Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP Systems Insight Manager 5.1 with Service Pack 1 Installation and Configuration Guide for Microsoft® Windows > Chapter 6 Setting up managed systems

Setting up managed systems from a Windows CMS
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

Use the following checklist as a guideline to assist you with setting up managed systems from a Windows Central Management Server (CMS):

  1. Make sure that HP Systems Insight Manager (HP SIM) is installed on the CMS.

  2. Make sure that the First Time Wizard has been completed on the CMS.

    Important: Discovery must be run before setting up managed systems. Configuring Automatic Discovery is part of the First Time Wizard.

  3. Make sure that managed systems have the HP Version Control Agent (VCA) installed before running the Configure or Repair Agents feature to configure them.

    If the VCA has never been installed on the managed systems, see Installing the HP ProLiant Support Pack on Windows systems for the first time.

    If the VCA is already installed on the managed systems, continue to the next step.

  4. Configure the managed system software. See Configuring the managed system software using the Configure or Repair Agents feature from the CMS.

Installing the HP ProLiant Support Pack on Windows systems for the first time

For Windows systems, install the latest HP ProLiant Support Pack with the preconfigured components to all managed systems using the HP Systems Insight Manager feature Initial HP ProLiant Support Pack Install.

When you are installing the HP ProLiant Support Pack for the first time, the Initial HP ProLiant Support Pack Install process enables you to install a HP ProLiant Support Pack to a Windows system because you do not have any HP Insight Management Agents, especially HP Version Control Agent, installed. This process also configures the system to use the trust certificate from HP Systems Insight Manager (HP SIM) and the setting to use the desired HP Version Control Repository Manager. After you have run the Initial HP ProLiant Support Pack Install tool, you can use the Install Software and Firmware tool to update systems.

NOTE: Installing the VCRM is not part of this procedure because it is generally installed during the HP SIM installation. If you chose not to install a VCRM during installation, you see the HP Version Control Installation Guide at http://h18013.www1.hp.com/products/servers/management/agents/documentation.html for more information about installing and configuring the VCRM.

The Install Software and Firmware feature in HP Systems Insight Manager requires that the HP Version Control Repository Manager be installed on servers containing a repository.

NOTE: You must have Windows administrator privileges on target systems to install a HP ProLiant Support Pack.The Install Software and Firmware and VCA features are only available after the Initial HP ProLiant Support Pack Install process has been run. For more information regarding HP ProLiant Support Packs, see the HP ProLiant Support Pack and Deployment Utilities User Guide at http://h18013.www1.hp.com/manage/psp.html.

To install a HP ProLiant Support Pack for the first time:

  1. Select Deploy->Deploy Drivers, Firmware and Agents->Initial HP ProLiant Support Pack Install. The Initial ProLiant Support Pack Install page appears.

  2. Select the target systems. To add targets, select a group from the dropdown list. The contents of the selected group appear, and you can select the contents as targets or choose the collection itself by selecting Select 'collection name' itself.

  3. Click Next.

  4. On the Enter Windows login credentials page:

    1. In the User name field, enter the Windows administrator user name for the target system.

    2. In the Password field, enter the administrator password for the Windows user name entered in step a.

    3. In the Password (Verify) field, reenter the Windows administrator password exactly as it was entered in the Password field.

    4. In the Domain field, enter the Windows domain.

      Note: This field can be left blank if the system is not part of a domain.

  5. Click Next. The Select a Windows Support Pack page appears.

  6. Under Select a Version Control Repository, select a source repository system from which to retrieve the catalog.

    The following fields display:

    • Name. This field displays the name of the system.

    • Status. This field displays the status of the system.

    • Product Name. This field displays the name of the product.

    • Trusted?. This field indicates whether the system trust relationship has been configured. To configure a trust relationship, click configure.

    Note: This section displays systems that are authorized by the current user name. If the current user is not authorized to view the systems, a message appears, indicating that the user does not have authorization rights on the system.

