beautypg.com

2 restricting console access, 15 algorithms for securing the appliance – HP OneView User Manual

Page 59

background image

allowed to access your system through the appliance console and diagnose issues that you have
reported.

Support access is a root-level shell, which enables the on-site authorized support representative to
debug any problems on the appliance and obtain a one-time password using a challenge/response
mechanism similar to the one for a password reset.

Any time after the initial configuration of the appliance, an Infrastructure administrator can enable
or disable services access through the UI by selecting Actions

→Edit services access on the Settings

window.

You can also use an appliance/settings REST API to enable or disable services access.

NOTE:

HP recommends that you enable access. Otherwise, an authorized support representative

will not be able to access the appliance to troubleshoot issues that you cannot resolve yourself.

3.14.2 Restricting console access

You can restrict console access to the virtual appliance through secure management practices of
the hypervisor itself.

For VMware vSphere, this information is available from the VMware website:

http://www.vmware.com

In particular, search for topics related to vSphere's Console Interaction privilege and best practices
for managing VMware's roles and permissions.

For Microsoft Hyper-V, restrict access to the console through role-based access. For information,
see the Microsoft website:

www.microsoft.com

3.15 Algorithms for securing the appliance

SSL (see

Table 2 (page 59)

)

SHA-256 for hashing local user account passwords

Other passwords are encrypted using 128-bit Blowfish

Support dumps:

Encryption: 128-bit AES

Hash: SHA-256

The AES key is encrypted separately using 2,048-bit RSA.

Updates:

Not encrypted; digitally signed using SHA-256 and 2,048-bit RSA

The following SSL cipher suites are enabled on the HP OneView appliance web server. The cipher
suites support the connection among the browser, other clients, and the appliance.

Table 2 Supported SSL cipher suites

Mac

Enc

Au

Kx

SSL version

SSL cipher suite

SHA1

AES (256)

RSA

DH

SSL v3

DHE-RSA-AES256-SHA

SHA1

AES (256)

RSA

RSA

SSL v3

AES256-SHA

SHA1

3DES (168)

RSA

DH

SSL v3

EDH-RSA-DES-CBC3-SHA

SHA1

3DES (168)

RSA

RSA

SSL v3

DES-CBC3-SHA

3.15 Algorithms for securing the appliance

59

See also other documents in the category HP Tools: