A.05.70 HP Insight Remote Support Advanced and Remote Device Access Security Overview (October 2011, 5900-1735)
3 Remote Device Access (RDA)
3.1 Executive Overview
Remote Device Access (RDA) is a support solution that enables the delivery of HP remote support services
over the Internet or other connectivity methods. Today, many security-sensitive transactions, such as
e-commerce, stock trades, and online banking, are executed securely over the Internet using the same security
technology utilized in RDA by HP.
Enhanced security features like strong encryption, authentication, audit and target authorization address
stringent customer compliance regulations. Customizable policies, customers can control and define for a
remote control session, allow for a consistent and firewall-friendly remote support solution for use across the
HP product and services portfolio.
3.2 Service Description
HP offers several options for establishing a secure connection between HP and the customer network, allowing
an HP support specialist—with prior authorization—to remotely access monitored systems and devices on
a custmoer network. Using HP RDA, an HP support specialist can log in to a customer system, observing
normal security processes and procedures in order to provide remote hardware or software support for faster
resolution of problems.
HP Remote Access can be setup up on demand (Ad Hoc), or preconfigured (Entitled) prior to use.
Ad Hoc:
Ad Hoc connections can be used if there is no pre-configured solution installed, or if your security policy
does not allow static inbound B2B access connections into your corporate network. In the Ad Hoc solution,
the customer administrator and HP remote support representative agree to engage in an immediate RDA
session. This connection type allows for the creation of an ad hoc, or spontaneous, remote connection to
the customer administrator desktop using lightweight applications such as HP Virtual Support Room (VSR)
or the HP Instant Customer Access Server (iCAS). Once an ad hoc session is established, a customer
administrator can share their desktop within the Virtual Support Room, or allow HP to connect via the iCAS,
the support engineer can leverage this connection to provide access to target systems inside the customer's
corporate network. This solution should only be used during normal business hours as it must be initiated
from a customer administrator system connected to the corporate network.
Entitled:
Entitled Remote Device Access describes a connection solution which must be deployed and configured at
a customer site before support can be delivered (this is sometimes called a pre-configured solution). This
may include routers or other hardware specifically configured to allow connections between HP and a
customer network. This connection type allows a support engineer to connect to or through a pre-configured
Customer Access System (CAS) on a customer's corporate network in order to gain access to HP supported
systems and devices. With prior consent, HP can initiate an Entitled connection. No assistance is required
to establish the connection between networks. However, customer administrator's assistance will be required
to provide access credentials for the supported devices.
Ad Hoc RDA options include:
• HP Virtual Support Rooms (VSR) – A web-based desktop sharing application.
• HP Instant Customer Access Server (iCAS) – A meet in the middle access model that allows HP remote
access connections between HP and a customer network using SSH tunneled over a HTTP connection.
Entitled Remote Access options include:
• SSH-Direct – The SSH tunnel runs bare over the Internet.
• IPSec VPN Connectivity – The SSH tunnel runs over a peer to peer IPSec VPN tunnel between HP and
a customer's network.
• SSL VPN Connectivity – This solution requires a SSL VPN concentrator on the customer network to be
configured to allow access for HP Support. Connections are tunneled through a secure SSL (HTTPS)
connection over the Internet.
• ISDN Connectivity – The SSH tunnel runs over an ISDN connection.
3.1 Executive Overview 37