30.3 Securing Sensitive Information During Remote Management Sessions

When you are managing OES servers using iManager, all the information including sensitive data is typically sent via a Secure HTTP (HTTPS) connection between iManager and CIMOM on the Linux server you are managing. This ensures that sensitive data is not exposed during transmission. However, if CIMOM is not running on the Linux server you are managing, the plug-ins attempt to connect via NCP or CIFS. These connections are insecure and are a security concern only when transmitting sensitive information.

Effective from OES2, storage plug-ins have been modified to prevent this potential exposure of sensitive information. Where tasks involve the exchange of sensitive information between iManager and the Linux server you are managing, the plug-in now checks to see if CIMOM is running and available on the Linux server you are managing before it attempts to execute the command. If CIMOM is not running for some reason, it returns an error message and does not execute the task. The plug-ins do not allow sensitive data to be sent across insecure connections (such as NCP or CIFS/SAMBA) to the Linux server. You get an error message explaining that the connection is not secure and that CIMOM must be running before you can perform the task.