EMC CONFIDENTIAL

EMC Secure Remote Services (ESRS)

Release 3.12

Pre-Site Checklist
REV 01

April 15, 2016

This document is a Word-based template to assist the user in installing the
ESRS Virtual Edition in a customer environment. To ensure success, the
relevant decisions needed and the required information are structured and
can be documented in this checklist.
Use this form with the guidance of your EMC Global Services professional.
Related information is provided in the EMC Secure Remote Services Site
Planning Guide.
This checklist uses the term ESRS Virtual Edition v3.12. ESRS Virtual Edition
is also called ESRSv3.
Topics in this document include:

Before you begin..........................................................................................2

Download ESRS software and documentation.......................................4

Customer contact information...................................................................5

ESRS configuration choices........................................................................6

Network preparation.................................................................................10

Am I ready to install ESRS Virtual Edition?..........................................11

1

Install ESRS Virtual Edition virtual appliances....................................12

Configure ESRS Virtual Edition using ESRS GUI.................................13

Deploying customer EMC products to ESRS Virtual Edition.............13

Final steps...................................................................................................16

Notes and comments.................................................................................16

APPENDIX ESRS Virtual Edition connections to\from EMC products

......................................................................................................................17

EMC Secure Remote Services Pre-Site Checklist

Before you begin

ESRS Virtual Edition is an EMC solution that is customer-installable using this checklist and the
supporting documentation. We strongly recommend the involvement of:
-

The customer lead for EMC products, to define which products will connect
The customer IP networking team, to define how those products will securely connect

Alternatively EMC Professional Services offering PSINST-ESRS for an ESRS Virtual Edition install
is available at no cost. A customer services specialist will be involved

Best Practice
EMC recommends the following step-by-step approach which this checklist follows:

Step 1 - Planning
-

Examine the ESRS Getting Started short demo

Download the software and documentation set
Plan and prepare for installing the ESRS Virtual Edition appliance and its networking access

to EMC
Plan which EMC products will connect to ESRS Virtual Edition, preparation can wait until

Step3
Complete the checklist details

Step 2 Installing
-

Install ESRS Policy Manager (optional)

Install ESRS Virtual Edition appliance(s)

Step 3 Deploying
-

Prepare the environment\network for your EMC products to connect to your ESRS Virtual

Edition
Deploy your EMC products to ESRS, configure product connect-in and connect-home
Register your deployed products with EMC Support

Conventions used in this document:

STEP

Denotes a step that can be done by the customer or EMC

partner or EMC Support.

EMC Secure Remote Services Pre-Site Checklist

Deploying customer EMC products to ESRS Virtual Edition

CUSTOMER STEP

Denotes a step that can ONLY be done by the customer

due to specific requirements. For example, only the
customer can define the root password.

4
EMC Secure Remote Services Pre-Site Checklist

Download ESRS software and documentation

All ESRS Virtual Edition resources are available on the ESRS Virtual Edition

STEP

support page and are needed by the customer for ESRS installation.
Customers should run checks in accordance with their security policy after
downloading or receiving ESRS software packages.

Following is a tabular summary of recommended documentation and software.

Table 1: ESRS Documentation and Software

ESRS Documentation click here to access documentation

EMC Secure Remote Services Release Notes
EMC Secure Remote Services Port Requirements
EMC Secure Remote Services Operations Guide
EMC Secure Remote Services Technical Description
EMC Secure Remote Services Policy Manager Operations Guide (optional)
ESRS Software click here to access downloads
ESRS Virtual Edition full OVF image for VMWare ESX Systems ~550MB
or
ESRS Virtual Edition full VHD image for Microsoft Hyper-V Systems ~550MB
ESRS Infrastructure information
EMC KB#13285 contains the host and IP address information of EMCs ESRS
infrastructure servers
Optional ESRS Software click here to access optional software
Policy Manager Software (Windows or Linux as required) ~100MB

EMC Secure Remote Services Pre-Site Checklist

Deploying customer EMC products to ESRS Virtual Edition

Customer contact information

Complete the following tables by entering your contact information.

