Managed appliance installation guide
Who is this article for?
Incydr, no.
CrashPlan for Enterprise, yes.
Code42 for Enterprise, yes.
CrashPlan for Small Business, no.
This article applies to on-premises authority servers.
Overview
The Code42 managed appliance and Managed Private Cloud (MPC) are systems for which Code42 provides hardware and remote monitoring and management. This guide is intended to assist you in unboxing, installing, configuring, and maintaining your managed appliance or Managed Private Cloud.
Before you begin
Prepare these physical requirements for your Managed Private Cloud:
- Dual 110-240V power sources (standard power cables are included)
- Power requirements vary from 230W to 460W, depending on model
- 2-4 U rack space per managed appliance
- 2 ethernet connections
- Monitor and keyboard for initial setup
Set up your Managed Private Cloud
Unbox
When you receive your Managed Private Cloud, open the boxes and verify the contents of your appliance shipment. Each managed appliance contains the following:
- Managed appliance
- Rack mount rails (2)
- Power cords (4)
- Hard drives
Hard drives are shipped separately and are pre-mounted in hot swap carriers
Rack the managed appliance
- Unbox and inspect the managed appliance, drives, and other hardware for any physical damage that may have occurred during shipping.
- Rack the chassis using the included quick-lock rails.
Due to the physical size and weight of the managed appliance, we recommend that two people work together to place your managed appliance in your server rack.
See the chassis user guide for detailed server installation instructions.
Connect cables and power on your managed appliance
- Install the included hard drives in the managed appliance.
- The serial number of the managed appliance is marked on the box the drives were shipped in.
- The hard drives can be installed in any order within a managed appliance as long as the serial numbers match. It is critical that you match each drive to the managed appliance for which it was intended.
- Connect a keyboard (USB) and monitor (VGA) for initial setup.
- Plug in the Ethernet cable(s) to the two RJ45 ports labeled eth0 and MGT
- Plug in the MGT/IPMI cable
- Plug in the SAS cable
- Plug in the power cables
Requires two 110-220V auto-sensing power supplies
- Power on the managed appliance
Verify power supply and drive status
Check the power supply indicator lights to verify that each drive is working properly. For managed appliances, drive lights should be blue, except for the hot spare drives, which will double-blink red. The indicator lights reveal the status of each individual drive. All managed appliances use the IBPI (International Blinking Pattern Interpretation) standard.
For more information, refer to our short guide to indicator lights.
Network configuration
Gather the following network configuration information before you begin installation:
- Hostname (e.g. myhost.example.com)
- Host (e.g. myhost)
- IP Address for ETH0 (e.g. 192.0.2.10)
- Netmask for ETH0 (e.g. 255.255.255.0)
- Gateway Address (e.g. 192.0.2.1)
- IPMI IP Address (e.g. 192.0.2.11)
- IPMI Subnet Mask (e.g. 255.255.255.0)
- IPMI Gateway (e.g. 192.0.2.1)
- DNS Server(s) (e.g. 192.0.2.100)
- DNS Search domain(s) (e.g. example.com)
- NTP Network Time Server (e.g. time.example.com)
- Email Server (e.g. mail.example.com)
- Region/Timezone (e.g. “America/Chicago” or “Asia/Singapore”)
To decrease any risk of intrusion, customers with a managed appliance should ensure the intelligent platform management interface (IPMI) is on its own out-of-band network. If you have questions, contact our Customer Champions for Code42 for Enterprise support.
Firewall configuration
Prepare the following firewall rules on your network before the managed appliance installation. We have divided these firewall rules between your managed appliance, Monitoring, and Cloud Storage rules.
Code42 server network ports
The following tables list the default Code42 server ports.
Inbound ports
In firewalls:
- Open port 4287 for inbound requests from Code42 apps.
- Open port 4285 for inbound requests from browsers and from Code42 apps version 6.5 and later.
- Open 4280 only in the rare case where your server does not use TLS security.
You can use port forwarding, also called port mapping, to avoid port conflicts and port restrictions within your Code42 environment and on other networks.
| Port(s) | Protocol | Source | Destination | Description |
|---|---|---|---|---|
|
4287 (TLS) |
TCP |
|
Your authority server |
|
| Your storage servers | Backup traffic from internal and external endpoints | |||
| 4280 (HTTP) 4285 (HTTPS) |
TCP |
|
Your authority server and storage servers |
|
Inbound IP addresses
For best results, we recommend that you allow inbound requests to your Code42 authority server from all the Code42 cloud storage IP addresses.
Outbound ports
In firewalls:
- Open ports 25, 53, 123, and 443 to let your Code42 servers send requests to mail, DNS, NTP (Network Time Protocol) servers, and the Code42 license server.
- Open an LDAP or RADIUS port only if you use one of those services.
- Open port 5432 only for a server that uses a PostgreSQL database.
- Open 5432 if PostgreSQL resides at an IP address other than the server's address,
- Or open 5432 if PostgreSQL and your server share the same address, but your firewall otherwise blocks connections to localhost.
