Manualshelf

HP Insight Control Server Provisioning 7.2 Administrator Guide

ManualsBrandsHP ManualsSoftwareHP Insight Control including 1yr 24x7 Technical Support and Updates Single Server License
31323334353637383940
The following SSL cipher suites are enabled on the Insight Control server provisioning appliance
web server. These cipher suites are for the connection between the browser and the IC server
provisioning appliance.
Table 4 Supported cipher suites
MacEncAuKx
SHA1AES (256)RSADHSSLv3DHE-RSA-AES256-SHA
SHA1AES (256)RSARSASSLv3AES256-SHA
SHA13DES (168)RSADHSSLv3EDH-RSA-DES-CBC3-SHA
SHA13DES (168)RSARSASSLv3DES-CBC3-SHA
SHA1AES (128)RSADHSSLv3DHE-RSA-AES128-SHA
SHA1AES (128)RSARSASSLv3AES128-SHA
4.13 Downloads from the appliance
These are the data that can be downloaded from the appliance:
Support dump - all data in the support dump is encrypted and accessible only by HP support.
Backup - all data in the backup is in a proprietary format and HP recommends the customers
encrypt it in a way that meets their organizational requirements.
Audit logs - session IDs are not logged, only corresponding logging IDs. Passwords and other
sensitive data are not logged.
SSL Certificate - certificates contain public data.
Media Server setup tool no data included.
WinPE generation tool no data included.
4.14 Media Server security
Insight Control server provisioning requires a Media Server for hosting OS distributions, captured
OS images, and HP SPPs separate from the appliance. This is either a Windows or Linux server
and access to it should be controlled using standard operating system mechanisms.
The Windows Media Server setup utility enables NTLMv2 for better security. It creates a CIFS share
on the specified directory and creates media and images subdirectories. The utility requests a user
name to give access to the share and gives the user read/write access to the share. The utility also
creates an IIS virtual directory on the media subdirectory with read-only access. The CIFS share is
used for Windows deployment and image capture. The HTTP virtual directory is used for Linux and
ESX deployment.
The credentials for the share user are stored in a recoverable format on the appliance and used
in OS Build Plans to attach to the Media Server. The user provided for the share should have limited
rights. The user needs to be able to read and write to the share but not login to the Media Server.
A different user should be used for managing the Media Server system and OS distributions.
If Windows image capture is not going to be used, the share can be created read-only. When
Windows image capture is being used, the media subtree can be made read-only for the share
user via the Media Server operating system.
A white paper describes the steps necessary to manually set up a Linux Media Server no utility
is provided. The same limitations on the share user account and web-based access apply.
4.15 Security best practices
Most security policies and practices utilized in a traditional environment are applicable in a
virtualized environment. However, in a virtualized environment, these policies might require
4.13 Downloads from the appliance 31