The following list provides general security considerations that you should be aware of when you are using the N1 System Manager:
The JavaTM Web Console that is used to launch the N1 System Manager's browser interface uses self-signed certificates. These certificates should be treated with the appropriate level of trust by clients and users.
The terminal emulator applet that is used by the browser interface for the serial console feature does not provide a certificate-based authentication of the applet. The applet also requires that you enable SSHv1 for the management server. For certificate-based authentication or to avoid enabling SSHv1, use the serial console feature by running the connect command from the n1sh shell.
SSH fingerprints that are used to connect from the management server to the provisioning network interfaces on the managed servers are automatically acknowledged by the N1 System Manager software by default, which might make managed servers vulnerable to “man-in-the middle” attacks. You can configure how the N1 System Manager processes changed and unknown SSH keys by running the n1smconfig utility after the N1 System Manager has been installed or upgraded. See Configuring SSH Unknown and Changed Host Key Policies in Sun N1 System Manager 1.3 Installation and Configuration Guide.
The Web Console (Sun ILOM Web GUI) autologin feature for Sun Fire X4100 and Sun Fire X4200 servers exposes the server's management processor credentials to users who can view the web page source for the Login page. To avoid this security issue, disable the autologin feature by running the n1smconfig utility. See Configuring the N1 System Manager in Sun N1 System Manager 1.3 Installation and Configuration Guide for details.