Connecting to Edgeware Servers for the First Time

Document technical information

Format doc
Size 7.4 MB
First found May 22, 2018

Document content analysis

Category Also themed
Language
English
Type
not defined
Concepts
no text concepts found

Persons

Organizations

Places

Transcript

EDGEWARE USER GUIDE
VERSION 2.4
MAY 4 2005
1
INDEX
OVERVIEW OF THE EDGEWARE STORAGE SYSTEM................... 7
SERVER SECTION ..................................................................................... 9
SYSTEM TIME SUBSECTION ........................................................................................................................ 9
MANAGEMENT SUBSECTION....................................................................................................................11
IP Access Control ................................................................................................................................11
SSL Encryption ...................................................................................................................................12
Certificate Authority ...........................................................................................................................12
ADMINISTRATORS .....................................................................................................................................13
Webedge Users ....................................................................................................................................13
Webedge Groups .................................................................................................................................14
View Login Sessions............................................................................................................................16
UPDATES...................................................................................................................................................18
STORAGE SECTION ................................................................................ 20
RAID ........................................................................................................................................................20
Software RAID ....................................................................................................................................20
3ware Hardware RAID .......................................................................................................................27
What to do first when a RAID set is degraded ...................................................................................29
VOLUME MANAGER .................................................................................................................................32
Creating a new Volume Group ...........................................................................................................32
Add a Logical Volume.........................................................................................................................33
Deleting a Logical Volume .................................................................................................................35
Resizing a Logical Volume .................................................................................................................37
Snapshot Volumes ...............................................................................................................................38
SHARE MANAGER ....................................................................................................................................41
QUOTAS ....................................................................................................................................................43
BACKUP ....................................................................................................................................................47
NETWORKING.......................................................................................... 52
NETWORK.................................................................................................................................................52
ADVANCED CONFIGURATION .....................................................................................................53
CIFS .........................................................................................................................................................55
Windows Networking Options ............................................................................................................55
Windows Domain Users and Groups..................................................................................................58
APPLETALK..............................................................................................................................................59
AppleTalk Global Configurations and Options .................................................................................59
FTP...........................................................................................................................................................60
Networking Options ............................................................................................................................60
2
Denied FTP users: ..............................................................................................................................62
HTTP .......................................................................................................................................................63
NFS...........................................................................................................................................................64
NFS Export Configuration .................................................................................................................64
ISCSI ........................................................................................................................................................66
ASYNC ....................................................................................................................................................69
AUTHENTICATION ....................................................................................................................................70
USERS AND GROUPS .................................................................................................................................70
Local Users and Groups .....................................................................................................................70
Windows Domain Users and groups ..................................................................................................72
NIS Domain Users ..............................................................................................................................72
LDAP Domain Users and Groups ......................................................................................................72
Share Permissions ...............................................................................................................................73
Adding users to the share ....................................................................................................................73
Adding groups to the share .................................................................................................................74
Deleting users and groups from a share ............................................................................................74
NIS ...........................................................................................................................................................75
NIS Client ............................................................................................................................................75
NIS Users and Groups ........................................................................................................................75
Name Service Switch ...........................................................................................................................75
LDAP .......................................................................................................................................................76
LDAP Client ........................................................................................................................................76
LDAP users and groups ......................................................................................................................77
MAINTENANCE ........................................................................................ 78
SHUTDOWN ...............................................................................................................................................78
MONITORING ...........................................................................................................................................78
Monitoring Status ...............................................................................................................................78
Watch lists ...........................................................................................................................................78
LOGS .........................................................................................................................................................83
Webedge Actions .................................................................................................................................83
SYSTEM LOGS ..........................................................................................................................................83
PROCESSES ...............................................................................................................................................84
COMMAND LINE .......................................................................................................................................85
INTEGRITY................................................................................................................................................86
Verify ...................................................................................................................................................86
Save and Restore .................................................................................................................................89
System Configuration Backup ............................................................................................................90
Backing up NAS Configuration .........................................................................................................90
CLUSTERING ............................................................................................ 93
NAS SERVERS INDEX ...............................................................................................................................93
Setting up NAS servers for mirroring.................................................................................................94
MIRRORING (ASYNCHRONOUS MIRRORING)..........................................................................................96
Setting Up Asynchronous Mirroring ..................................................................................................96
SYNC (SYNCHRONOUS MIRRORING)......................................................................................................97
Setting up a synchronous mirror pair ................................................................................................97
Deleting a synchronous mirror .........................................................................................................102
3
Connecting to Edgeware Servers for the First Time
Edgeware Servers are preset to acquire an IP address from a DHCP server. In most cases,
the Appliance automatically configures itself. If the appliance does not receive an IP
address from a DHCP server, it may assign itself an IP address in the 169.254.0.0
network. If you do not have a DHCP server in your network, connect a crossover cable to
from a workstation or laptop to the network interface labeled eth0 and run Magellan on
the workstation or laptop. After Magellan discovers the server, login to the webedge (web
based interface) and set a valid static IP for your subnet.
Powering up:
1. Connect supplied power cables to all the power connections on the power supply
of the units at the back.
2. Connect an Ethernet cable to the network interface marked eth0.
3. Connect the chassis front panel bezel shipped with the system for Edgeware 12
bay series units.
4. Push the power button on the front panel to turn the unit on.
NAS Discovery
When DHCP server is active in the network:
Method 1(a):
Install and run Magellan Client program on a workstation on the local subnet as
the Edgeware unit.
Magellan, the Edgeware server discovery tool
Magellan is a Network Discovery Tool that consists of two parts - Magellan
Server and Magellan Client. The Magellan Server is already integrated with the
Edgeware storage system. The client is available on the accompanying CD shipped with
4
your system. The client requires Java Runtime Environment (JRE) version 1.4.2_03 or
above. If your workstation does not have such a version installed, JRE versions for major
platforms are provided on the CD. First install JRE and then the Magellan client. If you
experience problems after installing Magellan, remove all the JRE versions from your
workstation and then install the JRE version for your platform supplied on the CD.
The Magellan Client is a tool for remote configuration of the computer it is
running on. It allows the discovery and configuration of servers on the network that are
running either Webedge server, Magellan server or both and accepts and executes
commands issued remotely from the Magellan Client. Magellan client can be run on any
Java enabled machine on the network, no matter what operating system it uses. It
discovers all servers on the network that are running Edgeware Storage OS, displaying
general information about each found entry - IP Address, Hostname, Information about
whether the server is configured or not, working mode - multicast (Magellan server
running) and/or broadcast(Webedge server running). When a server is marked as
Configured, the Webedge server is running and can be accessed from browser. The
browser is automatically launched when the entry is double clicked or "Open Webmin..."
from the pop-up menu that pops up when the entry is right-clicked, when the server is
running Webedge, but not Magellan Server,
When a server is not running Webedge, but has Magellan server running, is
detected, it is marked as Unconfigured. When right-clicked, an entry has more options
then the case described above. First there is the "Configure" option which opens a
configuration dialog window where the settings of the corresponding server can be
reviewed and changed. After the changes are made, they are submitted to the server.
Other options are "Reboot" and "Shutdown", which are self explanatory. When
"Configure", "Reboot" or "Shutdown" command is issued, it will require root
administrator privileges, i.e. root password needs to be provided.
5
Figure 1: Magellan Discovery tool listing discovered servers on the local subnet.
Method 1(b):
1. Note the serial number on the back of the unit. The format is CExxxxxx-x.
2. Open an internet browser on a workstation on the same subnet as the Edgeware
system.
3. Type in the URL: https://[CExxxxxx]:10000 (where CExxxxx is the serial number
with hyphen and last digit omitted) or URL: https://IP address:10000 with the IP
address assigned from DHCP. You can find the IP address from your DHCP
server leases by matching the MAC address of the unit. The digits from the 3rd
digit till the 9th digit, in the unit serial number specify the last 6 digits of the MAC
address of your unit.
4. Login to the wededge web based UI with default username ‘admin’ and password
‘setup’.
6
When DHCP server is NOT active in the network:
1. Connect a crossover Ethernet cable between your Edgeware system and a
workstation or laptop.
2. Power on your workstation or laptop and then power on the Edgeware system.
3. The Edgeware system after boot up will acquire a default IP address in the
169.254.0.0 Auto IP subnet range. Allow 3 to 5 minutes for the edgeware system
to complete is boot up sequence.
4. Install and run Magellan.
5. Click the Set Options button.
6. Verify that the there is a broadcast entry: 169.254.255.255. If not change the
broadcast entry to that value and click on Save.
7. Click on Search to discover the Edgeware system and access webedge at
https://[IP address]: 10000 to set static IP address information for your production
subnet.
Overview of the Edgeware Storage System
Quick Start Web Management
Once the IP address is known, the Webedge management interface is accessible to
reconfigure the network settings for your desired layout or initializing the storage and
network file services. The base for Webedge is the popular Open Source Software (OSS)
program called Webmin. Webmin provides a solid base architecture and a means to
leverage other work for the satisfaction of the customer. Webedge adds many custom
storage management modules that allow quick and easy configuration with advanced
features.
Accessing Webedge
Webedge, like Webmin, uses port 10000 for web browser access and discovery UDP
7
broadcasts. Once the hostname or IP address is known using Magellan or Domain Name
Services (DNS), Webedge is accessible from any web browser by the URL, https://[IP
address]: 10000/ or https://[hostname]: 10000/. Upon access, the administrator, or
“admin”, and password “setup”. Figure 2 shows a web browser URL consistent with
using HTTPS and port 10000.
Fig 2: Webedge HTTPS and Port 10000 Access Line
Navigating through the Guide
Navigating to topics in this guide mirrors the Webedge layout where sections and
management modules define an outline or management tree. This management module
outline is shown on the left-hand side of your web browser when accessing Webedge.
The management modules are the base unit of deploying or removing additional
management features. Inside each module are groups of management components.
Typically, many components make up a management module. The convention of then
grouping modules in sections is a convenience to create a tree layout of related modules.
The resulting management tree is an outline to this guide as well.
Management and configuration tasks are organized into 6 sections comprising of subcomponents.
Server Section
The Server section includes modules for System Time, (Wededge) Management,
(Webedge) Administrators, and (software) Updates. Selecting the Server link, Server,
with the closed folder icon next to it, expands the Server section in Figure 1. After
expansion, the Server section opens up the folder icon and lists the modules affiliated
with this section. The links are an indented list of management module names as
hyperlinks on which you can click the mouse.
Storage Section
Enclosed in the Storage section are the management modules: (software and 3Ware
hardware) RAID, Volume Management, Partitions, Share Manager, File Manager,
Quotas, and (disk and tape) Backup.
Networking Section
The Networking section includes the management modules for the (IP address) Network,
the file sharing protocols including: CIFS, AppleTalk, FTP, and NFS; and (an IP
filtering)
Authentication Section
The Authentication section includes the management modules for: Users and
Groups, Share Permissions, NIS (client), and LDAP (client).
8
Maintenance Section
The Maintenance section includes the management modules: Shutdown (and reboot),
Monitoring, Logs, Process (lists), Command Line (access), and (OS) Integrity.
Clustering Section
The Clustering section includes the management modules: NAS Servers Index, and
Mirroring (Asynchronous volume mirroring) and Sync( Synchronous volume mirroring).
NOTE: Every parameter/option needed by webedge and the Edgeware OS is case
sensitive.
Server Section:
System Time Subsection:
In this section you can set the time and the date for the system and the real time clock
(hardware time) by making selections from the drop down menus.
System Time refers to two different time settings; both can be configured to synchronize
with a Network Time Protocol (NTP) server. The two portions of the Webedge System
Time section are the system clock and the hardware clock. The two differ in that the
system time lives in software only as long as the operating system is active (i.e., as long
as the server is powered on and the Linux OS is active). The hardware time is the
reflection of the hardware, NVRAM BIOS time. Figure 3 shows the System Time UI:
two sections for the OS system time and the hardware NVRAM BIOS time; the time
zone; and the NTP server.
9
Synchronization of time is important not only for keeping track of actual dates and
times on files but also for proper mirroring and clustering setup. In a cluster, even a
simple mirroring cluster of two, time differences may keep the proper things from
happening or, at least, happening as expected. This is where NTP servers are most useful.
You can specify a network time server on this page for synchronizing the system and/or
hardware time with that time server. You can find a list of public NTP servers at
http://www.eecis.udel.edu/~mills/ntp/servers.html.
Figure 3: System time setting page
10
Management Subsection:
This section provides management options for configuring access and settings for
the web UI. There are eight sub-sections under this section:
Figure 4: Management Subsection.
IP Access Control:
Here you can control access to the web UI based on IP information of client
machines. Select your choice of the three access modes and enter the IP addresses
in the text area.
If you want to restrict or allow clients from a particular subnet then the format to
enter a subnet is:
11
<IP address>/<subnet mask>
For instance if you would like to block or allow the 192.168.0.0 subnet, enter:
192.168.0.0/255.255.255.0
If you wish a reverse name lookup to verify the IP address has a hostname (and
vice-versa), you should select the check box below the entry box. Selecting the
check box enforces reserve name lookups.
SSL Encryption:
Here you can create SSL keys for you server. Enter the requested information
in the text fields and click on Create Now.
Certificate Authority:
To setup your certificate authority, enter the CA information and paste the
certificate given to you by the CA.
12
Administrators:
Webedge Users:
This section contains access control configuration for the webedge user interface
administrative users.
Inside the Administrators module, the administrative users and groups have pull
down list boxes directing the page to list the selected member’s module access list. You
can then select to edit the webedge administrators properties using the hyperlink ‘Edit
User’. You then can select a higher level of security using the select list next to Password
as shown in Figure 7. If you wish to keep the Webedge root administrator in place and
want the password synchronized with the SSH (secure shell) access from other systems,
then select Unix Authentication for the Password parameter. The new password is now
the default Unix Authentication password, 4linux! If you wish to keep the Webedge root
administrator's password separate from the SSH and Unix password then select ‘Set to...’
and enter a new value. You must then select Save at the bottom of the page (not shown in
Figure 7) to apply your selection.
Under each administrative user configuration page as show in Figure 4, you can
also restrict or allow access to a web UI administrator for each configurable module in
the UI by clearing or checking the check box next to each module name.
Alternatively, the other recommended path is to add a new Webedge user
administer the storage system. This administrator does not have to be a local User on the
Edgeware system but can exist solely for administration through the web browser. You
do not need to delete the default ‘root’ administrator but for sake of simplicity once the
web UI user is added and a test is run to ensure the new administrator has access and all
the module configuration in the UI sections work, the “root” administrator can be deleted.
13
Figure 5. Webedge root Administrator Details
Webedge Groups:
This subsection provides the functionality to create administrative groups for the
web UI. You can create groups and then add the administrative users you create under
Webedge Users to specific groups by selecting the group in ‘Member of group’ when
enter the click ‘Create a new Webedge User’ as shown in Figure 7. You can use
Webedge Groups to create administrative users quickly with module access control
specified in the Webedge group, so that you do not need to select or unselect the modules
when you create each user.
14
Figure 6: Create Webedge Group.
15
Figure 7. Create Webedge User and make it a member of a group from ‘Member of
group’
View Login Sessions:
Here you can view all the current logons made by administrative users of the UI
and also the configuration changes made in each login session so far.
16
Figure 8: Viewing current login sessions
You can view the logs recorded for a session by clicking ‘View logs’ hyperlink on the
right of each session. You can also disconnect a session by clicking on the Session ID
hyperlink of each session.
17
Updates:
The Updates section of the Server module provides the function of updating the
operating system and web UI of your Edgeware system.
Figure 9: Updates section.
Installed Packages:
You can search for installed packages here. Enter a keyword and click on ‘Search
for Package’, or you can get a listing of all the packages grouped by type, by clicking on
‘Package Tree’.
Install a New Package:
If you have an update in a package file you have received from Cutting Edge you
can install it here. The options are:
From uploaded file: If the file is located on your workstation or on your network you can
click browse and select the file.
18
Upgrade All Packages:
This is the preferred way of updating your Edgeware system operating system.
There are three sources to update from. The default is the Cutting Edge update server.
You can also upgrade from a USB CDROM if an update CD is supplied to you or a USB
flash drive. When you click ‘Upgrade’ the Edgeware updater will contact the update
source and check for any updates. When using the Cutting Edge Update server, make
sure that the Edgeware system has access to the standard http port 80 through your
firewall as the update process contacts the Cutting Edge server on that port.
If any updates are available the updater will install those updates automatically.
Depending on the network bandwidth available at that time, it may take longer than a few
minutes. You should wait until you see the ‘Upgrade complete’ message at the bottom of
the page to proceed.
Warning: Do not reboot or shutdown the box until you see the ‘Upgrade complete’
message. Doing so could leave the operating system in an unstable state and prevent the
system from booting up correctly.
19
Storage Section:
The primary use of the Edgeware Storage system is for block or file storage.
There are three primary configuration steps to allow access to disk space: 1) configure the
RAID set (typically done at install); 2) make a partition on the physical disk if required in
Partitions; 3) virtualize the storage with the Volume Manager and create logical volumes;
and 4) export the logical volumes using the Share Manager.
RAID:
The recommended use of the physical disks internal or external to the Edgeware
Storage system is to organize the physical disks in a RAID set. RAID provides increased
reliability and sometimes performance depending on the usage model (discussed with the
Volume Manager module).
Edgeware OS supports three types of RAID configurations for the data partition. These
RAID levels can be used on a multi-drive appliance, whether or not a hardware RAID
card is installed. If there is no hardware RAID card installed, you can use software RAID.
It is important to note that for a two-drive appliance, the only RAID levels available are 0
and 1. For an appliance with three or more drives, RAID levels 0, 1, and 5 are available
The RAID module contains two sub modules. Generally Edgeware systems have
hardware RAID controller(s). The RAID sets in this case are controlled by the hardware
controller(s). For such systems there is a sub module ‘3ware Hardware RAID’ which
provides information about the hard drives connected to the RAID controller, RAID sets
and configuration options.
The sub module ‘Software RAID’ allows you to view, create and configure RAID
sets via the operating system. The lower end systems such as the 4i and Datacube do not
have hardware RAID controllers, so the only RAID type available is the software RAID.
Software RAID
Software RAID is widely used in Linux storage servers and is very reliable. The
software RAID is available for providing additional reliability when adding external
SCSI drives or a JBOD disk set. After selecting the software RAID icon in the RAID
module, the administrator can view all existing software RAID sets which are also listed
inside the /proc/mdstat file where the Linux kernel tracks RAID sets. Figure 11 below
give an example of software RAID sets created from partitions on drives connected to
standard IDE and SATA controllers (SATA drives show up as SCSI drives in Linux
systems).
Cutting Edge Anstor64 OS supports four types of RAID configurations for the data
partition. These RAID levels can be used on a multi-drive appliance, whether or not a
hardware RAID card is installed. If there is no hardware RAID card installed, you can
use software RAID. It is important to note that for a two-drive appliance, the only RAID
levels available are 0 and 1. For an appliance with three or more drives, RAID levels 0, 1,
5 and 6 are available.
20
RAID 0: Single Large Volume
This type of RAID is also referred to as striping. RAID 0 interleaves
blocks of data between several drives. Even though multiple drives
exist in the array, to the user a RAID 0 appears as a single large
volume. It is important to understand however, that there is no form
of data backup when using a RAID 0. If a single drive fails, you will
lose the entire array. This type of RAID should not be used for
mission critical data. RAID 0 is available for any system with two or
more drives.
RAID 1: Mirroring
This type of RAID is used to create a mirror copy of the information
contained on one or more of the disks. In this method, a mirror is
created for each drive containing data. For example, in a two drive
RAID 1 setup, both drives contain the exact same data. Since there is
100% redundancy, there is no risk of losing data if one drive fails.
RAID 15:isDisk
available
for any
with two
or more drives.
RAID
Striping
withsystem
Distributed
Parity
This type of RAID features both striping and redundancy. This type
of RAID uses a technique called distributed parity, which allows data
to be recovered if one drive in the RAID fails. In addition, data blocks
are interleaved evenly across the drives in parity bits. RAID 5 is only
available for systems that have three or more drives.
RAID 6: Disk Striping with 2 Independent Distributed Parities
This type of RAID is an extension of RAID 5 which allows for
additional fault tolerance by using a second independent distributed
parity scheme (two-dimensional parity). Data is striped on a block
level across a set of drives, just like in RAID 5, and a second set of
parity is also calculated and written across all the drives; RAID 6
provides for an extremely high data fault tolerance and can sustain 2
simultaneous drive failures. Minimum drives required for a RAID6 is
4 or N + 2 where N is the number of desired usable drives.
21
Creating Software RAID Device:
To create a software RAID device, perform the following steps:
1. Navigate to the RAID page under the Storage section.
2. Click on modify partitions button.
3. On the Partition Manager page click on Add primary partition link for the drive
you want to include in a software RAID set. This should be a drive that has not
been used in any other hardware RAID. Verify by going to the other options on
the main RAID page. You can also check Volume Manager which drives are
already configured in volume groups and hence not usable for software RAID
until you delete those volume group structures. For example in Figure 10 below
you see the drives with location SCSI device C and SCSI device E as having no
partitions. The drive with location SCSI device A has the operating system
partitions and the drive with location SCSI device D has been partitioned for the
logical volume manager (LVM).
4. Click on create button. A partition using all of the space of drive will be created.
5. Create partitions for 1 or more drives in the same way, depending on what RAID
level you wish to create using them.
6. Next navigate to Software RAID page from Storage->RAID.
7. Select the type of software RAID to create and click on the create software RAID
device of level button. Shown in Figure 11c.
8. Now select the drive partitions to include on the RAID device from the text box
labeled Partitions in RAID by pressing CTRL and mouse button as shown in
Figure 11d. Then click on create button.
9. The software RAID device should be now created as shown in Figure 11e. Click
on the link for the software RAID device will take you to the properties page of
the RAID device. When you first create the RAID device of level 5 or 6, the
software has to generate the parity and sync the drives. In Figure 11f you see the
newly created RAID level 5 device /dev/md0 is being synced and is currently at
0.1%. The RAID device is ready to be included in the a volume group and used as
a logical volume in the Volume Manager right away but performance will be
slower than normal until the syncing has completed. This could take several hours
depending on the size of the drives and the I/O on the system.
22
Figure 10: Showing available SCSI device C and E.
Figure 11a: Create Partition page
Figure 11b: 1 primary partition created on drive at location SCSI device C
23
Figure 11c: Selecting type of software RAID level to create.
Figure 11d: Selecting disk partitions to include in RAID set.
Figure 11e: Software RAID level 5 device created.
24
Figure 11f: Software RAID level 5 device is syncing.
Figure 11: Software RAID set
25
Figure 12: Software RAID set /dev/md0 details.
26
3ware Hardware RAID:
In systems with 3ware hardware controllers, you can use hardware RAID to
create redundant storage. Currently the systems shipping out with hardware controllers
will have the Operating System installed on a hardware RAID5 set configured from the
factory. In this case you do not have the option to delete and recreate hardware RAID
since doing so would render the appliance unbootable. Future systems currently under
development will have the Operating System residing on a solid state disk which would
isolate the hardware RAID from the operating system dependency and give flexibility
and total control of the hardware RAID storage to the customer.
Figure 13: 3ware devices summary page
Figure 14 shows the details of a 3ware RAID set ‘Logical Disk 0’ whose status is Active.
If a 3ware RAID set encounters a failed drive it will resync to a healthy state by using a
host spare drive, if one is specified. If no hot spare was specified before a drive failed,
you will have to replace the faulty drive and then specify a rebuild of the RAID set.
When a RAID set is not healthy and has suffered a drive loss the status will change to
‘degraded’. The ‘Percent of resync done’ field shows the amount of RAID rebuilding
that has been completed. It is recommended that you perform maintenance, monitoring
and configuration of 3ware RAID sets from 3ware manager. Refer to 3ware Hardware
Monitoring section below.
27
Figure 14: 3ware RAID unit 0 in detail; no hot spare disk present
3Ware RAID Set Monitoring
RAID needs monitoring to avoid loss of data at times when the physical disks do
fail. The 3Ware RAID monitoring and configuration should be performed by accessing
the 3ware web-based RAID manager:
1. Log in to the NAS web management at https://[NAS IP-address]:10000
2. Start the 3ware manager under Storage->RAID->3ware Hardware RAID (if it is
not already running the option displayed would be ‘Stop 3Ware Manager’).
3. Point your web browser to http://[NAS IP-address]:10001. Default password is
3ware.
NOTE: Only run the 3ware Manager when you have to perform any configuration
changes like RAID rebuild etc to the RAID sets. When done stop the 3ware manager.
28
Fig 15: 3ware Manager
What to do first when a RAID set is degraded:
Sometimes due to heavy load or unclean shutdown a RAID set may kick out a
member drive and cause array degrade state. If a RAID5 array degrades and does not start
initialization automatically after unit is running for 20 minutes you may have to reintroduce the kicked out drive back in to the RAID5 array. To do this:
1.
2.
3.
4.
5.
6.
7.
8.
Start the 3ware Manager from webedge.
Login to the 3ware Manager at http://[IP address]:10001
Go to the ‘Configure’ page.
Select the drive that has been kicked out of the RAID set.
Click on Remove Drive at the bottom.
Default password is 3ware.
Select the same drive again and click on Add Drive button below.
Next select any two of the healthy drives of the RAID set and also select the
kicked out drive from earlier steps.
9. Click on Rebuild Unit button below.
10. RAID rebuild should start immediately. Go to ‘Home’ page to check the status of
the rebuild process.
29
Specifying a hot spare
The RAID Controller(s) give you the option to specify a hot spare from one of your
available ports. Hot spares should be selected after RAID1 or RAID5 creation.
To specify a hot spare:
1. While the system is running, install the spare drive to an empty tray from the chassis
and insert back. Make sure the blue LED on the tray lights up. If not make sure the drive
tray is well seated in the drive bay and the tray lever is fully closed.
2. Log into the 3ware manager.
3. Click on the check box next to the available offline port in 3ware manager on the
Configure page and then click on the Add Spare button.
NOTE: Hot spare drives must be equal to or larger than the drives used for the redundant
array.
Auto Rebuild of Redundant Array:
If a hot spare is specified and the array degrades, an event notification is generated and
the hot spare dynamically replaces the failed drive in a redundant array without user
intervention. Rebuild will automatically be launched as background process and an event
notification will notify the user when the rebuild process is complete (if 3ware manager is
running and e-mail notification is setup).
In the Event of a Hard Drive Failure
Always:

