HP Insight Remote Support Advanced and Remote Device Access Security Overview for A.05.70 HP Part Number: 5900-1735 Published: October 2011, Edition 5.
© Copyright 2009 – 2011 Hewlett-Packard Development Company, L.P. Legal Notices Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice.
Table of Contents About This Document...................................................................................11 1 Publishing History..............................................................................................................................11 2 Document Organization......................................................................................................................11 3 Related Documents.............................................................................
2.13.1 2.13.2 2.13.3 2.13.4 2.13.5 2.13.6 2.13.7 2.13.8 SSL.......................................................................................................................................34 Cookies................................................................................................................................34 Passwords.............................................................................................................................34 Operating System dependencies..........
C.7 NonStop Managed Systems.............................................................................................................59 C.8 OpenVMS Alpha Managed Systems.................................................................................................59 C.9 OpenVMS Integrity Managed Systems...............................................................................................60 C.10 ProLiant Citrix Managed Systems.....................................................................
List of Figures 2-1 2-2 3-1 3-2 3-3 3-4 3-5 3-6 3-7 3-8 A-1 A-2 Insight Remote Support Advanced Architecture....................................................................................16 Proactive Services System Architecture................................................................................................33 Virtual CAS....................................................................................................................................40 Instant CAS (iCAS)...............
List of Tables 2-1 B-1 C-1 C-2 C-3 C-4 C-5 C-6 C-7 C-8 C-9 C-10 C-11 C-12 C-13 C-14 C-15 C-16 D-1 D-2 D-3 D-4 D-5 D-6 E-1 E-2 E-3 E-4 G-1 G-2 G-3 G-4 G-5 Redundant data center settings.........................................................................................................26 Standard Operating System Connectivity - Firewall/Port Requirements....................................................53 CMS Connectivity - Firewall/Port Requirements....................................................
About This Document 1 Publishing History Manufacturing Part Number Edition Number Publication Date 5992-5383 1.3 August 2009 5900-0564 2.0 January 2010 5900-0564 2.1 May 2010 5900-0566 3.0 August 2010 5900-1610 4.0 April 2011 5900-1735 5.0 October 2011 2 Document Organization • Chapter 1: “Executive Overview” • Chapter 2: “HP Insight Remote Support Advanced” • Chapter 3: “Remote Device Access (RDA)” • Appendix A: “X.
Refer to http://www.hp.com/go/insightremoteadvanced-docs • HP Systems Insight Manager User Guide This document provides an overview of the security features available in the HP Systems Insight Manager framework. Refer to http://h18004.www1.hp.com/products/servers/management/hpsim/infolibrary.html • WEBES User Guide This document provides information about the features of WEBES, SEA, and CCAT and explains how to operate the software. Refer to http://h18023.www1.hp.
1 Executive Overview Today’s IT department plays a central role in meeting business objectives. Leveraging your IT infrastructure investments and improving overall system availability and utilization are crucial in today’s business environment. HP Insight Remote Support Advanced simplifies the management of highly diverse IT environments by providing a single remote monitoring and support solution for multiple operating systems and technologies, thereby reducing cost and complexity.
2 HP Insight Remote Support Advanced This chapter provides an overview of the security features available in HP Insight Remote Support Advanced. Insight Remote Support Advanced is designed to collect reactive and proactive event data from servers and storage devices using the various network protocols described in this paper.
• Event Log Monitoring Collector (ELMC) • Remote Support Configuration Collector (RSCC) • Remote Support Configuration Collector Extension (RSCCE) • Advanced Configuration Collector Commands and Rules • Unreachable Device Notification (UDN) • Remote Support Network Component (RSNC) • Multivendor and Application Adapter (MVAA) NOTE: Only components that communicate outside of the CMS require security considerations and are included in the document.
2.3.1 Application Security HP Insight Remote Support Advanced is a plug-in component that utilizes an existing customer server (known as the Central Management Server or CMS) with HP Systems Insight Manager (HP SIM) installed. Since the CMS is customer-owned and installed, it can be installed and configured according to the customer’s IT security policy. It is important that the integrity and authenticity of the Insight Remote Support Advanced software is maintained to prevent unauthorized changes.
2.4.
constrained by a unique customer identifier . This insures that information is only available to authorized (and authenticated) users. Data is kept for varying lengths of time: Mission Critical server data is kept for 6 months, warranty data is kept for 1 week, SAN configuration information and event data is kept for 6 months. Hardware event details are kept for 6 months. 2.4.3 Data Privacy HP respects customer privacy and is committed to ensuring that all customer information is protected.
to authenticate the Central Management Server. Note that the managed system must have a copy of the CMS SSL certificate imported into the Web agent and be configured to “trust by certificate” to validate the digital signature. STE uses TCP port 2381. • SSH The Secure Shell (SSH) protocol is an application-layer protocol which permits secure remote access over a network from one computer to another.
identified, all other data transfers use HTTPS, a secure protocol. HTTP typically uses TCP port 80; however some HP SIM components may use other TCP ports, in particular 5988 for WBEM. • ICMP Internet Control Message Protocol (ICMP), or IP protocol 1, is a network-layer control protocol that is considered to be an integral part of IP, it is architecturally layered upon IP, i.e., it uses IP to carry its data end-to-end just as a transport protocol like TCP or UDP does.
allow for TCP communications for a more reliable transmission of data. Alternate ports may also be used. • TCP Transmission Control Protocol (TCP), or IP protocol 6, is a transport-layer protocol that provides reliable in-order delivery of data. TCP is described in RFC 793. • Telnet Telnet is an application-layer protocol that was developed for providing remote terminal sessions. Some older storage devices, routers, switches, and other devices will support only telnet for network access.
NOTE: For further details, refer to the HP Insight Remote Support Advanced Central Management Server Configuration Guide available at http://www.hp.com/go/insightremoteadvanced-docs. NOTE: For a complete description of system requirements, see the A.05.70 Insight Remote Support Advanced Release Notes available at http://www.hp.com/go/insightremoteadvanced-docs. 2.7 Remote Support Software Manager (RSSWM) 2.7.
encryption and authentication with the HP Datacenter. HP CA certificates can be verified using the VeriSign Certificate Authority. 2.8 Remote Support Client The Remote Support Client is primarily responsible for providing secure and reliable communications with the HP Remote Support Data Center to deliver hardware event information and configuration collection data. Additionally, this component integrates as an HP SIM plug-in to provide the customer with an integrated remote support user experience.
IMPORTANT: The implementation of HP-UX Advanced Configuration Collector (via SMH) introduces a potential privilege elevation security vulnerability for the monitored HP-UX servers. Once the SMH Certificates are exchanged between SMH and HP SIM, any HP SIM user with permissions to view the device status (in HP SIM) has the ability to execute privileged user commands on the HP-UX server as the root user. 2.8.4 HP Transport Security The Insight Remote Support Client uses a VeriSign CA signed server-side X.
2.9.1 Global Server Load Balancing (GSLB) GSLB uses DNS to return the IP address of an available server. Subsequent DNS queries may return different IP addresses based on server load and availability. Thus, the actual IP addresses returned will vary over time as servers are taken in and out of service. HP has limited the number of IP addresses that will be used in these DNS aliases so that network administrators can configure packet filtering firewalls appropriately. 2.9.
C:\Program Files\HP\RemoteSupport\bin> iseeinterfaces.exe -send_support_information -test_event 9F0C94C1-5515-4328-A6C4-CE68FA7A103C A successful run will return a globally unique identifier (GUID) as shown in the example. Any other return value is a failure. 2.9.4.2 Remote Support Software Management data center If the IP addresses were configured in the firewall, connectivity for RSSWM can be verified as follows: With a web browser on the CMS/host device, connect to the following RSSWM software URLs.
system-specific access credentials are usually used, that is, the customer need not divulge administrator or root passwords. • Proprietary Collection (Level 3): Utilize proprietary agents and/or processes hosted by the endpoint device’s operating system to deliver differentiating services, for example, performance information, operating system command output, log file contents, and agent data. Privileged access credentials are required.
NOTE: Only one instance of WEBES per CMS is required for enterprise-wide monitoring regardless of the product to be monitored. • WEBES Director The Director is a required WEBES process (or set of processes) that runs continuously. The Director manages a system - either a standalone system or a node in a cluster - on behalf of WEBES, and executes functionality added to it by individual WEBES tools.
event and data collections from XP Continuous Track (C-Track) on the XP Service Processor (SVP). XP AIM performs the following functions: • Proactively informs remote HP support personnel about potential XP issues by sending them incident/event data for analysis. • Transfers array enhanced configuration files and configuration change event bundles for remote HP support personnel access, whenever the a configuration change is detected.
to solicit an ICMP echo replies from the devices. UDN events are sent to HP via an SSL/TLS connection (HTTPS over TCP 443). Email notifications can be sent locally using SMTP on TCP 25. • StorageWorks P4000 Centralized Management Console (CMC) The CMC application is used to configure individual P4000 storage nodes, as well as for creating volumes, snapshots, remote copies, and storage clusters of multiple P4000 storage nodes.
• SNMP Traps WEBES analyzes SNMP traps that are sent to it. As part of this analysis, WEBES may connect back to the SNMP agent to get additional information about the device as described below in configuration information. • Object of Service Data Information about the entitlement parameters (serial number, product number, contract IDs, etc) are collected for every device WEBES monitors. In addition, contact and location information for these devices is collected as well.
Figure 2-2 Proactive Services System Architecture 2.12.
and log the event. Credentials can be regenerated and exchanged between CMS nodes and managed systems using the System Insight Manager command line and certificate import and export utilities. 2.13 Browser security 2.13.1 SSL All communication between the browser and the CMS or any managed server occurs using HTTP over SSL, i.e., HTTPS. Any navigation using HTTP (not using SSL) is either denied or automatically redirected to HTTPS. 2.13.
2.13.5 Data Collection Scripts If creating operating system accounts exclusively for HP Systems Insight Manager accounts, give users the most limited set of operating system privileges necessary to accomplish the required function. Any root or administrator accounts should be properly guarded. Configure all password restrictions, lock-out policies, and user profiles, in the operating system. 2.13.
3 Remote Device Access (RDA) 3.1 Executive Overview Remote Device Access (RDA) is a support solution that enables the delivery of HP remote support services over the Internet or other connectivity methods. Today, many security-sensitive transactions, such as e-commerce, stock trades, and online banking, are executed securely over the Internet using the same security technology utilized in RDA by HP.
NOTE: The ISDN Connectivity option is not available in all countries. Most of the Entitled Remote Access solutions leverage the end-to-end encryption and application tunneling capabilities of SSHv2. While using SSHv2 is strongly recommended, some versions of Entitled Remote Access can be configured without SSHv2. Not using SSHv2 can lower the security profile and limit the functionality of the RDA solution. 3.
TIP: To learn more about HP Insight Remote Support Solutions please visit: http://h18013.www1.hp.com/products/servers/management/hpsim/index.html. A CAS may be implemented on any customer-owned system capable of running a compatible SSH server. HP also offers a virtualized CAS (vCAS) solution that can be used to manage HP access into a customer environment. 3.4.1.1 Customer-owned CASii The customer may choose to provide their own CAS. The primary requirement is a functional SSH server such as OpenSSH.
Figure 3-1 Virtual CAS 3.5 HP Instant Customer Access Server (iCAS) HP Instant Customer Access Server (iCAS) is a lightweight connection tool that allows an HP support agent to quickly and securely connect to a customer's environment to aid in diagnosis and repair of supported hardware devices. The customer runs the iCAS software run as a browser plug-in on any Windows or Linux desktop with Internet access and network access to the device the HP support engineer is attempting to access.
Figure 3-2 Instant CAS (iCAS) 3.6 Access Control Details 3.6.1 Access control on the HP side HP manages all remote access customers in an internal web application called Remote Access Portal (RAP). Customers and their connection details are centrally and securely managed via the RAP user interface. Every customer connection is associated with a unique set of access rights allowing the HP Account Team to restrict HP access to customer remote access information.
Figure 3-3 Remote Access Connection System Details A Remote Access Connection System (RACS) is an SSH server that can forward an SSH connection to an appropriate CAS. When the HP support specialist connects and is authenticated to the RACS, the SSH server on the RACS checks the security token issued by the RAP to ensure that the support specialist is allowed to connect to customer’s IP address. Upon successful authorization, the RACS will forward the SSH connection to the HP routing device.
whom from HP connects to their network and then controls where they can go and what they are allowed to do. The third layer is the login credentials on the target system that must be known by the HP support specialist, typically pre-shared or shared on demand by the customer to HP either via phone or using a different secure communication channel. 3.7 Connectivity Method: SSH-Direct – Secure Shell over Internet The direct SSH option provides a simple and easy unattended RDA solution.
