1. Manuals
  2. Brands
  3. VERITAS Manuals
  4. Network Hardware
  5. Access 3340
  6. Instruction manual

VERITAS 3340 Instruction Manual

Hide thumbs Also See for 3340:
Table of Contents

Advertisement

Quick Links

Download this manual
Veritas Access Appliance
8.2 Initial Configuration
Guide

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the 3340 and is the answer not in the manual?

Questions and answers

Related Manuals for VERITAS 3340

Summary of Contents for VERITAS 3340

  • Page 1 Veritas Access Appliance 8.2 Initial Configuration Guide...
  • Page 2 Technologies LLC or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This product may contain third-party software for which Veritas is required to provide attribution to the third party (“Third-party Programs”). Some of the Third-party Programs are available under open source or free software licenses.
  • Page 3 Japan CustomerCare_Japan@veritas.com Documentation Make sure that you have the current version of the documentation. Each document displays the date of the last update on page 2. The latest documentation is available on the Veritas website: https://www.veritas.com/content/support/en_US/dpp.Appliances.html Documentation feedback Your feedback is important to us. Suggest improvements or report errors or omissions to the documentation.

  • Page 4: Table Of Contents

    Chapter 2 Preparing to configure the appliance ......12 Initial configuration requirements ............. 12 About obtaining IP addresses for Veritas Access ......... 14 Network and firewall requirements ........... 18 About network connections for the appliance ........27 Chapter 3 Configuring the appliance for the first time ....
  • Page 5 Contents Resetting the IPMI on an appliance node ........52 Chapter 6 Resetting the appliance to factory settings ....54 About appliance factory reset ............54 Performing factory reset for cluster nodes .......... 55 Chapter 7 Appliance security ............. 57 About Access Appliance security .............

  • Page 6: Getting To Know The Access Appliance

    ■ About the Veritas Access Appliance The appliances are rack-mounted servers that run the Veritas Optimized Operating System, a Linux-based operating system. The OS, the appliance software, and the Access application come preinstalled and optimized for the server hardware and disk storage units.
  • Page 7 Interface (IPMI) network port on the back of each appliance node. For the best support and initial configuration experience, Veritas recommends that you configure the IPMI port and make it accessible on your network. You can use the Veritas Remote Management Console for the...

  • Page 8: Using The Access Appliance Shell Menu

    Access software on the appliance. The Access shell menu becomes available over SSH on the console IP address after the appliance cluster is configured. For more information about the Access interfaces, refer to the Veritas Access Administrator's Guide. “Using the Access Appliance shell menu”...

  • Page 9: About Licensing The Access Appliance

    Veritas reserves the right to ensure entitlement and compliance through auditing. For more information about the Veritas Access product licensing, refer to the Veritas Access GUI Online Help. If you encounter problems while licensing this product, visit the Veritas licensing support website.

  • Page 10: About Subscription Licensing

    You can only provide the license file from the local system, the path is not ■ supported through the GUI. If you add the Veritas Access license using the Veritas Access shell menu: You can add the license using the command. The ■...
  • Page 11 Veritas Access Appliance Command Reference Guide ■ Veritas Access 3340 Appliance Product Description ■ Veritas Access 3350 Appliance Product Description ■ Veritas Access 3340 Appliance Hardware Installation Guide ■ Veritas Access 3350 Appliance Hardware Installation Guide ■ Veritas Access 3360 Appliance Product Description ■...

  • Page 12: Preparing To Configure The Appliance

    Chapter Preparing to configure the appliance This chapter includes the following topics: Initial configuration requirements ■ About obtaining IP addresses for Veritas Access ■ Network and firewall requirements ■ About network connections for the appliance ■ Initial configuration requirements Review the information in this topic before you perform the initial configuration on the Veritas Access Appliance.
  • Page 13 Required DNS settings Veritas strongly recommends that you configure DNS on the appliance node. The IP address assigned to the eth1 network interface must be resolved to a valid host name via the DNS server lookup or the local hosts file. A unique DNS entry is required for eth1 on each node.

  • Page 14: About Obtaining Ip Addresses For Veritas Access

    Table 2-1 Method Description Veritas Remote You can use the Veritas Remote Management Console to launch a virtual Management KVM of the Access Appliance shell menu as if you were using a keyboard Console and mouse that are connected directly to the appliance.
  • Page 15 Preparing to configure the appliance About obtaining IP addresses for Veritas Access Note: The IP type (IPv4 or IPv6) can be different on different networks. In a single network, the IP type must be consistent (either IPv4 or IPv6). Table 2-2...
  • Page 16 0 to 4 Physical IP addresses for public network access over eth4 and eth5 for the Access 3340 Appliance model or over eth4 and eth6 for the Access 3350 and 3360 Appliance models. You can choose to have zero physical IP addresses configured during the initial configuration, and later configure them as and when required.
  • Page 17 The bonded network interface increases data throughput and provides redundancy. For the Access 3340 Appliance model, when you configure network bonding for public network access, bond0 is created, which groups eth4 (pubeth0) and eth5 (pubeth1) into a single logical network interface. For the Access 3350 and 3360...

  • Page 18: Network And Firewall Requirements

    Appliance ports In addition to the ports that are used by the Veritas Access software, the appliance also provides for both in-band and out-of-band management. The out-of-band management is through a separate network connection, the Remote Management Module (RMM), and the Intelligent Platform Management Interface (IPMI).
  • Page 19 Outbound ports Table 2-5 Port Service Description Open on Open on interface interface (3340 model) (3350 model) (3360 model) HTTPS Call Home eth1, eth2, eth3, eth1, eth2, eth3, notifications to eth4, eth5 eth4, eth5, eth6, Veritas...
  • Page 20 Preparing to configure the appliance Network and firewall requirements Outbound ports (continued) Table 2-5 Port Service Description Open on Open on interface interface (3340 model) (3350 model) (3360 model) 10102 spad Veritas Data eth4, eth5 eth4, eth5, eth6, Deduplication eth7 manager ** This port number can be changed within the appliance configuration to match the remote server.
  • Page 21 + NetBackup Integrated storage manager * Veritas Remote Management – Remote Console ++ Once the NFS service is shut down, the vulnerability scanners do not pick up these ports as threats. Note: Port 7578 is for the unencrypted mode. Ports 7582 and 5127 are for the encrypted mode.
  • Page 22 Preparing to configure the appliance Network and firewall requirements Default Veritas Access ports (continued) Table 2-7 Port Protocol Purpose Impact if Open on Open on blocked interface interface Service (3340 model) (3350 model) (3360 model) Communication Domain eth1, eth2, eth3,...
  • Page 23 Preparing to configure the appliance Network and firewall requirements Default Veritas Access ports (continued) Table 2-7 Port Protocol Purpose Impact if Open on Open on blocked interface interface Service (3340 model) (3350 model) (3360 model) syslog Logging Syslog eth1, eth2, eth4,...
  • Page 24 Preparing to configure the appliance Network and firewall requirements Default Veritas Access ports (continued) Table 2-7 Port Protocol Purpose Impact if Open on Open on blocked interface interface Service (3340 model) (3350 model) (3360 model) 56987 Replication File Access eth1, eth2, eth3,...
  • Page 25 Table 2-8 shows some of the most-common TCP and UDP ports that NetBackup uses to transfer information. For more information, see the Veritas NetBackup Security and Encryption Guide. Default NetBackup TCP and UDP ports...
  • Page 26 Network and firewall requirements Default NetBackup TCP and UDP ports (continued) Table 2-8 Port Range Protocol Open on interface Open on interface (3340 model) (3350 model) (3360 model) 13720-13722 TCP, UDP eth1, eth2, eth3, eth4, eth5 eth1, eth2, eth3, eth4,...

  • Page 27: About Network Connections For The Appliance

    (3340 model) (3350 model) (3360 model) LDAP SSL eth1 eth1 3269 LDAP GC SSL eth4, eth5 eth4, eth5, eth6, eth7 About network connections for the appliance The following diagram shows how to connect the Access 3340 Appliance model to the network:...
  • Page 28 Preparing to configure the appliance About network connections for the appliance Note: The management network and the data network can be the same. The following diagram shows how to connect the Access 3350 and 3360 Appliance models to the network:...
  • Page 29 During initial configuration, assigning public and virtual IP addresses for the public network interfaces is optional. The public network interfaces for the appliance models are: Model Public network interfaces 3340 eth4 and eth5 3350 eth4, eth6, eth5, and eth7 3360...
  • Page 30 3340 model and connect eth4 and eth6 to a data switch for a 3350 model. Otherwise, the initial configuration precheck failed. The eth5 and eth7 public interfaces of a 3350 model could be left disconnected.
  • Page 31 About network connections for the appliance Network connectivity for bonding To configure bonding during initial configuration, for a 3340 model, you must connect eth4 and eth5 to the data network switch even if you don't assign any IP address during the initial configuration. To configure bonding during initial configuration for a 3350 or a 3360 model, you must connect eth4 and eth6 to the data network switch even if you don't assign any IP addresses during the initial configuration.

