To ESRS or not to ESRS that is the Question?

7 04 2012

So a few weeks ago some co-workers and I were discussing the benefits of the VNXe now capable of being connected through EMC Secure Remote Support.  There was the normal talk about is it really secure or do they just say that?  Well sit back and let me delve into why I think all customers with a maintainance contract for EMC should take advantage of this service heck you have already paid for it!

First, let me explain what ESRS is for those of you that do not know.  ESRS is a windows server( physical or virtual) that is setup in your environment and then has ESRS software loaded on it by typically EMC CE.  The reason it takes someone from EMC to be able to set this application up on the dedicated windows server is because it requires an RSA token to be able to talk with EMC’s network.  So more over why ESRS?  Well it designed to identify and resolve potential issues before they impact your operations, this is done around the clock.  ESRS ensures the fastest response to a potential issues should they arise, it also helps with the escalation process and utlimately lowers resolution time of any issue you might have with your systems.

Next you might say well I do not want just anyone coming into my system without my knowledge we have a lot of private information.  So EMC has improved drastically over version 1 of ESRS and also kept some of the same policies and rules in place too.  EMC provides multiple layers of security with ESRS, first is they use FIPS 140-2 validated cyrptography.  It also uses 256 AES bit encrption for it’s notifications to EMC.  Communication between your site and EMC is bi-laterally authenticated using RSA®.  Only authorized support personnel verified with two factor authentication can download the digitatl certificates necessary view notifications from your site.  Next you have certain policies you can use to allow EMC remote personnel into your  ESRS system.  Those are Always Allow, Never Allow and Ask for Approval.

  • Always Allow-  Allows for  authorized EMC personnel to establish remote connections without having to wait for authorization
  • Never Allow-  Let’s you deny access to EMC personnel to specific systems
  • Ask for Approval-  When you want to be asked to grant permission for remote access

So you still wonder is that enough?  Nope they also have auditing so you know who, what and when someone connects to your system.  I dare say that all the above is a lot more security policies and practices that most businesses have in place these days.

So how many ESRS systems do you need for your company.  Typically one will suffice remember you are security conscious so why have multiple ESRS systems.  OK OK… you say well what the heck can I monitor with this ESRS?

  • Atmos
  • Avamar
  • Brocade B-Series Switches
  • Celerra
  • Centera
  • Cisco Switches
  • Clariion  CX, CX3, CX4, and AX4-5
  • Connetrix
  • Disk Library DLM and EDL
  • Data Domain
  • GreenPlum
  • Invista
  • RecoverPoint
  • Symmetrix 8000, DMX, DMX-3, DMX-4 and VMAX
  • VNX
  • VNXe
  • VPLEX

This is pretty much the list I have found from EMC but if you do not see a system on here I am pretty sure that they will be working on getting it added into this list on next code releases.   So why do I really think this should be a no-brainer?  Simply put most people get tied up doing their daily jobs  and they get a alert for a failed drive or replication breaking and they are like I will do that right after this…  Then all of a sudden you get caught up doing this that and the other and all of a sudden you have another disk failure this time it’s on the same RAID 5 LUN.  Well that is no good but had you had ESRS EMC would have already been able to diagnose and deliver a new drive so you would have never experienced a hiccup like a double disk failure on a RAID 5 LUN.  Oh how about code upgrades on systems don’t you love sitting watching a webex while a technican does his thing and in the mean time you have had more fun watching paint dry.  With ESRS EMC has the ability to remote in and complete code upgrades remotely upon request.

Last thing to note…  How much does ESRS cost?  It is zero dollar when you purchase a piece of equipment that supports ESRS and you also purchase maintainance on your new system purchase.  So what happens if you purchased a system in the last year and you did not get your ESRS serial number.  So make sure you get your serial number within the first year of purchase and that you get it installed before the end of the first year they got to have some cutoff ya know.  Anyhow if you did not get it on your original purchase just contact your reseller or avenue you purchased your EMC product and ask them for Zero Dollar ESRS.  You should only need to provide them the order number and they should be able to get it authorized and sent to you promptly.  Once you get your serial number and you have your server ready for installation give EMC a call if they have not already contacted you about getting your ESRS setup.  Once this is done the CE will typically come on-site to set up the ESRS, sometimes they do it through webex just depends.  Well there you go all you wanted to know about ESRS!

Advertisements

Actions

Information

10 responses

27 05 2013
ethernuno

Thank you for taking the time to put this up. I am going to enter in a project this week which is an EMC ESRS, would appreciate if you can share some more materials.

Like

25 07 2013
Stacie Wallace, Jr

Hi, I’m an EMC CE in RIchmond VA. I wanted to mention something about the ESRS Serial: Just open an SR to install ESRS and a local CE has the ability to look up ESRS eligibility based on your Site ID(s).

As long as the new hardware and service contract were registered with EMC, we can verify status and promptly perform the install. A new software serial is generated during the actual installation, so the original serial is technically not needed.

