Openfiler Guide 1.1

OenIiIer v1.
1 Administratinn Guide
Copyrigll 2004, 2005 VoIuna Soflvaro Ild. AII riglls rosorvod
TabIe nI Cnntents
1. Introduction ............................................................................................. 1
1.1. Welcome ......................................................................................... 2
1.2. Iicensing Inlormation .................................................................... 3
1.3. Jrademark and CopyrigLt Inlormation ......................................... 3
2. Administration Interlace Cverview ......................................................... +
2.1. Accessing tLe Interlace .................................................................... +
2.2. Conliguration Fages Cverview ....................................................... +
3. Cpenliler System Setup .......................................................................... 28
3.1. Administrator Iogin ..................................................................... 29
3.2. Fassword Conliguration ............................................................... 31
3.3. System Jime Conliguration ......................................................... 33
3.+. Create Iogical Volumes ................................................................ 38
3.5. Conligure \ser Inlormation & AutLentication ........................... +2
3.6. Conligure Iocal etworks ........................................................... 55
3./. Create & Manage SLares ............................................................... 56
3.8. Allocate Cuota ............................................................................. 66
3.9. LnaLle Services .............................................................................. /1
+. Volume Management ............................................................................. /2
+.1. FLysical Volume Creation ............................................................ /3
+.2. Volume Croup Creation .............................................................. /+
+.3. SnapsLots ...................................................................................... /6
1. Intrnductinn
JLis section covers provides an introduction to Cpenliler Storage Conliguration
1
Centre and covers licensing and trademark inlormation.
1.1. WeIcnme
Welcome to tLe Cpenliler Storage Conliguration Centre Administration Cuide.
JLe Cpenliler Storage Conliguration Centre is a management interlace designed
to simplily management ol storage resources in Leterogeneous networks.
Cpenliler empowers storage administrators to simplily management ol storage
resources in tLe enterprise via an intuitive Lrowser-Lased interlace. Cpenliler is
ideal lor multi-platlorm networks wLere tLe workstations/servers are running
disparate operating systems sucL as Microsolt' Windows' 98/XF/2000, Mac
CS9/X', \IX' and Iinux'. A very unique leature ol Cpenliler is tLat it
Lridges tLe SA and AS paradigms on a network so tLat tLe entire scope ol
storage management tasks on an enterprise network could potentially Le man-
aged lrom one single console.
JLe main Leneliciaries ol Cpenliler are tLe storage and network administrators
wLose joLs are Lecoming increasingly more dillicult to carry out due to tLe
massive explosion in data prolileration on enterprise networks. JLere is data on
workstations, data on servers, data in SA islands and on AS appliances
scattered all over tLe network. JLe administrator is tasked witL managing tLese
disparate storage resources - Lring all users in a certain department into a single
storage domain, provide tLe MIS people witL more space lor tLeir Cracle-Lased
Lusiness intelligence applications, Lring in Llock-Lased storage volumes lrom tLe
SA into tLe lile-Lased AS environment to increase storage capacity lor IF cli-
ents on tLe network. JLese are just some ol tLe cLallenges tLat administrators
are laced witL on a daily Lasis, and Cpenliler is designed to make solving tLem
as simple as "point and click".
Cpenliler is designed consolidate and simplily management ol storage resources
in a network. In its initial standalone lorm, Cpenliler installed on a standard x86
Intel-Lased server or workstation turns tLat system into a lull-lledged AS appli-
Cpenliler v1.1 Adminis-
2
ance.
1.2. Licensing InInrmatinn
JLis document and tLe soltware it descriLes are governed Ly tLe terms ol tLe
C\ Ceneral FuLlic Iicense (CFI), wLicL is availaLle at: Lt-
tp://www.gnu.org/copylelt/gpl.Ltml
1.3. Trademark and Cnvright InInrmatinn
CopyrigLt 200+, 2005 Xinit Systems Itd, Voluna Soltware Itd. \K. All rigLts
reserved.
JLis document contains inlormation tLat is suLject to cLange witLout notice
and is not representative ol a commitment on tLe part ol Xinit Systems or
Voluna Soltware. JLis Administrator Cuide descriLes tLe Cpenliler Storage
Conliguration Centre wLicL is governed Ly tLe C\ CFI. Cpenliler Storage
Conliguration Centre may only Le used in accordance witL tLe terms ol tLe
C\ CFI.
1.3.1. Trademarks
Cpenliler, JLe Cpenliler moniker, Xinit Systems, tLe Xinit Systems moniker,
Voluna & Voluna Soltware, and tLe Voluna Soltware moniker are trademarks ol
Xinit Systems Itd. and Voluna Soltware Itd.
Windows, Windows J, Windows 95, Windows 98, Windows XF, Windows
2000, Windows 2003, Microsolt, Internet Lxplorer, and Active Directory are re-
gistered trademarks ol Microsolt Corporation.
]ava and Solaris are registered trademarks ol Sun Microsystems Inc.
MacCS, MacCS X, AppleJalk, MacintosL and Salari are registered trademarks
ol Apple Corporation.
3
XIS and Irix are trademarks or registered trademarks ol SCI Inc.
AIX and ]IS are trademarks or registered trademarks ol IBM Corporation.
Red Iat, Red Iat Lnterprise Iinux and Iedora are trademarks or registered
trademarks ol Red Iat Inc.
SuSL Iinux 8.0, SuSL Iinux 9.0 and SuSL Iinux Lnterprise Server 8 are trade-
marks or registered trademarks ol SuSL Iinux and ovell Inc.
etware is a registered trademark ol ovell Inc.
Iinux is a registered trademark ol Iinus Jorvalds.
2. Administratinn InterIace Overview
JLis section descriLes tLe Cpenliler Storage Conliguration Centre management
interlace. Il tLe Administrator is already conversant witL tLe interlace and
wisLes to start conliguration ol network storage resources, please proceed to sec-
tion 3 ol tLis document.
2.1. Accessing the InterIace
Jo access tLe interlace, open a weL Lrowser and estaLlisL a connection witL tLe
system running Cpenliler Ly pointing tLe Lrowser at tLe conligured IF address
ol tLe Cpenliler system. JLe network port lor tLe interlace is ++6. Jo access tLe
interlace, use tLe IJJFS protocol:
https://<IP or hostname>:446/
2.2. CnnIiguratinn Pages Overview
JLis section descriLes all tLe conliguration sections in tLe administration inter-
lace, giving a Lriel description ol wLat is included in tLe respective taLs.
tration Cuide
+
2.2.1. Hnme
JLe lirst page tLe administrator sees is tLe login screen. Lnter tLe administrator
username "openliler" and tLe delault administrator password "password" in tLe
provided lields.
Iigure 1. Home - login screen
2.2.2. Accnunts Sectinn
JLe Accounts Section consists ol lour taLs leading to lour dillerent suL-sections.
2.2.2.1. Authenticatinn - User InInrmatinn CnnIiguratinn
JLe Uscr In/ormatton Con/tguratton suL-section provides a means ol selecting dil-
lerent metLods ol retrieving user inlormation on tLe network. JLis user inlorm-
ation is used in otLer sections ol tLe Cpenliler Storage Conliguration Centre lor
granting access control to groups and users. Cpenliler supports user inlormation
retrieval lrom tLe lollowing network directory protocols:
IS - etwork Inlormation System
tration Cuide
5
IDAF - IigLt-weigLt Directory Access Frotocol
Windows DC - Windows Domain Controller
Iesiod - Domain ame Service user records
Iigure 2. Lser InIormation ConIiguration screen
Details aLout eacL ol tLe Uscr In/ormatton Con/tguratton protocols is Leyond tLe
scope ol tLis document.
JLe Usc NIS cLeckLox sLould Le selected to conligure tLe system as a IS client
to a IS server running elsewLere on tLe network lor user inlormation and au-
tLentication. JLe Domain lield is lor specilying tLe IS domain wLicL tLe
6
Cpenliler appliance is to Le a memLer ol. JLe Server lield is lor explicitly set-
ting tLe IF address or Lostname ol tLe system tLat is running tLe IS service.
Mote
A NIS Domatn sLould not Le conlused witL a Wtndous Domatn.
Il tLe Server lield is lelt Llank, tLe system will attempt to lind tLe IS
server via Lroadcast on tLe local network.
JLe Usc LDAP cLeckLox sLould Le selected il uscr and group inlormation sLould
Le imported lrom and IDAF server. JLe TLS cLeckLox sLould Le selected il
Jransport Iayer Security is to Le used lor tLe communications witL tLe IDAF
server. JLe Server lield is lor specilying tLe IDAF server wLicL can Le
entered eitLer as an IF address or a lully qualilied system Lostname. JLe Base
DN lield is lor entering tLe IDAF searcL Lase D. JLe Bind D and Bind Fass-
word lields are lor specilying tLe Lind D as a distinguisLed name in IDAF
lormat, and tLe corresponding Lind password lor use wLen perlorming IDAF
operations. JLese lields may Le lelt Llank il no Lind D is applicaLle - i.e an-
onymous Lind is supported Ly tLe IDAF server. JLe Root Bind D and Root
Bind Fassword lields are lor specilying tLe administrator Lind D as a distin-
guisLed name in IDAF lormat, and tLe corresponding administrator Lind pass-
word lor use wLen perlorming IDAF operations. JLese lields may Le lelt Llank
il no administrator Lind D is applicaLle. JLe administrator Lind D will usu-
ally Le necessary wLen tLe directory supplies users to Le used witL tLe SMB/CI-
IS protocol. JLe Iogin SMB server to root D cLeckLox must Le cLecked at
least once wLen applying new directory cLanges so tLat tLe SMB/CIIS server
can log into tLe IDAF directory server using tLe Root Bind D. Root Bind
DN, Root bind password and Login SMB server to root DN are
only applicaLle wLen using IDAF lor SMB/CIIS client autLentication.
Warning
JLe Cpenliler interlace does not prevent multiple user inlormation con-
/
liguration metLods lrom Leing selected simultaneously. Administrators
sLould proceed witL caution wLen using more tLan one directory server
to prevent clasLes Letween identical user ID and group ID entries in diller-
ent conligured directory services. More tLan one Uscr In/ormatton pro-
tocol sLould Le selected only wLen tLere is a guarantee tLat identical
entries do not exist in tLe dillerent directories.
JLe Usc Wtndous domatn contro//cr and autbcnttcatton cLeckLox sLould Le selec-
ted il users and groups in a Windows domain are to Le allowed access to tLe stor-
age resource on tLe Cpenliler appliance. Cpenliler now supports LotL standard
J+ domain controllers as well as native and mixed-mode Active Directory au-
tLentication. Ior native-mode Active Directory servers, tLe Active Directory ra-
dio Lutton must Le selected, and lor mixed-mode or J+-domain controllers,
tLe J+-style Domain (RFC) radio Lutton must Le selected. JLe Domain lield
must contain tLe domain name only wLen using mixed-mode or J+-style Do-
main, otLerwise tLis lield sLould Le lelt Llank. JLe Domain controllers
lield is lor entering tLe IF address or lully qualilied Lostname ol tLe domain con-
trollers (FDC or AD) lrom wLicL user inlormation sLould Le imported. JLis
lield is required regardless ol wLetLer Active Directory or J+-style radio Lut-
ton is selected. Il native mode Active Directory is tLe desired autLentication
mecLanism, tLen tLe ADS realm inlormation must Le entered. JLe user and
group lists are imported lrom tLe network domain controller(s) and mapped to
local user IDs and group IDs Lased on tLe settings entered in tLe UID range
and GID range lields. JLe LDAP ID map server and LDAP ID map
suffix entries are required il IDAF will Le used lor \ID/CID mapping syn-
cLronization. JLis setting is required il tLere are going to Le multiple Cpenliler
appliances on tLe network and \ID/CID mappings need to Le unilorm across
tLe set ol Cpenliler installation instances. JLe Join domain cLeckLox is lor
registering tLe Cpenliler appliance witL tLe domain controller. JLe Adminis-
trator username lield is lor entering tLe administrator username ol tLe do-
main controller lor tLe domain wLicL tLe Cpenliler appliance is to join. JLe
Administrator password lield is lor entering tLe administrator password
tration Cuide
8
ol tLe domain controller lor tLe domain wLicL tLe Cpenliler appliance is to
join.
Mote
JLe Usc Wtndous domatn contro//cr and autbcnttcatton option works in
conjunction witL tLe S/B sctttngs lound in tLe Scrvtccs taL ol tLe Cpen-
liler Storage Conliguration Centre. JLe etBICS name entered in tLe Scr
vtccs - S/B Sctttngs section will Le tLe name used to register tLe Cpen-
liler appliance witL tLe domain controller.
JLe UID rangc and CID rangc lields allow tLe Cpenliler administrator to
set tLe range ol \ID and CID mappings lrom Windows to \nix. Il more
tLan one Uscr In/ormatton protocol is selected in addition to using tLe
Wtndous domatn contro//cr and autbcnttcatton tLen care must Le taken to
ensure tLat tLe range will not clasL witL \IDs and CIDs in one ol tLe
otLer user autLentication metLods.
JLe \se Iesiod cLeckLox sLould Le selected il user and group inlormation
sLould Le imported lrom a remote Iesiod dataLase. Iesiod is an extension to
DS tLat uses DS records to store inlormation sucL as user and group data.
JLe LHS lield is lor specilying tLe domain prelix used lor Iesiod queries. JLe
RHS lield is lor specilying tLe delault Iesiod domain.
Mote
JLe Iesiod protocol in tLis context is intended to work in comLination
witL a KerLeros autLentication server, wLicL can Le conligured in tLe Au
tbcnttcatton Con/tguratton suL-section ol tLe Accounts page.
2.2.2.2. Authenticatinn - Authenticatinn CnnIiguratinn
JLe AutLentication Conliguration suL-section Lelow provides a means ol select-
ing dillerent autLentication mecLanisms lor network clients accessing services on
tLe Cpenliler appliance. JLese autLentication mecLanisms are used in conjunc-
tration Cuide
9
tion witL tLe user Inlormation provided Ly directory servers sucL as IDAF and
Iesiod. Cpenliler supports tLe lollowing autLentication metLods:
IDAF AutLentication - wLere user inlormation is stored along witL tLeir
password in an IDAF directory
KerLeros 5 - can Le used in conjunction witL IDAF or Iesiod lor autLentic-
ation
SMB AutLentication - uses one or more SMB servers on tLe network to au-
tLenticate users
Iigure 3. Authentication ConIiguration screen
10
JLe Usc LDAP Autbcnttcatton cLeckLox sLould Le selected il IDAF is to Le tLe
autLentication mecLanism. IDAF entries must Lave user password inlormation
stored along witL tLe username. JLe Usc TLS cLeckLox enaLles or disaLles tLe
use ol Jransport Iayer Security wLen communicating witL tLe IDAF server.
JLe Server lield is lor specilying tLe IF address or lully qualilied Lostname ol
tLe IDAF server. JLe Base DN lield is lor specilying tLe retrieval ol user in-
lormation Ly its DistinguisLed ame.
Mote
LDAP settings in tLe Uscr In/ormatton Con/tguratton suL-section are auto-
matically propagated to tLe Autbcnttcatton Con/tguratton suL-section and
vice-versa.
JLe Usc Kcrbcros 5 cLeckLox sLould Le selected il KerLeros is to Le used as tLe
autLentication mecLanism. \sually tLis is used in conjunction witL eitLer
IDAF or Iesiod directories. JLe Realm lield is lor specilying tLe realm lor tLe
KerLeros server. JLe realm is analogous to a domain in IS and is tLe network
tLat uses KerLeros lor autLentication. A realm can consist ol more tLan one
server. JLe Cpenliler appliance will Le a client ol tLe KerLeros realm. JLe KDC
lield is lor specilying tLe Kcy Dtstrtbutton Ccntcr wLicL is tLe server responsiLle
lor issuing KerLeros tickets. JLe Admin Server lield is lor specilying a
comma separated list ol KerLeros administration servers.
JLe Usc S/B Autbcnttcatton cLeckLox sLould Le selected il autLentication is to
Le done via an SMB server. JLis could Le a Wtndous or Samba server on tLe net-
work capaLle ol autLenticating users. JLe Workgroup lield is lor specilying tLe
name ol tLe Workgroup to use. JLe Domain Controller lield is lor specily-
ing tLe domain controller on tLe network to use.
2.2.2.3. List nI Grnus
JLe Iist ol Croups taL allows tLe Administrator to view group inlormation im-
ported lrom tLe dillerent servers enaLled and conligured in tLe Autbcnttcatton
11
taL. Inlormation is displayed in a taLular lormat witL tLe column Leadings:
CID - tLe group ID
Croup ame - tLe name ol tLe group
Croup Jype - tLis lists tLe type ol directory server tLat eacL individual
group is imported lrom
Iigure 4. List oI Groups screen
Clicking on tLe taLle Leaders CID, Croup Namc and Croup Typc, will sort tLe
list ol entries Ly CID, Croup Namc and Croup Typc respectively. Clicking on
tration Cuide
12
items in tLe group name column itsell pops up a window witL group memLer-
sLip inlormation. JLe group list is paginated to present up to ten group names
per page. JLe Administrator can navigate tLe list lorward or Lackward Ly using
tLe links provided in tLe taLle Leader. Clicking on an individual group name
link will present a popup witL a list ol all tLe memLers ol tLat particular group.
Mote
JLis version ol Cpenliler does not support tLe addition and deletion ol
users and groups. JLis is Lecause users are Leing pulled in to tLe system
lrom external directories sucL as IDAF or Windows FDC/AD and tLere
is no unilorm mecLanism to add or delete users on tLese directory servers
remotely. Iuture versions ol Cpenliler may Lave support lor addition and
deletion ol users and groups via a local instance ol an IDAF directory
server.
2.2.2.4. List nI Users
JLe Ltst o/ Uscrs taL allows tLe administrator to view user inlormation imported
lrom tLe dillerent directory servers enaLled and conligured in tLe Autbcnttcatton
taL. Inlormation is displayed in a taLular lormat witL tLe column Leadings:
\ID - tLe user ID
\ser ame - tLe name ol tLe user lor tLe corresponding \ID
\ser Jype - tLe type ol tLe user (IDAF, IS, etc)
Frimary Croup - tLe primary group lor tLe user
Croup Jype - tLe user group type (IDAF, IS, etc)
Iigure 5. List oI Lsers screen
tration Cuide
13
Clicking on tLe taLle Leaders UID, Uscr Namc, Uscr Typc and Prtmary Croup
will sort tLe list ol entries Ly eacL ol tLe respective Leaders.
2.2.2.5. Admin Passwnrd
JLe Admtn Passuord taL opens up a page lor cLanging tLe Cpenliler adminis-
trator password. JLe administrator username, opcn/t/cr, cannot Le cLanged.
Iigure 6. Admin Password screen
1+
In order to cLange tLe administrator password, tLe current administrator pass-
word is required lor security reasons. JLree lields need to Le lilled to cLange tLe
password. JLe Current Password lield is lor entering tLe current working
password lor tLe Cpenliler administrator account. JLe New Password lield is
lor entering tLe desired new password. JLe Confirm New Password lield is
lor entering tLe desired new password again lor conlirmation. JLe SuLmit Lut-
ton is lor committing cLanges. JLe Clear Lutton will clear all lields il an error is
made witL input.
2.2.3. VnIumes Sectinn
JLe Volumes Section consists mainly ol two taLs leading to two dillerent pages.
2.2.3.1. Existing VnIumes
15
JLe Lxisting Volumes taL opens up a page lor managing existing volume groups.
Inlormation and lacilities provided on tLis page include:
JaLular display ol Llock storage statistics lor all volume groups on tLe sys-
tem along witL a pie-cLart ol tLe volume group's partitioning.
JaLular display ol individual volume slices witLin volume groups on tLe sys-
tem, and tLeir lilesystem usage inlormation, and tLe aLility to edit snapsLot
allocation lor tLe volumes
A means to edit tLe properties ol individual volumes or delete volumes.
Iigure 7. Existing Volumes screen
tration Cuide
16
All volume groups, once conligured, will Lave a cluster ol logical volumes tLat
are part ol tLat volume group. Individual volumes enaLle administrators to pLys-
ically limit tLe storage capacity exported on a per-sLare Lasis, and also set re-
source controls sucL as quotas.
SnapsLots are point-in-time copies ol a volume. SnapsLots can Le created lor in-
dividual volume slices once tLe volume slices Lave Leen created in tLe Crcatc
Ncu Vo/umc page. Clicking on tLe Create or Manage links in tLe SnapsLots
column in tLe list ol volumes takes you to tLe snapsLots management suL-
section lor tLat volume. In tLis suL-section, tLe administrator can look at tLe list
ol existing snapsLots and also create new snapsLots. Volume snapsLots are imple-
mented using a copy-on-write mecLanism. JLis means tLat space allocated to
snapsLots is utilized wLenever any updates are made to tLe data Llocks on tLe
source volume alter tLe snapsLot is created. JLe display sLows tLe current Llock
utilization ol tLe snapsLot and tLe maximum allocated space wLicL can Le exten-
ded using tLe SnapsLot size column and tLe Save Lutton. JLe SLare contents
lield is used to indicate wLetLer tLe read-only snapsLot is made availaLle lor
sLaring using tLe original volume's sLare settings.
JLe administrator can scLedule snapsLots to Lappen automatically in an unat-
tended manner. Jo do tLis, tLe administrator provides tLe Interval in Lours lield
and tLe Rotate count lield, apart lrom tLe size and sLare option. JLe snapsLot
scLedule tLen starts lrom tLe next midnigLt and snapsLots Lappen at tLe con-
ligured intervals in time. Cnce a numLer ol snapsLots equal to tLe Rotate count
are taken, tLe next scLeduled snapsLot will automatically delete tLe oldest snap-
sLot. Ience snapsLots are rotated in tLis way so tLat at any time, tLe maximum
numLer ol snapsLots in rotation equals tLe Rotate count.
