IBM System Storage DS8000

Remote Support Overview

© Copyright IBM Corporation 2014 1

Applicable Products
Product: IBM DS8870
Product Version(s): 87.x.x.x

Product: DS8800
Product Version(s): 86.x.x.x

Product: DS8700
Product Version(s): 75.x.x.x, 76.x.x.x

Product: IBM DS8100 / DS8300

Product Version(s): 6.1.x.x, 6.2.x.x, 62.x.x.x, 63.x.x.x, 64.x.x.x

Remote Support Overview

Table of Contents
Trademarks ..................................................................................................................... 1
1.0 Overview ................................................................................................................. 2
2.0 Remote support planning considerations ................................................................ 3
2.1 IBM Policies for Remote Support .................................................................... 3
2.2 IBM Remote support benefits .......................................................................... 3
2.3 Call Home ....................................................................................................... 4
2.4 Hardware service information (Heartbeat and VPD) ....................................... 4
2.5 Optional client event notifications .................................................................... 5
2.6 Data offload ..................................................................................................... 5
2.7 Remote access ............................................................................................... 5
3.0 Connection options & security features ................................................................... 6
3.1 Remote Connectivity Options .......................................................................... 6
3.2 IBM Assist On-Site (Inbound remote access only connection) ........................ 7
3.3 VPN (IPSec) only ............................................................................................ 7
3.4 Modem and VPN ............................................................................................. 8
3.5 Modem only..................................................................................................... 8
3.6 No connections ............................................................................................... 8
Appendix: Additional publications and resources ............................................................ 9

© Copyright IBM Corporation 2014

Trademarks
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of IBM
Corporation in the United States, other countries, or both. These and other IBM
trademarked terms are marked on their first occurrence in this information with the
appropriate symbol (® or ™), indicating US registered or common law trademarks
owned by IBM at the time this information was published. Such trademarks may also be
registered or common law trademarks in other countries. A current list of IBM
trademarks is available on the Web at http://www.ibm.com/legal/copytrade.shtml.

The following terms are trademarks of other companies:

Linux is a registered trademark of Linus Torvalds in the United States, other countries,
or both.

Other company, product, or service names may be trademarks or service marks of

others.

© Copyright IBM Corporation 2014 1

1.0 Overview
IBM® highly encourages you to take advantage of IBM Call Home and all its related
features to allow you and IBM to partner for your success. Call Home is a support
function embedded in all storage products. By enabling Call home, the health and
stability of your system is monitored every hour of every day throughout the year by the
industry’s top troubleshooting specialists at IBM support. As an IBM client, the Call
Home service will effectively provide you with reduced risk over an un-monitored system
by alerting you of a system defect through My Notifications, automatically opening a
Problem Management Record (PMR), and ultimately, decreasing system downtime
through faster problem determination and resolution. Continuing reading for a detailed
explanation of IBM Call Home and other remote support tasks, available connection
options, unique features, and instructions for configuring and maximizing the potential of
this preventative maintenance feature.

Remote Support Overview 2

2.0 Remote support planning considerations
IBM is committed to delivering all service in a professional and secure manner. Planned
service activities such as machine installation, hardware upgrades, and microcode
upgrades typically do not require assistance from the next level of support. Failures are
reported to the Remote Support Center when Call Home is enabled. PMRs are
automatically updated by a knowledge-based system, which searches for known
problems or service exceptions for the reported problem. In addition to the on-site
System Service Representative, Remote Support is a key element in the product
support strategy. There are four features of Remote Support that need consideration.
 Call Home
 Heartbeat
 Data Offload
 Remote Access