  • Page 32: Configuring The Appliance For The First Time

    IP range. After the initial cluster configuration is complete, you can configure additional data networks. The Veritas Access Appliance initial configuration process is broken into two phases. The first phase requires that you perform each configuration step on each individual node.
  • Page 33 User name: admin ■ Password: P@ssw0rd (where 0 is a zero) ■ Veritas recommends that you access the shell menu using the Veritas Remote Management Console over the appliance IPMI port. “Configuring the IPMI port on an appliance node” on page 51.
  • Page 34 See the "Setting up AutoSupport on the appliance" section in the Veritas Access Appliance Administrator's Guide. See the "Using a proxy server with the appliance" section in the Veritas Access Appliance Administrator's Guide. Step 9 Configure the appliance to send notifications and alerts.

  • Page 35: Configuring The Access Cluster On The Appliance

    10. Configuring the Access cluster on the appliance This procedure configures the Veritas Access cluster on the appliance. This procedure is only performed during the initial configuration of the appliance. Ensure that you complete all of the other necessary steps in the initial configuration process before you configure the cluster.
  • Page 36 Configuring the appliance for the first time How to configure the Access Appliance for the first time To configure the Veritas Access cluster on the appliance: Log in to the Access Appliance shell menu of one of the appliance nodes using...
  • Page 37 How to configure the Access Appliance for the first time Specify whether you want to configure network bonding for the public network interfaces. For the Access 3340 Appliance model, you can configure network bonding for eth4 and eth5. For the Access 3350 Appliance model and the Access 3360 Appliance model, you can configure network bonding for eth4 and eth6.
  • Page 38 If you enter 0, no public IP address is configured and you are not prompted to specify the IP addresses. “About obtaining IP addresses for Veritas Access” on page 14. Enter the number of virtual IP addresses to assign to each network interface in the data network.
  • Page 39 Configuring the appliance for the first time How to configure the Access Appliance for the first time Enter the host name for the nodes. The host name must be at least 3 and no more than 63 characters long. Enter the IP address or the FQDN of the NTP server. If you specify the FQDN of the NTP server, you must configure the DNS server.
  • Page 40 60 years. You can also change the lockdown mode after the cluster is configured. For details, see the Veritas Access Appliance Administrator's Guide. Create at least one new administrator user account, which you can use to log in the cluster after it is configured. You can create a maximum of 10 administrator user accounts.
  • Page 41 Change the known default password of the maintenance and IPMI (if the sysadmin account uses the default password) user accounts. Veritas enforces changing the known default passwords during the initial configuration to ensure that the default passwords do not remain active on the node.
  • Page 42 Configuring the appliance for the first time How to configure the Access Appliance for the first time Appliance user interface addresses Table 3-4 Interface IP address Access Appliance shell menu for node 1 Node 1 eth1 IP over SSH Access Appliance shell menu for node 2 Node 2 eth1 IP over SSH Access shell menu Console IP over SSH...

  • Page 43: Getting Started With The Veritas Access Gui

    IP address where the web interface is hosted. The URL to access the UI is displayed during the initial configuration. The URL to access the UI is also displayed when you log in to the Veritas Access command-line interface using the command.
  • Page 44 Accessing the Veritas Access web interface You have the option to provision storage or go directly to the Dashboard. You can provision storage for Veritas Data Deduplication, for S3 buckets for NetBackup, or you can click the link to view more options for provisioning storage.

  • Page 45: Network Connection Management

    Configuring network address settings on the appliance nodes ■ Configuring VLAN settings on the appliance nodes ■ About the Veritas Remote Management Console ■ Configuring network address settings on the appliance nodes You can configure the network settings for the eth1 network interface of an appliance node.

  • Page 46: Deleting Network Settings On Appliance Nodes

    Network connection management Configuring network address settings on the appliance nodes To configure the appliance node to communicate with one network: Log on to the Access Appliance shell menu on the desired node. Enter the following command to verify which network ports and bonds are plugged and available for configuration: show network interface Enter the following command to configure the appliance to connect to a single...

  • Page 47: About Nic1 (Eth0) Port Usage On The Appliance Nodes

    About IPv4-IPv6-based network support on the Access Appliance Note: This topic applies only to eth1 of the appliance nodes. This port is used for appliance management and not for the Veritas Access software. You can assign either an IPv4 or an IPv6 address to the eth1 interface.

  • Page 48: Configuring Vlan Settings On The Appliance Nodes

    Network connection management Configuring VLAN settings on the appliance nodes Configuring VLAN settings on the appliance nodes You can configure the VLAN settings for the eth1 network interface of an appliance node. Only one VLAN can be configured for the eth1 management network interface. You cannot change the settings from the Access Appliance shell menu when the node is a part of the cluster.

  • Page 49: Deleting A Vlan

    Veritas recommends that you configure the IPMI port and make it accessible on your network. The Veritas Remote Management Console is beneficial after an unexpected power outage shuts down the connected system. In case the appliance node is not...
  • Page 50 Remote Management Port Out of band management using IPMI Remote Management Console You can use the Veritas Remote Management Console for the following: Manage an appliance node that is turned off or unresponsive. Turn on, turn off, ■ or restart the appliance node from a remote location.

  • Page 51: Configuring The Ipmi Port On An Appliance Node

    Exit If you have already connected the IPMI port to your network with a Cat5 ethernet cable, check that you can reach the Veritas Remote Management Console using the new address in a web browser. “Resetting the IPMI on an appliance node”...

  • Page 52: Resetting The Ipmi On An Appliance Node

    “Resetting the IPMI on an appliance node” on page 52. “Configuring the IPMI port on an appliance node” on page 51. Resetting the IPMI on an appliance node If the Veritas Remote Management Console stops responding, you can reset it using the command. system ipmi reset...
  • Page 53 The IPMI starts resetting in the background. Wait for 2 minutes before you attempt to reconnect to the Veritas Remote Management Console. If you cannot access the Veritas Remote Management Console after resetting the IPMI, perform the following steps: Schedule a convenient time for the appliance node shutdown and alert all ■...

  • Page 54: Resetting The Appliance To Factory Settings

    When you initiate the factory reset, you can choose to retain the network configuration. In addition, you can specify whether to restart the appliance after the factory reset completes. Veritas recommends that you choose to automatically restart the appliance to avoid restarting the appliance manually.

  • Page 55: Performing Factory Reset For Cluster Nodes

    If you choose not to erase the disks, specify whether you want to restart the nodes after the factory reset is complete. Veritas recommends that you choose to restart the nodes automatically after the factory reset operation is complete.
  • Page 56 Resetting the appliance to factory settings Performing factory reset for cluster nodes Review the selected options and the summary of changes. The following message is displayed. If you want to begin the factory reset operation, enter yes. >> Caution: The appliance is ready for factory reset. This process cannot be reversed! Do you want to proceed? [yes, no] (no) yes The factory reset process starts and the following messages are displayed if you opted to erase the disks:...

  • Page 57: Chapter 7 Appliance Security

    Each new version of Access appliance software and hardware is verified for vulnerabilities before release. Depending on the severity of issues found, Veritas releases a patch or provides a fix in a scheduled major release. To reduce the risk of unknown threats, Veritas regularly updates the third-party packages and modules in the product as part of regular maintenance release cycles.

  • Page 58: About Access Appliance User Account Privileges

    Appliance security About Access appliance user account privileges About Access appliance user account privileges Local user accounts are one mechanism to prevent unauthorized access to Access data on the appliance. Only the user can configure and modify appliance admin settings. The following are some of the tasks that can be performed by appliance local users: Log on to the Access Appliance shell menu over ssh ■...

  • Page 59: About Forced Password Changes

    Appliance security About forced password changes The password must contain a minimum number of eight different characters. ■ The password must be retained for a minimum of 1 day before changing it. ■ The password must be changed after a maximum of 60 days. ■...

  • Page 60: About The Access Appliance Intrusion Detection System

    The appliance is preconfigured with a Maintenance user account. This account is used during the initial appliance configuration process to configure the various subsystems of the appliance and Veritas Access. command also lets you log into this account and opens a...

