A.05.80 HP Insight Remote Support Advanced and Remote Device Access Security Overview (October 2012)
Security Overview
Chapter 2: HP Insight Remote Support Advanced
l Binary Event Log Data
The System Event Analyzer component of WEBES monitors binary event logs. These events are
collected by the Event Log Monitoring Collector (ELMC) client that is installed on the end point device.
A persistent connection is established from WEBES on the CMS to ELMC on the managed device and
events are sent across a socket connection as they are detected.
l EVA Command View Data
The System Event Analyzer (SEA) component of WEBES requires detailed configuration information
about Enterprise Virtual Array (EVA) devices. This information is obtained using the Command View
EVA software running on the storage management server. SEA uses an ELMC connection to the node
to get access to this information. The information may be collected at any time, and is not always
related to the processing of an event, for example, comparing configuration states during analysis. This
data includes various EVA components: storage cell, disks, controllers, disk groups, folder, container,
cabinet, controller shelf, disk shelf, host, virtual disk, and DRM group. In addition, information about
the error counts on fiber ports is collected.
l WBEM Indications
The System Event Analyzer (SEA) component of WEBES is used to monitor WBEM indications from
end point devices. SEA connects to the end point device using the CIM over XML WBEM protocol in
order to set up subscriptions to indications. Once the subscription is made the connection is closed.
When an indication is detected by the CI-MOM, it makes an HTTPS connection back to the WEBES
web interface on TCP port 7906 to deliver the indication. As part of the analysis of the indication, SEA
may make a connection back to the CI-MOM to collect configuration information (a WBEM “get”) as
discussed below.
l Configuration Information
As part of analysis of an event, additional configuration information may be needed to isolate the
location of the fault, or to provide information to HP about the Field Replaceable Unit (FRU) that needs
to be replaced. In these cases, WEBES will make a connection back to the end point device using the
protocols described above.
This information is generally related to the location of FRUs in the device, as well as serial and part
numbers. Note that this is not an inclusive list of the types of information collected.
For Alpha machines the FRU Configuration Tree (FCT) entries are stored in the event log files. This
information describes all of the components in the machine along with part numbers and serial
numbers. For Integrity machines the information provided in the IPMI log is collected. This information
is very similar in content to the information in the FCT. WBEM and SNMP gets are used to get
information about the configuration of a device. In addition, a set of identifying information called CSID
data is collected for each managed device and sent to HP so that we can insure that incoming data and
indications can be traced to a particular device.
l SNMP Traps
WEBES analyzes SNMP traps that are sent to it. As part of this analysis, WEBES may connect back
to the SNMP agent to get additional information about the device as described below in configuration
information.
l Object of Service Data
Information about the entitlement parameters (serial number, product number, contract IDs, etc) are
collected for every device WEBES monitors. In addition, contact and location information for these
HP Insight Remote Support Advanced and Remote Device Access (A.05.80)Page 31 of 97