EMC CONFIDENTIAL EMC® Secure Remote Services (ESRS) Release 3.20 Pre-Site Checklist REV 01 April, 2017 This document is a Word-based template to assist the user in installing the ESRS Virtual Edition in a customer environment. To ensure success, the relevant decisions needed and the required information are structured and can be documented in this checklist. Use this form with the guidance of your EMC Global Services professional. Related information is provided in the EMC Secure Remote Services Site Planning Guide. This checklist uses the term “ESRS Virtual Edition”. ESRS Virtual Edition is also called ESRSv3 or ESRS VE. Topics in this document include: Before you begin ........................................................................................... 2 Download ESRS software and documentation ............................................. 3 Customer contact information ..................................................................... 4 ESRS configuration choices ........................................................................... 5 Network preparation .................................................................................... 8 Am I ready to install ESRS Virtual Edition? .................................................... 9 Install ESRS Virtual Edition virtual appliances ............................................. 10 Configure ESRS Virtual Edition using ESRS GUI ........................................... 10 Deploying customer EMC products to ESRS Virtual Edition ....................... 11 Final steps ................................................................................................... 13 Notes and comments .................................................................................. 13 1 Before you begin Before you begin ESRS Virtual Edition is an EMC solution that is customer-installable using this checklist and the supporting documentation. We strongly recommend the involvement of: - The customer lead for EMC products, to define which products will connect The customer IP networking team, to define how those products will securely connect Alternatively EMC Professional Services offering PSINST-ESRS for an ESRS Virtual Edition install is available at no cost, provided by the EMC Remote Proactive team. To trigger this service please open a Service Request for an ESRS VE install and ask for it to be routed to the Remote Proactive team (RPS). Best Practice EMC recommends the following step-by-step approach which this checklist follows: Step 1 - Planning - Examine the ESRS Getting Started short demo Download the software and documentation set Plan and prepare for installing the ESRS Virtual Edition appliance and it’s networking access to EMC Plan which EMC products will connect to ESRS Virtual Edition, preparation can wait until Step3 Complete the checklist details Step 2 – Installing - Install ESRS Policy Manager (optional) Install ESRS Virtual Edition appliance(s) Step 3 – Deploying - Prepare the environment\network for your EMC products to connect to your ESRS Virtual Edition Deploy your EMC products to ESRS, configure product connect-in and connect-home Register your deployed products with EMC Support Conventions used in this document: 2 STEP Denotes a step that can be done by the customer or EMC partner or EMC Support. CUSTOMER STEP Denotes a step that can ONLY be done by the customer due to specific requirements. For example, only the customer can define the root password. EMC Secure Remote Services Pre-Site Checklist Download ESRS software and documentation Download ESRS software and documentation All ESRS Virtual Edition resources are available on the ESRS Virtual Edition support page and are needed by the customer for ESRS installation. STEP Customers should run checks in accordance with their security policy after downloading or receiving ESRS software packages. Following is a tabular summary of recommended documentation and software. Table 1: ESRS Documentation and Software ESRS Documentation – click here to access documentation EMC Secure Remote Services Release Notes EMC Secure Remote Services Port Requirements EMC Secure Remote Services Installation and Operations Guide EMC Secure Remote Services Technical Description EMC Secure Remote Services Site Planning Guide EMC Secure Remote Services Policy Manager Operations Guide (optional) ESRS Software – click here to access downloads ESRS Virtual Edition full OVF image for VMWare ESX Systems ~550MB ESRS Virtual Edition full VHD image for Microsoft Hyper-V Systems ~550MB ESRS Docker Edition ~1GB ESRS Infrastructure information