Manualshelf

A.05.80 HP Insight Remote Support Advanced and Remote Device Access Security Overview (October 2012)

ManualsBrandsHP ManualsSoftwareHP Insight Remote Support Advanced Software
31323334353637383940
Security Overview
Chapter 3: Remote Device Access (RDA)
Virtual CAS
The Virtual CAS is provided by HP free of charge for HP RDA customers and is the HP preferred method
for customers using an Entitled Remote Access solution. The Virtual CAS provides enhanced security
and management functionality to restrict access into customer networks. Access restrictions on the
vCAS solution can be easily defined by the customer administrator through a web interface. There are
three basic access control settings:
l Open Access: allow access to all HP users
l Closed Access: deny access to all HP users
l White List: Allow/Deny access to specific users
The HP vCAS solution can assign specific access rules to HP users. These rules can restrict users to
specific devices (and services) based on the rules defined in the vCAS admin interface. It is a software-
only solution based on a VMware image of a virtual machine running Ubuntu Server. Virtual CAS features
include:
l Runs on VMware Server ESX or ESXi. Can also run on VMware Server (available from VMware at no
cost for Microsoft Windows or Linux).
l Can run as a VM Guest on a virtualized Central Management Server (CMS) or Hosting Device.
l Based on open source software.
l An easy to use administration web interface.
l Implements SSH authentication using HP issued X.509 certificates.
n The authentication is compatible with HP’s VeriSign-administered internal PKI (known internally as
HP DigitalBadge).
n CRL access is available either via file or Online Certificate Status Protocol (OCSP).
l Fine-granularity access control customers can specify user level access to targets including TCP
ports.
l Easy-to-use software update mechanism based on apt-get. The virtual CAS will poll HP for software
updates and security patches. The Customer has full control on how and when these updates may be
applied to the Virtual CAS.
l Can be used with SSH-Direct, hpVPN, or CorVPN solutions.
Figure 3.1. Virtual CAS
HP Insight Remote Support Advanced and Remote Device Access (A.05.80)Page 40 of 97