Remote support

This section answers questions that are related to remote support in IBM Fusion HCI.

  1. When would be a service node available for remote connection?

    The IBM support engineer able to connect to the service node only when the remote support connection is enabled by IBM Fusion administrator.

  2. Is IBM support engineer authorized to view and connect to a customer environment?
    Yes, access control is managed by the w3 Blue groups. So, the IBM support engineers who are part of the IBM Fusion remote support Blue group can view the available systems and connect to it.
  3. Is remote support connection process secured?
    Yes, after the remote support connection is enabled, it creates a secure channel between the service node and remote support connection servers. IBM support engineers can connect to servers using remote support controller application. In such a way, all the actions performed by the IBM Support engineer will be routed through the secured channel.
  4. Is there any second layer of authentication for remote support connection?
    Yes, second layer authentication exists. After SSR is connected to the customer network using remote connection, they need to log in to the service node via CLI and complete the challenge response authentication. The service node generates a challenge and that needs to obtain corresponding response from the another server which is managed using Blue groups. The challenge response validation is a combination of IBM support engineers ID and serial number of the service node.
  5. Can i terminate ongoing remote support session?
    Yes, as soon as the remote support connection is turned off from the customers end, then all active connections will be terminated.
  6. What customer data is used by the remote support session?
    The remote support session is used to support customer storage devices reporting active support issues. It collects personal information such as name, customer organization name and email address which is then be stored in the application database and log files. This information is used to allow IBM support personnel to identify the devices require support and the contact information of the user Is responsible for the system should remote attempts at resolution should fail.

    The contact information is stored in the database and log files and is only accessible to IBM support personnel with a legitimate business need.

  7. Which ports are used for remote support session connectivity
    All remote support session communication happens through a secured https port 443.
  8. How are switch and node accessed by IBM support representative?
    After logging in to the service node, customer need to provide the credentials of the switch or node that the IBM support representative wants to log in
  9. How to log in to the OpenShift® Container Platform?
    Similar to nodes and switches, IBM support engineer needs to get the OpenShift Container Platform log in credentials from the customer.
  10. what level of access does a remote support engineer have on a service node?
    On service node, support engineer gets non sudo Linux user. The level of access for the OpenShift is in hands of the customer.
  11. what happens if a service engineer credentials get compromised?
    Only clients who have enabled a remote support session gets impacted. At maximum intruder will be able to login to the service node. Further accesses requires customer to explicitly share more credentials.
  12. How can I request audit logs for the previous IBM support remote sessions?
    Yet to get inputs.