2.2.3.2. Create New VnIume
JLe Create ew Volume taL opens up a page lor creating new volumes. Block
storage statistics lor eacL volume group is summarized in a taLle.
tration Cuide
1/
Jotal Space - tLe total amount ol availaLle storage lor tLe volume group in
Lytes, megaLytes and gigaLytes
\sed Space - tLe total amount ol used space lor tLe volume group in Lytes,
megaLytes and gigaLytes
Iree Space - tLe total amount ol used space lor tLe volume group in Lytes,
megaLytes and gigaLytes
IurtLermore, tLe administrator will Le aLle to create logical volumes witLin
eacL volume group. JLe Volume ame lield is lor setting tLe name ol tLe new
volume. JLis volume name lield sets tLe patL lor tLe volume under tLe openliler
patL eg.:
/mnt/openfiler/<new_volume_name>/
JLe Volume Description lield is lor setting a natural descriptive name lor
tLe soon to Le created volume. JLis will provide tLe administrator witL a means
ol easily identilying tLe volume in dillerent sections ol tLe management inter-
lace. JLe Required Space lield is lor specilying tLe amount ol space to alloc-
ate to tLe volume. JLe Filesystem type dropdown allows tLe administrat-
or to select wLat lilesystem to use lor tLe logical volume. JLe Cnce all lields
Lave Leen satislactorily lilled in, tLe administrator can click tLe Create Lutton to
commit cLanges, and create tLe volume.
2.2.4. Qunta Sectinn
JLe Cuota section consists ol a single page lor setting group quotas.
2.2.4.1. Grnu Qunta
JLe Croup Ouota page allows tLe administrator to set per-volume quotas lor in-
dividual groups accessing storage resources on tLe Cpenliler appliance. In order
lor tLe settings lor Croup Ouota to Le visiLle, at least one volume must exist. Il
18
tLere are no existing volumes, clicking on tLe Ouota taL will redirect to tLe
Vo/umcs taL, wLere tLe administrator needs to create new volumes on wLicL to
allocate quota. Ior more inlormation aLout quota allocation, please see tLe Sys
tcm Sctup section.
Iigure 8. Quota screen
2.2.5. Shares Sectinn
JLe SLares Section consists ol two taLs leading to two dillerent pages lor creat-
ing and viewing sLares and snapsLots ol sLares. SLares are lilesystem locations
tLat are exported via any one ol tLe lile-Lased storage export protocols suppor-
ted Ly Cpenliler, sucL as IS and SMB/CIIS. SLares are created witLin suL-
directories ol logical volumes. At least one logical volume must exist Lelore a
19
sLare can Le created. Cnce a logical volume Las Leen created, tLe administrator
can click on tLe Sbarcs taL and tLe list ol logical volumes tLat Lave Leen created
will sLow up in tLe Ltst o/ Sbarcs, under wLicL suLdirectories and, suLsequently,
sLares can Le created.
Iigure 9. List oI Shares screen
2.2.5.1. List nI Current Shares
JLe Ltst o/ Currcnt Sbarcs taL opens up a page lor creating sLares witLin delined
logical volumes. LacL logical volume tLat Las Leen delined in tLe Vo/umcs sec-
tion will Le listed on tLis page. JLe administrator can tLen click on any logical
volume to create suLdirectories ol tLe logical volume wLicL in turn can contain
tration Cuide
20
cLild nodes to Le converted to sLares, or Le converted into sLares tLemselves.
2.2.5.2. List nI Snashnt Shares
JLe Ltst o/ Snapsbot Sbarcs taL opens up a page tLat lists all existing snapsLots ol
logical volumes. JLe administrator Las tLe option ol enaLling sLaring ol a snap-
sLot in tLe snapsLots page ol tLe logical volume in question, wLicL will allow
users access to point-in-time copies ol tLeir data. Il tLe administrator enaLles
sLaring on tLe snapsLot ol a logical volume, tLe Iist ol SnapsLot SLares page
lists wLicL snapsLots are enaLled lor sLaring along witL tLe corresponding sLare
names and locations on tLe lilesystem.
Iigure 10. List oI Snapshot Shares screen
tration Cuide
21
2.2.6. Services Sectinn
JLe Services Section consists ol two taLs leading to two dillerent pages, lor en-
aLling and disaLling services, and conliguration ol SMB settings.
2.2.6.1. EnabIe/DisabIe
JLe Enab/cDtsab/c taL opens up a page lor starting and stopping network
lilesystem services. Cpenliler allows storage resources to Le exported via a num-
Ler ol protocols. JLe corresponding services lor tLese protocols can Le managed
lrom tLis page. Storage export services are listed in a taLle witL tLree columns:
Service ame - tLe name ol tLe storage export service.
Status - sLows wLat tLe current status ol tLe service.
Modilication - allows tLe administrator to enaLle or disaLle eacL individual
service.
Iigure 11. Enable/Disable screen
22
2.2.6.2. SMB Settings
JLe S/B Sctttngs taL opens up a page lor entering SMB settings lor tLe Cpenliler
appliance. Cptions tLat can Le set include Server String, NetBIOS name,
WINS server, encrypted or plaintext passwords lor SMB/CIIS and designa-
tion ol a particular logical volume as tLe volume lor tLe SMB/CIIS-specilic
Homcs sLare.
Iigure 12. SMB Settings screen
23
JLe Server string lield is lor assigning tLe name ol tLe Cpenliler appli-
ance. JLis name is wLat will sLow up in tLe Lrowse list in tLe network neigL-
LourLood. JLe NetBIOS name lield is lor setting tLe etBICS name ol tLe
Cpenliler appliance, wLicL will suLsequently Le used wLen registering tLe appli-
ance witL a domain controller. JLe WINS server lield is lor designating a
comma-separated list ol WIS servers on tLe network. JLe Passwords drop-
down list allows tLe Administrator to select wLetLer plaintext or encrypted
passwords sLould Le used lor autLentication witL tLe selected directory server /
\ser Inlormation conliguration setting. JLe SMB homes volume dropdown
is lor selecting wLicL logical volume tLe special SMB/CIIS Iomes sLare will Le
located on.
2.2.7. Svstem Sectinn
tration Cuide
2+
JLe System Section consists ol tLree taLs leading to tLree dillerent pages lor con-
liguring local networks, system clock and sLutting down tLe system.
2.2.7.1. LncaI Netwnrks
JLe Local Metworks taL opens up a page lor setting networks tLat are allowed
to access resources exported Ly tLe Cpenliler appliance. JLis is used lor net-
work-level access control. etworks and Losts tLat will need to access resources
lrom tLe Cpenliler appliance are lirst added to tLis list, and tLe individuals Losts
and networks are tLen assigned access to particular sLares in tLe sLares section.
etworks and Losts are listed in a taLle witL lour columns:
Delete - a row witL a cLeckLox selected in tLis column will Le deleted wLen
tLe update Lutton is clicked.
ame - tLis lield is lor specilying a logical intuitive name to tLe Lost or net-
work tLat will Le accessing sLares (eg. "Cllice etwork", "Iinance Worksta-
tion", and "Sales Desktop" witLout tLe quotes)
etwork - tLis lield is lor specilying tLe IF address ol tLe Lost or network
tLat will Le accessing resources on tLe Cpenliler appliance (eg. 192.168.1.0)
etmask - tLis is lor specilying tLe etmask lor tLe Lost or network tLat
will Le accessing resources on tLe Cpenliler appliance (eg. 255.255.255.0)
Mote
o storage resources on tLe Cpenliler appliance can Le accessed lrom any
Lost or network tLat is not specilied in tLe Loca/ Nctuor/s con/tguratton
list. JLe only exception to tLis is tLe special SMB/CIIS Iomes sLare set-
ting, wLicL allows autLenticated users access to tLeir Lome directory.
Iigure 13. Local Metworks screen
tration Cuide
25
2.2.7.2. CInck
JLe Clock taL opens up a page lor setting system time. JLe administrator Las
tLe option ol setting tLe system time manually or using a remote network time
protocol (JF) server. JLe administrator can also set tLe system timezone.
Iigure 14. Clock screen
26
Mote
It is important tLat system time is accurate. WLenever possiLle, tLe admin-
istrator sLould elect to use an JF server.
2.2.7.3. Shutdnwn
JLe SLutdown taL opens a page tLat will allow tLe administrator to sLutdown
tLe system. JLe administrator Las tLe option ol sLutting down tLe system im-
mediately or alter a specilied interval. JLe administrator can elect to Lave lilesys-
tems cLecked on startup.
Iigure 15. Shutdown screen
2/
JLere are two types ol sLutdown actions. JLe Shutdown and halt radio-
Lutton is lor powering down tLe system. JLe Reboot radio-Lutton is lor per-
lorming a warm reLoot ol tLe system. JLe minutes lield ol tLe Dc/ay bc/orc
sbutdoun option is lor setting time interval alter wLicL tLe system will perlorm
tLe sLutdown operation. Il tLe Check filesystems on startup cLeck-
Lox is selected, wLen tLe system Loots up, a lilesystem cLeck will Le perlormed
on all volumes.
3. OenIiIer Svstem Setu
JLis section deals witL out-ol-tLe-Lox Cpenliler appliance setup and conligura-
tion. Administrators sLould lollow tLe sequence ol steps to quickly get an Cpen-
liler installation up and serving storage via lile-Lased storage export protocols.
tration Cuide
28
3.1. Administratnr Lngin
JLe Cpenliler Storage Conliguration Centre is IJMI-Lased and XIJMI 1.0
Jransitional conlormant. A standard weL-Lrowser wLicL supports ]avaScript is
all tLat is required to access tLe interlace and perlorm administrative tasks. JLe
administrator sLould point tLe weL-Lrowser to tLe IF address ol tLe Cpenliler
appliance to estaLlisL a connection. Il tLe IF address ol tLe Cpenliler appliance
Las Leen entered into a local DS, tLe Lostname can Le used instead. JLe man-
agement interlace operates on port ++6 and runs in encrypted mode using SSI so
tLe IJJFS protocol \RI sLould Le used in tLe navigation Lar to access tLe in-
terlace. Lxample:
bttps:opcn/t/crapp/tancc.cxamp/cdomatn.com:446 or
bttps:192.168.1.17:446
Cnce a successlul connection Las Leen estaLlisLed tLe administrator is presented
witL a security certilicate cLallenge. JLis is a sell-signed certilicate, Lence tLe
warning. It is sale to click tLe CK Lutton and continue.
Iigure 16. Security certiIicate challenge
tration Cuide
29
Alter clicking tLe CK Lutton, tLe administrator is presented witL tLe Cpenliler
login screen. JLe Cpenliler administrator account username is "openIiler". JLe
delault password is "password". BotL tLe username and password are case sensit-
ive. Froceed to enter tLe username and password in tLe designated lields.
Iigure 17. Login screen
Cnce tLe username and password Lave Leen entered, tLe administrator sLould
proceed Ly clicking on tLe Login Lutton. Alter logging in, tLe administrator is
presented witL tLe main Cpenliler conliguration pages. JLe delault page alter
logging in is tLe Accounts and autbcnttcatton section. Ior security reasons, tLe
very lirst task to perlorm is to cLange tLe administrator password lrom tLe de-
30
lault password, to a more secure password.
