Insight Remote Support 7.0.9 Security White Paper
RDA Access Controls
Access Controls at HP
HP manages all remote access customers in an internal portal called Remote Access Portal (RAP). Customer information
and their connection data are centrally and securely managed via this central portal. Each customer can be associated with
individual access rights so that narrow access permissions for this customer can be enforced, matching your security and
access permission needs. The Remote Connectivity Database is the central place where the configuration data and access
permissions are stored and encrypted in a secure HP Data Center facility.
An HP Support specialist must authenticate to the HP Remote Data Access (RDA) Infrastructure (Remote Access Portal
System - RAPS, Remote Connectivity Toolbox System - RCTS, and Remote Access Connection System - RACS) using his or
her HP-issued X.509 digital certificate, internally called Class A DigitalBadge, that employ two-factor authentication. The
HP support specialist must have a physical ActivKey or ActivCard which is enabled by a password or passphrase. This is a
physical handheld token issued to appropriate HP support personnel and issuance is controlled by HP business and
security policies.
An HP support specialist must be granted permission to access a customer in RAP before they can see the connection
details necessary to initiate a remote access session to a CAS on a customer network. If they are not able to see the
connection details, they must contact the HP account owner and request access to the customer network in RAP.