Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP Systems Insight Manager 5.1 with Service Pack 1 Installation and Configuration Guide for Microsoft® Windows > Chapter 5 Configuring HP SIM using the Options menu

Users and authorizations
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 
NOTE: Users that have been added to the Central Management Server (CMS) cannot view or manage systems until authorizations have been configured for them.HP-UX and Linux-provided command line tools, such as ls and df, are run as root by default. For security reasons, you might want them to run as a specific user to avoid permitting unintended capabilities to a user.

HP Systems Insight Manager (HP SIM) enables you to configure authorizations for specific users or user groups. Authorizations give the user access to view and manage systems. Each authorization specifies a user or user group, a toolbox, and a system or system group. The specific set of tools that can be run against a system is specified in the assigned toolbox.

It is important that you plan which systems each user is going to manage and which specific set of tools the users are authorized to execute against the managed systems. A user with no toolbox authorizations on a system cannot view or manage that system.

Authorizations are additive. If a user is authorized on Toolbox1 on a system and is also authorized for Toolbox2 on the same system, the user is authorized for all tools in both Toolbox1 and Toolbox2 on that system. Similarly, a user authorized for the All Tools toolbox needs no other toolbox authorization on that system because the All Tools toolbox always includes all tools.

Adding users

Create a new user account to sign in to HP Systems Insight Manager (HP SIM). The account must be valid on the operating system (includes Active Directory on Windows) on the Central Management Server (CMS) and will be authenticated by the CMS. You must know the operating system user account name of the user you are adding, but you do not need to know the password.

To create a new user:

  1. Select Options->Security->Users and Authorizations->Users, and click New. The New User section appears.

  2. In the Login name (on central management server) field, enter the operating system login account name to be used to sign in to HP SIM. This field is required.

    Note: The user cannot sign in to HP SIM if the account is not a valid login. The account is not validated until the user tries to sign in to HP SIM.

  3. In the Domain (Windows domain for login name) field, enter the Windows domain name for the login name if the CMS is running a Windows operating system. If left blank, the system name of the CMS is used as the domain.

  4. (Optional) In the Full name field, enter the user's full name.

  5. (Optional) In the Phone field, enter the user's phone number.

  6. (Optional) In the E-mail address field, enter the user's e-mail address.

  7. In the Copy all authorizations of this user or [template] field, select a template or login that already has the predefined authorizations that you want to assign to the login account you are creating.

  8. In the Central management server configuration rights section, select the level of authority to assign to the new user from the following options:

    • Full configuration rights. Enables total user control of the database. Users can run discovery of systems and data collection; define users and authorizations; set Cluster Monitor configuration; configure licensing and protocol settings; and create, modify, delete, and run reports, snapshot comparisons, tools, custom tools, events, automation tasks, and so on.

    • Limited configuration rights. Enables the user to create, edit, and delete reports (including predefined reports).

    • No configuration rights. Enables the user to view and run predefined reports on systems they have been authorized to view only. A user without configuration rights cannot execute any actions to affect the system database.

  9. Under the Login IP Address Restrictions section, in the Inclusion ranges field, enter the IP addresses of the systems that you want this user to be able to use as a client browsing into this CMS. If you list multiple IP addresses, separate them with a semicolon (;). Each range is a single IP address or two IP addresses separated by a dash (-). The IP addresses must be entered in the standard dotted decimal notation, for example, 15.1.54.133. Any spaces surrounding the semicolons or dashes are ignored. Spaces are not allowed within a single IP address in the dotted decimal notation. Enter 0.0.0.0 to prevent a user from logging in through a remote system.

    Important: If browsing from the CMS, ensure all IP addresses of the CMS are properly included. If browsing to localhost, ensure the loopback address 127.0.0.1 is also included.

  10. (Optional) In the Exclusion ranges field, enter the IP address of the systems that should be excluded from this user as clients browsing into this CMS. Use the same format in the previous step for Inclusion ranges.

    Note: Be sure to verify that your inclusion and exclusion ranges do not overlap.

