Configuring EMC Secure Remote Services support

You can configure support for EMC Secure Remote Services ( ESRS) on the Isilon cluster. ESRS is now configured for the entire cluster with a single registration, as opposed to one node at a time as in previous versions of OneFS.

Before configuring ESRS on OneFS, at least one ESRS Virtual Edition Gateway server (ESRS v3 server) must be installed and configured. The ESRS v3 server acts as the single point of entry and exit for remote support activities and monitoring notifications. If required, set up a secondary ESRS v3 server as a fail over.

ESRS does not support IPv6 communications. To support ESRS transmissions and remote connections, at least one subnet on the Isilon cluster must be configured for IPv4 addresses. All nodes to be managed by ESRS must have at least one network interface that is a member of an IPv4 address pool.

When you enable support for ESRS on a cluster, you can optionally create rules for remote support connections to the Isilon cluster with the ESRS Policy Manager. The Policy Manager set up is separate from the ESRS v3 system.

Details on the Policy Manager are available in the most current EMC Secure Remote Services Installation Guide.

The following table lists the features and enhancements available with ESRS for OneFS 8.1 and later.

Table 1. ESRS features and enhancements
ESRS consolidates access points for technical support by providing a uniform, standards-based architecture for remote access across EMC product lines. The benefits include reduced costs through the elimination of modems and phone lines, controlled authorization of access for remote services events, and consolidated logging of remote access for audit review.
Enhanced security
  • Comprehensive digital security — ESRS security includes Transport Layer Security (TLS) data encryption, TLS v1.2 tunneling with Advanced Encryption Standard (AES) 256-bit data encryption SHA-2, entity authentication (private digital certificates), and remote access user authentication verified through EMC network security.
  • Authorization controls — Policy controls enable customized authorization to accept, deny, or require dynamic approval for connections to your EMC device infrastructure at the support application and device level, with the use of Policy Manager.
  • Secure remote access session tunnels — ESRS establishes remote sessions using secure IP and application port assignment between source and target endpoints.
Licensing Usage Data Transfer
ESRS v3 supports the transfer of licensing usage data to EMC, from EMC Products. Such products must be managed by ESRS v3, and be enabled for Usage Intelligence to send usage data. EMC processes usage data and provides Usage Intelligence reports, visible to customers and EMC, to better track product usage, and manage compliance.
Automatic Software Updates (gateway software)
ESRS v3 automatically checks for EMC ESRS VE gateway software updates, and notifies users via email as they become available. In addition, the ESRS v3 Web UI Dashboard displays the latest available updates when it becomes available. Users can apply updates as they choose from the ESRS v3 Web UI.
Managed File Transfer (MFT)
MFT is a bidirectional file transfer mechanism that is provided as part of ESRS v3. You can use MFT to send or receive large files, such as log files, microcode, firmware, scripts, or large installation files between the product and EMC. A distribution "locker" is used for bi-direction file staging.