From: Roger.Best@us.hsbc.Com
Date: Mon Jun 09 2003 - 13:23:21 EDT
Thanks to (fifo sort) Stuart Abramson, David Lodge, Richard Goodwin, Bob
Scharle, Bill Thompson, Allan Marillier, Bill Hassell, Ilan Green, and Corn
é Beerse for their response which are posted at the end.
The issue arose because my colleague went to the HP ITO course where they
suggested ITO not run a Trusted system. Forthwith, my colleague opened up
a call with HP concerning any known issue with ITO running an a Trusted
server...And we finally have a response:
HPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHP
Sorry for the delay in getting back to you. I wanted to make sure that I
had
discussed the issue of C2 Support for OVO Unix with our lab folks in
sufficient detail, before giving you my findings.
OVO Unix relies on multiple underlying technologies(DCE, NCS DCE, Oracle
etc ) for both server side and agent side processing and communications. In
addition OVO relies on other OpenView products such as NNM that use native
technologies such a perl for performing certain procedures and functions
C2 security significanlty effects user and password management, and
introduces auditing functions. OVO(and the underlying Oracle data base)
rely
extensively on user accounts for the various roles/responsibilites/tasks.
These interactions and their impact on the underlying technologies
have
not been tested in detailed by our lab. Therefore this particular
configuration namely OVO Unix in a C2 Security environment is not
supported.
If you would like we can log an Ehancement Request with our lab.
HPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHPHP
I would think it worthwhile for each one of us to log and enhancement
request (but just my opinion).
-Roger Best
Original Question:
========================================================================================================================================
Folks,
Some people at HP are trying to suggest that an ITO installation (server)
is not support on a Trusted machine.
These are two products produced and supported by HP.
An HP server in Trusted mode is a must in our environment.
Is anyone on this list running (plans to run) ITO on a Trusted machine?
I will summarize!
REPLIES:
====SAbramson@Wabtec.com
==================================================================================================================
Roger:
Although I don't work there anymore, the Alcoa Company in Pittsburgh, PA,
runs ITO on trusted systems. HP-UX 11.0.
Stuart
Stuart Abramson | Off: 412/825-1434 | Cell: 412/417-1567 | email:
sabramson@wabtec.com
=======================================================================================================================================
====David.Lodge@capitalone.com
===============================================================================================================
They're feeding you a line here.
We've had a trusted ITO server for about 4 years and HP support us...
Why does trusted get the biggest amount of blame for everything. Most
programs have no need to go anywhere need the TCB - and even if they do -
there are libraries and one can use PAM to do all the hard work...
Lazy developers and clueless support people I suppose...
dave
=======================================================================================================================================
====Richard.Goodwin@Staples.com
==============================================================================================================
we had an ITO installation on a non-trusted hpux 11.00 server, and we
converted the server to trusted and didnt have any problems.
=======================================================================================================================================
====bob.scharle@ncogroup.com
===============================================================================================================
Roger,
We were planning on running ITO on a trusted system but now I am concerned.
I will look for your summary.
Thanks,
Bob
=======================================================================================================================================
====bill.thompson@goodyear.com
================================================================================================================
Don't know why they'd tell you that - it's totally untrue.
We're running our server on a trused machine - in fact, all of our HP
servers run in trusted mode.
Bill Thompson
Sr UNIX Systems Administrator
The Goodyear Tire & Rubber Company
6-0599
=======================================================================================================================================
====Allan.Marillier@dana.com
===================================================================================================================
Yes. It is not true at all that ITO does not run in a trusted system. Both
our ITO master as well as all other servers are trusted.
=======================================================================================================================================
====blhconsulting@mindspring.com
===============================================================================================================
ITO runs just fine on a Trusted System. I have managed several
dozen systems running ITO that were all Trusted. Is the HP
Response Center giving you this information or someone local?
--
Best regards,
Bill Hassell
>I don't doubt that it runs. The key word is "supported" by HP; or, if I
got problems can I call them.
>
>The Response Center is telling us this, along with our Remote Account
Support Engineer whose double checking it just to be sure.
>
>Thanks,
>
>Roger
Sirry, I can't help on this one. Normally, I would find out
exactly what the problem is (I'd suggest you ask--strongly).
ITO is way too expensive to not have covered Trusted System
compatibility, so I see no reason why it would not be supported.
--
Best regards,
Bill Hassell
=======================================================================================================================================
====ilang@amdocs.com
======================================================================================================================
No reason on earth it shouldn't run on trusted system - as it is running
this way in our environment
=======================================================================================================================================
====c.beerse@torex-hiscom.nl
=================================================================================================================
I can imagine; the protocols used to install tools and the rights needed on
the remote machine violate the trusted rules. Hence, I think the
installation server will break the rules that makes a machine a trusted
one.
CBee
=======================================================================================================================================
=======================================================================================================================================
=======================================================================================================================================
************************************************************************
This E-mail is confidential. It may also be legally privileged. If you
are not the addressee you may not copy, forward, disclose or use any
part of it. If you have received this message in error, please delete
it and all copies from your system and notify the sender immediately
by return E-mail.
Internet communications cannot be guaranteed to be timely, secure,
error or virus-free. The sender does not accept liability for any
errors or omissions.
************************************************************************
--
---> Please post QUESTIONS and SUMMARIES only!! <---
To subscribe/unsubscribe to this list, contact majordomo@dutchworks.nl
Name: hpux-admin@dutchworks.nl Owner: owner-hpux-admin@dutchworks.nl
Archives: ftp.dutchworks.nl:/pub/digests/hpux-admin (FTP, browse only)
http://www.dutchworks.nl/htbin/hpsysadmin (Web, browse & search)
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 11:02:30 EDT