Contents ESRS Gateway Solution Technical Overview ................................................................................................. 3 Documentation and Software ...................................................................................................................... 6 Architecture and Specifications .................................................................................................................... 6 Gateway Client ........................................................................................................................................ 6 High Availability Architecture ................................................................................................................... 6 Policy Manager ........................................................................................................................................ 7 Policy Manager Redundancy .................................................................................................................... 7 Co-located Gateway Client and Policy Manager ....................................................................................... 7 Virtual Machine Support .......................................................................................................................... 7 Configuration Options .............................................................................................................................. 7 Licensing Requirements (EMC) ....................................................................................................................10 Device Support ...........................................................................................................................................11 Device Management IP addresses ...........................................................................................................11 Clariion and VNX Block Support...............................................................................................................12 Brocade Switch Support ..........................................................................................................................12 Cisco Switch Support ...............................................................................................................................12 Device Call-Home Support ......................................................................................................................13 Server Preparation ......................................................................................................................................14 Configure Internet Information Services (Gateway Client Only) ...............................................................14 Configure Local User Accounts (Gateway Client Only) .............................................................................14 Configure Domain Name Resolution for EMC Enterprise Servers .............................................................18 Network Preparation ..................................................................................................................................19 Gateway Client to EMC Communication ..................................................................................................19 Gateway Client to Policy Manager Communication .................................................................................19 Device Management Interfaces ...............................................................................................................20 Gateway Client to EMC Device Communication.......................................................................................20 Environment Validation ..............................................................................................................................24 Install Customer Environment Check Tool (CECT) ....................................................................................24 Configure CECT Test Parameters .............................................................................................................24 Run CECT Tests .......................................................................................................................................24 Analyse CECT Test Results .......................................................................................................................24 Collect CECT Test Logs .............................................................................................................................24 Change Control (EMC).................................................................................................................................25 CCA Requirements ..................................................................................................................................25 Solution Implementation ............................................................................................................................25 Obtaining ESRS Software .........................................................................................................................25 Installation ..............................................................................................................................................25 Deploy EMC Devices ...............................................................................................................................26 RemotelyAnywhere Support ...................................................................................................................27 Configure and Test Device Call-Home......................................................................................................27 Test Remote Connectivity .......................................................................................................................27 APPENDIX A: Troubleshooting Device Connectivity Issues ...........................................................................28 APPENDIX B RemotelyAnywhere Access Filter Configuration ....................................................................32
ESRS Gateway Customer Implementation Guide 2.3 3
ESRS Gateway Solution Technical Overview Refer to the Secure Remote Support Technical Description document on Powerlink for more detailed information about the ESRS Gateway solution features and functionality. The EMC Gateway solution provides secure, IP-based connectivity to your EMC platforms that enables pro- active, round-the-clock remote support. Advanced security features address Government and industry regulations to keep you in compliance, while the IP-based connection accelerates time to resolution and lowers costs. ESRS Gateway solution is designed to address the concerns of Security and Network Administrators. The Policy Manager application allows you to determine when and how EMC can access your systems. The firewall-friendly architecture eliminates the need to open inbound ports and allows you to install the ESRS Gateway solution where it fits your security policies. ESRS Gateway Client The ESRS Gateway Client is installed on a dedicated server running Windows 2003 or Windows 2008 and acts as the conduit for all communication between EMC and the Managed Devices. EMC does not have visibility or access to the Windows OS from outside the customers network environment. ESRS Policy Manager The optional Policy Manager enables the customer to set permissions for devices being managed by the Gateway Client. The three options for each policy are Always Allow, Ask for Approval and Never Allow. When an action requires Customer approval, the Policy Manager sends an email message to a designated mail address and the customer must use the Policy Manager interface to Accept or Deny the request. Policy filters allow different policies to apply at different times of the day or week depending on customers requirements. The Policy Manager uses the Apache Tomcat engine and a local JDBC relational database to provide a secure web-based user interface for policy management. Optionally it may be configured to use and external LDAP directory server such as SunOne or OpenDS. The Policy Manager also maintains an audit log of all remote actions and requests that have occurred on the Gateway Client. EMC personnel do not have visibility of the Policy Manager Application or Windows OS from outside the customers network environment. High Availability Option EMC recommends two or more Gateway Clients be deployed for High Availability. In this configuration, the two Gateway Clients behave as Active-Active peers that manage the same set of devices and can be located in different physical locations. There is no direct communication between Gateway Clients, synchronization occurs via the heartbeat process back to EMC. The figure on the right shows an example of a High Availability Gateway Client topology with Policy Manager.
4 ESRS Gateway Customer Implementation Guide 2.3
Solution Security All communication between the Gateway Client and EMC is initiated from the customer side and incorporates the latest security practices and encryption technologies, including RSA Lockbox technology based on FIPS Certified OpenSSL libraries and Advanced Encryption Standard (AES) 256-bit encryption. At install time, each Gateway Client is issued with an RSA SecurID authenticated digital certificate based on the X.509 standard. All communication between EMC and the Gateway Client requires bilateral authentication these digital certificates. This firewall-friendly communication technology, using SSL VPN gateway tunnels, only requires enabling of outbound communication over SSL default ports 443 and 8443. Remote access to your EMC storage devices is secured using a session-based IP port-mapping solution. Proxy Server Network traffic can be configured to route from the Gateway Clients though proxy servers to the Public Internet. Such configurations include support auto-configuration, HTTP and SOCK proxy standards. Heartbeat Monitoring The Gateway Client sends a regular Heartbeat to EMC in 30-second intervals, containing a small datagram that identifies the Gateway server and provides EMC with status information on the health of the managed EMC devices. Should EMC not receive a Heartbeat from the Gateway Client for 30 minutes, a Service Call is automatically generated for investigation by EMC Support. The figure on the right shows the Heartbeat process from the Gateway Client to the EMC backend servers. Remote Notification When an alert condition occurs on a managed device, an event message file is generated by the device and is transferred to the Gateway using FTP, SMTP or HTTPS protocols. The Gateway Client compresses, encrypts and then forwards the message to EMC using the same secure SSL VPN tunnel technology used for all other communication to EMC. The figure on the right shows the Remote Notification process from the Gateway Client to the EMC backend servers. ESRS Gateway Customer Implementation Guide 2.3 5
Remote Access Two-level authentication is used to remotely connect to an ESRS managed device. Before an EMC support specialist can access a managed device, they must be authenticated on the EMC network and authenticated on the Remote Connection application. The support specialist makes a request to access a ESRS managed device and this request is then queued at EMC until the next Heartbeat is received from the Gateway Client that manages that device. In response to the Heartbeat message, EMC notifies the Gateway Client of the request details and the Gateway Client checks the request details against the configured access policies for that device. If access is approved, the Gateway Client establishes a separate secure SSL connection back to EMC. This secure VPN session only allows IP traffic between the EMC Support Specialist who requested the connection and the managed EMC device. The figure on the right shows the Remote Access from the Gateway Client to the EMC backend servers.
6 ESRS Gateway Customer Implementation Guide 2.3
Documentation and Software All customer viewable documentation is available at powerlink.emc.com at the following location: Home > Support > Technical Documentation and Advisories > Software ~ S ~ Documentation > Secure Remote Support > Secure Remote Support (ESRS2) Recommended documents for customer review are listed below: Secure remote Support Technical Description Secure Remote Support Operations Guide Secure Remote Support Policy Manager Operations Guide Secure Remote Support Site Planning Guide Secure Remote Support Port Requirements Secure Remote support Release Notes The Customer Environment Check Tool is used to verify the readiness of the ESRS environment and can be downloaded from powerlink.emc.com at the following location: Home > Support > Product and Diagnostic Tools > Environment Analysis Tools > Customer Environment Check Tool (CECT) In addition to the above official EMC documentation, customised documentation is also available from your EMC Account Service Representative (ASR) to assist with planning and preparation of the ESRS Gateway Solution. Please request the following: ESRS Gateway Pre-Install Checklist ESRS Gateway Customer Implementation Guide (this document) ESRS Gateway CECT Procedures Customer Environment Check Tool CECT Analyser Tool (Zip File)
Architecture and Specifications Refer to the Secure Remote Support Site Planning Guide and Secure Remote Support Technical Description for more detailed information about the hardware requirements to implement the ESRS Gateway solution. Gateway Client The minimum requirement for ESRS is a single Gateway Client running on a dedicated Windows 2003 or 2008 server. The Gateway Client acts as a conduit for all communication between EMC and the EMC managed devices at the customer site. The Gateway Client can manage EMC devices across multiple locations. EMC do not have visibility to the Windows OS from outside the customers environment. High Availability Architecture For redundancy, two Gateway Clients can be configured in a High Availability cluster. In this configuration, both Gateway Clients manage the same set of devices and if one Gateway is unavailable, the other Gateway is able to provide remote access capability for all devices. The Gateway Clients should be located at different sites for maximum redundancy. Documentation and Software Checklist ESRS Gateway Pre-Install Checklist Customer Environment Check Tool ESRS Gateway CECT Procedures CECT Analyser Tool ESRS Gateway Customer Implementation Guide 2.3 7
Policy Manager The Policy Manager is an optional component that enables the customer to set access permissions for the EMC devices being managed by the Gateway Client. The Policy Manager also maintains and audit log of all remote access actions and requests that have occurred on the Gateway Client. EMC do not have visibility to the Windows OS or Policy Manager functionality from outside the customers environment. Policy Manager Redundancy If the Policy Manager fails, the Gateway Clients will still be able to provide remote access to EMC managed devices using a cached copy of the last known policy configuration. If the last known policy for a managed device was set to Ask for Approval or Never Allow , the Gateway will Deny access to that device. If the policy was set to Always Allow, the Gateway will continue to allow remote access to that device. A second Policy Manager can be configured as a Cold Standby. When the Production Policy Manager fails, the customer must manually activate the Standby Policy Manager using a backup of the Production Policy Managers database. Co-located Gateway Client and Policy Manager The Gateway Client and Policy Manager can be co-located on a single dedicated server. This configuration is not recommended for production environments and is not supported in a High Availability configuration. Since the Gateway Client requires remote access via the Public Internet and the Policy Manager requires internal network access only, combining these two roles into a single server may implications for the customers security requirements and network environment. Virtual Machine Support Hyper-V virtual machines can be used to host the Gateway Client only. The Policy Manager software is not yet qualified for Hyper-V support. VMWare virtual machines based on VMWare ESX 2.5.2 or later can be used to host the Gateway Client and Policy Manager servers, with the following caveats: Dual Gateway Configurations should have Gateway Client virtual machines on separate physical servers If possible, avoid placing Gateway Client virtual machine on storage provided by EMC Managed devices VMotion is supported for the Policy Manager only, VMotion is not supported for the Gateway Client Configuration Options The table below lists the common configuration options and the number of servers required for each. The recommended configuration option for most environments is Dual Gateway Clients configured as a High Availability cluster, plus a separate Standalone Policy Manager. Configuration Server Qty Single Gateway Client Server One Co-Located Gateway Client Server with Policy Manager NOTE 1 One Single Gateway Client Server and Standalone Policy Manager Two Dual High Availability Gateway Client Servers Two Dual High Availability Gateway Client Servers and Standalone Policy Manager NOTE 2 Three Dual High Availability Gateway Client Servers and Standalone Policy Manager with additional Cold-Standby Policy Manager NOTE 3
Four Notes 1. Co-Located Gateway Client and Policy manager only recommended for non-production environments. 2. The recommended configuration for most customers is the Dual High Availability Client servers with separate Policy Manager server. 3. The Cold Standby Policy Manager maintains a copy of the running Policy Manager database and must be manually activated by the customer. 8 ESRS Gateway Customer Implementation Guide 2.3
Standalone Gateway Client Server Specifications The ESRS Gateway software must reside on a dedicated server. You may harden the Windows OS to meet network security requirements, as long as the changes do not inhibit normal ESRS IP Client installation or operation. Hardware Processor One or more processors, minimum 2.2 GHz, must support SSE/SSE2 for FIPS compliance Free Memory Minimum 1 GB RAM, preferred 2GB RAM Network Single or dual Ethernet adapters ( depending on customer network environment) Free Disk Space Minimum 1GB for installation (preferably on a storage device of 40 GB or larger)
Software Operating System Windows Server 2003 R1 or R2, 32-bit or 64-bit, SP1 or SP2 or SP3 Windows Server 2008 R1, 32-bit or 64-bit, SP1 or SP2 NOTE 1
Windows Server 2008 R2, 64-bit, SP1 or SP2 NOTE 1 Windows Server 2008 R2, Datacenter or Enterprise Editions, 64-bit, SP1or SP2 NOTE 1 Microsoft .NET Framework 2.0 SP1 or greater (3.5 & 4.0 not compatible) Microsoft Visual C++ 2005 SP1 Runtime Library installed Microsoft Internet Information Services (IIS), FTP and SMTP services enabled EMC OnAlert and ESRSConfig Local User accounts created Remote Desktop installed NOTE 2
Notes 1. Domain credentials not supported for Windows 2008 2. If EMC needs to remotely access a desktop to verify ESRS IP configuration or to troubleshoot, EMC will contact you for a WebEx session and ask you to establish a Remote Desktop session to the Gateway or Policy Manager Standalone Policy Manager Server Specifications Policy Manager may reside on a shared server, but there may be some restrictions, example: o Policy Manager cannot reside on same server as EMC Control Center o Conflicts with other applications that uses the Tomcat Web server or ports 8090 and 8443 Hardware Processor One or more processors, minimum 2.1 GHz Free Memory Minimum 1GB RAM, preferred 2GB RAM Network Single or dual Ethernet adapters ( depending on customer network environment) Free Disk Space Minimum 2GB for installation (preferably on a storage device of 80 GB or larger) NOTE 1 Software Operating System Windows XP (SP2 or later), Windows Server 2003, Windows Vista Windows Server 2008 R1, 32-bit or 64-bit, SP1 or SP2 Windows Server 2008 R2, 64-bit, SP1 or SP2 Microsoft .NET Framework 2.0 SP1 or greater (3.5 & 4.0 not compatible) Microsoft Windows Task Scheduler running and unrestricted NOTE 2
