Docu55297 EMC Secure Remote Services Release 3.14 Installation and Operations Guide

(1)

EMC Corporation Corporate Headquarters: Hopkinton, MA 01748

-

9103 1

-

508

-

435

-

1000 www.EMC.com Release 3.14

Installation and Operations Guide

REV 01

(2)

EMC Secure Remote Services Installation and Operations Guide 2

EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice.

THE INFORMATION IN THIS PUBLICATION IS PROVIDED “AS IS.” EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.

For the most up-to-date listing of EMC product names, see EMC Corporation Trademarks on EMC.com. All other trademarks used herein are the property of their respective owners.

RSA is a registered trademark of RSA Security Inc.

For the most up-to-date regulatory document for your product line, go to the Document/Whitepaper Library on the EMC Online Support Site (support.emc.com).

(3)

Preface

Chapter 1 Introduction

Overview... 20

EMC solution benefits... 20

Customer site components ... 21

ESRS Virtual Edition servers ... 21

Policy Manager ... 22

Proxy server... 22

Communication to EMC ... 25

Heartbeat polling ... 25

Remote notification (Connect Home) ... 26

Remote access... 27

Digital Certificate Management... 29

Device access control ... 30

Device configuration access control...30

EMC enterprise access control ...30

Responsibilities for ESRS components ... 31

Customer... 31

Customer or EMC Global Services... 32

EMC Global Services ... 32

Chapter 2 Installing and Provisioning ESRS Overview... 34

Install options ... 34 Configuring ESRS on Linux host using Docker Engine (ESRS DE) 35

(4)

Prerequisites ... 35

ESRS Installation Instructions... 36

Configuring Operating System for VM (ESRS VE)... 40

Configure Network ... 40

First boot installation ... 40

Root logon and Admin setup... 69

Provisioning screens/ESRS setup ... 73

Registration ... 73

Email Configuration... 94

Policy Manager ... 101

Connect Home ... 103

Chapter 3 ESRS Web UI Configuration Accessing ESRS Virtual Edition via Web UI ... 110

Requirements ... 110

Logging on and initial setup... 110

Login attempts ... 111

Using the Dashboard... 113

Taking ESRS offline ... 113

System Status tab... 115

Active MFT Sessions tab... 116

Remote Sessions tab ... 116

Connect Homes tab ... 117

Alerts tab... 117

Service Status tab ... 118

Update tab ... 119

Devices - Manage Devices ... 121

Adding devices ... 121

Editing IP address ... 124

Removing devices... 125

Migrating devices ... 126

Adding additional Site ID ... 129

Additional Info column ... 131

Permissions Rule ... 132 Configuration ... 135 E-mail configuration ... 136 Policy Manager ... 138 Proxy Server ... 144 Connect Home ... 148 Network Check ... 150 Customer Contact... 152 Audit... 155 VE Audit ... 155

(5)

5 EMC Secure Remote Services Installation and Operations Guide

Connect Home Audit... 157

MFT Audits ... 158

Logs ... 160

Logging out ... 162

Changing the password using the Web UI... 164

Procedure ... 164

Exporting to CSV Managed Devices ... 166

Procedure ... 166

Chapter 4 Server Maintenance Service preparation for ESRS Virtual Edition ... 170

ESRS Virtual Edition server ... 170

Backup guidelines and procedures ... 172

Chapter 5 Virtual Lifecycle Management - Updating Overview ... 174

Update checks... 174

Downloading and applying updates ... 175

Chapter 6 Troubleshooting Resetting the Web UI administrator user password ... 182

Prerequisite ... 182

Procedure ... 182

Service commands and debugging... 185

Syntax to stop and start status check for core services... 185

Core service names ... 185

Steps to enable logging... 186

Provisioning logs... 189

Unzipping files using WinZip ... 190

Appendix A ESRS Migration Process ESRS Migration Tool version 3.00.00.00 ... 194

Precondition prior to migration process initiation... 196

Assumptions ... 198

Procedure for migrating devices from source to target gateway .... 199 ESRS Export Import Migration Tool (Version 3.xx) for Windows... 204 Procedure ... 204

(6)

Bulk Import Export Tool embedded in ESRS 3.02.XX.XX and

above ... 229

Backend migration process ... 233

Appendix B Correcting Network Configuration Using YaST Procedure ... 246

Appendix C IP Addresses used by ESRS Key information ... 260

Article access ... 261

Appendix D ESRS v3.x on Hyper-V Install Process Procedure ... 264

Appendix E EMC Customer Environment Check Tool for ESRS v3.x Customer Environment Check Tool overview ... 280

Required CECT test resolution ... 281

Installation ... 284

Operation ... 285

Launching the Customer Environment Check Tool (CECT).... 285 Selecting tests to be run ... 287

Viewing test result log files ... 291

Run log example ... 292

(7)

Title Page

1 Remote notification communication ... 27

2 Remote access communication... 28

3 chmod command... 36

4 Checking prerequisites ... 37

5 Setting the root password ... 38

6 Sample image of successful installation... 39

7 Deploy OVF Template... 41

8 Deploy from a file or URL... 42

9 OVF Template Details... 43

10 Name and Location... 44

11 Disk Format... 45

12 Ready to Complete... 46

13 Deploying ESRS... 46

14 Completed Successfully message ... 47

15 Powering on the virtual machine... 47

16 Option to power off the virtual machine ... 48

17 Selecting Console tab ... 49

18 License agreement... 50

19 Network Configuration II ... 52

20 Selecting Network Interfaces... 53

21 Network Settings... 54

22 Network Card Setup ... 55

23 Selecting Hostname/DNS... 56

24 Setting up Host Name DNS Server ... 57

25 Specifying the default Gateway IP address... 58

26 Network Interfaces screen... 59

27 Saving Network Configuration... 60

28 Selecting time zone... 61

29 Change Date and Time ... 62

(8)

31 Clock and Time Zone screen ... 64

32 Setting up root console user password ... 65

33 Entering Admin user name ... 66

34 Completing the System Configuration ... 67

35 Configuration verification ... 68

36 Login page... 69

37 EULA page ... 70

38 Admin account setup... 72

39 Primary Contact page... 73

40 Status message for primary contact... 74

41 Technical Contact page ... 75

42 Status message for technical contact ... 76

43 Proxy server tab... 77

44 Test result ... 78

45 Proxy configuration status... 79

46 Selecting Run Test button ... 80

47 Run Test results ... 81

48 Enter Credentials... 82

49 Provision Site ID tab ... 83

50 Confirmation page ... 84

51 Provisioning commences with status indicator... 85

52 Provisioning completed ... 85

53 Enter Credentials... 86

54 Customer Provisioning Page... 87

55 Status window ... 88

56 Enter access code... 89

57 Customer Site page ... 90

58 Site confirmation ... 91

59 Provisioning status ... 92

60 Provisioning Success window... 93

61 Email Configuration ... 95

62 Status pop-up window... 96

63 Error sending Email... 96

64 Warning pop-up message... 97

65 Test Email ... 98

66 Connect Home Configuration ... 99

67 Email configuration has been saved... 100

68 Notification Email ... 101

69 Policy Manager... 102

70 Policy configuration has been saved ... 103

71 Warning message if email configuration was skipped ... 104

72 Selecting connections... 105

(9)

74 Setup Complete... 107

75 Dashboard... 108

76 ESRS Web UI home page... 110

77 Login page ... 111

78 Login Failed... 112

79 Selecting Set Offline... 114

80 Setting a device Offline... 115

81 Dashboard - System Status... 116

82 Dashboard - Remote Sessions ... 116

83 Dashboard - Connect Homes... 117

84 Dashboard - Alerts ... 118

85 Dashboard - Service Status tab ... 119

86 Update tab ... 120

87 Selecting Devices > Manage Devices... 121

88 Adding a device ... 122

89 Entering device to be added ... 123

90 Pending add ... 123

91 Message box ... 123

92 Selecting device to be edited ... 124

93 Removing a device ... 125 94 Start Migration ... 127 95 Entering details ... 128 96 Migration successful ... 128 97 Migration completed... 129 98 Adding Site ID ... 130

99 ESRS Add Site ID dialog box ... 130

100 Confirmation dialog box... 131

101 Additional Info... 131

102 Selecting Permission Rules... 132

103 Permission Rules page ... 133

104 Entering user credentials ... 134

105 Confirmation box... 134

106 Configuration ... 135

107 Email Configuration... 136

108 Enable Device Connection Notification ... 137

109 Success pop-up message... 137

110 Sample of test e-mail received by the listed participants ... 138

111 Saving email configuration ... 138

112 Policy Manager with SSL... 139

113 Policy Manager with SSL and with Proxy ... 140

114 Policy Manager without SSL... 141

115 Policy Manager without SSL but with Proxy ... 142

(10)

117 Enable SSL check box left unchecked... 144

118 Selecting Proxy Server... 145

119 Enabling proxy check box... 145

120 Selecting Test ... 146

121 Success message ... 146

122 Clicking Apply Settings ... 147

123 Clicking OK... 147

124 Accessing Connect Home ... 148

125 Success message for enabling failover using FTPS ... 149

126 Testing Connect Home... 150

127 Network Check... 151

128 Network Check Status... 151

129 Accessing Configuration -> Customer Contact ... 152

130 Customer Contact page... 153

131 Success pop-up window ... 153

132 Search and export capability ... 155

133 Selecting VE Audit ... 156

134 ESRS Virtual Edition Audit ... 156

135 Filter options ... 158

136 MFT Audit... 159

137 Download Logs ... 160

138 Expanding the log folders... 161

139 Logging out of Admin... 162

140 ESRS Virtual Edition home page ... 163

141 Selecting Change Password... 165

142 Export button... 166

143 Email Configuration Tab... 174

144 Update Available Notice on the ESRS v3.xx Dashboard ... 175

145 Update tab... 176

146 Clicking Apply ... 177

147 Applying Update ... 178

148 Update in progress... 179

149 Validating update ... 180

150 Confirming the new password ... 183

151 Password reset... 184

152 Status check examples ... 185

153 Core service status in the Web UI... 186

154 Selecting Options ... 190

155 Selecting Miscellaneous tab ... 191

156 Clearing the TAR file smart CR/LF conversion checkbox ... 192

157 Installing Migration Tool ... 196

158 Unable to install Windows Features error message... 197

(11)

160 Selecting Destination Directory... 200

161 EMC SRS Migration Progress Bar ... 200

162 Summary page ... 201

163 Example of DMB Request xml file in destination directory... 202

164 Uncompressing a file... 206

165 Running as administrator... 207

166 Clicking Next... 208

167 Exporting Managed Devices - DMB Format ... 209

168 Using the Browse button ... 210

169 Creating the migration files ... 210

170 Clicking Finish ... 211

171 Runtime log ... 212

172 Export Managed Devices - CSV Format... 214

173 Selecting destination directory ... 215

174 Run time log ... 216

175 Import File ... 217

176 Using browse to select the source file... 219

177 Selecting the source file... 219

178 Selecting destination directory ... 220

179 Finish EMC ESRS2 Migration ... 221

180 Log files ... 222

181 Copying file ... 224

182 Secure Remote Support Bulk Import Export Wizard... 224

183 Selecting Export feature... 225

184 Browsing to the location of the file ... 226

185 Defining an alternate path... 227

186 Selecting Next... 227

187 Selecting Finish ... 228

188 Export file directory ... 228

189 Example of source gateway serial number on ServiceLink... 233

190 Selecting Manage Devices ... 234

191 Managed Device List... 234

192 Virtual edition serial number... 235

193 Manage Devices ... 235

194 Selecting Migrate Gateway ... 236

195 Migrate Gateway dialog box... 237

196 Clicking Done... 238

197 Selecting Sync Now ... 239

198 Viewing deployment status ... 240

199 Managed Devices page ... 241

200 Selecting Remove All button... 242

201 Confirming deletion ... 242

(12)

203 Selecting Approve All and Sync Now ... 243

204 Logging in as root ... 246

205 User interface ... 247

206 Selecting Network Devices ... 248

207 Selecting Network Settings... 249

208 Network Settings screen ... 250

209 Network Card Setup screen... 251

210 Changing DNS configuration... 252

211 Editing the default gateway ... 253

212 Saving network configuration... 254

213 Setting date and time ... 255

214 Clock and Time Zone screen ... 256

215 YaST2 Control Center ... 257

216 Launching Hyper-V Manager ... 264

217 Selecting New > Virtual Machine... 265

218 Selecting Next ... 266

219 Selecting Virtual Machine... 267

220 Specifying name ... 268

221 Assigning Memory ... 269

222 Configuring Networking ... 270

223 Selecting location... 271

224 Clicking Open ... 272

225 Entering location and clicking Next to continue ... 273

226 Clicking Finish to complete ... 274

227 Clicking Connect ... 275

228 Powering on ... 276

229 First boot configuration... 277

230 Gateway Tests Menu ... 288

231 SRS Server Environment Tests ... 289

(13)

Title Page

1 Specifications for ESRS Virtual Edition... 24

2 Port Requirements... 35

3 Add Device Response Structure ... 157

4 Syntax Description and Command... 185

5 Models used for serial number arguments... 218

(14)

(15)

As part of an effort to improve and enhance the performance and capabilities of its product line, EMC from time to time releases revisions of its hardware and software. Therefore, some functions described in this guide may not be supported by all revisions of the software or hardware currently in use. For the most up-to-date information on product features, refer to your product release notes.

If a product does not function properly or does not function as described in this guide, contact your EMC representative.

Audience This guide is a part of the EMC Secure Remote Services (v3.xx) documentation set and is intended for use by device administrators. Related

documentation

!

A caution contains information essential to avoid data loss or damage to the system or equipment. The caution may apply to hardware or software.

(16)

16 EMC Secure Remote Services Installation and Operations Guide IMPORTANT

!

An important notice contains information essential to operation of the software.

WARNING

A warning contains information essential to avoid a hazard that can cause severe personal injury, death, or substantial property damage if you ignore the warning.

Typographical conventions

EMC uses the following type style conventions in this guide: Normal In running text:

• Interface elements (for example, button names, dialog box names) outside of procedures

• Items that user selects outside of procedures • Java classes and interface names

• Names of resources, attributes, pools, Boolean expressions, buttons, DQL statements, keywords, clauses, environment variables, filenames, functions, menu names, utilities • Pathnames, URLs, filenames, directory names, computer

names, links, groups, service keys, file systems, environment variables (for example, command line and text), notifications

Bold • User actions (what the user clicks, presses, or selects) • Interface elements (button names, dialog box names) • Names of keys, commands, programs, scripts, applications,

utilities, processes, notifications, system calls, services, applications, and utilities in text

Italic • Book titles

• New terms in text • Emphasis in text Courier • Prompts • System output • Filenames • Pathnames • URLs

• Syntax when shown in command line or other examples

Courier, bold • User entry

(17)

EMC Secure Remote Services Installation and Operations Guide 17 Where to get help EMC support, product, and licensing information can be obtained as

follows.

Product Information—For documentation, release notes, software updates, or for information about EMC products, licensing, and service, go to the EMC Online Support Site (registration required) at:

https://support.emc.com

Technical support—For technical support, click Support on the EMC Online Support Site. To open a service request through the EMC Online Support Site, you must have a valid support agreement. Please contact your EMC sales representative for details about obtaining a support agreement or to answer any questions about your account.

Your comments Your comments and suggestions will help us continue to improve the accuracy, organization, and overall quality of the user publications. Please send your comments and suggestions to:

[email protected]

Courier italic • Arguments in examples of command-line syntax • Variables in examples of screen or file output • Variables in pathnames

<> Angle brackets for parameter values (variables) supplied by user.

[] Square brackets for optional values.

| Vertical bar symbol for alternate selections. The bar means or.

(18)

(19)

Introduction 19 You should become familiar with the EMC Secure Remote Services Site Planning Guide. It is important to understand the system

requirements and configurations before you execute any administrative tasks.

This chapter introduces the EMC Secure Remote Services v3.14 (ESRS v3.14) that is the virtual edition of ESRS. Topics include:

◆ Overview ... 20

◆ Customer site components ... 21

◆ Communication to EMC ... 25

◆ Digital Certificate Management... 29

◆ Device access control ... 30

◆ Responsibilities for ESRS components... 31

Introduction

(20)

Overview

EMC Secure Remote Services, also known as ESRS, is a two-way remote connection between EMC Customer Service and your EMC products that enables remote monitoring, diagnosis, and repair. ESRS assures availability and optimization of your EMC infrastructure, and is a key component of EMC's industry leading Customer Service. The connection is secure, high speed, and operates 24x7. Note that ESRS v3.14 is the virtual edition of ESRS.

ESRS is included in all Enhanced and Premium warranties and maintenance agreements at no additional cost.

EMC solution benefits

The following describes the solution benefits of ESRS to EMC:

◆ Eliminates dependency on product/OS

◆ Reduces time to market from 6-9 months to 2-4 months through faster availability of product on boards Represents a prebuilt software solution that is packaged, updated, and maintained as a unit

◆ Simplifies software development, distribution, deployment, and management

◆ Provides prebuilt and configured, off the shelf operating system, and preinstalled ESRS software that allows setup and

configuration of the software, with final configuration at the time of deployment

(21)

Customer site components 21

Customer site components

ESRS Virtual Edition (VE) requires the following software/hardware at the customer site:

ESRS Virtual Edition(s)— This ESRS Virtual Edition OS and software component are installed on a customer-supplied Enterprise VMware or Hyper-V instance. It can be installed on multiple virtual instances either as a standalone instance or as ESRS Virtual Edition High Availability clusters. The servers act as the single point of entry and exit for all IP-based remote service activities and most EMC Connect Home notifications.

The following component is optional but highly recommended: Policy Manager— This ESRS software component is installed on a customer-supplied server or servers. It can be configured to control remote access to your devices and maintain an audit log of remote connections, file transfers Connect Homes by the ESRS Clients, and access to and administration actions performed on the Policy Manager.

ESRS Virtual Edition servers

ESRS is the remote service solution application that is installed on one or more customer-supplied dedicated servers. ESRS becomes the single point of entry and exit for all IP-based EMC remote service activities for the devices associated with that particular ESRS Virtual Edition or ESRS Virtual Edition Cluster.

ESRS functions as a communication broker between the managed devices, the Policy Manager, and the EMC enterprise. ESRS is an HTTPS handler. All messages are encoded using standard XML and SOAP application protocols. ESRS message types include the following:

◆ Device state heartbeat polling

◆ Connect Homes

◆ Remote access session initiation

◆ User authentication requests

◆ Device management synchronization

Each ESRS Virtual Edition acts as a proxy, carrying information to and from managed devices or to a Policy Manager. ESRS Virtual Editions can also queue and forward Connect Home requests via

(22)

FTPS and/or SMTP (if properly configured) in the event of a temporary ESRS channel failure.

Each ESRS Virtual Edition has its own web user interface, which runs as a Linux service on the underlying OpenSUSE operating system. All ESRS Virtual Edition actions are logged to a local rolling runtime log file.

Table 1 on page 24shows the minimum configuration of the required hardware and the application software.

Policy Manager The Policy Manager allows you to set permissions for devices that are being managed by ESRS. ESRS polls the Policy Manager every 2 minutes and receives the current policies, which are then cached locally in memory and to disk. Due to this polling time interval, policy updates may take up to 2 minutes before being applied. During the periodic poll, ESRS posts all audit requests and actions that have occurred to the Policy Manager. These events are written to the Policy Manager database and the local log files. These audits can also be streamed to a customer's syslog server. When a remote access request arrives at ESRS for device access, the access is controlled by ESRS enforcing the policy set by the Policy Manager.

ESRS Virtual Edition is supported with any version of Policy Manager 2.02.1-xxx or Policy Manager 6.6 or later. A redundant Policy Manager is only supported on Policy Manager 2.02.1-xxx. Note:Once installed on your server, the Policy Manager application is inaccessible by third parties, including EMC. For more information about the operations and configuration of the Policy Manager, refer to the EMC Secure Remote Services Policy Manager Operations Guide.

Proxy server Network traffic can be configured to route from ESRS through proxy servers to the Internet. Such configurations include support for auto-configuration, HTTP, and SOCKS proxy standards; however, the customer is responsible for all proxy server configuration.

Note: If user accounts are required, they should be service accounts that do not have expiring passwords.

(23)

Customer site components 23

IMPORTANT

!

To ensure communication integrity, proxy servers and devices external to your DMZ must not perform any method of SSL checking on outbound or inbound traffic for ESRS. SSL checking will cause connectivity loss to EMC. If SSL checking is performed on outbound communications by customer firewalls, proxies, web traffic filtering appliances or applications, web traffic shaping/load balancing, certificate verification or proxying, or Intrusion

Detection Services (IDS), there will be loss connectivity to EMC.

Note:When a customer configuration requires proxy communication between ESRS and the Policy Manager or between ESRS and EMC Enterprise, and if ESRS cannot connect to either through the proxy communication path, then it will attempt to connect multiple times. If the ESRS successfully establishes a direct connection, then no error message appears to notify the customer or EMC that there is a problem with the proxy communication path.

Table 1 on page 24shows the minimum configuration of the ESRS deployed on the ESX Server.

(24)

24 EMC Secure Remote Services Installation and Operations Guide Table 1 Specifications for ESRS Virtual Edition

Type Requirements EMC provided software Notes ESRS Virtual Edition

VMware ESX 5.0 or later or Windows Hyper-V environment on Windows 2008 R2 or Windows 2012

Processor — One or more processors, each 2.2 GHz minimum, must be SSE2

supported (required for FIPS compliance)

Free Memory — 4 GB Memory or higher. Free Disk Space — 64 GB Disk Space

Note:Collocation of a Policy Manager on the ESRS Host is not supported or permitted. The underlying SUSE operating system is customized for the ESRS and does not have the necessary libraries.

ESRS Default is one vCPU, but you have the option to add additional vCPU before ESRS is powered up. ESRS requires a site-supplied ESX or Windows server. Two ESRS Virtual Edition servers deployed on a separate ESX servers/Hyper-V servers are required for a High Availability configuration. One ESRS Virtual Edition or ESRS Virtual Edition High Availability Cluster can support up to 250 devices. Do not place VMware/Hyper-V images or storage files on EMC devices managed by the ESRS Client.

When running clustered HA Clients on VMware/Hyper-V, each Gateway Client must be located on different physical hardware.

(25)

Communication to EMC 25

Communication to EMC

All outbound communication between the customer’s site and EMC is initiated from the customer’s site by the ESRS server(s) over port 443 and 8443. Using industry standard Secure Sockets Layer (SSL) encryption over the Internet and an EMC-signed digital certificate for authentication, the ESRS creates a secure communication tunnel. IMPORTANT

!

Port 8443 is not required for functionality.Hhowever unless you open this port, you may experience a significant decrease in remote support performance, which will directly impact the time necessary to resolve issues on the end devices.

ESRS uses industry-accepted bilateral authentication for the EMC servers and ESRS. Each ESRS has a unique digital certificate that is verified by EMC whenever an ESRS makes a connection attempt. ESRS then verifies the EMC server certificate. Only when the mutual SSL authentication passes does ESRS transmit messages to EMC, securing the connection against spoofing and man-in-the-middle attacks.

ESRS uses the SSL tunnel to EMC to perform the following functions:

◆ Heartbeat polling

◆ Remote notification

◆ Remote access

Each ESRS relies on the SSL tunnel, but communication processes and protocols within the tunnel vary by function. Each function is discussed in the following sections.

Heartbeat polling Heartbeat polling is described in the following sections:

◆ “To EMC by ESRS” on page 25

◆ “To EMC devices managed by ESRS” on page 26

To EMC by ESRS

The heartbeat is a polling that occurs every 30 seconds, from ESRS to the EMC enterprise. Each heartbeat contains a small datagram that identifies ESRS and provides the EMC enterprise with status information on the connectivity and health of the EMC storage devices and the ESRS.

(26)

EMC ServiceLink receives the data in a Simple Object Access Protocol (SOAP) message. Once this response is acknowledged, the ESRS terminates the connection.

Monitoring and event notification are handled by ESRS. If a problem occurs with an ESRS server and a High Availability ESRS Cluster has been implemented, then another ESRS within the cluster handles these activities. In a High Availability ESRS Cluster, remote access session management is handled by the first ESRS to send a heartbeat to the EMC enterprise and to receive the remote access request. Note:ESRS v3.x can only be clustered to other ESRS v3.x. They can not be clustered to existing ESRS 2.XX or Embedded ESRS Device Clients.

To EMC devices managed by ESRS

Once every 60 minutes ESRS polls each managed device to determine if primary support application(s) are available by making a socket connection to the device on one or more of the primary support application ports and by then verifying that the service applications are responding. If a change in status is detected, then ESRS notifies EMC over the next heartbeat.

The heartbeat is a continuous service. EMC monitors the values sent and automatically triggers service requests if ESRS fails to send heartbeats, or if the values contained in a heartbeat exceed certain limits.

Remote notification (Connect Home)

ESRS also serves as a conduit for EMC products to send remote notification event files to EMC. EMC products send remote notifications for several different purposes. Errors, warning conditions, health reports, configuration data, and script execution statuses may be sent to EMC.Figure 1 on page 27provides an illustration of the remote notification communication paths.

When an alert condition occurs, the EMC product generates an event message file and passes it to the ConnectEMC service on the device to format the files and request a transfer to EMC. ConnectEMC uploads the file to ESRS where it is received by one of the following local transport protocols:

◆ HTTPS, if a device is qualified to send files using HTTPS

◆ SMTP

(27)

Communication to EMC 27

When an event file is received, ESRS compresses the file, opens the SSL tunnel to the EMC servers, and posts the data file to EMC. At EMC, the file is decompressed and forwarded to the Customer Relationship Management (CRM) systems.

Note:The connection inFigure 1 on page 27is to ESRS. ESRS forwards the Connect Home file through the ESRS tunnel. If the tunnel is unavailable, then ESRS can failover to FTPS or to the customer’s SMTP server to EMC, ifit is configured.

Figure 1 Remote notification communication

Remote access To establish an EMC Global Services remote access session to a customer’s device, ESRS uses asynchronous messaging to ensure that all communication is initiated outbound from ESRS at the customer’s site.

After being properly authenticated at EMC, an EMC Global Services professional makes a request to access a managed device. The remote access session request includes a unique identifier for the user, the serial number of the managed device, and the remote application he or she will use to access the device. It may include the Service Request number and or additional notes. This request is queued at EMC until an ESRS that manages the device in question sends a heartbeat to EMC.

In response to the Heartbeat, the EMC enterprise sends a special status in the SOAP response. This response contains the request information as well as the address of the Global Access Server and a unique session ID, which ESRS would use to establish the connection. ESRS uses its local repository to determine the local IP address of the

(28)

end device, checks the Policy Manager permissions to see if the connection is permitted, and if approved, establishes a separate persistent SSL tunnel to the Global Access Server for the specific remote access session.

This secure session allows IP traffic from the EMC internal service person to be routed through ESRS to the end device. IP socket traffic received by the Global Access Server when the session is established, is wrapped in a SOAP message, and sent to ESRS over the SSL tunnel. ESRS unwraps the SOAP object and forwards the traffic to the IP address and port of the end device for which the session was established. SOAP communication flows between ESRS and the Global Access Server through this tunnel until it is terminated or times out after a period of inactivity.Figure 2 on page 28provides an illustration of the remote access communication paths.

As a result of an application remote access session request, ESRS forwards traffic only to the specific IP address and ports that are associated with the registered serial number of the EMC device at the time of deployment.

Figure 2 Remote access communication

Remote support application SOAP

EMC storage array

EMC web and access servers

SSL tunnel - TLS with RSA key exchange AES-256 with SHA1 encryption

(29)

Digital Certificate Management 29

Digital Certificate Management

During the site ESRS installation, digital certificates are installed on ESRS. This procedure can only be performed by EMC Global Services professionals using EMC-issued RSA SecurID Authenticators. All certificate usage is protected by unique password encryption. Any message received by ESRS, whether pre- or post-registration, requires entity-validation authentication.

Digital Certificate Management automates ESRS Virtual Edition digital certificate enrollment by taking advantage of EMC's existing network authentication systems, which use the RSA SecurID Authenticator and the EMC private certificate authority (CA). Working with EMC systems and data sources, Digital Certificate Management aids in programmatically generating and

authenticating each certificate request, as well as issuing and installing each certificate on ESRS.

ESRS Virtual Edition Digital Certificate Management provides proof-of-identity of your ESRS Virtual Edition. This digital document binds the identity of ESRS to a key pair that can be used to encrypt and authenticate communication back to EMC. Because of its role in creating these certificates, the Private EMC certificate authority is the central repository for the ESRS key infrastructure.

The CA requires full authentication of a certificate requester before it issues the requested certificate to ESRS. Not only must the CA verify that the information contained in the certificate request be accurate, it must also verify that the EMC Global Services professional making the request is authenticated, and that this person belongs to an EMC Global Services group that is allowed to request a certificate for the customer site at which the ESRS certificate is to be installed. The EMC Global Services professional requests a certificate by first authenticating himself or herself using an EMC-issued RSA SecurID Authenticator. Once authentication is complete, the ESRS installation program locally gathers all the information required for requesting certificates. It also generates a certificate request, a private key, and a random password for the private key. The ESRS installation program then writes the certificate request information to a request file, ensuring accuracy and completeness of the information. The installation program then submits the request. After the

certificate is issued, the installation program automatically completes the certificate installation on ESRS.

(30)

Device access control

ESRS Virtual Edition achieves remote application access to a process running on an EMC storage device by using a strict IP and

application port-mapping process. You have complete control over which ports and IP addresses are opened on your internal firewall to allow connectivity. The remote access session connections are initiated by an EMC Global Services request at the EMC Global Access Server and through a pull connection by ESRS. EMC users can initiate remote sessions via the ESRS portal. EMC never initiates a connection to your ESRS Virtual Edition or network. Your policies as set in the ESRS Policy Manager determine if and how a connection is established. If there is no Policy Manager, then the default access will be Always Allow.

Device configuration access control

Once your devices are configured for ESRS Virtual Edition

management, you must carefully control and monitor any changes to the configuration of the managed device. For example, changing the configured IP address in ESRS Virtual Edition or changing the IP address of the storage device disables EMC's ability to perform remote service on that device as well as the device’s connect home capabilities. For this reason, ESRS requires that only authorized EMC Global Services professionals are allowed to approve the change for a managed device. Each device modification, as well as the user ID of the EMC Global Services professional who approved the change, is tracked in the EMC enterprise audit logs.

EMC enterprise access control

Several security features are incorporated into the EMC enterprise. For access, EMC Global Services professionals must be logged into the EMC corporate network and must connect to the ESRS Enterprise Application using EMC RSA SecurID® two-factor authentication technology. Only authorized EMC personnel can access the EMC enterprise.

(31)

Responsibilities for ESRS components 31

Responsibilities for ESRS components

The following sections describe the installation, configuration, operation, and maintenance responsibilities of EMC customers and EMC Global Services.

Customer You are responsible for the following:

◆ Installing, configuring, and maintaining the following hardware and software components:

• ESRS Virtual Edition hardware and virtual host environment for the customer’s environment

• Policy Manager server hardware and operating system • Antivirus and other applicable security software in the

customer environment

◆ Providing continuous maintenance to the ESX server that hosts the ESRS Virtual Edition and the operating systems, including security updates

◆ Monitoring and maintaining sufficient disk space

◆ Preparing and configuring the network, proxy server, and firewall

◆ Backing up and restoring your file systems

◆ Maintaining physical security of the hardware

◆ Protecting all files on the ESRS and the Policy Manager servers, including the SSL certificate(s) if applicable

◆ Configuring, administering, and updating policies and accounts on the Policy Manager

◆ Maintenance of the Policy Manager servers, including updates,

upgrades, and anti-virus protection, is the customer’s responsibility. For the ESRS V3 Virtual Appliance, updates supplied by EMC must be applied by the customer via the Update tab in the GUI. EMC does not recommend updating the virtual machine using any other method. Customers can install anti-virus protection, however, EMC cannot guarantee that it will be compatible with the V3 software package.

Note:For more information on the operation and configuration of the Policy Manager, refer to the EMC Secure Remote Services Policy Manager Operations Guides.

(32)

Note:Customers can download ESRS patches from the EMC Online Support Site (support.emc.com) and install them at their convenience. All ESRS Virtual Edition patches are cumulative.

Note:Policy Manager software is customer installable.

Customer or EMC Global Services

EMC Global Services personnel or customers are responsible for installing the ESRS software.

The same is true of the Policy Manager software (customers may install this software) and of the following tasks:

◆ Configuring and deploying the EMC devices managed by ESRS Updating the ESRS and Policy Manager software

EMC Global Services

EMC Global Services are responsible for the following:

◆ Configuring ESRS Virtual Edition High Availability Clusters must be done by EMC Global Services.

◆ Approving the Deployment, Removal, or Revisions of Deployed Devices in ServiceLink

Note:If Connect Home on the device is already configured, the customer may use the ESRS Web UI to add, remove, or edit devices to the ESRS, which will then require approval on the EMC Enterprise network.

(33)

Installing and Provisioning ESRS 33 This chapter provides the information that you will need to prepare the ESRS server for the installation and provisioning of ESRS. Topics include:

◆ Overview ... 34

◆ Configuring ESRS on Linux host using Docker Engine (ESRS DE) 35

◆ Configuring Operating System for VM (ESRS VE)... 40

◆ Root logon and Admin setup ... 69

◆ Provisioning screens/ESRS setup... 73

Installing and

Provisioning ESRS

(34)

Overview

Apart from the ESRS backend system, there is an ESRS Gateway that is installed on the customer site either on the product itself

(embedded ESRS Device Client), on a separate physical/virtual machine, or as a binary installer for Linux.

Install options There are two install options for ESRS:

◆ ESRS Virtual Edition (ESRS VE) • ESRS can be run 100% virtually • No additional hardware required • No additional OS licenses required

◆ ESRS Docker Edition (ESRS DE)

• Can be run on a qualified Linux environment that supports Docker containers

The following section describes the binary install for ESRS on a Linux host.

(35)

Configuring ESRS on Linux host using Docker Engine (ESRS DE) 35

Configuring ESRS on Linux host using Docker Engine (ESRS DE)

Prerequisites To install the ESRS Docker on a Linux host, ESRS requires that

specific assigned ports (see Port Requirements section below) on the system be available. If the prerequisites are not provided, then the ESRS application installer aborts the installation.

System Requirements Before installing ESRS on a Linux host, the following must already be installed:

◆ Docker supported Linux distribution (x64 bit)

◆ Docker Engine (Docker runtime)

Using the binary installer, ESRS can be installed on the Linux distributions that support Docker. For a list of Linux distributions that are supported by Docker and for Docker installation instructions, refer to the following address:

https://docs.docker.com/engine/installation/.

Note: The Docker Engine is supported on many Linux distributions (such as RHEL, CentOS, OpenSUSE, and SUSE Linux Enterprise), for example, the following is the link for a Docker installation on Red Hat Enterprise Linux (RHEL): https://docs.docker.com/engine/installation/linux/rhel/. Port Requirements ESRS runs its services on the following ports:

Note: Only Isilon uses Privoxy (port 8118) for Manage File Transfer (MFT).

Table 2 Port Requirements

Services Ports

Connect Home support (legacy) - FTP 21 Connect Home support (legacy) - HTTPS 443 Connect Home support (legacy) - SMTP 25 provision, WebUI, RESTful services (such as device management,

(36)

ESRS Installation Instructions

The ESRS installer performs the required prerequisite checks. In effect, it validates the system requirements, Docker runtime, and the specified port availability.

To install ESRS:

1. Download the latest ESRS Docker Edition (ESRS DE) for Linux on EMC Online Support:

https://support.emc.com

2. To change the permission of the installer, use the following chmod command:

chmod +x esrsde-3.14.00.01.bin

Figure 3 chmod command

3. Run the installer using the following command:

./esrsde-3.14.00.01.bin --install

The command will check the following prerequisites, and proceed with installation:

• Disk space availability, must be at least 64 GB • Docker is installed

(37)

• Ports 21, 25, 443, 9443, and 8118 are free • IP address is valid

(38)

4. Follow the instructions on the prompt to complete the installation.

During the installation, the installer will request a password to be set for the root account of ESRS, as shown in the following figure. Note: This is not the root account of the host.

Figure 5 Setting the root password

At the end of a successful installation, the installer displays a message stating that the ESRS services are up and running and provides the URL for you to provision ESRS, as shown in the following figure.

(39)

Figure 6 Sample image of successful installation

After you copy and paste the URL to a Web browser, follow the steps starting at the“Root logon and Admin setup”section.

(40)

Configuring Operating System for VM (ESRS VE)

Configure Network The following are needed to set up ESRS:

◆ IP address

◆ Default gateway

◆ DNS server

The following are optional:

◆ Customer proxy server

◆ ESRS Policy Manager (strongly recommended)

◆ Mail server - if you would like notifications and/or Connect Home failover

Note the following:

◆ Do not change any elements (for example, firewall settings) of ESRS, according to customer security policies.

◆ Do not place VMware/Hyper-V images or storage files on EMC devices managed by ESRS.

◆ When running clustered HA ESRS Virtual Edition Clients on VMware /Hyper-V, each ESRS Virtual Edition Client must be located on a different physical ESX server.

First boot installation Before you can access the ESRS Virtual Edition Web UI, you must perform a first boot installation.

This section provides the steps to install and configure ESRS and to boot it through the ESX Server/HYPERV.

Requirements Before you begin, the following conditions must be met:

◆ The ESRS Virtual Edition software package has been downloaded by the customer and is available for installation

Note:The version downloaded must match the virtual environment to be used.

◆ Enterprise level:

(41)

Configuring Operating System for VM (ESRS VE) 41

• VMware or Hyper-V is available

◆ Customer must create a VM and install the OS.

To configure the ESRS during first boot, follow the steps in the following sections.

Downloading the vSphere Client and deploying the ESRS image To download the vSphere Client and deploy the ESRS image:

1. Access the vSphere Client and select File > Deploy OVF Template..., as shown inFigure 3 on page 41. The Deploy OVF Template - Source wizard appears.

(42)

2. In the OVF Template wizard, use the Browse... button to select the desired URL to download and install the OVF package, as shown inFigure 4 on page 42, and then click Next. The OVF Template Details window appears.

(43)

3. In the OVF Template Details window, verify the details and then click Next to continue, as shown inFigure 5 on page 43. The Name and Locationwindow appears.

(44)

4. In the Name and Location window, enter a unique name and a location for the deployed template, as shown inFigure 6 on page 44, and then click Next. The Disk Format window appears.

(45)

5. In the Disk Format window, select Thin Provision and then click Next, as shown inFigure 7 on page 45. The Ready to Complete window appears.

(46)

6. In the Ready to Complete window, review your options, and then click Finish, as shown inFigure 8 on page 46. The deployment statuswindow appears, as shown inFigure 9 on page 46. When the deployment is completed successfully, a deployment completed successfully message appears.

Figure 12 Ready to Complete

(47)

7. In the Deployment Completed Successfully window, click Close, as shown inFigure 10 on page 47.

Figure 14 Completed Successfully message

8. Go to“Powering on the machine and accepting the license agreement” on page 47and follow the steps listed.

Powering on the machine and accepting the license agreement

To navigate through the Linux console:

1. In the vSphere Client, ensure that your deployed template is selected in the left pane directory, and then click Power on the virtual machinein the Getting Started tab, as shown inFigure 11 on page 47.

(48)

Note:Once you have selected the power on option, you will have the option to power off the machine, as shown inFigure 12 on page 48.

Figure 16 Option to power off the virtual machine

2. If applicable, go to the Hyper-V Appendix and follow the instructions listed. Then go to the following step.

(49)

3. When the machine is powered on, you can either right-click and open the console or go to the Console tab directly, as shown in Figure 13 on page 49. The license agreement appears, as shown in Figure 14 on page 50.

(50)

50 EMC Secure Remote Services Installation and Operations Guide Figure 18 License agreement

4. In the license agreement screen, review the license, and then use the shortcut key q to get to the Y/N prompt.

5. Accept the license by selecting Y for yes, and then pressing Enter. ESRS loads for the first time and the Hostname and Domain Name screen appears.

6. Go to“Provisioning the gateway host” on page 51and follow the steps listed.

(51)

Provisioning the gateway host

To provision the gateway host:

1. In the Network Configuration II screen, you can configure the IP address as follows (optional), or go toStep 2.

IMPORTANT

!

For post-install and existing gateway upgrades, the ESRS IP address should not be changed. If it is changed, it may affect gateway connectivity and the ability of the managed devices to send Connect Home via the gateway. Using static IP address is strongly recommended.

Note:Pay particular attention to configuring the network. You must configure/supply an IP address, subnet mask, DNS server, and default route (default gateway). You must also configure the time and time zone as this may affect the operation of ESRS. If you have connectivity problems during the web UI installation process, then log on to the ESRS shell and correct any network issue with YaST. For more information, see the troubleshooting section of this document.

a. Select the Change... (Alt-C) option, as shown inFigure 15 on page 52, and then tab over or select Next to continue. The Network Settings screen displays.

Note:The mouse does not work in the console window for selection. Tab to the selection or use the ALT-key combinations.

(52)

52 EMC Secure Remote Services Installation and Operations Guide Figure 19 Network Configuration II

(53)

b. In the Network Interfaces screen, select Network Interfaces..., as shown inFigure 16 on page 53. The Network Setting screen appears.

(54)

c. In the Network Settings screen, select Edit (Alt-I), as shown inFigure 17 on page 54. The Network Card Setup screen appears.

(55)

d. In the Network Card Setup screen, tab to the fields and enter the information for static IP address, subnet mask, and host name, as shown inFigure 18 on page 55, and then select Next (Alt-N or F10). The Network Settings screen appears.

IMPORTANT

!

The host name entered must be identical in the "Network Card Setup" screen and the "Hostname/DNS" screen.

(56)

e. In the Network Settings screen, tab to the Overview and then press the right arrow key to select Hostname/DNS, as shown inFigure 19 on page 56. The Network Settings,

Hostname/DNS screen appears.

(57)

f. In the Network Settings, Hostname/DNS screen (Alt-S), tab to the DNS Server field(s) and enter the IP address(es) of your DNS server(s), as shown inFigure 20 on page 57, and then select OK (Alt-O or F10).

IMPORTANT

!

Do not change the host name on this screen. The host name entered must be identical in the "Network Card Setup" screen and the "Hostname/DNS" screen.

Figure 24 Setting up Host Name DNS Server

g. Press ALT-U or tab to the Overview and press the right arrow key twice to the Routing Tab.

(58)

h. In the Network Settings, Routing screen, specify the default Gateway IP address used by your network, as shown in Figure 21 on page 58.

IMPORTANT

!

When you are provisioning ESRS and you are upgrading from an existing ESRS V2 or V3 gateway, use the same ESRS IP address. The ESRS IP address should not be changed, otherwise, it may affect gateway connectivity and the ability of the managed devices to send Connect Home via the gateway. Using static IP address is strongly recommended. i. Select OK (Alt-O or F10) to continue. The Network Interfaces

screen appears again.

(59)

j. In the Network Interfaces screen, select Next (Alt-N or F10), as shown inFigure 22 on page 59. The Saving Network

Configuration screen appears.

(60)

k. In the Saving Network Configuration screen, when configuration is completed, select Next (Alt-N or F10), as shown inFigure 23 on page 60. The Clock and Time Zone screen appears.

Figure 27 Saving Network Configuration l. Go toStep 2.

(61)

2. In the Clock and Time Zone screen, set up the time zone and then select [Change...] (Alt-C) to set the local time, as shown in Figure 24 on page 61. The Change Date and Time screen appears.

(62)

3. If necessary, in the Change Date and Time screen, select Manually to enter the desired time and date (as shown inFigure 25 on page 62), or select Synchronize with NTP Server to enter the NTP server address (as shown inFigure 26 on page 63), and then select Accept. The Clock and Time Zone screen appears again. Note:An NTP server is not required.

(63)

Note:If you are using NTP in your environment, then tab to the field and enter the required information. Then tab to Accept, or press Alt-A, or F10.

(64)

4. In the Clock and Time Zone screen, select Next (Alt-N or F10), as shown inFigure 27 on page 64. The Password for the System Administrator “root” screen appears.

(65)

5. In the Password for the System Administrator “root” screen, set up the root console user password, as shown inFigure 28 on page 65, and then select Next. The ESRS Web Administrator User Name screen appears.

IMPORTANT

!

Record your password. If you forget your root credentials

(password), then you must perform the first boot installation again to set up the root credentials. The system can not retrieve your credential information.

Note:There is no default password for root during first boot installation. You

mustmanually set the password at this time.

(66)

6. In the ESRS Web Administrator User Name screen, you may change the user name (not the password), and then select Next (Tab, ALT-N, or F10), as shown inFigure 29 on page 66. Completing the System Configuration screen displays.

Note:This is the Administrative credentials to use when you log on to the ESRS Web UI.

IMPORTANT

!

If you lose or forget the password for the ESRS Web UI, then see the“Troubleshooting”section for resetting the ESRS Web UI user password. This requires access to the ESRS shell with an SSH client using the shell root user credentials.

(67)

7. In the Completing the System Configuration screen, when configuration is completed, select Next (Tab, ALT-N, or F10), as shown inFigure 30 on page 67. The host completes the OS configuration and then reboots. The ESRS Web UI runs, as shown inFigure 31 on page 68. This completes the first boot installation. You can now go to the ESRS Web UI.

(68)

68 EMC Secure Remote Services Installation and Operations Guide Figure 35 Configuration verification

Note:The failed services shown in red are expected at this time as some of the services have not been configured. This issue is addressed in the next section.

Note:The IP address of the ESRS should display in the ESRS VE webui is

running at https://<ESRSve-ip>:9443field. If it displays anything different, then the network setup is not correct. This can be addressed by logging on to the ESRS shell and using YaST2 to correct the network configuration. See Appendix B for details.

Note:It is recommended that before you launch the WEB UI portion of the ESRS install, you log on to the shell and verify the network, DNS, and default gateway configurations and connectivity. You can use the CECT to perform these tests. If there are issues with the configuration, then use YaST2 to correct them. See Appendix B for details.

(69)

Root logon and Admin setup 69

Root logon and Admin setup

The root logon and Admin setup described in this section are only a one-time setup, which is performed after a successful first boot configuration.

To initially log on to the ESRS Web UI after a first boot:

1. Access the ESRS Web UI using the following URL, either in Internet Explorer 9 (IE9) or later, Google Chrome, or Mozilla Firefoxweb browsers:

https://<ESRSve-ip>:9443/

The Root Login page appears.

Note:The Root Login page, as shown inFigure 32 on page 69, only appears the first time you log on to ESRS, after a successful first boot configuration.

2. In the User Name text box, enter root as the user name, as shown inFigure 32 on page 69.

(70)

3. In the Password text box, enter the root password that you set during the first boot installation.

IMPORTANT

!

If you forget your root password, not your Admin password, then you must perform the first boot installation again to set up a new root password. The system can not retrieve your root password. To reset your ESRS Virtual Edition Web UI Admin password using the Web UI, see the“Troubleshooting”section for resetting the ESRS Web UI user password.

4. Click Login. The EULA license agreement page appears. 5. Scroll down to read the agreement in its entirety. Accept the

end-user license agreement by selecting the Accept option, as shown inFigure 33 on page 70.

Note:You will not be able to select the Accept or Do not Accept radio button unless you scroll to the bottom of the page.

Figure 37 EULA page

6. After accepting the agreement, click Submit. The Admin setup page appears. Note that the first time you log on to the user interface, the system prompts you to set the Admin password.

(71)

Root logon and Admin setup 71

7. In the Admin setup page, set the Admin password, and then click Login as admin, as shown inFigure 34 on page 72. Note the following:

• There is no default password for the Admin user, therefore, you need to manually set the password when prompted. • If the Admin password is not changed within 15 minutes, then

you will be logged out and will have to start from the beginning by logging on with your root credentials. • The password must meet the following requirements:

– Be 8 or more characters in length, with a maximum of 16 characters.

– Contain at least one numeric character.

– Contain at least one uppercase and one lowercase character.

– Contain at least one special character such as ‘ ~ ! @ # $ % ^ & * ( ) - _ = + [ ] { } ; < >

– Be a password that does not match the previous password. – Do not use special characters ‘ (single quote) and “ (double

quotes) as part of the password. – Do not use special characters / ? : , . |\

– May not be a password that matches the previous password.

• If all of the password requirements are met, then after clicking the Login as admin button, you will be logged out as root and logged in as Admin with ESRS Admin rights.

(72)

72 EMC Secure Remote Services Installation and Operations Guide Figure 38 Admin account setup

IMPORTANT

!

If you lose or forget your Admin password for the ESRS Web user interface (or the user name defined during the first boot

configuration), then see the“Troubleshooting”section for resetting the ESRS Web UI user password. This requires access to the ESRS Shell with an SSH client.

8. Go to the“Provisioning screens/ESRS setup” on page 73, and follow the steps listed.

(73)

Provisioning screens/ESRS setup 73

Provisioning screens/ESRS setup

Registration To register for ESRS:

1. In the Primary Contact page, enter the primary contact information, as shown inFigure 35 on page 73. EMC uses the information provided in this section as the customer contact for ESRS. EMC will reach the primary contact first regarding any ESRS Virtual Edition queries.

IMPORTANT

!

This information is required to proceed with the ESRS

configuration. Ensure that this information is accurate as it may have a direct impact on the ESRS support.

(74)

2. When the primary contact information is completed, click the Submit & Go to Technical Registrationbutton. A status message displays stating that the primary contact has been saved. This contact information will be used by EMC in the event of any connectivity issues with ESRS.

3. In the status message window, click OK, as shown inFigure 36 on page 74. The message closes and the Technical Contact page appears.

(75)

Provisioning screens/ESRS setup 75

4. In the Technical Contact page, as shown inFigure 37 on page 75, enter the additional contact information. For any ESRS Virtual Edition queries, if the primary contact is not available, then EMC uses the technical contact information.

Figure 41 Technical Contact page

You can skip this step by clicking the Skip Technical contact button. The Provisioning tab displays with the Proxy Server, Network Check, and Provision sub tabs.

Note:Although this information is optional, EMC highly recommends that you provide it. This should be your secondary contact for ESRS. Ensure that this information is accurate as it may have a direct impact on ESRS support.

(76)

After you enter the technical contact information, click Submit & Go to Provisioning. A status message appears stating that the technical contact has been saved, as shown inFigure 38 on page 76. Click OK and the Provisioning tab appears with the Proxy Server, Network Check, and Provision sub tabs.