Manualshelf

A.05.70 HP Insight Remote Support Advanced and Remote Device Access Security Overview (October 2011, 5900-1735)

ManualsBrandsHP ManualsSoftwareHP Insight Remote Support Advanced Software
41424344454647484950
whom from HP connects to their network and then controls where they can go and what they are allowed
to do.
The third layer is the login credentials on the target system that must be known by the HP support specialist,
typically pre-shared or shared on demand by the customer to HP either via phone or using a different secure
communication channel.
3.7 Connectivity Method: SSH-Direct Secure Shell over Internet
The direct SSH option provides a simple and easy unattended RDA solution. The customer need only provide
HP with an Internet Routable IP address for the CAS and allow one or more of the HP access servers to
access it on TCP port 22. The SSH-2 protocol is considered as secure as SSL because it uses comparable
encryption ciphers.
Figure 3-4 SSH Direct
3.8 Connectivity Methods for VPN Solutions
Many customers security policies require that all inbound connections be protected inside a VPN connection
that is terminated in a DMZ. HP offers site to site IPsec VPN access solutions for entitled remote access. SSH
port-forwarding is still used, except that it is tunneled over IPsec using VPN routers. The combination of SSH
and IPsec provides enhanced security.
SSH is recommended as it provides better end to end security as well as enhanced functionality (file transfer
capabilities and application tunneling), but HP recognizes that this may not fit all security policies. Therefore
we offer site to site IPsec VPN connectivity with and without SSH tunneling. The following two figures show
both options.
3.7 Connectivity Method: SSH-Direct Secure Shell over Internet 43