HP JetAdvantage Security Manager 250 Device E-LTU User guide

HP JetAdvantage Security Manager -

User Guide

SUMMARY

HP JetAdvantage Security Manager is a security compliance solution to create a security policy that assesses and monitors

the security settings for a eet of HP products.

Legal information

Copyright and License

L.P.

Reproduction, adaptation, or translation without

prior written permission is prohibited, except as

allowed under the copyright laws.

The information contained herein is subject to

change without notice.

The only warranties for HP products and

services are set forth in the express warranty

statements accompanying such products and

services. Nothing herein should be construed

as constituting an additional warranty. HP shall

not be liable for technical or editorial errors or

omissions contained herein.

Applicable product: J8023AA

Edition 16.0, 12/2020 (version 4.0)

Trademark Credits

Microsoft®, Windows®, and Windows Server®

are U.S. registered trademarks of Microsoft

Corporation.

Adobe

®

, Acrobat

®

, and PostScript

®

are

trademarks of Adobe Systems Incorporated.

VMware® is a registered trademark of VMware,

Inc.

Table of contents

1 Introduction .................................................................................................................................................................................................1

2 Getting started with Security Manager....................................................................................................................................................3

Access the Security Manager application ...........................................................................................................................................3

Features of the Security Manager .......................................................................................................................................................3

Common controls and notications ....................................................................................................................................................5

What you must provide .........................................................................................................................................................................6

3 Setting up Security Manager.....................................................................................................................................................................7

Congure the Security Manager settings ...........................................................................................................................................7

Congure General settings ...................................................................................................................................................................7

Install licenses.........................................................................................................................................................................................8

Set up Instant On Security ................................................................................................................................................................. 10

Congure the email server settings ................................................................................................................................................. 13

Set up global credentials.................................................................................................................................................................... 14

4 Create a security policy........................................................................................................................................................................... 17

Policies page navigation..................................................................................................................................................................... 17

Create a policy ..................................................................................................................................................................................... 17

Edit a policy .......................................................................................................................................................................................... 18

Policy editor icons ...................................................................................................................................................................... 19

Set severity, remediation, and unsupported behavior to policy items in Quick Settings ............................................... 19

Set policy options for a single item ................................................................................................................................ 20

Set policy options for all the items or for a category .................................................................................................. 21

Set policy options for Firmware Security Assessment Reporting ............................................................................ 21

Export and Import policies................................................................................................................................................................. 21

Export a policy ............................................................................................................................................................................ 22

Import a policy............................................................................................................................................................................ 22

5 Using Security Manager .......................................................................................................................................................................... 23

Add and edit device information....................................................................................................................................................... 23

Create a group............................................................................................................................................................................. 23

Create a Manual Group ..................................................................................................................................................... 23

Create an Automatic Group.............................................................................................................................................. 24

Discover devices ......................................................................................................................................................................... 25

iii

Use Automatic Discovery to add or modify devices to a group ................................................................................. 25

Use Manual Discovery to add or modify devices to a group....................................................................................... 26

Edit a discovery task ......................................................................................................................................................... 27

Devices page navigation............................................................................................................................................................ 27

Export device details.................................................................................................................................................................. 28

Edit device and group information .......................................................................................................................................... 29

Manage Groups.................................................................................................................................................................. 29

Add, remove, or delete a device from a group.............................................................................................................. 30

Assign a license manually ................................................................................................................................................ 31

Set device credentials....................................................................................................................................................... 32

Set SSL/TLS enforcement................................................................................................................................................ 33

Assess and remediate ........................................................................................................................................................................ 34

Run or Schedule an assessment or remediation .................................................................................................................. 34

Task page navigation ................................................................................................................................................................. 35

Modify a task............................................................................................................................................................................... 36

Start a task ......................................................................................................................................................................... 36

Edit a task ........................................................................................................................................................................... 36

Delete a task....................................................................................................................................................................... 37

View assessment results........................................................................................................................................................... 37

View results from the Devices page ............................................................................................................................... 37

View results from the Reports page............................................................................................................................... 37

Setup alert subscriptions ................................................................................................................................................................... 38

Alert (subscriptions) page navigation...................................................................................................................................... 38

Create an alert subscription...................................................................................................................................................... 38

Edit, rename, or delete an alert subscription......................................................................................................................... 39

