Manualshelf

Virtual TapeServer 6.02.00 Installation Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series
41424344454647484950
HP Virtual TapeServer Installation Guide 46 HP Part Number 528654-006 Sept 2006
h) Type yes if asked to continue.
i) The id_rsa.pub file is copied to the newyork Instant/DR system and
renamed authorized_keys. Do this for both Instant/DR systems.
j) If you are on losangeles, you must copy to newyork. If you are on
newyork, you must copy to losangeles.
5. Check the rsh connection.
a) At the command prompt displays, [bill@losangeles .ssh]$, enter rsh
newyork-idr uptime.
This command displays the amount of time that the newyork system has
been up. Do the same on New York for losangeles using rsh losangeles-idr
uptime. You should get similar results.
Configuring Virtual TapeServer TCP/IP Security
The need for security while using the Instant Disaster Recovery (IDR) feature of VTS
over a WAN link becomes necessary if the communication link is not completely within
the customer network. This security is always required for AutoCopy. The possibility
exists for someone to gain access to the operating system of VTS over TCP/IP from
outside the corporate network. To tighten security IP tables can be configured on VTS
by following these steps.
Virtual Tape Server is based on an HP Proliant hardware platform. The Proliant DLxxx
servers each have two ethernet ports eth0 & eth1 corresponding to ports 1 and 2 on the
back of the server. Under normal circumstances eht0 is used for local IP traffic to
access the GUI and for mounting communication between VTS and hosts. When IDR is
configured eth1 is configured with a routable address to communicate with a second
VTS at a remote location.
Setup
This procedure is blocks all TCP/IP traffic going to eth1 except SSH (secure shell), RSH,
and ICMP (ping and traceroute).
vi /etc/iptable-script
Paste in these settings.
iptables -A INPUT -p tcp -i eth1 --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -i eth1 --dport 873 -j ACCEPT
iptables -A INPUT -p udp -i eth1 --dport 873 -j ACCEPT
iptables -A INPUT -p tcp -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -m state --state RELATED -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -i eth1 -j REJECT
iptables -A INPUT -p tcp -m state --state INVALID -j REJECT