HP Remote Device Access Security Overview for A.05.30 (December 2009)
1.7.1 hpVPN
With hpVPN, HP provides a router to the customer. The router is deployed in the customer’s DMZ. HP’s VPN
router establishes an IPSec VPN connection with a so called Customer Premises Equipment (CPE) router, at
the customer’s site. HP maintains the software and router configurations on both ends. Currently, all hpVPN
connections use triple-DES encryption and SHA-1 HMAC. The access lists on the CPE routers allow only
connections from authorized HP systems. HP manages and configures the hpVPN routers.
1.7.2 Customer-Owned Router (COR) VPN
With COR VPN, HP establishes an IPSec VPN with a customer-owned router. HP’s RDA VPN routers are
successfully inter-operating with ProCurve, Cisco IOS, Cisco PIX, Check Point, Juniper, and other VPN routers
at customer sites. COR VPN connections can be configured tailored to the customer’s requirements. The
customer manages and configures their own equipment.
1.8 Connectivity Method for Integrated Service Digital Network (ISDN)
In some countries HP offers the option of ISDN connectivity. As with VPN solutions, SSH port-forwarding is
used over ISDN to provide secure remote access.
Figure 1-6 ISDN
1.9 Attended RDA via Virtual Support Room
Virtual Support Room (VSR) is a lightweight, web-hosted meeting place that enables HP support specialists
to connect to a customer enterprise covered under warranty or contractual agreement. Attended RDA is an
ad-hoc connection method that can be used without any complex configuration or hardware setup
VSR is based on HP Virtual Rooms and offers web collaboration functionality such as desktop sharing, file
transfer, and desktop control. Like a real private meeting room, securely locked with doors, the HP Virtual
Support Room is a secure private protected online meeting place for two or more meeting participants.
1.8 Connectivity Method for Integrated Service Digital Network (ISDN) 17