Run reports .......................................................................................................................................................................................... 40

Export and Schedule reports............................................................................................................................................................. 40

Generate reports and instantly export the reports .............................................................................................................. 40

Create a schedule to export reports........................................................................................................................................ 41

Edit or delete a created schedule............................................................................................................................................. 42

Export reports to customized locations ................................................................................................................................. 42

6 Use the HP Security Manager certicate management solution ..................................................................................................... 45

7 Network port assignments .................................................................................................................................................................... 47

8 Legal statements..................................................................................................................................................................................... 49

End User License Agreement ............................................................................................................................................................ 49

Copyrights ............................................................................................................................................................................................ 52

log4net license............................................................................................................................................................................ 52

nhibernate license...................................................................................................................................................................... 54

Appendix A Use the HP Security Manager certicate management solution.................................................................................... 61

Appendix B Network port assignments................................................................................................................................................... 63

Appendix C Legal statements ................................................................................................................................................................... 65

End User License Agreement ............................................................................................................................................................ 65

Copyrights ............................................................................................................................................................................................ 68

log4net license............................................................................................................................................................................ 68

iv

nhibernate license...................................................................................................................................................................... 70

v

vi

Introduction1

HP JetAdvantage Security Manager (HP Security Manager) is a security compliance solution for a eet of HP

products. It enables administrators to create a security policy to reduce network risks and monitor security for a

eet of printers.

The key benets of using Security Manager are the following:

● Easily and quickly create device security policies. Intelligent prompts guide you through the process by

providing advice and recommendations as you congure the policy.

● Add device IP addresses or hostnames using the following methods:

– Import a text or XML le that contains the device information.

– Automatically or manually discover devices.

● Automatically assess/remediate devices when they are rst connected to the network using the Security

Manager Instant-On Security feature and allowing automatic remediation.

● Create a schedule to run assessments or assess/remediate devices at preset intervals.

To learn more about HP Security Manager see the following topics:

● Getting started with Security Manager on page 3

● Setting up Security Manager on page 7

● Using Security Manager on page 23

Introduction 1

2 Chapter 1 Introduction

Getting started with Security Manager2

Security Manager version 3.4 is a web-based application supported by the following browsers:

● Internet Explorer (IE) 11 or newer

● Edge 79 or newer (Chromium based)

● Chrome 60 or newer versions.

To view the main topics in HP Security Manager Home page, see Introduction on page 1

The following sections will help you to get started with HP Security Manager:

Access the Security Manager application

Follow these steps to log into Security Manager:

1. Install HP Security Manager.

NOTE: For HP Security Manager installation instructions, see the HP JetAdvantage Security Manager

Installation and Setup Guide.

2. Make sure you have a supported web browser, and then open HP JetAdvantage Security Manager.

3. Make sure to add the user name to any of the following HPIPSC group for remote access to the web service:

● HPIPSC

● HPIPSC_Guest

● HPIPSC_Analyst

4. Type your username (Domain\username), password, and then click Login.

NOTE: If the login operation fails, HP Security Manager displays an error notication message. A maximum

of 5 invalid password attempts will lock the account for 30 minutes.

Features of the Security Manager

The HP Security Manager features are always present on the top menu tabs, providing a user to easily access

each function.

The top menu tabs include:

Getting started with Security Manager

3

● Dashboard

The Dashboard tab is the default page that displays after a successful login. It provides a graphical overview

of the device eet in the following tabs:

– Current Fleet Status: Displays the current devices in the eet and provides the following information:

○ Number of devices: The total number of devices in the eet and the number of licensed and

unlicensed devices.

○ The number of licenses for the devices.

○ Assessment status of the devices.

○ Not assessed status of the devices.

○ The number of days remaining for license to Expire.

– Historical Fleet Status: Displays the history of the devices in the eet depending on the number of

days selected in the Last Day(s) edit box. The Show data percentage option displays the percentage or

number in the report.

NOTE: The maximum selection for the number of days in the Last Day(s) edit box is “90”.

Depending on the range selected, it provides a comparative study of the rst and last date on the range

for the total number of devices, the assessment status, and not assessed status of devices.

NOTE: To select the rst date of the range, click on the bar graph. The last day of the range is usually

the current date.

