|
|
United States-English | |
|
|
 |
|
HP Servicecontrol Manager 3.0 User's Guide > Chapter 1 HP Servicecontrol
Manager Introduction
Security and Access |
|
|
SCM utilizes several technologies to provide secure access and secure transactions. The security model is graphically represented in Figure 1-7 “SCM Security”. To simplify the image, each managed node in Figure 1-7 “SCM Security” is only running one management application or protocol. Normally, managed nodes are running multiple management applications and protocols. You can access SCM via a command line or a Web browser. Both of these user interfaces can be accessed from anywhere on your network. When you access SCM from the command line interface, your operating system login automatically logs you on to SCM. Once you are logged on, you will have access to use the SCM commands based on your authorizations. If you access SCM from any system other than the CMS, make sure you use an Secure Shell (SecSH). Programs like telnet, rlogin, and ftp do not provide encrypted access. When you use one of these applications to access SCM, your data including your password is transmitted across the network unencrypted. In addition, these protocols are not spoof-protected. When you access the SCM from a Web browser, you log on using the secure HTML log-on screen. The user name and password for the log-on screen are the same as your CMS operating system user name and password. Your information is securely transmitted using the SSL protocol. SSL provides data encryption and server authentication by using a public and private key technology. The Web server on the CMS uses a certificate for server authentication. By default, this certificate is self-signed, but it may be replaced by a certificate that is signed by a trusted certificate authority. The security of the transaction depends on your networking environment and on the management application or protocol that each tool is using. The distributed task facility uses Java RMI to communicate with the DTF agents. Transactions are digitally signed using the public keys, which provides authentication protection but not encryption. Passwords should not be transmitted to or from DTF tasks. For example, a DTF task command line should not contain a password and the task results should not contain a password. For information about how to add encryption, see Chapter 4 “Increasing Servicecontrol Manager Security”. HTTPS provides secure communication for any tool or management application using the Web Based Enterprise Management (WBEM) protocol. WBEM is an industry standard that simplifies system management. It provides access to both software data and hardware data that is readable by WBEM compliant applications. SCM keeps a database of passwords for managed nodes running WBEM. The database contains the user names and passwords for each managed node, which are required to provide user authentication for tools using this protocol. These accounts do not need to have other access capabilities, such as log on rights. They are only used for WBEM access by SCM. The WBEM username and password can be set from the command line or the graphical user interface. For more information, see administering nodes - editing node security or administering node groups - editing node group security in the SCM online help. WBEM passwords for each user should be unique on each managed node for increased security. This will prevent someone from gaining access to a user account on all managed nodes. Additional information about HP WBEM Services is available at: http://docs.hp.com/hpux/netsys/index.html SCM uses the Tomcat Web server on the CMS. Tomcat features that are not required by SCM are turned off by default. This includes Server Side Includes and Common Gateway Interface scripts. The self-signed certificates used for WBEM and Tomcat Web server authentication make it possible for another system operating with the same IP address and hostname to impersonate the CMS. Use CA-signed certificates to prevent this possibility. If CA-signed certificates are not used, save the certificate in the browser the first time the browser is used to access SCM. This minimizes the chance of a possible “man-in-the-middle” attack on certificate authority. For information about how to upgrade to CA-signed certificates, see Chapter 4 “Increasing Servicecontrol Manager Security”. SNMP Versions 1 and 2 are not secure protocols. Therefore, anyone with access to your network will be able to intercept and view SNMP transactions. SCM does not use SNMP SetRequests. By default, the supported operating system platforms have SNMP SetRequests disabled. For improved security, do not enable SNMP SetRequests on the CMS or on the managed nodes. Even SNMP GetRequest responses can be spoofed, so all information from SNMP should be regarded as untrusted. SCM keeps a database of read and write community names for managed nodes running SNMP. The community name must match those configured on the management node. The SNMP community names and passwords can be set from the command line or the graphical user interface. For more information, see administering nodes - editing node security or administering node groups - editing node group security in the SCM online help. SCM supports managing servers that are located behind a firewall when using the WBEM protocol. The firewall must be configured to allow the WBEM traffic through the firewall. This traffic uses HTTPS over TCP port 5989. SNMP and DTF communications are not recommended through a firewall because the data exchanged between the CMS and the managed nodes is not encrypted. If your CMS or managed nodes are using a host-based firewall such as IPFilter, you will need to allow these new ports access through the firewall. The Bastille product on HP-UX can help with the IPFilter configuration. The following information is provided to assist in using SCM in a secured environment. Its completeness has not been verified, so some experimentation may be needed to apply it. The outbound traffic on these sockets are only in response to inbound connections. See reference - ports in the SCM online help for information on configuring the ports that are configurable. SCM uses the following fixed ports on the CMS only:
SCM uses the following fixed ports on managed nodes, including the CMS:
Not all WBEM, SNMP, or DMI services may be present on every managed node. In addition to the fixed ports, SCM uses a number of anonymous TCP ports in the range assigned by the operating system. On a managed node, a maximum of 10 anonymous ports are required from the pool. On the CMS, the number of anonymous ports required depends on:
An approximate formula for the maximum number of anonymous sockets required for the CMS is:
For example, a typical use of SCM with two commands active concurrently and two browser sessions active concurrently would require the following anonymous sockets on the CMS:
If required, the maximum and minimum anonymous socket numbers can be set for HP-UX and Linux.
where min_port and max_port delimit the desired anonymous port number ranges. Note that changes by these commands do not persist across a reboot. For more information, consult the appropriate manual pages for these commands. When setting the anonymous port ranges, be sure to also consider the anonymous port requirements of other applications running on the CMS and the managed nodes. If you are in an environment where you need a higher level of security than what is provided by default with SCM, there are several things you can do to increase security. Chapter 4 “Increasing Servicecontrol Manager Security” covers the following topics: |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 Printable version |
|
|
|
|
|
|||||||||||||||
|
|||||||||||||||
