Security considerations

Security considerations information to help you to create for a remote support connection.

Remote support uses the latest security technology to ensure that the data exchanged between support teams and clients is secure. The identities are verified and protected with industry standard authentication technology, and remote support connection sessions are kept secure and private with the use of randomly generated session keys and advanced encryption.

The following are the some key security aspects:

Authorization and access Control: Remote support maintains multiple-level internal authorizations for any privileged access to the IBM Fusion HCI components. Only approved IBM service personnel can gain access to the tools that provide the security codes for IBM Fusion service node command-line access. Remote support sessions can only be initiated by a customer.; Once a session is ended, then the support can no longer connect to the service node. Client needs to set timeout in hours while starting a remote support session. Starting a remote support session is considered as a consent from the client for support engineer to connect to the system remotely. The timeout to automatically stop remote support session prevents customers from accidentally keeping connections open.

Strong password protection: Remote support sessions are protected by strong password authentication. Support engineers are authenticated using a challenge and response password exchange. Multi factor authentication ensures that auditing can be achieved at a greater level. Additionally challenge response authentication can be used to grant different level of access to different support engineers.

Advanced Encryption: Remote support implements outbound connections protected by 128-bit MARS or TLS encryption to prevent intruder access to the information exchanged during all remote support sessions. Chat, screen viewing, screen sharing and file transfer data are encrypted end to end, and packets are never decrypted in transit by the communication servers.

Uncompromising firewalls and proxy: Remote support works seamlessly with most firewalls and the connections are possible without any firewall reconfiguration. It requires access to outbound ports at both ends of a connection, so no need to open holes in firewalls. It also supports configuring a proxy for communication.

For more information about how to collect audit logs that includes record of all activities related a remote support session, see Audit logs.