ViPR SRM 3.6 – Configure EMC Secure Remote Support

Table of Contents

EMC Secure Remote Support overview

Learn how to configure EMC Secure Remote Support (ESRS) for ViPR SRM. ESRS is a software-based, secure access point for remote support activities between EMC and your EMC information infrastructure.

Back to Top

Configuring ESRS

Configuring the product to communicate with ESRS allows the product to call home and provide system configuration information to EMC support staff.

Before you begin

  • ESRS V3 (Virtual Edition) must be running in a supported VMware ESX or Microsoft HyperV environment.
  • A valid ELMS license must be installed. (ESRS will not work with a trial license.)
  • You need valid EMC Online Support credentials.
  • Optional: For validated SSL communications, a truststore is required to validate the server's SSL certificate.

Procedure

  1. In Centralized Management, click Configuration > Remote Support.
  2. Type the IP address or server name of the ESRS server.
  3. Type the port number. The default value is 9443.
  4. Select SSL Validation if you want the system to check that the SSL certificate used by the server is valid.
  5. By default, ESRS uses the existing EMC Online Support username and password specified under Configuration > EMC Support. If you want to use different credentials, click Advanced Settings and select Override Support Credentials. These credentials are used only for ESRS.
  6. Click the Test Realm Connectivity Icon icon to test connectivity to the ESRS server.
    The Test Realm Connectivity Passed Icon icon indicates that connectivity to the server has been established.
    The Test Realm Connectivity Failed Icon icon indicates that connectivity to the server failed.
  7. After you have determined that the connection was successful, click Save.
  8. EMC recommends that you enable HTTPS access (via port 58443) to the front-end UI. For detailed instructions, refer to the EMC ViPR SRM Security Configuration Guide, which is available from the ViPR SRM Documentation Index.
Back to Top

Running and scheduling the ESRS task

You can change how frequently ESRS calls home by editing the configuration file for the scheduled task. By default, this task is set to run once a week.

Procedure

  1. In Centralized Management, click Scheduled Tasks.
  2. Type ESRS in the search field.
  3. Click the ESRS task.
    The Properties window for the task opens.
  4. The ESRS task is disabled by default. If it has not yet been enabled, click Enable.
  5. Click the Configuration Files section to expand it.
  6. Select the checkbox for the ESRS task, and then click the Edit File icon.
    The configuration file opens.
  7. Change the schedule by editing the cron expression. The expression for the default setting (once a week) is "0 0 * * 0".
    Example: To change the schedule so the task runs once a month at midnight on the morning of the first day of the month, change the cron expression to "0 0 1 * *".
  8. Click Run Now if you want to test the task.
  9. Click Save.
Back to Top

Configuring an SSL truststore

For validated SSL connections, you must configure a truststore to validate the server's SSL certificate.

The ESRS truststore is located at <Install_Dir>/APG/Custom/WebApps-Resources/Default/centralized-management/esrs-truststore.

Procedure

  1. If an SSL certificate has not been issued, you can use the certificate that the ESRS VE is using.
    1. Use a browser to navigate to the VE site.
      The following instructions are for Google Chrome. The steps will vary slightly depending on your browser. Refer to the documentation for your browser for details about downloading certificate files.
    2. Click the View site information button in the address bar. (It looks like a lock.)
    3. On the Connection tab, click Certificate information.
    4. Click the Details tab, and then click Copy to file.
      The Certificate Export Wizard opens.
    5. Click Next, and then click the Base-64 encoded X.509 (.CER) radio button.
    6. Click Next. Provide a name for the certificate and specify the download location for the file.
    7. Click Next, and then click Finish.
  2. Add the certificate to your local truststore using Java Keytool:
    keytool -import -trustcacerts -alias esrsve -file esrs.cer –keystore new-truststore -storepass abcdef
  3. Create an encrypted password with the crypt-password.sh tool:

    Unix:

    /opt/APG/bin/crypt-password.sh abcdef

    Windows:

    <installation directory>\APG\bin\crypt-password.cmd abcdef

  4. Store the encrypted truststore password in the apg.properties file (<INSTALL_DIR>/APG/bin/apg.properties).
    For example: esrs.trustStorePassword={289A04BF3B904C3A7ECA8C646FA0A0C3B68948AEBC27EAE088161597EACED43E2B0A6CF1E7A3E019A1D8130CC2F00AA5}
Back to Top