Remote Desktop installed NOTE 3
Notes 1. Disk Space will be consumed due to audit logging. Ensure that adequate disk space is maintained. 2. Task Scheduler required for Policy Manager Database backup 3. If EMC needs to remotely access a desktop to verify ESRS IP configuration or to troubleshoot, EMC will contact you for a WebEx session and ask you to establish a Remote Desktop session to the Gateway or Policy Manager
ESRS Gateway Customer Implementation Guide 2.3 9
Co-located Gateway Client and Policy Manager Server Specifications Recommended for test environment only No High Availability Option The ESRS Gateway software must reside on a dedicated server. You may harden the Windows OS to meet network security requirements, as long as the changes do not inhibit normal ESRS Software installation or operation. Hardware Processor One or more processors, minimum 2.2 GHz, must support SSE/SSE2 for FIPS compliance Free Memory Minimum 3 GB RAM Network Minimum single 10/100 Ethernet adapter, preferred Gigabit Ethernet adapters (may require dual Ethernet depending on customer network configuration and environment) Free Disk Space Minimum 3GB for installation (preferably on a storage device of 80 GB or larger) NOTE 1 Software Operating System Windows Server 2003 R1 or R2, 32-bit or 64-bit, SP1 or SP2 Windows Server 2008 R1, 32-bit or 64-bit, SP1 or SP2 NOTE 2
Windows Server 2008 R2, 64-bit, SP1 or SP2 NOTE 2
Microsoft .NET Framework 2.0 (or a newer version that is backward compatible with 2.0) Microsoft Visual C++ 2005 SP1 Runtime Library installed Microsoft Windows Task Scheduler running and unrestricted NOTE 3
Microsoft Internet Information Services (IIS),FTP and SMTP services enabled EMC OnAlert and ESRSConfig Local User accounts created Remote Desktop installed NOTE 4
Notes 1. Disk Space will be consumed due to audit logging. Ensure that adequate disk space is maintained. 3. Domain credentials not supported for Windows 2008 2. Task Scheduler required for Policy Manager Database backup 3. If EMC needs to remotely access a desktop to verify ESRS IP configuration or to troubleshoot, EMC will contact you for a WebEx session and ask you to establish a Remote Desktop session to the Gateway or Policy Manager
Architecture Checklist Select Configuration Option Specify location for each Gateway Client servers Advise EMC Account service Representative on the number and location of Gateway Client servers 10 ESRS Gateway Customer Implementation Guide 2.3
Licensing Requirements (EMC) The EMC Account Representative is responsible ensuring that the correct number of ESRS Gateway software licenses (zero cost) are ordered from EMC Sales several weeks prior to installation. The license is required to install the Gateway Client software (not required for Policy Manager) and must be registered against the Party ID corresponding to the physical location of the Gateway Client server. During installation of the Gateway Client, the user will enter the Party ID of the Gateway Client and the EMC Enterprise server will check the CSI Install Database for a corresponding ESRS Gateway license before issuing the RSA Digital Certificate for that Gateway Client instance. The table below lists the quantity of ESRS Gateway licenses required for each configuration option. Configuration License Qty Single Gateway Client Server One Co-Located Gateway Client Server with Policy Manager One Single Gateway Client Server and Stand Alone Policy Manager One Dual High Availability Gateway Client Servers Two Dual High Availability Gateway Client Servers and Standalone Policy Manager (Recommended) Two Dual High Availability Gateway Client Servers and Standalone Policy Manager with additional Cold-Standby Policy Manager Two
Pre-Install Checklist Correct Number of ESRS Gateway licenses have been ordered Licenses are installed in CSI Install Base against the correct Party ID License check performed for each Party ID and the output listed in the ESRS Gateway Pre-Install Checklist ESRS Gateway Customer Implementation Guide 2.3 11
Device Support Refer to the Secure Remote Support Release Notes document for latest information about supported EMC devices. Device Management IP addresses The table below lists the EMC devices that can be managed by the Gateway Client and the Management IP Address requirements for each EMC device. These are the management connections required for ESRS connectivity and do not include data interfaces. Product Management Interface Management Addresses Notes ATMOS Appliance One per node Connect to management interface on each node AVAMAR Appliance One Connect to the Utility Node Management port BROCADE Switch
One Dual-CTP requires Virtual IP Address only CELERRA Control Station One or more Dual Control Station configuration requires Primary, Secondary and Active IP Addresses. CENTERA Access Node One or more Recommend minimum of two Access Nodes CISCO Switch
One Connect to management interface CLARIION SPA and SPB Two Both SPA and SPB required DATA DOMAIN Appliance One Connect to management interface DL3D Engines, SPA and SPB Three Both SPA and SPB required DLM Control Station One or more Dual Control Station configuration requires Primary, Secondary and Active IP Addresses DLM 6000 & 8000 Access Control Point One or more Dual Access Control Point configuration requires Primary, Secondary and Active IP Address EDL Engines, SPA and SPB Three or four Dual Engine configuration requires Service IP address of both Engines. Both SPA and SPB required for Clariion backend. GREENPLUM DCA Appliance One Connect to management interface RECOVERPOINT Appliance One per node Connect to each Appliance in cluster SYMMETRIX &VMAX Service Processor
One Requires single network connection and Static IP VNX BLOCK SPA and SPB Two Both SPA and SPB required VNX UNIFIED Control Stations, SPA and SPB Three or more Dual Control Station configuration requires Primary, Secondary and Active IP Addresses. Both SPA and SPB required for Block component. VNXE Appliance One Connect to management interface VPLEX Appliance One Connect to management interface
12 ESRS Gateway Customer Implementation Guide 2.3
Clariion and VNX Block Support For environments with Clariion or VNX Block devices, the recommended call-home configuration requires a separate Management Workstation with Monitoring software and diagnostic tools specific to these types of devices. With this configuration, remote support comes in to the Storage Processors via the ESRS Gateway Client, while call-home notifications are initiated from the Management Workstation and are sent to EMC via the ESRS Gateway Client or Customer mail server. If the environment only contains Clariion and/or VNX Block devices, consider installing the ESRS VNX IP Client solution. This simplified version of ESRS Gateway combines all the necessary monitoring and diagnostic tools with a simplified version of the ESRS Gateway, all of which can be installed on a single Windows workstation. With this configuration all remote support and call-home functionality is routed via a single Management Workstation. Brocade Switch Support For environments with Brocade switches, the ESRS Gateway Client only provides remote connectivity from EMC to the switch management ports. Call-home monitoring requires a separate Windows management workstation with Connectrix Manager to monitor the switches and generate call-home notifications. The notifications can then be forwarded to EMC via the ESRS Gateway Client or Customer mail server. Cisco Switch Support For environments with Cisco switches, the ESRS Gateway Client only provides remote connectivity from EMC to the switch management ports. Call-home monitoring requires a separate Windows management workstation with Fabric Manager to monitor the switches and generate call-home notifications. The notifications can then be forwarded to EMC via the ESRS Gateway Client or Customer mail server.
