Chapter 1: understanding the vcas – HP Remote Device Access Software User Manual

Chapter 1: Understanding the vCAS

The Virtual Customer Access System (vCAS) is a pre-packaged virtual appliance. It is a small but
complete operating system, with HP's CAS software pre-installed.

The vCAS contains the software necessary for HP to securely access your network (depending on your
access control settings) and provides support for your systems and devices. In addition to its service
gateway capabilities, it includes advanced forms of the following:

Components

Description

Authentication

The vCAS uses a single sign-on authentication mechanism based on HP's
DigitalBadge infrastructure - an X.509 certificate-based public key
infrastructure. When an HP Support Agent logs on to or through a virtual CAS, the
strong authentication is performed at HP's perimeter servers and at your vCAS. This
helps protect you from unwanted intrusion.

Access
Control

Control who can access your network and what systems, ports, and protocols you
allow. The intuitive web interface enables you to disable all access or enable wide-
open access as desired.

Audit Logs

View detailed audit logs of activity on the vCAS. The log details the HP Support
Agent's e-mail address, the date and time of the support session, and the details of
the target to which the HP Support Agent is connected.

Manageability

The vCAS has an integrated patch and update mechanism. Select to have patches
and updates applied automatically, or manually apply them. You can also view
changelogs of all updates and get the source code for the entire appliance.

The vCAS is based on a stripped-down Ubuntu server Linux distribution. It contains
the following HP supplied software components:

Note: To allow updates, the customer has to allow https access to a
specific server in HP, if not the client will have to manually perform this
step.

OpenSSH
Software and
X.509
Extensions

The OpenSSH software provides basic SSH connectivity and is enhanced by adding
a digital certificate authentication and other security extensions (see RDA Security
Extensions). Currently, a modified version 6.1p1 with the X.509 patches (written by
Roumen Petrov) is used.

RDA Security
Extensions

Includes components for secure auditing, logging, and access control functionality.
The primary components of this package are NSS and PAM libraries which enable
the CAS to automatically create accounts for authenticated DigitalBadge users and
to contain their activities.

RDA CAS
User Interface
and
Management

A web-based user interface and the code to automatically create accounts for
authenticated DigitalBadge users. The web UI supports both Firefox and Internet
Explorer browsers and should work on other popular browsers. The lighttpd web
server is used to host the pages. The user interface provides initial configuration
features, access control, audit logs, software updates, and appliance setup. 

Page 7 of 65

HP Remote Device Access 8.1: vCAS User Guide