Manualshelf

HP Imaging and Printing Security Center 2.0 - Instant-On Security

ManualsBrandsHP ManualsSoftwareHP Imaging & Printing Security Center E-LTU - 1000 Device License
26272829303132333435
34
Announcement Message Summary
The device Announcement Message is always sent using the most secure authentication
method the device is configured for. When the Device Announcement Agent is set for
Require Mutual Authentication via Certificates, only trusted SSL/TLS authentication
is allowed. When set, the Announcement Message requires valid identity and CA
certificates be installed on the device. If this requirement is not met, the announcement is not
sent. In addition, if the Instant-On configuration server certificate is determined to be invalid,
the device will cease to contact the server, until the next announcement scenario presents
itself. In either case, mutual authentication is denied and DAA status will show Fail.
Initial Assessment Policy Use Case
The policy used in the Instant-On Security feature is labeled as the Initial Assessment Policy
and as a best practice should always reflect the minimum device security required for all
devices participating in Instant-On. Devices participating in Instant-On for the first time will
always receive this initial policy. The device will continue to receive the initial policy during
Instant-On unless that device was later assessed with a policy other than the Initial
Assessment Policy. In this case, that particular policy will be applied the next time the
device enters into an Instant-On scenario. IPSC keeps track of the policy the device was last
assessed with and will always apply that policy during Instant-On.
PART 3 – SUMMARY
Instant-On Security is a high value feature of HP Imaging and Printing Security Center.
Enabling this feature allows supported devices to be automatically discovered, assessed and
remediated with the configured security policy when first placed on the network. When
security configuration loss scenarios are experienced by the device after placement on the
network, Instant-On Security automatically keeps the device secure by remediating the
settings that are out of compliance with the security policy. Used in conjunction with
frequently scheduled assessment and remediation tasks, the supported fleet can be kept
security policy compliant with minimal to no manual intervention. Instant-On supported
devices announce themselves directly to the IPSC server (mutual authentication is an option)
and do not require special network configuration for successful operation. Instant-On
supported devices are a subset of IPSC supported devices. See Figure 39 below for a
summarized representation of the Instant-On process.
FIGURE 39