A.05.70 HP Insight Remote Support Advanced and Remote Device Access Security Overview (October 2011, 5900-1735)
Figure 3-2 Instant CAS (iCAS)
3.6 Access Control Details
3.6.1 Access control on the HP side
HP manages all remote access customers in an internal web application called Remote Access Portal (RAP).
Customers and their connection details are centrally and securely managed via the RAP user interface. Every
customer connection is associated with a unique set of access rights allowing the HP Account Team to restrict
HP access to customer remote access information. Customer connection information, configuration details
and access credentials are stored in an encrypted Remote Connectivity Database located in a secure HP
data center facility.
An HP Support specialist must authenticate to the HP RDA Infrastructure using his or her HP issued X.509
digital certificate, internally called Class A DigitalBadges, that employ two-factor authentication. The HP
support specialist must have a physical ActivKey or ActivCard which is enabled by a password or passphrase.
This is a physical hand held token issued to appropriate HP support personnel and issuance is controlled by
HP business and security policies.
An HP support specialist must be granted permission to access a customer in RAP before they can see the
connection details necessary to initiate a remote access session to a CAS on a customer network. If they are
not able to see the connection details, they must contact the HP account owner and request access to the
customer network in RAP.
3.6 Access Control Details 41