emc remote connectivity - a detailed review · emc remote connectivity - a detailed review 9...

EMC® Remote Connectivity - A Detailed Review

Technical Notes

REV 01

EMC Remote Connectivity - A Detailed Review2

Copyright © 2015 EMC Corporation. All rights reserved. Published in the USA.

Published May 2015

EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice.

The information in this publication is provided as is. EMC Corporation makes no representations or warranties of any kind with respect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for a particular purpose. Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.

EMC2, EMC, and the EMC logo are registered trademarks or trademarks of EMC Corporation in the United States and other countries. All other trademarks used herein are the property of their respective owners.

For the most up-to-date regulatory document for your product line, go to EMC Online Support (https://support.emc.com).

http://support.emc.com

CONTENTS

Preface

Chapter 1 EMC Remote Connectivity - A Detailed Review

Introduction................................................................................................ 10 Audience .................................................................................................... 10 Overview of EMC Customer Service ............................................................. 10 Connectivity Methods ................................................................................. 11

ESRS Virtual Edition (VE) 3.x.................................................................. 11ESRS Gateway Client 2.x........................................................................ 11ESRS Device Client ................................................................................ 11ESRS IP Client........................................................................................ 12Email .................................................................................................... 12WebEx................................................................................................... 12

Security Features for Remote Connectivity Methods..................................... 13 Remote Connectivity Methods by Product.................................................... 13 Device Connect Home Support .................................................................... 15

Automated Notifications (Connect Home).............................................. 15Types of notifications ............................................................................ 16Hard events........................................................................................... 16Soft events............................................................................................ 16Health and status reports...................................................................... 16Contents ............................................................................................... 16Security Overview for Connectivity Methods .......................................... 17ESRS Access Control ............................................................................. 17ESRS Security Testing............................................................................ 18WebEx Security ..................................................................................... 18

Policy Manager ........................................................................................... 19 ESRS VE to Policy Manager Communication................................................. 19 Policy Manager Failure ................................................................................ 19

Policy Manager Specifications............................................................... 19 Conclusion.................................................................................................. 19

Additional Resources ............................................................................ 20

Index

EMC Remote Connectivity - A Detailed Review 3

Contents

4 EMC Remote Connectivity - A Detailed Review

Title Page

TABLES

1 Security features for each remote connectivity method................................................ 132 Remote connectivity methods by product ................................................................... 13


Tableses


R

PREFACE

As part of an effort to improve its product lines, EMC periodically releases revisions of its software and hardware. Therefore, some functions described in this document might not be supported by all versions of the software or hardware currently in use. The product release notes provide the most up-to-date information on product features.

Contact your EMC technical support professional if a product does not function properly or does not function as described in this document.

Note: This document was accurate at publication time. Go to EMC Online Support (https://support.emc.com) to ensure that you are using the latest version of this document.

PurposeThis document provides information about EMC Customer Service, discusses the components of remote connectivity, and describes the various remote connectivity methods and associated security features. It also presents product-specific security methods for remote services and the various tools and applications used for various EMC products.

AudienceThis document is intended his document is intended to provide information to storage administrators and information security professionals to allow them to best select a remote connectivity method for their EMC products.

Related documentationThe following EMC publications provide additional information:

◆ EMC Secure Remote Services Release Notes

◆ EMC Secure Remote Services Technical Description

◆ EMC Secure Remote Services Pre-Site Checklist

◆ EMC Secure Remote Services Port Requirements

◆ EMC Secure Remote Services Installation and Operations Guide

◆ EMC Secure Remote Services Policy Manager Release Notes

◆ EMC Secure Remote Services Policy Manager Operations Guide



Preface

Typographical conventionsEMC uses the following type style conventions in this document:

Where to get helpEMC support, product, and licensing information can be obtained as follows:

Product information — For documentation, release notes, software updates, or information about EMC products, go to EMC Online Support at:

https://support.emc.com

Technical support — Go to EMC Online Support and click Service Center. You will see several options for contacting EMC Technical Support. Note that to open a service request, you must have a valid support agreement. Contact your EMC sales representative for details about obtaining a valid support agreement or with questions about your account.

