Getting Started with BrickStor SP

The BrickStor Security Platform (BrickStor SP) is a CyberConverged™ network attached storage (NAS) solution that fuses scalable capacity and performance with advanced data security and compliance capabilities. BrickStor eliminates attack vectors present in traditional storage systems while automatically ensuring continuous compliance through storage-based data profiles.

A typical BrickStor SP deployment consists of:

  • At least one controller that provides a centralized management console, via the BrickStor SP Manager user interface, and a database repository for the BrickStor platform.

  • At least one enclosure that contains some number of drives for storage capabilities.

In addition to the basic standard configuration, BrickStor SP can be deployed in a High Availability configuration.

This guide provides information about the features and functionality of the BrickStor Security Platform. The explanatory text, graphics, and procedures in each topic provide detailed information to help you navigate the user interface, maximize the performance of your system, and troubleshoot complications.

The topics that follow introduce you to BrickStor SP, describe its key components, explain how to log in and out of the system, and help you understand how to use this guide:

BrickStor SP Appliances and Components

A BrickStor SP appliance is either a physical server or virtual machine running the BrickStor SP Operating System.

For more information on a hardware BrickStor SP, see the following topics:

Controllers

The controller contains the BrickStor SP Operating System (BrickStorOS) and provides a centralized management point for your storage deployment and services. Controllers are sometimes referred to as heads, or nodes.

A typical controller is equipped with multi-core Intel CPUs and 256GB or more memory. The system uses this memory for caching, which is discussed in greater detail later in this documentation. Controllers provide networking via onboard interfaces with a typical system containing two 10GbE Ethernet interfaces onboard, and two or more 10GbE or faster Ethernet interfaces as add-on components for data access. Controllers also provide component redundancy wherever possible, including power, cooling, and storage used by the operating system, etc.

BrickStorOS

BrickStorOS is the Operating System for your BrickStor SP appliance. It is not a general-purpose operating system. Instead, it serves as part of an embedded system, which in combination with RackTop hardware becomes the BrickStor Security Platform. BrickStorOS provides a console mode, as well as shell access. However, these features exist for supporting very low-level functionality, such as networking configuration, system optimization, troubleshooting, and other diagnostic functions.

When attempting to perform actions within the BrickStorOS that are not documented or recommended by RackTop, be aware that these actions may result in system instability, loss of data, and violation of the terms of the system’s maintenance contract.

Enclosures

A BrickStor SP disk enclosure is an appliance with redundant components which, like a controller, is engineered to be fault-tolerant. An enclosure is sometimes referred to as a shelf. Enclosures are either fully or partially populated with mechanical and/or solid-state drives. These drives act as the primary storage for your BrickStor Security Platform and are organized into logical groupings called Pools. Enclosures can also contain special cache and write optimized journal devices.

Enclosures are attached to controller(s) via dual SAS host controllers, and utilize SAS drives, which permit multi-pathing throughout the system. Multi-pathing adds to system redundancy and IO load distribution. Loss of path to storage may cause a pause, while the system recovers from the loss and continues operating with a single remaining path. Whenever possible, RackTop recommends using multi-pathing throughout your deployment.

Drives

Enclosures are populated with high capacity storage drives. Typical configurations include mechanical Hard Disk Drives, Solid State Drives, or a combination of the two (Hybrid).

In some instances, special purpose drives used for caching or journaling are installed in the controller. These are often referred to as Write Cache or Read Cache.

Both types of drives use SAS interfaces, which possess dual-ported capability and enables multi-pathing as described in Enclosures. Enterprise grade drives are a standard feature in all systems and are selected to fit a specific configuration both in terms of capacity and parity scheme or mirroring.

High Availability

There are high availability options available in addition to the basic standard configuration. High availability is a configuration which includes two controllers and one or more disk enclosures with shared access between these controllers. The basic premise is high availability to some degree protects from catastrophic physical failure, or failure in operating system on a controller. Because storage is common between the controllers, high availability configuration is not meant to provide increased protection for storage, instead storage is protected through mirroring or a parity scheme such as RAID.

Open Network Port Requirements

By default, the following ports are open to allow BrickStor SP to take advantage of various features and functionality. The following table lists these ports.

Table 1. BrickStor SP Open Network Port Requirements
Ports Description/Service Protocol Direction This port is open to/Purpose

22

SSH

TCP

inbound

Receive Management and Replication data

22, 8444, 8544

TCP Replication

TCP

outbound

Send Replication

25, 587

mail

TCP

outbound

send notification emails

53

DNS

UDP

bidirectional

Domain name Service

88

Kerberos

UDP

outbound

Authentication

111

NFS/rpc

TCP/UDP

inbound

NFS client access

123

NTP

UDP

bidirectional

Time synchronization

139, 445

SMB

TCP/UDP

inbound

SMB/CIFS client access

161

SNMP

UDP

bidirectional

Monitoring with SNMP

162

SNMP traps

UDP

outbound

Sending alerts to SNMP stations

389, 636

LDAP

TCP/UDP

outbound

Access to directory service servers

443

HTTPS

TCP

outbound

Call Home for Software Updates (https://myracktop.com)

443

HTTPS

TCP

inbound

RMM/iLO Out of Band Management

514

syslog

TCP/UDP

outbound

Logging

623

rmcp

TCP/UDP

inbound

HA Power/IPMI access

2049

NFS/portmap

TCP/UDP

inbound

NFS client access

2379,2380

confd

TCP

inbound

Configuration database

3205, 3260

iSCSI

TCP

inbound

iSCSI client/initiator access

4045

NFS/lockmgr

TCP/UDP

inbound

NFS client access

4746

hiavd

TCP

bidirectional

High Availability (between HA nodes)

5696, 8445

KMIP

TCP

outbound

Access to key management server

5697

keymgrd

TCP

bidirectional

Key replication/sync

5699

bsrlicensed

TCP

bidirectional

HA license check

8086, 8088

influxdb

TCP

inbound

Used for BrickStor SP Manager (charts)

80, 443, 8443

bsrapid

TCP

inbound

Used for BrickStor SP Manager (http/https)

Initial Configuration

On the first boot or when the appliance is not licensed the Out of Box Experience (OOBE) utility will show. It will step you through configuring management network and license the appliance. See Out of Box Experience page for more details.

Default Login

The default appliance user name is root and the password is “racktop”. This password is well known and should be changed immediately.

Logging into the BrickStor Security Platform using BrickStor SP Manager

BrickStor has a user interface called BrickStor SP Manager that you can use to perform administrative, management, analysis, and auditing tasks. BrickStor SP Manager can manage multiple BrickStor SP controllers. BrickStor SP Manager runs on Microsoft Windows.

To download and install BrickStor SP Manager, use a web browser and enter the IP address or host name of the appliance. The default web page on the appliance contains downloadable links to the BrickStor SP Manager along with some other resources discussed later in this guide.

The BrickStor SP Manager zip file can be extracted into any folder and will run as a standalone client without an install. The brickstorspmgr.exe file in the extracted folder is the executable program.

To log into a BrickStor SP controller via BrickStor SP Manager:

  1. Run brickstorspmgr.exe by double clicking it.

    gs bsrmgr welcome

  2. Click Add Connection to add a connection to a BrickStor SP appliance.

    Add BrickStor Instance to BrickStor SP Manager

  3. In the Add Connection dialog box, enter the following:

    • For authentication server, enter the system’s IP address or host name.

    • Enter your username.

    • Enter your password.

    • Optionally, select whether to have BrickStor SP Manager save your password for subsequent logins.

  4. If you have already connected a BrickStor instance, click login for that instance.

  5. In the Connect To dialog box, do the following:

    • Verify the system’s IP address.

    • Verify your username.

    • Enter your password.

    • Optionally, select whether to have BrickStor SP Manager save your password for subsequent logins.