How to Enable EMC Secure Remote Support on Isilon Clusters · 2018. 4. 9. · How to Enable Secure Remote Service (SRS) on Connectrix B-Series Directors and Switches About Secure

How to Enable Secure Remote

Service (SRS) on Connectrix B-Series

Directors and Switches

DELL EMC Connectrix B-Series INTERNAL ONLY

Abstract

This document is for Connectrix B-Series Technical

Support to use when helping customers configure

Secure Remote Services (SRS) on brocade B- Series

directors and switches. It also contains instructions on

how Connectrix Technical Support uses ServiceLink to

remotely connect to a customer’s switch.

April 2018

How to Enable Secure Remote Service (SRS) on Connectrix B-Series Directors and Switches

Publication History

Date

Description

Owner April 09, 2018 Initial publication Nirupam Joarder

Copyright © 2018 DELL EMC Corporation. All Rights Reserved. DELL EMC believes

the information in this publication is accurate as of its publication date. The

information is subject to change without notice.

The information in this publication is provided “as is.” DELL EMC makes no

representations or warranties of any kind with respect to the information in this

publication, and specifically disclaims implied warranties of merchantability or

fitness for a particular purpose.

Use, copying, and distribution of any DELL EMC software described

in this publication requires an applicable software license.

For the most up-to-date listing of DELL EMC product names, see DELL EMC Trademarks

on EMC.com.

VMware is a registered trademarks or trademarks of VMware, Inc. in the

United States and/or other jurisdictions. All other trademarks used herein are

the property of their respective owners.


Table of Contents

About Secure Remote Service ..................................................................................... 4

Expectations ................................................................................................................... 5

Infrastructure and environmental requirements ......................................................... 5

Remote connection prerequisites ................................................................................ 6

Procedures ..................................................................................................................... 7

SRS configuration on Brocade directors and switches ........................................................ 7

Enable SRS ConnectHome on the Brocade switches .......................................................... 7

Verification ................................................................................................................... 10

Verify that switch is added successfully and is managed in the ESRS VE………………...11

Verify that switch receives a test event ................................................................................... 10

Configuring Inventory Report Interval ...................................................................................... 12

Verify that the switch sends the InventoryReport using Managed File Transfer (mft-

put)……………………………………………………………………………………………………..12

Verify that the switch sends the SupportSave files using Managed File Transfer (mft-put) for critical

events………………………………………………………………………………………………….12

Obtain the remotesuppport user password ......................................................................... 12

Verify that the switch is visible in ServiceLink ........................................................................ 13

SRSv3 Remote Access .............................................................................................................. 14

Verify remote access using CLIviaSSH ................................................................................... 18

Disable SRS support ................................................................................................................... 18

Known Issues and Limitations ..................................................................................... 18

SRS Resources .............................................................................................................. 18


About Secure Remote Service

DELL EMC Secure Remote Support (SRS) is a secure, IP-based customer service

support system. SRS features include 24x7 remote monitoring of DELL EMC products

and secure authentication with AES 256-bit encryption and RSA digital certificates.

SRS is supported on Connectrix B-Series Directors and Switches that run FOS 8.2.0a

and later.

The Gateway solution's application architecture consists of a secure, asynchronous

messaging system designed to support the functions of secure encrypted file transfer,

monitoring of device status, and remote execution of diagnostic activities. This

distributed solution is designed to provide a scalable, fault-tolerant, and minimally

intrusive extension to the customer’s system support environment. The Gateway

Software needs to be implemented within the customer’s environment through DELL

EMC Global Services.

Access to customer switch is provided by the ServiceLink application. ServiceLink is

the graphical user interface component of the SRS-IP Solution. ServiceLink can be

used to search for devices, check for connectivity status, and create remote access

sessions to switches.

SRS functions include:

• Sending alerts regarding the health of the switch.

• Enabling support personnel to gather switch information and

transfer files from Switch to SRS backend using mft-put.

• Enabling switch to send InventoryReport over SRS.

• Enabling switch to send supportshow files for every critical

callhome over SRS.


• Allowing support personnel to establish remote access to troubleshoot B-

series switches.

