Manualshelf

A.05.80 HP Insight Remote Support Advanced and Remote Device Access Security Overview (October 2012)

ManualsBrandsHP ManualsSoftwareHP Insight Remote Support Advanced Software
31323334353637383940
Security Overview
Chapter 2: HP Insight Remote Support Advanced
Security Credentials
Digital Certificates
Certificates generated by HP Systems Insight Manager and the Web Agents are by default self-signed.
Public Key Infrastructure (PKI) support is provided so that certificates may be signed by an internal
certificate server or a third-party Certificate Authority (CA). In addition, System Management Homepage
also creates self-signed certificates and maintains a key store where it stores these certificates for the
purposes of exchange with CMS nodes.
RSCC utilizes both HP SIM and HP SMH keys for signing and authentication of messages as well as for
browser to system HTTPS access. HP SIM and HP SMH self-signed digital certificates are set to expire
ten years from the time of creation. If a certificate expires, the UC system will sense that the certificate
has expired and log the event. Credentials can be regenerated and exchanged between CMS nodes and
managed systems using the System Insight Manager command line and certificate import and export
utilities.
Browser security
SSL
All communication between the browser and the CMS or any managed server occurs using HTTP over
SSL, i.e., HTTPS. Any navigation using HTTP (not using SSL) is either denied or automatically redirected
to HTTPS.
Cookies
Although cookies are required to maintain a logged in session, only a session identifier is maintained in the
cookie. No confidential information is stored in the cookie. All cookies are marked as secure and therefore
must be transmitted over SSL.
Passwords
All password fields displayed by HP Systems Insight Manager and the Insight Remote Support Advanced
application do not display cleartext passwords. Passwords transmitted between the browser and CMS as
well as between the CMS and managed devices are encrypted using SSL/TLS and transmitted over
HTTPS.
Operating System dependencies
l User accounts and authentication
The HP Systems Insight Manager and Insight Remote Support Advanced system accounts are
authenticated against the CMS host operating system. Any operating system features that affects user
authentication will affect signing into HP Systems Insight Manager and Insight Remote Support
Advanced. The operating system of the CMS can implement a lock-out policy to disable an account
after a specified number of invalid sign in attempts. Additionally, an account can be manually disabled
HP Insight Remote Support Advanced and Remote Device Access (A.05.80)Page 34 of 97