Specifications
36
EMC Secure Remote Support Gateway for Linux Release 2.24 Operations Guide
Introduction
Device access
control
ESRS achieves remote application access to a process running on an
EMC storage device by using a strict IP and application
port-mapping process. You have complete control over which ports
and IP addresses are opened on your internal firewall to allow
connectivity. The remote access session connections are initiated by
an EMC Global Services request at the EMC Global Access Server and
through a pull connection by the Gateway Client. EMC never initiates
a connection to your Gateway Client or network. Your policies as set
in the ESRS Policy Manager determine if and how a connection is
established.
Device
configuration
access control
Once your devices are configured for ESRS management, you must
carefully control and monitor any changes to the configuration of the
managed device. For example, changing the configured IP address in
ESRS or changing the IP address of the storage device disables EMC's
ability to perform remote service on that device as well as the device’s
connect home capabilities. For this reason, ESRS requires that only
authorized EMC Global Services professionals are allowed to
approve the change for a managed device. Each device modification,
as well as the user ID of the EMC Global Services professional who
approved the change, is tracked in the EMC enterprise audit logs.
EMC enterprise
access control
Several security features are incorporated into the EMC enterprise.
For access, EMC Global Services professionals must be logged into
the EMC corporate network and must connect to the ESRS Enterprise
Application using RSA SecurID
®
two-factor authentication
technology. Only authorized EMC personnel can access the EMC
enterprise.