ESRS Gateway Customer Implementation Guide 2.3 13
Device Call-Home Support The table below lists the supported call-home options for each supported EMC device. Note that the FTP protocol may not be required if the preferred SMTP or HTTPS call-home methods are used instead. Product Call-Home Source Email via Customer Email via ESRS Client FTP via ESRS Client HTTPS via ESRS Client ATMOS Appliance Preferred Not Supported Not Supported Not Supported AVAMAR Utility Node Preferred Not Supported Not Supported Not Supported BROCADE Workstation NOTE 1 Preferred Not Supported Not Supported Not Supported CELERRA Control Station Preferred Alternate Alternate Not Supported CENTERA Access Node Preferred Not Supported Not Supported Not Supported CISCO Workstation NOTE 2 Preferred Alternate Not Supported Not Supported CLARIION Workstation NOTE 3 Alternate Alternate Alternate Preferred DATA DOMAIN Appliance Preferred Not Supported Not Supported Not Supported DL3D Engine Preferred Not Supported Not Supported Not Supported DLM Control Station or Access Control Point Alternate Alternate Alternate Preferred EDL Engine Preferred Alternate Not Supported Not Supported GREENPLUM DCA Appliance Preferred Not Supported Not Supported Not Supported RECOVERPOINT Appliance Preferred Not Supported Not Supported Not Supported SYMMETRIX & VMAX Service Processor
Alternate Alternate Alternate Preferred VNX BLOCK Workstation NOTE 3 Alternate Alternate Alternate Preferred VNX UNIFIED Control Station Alternate Alternate Alternate Preferred VNXE Appliance Preferred Alternate Not Supported Not Supported VPLEX Appliance Preferred Not Supported Not Supported Not Supported NOTES 1. Requires separate Windows monitoring workstation running Connectrix Manager 2. Requires separate Windows monitoring workstation running Fabric Manager Server 5.x or higher 3. Requires separate Windows Monitoring workstation running ESRS VNX IP Client
Pre-Install Checklist Populate Device List in ESRS Gateway Pre-Install Checklist, including Call-Home method Ensure Management Interfaces are available for each device 14 ESRS Gateway Customer Implementation Guide 2.3
Server Preparation The customer is responsible for building the ESRS server hardware or virtual machine, Windows OS, Anti- virus and backup applications. The Windows OS may be hardened to meet network security requirements, as long as the changes do not inhibit normal ESRS IP Client installation or operation. In addition, the customer needs to complete the following tasks: Install Microsoft .NET Framework (Gateway Client and Policy Manager) Ensure the Microsoft .NET Framework 2.0 SP2 package is installed on the Gateway Client and Policy Manager servers. It is bundled with Windows 2008 but if required, it can be downloaded from the Microsoft download site at: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=5b2c0358-915b-4eb5-9b1d- 10e506da9d0f&displaylang=en Refer to the table below for the method of confirming the package is installed and the method for installing if required: Windows 2003 Windows 2008 R1 Windows 2008 R2 Confirmation Add/Remove Programs Programs and Features Roles Summary Installation Add/Remove Programs Windows Update Roles Management Install Visual C++ Redistributable (Gateway Client Only) Ensure the Visual C++ Redistributable package is installed on the Gateway Client servers (not required on Policy Manager). The package can be downloaded from the Microsoft download site at: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=32bc1bee-a3f9-4c13-9c99- 220b62a191ee&displaylang=en Refer to the table below for the method of confirming the package is installed and the method for installing if required: Windows 2003 Windows 2008 R1 Windows 2008 R2 Confirmation Add/Remove Programs Programs and Features Programs and Features Installation Add/Remove Programs Programs and Features Programs and Features Configure Internet Information Services (Gateway Client Only) The Microsoft FTP and SMTP services are used to provide call-home functionality for the managed devices that support this protocol. The Microsoft IIS and SMTP services must be installed and running prior to the installation of the Gateway Client software. The FTP service is optional and can be disabled if not required. Refer to the Device Call-Home Support table on page 9 for information about which devices support these protocols. During installation of the Gateway Client, the FTP and SMTP servers will be auto-configured. Modifying the FTP and SMTP server configuration prior to install may cause the auto-configuration to fail. If auto- configuration fails during install, an alert will be raised and the user will have to manually configure the FTP and SMTP servers as per the Gateway Client Server Preparation section of the ESRS IP Solution Operations Guide. Configure Local User Accounts (Gateway Client Only) In addition to the Internet Information Services described above, two Local User Accounts are required to be configured and enabled prior to the install of the Gateway Client. The onalert account is used by the managed devices to call-home via the FTP protocol. This account must be configured and enabled prior to install of the Gateway Client even if the FTP service is not required. After installation, this account can be disabled. ESRS Gateway Customer Implementation Guide 2.3 15
