7 hp 3par communication settings, Using customer controlled access, Selecting the cca setting – HP 3PAR Service Processors User Manual
7 HP 3PAR Communication Settings
This chapter provides an overview of the communication settings available through SPOCC and
SPMAINT. These settings enable you to control and monitor communications between the HP 3PAR
storage system and HP 3PAR Headquarters through the SP.
There are two methods for controlling communication between the storage system and HP 3PAR
Headquarters: Customer Controlled Access and HP 3PAR Policy Server. Policy Server is a optional
feature that requires an HP 3PAR Policy Server license. For information about using Policy Server,
see the HP 3PAR Policy Server Installation and Setup Guide.
Using Customer Controlled Access
Customer Controlled Access (CCA), available through SPOCC and SPMAINT, allows you to limit
the network communication of external sources from or to the SP. CCA has three settings:
BOTH (or bidirectional HQ communications) is the default position that allows SSH
communications outbound from the SP to transfer information back to the connection portal
and inbound communications from the connection portal to SP ports 80 or 22, enabling remote
OUT (or outbound-only HQ communications) allows the SP to send data to the connection
portal through SSH but blocks remote connectivity. Control sequences such as
acknowledgements are allowed in both directions in order to continue communication, but
incoming updates, patches, manually requested data, and so on are blocked.
OFF (or turn off HQ communications) blocks all communication between the SP and HP 3PAR
Central or a local service provider, both inbound and outbound.
If the SP is running in Secure Network Mode, the 3parcust user can set the CCA
setting to OUT (to disable remote operations) or BOTH (to allow bidirectional communications).
In Secure Network Mode, the 3parcust user cannot set the CCA setting to OFF.
Starting with SP 4.2.0, when SP setup and connection to HP HQ are successfully
completed, the SP is configured to accept automatic software downloads from HP HQ. Downloaded
software will not be installed but will be available on the SP or HP 3PAR StoreServ Storage system
for later installation. Users can disable automatic software downloads, as described below.
CCA works the same whether the connection to HP 3PAR Central or a local service provider is
through the network or through a point-to-point modem connection. If the connection is set up to
go through the network and out through the Internet, you can also restrict or allow transmissions
with the network firewall.
Selecting the CCA Setting
The default setting for CCA is BOTH. Using either of the other settings can limit maintenance
activities or possibly delay the resolution of problems. Consider the following trade-offs when
selecting a setting for the HQ Customer Controlled Access:
BOTH—This is the default setting. All transmissions between the SP and HP 3PAR Central or
a local service provider occur without operator intervention.
OUT—The SP can contact HP 3PAR Central or a local service provider to warn of problems,
but maintenance and troubleshooting must be handled by on-site technicians. In effect, inbound
remote operations are disabled. Software upgrades and fixes must be performed manually
Using Customer Controlled Access