Acopia Networks 810-0044-00 Manual

Cli storage-management guide

page of 492

/ 492
Contents
Table of Contents
Bookmarks

Table of Contents

Quick Links

Download this manual

CLI Storage-Management Guide

Part Number: 810-0044-00, Revision G

Acopia Networks®, Inc.

41 Wellman Street

Lowell, MA 01851

(978) 513-2900 tel

(978) 513-2990 fax

Table of Contents

Need help?

Do you have a question about the 810-0044-00 and is the answer not in the manual?

Questions and answers

Summary of Contents for Acopia Networks 810-0044-00

Page 1 CLI Storage-Management Guide Part Number: 810-0044-00, Revision G Acopia Networks®, Inc. 41 Wellman Street Lowell, MA 01851 (978) 513-2900 tel (978) 513-2990 fax...
Page 2: Revision History
In no event will Acopia Networks be liable for direct, indirect, special, exemplary, incidental, or consequential damages resulting from any defect or omission within this document. Acopia Networks®, Inc. reserves the right to alter the contents of this document at any time, and without any notice.
Page 3: Table Of Contents
Contents Chapter 1 Introduction The ARX ........................1-1 Back-end Storage and Servers ................1-2 Front-end Services .....................1-2 Policy .........................1-2 Resilient Overlay Network (RON) ..............1-3 Audience for this Manual..................1-3 Using this Manual .....................1-3 Document Conventions .....................1-4 CLI Overview......................1-5 Exec Mode ......................1-5 Global Commands ..................1-5 Priv-exec Mode ....................1-5 Cfg Mode ....................1-6 Gbl Mode ....................1-6...
Page 4 Configuration Instructions................. 2-5 Adapting Storage to User Demands ................. 2-6 Migration for Capacity ..................2-7 Configuration Instructions................2-8 Migration for Class of Storage: File-Placement Policy........2-8 Configuration Instructions................ 2-11 Controlling Costs ....................2-11 Chapter 3 Preparing for CIFS Authentication Concepts and Terminology ..................3-2 Adding a Proxy User ....................
Page 5 Showing One Active-Directory Domain ..........3-21 Showing DC Status ...................3-22 Focusing On a Single Processor ............3-26 Removing an Active-Directory Forest .............3-27 Authorizing Windows-Management (MMC) Access ..........3-28 Adding a Windows User to the Group .............3-28 Removing a User ..................3-29 Setting Management Permissions for the Group ..........3-29 Removing a Permission ................3-30 Showing All Management-Authorization Groups ...........3-31 Focusing on One Group ................3-32...
Page 6 Removing a Permit Rule ................4-17 Changing the Anonymous User ID ..............4-18 Changing the Anonymous Group ID ............4-18 Reverting to the Default Group ID ........... 4-18 Reverting to the Default User ID ............. 4-19 Adding a Deny Rule ..................4-19 Removing a Deny Rule ................
Page 7 Removing the Description .................6-5 Setting the CIFS Port (optional)................6-6 Reverting to the CIFS-Port Default ..............6-6 Listing External Filers....................6-6 Showing External-Filer Details................6-7 Showing Details for all External Filers..............6-8 Samples - Adding Two Filers..................6-8 Removing an External Filer ..................6-9 Next ...........................6-9 Chapter 7 Configuring a Namespace Concepts and Terminology..................7-2 Listing All Namespaces ....................7-3...
Page 8 Enabling the Namespace (optional)................ 7-22 Enabling All Shares in the Namespace ............7-23 Taking Ownership of All Managed Shares (optional) ......7-23 Disabling All Shares................. 7-24 Disabling the Namespace ................7-24 Showing Namespace Configuration ............... 7-25 Removing a Namespace ..................7-27 Chapter 8 Adding a Direct Volume Declaring the Volume “Direct”.................
Page 9 Removing a Direct Share .................8-19 Selecting a VPU (optional) ..................8-19 Default-VPU Assignment ................8-20 Assigning the Volume to a VPU ..............8-22 Splitting Namespace Processing within a VPU ........8-23 Reverting to Default-VPU Assignment ............8-24 VPU Limits for Direct Volumes and Shares ............8-24 Showing All VPUs on the Current Switch............8-25 Showing One VPU..................8-26 Enabling the Volume ....................8-27...
Page 10 Running a No-Modify Import ................. 9-11 Allowing the Volume to Modify on Re-Import ..........9-11 Preventing Modification On or After Re-Import ........9-12 Preventing Modifications ................9-12 Automatically Synchronizing Metadata (CIFS)..........9-13 Auto-Sync Jobs and Reports ..............9-13 Allowing Renames on Collision .............. 9-14 Disallowing Renames ...............
Page 11 Finding SID Translations at All Filers............9-35 Ignoring SID Errors from the Filer (CIFS) ............9-36 Acknowledging SID Errors ..............9-37 Designating the Share as Critical (optional) ............9-38 Removing Critical-Share Status..............9-38 Ignoring the Share’s Free Space (optional)............9-39 Including the Share in the Free-Space Calculation........9-39 Adjusting the Free-Space Calculation ............9-40 Erasing the Free-Space Adjustment............9-40 Enabling the Share ...................9-40...
Page 12 Removing a Managed Volume................9-71 Chapter 10 Configuring a Global Server Concepts and Terminology ..................10-2 Adding a Global Server ..................10-2 Setting the Windows Domain (CIFS Only)............. 10-3 Setting the Pre-Windows2000 Name ............10-3 Removing the Windows Domain ............. 10-4 Adding a Virtual Server...................
Page 13 Enabling NLM ..................11-6 Enabling NFS Service..................11-6 Disabling NFS...................11-6 Notifications to NLM Clients ..............11-7 Listing All NFS Services .................11-7 Showing One NFS Service ...............11-8 Showing Details for All NFS Services .............11-8 Sample - Configuring an NFS Front-End Service ...........11-9 Removing an NFS Service ................11-10 Changing the NFS/TCP Timeout Behavior ...........11-10 Showing the NFS/TCP Timeout .............
Page 14 Sample - Configuring a CIFS Front-End Service.......... 11-39 Removing a CIFS Service ................11-40 Removing All of a Volume’s Front-End Exports ..........11-41 Showing All Front-End Services ................11-42 Showing Front-End Services for One Global-Server........11-42 Showing Front-End Services per Virtual-Server ........... 11-43 Showing the Services at the Redundant Peer .........
Page 15 Disabling the Free-Space Threshold..........12-22 Constraining New Files..................12-22 Distributing New Files................12-23 Constraining New Directories ..............12-23 Constraining Directories Below a Certain Depth ......12-24 Not Constraining Directories............12-25 Distributing When a Share is Unavailable..........12-25 Enabling All Share-Farm Rules ..............12-25 Stopping All Share-Farm Rules ..............12-26 Removing a Share Farm.................12-26 Creating a Schedule....................12-27 Setting the Interval ..................12-27...
Page 16 Disabling the Rule.................. 12-44 Verifying That All Files Are Removed ............12-45 Removing the Placement Rule ..............12-46 Removing All Policy Objects from a Namespace ..........12-47 Removing All Policy Objects from a Volume ..........12-48 Migrations in a Multi-Protocol Namespace............12-48 File-Attribute Migrations................
Page 17 Removing the Fileset ..................13-13 Grouping Files by Age ..................13-13 Selecting Files Based on their Ages...............13-14 Removing a File Selection ..............13-15 Choosing Last-Accessed or Last-Modified............13-15 Identifying a Source Fileset (optional)............13-16 Removing the Source Fileset ..............13-16 Setting the Age-Evaluation Interval (optional) ..........13-17 Reverting to the Default Evaluation Interval ..........13-18 Setting the File-Selection Start Time (optional) ..........13-18 Reverting to the Default Start Time ............13-19...
Page 18 Avoid Promoting CIFS Directories Based on Last-Accessed Time..14-10 Matching Directory Trees (Directories and Files) ......... 14-11 Limiting the Selection to Particular Source Share(s) (optional) ....14-13 Removing all Source-Share Restrictions..........14-13 Choosing the Target Storage................14-14 Balancing Capacity in a Target Share Farm ........... 14-15 Limiting Each Migration (optional) ..............
Page 19 Choosing a Shadow-Volume Target..............15-9 Using a Path in the Shadow Volume............15-10 Removing the Shadow-Volume Target ...........15-11 Applying a Schedule ..................15-12 Configuring Progress Reports................15-12 Generating Verbose Reports ..............15-13 Including Identical Files in Reports............15-14 Deleting Empty Reports................15-14 Disabling Reports ...................15-14 Supporting Local Groups (CIFS) ..............15-15 Translating Local SIDs ................15-16 Failing On SID-Translation Errors ..........15-16 Disabling SID Translation ...............15-17...
Page 20 2-xx CLI Storage-Management Guide...
Page 21: Introduction
Chapter 1 Introduction This manual contains instructions and best practices for setting up and managing storage on the Adaptive Resource Switch (ARX®). These instructions focus on the Command-Line Interface (CLI). Use this book after the ARX is installed and connected to its clients and servers through IP.
Page 22: Back-End Storage And Servers
Introduction The ARX Back-end Storage and Servers The Adaptive Resource Switch aggregates heterogeneous file systems and storage into a unified pool of file storage resources. Through this unification, you can manage these resources to adapt to user demands and client applications. File storage assets can be differentiated based on user-defined attributes, enabling a class-of-storage model.
Page 23: Resilient Overlay Network (Ron)
Introduction Audience for this Manual Resilient Overlay Network (RON) You can connect multiple ARXes with a Resilient Overlay Network (RON), which can reside on top of any IP network. This provides a network for distributing and accessing file storage. ARXes can replicate storage to other switches in the same RON, updating the replicas periodically as the writable master files change.
Page 24: Document Conventions
Introduction Document Conventions The remaining chapters are presented in the same order that you would use to configure storage on a new ARX. Before you begin, you must follow the instructions in your Hardware Installation Guide to install the switch, set up its management IP, and prepare it for CLI provisioning.
Page 25: Cli Overview
Introduction CLI Overview • - the vertical bar ( | ) separates argument choices; choice1 | choice2 • - curly braces ({ }) surround a required choice; {choice1 | choice2 | choice3} • - an asterisk (*) means that you can choose none of them, or choice1 | choice2]* as many as desired (for example, “...
Page 26: Cfg Mode
Introduction CLI Overview Priv-exec mode contains chassis-management commands, clock commands, and other commands that require privileges but do not change the network or storage configuration. Priv-exec has two sub modes, cfg and gbl. Cfg Mode To enter cfg mode, use the command: config bstnA6k# config...
Page 27: The No Convention
Introduction CLI Overview bstnA6k(gbl)# namespace wwmed bstnA6k(gbl-ns[wwmed])# This command places you into a new mode, as indicated by the new CLI prompt. The prompt shows the name of the mode, “gbl-ns,” and the name of the configuration object, a namespace called “wwmed.” Abbreviations are used for mode names (for example, “ns”...
Page 28: Getting Started
Introduction Getting Started bstnA6k(gbl-ns[wwmed])# enable bstnA6k(gbl-ns[wwmed])# ... Getting Started For the initial login, refer to the instructions for booting and configuring the switch in the appropriate Hardware Installation Guide. For subsequent logins, use the following steps to log into the Acopia CLI: If you are on-site, you can connect a serial line to the serial console port.
Page 29 Introduction Getting Started SWITCH> enable SWITCH# configure SWITCH(cfg)# To enter gbl mode, use the command instead: global SWITCH> enable SWITCH# global SWITCH(gbl)# The command sequences in this manual all begin either in cfg mode or gbl mode. CLI Storage-Management Guide...
Page 30: Sample Network
Introduction Sample Network Sample Network The examples in this manual draw from a single, fictitious network. The network filers all live on a class-C subnet at 192.168.25.x. These filers are called back-end filers, since they are the storage behind the front-end services of the ARX. The filers can be heterogeneous: NAS devices and file servers (possibly with additional DAS) need only support CIFS or NFS to be on the back end of the ARX.
Page 31: Contacting Customer Service
Introduction Contacting Customer Service Contacting Customer Service You can use the following methods to contact Acopia Customer Service: support@acopia.com E-mail 1-866-4Acopia (1-866-422-6742) Telephone http://www.acopia.com/support/ Acopia TAC Online Acopia’s online customer knowledge base and support request system CLI Storage-Management Guide 1-11...
Page 32 Introduction Contacting Customer Service 1-12 CLI Storage-Management Guide...
Page 33: Product Overview
Chapter 2 Product Overview Solutions to Common Storage Problems This chapter shows some of the problems inherent with today’s file-storage networks, then it demonstrates the solutions offered by the ARX. References to relevant chapters appear at the end of each solution, so that you can configure the solutions in your network.
Page 34 Today’s File Storage Balancing the capacity between these islands means moving popular files between file servers, but this can be difficult. Each client connects to back-end storage statically, through an IP address or FQDN, and chooses from a list of shares and paths that reside at that storage device.
Page 35: Optimizing Storage In A Namespace Volume
Optimizing Storage in a Namespace Volume file servers (DA clients Acopia’s Adaptive Resource Switch can optimize, adapt, and control your storage resources through namespace configuration and file migration. The sections below summarize the configuration steps for each of these solutions. Optimizing Storage in a Namespace Volume A namespace is a group of file systems under a single authentication domain.
Page 36 Optimizing Storage in a Namespace Volume Consider three filers with one NFS export each. The figure below shows the filers behind a standard router. In this configuration, the client must issue three mounts to access all three exports. /work1/accting /exports/budget /data/acct2 LAN/WAN /mnt/accting...
Page 37: Configuration Instructions
Optimizing Storage in a Namespace Volume The ARX can aggregate all three exports into a single namespace volume, “/acct” in this example. The client then only needs to mount the single, aggregated volume. /work1/accting /acct /exports/budget /data/acct2 LAN/WAN /mnt/acct The client now connects to the ARX rather than the individual filers. This creates an opportunity for upgrading storage on the back-end without changing the front-end view.
Page 38: Adapting Storage To User Demands
Adapting Storage to User Demands Chapter 6, Adding an External Filer, contains instructions for adding an external (NAS or DAS-enhanced) filer to the configuration. Chapter 7, Configuring a Namespace, contains instructions for aggregating external-filer storage into a namespace. Once the namespace is configured, you must configure the server for clients to access the namespace: configure a global server that clients can use to access the namespace over IP (see...
Page 39: Migration For Capacity
Adapting Storage to User Demands Migration for Capacity The ARX can keep all filers at or above the same minimum free space, so that overburdened filers can offload their files to other filers. This is called auto-migration off of the filer that is low on free space. You configure this by declaring a share farm and establishing the auto migration rule in the share farm.
Page 40: Configuration Instructions
Adapting Storage to User Demands An auto-migrate rule migrates files off of the over-burdened filers and onto the filers with more available free space. In addition, the ARX ensures that no filer is over-filled; all filers in the share farm maintain the minimum free space until/unless they all fill up to this level.
Page 41 Adapting Storage to User Demands Consider a site with several tiers of storage: a gold tier of expensive file servers, a silver tier of more-plentiful (perhaps slower) filers, and a bronze tier of least-expensive filers. Initially, administrators distribute files among their filers based on best guesses at the usage of the various files.
Page 42 Adapting Storage to User Demands File-placement policy can solve this problem. You can configure an age-based fileset that groups all files in the namespace based on their last-accessed times. This fileset could divide the files into weekly groups: files accessed this week, two-to-four weeks ago, and any time before four weeks ago.
Page 43: Configuration Instructions
Controlling Costs Configuration Instructions To configure a fileset, see Chapter 13, Grouping Files into Filesets. To group your namespace shares into a share farm, see “Adding a Share Farm” on page 12-15. For instructions on moving the fileset to your chosen storage, see Chapter 14, Migrating Filesets.
Page 44 Controlling Costs 2-12 CLI Storage-Management Guide...
Page 45: Preparing For Cifs Authentication
Chapter 3 Preparing for CIFS Authentication The ARX is a file proxy between clients and back-end filers; it must authenticate clients on the front end, and it must provide valid credentials to servers on the back end. To set up the switch proxy in an CIFS environment, you must configure two sets of authentication parameters in advance: •...
Page 46: Concepts And Terminology
Preparing for CIFS Authentication Concepts and Terminology Concepts and Terminology A namespace is an aggregated view of several back-end filers. Each namespace operates under a single authentication domain, the same domain supported by all of its back-end filers. This applies to both Windows and Unix domains. A global server is an client-entry point to the services of the ARX.
Page 47: Specifying The Windows Domain
Preparing for CIFS Authentication Adding a Proxy User bstnA6k(gbl-proxy-user[acoProxy2])# ... Specifying the Windows Domain The first step in configuring a proxy user is to specify its Windows domain. From gbl-proxy-user mode, use the command to specify the domain: windows-domain windows-domain name where name is 1-64 characters.
Page 48: Specifying The Username And Password
Preparing for CIFS Authentication Adding a Proxy User Specifying the Username and Password The final step in configuring a proxy user is to specify a username and password. This username/password must belong to the Backup Operator’s group to ensure that it has sufficient authority to move files freely from share to share.
Page 49: Listing All Proxy Users
Preparing for CIFS Authentication Adding a Proxy User Listing All Proxy Users You can use the command to get a list of all proxy users on the ARX: show proxy-user show proxy-user For example: bstnA6k(gbl)# show proxy-user Name Domain User ------------------------------------------------------------------------------ acoProxy1 WWMEDNET...
Page 50: Configuring The Ntlm Authentication Server
Preparing for CIFS Authentication Configuring the NTLM Authentication Server For example, the following command sequence removes a proxy user called proxyNYC: bstnA6k(gbl)# no proxy-user proxyNYC bstnA6k(gbl)# ... Configuring the NTLM Authentication Server Before you configure a namespace with Windows NTLM, you must also configure an NTLM-authentication server for the namespace.
Page 51: Listing Ntlm Authentication Servers
Preparing for CIFS Authentication Configuring the NTLM Authentication Server Listing NTLM Authentication Servers Use the command to display summary information on one or show ntlm-auth-server more configured Secure Agent servers. This command shows where the servers are located in the local database. show ntlm-auth-server [name] where name (optional, 1-128 characters) is the name of a Secure Agent server instance.
Page 52: Displaying Detailed Server Status
Preparing for CIFS Authentication Configuring the NTLM Authentication Server Displaying Detailed Server Status Use the command to display detailed status information show ntlm-auth-server status on one or more configured Secure Agent servers. This command shows how the servers are configured to a switch. show ntlm-auth-server status [name] where name (optional, 1-128 characters) is the name of a Secure Agent server instance.
Page 53 Preparing for CIFS Authentication Configuring the NTLM Authentication Server Account Disabled : 0 Account Expired Password Expired : 0 Time Restricted API Error Filer Response Generation: Success count: 1 Failure count: 0 Connection #2 Source IP: 10.61.101.200 Duration: 56192 (seconds) bytes Received: 9576 bytes Transmitted: 28768 Successful Client Authentications: 397...
Page 54: Adding An Active-Directory Forest (Kerberos)
Preparing for CIFS Authentication Adding an Active-Directory Forest (Kerberos) Adding an Active-Directory Forest (Kerberos) To prepare for a CIFS service that uses Kerberos to authenticate its clients, you must first create an Active Directory forest. This mimics the Active Directory (AD) forest in your Windows network.
Page 55: Adding A Redundant Forest Root
Preparing for CIFS Authentication Adding an Active-Directory Forest (Kerberos) for the forest root. From gbl-forest mode, use the command: forest-root forest-root domain-name ip-address where domain-name (1-256 characters) identifies the AD domain of the forest root, ip-address is the IP address (for example, 10.120.95.56) of the forest root’s For example, this command sequence selects the forest root for the ‘medarcv’...
Page 56: Identifying A Dynamic-Dns Server
Preparing for CIFS Authentication Adding an Active-Directory Forest (Kerberos) Use the command to remove a DC for the forest root. no forest-root no forest-root domain-name domain-controller where domain-name (1-256 characters) identifies the AD domain of the forest root, domain-controller is the IP address of the DC to remove. For example, this command sequence removes the second (redundant) DC from the ‘medarcv’...
Page 57: Removing A Name Server
Preparing for CIFS Authentication Adding an Active-Directory Forest (Kerberos) To prepare for dynamic DNS, you identify the dynamic-DNS servers in this forest. Later chapters explain how to configure a front-end CIFS service to use these dynamic-DNS servers. To identify one dynamic-DNS server, called a name server, use the command in gbl-forest mode: name-server...
Page 58: Adding A Child Domain
Preparing for CIFS Authentication Adding an Active-Directory Forest (Kerberos) To remove a name server from an AD domain, use the command: no name-server no name-server domain-name domain-controller where domain-name (1-255 characters) identifies the AD domain, and domain-controller is the IP address of the name server to remove. For example, this command sequence removes the second (redundant) name server from the ‘MEDARCH.ORG’...
Page 59 Preparing for CIFS Authentication Adding an Active-Directory Forest (Kerberos) For example, this command sequence mimics the forest illustrated below: forest root MEDARCH.ORG NE.MEDARCH.ORG child domains MA.NE.MEDARCH.ORG CT.NE.MEDARCH.ORG The first child, “NE.MEDARCH.ORG,” is a child of the root domain, “MEDARCH.ORG,” and the last two domains are children under “NE.MEDARCH.ORG:”...
Page 60: Removing A Child Domain
Preparing for CIFS Authentication Adding an Active-Directory Forest (Kerberos) Removing a Child Domain command removes a child domain controller from a forest: no child-domain no child-domain domain-name domain-controller You can do this only if the child domain has a redundant DC, or if it has no children. Otherwise you must first add a redundant DC or remove all of the child domain’s children.
Page 61: Adding A Tree Domain
Preparing for CIFS Authentication Adding an Active-Directory Forest (Kerberos) Adding a Tree Domain Some domains are outside the forest-domain namespace, but have two-way trust relationships with one or more of the forest’s domains. forest root MEDARCH.ORG FDTEST.NET tree domain NE.MEDARCH.ORG WESTCOAST.MEDARCH.ORG child domains MA.NE.MEDARCH.ORG...
Page 62: Removing A Tree Domain
Preparing for CIFS Authentication Adding an Active-Directory Forest (Kerberos) You can specify redundant DCs for a tree domain; enter the command tree-domain once for each DC, using the same domain-name and a new domain-controller IP. You can later add one or more child domains to this tree: use the child-domain command described above.
