HP JetAdvantage Security Manager 10 Device E-LTU Benutzerhandbuch

Marke: HP

Modell: JetAdvantage Security Manager 10 Device E-LTU

Typ: Benutzerhandbuch

Dieses Handbuch ist auch geeignet für

JetAdvantage Security Manager 250 Device E-LTU

HP JetAdvantage Security Manager -

User Guide

ZUSAMMENFASSUNG

HP JetAdvantage Security Manager is a security compliance solution to create a security policy that assesses and monitors

the security settings for a eet of HP products.

Inhaltsverzeichnis

1 Introduction .................................................................................................................................................................................................1

2 Getting started with Security Manager....................................................................................................................................................3

Access the Security Manager application ...........................................................................................................................................3

Features of the Security Manager .......................................................................................................................................................3

Allgemeine Steuerungselemente und Benachrichtigungen............................................................................................................5

Was Sie zur Verfügung stellen müssen ..............................................................................................................................................6

3 Einrichten von Security Manager..............................................................................................................................................................7

Kongurieren der Einstellung von Security Manager .......................................................................................................................7

Congure General settings ...................................................................................................................................................................7

Install licenses.........................................................................................................................................................................................8

Set up Instant On Security ................................................................................................................................................................. 10

Congure the email server settings................................................................................................................................................. 13

Set up global credentials.................................................................................................................................................................... 14

4 Create a security policy........................................................................................................................................................................... 17

Policies page navigation..................................................................................................................................................................... 17

Create a policy ..................................................................................................................................................................................... 17

Edit a policy .......................................................................................................................................................................................... 18

Symbole im Richtlinien-Editor.................................................................................................................................................. 18

Set severity, remediation, and unsupported behavior to policy items in Quick Settings ............................................... 19

Set policy options for a single item ................................................................................................................................ 20

Set policy options for all the items or for a category .................................................................................................. 21

Set policy options for Firmware Security Assessment Reporting ............................................................................ 21

Export and Import policies................................................................................................................................................................. 21

Export a policy ............................................................................................................................................................................ 22

Import a policy............................................................................................................................................................................ 22

5 Using Security Manager .......................................................................................................................................................................... 23

Add and edit device information....................................................................................................................................................... 23

Erstellen einer Gruppe............................................................................................................................................................... 23

Erstellen einer manuellen Gruppe .................................................................................................................................. 23

Create an Automatic Group.............................................................................................................................................. 24

Discover devices ......................................................................................................................................................................... 25

Use Automatic Discovery to add or modify devices to a group ................................................................................. 25

Hinzufügen oder Ändern von Geräten zu einer Gruppe über die manuelle Erkennung......................................... 26

Edit a discovery task ......................................................................................................................................................... 27

Devices page navigation............................................................................................................................................................ 28

Export device details.................................................................................................................................................................. 29

Edit device and group information .......................................................................................................................................... 29

iii

Manage Groups.................................................................................................................................................................. 29

Add, remove, or delete a device from a group.............................................................................................................. 31

Assign a license manually ................................................................................................................................................ 31

Set device credentials....................................................................................................................................................... 32

Festlegen der SSL/TLS-Erzwingung............................................................................................................................... 34

Bewertung und Korrektur .................................................................................................................................................................. 34

Ausführen oder Planen einer Bewertung oder Korrektur.................................................................................................... 34

Task page navigation................................................................................................................................................................. 36

Modify a task............................................................................................................................................................................... 37

Starten einer Aufgabe....................................................................................................................................................... 37

Edit a task ........................................................................................................................................................................... 37

Delete a task....................................................................................................................................................................... 37

Anzeigen von Bewertungsergebnissen .................................................................................................................................. 38

View results from the Devices page ............................................................................................................................... 38

View results from the Reports page............................................................................................................................... 38

Setup alert subscriptions ................................................................................................................................................................... 38

Alert (subscriptions) page navigation...................................................................................................................................... 38

Create an alert subscription...................................................................................................................................................... 39

Edit, rename, or delete an alert subscription......................................................................................................................... 39

Run reports .......................................................................................................................................................................................... 40

Export and Schedule reports............................................................................................................................................................. 41

Generate reports and instantly export the reports .............................................................................................................. 41

Erstellen eines Zeitplans zum Exportieren von Berichten................................................................................................... 42

