Isilon OneFS. Version 7.1. Web Administration Guide

Transcription

1 Isilon OneFS Version 7.1 Web Administration Gide

2 Copyright EMC Corporation. All rights reserved. Pblished in USA. Pblished March, 2014 EMC believes the information in this pblication is accrate as of its pblication date. The information is sbject to change withot notice. The information in this pblication is provided as is. EMC Corporation makes no representations or warranties of any kind with respect to the information in this pblication, and specifically disclaims implied warranties of merchantability or fitness for a particlar prpose. Use, copying, and distribtion of any EMC software described in this pblication reqires an applicable software license. EMC², EMC, and the EMC logo are registered trademarks or trademarks of EMC Corporation in the United States and other contries. All other trademarks sed herein are the property of their respective owners. For the most p-to-date reglatory docment for yor prodct line, go to EMC Online Spport ( For docmentation on EMC Data Domain prodcts, go to the EMC Data Domain Spport Portal ( EMC Corporation Hopkinton, Massachsetts In North America OneFS 7.1 Web Administration Gide

3 CONTENTS Chapter 1 Introdction to this gide 17 Abot this gide...18 Isilon scale-ot NAS overview...18 Where to go for spport...18 Chapter 2 Isilon scale-ot NAS 19 OneFS storage architectre Isilon node components...20 Internal and external networks Isilon clster Clster administration...21 Qorm...21 Splitting and merging...22 Storage pools...23 IP address pools The OneFS operating system Data-access protocols...24 Identity management and access control Strctre of the file system...25 Data layot Writing files...26 Reading files Metadata layot...26 Locks and concrrency...27 Striping...27 Data protection overview...27 N+M data protection Data mirroring...29 The file system jornal Virtal hot spare Balancing protection with storage space VMware integration The iscsi option...30 Software modles Chapter 3 General clster administration 33 General clster administration overview...34 User interfaces Connecting to the clster...35 Log in to the web administration interface...35 Open an SSH connection to a clster...35 Licensing...36 License stats...36 License configration...39 Activate a license View license information Unconfigre a license...40 Certificates...40 OneFS 7.1 Web Administration Gide 3

4 CONTENTS Replace or renew the SSL certificate...41 Verify an SSL certificate pdate...42 Self-signed SSL certificate data example...42 General clster settings...42 Set the clster name Specify contact information...43 Configring the clster date and time...43 Set the clster date and time Specify an NTP time server Configre SMTP settings Specify the clster join mode Clster join modes Enable or disable access time tracking...46 Specify the clster character encoding Clster statistics Performance monitoring Clster monitoring...47 Monitor the clster...48 View node stats Events and notifications...49 Monitoring clster hardware...57 View node hardware stats Chassis and drive states SNMP monitoring Clster maintenance Replacing node components Upgrading node components Managing clster nodes Remote spport sing SpportIQ...64 Configring SpportIQ...65 Enable and configre SpportIQ...65 Disable SpportIQ...66 SpportIQ scripts Upgrading OneFS Chapter 4 Access zones 69 Access zones overview...70 Access zone featres...70 Managing access zones Create an access zone...71 Access zone settings...72 Associate an IP address pool with an access zone...73 Modify an access zone Delete an access zone...74 Chapter 5 Athentication and access control 75 Athentication and access control overview Athentication and access control featres...76 Data access control...77 ACLs UNIX permissions...78 Mixed-permission environments Roles...79 Bilt-in roles OneFS 7.1 Web Administration Gide

5 CONTENTS OneFS privileges Command-line interface privileges Athentication Spported athentication providers...88 Athentication provider featres LDAP Active Directory NIS...90 File provider Local provider Managing access permissions...91 Configre access management settings Modify ACL policy settings...92 ACL policy settings options Update clster permissions...97 Managing roles View roles View privileges...99 Create a cstom role Modify a role Delete a cstom role Managing athentication providers Configre an LDAP provider Managing LDAP providers Configre an Active Directory provider Managing Active Directory providers Managing NIS providers Configring file providers Managing file providers Create a local ser Create a local grop Managing local sers and grops Chapter 6 Identity management 121 Identity management Identity types Access tokens Access token generation ID mapping User mapping across systems and identities On-disk identity Chapter 7 Aditing 133 Aditing overview Protocol adit events Spported event types Spported adit tools Enable system configration aditing Enable protocol access aditing Aditing settings Integrating with the EMC Common Event Enabler Install CEE for Windows Configre CEE for Windows OneFS 7.1 Web Administration Gide 5

6 CONTENTS Chapter 8 File sharing 141 File sharing overview SMB Overlapping display names for SMB shares NFS HTTP and HTTPS FTP Mixed protocol environments Write caching with SmartCache Write caching for asynchronos writes Write caching for synchronos writes Managing the SMB service Configre SMB file sharing Limit access to /ifs share for the Everyone accont Snapshots directory settings File and directory permission settings SMB performance settings SMB secrity settings Managing SMB shares Create an SMB share Modify SMB share permissions, performance, or secrity Add a ser or grop to an SMB share Configre overlapping share display names Configre mlti-protocol home directory access Delete an SMB share Managing the NFS service Configre NFS file sharing Create a root-sqashing rle for the defalt NFS export NFS service settings NFS performance settings NFS client compatibility settings NFS export behavior settings Managing NFS exports View and configre defalt NFS export settings Create an NFS export Modify an NFS export Delete an NFS export Check NFS exports for errors Enable and configre FTP file sharing Enable and configre HTTP Home directories Home directory permissions Home directory creation throgh SMB Home directory creation throgh SSH and FTP Home directory creation in a mixed environment Interactions between ACLs and mode bits Interactions with dot-file provisioning Defalt home directory settings in athentication providers Spported expansion variables Domain variables in home directory provisioning Chapter 9 Snapshots 171 Snapshots overview Data protection with SnapshotIQ OneFS 7.1 Web Administration Gide

7 CONTENTS Snapshot disk-space sage Snapshot schedles Snapshot aliases File and directory restoration Snapshot best practices Best practices for creating snapshot schedles File clones Shadow store considerations iscsi LUN clones Snapshot locks Snapshot reserve SnapshotIQ license fnctionality Creating snapshots with SnapshotIQ Create a SnapRevert domain Create a snapshot schedle Create a snapshot Snapshot naming patterns Managing snapshots Redcing snapshot disk-space sage Delete snapshots Modify snapshot attribtes Modify a snapshot alias View snapshots Snapshot information Restoring snapshot data Revert a snapshot Restore a file or directory sing Windows Explorer Restore a file or directory throgh a UNIX command line Clone a file from a snapshot Managing snapshot schedles Modify a snapshot schedle Delete a snapshot schedle View snapshot schedles Managing with snapshot locks Create a snapshot lock Modify a snapshot lock expiration date Delete a snapshot lock Snapshot lock information Configre SnapshotIQ settings SnapshotIQ settings Set the snapshot reserve Chapter 10 Dedplication with SmartDedpe 193 Dedplication overview Dedplication jobs Data replication and backp with dedplication Snapshots with dedplication Dedplication considerations Shadow store considerations SmartDedpe license fnctionality Managing dedplication Assess dedplication space savings Specify dedplication settings View dedplication space savings View a dedplication report OneFS 7.1 Web Administration Gide 7

8 CONTENTS Dedplication job report information Dedplication information Chapter 11 Data replication with SyncIQ 201 SyncIQ backp and recovery overview Replication policies and jobs Atomated replication policies Sorce and target clster association Fll and differential replication Controlling replication job resorce consmption Replication reports Replication snapshots Sorce clster snapshots Target clster snapshots Data failover and failback with SyncIQ Data failover Data failback Recovery times and objectives for SyncIQ SyncIQ license fnctionality Creating replication policies Exclding directories in replication Exclding files in replication File criteria options Configre defalt replication policy settings Create a replication policy Create a SyncIQ domain Assess a replication policy Managing replication to remote clsters Start a replication job Pase a replication job Resme a replication job Cancel a replication job View active replication jobs Replication job information Initiating data failover and failback with SyncIQ Fail over data to a secondary clster Revert a failover operation Fail back data to a primary clster Performing disaster recovery for SmartLock directories Recover SmartLock directories on a target clster Migrate SmartLock directories Managing replication policies Modify a replication policy Delete a replication policy Enable or disable a replication policy View replication policies Replication policy information Replication policy settings Managing replication to the local clster Cancel replication to the local clster Break local target association View replication policies targeting the local clster Remote replication policy information Managing replication performance rles Create a network traffic rle OneFS 7.1 Web Administration Gide

9 CONTENTS Create a file operations rle Modify a performance rle Delete a performance rle Enable or disable a performance rle View performance rles Managing replication reports Configre defalt replication report settings Delete replication reports View replication reports Replication report information Managing failed replication jobs Resolve a replication policy Reset a replication policy Perform a fll or differential replication Chapter 12 Data layot with FlexProtect 237 FlexProtect overview File striping Reqested data protection FlexProtect data recovery Smartfail Node failres Reqesting data protection Reqested protection settings Reqested protection disk space sage Chapter 13 NDMP backp 243 NDMP backp and recovery overview NDMP two way backp Snapshot-based incremental backps NDMP protocol spport Spported DMAs NDMP hardware spport NDMP backp limitations NDMP performance recommendations Exclding files and directories from NDMP backps Configring basic NDMP backp settings Configre and enable NDMP backp Disable NDMP backp View NDMP backp settings NDMP backp settings Managing NDMP ser acconts Create an NDMP ser accont Modify the password of an NDMP ser accont Delete an NDMP ser accont View NDMP ser acconts Managing NDMP backp devices Detect NDMP backp devices Modify the name of an NDMP backp device Delete an entry for an NDMP backp device View NDMP backp devices NDMP backp device settings Managing NDMP backp ports Modify NDMP backp port settings OneFS 7.1 Web Administration Gide 9

10 CONTENTS Enable or disable an NDMP backp port View NDMP backp ports NDMP backp port settings Managing NDMP backp sessions End an NDMP session View NDMP sessions NDMP session information Managing restartable backps Configre restartable backps Delete a restartable backp context View restartable backp contexts Configre restartable backp settings View restartable backp settings Sharing tape drives between clsters Managing defalt NDMP settings Set defalt NDMP settings for a directory Modify defalt NDMP settings for a directory View defalt NDMP settings for directories NDMP environment variables Managing snapshot based incremental backps Enable snapshot-based incremental backps for a directory Delete snapshots for snapshot-based incremental backps View snapshots for snapshot-based incremental backps View NDMP backp logs Chapter 14 File retention with SmartLock 265 SmartLock overview Compliance mode SmartLock directories Replication and backp with SmartLock SmartLock replication and backp limitations SmartLock license fnctionality SmartLock considerations Set the compliance clock View the compliance clock Creating a SmartLock directory Retention periods Atocommit time periods Create a SmartLock directory Managing SmartLock directories Modify a SmartLock directory View SmartLock directory settings SmartLock directory configration settings Managing files in SmartLock directories Set a retention period throgh a UNIX command line Set a retention period throgh Windows Powershell Commit a file to a WORM state throgh a UNIX command line Commit a file to a WORM state throgh Windows Explorer Override the retention period for all files in a SmartLock directory Delete a file committed to a WORM state View WORM stats of a file Chapter 15 Protection domains 279 Protection domains overview OneFS 7.1 Web Administration Gide

11 CONTENTS Protection domain considerations Create a protection domain Delete a protection domain View protection domains Protection domain types Chapter 16 Data-at-rest-encryption 283 Data-at-rest encryption overview Self-encrypting drives Data secrity on self-encrypted drives Data migration to a self-encrypted-drives clster Chassis and drive states Smartfailed drive ERASE and REPLACE state examples Chapter 17 SmartQotas 291 SmartQotas overview Qota types Defalt qota type Usage acconting and limits Disk-sage calclations Qota notifications Qota notification rles Qota reports Creating qotas Create an acconting qota Create an enforcement qota Managing qotas Search for qotas Manage qotas Export a qota configration file Import a qota configration file Managing qota notifications Configre defalt qota notification settings Configre cstom qota notification rles Map an notification rle for a qota Configre a cstom qota notification template Managing qota reports Create a qota report schedle Generate a qota report Locate a qota report Basic qota settings Advisory limit qota notification rles settings Soft limit qota notification rles settings Hard limit qota notification rles settings Limit notification settings Qota report settings Cstom notification template variable descriptions Chapter 18 Storage Pools 313 Storage pools overview Abot storage pools Atoprovisioning Virtal hot spare OneFS 7.1 Web Administration Gide 11

12 CONTENTS Spillover Node pools Manal node pool management SSD pools Tiers File pools File pool policies Managing node pools Add or move node pools in a tier Change the name or reqested protection of a node pool Managing tiers Create a tier Rename a tier Delete a tier Creating file pool policies Add a file pool policy File pool file-matching options Valid wildcard characters Defalt file pool reqested protection settings Defalt file pool I/O optimization settings Managing file pool policies Configre defalt file pool policy settings Configre defalt file pool protection settings Configre defalt I/O optimization settings Modify a file pool policy Copy a file pool policy Prioritize a file pool policy Use a file pool template policy Delete a file pool policy SmartPools settings Monitoring storage pools Monitor storage pools View nhealthy sbpools View file pool job reslts Chapter 19 System jobs 335 System jobs overview System jobs library Job operation Job performance impact Job priorities Managing system jobs View active jobs View job history Start a job Pase a job Resme a job Cancel a job Update a job Modify job type settings Managing impact policies Create an impact policy Copy an impact policy Modify an impact policy Delete an impact policy OneFS 7.1 Web Administration Gide

13 CONTENTS View impact policy settings Viewing job reports and statistics View statistics for a job in progress View a report for a completed job Chapter 20 Networking 347 Networking overview Abot the internal network Internal IP address ranges Internal network failover External client network overview External network settings IP address pools Connection balancing with SmartConnect External IP failover NIC aggregation VLANs DNS name resoltion IPv6 spport Configring the internal network Modify the internal IP address range Modify the internal network netmask Configre and enable an internal failover network Disable internal network failover Configring an external network Adding a sbnet Managing external network sbnets Managing IP address pools Managing network interface members Managing external client connections with SmartConnect Configre client connection balancing Managing network interface provisioning rles Create a node provisioning rle Modify a node provisioning rle Delete a node provisioning rle Chapter 21 Hadoop 375 Hadoop overview OneFS Hadoop spport Hadoop clster integration Managing HDFS Configre the HDFS protocol Create a local ser Enable or disable the HDFS service Secring HDFS connections throgh Kerberos Configring HDFS athentication with MIT Kerberos Configring HDFS athentication with Active Directory Kerberos Modifying Hadoop configration files for Kerberos athentication..383 Sample commands for configring MIT Kerberos athentication over HDFS Trobleshooting Kerberos athentication Chapter 22 Antivirs 389 OneFS 7.1 Web Administration Gide 13

14 CONTENTS Antivirs overview On-access scanning Antivirs policy scanning Individal file scanning Antivirs scan reports ICAP servers Spported ICAP servers Anitvirs threat responses Configring global antivirs settings Exclde files from antivirs scans Configre on-access scanning settings Configre antivirs threat response settings Configre antivirs report retention settings Enable or disable antivirs scanning Managing ICAP servers Add and connect to an ICAP server Test an ICAP server connection Modify ICAP connection settings Temporarily disconnect from an ICAP server Reconnect to an ICAP server Remove an ICAP server Create an antivirs policy Managing antivirs policies Modify an antivirs policy Delete an antivirs policy Enable or disable an antivirs policy View antivirs policies Managing antivirs scans Scan a file Manally rn an antivirs policy Stop a rnning antivirs scan Managing antivirs threats Manally qarantine a file Rescan a file Remove a file from qarantine Manally trncate a file View threats Antivirs threat information Managing antivirs reports Export an antivirs report View antivirs reports View antivirs events Chapter 23 iscsi 403 iscsi overview iscsi targets and LUNs SmartConnect and iscsi targets isns client service Access control for iscsi targets CHAP athentication Initiator access control iscsi considerations and limitations Spported SCSI mode pages Spported iscsi initiators Configring the iscsi and isns services OneFS 7.1 Web Administration Gide

15 CONTENTS Configre the iscsi service Configre the isns client service View iscsi sessions and throghpt Managing iscsi targets Create an iscsi target Modify iscsi target settings Delete an iscsi target View iscsi target settings Configring iscsi initiator access control Configre iscsi initiator access control Control initiator access to a target Modify initiator name Remove an initiator from the access list Create a CHAP secret Modify a CHAP secret Delete a CHAP secret Enable or disable CHAP athentication Creating iscsi LUNs Create an iscsi LUN Clone an iscsi LUN iscsi LUN cloning operations Managing iscsi LUNs Modify an iscsi LUN Delete an iscsi LUN Migrate an iscsi LUN to another target Import an iscsi LUN View iscsi LUN settings Chapter 24 VMware integration 423 VMware integration overview VAAI VAAI spport for block storage VAAI spport for NAS VASA Isilon VASA alarms VASA storage capabilities Configring VASA spport Enable VASA Download the Isilon vendor provider certificate Add the Isilon vendor provider Disable or re-enable VASA Chapter 25 File System Explorer 429 File System Explorer overview Browse the file system Create a directory Modify file and directory properties View file and directory properties File and directory properties OneFS 7.1 Web Administration Gide 15

16 CONTENTS 16 OneFS 7.1 Web Administration Gide

17 CHAPTER 1 Introdction to this gide This section contains the following topics: Abot this gide...18 Isilon scale-ot NAS overview...18 Where to go for spport...18 Introdction to this gide 17

18 Introdction to this gide Abot this gide Isilon scale-ot NAS overview Where to go for spport This gide describes how the Isilon OneFS web administration interface provides access to clster configration, management, and monitoring fnctionality. The EMC Isilon scale-ot NAS storage platform combines modlar hardware with nified software to harness nstrctred data. Powered by the distribted OneFS operating system, an EMC Isilon clster delivers a scalable pool of storage with a global namespace. The platform's nified software provides centralized web-based and command-line administration to manage the following featres: A symmetrical clster that rns a distribted file system Scale-ot nodes that add capacity and performance Storage options that manage files, block data, and tiering Flexible data protection and high availability Software modles that control costs and optimize resorces Yo can contact EMC Isilon Technical Spport for any qestions abot EMC Isilon prodcts. Online Spport Telephone Spport Help with online spport Live Chat Create a Service Reqest United States: (1-800-SVC-4EMC) Canada: Worldwide: For local phone nmbers in yor contry, see EMC Cstomer Spport Centers. For qestions specific to EMC Online Spport registration or access, [email protected]. 18 OneFS 7.1 Web Administration Gide

19 CHAPTER 2 Isilon scale-ot NAS This section contains the following topics: OneFS storage architectre Isilon node components...20 Internal and external networks Isilon clster The OneFS operating system Strctre of the file system...25 Data protection overview...27 VMware integration The iscsi option...30 Software modles Isilon scale-ot NAS 19

20 Isilon scale-ot NAS OneFS storage architectre Isilon node components EMC Isilon takes a scale-ot approach to storage by creating a clster of nodes that rns a distribted file system. OneFS combines the three layers of storage architectre file system, volme manager, and data protection into a scale-ot NAS clster. Each node adds resorces to the clster. Becase each node contains globally coherent RAM, as a clster becomes larger, it becomes faster. Meanwhile, the file system expands dynamically and redistribtes content, which eliminates the work of partitioning disks and creating volmes. Nodes work as peers to spread data across the clster. Segmenting and distribting data a process known as striping not only protects data, bt also enables a ser connecting to any node to take advantage of the entire clster's performance. OneFS ses distribted software to scale data across commodity hardware. Each node helps control data reqests, boosts performance, and expands the clster's capacity. No master device controls the clster; no slaves invoke dependencies. Instead, each node helps control data reqests, boosts performance, and expands the clster's capacity. As a rack-montable appliance, a node incldes the following components in a 2U or 4U rack-montable chassis with an LCD front panel: memory, CPUs, RAM, NVRAM, network interfaces, InfiniBand adapters, disk controllers, and storage media. An Isilon clster comprises three or more nodes, p to 144. When yo add a node to a clster, yo increase the clster's aggregate disk, cache, CPU, RAM, and network capacity. OneFS grops RAM into a single coherent cache so that a data reqest on a node benefits from data that is cached anywhere. NVRAM is groped to write data with high throghpt and to protect write operations from power failres. As the clster expands, spindles and CPU combine to increase throghpt, capacity, and inpt-otpt operations per second (IOPS). EMC Isilon makes several types of nodes, all of which can be added to a clster to balance capacity and performance with throghpt or IOPS: Node Use Case - - S-Series IOPS-intensive applications X-Series NL-Series High-concrrency and throghpt-driven workflows Near-primary accessibility, with near-tape vale The following EMC Isilon nodes improve performance: Node Fnction - - Performance Accelerator Independent scaling for high performance Backp Accelerator High-speed and scalable backp-and-restore soltion 20 OneFS 7.1 Web Administration Gide

21 Isilon scale-ot NAS Internal and external networks A clster incldes two networks: an internal network to exchange data between nodes and an external network to handle client connections. Nodes exchange data throgh the internal network with a proprietary, nicast protocol over InfiniBand. Each node incldes redndant InfiniBand ports so yo can add a second internal network in case the first one fails. Clients reach the clster with 1 GigE or 10 GigE Ethernet. Since every node incldes Ethernet ports, the clster's bandwidth scales with performance and capacity as yo add nodes. Isilon clster An Isilon clster consists of three or more hardware nodes, p to 144. Each node rns the Isilon OneFS operating system, the distribted file-system software that nites the nodes into a clster. A clster s storage capacity ranges from a minimm of 18 TB to a maximm of 15.5 PB. Clster administration OneFS centralizes clster management throgh a web administration interface and a command-line interface. Both interfaces provide methods to activate licenses, check the stats of nodes, configre the clster, pgrade the system, generate alerts, view client connections, track performance, and change varios settings. In addition, OneFS simplifies administration by atomating maintenance with a job engine. Yo can schedle jobs that scan for virses, inspect disks for errors, reclaim disk space, and check the integrity of the file system. The engine manages the jobs to minimize impact on the clster's performance. With SNMP versions 1, 2c, and 3, yo can remotely monitor hardware components, CPU sage, switches, and network interfaces. EMC Isilon spplies management information bases (MIBs) and traps for the OneFS operating system. OneFS also incldes a RESTfl application programming interface known as the Platform API to atomate access, configration, and monitoring. For example, yo can retrieve performance statistics, provision sers, and tap the file system. The Platform API integrates with OneFS role-based access control to increase secrity. See the Isilon Platform API Reference. Qorm An Isilon clster mst have a qorm to work properly. A qorm prevents data conflicts for example, conflicting versions of the same file in case two grops of nodes become nsynchronized. If a clster loses its qorm for read and write reqests, yo cannot access the OneFS file system. For a qorm, more than half the nodes mst be available over the internal network. A seven-node clster, for example, reqires a for-node qorm. A 10-node clster reqires a six-node qorm. If a node is nreachable over the internal network, OneFS separates the node from the clster, an action referred to as splitting. After a clster is split, clster operations contine as long as enogh nodes remain connected to have a qorm. In a split clster, the nodes that remain in the clster are referred to as the majority grop. Nodes that are split from the clster are referred to as the minority grop. Internal and external networks 21

22 Isilon scale-ot NAS Splitting and merging When split nodes can reconnect with the clster and resynchronize with the other nodes, the nodes rejoin the clster's majority grop, an action referred to as merging. A OneFS clster contains two qorm properties: read qorm (efs.gmp.has_qorm) write qorm (efs.gmp.has_sper_block_qorm) By connecting to a node with SSH and rnning the sysctl command-line tool as root, yo can view the stats of both types of qorm. Here is an example for a clster that has a qorm for both read and write operations, as the command's otpt indicates with a 1, for tre: sysctl efs.gmp.has_qorm efs.gmp.has_qorm: 1 sysctl efs.gmp.has_sper_block_qorm efs.gmp.has_sper_block_qorm: 1 The degraded states of nodes sch as smartfail, read-only, offline, and so on affect qorm in different ways. A node in a smartfail or read-only state affects only write qorm. A node in an offline state, however, affects both read and write qorm. In a clster, the combination of nodes in different degraded states determines whether read reqests, write reqests, or both work. A clster can lose write qorm bt keep read qorm. Consider a for-node clster in which nodes 1 and 2 are working normally. Node 3 is in a read-only state, and node 4 is in a smartfail state. In sch a case, read reqests to the clster scceed. Write reqests, however, receive an inpt-otpt error becase the states of nodes 3 and 4 break the write qorm. A clster can also lose both its read and write qorm. If nodes 3 and 4 in a for-node clster are in an offline state, both write reqests and read reqests receive an inptotpt error, and yo cannot access the file system. When OneFS can reconnect with the nodes, OneFS merges them back into the clster. Unlike a RAID system, an Isilon node can rejoin the clster withot being rebilt and reconfigred. Splitting and merging optimize the se of nodes withot yor intervention. OneFS monitors every node in a clster. If a node is nreachable over the internal network, OneFS separates the node from the clster, an action referred to as splitting. When the clster can reconnect to the node, OneFS adds the node back into the clster, an action referred to as merging. When a node is split from a clster, it will contine to captre event information locally. Yo can connect to a split node with SSH and rn the isi events list command to view the local event log for the node. The local event log can help yo trobleshoot the connection isse that reslted in the split. When the split node rejoins the clster, local events gathered dring the split are deleted. Yo can still view events generated by a split node in the node's event log file located at /var/log/ isi_celog_events.log. If a clster splits dring a write operation, OneFS might need to re-allocate blocks for the file on the side with the qorm, which leads allocated blocks on the side withot a qorm to become orphans. When the split nodes reconnect with the clster, the OneFS Collect system job reclaims the orphaned blocks. Meanwhile, as nodes split and merge with the clster, the OneFS AtoBalance job redistribtes data evenly among the nodes in the clster, optimizing protection and conserving space. 22 OneFS 7.1 Web Administration Gide

23 Isilon scale-ot NAS Storage pools IP address pools Storage pools segment nodes and files into logical divisions to simplify the management and storage of data. A storage pool comprises node pools and tiers. Node pools grop eqivalent nodes to protect data and ensre reliability. Tiers combine node pools to optimize storage by need, sch as a freqently sed high-speed tier or a rarely accessed archive. The SmartPools modle grops nodes and files into pools. If yo do not activate a SmartPools license, the modle provisions node pools and creates one file pool. If yo activate the SmartPools license, yo receive more featres. Yo can, for example, create mltiple file pools and govern them with policies. The policies move files, directories, and file pools among node pools or tiers. Yo can also define how OneFS handles write operations when a node pool or tier is fll. SmartPools reserves a virtal hot spare to reprotect data if a drive fails regardless of whether the SmartPools license is activated. Within a sbnet, yo can partition a clster's external network interfaces into pools of IP address ranges. The pools empower yo to cstomize yor storage network to serve different grops of sers. Althogh yo mst initially configre the defalt external IP sbnet in IPv4 format, yo can configre additional sbnets in IPv4 or IPv6. Yo can associate IP address pools with a node, a grop of nodes, or NIC ports. For example, yo can set p one sbnet for storage nodes and another sbnet for accelerator nodes. Similarly, yo can allocate ranges of IP addresses on a sbnet to different teams, sch as engineering and sales. Sch options help yo create a storage topology that matches the demands of yor network. In addition, network provisioning rles streamline the setp of external connections. After yo configre the rles with network settings, yo can apply the settings to new nodes. As a standard featre, the OneFS SmartConnect modle balances connections among nodes by sing a rond-robin policy with static IP addresses and one IP address pool for each sbnet. Activating a SmartConnect Advanced license adds featres, sch as defining IP address pools to spport mltiple DNS zones. The OneFS operating system A distribted operating system based on FreeBSD, OneFS presents an Isilon clster's file system as a single share or export with a central point of administration. The OneFS operating system does the following: Spports common data-access protocols, sch as SMB and NFS. Connects to mltiple identity management systems, sch as Active Directory and LDAP. Athenticates sers and grops. Controls access to directories and files. Storage pools 23

24 Isilon scale-ot NAS Data-access protocols With the OneFS operating system, yo can access data with mltiple file-sharing and transfer protocols. As a reslt, Microsoft Windows, UNIX, Linx, and Mac OS X clients can share the same directories and files. OneFS spports the following protocols. Protocol Description - - SMB Server Message Block gives Windows sers access to the clster. OneFS works with SMB 1, SMB 2, and SMB 2.1. With SMB 2.1, OneFS spports client opportnity locks (oplocks) and large (1 MB) MTU sizes. The defalt file share is /ifs. NFS FTP iscsi HDFS HTTP The Network File System enables UNIX, Linx, and Mac OS X systems to remotely mont any sbdirectory, inclding sbdirectories created by Windows sers. OneFS works with versions 2 throgh 4 of the Network File System protocol (NFSv2, NFSv3, NFSv4). The defalt export is /ifs. File Transfer Protocol lets systems with an FTP client connect to the clster to exchange files. The Internet Small Compter System Interface protocol provides access to block storage. iscsi integration reqires yo to activate a separate license. The Hadoop Distribted File System protocol makes it possible for a clster to work with Apache Hadoop, a framework for data-intensive distribted applications. HDFS integration reqires yo to activate a separate license. Hyper Text Transfer protocol gives systems browser-based access to resorces. OneFS incldes limited spport for WebDAV. Identity management and access control OneFS works with mltiple identity management systems to athenticate sers and control access to files. In addition, OneFS featres access zones that allow sers from different directory services to access different resorces based on their IP address. Rolebased access control, meanwhile, segments administrative access by role. OneFS athenticates sers with the following identity management systems: Microsoft Active Directory (AD) Lightweight Directory Access Protocol (LDAP) Network Information Service (NIS) Local sers and local grops A file provider for acconts in /etc/spwd.db and /etc/grop files. With the file provider, yo can add an athoritative third-party sorce of ser and grop information. Yo can manage sers with different identity management systems; OneFS maps the acconts so that Windows and UNIX identities can coexist. A Windows ser accont managed in Active Directory, for example, is mapped to a corresponding UNIX accont in NIS or LDAP. To control access, an Isilon clster works with both the access control lists (ACLs) of Windows systems and the POSIX mode bits of UNIX systems. When OneFS mst 24 OneFS 7.1 Web Administration Gide

25 Isilon scale-ot NAS transform a file's permissions from ACLs to mode bits or from mode bits to ACLs, OneFS merges the permissions to maintain consistent secrity settings. OneFS presents protocol-specific views of permissions so that NFS exports display mode bits and SMB shares show ACLs. Yo can, however, manage not only mode bits bt also ACLs with standard UNIX tools, sch as the chmod and chown commands. In addition, ACL policies enable yo to configre how OneFS manages permissions for networks that mix Windows and UNIX systems. Access zones OneFS incldes an access zones featre. Access zones allow sers from different athentication providers, sch as two ntrsted Active Directory domains, to access different OneFS resorces based on an incoming IP address. An access zone can contain mltiple athentication providers and SMB namespaces. RBAC for administration OneFS incldes role-based access control (RBAC) for administration. In place of a root or administrator accont, RBAC lets yo manage administrative access by role. A role limits privileges to an area of administration. For example, yo can create separate administrator roles for secrity, aditing, storage, and backp. Strctre of the file system OneFS presents all the nodes in a clster as a global namespace that is, as the defalt file share, /ifs. In the file system, directories are inode nmber links. An inode contains file metadata and an inode nmber, which identifies a file's location. OneFS dynamically allocates inodes, and there is no limit on the nmber of inodes. To distribte data among nodes, OneFS sends messages with a globally rotable block address throgh the clster's internal network. The block address identifies the node and the drive storing the block of data. Note It is recommended that yo do not save data to the root /ifs file path bt in directories below /ifs. The design of yor data storage strctre shold be planned careflly. A well-designed directory optimizes clster performance and clster administration. Data layot OneFS evenly distribtes data among a clster's nodes with layot algorithms that maximize storage efficiency and performance. The system continosly reallocates data to conserve space. OneFS breaks data down into smaller sections called blocks, and then the system places the blocks in a stripe nit. By referencing either file data or erasre codes, a stripe nit helps safegard a file from a hardware failre. The size of a stripe nit depends on the file size, the nmber of nodes, and the protection setting. After OneFS divides the data into stripe nits, OneFS allocates, or stripes, the stripe nits across nodes in the clster. When a client connects to a node, the client's read and write operations take place on mltiple nodes. For example, when a client connects to a node and reqests a file, the node retrieves the data from mltiple nodes and rebilds the file. Yo can optimize how OneFS lays ot data to match yor dominant access pattern concrrent, streaming, or random. Strctre of the file system 25

26 Isilon scale-ot NAS Writing files Reading files Metadata layot On a node, the inpt-otpt operations of the OneFS software stack split into two fnctional layers: A top layer, or initiator, and a bottom layer, or participant. In read and write operations, the initiator and the participant play different roles. When a client writes a file to a node, the initiator on the node manages the layot of the file on the clster. First, the initiator divides the file into blocks of 8 KB each. Second, the initiator places the blocks in one or more stripe nits. At 128 KB, a stripe nit consists of 16 blocks. Third, the initiator spreads the stripe nits across the clster ntil they span a width of the clster, creating a stripe. The width of the stripe depends on the nmber of nodes and the protection setting. After dividing a file into stripe nits, the initiator writes the data first to non-volatile random-access memory (NVRAM) and then to disk. NVRAM retains the information when the power is off. Dring the write transaction, NVRAM gards against failed nodes with jornaling. If a node fails mid-transaction, the transaction restarts withot the failed node. When the node retrns, it replays the jornal from NVRAM to finish the transaction. The node also rns the AtoBalance job to check the file's on-disk striping. Meanwhile, ncommitted writes waiting in the cache are protected with mirroring. As a reslt, OneFS eliminates mltiple points of failre. In a read operation, a node acts as a manager to gather data from the other nodes and present it to the reqesting client. Becase an Isilon clster's coherent cache spans all the nodes, OneFS can store different data in each node's RAM. By sing the internal InfiniBand network, a node can retrieve file data from another node's cache faster than from its own local disk. If a read operation reqests data that is cached on any node, OneFS plls the cached data to serve it qickly. In addition, for files with an access pattern of concrrent or streaming, OneFS pre-fetches in-demand data into a managing node's local cache to frther improve seqential-read performance. OneFS protects metadata by spreading it across nodes and drives. Metadata which incldes information abot where a file is stored, how it is protected, and who can access it is stored in inodes and protected with locks in a B+ tree, a standard strctre for organizing data blocks in a file system to provide instant lookps. OneFS replicates file metadata across the clster so that there is no single point of failre. Working together as peers, all the nodes help manage metadata access and locking. If a node detects an error in metadata, the node looks p the metadata in an alternate location and then corrects the error. 26 OneFS 7.1 Web Administration Gide

27 Isilon scale-ot NAS Locks and concrrency OneFS incldes a distribted lock manager that orchestrates locks on data across all the nodes in a clster. The lock manager grants locks for the file system, byte ranges, and protocols, inclding SMB share-mode locks and NFS advisory locks. OneFS also spports SMB opportnistic locks and NFSv4 delegations. Becase OneFS distribtes the lock manager across all the nodes, any node can act as a lock coordinator. When a thread from a node reqests a lock, the lock manager's hashing algorithm typically assigns the coordinator role to a different node. The coordinator allocates a shared lock or an exclsive lock, depending on the type of reqest. A shared lock allows sers to share a file simltaneosly, typically for read operations. An exclsive lock allows only one ser to access a file, typically for write operations. Striping In a process known as striping, OneFS segments files into nits of data and then distribtes the nits across nodes in a clster. Striping protects yor data and improves clster performance. To distribte a file, OneFS redces it to blocks of data, arranges the blocks into stripe nits, and then allocates the stripe nits to nodes over the internal network. At the same time, OneFS distribtes erasre codes that protect the file. The erasre codes encode the file's data in a distribted set of symbols, adding space-efficient redndancy. With only a part of the symbol set, OneFS can recover the original file data. Taken together, the data and its redndancy form a protection grop for a region of file data. OneFS places the protection grops on different drives on different nodes creating data stripes. Becase OneFS stripes data across nodes that work together as peers, a ser connecting to any node can take advantage of the entire clster's performance. By defalt, OneFS optimizes striping for concrrent access. If yor dominant access pattern is streaming--that is, lower concrrency, higher single-stream workloads, sch as with video--yo can change how OneFS lays ot data to increase seqential-read performance. To better handle streaming access, OneFS stripes data across more drives. Streaming is most effective on clsters or sbpools serving large files. Data protection overview An Isilon clster is designed to serve data even when components fail. By defalt, OneFS protects data with erasre codes, enabling yo to retrieve files when a node or disk fails. As an alternative to erasre codes, yo can protect data with two to eight mirrors. When yo create a clster with five or more nodes, erasre codes deliver as mch as 80 percent efficiency. On larger clsters, erasre codes provide as mch as for levels of redndancy. In addition to erasre codes and mirroring, OneFS incldes the following featres to help protect the integrity, availability, and confidentiality of data: Featre Description - - Antivirs OneFS can send files to servers rnning the Internet Content Adaptation Protocol (ICAP) to scan for virses and other threats. Locks and concrrency 27

28 Isilon scale-ot NAS Featre Description - - Clones OneFS enables yo to create clones that share blocks with other files to save space. NDMP backp and restore Protection domains OneFS can back p data to tape and other devices throgh the Network Data Management Protocol. Althogh OneFS spports both NDMP 3-way and 2- way backp, 2-way backp reqires an Isilon Backp Accelerator node. Yo can apply protection domains to files and directories to prevent changes. The following software modles also help protect data, bt they reqire yo to activate a separate license: Licensed Description Featre - - SyncIQ SyncIQ replicates data on another Isilon clster and atomates failover and failback operations between clsters. If a clster becomes nsable, yo can fail over to another Isilon clster. SnapshotIQ SmartLock Yo can protect data with a snapshot a logical copy of data stored on a clster. The SmartLock tool prevents sers from modifying and deleting files. Yo can commit files to a write-once, read-many state: The file can never be modified and cannot be deleted ntil after a set retention period. SmartLock can help yo comply with Secrities and Exchange Commission Rle 17a-4. N+M data protection OneFS spports N+M erasre code levels of N+1, N+2, N+3, and N+4. In the N+M data model, N represents the nmber of nodes, and M represents the nmber of simltaneos failres of nodes or drives that the clster can handle withot losing data. For example, with N+2 the clster can lose two drives on different nodes or lose two nodes. To protect drives and nodes separately, OneFS also spports N+M:B. In the N+M:B notation, M is the nmber of disk failres, and B is the nmber of node failres. With N +3:1 protection, for example, the clster can lose three drives or one node withot losing data. The defalt protection level for clsters larger than 18 TB is N+2:1. The defalt for clsters smaller than 18 TB is N+1. The qorm rle dictates the nmber of nodes reqired to spport a protection level. For example, N+3 reqires at least seven nodes so yo can maintain a qorm if three nodes fail. Yo can, however, set a protection level that is higher than the clster can spport. In a for-node clster, for example, yo can set the protection level at 5x. OneFS protects the data at 4x ntil a fifth node is added, after which OneFS atomatically reprotects the data at 5x. 28 OneFS 7.1 Web Administration Gide

29 Isilon scale-ot NAS Data mirroring Yo can protect on-disk data with mirroring, which copies data to mltiple locations. OneFS spports two to eight mirrors. Yo can se mirroring instead of erasre codes, or yo can combine erasre codes with mirroring. Mirroring, however, consmes more space than erasre codes. Mirroring data three times, for example, dplicates the data three times, which reqires more space than erasre codes. As a reslt, mirroring sits transactions that reqire high performance, sch as with iscsi LUNs. Yo can also mix erasre codes with mirroring. Dring a write operation, OneFS divides data into redndant protection grops. For files protected by erasre codes, a protection grop consists of data blocks and their erasre codes. For mirrored files, a protection grop contains all the mirrors of a set of blocks. OneFS can switch the type of protection grop as it writes a file to disk. By changing the protection grop dynamically, OneFS can contine writing data despite a node failre that prevents the clster from applying erasre codes. After the node is restored, OneFS atomatically converts the mirrored protection grops to erasre codes. The file system jornal A jornal, which records file-system changes in a battery-backed NVRAM card, recovers the file system after failres, sch as a power loss. When a node restarts, the jornal replays file transactions to restore the file system. Virtal hot spare When a drive fails, OneFS ses space reserved in a sbpool instead of a hot spare drive. The reserved space is known as a virtal hot spare. In contrast to a spare drive, a virtal hot spare atomatically resolves drive failres and contines writing data. If a drive fails, OneFS migrates data to the virtal hot spare to reprotect it. Yo can reserve as many as for disk drives as a virtal hot spare. Balancing protection with storage space VMware integration Yo can set protection levels to balance protection reqirements with storage space. Higher protection levels typically consme more space than lower levels becase yo lose an amont of disk space to storing erasre codes. The overhead for the erasre codes depends on the protection level, the file size, and the nmber of nodes in the clster. Since OneFS stripes both data and erasre codes across nodes, the overhead declines as yo add nodes. OneFS integrates with several VMware prodcts, inclding vsphere, vcenter, and ESXi. For example, OneFS works with the VMware vsphere API for Storage Awareness (VASA) so that yo can view information abot an Isilon clster in vsphere. OneFS also works with the VMware vsphere API for Array Integration (VAAI) to spport the following featres for block storage: hardware-assisted locking, fll copy, and block zeroing. VAAI for NFS reqires an ESXi plg-in. With the Isilon for vcenter plg-in, yo can backp and restore virtal machines on an Isilon clster. With the Isilon Storage Replication Adapter, OneFS integrates with the Data mirroring 29

30 Isilon scale-ot NAS The iscsi option Software modles VMware vcenter Site Recovery Manager to recover virtal machines that are replicated between Isilon clsters. Block-based storage offers flexible storage and access. OneFS enables clients to store block data on an Isilon clster by sing the Internet Small Compter System Interface (iscsi) protocol. With the iscsi modle, yo can configre block storage for Windows, Linx, and VMware systems. On the network side, the logical network interface (LNI) framework dynamically manages interfaces for network resilience. Yo can combine mltiple network interfaces with LACP and LAGG to aggregate bandwidth and to fail over client sessions. The iscsi modle reqires yo to activate a separate license. Yo can access advanced featres by activating licenses for EMC Isilon software modles. SmartLock SmartLock protects critical data from malicios, accidental, or prematre alteration or deletion to help yo comply with SEC 17a-4 reglations. Yo can atomatically commit data to a tamper-proof state and then retain it with a compliance clock. SyncIQ atomated failover and failback SyncIQ replicates data on another Isilon clster and atomates failover and failback between clsters. If a clster becomes nsable, yo can fail over to another Isilon clster. Failback restores the original sorce data after the primary clster becomes available again. File clones OneFS provides provisioning of fll read/write copies of files, LUNs, and other clones. OneFS also provides virtal machine linked cloning throgh VMware API integration. SnapshotIQ SnapshotIQ protects data with a snapshot a logical copy of data stored on a clster. A snapshot can be restored to its top-level directory. SmartPools SmartPools enable yo to create mltiple file pools governed by file-pool policies. The policies move files and directories among node pools or tiers. Yo can also define how OneFS handles write operations when a node pool or tier is fll. SmartConnect If yo activate a SmartConnect Advanced license, yo can balance policies to evenly distribte CPU sage, client connections, or throghpt. Yo can also define IP address pools to spport mltiple DNS zones in a sbnet. In addition, SmartConnect spports IP failover, also known as NFS failover. InsightIQ The InsightIQ virtal appliance monitors and analyzes the performance of yor Isilon clster to help yo optimize storage resorces and forecast capacity. 30 OneFS 7.1 Web Administration Gide