Your commentsYour suggestions will help us continue to improve the accuracy, organization, and overall quality of the user publications. Send your opinions of this document to:

[email protected]

Bold Use for names of interface elements, such as names of windows, dialog boxes, buttons, fields, tab names, key names, and menu paths (what the user specifically selects or clicks)

Italic Use for full titles of publications referenced in text and for variables in body text.

Monospace Use for:• System output, such as an error message or script• System code• Pathnames, file names, prompts, and syntax• Commands and options

Monospace italic Use for variables.

Monospace bold Use for user input.

[ ] Square brackets enclose optional values

| Vertical bar indicates alternate selections — the bar means “or”

{ } Braces enclose content that the user must specify, such as x or y or z

... Ellipses indicate nonessential information omitted from the example



CHAPTER 1EMC Remote Connectivity - A Detailed Review

This chapter provides information about EMC Customer Service, discusses the components of remote connectivity, and describes the various remote connectivity methods and associated security features. It also presents product-specific security methods for remote services and the various tools and applications used for various EMC products.

◆ Introduction............................................................................................................ 10◆ Audience ................................................................................................................ 10◆ Overview of EMC Customer Service ......................................................................... 10◆ Connectivity Methods ............................................................................................. 11◆ Security Features for Remote Connectivity Methods................................................. 13◆ Remote Connectivity Methods by Product................................................................ 13◆ Device Connect Home Support ................................................................................ 15◆ Policy Manager ....................................................................................................... 19◆ ESRS VE to Policy Manager Communication............................................................. 19◆ Policy Manager Failure ............................................................................................ 19◆ Conclusion.............................................................................................................. 19


EMC Remote Connectivity - A Detailed Review

IntroductionEMC's remote connectivity capabilities protect your EMC investment with sophisticated technology to proactively monitor and remotely repair your EMC products, maximizing availability and minimizing unscheduled downtime. In many cases, remote connectivity enables EMC to address a potential problem before there is any impact to customer operations. Around-the-clock remote issue diagnosis and response provides you with a level of confidence that your business demands.

Remote connectivity also enables EMC to synthesize product-generated alerts and notifications within an internal Big Data environment. Through the use of data science and predictive analytics, EMC can monitor trends and produce detailed reports and recommendations regarding overall product health and performance. For example, remote connectivity dramatically enhances the EMC Online Support experience, which provides proactive guidance and advice on topics such as capacity and code levels for many connected products.

This chapter provides information about EMC Customer Service, discusses the components of remote connectivity, and describes the various remote connectivity methods and associated security features. It also presents product-specific security methods for remote services and the various tools and applications used for various EMC products.

AudienceThis document is intended to provide information to storage administrators and information security professionals to allow them to best select a remote connectivity method for their EMC products. This document generally describes security measures in place so that customers can become comfortable with the controls in the design of remote connectivity tools and capabilities, but it withholds some detail to avoid providing a guide for would-be attackers.

Overview of EMC Customer Service The mission of EMC Customer Service is to accelerate EMC's success by delivering a differentiated service experience through world class capabilities that help customers meet their business goals.

EMC Customer Service leverages the unique "Agile Services" model, which requires understanding the unique service requirements of our customers and partners, providing service through the channels they prefer, communicating in the languages they speak, and leveraging the right delivery method-with an emphasis on proactive and predictive capabilities. This requires steady investments in people, processes, and technologies, and flexibility in our service model to adapt to emerging technologies and requirements.

EMC's global presence includes:

◆ 620 service locations in 152 countries

◆ Direct EMC service presence in more than 50 countries

◆ More than 8,500 EMC Customer Service professionals

◆ Additional 8,000 EMC Global Services professionals



Channels range from traditional channels like telephone and onsite service to an expanded set of online support capabilities, including Live Chat and a mobile app. In order to deliver the highest level of service and optimize the Total Customer Experience, two-way remote connectivity is required.

