Virtual TapeServer 6.04.01 Installation Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series

101

102

103

104

105

106

107

108

109

110

102 | Enabling Instant DR and AutoCopy

f. Add the name of all other VTS servers in this file. For example, on the Los Angeles

VTS server, enter boston.

g. Save and exit the file.

5. Set up and authorize secure shell (SSH) if you are configuring VTS for AutoCopy or if you

wish to secure communication for Instant DR.

a. At the command prompt, change to the /home/bill directory.

b. Enter the following command:

ssh-copy-id –i /home/bill/.ssh/id_dsa.pub bill@boston

c. When prompted, enter yes.

d. Enter the password for the bill user at the destination server.

e. Enter the following command:

ssh-copy-id –i /home/bill/.ssh/ id_rsa.pub bill@boston

f. When prompted, enter yes.

g. Enter the password for the bill user at the destination server.

h. Repeat these steps for each VTS server. (If you are on losangeles, you must copy to

boston. If you are on boston, you must copy to losangeles.)

6. Check the RSH connection. At the command prompt, enter rsh server uptime. For

example, on the Boston server, enter rsh boston uptime.

This command displays the amount of time that the system has been up.

Repeat this step on each remote server. You should get similar results.

7. Check the SSH connection, if you configured SSH. At the command prompt, enter ssh

server uptime. For example, on the Boston server, enter ssh boston uptime.

The first time you enter an ssh command, a message similar to the following is displayed:

The authenticity of host 'server_name (IP_addr)' can't be

established.

RSA key fingerprint is

5f:10:3c:47:78:8f:e3:28:9d:ab:6b:34:ed:d1:e4:08.

Are you sure you want to continue connecting (yes/no)?

Enter yes.

8. Repeat these steps on each VTS server.

Note RSH and SSH can be setup for one direction or multiple directions. If multiple

directions are configured, these steps should be executed from the other direction.

Configuring TCP/IP security

The need for security while using Instant DR becomes necessary if the communication link

between VTS servers is not completely within your network. If you do not secure the link,

others can gain access to the VTS operating system over TCP/IP from outside the corporate

network. To tighten security, you can configure IP tables to block all TCP/IP traffic going to

eth1 except SSH, RSH, and ICMP (ping and traceroute).