Page 1 of 1

New Service Processors, new remote destinations

Posted: Mon May 19, 2014 10:42 am
by Richard Siemers
We upgraded some service processors this last week. It seems both support and myself were caught off guard by the new SPs using a new phone home servers requiring firewall changes. The actual hostnames/ip have been xxx'd out for safety reasons... the real message here is that if your upgrading - double check if you need to edit your firewalls/acls and get the real hostnames/ip from support.

Something I like about the upgrade: CCA (customer controlled access) now works with SSA configurations.

The old configuration used by SP-2.5.2.GA-11 (as well as others I am sure)
Port 443 (https) to be opened (outbound)
xxxx.3pardata.com 66.xx.xx.xx
xxxx.3pardata.com 66.xx.xx.xx
xxxx.3pardata.com 66.xx.xx.xx
xxxx.3pardata.com 66.xx.xx.xx
xxxx.3pardata.com 66.xx.xx.xx
xxxx.3pardata.com 66.xx.xx.xx

This new configuration that needs to be put in its place with SP-4.1.0.GA-97:
Port 443 outbound from <service processor> to:
xxx.houston.hp.com 15.201.xx.xx (Primary IP)
xxx.houston.hp.com 15.240.xx.xx (Secondary IP)
xxx.houston.hp.com 15.201.xx.xx
xxx.houston.hp.com 15.201.xx.xx
xxx.houston.hp.com 15.240.xx.xx
xxx.houston.hp.com 15.240.xx.xx

Re: New Service Processors, new remote destinations

Posted: Mon May 19, 2014 11:52 pm
by afidel
SSA?

Re: New Service Processors, new remote destinations

Posted: Wed May 21, 2014 9:18 am
by MDPlatts
They are all documented in the 7000 install guide (ip's and fqdn's) - http://h20628.www2.hp.com/km-ext/kmcsdi ... 6625-9.pdf - page 65, so I wouldn't worry about asterisking them out, us noobs only know the new ones.

Re: New Service Processors, new remote destinations

Posted: Wed May 21, 2014 10:18 am
by Richard Siemers
SSA = Secure Service Agent (Axeda?)

I think there is a way on the older SPs to change the SSA settings for in/out bound, but requires the cpmaint! account instead of the customer account.

Re: New Service Processors, new remote destinations

Posted: Thu May 22, 2014 3:56 am
by MDPlatts
I'm having that problem at the moment - I configured it to use a proxy server but now need to set it to not use a proxy server - but it doesn't offer me any options to remove the proxy - there is a setting to say this can only be changed using the cpmaint user but I don't know what the password is and the "change password" menu doesnt offer the user as an option to let me set it.