立即与支持人员聊天
与支持团队交流

QoreStor 7.1.1 - User Guide

Introducing QoreStor Accessing QoreStor Configuring QoreStor settings
Licensing QoreStor Configuring SAML Configuring an SSL Certificate for your QoreStor System Configuring Active Directory settings Understanding system operation scheduling Configuring Secure Connect Enabling MultiConnect Configuring and using Rapid NFS and Rapid CIFS Configuring and using VTL Configuring and Using Encryption at Rest Configuring email notification settings Configuring and using the Recycle Bin Configuring Cloud Reader Configuring RDA immutability
Managing containers Managing local storage Managing cloud storage Managing replications Managing Users Monitoring the QoreStor system Managing QoreStor Remotely Support, maintenance, and troubleshooting Security recommendations guide About us

Configuring Secure Connect

The sections below contain information necessary for the proper configuration of Secure Connect. The procedures for configuring Secure Connect differ depending on your plug-in version.

Enabling Secure Connect for OST and RDA plug-ins prior to 4.1.0.265

IMPORTANT: The procedure below is for plug-in versions prior to 4.1.0.265. To enable or disable Secure Connect on plug-in version 4.1.0.265, refer to Managing Secure Connect with OST or RDA plug-in 4.1.0.265 or later.

Secure Connect is enabled through the use of environmental variables on the client machine. No configuration is required on the QoreStor server.

To enable Secure Connect on a Windows client

  1. On the client server, press Win+R to open the Run window.
  2. Type sysdm.cpl and click OK.
  3. Click the Advanced tab, then Environment Variables.
  4. In the System Variables section, click New.
  5. In the Variable name field, enter SECURE_CONNECT.
  6. In the Variable value field, enter one of the following:
    • 0 - disables Secure Connect
    • 1 - Secure Connect is enabled, but QoreStor will failback to an unsecured connection if the Secure Connect server is unavailable.
    • 2 - Secure Connect is enabled. Connection will fail if Secure Connect server is unavailable.
  7. Click OK, then OK.

IMPORTANT: After enabling Secure Connect, you will need to change the BypassPorts configuration in the sc_client.properties file. Refer to Configuring Secure Connect properties for information.

IMPORTANT: After enabling Secure Connect, you must restart the DMA application services.

To enable Secure Connect on a Linux client

  1. At the command prompt on the client machine, enter the following command
    echo 'export SECURE_CONNECT=<0|1|2>' >> ~/.bashrc

    Where:

    • 0 - disables Secure Connect
    • 1 - Secure Connect is enabled, but QoreStor will failback to an unsecured connection if the Secure Connect server is unavailable.
    • 2 - Secure Connect is enabled. Connection will fail if Secure Connect server is unavailable.
  2. Log out of the QoreStor system, then log in.

IMPORTANT: After enabling Secure Connect, you will need change the BypassPorts configuration in the sc_client.properties file. Refer to Configuring Secure Connect properties for information.

IMPORTANT: After enabling Secure Connect, you must restart the DMA application services.

 

Configuring Secure Connect properties

Before using Secure Connect, ensure that the default port configuration is appropriate for your environment. The ports used by Secure Connect are:

  • 9443 - this is the listening port. The Secure Connect server listens for connection requests on this port.
  • 10011, 11000 and 9920 - These are the standard Secure Connect communication ports.

By default, the Secure Connect ports are bypassed, which will cause Secure Connect to failback to a normal, unsecured connection. Before using Secure Connect, the BypassPorts setting must be set to 0 to enable full communication.

Secure Connect properties can be configured through the sc_client.properties file located in the client installation directory.

To configure Secure Connect

  1. In the client installation directory, open the sc_client.properties file with a text editor.

    The default installation directory differs depending on the client type and the OS of the client machine. For example,

    • The RDA client on a Windows machine installs to C:\Program Files\Quest\RDA\dynlib
    • The NetVault on a Linux server installs to /usr/netvault/dynlib/sc_client.properties
  2. Find the entry shown below

  3. Do one of the following:
    • Comment out the line BypassPorts = 9920, 10011, 11000 by adding a # to the front, then remove the # from BypassPorts = 0
    • Delete the listed ports (9920, 10011, 11000) and replace with 0.
  1. Save the file.

Managing Secure Connect with OST or RDA plug-in 4.1.0.265 or later

Unless manually disabled, Secure Connect is always running on the QoreStor server. Starting with QoreStor plug-in version 4.1.0.265, Secure Connect is enabled by default on the client machine. Review the sections below for the procedures to check Secure Connect status or disable and enable Secure Connect.

The commands below can be run both on the QoreStor server and the client machines. In both cases, the sc_manager command must be run from the directory that includes the sc.client.properties file. By default this is:

  • On the QoreStor server /opt/qorestor/bin

    NOTE: When configuring Secure Connect on the QoreStor server, the changes made are applicable only for container or optimized replication in which the QoreStor instance is a source.

  • For client machines, this is the plug-in installation directory. For example, for NetVault:
    • Linux clients - /usr/local/ocarda
    • Windows clients - C:\Program Files\Quest\RDA\Dynlib

IMPORTANT: The procedures below use the sc_manager command which must be run by the root account.

Checking Secure Connect status

To check the status of Secure Connect

  1. Run the command sc_manager status according to one of the methods below:
    • Run sc_manager from the directory containing sc_client.properties.
      sc_manager status
    • Run sc_manager from any directory, using the path to the sc_client.properties.
      /opt/qorestor/bin/sc_manager status --property /opt/qorestor/bin/sc_client.properties
      SecureConnect.enabled = true
  2. The status of Secure Connect will be displayed:
    SecureConnect.enabled = true

Disabling Secure Connect

To disable Secure Connect

  1. Run the sc_manager disable command as described below:
    • Run sc_manager from the directory containing sc_client.properties.
      sc_manager disable
    • Run sc_manager from any directory, using the path to the sc_client.properties.
      /opt/qorestor/bin/sc_manager disable --property /opt/qorestor/bin/sc_client.properties
  2. The status of Secure Connect will be displayed as confirmation:
    SecureConnect.enabled = false
  3. After disabling Secure Connect, a service restart must be performed.
    • If you disabled Secure Connect on the QoreStor server, restart the QoreStor services using the commands:
    /opt/qorestor/bin/ctrlrpc -p 9901 node.stop
    /opt/qorestor/bin/ctrlrpc -p 9901 node.start
    • If you disabled Secure Connect on the client machine, services of the DMA application on that machine need to be restarted.

 

Enabling Secure Connect

To enable Secure Connect

  1. Run the sc_manager enable command as described below:
    • Run sc_manager from the directory containing sc_client.properties.
      sc_manager enable
    • Run sc_manager from any directory, using the path to the sc_client.properties.
      /opt/qorestor/bin/sc_manager enable --property /opt/qorestor/bin/sc_client.properties
  2. The status of Secure Connect will be displayed as confirmation:
    SecureConnect.enabled = true
  1. After enabling Secure Connect, a service restart must be performed.
    • If you enabled Secure Connect on the QoreStor server, restart the QoreStor services using the commands:
    /opt/qorestor/bin/ctrlrpc -p 9901 node.stop
    /opt/qorestor/bin/ctrlrpc -p 9901 node.start
    • If you enabled Secure Connect on the client machine, services of the DMA application on that machine need to be restarted.
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级