Veritas Access Solutions Guide for Software-Defined Storage (SDS) Management Platform
- Introduction
- Deploying the SDS Management Platform with Veritas Access
- Using the SDS Management Platform interface
- Setting up SSL in the SDS Management Platform
- Performing authentication
- System backup and restore
- Troubleshooting
- Log locations
- Diagnostic reports
- Java Virtual Machine (JVM) parameters
- SDS Management Platform known issues
- If multiple bucket creation requests with different inputs for attributes such as size and layout are in progress in parallel, then a bucket can get created with incorrect attributes
- When editing a storage resource or backup server, an Advanced button is available that shows options that you should not change
- If you add a Veritas Access cluster where the host includes the protocol (such as, https://10.20.30.40), the provider gets added and collects data but running the LTR workflow fails
- When you create a bucket, the status of the task appears as DONE, even though the creation is still in progress
- Clicking on a non-mapped Veritas Access cluster directs you to an empty wiki page which shows a table and some data
- If you restart the operating system, the SDS Management Platform does not start automatically
- When you add a storage resource or backup server, the added resource is not automatically visible
- After the SDS log is rotated, the log messages from either Veritas Access or the SDS plugin go to the rotated file instead of the new file
- Some of the storage resources may appear as faulted and a warning sign appears next to the cluster IP address in the Infrastructure> Storage Resources page
- Creation of STU fails if the S3 user is changed
- Software limitations
Certificate-based client authentication
The SDS Management Platform supports HTTP SSL certificate-based client authentication. If enabled, it is activated on an additional port in the web server (default: 50444), and clients must provide a valid certificate that is accepted by the web server.
You can configure a certificate-based client using the following settings:
Table:
Settings | Description |
|---|---|
enableHttpSslCert | Enables HTTP SSL certificate-based authentication for the web server. If enabled, certificate-based authentication is activated on the configured httpSslCertPort. |
httpSslCertPort | Secures (SSL) HTTP port for certificate-based authentication to the web interface. Default: 50444 |
httpTrustStore | SSL TrustStore used by the web server. For example, for client-based certificate authentication, see enableHttpSslCert setting. Default: |
httpTrustStorePassword | SSL TrustStore password used by the web server. |
httpKeyStore | SSL KeyStore used by the web server. Default: |
httpKeyStorePassword | SSL KeyStore password used by the web server. |
By default, the SDS Management Platform ships an empty TrustStore. To establish trust, a valid CA certificate must be added to the TrustStore; alternatively, an existing trust store can be used.
Note:
Certificate-based authentication can only be activated if the configured TrustStore contains at least one valid certificate. According to the protocol, clients require a certificate that is signed by a trusted CA.
To import a public CA key to an existing TrustStore, you can use the following command:
keytool -import -v -trustcacerts -alias my_ca -file ca.crt -keystore truststore