Manualshelf

HP Remote Device Access Security Overview for A.05.30 (December 2009)

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 ONC and NFS Software
11121314151617181920
oversees whom from HP connects to their network and then controls where they can go and what they are
allowed to do.
The third layer is the login credentials on the target system that must be known by the HP support specialist,
typically pre-shared or shared on demand by the customer to HP over a different secure.
1.6 Connectivity Method: SSH-Direct - Secure Shell over Internet
The direct SSH option provides the quickest and easiest unattended RDA solution. The customer need only
provide HP with an Internet Routable IP address for the CAS and allow one of the HP access servers to access
it on port 22. The SSH-2 protocol is considered as secure as SSL.
Figure 1-3 SSH Direct
1.7 Connectivity Methods for VPN Solutions
Many customers security policies require that all inbound connections be protected inside a VPN connection
that is terminated in their DMZ. HP offers two VPN access solutions for unattended RDA, hpVPN and
Customer-Owned Router (COR) VPN. SSH port-forwarding is still used, except that it is tunneled over IPSec
using VPN routers. The combination of SSH and IPSec provides enhanced security.
SSH is recommended as it provides better end to end security as well as enhanced functionality (file transfer
capabilities and application tunneling), but HP recognizes that this may not fit all security policies. Therefore
we offer VPN connectivity with and without SSH tunneling. The following two figures show both options.
1.6 Connectivity Method: SSH-Direct - Secure Shell over Internet 15