Veritas Flex Appliance Getting Started and Administration Guide

Last Published:
Product(s): Appliances (2.1.1, 2.1)
Platform: Flex Appliance OS
  1. Product overview
    1.  
      Introduction to Veritas Flex Appliance
    2.  
      Flex Appliance terminology
    3.  
      About the Flex Appliance documentation
  2. Release notes
    1.  
      Flex Appliance 2.1 new features, enhancements, and changes
    2.  
      Flex Appliance 2.1.1 new features, enhancements, and changes
    3.  
      Supported upgrade paths to this release
    4.  
      Operational notes
    5.  
      Flex Appliance 2.1 release content
    6.  
      Flex Appliance 2.1.1 release content
  3. Getting started
    1.  
      Initial configuration guidelines and checklist
    2.  
      Performing the initial configuration
    3.  
      Adding a node
    4.  
      Accessing and using the Flex Appliance Shell
    5.  
      Accessing and using the Flex Appliance Console
    6.  
      Managing the appliance from the Appliance Management Console
    7.  
      Setting the date and time for appliance nodes
    8.  
      Common tasks in Flex Appliance
  4. Managing network settings
    1.  
      Creating a network bond
    2.  
      Deleting a network bond
    3.  
      Configuring a network interface
    4. Managing the appliance Fibre Channel ports
      1.  
        Viewing the devices that are connected to the Fibre Channel ports
    5.  
      Changing DNS or Hosts file settings
  5. Managing users
    1.  
      Overview of the Flex Appliance default users
    2.  
      Changing the password policy
    3. Managing Flex Appliance Console users and tenants
      1.  
        Adding a tenant
      2.  
        Editing a tenant
      3.  
        Removing a tenant
      4.  
        Adding a local user to the Flex Appliance Console
      5.  
        Connecting a remote user domain to the Flex Appliance Console
      6.  
        Importing a remote user or user group to the Flex Appliance Console
      7.  
        Editing a remote user domain in the Flex Appliance Console
      8.  
        Changing a user password in the Flex Appliance Console
      9.  
        Expiring user passwords in the Flex Appliance Console
      10.  
        Removing users from the Flex Appliance Console
      11.  
        Managing user authentication with smart cards or digital certificates
    4.  
      Changing the hostadmin user password in the Flex Appliance Shell
    5.  
      Changing the sysadmin user password in the Veritas Remote Management Interface
  6. Using Flex Appliance
    1. Managing the repository
      1.  
        Adding files to the repository
      2.  
        Removing the current appliance upgrade or update package from the repository
    2.  
      Creating application instances
    3.  
      Managing application instances from Flex Appliance and NetBackup
    4. Managing application instances from Flex Appliance
      1.  
        Resizing instance storage
      2.  
        Editing instance network settings
      3.  
        Assigning Fibre Channel ports to an instance
      4.  
        Unassigning Fibre Channel ports from an instance
      5. Managing application add-ons on instances
        1.  
          Installing application add-ons
        2.  
          Uninstalling application add-ons
        3.  
          Changing the application add-on installation order
      6.  
        Viewing instance performance metrics
      7.  
        Clearing a configuration error status on an application instance
    5. Upgrading application instances
      1.  
        Warnings and considerations for instance rollbacks
    6.  
      Updating an application instance to a newer revision
    7. About Flex Appliance upgrades and updates
      1.  
        Upgrading Flex Appliance
      2.  
        Updating Flex Appliance
      3.  
        Updating the firmware
  7. Appliance security
    1.  
      Security overview
    2. About lockdown mode
      1.  
        Changing the lockdown mode
    3.  
      Using a sign-in banner
    4.  
      Using an external certificate
  8. Monitoring the appliance
    1.  
      Registering an appliance
    2. Configuring alerts
      1. About AutoSupport and Call Home
        1.  
          Configuring Call Home
      2.  
        Configuring email alerts
      3.  
        Configuring SNMP alerts
      4.  
        Setting the threshold values for disk usage alerts
    3. Viewing the hardware status
      1.  
        Viewing node information
      2.  
        Viewing Primary Storage Shelf information on a Veritas 53xx Appliance
      3.  
        Viewing Expansion Storage Shelf information on a Veritas 53xx Appliance
      4.  
        Viewing Storage Shelf information on a Veritas 5250 Appliance
    4.  
      Viewing hardware faults
    5.  
      Viewing system data
    6.  
      Forwarding logs
    7.  
      Providing access for external monitoring
    8.  
      Revoking access for external monitoring
  9. Reconfiguring the appliance
    1.  
      Performing a factory reset
    2.  
      Performing a reimage
    3.  
      Recovering storage data after a factory reset or a reimage
    4.  
      Performing a storage reset
    5.  
      Removing a node
    6.  
      Viewing or resetting the storage shelf order on a Veritas 5250 Appliance
  10. Troubleshooting guidelines
    1.  
      General troubleshooting steps
    2.  
      Generating a One-Time Password and unlocking access in lockdown mode
    3.  
      Gathering logs

Managing user authentication with smart cards or digital certificates

You can use smart cards or certificates for user validation with a remote user domain. This authentication method is not available for local users.

Note:

This feature is available on Flex Appliance version 2.1.1 and later.

Prerequisites

Note the following prerequisites for smart card authentication:

Configuring or editing smart card authentication

Follow these steps to configure user authentication with smart cards or digital certificates or to edit an existing configuration.

To configure or edit smart card authentication

  1. Sign in to the Flex Appliance Console as the default admin user and click the gear icon in the upper-right corner of the page, then click Smart card authentication.
  2. Click Congfigure or Edit.
  3. Select a certificate mapping attribute and optionally enter the OCSP URI. If you do not provide the OCSP URI, the URI in the certificate is used.
  4. Browse for or drag and drop the CA certificates that are associated with the user smart cards or the user digital certificates. Certificate file types must be in .pem format and less than 1,000 KB in size.

    To remove a certificate, click the x next to the file name.

    Note:

    If you use Mozilla Firefox, you must also remove the certificate from the browser's certificate manager. See the browser documentation for instructions.

  5. Click Save.
  6. Open a new session to the Flex Appliance Console. The sign-in page should now display an option to sign in with a certificate or smart card.
  7. Before a user can use a digital certificate that is not installed on a smart card, the certificate must be uploaded to the browser's certificate manager. See the browser documentation for instructions.
  8. Once a user inserts a smart card or uploads a certificate, they are prompted to select and authenticate the certificate when they open a new session to the Flex Appliance Console. Once they do so, they can use the certificate to sign in.

    If the user does not select and authenticate the certificate when prompted, they can still sign in with their username and password.

Disabling or enabling smart card authentication

Follow these steps to disable user authentication with smart cards or digital certificates or to enable it after it has been disabled.

To disable or enable smart card authentication

  1. Sign in to the Flex Appliance Console as the default admin user and click the gear icon in the upper-right corner of the page, then click Smart card authentication.
  2. Click Disable or Enable.

If you disable smart card authentication, users no longer see an option to sign in with a certificate or smart card.