Verify the failed hard drive number
Before removing a hard drive, verify the location of the failed drive by checking
the 3ware manager alerts and logs on the Cutting Edge NAS. If an additional
functioning drive (other than the failed drive) is removed, data loss will result!
Never:

Remove more than one hard drive at a time
In RAID 5 data protection modes, your Cutting Edge NAS device can continue
operating after a single drive failure per RAID 5 set. Do NOT remove any other
drives from a RAID set while there is a failed drive in the system or while the
replacement drive is being restored.
30
Replacing a hard drive in the Cutting Edge NAS
In RAID5 and RAID1 configurations you can lose any single drive in each RAID set and
still have data integrity. In the event of a drive failure, you can quickly and easily replace
drives without shutting down the NAS. The Cutting Edge NAS system will automatically
recognize and prepare new drives.
Selecting Force Continue
Selecting the Force Continue on Source Errors check box before rebuilding the array
ensures rebuilds are not terminated if ECC errors are detected on the source disk.
Uncorrectable blocks will be rewritten, but the data may be incorrect. It is recommended
that a file system check be executed when the rebuild completes. By default, this function
is disabled. Select this option only if the initial rebuild has failed.
Why can't I rebuild my hard drive in the Cutting Edge NAS?
Rebuilding a hard drive may fail for the following reasons:

