Home » HP Manuals » Desktops » HP Xw460c » Manual Viewer

HP Xw460c HP Insight Control Environment User Guide - Page 81

Customizing vulnerability scan definitions, Deleting scan results, Deleting scan results by scan name

Add to My Manuals
Save this manual to your list of manuals

Page 81 highlights

Results for all scans performed on the selected system appear. 4. Select the scan results to view, and click View. Customizing vulnerability scan definitions You can create custom scans from the default system scans. Custom scans are updated automatically with the corresponding vulnerability updates when the default system scans are updated. To customize the provided vulnerability scans or previously created custom vulnerability scans: 1. Select Diagnose→Vulnerability and Patch Management→Customize Scan. 2. Select a default system scan or a previously created custom scan to modify, and then click Edit. A list of vulnerabilities appears. Clicking the entry in either the Vulnerability ID or Advisory column displays additional information about the vulnerability. 3. Select one or more vulnerabilities to include in the custom scan definition. 4. Enter a name and description for the new customized scan, and click Save. You must rename the customized vulnerability scan. You cannot save a modified default Vulnerability and Patch Management scan using the original scan name. You can delete only custom vulnerability scans. You cannot delete the default system scans provided with VPM. To delete a customized scan: 1. Select Diagnose→Vulnerability and Patch Management→Customize Scan. 2. Select the custom vulnerability scan to delete, and click Delete. 3. To confirm the deletion, click OK when prompted. Deleting scan results Vulnerability and Patch Management scan results can be deleted for a specified scan or for an individual system. Removing results breaks the links to the results in the events and the system list. Run another scan to create new results for the system. Deleting scan results by scan name 1. Select Diagnose→Vulnerability and Patch Management→Scan→View Results by Scan Name. 2. Select the appropriate scan or scans, and then click Delete. All results associated with the selected scan are deleted. Deleting scan results by system 1. Select Diagnose→Vulnerability and Patch Management→Scan→View Results by System. 2. Select the individual system for which you want to delete the results from, and then click Apply. 3. Verify that the correct target systems appear in the lists. To reselect target systems, click Add Targets or Remove Targets, and then click Next. 4. Results from all scans performed on the selected system appear. Select the scan results to delete, and then click Delete. Deploying patches and fixes The following sections describe deploying HP Vulnerability and Patch Management Pack patches and fixes. Deploying patches and fixes based on a vulnerability scan You can deploy patch and configuration fixes immediately or schedule them for deployment later. You can select patches individually from the database for deployment to all systems or any combination of specified systems without performing a scan, or deploy patches and fixes for all vulnerabilities identified in a particular scan. Patches that come from software vendors can update existing software, registry, or configuration settings or files. Configuration fixes resolve incorrect system settings that can leave the system open to security threats, such as open ports or services running that are not required. Vulnerability scanning and deploying patches and fixes 81

