EMC VNX unified Storage ESRS call-home configuration

Advertisements

EMC VNX UNIFIED STORAGE ESRS CALL-HOME CONFIGURATION

How to configure ESRS on Dell EMC VNX Unified Storage and send alert using dial-Home to proactive team of DELL EMC and storage admin.

Secure Remote Services (aka ESRS) is an effective, scalable and secure remote support between Dell EMC Products. It is a cost-effective, secure and redundant communication link between enterprise-class Dell EMC systems and Dell EMC customer support. It is fully automated and provides flexible, fast access for enterprise-class systems of any size to remote service providers. The remote support process uses a common business logic that provides flexible solutions for various business requirements. It also reduces the overall cost of ownership.

An EMS solution from a third party vendor such as Dell enables system integration with existing Dell hardware such as the Dell Blade servers, Dell Equalizers and Dell Rack servers. It also provides the ability to utilize existing Dell OEM software. This allows the system owner to seamlessly integrate the Dell EMC with their Dell EMC. It also offers support for any type of Dell enterprise system, including: IBM Workstation (excluding clones); Dell Compaq laptop computers; Dell laptops including the Latitude, Optiamino, Ebook and Venue models; Dell server platforms such as Dell rack servers and Dell Data Server. In addition, it supports any type of digital or non-digital software and device management, including CD ROM/writers, flash cards, USB hard drives, LCD displays and monitors.

As an open standard, the Secure Remote Service enables vendors to offer extended functionality through a compact set of user interfaces. With over twenty different policy types and seven levels of access control, an ESM provider can grant or deny access to critical applications and resources to any given client, according to their own policies. A variety of security measures, such as encryption, can be applied on an individual level or across the network.

The company that implements the ESRS program is known as an ESRS Gateway. The primary role of the ESRS Gateway is to act as an intermediary between an organization’s unique IT infrastructure and the external world. The ESRS Gateway then allows organizations to connect to the external world using their existing enterprise software stack, while maintaining network standards compliance. Some of the primary advantages of integrating the ESRS system with the organization’s existing IT systems are as follows: it simplifies the organization’s IT work by removing the need for an in-house IT professional to manage it; it lowers costs by eliminating the need for specialized personnel who may not be versed in the inner workings of an ESRS system.

One of the primary security concerns organizations have with implementing ESRs is the possibility that the system will be exploited by outside parties. An ESRS implementation is considered safe when the application server, the database server, and the application service provider each have robust authentication methods. However, if one or more of these layers are compromised, an ESRS attack could be possible. To combat this potential problem, a ESRS gateway is required to protect all three layers of the system:

The primary disadvantage of the ESRS implementation is the fact that it does not provide any type of integrity protection to the data or the applications on the ESRS gateway client configuration. This means that an ESRS vulnerability can easily be exploited by attackers who have physical access to the organization’s internal network. To remedy this problem, organizations are required to implement measures such as patch management, application security, and the use of firewall solutions in order to provide true e-restriction. If an ESRS vendor cannot guarantee this, then the ESRS technology should be banned from use within the organization.

If it is a VNX Unified control station will function as the component to generate
call home messages.

Do not configure e-mail home alerts from SPs on this type of system as it will
cause duplicate call-home alerts

Call home configuration

  1. Open putty to primary control station
  2. List all call-home configuratio of SPA
/nas/sbin/navicli -h SPA
eventmonitor -monitor -listmapping -system "IP of SPA"

3.List all call-home configuratio of SPB

/nas/sbin/navicli -h SPA
eventmonitor -monitor -listmapping -system "IP of SPB"

4.Remove all the call-home templates

/nas/sbin/navicli -h SPA
eventmonitor -monitor -stoptemplate -system "IP of SPA"
/nas/sbin/navicli -h SPA
eventmonitor -monitor -stoptemplate -system "IP of SPB"

5.Verify the configuration of connect-home on contral station.

/nas/sbin/nas_connecthome -info

•/nas/sbin/nas_connecthome –m -https_priority 1 -https_url https://IP:443/incoming

•/nas/sbin/nas_connecthome –m -email_priority 2 -email_from connectemc@emc.com -email_to emailalert@emc.com -email_subject VNX-alerts -email_server ESRS IP

Commands to trigger test events and config data

/nas/sbin/nas_connecthome –t –https
/nas/sbin/nas_connecthome –t –email_1
/nas/sbin/arrayconfig –status
/nas/sbin/arrayconfig –start
/nas/sbin/arrayconfig –capture
/nas/sbin/arrayconfig -callhome

See also :-

DELLEMC Storage

DellEMC VNX ESRS

DellEMC VNX ESRS Manual

Leave a Reply