EMC KB#335386 contains the host and IP address information of EMC’s ESRS infrastructure servers Optional ESRS Software – click here to access optional software Policy Manager Software (Windows or Linux as required) ~100MB EMC Secure Remote Services Pre-Site Checklist 3 Customer contact information Customer contact information Complete the following tables by entering your contact information. STEP Contact information Item Customer Company Customer main contact name for this project Customer main contact phone + email ESRS Install Service Request (if known) Requested install date PS Project Number Party (Site) information – also available on https://support.emc.com/servicecenter/sites/ Function Name Party# (Site ID) Locations Phone number E-mail Primary Secondary (if applicable) Customer ESRS Contacts Type* Name Title\Role Primary Technical * Primary and technical contacts will be entered during ESRS install and will be used in the event of ESRS issues. 4 EMC Secure Remote Services Pre-Site Checklist ESRS configuration choices ESRS configuration choices STEP Select the proposed ESRS Virtual Edition configuration from the following table and note the number of virtual appliances required for the chosen configuration. Some EMC products have alternative “on-board” ESRS solutions i.e. ESRS Device Clients. For customers with fewer EMC products these may be preferable. ✓ Configuration Appliance Qty Single ESRS VE Appliance*, no Policy Manager One Single ESRS VE Appliance* and Standalone Policy Manager Two High-Availability ESRS VE Appliances**, no Policy Manager Two High-Availability ESRS VE Appliances** and Standalone Policy Manager Three * Do not place ESRS VE appliances or storage files on EMC devices managed by ESRS VE. ** HA ESRS VE appliances should run in separate customer virtual environments. STEP Examine the EMC products installed or pending install in the customer environment on https://support.emc.com/servicecenter/sites/. Choose and list devices to be deployed in the section “Customer EMC Products” on page 12. STEP Some EMC products need an extra workstation with specific software to enable those products to connect-home to EMC. Workstation(s) are customer-provided. The switch management software has extensive functions and is customer installable. The software may be a paid item. Device Monitoring Solution ✓if To Be ✓if Already Installed Installed ✓if Not Required Additional Monitoring Workstation for CLARiiON Monitoring Additional Connectrix Manager Workstation for Brocade Switch Monitoring Additional Fabric Manager Workstation for Cisco Switch Monitoring EMC Secure Remote Services Pre-Site Checklist 5 ESRS configuration choices ESRS Virtual Edition and Policy Manager details Plan the various resources needed before installing ESRS Virtual Edition (ESRS VE) or ESRS Docker Edition (ESRS DE). Specifications for ESRS VE, ESRS DE, and Policy Manager are in the “ESRS Site Planning Guide”. Note that usernames and passwords are defined and held by the customer. STEP It is possible to use 2 NICs per VIRTUAL EDITION appliance, please see EMC KB#304076 ESRS Virtual Edition Appliance 1 Item Item Name or IP Address VM, HyperV, or Docker Enable failover FTPS (Y/N)* Enable failover Email (Y/N)* Policy Manager enabled? (Y/N) Policy Mgr Name or IP Address * Failover FTPS / Email will attempt to forward Call home from devices to EMC if connectivity between the ESRS server and the EMC infrastructure is lost. Recommended for Single ESRS VE configurations. ESRS Virtual Edition Appliance 2 (HA partner of Appliance 1) Item Item Name or IP Address VM, HyperV, or Docker Enable failover FTPS (Y/N) Enable failover Email (Y/N) Policy Manager enabled? (Y/N) Policy Mgr Name or IP Address ESRS Policy Manager Application (optional) Item 6 Item Name or IP Address Adobe Flash installed (Y/N) Policy Mgr Port Policy Mgr SSL (Y/N) EMC Secure Remote Services Pre-Site Checklist ESRS configuration choices Customer Proxy and Email details STEP Provide details of the supporting resources needed before installing ESRS Virtual Edition. Note: usernames and passwords are defined and held by the customer. Customer Proxy Details There are various functions where a customer proxy server can optionally be used: (1) between the customer ESRS Virtual Edition appliance and the Internet (2) between the customer ESRS Virtual Edition appliance and EMC Policy Manager application Proxy Functions (1 and/or 2) Proxy Name or IP address Port# Proxy Type Auto/HTTP/SOCKS Username & Password available (Y\N) Customer Email Server Details There are various functions where a customer email