Upload
others
View
88
Download
1
Embed Size (px)
Citation preview
How to Enable Secure Remote
Service (SRS) on Connectrix B-Series
Directors and Switches
DELL EMC Connectrix B-Series INTERNAL ONLY
Abstract
This document is for Connectrix B-Series Technical
Support to use when helping customers configure
Secure Remote Services (SRS) on brocade B- Series
directors and switches. It also contains instructions on
how Connectrix Technical Support uses ServiceLink to
remotely connect to a customer’s switch.
April 2018
How to Enable Secure Remote Service (SRS) on Connectrix B-Series Directors and Switches
Publication History
Date
Description
Owner April 09, 2018 Initial publication Nirupam Joarder
Copyright © 2018 DELL EMC Corporation. All Rights Reserved. DELL EMC believes
the information in this publication is accurate as of its publication date. The
information is subject to change without notice.
The information in this publication is provided “as is.” DELL EMC makes no
representations or warranties of any kind with respect to the information in this
publication, and specifically disclaims implied warranties of merchantability or
fitness for a particular purpose.
Use, copying, and distribution of any DELL EMC software described
in this publication requires an applicable software license.
For the most up-to-date listing of DELL EMC product names, see DELL EMC Trademarks
on EMC.com.
VMware is a registered trademarks or trademarks of VMware, Inc. in the
United States and/or other jurisdictions. All other trademarks used herein are
the property of their respective owners.
How to Enable Secure Remote Service (SRS) on Connectrix B-Series Directors and Switches
Table of Contents
About Secure Remote Service ..................................................................................... 4
Expectations ................................................................................................................... 5
Infrastructure and environmental requirements ......................................................... 5
Remote connection prerequisites ................................................................................ 6
Procedures ..................................................................................................................... 7
SRS configuration on Brocade directors and switches ........................................................ 7
Enable SRS ConnectHome on the Brocade switches .......................................................... 7
Verification ................................................................................................................... 10
Verify that switch is added successfully and is managed in the ESRS VE………………...11
Verify that switch receives a test event ................................................................................... 10
Configuring Inventory Report Interval ...................................................................................... 12
Verify that the switch sends the InventoryReport using Managed File Transfer (mft-
put)……………………………………………………………………………………………………..12
Verify that the switch sends the SupportSave files using Managed File Transfer (mft-put) for critical
events………………………………………………………………………………………………….12
Obtain the remotesuppport user password ......................................................................... 12
Verify that the switch is visible in ServiceLink ........................................................................ 13
SRSv3 Remote Access .............................................................................................................. 14
Verify remote access using CLIviaSSH ................................................................................... 18
Disable SRS support ................................................................................................................... 18
Known Issues and Limitations ..................................................................................... 18
SRS Resources .............................................................................................................. 18
How to Enable Secure Remote Service (SRS) on Connectrix B-Series Directors and Switches
About Secure Remote Service
DELL EMC Secure Remote Support (SRS) is a secure, IP-based customer service
support system. SRS features include 24x7 remote monitoring of DELL EMC products
and secure authentication with AES 256-bit encryption and RSA digital certificates.
SRS is supported on Connectrix B-Series Directors and Switches that run FOS 8.2.0a
and later.
The Gateway solution's application architecture consists of a secure, asynchronous
messaging system designed to support the functions of secure encrypted file transfer,
monitoring of device status, and remote execution of diagnostic activities. This
distributed solution is designed to provide a scalable, fault-tolerant, and minimally
intrusive extension to the customer’s system support environment. The Gateway
Software needs to be implemented within the customer’s environment through DELL
EMC Global Services.
Access to customer switch is provided by the ServiceLink application. ServiceLink is
the graphical user interface component of the SRS-IP Solution. ServiceLink can be
used to search for devices, check for connectivity status, and create remote access
sessions to switches.
SRS functions include:
• Sending alerts regarding the health of the switch.
• Enabling support personnel to gather switch information and
transfer files from Switch to SRS backend using mft-put.
• Enabling switch to send InventoryReport over SRS.
• Enabling switch to send supportshow files for every critical
callhome over SRS.
How to Enable Secure Remote Service (SRS) on Connectrix B-Series Directors and Switches
• Allowing support personnel to establish remote access to troubleshoot B-
series switches.
Note: The preferred and secure method for sending alerts is through SRS.
CMCNE Call Home process is also supported by DELL EMC.
Note: For SRS deployment, you must use an SRS VE gateway.
How to Enable Secure Remote Service (SRS) on Connectrix B-Series Directors and Switches
Expectations
When set up correctly, SRS will:
• Allow remote access to the command-line interface by using the
remotesupport account.
• Create a Services Request (SR) in the Customer Replaceable Unit (CRU)
Queue when a device failure occurs. The SR contains the Switch serial
number and the problem details.
• Automatically provision new switches into the SRS gateways and
automatically approve the switches in ServiceLink.
• List decommissioned switches as “Missing” in ServiceLink and the SRS
gateway within 4 hours.
Infrastructure and environmental requirements
The following are the infrastructure and environmental requirements for SRS v3 Virtual
Edition (VE).
• VMware ESX Server 5.x or later or a Windows Hyper-V environment
• An IP network with Internet connectivity
• Capability to add SRS VE servers and Policy Manager (PM) servers to your
network
• Network connectivity between the SRS VE servers and DELL EMC devices
to be managed by SRS
• Network connectivity between SRS VE(s) and Policy Manager (PM) if a PM is
being used
How to Enable Secure Remote Service (SRS) on Connectrix B-Series Directors and Switches
• Internet connectivity to DELL EMC ’s SRS infrastructure by using outbound ports
443 and 8443
How to Enable Secure Remote Service (SRS) on Connectrix B-Series Directors and Switches
Remote connection prerequisites
The following prerequisites need to be met before you can remotely connect to a
customer’s switch by using ServiceLink.
• At least one SRS V3 gateway server must be installed and configured in
the customer’s environment.
• See the SRS documentation for your version of SRS on the DELL EMC
Online Support site, including:
Secure Remote Support Site Planning Guide: describes gateway server
requirements, installation, and configuration
Secure Remote Services Installation and Operations Guide: describes the
SRS Configuration Tool
Secure Remote Services Policy Manager Operations Guide:
describes the SRS Policy Manager
Secure Remote Support Technical Description
Secure remote Support Release Notes
Secure Remote Support Port Requirements
• Switches must be visible in the Install Base.
• PuTTY or similar terminal application installed on your workstation.
• RSA SecureID log in credentials to access ServiceLink.
• Web clients:
SRS v3: Internet Explorer 9 or later, Google Chrome
How to Enable Secure Remote service (SRS) on Connectrix MDS-Series Directors and Switches
Pre-requisite
Refer to KB KBA517598 How to Verify Pre-Requisites for successful REST API deployment (Device
ESRS deployment and ESRSv3 Installation)
• Customer online support account (support.emc.com) is a full account and active
• Customer account is associated to the site ID of the device Serial number (asset)
• Port 9443 must be open from the device to the ESRSv3 System
• Site id of device added to ESRSv3 system
• ESRSv3 system should be at minimum version 3.12
Procedures
SRS configuration on Brocade directors and switches
• Login to the switch CLI using telnet or SSH.
• Make sure the SRS VE is installed and is reachable. Keep the IP of the SRS VE gateway
and serial # of the Connectrix B-Series switch that needs to be added handy.
• Execute command “firmwareshow” to make sure the switch is running on FOS
v8.2.0a or later.
• Execute command “esrsconfig --config -serverip <SRS_server_ip> -port 9443 -
model SWITCH-BROCADE-B-GW -serial <serial-CLI>”. An example is as below:
sw0:FID128:root> esrsconfig --config -serverip 10.17.37.127 -port 9443 -model SWITCH-
BROCADE-B-GW -serial CWA2501L006-CLI
Note: ED-DCX6-4B switch model will be “CONNECTRIX-GW”. All other Brocade switch Models
How to Enable Secure Remote service (SRS) on Connectrix MDS-Series Directors and Switches
will be “SWITCH-BROCADE-B-GW”. However, sometimes it needs to be verified in the IB if the
model does not matches with the install base.
