- Notes, cautions, and warnings
- Introduction
- Requirements, Restrictions, and Configuration
- Configuring SupportAssist
Dell Unity™ Family Configuring SupportAssist
Connection Type options for SupportAssist
SupportAssist supports two options for connection type through which storage system information can be sent to the Support Center for remote troubleshooting:
- Connect Directly
- Connect through a Gateway Server
Either option can be configured with one of the following types of remote service connectivity options:
- In Unity OE version 5.3.x and 5.4.x, if both Inbound connectivity for remote access and RSC (Remote Secure Credentials - Recommended) are selected (default settings), authorized Dell support engineers are allowed to securely troubleshoot your system remotely. Selecting the RSC option allows authorized Dell support engineers to authenticate with your system by using a unique one-time Dell-generated credential. Your system administrator does not have to provide Dell support engineers with an access credential.
- In Unity OE version 5.5 or later, if Inbound connectivity for remote access is selected in Unisphere (default setting), authorized Dell support engineers are allowed to securely troubleshoot your system remotely. The RSC option does not appear in Unisphere but is enabled when Inbound connectivity for remote access is selected. The RSC option cannot be disabled in Unisphere.
- In Unity OE version 5.3.x or 5.4.x, if Inbound connectivity for remote access is selected and RSC is not selected, both outbound and inbound traffic for remote service is allowed. However, not selecting the RSC option requires your system administrator to provide Dell support engineers with an access credential that allows authorized Dell support engineers to authenticate and securely troubleshoot your system remotely.
- For Unity OE versions 5.3.x, 5.4.x, or 5.5 or later, if Inbound connectivity for remote access is not selected, only outbound traffic for remote service is allowed.
NOTE:To enable and configure the SupportAssist feature, you must accept the SupportAssist End User License Agreement (EULA). It is recommended that you enable the SupportAssist feature to accelerate problem diagnosis, perform troubleshooting, and help speed time to resolution. If you do not enable SupportAssist, you may need to collect system information manually to assist Support with troubleshooting and resolving problems with your storage system. Also, SupportAssist must be enabled on the system for data to be sent to APEX AIOps Observability.
Connect Directly
The Connect Directly option for SupportAssist runs directly on the storage system. When you select this option, you set up the storage system to use a secure connection between itself and the Support Center. Ensure that ports 443 and 8443 are open from the storage system to the Support Center. If remote access using SSH is required, ensure that ports 22 and 8443 are open on the storage system.
Connect through a Gateway Server
The Connect through a gateway server option for SupportAssist requires that a separate customer-supplied server running Secure Connect Gateway (version 5.12.00.10 or later) be set up. When you select this option, your storage system can be managed together with other storage systems by a Secure Connect Gateway. The storage systems reside behind a single common (centralized) secure connection between Support Center servers and an off-array Secure Connect Gateway. The Secure Connect Gateway is the single point of entry and exit for all IP-based SupportAssist activities for the storage systems that are associated with the gateway.
NOTE:SupportAssist does not support ESRS gateway
(version 3.x) or SupportAssist Enterprise (version 4.y). As a result, you cannot
specify an ESRS gateway or SupportAssist Enterprise address for enabling a gateway
connection.
The Secure Connect Gateway is a remote support solution application that is installed on one or more customer-supplied dedicated servers. The Secure Connect Gateway functions as a communication broker between the associated storage systems and the Support Center. You can configure a Primary and a Secondary Gateway for SupportAssist for high availability in case one of the gateways is inaccessible. It is recommended that both gateways reside on the same cluster to minimize disruption if one gateway fails over to the other.
In Unity OE versions 5.3.x and 5.4.x, HTTP proxy servers are supported for both Connect Directly and Connect through a gateway connection type options. SOCKS proxy servers are not supported. In Unity OE version 5.5 or later, HTTP proxy servers are only supported for the Connect Directly connection type option.
NOTE:For a Non-Disruptive Upgrade from an earlier
Unity OE version 5.3.x or 5.4.x to Unity OE version 5.5 or later and when
SupportAssist is enabled with Connect through a gateway server and Use Global Proxy
Settings options in the earlier Unity OE version, the Use Global Proxy Settings
option is disabled during upgrade. After the upgrade, the system communicates
directly with the Secure Connect Gateway server, the proxy server connection is
removed. An alert is generated as a notification that the proxy server is not
supported by the gateway connection and has been removed from the SupportAssist
configuration. If your network requires a proxy server between the Unity system and
the gateway server, you must re-arrange your network environment or change the
SupportAssist configuration to use the Connect directly option instead.
A Policy Manager is not supported in Unity. To use a Policy Manager to manage the network traffic between your storage system and Support Center, you must select the Connect through a gateway server connection option for SupportAssist. Also, you must specify the Policy Manager and, if required, an associated proxy server within the Secure Connect Gateway.
NOTE:For more information about Secure Connect Gateway and Policy Manager, go to the Secure Connect Gateway product page on
Online Support.
To configure your storage system to use Connect through a Gateway Server, you must provide the IPv4 address (IPv6 is not supported) or FQDN of the Secure Connect Gateway and ensure that port 9443 is open from the storage system to the gateway. If remote access using SSH is required, ensure that ports 22 and 8443 on the storage system are also open.
NOTE:Storage systems can only be added to the
Secure Connect Gateway from Unisphere or UEMCLI. A remote session for Unisphere
requires port 80 to be open, UEMCLI requires port 443 to be open. If the storage
system is added from the gateway server, it appears to be connected, but does not
successfully send system information.
Remote Secure Credentials
In Unity OE version 5.3.x or 5.4.x, the RSC (Remote Secure Credentials) option is disabled by default and SupportAssist must be enabled to select it. When selected, the RSC option allows authorized Dell support engineers to authenticate with your system by using a unique one-time Dell-generated credential. Your system administrator does not need to provide Dell support engineers with an access credential. Once the authentication process passes, the user is given both administrator and service roles when running UEMCLI commands, and the service role when running on-array CLI commands.
In Unity OE version 5.5 or later, the RSC option does not appear in Unisphere. When the Inbound connectivity for remote access option is selected and SupportAssist is enabled, the RSC option is enabled by default and authorized Dell service personnel are allowed to remotely log in to your system to securely troubleshoot your system. Once the authentication process passes, the user is given both administrator and service roles when running UEMCLI commands, and the service role when running on-array CLI commands. However, if the Inbound connectivity for remote access option is not selected, the RSC option is not enabled.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\