server can optionally be used: See ESRSv3 related Emails Mail Server Name or IP address Email Functions Sender email Notification email to: ESRS VE to internal ESRS VE to external (Call Home failover optional) Policy Manager EMC Secure Remote Services Pre-Site Checklist 7 Network preparation Network preparation CUSTOMER STEP The customer is responsible for configuring their network environment to support the ESRS solution. Refer to the ESRS documentation for detailed information about the network requirements. ✓ Task Prepare Firewalls for Customer <> External Communication Configure the external Firewall Rules to allow ESRS Virtual Edition Servers to EMC’s ESRS infrastructure servers on outbound ports 443 and 8443. To ensure communication integrity, proxy servers and devices external to your DMZ must not perform any method of SSL checking on outbound or inbound traffic for ESRS. SSL checking will cause connectivity loss to EMC. If SSL checking is performed on outbound communications by customer firewalls, proxies, web traffic filtering appliances or applications, web traffic shaping/load balancing, certificate verification or proxying, or Intrusion Detection Services (IDS), there will be loss connectivity to EMC Prepare Firewalls for ESRS Virtual Edition in Customer Network (optional) Configure internal Firewall Rules to allow VIRTUAL EDITION appliance and the Policy Manager to connect to customer SMTP server Failover on port 25. Configure internal Firewall Rules to allow customer workstations to connect to VIRTUAL EDITION appliance for GUI Management on port 9443. (optional) Configure internal Firewall Rules to allow communication between the ESRS Virtual Edition appliance and the Policy Manager on ports 8090 and/or 8443. Configure internal Firewall Rules to allow communication between the ESRS Virtual Edition appliance and EMC device as defined in the ESRS Port Requirements Guide. (This step can be deferred until “Deploying customer EMC Products to ESRS Virtual Edition” to spread effort over time). 8 EMC Secure Remote Services Pre-Site Checklist Am I ready to install ESRS Virtual Edition? Install ESRS Policy Manager (optional) Refer to the ESRS Policy Manager documentation for complete information. EMC can perform a basic installation of the Policy Manager software at the time of deployment. STEP ✓ Task Build Policy Manager Server hardware or virtual machine with compatible OS. Download Policy Manager software from the EMC support site (Policy Manager Software Download). Install Policy Manager using ESRS Policy Manager Operations Guide Am I ready to install ESRS Virtual Edition? STEP These checks can be performed by customers, partners or EMC. Access https://support.emc.com/servicecenter/sites/ for these checks. ✓ Task Party# Check Click on Manage Sites and search for party#. Select the desired party#. You should see the installed EMC products. If there are no ESRS Deployable EMC products then you will not be able to install ESRS. ESRS Deployable products are listed in the ESRS Site Planning Guide Table 1. If no valid products are listed please use a different party# or contact EMC Support Installer Check Click on Manage Sites and search for site ID. Click on that Site ID then Contacts. Select the checkbox “Web Support Enabled” to filter the list. For customers the installing person must be listed as an “Authorized Contact”. If you are a customer and not authorized please contact [email protected] For partners the installing person must be listed as a “Support Partner” If you are a partner and not authorized please contact [email protected] Credential Check - For customers a valid support.emc.com account login+password is required - For EMC and Service-Enabled Partners an active RSA SoftFob is required - For non-servicing partners please ask the customer to enter their credential, or please raise an EMC Service Request with details of the party# and devices to be deployed. EMC Secure Remote Services Pre-Site Checklist 9 Install ESRS Virtual Edition virtual appliances Install ESRS Virtual Edition virtual appliances CUSTOMER STEP The Customer is responsible for deploying the ESRS Virtual appliances into their hypervisor environment (ESRS VE for ESX and HyperV, ESRS DE for Docker), and performing the basic virtual machine configuration. Click here for a 4-min walk-thru training for ESRS VE (timestamp 03:27 thru 07:14) ✓ Task Deploy ESRS as per the “Configure Operating System for VM” section of the ESRS Installation and Operations Guide. IMPORTANT: Create a root password at this step in the correct format as per ESRS Installation