  11. Under the Pager Information section, in the Phone field, enter the pager phone number of the user associated with this user account if you are using a Windows operating system. If the Phone field is left blank, the paging information is not saved.

  12. In the PIN number field, enter the PIN number associated with the pager phone number.

  13. In the Message length field, select how many characters can be accepted in the paging message from the dropdown list.

  14. In the Baud rate field, select the appropriate baud rate for the pager from the dropdown list.

  15. In the Data format field, select the appropriate data format for the pager from the dropdown list.

  16. Click OK to save and close the New User section. The new user account is created. Click Apply to save and keep the New User section open, or click Cancel to cancel the creation of this user.

Adding user groups

User groups must exist in the operating system. For Windows, they must also exist in Active Directory. Members of the user groups in the operating system can sign in to HP Systems Insight Manager (HP SIM) and inherit the group's attributes for configuration rights, login IP address restrictions, and authorizations. When a group's configuration rights, login IP address restrictions, or authorizations are changed, this change is immediately reflected in all current members of the group.

To create a new user group:

  1. Select Options->Security->Users and Authorizations->Users, and click New Group. The New User Group section appears.

  2. In the Group name (on central management server) field, enter the operating system group name to be used for signing in to HP SIM. This field is required.

  3. In the Domain (Windows domain for login name) field, enter the Windows domain name for the group if the Central Management Server (CMS) is running a Windows operating system.

  4. In the Full name field, enter the full name for the group. This name appears in the table on the Users tab.

  5. In Copy all authorizations of this user or [template] dropdown list, select a template or login that already has the predefined authorizations that you want to assign to the group you are creating.

  6. In the Central management server configuration rights section, select the level of authority to assign to the new user group from the following options. Users that sign in to HP SIM as members of this group inherit these configuration rights.

    • Full configuration rights. Enables total user control of the database. Users can run discovery of systems and data collection; define users and authorizations; set Cluster Monitor configuration; configure licensing and protocol settings; and create, modify, delete, and run reports, snapshot comparisons, tools, custom tools, events, automation tasks, and so on.

    • Limited configuration rights. Enables the user to create, edit, and delete reports (including predefined reports).

    • No configuration rights. Enables the user to view and run predefined reports on systems they have been authorized to view only. A user without configuration rights cannot execute any actions to affect the system database.

  7. Under the Login IP Address Restrictions section, in the Inclusion ranges field, enter the IP addresses of the systems that you want members of this user group to be able to use as a client browsing into this CMS. If you list multiple IP addresses, separate them with a semicolon (;). Each range is a single IP address or two IP addresses separated by a dash (-). The IP addresses must be entered in the standard dotted decimal notation, for example, 15.1.54.133. Any spaces surrounding the semicolons or dashes are ignored. Spaces are not allowed within a single IP address in dotted decimal notation. Enter 0.0.0.0 to prevent a user from logging in through a remote system.

    Important: If browsing from the CMS, ensure all IP addresses of the CMS are properly included. If browsing to localhost, ensure the loopback address 127.0.0.1 is also included.

  8. In the Exclusion ranges field, enter the IP address of the systems that should be excluded from members of this user group as clients browsing into this CMS. Use the same format in the previous step for Inclusion ranges.

    Note: Be sure to verify that your inclusion and exclusion ranges do not overlap.

  9. Click OK to save and close the New User Group section. Click Apply to save and keep the New User Group section open, or click Cancel to cancel to close the New User Group section without saving the new group.

Adding toolboxes

Create a toolbox to configure a group of tools to which a user has access.

To add a toolbox:

  1. Select Options->Security->Users and Authorizations->Toolboxes, and then click New. The New Toolbox section appears.

  2. In the Name field, enter a name for the new toolbox. This field is required.

  3. In the Description field, enter a description for the toolbox.

  4. Select Toolbox is enabled to enable the toolbox and all authorizations created with this toolbox.

  5. In the Show tools in category field, select the category to display a list of tools in the available tools list. Select the tools to be assigned to this toolbox in the available tools list, and click >>.

    The selected tools appear in the Toolbox contents list. You can select a tool displayed in the Toolbox contents list, and click << to remove it from the assigned tools list.

