Manualshelf

HP Remote Device Access Security Overview for A.05.30 (December 2009)

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 ONC and NFS Software
11121314151617181920
1 Remote Device Access (RDA)
1.1 Executive Overview
Remote Device Access (RDA) is a support solution that enables the delivery of HP remote support services
over the Internet or other connectivity methods. Today, many security-sensitive transactions, such as
e-commerce, stock trades, and online banking, are executed securely over the Internet using the same security
technology utilized in RDA by HP.
Enhanced security features like encryption, authentication, audit and target authorization address stringent
customer compliance regulations. Customizable policies, that the customer can control and define for a
remote control session, allow for a consistent and firewall-friendly remote support solution for use across the
HP product and services portfolio.
1.2 Service Description
HP offers several options for establishing a secure connection between HP and your network, allowing an
HP support specialist with your authorization to remotely access your monitored systems and devices.
The HP support specialist can log in to your system, observing normal customer security procedures and
permissions, in order to provide remote hardware or software support for faster resolution of problems.
Connection options include:
Attended RDA via HP Virtual Support Room (VSR), a web-based desktop-sharing application.
Unattended RDA via SSH tunneling. The SSH tunnel is terminated at a Customer Access System (CAS)
deployed either in the customer DMZ or on a trusted network.
1. SSH-Direct The SSH tunnel is run bare over the Internet.
2. VPN Connectivity the SSH tunnel runs inside a VPN connection between HP and the customer.
3. ISDN Connectivity the SSH tunnel runs over an ISDN connection.
1.3 Service Value
The RDA solution provides HP customers an information security compliance level so that customers will meet
government and industry regulations. Authentication, access control and secure communications conform to
industry best practices.
1.3.1 Authentication
Customers can identify that they are securely connected to HP support specialists. Only authorized HP support
specialists are able to establish connections, authenticated with digital certificates
1.3.2 Access Control Overview
HP customers using RDA have full control of all incoming connections. Authorization and access restrictions
can be configured to meet the customer’s own security needs. For unattended RDA, audit trails are stored
in audit log files.
1.3.3 Secure Communications
All communications meet current security best practice standards on encryption. Multiple layers of security
ensure that HP customers can use RDA with confidence.
1.4 Unattended RDA Using SSH
All unattended RDA solutions rely on an SSH (SSH-2 protocol) tunnel running between the support specialist's
desktop and a designated Customer Access System (CAS) deployed either in the customer DMZ or on a
trusted network.
An SSH server is required on the customer network acting as a so called customer access system (see CAS
below). A SSH client is typically used for establishing connections to a SSH server accepting remote
connections. SSH server are commonly present on most modern operating systems, including Microsoft
1.1 Executive Overview 11