Page 63: Dissolving A Forest-To-Forest Trust
Preparing for CIFS Authentication Adding an Active-Directory Forest (Kerberos) From gbl mode, use the command to identify a trust active-directory forest-trust relationship between two AD forests: active-directory forest-trust forest-a forest-b where forest-a and forest-b (1-256 characters each) identify the AD forests with the trust relationship.
Page 64 Preparing for CIFS Authentication Adding an Active-Directory Forest (Kerberos) For example: bstnA6k(gbl)# show active-directory Active Directory Domains ------------------------ Forest Name: medarcv Domain Name Domain Type IP Address Service ----------------------------------- ------------- ------------- ---------- MEDARCH.ORG forest-root 192.168.25.102 KDC DNS MEDARCH.ORG forest-root 192.168.25.104 DNS BOSTONMED.ORG tree-domain 172.16.74.88...
Page 65: Showing One Active-Directory Forest
Preparing for CIFS Authentication Adding an Active-Directory Forest (Kerberos) Showing One Active-Directory Forest To focus on a single AD forest, use the keyword at the end of the forest show command. active-directory show active-directory forest forest-name where forest-name (1-256 characters) identifies the forest to show. For example: bstnA6k(gbl)# show active-directory forest medarcv Active Directory Domains...
Page 66: Showing Dc Status
Preparing for CIFS Authentication Adding an Active-Directory Forest (Kerberos) For example: bstnA6k(gbl)# show active-directory domain MA.NE.MEDARCH.ORG Active Directory Domains ------------------------ Forest Name: medarcv Domain Name Domain Type IP Address Service ----------------------------------- ------------- ------------- ---------- MEDARCH.ORG forest-root 192.168.25.104 DNS MA.NE.MEDARCH.ORG child-domain 192.168.25.103 KDC Forest Trust ------------...
Page 67 Preparing for CIFS Authentication Adding an Active-Directory Forest (Kerberos) For example: bstnA6k(gbl)# show active-directory status Processor 1.1: Transition Forest Domain Controller Domain Name Status Total Last (UTC) ------------- ------------------- ---------------------------------------- -------- ---- -------------------- vt.com 10.52.140.1 MCNIELS.VT.COM Active 08:24:38 11/06/2007 vt.com 10.52.150.1 NH.ORG Active...
Page 68 Preparing for CIFS Authentication Adding an Active-Directory Forest (Kerberos) Processor 5.1: Transition Forest Domain Controller Domain Name Status Total Last (UTC) ------------- ------------------- ---------------------------------------- -------- ---- -------------------- vt.com 10.52.140.1 MCNIELS.VT.COM Active 08:24:38 11/06/2007 vt.com 10.52.150.1 NH.ORG Active 08:24:26 11/06/2007 vt.com 10.52.130.1 VT.COM Active...
Page 69 Preparing for CIFS Authentication Adding an Active-Directory Forest (Kerberos) Transition Forest Domain Controller Domain Name Status Total Last (UTC) ------------- ------------------- ---------------------------------------- -------- ---- -------------------- vt.com 10.52.140.1 MCNIELS.VT.COM Active 08:24:38 11/06/2007 vt.com 10.52.150.1 NH.ORG Active 08:24:26 11/06/2007 vt.com 10.52.130.1 VT.COM Active 08:24:09 11/06/2007 ny.com...
Page 70: Focusing On A Single Processor
Preparing for CIFS Authentication Adding an Active-Directory Forest (Kerberos) Focusing On a Single Processor On an ARX®6000, you can use the optional clause to focus on a particular from processor: show active-directory status [forest forest-name | domain domain-name] from slot.processor where forest forest-name and domain domain-name are described above, from is a required keyword,...
Page 71: Removing An Active-Directory Forest
Preparing for CIFS Authentication Adding an Active-Directory Forest (Kerberos) medarcv 172.16.74.88 BOSTONMED.ORG Active 08:22:57 11/06/2007 medarcv 192.168.25.103 MA.NE.MEDARCH.ORG Active 08:22:39 11/06/2007 medarcv 192.168.202.9 WESTCOAST.MEDARCH.ORG Active 08:22:21 11/06/2007 medarcv 172.16.124.73 NE.MEDARCH.ORG Active 08:22:02 11/06/2007 medarcv 192.168.25.102 MEDARCH.ORG Active 08:21:43 11/06/2007 Forest Trust ------------ Forest-1 Forest-2...
Page 72: Authorizing Windows-Management (Mmc) Access
Preparing for CIFS Authentication Authorizing Windows-Management (MMC) Access Authorizing Windows-Management (MMC) Access You can define a group of Windows clients and their authority to use Windows-management applications, such as the MicroSoft Management Console (MMC). This group can use MMC and similar applications to view or edit CIFS shares, view and/or close open files, or view and/or close open client sessions.
Page 73: Removing A User
Preparing for CIFS Authentication Authorizing Windows-Management (MMC) Access bstnA6k(gbl)# windows-mgmt-auth readOnly bstnA6k(gbl-mgmt-auth[readOnly])# user mhoward_md windows-domain MEDARCH.ORG bstnA6k(gbl-mgmt-auth[readOnly])# user zmarx_md windows-domain MEDARCH.ORG bstnA6k(gbl-mgmt-auth[readOnly])# user lfine_md windows-domain MEDARCH.ORG bstnA6k(gbl-mgmt-auth[readOnly])# user choward_md windows-domain MEDARCH.ORG bstnA6k(gbl-mgmt-auth[readOnly])# user cjderita_md windows-domain MEDARCH.ORG bstnA6k(gbl-mgmt-auth[readOnly])# ... Removing a User Use the command to remove one user from the current no user...
Page 74: Removing A Permission
Preparing for CIFS Authentication Authorizing Windows-Management (MMC) Access All users in the management-authorization group have the permissions you set with this command. By default, all group members can browse all directories in the namespace, but cannot add or delete CIFS shares. Also, they cannot view or change CIFS-client sessions or open files.
Page 75: Showing All Management-Authorization Groups
Preparing for CIFS Authentication Authorizing Windows-Management (MMC) Access bstnA6k(gbl)# windows-mgmt-auth readOnly bstnA6k(gbl-mgmt-auth[readOnly])# no permit open-file bstnA6k(gbl-mgmt-auth[readOnly])# ... Showing All Management-Authorization Groups You can use the command to view all show windows-mgmt-auth management-authorization groups on the ARX: show windows-mgmt-auth For example: bstnA6k(gbl)# show windows-mgmt-auth Windows Authorization Policy: fullAccess User Name...
Page 76: Focusing On One Group
Preparing for CIFS Authentication Authorizing Windows-Management (MMC) Access ---------------------- ----------------------- Share Monitor Session Monitor bstnA6k(gbl)# ... Focusing on One Group To show a single management-authorization group, add the group name to the end of command: show windows-mgmt-auth show windows-mgmt-auth name where name (1-64 characters) identifies the group to show.
Page 77: Removing A Management-Authorization Group
Preparing for CIFS Authentication Authorizing Windows-Management (MMC) Access Removing a Management-Authorization Group You can only remove a management-authorization group if it is not referenced by any namespace. A later chapter describes how to configure a namespace and reference a management-authorization group. To remove a management-authorization group, use the no windows-mgmt-auth command in gbl mode:...
Page 78 Preparing for CIFS Authentication Authorizing Windows-Management (MMC) Access 3-34 CLI Storage-Management Guide...
Page 79: Preparing For Nfs Authentication
Chapter 4 Preparing for NFS Authentication You can create NFS access lists that filter clients based on their IP addresses. You can enter IP addresses directly and/or refer to pre-defined netgroups at a Network Information Service (NIS) server. A NIS netgroup defines a group of host machines, and may also contain other NIS netgroups.
Page 80: Identifying A Nis Server For The Nis Domain
Preparing for NFS Authentication Adding a NIS Domain The switch supports up to eight NIS domains. From gbl mode, use the nis domain command to add a new one: nis domain domain where domain (1-256 characters) is the name of the domain (for example, “acopia”...
Page 81: Removing A Nis Server
Preparing for NFS Authentication Adding a NIS Domain Removing a NIS Server Use the command to remove one of the NIS servers from the list: no ip address no ip address ip-address where ip-address is in dotted-decimal format (for example, 192.168.25.122). If you remove the only NIS server for the current NIS domain, support for the domain is limited.
Page 82: Showing Details For A Nis Domain
Preparing for NFS Authentication Adding a NIS Domain Showing Details for a NIS Domain Add the name of an NIS domain to show details: show nis domain name where name (1-256 characters) identifies the NIS domain. For example: bstnA6k(gbl)# show nis domain wwmed.com NIS Domain: wwmed.com Server(s):...
Page 83: Showing The Members Of One Netgroup
Preparing for NFS Authentication Adding a NIS Domain auto_1 medtechs surgeons Total Netgroups: 2396 bstnA6k(gbl)# ... Showing the Members of One Netgroup For a list of members in a NIS netgroup, add the name of the netgroup to the end of command: show nis netgroup show nis netgroup domain netgroup...
Page 84: Updating The Nis Database
Preparing for NFS Authentication Adding a NIS Domain Updating the NIS Database The ARX keeps an internal copy of all the NIS netgroups and their fully-resolved hosts. The database is built when you add the NIS domain to the switch; it is used for switch operation as well as the show commands above.
Page 85 Preparing for NFS Authentication Adding a NIS Domain , or to read the file. To save the report off to an show reports report-name tail grep external FTP site, use the command from priv-exec mode. To upload the copy ... ftp report to an SCP host, use .
Page 86: Scheduling Regular Updates
Preparing for NFS Authentication Adding a NIS Domain london in group: sixthousands montreal in group: sixthousands lasvegas in group: sixthousands Netgroups Processed: 2,396 Hosts Processed: 48,043 Hostnames Not Found: Netgroup Parsing Errors: Netgroups Not Found: Watched Netgroup Changes **** Elapsed time: 00:00:17 **** NIS Update Report: DONE at Wed Dec 7 09:45:20 2005 ****...
Page 87: Removing The Nis Domain-Server Map
Preparing for NFS Authentication Adding an NFS Access List Removing the NIS Domain-Server Map From gbl mode, use to remove a NIS domain-server map: no nis domain no nis domain domain where domain (1-256 characters) is the name of the domain to remove. You cannot remove a domain that is referenced by an NFS access list.
Page 88: Listing All Nfs Access Lists
Preparing for NFS Authentication Adding an NFS Access List The ARX supports up to 512 NFS access lists. From gbl mode, use the nfs-access-list command to create a new one: nfs-access-list list-name where list-name (1-64 characters) is a name you choose for the access list. The CLI prompts for confirmation before creating the new NFS access list.
Page 89: Showing One Nfs Access List
Preparing for NFS Authentication Adding an NFS Access List Showing One NFS Access List As you configure your NFS access lists, it will be convenient to see the current list settings. Use the command with the specific access-list name to show nfs-access-list see the full configuration for one access list: show nfs-access-list list-name...
Page 90: Resolving All Netgroups In The Access List
Preparing for NFS Authentication Adding an NFS Access List Resolving All Netgroups in the Access List If the access list contains any netgroups, you can resolve those netgroups to see all of the hosts within them. To accomplish this, add the keyword to the resolve-netgroups end of the command:...
Page 91: Setting The Nis Domain
Preparing for NFS Authentication Adding an NFS Access List Each access list can support a maximum of 2048 permit and deny rules, including the individual permit rules for every host in every netgroup. If you exceed the limit (perhaps because of an overly-large netgroup), this output shows the first 2048 entries followed by an error.
Page 92: Adding A Permit Rule
Preparing for NFS Authentication Adding an NFS Access List bstnA6k(gbl)# nfs-access-list westcoast bstnA6k(gbl-nfs-acl[eastcoast])# no nis domain snemed.com bstnA6k(gbl-nfs-acl[eastcoast])# ... Adding a Permit Rule By default, a new NFS access list denies access to all subnets. You can selectively allow access by configuring a permit rule for each trusted subnet. From gbl-nfs-acl mode, use the command to add a permit rule for one subnet: permit...
Page 93: Permitting A Netgroup
Preparing for NFS Authentication Adding an NFS Access List Permitting a Netgroup If you have configured a NIS domain for this access list (see above), you can refer to a netgroup configured in that domain. This leverages any netgroups that were configured before the introduction of the ARX.
Page 94: Rule Ordering
Preparing for NFS Authentication Adding an NFS Access List Rule Ordering The order of rules is very important in an access list. Whenever a client tries to access an NFS service with an access list, the client’s IP address is compared to the rules in the order they were entered.
Page 95: Removing A Permit Rule
Preparing for NFS Authentication Adding an NFS Access List For example, the following command sequence allows root access from clients at 172.16.204.0. To control the security problem, access is read-only for this rule: bstnA6k(gbl)# nfs-access-list eastcoast bstnA6k(gbl-nfs-acl[eastcoast])# permit 172.16.204.0 255.255.255.0 read-only root allow bstnA6k(gbl-nfs-acl[eastcoast])# ...
Page 96: Changing The Anonymous User Id
Preparing for NFS Authentication Adding an NFS Access List Changing the Anonymous User ID When permit rules have root-squash enabled, they translate the User ID (UID) of a root user to an anonymous UID. By default, the access list uses 65534 for this UID. To change the UID for anonymous, use the command: anonymous-uid...
Page 97: Reverting To The Default User Id
Preparing for NFS Authentication Adding an NFS Access List bstnA6k(gbl-nfs-acl[westcoast])# ... Reverting to the Default User ID As with the GID, an access list uses the default UID of 65534 when it performs root squashing. From gbl-nfs-acl mode, use the command to revert to no anonymous-uid this default:...
Page 98: Removing A Deny Rule
Preparing for NFS Authentication Adding an NFS Access List You cannot deny a NIS netgroup. We recommend a subnet- rule after any deny permit rule, to ensure that all other hosts in the netgroup’s subnet are explicitly netgroup denied. Removing a Deny Rule From gbl-nfs-acl mode, use to remove a deny rule from the current access no deny...
Page 99 Preparing for NFS Authentication Adding an NFS Access List These permit and deny rules have a subtle configuration error. The intention was to allow all clients from 192.168.0.0 except clients from 192.168.77.0 or 192.168.202.0. For example, a client at IP 192.168.77.29 is supposed to be blocked by the first deny rule, “deny 192.168.77.0 ...”...
Page 100: Adding A Description
Preparing for NFS Authentication Adding an NFS Access List deny 192.168.202.0 255.255.255.0 Add back the permit rule and show that it is now at the end of the list: bstnA6k(gbl-nfs-acl[eastcoast])# permit 192.168.0.0 255.255.0.0 bstnA6k(gbl-nfs-acl[eastcoast])# show nfs-access-list eastcoast deny 192.168.77.0 255.255.255.0 deny 192.168.202.0 255.255.255.0 permit 192.168.0.0 255.255.0.0 read-write root squash...
Page 101: Removing An Access List
Preparing for NFS Authentication Adding an NFS Access List Removing an Access List From gbl mode, use the command to remove an NFS access list: no nfs-access-list no nfs-access-list list-name where list-name (1-64 characters) identifies the access list to remove. You must remove all references to the access list before you can use this command to remove the list itself.
Page 102 Preparing for NFS Authentication Adding an NFS Access List 4-24 CLI Storage-Management Guide...
Page 103: Examining Filers
Chapter 5 Examining Filers Use the commands to examine filers in the server show exports probe exports network. These commands make queries from proxy-IP addresses to test filer connectivity, find the services supported by the filer, discover filer shares, and discover permissions settings at the shares.
Page 104 Examining Filers • - shows the transport protocols (TCP or UDP) and port numbers for Capabilities NFS and CIFS. For NFS, this shows the same information for portmapper and the mount daemon: an NFS filer must support all three services. For CIFS servers, this also shows the server-level security settings.
Page 105 Examining Filers Capabilities: Port Mapper TCP/111, UDP/111 Mount Daemon V1 TCP/1016, V1 UDP/1013, V2 TCP/1016, V2 UDP/1013, V3 TCP/1016, V3 UDP/1013 Server V2 TCP/2049, V2 UDP/2049, V3 TCP/2049, V3 UDP/2049 CIFS Security Mode User level, Challenge/response, Signatures disabled Server TCP/445 Max Request 16644 bytes Shares:...
Page 106: Examining Cifs Shares
Examining Filers Examining CIFS Shares Examining CIFS Shares You can only examine CIFS shares if you have sufficient permissions at the filer. Use options to provide Windows credentials to the filer: user windows-domain show exports host filer user username windows-domain domain where username (1-64 characters) is the username, domain (1-64 characters) is the user’s Windows domain, and...
Page 107 Examining Filers Examining CIFS Shares 192.168.25.55 64: Success 2000: Success 8820: Success 192.168.25.56 64: Success 2000: Success 8820: Success CIFS Credentials: MEDARCH\jqpublic Capabilities: CIFS Security Mode User level, Challenge/response, Signatures disabled Server TCP/139 Max Request 16644 bytes Shares: CIFS Storage Space Share Total (MB) Free (MB)
Page 108: Using Proxy-User Credentials
Examining Filers Examining CIFS Shares Using Proxy-User Credentials If there is a proxy user that is already configured for the filer’s domain, you can use the proxy user configuration instead of a username, domain, and password. Use show for a full list of all proxy users (recall “Listing All Proxy Users”...
Page 109 Examining Filers Examining CIFS Shares 192.168.25.55 64: Success 2000: Success 8820: Success 192.168.25.56 64: Success 2000: Success 8820: Success CIFS Credentials: MEDARCH\jqpublic Capabilities: CIFS Security Mode User level, Challenge/response, Signatures disabled Server TCP/445 Max Request 16644 bytes Shares: CIFS Storage Space Share Total (MB) Free (MB)
Page 110: Showing The Physical Paths For Cifs Shares
Examining Filers Examining CIFS Shares Showing the Physical Paths for CIFS Shares For the physical disk and path behind each CIFS share, use the optional paths keyword after the filer hostname/IP: show exports host filer paths [user username windows-domain domain | proxy-user proxy] where the options are explained above.
Page 111: Focusing On One Share
Examining Filers Focusing on One Share Focusing on One Share To focus on one share, use the argument in the command: share show exports show exports host filer share share-name [user username windows-domain domain | proxy-user proxy] where share-name (1-1024 characters) identifies the share, and the other options are explained above.
Page 112: Showing Connectivity Only
Examining Filers Showing Connectivity Only Storage Space Share Total (MB) Free (MB) Serial Num ------------------------------- ---------- ---------- ---------- histories 17351 16144 c883-8cc0 Time: CIFS Filer's time is the same as the switch's time. bstnA6k> ... Showing Connectivity Only Use the keyword to show the Connectivity table alone: connectivity show exports host filer [share share-path] connectivity...
Page 113: Showing Capabilities Only
Examining Filers Showing Connectivity Only 192.168.25.33 64: Success 2000: Success 8820: Success 192.168.25.34 64: Success 2000: Success 8820: Success 192.168.25.55 64: Success 2000: Success 8820: Success 192.168.25.56 64: Success 2000: Success 8820: Success bstnA6k> ... Showing Capabilities Only keyword shows only the Capabilities table: capabilities show exports host filer [share share-path] capabilities where the options are explained earlier in the chapter.
Page 114: Showing Shares Only
Examining Filers Showing Connectivity Only Showing Shares Only To list only the filer’s shares, use the keyword: shares show exports host filer shares [user username windows-domain domain | proxy-user proxy] where the options are explained earlier. The output shows two tables, one for NFS shares and one for CIFS shares. Only the CIFS table appears if you enter Windows credentials.
Page 115: Showing Time Settings
Examining Filers Showing CIFS Attributes Storage Space bstnA6k> ... Showing Time Settings Namespace policy (described in later chapters) requires that the ARX has its clock synchronized with those of its back-end filers. Kerberos authentication also requires synchronized time. You should configure the ARX to use the same NTP servers that the filers use;...
Page 116: Probing For Cifs Security
Examining Filers Probing for CIFS Security Each Windows volume has up to five CIFS attributes that are relevant to namespace imports. These attributes represent support for Compressed Files, Named Streams, Persistent ACLs, Sparse Files, and/or Unicode filenames on disk. This command shows a table of supported CIFS attributes at each of the filer’s shares.
Page 117 Examining Filers Probing for CIFS Security This filer examination is more intrusive than the others, so it is not invoked as part of show exports From priv-exec mode, use the command to test some Windows probe exports credentials at a given back-end filer: probe exports host filer [share share-path] {user username windows-domain domain | proxy-user proxy-user} where the options match those of the...
Page 118 Examining Filers Probing for CIFS Security 5-16 CLI Storage-Management Guide...
Page 119: Adding An External Filer
Chapter 6 Adding an External Filer A Network-Attached Storage (NAS) filer or a file server with Direct-Attached Storage (DAS) is configured as an external filer on the ARX. An external filer defines how to access the storage in an external NAS/DAS-based device. From gbl mode, use command to create an empty external-filer instance: external-filer external-filer name...
Page 120: Providing The Filer's Ip Address
Adding an External Filer Providing the Filer’s IP Address Providing the Filer’s IP Address The next step in external-filer configuration is to give the IP address of the filer. The address must be on the proxy-IP subnet (“Adding a Range of Proxy-IP Addresses” on page 4-6 of the CLI Network-Management...
Page 121: Removing A Secondary Address
Adding an External Filer Ignoring a Directory bstnA6k(gbl-ext-filer[nas1])# ip address 192.168.25.61 secondary bstnA6k(gbl-ext-filer[nas1])# ip address 192.168.25.62 secondary bstnA6k(gbl-ext-filer[nas1])# ... Removing a Secondary Address Use the no form of the command to remove a secondary IP address from the list: no ip address ip-address secondary where ip-address is the secondary address to remove.
Page 122: Re-Instating A Directory
Adding an External Filer Ignoring a Directory • Network Appliance: .snapshot, ~snapshot • BlueArc: .snapshot, ~snapshot Ignore only special, virtual directories designed for filer backups, or directories that only appear in the share’s root. If you ignore a standard directory below the root, a client cannot delete the directory’s parent.
Page 123: Adding A Description (Optional)
Adding an External Filer Adding a Description (optional) Adding a Description (optional) You can add a description to the filer for use in show commands. The description can differentiate the external filer from others. From gbl-ext-filer mode, use the command to add a description: description description text where text is 1-255 characters.
Page 124: Setting The Cifs Port (Optional)
Adding an External Filer Setting the CIFS Port (optional) Setting the CIFS Port (optional) By default, the ARX sends its CIFS messages to port 445 or 139 at the external filer. Port 445 supports raw CIFS communication over TCP, port 139 supports CIFS through NetBIOS;...
Page 125: Showing External-Filer Details
Adding an External Filer Listing External Filers For example, the following command lists all of the external filers known to the ARX: bstnA6k(gbl)# show external-filer Name IP Address Description ------------------------ ------------- ---------------------------- das1 192.168.25.19 financial data (LINUX filer, rack 14) 192.168.25.27 bulk storage server (DAS, Table 3) 192.168.25.20...
Page 126: Showing Details For All External Filers
Adding an External Filer Samples - Adding Two Filers Filer IP 192.168.25.19 CIFS Port default (auto-detect) NFS TCP Connections 1 (default) Managed Exports -------------------------------------------------------------------------------- NFS Export: /exports/budget Namespace: wwmed Volume: /acct Directories to ignore for importing ------------------------------------ .snapshot bstnA6k(gbl)# ... Showing Details for all External Filers to see details about every configured external filer: show external-filer all...
Page 127: Removing An External Filer
Adding an External Filer Removing an External Filer bstnA6k(gbl-ext-filer[das1])# exit bstnA6k(gbl)# This command sequence creates a new filer, “fs1,” with two CIFS shares: bstnA6k(gbl)# external-filer fs1 This will create a new filer. Create filer 'fs1'? [yes/no] yes bstnA6k(gbl-ext-filer[fs1])# ip address 192.168.25.20 bstnA6k(gbl-ext-filer[fs1])# exit bstnA6k(gbl)# Removing an External Filer...
Page 128 Adding an External Filer Next 6-10 CLI Storage-Management Guide...
Page 129: Configuring A Namespace
Chapter 7 Configuring a Namespace The ARX aggregates storage from external servers into one or more namespaces. A namespace is a collection of virtual file systems, called volumes. Each volume consists of storage space from any number of Network-Attached Storage (NAS) or filer servers with Direct-Attached Storage (DAS).
Page 130: Concepts And Terminology
Configuring a Namespace Concepts and Terminology The purpose of the namespace is to contain one or more volumes with a common set of access protocols (CIFS/NFS), authentication mechanisms, and character encoding. This chapter explains how to create a namespace. The next chapters explain how to aggregate your storage into various types of namespace volumes.
Page 131: Listing All Namespaces
Configuring a Namespace Listing All Namespaces The shadow volume is a frequently-updated duplicate of a managed volume, possibly hosted at a different ARX in the same Resilient-Overlay Network (RON, described in CLI Network-Management Guide). Listing All Namespaces To verify a new namespace was created, use the command to get a show namespace list of all namespaces:...
Page 132 Configuring a Namespace Listing All Namespaces For example, the following command shows the configuration of the namespace named “wwmed.” bstnA6k# show namespace wwmed Namespace “wwmed” Configuration Description namespace for World-Wide Medical network Metadata Cache Size: 512 MB Domain Information ------------------ Supported Protocols ------------------- nfsv3...
Page 133 Configuring a Namespace Listing All Namespaces Metadata shares: Filer Backend Path Contains Metadata Status ------------------------------------------------------------------- nas1 /vol/vol1/meta1 Online Share bills Filer das8 [192.168.25.25] NFS Export /work1/accting Features unix-perm Status Online Critical Share Free space on storage 17GB (18,803,621,888 B) Free files on storage Transitions Last Transition Wed Apr...
Page 134 Configuring a Namespace Listing All Namespaces Transitions Last Transition Wed Apr 4 03:41:04 2007 Share it5 Filer das7 [192.168.25.24] NFS Export /lhome/it5 Features unix-perm Status Online Free space on storage 22GB (24,237,064,192 B) Free files on storage Transitions Last Transition Wed Apr 4 03:41:06 2007 Share Farms...
Page 135: Showing Details For All Namespaces
Configuring a Namespace Listing All Namespaces New File Placement Status Enabled bstnA6k# ... Showing Details for All Namespaces to see details about all configured namespaces: show namespace all show namespace all Showing Filer Shares Behind the Namespace You can use to list the filer shares that are behind all show namespace mapping configured namespaces:...
Page 136 Configuring a Namespace Listing All Namespaces \\fs1\prescriptions \\fs2\bulkstorage nas1:/vol/vol1/meta3* medarcv:/test_results chemLab \\fs1\chem_results/. hematologyLab \\fs3\hematology_results/. Namespace Physical Server -------------------- --------------------- medco:/vol vol0/corp nas1:/vol/vol0/direct/shr vol0/notes nas1:/vol/vol0/direct/notes vol1/mtgMinutes nas2:/vol/vol1/direct/mtgs vol1/sales nas2:/vol/vol1/direct/export vol2 nas3:/vol/vol2/direct/data Namespace Physical Server -------------------- --------------------- wwmed:/acct das1:/exports/budget das3:/data/acct2 das7:/lhome/it5 das8:/work1/accting nas1:/vol/vol1/meta1* Where * denotes metadata only physical server.
Page 137: Showing Shares Behind One Namespace
Configuring a Namespace Setting the Namespace Protocol(s) Showing Shares Behind One Namespace Add a namespace name to show only the shares behind that particular namespace: show namespace mapping name where name (1-30 characters) is the name of the namespace. For example, this shows the filer shares behind the “wwmed” namespace: bstnA6k# show namespace mapping wwmed Namespace Physical Server...
Page 138: Removing A Protocol
Configuring a Namespace Setting the Namespace Protocol(s) For example, this command set allows two forms of NFS access to the “wwmed” namespace: bstnA6k(gbl)# namespace wwmed bstnA6k(gbl-ns[wwmed])# protocol nfs2 bstnA6k(gbl-ns[wwmed])# protocol nfs3 bstnA6k(gbl-ns[wwmed])# ... Removing a Protocol Use the no form of the command to remove a protocol from the namespace.
Page 139: Changing Protocols After Import
Configuring a Namespace Setting NFS Character Encoding Changing Protocols After Import We strongly recommend that you choose your protocol set carefully, before configuring any volumes in the namespace. After a managed volume and at least one of its shares is enabled (as described later in the managed-volume chapter), the managed volume imports files and directories from its enabled shares.
Page 140 Configuring a Namespace Setting NFS Character Encoding Improper encoding can also present problems during managed-volume import. A file with a non-mappable CIFS character is imported using its NFS-side name; this may not have any resemblance to the intended CIFS-side name. A directory with an non-mappable character can be renamed during import to preserve its resemblance with the original CIFS-side name.
Page 141: Setting Cifs Character Encoding
Configuring a Namespace Setting NFS Character Encoding Setting CIFS Character Encoding When a volume from a CIFS namespace is exported through a virtual server (described in a later chapter), the virtual server may register its NetBIOS name with a WINS server. Use the command to set the character encoding character-encoding cifs expected by the local WINS server:...
Page 142: Configuring Windows Authentication (Cifs)
Configuring a Namespace Configuring Windows Authentication (CIFS) You cannot change the character encoding after any of the namespace’s managed volumes are enabled, as described in a later chapter. Configuring Windows Authentication (CIFS) This section applies only to a namespace that supports CIFS. Skip to the next section if this is an NFS-only namespace.
Page 143: Using Kerberos For Client Authentication
Configuring a Namespace Configuring Windows Authentication (CIFS) acoProxy3 FDTESTNET jqtester acoProxy2 MEDARCH jqpublic bstnA6k(gbl-ns[medarcv])# proxy-user acoProxy2 bstnA6k(gbl-ns[medarcv])# ... Using Kerberos for Client Authentication You can configure the namespace to authenticate its clients with Kerberos instead of (or in addition to) NTLM. If you plan to use NTLM only, skip ahead to the next section.
Page 144: Identifying The Ntlm Authentication Server
Configuring a Namespace Configuring Windows Authentication (CIFS) Identifying the NTLM Authentication Server NTLM authentication also requires a mechanism for authenticating Windows clients at the namespace’s back-end filers. Kerberos-only sites do not require any NTLM configuration, though you can configure a namespace that supports both authentication protocols.
Page 145: Multi-Domain Support
Configuring a Namespace Configuring Windows Authentication (CIFS) Name Domain Name Server Port ------------------------------------------------------------------------------- MEDARCH 192.168.25.102 25805 Mapped to the Following Namespaces ------------------------------------------------------------------------------- insur bstnA6k(gbl-ns[medarcv])# ntlm-auth-server dc1 bstnA6k(gbl-ns[medarcv])# ... Multi-Domain Support You can use the command multiple times to support multiple ntlm-auth-server Windows Domains.
Page 146: Removing An Ntlm-Authentication Server
Configuring a Namespace Configuring Windows Authentication (CIFS) Removing an NTLM-Authentication Server From gbl-ns mode, use to remove a server from the namespace: no ntlm-auth-server no ntlm-auth-server name where name identifies the NTLM authentication server to remove from the namespace. If you remove an NTLM-authentication server from the namespace, the server’s clients will no longer be able to authenticate through NTLM.
Page 147: Removing A Management-Authorization Group
Configuring a Namespace Configuring Windows Authentication (CIFS) Enter this command once for each authorized group. For example, this command set applies three management-authorization groups to the “medarcv” namespace: bstnA6k(gbl)# namespace medarcv bstnA6k(gbl-ns[medarcv])# show windows-mgmt-auth bstnA6k(gbl-ns[medarcv])# windows-mgmt-auth testGroup bstnA6k(gbl-ns[medarcv])# windows-mgmt-auth fullAccess bstnA6k(gbl-ns[medarcv])# windows-mgmt-auth readOnly bstnA6k(gbl-ns[medarcv])# ...
Page 148: Selecting A Sam-Reference Filer
Configuring a Namespace Configuring Windows Authentication (CIFS) Selecting a SAM-Reference Filer CIFS clients, given sufficient permissions, can change the users and/or groups who have access to a given file. For example, the owner of the “penicillin.xls” file can possibly add “nurses” or “doctors” to the list of groups with write permission. The list of groups in the network is traditionally provided by the Security Account Management (SAM) database on the file’s server.
Page 149: Adding A Volume
Configuring a Namespace Adding a Volume 192.168.25.28 Hematology lab server (DAS, Table 8) 192.168.25.29 prescription records (DAS, Table 3) das2 192.168.25.22 DAS (Solaris) filer 2 (rack 16) das3 192.168.25.23 DAS (Solaris) filer 3 (rack 16) nas1 192.168.25.21 NAS filer 1 (rack 31) 192.168.25.61 (secondary) 192.168.25.62...
Page 150: Enabling The Namespace (Optional)
Configuring a Namespace Enabling the Namespace (optional) For a new volume, the CLI prompts for confirmation before adding it to the namespace. Enter yes to proceed. This puts you into gbl-ns-vol mode, where you must declare at least one share. For example, this command set creates a single volume (“/acct”) for the “wwmed”...
Page 151: Enabling All Shares In The Namespace
Configuring a Namespace Enabling the Namespace (optional) Enabling All Shares in the Namespace From gbl-ns mode, you can enable all of the namespace’s shares with a single command. Use the command to accomplish this: enable shares enable shares For example, the following command sequence enables all shares in the “wwmed” namespace: bstnA6k(gbl)# namespace wwmed bstnA6k(gbl-ns[wwmed])# enable shares...
Page 152: Disabling All Shares
Configuring a Namespace Enabling the Namespace (optional) The CLI prompts for confirmation before taking ownership of any shares. Enter yes to proceed. For example, the following command sequence enables all shares in the “insur_bkup” namespace and, if necessary, takes ownership of all of them: prtlndA1k(gbl)# namespace insur_bkup prtlndA1k(gbl-ns[insur_bkup])# enable shares take-ownership This command allows the switch to virtualize shares that are used by other Acopia switches.
Page 153: Showing Namespace Configuration
Configuring a Namespace Showing Namespace Configuration Showing Namespace Configuration To review the configuration settings for a namespace, use the show global-config command: namespace show global-config namespace [name] where name (optional, 1-30 characters) identifies the namespace. If you omit this, the output includes all namespaces The output shows all of the configuration options required to recreate the namespace.
Page 154 Configuring a Namespace Showing Namespace Configuration enable exit share budget filer das1 nfs /exports/budget enable exit share it5 filer das7 nfs /lhome/it5 enable exit share-farm fm1 share budget share bills share bills2 maintain-free-space 2G auto-migrate 2G balance Capacity enable exit place-rule docs2das8 report docsPlc verbose from fileset bulky...
Page 155: Removing A Namespace
Configuring a Namespace Removing a Namespace exit bstnA6k# ... Removing a Namespace From priv-exec mode, you can use the command to remove a remove namespace namespace and all of its volumes: remove namespace name [timeout seconds] [sync] where: name (1-30 characters) is the namespace to remove, seconds (optional, 300-10,000) sets a time limit on each of the removal’s component operations, and sync (optional) waits for the removal to finish before returning.
Page 156 Configuring a Namespace Removing a Namespace % INFO: Removing service configuration for namespace insur_bkup % INFO: Removing CIFS browsing for namespace insur_bkup % INFO: Removing volume policies for namespace insur_bkup % INFO: destroy policy insur_bkup /insurShdw % INFO: Removing shares for namespace insur_bkup % INFO: no share backInsur % INFO: Removing volume metadata shares for namespace insur_bkup % INFO: no metadata share nas-p1 path /vol/vol1/mdata_B...
Page 157: Adding A Direct Volume
Chapter 8 Adding a Direct Volume Each share in a direct volume attaches one or more of its own virtual directories to real directories at back-end shares. These attach points are analogous to mount points in NFS and network-drive connections in CIFS. The back-end directory trees are all reachable from the same volume root.The volume does not record the contents of the back-end shares, so it does not keep metadata or support storage policies.
Page 158: Declaring The Volume "Direct
Adding a Direct Volume Declaring the Volume “Direct” A direct volume is easier to set up than a managed volume, so this chapter is offered before the managed-volume chapter. As explained earlier (in “Adding a Volume” on page 7-21), you use the gbl-ns volume command to create a volume.
Page 159: Reverting To A Managed Volume
Adding a Direct Volume Manually Setting the Volume’s Free Space (optional) Reverting to a Managed Volume If a direct volume has no attach points configured, you can use to revert the no direct volume back to a managed volume: no direct For example, this command sequence ensures that “wwmed~/acct”...
Page 160: Using Automatic Free-Space Calculation
Adding a Direct Volume Setting CIFS Options You can set this any time, even after the volume is enabled. For example, this command sequence makes the ‘access~/G’ volume count the free space in all back-end shares, even multiple shares that draw from the same back-end storage: prtlndA1k(gbl)# namespace access prtlndA1k(gbl-ns[access])# volume /G...
Page 161 Adding a Direct Volume Setting CIFS Options By default, new volumes conform to the CIFS options at the first-enabled share. If you try to enable another volume share that does not support one or more of those options, the you get an error and the share remains disabled. You can then disable the unsupported options (the error message tells you which ones) and retry the enable.
Page 162: Disabling Cifs Oplocks (Optional)
Adding a Direct Volume Setting CIFS Options Disabling CIFS Oplocks (optional) The CIFS protocol supports opportunistic locks (oplocks) for its files. A client application has the option to take an oplock as it opens a file. While it holds the oplock, it can write to the file (or a cached copy of the file) knowing that no other CIFS client can write to the same file.
Page 163: Reinstating Oplock Support
Adding a Direct Volume Adding a Share bstnA6k(gbl)# namespace medarcv bstnA6k(gbl-ns[medarcv])# volume /test_results bstnA6k(gbl-ns-vol[medarcv~/test_results])# cifs oplocks-disable auto bstnA6k(gbl-ns-vol[medarcv~/test_results])# ... Reinstating Oplock Support to support CIFS oplocks in the current volume: no cifs oplocks-disable no cifs oplocks-disable For example, the following command sequence enables oplocks in the “medco~/vol” volume: bstnA6k(gbl)# namespace medco bstnA6k(gbl-ns[medco])# volume /vol...
Page 164: Listing Filer Shares
Adding a Direct Volume Adding a Share bstnA6k(gbl)# namespace medco bstnA6k(gbl-ns[medco])# volume /vol bstnA6k(gbl-ns-vol[medco~/vol])# share corporate This will create a new share. Create share 'corporate'? [yes/no] yes bstnA6k(gbl-ns-vol-shr[medco~/vol~corporate])# ... Listing Filer Shares It is convenient to show the available back-end-filer shares as you add them into a direct volume.
Page 165: Showing Supported Protocols At The Filer
Adding a Direct Volume Adding a Share • The CIFS table shows two disk-space measures and the serial number for the storage volume behind the share. If two shares have the same serial number, they are assumed to be shares for the same storage volume on the filer. For example, the following command shows all of the NFS shares on the “nas1”...
Page 166: Identifying The Filer And Share
Adding a Direct Volume Adding a Share Server V2 TCP/2049, V2 UDP/2049, V3 TCP/2049, V3 UDP/2049 CIFS Security Mode User level, Challenge/response, Signatures disabled Server TCP/445 Max Request 16644 bytes bstnA6k(gbl)# ... Identifying the Filer and Share The next step in configuring a direct share is identifying its source share on an external filer.
Page 167: Identifying A Multi-Protocol Share
Adding a Direct Volume Adding a Share Shares: Path (Owner) Access (Status) ---------------------------------- --------------------------- /vol/vol0 (Mounted,rsize=32768,wsize=32768) bstnA6k(gbl-ns-vol-shr[medco~/vol~corporate])# filer nfs nas1 /vol/vol0 bstnA6k(gbl-ns-vol-shr[medco~/vol~corporate])# ... Identifying a Multi-Protocol Share In a multi-protocol (NFS and CIFS) namespace, you list both names for the share. You can do this in any order: filer name nfs nfs-name cifs cifs-name [access-list list-name] filer name cifs cifs-name nfs nfs-name [access-list list-name]...
Page 168: Using A Managed Volume As A Filer
Adding a Direct Volume Adding a Share Using a Managed Volume as a Filer You can assign a managed volume to the share as though it were an external filer. (The next chapter describes how to configure a managed volume.) If the direct volume’s namespace supports CIFS, you can only use a managed volume from the same namespace.
Page 169: Attaching A Virtual Directory To The Back-End Share
Adding a Direct Volume Adding a Share Attaching a Virtual Directory to the Back-End Share The next step is to create a virtual attach-point directory, visible to clients from the root of the volume, and attach it to a physical directory on the back-end filer. For example, you can create an attach point named /vol0 (in the /vol volume) and attach it to the filer’s /usr/local directory: the client-viewable /vol/vol0 is then the same as /usr/local on the filer.
Page 170: Removing An Attach Point
Adding a Direct Volume Adding a Share For example, this command sequence sets up the filer for the “corporate” share (as shown above), then attaches three directories to the filer: bstnA6k(gbl)# namespace medco bstnA6k(gbl-ns[medco])# volume /vol bstnA6k(gbl-ns-vol[medco~/vol])# share corporate bstnA6k(gbl-ns-vol-shr[medco~/vol~corporate])# filer nas1 nfs /vol/vol0/direct bstnA6k(gbl-ns-vol-shr[medco~/vol~corporate])# attach vol0/corp to shr bstnA6k(gbl-ns-vol-shr[medco~/vol~corporate])# attach vol0/notes to notes bstnA6k(gbl-ns-vol-shr[medco~/vol~corporate])# attach conCalls...
Page 171: Designating The Share As Critical (Optional)
Adding a Direct Volume Adding a Share Designating the Share as Critical (optional) If the current switch has a redundant peer, you have the option to designate the current share as critical. Skip to the next section if this switch is not configured for redundancy.
Page 172: Ignoring The Share's Free Space (Optional)
Adding a Direct Volume Adding a Share bstnA6k(gbl-ns-vol[medco~/vol])# share generic bstnA6k(gbl-ns-vol-shr[medco~/vol~generic])# no critical bstnA6k(gbl-ns-vol-shr[medco~/vol~generic])# ... Ignoring the Share’s Free Space (optional) This option is only relevant in a volume where you are manually calculating free space (recall “Manually Setting the Volume’s Free Space (optional)” on page 8-3).
Page 173: Adjusting The Free-Space Calculation
Adding a Direct Volume Adding a Share prtlndA1k(gbl)# namespace access prtlndA1k(gbl-ns[access])# volume /G prtlndA1k(gbl-ns-vol[access~/G])# share recsY2k prtlndA1k(gbl-ns-vol-shr[access~/G~recsY2k])# no freespace ignore prtlndA1k(gbl-ns-vol-shr[access~/G~recsY2k])# ... Adjusting the Free-Space Calculation You can also manually adjust the free-space that is advertised for the current share. From gbl-ns-vol-share mode, use the command: freespace adjust...
Page 174: Enabling The Share
Adding a Direct Volume Adding a Share For example, this command sequence removes any free-space adjustment from the “corporate” share: bstnA6k(gbl)# namespace medco bstnA6k(gbl-ns[medco])# volume /vol bstnA6k(gbl-ns-vol[medco~/vol])# share corporate bstnA6k(gbl-ns-vol-shr[medco~/vol~corporate])# no freespace adjust bstnA6k(gbl-ns-vol-shr[medco~/vol~corporate])# ... Enabling the Share The final step in configuring a share is to enable it. An enabled share is an active part of the direct volume;...
Page 175: Removing A Direct Share
Adding a Direct Volume Selecting a VPU (optional) bstnA6k(gbl-ns-vol[medco~/vol])# share sales bstnA6k(gbl-ns-vol-shr[medco~/vol~sales])# no enable bstnA6k(gbl-ns-vol-shr[medco~/vol~sales])# ... Removing a Direct Share Use the command to remove a share from a direct volume: no share no share For example, this command set removes the “test” share from the “/vol” volume in the “medco”...
Page 176: Default-Vpu Assignment
Adding a Direct Volume Selecting a VPU (optional) Each VPU supports up to 64 volumes from up to 2 namespaces. You can scale the number of namespaces and volumes on an ARX®6000 by adding more ASMs to the switch. Table 8-1. Numbers of Supported Volumes per Platform Platform # VPUs # Namespaces...
Page 177 Adding a Direct Volume Selecting a VPU (optional) The namespace software uses the following rules for assigning a volume to a VPU: First volume in the namespace Choose an empty VPU. Choose a VPU that is supporting only one namespace. Fail if all VPUs have two namespaces already.
Page 178: Assigning The Volume To A Vpu
Adding a Direct Volume Selecting a VPU (optional) Assigning the Volume to a VPU The default-VPU assignment algorithm can artificially limit the maximum number of namespaces on your ARX. Consider the above example with a single ASM. According to Table 8-1, the single ASM has two VPUs and can therefore support up to four namespaces.
Page 179: Splitting Namespace Processing Within A Vpu
Adding a Direct Volume Selecting a VPU (optional) Do this before the volume is enabled; once the volume is enabled (below), you cannot re-assign it to another VPU. For example, the following command sequence assigns the current volume, “medco~/vol,” to VPU 1: bstnA6k(gbl)# namespace medco bstnA6k(gbl-ns[medco])# volume /vol bstnA6k(gbl-ns-vol[medco~/vol])# vpu 1...
Page 180: Reverting To Default-Vpu Assignment
Adding a Direct Volume Selecting a VPU (optional) Reverting to Default-VPU Assignment Before you enable the direct volume, you can remove the manual-VPU assignment. This causes the namespace software to assign the volume according to the default rules (refer back to “Default-VPU Assignment”...
Page 181: Showing All Vpus On The Current Switch
Adding a Direct Volume Selecting a VPU (optional) These limits are evaluated on a credit system; to create a new direct volume or share, its VPU must have sufficient credits. Volume limits are enforced whenever a volume is enabled, and share limits are enforced when both the share and its volume are enabled.
Page 182: Showing One Vpu
Adding a Direct Volume Selecting a VPU (optional) --------- ------ ------ ----- medco /vol Enabled wwmed /acct Enabled 2 Namespaces 2 Volumes VPU 2 ----- Physical Processor: 3.2 State: Normal; maximum instances Share credits: 7 shares used (249 credits remain of total 256) Direct share credits: 5 direct shares used (4091 credits remain of total 4096) Volume credits: 6 volumes used (58 credits remain of total 64) File credits: 132M files reserved (252M credits remain of total 384M)
Page 183: Enabling The Volume
Adding a Direct Volume Enabling the Volume For example, the following command shows VPU 1, with CPU and memory details: bstnA6k(gbl-ns-vol[medarcv~/rcrds])# show vpu 1 detailed Switch: bstnA6k ---------------------------------------------------------------------- VPU 1 ----- Physical Processor: 3.1 (1% CPU, 8% MEM) State: Normal; maximum instances Share credits: 4 shares used (252 credits remain of total 256) Direct share credits: 3 direct shares used (4093 credits remain of total 4096) Volume credits: 2 volumes used (62 credits remain of total 64)
Page 184: Enabling All Shares In The Volume
Adding a Direct Volume Enabling the Volume For example, this command sequence enables the “/vol” volume in the “medco” namespace: bstnA6k(gbl)# namespace medco bstnA6k(gbl-ns[medco])# volume /vol bstnA6k(gbl-ns-vol[medco~/vol])# enable bstnA6k(gbl-ns-vol[medco~/vol])# ... Enabling All Shares in the Volume From gbl-ns-vol mode, you can enable all of the volume’s shares with a single command.
Page 185: Disabling The Volume
Adding a Direct Volume Showing the Volume prtlndA1k(gbl-ns-vol[access~/G])# no enable shares prtlndA1k(gbl-ns-vol[access~/G])# ... Disabling the Volume You can disable a volume to stop clients from accessing it. Use no enable gbl-ns-vol mode to disable the volume: no enable This affects client service. As mentioned above, a disabled volume does not respond to clients;...
Page 186 Adding a Direct Volume Showing the Volume For example, the following command shows the configuration of the ‘medco~/vol’ volume: bstnA6k# show namespace medco volume /vol Namespace “medco” Configuration Description Metadata Cache Size: 512 MB Domain Information ------------------ Supported Protocols ------------------- nfsv3-tcp Participating Switches ----------------------...
Page 187 Adding a Direct Volume Showing the Volume Filer nas1 [192.168.25.21] NFS Export /vol/vol0/direct Status Online Critical Share Free space on storage 45GB (49,157,705,728 B) Free files on storage Virtual inodes Transitions Last Transition Wed Apr 4 03:39:50 2007 Share generic Filer nas3 [192.168.25.47] NFS Export...
