1

ESRS - EMC Secure Remote Support ( Dial-IN & Dial-Home)

Sunil Joshi

2

What is ESRS ?

> ESRS provides a secure, high-speed, 24 X 7 remote support to the EMC storage infrastructure (i.e. VMAX and VNXe) and it is used to proactively identify and resolves potential storage issues before they impact operations .

> The EMC Secure Remote Support (ESRS) provides a secure IP-based distributed remote service support solution with Dial-Home and Dial-IN facility

,,

3

ESRS Customer site components

> ESRS Client software residing on two dedicated ESRS gateway servers for high availability.

> ◆ESRS Policy Manager software residing on a Policy Manager Server.

> Messaging SMTP Server for Dial-Home to send the email notification to EMC in case of any failure.

IN our case all above server are located in France (Cesson)

4

ESRS Access and Security

> Only EMC person has access to ESRS gateway and policy servers All notifications are outbound (to EMC) and are encrypted with 256 AES

> Communications are authenticated on both sides using RSA certification. EMC Dial-IN to storage via gateway server.

> Only EMC support persons with the appropriate digital certificates can view notifications Authorization.

5

Detail of firewall  flow open for VMAX Service processor to ESRS gateway serverService Processor: atl-ms-vsp001-4548-ATL - 172.16.64.40 fra-ms-vsp001-3509-FRA - 172.16.32.40 sin-ms-vsp001-3415-SIN  -  172.16.96.40 ESRS Gateway Server:Host translated IP real IP addressh-uhp-esrsgw1 212.234.184.193 10.190.2.1h-uhp-esrsgw2 212.234.184.194 10.190.2.2

Port open from ESRS:s-tcp-1300 s-tcp-1400 s-tcp-23003 s-tcp-23004 s-tcp-23005 s-tcp-4444 s-tcp-5414 s-tcp-5555 s-tcp-7000 s-tcp-9519 Port open to ESRS: https smtp ftp

6

OBS ESRS communication Flow

7

Dial Home consideration for failed disk> EMC Article Number:000084438Starting at Enginuity 5773.176.124 and 5875.249.188, physical drives

that are failing or have failed and have been automatically Permanently Spared will now dispatch the Service Request only after the new physical location has completely synchronized its data. A Service Request will generate from the array when a drive is found failing or failed, and this initial Service Request will be automatically cancelled. (The initial Service Request is created for tracking/informational purposes only). After the new physical location has completely synchronized, a second additional Service Request will be generated by the array, and this second Service Request will be dispatched for replacement.

The first SR will be created when Permanent Sparing is invoked and is informational only.  The dial-home text will contain the following line: "RMAFileType = Initial."  This SR will be cancelled automatically by SYR and will NOT be dispatched.  After Permanent Sparing has completed the synchronization to the new location, the array will call home with a second SR. . This second SR will be dispatched  The second SR will contain the same RMA information, but will not contain the "RMAFileType = Initial" line.

8

Thanks