Automated Remote Support Security With TSM and OSM on NonStop Servers

ManualsBrandsHP ManualsServerHP Integrity NonStop Service Information

HP NonStop S-Series and NS-Series Server Automated Remote Support

Page 1 of 7

Automated Remote Support Security With TSM or OSM on the HP

NonStop™ S-Series and NS-Series

Introduction

Automated Remote Support is a service offered

as a part of standard warranty and basic service

agreements that help ensure the optimal

performance and availability of HP NonStop™

Servers.

Automated Remote Support (ARS):

• Continuously monitors system hardware

and software

• Proactively identifies problems which

may lead to outages

• Automatically reports problems to the

service provider, usually the HP Global

Mission Critical Solution Centre

(GMCSC)

• Speeds resolution through secure

remote diagnosis and expert support

Automated Remote Support is implemented on

NonStop™ S-Series and NS-Series servers

using either TSM (Total System Management) or

OSM (Open System Management), along with an

integrated set of Microsoft Windows clients and

NSK-based server applications running in a

private LAN environment. (NSK is the NonStop

Kernel Operating System.)

This paper focuses on the multiple levels of

security built into TSM and OSM and the

Automated Remote

Support service that enable remote sessions

while protecting system security.

In this document, the term NSK security is used

to indicate that NSK security is presented with a

username and password, and NSK security

functions determine whether the user is

recognized. HP Safeguard, an additional security

product, is NOT required, but if it is in use, NSK

security will work with it.

For information on K-Series implementation of

Automated Remote Support and related security

measures, please see Appendix A.

General Remote Support Architecture

Automated Remote Support can be configured

for automatic notification and/or remote access:

• Automatic notification (dial-out)

allows TSM or OSM to notify the

GMCSC of pending hardware and

software problems

• Remote access (dial-in) allows the

GMCSC to dial into the NonStop™ S-

Series or NS-Series server to diagnose

hardware or software problems

Implementing Automated Remote Support

requires a number of hardware and software

components both at your site and at the GMCSC.

The components are:

• A NonStop™ S-Series or NS-Series

server running the NSK TSM or OSM

Server

• A local S-Series or NS-Series System

Console (NSC Console) connected to

your NonStop™ S-Series or NS-Series

server(s) via a private LAN for modem-

based dial-in and dial-out and internet

event forwarding*

• Remote support at the GMCSC to

receive automatic notification of

problems (dial-out), and when required

and authorized, to conduct remote

access (dial-in) diagnostic sessions

* - ISEE is detailed later in the document.

The figure below depicts the remote support

environment and highlights (in green boxes) the

layers of security controls:

1. Physical (turn-off, password)

2. Communications (proper modem,

proper protocol)

3. Windows NT workstation remote user

access permission (requires configuring

a user to allow remote access)

4. Windows NT username/password

5. Microsoft NetMeeting

6. NSK configuration and control

7. NSK operating system access

8. NSK operating system password

9. Registration/Secure UserID/Password

Summary of content (7 pages)

PAGE 1
HP NonStop S-Series and NS-Series Server Automated Remote Support Automated Remote Support Security With TSM or OSM on the HP NonStop™ S-Series and NS-Series Introduction Automated Remote Support is a service offered as a part of standard warranty and basic service agreements that help ensure the optimal performance and availability of HP NonStop™ Servers.
PAGE 2
HP NonStop S-Series and NS-Series Server Automated Remote Support Remote support access is isolated by the NSC Console, which Serves as a firewall. There is no direct access to the NonStop™ S-Series or NSSeries server. Multiple S-Series or NS-Series servers can be managed by a single NSC Console, providing a single point of secure access for remote support. Automated Notification Process and Security A.
PAGE 3
HP NonStop S-Series and NS-Series Server Automated Remote Support 1. 2. 3. Actively authorize each notification Automatically authorize reporting of all IRs without user intervention Choose, by IR type, which ones are to be automatically reported and which require pre-authorization The notification is over a PPP (Point-to-Point Protocol) connection. The GMCSC system receiving the notifications is accessible only to GMCSC personnel and is separated by a firewall from other HP networks. B.
PAGE 4
HP NonStop S-Series and NS-Series Server Automated Remote Support D. NSC Console Access and Notification Destinations E. Notification Director Application Security The ND application receives, displays, and allows you to take action on Incident Reports. It also allows you to configure remote access and automatic notification information, including sending Incident Reports to the service provider automatically. The Notification Director (ND) handles all of the processing for Incident Reports (IR).
PAGE 5
HP NonStop S-Series and NS-Series Server Automated Remote Support shared security which both MSPs/ME’s (Master Service Processors/Maintenance Entities) provide. Up to eighteen usernames and passwords can be configured for the SP. H. EMS Event Viewer Security The EMS Event Viewer (EV) can be launched from the SC application. The username and password entered in any previous Connect dialog of the SC application are not passed to the EV when it is launched.
PAGE 6
HP NonStop S-Series and NS-Series Server Automated Remote Support and the alarms (if any) on a system. However, with monitoring access, a user cannot perform operations on a system that will affect the resources on that system (short of physically pulling a CRU on a system). Monitoring access is provided with any valid NSK logon. Actions access allows a user to perform operations on a system which may affect the performance or availability of that system.
PAGE 7
HP NonStop S-Series and NS-Series Server Automated Remote Support Example of ISEE incident management for NonStop Servers Customer HP Service Provider (CRG Server) Genesis Operations LAN VPN Hardware from HP Service Internal Network Problem Management ISEE Server Primary NSC To SPG HP External Firewall Incident Genera tion Internet ISEE Client Customer Firewall O SM / N D Software Change Management Services Information SPG Server From NSC modem Backup NSC For more information on ISEE, ple