Virtual Storage Console (VSC): Security Hardening procedure for VSC, SRA and VASA Provider
- Last Updated:
Virtual Storage Console (VSC)
Storage Replication Adapter (SRA)
- The NetApp Virtual appliance for Virtual Storage Console (VSC), VASA Provider, and Storage Replication Adapter (SRA) product line that is covered by this document will be referenced as Virtual Storage Console (VSC) throughout the rest of this document.
- Virtual Storage Console (VSC) is only available for download as a Virtual Appliance (.ova)
- By default, The Virtual Storage Console file system is encapsulated within the Virtual Machine and is only accessible when engaging a NetApp technical resource* for technical assistance.
- By default, the file systems ‘root’ super user is disabled within the Virtual Storage Console virtual appliance.
- Disabling the ‘root’ user by default adds to the security features of the NetApp Virtual Storage Console (VSC) product, as it further decreases the ability to modify the underlying file system and decreases the ability to upload malicious files to the file system.
- When the Virtual Storage Console virtual appliance is qualified for release (via QA testing), the Virtual Storage Console virtual appliance is not qualified with any additional security measures applied to the underlying file system.
- NetApp does not support changes made to the Virtual Storage Console file system unless the changes are being guided by a NetApp technical resource*.
- As the Virtual Storage Console (VSC) application is QA tested without any security measures applied to the file system, NetApp can only directly support Virtual Storage Console (VSC) installations that do not have “Security Hardening” measures applied to the file system.
Security Hardening measures are defined as the following actions being taken on the Host Operating System:
Limiting system directory functions or privileges.
Limiting User Roles.
Access Control tools.
3rd party applications that can be configured to limit access to Operating System functionality.
Updating OS packages or other installed third-party tools to a NON-default version is not supported.
- In this document “NetApp technical resource” is a reference to a human resource such as:
- NetApp SE
- NetApp Field Service personnel
- Professional Services Personnel
- NetApp Technical Support
- Following any steps from a KB article, or Technical Report (TR) does not qualify as direct guidance from a NetApp technical resource.
- NetApp Best practice is to take a Cold VMSnapshot of the Virtual Storage Console virtual appliance before executing any steps outlined within a NetApp KB Article, so that VSC server may be rolled back to a “Known Good” operational status, in the event of an issue while executing the steps outlined in a KB Article.