  • Page 61: Reviewing Sdcs Events On The Access Appliance

    “Auditing the SDCS logs on an Access Appliance” on page 61. Auditing the SDCS logs on an Access Appliance There are several ways to audit the SDCS logs on a Veritas Access Appliance node. Basic search To do a basic SDCS log search Log on to the Access Appliance shell menu.
  • Page 62 Appliance security About the Access Appliance intrusion detection system Severity ■ Event type ■ You can filter the SDCS logs by each individual attribute. To filter SDCS log entries by date: Log on to the Access Appliance shell menu. (Optional) Enter the following command to view all of the events that occurred on a specific day: show sdcs-audit view search to-date=date where date is the day in the...
  • Page 63 Appliance security About the Access Appliance intrusion detection system To search based on multiple attributes Log on to the Access Appliance shell menu. Enter the show sdcs-audit search event-id=eventid event-type=eventtype from-date=fromdate to-date=todate command. severity=severitycode search-string=text where eventid is the audit log event ID ■...

  • Page 64: About Sdcs Event Type Codes And Severity Codes On An Access Appliance Node

    Appliance security About the Access Appliance intrusion detection system About SDCS event type codes and severity codes on an Access appliance node SDCS severity codes Table 7-1 Code Description Details Critical Activity or problems that might require administrator intervention to correct. Error Information Information about normal system operation.
  • Page 65 Appliance security About the Access Appliance intrusion detection system SDCS event codes Table 7-2 (continued) Code Description DNTL NT Event Log DRGW Registry Watch DSYS SysLog DUC2 Unix C2 Security DWTM WTMP/BTMP MBIN Server Error MCOM Common Status MCON Agent Config Status MEFR File Received MERR...

  • Page 66: Changing The Sdcs Log Retention Settings On An Access Appliance Node

    Appliance security About the Access Appliance intrusion detection system SDCS event codes Table 7-2 (continued) Code Description TRAC Tracking/Debugging Note: You can also get this list of SDCS event type codes by typing the following command in the Access Appliance shell menu show sdcs-audit view event-type-codes “Auditing the SDCS logs on an Access Appliance”...

  • Page 67: About The Access Appliance Intrusion Prevention System

    About Access appliance operating system security The Access appliance runs a customized Linux operating system (OS) provided by Veritas. Each new appliance software release includes the latest appliance OS, Access software, bug fixes, and security patches. In addition to regular security patches and updates,...

  • Page 68: Vulnerability Scanning Of The Access Appliance

    Any new vulnerabilities that pose a security threat to the appliance are then patched in routine software releases. For high-severity vulnerabilities, Veritas may choose to issue a patch in an emergency engineering binary (EEB). The following table lists the software products that were used to scan the Access appliance.

  • Page 69: Disabled Service Accounts On The Access Appliance

    Appliance security About data security on the Access appliance Disabled service accounts on the Access appliance The following service accounts are disabled in the appliance operating system and software platform: Batch jobs daemon ■ ■ DHCP server daemon ■ FTP account ■...

  • Page 70: About Data Integrity On The Access Appliance

    CRC digital signatures and compares it with the original signature to detect if there has been any unwanted tampering or corruption in the storage. Encryption of data in transit and at rest for services like the Veritas Cloud Service ■ and AutoSupport.
  • Page 71 IPMI connection always takes place over HTTPS. Web Session Timeout 1800 LDAP Settings Veritas recommends that you should enable LDAP authentication, if possible in your environment. SSL Upload Veritas recommends that you import a new or custom SSL certificate.

  • Page 72: Replacing The Default Ipmi Ssl Certificate On The Access Appliance

    Appliance security Recommended IPMI settings on the Access appliance Warning: If the cipher 0 enabled on a channel, it allows anyone to perform any IPMI action with no authentication, effectively subverting IPMI security entirely. Disable it at all costs. Only use ciphers 3, 8, and 12. ■...
  • Page 73 PEM format called ipmi.pem cat ipmi.crt ipmi.key > ipmi.pem Log on to the Veritas Remote Management Console. Note: If you need to access the Veritas Remote Management Console from another computer, copy the file to that computer. ipmi.pem On the Configuration tab, select SSL from the left pane.

This manual is also suitable for:

33503360

Table of Contents