Veritas Access Appliance Administrator's Guide
- Section I. Introducing Access Appliance
- Section II. Configuring Access Appliance
- Managing users
- Configuring the network
- Configuring authentication services
- Configuring user authentication using digital certificates or smart cards
- Section III. Managing Access Appliance storage
- Configuring storage
- Managing disks
- Access Appliance as an iSCSI target
- Configuring storage
- Section IV. Managing Access Appliance file access services
- Configuring the NFS server
- Setting up Kerberos authentication for NFS clients
- Using Access Appliance as a CIFS server
- About configuring CIFS for Active Directory (AD) domain mode
- About setting trusted domains
- About managing home directories
- About CIFS clustering modes
- About migrating CIFS shares and home directories
- About managing local users and groups
- Using Access Appliance as an Object Store server
- Configuring the NFS server
- Section V. Managing Access Appliance security
- Section VI. Monitoring and troubleshooting
- Configuring event notifications and audit logs
- About alert management
- Appliance log files
- Configuring event notifications and audit logs
- Section VII. Provisioning and managing Access Appliance file systems
- Creating and maintaining file systems
- Considerations for creating a file system
- About managing application I/O workloads using maximum IOPS settings
- Modifying a file system
- Managing a file system
- Creating and maintaining file systems
- Section VIII. Provisioning and managing Access Appliance shares
- Creating shares for applications
- Creating and maintaining NFS shares
- About the NFS shares
- Creating and maintaining CIFS shares
- About the CIFS shares
- About managing CIFS shares for Enterprise Vault
- Integrating Access Appliance with Data Insight
- Section IX. Managing Access Appliance storage services
- Configuring episodic replication
- Episodic replication job failover and failback
- Configuring continuous replication
- How Access Appliance continuous replication works
- Continuous replication failover and failback
- Using snapshots
- Using instant rollbacks
- Configuring episodic replication
- Section X. Reference
Selecting or changing the lockdown mode
The user can select the lockdown mode during initial configuration. After cluster configuration, user has the option to see/change the lockdown mode using the GUI as well as CLISH. The user can switch between the following modes without any restriction:
From Normal to Enterprise mode
From Normal to Compliance mode
From Enterprise to Compliance mode
You can change the mode from Enterprise to Normal, from Compliance to Normal or from Compliance to Enterprise only if:
Locked data is not present in deduplication storage or deduplication is not configured in WORM mode.
WORM enabled file system for any other use cases, such as NFS and CIFS are not present.
WORM policies are not activated in the GUI.
All the file systems are not in offline state.
The user can set minimum and maximum retention time for backup images in Enterprise and Compliance mode only. The retention period range is between 1 hour and 60 years. The retention period can be in second(s) or hour(s) if you use CLISH. The retention period can be in hour(s), day(s), month(s), or year(s) if you use the GUI. Creation of images with retention time less than the minimum retention time or greater than the maximum retention time is not allowed. This minimum and maximum retention time should be set by the appliance administrator as per the retention requirement of their use case.
If Enterprise or Compliance mode has been configured, retention values can be set on files and objects within the range of the minimum retention period and maximum retention period of the WORM-enabled shares or S3 buckets in which they are present.
Once the lockdown mode is set, only Appliance administrators can change the lockdown mode.
The lockdown modes are maintained during upgrade.
Only the Appliance administrator can remove the retention locks if the lockdown mode is enterprise.
The user cannot change the mode if any existing operation is in progress.
To change the lockdown mode using the GUI
- Go to Settings > Security management > Immutability and click Lockdown mode.
- On the Lockdown mode page, click Edit.
- Select the mode that you want to enable and click Save.
You can also modify the lockdown mode using the cluster lockdown-mode commands from CLISH.
cluster> lockdown-mode set <mode> [minret] [maxret]
Where
mode | Specifies the lockdown mode [ normal | compliance | enterprise ] |
minret | Specifies the minimum retention value range |
maxret | Specifies the maximum retention value range |
You can also list the lockdown configuration of a cluster using the cluster lockdown-mode get command.
If lockdown mode is set to compliance or enterprise for any node, it is not available for factory reset.
During add and replace node operations, the new node is automatically placed in the existing lockdown mode of the cluster. The lockdown mode of the replaced node is set to normal and the node is available for factory reset.
Cluster maintenance shell is enabled with two-factor authentication (2FA).
The lockdown mode settings are done at a cluster level and are applicable for all the services, such as NFS and CIFS that are configured on that cluster.