HP System Management Homepage-Software User Manual

HP System Management Homepage 7.2 User Guide

HP-UX, Linux, and Windows Operating Systems

HP Part Number: 509679-009
Published: February 2013
Edition: 1

© Copyright 2009, 2013 Hewlett-Packard Development Company, L.P.

Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial
Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under
vendor's standard commercial license.

The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express
warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall
not be liable for technical or editorial errors or omissions contained herein.

Acknowledgments

AMD and ATI are trademarks of Advanced Micro Devices, Inc.

Adobe and Acrobat are trademarks of Adobe Systems Incorporated.

HP-UX Release 10.20 and later and HP-UX Release 11.00 and later (in both 32 and 64-bit configurations) on all HP 9000 computers are Open
Group UNIX 95 branded products.

Intel and Itanium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

Microsoft and Windows are U.S. registered trademarks of Microsoft Corporation.

Red Hat is a registered trademark of Red Hat, Inc. in the U.S. and other countries.

UNIX is a registered trademark of The Open Group.

Java is a registered trademark of Oracle and/or its affiliates.

Microsoft® Windows® XP and Microsoft® Windows® Server are U.S. registered trademarks of Microsoft Corporation.

Warranty

HP will replace defective delivery media for a period of 90 days from the date of purchase. This warranty applies to all Insight Management
products.

Contents

1 Product overview........................................................................................6

Product features........................................................................................................................6

HP SIM...................................................................................................................................6

2 Getting started...........................................................................................7

Signing in................................................................................................................................7

Starting HP SMH from Internet Explorer...................................................................................8

Starting HP SMH from Mozilla or Firefox.................................................................................9

Starting HP SMH from HP SIM.............................................................................................10

Configuring firewall settings.....................................................................................................10

Windows..........................................................................................................................10

Linux................................................................................................................................11

Red Hat Enterprise Linux 4, 5, and 6...............................................................................11

SUSE Linux Enterprise Server...........................................................................................12

Configuring timeout settings for HP-UX.......................................................................................13

Configuring SMH Service Timeout........................................................................................13

Configuring SMH Session Timeout........................................................................................13

Automatically importing certificates...........................................................................................14

Signing out............................................................................................................................15

3 Scenarios................................................................................................16

IP Binding..............................................................................................................................16

IP Restricted Login...................................................................................................................16

Local Server Certificate............................................................................................................16

Port 2301..............................................................................................................................16

Kerberos Authentication (Windows only)....................................................................................16

User Groups..........................................................................................................................16

Alternative Names (Windows and Linux only).............................................................................16

4 Navigating the software............................................................................17

Information areas...................................................................................................................19

Icon view...............................................................................................................................21

HP SMH pages......................................................................................................................23

5 The Home page.......................................................................................25

Component Status Summary....................................................................................................25

Overall System Health Status....................................................................................................25

6 The Settings page.....................................................................................26

SNMP webagent box..............................................................................................................26

SMH Data Source category (Windows and Linux only)...........................................................26

SNMP Configuration category (Windows and Linux only).......................................................26

UI Options category (Windows and Linux only).....................................................................27

System Management Homepage Box........................................................................................27

UI Properties category........................................................................................................27

User Preferences category...................................................................................................28

Security............................................................................................................................29

Anonymous/Local Access category.................................................................................30

IP Binding category.......................................................................................................31

IP Restricted Login category............................................................................................32

Local Server Certificate category.....................................................................................34

Port 2301 category.......................................................................................................35

Timeouts category.........................................................................................................37

Session Timeout........................................................................................................38

Contents 3

UI Timeout...............................................................................................................38

Trust Mode category......................................................................................................38

Configuring Trust Mode.............................................................................................39

Trusted Management Servers category.............................................................................41

Kerberos Authentication category (Windows only).............................................................41

Kerberos Authentication Procedure..............................................................................41

HP SMH Kerberos Authentication................................................................................42

Kerberos Administrator .............................................................................................43

Kerberos Operator ...................................................................................................43

Kerberos User .........................................................................................................44

User Groups category....................................................................................................44

Administrator Group.................................................................................................46

Operator Group.......................................................................................................46

User Group.............................................................................................................47

Handling (proper) of the HP SMH certificate revocation......................................................47

Detecting and handling memory leak at runtime (Windows only).........................................48

Alternative Names Certificates (Windows and Linux only)...................................................48

Menus (HP-UX only)............................................................................................................48

Add Custom Menu (HP-UX only)......................................................................................49

Remove custom menu (HP-UX only)..................................................................................49

7 The Tasks page........................................................................................50

8 The Tools page (HP-UX only)......................................................................51

9 The Logs page.........................................................................................52

System Management Homepage Log........................................................................................52

SAM Log...............................................................................................................................52

Httpd Error Log.......................................................................................................................52

Supported languages..............................................................................................................53

10 The Installed Webapps page (Windows and Linux only)..............................55

11 The Support page...................................................................................56

The Help page.......................................................................................................................56

Search form......................................................................................................................57

Credits..................................................................................................................................57

12 Command Line Interface configuration.......................................................58

Anonymous Access.................................................................................................................58

Display Current Settings (Windows and Linux only).....................................................................58

Local Access..........................................................................................................................58

IP Restricted Logins..................................................................................................................59

IP Binding..............................................................................................................................59

Trust Modes...........................................................................................................................60

Restart service........................................................................................................................60

Reject Program Admin Login (Windows and Linux only)...............................................................60

Win32DisableAcceptEX..........................................................................................................60

Enable/disable SSL v2............................................................................................................61

Log Rotations (Windows and Linux only)....................................................................................61

Rotate Log Size (Windows and Linux only).................................................................................61

Maximum Number of Threads Allowed......................................................................................61

Maximum Number of Sessions (Windows and Linux only)............................................................61

Session Timeout......................................................................................................................61

UI Timeout.............................................................................................................................62

Log level................................................................................................................................62

Port 2301..............................................................................................................................62

Multihomed certificate alternative names list...............................................................................62

4 Contents

Custom UI..............................................................................................................................63

Log-based directory................................................................................................................63

Configurable logging..............................................................................................................63

Autostart mode.......................................................................................................................63

Httpd Error log.......................................................................................................................63

Icon view...............................................................................................................................64

Box Order.............................................................................................................................64

Box Item Order......................................................................................................................64

Kerberos Authentication...........................................................................................................64

User Groups..........................................................................................................................65

Help message........................................................................................................................65

File-based Command Line Interface...........................................................................................65

Command Line Log Reader......................................................................................................66

SSL Cipher Suite configuration..................................................................................................67

Change locality......................................................................................................................67

Detecting and handling memory leak at runtime (Windows only)..................................................67

13 Troubleshooting topics.............................................................................68

14 Service and support................................................................................79

Support and other resources.........................................................................80

Information to collect before contacting HP.................................................................................80

How to contact HP..................................................................................................................80

Security bulletin and alert policy for non-HP owned software components......................................80

Subscription service................................................................................................................80

Registering for software technical support and update service.......................................................80

How to use your software technical support and update service...............................................81

HP authorized resellers............................................................................................................81

New and changed information in this edition.............................................................................81

Related Documents.................................................................................................................81

Typographic conventions.........................................................................................................82

A HP SMH file locations...............................................................................84

B HP SMH Ciphers......................................................................................86

Ciphers used in HP SMH.........................................................................................................86

15 Documentation feedback.........................................................................87

Glossary....................................................................................................88

Index.........................................................................................................93

Contents 5

1 Product overview

HP System Management Homepage (HP SMH) is a web-based interface that consolidates and
simplifies single system management for HP servers running the HP-UX, Linux, and Microsoft
Windows operating systems. HP SMH aggregates and displays data from Web Agents and other
HP Web-enabled System Management Software that include:

• HP Insight Diagnostics

• Array Configuration Utility

• HP Software Version Control Agents

HP SMH enables you to view detailed hardware configuration and status data, performance
metrics, system thresholds, diagnostics, and software version control information using a single
interface.

Product features

HP SMH provides the following enhanced security and streamlined operations for HP servers
running HP-UX, Linux, and Windows operating systems:

• Browser access using operating system-based Secure Sockets Layer (SSL)-secure authentication.

• Common HTTP and HTTPS service for HP Insight Management Agents and utilities, for reduced

complexity and system resource requirements.

• Simplified architecture for implementing HTTP security and HP management updates.

HP SIM

• Access control through Network Interface Card (NIC) binding and advanced configuration

features for individual and groups of users.

• Broad operating system and browser support.

• Automated log collection via smhassist.

This feature is available only on HP-UX 11i v2 and HP-UX 11i v3 systems.

• Command Line Interface (CLI) - smhconfig - provides users with administrator rights access

to set values through the command line.

• Facility to disable port 2301.

• Logging into syslog the activities related to login and logout performed on HP SMH.

This feature is available only on HP-UX 11i v2 and HP-UX 11i v3 systems.

• Consolidated API logging for HP SMH and WebApps: Provides an option to log the critical

and major events of both the HP SMH and its WebApps to the system log for viewing and
auditing.

HP SMH is tightly integrated with HP Systems Insight Manager (HP SIM). You can easily navigate
to HP SMH from the System Lists and System Pages in HP SIM.

NOTE: Accepting the HP SIM certificate is the default behavior.

6 Product overview

2 Getting started

To get started with HP System Management Homepage (HP SMH), use the following information
when configuring HP SMH and setting up users and security properly.

To configure HP SMH:

• On Linux operating systems, HP SMH is installed with default settings. You can configure the

settings using the script /opt/hp/hpsmh/sbin/hpSMHSetup.sh for Itanium systems.

• On Windows operating systems, the installation enables you to configure HP SMH settings

during installation.

• On both Windows and Linux operating systems, smhconfig allows you to configure the HP

SMH security settings.

NOTE: To change the configurations for the Linux and Windows operating systems, see the HP

System Management Homepage Installation Guide on the HP Technical Documentation Web site

at http://h18013.www1.hp.com/products/servers/management/agents/documentation.html.

To set up user access and security properly:

1. Add user groups to effectively manage user rights.

2. Configure the trust mode.

3. Configure local or anonymous access.

Signing in

The Sign In page enables you to access the Home page, which contains the available HP Insight

Management Agent.

NOTE: The following warning is displayed on the login screen whenever the certificate or the

keys or both are modified:

The certificate and keys used by SMH to establish SSL (https) connections
have been replaced. It might have happened because the previous version
was deleted (accidentally or maliciously) or replaced by another
application (HP SIM replaces the certificate and keys when installed
on top of SMH). Please, verify what happened to the previous version
and take the appropriate actions.

The Sign In page components include:

• Two fields to input your user name and password from an account that is part of a valid group

configured in the SMH users groups configuration article.

Signing in 7

NOTE: HP SMH uses the root certificate, intermediate certificate, and the Certificate Root

List (CRL) of the certificate to verify the revocation status of trusted certificate used for SSO. If
the certificate is found to be revoked or an error is encountered during verification, HP SMH
does not allow the user to access HP SMH through SSO and redirects the user to the login
page. HP SMH displays the following warning message on the login screen when the SSL
certificate is revoked: Failed to verify CA signed certificate used by SMH.

See SMH logs for more details.

• Two buttons under the input fields:

Sign In

◦

Validates the values in the user name and password. If both values are valid, the HP SMH
Home page appears.

◦ Clear

Erases the input values.

• The question mark icon, ?, when clicked, displays or hides the tooltip box that displays

information about the authentication mechanism and sign-in process.

1

User Name. The user must
be part of a user group
accepted by HP SMH.
Password. The user name
and password must match a

Sign In. Validates user name
and password for signing-in
to HP SMH.

42

Clear. Erases user name and
password input fields.

valid user.

If an error occurs on a sign-in attempt, you are returned to the Sign In page.
A configuration mechanism enables the administrator to customize the image and the message in

the Sign In page. The administrator can use a custom logo and warning message. As the pages
load, HP SMH verifies if the personalized content is enabled and available. If the content is not
available, HP SMH uses the standard image and warning message.

Starting HP SMH from Internet Explorer

To sign in to HP SMH with Internet Explorer:

8 Getting started

53

Question mark. Show/hide
tooltip box.

1. Navigate to https://hostname:2381/.

The first time you browse to this URI, the Security Alert dialog box appears, prompting you to
indicate whether to trust the server. If you do not import the certificate, the Security Alert
appears every time you browse to HP SMH.

For more information about procedures on changing the configuration variables, see the HP
System Management Homepage Installation Guide on the HP Technical Documentation Web
site at http://h18013.www1.hp.com/products/servers/management/agents/

documentation.html.

NOTE: To implement your own Public Key Infrastructure (PKI) or install your own generated

certificates into each managed system, you can install a certificate authority Root Certificate
into each browser to be used for management. If a Root Certificate is implemented, the Security
Alert dialog box does not appear. If the alert appears, you might have browsed to the wrong
system. For more information about installing the certificate authority Root Certificate, see the
online help in your browser.

2. Click Yes.
The Sign In page appears. If you have enabled Anonymous access during installation, then

System Management Homepage appears.

3. Enter your user name that is recognized by the operating system.

• Linux

HP SMH initially allows access to users belonging to the root operating system group.

• Windows

HP SMH allows access to users belonging to the Administrators operating system group.

If the user credentials cannot be authenticated, the user is denied access.
After logging into HP SMH as an initially allowed user, use the Security Settings to grant

access to users in other operating system groups.
Administrator on Windows and root on Linux have administrator access on HP SMH.

4. Enter the password that is recognized by the operating system.

5. Click Sign In.
The System Management Homepage appears.

Starting HP SMH from Mozilla or Firefox

To sign in to HP SMH with Mozilla or Firefox:

1. Navigate to https://hostname:2381/.
For more information about procedures on changing the configuration variables, see the HP

System Management Homepage Installation Guide on the HP Technical Documentation website
at http://h18013.www1.hp.com/products/servers/management/agents/documentation.html.

2. Click OK.
The Sign In page appears. If you have enabled Anonymous access during installation, then

System Management Homepage appears.

3. Enter your user name that is recognized by the operating system.

• Linux

HP SMH initially allows access to users belonging to the root operating system group.

• Windows

HP SMH allows access to users belonging to the Administrators operating system group.

Signing in 9

Administrator on Windows and root on Linux have administrator access on HP SMH.

4. Enter the password that is recognized by the operating system.

5. Click Sign In.

The System Management Homepage appears.

Starting HP SMH from HP SIM

To start HP SMH by signing in to HP SIM with a Web browser:

1. Navigate to https://hostname:50000/.

The first time you browse to this link, the Security Alert dialog box appears, asking if you want
to trust the server. If you do not import the certificate, the Security Alert appears each time
you browse to Systems Insight Manager (HP SIM).