Page 188: Showing One Share
Adding a Direct Volume Showing the Volume Showing One Share To show the configuration and status of one share in a volume, add the clause share after the clause: volume show namespace name volume volume share share-name where: name (1-30 characters) is the name of the namespace, volume (1-1024 characters) is the path name of the volume, and share-name (1-64 characters) identifies the share.
Page 189 Adding a Direct Volume Showing the Volume Volumes ------- /vol Volume freespace: 463GB (automatic) Metadata size: 28k State: Enabled Host Switch: bstnA6k Instance: 1 VPU: 1 (domain 2) Files: 1 used, 31M free Share corporate Filer nas1 [192.168.25.21] NFS Export /vol/vol0/direct Status Online...
Page 190: Showing Filer Shares Behind One Volume
Adding a Direct Volume Showing the Volume Showing Filer Shares Behind One Volume You can use the command to show the filer shares behind show namespace mapping a particular namespace, as described in the namespace chapter. This shows all attach points in a direct volume and the physical directories behind them.
Page 191: Showing The Volume's Configuration
Adding a Direct Volume Showing the Volume Showing the Volume’s Configuration To review the configuration settings for a direct volume, identify the volume at the end of the the command: show global-config namespace show global-config namespace namespace volume where namespace (1-30 characters) identifies the namespace, and volume (1-1024 characters) is the volume.
Page 192: Sample - Configuring A Direct Volume
Adding a Direct Volume Sample - Configuring a Direct Volume share sales filer nas2 nfs /vol/vol1/direct attach vol1/sales to export attach vol1/mtgMinutes to mtgs enable exit vpu 1 domain 2 enable exit exit bstnA6k# ... Sample - Configuring a Direct Volume For example, this command set configures the ‘/vol’...
Page 193: Removing A Direct Volume
Adding a Direct Volume Removing a Direct Volume bstnA6k(gbl-ns-vol-shr[medco~/vol~generic])# filer nas3 nfs /vol/vol2/direct bstnA6k(gbl-ns-vol-shr[medco~/vol~generic])# attach vol2 to data bstnA6k(gbl-ns-vol-shr[medco~/vol~generic])# exit bstnA6k(gbl-ns-vol[medco~/vol])# vpu 1 domain 2 bstnA6k(gbl-ns-vol[medco~/vol])# enable bstnA6k(gbl-ns-vol[medco~/vol])# show namespace status medco Namespace: medco Description: Share Filer Status NFS Export ------------------------- ------------------------------------- ----------- Volume: /vol Enabled...
Page 194 Adding a Direct Volume Removing a Direct Volume From priv-exec mode, you can use the command to remove namespace ... volume remove a volume: remove namespace name volume volume [timeout seconds] [sync] where: name (1-30 characters) is the name of the namespace, volume (1-1024 characters) is the path name of the volume, seconds (optional, 300-10,000) sets a time limit on each of the removal’s component operations, and...
Page 195: Adding A Managed Volume
Chapter 9 Adding a Managed Volume A managed volume aggregates one or more exports/shares from actual filers. The files from each filer share are imported into the top directory of the volume. During the share import, the volume catalogues all file and directory locations in its metadata. For example, an “/acct”...
Page 196: Storing Volume Metadata On A Dedicated Share
Adding a Managed Volume Storing Volume Metadata on a Dedicated Share Metadata facilitates storage policies, but it requires some management. A direct volume, described in the previous chapter, has no metadata and is therefore easier to set up and tear down. As explained in the namespace chapter, you use the gbl-ns command to create volume...
Page 197: Using Multiple Metadata Shares
Adding a Managed Volume Storing Volume Metadata on a Dedicated Share From gbl-ns-vol mode, use the command to use a dedicated metadata metadata share share for the current volume: metadata share filer {nfs3 | nfs3tcp | cifs} path where filer (1-64 characters) is the name of the external filer, nfs3 | nfs3tcp | cifs chooses the protocol to access the share (this can be nfs3 or nfs3tcp for a CIFS-only volume), and path (1-1024 characters) is the specific export/share on the filer.
Page 198: Removing A Metadata Share
Adding a Managed Volume Storing Volume Metadata on a Dedicated Share Only one share is chosen during the import, and the volume uses that share to store metadata as long as it runs. After the metadata share is chosen, the volume ignores all of the remaining metadata shares.
Page 199: Designating The Metadata Share As Critical (Optional)
Adding a Managed Volume Storing Volume Metadata on a Dedicated Share Designating the Metadata Share as Critical (optional) If the current switch has a redundant peer, you have the option to designate the volume’s metadata share as critical. Skip to the next section if this switch is not configured for redundancy.
Page 200: Migrating Metadata To A New Share After Import
Adding a Managed Volume Dividing the Import into Multiple Scans bstnA6k(gbl)# namespace wwmed bstnA6k(gbl-ns[wwmed])# volume /acct bstnA6k(gbl-ns-vol[wwmed~/acct])# no metadata critical bstnA6k(gbl-ns-vol[wwmed~/acct])# ... Migrating Metadata to a New Share After Import After the managed volume is fully enabled, it chooses its metadata share and writes several database files onto it.
Page 201: Protecting Metadata During Import
Adding a Managed Volume Dividing the Import into Multiple Scans A multi-scan import is appropriate for an installation with a short cut-in window. From gbl-ns-vol mode, use the command to separate the file scan import multi-scan from the directory scan: import multi-scan This does not have any affect on an import that is currently underway;...
Page 202: Reverting To Unprotected Metadata And Faster Import
Adding a Managed Volume Dividing the Import into Multiple Scans bstnA6k(gbl)# namespace wwmed bstnA6k(gbl-ns[wwmed])# volume /acct bstnA6k(gbl-ns-vol[wwmed~/acct])# import protection bstnA6k(gbl-ns-vol[wwmed~/acct])# ... Reverting to Unprotected Metadata and Faster Import Protected metadata introduces a performance penalty during import. An unprotected import is often the best choice when it fits comfortably into the assigned cut-in window.
Page 203: Safe Modes For Share Imports Into Pre-Enabled Volumes
Adding a Managed Volume Allowing the Volume to Modify on Import bstnA6k(gbl-ns-vol[wwmed~/acct])# no import multi-scan bstnA6k(gbl-ns-vol[wwmed~/acct])# ... Safe Modes for Share Imports into Pre-Enabled Volumes After the managed volume is fully enabled, a newly added share always uses the multi-scan import with metadata protection. This is regardless of the volume-level settings for and/or , which only apply to a full...
Page 204: Conditions For Running The Modify Command
Adding a Managed Volume Allowing the Volume to Modify on Import Redundant directories are only a problem if their file attributes (such as their permissions settings) do not match, or if they have the same name as an already-imported file. Collided directories are renamed according to the same convention as files.
Page 205: Running A No-Modify Import
Adding a Managed Volume Allowing the Volume to Modify on Import • after an import with (assuming no file or directory collisions occurred no modify on import). You cannot use the command if the volume is in the process of importing, if modify any imported shares have collisions, or if the nsck utility is being used on the volume.
Page 206: Preventing Modification On Or After Re-Import
Adding a Managed Volume Allowing the Volume to Modify on Import Preventing Modification On or After Re-Import Use the command to keep the flag down after using nsck: no reimport-modify modify no reimport-modify This is the default. For example: bstnA6k(gbl)# namespace wwmed bstnA6k(gbl-ns[wwmed])# volume /acct bstnA6k(gbl-ns-vol[wwmed~/acct])# no reimport-modify bstnA6k(gbl-ns-vol[wwmed~/acct])# ...
Page 207: Automatically Synchronizing Metadata (Cifs)
Adding a Managed Volume Allowing the Volume to Modify on Import Automatically Synchronizing Metadata (CIFS) This section only applies to volumes in namespaces that support CIFS. Skip to the next section if the namespace is NFS-only. If a file changes on a filer without the managed volume’s knowledge, the volume’s metadata is compromised.
Page 208: Allowing Renames On Collision
Adding a Managed Volume Allowing the Volume to Modify on Import Allowing Renames on Collision An auto-sync job may discover a file that collides with another file in the volume (that is, in another share). By default, this prevents the operation from synchronizing that file;...
Page 209: Disallowing Renames
Adding a Managed Volume Allowing the Volume to Modify on Import Disallowing Renames If auto-sync jobs are not allowed to rename files that collide, those files cannot be synchronized. The metadata for those files remains stale, so clients cannot access them.
Page 210: Manually Setting The Volume's Free Space (Optional)
Adding a Managed Volume Manually Setting the Volume’s Free Space (optional) Manually Setting the Volume’s Free Space (optional) The next step in creating a volume is to choose an algorithm for calculating its free space. This is the free-space calculation that is passed onto the client: whenever a user mounts a volume (NFS) or maps a network drive to it (CIFS), this total is the free space that they see.
Page 211: Setting Cifs Options
Adding a Managed Volume Setting CIFS Options Setting CIFS Options The next step in configuring a volume is addressing its CIFS options, if necessary. Skip to the next section if this volume is in an NFS-only namespaces. There are five CIFS-volume attributes that back-end filers may or may not support. They are named streams, compressed files, persistent ACLs, Unicode file names on disk, and sparse files.
Page 212: Supporting Filers With Local Groups
Adding a Managed Volume Setting CIFS Options Supporting Filers with Local Groups A Windows filer can support Global Groups, which are managed by Domain Controllers, and/or Local Groups, which are unique to the filer. Local groups have their own Security IDs (SIDs), unknown to any other Windows machine. When you aggregate shares from these filers into a single volume, some files tagged for local-group X are likely to migrate to another filer, which does not recognize the SID for that group (SID X).
Page 213: Allowing The Volume To Automatically Disable Oplocks
Adding a Managed Volume Setting CIFS Options bstnA6k(gbl-ns-vol[insur~/claims])# cifs oplocks-disable bstnA6k(gbl-ns-vol[insur~/claims])# ... Allowing the Volume to Automatically Disable Oplocks You can configure the managed volume to automatically disable oplocks for a CIFS client that times out in response to an “oplock break” command. The “oplock break” command informs a client that it must finish its writes and release the oplock, so that another client can write to the file.
Page 214: Supporting Subshares And Their Acls
Adding a Managed Volume Setting CIFS Options Supporting Subshares and their ACLs Windows filers can share multiple directories in the same tree, and can apply a different share-level Access Control List (ACL) to each of them. Consider the following three shares on the fs4 filer: Filer fs4 d:\exports prescriptions...
Page 215 Adding a Managed Volume Setting CIFS Options To prepare the managed volume to pass connections through to the filer’s subshares, thereby using the subshares’ ACLs, use the gbl-ns-vol command: filer-subshares filer-subshares You cannot use this command while any of the volume’s shares are enabled. This command only prepares the volume for subshare support at the back-end.
Page 216: Required Windows Permissions
Adding a Managed Volume Setting CIFS Options Required Windows Permissions To read the share and ACL definitions at the back-end filers, the volume requires proxy-user credentials with admin-level access. This is a significant increase in access from the standard proxy-user requirements; you may need to increase the permissions for the proxy user on all filers, or use a more-powerful proxy user for this namespace.
Page 217: Replicating Subshares At All Of The Volume's Filers
Adding a Managed Volume Setting CIFS Options Replicating Subshares at all of the Volume’s Filers The managed volume must have consistent subshares and subshare ACLs under all of its back-end shares. Consistency is required so that clients have the same access point and permissions no matter which back-end share contains their files and directories.
Page 218 Adding a Managed Volume Setting CIFS Options You can issue this command in an enabled volume that already supports filer subshares. In this case, the volume replicates all subshares to any newly-added shares. For example, this command sequence replicates all subshares to new shares in the “/rcrds”...
Page 219: Disabling Filer Subshares
Adding a Managed Volume Adding a Share Disabling Filer Subshares From gbl-ns-vol mode, use the command to disable volume support no filer-subshares for CIFS subshares and their share-level ACLs: no filer-subshares You can only disable this feature when no CIFS services are sharing any of the volume’s subshares.
Page 220: Showing Available Filer Shares
Adding a Managed Volume Adding a Share For example, this command set adds a share called “bills” to the “/acct” volume in the “wwmed” namespace: bstnA6k(gbl)# namespace wwmed bstnA6k(gbl-ns[wwmed])# volume /acct bstnA6k(gbl-ns-vol[wwmed~/acct])# share bills This will create a new share. Create share 'bills'? [yes/no] yes bstnA6k(gbl-ns-vol-shr[wwmed~/acct~bills])# ...
Page 221: Identifying The Filer And Share
Adding a Managed Volume Adding a Share Identifying the Filer and Share The most important step in configuring a share is connecting it to an export/share on an external filer. The export/share must support all of the namespace’s protocols; a CIFS namespace can only import CIFS shares, and an NFSv3 namespace can only import NFSv3 exports.
Page 222: Disconnecting From The Filer Before The Share Is Enabled
Adding a Managed Volume Adding a Share Disconnecting From the Filer Before the Share is Enabled To correct a mistake, you can disconnect a share from its filer before you enable the share. (The process of enabling a share is described later.) Use the command no filer described earlier in...
Page 223: Reinstating The Directory Test
Adding a Managed Volume Adding a Share For example, the following command sequence allows the “medarcv~/lab_equipment” volume to skip this check while importing the ‘equip’ share. bstnA6k(gbl)# namespace medarcv bstnA6k(gbl-ns[medarcv])# volume /lab_equipment bstnA6k(gbl-ns-vol[medarcv~/lab_equipment])# share equip bstnA6k(gbl-ns-vol-shr[medarcv~/lab_equipment~equip])# import skip-managed-check bstnA6k(gbl-ns-vol-shr[medarcv~/lab_equipment~equip])# ... Reinstating the Directory Test If there is any doubt about any directory in the share, the volume should verify that none of them are managed by some other volume.
Page 224: Disabling Directory-Attribute Synchronization On Import
Adding a Managed Volume Adding a Share choose an alternative: instead of renaming the directory, synchronize its attributes with that of its already-imported counterpart. The volume presents the two directories as a single directory, with the aggregated contents of both and the attributes of the one that was imported first.
Page 225: Preventing Directory Renames During Import
Adding a Managed Volume Adding a Share bstnA6k(gbl-ns-vol[wwmed~/acct])# share bills bstnA6k(gbl-ns-vol-shr[wwmed~/acct~bills])# no import sync-attributes bstnA6k(gbl-ns-vol-shr[wwmed~/acct~bills])# ... Preventing Directory Renames During Import Whether or not the managed volume is allowed to synchronize attributes on this share, it has occasion to rename any directories that collide with previously-imported files.
Page 226: Allowing Directory Renames On Import
Adding a Managed Volume Adding a Share Allowing Directory Renames on Import If the share allows directory renames, the volume renames its colliding directories as specified by the command (refer back to “Allowing the Volume to Modify on modify Import” on page 9-9).
Page 227: Preventing File Renames During Import
Adding a Managed Volume Adding a Share The resulting name is visible through NFS and CIFS, and can be correlated to the intended CIFS name for the directory. As mentioned above, you can look at the share’s import report to see the original name and the new name for each renamed directory.
Page 228: Allowing File Renames In Import
Adding a Managed Volume Adding a Share Allowing File Renames in Import If the share allows file renames, the volume renames its colliding files as specified by command. modify import rename-files This is the default setting. For example, the following command sequence returns the ‘bills’ share to its default: bstnA6k(gbl)# namespace wwmed bstnA6k(gbl-ns[wwmed])# volume /acct bstnA6k(gbl-ns-vol[wwmed~/acct])# share bills...
Page 229: Disabling Sid Translation
Adding a Managed Volume Adding a Share Each share whose filer uses Local Groups must have SID translation enabled. For each of these shares, enter gbl-ns-vol-shr mode and use the command: sid-translation sid-translation For example, the following command sequence configures one share in the /rcrds volume for SID translation: bstnA6k(gbl)# namespace medarcv bstnA6k(gbl-ns[medarcv])# volume /rcrds...
Page 230: Ignoring Sid Errors From The Filer (Cifs)
Adding a Managed Volume Adding a Share The output displays the translation at each share. For example, the following command sequence discovers that the shares behind the ‘medarcv~/rcrds’ volume have different SIDs for the ‘pharmacists’ group: bstnA6k(gbl)# namespace medarcv bstnA6k(gbl-ns[medarcv])# volume /rcrds bstnA6k(gbl-ns-vol[medarcv~/rcrds])# show sid-translation pharmacists SID Translations: Share rx...
Page 231: Acknowledging Sid Errors
Adding a Managed Volume Adding a Share Some file servers issue these errors for unknown SIDs but accept the file anyway. Some EMC file servers have this setting as a default. As long as the file server is configured to accept the file or directory (perhaps erasing the unknown SIDs), the volume can safely ignore these errors.
Page 232: Designating The Share As Critical (Optional)
Adding a Managed Volume Adding a Share Designating the Share as Critical (optional) If the current switch has a redundant peer, you have the option to designate the current share as critical. Skip to the next section if this switch is not configured for redundancy.
Page 233: Ignoring The Share's Free Space (Optional)
Adding a Managed Volume Adding a Share Ignoring the Share’s Free Space (optional) This option is only relevant in a volume where you are manually calculating free space (see “Manually Setting the Volume’s Free Space (optional)” on page 9-16). Such a volume’s free space is the sum of the space from all of its shares, including multiple shares from the same back-end storage volume.
Page 234: Adjusting The Free-Space Calculation
Adding a Managed Volume Adding a Share Adjusting the Free-Space Calculation You can also manually adjust the free-space that is advertised for the current share. From gbl-ns-vol-share mode, use the command. This was described freespace adjust in detail for direct volumes; see “Adjusting the Free-Space Calculation”...
Page 235: Taking Ownership Of The Share (Optional)
Adding a Managed Volume Adding a Share For example, the following command sequence enables the “wwmed ~/acct~bills” share. bstnA6k(gbl)# namespace wwmed bstnA6k(gbl-ns[wwmed])# volume /acct bstnA6k(gbl-ns-vol[wwmed~/acct])# share bills bstnA6k(gbl-ns-vol-shr[wwmed~/acct~bills])# enable bstnA6k(gbl-ns-vol-shr[wwmed~/acct~bills])# ... If the managed volume is also enabled (as described below), it begins to import files and directories from the back-end share.
Page 236: Examining The Shareenablesubshareinc Report (Cifs)
Adding a Managed Volume Adding a Share The CLI prompts for confirmation before taking ownership of the share. Enter yes to proceed. For example, the following command sequence enables the “insur_bkup~/insurShdw~backInsur” share, taking ownership of the share if necessary: prtlndA1k(gbl)# namespace insur_bkup prtlndA1k(gbl-ns[insur_bkup])# volume /insurShdw prtlndA1k(gbl-ns-vol[insur_bkup~/insurShdw])# share backInsur prtlndA1k(gbl-ns-vol-shr[insur_bkup~/insurShdw~backInsur])# enable take-ownership...
Page 237 Adding a Managed Volume Adding a Share The following changes were made to replicate nested shares and their attributes to the new share: Added share “CELEBS$” to the following filer: Filer Name: fs1 IP Address: 192.168.25.20 Path: d:\exports\histories\VIP_wing Added share “Y2004” to the following filer: Filer Name: fs1 IP Address: 192.168.25.20 Path:...
Page 238: Disabling The Share
Adding a Managed Volume Adding a Share Disabling the Share You can disable a share to make it inaccessible to namespace clients. This stops access to all files on the share. As in a direct volume, use in gbl-ns-vol-shr no enable mode to disable the share.
Page 239: Selecting A Vpu (Optional)
Adding a Managed Volume Selecting a VPU (optional) Selecting a VPU (optional) The next step in configuring a volume is to choose its Virtual-Processing Unit (VPU). A VPU is a virtual CPU that can fail over from one chassis to another in a redundant configuration.
Page 240: Splitting Namespace Processing Within A Vpu
Adding a Managed Volume Selecting a VPU (optional) Splitting Namespace Processing within a VPU Each VPU has two domains, one per namespace. If the metadata share fails badly for one volume in a VPU domain, the other volumes in the same domain also fail. For example, consider a system with 7 volumes in a single namespace, divided between 2 VPU domains.
Page 241: Reverting To Default-Vpu Assignment
Adding a Managed Volume Selecting a VPU (optional) To mitigate this problem, you can assign the same namespace to both VPU domains. This divides the namespace’s volumes between the domains. Each domain runs independently; one can have a metadata failure without affecting the other. In the example below, a metadata failure for volume 1 now only affects volume 3: single namespace volume 1...
Page 242: Vpu Limits For Managed Volumes And Shares
Adding a Managed Volume Selecting a VPU (optional) For example: bstnA6k(gbl)# namespace medarcv bstnA6k(gbl-ns[medarcv])# volume /test_results bstnA6k(gbl-ns-vol[medarcv~/test_results])# no vpu bstnA6k(gbl-ns-vol[medarcv~/test_results])# ... VPU Limits for Managed Volumes and Shares Managed volumes have stricter limits on shares than direct volumes. (For the maximum shares in a direct volume, see “VPU Limits for Direct Volumes and Shares”...
Page 243: Changing The Number Of Reserved Files
Adding a Managed Volume Selecting a VPU (optional) Changing the Number of Reserved Files Each VPU can support a limited number of files and directories in its managed volumes. Table 9-2. Maximum Files per Platform Platform Maximum Maximum Files Default Files Files per Managed per Managed...
Page 244: Reverting To The Default Number Of Reserved Files
Adding a Managed Volume Selecting a VPU (optional) Reverting to the Default Number of Reserved Files command reverts the volume to the default number of reserved no reserve files files. no reserve files For example: bstnA6k(gbl)# namespace wwmed bstnA6k(gbl-ns[wwmed])# volume /acct bstnA6k(gbl-ns-vol[wwmed~/acct])# no reserve files bstnA6k(gbl-ns-vol[wwmed~/acct])# ...
Page 245 Adding a Managed Volume Selecting a VPU (optional) VPU 2 ----- Physical Processor: 3.2 State: Normal; maximum instances Share credits: 7 shares used (249 credits remain of total 256) Direct share credits: 5 direct shares used (4091 credits remain of total 4096) Volume credits: 6 volumes used (58 credits remain of total 64) File credits: 132M files reserved (252M credits remain of total 384M) Namespace...
Page 246: Enabling The Volume
Adding a Managed Volume Enabling the Volume File credits: 4.0M files reserved (380M credits remain of total 384M) Namespace Domain Volume State --------- ------ ------ ----- medco /vol Enabled wwmed /acct Enabled 2 Namespaces 2 Volumes bstnA6k(gbl-ns-vol[medarcv~/rcrds])# ... Enabling the Volume The final step in configuring a managed volume is to enable it.
Page 247: Enabling All Shares In The Volume
Adding a Managed Volume Enabling the Volume bstnA6k(gbl-ns[wwmed])# volume /acct bstnA6k(gbl-ns-vol[wwmed~/acct])# enable bstnA6k(gbl-ns-vol[wwmed~/acct])# ... The import happens asynchronously, so that you can issue more CLI commands while the import happens in the background. To check the progress of the import, use show , as described below in “Monitoring the...
Page 248: Disabling All Shares
Adding a Managed Volume Enabling the Volume You can use the optional flag for this special case. If the managed take-ownership volume finds an ownership marker in the root of any of its shares, it overwrites the marker file. Otherwise, it imports the share as usual: enable shares take-ownership Do not use this option if it is possible that another ARX is managing one of the volume’s shares.
Page 249: Disabling The Volume
Adding a Managed Volume Monitoring the Import Disabling the Volume You can disable a volume to stop clients from accessing it. Just as described with a direct volume, you disable the volume with in gbl-ns-vol mode. (See no enable “Disabling the Volume” on page 8-29.) For example, the following command sequence disables the “/acct”...
Page 250: Import Errors
Adding a Managed Volume Monitoring the Import Share Filer Status NFS Export ------------------------- ------------------------------------- ----------- Volume: /acct Enabled budget das1 Online NFS: /exports/budget bills das8 Online NFS: /work1/accting metadata-share nas1 Online NFS: /vol/vol1/meta1 bills2 das3 Online NFS: /data/acct2 bstnA6k(gbl)# ... for each imported share should go through the following states: Status Pending...
Page 251: Canceling A Share Import
Adding a Managed Volume Monitoring the Import Canceling a Share Import From priv-exec mode, you can cancel the import of a single share with the cancel command: import cancel import namespace ns volume vol-path share share-name where: ns (1-30 characters) identifies the namespace. vol-path (1-1024 characters) is the share’s volume.
Page 252 Adding a Managed Volume Monitoring the Import For example, this shows the import report for the “shr1-old” share. The import contains several files and directories with multi-protocol issues, highlighted in bold text: bstnA6k# show reports import.10.shr1-old.22.rpt **** Share Import Report: Started at Sat Nov 18 03:26:32 2006 **** **** Namespace: insur **** Volume: /claims...
Page 253 Adding a Managed Volume Monitoring the Import **** **** Issue **** : Name collision. **** : Attribute collision. **** : Attributes of share root are inconsistent. **** : Subdirectory of this share is already imported as managed share. **** : Case-blind collision (MPNS and CIFS-only). **** : Entry removed directory from filer during import.
Page 254 Adding a Managed Volume Monitoring the Import F IC] /stats/in_home:2005/age:<10yrs.csv F IC] /stats/in_home:2005/age:11-21yrs.csv D IC] /Claims:2001 D IC] /claims:2005 D IC] /:7QD4210 D IC] /stats/in_home:2005 F CC] /stats/piechart.ppt F CC] /stats/PieChart.ppt D CC] /tools D CC] /Tools Directories found: Files found: Directories Scanned/Second: Files Scanned/Second: Total Entries Scanned/Second:...
Page 255: Showing The Volume
Adding a Managed Volume Showing the Volume Showing the Volume The direct-volume chapter discussed some show commands that focus on volumes; recall “Showing the Volume” on page 8-29. These same commands work on all volume types, including managed volumes. The difference is the output; managed volumes support policy (described in the next chapter), so any rules in the volume appear here.
Page 256 Adding a Managed Volume Showing the Volume Windows Management Authorization Policies ----------------------------------------- readOnly fullAccess Volumes ------- /rcrds CIFS : compressed files: yes; named streams: yes; persistent ACLs: yes sparse files: yes; Unicode on disk: yes; case sensitive: no Volume freespace: 504GB (automatic) Auto Sync Files: Enabled Metadata size: 120k Metadata free space: 87GB...
Page 257 Adding a Managed Volume Showing the Volume CIFS Maximum Request Size 16644 SID Translation Ignore SID errors Status Online Free space on storage 414GB (444,650,885,120 B) Transitions Last Transition Fri Nov 2 03:29:54 2007 Share charts Filer fs1 [192.168.25.20] CIFS Share histories Features cifs-acls...
Page 258: Showing One Share
Adding a Managed Volume Showing the Volume ----------- Share Farm medFm Share Share charts State Enabled Volume Scan Status Complete Migration Status Complete New File Placement Status Enabled Volume Rules --------------- Rule Name dailyArchive Type Place Rule State Enabled Volume Scan Status Complete Migration Status Complete...
Page 259 Adding a Managed Volume Showing the Volume Domain Information ------------------ Supported Protocols ------------------- nfsv3 Participating Switches ---------------------- bstnA6k (vpu 1) [Current Switch] Volumes ------- /acct Volume freespace: 100GB (automatic) Metadata size: 1.5M Metadata free space: 32GB Import Protection: On State: Enabled Host Switch: bstnA6k Instance: 2 VPU: 1 (domain 1)
Page 260 Adding a Managed Volume Showing the Volume NFS Export /work1/accting Features unix-perm Status Online Critical Share Free space on storage 17GB (18,803,621,888 B) Free files on storage Transitions Last Transition Wed Apr 4 03:41:05 2007 Share Farms ----------- Share Farm fm1 Share bills Share...
Page 261: Showing Filer Shares Behind One Volume
Adding a Managed Volume Showing the Volume Showing Filer Shares Behind One Volume You can use the command to show the filer shares behind show namespace mapping a particular namespace, as described earlier in the namespace chapter. Add the volume clause to show only the shares behind that particular volume;...
Page 262 Adding a Managed Volume Showing the Volume ntlm-auth-server dc1 ntlm-auth-server dc1-oldStyle protocol cifs proxy-user acoProxy2 windows-mgmt-auth readOnly windows-mgmt-auth fullAccess sam-reference fs2 volume /rcrds filer-subshares replicate modify reimport-modify reserve files 4000000 auto sync files hosted-by bstnA6k metadata share nas1 nfs3 /vol/vol1/meta3 compressed-files named-streams persistent-acls...
Page 263: Sample - Configuring A Managed Volume
Adding a Managed Volume Sample - Configuring a Managed Volume exit share-farm medFm share rx share charts auto-migrate 100M balance Latency enable exit place-rule dailyArchive schedule hourly from fileset dayOld target share bulk no inline-notify enable exit vpu 2 domain 1 enable exit exit...
Page 264 Adding a Managed Volume Sample - Configuring a Managed Volume This will create a new volume. Create volume '/acct'? [yes/no] yes bstnA6k(gbl-ns-vol[wwmed~/acct])# show external-filer Name IP Address Description ------------------------ ------------- ---------------------------- das1 192.168.25.19 financial data (LINUX filer, rack 14) 192.168.25.27 bulk storage server (DAS, Table 3) 192.168.25.20 misc patient records (DAS, Table 3)
Page 265: Removing A Managed Volume
Adding a Managed Volume Removing a Managed Volume bstnA6k(gbl-ns-vol-shr[wwmed~/acct~bills])# exit bstnA6k(gbl-ns-vol[wwmed~/acct])# enable bstnA6k(gbl-ns-vol[wwmed~/acct])# exit bstnA6k(gbl-ns[wwmed])# exit bstnA6k(gbl)# Removing a Managed Volume As with a direct volume, use the priv-exec command to remove namespace ... volume remove a managed volume. (Recall “Removing a Direct Volume”...
Page 266 Adding a Managed Volume Removing a Managed Volume 9-72 CLI Storage-Management Guide...
Page 267: Configuring A Global Server
Chapter 10 Configuring a Global Server A global server is a client-entry point to the ARX’s various front-end services. The global server defines a Fully-Qualified-Domain Name (FQDN; for example, “www.acopia.com”) for accessing its services. A global server’s services are implemented by one virtual server on the ARX. Each virtual server listens at a unique virtual-IP (VIP) address.
Page 268: Concepts And Terminology
Configuring a Global Server Concepts and Terminology Concepts and Terminology A front-end service is a service that is visible to clients. This is in contrast to the back-end filers and servers, whose services are aggregated by the ARX. A front-end service provides an interface for clients to access the aggregated back-end services.
Page 269: Setting The Windows Domain (Cifs Only)
Configuring a Global Server Adding a Global Server Create global server 'www.wwmed.com'? [yes/no] yes bstnA6k(gbl-gs[www.wwmed.com])# ... Setting the Windows Domain (CIFS Only) If the global server uses back-end servers that require Windows networking, the global server needs the Windows domain to integrate with the back-end servers. Use command to set the Windows domain: windows-domain windows-domain domain...
Page 270: Removing The Windows Domain
Configuring a Global Server Adding a Global Server name (up to 15 characters, converted to uppercase). For most windows-domain installations, this is sufficient. For sites that do not conform to this naming convention, you can use the option to use a different short-domain pre-win2k-name name: windows-domain domain pre-win2k-name short-name...
Page 271: Registering With A Wins Server (Cifs)
Configuring a Global Server Adding a Global Server Use the command to create a virtual server for an ARX and assign a VIP virtual server address to the switch: virtual server switch-name virtual-ip-address mask [vlan vlan-id] where switch-name (1-128 characters) is the host name of the current ARX, and virtual-ip-address is one VIP for the switch, which you create with this command.
Page 272: Removing The Wins-Server Setting
Configuring a Global Server Adding a Global Server If you identify a WINS server for this network, the virtual server registers its NetBIOS name with the WINS server. This makes it possible for other WINS clients to find the virtual server on this switch. Use the command to identify a WINS wins server:...
Page 273: Setting The Netbios Name (Optional, Cifs)
Configuring a Global Server Adding a Global Server Setting the NetBIOS Name (optional, CIFS) This section only applies to virtual servers that support CIFS storage. The virtual server’s NetBIOS name is the server name that appears in Windows network browsers. This appears in the “Server Name” column when you issue a Windows net view command.
Page 274: Adding A Netbios Alias
Configuring a Global Server Adding a Global Server Adding a NetBIOS Alias Some installations use multiple NetBIOS names for a single CIFS server. To mimic this configuration, use the command (in gbl-gs-vs mode) for each wins-alias additional NetBIOS name: wins-alias netbios-alias where netbios-alias (1-15 bytes) is a NetBIOS alias to be advertised to the WINS server.
Page 275: Reverting To The Default Netbios Name
Configuring a Global Server Adding a Global Server Reverting to the Default NetBIOS Name You can revert to the default NetBIOS name with the command. The no wins-name default NetBIOS name is the first component of the global server’s FQDN (for example, “\\FTP1”...
Page 276: Disabling A Virtual Server
Configuring a Global Server Adding a Global Server Disabling a Virtual Server Disabling a virtual server makes it impossible for clients to access the particular switch’s front-end services (such as CIFS or NFS) through that virtual server’s IP address. Use in gbl-gs-vs mode to disable a virtual server.
Page 277: Enabling The Global Server
Configuring a Global Server Adding a Global Server Enabling the Global Server The final step in global-server configuration is to enable it. Use the command enable to activate the global server: enable For example, the following command sequence enables the global server at “www.wwmed.com:”...
Page 278 Configuring a Global Server Adding a Global Server Domain Name State Windows Domain --------------------------------------------------------------------------- ac1.medarch.org Enabled MEDARCH.ORG (NTNET) Switch State VLAN VMAC WINS Server WINS Name ------------------------------------------------------------------------- bstnA6k Enabled 192.168.25.15/24 00:0a:49:00:0a:c0 192.168.25.20 (none) Description ------------------------------------------------------------------------- CIFS server for hospital-net storage Domain Name State Windows Domain...
Page 279: Showing One Global-Server
Configuring a Global Server Adding a Global Server WINS Server WINS Name ------------------------------------------------------------------------- bstnA6k Enabled 192.168.25.14/24 00:0a:49:00:0a:c0 192.168.25.20 INSURANCE Description ------------------------------------------------------------------------- CIFS and NFS server for hospital insurance claims Domain Name State Windows Domain --------------------------------------------------------------------------- www.wwmed.com Enabled Switch State VLAN VMAC WINS Server WINS Name...
Page 280: Removing A Global Server
Configuring a Global Server Adding a Global Server bstnA6k(gbl)# show global server www.wwmed.com Domain Name State Windows Domain --------------------------------------------------------------------------- www.wwmed.com Enabled Switch State VLAN VMAC WINS Server WINS Name ------------------------------------------------------------------------- bstnA6k Enabled 192.168.25.10/24 00:0a:49:00:08:c0 (none) (none) Description ------------------------------------------------------------------------- global NFS server for network hospitals bstnA6k(gbl)# ...
Page 281: Sample - Configuring A Global Server
Configuring a Global Server Sample - Configuring a Global Server bstnA6k(gbl)# ... Sample - Configuring a Global Server The following command sequence sets up a global server for www.wwmed.com. Create the global server: bstnA6k(gbl)# global server ac1.medarch.org This will create a new global server. Create global server 'ac1.medarch.org'? [yes/no] yes Join a Windows domain, MEDARCH.ORG: bstnA6k(gbl-gs[ac1.medarch.org])# windows-domain MEDARCH.ORG...
Page 282 Configuring a Global Server Next 10-16 CLI Storage-Management Guide...
Page 283: Configuring Front-End Services
Chapter 11 Configuring Front-End Services Front-end services provide client access to namespace storage. Supported front-end services include • Network File System (NFS), and • Common Internet File System (CIFS). You can enable one or more of these services on a global server, so that clients can access them through the global server’s fully-qualified domain name (FQDN) or the virtual server’s VIP.
Page 284: Before You Begin
Configuring Front-End Services Before You Begin Before You Begin To offer any front-end services, you must first • add one or more NAS filers, as described in Chapter 6, Adding an External Filer; • create at least one namespace as a storage resource, as described in Chapter 7, Configuring a Namespace;...
Page 285: Exporting A Namespace Volume
Configuring Front-End Services Configuring NFS From gbl-nfs mode, you must export at least one namespace volume and then enable the NFS service, as described in the following subsections. Exporting a Namespace Volume If a namespace volume is configured for NFS, you can offer it as an NFS export through a global server.
Page 286: Stopping An Nfs Export
Configuring Front-End Services Configuring NFS bstnA6k(gbl-nfs[www.wwmed.com])# show global-config namespace ;=============================== namespace =============================== ;=============================== namespace =============================== namespace wwmed description “namespace for World-Wide Medical network” protocol nfs3 volume /acct import protection metadata critical bstnA6k(gbl-nfs[www.wwmed.com])# export wwmed /acct access-list eastcoast bstnA6k(gbl-nfs[www.wwmed.com])# ... Stopping an NFS Export Use the no form of the command to stop NFS access to a namespace volume: export...
Page 287: Disabling Nlm (Optional)
Configuring Front-End Services Configuring NFS Disabling NLM (optional) The NFS service implements the NFS Lock Manager (NLM) protocol. NLM is a voluntary protocol that NFS-client applications can use to write-protect a file or file region. NFS client A can use NLM to lock a region of a file; if clients B and C are also NLM-compliant, they will not write to that region until client A releases the lock.
Page 288: Enabling Nlm
Configuring Front-End Services Configuring NFS Enabling NLM While the NFS service is disabled, you can use to re-enable NLM nlm enable processing: nlm enable This causes the front-end service to answer all NLM requests. For example: bstnA6k(gbl)# nfs www.wwmed.com bstnA6k(gbl-nfs[www.wwmed.com])# nlm enable bstnA6k(gbl-nfs[www.wwmed.com])# ...
Page 289: Notifications To Nlm Clients
Configuring Front-End Services Configuring NFS bstnA6k(gbl-nfs[www.wwmed.com])# no enable bstnA6k(gbl-nfs[www.wwmed.com])# ... Notifications to NLM Clients As described above, the NFS service can implement the NFS Lock Manager (NLM) protocol. If you used to stop NLM, skip to the next section. no nlm enable In an NFS service where NLM is enabled, a followed by an triggers...
Page 290: Showing One Nfs Service
Configuring Front-End Services Configuring NFS Showing One NFS Service Identify a particular FQDN with the command to focus on one NFS show nfs-service service: show nfs-service fqdn where fqdn (1-128 characters) is the fully-qualified domain name (for example, www.company.com) for the global server. This shows detailed configuration information for the service.
Page 291: Sample - Configuring An Nfs Front-End Service
Configuring Front-End Services Configuring NFS Sample - Configuring an NFS Front-End Service The following command sequence sets up NFS service on a global server called “www.wwmed.com:” bstnA6k(gbl)# nfs www.wwmed.com bstnA6k(gbl-nfs[www.wwmed.com])# show global-config namespace wwmed ;=============================== namespace =============================== namespace wwmed description “namespace for World-Wide Medical network” protocol nfs3 volume /acct import protection...
Page 292: Removing An Nfs Service
Configuring Front-End Services Configuring NFS Removing an NFS Service You can remove an NFS service from a global server to both disable the service and remove its configuration. Use the no form of the command to remove an NFS-service configuration from a global server: no nfs fqdn where fqdn (1-128 characters) is the fully-qualified domain name (for example, “www.organization.org”) for the service’s global server.
Page 293: Showing The Nfs/Tcp Timeout
Configuring Front-End Services Configuring NFS Showing the NFS/TCP Timeout Use the command to view the current client-connection behavior and show nfs tcp timeout period for NFS/TCP timeouts: show nfs tcp For example, this system has the behavior configured above: bstnA6k(gbl)# show nfs tcp Transaction Timeout Behavior: Return I/O Error...
Page 294: Configuring Cifs
Configuring Front-End Services Configuring CIFS Configuring CIFS From gbl mode, use the command to instantiate CIFS service for a global server: cifs cifs fqdn where fqdn (1-128 characters) is the fully-qualified domain name for the global server (for example, “myserver.organization.org”). If this CIFS service runs in an Active Directory forest and/or uses Kerberos to authenticate clients, this must be in a domain in the Active-Directory forest (configured in “Adding an...
Page 295 Configuring Front-End Services Configuring CIFS Use the command to share a namespace volume through the current CIFS export service: export namespace vol-path [as share-name] [description description] where namespace (1-30 characters) can be any namespace that supports CIFS. vol-path (1-1024 characters) is the path to one of the namespace’s volumes (for example, “/oneVol”) or volume sub paths (“oneVol/apps/myApps”).
Page 296 Configuring Front-End Services Configuring CIFS protocol cifs proxy-user acoProxy2 windows-mgmt-auth readOnly windows-mgmt-auth fullAccess sam-reference fs2 volume /lab_equipment enable exit volume /rcrds filer-subshares replicate modify bstnA6k(gbl-cifs[ac1.medarch.org])# export medarcv /rcrds as ARCHIVES description “2-year-old medical records” bstnA6k(gbl-cifs[ac1.medarch.org])# ... 11-14 CLI Storage-Management Guide...
Page 297: Exporting A Filer Subshare (And Using Its Acl)
Configuring Front-End Services Configuring CIFS Exporting a Filer Subshare (and Using its ACL) This section only applies to managed volumes. Skip all of the “subshare” sections if you are sharing a direct volume. The CIFS service accesses each back-end share through its root, whether or not you export a directory below the root of the volume.
Page 298 Configuring Front-End Services Configuring CIFS The volume and filers must be properly prepared before your CIFS service can offer this subshare service. A subshare must have the same name, ACL, and position in the directory tree (relative to the share root) on every filer behind the volume. To continue the example, every filer share behind the “medarcv~/rcrds”...
Page 299: Exposing Hidden Subshares
Configuring Front-End Services Configuring CIFS Exposing Hidden Subshares Some filer subshares can be hidden by having a dollar sign ($) at the ends of their share names (for example, “myshare$”). Most views of the filer’s CIFS shares do not show these names. The CIFS front-end service can expose a hidden subshare by using a slightly-different name for its front-end subshare;...
Page 300: Exporting All Filer Subshares At Once
Configuring Front-End Services Configuring CIFS Exporting all Filer Subshares at Once This section only applies to managed volumes. Skip all of the “subshare” sections if you are sharing a direct volume. You can use a single command to export multiple filer subshares. This presumes that the volume is prepared with multiple subshares, perhaps through subshare replication (recall “Replicating Subshares at all of the Volume’s Filers”...
Page 301 Configuring Front-End Services Configuring CIFS The warning indicates that some subshares were previously exported. In this example, the warning is expected; an earlier command sequence already exported the “Y2005” share. The report confirms this: bstnA6k# show reports cifsExportSubshares_20061221140808.rpt **** Cifs Export Subshares Report: Started at Thu Dec 21 14:08:08 2006 **** **** Software Version: 2.05.000.09902 (Dec 20 2006 21:42:38) [nbuilds] **** Hardware Platform: ARX-6000 Namespace:...
Page 302: Exposing All Hidden Subshares
Configuring Front-End Services Configuring CIFS **** Elapsed time: 00:00:00 **** Cifs Export Subshares Report: DONE at Thu Dec 21 14:08:08 2006 **** bstnA6k# ... Exposing All Hidden Subshares For filers with hidden CIFS subshares (such as “CELEBS$” from the above example), you can expose them all as shares from the front-end CIFS service.
Page 303: Adding New Subshares
Configuring Front-End Services Configuring CIFS Adding New Subshares This section only applies to managed volumes. Skip to the next section if you are sharing a direct volume. The previous sections explained how to export pre-existing subshares, created on the back-end filers before their CIFS shares were imported. To add new subshares, you must directly connect to one of the back-end filers and create them there;...
Page 304: Allowing Clients To Use Windows Management (Mmc)
Configuring Front-End Services Configuring CIFS bstnA6k(gbl)# cifs ac1.medarch.org bstnA6k(gbl-cifs[ac1.medarch.org])# no export medarcv /cifstest bstnA6k(gbl-cifs[ac1.medarch.org])# ... Allowing Clients to Use Windows Management (MMC) As an alternative to managing the CIFS service from the CLI, Windows clients can use Windows-management applications to manage the service from a remote PC. You can use this feature instead of the command, above.
Page 305: Client Experience: Using Mmc To Manage A Namespace
Configuring Front-End Services Configuring CIFS Client Experience: Using MMC to Manage a Namespace A properly-enabled client can manage this CIFS service using MMC. For example, the following client session adds a share to the “ac1.medarch.org” service from a Windows 2000 machine. The session starts from Start -> Control Panel -> Administrative Tools ->...
Page 306: Disallowing Windows-Management Access
Configuring Front-End Services Configuring CIFS This shows all managed volumes in the CIFS service’s namespace under the C drive. Each direct volume in the namespace appears as another drive. In this example, the two managed volumes appear as folders under the C drive, one direct volume appears as the D drive: You use the interface to export the other managed volume with the share name, “EQUIPMENT.”...
Page 307: Setting A Server Description (Optional)
Configuring Front-End Services Configuring CIFS bstnA6k(gbl)# cifs beta_service bstnA6k(gbl-cifs[beta_service])# no browsing bstnA6k(gbl-cifs[beta_service])# ... Setting a Server Description (optional) You can optionally set the CIFS-service description that will appear in Windows network browsers. The description appears in the “Remarks” column when you issue a Windows net view command: U:\>net view Server Name...
Page 308: Enabling Cifs Service
Configuring Front-End Services Configuring CIFS bstnA6k(gbl-cifs[ac1.medarch.org])# ... Enabling CIFS Service The next step in CIFS configuration is to enable it. Use the command from enable gbl-cifs mode to activate the CIFS service: enable For example, the following command sequence enables CIFS for the global server at “ac1.medarch.org:”...
Page 309 Configuring Front-End Services Configuring CIFS To enable Kerberos authentication by the CIFS service, you must join the CIFS service to the Active-Directory (AD) domain. This process is similar to adding client computers to the AD domain: this action causes the DC to declare the CIFS service as Trusted for Delegation.
Page 310: Support For Both Ntlm And Kerberos
Configuring Front-End Services Configuring CIFS bstnA6k(gbl)# cifs ac1.medarch.org bstnA6k(gbl-cifs[ac1.medarch.org])# enable bstnA6k(gbl-cifs[ac1.medarch.org])# domain-join MEDARCH.ORG Username: acoadmin Password: aapasswd 'ac1' successfully joined the domain. bstnA6k(gbl-cifs[ac1.medarch.org])# ... Support for Both NTLM and Kerberos The domain-join operation does not preclude any clients from authenticating with NTLM;...
Page 311: Replacing Back-End Services
Configuring Front-End Services Configuring CIFS RFCs 1034 and 1035 define basic DNS, and RFC 3645 defines Microsoft-specific authentication extensions to for dynamic DNS. The ARX implementation of dynamic DNS adheres to all of these RFCs. Before you use dynamic DNS, the name server(s) for this service’s Windows Domain must be included in the AD forest.
Page 312: Update Schedule For Dns "A" Records
Configuring Front-End Services Configuring CIFS • \\fs2.medarch.org\lab_data • \\fs7.medarch.org\tests You can import each of these shares into a single namespace, where each share is in a separate volume. From gbl-cifs mode, you can then each CIFS volume under export its original share name (“xrays,” “lab_data,” and “tests,” respectively). Finally, you can use the dynamic-dns command to register all three of the original host names as DNS aliases for the CIFS service (“fs1,”...
Page 313: Removing A Host Name
Configuring Front-End Services Configuring CIFS bstnA6k(gbl-cifs[ac1.medarch.org])# end bstnA6k# dynamic-dns update ac1.medarch.org bstnA6k# ... Removing a Host Name You can use the command to remove one host name from the current no dynamic-dns CIFS service. This causes the CIFS service to withdraw all references to this host name from DNS.
Page 314: Clearing Records Of Failed Deletes
Configuring Front-End Services Configuring CIFS Global Server Domain Name ----------------------------------------------------------------------------- CIFS ac1.MEDARCH.ORG MEDARCH.ORG Status Host Name Operation Retries Last Update DNS Server --------------------------------------------------------------------------- ac1.MEDARCH.ORG 192.168.25.15 Wed Oct 4 06:56:24 2006 192.168.25.104 bstnA6k> Clearing Records of Failed Deletes The CIFS service performs two dynamic-DNS operations: add and remove. The command triggers an add operation, and a remove occurs after dynamic-dns .
Page 315 Configuring Front-End Services Configuring CIFS Status Host Name Operation Retries Last Update DNS Server --------------------------------------------------------------------------- Failed test.MEDARCH.ORG 192.168.25.15 Remove Wed Oct 4 07:09:33 2006 192.168.25.102 ac1.MEDARCH.ORG 192.168.25.15 Wed Oct 4 06:56:24 2006 192.168.25.104 Retry fs7.MEDARCH.ORG 192.168.25.15 Wed Oct 4 07:12:23 2006 192.168.25.104 bstnA6k# clear dynamic-dns Clear failed dynamic DNS entries? [yes/no] yes...
Page 316: Supporting Aliases With Kerberos
Configuring Front-End Services Configuring CIFS Supporting Aliases with Kerberos This section does not apply to a CIFS service that only uses NTLM authentication. You can also skip this section if you have not registered a WINS name, any WINS aliases, or any DNS aliases for your CIFS service. When a CIFS service joins its AD domain, it registers its FQDN name in the Active-Directory database.
Page 317: Listing Cifs Services
Configuring Front-End Services Configuring CIFS For each alias, we recommend mapping both the simple host name and the full FQDN. For example, the following DOS-command sequence maps three DNS aliases to the “ac1.medarch.org” CIFS service: C:\Program Files\Resource Kit> setspn -A HOST/fs1 ac1.medarch.org C:\Program Files\Resource Kit>...
Page 318: Showing Details For A Cifs Service
Configuring Front-End Services Configuring CIFS This shows a configuration summary followed by a table of CIFS shares. For example: bstnA6k> show cifs-service ac1.medarch.org Domain Name: ac1.medarch.org Description: medical histories and records Namespace: medarcv State: Enabled Share Name Directory State ---------------------------------------------------------------------------- ARCHIVES /rcrds Online...
Page 319 Configuring Front-End Services Configuring CIFS Shares ------ ARCHIVES Directory /rcrds Description 2 year-old medical records State Online Filer-subshare Y2005 Directory /rcrds/2005 Description State Online Filer-subshare CELEBS Directory /rcrds/VIP_wing Description State Online Filer-subshare Yes (hidden) Y2004 Directory /rcrds/2004 Description State Online Filer-subshare CELEBS$ Directory...
Page 320: Showing All Cifs Services
Configuring Front-End Services Configuring CIFS Description State Online Filer-subshare bstnA6k> Showing All CIFS Services To show all CIFS front-end services, use show cifs-service all show cifs-service all [detailed] where detailed (optional) adds details to the CIFS shares. For example, this shows a summary view of every CIFS service on the ARX: bstnA6k>...
Page 321: Sample - Configuring A Cifs Front-End Service
Configuring Front-End Services Configuring CIFS Share Name Directory State ---------------------------------------------------------------------------- CLAIMS /claims Online Sample - Configuring a CIFS Front-End Service The following command sequence sets up CIFS service on a global server called “ac1.medarch.org:” bstnA6k(gbl)# cifs ac1.medarch.org bstnA6k(gbl-cifs[ac1.medarch.org])# show global-config namespace medarcv ;=============================== namespace =============================== namespace medarcv kerberos-auth...
Page 322: Removing A Cifs Service
Configuring Front-End Services Configuring CIFS Removing a CIFS Service You can remove a CIFS service from a global server to both disable the service and remove its configuration.Use the no form of the command to remove an cifs CIFS-service configuration from a global server: no cifs fqdn where fqdn is the fully-qualified domain name (for example, “www.organization.org”) for the global server.
Page 323: Removing All Of A Volume's Front-End Exports
Configuring Front-End Services Removing All of a Volume’s Front-End Exports Removing All of a Volume’s Front-End Exports You can use a single command to remove all of the front-end exports, NFS and/or CIFS, for a given volume. This is convenient for a volume that has been exported through multiple global servers and front-end services.
Page 324: Showing All Front-End Services
Configuring Front-End Services Showing All Front-End Services % INFO: no export insur_bkup /insurShdw as CLAIMS_BKUP prtlndA1k# ... Showing All Front-End Services Front-end services are identified by the FQDN of their respective global servers. Use command to show all front-end services configured on the show global service ARX: show global service...
Page 325: Showing Front-End Services Per Virtual-Server
Configuring Front-End Services Showing All Front-End Services Domain Name Service State -------------------------------------------------- www.wwmed.com Enabled bstnA6k(gbl)# ... Showing Front-End Services per Virtual-Server You can show the front-end services running at each virtual server, with the VIP and current health of each service. To see the front-end services grouped by their virtual servers, use the command: show virtual service...
Page 326: Showing The Services At The Redundant Peer
Configuring Front-End Services Showing All Front-End Services www.insurBkup.com 192.168.74.92 CIFS Ready Switch prtlndA1kB ------------------------ Global Server Virtual IP Address Service State ------------------------------------------------------------------------ prtlndA1k# ... Showing the Services at the Redundant Peer To focus on one peer in the redundant pair, identify the peer switch at the end of the command: show virtual service peer-name where peer-name (1-128 characters) identifies the peer by its hostname.
Page 327: Showing Server Maps
Configuring Front-End Services Showing Server Maps Showing Server Maps You can show the map between front-end services and the back-end servers behind them. From any mode, use the command: show server-mapping show server-mapping This displays a two-column table, where the left column shows the client-side view and the right column shows the server side.
Page 328 Configuring Front-End Services Showing Server Maps \\192.168.25.14\CLAIMS insur:/claims nas1:/vol/vol1/meta2* \\nas1\insurance \\nasE1\patient_records \\192.168.25.14\SPECS insur:/claims nas1:/vol/vol1/meta2* \\nas1\insurance \\nasE1\patient_records \\192.168.25.14\STATS insur:/claims nas1:/vol/vol1/meta2* \\nas1\insurance \\nasE1\patient_records \\192.168.25.15\ARCHIVES medarcv:/rcrds \\fs1\histories \\fs2\bulkstorage \\fs4\prescriptions nas1:/vol/vol1/meta3* \\192.168.25.15\CELEBS medarcv:/rcrds \\fs1\histories \\fs2\bulkstorage \\fs4\prescriptions nas1:/vol/vol1/meta3* \\192.168.25.15\Y2004 medarcv:/rcrds \\fs1\histories \\fs2\bulkstorage 11-46 CLI Storage-Management Guide...
Page 329: With Filer Ip Addresses
Configuring Front-End Services Showing Server Maps \\fs4\prescriptions nas1:/vol/vol1/meta3* \\192.168.25.15\Y2005 medarcv:/rcrds \\fs1\histories \\fs2\bulkstorage \\fs4\prescriptions nas1:/vol/vol1/meta3* Where * denotes metadata only physical server. bstnA6k(gbl)# ... With Filer IP Addresses You can add the option to the end of the command to show the IP ip-addresses addresses of the back-end filers, rather than their external-filer names: show server-mapping ip-addresses...
Page 330: Showing The Servers Behind One Virtual Server
Configuring Front-End Services Showing Server Maps vol0/corp 192.168.25.21:/vol/vol0/direct/shr vol0/notes 192.168.25.21:/vol/vol0/direct/notes bstnA6k(gbl)# ... Showing the Servers Behind One Virtual Server To focus on one virtual server, add its VIP to the end of the command: show server-mapping virtual-ip vip [ip-addresses] where vip identifies the VIP (for example, 172.16.77.75), and ip-addresses (optional) is explained above.
Page 331: Showing The Servers Behind One Namespace
Configuring Front-End Services Showing Server Maps \\192.168.25.15\Y2004 medarcv:/rcrds \\fs1\histories \\fs2\bulkstorage \\fs4\prescriptions nas1:/vol/vol1/meta3* \\192.168.25.15\Y2005 medarcv:/rcrds \\fs1\histories \\fs2\bulkstorage \\fs4\prescriptions nas1:/vol/vol1/meta3* Where * denotes metadata only physical server. bstnA6k(gbl)# ... Showing the Servers Behind One Namespace You can also show the physical servers behind one namespace: show server-mapping namespace name [ip-addresses] where name (1-30 characters) identifies the namespace, and...
Page 332: Showing Server Status
Configuring Front-End Services Showing Server Maps For example, the following command shows the filers behind the “wwmed” namespace. This shows IP addresses instead of external-filer names: bstnA6k(gbl)# show server-mapping namespace wwmed ip-addresses Virtual Server Namespace/Volume Virtual Path Physical Server ----------------------------------------------------------------------- 192.168.25.10:/acct wwmed:/acct 192.168.25.19:/exports/budget...
Page 333 Configuring Front-End Services Showing Server Maps bstnA6k(gbl)# show server-mapping status Virtual Server Physical Server Status --------------------------------------------------------------- -------- 192.168.25.12:/vol Ready nas1:/vol/vol0/direct/shr Online nas1:/vol/vol0/direct/notes Online nas2:/vol/vol1/direct/export Online nas2:/vol/vol1/direct/mtgs Online nas3:/vol/vol2/direct/data Online 192.168.25.10:/acct Ready das1:/exports/budget Online das8:/work1/accting Online das3:/data/acct2 Online das7:/lhome/it5 Online \\192.168.25.15\ARCHIVES Ready \\fs4\prescriptions Online...
Page 334 Configuring Front-End Services Showing Server Maps \\fs1\histories Online \\fs2\bulkstorage Online \\192.168.25.14\CLAIMS Ready \\nas1\insurance Online \\nasE1\patient_records Online \\192.168.25.14\SPECS Ready \\nas1\insurance Online \\nasE1\patient_records Online \\192.168.25.14\STATS Ready \\nas1\insurance Online \\nasE1\patient_records Online 192.168.25.14:/claims Ready nas1:/vol/vol1/NTFS-QTREE/insurance Online nasE1:/root_vdm_4/patient_records Online bstnA6k(gbl)# ... 11-52 CLI Storage-Management Guide...
Page 335: Policy For Balancing Capacity
Chapter 12 Policy for Balancing Capacity Namespace policy uses file migration and replication to balance the usage of various back-end filers. This chapter explains how to configure policies for managing free space. Use this chapter to • show policy parameters, •...
Page 336: Before You Begin
Policy for Balancing Capacity Before You Begin Before You Begin You must configure a namespace and at least one managed volume before you configure the policies described in this chapter. See Chapter 7, Configuring a Namespace, and Chapter 9, Adding a Managed Volume.
Page 337: Showing Details
Policy for Balancing Capacity Showing All Policy Rules wwmed /acct Complete Complete medarcv /rcrds dailyArchive Complete Complete medarcv /rcrds medFm Complete Complete bstnA6k# ... Showing Details Add the keyword to the end of the command to show details for all policies on details the ARX: show policy details...
Page 338 Policy for Balancing Capacity Showing All Policy Rules Constrain Files: Constrain Directories: Balance Mode: Capacity Maintain Freespace: Auto Migrate: State: Enabled Status: Volume Scan Status: Complete File Migration Status: Complete New File Placement Status: Enabled Cumulative Statistics: Total Files Migrated: Total Directories Promoted: Total Failed Migrations: Total Failed Directory Promotes:...
Page 339 Policy for Balancing Capacity Showing All Policy Rules Configuration: From fileset: bulky (files only) Target share: bills Report: docsPlc, Verbose Migrate limit: Volume Scan: Enabled Inline Notifications: Enabled Promote Directories: Disabled State: Enabled Status: Volume Scan Status: Complete File Migration Status: Complete New File Placement Status: Enabled...
Page 340 Policy for Balancing Capacity Showing All Policy Rules Last Scan Statistics: Scan Started: Wed Apr 4 03:41:53 2007 Scan Completed: Wed Apr 4 03:55:20 2007 Elapsed Time: 00:13:27 Scan Report: docsPlc_20070404034142.rpt Number of Files Scanned: 1043 Number of Directories Scanned: Number of Files in Fileset: Number of Files Migrated: Size of Files Migrated:...
Page 341 Policy for Balancing Capacity Showing All Policy Rules Auto Migrate: 100M State: Enabled Status: Volume Scan Status: Complete File Migration Status: Complete New File Placement Status: Enabled Cumulative Statistics: Total Files Migrated: Total Directories Promoted: Total Failed Migrations: Total Failed Directory Promotes: Total Retried Migrations: Total Canceled Migrations: Total Hard Links Skipped:...
Page 342 Policy for Balancing Capacity Showing All Policy Rules Schedule: hourly Migrate limit: Volume Scan: Enabled Inline Notifications: Disabled Promote Directories: Disabled State: Enabled Status: Volume Scan Status: Complete File Migration Status: Complete New File Placement Status: Enabled Cumulative Statistics: Total Files Migrated: Total Directories Promoted: Total Failed Migrations: Total Failed Directory Promotes:...
Page 343: Focusing On One Namespace
Policy for Balancing Capacity Showing All Policy Rules Elapsed Time: 00:00:00 Scan Report: None Number of Files Scanned: Number of Directories Scanned: Number of Files in Fileset: Number of Files Migrated: Size of Files Migrated: 0 (0 on source) Number of Directories Promoted: Number of Failed Migrations: Number of Failed Directory Promotes: Volume:...
Page 344: Showing Details For The Namespace
Policy for Balancing Capacity Showing All Policy Rules For example, the following command lists the rule and share farm for the “wwmed” namespace: bstnA6k# show policy wwmed Namespace: wwmed Rule Status Priority Volume Rule Vol. Scan Migration --------- ------------------------- ------------------------- ------------------------- /acct docs2das8...
Page 345: Focusing On One Volume
Policy for Balancing Capacity Showing All Policy Rules New File Placement Rule: Configuration: Constrain Files: Constrain Directories: Balance Mode: Capacity bstnA6k# ... Focusing on One Volume Add the volume name after the namespace name to focus on the volume: show policy namespace volume where namespace (optional, 1-30 characters) is the namespace, and volume (optional, 1-1024 characters) identifies the volume.
Page 346: Showing Details For The Volume
Policy for Balancing Capacity Showing All Policy Rules Showing Details for the Volume As with namespaces, you can add the keyword for details about the volume: details show policy namespace volume details This lists details about all the rules and share farms in the volume. For example, this command shows details about the “wwmed~/acct”...
Page 347 Policy for Balancing Capacity Showing All Policy Rules This expands the output to show the full details for the share farm or rule. These details include configuration parameters and usage statistics. For example, the following command shows the “docs2das8” rule in the “wwmed~/acct”...
Page 348 Policy for Balancing Capacity Showing All Policy Rules Total Files Placed Inline: Total File Renames Processed Inline: Total Directories Placed Inline: Total Directory Renames Processed Inline: Number of Scans Performed: Queue Statistics: First-time Migrates: Requeued Migrates: Queued Directory Promotes: Last Scan Statistics: Scan Started: Wed Apr 4 03:41:53 2007...
Page 349: Adding A Share Farm
Policy for Balancing Capacity Adding a Share Farm Adding a Share Farm You configure your usage-balancing policies in a share farm. A share farm is a group of shares in a volume. You can apply file-distribution rules to a share farm, with the aim of balancing the usage of its back-end shares.
Page 350: Adding A Share To The Farm
Policy for Balancing Capacity Adding a Share Farm bstnA6k(gbl)# namespace wwmed bstnA6k(gbl-ns[wwmed])# volume /acct bstnA6k(gbl-ns-vol[wwmed~/acct])# share-farm fm1 bstnA6k(gbl-ns-vol-sfarm[wwmed~/acct~fm1])# ... Adding a Share to the Farm The next step in creating a share farm is to add a share to the farm. The share farm can hold multiple shares.
Page 351: Removing A Share From A Share Farm
Policy for Balancing Capacity Adding a Share Farm The default weight is 1. From gbl-ns-vol-sfarm mode, use the clause with the weight command to set the share’s weight: share share name weight weight where name (1-64 characters) identifies the share, and weight (0-100) is the weight of the share, relative to the weights you set for other shares in the same farm.
Page 352: Auto Migrating Existing Files
Policy for Balancing Capacity Adding a Share Farm Auto Migrating Existing Files You can configure an auto-migrate policy to migrate files off of a share that is low on free space. The files migrate to shares that are not low on free space, if there are any such shares in the same share farm.
Page 353: Balancing New Files Based On Free Space
Policy for Balancing Capacity Adding a Share Farm Balancing New Files Based on Free Space New files, created by the volume’s clients, are distributed round-robin amongst the shares in the share farm. For example, consider a share farm with shares s1 and s2: the first new file goes to s1, the second goes to s2, the third goes to s1, and so on.
Page 354: Based On Latency (Bandwidth)
Policy for Balancing Capacity Adding a Share Farm Based on Latency (Bandwidth) The NSM continuously updates its measure of the average latency (round-trip packet time) between its ports and each share. A low latency for a share indicates high currently-available bandwidth at the share. You can use the command to balance distribute new files based on latency measures instead of free-space measures.
Page 355: Maintaining Minimum Free Space
Policy for Balancing Capacity Adding a Share Farm prtlndA1k(gbl-ns[nemed])# volume /acctShdw prtlndA1k(gbl-ns-vol[nemed~/acctShdw])# share-farm farm1 prtlndA1k(gbl-ns-vol-sfarm[nemed~/acctShdw~farm1])# share back1 weight 20 prtlndA1k(gbl-ns-vol-sfarm[nemed~/acctShdw~farm1])# share back2 weight 10 prtlndA1k(gbl-ns-vol-sfarm[nemed~/acctShdw~farm1])# balance round-robin prtlndA1k(gbl-ns-vol-sfarm[nemed~/acctShdw~farm1])# ... Maintaining Minimum Free Space By default, the share farm stops distributing new files to any share whose free space falls below one gigabyte.
Page 356: New-File Placement When All Shares Reach The Free Space Threshold12
Policy for Balancing Capacity Adding a Share Farm bstnA6k(gbl-ns-vol-sfarm[wwmed~/acct~fm1])# ... New-File Placement When All Shares Reach the Free Space Threshold If all shares fill up to their measures, the share farm distributes maintain-free-space each new file to the same share as its parent directory. Disabling the Free-Space Threshold You can allow the balance rule to continue placing new files on shares that are close to filling up.
Page 357: Distributing New Files
Policy for Balancing Capacity Adding a Share Farm bstnA6k(gbl-ns-vol-sfarm[ns2~/usr~fm4])# constrain-files bstnA6k(gbl-ns-vol-sfarm[ns2~/usr~fm4])# ... Distributing New Files Use the form of the command to new files in the current constrain-files balance share farm. With this (default) setting, the ARX uses the new-file balancing algorithm set with one of the commands: balance...
Page 358: Constraining Directories Below A Certain Depth
Policy for Balancing Capacity Adding a Share Farm bstnA6k(gbl)# namespace ns2 bstnA6k(gbl-ns[ns2])# volume /usr bstnA6k(gbl-ns-vol[ns2~/usr])# share-farm fm4 bstnA6k(gbl-ns-vol-sfarm[ns2~/usr~fm4])# constrain-directories bstnA6k(gbl-ns-vol-sfarm[ns2~/usr~fm4])# ... Constraining Directories Below a Certain Depth You can apply the directory constraint to any level in the volume’s directory tree. For example, consider a volume called /var that gets three new child directories, /usr, /log, and /bin: if you constrain all directories below the first level of this tree, the share farm can distribute those directories to any share with available space (as guided by...
Page 359: Not Constraining Directories
Policy for Balancing Capacity Adding a Share Farm Not Constraining Directories to remove directory placement restrictions and have new no constrain-directories directories distributed as directed by one of the commands. balance no constrain-directories For example: bstnA6k(gbl)# namespace ns2 bstnA6k(gbl-ns[ns2])# volume /var bstnA6k(gbl-ns-vol[ns2~/var])# share-farm fm2 bstnA6k(gbl-ns-vol-sfarm[ns2~/var~fm2])# no constrain-directories bstnA6k(gbl-ns-vol-sfarm[ns2~/var~fm2])# ...
Page 360: Stopping All Share-Farm Rules
Policy for Balancing Capacity Adding a Share Farm Stopping All Share-Farm Rules You can stop all auto migrations and/or new-file balancing on a share farm by disabling it. This reverts all shares to standard behavior; no auto migrations as free space gets low on a share, and any new file or directory is created on the same share as its parent.
Page 361: Creating A Schedule
Policy for Balancing Capacity Creating a Schedule Creating a Schedule Several policy rules use a schedule, which determines when (and how frequently) a rule runs. Each rule can have a unique schedule. Conversely, several rules can share the same schedule. From gbl mode, use the command to create a policy schedule schedule:...
Page 362: Setting The Duration (Optional)
Policy for Balancing Capacity Creating a Schedule bstnA6k(gbl)# schedule hourly bstnA6k(gbl-schedule[hourly])# every 1 hours bstnA6k(gbl-schedule[hourly])# ... Setting the Duration (optional) The next step in creating a schedule is to set a duration. The duration is the amount of time that a rule can run. The duration is applied every time the schedule fires: if you set a 5-minute duration for the schedule, each rule that uses the schedule has 5 minutes to run every time it runs.
Page 363: Setting The Start Time (Optional)
Policy for Balancing Capacity Creating a Schedule For example, the following command sequence removes the duration from the “hourly” schedule: bstnA6k(gbl)# schedule hourly bstnA6k(gbl-schedule[hourly])# no duration bstnA6k(gbl-schedule[hourly])# ... Setting the Start Time (optional) A schedule’s start time determines the start of each interval: if a daily schedule has a start time of 2:42 PM, the schedule will fire at 2:42 PM every day.
Page 364: Showing All Schedules
Policy for Balancing Capacity Creating a Schedule bstnA6k(gbl-schedule[daily])# no start bstnA6k(gbl-schedule[daily])# ... Showing All Schedules To list all schedules on the switch, use the command: show policy schedule show policy schedule This shows each schedule’s configuration parameters as well as the time of the next scheduled run.
Page 365: Showing One Schedule
Policy for Balancing Capacity Creating a Schedule Showing One Schedule To focus on a single schedule, add the desired schedule name to the command: show policy schedule name where name (1-64 characters) identifies the schedule to show. For example, this shows the “hourly” schedule: bstnA6k(gbl)# show policy schedule hourly Schedule: hourly...
Page 366: Pausing All Rules In A Volume
Policy for Balancing Capacity Pausing All Rules in a Volume Start Time: Sun Sep 4 03:00:00 2005 Previous Run: Wed Apr 4 03:00:00 2007 Runs Next: Thu Apr 5 03:00:00 2007 Interval: 1 days Duration: 02:00:00 End Time: Thu Apr 5 05:00:00 2007 Schedule: backupWindow...
Page 367: Resuming All Policies In A Volume
Policy for Balancing Capacity Pausing All Rules in a Volume This pauses all of the volume’s rules, so that they stop all volume scans and migrations. Clients may change files or directories so that they match a rule and therefore should be migrated; these migrations are queued until policy processing is resumed later.
Page 368: Pausing On A Schedule
Policy for Balancing Capacity Pausing All Rules in a Volume Pausing on a Schedule Some installations want to schedule “off hours” for file migrations; for example, you may want to pause all migrations during regularly scheduled backup windows. You can create a schedule (as described earlier) to define the off hours, then pause a volume according to that schedule.
Page 369: Draining One Or More Shares
Policy for Balancing Capacity Draining One or More Shares bstnA6k(gbl-ns-vol[medarcv~/rcrds])# no policy pause bstnA6k(gbl-ns-vol[medarcv~/rcrds])# ... Draining One or More Shares You can move all files from one share (or share farm) to one or more other shares in the same volume. A placement rule accomplishes this, and prevents any new files from being created on the source share(s).
Page 370: Identifying The Source Share(S)
Policy for Balancing Capacity Draining One or More Shares Identifying the Source Share(s) The next step in configuring a placement rule is to identify the source share or shares. The placement rule places all files from the source share(s) onto the target storage. From gbl-ns-vol-plc mode, use one of two commands to specify the source source...
Page 371: Choosing The Target Storage
Policy for Balancing Capacity Draining One or More Shares Choosing the Target Storage The next step in configuring a placement rule is to choose the target storage for the share’s files. You can choose one target: another share or share farm in the current volume.
Page 372: Applying A Schedule (Optional)
Policy for Balancing Capacity Draining One or More Shares To migrate files off of any share that is running low on free space, you can configure auto migration for the share farm. Refer back to “Auto Migrating Existing Files” on page 12-18 to configure auto migration.
Page 373: Limiting Each Migration (Optional)
Policy for Balancing Capacity Draining One or More Shares bstnA6k(gbl-ns-vol-plc[wwmed~/acct~emptyRH])# no schedule bstnA6k(gbl-ns-vol-plc[wwmed~/acct~emptyRH])# ... Limiting Each Migration (optional) You can use the command to put a ceiling on the amount of data limit-migrate migrated. The policy engine migrates files until it meets this limit; it stops migrating as soon as it discovers that the next file would exceed the limit.
Page 374: Removing The Limit
Policy for Balancing Capacity Draining One or More Shares Removing the Limit By default, a placement rule migrates until the source share is drained. Use the no limit-migrate command to return to this default: no limit-migrate For example, the following command sequence removes any migration limit in the “mvTars”...
Page 375: Generating A Verbose Report
Policy for Balancing Capacity Draining One or More Shares bstnA6k(gbl-ns-vol[wwmed~/acct])# place-rule emptyRH bstnA6k(gbl-ns-vol-plc[wwmed~/acct~emptyRH])# report emptyRH_ bstnA6k(gbl-ns-vol-plc[wwmed~/acct~emptyRH])# ... Generating a Verbose Report The placement report is terse by default. You should make the file verbose to give the best-possible chance of diagnosing any problems. To accomplish this, use the optional flag at the end of the command: verbose...
Page 376: Disabling Reports
Policy for Balancing Capacity Draining One or More Shares Disabling Reports From gbl-ns-vol-plc mode, use to prevent the rule from generating a report: no report no report This has no effect after the first (and only) run of the placement rule. For example, the following command sequence disables reporting for the rule, “mvTars:”...
Page 377: Disabling File Retention
Policy for Balancing Capacity Draining One or More Shares bstnA6k(gbl)# namespace wwmed bstnA6k(gbl-ns[wwmed])# volume /acct bstnA6k(gbl-ns-vol[wwmed~/acct])# share it5 bstnA6k(gbl-ns-vol-shr[wwmed~/acct~it5])# migrate retain-files bstnA6k(gbl-ns-vol-shr[wwmed~/acct~it5])# ... Disabling File Retention To disable the feature that retains copies of migrated files, use the form of the command: no migrate retain-files For example, the following command sequence disables the migration safeguard in...
Page 378: Tentatively Enabling The Rule
Policy for Balancing Capacity Draining One or More Shares Tentatively Enabling the Rule A tentatively-enabled rule is configured to appear in the system logs (syslog) as “tentative,” showing the potential effects of the rule if it was enabled. (The log component, POLICY_ACTION, creates the syslog messages;...
Page 379: Verifying That All Files Are Removed
Policy for Balancing Capacity Draining One or More Shares Verifying That All Files Are Removed You can use a metadata-only report to verify that the share is empty. Use the nsck ... command to generate a report about the share (as described in metadata-only “Focusing on One Share”...
Page 380: Removing The Placement Rule
Policy for Balancing Capacity Draining One or More Shares **** Total Files: **** Total Directories: **** Total Links: **** Total Locking Errors: **** Total items: **** Elapsed time: 00:00:00 **** Metadata-Only Report: DONE at Wed Sep 21 12:10:59 2005 **** Removing the Placement Rule You can remove a placement rule to both disable it and delete its configuration.
Page 381: Removing All Policy Objects From A Namespace
Policy for Balancing Capacity Removing All Policy Objects from a Namespace Removing All Policy Objects from a Namespace You can use a single command to remove all rules, share farms, and other policy objects from a namespace. The command has been described in remove namespace previous chapters for removing a volume (“Removing a Direct Volume”...
Page 382: Removing All Policy Objects From A Volume
Policy for Balancing Capacity Migrations in a Multi-Protocol Namespace Removing All Policy Objects from a Volume The optional argument focuses the command on one volume remove namespace volume: remove namespace name volume volume policy-only [timeout seconds] [sync] where: name (1-30 characters) is the name of the namespace, volume (1-1024 characters) is the path name of the volume, policy-only is the option to remove only the policy objects, and seconds (optional, 300-10,000) sets a time limit on each of the removal’s...
Page 383: File-Attribute Migrations
Policy for Balancing Capacity Migrations in a Multi-Protocol Namespace File-Attribute Migrations The policies in this chapter migrate file attributes along with the files themselves. File attributes are permission settings, the name or ID of the user who owns the file, the group or groups who have access to the file, last-access times, named streams, and other external data associated with the file.
Page 384: From A Netapp Filer, Unix Qtree
Policy for Balancing Capacity Migrations in a Multi-Protocol Namespace From a NetApp Filer, UNIX Qtree The following table shows how file attributes are migrated from a NetApp filer with a UNIX-based Qtree: Vendor for UNIX NTFS Destination Filer Permission UID, GID, time Security Descriptor (SD) Named Bits...
Page 385 Policy for Balancing Capacity Migrations in a Multi-Protocol Namespace Vendor for UNIX NTFS Destination Filer Permission UID, GID, time Security Descriptor (SD) Named Bits stamps, ... Streams NetApp, only high (sticky) bits copied; copied copied NTFS Qtree remaining attributes derived by destination (NetApp) filer copied copied...
Page 386: From An Emc Filer
Policy for Balancing Capacity Migrations in a Multi-Protocol Namespace From an EMC Filer The following table shows how file attributes are migrated from an EMC filer: Vendor for UNIX NTFS Destination Filer Permission UID, GID, time Security Descriptor (SD) Named Bits stamps, ...
Page 387: From A Unix/Smb Filer With Acls
Policy for Balancing Capacity Migrations in a Multi-Protocol Namespace Vendor for UNIX NTFS Destination Filer Permission UID, GID, time Security Descriptor (SD) Named Bits stamps, ... Streams NetApp, Migrates from SMB (no ACLs) to NetApp/NTFS are not supported. NTFS Qtree copied copied not copied...
Page 388: Some Cifs Applications Block Out Migrations
Policy for Balancing Capacity Some CIFS Applications Block Out Migrations Some CIFS Applications Block Out Migrations If any client holds a CIFS file open during a file migration, the migration may fail for that file. Applications have the option to universally block all CIFS-read access to a file.
Page 389: Grouping Files Into Filesets
Chapter 13 Grouping Files into Filesets A fileset is a group of files and/or directories to which you can apply replication and migration policies. You can configure filesets based on filename, directory path, size, and/or age. You can create complex filesets by joining multiple filesets in a union or taking the intersection of two or more filesets.
Page 390: Setting A Directory Path (Optional)
Grouping Files into Filesets Grouping Files by Filename Create object 'xmlFiles'? [yes/no] yes bstnA6k(gbl-ns-vol-fs-name[xmlFiles])# ... Setting a Directory Path (optional) You can set a directory path to narrow the scope of the fileset. Only matching files/subdirectories under this path are included in the fileset; the default is the root directory in the managed volume.
Page 391: Disabling Recursive Matches
Grouping Files into Filesets Grouping Files by Filename For example, the following command set matches files in /www/xml, including all subdirectories: bstnA6k(gbl)# policy-filename-fileset website bstnA6k(gbl-ns-vol-fs-name[website])# path /www/xml bstnA6k(gbl-ns-vol-fs-name[website])# recurse bstnA6k(gbl-ns-vol-fs-name[website])# ... Disabling Recursive Matches From gbl-ns-vol-fs-name mode, use the command to disable recursive no recurse matches: no recurse...
Page 392: Using A Complex Regular Expression
Grouping Files into Filesets Grouping Files by Filename • ? is any single character, or no character. The * and ? match any character, including the “/” character. (The “/” is the Unix delimiter between directories.) Therefore, path match /usr/*/bin matches both “/usr/local/bin”...
Page 393: Regular Expression Syntax
Grouping Files into Filesets Grouping Files by Filename For example, the following command set uses a regular expression to match all hidden Unix directories (directories that start with “/.” and have something other than “.” as their second character): bstnA6k(gbl)# policy-filename-fileset hiddenFiles bstnA6k(gbl-ns-vol-fs-name[hiddenFiles])# path regexp “/\.[^\.]”...
Page 394: Shorthand For Character Groups
Grouping Files into Filesets Grouping Files by Filename Shorthand for Character Groups \d matches any numeric digit, 1-9. \D matches any character except a numeric digit. \t matches a <Tab>. \n, \f, and \r match various flavors of <Enter>. They are <Newline>, <Form Feed>, and <Carriage Return>, respectively.
Page 395: Regular-Expression Samples
Grouping Files into Filesets Grouping Files by Filename Regular-Expression Samples ^/var matches a path with “/var” at its root (for example, “/var/tmp” or “/variable/data,” but not “/bin/var”). ^/(var | tmp)/ matches two root directories, “/var/” or “/tmp/”. ^/home/[^/]+/$ matches any subdirectory of “/home” (such as “/home/juser/”) but does not match any directories below that level (such as “/home/juser/misc/”).
Page 396: Reverting To The Root Path
Grouping Files into Filesets Grouping Files by Filename bstnA6k(gbl)# policy-filename-fileset forAllUsers bstnA6k(gbl-ns-vol-fs-name[forAllUsers])# path regexp not “^/\.” bstnA6k(gbl-ns-vol-fs-name[forAllUsers])# ... Reverting to the Root Path From gbl-ns-vol-fs-name mode, use the command to match files in the no path volume’s root, “/”: no path For example, the following command set configures a name-based fileset, “acctfiles,”...
Page 397: Matching Filenames (Optional)
Grouping Files into Filesets Grouping Files by Filename Matching Filenames (optional) You can use the same methods (above) for specifying the fileset’s files. These apply to any files in the chosen path(s). By default, all files match. From gbl-ns-vol-fs-name mode, use the command to specify certain files for the fileset: name name filename [ignore-case]...
Page 398: Excluding Files
Grouping Files into Filesets Grouping Files by Filename Excluding Files As with paths, you can use the keyword to select every file that does not match the string: name not filename [ignore-case] matches any file except the one specified. This only excludes an exact match for filename.
Page 399: Grouping Files By Size
Grouping Files into Filesets Grouping Files by Size Grouping Files by Size You can create filesets based on file size. Each filesize fileset contains files “larger-than” or “smaller-than” a size of your choosing, or files in a range between two sizes. From gbl mode, use the command to create a filesize policy-filesize-fileset fileset:...
Page 400: Selecting Files Based On Their Sizes
Grouping Files into Filesets Grouping Files by Size Selecting Files Based on their Sizes The next step in configuring a filesize fileset is to determine a size range for its files. You can select files larger-than (or equal-to) a certain size, smaller-than a certain size, or between two sizes.
Page 401: Removing The Fileset
Grouping Files into Filesets Grouping Files by Age bstnA6k(gbl)# policy-filesize-fileset veryLarge bstnA6k(gbl-ns-vol-fs-filesize[veryLarge])# no select-files smaller-than bstnA6k(gbl-ns-vol-fs-filesize[veryLarge])# ... Removing the Fileset Removing a fileset affects file metadata only; it does not delete any files. From gbl mode, use to remove a filesize fileset: no policy-filesize-fileset no policy-filesize-fileset name where name (1-64 characters) identifies the fileset to be removed.
Page 402: Selecting Files Based On Their Ages
Grouping Files into Filesets Grouping Files by Age For example, the following command sequence creates a new simple-age fileset: bstnA6k(gbl)# policy-simple-age-fileset dayOld This will create a new policy object. Create object 'dayOld'? [yes/no] yes bstnA6k(gbl-ns-vol-fs-simple-age[dayOld])# ... Selecting Files Based on their Ages The next step in configuring a simple-age fileset is to determine the age for its files.
Page 403: Removing A File Selection
Grouping Files into Filesets Grouping Files by Age Removing a File Selection Use the command to remove a file selection: no select-files no select-files {older-than | newer-than} where older-than | newer-than chooses the selection to remove. For example, this removes the “older-than” selection from a simple-age fileset: bstnA6k(gbl)# policy-simple-age-fileset 2mo This will create a new policy object.
Page 404: Identifying A Source Fileset (Optional)
Grouping Files into Filesets Grouping Files by Age Identifying a Source Fileset (optional) By default, the fileset selects its files from all of files in the current volume. You can narrow this scope by choosing a source fileset (for example, a filename fileset with a particular directory ).
Page 405: Setting The Age-Evaluation Interval (Optional)
Grouping Files into Filesets Grouping Files by Age Setting the Age-Evaluation Interval (optional) By default, the simple-age fileset selects all of its files whenever it is used by a rule. For example, suppose a file-placement rule uses a simple-age fileset that selects files newer than 3 hours.
Page 406: Reverting To The Default Evaluation Interval
Grouping Files into Filesets Grouping Files by Age Reverting to the Default Evaluation Interval By default, a simple-age fileset selects its files whenever it is used by a rule. To return to this default, use the command from gbl-ns-vol-fs-simple-age mode: no every no every For example, the following command set configures the “dayOld”...
Page 407: Reverting To The Default Start Time
Grouping Files into Filesets Grouping Files by Age bstnA6k(gbl-ns-vol-fs-simple-age[dayOld])# ... Reverting to the Default Start Time By default, a simple-age fileset selects its files whenever it is used by a rule. If the fileset uses a schedule set by the command, the default start time is the time that every an administrator entered the...
Page 408: Joining Filesets
Grouping Files into Filesets Joining Filesets Joining Filesets You can join two or more filesets in a union fileset. A union fileset contains all the files in all of its source filesets. A file that is common to two or more of the source filesets is only included once in the resulting union.
Page 409: Removing A Source Fileset
Grouping Files into Filesets Joining Filesets bstnA6k(gbl-ns-vol-fs-union[bulky])# from fileset xmlFiles bstnA6k(gbl-ns-vol-fs-union[bulky])# ... Removing a Source Fileset Use the no form of the command to remove a fileset from the list of from fileset sources: no from fileset fileset-name where fileset-name (1-64 characters) identifies the fileset to remove. You cannot remove the last source fileset if the union fileset is in use (that is, referenced by another fileset or used in a rule).
Page 410: Removing The Fileset
Grouping Files into Filesets Intersecting Filesets Removing the Fileset Removing a fileset affects the switch configuration only; it does not delete any files. to remove a union fileset from the current volume: no policy-union-fileset no policy-union-fileset name where name (1-64 characters) identifies the fileset to be removed. You cannot remove a fileset that is referenced by another fileset or used in a rule.
Page 411: Identifying A Source Fileset
Grouping Files into Filesets Intersecting Filesets Identifying a Source Fileset The final step in configuring an intersection fileset is to identify two or more source filesets. You can include as many source filesets as desired, but you must have at least two for the intersection to be meaningful.
Page 412: Removing All Source Filesets
Grouping Files into Filesets Listing all Filesets Removing All Source Filesets To remove all filesets with a single command, use no from all no from all As above, you cannot remove all source filesets if the intersection fileset is in use. For example, the following command set removes all source filesets from the “paidBills”...
Page 413 Grouping Files into Filesets Listing all Filesets bstnA6k(gbl)# show policy filesets Global Policy: Filename Fileset: website Configuration: Name Does Not Match Regular Expression: \.(wmv|avi)$ Path Is: /www/xml/ Recurse: Filename Fileset: hiddenFiles Configuration: Name Is: Path Matches Regular Expression: /\.[^\.] Recurse: Filename Fileset: fm_pdf Configuration:...
Page 414 Grouping Files into Filesets Listing all Filesets Configuration: Select Files Larger Than Or Equal To: 5.0G Fileset Union: bulky Configuration: From fileset: fm_pdf From fileset: veryLarge Simple Age Fileset: dayOld Configuration: Select files older than: 1 days Mode: Last Accessed Simple Age Fileset: Configuration: From fileset:...
Page 415: Showing One Global Fileset
Grouping Files into Filesets Listing all Filesets Filename Fileset: images Configuration: Name Is: Path Is: /images/ Recurse: bstnA6k(gbl)# ... Showing One Global Fileset To show a single global fileset, add the argument to the end of the global-fileset show command: policy filesets show policy filesets global-fileset fileset-name where fileset-name (optional, 1-1024 characters) chooses the fileset.
Page 416: Showing Filesets In A Managed Volume
Grouping Files into Filesets Sample - Configuring Age-Based Filesets Showing Filesets in a Managed Volume All filesets can be alternatively configured within a managed volume. To show the configuration for such a fileset, specify the namespace and volume name before the fileset name: show policy filesets namespace volume fileset-name where...
Page 417 Grouping Files into Filesets Sample - Configuring Age-Based Filesets Create object 'office_files'? [yes/no] yes bstnA6k(gbl-ns-vol-fs-union[office_files])# from fileset xls_files bstnA6k(gbl-ns-vol-fs-union[office_files])# from fileset doc_files bstnA6k(gbl-ns-vol-fs-union[office_files])# exit In the “wwmed~/acct” volume, create an age-based fileset that only takes the office files that were accessed this month: bstnA6k(gbl)# namespace wwmed bstnA6k(gbl-ns[wwmed])# volume /acct bstnA6k(gbl-ns-vol[wwmed~/acct])# simple-age-fileset thisMonth...
Page 418 Grouping Files into Filesets Sample - Configuring Age-Based Filesets 13-30 CLI Storage-Management Guide...
Page 419: Migrating Filesets
Chapter 14 Migrating Filesets A fileset is a group of files and/or directories to which you can apply replication and migration policies. This chapter explains how to configure policies for migrating filesets to desired back-end storage. Direct volumes, which contain no metadata, do not support any filesets. This chapter is relevant to managed volumes only.
Page 420: Directing File Placement
Migrating Filesets Directing File Placement Directing File Placement You can use fileset policies to steer files and/or directories onto specific storage targets. You choose the files/directories by configuring a fileset for them, and you choose the storage target by creating a placement rule in the volume. This is the same placement rule that can move everything off of a share (refer back to “Draining One or More Shares”...
Page 421: Identifying The Source Fileset
Migrating Filesets Directing File Placement Identifying the Source Fileset The next step in configuring a placement rule is to identify the source fileset. This chooses a set of files and/or directories based on their names, sizes, ages, or other criteria; this set of files and/or directories changes as clients create, edit, and delete them in the volume.
Page 422 Migrating Filesets Directing File Placement Note that the master copies of the directories remain on their original filer, das3; this means that new files in those directories go to das3 by default, if they are outside the fileset. All of their new subdirectories go to das3, too. In this illustration, only one new file matches and is steered onto das8.
Page 423: Matching Directories Only
Migrating Filesets Directing File Placement bstnA6k(gbl-ns-vol[wwmed~/acct])# place-rule docs2das8 bstnA6k(gbl-ns-vol-plc[wwmed~/acct~docs2das8])# from fileset fm_pdf match files bstnA6k(gbl-ns-vol-plc[wwmed~/acct~docs2das8])# ... Matching Directories Only Consider a directory tree on a filer that is filled to a comfortable level, but clients are likely to add subdirectories that may overfill the share. You want all new subdirectories to be created on a new filer and grow there, but existing files and directories can stay.
Page 424 Migrating Filesets Directing File Placement This configuration mainly focuses on new directories and their sub-trees. The placement rule steers new directories to das8. Since the new directories are created on das8, the das8 instance of the directory is master. By default, all of its child files and directories follow it onto das8.
Page 425: Matching And Promoting Directories
Migrating Filesets Directing File Placement bstnA6k(gbl)# policy-filename-fileset all bstnA6k(gbl-ns-vol-fs-name[all])# recurse bstnA6k(gbl-ns-vol-fs-name[all])# exit bstnA6k(gbl)# namespace wwmed bstnA6k(gbl-ns[wwmed])# volume /acct bstnA6k(gbl-ns-vol[wwmed~/acct])# place-rule noNewDirs bstnA6k(gbl-ns-vol-plc[wwmed~/acct~noNewDirs])# from fileset all match directories bstnA6k(gbl-ns-vol-plc[wwmed~/acct~noNewDirs])# ... Matching and Promoting Directories Both of the previous commands did not change the current master from fileset directories;...
Page 426 Migrating Filesets Directing File Placement For example, suppose das8 is supposed to be master of /a/b. You can promote it and all of its descendant directories without migrating any files. After the placement rule runs, the file already under /a/b stays on das3. The master for /a/b is now on das8. The /a directory is striped to das8 so that it can hold the /a/b directory;...
Page 427 Migrating Filesets Directing File Placement As clients add new files and subdirectories to /a/b, they go onto das8 instead of das3. New files in /a, which is outside the fileset, continue to gravitate to das3. das3 das8 /a/b /a/b /a/b/c /a/b is a new directory is a new file...
Page 428: Promoting Directories On A Target Share Farm
Migrating Filesets Directing File Placement bstnA6k(gbl-ns[wwmed])# volume /acct bstnA6k(gbl-ns-vol[wwmed~/acct])# place-rule reset bstnA6k(gbl-ns-vol-plc[wwmed~/acct~reset])# from fileset a_b_tree match directories promote-directories bstnA6k(gbl-ns-vol-plc[wwmed~/acct~reset])# ... Promoting Directories on a Target Share Farm If the file-placement target is a share farm, the share that gets the directory also gets the directory promotion.
Page 429: Matching Directory Trees (Directories And Files)
Migrating Filesets Directing File Placement Matching Directory Trees (Directories and Files) By combining files, directories, and directory promotion, you can move an entire directory tree from das3 to das8 and make it grow on das8. For example, you can migrate all existing files in directory /a/b in addition to ensuring that new files and directories get created on das8.
Page 430 Migrating Filesets Directing File Placement Each new file and directory, as in the previous example, follows its parent’s master directory. Directory /a/b grows on das8 while new files in /a continue to gravitate to das3: das3 das8 /a/b /a/b /a/b/c /a/b is a new directory is a new file...
Page 431: Limiting The Selection To Particular Source Share(S) (Optional)
Migrating Filesets Directing File Placement bstnA6k(gbl-ns-vol-plc[wwmed~/acct~mvtree])# from fileset a_b_tree match all promote-directories bstnA6k(gbl-ns-vol-plc[wwmed~/acct~mvtree])# ... Limiting the Selection to Particular Source Share(s) (optional) You can select the above files and/or directories from a particular share or share farm. By default, the selected files and directories come from all shares in the volume. From gbl-ns-vol-plc mode, use one of two commands to specify the source share(s): source...
Page 432: Choosing The Target Storage
Migrating Filesets Directing File Placement bstnA6k(gbl)# namespace wwmed bstnA6k(gbl-ns[wwmed])# volume /acct bstnA6k(gbl-ns-vol[wwmed~/acct])# place-rule mvtree bstnA6k(gbl-ns-vol-plc[wwmed~/acct~mvtree])# no source bstnA6k(gbl-ns-vol-plc[wwmed~/acct~mvtree])# ... Choosing the Target Storage You choose the target storage for a fileset with the same commands that are used for emptying a share.Either a share or a share farm is a valid target for the fileset. From gbl-ns-vol-plc mode, use one of two rules to set the fileset’s storage target: target...
Page 433: Balancing Capacity In A Target Share Farm
Migrating Filesets Directing File Placement bstnA6k(gbl-ns-vol-plc[wwmed~/acct~distributeFiles])# ... Balancing Capacity in a Target Share Farm When a share farm is a file-placement target, the first configured share in the farm is the default share for placed files. Most files are placed on the same share as their parent directory, but a file defaults to the first share if its parent directory is outside the share farm.
Page 434: Removing The Limit
Migrating Filesets Directing File Placement For a placement rule without a schedule, this limit applies to the one-and-only run of the rule. If the original fileset exceeds this limit, the left-over files from that fileset remain on their source share(s) indefinitely. New files that belong in the fileset are created at the target share(s), before they have any size, so they are not blocked by this limit.
Page 435: Removing The Schedule
Migrating Filesets Directing File Placement Whether or not you use a schedule, the rule places all new files as clients create them. By default, the rule also watches all client changes inline, and migrates any file that changes to match the source fileset. A schedule has no effect on new or newly-changed files.
Page 436: Disabling Inline Notifications (Optional)
Migrating Filesets Directing File Placement Disabling Inline Notifications (optional) Clients make changes to files that may cause them to be selected by a file-placement rule; for example, a client could rename a file or change its size. By default, the file-placement rule monitors all client changes inline and migrates any files that newly-match the source fileset.
Page 437: Configuring Progress Reports
Migrating Filesets Directing File Placement bstnA6k(gbl-ns-vol-plc[wwmed~/acct~emptyRH])# ... Configuring Progress Reports The next step in configuring a placement rule is optional but strongly recommended: setting up progress reports. Progress reports show all the milestones and results of a file-placement execution. The policy engine generates a report each time the schedule fires and invokes the rule.
Page 438: Generating Verbose Reports
Migrating Filesets Directing File Placement Generating Verbose Reports Placement reports are terse by default. To make them verbose, use the optional flag at the end of the command: verbose report report prefix verbose where prefix is explained above. For example, the following command resets “docs2das8” to produce verbose reports: bstnA6k(gbl)# namespace wwmed bstnA6k(gbl-ns[wwmed])# volume /acct bstnA6k(gbl-ns-vol[wwmed~/acct])# place-rule docs2das8...
Page 439: Enabling The Placement Rule
Migrating Filesets Directing File Placement For example, the following command sequence disables reporting for the rule, “mvTars:” bstnA6k(gbl)# namespace archives bstnA6k(gbl-ns[archives])# volume /home bstnA6k(gbl-ns-vol[archives~/home])# place-rule mvTars bstnA6k(gbl-ns-vol-plc[archives~/home~mvTars])# no report bstnA6k(gbl-ns-vol-plc[archives~/home~mvTars])# ... Enabling the Placement Rule The final step in configuring any rule is to enable it. By default, the rule is disabled and ignored by policy software.
Page 440: Disabling The Rule
Migrating Filesets Directing File Placement bstnA6k(gbl)# namespace wwmed bstnA6k(gbl-ns[wwmed])# volume /acct bstnA6k(gbl-ns-vol[wwmed~/acct])# place-rule docs2das8 bstnA6k(gbl-ns-vol-plc[wwmed~/acct~docs2das8])# enable tentative bstnA6k(gbl-ns-vol-plc[wwmed~/acct~docs2das8])# ... Disabling the Rule Disabling the rule removes it from consideration. Use from gbl-ns-vol-plc no enable mode to disable a placement rule. no enable For example, the following command sequence disables the “docs2das8”...
Page 441: Removing The Placement Rule
Migrating Filesets Changing Rule Order Removing the Placement Rule You can remove a placement rule to both disable it and delete its configuration. Many file-placement rules can manipulate directory mastership so that directory trees grow naturally on desired filers. If all directory masters are placed correctly, the managed volume creates new files and directories under them by default;...
Page 442 Migrating Filesets Changing Rule Order You can change the rule order only for placement rules that use filesets as their sources. The priority cannot change for shadow-copy rules (which are always highest priority), placement rules that drain shares (which are second priority), and share farms (which are lowest priority).
Page 443: Moving The Rule To The Beginning Or End
Migrating Filesets Changing Rule Order bstnA6k(gbl-ns[wwmed])# policy order-rule placeTest after docs2das8 bstnA6k(gbl-ns[wwmed])# ... Moving the Rule to the Beginning or End You can use the keyword to move the file-placement rule to the beginning first last or end of the list: policy order-rule rule1 {first | last} where first | last sets the new position for rule1.
Page 444 Migrating Filesets Changing Rule Order 14-26 CLI Storage-Management Guide...
Page 445: Shadowing A Volume
Chapter 15 Shadowing a Volume You can create a continuously-updated copy of a managed volume, called a shadow volume. The shadow volume can be on the same switch as its source volume (as shown below), or it can be hosted on another switch in the same RON (shown on the next page).
Page 446 Shadowing a Volume The examples in this chapter configure a source volume on a single ARX®6000 and its shadow volume on a redundant pair. The redundant pair is two ARX®1000 switches: RON tunnel /acct /acctShdw "wwmed" namespace "nemed" namespace The switch with the source volume is called the source switch and any switch with a shadow volume is called a target switch.
Page 447: Before You Begin
Shadowing a Volume Before You Begin Before You Begin Shadow volumes are commonly deployed on separate switches from the source volume, as pictured above. Before you configure the shadow volume on a target switch, you must first make a RON tunnel from the source switch to the target switch (see Chapter 5, Joining a RON, in the...
Page 448: Compatible Software Releases
Shadowing a Volume Adding a Shadow Volume (Target Switch) Choose a shadow volume with at least as much storage capacity as its source volume(s). The volume must be disabled when you change it into a shadow volume. For example, the following command sequence creates a shadow volume to be used for the “wwmed~/acct”...
Page 449: Allowing Modifications
Shadowing a Volume Adding a Shadow Volume (Target Switch) Allowing Modifications The shadow-copy rule will be modifying the metadata in the target volume, so the target volume must permit metadata modifications. This does not affect clients, who will have read-only access to the volume. It only applies to the shadow-copy rule itself.
Page 450: Turning Off Shadowing
Shadowing a Volume Adding a Shadow Volume (Target Switch) prtlndA1k(gbl-ns-vol-shr[nemed~/acctShdw~back2])# exit prtlndA1k(gbl-ns-vol[nemed~/acctShdw])# ... Turning Off Shadowing You can turn off shadowing to convert a shadow volume back to a managed volume. This makes the volume ineligible for shadow copies and opens it up for client writes; all the shadow-copied files become fully accessible.
Page 451: Specifying A Fileset To Copy (Source Switch)
Shadowing a Volume Specifying a Fileset to Copy (Source Switch) Specifying a Fileset to Copy (Source Switch) The next step in shadowing a volume is to choose a fileset to be “shadowed.” This occurs at the source volume, on the source switch. The fileset can include all files in the volume or a smaller set of files based on file names and/or file-access times.
Page 452: Configuring A Shadow-Copy Rule (Source Switch)
Shadowing a Volume Configuring a Shadow-Copy Rule (Source Switch) Configuring a Shadow-Copy Rule (Source Switch) The final step in volume shadowing is to create a shadow-copy rule. A shadow-copy rule replicates the fileset in the source volume over to the shadow volume; if a file changes later, that file is replicated again.
Page 453: Choosing A Shadow-Volume Target
Shadowing a Volume Configuring a Shadow-Copy Rule (Source Switch) You can only use one source fileset. If you want to use additional filesets as sources, create a union fileset (see “Joining Filesets” on page 13-20). You can re-issue the from command to change from one source fileset to another.
Page 454: Using A Path In The Shadow Volume
Shadowing a Volume Configuring a Shadow-Copy Rule (Source Switch) Switch Name HA Peer Switch Uptime Status UUID Management Addr ------------------------------------------------------------------------------ bstnA6k (None) 0 days, 00:45:01 ONLINE 7eafc74e-6fa9-11d8-9ed7-a9126cfbac40 10.1.1.7 provA5c (None) 0 days, 01:45:03 ONLINE df3d1b6e-8459-11d9-8899-d2d1d3d64a34 10.1.38.19 prtlndA1k prtlndA1kB 0 days, 01:39:01 ONLINE 9a6eb9ac-6c6d-11d8-9444-9e00f495ff7e 10.1.23.11...
Page 455: Removing The Shadow-Volume Target
Shadowing a Volume Configuring a Shadow-Copy Rule (Source Switch) prtlndA1k(gbl-ns[testns])# volume /users prtlndA1k(gbl-ns-vol[testns~/users])# shadow-copy-rule bkup prtlndA1k(gbl-ns-vol-shdwcp[testns~/users~bkup])# target volume /shdw path /users prtlndA1k(gbl-ns-vol-shdwcp[testns~/users~bkup])# exit prtlndA1k(gbl-ns[testns])# volume /admin prtlndA1k(gbl-ns-vol[testns~/admin])# shadow-copy-rule bkAdm prtlndA1k(gbl-ns-vol-shdwcp[testns~/admin~bkAdm])# target volume /shdw path /admin prtlndA1k(gbl-ns-vol-shdwcp[testns~/admin~bkAdm])# ... Removing the Shadow-Volume Target From gbl-ns-vol-shdwcp mode, use to remove a shadow-volume target: no target...
Page 456: Applying A Schedule
Shadowing a Volume Configuring a Shadow-Copy Rule (Source Switch) Applying a Schedule A shadow-copy rule requires a schedule. Use the gbl command to create schedule one; refer back to “Creating a Schedule” on page 12-27 for details. You cannot use a schedule with a fixed (see “Setting the Duration (optional)”...
Page 457: Generating Verbose Reports
Shadowing a Volume Configuring a Shadow-Copy Rule (Source Switch) By default, no reports are generated. From gbl-ns-vol-shdwcp mode, use the report command to generate shadow-copy reports for the current rule: report prefix where prefix (1-64 characters) is the prefix to be used for the rule’s reports. Each report has a unique name in the following format: prefixYearMonthDayHourMinute.rpt (for example, home_backup200403031200.rpt for a report with the “home_backup”...
Page 458: Including Identical Files In Reports
Shadowing a Volume Configuring a Shadow-Copy Rule (Source Switch) Including Identical Files in Reports If files are identical on both the source and shadow volumes, the rule does not transfer the file. By default, identical files are omitted from the shadow-copy reports. Use the optional flag to include these files in the report: list-identical...
Page 459: Supporting Local Groups (Cifs)
Shadowing a Volume Configuring a Shadow-Copy Rule (Source Switch) For example, the following command sequence disables reporting for the rule, “buHome:” bstnA6k(gbl)# namespace archives bstnA6k(gbl-ns[archives])# volume /home bstnA6k(gbl-ns-vol[archives~/home])# shadow-copy-rule buHome bstnA6k(gbl-ns-vol-shdwcp[archives~/home~buHome])# no report bstnA6k(gbl-ns-vol-shdwcp[archives~/home~buHome])# ... Supporting Local Groups (CIFS) A Windows filer can support Global Groups, which are managed by Domain Controllers, and/or Local Groups, which are unique to the filer.
Page 460: Translating Local Sids
Shadowing a Volume Configuring a Shadow-Copy Rule (Source Switch) Translating Local SIDs After all local groups are duplicated on all source and destination filers, you must configure the shadow-copy rule to translate them. When SID translation is enabled, the rule finds a file’s group name (such as “doctors”) at the source volume, then looks up the SID for that group name at the destination filer.
Page 461: Disabling Sid Translation
Shadowing a Volume Configuring a Shadow-Copy Rule (Source Switch) bstnA6k(gbl-ns-vol-shdwcp[insur~/claims~insurDR])# ... Some filer servers can be configured to return an error for an invalid SID (STATUS_INVALID_SID, STATUS_INVALID_OWNER, and/or STATUS_INVALID_PRIMARY_GROUP) but accept the file or directory anyway. You may want to discount these errors from these particular file servers. You can set this up for each errant file server from gbl-ns-vol-shr mode, using the sid-translation command (recall...
Page 462: Allowing Only Reads During The Shadow Copy
Shadowing a Volume Configuring a Shadow-Copy Rule (Source Switch) left open for the duration of the shadow-copy run. Some common Microsoft applications, such as Microsoft Word, hold a file open for writes as long as the client application is working with the file. (Note that other applications, such as Notepad and WordPad, open the file only long enough to read it into memory;...
Page 463: Support For Multi-Protocol Volumes
Shadowing a Volume Configuring a Shadow-Copy Rule (Source Switch) bstnA6k(gbl-ns-vol-shdwcp[insur~/claims~insurDR])# ... This increases the chances of the rule failing to copy some open files; you can use two CLI commands to find and close all open files while the rule is running. The show command displays a list of all files that are held open by a cifs-service open-files...
Page 464: Enabling Pruning
Shadowing a Volume Configuring a Shadow-Copy Rule (Source Switch) For example, the following command sequence disables pruning for the shadow-copy rule, DRrule: bstnA6k(gbl)# namespace wwmed bstnA6k(gbl-ns[wwmed])# volume /acct bstnA6k(gbl-ns-vol[wwmed~/acct])# shadow-copy-rule DRrule bstnA6k(gbl-ns-vol-shdwcp[wwmed~/acct~DRrule])# no prune-target bstnA6k(gbl-ns-vol-shdwcp[wwmed~/acct~DRrule])# ... Enabling Pruning Target-pruning is enabled by default, to ensure that the source and shadow volumes match after the first shadow copy.
Page 465: Copying All Directories
Shadowing a Volume Configuring a Shadow-Copy Rule (Source Switch) bstnA6k(gbl-ns-vol-shdwcp[wwmed~/acct~DRrule])# ... Copying All Directories Some applications require the presence of empty directories at specific paths; for those cases, you can use the command. This reverts to the default directory-copy full behavior: directory-copy full This copies the full directory tree from the source volume, even if the source fileset...
Page 466: Publishing Individual Files
Shadowing a Volume Configuring a Shadow-Copy Rule (Source Switch) bstnA6k(gbl-ns-vol-shdwcp[ns3~/cad1~cpRemote])# ... Publishing Individual Files By default, a shadow-copy rule publishes all files that successfully transfer, whether or not some of the transfers fail. To return to this default, use the publish individual command: publish individual...
Page 467: Removing Any Bandwidth Limit
Shadowing a Volume Configuring a Shadow-Copy Rule (Source Switch) For example, this command sequence limits transfers by the rule, “DRrule,” to five million BPS: bstnA6k(gbl)# namespace wwmed bstnA6k(gbl-ns[wwmed])# volume /acct bstnA6k(gbl-ns-vol[wwmed~/acct])# shadow-copy-rule DRrule bstnA6k(gbl-ns-vol-shdwcp[wwmed~/acct~DRrule])# bandwidth-limit 5M bstnA6k(gbl-ns-vol-shdwcp[wwmed~/acct~DRrule])# ... Removing any Bandwidth Limit Use the command to allow the rule to use unlimited bandwidth for no bandwidth-limit...
Page 468: Reverting To The Default
Shadowing a Volume Configuring a Shadow-Copy Rule (Source Switch) From gbl-ns-vol-shdwcp mode, use the command to set a different delta-threshold threshold: delta-threshold minimum-size[k|M|G|T] where minimum-size (1-64) is the minimum size of a file that is eligible for delta transfer, and k|M|G|T (optional) sets the size units: kilobytes, Megabytes, Gigabytes, or Terabytes.
Page 469: Enabling The Shadow-Copy Rule
Shadowing a Volume Configuring a Shadow-Copy Rule (Source Switch) Enabling the Shadow-Copy Rule The final step in configuring the shadow-copy rule is to enable it. By default, the rule is disabled and ignored by policy software. Use the command to enable the enable rule: enable...
Page 470 Shadowing a Volume Configuring a Shadow-Copy Rule (Source Switch) For every shadow-copy rule in every namespace, this shows the current progress of all shadow copies. Each rule has an overview section, a Target Status section listing all of the shadow volume targets, and two or more sections with more detail. The additional sections describe the most time-consuming parts of a shadow copy: Copy Phase, where files are copied from the source volume to a staging area in the shadow volume.
Page 471 Shadowing a Volume Configuring a Shadow-Copy Rule (Source Switch) Copy Phase Information ---------------------- Phase Started Jan 24 04:13 Phase Completed Jan 24 04:24 Elapsed Time 00:11:31 Average Transmission Rate 3.4 Mb/s (433.9 kB/s) Total Files/Directories 4,460 Files/Directories Scanned 4,460 Files/Directories Skipped Files/Directories Processed 4,460 Identical Files/Directories...
Page 472: Focusing On One Namespace
Shadowing a Volume Configuring a Shadow-Copy Rule (Source Switch) Shadow Rule insurDR Report File insurDR_200701240417.rpt Fileset worthSaving ============================================================================ Processing Started Jan 24 04:17 Processing Completed Jan 24 04:17 Elapsed Time 00:00:07 Operating Mode Inline notification Publishing Mode Individual bstnA6k(gbl)# ... Focusing on One Namespace Add the clause to specify one namespace:...
Page 473: Focusing On One Rule
Shadowing a Volume Configuring a Shadow-Copy Rule (Source Switch) For example: bstnA6k(gbl)# show shadow namespace wwmed volume /acct Focusing on One Rule Add the clause to specify one shadow-copy rule: Rule show shadow namespace name volume vol-name rule rule-name where name (1-30 characters) identifies the source namespace, vol-name (1-1024 characters) identifies the source volume, and rule-name (1-64 characters) is the name of the rule.
Page 474 Shadowing a Volume Configuring a Shadow-Copy Rule (Source Switch) ExMp=Export Mapping, Imp=Import, Inc=Inconsistencies, MdO=Metadata Only, MdU=Metadata Upgrade, MgMd=Migrate Metadata, NIS=NIS Update, Plc=Place Rule, Rbld=Rebuild, Rm=Remove, RmNs=Remove Namespace, RmSh=Remove Share, RsD=Restore Data, SCp=Shadow Copy, Snapshot=Snapshot, SuEn=Enable Subshare Inconsistencies, SuIn=Export Subshare Inconsistencies, Sum=Summary, SuSh=Export Subshares, Sync=Sync Files/Dirs, SySh=Sync Shares adminSessions_200701240331.rpt Jan 24 03:31 1.4k...
Page 475: Report Format
Shadowing a Volume Configuring a Shadow-Copy Rule (Source Switch) /planner/showRunning.fm 209,920 New(1) /planner/filesetPolicy.fm prtlndA1k: nemed:/acctShdw/: Full update (221,432 bytes sent) /planner/filesetPolicy.fm 221,184 New(1) /planner/securityMgmtSvcs.fm prtlndA1k: nemed:/acctShdw/: Full update (225,528 bytes sent) /planner/securityMgmtSvcs.fm 225,280 New(1) /planner/cliOperatorIX.fm prtlndA1k: nemed:/acctShdw/: Full update (285,944 bytes sent) You can also use to read a report, or to find a string in...
Page 476 Shadowing a Volume Configuring a Shadow-Copy Rule (Source Switch) Target Information ------------------ prtlndA1k: nemed:/acctShdw/ Shadow Copy File Details ======================== Filename Size Status -------------------------------------------------------------------------------- -------------- ------------------------------ /layer3.fm.lck prtlndA1k: nemed:/acctShdw/: Full update (212 bytes sent) /layer3.fm.lck New(1) /rework_vpn.fm.lck prtlndA1k: nemed:/acctShdw/: Full update (212 bytes sent) /rework_vpn.fm.lck New(1) /shellCmds_winXP.fm.lck...
Page 477 Shadowing a Volume Configuring a Shadow-Copy Rule (Source Switch) Namespace wwmed Source Volume wwmed:/acct Shadow Rule DRrule Fileset worthSaving Shared Access Allowed Bandwidth Limit 5.0 Mb/s (625.0 kB/s) ============================================================================ Processing Started Jan 24 04:11 Processing Completed Jan 24 04:23 Elapsed Time 00:12:41 Operating Mode Full tree walk...
Page 478: Reformatting The Report
Shadowing a Volume Configuring a Shadow-Copy Rule (Source Switch) Elapsed Time 00:00:05 Database Records Scanned 4,460 Files/Directories Published 4,907 New Files/Directories 4,460 Renamed Files/Directories Updated Files/Directories Removed Files/Directories Total processed: 4,460 Elapsed time: 00:12:47 **** Shadow Copy Report: DONE at Thu Jan 24 04:23:55 2007 **** Reformatting the Report You can use the command to duplicate the report in a different format,...
Page 479: Truncating The Report
Shadowing a Volume Configuring a Shadow-Copy Rule (Source Switch) Truncating the Report To conserve CPU cycles and/or internal-disk space, you may want to stop a shadow-copy report before it is finished. An oversized, CPU-intensive report could possibly have an effect on namespace performance. From priv-exec mode, use the command to stop all report processing and truncate the report file: truncate-report truncate-report name...
Page 480: Copying The Source Volume To Multiple Targets
Shadowing a Volume Configuring a Shadow-Copy Rule (Source Switch) Copying the Source Volume to Multiple Targets To copy a source volume to more than one target, create a separate shadow-copy rule for each target. Each shadow-copy rule can operate on its own schedule, or they can all use the same schedule.
Page 481 Shadowing a Volume Configuring a Shadow-Copy Rule (Source Switch) CLI Storage-Management Guide 15-37...
Page 482 Shadowing a Volume Configuring a Shadow-Copy Rule (Source Switch) 15-38 CLI Storage-Management Guide...
Page 483 Copyrights Copyright (c) 1990, 1993, 1994, 1995 The Regents of the University of California. All rights reserved. Copyright 2000 by the Massachusetts Institute of Technology. All Rights Reserved. Export of this software from the United States of America may require a specific license from the United States Government.
Page 484 Copyright-2 CLI Storage-Management Guide...
Page 485 Index CIFS 11-12 front-end CIFS service 11-26 disabling ACLs 11-26 enabling , 9-20, support for CIFS share-level ACLs 10-5 identifying a WINS server for 11-15 11-21 stopping and removing 3-18 active-directory forest-trust 11-35 listing all front-end CIFS services 3-10 active-directory-forest , 9-18, 15-15 Local-Group support...
Page 486 VIP to FQDN mapping required for Kerberos 11-28 9-27 filer See also Dynamic DNS. 9-20 filer-subshares 11-26 domain-join (gbl-cifs) Files 12-28 duration (gbl-schedule) 12-18 auto-migrating , 3-12, 11-28 Dynamic DNS 14-2 Fileset placement 11-34 recreating DNS aliases for Kerberos , 12-38, 14-16 applying a schedule 12-37...
Page 487 13-22 4-13 removing setting the NIS domain 13-21 10-3 removing a source fileset setting the Windows Domain 13-21 10-11 removing all source filesets showing all 15-7 11-42 using for a shadow copy showing all front-end services for 3-10 10-13 showing details forest-root 10-2 10-1...
Page 488 13-15 13-9 last name Last-accessed time, used to select files for named-streams 13-15 migration 3-12 name-server Last-modified time, used to select files for Namespace 13-15 migration adding , 12-39, 14-15 limit-migrate adding a direct volume adding a managed volume 12-15 adding a share farm 7-21 adding a volume...
Page 489 Network 1-10 Acopia switch’s place 13-2 path access list 4-14 permit 11-6 disabling NFS service 3-29 permit (gbl-mgmt-auth) 11-5 disabling NLM persistent-acls 11-6 enabling NFS service Policy 11-7 listing front-end NFS services 12-18 auto-migrating files offering a namespace volume through NFS 14-23 changing rule order 4-23,...
Page 490 13-9 15-8 for name-based filesets shadow-copy-rule 9-11 Share reimport-modify , 7-27, 9-71 , 8-32, 9-64 showing details remove namespace 12-47 Share farm remove namespace ... policy-only 12-16 adding a share remove namespace ... volume ... exports-only 11-41 14-2 as a target for fileset migration 15-12 12-18 report...
Page 491 show nis netgroup show ntlm-auth-server show ntlm-auth-server status 10-4 12-2 show policy Virtual server 13-24 show policy filesets 10-4 adding 12-30 show policy schedule 10-10 disabling show proxy-user 10-9 enabling 11-45 show server-mapping 10-10 removing 15-25 show shadow 11-45 showing filers/servers behind 9-35 show sid-translation 11-43...
Page 492 windows-domain (gbl-proxy-user) 3-28 windows-mgmt-auth 7-18 windows-mgmt-auth (gbl-ns) WINS recreating WINS name and aliases for 11-34 Kerberos 10-5 wins 10-8 wins-alias 10-7 wins-name Index-8 CLI Storage-Management Guide...

Acopia Networks 810-0044-00 Manual

Chapter 1 Introduction

Chapter 2

Product Overview

Solutions to Common Storage Problems

Chapter 3 Preparing for CIFS Authentication

Chapter 4 Preparing for NFS Authentication

Chapter 5 Examining Filers

Chapter 6 Adding an External Filer

Chapter 7 Configuring a Namespace

Chapter 8 Adding a Direct Volume

Chapter 9 Adding a Managed Volume

Quick Links

Need help?

Questions and answers

Summary of Contents for Acopia Networks 810-0044-00