Edit or delete a created schedule............................................................................................................................................. 43

Export reports to customized locations ................................................................................................................................. 43

6 Use the HP Security Manager certicate management solution ..................................................................................................... 45

7 Position des Netzwerkports................................................................................................................................................................... 47

8 Rechtliche Hinweise................................................................................................................................................................................. 49

End User License Agreement ............................................................................................................................................................ 49

Copyrights ............................................................................................................................................................................................ 52

log4net license............................................................................................................................................................................ 52

nhibernate license...................................................................................................................................................................... 54

Anhang A Use the HP Security Manager certicate management solution....................................................................................... 61

Anhang B Position des Netzwerkports.................................................................................................................................................... 63

Anhang C Rechtliche Hinweise.................................................................................................................................................................. 65

End User License Agreement ............................................................................................................................................................ 65

log4net license............................................................................................................................................................................ 68

nhibernate license...................................................................................................................................................................... 70

Introduction1

HP JetAdvantage Security Manager (HP Security Manager) is a security compliance solution for a eet of HP

products. It enables administrators to create a security policy to reduce network risks and monitor security for a

eet of printers.

The key benets of using Security Manager are the following:

● Easily and quickly create device security policies. Intelligent prompts guide you through the process by

providing advice and recommendations as you congure the policy.

● Add device IP addresses or hostnames using the following methods:

– Import a text or XML le that contains the device information.

– Automatically or manually discover devices.

● Automatically assess/remediate devices when they are rst connected to the network using the Security

Manager Instant-On Security feature and allowing automatic remediation.

● Create a schedule to run assessments or assess/remediate devices at preset intervals.

To learn more about HP Security Manager see the following topics:

● Getting started with Security Manager auf Seite 3

● Einrichten von Security Manager auf Seite 7

● Using Security Manager auf Seite 23

Introduction

2 Kapitel 1 Introduction

Getting started with Security Manager2

Security Manager version 3.4 is a web-based application supported by the following browsers:

● Internet Explorer (IE) 11 or newer

● Edge 79 or newer (Chromium based)

● Chrome 60 or newer versions.

To view the main topics in HP Security Manager Home page, see Introduction auf Seite 1

The following sections will help you to get started with HP Security Manager:

Access the Security Manager application

Follow these steps to log into Security Manager:

1. Install HP Security Manager.

HINWEIS: For HP Security Manager installation instructions, see the HP JetAdvantage Security Manager

Installation and Setup Guide.

2. Make sure you have a supported web browser, and then open HP JetAdvantage Security Manager.

3. Make sure to add the user name to any of the following HPIPSC group for remote access to the web service:

● HPIPSC

● HPIPSC_Guest

● HPIPSC_Analyst

4. Type your username (Domain\username), password, and then click Login.

HINWEIS: If the login operation fails, HP Security Manager displays an error notication message. A

maximum of 5 invalid password attempts will lock the account for 30 minutes.

Features of the Security Manager

The HP Security Manager features are always present on the top menu tabs, providing a user to easily access

each function.

The top menu tabs include:

● Dashboard

The Dashboard tab is the default page that displays after a successful login. It provides a graphical overview

of the device eet in the following tabs:

– Current Fleet Status: Displays the current devices in the eet and provides the following information:

Getting started with Security Manager

○ Number of devices: The total number of devices in the eet and the number of licensed and

unlicensed devices.

○ The number of licenses for the devices.

○ Assessment status of the devices.

○ Not assessed status of the devices.

○ The number of days remaining for license to Expire.

– Historical Fleet Status: Displays the history of the devices in the eet depending on the number of

days selected in the Last Day(s) edit box. The Show data percentage option displays the percentage or

number in the report.

HINWEIS: The maximum selection for the number of days in the Last Day(s) edit box is “90”.

Depending on the range selected, it provides a comparative study of the rst and last date on the range

for the total number of devices, the assessment status, and not assessed status of devices.

HINWEIS: To select the rst date of the range, click on the bar graph. The last day of the range is

usually the current date.

● Policies

The Policies tab displays information of the number of policies and the status for each policy (valid, invalid,

or new). It allows you to create, edit, and import policies.

