Veritas Access Appliance Initial Configuration and Administration Guide

Last Published:
Product(s): Appliances (7.3.2)
Platform: 3340
  1. Getting to know the Access Appliance
    1.  
      About the Veritas Access Appliance
    2. About the Access Appliance administration interfaces
      1.  
        Using the Access Appliance shell menu
    3.  
      About licensing the Access Appliance
    4. Where to find the documentation
      1.  
        Changes in the Access Appliance document revision
  2. Preparing to configure the appliance
    1.  
      Initial configuration requirements
    2.  
      About obtaining IP addresses for Veritas Access
    3.  
      Network and firewall requirements
  3. Configuring the appliance for the first time
    1. How to configure the Access Appliance for the first time
      1.  
        Configuring the Access cluster on the appliance
  4. Getting started with the Veritas Access GUI
    1.  
      Where to find the Veritas Access GUI
    2. About the Veritas Access 3340 Appliance
      1.  
        Configuring the storage
      2.  
        Configuring an S3 server
      3.  
        Activating an LTR policy
      4.  
        Generating S3 keys
      5.  
        Provisioning the storage
  5. Storage management
    1.  
      About the appliance storage
    2.  
      Viewing the storage on the appliance
    3.  
      Scanning the storage on the appliance
  6. Network connection management
    1. Configuring network address settings on the appliance nodes
      1.  
        About NIC1 (eth0) port usage on the appliance nodes
    2.  
      About VLAN tagging on the appliance
    3.  
      Configuring static routes on the appliance
    4.  
      Configuring DNS and host name mapping on the appliance
    5.  
      About the maximum transmission unit size on the appliance
    6. About the Veritas Remote Management Console
      1.  
        Configuring the IPMI port on an appliance node
      2.  
        Managing IPMI users on an appliance node
      3.  
        Resetting the IPMI on an appliance node
    7.  
      Setting the date and time on the appliance
  7. Monitoring the appliance
    1.  
      About hardware monitoring in the Access GUI
    2. About Veritas AutoSupport on the Access Appliance
      1.  
        Setting up AutoSupport on the appliance
      2.  
        Using a proxy server with the appliance
    3.  
      Setting up email notifications on the appliance
    4.  
      Setting up SNMP notifications on the appliance
    5.  
      Testing the appliance hardware
  8. Resetting the appliance to factory settings
    1.  
      About appliance factory reset
    2.  
      Performing a single node factory reset
    3.  
      Performing a full appliance cluster factory reset
  9. Appliance security
    1.  
      About Access Appliance security
    2. About Access appliance user account privileges
      1. Access appliance admin password specifications
        1.  
          Password encryption and handling on the Access appliance
    3.  
      Changing the Maintenance user account password
    4. About the Access Appliance intrusion detection system
      1.  
        Reviewing SDCS events on the Access Appliance
      2.  
        Auditing the SDCS logs on an Access Appliance
      3.  
        About SDCS event type codes and severity codes on an Access appliance node
      4.  
        Changing the SDCS log retention settings on an Access appliance node
    5. About Access appliance operating system security
      1.  
        Vulnerability scanning of the Access Appliance
      2.  
        Disabled service accounts on the Access appliance
    6.  
      About data security on the Access appliance
    7.  
      About data integrity on the Access appliance
    8. Recommended IPMI settings on the Access appliance
      1.  
        Replacing the default IPMI SSL certificate on the Access appliance
  10. Troubleshooting
    1.  
      About appliance log files
    2.  
      Viewing log files using the Support command
    3.  
      Gathering device logs with the DataCollect command

Recommended IPMI settings on the Access appliance

Review this section to ensure that the Veritas Remote Management Console and the IPMI port are secure.

Users

  • Do not allow accounts with null user name or password.

  • It is recommended to have one administrative user.

  • It is recommended to disable the anonymous user.

  • To mitigate the CVE-2013-4786 vulnerability:

    • Use strong passwords to limit the effectiveness of offline dictionary attacks and brute force attacks. The recommended password length is 16-20 characters.

    • Change the password of the default user (sysadmin) as soon as possible.

    • Use Access Control Lists (ACLs) or isolated networks to limit access to the IPMI interface.

Login

Table: Login security settings

Settings

Recommended values

Failed login attempts

3

User Lockout time (min)

60 seconds

Force HTTPS

Yes

The Force HTTPS check-box must be enabled to ensure that the IPMI connection always takes place over HTTPS.

Web Session Timeout

1800

LDAP Settings

Veritas recommends that you should enable LDAP authentication, if possible in your environment.

SSL Upload

Veritas recommends that you import a new or custom SSL certificate.

Remote Session

Table: Remote session security settings

Settings

Recommended values

KVM Encryption

AES

Media Encryption

Enable

Cipher recommendation

  • Do not set cipher to zero on the IPMI channel

    Warning:

    If the cipher 0 enabled on a channel, it allows anyone to perform any IPMI action with no authentication, effectively subverting IPMI security entirely. Disable it at all costs.

  • Only use ciphers 3, 8, and 12.

Ethernet connection settings

Recommended to have a dedicated Ethernet connection for IPMI, that is you should avoid sharing the server's physical connection.

  • Use a static IP

  • Avoid DHCP