  7. Under Select a Support Pack to Install, select a support pack to install. Click the expand tree icon icon to drill down and view the contents of the Version Control Repository that you selected.

    Note: To expand the System Software Baseline to display all contents, click the expand menu icon icon located in the upper-left corner of the Select a Support Pack to Install section. Click the collapse menu icon icon to collapse the listings.

  8. (Optional) Select Install and initialize SSH (Secure Shell) if you want to install and configure OpenSSH on the target systems. This option is disabled by default.

  9. (Optional) Select Force downgrade or re-install the same version if you are installing a HP ProLiant Support Pack that is ealier than or the same as the version currently installed. This option is disabled by default.

  10. (Optional) If you do not want to reboot after the installation, clear the Reboot systems if necessary after successful install option, which is selected by default. However, the system must be rebooted for the new HP ProLiant Support Pack to be available.

  11. Click Next. The Configure Support Pack page appears.

    • The following options display:

      • Click Configure System Management Homepage to set up the Support Pack to establish a trust relationship with System Management Homepage when it is installed on target systems. The Welcome to the Configuration Wizard for the HP System Management Homepage Component page appears.

        Note: If the Support Pack has already been configured, you can omit this step.

        Note: After the trust relationship is established, click Last Update to update the status to trusted.

        To configure the System Management Homepage:

        1. From the Welcome to the Configuration Wizard for the HP System Management Homepage Component page, click Next. The Operating Systems Groups page appears.

        2. In the Group Name field, enter the name of an operating system group that you want to assign (for example, vcadmin).

        3. In the Operating Level field, select the appropriate level for the new group from the dropdown list.

          Note: The default Administrators Groups always have administrative access.

        4. Click Add to assign the group. The new group appears under the operating system group to which it was assigned.

          Note: You can add up to five entries per operating system group.

        5. Click Next. You can click Save to save your changes up to this point or click Cancel to discard the changes and close the wizard.

        6. Select one of the following options:

          • Anonymous Access. Anonymous Access is disabled by default. Enabling Anonymous Access allows a user to access the System Management Homepage (SMH) without logging in. Select this option to allow anonymous access.

            Caution: HP does not recommend the use of anonymous access.

          • Local Access. Local Access is disabled by default. Enabling Local Access allows a user to locally gain access to the System Management Homepage without being challenged for authentication, which means that any user with access to the local console is granted full access if Administrator is selected. If Anonymous is selected, any local user has access limited to unsecured pages without being challenged for a user name and password.

            Caution: HP does not recommend the use of local access unless your management server software enables it.

        7. Click Next. You can click Save to save your changes up to this point, or click Cancel to discard the changes and close the wizard.

        8. Select one of the following Trust Mode security options:

          • Trust by Certificate. Sets the System Management Homepage (SMH) to accept configuration changes only from HP SIM servers with trusted certificates. This mode requires the submitted server to provide authentication by means of certificates. This mode is the strongest method of security because it requires certificate data and verifies the digital signature before allowing access. If you do not want to enable any remote configuration changes, leave Trust by Certificate selected, and leave the list of trusted systems empty by avoiding importing any certificates.

            NOTE: HP strongly recommends using this option because it is more secure.

            To trust by certificate:

            1. Select Trust by Certificate, and click Next.

            2. In the Certificate Name field, click Browse to select the certificate file. After the certificate file is selected, the certificate data appears on the screen.

            3. Click Add. The certificate appears under Certificate Files. You can click Save to save your changes up to this point or click Cancel to discard the changes and close the wizard.

            4. Click Next. The IP Binding page appears.

          • Trust by Name. Sets the System Management Homepage to accept certain configuration changes only from servers with the HP SIM names designated in the Trust By Name field. The Trust By Name option is easy to configure. For example, you might use the Trust By Name option if you have a secure network with two separate groups of administrators in two separate divisions. It prevents one group from installing software to the wrong system. This option verifies only the HP SIM server name submitted.