31 Isilon scale-ot NAS Aspera for Isilon Aspera moves large files over long distances fast. Aspera for Isilon is a clster-aware version of Aspera technology for non-disrptive, wide-area content delivery. iscsi OneFS spports the Internet Small Compter System Interface (iscsi) protocol to provide block storage for Windows, Linx, and VMware clients. The iscsi modle incldes parallel LUN allocation and zero-copy spport. HDFS OneFS works with the Hadoop Distribted File System protocol to help clients rnning Apache Hadoop, a framework for data-intensive distribted applications, analyze big data. SmartQotas The SmartQotas modle tracks disk sage with reports and enforces storage limits with alerts. Software modles 31

32

33 CHAPTER 3 General clster administration This section contains the following topics: General clster administration overview...34 User interfaces Connecting to the clster...35 Licensing...36 Certificates...40 General clster settings...42 Clster statistics Performance monitoring Clster monitoring...47 Monitoring clster hardware...57 Clster maintenance Remote spport sing SpportIQ...64 Upgrading OneFS General clster administration 33

34 General clster administration General clster administration overview Yo can manage general OneFS settings and modle licenses for the EMC Isilon clster. General clster administration covers several areas. Yo can manage general settings sch as clster name, date and time, and . Yo can monitor the clster stats and performance, inclding hardware components. Yo can configre how events and notifications are handled, and yo can perform clster maintenance sch as adding, removing, and restarting nodes. Most management tasks are accomplished throgh both the web administration or command-line interface; however, yo will occasionally enconter a task that can only be managed by one or the other. User interfaces Depending on yor preference, location, or task, OneFS provides several interfaces for managing the EMC Isilon clster. Interface Description Comment OneFS web administration interface The browser-based OneFS web administration interface provides secre access with OneFS-spported browsers. Yo can se this interface to view robst graphical monitoring displays and to perform clstermanagement tasks. The OneFS web administration interface ses port 8080 as its defalt port. OneFS commandline interface OneFS Platform API OneFS RESTfl Access to the Namespace API Node front panel Yo can rn OneFS isi commands in the command-line interface to configre, monitor, and manage the clster. Access to the command-line interface is throgh a secre shell (SSH) connection to any node in the clster. The OneFS Platform API provides access to clster configration, management, and monitoring fnctionality throgh an HTTP-based interface. Yo can create, delete, and modify data on the OneFS file system throgh the RESTfl Access to the Namespace (RAN) application programing interface (API). The front panel of each node contains an LCD screen with five bttons, which yo can se to monitor node and clster details. The OneFS command-line interface provides an extended standard UNIX command set for managing the clster. Yo shold have a solid nderstanding of HTTP/1.1 and experience writing HTTP-based client software before yo implement client-based software throgh the Platform API. Yo shold have a solid nderstanding of HTTP/1.1 and experience writing HTTP-based client software before yo implement client-based software throgh the RAN API. Node stats, events, clster details, capacity, IP and MAC addresses, throghpt, and drive stats are available throgh the node front panel. 34 OneFS 7.1 Web Administration Gide

35 General clster administration Interface Description Comment Note Accelerator nodes do not have front panels. Connecting to the clster EMC Isilon clster access is provided throgh the web administration interface or throgh SSH. A serial connection can be sed to perform clster-administration tasks throgh the command-line interface. Yo can also access the clster throgh the node front panel to accomplish a sbset of clster-management tasks. For information abot connecting to the node front panel, see the installation docmentation for yor node. Log in to the web administration interface Yo can monitor and manage yor EMC Isilon clster from the browser-based web administration interface. Procedre 1. Open a browser window and type the URL for yor clster in the address field, replacing <yornodeipaddress> in the following example with the first IP address yo provided when yo configred ext-1: Open an SSH connection to a clster If yor secrity certificates have not been configred, a message displays. Resolve any certificate configrations and contine to the web site. 2. Log in to OneFS by typing yor OneFS credentials in the Username and Password fields. After yo log into the web administration interface, there is a 4-hor login timeot and a 24-hor session inactivity timeot. Yo can se any SSH client sch as OpenSSH or PTTY to connect to an EMC Isilon clster. Before yo begin Yo mst have valid OneFS credentials to log in to a clster after the connection is open. Procedre 1. Open a secre shell (SSH) connection to any node in the clster, sing the IP address and port nmber for the node. 2. Log in with yor OneFS credentials. At the OneFS command line prompt, yo can se isi commands to monitor and manage yor clster. Connecting to the clster 35

36 General clster administration Licensing License stats Advanced clster featres are available when yo activate licenses for OneFS software modles. Each optional OneFS software modle reqires yo to activate a separate license. For more information abot the following optional software modles, contact yor EMC Isilon sales representative. HDFS InsightIQ Isilon for vcenter SmartConnect Advanced SmartDedpe SmartLock SmartPools SmartQotas SnapshotIQ SyncIQ iscsi The stats of a OneFS modle license indicates whether the fnctionality provided by the modle are available on the clster. Licenses exist in one of the following states: Stats Description - - Inactive The license has not been activated on the clster. Yo cannot access the featres provided by the corresponding modle. Evalation Activated Expired The license has been temporarily activated on the clster. Yo can access the featres provided by the corresponding modle for a limited period of time. After the license expires, the featres will become navailable, nless the license is reactivated. The license has been activated on the clster. Yo can access the featres provided by the corresponding modle. The evalation license has expired on the clster. Yo can no longer access the featres provided by the corresponding modle. The featres will remain navailable, nless yo reactivate the license. The following table describes what fnctionality is available for each license depending on the license's stats: License Inactive Evalation/ Expired Activated HDFS Clients cannot access the clster throgh HDFS. Yo can configre HDFS settings and clients can access Yo cannot configre HDFS settings. After the HDFS service restarts, clients can 36 OneFS 7.1 Web Administration Gide

37 General clster administration License Inactive Evalation/ Expired Activated the clster throgh HDFS. no longer access the clster throgh HDFS. InsightIQ Yo cannot monitor the clster with InsightIQ. Yo can monitor the clster with InsightIQ. InsightIQ stops monitoring the clster. Data previosly collected by InsightIQ is still available on the InsightIQ instance. Isilon for vcenter Yo cannot back p virtal machines that are stored on an Isilon clster with Isilon for vcenter. Yo can back p virtal machines that are stored on an Isilon clster with Isilon for vcenter. Yo cannot create new backps of virtal machines that are stored on an Isilon clster. SmartPools All files belong to the defalt file pool and are governed by the defalt file pool policy. Virtal hot spare allocation, which reserves space for data repair if a drive fails, is also available. Yo can create mltiple file pools and file pool policies. Yo can also manage spillover, which defines how write operations are handled when a storage pool is not writable. Yo can no longer manage file pool policies, and the SmartPools job will no longer rn. Newly added files will be governed by the defalt file pool policy, and the SetProtectPls job will eventally apply the defalt file pool policy to all files in the clster. If the SmartPools job is rnning when the license expires, the job completes before becoming disabled. SmartConnect Advanced Client connections are balanced by sing a rond robin policy. IP address allocation is static. Each external network sbnet can be assigned only one IP address pool. Yo can access featres sch as CPU tilization, connection conting, and client connection policies in addition to the rond robin policy. Yo can also configre address pools to spport mltiple DNS zones within a single sbnet, and spport IP failover. Yo can no longer specify SmartConnect Advanced settings. SmartDedpe Yo cannot dedplicate data with SmartDedpe. Yo can dedplicate data with SmartDedpe. Yo can no longer dedplicate data. Previosly dedplicated data remains dedplicated. SmartLock Yo cannot enforce file retention with SmartLock. Yo can enforce file retention with SmartLock. Yo cannot create new SmartLock directories or modify SmartLock directory License stats 37

38 General clster administration License Inactive Evalation/ Expired Activated configration settings for existing directories. Yo can still commit files to a write once read many (WORM) state, even after the SmartLock license is nconfigred, bt yo cannot delete WORMcommitted files from enterprise directories. SnapshotIQ Yo can view and manage snapshots generated by OneFS applications. However, yo cannot create snapshots or configre SnapshotIQ settings. Yo can create, view, and manage snapshots. Yo can also configre snapshot settings. Yo will no longer be able to generate snapshots. Existing snapshot schedles are not deleted; however, the schedles will not generate snapshots. Yo can still delete snapshots and access snapshot data. SmartQotas Yo cannot create qotas with SmartQotas. Yo can create qotas with SmartQotas. OneFS disables all qotas. Exceeding advisory and soft thresholds does not trigger events. Hard and soft thresholds are not enforced. SyncIQ Yo cannot replicate data with SyncIQ. Yo can replicate data with SyncIQ Yo will no longer be able to replicate data to remote clsters, and remote clsters will not be able to replicate data to the local clster. Replication policies will still display a stats of enabled; however, ftre replication jobs created by the policy will fail. If a replication job is in progress when the license expires, the job completes. iscsi Clients cannot access the clster throgh iscsi. Clients can access the clster throgh iscsi. Yo can no longer configre iscsi settings on the clster. HDFS clients can read data from clster; however, they are nable to write data to the clster. 38 OneFS 7.1 Web Administration Gide

39 General clster administration License configration Yo can configre or nconfigre some OneFS modle licenses. Yo can configre a license by performing specific operations throgh the corresponding modle. Not all actions that reqire yo to activate a license will configre the license. Also, not all licenses can be configred. Configring a license does not add or remove access to any featres provided by a modle. Yo can nconfigre a license only throgh the isi license nconfigre command. Yo may want to nconfigre a license for a OneFS software modle if, for example, yo enabled an evalation version of a modle bt later decided not to prchase a permanent license. Unconfigring a modle license does not deactivate the license. Unconfigring a license does not add or remove access to any featres provided by a modle. The following table describes both the actions that case each license to be configred and the reslts of nconfigring each license: License Case of configring Reslt of nconfigring HDFS Cannot configre this license. No system impact. InsightIQ Cannot configre this license. No system impact. Isilon for vcenter Cannot configre this license. No system impact. SmartPools SmartConnect Create a file pool policy (other than the defalt file pool policy). Configre SmartConnect Advanced settings for at least one IP address pool. OneFS deletes all file pool policies (except the defalt file pool policy). OneFS converts dynamic IP address pools to static IP address pools. SmartDedpe Cannot configre this license. No system impact. SmartLock Cannot configre this license. No system impact. SnapshotIQ Create a snapshot schedle. Deletes all snapshot schedles. SmartQotas Create a qota. No system impact. SyncIQ Create a replication policy. No system impact. iscsi Cannot configre this license. No system impact. Activate a license To access a OneFS modle, yo mst activate a license. Before yo begin Before yo can activate a license, yo mst obtain a valid license key, and yo mst have root ser privileges on yor clster. To obtain a license key, contact yor EMC Isilon sales representative. Procedre 1. Click Help > Abot This Clster. 2. In the Licensed Modles section, click Activate license. 3. In the License key field, type the license key for the modle that yo want to enable. License configration 39

40 General clster administration View license information Unconfigre a license 4. Read the end ser license agreement, click I have read and agree, and then click Sbmit. Yo can view information abot the crrent stats of any optional Isilon software modles. Procedre 1. Click Help > Abot This Clster. 2. In the Licensed Modles area, review information abot licenses, inclding stats and expiration date. Yo can nconfigre a licensed modle throgh the command-line interface. Yo mst have root ser privileges on yor Isilon clster to nconfigre a modle license. This procedre is available only throgh the command-line interface (CLI). Note Unconfigring a license does not deactivate the license. Procedre 1. Open a secre shell (SSH) connection to any node in the clster. Yo mst log in as root. 2. Rn the isi license nconfigre command. The following command nconfigres the license for SmartConnect: isi license nconfigre -m smartconnect If yo do not know the modle name, rn the isi license command for a list of OneFS modles and their stats. OnesFS retrns a confirmation message similar to the following text: The SmartConnect modle has been nconfigred. The license is nconfigred, and any processes enabled for the modle are disabled. Certificates Yo can renew the Secre Sockets Layer (SSL) certificate for the Isilon web administration interface or replace it with a third-party SSL certificate. All Platform API commnication, which incldes commnication throgh the web administration interface, is over SSL. Yo can replace or renew the self-signed certificate with a certificate that yo generate. To replace or renew an SSL certificate, yo mst be logged on as root. 40 OneFS 7.1 Web Administration Gide

41 General clster administration Replace or renew the SSL certificate Yo can replace or renew the Secre Sockets Layer (SSL) certificate, which is sed to access the EMC Isilon clster throgh a browser. Before yo begin When yo renew or replace a self-signed SSL certificate, yo mst provide information for yor organization in the format that is described in the Self-signed SSL certificate data example. The following folders are the defalt locations for the server.crt and server.key files in OneFS 6.0 and higher. SSL certificate: /sr/local/apache2/conf/ssl.crt/server.crt SSL certificate key: /sr/local/apache2/conf/ssl.key/server.key Procedre 1. Establish an SSH connection to any node in the clster. 2. At the command prompt, rn the following command to create the appropriate directory. mkdir /ifs/local/ 3. At the command prompt, rn the following command to change to the directory. cd /ifs/local/ 4. Choose the type of certificate yo want to install. Option Third-party (pblic or private) CAissed certificate Self-signed certificate based on the existing (stock) ssl.key Description a. At the command prompt, rn the following command to generate a new Certificate Signing Reqest (CSR) in addition to a new key, where <common_name> is the host name, sch as isilon.example.com: openssl req -new -nodes -newkey rsa:1024 -keyot <common name>.key \ -ot <common-name>.csr b. Send the contents of the <common_name>.csr file from the clster to yor Certificate Athority (CA) for signing. When yo receive the signed certificate (now a.crt file) from the CA, copy the certificate to /ifs/local/<common-name>.crt. a. At the command prompt, rn the following command to create a two-year certificate. Increase or decrease the vale for -days to generate a certificate with a different expiration date. cp /sr/local/apache2/conf/ssl.key/server.key./openssl req -new \/ -days 730 -nodes -x509 -key server.key -ot server.crt A renewal certificate is created, based on the existing (stock) ssl.key file. 5. Optional: At the command prompt, rn the following command to verify the attribtes in an SSL certificate. openssl x509 -text -noot -in <common-name>.crt 6. Rn the following commands to install the certificate and key: isi services -a isi_webi disable chmod 640 <common name>.key Replace or renew the SSL certificate 41

