Cisco Remote Troubleshooter Application for APIC-EM User Guide, Release 1.5.0.x

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Book Contents
Find Matches in This Book
Available Languages
Download Options

Book Title

Cisco Remote Troubleshooter Application for APIC-EM User Guide, Release 1.5.0.x

Chapter Title

Remote Troubleshooter App

Results

Updated:
June 23, 2017

Chapter: Remote Troubleshooter App

Remote Troubleshooter App

This guide provides the following topics:

Prerequisites

Before you use the Remote Troubleshooter application, ensure that you have internet connectivity, with at least one of the following ports enabled for outgoing SSH connections: 22, 25, 53, 80, 443, and 4766.

Remote Troubleshooter Overview

This Cisco APIC-EM release supports the new Remote Troubleshooter application. This application uses the Cisco IronPort infrastructure to create a tunnel that enables a support engineer to connect to an APIC-EM cluster and troubleshoot issues with your system. The app uses outbound SSH to create a secure connection with the cluster through this tunnel.

As an administrator, you can use the Remote Troubleshooter application to control when a support engineer has access to a particular cluster and for how long (since a support engineer cannot establish a secure tunnel on their own). The app will indicate whenever a support engineer establishes a remote access session, and you can end a session at any time by disabling the tunnel they are using.

By default, a technical support tunnel remains open for 24 hours, but you can extend its duration beyond 24 hours (if necessary). However, we recommend that you or the support engineer close the tunnel as soon as all of the troubleshooting work is complete.

Using the Remote Troubleshooter

The following procedure describes how to enable the Remote Troubleshooter app and use it to manage access to a particular APIC-EM cluster:

    Step 1   Enable the Remote Troubleshooter app:
    1. From the global toolbar, open the Administrative Functions menu and then select APIC-EM > App Management.

      The Controller Management page opens with the Applications tab selected by default.

    2. In the Installed Applications table, locate the TechnicalSupportTunnel entry and then click Enabled from the Status column.

      The Remote Troubleshooter app icon is now displayed in the navigation pane.

    Step 2   Create the tunnel a support engineer will use to securely access the APIC-EM cluster that needs to be evaluated:
    1. From the navigation pane, open the Remote Troubleshooter app.
    2. Click the Technical Support Tunnel toggle.

      The Duration field appears with 24 Hours (the default value) set.

    3. Click Save.

      The Remote Troubleshooter page updates, indicating one of the following:

      • A secure tunnel has been established.

      • Authentication failed.

      • The tunnel server is currently unreachable.

      Note   

      If authentication failed, Cisco APIC-EM will continue to attempt authentication every 5 minutes for the next 30 minutes. If authentication fails after those attempts, the tunnel you are trying to create is disabled automatically.

      After a tunnel has been created, the Remote Troubleshooter page updates, indicating the number of support engineers that currently have remote access sessions open with the APIC-EM cluster in question and the time remaining until the tunnel will be disabled.

    Step 3   Click the Show Details link to open a dialog box that provides the following information for the tunnel you just created:

    • The ID of the controller that the tunnel is connected with.

    • The tunnel’s password.

    You will need to share this information (preferably via secure means) with the appropriate support engineer.

    This dialog box also lists the SSH key generated for the tunnel. Cisco APIC-EM maintains a copy of every SSH key it has generated. If you reenable a particular tunnel at a later point in time, you can reuse the SSH key that was generated for it previously, generate a new key, or reset the key by assigning it with a new value.

    Step 4   (Optional) Extend the duration of a tunnel session by choosing the desired value (in hours) from the Increase By drop-down list and then clicking Save.
    Step 5   (Optional) To end a tunnel session before the time allotted to it has expired, click the Technical Support Tunnel toggle (ensuring that Disable is selected) and then click Save.

    Note than any support engineers currently connected to the APIC-EM cluster will lose access.

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco