Use the hypervisor management software to restrict access to the appliance, which prevents unauthorized users from accessing the password reset and service access features. See Restricting console access.
Typical legitimate uses for access to the console are:
The virtual appliance console is displayed in a graphical console; password reset and HP Services access use a non-graphical console.
For the virtual appliance, you can restrict console access through secure management practices of the hypervisor itself.
This information is available from the VMware website:
http://www.vmware.com/support/pubs
In particular, search for topics related to vSphere's Console Interaction privilege and best practices for managing VMware's roles and permissions.
Local user account passwords are stored using a salted hash; that is, they are combined with a random string, and then the combined value is stored as a hash. A hash is a one-way algorithm that maps a string to a unique value so that the original string cannot be retrieved from the hash.
Passwords are masked in the browser. When transmitted between appliance and the browser over the network, passwords are protected by SSL.
Local user account passwords must be a minimum of eight characters, with at least one uppercase character. The appliance does not enforce additional password complexity rules. Password strength and expiration are dictated by the site security policy. If you integrate an external authentication directory service (also known as an enterprise directory) with the appliance, the directory service enforces password strength and expiration.
-
SSL (see Supported SSL cipher suites)
-
-
Encryption: 128-bit AES
-
Hash: SHA-256
-
The AES key is encrypted separately using 2,048-bit RSA.
-
-
-
Not encrypted; digitally signed using SHA-256 and 2,048-bit RSA
-
The following SSL cipher suites are enabled on the HP CloudSystem appliance web server. The cipher suites support the connection among the browser, other clients, and the appliance.
Supported SSL cipher suites
SSL cipher suite | SSL version | Kx | Au | Enc | Mac |
---|---|---|---|---|---|
DHE-RSA-AES256-SHA | SSL v3 | DH | RSA | AES (256) | SHA1 |
AES256-SHA | SSL v3 | RSA | RSA | AES (256) | SHA1 |
EDH-RSA-DES-CBC3-SHA | SSL v3 | DH | RSA | 3DES (168) | SHA1 |
DES-CBC3-SHA | SSL v3 | RSA | RSA | 3DES (168) | SHA1 |
DHE-RSA-AES128-SHA | SSL v3 | DH | RSA | AES (128) | SHA1 |
AES128-SHA | SSL v3 | RSA | RSA | AES (128) | SHA1 |