Manualshelf

HP Insight Control Server Provisioning 7.3 Update 1 Administrator Guide

ManualsBrandsHP ManualsSoftwareHP Insight Control including 1yr 24x7 Technical Support and Updates Single Server License
71727374757677787980
Table 5 Supported SSL cipher suites (continued)
MacEncAuKxSSL versionSSL cipher suite
SHA1AES (128)RSADHSSL v3DHE-RSA-AES128-SHA
SHA1AES (128)RSARSASSL v3AES128-SHA
Files you can download from the appliance
You can download the following data files from the appliance:
Support dump
By default, all data in the support dump is encrypted and accessible by an authorized support
representative only.
The support dump file is located at /ci/etc/support-dumps.
Backup file
All data in the backup file is in a proprietary format. HP recommends that you encrypt the file
according to your organization's security policy.
The backup file is located at /ci/data/backup-restore and at ci/backup-restore.
Audit logs
Session IDs are not logged, only the corresponding logging IDs are logged. Passwords and
other sensitive data are not logged.
The audit log is located at /var/log/audit/audit.log.
SSL Certificate — certificates contain public data
Media Server setup tool – no data included
WinPE generation tool – no data included
Media Server security
Insight Control server provisioning requires a Media Server for hosting OS distributions, captured
OS images, and HP SPPs separate from the appliance. It can be either a Windows or Linux server
and access to it should be controlled by using standard operating system mechanisms.
The Windows Media Server setup utility enables NTLMv2 for better security. It creates a CIFS share
on the specified directory and creates media and images subdirectories. The utility requests a user
name to give access to the share and gives the user read/write access to the share. The utility also
creates an IIS virtual directory on the media subdirectory with read-only access. The CIFS share is
used for Windows deployment and image capture. The HTTP virtual directory is used for Linux and
ESXi deployment.
The credentials for the share user are stored in a recoverable format on the appliance and used
in OS Build Plans to attach to the Media Server. The user provided for the share should have limited
rights. The user needs to be able to read and write to the share but not login to the Media Server.
A different user should be used for managing the Media Server system and OS distributions.
If Windows image capture will not be used, the share can be created read-only. When Windows
image capture is being used, the media subtree can be made read-only for the share user via the
Media Server operating system.
A white paper describes the steps necessary to manually set up a Linux Media Server – no utility
is provided. The same limitations on the share user account and web-based access apply.
Files you can download from the appliance 73