1 enabling or disabling authorized services access, 2 restricting console access, 14 algorithms for securing the appliance – HP OneView User Manual
Page 54
3.13.1 Enabling or disabling authorized services access
When you first start up the appliance, you can choose to enable or disable access by on-site
authorized support representatives. By default, on-site authorized support representatives are
allowed to access your system through the appliance console and diagnose issues that you have
reported.
Support access is a root-level shell, which enables the on-site authorized support representative to
debug any problems on the appliance and obtain a one-time password using a challenge/response
mechanism similar to the one for a password reset.
Any time after the initial configuration of the appliance, you can enable or disable services access
through the UI by selecting Actions
→Edit services access on the Settings window.
You can also use an appliance/settings REST API to enable or disable services access.
NOTE:
HP recommends that you enable access. Otherwise, the authorized support representative
might be unable to access the appliance to correct a problem.
3.13.2 Restricting console access
For the virtual appliance, you can restrict console access through secure management practices
of the hypervisor itself.
This information is available from the VMware website:
In particular, search for topics related to vSphere's Console Interaction privilege and best practices
for managing VMware's roles and permissions.
3.14 Algorithms for securing the appliance
•
SSL (see
•
SHA-256 for hashing local user account passwords
•
Other passwords are encrypted using 128-bit Blowfish
•
Support dumps:
Encryption: 128-bit AES
◦
◦
Hash: SHA-256
◦
The AES key is encrypted separately using 2,048-bit RSA.
•
Updates:
◦
Not encrypted; digitally signed using SHA-256 and 2,048-bit RSA
The following SSL cipher suites are enabled on the HP OneView appliance web server. The cipher
suites support the connection among the browser, other clients, and the appliance.
Table 2 Supported SSL cipher suites
Mac
Enc
Au
Kx
SSL version
SSL cipher suite
SHA1
AES (256)
RSA
DH
SSL v3
DHE-RSA-AES256-SHA
SHA1
AES (256)
RSA
RSA
SSL v3
AES256-SHA
SHA1
3DES (168)
RSA
DH
SSL v3
EDH-RSA-DES-CBC3-SHA
SHA1
3DES (168)
RSA
RSA
SSL v3
DES-CBC3-SHA
54
Understanding the security features of the appliance