42 General clster administration isi_for_array -s 'cp /ifs/local/<common-name>.key /sr/local/ apache2/conf/ssl.key/<common-name>.key' isi_for_array -s 'cp /ifs/local/<common-name>.crt /sr/local/ apache2/conf/ssl.crt/<common-name>.crt' isi services -a isi_webi enable 7. Rn the following command to remove the files in /ifs/local. rm /ifs/local/* Verify an SSL certificate pdate Yo can verify the details stored in a Secre Sockets Layer (SSL) certificate. Procedre 1. Open a web browser window. 2. Browse to name>:8080, where <common name> is the host name for the EMC Isilon web administration interface, sch as isilon.example.com. 3. In the secrity details for the web page, verify that the sbject line and other details that yo provided are correct. Note Self-signed SSL certificate data example The steps to view secrity details vary by browser. For example, in some browsers, yo can click the padlock icon in the address bar to view the secrity details for the web page. Follow the steps that are specific to yor browser. Self-signed SSL certificate renewal or replacement reqires yo to provide data sch as yor flly qalified domain name and a contact address. When yo renew or replace a self-signed SSL certificate, yo are asked to provide data in the format shown in the following example. Some fields in the certificate file contain a defalt vale. If yo type '.', the field is left blank when the certificate is generated. Contry Name (2 letter code) [XX]:US State or Province Name (fll name) [Some-State]:Washington Locality Name (for example, city) [defalt city]:seattle Organization Name (for example, company) [Internet Widgits Pty Ltd]:Isilon Organizational Unit Name (for example, section) []:Spport Common Name (for example, server FQDN or server name) []:isilon.example.com Address []:[email protected] In addition, yo shold add the following attribtes to be sent with yor certificate reqest: Challenge password []:Isilon1 Optional company name []: General clster settings 42 OneFS 7.1 Web Administration Gide General settings that are applied across the entire clster can be modified. Yo can modify the following general settings to cstomize the Isilon clster for yor needs:

43 General clster administration Clster name Clster date and time, NTP settings Character encoding settings SNMP monitoring SpportIQ settings Set the clster name Yo can assign a name and add a login message to yor EMC Isilon clster to make the clster and its nodes more easily recognizable on yor network. Clster names mst begin with a letter and can contain only nmbers, letters, and hyphens. The clster name is added to the node nmber to identify each node in the clster. For example, the first node in a clster named Images may be named Images-1. Procedre 1. Click Clster Management > General Settings > Clster Identity. 2. Optional: In the Clster Name and Description area, type a name for the clster in the Clster Name field and type a description in the Clster Description field. 3. Optional: In the Login Message area, type a title in the Message Title field and a message in the Message Body field. 4. Click Sbmit. After yo finish Specify contact information Yo mst add the clster name to yor DNS servers. Yo can specify contact information so that Isilon Technical Spport personnel and event notification recipients can contact yo. Procedre 1. Click Dashboard > Events > Notification Settings. 2. In the Contact Information area, click Modify contact information settings. 3. In the Contact Information area, type the name and contact information in the fields for those details. 4. Click Sbmit. Configring the clster date and time The NTP service is configrable manally, so yo can ensre that all nodes in a clster are synchronized to the same time sorce. The Network Time Protocol (NTP) method atomatically synchronizes clster date and time settings throgh an NTP server. Alternatively, yo can set the date and time reported by the clster by manally configring the service. Windows domains provide a mechanism to synchronize members of the domain to a master clock rnning on the domain controllers, so OneFS adjsts the clster time to that of Active Directory with a service. Whenever a clster is joined to an Active Directory domain and an external NTP server is not configred, the clster is set atomatically to Active Directory time, which is synchronized by a job that rns every 6 hors. When the Set the clster name 43

44 General clster administration clster and domain time become ot of sync by more than 4 mintes, OneFS generates an event notification. Note If the clster and Active Directory become ot of sync by more than 5 mintes, athentication will not work. To smmarize: If no NTP server is configred bt the clster is joined to an Active Directory domain, the clster synchronizes with Active Directory every 6 hors. If an NTP server is configred, the clster synchronizes the time with the NTP server. Set the clster date and time Yo can set the date, time, and time zone that is sed by the EMC Isilon clster. Procedre Specify an NTP time server 1. Click Clster Management > General Settings > Date & Time. The Date and Time page displays a list of each node's IP address and the date and time settings for each node. 2. From the Date and time lists, select the month, date, year, hor, and minte settings. 3. From the Time zone list, select a vale. If the time zone that yo want is not in the list, select Advanced from the Time zone list, and then select the time zone from the Advanced time zone list. 4. Click Sbmit. Yo can specify one or more Network Time Protocol (NTP) servers to synchronize the system time on the EMC clster. The clster periodically contacts the NTP servers and sets the date and time based on the information it receives. Procedre 1. Click Clster Management > General Settings > NTP. 2. Optional: Add a server. a. In the Server IP or hostname field, type the host name or IP address of the NTP server, click Add, and then click Sbmit. b. Optional: To enable NTP athentication with a keyfile, type the path and file name in the Keyfile field, and then click Sbmit. 3. Optional: Delete a server. a. Select the check box next to the server name in the Server list for each server that yo want to delete. b. Click Delete. c. Click Sbmit. 44 OneFS 7.1 Web Administration Gide

45 General clster administration Configre SMTP settings Yo can send event notifications throgh the SMTP mail server. Yo can also enable SMTP athentication if yor SMTP server is configred to se it. Yo can configre SMTP settings if yor network environment reqires the se of an SMTP server or if yo want to rote EMC Isilon clster event notifications with SMTP throgh a port. Procedre 1. Click Clster Management > General Settings > Settings. 2. In the Settings area, type the SMTP information for yor environment in each field. 3. Optional: For the Use SMTP AUTH option, select Yes, type the ser credentials, and then select a connection secrity option. 4. Click Sbmit. Specify the clster join mode Yo can test yor configration by sending a test event notification. Yo can specify the method to se when nodes are added to the EMC Isilon clster. Procedre 1. Click Clster Management > General Settings > Join Mode. 2. Optional: In the Settings area, select the mode that yo want to be sed when nodes are added to the clster. Manal joins can be initiated by either the node or the clster. Secre joins can be initiated only by the clster. 3. Click Sbmit. Clster join modes Yo can specify the method that yo want to se to join nodes to a clster. The join mode determines how the system responds when new nodes are added to the sbnet occpied by the Isilon clster. Yo can set join modes throgh the web administration interface or the command-line interface. Mode Description Notes Manal Configres OneFS to join new nodes to the clster in a separate manal process, allowing the addition of a node withot reqiring athorization N/A Secre Reqires athorization of every node added to the clster If yo se the secre join mode, yo cannot se the serial console wizard option [2] Join an existing clster to join a node to the clster. Yo mst add the node from clster by sing the web administration interface or the isi devices Configre SMTP settings 45

46 General clster administration Mode Description Notes a add -d <nconfigred_node_serial_no> command in the command-line interface. Enable or disable access time tracking Yo can enable access time tracking to spport featres that reqire it. By defalt, the EMC Isilon clster does not track the timestamp when files are accessed. Yo can enable this featre to spport OneFS featres that se it. For example, accesstime tracking mst be enabled to configre SyncIQ policy criteria that match files based on when they were last accessed. Note Enabling access-time tracking may affect clster performance. Procedre 1. Click File System Management > File System Settings > Access Time Tracking. 2. In the Access Time Tracking area, select a configration option. To enable access time tracking, click Enabled, and then specify in the Precision fields how often to pdate the last-accessed time by typing a nmeric vale and by selecting a nit of measre, sch as Seconds, Mintes, Hors, Days, Weeks, Months, or Years. For example, if yo configre a Precision setting of 1 day, the clster pdates the last-accessed time once each day, even if some files were accessed more often than once dring the day. To disable access-time tracking, click Disabled. 3. Click Sbmit. Specify the clster character encoding Yo can modify the character encoding set for the EMC Isilon clster after installation. Only OneFS-spported character sets are available for selection. UTF-8 is the defalt character set for OneFS nodes. Yo mst restart the clster to apply character encoding changes. CAUTION Character encoding is typically established dring installation of the clster. Modifying the character encoding setting after installation may render files nreadable if done incorrectly. Modify settings only if necessary after consltation with Isilon Technical Spport. Procedre 1. Click File System Management > File System Settings > Character Encoding. 2. Optional: From the Character encoding list, select the character-encoding set that yo want to se. 3. Click Sbmit, and then click Yes to acknowledge that the encoding change becomes effective after the clster is restarted. 46 OneFS 7.1 Web Administration Gide

47 General clster administration Clster statistics 4. Restart the clster. Reslts Performance monitoring Clster monitoring After the clster restarts, the web administration interface reflects yor change. Yo can view performance, historical, and in-depth sage statistics for yor EMC Isilon clster, and control the otpt for each mode of statistics reporting. The isi statistics and isi stats command-line tools inclde options for qerying and filtering the display of EMC Isilon clster performance and sage statistics. Yo can view clster throghpt either graphically and nmerically for average and maximm sage. Performance information is monitored throgh the web administration interface, or throgh the command-line interface by sing the isi statistics command options. Yo can view details abot the inpt and otpt traffic to and from the clster's file system. Yo can also monitor throghpt distribtion across the clster. Advanced performance monitoring and analytics are available throgh the InsightIQ modle, which reqires yo to activate a separate license. For more information abot optional software modles, contact yor EMC Isilon Storage Division sales representative. Yo can monitor the health, performance, and stats of yor EMC Isilon clster. Information is available for individal nodes, inclding node-specific network traffic, internal and external network interfaces, and details abot node pools, tiers, and overall clster health. Yo can monitor the following areas of yor EMC Isilon clster health and performance: Node stats Health and performance statistics for each node in the clster, inclding hard disk drive (HDD) and solid-state drive (SSD) sage. Client connections Nmber of clients connected per node. New events List of event notifications generated by system events, inclding the severity, niqe instance ID, start time, alert message, and scope of the event. Clster size Crrent view: Used and available HDD and SSD space and space reserved for the virtal hot spare (VHS). Historical view: Total sed space and clster size for a oneyear period. Clster statistics 47

48 General clster administration Clster throghpt (file system) Crrent view: Average inbond and otbond traffic volme passing throgh the nodes in the clster for the past hor. Historical view: Average inbond and otbond traffic volme passing throgh the nodes in the clster for the past two weeks. CPU sage Crrent view: Average system, ser, and total percentages of CPU sage for the past hor. Historical view: CPU sage for the past two weeks. Using the OneFS dashboard, yo can monitor the stats and health of the OneFS system hardware. In addition, yo can se SNMP to remotely monitor hardware components, sch as fans, hardware sensors, power spplies, and disks. Monitor the clster Yo can monitor the health and performance of an EMC Isilon clster with charts and tables that show the stats and performance of nodes, client connections, events, clster size, clster throghpt, and CPU sage. Procedre 1. Click Dashboard > Clster Overview > Clster Stats. 2. Optional: View clster details. Stats: To view details abot a node, click the ID nmber of the node. Client connection smmary: To view a list of crrent connections, click Dashboard > Clster Overview > Client Connections Stats. New events: To view more information abot an event, click View details in the Actions colmn. Clster size: To switch between crrent and historical views, click Historical or Crrent near the Monitoring section heading. In historical view, click Used or Clster size to change the display. Clster throghpt (file system): To switch between crrent and historical views, click Historical or Crrent next to the Monitoring section heading. To view throghpt statistics for a specific period within the past two weeks, click Dashboard > Clster Overview > Throghpt Distribtion. Note Yo can hide or show inbond or otbond throghpt by clicking Inbond or Otbond in the chart legend. To view maximm throghpt, next to Show, select Maximm. CPU sage: To switch between crrent and historical views, click Historical or Crrent near the Monitoring section heading. Note Yo can hide or show a plot by clicking System, User, or Total in the chart legend. To view maximm sage, next to Show, select Maximm. 48 OneFS 7.1 Web Administration Gide

49 General clster administration View node stats Yo can view the crrent and historical stats of a node. Procedre 1. Click Dashboard > Clster Overview > Clster Stats. 2. Optional: In the Stats area, click the ID nmber for the node that yo want to view stats for. 3. View node details. Stats: To view networks settings for a node interface or sbnet or pool, click the link in the Stats area. Client connections: To view crrent clients connected to this node, review the list in this area. Chassis and drive stats: To view the state of drives in this node, review this area. To view details abot a drive, click the name link of the drive; for example, Bay1. Node size: To switch between crrent and historical views, click Historical or Crrent next to the Monitoring area heading. In historical view, click Used or Clster size to change the display accordingly. Node throghpt (file system): To switch between crrent and historical views, click Historical or Crrent next to the Monitoring area heading. To view throghpt statistics for a period within the past two weeks, click Dashboard > Clster Overview > Throghpt Distribtion. Note Yo can hide or show inbond or otbond throghpt by clicking Inbond or Otbond in the chart legend. To view maximm throghpt, next to Show, select Maximm. CPU sage: To switch between crrent and historical views, click Historical or Crrent next to the Monitoring area heading. Note Yo can hide or show a plot by clicking System, User, or Total in the chart legend. To view maximm sage, next to Show, select Maximm. Events and notifications Event notification methods Yo can monitor the health and performance of yor EMC Isilon clster throgh OneFS event notifications. Yo can select the OneFS hardware, software, network, and system events that yo want to monitor, and yo can cancel, qiet, or nqiet events. In addition, yo can configre event notification rles to send an notification or SNMP trap when a threshold is exceeded. Yo can configre event notification rles to generate and deliver event notifications when an event occrs. Yo can notify sers by , SpportIQ, or SNMP trap. View node stats 49

50 General clster administration Yo can designate recipients and specify SMTP, athorization, and secrity settings. Yo can specify batch settings and the notification template. SpportIQ Yo can specify a protocol that yo prefer to se for notifications: HTTPS, SMTP, or both. SNMP trap Yo can send SNMP traps to one or more network monitoring stations or trap receivers. Each event can generate one or more SNMP traps. Yo can download management information base files (MIBs) from the clster at /sr/local/ share/snmp/mibs/. The ISILON-TRAP-MIB.txt file describes the traps that the clster can generate, and the ISILON-MIB.txt file describes the associated varbinds that accompany the traps. Note Yo mst configre an event notification rle to generate SNMP traps. Event notification settings Yo can specify whether yo want to receive event notifications as aggregated batches or as individal notifications for each event. Batch notifications are sent every 10 seconds. The batch options that are described in this table affect both the content and the sbject line of notification s that are sent in response to system events. Yo can specify event notification batch options when yo configre SMTP settings. Setting Option Description Notification batch mode Batch all Generates a single for each event notification. Cstom notification template Batch by severity Batch by category No batching No cstom notification template is set Set cstom notification template Generates an that contains aggregated notifications for each event of the same severity, regardless of event category. Generates an an that contains aggregated notifications for event of the same category, regardless of severity. Generates one per event. Sends the notification in the defalt OneFS notification template format. Sends the notifications in the format that yo defined in yor cstom template file. 50 OneFS 7.1 Web Administration Gide

51 General clster administration Coalesced events Related or repeated events are groped, or coalesced, into one event by the OneFS system. There are two types of coalesced events. Grop events Grop events are different types of events that are all related to a single problem. For example, a single connection problem might generate the following events: Event Description A SAS PHY topology problem or change was detected A drive's error log conter indicates there may be a problem A SAS link has exceeded the maximm Bit Error Rate (BER) A SAS link has been disabled for exceeding the maximm Bit Error Rate (BER). Becase the events are all related to a single problem, OneFS creates a grop event and adds the related errors to that event. Instead of seeing for events, yo will see a single grop event alerting yo to storage transport problems. Yo can still view all the groped events individally if yo choose. This message is representative of grop coalesced event otpt. # isi events show ID: Type: Severity: critical Vale: 0.0 Message: Disk Errors detected (Bay 1) Node: 21 Lifetime: Sn Jn 17 23:29: Now Qieted: Not qieted Specifiers: disk: 35 val: 0.0 devid: 24 drive_serial: 'XXXXXXXXXXXXX' lba: L lnn: 21 drive_type: 'HDD' device: 'da1' bay: 1 nit: Coalesced by: -- Coalescer Type: Grop Coalesced events: ID STARTED ENDED SEV LNN MESSAGE /17 23:29 -- I 21 Disk stall: Bay 1, Type HDD, LNUM 35. Disk /17 23:29 -- I 21 Sector error: da1 block /17 23:29 -- I 21 Sector error: da1 block /17 23:29 -- I 21 Sector error: da1 block /17 23:29 -- I 21 Sector error: da1 block /17 23:29 -- I 21 Sector error: da1 block /17 23:29 -- I 21 Sector error: da1 block /17 23:29 -- I 21 Sector error: da1 block /17 23:29 -- I 21 Sector error: da1 block /17 23:29 -- I 21 Sector error: da1 block /17 23:29 -- I 21 Sector error: da1 block /17 23:29 -- C 21 Disk Repair Initiated: Bay 1, Type HDD, LNUM... Events and notifications 51

52 General clster administration Repeat or dplicate events Repeat or dplicate events are the same type of event repeated in response to an ongoing problem. For example, if a CPU fan crosses the speed threshold more than ten times in an hor, the system coalesces this seqence of identical bt discrete occrrences into one event. This message is representative of coalesced repeat event otpt. # isi events show ID: Type: Severity: info Vale: 0.0 Message: SmartQotas threshold violation on qota violated, domain direc... Node: All Lifetime: Th Jn 14 01:00: Now Qieted: Not qieted Specifiers: enforcement: 'advisory' domain: 'directory /ifs/qotas' name: 'violated' val: 0.0 devid: 0 lnn: 0 Coalesced by: -- Coalescer Type: Dplicate Coalesced events: ID STARTED ENDED SEV LNN MESSAGE /14 01:00 -- I All SmartQotas threshold violation on qota vio /15 01:00 -- I All SmartQotas threshold violation on qota vio /16 01:00 -- I All SmartQotas threshold violation on qota vio /17 01:00 -- I All SmartQotas threshold violation on qota vio /18 01:00 -- I All SmartQotas threshold violation on qota vio... Yo can view coalesced events and details throgh the web administration interface or the command-line interface. Responding to events Yo can view event details and respond to clster events. Yo can view and manage new events, open events, and recently ended events. Yo can also view coalesced events and additional, more-detailed information abot a specific event. Yo also can qiet or cancel events. View event details Yo can view the details of an event and yo can add a new notification rle or add settings to another notification rle. Procedre 52 OneFS 7.1 Web Administration Gide 1. Click Dashboard > Events > Smmary. 2. In the Actions colmn of an event whose details yo want to view, click View details. 3. Optional: To acknowledge the event, click Qiet Event. 4. Optional: To create a new event notification rle or to add the event settings of this event to an existing event notification rle, click Create Notification Rle. To add a new notification rle for this event, in the Create Rle area, select Create a new notification rle for event, click Sbmit, and then specify the settings for the rle.

53 General clster administration To add the settings of this event to an existing event notification rle, in the Create Rle area, select Add to an existing notification rle, select the existing event notification rle from the list, and then click Sbmit. View the event history Yo can view all events in a chronological list and then select an event to view additional information. Procedre 1. Click Dashboard > Events > Events History. The Events History page displays a list of all events in chronological order newest to oldest that have occrred on yor Isilon clster. View the event log Yo can log in to a node throgh the command-line interface and view the contents of the local event log. Event logs are typically sed for spport prposes. Yo can only view the event log sing the command-line interface. Procedre 1. Establish an SSH connection to any node in the EMC Isilon clster. 2. View the /var/log/isi_celog_events.log file. The log file lists all event activity. Each event row contains one of the following event labels: Event label Description - - COALESCED: FIRST EVENT An event was tagged as a possible first event in a series of events that can be coalesced. The first event label is a only a placeholder for a potential parent coalescer event. COALESCER EVENT: ADDED COALESCED CREATOR EV COALID UPDATED DROPPED FORWARDED_TO_MASTER DB: STORED DB: PURGED INVALID EVENT: DROPPED UPDATE EVENT: DROPPED A parent coalescer event was created. An event was added as a child beneath a coalescer event. A grop was created and the placeholder first event label was pdated to inclde actal grop information. An event did not inclde any new information and was not stored in the master event database. An event was forwarded to the master node to be stored in the master event database. An event was stored in the master event database. An event was removed from the master event database. The database has a limit of 50,000 entries, and old events are prged when that limit is reached. An event contained invalid information and was not stored in the master event database. A reqest to pdate the grop information in a parent coalescer event was discontined. Events and notifications 53

54 General clster administration Qieting, nqieting, and canceling events Yo can change an event's state by qieting, nqieting, or canceling an event. Yo can select the following actions to change the state of an event: Qiet Acknowledges and removes the event from the list of new events and adds the event to a list of qieted events. Note If a new event of the same event type is triggered, it is a separate new event and mst be qieted. Unqiet Retrns a qieted event to an nacknowledged state in the list of new events and removes the event from the list of qieted events. Cancel Permanently ends an occrrence of an event. The system cancels an event when conditions are met that end its dration, which is bonded by a start time and an end time, or when yo cancel the event manally. Most events are canceled atomatically by the system when the event reaches the end of its dration. The event remains in the system ntil yo manally acknowledge or qiet the event. Yo can acknowledge events throgh either the web administration interface or the command-line interface. Manage an event Yo can change the stats of an event by qieting, nqieting, or canceling it. Procedre Managing event notification rles 1. Click Dashboard > Events > Smmary. 2. Perform the following actions as needed. To view additional information abot an event, in the Actions colmn for that event, click View details. To acknowledge an event, click Qiet. To restore an event to an nacknowledged state, click Unqiet. To permanently remove an occrrence of an event, click Cancel. Yo can modify or delete notification rles, configre event notification settings, and configre batch notification settings throgh the web administration interface or the command-line interface. Yo can specify event notification settings, and yo can create, modify, or delete event notification rles. Yo can configre the setting for how notifications are received, individally or in a batch. Create an event notification rle Yo can configre event notification rles based on specified events and event types. Yo can configre notification and SNMP trap generation for a specific event. 54 OneFS 7.1 Web Administration Gide

55 General clster administration Procedre 1. Click Dashboard > Events > Event Notification Rles. 2. In the Notification Rles area on the Clster Events page, click Add Rle. 3. In the Rle name field on the Add Notification Rle page, type a name for the rle. 4. In the Recipients area, specify a notification method. a. To notify a recipient throgh , select , type the address to which notifications will be sent, and then click Add. b. To notify a commnity throgh SNMP traps, select SNMP, select the commnity name and the SNMP host, which is the network monitoring station, from the respective lists, and then click Add. c. To add additional notification recipients or commnities, repeat these steps. 5. In the Events area, expand the event types and select the check boxes for the events and event types that yo want to trigger this notification. 6. Click Sbmit. Send a test event notification Yo can generate a test event notification to confirm that event notifications are working as yo intend. Procedre 1. Click Dashboard > Events > Notification Settings. 2. In the Send Test Event area on the Clster Events page, click Send test event. 3. On the Clster Events page, click Smmary to verify whether the test event was sccessfl. A corresponding test event notification appears in the New Events list, which appears in the Message colmn as a message similar to Test event sent from WebUI. View event notification rles Yo can view a list of event notification rles and details abot specific rles. Procedre 1. Click Dashboard > Events > Event Notification Rles. 2. In the Actions colmn of the rle whose settings yo want to view, click Edit. 3. When yo have finished viewing the rle details, click Cancel. Modify an event notification rle Yo can modify event notification rles that yo created. System event notification rles cannot be modified. Procedre 1. Click Dashboard > Events > Event Notification Rles. 2. In the Actions colmn for the rle that yo want to modify, click Edit. 3. Modify the event notification rle settings as needed. 4. Click Sbmit. Events and notifications 55

56 General clster administration Delete an event notification rle Yo can delete event notification rles that yo created, bt system event notification rles cannot be deleted. Procedre 1. Click Dashboard > Events > Event Notification Rles. 2. In the Notification Rles area, in the Actions colmn for the rle that yo want to delete, click Delete. 3. Click Yes to confirm the deletion. View event notification settings Yo can view , SpportIQ, and contact information for event notifications. Procedre 1. Click Dashboard > Events > Notification Settings. Modify event notification settings Yo can modify , SpportIQ, and contact settings for event notifications. Procedre 1. Click Dashboard > Events > Notification Settings. 2. Click the Modify link for the setting that yo want to change. 3. Click Sbmit. Specify event-notification batch mode or template settings Yo can choose an event-notification batch option to specify whether yo want to receive notifications individally or as an aggregate. Yo also can specify a cstom notification template for notifications. Before yo begin Yo mst first create a cstom notification template and then pload it to a directory at the same level or below /ifs; for example, /ifs/templates. Procedre 1. Click Clster Management > General Settings > Settings. 2. In the Event Notification Settings area on the General Settings page, select a Notification batch mode option. 3. Leave the Set cstom notification template field blank to se the defalt notification template. 4. In the Cstom notification template field, select the cstom event notification template. Click Browse, navigate to and select the template file that yo want to se, and then click OK. In the Set cstom notification template field, type the path and file name of the template file that yo want to se. 5. Click Sbmit. 56 OneFS 7.1 Web Administration Gide

57 General clster administration Monitoring clster hardware View node hardware stats Chassis and drive states The defalt Linx SNMP tools or a GUI-based SNMP tool of yor choice can be sed to monitor clster hardware. Yo can enable SNMP on all OneFS nodes to remotely monitor the hardware components across the clster, inclding fans, hardware sensors, power spplies, and disks. Yo can rn the isi batterystatscommand to monitor the stats of NVRAM batteries and charging systems. This fnctionality is available only from the commandline on node hardware that spports the command. To maintain optimal clster health, yo can enable and configre SpportIQ to forward all clster events to Isilon Technical Spport for analysis and resoltion. Yo can view the hardware stats of a node. Procedre 1. Click Dashboard > Clster Overview > Clster Stats. 2. Optional: In the Stats area, click the ID nmber for a node. 3. In the Chassis and drive stats area, click Platform. Yo can view chassis and drive state details. In a clster, the combination of nodes in different degraded states determines whether read reqests, write reqests, or both work. A clster can lose write qorm bt keep read qorm. OneFS provides details abot the stats of chassis and drives in yor clster. The following table describes all the possible states that yo may enconter in yor clster. State Description Interface Error state HEALTHY All drives in the node are fnctioning correctly. CLI, web administration interface SMARTFAIL or Smartfail or restripe in progress The drive is in the process of being removed safely from the file system, either becase of an I/O error or by ser reqest. Nodes or drives in a smartfail or read-only state affect only write qorm. CLI, web administration interface NOT AVAILABLE A drive can be navailable for a variety of reasons. Yo can click the bay to view detailed information abot this condition. CLI, web administration interface X Note In the web administration interface, this state incldes the ERASE and SED_ERROR command-line interface states. Monitoring clster hardware 57

58 General clster administration State Description Interface Error state SUSPENDED This state indicates that drive activity is temporarily sspended and the drive is not in se. The state is manally initiated and does not occr dring normal clster activity. CLI, web administration interface NOT IN USE REPLACE STALLED NEW USED PREPARING A node in an offline state affects both read and write qorm. The drive was smartfailed sccessflly and is ready to be replaced. The drive is stalled and ndergoing stall evalation. Stall evalation is the process of checking drives that are slow or having other isses. Depending on the otcome of the evalation, the drive may retrn to service or be smartfailed. This is a transient state. The drive is new and blank. This is the state that a drive is in when yo rn the isi dev - a add command. The drive was added and contained an Isilon GUID bt the drive is not from this node. This drive likely will be formatted into the clster. The drive is ndergoing a format operation. The drive state changes to HEALTHY when the format is sccessfl. CLI, web administration interface CLI only CLI only CLI only CLI only CLI only EMPTY No drive is in this bay. CLI only WRONG_TYPE The drive type is wrong for this node. For example, a non-sed drive in a SED node, SAS instead of the expected SATA drive type. CLI only BOOT_DRIVE Uniqe to the A100 drive, which has boot drives in its bays. CLI only SED_ERROR The drive cannot be acknowledged by the OneFS system. Note CLI, web administration interface X In the web administration interface, this state is inclded in Not available. ERASE The drive is ready for removal bt needs yor attention becase the data has not been erased. Yo can erase the drive manally to garantee that data is removed. CLI only Note In the web administration interface, this state is inclded in Not available. 58 OneFS 7.1 Web Administration Gide

59 General clster administration State Description Interface Error state INSECURE Data on the self-encrypted drive is accessible by nathorized personnel. Self-encrypting drives shold never be sed for non-encrypted data prposes. CLI only X Note In the web administration interface, this state is labeled Unencrypted SED. UNENCRYPTED SED Data on the self-encrypted drive is accessible by nathorized personnel. Self-encrypting drives shold never be sed for non-encrypted data prposes. Web administration interface only X Note In the command-line interface, this state is labeled INSECURE. SNMP monitoring Yo can se SNMP to remotely monitor the EMC Isilon clster hardware components, sch as fans, hardware sensors, power spplies, and disks. The defalt Linx SNMP tools or a GUI-based SNMP tool of yor choice can be sed for this prpose. Yo can enable SNMP monitoring on individal nodes on yor clster, and yo can also monitor clster information from any node. Generated SNMP traps are sent to yor SNMP network. Yo can configre an event notification rle that specifies the network station where yo want to send SNMP traps for specific events, so that when an event occrs, the clster sends the trap to that server. OneFS spports SNMP in read-only mode. SNMP v1 and v2c is the defalt vale, bt yo can configre settings for SNMP v3 alone or SNMP v1, v2c, and v3. Note When SNMP v3 is sed, OneFS reqires the SNMP-specific secrity level of AthNoPriv as the defalt vale when qerying the clster. The secrity level AthPriv is not spported. Elements in an SNMP hierarchy are arranged in a tree strctre, similar to a directory tree. As with directories, identifiers move from general to specific as the string progresses from left to right. Unlike a file hierarchy, however, each element is not only named, bt also nmbered. For example, the SNMP entity.iso.org.dod.internet.private.enterprises.isilon.onefsss.s slocalnodeid.0 maps to The part of the name that refers to the OneFS SNMP namespace is the element. Anything frther to the right of that nmber is related to OneFS-specific monitoring. Management Information Base (MIB) docments define hman-readable names for managed objects and specify their data types and other properties. Yo can download MIBs that are created for SNMP-monitoring of an Isilon clster from the webadministration interface or manage them sing the command-line interface. MIBs are SNMP monitoring 59

60 General clster administration stored in /sr/local/share/snmp/mibs/ on a OneFS node. The OneFS ISILON- MIBs serve two prposes: Agment the information available in standard MIBs Provide OneFS-specific information that is navailable in standard MIBs ISILON-MIB is a registered enterprise MIB. Isilon clsters have two separate MIBs: ISILON-MIB Defines a grop of SNMP agents that respond to qeries from a network monitoring system (NMS) called OneFS Statistics Snapshot agents. As the name implies, these agents snapshot the state of the OneFS file system at the time that it receives a reqest and reports this information back to the NMS. ISILON-TRAP-MIB Generates SNMP traps to send to an SNMP monitoring station when the circmstances occr that are defined in the trap protocol data nits (PDUs). The OneFS MIB files map the OneFS-specific object IDs with descriptions. Download or copy MIB files to a directory where yor SNMP tool can find them, sch as /sr/share/ snmp/mibs/ or /sr/local/share/snmp/mibs, depending on the tool that yo se. To have Net-SNMP tools read the MIBs to provide atomatic name-to-oid mapping, add - m All to the command, as in the following example. snmpwalk -v2c -c pblic -m All <node IP> isilon If the MIB files are not in the defalt Net-SNMP MIB directory, yo may need to specify the fll path, as in the following example. Note that all three lines are one command. snmpwalk -m /sr/local/share/snmp/mibs/isilon-mib.txt:/sr/local/ share/snmp/mibs/isilon-trap-mib.txt:/sr/local/share/snmp/mibs /ONEFS-TRAP-MIB.txt \ -v2c -C c -c pblic <node IP> enterprises.onefs Note The examples are from rnning the snmpwalk command on a clster. Yor SNMP version may reqire different argments. Managing SNMP settings SNMP can be sed to monitor clster hardware and system information. Settings can be configred throgh either the web administration interface or the command-line interface. Yo can enable SNMP monitoring on individal nodes in the clster, and yo can monitor information clster-wide from any node when yo enable SNMP on each node. When sing SNMP on an Isilon clster, yo shold se a fixed general sername. A password for the general ser can be configred in the web administration interface. Yo shold configre a network monitoring system (NMS) to qery each node directly throgh a static IP address. This approach allows yo to confirm that all nodes have external IP addresses and therefore respond to SNMP qeries. Becase the SNMP proxy is enabled by defalt, the SNMP implementation on each node is configred atomatically to proxy for all other nodes in the clster except itself. This proxy configration allows the Isilon Management Information Base (MIB) and standard MIBs to be exposed seamlessly throgh the se of context strings for spported SNMP versions. 60 OneFS 7.1 Web Administration Gide

61 General clster administration Configre the clster for SNMP monitoring After yo download and save the appropriate MIBs, yo can configre SNMP monitoring throgh either the web administration interface or thogh the command-line interface. Yo can configre yor EMC Isilon clster to remotely monitor hardware components sing SNMP. Before yo begin When SNMP v3 is sed, OneFS reqires the SNMP-specific secrity level of AthNoPriv as the defalt vale when qerying the clster. The secrity level AthPriv is not spported. Yo can enable or disable SNMP monitoring, allow SNMP access by version, and configre other settings, some of which are optional. All SNMP access is read-only. Note The Isilon clster does not generate SNMP traps nless yo configre an event notification rle to send events. Procedre 1. Click Clster Management > General Settings > SNMP Monitoring. 2. In the Service area of the SNMP Monitoring page, enable or disable SNMP monitoring. a. To disable SNMP monitoring, click Disable, and then click Sbmit. b. To enable SNMP monitoring, click Enable, and then contine with the following steps to configre yor settings. 3. In the Downloads area, click Download for the MIB file that yo want to download. Follow the download process that is specific to yor browser. 4. Optional: If yo are sing Internet Explorer as yor browser, right-click the Download link, select Save As from the men, and save the file to yor local drive. Yo can save the text in the file format that is specific to yor Net-SNMP tool. 5. Copy MIB files to a directory where yor SNMP tool can find them, sch as /sr/ share/snmp/mibs/ or /sr/local/share/snmp/mibs, depending on the SNMP tool that yo se. To have Net-SNMP tools read the MIBs to provide atomatic name-to-oid mapping, add -m All to the command, as in the following example: snmpwalk -v2c -c pblic -m All <node IP> isilon 6. Navigate back to the SNMP Monitoring page and configre General Settings. a. In the Settings area, configre protocol access by selecting the version that yo want. OneFS does not spport writable OIDs; therefore, no write-only commnity string setting is available. b. In the System location field, type the system name. This setting is the vale that the node reports when responding to qeries. Type a name that helps to identify the location of the node. c. Type the contact address in the System contact field. 7. Optional: If yo selected SNMP v1/v2 as yor protocol, locate the SNMP v1/v2c Settings section and type the commnity name in the Read-only commnity field. SNMP monitoring 61

62 General clster administration 8. Configre SNMP v3 Settings. a. In the Read-only ser field, type the SNMP v3 secrity name to change the name of the ser with read-only privileges. The defalt read-only ser is general. The password mst contain at least eight characters and no spaces. b. in the SNMP v3 password field, type the new password for the read-only ser to set a new SNMP v3 athentication password. The defalt password is password. c. Type the new password in the Confirm password field to confirm the new password. 9. Click Sbmit. View SNMP settings Yo can review SNMP monitoring settings. Procedre 1. Click Clster Management > General Settings > SNMP Monitoring. Clster maintenance Replacing node components Trained service personnel can replace or pgrade components in Isilon nodes. Isilon Technical Spport can assist yo with replacing node components or pgrading components to increase performance. If a node component fails, Isilon Technical Spport will work with yo to qickly replace the component and retrn the node to a healthy stats. Trained service personnel can replace the following field replaceable nits (FRUs): battery boot flash drive SATA/SAS Drive memory (DIMM) fan front panel intrsion switch network interface card (NIC) IB/NVRAM card SAS controller NVRAM battery power spply If yo configre yor clster to send alerts to Isilon, Isilon Technical Spport will contact yo if a component needs to be replaced. If yo do not configre yor clster to send alerts to Isilon, yo mst initiate a service reqest. 62 OneFS 7.1 Web Administration Gide

63 General clster administration Upgrading node components Managing clster nodes Yo can pgrade node components to gain additional capacity or performance. Trained service personnel can pgrade the following components in the field: drive memory (DIMM) network interface card (NIC) If yo want to pgrade components in yor nodes, contact Isilon Technical Spport. Yo can add and remove nodes from a clster. Yo can also sht down or restart the entire clster. Add a node to a clster Yo can add a new node to an existing EMC Isilon clster. Before yo begin Before yo add a node to a clster, verify that an internal IP address is available. Add IP addresses as necessary before yo add a new node. If a new node is rnning a different version of OneFS than a clster, the system changes the node version of OneFS to match the clster. Procedre 1. Click Clster Management > Hardware Configration > Add Nodes. 2. In the Available Nodes table, click Add for the node that yo want to add to the clster. Remove a node from the clster Yo can remove a node from an EMC Isilon clster. When yo remove a node, the system smartfails the node to ensre that data on the node is transferred to other nodes in the clster. Removing a storage node from a clster deletes the data from that node. Before the system deletes the data, the FlexProtect job safely redistribtes data across the nodes remaining in the clster. Procedre 1. Navigate to Clster Management > Hardware Configration > Remove Nodes. 2. In the Remove Node area, specify the node yo want to remove. 3. Click Sbmit. If yo remove a storage node, the Clster Stats area displays smartfail progress. If yo remove a non-storage accelerator node, it is immediately removed from the clster. Upgrading node components 63

64 General clster administration Sht down or restart a clster Yo can sht down or restart an entire EMC Isilon clster. Procedre 1. Navigate to Clster Management > Hardware Configration > Shtdown & Reboot Controls. 2. In the Sht Down or Reboot This Clster area, specify an action: Options Sht down Reboot Description Shts down the clster. Stops then restarts the clster. 3. Click Sbmit. Remote spport sing SpportIQ Isilon Technical Spport personnel can remotely manage yor Isilon clster to trobleshoot an open spport case with yor permission. The Isilon SpportIQ modle allows Isilon Technical Spport personnel to gather diagnostic data abot the clster. Isilon Technical Spport representatives rn scripts that gather data abot clster settings and operations. The SpportIQ agent then ploads the information to a secre Isilon FTP site so it is available for Isilon Technical Spport personnel to review. These scripts do not affect clster services or data availability. Note The SpportIQ scripts are based on the Isilon isi_gather_info log-gathering tool. The SpportIQ modle is inclded with the OneFS operating system and does not reqire yo to activate a separate license. Yo mst enable and configre the SpportIQ modle before SpportIQ can rn scripts to gather data. The featre may have been enabled when the clster was first set p, bt yo can enable or disable SpportIQ throgh the Isilon web administration interface. In addition to enabling the SpportIQ modle to allow the SpportIQ agent to rn scripts, yo can enable remote access, which allows Isilon Technical Spport personnel to monitor clster events and remotely manage yor clster sing SSH or the web administration interface. Remote access helps Isilon Technical Spport to qickly identify and trobleshoot clster isses. Other diagnostic tools are available for yo to se in conjnction with Isilon Technical Spport to gather and pload information sch as packet captre metrics. Note If yo enable remote access, yo mst also share clster login credentials with Isilon Technical Spport personnel. Isilon Technical Spport personnel remotely access yor clster only in the context of an open spport case and only after receiving yor permission. 64 OneFS 7.1 Web Administration Gide

65 General clster administration Configring SpportIQ Enable and configre SpportIQ OneFS logs contain data that Isilon Technical Spport personnel can secrely pload, with yor permission, and then analyze to trobleshoot clster problems. The SpportIQ technology mst be enabled and configred for this process. When SpportIQ is enabled, Isilon Technical Spport personnel can reqest logs throgh scripts that gather clster data and then pload the data to a secre location. Yo mst enable and configre the SpportIQ modle before SpportIQ can rn scripts to gather data. The featre may have been enabled when the clster was first set p. Yo can also enable remote access, which allows Isilon Technical Spport personnel to trobleshoot yor clster remotely and rn additional data-gathering scripts. Remote access is disabled by defalt. To enable remote SSH access to yor clster, yo mst provide the clster password to a Technical Spport engineer. Yo can enable and configre SpportIQ to allow the SpportIQ agent to rn scripts that gather and pload information abot yor clster to Isilon Technical Spport personnel. Optionally, yo can enable remote access to yor EMC Isilon clster. Procedre 1. Click Clster Management > General Settings > SpportIQ. 2. In the SpportIQ Settings area, select the Enable SpportIQ check box. 3. For SpportIQ alerts, select an option. Send alerts via SpportIQ agent (HTTPS) and by (SMTP) SpportIQ delivers notifications to Isilon throgh the SpportIQ agent over HTTPS and by over SMTP. Send alerts via SpportIQ agent (HTTPS) SpportIQ delivers notifications to Isilon only throgh the SpportIQ agent over HTTPS. 4. Optional: Enable HTTPS proxy spport for SpportIQ. a. Select the HTTPS proxy for SpportIQ check box. b. In the Proxy host field, type the IP address or flly qalified domain name (FQDN) of the HTTP proxy server. c. In the Proxy port field, type the nmber of the port on which the HTTP proxy server receives reqests. d. Optional: In the Username field, type the ser name for the proxy server. e. Optional: In the Password field, type the password for the proxy server. 5. Optional: Enable remote access to the clster. a. Select the Enable remote access to clster via SSH and web interface check box. b. Review the remote-access end ser license agreement (EULA) and, if yo agree to the terms and conditions, select the I have read and agree to check box. 6. Click Sbmit. A sccessfl configration is indicated by a message similar to SpportIQ settings have been pdated. Configring SpportIQ 65

66 General clster administration Disable SpportIQ SpportIQ scripts Yo can disable SpportIQ so the SpportIQ agent does not rn scripts to gather and pload data abot yor EMC Isilon clster. Procedre 1. Click Clster Management > General Settings > SpportIQ. 2. Clear the Enable SpportIQ check box. 3. Click Sbmit. When SpportIQ is enabled, Isilon Technical Spport personnel can reqest logs with scripts that gather clster data and then pload the data. The SpportIQ scripts are located in the /sr/local/spportiq/scripts/ directory on each node. Data-gathering scripts The following table lists the data-gathering activities that SpportIQ scripts perform. These scripts can be rn atomatically, at the reqest of an Isilon Technical Spport representative, to collect information abot yor clster's configration settings and operations. The SpportIQ agent then ploads the information to a secre Isilon FTP site, so that it is available for Isilon Technical Spport personnel to analyze. The SpportIQ scripts do not affect clster services or the availability of yor data. Action Description - - Clean watch folder Clears the contents of /var/crash. Get application data Generate dashboard file daily Generate dashboard file seqence Get ABR data (as bilt record) Get ATA control and GMirror stats Get clster data Get clster events Get clster stats Get contact info Get contents (var/crash) Collects and ploads information abot OneFS application programs. Generates daily dashboard information. Generates dashboard information in the seqence that it occrred. Collects as-bilt information abot hardware. Collects system otpt and invokes a script when it receives an event that corresponds to a predetermined eventid. Collects and ploads information abot overall clster configration and operations. Gets the otpt of existing critical events and ploads the information. Collects and ploads clster stats details. Extracts contact information and ploads a text file that contains it. Uploads the contents of /var/crash. 66 OneFS 7.1 Web Administration Gide

