A.05.80 HP Insight Remote Support Advanced and Remote Device Access Security Overview (October 2012)
Security Overview
Chapter 2: HP Insight Remote Support Advanced
devices is collected as well. Finally, protocol credentials are captured (SNMP community strings,
WBEM usernames and passwords, Command View usernames and passwords).
All of this information is stored in the WEBES database on the CMS. The entitlement, site, and contact
information is sent to HP when an incident is created. The passwords are encrypted in the database
using 128-bit AES encryption. This information can be entered via the WEBES or HP SIM User
Interface. Both of those interfaces use HTTPS to secure communication between the browser and the
server. In addition, the actual passwords are not sent to the browser, which precludes revealing them
by viewing the source of the page.
Proactive Services
The CMS collects various data from the managed systems for the purpose of delivering proactive support.
Copies of the collected data and events are stored unencrypted on the CMS file system (owned by
Administrator or application users). The data is always encrypted before being transmitted to HP, and
initially stored in an encrypted database in the RSDC. Some data my be stored in an unencrypted
database when it is being used for analysis.
HP internal access to this data is controlled via remote support global groups. If an HP support specialist
needs to access the data, he/she requires manager approval to access customer data. Each user must
adhere to the HP Acceptable Use Policy when interacting with the Insight Remote Support Advanced
solution.
Event data stored at HP is removed after six months, but summary data may be kept up to several years
for historical reporting purposes. Other types of data have different retention policies ranging from strict
six-month aging to the number of copies to be retained. In the latter case, the data may be kept for several
years. Aggregate data may be kept indefinitely.
Remote support aggregate data is available for internal HP use by product divisions, support delivery, and
program teams for quality purposes. Aggregate data contains no identifying information that can be traced
back to a specific customer, this includes MTBF (Mean Time Between Failure) and other reliability
statistics used to gain insight into product and automation quality. Customers may opt in to allow their
data to be used to recommend additional HP products and services, but by default the data will not be
used in this way.
System Architecture
On a scheduled basis, data collection requests are made by RSCC via device plug-ins. The plug-in either
directly or via web application proxies, communicates with the managed system using the protocols
shown in the diagram below including: HTTPS, SSH, Telnet, SNMP, ICMP, and DCOM. Keystores and
truststores are contained on both the central management server and the managed systems in order to
support public and private key encryption and digital certificate based authentication.
Figure 2.2. Proactive Services System Architecture
HP Insight Remote Support Advanced and Remote Device Access (A.05.80)Page 32 of 97