Visitors

EMC Secure Remote Support (ESRS) firewall configuration

OK, you have been tasked to configure firewall to allow ESRS server(s) to connect to EMC servers. Here is the diagram for you:

EMC Secure Remote Support (ESRS) firewall configuration

Any firewall admin, of course, will not be happy to open ports 443 and 8443 to all servers on the Internet. OK, here is the list of EMC servers’ host names, IP addresses and port numbers you need to open the connections to:

Source Destination IP address Ports
ESRS IP Gateway
Server(s)		 esrgweprd01.emc.com 128.221.204.210 443 8443
esrgweprd02.emc.com 128.221.204.211 443 8443
esrgweprd03.emc.com 128.221.204.213 443 8443
esrghoprd01.emc.com 168.159.209.11 443 8443
esrghoprd02.emc.com 168.159.209.12 443 8443
esrghoprd03.emc.com 168.159.209.13 443 8443
esrgscprd01.emc.com 137.69.120.170 443 8443
esrgscprd02.emc.com 137.69.120.171 443 8443
esrgscprd03.emc.com 137.69.120.172 443 8443
esrgckprd01.emc.com 152.62.177.11 443 8443
esrgckprd02.emc.com 152.62.177.12 443 8443
esrgckprd03.emc.com 152.62.177.13 443 8443
esrgspprd01.emc.com 152.62.45.11 443 8443
esrgspprd02.emc.com 152.62.45.12 443 8443
esrgspprd03.emc.com 152.62.45.13 443 8443
esrs-core.emc.com 128.221.192.14 443
esrs-coredr.emc.com 168.159.218.21 443
esrs.emc.com 128.221.192.13 443
esrs-dr.emc.com 168.159.218.20 443

For the full list of ports that need to be configured for ESRS please refer to ‘Secure Remote Support IP Solution Port Requirements’ article on EMC Powerlink website. Also see Primus emc238467, “What IP addresses are used by the EMC Secure Remote Support IP Solution.” You can access this Primus at knowledgeBase.emc.com.

Home > Support > Technical Documentation and Advisories > Software ~ S ~ Documentation > Secure Remote Support > Secure Remote Support IP Solution (ESRS 2): > Installation/Configuration

UPDATE:

Although this blog post is more than three years old, it still gets a lot of hits which proves that people are still interested in firewall configuration for ESRS. Since the release of ERSR VE (see this post for details), the ESRS IP Gateway and Policy Manager are customer installable. When you configure ESRS VE, you can check if it can connect to the EMC ESRS infrastructure and reconfigure firewall rules if required.

Here is the list of Servers / IP Addresses / ports ESRS VE connects to:

Host Name IP Address Ping Time(ms) Ping Status Port 443 Port 8443 Ping Channel
esrghoprd01.emc.com 168.159.209.11 4281  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green Bypass proxy for error
esrghoprd02.emc.com 168.159.209.12 4286  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green Bypass proxy for error
esrghoprd03.emc.com 168.159.209.13 4283  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green Bypass proxy for error
esrgweprd01.emc.com 128.221.204.210 4288  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green Bypass proxy for error
esrgweprd02.emc.com 128.221.204.211 4279  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green Bypass proxy for error
esrgweprd03.emc.com 128.221.204.213 4287  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green Bypass proxy for error
esrgckprd01.emc.com 152.62.177.11 4293  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green Bypass proxy for error
esrgckprd02.emc.com 152.62.177.12 4278  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green Bypass proxy for error
esrgckprd03.emc.com 152.62.177.13 4292  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green Bypass proxy for error
esrgscprd01.emc.com 137.69.120.170 4289  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green Bypass proxy for error
esrgscprd02.emc.com 137.69.120.171 4269  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green Bypass proxy for error
esrgscprd03.emc.com 137.69.120.172 4292  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green Bypass proxy for error
esrgspprd01.emc.com 152.62.45.11 4272  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green Bypass proxy for error
esrgspprd02.emc.com 152.62.45.12 4299  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green Bypass proxy for error
esrgspprd03.emc.com 152.62.45.13 4297  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green Bypass proxy for error
esrs.emc.com 128.221.192.13 997  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green NA Through proxy
esrs-core.emc.com 128.221.192.14 847  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green NA Through proxy
esrs-dr.emc.com 168.159.218.20 1293  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green NA Through proxy
esrs-coredr.emc.com 168.159.218.21 777  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green NA Through proxy

Hope this help.

By Mark Strong, on May 15th, 2012 | Tags: , , | Category: Storage | 3 comments

HOW TO: Restart Unisphere Management Server

Restarting the Management Services should clear up any Unisphere UI issues or any discrepancies between Unisphere UI and Unisphere CLI.

Restarting the Management Services is a non disruptive task and can be perform without a downtime.

Note: This procedure  must be performed on both Storage Processors to be effective!

  1. Open a web browser and go to https://SP_IP_or_FQDN/setup, where ‘SP_IP_or_FQDN’ is Storage Processor’s IP address or the host name
  2. Login with ‘sysadmin’ user account and password or any other account with administrator privileges
    Click Submit.
  3. You will see Storage Processor’s Network Configuration page:
  4. Scroll down the page
    Click ‘Restart Management Server‘ button
  5. From the Restart Management Server screen, confirm whether or not you want to restart the Management Server. If you select Yes, the Management Server will stop and restart in the node.
    Click Submit.
  6. This breaks the connection of the web page to the Management Server. You can reconnect to the Management Server later. Note: This can take up to 10 minutes.
  7. Once the first Service Processor reboot has occurred and you are able to log back into that Service Processors’ Web Services then proceed to the second Service Processor.
By Mark Strong, on May 15th, 2012 | Tags: , , | Category: Storage | 5 comments

Uninstall EMC ESRS-IP Policy Manager from a Windows Server 2008

Here is what you need to perform clean uninstall of EMC ESRS-IP Policy Manager from a Windows Server 2008:

  1. Uninstall EMC ESRS-IP Policy Manager from Control PanelPrograms and Features;
  2. Open regedit.exe and delete these two keys in their entirety:
    • HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesESRS2PS
    • HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesOpenDS
  3. Reboot the server;
  4. Delete <install_drive>:EMCESRSPolicy Manager folder
By Mark Strong, on May 15th, 2012 | Tags: , | Category: Storage | Leave a comment
« Newer Entries