|
» |
|
|
|
To preconfigure the HP SMH component: Under All configurable components, right-click on the HP System Management Homepage component and select Configure. The Welcome wizard appears. Click Next. The Operating System Group dialog box appears providing you with an option to add the groups and select the Operating level. To add HP SMH groups: In the Group Name field, enter a name for the group. For example, you might want to use vcAdmin for a Version Control administrator group.
Note: You must assign an account to an operating system user group with administrator privileges to access the Version Control Repository Manager from the Version Control Agent. Do not use the Administrator account to connect from the Version Control Agent to the Version Control Repository Manager because it could potentially lock out the administrator account. Using the administrator account, add another account with administrator privileges to be used for Version Control Repository Manager access. Select an Operating Level from the dropdown list. This level determines the privileges assigned to this group. Click Add. The group name is added. A maximum of five entries can be added for each group level. After a group name is added, you can delete it by clicking the X located before the group name.
Click Next. The User Access dialog box appears. The User Access dialog box enables you to configure HP SMH from the following access types: Select Anonymous Access to enable anonymous access to unsecured pages. Select Local Access
Anonymous
or Local Access
Administrator
to set up HP SMH to automatically grant local IP addresses at the selected access level.
Caution: Selecting Local Access with administrator privileges provides all users with access to the local console full access without prompting them for a user name or password.
Click Next. The Trust Mode dialog box appears. Select the level of security you want to provide from one of the following trust modes: Trust By Certificate Select Trust By Certificate. Click Next. The Trusted Certificates dialog box appears. The Trusted Certificates dialog box allows trusted certificate files to be added to the Trusted Certificate List. Click Browse to select the certificate file. After the certificate file is selected, the certificate data appears on the screen. Click Add. The certificate appears under Certificate File. To delete a certificate file from the screen, click the X located before the certificate file.
Note: If you click Next without adding any certificates to the list and no certificates exist from a previous installation, a message appears indicating that if you do not specify any trusted certificates, HP Systems Insight Manager cannot access the HP Web-based Agents on this system. Click OK if you do not want HP Systems Insight Manager to access the HP Web-based Agents on this system, or click Cancel to close the dialog box and add the trusted certificates to the list.
Note: The Trust By Certificates option enables the HP SMH system and the HP Systems Insight Manager system to establish a trust relationship by means of certificates. This mode is the strongest method of security because it requires certificate data and verifies the digital signature before enabling access. Click Next. The IP Binding dialog box appears.
Trust By Name Select Trust By Name. Click Next. The Trusted Server dialog box appears.
Note: Although the Trust By Name mode is a slightly stronger method of security than the Trust All mode, it still leaves your system vulnerable to security attacks. The Trust By Name mode sets up HP SMH to only accept certain requests from servers with the HP Systems Insight Manager's certificate names designated in the Trust By Name field. The Trust By Name option is easy to configure and can prevent non malicious access. For example, you might want to use the Trust By Name option if you have a secure network, but your network has two groups of administrators in two separate divisions. The Trust By Name option would prevent one group from installing software to the wrong system. This option does not verify anything other than the HP Systems Insight Manager certificate name submitted. Enter the names of the certificate of SIM servers you want to trust.
Note: The HP Systems Insight Manager certificate name cannot contain the following characters: ~, !, `, @, #, $, %, ^, &, *, (, ), +, =, ", :, ', <, >, ?, ,, |, and ;. Click Add to add the certificate name of a SIM server you want to trust. The certificate name appears under Trusted Server. To delete a server's certificate name, click the X located before the certificate name. Click Next. The IP Binding dialog box appears.
Note: If you click Next without adding any HP Systems Insight Manager server's certificate names to the list, an error message appears, indicating that if you do not specify any trusted server names, HP Systems Insight Manager cannot access the HP Web-based Agents on this system. Click OK to proceed without trusting any systems, or click Cancel to close the dialog box and add HP Systems Insight Manager server's certificate names to the list.
Trust All Select Trust All. Click Next. The IP Binding dialog box appears.
Note: The Trust All option leaves your system vulnerable to security attacks and sets up HP SMH to accept certain requests from any server. For example, you might want to use Trust All if you have a secure network, and everyone in the network is trusted.
Select IP Binding to enable the Subnet IP Address and NetMask. The IP Binding dialog box enables you to bind to specific IP addresses that match a specific Subnet IP Address or NetMask. It restricts the subnet you want to manage. Enter the Subnet IP Address in the designated field. Enter the NetMask in the designated field. Click Add. The Subnet IP Address/NetMask appears in the IP Binding list. To delete a Subnet IP Address/Netmask, click the X located before the Subnet IP Address/Netmask pair. The Subnet IP Address/Netmask is deleted from the IP Binding list.
Note: You can add up to five Subnet IP Address/NetMask pairs.
Note: If you enter an invalid Subnet IP Address/Netmask, an error message appears indicating the Subnet IP address or Netmask is invalid. Click OK. Enter a valid Subnet IP address/Netmask and click Add again.
Click Next. The IP Restricted Login dialog box appears. The IP Restricted Login dialog box enables you to select specific IP addresses or IP address ranges to include or exclude from gaining login access. Although optional, HP SMH can restrict login access based on the IP addresses of the machine attempting to gain access. Select IP Restricted Login. Enter the IP address or IP address range. Select to Include or Exclude. Click Add. The IP address or IP address range appears under the Inclusion or Exclusion list. To delete an IP address or IP address range, click the X located next to the IP address or IP address range. The IP address or IP address range is removed from the list.
Note: You can add as many IP addresses or IP address ranges as you want.
Note: If you enter an invalid IP address or IP address range, an error message appears indicating the IP address is invalid.
Note: If Finish is clicked without adding any IP addresses to the Include or Exclude lists,
a warning message appears stating IP Restricted Login checkbox will be marked as disabled. Do you want to proceed without adding any IP Address restrictions? If you click OK, the IP Restricted Login option on the IP Restricted Login dialog box is deselected
Click Finish to save the configurations for the component.
You can install this preconfigured component to target systems without the need to configure settings in HP SMH after installation. For more information about using the ProLiant Remote Deployment Utility, see the HP ProLiant Support Pack and Deployment Utilities User Guide.
|