Note: The preferred and secure method for sending alerts is through SRS.

CMCNE Call Home process is also supported by DELL EMC.

Note: For SRS deployment, you must use an SRS VE gateway.


Expectations

When set up correctly, SRS will:

• Allow remote access to the command-line interface by using the

remotesupport account.

• Create a Services Request (SR) in the Customer Replaceable Unit (CRU)

Queue when a device failure occurs. The SR contains the Switch serial

number and the problem details.

• Automatically provision new switches into the SRS gateways and

automatically approve the switches in ServiceLink.

• List decommissioned switches as “Missing” in ServiceLink and the SRS

gateway within 4 hours.

Infrastructure and environmental requirements

The following are the infrastructure and environmental requirements for SRS v3 Virtual

Edition (VE).

• VMware ESX Server 5.x or later or a Windows Hyper-V environment

• An IP network with Internet connectivity

• Capability to add SRS VE servers and Policy Manager (PM) servers to your

network

• Network connectivity between the SRS VE servers and DELL EMC devices

to be managed by SRS

• Network connectivity between SRS VE(s) and Policy Manager (PM) if a PM is

being used


• Internet connectivity to DELL EMC ’s SRS infrastructure by using outbound ports

443 and 8443


Remote connection prerequisites

The following prerequisites need to be met before you can remotely connect to a

customer’s switch by using ServiceLink.

• At least one SRS V3 gateway server must be installed and configured in

the customer’s environment.

• See the SRS documentation for your version of SRS on the DELL EMC

Online Support site, including:

Secure Remote Support Site Planning Guide: describes gateway server

requirements, installation, and configuration

Secure Remote Services Installation and Operations Guide: describes the

SRS Configuration Tool

Secure Remote Services Policy Manager Operations Guide:

describes the SRS Policy Manager

Secure Remote Support Technical Description

Secure remote Support Release Notes

Secure Remote Support Port Requirements

• Switches must be visible in the Install Base.

• PuTTY or similar terminal application installed on your workstation.

• RSA SecureID log in credentials to access ServiceLink.

• Web clients:

SRS v3: Internet Explorer 9 or later, Google Chrome

https://support.emc.com/products/31755_EMC-Secure-Remote-Services/Documentation/?source=promotion

https://support.emc.com/products/31755_Secure-Remote-Support



How to Enable Secure Remote service (SRS) on Connectrix MDS-Series Directors and Switches

Pre-requisite

Refer to KB KBA517598 How to Verify Pre-Requisites for successful REST API deployment (Device

ESRS deployment and ESRSv3 Installation)

• Customer online support account (support.emc.com) is a full account and active

• Customer account is associated to the site ID of the device Serial number (asset)

• Port 9443 must be open from the device to the ESRSv3 System

• Site id of device added to ESRSv3 system

• ESRSv3 system should be at minimum version 3.12

Procedures

SRS configuration on Brocade directors and switches

• Login to the switch CLI using telnet or SSH.

• Make sure the SRS VE is installed and is reachable. Keep the IP of the SRS VE gateway

and serial # of the Connectrix B-Series switch that needs to be added handy.

• Execute command “firmwareshow” to make sure the switch is running on FOS

v8.2.0a or later.

• Execute command “esrsconfig --config -serverip <SRS_server_ip> -port 9443 -

model SWITCH-BROCADE-B-GW -serial <serial-CLI>”. An example is as below:

sw0:FID128:root> esrsconfig --config -serverip 10.17.37.127 -port 9443 -model SWITCH-

BROCADE-B-GW -serial CWA2501L006-CLI

Note: ED-DCX6-4B switch model will be “CONNECTRIX-GW”. All other Brocade switch Models


will be “SWITCH-BROCADE-B-GW”. However, sometimes it needs to be verified in the IB if the

model does not matches with the install base.

