Salesforce

How to open a secure Support Tunnel for use by Unitrends Support.

Printable View
« Go Back
Information
000002571
Details about what support tunnels are and how to allow connections through a firewall.
Unitrends Backup; Recovery Series
RS/UB 10.3; RS/UB 10.2; RS/UB 10.1; RS/UB 10.0; RS/UB 9.2; RS/UB 9.1; RS/UEB 9.0; RS/UEB 8.2; RS/UEB 8.1; RS/UEB 8.x; RS/UEB 7.x
Details

What is a support tunnel?

What password is needed?

What ports need to be opened in my firewall in order to create a support tunnel?

Requirements for Remote Support

Please provide the Asset Tag for Unitrends System that we will be supporting along with confirmation of the Support Tunnel being started and SSH root user password. If you receive a 5 digit tunnel number after starting the Support Tunnel, it indicates that your system needs the iTivityagent update. Please follow the instructions in KB 4056 to download and install the latest code, they try open the Support Tunnel again.
 

Password

We will be using the SSH user of root for our Support session (same user used to reboot the Unitrends system). If you have changed the default password, please provide to us a password we can use. If you do not recall the password or you need to change it, please follow the instructions in the KB 2392 titled "How to Reset the SSH Root Password."
 

How to Open the Secure Support Tunnel


Using the Web Administrative Interface

  • In 9.x and newer systems (HTML5 Satori /ui/): Click the question mark (?) then click OPEN SUPPORT TUNNEL.
User-added image
 
  • Legacy UI (NO LONGER USED): In 8.2 and older systems (Legacy /recoveryconsole/): Click About. From the center window, click Support Tunnel
User-added image
 

How do I open a tunnel for support from the command shell?

  1. Connect to the Unitrends System using an SSH Terminal program (e.g. PuTTY)
  2. Log in as the user root. By default, the password is unitrends1
  3. Once at the command prompt, execute this command to start the Support Tunnel:
># dpu support

 

NOTE: If you receive a 5 digit tunnel number after starting the Support Tunnel, it indicates that your system needs the iTivity agent update. Please follow the instructions in KB 4056 to download and install the latest code.

Warning: Unitrends highly recommends against using any form of the string 'unitrend' in any password. Any password containing this phrase, in either the UI or OS, should be changed immediately. See also Password Reset: How to reset the root password of the Web Administrative Interface on your Unitrends system.

How to close the Support Tunnel

Repeating the process to open the tunnel, will close the tunnel, with confirmation.
In order to facilitate speedy resolution of issues that may arise on the Unitrends appliance there is a built in utility that you can start whereby the Unitrends Engineer can remotely access the DPU.


What is a support tunnel?  

The Support Tunnel is a connection from a source appliance to a Unitrends hosted system that allows secure reverse tunneling to the unit itself for support and diagnostic purposes.  All traffic through the Support Tunnel is encrypted for your protection.  A support tunnel is open and accessible only once the feature has been manually activated it.  It is an outgoing port only, and cannot be remotely initiated.  It can be closed at any time.  

The connection is through a server and communication is encrypted. All activity is logged normally no different from a user at the physical console or accessing the web UI.  The tunnel does not provide subnet access to the local network directly, only to the appliance itself. Any actions a Unitrends Support takes through a tunnel will be with your express consent and under a trusted partner relationship.  

The tunnel provides command line and UI access to the appliance over a temporary network link.  It is the most efficient manner for a Unitrends Support Engineer to remotely diagnose, patch, or maintain a Unitrends physical or virtual appliance.  Though most maintenance and support is convenient enough to complete through a webex session, many processes including disk management, database maintenance, replication diagnosis and monitoring, as well as working to find elusive issues are inconvenient or impossible to complete over a sustained webex session.  Direct access to a unit provides Unitrends the opportunity to perform maintenance and advanced diagnostics including as necessary engaging senior engineers and developers while minimizing scheduling constrains and unnecessary desktop sharing sessions.  

If security requirements prevent this type of access, the effort required and the resolution time may be negatively impacted.

What Ports are used for access?

For the most recent list of information, please see KB 3983: "Which ports does Unitrends Support need open in my Internet firewall?"

Please allow the following servers to communicate with the Unitrends system. These servers allow Unitrends Support to help you diagnose, troubleshoot, and resolve most issues remotely:
  • support-itivity.unitrends.com (209.49.153.198): This is the Primary Secure Tunnel Server.  Port 80 is used for negotiation and Port 443 for all communication and traffic. It is an outgoing TCP port only.
  • itivity-backup.unitrends.com (66.3.5.165): This is the Secondary Secure Tunnel Server, a backup/failover for support-itivity.unitrends.com. Port 80 is used for negotiation and Port 443 for all communication and traffic.  It is an outgoing TCP port only.
  • IMCP Traffic to repo.unitrends.com
 
Meta
Gears GearsCRM
Janelle Thurston
Powered by