Search <book_title>...

Veritas Appliance Guide for CyberArk Plugin Configuration

Last Published: 2025-03-20

Product(s): Appliances (6.0, 5.5.0.1, 5.3, 5.1.1, 5.1, 5.0, 4.2, 4.1, 4.0, 3.3.0.1, 3.3, 3.2, 3.1, 3.0)

Platform: NetBackup Appliance OS,Flex Appliance OS

Introduction
1. Overview
CyberArk plugin configurations for Flex Appliance
CyberArk plugin configuration for NetBackup Appliance
1. Veritas NetBackup Appliance CPM CyberArk Plugin
CyberArk plugin for Remote Management interface
1. Veritas Remote Management Interface via API CyberArk Plugin
CyberArk plugin configurations for Flex Scale and Access Appliances
1. Veritas NetBackup Flex Scale and Access Appliance API CyberArk CPM plug-in
2. Configuration for CyberArk Privileged Session Manager (PSM) for SSH

Veritas Flex Appliance Console CPM GEN2

[New plugin; version 1.0]

The Veritas Flex Appliance Console CPM GEN2 plugin is a CyberArk component. The plugin integrates the Flex Appliance web user interface with CyberArk and lets you manage the Flex Appliance Web Console administrator accounts. It includes the default administrator account along with other configured administrator user accounts with the Web console. The plugin enables the automation to secure privileged access by storing and retrieving privileged Flex admin accounts in the CyberArk password vault.

Note:

This GEN2 plugin version is compatible only with Flex Appliance software version 5.x or later. If you have upgraded a Flex Appliance to version 5.x or later that currently uses the GEN1 plugin version, you must also upgrade the plugin to this GEN2 version. For plugin upgrade details, see the section Upgrade plugin from GEN1 to GEN2 version.

The following describes the supported plugin functionality:

Change the administrator account password.
Verify the administrator account password.
Limitations:
- Reconciliation is not supported.
- The Flex service account user is not supported by CyberArk.

Requirements and prerequisites

The following describes the requirements and tasks that you must perform before you can configure the plugin:

A configured Flex Appliance on a compatible version. See the following article for the list of supported versions:
CyberArk Support for Veritas Appliances
A CyberArk PAM (Privileged Access Manager) solution.
Download the Veritas Flex Appliance API CPM Plugin from the following CyberArk Marketplace site and install it:
https://cyberark.my.site.com/mplace/s/#--Veritas

Configuration

After you have downloaded and installed the plugin, perform the following configuration steps in the application on the CyberArk site.

Note:

Use this procedure only to configure the GEN2 plugin version for new Flex Appliance 5.x or later installations.

To configure the plugin for a Flex Appliance administrator account

Log in to the CyberArk PVWA.
On the Account View page, click Add account and do the following:
- For Select system type, click Imported platforms.
- For Assign to platform, click Veritas Flex Appliance Console CPM GEN2.
- For Store in safe, select where you want to store the configuration. You can also click Create Safe to create a new one.
- For Define properties, enter the following:
  - Address: Enter the Flex Appliance fully qualified domain name.
  - Username: Enter the Flex Appliance administrator account username.
  - Password: Enter the associated password for the entered Flex Appliance administrator account username.

Upgrade plugin from GEN1 to GEN2 version

Use this procedure only for a Flex Appliance that has been upgraded from versions 3.x or 4.x to version 5.x or later.

To upgrade users from the GEN1 platform to the GEN2 platform, there is no need to recreate the users in CyberArk. CyberArk provides the ability to change platforms. Whenever a Flex Appliance is upgraded to version 5.x or later, you must also upgrade those existing appliance users to the GEN2 platform.

Note the following when upgrading to the GEN2 platform:

Linked-Account Security Admin is not required for the Veritas Flex Appliance Console CPM GEN2 platform. If Linked-Account Security Admin was set previously for the GEN1 platform, the GEN2 platform ignores it.
During the change of platforms, it is not necessary to clear the Linked-Account.
You must upgrade the platform for each user account.

To upgrade the plugin from GEN1 to the GEN2 version

Log in to the CyberArk PVWA.
On the Accounts View page, locate the Flex Appliance user account and click Edit.
Change the platform for the selected user as follows:
- On the Edit Account page, click the checkmark next to Assigned to Platform.
- Change the platform by selecting Veritas Flex Appliance Console via API GEN2.
- When the Change platform popup appears, click Change.
- Click Save.
Return to the Accounts View page to verify that VeritasFlexApplianceAPIGEN2 appears in the Platform ID column.

The plugin is designed for use with an SSL certificate. If the target appliance uses a self-signed certificate, you must reconfigure the plugin to use that certificate type as follows:

To reconfigure the plugin to use a self-signed certificate

Log in to the CyberArk PVWA.
Navigate to the Platform Management page and do the following:
- Click the platform named Veritas Flex Appliance API via REST.
- On the lower right side, click Edit.
- In the left column, expand Automatic Password Management and click Additional Policy Settings.
- In the Properties column, click Use SSL. Then, in the Value column, right-click on Yes and select IgnoreUntrustedCertificate.