    Note: For limited and no configuration rights users to clear, delete, assign events, and add comments to events, you must select Configuration Tool from the Show tools in category dropdown list. Then, select Clear Events, Delete Events, Assign Events, and Comment Events as necessary and click >> to add them to the Toolbox contents.

  6. Click OK to save the new toolbox and close the New Toolbox section. Click Apply to save the settings without closing the New Toolbox section, or click Cancel to cancel the new toolbox creation and return to the Toolboxes section.

Adding authorizations

Authorize your users for a toolbox on a system or group of systems.

To add authorizations:

  1. Select Options->Security->Users and Authorizations->Authorizations, and then click New. The New Authorizations section appears.

  2. In the Select dropdown list, select User(s) or UserGroup(s), and select the users or groups in the box. This field is required.

  3. In the Enter authorizations for the selected user(s) section, select one of the following options:

    • Copy all authorizations of this user or [template]

      Select a user or template from the dropdown list.

    • Manually assign toolbox and system/system group authorizations

      1. In the Select Toolbox(es) section, select the toolboxes to include.

        New Authorization with Collection selected

      2. In the Select Systems list box, the two default system groups are displayed. Select one of these groups or click Add to display the Add Systems section to select systems for the authorization.

        1. Click the down arrow in the Add targets by selecting from dropdown list, and select a collection.

        2. If you want to use the entire collection as your selection, select Select "collection name" itself. This option creates a system group based on the currently displayed contents of the collection.

          • (Optional) Select Automatically track changes. If this collection changes, so does the authorization to enable the authorization to automatically be updated when a collection is changed without user intervention.

          • (Optional) Select Do not track changes. If this collection changes, the authorization will not change. If this option is selected, you must manually update the authorization after a collection has changed by using the Update button on the Authorizations tab.

            Note: These two selections are only available if a collection of systems is selected and the Select "collection name" itself option is selected. You must select one option or the other. The default selection is based on the DynamicAuthorizations_AutoUpdateDefaultValue property setting in the globalsettings.props file. The default is set to yes. This is reflected in the Select Systems list box in the New Authorizations section with [Auto] appended to the entry. For example, if you selected All Systems and chose to have it automatically updated, All Systems 001 [Auto] would be displayed in the Select Systems box.

            You can continue to add systems and collections and can enable automatic updates for each selected collection. Since automatic updates for any authorization apply to all authorizations using the same selected collection, changing the setting for one affects any other authorization using the same collection. Therefore, during system selections, if you select a group already associated with an automatically updating authorization, the "Automatically track changes. If this collection changes, so does the authorization" option is preselected. Likewise, if a non automatically updating authorization is associated with a collection, the "Do not track changes. If this collection changes, the authorization will not change" option is preselected.

        3. If you want to select all individual systems from the collection, select the checkbox at the top of the table view in the column heading to select all systems.

          Note: This action creates a separate authorization for each selected system.

        4. If you want to select individual systems from the collection, select the systems from the table view.

          Note: This action creates a separate authorization for each selected system.

        5. Click Apply to save system selections, or click Cancel to return to the New Authorizations section without saving changes.

          After clicking Apply, a message appears based on the options selections. Click OK to return to the New Authorizations section.

        Note: A system group is a group of systems based on a system collection and used for authorizations. It is a static snapshot of the contents of the collection at the time the system group was created. There are two default system groups that are not based on collections. The All Managed Systems system group contains every managed system, except the Central Management Server (CMS). The CMS is excluded so that users are not mistakenly assigned the authorization to manage the CMS system itself. There is a CMS group created explicitly for the CMS. These default system groups cannot be edited, updated, or deleted.

        If you selected individual systems of a collection, each selection populates the list box and is selected for inclusion in the authorization. If you selected a collection and the collection has been used previously in an authorization, a message appears stating that a system group for the collection exists and will be updated with current source collection content. This condition affects all authorizations associated with that collection. When a collection is used for the first time, no message appears. A system group with the name of the collection followed by three numbers, usually 001, is displayed in the Select Systems dropdown list and is selected.

