beautypg.com

1 enabling or disabling authorized services access, 2 restricting console access, 14 algorithms for securing the appliance – HP OneView User Manual

Page 54

background image

3.13.1 Enabling or disabling authorized services access

When you first start up the appliance, you can choose to enable or disable access by on-site
authorized support representatives. By default, on-site authorized support representatives are
allowed to access your system through the appliance console and diagnose issues that you have
reported.

Support access is a root-level shell, which enables the on-site authorized support representative to
debug any problems on the appliance and obtain a one-time password using a challenge/response
mechanism similar to the one for a password reset.

Any time after the initial configuration of the appliance, you can enable or disable services access
through the UI by selecting Actions

→Edit services access on the Settings window.

You can also use an appliance/settings REST API to enable or disable services access.

NOTE:

HP recommends that you enable access. Otherwise, the authorized support representative

might be unable to access the appliance to correct a problem.

3.13.2 Restricting console access

For the virtual appliance, you can restrict console access through secure management practices
of the hypervisor itself.

This information is available from the VMware website:

http://www.vmware.com/support/pubs

In particular, search for topics related to vSphere's Console Interaction privilege and best practices
for managing VMware's roles and permissions.

3.14 Algorithms for securing the appliance

SSL (see

Table 2 (page 54)

)

SHA-256 for hashing local user account passwords

Other passwords are encrypted using 128-bit Blowfish

Support dumps:

Encryption: 128-bit AES

Hash: SHA-256

The AES key is encrypted separately using 2,048-bit RSA.

Updates:

Not encrypted; digitally signed using SHA-256 and 2,048-bit RSA

The following SSL cipher suites are enabled on the HP OneView appliance web server. The cipher
suites support the connection among the browser, other clients, and the appliance.

Table 2 Supported SSL cipher suites

Mac

Enc

Au

Kx

SSL version

SSL cipher suite

SHA1

AES (256)

RSA

DH

SSL v3

DHE-RSA-AES256-SHA

SHA1

AES (256)

RSA

RSA

SSL v3

AES256-SHA

SHA1

3DES (168)

RSA

DH

SSL v3

EDH-RSA-DES-CBC3-SHA

SHA1

3DES (168)

RSA

RSA

SSL v3

DES-CBC3-SHA

54

Understanding the security features of the appliance