Connectivity Methods

ESRS Virtual Edition (VE) 3.x

ESRS Virtual Edition (VE) 3.x replaced the ESRS Gateway configuration 2.x in September 2014. ESRS VE is EMC's gold standard solution for remote connectivity, purpose-built for the 3rd platform of IT. This is the most flexible ESRS solution, built to scale with EMC's growth and the growth of our customers. ESRS VE 3.x is:

Proactive — When you connect with ESRS, you get much more than remote support. For example, the EMC Online Support site "My Products" feature delivers alerts on topics such as code levels, technical and security advisories, and capacity information for many products.

Secure — The optional ESRS Policy Manager enables you to allow or deny remote activity, and includes a detailed audit log. Other security features include RSA digital certificates to validate all remote connections, and all EMC personnel must use RSA SecurID 2-factor authentication. ESRS also utilizes Advanced Encryption Standard 256-bit encryption to ensure data privacy.

Virtual — Between 2006 and 2014, ESRS required a dedicated, customer-provided server. This included the expense of operating system licensing fees and physical hardware. ESRS version 3.x provides all of the historical benefits of ESRS as a modern virtual appliance with no physical hardware or operating system licenses.

Simple — ESRS VE 3.x is entirely customer-installable, and you will be prompted when necessary to update code or apply fixes. Expect additional automated processes with each new release of code.

ESRS Gateway Client 2.x

ESRS Gateway Client 2.x is a legacy configuration that requires the ESRS software to be installed on a dedicated physical server or VMware instance. This configuration supports connectivity for a wide range of EMC products while providing a single instance of the ESRS application (and a single point of failure). The final release of ESRS Gateway code was version 2.28 in 2014.

ESRS Device Client

ESRS Device Client is a configuration that eliminates the need for a dedicated server, and is available for Symmetrix, VNX, VNXe, and XtremIO systems. While these products still support the ESRS Gateway 2.x and ESRS VE 3.x configuration, the ESRS application can also reside directly on the Symmetrix service processor, the VNX File Control Station, the VNX Block Storage Processor, the VNXe operating environment, and the XtremIO Management Server (XMS). You may also hear this configuration referred to as "ESRS Embedded."

Connectivity Methods 11


ESRS IP Client

ESRS IP Client is a legacy configuration specifically designed for the VNX and CLARiiON management station, which utilizes a customer-provided server or VMware instance. You may also hear this configuration referred to as "ESRS Management Station." ESRS IP Client is a software bundle that includes ESRS Device Client along with some additional product-specific utilities specifically for CLARiiON and VNX Block products that are not available with the ESRS 2.x or 3.x configurations:

ACU — Automated Periodic Array Configuration Capture and Upload Tool (ACU) is required to send CLARiiON and VNX Block configuration files to EMC. This information is also used to automatically update the installed base. ACU can only be installed as part of the ESRS IP Client package within the product deployment services. Without ACU, VNX Block and CLARiiON products cannot send configuration files to EMC.

UDoctor — UDoctor is an error filtering tool that runs diagnostics on all CLARiiON CX3, CX4, CX5, CX7 series and VNX Block systems running release 19 and above. It monitors events and sends notifications based on a set of business and technical rules. UDoctor has three components: AHA (Array Health Analyzer), TOMS (TRiiAGE on Management Station) and TRT (TRiiAGE Real Time).

Email

Email is a one-way connection from the customer's EMC products back to EMC Customer Service for the delivery of alerts and notifications. An ESRS connection or WebEx session is necessary for EMC engineers to connect back in to resolve an issue.

WebEx

WebEx is a one-way connection from EMC Customer Service in to the customer's EMC products. WebEx can be used alone or in conjunction with the other connectivity options to enable EMC to provide an interactive session for error diagnosis and resolution.



Security Features for Remote Connectivity Methods

* Feature exists on a subset of products

**The ESRS Virtual Edition has two alternative connectivity methods, FTPS and Email. Both are available but will only be utilized if selected via the VE GUI. Invoking these methods will occur if the ESRS tunnel is unavailable. Connect Home files will be received, the Primary path of ESRS in this scenario will fail. Thus causing FTPS to be utilized if selected. And if that path is unavailable, then Email will be invoked; please note that Email in this sense is sending event files via the customer SMTP network to EMC.

