E MC, secure remote services or ESRs is a two way connection between E MC and your E MC product that enables proactive remote monitoring, diagnosis and repair. Proactiv includes 24 by seven remote monitoring. An IP connection secure includes rigorous encryption and RS A digital certificates virtual enables customers to allow or deny access. Simple means, detailed and easy review of remote support activity. Here is how ESRs works. ESRs will reside in the enterprise VMWARE or hyper V instance provided by the customer and physical hardware is no longer needed pre built software solution that is packaged, updated and maintained as a unit home events are sent through ESRs to E MC that include configuration files and system generated alerts.
If troubleshooting is required, a request goes through ESRs and queries. The optional policy manager. If applicable, the customer has three permission settings always allow, never allow and ask for approval. E MC can use the connection to address problems or preventative maintenance. All communications between the customer site and E MC are encrypted with advanced encryption standard AES 256 algorithm and initiated from the customer site by the ESRs over 443 and 8443 using industry standard secure sockets layer and transport layer security SSL TLS encryption over the internet and an E MC signed RS a digital certificate for authentication. The ESRs client creates a secure communication tunnel. All E MC personnel must be authenticated to work on support service requests and all customers have the option to accept or deny remote support activity. ESRs server requirements.
ESRs has specific site requirements which are specified in the ESRs site planning guide available at support dot E mc.com E MC. Customers must provide the following an IP network with internet connectivity, the capability to add ESRs appliance and policy manager servers to the network network connectivity between the ESRs appliance and the E MC devices. To be managed by ESRs internet connectivity to EM CS ESRs infrastructure by using outbound ports, 443 and 8443 optional internet connectivity to EM CS ESRs infrastructure for failed over connect home by using outbound port 990 for FTP S and port 25 for SMTP network connectivity between ESRs appliance and policy manager. ESRs preparation. The following is needed to set up ESRs hypervisor, vsphere, hyper V static IP address, default gateway DNS server, mail server, optional customer proxy server, optional ESRs policy manager registered E MC account.
ESRs software package has been downloaded and is available for installation powering on the virtual machine and accepting the license agreement, power on the virtual machine and you will be presented with the license agreement at the license agreement screen, review the license and then use the short key cue to get the Y prompt, accept the license by selecting Y for yes and then pressing enter yes. The ESRs loads for the first time and that host and domain name screen displays provisioning ESRSV three in the host name and domain name screen, enter your chosen host name and your company domain name. Then select next or tab to continue in the network configuration screen, you need the set, fixed IP address, select change alt see option and then tab or select next to continue in the network interfaces. Screen, select network interfaces in the network settings.
Screen, select edit in the network card, set up screen tab the field and enter information for static IP address, subnet mask and host name, select next verify details and then select OK in the network settings, host, set up screen tab to the DNS field and enter the IP address of your DNS service and then select OK. In the network settings, default gateway screen specify the default gateway IP address used by your network and then select OK. In the network interface screen, select next or F 10 in the setting configuration screen when configuration is completed, select next or F 10 in the clock and time zone screen, set up time zone, then select next in the password for the system administrator root screen, set up the root console use password. Then select next international customers should use the test keyboard layout field to make sure the password entered is as expected.
The ESRSV three expects a US keyboard select next again, important record your password. If you forget your root credential password, then you must perform the first boot install again to set up the root credentials. The system cannot retrieve your credential information and there is no default password for root. During first installation, you must manually set up password at this time. In completing the system configuration screen. When configuration is complete, select next the machine gets booted. And the web ve web UI prompts are shown this completes the first boot installation. You can now go to ESRSV three web UI root log on and admin setup access the ESRSV three WEI using the following URL, either in internet explorer nine or above or in the Google Chrome web browser type http SES RSI P address 9443 in the user name, text entry box, enter root as a user name in the password, text entry box, enter the root password that you have set up during the first boot installation.
Click a log in button, the end user license agreement by clicking accept and then click the submit button in the admin setup page, set the admin password and then click log in as admin provisioning screens. ESRSV three set up in the primary contact page. Enter primary contact information. E MC uses the information provided in this section as the customer contact for the Esrse, MC will reach the primary contact first. Regarding any ESRs queries for international customers, please enter your phone number with 011 and then your country code and number. When the primary contact information is complete, click on the submit and go technical registration button status. Primary contact has been saved. Click on ok, technical contact page. You can skip this step by clicking the skip technical contact button or enter technical contact information. Click on submit and go to provisioning button status. Technical contact has been saved. Click OK
. For the proxy server tab, if a proxy server is not required, you can then skip this step. Click on submit and go to network check button in the network check tab, you must run network check to check the connectivity between the ESRSU I note core and G A global access service. If all the tests are successful, then the results show connected green. If the test results are unsuccessful or unable to connect, then the result display is red circle and you will have to reconfigure their server information to ensure communication integrity, proxy servers, security appliances and cloud based security services must not perform any method of ssl decryption on IP traffic between your ESRs solution and ECs ESRs infrastructure. By design ESRs will detect that the packets have been tempered with and will result in a breakdown of communication until the traffic is able to pass without being decrypted, click provision button.
Enter E MC online support credentials to continue ESRs provisioning EMC employee and partners must use secure ID RS A fob login credential to continue ESRs provisioning. When progressing to the next screen, the user will see a button. Email my access code, the user must click on this button based on the internet address used in the prior screen. This will cause an eight digit code to be sent to the requester. When an email message is received that contains the code, the user must take that code and paste that into the dialog box. The states enter access code. After selecting the next button, the user will be presented with all site ids associated with their user name. The user must then select which site id they wish to use for provisioning. Followed by the next button. The provisioning goes through login authorized software list, download, downloading ESRs software configuration items requesting ESRSRS a digital certificate from E MC enterprise. If provisioning is successful, then the EMC certificates are installed in the ESRs provision are registered on the EMC enterprise status. ESRs was successfully provisioned with serial number, click ok. Email configuration provide mail server information to send notifications in the event of a connect home failure.
If notifications of successful connect homes is desired enable on success notifications provide email server and its port details. In the email server import text boxes, provide an email address in the sender email section which will be used as from address in the email notifications provide an email address in the notifications, email section which will be used as the recipients from any critical failed event notifications or fail call home on the ESRs. If you select enable on success notification, the customer will receive emails at call home is forward successful to EMC if configured multiple email users and distribution lists can be added by separating the names with a comma click test button, pop up window indicated that the test email was successfully sent. Click ok button. Here's a screenshot of this email. Click on submit and go to policy manager button status. Email configuration has been saved. Click ok. Policy manager. If you're using policy manager, it must be installed and operational then completed the applicable information on this tab to enable policy management on this page. Enter the IP address port number and SSL strength high. If you are not using SSL for communication to the policy manager, then clear the enable SSL check box.
If the proxy server is not used for communication to the policy manager, then clear those check box as well. Click submit and go to connect home button in the connect home tab, you can configure and test the ability of ESRs to send connect homes via FTP S or a customer email server. These are automatically used by ESRs to send connect homes to EMC if the ESRSV three connection to EMC becomes unavailable, although not required. It is highly recommended that the optional connect home tab be configured. The customer firewall and proxy server may need to be configured to pass this traffic. Please see the port requirement document for port used on support dot E mc.com, select both of the connect home connections. The test button becomes enable, click the test button to test connection to EMC if the tests are successful, then the following message displays, test connect home using email was successful. Test connect home using FTPS was successful click completed, set up button, set up, completed, click on the home button that brings you to the ESRs WEI dashboard.
The dashboard is the home page of the ESRs V three web UI which displays the entire information related to ESRs. You can use the dashboard to verify the statuses of the ESRs V three. And services information includes serial number, current version of the ESRSV three connectivity status, the environment to which the ESRs is pointing and where there is an update available for download. Best practice, optional, dual ESRs high availability configuration. E MC, best practice recommends implementing a high availability ESRs configuration. In this configuration. All ESRs appliances work as active, active peers to manage the same set of EMZ devices. Each ESRs appliance provides service notifications and remote access on a first come first serve basis for any E MC managed device. If one ESRs appliance is unavailable, all connect home and remote support activity will follow through the other ESRs appliance. It all depends on the device, connect home configuration. If the ESRs appliance service becomes unavailable, then all connect home files will be sent to E MC through FTP S or SMTP. It all depends on the ESRs appliance configuration and the customer network rules. Any of the approved ESRs appliance configurations may be used to manage globally dispersed E MC devices
. The only caveat is that ESRs appliance must have network access to each of the E MC devices it will be managing. In addition, paired ESRs appliance may also be globally dispersed. Each paired ESRs appliance must have network connectivity to all managed devices. The ESRs solution high availability clients are synchronized through the heartbeat process, do not communicate directly with each other. ESRSV three gooey overview systems status tab. This tab displays the operability of your system. Although all elements are crucial, special attention should be made to the sections connecting to connectivity status, policy manager, if applicable SSL and certificates. If you notice any errors or have any areas of concern, please contact your local EMC representative remote sessions tab. You will be able to view remote sessions that EMC has initiated to your monitored devices. You will see such information as the serial number being accessed, what application is being used as well as the employee ID of the EMC support person that is accessing the device active MFT sessions.
Please note that although this tab will be visible, it will initially not be utilized. It is being prepositioned for future growth E MC products that will utilize the rest API will use this tab to send usage intelligence to EC. In addition, products will have the ability to send large files to EMC utilizing this channel. We will keep you informed of all updated information, connect homes, the connect homes tab displays total file count, oldest file age, as well as all the files that are present in the pole directory of ESRs virtual appliance that have yet to upload to the ESRs portal at E MC. This portal is called service link by E MC employees alerts when there is a change in the status of your ESRs virtual appliance. Any events that need user attention are displayed on this page. All the alerts for this particular ESRs virtual edition are displayed with options to acknowledge and acknowledge all alerts. You can click on each record to get additional details, service status in the service status tab.