For specific Code42 IP addresses, contact our Customer Champions for support.
| Port(s) | Protocol | Source | Destination | Description |
| 25 | TCP | Your Code42 server | Mail Server(s) | SMTP services |
| 53 | UDP | Your Code42 server | DNS Server(s) | DNS services |
| 123 | UDP | Your Code42 server | NTP Server(s) | NTP services |
| 443 | TCP | Your Code42 server |
|
Code42 product license/subscription service |
| TCP | Your Code42 server | update1.code42.com |
Managed appliance and monitored authority upgrade files |
|
| 389 (LDAP) 636 (LDAPS) |
TCP | Your authority server | LDAP or Active Directory Server(s) | Integration with LDAP or Active Directory services |
| 1812 1813 |
UDP | Your Code42 server | RADIUS Server(s) | RADIUS services |
| 5432 | TCP | Your Code42 server | PostgreSQL | Database service |
Multi-server deployment ports
If you use multiple Code42 servers, most likely one authority server and one or more storage servers, then in the firewall that protects each server:
- Open 4283 only in the rare cases where your servers do not use TLS security.
- Open port 4287 and 4288, both inbound and outbound, for server-to-server communications using TLS security.
- (Version 7.0 and earlier) Open port 4286, both inbound and outbound, also for server-to-server communications.
| Port(s) | Protocol | Source | Destination | Description |
|
4283 4287 (TLS) 4288 (TLS) |
TCP |
Your Code42 server |
Your Code42 server | Data balancing between Code42 servers |
| 4286 (Version 7.0 and earlier) |
TCP |
Your Code42 server |
Your Code42 server | Statistics traffic between Code42 servers |
Monitor ports
In order to allow Code42 to monitor your managed appliance, you need to configure your network to allow communication from Code42.
Only apply firewall rules for monitoring if you use Code42's managed appliance monitoring.
For specific IPs, contact our Customer Champions for support.
| Port(s) | Protocol | Source | Destination | Description |
|---|---|---|---|---|
|
10053 |
TCP | Your Code42 server |
Code42 Monitoring Address
|
Remote monitoring (Zabbix) |
|
10051 |
TCP | Your Code42 server |
Code42 Monitoring Address
|
Remote monitoring (Zabbix) |
| 22 | TCP |
Code42 Remote Access IP 173.160.123.81 |
Your Code42 server | Remote SSH access from Code42 offices |
| 4280 4284 4285 |
TCP |
Code42 Remote Access IP 173.160.123.81 |
Your Code42 server | Remote console access from Code42 offices |
| 443 623 5900 |
TCP UDP TCP |
Code42 Remote Access IP 173.160.123.81 |
Your authority server's IPMI Interface | Remote IPMI access from Code42 offices |
| 623 | TCP | Your authority server's IPMI Interface |
Code42 Remote Access IP 173.160.123.81 |
Remote IPMI access from Code42 offices |
Code42 for Enterprise cloud storage ports
Configure your managed appliance
When you power on the managed appliance and the operating system loads, the main command line interface (CLI) console opens. Type commands at the command prompt.
Configure with the set command
Use the following set commands for initial system setup. These commands allow you to configure the time zone, IPMI, and Primary Network Interface for your Managed Private Cloud. Type set and press tab twice to display all available set commands. The following sections walk through each command:
set-tzset-ipmiset-net
Set the time zone
Use set-tz to set the local time zone for your managed appliance
set-tz prompt: |
Example entry |
|---|---|
| Geographic area | America |
| Time zone | Chicago |
If the clock on your managed appliance is incorrect, use ntpdate to retrieve the correct time from the configured NTP server.
Configure IPMI
The IPMI Remote Management console enables remote web administration of the managed appliance. IPMI uses a dedicated network device and has its own network configuration. Use set-ipmi to configure the IPMI for your managed appliance.
set-ipmi prompt: |
Example entry |
|---|---|
| How should the IPMI get its address? | dhcp |
| IP for IPMI interface | <IP address>, e.g., 192.0.2.11 |
| Netmask for IPMI interface | <mask>, e.g., 255.255.255.0 |
| Gateway for IPMI interface | <gateway>, e.g., 192.0.2.1 |
| Should the IPMI interface be restarted after networking changes? | yes |
Configure the primary network interface
The primary network interface contains the hostname, IP address and other network settings that the Code42 for Enterprise managed appliance will use to communicate across your network. Use set-net to configure the primary network interface for your managed appliance.
set-net prompt: |
Example entry |
|---|---|
| Enter the desired hostname (or leave blank) | <hostname>, e.g., server1.example.com |
| Please enter an NTP server hostname/IP | <NTP server>, e.g., ntp.crashplanpro.com |
| Network Pattern | static-single |
| Please enter DNS server(s) separated with commas | <DNS server1> <optional DNS server 2>, e.g., 192.0.2.200, 192.0.2.201 |
| Enter the domain name (or leave blank) | <domain information>, e.g., example.com |
| Please enter IPv4 address for eth0 | <IP address>, e.g., 192.0.2.10 |
| Please enter IPv4 netmask for eth0 | <mask>, e.g., 255.255.255.0 |
| Please enter the WAN gateway address for eth0 | <gateway>, e.g., 192.0.2.1 |
| Would you like to continue with these settings? |
Yes to continue. No to exit |
Once the primary network interface has been configured, run the restart-networking command to apply the settings.
Test IPMI settings
Run show-all at the command prompt to view all current network settings. You can also view only the IPMI settings with show-ipmi.
Open a browser and navigate to the IPMI IP address. You should see the following screen:
Contact your Code42 software engineer to test IPMI access, as well as any other external access methods that you have chosen to make available, including SSH access, remote Code42 console access, or others.
Maintain your managed appliance
Monitor for issues
Code42 managed appliance monitoring allows Code42 to configure your managed appliance for performance and reliability. Code42 monitors these status elements and problem indicators, as well as others:
- Code42 for Enterprise service status
- Code42 for Enterprise version and update availability
- Power supply failures
- Drive failures
- Out of memory alerts
- Low disk space alerts
- Out of disk space alerts
- RAID array health
- Database health
- Web Code42 console responsiveness
For more information on Code42's managed appliance monitoring service, contact our Customer Champions for Code42 for Enterprise support.
Code42 for Enterprise server logs
You can view the Code42 for Enterprise server logs through the Code42 console from Server > Settings > System logs: View.
From the server log view, a drop-down menu lets you choose the log file you wish to view.
| Log name | Description |
| com.backup42.app.log.X (0 is the newest log) | Primary repository of events, errors, and data. Check this log first for any exceptions. |
| request-[date].log | Lists all of the web requests made to the internal web server. |
| history.log.X (0 is the newest log) | Lists system alerts and general events that have occurred on the server. |
Change your IP or IPMI addresses
Throughout the life of your Code42 for Enterprise managed appliance, you may need to change the network configuration of the primary network interface or the IPMI. Do this by running the set-net command to change the IP address and configure the primary network interface or the set-ipmi command to change the IP address of the IPMI.
Contact support at Code42
Contact our Customer Champions for support. For more details, see Code42 enterprise support policy.
Command-line reference
Press TAB twice to display all available commands.
| Command | Description |
|---|---|
| apt-retrieve-credentials | Retrieve credentials and set up via code42.cfg |
| apt-submit-credentials | Generate a unique password and upload credentials |
| clear | Clear the command screen* |
| date | Display the current date and time* |
| df | Display available disk space on the filesystem* |
| factory-defaults | Completely removes the contents of the code42.cfg |
| firewall on | Enable iptables firewall rules set within /etc/iptables/rules.v4 |
| firewall off | Disable iptables firewall rules set within /etc/iptables/rules.v4 |
| free | Display total free and used physical and swap memory, and buffers used by the kernel* |
| history | Display the recent commands executed* |
| hostname | Display the system's hostname* |
| iostat | Displays the current CPU load average and disk I/O utilization, providing a great way to monitor your disk I/O usage* |
| ipmi-factory-defaults | Reset IPMI settings to factory defaults |
| ipmi-password | Set an IPMI password |
| ipmi-reload | Re-issues IP/DHCP/networking configuration commands from the code42.cfg to the IPMI |
| ipmi-reset | Reboots the IPMI interface |
| ipmitool | Configure the IPMI network settings |
| last-known-good | Reverts to a previously set known good configuration |
| lsicmd | Display drive status |
| netstat | Print information about the Linux networking subsystem* |
| ntpdate | Set the local date and time by polling the Network Time Protocol (NTP) given as the server arguments to determine the correct time* |
| ping | Use to check that there is a network communication to another computer* |
| poweroff | Shut down the appliance* |
| ps | Give a snapshot of the current processes* |
| reboot | Reboot the system* |
| restart-networking | Restarts networking, applying network changes |
| set-ipmi | Configure the IPMI network settings |
| set-monitoring | Configure the server to contact for monitoring |
| set-net | Run the network configuration wizard |
| set-tz | Run the time zone configuration wizard |
| show-all | Display all configuration settings |
| show-ipmi | Display all IPMI devices |
| show-net | Display network configuration settings |
| show-raid | Display virtual drive info |
| show-serial | Display the serial number of the managed appliance |
| show-version | Display appliance, CLI, and Pepper version numbers |
| silencealarm | Silence any audible alarms, such as a failed drive alarm |
| tcpdump | Analyzes TCP/IP and other packets transmitted or received by a network* |
| top | Display the top CPU processes* |
| traceroute | Print the route that packets take to the network host* |
| uptime | Display how long the system has been running* |
| w | Displays the users currently logged in, and lists their running processes* |
* - indicates this command is a native Linux command. For full information on Linux commands, please view the command's man page. Note that man pages are not installed on the managed appliance operating system.