      3. Click OK to save the new authorization and close the New Authorizations section, or, if you do not want to save changes, click Cancel to cancel the creating process.

Configuring email settings

Configuring email settings enables users to send email notification of certain events.

To configure email settings:

  1. Access the Simple Mail Transfer Protocol (SMTP) host and CMS e-mail settings through the First Time Wizard or choose Options->Events->Automatic Event Handling->Email Settings. The Email Settings page appears.

  2. Enter the SMTP host name. The SMTP host is the outgoing e-mail server that the CMS will use to send e-mail notifications.

  3. Enter the e-mail address that the management server will use when sending e-mail notifications in the Sender's e-mail address box.

  4. To authenticate your SMTP server, select Server Requires Authentication.

  5. Enter the account user name and password in the corresponding boxes.

  6. If you are using the First Time Wizard, click Next to go to the next step.

    Note If you did not enter a valid SMTP host, HP SIM notifies you that it will not be able to send e-mail notifications. Click OK, if you do not want to enter e-mail settings now, or click Cancel and enter a valid SMTP host.

    If you are changing the e-mail settings from the Options->Events->Automatic Event Handling->Email Settings page, click OK to save changes.

Configuring paging settings

Configuring paging settings enables users to receive pages to notify them of certain events.

To configure paging settings:

  1. Select Options->Events->Automatic Event Handling->Modem Settings. The Modem Settings page appears.

  2. From the COM port field, select the appropriate COM port. See your modem documentation for details.

  3. Click OK to save the setting.

Setting up automatic event handling

Automatic event handling enables you to define an action that HP SIM performs when an event is received.

To set up automatic event handling:

  1. Select Options->Events->Automatic Event Handling->New Task. The Automatic Event Handling - New Task page appears.

  2. Enter a name in the Task name field, or accept the default, and click Next. The Select event collection page appears.

  3. Select one of the following:

    1. Use this event collection

      1. Select an event collection from the dropdown list.

        Note: Select an event collection. The event collection is a collection that is defined by event attributes. The event collection might be a combination collection containing system information. If the collection contains system information, step iii will not appear. If you select an event collection that contains additional event collections, you will receive an error message.

      2. (Optional) Click View Definition to view the attributes that define the event collection.

        Note: This field is displayed if you selected an existing private or shared event collection. If the collection was created using the Automatic Event Handling feature that enables you to select event and system information, this will not be displayed.

      3. Click Next. The Select system collection page appears. If the event collection contains system information, the select system collection process will not be displayed. Instead, the Select actions page will appear.

    2. Use event attributes that I will specify

      1. Click Next. The Select events page appears.

      2. Select event search criteria for defining the task:

        • List criteria

        • Comparison option

        • Value for the criteria or comparison options selected

        To add additional search criteria, click Add.

    3. Click Next. The Select system collection page appears.

  4. Select one of the following options:

    1. Use this system collection

      1. From the dropdown list, select a system collection.

      2. Click View Definition to view the system attributes or the members of the system collection that is selected.

      3. Click Next. The Select action page appears.

    2. Use system attributes that I will specify

      1. Click Next. The Select systems page appears.

      2. Select system search criteria for defining the task:

        • List criteria

        • Comparison option

        • Value for the criteria or comparison options selected

        To add additional search criteria, click Add.

      3. Click Next. The Select actions page appears.

  5. Select from the following options:

    • Send page (Windows only)

      Add users to be paged from the dropdown list of users by clicking >>. Click << to remove selected users from the list of users to be paged. The pager number for an HP Systems Insight Manager (HP SIM) user is set on the Users and Authorizations page. If a user name in the Users list is inactive, the pager information for the user has not been configured. You can add the user to the list of users to be paged, but pager messages are not sent to this user until the pager information is provided.

    • Send e-mail

      In the To field, enter the list of e-mail addresses that should receive the notification, separating each entry with a comma.

      In the CC field, enter any e-mail address that should receive a copy of the e-mail, separating each entry with a comma.

      In the Subject field, enter a note describing the subject of the e-mail.

      In the Message Format field, select from the following formats based on the encoding preference of the recipient:

      • Standard. A default message format that sends a text e-mail message to the recipients.

      • Pager/SMS. An e-mail message formatted with the same information and format as a pager message is sent to the recipients.

      • HTML. An e-mail message that looks like the HTML Event Details page is sent to the recipients.

      In the Encoding field, select from the following formats:

      • Western European (ISO-8859-1)

      • Unicode (UTF-8)

      • Japanese (ISO-2022-JP)

      • Japanese (Shift_JIS)

      • Japanese (EUC-JP)

    • Run custom tool

      Select a custom tool from the Name dropdown list. custom tools are created under the Tools->Custom Tools->New Custom Tool option, and select CMS tool.

    • Assign

      Enter the name of the person to whom to assign the task. The event is assigned to this user when received. Setting this field allows you to do searches assigned to this person.

    • Forward as SNMP trap

      Enter a system name or IP address in the Name or IP field, and click >> to add it to the Trap recipients box.

      Click Delete if you want to delete a recipient after selecting the name in the Trap recipients box. Use the up and down arrows to scroll to the recipient to delete.

    • Write to system log

      On Windows NT and Windows XP systems, the event details are written to the Application Log, and the Source column of the Event Log is listed as HP SIM for the logged event. On Linux and HP-UX systems, the event details are logged to the system log, which is usually located in the file /var/log/messages on Linux and in /var/adm/syslog/syslog.log on HP-UX.

    • Clear event

      Received events are cleared based on the criteria selected when task executes.

  6. After you have made your selections, click Next. The Select time filter page appears.

  7. Select the Use time filter checkbox if you want to use time filters, and select an option from the dropdown list.

    1. Click Manage Filters if you want to set user-defined filters.

    2. Select the View time filter checkbox. A time filter window appears, showing the times selected.

      If the Use time filter checkbox is not selected, actions are triggered whenever the events matching the selected criteria are received.

      If the Use time filter checkbox is selected, actions are triggered only when they occur during the days and times specified by the selected time filter.

    3. When you have entered the information, click Next to continue with the next step. The Review summary page appears. The Task name, the events, system criteria, and Action(s) information are displayed. If a paging or e-mail option was selected, the modem and e-mail settings are displayed, along with buttons to change the settings.

  8. (Optional) Click Edit modem settings to edit the modem settings, or click Edit email Settings to edit the SMTP settings.

    Note: The event and system search criteria appear at the bottom of the page. This information can be extremely complex and long. Therefore, you might need to scroll down to view all of the criteria.

  9. Click Finish to create the new task.

Configuring and executing discovery

Discovery is the process that HP SIM uses to find and identify the systems on your network and populate the database with that information. A system must first be discovered to collect data and track system status. There are two basic ways to discover new systems:

  • Automatic discovery. The process that HP SIM uses to find and identify the systems on your network to populate the database with that information. A system must first be discovered to collect data and track system status.

  • Manual discovery. The process that enables you to bypass a full automatic discovery and add single and multiple systems to the database, create or import the HP SIM database Hosts file, and create or import a generic Hosts file.

Configuring and executing automatic discovery

  1. Select Options->Discovery. The Discovery page appears with the Automatic tab selected.

  2. In the For all automatic discoveries section, select Configure general settings. The General Settings section appears.

  3. Select from the following options:

    • Automatically discover a system when an event is received from it. This option enables systems to be discovered when a trap or some other supported event is received by HP Systems Insight Manager (HP SIM). It uses the discovery filters and IP address exclusion ranges for additional filtering of these events.

    • Automatically discover a server blade when its Integrated Lights Out management processor is identified. This option adds servers that were indirectly discovered through its management processor. These servers are discovered when its iLO is discovered, they are listed with a Disabled state on the system table view page, and the only information displayed is the system serial number and the association to iLO and the enclosure. If the iLO is in a c-Class enclosure, then the Discover systems in an enclosure when Onboard Administrator is discovered option should also be enabled.

    • Select Discover systems in an enclosure when Onboard Administrator is discovered. This option adds systems known by the Onboard Administrator even if they are not in the configured Discovery range.

