HP Web Jetadmin 8.0 Credential Store Feature

Similar documents
Configuring Security Mitigation Settings for Security Bulletin HPSBPI03569 Protecting Solution Installation Settings

HP D6000 Disk Enclosure Direct Connect Cabling Guide

External Devices User Guide

External Devices User Guide

HPE Security ArcSight Connectors

External Devices. User Guide

Configuring Embedded LDAP Authentication

HPE StoreEver MSL6480 Tape Library CLI Utility Version 1.0 User Guide

HP Operations Orchestration

HP JETADVANTAGE SECURITY MANAGER. Adding and Tracking Devices

External Devices User Guide

HP BLc Intel 4X QDR InfiniBand Switch Release Notes. Firmware Version

Configuring LDAP Authentication for HPE OBR

HP 3PAR OS MU3 Patch 18 Release Notes

Achieving regulatory compliance with reports from ProCurve PCM, IDM, and NIM

HP 3PAR OS MU1 Patch 11

HP OfficeJet 200 Mobile Printer series. Bluetooth Setup Guide

Achieve Patch Currency for Microsoft SQL Server Clustered Environments Using HP DMA

HP SmartTracker. Installation guide

HPE 1/8 G2 Tape Autoloader and MSL Tape Libraries Encryption Kit User Guide

HP 3PAR OS MU3 Patch 17

HP Mobile Remote Control (Select Models Only) User Guide

HPE Intelligent Management Center

QuickSpecs. HP StorageWorks Command View SDM. Models. Models Feature List

HPE Intelligent Management Center v7.3

HPE Knowledge Article

Enabling High Availability for SOA Manager

HP Operations Orchestration

HP Intelligent Management Center Remote Site Management User Guide

Guest Management Software V2.0.2 Release Notes

HP Device Manager 4.7

Standardize Microsoft SQL Server Cluster Provisioning Using HP DMA

HP IDOL Site Admin. Software Version: Installation Guide

HP Operations Orchestration

Management and Printing User Guide

HPE Automatic Number Plate Recognition Software Version: Automatic Number Plate Recognition Release Notes

External Media Cards User Guide

Sales Certifications

HP Data Protector Media Operations 6.11

HP Business Availability Center

HP Visual Collaboration Desktop. Getting Started

LASERJET ENTERPRISE M4555 MFP SERIES. Quick Reference Guide

External Media Cards User Guide

HP Point of Sale (POS) Peripherals Configuration Guide Barcode Scanner

HP Storage Mirroring Application Manager 4.1 for Exchange white paper

HP Disk File Optimizer for OpenVMS Release Notes

Virtual Recovery Assistant user s guide

HPE Knowledge Article

CREATE AND USE VARIABLE DATA

Introduction...2. Executive summary...2. Test results...3 IOPs...3 Service demand...3 Throughput...4 Scalability...5

Internal Cabling Guide for the HP Smart Array 6400 Series Controller on an HP Integrity Server rx7620

Best Practices When Deploying Microsoft Windows Server 2008 R2 or Microsoft Windows Server 2008 SP2 on HP ProLiant DL980 G7 Servers

HP-UX Software and Patching Management Using HP Server Automation

HP JETADVANTAGE SECURITY MANAGER. Credential Management

WIDS Technology White Paper

HP Fortify Scanning Plugin for Xcode

Release Notes: ProCurve Mobility Manager Version 1.0, Update 1

HP LF Printing Knowledge Center

BACK UP, RESTORE, AND CLONE AN HP WEB JETADMIN INSTALLATION

Modem Command Guidelines HP Notebook Series

Configuring RAID with HP Z Turbo Drives

Configuring and Troubleshooting MS DFS links in an HP CIFS Server (Samba) Environment

HPE Network Node Manager i Software

HP Database and Middleware Automation

HP UFT Connection Agent

HP Service Health Reporter

HPE Security ArcSight SmartConnectors. Format Preserving Encryption Environment Setup Guide

HP 3PAR OS MU2 Patch 11

Disclaimer. Warranty

HP Data Protector A Support for Windows Vista and Windows Server 2008 Clients Whitepaper

HPE 3PAR OS MU5 Patch 49 Release Notes

HPE WBEM Providers for OpenVMS Integrity servers Release Notes Version 2.2-5

HP AutoPass License Server

HP StorageWorks Enterprise Virtual Array 4400 to 6400/8400 upgrade assessment

QuickSpecs. What's New HP 120GB 1.5Gb/s SATA 5400 rpm SFF HDD. HP Serial-ATA (SATA) Hard Drive Option Kits. Overview

HP Deskjet 6800 series

HPE RDX Utility Version 2.36 Release Notes

This guide describes features that are common to most models. Some features may not be available on your computer.

