3.13.1 Enabling or disabling authorized services access

When you first start up the appliance, you can choose to enable or disable access by on-site authorized support representatives. By default, on-site authorized support representatives are allowed to access your system through the appliance console and diagnose issues that you have reported.

Support access is a root-level shell, which enables the on-site authorized support representative to debug any problems on the appliance and obtain a one-time password using a challenge/response mechanism similar to the one for a password reset.

Any time after the initial configuration of the appliance, you can enable or disable services access through the UI by selecting ActionsEdit services access on the Settings window.

You can also use an appliance/settings REST API to enable or disable services access.

NOTE: HP recommends that you enable access. Otherwise, the authorized support representative might be unable to access the appliance to correct a problem.

3.13.2 Restricting console access

For the virtual appliance, you can restrict console access through secure management practices of the hypervisor itself.

This information is available from the VMware website:

http://www.vmware.com/support/pubs

In particular, search for topics related to vSphere's Console Interaction privilege and best practices for managing VMware's roles and permissions.

3.14Algorithms for securing the appliance

SSL (see Table 2 (page 54))

SHA-256 for hashing local user account passwords

Other passwords are encrypted using 128-bit Blowfish

Support dumps:

Encryption: 128-bit AES

Hash: SHA-256

The AES key is encrypted separately using 2,048-bit RSA.

Updates:

Not encrypted; digitally signed using SHA-256 and 2,048-bit RSA

The following SSL cipher suites are enabled on the HP OneView appliance web server. The cipher suites support the connection among the browser, other clients, and the appliance.

Table 2 Supported SSL cipher suites

SSL cipher suite

SSL version

Kx

Au

Enc

Mac

DHE-RSA-AES256-SHA

SSL v3

DH

RSA

AES (256)

SHA1

AES256-SHA

SSL v3

RSA

RSA

AES (256)

SHA1

EDH-RSA-DES-CBC3-SHA

SSL v3

DH

RSA

3DES (168)

SHA1

DES-CBC3-SHA

SSL v3

RSA

RSA

3DES (168)

SHA1

54 Understanding the security features of the appliance

Page 54
Image 54
HP OneView manual Algorithms for securing the appliance, Enabling or disabling authorized services access, SSL see