Veritas Flex Appliance Getting Started and Administration Guide

Last Published:
Product(s): Appliances (2.0)
Platform: Flex Appliance OS
  1. Product overview
    1.  
      Introduction to Veritas Flex Appliance
    2.  
      Flex Appliance terminology
    3.  
      About the Flex Appliance documentation
    4.  
      Flex Appliance 2.0 new features, enhancements, and changes
    5.  
      Supported upgrade paths to this release
    6.  
      Operational notes
    7.  
      Flex Appliance 2.0 release content
  2. Getting started
    1.  
      Initial configuration guidelines and checklist
    2.  
      Performing the initial configuration
    3.  
      Adding a node
    4.  
      Accessing and using the Flex Appliance Shell
    5.  
      Accessing and using the Flex Appliance Console
    6.  
      Setting the date and time for appliance nodes
    7.  
      Common tasks in Flex Appliance
  3. Managing network settings
    1.  
      Creating a network bond
    2.  
      Deleting a network bond
    3.  
      Configuring a network interface
    4. Managing the appliance Fibre Channel ports
      1.  
        Viewing the devices that are connected to the Fibre Channel ports
    5.  
      Changing DNS or Hosts file settings
  4. Managing users
    1.  
      Overview of the Flex Appliance default users
    2.  
      Changing the password policy
    3. Managing Flex Appliance Console users and tenants
      1.  
        Adding a tenant
      2.  
        Editing a tenant
      3.  
        Removing a tenant
      4.  
        Adding a local user to the Flex Appliance Console
      5.  
        Connecting an Active Directory domain to the Flex Appliance Console
      6.  
        Importing an Active Directory user or user group to the Flex Appliance Console
      7.  
        Editing an Active Directory domain in the Flex Appliance Console
      8.  
        Changing a user password in the Flex Appliance Console
      9.  
        Expiring a user password in the Flex Appliance Console
      10.  
        Removing a user from the Flex Appliance Console
    4.  
      Changing the hostadmin user password in the Flex Appliance Shell
    5.  
      Changing the sysadmin user password in the Veritas Remote Management Interface
  5. Using Flex Appliance
    1. Managing the repository
      1.  
        Adding files to the repository
      2.  
        Removing the current appliance upgrade or update package from the repository
    2.  
      Creating application instances
    3.  
      Managing application instances from Flex Appliance and NetBackup
    4. Managing application instances from Flex Appliance
      1.  
        Resizing instance storage
      2.  
        Editing instance network settings
      3.  
        Assigning Fibre Channel ports to an instance
      4.  
        Unassigning Fibre Channel ports from an instance
      5. Managing application add-ons on instances
        1.  
          Installing application add-ons
        2.  
          Uninstalling application add-ons
        3.  
          Changing the application add-on installation order
      6.  
        Viewing instance performance metrics
      7.  
        Clearing a configuration error status on an application instance
    5. Upgrading application instances
      1.  
        Warnings and considerations for instance rollbacks
    6. About Flex Appliance upgrades and updates
      1.  
        Upgrading Flex Appliance
      2.  
        Updating Flex Appliance
  6. Appliance security
    1.  
      Security overview
    2. About lockdown mode
      1.  
        Changing the lockdown mode
  7. Monitoring the appliance
    1. About AutoSupport and Call Home
      1.  
        Registering an appliance
      2.  
        Viewing Call Home information
      3.  
        Configuring Call Home settings
      4.  
        Deleting and disabling Call Home settings
    2. Monitoring the hardware from the Flex Appliance Shell
      1.  
        Viewing node information
      2.  
        Viewing Primary Storage Shelf information on a Veritas 5340 Appliance
      3.  
        Viewing Expansion Storage Shelf information on a Veritas 5340 Appliance
    3.  
      Viewing hardware faults
    4.  
      Viewing system data
  8. Reconfiguring the appliance
    1.  
      Performing a factory reset
    2.  
      Performing a reimage on a Veritas 5150 Appliance
    3.  
      Recovering storage data after a factory reset or a reimage
    4.  
      Performing a storage reset
    5.  
      Removing a node
  9. Troubleshooting guidelines
    1.  
      General troubleshooting steps
    2.  
      Generating a One-Time Password and unlocking access in lockdown mode
    3.  
      Gathering logs

Security overview

Flex Appliance includes multiple features to ensure the security of your data. Each element of the appliance is tested for vulnerabilities using both industry standards and advanced security products. These measures ensure that exposure to unauthorized access and resulting data loss or theft is minimized.

Flex Appliance also uses the Security Technical Implementation Guide (STIG) template to meet security requirements per the Defense Information Systems Agency (DISA) profile. See the Flex Appliances with NetBackup Security white paper for more information.

The security features in this release include but are not limited to the following:

  • OS security hardening, including Security-Enhanced Linux (SELinux)

  • Forced password changes during initial configuration to make sure that the default password does not remain active on the system

  • The ability to set your own password policy, including the option to use STIG for validation

    See Changing the password policy.

  • Lockdown mode and WORM storage support, which let you set additional access restrictions and block data deletion during a specified retention period

    See About lockdown mode.

  • Session timeouts that automatically sign users out of the Flex Appliance Console and the Flex Appliance Shell after 10 minutes of inactivity

  • Additional password protection in the Flex Appliance Shell that locks the hostadmin account for 15 minutes after 3 incorrect login attempts

  • Password protection that restricts access to the GRUB menu except with assistance from Veritas Technical Support. If you need to edit GRUB, contact Technical Support and ask your representative to reference article 100048098.

Also note the following information regarding the appliance security:

  • IP forwarding is enabled in Flex Appliance by design; it is used to facilitate network communication between application instances and external networks.

  • Simultaneous multithreading (smt) is enabled by default on the Veritas 5340 Appliance.

    The following vulnerabilities affect this feature:

    • CVE-2018-12130

    • CVE-2018-12126

    • CVE-2018-12127

    • CVE-2019-11091

    You can disable smt to address these vulnerabilities; however, if smt is disabled, backup performance drops by up to 60%. If you want to disable smt, contact Veritas Technical Support and ask your representative to reference article 100046154.