Iigure 18. DeIault login screen
Jo cLange tLe administrator password, click on tLe Admtn Passuord taL, tLis
will open a page wLere tLe administrator password can Le cLanged.
3.2. Passwnrd CnnIiguratinn
CLanging tLe administrator password is simple. JLe administrator is presented
witL tLree lields. In tLe Current Password lield, enter current administrator
password (currently tLe delault password - "password"). In tLe New Password
lield, enter tLe desired new administrator password. In tLe Confirm New
31
Password lield, re-enter tLe desired new password.
Iigure 19. Admin password screen
Cnce all lields Lave Leen completed, click tLe Submit Lutton to continue. Il a
mistake is made in any ol tLe entry lields, clicking tLe Clear Lutton will clear
all entries in tLe lorm.
Mote
All lields need to Le completed accurately lor tLe administrator password
cLange to Le committed. Il tLere is a mismatcL Letween tLe New Pass-
word and Confirm New Password lields, a notilication will indicate
tration Cuide
32
tLis. Iowever, any otLer discrepancies will simply reload tLe page and tLe
administrator password will remain tLe same as it was Lelore tLe cLange
process was initiated.
3.3. Svstem Time CnnIiguratinn
It is imperative tLat tLe system time is set correctly Lelore users are allowed to
store data on tLe system. Jo set tLe system time, click tLe Ccncra/ taL tLen click
tLe C/oc/ taL. System time can Le set manually or tLe system clock can Le
synced witL a time server. Il tLe system running Cpenliler Las a route to Inter-
net, it is Letter to set tLe system time using a time server. Il tLere is no route to
tLe Internet, tLen system time must Le set manually. Jo set system time manu-
ally, scroll down to tLe Sct systcm c/oc/ manua//y suL-section ol tLe C/oc/ taL.
WLen tLe Clock page is reloaded, tLe system time at tLe point wLen tLe page
was loaded will Le displayed in tLe Sct systcm c/oc/ manua//y suL-section.
Iigure 20. Set system clock manually - Date
tration Cuide
33
Jo set tLe system date, use tLe drop down listLoxes provided in tLe Datc row.
JLe lirst listLox is lor selecting tLe day ol tLe montL. JLe second listLox is lor
selecting tLe montL ol tLe year. JLe tLird listLox is lor selecting tLe year. Select
desired values lor all tLree options.
Iigure 21. Set system clock manually - Time
3+
Jo set tLe system time, use tLe drop down listLoxes provided in tLe Jime row.
JLe lirst listLox is lor selecting tLe Lour ol tLe day. JLe second listLox is lor se-
lecting tLe minutes ol tLe Lour. Select desired values lor tLe two options. Cnce
all tLe Data and Jime options Lave Leen satislactorily selected, tLe system data
and time can Le set Ly clicking on tLe Set date/time Lutton.
Iigure 22. Set system clock manually
35
Mote
Il tLe system time is wrongly set, any liles tLat are suLsequently stored on
tLe lilesystem will Lave tLe wrong timestamp. A way to ensure tLat tLe
correct time is set is to use a trusted network time server.
JLe Set system clock using JF suL-section lets tLe administrator set tLe system
time automatically lrom a network time server tLat will provide an accurate
time. Setting tLe system time using JF is as simple as selecting one ol several
timeservers lrom tLe provided list in tLe dropdown menu and clicking on tLe
Set date/time Lutton once tLe desired selection Las Leen made.
tration Cuide
36
Iigure 23. Set system clock using MTP
JLe system timezone must Le set in conjunction witL tLe system date and time.
Scroll down to tLe Ttmczonc suL-section and select tLe correct timezone lrom
tLe list. Il tLe system clock uses \niversal Jime Constant (\JC), tLen tLe
System clock uses UTC cLeckLox sLould Le cLecked. Cnce tLe desired se-
lections Lave Leen made, click tLe Set timezone Lutton to commit tLe
cLange.
Iigure 24. Timezone
tration Cuide
3/
JLe next step in setting up tLe system is to create storage volumes.
3.4. Create LngicaI VnIumes
A logical volume (volume slice) is tLe lundamental storage unit witLin wLicL
sLares are created. A logical volume is a slice ol tLe total disk space availaLle. Io-
gical volumes allow tLe administrator to pLysically separate dillerent organisa-
tional units or applications on tLe storage appliance. Ior instance, tLe sales de-
partment could Le pLysically allocated 100CB ol storage and tLe linance depart-
ment can Le allocated /0CB ol storage. Jo create a logical volume, click on tLe
Volumes taL. JLis will open tLe main Volumes page wLicL sLows statistics lor
38
existing volumes. At tLis point tLe only volume group in existence is tLe main
volume group, opcn/t/cr, lrom wLicL volume slices will Le created. JLese volume
slices can suLsequently Le accessed in tLe Sbarcs section and sLares created witLin
tLem. Froceed to create a volume slice Ly clicking on tLe Crcatc Ncu Vo/umc
taL. JLe availaLle volume groups on tLe system are listed sequentially in alpLa-
Letical order. Scroll down to tLe volume group wLere tLe logical volume is to Le
created.
Iigure 25. Create Mew Volume
Jo create a new volume slice, a name, description and desired space in megaLytes
are required. Lnter tLe desired name lor tLe volume slice tLat is to Le created.
39
JLis lield is tLe on-disk lilesystem unixname. It sLould resemLle tLe name one
would give to a lile on tLe lilesystem. JLe name sLould not contain any spaces.
All entries are created under tLe /mnt/<vgname patL on tLe lilesystem. So in
tLis case entering "sales" in tLe Volume ame lield will create a volume slice and
mount it in /mnt/<vgname/sales/. JLe Volume Description lield allows tLe
administrator to set a logical name to descriLe tLe volume in tLe SLares section
wLere sLares are created witLin volumes. In tLis case, tLe Volume Description
Las Leen set to Salesdata. JLe Required Space lield is lor entering tLe desired
space in MB lor tLe volume slice. Ior example to allocate 100CB to tLe sales
volume, enter 100000 in tLe Required Space lield. Cnce all tLe lields Lave Leen
correctly lilled, click tLe Create Lutton to create tLe volume slice. Cnce tLe
volume slice Las Leen created, tLe administrator will Le automatically redirected
to tLe Lxisting Volumes page wLere statistics lor tLe newly created volume can
Le viewed.
Iigure 26. Existing Volumes - sales
tration Cuide
+0
1
JLe minimum volume size Las cLanged lrom +MB to 32MB. 32MB is tLe delault pLysical extent size in IVM1 wLicL is tLe volume manager
used in Cpenliler 1.1.
Additional volume slices can Le created Ly clicking on tLe Create ew Volume
taL and entering tLe desired inlormation in tLe provided lields. Repeat tLe
volume creation step and add as many dillerent volume slices as desired up to tLe
maximum availaLle storage space. JLe Iree Space row in tLe Block storage stat-
istics lor VC "openliler" taLle sLows Low mucL space is availaLle to create
volumes witL. JLe minimum volume size is 32MB.
1
.
Iigure 27. Existing Volumes - sales & Iinance
tration Cuide
+1
Cnce tLe volume slices Lave Leen created, it is time to conligure user inlorma-
tion and autLentication.
Mote
Creating large volume slices can take a very long time. JLe system migLt
seem to Lave Lung Lut wLat is actually Lappening is tLat tLe volume slice
is Leing created and initialized in tLe Lackground. Cnce tLe volume slice is
ready, tLe Lxisting Volumes page automatically loads up.
3.5. CnnIigure User InInrmatinn & Authenticatinn
+2
Cpenliler Storage Conliguration Centre imports user and group inlormation
lrom central directory servers sucL as IDAF, IS and Windows Domain Con-
trollers. AutLentication ol users is also done lrom central directory or autLentic-
ation servers. Currently Cpenliler Storage Conliguration Centre supports im-
porting user inlormation lrom IDAF, Windows FDC, IS and Iesiod director-
ies. AutLentication support is availaLle lor IDAF, KerLeros 5 and SMB. Cne or
more user directories can Le comLined witL one or more autLentication mecLan-
isms. Ior instance LotL NIS and IDAF can Le selected lor user inlormation witL
user autLentication lor IDAF Lappening witLin IDAF itsell or using KerLeros
5. AnotLer comLination could Le Windows Domain Controller and IDAF. It is
tLe responsiLility ol tLe administrator to ensure tLat tLere are no clasLes
Letween \ID and CID entries among tLe dillerent directories il more tLan one
inlormation and autLentication mecLanism is to Le used. Il a clasL exists, Cpen-
liler Storage Conliguration Centre Las no way ol determining tLe dillerence
Letween identical users and groups in tLe dillerent directory servers, rendering
tLe system conliguration unstaLle.
Jo conligure autLentication click on tLe Accounts taL. JLe AutLentication page
is tLe delault page lor tLe accounts section. JLe AutLentication page is divided
into two suL-sections. \ser Inlormation Conliguration and AutLentication con-
liguration. JLe \ser Inlormation Conliguration suL-section is lor conliguring
directory servers to import user and group lists lrom. JLese user lists will Lave
general user account inlormation sucL as tLe username, groupname, numerical
user ID and group ID and otLer user data. JLe AutLentication Conliguration
section is lor conliguring autLentication mecLanisms lor tLe users tLat are im-
ported lrom directory servers conligured in tLe \ser Inlormation Conliguration
suL-section. In some cases, witL IS lor instance, tLe user inlormation and au-
tLentication mecLanisms are integrated. In otLer cases, sucL as witL IDAF or
Windows Domain Controller, tLe user inlormation autLentication mecLanisms
can Le eitLer integrated witLin tLe same resource, or tLe user inlormation direct-
ories can Le comLined witL dillerent autLentication entities. JLe Administrator
sLould proceed Ly adding at least one \ser Inlormation directory, and one or
+3
more autLentication mecLanism lor tLe selected user directory il tLe autLentica-
tion system is not integrated witL tLe user directory service.
3.5.1. NIS CnnIiguratinn
IS is usually conligured as a standalone integrated user directory and autLentic-
ation system. Jo conligure tLe system to use IS scroll down to tLe \se IS
row ol tLe \ser Inlormation Conliguration taLle. Select tLe \se IS cLeckLox.
Lnter tLe domainname value ol tLe IS domain in tLe Domain lield ol tLe \se
IS row. Lnter tLe IF address, or il tLe IS server is in DS, lully qualilied
Lostname ol tLe IS server in tLe Server lield ol tLe \se IS row. Jo commit
tLe entry, scroll to tLe Lottom ol tLe AutLentication page and click tLe SuLmit
Lutton. Jo verily tLat tLe user and group list Las Leen imported lrom tLe IS
domain, click on tLe Iist ol groups and / or Iist ol users taLs at tLe top ol tLe
page.
Mote
It will take aLout 60 seconds lor any cLanges in tLe user directories to ap-
pear in tLe interlace. Flease Le patient.
Iigure 28. Lse MIS
tration Cuide
++
Il no otLer user directory is present on tLe network, please proceed to Conligure
Iocal etworks section. Jo conligure IDAF user directory, proceed to tLe \se
IDAF suL-section.
3.5.2. LDAP CnnIiguratinn
JLe system can Le conligured to import user inlormation lrom IDAF. IDAF
can Le used standalone lor LotL user inlormation and user autLentication. It can
also Le used in comLination witL KerLeros lor user autLentication. IDAF
KerLeros is an advanced conliguration and is not supported witL CIIS export at
tLis time. Cenerally, conliguring autLentication lor Windows clients witL any-
tLing otLer tLan a Windows Domain Controller will require suLstantial conlig-
tration Cuide
+5
uration expertise ol tLe respective directory and autLentication servers. Conlig-
uration ol directory and autLentication servers is Leyond tLe scope ol tLis docu-
ment.
3.5.2.1. LDAP - Integrated User InInrmatinn and Authenticatinn
Jo conligure tLe system to use IDAF lor LotL user inlormation and user au-
tLentication, scroll down to tLe \se IDAF row ol tLe \ser Inlormation Con-
liguration taLle. Select tLe \se IDAF cLeckLox. Il tLe IDAF server Las Leen
conligured witL JIS support, select tLe \se JIS cLeckLox in tLe \se IDAF
row ol tLe \ser Inlormation Conliguration taLle. In tLe Server lield lor tLe \se
IDAF row, enter tLe IF address or lully qualilied domain name ol tLe IDAF
server tLat Lolds tLe user dataLase. In tLe Base D lield lor tLe \se IDAF row,
enter tLe Base D ol tLe IDAF domain. Il tLe IDAF server does not allow an-
onymous Lind, a Bind DN and Bind password must Le entered. Iinally,
lor a suitaLly conligured IDAF server witL tLe SamLa scLema, tLe Root bind
DN and Root bind password must Le entered and Login SMB server
to root DN cLeckLox cLecked.
Iigure 29. Integrated LDAP - conIigure Lse LDAP
+6
Jo complete tLe IDAF conliguration, scroll down to tLe AutLentication Con-
liguration suL-section ol tLe AutLentication page. Select tLe Use LDAP Au-
thentication cLeckLox. JLe otLer settings lor tLis row Lave Leen automat-
ically propagated lrom tLe \ser Inlormation Conliguration suL-section and
sLould Le lelt as tLey are. Jo commit tLe cLanges, scroll down to tLe Lottom ol
tLe AutLentication page and click tLe SuLmit Lutton. Jo verily tLat tLe user and
group list Las Leen imported lrom tLe IDAF domain, click on tLe Iist ol
groups and / or Iist ol users taLs at tLe top ol tLe page. Il no otLer user direct-
ory is present on tLe network, please proceed to Conligure Iocal etworks sec-
tion.
Mote
+/
3.5.2.2. LDAP - StandaInne User InInrmatinn and Authenticatinn
Jo conligure tLe system to use IDAF lor user inlormation and KerLeros lor
user autLentication, lollow tLe same steps as in section 3.5.2.1 Lut instead ol se-
lecting tLe \se IDAF AutLentication cLeckLox in tLe AutLentication Conlig-
uration suL-section ol tLe AutLentication page, select tLe \se KerLeros 5 cLeck-
Lox. In tLe Realm lield enter tLe desired KerLeros 5 realm. In tLe KDC lield,
enter tLe lully qualilied Lostname or IF address ol tLe KerLeros key distriLution
centre lor tLe realm. In tLe Admin Server lield, enter one or more comma-sep-
arated Lostnames or IF addresses ol KerLeros administration servers. Jo commit
tLe settings, scroll down to tLe Lottom ol tLe AutLentication page, and click tLe
SuLmit Lutton. Jo verily tLat tLe user and group list Las Leen imported lrom
tLe IDAF domain, click on tLe Iist ol groups and / or Iist ol users taLs at tLe
top ol tLe page. Il no otLer user directory is present on tLe network, please pro-
ceed to Conligure Iocal etworks section.
Mote
3.5.3. Windnws Dnmain CnntrnIIer CnnIiguratinn
JLe Windows Domain Controller option is likely to Le tLe most common
metLod lor importing user and group inlormation to support Windows-Lased
network clients. Jo conligure a Windows domain controller, scroll down to tLe
Windows domain controller row ol tLe \ser Inlormation Conliguration taLle
and cLeck tLe Use Windows domain controller cLeckLox. Belore pro-
ceeding lurtLer witL tLis portion ol tLe conliguration, set tLe etBICS name
lor tLe Cpenliler appliance in tLe "SMB Settings" section. avigate to tLe SMB
Settings section Ly clicking tLe Services taL and tLen tLe SMB settings taL in tLe
tration Cuide
+8
Services page. JLe Server string lield is an identilier used to descriLe tLe Cpen-
liler appliance. JLe NetBIOS name lield sLould contain a unique name, witL
no spaces, to uniquely identily tLe Cpenliler appliance wLen it registers itsell
witL tLe Active Directory or J+ domain. You may also enter comma separ-
ated IF addresses ol any WIS servers on tLe network in tLe WINS server
lield. Alter conliguring tLe SMB settings, return to tLe AutLentication page Ly
clicking tLe Accounts taL.
Iigure 30. SMB Settings screen
Iigure 31. ConIigure Windows domain controller
tration Cuide
+9
3.5.3.1. Active Directnrv CnnIiguratinn
Ior conliguring autLentication witL Active Directory, select tLe Active Dir-
ectory security model radio Lutton. Ieave tLe Domain lield Llank. Lnter tLe
IF address or lully qualilied Lostname ol tLe domain controller in tLe Domain
controllers lield. Lnter tLe correct ADS realm inlormation in tLe ADS
realm lield. Set tLe range ol unix \IDs and CIDs to wLicL users and groups in
tLe domain are to Le mapped using tLe associated UID range and GID range
lields. JLese \IDs and CIDs are used to set ownersLip properties wLen creating
liles and directories on tLe lilesystem. JLe \ID and CID ranges must not clasL
witL tLat ol otLer conligured network directory services. Ior \ID/CID consist-
ency across multiple instances ol Cpenliler installations, tLe \ID/CID mapping
50
inlormation can Le stored in an IDAF directory. JLe administrator may op-
tionally enaLle tLis lunctionality Ly entering tLe LDAP ID map server and
LDAP ID map suffix inlormation in tLe provided lields. Jo linisL tLe con-
liguration, tLe administrator sLould cLeck tLe Join domain cLeckLox and
enter a suitaLle Active Directory administrator username and password in
tLe provided lields. Iinally, commit tLe Windows domain controller service Ly
scrolling down to tLe Lottom ol tLe AutLentication page and clicking tLe SuL-
mit Lutton.
Iigure 32. Active Directory ConIiguration
3.5.3.2. NT4-stvIe Dnmain RPC)
51
Ior conliguring autLentication witL J+ FDC, select tLe NT4-style Do-
main (RPC) security model radio Lutton. Lnter tLe correct J+ domain
name in tLe Domain lield. Lnter tLe IF address or lully qualilied Lostname ol
tLe primary domain controller in tLe Domain controllers lield. Ieave tLe
ADS realm lield Llank. Set tLe range ol unix \IDs and CIDs to wLicL users
and groups in tLe domain are to Le mapped using tLe associated UID range
and GID range lields. JLese \IDs and CIDs are used to set ownersLip proper-
ties wLen creating liles and directories on tLe lilesystem. JLe \ID and CID
ranges must not clasL witL tLat ol otLer conligured network directory services.
Ior \ID/CID consistency across multiple instances ol Cpenliler installations,
tLe \ID/CID mapping inlormation can Le stored in an IDAF directory. JLe
administrator may optionally enaLle tLis lunctionality Ly entering tLe LDAP
ID map server and LDAP ID map suffix inlormation in tLe provided
lields. Jo linisL tLe conliguration, tLe administrator sLould cLeck tLe Join
domain cLeckLox and enter a suitaLle Active Directory administrator
username and password in tLe provided lields. Iinally, commit tLe Windows do-
main controller service Ly scrolling down to tLe Lottom ol tLe AutLentication
page and clicking tLe SuLmit Lutton.
Iigure 33. MT4 PDC ConIiguration
tration Cuide
52
3.5.4. Hesind CnnIiguratinn
Jo conligure tLe system to use Iesiod lor user and group inlormation and Ker-
Leros lor user autLentication, scroll down to tLe \se Iesiod row ol tLe \ser In-
lormation Conliguration taLle. Select tLe \se Iesiod cLeckLox. In tLe IIS and
RIS lields ol tLe \se Iesiod conliguration, enter tLe IIS and RIS domain
prelix and delault domain values. ext scroll down to tLe \se KerLeros 5 row
ol tLe AutLentication Conliguration taLle. Select tLe \se KerLeros 5 cLeckLox
and enter tLe rest ol tLe values lor tLe respective KerLeros 5 lields. Cnce tLe de-
sired entries Lave Leen made, scroll down to tLe Lottom ol tLe AutLentication
page and click tLe SuLmit Lutton.
tration Cuide
53
Iigure 34. ConIigure Lse Hesiod
Jo verily tLat tLe user and group list Las Leen imported lrom tLe Iesiod do-
main, click on tLe Ltst o/ groups and / or Ltst o/ uscrs taLs at tLe top ol tLe page.
Il no otLer user directory is present on tLe network, please proceed to Conligure
Iocal etworks section.
Mote
Cnly user accounts imported lrom a network directory system sucL as a
Windows Domain Controller, IS server or IDAF server can access
sLares on tLe system. JLe only exception to tLis is tLe guest account
5+
wLicL is a special Cpenliler account lor guest access to sLares. \sers cre-
ated locally at tLe command line will not Le aLle to access sLares on tLe
system.
3.6. CnnIigure LncaI Netwnrks
Cpenliler Storage Conliguration Centre provides an access control mecLanism
lor networks and Losts. JLis is a security leature tLat ensures data is sale lrom
prying eyes. JLe administrator can specily wLicL network Losts are allowed to
access tLe data stored on an Cpenliler appliance. Belore proceeding to create
sLares, tLe administrator must conligure local networks tLat are allowed to ac-
cess sLares. Cnce local networks Lave Leen added, tLe administrator can tLen
create sLares and assign access control lor eacL sLare individually. Iocal net-
works conliguration takes place in tLe Conligure Iocal etworks page. Jo con-
ligure local networks, click Ceneral taL lollowed Ly Conligure Iocal etworks
taL. Cnce on tLe Conligure Iocal etworks page, proceed to add Losts and / or
networks tLat will Le allowed to access sLares on tLe Cpenliler appliance.
Jo add a new Lost or network to tLe list, simply enter tLe desired inlormation
in tLe designated lields and click tLe update Lutton. Cnly one network or Lost
entry can Le made at a time. Jo delete an entry lrom tLe list, select tLe cLeckLox
lor tLat entry in tLe Delete column and click tLe update Lutton. All lields are
mandatory. RememLer to use sensiLle and unique names lor networks and
Losts. JLe name key is tLe only identilier tLat will allow tLe administrator to
determine network access control in tLe sLares section.
