HP DL360 HP Insight Management Agents architecture for Windows servers - Page 7

SNMP Services

Get HP DL360 - ProLiant - G3 PDF manuals and user guides
UPC - 613326948835
View all HP DL360 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 7 highlights

SNMP Services The SNMP Services enable the flow of basic management information between the managed server and HP SIM. These components process SNMP Gets and Sets, as well as the SNMP Traps used in alerting. Microsoft SNMP Agent Service The Microsoft SNMP Agent Service provides the core set of SNMP services used by the Insight Management system on the managed server. The following services are included:  Fulfillment of SNMP Gets to deliver information from the HP MIB to authorized requesting services. In the Insight architecture, MIB information is typically requested from the SIM server or from a process associated with the SMH framework.  Processing of SNMP Sets, which are used to change SNMP configuration information as well as alert thresholds for server management information. The Microsoft SNMP Agent Service provides a standard SNMP interface to external processes. However, its internal structure is very specific, using its own set of application program interfaces (API's). The HP Insight Agents are specifically designed to work with the Microsoft SNMP Agent Service and will not interoperate with other SNMP stacks. Management Information Base The Management Information Base defines all of the information collected about the managed system. In the HP Insight Architecture, the four Insight Agents collect the MIB information and store it in an extension to the Windows Registry. When MIB information is requested, the Microsoft SNMP Agent Service uses the Insight Agents to retrieve information from the Windows Registry before delivering it to the requesting process, typically the HP SIM server or the System Management Homepage. Enhancing SNMP Security The SNMP protocol provides basic security and access authorization through the use of community strings. However, standard SNMP protocol does not encrypt the community strings or the management information that it sends or receives. This leaves the information vulnerable to being intercepted (snooped) over the network. The HP Insight Management framework provides a more secure management environment by establishing a separate certificate-based SSL communication channel between the SIM server and the managed server. This channel is actually a part of the SMH framework, and it used by the Insight Management framework as the transport mechanism for all secure information. Other, less sensitive information is still sent to the HP SIM server over standard SNMP from the Microsoft SNMP Agent Service. To further enhance security, at installation, the Insight Management Agents architecture configures the Microsoft SNMP Agent Service to restrict SNMP writes to the local host only. This prevents any external agent from being able to execute writes to the managed server. The HP SIM server is still able to implement SNMP Sets since its commands are sent over the encrypted link and are actually executed locally. 7

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
7
SNMP Services
The SNMP Services enable the flow of basic management information between the managed server
and HP SIM. These components process SNMP Gets and Sets, as well as the SNMP Traps used in
alerting.
Microsoft SNMP Agent Service
The Microsoft SNMP Agent Service provides the core set of SNMP services used by the Insight
Management system on the managed server. The following services are included:
Fulfillment of SNMP Gets to deliver information from the HP MIB to authorized requesting services.
In the Insight architecture, MIB information is typically requested from the SIM server or from a
process associated with the SMH framework.
Processing of SNMP Sets, which are used to change SNMP configuration information as well as
alert thresholds for server management information.
The Microsoft SNMP Agent Service provides a standard SNMP interface to external processes.
However, its internal structure is very specific, using its own set of application program interfaces
(API’s). The HP Insight Agents are specifically designed to work with the Microsoft SNMP Agent
Service and will not interoperate with other SNMP stacks.
Management Information Base
The Management Information Base defines all of the information collected about the managed system.
In the HP Insight Architecture, the four Insight Agents collect the MIB information and store it in an
extension to the Windows Registry. When MIB information is requested, the Microsoft SNMP Agent
Service uses the Insight Agents to retrieve information from the Windows Registry before delivering it
to the requesting process, typically the HP SIM server or the System Management Homepage.
Enhancing SNMP Security
The SNMP protocol provides basic security and access authorization through the use of community
strings. However, standard SNMP protocol does not encrypt the community strings or the
management information that it sends or receives. This leaves the information vulnerable to being
intercepted (snooped) over the network. The HP Insight Management framework provides a more
secure management environment by establishing a separate certificate-based SSL communication
channel between the SIM server and the managed server. This channel is actually a part of the SMH
framework, and it used by the Insight Management framework as the transport mechanism for all
secure information. Other, less sensitive information is still sent to the HP SIM server over standard
SNMP from the Microsoft SNMP Agent Service.
To further enhance security, at installation, the Insight Management Agents architecture configures the
Microsoft SNMP Agent Service to restrict SNMP writes to the local host only. This prevents any
external agent from being able to execute writes to the managed server. The HP SIM server is still
able to implement SNMP Sets since its commands are sent over the encrypted link and are actually
executed locally.