Scribd Logo
Upload

Welcome to Scribd!

  • 337 views

    3PAR RDA Network Document

    Uploaded by

    Golam
    A next generation transport layer (RDA) has been introduced that offers some enhanced performance, security, and high availability capabilities for the remote support connection. The remainder of this document contains the necessary instructions to ensure the Customer’s firewall will be configured to properly allow remote support connectivity to the HPE secure service architecture.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    3PAR RDA Network Document

    Uploaded by

    Golam
    337 views4 pages
    A next generation transport layer (RDA) has been introduced that offers some enhanced performance, security, and high availability capabilities for the remote support connection. The remainder of this document contains the necessary instructions to ensure the Customer’s firewall will be configured to properly allow remote support connectivity to the HPE secure service architecture.

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    A next generation transport layer (RDA) has been introduced that offers some enhanced performance, security, and high availability capabilities for the remote support connection. The remainder of this document contains the necessary instructions to ensure the Customer’s firewall will be configured to properly allow remote support connectivity to the HPE secure service architecture.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    337 views4 pages

    3PAR RDA Network Document

    Uploaded by

    Golam
    A next generation transport layer (RDA) has been introduced that offers some enhanced performance, security, and high availability capabilities for the remote support connection. The remainder of this document contains the necessary instructions to ensure the Customer’s firewall will be configured to properly allow remote support connectivity to the HPE secure service architecture.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 4

    Configuring Your Devices for HPE Call Home Support

    A next generation transport layer (RDA) has been introduced that offers some enhanced performance,
    security, and high availability capabilities for the remote support connection. The remainder of this
    document contains the necessary instructions to ensure the Customer’s firewall will be configured to
    properly allow remote support connectivity to the HPE secure service architecture.

    Configuring your StoreServ w/ DNS Support


    The simplest way to configure your 3PAR StoreServ device for remote support, and ensure an always
    connected solution is to enable DNS support. The remote support architecture relies on DNS load
    balancing to provide both capacity and high availability. Below are the DNS addresses used that allow
    connectivity to a set of secure load balanced Web connections and their underlying IP addresses.

    Note: The HPE.COM domain ( AXEDA/NGDC ) is changed in the following versions of the HPE 3PAR
    StoreServ SP.

    Version SP 4.4 MU1 SP 4.4 GA SP 4.3 MU3 SP 4.3 MU1 SP 4.3 GA SP 4.2 GA SP 4.1 MU2
    Patch P003 P002 P011 P009 P010 P006 P012

    AXEDA/NGDC

    Network Requirement Secure Network Mode


    HPE 3PAR Remote Support Portal. Your DNS server should allow storage-support.glb.itcs.hpe.com
    (legacy) to be resolved to:
    storage-support1.itcs.hpe.com (16.248.72.63)
    storage-support2.itcs.hpe.com (16.250.72.82)

    Revision 4.2 Oct, 2018


    RDA/Domino
    Compatible SP OS Network Secure Network Mode
    Requirement
    Your DNS server should allow host midway.ext.hpe.com (RDA) to
    be resolved to:
    From SP OS HPE 3PAR 2620:0:a13:100::108
    4.4.GA.58 with Remote 2620:0:a13:100::105
    Patch P006 Support Portal 2620:0:a13:100::109
    and above 2620:0:a12:100::109
    2620:0:a12:100::106
    15.203.174.95
    15.241.136.80
    15.241.48.251
    15.203.174.94
    15.241.48.100
    15.211.158.65
    15.241.48.252
    15.203.174.96
    15.241.136.208
    15.211.158.66

    In the event that DNS is not supported in you data center, the Service Processor can be configured to
    talk with the known set of IP addresses above. However, if DNS is not employed then only the new RDA
    transport layer that is being introduced will allow your device to seamlessly connect to a secondary data
    center in the event that the primary HPE support center experiences an outage. Your device can be
    upgraded remotely to connect to the new RDA transport layer.

    External Firewall Requirements


    The simplest way to configure your 3PAR Inserv device for remote support is to enable all outbound
    traffic on port 443. This configuration will support the ability to transfer support files to HPE and also
    allow HPE support technicians to securely connect to your device for remote support. The 3PAR device
    itself is only configured to talk to known HPE sites with valid SSL certificates. All communications to
    HPE remote support are facilitated using Hypertext Transfer Protocol Secure (HTTPS) over TLS 1.2. This
    ensures all communications to Hewlett Packard Enterprise are protected from malicious hackers. The
    TLS 1.2 protocol uses public key cryptography and mutual client and server authentication to provide
    confidentiality, message integrity, and authentication for traffic passed over the Web.

    In the event that all outbound traffic on port 443 cannot be configured then the following IP addresses
    and Ports need to be opened. Following this guide should allow the proper connectivity to HPE using

    Revision 4.2 Oct, 2018


    either the legacy transport layer or the next generation RDA transport layer.

    Note: Below are the compatible versions of the HPE 3PAR StoreServ SP for communication to
    AXEDA/NGDC:

    Version SP 4.4 MU1 SP 4.4 GA SP 4.3 MU3 SP 4.3 MU1 SP 4.3 GA SP 4.2 GA SP 4.1 MU2
    Patch P003 P002 P011 P009 P010 P006 P012

    AXEDA/NGDC
    Network
    Secure Network Mode
    Requirement
    Outbound Port 443 (https) to be opened (outbound) between Service Processor IP and the
    Connectivity following IP Addresses:
    (File transfer 16.248.72.63 - storage-support1.itcs.hpe.com
    from SP to 16.250.72.82 - storage-support2.itcs.hpe.com
    HPE)

    Inbound Port 443 (https) to be opened (outbound) between Service Processor IP and the
    Connectivity following IP Addresses:
    (Remote c4t18808.itcs.hpe.com (16.249.3.18)
    access from c4t18809.itcs.hpe.com (16.249.3.14)
    HPE to the c9t18806.itcs.hpe.com (16.251.3.82)
    SP) c9t18807.itcs.hpe.com (16.251.4.224)

    Note: HPE 3PAR StoreServ SP OS 4.4.GA.58 with Patch P006 and above are compatible for
    communication to RDA/Domino.

    Revision 4.2 Oct, 2018


    RDA/Domino
    Network
    Secure Network Mode
    Requirement
    Port 443 (https) to be opened (outbound) between Service Processor IP and the
    following IP Addresses:
    2620:0:a13:100::108
    2620:0:a13:100::105
    Outbound 2620:0:a13:100::109
    Connectivity 2620:0:a12:100::109
    (File transfer 2620:0:a12:100::106
    from SP to 15.203.174.95
    HPE) 15.241.136.80
    15.241.48.251
    15.203.174.94
    15.241.48.100
    15.211.158.65
    15.241.48.252
    15.203.174.96
    15.241.136.208
    15.211.158.66

    Port 443 (https) to be opened (outbound) between Service Processor IP and the
    Inbound following IP Addresses:
    Connectivity c4t18808.itcs.hpe.com (16.249.3.18)
    (Remote c4t18809.itcs.hpe.com (16.249.3.14)
    access from c9t18806.itcs.hpe.com (16.251.3.82)
    HPE to the c9t18807.itcs.hpe.com (16.251.4.224)
    SP)

    Additional Note: Service Processor-to-StoreServ Communication

    While not related to remote connectivity to HP-3PAR support portal, there are additional ports that
    must be opened between the StoreServ and the Service Processor:

     Port 22 (SSH) – Used for depositing and executing programmatically driven service scripts and
    for collecting an archive of diagnostic data (known as an InSplore).

     Port 5783 (CLI) – Used for gathering system health information, configuration data, and
    performance data.

     Port 5781 (Event Monitor) – Used for monitoring system events on the StoreServ.

    Additional Ports to be opened in customer’s network.

     Port 8443 - For Web/GUI access in SP 5.x versions.

    Revision 4.2 Oct, 2018

    You might also like