A.05.80 HP Insight Remote Support Advanced and Remote Device Access Security Overview (October 2012)
Security Overview
Chapter 3: Remote Device Access (RDA)
The customer owns the security policies and access control into his/her environment and can specifically
restrict connections to named HP support personnel and can terminate connections as needed.
The HP Support specialist is also subject to customer’s own access control and security policies in that
the customer must provide login credentials if needed for the device that HP connects to. For example if
the HP support engineer wishes to logon to a UNIX server within a customer network, the customer
provides the logon name and controls what activities, the HP support agent can perform. In this way the
customer oversees whom from HP connects to their network and then controls where they can go and
what they are allowed to do.
The third layer is the login credentials on the target system that must be known by the HP support
specialist, typically pre-shared or shared on demand by the customer to HP either via phone or using a
different secure communication channel.
Connectivity Method: SSH-Direct – Secure Shell
over Internet
The direct SSH option provides a simple and easy unattended RDA solution. The customer need only
provide HP with an Internet Routable IP address for the CAS and allow one or more of the HP access
servers to access it on TCP port 22. The SSH-2 protocol is considered as secure as SSL because it uses
comparable encryption ciphers.
Figure 3.4. SSH Direct
HP Insight Remote Support Advanced and Remote Device Access (A.05.80)Page 44 of 97