Iigure 35. ConIigure Local Metworks - host deletion
55
Lvery time a new entry is made and tLe update Lutton clicked, anotLer row is
automatically provided lor a new entry. JLe administrator can make as many
entries as required. Cnce network entries Lave Leen made, proceed to create
sLares Ly clicking on tLe SLares taL.
3.7. Create & Manage Shares
A sLare is a location in a volume slice tLat can Le exported via any one ol tLe
Cpenliler-supported network lilesystem protocols. SLares can Le created and ed-
ited in tLe SLares screen Ly clicking on tLe SLares taL. JLe delault SLares screen
lists all existing volume slices. Cnce sLares are created witLin tLe volumes, tLe
delault SLares screen will sLow all existing volume slices, tLeir lolders and suL-
tration Cuide
56
lolders, and any sLares created witLin tLese lolders and suL-lolders. SLares are
created witLin volume slices. Clicking on a volume slice link will open a dialog
to enter tLe name ol a suL-lolder ol tLe volume slice, wLicL can suLsequently Le
converted to a sLare.
Iigure 36. Shares - create Sub-Iolder
Jo create a sLare, click on tLe identilier lor an existing volume. JLis is tLe root
lolder lor tLat volume. A dialog Lox will popup witL a singe lield, Iolder name,
wLere tLe administrator sLould enter tLe name lor a lolder. Cnce tLe name lor
tLe lolder Las Leen specilied, click tLe Create SuL-lolder Lutton. JLis will create
tration Cuide
5/
a suL-lolder ol tLe root lolder. Farent lolders, lolders tLat contain suL-lolders,
cannot Le made sLares, or deleted. Cnly leal lolders can Le made into sLares.
JLe root lolder is a parent lolder and Lence cannot Le made a sLare. JLe admin-
istrator can create as many suL-lolders as desired. Clicking on a suL-lolder will
open a dialog Lox tLat allows several actions. Irom witLin tLis dialog Lox, tLe
administrator can create a suL-lolder witLin tLe suL-lolder, rename tLe suL-
lolder, or convert tLe suL-lolder into a sLare. Jo make tLe suL-lolder a sLare,
click on tLe Make SLare Lutton. JLis will convert tLe suL-lolder to a sLare and
tLe administrator will Le automatically taken to tLe sLare management page lor
tLe newly created sLare. JLe administrator will Le aLle to tell tLat tLe suL-lolder
is a sLare Lecause tLe icon next to tLe suL-lolder identilier now Las an arrow to
indicate tLat it is a sLare. SLares cannot Lave suL-lolders (clients will Le aLle to
create directories and liles inside sLares wLen tLey are exported).
3.7.1. Manage Shares
Clicking on tLe identilier lor a sLare will open a new page "Ldit SLares". JLe
Ldit SLares page is divided into tLree sections. JLere is a section lor renaming a
sLare identilier and description, one lor setting group access control, and tLe li-
nal section lor setting network access control and services lor tLe sLare.
3.7.1.1. Edit Share Name & Descritinn
Jo cLange tLe name or description ol a sLare, scroll down to tLe Ldit sLare
<patL ol sLare, section. Iere tLe sLare name or description can Le cLanged.
Jo cLange tLe name ol tLe sLare, enter tLe new identilier lor tLe sLare in tLe
SLare name lield. Click tLe cLange Lutton lor tLe SLare name lield. Jo cLange
tLe description ol tLe sLare, enter tLe new description in tLe SLare description
lield. Click tLe cLange Lutton lor tLe SLare description lield. CLanging tLe sLare
name Las tLe ellect ol moving tLe lilesystem patL terminating witL tLe old sLare
name to a new lilesystem patL terminating witL tLe new sLare name. Any net-
work lilesystem mounts, sucL as IS or WeLDAV, would need to Le remoun-
ted witL tLe new patL alter a Sbarc namc cLange. CLanging tLe sLare description
58
Las tLe ellect ol presenting tLe sLare in tLe network neigLLourLood Lrowse list
witL tLe new sLare name. Any mapped drives will tLerelore lose tLeir connec-
tion to tLe sLare and would need to Le remapped witL tLe new sLare name.
Iigure 37. Edit share name and type
3.7.1.2. Grnu Access CnnIiguratinn
Access to sLares is conligured at tLe group level and network level. Security lor a
sLare can Le loose or tigLt depending on tLe required security level lor tLe sLare.
Ior loose security, tLe sLare can Le set to puLlic access level. WitL puLlic access,
any user on tLe network, logged into a client macLine tLat Las network access
59
will Le aLle to access tLe sLare. WitL controlled access, only users tLat Lave Leen
given specilic access permissions will Le aLle to access tLe sLare. Jo conligure
group access to a sLare, scroll down to tLe Croup access conliguration suL-
section. JLere are two selectaLle radio-Luttons. Jo allow guest access to tLe
sLare, select tLe Public guest access radio-Lutton and click tLe \pdate
Lutton. Cnce tLis setting Las Leen applied, all users on any networks tLat Lave
Leen given read or write access to tLe sLare will Le aLle to access tLe sLare
witLout Laving to autLenticate witL a directory/autLentication server.
Ior restricted access to tLe sLare, tLe Controlled access radio-Lutton must
Le selected. JLe Controlled access mecLanism works in conjunction witL tLe list
ol groups tLat Lave Leen imported lrom tLe conligured directory services. JLe
groups list is arranged into a taLle ol seven columns:
CID - tLis is tLe unique numerical group ID
Croup ame - tLis is tLe descriptive name ol tLe group
Jype - tLis sLows wLat type ol directory server tLe group is in (currently
supports IS)
FC - tLis is tLe primary group (owner) lor tLe sLare. JLis must Le set lor tLe
sLare to Le visiLle
C - tLis determines wLicL group(s) will not Le allowed access to tLe sLare
(delault lor all groups)
RC - tLis determines wLicL group(s) Lave read only access to tLe sLare
RW - tLis determines wLicL group(s) Lave read and write access to tLe sLare
Every share must have a primary group, ol wLicL tLere can Le only one. Jo
select tLe primary group lor a sLare, simply select tLe corresponding PG radi-
tration Cuide
60
oLutton lor tLe desired group. JLe primary group lor a sLare owns tLe sLare
and Las lull access rigLts on it. SuLsequent groups can Le given dillerent levels ol
access to a sLare Ly selecting tLe desired access level cLeckLox lor tLe respective
groups.
Iigure 38. Group access conIiguration - access control
Jo grant read-only access to a group lor tLe sLare, select tLe RO cLeckLox lor
tLat group. Jo grant read-write access to a group lor tLe sLare, select tLe RW
cLeckLox lor tLat group. Cnce tLe administrator Las selected tLe desired access
rigLts lor tLe sLare, tLe cLanges can Le committed Ly clicking tLe \pdate Lut-
ton lor tLe Croup access conliguration suL-section. All groups witL access rigLts
will Le aLle to access tLe sLare il users in tLose groups Lappen to Le connecting
to tLe sLare lrom a Lost or network tLat Las Leen given network-level access
rigLts. \ntil Lost access Las Leen conligured, users will not Le aLle to access a
tration Cuide
61
sLare. Froceed to Iost Access Conliguration.
3.7.1.3. Hnst Access CnnIiguratinn
Cnce access control to tLe sLare Las Leen conligured at tLe group-level, net-
work-level access control Las to Le conligured. JLe Lost access conliguration sec-
tion is lor determining wLicL Losts on tLe network are permitted access to
sLares. Croups tLat Lave Leen granted access rigLts to tLe sLare will only Le aLle
to access or view tLe sLare lrom a Lost tLat Las Leen granted network-level ac-
cess rigLts to tLe sLare. JLe Administrator can determine wLat sLare access pro-
tocols are permitted lor eacL individual Lost or network. Jo conligure network-
level access control, scroll down to tLe Iost access conliguration suL-section ol
tLe Ldit SLare page.
JLe inlormation in tLis suL-section is displayed in a taLular lormat. JLe lirst
column ol tLe taLle lists tLe names ol networks and Losts tLat are permitted net-
work access to tLe Cpenliler appliance. Any Losts or networks listed in tLe Cre-
ate Iocal etworks section will appear in tLis list. Iosts listed in tLis taLle must
Le given access to sLares via at least one protocol in order to access any storage
resources on tLe appliance. Currently, tLe administrator can set access control
lor SMB (CIIS), ISv3, IJJF(S)/WeLDAV and IJF protocols wLicL are lis-
ted in tLe second, tLird, lourtL and liltL columns respectively. JLe delault set-
ting is lor access control to Le disaLled lor all networks over all protocols. JLe
administrator will need to explicitly enaLle tLe desired network access control
level lor eacL individual Lost or network.
Iigure 39. Host access conIiguration
62
Ior eacL Lost or network, tLe administrator can set access to tLe sLare via tLe
supported protocols at tLe desired access control level.
SMB/CIFS Netwnrk Access CnntrnI
etwork access control lor SMB/CIIS allows lor dillerent settings depending
on tLe desired ellect lor tLe sLare and source ol tLe connection. JLere are lour
options lor SMB/CIIS network ACI and tLey are applied on a per-Lost or per-
network Lasis. JLe options and tLeir descriptions are:
one - witL tLis radioLutton selected, tLe Lost or network it applies to will
not Lave any access to tLe sLare via SMB/CIIS protocol.
RC - witL tLis radioLutton selected, tLe Lost or network it applies to will
Lave read-only access to tLe sLare via SMB/CIIS protocol.
63
RW - witL tLis radioLutton selected, tLe Lost or network it applies to will
Lave read & write access to tLe sLare via SMB/CIIS protocol.
JLe last matcL lor a Lost is tLe setting tLat will apply. WLat tLis means is
tLat il a Lost Las Leen entered explicitly in tLe networks page and is also part
ol a network tLat Las Leen entered in tLe networks page, tLe last network
ACI setting tLat matcLes tLe Lost will Le its de lacto network ACI setting
lor accessing tLe sLare.
NFSv3 Netwnrk Access CnntrnI
JLe administrator must ensure tLat any sLare exported via ISv3 Las tLe cor-
rect level ol security settings in line witL tLe requirements ol tLe network stor-
age security policy. JLere are six options lor ISv3 and tLey are applied on a
per-network Lasis. JLe options and tLeir descriptions:
not Lave any access to tLe sLare via ISv3 protocol.
Lave read-only access to tLe sLare via ISv3 protocol.
Lave read-write access to tLe sLare via ISv3 protocol.
Root Access - witL tLis cLeckLox selected, tLe superuser on a client macLine
will Lave lull-control over tLe sLare. (dangerous)
Lxport ACIs - witL tLis cLeckLox selected, older IS clients will not work.
Flease see note lor lurtLer inlormation.
Run Insecure - witL tLis cLeckLox selected, connections originating on port
numLers 102+ (e.g lrom Mac CS X) will Le supported
tration Cuide
6+
Mote
Il Lxport ACI is disaLled, only tLe users in tLe CID marked as primary
group can access tLe sLare. Il Lxport ACI is enaLled, only users in all tLe
groups assigned to tLe sLare can access tLe sLare. LnaLling tLis option will
turn on a special extension to tLe ISv3 protocol wLicL may Lreak inter-
operaLility witL older IS clients.
HTTPS)/WebDAV Netwnrk Access CnntrnI
Access control via IJJF(S)/WeLDAV can Le set on a per-Lost or per-network
Lasis Lased on tLe access requirements lor tLe sLare. JLere are tLree options
availaLle lor IJJF(S)/WeLDAV network access control. JLe options and tLeir
descriptions are:
not Lave any access to tLe sLare via IJJF(S) and/or WeLDAV protocols.
Lave read-only access to tLe sLare via IJJF(S) and/or WeLDAV protocols.
Lave read and write access to tLe sLare via WeLDAV protocol and read-only
access to tLe sLare via IJJF(S) protocol.
FTP Netwnrk Access CnntrnI
Access control via IJF can Le set on a per-Lost or per-network Lasis Lased on
tLe access requirements lor tLe sLare. JLere are tLree options availaLle lor IJF
network access control. JLe options and tLeir descriptions are:
not Lave any access to tLe sLare tLe IJF protocol.
tration Cuide
65
Lave read-only access to tLe sLare via tLe IJF protocol.
Lave read and write access to tLe sLare via tLe IJF protocol.
3.7.1.4. DeIete Share
A sLare can only Le deleted lrom witLin tLe conliguration page lor tLe sLare it-
sell. Jo delete a sLare, scroll down to tLe Lottom ol tLe page lor tLe particular
sLare. Click tLe "Delete JLis SLare" Lutton. JLe sLare, including all user data,
will Le deleted.
Cnce Lost access conliguration Las Leen set lor all desired Losts and networks,
click tLe \pdate Lutton. Any individual Losts witLin tLe specilied network(s)
will tLen Le aLle to access tLe sLare via specilied protocols and access levels. Fro-
ceed to Allocate Cuota il any restriction is desired on tLe amount ol data or
numLer ol liles a user or group sLould Le assigned on a volume.
3.8. AIIncate Qunta
By delault, storage space on tLe Cpenliler appliance must Le allocated on a per-
group and per-volume slice Lasis. JLis means tLat once group and Lost access
control Lave Leen conligured, quota allocation to tLe conligured volume slices
can take place. Cuota allocation in tLis case is a pLysical resource limit on tLe
lilesystem ol tLe amount ol storage resources a group is allowed to consume.
JLe administrator sLould Lear in mind tLat quota allocation is taking place at
tLe volume slice level and not at tLe sLare level. JLis Las two implications:
1. Il a group is given access to two or more sLares tLat reside on dillerent
volumes slices, quota allocation lor tLat group must Le done lor eacL
volume slice separately.
66
2. Il a group is given access to two or more sLares tLat reside on tLe same
volume slice, quota allocation applies lor all sLares on tLat volume slice
comLined.
Jo conligure quota allocation, click on tLe Cuota taL. JLis will open up tLe
Cuota page, delaulting to tLe Croup Cuota taL. JLe Croup Cuota page is di-
vided into two suL-sections.
3.8.1. SeIect VnIume
JLe Select Volume suL-section allows tLe administrator to select tLe target
volume slice lor quota inlormation display and space allocation. Volume slices
are displayed in a drop-down listLox. Jo view statistical inlormation and per-
lorm administrative tasks on tLe current listed volume slice, leave tLe selection
uncLanged and scroll down to tLe Ldit quota suL-section. Jo perlorm adminis-
trative tasks on a dillerent volume slice, select tLe desired volume slice lrom tLe
dropdown listLox and click tLe CLange Lutton. JLis will reload tLe page witL
tLe selected volume slice.
Iigure 40. Quota conIiguration - select volume
6/
Cnce tLe desired volume slice Las Leen selected and tLe page Las reloaded, scroll
down to tLe Ldit quota suL-section ol tLe Croup Cuotas page.
3.8.2. Edit Qunta
JLe Ldit quota suL-section allows allocation ol quota at tLe Llock and lile level.
Block level quota allocation places a pLysical limit on tLe amount ol space a
group can consume on tLe volume slice. Iile level quota allocation places a pLys-
ical limit on tLe numLer ol liles and directories a group is allowed on tLe volume
slice. By delault, LotL Llock-level and lile-level allocation is set to zero lor all
groups.
tration Cuide
68
JLe Ldit quota section lists all groups tLat Lave Leen imported lrom tLe direct-
ory servers conligured. Cuota allocation lor groups can proceed individually,
wLere Llock and lile level quota is allocated lor eacL group respectively or it can
Le LatcLed, wLereLy several groups can Le selected at a time and quota allocated
lor all selected groups at tLe same time. JLere are two taLles in tLe Ldit quota
section. JLe lirst taLle is lor allocating quota in LatcLed mode. JLe second taLle
lists all groups tLat Lave Leen imported Ly Cpenliler Storage Conliguration
Centre and is lor allocating quota on a per-group Lasis.
JLe second taLle is divided into eleven columns:
X - tLis column is lor selecting wLicL groups to perlorm conliguration
cLanges on. Click tLe taLle Leader, X, selects all groups.
CID - tLis column displays tLe group ID lor tLe individual groups.
ame - tLis column displays tLe identilier lor tLe individual groups.
Jype - tLis column displays tLe group type (IS, IDAF, FDC etc).
Jotal Space (MB) - tLis column provides tLe lield lor setting tLe pLysical disk
limit in megaLytes lor tLe group.
\sed Space (MB) - tLis column displays tLe amount ol space, in megaLytes,
tLat Las Leen consumed Ly tLe group.
Iree Space (MB) - tLis column displays tLe remaining disk space, in mega-
Lytes, lor tLe group.
Jotal Iiles - tLis column provides a lield lor setting tLe pLysical lile limit lor
tLe group.
\sed Iiles - tLis column displays tLe numLer ol liles tLat Lelong to tLe
group.
tration Cuide
69
Iree Iiles - tLis column displays tLe remaining lile quota lor tLe group.
Save - tLis column provides a suLmit Lutton lor committing cLanges to quota
allocation.
Jo allocate quota in LatcL mode, click tLe X taLle Leader. JLis will select all
groups in tLe list. Deselect any groups tLat do not lall witLin tLis quota alloca-
tion Ly deselecting tLe corresponding cLeckLox lor tLat group in tLe X column.
Scroll Lack up to tLe lirst taLle ol tLe Ldit quota suL-section and enter tLe de-
sired megaLyte and lile limits. Click tLe Save Lutton. Clicking tLe Save Lutton
will commit tLe cLanges and reload tLe page. All groups tLat were selected will
now Lave tLeir Llock and lile allocation quotas set to tLe desired values.
Iigure 41. Edit quota - batch allocation
/0
Jo customise lurtLer, individual groups can Lave specilic Llock and lile quota al-
location Ly entering tLe desired values in tLe respective column lields lor tLe in-
dividual groups and clicking tLe corresponding Save Lutton wLen desired values
Lave Leen entered. Il allocating identical quota lor more tLan one group, it is al-
ways more ellicient to simply select tLe cLeckLox in tLe X column lor tLe de-
sired groups and conligure tLe quota in LatcL mode.
Cnce tLe desired settings Lave Leen committed in tLe Cuotas section, tLe linal
task lor tLe administrator is to enaLle services.
3.9. EnabIe Services
Cnce all otLer conliguration tasks Lave Leen completed, lile-export services can
Le enaLled. LnaLling a service means tLat any sLares in tLe SLares Iist tLat Lave
tLat service conligured as one ol tLe supported protocols will Le activated. Cnce
tLe sLare is activated, any users on tLe network tLat Lave Leen given access to
tLat sLare will Le aLle to access tLe sLare via tLe corresponding activated proto-
cols. Jo enaLle services click on tLe Services taL. JLis will open tLe Services
screen wLere tLe supported services are listed in a taLle. JLe lirst column dis-
plays tLe protocol, tLe second column displays tLe state ol tLe service and tLe
tLird column allows tLe administrator to enaLle or disaLle tLe service depending
on wLetLer tLe service is running or not.
Jo enaLle a disaLled service, click on tLe LnaLle link in tLe Modilication
column. Jo disaLle an enaLled service, click on tLe DisaLle link in tLe Modilica-
tion column.
Iigure 42. Enable Services - modiIication
/1
Cnce a service Las Leen enaLled, users on tLe network will Le aLle access any
sLares lor wLicL tLey Lave Leen given access rigLts. JLe administrator is encour-
aged to explore tLe dillerent lacets ol tLe Cpenliler Storage Conliguration
Centre interlace lurtLer.
4. VnIume Management
JLis section deals witL advanced volume managment sucL as volume group cre-
ation and snapsLot administration. Volume management in tLe Cpenliler SCC
deals witL creating logical volumes (volume slices) lrom existing volume groups.
In order to use volume groups in tLe Cpenliler SCC Volume section, tLey must
lirst Le created at tLe command line or sLould Lave Leen created during tLe in-
tration Cuide
/2
stallation process. Volume creation is a tLree step process:
1. Initialise pLysical volumes
2. Create volume groups lrom pLysical volumes
3. Activate volume groups
4.1. PhvsicaI VnIume Creatinn
A pLysical volume in tLe context ol tLe Iogical Volume Manager (IVM) is a
Llock device (disk) tLat Las Leen initialised witL IVM metadata. A Llock device
can Le any local or imported disk unit tLat is to Le used exclusively as a volume
group oLject i.e it cannot Le used lor any otLer purpose. JLe list Lelow outlines
tLe types ol Llock devices tLat can Le used lor IVM pLysical volumes:
Iocal IDL (LdX), local SCSI (sdX) and local SAJA disks
Iardware RAID I\s
Imported IiLre CLannel and iSCSI I\s
Soltware RAID (MD) devices (e.g /dev/md0, /dev/md1)
DRBD replicated Llock devices (e.g /dev/drLd0, /dev/drLd1)
A pLysical volume must Le initialised Lelore Leing used in a volume group.
FLysical volumes are initialised witL tLe command.
Warning
Running pvcreate on a Llock device will destroy AII data on tLe Llock
device. Do not run pvcreate on a Llock device or disk partition tLat con-
tration Cuide
/3
tains a lilesystem witL important data on it.
JLe pvcreate command can Le run on eitLer an entire disk or a partition ol a
disk. Jo initialise a disk or disk partition as an IVM pLysical volume, run tLe
pvcreate command witL tLe disk device(s) as a parameter. Mulitiple disk devices
can Le passed to tLe pvcreate command. JLe example Lelow initialises multiple
disks and disk partitions as IVM pLysical volumes.
pvcreate /dev/hda /dev/hdb /dev/hdc1 /dev/hdd2 /dev/sda1
JLe command aLove initialises two disks and tLree partitions witL IVM pLysic-
al volume metadata. Cnce tLe command completes, tLe lirst IDL disk (Lda), tLe
second IDL disk (LdL), tLe lirst partition ol tLe tLird IDL disk (Ldc1), tLe
second partition ol tLe lourtL IDL disk (Ldd2) and tLe lirst partition ol tLe lirst
SCSI disk (sda1) will Lave Leen initialised witL IVM metadata. JLey can tLen Le
used to lorm a volume group. Volume group creation is descriLed in tLe lollow-
ing section.
Mote
Il running pvcreate on a disk partition, tLat partition must Le set as type
0x8e lirst or tLe pvcreate command will lail to initialise it. Idisk can Le
used to partition disks and to set parition types.
A single pLysical volume can Le up to 2JB in size, wLicL is tLe Llock device size
limit in tLe 2.+ Iinux kernel.
Warning
A pLysical volume can only Lelong to one volume group at a time. Do
not try to initialise a pLysical volume tLat already Lelongs to an active
volume group.
4.2. VnIume Grnu Creatinn
/+
A volume group is an aggregation ol one or more pLysical volumes created Ly
concatenating multiple pLysical volumes to create one large virtual volume. JLe
capacity ol tLe volume group is equal to tLe comLined capacity ol all tLe pLysic-
al volumes allocated to tLe volume group. Jo create a volume group, pass a
volume group identilier (tLe name ol tLe volume group) and tLe list ol initialised
pLysical volumes, wLicL are to Le used lor tLe data store, as parameters to tLe
vgcreate command. JLe example Lelow sLows tLe creation ol a volume group
named "admtntstratton" witL live pLysical volumes passed as parameters. JLe
pLysical volumes are, tLe wLole ol tLe lirst IDL disk (Lda), tLe wLole ol tLe
second IDL disk (LdL), tLe lirst partition ol tLe tLird IDL disk (Ldc1), tLe
second partition ol tLe tLird IDL disk (Ldd2), and tLe lirst partition ol tLe lirst
SCSI disk (sda1).
vgcreate administration /dev/hda /dev/hdb /dev/hdc1 /dev/hdd2 /dev/sda1
Tip
WLen creating volume groups, Le sure to allocate enougL capacity lor tLe
data volumes (volume slices) and any snapsLots ol tLose data volumes tLat
will Le created. Flease see tLe snapsLots section Lelow lor additional guid-
ance.
Additional volume groups can Le created in tLe same way using a dillerent set ol
pLysical volumes. All volume groups on tLe system will appear in tLe Ltst o/ Ex
tsttng Vo/umcs page in tLe Vo/umcs section ol tLe Cpenliler SCC. Cnce tLe ad-
ministrator is satislied witL tLe volume group creation step, tLe volume groups
must Le activated Lelore tLey are ready lor use witLin tLe Cpenliler SCC
Vo/umcs section. Activating tLe volume groups is done witL a simple command.
Jo activate all volume groups including newly created volume groups, tLe
vgchange command is run witL two parameters.
vgchange -ay
/5
JLe administrator may tLen proceed to create volume slices using tLe manage-
ment interlace provided in tLe Crcatc Ncu Vo/umc page ol tLe Vo/umcs section
ol Cpenliler SCC.
4.3. Snashnts
A snapsLot is a read-only point-in-time copy ol an existing volume slice (logical
volume). JLe snapsLot preserves tLe data on tLe logical volume as it was at tLe
point tLe snapsLot ol tLe logical volume was taken. CLanges can Le made to tLe
original logical volume, known as tLe snapsLot source volume, witLout allecting
tLe data on tLe snapsLot. SnapsLots Lave tLe advantage tLat cLanges can contin-
ue to Le made to tLe source volume wLile a Lackup is taken ol tLe point-in-time
lrozen copy ol tLe source. JLe snapsLot can also Le used to access data tLat
migLt Lave Leen accidentally deleted lrom tLe source volume - it provides a
means ol Listorical data rollLack. Cpenliler SCC supports two types ol snap-
sLots - ad-Loc snapsLots and scLeduled snapsLots. JLe administrator may create
ad-Loc snapsLots as required and delete tLem wLen tLey Lave lullilled tLeir pur-
pose. Alternatively tLe administrator can create a rolling scLedule ol snapsLots,
to Le created at specilic intervals, wLicL can tLen tie into a Lackup regime.
SnapsLots are made ol entire logical volumes and can Le enaLled lor sLaring to
users on tLe network. Il tLe administrator enaLles sLaring ol a snapsLot, all tLe
sLared lolders located located on tLe snapsLot will Le enaLled lor sLaring on tLe
network. JLe access control enaLled lor tLe sLares on tLe source volume ol tLe
snapsLot at tLe time tLe snapsLot was taken, will persist and Le static lor tLe lile-
time ol tLe snapsLot even il access control is cLanged on tLe source volume ol
tLe snapsLot. Jo create a snapsLot ol a logical volume, click on tLe Crcatc link
ol tLe volume in question in tLe Snapsbots column ol tLe volume group contain-
ing tLe logical volume. Il a snapsLot already exists lor a logical volume, tLe link
in tLe Snapsbots column lor tLat logical volume will read /anagc ratLer tLan
Crcatc. In tLat case, clicking on tLe /anagc link will allow tLe administrator to
create new snapsLots or delete existing snapsLots lor tLat logical volume.
tration Cuide
/6
Iigure 43. Create / Manage Snapshot
Clicking on tLe Crcatc or /anagc link will open up a Vo/umc's Snapsbots page
witLin wLicL tLe administrator can carry out snapsLot administration tasks sucL
as creating and deleting snapsLots and snapsLot scLedules.
4.3.1. Ad-hnc Snashnt Creatinn
Jo create an ad-Loc snapsLot, scroll down to tLe Ta/c a snapsbot section ol tLe
Vo/umc's snapsbots page.
tration Cuide
//
1. In tLe Snapshot name lield, enter a name - witLout spaces - lor tLe snap-
sLot. Keep tLe name succinct and descriptive.
2. In tLe Size in MB lield, enter tLe desired size ol tLe snapsLot. Bear in
mind tLat tLe snapsLot will Le disaLled automatically wLen it lills up. It is
tLerelore important tLat enougL space is allocated to tLe snapsLot to take
into account all tLe cLanges tLat will Le made to tLe source volume during
tLe liletime ol tLe snapsLot.
3. In tLe Share contents? drop down list, select tLe desired sLaring
policy. Il tLe snapsLot is enaLled lor sLaring, all sLares enaLled lor sLaring
on tLe source volume will Le enaLled lor sLaring on tLe snapsLot using tLe
access control policy tLat was active on tLe source volume at tLe time tLe
snapsLot is created.
+. Click tLe Jake snapsLot Lutton wLen suitaLly satislied witL tLe preceding
entries.
Iigure 44. Ad-hoc Snapshot Creation
/8
4.3.2. Ad-hnc Snashnt Management
Cnce an ad-Loc snapsLot Las Leen created, it can Le managed in tLe Ltst o/ snap
sbots section located at tLe top ol tLe Vo/umc's snapsbots page. JLe list ol existing
snapsLots is arranged into a taLle ol seven columns:
SnapsLot name - tLis sLows tLe name given to tLe snapsLot Ly tLe adminis-
trator.
Date/time taken - tLis sLows a timestamp ol tLe snapsLot i.e wLen it was
taken.
/9
Block utilizatition (in MB) - tLis sLows tLe total usage ol tLe snapsLot in
megaLytes. WLen tLe snapsLot lills up, tLis column displays a message to
tLat ellect.
SnapsLot size (in MB) - tLis lield sLows tLe current size ol tLe snapsLot. JLe
administrator may allocate additional space lor tLe snapsLot using tLe lield
and Save Lutton.
SLare contents - tLis lield sLows tLe current sLaring policy lor tLe snapsLot.
JLe administrator may cLange tLe policy using tLe provided dropdown list
and Save Lutton.
Iigure 45. Ad-hoc Snapshot Management
tration Cuide
80
Cnce an ad-Loc snapsLot Las Leen created, tLere are tLree management opera-
tions tLat can Le perlormed on it. It may Lave its size increased, tLe sLaring
policy may Le cLanged and it can Le deleted. Jo increase tLe size ol a snapsLot,
do tLe lollowing:
1. In tLe row lor tLe snapsLot in question, enter tLe new size, in megaLytes,
lor tLe snapsLot. Flease note tLat tLe new size may not Le smaller tLan tLe
current size and once tLe cLange is applied, it cannot Le undone.
2. Click tLe Save Lutton lor tLe snapsLot wLen satislied witL tLe new size
entry.
tration Cuide
81
Warning
Increasing tLe size ol a snapsLot will lail il tLere is insullicient space in tLe
volume group to accommodate tLe size ol tLe new snapsLot.
Jo cLange tLe sLaring policy ol a snapsLot, do tLe lollowing:
1. In tLe row lor tLe snapsLot in question, select tLe desired sLaring policy lor
tLe snapsLot in tLe SLare contents column dropdown list.
2. Click tLe Save Lutton lor tLe snapsLot wLen satislied witL tLe new sLaring
policy.
4.3.3. ScheduIed Snashnts Creatinn
Jo create a rolling snapsLot scLedule, scroll down to tLe ScLedule snapsLots sec-
tion ol tLe Vo/umc's snapsbots page. ScLeduled snapsLots are named automatic-
ally.
1. In tLe Size in MB lield enter tLe desired size lor tLe snapsLots. LacL in-
dividual snapsLot in tLe rolling scLedule will Le ol tLe size entered in tLis
lield.
2. In tLe Share contents? dropdown list, select wLetLer or not tLe snap-
sLots sLould Le enaLled lor sLaring. Il sLaring is enaLled, AII snapsLots
created during tLe scLedule will Le enaLled lor sLaring.
82
3. In tLe Interval in hours lield, enter tLe time interval in Lours,
wLicL sLould Le used wLen snapsLots are created. Ior example, an interval
ol tLree Lours will create a snapsLot every tLree Lours.
+. In tLe Rotate count lield, enter tLe desired rotation value. A rotate
count ol seven will create up to seven snapsLots using tLe interval time giv-
en. Cnce tLe lirst seven snapsLots Lave Leen created, tLe oldest snapsLot is
deleted in order to make room lor tLe next snapsLot. JLis will go on ad-
inlinitum until tLe scLedule is deleted.
5. Cnce tLe desired entries Lave Leen made in tLe preceding lields, click tLe
ScLedule Lutton. JLe scLedule will commence at midnigLt.
Iigure 46. Scheduled Snapshot Creation
83
4.3.4. ScheduIed Snashnts Management
Cnce a scLedule Las Leen created and applied lor snapsLots ol a logical volume
tLe only administrative cLange tLat can Le made to tLe scLedule or snapsLots
created Ly it, is to delete tLem.
Warning
Deleting a snapsLot scLedule will momentarily disaLle all services. JLis is
Lecause any snapsLots tLat are Leing sLared will Lave to Le unmounted
and tLis can only take place once sLaring ol tLe snapsLot Las Leen dis-
aLled.
tration Cuide
8+

Openfiler Guide 1.1

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Openfiler Guide 1.1

Загружено:

Авторское право:

Доступные форматы

OenIiIer v1.

Вам также может понравиться