Section	Page
HP Insight Control Environment Suites	1
Table of Contents	3
About this document	15
Intended audience	15
Related documents	15
1 Introduction	17
Overview	17
HP Insight Control Environment Suites	17
HP Systems Insight Manager	17
HP Insight Control Environment Suites (ProLiant ML, ProLiant DL, and ProLiant BladeSystem servers and blade workstations)	17
HP Insight Control Environment for BladeSystem	18
Key benefits for HP Insight Control Environment Suites	18
Licensing	19
Platform support	19
Component summary	19
2 Licensing HP Insight Control Environment Suites	23
Preparing for HP Insight Control Environment licensing	23
Adding and applying licenses to Insight Control Environment	23
Adding and applying licenses to HP Insight Control Environment for BladeSystem uses three license keys:	24
Licensing HP Insight Rapid Deployment Software	25
License types	25
Applying a license file during a first-time installation or upgrade	25
Adding a license file to an existing installation	25
Replacing licenses in an existing installation	25
Adding iLO 2 Advanced license keys	25
3 Managing server blades from HP SIM	27
Overview	27
What's New in HP BladeSystem Integrated Manager 3.5 with Update 1	27
Racks and enclosures	27
Overview	27
Rack and enclosure collections	27
System page	28
Viewing racks	28
Navigating the System(s) tab	29
System List buttons	31
Save a collection	32
Deleting a Blade system	32
Navigating the Event tab	32
Filter Criteria	33
Event Status Legend	33
Event Details	33
Event Collection Columns	33
Selection	34
State	34
Severity	34
Event Type	34
System Name	34
Event Time	34
Assigned To	34
Comments	34
System Type	34
Rack Name	34
Enclosure Name	35
Event Management Buttons	35
Viewing enclosures	35
Viewing an enclosure	38
Creating a rack	39
Editing a rack	40
Saving an Onboard Administrator configuration	41
Restoring an Onboard Administrator configuration	41
Deleting a configuration script	41
4 Monitoring and controlling servers	43
Configuring Insight Power Manager options	43
Using the iLO browser interface	44
Using the System Status tab	44
Using the Remote Console tab	45
Using the Virtual Devices tab	46
Monitoring PMP parameters	46
Default PMP settings	46
Sample rate	46
Number of samples	46
Using the PMP interface	46
Online and Offline Analysis	47
Systems detail frame	47
Server Tree frame	47
Results frame	48
Storage Analysis	48
PMP Reports	48
Offline Analysis	49
Manual Log Purge	50
Using PMP	51
Opening the HP SIM console	51
Debugging a server bottleneck condition	51
Selecting the server	52
Displaying the memory status	52
Displaying the memory graph	53
Contrasting the graphical display	53
Expanding the local storage	53
Displaying the controller	54
Displaying the port	54
Displaying the drive	55
Displaying the inventory	55
Debugging a network storage bottleneck condition	56
Selecting the server	56
Displaying the storage status	57
Displaying the logical drive under network storage	57
Displaying the array	57
Debugging a virtual machine host and guest bottleneck condition	57
Selecting the server (virtual machine host)	58
Displaying the virtual machine host status	58
Displaying the virtual machine guests page	59
Displaying the virtual machine guest	59
Displaying the virtual machine guest performance	59
Addressing performance issues with no hardware upgrade recommendation	60
Performing a static analysis	60
General usage	60
Half duplex port	61
Unassigned disks	61
Reduced SCSI speed	62
Host bus balancing	62
Performing Online Analysis	62
Performing Offline Analysis	63
Data reporting	64
Generating a Static Analysis Report	65
Generating a SQL queries list	65
Generating a System Summary Report	65
Generating a SQL queries list	66
Generating a CSV File Generator Report	66
Generating a SQL queries list	66
Generating a Server Availability Report	67
Generating a SQL queries list	67
Licensing Integrity and Storage Systems	67
Licensing virtual machine hosts and virtual machine guests	67
Monitoring administration	68
Changing server monitoring status	68
Enabling virtual machine host and virtual machine guests logging	69
Monitoring parameters	70
Number of samples	71
Performance threshold setting	71
Modifying the sample rate	71
Modifying log days	71
Modifying Management Agents from the Control Panel	71
Modifying Management Agents from Internet Explorer	72
Setting performance thresholds	72
Threshold values	74
Manual Log Purge	74
5 Deploying and securing servers	75
Configuring BladeSystem servers and image installs using the HP Insight Rapid Deployment software	75
Configuring scripted installs	75
Configuring SAN-attached scripted install	75
Configuring image installs	75
Configuring HP BladeSystem enclosures	76
Using HP Insight Rapid Deployment software	76
Deployment Console basics	76
Connecting server blades	77
Deploying the first server blade	78
Reconfiguring the server blade	78
Vulnerability scanning and deploying patches and fixes	78
HP Vulnerability and Patch Management Pack (VPM) overview	78
Provided scan definitions	79
Scanning for vulnerabilities	79
Viewing, modifying, or canceling a scheduled task	80
Viewing vulnerability scan results	80
Vulnerability scan results guidelines	80
Viewing vulnerability scan results by scan name	80
Viewing vulnerability scan results by scan system	80
Customizing vulnerability scan definitions	81
Deleting scan results	81
Deleting scan results by scan name	81
Deleting scan results by system	81
Deploying patches and fixes	81
Deploying patches and fixes based on a vulnerability scan	81
Deploying patches without a vulnerability scan	83