NOTE: To implement a custom Public Key Infrastructure (PKI) or install your own generated

certificates into each managed system, you can install a certificate authority Root Certificate
into each browser to be used for management. If a Root Certificate is implemented, the Security
Alert dialog box does not appear. If the alert appears, you might have browsed to the wrong
system. For more information about installing the certificate authority Root Certificate, see the
online help in your browser.

2. Click Yes.
The Sign In page appears.

3. Enter your user name that is recognized by the operating system.

4. Enter the password that is recognized by the operating system.

5. Click Sign In.

6. Select Tools→System Information→System Management Homepage.

7. Select a target system from the list.

8. Select a check box next to a target system, and then click Apply.

9. Verify the target system by selecting a check box next to the system, and then click Run Now.
The Security Alert dialog box appears, prompting you to trust the server. If you do not import

the certificate, the Security Alert appears each time you browse to HP SMH.
The System Management Homepage appears.

Configuring firewall settings

Windows

Some operating systems including Windows XP with Service Pack 2 and Windows Server 2003
SBS implement a firewall that prevents browsers from accessing the ports required for the Version
Control Repository Manager access. To resolve this issue, configure the firewall with exceptions
to enable browsers to access the ports used by HP SIM and Version Control Repository Manager.

NOTE: For Windows XP with Service Pack 2, the firewall configuration leaves the default SP2

security enhancements intact, but enables traffic over the ports. These ports are required for the
Version Control Repository Manager to run. The secure and insecure ports must be added to enable
proper communication with your browser.

To configure the firewall:

1. Select Start→Settings→Control Panel.

2. To configure the firewall settings, double-click Windows Firewall.

3. Select Exceptions.

4. Click Add Port.

10 Getting started

5. Enter the following product name and the port number information.
Add the exceptions listed in the following table to the firewall protection:

Table 1 Firewall exceptions

6. Click OK to save your settings and close the Add a Port dialog box.

7. Click OK to save your settings and close the Windows Firewall dialog box.

Linux

Configuring firewalls varies, depending on the version of Linux installed.

Red Hat Enterprise Linux 4, 5, and 6

The following displays an example of iptables firewall rules for Red Hat Enterprise Linux 4 and 5
in the /etc/sysconfig/iptables file:

# Firewall configuration written by redhat-config-securitylevel

# Manual customization of this file is not recommended.

*filter

Port NumberProduct

2301HP SMH Insecure Port:

2381HP SMH Secure Port:

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

:RH-Firewall-1-INPUT - [0:0]

-A INPUT -j RH-Firewall-1-INPUT

-A FORWARD -j RH-Firewall-1-INPUT

-A RH-Firewall-1-INPUT -i lo -j ACCEPT

-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT

-A RH-Firewall-1-INPUT -p 50 -j ACCEPT

-A RH-Firewall-1-INPUT -p 51 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80

-j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21

-j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22

-j ACCEPT

-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

COMMIT

The following displays the new value in the iptables firewall rules for Red Hat Enterprise Linux 4
and 5 that allows access to HP SMH in the /etc/sysconfig/iptables file:

# Firewall configuration written by redhat-config-securitylevel

# Manual customization of this file is not recommended.

*filter

:INPUT ACCEPT [0:0]

Configuring firewall settings 11

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

:RH-Firewall-1-INPUT - [0:0]

-A INPUT -j RH-Firewall-1-INPUT

-A FORWARD -j RH-Firewall-1-INPUT

-A RH-Firewall-1-INPUT -i lo -j ACCEPT

-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT

-A RH-Firewall-1-INPUT -p 50 -j ACCEPT

-A RH-Firewall-1-INPUT -p 51 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80

-j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21

-j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22

-j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 2301

-j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 2381

-j ACCEPT

-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

COMMIT

SUSE Linux Enterprise Server

SUSE Linux Enterprise Server 9 and 10 firewalls are configured using the YAST2 utility.
To configure the firewall:

1. Using the YAST2 utility, select Security & Users→Firewall.
The Firewall Configuration (Step 1 of 4): Basic Settings window appears.

2. Click Next.
The Firewall Configuration (Step 2 of 4): Services window appears.

3. In the Additional Services field, enter 2301:2381, and then click Next.
The Firewall Configuration (Step 3 of 4): Features window appears.

4. Click Next.
The Firewall Configuration (Step 4 of 4): Logging Options window appears.

5. Click Next.
A dialog box appears asking you to confirm your intention to save settings and active firewall.

6. Click Continue.
The firewall is configured and your settings are saved.

12 Getting started

Configuring timeout settings for HP-UX

Two HP SMH timeout settings can be configured:

• SMH service timeout

Sets the amount of time, in minutes, before the HP SMH server stops.

• SMH session timeout

Sets the amount of time, in minutes, before an HP SMH GUI session stops.

NOTE: Selecting the Session never expires check box avoids HP SMH session timeouts by sending

a background request every three minutes. This option, when selected, also prevents HP SMH
service timeouts. Session never expires is only available on HP-UX systems.

Configuring SMH Service Timeout

The HP SMH service timeout setting enables you to configure the HP SMH timeout in minutes. If
service timeout is not defined or is set to 0 (zero), HP SMH starts without a service timeout. If the
service timeout is less than the HP SMH session timeout, HP SMH stops 3 minutes after the HP SMH
session timeout.