The status of each service related to your ESRs virtual edition appliance are displayed green circle indicates that the service is running red circle indicates that the service has stopped or not working. You can always check the banner to see if the system is healthy or not healthy. On the upper right hand side of the gooey is text that displays whether or not your system is healthy. Update tab, the update tab provides the information on the current version of ESRs latest updates available from the ESRs back end and a summary of previously downloaded updates along with release notes, change contexts. Please note that once the provisioning is completed, you have the ability to modify primary and technical contact information. This data would be useful in the event that E MC needs to notify either or both of the listed individuals to view or modify contact information. Please select customer contact from the configuration menu within the ESRSV three gooey. You have the ability to modify primary and technical contact information, change V three goy password.
You will have the ability to change the password that is used to log in to the ESRs virtual appliance. Once logged into the Gooey, please proceed to the admin section and select change password. You will receive a prompt to enter the existing and new passwords. Once the new password is accepted, you will be logged out of your existing session. You will then need to log in using the newly created password, alternative connectivity methods with ESRSV three, you will now have the capability to utilize alternative connectivity methods. The two methods are FTP S and email. This exciting new feature set means that if the primary call home mechanism of ESRs is not available, any event files queued will be sent back to E MC via FTP S or email. Please note that these options are available only if selected from within the gooey under the configuration menu. Please select connect home. You will need to select, enable, fail over FTPS or enable fail over email customer email configuration. Another new feature is the capability to receive emails when event files are sent to the appliance en route to E MC. For processing.
This is a new feature and allows you to be proactively notified in case of issues with your E MC monitored systems. Please note that this method simply tells you that a file has been sent home to view or add email recipients. Please select email configuration under the configuration menu. An additional note that the email server defined is your SMTP server and not the ESRs virtual appliance email configuration. If you select enable on success notification, the customer will receive emails at call home is forward successful to EMC if configured, provide email server and its port details in the email server import text boxes, provide an email address in the email section which will be used as from address in the email notifications, provide an email address in the notifications, email section which will be used as the recipients from any critical failed event notifications or fail call home on the ESRs click test button. The pop up window indicated that the test email was successfully sent. Click ok button. Heres a screenshot of this email when event files are sent to the appliance en route to E MC for processing. This is a new feature and allows you to be proactively notified in case of issues with your E MC monitored systems. Please note that this method simply tells you that a file has been sent home device deployment management.
Once your em ce srs virtual appliance is provisioned, you will have the capability to deploy and manage devices in your environment to deploy a device. You must be aware of the serial number and IP addresses of any device that you wish to include for monitoring from the device's menu. Please select manage device then select add when the dialogue box appears, you must enter the serial number IP address and model. In addition, please note that depending upon the model, you must be aware of the suffix type using VNX as a reference. You must select whether this is a block or file system. Once you have entered the appropriate information, please select the request update button. This will send a notification to the EM CE SRS portal under your virtual appliance serial number that a request has been sent that will need to be approved. Once you have completed this process, please contact your local E MC representative to approve this request. Please note that at this time, device ads are not automatically approved deployed the vice validation era for a device to be deployed so that it can be properly managed via ESRs.
There are various E MC systems that must process this request on rare occasions under your list of managed devices. You may occasionally notice a validation error to view this era, select the appropriate device for the settings on the right side of your screen, you will notice the letter I. If you place your mouse over that letter, the text fetch, additional details will appear when that button is selected at the bottom of the screen, you will notice a section called validation status. Please note any listed errors and contact your local ec representative change device IP address. Once you have deployed a device on your virtual appliance, you will have the capability to modify the IP address.
If necessary to perform this action from the device's menu. Please select manage device, select the appropriate device, then select the edit button when the dialog box appears, modify the IP address as desired. The next step would be to select the request update button. Please contact your local EMC representative to approve this request policy manager. If you are an E MC customer with an existing ESRs infrastructure that includes a policy manager, you will have the ability to add your policy manager to the ESRSV three Gooey so that it can manage your devices. To make this addition, you must know your IP address of the policy manager as well as the port being used under the configuration menu.
Please select policy manager select the enable remote policy manager check box. You will then need to input the IP address port number and SSL strength high note that on ports, the only two that are utilized are either 8090 or 8443 preferred. If you are unsure of this data, please contact your local EMC representative for assistance. General overview, V three system logs from the ESRSV three gooey click on logs. Tab ve agent folder is where the X gate and watchdog logs are located. The watchdog log allows us to check the ESRSV three client status and connectivity to E MC. And the X gate dot log captures connection activities and errors which are helpful in troubleshooting issues.
