HP Integrity rx2800, System Management Homepage 6.0 User Manual

HP System Management Homepage 6.0
User Guide

HP-UX, Linux, and Windows Operating Systems

HP Part Number: 509679-003
Published: November 2009, Edition 3

© Copyright 2009 Hewlett-Packard Development Company, L.P.

Legal Notices

Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial
Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under
vendor's standard commercial license.

The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express
warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall
not be liable for technical or editorial errors or omissions contained herein.

Trademark Notices

AMD and Opteron are trademarks of Advanced Micro Devices, Inc.

Adobe and Acrobat are trademarks of Adobe Systems Incorporated.

HP-UX Release 10.20 and later and HP-UX Release 11.00 and later (in both 32 and 64-bit configurations) on all HP 9000 computers are Open
Group UNIX 95 branded products.

Intel and Itanium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

Microsoft and Windows are U.S. registered trademarks of Microsoft Corporation.

Red Hat is a registered trademark of Red Hat, Inc. in the United States and other countries.

UNIX is a registered trademark of The Open Group.

Java is a U.S. trademark of Sun Microsystems, Inc.

Microsoft® Windows® XP and Microsoft® Windows® Server, are registered trademarks of Microsoft Corporation in the United States of America
and in other countries.

Table of Contents

1 Introduction...............................................................................................9

Product features......................................................................................................................................9

HP SIM..................................................................................................................................................9

Integrated Management Tools...................................................................................................................9

HP-UX System Administration Manager (SAM) Deprecation...........................................................................9

Supported operating systems..................................................................................................................10

Supported browsers..............................................................................................................................11

Obtaining HP SMH software..................................................................................................................12

HP media.......................................................................................................................................12

HP websites....................................................................................................................................12

2 Getting Started........................................................................................13

Signing in............................................................................................................................................13

Starting HP System Management Homepage (HP SMH) from Internet Explorer.........................................14

Starting HP SMH from Mozilla or Firefox.............................................................................................15

Starting HP SMH from HP SIM...........................................................................................................16

Starting from the HP-UX Command Line..............................................................................................16

HP SMH Management Server............................................................................................................16

Configuring Firewall Settings..................................................................................................................17

Windows........................................................................................................................................17

Linux..............................................................................................................................................17

Red Hat Enterprise Linux 4 and 5..................................................................................................17

SUSE Linux Enterprise Server........................................................................................................18

Configuring Timeout Settings for HP-UX....................................................................................................19

Configuring SMH Service Timeout......................................................................................................19

Configuring SMH Session Timeout.....................................................................................................19

Automatically Importing Certificates.........................................................................................................20

Signing Out.........................................................................................................................................20

3 Scenarios................................................................................................23

IP Binding............................................................................................................................................23

IP Restricted Login.................................................................................................................................23

Local Server Certificate..........................................................................................................................23

Port 2301.............................................................................................................................................23

Kerberos Authentication.........................................................................................................................23

User Groups.........................................................................................................................................23

Alternative Names................................................................................................................................23

4 Navigating the Software...........................................................................25

Information Areas..................................................................................................................................26

Icon View.............................................................................................................................................28

HP SMH Pages.....................................................................................................................................30

5 The Home Page........................................................................................31

Overall Status Summary.........................................................................................................................31

System Status........................................................................................................................................31

Default HP-UX Property Pages.................................................................................................................31

System............................................................................................................................................31

Operating System............................................................................................................................32

Network.........................................................................................................................................32

Software.........................................................................................................................................32

Table of Contents 3

Storage..........................................................................................................................................32

SysMgmtPlus...................................................................................................................................32

6 The Settings Page.....................................................................................33

SNMP Webagent Box...........................................................................................................................33

SMH Data Source Category..............................................................................................................33

SNMP Configuration Category..........................................................................................................33

UI Options Category........................................................................................................................33

System Management Homepage Box......................................................................................................34

UI Properties Category.....................................................................................................................34

User Preferences Category................................................................................................................35

Security..........................................................................................................................................36

Anonymous/Local Access Category..............................................................................................36

IP Binding Category....................................................................................................................38

IP Restricted Login Category.........................................................................................................39

Local Server Certificate Category..................................................................................................40

Port 2301 Category....................................................................................................................41

Timeouts Category......................................................................................................................42

Session Timeout.....................................................................................................................43

UI Timeout............................................................................................................................43

Trust Mode Category..................................................................................................................44

Configuring Trust Mode..........................................................................................................47

Trusted Management Servers Category..........................................................................................48

Kerberos Authentication Category.................................................................................................51

Kerberos Authentication Procedure...........................................................................................51

HP SMH Kerberos Authentication.............................................................................................52

Kerberos Administrator ..........................................................................................................52

Kerberos Operator ................................................................................................................53

Kerberos User ......................................................................................................................53

User Groups Category................................................................................................................54

Administrator Group..............................................................................................................55

Operator Group....................................................................................................................56

User Group..........................................................................................................................56

Alternative Names Certificates......................................................................................................57

Menus (HP-UX Only)..............................................................................................................................57

Add Custom Menu (HP-UX Only)........................................................................................................57

Remove Custom Menu (HP-UX Only)...................................................................................................58

7 The Tasks Page.........................................................................................59

8 The Tools Page (HP-UX Only)......................................................................61

9 The Logs Page..........................................................................................63

System Management Homepage Log.......................................................................................................63

SAM Log.............................................................................................................................................63

Httpd Error Log.....................................................................................................................................63

Supported Languages............................................................................................................................64

