Chapter 16. IBM Remote Support Manager for Storage
527
Draft Document for Review March 28, 2011 12:24 pm
7914RSM.fm
Remote Access also has a configurable timeout between 12 to 96 hours. You can manually
disable remote access when the service is complete or allow it to time out. After the timeout
period has elapsed, the system is guaranteed to return to a secure state without intervention.
To configure the timeout value, scroll down the Remote Access settings window, select the
desired timeout value, and click Update Timeout Value, as shown in Figure 16-32 on
page 526.
Internal firewall
RSM for Storage includes an internal firewall to limit the scope of access a remote user has to
your network. It also limits the IP destinations that can be accessed by local and remote users
of the system. The rules for inbound and outbound IP traffic that control the internal firewall
are managed dynamically by the RSM for Storage software.
The normal state for the firewall is Enabled:Closed, which means that the firewall is
operational and configured to allow SNMP traps to be received and e-mails to be sent;
however, access to other devices on your network is not allowed.
The Enabled: Custom state indicates that one or more custom rules have been added to
/etc/rsm/rsm-firewall.ibm.conf
. These rules will be active any time the firewall is
enabled.
The Enabled: Open state means that access to one or more other devices has been
enabled. The firewall allows access to any storage subsystem that has an active alert, and
also storage subsystems and other SAN devices that have been placed in Service Access
mode.
Service Access mode allows you to manually allow access to a device from the RSM for
Storage system. You can select storage subsystems that you have previously configured.
Disabling the firewall allows unrestricted access from the RSM for Storage system to your
network. To maintain the security of your network, disabling the firewall will also disables
remote access. Likewise, enabling Remote Access will automatically enable the firewall.
To manage the RSM internal firewall and service access of your managed storage
subsystems (and other SAN devices) from the Web interface, click Firewall on the Main
Menu, as shown in Figure 16-31 on page 524.
Note: You do not need to provide the rservice user ID password to IBM Service, because
IBM Service has an internal tool that provides the current rservice password. You only
need to provide passwords of your storage subsystems or your other SAN devices, if
required.
Note: Subsystems with active alerts are automatically allowed access from the Remote
Support Manager while the alert is active and do not need to be enabled for Service
Access.
Summary of Contents for DS3500
Page 2: ......
Page 5: ...iii Draft Document for Review March 28 2011 12 24 pm 7914edno fm ...
Page 789: ......