Home > Storage > Unity XT > Storage Admin > Dell Unity: Operating Environment (OE) Overview > Serviceability
In creating an easy to use and easy to install price-competitive storage system, Dell Unity had to be easy to service. Dell Unity offers easy access to information about your system and where to find help when it is needed. Multiple methods of service access are available on the Dell Unity platform. The focus in this section will be towards the purpose-built Dell Unity system.
For more information about the serviceability features on Dell UnityVSA, see the Dell UnityVSA white paper.
In Dell Unity OE version 4.5 and later, security updates were implemented in order to defend Dell Unity from industry-wide vulnerabilities such as Spectre and Meltdown. Unprivileged users are restricted from loading and running untrusted commands and software locally on Dell Unity by implementing restricted shell (rbash) for the service user. This allows Dell Unity to remove these vulnerabilities without impacting performance, modifying the operating system kernel, or updating the CPU BIOS.
Rbash is a UNIX/Linux shell that restricts some of the capabilities available to an interactive user session. Rbash cannot be permanently disabled by service personnel; however, it can be temporarily disabled by a Unisphere administrator user through UEMCLI. Rbash can be disabled using the uemcli /sys/security set -restrictedShellEnabled command and is only supported when the system is fully functional. Once disabled, rbash will be automatically re-enabled after 24 hours, and automatically reenabled if a Storage Processor reboots. Users might see an impact when trying to run scripts through an SSH session while rbash is not disabled.
For an up-to-date list of approved commands, see KB57822 on Dell Support.
Secure Remote Services (formerly known as ESRS) is a highly secure, bi-directional remote connection between a customer’s Dell storage environment and Dell. This feature-rich connectivity solution helps customers keep pace with the growing challenges of rapidly growing footprints and modern technologies by anticipating customer needs and delivering the right resources at the right time. A Secure Remote Services connection provides many benefits, including automated health checks, 24x7 predictive wellness monitoring, and remote issue analysis and diagnosis through Dell’s award-winning service and support.
Secure Remote Services can be enabled on Dell Unity systems through the Initial Configuration Wizard the first time a system is configured or through the Service page as seen in Figure 10. The same Secure Remote Services configuration can be found on the Support Configuration tab in the Settings menu. Before enabling Secure Remote Services, both Dell Support Credentials must be provided as well as customer Contact Information.
With the Dell Unity version 5.0, Dell personnel can use their RSA SecurID credentials to configure Secure Remote Services on a system. When configuring Secure Remote Services with RSA credentials, a configured and verified support account is not required. The Readiness Check can be run without entering support credentials on the system, and the system must be registered in the install base. Additionally, with the Dell Unity OE version 5.0, two gateway server IPs can be entered when enabling Secure Remote Services, thus adding support for Secure Remote Services VE cluster configurations with Dell Unity.
In Dell Unity OE 5.3 and later, Dell SupportAssist replaces Secure Remote Services for physical systems. SupportAssist can be configured in two different modes, Connect directly or Connect through a gateway server. These modes are synonymous with Integrated and Centralized Secure Remote Services. Secure Connect Gateway (SCG) version 5.12 and later is required when configuring SupportAssist through a gateway server. No changes have been made to UnityVSA systems, and it continues to support Centralized Secure Remote Services.
For more information about requirements and configuration of Secure Remote Services, see Dell Unity Family Secure Remote Services Requirements and Configuration on Dell Support.
In Unisphere, a visual depiction of your Dell Unity system is provided on the System View page (Figure 11). Views are provided for both the DPE and any DAEs, from the front and rear as well as the top (DPE). This can be useful for easily diagnosing issues with physical components on your system. For example, a port that has lost communication to the network will be highlighted in yellow, while a faulted disk will be highlighted in red. This makes it easy to realize that a port or disk has faulted and understand where in the system it is located. Selecting a part reveals additional information about the device.
The Alerts page presents all the system errors, warnings, and notifications that have been generated by the Dell Unity system. It is easily sortable by the different columns available so that the information can be reviewed and acted upon. Alerts will include relevant information, including the system resources referenced, and recommendations for remedial action.
The service port on the rear of the DPE is used to access a shell prompt to the Dell Unity system. This port can be used to send commands to the system when Unisphere is not responding. A Windows host with an IPMI tool is used to establish a serial connection. After a connection is established to the Dell Unity system, a command prompt equivalent to connecting to the system over SSH is provided. UEMCLI and service commands can be performed from this interface.
Another way to run commands on Dell Unity systems is through SSH access over the management port. Administrators can enable SSH access from the Service > Service Tasks page in Unisphere. Once SSH is enabled, users can log in to the system using an available SSH client and login using service credentials. UEMCLI and service commands can be performed from this interface.
The Support page in Unisphere provides helpful links and access to resources for obtaining more help (Figure 12). Options include links to ordering replacement parts, viewing support forums, and obtaining helpful documentation and videos. At the bottom, the Contact Us section provides helpful pointers to chatting with a Dell Technologies representative, opening a Service Request, and accessing Dell Support account information.
The Service page contains information about the connect home configuration, Support Contracts, Support Credentials, and Contact Information. Details about Secure Remote Services or SupportAssist are included, depending on the Dell Unity OE version and system type. Useful information such as the software version and serial number of the system are also provided on this page.
Throughout Unisphere, the circular “question mark” icon can be used to launch Unisphere Online Help. In most cases, Unisphere Online Help is context-sensitive and directs you to the help page most relevant to the view from which the help was accessed. Use Unisphere Online Help as a quickly available resource, and seek out the other support options if there are additional questions.
Dell Unity provides options for configuring user access to Unisphere. Individual user accounts may be created and given different levels of privilege. These configuration options allow for an appropriate level of access for each user, based on their responsibilities, whether that be monitoring the array, configuring storage, or managing new users. Table 3 provides more details about the type of user accounts available and their associated privileges. Alternatively, an LDAP server may be used to handle authentication and user management.
USER ROLE | PRIVILEGES |
ADMINISTRATOR | Can view status and performance information. Can also modify all Unity settings, including configure new storage hosts and manage local user, LDAP user, and LDAP group accounts. |
STORAGE ADMINISTRATOR | Can view status and performance information and can modify most system settings, but cannot configure new storage hosts or manage local user, LDAP user, or LDAP group accounts. |
OPERATOR | Can only perform monitoring activities. Read-only access. |
VM ADMINISTRATOR | Can only establish a VASA connection from the vCenter to the storage system. |
SECURITY ADMINISTRATOR | Can modify the security settings including domain operations, but read-only access on storage system settings. |
With the Dell Unity OE version 4.4 or later, when configuring the Directory Services under Users and Groups, the user can select the Auto Discover checkbox to automatically lookup the LDAP servers from the DNS. Additionally, the system can have multiple LDAP servers configured and supports Forest Level Authentication. With Forest Level Authentication, the system can authenticate LDAP users at the forest level of the domain. For more information about how to configure LDAP and LDAPS, see the Dell Unity Security Configuration Guide on Dell Support.