Figure 3-5 General IPsec VPN Access with SSH Figure 3-6 General IPsec VPN Access Without SSH 44 Remote Device Access (RDA)
3.8.1 hpVPN With hpVPN, HP provides a router to the customer. The router is deployed in the customer’s DMZ. HP’s VPN router establishes an IPsec VPN connection with a so called Customer Premises Equipment (CPE) router, at the customer’s site. HP maintains the software and router configurations on both ends. Currently, all hpVPN connections use triple-DES or AES encryption and SHA-1 HMAC. The access lists on the CPE routers allow only connections from authorized HP systems.
HP Virtual Support Room is a secure private protected online meeting place for two or more meeting participants. The VSR meeting session involves two or more users virtually meeting in a Virtual Support Room and sharing a desktop for collaboration purposes. The collaboration session is initiated by an HP support specialist. The HP support specialist will generate room keys for the Virtual Support Room and share those keys via email or phone with the customer.
with other HP entities and business partners who are providing the services described in the Remote Support Documentation and who might be located in other countries. Suppliers and service providers are required to keep confidential the information received on behalf of HP and may not use it for any purpose other than to carry out the services they are performing for HP. Our privacy practices are designed to provide protection for your personal information, all over the world.
two systems. In tunnel mode, IPsec can be used to provide VPN connectivity over insecure networks. A typical IPsec deployment uses two protocols: either Encapsulating Security Payload (ESP) or Authentication Header (AH), which are IP protocols, and ISAKMP. Note that AH is seldom used as it does not provide encryption. • ISAKMP Internet Security Association and Key Management Protocol (ISAKMP) is an application-layer IPsec protocol used for negotiating encryption keys. It is run over UDP port 500.
A X.509 Certificates and Insight Remote Support Advanced A.1 Overview An X.509 certificate contains a public key that can be used to check the validity of a digital signature. This digital signature verifies the authenticity of a document, a message, another X.590 certificate, or any datum of interest. The digital signature is generated using the X.509 certificate’s corresponding private key. X.509 certificates are the basis of trust in most secure Internet protocols, the most pervasive being SSL and TLS.
the issuer’s certificate is found and it verifies the server certificate’s signature, the verification process continues. 4. The issuer’s certificate must now be verified. There are two ways this can go: a. If the issuer’s certificate is a CA root certificate, the client must have a copy of it for verification. The client cannot rely on a root certificate that was sent along with a server certificate. b.
A.4 CRL Checking The RSC can optionally check each certificate in the chain for revocation. At least three methods are used: 1. Checking a local copy of the associated CRL 2. Checking a copy of the associated CRL available in an LDAP database 3. Querying a certificate status server using the Online Certificate Status Protocol (OCSP) The CRL Distribution Point attribute of an X.509 certificate is a Uniform Resource Identifier (URI) list that indicates where the CRL can be located.
B Summary of Network Ports for Standard Operating System Connectivity The following tables summarize all ports that might be used in Insight Remote Support Advanced for Standard Operating System Connectivity. See Table B-1 for ports that are required for basic system operation. B.
C Summary of Network Ports for Servers The following tables summarize all ports that might be used in Insight Remote Support Advanced for Servers. See Table B-1 for ports that are required for basic system operation. C.1 Central Management Server (CMS) Table C-1 CMS Connectivity - Firewall/Port Requirements Protocol Ports Source Destination TCP 25 CMS TCP 443 or web proxy port TCP Function Configurable Optional Customer-Designated Email notifications SMTP Server No Required CMS rsswm.
Protocol Ports Source Destination Function Configurable Optional TCP 7903 Customer's Web Browser CMS Communication between SEA's No applet (running inside the web browser) and the Director. Optional TCP 7906 Customer's Web Browser CMS Secure HTTP (HTTPS) port used No by the listener running in the Director's Web Interface. The Web browser connects to this port in the URL (e.g. https://target.sys.name.here:7906) Optional UDP 162 Managed Systems CMS SNMP Trap.
C.3 Integrity Linux Managed Systems Table C-3 Integrity Linux Connectivity - Firewall/Port Requirements Protocol Ports Source Destination Function Configurable Optional TCP 5989 CMS Managed Systems Secured WBEM CI-MOM protocol over HTTPS/SOAP. This port is used to communicate with WBEM end point nodes. Yes Required TCP 7906 Managed Systems CMS Secure HTTP (HTTPS) port used by the No listener running in the Director's Web Interface. The Web browser connects to this port in the URL (e.g.
