Dear Customer, In preparation for the HP-3PAR InServ Storage installation you will be requested to fill in the Systems

Assurance Document (SA-DOC). The information requested in the SA-DOC sheets, named SP Configuration and Secure Network Configuration, is used to configure the InServ communication with the HP-3PAR support portal. As part of the installation, we will setup and verify the connectivity to the HP-3PAR support portal. In order to accomplish this, we are presenting you with this document, explaining different connectivity options and the network requirements, so that you can get the network configured in advance. The following two connectivity options are available for outbound (Diagnostic Data Transfer) and inbound (Remote service) connections. SP Mode (will be retired soon). Secure Network Mode

If you choose Secure Network Mode (SNM), both the sheets in the SA-DOC, named SP Configuration and Secure Network Configuration, are required to be completed. If you prefer to use the SP Mode, then the Secure Network Configuration sheet need not be filled in. Please note that in both modes, you can control how and when communications take place.

Firewall and Port Requirement: Network Requirement Secure Network Mode Your DNS server should allow trilogy.3par.com to be resolved to 66.126.187.154. We can also manually set SNM to use the IP address statically. Port 443 Port 443 N/A SP Mode

3PAR Support Portal IP Address

66.126.187.144

Outbound Connectivity Inbound Connectivity External / NAT IP for Inbound Connectivity

Originates from Ports 1024-65535 to Port22 on connex.3pardata.com Originates from Ports 1024-65535 to Port22 on the service processor Your IP firewall must allow ssh connection between 66.126.187.144 and external IP or NAT IP address assigned to the SP.

Additional Note: Service Processor-to-InServ Communication While not related to remote connectivity to HP-3PAR support portal, if the InServ and the Service

Processor will be placed on different IP networks and there is an IP firewall in between them, the following ports must be opened for communication between the InServ and the Service Processor. Port 22 (SSH) Used for depositing and executing programmatically driven service scripts and for collecting an archive of diagnostic data (known as an InSplore). Port 2540 (CLI) Used for gathering system health information, configuration data, and performance data. Port 5781 (Event Monitor) Used for monitoring system events on the InServ. Secure Network Mode This is the recommended method of connectivity. It is secure, easy for customers to implement in their firewalls, and offers the customers more access control options. Secure Network Mode (SNM) utilizes the HP-3PAR Secure Service Architecture (SSA). The HP-3PAR SSA provides secure service communication between the HP-3PAR InServ Storage Servers at a customers site and HP-3PAR Support Portal, enabling secure diagnostic data transmission and remote service connections. Diagnostic data can be transferred frequently and maintained centrally on a historical basis. As a result, manual intervention in the support process is minimized and pro-active fault detection and analysis is enhanced. Further, with remote operations connectivity for troubleshooting, HP-3PAR Customer Service and Engineering can deliver the fastest, most reliable response and quickest resolution time. The Secure Service Architecture leverages the industry-standard HTTP over Secure Socket Layer (HTTPS) protocol for all external communication, ensuring that the communication is secure and any data transmission is encrypted. The Secure Service Architecture is also firewall-friendly. HP-3PAR only requires that HTTPS Port 443 be enabled on the customers external firewall, and all communication with HP-3PAR support portal is initiated in an outbound manner. If all of the information required is provided, SNM is usually configured during installation time. The customer requirements for SNM are as follows: Port 443 open (industry standard HTTPS port) for file transfer and remote operations This can also be enabled anytime after the install by scheduling the change with the HP-3PAR Service Planning Specialist (SPS) team. The HP-3PAR SPS team will engage the HP-3PAR National Technical Support Specialist (NTSS) or 3PAR Deployment Center (3DC) team to plan and support the activity. The SPS team will also schedule the activity with the customer.

Please note that the inbound connection is only needed for remote operations and it does not need to remain open constantly. Both the inbound and outbound access can be controlled by the customer via the Customer Controlled Access (CCA) setting on the Service Processor. This setting can be modified by the customer at any time.

SP Mode SP mode is the HP-3PAR legacy method of remote connectivity. It also provides secure file transfer between the InServ on the Customer site and HP-3PAR Central in Fremont, CA. This option will be retired in the near future. The protocol for the connection between the Service Processor and HP-3PAR Central is SSH. The following firewall ports at the customer site must be opened to allow the file transfer to take place. For outbound connectivity (file transfer to HP-3PAR support portal) Outbound access from the Service Processor to connex.3pardata.com (66.126.187.144) Originates from ports 1024 65535 to port 22 on connex.3pardata.com and requires all related session traffic to be allowed. For inbound connectivity (remote operations to the InServ) Inbound (remote operations) access from connex.3pardata.com to the Service Processor Originates from ports 1024-65535 TO port 22 on the Service Processor and requires all related session traffic be allowed. Please note that the inbound connection is only needed for remote operations and it does not need to remain open constantly. Both the inbound and outbound access can be controlled by the customer via the Customer Controlled Access (CCA) setting on the Service Processor. This setting can be modified by the customer at any time.

Depending on your preferred mode of connection, we request that the network configuration be completed prior to HP-3PAR InServ installation.