HP Remote Device Access Service Brief
5
Provides a mechanism for connecting to HP through a proxy
Provides a mechanism for viewing which systems (targets) the HP SE connects to
Provides a mechanism for forcing a disconnect from a given target system
Provides a simple white Access Control List (ACL) for managing to which targets an HP SE
may connect
Provides a session logging mechanism
Provides a way to download the software from a central HP site for either an initial install or an
upgrade
Remote Device Access Security
Remote Device Access requires a connection from HP to a customer-designated access server. HP
understands that IT security policies within organizations vary considerably. Therefore, HP offers a
number of remote access solutions (depending on the service level agreement) that help meet
customer’s security requirements. All of HP solutions use standard techniques that include SSH,
IPsec, and HTTPS.
All attended RDA connection attempts from HP to customers are logged. The acting user, start and
stopping times of the connection, and the connection status are logged. The connection status will
indicate failures such as improper authentication and authorization.
For more information about Remote Device Access security, see the HP Remote Device Access
Security Overview available at http://www.hp.com/go/rda-docs.
Remote Device Access Connectivity
At its simplest, an RDA connection to a customer involves the HP Support Specialist making the
connection, and a target device in the customer's network. The specialist launches an application
client on their desktop (such as VNC, RDC, a file transfer program, etc).
A connection to a customer involves a few more systems. At the HP side, connections must go
through an Access Server. This is done so HP can authenticate the user, and verify that they are
authorized to connect to the customer. The HP access server also records basic information about
the connection (who, when, what, where, etc) for our audit records.
Presently there are several methods used for Remote Device Access:
SSH-Direct
The SSH protocol is used across the public Internet to and from HP for the connection.
hpVPN- Note: This is no longer offered in any region.
HP supplies the customer or partner with a small VPN router. This router is used to establish a
secure connection to and from HP. This is the most secure connection option, which uses
IPsec and SSH tunnels.
CorVPN
This is similar to the hpVPN solution, except that the customer-side router (or partner-side) is
owned by the customer. The "Cor" stands for Customer Owned Router.
SSL VPN
The customer supplies and maintains an SSL VPN appliance. They then supply HP with the
information on how to access this appliance, and their customer network beyond. The SSL
protocol is used for communications.
Virtual Support Room (VSR)
This is an ad-hoc solution using HP Virtual Rooms.