Skip to main content
NetApp Knowledge Base

Virtual Storage Console (VSC): Security Hardening procedure for VSC, SRA and VASA Provider

Views:
473
Visibility:
Public
Votes:
0
Category:
virtual-storage-console-for-vmware-vsphere
Specialty:
virt
Last Updated:

 

Applies to

Security Hardening

Virtual Storage Console (VSC)

Storage Replication Adapter (SRA)

VASA Provider

Answer

  • The NetApp Virtual appliance for Virtual Storage Console (VSC), VASA Provider, and Storage Replication Adapter (SRA) product line that is covered by this document will be referenced as Virtual Storage Console (VSC) throughout the rest of this document. 
  • Virtual Storage Console (VSC) is only available for download as a Virtual Appliance (.ova)  
  • By default, The Virtual Storage Console file system is encapsulated within the Virtual Machine and is only accessible when engaging a NetApp technical resource* for technical assistance. 
  • By default, the file systems ‘root’ super user is disabled within the Virtual Storage Console virtual appliance. 
  • Disabling the ‘root’ user by default adds to the security features of the NetApp Virtual Storage Console (VSC) product, as it further decreases the ability to modify the underlying file system and decreases the ability to upload malicious files to the file system. 
  • When the Virtual Storage Console virtual appliance is qualified for release (via QA testing), the Virtual Storage Console virtual appliance is not qualified with any additional security measures applied to the underlying file system. 
  • NetApp does not support changes made to the Virtual Storage Console file system unless the changes are being guided by a NetApp technical resource*. 
  • As the Virtual Storage Console (VSC) application is QA tested without any security measures applied to the file system, NetApp can only directly support Virtual Storage Console (VSC) installations that do not have “Security Hardening” measures applied to the file system.  

 

  Security Hardening measures are defined as the following actions being taken on the Host Operating System: 

  • Limiting system directory functions or privileges. 

  • Limiting User Roles.  

  • Access Control tools. 

  • 3rd party applications that can be configured to limit access to Operating System functionality. 

  • Updating OS packages or other installed third-party tools to a NON-default version is not supported. 

 

Additional Information

  • In this document “NetApp technical resource” is a reference to a human resource such as:
    • NetApp SE
    • NetApp Field Service personnel 
    • Professional Services Personnel
    • NetApp Technical Support
  • Following any steps from a KB article, or Technical Report (TR) does not qualify as direct guidance from a NetApp technical resource. 
  • NetApp Best practice is to take a Cold VMSnapshot of the Virtual Storage Console virtual appliance before executing any steps outlined within a NetApp KB Article, so that VSC server may be rolled back to a “Known Good” operational status, in the event of an issue while executing the steps outlined in a KB Article.  

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.