HP Instant Capacity Version 10.x User Guide (5900-1581, March 2011)
Security Issues
Customer protections which iCAP assumes to be in place
Instant Capacity commands provide system status information and facilitate system configuration
modification, and are therefore executable only by users with root level access. An assumption is
made that there exist administrative policies which exercise the appropriate degree of control over
root level access.
Disabling the iCAP daemon (HP-UX)
On a system with full usage rights (no iCAP components), you can disable the iCAP daemon
(icapd) by commenting out its entry in the /etc/inittab system file, resetting the init task
(init -q), and killing icapd via kill -9 or kill -s SIGTERM.
Note that disabling the daemon in this way on an iCAP or GiCAP system is a violation of the iCAP
contract with HP. After 12 to 24 hours, the system goes out of compliance and an exception
notification email is sent. Also, other partition management software cannot determine whether
the system contains iCAP components and, as a result, refuses to manage any components that
are present.
Customer Security Requirements
The Instant Capacity software is designed to provide maximum protection for sensitive customer
information. It follows these customer security requirements:
• Sensitive customer data (names, phone numbers, email addresses, hostnames, IP addresses)
is not transmitted to HP.
• There are no transmissions of authentication credentials in clear (nonencrypted) text.
• Nonsuperuser access to iCAP commands and data is not allowed.
• Confidential information is encrypted when transmission is required.
• Appropriate protections are accorded to confidential data and authentication credentials.
Security Tuning Options
Instant Capacity asset reporting (via email to HP) is optional and is turned off by default. Customers
can enable asset reporting by executing the icapnotify -a on command.
Security Issues 167