Manualshelf

7.0.8 Insight Remote Support Security White Paper

ManualsBrandsHP ManualsSoftwareHP Insight Remote Support Next Gen Software
11121314151617181920
20
Remote Device Access (RDA)
HP offers several options for establishing a secure connection between HP and your network, allowing an HP support
specialistwith your authorizationto remotely access your monitored systems and devices. Using HP RDA, an HP
support specialist can login to your system, observing normal security processes and procedures in order to provide
remote hardware or software support for faster resolution of problems.
HP Remote Access can be setup up on demand (ad hoc), or preconfigured (entitled) prior to use.
Ad Hoc
Ad Hoc connections can be used if there is no pre-configured solution installed, or if your security policy does not allow
static inbound Business-To-Business (B2B) access connections into your corporate network. In the ad hoc solution, the
customer and HP agree to engage in an immediate RDA session. This connection type allows for the creation of an ad
hoc, or spontaneous, remote connection to your desktop using lightweight applications such as HP Virtual Support Room
(VSR) or the HP Instant Customer Access Server (iCAS). Once you share your desktop within the Virtual Support Room, or
allow HP to connect via the iCAS, the support engineer can leverage this connection to provide access to target systems
inside your corporate network. This solution must be initiated from a system connected to your corporate network.
Ad Hoc RDA options include:
HP Virtual Support Rooms (VSR) A web-based desktop sharing application
HP Instant Customer Access Server (iCAS) A meet-in-the-middle access model that allows HP remote access
connections between HP and a customer network using Secure Shell (SSH) tunneled over an HTTPS connection
Entitled
Entitled Remote Device Access describes a connection solution which must be deployed and configured at your site
before support can be delivered (this is sometimes called a pre-configured solution). This may include routers or other
hardware specifically configured to allow connections from HP. This connection type allows a support engineer to access
a pre-configured Customer Access System (CAS) within your corporate network to gain access to HP supported systems
and devices. HP can initiate an entitled connection at any time with your consent, but without requiring your assistance
to establish the connection.
Entitled Remote Access options include:
SSH-Direct The SSH tunnel runs bare over the Internet
IPSec VPN Connectivity The SSH tunnel runs over a peer-to-peer IPSec VPN tunnel between HP and your company
network
SSL VPN Connectivity This solution requires a SSL VPN concentrator on your network to be configured to allow
access for HP Support. Connections are tunneled through a secure SSL (HTTPS) connection over the Internet.
Integrated Services Digital Network (ISDN) Connectivity* The SSH tunnel runs over an ISDN connection
*Note: The ISDN option is only available in select countries.
Most of the Entitled Remote Access solutions leverage the end-to-end encryption and application tunneling capabilities
of SSHv2. While using SSHv2 is strongly recommended, some versions of Entitled Remote Access can be configured
without SSHv2. Not using SSHv2 can reduce the security profile and limit the functionality of the RDA solution.
Service Value
The RDA solution provides HP customers an information security compliance level so that customers will meet most
government and industry regulations. Authentication, access control, and secure communications conform to industry
best practices.