Rsm Security Considerations - IBM System Storage DS3500 Introduction And Implementation Manual
Hide thumbs
Also See for System Storage DS3500:
- Installation, user's, and maintenance manual (222 pages) ,
- Installation, user & maintenance manual (180 pages) ,
- Quick start manual (18 pages)
Table of Contents
Advertisement
7914RSM.fm
Under System Configuration, there are links at the top of the page that provide a summary
status of the RSM system. Depending on the status, various icons might be displayed to the
left of each link. The status values for each of these are as follows:
System:
– OK: Remote Support Manager is operating properly.
– Incomplete: One or more required configuration settings are missing or incorrect.
– Problem: There is a problem that is preventing correct operation.
Note: Reporting is disabled until all configuration problems are fixed.
Reporting:
– All Subsystems: Reporting is enabled for all configured subsystems.
– Standby: Reporting has been disabled for all subsystems.
– Partial: Reporting has been disabled for some but not all subsystems.
– Suspended: Reporting is not performed while a configuration problem exists.
– Storage Problem: A problem has been reported by one or more subsystems.
Firewall:
– Enabled:Closed: The firewall is enabled. Only connections required for reporting are
allowed.
– Enabled:Open: The firewall is enabled. Connections are open to one or more devices
being serviced.
– Enabled:Custom; The firewall is enabled. Only connections required for reporting and
permitted by the custom rules defined in /etc/rsm/rsm-firewall.conf are allowed.
– Disabled: The firewall is disabled. There are no restrictions on access to the networks
connected to the RSM.
Remote Access:
– Disabled: Modem answer and remote user login is disabled.
– Enabled: Modem is enabled and remote user login is allowed.
– Active: A remote user is logged into the system.
16.1.8 RSM security considerations
RSM for Storage controls security for remote access by managing the hardware and software
components of the server on which it is installed. Once installed, the server should be
considered a single purpose appliance for problem reporting and remote access support for
your storage subsystems; do not use it for other applications.
Remote access to your system has the following four layers of control:
The modem is configured to only answer when Remote Access is enabled by the RSM for
Storage software. Likewise, the SSH daemon is only allowed to respond to connection
attempts when Remote Access is enabled.
You can manually enable and disable remote access, or you can choose to have remote
access automatically enabled when a storage subsystem reports a problem. When remote
access is enabled, a timer is started that will automatically disable remote access when it
expires. You do not have to remember to make the system secure after service has been
completed.
500
IBM System Storage DS3500: Introduction and Implementation Guide
Draft Document for Review March 28, 2011 12:24 pm
Advertisement
Table of Contents
Troubleshooting
