Mission Critical Computing Blog

turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Subscribe
Article Options

Migration to Insight Remote Support Advanced from modem-based remote support is imminent for NonStop

by vigupta on 10-04-2011 10:35 PM - last edited on 10-31-2011 04:15 PM

Support Automation…You use it every day

If you are a HP NonStop customer, there is almost a 100% chance that you use support automation; i.e., capability for the NonStop system to automatically notify the GNSC (Global NonStop Support Center) when there is a hardware, environmental or configuration problem – generally referred to as Remote Device Monitoring (RDM), and the capability for the GNSC specialists to remote connect to your NonStop system for troubleshooting and fixing the problem – generally referred to as Remote Device Access (RDA).

 

As I wrote in an earlier blog, NonStop systems excel in self-management, and one of the very important aspects of self-management is self-diagnosis. Since the self-diagnosis is built ground up in NonStop systems in every hardware, firmware and software, almost all faults are detected by the system and result in EMS events and other system notifications. And then, we have OSM – one of the most sophisticated WBEM (Web-based Enterprise Management)-based implementations in the world. OSM ensures that all hardware, environmental and configuration problems are detected in real-time and displayed in OSM Service Connection.

 

However, a model that requires operators to continuously look at OSM Service Connection user interface to find out if there is a problem is outdated. In today’s light-out IT environments, the problem incidents should be notified automatically to HP GNSC so that they can respond to them in a timely manner.

 

…And this is where support automation comes in. Support automation is the technology to automatically notify GNSC when there is a problem detected on a customer system, and have GNSC connect to the customer system remotely for troubleshooting and fixing the problem.

 

Once upon a time, there were modems…

For years, NonStop customers were using modem-based support automation infrastructure, where the problem incidents detected by OSM server were sent to HP OSM Notification Director running on NonStop System Console (NSC), and those incidents were sent to GNSC over modem. GNSC specialists also used modem-based infrastructure to connect back to customer system. There were multiple issues with that:

  1. Modem is an outdated technology. In today’s world where everything runs on Internet, using modems for support automation simply does not make sense.
  2. Modems are less efficient. Anybody who has used modems for Internet connection in past can sympathize with that statement.
  3. There is no encryption of data-in-motion when transmitted over modem lines. Although the data that is sent to GNSC from customer systems is not sensitive data in general, it can still be concerning to some customers.
  4. Rest of HP platforms and other vendors use Internet-based remote support architecture.

 

Thus, it only makes sense that NonStop also starts using Internet-based remote support product. HP Insight Remote Support Advanced is indeed that product.

 

…And now is the time to end that story and start a new adventure with HP Insight Remote Support Advanced

HP Insight Remote Support Advanced is a plug-in to HP Systems Insight Manager (SIM), and completely integrates with HP SIM. With more and more NonStop customers using HP NonStop Essentials products, which are also HP SIM plug-ins, customers can now get a Single Pane of Glass for system health monitoring, performance monitoring, event monitoring, command and control, software management, and remote support.

 

For last few years, customers had the choice of continuing to use modem, or migrate to HP Insight Remote Support Advanced. But it is impractical and unsustainable to support two methods of support automation for a long time. Thus, HP announced (and notified customers) almost a year back that October 31, 2011 (which marks the end of HP financial year 2011) will be the modem expiry date, and HP will not support modem-based remote support after that date. We realized that even though this announcement was made an year in advance, some customers have real issue migrating to HP Insight Remote Support Advanced by the deadline because of the way their sales cycles work, because of their future plans for physical migration of data center, because of the time it takes for them to get the approval from their IT department to setup for Internet-based remote support, etc. Thus, HP provided an option to customers to work with their account teams to file an extension request for a few months. If the customer has not migrated to Insight Remote Support Advanced or not filed an extension request - by October 31, 2011, their remote support automation will be in jeopardy.

 

Is HP Insight Remote Support Advanced good for you?

You bet…

 

HP Insight Remote Support Advanced is more efficient, more secure and of course, more modern technology. It also provides a uniform method of remote support across all HP platforms. On top of that, HP Insight Remote Support Advanced provides an option to automatically download the new updates (of course, securely) and even install them, without any customer intervention. Now, that is automation…

 

…But customers expect even more from HP NonStop Division

Even though IT world is a leader in adapting to changes, it still is annoying to migrate from a technology that was stable and has been in use for years. Thus, it does not surprise me that some customers do not like that they need to migrate to HP Insight Remote Support Advanced even though it is a better technology as mentioned before.

 

We heard our customers and provided a lot of value add and enhancements on top of what HP Insight Remote Support Advanced already provides:

  1. As mentioned before, we provided a process for filing the extension for a few months to get more time to be prepared for this migration.
  2. Even though we recommend that HP SIM and Insight Remote Support Advanced are installed on a standard CMS (Central Management Server), we support installing them on newer models of NSC that already have 4 GB of memory, so that customers do not have to buy new CMSs. However, if the customers do install HP SIM and Insight Remote Support Advanced on NSC, they lose a huge benefit of Single Pane of Glass across the data center. Since NSC has visibility only within a single NonStop maintenance LAN, a single instance of HP SIM and Insight Remote Support Advanced can only monitor NonStop systems within that maintenance LAN.
  3. For customers that did not have newer models of NSC, we provided memory upgrade options for most NSC models, so that customers do not have to buy new NSCs.
  4. Even though HP Insight Remote Support Advanced does not provide a fault-tolerant solution out-of-the-box, HP NonStop development team worked with HP Insight Remote Support Advanced development team to design a method of providing fault-tolerance for NonStop customers. Thus, NonStop customers can utilize dual CMSs (or dual NSCs) to ensure that all problem incidents detected by OSM are sent to GNSC via one CMS or the other, without sending dual notifications.
  5. Earlier versions of HP Insight Remote Support Advanced had an issue where OSM did not get the notification that Insight Remote Support Advanced received the incidents sent by OSM in time, and thus, OSM resent the incidents. This resulted in dual notifications to GNSC and sometimes, erroneous notifications to GNSC that OSM communication to one of the CMSs had failed. This was usually an issue where the CMS was physically very far from the NonStop system resulting in high latency in the communication between NonStop and CMS. HP NonStop development team specifically worked with HP Insight Remote Support Advanced development team to fix this issue in the latest version of HP Insight Remote Support Advanced (A.05.60).

 

A word (or two) on security

Did I mention that modem-based remote support mechanism did not use any encryption for data-in-motion? Guess what? As would be expected, HP Insight Remote Support Advanced transmits all data encrypted – for both outbound and inbound communication. But there is more to security of HP Insight Remote Support Advanced than just encryption of data-in-motion. Let’s discuss the four levels of security.

 

  1. Application Security: First, it is completely in customer’s hand how to setup CMS. CMS can follow all the security policies mandated by customer’s IT and security departments. It includes which firewalls to run, which anti-virus packages to run, how often security patches are installed, who has access to CMS and in what capacity (role), etc, etc. Since many many HP customers around the world use HP Insight Remote Support products, chances are that almost all security configurations have been tested by somebody or the other above and beyond the configurations tested by many HP divisions. Also, as mentioned before, HP Insight Remote Support Advanced provides an option to automatically download updates. However, all downloaded updates are digitally signed and verified before they are executed, to maintain the integrity and authenticity of the Insight Remote Support Advanced software and prevent unauthorized changes.
  2. Outbound security: First, the incidents are collected from the monitored systems (e.g., from OSM on NonStop systems) completely inside the customer’s IT environment. Whether you run HP Insight Remote Support Advanced on a NSC in the maintenance LAN or on a CMS in your corporate LAN, it is always within your firewall. There is, of course, an external firewall between the CMS and HP data center. And did I mention that all data-in-motion from CMS to HP is encrypted using HTTPS to provide confidentially and integrity of the information?
  3. Data security: OK, so the customer incident information is sent to HP securely. But what happens after that? How is that information secured? Not to worry…you are dealing with the biggest IT company in the world. It is important for HP to maintain the confidentiality, integrity and availability of customer information. First, HP utilizes high-availability HP servers to create Insight Remote Support Advanced infrastructure making sure that the infrastructure is available when the incidents are sent from customer systems. Then, customer data is stored in HP’s secured access data centers. We classify all collected data as “HP private” to disallow any unintended access. As would be expected, customer data is stored encrypted on both storage and backup media to ensure data-at-rest protection. Last but not the least, access to the collected data is allowed to only authorized HP support specialists working on that customer account.
  4. Inbound security: In our daily life, we all deal with Internet and are used to providing sensitive information, including credit card number, bank information, social security number, etc. - as long as we trust the company we are providing this information to. We trust that the data will be transmitted encrypted, the data will be stored encrypted, and no unauthorized access will be allowed. HP Insight Remote Support Advanced outbound and data security is based on the same premise. However, we are not generally used to an outside company connecting back to our home PC trying to fix a problem, and thus, it is more important to consider how inbound security works for an Internet-based remote support implementation. First, HP specialists make inbound connection to a customer-designated access server only. That is, there is no direct access to NonStop systems (or any other managed system) from HP GNSC. Once GNSC has connected to the access server, then only, they can connect to managed systems, which means that all access policies to managed systems must be followed. In addition, there are multiple secure remote access solutions available to meet customer’s security requirements. This includes attended Remote Device Access (RDA) via HP Virtual Support Room (VSR), a web-based desktop-sharing application, and unattended RDA via SSH tunneling, where SSH tunnel is terminated at a Customer Access System (CAS) deployed either in the customer DMZ or on a trusted network. There are multiple sub-options of unattended RDA, including SSH-Direct (SSH tunnel bare over the Internet), VPN Connectivity (SSH tunnel inside a VPN connection between HP and the customer), and ISDN Connectivity (SSH tunnel over an ISDN connection). Although there are multiple choices, there is one thing common among them - they all use standard techniques including SSH, IPSec and HTTPS to satisfy customer’s security requirements. Nowadays, almost all companies allow their employees to connect to corporate LAN over VPN. If a customer already has that infrastructure in place, it can be leveraged for inbound connection from HP. HP provides both hardware and software solutions for inbound connection, which can be configured to ensure the customer control of the connection. Customer also has a choice to monitor a support specialist’s activities. Of course, all HP support specialists adhere to the same standard of business conduct as onsite HP engineers, and they are not allowed to attempt a connection without customer’s approval and a business need. On top of that, it is possible to restrict the access to only the HP support specialists assigned to the customer. HP also requires two-factor authentication internally in HP to control access to the HP access connectivity servers, and all connections, attempted and successful, to the customer systems are always logged.

 

Migrate to HP Insight Remote Support Advanced NOW…

As can be easily seen, even though HP Insight Remote Support Advanced is a change from current modem-based remote support mechanism, and even though there is some learning curve involved in this migration, in long run, this provides a more secure, more efficient and more modern technology across the customer’s data center, and gives them that highly-requested Single Pane of Glass.

 

Now, if you have not migrated to HP Insight Remote Support Advancedand would like more information, read HP Insight Remote Support Advanced or provide me feedback via a comment and ask me how I can help you.

We encourage you to share your comments on this post. Comments are moderated and will be reviewed and posted as promptly as possible during regular business hours.

To ensure your comment is published, please follow our community guidelines.

Comments
by Paul Smith(anon) on 11-09-2011 03:25 PM
Options

Wow interesting stuff about this remote support by HP. Well keep up the good work !

0
by VPN for China(anon) on 01-30-2012 05:12 PM
Options

Real good info can be found on web site.

0
Post a Comment
Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
 

Find HP in Social Media

Facebook Twitter YouTube SlideShare Flickr
About the Author
  • Kirk Bresniker is the Vice President/Chief Technologist for HP Business Critical Systems where he has technical responsibility for all things Mission Critical, including HP-UX, NonStop and scalable x86 platforms. He joined HP in 1989 after graduating from Santa Clara University and has been an HP Fellow since 2008.
  • Cynthia is part of the BCS marketing team. Interested in all things mission-critical and what's next on the horizon.
  • Jacob works on HP's CloudSystem offerings. He focuses on the strategy for CloudSystem Matrix and the tighter integration of Matrix and other HP Software offerings.
  • Joe Androlowicz is a Technical Communications and Marketing manager in HP’s NonStop Product Division. Joe is a 25 year journeyman in information systems design, instructional technologies and multimedia development. He left Apple Computer for Tandem Computers to help launch G03 and hasn’t looked back yet. He previously managed the program management team for the NonStop Education and Training Center and drove the development and growth of the NonStop Certification programs.
  • I am with the Business Critical Systems marketing team, focused on mission-critical resiliency.
  • Kevin has worked at Tandem/Compaq/HP for 23 years in a variety of roles ranging from QA/Dev to Release Mgmt to Escalations. Currently he works in the BCS/Nonstop TCE group. In additon, he works closely with HP Connect and is on the Customer Advocacy Committee, representing BCS.
  • Hello! I am on the HP Enterprise Servers, Storage and Networking team, focused on Interactive Web and Social Media Marketing for (ISS) Industry Standard Servers. I will be sharing relevant ISS and HP news & info as it crosses my path.
  • Greetings! I am in the HP Converged Infrastructure team focused on Server, Storage & Networking group at HP and will be sharing news & info as it crosses my path.
  • Lorraine Bartlett leads the worldwide strategy and marketing organization for the Business Critical Systems unit of HP. In this role, Lorraine and her marketing team are responsible for creating positive experiences among market influencers and customers for HP’s mission critical offerings based on BCS products and technologies while preparing the market for our next generation Integrity solutions. The BCS marketing focus is on providing the infrastructure that is absolutely fundamental for the success of the business. Because of the criticality of the servers, BCS customers and our marketing efforts are focused on availability, scalability, performance, flexibility and total cost of ownership. Additionally, Lorraine is responsible for establishing the overall strategy of the BCS business. Prior to this role, Lorraine Bartlett led the Worldwide Server Marketing team responsible for product planning, product management and product marketing for the HP Integrity, HP 9000, and HP AlphaServer families. While heading Server Marketing team, Lorraine oversaw the successful launch of the Integrity blades and the 8 socket ProLiant DL785 server. Over her 25 year career at HP Lorraine has worked in numerous business units in a variety of marketing and engineering positions, including business strategy and planning, solutions marketing, product marketing, product management, technical support and software engineering.
  • In my current role, I work closely with ISVs and drive a program focused on bringing new applications onto NonStop platform. I also lead the 'CI-ready' program for NonStop partners. Previously, I have performed a variety of roles in NonStop's Engineering department. I have been associated with the IT industry for the past 20+ years.
  • Greetings! I am on the HP Converged Infrastructure marketing team focused on Business Critical Systems. Topics I am interested in include mission-critical computing, scale up x86, and Converged Infrastructure
  • I am with the BCS Server Marketing team, focused on networking and storage connectivity options.
  • Vinay Gupta is an HP Distinguished Technologist and the NonStop Manageability Architect. He joined Tandem in 1994 after graduating from Indian Institute of Technology. He has worked on many NonStop manageability applications over time. He works across various groups within NonStop and HP to ensure consistency and interoperability in manageability interfaces and applications. He is also a member of DMTF workgroups.
  • Wendy Bartlett is a Distinguished Technologist in HP’s NonStop Enterprise Division, and focuses on dependability – security and availability - for the NonStop server line. She joined Tandem in 1978. Her other main area of interest is system architecture evolution. She has an M.S. degree in computer science from Stanford University.
Labels