Professional Documents
Culture Documents
Topic
Isilon Miscellaneous
Selections
Select Miscellaneous Activity: How to Enable EMC Secure Remote Support on Isilon Clusters
REPORT PROBLEMS
If you find any errors in this procedure or have comments regarding this application, send email to
SolVeFeedback@emc.com
Contents
How to Enable EMC Secure Remote Services on Isilon Clusters..........................................3
EMC ISILON INTERNAL ONLY..............................................................................................3
Abstract........................................................................................................................................................ 3
Publication History....................................................................................................................................... 3
Log Files...............................................................................................................................11
Known Issues.......................................................................................................................11
ESRS Resources..................................................................................................................11
Publication History
Table 1
Date Description
October 29, 2013 Initial publication.
November 17, 2014 Replaced apostrophe with tick marks in password generation command.
March 3, 2015 Removed details about the deprecated clusterPasswordGenerator.
Added note recommending the use of a management subnet with static IPs.
May 5, 2015 Renamed EMC Secure Remote Support to EMC Secure Remote Services.
Updated references to ESRS Gateway
Enabling support personnel to run the same scripts used by SupportIQ to gather node and cluster
information.
Allowing support personnel to establish remote access to troubleshoot Isilon clusters.
Only one remote support system should be enabled on an Isilon cluster. The EMC products in use in the
customer’s environment determine which system is most appropriate:
If the customer’s environment includes one or more EMC products that can be monitored, use ESRS.
If ESRS is currently implemented in the environment, use ESRS.
If the customer's implementation of ESRS requires the ESRS Client, use SupportIQ. Isilon nodes do
not currently support ESRS Client connectivity.
If the customer's cluster is in a high-security environment, use ESRS.
If the only EMC products in the customer’s environment are Isilon nodes, use SupportIQ.
For additional information, see the Isilon OneFS 7.2 CLI Administration Guide on the EMC Online Support
site.
Expectations
When set up correctly, ESRS will:
Allow remote access to the remote command-line interface using the remotesupport account.
Command line interaction with the remotesupport user account is limited to running pre-configured
scripts installed on the cluster. Customers may choose to allow root access to the Isilon web
administration interface or command-line interface by providing Isilon Support with the appropriate
credentials.
Create a System Report (SYR) and Services Request (SR) is created in the Customer Replaceable
Unit (CRU) Queue when a device failure occurs. The SYR will contain the cluster name, GUID and
identify all nodes within the cluster.
Automatically provision new nodes into the ESRS gateways and automatically approve the nodes in
ServiceLink.
List decommissioned nodes as “Missing” in ServiceLink and the ESRS gateway within 4 hours. Within
14 days, nodes will be removed automatically from ServiceLink and the ESRS gateway.
ote: Any node that is automatically removed from the ESRS gateway will need to be manually re-added
to the ESRS gateway if the node is re-added to the cluster.
Prerequisites
The following prerequisites need to be met before you can remotely connect to a customer’s cluster using
ServiceLink.
ESRS 2.24 or later must be installed in the customer’s environment, on dedicated, physical hardware,
or a virtual machine. Refer to the ESRS documentation on the EMC Online Support site
All nodes visible in the Install Base with a Status of Shipped, Install, or Install/T&M.
PuTTY or similar terminal application installed on your workstation.
RSA SecureID log in credentials to access ServiceLink.
Internet Explorer 8 with Java enabled.
Procedures
Check the current status of SupportIQ
Do one of the following to check the current status of SupportIQ and disable, if required:
ote: It is recommended that you use a separate management subnet with a static IP address pool in the
System access zone. If a separate subnet is not available then the subnet chosen should have static IPs
and must be in the System access zone.
After ESRS is enabled on the cluster, any additional nodes added to the cluster will be automatically
provisioned into the ESRS gateways.
Verification
After ESRS has been enabled on the cluster, perform the following verification steps to ensure that the
cluster can successfully communicate with the ESRS gateway, that log files are successfully uploaded to
Isilon and that the remotesupport user can log in to the command-line interface.
