Securing customer-initiated service sessions to enable remote TLS service sessions to HPE OneView

With HPE OneView Remote Technician enablement, an authorized support technician can remotely access your appliance to resolve issues related to HPE OneView. By default, remote service sessions by Hewlett Packard Enterprise are disabled.

An authorized support technician can remotely access a customer appliance to resolve issues related to HPE OneView. An authorized support technician who requests access to your HPE OneView appliance is restricted to a secure group of HPE authenticated employees. For further security, the final authorization is configured through the access level policy on your appliance. In addition, any remote access service session is restricted to the appliance only (seen as 127.0.0.1) with access to all other IP addresses remaining blocked.

Use the Diagnostics > Edit link to configure a remote access service session for access by an authorized support technician. The Diagnostics screen displays connection details, such as number of pending access requests.

Once service sessions settings are configured on an appliance, a customer can initiate a tunnel connection to Hewlett Packard Enterprise.

An Infrastructure administrator can set an access policy:

  • Full access: Allows an authorized support technician to connect to your HPE OneView appliance.

  • Restricted access: Access is restricted to an authorized support technician configured in accordance to Access Control Level (ACL) rules. When a connection request from an unconfigured authorized support technician is received, an access request appears in the Access requests section of the Diagnostics screen. If the access request is accepted, an ACL rule is automatically created. A Station ID, which uniquely identifies an HPE OneView appliance, must be shared with the authorized support technician to initiate a service session.

  • No access: Access to the appliance by an authorized support technician is denied in this mode.

NOTE:
  • Hewlett Packard Enterprise recommends that you set the access level to Restricted.
  • All TLS service sessions are established through a secure TLS tunnel between an HPE OneView appliance and HPE servers. If the secure TLS tunnel is disconnected, all currently established service sessions are dropped and new sessions cannot be established. Use Actions > Stop all HPE service sessions to stop all ongoing service sessions.
  • During an appliance restart, all established service sessions are dropped. Establish a new service session to compensate for the previously dropped service session.

More information