Security for message communication between management servers is the same as that provided for the agent to server communication. By default, HPOM for Windows management servers use the HTTPS protocol to communicate with other management servers securely. If you need to forward messages to management servers that support only the DCE protocol, the communication is less secure.
NOTE:
HPOM for Windows cannot communicate with an HPOM for UNIX server
that runs Advanced Network Security (ANS).
By default, an HPOM for Windows management servers expects every message that it receives from another management server to contain a known agent ID. You can configure several settings that relate to agent ID checks.
Optional. Click Namespaces, and then click Message Action Server Message Filter. A list of values appears. The following table lists the values to configure.
Allow actions in forwarded messages with no agent ID |
To increase security, set this value to false so that the management server removes actions from forwarded messages that have an empty agent ID field. Most messages contain the agent ID that uniquely identifies the node that sends the message. The management server checks that the agent ID is valid for each message. However, HPOM for UNIX deployed DCE agents that have never received a policy from an HPOM for Windows management server send messages that have an empty agent ID field. By default, the management server removes all actions from this kind of message, except for forwarded messages. |
Disable agent ID check for forwarded messages |
This value configures whether the message filter skips the agent ID check for messages that it receives from another management server. If this value is false and the management server receives a message that contains an unknown agent ID but a known node name, the management server contacts the node to check the agent ID. If the management server cannot reach the node due to a firewall, the request for the agent ID takes several seconds to timeout. To increase performance, set this value to true so the management server skips this check. |
Ignore empty agent ID on proxy messages forwarded from HPOM for UNIX |
This value configures whether the message filter allows proxy messages without agent IDs (for example, SNMP traps), which HPOM for UNIX management servers can forward. If you set this value to true, the message filter does not discard the proxy messages with empty agent IDs that HPOM for UNIX forwards. |
Related Topics: