ESRS Gateway Client - single point of entry and exit for all IP-based remote support and most EMC call home notifications.
ESRS Policy Manager - control remote access to the devices and maintain the audit log. This server is designed to be inaccessible to all third parties, including EMC.
Gateway Client and Policy Manger can be HA or even in one single server.
Topology one:
Policy Manager(DMZ) connect with gateway client
Gateway connect with production devices, inbound https(443), passive ftp(21), smtp(25); outbound 443/8443(to EMC), 8090/9443 SSL(to Policy Manager)
Topology two:
Gateway(DMZ), outbound 443/8443
Policy Manger in production network.
The ESRS IP Configuration Tool is used to establish the relationship between policy manager and gateway client. The two are not automatically linked. Customer Environment Check Tool (CECT) can run and test both gateway and policy manager server.
Server Requirement:
1. Gateway Client
Hardware:
Processor — One or more processors, minimum 2.2 GHz, must support SSE2 instruction set (required for FIPS compliance)
Free Memory — Minimum 1 GB of RAM, preferred 2 GB of RAM
Comm — Minimum single 10/100 Ethernet adapter (may require dual 10/100 Ethernet depending on customer network configuration and environment), preferred Gigabit Ethernet adapters, optional additional NIC for data backups
Free Disk Space — Minimum 1GB available for installation (preferably on a storage device of 40 GB or larger for operation)
Software:
Operating system — One of the following (US English only supported):
• Windows Server 2003 R1 or R2, 5.2, 32-bit, SP 1 or 2
• Windows Server 2003 R2, 5.2, 64-bit, SP 1 or 2
• Windows Server 2008, 6.0, 32-bit or 64-bit, IIS 7.0 (R1 only), SP 1 or 2.
NOTE: Windows Server 2008 R2 is not supported.
Microsoft .NET Framework Version 2.0 with SP1 or greater. NOTE: .NET Framework 3.5 and 4.0 are not compatible at this time.
Microsoft Visual C++ 2005 SP1 Runtime Library installed
Microsoft Internet Information Services (IIS) installed on system drive
IIS FTP and SMTP services enabled and configured
EMC OnAlert™ and ESRSConfig user accounts created and configured
Remote Desktop installed
Note: IIS startup type-manual; State-Started.
FTP: Description: ESRS Gateway FTP Site; IP Address: Local IP; Port:: 21
Security Accounts: No (Unchecked)
Home Directory: \EMC\ESRS\Gateway\work\ftproot (Read, Write, Log visists, User Isolation)
SMTP: Description: ESRS Gateway SMTP Site; Domain: emc.com; directory: \EMC\ESRS\Gateway\work\mailroot\Drop
User:
1) username: OnAlert; password: EMCCONNECT; User must change password at next logon: No; Pasword never expores: Yes
2) username: ESRSConfig; password: esrsconfig; User must change password at next logon: No; Pasword never expores: Yes
Port:
outbound
443/8443(https to emc and policy manager);8090(http to policy manager);
inbount
443(https);21(ftp);5400-5413(IIS);25(SMTP);
2. Policy Manager
Harware:
Processor — One or more processors, each 2.1 GHz or better
memory — Minimum 2 GB RAM, preferred 3 GB RAM
Comm — Minimum single 10/100 Ethernet adapter (may require dual 10/100 Ethernet adapters depending on customer network configuration and environment), preferred one Gigabit Ethernet adapter, optional additional NIC for data backups
Free Disk Space — Minimum 2 GB available (preferably on a storage device of 80 GB or larger)
Software:
Operating system — One of the following: (US English only supported)
• Windows XP, SP2 or later
• Windows Server 2003
• Windows Vista
• Windows Server 2008, 6.0, 32-bit or 64-bit (R1 only), SP1 or 2, NOTE: Windows Server 2008 R2 is not supported
Microsoft .NET Framework Version 2.0 with SP1 or greater is required if you are using the Customer Environment Check Tool (CECT) to validate that the PM server is setup correctly to install the PM software.
NOTE: .NET Framework 3.5 and 4.0 are not compatible at this time.
Microsoft Windows Task Scheduler running and unrestricted
Remote Desktop installed
Port:
Outbound:
25(smtp);
Inbound:
8090(http);8443(https)
Port requrirement for device managed by Gateway client
Brocade-B 22,23(inbound)
Symmetrix - outbound: https,ftp,stmp to Gateway; inbound: 9519,5414,1300,1400,4444,5555,7000,23003,23004,23005 from Gateway.
Things to know:
- When a alert occurs, storage system generates an event message file and passes it to ConnectEMC services to format the files.
- ConnectEMC then uploads file to Gateway by https,ftp or smtp. Gateway compresses the file, open ssl tunnel to EMC and transfer.
- Gateway polling every 2 minutes from policy manager to inquire new policy. Between them, use cache.
- Gateway sends hearbeat to EMC every 30 seconds to inform the connectivity between gateway and devices. EMC monitors the heartbeat and may tirgger service requests if something wrong.
- Gateway inquiry device every 60 minutes to see if device is responseding.
- Gateway in a High Availability configurations are active peers. There is no direct communications between the Gateway clients within the cluster. In HA environment, the policy manager cannot co-located on a Gateway server. Gateway servers synchronized by EMC
- enterprise server duing polling cycles.To implement a High Availability Gateway Cluster configuration, your EMC Global Services professional will create the cluster relationship from the Device Management utility that is part of the EMC enterprise.
- Gateway Extract utility(GWExt) comes with gateway installer can collect serial number,product tyep, IP and transport it to Gateway client. It can also transfer the file to EMC via Gateway.
- * Gateway installation will invole digital certificates install(only by emc). Certificate cannot be copied and used on another machine. That's why EMC will perform the software upgrade of Gateway.
- The remote connections are initiated by an EMC Global Services request and through a pull connection by the ESRS. EMC never initiates a connection to your ESRS IP Client or network.
- Customer Environment Check Tool (CECT) in on ESRS IP Solution CD. To verify server meet all the configuration. Also test connectivity from Gateway to storage. It should run before install Gateway software.
- ESRS IP Configuration Tool configure gateway to use policy manager,view active remote support sessions,logs,managed devices etc. Tool will be automatically install when you install Gateway using Provisioning Tool.
- Change the login Banner of policy manager at C:\EMC\ESRS\Policy Manager\Tomcat5\webapps\applications\apm\templates; to login: http://policymanagerip:8090 or https://policymanagerip:8443
- Policy Manager will automatically backup its database by windows task scheduler under \EMC\ESRS\Policy Manager\hsqldb. Only 31 backups(0-30)
No comments:
Post a Comment