A.05.80 HP Insight Remote Support Advanced and Remote Device Access Security Overview (October 2012)
Security Overview
Chapter 3: Remote Device Access (RDA)
specifically grant access and provide the access credentials to the HP engineer before the connection to
the target device can be established.
Figure 3.2. Instant CAS (iCAS)
Access Control Details
Access control on the HP side
HP manages all remote access customers in an internal web application called Remote Access Portal
(RAP). Customers and their connection details are centrally and securely managed via the RAP user
interface. Every customer connection is associated with a unique set of access rights allowing the HP
Account Team to restrict HP access to customer remote access information. Customer connection
information, configuration details and access credentials are stored in an encrypted Remote Connectivity
Database located in a secure HP data center facility.
An HP Support specialist must authenticate to the HP RDA Infrastructure using his or her HP issued
X.509 digital certificate, internally called Class A DigitalBadges, that employ two-factor authentication.
The HP support specialist must have a physical ActivKey or ActivCard which is enabled by a password or
passphrase. This is a physical hand held token issued to appropriate HP support personnel and issuance
is controlled by HP business and security policies.
An HP support specialist must be granted permission to access a customer in RAP before they can see
the connection details necessary to initiate a remote access session to a CAS on a customer network. If
they are not able to see the connection details, they must contact the HP account owner and request
access to the customer network in RAP.
Figure 3.3. Remote Access Connection System Details
HP Insight Remote Support Advanced and Remote Device Access (A.05.80)Page 42 of 97