When the HP SMH automatic startup on boot startup mode is used, HP SMH starts without a service
timeout.

To modify the service timeout setting, complete the following steps:

1. Copy the existing /opt/hpsmh/conf/timeout.conf file into a different directory.

2. Edit the timeout.conf file:
a. Open /opt/hpsmh/conf/timeout.conf with a text editor.
b. Modify the following line to specify a value greater than 9 minutes.

TIMEOUT-SMH=30

c. Save and close the file.

3. Restart the HP SMH service.

Configuring SMH Session Timeout

The HP SMH session timeout setting enables you to configure the HP SMH GUI timeout in minutes.
An HP SMH GUI session is stopped after the session timeout time period elapses without user
activity.

If the session timeout is not defined, it is set to 15 minutes.
To modify the session timeout setting, execute the following steps:

1. Copy the existing smhpd.xml file into a different directory.
The file is located in the following path.

HP-UX

/opt/hpsmh/conf.common/smhpd.xml

2. Edit the smhpd.xml file:
a. Open smhpd.xml with a text editor in the following manner.

/opt/hpsmh/conf.common/smhpd.xml

b. Add the following line between the <system-management-homepage> and

</system-management-homepage> tags:

<session-timeout>value</session-timeout>

c. Replace value with a value between 6 and 120.
d. Save and close the file.

Configuring timeout settings for HP-UX 13

3. Restart the HP SMH service.

Automatically importing certificates

The Automatically Import Management Server Certificate feature enables you to automatically
import the HP SIM certificate when accessing the HP SMH from an HP SIM system.

NOTE: Your login must have administrative access to HP SMH to automatically import the HP

SIM certificate.

1

User Name. The user must
be part of a user group
accepted by HP SMH.
Password. The user name
and password must match a
valid user.

3

Sign In. Validates user name
and password for signing in
to HP SMH.

42

Clear. Erases user name and
password input fields.

5

Question mark. Show/hide
tooltip box.

6

Automatically import
management server
certificate. Imports certificate

data if checked when the sign
in button is pressed.

To automatically import the HP SIM certificate:

1. From an HP Systems Insight Manager or HP Insight Manager 7 system, select a link to a system.
If the Trust By Certificate option is selected in HP SMH Settings, click the Security link, and

then click the Trust Mode , and a certificate for the HP SIM system you are accessing has not
been imported into the Trusted Certificates List, the Sign In page displays the Automatically
Import Management Server Certificate option. The Certificate Information retrieved from
SERVER NAME displays the HP SIM certificate details.

2. If you do not want to add the HP SIM certificate to the Trusted Certificates List; deselect
Automatically Import Management Server Certificate. Deselecting this option still requires you
to enter login credentials. However, administrator credentials are not required to login.

If you enable HP SMH to automatically import the HP SIM certificate, future access to the
system is seamless. You are not prompted for your login credentials.

3. Leave Automatically Import Management Server Certificate selected, enter your HP SMH
credentials, and then click Sign In to automatically import the certificate.

The certificate is added to the Trusted Certificates List.

14 Getting started

Signing out

You can sign out of HP SMH, using either of the following options:

• In the HP SMH header, click Sign Out.

The HP System Management Homepage Sign in page appears.

• Close every instance of the Web browser used to sign in to HP SMH.

Signing out 15

3 Scenarios

IP Binding

You can use IP Binding for example when a system has multiple IP addresses and you want to limit
the access to HP SMH to particular networks or subnets like:

• For infrastructure (IPv4 and IPv6)

• Multiple subnets

• Security

• Bandwidth

For more information, see “IP Binding category” (page 31).

IP Restricted Login

IP Restricted Login is useful if you want to:

• Limit remote access to HP SMH to include only specific remote servers

• To exclude entire ranges of remote servers

• Increase security by limiting remote access

For more information, see “IP Restricted Login category” (page 32).

Local Server Certificate

Local server certificate is useful for security reasons through creating self-signed certificates instead
of certificates generated by HP.

For more information, see “Local Server Certificate category” (page 34).

Port 2301

For security reasons, you can reduce the amount of open ports in the environment.
For more information, see “Port 2301 category” (page 35).

Kerberos Authentication (Windows only)

Kerberos offers Single Sign-On (SSO) capability on secure networks. In a Kerberos environment,
users log in only once at the start of their session, acquiring Kerberos credentials that are used
transparently to log in on all other services available, such as SSH, FTP, and authenticated web
sessions.

For more information, see “Kerberos Authentication category (Windows only)” (page 41).

User Groups

The user groups feature allows you to manage user access to HP SMH based on operating system
level account groups. Operating system account groups can be configured for administration
reasons.

For more information, see “User Groups category” (page 44).

Alternative Names (Windows and Linux only)

The alternative names feature simplifies the use of certificates not generated, by HP by enabling
HP SMH to recognize DNS names and IP addresses associated with a certificate.

For more information, see “Alternative Names Certificates (Windows and Linux only)” (page 48).

