This topic describes how to access the master console remotely.
You typically use this feature when you are working with a service representative,
and the representative needs to access the master console from
a remote location.
Prerequisites
Before initiating a VPN connection with a service representative,
the following requirements must be met:
- The master console must have a connection to the Internet.
- You must have a Windows® user account for the service representative
set up on the master console.
- You must have a remote display emulation package, such as Virtual Networking
Computer (VNC) server, running on the master console if the service representative
must access the SAN File System console or the RSA II Web interface remotely.
- You must provide a user ID and password for access.
- There must be a maintenance agreement between you and IBM®, or the product
must be under software warranty.
Context
The master console is used to set up a VPN connection between
you and a service representative. You initiate the connection and have the
ability to monitor and control the connection.
Figure 1. VPN connection
between the customer and a service representative
Steps
- Log into the master console. You can access the master console
directly (using the keyboard, monitor, and mouse), or remotely though another
computer on the same LAN.
- Establish a secure connection from the master console through the
VPN gateway to a designated VPN server within the IBM intranet. Establish the connection using
the IBM connection
manager and obtain a connection ID. The IBM connection manager icon is located on
the master console desktop.
- Provide the connection ID to the service representative. Each
time you start a VPN session, a unique connection ID is created.
- The service representative connects to the designated VPN server (this is the first of two connections), using either a Telnet
client or a secure shell (SSH) client, such as PuTTY.
- The service representative connects to an account on the master
console. The service representative then establishes a second connection to
the VPN server. The service representative can uses the remote display emulator
package connection to establish a remote console to the master console.
Result
By accessing the master console remotely, an service representative
can log on to the following devices or interfaces:
- Each of the engines in the SAN File System cluster
- The service representative can query and control the engines at the operating-system
level by initiating an SSH session with the engine. This requires that a UNIX-based
user account be set up on each of the engines in the cluster.
- Administrative command-line interface
- The service representative can query and control the SAN File System metadata
servers, and access metadata, log, dump, and configuration data. This requires
that a SAN File System administrative user account be set up for the service
representative.
- SAN File System clients
- The service representative can query and control clients at the operating
system level by initiating either an SSH session or a Telnet session with
the client (if an SSH or Telnet application is installed and running on the
client). This requires that an operating system user account be set up on
each of the clients to which the service representative will need access.
- SAN File System console and RSA II Web interface
- These interfaces are available if a remote display emulation package is
installed and running.
You can monitor all activity performed by the service
representative. You can either run a remote desktop package from another machine
to observe the master console desktop, view the master console SSH log file
to see the results of all activity, or watch directly from the monitor on
the master console. In addition, you can disconnect the VPN session at any
time.