Like

29 03 2014
girardsc

Stacie thanks for the clarification. Shortly after I posted this orignally I completed my beta partner training with EMC and indeed you can get it pretty easily. Which I found rather amusing because I remember back in the old modem days if you lost the serial it was an act of god to get a new one reissued.

Like

25 05 2014
cbuckmaster

When ESRS alerts EMS of something ‘significant’ how does can our service management tools also receive notification. A few reasons for this.. a) Significnt errors or event conditions in the infrastructure need to be recorded and tracked in our organisations service management tools either for action under the event management process or action undr the incident management process. Also if a third party is working on significnt errors or event conditions in the infrastructure there must be an awareness of this within our organitions service management system (people, tools, processes).
b) Secondly, EMC may need to contact our organisation (particularly if they are materially working on an issue) to gain further information on symptoms, check on impact and criticality, or for a range of other reasons. How do EMC reference the event notifications and/or cross reference the related incidents that may have been recorded bu users or other dependent technical areas?
c) How does our organisation keep records of EMC activites for audit trail (e.g. SOX compliance for databases).. how does EMC not become an element of the “shadow IT”?
d) If as EMC work on an issue following receipt of an ESRS alert and they make chanages to the infrastucture, how are these changes integrated with the change management proactices dictated by our organisations chanage management policy?
How do organisations deal with these issues?
d)

Like

13 06 2014
girardsc

a:) An alert is generated and goes to EMC and it in turns creates a ticket based on who is the POC for the Site for your company in EMC Database.
b:) All items are tracked through a SR in EMC’s ticketing system. Also with ESRS you can choose to implement a policy server too and with the policy server it will either let them have open access to ESRS or you have to provide approval before they initiate a connection to ESRS and you have to approve the connection in ESRS.
c:) You can track either via Tickets or you can request connection logs from EMC
d:) EMC has a very strict CCA process so if there is not a Ticket with the customer approving the change then a CCA cannot be completed and therefore no changes will be made

Like

4 09 2014
Ben Chused

Hi Jason, this is great! Looks like we both enjoy blogging about ESRS…

Here’s my comparison of ESRS to Shaquille O’Neal from EMC World 2013: http://bit.ly/1waeNXH

Here is an older blog where I compare ESRS to the Terminator: http://bit.ly/1tvY42Y

Any interest in touching base to discuss working with you as a reference for ESRS in EMC marketing material?

Like

4 09 2014
dynamox

something to consider is where you deploy ESRS gateway infrastructure (for shops with a lot of EMC gear). In my shop we run ESRS inside of Windows 2008 R2 virtual machines in vSphere 5.5. You can deploy multiple ESRS gateways for each site and they form an HA configuration. If one VM goes the other one still provides call-home/EMC access to that site’s devices. I purposely did not deploy these VMs on shared storage (VNX in our instance) because if you have any serious issues with your VNX, your VMs running ESRS might be unavailable as well and support will not be able to troubleshoot remotely. For that reason i deployed both of my VMs on local datastore inside of each ESX server. Since both ESRS VMs form an HA configuration, i am not worried if i lose one ESX server and that ESRS VM goes down with it.

Like

21 02 2015
girardsc

Wow Dynamox I apologize for whatever reason I did not see your response that you posted way back in SEPTEMBER! I wanted to say that yes you have a great point with having a HA pair of ESRS servers. It may seem like overkill but when you have multiple sites I lean on the fact that depending on how much EMC gear you have it may make sense to deploy ESRS at those particular sites. I have been working some with the new Virtual ESRS package that EMC has and I like it thus far. As I get more stick time with it maybe I will do a follow-up post on that appliance.

Like

27 04 2016
Nehemoth

Recent adquired a VNX, would like to install ESRS but now the product just came in a virtual manner, as we don’t have ESXi or Hyper-V, I’m wondering why EMC doesn’t allow me to install a software on a Windows server.

Like

27 04 2016
girardsc

Hey Nehemoth so on the VNXe 3200 I am pretty sure ESRS is built into it. In the upcoming Unity boxes ESRS will be built directly into the box. To answer your question for years they supported Windows actually was the preferred methodology. This was a huge pain because a EMC Professional Services engagement was required in order to deploy ESRS. For something that was Zero Dollar it got zero priority from what I saw as a customer and as a partner. EMC recognized this and spent a considerable amount of time and effort making it more consumable and repeatable. So they came out with the Virtual Edition since 98% of the Mid-Market and Enterprise has some sort of Virtualization footprint. Also this keeps a customer from having to burn a windows license just to host a management VM but using the VE of ESRS. The Virtual edition is Customer deployable, Partner deployable and EMC PS deployable. I have deployed it about a dozen times for my various customers and it has been stupid simple getting it deployed and getting items added into its inventory. The biggest portion is once the devices are added you need them approved by a EMC badged employee. This can be a Customer Engineer or there is a team based on your Geo to do that. Worse case engage your EMC rep and they can get you to the right person or simply open a SR and they can work it that way too. Hope this helps

Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s




%d bloggers like this: