Veritas Access Software-Defined Storage (SDS) Management Platform Solutions Guide

Last Published:
Product(s): Access (7.4)
Platform: Linux
  1. Introduction
    1.  
      About Veritas Access
    2.  
      About the SDS Management Platform
  2. Deploying the SDS Management Platform with Veritas Access
    1.  
      Deploying the SDS Management Platform
  3. Using the SDS Management Platform interface
    1.  
      Using the SDS Management Platform launchpad
    2.  
      Using the Infrastructure application
    3.  
      Using the Long Term Retention Storage (LTR) application
    4.  
      Operation icons on the SDS Management Platform interface
  4. Setting up SSL in the SDS Management Platform
    1.  
      About setting up SSL in the SDS Management Platform
    2.  
      Generating and installing a new certificate
    3.  
      Creating and upgrading a trust store
  5. Performing authentication
    1.  
      Authentication modules
    2.  
      Certificate-based client authentication
  6. System backup and restore
    1.  
      About system backup and restore
    2.  
      Automatic backups
    3.  
      Manual backups
  7. Troubleshooting
    1.  
      Log locations
    2.  
      Diagnostic reports
    3.  
      Java Virtual Machine (JVM) parameters
    4. SDS Management Platform known issues
      1.  
        If multiple bucket creation requests with different inputs for attributes such as size and layout are in progress in parallel, then a bucket can get created with incorrect attributes
      2.  
        When editing a storage resource or backup server, an Advanced button is available that shows options that you should not change
      3.  
        If you add a Veritas Access cluster where the host includes the protocol (such as, https://10.20.30.40), the provider gets added and collects data but running the LTR workflow fails
      4.  
        When you create a bucket, the status of the task appears as DONE, even though the creation is still in progress
      5.  
        Clicking on a non-mapped Veritas Access cluster directs you to an empty wiki page which shows a table and some data
      6.  
        If you restart the operating system, the SDS Management Platform does not start automatically
      7.  
        When you add a storage resource or backup server, the added resource is not automatically visible
      8.  
        After the SDS log is rotated, the log messages from either Veritas Access or the SDS plugin go to the rotated file instead of the new file
      9.  
        Some of the storage resources may appear as faulted and a warning sign appears next to the cluster IP address in the Infrastructure> Storage Resources page
      10.  
        Creation of STU fails if the S3 user is changed
    5.  
      Software limitations

Authentication modules

The SDS Management Platform implements a powerful security concept that supports different directory services. The authentication mechanism is associated with a role concept. There are different authentication modules and this section gives best practices for their configuration.

An authentication module authenticates users against a specific directory service. The SDS Management Platform supports the following authentication modules:

These modules can be combined into an authentication chain. The SDS Management Platform evaluates the modules in the configured order until one module succeeds or all of them have failed. If one of the modules is not configured properly, it is ignored and the evaluation continues with the next module in the chain.

Local SDS Management Platform users

This authentication module lets you authenticate the local SDS Management Platform users. Within the authConfigOptions parameter, you can specify an optional value called the local.domain value. When this value is set, the user needs to specify this value as the domain during authentication. The passwords of local users are hashed by default. The configuration setting, hashUserPasswords can be used to change the default behavior.

LDAP Authentication

This module lets you authenticate users against an LDAP server. The location of the server is configured with the authConfigOptions parameter. You can either use the Authentication Wizard or compile the configuration string manually.

ldap.url

Specifies the LDAP server's URL, for example ldap://my.ldap.server:389. You cannot specify the LDAP endpoint using the IP address. You can specify the LDAP endpoint only by a fully qualified domain name. If you want to authenticate against an Active Directory where the users are in the global catalog, use port 3268.

ldap.domain

(OPTIONAL)

Specifies the LDAP domain. If specified, only users with the exact domain are allowed.

ldap.admingroup

(OPTIONAL)

Specifies the admin group (defaults to Administrators) within the domain. Can be used to specify other admin groups (for example, if localized names are in place).

Example configuration string:

authConfigOptions=ldap.url\=ldap\://mt.company.corp\:389, ldap.domain\
=my.company.corp, ldap.guestgroup\=LDAPGuests, 
ldap.admingroup\=LDAPAdmins:LDAPManagement, 
ldap.sesusergroup\=LDAPExternalUsers

It is possible to customize the rights of user groups using the LDAP module. To use authentication, each LDAP group that is granted access must be mapped to an SDS Management Platform group. This mapping is a prerequisite for you to be able to log on to the system.