Veritas Access Appliance 8.4 Initial Configuration Guide

Last Published:
Product(s): Appliances (8.4)
Platform: Veritas 3350,Veritas 3340,Veritas 3360
  1. Getting to know the Access Appliance
    1.  
      About the Veritas Access Appliance
    2. About the Access Appliance administration interfaces
      1.  
        Using the Access Appliance shell menu
    3. About licensing the Access Appliance
      1.  
        About subscription licensing
    4.  
      Where to find the documentation
  2. Preparing to configure the appliance
    1.  
      Initial configuration requirements
    2.  
      About obtaining IP addresses for Veritas Access
    3.  
      Network and firewall requirements
    4.  
      About network connections for the appliance
  3. Configuring the appliance for the first time
    1. How to configure the Access Appliance for the first time
      1.  
        Configuring the Access cluster on the appliance
  4. Getting started with the Veritas Access GUI
    1.  
      Accessing the Veritas Access web interface
  5. Network connection management
    1. Configuring network address settings on the appliance nodes
      1.  
        Deleting network settings on appliance nodes
      2.  
        About NIC1 (eth0) port usage on the appliance nodes
      3.  
        About IPv4-IPv6-based network support on the Access Appliance
    2. Configuring VLAN settings on the appliance nodes
      1.  
        Viewing VLAN settings
      2.  
        Deleting a VLAN
    3. About the Veritas Remote Management Console
      1.  
        Configuring the IPMI port on an appliance node
      2.  
        Managing IPMI users on an appliance node
      3.  
        Resetting the IPMI on an appliance node
  6. Resetting the appliance to factory settings
    1.  
      About appliance factory reset
    2.  
      Performing factory reset for cluster nodes
  7. Appliance security
    1.  
      About Access Appliance security
    2. About Access appliance user account privileges
      1. Access appliance admin password specifications
        1.  
          Password encryption and handling on the Access appliance
    3.  
      About forced password changes
    4.  
      Changing the Maintenance user account password
    5. About the Access Appliance intrusion detection system
      1.  
        Reviewing SDCS events on the Access Appliance
      2.  
        Auditing the SDCS logs on an Access Appliance
      3.  
        About SDCS event type codes and severity codes on an Access appliance node
      4.  
        Changing the SDCS log retention settings on an Access Appliance node
    6.  
      About the Access Appliance intrusion prevention system
    7. About Access appliance operating system security
      1.  
        Vulnerability scanning of the Access Appliance
      2.  
        Disabled service accounts on the Access appliance
    8.  
      About data security on the Access appliance
    9.  
      About data integrity on the Access appliance
    10. Recommended IPMI settings on the Access appliance
      1.  
        Replacing the default IPMI SSL certificate on the Access appliance

Replacing the default IPMI SSL certificate on the Access appliance

Use the following procedure to create a minimal self-signed certificate on a Linux computer and import it into the IPMI web interface:

To create and implement a minimal self-signed certificate

  1. On a Linux computer, type the following command to generate the private key:

    openssl genrsa -out ipmi.key 2048

    In this case, the private key is named ipmi.key.

  2. Type the following command to generate a certificate signing request (ipmi.csr) using ipmi.key:

    openssl req -new -key ipmi.key -out ipmi.csr

    Fill in each field with the appropriate values. To leave a field blank, enter a period (.).

    Note:

    To avoid extra warnings in your browser, set the common name to the fully qualified domain name of the IPMI interface.

  3. Type the following command to sign ipmi.csr with ipmi.key and create a certificate called ipmi.crt that is valid for 1 year:

    openssl x509 -req -in ipmi.csr -out ipmi.crt -signkey ipmi.key -days 365

  4. Type the following command to concatenate ipmi.crt and ipmi.key to create a certificate in PEM format called ipmi.pem:

    cat ipmi.crt ipmi.key > ipmi.pem

  5. Log on to the Veritas Remote Management Console.

    Note:

    If you need to access the Veritas Remote Management Console from another computer, copy the ipmi.pem file to that computer.

  6. On the Configuration tab, select SSL from the left pane.

    Next to New SSL Certificate, click Browse... and select the ipmi.pem file.

    Click Upload.

    Note:

    A warning may appear that says an SSL certificate already exists. Press OK to continue.

  7. Click Browse... again to import the privacy key. (Note that it now says New Privacy Key next to the button instead of New SSL Certificate.)

    Select the ipmi.pem file and click Upload.

    When the confirmation dialog appears, click OK to restart the web service.

  8. (Optional) Close and reopen the Veritas Remote Management Console to verify that the new certificate is being presented.