Insight Remote Support 7.0.9 Security White Paper
Table 3: Data Collection Retention Default Schedule
Collection Name
Default Collection
Schedule
Number Retained for
'RunNow' Collections
Number Retained for
'Scheduled' Collections
ActiveHealthServiceCollection
Weekly
1
2
MetricsCollection
Weekly
7
4
NetworkConfigurationCollection
Weekly
2
3
P4000FamilyConfigurationCollection
Daily
2
5
PerformanceDataCollection
RunNow Only
2
N/A
SANConfigurationCollection
Weekly
2
3
ServerBasicConfigurationCollection
Monthly
2
3
StorageConfigurationCollection
Weekly
2
3
SupportDataCollection
RunNow Only
1
N/A
vCenterApplicationDataCollection
Weekly
1
2
Logging
The Hosting Device keeps a record of Insight Remote Support activities in the following (default) location:
Log Data:
C:\ProgramData\HP\RS\LOG\{Log_Name}.log
Data Sent to HP
This section describes Insight Remote Support data sent from a Hosting Device to HP. Some ProLiant Gen8 and c-Class
BladeServers have the ability to send data directly to HP. For these devices, refer to the HP Insight Online Direct Connect
Architecture and Security Model in the Whitepapers section of the Insight Remote Support Information Library
Data sent to HP from the Hosting Device can be sent to HP directly or via a proxy server. If a proxy server is used, the proxy
settings are configured using the Insight Remote Support User Interface: Administrator Settings Settings tab. If a proxy
username and password are required, the password is encrypted and stored in a binary file on disk. If the proxy username
and password are changed at the proxy, they must also be changed in the Insight RS Console to ensure connectivity to HP
is uninterrupted. All transport sessions to HP are encrypted using SSLv3/TLS over HTTPS (see note below). Connections are
always initiated by the Hosting Device outbound to HP and are authenticated using X.509 Digital Certificates and a Global
Unique Identifier (GUID) that is unique to the Hosting Device. All data sent to HP is via a HTTPS connection to a single
destination URL (https://services.isee.hp.com). This destination is a virtual IP address that is automatically routed to an
active server in one of the HP Corporate Data Centers (see figure 2).
Note: Insight Remote Support will allow SSLv2 connections from Monitored Devices to ensure compatibility with
some platforms. All connections to HP require strong encryption (SSLv3/TLSv1.0 or higher) to ensure the best
possible security during the transport of event and collection data to HP.
Data Sent to HP contains configuration information about devices in your environment. This information can be viewed
using HP Insight Online. This may include diagnostic sense information, firmware information, model number, serial
number, and other configuration data. Due to the nature of the configuration collection utilities, some potentially sensitive
configuration details may be collected and sent to HP as part of the event or data collection. This could include IP Address,
Fully Qualified Domain Name, MAC address, DNS Configuration, and Windows Domain Details. HP treats all collection data
as HP Confidential while at HP. Access to this information is restricted to authorized HP personnel with a valid business
reason for accessing this information. Device Administrator contact details such as system administrator name, phone
number, and email address will also be added to the event or collection data prior to transport to HP. This is done to
ensure HP has the necessary contact information in case a response from HP is required to affect a repair or to recommend
a configuration change to avoid potential downtime.