Insight Remote Support 7.0.9 Security White Paper

ManualsBrandsHP ManualsSoftwareHP Insight Remote Support Next Gen Software

• Provide support with the customer’s confidence. All actions requested by the support engineer (taking desktop control

or snapshot, collecting system information, file transfer) must first be approved by the customer – via a popup

permissions window, and are completed with secure transmissions.

• The customer views all activity in real time and can suspend a remote access session immediately if so required.

Note: All sessions are encrypted with AES-256 using SSL over HTTPS on port 443. Because VSR is a web

application, web proxy servers can be used to access the HP VSR infrastructure.

Figure 12: Virtual Support Room Architecture

Customer

Administrator

HP External

Firewall

Virtual Support Rooms

XP24000

Superdome

Internet

Blade system

Corporate Network

Customer

Firewall

HP Support Specialist

Virtual Room Server

HP Internal

Firewall

Request/Allow Control

over Desktop

Administrator’s Desktop

HP DMZ

Shared Desktop

HTTPS connection to HP Virtual Support Room

TCP/25 (SMTP)

TCP/443 (SSL/TLS)

Remote Connection to HP Supported Device

EMAIL Support Room Key

Allow or Disallow control over Desktop in VSR

Application Specific

Data Privacy

HP is committed to protecting customer privacy. Personal information provided to HP and any data collected by this RDA

tool or other associated tools and utilities will not be shared with third parties. Information and data might be shared with

other HP entities and business partners who are providing the services described in the Insight Remote Support

documentation and who might be located in other countries. Suppliers and service providers are required to keep the

information received on behalf of HP confidential and may not use it for any purpose other than to carry out the services

they are performing for HP. Our privacy practices are designed to provide protection for your personal information all over

the world. See the HP Worldwide Privacy Statement at:

http://welcome.hp.com/country/us/en/privacy/worldwide_privacy.html.

Outbound Security

All HP RDA Solutions are designed to be used for inbound access from HP to customer networks. All RDA solutions, with

the exception of the Virtual CAS, do not initiate outbound connections without direct user interaction. Confidentiality for

outbound connections is provided by the connection service (SSL over HTTPS, SSH, IPSec etc). Authentication mechanisms

can vary from solution to solution, but all solutions are designed to ensure the privacy and security of all parties. The

Virtual Customer Access System (vCAS) initiates outbound connections to VeriSign.com to validate certificates, using either

OCSP to check the CRL status of an individual certificate, or HTTP to periodically fetch the entire CRL for the HP Class 2

Certification Authority. The Virtual CAS also periodically connects to the HP repository server using HTTPS to check for and

fetch software updates.