The EMC devices that support the FTP call-home protocol are pre-programmed to use the same default password that is specified when creating the onalert account. This password may be modified to meet customer complexity requirements, however, the EMC devices must also be reconfigured to use the same password. The esrsconfig account is used to perform some device deployment functions on the Gateway Client. This account must be configured and enabled prior to install of the Gateway Client, however, it may be disabled when the install is completed. The password may be changed from the default to meet customer complexity requirements. Configure Windows 2003 Gateway Client 1. Install Internet Information Services (IIS), FTP and SMTP services a. Go to Start > Control Panel > Add or Remove Programs b. Select Add/Remove Windows Components c. Select Application Server and click Details d. Select Internet Information Services (IIS) and click Details e. Check the File Transfer Protocol (FTP) Service and SMTP Service options f. Click OK to exit the Internet Information Services (IIS) options window g. Click OK to exit the Application Server options window h. Click Next at the Windows Components window i. If you receive a Files Needed prompt, insert the required CD-ROM and/or provide the path to the Windows Installation i386 directory. Click OK to continue. j. Click Finish when the IIS component installation has completed. k. Close the Add or Remove Programs application 2. Create the onalert local user account a. Right-click on My Computer and select Manage b. Double-click on Local Users and Groups c. Right-click Users and select New User d. Enter onalert in the User name field e. Enter EMCCONNECT (case sensitive) in the Password field f. Enter EMCCONNECT (case sensitive) in the Confirm Password field g. Clear the user must change password and next logon checkbox h. Select the Password Never Expires checkbox i. Select the User cannot change password checkbox j. Click Create 3. Create the esrsconfig local user account a. Enter esrsconfig in the User name field b. Enter esrsconfig (case sensitive) in the Password field c. Enter esrsconfig (case sensitive) in the Confirm Password field d. Clear the user must change password and next logon checkbox e. Select the Password Never Expires checkbox f. Select the User cannot change password checkbox g. Click Create h. Click Close i. Close the Computer Management application
16 ESRS Gateway Customer Implementation Guide 2.3
Configure Windows 2008 R1 & R2 Gateway Client 1. Install the Internet Information Services and the FTP service a. Go to Start > Server Manager to start the Server Manager console b. In the Roles Summary section, click Add Roles c. If this is the first time you have added a role on this server, the Before You Begin window will appear. Check the Skip this page by default option and click Next d. In the Select Server Roles window, select the Web Server (IIS) role and click Next e. If the Add features required for Web Server (IIS)? window appears, click Add Required Features f. Ensure that the Web Server (IIS) role is still selected in the Select Server Roles window. g. Click Next h. Read the information in the Web Server (IIS) Introduction window and click Next i. In the Select Roles Services window, scroll down to the Management Tools section and select the following features: i. IIS Management Console ii. IIS Management Scripts and Tools iii. IIS 6 Management Compatibility j. Under the IIS 6 Management Compatibility section, select all the options with that section k. Scroll down to the FTP Publishing Service and select the FTP Server feature l. Click Next m. Click Install at the bottom of the Confirm Installation Selections window n. The Installation Progress window appears and displays the progress of the installation o. If the installation is successful, the Installation Results window appears with the message Installation Succeeded p. Review the results and click Close 2. Install the SMTP service a. Go to Start > Server Manager to start the Server Manager console b. In the Features Summary section, click Add Features c. In the Select Features window select the SMTP Server feature d. If the Add features required for SMTP Server ? window appears, click Add Required Features e. Ensure that the SMTP Server feature is still selected in the Select Features window. f. Click Next g. Click Install at the bottom of the Confirm Installation Selections window h. The Installation Progress window appears and displays the progress of the installation i. If the installation is successful, the Installation Results window appears with the message Installation Succeeded j. Review the results and click Close k. Close the Server Manager console 3. Temporarily Disable password complexity requirements to allow default local account passwords a. Go to Start > Administrative Tools > Local Security Policy b. Double-click Account Policies in the left pane c. Click Password Policy in the left pane d. In the right pane, double-click Password must meet complexity requirements e. In the Properties window, select Disable and click OK f. Close the Local Security Policy window
ESRS Gateway Customer Implementation Guide 2.3 17
4. Create the onalert local user account a. Go to Start > Server Manager to start the Server Manager console b. Double-click on Local Users and Groups c. Right-click Users and select New User d. Enter onalert in the User name field e. Enter EMCCONNECT (case sensitive) in the Password field f. Enter EMCCONNECT (case sensitive) in the Confirm Password field g. Clear the user must change password and next logon checkbox h. Select the Password Never Expires checkbox i. Select the User cannot change password checkbox j. Click Create 5. Create the esrsconfig local user account a. Enter esrsconfig in the User name field b. Enter esrsconfig (case sensitive) in the Password field c. Enter esrsconfig (case sensitive) in the Confirm Password field d. Clear the user must change password and next logon checkbox e. Select the Password Never Expires checkbox f. Select the User cannot change password checkbox g. Click Create h. Click Close i. Close the Server Manager application 6. Re-enable password complexity requirements a. Go to Start > Administrative Tools > Local Security Policy b. Double-click Account Policies in the left pane c. Click Password Policy in the left pane d. In the right pane, double-click Password must meet complexity requirements e. In the Properties window, select Enable and click OK f. Close the Local Security Policy window
18 ESRS Gateway Customer Implementation Guide 2.3
Configure Domain Name Resolution for EMC Enterprise Servers The Gateway Client must be able to resolve the EMC Enterprise server hostnames listed below. If the Gateway Client does not have access to DNS, then these Hostname/Address pairs should be added to the Windows hosts file located in C:\Windows\system32\drivers\etc\ directory.
