Veritas Access Appliance Initial Configuration and Administration Guide

Last Published:
Product(s): Appliances (7.3.2)
Platform: 3340
  1. Getting to know the Access Appliance
    1.  
      About the Veritas Access Appliance
    2. About the Access Appliance administration interfaces
      1.  
        Using the Access Appliance shell menu
    3.  
      About licensing the Access Appliance
    4. Where to find the documentation
      1.  
        Changes in the Access Appliance document revision
  2. Preparing to configure the appliance
    1.  
      Initial configuration requirements
    2.  
      About obtaining IP addresses for Veritas Access
    3.  
      Network and firewall requirements
  3. Configuring the appliance for the first time
    1. How to configure the Access Appliance for the first time
      1.  
        Configuring the Access cluster on the appliance
  4. Getting started with the Veritas Access GUI
    1.  
      Where to find the Veritas Access GUI
    2. About the Veritas Access 3340 Appliance
      1.  
        Configuring the storage
      2.  
        Configuring an S3 server
      3.  
        Activating an LTR policy
      4.  
        Generating S3 keys
      5.  
        Provisioning the storage
  5. Storage management
    1.  
      About the appliance storage
    2.  
      Viewing the storage on the appliance
    3.  
      Scanning the storage on the appliance
  6. Network connection management
    1. Configuring network address settings on the appliance nodes
      1.  
        About NIC1 (eth0) port usage on the appliance nodes
    2.  
      About VLAN tagging on the appliance
    3.  
      Configuring static routes on the appliance
    4.  
      Configuring DNS and host name mapping on the appliance
    5.  
      About the maximum transmission unit size on the appliance
    6. About the Veritas Remote Management Console
      1.  
        Configuring the IPMI port on an appliance node
      2.  
        Managing IPMI users on an appliance node
      3.  
        Resetting the IPMI on an appliance node
    7.  
      Setting the date and time on the appliance
  7. Monitoring the appliance
    1.  
      About hardware monitoring in the Access GUI
    2. About Veritas AutoSupport on the Access Appliance
      1.  
        Setting up AutoSupport on the appliance
      2.  
        Using a proxy server with the appliance
    3.  
      Setting up email notifications on the appliance
    4.  
      Setting up SNMP notifications on the appliance
    5.  
      Testing the appliance hardware
  8. Resetting the appliance to factory settings
    1.  
      About appliance factory reset
    2.  
      Performing a single node factory reset
    3.  
      Performing a full appliance cluster factory reset
  9. Appliance security
    1.  
      About Access Appliance security
    2. About Access appliance user account privileges
      1. Access appliance admin password specifications
        1.  
          Password encryption and handling on the Access appliance
    3.  
      Changing the Maintenance user account password
    4. About the Access Appliance intrusion detection system
      1.  
        Reviewing SDCS events on the Access Appliance
      2.  
        Auditing the SDCS logs on an Access Appliance
      3.  
        About SDCS event type codes and severity codes on an Access appliance node
      4.  
        Changing the SDCS log retention settings on an Access appliance node
    5. About Access appliance operating system security
      1.  
        Vulnerability scanning of the Access Appliance
      2.  
        Disabled service accounts on the Access appliance
    6.  
      About data security on the Access appliance
    7.  
      About data integrity on the Access appliance
    8. Recommended IPMI settings on the Access appliance
      1.  
        Replacing the default IPMI SSL certificate on the Access appliance
  10. Troubleshooting
    1.  
      About appliance log files
    2.  
      Viewing log files using the Support command
    3.  
      Gathering device logs with the DataCollect command

Network and firewall requirements

Ensure that your network firewall can accommodate the necessary services on the Veritas Access Appliance.

Appliance ports

In addition to the ports that are used by the Veritas Access software, the appliance also provides for both in-band and out-of-band management. The out-of-band management is through a separate network connection, the Remote Management Module (RMM), and the Intelligent Platform Management Interface (IPMI). Open these ports through the firewall as appropriate to allow access to the management services from a remote laptop or KVM (keyboard, video monitor, mouse).

Table: Inbound ports lists the ports open for inbound communication to the appliance.

Table: Inbound ports

Port

Service

Description

22

ssh

In-band management CLI

443

HTTPS

In-band management GUI

5900

KVM

CLI access, ISO & CDROM redirection

623

KVM

(optional, used if open)

2049

HTTPS

NFS++

445

 

CIFS (for the Log/Install shares)

* Veritas Remote Management - Remote Console

++ Once the NFS service is shut down, the vulnerability scanners do not pick up these ports as threats.

Table: Outbound ports lists the ports outbound from the appliance to allow alerts and notifications to the indicated servers.

Table: Outbound ports

Port

Service

Description

443

HTTPS

Call Home notifications to Veritas

Download SDCS certificate

162**

SNMP

Download appliance updates

22

SFTP

Log uploads to Veritas

25

SMTP

Email alerts

389

LDAP

636

LDAPS

514

rsyslog

Log forwarding

** This port number can be changed within the appliance configuration to match the remote server.

Table: Out of band management ports lists the out of band management ports on the appliance.

Table: Out of band management ports

80

HTTP

Out-of-band management (ISM+ or RM*)

443

HTTP

Out-of-band management (ISM+ or RM*)

5900

KVM

CLI access, ISO & CDROM redirection

623

KVM

(optional, used if open)

7578

RMM

CLI access

5120

RMM

ISO & CD-ROM redirection

5123

RMM

Floppy redirection

7582

RMM

KVM

5124

HTTPS

CDROM

5127

USB or floppy

2049

HTTPS

NFS ++

445

CIFS (for the Log/Install shares)

+ NetBackup Integrated storage manager

* Veritas Remote Management - Remote Console

++ Once the NFS service is shut down, the vulnerability scanners do not pick up these ports as threats.

Note:

Ports 7578, 5120, and 5123 are for the unencrypted mode. Ports 7582, 5124, and 5127 are for the encrypted mode.

Veritas Access ports

Table: Default Veritas Access ports displays the default ports that Access uses to transfer information.

Table: Default Veritas Access ports

Port

Protocol or Service

Purpose

Impact if blocked

21

FTP

Port where the FTP server listens for connections.

Note:

Users can configure another port if desired.

FTP features are blocked.

22

SSH

Secure access to the Access server

Access is not accessible.

25

SMTP

Sending SMTP messages.

The SMTP messages that are sent from Access are blocked.

53

DNS queries

Communication with the DNS server

Domain name mapping fails.

111

rpcbind

RPC portmapper services

RPC services fail.

123

NTP

Communication with the NTP server

Server clocks are not synchronized across the cluster. NTP-reliant features (such as DAR) are not available.

139

CIFS

CIFS client to server communication

CIFS clients cannot access the Access cluster

161

SNMP

Sending SNMP alerts

SNMP alerts cannot be broadcast.

445

CIFS

CIFS client to server communication

CIFS clients cannot access the Access cluster.

514

syslog

Logging program messages

Syslog messages are not recorded.

756, 757, 755

statd

NFS statd port

NFS v3 protocol cannot function correctly.

2049

NFS

NFS client to server communication

NFS clients cannot access the Access cluster.

3172, 3173

ServerView

ServerView port

ServerView cannot work.

3260

iSCSI

SCSI target and initiator communication

Initiator cannot communicate with the target.

4001

mountd

NFS mount protocol

NFS clients cannot mount file systems in the Access cluster.

4045

lockd

Processes the lock requests

File locking services are not available.

5634

HTTPS

Management Server connectivity

Web GUI may not be accessible.

56987

Replication

File synchronization, Access replication

Access replication daemon is blocked. Replication cannot work.

8088

REST server

REST client to server communication

REST client cannot access REST API of Access.

8143

S3

Data port for Veritas Access S3 server

User will not able to use Veritas Access object server.

8144

ObjectAccess service

Administration port for Veritas Access S3 server.

User cannot create access or secret keys for using Objectaccess service.

11211

Memcached port

CLISH framework

CLISH cannot function correctly, and cluster configuration may get corrupted.

30000:40000

FTP

FTP passive port

FTP passive mode fails.

14161

HTTPS

Access Veritas Access GUI

User is unable to accessVeritas Access GUI

51001

UDP

LLT over RDMA

LLT is not working.

51002

UDP

LLT over RDMA

LLT is not working.

NetBackup ports

NetBackup uses TCP/IP connections to communicate between one or more TCP/IP ports. Depending on the type of operation and configuration on the environment, different ports are required to enable the connections. NetBackup has different requirements for operations such as backup, restore, and administration.

Table: Default NetBackup TCP and UDP ports shows some of the most-common TCP and UDP ports that NetBackup uses to transfer information. For more information, see the Veritas NetBackup Security and Encryption Guide.

Table: Default NetBackup TCP and UDP ports

Port Range

Protocol

1556

TCP, UDP

13701-13702, 13705-13706

TCP

13711, 13713, 13715-13717, 13719

TCP

13720-13722

TCP, UDP

13723

TCP

13724

TCP, UDP

13782-13783

TCP, UDP

13785

TCP

CIFS protocols and firewall ports

For the CIFS service to work properly in an Active Directory (AD) domain environment, the following protocols and firewall ports need be allowed or opened to enable the CIFS server to communicate smoothly with Active Directory Domain Controllers and Windows/CIFS clients.

Internet Control Message Protocol (ICMP) protocol must be allowed through the firewall from the CIFS server to the domain controllers. Enable "Allow incoming echo request" is required for running the CIFS service.

Table: Additional CIFS ports and protocols lists additional CIFS ports and protocols.

Table: Additional CIFS ports and protocols

Port

Protocol

Purpose

53

TCP, UDP

DNS

88

TCP, UDP

Kerberos

139

TCP

DFSN, NetBIOS Session Service, NetLog

445

TCP, UDP

SMB, CIFS, SMB2, DFSN, LSARPC, NbtSS, NetLogonR, SamR, SrvSvc

464

TCP, UDP

Kerberos change or set a password

3268

TCP

LDAP GC

4379

TCP

CTDB in CIFS

Table: LDAP with SSL ports lists the ports that are required for LDAP with SSL.

Table: LDAP with SSL ports

Port

Protocol

Purpose

636

TCP

LDAP SSL

3269

TCP

LDAP GC SSL

More Information

About obtaining IP addresses for Veritas Access