Professional Documents
Culture Documents
03 DSM Setup V1.3
03 DSM Setup V1.3
03 DSM Setup V1.3
Manager
Lab Exercises:
Vormetric Software
Contents
Introduction ................................................................................................................................ 3
Part 1
1.1
1.2
1.3
1.4
1.5
1.6
Part 2
2.1
2.2
2.3
2.4
2.5
2.6
Part 3
Configure HA pairing...................................................................................................16
3.1
3.2
3.3
Additional Tasks........................................................................................................................21
Appendix A.
Appendix B.
FAQs ...............................................................................................................23
Page 2
Vormetric Software
Introduction
The purpose of this lab is to introduce the setup of the Vormetric Data Security Manager (DSM)
appliance. After completing the lab you will be able to perform the significant administrative
tasks of DSM setup including:
Lab Architecture
At the completion of the Lab you will have generated the DSM setup as illustrated in Figure 1.
Figure 1 Lab Architecture
Web Based
Management Console
hostname = admin-gui
TCP/8445
TCP/50000
Primary DSM
hostname = dsm-server-1
eth0 = 192.168.10.10
eth1 = (tbd) [public]
Failover DSM
hostname = dsm-server-2
eth0 = 192.168.10.11 (private)
eth1 = (tbd) [public]
Page 3
Vormetric Software
Table 1 User IDs and password
1
2
3
Server
DSM servers
Web Console
admin-gui
User ID
cliadmin
admin
Administrator
Default Password
cliadmin123
admin123
Admin123!
Recommened Update
Admin123!
Page 4
Vormetric Software
Part 1
A DSM is preconfigured with all the necessary software components installed. The only
customization required is to update the DSM configuration with relevant networking and
geography information for your location. The configuration of the DSM includes:
Date and time
Networking
CA generation
1.1
Time is an interesting component of DSM setup. Not only is time configuration important for
knowing when an event happened but certificate exchange is time sensitive. If the time
difference between the DSM and a certificate signing requester is too far askew, based on GMT
not absolute time, the signing request will fail. Ensuring the DSM date/time and the date/time of
any agent systems is close to accurate will solve this issue.
__1.
__2.
Page 5
Vormetric Software
__1.
__2.
__3.
View the current settings for date, time, and time zone
date
time
gmttimezone show
Page 6
Vormetric Software
__4.
__5.
__6.
Set date
date 08/17/2012
__7.
Set time
time 09:43:00
1.2
1.2.1
__1.
__2.
Page 7
Vormetric Software
__3.
Note: The default IP address of the DSM eth0 is 192.168.10.1. The easiest way to
configure a physical appliance is to attach a network cable to this NIC and laptop and
change the laptop network settings to match the default network of eth0. The best
order would be to setup eth1 and ensure connectivity to this NIC before changing eth0.
This way if you accidentally set eth0 incorrectly you will lose connectivity and be limited
to the serial interface.
__4.
Add the IP for network of eth1 [use the network from VMnet8] (
ip address add 192.168.6.10/24 dev eth1
Note: Change the IP address and subnet. The network should be the network
discovered in Lab 1 for VMnet8. The subnet is using shorthand notation (24 =
255.255.255.0). Refer to appendix for link to shorthand annotation of netmask.
yes
__5.
1.2.2
The only network that can reach the external network given the setup steps of this lab is
VMnet8, the NAT network. The examples used in these steps reflect network 192.168.6.0. Be
sure and use the proper network as discovered in Lab 1 for your VMnet8 environment.
__1.
1.2.3
__1.
Page 8
Vormetric Software
__2.
__3.
__4.
After configuring the network, you can use a SSH terminal window to connect to CLI
DSM interface.
1.3
Setting the DSM hostname is very important. The DSM hostname is a significant factor when
generating and registering certificates. Networking changes can be dynamic and do not affect
certificates.
__1.
__2.
__3.
Page 9
Vormetric Software
1.4
It is a good practice to use a time server to synchronize system clocks across your data center
and this includes the DSM. This section will only work with an external network connection.
__1.
__2.
__3.
__4.
__5.
1.5
No DNS server is available for performing the lab exercises; in this section you will configure
static name resolution. You will add host entries for the following hosts:
dsm-server-2
data-node-1
__1.
__2.
__3.
__4.
Page 10
Vormetric Software
1.6
After successful generation of the certificate authority CA the DSM will be ready to start
managing data security.
__1.
__2.
__3.
Generate the CA
security genca
yes
Note: It is not necessary to edit any of the entries as prompted by the CA generation.
None of the entries will be validated against an external registration authority and can
be simply bypassed by pressing the Enter/Return key. The CA generation can take as
long as 10 minutes depending on resources.
Page 11
Vormetric Software
Part 2
2.1
__1.
__2.
__3.
__4.
Set date
date 08/17/2012 [use current date]
__5.
Set time
time 09:43:00
2.2
2.2.1
__1.
__2.
__3.
__4.
Add the IP for network of eth1 [use the network from VMnet8]
ip address add 192.168.6.11/24 dev eth1
Page 12
Vormetric Software
yes
__5.
2.2.2
__1.
2.2.3
__2.
__3.
__4.
__5.
After configuring the network, you can use a SSH terminal window to connect to CLI
DSM interface.
Page 13
Vormetric Software
2.3
__1.
__2.
__3.
2.4
It is a good practice to use a time server to synchronize system clocks across your data center
and this includes the DSM. This section will only work with an external network connection.
__1.
__2.
__3.
__4.
__5.
2.5
Page 14
Vormetric Software
data-node-1
__1.
__2.
__3.
__4.
2.6
__1.
__2.
__3.
Page 15
Vormetric Software
Part 3
Configure HA pairing
To pair and synchronize the primary and failover DSM you must enable communication. In this
section you will do the following:
Configure the primary DSM for communication
Convert failover DSM
Enable synchronization
3.1
__1.
Login to the Management Console, from a Web browser enter the following address
https://192.168.10.10:8445
Note: For the most consistent interface results use Internet Explorer.
__2.
__3.
__4.
Page 16
Vormetric Software
__5.
__6.
__7.
Click Add to add the failover server to the High Availability Servers list
__8.
Type the name of the failover server in the Server Name field and click Ok
Page 17
Vormetric Software
3.2
__1.
__2.
__3.
Page 18
Vormetric Software
3.3
__1.
Page 19
Vormetric Software
__2.
__3.
Note: This can take as long as 20 minutes to complete. When complete the
synchronization time fields will be populated as well as Synchronization Status.
Page 20
Vormetric Software
Additional Tasks
Answer the following questions concerning DSM setup and use.
__1.
To install the DSM license you would require which of the following
__2.
Cliadmin access
System administrator access
Domain administrator access
Security administrator access
Which of the following are replicated with a DSM HA configuration, mark all that apply
Host IP information
License information
User account information, keys, and polices
Keys and policies only
Keys, policies, and audit records
__3.
You must use the Serial Port interface to setup the initial DSM configuration.
(True,False)
__4.
DHCP is supported for eth1 but must use static addresses for eth0. (True,False)
__5.
The DSM can store two versions of the DSM software. (True,False)
__6.
__7.
The CLI Admin can reset which of the following accounts passwords
Page 21
Vormetric Software
Appendix A.
Reference Material
IP Address shorthand:
http://www.sustworks.com/site/prod_ipr_subnets.html
Public NTP servers:
http://www.pool.ntp.org/en/
Page 22
Vormetric Software
Appendix B.
FAQs
Page 23