A.05.80 HP Insight Remote Support Advanced and Remote Device Access Security Overview (October 2012)
Security Overview
Chapter 2: HP Insight Remote Support Advanced
to verify that communication with HP is functioning properly. Missing ‘Heartbeats’ are only acted upon for
customers where this is a contractual deliverable. Currently, this is limited to customers who have
purchased either a Mission Critical or a Mission Critical Partnership contract. If there are open service
events or pending data collections, the Insight Remote Support Client will automatically connect to the HP
Data Center every 10 minutes to check for status updates or to confirm the successful submission of
pending data collections. If there are no open service events or pending data collections the Insight
Remote Support client will connect to HP periodically to check for and retrieve routine messages and
updates. This time will vary from once every 10 minutes to once every 24 hours depending on the status
and number of open events on the CMS. Additionally, every Insight Remote Support managed XP Storage
device will automatically send a ‘heartbeat’ message to the HP Data Center once every 24 hours
independently of the mechanisms described above.
Note: XP Storage devices use a separate heartbeat mechanism with an optional automatic email
failover capability to ensure that all XP Storage device messages will be received by HP regardless of
the status of Insight Remote Support on the Hosting Device.
Redundant HP Data Centers
The HP Insight Remote Support Data Center consists of two fully redundant database instances located
in two separate HP Data Centers. Redundant data centers provide resiliency for both the Insight Remote
Support Advanced data transport and the Remote Support Software Management communications.
Global Server Load Balancing is used to provide load balancing and resiliency across multiple data
centers.
Global Server Load Balancing (GSLB)
GSLB uses DNS to return the IP address of an available server. Subsequent DNS queries may return
different IP addresses based on server load and availability. Thus, the actual IP addresses returned will
vary over time as servers are taken in and out of service. HP has limited the number of IP addresses that
will be used in these DNS aliases so that network administrators can configure packet filtering firewalls
appropriately.
Firewall/Port Requirements for RSC and RSSWM
To accommodate this change, HP recommends that you configure your firewalls to use URL rules with
the DNS names listed in the table below. With a URL rule configuration, future HP infrastructure changes
may not require any firewall changes.
If your firewall does not support URL rule configuration, you will need to add rules to allow outbound
access to the IP addresses listed in the table below. This enables the redundant data center offering by
letting GSLB return the IP address of the active site. Note that these addresses may change over time as
the HP infrastructure evolves.
Table 2.1. Redundant data center settings
HP Remote Support Service Alias IP addresses Protocol
Client
services.isee.hp.com 15.216.241.67
15.217.233.50
HTTPS
HP Insight Remote Support Advanced and Remote Device Access (A.05.80)Page 25 of 97