    • Select Automatically discover HPVM guest(s) when the host is identified. This option adds all HP Integrity Virtual Machine (HPVM) guest systems to the HP SIM database when the HPVM host system is discovered and identified.

  4. (Optional) In the Ping exclusion ranges, templates and/or hosts files field, specify the IP addresses, templates, or Hosts files containing IP addresses to exclude from the automatic discovery process. This field applies to both range pinging and event-based automatic discovery.

    Important: When discovering clusters, the ping inclusion range must include the IP addresses of the cluster and the cluster members.

  5. (Optional) Select Enable discovery filters.

  6. In the Discover the following system types: section, select the type of systems to be discovered.

    Important: When discovering clusters, you must include the server system type, so that the cluster members are not filtered out.

    Note: This option is available only when you select Enable discovery filters.

  7. In the Limit discovery to systems that meet the following criteria section, select from the following:

    • Any system that matches the above filter

    • All manageable systems (WBEM, SNMP, DMI, WMI, or HTTP support)

    • Manageable systems with HP agents only

    Note: This option is available only when you select Enable discovery filters.

  8. Click OK to save settings, or click Cancel to close the General Settings section without saving changes.

    If you click OK when discovery filters are enabled but have not selected any system types, the following error message appears:

    You must make at least one system type selection when enabling filters.

  9. Select System Automatic Discovery. Click one of the following options to schedule it for ongoing operations or to make other changes: Edit, Enable or Run Now. If you would like to create other discovery tasks, click New.

Configuring and executing manual discovery

  1. Select Options->Discovery, and click the Manual tab. The System Information section appears.

  2. Enter the system name or IP address.

  3. Click Add System to add the system to the database. If you have not entered the Simple Network Management Protocol (SNMP) or Web-Based Enterprise Management (WBEM) credentials for this system previously, click More Settings. Enter the credentials, then click Add System. Or click More Settings to enter the following information:

    New Discovery Task
    New Discovery Task

    • Specify additional system properties to use only if Identification fails on this system. Includes:

      • System type

        Click the down arrow and select the appropriate System type.

      • System subtype

        Click the down arrow and select the appropriate System subtype. You can provide up to eight different system subtypes.

      • Product model

        This is a free form field and you can enter the system model number here.

    • WBEM Settings

      • User name

      • Password

        If you do not want to use the default global values for the WBEM user name and password, select Use Custom and enter custom values.

        If you are manually discovering a storage system, ensure that the user name and password of the SMI CIMOM are present in the global protocol settings, or enter them here as custom values. Select Options->Global Protocol Settings->Protocol Settings to view the global settings.

        For Windows-based systems, the user name should include the domain name, for example, domainname\username.

        Note: OpenWBEM is not supported.

      • SNMP Settings

        If you do not want to use the default global values for the SNMP settings, select Use Custom, and enter custom values.

        • Timeout (in seconds)

          The amount of time HP SIM waits for an SNMP response when it sends a request to the system. If a response is not received within the time interval, HP SIM might determine that the system does not support SNMP. Decreasing this value can result in increased network traffic because the rate of retry attempts is increased. Use caution when changing this value. A value of three seconds usually works for a LAN. However, If systems are connected through a WAN, try a higher value, for example, 10 seconds.

        • Retries

          The number of additional times after the first attempt is made to communicate with a system before attempts stop.

        • Read-only community string and Write community string

          Note: The Write community string is optional and is only required for firmware updates on a GbE switch. If you need to update the GbE switch firmware, you must first set the write community string from this page and then run the existing switch update task. Do not set this feature if the network is not trusted.

          A community string sets up authentication that enables or prohibits communication between the managed system and the Central Management Server (CMS). The community string of the CMS must match the community string of the managed system. Use the read-only community string to read variables. Use the write community string to modify variables. Although only one community is valid for a communication attempt, a system can belong to multiple communities. However, HP SIM only uses one community string when communicating with a system.



Configuring protocol settings
  		 


Chapter 6 Setting up managed systems  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2003-2007 Hewlett-Packard Development Company, L.P.