● Policies

The Policies tab displays information of the number of policies and the status for each policy (valid, invalid,

or new). It allows you to create, edit, and import policies.

● Devices

The Devices tab displays information of the number of devices on the network, device identity information

(IP address, hostname, and model name), whether a device is supported, whether a license is assigned, date

assessed, most recent policy name used, and a group name associated with a device. Icons indicate whether

the device passed the assessment and the device status.

Use the Devices tab to perform the following tasks:

– Create a group to associate devices to the group and manage these groups.

– Discover devices connected to the network and add them to a group.

– Create a task to assess or assess and remediate a group of devices.

– Assign licenses, set credentials and verify devices.

● Tasks

The Tasks tab displays information of the status of tasks (completed, in progress, or scheduled), name and

type of a task, associated policy, group name, and the schedule of the tasks (the task last ran and the task

schedule to run). It provides options to create and schedule new assessment /remediation tasks. You can

schedule a task to run once or to repeat as necessary, such as daily, weekly, or monthly.

4

Chapter 2 Getting started with Security Manager

Use the New Task icon from the Policies, Devices, or Tasks tabs to create a new task, and then view the

assessments /remediations of devices in the Task tab.

● Alerts

The Alerts tab allows a user to create alerts based on set conditions for device groups and receive

notications.

Use the Alert icon to create alerts from the Devices or Alerts tabs to receive notication.

NOTE: To receive alert notications, make sure to set the SMTP Server in the Automated Email settings.

● Reports

The Reports tab provides options to run reports that display information about devices, policies, and

assessments.

Use the Executive Summary report in the Reports tab to review recommendations and device status. For

more information about the various reports (Devices assessed, Devices not assessed, Policy items assessed,

Recommendations, and Remediations), see, Run reports on page 40.

● Settings icon ( )

Displays the following options:

– Settings: Allows you to congure global settings.

– About HPSM: Displays a graphical overview of the software.

– Help: Provides information and instructions for HP Security Manager.

– Help (whitepapers): Displays list of Whitepaper links with additional Help information.

● Prole icon ( )

Displays the username (role assigned to a user), and a Logout button.

Security Manager assigns the following roles to users:

– Administrator: Enables a user to access all features and perform all operations in Security Manager.

– Analyst: Enables a user to access all features but perform limited operations in Security Manager. This

includes disabling the My Preferences and General options in Settings.

– Guest: Enables a user to only view the Dashboard and Reports tabs, it does not allow any interactive

operation.

NOTE: By default, the domain user account used for installing HP Security Manager is the administrator. To

add additional users, the administrator will add the domain user to an appropriate group based on a specic

role.

Common controls and

notications

This section provides the controls and notications consistent across all tabs in HP Security Manager.

Common controls in the Devices, Policies and Tasks list panel

●

Common controls and

notications 5

– Filter - Sorts or lters the contents displayed in a list panel based on lter criteria. The available lter

options depend upon the active columns. Filter options will only appear if the corresponding columns (IP

address, Assessment Status, Supported, Licensed, Group Membership, or Device Status) are displayed.

– Search - Searches for strings in the list panel.

– Sort — Allows every column in the device list panel to be sorted. Click the arrow next to a column

heading to sort the column. To change the order of the columns, you can drag and drop the columns.

Common notication types

NOTE: All notications are dismissed after ve seconds.

●

– Success message: A message displays in a green slide out for a successful operation.

– Information message: A message displays in a blue slide when the system provides information of the

operation.

– Failure message: A message displays in a red slide out for a failed operation.

What you must provide

The following are the basic requirements to use HP Security Manager:

● A supported Microsoft Windows computer.

The following Microsoft Windows 64-bit operating systems are supported:

– Windows Server 2019, 2016, 2012, 2012 R2 and 2008 R2.

– Windows 10, 8.1, and 8.

● HP Security Manager is supported in a VMware environment.

Requirements: Microsoft Windows Server 2012 R2 or later (64-bit versions) is a compatible guest operating

system in VMware ESX and ESXi versions 4.0 Update 4 or later.

● A supported HP device (printer, MFP, digital sender, or a supported Zebra device).

For a current list of supported HP devices, go to www.hp.com/go/SecurityManager.

● The latest HP device rmware version.

