- Community Home
- >
- Services
- >
- Insight Remote Support
- >
- Re: ISEE without browser
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-05-2005 03:38 PM
тАО05-05-2005 03:38 PM
Secondly, to ensure ISEE connectivity with HP thru a firewall, what ports should be allowed?
Any info much appreciated.
Thx
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-06-2005 03:39 PM
тАО05-06-2005 03:39 PM
Re: ISEE without browser
/etc/opt/resmon/lbin/send_test_event -a sysstat_em
run this command on the server in question as root and notify HP that you are running this command for them to check that it reaches them.
The firewall question is more complicated. Here are a few questions we had for HP and their answers before we implemented our SPOP.
1. What steps are taken to "harden" the SPOP?
From a software perspective, the person who installs the OS can do whatever they need to as for a standard Windows system according to their internal company requirements ├в anti-virus, security tools, etc.
HP does not make recommendations as to additional security measures.
The SPOP protection depends largely on the Firewall. Communication is set up to/from specific sets of IP addresses.
2. Which web server is running on the SPOP?
IIS: Supports http 80 and https 443. http 80 listens for monitored client connections. https 443 listens for Map requests from HP.
Apache Tomcat: Supports https 8080 and http 2112. https 8080 supports guest connection for Map requests from HP. http 2112 is used internally and needs no external access capability.
3. Why aren't the MAP protocols tunneled via VPN?
The communication that goes back and forth between the SPOP and the content server is HTTPS. The engineer uses the VPN tunnel for Remote Access. Setting up the VPN is not automatic. It is user driven and requires user (real-time) authentication. Again, the VPN connection is user-based not system based. To use this for system access is not the purpose of the VPN. Since the communication associated with MAP requests and telemetry transfer is HTTPS, any gain realized by tunneling https via a VPN connection would be negligible.
MAP functionality was developed by Motive before Remote Access was developed by HP, thus they truly are independent. For the next release of ISEE MAP requests are pulled by the SPOP thus the inbound 443, 8080 requirements will be going away.
Today, MAPs will not work until we release an SPOP patch what will change the way MAPs are executed. Because of this, do not TCP 443 and 8080 through your firewall. Why open holes that can't/won't be used.
4. Would it be possible to tunnel http from the monitored client to the SPOP in the DMZ config via SSL?
The communication today from the client to the SPOP is HTTP. It is RSA encrypted then communicated via HTTP. This is built into the product. So at this point tunneling these types of communications is not supported nor planned.
Motive uses RSA technology to encrypt and protect connections from client to SPOP. This connection can be routed through a proxy.
At this point it would not be possible to modify Motive to use SSL.
5. Can we change the REP port to be something other then 3389?
Since this is built-in to Windows and we perform the connect to this port for any connections to the SPOP changing this would break the product. We could no longer perform the TS connection from HP to the SPOP. Currently, we do not "collect" or manage what the port is or could be. There is currently no plan to use anything but the standard port number.
6. Who provides the VPN software that resides on the SPOP?
HP uses the integrated into W2K; Routing and Remote Access service to implement L2TP/IPSec VPN connections.
Hope this helps
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-06-2005 11:42 PM
тАО05-06-2005 11:42 PM
Re: ISEE without browser
One way to test ISEE connectivity without a browser installed on the ISEE monitored server is to use telnet as follows:
strauss:/# telnet isee.americas.hp.com 80
Trying...
Connected to awtf907.external.hp.com.
Escape character is '^]'.
HTTP/1.1 400 Bad Request
Server: Microsoft-IIS/5.0
Date: Sat, 07 May 2005 11:11:41 GMT
Content-Type: text/html
Content-Length: 87
Connection closed by foreign host.
strauss:/#
There are other tools to test connectivity that are accessible only to HP folks; if you have access to HP internal sites contact me by company mail for more details.
The firewall port that must be opened for ISEE varies with ISEE architecture. The standard configuration requires port 80 be opened 'established' back. For the advanced configuration, which uses an SPOP (Support Point Of Presence) to forward the ISEE incidents from every ISEE Client in the enterprise to the HP Support Center, port 443 must be opened 'established' back.
Hope that answers your questions.
Take care,
frank
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-08-2005 07:08 PM
тАО05-08-2005 07:08 PM
Solutionyou can as well use the test scripts that ISEE provides, like /opt/hpservices/RemoteSupport/bin/iseeConnectivity.sh. If the test works that system will provide an ID to you (format: 123456789.1@
Regards
Frauke
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-09-2005 12:12 PM
тАО05-09-2005 12:12 PM
Re: ISEE without browser
Lastly, can someone please tell me the the different values possible for 'State' in the incident log (as mentioned by Frauke) and the meaning of each?
Eg If 9=closed, what do 0, 4, 5, etc mean?
Cant find anything in the HP doco on this one...