How to Configure an Isilon Cluster to

Communicate with SRS v3 Gateway Servers

8.2.2 and later

Contents
August 2022
This document describes how to configure an Isilon cluster to connect to a Dell EMC Secure Remote Services (SRS) v3
Gateway server.

• Overview.....................................................................................................................................................................................................................2
• Site ID requirements................................................................................................................................................................................................ 3
• Licensing..................................................................................................................................................................................................................... 3
• Port requirements.....................................................................................................................................................................................................7
• Enable and configure Secure Remote Services support ............................................................................................................................... 7
• Disable SRS support................................................................................................................................................................................................ 8
• View SRS configuration settings..........................................................................................................................................................................8
• Isilon SRS Managed File Transfer support.........................................................................................................................................................9
Overview
This document describes how to configure an existing Isilon cluster to communicate with a Secure Remote Services (SRS) v3
Gateway server.

Purpose of this document

This document assumes the following:
● That your cluster is currently configured to connect to an SRS v2 Gateway, which will end-of-life soon.
● That you have obtained and configured an SRS v3 Gateway at your site.
This document covers the final step of the conversion, which is to switch your cluster's configuration to connect to the new
SRS v3 Gateway.

Prerequisites
Before proceeding with the instructions in this document, at least one SRS Virtual Edition Gateway server (SRS v3 server) must
be installed and configured. The SRS v3 server acts as the single point of entry and exit for remote support activities and for
monitoring notifications. If required, you may set up a secondary SRS v3 server as a fail over.
If the SRS v3 server supports IPv6, then SRS is supported through IPv6 communications.
If the SRS v3 server is configured for IPv4, then, to support SRS transmissions and remote connections, at least one subnet
on the Isilon cluster must be configured for IPv4 addresses. All nodes to be managed by SRS must have at least one network
interface that is a member of an IPv4 address pool. Only nodes with an interface in this pool are eligible for election to be the
SRS master node. All alerts on the cluster are routed through this master node.
If you are not sure if your installation meets these prerequisites, submit a Dell EMC support request (SR).

Configuration
This document describes the following required tasks:
1. Ensuring compliance with Dell EMC Site ID requirements.
2. Obtaining and uploading a required license file.
3. Ensuring required port access.
4. Enabling SRS on the cluster. You enable SRS for the entire cluster with a single registration, as opposed to one node at a
time as in previous versions of OneFS.
This document also describes the following related commands and features:
● Disabling SRS.
● Viewing configuration settings.
● Configuring and using Managed File Transfer (MFT). The MFT feature is useful for downloading files that are suggested by
Dell EMC Support personnel.

Optional controls
When customers enable support for SRS on a cluster, they can optionally create rules for remote support connections to the
Isilon cluster with the SRS Policy Manager. The Policy Manager setup is separate from the SRS v3 system. Details on the Policy
Manager are available in the most current Secure Remote Services Installation Guide.
Customers may also implement firewall rules to block SSH from the SRS Gateway(s) to the Isilon nodes. These rules effectively
ensure that Dell EMC has no remote access to the cluster. They do not prevent the SRS Gateways from servicing and sending
to Dell EMC outbound cluster alerts and telemetry.

2
Site ID requirements
The Customer Site ID is an important identifier in SRS configuration.
Customer Site IDs are identifiers used by Dell support teams. A customer may have multiple Site IDs.
For successful SRS configuration, the same Site ID must be associated with all the following items in the Dell support databases:
● The Site ID that identifies the physical location of the SRS v3 Gateway (primary).
● The Site ID in all hardware licenses for all nodes in the cluster.
● The Site ID in the OneFS software license.
● The Site ID associated with the administrator who will configure SRS on the cluster.
Use the following procedure to verify Site IDs, or submit a Dell Support Request (SR) for help.
1. Use the Dell support web page to check the Site IDs associated with hardware.
a. Log onto [Link]
b. Use features on the support site to look up the Site ID associated with your primary SRS v3 Gateway and check the Site
IDs associated with each node in your Isilon cluster.
c. Submit a Support Request (SR) asking for reassignment of the Site IDs for any nodes that do not match the Gateway's
Site ID.
NOTE: Alternatively, you can request that the Site ID associated with the Gateway be changed. The important point
is that all of the hardware is associated to the same Site ID.

2. Use the Dell Software Licensing Center to check the Site ID associated with the OneFS software license.
a. Log onto Software Licensing Central.
b. Select Entitlements and then search for software licenses.
c. Find the OneFS software license and compare the associated Site ID to the Gateway's Site ID.
d. If not the same, submit an SR to the licensing team asking to change the Site ID in your OneFS software license.
3. Verify login credentials for the Site ID.
The administrator who will enable SRS must have credentials that are registered as valid for the Site ID. If you are unsure of
the credentials, submit an SR for help.

Licensing
All Isilon software and hardware must be licensed through Dell EMC Software Licensing Central (SLC).
A record of your active licenses and your cluster hardware is contained in a license file that is stored in two locations: one copy
of the license file is stored in the SLC repository, and another copy of the license file is stored on your cluster. The license file
contains a record of the following license types:
● OneFS
● Additional software modules
The license file on your cluster, and the license file in the SLC repository, must match your installed hardware and software.
Therefore, you must submit a request to update your license file when you:
● Upgrade for the first time to OneFS 8.1 or later
● Add new hardware or upgrade the existing hardware in your cluster
● Require the activation of an optional software module
To request a change to your license file, you must create a file that contains an updated list of your required hardware
and software licenses and submit it to Dell EMC Software Licensing Central (SLC). You can generate that file, known as an
activation file, from your OneFS interface.
Licenses are created after you generate an activation file, submit the file to Dell EMC Software Licensing Central (SLC), receive
a license file back from SLC, and upload the license file to your cluster.

3
Software licenses
Your OneFS license and optional software module licenses are included in the license file on your cluster and must match your
license record in the Dell EMC Software Licensing Central (SLC) repository.
You must make sure that the license file on your cluster, and your license file in the SLC repository, match your upgraded
version of OneFS.
Advanced cluster features are available when you activate licenses for the following OneFS software modules:
● CloudPools
● Security hardening
● HDFS
● Isilon Swift
● SmartConnect Advanced
● SmartDedupe
● SmartLock
● SmartPools
● SmartQuotas
● SnapshotIQ
● SyncIQ
For more information about optional software modules, contact your Dell EMC sales representative.

Hardware tiers
Your license file contains information about the Isilon hardware installed in your cluster.
Nodes are listed by tiers in your license file. Nodes are placed into a tier according to their compute performance level, capacity,
and drive type.
NOTE: Your license file will contain line items for every node in your cluster. However, pre-Generation 6 hardware is not
included in the OneFS licensing model.

License status
The status of a OneFS license indicates whether the license file on your cluster reflects your current version of OneFS. The
status of a OneFS module license indicates whether the functionality provided by a module is available on the cluster.
Licenses exist in one of the following states:

Status Description
Unsigned The license has not been updated in Dell EMC Software
Licensing Central (SLC). You must generate and submit an
activation file to update your license file with your new version
of OneFS.
Inactive The license has not been activated on the cluster. You cannot
access the features provided by the corresponding module.
Evaluation The license has been temporarily activated on the cluster.
You can access the features provided by the corresponding
module for 90 days.
Activated The license has been activated on the cluster. You can access
the features provided by the corresponding module.
Expired The license has expired on the cluster. After the license
expires, you must generate and submit an activation file to
update your license file.

4
View license information
You can view information about the current license status for OneFS, hardware, and optional Isilon software modules.
Run the following command:

isi license list

Adding and removing licenses

You can update your license file by generating an activation file, submitting the activation file to Dell EMC Software Licensing
Central (SLC), then uploading an updated license file to your cluster.
You can add or remove licenses from your license file by submitting an activation file to SLC.
You must update your license file after you:
● Add or remove hardware
● Add or remove optional software modules

Generate a license activation file

To update your license file, you must first generate a license activation file that contains the changes you want to make to your
license file.
1. Run the isi license generate command to add or remove licenses from your activation file, and designate a location
to save your activation file.
The following command adds a OneFS license and saves the activation file, named <cluster-name>_activation.xml
to the/ifs directory on your cluster:

isi license generate

--include OneFS
--file /ifs/<cluster-name>_activation.xml

The following command adds OneFS and SyncIQ licenses, removes your Cloudpools license, and saves the new activation
file:

isi license generate

--include OneFS
--include SyncIQ
--exclude Cloudpools
--file /ifs/<cluster-name>_activation.xml

2. Save the activation file to your local machine.

After you have a copy of the activation file on your local machine, you can submit the file to Dell EMC Software Licensing
Central (SLC).

Submit a license activation file to SLC

After you generate an activation file in OneFS, submit the activation file to Dell EMC Software Licensing Central (SLC) to
receive a signed license file for your cluster.
Before you submit your activation file to SLC, you must generate the activation file through OneFS and save the file to your
local machine.
1. From your local, internet-connected system, go to Dell EMC Software Licensing Central (SLC).
2. Log into the system using your Dell EMC credentials.
3. Click ACTIVATE at the top of the page.
A menu will appear with two options: Activate and Activate by File.
4. Click Activate by File
The Upload Activation File page appears.
5. Confirm that your company name is listed next to Company.

5
 If your company name is not displayed, click Select a Company and search with your company name and ID.
6. Click Upload.
7. Locate the activation file on your local machine and click Open.
This is an XML file. The file was originally generated with the name [Link] but you may have saved it with a
different name.
8. Click the Start the Activation Process button.
The Apply License Authorization Code (LAC) page appears.
9. In the Missing Product & Quantities Summary table, confirm that there is a green check in the column on the far right.
If any row is missing a green check in that column, you can search for a different LAC by clicking the Search button and
selecting a different available LAC.
10. Click the Next: Review button.
11. Click the Activate button.
When the signed license file is available, SLC will send it to you as an attachment to an email.
NOTE: Your signed license file may not be available immediately.

The signed license file is an XML file with a name in the following format:

ISLN_nnn_date.xml

For example, ISLN_15002_13-[Link]

12. Download the signed license file to your local machine, in a directory where you can locate it for the next procedure. For
example, save it in /ifs on your local machine.

Upload the signed license file

After you receive a signed license file from Dell EMC Software Licensing Central (SLC), upload the file to your cluster.
Run the isi license add command.

# isi license add --path <file-path-on-your-local-machine>

For example, the following command uploads the signed license file that you had previously copied into a directory named /ifs
on your local machine:

isi license add --path /ifs/ISLN_15002_13-[Link]

Activating trial licenses

You can activate a trial license that allows you to evaluate an optional software module for 90 days.

Activate a trial license

You can activate a trial license to evaluate a OneFS software module.
Run the isi license add command.
The following command activates a trial license for the Cloudpools and SyncIQ modules:

isi license add

--evaluation Cloudpools
--evaluation SyncIQ

6
Port requirements
The following table lists the ports that must be open from the OneFS cluster through the firewall to the SRS gateway. For
OneFS clusters to communicate over SRS, all of the following ports must be open.

Table 1. Open firewall ports for OneFS cluster communications over SRS
TCP Protocol/Port Direction Open Source or Destination Application
HTTPS 9443 Outbound To SRS Gateway REST
SSH 22 Inbound From SRS Gateway CLI via SSH
HTTPS 8080 Inbound From SRS Gateway Secure Web UI

Enable and configure Secure Remote Services support

You can enable support for Secure Remote Services (SRS) on an Isilon cluster.
Install and configure an SRS v3 server before you can enable SRS on an Isilon cluster. Complete details for installing and
upgrading SRS v3 are available in the Secure Remote Services documentation. The IP address pools that handle gateway
connections must exist in the system and must belong to a subnet under groupnet0, which is the default system groupnet.
If SRS is already enabled on the cluster, it continues to run as configured. However, to take advantage of the new features and
expanded functionality available in SRS for OneFS 8.1 and later, you must enable and configure SRS by using the isi esrs
commands.
It is also required that there is a signed license on the OneFS cluster.
NOTE: The SRS Virtual Edition gateway (SRS v3) does not support installing software that is not already included in the
appliance. While the customer has full access to the appliance, loading additional software or updating software already
installed may require redeployment.
1. Run the isi esrs modify command to enable and modify the SRS configuration on the OneFS cluster:

isi esrs modify --enabled=true --primary-esrs-gateway=<gateway-server> --gateway-

access-pools=subnetx:poolx
--username=<username> [--password=<password>]

Where:
● gateway-server is the IP address or name of the primary gateway.
● subnetx and poolx identify the network and pool for storing the collected data. Verify values with the site's storage
administrator.
● username and password are the credentials for accessing the primary gateway. The --password argument is optional
on the command line. If not provided, the system prompts you for the password and does not display the response as you
type it. Omitting password from the command line is preferable in most cases for security reasons.
For example:

isi esrs modify --enabled=true --primary-esrs-gateway=[Link] --gateway-access-

pools=subnet2:pool3 --username=[Link]@[Link]

2. Review the messages in the output and take appropriate action.

● Look specifically for the following u 'message': section in the output.

u'message': u'invalid username and password'

This error could indicate that the username or password is not correct. It could also indicate that the user does not
having appropriate access to the site ID. Contact Dell EMC support if you need help.

7
 Figure 1. Invalid username and password error
● If a signed license file is not activated on the cluster, the following message is displayed:

Your OneFS license is unsigned. To enable ESRS, you must first have a signed OneFS
license.
Follow the instructions in Licensing to obtain a signed OneFS license and enable SRS on the OneFS cluster.
● If the license was recently created, the related software ID (SWID) may not yet be propagated through the Dell EMC
systems. The following message is displayed:

: u'Connected', u'message': u'Device match not found for input device with Serial
Number ELMISL0310CBSQ and Product ISILON-GW'
In this case, SRS is configured but will not be enabled and connected to the gateway until the backend processing
completes. There is no action to take except to wait for the backend processing at Dell EMC to propagate the SWID. This
may take up to 4 hours.
NOTE: Also see the following paragraph. There are two possible reasons for receiving the Device match not
found message.
● If you recently relocated a cluster or performed a data erasure and reimaged or reinstalled the cluster, a new cluster
ID was generated by Dell EMC. The old cluster ID is no longer valid. If you receive the Device match not found
message when attempting to enable SRS, notify Dell EMC support that you need a new cluster id associated with your
SWID.

Disable SRS support

You can disable support for SRS on the Isilon cluster.
Disable SRS on an Isilon OneFS cluster by running the following command:

isi esrs modify --enabled=false

View SRS configuration settings

You can view SRS settings that are specified on an Isilon cluster.
The out put for the following commands includes Primary and Secondary SRS Gateways (SRS v3), SMTP status (enabled, or
disabled) if email notification is enabled for failover, and Gateway Access Pools details.
Run the isi esrs view command to view SRS configuration details.

8
Isilon SRS Managed File Transfer support
Managed File Transfer (MFT) support for OneFS provides the ability for customers to download suggested files and updates
directly from Dell EMC Isilon by using SRS commands.
MFT is not a licensed feature of OneFS, but it does require that SRS is enabled.
Currently, MFT configuration and usage is only available from the CLI, and is integrated with the OneFS job engine. No more
than one file at a time is downloaded to the cluster. Files can include packages, patches, and scripts.

Configure the MFT download feature

Use the isi esrs modify command to enable MFT.

isi esrs modify --download-enabled=true

The MFT feature has configurable options, with default settings that might not need any adjustments. Use the isi esrs
view command to check the current MFT option settings. The following figure is an example of the command output.

Figure 2. The isi esrs view command output

The following table describes the configurable options.

Table 2. Configurable MFT options

MFT option Description
Download Enabled Download is disabled by default.
ESRS File Download Timeout Period Specifies the length of time in seconds for each file chunk to
finish downloading.
ESRS File Download Error Retries Specifies the number of retries before the job fails.
ESRS File Download Chunk Size Sets the size in Kb for each file chunk.
ESRS Download Filesystem Limit Sets the file system limit (percentage) at which MFT does not
send any more files.

To change any of the settings, use isi esrs modify.

9
Download files with MFT
Use the isi esrs download start /ifs/<destination_location> command to begin downloading a file from the secure
locker.
NOTE: A secure locker is a customer-specific directory that is located in the Dell EMC back end infrastructure. Access is
only granted to users who are assigned permissions to do so.
The following figure is an example of the output for isi esrs download start.

Figure 3. The isi esrs download start command output

Use the isi esrs download list command to view the list of files to be downloaded.
Use the isi job view command to view job details. A checksum is used to verify the contents and integrity of the file after
it is downloaded. If the checksum fails, the file is quarantined. The following figure is an example of the command output.

Figure 4. isi job view command output

Use the isi job reports view command to view job status.

10
Figure 5. The isi job reports view command output

Troubleshooting data is written to the /var/log/isi_job_d.log and the /var/log/isi_esrs_d.log log files.

11
Notes, cautions, and warnings

NOTE: A NOTE indicates important information that helps you make better use of your product.

CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the
problem.

WARNING: A WARNING indicates a potential for property damage, personal injury, or death.

© 2014 - 2022 Dell Inc. or its subsidiaries. All rights reserved. Dell Technologies, Dell, and other trademarks are trademarks of Dell Inc. or its
subsidiaries. Other trademarks may be trademarks of their respective owners.