HP Insight Remote Support Security Executive Summary
4
Remote Device Access
Remote Device Access allows an HP engineer the ability to securely access your environment to
perform additional failure analysis and/or problem resolution. It can also be used by your HP
account team to access your environment to deliver proactive support and/or upgrade services.
For reactive purposes, once an issue has been identified, a remote support engineer may need
access to the failing device to assist with the repair or to collect log files. Historically, this was
done either by sending an engineer onsite to access the system locally, or by an HP Support
Representative working with your IT staff over the phone to collect and review the failure
information. However, with Remote Device Access, HP can make use of a customer controlled
connection to access the customer network. This frees up your IT staff to work on other tasks,
reduces repair time, and allows the HP experts direct access to the device resulting in more
accurate problem diagnosis and faster resolution of issues.
Most of the HP remote access solutions use a connection over the internet and it is therefore vital
to protect both customer’s as well as HP’s confidentiality, integrity , and availability. For this, HP
offers a number of industry standard, secure remote access solutions (depending on the service
level agreement) to help meet customers’ IT security policy requirements.
Software Management
HP Insight Remote Support uses a built in software management component that is intended to be
used to manage the Insight Remote Support software components. The software update utility is
a component that can be configured to manage software updates in any one of three ways:
Manually Apply: Notifies the Hosting Device Administrator when a new software package
update is available. Updates are manually downloaded and installed by the Hosting Device
Administrator.
Automatically Download: Notifies the Hosting Device Administrator when a new software
package is available and automatically downloads the package. Updates are manually
installed by the System Administrator.
Automatically Download and Install: Updates are automatically downloaded and installed
on the Hosting Device. The Administrator is notified that the software update has been
installed.
Application Security
HP Insight Remote is a software application that utilizes an existing Windows
®
server (known as
the Hosting Device). Since the Hosting Device is customer owned and installed, it can be
configured to meet your Windows
®
server security policy. It is important that the integrity and
authenticity of the Insight Remote Support software is maintained to prevent unauthorized
changes. Therefore, all updates downloaded by Insight Remote Support software update
mechanism are digitally signed by HP prior to release. The digital signatures are verified prior to
installation.
Outbound Security
Insight Remote Support software collects event information from all monitored devices. Only
events requiring HP interaction will be forwarded to the HP Remote Support Datacenter (RSDC). All
communication between the Hosting Device and the RSDC are secured using industry standard
SSL/TLS over HTTPS and are initiated by the Hosting Device. External firewalls must be configured
to allow HTTPS traffic (outbound) between the Hosting Device and the universal URL of the HP
RSDC (https://services.isee.hp.com). More information can be found in the Hosting Device
Communication Requirements section of the Installation and Configuration guide.
Remote Device Access
allows HP to securely
access your
environment to perform
additional
troubleshooting and/or
problem resolution.
Software Management
enables you to choose
how to manage Insight
Remote Support
Software.
All Insight Remote
Support software
packages are digitally
signed by HP. The
digital signatures are
verified prior to
installation of the
software.
All Insight Remote
Support outbound
communications are
encrypted using
SSL/TLS over HTTPS
and authenticated with
X.509 digital
certificates.