Summary
Question
Starting with Network Node Manager (NNMi) v10.10, the default security hardening behavior demands that access to the NNMi JMX Console be 'disabled'
In select Windows OS environments running NNMi v10.10, it was observed that the NNMi JMX Console was in-fact still enabled.
Answer
The following steps have to be followed to disable the Jmx-Console:
1. Open the file %NnmDataDir%\nmsas\<PRODUCT>\conf\nms-auth-config.xml file via a text editor.
2. Verify if the following entries are already present :
<!--
HP recommends the jmx-console be left disabled unless it is actively being used for troubleshooting.
Right now the following section supports two modes BASIC and NO_ACCESS.
BASIC: This mode will enable the jmx-console
NO_ACCESS: This mode will disable the jmx-console
After changing this file user has to run the SPI specific script to reload the nms-auth-config.xml file.
-->
<realm name="jmx-console">
<mode>NO_ACCESS</mode>
</realm>
-> If the above entries are present & the access mode is set to BASIC, then update the entry as below and then save the change.
From:
<mode>BASIC</mode>
To:
<mode>NO_ACCESS</mode>
-> If the above entries are not present, then add the same to the bottom of the .xml file and then save the changes.
3. Post the update, run the appropriate command to re-read the nms-auth-config.xml file:
#nnmsecurity.ovpl –reloadAuthConfig
4. Attempt to launch the NNMi JMX Console and confirm that it is now disabled.