Setting a whitelist

Virtual Storage Platform One SDS Block System Administrator Guide
Version
1.17.x
Audience
anonymous
Part Number
MK-24VSP1SDS001-04

To prevent unauthorized management operations, you can set the IP address of a controller node or IP address of the load balancer (for the cloud model) in an allowlist. The maximum number of IP addresses that can be set is 10.

CAUTION:

  • When setting or changing an allowlist, a REST API, CLI, or VSP One SDS Block Administrator operation cannot be performed temporarily. Wait for approximately 30 seconds before you perform an operation.

  • To use VMware vCenter Server Plugin, set the IP address of VMware vCenter Server in the allowlist. If you have not set VMware vCenter Server in the allowlist, information cannot be referenced from VMware vCenter Server.

  • (Bare metal) Setting an allowlist cannot restrict operations on the console interface. If you want to restrict console interface operations, use the security settings provided by BMC for each storage node. For details, see the BMC User Guide provided by the vendor of the physical server to be used as the storage node.

  • Required role: Security

  1. Edit the allowlist setting.

    (Bare metal) Run the command with the following specified: whether the allowlist is enabled or disabled and the controller node IP address (IPv4) to be set in the allowlist.

    (Cloud) Run the command with the following specified: whether the allowlist is enabled or disabled and the IP address (IPv4) of a controller node and load balancer to be set in the allowlist.

    The set content is overwritten.

    REST API: PATCH /v1/objects/web-server-access-setting

    CLI: web_server_access_setting_set

    Verify the job ID which is displayed after the command is run.

  2. Verify the state of the job by specifying the job ID.

    REST API: GET /v1/objects/jobs/<jobID>

    CLI: job_show

    If the job state is "Succeeded", the job is completed.

  3. Verify that the allowlist is set correctly.

    REST API: GET /v1/objects/web-server-access-setting

    CLI: web_server_access_setting_show

    After running the command, you receive a response indicating the set content.

  4. (Bare metal) Back up the configuration information.

    Perform this step by referring to Backing up the configuration information (Bare metal).

    If you continue operations with other procedures, you must back up the configuration information after you have completed all operations.