Manualshelf

A.05.70 HP Insight Remote Support Advanced and Remote Device Access Security Overview (October 2011, 5900-1735)

ManualsBrandsHP ManualsSoftwareHP Insight Remote Support Advanced Software
21222324252627282930
2.9.1 Global Server Load Balancing (GSLB)
GSLB uses DNS to return the IP address of an available server. Subsequent DNS queries may return different
IP addresses based on server load and availability. Thus, the actual IP addresses returned will vary over
time as servers are taken in and out of service. HP has limited the number of IP addresses that will be used
in these DNS aliases so that network administrators can configure packet filtering firewalls appropriately.
2.9.2 Firewall/Port Requirements for RSC and RSSWM
To accommodate this change, HP recommends that you configure your firewalls to use URL rules with the
DNS names listed in the table below. With a URL rule configuration, future HP infrastructure changes may
not require any firewall changes.
If your firewall does not support URL rule configuration, you will need to add rules to allow outbound access
to three IP addresses for each of the three aliases in the table below. This enables the redundant data center
offering by letting GSLB return the IP address of the active site. Note that these addresses may change over
time as the HP infrastructure evolves.
Table 2-1 Redundant data center settings
ProtocolIP addressesAliasHP Remote Support Service
HTTPS15.216.12.26
15.217.96.178
15.192.8.184
services.isee.hp.comClient
HTTPS15.193.0.153
15.192.17.239
15.201.40.169
rsswm.software.hp.comSoftware Manager Software
SSL15.193.0.152
15.192.17.238
15.201.40.168
rsswm.policy.hp.comSoftware Manager Policy
2.9.3 How Do I Know That I Am Connecting to HP?
You may have concerns, especially during this transition time, that RSC and RSSWM are actually connecting
to HP and not an impostor. Both RSC and RSSWM use SSL with certificates that can be verified by VeriSign.
Both clients verify the HP data center certificates using either the VeriSign Certification Authority (CA) or the
HP Class 2 CA certificate. Both certificates are shipped with the RSC and RSSWM software. This protects
RSC and RSSWM from DNS and IP address spoofing attacks.
2.9.4 How Do I Verify Connectivity to Each Data Center?
The sections below define procedures for verifying connectivity to the Remote Support and Remote Support
Software Management data centers.
2.9.4.1 Remote Support data center
If the IP addresses were configured in the firewall, connectivity for the RSC can be verified as follows:
With a web browser on the CMS/host device, connect to the following URLs. The response should be a
version number, for example: ##.##.##.###. Note that on rare occasions a system may not be accessible
due to periodic maintenance and upgrade.
https://rsdc-pro1-services.austin.hp.com/version/
https://rsdc-pro2-services.austin.hp.com/version/
https://rsdc-itg1-services.atlanta.hp.com/version/ (The ITG server is for disaster recovery purposes.)
If a URL rule was configured in the firewall, verify connectivity by sending a test event. Execute the following
command from the RemoteSupport\bin directory:
26 HP Insight Remote Support Advanced