16 Scenarios

4 Navigating the software

The HP System Management Homepage (HP SMH) displays all HP Web-enabled System

Management Software that provides information. In addition, HP SMH displays various categories

(in boxes) that have icons defining the status of the items.
The HP SMH main page is divided into two major areas: the header and the standard container.

• Header Frame

The header frame is constantly visible regardless of the page you are viewing and contains
the following four subareas:

◦ Master header. In Windows and Linux, the links show the path you are viewing, the user,

and a Sign Out link.

◦ Menu. Each item is a direct link to a page or section including:

Home–

– Settings
– Tasks
– Tools
– Logs
– Webapps
– Support
– Help

◦ Main title area. The area under the master header and menu contains the following items.

Title.

–

The title of the section of page you are viewing.

– Host Name.

The name of the system.

– System Model.

The model appears as Unknown if the HP Insight Management Agent for servers is
not installed on the system.

– Management Processor.

The name of the management processor.

– Icons.

An option that enables you to switch between icon and list view modes when clicked.

17

Data Source

Indicates which source is populating management data. For instance, WBEM for HP
Insight Management WBEM Providers or SNMP for HP Insight Management Agents.
If no source is installed, no data string will appear.

– Bread crumbs.

The area under the main title that is divided into four parts.

– First level menu item
– Legend.

A link that, when clicked, displays a tooltip box listing all possible statuses of
webapps.

– Refresh.

A link that reloads the header and information areas.

– Time.

Displays the time the page was loaded. When you mouse over the time area,
you can see the date the page was loaded.

• Data Frame.

The standard container contains the sections or pages as:

◦ Boxes

◦ Icons

◦ Pages as configurations

◦ Support

18 Navigating the software

◦ Help

◦ Webapps

The data frame shows the status for all HP Web-enabled System Management Software and
utilities on the system.

Information areas

Depending on your operating system (Linux or Windows), the following information areas appear
in the header or data frames:

• HP SMH Pages

◦ Signing In

◦ The Home Page

◦ The Settings Page

◦ The Tasks Page

◦ The Tools Page (HP-UX only)

◦ The Logs Page

◦ The Installed Webapps Page

◦ The Support Page

◦ The Help Page

◦ Current User.

The Current User displays the identity of the user that is signed in.

– If the user is a operating system-based user, a Sign Out link appears.
– If anonymous access is enabled, the Current User displays hpsmh_anonymous and

the Sign In link appears.

– If Local Access is enabled, the Current User displays hpsmh_local_anonymous or

hpsmh_local_administrator, depending on what level of access has been enabled,

and local access appears below user type.

– If user type is hpsmh_local_administrator, no sign in or sign out link appears.

◦ Boxes.

Boxes display webapps results in a list of items with their result status.

– An Overall System Health Status icon represents the worst status of items inside the

box and appears in the title bar along with the title.

– Under the title bar, is a list of items in the box. Each item can have a status icon to

the left of its name.

– In the footer of the box, is an expansion line with a link that, when clicked, expands

the height of the box to include the total number of items if the items exceed the
five-line limit.

◦ Loading screen.

When an item is selected, a status indicator appears as the Loading screen during the
load process of the page. This prevents users from selecting other items after the initial
selection.

Information areas 19

◦ Number of columns.

The number of boxes or columns presented in each line in the list view mode is defined
by the display resolution setting. For example, if your resolution is set at 800x600, only
three boxes are presented in a line, while in greater resolutions, the number of boxes
visible is four.

◦ Notes.

Notes are sections placed on the right side and used in most pages. These notes inform
you how to use the controls and what kind of values is expected.

◦ Icon view.

Icons appear for items and sections. When an icon is clicked, another page appears
with its items as icons. You can view the status of the items inside the box by hovering
your mouse over the icon to view a tooltip containing the total of Critical, Major, Minor
and Warning statuses of installed applications.

◦ Timeout Warnings.

Timeout warnings appear as a tooltip box in the page footer on the right side when you
do not load a page in SMH within the time limit set for timeouts.

20 Navigating the software

◦ Dynamic Lists in Pages.

A dynamically created list of elements appears for each item you want to add or remove
to a page and are available for the following pages:

– IP Binding
– IP Restricted Login
– Trust Mode
– Kerberos Authentication
– User Groups

◦ Legend:

This link displays a tooltip box that lists the status of the installed webapps.

Table 2 Status icons

StatusIcon

Critical

Major

Minor

• Management Processor.

Icon view

Icons.

An option that enables you to switch between icon and list view modes when clicked.

Table 3 Icon View

Warning

Normal

Disabled

Unknown

Informational

This displays a link to the Remote Insight Lights-Out Edition (RILOE) board or the Integrated
Lights-Out (iLO) board. This information is provided by the HP Insight Management Agent. If
no HP Web-enabled System Management Software is installed that provides this information,

none appears.

DescriptionIcon

Component Status Summary

The Component Status Summary displays links to all
subsystems that have a critical, major, minor, or warning
status, which the integrated HP Web-enabled System

Management Software provides. If there are no agents

Icon view 21

Table 3 Icon View (continued)

DescriptionIcon

installed or no critical, major, minor or warning items, the

Component Status Summary displays no items.

