E
HP Rack and Power Manager Security Considerations
HP Rack and Power Manager implements strict security for two important reasons:
•HP Rack and Power Manager has managed devices that have the potential to perform operations that are sensitive and destructive.
•The application has browser accessibility.
To better ensure the security of HP Rack and Power Manager and the devices it manages, the following topics should be considered in accordance with your organization’s security policies and the environment in which HP Rack and Power Manager will operate.
Access to HP Rack and Power Manager requires an account in HP Rack and Power Manager. Logging in requires the use of a user name and password, which should be kept properly secured.
Each account in HP Rack and Power Manager can be given different access levels, providing different capabilities. Ensure that the appropriate access level is granted to users of HP Rack and Power Manager.
Browsing to HP Rack and Power Manager is done using SSL, which encrypts the data between the browser and Management Server. The level of encryption supported by HP Rack and Power Manager is
HP Rack and Power Manager communicates with a CMC device, using the SNMP protocol. SNMP secures requests for data by means of a community string. The community string is configurable at the managed device and from within HP Rack and Power Manager, since both parties must know the community string. Default community strings such as public are easily guessed and should be avoided.
NOTE: CMC community strings must be changed both at the device using a HyperTerminal connection and from within HP Rack and Power Manager on the CMC Properties screen.
NOTE: Community string names are
HP Rack and Power Manager uses a database as its primary storage facility. Access to the database is controlled using a user name and password, which should be configured and kept secure.
HP Rack and Power Manager User Guide |