A.05.80 HP Insight Remote Support Advanced and Remote Device Access Security Overview (October 2012)
Security Overview
Chapter 3: Remote Device Access (RDA)
Data Privacy
HP is committed to protecting Customer privacy. Personal information provided to HP and any data
collected by this RDA tool or other associated tools and utilities will not be shared with third parties. It
might be shared with other HP entities and business partners who are providing the services described in
the Remote Support Documentation and who might be located in other countries. Suppliers and service
providers are required to keep confidential the information received on behalf of HP and may not use it for
any purpose other than to carry out the services they are performing for HP. Our privacy practices are
designed to provide protection for your personal information, all over the world. See the HP Worldwide
Privacy Statement at http://welcome.hp.com/country/us/en/privacy/worldwide_privacy.html.
Remote Device Access Security Details
Outbound Security
All HP RDA Solutions are designed to be used for inbound access from HP to customer networks. All
RDA Solutions, with the exception of the Virutal CAS, do not initiate outbound connections without direct
user interaction. Confidentiality for outbound connections is provided by the connection service (SSL over
HTTPS, SSH, IPSec etc). Authentication mechanisms can vary from solution to solution, but all solutions
are designed to insure the privacy and security of all parties. The Virtual Customer Access System
(vCAS) initiates outbound connections to VeriSign.com to validate certificates, using either OCSP to
check the CRL status of an individual certificate, or HTTP to periodically fetch the entire CRL for the HP
Class 2 Certification Authority. The Virtual CAS also periodically connects to the HP repository server
using HTTPS to check for and fetch software updates.
Inbound Security
Remote device access requires an inbound connection from HP to a customer-designated access server.
HP understands that IT security policies within organizations vary considerably. Therefore, HP offers a
number of remote access solutions (depending on the service level agreement) designed to meet
customer’s security requirements. All of HP solutions use standard techniques that include SSH, IPsec,
and HTTPS. HP offers both hardware and software solutions which can be configured to ensure that the
customer is always in control of the connection. HP also has options that allow the customer to view and
monitor a support specialist’s activities.
All HP support specialists must adhere to the same standards of business conduct as onsite HP
engineers, and are only allowed to initiate a connection with the customer’s approval and a valid business
need. Access restrictions can be placed on specific connection profiles to limit HP's access to a subset of
support personnel. Access restrictions can be restricted by region and/or country. It can also be restricted
to HP support personnel for a specific product platform. Access controls can also be restricted to specific
HP personnel. Access controls can be enforced both at HP (before the connection is initiated) and again at
the CAS (see the vCAS solution). This model insures that both the HP Account Manager and the
customer administrator can control HP access to the customer network. Internally, HP uses two-factor
authentication to control access through the HP Remote Access Connectivity (RACS). Additionally, all
connections, attempted and successful, to customer systems are logged.
HP Insight Remote Support Advanced and Remote Device Access (A.05.80)Page 49 of 97