Viewing the patch repository	84
Viewing patch reboot status	84
Validating installed patches	86
Removing patches	86
Redeploying the VPM Patch Agent	88
HP Vulnerability and Patch Management Pack events	89
6 Using HP Virtual Machine Management Pack	91
Virtual Machine Management Pack interface overview	91
Virtual machine host	91
Virtual machine guest	93
Configured and unconfigured virtual machine hosts	94
Configured	95
Unconfigured	95
Task execution process	95
Using Virtual Machine Management Pack controls and tools	95
Starting or resuming a virtual machine guest (Windows or Linux)	96
Shutting down or stopping a virtual machine guest (Windows or Linux)	97
Suspending a virtual machine guest	97
Resetting or restarting a virtual machine guest	98
Copying a virtual machine guest (Windows or Linux)	98
SUSE Linux scenario	99
Moving a virtual machine guest (Windows or Linux)	99
Creating a virtual machine guest template	101
Deploying a virtual machine guest template	102
Creating a virtual machine guest backup	102
Restoring a virtual machine guest backup	103
Restoring the most recent virtual machine guest backup	104
Recovering virtual machines of a failed host on a VMware ESX Server or HP integrated Citrix XenServer	104
Setting an alternate virtual machine host on a VMware ESX Server or HP integrated Citrix XenServer	104
Removing an alternate virtual machine host on a VMware ESX Server or HP integrated Citrix XenServer	105
Launching VNC	105
Restarting the VMM Agent	105
Setting or removing the performance threshold	105
Registering virtual machine hosts	106
Registering virtual machine hosts using the command line interface	106
Registering virtual machine hosts for Linux CMS	106
Launching remote access	107
Launching Remote Console	107
For VMware ESX Server 2.5.x	108
For VMware Server	108
Launching Remote Desktop	108
Updating the HP SIM certificate on the Virtual Machine Management Service	108
Unregistering virtual machine hosts	108
Configuring the xapi port for HP integrated Citrix XenServer	108
Configuring WMI Mapper proxy server settings for Hyper-V	109
Configuring the polling frequency for virtual machine status checks	109
Handling prefailure events	109
Handling automatic prefailure events	109
Prerequisites	110
Handling automatic prefailure events using the VirtualCenter DRS cluster enabled in the VirtualCenter Server	110
Handling semi-automatic prefailure events with the VirtualCenter DRS cluster enabled in the VirtualCenter server	110
Handling automatic prefailure events using the Set Alternate host feature	111
Handling semi-automatic events using the Set Alternate host feature	111
Handling automatic prefailure events using Citrix XenServer resource pool with HA enabled	111
Handling automatic prefailure events using Citrix XenServer resource pool with HA disabled	112
Prefailure event list	112
ProLiant system and environmental events	112
ProLiant storage events	112
Failed host recovery	114
Setting up the recovery feature	114
Creating a CriticalVmHost collection	115
Setting the alternate virtual machine host	115
Scheduling the recovery of virtual machines of failed hosts	115
Launching SCVMM	117
Microsoft Virtual Server Host System page	117
Microsoft Virtual Server Guest System page	118
Launching VC	118
VMware ESX Server Host System page	118
VMware ESX Server Guest System page	118
VirtualCenter information	119
Configuring Virtual Machine Management Pack on a Microsoft Cluster Server	120
Configuring Virtual Machine Management Pack on an HP integrated Citrix XenServer resource pool	120
Considerations on VMM-enabled and HA-enabled resource pool:	120
Configuring Virtual Machine Management Pack for Hyper-V hosts Microsoft failover cluster	120
Multisystem aware tools available	121
Performance information	121
Displaying virtual machine host performance information	121
Virtual machine host performance	121
Virtual machine performance	122
Displaying virtual machine guest performance	123
Virtual machine performance	123
Resource allocation	123
Performance color codes	124
Virtual Machine Management Pack infrastructure	124
7 Reporting	125
Reporting in HP SIM	125
Software inventory details	126
Printing reports	126
Sample PMP CSV file	126
PMP measurement categories	127
Servers	127
Servers with MSVS or VMware GSX (VM Host)	127
Servers with VMware ESX (VM Host)	128
VM guest	128
Smart Array controllers	128
Smart Array logical drives	129
Smart Array physical arrays	129
SCSI buses attached to Smart Array controllers	129
Fibre Channel host bus adapters	129
Fibre Channel enclosures	129
SCSI adapters	130
SCSI buses attached to SCSI adapters	130
SCSI drives attached to SCSI adapters	130
IDE controllers	130
Network adapters	130
Host buses	131
Sample PMP system summary report	131
System summary report for a server or MSVS/VMware GSX Host	131
System summary report for a VMware ESX Host	132
System summary report for a VM Guest	133
Overall PMP performance	134
Sample PMP Static Analysis report	135
Sample PMP Server Availability report	135
Viewing patch installation status	135
Viewing patch installation status by patch	136
Viewing patch installation status by search filter	136
Viewing patch installation status by system	136
8 Troubleshooting	137
General troubleshooting	137
General installation issues	137
ASP.NET 1.1 installation error	139
IIS error message appears during installation	139
Applying and assigning HP Insight Software suite licenses from HP SIM license manager	140
HP Insight Software licensing menus do not appear	140
Verifying environment functionality with Insight Software Advisor	140
HP Insight Software installation does not accept username, but password is already accepted by HP SIM	140
Updating passwords	140
Uninstalling HP Insight Software	141
Vulnerability and Patch Management Pack troubleshooting	142
VPM installation and configuration	142
Viewing VPM installation logs	142
VPM installation updates MDAC and MSDE	142
An error occurs when installing MSDE files from a Remote Desktop session	142
“STAT Scanner WSI Requires IWAM and IUSR” error occurs during VPM installation	142
Installation fails with “Product RMS not installed: Service RMS error. The specified service does not exist as an installed service (0x424)” message	143
VPM installation fails	143
Cannot modify VPM acquisition settings to acquire updates from a local repository	143
Required open ports	143
Modifying firewall configuration settings	144
Configuring a DNS server	144
All target systems do not have the same administrator credentials	145
Multiple VPM servers	145
Administrator credentials have been changed	145
Uninstalling Vulnerability and Patch Management	145
Remaining VPM files	146
Reinstalling VPM	146
Vulnerability scans	146
Vulnerability and Patch Management cannot access target systems	146
Windows	147
Windows XP	147
Linux target systems	147
Scan reports cannot be viewed	147
A scan was submitted but never started	147
Scan results are inaccurate because of overlapping tasks	147
Current patch information is not displayed in scan reports	148
Patches and configuration fixes	148
VPM Patch Agent installation fails	148
A patch acquisition was started, but no patches are seen	148
HTTP 300 errors received during patch acquisition	149
Patches appear in a scan report but are not successfully deployed	149
Check for missing patches	149
Validating VPM Patch Agent installation	149
Patch installation status reports are not current or do not match information that appears in scan reports	149
Other tools report that a Windows system is patched, but Vulnerability and Patch Management reports patches needed	150
Patch source for vendor patches is Microsoft or Red Hat	150
Multiple events listed in HP SIM for patch deployments	150
STAT Scanner update error listed in the HP SIM event log	150
Radia internal error listed in the HP SIM event log	150
“Abuse of Service” error occurs when attempting to acquire Red Hat patches	150
Validate Installed Patches event does not complete	150
HP SIM integration	150
9 Technical support	151
HP Software Technical Support and Update Service	151
HP Installation and Startup Service for BladeSystem Integrated Manager infrastructure	151
HP contact information	152
A HP Performance Management Pack measurement parameter matrix	153
Static analysis	153
ATA disk array	153
ATA Disk Array Status	153
ATA Disk Array Inventory	153
ATA disk	154
ATA Disk Status	154
ATA Disk Inventory	154
Drive array	154
Drive Array Status	154
Drive Array Inventory	154
External storage enclosure	154
External Storage Enclosure Status	155
External Storage Enclosure Inventory	155
Fibre Channel host bus adapter	155
Fibre Channel Host Bus Adapter Status	155
Fibre Channel Host Bus Adapter Inventory	155
Host buses	155
Host Buses Status	156
Host Buses Inventory	156
IDE channel	156
IDE Channel Status	156
IDE Channel Inventory	156
IDE controller	156
IDE Controller Status	156
IDE Controller Inventory	156
Logical drive	156
Logical Drive Status	157
Logical Drive Inventory	157
Memory	157
Memory Status	157
Memory Inventory	158
Network adapter	158
Network Adapter Status	158
Network Adapter Inventory	158
Network connections	158
Network Connections Status	158
Network Connection Inventory	158
Network port	158
Network Port Status	159
Network Port Inventory	159
Network storage array	159
Network Storage Array Status	159
Network Storage Array Inventory	159
Network storage controller	159
Network Storage Controller Status	160
Network Storage Controller Inventory	160
Network storage enclosure	160
Network Storage Enclosure Status	160
Network Storage Enclosure Inventory	160
Network storage logical drives	160
Network Share Status	160
Network Share Inventory	161
PCI bus	161
PCI Bus Status	161
PCI Bus Inventory	161
Processors	161
Processors Status	161
Processors Inventory	162
SCSI adapter	162
SCSI Adapter Status	162
SCSI Adapter InventoryController Configuration	162
SCSI storage enclosure	162
SCSI Storage Enclosure Status	163
SCSI Storage Enclosure Inventory	163
SCSI drive	163
SCSI Drive Status	163
SCSI Drive Inventory	164
Server metrics	164
Server status	164
Server inventory	164
Smart Array controller	164
Smart Array Controller Status	165
Smart Array Controller Inventory	165
Smart Array SCSI drive	165
Smart Array SCSI Drive Status	165
Smart SCSI Drive Inventory	165
SATA Drives	166
SATA Drive Status	166
SATA Drive Inventory	166
SAS Drives	166
SAS Drive Status	166
SAS Drive Inventory	167
Storage components	167
Storage Status	167
Storage Inventory	167
B HP Vulnerability and Patch Management infrastructure requirements and additional VPM functionality	169
Infrastructure	169
VPM hardware requirements	170
VPM software requirements	170
VPM Acquisition Utility requirements (optional)	171
Target systems	171
Provided scans	171
Updating VPM credentials using the Change VPM Credentials Utility	172
Backing up and restoring the Vulnerability and Patch Management	172
Component backup	173
Component restoration	173
Reinstalling Vulnerability and Patch Management to a new host	173
Vulnerability and Patch Management events	173
Scan events	173
Patch and fix events	174
Acquisition events	175
Miscellaneous events	175

Match case Limit results 1 per page

Results for all scans performed on the selected system appear.

Select the scan results to view, and click

View

Customizing vulnerability scan definitions

You can create custom scans from the default system scans. Custom scans are updated automatically with

the corresponding vulnerability updates when the default system scans are updated.

To customize the provided vulnerability scans or previously created custom vulnerability scans:

Select

Diagnose

→

Vulnerability and Patch Management

→

Customize Scan.

Select a default system scan or a previously created custom scan to modify, and then click

Edit

. A list

of vulnerabilities appears. Clicking the entry in either the

Vulnerability ID

Advisory

column displays

additional information about the vulnerability.

Select one or more vulnerabilities to include in the custom scan definition.

Enter a name and description for the new customized scan, and click

Save

You must rename the customized vulnerability scan. You cannot save a modified default Vulnerability

and Patch Management scan using the original scan name.

You can delete only custom vulnerability scans. You cannot delete the default system scans provided with

VPM.

To delete a customized scan:

Select

Diagnose

→

Vulnerability and Patch Management

→

Customize Scan.

Select the custom vulnerability scan to delete, and click

Delete

To confirm the deletion, click

when prompted.

Deleting scan results

Vulnerability and Patch Management scan results can be deleted for a specified scan or for an individual

system. Removing results breaks the links to the results in the events and the system list. Run another scan to

create new results for the system.

Deleting scan results by scan name

Select Diagnose

→

Vulnerability and Patch Management

→

Scan

→

View Results by Scan Name

Select the appropriate scan or scans, and then click

Delete

. All results associated with the selected scan

are deleted.

Deleting scan results by system

Select Diagnose

→

Vulnerability and Patch Management

→

Scan

→

View Results by System

Select the individual system for which you want to delete the results from, and then click

Apply

Verify that the correct target systems appear in the lists. To reselect target systems, click

Add Targets

Remove Targets

, and then click

Results from all scans performed on the selected system appear. Select the scan results to delete, and

then click

Delete

Deploying patches and fixes

The following sections describe deploying HP Vulnerability and Patch Management Pack patches and fixes.

Deploying patches and fixes based on a vulnerability scan

You can deploy patch and configuration fixes immediately or schedule them for deployment later. You can

select patches individually from the database for deployment to all systems or any combination of specified

systems without performing a scan, or deploy patches and fixes for all vulnerabilities identified in a particular

scan.

Patches that come from software vendors can update existing software, registry, or configuration settings or

files. Configuration fixes resolve incorrect system settings that can leave the system open to security threats,

such as open ports or services running that are not required.

Vulnerability scanning and deploying patches and fixes