HP Remote Device Access vCAS User Guide Software Version: 8.
Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice. Restricted Rights Legend Confidential computer software.
Contents Contents 3 About This Document 6 Document Revision History 6 Chapter 1: Understanding the vCAS 7 About Remote Device Access (RDA) 8 About the Customer Access System (CAS) 8 Chapter 2: Installing the vCAS 9 Summary of Network Ports for Virtual CAS (vCAS) Installation 10 Install the vCAS on VMware ESX/ESXi 12 Verifying Prerequisites 12 Importing to VMware ESX/ESXi 12 Install on Oracle VM VirtualBox 18 Verifying Prerequisites 18 Importing to VirtualBox 18 Install on VMware
Contents Tunnel Access Control 33 Grant Access 34 Login Access Control 35 Performing Optional Configuration 36 Authentication 36 Email Alerts 37 Preferences 38 Send Logs to a Remote Log Server 40 Become a Central Logs Collector 40 Software Updates 41 Managing Automatic Settings 42 Managing Software Channels 43 Managing Optional Software Packages 43 Managing Manual Actions 44 Downloading Source Code 44 Viewing the Log 45 Log Refresh Rate 46 Chapter 5: Troubleshooting Inform
Contents VirtualBox Control Service system tray application 52 Use VBoxVmService 53 Create a scheduled task 54 Test the autostart 55 Appendix B: Release Notes 57 Fixed Problems and Enhancements 57 Known Issues 57 Apply the Update 57 Access the Kit 57 HP RDA CAS New Packages 58 HP RDA CAS Ubuntu Changelog Summary 58 hp-rdacas 58 hp-rdacas (1:14.06-37604) stable; urgency=low 58 hp-rdacas (1:14.04-37038) stable; urgency=low 58 libterm-emit-perl libterm-emit-perl (0.0.
About This Document The vCAS User Guide provides the necessary information to install, manage, and troubleshoot your Virtual Customer Access System (vCAS). Document Revision History Edition Software Version Publication Date Edition 1 RDA 7.1 June 2012 Edition 2 RDA 7.2 December 2012 Edition 3 RDA 7.3 June 2013 Edition 4 RDA 8.1 June 2014 HP Remote Device Access 8.
Chapter 1: Understanding the vCAS The Virtual Customer Access System (vCAS) is a pre-packaged virtual appliance. It is a small but complete operating system, with HP's CAS software pre-installed. The vCAS contains the software necessary for HP to securely access your network (depending on your access control settings) and provides support for your systems and devices.
Chapter 1: Understanding the vCAS About Remote Device Access (RDA) Remote Device Access (RDA) is an HP solution that allows HP Support Agents to connect securely from the HP network to systems on a customer's network. RDA provides problem diagnosis, troubleshooting, and proactive support activities. About the Customer Access System (CAS) A Customer Access System (CAS) acts as a gateway for HP to access your network. HP Support Agents use your CAS to provide support to you.
Chapter 2: Installing the vCAS This chapter describes installing the vCAS on the following systems: l VMware ESX/ESXi 4.0 or later l Oracle VM VirtualBox 4.2 or later l VMware Player 5.0.0 or later l VMware Server (we highly recommend NOT to use VMware Server as it is unsupported since 2011) The two main steps to running your vCAS are: 1. Import the virtual appliance 2. Configure the virtual appliance HP Remote Device Access 8.
Summary of Network Ports for Virtual CAS (vCAS) Installation The following table summarizes all ports that might be used for a vCAS installation. See for ports that are required for basic system operation. Table 2.
Table 2.
Install the vCAS on VMware ESX/ESXi You can install the vCAS on a VMware ESX or ESXi server using a VMware vSphere Client. Verifying Prerequisites Before you install the vCAS, verify the following prerequisites: l Make sure you have access to a VMware VSphere Server and that VMware vSphere Client is installed l Make sure to download the vCAS .
4. Click File, then Deploy OVF Template. The Deploy OVF Template wizard appears. 5. Select source location. 6. Click Browse to search your file system for the ovf or .ova file, or enter a URL to the .ova file located on the Internet. The OVF Template Details page appears. HP Remote Device Access 8.
7. Verify OVF template details. Click Next. 8. The Name and Location page appears. HP Remote Device Access 8.
9. Enter the name of the deployed template and select the location. Click Next. The Disk Format page appears. 10. Select the disk format to store the virtual machine disks, and click Next.The Ready to Complete page appears. HP Remote Device Access 8.
11. Review the deployment settings and click Finish.The Deploying dialog box appears. Note: The new vCAS takes a few minutes to create. 12. The progress of the import task appears in the vSphere Client Status panel. The vSphere Client window appears. 13. Select the newly created vCAS appliance and click Power on the virtual machine.The vCAS appliance starts and the console output displays in the Console tab. HP Remote Device Access 8.
Note: The first time it starts, it reconfigures itself and then reboots. Once it completes rebooting, the URL for the management UI appears. 14. Enter the URL into a web browser and follow the vCAS initial configuration instructions. HP Remote Device Access 8.
Install on Oracle VM VirtualBox You can install the vCAS on a VirtualBox Hypervisor. It takes less than five minutes to complete. Verifying Prerequisites Before you install the vCAS, verify the following prerequisites: l Make sure VirtualBox is installed. For more information about VirtualBox, go to: https://www.virtualbox.org/wiki/Downloads. l Make sure to download the vCAS .ova image. Importing to VirtualBox To import the vCAS into a VirtualBox Hypervisor, complete the following steps: 1.
3. Click Open appliance to select and import the vCAS .ova file, then click Next. The Appliance settings page appears. 4. Select the Reinitialize the MAC address of all network cards check box, and then click Import. The Importing Appliance dialog box appears. HP Remote Device Access 8.
Note: The new vCAS takes a few minutes to create. The Oracle VM VirtualBox Manager window appears. 5. Select the newly created vCAS appliance and click Start. The vCAS appliance starts and the console output displays in a new window. The first time it starts, it reconfigures itself and then reboots. Once it completes rebooting, the URL for the management UI appears. HP Remote Device Access 8.
6. Enter the URL into a web browser and follow the vCAS initial configuration instructions. 7. (Optional but recommended) You can configure VirtualBox to automatically start your vCAS appliance at boot time. Complete this configuration from within VirtualBox. Install on VMware Player You can install the vCAS on a VMware Player Hypervisor. Verifying Prerequisites Before you install the vCAS, verify the following prerequisites: l Make sure VMware Player is installed.
Importing to VMware Player To import the vCAS into a VMware Player Hypervisor, complete the following steps: 1. Launch the VM Player. The VMware Player appears. 2. Click Open a Virtual Machine. The Open Virtual Machine window appears. HP Remote Device Access 8.
3. Click Open to select the .ova file. The Import Virtual Machine window appears. 4. Click Import to import the vCAS .ova file. The VMware Player window appears. 5. Select the newly created vCAS appliance and click Play virtual machine. The vCAS appliance starts and the console output displays in the same window. HP Remote Device Access 8.
Note: The first time it starts, it reconfigures itself and then reboots. Once it completes rebooting, the URL for the management UI appears. 6. Enter the URL into a web browser and follow the vCAS initial configuration instructions. Install on VMware Server We have tested the latest vCAS on VMware Server 1.0.1 and VMware Server 2.0.2. It is strongly recommended that you do not install vCAS on VMware Server 1.0.1 and 2.0.2.
Chapter 3: Configuring Your vCAS This chapter contains initial configuration steps you must complete before using your vCAS. Verify Prerequisites Before using your new vCAS, verify the following prerequisites: l Make sure you allocate a static IP address to your vCAS. Initially it boots DHCP to get a temporary IP address (so you can configure it). However, it will not operate with a DHCP address. To allocate a static IP address, contact your administrator.
Chapter 3: Configuring Your vCAS 3. Read the licensing terms. If you agree to the terms, then select the Yes, I have read the accept the software license terms check box. You must accept the license to connect to the vCAS. 4. Click Close. Once you accept the license, the CAS Setup dialog box appears. HP Remote Device Access 8.
Chapter 3: Configuring Your vCAS 5. Enter values in the Network Configuration and the NTP Servers fields. The Network Configuration and the NTP Servers fields are required fields. If you are unsure of the correct values, then contact your network administrator. When you change the administrator password, a message appears informing you that you need to log on again.
Chapter 3: Configuring Your vCAS 1. Set Type to RDACAS in the General section. 2. Click Add in the SSH section, and set the Auth Methods to publickey ; keyboardinteractive ; password . This makes sure that the profile sends DigitalBadge information to the CAS. 3. Set Login method to email . Figure 3.1 CAS Configuration in the RCTS 4. Click Submit to complete the changes. HP Remote Device Access 8.