These functions collectively automate problem reporting, make problem determination

significantly more efficient, and help IBM to proactively search for problems. Secure
high speed internet connections are recommended to optimize all these Remote
Support features.
2.1 IBM Policies for Remote Support
The following guidelines are at the core of IBM remote support strategies for the
DS8000®:
 When the DS8000 needs to transmit service data to IBM, only logs and process
dumps are gathered for troubleshooting. The host input/ouput (I/O) adapters and
the contents of Nonvolatile Storage (NVS) cache memory are never transmitted.
 When an Assist On-Site (AOS) or Virtual Private Network (VPN) session with the
DS8000 is needed, the Hardware Management Console (HMC) will always
initiate such connections and only to predefined IBM servers/ports. There is
never any active process that is “listening” for incoming sessions on the HMC.
 IBM maintains multiple-level internal authorizations for any privileged access to
the DS8000 components. Only approved IBM service personnel can gain access
to the tools that provide the security codes for HMC command-line access.
 Although the HMC is based on a Linux operating system, IBM has disabled or
removed all unnecessary services, processes, and IDs.
2.2 IBM Remote support benefits
Security is a critical issue for companies worldwide. Having a secure infrastructure
requires systems to work together to mitigate the risk of malicious activity from both
external and internal sources. Any connection from your network to the public Internet
raises the following security concerns:
 Infection by viruses
 Intrusion by hackers
 Security challenge for authentication of the remote users to access your machine
when a remote connection is opened

© Copyright IBM Corporation 2014 3

Remote access support can help to greatly reduce service costs and shorten repair
times, which in turn lessens the impact of any failures on your business. Using IBM
security access provides a number of advantages designed to help you save time and
money and efficiently solve problems.

Here are just a few of the benefits you can realize:

 Faster problem solving
You can contact technical experts in your support region to help resolve
problems on your DS8000 without having to wait for data such as logs, dumps,
and traces. As a result, problems can be solved faster.
 Connection with a worldwide network of experts
IBM technical support engineers can call on other worldwide subject experts to
assist with problem determination. These engineers can then simultaneously
view the DS8000 HMC.
 Closer monitoring and enhanced collaboration
You can monitor the actions taken on your HMC and join conference calls with
the IBM support engineers to discuss the next steps as the problem
determination and resolution process proceeds.
 Save time and money
Many of your problems can be solved without IBM ever having to send an
engineer to your site.
2.3 Call Home
The IBM Call Home function automatically notifies IBM of any problem detected on the
storage system. Upon detection of a hardware or software error code, IBM Call Home
transmission protocol notifies IBM support of the detected defect. The function then
opens a one-way communication from the Hardware Management Console (HMC) to
IBM support in order to automatically open a Problem Management Record (PMR) and
transmit non-sensitive, defect-related information for diagnostic purposes. This data
contains preliminary diagnostic information such as descriptive error codes, machine
type, model and serial number of the impacted system, and current microcode. IBM
support has a knowledge system that checks each Call Home record for known problem
resolutions or know service exceptions and automatically updates the PMR with
required actions. Acquisition of this data often alleviates the prerequisite data collection
necessary in traditional troubleshooting methods, allowing IBM support to provide you
with more effective troubleshooting.
2.4 Hardware service information (Heartbeat and VPD)
IBM Call Home on the DS8000 for heartbeat and Vital Product Data (VPD) are separate
from Call Home for problem reporting. Heartbeat and VPD can be enabled to transmit
proactive inventory, configuration and code level information to IBM. The Heartbeat is a
one-way connection from the HMC to IBM support and verifies the Call Home
connections. VPD contains basic product information so that IBM can proactively
identify machines exposed to known issues. IBM highly recommends enabling
Heartbeats for every 7 days and VPDs for every 14 days.

Remote Support Overview 4

2.5 Optional client event notifications
A client can receive notifications from the HMC through Simple Network Management
Protocol (SNMP) traps and email messages. These alerts are related to Call Home
transmissions, client only notifications for things like PPRC link failures, Key Server
communication errors, and other general events that do not generate a Call Home.
Clients will be notified of Call Home events if SNMP or email notification is enabled by
the IBM service representative. Clients will additionally need to use DS8000 Command-
line Interface (DSCLI) to enable notification of events such as PPRC path failures or
Key Server communication failures.
2.6 Data offload
For some problems affecting the DS8000, a large amount of diagnostic data is required.
PE Packages, StateSaves, On Demand Data Dump (ODD) or other types of data must
be off-loaded for IBM support to analyze. This data can include text and binary log files,
firmware dumps, memory dumps, inventory lists and timelines which are grouped into
collections based on the component that generated them or the software service that
owns them. The HMC is a focal point in gathering and storing data packages and must
be offloaded from the HMC for transmission to IBM support. The data offload can be
completed in the following ways:
 Secure Sockets Layer (SSL) Offload
 VPN (IPSec) Offload
 Standard FTP Offload
 Modem Offload

By sending this diagnostic information to IBM with a high speed connection, authorized
support personnel are able to quickly identify problems and develop an action plan for
problem resolution giving you more effective support sessions and ultimately, an overall
reduction in time to resolution. For more information regarding the data offload
procedure for each connection type, please reference Section 17.5.2 in the IBM System
Storage DS8000: Architecture and Implementation Redbook, which can be accessed
from the link below.
IBM System Storage DS8000: Architecture and Implementation Redbook
2.7 Remote access
Remote Support representatives can access the DS8000 remotely to assess the
machine state and perform problem determination when Call Home reports a problem.
Remote access also allows the Remote Support representative to collect any problem
data that is required for complete analysis. Certain action plans can be completed by
the Remote Support representative without waiting for a System Service
Representative.
There are three remote access methods: modem, VPN and AOS. Each of these access
methods can be controlled (enabled) by the client. AOS is embedded on the HMC of
DS8870 beginning with release 7.1. This is IBM’s recommended access method.

© Copyright IBM Corporation 2014 5

3.0 Connection options & security features
The DS8000 offers multiple connection options to provide compatibility with each
client’s unique IT environment. The following options permit an available outside
connection from the HMC to IBM support to allow notification of a detected error, allow
remote access for problem determination, and allow the transmission of important
diagnostic data.
 AOS
 VPN only
 Modem and IP Network with Traditional VPN
 Modem only
 No Connection
3.1 Remote Connectivity Options
There are options used for inbound connections and for outbound connections. The
benefits and drawbacks of the various connection types can be found below. Service
activities referenced include problem reporting, debug data offload, and remote access.
Note that enabling multiple connection options is allowed and provide redundancy.

Table 1: Remote support inbound connectivity comparison

Connectivity
Pros Cons Comments
Options
-SSL Security -Installation and AOS is the IBM
-Secure attended and configuration with IBM recommended connection
AOS
unattended sessions Support is required method for remote access
(IBM
-Economical connectivity due to its capability to
Recommended)
solution provide more secure
-Easy installation connectivity sessions.
-Fast debug data transfer -Can be difficult to Generally the best option
to IBM implement in some & could be the only option
-Supports all service environments enabled; However; use
VPN Internet
activities -Does not allow you to modem as backup and for
inspect packets initiating remote access
sessions.
-Supports all service -Extremely slow debug Might be the only option
activities data transfer to IBM enabled.
Modem
-Allows IBM to remotely
initiate an outbound VPN

Remote Support Overview 6

Table 2: Remote support outbound connectivity comparison
Connectivity
Pros Cons Comments
Options
-Fast debug data transfer to Does not support To support remote access,
IBM remote access. at least one of the following
Internet -Supports problem reporting must be enabled as an
(SSL) -For various reasons (i.e. adjunct: VPN, Internet or
proxying), SSL is easier to Modem.
implement than VPN
-Fast debug data transfer to -Can be difficult to Generally the best option &
IBM implement in some could be the only option
-Supports all service activities environments enabled; However; use
VPN Internet
-Does not allow you modem as backup and for
to inspect packets initiating remote access
sessions.
-Fast debug data transfer to Does not support To support all service
IBM problem reporting or activities, at least one of the
FTP -Allows proxying remote access. following must be enabled
as an adjunct: AOS, VPN,
or modem.
-Supports all service activities -Extremely slow Might be the only option
Modem -Allows IBM to remotely initiate debug data transfer enabled.
an outbound VPN to IBM
3.2 IBM Assist On-Site (Inbound remote access only connection)

This is the IBM recommended network connection for remote access.

IBM Assist On-Site (AOS) is an IBM Tivoli® software that allows an SSL secure session
for IBM support to remotely connect to a client’s IBM storage device for diagnostic
purposes. IBM support representatives use the powerful suite of tools accessible by
AOS for problem determination. Support engineers can quickly complete problem
analysis and take appropriate corrective action. It should be noted that AOS cannot be
used to transmit a Call Home signal or data offload, and is strictly a tool to allow remote
access in a secure environment.

It should be noted that the IBM DS8870 has AOS installed on the HMC upon purchase.
AOS will be configured upon installation, or at a later date upon request, by the SSR
assisting on location. The IBM DS8300, IBM DS8700 and IBM DS8800 require the
external AOS gateway to be configured by the client upon installation. The client is also
responsible for administration tasks on the AOS such as opening the port for connection
availability when a problem occurs.
3.3 VPN (IPSec) only
A VPN connection can be established between a client network and IBM support
through the HMC. VPN only connections are used for Call Home, Heartbeat, data
offload, and remote access. Data is verified for authenticity and integrity. The
transmission is encrypted so that even if it is captured en-route, it cannot be “replayed”
or deciphered. For security purposes, there is no VPN service that “listens”, waiting for a
connection to be made by IBM. Only the HMC is allowed to initiate the VPN tunnel, and
it can be made only to predefined IBM addresses.

© Copyright IBM Corporation 2014 7

While it is possible to use a VPN over modem connection for remote access, the
bandwidth of this connection is insufficient for data offload purposes.
3.4 Modem and VPN
A modem creates a low-speed asynchronous connection using a telephone line plugged
into the HMC modem port. This connection type is relatively secure because the data is
not traveling across the Internet. Due to bandwidth limitations, transferring large
amounts of data can take a significant amount of time and depend on the average
connection speed. IBM support remote access to the HMC through a modem
connection enables Service engineers to provide problem determination assistance.

Using modem and VPN does provide redundant Call Home paths, modem and VPN
internet with SSL. This redundancy requires a phone line and a network connection to
the HMC.
3.5 Modem only
A modem creates a low-speed asynchronous connection that is relatively secure
because the data is not traveling across the internet. Due to bandwidth limitations, this
connection may not be suitable for data offload. Inbound connectivity to the modem can
be set to unattended mode, where the modem will answer a request without
intervention. Inbound connectivity can also be set to attended mode, where you or the
SSR must enable the modem before a connection can be made. There are also
temporary connection enable settings you can control including the scheduled date,
time and duration.
3.6 No connections
In environments when outbound connections are forbidden, it is important to
understand the implications to DS8000 support. The following list highlights these
implications.
 Call Home and Heartbeat
The HMC will not transmit a Call Home or heartbeat signal under any
circumstances. IBM support will need to be notified at the time of installation to
add an exception for this DS8000 in the heartbeat database, indicating that it is
not expected to contact IBM. Since there is no Call Home customer notification of
problems must be enabled.
 Data offload
If absolutely required and allowed by the client, diagnostic data can be burned
onto a removable media, transported to an IBM facility and uploaded to IBM
support resources for diagnostic purposes.
 Remote access
IBM cannot provide any remote support for this DS8000. All diagnostic and repair
tasks must take place with an operator physically located at the console.

