Page tree
Skip to end of metadata
Go to start of metadata

Flexiant Cloud Orchestrator includes the ability for Flexiant's support staff to support your installation remotely. This functionality is called "Remote Support". When enabled, Remote Support gives Flexiant's engineers full access to the system. Remote Support is turned off by default.

The Remote Support system also allow you to send a 'bundle' to us, so that we can remotely analyse any problems that you have.

Controlling Remote Support

To enable remote support, log in as root and type:

remote-support on

To disable remote support, log in as root and type:

remote-support off

Advanced users may wish to enable remote support on a global basis. This is done by inserting the following line into /etc/extility/local.cfg:

REMOTE_SUPPORT_ENABLED=1

Once you have rebuilt your configuration, remote support is enabled globally, in which case it cannot be switched off using the remote-support command.

Flexiant's ability to support your system depends upon you being able to enable remote support. As a matter of company policy, we cannot, in general, access systems in a manner other than using our secure remote support channel.

Disabling Remote Support

Remote support can be disabled using:

remote-support off

and checking that the line

REMOTE_SUPPORT_ENABLED=1

does not exist in /etc/extility/local.cfg.

However, this does not prevent an administrator from turning it on again. In a situation where remote support is in contravention of internal security guidelines, it may be desirable to disable remote support permanently. This can be achieved by executing the following command on all management servers:

aptitude purge extility-remote-support


Note that if you disable remote support permanently, then you will not be able to enable it, and Flexiant will not be able to access your system to provide remote support, and thus to honour any support obligations under your contract.

Security and Operation of Remote Support

Remote Support uses many layers of security to ensure that your server remains secure:

Service switched off by default

For maximum security, Remote Support is switched off by default. You can enable it only when you wish Flexiant's engineers to have access to the system.

Doubly encrypted channel

All logins are carried through a doubly encrypted channel using industry standard ssh RSA encryption.

Public key authentication

On installation, your system will generate a public and private key pair used solely to allow our engineers to access your system. The public key is then securely transmitted to us. By default, the public key is not included within your 'authorized keys', i.e. we cannot use it to log in. The public key is only included within your authorized keys when you turn remote support on.

Tunnelled operation

Our login is made using a tunnelled ssh connection. This tunnel is not set up unless and until remote support is switched on. Provided your firewall allows outbound https connections (which most do), we can provide you with remote support.

Sending support bundles

You can send Flexiant a support bundle by using the following command:

send-bundle

If you have a multiple machine management stack, you may wish to execute this on each machine.

The support bundle that is sent consists of your configuration (with passwords and other sensitive data stripped out), logs, and various information about your hardware and operating system that may be of help to Flexiant in diagnosing any problems. The support bundle is submitted over an encrypted SSL session.

If you have remote support switched on, a bundle is also sent whenever you use the build-config command.

If you do not wish to send support bundles to be submitted to Flexiant, then:

  • Do not use the send-bundle command
  • Do not switch remote support on

Note that as switching remote support on gives full access to the system, there is no additional privacy risk in using the send-bundle comand. Conversely, note that as the send-bundle command does not submit the entire state of the system, resolving some problems may require remote support to be switched on, as the information within the support bundle may not be sufficient.

  • No labels