4 Security

This chapter highlights several security items you should be aware of.

General security topics

The following items are a few general topics on security:

HP provides the HP-UX Bastille product, available from http://software.hp.com at no charge, for enhancing system security.

You can secure gWLM’s communications as explained in the following section.

System Insight Manager allows you to create user roles with different levels of privileges. For more information, see the System Insight Manager documentation.

For information on authorizations needed to run the HP Matrix Operating Environment, see the HP Matrix Operating Environment Getting Started Guide or the online help topic “Authorizations and Read-only Monitoring.”

Securing gWLM communications

By default, gWLM’s communications are not secure, meaning:

The communications between the CMS and the managed nodes are not encrypted

The source and destination of gWLM’s communications are not authenticated

When securing communications, you must do so for every managed node in every SRD managed by a given CMS.

To secure gWLM’s communications, assuming OpenSSH is installed and configured for System Insight Manager on each of the managed nodes, select from the System Insight Manager menu bar:

ConfigureMatrix OE AgentsSecure gWLM Communications…

For more information, see the online help topic “Securing gWLM Communications.”

Alternatively, you can secure communications manually by following the steps outlined in gwlmsslconfig(1M).

NOTE: HP strongly recommends always using gWLM with its communications secured.

Securing database communications

The following sections explain how to secure communications for the databases supported with gWLM.

Securing Postgres communications

No steps are needed to secure Postgres communications.

Securing Oracle communications

Oracle communications are not secure by default in the HP-UX environment. To secure communications:

NOTE: This procedures affects gWLM, HP Capacity Advisor, and HP Matrix OE visualization as they all communicate with the Oracle database in the same manner.

1.Open /etc/opt/gwlm/conf/gwlmcms.properties in a text editor.

2.Set the property com.hp.gwlm.jdbc.oracle.secure to 'on'.

General security topics

31

Page 31
Image 31
HP UX 11i Workload Management (gWLM/WLM) Software manual Security, General security topics, Securing gWLM communications

UX 11i Workload Management (gWLM/WLM) Software specifications

HP-UX 11i Workload Management (gWLM/WLM) software is an integral component of HP's premier UNIX operating system, designed to enhance system performance and resource management across diverse workloads. This advanced tool allows system administrators to monitor, control, and allocate resources effectively to achieve optimal performance, reliability, and service levels in enterprise environments.

One of the main features of gWLM/WLM is its ability to classify workloads and manage them according to specific policies set by the administrator. By using service level objectives (SLOs), administrators can define the performance criteria for various applications and workloads. gWLM continuously tracks these workloads, ensuring that they adhere to the defined SLOs, thus maintaining a high level of application performance.

The software employs resource pools, which segment resources such as CPU, memory, and I/O bandwidth among different workloads based on predefined priorities. This capability ensures that critical applications receive the resources they require, even during peak usage periods, thereby preventing resource starvation that could lead to system slowdowns or crashes.

Another significant characteristic of gWLM/WLM is its real-time monitoring and reporting capabilities. The software provides detailed insights into resource utilization, workload performance, and system health. Administrators can access this information through a user-friendly interface, allowing for informed decision-making and proactive management.

Integration with HP Serviceguard adds another layer of functionality, enabling high availability for critical applications. gWLM can orchestrate workload migration to ensure that service levels are maintained, even in the event of hardware failures or resource contention.

The technology behind gWLM/WLM is built on advanced algorithms that leverage historical data and predictive modeling to optimize resource allocation dynamically. This means that as workloads change, the system can automatically adjust resource distribution to meet performance targets without the need for constant manual intervention.

gWLM also supports integration with various enterprise management tools, enabling administrators to implement comprehensive monitoring and management strategies across the IT infrastructure. The scalability of gWLM allows organizations of all sizes to benefit from its robust workload management features, ensuring that they can adapt to changing demands in their operational environments.

In summary, HP-UX 11i Workload Management software offers a sophisticated solution for optimizing resource utilization, managing workloads effectively, and maintaining high performance in complex enterprise environments. Its comprehensive features and technologies make it an essential tool for any organization seeking to enhance their IT operations.