Manualshelf

A.05.70 HP Insight Remote Support Advanced and Remote Device Access Security Overview (October 2011, 5900-1735)

ManualsBrandsHP ManualsSoftwareHP Insight Remote Support Advanced Software
21222324252627282930
IMPORTANT: The implementation of HP-UX Advanced Configuration Collector (via SMH) introduces a
potential privilege elevation security vulnerability for the monitored HP-UX servers. Once the SMH Certificates
are exchanged between SMH and HP SIM, any HP SIM user with permissions to view the device status (in
HP SIM) has the ability to execute privileged user commands on the HP-UX server as the root user.
2.8.4 HP Transport Security
The Insight Remote Support Client uses a VeriSign CA signed server-side X.509 certificate for authentication
and confidentiality of Insight Remote Support Advanced data in transit between the CMS and the HP Remote
Support Data Center.
When initial setup is complete, the Remote Support Client will register itself with the HP Data Center. This
registration is performed over an HTTPS connection and includes the company and contact data entered in
the
Remote Support Configuration and Services
HP SIM user interface as well as a set of CMS device attributes
(the same information as is collected for remote support devices). The CMS data is used to uniquely identify
the client instance. The HP registration service creates, encrypts and digitally signs a unique registration
token that is returned to the client and stored on the file system at
<Client Install Location>\config\.isee_token
Each subsequent communication from the client will include the registration token and a new collection of
CMS identification data. The token is verified and checked against the CMS data to authenticate the client.
If a discrepancy is uncovered during authentication, the client will re-register itself to ensure that the operation
can continue and the HP application support team will be notified.
2.8.5 Communication with HP Data Center
2.9 Redundant HP Data Centers
The HP Insight Remote Support Data Center consists of two fully redundant database instances located in
two separate HP Data Centers. Redundant data centers provide resiliency for both the Insight Remote Support
Advanced data transport and the Remote Support Software Management communications. Global Server
Load Balancing is used to provide load balancing and resiliency across multiple data centers.
2.9 Redundant HP Data Centers 25