Veritas Information Map Installation and Administration Guide

Last Published:
Product(s): Information Map (1.0)
  1. Introduction to Veritas Information Map
    1.  
      Overview of Information Map
    2.  
      Deployment workflow
    3.  
      Information Map architecture
    4.  
      Creating new user accounts
  2. Planning installation of the Information Map Agent
    1.  
      System requirements
    2.  
      Supported browsers
    3.  
      Connectivity requirements
    4.  
      Security requirements
    5.  
      Generating a KeyStore file
    6.  
      Configuring access to a NetBackup master server
  3. Installing and configuring Information Map
    1.  
      Logging in to Veritas Information Map
    2.  
      Downloading the Agent installer
    3.  
      Configuring locations in Information Map
    4. Installing the Information Map Agent
      1.  
        Configuring proxy settings
    5.  
      Registering the Information Map Agent with Information Fabric
    6. Configuring credentials for share discovery and native scanning
      1.  
        Credentials required to configure share discovery
      2.  
        Configuring a non-administrator domain user on NetApp 7-mode filer
      3.  
        Configuring a non-administrator account on an EMC Isilon file server
    7.  
      Updating the Information Map Agent
  4. Cloud Agent configuration
    1.  
      About configuring the Amazon S3 Agent
    2.  
      Configuring metadata collection in Amazon Web Services (AWS)
    3.  
      Configuring Information Map to access Amazon S3 account
  5. Global settings
    1.  
      About configuring global settings
    2.  
      Configuring stale data definition
    3.  
      Configuring non-business data definition
    4.  
      Configuring storage tiers
    5.  
      Assigning storage tiers to storage
    6.  
      Customizing item types
  6. Managing Information Map settings
    1.  
      Configuring Information Map users
    2.  
      Managing Agents
    3.  
      Managing tasks
    4.  
      Managing content sources
  7. Troubleshooting
    1.  
      Veritas Information Map logging
    2.  
      Information Map Agent jobs
    3.  
      Information Map Agent issues
    4.  
      Information Map and data accuracy
    5.  
      Known limitations of Information Map Agent

Configuring metadata collection in Amazon Web Services (AWS)

Complete the following steps to enable collection of metadata from Amazon S3:

  • Create an AWS Identity and Access Management (IAM) policy.

  • Create an AWS IAM role for the Veritas Cloud Agent to enable the Veritas Cloud Agent to access the AWS account.

  • Establish trust between the Veritas Cloud Agent and the AWS account.

  • Attach the policy to the newly-created role.

Creating an AWS IAM policy

To create an AWS IAM policy

  1. Log in to the AWS management console using your AWS account credentials.
  2. In the left-hand pane of the Identity and Access Management (IAM) console, click Policies.
  3. Click Create Policy to allow the Veritas Cloud Agent to scan the buckets associated with the Amazon S3 account.
  4. On the Create Policy page, enter AllowS3BucketScan in the Policy Name field.
  5. Use the policy document as shown below:
    {

    "Version": "2012-10-17",

    "Statement": [

        {

            "Effect": "Allow",

            "Action": [

                "s3:ListAllMyBuckets",

                "s3:GetBucketLocation",

                "s3:ListBucket"

            ],

            "Resource": [

                "arn:aws:s3:::*"

            ]

        }

   ]

}

    The policy document must include ListAllMyBuckets and GetBucketLocation permissions to enable discovery of the buckets. However, you can restrict the permissions to specific buckets within the policy, if required.

    Following is an example of a restricted policy: 

    {

    "Version": "2012-10-17",

    "Statement": [

        {

            "Effect": "Allow",

            "Action": [

                "s3:ListAllMyBuckets",

                "s3:GetBucketLocation"

            ],

            "Resource": [

                "arn:aws:s3:::*"

            ]

        },

        {

            "Effect": "Allow",

            "Action": [

                "s3:ListBucket"            

    ],

            "Resource": [

                "arn:aws:s3:::kwaws-b*",

                "arn:aws:s3:::kwaws-specificbucket"

            ]

        }

   ]

}
  6. Validate and create the policy.

Creating a role to interface with the Veritas Cloud Agent

To create a new IAM role

  1. In the left-hand pane of the IAM console, click Roles.
  2. On the Create role page, select the Role for cross-account access and select Provide access between your AWS account and a 3rd party AWS account.
  3. Establish trust between the two endpoints by entering the Account ID and External ID provided by Veritas. The Veritas account ID is 071997631119.

    Note:

    Ensure that the External ID used when configuring a role is unique and matches with the ID used in Information Map. The External ID is case-sensitive and should be complex such that it cannot be easily guessed.

    Do not select Require MFA.

  4. Attach the IAM policy created earlier to the newly created role.
  5. Set the role name as VeritasInformationMapS3Connector, and review the attached policy.
  6. Navigate to IAM > Roles. In the Summary section, make a note of the Role ARN (Amazon Resource Names) and the external ID. This information is required when configuring access to the Amazon S3 buckets from Information Map.