HP Imaging and Printing Security Center 2.0 - Instant-On Security
22
Detailed Discussion
This section explains the Instant-On configuration server in greater detail, including device
discovery specifics, serial number filtering, database entry, mutual authentication and initial
assessment policy use.
Automatic Device Discovery
As discussed in Part 1, HP supported devices now have the capability of announcing their
presence on the network. This device capability is enabled by default. The Device
Announcement Agent sends an Announcement Message request directly to the Instant-
On configuration server to announce its presence. This is not a broadcasted message. The
device automatically receives the HP IPSC server IP address through resolving the DNS
hostname of hp-print-mgmt or through manual configuration of the Device Announcement
Agent IP address field. See Figure 20 below. The Announcement Acknowledge reply
from the Instant-On configuration server acknowledges receipt of the message and returns
the status of the attempted authentication method.
FIGURE 20
If trusted certificates are not installed or leveraged on either the device or server, the device
uses its self-signed certificate for identification purposes and the server handles
authentication in an anonymous fashion. If trusted certificates are installed and leveraged
on the device and server, mutual authentication can be selected to provide a higher level of
communication security. Mutual authentication can serve as a form of Instant-On Security
device filtering, as well. More authentication discussion is provided later in this section. The
announcement and acknowledge message communication occurs directly over registered
TCP Port 3329 (named port hp-device-disc).