Sei sulla pagina 1di 3

Configuring Your Devices for HPE Call Home Support

The connection from your StoreServ to the HPE Secure Service Architecture (Remote Support/Call Home) is being moved from remote3par.houston.hp.com to storage-support.glb.itcs.hpe.com to align with the new company, Hewlett Packard Enterprise.

In addition, a next generation transport layer (RDA) is being introduced later this year (2016) that offers some enhanced performance, security, and high availability capabilities for the remote support

connection.

Customer’s firewall will be configured to properly allow remote support connectivity to the HPE secure

service architecture.

The remainder of this document contains the necessary instructions to ensure the

Configuring your StoreServ w/ DNS Support

The simplest way to configure your 3PAR StoreServ device for remote support, and ensure an always

connected solution is to enable DNS support.

balancing to provide both capacity and high availability. Below are the DNS addresses used that allow

connectivity to a set of secure load balanced Web connections and their underlying IP addresses.

The remote support architecture relies on DNS load

Network Requirement

Secure Network Mode

Your DNS server should allow

(1)

storage-support.glb.itcs.hpe.com (legacy) to be resolved to:

storage-support1.itcs.hpe.com (16.248.72.63) or storage-support2.itcs.hpe.com (16.250.72.82).

(2)

host midway.ext.hpe.com (RDA) to be resolved to:

15.203.174.94

15.241.152.51

15.241.152.50

15.241.136.80

15.241.52.60

15.241.52.59

15.203.174.96

15.241.48.100

15.211.158.66

15.211.158.65

HPE 3PAR Remote Support Portal.

In the event that DNS is not supported in you data center, the Service Processor can be configured to

talk with the known set of IP addresses above.

transport layer that is being introduced will allow your device to seamlessly connect to a secondary data

center in the event that the primary HPE support center experiences an outage. Your device can be upgraded remotely to connect to the new RDA transport layer once this functionality comes online.

However, if DNS is not employed then only the new RDA

Revision 4.2

May, 2016

External Firewall Requirements

The simplest way to configure your 3PAR Inserv device for remote support is to enable all outbound

traffic on port 443.

allow HPE support technicians to securely connect to your device for remote support.

itself is only configured to talk to known HPE sites with valid SSL certificates.

HPE remote support are facilitated using Hypertext Transfer Protocol Secure (HTTPS) over TLS 1.2. This ensures all communications to Hewlett Packard Enterprise are protected from malicious hackers. The TLS 1.2 protocol uses public key cryptography and mutual client and server authentication to provide

confidentiality, message integrity, and authentication for traffic passed over the Web.

This configuration will support the ability to transfer support files to HPE and also

The 3PAR device

All communications to

In the event that all outbound traffic on port 443 cannot be configured then the following IP addresses and Ports need to be opened. Following this guide should allow the proper connectivity to HPE using either the legacy transport layer or the next generation RDA transport layer.

Network

Requirement

Outbound Connectivity (File transfer from SP to HPE)

Secure Network Mode

Port 443 (https) to be opened (outbound) between Service Processor IP and the following IP Addresses:

16.248.72.63

16.250.72.82

15.203.174.94

15.241.152.51

15.241.152.50

15.241.136.80

15.241.52.60

15.241.52.59

15.203.174.96

15.241.48.100

15.211.158.66

15.211.158.65

- storage-support1.itcs.hpe.com

- storage-support2.itcs.hpe.com

Port 443 (https) to be opened (outbound) between Service Processor IP and the following IP Addresses:

c4t18808.itcs.hpe.com (16.249.3.18) c4t18809.itcs.hpe.com (16.249.3.14) c9t18806.itcs.hpe.com (16.251.3.82) c9t18807.itcs.hpe.com (16.251.4.224) g4t2481g.houston.hp.com (15.201.200.205) g4t2482g.houston.hp.com (15.201.200.206) g9t1615g.houston.hp.com (15.240.0.73) g9t1616g.houston.hp.com (15.240.0.74)

Inbound Connectivity (Remote access from HPE to the SP)

Revision 4.2

May, 2016

Additional Note: Service Processor-to-StoreServ Communication

While not related to remote connectivity to HP-3PAR support portal, there are additional ports that must be opened between the StoreServ and the Service Processor:

Port 22 (SSH) Used for depositing and executing programmatically driven service scripts and for collecting an archive of diagnostic data (known as an InSplore).

Port 5783 (CLI) Used for gathering system health information, configuration data, and performance data.

Port 5781 (Event Monitor) Used for monitoring system events on the StoreServ.

Revision 4.2

May, 2016