be quite good. Looks like you still need one server per secure zone which is pretty limited. SIM simply isn't hierarchial or suitable for managing all servers centrally without opening up at least a one to many firewall rule.
0 Kudos
Reply
VRC
Valued Contributor

‎09-23-2008 02:05 AM

‎09-23-2008 02:05 AM

Re: WMI mapper as proxy in DMZ

SIM needs to know if the machine is reachable/alive or not. For this rule, it doesn't use WMI Mapper. The Mapper is used only to identify and collect information from WMI or HP WBEM Agents, but before that SIM should be able to talk to a TCP port or ping the machine, without which SIM can never manage any machines across the firewall.

-VRC
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.