Chapter 4: Managing your vCAS Set up a vCAS to allow HP Support Agents access into your network. Monitor or review the connections that HP Support Agents make to and through the vCAS. You can also configure automatic updates to your vCAS, set it up as a syslog receiver for your network, or add extension packages for additional support capabilities. The following sections describe these management actions.
Chapter 4: Managing your vCAS Active Tunnels When an HP Support Agent is running a connection through your vCAS to elsewhere in your network, the connection appears as an active tunnel on your vCAS. Each active tunnel displays on the Active Tunnels and Logins tab, as a row in the Active Tunnels table. Figure 4.1 Active Tunnels Table The Active Tunnels screen contains the following columns: Table 4.1 Active Tunnels Column Description User The name of the user who initiated the tunnel.
Chapter 4: Managing your vCAS Figure 4.2 Logged-In Users The Logged-In Users screen contains the following columns: Table 4.2 Logged-In Users Column Description User The user who is currently logged on to the vCAS. PID The process ID of the user's login session. Start The time in ISO 8601 format when the login session was initiated. Duration The length of time the user is logged on to the system. Action Click to force a termination of the user's login session.
Chapter 4: Managing your vCAS The Recently Blocked Tunnels screen contains the following columns: Table 4.3 Recently Blocked Tunnels Column Description User The user who attempted to initiate a tunnel. Target The host name or IP address of the system (within your network) where the tunnel was to emerge. Proto The protocol (TCP or UDP) which the blocked tunnel was to support. Port The port in the target system to which the blocked tunnel was directed.
Chapter 4: Managing your vCAS Controlling Access The Access Control tab allows you define who can tunnel through your vCAS into your network and to what and where they can connect. It also allows you define who can log on to a command shell on your vCAS. The Access Control tab also allows administrators to change the access control for tunnel access and user login access.
Chapter 4: Managing your vCAS The Permitted Tunnels screen contains the following columns: Table 4.6 Permitted Tunnels Access Control Description User Displays the name of the user to be granted access. Any displays when all users are allowed access. Target Displays the name of the host to which access is to be granted. Any displays when a user can access any system within the customer's network. Port Displays the name of the port on the target to which access is to be granted.
Chapter 4: Managing your vCAS Table 4.7 Grant Access Access Control Description User The name of the user who is granted access. This is a required field. This is the username, not the e-mail address. Target (optional) The name of the host which access is granted. This field is optional. Note: A blank field indicates that any target system may be accessed. Port (optional) The name of the port on the target to which access is to be granted. This field is optional.
Chapter 4: Managing your vCAS Table 4.8 Permitted Shell Logins Access Control Description User The name of the user for which access is or is not granted. Access Allowed This check box indicates if access is allowed or denied. A selected check box indicates access is allowed. A clear check box indicates access is denied. Action Click to delete a user account from the vCAS.
Chapter 4: Managing your vCAS The following table describes the three options for certificate revocation checking: Table 4.9 Certificate Revocation Checking Access Control Description OCSP The Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate.
Chapter 4: Managing your vCAS 3. In the General Alerts section, select the alerts you want to receive. All changes made in this dialog box take effect immediately. 4. Click Close. Preferences You can change the way the vCAS looks or behaves.The following image displays the Preferences dialog box. The Preferences dialog box contains the following fields: Table 4.
Chapter 4: Managing your vCAS The following image displays the Join Tunnel Graphic option: Figure 4.9 Join Tunnel Graphic The following image displays the Branch Tunnel Graphic option: Figure 4.10 Branch Tunnel Graphic The following image displays the Fan Tunnel Graphic option: Figure 4.11 Fan Tunnel Graphic HP Remote Device Access 8.
Chapter 4: Managing your vCAS Send Logs to a Remote Log Server If your site has a centralized Syslog log server, you may configure your vCAS to send log messages to your centralized log server. To send logs to a remote log server, complete the following steps: 1. Select Tools, then Remote Logging. The Remote Logging dialog box appears. 2. Select the Enable Remote Logging check box to enable remote logging. 3. Enter the IP address and port number for your centralized log server. 4.
Chapter 4: Managing your vCAS $InputTCPServerRun 514 2. Add the following directive before the $FileOwner directive: $FailOnChownFailure off Save your changes and exit. 3. (Optional but Recommended) To direct incoming messages to files based on the sending host, create a file in the /etc/rsyslog.d directory (sudo vi /etc/rsyslog.d/10-other-hosts.conf) with the following contents: $template DynFile,"/var/log/other/%HOSTNAME%.
Chapter 4: Managing your vCAS l Automatic Settings l Software Channels l Optional Software Packages l Manual Actions l Source Code The following image displays the Software Updates dialog box. Figure 4.12 Software Updates Managing Automatic Settings The Automatic Settings section allows administrators to specify how often the vCAS will check for software updates and what action to take when updates are available.
Chapter 4: Managing your vCAS Option Description Weekly The vCAS will check at a random time of the day on Sunday (same time each Sunday). Monthly The vCAS will check at a random time of the first day of each month (same time each month). When a periodic check indicates that updates are available, the vCAS does one of the following: Note: If the randomly generated time is unsuitable, then you can change the option to Never and back to your periodic choice and a new time is selected.
Chapter 4: Managing your vCAS Managing Manual Actions The Manual Actions section allows administrators to manually control updates. It also displays how long it has been since the last update. The following table shows the buttons available in this section: Check Now Click Check Now to compare the currently installed software against the latest available software. This checks if there are any updates available for installation. When you click Check Now, the update check launches a new dialog box.
Chapter 4: Managing your vCAS When the code is downloaded, the source files is placed in the /usr/src directory on the vCAS. Note: This is a lengthy operation which may take the better part of a day to complete. Viewing the Log The HP RDA Customer Access Server screen allows administrators to view sessions and events in a tabular view, for example, tunnels that were permitted and denied by the vCAS. The following image displays the HP RDA Customer Access Server Log screen. Figure 4.
Chapter 4: Managing your vCAS The HP RDA Customer Access Server Log screen contains the following columns: Table 4.11 RDA CAS Log Column Description Start The time in ISO 8601 format that the sessions or event was started. End The time in ISO 8601 format that the session was completed. Duration The duration of the session. User The user who initiated the event or session. Action The short description of the event or session. Details The details of the logged event or session.
Chapter 5: Troubleshooting Information This chapter contains troubleshooting information. Read this chapter to learn more about common problems and actions. Test the Virtual CAS Network Check Tool The Virtual CAS Network Check Tool checks connectivity between the Virtual CAS and other elements in the network. Any user can run the tool and it does not require any privileges.
Chapter 5: Troubleshooting Information Checking if the DNS Servers are reachable..............................[OK] Checking if the targets are reachable.................................. [WARN] Closed access will block all tunnel attempts Checking if the RARS are reachable.....................................[OK] Checking if the web proxy is reachable.................................[OK] Checking if the CRL site is reachable.................................. [WARN] The CRL is not being checked.
Chapter 5: Troubleshooting Information Repeat Setup If you encounter problems with the vCAS, then rerun the vCAS setup script. Rerunning the vCAS setup script can clear-up problems with the appliance. You can invoke the setup again from the web UI, but it is easier to run from the command line. Log on to a command shell on the appliance or use the console window, and invoke the cassetup command. Use the hp-admin account or any other account with root privileges.
Appendix A: Starting a Virtual CAS at System Startup using VirtualBox VirtualBox does not support starting virtual machines automatically when systems startup. This appendix describes how to configure both Linux and Windows hosts to start their vCAS VMs at system startup. Configure Linux Hosts A compressed startup script is packaged on the vCAS and is available at:/usr/share/doc/hprdacas/examples/vboxvmstartup.gz. Copy this script to /etc/init.
Appendix A: Starting a Virtual CAS at System Startup using VirtualBox VirtualBox Extension Pack Irrespective of the approach you choose, you should install the VirtualBox Extension Pack. This allows you to connect to the vCAS over VirtualBox RDP. You should also configure the port number that you use to connect to the vCAS over RDP. The default port is 3389 but do NOT use this as it may be in use by the Windows host.
Appendix A: Starting a Virtual CAS at System Startup using VirtualBox Figure A.1 Service management Console VirtualBox Control Service system tray application The VirtualBox Control Service kit also comes with a system tray helper application vboxctrltray to control vboxcrl services. This application provides some good features but it is not essential; it us up to you to decide whether you wish to use this. To configure it, complete the following steps: 1.
Appendix A: Starting a Virtual CAS at System Startup using VirtualBox vCAS: Use VBoxVmService VBox VmService is a Windows application that allows you to run Oracle's VirtualBox VMs from within a native Windows service entity. It is easy to install and configure. The installation instructions are with the kit in a file called Howto.txt . The VBoxVmService needs to run under a particular user account. It may be beneficial to create a separate user account for this, for example, vboxadmin.