Remote Connectivity Methods by Product

Table 1 Security features for each remote connectivity method

Feature ESRS VE 3.x ESRS 2.xESRS Device Client ESRS IP Client Email WebEx

Remote access Yes Yes Yes Yes No Yes

Encrypted communication

Yes Yes Yes Yes Yes Yes

Customer authorization

Yes Yes Yes Yes No Yes

EMC Access Control

Yes Yes Yes Yes No No

Proactive monitoring of connectivity

Yes Yes Yes Yes No No

Customer accessible audit logs

Yes Yes Yes Yes Yes Yes

High availability option

Yes Yes Yes* Yes Yes* No

Centralized failover to alternative connectivity methods**

Yes No No No No No

Table 2 Remote connectivity methods by product

Product ESRS VE 3.x ESRS 2.xESRS Device Client ESRS IP Client Email WebEx

Atmos Yes Yes No No Yes Yes

Avamar Yes Yes No No Yes Yes

Brocade B-Series Switches*

Yes Yes No No Yes Yes

Celerra Yes Yes No No Yes Yes

Security Features for Remote Connectivity Methods 13


*Connectrix Manager Data Center or Converged Network Edition is the connectable device. Brocade B-Series switches connect home via Connectrix Manager (Data Center or Converged Network Edition). Cisco switches connect home via Fabric Manager or Cisco Data Center Network Manager.

**Connect-in only for remote servicing, does not support connect home for remote monitoring.

Centera Yes** Yes** No No Yes Yes

Cisco Switches* Yes Yes No No Yes Yes

CLARiiON Yes Yes No Yes Yes Yes

Connectrix* Yes Yes No No Yes Yes

Data Domain Yes Yes No No Yes Yes

Disk Library (includes DL3D)

Yes** Yes** No No Yes Yes

Disk Library for Mainrame (DLm)


Elastic Cloud Storage (ECS)


Greenplum Data Computing Appliance (DCA)


Invista Yes Yes No No Yes Yes

Isilon Yes Yes No No Yes Yes

RecoverPoint Yes Yes No No Yes Yes

Symmetrix (VMAX)

Yes Yes Yes No Yes No

ViPR Yes Yes No No Yes Yes

ViPR-SM Yes No No No Yes Yes

VMAX Cloud Edition (CE)


VMAX3 Yes Yes No No Yes No

VNX Yes Yes Yes Yes Yes Yes

VNXe Yes Yes Yes No Yes Yes

VPLEX Yes Yes No No Yes Yes

VSPEX Blue Yes No No No Yes Yes

XtremIO Yes Yes Yes No Yes Yes

Table 2 Remote connectivity methods by product

Product ESRS VE 3.x ESRS 2.xESRS Device Client ESRS IP Client Email WebEx



Device Connect Home SupportESRS functions as a communications broker between the managed devices, the Policy Manager, and the EMC Enterprise. ESRS communicates to EMC through outbound ports 443 or 8443. The ESRS servers are HTTP handlers. All messages are encoded using standard XML and SOAP application protocols. ESRS message types include:

◆ Device state heartbeat polling

◆ Data file transfer (connect homes)

◆ User authentication requests

◆ Device management synchronization

Each ESRS server acts as a proxy, carrying information to and from managed devices. ESRS can also queue connect home events in the event of a temporary local network failure. All ESRS actions are logged to a local runtime and audit files. The ESRS server polls the Policy Manager, receives the current policies, and caches them locally. During the periodic poll, the ESRS posts all requests and actions that have occurred. These are written to the Policy Manager database and the Policy Manager audit log files.

Is EMC able to access the customer's internal network via the ESRS Virtual Edition server?

No. EMC can only access specific target devices that have been explicitly approved by the customer. The ESRS Virtual Edition Server maps devices to specific IP address and ports on the target device that have been allowed through the internal firewall by the network administrator. Since all communication originates from the customer ESRS VE server (HTTPS outbound), EMC cannot initiate a remote access session without the VE server processing the request and the customer approving the request (if configured to do so within the Policy Manager).

How do I find out what's in a connect home?

