Tag Archive : sannav

/ sannav

SANnav SSL Certificate

SANnav Management Portal utilizes by default a self-signed certificate, which in most cases is considered as vulnerability. Therefore, it is highly recommended to replace it by a CA signed certificate. The SSL/TLS certificate ensures that the connection between clients and the server is secure.

The replacement is done in 2 steps. First, we will create a Certificate Signing Request, which will be signed by our Certificate Authority. Then the signed certificate will be imported to the SANnav. In addition, you will also need the root and the intermediate certificates to be imported.

Make sure to read the SANNav Management Portal guide for detailed information.

Creating SANnav Certificate Signing Request

  1. Log in to your SANnav server (RedHat/CentOS)
  2. Additionally, create a new directory under /root/, you can call it /root/certificates/
    cd /root
    mkdir certificates
    cd /root/certificates
  3. To start, we will create the certificate signing request (.csr)
    openssl req -newkey rsa:2048 -nodes -keyout sannav.key -out sannav.csr
  4. Enter the certificate information regarding to your host and the company information
  5. Let your SANnav (sannav.csr) be signed by your Certificate Authority

At this point you would have received the signed certificate, together with the accompanying root and intermediate certificate.

Replacing the self-signed certificate

  1. Copy your signed certificate, together with the company’s root and the intermediate certificate to /root/certificates/
  2. First, we will need to merge the root and the intermediate certificate into one file. Use the following command:
    cat intermediate_certificate.crt root_certificate.crt > bundleCertificate.pem
  3. Launch the script replace-server-cert.sh found under /<sannav-installation-directory>/bin/
  4. Complete the certificate file paths as requested by the wizard:
    – Enter the path for the ssl certificate including file name: /root/certificates/sannav.cer
    – Enter the path for the ssl key including file name: /root/certificates/sannav.key
    – If you have root and intermediate CA certificates, please chain them into a single certificate file and provide the path to the file. Press enter to skip this step. /root/certificates/bundleCertificate.pem
  5. Run the script restart-server.sh found under /<sannav-installation-directory>/bin/ to restart SANnav
  6. Restart your browser and you’re SANnav Management Portal will show a valid certificate.

Read here related articles about SANnav Management Portal
Preparing RHEL / CentOS Server for SANnav
Installing SANnav Management Portal 2.0

Any suggestion or question? Leave a reply below, or feel free to contact us.
Make sure to subscribe to our mailinglist to get the latest. No spam. Promised!

Installing SANnav Management Portal 2.0

22/12/2019 | SAN | 1 Comment

In our previous article, we have gone through the installation steps of RHEL/CentOS, and the basic configuration of SANnav. This article will further focus on implementing the prerequisites and installing SANnav Management Portal.

Before we start, make sure to read Preparing RHEL / CentOS Server for SANnav and SANNav Management Portal guide.

Implementing prerequisites

    1. If you are not the owner of the server, make sure to have the root privileges on your Linux system.
    2. Uninstall other applications from your server.
    3. If you have previously installed Docker, uninstall it.
    4. ‘Ensure that the entire physical server (boot, log, and data) runs on a single partition. In my case, I have 3 partitions and an LVM but I’m using virtual disks on the underlying layer.
  • Ensure that lsof and nslookup packages are installed on the server.
    1. To install, use the command:
yum install lsof, bind-utils
  • The ‘umask’ for the root user must be set to 0022.
    1. By default root has already this value, if not use the following command to change it:
umask 0022
  1. Open /etc/security/limits.conf and add the following line at the end: elasticsearch – nofile – 65536
    vi /etc/security/limits.conf
  2. Port 22 is by default in use for SSH. You either keep it for SSH and use it for SANNav repository or change it to another port. To change the default SSH configuration, open /etc/ssh/sshd_config, uncomment #port 22 and change it to 8022.
    Restart SSHD service using the command:

    systemctl restart sshd
  3. Port 80 must also be available. If you are using a firewall in your environment, make sure to open the ports. I would recommend to disable the firewall during installation and enable it after implementing SANnav. See also firewall requirements on the guide.
  4. It is required to have IP forwarding enabled. You can verify using the following command:
    /sbin/sysctl net.ipv4.ip_forward

    To enable IP Forwarding permanently, open the /etc/sysctl.conf file and add the following lines:
    # Enable IP Forwarding for SANnav
    net.ipv4.ip_forward = 1

  5. Ensure that hostname -i resolves to an IP address. If your server is in your domain, hostname -f must resolve to an FQDN.
  6. Ensure that nslookup is successful when launched against other servers.
    If not, verify that /etc/hosts, /etc/nsswitch.conf and that your network card interface is valid.

Installing SANnav Management Portal

I have already downloaded the .tar.gz (compressed packaged) file of SANnav. Using WinSCP I transferred it from my Windows computer to the /root/ directory of the RHEL server.

  1. Locate the file you downloaded and extract it using the command:
    tar -xvzf Portal_2.0.0-distribution.tar.gz
  2. Inside the /bin/diag there is a script which tests the prerequisites. Go to Portal_2.0.0_rc_bld204/bin/diag/ and launch preinstall_system_check.sh

    Verify SANNav Prerequisites
    Verify SANNav Prerequisites
  3.  On the screenshot above, the check claims that nslookup failed but it’s a false positive warning. Didn’t check further but it’s probably due to the package name having another name under RHEL. Launching nslookup commands towards my hosts works like a charm.
  4. To start the installation script, go to /<copied folder>/bin and launch install-single-node-server.sh.

    SANnav installation script
    Installing SANnav using the single-node installation script
  5. On the following screen, accept the License Agreement to continue the installation.
  6. Once the installation of Docker is completed, the setup will proceed with SANnav installation.
  7. At a certain point, you are asked to select the method of communication between SANnav Management Portal and SAN Switches. If you don’t plan to use https and your switches are not configured, select 0 for http. If your switches are already using https connections, select option 1. Optionally you can also select 2 which is https then http.

    SANnav port configuration
    SANnav port configuration
  8. The setup will continue for about 20 minutes. Once it has completed you can launch the client web page on http://<your sever ip>

    SANnav Management Portal 2.0
    SANnav Management Portal web interface.

If you are considering to install a CA-signed certificate, make sure to follow the steps from SANnav: Installing CA signed SSL.

To enable https protocol on your Brocade switches, use the steps as described on Enable HTTPS protocol on Brocade switches.

Any suggestion or question? Leave a reply below, or contact us. Make sure to also subscribe to our mailing list.