7.0.8 Insight Remote Support Security White Paper

ManualsBrandsHP ManualsSoftwareHP Insight Remote Support Next Gen Software

The Online Certificate Status Protocol (OCSP) [RFC2560] defines a protocol for obtaining certificate status

information from an online service. An OCSP responder may or may not be issued an OCSP responder

certificate by the certification authority (CA) that issued the certificate whose status is being queried. An OCSP

responder may provide pre-signed OCSP responses or may sign responses when queried. OSCP is described in

RFC 6277

P4000 SAN

The P4000 Storage Area Network (SAN) Solution (SAN/iQ) protocol is the command line interface that is used

to interface with the P4000 Storage Systems from the Hosting Device. The P4000 Command Line Interface

(CLI) is installed with Insight Remote Support.

Note: The P4000 SAN Solution is sometimes referred to as CLiQ (or cliq), which is the name of the command

used within the P4000 SAN Solution.

P6000 CV

P6000 Command View (CV) is the storage management software used to monitored HP Enterprise Virtual Array

(EVA) devices. Insight Remote Support uses ELMC to monitor the array controllers for new log entries and

communicates this information back to the Hosting device. The Hosting Device communicates with P6000 CV

over TCP port 2372 to query the software for configuration and event details.

RIBCL

Remote Insight Board Command Language is an Extensible Markup Language (XML) based command language

for managing HP ProLiant Servers (series 300 and higher) via the Integrated Lights Out (iLO) interface. Insight

RS uses RIBCL to communicate with the server onboard administrator (OA) to gather configuration information

and event details for monitored devices. RIBCL communicates using HTTPS (TCP port 443).

SNMPv1

Simple Network Management Protocol version 1 is a protocol developed to manage nodes (servers, routers,

switches, and hubs) on an IP network. SNMPv1 is described in RFC 1157. SNMPv1 is an unencrypted

communication service that communicates over UDP port 161. SNMPv1 is a simple request/response protocol

(responses are not acknowledged). The Hosting device issues a request and a monitored device returns a

response.

SNMPv2

Simple Network Management Protocol version 2 or more specifically, SNMPv2C (a subset of SNMPv2), is an

extension of SNMPv1. It also is an unencrypted communication service that communicates over UDP port 161.

SNMPv2 is described in RFC 1441 and includes enhanced protocol operations to the SNMPv1 protocol that

include the GetBulk operation (to retrieve large blocks of data) and the Inform operation (allowing one

Network Management System to send trap information to another Network Management System and receive a

response or acknowledgement). If Inform operation responses are not acknowledged, the SNMP agent will

resend the Inform message.

SNMPv3

The SNMPv3 protocol builds on the existing SNMPv1 and SNMPv2c protocol implementation. In SNMPv3, User-

based Security Model (USM) authentication is implemented along with encryption, allowing you to configure a

secure SNMP environment. The SNMPv3 protocol uses different terminology than the SNMPv1 and SNMPv2c.

In SNMPv1 and SNMPv2C, an agent is the software within a SNMP user while a manager is the SNMP host. In the

SNMPv3 protocol, agents and managers are called entities. In any SNMPv3 communication, there is an

authoritative entity and a non-authoritative entity. The authoritative entity checks the authenticity of the non-

authoritative entity. And, the non-authoritative entity checks the authenticity of the authoritative entity.

SSH

The Secure Shell (SSH) protocol is an application-layer protocol which permits secure remote access over a

network from one computer to another. SSH negotiates and establishes an encrypted, and authenticated

connection between an SSH client and an SSH monitored server. SSH provides data integrity checks, prevents

eavesdropping, and modification of sensitive data transferred between the Hosting Device and monitored

systems. SSH typically uses TCP port 22, but alternative port numbers may be assigned to the SSH server. SSH

is described in RFC 4251.

Although the SSH protocol is typically used to log into a remote machine and execute commands, it also

supports tunneling, forwarding arbitrary TCP ports and X Windows System, version 11 (X11) connections. It

can transfer files using the associated Secure File Transfer Protocol (SFTP) or Secure Containment Protocols

(SCP).