A.05.80 HP Insight Remote Support Advanced and Remote Device Access Security Overview (October 2012)
Security Overview
Chapter 3: Remote Device Access (RDA)
Connectivity Methods for VPN Solutions
Many customers’ security policies require that all inbound connections be protected inside a VPN
connection that is terminated in a DMZ. HP offers site to site IPsec VPN access solutions for entitled
remote access. SSH port-forwarding is still used, except that it is tunneled over IPsec using VPN routers.
The combination of SSH and IPsec provides enhanced security.
SSH is recommended as it provides better end to end security as well as enhanced functionality (file
transfer capabilities and application tunneling), but HP recognizes that this may not fit all security policies.
Therefore we offer site to site IPsec VPN connectivity with and without SSH tunneling. The following two
figures show both options.
Figure 3.5. General IPsec VPN Access with SSH
Figure 3.6. General IPsec VPN Access Without SSH
HP Insight Remote Support Advanced and Remote Device Access (A.05.80)Page 45 of 97