A.05.80 HP Insight Remote Support Advanced and Remote Device Access Security Overview (October 2012)
Security Overview
Chapter 2: HP Insight Remote Support Advanced
Installation Package Security
Software applications downloaded from HP are stored in the Installers directory, typically located at: <SWM
Install Location>\Installers\. MD5 checksums are used to verify that the installation files
have not been modified since they were packaged at HP.
During installation of HP SIM, a SIM administrator user is configured. The RSSWM agent sets up the HP
RSSWM-SIM Context Service during agent installation. This service facilitates an installer digitally signed
by HP to run in the context of the HP SIM administrator thus enabling the installer to run integration
commands with HP SIM. Not all packages deployed through RSSWM require HP SIM integration.
User Interface
The RSSWM interface is only available to users logged into the CMS. In addition to a direct console
session, the user can employ Microsoft Remote Desktop Client, mstsc.exe, to access the RSSWM
interface. The user must specify the connect-to-console option, specified by the option '/admin', from
the command line. The RSSWM User Interface allows the administrator user to specify the software
update policy, schedule update installation windows and configure software packages and installation
depots on the CMS.
HP Transport Security
The RSSWM agent uses server-side authentication to ensure that it is connecting to a valid HP RSSWM
server. Upon installation, the RSSWM agent generates an install ID which is stored in the system registry
(HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Hewlett-Packard\RSSWM\GUID) and used
during subsequent RSSWM connections to uniquely identify itself. All communications and application
downloads are done over HTTPS (TCP port 443) connections. HP RSSWM uses a HP CA signed X.509
digital certificate for encryption and authentication with the HP Datacenter. HP CA certificates can be
verified using the VeriSign Certificate Authority.
Remote Support Client
The Remote Support Client is primarily responsible for providing secure and reliable communications with
the HP Remote Support Data Center to deliver hardware event information and configuration collection
data. Additionally, this component integrates as an HP SIM plug-in to provide the customer with an
integrated remote support user experience. This component is configured via the Remote Support
Configuration and Services option in HP SIM.
Installation and Setup
The Remote Support Client is installed via the Install Then Manage (ITM) software kit, and subsequently
managed via the Remote Support Software Management (RSSWM) application. The client installation
creates necessary application folders and establishes a local SYSTEM service. Access to the application
folders is write-restricted to Power Users and those in the Administrators group. The client has no
communications with the HP Data Center until it is configured via the HP SIM plug-in user interface.
During setup, the installer will be asked to enter company, contact and connection information. If the client
needs to access the public Internet via a proxy server, the installer can enter the relevant connection and
HP Insight Remote Support Advanced and Remote Device Access (A.05.80)Page 22 of 97