Veritas Flex Appliance Getting Started and Administration Guide

Last Published:
Product(s): Appliances (4.2, 4.1, 4.0)
Platform: Flex Appliance OS
  1. Product overview
    1.  
      Introduction to Veritas Flex Appliance
    2.  
      Flex Appliance terminology
    3.  
      About the Flex Appliance documentation
  2. Release notes
    1.  
      Flex Appliance 4.0 new features, enhancements, and changes
    2.  
      Flex Appliance 4.1 new features, enhancements, and changes
    3.  
      Flex Appliance 4.2 new features, enhancements, and changes
    4.  
      Supported update paths to this release
    5.  
      Operational notes
    6.  
      Flex Appliance 4.0 release content
    7.  
      Flex Appliance 4.1 release content
    8.  
      Flex Appliance 4.2 release content
  3. Getting started
    1.  
      Initial configuration guidelines and checklist
    2.  
      Performing the initial configuration
    3.  
      Adding a node
    4.  
      Accessing and using the Flex Appliance Shell
    5.  
      Accessing and using the Flex Appliance Console
    6.  
      Setting the date and time for appliance nodes
    7.  
      Common tasks in Flex Appliance
  4. Managing network settings for instances
    1.  
      Creating a network bond
    2.  
      Editing a network bond
    3.  
      Deleting a network bond
    4.  
      Configuring or editing a network interface
    5. Managing the appliance Fibre Channel ports
      1.  
        Viewing the devices that are connected to the Fibre Channel ports
  5. Managing users
    1.  
      Overview of the Flex Appliance default users
    2. Managing Flex Appliance Console users and tenants
      1.  
        Adding a tenant
      2.  
        Editing a tenant
      3.  
        Removing a tenant
      4.  
        Adding a local user to the Flex Appliance Console
      5.  
        Connecting a remote user domain to the Flex Appliance Console
      6.  
        Editing a remote user domain in the Flex Appliance Console
      7.  
        Importing a remote user or user group to the Flex Appliance Console
      8.  
        Managing single sign-on (SSO)
      9.  
        Managing identity providers (IDPs)
      10.  
        Importing a single sign-on user or user group to the Flex Appliance Console
      11.  
        Managing user authentication with smart cards or digital certificates
      12.  
        Changing a local user password in the Flex Appliance Console
      13.  
        Expiring local user passwords in the Flex Appliance Console
      14.  
        Unlocking a user account in the Flex Appliance Console
      15.  
        Removing users from the Flex Appliance Console
    3.  
      Changing the password policy
    4.  
      Changing the hostadmin user password in the Flex Appliance Shell
    5.  
      Changing the sysadmin user password in the Veritas Remote Management Interface
    6. Managing multifactor authentication
      1.  
        Configuring or reconfiguring multifactor authentication
      2.  
        Enforcing multifactor authentication
      3.  
        Resetting multifactor authentication
      4.  
        Disabling multifactor authentication
  6. Using Flex Appliance
    1. Managing the repository
      1.  
        Adding files to the repository
      2.  
        Removing files from the repository
    2.  
      Creating application instances
    3.  
      Managing application instances from Flex Appliance and NetBackup
    4. Managing application instances from Flex Appliance
      1.  
        Resizing instance storage
      2.  
        Editing instance network settings
      3.  
        Assigning Fibre Channel ports to an instance
      4.  
        Unassigning Fibre Channel ports from an instance
      5. Managing application add-ons on instances
        1.  
          Installing application add-ons
        2.  
          Uninstalling application add-ons
        3.  
          Changing the application add-on installation order
        4.  
          Updating an application add-on to a newer revision
      6.  
        Viewing instance performance metrics
      7.  
        Clearing a configuration error status on an application instance
      8.  
        Deleting an application instance
    5. Upgrading application instances
      1.  
        Warnings and considerations for instance rollbacks
    6.  
      Updating an application instance to a newer revision
    7. About Flex Appliance updates
      1.  
        Updating Flex Appliance
      2.  
        Updating the firmware
  7. Remote replication
    1.  
      About remote replication
    2.  
      Pairing appliances for remote replication
    3.  
      Creating a replica
    4. Managing remote replication
      1.  
        Remote replication best practices
      2.  
        Monitoring remote replication
      3.  
        Editing the replication network
      4.  
        Repairing a lost connection between paired appliances
      5.  
        Pausing and resuming replication
      6.  
        Resolving discrepancies between an active and a replica instance
      7.  
        Changing the replication role of an instance
      8.  
        Unlinking active and replica instances
      9.  
        Forgetting a paired appliance
  8. Appliance security
    1.  
      Security overview
    2. About lockdown mode
      1.  
        Changing the lockdown mode
    3.  
      Using a sign-in banner
    4.  
      Using an external certificate
    5. Using network access control
      1.  
        Changing the SSH port
  9. Monitoring the appliance
    1.  
      Registering an appliance
    2. Configuring alerts
      1. About AutoSupport and Call Home
        1.  
          Configuring Call Home
      2.  
        Configuring email alerts
      3.  
        Configuring SNMP alerts
      4.  
        Setting the threshold values for disk usage alerts
    3.  
      Monitoring the appliance from the System Health Insights portal
    4. Viewing the hardware status
      1.  
        Viewing node information
      2.  
        Viewing storage shelf information on a Veritas 53xx Appliance
      3.  
        Viewing storage shelf information on a Veritas 52xx Appliance
    5.  
      Viewing hardware faults
    6.  
      Viewing system data
    7.  
      Clearing the hardware status
    8.  
      Forwarding logs
    9.  
      Providing access for external monitoring
    10.  
      Revoking access for external monitoring
  10. Reconfiguring the appliance
    1.  
      Reconfiguring the appliance network
    2.  
      Changing DNS or Hosts file settings
    3.  
      Shutting down the appliance
    4.  
      Performing a factory reset
    5.  
      Performing a reimage
    6.  
      Recovering storage data after a factory reset or a reimage
    7.  
      Performing a storage reset
    8.  
      Removing a node
    9.  
      Viewing or resetting the storage shelf order on a Veritas 52xx Appliance
  11. Troubleshooting guidelines
    1.  
      General troubleshooting steps
    2.  
      Unlocking access in lockdown mode
    3.  
      Gathering logs

Security overview

Flex Appliance includes multiple features to ensure the security of your data. Each element of the appliance is tested for vulnerabilities using both industry standards and advanced security products. These measures ensure that exposure to unauthorized access and resulting data loss or theft is minimized.

Flex Appliance also uses the Security Technical Implementation Guide (STIG) template to meet security requirements per the Defense Information Systems Agency (DISA) profile. See the NetBackup Flex Appliance Security white paper for more information.

The security features in this release include but are not limited to the following:

  • OS security hardening, including Security-Enhanced Linux (SELinux).

  • Forced password changes during initial configuration to make sure that the default password does not remain active on the system.

  • The ability to set your own password policy, including the option to use STIG for validation.

    See Changing the password policy.

  • Lockdown mode and WORM storage support, which let you set additional access restrictions and block data deletion during a specified retention period.

    See About lockdown mode.

  • The ability to add a sign-in banner that appears before a user signs in to the Flex Appliance Console and the Flex Appliance Shell.

    See Using a sign-in banner.

  • Support for external certificates.

    See Using an external certificate.

  • Support for multifactor authentication, including the ability to enforce it for all Flex Appliance Console users.

    See Managing multifactor authentication.

  • Session timeouts that automatically sign users out of the Flex Appliance Console and the Flex Appliance Shell after 10 minutes of inactivity.

  • Conformance to the Federal Information Processing Standards (FIPS) 140-2.

  • Password protection in the Flex Appliance Console that locks local user accounts after three sign-in attempts with incorrect passwords. If a security administrator account becomes locked, it is unlocked automatically after 30 minutes. If a different local user account becomes locked, that user and a security administrator must work together to unlock it.

  • (Version 4.1 and later) Sign-in protection in the Flex Appliance Console that locks user accounts with multifactor authentication for 15 minutes after three sign-in attempts with incorrect codes.

  • Password protection in the Flex Appliance Shell that locks the hostadmin account for 15 minutes after three login attempts with incorrect passwords.

  • Password protection that restricts access to the GRUB menu except with assistance from Veritas Technical Support. If you need to edit GRUB, contact Technical Support and ask your representative to reference article 100048098.

Also note the following information regarding the appliance security:

  • IP forwarding is enabled in Flex Appliance by design; it is used to facilitate network communication between application instances and external networks.

  • Simultaneous multithreading (smt) is enabled by default on the Veritas 53xx Appliance.

    The following vulnerabilities affect this feature:

    • CVE-2018-12130

    • CVE-2018-12126

    • CVE-2018-12127

    • CVE-2019-11091

    You can disable smt to address these vulnerabilities; however, significant performance degradation may occur. If you want to disable smt, contact Veritas Technical Support and ask your representative to reference article 100046154.