Protocol Ports Source UDP 137 UDP Destination Function Configurable Optional Managed Systems CMS NETBIOS Name Service. Used by DCOM, and hence, Windows Management Interface (WMI) and WEBES No Required 138 Managed Systems CMS NETBIOS Datagram Service. Used by No DCOM, and hence, Windows Management Interface (WMI) and WEBES Required UDP 162 Managed Systems CMS SNMP Trap. This is the standard port No used by SNMP managers for listening to traps.
Protocol Ports Source UDP 445 ICMP N/A Destination Function Configurable Optional Managed Systems CMS Microsoft File Sharing. Used by DCOM, and hence, Windows Management Interface (WMI) and WEBES No Required CMS Provides system reachability (ping) No check during system discovery and before other operations. Note that HP SIM can be configured to use TCP port 5989 to simplify firewall settings. Managed Systems Recommended C.
Protocol Ports Source Destination Function Configurable Optional TCP 7920 CMS Managed Systems The WEBES ELMC (formerly No WCCProxy) process communicates with the Director on this port. This is a proprietary protocol. Any connections that exchange username and passwords use SSL. Not all connections are SSL. Required UDP 161 CMS Managed Systems SNMP. This is the standard port used No by SNMP agents on managed systems. The CMS sends requests to devices on this port.
C.10 ProLiant Citrix Managed Systems Table C-10 ProLiant Citrix Connectivity - Firewall/Port Requirements Protocol Ports Source Destination Function UDP 161 CMS Managed Systems SNMP. This is the standard port used No by SNMP agents on managed systems. The CMS sends requests to devices on this port. Required UDP 162 Managed Systems CMS SNMP Trap. This is the standard port No used by SNMP managers for listening to traps.
Protocol Ports Source TCP 135 TCP 139 TCP Destination Function Configurable Optional Managed Systems CMS DCE endpoint resolution. Used by DCOM, and hence, Windows Management Interface (WMI) and WEBES No Required Managed Systems CMS NETBIOS Session Service. Used by DCOM, and hence, Windows Management Interface (WMI) and WEBES No Required 49152-65535 Managed Systems CMS Windows Server 2008 Windows No Management Interface (WMI) Communications DCOM dynamic port assignment.
C.14 ProLiant VMWare ESXi Managed Systems Table C-14 ProLiant VMWare ESXi Connectivity - Firewall/Port Requirements Protocol Ports Source Destination Function Configurable Optional TCP 5989 CMS Managed Systems Secured WBEM CI-MOM protocol over HTTPS/SOAP. This port is used to communicate with WBEM end point nodes. Yes Required TCP 135 Managed Systems CMS DCE endpoint resolution.
C.15 ProLiant Windows Server Managed Systems Table C-15 ProLiant Windows Server Connectivity - Firewall/Port Requirements 64 Protocol Ports Source Destination Function Configurable Optional TCP 5989 CMS Managed Systems Secured WBEM CI-MOM protocol over HTTPS/SOAP. This port is used to communicate with WBEM end point nodes. Yes Required TCP 135 Managed Systems CMS DCE endpoint resolution.
C.16 Tru64 UNIX Managed Systems Table C-16 Tru64 UNIX Connectivity - Firewall/Port Requirements Protocol Ports Source Destination Function Configurable Optional TCP 7920 CMS Managed Systems The WEBES ELMC (formerly No WCCProxy) process communicates with the Director on this port. This is a proprietary protocol. Any connections that exchange username and passwords use SSL. Not all connections are SSL.
D Summary of Network Ports for Storage The following tables summarize all ports that might be used in Insight Remote Support Advanced for Storage. See Table B-1 for ports that are required for basic system operation. D.1 StorageWorks MSA1000/1500 Storage Systems Table D-1 StorageWorks MSA1000/1500 Storage Systems Connectivity - Firewall/Port Requirements Protocol Ports Source Destination Function Configurable TCP 23 CMS Managed Systems Telnet (unencrypted).
Protocol Ports Source Destination UDP 162 Managed Systems CMS SNMP Trap. This is the standard port No used by SNMP managers for listening to traps. Required ICMP N/A CMS Provides system reachability (ping) No check during system discovery and before other operations. Note that HP SIM can be configured to use TCP port 5989 to simplify firewall settings. Recommended Managed Systems Function Configurable Optional D.