Appendix A: Starting a Virtual CAS at System Startup using VirtualBox Figure A.2 Local Group Policy Editor Logon Make sure that you set a system wide environment variable named VBOX_USER_HOME pointing at your VirtualBox configuration directory. On Windows 7, this is typically C:\Users\\.VirtualBox where is the name of the user that installed VirtualBox.
Appendix A: Starting a Virtual CAS at System Startup using VirtualBox SCHTASKS /Create /SC ONSTART /TN "Start vCAS on system boot" /RU SYSTEM /RL HIGHEST /TR "%VBOX_USER_HOME%\startvcas.bat When you use this approach, if the host system is shut down, the vCAS is powered off without saving its state. You can create a shutdown script to save the state of the vCAS at shutdown. To create a shutdown script to save the state of the vCAS at shutdown, complete the following steps: 1.
Appendix A: Starting a Virtual CAS at System Startup using VirtualBox you to login. Test this by connecting to the vCAS web interface or by sshing to the vCAS. When you logon to the Windows host, you will not be able to manage the vCAS using the VirtualBoxGUI or the VBoxManage command. Instead you use a RDP viewer such as mstsc.exe to connect to the console. If you used the VirtualBox Control Service, you can use vboxctrltray to start and stop the vCAS. HP Remote Device Access 8.
Appendix B: Release Notes This appendix contains the release notes for Virtual CAS version 14.06. Fixed Problems and Enhancements This maintenance release of the Virtual CAS provides the following enhancements: l Support for Virtual DigitalBadge on Windows 8. l OS package upgrade (installation of latest Ubuntu 10.04 Lucid patches) l Minor bug fixes. For more information, see "HP RDA CAS Ubuntu Changelog Summary" on the next page.
HP RDA CAS New Packages HP RDA CAS New Packages Package Version hp-rdacas-ca-certificates 1:14.06-37616 hp-rdacas-network-tools 1:14.06-37616 hp-rdacas-support-tools 1:14.06-37616 HP RDA CAS Ubuntu Changelog Summary Package Source Old Version Latest Version hp-rdacas hp-rdacas 1:13.06-35275 1:14.06-37616 hp-rdacas-linux-firmware hp-rdacas 1:13.06-35275 1:14.06-37616 hp-rdacas-relay hp-rdacas 1:13.06-35275 1:14.06-37616 hp-rdacas-upgrade hp-rdacas 1:13.06-35275 1:14.
HP RDA CAS New Packages libterm-emit-perl l 0.0.3-1 Tue, 25 Oct 2011 12:55:08 -0600 libterm-emit-perl (0.0.3-1) l Initial Release. -- Michael Spratte Tue, 25 Oct 2011 12:55:08 -0600 HP Remote Device Access 8.
Appendix C: License HP License Agreement PLEASE READ THIS HP LICENSE AGREEMENT ("AGREEMENT") CAREFULLY. THIS AGREEMENT IS A LEGAL AGREEMENT BETWEEN YOU (either an individual or A single LEGAL entity) ("YOU") AND HEWLETT-PACKARD COMPANY ("HP").
Appendix C: License • "Specifications" means specific technical information about Software which is published in HP manuals and technical data sheets in effect on the date HP electronically transmits Software to Customer. • "Use" means storing, loading, installing, executing or displaying Software on a single Device in accordance with the Documentation. HP may also specify Use authorizations or restrictions in the terms accompanying the Software.
Appendix C: License given. Your rights under this Agreement will automatically terminate upon transfer. Notwithstanding anything in the foregoing to the contrary, if You transfer a Device to a third party, You may transfer the associated Firmware without additional written authorization from HP. • HP may terminate this Agreement or your or any transferee's or sublicensee's rights under this Agreement upon notice for failure to comply with its terms or conditions.
Appendix C: License • Provisions herein which by their nature extend beyond the termination of any sale or license of Software will remain in effect until fulfilled. • If any term or provision herein is determined to be illegal or unenforceable, the validity or enforceability of the remainder of the terms or provisions herein will remain in full force and effect.
Appendix C: License This HP Global Master Privacy Policy applies to the collection, storage, processing, transfer, and use of personal information concerning covered individuals. Personal information includes any data by which a person can be identified or located, as well as any data to which HP has access in customer systems.
Appendix C: License • HP does not transfer personal information provided by covered individuals to third parties unless those third parties promise to give the data the equivalent level of protection that HP provides. Enforcement/Oversight • HP uses best commercial practices to obtain personal information by lawful and fair means. • HP complies with relevant privacy and data protection laws in the locations in which HP operates.
