21.18 Configuring NNMi to require encryption for remote access
The HTTP mode of communication can still be used even after installing and configuring NNMi to use HTTPS communication. To be able to restrict remote access to NNMi via HTTP, completely disable NNMi's HTTP mode of communication by the following instructions.
Before configuring NNMi to permit only encrypted remote access, make sure the global network management and other integrations support SSL. Configure them for SSL before configuring NNMi to permit only encrypted remote access.
Do not perform this task if you want to and are yet to configure the application failover cluster. After setting up the NNMi application failover cluster, you can complete these steps to disable HTTP and other unencrypted access.
To disable HTTP access from the network to NNMi, edit the server.properties file as follows:
Edit the following file (you will need to create it if it does not exist):
Windows: %NnmDataDir%nmsas\NNM\server.properties
Linux: $NnmDataDir/nmsas/NNM/server.properties
Add the following four lines to the server.properties file:
nmsas.server.net.bind.address = 127.0.0.1 nmsas.server.net.bind.address.ssl = 0.0.0.0 nmsas.server.net.hostname = localhost nmsas.server.net.hostname.ssl = ${com.hp.ov.nms.fqdn}
Save your changes.
Restart NNMi by running the following commands:
ovstop ovstart