Specifications
20
EMC Secure Remote Support Gateway for Linux Release 2.24 Operations Guide
Introduction
Communication to EMC
All outbound communication between the customer’s site and EMC
is initiated from the customer’s site by the Gateway Clients over port
443 and 8443. Using industry standard Secure Sockets Layer (SSL)
encryption over the Internet and an EMC-signed digital certificate for
authentication, the Gateway Client creates a secure communication
tunnel.
IMPORTANT
!
Port 8443 is not required for functionality, however without this
port being opened, there will be a significant decrease in remote
support performance, which will directly impact time to resolve
issues on the end devices.
Gateway Clients use industry-accepted bilateral authentication for
the EMC servers and the Gateway Clients. Each Gateway Client has a
unique digital certificate that is verified by EMC whenever a
Gateway Client makes a connection attempt. The Gateway Client
then verifies EMC's server certificate. Only when the mutual SSL
authentication passes does the Gateway Client transmit messages to
EMC, securing the connection against spoofing and
man-in-the-middle attacks.
The Gateway Clients use the SSL tunnel to EMC to perform the
following functions:
◆ Heartbeat polling
◆ Remote notification
◆ Remote access
Each relies on the SSL tunnel, but communication processes and
protocols within the tunnel vary by function. Each function is
discussed in the following sections.
Heartbeat polling Heartbeat polling is described in the following sections:
◆ “To EMC by the Gateway Client” on page 20
◆ “To EMC devices managed by the Gateway Client” on page 21
To EMC by the Gateway Client
The heartbeat is a regular outbound communication, at a default
interval of 30 seconds, from the Gateway Clients to the EMC
enterprise. Each heartbeat contains a small datagram that identifies