3. [ ] Log on to SYR and verify that the test event is logged. For more information, see article
196620 on the EMC Online Support site.
isi_gather_info --esrs
< Content-Length: 0
< Connection: close
< Content-Type: application/x-gzip
<
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
Cleaning up temporary data... done.
Gather-status unlocked
ote: If you see a response other than < HTTP/1.1 200 OK, as highlighted in the output above, the
upload process was not successful.
After the log gather is uploaded to Isilon Support, the files will be extracted by the log processor. You can
search for the log files on the IGS Tools log page, http://tools2.igs.corp/.
Figure 1
Figure 2
Figure 3
ote: Note: For additional information about using the ServiceLink web user interface, click the Help link
in the upper right corner of the ServiceLink window.
echo `isi_generate_remote_support_password`
ote: Note: The password is generated using the cluster’s global unique identifier (GUID). It is possible
for the root user to change the password for the remotesupport user using the passwd command. If you
are unable to log in with the generated password, contact the customer to obtain the new password.
8. [ ] When the Remote Session Applet window opens, wait for Ready to Launch to display
in the Session Status column.
9. [ ] Note the IP address listed in the IP column.
10. [ ] Launch PuTTY (or other terminal application).
11. [ ] Type the IP address from step 9 into the Host Name (or IP address) box.
12. [ ] Click Open.
13. [ ] At the login prompt, type remotesupport.
14. [ ] At the Password prompt, type the cluster password from step 3 in the previous section.
15. [ ] At the remotesupport> prompt, type one of the commands in the following table:
Table 2
Command Description
Help Lists all of the available commands that can be run.
GetATAControlAndGMirror Runs the atacontrol list & gmirror status
commands and uploads the output.
GetClusterEvents Runs the isi events command and uploads the
output.
GetClusterStatus Runs the isi status command and uploads the
output.
GetContactInfo Collects the contact information entered in the
General Settings page in the OneFS web
administration interface by parsing specific
information from the isi_gconfig celog
command.
GetContents-isi_client_stats Runs the isi_client_stats command to
collect pcap client statistics.
GetNfsClients Runs the isi_for_array mount -v command
to see if any nodes are being used as NFS clients
(the number one cause of failed gathers).
GetReadonlyStatus Runs the isi readonly command to report the
read-only status of all nodes in the cluster.
IsiGatherInfo Runs the isi_gather_info command to collect
and upload cluster log information.
IsiGatherInfo-Incremental Runs the isi_gather_info --incremental
command to collect the latest log set since the most
recent full isi_gather_info command.
IsiGatherInfo-Incremental-SingleNode Runs the isi_gather_info --local
--incremental command to collect and upload
cluster log information from the node that the
command is run on.
IsiGatherInfo-SingleNode Runs the isi_gather_info --local command
to collect and upload cluster log information from
the node that the command is run on.
ote: All collected log files are uploaded using the --esrs option of the isi_gather_info command
to send the files securely to the ESRS gateway.
1. [ ] Type CTRL+D to close the PuTTY application and end the remotesupport session.
2. [ ] In the Remote Session Applet window, click the X icon to terminate the application.
3. [ ] Close the Remote Session Applet window.
4. [ ] Close the ServiceLink window.
Log Files
/var/log/rscApiLog.log
/var/log/ConnectEMC.log
/var/log/ConnectEMCHttp.log
/var/log/ConnectEMC_HTTP.log
/var/log/GWExt.log
/var/log/GWExtHTTPS.log
/var/log/auth.log
/opt/connectemc/logs/ConnectEMC.log
Known Issues
Accessing ServiceLink from Mac OS browsers is not supported.
ESRS Resources
ESRS Collateral & Resources, http://one.emc.com/clearspace/docs/DOC-76305
ESRS Secure Remote Services, https://support.emc.com/products/31755_Secure-Remote-Support
EMC Secure Remote Services Forum, https://community.emc.com/community/support/esrs
Isilon Troubleshooting Guide: Administration - SupportIQ and ESRS