Veritas Access Appliance Initial Configuration and Administration Guide

Last Published:
Product(s): Appliances (7.3.2)
Platform: 3340
  1. Getting to know the Access Appliance
    1.  
      About the Veritas Access Appliance
    2. About the Access Appliance administration interfaces
      1.  
        Using the Access Appliance shell menu
    3.  
      About licensing the Access Appliance
    4. Where to find the documentation
      1.  
        Changes in the Access Appliance document revision
  2. Preparing to configure the appliance
    1.  
      Initial configuration requirements
    2.  
      About obtaining IP addresses for Veritas Access
    3.  
      Network and firewall requirements
  3. Configuring the appliance for the first time
    1. How to configure the Access Appliance for the first time
      1.  
        Configuring the Access cluster on the appliance
  4. Getting started with the Veritas Access GUI
    1.  
      Where to find the Veritas Access GUI
    2. About the Veritas Access 3340 Appliance
      1.  
        Configuring the storage
      2.  
        Configuring an S3 server
      3.  
        Activating an LTR policy
      4.  
        Generating S3 keys
      5.  
        Provisioning the storage
  5. Storage management
    1.  
      About the appliance storage
    2.  
      Viewing the storage on the appliance
    3.  
      Scanning the storage on the appliance
  6. Network connection management
    1. Configuring network address settings on the appliance nodes
      1.  
        About NIC1 (eth0) port usage on the appliance nodes
    2.  
      About VLAN tagging on the appliance
    3.  
      Configuring static routes on the appliance
    4.  
      Configuring DNS and host name mapping on the appliance
    5.  
      About the maximum transmission unit size on the appliance
    6. About the Veritas Remote Management Console
      1.  
        Configuring the IPMI port on an appliance node
      2.  
        Managing IPMI users on an appliance node
      3.  
        Resetting the IPMI on an appliance node
    7.  
      Setting the date and time on the appliance
  7. Monitoring the appliance
    1.  
      About hardware monitoring in the Access GUI
    2. About Veritas AutoSupport on the Access Appliance
      1.  
        Setting up AutoSupport on the appliance
      2.  
        Using a proxy server with the appliance
    3.  
      Setting up email notifications on the appliance
    4.  
      Setting up SNMP notifications on the appliance
    5.  
      Testing the appliance hardware
  8. Resetting the appliance to factory settings
    1.  
      About appliance factory reset
    2.  
      Performing a single node factory reset
    3.  
      Performing a full appliance cluster factory reset
  9. Appliance security
    1.  
      About Access Appliance security
    2. About Access appliance user account privileges
      1. Access appliance admin password specifications
        1.  
          Password encryption and handling on the Access appliance
    3.  
      Changing the Maintenance user account password
    4. About the Access Appliance intrusion detection system
      1.  
        Reviewing SDCS events on the Access Appliance
      2.  
        Auditing the SDCS logs on an Access Appliance
      3.  
        About SDCS event type codes and severity codes on an Access appliance node
      4.  
        Changing the SDCS log retention settings on an Access appliance node
    5. About Access appliance operating system security
      1.  
        Vulnerability scanning of the Access Appliance
      2.  
        Disabled service accounts on the Access appliance
    6.  
      About data security on the Access appliance
    7.  
      About data integrity on the Access appliance
    8. Recommended IPMI settings on the Access appliance
      1.  
        Replacing the default IPMI SSL certificate on the Access appliance
  10. Troubleshooting
    1.  
      About appliance log files
    2.  
      Viewing log files using the Support command
    3.  
      Gathering device logs with the DataCollect command

Replacing the default IPMI SSL certificate on the Access appliance

Use the following procedure to create a minimal self-signed certificate on a Linux computer and import it into the IPMI web interface:

To create and implement a minimal self-signed certificate

  1. On a Linux computer, type the following command to generate the private key:

    openssl genrsa -out ipmi.key 2048

    In this case, the private key is named ipmi.key.

  2. Type the following command to generate a certificate signing request (ipmi.csr) using ipmi.key:

    openssl req -new -key ipmi.key -out ipmi.csr

    Fill in each field with the appropriate values. To leave a field blank, enter a period (.).

    Note:

    To avoid extra warnings in your browser, set the common name to the fully qualified domain name of the IPMI interface.

  3. Type the following command to sign ipmi.csr with ipmi.key and create a certificate called ipmi.crt that is valid for 1 year:

    openssl x509 -req -in ipmi.csr -out ipmi.crt -signkey ipmi.key -days 365

  4. Type the following command to concatenate ipmi.crt and ipmi.key to create a certificate in PEM format called ipmi.pem:

    cat ipmi.crt ipmi.key > ipmi.pem

  5. Log on to the Veritas Remote Management Console.

    Note:

    If you need to access the Veritas Remote Management Console from another computer, copy the ipmi.pem file to that computer.

  6. On the Configuration tab, select SSL from the left pane.

    Next to New SSL Certificate, click Browse... and select the ipmi.pem file.

    Click Upload.

    Note:

    A warning may appear that says an SSL certificate already exists. Press OK to continue.

  7. Click Browse... again to import the privacy key. (Note that it now says New Privacy Key next to the button instead of New SSL Certificate.)

    Select the ipmi.pem file and click Upload.

    When the confirmation dialog appears, click OK to restart the web service.

  8. (Optional) Close and reopen the Veritas Remote Management Console to verify that the new certificate is being presented.