Generic Icon

The generic icon is provided when a webapp does not
have an icon.

System Management Homepage

Illustrates sections related to the System Management
Homepage.

Security Options

Provides links that enable you to configure HP SMH
settings. It provides links to the following:

• Anonymous/Local Access

• IP Binding

• IP Restricted Login

• Local Server Certificate

• Port 2301 (Windows only)

• Port 2301 and AutoStart (Linux Only)

• Timeouts

• Trust Mode

• Trusted Management Servers

• Kerberos Authentication (Windows Only)

• User Groups

Anonymous/Local Access

Enables the administrator to set options that allow
anonymous users to access SMH pages or to allow
automatic login to SMH when running in a local console
as administrator or anonymous user.

IP Binding

Enables you to control the addresses that SMH is bound
to.

IP Restricted Login

Enables you to add addresses from where SMH is
accessible or blocked.

Local Server Certificate

This category has two blocks and is used for generation
of certificate requests that can be sent to a Certificate
Authority (CA) to sign and later import the signed certificate
that was received.

Port 2301 (Windows only)

Enables you to configure access to Port 2301.

Port 2301 and AutoStart (Linux only)

Enables you to configure access to Port 2301 and
Autostart.

22 Navigating the software

Table 3 Icon View (continued)

DescriptionIcon

Timeouts

Configures the values of timeout for SMH. Two timeouts
can be configured: Session timeout and UI timeout.

Trusted Management Servers

Configures the certificates that are stored in the server and
allows you to add or remove certificates.

User Groups

Allows an authorized user to configure which group of
users has access to HP SMH and their respective access
level.

Kerberos Users

Allows an authorized user to configure which users have
Kerberos authenticated access to HP SMH and their
respective access level.

UI Properties

Controls options for the appearance of HP SMH. It has
controls for choosing between list and icon view, if you
want to use custom text and images relating to your
company, and box and item ordering type by name or by
status. These options serve as the default options for all
users unless users set specific options in User Preferences.
For more information, see UI Properties category.

HP SMH pages

The HP SMH displays up to nine pages that enable you to access and configure settings related
to participating HP Web-enabled System Management Software. The Tasks page and the Tools
page appears if HP Web-enabled System Management Software provides information for them.

User Preferences

Enables you to set how HP SMH appears. It has controls
for choosing between list and icon view, and box and item
ordering type by name or status. These settings are valid
for the user who sets them. These values are stored for 30
days. For more information, see User Preferences category.

System Management Homepage Logs

The System Management Homepage Log contains HP

System Management Homepage (HP SMH) configuration

changes as well as successful and failed sign-in attempts.
It is helpful when troubleshooting sign-in or access issues
when signing in directly to HP SMH, or from the HP Systems

Insight Manager (HP SIM).

Http error log

The Httpd Error Log contains error information generated
by HP SMH modules, Kerberos misconfiguration errors,
and CGI execution errors (httpd). It is the first place to look
when a problem occurs with starting the server or with
server operation because the log often contains details of
what went wrong and how to fix the problem.

HP SMH pages 23

HP SMH pages include:

• “Signing in” (page 7)

• “The Home page” (page 25)

• “The Settings page” (page 26)

• “The Tasks page” (page 50)

• “The Tools page (HP-UX only)” (page 51)

• “The Logs page” (page 52)

• “The Installed Webapps page (Windows and Linux only)” (page 55)

• “The Support page” (page 56)

• The Help page

24 Navigating the software

5 The Home page

The Home page provides the system, subsystem, and status views of the server. The Home page
displays groupings of systems and their status. The information on the Home page is provided by
the integrated agents or management utilities.

For Linux and Windows operating systems, the Home page includes information provided by
integrated version control, server, and storage agents.

Component Status Summary

The Component Status Summary displays links to all subsystems that have a critical, major, minor,
or warning status, which the integrated HP Web-enabled System Management Software provides.
If there are no agents installed or no critical, major, minor or warning items, the Component Status
Summary displays no items.

Overall System Health Status

The Overall System Health Status displays a status icon with a label below it. A specific webapp
sets the value of the Overall System Health Status icon using a predefined heuristic to signal the
Overall System Health Status. If no webapp sets the Overall System Health Status, the worst of all
the statuses in the Component Status Summary box is displayed.

Component Status Summary 25

6 The Settings page

The Settings page contains links to the settings and configuration pages of the HP System

Management Homepage (HP SMH) and other integrated management tools found on the Tools

page.

SNMP webagent box

Provides links that enable you to configure HP Web-enabled System Management Software agents.

• SMH Data Source category (Windows and Linux only)

Sets options for HP SMH Data Source.

• SNMP Configuration category (Windows and Linux only)

Sets options for HP Web-enabled System Management Software agents.

• UI Options category (Windows and Linux only)

Sets options for HP Web-enabled System Management Software agents help.

SMH Data Source category (Windows and Linux only)

The Data Source page enables you to change the HP SMH management data source.
The Data Source setting is only available if the HP Insight Management WBEM providers are

installed.

