Manualshelf

HP Insight Control Server Provisioning 7.3 Update 1 Administrator Guide

ManualsBrandsHP ManualsSoftwareHP Insight Control including 1yr 24x7 Technical Support and Updates Single Server License
51525354555657585960
Insight Control server provisioning lands an agent in the production operating system and this
agent must be able to communicate back to the appliance. The assumption is that the deployment
NIC will be active in the production OS or that there will be a route back to the deployment network
for this communication.
Securing the appliance
CATA (Comprehensive Applications Threat Analysis) is a powerful HP security quality assessment
tool designed to substantially reduce the number of latent security defects. The design of the
appliance employed CATA fundamentals and underwent CATA review.
The following factors secured (hardened) the appliance and its operating system:
Best practice operating system security guidelines were followed.
The appliance operating system minimizes its vulnerability by running only the services required
to provide functionality. The appliance operating system enforces mandatory access controls
internally.
The appliance maintains a firewall that allows traffic on specific ports and blocks all
unused ports. See “Port list” (page 68) for the list of network ports used.
Key appliance services run only with the required privileges; they do not run as privileged
users.
The operating system bootloader is password protected. The appliance cannot be
compromised by someone attempting to boot in single-user mode.
The appliance enforces a password change at first login. The default password cannot be
used again.
The appliance supports self-signed certificates and certificates issued by a certificate authority.
The appliance is initially configured with a self-signed certificate. As the Infrastructure
administrator, you can generate a CSR (certificate signing request) and, upon receipt, upload
the certificate to the appliance. This ensures the integrity and authenticity of your HTTPS
connection to the appliance.
All browser operations and REST API calls use HTTPS. All weak SSL (Secure Sockets Layer)
ciphers are disabled.
The appliance supports secure updating. HP digitally signs all updates to ensure integrity and
authenticity.
Backup files and transaction logs are encrypted.
Support dumps are encrypted by default, but you have the option to not encrypt them.
Operating-system-level users are not allowed to access the appliance, with the following
exceptions:
A special pwreset command used only if the Infrastructure administrator password is
lost or forgotten. This command requires that you contact your authorized support
representative to obtain a one-time password. For more information, see the online help.
A setting that enables an authorized support representative to obtain a one-time password
so that they can log in to the appliance console (and only the console) to perform advanced
diagnostics.
You can either enable or disable access with this setting.
HP closely monitors security bulletins for threats to appliance software components and, if
necessary, issues software updates.
Securing the appliance 59