• Execute command “esrsconfig --show” to make sure the settings are saved. Output

will be as below:

sw0:FID128:root> esrsconfig --show

SRS SERVER AND PRODUCT CONFIGURATION

=======================================

SRS Server IP: 10.17.37.127

SRS Server Port: 9443

Product Serial Number: CWA2501L006-CLI

Product Model Number: SWITCH-BROCADE-B-GW

Status: Device is Not Managed by SRS

Enable SRS ConnectHome on the Brocade switches

• Execute command “esrsconfig --add -user <DELL EMC_username> -password <DELL

EMC_password>” to get the switch managed by the SRS VE and callhome to get enabled on the switch.

Example command is as below:

sw0:FID128:root>esrsconfig --add -user [email protected] -password Password1

Request Approved

• Execute command “esrsconfig --show” to make sure the device is managed by SRS.

Output of the command will be as below:

sw0:FID128:root> esrsconfig --show

SRS SERVER AND PRODUCT CONFIGURATION


=======================================

SRS Server IP: 10.17.37.127

SRS Server Port: 9443

Product Serial Number: CWA2501L006-CLI

Product Model Number: SWITCH-BROCADE-B-GW

Status: Device is Managed by SRS

Note: If the device is not managed by SRS VE, check if the VE is reachable or not. Also

make sure you have provided a valid DELL EMC username and password that is used for

support.emc.com site.

Verification

After SRS has been enabled on the switch, perform the following verification steps to

ensure that the switch can successfully communicate with the SRS gateway, that log

files are successfully uploaded to SRS and that the remotesupport user can log in to

the command-line interface.

Verify that switch is added successfully and is managed in the ESRS VE

1. After you have performed the above steps, login to your ESRS VE WebUI

interface with admin account.

2. Go to path Dashboard >> Alerts. You will see the switch IP been there. Action will

be “Add Device” and the status will be “201”. 201 status confirms that the

device have been added successfully.

Note: If the device is not added successfully you will get “401” error. In case of

401 error, check the Customer Online support credentials that you are using to

add the switch while configuring the switch through CLI.


3. On the ESRS VE WebUI, go to path Devices >> Managed Devices. You will be

able to see your device been added on successful addition of switch. The

Deployment status will be “Managed” and Device Status @ EMC will be

“Online”.

Note: Please allow a gap of ~15mins after you add the switch and see the status.

The ESRS backend takes some time to sync the status and update it at the

backend.

Verify that switch receives a test event

1. Open an SSH connection to the switch and log in using an account with

administrator privileges.

2. Execute command “esrsconfig --testcall” to make sure the device is able to send the

test callhome. You will get a success message after executing the command. Output

will be as below:

sw0:FID128:root> esrsconfig --testcall

CallHome test event sent successfully

1. Log on to CLM (Client Lifecycle Management) Dashboard using your RSA

SecureID log in and verify that the test event is logged:

https://clm.isus.DELL EMC.com/clm-dashboard/dashboard/index.jsp

https://clm.isus.emc.com/clm-dashboard/dashboard/index.jsp


The CLM login screen appears, similar to the following.

3. Enter the serial number in the Search CLM field. For example:


4. Review the call home event for your test event. Scroll to the right to view


event details. For example:

Configuring Inventory Report Interval

1. Execute command “esrsconfig --setinterval <days>” to configure the interval of

days you want the inventory report to be sent. By default it will be 15 days.

However, you can change the interval within range 1-30. Example command to

set interval to 2 days is as below:

sw0:FID128:root> esrsconfig --setinterval 2

Inventory report interval is updated to 2 days.

Verify that the switch sends the InventoryReport using Managed File Transfer (mft-put) 1. Open an SSH connection on the switch and log in using a user account

with Administrator privileges.

2. Execute command “esrsconfig --setinterval 1” to set the interval to 1 day

so that switch sends the Inventory Report the next day.

3. The next day login to the mft portal https://SRSportal.cfcp.isus.DELL

EMC.com/#/search in the DELL EMC network and search for the serial # of

the switch. The Inventory Report file will be available with name as format

“<Serial # of switch>_<time/date stamp>_PRODUCTINFO.xml”.

4. Change the interval back as desired by customer.

https://esrsportal.cfcp.isus.emc.com/#/search

https://esrsportal.cfcp.isus.emc.com/#/search


Verify that the switch sends the SupportSave files using Managed File Transfer (mft-put)

for critical events 1. Open an SSH connection on the switch and log in using root account.

2. Execute command “ps -eaf| grep snmp” to find the process id of a snmpd

deamon. Output will be as below:

sw0:FID128:root> ps -eaf| grep snmp

root 11800 1294 0 Feb19 ? 00:00:15 snmpd -S fcsw

root 780 2600 0 05:26 ttyS0 00:00:00 grep snmp

sw0:FID128:root>

3. Execute command “kill -9 <process id>” to kill the snmpd deamon.

4. Execute command “errdump” to verify that the event is occurred as

below:

2018/02/21-06:44:40, [KSWD-1002], 24, FFDC | CHASSIS, WARNING, DS-

6620B2, Detected termination of process snmpd:27339.

5. Log on to CLM (Client Lifecycle Management) Dashboard and verify that

the event is logged.

6. Log on to the mft portal and search for the serial # of the switch. The

supportsave file will be available under section “OnDemand Files From

Product” with name format as “SRS_SUPPORTSAVE_time/date

stamp.tar.gz”.

Obtain the remote support user password

Obtain the remote support user account and password from the

customer remote support Engineer.

Verify that the switch is visible in ServiceLink


2. Log on to https://SRS3.DELL EMC.com/searchdevice/search using your RSA

SecureID log in.

3. In the Browse for assets section, enter the switch serial number.

4. Click search.

https://esrs3.emc.com/searchdevice/search


The search checks both https://SRS.DELL EMC.com and https://SRS3.DELL EMC.com

for the serial number. Gateways installed since the beginning of 2016 are in

https://SRS3.DELL EMC.com, which replaces https://SRS.DELL EMC.com.

If the device is not configured in SRS, the following response appears: Device

is not present. Please modify your search.

SRSv3 Remote Access

This section describes how to access the switches remotely using SRSv3.

Note: Terminal emulator (for example putty) must already be installed on workstation to access

remotely via ssh.

1. Navigate to https://SRS3.DELL EMC.com.

2. Enter the switch serial number in the Asset field, and then select Search, similar

to the following illustration.

https://esrs.emc.com/

https://esrs3.emc.com/



https://esrs.emc.com/



3. Select the serial number in the search results, similar to the following illustration.

4. Select CLIviaSSH available on the right hand side of the page, as shown in the following

illustration.

5. Enter a comment, then select Start Session, as shown in the following illustration .

R mot 10n:Ent r pt10o - Int md Explo r _

Enter •bner desCf'C)bon ror the remote SUS Gn.

v

Can011 I

6. After you establish a session, log in to the switch.

Verify remote access using CLIviaSSH

Use your existing SSH session to perform the following tasks.

1. At the login prompt, type remotesupport username.

2. At the Password prompt, type the password.

3. At the prompt, execute the commands to verify you are getting

the correct outputs as result.

4. Type CTRL+D to close the PuTTY application and end the remotesupport

session.

5. In the Remote Session Applet window, click the X icon to

terminate the application.

6. Close the Remote Session Applet window.

7. Close the ServiceLink window.

Disable SRS support

To disable SRS on the switch, Execute command “esrsconfig --delete”. Sample output will be

as below:

sw0:FID128:root> esrsconfig --delete

Request Approved

Known Issues and Limitations

• Supportsave files needs to be manually tagged to the serial # of the switch for

critical dialhomes.

• Accessing ServiceLink from Mac OS browsers is not supported.

• Inventory Report and SupportSave files are not been sent to CLM in FOS v8.2.0a. It will

be supported from next release.

• Keepalive 2.0 is not supported.

SRS Resources

• SRS Secure Remote Services,

https://support.DELL EMC.com/products/31755_Secure-Remote-Support

• Secure Remote service Forum,

https://community.DELL

EMC.com/community/suppo rt/SRS

How to Enable DELL EMC Secure Remote Services

(SRS) on Connectrix MDS-Series Directors and

Switches

https://community.emc.com/community/support/esrs



Documents

How to Enable EMC Secure Remote Support on Isilon Clusters · 2018. 4. 9. · How to Enable Secure Remote Service (SRS) on Connectrix B-Series Directors and Switches About Secure