Manualshelf

A.05.70 HP Insight Remote Support Advanced and Remote Device Access Security Overview (October 2011, 5900-1735)

ManualsBrandsHP ManualsSoftwareHP Insight Remote Support Advanced Software
31323334353637383940
SNMP Traps
WEBES analyzes SNMP traps that are sent to it. As part of this analysis, WEBES may connect back to
the SNMP agent to get additional information about the device as described below in configuration
information.
Object of Service Data
Information about the entitlement parameters (serial number, product number, contract IDs, etc) are
collected for every device WEBES monitors. In addition, contact and location information for these
devices is collected as well. Finally, protocol credentials are captured (SNMP community strings, WBEM
usernames and passwords, Command View usernames and passwords).
All of this information is stored in the WEBES database on the CMS. The entitlement, site, and contact
information is sent to HP when an incident is created. The passwords are encrypted in the database
using 128-bit AES encryption. This information can be entered via the WEBES or HP SIM User Interface.
Both of those interfaces use HTTPS to secure communication between the browser and the server. In
addition, the actual passwords are not sent to the browser, which precludes revealing them by viewing
the source of the page.
2.12 Proactive Services
The CMS collects various data from the managed systems for the purpose of delivering proactive support.
Copies of the collected data and events are stored unencrypted on the CMS file system (owned by
Administrator or application users). The data is always encrypted before being transmitted to HP, and initially
stored in an encrypted database in the RSDC. Some data my be stored in an unencrypted database when
it is being used for analysis.
HP internal access to this data is controlled via remote support global groups. If an HP support specialist
needs to access the data, he/she requires manager approval to access customer data. Each user must adhere
to the HP Acceptable Use Policy when interacting with the Insight Remote Support Advanced solution.
Event data stored at HP is removed after six months, but summary data may be kept up to several years for
historical reporting purposes. Other types of data have different retention policies ranging from strict six-month
aging to the number of copies to be retained. In the latter case, the data may be kept for several years.
Aggregate data may be kept indefinitely.
Remote support aggregate data is available for internal HP use by product divisions, support delivery, and
program teams for quality purposes. Aggregate data contains no identifying information that can be traced
back to a specific customer, this includes MTBF (Mean Time Between Failure) and other reliability statistics
used to gain insight into product and automation quality. Customers may opt in to allow their data to be
used to recommend additional HP products and services, but by default the data will not be used in this
way.
2.12.1 System Architecture
On a scheduled basis, data collection requests are made by RSCC via device plug-ins. The plug-in either
directly or via web application proxies, communicates with the managed system using the protocols shown
in the diagram below including: HTTPS, SSH, Telnet, SNMP, ICMP, and DCOM. Keystores and truststores
are contained on both the central management server and the managed systems in order to support public
and private key encryption and digital certificate based authentication.
32 HP Insight Remote Support Advanced