The hard drive being used for the rebuild is damaged. Try using another hard
drive.
CAUTION! Use Cutting Edge replacement drives only! Failure to do so will void
your warranty.
More than one drive is damaged. Contact Cutting Edge for repairs
31
Volume Manager:
Volume Manager is the heart of the storage management on the Edgeware NAS.
It provides virtualization of physical storage. Using the Volume Manager you can create
and aggregate storage volume groups, add storage devices, create logical volumes and
format them with your choice of file systems, and additional features such as ‘snapshots’.
Using the Volume Manager for Virtualization
Edgeware uses enhanced volume management to virtualize the real, physical disks that
exist on one or more of the Edgeware Storage systems. This provides Edgeware Storage
system with the flexibility to merge different physical storage (e.g., iSCSI and local
disks) into a single pool of storage, create block-level snapshots, and to easily shrink or
extend logical volumes. The abstraction above the actual physical storage when using the
Logical Volume Management through Webedge provides the ability to be a file or block
based storage system with the flexibility to alter or changes to accommodate changing
requirements.
Figure 16: Creating a new Volume Group.
Creating a new Volume Group:
To create a new volume group, click on ‘Add new volume group’ at the top of the
page. You will be presented with Volume Group creation page as shown in Figure 16.
32
1. Type in a name for the volume group.
2. Leave the Allocation block size default unless your application requires a specific
block size for performance.
3. Select an initial physical device from the list; you can add more devices to the
volume group later.
4. Click on create.
Figure 17: Volume Group VGstorage is expanded
Add a Logical Volume:
The next step is to create a Logical Volume.
1.
2.
3.
4.
5.
Click on the Volume Group to expand it.
Click on Add a Logical Volume.
You will be presented with a Logical Volume creation page.
Specify a name for the logical volume.
Give the amount of storage you want to allocate to the logical volume in Volume
Size. ‘Storage allocated from volume group (GB)’ shows the amount of storage
that is in use and not available for this logical volume.
6. Select yes for ‘Are large files common’ (greater than 1MB) if your data contains a
majority of large files.
33
7. Select the file sharing protocol(s) in ‘Network File Protocol’ or combination of
protocols you will be enabling for the shares on this logical volume. Use CIFS in
a Windows only network, NFS in a UNIX variant only network, Mixed for multiplatform network or ISCSI to export the volume as an ISCSI target.
8. If you have more than one physical device in the volume group under which you
are creating the logical volume, select yes for ‘Stripe across physical volumes’;
Figure 18 shows selected no for ‘Stripe across physical volumes’ as there is only
1 physical device ‘/dev/sda’ in the volume group VGstorage.
Figure 18: Creating Logical Volume
34
Figure 19: Logical volume LVstorage created.
Deleting a Logical Volume:
In order to delete a logical volume you have to make sure that there are no shares
defined on that logical volume from Storage->Share Manager.
1.
2.
3.
4.
5.
6.
Expand the volume tree for the volume group containing the logical volume.
Click on the logical volume link.
You will be presented with an Edit Logical Volume screen.
Click ‘Unmount the logical volume’.
Click on Return to Logical Volume link.
Click ‘delete’ on the next page and confirm deletion on the subsequent page.
35
Figure 20: Edit Logical Volume page.
36
Figure 21: Logical Volume unmounted
Resizing a Logical Volume:
A logical volume under a volume group can only resized to increase from its
original size. Decreasing the size of a logical volume is not possible. Also resizing
requires the shares on that logical volume to be deleted or backed up from Backup
System Configuration in Integrity->Save and Restore, and then restored after volume size
has been increased.
1. Delete all the shares specified on the logical volume from Share Manager.
2. In Volume Manager expand the volume tree for the volume group containing the
logical volume.
3. Click on the logical volume link.
4. You will be presented with an Edit Logical Volume screen.
5. Click ‘Unmount the logical volume’.
6. Click on Return to Logical Volume link.
7. Enter a new increased size for the logical volume.
8. Click on Save.
9. Click on Return to Logical Volume link on the next page.
37
10. Click ‘Mount the logical volume’. The logical volume should be resized and
available for use.
Snapshot Volumes:
Snapshot facility of the Edgeware OS allows the administrator to create a new
block device which is an exact copy of a logical volume, frozen at a point in time.
Typically this would be used when some batch processing, a backup for instance, needs
to be performed on the logical volume and you don't want to unmount a logical volume
on production unit which has data being modified or when you want to recover some data
that has changed and you want to access the old data. When the snapshot device has been
finished with the system administrator can just remove the device. This facility does
require that the snapshot be made at a time when the data on the logical volume is in a
consistent state.
This type of volume is a read-only copy of another volume that contains all the
data that was in the volume at the time the snapshot was created. This means we can back
up that volume without having to worry about data being changed while the backup is
going on, and we don't have to take the volume offline while the backup is taking place.
Figure 22: Creating a snapshot volume of a logical volume
38
Creating a snapshot of logical volume:
A snapshot volume can be as large or a small as you like but it must be
large enough to hold all the changes that are likely to happen to the original volume
during the lifetime of the snapshot. Snapshots affect the performance of logical volumes,
so create snapshots sparingly. Use the Maximum Concurrent Snapshot option in
Scheduling Snapshots to limit the number of snapshots at one time.
1. Expand the Volume Group which contains the logical volume you want to
snapshot.
2. Click on Add a snapshot volume hyperlink.
3. You should get the Create Snapshot Volume page as shown in figure 22. Enter a
snapshot volume name.
4. Enter the snapshot volume size. This should be large enough to hold any increase
in size of the source logical volume during the lifetime of the snapshot.
5. Select the logical volume that will be the source of the snapshot.
6. Click on create to instantly ‘Create’ the snapshot or click on ‘Schedule’ tautomate
snapshot creation based on a schedule.
Scheduling Snapshots:
If you click on ‘Schedule’ on the Create Snapshot Volume page you are presented
with a Schedule Snapshot Creation page as shown in Figure 23.
Figure 23: Snapshot Creation Scheduling
39
1. Enter your choices for the options:
Enable snapshot scheduling: This checkbox allows you to select whether this scheduling
should be active or not.
Maximum concurrent snapshots: The scheduler will not exceed this number of active
snapshot at one time when the schedule becomes due.
Notification email: The email address where email notification is sent when snapshots
are created.
Reminder Text or Notes: Text sent out in the email notification or entered in the
Webedge log entries for scheduled snapshots.
2. Next enter the schedule for the snapshot creation. You can select the snapshot to
be created on predefined periods by selecting ‘Run on selected schedule’ or you
can create a custom schedule by selecting ‘Run at times selected below’ and then
specifying the time and dates for creating snapshot volumes.
40
Share Manager:
Creating and managing shares is done via the Share Manager. You can share a
specific folder in any volume created in the Edgeware Server with others on the network.
When you create a share, you can assign the permission to the share that other users will
be allowed or denied when they access the share over the network.
Creating a Share:
Figure 24: Creating a network share.
1. Under Share Manager click on the link ‘Create a new share’.
2. Specify a name for the share.
3. Select a volume or directory to share by clicking the three dots next to the text
field. A pop up window should appear shortly listing the available volumes.
4. If you need to select a particular directory under the volume double click the
volume link to go deeper into the volume tree.
5. Press OK to confirm your selection.
6. You can write a brief description of the share in ‘Share Comment’.
7. Select the network file protocols that you want to enable for the share. Disable the
protocols you will not need to improve efficiency and security.
CIFS: Microsoft Window’s Common Internet File System (enhance version of
Microsoft’s SMB).
41
NFS: Sun Microsystems’s network file system.
APPLETALK: Apple’s network filesystem.
FTP: File transfer Protocol
HTTP: Hyper Text Transfer Protocol.
ASYNC: Asynchronous mirroring
8. Click on Save to create the share.
Figure 25: Choose volume pop up windows.
42
Quotas:
Disk quota defines the maximum amount of hard disk space allowed for a user's
files. There are two quota limits: the hard limit and the soft limit. The hard limit defines
the absolute maximum. When the hard limit is reached, the system will not allow a user
any more space. This effectively stops you from using that Edgeware user account to
create new files, edit old files etc. The soft limit is the desired maximum. After exceeding
the soft limit, the system warns the user and starts a grace period. When the grace period
ends, the system will not allow the user any more space.
Figure 26: Quotas page.
43
Figure 27: Filesystem Quotas page for Users.
Managing Disk Quotas:
1. To manage disk quotas for users or groups click the relevant link under the file
system column for the Volume you want to manage quotas for.
2. This will lead you to the file system quota page for that logical volume. Here you
can set hard and soft limits for users on the volume. Clicking on the button
‘browse’, will give you a pop up browser window where you can select a user to
specify quotas for.
3. After you have selected or entered a user in the test box, click on ‘Edit Quota’.
4. The next page lets you specify the hard and soft limits for the user. You can
specify limits based on number of blocks (where 1 block here is approximately
equal to 1 Kilo Byte) and/or on number of files owned by the user.
5. When you are done click on ‘Update’ to apply the changes.
If you want to copy quota limits for the user you just specified to other users:
1.
2.
3.
4.
Click on Edit User Quota for the user from the Quota page.
Click on List All Quotas.
Click on Copy Quotas.
Select one of the options on the copy quotas page.
44
You can copy group quotas similarly.
Figure 28: Adding quota for a user.
45
Figure 29: Copying quota settings of a user to other users.
Quotas for New Users and Groups:
You can also specify quotas which will be enforced on new users and groups created on
the system from the new user quota area on Disk Quotas page for the logical volume
shown in Figure 27.
46
Backup:
Backup allows you to backup your data in the logical volumes to another volume
in the system or a tape device. If your system has a tape drive or tape library connected
you can back up you data to that device otherwise you can only backup to another logical
volume.
Figure 30: Backup
Under backup you have options to backup up logical volumes or restore logical
volumes from previous backups.
Adding a new backup of a volume:
To start a new backup:
1. Select the logical volume you want to backup from the drop down menu as shown
in Figure 30.
2. Click on ‘Add a new backup of a volume’ button. Next you should get the page
shown in Figure 31.
3. In the ‘Backup to’ text field select the backup target you want to use. Select:
- Tape: To backup to a tape device in the system.
47
4.
5.
6.
7.
8.
9.
- Tar file: To backup to a file on another logical volume.
- Another Volume (Live Copy: To backup files to another logical volume.
For ‘Make multiple volumes of the tape size’ select Yes if the size of your data is
more than a single media and you have to span the backup over more than 1
media. To span the backup on multiple media you will have to manually label the
media to keep track of the order in which the backup will be written. During the
backup process once a media becomes full with data the tape drive will eject the
media out. At this point you have to remove the media and insert another empty
media. Once another media is inserted the backup process will proceed and so on
till all the data has been backed up.
Give a name to the backup job for ‘Label’.
Choose to specify the ‘Tape size’ or let Backup process calculate by querying the
tape drive.
‘Block size’ value should be default unless you have a specific block size you
want to enter.
Select yes for ‘Software Compression’ only when backing up to logical volumes.
Click on ‘Continue’.
Figure 31: Add a new backup of a volume.
48
On the next page shown Figure 32, you can specify a schedule for this backup to
run on. If you do not want to specify a schedule right now you can click on ‘Create and
Backup Now’ to start the backup immediately. You can later specify a schedule also.
Scheduling Backup:
1. Enable backup schedule from ‘Scheduled backup enabled?’ at the top.
2. You can either select a predefined set of events from the drop down menu of ‘Run
on selected schedule’ or you can specify your own schedule by selecting ‘Run at
times selected below’ and then choosing a time and date for the backup.
3. Click on ‘Create’ to save the backup job schedule.
Figure 32: Specify a backup schedule.
Restore:
To restore from backup:
1. Select the backup target you want to restore from. For tape insert the correct
media or the first media of the media group.
2. Select the location to restore the backup. Click the button with the three periods in
next to the ‘Restore to directory’ text box, a pop window will appear where you
can select from available and valid locations.
49
3. Next select ‘Everything in backup’ to restore all the data in the backup or select
‘Listed files’ to restore specific files. If you select the latter option, make sure that
the filenames are separated by a space and that the filenames must be relative to
the file system that the backup was made from, so if you backed up /home and
wanted to just restore /home/foo you would enter foo into this field or if want to
restore a file foo in a directory /home/bar you would enter /bar/foo.
NOTE: By default the restore process will not overwrite a file when a matching
file is present on the volume being restored that is newer than the file in the
backup.
4. If the backup was spanned across multiple files or tapes then select yes for
‘Backup is split across multiple files/tapes?’
5. Select yes to ‘Show list of files only (for test)’ if you just want to view a listing of
files in the backup. This will not restore data.
6. ‘Extra command-line options’ should be left blank.
7. Click ‘Restore Backup Now’, this will start the restore process or print out a
listing of files in the backup if selected in step 5.
8. If your backup is on multiple media the tape drive will eject the media when it is
ready for the next ordered media in the backup media set. Just insert the next
media and the restore process will continue automatically.
9. When the restore process is complete you will get a message ‘Restore completed
successfully’ on the page as shown in Figure 34.
Figure 33: Restoring a backup.
50
Figure 34: Restore Backup result.
51
Networking:
The Edgeware Storage system provides the base IP networking by using the TCP/IP stack
within the Linux kernel. In addition, to TCP, UDP is often used for NFSv2 and other
network applications' discovery and announcement protocols (e.g., CIFS, DHCP,
Webedge, etc.). Network module in the Networking section is the most vital to the base
administration. Improper configuration within the network configuration may leave the
system inaccessible except by VGA or serial console.
Network:
The network section provides configuration options for TCP/IP protocols. The
main page gives a summary of the current network settings of the NAS Server and also
allows the administrator to change some settings.
Figure 35: Network Settings.
Hostname: The name of the NAS on the network
Domain: Network domain where NAS is located
Network Interfaces (eth0, eth1 …): A summary of the Network Interfaces configured in
the system
- Name: Name of the network interface
- Type: Media type of the interface
52
-
IP address: IP address of the interface
Netmask: Subnet mask for the subnet
Active Now: Status of the interface
At boot? : Enabled or disabled at start up
You can edit the interface properties by clicking on the name of the interface.
Default router: Select ‘None (or fro DHCP) if your interfaces are set DHCP assigned
addresses. If interfaces are set to static IP addresses you should enter a default gateway
here if you want your appliance to be access and be accessed from outside your subnet.
Default route device: Default route device in the system. This should be none when
interfaces are DCHP assigned. If interfaces have static IP addresses you should enter the
default interface you want the network packets be routed to. Generally this would be
eth0.
DNS servers: The DNS servers that the appliance will use to resolve domain names. If
your DHCP is set to assign DNS servers in the DHCP lease these fields will be
automatically populated. If not then you should enter DNS server IP addresses for your
network.
Search domains: Enter the domains you want the appliance to search for, when
resolving unqualified host names. For example if you add sd.cuttedge.com and
test.cuttedge.com to the list and then type a command ‘ping xyz’ the appliance tries to
ping xyz.sd.cuttedge.com and xyz.test.cuttedge.com
ADVANCED CONFIGURATION
The hyperlink at the bottom of the Network page gives you advanced
configuration options such as DNS, Routing and defining Host addresses.
DNS Configuration:
The DNS configuration page allows you to store settings for the Name Service.
-
Hostname: The NetBIOS name of the appliance.
-
Resolution order: This series of drop down lists give you the ability to
define the search order for hosts on network from the network resolution
protocol databases.
Hosts: Hostname to IP address mapping from ‘Host Addresses’.
DNS: The Domain Name System
NIS: Network Information System
NISPLUS: The next generation NIS
LDAP: The Light Weight Directory Access Protocol
DB: The local name service database.
-
DNS servers: The DNS servers to query for DNS lookups. Enter the DNS
server IP addresses in order of importance.
Search Domains: Domain suffix search order.
53
Host Addresses:
If you do not have a reliable host name lookup service such as DNS or NIS
running in your intranet or you are having difficulty in getting hostnames resolved from
the appliance you can enter hostname to IP address mappings to get faster lookups. Just
click on ‘Add a new host address’. Enter the IP address in and then the hostname(s) for
that IP address.
54
CIFS:
The CIFS section gives you the ability to setup Microsoft Windows networking
for the appliance.
Windows Networking Options:
On this page you can setup how CIFS networking is setup with your Windows
network.
Figure 36: Windows Networking Options.
Security: This field lets you set the security level of windows networking. The options
are:
- Security = share level
In share level security, the client must authenticate itself separately for each share
it wants to connect. Client will send at least a password with each demand of
connection to a share. Client won't send any username with this operation because
it is expecting that the server has a password associated with each share.
Edgeware CIFS component Samba uses the UNIX authentication where a pair
username/password is authenticated and not a pair share/password. So Samba has
to find out what username is associated with the password the client sent.
55
The way Samba follows to find a username to check the password is the
following:

Step 0: If the service is marked "guest only = yes" then steps 1 to 5
are skipped.

Step 1: If the client has passed a username/password pair and that
username/password pair is validated by the UNIX system's
password programs or by checking the SMB encrypted passwords
database (smbpasswd) then the connection is made as that
username. Note that this includes the \\server\service%username
method of passing a username.

Step 2: If the client has previously registered a username with the
system and now supplies a correct password for that username then
the connection is allowed.

Step 3: The client's NetBIOS name and any previously used user
names are checked against the supplied password, if they match
then the connection is allowed as the corresponding user.

Step 4: If the client has previously validated a username/password
pair with the server and the client has passed the validation token
then that username is used. This step is skipped if "revalidate =
yes" for this service in the /etc/samba/smb.conf file.

Step 5 : If a "user = " field is given in the /etc/samba/smb.conf file
for the service and the client has supplied a password, and that
password matches (according to the UNIX system's password
checking) with one of the usernames from the user field then the
connection is made as the username in the user line.

Step 6: If the service is a guest service (in /etc/samba/smb.conf:
guest ok = Yes or guest only = Yes) then a connection is made as
the username given in the "guest account =" for the service,
irrespective of the supplied password.
One consequence of this security mode is that you are not required to make a
UNIX/local account for each Windows account you expect to connect to your
Samba server.
- Security = user level
This is a simpler mode as the previous one. When the server tells the client that he
runs in user level security, the client will first send a command containing a
56
username and a password. At this stage of the connection negotiation, the server
has no idea about which service the client wants to access. So it has to base its
authentication procedure only on the pair username/password or on the machine
name.
Once the access has been granted to the client, that client can connect to any share
without re-supplying a password or a username/password pair. With Windows
NT, you can send multiple pair username/password: you have to fill the "Connect
as" field on any network connection dialog box, and then you will be able to send
a new pair of username/password.
- Security = PDC member (Domain)
In this security mode Samba server tells the connecting client that it is running in
user level and passes all the username/password pair to an existing password
server, which must be a Domain Controller. You should choose this Security level
when you want to add the Edgeware appliance as a member server to your
Windows NT legacy domain.
- Security = ADS member (Domain)
Using this security level you can join the Edgeware appliance to an Active
Directory domain. This is possible if the domain is run in native mode or mixed
mode. Active Directory in native mode perfectly allows NT4-style Domain
Members.
Workgroup/Domain: The domain or workgroup of your Windows network depending on
the security level you choose
WINS mode: Select theWINS mode for your network
- Be WINS server: If you do not have an existing WINS server on your network
and need to setup the Edgeware appliance as WINS server select
- Use server: Enter your WINS server IP address here.
- Neither: If you do not need to configure WINS on the appliance.
PDC and ADS option:
Windows 2003 server PDC/ADS: If your PDC or ADS is running the Windows 2003
operating system select yes.
PDC/ADS server: Enter the IP address or hostname of the Primary Domain Controller of
the domain or any Active Directory Service Domain Controller of the domain.
Administrator: The domain user in the Domain Administrative group for the Windows
NT4 or ADS domain.
Administrator Password: The password for the user entered in the Administrator field.
57
ADS option:
KDC: Enter the IP address or hostname of the Kerberos Key Distribution Center; this is
usually your ADS domain controller same as the PDC/ADS server field above.
Realm: A network that includes a Kerberos server is called a realm. This should be your
ADS FQDN (fully qualified domain name) such as cuttedge.com or sd.cuttedge.com
NOTE: Date and Time are critical for the domain joining to succeed. Ensure that the date
is same as on domain controller(s) and time on the NAS is set to be within 30 seconds of
the time on your domain controller(s).
After making sure you have entered the correct settings for Windows networking click on
‘Save and Restart’. Samba Status message above this button should update as shown in
Figure 39. Once samba status says NAS has joined the domain, reboot the NAS from the
Maintenance section to complete the domain joining.
Windows Domain Users and Groups:
Once the NAS is joined to the domain, this section gives you a listing of the users
and groups in that Microsoft Windows domain.
58
AppleTalk:
The AppleTalk section lets you configure the AppleTalk services. On the main
page you see a listing of the shares that have AppleTalk enabled on them from Share
Manager. You can view and change the various share settings of each share for
AppleTalk clients, just click on the link for the share you want to edit.
AppleTalk Global Configurations and Options:
Show Current Users:
You can view the list of currently connected to the AppleTalk shares using this
link. You also have the ability to disconnect their sessions by clicking on disconnect.
Miscellaneous Options:
Under miscellaneous options you can set the maximum number of total
connections to allow on the appliance via the AppleTalk Filing Protocol (AFP). Click
‘Save’ to apply the change.
59
FTP
FTP lets you configure the configuration settings for the Edgeware FTP server.
You can start/restart or stop the FTP server operation from the main FTP page by
clicking the appropriate link. Restart the server whenever you apply changes to the
configuration settings of the FTP server.
Networking Options:
This is the page where you can set the various settings for the FTP server
operation.
Maximum concurrent sessions: Defines the maximum number of client connections to
the FTP server at one time. The default setting is 30.
Server type: This selects how the FTP server process will run on the Edgeware NAS.
Leave this to standalone mode unless you are familiar with the options.
Idle time before disconnecting: Sets the idle connection timeout value. Default is 600
seconds.
Time to wait for first transfer: Sets the connection without transfer timeout. Default is
300 seconds.
Do reverse DNS lookups of client addresses? : Toggle reverse DNS name lookups on the
client host. If for some reason, DNS is not available or improperly configured this might
cause the FTP server to freeze for sometime.
Send RFC2228-style responses? : Enables the FTP server to send all responses
conforming to the RFC2228 specifications. Keep it disabled unless otherwise directed or
when needed.
Only bind to needed ports? : This controls how TCP/IP listen sockets are created by the
FTP server. Leave to default.
Time to wait for authentication: Configures the maximum number of seconds a client is
allowed to spend authenticating. Default is 300 seconds.
Time to wait for stalled data transfer: Sets the maximum number of seconds a data
connection between the ftp server and an ftp client can exist but have no actual data
transferred.
TCP backlog queue length: This controls the TCP "backlog queue" when listening for
connections in standalone mode. If you begin to notice or hear of "connection refused"
messages from remote clients then you can increase this setting. The default size of this
queue is 5. The trade-off, of course, is kernel memory and/or other kernel resources and
processes. So you will have to experiment depending on your connection load.
60
Allow foreign data transfers? : Normally the FTP server disallows clients from using the
ftp PORT command with anything other than their own IP address. Enabling this option
the FTP server will allow clients to transmit foreign data connection IP addresses that do
not match the client's IP address when the clients connect. Generally it's considered a bad
idea, security-wise, to permit this sort of thing. This only affects data connection
addresses; not TCP ports.
Allow restarted uploads? : Enabling this allows clients to resume uploads. By default this
is disabled.
Default transfer mode: Defines the default transfer mode for files. The default settings is
ASCII, that is carriage-return/linefeed translation will be performed on the files.
Lookup remote Ident username? : Toggle ident lookups. Normally, when a client
initially connects to the ftp server, the ident protocol (RFC1413) is used to attempt to
identify the remote username. Default is enabled.
Maximum concurrent logins: The maximum number of logins from ftp clients to this ftp
server. This provides the same function as the ‘Maximum concurrent sessions’ option.
Here you can also specify a login error message when maximum connections is reached
and a client attempts to connect. Default is none.
Maximum concurrent logins per host: The maximum number of logins from a client
machine. You can also specify an error message when the limit is reached and a client
attempts to connect. Default is none.
PASV port range: This restricts the range of ports from which the ftp server will select
when a client attempts to connect in passive ftp mode.
Client connection message: Enter a message that ftp users will see when they login in to
the ftp server.
Use TCP_NODELAY socket option? : This controls the use of the TCP_NODELAY
socket option. Default setting is yes. If you have clients reporting unusually slow
connections, try setting this to no.
Allow restarted downloads? : Enabling this allows clients to resume download. By
default this is enabled.
Maximum FTP command length: This directive controls the maximum command length
permitted to be sent to the server. This allows you to effectively control what the longest
command the server will accept, and can help protect the server from various Denial of
Service or resource-consumption attacks.
Defer welcome message until after login? : This directive configures the server to delay
transmitting the ServerName and address to new connections, until a client has
successfully authenticated. If enabled, the initial welcome message will be exceedingly
generic and will not give away any type of information about the host that the daemon is
61
actively running on. This can be used by security-conscious administrators to limit the
amount of "probing" possible from non-trusted networks/hosts.
After changing any settings click Apply to commit the changes and restart the ftp server.
Denied FTP users:
This page lets define the users or system accounts that are denied authentication
by the ftp server.
62
HTTP:
HTTP module is a file manager for the http protocol. It is not a web server
module for the m-DAR. See web server section below for explanation about the web
server. This is a utility for managing and transferring files and folders via HTTP protocol.
You can upload, download, find, delete, copy, cut and paste files to the file shares on the
system using HTTP File Manager. You should have Java 2 Runtime Environment (JRE)
version 1.4.2_03 or later installed on your workstation for File Manager to run
successfully. You can get it at http://www.java.com. Also you need to have HTTP
protocol enable on the shares.
The left pane shows the directory structure of the shares defined in the system and
the right pane shows the files under the directories you select on the left pane. The menu
at the top gives you different actions for files. A double click of the left mouse button on
a file lets you download it.
Figure 37: File Manager.
63
NFS
This networking section allows you to configure the NFS sharing options on the
shares you have created from Share Manager.
The main page shows a list of the shares that have been enabled for NFS sharing
and a summary of the NFS export permissions. Also you can start/restart or stop the NFS
server daemon from this page.
When you click an the export setting hyper link for an NFS share, you are presented with
a page where you can edit the various security permissions and configuration options for
NFS sharing on that particular share.
NFS Export Configuration
Export Details:
Directory to support: This is the directory being exported to the clients listed in the
‘Export to’ field on the main NFS page.
Active? : Controls whether this NFS export is active or not. If not, it is commented out in
the exports file.
Export to: The hosts that will have access to the exported directory. Five ways of
specifying which hosts are allowed to mount the directory are available:
Everyone: Any host capable of contacting your system is allowed access. This
option should be used with care, especially if your system is connected to the
Internet.
Hosts(s): This can either be a single IP address, a single hostname, or a regular
expression like *.foo.com. In the last case, any host whose reverse DNS lookup
by IP address matches the expression will be allowed access.
WebNFS clients: Allows clients using Sun's WebNFS protocol to access this
directory.
Netgroup: Allows all members of the specified NIS netgroup to access this
export.
Network and Netmask: Any host in the specified subnet is allowed access. For
example, if the network was 10.1.2.0 and the netmask 255.255.255.0, all hosts
with IP addresses from 10.1.2.0 to 10.1.2.255 would be allowed.
Use asynchronous writes to disk? : When this option is set, the server replies to clients
before data has been written to permanent storage. The server also sends a FILE_SYNC
response to the client, indicating that the client need not retain buffered data or send a
subsequent COMMIT operation. This exposes the client to the same undetectable
corruption as exists for NFS Version 2 (with "async") if the server crashes before it has
actually written data to stable storage. Note that even if a client sends a Version 3
64
COMMIT operation, the server replies immediately if the file system has been exported
with the "async" option.
Clients must be on secure port? : If this option is chosen, NFS clients must use a UDP
port less than 1024. This provides additional security for UNIX clients, but may interfere
with some Windows NFS implementations.
Export Security
Access mode: Set Read or Read/Write access on the exported filesystem.
Deny access to directory? : If this option is chosen, the specified clients will not be
allowed access to any subdirectory.
Trust remote users: Determines which UNIX users on the client are trusted by the server.
Three options are available:
Everyone: All client users will be treated the same by the server
Everyone except root: The root user on the client is treated as the untrusted user
by the server, but all other users are trusted.
Nobody: All users on the client are treated as the untrusted user. This option is
best used when exporting to a system that you do not control (such as a singleuser PC), or when exporting to everyone.
Disable POSIX ACL’s: This enables or disables the POSIX access control list support
for the export directory.
Don't trust UIDs: Map requests from UID specified here to the anonymous UID. Note
that this does not apply to any other UID that might be equally sensitive, such as user bin.
Don't trust GIDs: Map requests from GID specified here to the anonymous GID. Note
that this does not apply to any other GID that might be equally sensitive.
Treat untrusted users as: This option determines which local user, untrusted client users
are treated as. You may enter either a UID or select a user, or choose the default
(typically the user nobody). You can click the button next text field to get a pop up
window that displays local users defined on the system that you can provide as the
anonymous user to which untrusted users are mapped to.
Treat untrusted groups as: This option determines which local group, untrusted client
groups are treated as. You may enter either a GID or select a group, or choose the default
(typically the group nobody). You can click the button next text field to get a pop up
window that displays local groups defined on the system that you can provide as the
anonymous group to which untrusted groups are mapped to.
After making any changes, click save to commit the changes and then restart the NFS
server from the NFS Exports page.
65
iSCSI:
iSCSI is Internet SCSI (Small Computer System Interface), an Internet Protocol
IP-based storage networking standard for linking data storage facilities. By carrying SCSI
commands over IP networks, iSCSI is used to facilitate data transfers over intranets and
to manage storage over long distances.
An iSCSI node name is also the SCSI device name of an iSCSI device. The
iSCSI name of a SCSI device is the principal object used in authentication of targets to
initiators and initiators to targets. This name is also used to identify and manage iSCSI
storage resources. iSCSI names must be unique within the operational domain of the end
user. However, because the operational domain of an IP network is potentially
worldwide, the iSCSI name formats are architected to be worldwide unique.
NOTE: iSCSI service can be started, restarted or stopped from either the iSCSI initiator
page or the iSCSI target page, both perform the same function.
Figure 38: iSCSI target management page
iSCSI Targets:
iSCSI target is the server side of the iSCSI protocol.
Creating an iSCSI Target
iSCSI target is created from Volume Manager in the same way as a logical
volume is created. Only difference is that you will specify iSCSI Target in the Network
File Protocol drop down menu, as shown in Figure 41 below. Specify a size in GB and a
name for the iSCSI volume. The volume name you specify will be added to the end of the
string making the internet qualified name for the iSCSI target. Clicking on the ‘Create’
button will create and mount the volume as an iSCSI target and it will be listed on the
iSCSI target page.
66
Figure 41: Creating an iSCSI target
On the iSCSI targets page you can view iSCSI targets defined on the system. Each iSCSI
target link takes you to the properties page for that target; you can change some of the
properties of the target after it has been created, shown below in Figure 42, that are:
Alias: A more human readable and understandable name for the target.
Max Connection: Maximum connection allowed from initiators to this target.
CHAP username and Password: If you want to make the target more secure by enabling
the CHAP authentication protocol on this target, provide a username and password that
the initiator has to supply to successfully connect to the target.
The ‘Edit Local iSCSI Target’ page also shows the current connections from iSCSI
initiators to this target.
67
Figure 42: iSCSI target properties page
68
ASYNC
In this section you can start or stop Asynchronous mirroring and provide optional settings
for each share that has async enabled. This page allows you to set options to shares on
your local Edgeware NAS that are to be asynchronously mirrored to another Edgeware
NAS.
Only shares that are Aysnc protocol enabled from Share Manager are listed.
When you click on a share you can specify optional settings:
Share Description: A brief description for the async share.
Hosts Allow: Allow these hosts to asynchronously mirror with this share. You can enter
an IP address or hostname, each separated by a space. If entering hostnames, make sure
you have hostname resolutions working in your network.
Hosts Deny: Deny these hosts from asynchronously mirroring this share. You can enter
an IP address or hostname, each separated by a space. If entering hostnames, make sure
you have hostname resolutions working in your network.
Click on save changes and then restart the Async server from the main Async page.
NOTE: To start the process of asynchronous mirroring on a share you enabled for async,
you have to go configure and setup mirroring from the section Clustering->Mirroring.
69
Authentication
The authentication module deals with the user access, security and permission.
Users and Groups
This sub section deals with the creation and management of the different
authentication schemes like Windows Domains, Microsoft Active Directory, NIS and
LDAP.
Local Users and Groups
Local users and groups are the users and groups that are defined on the NAS itself
and are authenticated by the NAS operating system kernel. The main page shows the
currently present local users and groups.
Creating a new local user:
1. Click on the ‘Create a new user’ link. You will be presented with a page for
creating a user as shown in Figure 43.
Figure 43: Create a local user
70
2. Enter a username for that user.
3. Specify a real name for that user.
4. Give the user a password and confirm the password in the next field.
5. Password changed shows the last date on which this user's password was changed,
either through web UI or the passwd program.
6. ‘Minimum days’ is the minimum number of days required between password
changes.
7. ‘Warning days’ is the number of days before the user is forced to change his
password.
8. ‘Expiry date’ is the date on which this account will expire. After this date the user
will no longer be able to login to the system. Leaving blank will disable password
expiration.
9. ‘Maximum days’ is the maximum number of days allowed between password
changes. After this time has elapsed, the user will be prompted to enter a new
password at login.
10. ‘Inactive days’ is the number of inactivity days over the maximum days before
the user's account is disabled.
11. Next you can provide the local group to which this user will belong.
Click on create to add the user in the system.
Create a new local group:
1. Click on the ‘Create a new group’ link.
2. On the next page specify a group name
3. Specify a group ID, or accept the auto generated ID.
4. Add users to the group in the Members text box.
Click on create to add the group in the system.
71
Windows Domain Users and groups
When the NAS is joined to a Windows domain this page shows the Windows
domain users and groups in the Windows domain.
NIS Domain Users
This lists the NIS domain users when the appliance is set up for NIS
authentication.
LDAP Domain Users and Groups
This lists the LDAP domain users and groups when the appliance is set up for
LDAP authentication.
72
Share Permissions
This page allows you to set user and group permissions on the shares you have
created on the local volumes. The first page gives you a summary list of the shares that
have been defined on the system. When you click on a share name you are directed to a
page as shown in Figure 44.
Figure 44: Editing share permissions.
The left text box gives you the list of valid users for that share and the right text box
gives the list of valid groups.
Adding users to the share:
1. Type a valid user on the system into the text box labeled ‘Valid users’ or select
users by clicking on the button with the three dots at the bottom right of the text
box, which will give you a popup window listing all the local or domain users for
the system.
2. Repeat step 1 for all users you want to add to the share.
3. Check the default permissions that you want to assign to the valid users on the
share. R=read, W=write and X=execute.
73
4. Optionally you can specify these permissions to be propagated to all the files and
subdirectories or all the subdirectories under the share by checking the relevant
check box under ‘Apply ACLs recursively to all files and subdirectories’.
5. Click on save to apply the changes.
Adding groups to the share:
1. Type a valid group on the system into the text box labeled ‘Valid groups’ or select
groups by clicking on the button with the three dots at the bottom right of the text
box, which will give you a popup window listing all the local or domain groups
for the system.
2. Repeat step 1 for all groups you want to add to the share.
3. Check the default permissions that you want to assign to the valid groups on the
share. R=read, W=write and X=execute.
4. Optionally you can specify these permissions to be propagated to all the files and
subdirectories or all the subdirectories under the share by checking the relevant
check box under ‘Apply ACLs recursively to all files and subdirectories’.
5. Click on save to apply the changes.
Deleting users and groups from a share:
To delete users and groups from the share, use the backspace on your keyboard to
delete the users and groups you want to remove and then click on save to apply the
changes.
74
NIS
NIS subsection gives you the configuration and management options for
integrating your Edgeware Storage system into your NIS domain.
NIS Client
Enter the NIS client settings for your NIS domain.
NIS domain: The NIS domain name. This should be different than your DNS name.
NIS servers: NIS servers should be entered here or you can choose to find NIS servers
by broadcasts
Authentication Order: If a same user is present as a local user and a NIS user, choose
the order with which the user will be authenticated.
Click on save and restart after making any changes to apply those changes.
NIS Users and Groups
This lists the NIS users and groups found on the NIS domain by the NIS client.
Name Service Switch
This page is for advanced users. The form edits the /etc/nsswitch.conf file which
defines the search order of the network databases for different services and protocols
running on the Edgeware system.
75
LDAP
The LDAP subsection gives you the configuration and management options for
integrating the LDAP server database into your Edgeware storage system as a user and
group authentication tool. Local users and groups can still be specified, but the master
authentication repository will be the LDAP server database when the LDAP client is
configured as specified below.
Currently, a standard set of schemas represent the authentication objects the
LDAP client recognizes. For Edgeware, the schemas are available if a conversion to
LDAP authentication is planned to insure compatibility.
LDAP Client
In order for LDAP authentication to work, the administrator must enter the
LDAP client settings to configure access to the LDAP server over the network. The
following information needs to be provided in the setup page.
LDAP Client settings:
Base Domain Name – This is the root node of the LDAP database.
LDAP Server – Domain name or IP address of the LDAP server.
Port – The port number that the LDAP server uses. . If none is specified the port
connection defaults to port 389.
Anonymous bind - Check this box when an anonymous bind is being used. (i.e.
no username or password are required for the LDAP server network access).
User Settings:
LDAP Bind Name – The user name used to bind to the LDAP database. This
name is given relative to the Base Domain name.
Bind Password – Password for the bind user.
Root DN – Check this box if the LDAP administrator account is used to bind to
the LDAP database, In this case, the information to access the LDAP server and
database is kept within a separate file with limited access to restrict anybody other
than a local process to read the information.
Use LDAP authentication – Check this box when LDAP authentication will
become active with the settings described above for all network authenticated
protocols. If this checkbox is left unchecked, the information will be persistent
but the LDAP authentication will remain inactive. This allows administrators to
retain the LDAP configuration information without.
Authenticate Samba with LDAP – Check this box when Samba (Windows
Client) users authenticate using the LDAP server and allows additional Samba
configuration. Checking this feature of LDAP unlocks the following Samba
specific settings:
76
Samba specific settings:
User Suffix - This specifies where users are added to the tree. If no suffix is
specified the value of the LDAP suffix will be used.
Group Suffix - This specifies the suffix that is used for groups when these are
added to the LDAP directory. If no suffix is specified the value of the LDAP
suffix will be used.
Machine Suffix - This specifies where machines should be added to the LDAP
tree. If no suffix is specified the value of the LDAP suffix will be used.
In order for Samba authentication to work properly the Samba schemas should be
used by the LDAP server. . The Samba schemas are verified to work with Edgeware's
LDAP client. Currently, two versions of the samba schema are available and tested. The
two schemas are typically called version 2 and version 3. If using OpenLDAP as your
LDAP server, the correct schema needs to be included in the LDAP server configuration.
For example, the path to the samba schema being used,
/path/to/schema/file/samba3.schema is added to the schema list when the OpenLDAP
server is being configured.
Note: Samba v.3 is looking for object class sambaSamAccount, rather that the old
sambaAccount, which is also reflected in the new samba3.schema file.
LDAP users and groups
This page is used for displaying LDAP server database users and groups that the
Edgeware LDAP client can see. If LDAP users and groups are visible, the Edgeware
LDAP client will successfully connect to the server and retrieve the user and group list
from the LDAP server. Each of the users and groups listed should work to both
authenticate and honor permissions from clients to the Edgeware storage system.
77
MAINTENANCE
The Maintenance section includes the management modules: Shutdown (and
reboot), Monitoring, Logs, Process (lists), Command Line (access), and (OS) Integrity.
Shutdown
Shutdown System turns the system off. You will have to press the power button
on the unit to get access to the UI again.
Reboot System restarts the system. Wait a couple of minutes and then refresh the
browser to get access to the web UI again.
Monitoring
The Monitoring module is intended for notifications of warning or errors in
hardware and software components of the Edgeware Storage system. Monitoring contains
the following:
Monitoring Status
This page shows the current status of the Edgeware NAS components that the
monitoring program is monitoring. It shows the component’s status, when it was last
checked, and when the next check will occur.
Watch lists
On this page you can change the monitoring settings for the different
components/services that are being monitored as well as start monitoring for components
or services that are not being watched. A default list of services/components should
already be defined for the system. These are normally adequate for monitoring a standard
Edgeware system.
You can get a detailed listing of the services being watched by clicking the
‘servers’ link under the ‘Watching group’ column. Figure 45 shows the detail listing of
the Watch List.
78
Figure 45: Detail list of services being watched.
To modify an existing service monitor click on that service, under ‘services being
watched’ (e.g. freespace, hardware, RAID etc). You will be presented with a page such as
shown in Figure 46.
1) Service monitors: Service monitors monitor different services on the Edgeware system
2) Monitor alerts: Monitor alerts send out different types of alerts when Service monitors
detect a problem.
Default Watch List
The default watch list has the following services being monitored:
Free space:
Free space on the logical volumes is monitored by the monitor
‘freespace.monitor’. In the monitor parameters you have to specify the logical volume
you want to check for free space status and at what percentage of the logical volumes free
space the monitor will send an alert. The format is:
79
/Volumes/[logical volume name]:[percentage of free space]
For e.g.:
/Volumes/LVstorage:20% specifies that the free space monitor will send out the defined
alerts when the LVstorage logical volume free space becomes less then 20% of
LVstorage total size.
RAID:
Hardware RAID service is monitored by a monitor ‘RAID.monitor’ which checks
on the status of RAID sets defined on the RAID controller card(s). If the monitor finds
any RAID set is unhealthy it sends out two alerts by default. The alarm.alert sounds three
beeps every 5 minutes and the mail.alert sends a mail out to the email address specified
with a brief description of the problem. It will have a line similar to “3Ware controller 0:
unit 0 is I” which means that RAID unit 0 on the 3ware card had detected inconsistency
or an unclean shutdown and is re-initializing or initializing the RAID set. A “3Ware
controller 0: unit 0 is D” message will be sent out in a mail.alert when RAID unit 0 on
the 3ware card has degraded which most likely means that a drive in the RAID unit 0 is
bad.
Hardware:
Hardware component temperature is monitored by shuttle-hardware.monitor. This
service monitor checks the temperature of the system motherboard, system chipset and
the CPU. Critical temperature for the components is 68°C or 154.4°F.
Adding or editing a service for monitoring:
1. Click on ‘add service’ link next to the ‘watching group’ on the Watch Lists page.
2. Enter the ‘Watched service details’ and at least 1 monitoring period.
Watched Service Details:
Name of service: This is the name of the service or component that is being watched.
Description: A brief description of the service or component.
Using monitor: Selects the monitoring scripts that will be used to monitor this service.
Each script is named with a service name.
Monitor parameters: Advanced parameters to the monitoring program.
Check every: This sets the time interval at which the monitoring process checks the
service.
Monitoring periods:
80
Monitoring periods are used to define the conditions which should allow alerts to be sent.
You can define multiple monitoring periods for a monitoring job. Each monitoring period
can have more than one type of alert defined, like mail.alert, snmp.alert, alarm.alert etc.
Figure 46 shows a single monitoring period ‘Monitoring period 1’ for the 3ware
hardware RAID service.
Figure 46: Edit a service monitor
Specified days and hours: Define the days and hours the monitoring process will check
this service, at the time interval specified in the ‘Check every’ setting.
Alerts for period:
Alert: Type of alert to be sent. The different types of alerts available are:
Alert
mail.alert
Purpose
Send alert via
email
file.alert
Save alert to
a file
winpopup.alert Send a popup
alert to a
windows
workstation
alarm.alert
Send sound
alarm to
chassis
speaker
snmp.alert
Send an
SNMP trap
Additional
Parameters
recipient email address
Additional
Parameters Example
[email protected]
file name with full path
/Volumes/LV1/raidalert
NetBIOS host name of the
workstation
MyServer1
Number of beeps to sound
for one instance of the
alert
3
[community] [manager IP- public 192.168.0.6
address] [Watch Service]
RAID Degraded_RAID
81
trap.alert
based on
additional
parameters
Send an
SNMP trap to
the SNMP
host with
settings from
the SNMP
page
[Extra message]
Run when: The event which should signal the alert.
Advance Configuration:
The Advanced Configuration button will give you more options for the
Monitoring Period:
Days to check: You can specify all days of the week to monitor or a range of select days
of the week.
Hours to check: Here you can have the service monitored every hour or specify a time
period in a 24 hr clock representation.
Maximum alerts to send: The number of maximum alerts to send for one failure event.
Click on save to modify or create monitoring of that service.
Deleting a monitoring period
To delete a monitoring period, check the box marked ‘Delete this period’ and then click
on save at the bottom.
82
Logs
Logs are essential for troubleshooting and monitoring the Edgeware storage
system.
Webedge Actions
Webedge actions page give you the ability to search logged actions that have been
executed by any webedge (web UI) administrator/user. Enter you search options and
click on search to get a listing of the logged webedge actions fitting your criteria.
System Logs
System logs page gives you access to 6 log files that are being continuously
logged. Click on any log file name under Log Destination to get 20 recent lines of logged
messages. You can increase the number of lines displayed from the View log file page.
You can also filter the log display by searching for a string or keyword.
83
Processes
The processes page gives you a list of the currently running processes in the
Edgeware operating system. You can sort the processes based on process ID (PID), User,
Memory used and CPU (on multiple processor system).
There is also a search option where you can search for processes based upon
different criteria.
The last ‘Run’ option is for advanced users who are Linux savvy and know which
process to execute.
84
Command Line
The Command Line module in the Maintenance section provides an encrypted
command line access to the system through your web browser. If the command line is
required to set or retrieve additional information, you may use this interface to call
commands just as you would within a keyboard console interface or SSH session. The
commands issued from the Command Line module, however, must not require a
response, as the Command Line module is NOT interactive. Edgeware server includes a
secure shell (SSH) program that allows SSH clients to login into a console over the
network. This access may be from a local area network (LAN) or a wide-area network
(WAN).
85
Integrity
The integrity of the files making up the OS is a fundamental part of the system
stability and reliability. Most known security exploits involve replacing, modifying or
corrupting some of the key OS files. The fundamental use of the system involves
comparing two databases with one being a reference database assumed to be of an OS in
a known state. The other database is generated from the current state of the OS.
Comparing the two databases then provides a list of changes based on two factors: 1) a
checksum; and 2) access or modification time.
Verify
The recommended usage of integrity is to initialize a database for a known system
and then store the database in a safe location. The database can be saved to a share
location and copied to a floppy or other storage media. The database is stored in the
/var/db/integrit directory as a hidden file (i.e., with a period prefix before the file name).
The initial database is named /var/db/integrit/.cenas_new.cdb and can also be copied to
another system by using the scp (secure copy) command from an SSH session:
scp /var/db/integrit/.cenas_new.cdb [email protected]:new_file_name.cdb
To verify the current database:
1. Select a reference system database that was saved previously by specifying a local
path or a remote path in ‘Upload the database’. The default location of the
database is /var/db/integrit/.cenas.cdb.
2. Check the box marked Update.
3. Click on Verify.
4. System database verification will commence. Accessing ‘Verify’ or ‘Results’
page will show the current status of the verification process. Figure 47 shows the
‘Verify’ page when verification is running.
5. After verification is complete you can view the results of verification in by
clicking on ‘Results’ from the main Integrity page. Figure 48 shows the page from
Webedge UI when the Results component hyperlink is clicked after verification
was run. This page shows a summary of the result.
6. Clicking on ‘Details’ will lead to a more detailed results page as shown in Figure
48, which shows a listing of changed and missing files.
86
Figure 47: Verify page when integrity verification is running
87
Figure 48: Verification results summary page
The list from the detailed results of the integrity verification can be very long depending
on how many changes occurred since the known database was generated. From Figure
49, it is possible to see both the access time and the SHA1 (i.e) checksum differ between
the two databases for the /var/db/integrit/.cenas_new.cdb file itself. This is expected since
the previous was probably your “known” database currently being compared, and the
new .cenas_new.cdb was generated more recently.
88
Figure 49: Detail listing of OS files changed after integrity verification was run
Save and Restore
Save and restore allows you to restore Edgeware NAS configurations and settings.
The Save and Restore page allows you to perform the following:
1. Save the reference OS integrity database.
2. System configuration backup.
Save the reference OS integrity database:
Here you can specify where to copy the reference OS integrity database to an easily
accessible location such as a share defined on the system, so that you can copy the
database to another network location.
89
Figure 50:
System Configuration Backup:
This option allows you to backup the configuration of the NAS such as network
settings share settings and volume settings etc, and at a later time restore the NAS to
those settings.
NOTE: To enable system configuration backup you have to create an OS integrity
database file from the Verify page. As long as there is an integrity database file created
this section would be enabled.
System Configuration Backup creates a .tar file with all the different types of
configurations you choose. You should save that file on another system and when the
need arises you can restore configuration of the NAS using that file.
Backing up NAS Configuration:
1. Select the configuration types you want to backup. The different types configurations
that you can backup and restore are:
90
Authentication: This contains all the configuration information about local users and
groups defined on the NAS.
Web Management: This contains all the configuration information about the webedge UI
administrative users and groups.
Shares: This contains all the configuration information about shares and network
protocols.
Volume: This contains all the configuration information about the volume groups and
logical volumes.
Network: This contains all the configuration information about TCP/IP networking,
LDAP and NIS.
Others: This contains all the miscellaneous configuration information; System Time,
Backup information, Backup schedules.
NOTE: Selecting Shares or Volume backs up the ACL on the filesystems also.
3. After selecting the backup configuration types, click on Process to backup the
configurations.
4. On the next page, click on the “Download backup file” link to save the .tar file to
another network location.
Figure 51: System Configuration Backup page
91
Restoring NAS Configuration:
1. Click on Restore.
2. Select the configuration types you want to restore.
3. Click on “Upload backup file” link and select a .tar file that you saved when you
backed up the configuration. If you do not upload a file, you can restore
configuration from the last backed up .tar file present in the local system, in this
case just click on process button.
NOTE: After clicking on process button the configuration will be restored and NAS will
be rebooted within 10 seconds.
92
CLUSTERING
The Clustering section allows the Edgeware Storage systems to discover, and provide IP
address failover and mirroring capability. The series of steps to follow is to:
1. Establish contact with all Webedge managed storage servers.
2. Form an authenticated Webedge server relationship.
3. Make sure each Webedge server has the same DNS and /etc/hosts file information
(i.e., use Host Addresses icon under the Network module).
4. Configure asynchronous (Mirroring) or synchronous mirroring (Sync).
NAS Servers Index
The first step in establishing an Edgeware Storage system “cluster” is to establish
a cluster group. In order to do this, you need to initiate contact with all the NAS servers.
The NAS Server Index module allows administrators to contact all the Webedge
managed servers on a broadcast subnet.
Figure 52: Wededge servers found on the local subnet.
93
Setting up NAS servers for mirroring:
1. Each Edgeware storage system listens for broadcasts initiated from the NAS
Server Index module on an Edgeware unit. Figure 52 shows how Webedge
managed storage systems are listed by the NAS Server Index module after issuing
a Broadcast for Servers request. By selecting the Broadcast for Servers button, a
UDP broadcast is issued on each valid IP address of the storage system's subnet,
and a response is requested. All the storage systems that respond are then listed
with their hostname and port as shown in Figure 52.
2. To enable asynchronous mirroring of a volume on an Edgeware system you need
to have a share defined on that volume. If you already have a share defined on the
remote system that you want to mirror proceed to the next step. If you do not have
a share defined on the volume of the remote NAS server that you want to mirror,
you can click on the hostname and port link of that NAS server and you will be
taken to the Webedge UI for that NAS server. There you can setup a share on the
desired volume from Share Manager. Make sure you enable the share for async
protocol. Restart the async server from the Network section.
3. Click on the ‘edit’ link of the remote server. You should get a page similar to the
one shown in Figure 53.
Hostname: The hostname and port should be already be populated with the
correct information.
Server Type: Server type should be selected as Edgeware Storage.
SSL server: Select yes for Edgeware Storage system or any other system that uses
SSL.
Description: The string that forms the link under the remote server on the NAS
servers index page (Figure 52).
Member of server groups: Management group for servers (Optional, for future
implementation).
Link Type: The Link type parameter allows the server to send stored
authentication information from one server to the next and then to make RPC
calls based on that authentication. Normal link to the server should be checked for
asynchronous mirroring. Synchronous mirroring requires you specify the web UI
username and password of this remote edgeware server.
Make fast RPC calls: Select yes.
4. Click on Save to apply the settings, you will returned to the NAS Servers Index
page.
94
Figure 53: Edit remote server mirroring options.
95
Mirroring (Asynchronous Mirroring)
Setting Up Asynchronous Mirroring:
Mirroring is Asynchronous mirroring that enables you to mirror a share on an
Edgeware system to another Edgeware system based on a schedule. For instance
when configuring from an Edgeware system A, the source share would be on an
Edgeware system B and the destination volume for the mirror would be on Edgeware
System A. Asynchronous mirroring creates an exact replica of the data on the
destination volume.
NOTE: The destination volume on Edgeware system A should be exclusively created
for mirroring as any data on the destination volume that is not present on the source
share is deleted by the mirroring process.
1. Click on Mirroring.
2. Click on Configure Remote Mirror.
3. Select a remote server from the list of available Edgeware servers. Make sure you
have configured that server from the NAS Servers Index page as shown above.
Link type should be set to ‘Normal link to server’.
4. Click on Next.
5. Select the share on the remote server that you want to mirror to this local server
from ‘Asynchronous Shares on the Server’ list. Make sure async protocol is
enabled for the remote share.
6. Select the destination volume by specifying a local volume on the local server.
7. Click Next.
8. Configure the mirroring schedule. You can select a predefined periods or specify
a custom time.
9. Click on Save to create the asynchronous mirror.
96
SYNC (Synchronous Mirroring):
Sync module allows you to mirror a pair of volumes between two edgeware
servers synchronously. It replicates data at the block level between a local host and a
remote host. Data modified on the source volume of the pair is immediately replicated to
the other volume in the pair. You could think of it as a network RAID-1.
The source or primary volume should have a share enabled on it to be configured to
synchronously mirror to another host. The host selected as primary (either the local host
or the remote host) will have the resource for the mirror and will have all the data on its
selected resource (share) sync up with the chosen destination volume.
Sync works with two Edgeware hosts. It defines a primary host which is the host that is
the source of the data to be synced; the SyncSource. The secondary host has the logical
volume that will be synced up with the share on the primary host. Once configured for
Sync the logical volume on the secondary host will be owned by Sync; you cannot use it
for any other purpose.
Right after configuration of a Sync pair, Sync will perform the initial sync up; that is
making the data blocks on the pair consistent to each other, even if there is no data
present on the logical volumes. Figure 52 shows an initial Sync up. This might take
several hours depending on the size of the volumes and the network bandwidth. During
this initial sync up a considerable network bandwidth will be utilized. After the initial
sync up has completed the
Setting up a synchronous mirror pair:
1. Click on Sync.
2. Click on Configure Mirror button.
3. Select a remote server from the list of available Edgeware servers. Make sure you
have configured that server from the NAS Servers Index page as specified above
and have entered the Edgeware administrative user and password for that server.
Click on Next.
4. Select the primary host and a remote host.
5. Select a NIC on both hosts from Available NICs that you want to be used to
transfer the Sync data packets, keeping in mind that Sync will use up a lot of
network bandwidth during the initial sync up. If you have NICs on more than one
subnet you should choose the subnet with more bandwidth and lesser network
traffic.
6. Select the destination mirror volume by specifying a logical volume on the
secondary server.
7. Click Next.
8. Select the synchronization speed on the next page. You can choose to give an
upper limit to the synchronization rate, slower the rate longer it will take for the
97
initial synchronization and any later resynchronizations to complete. The default
is 10 MB/sec and is the maximum bandwidth you can achieve on a 100Base-T
Ethernet.
9. Advanced configuration link gives you a page with more settings for Sync.
Normally you do not need to configure these settings.
10. Click on Save.
11. Verify your configuration on ‘Saved Synchronization Settings’ page as shown in
Figure 55 and click on start mirror to initiate the Sync process. Sync process will
make the data blocks in the pair consistent. Time to complete will depend on the
network rate and storage capacity of the volumes.
Once the initial Sync is complete and the mirrored pair is consistent, data written to the
resource/primary share will be immediately replicated to the secondary volume.
Figure 54: Selecting Sync mirror devices
98
Figure 55: Setting Sync mirroring properties
99
Figure 56: Advanced Sync settings
100
Figure 57: Final Sync mirror setup page
101
Figure 58: Sync mirror status page
Deleting a synchronous mirror:
1. On the mains Sync page, click on the link for the resource you want to delete.
2. On the Resource page, depending on which volume of the Sync pair was primary
and secondary, click on the button that is labeled ‘make remote secondary’ or
‘make local secondary’.
3. Once both devices are secondary, a ‘delete mirror’ button will be available. Click
on that button to delete the mirror.
102

Similar documents

×

Report this document