External Media Cards. User Guide

QuickSpecs. HP 1U Rackmount Keyboard with USB. Overview

HP ALM. Software Version: patch 2. Business Views Microsoft Excel Add-in User Guide

HP Intelligent Management Center v7.1

UCMDB Zeus History. Copyright 2012 Hewlett-Packard Development Company, L.P.

HP Color LaserJet Managed E55040 Series Firmware Readme

Replacing the Battery HP t5730 and t5735 Thin Clients

HP Data Protector 7.00 encrypted control communication certificates management

HPE Intelligent Management Center

QuickSpecs. HP Data Protector for Notebooks & Desktops software part numbers HP Data Protector for Notebooks & Desktops100 Pack

HP Storage Manager User Guide. May 2005 (First Edition) Part Number

RealPresence Platform Director

WLAN high availability

HPE ALM Excel Add-in. Microsoft Excel Add-in Guide. Software Version: Go to HELP CENTER ONLINE

Web Point and Print White Paper

HP Network Node Manager i Software Step-by-Step Guide to Scheduling Reports using Network Performance Server

Computer Setup (F10) Utility Guide HP Elite 7000 MT Series PCs

StoreEver LTO-7 Tape Drive Open Source Software Release Notes

HP Data Center Automation Appliance

TRIM Integration with Data Protector

QuickSpecs. Aruba ClearPass Guest Software. Overview. Aruba ClearPass Guest Software A ClearPass Policy Manager Application.

QuickSpecs. HP Serial-ATA (SATA) Hard Drive Option Kits. Overview

Transcription:

HP Web Jetadmin 8.0 Credential Store Feature Table of Contents: Overview...1 The Credential Store...1 Interacting with the Credential Store...2 Configuration of Device Credentials...2 Example...3 Credential Error Recovery...3 Credential Store Configuration...4 Example...4 Profile Rights to Credential Store...4 A Note about SNMP Set and Get Community Names...4 Summary...5 Overview Web Jetadmin is a web-based application that provides remote management capabilities for HP and non-hp printing and imaging products. Web Jetadmin interacts with devices to give the administrator remote information gathering and device parameter configure capabilities. One or a few different credentials (passwords and or SNMP community names) may be set on devices to prevent unwanted printer configuration. HP Web Jetadmin has always interacted with device credentials but the mechanism by which these are handled in 8.0 has changed. This white paper covers changes as well as new HP Web Jetadmin user interface features associated with these changes. The Credential Store HP Web Jetadmin versions 7.8 and earlier did very little to cache credentials. Web Jetadmin tested devices for the presence of credentials and then prompted the user if credentials were present.

When interacting with small groups of devices or even single devices, this worked well. However, when large batch operations were performed, checking credentials and authenticating on a deviceby-device basis had a negative impact on performance. The new credential store feature was developed because: Credential caching facilitates true unattended batch operations also saves the administrator from having to remember or share credentials. Application and device administrators can fully secure device credentials by assigning print operators permission to access device configuration at the application level. Fully secure credential storage that is separate from the Web Jetadmin cache. Removing the device from cache does not clear the credential from the store. Web Jetadmin 8.0 no longer tests and prompts for credentials as it did in past revisions. It now attempts batch or single device operations and then logs a failure if a credential does not exist or if the wrong credential was attempted. It leverages any credential values that are in the credential store for a specific device. The credentials store is much like a mini-cache that is used exclusively for keeping these items secure in a virtual vault which is protected by the Windows Security API (or OpenSSL certificates in the case of Web Jetadmin for Linux.) The credentials that can be stored to this vault are: 1 Device Password Device Embedded Web Server Password File System Password SNMPv3 user credential and pass phrases SNMP Set Community Name SNMP Get Community Interacting with the Credential Store The credential store uses device-unique credential values for each configuration attempt. During any device configuration, the credential store is referenced; if a credential exists in the store, is retrieved and used. It is important to remember that the device credentials must be stored by way of some interaction between HP Web Jetadmin, users, and devices. Covered here are three interactions that will cause credentials to be stored. Configuration of Device Credentials Whenever a credential (such as a device password or SNMP Set Community Name) is configured onto a device using HP Web Jetadmin, it also becomes stored in HP Web Jetadmin s Credential Store. The next time the credential is required; HP Web Jetadmin retrieves it from the Credential Store and applies it to whatever configuration is being attempted. The configuration of credentials onto devices (and thus onto the Credential Store) can be accomplished in single or batch modes. When done in batch mode, all credentials stored in both HP Web Jetadmin and on the devices are common. 1 The HP Web Jetadmin product teams continue to strive toward making management or device security simpler. The device password credential will be discontinued in future releases of HP Web Jetadmin. Other security features such as SNMPv3 will continue to enable device security. Watch for more information regarding HP Web Jetadmin and device security.

