Adding HP NonStop Systems
Overview
If you are adding HP NonStop Guardian systems, be sure that the Safeguard and SSH components are installed on the hardware. If these components are installed, you can add a user name and password for an account to be used to access the system when adding the system or at a later time.
User names in Guardian are of the form group-name.user-name, for example acme.harvey is a user name in a group called acme. User IDs in Guardian are in the form group-id,user-id. For example if the acme group has a Group ID of 154 and harvey has a User ID of 1 within that group, the User ID of acme.harvey is 154,1.
In most cases, however, you would specify the SUPER.SUPER (255,255) account, a group manager account, or an account with similar privileges for which you want to manage the password. For example, user 154,255 would be the group manager account in acme group.
Each Guardian user account can have multiple aliases that share the same Guardian User ID and the same access permissions to system systems, but cannot use the same password as each other or use the same password as the Guardian User ID they are based on. Aliases can also be managed separately from their underlying User ID. For example, you might want to set up an alias user for SUPER.SUPER so that each NonStop administrator has the same permissions as SUPER.SUPER, but each one maintains their own password.
For any account you add, you can choose whether or not you want the Privileged Access Service to manage the account password. If you select Manage this credential, the Privileged Access Service automatically changes the password immediately after the account and system are added and each time the account is checked in.
If you select Manage this credential for HP NonStop devices, you should keep in mind that the Privileged Access Service can only manage passwords for privileged user accounts that have sufficient rights to configure and save settings. In addition, if there are any pending changes for other user accounts, those changes will be saved when the Privileged Access Service updates a managed password.
For more information about password and system management for HP NonStop systems, see the following topics:
Password Complexity Rules
All managed passwords generated by the Privileged Access Service consist of at least one upper case letter, one lower case letter, one number, and one special character regardless of the system type. For HP NonStop systems, the following additional password rules apply:
- Minimum password length: 8
- Maximum password length: 8
- Supported special characters: !@#%&()*+-./:<>[]^_{|}~
The default password profile for HP NonStop systems will only include supported special characters. If you clone the profile to create a custom password profile, you should be aware that on some versions of the operating system, some special characters are not supported and should not be used in the password. For example, on some versions of the HP NonStop operating system, you should avoid adding the following special characters to the profile: , ; “” $ =
For more information, see the HP Security Management Guide: http://h20565.www2.hpe.com/hpsc/doc/public/display?sp4ts.oid=4201303&docLocale=en_US&docId=emr_na-c02131793
Specifying Proxy Users for SUPER.SUPER
If you selected HP NonStop as the system type and added SUPER.SUPER as the account to use with the device, you are prompted to specify whether the SUPER.SUPER user account is allowed to log on using secure shell (ssh) connections.