• Execute command “esrsconfig --show” to make sure the settings are saved. Output
will be as below:
sw0:FID128:root> esrsconfig --show
SRS SERVER AND PRODUCT CONFIGURATION
=======================================
SRS Server IP: 10.17.37.127
SRS Server Port: 9443
Product Serial Number: CWA2501L006-CLI
Product Model Number: SWITCH-BROCADE-B-GW
Status: Device is Not Managed by SRS
Enable SRS ConnectHome on the Brocade switches
• Execute command “esrsconfig --add -user <DELL EMC_username> -password <DELL
EMC_password>” to get the switch managed by the SRS VE and callhome to get enabled on the switch.
Example command is as below:
sw0:FID128:root>esrsconfig --add -user [email protected] -password Password1
Request Approved
• Execute command “esrsconfig --show” to make sure the device is managed by SRS.
Output of the command will be as below:
sw0:FID128:root> esrsconfig --show
SRS SERVER AND PRODUCT CONFIGURATION
How to Enable Secure Remote service (SRS) on Connectrix MDS-Series Directors and Switches
=======================================
SRS Server IP: 10.17.37.127
SRS Server Port: 9443
Product Serial Number: CWA2501L006-CLI
Product Model Number: SWITCH-BROCADE-B-GW
Status: Device is Managed by SRS
Note: If the device is not managed by SRS VE, check if the VE is reachable or not. Also
make sure you have provided a valid DELL EMC username and password that is used for
support.emc.com site.
Verification
After SRS has been enabled on the switch, perform the following verification steps to
ensure that the switch can successfully communicate with the SRS gateway, that log
files are successfully uploaded to SRS and that the remotesupport user can log in to
the command-line interface.
Verify that switch is added successfully and is managed in the ESRS VE
1. After you have performed the above steps, login to your ESRS VE WebUI
interface with admin account.
2. Go to path Dashboard >> Alerts. You will see the switch IP been there. Action will
be “Add Device” and the status will be “201”. 201 status confirms that the
device have been added successfully.
Note: If the device is not added successfully you will get “401” error. In case of
401 error, check the Customer Online support credentials that you are using to
add the switch while configuring the switch through CLI.
How to Enable Secure Remote service (SRS) on Connectrix MDS-Series Directors and Switches
3. On the ESRS VE WebUI, go to path Devices >> Managed Devices. You will be
able to see your device been added on successful addition of switch. The
Deployment status will be “Managed” and Device Status @ EMC will be
“Online”.
Note: Please allow a gap of ~15mins after you add the switch and see the status.
The ESRS backend takes some time to sync the status and update it at the
backend.
Verify that switch receives a test event
1. Open an SSH connection to the switch and log in using an account with
administrator privileges.
2. Execute command “esrsconfig --testcall” to make sure the device is able to send the
test callhome. You will get a success message after executing the command. Output
will be as below:
sw0:FID128:root> esrsconfig --testcall
CallHome test event sent successfully
1. Log on to CLM (Client Lifecycle Management) Dashboard using your RSA
SecureID log in and verify that the test event is logged:
https://clm.isus.DELL EMC.com/clm-dashboard/dashboard/index.jsp
How to Enable Secure Remote service (SRS) on Connectrix MDS-Series Directors and Switches
The CLM login screen appears, similar to the following.
3. Enter the serial number in the Search CLM field. For example:
How to Enable Secure Remote service (SRS) on Connectrix MDS-Series Directors and Switches
4. Review the call home event for your test event. Scroll to the right to view
How to Enable Secure Remote service (SRS) on Connectrix MDS-Series Directors and Switches
event details. For example:
Configuring Inventory Report Interval
1. Execute command “esrsconfig --setinterval <days>” to configure the interval of
days you want the inventory report to be sent. By default it will be 15 days.
However, you can change the interval within range 1-30. Example command to
set interval to 2 days is as below:
sw0:FID128:root> esrsconfig --setinterval 2
Inventory report interval is updated to 2 days.
Verify that the switch sends the InventoryReport using Managed File Transfer (mft-put) 1. Open an SSH connection on the switch and log in using a user account
with Administrator privileges.
2. Execute command “esrsconfig --setinterval 1” to set the interval to 1 day
so that switch sends the Inventory Report the next day.
3. The next day login to the mft portal https://SRSportal.cfcp.isus.DELL
EMC.com/#/search in the DELL EMC network and search for the serial # of
the switch. The Inventory Report file will be available with name as format
“<Serial # of switch>_<time/date stamp>_PRODUCTINFO.xml”.