Protocol Ports Source Destination Function Configurable ICMP N/A CMS Managed Systems Provides system reachability (ping) No check during system discovery and before other operations. Note that HP SIM can be configured to use TCP port 5989 to simplify firewall settings. Optional Recommended D.
E Summary of Network Ports for Networking The following tables summarize all ports that might be used in Insight Remote Support Advanced for Networking. See Table B-1 for ports that are required for basic system operation. E.1 E-Series Switch Managed Systems Table E-1 E-Series Switch Connectivity - Firewall/Port Requirements Protocol Ports Source Destination Function Configurable Optional UDP 161 CMS Managed Systems SNMP. This is the standard port used No by SNMP agents on managed systems.
Protocol Ports Source Destination Function Configurable Optional UDP 161 CMS Managed Systems SNMP. This is the standard port used No by SNMP agents on managed systems. The CMS sends requests to devices on this port. Optional UDP 162 Managed Systems CMS SNMP Trap. This is the standard port No used by SNMP managers for listening to traps. Optional E.
F Revision History for Insight Remote Support Advanced Network Ports This section describes firewall configuration changes that have occurred between releases of Insight Remote Support Advanced. F.1 A.05.40 The following port changes have been made for A.05.40: • EVA: SNMP ports 161 and 162 changed from "Optional" to "Recommended". • Integrity Linux: SNMP 161 and 162 changed from "Optional" to "Required". • ProLiant: SNMP ports 161 and 162 changed from "Optional" to "Required for Linux". F.2 A.05.
• StorageWorks MSA1000/1500: Added new table. • StorageWorks MSA23xx: Added new table. • StorageWorks P4000: Added TCP port 5989 for CMC. • StorageWorks P6000 (EVA) Storage Systems: Changed product name from EVA to P6000; added TCP port 7906; removed TCP ports 445 and 5988; changed UDP ports 161 and 162 from "Recommended" to "Optional". • StorageWorks Tape Libraries: Added new table. • StorageWorks XP Array: Moved RDA ports to RDA table.
G Summary of Network Ports for Remote Device Access The following tables summarize all ports that might be used in Remote Device Access. See Table B-1 for ports that are required for basic system operation. G.
Protocol Ports Source Destination UDP 123 Virtual CAS TCP 80 or web proxy port TCP Function Configurable Optional Network Time Server Network Time Protocol No Recommended Virtual CAS onsitecrl.verisign.com HTTP (Unencrypted) Daily fetch or Web Proxy of HP Class 2 CA certificate revocation list (CRL) No Recommended 80 Virtual CAS onsite-ocsp.verisign.
Protocol Ports Source Destination Function Configurable Optional TCP 5631 CAS XP SVP pcAnywhere data connection Yes for accessing XP SVP. In case of XP1024/XP128, Pcanywhere is the only option to access SVP since RDC is not supported for Win2k. Engineers may have to first login to XPSVP using pcanywhere to know which CMS the XP is pointed. Optional UDP 5632 CAS XP SVP pcAnywhere status for accessing Yes XP SVP Optional G.
H Revision History for Remote Device Access Network Ports This section describes firewall configuration changes that have occurred between releases of Remote Device Access. H.1 Virtual CAS 8.12 Virtual CAS version 8.12 was the first release. H.2 Virtual CAS 9.10 There were no port changes for this release. H.3 Virtual CAS 10.03 There were no port changes for this release. H.4 Virtual CAS 10.06 The following port changes have been made for Virtual CAS 10.06: • Added ports for syslog.
I Recommended Firewalls HP recommends the following firewalls: Vendor Support URL 3COM http://www.3com.com/services Check Point https://supportcenter.checkpoint.com/ Cisco http://www.cisco.com/cisco/web/support/index.html Juniper Networks http://www.juniper.net/support Nortel http://www.nortel.com/support ProCurve http://www.procurve.com/customercare/index.htm Stonesoft http://www.stonesoft.com/support/ For unlisted firewalls, contact the manufacturer for support.
Glossary Advanced Configuration Collector (ACC) for HP-UX The Advanced Configuration Collector component is made available on the Central Management Server for your convenience. It should be distributed to endpoint server systems that require this client to enable configuration collection in order for HP to provide proactive services. The distribution can be accomplished using the facility in HP SIM or your own software distribution application.