Ask your local EMC support to provide example connect homes from your product. In general, we only include a system ID. The content of the connect home files cannot normally be changed, although some special local agreements can be made upon request to your local EMC Service Manager. The ability of EMC equipment to send the various types of connect home is normally customizable (ON\OFF) for most products upon request, although it is strongly recommended and default to have these all ON.

Automated Notifications (Connect Home)

EMC remote services enables preemptive notice and service through EMC's automated Connect Home solution. Each EMC product identifies predefined error conditions and/or potential issues and creates a notification message, which is automatically transmitted to EMC for appropriate actions to be taken. EMC's remote notification processes allow automated reporting to EMC of system events such as hardware or software issues that may require service. Automated notifications (Connect Homes) are processed real-time as they are received by your EMC product. The notifications are processed and analyzed automatically and routed to the appropriate EMC Customer Service organization to begin investigating. A Service Request is automatically created for the events that are routed to EMC CS, which provide the customer with visibility into the status of the issue through

Device Connect Home Support 15


EMC Online Support (My Support). This assists EMC systems in maintaining a high level of uptime and promoting that system events will be addressed promptly. In many cases, disruptive events may be avoided altogether.

Types of notifications

EMC hardware platforms use remote notification for several purposes. Errors, warning conditions, health reports, configuration data, and script execution statuses may be sent to EMC.

Hard events

Tools built into an EMC platform are designed to continually diagnose and monitor the health of the system and report issues to an EMC Global Support Center without requiring action from customer IT personnel. When a system error occurs, symptom codes, systems logs, system configurations, and other system information necessary to accelerate the diagnosis and response to issues collected and sent to EMC through the configured remote notification protocol.

Soft events

In addition to reporting hard events such as hardware failures, remote notification reports soft events such as a configuration error that surpasses an established threshold. EMC's Global Services personnel evaluate these soft events against the system's history files obtained from previously reported events for that system. If a trend is identified, or if continuous soft errors persist, the support professional may determine that the hardware component should be replaced proactively. This action may mitigate the risk of a future hard failure or a potential outage, and thereby improves your capability to provide continual system availability.

Health and status reports

Products may also be configured to periodically send health reports and configuration information to EMC. Health reports are used to provide proactive monitoring of remote support connectivity. Service requests (cases) are created if messages are not received.

Configuration information included in health reports are transferred to EMC are made available to EMC Customer Service when troubleshooting or diagnosing a potential customer issue. This data is monitored and will generate service requests if suspect conditions are found in the configuration data. To reduce the need for customers to relay configuration data to EMC during an event, EMC Global Services personnel have access to this configuration information when servicing requests. Additionally some maintenance scripts may generate a notification to inform EMC of their execution status.

Contents

Remote notification messages are text and XML files that contain symptom codes and descriptions, error log details, and other system configuration information necessary to accelerate the response to issues by EMC Global Services personnel. Note that the content of these notifications is always limited to this diagnostic information only. This information is evaluated by EMC support professionals to determine the nature of the issue and to organize corrective action, if required.



Security Overview for Connectivity Methods

The security of ESRS is managed proactively by EMC, cross functionally by EMC Global Services, EMC's Global Security Organization, EMC's Product Security Office, the EMC IT development team, and with assistance from 3rd party security testing firms. Focus is placed on managing key control points for ensuring the ESRS application and its supporting infrastructure components are hardened and up-to-date.

ESRS installations are managed consistently across EMC's customer install base, each for consistency in EMC's capabilities to support the customer, but also with an eye towards implementing consistent, scalable and measurable security controls. EMC maintains and enhances ESRS's security controls with an on-going security controls testing program.

In scenarios where ESRS cannot be adopted, EMC implements customized solutions for connect home and remote support using Email, Secure FTP (SFTP), and WebEx. Each of these solutions is tailored to meet the needs of customer requirements, however the de-centralized nature of these solutions means the security testing program's coverage of each is not as robust as the ESRS security testing program.

The EMC CSMO Security Office is available if you have any concerns about data security, the capabilities or restrictions of EMC employees during remote support sessions.

Customers should not use default passwords where possible. EMC will store login\passwords securely. Customers should inform EMC verbally when login\password changes.

