[HPADM] SUMMARY:ITO not supported in Trusted environment?
To: firstname.lastname@example.org Date: Mon, 9 Jun 2003 13:23:21 -0400
Thanks to (fifo sort) Stuart Abramson, David Lodge, Richard Goodwin, Bob
Scharle, Bill Thompson, Allan Marillier, Bill Hassell, Ilan Green, and Corn
é Beerse for their response which are posted at the end.
The issue arose because my colleague went to the HP ITO course where they
suggested ITO not run a Trusted system. Forthwith, my colleague opened up
a call with HP concerning any known issue with ITO running an a Trusted
server...And we finally have a response:
Sorry for the delay in getting back to you. I wanted to make sure that I
discussed the issue of C2 Support for OVO Unix with our lab folks in
sufficient detail, before giving you my findings.
OVO Unix relies on multiple underlying technologies(DCE, NCS DCE, Oracle
etc ) for both server side and agent side processing and communications. In
addition OVO relies on other OpenView products such as NNM that use native
technologies such a perl for performing certain procedures and functions
C2 security significanlty effects user and password management, and
introduces auditing functions. OVO(and the underlying Oracle data base)
extensively on user accounts for the various roles/responsibilites/tasks.
These interactions and their impact on the underlying technologies
not been tested in detailed by our lab. Therefore this particular
configuration namely OVO Unix in a C2 Security environment is not
If you would like we can log an Ehancement Request with our lab.
I would think it worthwhile for each one of us to log and enhancement
request (but just my opinion).
Some people at HP are trying to suggest that an ITO installation (server)
is not support on a Trusted machine.
These are two products produced and supported by HP.
An HP server in Trusted mode is a must in our environment.
Is anyone on this list running (plans to run) ITO on a Trusted machine?
I will summarize!
Although I don't work there anymore, the Alcoa Company in Pittsburgh, PA,
runs ITO on trusted systems. HP-UX 11.0.
Stuart Abramson | Off: 412/825-1434 | Cell: 412/417-1567 | email:
They're feeding you a line here.
We've had a trusted ITO server for about 4 years and HP support us...
Why does trusted get the biggest amount of blame for everything. Most
programs have no need to go anywhere need the TCB - and even if they do -
there are libraries and one can use PAM to do all the hard work...
Lazy developers and clueless support people I suppose...
we had an ITO installation on a non-trusted hpux 11.00 server, and we
converted the server to trusted and didnt have any problems.
We were planning on running ITO on a trusted system but now I am concerned.
I will look for your summary.
Don't know why they'd tell you that - it's totally untrue.
We're running our server on a trused machine - in fact, all of our HP
servers run in trusted mode.
Sr UNIX Systems Administrator
The Goodyear Tire & Rubber Company
Yes. It is not true at all that ITO does not run in a trusted system. Both
our ITO master as well as all other servers are trusted.
ITO runs just fine on a Trusted System. I have managed several
dozen systems running ITO that were all Trusted. Is the HP
Response Center giving you this information or someone local?
-- Best regards, Bill Hassell >I don't doubt that it runs. The key word is "supported" by HP; or, if I got problems can I call them. > >The Response Center is telling us this, along with our Remote Account Support Engineer whose double checking it just to be sure. > >Thanks, > >Roger Sirry, I can't help on this one. Normally, I would find out exactly what the problem is (I'd suggest you ask--strongly). ITO is way too expensive to not have covered Trusted System compatibility, so I see no reason why it would not be supported. -- Best regards, Bill Hassell ======================================================================================================================================= ====email@example.com ====================================================================================================================== No reason on earth it shouldn't run on trusted system - as it is running this way in our environment ======================================================================================================================================= ====firstname.lastname@example.org ================================================================================================================= I can imagine; the protocols used to install tools and the rights needed on the remote machine violate the trusted rules. Hence, I think the installation server will break the rules that makes a machine a trusted one. CBee ======================================================================================================================================= ======================================================================================================================================= ======================================================================================================================================= ************************************************************************ This E-mail is confidential. It may also be legally privileged. If you are not the addressee you may not copy, forward, disclose or use any part of it. If you have received this message in error, please delete it and all copies from your system and notify the sender immediately by return E-mail. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions. ************************************************************************ -- ---> Please post QUESTIONS and SUMMARIES only!! <--- To subscribe/unsubscribe to this list, contact email@example.com Name: firstname.lastname@example.org Owner: email@example.com Archives: ftp.dutchworks.nl:/pub/digests/hpux-admin (FTP, browse only) http://www.dutchworks.nl/htbin/hpsysadmin (Web, browse & search)