            NOTE: HP strongly recommends using the Trust by Certificate option because the other options are less secure.

            The server name option must meet the following criteria:

            • Each server name must be less than 64 characters.

            • The overall length of the server name list is 1,024 characters.

            • Special characters should not be included as part of the server name: ~ ' ! @ # $ % ^ & * ( ) + = \ ": ' < > ? , | .

            • Semicolons are used to separate server names.

            To trust by name:

            1. Select Trust by Name, and click Next.

            2. In the Trusted Server Name field, enter the server name to be trusted.

            3. Click Add. The trusted system name appears under the Trusted Servers list. You can click Save to save your changes up to this point or click Cancel to discard the changes and close the wizard.

            4. Click Next. The IP Binding page appears.

          • Trust All. Sets the System Management Homepage to accept certain configuration changes from any system.

            NOTE: HP strongly recommends using the Trust by Certificate option because the other options are less secure.

            To trust all servers:

            1. Select Trust All. You can click Save to save your changes up to this point or click Cancel to discard the changes and close the wizard.

            2. Click Next. The IP Binding page appears.

        9. IP Binding specifies from which IP addresses the System Management Homepage (SMH) accepts requests and provides control over which nets and subnets requests are processed.

          Administrators can configure the System Management Homepage to only bind to addresses specified in the IP Binding page. A maximum of five subnet IP addresses and netmasks can be defined.

          An IP address on the server is bound if it matches one of the entered IP Binding addresses after the mask is applied.

          NOTE: The System Management Homepage always binds to 127.0.0.1. If IP Binding is enabled and no subnet/mask pairs are configured, then the System Management Homepage is only available to 127.0.0.1. If IP Binding is not enabled, you bind to all addresses.

          To configure IP Binding:

          1. Select IP Binding. The IP Binding page appears.

          2. Enter the IP address.

          3. Enter the netmask.

          4. Click Add. The IP binding configuration is saved and appears under the IP Binding List.

          5. Click Next. The IP Restricted Login page appears.

        10. The IP Restricted Login enables the System Management Homepage (SMH) to restrict login access based on the IP address of a system.

          You can set address restriction at installation time or by it can be set by administrators from the IP Restricted Login page

          • If an IP address is excluded, it is excluded even if it is also listed in the included box.

          • If there are IP addresses in the inclusion list, then only those IP addresses are allowed login access with the exception of localhost.

          • If no IP addresses are in the inclusion list, then login access is allowed to any IP addresses not in the exclusion list.

          To include or exclude IP addresses:

          1. In the From field, enter the IP addresses to include or exclude. You can enter an IP address range to be included or excluded by entering a beginning IP address in the From field and an ending IP address in the To field.

          2. From the Type field, select Include or Exclude.

          3. Click Add to add the IP address or IP address range to the Inclusion List or Exclusion List below.

          4. Click Save. The HP System Management Homepage Login page for the System Management Homepage system appears. For more information about System Management Homepage, see the System Management Homepage Online Help at http://h18013.www1.hp.com/products/servers/management/agents/documentation.html.

    • Click Configure VCA to set up the VCA in the selected Support Pack.

      Note: If the VCA has already been configured, you can omit this step.

      To configure the VCA:

      1. In the Computer Name field, enter the name of the system where the VCRM is installed.

      2. In the Login Account field, enter the login name used to connect to the VCRM on the system specified.

        Note: Use a login account that has administrative privileges, but do not use the login name Administrator.

      3. In the Login Password field, enter the password associated with the login name specified.

      4. Click Save to save your settings. Click Cancel to discard your settings and close the VCA Setup page.

      5. Click Next.

  12. Back in HP SIM, click Next to start the HP ProLiant Support Pack download. The Download Support Pack page appears.

  13. After the support pack is downloaded, click Schedule to create a scheduled task for the Initial HP ProLiant Support Pack Install to run or click Run Now to run the task immediately.

