Remote Support

Applies to Product: USM Appliance™ LevelBlue OSSIM®

The Remote Support feature in USM Appliance opens a secure, encrypted connection to the LevelBlue Support Server through the web UI or the LevelBlue Console. This allows the LevelBlue Support staff to access, diagnose, and resolve any problems occurring with a USM Appliance component. Remote Support allows the LevelBlue Support staff to work on solving the issues independently, after you have connected your USM Appliance components to the Support Server.

All data exchanged with LevelBlue Support is encrypted for security. The information exchanged is only available to LevelBlue Support or the Engineering teams.

Typically, you open a ticket with LevelBlue Support first and only establish a remote support connection upon their request. You can establish multiple sessions using the same ticket number for different USM Appliance components. But a support engineer may ask you to open a new ticket if it is an unrelated issue. During the remote support session you can communicate with the LevelBlue Support team by phone or email at any time.

Prerequisites

To use Remote Support, you will need

  • The ticket number you received from LevelBlue Support.
  • An Internet connection for the machine establishing the remote connection.

  • A connection to TCP Ports 22 and 443 at tractorbeam.alienvault.com (50.16.174.234).

    This connection allows for communication between the Support Server and the USM Appliance component being diagnosed. Your Domain Name System (DNS) must be able to resolve the IP address of tractorbeam.alienvault.com within 20 seconds, otherwise the connection will fail.

    Important: Because SSH does not support a proxy configuration, you cannot use a proxy server for remote support.

Use Remote Support

You can establish the remote support connection either from the USM Appliance web UI or the LevelBlue Console.

To run remote support from the USM Appliance web UI

  1. At the top menu, go to Support > Support Tools > Remote Support.
  2. From the Add Connection list, select the component you want LevelBlue Support to diagnose.

  3. In the Ticket Number field, type the 8-digit ticket number.

    Important: Be careful not to include any spaces before or after the ticket number.

  4. Click Connect.

    USM Appliance displays a status message indicating that it is in the process of establishing a tunnel.

    Remote Support page wh Establishing tunnel message.

    Note: If the Support Server cannot validate the ticket number, USM Appliance displays an error message. If this occurs, contact LevelBlue Support again.

    After the Support Server establishes a connection, the Open Connections table displays the active connections to the components being diagnosed, and their respective ports.

    Remote Support page wh Successfuly connected message.

    The Support Server also sends you an automated email that it has made a connection.

    When LevelBlue Support completes work on the issue, they communicate their results and update the ticket. You can request a log of all their activity at this point, or you can request it later by phone or email.

  5. After the troubleshooting session ends, click Disconnect next to the active connection you want to end.

    You should receive another automated email informing you that the connection has ended.

To run remote support from the LevelBlue Console

  1. Connect to the LevelBlue Console through SSH and use your credentials to log in.

    The LevelBlue Setup menu displays.

  2. Select Support and click OK.

    AlienVault Setup menu with Support selected.

  3. On the Remote Support screen, type the 8-digit ticket number, and click OK.

    Important: Be careful not to include any spaces before or after the ticket number.

    A black screen appears and your request begins processing. This may take several seconds.

    When the connection is established with the Support Server, the following message appears:

    Connected to AlienVault Support. Press [Enter] to continue.

    You also receive an automated email that a connection has been made.

  4. Press Enter.

    The console returns you to the Support screen.

    When LevelBlue Support completes work on the issue, they communicate their results, and update the ticket. You can request a log of all their activity at this point, or you can request it later by phone or email.

  5. To disconnect, from the Support screen, select Remote Support.

    The Manage Connectivity information screen appears and prompts you with the following message:

    Are you sure you want to disconnect from AlienVault Remote Support?

  6. Click Yes.

    The black screen reappears. After several seconds you receive a notification that the secure connection has disconnected.

    Disconnected from AlienVault Remote Support message.

    You will also receive another automated email informing you that the connection has ended.