STEP

Contact information
Item

Customer
Company
Customer main

Customer main

contact name

contact phone +

for this project

email

ESRS Install

Requested install

Service Request

date

(if known)
PS Project
Number

Party (Site) information also available on https://support.emc.com/servicecenter/sites/

Function

Name

Party# (Site ID)

Locations

Phone number

E-mail

Primary
Secondary (if applicable)

Customer ESRS Contacts

Type*

Name

Title\Role

PRIMARY
TECHNICAL
* Primary and technical contacts will be entered during ESRS install and will be used in the event of ESRS issues.

6
EMC Secure Remote Services Pre-Site Checklist

ESRS configuration choices

STEP

Select the proposed ESRS Virtual Edition Solution configuration from the
following table and note the number of servers required to implement your chosen
configuration.
Some EMC products have alternative on-board ESRS solutions i.e. ESRS Device
Clients. For customers with fewer EMC products these may be preferable.

Configuration

Virtual
Server
Qty

Single ESRS Virtual Edition Appliance*, no Policy Manager

One

Single ESRS Virtual Edition Appliance* and Standalone Policy Manager

Two

High-Availability ESRS Virtual Edition Appliances**, no Policy Manager

Two

High-Availability ESRS Virtual Edition Appliances** and Standalone Policy

Manager

Three

* Do not place VMware/Hyper-V images or storage files on EMC devices managed by the
ESRS Client.
** High-Availability ESRS Virtual Edition appliances should run in separate customer virtual
environments.

STEP

Examine the EMC products installed or pending install in the customer

environment. Choose and list devices to be deployed in the section entitled
Customer EMC Products on page 12 of this document.

STEP

Some EMC products need an extra workstation with specific software to enable
those products to connect-home to EMC. Workstation(s) are customer-provided.
The switch management software has extensive functions and is customer
installable. The software may be a paid item.

EMC Secure Remote Services Pre-Site Checklist

Deploying customer EMC products to ESRS Virtual Edition

Device Monitoring Solution

To Be

Already

Not

Installed

Installed

Required

Additional Monitoring Workstation for

CLARiiON Monitoring
Additional Connectrix Manager Workstation
for Brocade Switch Monitoring
Additional Fabric Manager Workstation for
Cisco Switch Monitoring

ESRS Virtual Edition and Policy Manager details

STEP

Plan the various resources needed before installing ESRS Virtual Edition. Specifications
for ESRS Virtual Edition and Policy Manager are in the ESRS Site Planning Guide. Note
that usernames and passwords are defined and held by the customer.
It is possible to use 2 NICs per VIRTUAL EDITION appliance, please see EMC
KB#209038

ESRS Virtual Edition Appliance 1

Item

Item

Name or IP Address

VM or HyperV

Enable failover

Enable failover

FTPS (Y\N)

Email (Y\N)

Policy Manager

Policy Mgr Name

enabled? (Y\N)

or IP Address

8
EMC Secure Remote Services Pre-Site Checklist

ESRS Virtual Edition Appliance 2 (HA partner of Appliance 1)

Item

Item

Name or IP Address

VM or HyperV

Enable failover

Enable failover

FTPS (Y\N)

Email (Y\N)

Policy Manager

Policy Mgr Name

enabled? (Y\N)

or IP Address

ESRS Policy Manager Application (optional)

Item

Item
Adobe Flash

Name or IP Address

installed (Y\N)
Policy Mgr

Policy Mgr Port

SSL (Y\N)

Customer Proxy and Email details

STEP

Provide details of the supporting resources needed before installing ESRS Virtual Edition.
Note: usernames and passwords are defined and held by the customer.

Customer Proxy Details

There are various functions where a customer proxy server can optionally be used:
(1) between the customer ESRS Virtual Edition appliance and the Internet
(2) between the customer ESRS Virtual Edition appliance and EMC Policy Manager application

EMC Secure Remote Services Pre-Site Checklist

Deploying customer EMC products to ESRS Virtual Edition

Proxy Type

Username &

Auto/HTTP/SOCKS

Password

Proxy Name or IP

Proxy Functions

Port

available

address

(1\2)

(Y\N)

Customer Email Server Details

There are various functions where a customer email server can optionally be used:
see ESRSv3 related Emails

Mail Server Name

Email

or IP address

Functions

ESRS VE
to
internal
ESRS VE
to external
(Call Home
failover)
Policy
Manager

10
EMC Secure Remote Services Pre-Site Checklist

Sender email

Notification email to:

Network preparation
CUSTOMER STEP

The customer is responsible for configuring their network environment

to support the ESRS solution. Refer to the ESRS documentation for
detailed information about the network requirements.

Prepare Firewalls for Customer <> External Communication

Configure the external Firewall Rules to allow ESRS Virtual Edition Servers to EMCs
ESRS infrastructure servers on outbound ports 443 and 8443.

To ensure communication integrity, proxy servers and devices external to your

DMZ must not perform any method of SSL checking on outbound or inbound
traffic for ESRS. SSL checking will cause connectivity loss to EMC. If SSL
checking is performed on outbound communications by customer firewalls,
proxies, web traffic filtering appliances or applications, web traffic shaping/load
balancing, certificate verification or proxying, or Intrusion Detection Services
(IDS), there will be loss connectivity to EMC
Prepare Firewalls for ESRS Virtual Edition in Customer Network
(optional) Configure internal Firewall Rules to allow VIRTUAL EDITION appliance and
the Policy Manager to connect to customer SMTP server Failover on port 25.
Configure internal Firewall Rules to allow customer workstations to connect to VIRTUAL
EDITION appliance for GUI Management on port 9443.
(optional) Configure internal Firewall Rules to allow communication between the ESRS
Virtual Edition appliance and the Policy Manager on ports 8090 and/or 8443.
Configure internal Firewall Rules to allow communication between the ESRS Virtual
Edition appliance and EMC device as defined in the ESRS Port Requirements Guide.
(This step can be deferred until Deploying customer EMC Products to ESRS Virtual Edition to spread effort over time).

11

EMC Secure Remote Services Pre-Site Checklist

Deploying customer EMC products to ESRS Virtual Edition

Install ESRS Policy Manager (optional)

Refer to the ESRS Policy Manager documentation for complete

STEP

information. You can request that EMC perform a basic installation of the
Policy Manager software at the time of deployment.

Build Policy Manager Server hardware or virtual machine with compatible OS.
Download Policy Manager software from the EMC support site

(Policy Manager Software Download).

Install Policy Manager. Ref EMC Secure Remote Services Policy Manager Operations
Guide

Am I ready to install ESRS Virtual Edition?

These checks can be performed by customers, partners or EMC.

STEP

Note the term Party# was previously called the SiteID.

Access https://support.emc.com/servicecenter/sites/ for these checks.

Party# Check
Click on Manage Sites and search for party#. Select the desired party#.
You should see the installed EMC products.
If there are no ESRS Deployable EMC products then you will not be able to install ESRS.
ESRS Deployable products are listed in the ESRS Site Planning Guide Table 1.
If no valid products are listed please use a different party# or contact EMC Support
Installer Check
Click on Manage Sites and search for site ID. Click on that Site ID then Contacts.
Select the checkbox Web Support Enabled to filter the list.

12
EMC Secure Remote Services Pre-Site Checklist

For customers the installing person must be listed as an Authorized Contact.

If you are a customer and not authorized please contact support@emc.com
For partners the installing person must be listed as a Support Partner
If you are a partner and not authorized please contact GSP_SSC_ESRS@emc.com
Credential Check
- For customers a valid support.emc.com account login+password is required
- For EMC and Service-Enabled Partners an active RSA SoftFob is required
- For non-servicing partners please ask the customer to enter their credential, or please
raise an EMC Service Request with details of the party# and devices to be deployed.

Note: EMC or servicing partners can also check the party# is auto-registered for ESRS Virtual Edition
Edit this URL to replace <party#> with the party#
https://esrs.emc.com/esrs/provisioning/siteId/<party#>/deviceType/ESRS-VIRTUAL EDITION/siteVerification

Expected Output: siteID is eligible for ESRS 2.x Installs: Type- ESRS-VIRTUAL EDITION
If not auto-registered please contact CSSEC_Ops@emc.com

Install ESRS Virtual Edition virtual appliances

CUSTOMER STEP

The Customer is responsible for deploying the ESRS Virtual appliances

into their hypervisor environment, and performing the basic virtual
machine configuration in the YAST2 interface of the ESRS VM.

Click here for a 4-min walk-thru training (timestamp 03:27 thru 07:14)
Deploy ESRS as per the Configure Operating System for VM section of the ESRS 3.12
Installation and Operations Guide.
IMPORTANT: Create a root password at this step in the correct format as per
ESRS Installation and Operations Guide p.148. Weaker passwords may be
accepted, but will not function in the next step.
The default keyboard in the ESRS appliance is US English.

13

EMC Secure Remote Services Pre-Site Checklist

Deploying customer EMC products to ESRS Virtual Edition

When complete the ESRS Virtual Edition reboots and shows in the centre of the screen:

Configure ESRS Virtual Edition using ESRS GUI

STEP

Use a supported browser to access the ESRS GUI at https://<IP address of ESRS
Virtual Edition >:9443
A customer, Partner, or EMC can provision the ESRS Virtual Edition, this connects the
customer ESRS Virtual Edition appliance(s) with EMC.

Click here for a 7-min walk-thru training (timestamp 07:14 thru 14:40)
Configure ESRS Virtual Edition as per the Root logon and Admin setup section of
ESRS 3.12 Installation and Operations Guide.
If ESRS GUI does not accept your login credentials check the current keyboard
layout, the root password was probably entered in US English keyboard layout
in the previous step.
Configure ESRS Virtual Edition as per the Provisioning screens/ESRS setup section of
ESRS 3.12 Installation and Operations Guide.
Customers: If you are building an ESRS Virtual Edition High-Availability cluster please
raise an EMC Service Request and provide the ESRS Virtual Edition Serial Numbers (
e.g. ELMDKZW7RJSWDN and SHTESTREDSRZJK.

Servicing Partners and EMC employees: create the HA cluster at https://esrs.emc.com

Deploying customer EMC products to ESRS Virtual Edition

STEP

Deploy EMC products using the table on the next page as a reference.
Please note that some EMC products should only be ESRS-deployed from that EMC
product and not using the ESRS GUI, see Appendix 1

14
EMC Secure Remote Services Pre-Site Checklist

Prepare the environment\network for your EMC products to connect to your ESRS
Virtual Edition as defined in the ESRS Port Requirements Guide
Deploy each device as described in the Installation and Operations Guide under
Devices - Manage Devices .
Register each device with EMC:
-

EMC employees should use IBG for this

Implementing partners should use PNT

Customers please raise an EMC Service Request

For each serial number include the product login\password to be used by EMC
for connect-in, and if connect-in and connect-home are allowed (default).
Test remote connect-in to customer products is working correctly
(EMC & Partners only)
Test remote connect-home from customer products to EMC is working correctly

Trigger a test connect-home from the product (see products own

documentation)
Validate that EMC received the test connect-home:
o

EMC employees use CLM or SYR

Implementing Partners and customers use support.emc.com section

MyProducts

Connect-homes are processed immediately by EMC Support, but may take a

few hours to show in the above separate EMC reporting systems. If you cannot
find your initiated connect-home event (after allowing sufficient time we
recommend you open a Service Request verify receipt of your test connect-home

15

EMC Secure Remote Services Pre-Site Checklist

Deploying customer EMC products to ESRS Virtual Edition

Customer EMC Products a.k.a. ESRS End-Devices

16
EMC Secure Remote Services Pre-Site Checklist

IP
address
EMC

Site ID

product type

17

Serial number

(Party#)

EMC Secure Remote Services Pre-Site Checklist

Product <>
ESRS
Virtual

Device Deployed

Edition

and connectivity

ports open

checked (Date)

Deploying customer EMC products to ESRS Virtual Edition

Final steps
Check the ESRS Virtual Edition GUI if an ESRS software update is available, apply any

STEP

update.
This is documented in the ESRS install and Operations Guide under Downloading and
applying updates.

If you are using the Policy Manager, then check to ensure that the Windows Task
Scheduler is running and unrestricted, so that Policy Manager backups can occur.

Notes and comments

18
EMC Secure Remote Services Pre-Site Checklist

19

EMC Secure Remote Services Pre-Site Checklist

Deploying customer EMC products to ESRS Virtual Edition

APPENDIX ESRS Virtual Edition connections to\from EMC products

Refer to the EMC Secure Remote Services Release Notes for latest information.
The following table is a guide to how the EMC product at customer and ESRS Virtual Edition at customer
communicate with each other. See also the ESRS Port Requirements document for specific protocols.
Where available the recommended protocols for product connect-home are in order of preference:
1.
2.
3.
4.

HTTPS to ESRS Virtual Edition (preferred)

Email to ESRS Virtual Edition
FTP to ESRS Virtual Edition
Email via customer SMTP server to EMC (non-ESRS)

When deploying devices to ESRS Virtual Edition in the ESRS Virtual Edition GUI there are the
deployment suffixes you need to choose for each device type as listed below.
EMC
Product
Atmos
Avamar
Brocade
NOTE 1

Celerra

Centera
Cisco NOTE 2

ESRS Virtual Edition

IP connection(s)
to EMC Product
To management address on
each node
To the Utility Node
management address.
To management address for
Departmental models.
To Virtual address for
Director models
To Primary Control Station
for all models. To Secondary
and Active addresses for
Dual Control Station models.
To minimum of two Access
Nodes management address
To switch management
address

ESRS
GUI
Suffixes

Notes

-1 to -16

Use Node ID

None
-CLI
-CM

Use System ID for Serial Number

Avamar CLI # mccli server show-prop | grep ID

to Switch management port (SSH)

to CMCNE or CMDCE workstation
(EMCRemote)

-P
-S

Primary Control Station

Secondary Control Station

-A

Active Control Station (Alias)

-1 to -36

Node ID

None

to Switch management port (SSH)

-A

Storage Processor A

20
EMC Secure Remote Services Pre-Site Checklist

CLARiiON

To both SPA and SPB

management addresses

-B

CloudArray

Do not deploy in ESRS GUI

Deploy from CloudArray

CloudBoost

Do not deploy in ESRS GUI

Deploy from CloudBoost

-CLI

Connectrix

To the management
workstation address and/or
switch management address

NOTE 3

Customer
Managemen
t
Workstation
Data
Domain
DL3D
DLm

To Management workstation
To appliance management
address
To appliance management
address
To Primary, Secondary and
Active management
addresses
To Primary, Secondary and
Active management
addresses

DLm3

-CM
-1 to
-32

Storage Processor B

to Switch management port (SSH)

to Connectrix Manager workstation
(EMCRemote)
Management Workstation ID

None

Appliance

-1 to -3

Appliance

-P
-S
-A
-ACP1

Primary Control Station

Secondary Control Station
Active Control Station (Alias)
Primary Access Control point
Secondary Access Control point (for Dual

-ACP2
-ACPA

ACP only)
Active Access Control Point (Alias for
Dual ACP only)
Primary Virtual Tape Engine
Secondary Virtual Tape Engine
Active Virtual Tape Engine (Alias)