Confirm the Gateway Client server can resolve these names by trying to PING the hostname via Command prompt as per the example below:
Pre-Install Checklist Compatible Windows OS installed on Gateway Client and Policy Manager servers Microsoft .NET Framework 2.0 Installed on Gateway Client and Policy Manager servers Visual C++ Redistributable installed on Gateway Client servers Internet Information Services installed and configured on Gateway Client servers Local User Accounts configured on Gateway Client servers Gateway Client able to resolve EMC Enterprise server hostnames Gateway Client and Policy Manager server configuration information populated in Pre-Install Checklist 128.221.192.14 esrs-core.emc.com 168.159.218.21 esrs-coredr.emc.com 128.221.192.13 esrs.emc.com 168.159.218.20 esrs-dr.emc.com 128.221.204.210 esrgweprd01.emc.com 128.221.204.211 esrgweprd02.emc.com 128.221.204.213 esrgweprd03.emc.com 168.159.209.11 esrghoprd01.emc.com 168.159.209.12 esrghoprd02.emc.com 168.159.209.13 esrghoprd03.emc.com 152.62.177.11 esrgckprd01.emc.com 152.62.177.12 esrgckprd02.emc.com 152.62.177.13 esrgckprd03.emc.com 137.69.120.170 esrgscprd01.emc.com 137.69.120.171 esrgscprd02.emc.com 137.69.120.172 esrgscprd03.emc.com 152.62.45.11 esrgspprd01.emc.com 152.62.45.12 esrgspprd02.emc.com 152.62.45.13 esrgspprd03.emc.com ESRS Gateway Customer Implementation Guide 2.3 19
Network Preparation The Customer is responsible for configuring their network environment to support the ESRS IP Solution. Refer to the Secure Remote Support Port Requirements and Secure Remote Support Technical Description documents for more information about the network requirements of the ESRS Gateway solution. Gateway Client to EMC Communication The Gateway Client server(s) must be able to communicate with the EMC Enterprise servers listed below on ports 443 and 8443 OUTBOUND using the HTTPS protocol. Use the table below to generate rules for the external firewall and/or Proxy Server. If the Gateway Client does not have access to DNS, these hostname/IP Address pairs must be added to the Windows hosts file. GATEWAY CLIENT Port and Direction Destination Hostname Destination IP Address 443 & 8443 esrs-core.emc.com 128.221.192.14 443 & 8443 esrs-coredr.emc.com* 168.159.218.21 443 & 8443 esrs.emc.com 128.221.192.13 443 & 8443 esrs-dr.emc.com* 168.159.218.20 443 & 8443 esrgweprd01.emc.com 128.221.204.210 443 & 8443 esrgweprd02.emc.com 128.221.204.211 443 & 8443 esrgweprd03.emc.com 128.221.204.213 443 & 8443 esrghoprd01.emc.com 168.159.209.11 443 & 8443 esrghoprd02.emc.com 168.159.209.12 443 & 8443 esrghoprd03.emc.com 168.159.209.13 443 & 8443 esrgckprd01.emc.com 152.62.177.11 443 & 8443 esrgckprd02.emc.com 152.62.177.12 443 & 8443 esrgckprd03.emc.com 152.62.177.13 443 & 8443 esrgscprd01.emc.com 137.69.120.170 443 & 8443 esrgscprd02.emc.com 137.69.120.171 443 & 8443 esrgscprd03.emc.com 137.69.120.172 443 & 8443 esrgspprd01.emc.com 152.62.45.11 443 & 8443 esrgspprd02.emc.com 152.62.45.12 443 & 8443 esrgspprd03.emc.com 152.62.45.13 NOTE: EMC hosts esrs-coredr.emc.com and esrs-dr.emc.com are DR servers and may not be responsive during normal operation. Gateway Client to Policy Manager Communication If Policy Manager is being configured, the Gateway Client server(s) must be able to communicate with the Policy Manager server on both HTTP port 8090 and HTTPS port 8443. To generate Access Request Notifications (Ask for Approval), the Policy Manager must be able to connect to the customer SMTP server. If an internal firewall exists between the Gateway Client and Policy manager, configure the firewall rules as per the table below. The ESRS IP Solution Operations Guide contains instructions on how to force the Gateway Client and Policy Manager to only use HTTPS port 8443 for all communication. POLICY MANAGER Port and Direction Destination Function 8090 Gateway Client Access Policy Referral 8443 Gateway Client Access Policy Referral 25 SMTP Server Access Approval Emails
20 ESRS Gateway Customer Implementation Guide 2.3
Device Management Interfaces Refer to the table on Page 11 for the Management IP Address requirements for each EMC device. These are the minimum requirements for ESRS Gateway connectivity and do not include any additional network connectivity for data traffic. Gateway Client to EMC Device Communication The table below lists the network port requirements for communication between the Gateway Client server and the EMC managed devices. If there is an internal firewall between the Gateway Client server(s) and the EMC devices, use this table to generate the list of firewall rules to allow communication. ATMOS Port and Direction Destination Function 22 Gateway Client CLI via SSH 443 Gateway Client Atmos WebUI 25 SMTP Server Call-Home NOTE: Connection to Atmos Appliance management Interface
AVAMAR Port and Direction Destination Function 22 Gateway Client CLI via SSH 80, 443 Gateway Client Enterprise manager 25 SMTP Server Call-Home NOTE: Connection to Avamar Utility Node Management interface
BROCADE Port and Direction Destination Function 22 Gateway Client CLI via SSH 23 Gateway Client Telnet (optional) 162 Connectrix Manager SNMP Notifications NOTE: Connection to switch Management Interface.
CELERRA Port and Direction Destination Function 22 Gateway Client CLI via SSH 23 Gateway Client Telnet (optional) 80, 443, 8000 Gateway Client Celerra Manager 25 Primary SMTP Server Call-Home 25 Backup SMTP Server Call-Home 25 Gateway Client Call-Home (Optional) ALL CELERRA MODELS: Connection to Primary Control Station required DUAL CONTROL STATION: Connection to Secondary Control Station required DUAL CONTROL STATION: Connection to Alias IP Address (if configured) optional
CENTERA Port and Direction Destination Function 22 Gateway Client CLI via SSH 3218,3682 Gateway Client Centera Viewer 25 SMTP Server Call-Home NOTE: Connection to Centera Node external interface, deploy minimum of two nodes.
CISCO Port and Direction Destination Function 22 Gateway Client CLI via SSH 23 Gateway Client Telnet (optional) 2162 Fabric Manager SNMP Notifications NOTE: Connection to switch Management Interface.
ESRS Gateway Customer Implementation Guide 2.3 21
CLARIION Port and Direction Destination Function 80,433 Gateway Client Navisphere Manager 5414 Gateway Client EMCRemote 9519 Gateway Client RemotelyAnywhere 6389,6390,6391,6392 Gateway Client Navisphere CLI 60020 Gateway Client RemoteDiagAgent 13456,22 Gateway Client KTConsole 25 SMTP Server Call-Home 25 Gateway Client Call-Home (Optional) NOTE: Connection to BOTH SPA and SPB required
CONNECTRIX Port and Direction Destination Function 5414 Gateway Client EMCRemote 25 SMTP Server Call-Home 25 Gateway Client Call-Home (Optional) NOTE: Connection to Windows Workstation running Connectrix Manager and EMC Remote
DATADOMAIN Port and Direction Destination Function 22 Gateway Client CLI via SSH 80, 443 Gateway Client Enterprise Manager 25 SMTP Server Call-Home NOTE: Connection to DataDomain Management interface
DL3D ENGINE Port and Direction Destination Function 22 Gateway Client CLI via SSH 443 Gateway Client WebUI 25 SMTP Server Call-Home NOTE: Connection to DL3D Management interface
DLM Port and Direction Destination Function 22 CLI via SSH CLI via SSH 80,443,8000 Unisphere Manager Unisphere Manager 443 Call-Home Call-Home 25 Call-Home (Optional) Call-Home (Optional) 25 Call-Home (Optional) Call-Home (Optional) ALL DLM MODELS: Connection to Primary Control Station or ACP required DUAL CONTROL STATION OR ACP: Connection to Secondary Control Station or ACP required DUAL CONTROL STATION OR ACP: Connection to Alias IP Address (if configured) optional
EDL ENGINE Port and Direction Destination Function 22 Gateway Client CLI via SSH 443 Gateway Client DL Console 25 SMTP Server Call-Home 25 Gateway Client Call-Home (Optional) SINGLE ENGINE MODEL: Connection to DL Engine Management Interface DUAL ENGINE MODEL: Connection to Engine-A and Engine-B Service Address ALL MODELS: Deploy Clariion backend SPA and SPB as Clariion devices.
