Flexiant Cloud Orchestrator includes the ability for Flexiant's support staff to support your installation remotely. This functionality is called "Remote Support". When enabled, Remote Support gives Flexiant's engineers full access to the system. Remote Support is turned off by default.
The Remote Support system also allow you to send a 'bundle' to us, so that we can remotely analyse any problems that you have.
Controlling Remote Support
To enable remote support, log in as root and type:
To disable remote support, log in as root and type:
Advanced users may wish to enable remote support on a global basis. This is done by inserting the following line into
Once you have rebuilt your configuration, remote support is enabled globally, in which case it cannot be switched off using the
Flexiant's ability to support your system depends upon you being able to enable remote support. As a matter of company policy, we cannot, in general, access systems in a manner other than using our secure remote support channel.
Disabling Remote Support
Remote support can be disabled using:
and checking that the line
does not exist in
However, this does not prevent an administrator from turning it on again. In a situation where remote support is in contravention of internal security guidelines, it may be desirable to disable remote support permanently. This can be achieved by executing the following command on all management servers:
Note that if you disable remote support permanently, then you will not be able to enable it, and Flexiant will not be able to access your system to provide remote support, and thus to honour any support obligations under your contract.
Security and Operation of Remote Support
Remote Support uses many layers of security to ensure that your server remains secure:
Service switched off by default
For maximum security, Remote Support is switched off by default. You can enable it only when you wish Flexiant's engineers to have access to the system.
Doubly encrypted channel
All logins are carried through a doubly encrypted channel using industry standard ssh RSA encryption.
Public key authentication
On installation, your system will generate a public and private key pair used solely to allow our engineers to access your system. The public key is then securely transmitted to us. By default, the public key is not included within your 'authorized keys', i.e. we cannot use it to log in. The public key is only included within your authorized keys when you turn remote support on.
Our login is made using a tunnelled ssh connection. This tunnel is not set up unless and until remote support is switched on. Provided your firewall allows outbound https connections (which most do), we can provide you with remote support.
Sending support bundles
You can send Flexiant a support bundle by using the following command:
If you have a multiple machine management stack, you may wish to execute this on each machine.
The support bundle that is sent consists of your configuration (with passwords and other sensitive data stripped out), logs, and various information about your hardware and operating system that may be of help to Flexiant in diagnosing any problems. The support bundle is submitted over an encrypted SSL session.
If you have remote support switched on, a bundle is also sent whenever you use the
If you do not wish to send support bundles to be submitted to Flexiant, then:
- Do not use the
- Do not switch remote support on
Note that as switching remote support on gives full access to the system, there is no additional privacy risk in using the
send-bundle comand. Conversely, note that as the
send-bundle command does not submit the entire state of the system, resolving some problems may require remote support to be switched on, as the information within the support bundle may not be sufficient.