7.0.8 Insight Remote Support Security White Paper
10
transparently to the user because DCOM handles this function. Thus, the user can access and share
information without needing to know where the application components are located. If the client and server
components of an application are located on the same computer, DCOM can be used to transfer information
between processes.
ELMC
The Event Log Monitoring Collector (ELMC) is a proprietary management service included with Insight Remote
Support. ELMC is platform-specific and provides error condition detection on the monitored endpoint system
on which it is installed. It communicates these events to Insight RS on the Hosting Device, which can be running
either on the same system as the ELMC system or another system on the same TCP/IP network. Different ELMC
packages exist for the same ELMC version, depending on the operating system and hardware platform.
ESP
Encapsulating Security Payload (ESP), or IP protocol 50, is a protocol header inserted into an IP datagram to
provide data encryption and authentication. Remote Device Access uses ESP in tunnel mode to establish VPN
connectivity. ESP is described in RFC 4303.
HPPrintDataManager
HPPrintDataManager is an HP proprietary middleware application on the Hosting Device used to facilitate
communication between various print devices and Insight Remote Support. HPPrintDataManager
communicates with monitored devices using standard protocols (HTTP, HTTPS, SNMP, and ICMP) to get status
information from the device. HPPrintDataManager receives event notifications from monitored print devices
via Simple Network Management Protocol Trap (SNMP-TRAP) running on User Datagram Protocol (UDP) port
164. HPPrintDataManager communicates with Insight Remote Support over an unencrypted (localhost) Simple
Object Access Protocol (SOAP) interface (TCP/8049).
HTTP
The Hypertext Transfer Protocol (HTTP) is an application-layer protocol used for exchanging data. HTTP is
described in RFC 2616. Its most popular usage is for transferring text, graphic images, sound, video, and other
multimedia files to Web browsers. HTTP capabilities are also general enough for non-web applications. HTTP
communications are unencrypted. HTTP typically uses Transmission Control Protocol (TCP) port 80. HTTP is
used by Insight Remote Support to discover monitored devices and communicate with older network devices
that do not support encrypted communications.
HTTPS
HTTPS is HTTP with Secure Sockets Layer (SSL) or Transport Layer Security (TLS) encryption for security. All
communications between the Hosting Device and the HP Remote Support Data Center are carried out over
HTTPS. HTTPS is also used for the marshalling and transfer of collected device data between the Hosting
Device and the monitored systems. HTTPS typically uses TCP port 443, but other services, like Remote Insight
Board Command Language (RIBCL) and Web-Based Enterprise Management (WBEM), may specify a different
port number for HTTPS communications. HTTPS is described in RFC 2818.
IPSec
IP Security, or IPSec, is a suite of protocols for securing IP communications. IPSec operates in two modes. In
transport mode it can be configured to provide end-to-end security of all communications between two
systems. In tunnel mode, IPSec can be used to provide Virtual Private Network (VPN) connectivity over insecure
networks. A typical IPSec deployment uses two protocols: Internet Security Association and Key Management
Protocol (ISAKMP) and either Encapsulating Security Payload (ESP) or Authentication Header (AH), both of
which are IP protocols. AH is seldom used as it does not provide encryption. IPSec is described in RFC 4301.
IKEv2
Internet Key Exchange version 2 performs mutual authentication between two parties and establishes an IKE
security association (SA) that includes shared secret information that can be used to efficiently establish SAs
for Encapsulating Security Payload (ESP) [see: RFC 4303] and/or Authentication Header (AH) [see: RFC 4302]
and a set of cryptographic algorithms to be used by the SAs to protect the traffic that they carry. In this
document, the term "suite" or "cryptographic suite" refers to a complete set of algorithms used to protect an
SA (Security Association). An initiator proposes one or more suites by listing supported algorithms that can be
combined into suites in a mix-and-match fashion. IKE can also negotiate use of IP Compression (IPComp) in
connection with an ESP and/or AH SA. IKEv2 is described in RFC 4306
OCSP