Configuring the managed system software using the Configure or Repair Agents feature from the CMS

The HP Systems Insight Manager Configure or Repair Agents tool is a quick and easy way to configure Linux, HP-UX and Windows managed systems to communicate with HP SIM from a Windows CMS.

To run Configure or Repair Agents remotely against multiple systems simultaneously, you must have authorizations to run the Configure or Repair Agents tool.

You must have full CMS configuration privileges to modify the HP Systems Insight Manager community strings in the node security file. In addition, you must enter administrator level user credentials for the target system.

To configure agents remotely:

  1. Select Configure->Configure or Repair Agents. The Step 1: Select Target Systems page appears.

    Note: The Verify Target Systems page appears if the targets are selected before selecting a tool.

  2. To add targets, select a group from the dropdown list. The contents of the selected group appear and can be selected as targets. To select the entire collection, select Select "name of collection" itself.

  3. To remove a target, select the target’s checkbox, and then click Remove Targets.

  4. Click Next. The Step 2: Enter login credentials page appears.

  5. From the Step 2: Enter credentials page:

    1. In the User name field, enter the system administrator or root user name.

    2. In the Password field, enter the system administrator or root password for the user name previously entered.

    3. In the Password (Verify) field, reenter the system administrator password exactly as it was entered in the Password field.

    4. For Windows managed systems only, in the Domain field, enter the Windows domain.

      Note: The credentials used in this step must work for all target systems that have been selected. HP recommends using domain administrator or root credentials.

  6. Click Next. The Configure or Repair Settings page appears.

    Step 3: Configure or Repair Settings enables you to select options to configure the target system. The following options are available:

    • Configure SNMP. Select this option to configure SNMP settings.

      If this option is selected, the following steps must be considered:

      1. Select Set read community string to specify a community string. By default, HP Systems Insight Manager's first community string, that is not public, appears in the field. If no community string exists in HP Systems Insight Manager, then you must enter one.

        Note: If only HP-UX systems with default SNMP installation are being configured at this time, you can clear this option. HP-UX enables read by default (get-community-name is set to public by default on HP-UX systems).

        Note: If this option is selected, the Read Only community string is added to the target systems. If the target system is SuSE Linux or Microsoft Windows 2003, the managed nodes do not always enable SNMP communication between themselves and a remote host. This setting is modified to enable the instance of the HP SIM system to communicate using SNMP with these target systems.

        Note: You can enter a community string up to 255 characters.

        Note: Repairing the SNMP settings adds a Read Write community string to the target system only if one does not currently exist. This community string is unique for each system, is composed of over 30 characters to include letters and numbers, and is only visible to the user with administrator privileges for that system. This Read Write community string is required by the Web Agent to perform certain threshold setting capabilities. This community string is only used locally on the target system and is not used by HP Systems Insight Manager over the network. Linux and HP-UX systems do not need a Read Write community string, hence the Read Write community is added on Windows systems only.

      2. Select Set traps to refer to this instance of HP Systems Insight Manager in the target systems' SNMP Trap Destination List. This enables the target systems to send SNMP traps to this instance of HP SIM.

    • Trust relationship: Set to "Trust by Certificate". Select this option to require systems to use the Trust by Certificate trust relationship with the System Management Homepage.

      For System Management Homepage on the target systems, this option sets the trust mode to Trust by Certificate and copies the HP Systems Insight Manager system certificate to the target system's trusted certificate directory. This enables HP Systems Insight Manager users to connect to the System Management Homepage using the certificate for authentication.

    • Set administrator password for Insight Management Agents version 7.1 or earlier. Select this option to repair the administrator password on all Insight Management Agents installed on the target systems as applicable for Windows and Linux systems.

      Note: This option does not apply to HP-UX. If you are configuring or repairing HP-UX systems, clear this option.