Example Larry has responsibility to manage 20 devices that are in the Web Jetadmin device group named BoiseBldg25. None of these devices are configured with credentials. Larry would like to use the SNMP Set Community Name and decides on the character string teaml. Pat selects all 20 devices in his group and then selects Configure from the Device Tools menu. He then uses Configure Devices from within the batch configuration feature to configure the string teaml as the SNMP Set Community Name. The string teaml is saved onto each device s Set Community Name and Credential Store. From this point forward, when Larry uses Web Jetadmin to configure these devices, teaml is retrieved from the Credential Store and used for each SNMP Set operation. Credential Error Recovery As stated earlier, when Web Jetadmin cannot configure a device because of an incorrectly stored credential value or because there is no credential stored, the action is logged as an Invalid Credential failure. The logged item will either appear to the user as the result of some attempted action and/or will always appear in the View Log area in Web Jetadmin. Each occurrence of a device failure will provide a link (Figure 1) that, when chosen, provides a way to enter the correct credential (Figure 2). Once the credential is provided by the user, the credential is added to the store. The user is then returned to the config page to -perform the operation again. Figure 1 Configuration Results Log This feature would, of course, be time consuming if a large number of devices were presented through the log. A user would have supply credentials to every device failure that was logged, one at a time. It would, of course, be very easy to simultaneously complete a configuration and save values to the credentials store for a single device or a small number of devices. Figure 2 Store Credential

Credential Store Configuration Adding or changing credential values on the store for large numbers of devices is made easy by using a feature found in the batch configuration user interface (Figure 3). Simply select the devices from any list and choose Configure from the Device Tools menu. Once the interface is displayed, select the tab labeled Credential Store. This loads the controls necessary for updating existing or adding new credentials to the Web Jetadmin. This does NOT configure credentials onto devices. Once credential types have been selected, enter the values into the interface and choose Apply. After these values have been stored, Web Jetadmin will reference them on a per-device basis each time a device configuration is performed. Example Chris has just implemented HP Web Jetadmin 8.0 and has 350 devices that are configured with both device passwords and SNMP Set Community Names. Since Chris won t be changing the values of either of these device security items, she will need a way to initially load the Credential Store. Chris simply selects the devices from a listing such as a group or the All Devices list, chooses configure and then navigates to the Credential Store feature. Then, Chris can save both SNMP Set Community Names and device passwords to the store. Figure 3 Batch Configure Credential Store Profile Rights to Credential Store Protecting a device s credentials on the basis of Web Jetadmin profiles is new in version 8.0. As stated earlier, Web Jetadmin 7.8 and previous revisions checked a device for credentials and then challenged the Web Jetadmin user regardless of the profile. With the Credentials Store, one or more HP Web Jetadmin profiles are assigned rights to each device s Credential Store. Of course, the Admin profile always has rights to every device s Credentials Store. Profiles gain rights to a device s store by assigning credentials to the Credentials Store. If a user, operating under a profile, configures a credential onto a device then that profile will have rights to configure that device. Any time the device is configured by that profile, HP Web Jetadmin allows the configuration to occur and uses credential values from the Credentials Store. If a user operating under a different profile attempts configuration, an Invalid Credential failure is logged and that profile is blocked from configuring that device. Multiple profiles can have rights to a device s Credential Store. Once a profile has rights established to a device s Credential Store, others can be added as well. Simply use HP Web Jetadmin to configure a device credential to the same value or use HP Web Jetadmin to batch configure the Credential Store (described above) while logged in under a specific profile. The action of doing this will grant a specific profile rights to the device s Credentials Store. A Note about SNMP Set and Get Community Names HP Web Jetadmin has always provided settings for global SNMP Set and Get community names. These values are sent to devices when HP Web Jetadmin is attempting to either read or write information. Once these global settings are changed, the new value is sent to the device rather than the default value.

The Credential Store offers HP Web Jetadmin another source for Set and Get community names (Figure 4). If one of these values exists in the store, HP Web Jetadmin uses it first. If the value in the store is wrong or does not exist, HP Web Jetadmin uses the default setting or the software global setting as applied by the user. NOTE: It is important to remember that Set and Get community names have been used to block unauthorized access to device configuration details and changes. Because SNMPv1 is a clear text protocol, the Set and Get string values are open to anyone monitoring network traffic. In security-sensitive environments, it is advised that the more secure SNMPv3 protocol be used to protect devices. Figure 4 Global Set and Get Community Names Summary The Credentials Store is another HP Web Jetadmin feature that offers users a faster and more efficient way to manage devices securely and easily on their networks. November 2005 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. Itanium is a trademark or registered trademark of Intel Corporation in the U.S. and other countries and is used under license.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback