Veritas Access Appliance 8.4 Initial Configuration Guide

Last Published:
Product(s): Appliances (8.4)
Platform: Veritas 3350,Veritas 3340,Veritas 3360
  1. Getting to know the Access Appliance
    1.  
      About the Veritas Access Appliance
    2. About the Access Appliance administration interfaces
      1.  
        Using the Access Appliance shell menu
    3. About licensing the Access Appliance
      1.  
        About subscription licensing
    4.  
      Where to find the documentation
  2. Preparing to configure the appliance
    1.  
      Initial configuration requirements
    2.  
      About obtaining IP addresses for Veritas Access
    3.  
      Network and firewall requirements
    4.  
      About network connections for the appliance
  3. Configuring the appliance for the first time
    1. How to configure the Access Appliance for the first time
      1.  
        Configuring the Access cluster on the appliance
  4. Getting started with the Veritas Access GUI
    1.  
      Accessing the Veritas Access web interface
  5. Network connection management
    1. Configuring network address settings on the appliance nodes
      1.  
        Deleting network settings on appliance nodes
      2.  
        About NIC1 (eth0) port usage on the appliance nodes
      3.  
        About IPv4-IPv6-based network support on the Access Appliance
    2. Configuring VLAN settings on the appliance nodes
      1.  
        Viewing VLAN settings
      2.  
        Deleting a VLAN
    3. About the Veritas Remote Management Console
      1.  
        Configuring the IPMI port on an appliance node
      2.  
        Managing IPMI users on an appliance node
      3.  
        Resetting the IPMI on an appliance node
  6. Resetting the appliance to factory settings
    1.  
      About appliance factory reset
    2.  
      Performing factory reset for cluster nodes
  7. Appliance security
    1.  
      About Access Appliance security
    2. About Access appliance user account privileges
      1. Access appliance admin password specifications
        1.  
          Password encryption and handling on the Access appliance
    3.  
      About forced password changes
    4.  
      Changing the Maintenance user account password
    5. About the Access Appliance intrusion detection system
      1.  
        Reviewing SDCS events on the Access Appliance
      2.  
        Auditing the SDCS logs on an Access Appliance
      3.  
        About SDCS event type codes and severity codes on an Access appliance node
      4.  
        Changing the SDCS log retention settings on an Access Appliance node
    6.  
      About the Access Appliance intrusion prevention system
    7. About Access appliance operating system security
      1.  
        Vulnerability scanning of the Access Appliance
      2.  
        Disabled service accounts on the Access appliance
    8.  
      About data security on the Access appliance
    9.  
      About data integrity on the Access appliance
    10. Recommended IPMI settings on the Access appliance
      1.  
        Replacing the default IPMI SSL certificate on the Access appliance

About obtaining IP addresses for Veritas Access

The Veritas Access initial configuration process requires that you configure several IP addresses for the two appliance nodes.

You can configure a pure IPv4 or an IPv6 network, or a mixed mode network with both IPv4 and IPv6 addresses.

Note:

The IP type (IPv4 or IPv6) can be different on different networks. In a single network, the IP type must be consistent (either IPv4 or IPv6).

Table:

eth1

eth2 and eth3

eth4 and eth5 (for Access 3340 Appliance model)

eth4 and eth6 (for Access 3350 and 3360 Appliance models)

Console IP

IPv4

IPv4

IPv4

IPv4

IPv4

IPv4

IPv6

IPv4

IPv6

IPv4

IPv6

IPv6

IPv6

IPv4

IPv4

IPv6

You need to obtain a range of physical IP addresses, a range of virtual IP addresses, and a netmask for the chosen public network from the network administrator in charge of the facility where the appliance is located. The range of IP addresses need not be contiguous as long as the IP addresses are in the same data network. All IP addresses (both physical and virtual) must be part of the same subnet and use the same netmask as the node's access IP.

By design, the appliance does not support the use of the localhost (127.0.0.1) IP address during configuration.

Note:

Netmask is used for IPv4 addresses. Prefix is used for IPv6 addresses. Accepted ranges for prefixes are 0-128 (integers) for IPv6 addresses.

The information you obtain from the network administrator is used to configure the following:

  • Physical IP addresses

  • Virtual IP addresses

  • Console IP address

  • IP address for the default gateway

  • Netmask for the data network

  • Details for the private network, such as starting IP address and the netmask for the private IP address

  • (Optional) IP address for the Domain Name System (DNS) server

  • DNS domain name

  • NTP server

    Note:

    If the FQDN of the NTP server is specified, you are required to configure the DNS server.

IP address requirements

The following table describes the IP address requirements for a two-node appliance configuration:

Table: Required IP addresses for a two-node configuration

Number of IPs

Item

0 to 4

Physical IP addresses for public network access over eth4 and eth5 for the Access 3340 Appliance model or over eth4 and eth6 for the Access 3350 and 3360 Appliance models.

You can choose to have zero physical IP addresses configured during the initial configuration, and later configure them as and when required.

You can configure up to four public IP addresses. The IP addresses are assigned to the public interfaces of both the nodes using the round-robin algorithm, selecting the first public interface of both the nodes followed by the second public interface of both the nodes.

0 to 8 (Optional)

Virtual IP addresses for public network access over eth4 and eth5 for the Access 3340 Appliance model or over eth4 and eth6 for the Access 3350 and 3360 Appliance models.

You can choose to have zero virtual IP addresses configured during the initial configuration, and later configure them as and when required.

Starting with version 8.0, you can assign a virtual IP address to a public data network interface that does not have a physical IP address assigned to it. Earlier, a physical IP address was required to be assigned to a public data network interface if you wanted to assign a virtual IP address to it.

1

IP address for the management console.

2

IP addresses for or appliance node management over IPMI.

See Initial configuration requirements.

2

IP addresses for appliance node management over eth1.

See Initial configuration requirements.

The following table describes the IP address requirements for a 3360 single-node appliance configuration:

Table: Required IP addresses for a single-node configuration

Number of IPs

Item

0 to 2

Physical IP addresses for public network access over eth4 and eth6 for the Access 3360 Appliance model. You can choose to have zero physical IP addresses configured during the initial configuration, and later configure them as and when required. You can configure up to two public IP addresses.

0 to 8 (Optional)

Virtual IP addresses for public network access over eth4 and eth5 for the Access 3340 Appliance model or over eth4 and eth6 for the Access 3350 and 3360 Appliance models.

You can choose to have zero virtual IP addresses configured during the initial configuration, and later configure them as and when required.

You can assign a virtual IP address to a public data network interface that does not have a physical IP address assigned to it. Earlier, a physical IP address was required to be assigned to a public data network interface if you wanted to assign a virtual IP address to it.

1

IP address for the management console

1

IP addresses for or appliance node management over IPMI.

1

IP addresses for appliance node management over eth1.

For more details about Veritas Access network requirements, refer to the Veritas Access Installation Guide.

See Where to find the documentation.

IP address requirements for network bonding

You can configure network bonding to group multiple network interfaces into a single logical interface. The bonded network interface increases data throughput and provides redundancy.

For the Access 3340 Appliance model, when you configure network bonding for public network access, bond0 is created, which groups eth4 (pubeth0) and eth5 (pubeth1) into a single logical network interface. For the Access 3350 and 3360 Appliance models, when you configure network bonding for public network access, bond0 is created, which groups eth4 (pubeth0) and eth6 (pubeth2) into a single logical network interface.

Note:

For Access 3350 and 3360 Appliance models, though all the four public interfaces are plugged in and connected to the public network switch during the initial configuration, you can only group eth4 and eth6 to create bond0.

Use the following guidelines when you assign an IP address for the bonded network interface:

  • Allocate either IPV4 public and virtual IP addresses or IPV6 public and virtual IP addresses, but not both.

  • For a two-node appliance configuration, reserve a maximum of two public IP addresses for public network access. The IP addresses need not be contiguous.

  • For a 3360 single-node configuration, reserve one public IP address for the public network access.

  • Reserve one virtual IP address for the Remote Management Console.

More Information

Network and firewall requirements