22 ESRS Gateway Customer Implementation Guide 2.3
GREENPLUM (DCA) Port and Direction Destination Function 22 Gateway Client CLI via SSH 25 SMTP Server Call-Home NOTE: Connection to DCA Appliance Management Interface
RECOVERPOINT Port and Direction Destination Function 22 Gateway Client CLI via SSH 25 SMTP Server Call-Home NOTE: Connection to Recoverpoint Appliance Management Interface
SYMMETRIX & VMAX Port and Direction Destination Function 5414 Gateway Client EMCRemote 9519 Gateway Client RemotelyAnywhere 1300 Gateway Client SGBD 1400 Gateway Client SWUCH 5555 Gateway Client Chat Server 2223003,23004,23005 Gateway Client InlineCS 443 Gateway Client Call-Home 25 Gateway Client Call-Home (Optional) NOTE: Connection to Service Processor Management Interface
VNX-BLOCK Port and Direction Destination Function 22 Gateway Client RemoteKTrace 9519 Gateway Client RemotelyAnywhere 80,443 Gateway Client Unisphere Manager 13456 Gateway Client KTConsole 6391,6392,60020 Gateway Client RemoteDiagAgent 25 SMTP Server Call-Home 25 Gateway Client Call-Home (Optional) NOTE: Connection to both SPA and SPB Management Interfaces
VNX-FILE Port and Direction Destination Function 22 Gateway Client CLI via SSH 80,443,8000 Gateway Client Unisphere Manager 443 Gateway Client Call-Home 25 SMTP Server Call-Home (Optional) 25 Gateway Client Call-Home (Optional) ALLVNX UNIFIED MODELS: Connection to Primary Control Station required DUAL CONTROL STATION: Connection to Secondary Control Station required DUAL CONTROL STATION: Connection to Alias IP Address (if configured) optional
VNXE Port and Direction Destination Function 22 Gateway Client CLI via SSH 80,443 Gateway Client Unisphere Manager 25 SMTP Server Call-Home 25 Gateway Client Call-Home (Optional) NOTE: Connection to both SPA and SPB Management Interfaces
ESRS Gateway Customer Implementation Guide 2.3 23
VPLEX Port and Direction Destination Function 22 Gateway Client CLI via SSH 443 Gateway Client Element Manager 25 SMTP Server Call-Home NOTE: Connection to Appliance Management Interface
Pre-Install Checklist Configure external firewall rules for Gateway Client to EMC Enterprise communication Configure internal firewall rules for Gateway Client to EMC managed device communication Configure internal firewall rules for Gateway Client to Policy Manager communication 24 ESRS Gateway Customer Implementation Guide 2.3
Environment Validation The Customer Environment Check Tool (CECT) is used to verify the readiness of the ESRS Gateway Client server(s) for installation of the ESRS software. The CECT will check that the server meets all the specifications and configuration requirements. It will also confirm network connectivity to the EMC Enterprise servers, the Policy Manager and EMC devices. Install Customer Environment Check Tool (CECT) Refer to the ESRS Gateway CECT Procedures documents for installation instructions. Install the CECT on all Gateway Client servers in the environment. Configure CECT Test Parameters Configure the CECT Tool Server Environment Tests as per Scenario 1 of the ESRS Gateway Solution CECT Procedures document. If Policy Manager is going to be configured, make sure the CECT Test Parameters screen contains the Policy Manager address. Configure the Device List to contain all the tests for the EMC devices that will be managed by the Gateway Client server(s). Run CECT Tests Run the CECT tests and review the test results for obvious errors. Analyse CECT Test Results The CECT Analyser Tool is a HTML based utility that will analyse the CECT Test Log File and provide a graphical summary of the test results and provide recommendations for tests that have failed. Refer to Appendix C of the ESRS Gateway CECT Procedures document for instructions on how to use the CECT Analyser Tool. Collect CECT Test Logs Refer to the section Collect Logs in the ESRS Gateway CECT Procedures document for instructions on how to obtain the CECT Test logs. If you require assistance with the analysis of the CECT Test results, forward the CECT log files to your EMC Account Representative to arrange a specialist to assist. If the CECT Test results are Passed by the CECT Analyser Tool, forward the successful CECT log from each Gateway Client server for EMC Change Control submission.