ESRS Access Control

EMC understands your concerns in maintaining the security and confidentiality of your data when EMC customer service personnel ("Authorized EMC Personnel") are given remote access via ESRS to your EMC system(s) when providing EMC support services. To that end, EMC employs various security controls for ESRS in order to help manage access to your data while allowing Authorized EMC Personnel to rapidly and professionally deliver EMC's world-class support services.

◆ ESRS includes layered security controls to limit access to ESRS to Authorized EMC Personnel, including:

◆ EMC-managed digital certificates, via the RSA Digital Certificate Manager product, are installed at EMC and on the ESRS Virtual Appliance located at your site to authenticate the infrastructure which supports the connection, and are bilaterally authenticated prior to allowing Authorized EMC Personnel to remotely access your EMC system(s) in order to provide EMC support services. Certificates are issued for the installation of the ESRS Virtual Appliance and once installed, are protected from modification by RSA LockBox technology. EMC's installation of Digital Certificate Manager is housed on redundant infrastructure, within a physically locked cabinet inside of secure data centers, and to gain access require dual control (by two individuals) using physical access cards.

◆ Only Authorized EMC Personnel who possess an RSA SecurID physical access token and an associated PIN can remotely access ESRS.

Device Connect Home Support 17


◆ For the purpose of connecting to a customer site via ESRS for providing EMC support services, an expiring secure credential is required. The secure credential is created for each support request by Authorized EMC Personnel to enable their login to a given customer device.

◆ Remote support communications using ESRS are role based and restricted to Authorized EMC Personnel based on their job function.

In addition to the controls in place at EMC, for customers seeking to implement enhanced access control, the optional Policy Manager component of ESRS is an enhancement to provide customer control of access for each EMC support session. With the Policy Manager, customers can grant or restrict EMC access based on the customer's unique guidelines and requirements.

The Policy Manager includes an audit log with detailed information from each remote support session showing the date and time of access, serial number of the system(s) accessed, identification of the Authorized EMC Personnel, and the service applications accessed via ESRS.

ESRS Security Testing

EMC proactively manages the security posture of ESRS, enlisting its internal security practitioners to evaluate the security controls of ESRS at each layer, and engages a 3rd party security testing firm to conduct an annual end-to-end application security assessment. The scope of the annual application security assessment includes the ESRS application along with infrastructure components that host or enable ESRS.

If vulnerabilities are identified as part of EMC's testing of ESRS, they are first validated by EMC according to industry guidelines before EMC creates, qualifies, and delivers the appropriate response to address the issue. Where possible and depending on the nature of the underlying issue, updates which consist of software patches or releases are streamlined as part of EMC's planned application release schedule in order to mitigate the impact on your business environment. EMC communicates available ESRS updates to customers via EMC security advisories, available for subscription at https://support.emc.com.

Additionally, EMC reviews the results of the above-reference testing and any remediation efforts as part of our overarching business unit and enterprise-level governance functions. EMC maintains an enterprise risk governance model that allows for central oversight of information security controls. EMC Global Services has a business unit level Governance Risk and Compliance (GRC) Program which defines, implements and oversees the scope, testing approach, vendor selection, and process used for ESRS security testing, and escalates when necessary to the additional enterprise level GRC functions, including EMC's Enterprise Governance, Risk, and Compliance Council (eGRC).

WebEx Security

Customers can also choose to allow remote access through the Cisco WebEx connectivity option. WebEx enables viewing, diagnosing, and solving of problems online in addition to the ability to transfer files for offline analysis. The customer has the ability to control the entire WebEx session and determines which users may access the session along with the level of access from EMC. The security of the WebEx product itself is managed by Cisco. WebEx sessions are encrypted, and Cisco has published a security white paper available on the WebEx internet site that references 3rd party security testing.



Policy ManagerThe Policy Manager is an optional component that enables the customer to set access permissions for the EMC devices being managed by the ESRS VE server. The Policy Manager also maintains an audit log of all remote access actions and requests that have occurred on the ESRS VE Server. EMC does not have visibility to the Policy Manager application or Operating System from outside the customer's environment. There are three permissions available for the Policy Manager:

Always Allow — Any remote access sessions will be granted automatically.

Never Allow — Any remote access session will be denied.

Ask for Approval — Any remote access session will generate an email to the customer, providing them with the ability to Approve or Deny the access request.

ESRS VE to Policy Manager CommunicationIf Policy Manager is being configured, the ESRS VE server must be able to communicate with the Policy Manager server on both HTTP port 8090 and HTTPS port 8443; this can vary depending on if SSL or non-SSL options were selected during installation. To generate Access Request Notifications (Ask for Approval), the Policy Manager must be able to connect to the customer SMTP server.

If an internal firewall exists between the ESRS VE server and Policy Manager, the firewall rules should be configured per the EMC Secure Remote Services Policy Manager Operations Guide.

Policy Manager FailureIf the Policy Manager fails, the ESRS VE Servers will still be able to provide remote access to EMC managed devices using a cached copy of the last known policy configuration. If the last known policy for a managed device was set to "Ask for Approval" or "Never Allow," the ESRS VE will deny access to that device. If the policy was set to "Always Allow," the Gateway will continue to allow remote access to that device.

Policy Manager Specifications

◆ The Policy Manager is available for both Windows and Linux operating systems.

◆ The Policy Manager may reside on a shared server as long as there is no conflict with other applications that use the Tomcat web server or ports 8090 and 8443.

◆ The Policy Manager may be installed on a Physical server or Virtual machine.

Conclusion Because both planned and unplanned interruptions to information access can severely impact business operations, having a remote connectivity option in place is critical to maximize information availability, accelerate time to resolution, and lower costs. EMC also uses its remote connectivity capabilities to deliver world-class proactive services. EMC is continually investing in its technology, infrastructure, and partnerships to provide

Policy Manager 19


customers with remote connectivity options that meet their business and security needs. EMC's remote connectivity strategy was designed to provide efficient, rapid, and proactive service while protecting customer data that is stored on EMC systems.

Additional Resources

Technical documentation, downloads, knowledgebase articles, and additional ESRS technical resources can be found on the ESRS landing page within EMC Online Support.

Detailed information about EMC Customer Service and associated policies and procedures can be found in the EMC Customer Support Guide.

To ask questions or engage with ESRS subject matter experts, please visit the ESRS Support Community Forum.


INDEX

AACU 12Always Allow 19Ask for Approval 19Atmos 13audit logs 13Avamar 13

BBrocade B-Series Switches 13

CCelerra 13Centera 14Cisco Switches 14CLARiiON 12, 14connect home 15, 17Connectivity methods 11Connectrix 14Contents 16Customer authorization 13

DData Domain 14Device Cient 11Disk Library (DL3D) 14Disk Library for Mainrame (DLm) 14

EElastic Cloud Storage (ECS) 14Email 12, 13embedded client 11EMC Access Control 13EMC Online Support 10Encrypted communication 13ESRS 2.x 13ESRS Device Client 11, 13ESRS Gateway Client 2.x 11ESRS IP Client 12, 13ESRS VE 3.x 13ESRS Virtual Edition (VE) 3.x 11events 16

Ffailover 13features 13

GGateway Client 2.x 11Greenplum Data Computing Appliance (DCA) 14

HHigh availability 13

IInvista 14IP Client 12Isilon 14

LLinux 19

Mmonitoring 13

NNever Allow 19notifications 16

PPolicy Manager 19

failure 19specifications 19

ports 15, 198090 and 8443 19

RRecoverPoint 14Remote access 13remote connectivity 10, 13, 14reports 16

SSecurity 13security 17

testing 18WebEx 18

Soft events 16Switches 13, 14Symmetrix 11Symmetrix (VMAX) 14

TTomcat 19

UUDoctor 12

VViPR 14


Index

ViPR-SM 14VMAX Cloud Edition (CE) 14VMAX3 14VNX 11, 12, 14VNXe 11, 14VPLEX 14VSPEX Blue 14

WWebEx 12, 13Windows 19

XXtremIO 11, 14


emc remote connectivity - a detailed review · emc remote connectivity - a detailed review 9...

Documents