A.05.80 HP Insight Remote Support Advanced and Remote Device Access Security Overview (October 2012)
Security Overview
Chapter 2: HP Insight Remote Support Advanced
HP Transport Security
The Insight Remote Support Client uses a VeriSign CA signed server-side X.509 certificate for
authentication and confidentiality of Insight Remote Support Advanced data in transit between the CMS
and the HP Remote Support Data Center.
When initial setup is complete, the Remote Support Client will register itself with the HP Data Center.
This registration is performed over an HTTPS connection and includes the company and contact data
entered in the Remote Support Configuration and Services HP SIM user interface as well as a set of CMS
device attributes (the same information as is collected for remote support devices). The CMS data is used
to uniquely identify the client instance. The HP registration service creates, encrypts and digitally signs a
unique registration token that is returned to the client and stored on the file system at
<Client Install Location>\config\.isee_token
Each subsequent communication from the client will include the registration token and a new collection of
CMS identification data. The token is verified and checked against the CMS data to authenticate the
client. If a discrepancy is uncovered during authentication, the client will re-register itself to ensure that the
operation can continue and the HP application support team will be notified.
Communication with HP Data Center
Automated Connections to HP
Insight Remote Support will automatically open an HTTPS communication channel to HP for the
submission of service events, data collections and automatic device registrations. In addition to these
messaging events, HP Insight Remote Support Client installations will send 'Heartbeat' messages to the
HP Data Center once every 6.5 hours to verify connectivity. Insight Remote Support Heartbeats are used
HP Insight Remote Support Advanced and Remote Device Access (A.05.80)Page 24 of 97