Veritas Access Appliance Initial Configuration Guide

To configure the Veritas Access cluster on the appliance:

1. Log in to the Access Appliance shell menu of one of the appliance nodes using the default credentials:

   User: admin

   Password: P@ssw0rd

2. Enter the configure cluster command to start the cluster configuration wizard.
3. Type yes to continue.
4. Enter a name for the cluster.

   Cluster names should be DNS-compatible. DNS-compliant cluster names should conform to the following naming conventions:

   • Must be at least three and no more than 55 characters long.

   • Allowed characters in a cluster name are lowercase letters, numbers, and hyphens 'a-z, 0-9, -'. Any other character is invalid.

   • Must start with a lowercase letter and must not start with a hyphen ('-') or number.

   • Must end with a lowercase letter or a number.

   • Should not be an IP address.

   Note:

   If you plan to use Active Directory authentication, Windows Active Directory restricts a NetBIOS name or a computer object name to a maximum of 15 characters. Access Appliance uses the first 15 characters of the cluster name to create a NetBIOS name to comply with the Windows AD restriction. Ensure that the chosen cluster name is unique in the first 15 characters so the objects created in the domain are distinct with unique names.

5. If VLAN is configured for the appliance, specify the VLAN ID for both the nodes.
6. Enter the eth1 IP addresses for each node, separated by a space.
7. Enter the maintenance user password for appliance nodes.

   After specifying the password, the storage on each of the nodes is scanned. The data, fencing, and configuration volumes are created when you scan the storage. The configuration cannot proceed if the storage scan operation fails.

8. Specify whether you want to configure network bonding for the public network interfaces. For the Access 3340 Appliance model, you can configure network bonding for eth4 and eth5. For the Access 3350 Appliance model, you can configure network bonding for eth4 and eth6. To configure network bonding, type yes and continue to step 9; else type no and go to step 10.
9. If you typed yes in step 8, complete the following steps and go to step 13.

   • Specify the mode for the network bonding.

   • If you select mode 3 (balance-xor) or 5 (802.3ad), specify the transmit hash policy to use.

   • Enter the starting IP address from the range of public IP addresses that you have reserved. At a minimum, you need to reserve two continuous public IP addresses.

   • Enter the starting virtual IP address from the range of virtual IP addresses that you have reserved. At a minimum, you need to reserve two continuous virtual IP addresses.

   See About obtaining IP addresses for Veritas Access.

10. Enter the number of public IP addresses that you want to configure for the public data network. You can specify any value from 0 to 4 considering each node of a 2-node Access cluster has two public network interfaces.

    If you choose to configure one or more IP addresses, you are prompted to enter the specified number of IP addresses. You have the option to enter a maximum of 32 IP addresses. However, only the number of IP addresses that you specified are configured and the rest are maintained as free IP addresses in the cluster.

    You can enter individual public IP addresses for the data network or an IP address range. You can specify IPv4 or IPv6 addresses. The addresses need not be contiguous. An IPv4 range is supported.

    For example, to specify an IP range, type 10.182.12.89-92.

    The IP addresses are assigned to the public interfaces of both the nodes using the round-robin algorithm, selecting the first public interface of both the nodes followed by the second public interface of both the nodes. For example if you specify 3, the first public interface of both the nodes is assigned an IP address followed by the second public interface of the first node. If you specify 3 and choose to enter 4 IP addresses, the 3 IP addresses are assigned using the round-robin algorithm and 1 IP address is maintained as a free IP address in the cluster. If you enter 0, no public IP address is configured and you are not prompted to specify the IP addresses.

    See About obtaining IP addresses for Veritas Access.

11. Enter the number of virtual IP addresses to assign to each network interface in the data network.

    Note:

    Starting with version 8.0, you can assign a virtual IP address to a public data network interface that does not have a physical IP address assigned to it. Earlier, a physical IP address was required to be assigned to a public data network interface if you wanted to assign a virtual IP address to it.

12. Enter the starting virtual IP address or individual virtual IP addresses separated by a space or a comma. You can specify IPv4 or IPv6 addresses. The addresses need not be contiguous. An IPv4 range is supported.
13. Enter the netmask for the data network IP addresses.
14. Enter the gateway IP address of the data network.
15. Enter the console virtual IP address.
16. Enter the host name for the nodes.

    The host name must be at least 3 and no more than 63 characters long.

17. Enter the IP address or the FQDN of the NTP server.

    If you specify the FQDN of the NTP server, you must configure the DNS server. Enter the DNS server IP address and go to step 19. If you specify the IP address of the NTP server continue to step 18.

18. Specify whether you want to configure a DNS server.

    If you opted to configure a DNS server, enter the DNS server IP address.

    Note:

    This is an optional step, and only required if the DNS server was not configured earlier, or you had configured the appliance node host name, or you want to change the previous DNS configuration. Ensure that the configured DNS server can resolve the eth1 IP address to a valid node host name as this is required for AutoSupport CallHome to work correctly.

19. Enter the DNS server domain name.
20. Enter the IP address for the private network.

    The private network can be any IPv4 address that does not conflict with the provided management or data network ranges.

    Note:

    The base network IP address is calculated by using the netmask that is specified for the private network, and the IP addresses are assigned starting from this base IP address. The first IP address is reserved for the NLM (Network Lock Manager) service and successive IP addresses are assigned to the network interfaces.

21. Enter the netmask for the private IP address.

    The netmask is used to customize the private IP range. The netmask must be 255.252.0.0 or greater.

22. To configure the cluster in lockdown mode, enter yes.

    If you opted to configure the cluster in lockdown mode, specify the following options:

    • Lockdown mode: The lockdown mode creates Write Once Read Many (WORM) storage that prevents your data from being encrypted, modified, or deleted. You can specify enterprise or compliance mode, with compliance mode providing the highest level of data security.

    • Minimum retention period: The minimum duration in seconds, hours, days, weeks, months, years, for which to retain the data. The minimum retention period is 1 hour.

    • Maximum retention period: The maximum duration in seconds, hours, days, weeks, months, years, for which to retain the data. The maximum retention period is 60 years.

    You can also change the lockdown mode after the cluster is configured. For details, see the Veritas Access Appliance Administrator's Guide.

23. Review the configuration summary and type yes to continue and begin the configuration.

    If you have configured network bonding, bond0 is created for the public network and the message Public network connection provided by bond0 with subordinate network interfaces is displayed.

    The configuration process can take around 40 minutes to complete. During the configuration, disk-based fencing is configured. You cannot change the fencing configuration.

    The URL to access the Access web interface is displayed during the configuration.

    The appliance is restarted to bring up the Access services as part of the configuration process. After the configuration is complete, a summary of the cluster configuration is displayed.

24. Change the known default password of the admin, maintenance, and IPMI (if the sysadmin account uses the default password) user accounts.

    Veritas enforces changing the known default passwords during the initial configuration to ensure that the default passwords do not remain active on the node.

    Ensure that the following password requirements are met:

    • The password cannot reverse the entire user name.

    • The password must contain at least eight characters.

    • The password must contain at least one numeric character (0-9).

    • The password must contain at least one lowercase character (a-z).

    • The password must contain at least one uppercase character (A-Z).

    • The password must contain at least one special character (~!@#$%^&).

    Note:

    The maintenance user password must be the same on each node. If the password expires, log in to the Access web interface with the maintenance account to change the password.