and Operations Guide p.148. Weaker passwords may be accepted, but will not function in the next step. The default keyboard in the ESRS appliance is US English. When complete the ESRS Virtual Edition reboots and shows in the center of the screen: Configure ESRS Virtual Edition using ESRS GUI Use a supported browser to access the ESRS GUI at https://<IP address of ESRS Virtual Edition >:9443 A customer, Partner, or EMC can provision the ESRS Virtual Edition, this connects the customer ESRS Virtual Edition appliance(s) with EMC. STEP Click here for a 7-min walk-thru training (timestamp 07:14 thru 14:40) ✓ Task Configure ESRS Virtual Edition as per the “Root logon and Admin setup” section of “ESRS Installation and Operations Guide”. If ESRS GUI does not accept your login credentials check the current keyboard layout, the root password was probably entered in US English keyboard layout in the previous step. Configure ESRS Virtual Edition as per the “Provisioning screens/ESRS setup” section of “ESRS Installation and Operations Guide”. Customers: If you are building an ESRS Virtual Edition High-Availability cluster please raise an EMC Service Request and provide the ESRS Virtual Edition Serial Numbers (e.g. ELMDKZW7RJSWDN and SHTESTREDSRZJK). Servicing Partners and EMC employees: create the HA cluster at https://esrs.emc.com or for new infrastructure installs https://esrs3.emc.com 10 EMC Secure Remote Services Pre-Site Checklist Deploying customer EMC products to ESRS Virtual Edition Deploying customer EMC products to ESRS Virtual Edition Deploy EMC products using the table on the next page as a reference. STEP Please note that some EMC products should only be ESRS-deployed from that EMC product and not using the ESRS GUI. ✓ Task Prepare the environment/network for your EMC products to connect to your ESRS Virtual Edition as defined in the “ESRS Port Requirements Guide” Deploy each device as described in the “Installation and Operations Guide” under “Devices Manage Devices”. Register each device with EMC: - EMC employees should use IBG for this - Implementing partners should use PNT - Customers please raise an EMC Service Request For each serial number include the product login\password to be used by EMC for connect-in, and if connect-in and connect-home are allowed (default). Test remote connect-in to customer products is working correctly (EMC & Partners only) Test remote connect-home from customer products to EMC is working correctly - Trigger a test connect-home from the product (see product’s own documentation) Validate that EMC received the test connect-home: o EMC employees use CLM or SYR o Implementing Partners and customers use support.emc.com section “MyProducts” Connect-homes are processed immediately by EMC Support, but may take a few hours to show in the above separate EMC reporting systems. If you cannot find your initiated connect-home event (after allowing sufficient time we recommend you open a Service Request verify receipt of your test connecthome EMC Secure Remote Services Pre-Site Checklist 11 Deploying customer EMC products to ESRS Virtual Edition Customer EMC Products a.k.a. ESRS End-Devices EMC® product type 12 Serial number Site ID (Party#) EMC Secure Remote Services Pre-Site Checklist IP address Product ESRS VE ports open Device Deployed and connectivity checked (Date) Final steps Final steps STEP Check the ESRS Virtual Edition GUI if an ESRS software update is available, apply any update. Note that the ESRS Docker Edition (ESRS DE) does not have this option. This is documented in the ESRS install and Operations Guide under “Downloading and applying updates”. ✓ Task If you are using the Policy Manager, then check to ensure that the Windows Task Scheduler is running and unrestricted, so that Policy Manager backups can occur. Notes and comments ✓ Task EMC Secure Remote Services Pre-Site Checklist 13 Notes and comments Copyright © 2017 EMC Corporation. All Rights Reserved. EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice. THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Use, copying, and distribution of any EMC software described in this publication requires an applicable software license. For the most up-to-date regulatory document for your product line, go to the Technical Documentation and Advisories section on the EMC Online Support Site (support.emc.com). For the most up-to-date listing of EMC product names, see EMC Corporation Trademarks on EMC.com. All other trademarks used herein are the property of their respective owners. 14 EMC Secure Remote Services Pre-Site Checklist
© Copyright 2025 Paperzz