Veritas Access Appliance 8.4 Initial Configuration Guide

Last Published:
Product(s): Appliances (8.4)
Platform: Veritas 3350,Veritas 3340,Veritas 3360
  1. Getting to know the Access Appliance
    1.  
      About the Veritas Access Appliance
    2. About the Access Appliance administration interfaces
      1.  
        Using the Access Appliance shell menu
    3. About licensing the Access Appliance
      1.  
        About subscription licensing
    4.  
      Where to find the documentation
  2. Preparing to configure the appliance
    1.  
      Initial configuration requirements
    2.  
      About obtaining IP addresses for Veritas Access
    3.  
      Network and firewall requirements
    4.  
      About network connections for the appliance
  3. Configuring the appliance for the first time
    1. How to configure the Access Appliance for the first time
      1.  
        Configuring the Access cluster on the appliance
  4. Getting started with the Veritas Access GUI
    1.  
      Accessing the Veritas Access web interface
  5. Network connection management
    1. Configuring network address settings on the appliance nodes
      1.  
        Deleting network settings on appliance nodes
      2.  
        About NIC1 (eth0) port usage on the appliance nodes
      3.  
        About IPv4-IPv6-based network support on the Access Appliance
    2. Configuring VLAN settings on the appliance nodes
      1.  
        Viewing VLAN settings
      2.  
        Deleting a VLAN
    3. About the Veritas Remote Management Console
      1.  
        Configuring the IPMI port on an appliance node
      2.  
        Managing IPMI users on an appliance node
      3.  
        Resetting the IPMI on an appliance node
  6. Resetting the appliance to factory settings
    1.  
      About appliance factory reset
    2.  
      Performing factory reset for cluster nodes
  7. Appliance security
    1.  
      About Access Appliance security
    2. About Access appliance user account privileges
      1. Access appliance admin password specifications
        1.  
          Password encryption and handling on the Access appliance
    3.  
      About forced password changes
    4.  
      Changing the Maintenance user account password
    5. About the Access Appliance intrusion detection system
      1.  
        Reviewing SDCS events on the Access Appliance
      2.  
        Auditing the SDCS logs on an Access Appliance
      3.  
        About SDCS event type codes and severity codes on an Access appliance node
      4.  
        Changing the SDCS log retention settings on an Access Appliance node
    6.  
      About the Access Appliance intrusion prevention system
    7. About Access appliance operating system security
      1.  
        Vulnerability scanning of the Access Appliance
      2.  
        Disabled service accounts on the Access appliance
    8.  
      About data security on the Access appliance
    9.  
      About data integrity on the Access appliance
    10. Recommended IPMI settings on the Access appliance
      1.  
        Replacing the default IPMI SSL certificate on the Access appliance

Recommended IPMI settings on the Access appliance

Review this section to ensure that the Veritas Remote Management Console and the IPMI port are secure.

Users

  • Do not allow accounts with null user name or password.

  • It is recommended to have one administrative user.

  • It is recommended to disable the anonymous user.

  • To mitigate the CVE-2013-4786 vulnerability:

    • Use strong passwords to limit the effectiveness of offline dictionary attacks and brute force attacks. The recommended password length is 16-20 characters.

    • Use Access Control Lists (ACLs) or isolated networks to limit access to the IPMI interface.

Login

Table: Login security settings

Settings

Recommended values

Failed login attempts

3

User Lockout time (min)

60 seconds

Force HTTPS

Yes

The Force HTTPS check-box must be enabled to ensure that the IPMI connection always takes place over HTTPS.

Web Session Timeout

1800

LDAP Settings

Veritas recommends that you should enable LDAP authentication, if possible in your environment.

SSL Upload

Veritas recommends that you import a new or custom SSL certificate.

Remote Session

Table: Remote session security settings

Settings

Recommended values

KVM Encryption

AES

Media Encryption

Enable

Cipher recommendation

  • Do not set cipher to zero on the IPMI channel

    Warning:

    If the cipher 0 enabled on a channel, it allows anyone to perform any IPMI action with no authentication, effectively subverting IPMI security entirely. Disable it at all costs.

  • Only use ciphers 3, 8, and 12.

Ethernet connection settings

Recommended to have a dedicated Ethernet connection for IPMI, that is you should avoid sharing the server's physical connection.

  • Use a static IP

  • Avoid DHCP