4. Change the interval back as desired by customer.
How to Enable Secure Remote service (SRS) on Connectrix MDS-Series Directors and Switches
Verify that the switch sends the SupportSave files using Managed File Transfer (mft-put)
for critical events 1. Open an SSH connection on the switch and log in using root account.
2. Execute command “ps -eaf| grep snmp” to find the process id of a snmpd
deamon. Output will be as below:
sw0:FID128:root> ps -eaf| grep snmp
root 11800 1294 0 Feb19 ? 00:00:15 snmpd -S fcsw
root 780 2600 0 05:26 ttyS0 00:00:00 grep snmp
sw0:FID128:root>
3. Execute command “kill -9 <process id>” to kill the snmpd deamon.
4. Execute command “errdump” to verify that the event is occurred as
below:
2018/02/21-06:44:40, [KSWD-1002], 24, FFDC | CHASSIS, WARNING, DS-
6620B2, Detected termination of process snmpd:27339.
5. Log on to CLM (Client Lifecycle Management) Dashboard and verify that
the event is logged.
6. Log on to the mft portal and search for the serial # of the switch. The
supportsave file will be available under section “OnDemand Files From
Product” with name format as “SRS_SUPPORTSAVE_time/date
stamp.tar.gz”.
Obtain the remote support user password
Obtain the remote support user account and password from the
customer remote support Engineer.
Verify that the switch is visible in ServiceLink
How to Enable Secure Remote service (SRS) on Connectrix MDS-Series Directors and Switches
2. Log on to https://SRS3.DELL EMC.com/searchdevice/search using your RSA
SecureID log in.
3. In the Browse for assets section, enter the switch serial number.
4. Click search.
How to Enable Secure Remote service (SRS) on Connectrix MDS-Series Directors and Switches
The search checks both https://SRS.DELL EMC.com and https://SRS3.DELL EMC.com
for the serial number. Gateways installed since the beginning of 2016 are in
https://SRS3.DELL EMC.com, which replaces https://SRS.DELL EMC.com.
If the device is not configured in SRS, the following response appears: Device
is not present. Please modify your search.
SRSv3 Remote Access
This section describes how to access the switches remotely using SRSv3.
Note: Terminal emulator (for example putty) must already be installed on workstation to access
remotely via ssh.
1. Navigate to https://SRS3.DELL EMC.com.
2. Enter the switch serial number in the Asset field, and then select Search, similar
to the following illustration.
How to Enable Secure Remote service (SRS) on Connectrix MDS-Series Directors and Switches
3. Select the serial number in the search results, similar to the following illustration.
4. Select CLIviaSSH available on the right hand side of the page, as shown in the following
illustration.
5. Enter a comment, then select Start Session, as shown in the following illustration .
R mot 10n:Ent r pt10o - Int md Explo r _
Enter •bner desCf'C)bon ror the remote SUS Gn.
v
Can011 I
6. After you establish a session, log in to the switch.
Verify remote access using CLIviaSSH
Use your existing SSH session to perform the following tasks.
1. At the login prompt, type remotesupport username.
2. At the Password prompt, type the password.
3. At the prompt, execute the commands to verify you are getting
the correct outputs as result.
4. Type CTRL+D to close the PuTTY application and end the remotesupport
session.
5. In the Remote Session Applet window, click the X icon to
terminate the application.
6. Close the Remote Session Applet window.
7. Close the ServiceLink window.
Disable SRS support
To disable SRS on the switch, Execute command “esrsconfig --delete”. Sample output will be
as below:
sw0:FID128:root> esrsconfig --delete
Request Approved
Known Issues and Limitations
• Supportsave files needs to be manually tagged to the serial # of the switch for
critical dialhomes.
• Accessing ServiceLink from Mac OS browsers is not supported.
• Inventory Report and SupportSave files are not been sent to CLM in FOS v8.2.0a. It will
be supported from next release.
• Keepalive 2.0 is not supported.
SRS Resources
• SRS Secure Remote Services,
https://support.DELL EMC.com/products/31755_Secure-Remote-Support
• Secure Remote service Forum,
https://community.DELL
EMC.com/community/suppo rt/SRS
How to Enable DELL EMC Secure Remote Services
(SRS) on Connectrix MDS-Series Directors and
Switches