Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

SUSE Linux Enterprise Server (SLES 10) Installation and Administration
Previous Page Home Next Page

9.1 Setting Up OpenWBEM

To set up OpenWBEM, select the Web-Based Enterprise Management software selection or pattern in YaST when you install SUSE Linux Enterprise Server or select it as a component to install on a server that is already running SUSE Linux Enterprise Server. This software selection includes the following packages:

  • cim-schema, Common Information Model (CIM) Schema: This package contains the Common Information Model (CIM). CIM is a model for describing overall management information in a network or enterprise environment. CIM consists of a specification and a schema. The specification defines the details for integration with other management models. The schema provides the actual model descriptions.

  • openwbem, Web Based Enterprise Management (WBEM) Implementation: This package contains an implementation of OpenWBEM. OpenWBEM is a set of software components that help facilitate the deployment of the Distributed Management Task Force (DMTF) CIM and WBEM technologies. If you are not familiar with the DMTF and its technologies, you can visit the DMTF Web site.

  • openwbem-base-providers: This package contains a Novell Linux instrumentation of base operating system components such as computer, system, operating system, and processes for the OpenWBEM CIMOM.

  • openwbem-smash-providers: This package contains a Novell Linux instrumentation of the Systems Management Architecture for Server Hardware (SMASH) providers for the OpenWBEM CIMOM.

  • yast2-cim, YaST2 - CIM Bindings: This package adds CIM bindings to YaST2 (YaST2 is the Graphical User Interface of the SUSE System Tools Manager). These bindings provide a client interface to the Common Information Model Object Manager (CIMOM).

This section includes the following information:

9.1.1 Starting, Stopping, or Checking Status for owcimomd

When Web-Based Enterprise Management software is installed, the daemon, owcimomd, is started by default. The following table explains how to start, stop, and check status for owcimomd.

Table 9-1 Commands for Managing owcimomd

Task

Linux Command

Start owcimomd

As root in a console shell, enter rcowcimomd start.

Stop owcimomd

As root in a console shell, enter rcowcimomd stop.

Check owcimomd status

As root in a console shell, enter rcowcimomd status.

9.1.2 Ensuring Secure Access

The default setup of OpenWBEM is relatively secure. However, you might want to review the following to ensure access to OpenWBEM components is as secure as desired for your organization.

Certificates

Secure Socket Layers (SSL) transports require a certificate for secure communications to occur. When OES is installed, OpenWBEM has a self-signed certificate generated for it.

If desired, you can replace the path for the default certificate with a path to a commercial certificate that you have purchased or with a different certificate that you have generated in the http_server.SSL_cert = path_filename setting in the openwbem.conf file.

The default generated certificate is in the following location:

/etc/openwbem/servercert.pem

If you want to generate a new certificate, use the following command. Running this command replaces the current certificate, so Novell recommends making a copy of the old certificate before generating a new one.

As root in a console shell, enter sh/etc/openwbem/owgencert.

If you want to change the certificate that OpenWBEM uses, see Section 9.2.2, Changing the Certificate Configuration.

Ports

OpenWBEM is configured by default to accept all communications through a secure port, 5989. The following table explains the port communication setup and recommended configuration.

Table 9-2 Port Communication Setup and Recommended Configurations

Port

Type

Notes and Recommendations

5989

Secure

The secure port that OpenWBEM communications use via HTTPS services.

This is the default configuration.

With this setting, all communications between the CIMOM and client applications are encrypted when sent over the Internet between servers and workstations. Users must authenticate through the client application to view this information.

Novell recommends that you maintain this setting in the configuration file.

In order for the OpenWBEM CIMOM to communicate with the necessary applications, this port must be open in routers and firewalls if they are present between the client application and the nodes being monitored.

5988

Unsecure

The unsecure port that OpenWBEM communications use via HTTP services.

This setting is disabled by default.

With this setting, all communications between the CIMOM and client applications are open for review when sent over the Internet between servers and workstations by anyone without any authentication.

Novell recommends that you use this setting only when attempting to debug a problem with the CIMOM. As soon as the problem is resolved, set the non-secure port option back to Disabled.

In order for the OpenWBEM CIMOM to communicate with the necessary applications that require non-secure access, this port must be open in routers and firewalls if they are present between the client application and the nodes being monitored.

If you want to change the default port assignments, see Section 9.2.3, Changing the Port Configuration.

Authentication

The following authentication settings are set and enabled as the default for OpenWBEM in SUSE Linux Enterprise Server.

You can change any of the default settings. See Section 9.2.1, Changing the Authentication Configuration.

  • http_server.allow_local_authentication = true

  • http_server.ssl_client_verification = disabled

  • http_server.use_digest = false

  • owcimomd.allow_anonymous = false

  • owcimomd.allowed_users = root

  • owcimomd.authentication_module = /usr/lib/openwbem/authentication/libpamauthentication.so

The OpenWBEM CIMOM is PAM enabled by default; therefore the local root user can authenticate to the OpenWBEM CIMOM with local root user credentials.

9.1.3 Setting Up Logging

You can change any of the default settings. For more information, see Section 9.2.4, Changing the Default Logging Configuration.

By default, logging for OpenWBEM is set up as follows.

  • log.main.components = *

  • log.main.level = ERROR

  • log.main.type = syslog

This means that owcimomd logging is set up to go to the /var/log/messages file or to other files depending on the configuration of syslogd. It logs all errors for all components (owcimomd).

SUSE Linux Enterprise Server (SLES 10) Installation and Administration
Previous Page Home Next Page

 
 
  Published Courtesy of Novell, Inc. Design by Interspire