HP recommends that you install the latest rmware version to ensure that the devices contain the latest

security updates and features. For rmware upgrade instructions, see the setup or user guides provided with

the device.

● The latest HP JetDirect rmware version.

HP JetDirect cards require rmware version 40.xx or newer. For rmware upgrade instructions, see the

set up or use guides provided with the HP JetDirect. For products with embedded NIC's, it's always

recommended to use the latest rmware.

6

Chapter 2 Getting started with Security Manager

Setting up Security Manager3

Use the instructions in this section to set up the Security Manager settings.

Congure

the Security Manager settings

Learn how to congure HP Security Manager settings.

1. Log in to HP Security Manager and select the Settings menu icon ( ), and then select the Settings option.

2. In the left navigation pane, select one of the following menus to congure the settings:

● My Preferences - To select the Time Format (12 or 24 hours)

● General - To congure device remediation and hostname resolution settings.

● Licenses - To install Security Manager licenses.

● Instant-On Security - To discover and congure devices when they are rst connected to the network.

● Automated Email - To set up email settings and notify recipients.

● Global Credentials - To set up global credentials to verify device credentials.

● Service Integration - To set up integration with Qualys.

To view the main topics in HP Security Manager Home page, see Introduction on page 1

Congure

General settings

HP recommends verifying the global remediation setting that controls whether an out-of-compliance device is

remediated (corrected) during the assessment process.

NOTE: To control how individual out-of-compliance policy items are processed during remediation, use the

policy's Quick Settings (Policy). For more information, see Set severity, remediation, and unsupported behavior

to policy items in Quick Settings on page 19.

NOTE: HP Security Manager resolves IP addresses to hostnames only during the initial discovery. To resolve IP

addresses to hostnames at a later time, delete the device, and then add the device again.

Follow these steps to set the device remediation and hostname resolution option:

1. Log in to HP Security Manager and select the Settings menu icon ( ), and then select the Settings option.

Setting up Security Manager

7

2. On the left navigation pane, in the General menu, select the appropriate remediation option for devices:

● Enable device remediation (Remediate and Report) - This is the default option selected and enables to

remediate out-of-compliance devices.

● Disable device remediation (Report Only) - Select this option to disable remediation.

NOTE: To prevent accidental changes to devices on the network, disable device remediation. When

this option is selected, the setting applies to all policies and takes precedence over an individual policy's

advanced remediation settings (Quick Settings (Policy)).

3. In the Hostname Resolution section, enable or disable the Resolve IP addresses to hostnames when devices

are added option.

NOTE: This option is enabled by default and allows HP Security Manager to resolve IP addresses to

hostnames when devices are added. When set to enabled, this option requires that the DNS entry functions

in both directions. Otherwise, the device import fails, and the hostname will not be added during discovery.

To disable the option, select to clear the check box.

4. In the Repetitive Remediation Report section, enable or disable the Enable Reporting option.

By default, this option is disabled. When enabled, it reports devices that are continually out-of-compliance

and has the following reporting features:

● Remediation Threshold: Type the number of remediation attempts for devices that are reported

continually out-of-compliance.

● Renew Reporting: Select the time period (month, start date, and type in a start time) to reset the

remediation attempts count for devices.

NOTE: Repetitive Remediation Report is renewed instantly for an elapsed start date and time.

5. In the Device Assessment History section, enable or disable the Enable Reporting option. By default, this

option is set to enabled and allows to set Save Assessment data.

6. Select an option under the Remove historical data section to remove Recommendation and Remediation

data older than specied days to free up disk space.

NOTE: The latest report will not be removed.

7. Click Save.

NOTE: If the default selections have not been changed, the Save button will remain disabled.

Install licenses

Licenses are provided using a license

le. To create a policy, or to assess and remediate the devices on the

network, install a HP Security Manager device license. Without a device license, all other actions are available,

such as sorting, ltering, and verifying.

NOTE: HP Security Manager is installed with a demonstration license that allows a limited assessment for up

to 50 devices. Only a demonstration policy is available for use and the Policy Editor is limited to a few items.

This license is overridden when a trial or full license is installed. Contact your HP representative for more

information.

8

Chapter 3 Setting up Security Manager

NOTE: If HP JetAdvantage Security Manager service is not running, an error message will display on the HP

Security Manager application.

The purchase of HP Security Manager should include device licenses.

● Licenses are node locked using the HPSM's server MAC address.

● After licenses are installed, devices are automatically licensed when the following actions occur:

– when adding devices using a text or xml le. For more information, see Use Manual Discovery to add or

modify devices to a group on page 26.

– when discovering devices using the Instant-On Security feature. For more information, see Set up

Instant On Security on page 10.

● If there are insuicient licenses available during an import, the devices are added but not licensed. For

devices that are not licensed, add licenses in the Settings page, and then use the Assign Licenses icon

located in the device toolbar in the Devices page.

NOTE: To reduce the risk of depleting all the licenses, make sure that there are enough licenses before

importing.

● To return licenses to the license pool, delete the licensed device.

NOTE: Deleting a licensed device removes that device's historical data.

License Settings

The License Expiry Threshold text box is for temporary licenses and allows a user to set up a notication of the

number of days before a license expires.

Follow these steps to install licenses or add additional licenses:

1. Log in to HP Security Manager and select the Settings menu icon ( ), and then select the Settings option.

2. On the left navigation pane, click Licenses.

3. Click Add Licenses.

4. Locate where the license le (.lic) is stored in the le browser and double-click to open the le.

HP Security Manager reads the license le and updates the Settings page with the available licenses and

expiration information.

This includes the number of days remaining before the license expires. A license warning message will

display before the license expires.

If an error displays, the causes are:

● HP Security Manager cannot connect to the license server.

● HP Security Manager tried to update a demonstration license. A new demonstration license will not

override an existing demonstration license.

● HP Security Manager tried to install a demonstration license when a normal license is currently

installed.

● HP Security Manager tried to install the same license le.

● HP Security Manager tried to install a corrupted or invalid license le.

Install licenses

9

5. Click View License Details to open the Individual License Details window. It contains details about the

Individual license.

NOTE: If there is mismatch in the license reported via dierent Flexera APIs then an extra Note is shown in

Individual License Details window reporting this inaccuracy in license count.

6. In the License Expiry Threshold text box, type a number from 7 to 60.

NOTE: Depending on the number of days congured, the application will display a license warning

message after a user logs into the application. This message will provide information of the number of days

remaining when the license expires.

Set up Instant On Security

HP Enterprise printers running the latest

rmware version use the Instant-On Security and the HP Device

Announcement Agent features to automatically announce their presence to HP Security Manager when they are

rst connected to the network.

To discover and congure devices across applications like HP Security Manager, HP Web Jetadmin and HP

JetAdvantage Connector (JAMC), congure the Primary Listener and the Secondary Listener options. The “Device

Announcement Agent (DAA) server” is called the Primary Listener. The work of the Primary Listener is to route

devices to the Secondary Listener. HP Security Manager is a primary or secondary listener and HP Web Jetadmin

can only be a secondary listener.

NOTE: Automatic assessment/ remediation of newly discovered devices requires a device license and a valid

initial assessment policy.

NOTE: To implement Instant-On Security, the device must support HP Device Announcement Agent.

For a list of devices that include HP Device Announcement Agent, go to www.hp.com/go/SecurityManager.

Automatic discovery requires that the Accept Device Announcements feature is enabled (disabled by default) and

the device's HP Device Announcement Agent feature is enabled (enabled by default). In addition, the corporate

DNS server must be congured with an entry that points the hostname hp-print-mgmt to the IP address of the

HP Security Manager server, when HP Security Manager is the Primary Listener.

When the device announcement agent is activated on a compatible printer, the HP device announcement agent

looks for a host with the DNS hostname of hp-print-mgmt. If found, the device announces itself directly

to HP Security Manager. If Accept Device Announcements is enabled and the device passes the minimum

authentication requirements, the device is automatically added to HP Security Manager.

NOTE: A device is not added to HP Security Manager if it fails the minimum authentication required for the

assessment.

When the device announcement agent is enabled, it announces itself to the HP Security Manager server in the

following situations:

● When the device is turned on.

● When a cold reset is performed on the device.

● When the IP stack comes up (for example, after a network conguration change).

● When the conguration server IP address changes (use this if a DNS entry cannot be used).

10

Chapter 3 Setting up Security Manager

● When the HP Device Announcement Agent feature is enabled using the check box in the device

HP Embedded Web Server or the device control panel.

