Installing and connecting connection manager

Edit online

You can use the connection manager to establish a secure link between your on-premises environment and the IBM® Storage Defender® Data Resiliency Service.

Before you begin

Procedure

To install the connection manager, complete the following procedure:
  1. If you are installing the connection manager on a virtual machine, create a new VM and configure the CPU, memory, and virtual disk according to the minimum requirements. If you are installing it on a bare metal system, ensure that the hardware meets the minimum requirements.
  2. Configure the system to boot from the connection manager ISO.
    1. For virtual machines, create a virtual CD-ROM device and configure it to use the ISO file.
    2. For bare metal systems, you can copy the ISO file to a USB drive to create a bootable USB. For more information, see Creating a bootable USB drive.
    3. Alternatively, if your bare metal server supports booting from an ISO file located on a remote share, you can copy the ISO file to an appropriate shared folder. Refer to your hardware vendor's documentation for more details on how to boot from an ISO file.
  3. After booting from the USB drive or ISO file, select the Install IBM Storage Defender Connection Manager option on the boot screen. Wait for the Installation Summary screen to be displayed.
  4. On the summary screen, click Installation Destination. Follow the steps on the screen to select the disk where the software will be installed.
    1. For the best practice, use the automatic partitioning scheme.
    2. Optionally, you can create a custom partitioning scheme. If you are creating a custom scheme, ensure that the /var directory is located on the root partition, and that root partition has at least 100 GB free space.
    3. Click Done after partitioning to return to the Installation Summary screen.
  5. On the summary screen, click Network & Host Name to configure the network.
    1. In the left pane, select the network interface you want to configure.
    2. In the right pane, enable the toggle button to ensure that the interface is activated on boot. You must activate and configure at least one interface.
    3. Click on Configure to specify the network properties for the interface. Ensure that you configure an appropriate IP address, gateway, and DNS servers that allow the server to communicate with Data Resiliency Service. If your network requires use of a web proxy to connect to Internet endpoints, you can configure that after the system has been installed and initialized. For more information, see Configuring a web proxy on a connection manager.
    4. On the bottom of the Network & Host Name panel, enter a unique hostname for your server.
    5. Click Done to return to the Installation Summary screen.
  6. On the summary screen, click Begin installation. The installer deploys the base operating system as well as other components that comprise the connection manager.
  7. When the base installation is complete, the system reboots automatically and displays a login prompt on the console. During this first reboot after installation, additional initialization of connection manager components continues to run in the background while the login prompt is displayed. The initialization can take 10 to 15 minutes to complete. In the meantime, it is safe to eject the installation media (CD-ROM or USB device or ISO file).
  8. To update the default virtual console or SSH password of the connection manager, complete the following steps:
    1. Log in to the newly created connection manager using the virtual console or using SSH.
    2. The default username is defender and the default password is IbmStorage.
    3. You are prompted to change the default password upon first login. Specify the current (default) password when prompted, then specify a new password when prompted.
    4. Log out and log back in to verify that the new password is functional.
  9. After you log in using the virtual console or SSH, issue the following command to perform health checks: 
    cmadm check
    1. Verify that all checks are successful, especially the network checks.
    2. If the deployment check indicates Initialization of new CM (ISO) is incomplete, wait for a few minutes to allow it to complete and then retry the check.
    3. If the initialization check continues to be incomplete, and the network checks related to IP address and hostname report errors, it might be due to misconfiguration of the network properties. Issue the following command to correct the network configuration, then reboot the system to retry the initialization: 
      sudo nmtui
    4. If the network check related to Data Resiliency Service continues to report errors, it might be that your network environment requires a web proxy for external internet connectivity. For more information, see Configuring a web proxy on a connection manager.
    When the installation is complete, you can proceed to connect Data Resiliency Service to on-premises resources using next steps.
  10. Connect the connection manager to Data Resiliency Service by completing the following steps:
    1. Navigate to the user interface of the connection manager through https://<host name used for the ISO deployment>/.
      Note: If the certificate for ISO is not signed by an authority, the browser pops up for you to accept the certificate, where you can accept the certificate.
    2. Enter a name for the connection manager. This name is used to identify the connection manager location in your IBM Storage Defender account.
      Tip: You can change the name later.
    3. Click Continue.
    4. Enter the API key for the connection manager.
      Note: The generated API key is valid for only 30 minutes. If you do not have time to download and deploy the ISO software before the key expires, you must generate the key again.
      Tip: The API key validation can fail if the connection manager is unable to connect to the Data Resiliency Service endpoint on the internet. If your connection manager requires use of a proxy server to connect to the internet resources, see Configuring a web proxy on a connection manager.
      Tip: The API key validation can also fail if the local time on the connection manager is incorrect. To troubleshoot time synchronization issues, see Resolving failure to connect to Data Resiliency due to clock skew
    5. Click Connect account.
    6. In the user interface of the connection manager, enter the username and the initial password for the first user in the appropriate input fields.
      Tip: You can use a functional user for this operation to ensure that the administration of the connection manager is not bound to a personal user in your company.
    7. Either capture the presented QR code or cut and paste the 32-character alphanumeric code into your authenticator app to setup 2-factor authentication.
    8. Follow the instructions in your authenticator app and enter the 6 digit code from the app into connection manager.
  11. To successfully complete the deployment, allow the connection manager to automatically updating the Connection Certificate by completing the following steps:
    1. Log out of the user interface and wait for 5 minutes.
    2. Log in to the user interface. For instructions, see Logging in to the user interface.
    Note: This step is required for a newly deployed connection manager whether it is a new setup or a replacement of an existing connection manager. If the Connection Certificate is not updated, the installation or uninstallation of the sensor control node by using Data Resiliency Service internal control node will fail and in the user interface the following message will appear:

    The Connection Manager’s signed certificates need to be updated before sensor control nodes can be added. The certificate will be automatically updated the next time you log in.