● Devices

The Devices tab displays information of the number of devices on the network, device identity information

(IP address, hostname, and model name), whether a device is supported, whether a license is assigned, date

assessed, most recent policy name used, and a group name associated with a device. Icons indicate whether

the device passed the assessment and the device status.

Use the Devices tab to perform the following tasks:

– Create a group to associate devices to the group and manage these groups.

– Discover devices connected to the network and add them to a group.

– Create a task to assess or assess and remediate a group of devices.

– Assign licenses, set credentials and verify devices.

● Tasks

The Tasks tab displays information of the status of tasks (completed, in progress, or scheduled), name and

type of a task, associated policy, group name, and the schedule of the tasks (the task last ran and the task

schedule to run). It provides options to create and schedule new assessment /remediation tasks. You can

schedule a task to run once or to repeat as necessary, such as daily, weekly, or monthly.

Use the New Task icon from the Policies, Devices, or Tasks tabs to create a new task, and then view the

assessments /remediations of devices in the Task tab.

● Alerts

The Alerts tab allows a user to create alerts based on set conditions for device groups and receive

notications.

Kapitel 2 Getting started with Security Manager

Use the Alert icon to create alerts from the Devices or Alerts tabs to receive notication.

HINWEIS: To receive alert notications, make sure to set the SMTP Server in the Automated Email

settings.

● Reports

The Reports tab provides options to run reports that display information about devices, policies, and

assessments.

Use the Executive Summary report in the Reports tab to review recommendations and device status. For

more information about the various reports (Devices assessed, Devices not assessed, Policy items assessed,

Recommendations, and Remediations), see,

Run reports auf Seite 40.

● Settings icon ( )

Displays the following options:

– Settings: Allows you to congure global settings.

– About HPSM: Displays a graphical overview of the software.

– Help: Provides information and instructions for HP Security Manager.

– Help (whitepapers): Displays list of Whitepaper links with additional Help information.

● Prole icon ( )

Displays the username (role assigned to a user), and a Logout button.

Security Manager assigns the following roles to users:

– Administrator: Enables a user to access all features and perform all operations in Security Manager.

– Analyst: Enables a user to access all features but perform limited operations in Security Manager. This

includes disabling the My Preferences and General options in Settings.

– Guest: Enables a user to only view the Dashboard and Reports tabs, it does not allow any interactive

operation.

HINWEIS: By default, the domain user account used for installing HP Security Manager is the administrator. To

add additional users, the administrator will add the domain user to an appropriate group based on a specic

role.

Allgemeine Steuerungselemente und Benachrichtigungen

Dieser Abschnitt enthält die Steuerelemente und Benachrichtigungen, die sich auf allen Registerkarten in HP

Security Manager wiedernden.

Allgemeine Steuerelemente im Listenfenster Geräte, Richtlinien und Aufgaben

●

– Filter - Sortiert oder ltert den Inhalt, der in einem Listenfenster basierend auf Filterkriterien angezeigt

wird. Die verfügbaren Filteroptionen hängen von den aktiven Spalten ab. Filteroptionen werden nur

angezeigt, wenn die entsprechenden Spalten (IP-Adresse, Bewertungsstatus, Unterstützte, Lizenzierte,

Gruppenmitgliedschaft oder Gerätestatus) angezeigt werden.

Allgemeine Steuerungselemente und Benachrichtigungen

– Suchen - Sucht nach Zeichenfolgen im Listenfenster.

– Sortieren – Ermöglicht die Sortierung jeder Spalte im Listenfenster Geräte. Klicken Sie auf den Pfeil

neben einer Spaltenüberschrift, um die Spalte zu sortieren. Um die Reihenfolge der Spalten zu ändern,

können Sie die Spalten per Drag-and-Drop bewegen.

Häuge Benachrichtigungsarten

HINWEIS: Alle Benachrichtigungen werden nach fünf Sekunden verworfen.

●

– Erfolgsmeldung: Eine Meldung auf grünem Untergrund zeigt einen erfolgreich ausgeführten Vorgang

an.

– Informationsmeldung: Eine Meldung auf blauem Untergrund zeigt die Bereitstellung von Informationen

über das System an.

– Fehlermeldung: Eine Meldung auf rotem Untergrund zeigt einen fehlgeschlagenen Vorgang an.

Was Sie zur Verfügung stellen müssen

Im Folgenden sind die Basisanforderungen zur Verwendung von HP Security Manager aufgeführt:

● Ein unterstützter Microsoft Windows Computer.

Folgende Microsoft Windows 64-Bit-Betriebssysteme werden unterstützt:

– Windows Server 2019, 2016, 2012, 2012 R2 und 2008 R2.

– Windows 10, 8.1 und 8.

● HP Security Manager wird in einer VMware-Umgebung unterstützt.

Anforderungen: Microsoft Windows Server 2012 R2 oder höher (64-Bit-Versionen) ist ein kompatibles

Gastbetriebssystem in VMware ESX und ESXi Versionen 4.0 Update 4 oder höher.

● Ein unterstütztes HP Gerät (Drucker, MFP, digitaler Absender oder ein unterstütztes Zebra-Gerät).

Die aktuelle Liste der unterstützten HP Geräte nden Sie unter www.hp.com/go/SecurityManager.

● Die neueste Version der HP Gerätermware.

HP empehlt, die neueste Version der Firmware zu installieren, um sicherzustellen, dass die Geräte die

neuesten Sicherheitsupdates und -funktionen enthalten. Anweisungen zum Firmware-Upgrade nden Sie in

den mit dem Gerät bereitgestellten Installations- oder Benutzeranleitungen.

● Die neueste Version der Firmware für HP JetDirect.

HP JetDirect-Karten erfordern Firmware-Version 40.xx oder neuer. Anweisungen zum Firmware-Upgrade

nden Sie in den mit HP JetDirect bereitgestellten Installations- oder Benutzeranleitungen. Für Produkte mit

integrierten NIC wird immer empfohlen, die neueste Firmware zu verwenden.

Kapitel 2 Getting started with Security Manager

Einrichten von Security Manager3

Legen Sie mithilfe der Anweisungen in diesem Abschnitt die Einstellung für Security Manager fest.

Kongurieren der Einstellung von Security Manager

Erfahren Sie, wie Sie die Einstellung von HP Security Manager.

1. Melden Sie sich bei HP Security Manager an, wählen Sie das Menüsymbol Einstellungen ( ) und dann die

Option Einstellungen.

2. Wählen Sie zum kongurieren der Einstellungen im linken Navigationsbereich eines der folgenden Menüs:

● Meine Einstellungen - So wählen Sie das Zeitformat (12 oder 24 Stunden)

● Allgemein – So kongurieren Sie die Einstellungen für die Gerätekorrektur und die Auösung des

Hostnamen.

● Lizenzen – So installieren Sie Lizenzen von Security Manager.

● Instant-On Security – So ermitteln und kongurieren Sie Geräte, wenn diese erstmalig mit dem

Netzwerk verbunden werden.

● Automatisierte E-Mail- – So richten Sie E-Mail-Einstellungen ein und benachrichtigen Empfänger.

● Globale Anmeldedaten – So richten Sie globale Anmeldedaten zur Überprüfungen von Anmeldedaten

für das Gerät ein.

● Serviceintegration - So richten Sie die Integration mit Qualys ein.

Mehr zu den Hauptthemen auf der Startseite HP Security Manager nden Sie unter Introduction auf Seite 1

Congure

General settings

HP recommends verifying the global remediation setting that controls whether an out-of-compliance device is

remediated (corrected) during the assessment process.

HINWEIS: To control how individual out-of-compliance policy items are processed during remediation, use the

policy's Quick Settings (Policy). For more information, see Set severity, remediation, and unsupported behavior

to policy items in Quick Settings auf Seite 19.

HINWEIS: HP Security Manager resolves IP addresses to hostnames only during the initial discovery. To resolve

IP addresses to hostnames at a later time, delete the device, and then add the device again.

Follow these steps to set the device remediation and hostname resolution option:

1. Melden Sie sich bei HP Security Manager an, wählen Sie das Menüsymbol Einstellungen ( ) und dann die

Option Einstellungen.

Einrichten von Security Manager

2. On the left navigation pane, in the General menu, select the appropriate remediation option for devices:

● Enable device remediation (Remediate and Report) - This is the default option selected and enables to

remediate out-of-compliance devices.

● Disable device remediation (Report Only) - Select this option to disable remediation.

HINWEIS: To prevent accidental changes to devices on the network, disable device remediation. When

this option is selected, the setting applies to all policies and takes precedence over an individual policy's

advanced remediation settings (Quick Settings (Policy)).

3. In the Hostname Resolution section, enable or disable the Resolve IP addresses to hostnames when devices

are added option.

HINWEIS: This option is enabled by default and allows HP Security Manager to resolve IP addresses to

hostnames when devices are added. When set to enabled, this option requires that the DNS entry functions

in both directions. Otherwise, the device import fails, and the hostname will not be added during discovery.

To disable the option, select to clear the check box.

4. In the Repetitive Remediation Report section, enable or disable the Enable Reporting option.

By default, this option is disabled. When enabled, it reports devices that are continually out-of-compliance

and has the following reporting features:

● Remediation Threshold: Type the number of remediation attempts for devices that are reported

continually out-of-compliance.

● Renew Reporting: Select the time period (month, start date, and type in a start time) to reset the

remediation attempts count for devices.

HINWEIS: Repetitive Remediation Report is renewed instantly for an elapsed start date and time.

5. In the Device Assessment History section, enable or disable the Enable Reporting option. By default, this

option is set to enabled and allows to set Save Assessment data.

6. Select an option under the Remove historical data section to remove Recommendation and Remediation

data older than specied days to free up disk space.

HINWEIS: The latest report will not be removed.

7. Click Save.

HINWEIS: If the default selections have not been changed, the Save button will remain disabled.

Install licenses

Licenses are provided using a license

le. To create a policy, or to assess and remediate the devices on the

network, install a HP Security Manager device license. Without a device license, all other actions are available,

such as sorting, ltering, and verifying.

HINWEIS: HP Security Manager is installed with a demonstration license that allows a limited assessment for

up to 50 devices. Only a demonstration policy is available for use and the Policy Editor is limited to a few items.

This license is overridden when a trial or full license is installed. Contact your HP representative for more

information.

Kapitel 3 Einrichten von Security Manager

HINWEIS: If HP JetAdvantage Security Manager service is not running, an error message will display on the HP

Security Manager application.

The purchase of HP Security Manager should include device licenses.

● Licenses are node locked using the HPSM's server MAC address.

● After licenses are installed, devices are automatically licensed when the following actions occur:

– when adding devices using a text or xml le. For more information, see Hinzufügen oder Ändern von

Geräten zu einer Gruppe über die manuelle Erkennung auf Seite 26.

– when discovering devices using the Instant-On Security feature. For more information, see Set up

Instant On Security auf Seite 10.

● If there are insuicient licenses available during an import, the devices are added but not licensed. For

devices that are not licensed, add licenses in the Settings page, and then use the Assign Licenses icon

located in the device toolbar in the Devices page.

HINWEIS: To reduce the risk of depleting all the licenses, make sure that there are enough licenses before

importing.

● To return licenses to the license pool, delete the licensed device.

HINWEIS: Deleting a licensed device removes that device's historical data.

License Settings

The License Expiry Threshold text box is for temporary licenses and allows a user to set up a notication of the

number of days before a license expires.

Follow these steps to install licenses or add additional licenses:

1. Melden Sie sich bei HP Security Manager an, wählen Sie das Menüsymbol Einstellungen ( ) und dann die

Option Einstellungen.

2. On the left navigation pane, click Licenses.

3. Click Add Licenses.

4. Locate where the license le (.lic) is stored in the le browser and double-click to open the le.

HP Security Manager reads the license le and updates the Settings page with the available licenses and

expiration information.

This includes the number of days remaining before the license expires. A license warning message will

display before the license expires.

If an error displays, the causes are:

● HP Security Manager cannot connect to the license server.

● HP Security Manager tried to update a demonstration license. A new demonstration license will not

override an existing demonstration license.

● HP Security Manager tried to install a demonstration license when a normal license is currently

installed.

● HP Security Manager tried to install the same license le.

Install licenses

● HP Security Manager tried to install a corrupted or invalid license le.

5. Click View License Details to open the Individual License Details window. It contains details about the

Individual license.

HINWEIS: If there is mismatch in the license reported via dierent Flexera APIs then an extra Note is

shown in Individual License Details window reporting this inaccuracy in license count.

6. In the License Expiry Threshold text box, type a number from 7 to 60.

HINWEIS: Depending on the number of days congured, the application will display a license warning

message after a user logs into the application. This message will provide information of the number of days

remaining when the license expires.

Set up Instant On Security

HP Enterprise printers running the latest rmware version use the Instant-On Security and the HP Device

Announcement Agent features to automatically announce their presence to HP Security Manager when they are

rst connected to the network.

To discover and congure devices across applications like HP Security Manager, HP Web Jetadmin and HP

JetAdvantage Connector (JAMC), congure the Primary Listener and the Secondary Listener options. The “Device

Announcement Agent (DAA) server” is called the Primary Listener. The work of the Primary Listener is to route

devices to the Secondary Listener. HP Security Manager is a primary or secondary listener and HP Web Jetadmin

can only be a secondary listener.

HINWEIS: Automatic assessment/ remediation of newly discovered devices requires a device license and a

valid initial assessment policy.

HINWEIS: To implement Instant-On Security, the device must support HP Device Announcement Agent.

For a list of devices that include HP Device Announcement Agent, go to www.hp.com/go/SecurityManager.

Automatic discovery requires that the Accept Device Announcements feature is enabled (disabled by default) and

the device's HP Device Announcement Agent feature is enabled (enabled by default). In addition, the corporate

DNS server must be congured with an entry that points the hostname hp-print-mgmt to the IP address of the

HP Security Manager server, when HP Security Manager is the Primary Listener.

When the device announcement agent is activated on a compatible printer, the HP device announcement agent

looks for a host with the DNS hostname of hp-print-mgmt. If found, the device announces itself directly

to HP Security Manager. If Accept Device Announcements is enabled and the device passes the minimum

authentication requirements, the device is automatically added to HP Security Manager.

HINWEIS: A device is not added to HP Security Manager if it fails the minimum authentication required for the

assessment.

When the device announcement agent is enabled, it announces itself to the HP Security Manager server in the

following situations:

● When the device is turned on.

● When a cold reset is performed on the device.

● When the IP stack comes up (for example, after a network conguration change).

● When the conguration server IP address changes (use this if a DNS entry cannot be used).

Kapitel 3 Einrichten von Security Manager

● When the HP Device Announcement Agent feature is enabled using the check box in the device

HP Embedded Web Server or the device control panel.

● FutureSmart 4 devices announce their presence every 48 hours.

When Accept Device Announcements is enabled, each device that passes the authentication is assigned a device

license from the license pool.

Follow these steps to set up Instant-On Security:

HINWEIS: The Instant-On Security feature might fail, if IPsec, Windows rewall, or other rewalls does not

allow communication with HP Security Manager using port 3329.

1. To activate Instant-On Security and automatic remediation, request the site administrator to add an entry in

the corporate DNS server that points hp-print-mgmt to the IP address of the HP Security Manager server.

2. Enable communication with port 3329.

a. Click the Settings menu icon ( ), and then select the Settings option.

b. In the left navigation pane, select Instant-On Security.

c. Select the Accept Device Announcements check box, and then click OK in the conrmation dialog box

to enable communication with port 3329.

3. Determine if Security Manager should be the Primary Listener or Secondary Listener.

● If HP Security Manager is set as the Primary Listener, follow these steps to add information of the

Secondary Listener:

HINWEIS: Only ve Secondary Listeners are allowed. This value can be altered in the conguration

le “maxSecondaryListeners”. After updating the conguration, it is required to restart the Service and

IIS.

HINWEIS: HP Web Jetadmin can only be set as a Secondary Listener. Security Manager and HP

JetAdvantage Connector can be set as a Primary or Secondary Listener.

a. Click New, and then type the IP Address or Hostname and Description.

b. If required , select the Validate the Identity Certicate before sending Device announcement

message to the Listener check box.

c. To modify a Secondary Listener, select the row in the Secondary Listeners table, and click Edit.

d. To delete a Secondary Listener, select the row in the Secondary Listeners table, and click Delete.

● If HP Security Manager is set as the Secondary Listener, follow these steps to select one of the

following server certicates to use for authentication and validation by the Primary Listener:

– Self-Signed

– CA-Signed

Set up Instant On Security

4. Select an Authentication method for the Primary and Secondary Listener. The default option is No

Authentication (Out of the Box).

● If authentication is not required, select No Authentication (Out of the Box).

HINWEIS: This is the simplest authentication method because HP Security Manager automatically

congures devices to be compliant with the security policy when they are taken out of the box and

connected to the network. This method also works on devices when a cold reset is performed because

no authentication is required for auto discovery, assessment, and remediation.

● For the highest authentication level, select Mutual Authentication, click Select Certicate, select a

certicate from the list of certicates found on the HP Security Manager server, and then click Select.

HINWEIS: Optionally, you can use HP Security Manager to manage the identity certicates on the HP

Security Manager server and the devices.

HINWEIS: This authentication method is most secure as it requires certicates to be congured on the

device and in HP Security Manager. This enables the HP Security Manager server and the device to

verify that the certicate for the other is valid. When the IP address of a device changes or a cold reset

is performed, the device and the HP Security Manager server communicate using the secure socket

layer (SSL) to validate certicates before an automatic remediation occurs. The certicates must be

valid identity certicates signed by a trusted certicate authority and installed on the HP Security

Manager server and each device. Each device must be set to require mutual authentication using

certicates during a pre-staging process.

5. To restrict and control the devices entering HP Security Manager, select the Use Device Serial Number List

check box, and then click Add Device Serial Number(s).

6. Select one of the following methods to add serial numbers on the Add Device Serial Number(s) window:

HINWEIS: Security Manager uses the list of serial numbers to accept a device the rst time, and then

automatically removes the serial number from the list. It recognizes all future announcements by that

device as a valid device.

● Type the printer’s serial number in the Device Serial Number text box, and then click Add to list.

● Click Add from le, locate the xml or text le from your le browser, open the le in Security Manager,

and then click Add.

7. Create a valid policy from the Policies page.

For instructions, see Create a policy auf Seite 17

HINWEIS: You must create a valid initial policy to use with Automatic Remediation.

8. Select the Allow Automatic Remediation check box to activate automatic remediation.

HINWEIS: If Allow Automatic Remediation is enabled, an automatic assessment/ remediation of the

device occurs.

9. Select a policy from the Initial Assessment Policy drop-down list to ensure new devices are compatible with

the requirement.

HINWEIS: The valid policies are sorted in the list from the oldest to newest policy. This policy is used for

newly announced devices and ensures that the device is fully compliant with the requirements. The selected

Kapitel 3 Einrichten von Security Manager

Initial Assessment Policy is always used one time for the initial remediation. After the initial assessment, HP

Security Manager uses the most recently applied policy.

HINWEIS: If the policies are not valid, a “No valid policies” message displays in the Initial Assessment

Policy text box and the Save button is disabled.

10. Click Save to save the entries.

HINWEIS: If HP JetAdvantage Security Manager service is not running, the HP Security Manager application

will not save the entries, and display an error message.

After conguring the Instant-On Security settings, devices powered on will automatically populate and remediate

in HP Security Manager.

Devices automatically discovered display in the Instant-On Auto Discovered column in the Devices page.

Congure

the email server settings

Use the Automated Email setting option to congure the email server to authenticate and send email

notications when scheduled tasks are completed.

Follow these steps to congure email server settings:

1. Melden Sie sich bei HP Security Manager an, wählen Sie das Menüsymbol Einstellungen ( ) und dann die

Option Einstellungen.

2. On the left navigation pane, click Automated Email.

3. In the E-mail Server Settings section, type the information required to identify the email server.

● SMTP Server – Contains the hostname or IP address of the email server.

● Port – Contains the network port to use to contact the email server.

HINWEIS: By default, the network port is set to 25.

● Enable SSL – Enables or disables the use of SSL when working with the email server.

HINWEIS: By default, this option is set to enabled.

● Specify Credentials – Species whether user credentials are required. If enabled, then the Username,

Password, and Domain text boxes are available.

– Username – The name used to log in to the SMTP (email) server.

– Password – The password used to log in to the SMTP server. The characters are encrypted when

typed.

– Domain (Optional) – The username is often related to a domain. If so, then the domain is required

to qualify the username.

4. In the Automatic Email Notication Settings, type the information required.

● Email Subject – The subject used in the email that is sent.

● Recipient(s) – An email addresses of one or more recipient.

Congure

the email server settings

If more than one addresses are specied, use a space, comma, or semicolon to separate the addresses.

HINWEIS: If an email address is incorrect, tasks will run for a longer time and fail.

● From Address – The email address used for the sender in the message.

5. Send a test email.

a. Click Send Test E-mail to make sure that the server and the congured settings are correct.

b. Check your email for the test email.

6. Click Save.

Click Yes to conrm the changes to the settings in the conrmation dialog box.

Set up global credentials

Global credentials are used as part of the device verication process when performing tasks which include device

discovery, verifying devices, assess only, assess and remediate of a device and setting the Instant-On Security

feature.

Use the Global Credentials feature to set global credentials for all existing devices and custom groups.

When verifying devices, HP Security Manager rst attempts to check the assigned device credentials for a device.

If the verication fails with device credentials, it checks the device’s default credentials. If the default credentials

verication fails, it veries the device with the global credentials.

HINWEIS: The device, default, and global credentials are also applicable for Assess Only and Assess and

Remediate policies on a device.

Follow these steps to set up the Global Credentials:

1. Melden Sie sich bei HP Security Manager an, wählen Sie das Menüsymbol Einstellungen ( ) und dann die

Option Einstellungen.

2. On the left navigation pane, click Global Credentials.

3. On the SNMP Credentials section, complete the following steps to set the SNMPv1/v2 Read, Read/Write

or/and SNMPv3 credentials:

a. Select the Get Community Name check box, type the SNMP v1/v2 Get (e.g. Read) Community name in

the rst text box, and then type the name again in the second text box to conrm.

b. Select the Set Community Name check box, type the SNMP v1/v2 Set (e.g. Read/ Write) Community

name in the rst text box, and then type the name again in the second text box to conrm.

4. Festlegen der allgemeinen SNMP v3-Anmeldedaten:

a. Markieren Sie das Kontrollkästchen neben v3-Anmeldedaten festlegen.

b. Geben Sie den SNMP-Namen in das Textfeld Benutzername ein.

c. Geben Sie die Authentizierungspassphrase ein und geben Sie dann die Passphrase zur Bestätigung

erneut ein.

d. Wählen Sie das Authentizierungsprotokoll (MD5 oder SHA).

Kapitel 3 Einrichten von Security Manager

e. Geben Sie die Datenschutzpassphrase ein und geben Sie dann die Passphrase zur Bestätigung erneut

ein.

HINWEIS: Wenn das Gerät Schlüsselanmeldedaten benötigt, konvertiert Security Manager die

Passphrase automatisch.

f. Wählen Sie das Datenschutzprotokoll (DES oder AES).

5. On the Other Credentials section, complete the tasks to set up the credentials.

a. Select Set Admin (EWS) Password, type the administrative password set in the HP Embedded Web

Server, and then type the password again to conrm.

b. Select Set Domain Credentials, type the Windows domain username, password, and then type the

password again to conrm.

For the Windows domain user name, use the following format: Fully Qualified Domain

Name\Username.

HINWEIS: If the Domain Credentials is set, it will be used for authentication and authorization with

the device instead of the HP EWS password which will be used only for remediating admin (EWS)

Password policy item.

c. Select the Set File System Password check box, type the password for the le system on the device,

and then type the password again to conrm.

d. Select the Set PJL Password check box, type the password for the Printer Job Language on the device,

and then type the password again to conrm.

e. Select the Set Bootloader Password check box, type the password for the bootloader on the device,

and then type the password again to conrm.

6. Click Save.

Set up global credentials

16 Kapitel 3 Einrichten von Security Manager

Seite laden ...

HP JetAdvantage Security Manager 10 Device E-LTU Benutzerhandbuch

Marke: HP

Modell: JetAdvantage Security Manager 10 Device E-LTU

Typ: Benutzerhandbuch

Dieses Handbuch ist auch geeignet für

JetAdvantage Security Manager 250 Device E-LTU

PDF Herunterladen

Bericht

in anderen Sprachen

English: HP JetAdvantage Security Manager 10 Device E-LTU User guide

HP JetAdvantage Security Manager 10 Device E-LTU Benutzerhandbuch

Dieses Handbuch ist auch geeignet für

HP JetAdvantage Security Manager 10 Device E-LTU Benutzerhandbuch

in anderen Sprachen

Verwandte Papiere

Sonstige Unterlagen