NOTE: If no source is installed, SMH Data Source is shown with no data string.

• SMH Data source: WBEM

Indicates that HP Insight Management WBEM Providers are currently providing management
data to the SMH pages for this server.

• SMH Data source: SNMP

Indicates that HP Insight Management Agents (SNMP) are currently providing management
data to the SMH pages for this server.

To configure the Data Source, complete the following steps:

1. Select Settings from the menu.

2. In the SNMP Webagent box, click the Data Source link.

3. Select SNMP or WBEM .

4. Click Save and Apply Changes.

SNMP Configuration category (Windows and Linux only)

The SNMP Configuration page provides web serving and abstracts security and HP SIM interaction
for webapps. For more information, see the HP Systems Insight Manager 5.2 Technical Reference

26 The Settings page

Guide, available on the HP Technical Documentation website at http://h18013.www1.hp.com/

products/servers/management/agents/documentation.html.

To configure the SNMP Configuration, complete the following steps:

1. Select Settings from the menu.

2. In the SNMP Webagent box, click the SNMP Configuration link .

UI Options category (Windows and Linux only)

The UI Options page enables you to display inline help icons.
To configure the UI Options, complete the following steps:

1. Select Settings from the menu.

2. In the SNMP Webagent box, click the UI Options link.

3. Remove the check in the check box beside Show Help Icons to no longer display inline help

icons.
Select the check box beside Show Help Icons to display the inline help icons.

4. Click Save and Apply Changes.

System Management Homepage Box

The System Management Homepage Box provides links that enable you to configure HP SMH
settings.

• UI Properties category

Sets options for the appearance of HP SMH.

• User Preferences category

Sets how HP SMH appears.

• Security

Displays links for setting the security options.

UI Properties category

The UI Properties category controls options for the appearance of HP SMH. UI Properties has
controls for choosing:

• List view

• Icon view

• Box and item ordering type

By name◦

◦ By status

• The last option is used by administrators to set custom images for the master header and Sign

In Page and custom warning text for the Sign In Page.

System Management Homepage Box 27

1

Presentation Mode

Enables you to set the
default presentation mode

Box Item Ordering

Determines the order that
items in boxes are shown. If

53

Apply

Save page data.

you order by name, theby selecting from a list. The
items appear alphabetically.Presentation Mode has two
If you order by status, itemsoptions: List View and Icon

View. appear from worst (critical),

2

Box Ordering

Determines the order that the
boxes are shown. If you

to best (normal).

4

Use Custom text and images

Enables the administrator to
set custom warningorder by name, the items
messages in the Sign Inappear alphabetically. If you

page and imagery in theorder by status, items
appear from worst (critical)
to best (normal).

Sign In page and master

header.

To set UI Properties, complete the following steps:

1. Select Settings from the menu.

2. In the System Management Homepage box, click the UI Properties link.

3. From the Presentation Mode list, Select List or Icon.

4. From the Box ordering list, select By status or By name.

5. From the Box item ordering dropdown list, select either By status or By name.

6. To use a custom image and custom warning, complete the following steps:
a. Place the image and text files in the following directories:

• SMHBaseDir/data/htdocs/custom_ui/logo0.jpg (for the loading screen

image)

• SMHBaseDir/data/htdocs/custom_ui/logo1.jpg (for the master header

image)

• SMHBaseDir/data/htdocs/custom_ui/warning1.txt (for the warning text)

All three files must be present to view custom images and warning text.

b. Click the check box beside Use custom text and images.

7. Click Apply.

User Preferences category

The User Preferences category controls options for the appearance of HP SMH.

28 The Settings page

Presentation Mode

Enables you to set the
default presentation mode

Box Item Ordering

Determines the order that
items in boxes are shown. If

431

Apply

Save page data.

you order by name, theby selecting from a list. The
items appear alphabetically.Presentation Mode has two
If you order by status, itemsoptions: List View and Icon

View. appear from worst (critical),

2

Box Ordering

to best (normal).

Determines the order that the
boxes are shown. If you
order by name, the items
appear alphabetically. If you
order by status, items
appear from worst (critical)
to best (normal).

To set User Preferences, complete the following steps:

1. Select Settings from the menu.

2. In the System Management Homepage box, click the User Preferences link.

3. From the Presentation Mode list, select List or Icon.

4. From the Box ordering list, select By status or By name.

5. From the Box item ordering list, select By status or By name.

6. If you do not want the session to expire (in the case of HP-UX only), click the check box beside

Session Never Expires.

7. Click Apply.

Security

NOTE: Each user is able to set their preferences for a session. Individual user preferences

take precendence over settings in UI properties.

The Security link provides options for you to manage the security of HP SMH:

• “Anonymous/Local Access category” (page 30)

• “IP Binding category” (page 31)

• “IP Restricted Login category” (page 32)

• “Local Server Certificate category” (page 34)

• “Port 2301 category” (page 35)

• “Timeouts category” (page 37)

• “Trust Mode category” (page 38)

System Management Homepage Box 29