      Note: Clear this option if you have Insight Management Agents 7.2 or later installed.

      Note: If the remote system is running HP-UX, this option is not executed on the remote system since it is not applicable on HP-UX systems. If only HP-UX target systems are being configured at this time, you can clear this option.

      If this option is selected, you must complete the following steps:

      1. In the Password field, enter the new administrator password.

      2. In the Confirm Password field, re-enter the new administrator password exactly as you entered it previously.

    • Configure secure shell (SSH) access.

      If this option is selected, you must select one of the following options:

      • Host based authentication for SSH

        Note: For this option to work, the user name and password provided on the previous page must be an administrative level account. For Linux or HP-UX targets, it must be the "root" account and password.

      • Each user has to be authenticated on the managed system

        Note: If the selected systems include Linux or HP-UX systems, and options for Configure SNMP settings, Trust relationships and administrator password was selected, then SSH authentication should be selected now unless already configured earlier.

        Note: SSH can be configured only if the OpenSSH service is running on the managed systems. OpenSSH can be installed on Windows systems, by running the Install Open SSH tool under Deploy->Deploy Drivers->Firmware and Agents->Install Open SSH.

    • Create subscriptions for WBEM events.

      Note: This option is only applicable to HP-UX systems. If this option is selected, the target system is configured to send WBEM indications or events to HP Systems Insight Manager.

      Note: Subscriptions for WBEM events can be created only if WBEM event providers are installed and running on the managed systems.

    • Configure the WBEM Services on the target systems to support client certificate authentication.

      Note: This option is only available for managing HP-UX systems running HP WBEM Services version A.02.05 or later. If this option is selected, an HP SIM WBEM certificate is registered with the WBEM Services trust store on the target systems. The user name associated with this certificate is the one provided in step 5, which should have root privilege. When discovery runs, the WBEM Services on the target systems would use this certificate to authenticate WBEM requests from HP SIM instead of using the basic authentication mechanism. For example, user name and password. The advantage of this technique for authentication is that you do not need to store passwords for WBEM access on your CMS.

  7. Click Run Now. The Task Results page appears.

    Note: Click Schedule to run this task at a later time.

    Note: The Configure or Repair Agents tool can be used to update multiple target systems, each of which might potentially have different results. The log results indicate whether the repair attempt was successful.

    Note: Repair of SNMP settings and Trust relationships and administrator password for Insight Management Agents 7.1 or earlier on Linux systems are executed by a separate task, which can be viewed in the tasks log menu selection. Repair of SNMP settings, Trust relationships on HP-UX systems is executed by a separate task, which can be viewed in the tasks log menu selection. If Linux and HP-UX systems are selected, there are two Task IDs, one for Linux and one for HP-UX systems.

    The Task Results page displays the following information:

    • Status. This field displays the details for each target system within a task instance.

    • Exit Code. This field represents the success or failure of an executable program. If the return value is zero or positive, the executable ran successfully. If a negative value is returned, the executable failed.

    • Target Name. This field displays the name/IP address of the target.

    • The stdout tab. This tab displays the output text information.

    • The stderr tab. This tab displays information if the executable experienced an error.

    • Files Copied tab. This tab displays what files are in the process of being copied or have been copied to the target system.

    • View Printable Report. Reports can be printed for the currently selected target system or for all target systems associated with the task instance.

      To print a report:

      1. Click View Printable Report.

        An Options Message box appears, asking if you want to generate a report containing only the currently selected target system or all systems associated with the task instance.

      2. Select which report to display.

      3. Click OK to display the report, or click Cancel to return to the View Task Results page.

  8. If the Management HTTP Server is installed on target systems, the login credentials are updated in the Management HTTP Server password file.



Chapter 6 Setting up managed systems
  		 


Setting up managed storage systems  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2003-2007 Hewlett-Packard Development Company, L.P.