Insight Remote Support 7.0.9 Security White Paper

ManualsBrandsHP ManualsSoftwareHP Insight Remote Support Next Gen Software

Table 1: Device Discovery Services

Service

Protocol/Port

Source

Destination

DCOM*

TCP/135

Hosting Device

Monitored Device

ELMC

TCP/7920

Hosting Device

Monitored Device

HTTP*

TCP/80

Hosting Device

Monitored Device

HTTPS

TCP/443

Hosting Device

Monitored Device

P4000 CLI

TCP/5989

Hosting Device

Monitored Device

P6000 CV

TCP/2372

Hosting Device

Monitored Device

RIBCL

TCP/443

Hosting Device

Monitored iLO Device

SNMPv1*

UDP/161

Hosting Device

Monitored Device

SNMPv2*

UDP/161

Hosting Device

Monitored Device

SSH

TCP/22

Hosting Device

Monitored Device

Telnet*

TCP/23

Hosting Device

Monitored Network Device

WBEM

TCP/5989

Hosting Device

Monitored Device

WS-MAN

TCP/443

Hosting Device

Managed Superdome OA

WMI

TCP/135

Hosting Device

Monitored Windows Server

*DCOM, HTTP, PING, SNMPv1, SNMPv2 and Telnet are unencrypted protocols

#WMI is a DCOM service to configure your firewall to support DCOM services see:

http://support.microsoft.com/kb/832017. To restrict WMI to a specific port see: http://msdn.microsoft.com/en-

us/library/windows/desktop/bb219447%28v=vs.85%29.aspx

Communication Services

The following services are used by HP Insight Remote Support for one or more of the following tasks: Remote Device

Monitoring (Device Discovery and Event Notification); Remote Data Collection; Remote Device Access.

DCOM

The Distributed Component Object Model (DCOM) is a Windows protocol that enables software components to

communicate directly over a network. Previously named "Network OLE”, DCOM is designed for use across

multiple network transports, including Internet protocols such as HTTP and WMI (Windows Management

Instrumentation).

DCOM allows processes to be efficiently distributed to multiple computers so that the client and server

components of an application can be placed in optimal locations on the network. Processing occurs transparently

to the user because DCOM handles this function. Thus, the user can access and share information without

needing to know where the application components are located. If the client and server components of an

application are located on the same computer, DCOM can be used to transfer information between processes.

ELMC

The Event Log Monitoring Collector (ELMC) is a proprietary management service included with Insight Remote

Support. ELMC is platform-specific and provides error condition detection on the monitored endpoint system on

which it is installed. It communicates these events to Insight RS on the Hosting Device, which can be running

either on the same system as the ELMC system or another system on the same TCP/IP network. Different ELMC

packages exist for the same ELMC version, depending on the operating system and hardware platform.

ESP

Encapsulating Security Payload (ESP), or IP protocol 50, is a protocol header inserted into an IP datagram to

provide data encryption and authentication. Remote Device Access uses ESP in tunnel mode to establish VPN

connectivity. ESP is described in RFC 4303.