7.0.8 Insight Remote Support Security White Paper
14
ServerBasicConfigurationCollection
Monthly
2
3
StorageConfigurationCollection
Weekly
2
3
SupportDataCollection
RunNow Only
1
N/A
vCenterApplicationDataCollection
Weekly
1
2
Table 3: Data Collection Retention Default Schedule
Logging
The Hosting Device keeps a record of Insight Remote Support activities in the following (default) location:
Log Data:
C:\ProgramData\HP\RS\LOG\{Log_Name}.log
Data Sent to HP
Data sent to HP from the Hosting Device can be sent to HP directly or via a proxy server. If a proxy server is used, the
proxy settings are configured using the Insight Remote Support User Interface: Administrator Settings Settings tab. If
a proxy username and password are required, the password is encrypted and stored in a binary file on disk. If the proxy
username and password are changed at the proxy, they must also be changed in the Insight RS Console to ensure
connectivity to HP is uninterrupted. All transport sessions to HP are encrypted using SSLv3/TLS over HTTPS (see note
below). Connections are authenticated using X.509 Digital Certificates and a Global Unique Identifier (GUID) that is
unique to the Hosting Device. All data sent to HP is via a HTTPS connection to a single destination services.isee.hp.com.
This destination is a virtual IP address that is automatically routed to an active server in one of the HP Corporate Data
Centers (see figure 2).
Note: Insight Remote Support will allow SSLv2 connections from Monitored Devices to ensure compatibility
with some platforms. All connections to HP require strong encryption (SSLv2/TLSv1.X) to ensure the best
possible security during the transport of event and collection data to HP.
Data Sent to HP contains configuration information about devices in your environment. This information can be viewed
using HP Insight Online. This may include diagnostic sense information, firmware information, model number, serial
number, and other configuration data. Due to the nature of the configuration collection utilities, some potentially
sensitive configuration details may be collected and sent to HP as part of the event or data collection. This could include
IP Address, Fully Qualified Domain Name, MAC address, DNS Configuration, and Windows Domain Details. HP treats all
collection data as HP Confidential while at HP. Access to this information is restricted to authorized HP personnel with a
valid business reason for accessing this information. Device Administrator contact details such as system administrator
name, phone number, and email address will also be added to the event or collection data prior to transport to HP. This
is done to ensure HP has the necessary contact information in case a response from HP is required to affect a repair or to
recommend a configuration change to avoid potential downtime.
All information collected by Insight Remote Support and sent to HP is used in accordance with the Insight Remote
Support Terms and Conditions (see note below) and the HP Online Privacy Statement.
Note: For receiving remote support:
Installing HP Insight Remote Support configures your IT devices being remotely supported to securely send
support or service events, IT configuration information, diagnostic, configuration, and telemetry information
to HP, together with your support contact information. No other business information is collected and the data
is managed according to the HP Data Privacy policy.
To provide you advisories to optimize your IT environment:
If you choose to 'Opt-In' to be contacted by HP or your HP authorized reseller to optimize your IT environment,
HP or HP authorized resellers may use the collected configuration data to provide you with recommendations,
sell or deliver solutions, to optimize your IT environment. These providers may be located in other countries
than your HP IT hardware locations. HP's providers are required to keep confidential information received from
HP and may use it only for the purpose of providing advisories and recommendations on behalf of HP. You will