10 The Installed Webapps Page....................................................................67

11 The Support Page....................................................................................69

The Help Page......................................................................................................................................69

Search Form....................................................................................................................................70

Credits................................................................................................................................................70

4 Table of Contents

12 Command Line Interface Configuration......................................................71

Command Line Interface Configuration....................................................................................................71

Anonymous Access..........................................................................................................................71

Local Access...................................................................................................................................71

IP Restricted Logins...........................................................................................................................71

IP Binding.......................................................................................................................................72

Trust Modes....................................................................................................................................72

Restart service.................................................................................................................................73

Reject Program Admin Login..............................................................................................................73

Win32DisableAcceptEX...................................................................................................................73

Enable/disable SSL v2.....................................................................................................................73

Log Rotations...................................................................................................................................73

Rotate Log Size................................................................................................................................73

Maximum Number of Threads Allowed...............................................................................................73

Maximum Number of Sessions..........................................................................................................74

Session Timeout...............................................................................................................................74

Log Level.........................................................................................................................................74

Port 2301.......................................................................................................................................74

Multihomed certificate alternative names list........................................................................................74

Custom UI.......................................................................................................................................75

Httpd Error Log................................................................................................................................75

Icon View.......................................................................................................................................75

Box Order......................................................................................................................................75

Box Item Order................................................................................................................................75

Kerberos Authentication....................................................................................................................75

User Groups....................................................................................................................................76

Help message.................................................................................................................................76

File Based Command Line Interface....................................................................................................76

Command Line Log Reader...............................................................................................................77

13 Troubleshooting......................................................................................79

Troubleshooting....................................................................................................................................79

Support...............................................................................................................................................86

Service and Support.........................................................................................................................86

Support and other resources.........................................................................89

Intended Audience................................................................................................................................89

Publishing History.................................................................................................................................89

Typographic Conventions.......................................................................................................................89

Related Documents................................................................................................................................90

HP SMH documentation....................................................................................................................90

HP Encourages Your Comments..............................................................................................................90

A HP SMH file locations...............................................................................91

File locations........................................................................................................................................91

B HP SMH Ciphers......................................................................................93

Ciphers used in HP SMH.......................................................................................................................93

Glossary....................................................................................................95

Index.......................................................................................................101

Table of Contents 5

6

List of Tables

2-1 Firewall exceptions..........................................................................................................................17

4-1 Status icons....................................................................................................................................28

4-2 Icon View......................................................................................................................................29

6-1 Timeout settings..............................................................................................................................43

9-1 Locale names of supported languages...............................................................................................64

9-2 Suffixes of supported languages........................................................................................................65

12-1 CLI arguments..............................................................................................................................71

12-2 Log level......................................................................................................................................74

13-1 Firewall protection exceptions.........................................................................................................84

10 Publishing history..............................................................................................................................89

A-1 HP SMH file locations......................................................................................................................91

B-1 Ciphers used in HP SMH.................................................................................................................93

7

8

1 Introduction

HP System Management Homepage (HP SMH) is a web-based interface that consolidates and simplifies
single system management for HP servers running the HP-UX, Linux, and Microsoft Windows operating
systems. HP SMH aggregates and displays data from Web Agents and other HP Web-enabled System
Management Software that includes:

• HP Insight Diagnostics

• Array Configuration Utility

• HP Software Version Control Agents

• HP Insight Diagnostics

• Array Configuration Utility

• HP Software Version Control Agents

HP SMH enables you to view in-depth hardware configuration and status data, performance metrics, system
thresholds, diagnostics, and software version control information using a single intuitive interface.

On an HP-UX system, HP SMH has a bundle tag of SysMgmtWeb and is installed by default on all HP-UX
versions, including HP-UX 11i v1 (B.11.11), HP-UX 11i v2 (B.11.23), and HP-UX 11i v3 (B.11.31) Operating
Environments.

Product features

HP SMH provides the following enhanced security and streamlined operations for HP servers running HP-UX,
Linux, and Windows operating systems.

• Browser access using operating system-based Secure Sockets Layer (SSL)-secure authentication

• Common HTTP and HTTPS service for HP Insight Management Agents and utilities, for reduced complexity

and system resource requirements

• Simplified architecture for implementing HTTP security and HP management updates

• Access control through Network Interface Card (NIC) binding and advanced configuration features for

individual and groups of users

• Broad operating system and browser support

HP SIM

HP SMH is tightly integrated with

HP Systems Insight Manager

(HP SIM). You can easily navigate to HP SMH

from the System Lists and System Pages in HP SIM.

NOTE: Accepting the HP SIM certificate is the default behavior.

There are also several HP SIM tools (under the Configure→HP-UX Configuration category) that access
HP SMH-based plugins directly.

Integrated Management Tools

HP SMH provides the management server for Web-based system administration.
For HP-UX, key functional areas of the

HP-UX System Administration Manager

(SAM) have been enhanced
to provide Web-based management capabilities and are now integrated into HP SMH. These include such
areas as Partition Management, Peripheral Devices, Disks & File Systems, Users and Groups, and Kernel
Configuration.

HP-UX System Administration Manager (SAM) Deprecation

The HP-UX System Administration Manager (SAM) was an HP-UX System Administration tool that provided
tools for performing system administration tasks. In the HP-UX 11i v3 (B.11.31) release of HP-UX, SAM is
deprecated. HP SMH, an enhanced version of SAM, is the recommended tool for managing HP-UX.

Product features 9

HP SMH provides Graphical User Interface (GUI), Terminal User Interface (TUI) and Command Line Interface
(CLI) for managing HP-UX. You can access these interfaces using the smh command (/usr/sbin/smh).
You can also use the

sam

(1M) command, which behaves the same as the

smh

(1M) command, but the

deprecation message is displayed in the beginning.
Most applications for performing administration tasks are now available through the web-based GUI interface

and the enhanced TUI. However, a few applications continue to open in ObAM based X-windows or ObAM
based TUI.

Some functional areas previously available for system administration are obsolete. These areas are listed in
the

HP-UX 11i Release Notes

, available on the HP Technical documentation Web site at http://docs.hp.com.

Supported operating systems

HP ProLiant servers

• Windows Server 7 for x86 and x64

• Windows Server 2008 Foundation R2

• Windows Server 2008 R2 for x64

• Windows Server 2008 Standard for x86 and x64

• Windows Server 2008 Enterprise for x86 and x64

• Windows Server 2008 Datacenter for x86 and x64

• Windows Server 2008 Essential Business Server

• Windows Server 2008 Small Business Server

• Windows Server HPC 2008

• Windows Server® 2003 Standard Edition SP2 for x86 and x64

• Windows Server 2003 R2, Standard Edition SP2 for x86 and x64

• Windows Server 2003, Web Edition SP2

• Windows Server 2003 Enterprise Edition SP2 x86 and x64

• Windows Server 2003 R2 Enterprise Edition SP2 x86 and x64

• Windows Server 2003 SBS, Standard and Premium R2

• Windows Vista Business Edition

• Windows Vista Enterprise Edition

• Windows Vista Ultimate Edition

• Windows XP SP2

• Windows XP SP3

• Red Hat Enterprise Linux 5 update 4 for x86 and AMD64/EMT64T

• Red Hat Enterprise Linux 5 update 3 for x86 and AMD64/EMT64T

• Red Hat Enterprise Linux 5 update 2 for x86 and AMD64/EMT64T

• Red Hat Enterprise Linux 4 update 8 or later for x86 and AMD64/EMT64T

• Red Hat Enterprise Linux 3 update 9 for x86, AMD64/EMT64T

• Red Hat Enterprise Linux 3 update 9 for x86 with Cisco Kernel

• Oracle Enterprise Linux

• SUSE Linux Enterprise Server (SLES) 11 for x86 and AMD64/EMT64T

• SUSE Linux Enterprise Server (SLES) 10 SP 1 or later for x86 and AMD64/EMT64T

• SUSE Linux Enterprise Server (SLES) 9 SP 4 or later for x86 and AMD64/EMT64T

• ESX 3.0

• ESX 3.0.1

10 Introduction

• ESX 3.0.2

• ESX 3.5

• ESX 4.0

• Novell Open Enterprise Server (OES)

• XEN

HP Integrity servers

• Windows Server 2008 for Itanium-based systems, 64-bit

• Windows Server 2008 R2 for Itanium-based systems, 64-bit

• Red Hat Enterprise Linux 5.0 Update 1

• Red Hat Enterprise Linux 4.0 Update 6

• SUSE Linux Enterprise Server (SLES) 10 Service Pack 1

• SUSE Linux Enterprise Server (SLES) 9 Service Pack 4

HP-UX

• HP-UX 11i v3 (B.11.31) for HP Integrity Servers and HP 9000 Servers

• HP-UX 11i v2 (B.11.23) for HP Integrity Servers and HP 9000 Servers

• HP-UX 11i v1 (B.11.11) for HP Servers and Workstations

NOTE: For Linux operating systems, Lightweight Directory Access Protocol (LDAP) is supported on SUSE
Linux Enterprise Server 9 and SUSE Linux Enterprise Server 10.

For Windows operating systems, SmartStart CD requires that all systems have a minimum of 256 MB of
RAM.

HP-UX 11i v1 (B.11.11) Operating Environments are for PA-RISC systems only. HP-UX 11i v2 (B.11.23)
Operating Environments (September 2004 and later). HP-UX 11i v3 (B.11.31) Operating Environments
(February 2007 and later) support both PA-RISC and Itanium-based operating systems.

NOTE: To install the HP SMH application, a minimum of 100 MB free disk space is required.

Supported browsers

For HP-UX Itanium-based or PA-RISC operating systems:

• Internet Explorer 6.0 SP2

• Internet Explorer 7.0 (SMH 2.2.9 or later)

• Internet Explorer 8.0 (HP SMH 3.0.2 or later)

• Mozilla 1.6, 1.7

• Firefox 1.0.2, 1.5, 2.0

For Windows Itanium-based or x86 operating systems:

• Internet Explorer 6.0 SP2

• Internet Explorer 7.0 (SMH 2.1.9 or later)

• Internet Explorer 8.0 (HP SMH 6.0 or later)

• Mozilla 1.7.13

• Firefox 2.0.0.x

• Firefox 3.0

• Firefox 3.5

• Mozilla Firefox 1.5.0.x

For Linux Intel Itanium or x86 operating systems:

Supported browsers 11

• Internet Explorer 8.0 (HP SMH 6.0 or later)

• Mozilla 1.7.13

• Firefox 2.0.0.x

• Firefox 3.0

• Firefox 3.5

• Mozilla Firefox 1.5.0.x

NOTE: Installation of HP SMH does not require a browser.
The HP Web-enabled System Management Software is hardware-dependent. For the installation to complete

successfully, your system must support at least 256 colors.

Obtaining HP SMH software

HP media

• HP-UX 11i v3 (B.11.31) Operating Environment DVD, February 2007 or later

• HP-UX 11i v3 (B.11.31) Applications DVD, February 2007 or later

• HP-UX 11i v2 (B.11.23) Operating Environment DVD, May 2005 or later

• HP-UX 11i v2 (B.11.23) Applications DVD, September 2005 or later

• HP-UX 11i v1 (B.11.11) Operating Environment DVD, September 2005 or later

• HP-UX 11i v1 (B.11.11) Applications DVD, May 2005 or later

• HP SmartSetup CD 6.20 or later

• HP SmartStart CD 8.20 or later

• HP ProLiant Support Pack 8.20 or later

• HP Integrity Support Pack 6.20 or later

HP websites

These HP websites are accessible from any system with a web browser and access to the Internet:

• To download the latest software versions, see the HP website at http://www.hp.com.

• For HP-UX operating systems, you can also find the software on the Software Depot home at http://

www.hp.com/go/softwaredepot.

• For Linux and Windows operating systems, HP SMH is available in the ProLiant Support Pack and
Integrity Support Pack. To download the latest version of the ProLiant Support Pack or Integrity Support
Pack, see the Support and Troubleshooting link at http://www.hp.com.

12 Introduction

2 Getting Started

To get started with

HP System Management Homepage

(HP SMH), use the following information when

configuring HP SMH and setting up users and security properly.
To configure HP SMH:

• On HP-UX operating environments, HP SMH is installed with default settings. You can change the
configuration by modifying the environment variables and tag values set in the following files:

• /opt/hpsmh/lbin/envvars

• /opt/hpsmh/conf.common/smhpd.xml

• /opt/hpsmh/conf/timeout.conf

• On Linux operating systems, HP SMH is installed with default settings. The settings are configurable by

using the perl script (hpSMHSetup.pl) located in /usr/local/hp (for Linux x86 and x64 systems) or,
in /opt/hp/hpsmh/smhconfig/hpSMHSetup.sh for Itanium systems.

• On Windows operating systems, the installation enables you to configure HP SMH settings during
installation.

NOTE: To change the configurations for the HP-UX, Linux, and Windows operating systems, see the

HP

System Management Homepage Installation Guide

on the HP Technical Documentation Web site at http:/

/docs.hp.com.

To set up user access and security properly:

1. Add user groups to effectively manage user rights.

2. Configure the trust mode.

3. Configure local or anonymous access.

Signing in

The Sign In page enables you to access the Home page, which contains the available

HP Insight Management

Agents

.

The Sign In page components include:

• Two fields to input your user name and password from an account that is part of a valid group configured
in the SMH users groups configuration article.

• Two buttons under the input fields:

Sign In Validates the values in the user name and password. If both values are valid, the HP
SMH main page appears.

•

• Clear Erases the input values.

• The question mark icon, ?, displays or hides a floating tooltip box with information about the

authentication mechanism and sign in process.
The following table provides more information about the tooltip box.

Signing in 13

531

Question mark. Show/hide tooltip
box.

Sign In. Validates user name
sign-in to HP SMH.

User Name. The user must be
part of a user group accepted
by HP SMH.

4

Clear. Erases user name and
password input fields.

2

Password. The user name and
password must match a valid
user.

If an error occurs on a sign-in attempt, you are returned to the Sign In page.
A configuration mechanism enables the administrator to customize the image and the message in the Sign

In page. The administrator can use a custom logo and warning message. As the pages load, HP SMH verifies
if the personalized content is enabled and available. If the content is not available, HP SMH uses the standard
image and warning message.

Starting HP System Management Homepage (HP SMH) from Internet Explorer

To sign in to HP SMH with Internet Explorer:

1. Navigate to https://hostname:2381/.

The first time you browse to this URI, the Security Alert dialog box appears, prompting you to indicate
whether to trust the server. If you do not import the

certificate

, the Security Alert appears every time you

browse to HP SMH.
If you are browsing to an HP-UX server, by default you must use http://hostname:2301/.
By default, HP-UX is installed with the autostart feature enabled. A daemon listens on port 2301,

and starts HP SMH on port 2381 when requested, then stops it after a timeout period. You can also
configure HP SMH to always run on port 2381. For more information, see the

smhstartconfig

(1M)

command.
If the Start on Boot feature is enabled (instead of autostart), a message window appears, which

explains the security features. Wait a few seconds to be redirected to port 2381 or click the link at the
bottom of the message. The System Management Homepage sign in page appears.

For more information about procedures on changing the configuration variables, see the

HP System

Management Homepage Installation Guide

on the HP Technical Documentation Web site at http://

docs.hp.com.

NOTE: To implement your own

Public Key Infrastructure

(PKI) or install your own generated certificates

into each managed system, you can install a

certificate authority

Root Certificate into each browser to

be used for management. If a Root Certificate is implemented, the Security Alert dialog box does not

14 Getting Started

appear. If the alert appears, you might have browsed to the wrong system. For more information about
installing the certificate authority Root Certificate, see the online help in your browser.

NOTE: To implement or install your own generated certificates into each managed system, you can
install a

certificate authority

Root Certificate into each browser to be used for management. If a Root

Certificate is implemented, the Security Alert dialog box does not appear. If the alert appears, you
might have browsed to the wrong system. For more information about installing the certificate authority
Root Certificate, see the online help in your browser.

2. Click Yes.

The Sign In page appears. If you enabled Anonymous access during installation, then System
Management Homepage appears.

3. Enter your user name that is recognized by the operating system.

NOTE: HP SMH initially only allows access to the root user.

• HP-UX HP SMH initially only allows access to the root user.

• Linux HP SMH initially allows access to users belonging to the root operating system group.

• Windows HP SMH allows access to users belonging to the Administrators operating system

group.

If the user credentials cannot be authenticated, the user is denied access.
After logging into HP SMH as an initially allowed user, use the Security Settings to grant access to users

in other operating system groups.

Administrator

on Windows and

root

on HP-UX or Linux have administrator access on HP SMH.

4. Enter the password that is recognized by the operating system.

5. Click Sign In.

The System Management Homepage appears.

Starting HP SMH from Mozilla or Firefox

To sign in to HP SMH with Mozilla or Firefox:

1. Navigate to https://hostname:2381/.

If you are browsing to an HP-UX server, by default you must use http://hostname:2301/.
By default, HP-UX is installed with the autostart feature enabled. A daemon listens on port 2301,

and starts HP SMH on port 2381 when requested, then stops it after a timeout period. You can also
configure HP SMH to always run on port 2381. For more information, see the

smhstartconfig

(1M)

command.
If the Start on Boot feature is enabled (instead of autostart), a message window appears, which

explains the security features. Wait a few seconds to be redirected to port 2381 or click the link at the
bottom of the message. The System Management Homepage sign in page appears.

For more information about procedures on changing the configuration variables, see the

HP System

Management Homepage Installation Guide

on the HP Technical Documentation Web site at http://

docs.hp.com.

2. Click OK.

The Sign In page appears. If you enabled Anonymous access during installation, then System
Management Homepage appears.

3. Enter your user name that is recognized by the operating system.

• HP-UX HP SMH initially only allows access to the root user.

• Linux HP SMH initially allows access to users belonging to the root operating system group.

• Windows HP SMH allows access to users belonging to the Administrators operating system

group.

Signing in 15

Administrator

on Windows and

root

on HP-UX or Linux have administrator access on HP SMH.

4. Enter the password that is recognized by the operating system.

5. Click Sign In.
The System Management Homepage appears.

Starting HP SMH from HP SIM

To start HP SMH by signing in to HP SIM with a Web browser:

1. Navigate to https://hostname:50000/.
The first time you browse to this link, the Security Alert dialog box appears, asking if you want to trust

the server. If you do not import the

certificate

, the Security Alert appears each time you browse to

Systems Insight Manager (HP SIM).

NOTE: To implement a custom

Public Key Infrastructure

(PKI) or install your own generated certificates

into each managed system, you can install a certificate authority Root Certificate into each browser to
be used for management. If a Root Certificate is implemented, the Security Alert dialog box does not
appear. If the alert appears, you might have browsed to the wrong system. For more information about
installing the certificate authority Root Certificate, see the online help in your browser.

NOTE: To implement or install your own generated certificates into each managed system, you can
install a certificate authority Root Certificate into each browser to be used for management. If a Root
Certificate is implemented, the Security Alert dialog box does not appear. If the alert appears, you
might have browsed to the wrong system. For more information about installing the certificate authority
Root Certificate, see the online help in your browser.

2. Click Yes.
The Sign In page appears.

3. Enter your user name that is recognized by the operating system.

4. Enter the password that is recognized by the operating system.

5. Click Sign In.

6. Select Tools→System Information→System Management Homepage.

7. Select a target system from the list.

8. Select a check box next to a target system, and then click Apply.

9. Verify the target system by selecting a check box next to the system, and then click Run Now.
The Security Alert dialog box appears, prompting you to trust the server. If you do not import the

certificate

, the Security Alert appears each time you browse to HP SMH.

The System Management Homepage appears.

Starting from the HP-UX Command Line

When you run the sam or smh command and the DISPLAY environment variable is set, HP SMH opens in
the default Web browser. If the DISPLAY environment variable is not set, HP SMH opens in the TUI. Most
applications for performing administration tasks are available through the Web-based GUI interface and
an enhanced TUI. However, some applications continue to open in ObAM based X-windows or ObAM
based TUI.

HP recommends using the

smh

(1M) command. However, the

sam

(1M) command continues to be available

and behave just as the

smh

(1M) command. Some functional areas previously available for system

administration are obsolete. These areas are listed in the

HP-UX 11i Release Notes

, available on the HP

Technical documentation web site at http://docs.hp.com.

HP SMH Management Server

By default, the HP SMH management server for HP-UX starts only on demand. It does not run continually. A
daemon listens on port 2301 to start an instance of the management server. On Linux, HP SMH is started
on boot.

16 Getting Started

By default, the HP SMH management server for HP-UX starts only on demand. It does not run continually. A
daemon listens on port 2301 to start an instance of the management server.

Configuring Firewall Settings

Windows

Some operating systems including Windows XP with Service Pack 2 and Windows Server 2003 SBS
implement a firewall that prevents browsers from accessing the ports required for the Version Control
Repository Manager access. To resolve this issue, configure the firewall with exceptions to enable browsers
to access the ports used by HP SIM and Version Control Repository Manager.

NOTE: For Windows XP with Service Pack 2, the firewall configuration leaves the default SP2 security
enhancements intact, but enables traffic over the ports. These ports are required for the Version Control
Repository Manager to run. The secure and insecure ports must be added to enable proper communication
with your browser.

To configure the firewall:

1. Select Start→Settings Control Panel.

2. To configure the firewall settings, double-click Windows Firewall.

3. Select Exceptions.

4. Click Add Port.

5. Enter the following product name and the port number information.
Add the exceptions listed in the following table to the firewall protection:

Table 2-1 Firewall exceptions

Port NumberProduct

2301HP SMH Insecure Port:

2381HP SMH Secure Port:

6. Click OK to save your settings and close the Add a Port dialog box.

7. Click OK to save your settings and close the Windows Firewall dialog box.

Linux

Configuring firewalls varies, depending on the version of Linux installed.

Red Hat Enterprise Linux 4 and 5

The following displays an example of iptables firewall rules for Red Hat Enterprise Linux 4 and 5 in the

/etc/sysconfig/iptables file:

# Firewall configuration written by redhat-config-securitylevel

# Manual customization of this file is not recommended.

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

:RH-Firewall-1-INPUT - [0:0]

-A INPUT -j RH-Firewall-1-INPUT

-A FORWARD -j RH-Firewall-1-INPUT

-A RH-Firewall-1-INPUT -i lo -j ACCEPT

-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT

-A RH-Firewall-1-INPUT -p 50 -j ACCEPT

-A RH-Firewall-1-INPUT -p 51 -j ACCEPT

Configuring Firewall Settings 17

-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

COMMIT

The following displays the new value in the iptables firewall rules for Red Hat Enterprise Linux 4 and 5 that
allows access to HP SMH in the /etc/sysconfig/iptables file:

# Firewall configuration written by redhat-config-securitylevel

# Manual customization of this file is not recommended.

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

:RH-Firewall-1-INPUT - [0:0]

-A INPUT -j RH-Firewall-1-INPUT

-A FORWARD -j RH-Firewall-1-INPUT

-A RH-Firewall-1-INPUT -i lo -j ACCEPT

-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT

-A RH-Firewall-1-INPUT -p 50 -j ACCEPT

-A RH-Firewall-1-INPUT -p 51 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 2301 -j
ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 2381 -j
ACCEPT

-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

COMMIT

SUSE Linux Enterprise Server

SUSE Linux Enterprise Server 9 and 10 firewalls are configured using the YAST2 utility.
To configure the firewall:

1. Using the YAST2 utility, select Security & Users→Firewall.

The Firewall Configuration (Step 1 of 4): Basic Settings window appears.

2. Click Next.

The Firewall Configuration (Step 2 of 4): Services window appears.

3. In the Additional Services field, enter 2301:2381, and then click Next.
The Firewall Configuration (Step 3 of 4): Features window appears.

4. Click Next.
The Firewall Configuration (Step 4 of 4): Logging Options window appears.

18 Getting Started

5. Click Next.
A dialog box appears asking you to confirm your intention to save settings and active firewall.

6. Click Continue.
The firewall is configured and your settings are saved.

Configuring Timeout Settings for HP-UX

Two HP SMH timeout settings can be configured:

• SMH service timeout Sets the amount of time, in minutes, before the HP SMH server stops.

• SMH session timeout Sets the amount of time, in minutes, before an HP SMH GUI session stops.

NOTE: Selecting the Session never expires check box avoids HP SMH session timeouts by sending a
background request every three minutes. This option, when selected, also prevents HP SMH service timeouts.
Session never expires is only available on HP-UX systems.

Configuring SMH Service Timeout

The HP SMH service timeout setting enables you to configure the HP SMH timeout in minutes. If service
timeout is not defined or is set to 0 (zero), HP SMH starts without a service timeout. If the service timeout is
less than the HP SMH session timeout, HP SMH stops 3 minutes after the HP SMH session timeout.

When the HP SMH automatic startup on boot startup mode is used, HP SMH starts without a service timeout.
To modify the service timeout setting, complete the following steps:

1. Copy the existing /opt/hpsmh/conf/timeout.conf file into a different directory.

2. Edit the timeout.conf file:
a. Open /opt/hpsmh/conf/timeout.conf with a text editor.
b. Modify the following line to specify a value greater than 9 minutes.

TIMEOUT-SMH=30

c. Save and close the file.

3. Restart the HP SMH service.

Configuring SMH Session Timeout

The HP SMH session timeout setting enables you to configure the HP SMH GUI timeout in minutes. An HP
SMH GUI session is stopped after the session timeout time period elapses without user activity.

If the session timeout is not defined, it is set to 15 minutes.
To modify the session timeout setting, execute the following steps:

1. Copy the existing smhpd.xml file into a different directory.
The file is located in the following path.

HP-UX /opt/hpsmh/conf.common/smhpd.xml

2. Edit the smhpd.xml file:
a. Open smhpd.xml with a text editor in the following manner.

/opt/hpsmh/conf.common/smhpd.xml

b. Add the following line between the <system-management-homepage> and

</system-management-homepage> tags:

<session-timeout>value</session-timeout>

c. Replace value with a value between 6 and 120.
d. Save and close the file.

3. Restart the HP SMH service.

Configuring Timeout Settings for HP-UX 19

Automatically Importing Certificates

The Automatically Import Management Server Certificate feature enables you to automatically import the HP
SIM

certificate

when accessing the HP SMH from an HP SIM system.

NOTE: Your login must have administrative access to HP SMH to automatically import the HP SIM certificate.

531

Question mark. Show/hide tooltip
box.

Sign In. Validates user name
sign-in to HP SMH.

User Name. The user must be
part of a user group accepted
by HP SMH.

64

Automatically import management
server certificate. Imports certificate

data if checked when the sign in
button is pressed.

Clear. Erases user name and
password input fields.