DLm4

To VTE1, VTE2 and Active

VTE management addresses

-VTE1
-VTE2
-VTEA

DPA

Do not deploy in ESRS GUI

Deploy from DPA

DPC

Do not deploy in ESRS GUI

Deploy from DPC

DSSD

Do not deploy in ESRS GUI

Deploy from DSSD

ECS

To management address of
each ViPR virtual machine.
To public address of one ECS
node

EDL

To Engines, SPA and SPB

management addresses

Greenplum
DCA

To management interface

-AT
-SW1
-SW2
-SW3
-A
-B
-B
-P

21

EMC Secure Remote Services Pre-Site Checklist

ECS Node
ViPR Virtual Machine 1
ViPR Virtual Machine 2
ViPR Virtual Machine 3
Engine A Service IP
Engine B Service IP
Backup Node
Primary Node

Deploying customer EMC products to ESRS Virtual Edition

Invista
Isilon
PowerPath

To appliance management
address
To dedicated Management
Subnet address for each node

-A
-B

Management addresses

None

Connect to individual node

Do not deploy in ESRS GUI

Deploy from PowerPath

To each physical appliance

address and one

-16

Cluster management address

-1 to

Physical Node ID and physical node

-15

management address

management address per

Recover
Point

cluster
NOTE: Use Software Serial
ID as the serial number for
all entries including nodes
Admin CLI # get_system_settings

ScaleIO
Symmetrix
VMAX

Do not deploy in ESRS GUI

To Service Processor
management address

Deploy from ScaleIO

None

Service Processor

MMCS
Symmetrix
VMAX3

Symmetrix
VMAX
Cloud
Edition
VCE Vision

To primary and secondary

MMCS addresses

Refer to VMAX CE Install

Documentation

Management Module Control Station 1

1
MMCS

Management Module Control Station 2

2
-AE
-CECV
-COL
-H1
-H2
-SE
-VC

Automation Engine IP
ConnectEMC IP
Collector IP
Server 1 IP
Server 2 IP
Solutions Enabler IP
Virtualization Centre IP

Do not deploy in ESRS GUI

Deploy from VCE Vision

ViPR

To each ViPR management

address

-1 to -3

ViPR SRM

Do not deploy in ESRS GUI

Deploy from ViPR SRM interface

NOTE 6

22
EMC Secure Remote Services Pre-Site Checklist

Virtual Machine 1 to 3

BLOCK

VNX Block
NOTE 4

Both SPA and SPB required

Storage Processor A

A
BLOCK

Storage Processor B

VNX
Unified

To Primary, Secondary,
Active Control Station
addresses.
To SPA and SPB management
addresses

-FILEP
-FILES

Primary Control Station

Secondary Control Station

-FILEA

Active Control Station (Alias)

VNXe

To management address

None

VPLEX

To management address

None

VSPEX
BLUE

Do not deploy in ESRS GUI

Deploy from VPSEX Blue

XtremIO

To management address

None

Notes

Appliance

Appliance

1. Requires separate Windows monitoring workstation running CMCNE or

CMDCE
2. Requires separate Windows monitoring workstation running Cisco
DCNM 5.x or higher
3. Requires separate Windows monitoring workstation running ESRS VNX
IP Client
4. Requires BLOCK OE 05.32.000.5.215 or higher (VNX1) and
05.33.000.5.072 or higher (VNX2)
Some products only send product-specific information to EMC, and do not
connect-home for alerts\configuration files etc.

23

EMC Secure Remote Services Pre-Site Checklist

Deploying customer EMC products to ESRS Virtual Edition

Copyright 2016 EMC Corporation. All Rights Reserved.

EMC believes the information in this publication is accurate as of its publication date. The
information is subject to change without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION
MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO
THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Use, copying, and distribution of any EMC software described in this publication requires an
applicable software license.
For the most up-to-date regulatory document for your product line, go to the Technical
Documentation and Advisories section on the EMC Online Support Site (support.emc.com).
For the most up-to-date listing of EMC product names, see EMC Corporation Trademarks on
EMC.com.
All other trademarks used herein are the property of their respective owners.

24
EMC Secure Remote Services Pre-Site Checklist