Support assistance
Support assistance enables support personnel to access the system to complete troubleshooting and maintenance tasks.
You can configure either local support assistance, where support personnel visit your site to fix problems with the system, or local and remote support assistance. Remote support assistance allows support personnel to access the system remotely from the support center. Both local and remote support assistance use secure connections to protect data exchange between the support center and system. All actions that are completed with support assistance are recorded for auditing purposes. Local support assistance must be configured before remote support assistance is enabled.
Local support assistance
When you enable local support assistance, you can specify the IP address or domain name for the support connections. When support personnel log on to the systems with local support assistance, they are assigned either the Monitor role or the Restricted Administrator role.
The Monitor role can view, collect, and monitor logs and errors to determine the solution to problems on the system.
The Restricted Administrator role gives support personnel access to administrator tasks to help solve problems on the system. However, this role restricts these users from deleting volumes or pools, unmapping hosts, or creating, deleting, or changing users.
Roles limit access of the assigned user to specific tasks on the system. Users with the service role can set the time and date on the system, delete dump files, add and delete nodes, apply service, and shut down the system. They can also view objects and system configuration settings but cannot configure, modify, or manage the system or its resources. They also cannot read user data.
Remote support assistance
With remote support assistance, support personnel can access the system remotely through a secure connection from the support center. However, before you enable remote support assistance between the system and support, you first need to configure local support assistance. You must have either Call Home with cloud services or Call Home with email notifications configured. For more information about Call Home, see Call HomeDuring system initialization, you can optionally set up a service IP address and remote support assistance. If you did not configure a service IP address, go to to configure a service IP for each node on the system. If you use a firewall to protect your internal network you can configure a remote proxy server to allow access.
To prevent connection errors, ports 22 and 443 must be configured to support the service IP addresses remote support assistance.
When you enable remote support assistance, you can specify either IP address or domain name for support. If you specify a fully qualified domain name, a DNS server must be configured on your system. To configure a DNS server for the system, select . You can also use the mkdnsserver command to configure DNS servers. In addition, you can define a shared-token that will be generated by the system and sent to the support center. If the system needs support services, support personnel can be authenticated onto the system with a challenge-response mechanism. Use the chsra command to enable remote support assistance on the system. After support personnel obtain the response code, it is entered to gain access to the system. Service personnel have three attempts to enter the correct response code. After three failed attempts, the system generates a new random challenge and support personnel must obtain a new response code.
Remote code load
Remote code load (RCL) is a service that allows remote support engineers to complete code updates on the storage system.
RCL is the process of having IBM® support personnel securely connect to and update the microcode on the storage system. The RCL service is the preferred code delivery method, which proves to be both efficient and secure for IBM clients. RCL is fast and easy to coordinate because it does not require an onsite visit of an IBM services technician.
Prerequisites
- Call home must be configured and functioning with a valid email server. To configure call home, select in the management GUI or through system setup.
- Service IP addresses must be configured on each node on the system. To configure service IP addresses, select in the management GUI.
- A DNS server must be configured on your system. To configure a
DNS server, select in the management GUI. Note: DNS of your local system should allow for local and remote servers. It should not be configured to allow only a single external DNS server like Google 8.8.8.8.
- You can configure your firewall to allow traffic to pass directly from the system or you can route traffic through an HTTP proxy server within your environment. For more information, see HTTP proxy server.
- With the addition of the HTTP proxy support, Remote Support Proxy servers are no longer necessary, but they are still fully supported for existing configurations. Optionally, a Remote Support Proxy can be configured to consolidate firewall traffic from a number of storage systems. Remote upgrades cannot be completed through the Remote Support Proxy server.
Firewall configuration
Configure support assistance
To configure support assistance, use the
panel in the management GUI.To configure support assistance using the command-line interface, see chsra commands.