Remote Support Overview 8

Appendix: Additional publications and resources
How to access IBM Redbooks publications
You can search for, view, or download IBM Redbooks® publications, Redpaper™
publications, Hints and Tips, draft publications and Additional materials, as well as order
hardcopy IBM Redbooks publications or CD-ROMs, at this website:

www.ibm.com/redbooks

IBM Redbooks publications

For information about ordering these publications, see “How to Access IBM Redbooks
Publications” above. Note that some of the documents referenced here might be
available in softcopy only.

Title Description Order Number

DS8800 and DS8700 This publication provides an overview of the V6.3 GC27-2297-09
Introduction and Planning product and technical concepts for DS8800 V6.2 GC27-2297-07
Guide and DS8700. It also describes ordering
features and how to plan for installation and
V6.1 GC27-2297-05
initial configuration of the storage system. V6.0 GC27-2297-03
DS8870 Introduction and This publication provides an overview of the V7.3 GC27-4209-09
Planning Guide product and technical concepts for the V7.2 GC27-4209-08
DS8870. It also describes the ordering
features and how to plan for an installation
V7.1 GC27-4209-05
and initial configuration of the storage system. V7.0 GC27-4209-02
DS8870 Architecture and This publication describes the concepts, V7.3 SG24-8085-03
Implementation architecture, and implementation of the V7.2 SG24-8085-02
DS8870. This book provides reference
information to assist readers to need to plan
for, install, and configure the DS8870.
DS8000 Command-Line This publication describes how to use the V7.3 GC27-4212-03
Interface User’s Guide DS8000 command-line interface (DS CLI) to V7.2 GC27-4212-02
manage DS8000 configuration and Copy
Services relationships, and write customized
V7.1 GC27-4212-01
scripts for a host system. It also includes a V7.0 GC27-4212-00
complete list of CLI commands with V6.3 GC53-1127-07
descriptions and example usages.
Host Systems This publication provides information about V7.2 GC27-4210-02
Attachment Guide attaching hosts to the storage system. You V7.1 GC27-4210-01
can use various host attachments to
consolidate storage system capacity and V7.0 GC27-4210-00
workloads for open systems, System z®, V6.3 GC27-2298-02
S/390® hosts.

Other Publications
These publications are also relevant as further information sources. Note that some of
the documents referenced here might be available in softcopy only.
 System Storage Productivity Center Software Installation and User’s Guide,
SC23-8823

© Copyright IBM Corporation 2014 9

  IBM System Storage Productivity Center Introduction and Planning Guide, SC23-
8824
 System Storage Productivity Center User’s Guide, SC27-2336
Online Resources
These websites and URLs are also relevant as further information sources:
 Documentation for the IBM DS8300 Storage System:
http://www.ibm.com/support/knowledgecenter/HW2C2/com.ibm.storage.ssic.help
.doc/f2c_ichomepage_ds8300.html?lang=en
 Documentation for the IBM DS8700 Storage System:
http://www.ibm.com/support/knowledgecenter/STUVMB/com.ibm.storage.ssic.hel
p.doc/f2c_ichomepage_ds8700.html?lang=en
 Documentation for the IBM DS8800 Storage System:
http://www.ibm.com/support/knowledgecenter/STXN8P/com.ibm.storage.ssic.hel
p.doc/f2c_ichomepage_ds8800.html?lang=en
 Documentation for the IBM DS8870 Storage System:
http://www.ibm.com/support/knowledgecenter/STUVMB/com.ibm.storage.ssic.hel
p.doc/f2c_ichomepage_ds8700.html?lang=en
 System Storage Interoperation Center (SSIC):
http://www.ibm.com/systems/support/storage/config/ssic
 VPN Implementation, S1002693:
http://www-01.ibm.com/support/docview.wss?&rs=1114&uid=ssg1S1002693
Help from IBM
 IBM Support and downloads:
www.ibm.com/support
 IBM Global Services:
www.ibm.com/services

Remote Support Overview 10