2

Password. The user name and
password must match a valid
user.

To automatically import the HP SIM certificate:

1. From an HP Systems Insight Manager or HP Insight Manager 7 system, select a link to a system.

If the Trust By Certificate option is selected in HP SMH Settings, click the Security link, and then
click the Trust Mode , and a certificate for the HP SIM system you are accessing has not been imported
into the Trusted Certificates List, the Sign In page displays the Automatically Import Management
Server Certificate option. The Certificate Information retrieved from SERVER NAME displays the HP
SIM certificate details.

2. If you do not want to add the HP SIM certificate to the Trusted Certificates List; deselect
Automatically Import Management Server Certificate. Deselecting this option still requires you to
enter login credentials. However, administrator credentials are not required to login.

If you enable HP SMH to automatically import the HP SIM certificate, future access to the system is
seamless. You are not prompted for your login credentials.

3. Leave Automatically Import Management Server Certificate selected, enter your HP SMH credentials,
and then click Sign In to automatically import the certificate.

The certificate is added to the Trusted Certificates List.

Signing Out

You can sign out of HP SMH, using either of the following options:

20 Getting Started

• In the HP SMH banner, click Sign Out.

The HP System Management Homepage Sign in page appears.

• Close every instance of the Web browser used to sign in to HP SMH.

Signing Out 21

22

3 Scenarios

IP Binding

You can use IP Binding for example when a system has multiple IP addresses and you want to limit the access
to HP SMH to particular networks or subnets:

• For infrastructure (IPv4 and IPv6)

• Multiple subnets

• Security

• Bandwidth

For more information, see “IP Binding Category”.

IP Restricted Login

IP Restricted Login is useful if you want to:

• Limit remote access to HP SMH to include only specific remote servers

• To exclude entire ranges of remote servers

• Increase security by limiting remote access

For more information, see “IP Restricted Login Category”.

Local Server Certificate

Local server certificate is useful for security reasons through creating self-signed certificates instead of
certificates generated by HP.

For more information, see “Local Server Certificate Category”.

Port 2301

For security reasons, you can reduce the amount of open ports in the environment.
For more information, see “Port 2301 Category”.

Kerberos Authentication

Kerberos offers

Single Sign-On (SSO)

capability on secure networks. In a Kerberos environment, users log
in only once at the start of their session, acquiring Kerberos credentials that are used transparently to log in
on all other services available, such as

SSH

, FTP, and authenticated web sessions.

For more information, see “Kerberos Authentication Category”.

User Groups

The user groups feature allows you to manage user access to HP SMH based on operating system level
account groups. Operating system account groups can be configured for administration reasons.

For more information, see “User Groups Category”.

Alternative Names

The alternative names feature simplifies the use of certificates not generated by HP by enabling HP SMH to
recognize DNS names and IP addresses associated with a certificate.

For more information, see “Alternative Names Certificates”.

IP Binding 23

24

4 Navigating the Software

The

HP System Management Homepage

(HP SMH) displays all

HP Web-enabled System Management

Software

that provides information. In addition, HP SMH displays various categories (in boxes) that have

icons defining the status of the items.
The HP SMH main page is divided into two major areas: the header and the standard container.

• Header Frame The header frame is constantly visible regardless of the page you are viewing and

contains the following four subareas:

• Master header. In Windows and Linux, the links show the path you are viewing, the user, and a
Sign Out link.

• Menu. Each item is a direct link to a page or section including:

Home•

• Settings

• Tasks

• Tools

• Logs

• Webapps (Windows and Linux only)

• Support

• Help

• Main title area. The area under the master header and menu contains the following items.

Title. The title of the section of page you are viewing.•

• Host Name. The name of the system.

• System Model. The model appears as Unknown if the HP Insight Management Agent for

servers is not installed on the system.

• Management Processor. The name of the management processor.

• Icons. An option that enables you to switch between icon and list view modes when clicked.

Data Source Indicates which source is populating management data. For instance, WBEM
for HP Insight Management WBEM Providers or SNMP for HP Insight Management Agents.
If no source is installed, no data string will appear.

• Bread crumbs. The area under the main title that is divided into four parts.

• First level menu item

• Legend. A link that, when clicked, displays a floating box listing all possible statuses

of webapps.

• Refresh. A link that reloads the header and information areas.

• Time. Displays the time the page was loaded. When you mouse over the time area,

you can see the date the page was loaded.

25

• Data Frame. The standard container contains the sections or pages as:

• Boxes

• Icons

• Pages as configurations

• Support

• Help

• Webapps

The data frame shows the status for all HP Web-enabled System Management Software and utilities
on the system.

Information Areas

Depending on your operating system (HP-UX, Linux, or Windows), the following information areas appear
in the header or data frames:

• HP SMH Pages

• Signing In

• The Home Page

• The Settings Page

• The Tasks Page

• The Tools Page (HP-UX Only)

• The Logs Page

• The Installed Webapps Page

• The Support Page

• The Help Page

• Current User. The Current User displays the identity of the user that is signed in.

• If the user is a operating system-based user, a Sign Out link appears.

• If anonymous access is enabled, the Current User displays hpsmh_anonymous and the Sign

In link appears.

26 Navigating the Software

• If Local Access is enabled, the Current User displays hpsmh_local_anonymous or

hpsmh_local_administrator, depending on what level of access has been enabled, and local

access appears below user type.

• If user type is local_access_administrator, no signin or signout link appears.

• Boxes. Boxes display webapps results in a list of items with their result status.

• An overall status icon represents the worst status of items inside the box and appears in the

title bar along with the title.

• Under the title bar, is a list of items in the box. Each item can have a status icon to the left

of its name.

• In the footer of the box, is an expansion line with a link that, when clicked, expands the

height of the box to include the total number of items if the items exceed the five-line limit.

• Loading screen. When an item is selected, a status indicator appears as the Loading screen
during the load process of the page. This prevents users from selecting other items after the initial
selection.

• Number of columns. The number of boxes or columns presented in each line in the list view
mode is defined by the display resolution setting. For example, if your resolution is set at 800x600,
only three boxes are presented in a line, while in greater resolutions, the number of boxes visible
is four.

• Notes. Notes are sections placed on the right side and used in most pages. These notes inform
you how to use the controls and what kind of values is expected.

• Icon view. Icons appear for items and sections. When an icon is clicked, another page appears
with its items as icons. You can view the status of the items inside the box by hovering your mouse
over the icon to view a tooltip containing the total of Critical, Major, Minor and Warning statuses
of installed applications.

• Timeout Warnings. Timeout warnings appear as a floating box in the page footer on the right
side when you do not load a page in SMH within the time limit set for timeouts.

Information Areas 27

• Dynamic Lists in Pages. A dynamically created list of elements appears for each item you want

to add or remove to a page and are available for the following pages:

• IP Binding

• IP Restricted Login

• Trust Mode

•

Kerberos Authentication

• User Groups

• Legend: This is a link that displays a floating box listing all possible statuses of installed webapps.

Table 4-1 Status icons

StatusIcon

Critical

Major

Minor

Warning

Normal

Disabled

Unknown

Informational

• Management Processor. This displays a link to the Remote Insight Lights-Out Edition (RILOE) board
or the Integrated Lights-Out (iLO) board. This information is provided by the HP Insight Management
Agent. If no HP Web-enabled System Management Software is installed that provides this information,
none appears.

Icon View

Icons. An option that enables you to switch between icon and list view modes when clicked.

28 Navigating the Software

Table 4-2 Icon View

DescriptionIcon

Overall Status Summary

The Overall Status Summary displays links to all subsystems that
have a critical, major, minor, or warning status, which the
integrated

HP Web-enabled System Management Software

provides. If there are no agents installed or no critical, major,
minor or warning items, the Overall Status Summary displays no

items.

Generic Icon

The generic icon is provided when a webapp does not have an
icon.

System Management Homepage

Illustrates sections related to the System Management Homepage.

Security Options

Provides links that enable you to configure HP SMH settings. It
provides links to the following:

• Anonymous/Local Access

• IP Binding

• IP Restricted Login

• Local Server Certificate

• Port 2301 (Windows and Linux only)

• Timeouts

• Trust Mode

• Trusted Management Servers

• Kerberos Authentication (Windows Only)

• User Groups

Anonymous/Local Access

Enables the administrator to set options that allow anonymous
users to access SMH pages or to allow automatic login to SMH
when running in a local console as administrator or anonymous
user.

IP Binding

Enables you to control the addresses that SMH is bound to.

IP Restricted Login

Enables you to add addresses from where SMH is accessible or
blocked.

Local Server Certificate

This category has two blocks and is used for generation of
certificate requests that can be sent to a Certificate Authority (CA)
to sign and later import the signed certificate that was received.

Port 2301

Enables you to configure access to Port 2301.

Timeouts

Configures the values of timeout for SMH. Two timeouts can be
configured: Session timeout and UI timeout.

Trusted Management Servers

Configures the certificates that are stored in the server and allows
you to add or remove certificates.

Icon View 29

DescriptionIcon

User Groups

Allows an authorized user to configure which group of users has
access to HP SMH and their respective access level.

Kerberos Users

Allows an authorized user to configure which users have Kerberos
authenticated access to HP SMH and their respective access level.

UI Properties

Controls options for the appearance of HP SMH. It has controls
for choosing between list and icon view, if you want to use custom
text and images relating to your company, and box and item
ordering type by name or by status. These options serve as the
default options for all users unless users set specific options in User

Preferences.

User Preferences

Enables you to set how HP SMH appears. It has controls for
choosing between list and icon view, and box and item ordering
type by name or status. These settings are valid for the user who
sets them. These values are stored for 30 days.

System Management Homepage Logs

The System Management Homepage Log contains

HP System

Management Homepage

(HP SMH) configuration changes as well
as successful and failed signin attempts. It is helpful when
troubleshooting signin or access issues when signing in directly
to HP SMH, or from the

HP Systems Insight Manager

(HP SIM).

Http error log

The Httpd Error Log contains error information generated by HP
SMH modules, Kerberos misconfiguration errors, and CGI
execution errors (httpd). It is the first place to look when a
problem occurs with starting the server or with server operation
because the log often contains details of what went wrong and
how to fix the problem.

HP SMH Pages

The

HP SMH

displays up to nine pages that enable you to access and configure settings related to participating

HP Web-enabled System Management Software

. The Tasks page and the Tools page appears if HP

Web-enabled System Management Software provides information for them.
HP SMH pages include:

• “Signing in”

• Chapter 5 “The Home Page”

• Chapter 6 “The Settings Page”

• Chapter 7 “The Tasks Page”

• Chapter 8 “The Tools Page (HP-UX Only)”

• Chapter 9 “The Logs Page”

• Chapter 10 “The Installed Webapps Page”

• Chapter 11 “The Support Page”

• The Help Page

30 Navigating the Software