Manualshelf

HP Insight Control Server Provisioning 7.2 Administrator Guide

ManualsBrandsHP ManualsSoftwareHP Insight Control including 1yr 24x7 Technical Support and Updates Single Server License
21222324252627282930
2. Enter the usernamepwreset.
3. The appliance will present a challenge key. For example:
<hostname> login: pwreset
Challenge = xyaay42a3a
Password:
4. Call HP Support to obtain the one-time password that will reset the administrator password
for the Insight Control server provisioning appliance. The challenge will need to be read to
the support representative.
5. The HP Support representative will use the challenge code to generate the one-time password.
It will be an easy to type, space separated set of strings. For example:
VET ROME DUE HESS FAR GAS
6. When this password is entered, the appliance will display a new, randomly generated
password. After noting the new password, press Enter.
7. The newly generated password is pre-expired. When using it to login to the appliance as
Administrator, you will be required to change it, just as the default password requires
immediate change during First-Time Setup.
The ability to reset the Administrator password cannot be disabled.
4.12.5 Enabling or disabling HP Support services access
When you first start up the appliance, you are given the opportunity to enable or disable HP
Support Services access. Access is enabled by default to allow HP Support personnel to access
your system through the system console and diagnose serious problems that you have reported.
HP Support Services access is a root-level shell, so the on-site HP Support tech can fully debug any
issues on the appliance. The on-site HP Support representative can obtain a one-time password
for shell access using a challenge/response mechanism similar to the one for password reset.
After first time setup you can use the UI to enable or disable HP Support access on the Settings
page by selecting ActionsEdit HP support access. A REST API is also available to enable or
disable HP Support services access (see “REST call to enable or disable support access (page 35).
HP recommends leaving services access enabled. If a problem were to occur that requires services
access there is no guaranteeing it will be possible to enable it after the fact.
4.12.6 Restricting console access
To restrict access to the console you must also restrict access to the virtual hard drive. See VMware
vSphere Security Hardening Guide sections on “Host Communications between vSphere Client
and ESX Server uses SSL with default certificates these can be updated” and “Describe VM
protection.
4.12.7 Algorithms
The following algorithms are used:
SSL (see Supported cipher suites table below)
Local user account passwords: hashed using SHA-256
Other passwords: encrypted using 128–bit Blowfish
Backups/Support Dumps
Encryption: AES 128–bit
Hash: SHA-256
Support dump: AES key is separately encrypted using 2048–bit RSA
Updates: not encrypted, digitally signed using SHA-256 and 2048–bit RSA
30 Security considerations