Pre-Install Checklist Install Customer Environment Check Tool on each Gateway Client server Configure CECT Test parameters for Gateway Pre-Installation Scenario Configure Device tests for each EMC device that will be managed by the Gateway Client server Run CECT Test Use CECT Analyser Tool to verify CECT Test results Forward successful CECT Test log file to EMC Account Representative (one per Gateway Client)
ESRS Gateway Customer Implementation Guide 2.3 25
Change Control (EMC) All new ESRS Gateway installations are subject to an EMC Change Control process. This process ensures that all preparation tasks have been completed and verified by a subject matter expert. EMC is responsible for submitting and gaining Change Control approval prior to the scheduled installation date. CCA Requirements The following is required to submit Change Control: A completed ESRS Gateway Pre-Install Checklist (including both EMC and Customer required information) A successful CECT test log file for each Gateway Client server. Use CECT Analyser Tool with the Gateway Pre-Install Scenario selected to verify the CECT test log. Solution Implementation The ESRS Gateway solution must be installed by a qualified EMC employee or Authorised Service Partner. An RSA SecurID key is required to download and provision the Digital Certificate used by the ESRS Gateway Client to authenticate communication with EMC. Obtaining ESRS Software The ESRS Gateway solution software includes the following: Customer Environment Check Tool used to verify the environment Provisioning Tool used to install the ESRS Gateway Client software Policy Manager Policy Manager software The Provisioning Tool and Policy Manager are not available for public download and must be supplied by the installer. Typically the packages are made available at an FTP location so that the customer can download the packages and copy to the Gateway Client and Policy Manager servers prior to the agreed installation time. Installation The installation can be performed remotely via a Webex session to the customers workstation and then using Remote Desktop to access the Gateway servers. If Webex is not allowed or supported then the installer will need to perform the install from the customers premises. The high level steps to install the ESRS IP Solution are as follows: 1. Install first Gateway Client via the Provisioning Tool 2. Create HA Cluster and enrol first Gateway Client via Servicelink 3. Under Manage Devices, edit the Party ID list to include all required Party IDs associated with that customer For HA Gateway Configuration: 4. Install second Gateway Client via Provisioning Tool 5. Enrol second Gateway Client to HA Cluster via Servicelink For Policy Manager: 6. Install Policy Manager 7. Configure Gateway Client(s) to use Policy Manager via the Configuration Tool
26 ESRS Gateway Customer Implementation Guide 2.3
Deploy EMC Devices The EMC or Authorised Partner installer will deploy the devices listed in the ESRS Gateway Pre-Install Checklist that was submitted and approved by the EMC Change Control Process. The devices will be deployed via the Servicelink Portal website and the process may not be visible to the customer. Some devices have multiple interfaces associated with the same serial number; these interfaces are designated with suffixes as per the table below. PRODUCT SUFFIX DESTINATION ATMOS -1 to -16 Node ID AVAMAR None Utility Node CELERRA -P Primary Control Station -S Secondary Control Station (for Dual Control Stations only) -A Active Control Station (Alias for Dual Control Station only) CENTERA -1 to -36 Node ID CLARIION -A Storage Processor A -B Storage Processor B DATA DOMAIN None Appliance DL3D -1 to -3 Engine ID DLM -P Primary Control Station -S Secondary Control Station (for Dual Control Stations only) -A Active Control Station (Alias for Dual Control Station only) DLM 6000 & 8000 -ACP1 Primary Access Control point -ACP2 Secondary Access Control point (for Dual ACP only) -ACPA Active Access Control Point (Alias for Dual ACP only) EDL -A Engine A Service IP -B Engine B Service IP GREENPLUM DCA -B Backup Node -P Primary Node RECOVERPOINT -1 to -16 Node ID SWITCH-BROCADE None Switch SWITCH-CISCO None Switch SYMMETRIX None Service Processor VNX BLOCK -BLOCKA Storage Processor A -BLOCKB Storage Processor B -FILEP Primary Control Station -FILES Secondary Control Station (for Dual Control Station Only) -FILEA Active Control Station (Alias for Dual Control Station Only) VNXE None Management Interface VPLEX None Appliance
ESRS Gateway Customer Implementation Guide 2.3 27
RemotelyAnywhere Support If you have deployed any VNX BLOCK devices or Clariion devices running FLARE 29 or higher, follow the procedure in Appendix B to allow RemotelyAnywhere access via ESRS. Configure and Test Device Call-Home The EMC or Authorised Partner installer is responsible for configuring the managed devices to call-home via ESRS (where applicable. Each device type has its own specific procedures to configure and test call-home via ESRS Gateway Client. Test Remote Connectivity The EMC or Authorised Partner installer should confirm remote connectivity to the managed devices via the Servicelink website.
28 ESRS Gateway Customer Implementation Guide 2.3
APPENDIX A: Troubleshooting Device Connectivity Issues If an ESRS Gateway reports a connectivity issue to a particular device the customer should be instructed to run the Customer Environment Check Tool from the ESRS Gateway that is reporting the issue. 1. From the Gateway server, go to Start > Programs > ESRS > Customer Environment Check Tool or click on the Desktop icon
2. From the main CECT application screen, select Tests from the menu bar and click on ESRS IP Customer Environment Check as shown below.
3. In the Server Environment Tests screen, click on Clear All to clear the existing selection and then select the Device Application and Port Connection Test. Click Next to continue.
4. In the Configuration Parameters screen, select the Product Type from the scroll list. In this example Clariion is selected.
ESRS Gateway Customer Implementation Guide 2.3 29
5. Select the Check All Apps checkbox to enable all possible application test for this device type.
6. Enter the devices IP Address (you cannot use DNS name) and Serial Number. Click Add Device to add the selected tests to the Device List.
7. The Device List will now contain one test entry per selected Application for the device. The Status of the test will show New Device until the configuration is saved.
8. To remove a test entry from the Device List: Click the box to the left of a Device ID to select the row. (You can also press and hold the Ctrl key and click to select multiple rows.) Click Remove.
30 ESRS Gateway Customer Implementation Guide 2.3
9. Click on SaveCfg to save the Device List configuration. The Status of newly created entries will change to Device Added.
10. When the Device List is configured correctly, click Next to continue. At the Test Results screen, click on Run Tests and wait for the tests to complete.
ESRS Gateway Customer Implementation Guide 2.3 31
11. Review the test results. Click on each failed test to view the test information and the particular port that is being tested.
12. If in doubt about the results, obtain the CECT test Log File for the test run you have just completed. Open Windows Explorer and find the most recent CECT Test Log file (sort by Date Modified) in the C:\EMC\ESRS\CECT\Logs directory.
32 ESRS Gateway Customer Implementation Guide 2.3
APPENDIX B RemotelyAnywhere Access Filter Configuration For all VNX Block devices and Clariion devices running FLARE 29 or higher, the RemotelyAnywhere Access Filter needs to be updated to allow the ESRS Gateway to provide RemotelyAnywhere sessions to the Storage Processor device. This can be done remotely via ESRS or directly from the customers network. 1. Establish a browser session to the setup page of one of the Storage processor devices: a. If performing the steps from customer network, open Internet Explorer and browse to https://<ipaddress>/setup where <ipaddress> is the IP Address on either Storage processor. Click on Continue to this website at the security prompt.
b. If performing remotely via ESRS, establish a UnisphereUSMNaviSecureCLI (VNX-BLOCK) or NaviMgr/NaviSecureCLI (Clariion) connection to one of the Storage Processors. When the session goes ready, browse to https://<ipaddress>/setup where <ipaddress> is the IP Address supplied by the ESRS Remote Session application. Click on Continue to this website at the security prompt.
ESRS Gateway Customer Implementation Guide 2.3 33
2. Enter valid Domain admin account credentials at the login prompt.
3. Scroll down and click on Set RemotelyAnywhere Access Restrictions option
34 ESRS Gateway Customer Implementation Guide 2.3
4. Add the ESRS Gateway server(s) IP Address to the Filters that apply to all storage systems in the Domain section and click Apply. Note if there are two ESRS Gateway servers, make sure both IP addresses are included in this section.
NFT per Creators: La guida pratica per creare, investire e vendere token non fungibili ed arte digitale nella blockchain: Guide sul metaverso e l'arte digitale con le criptovalute
Windows 11 for Beginners: The Complete Step-by-Step User Guide to Learn and Take Full Use of Windows 11 (A Windows 11 Manual with Useful Tips & Tricks)