● FutureSmart 4 devices announce their presence every 48 hours.

When Accept Device Announcements is enabled, each device that passes the authentication is assigned a device

license from the license pool.

Follow these steps to set up Instant-On Security:

NOTE: The Instant-On Security feature might fail, if IPsec, Windows rewall, or other rewalls does not allow

communication with HP Security Manager using port 3329.

1. To activate Instant-On Security and automatic remediation, request the site administrator to add an entry in

the corporate DNS server that points hp-print-mgmt to the IP address of the HP Security Manager server.

2. Enable communication with port 3329.

a. Click the Settings menu icon ( ), and then select the Settings option.

b. In the left navigation pane, select Instant-On Security.

c. Select the Accept Device Announcements check box, and then click OK in the conrmation dialog box

to enable communication with port 3329.

3. Determine if Security Manager should be the Primary Listener or Secondary Listener.

● If HP Security Manager is set as the Primary Listener, follow these steps to add information of the

Secondary Listener:

NOTE: Only ve Secondary Listeners are allowed. This value can be altered in the conguration le

“maxSecondaryListeners”. After updating the conguration, it is required to restart the Service and IIS.

NOTE: HP Web Jetadmin can only be set as a Secondary Listener. Security Manager and HP

JetAdvantage Connector can be set as a Primary or Secondary Listener.

a. Click New, and then type the IP Address or Hostname and Description.

b. If required , select the Validate the Identity Certicate before sending Device announcement

message to the Listener check box.

c. To modify a Secondary Listener, select the row in the Secondary Listeners table, and click Edit.

d. To delete a Secondary Listener, select the row in the Secondary Listeners table, and click Delete.

● If HP Security Manager is set as the Secondary Listener, follow these steps to select one of the

following server certicates to use for authentication and validation by the Primary Listener:

– Self-Signed

– CA-Signed

4. Select an Authentication method for the Primary and Secondary Listener. The default option is No

Authentication (Out of the Box).

● If authentication is not required, select No Authentication (Out of the Box).

NOTE: This is the simplest authentication method because HP Security Manager automatically

congures devices to be compliant with the security policy when they are taken out of the box and

Set up Instant On Security

11

connected to the network. This method also works on devices when a cold reset is performed because

no authentication is required for auto discovery, assessment, and remediation.

● For the highest authentication level, select Mutual Authentication, click Select Certicate, select a

certicate from the list of certicates found on the HP Security Manager server, and then click Select.

NOTE: Optionally, you can use HP Security Manager to manage the identity certicates on the HP

Security Manager server and the devices.

NOTE: This authentication method is most secure as it requires certicates to be congured on the

device and in HP Security Manager. This enables the HP Security Manager server and the device to

verify that the

certicate for the other is valid. When the IP address of a device changes or a cold reset

is performed, the device and the HP Security Manager server communicate using the secure socket

layer (SSL) to validate certicates before an automatic remediation occurs. The certicates must be

valid identity certicates signed by a trusted certicate authority and installed on the HP Security

Manager server and each device. Each device must be set to require mutual authentication using

certicates during a pre-staging process.

5. To restrict and control the devices entering HP Security Manager, select the Use Device Serial Number List

check box, and then click Add Device Serial Number(s).

6. Select one of the following methods to add serial numbers on the Add Device Serial Number(s) window:

NOTE: Security Manager uses the list of serial numbers to accept a device the rst time, and then

automatically removes the serial number from the list. It recognizes all future announcements by that

device as a valid device.

● Type the printer’s serial number in the Device Serial Number text box, and then click Add to list.

● Click Add from le, locate the xml or text le from your le browser, open the le in Security Manager,

and then click Add.

7. Create a valid policy from the Policies page.

For instructions, see Create a policy on page 17

NOTE: You must create a valid initial policy to use with Automatic Remediation.

8. Select the Allow Automatic Remediation check box to activate automatic remediation.

NOTE: If Allow Automatic Remediation is enabled, an automatic assessment/ remediation of the device

occurs.

9. Select a policy from the Initial Assessment Policy drop-down list to ensure new devices are compatible with

the requirement.

NOTE: The valid policies are sorted in the list from the oldest to newest policy. This policy is used for

newly announced devices and ensures that the device is fully compliant with the requirements. The selected

Initial Assessment Policy is always used one time for the initial remediation. After the initial assessment, HP

Security Manager uses the most recently applied policy.

NOTE: If the policies are not valid, a “No valid policies” message displays in the Initial Assessment Policy

text box and the Save button is disabled.

12

Chapter 3 Setting up Security Manager

10. Click Save to save the entries.

NOTE: If HP JetAdvantage Security Manager service is not running, the HP Security Manager application

will not save the entries, and display an error message.

After conguring the Instant-On Security settings, devices powered on will automatically populate and remediate

in HP Security Manager.

Devices automatically discovered display in the Instant-On Auto Discovered column in the Devices page.

Congure the email server settings

Use the Automated Email setting option to congure the email server to authenticate and send email

notications when scheduled tasks are completed.

Follow these steps to congure email server settings:

1. Log in to HP Security Manager and select the Settings menu icon ( ), and then select the Settings option.

2. On the left navigation pane, click Automated Email.

3. In the E-mail Server Settings section, type the information required to identify the email server.

● SMTP Server – Contains the hostname or IP address of the email server.

● Port – Contains the network port to use to contact the email server.

NOTE: By default, the network port is set to 25.

● Enable SSL – Enables or disables the use of SSL when working with the email server.

NOTE: By default, this option is set to enabled.

● Specify Credentials – Species whether user credentials are required. If enabled, then the Username,

Password, and Domain text boxes are available.

– Username – The name used to log in to the SMTP (email) server.

– Password – The password used to log in to the SMTP server. The characters are encrypted when

typed.

– Domain (Optional) – The username is often related to a domain. If so, then the domain is required

to qualify the username.

4. In the Automatic Email Notication Settings, type the information required.

● Email Subject – The subject used in the email that is sent.

● Recipient(s) – An email addresses of one or more recipient.

If more than one addresses are specied, use a space, comma, or semicolon to separate the addresses.

NOTE: If an email address is incorrect, tasks will run for a longer time and fail.

● From Address – The email address used for the sender in the message.

5. Send a test email.

Congure

the email server settings 13

a. Click Send Test E-mail to make sure that the server and the congured settings are correct.

b. Check your email for the test email.

6. Click Save.

Click Yes to conrm the changes to the settings in the conrmation dialog box.

Set up global credentials

Global credentials are used as part of the device verication process when performing tasks which include device

discovery, verifying devices, assess only, assess and remediate of a device and setting the Instant-On Security

feature.

Use the Global Credentials feature to set global credentials for all existing devices and custom groups.

When verifying devices, HP Security Manager rst attempts to check the assigned device credentials for a device.

If the verication fails with device credentials, it checks the device’s default credentials. If the default credentials

verication fails, it veries the device with the global credentials.

NOTE: The device, default, and global credentials are also applicable for Assess Only and Assess and

Remediate policies on a device.

Follow these steps to set up the Global Credentials:

1. Log in to HP Security Manager and select the Settings menu icon ( ), and then select the Settings option.

2. On the left navigation pane, click Global Credentials.

3. On the SNMP Credentials section, complete the following steps to set the SNMPv1/v2 Read, Read/Write

or/and SNMPv3 credentials:

a. Select the Get Community Name check box, type the SNMP v1/v2 Get (e.g. Read) Community name in

the rst text box, and then type the name again in the second text box to conrm.

b. Select the Set Community Name check box, type the SNMP v1/v2 Set (e.g. Read/ Write) Community

name in the rst text box, and then type the name again in the second text box to conrm.

4. Set the SNMP v3 credentials:

a. Select the Set v3 Credentials check box.

b. Type the SNMP name in the User Name text box.

c. Type the Authentication Passphrase, and then type the passphrase again to conrm.

d. Select the Authentication Protocol (MD5 or SHA).

e. Type the Privacy Passphrase, and then type the passphrase again to conrm.

NOTE: If the device requires key credentials, Security Manager automatically converts the

passphrase.

f. Select the Privacy Protocol (DES or AES).

5. On the Other Credentials section, complete the tasks to set up the credentials.

14

Chapter 3 Setting up Security Manager

Page is loading ...

HP JetAdvantage Security Manager 250 Device E-LTU User guide

This manual is also suitable for

HP JetAdvantage Security Manager 250 Device E-LTU User guide

Related papers

Other documents