Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Words and Phrases
| Search for | Example | Results |
|---|---|---|
| A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
|
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Using Boolean Operators
| Search for | Operator | Example |
|---|---|---|
|
Two or more words in the same topic |
|
|
| Either word in a topic |
|
|
| Topics that do not contain a specific word or phrase |
|
|
| Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
| A combination of search types | ( ) parentheses |
|
- Security Configuration
- Communication Configuration
- NNMi Data Encryption
- Providing a Password for Embedded Database Tools
- Allowing Non-Root Linux Users to Start and Stop NNMi
- Hardening Device Communication
- User Authentication
- Passwords
- Clickjacking Protection
- Configuring NNMi for FIPS 140-2 Level 1 Compliance
- Restrict Remote Access to NPS Databases
- Auditing
- Strengthen Security
- Start, Stop, or Restart All NNMi Services
- Start, Stop, or Restart All NNM iSPI Performance for Traffic Services
Configuring NNMi to Use FIPS 140-2-Validated Cryptographic Modules
This section explains how to configure NNMi to use Federal Information Processing Standards (FIPS) 140-2-validated cryptographic modules. FIPS guidelines provide a standard for security requirements for cryptographic modules defined by the National Institute of Standards Technology (NIST). This section explains how to configure NNMi to use cryptographic modules that are compliant with FIPS requirements.
Note You can configure only NNMi Premium (that is NNMi, NNM iSPI Performance for Metrics, and NNM iSPI Performance for QA) to be FIPS-compliant.
To be able to meet the requirements of the FIPS 140-2 standards, NPS and NNMi must be installed on the same server.
A new installation of NNMi 10.30 uses FIPS 140-2-validated cryptographic module (RSA BSAFE) for encryption and key management and supports Public Key Cryptography Standards #12 (PKCS #12) certificates. A new command—nnmkeytool.ovpl—helps in managing this PKCS #12 certificates. For more information about managing new PKCS #12 certificates, see the Managing Certificates section in the NNMi Deployment Reference.
In an upgraded NNMi environment, FIPS-compliant ciphers and algorithms are automatically used for most password encryption and network communication procedures. However, some legacy ciphers and algorithms do exist in the upgraded environment that do not meet FIPS guidelines.
To achieve the highest level of FIPS 140-2-validated cryptography, do the following:
- Use a new installation of NNMi 10.30
- By default, NNMi installs a self-signed certificate. recommends that you use CA-signed certificates and not the self-signed certificate. For more information about using the CA-signed certificates, see the Advanced Configuration section in the NNMi Deployment Reference.
- Follow configuration steps to disable some weaker SNMPv3 ciphers that are not FIPS-certified.
- Use only NNMi Premium.
- Install NNMi and NPS on the same system.
Note Despite meeting the requirements listed above, the following components of NNMi and NPS do not use the FIPS 140-2-validated cryptography: remote access to the NPS Console, Performance Troubleshooting window, and Performance tab of the Analysis pane in the NNMi Console
This section provides you with the steps to configure NNMi to use the highest level of FIPS 140-2-validated cryptography.
Prerequisite
Make sure to disable the HTTP mode of communication. See Enable HTTPS-Only Communication for more information.
Configure NNMi
Perform the following tasks to configure NNMi to use FIPS 140-2-validated cryptographic modules:
-
Task 1: Post-Upgrade Procedure: Encryption of Passwords
This procedure is relevant only if you upgraded to NNMi10.30 from an older version of NNMi.
If you did not use the
nnmsetcmduserpw.ovplcommand before upgrading NNMi to 10.30, skip this procedure.Tip Read the reference page of the
nnmsetcmduserpw.ovplcommand for more information.If you used the
nnmsetcmduserpw.ovplcommand to configure a valid NNMi User Name attribute value and NNMi Password attribute value to seamlessly run command line tools, you must follow these steps:- Log on to the NNMi management server as root or administrator.
-
Run the
nnmsetcmduserpw.ovplcommand again to configure all the NNMi credentials that were set before the upgrading NNMi to the version 10.30.Tip To find out all the users whose passwords were encrypted by using the
nnmsetcmduserpw.ovplcommand prior to upgrading NNMi to 10.30, find thenms-users.propertiesfile, and then check the content of the file. Multiple copies of thenms-users.propertiesfile may exist on the server.
- Configure Secure SNMPv3 Communication
- Select a FIPS-Compliant Algorithm for SNMPv3 Communication
We welcome your comments!
To open the configured email client on this computer, open an email window.
Otherwise, copy the information below to a web mail client, and send this email to network-management-doc-feedback@hpe.com.
Help Topic ID:
Product:
Topic Title:
Feedback: