Manualshelf

7.0.8 Insight Remote Support Security White Paper

ManualsBrandsHP ManualsSoftwareHP Insight Remote Support Next Gen Software
21222324252627282930
24
RDA Access Controls
Access Controls at HP
HP manages all remote access customers in an internal portal called Remote Access Portal (RAP). Customer information
and their connection data are centrally and securely managed via this central portal. Each customer can be associated
with individual access rights so that narrow access permissions for this customer can be enforced, matching your
security and access permission needs. The Remote Connectivity Database is the central place where the configuration
data and access permissions are stored and encrypted in a secure HP Data Center facility.
An HP Support specialist must authenticate to the HP Remote Data Access (RDA) Infrastructure (Remote Access Portal
System - RAPS, Remote Connectivity Toolbox System - RCTS, and Remote Access Connection System - RACS) using his or
her HP-issued X.509 digital certificate, internally called Class A DigitalBadge, that employ two-factor authentication. The
HP support specialist must have a physical ActivKey or ActivCard which is enabled by a password or passphrase. This is a
physical handheld token issued to appropriate HP support personnel and issuance is controlled by HP business and
security policies.
An HP support specialist must be granted permission to access a customer in RAP before they can see the connection
details necessary to initiate a remote access session to a CAS on a customer network. If they are not able to see the
connection details, they must contact the HP account owner and request access to the customer network in RAP.
HP
Remote Access
Connection System
Workstation
HP Support
Specialist
Remote Access
Portal (RAP)
Remote Connectivity
Toolbox (RCTS)
Remote
Connectivity
Database
Remote Access
Connection System
(RACS, Regional)
HP Customer
Account Manager
Remote Device Access connection
User authentication and authorization data flow
Company access authorization management and connection configuration
HP routing
device
HP
Firewall
Figure 7: Remote Access Connection System Details
A Remote Access Connection System (RACS) is an SSH server that can forward an SSH connection to an appropriate CAS.
When the HP support specialist connects and is authenticated to the RACS, the SSH server on the RACS checks the