67 General clster administration Action Description - - Get job stats Collects and ploads details on a job that is being monitored. Get domain data Get file system data Get IB data Get logs data Get messages Get network data Get NFS clients Get node data Get protocol data Get Pcap client stats Get readonly stats Get sage data isi_gather_info isi_gather_info -- incremental isi_gather_info -- incremental single node isi_gather_info single node Upload the dashboard file Collects and ploads information abot the clster s Active Directory Services (ADS) domain membership. Collects and ploads information abot the state and health of the OneFS /ifs/ file system. Collects and ploads information abot the configration and operation of the InfiniBand back-end network. Collects and ploads only the most recent clster log information. Collects and ploads active /var/log/messages files. Collects and ploads information abot clster-wide and nodespecific network configration settings and operations. Rns a command to check if nodes are being sed as NFS clients. Collects and ploads node-specific configration, stats, and operational information. Collects and ploads network stats information and configration settings for the NFS, SMB, FTP, and HTTP protocols. Collects and ploads client statistics. Warns if the chassis is open and ploads a text file of the event information. Collects and ploads crrent and historical information abot node performance and resorce sage. Collects and ploads all recent clster log information. Collects and ploads changes to clster log information that have occrred since the most recent fll operation. Collects and ploads details for a single node. Prompts yo for the node nmber. Collects and ploads changes to clster log information that have occrred since the most recent fll operation. Prompts yo for the node nmber. Uploads dashboard information to the secre Isilon Technical Spport FTP site. SpportIQ scripts 67

68 General clster administration Upgrading OneFS Two options are available for pgrading the OneFS operating system: a rolling pgrade or a simltaneos pgrade. Before pgrading OneFS softare, a pre-pgrade check mst be performed. A rolling pgrade individally pgrades and restarts each node in the clster seqentially. Dring a rolling pgrade, the clster remains online and contines serving clients with no interrption in service, althogh some connection resets may occr on SMB clients. Rolling pgrades are performed seqentially by node nmber, so a rolling pgrade takes longer to complete than a simltaneos pgrade. The final node in the pgrade process is the node that yo sed to start the pgrade process. Note Rolling pgrades are not available for all clsters. For instrctions on how to pgrade the clster operating system, see the OneFS Release Notes. A simltaneos pgrade installs the new operating system and restarts all nodes in the clster at the same time. Simltaneos pgrades are faster than rolling pgrades bt reqire a temporary interrption of service dring the pgrade process. Yor data is inaccessible dring the time that it takes to complete the pgrade process. Before beginning either a simltaneos or rolling pgrade, OneFS compares the crrent clster and operating system with the new version to ensre that the clster meets certain criteria, sch as configration compatibility (SMB, LDAP, SmartPools), disk availability, and the absence of critical clster events. If pgrading pts the clster at risk, OneFS warns yo, provides information abot the risks, and prompts yo to confirm whether to contine the pgrade. If the clster does not meet the pre-pgrade criteria, the pgrade does not proceed, and the nspported statses are listed. 68 OneFS 7.1 Web Administration Gide

69 CHAPTER 4 Access zones This section contains the following topics: Access zones overview...70 Access zone featres...70 Managing access zones Access zones 69

70 Access zones Access zones overview Yo can se access zones to partition clster configration into self-contained nits. Access zones provide the means for administrators to configre a sbset of parameters as a virtal clster. OneFS incldes a bilt-in access zone named System that contains all configred athentication providers, all available SMB shares, and all available NFS exports. Yo can add additional access zones to the clster as needed. By defalt, all clster IP addresses connect to the System zone. The System zone is sed by administrators for managing all access zone configration tasks. Access zones contain all of the necessary configration settings to spport athentication and identity management services in OneFS. NFS exports are added to the System zone, bt yo can configre athentication providers and SMB shares on a zoneby-zone basis. Yo also can se access zones to partition access to data throgh IPaddress pools. When yo configre access zones in this manner, incoming connections can be directed to an access zone by a specific IP address within a pool. his restricts athentication to that zone and redces the available SMB shares that can be accessed. Note Role-based access, which primarily handles configration actions, is available throgh only the System zone. Access zone featres Yo can configre access zones to leverage the following featres for yor environment. Featre Description Comment Overlapping share-name spport If mltiple SMB share have the same display name, OneFS spports the overlapping display names if the name appears only once per access zone. For example, yo can assign the name "home" as the display name for a share in zone A and a different share in zone B. Mltiple access zone spport Yo can create additional access zones and configre each zone differently. Each access zone can be configred with its own set of athentication providers, ser mapping rles, and SMB shares. Mltiple access zones are particlarly sefl for server consolidation, for example when merging mltiple Windows file servers that are potentially joined to different ntrsted forests. SMB-protocol access aditing on individal access zones Yo can adit SMB-protocol access on individal access zones. Note NFS sers can be athenticated against only the System zone. For adited zones, yo can modify the defalt list of sccessfl and failed protocol events that are adited. 70 OneFS 7.1 Web Administration Gide

71 Access zones Managing access zones Create an access zone Yo can configre an access zone's settings and add or remove athentication providers, SMB shares, and ser mapping rles. If protocol aditing is configred on an access zone, yo can modify the defalt list of adited events. To se an access zone, it mst be mapped to an IP address pool on the clster. Yo can delete any access zone except the bilt-in System zone. When yo create an access zone, yo can add one or more athentication provider instances, ser mapping rles, and SMB shares. Yo can also create an empty access zone and configre it later. For more information abot settings options, see Access zone settings. If yo create additional access zones, se them only for data access, and se the System zone only for configration access. Before sers can connect to a new access zone, yo mst configre yor network settings to map an IP address pool to the zone. For more information abot settings options, see Access zone settings. Procedre 1. Click Clster Management > Access Management > Access Zones. 2. Click Create an access zone. 3. In the Access Zone Name field, type a name for the access zone. 4. Optional: From the Athentication Providers list, select one of the options. 5. Optional: In the User Mapping Rles area, follow these steps for each ser mapping rle that yo want to add: a. Click Create a ser mapping rle. The Create a User Mapping Rle form displays. b. From the Operation list, select one of the operations. c. Fill in the fields as needed. Note Available fields differ depending on the selected operation. d. Click Add Rle. Note Rles are called in the order they are listed. To ensre that each rle gets processed, list replacements first and allow/deny rles last. Yo can change the order in which a rle is listed by clicking its title bar and dragging it to a new position. 6. Optional: From the SMB Shares list, select one of the following options: 7. Click Create Access Zone. After yo finish Before yo can se an access zone, yo mst associate it with an IP address pool. Managing access zones 71

72 Access zones Access zone settings Yo can select from these options when yo create an access zone. Setting Description - - Use all Adds an instance of each available provider to the access zone. athentication providers Manally select athentication providers Allows yo to select one or more provider instances to add to the access zone. Follow these steps for each provider instance that yo want to add: 1. Click Add an athentication provider. 2. In the Athentication Provider Type list, select a provider type. A provider type is listed only if an instance of that type exists and is not already in se by the access zone. 3. In the Athentication Provider list, select an available provider instance. 4. If yo are finished adding provider instances, yo can change the priority in which they are called by changing the order in which they are listed. To do so, click the title bar of a provider instance and drag it p or down to a new position in the list. Append fields from a ser Insert fields from a ser Replace a ser with a new ser Remove spplemental grops from a ser Join two sers together Use no SMB shares Use all SMB shares Manally select SMB shares Modifies a token by adding specified fields to it. All appended identifiers become members of the additional grops list. Modifies a token by adding specified fields from another token. An inserted primary ser or grop becomes the new primary ser or grop in the token and moves the old primary ser or grop to the additional identifiers list. Modifying the primary ser leaves the token s sername nchanged. When inserting additional grops from a token, the new grops are added to the existing grops. Replaces a token with the token identified by another ser. If another ser is not specified, the token is removed from the list and no ser is inserted to replace it. If there are no tokens in the list, access is denied with a "no sch ser" error. Modifies a token by removing the spplemental grops. Inserts the new token into the list of tokens. If the new token is the second ser, it is inserted after the existing token; otherwise, it is inserted before the existing token. The insertion point is primarily relevant when the existing token is already the first in the list becase the first token is sed to determine the ownership of new system objects. Ignores all SMB shares. Adds each available SMB share to the access zone. Allows yo to select the SMB shares to add to the access zone. The following steps are reqired: 72 OneFS 7.1 Web Administration Gide

73 Access zones Setting Description Click Add SMB shares. 2. In the Select SMB Shares dialog box, select the check box for each SMB share that yo want to add to the access zone. 3. To modify the share name that displays when a ser connects to the access zone, click Edit and then, in the Display Name field, type a new name. Note Yo can assign the same name for example, home, to shares that are in different access zones. 4. Click Select. Associate an IP address pool with an access zone Modify an access zone Yo can specify which access zone to se according to the IP address that a ser is connecting to. Procedre 1. Click Clster Management -> Network Configration. 2. In the External Network Settings section, nder Sbnets, click a sbnet name (for example, sbnet0). 3. In the IP Address Pools section, click the + icon if necessary to view the settings for a pool. 4. Next to the Basic Settings heading, click Edit. The Configre IP Pool dialog box appears. 5. For the Access zone setting, select the zone to se when connecting throgh an IP address that belongs to this pool. 6. Click Sbmit. Yo can modify the properties of any access zone with one exception: Yo cannot change the name of the bilt-in System zone. Procedre 1. Click Clster Management > Access Management > Access Zones. 2. For the access zone whose settings yo want to modify, click View details. 3. For each setting that yo want to modify, click Edit, make the change, and then click Save. Associate an IP address pool with an access zone 73

74 Access zones Delete an access zone Yo can delete any access zone except the bilt-in System zone. If yo delete an access zone, all associated athentication providers and SMB shares remain available to other zones. Procedre 1. Click Clster Management > Access Management > Access Zones. 2. Click Delete for the zone that yo want to delete. 3. In the confirmation dialog box, click Delete. 74 OneFS 7.1 Web Administration Gide

75 CHAPTER 5 Athentication and access control This section contains the following topics: Athentication and access control overview Data access control Roles...79 Athentication Managing access permissions...91 Managing roles Managing athentication providers Athentication and access control 75

76 Athentication and access control Athentication and access control overview OneFS spports several methods for ensring that yor clster remains secre, inclding UNIX- and Windows-style permissions for data-level access control. Access zones and role-based administration control access to system configration settings. OneFS is designed for a mixed environment that allows yo to configre both Windows Access Control Lists (ACLs) and standard UNIX permissions on the clster file system. Windows and UNIX permissions cannot coexist on a single file or directory. However, OneFS ses identity mapping between Windows and UNIX permissions. Note In most sitations, the defalt settings are sfficient. Yo can configre additional access zones, cstom roles, and permissions policies as necessary for yor particlar environment. Athentication and access control featres Yo can configre settings for the following featres for athentication and access control. Featre Description Comment Access zones OneFS incldes a bilt-in access zone named System. By defalt, new athentication providers, SMB shares, and NFS exports are added to the System zone. When yo create a new IP address pool, yo mst assign it to an access zone. Athentication Roles Uniqe ser acconts can be a local ser accont or ser acconts from an Active Directory, LDAP, or NIS. With roles, yo can assign privileges to sers and grops. By defalt, only the "root" and "admin" sers can log in to the command-line interface (CLI) throgh SSH or the web administration interface throgh HTTP. The root or admin ser can add other sers to bilt-in or cstom roles that contain the privileges that are reqired to log in and perform administrative fnctions. Yo can configre access to each ser accont type. It is good practice to assign sers to roles that contain the minimm set of privileges that are necessary. To create or assign roles, yo mst be logged on as a member of the Secrity Administrator role. Identity management Identity management enables seridentity integration to provide identical permissions to system resorces for Unix and Windows sers. All directory services identities for a ser can be combined and managed to control access throgh the spported protocols to directories and files across the clster. Mixedenvironment spport OneFS is designed for a mixed environment, so yo can configre both Windows Access Control Lists Althogh Windows and UNIX permissions cannot coexist on a single file or directory, OneFS ses 76 OneFS 7.1 Web Administration Gide

77 Athentication and access control Featre Description Comment (ACLs) and standard UNIX permissions on the clster file system. identity mapping to translate between Windows and UNIX permissions as needed. Data access control OneFS spports two types of athorization data on a file: Windows-style access control lists (ACLs) and POSIX mode bits (UNIX permissions). The type of athorization that is sed is based on the ACL policies that are set and on the file-creation method. Access to a file or directory can be governed by either a Windows access control list (ACL) or UNIX mode bits. Regardless of the secrity model, OneFS enforces access rights consistently across access protocols. A ser is granted or denied the same rights to a file when sing SMB for Windows file sharing as when sing NFS for UNIX file sharing. An EMC Isilon clster incldes global policy settings that enable yo to cstomize the defalt ACL and UNIX permissions to best spport yor environment. Generally, files that are created over SMB or in a directory that has an ACL receive an ACL; otherwise, OneFS relies on the POSIX mode bits that define UNIX permissions. In either case, the owner can be represented by a UNIX identifier (UID or GID) or by its Windows identifier (SID). The primary grop can be represented by a GID or SID. Althogh mode bits are present when a file has an ACL, the mode bits are provided only for protocol compatibility and are not sed for access checks. Note Althogh yo can configre ACL policies to optimize a clster for UNIX or Windows, yo shold do so only if yo nderstand how ACL and UNIX permissions interact. The OneFS file system installs with UNIX permissions as the defalt. By sing Windows Explorer or OneFS administrative tools, yo can give a file or directory an ACL. In addition to Windows domain sers and grops, ACLs in OneFS can inclde local, NIS, and LDAP sers and grops. After yo give a file an ACL, OneFS stops enforcing the file's mode bits, which remain only as an estimate of the effective permissions. ACLs In Windows environments, file and directory permissions, referred to as access rights, are defined in access control lists (ACLs). Althogh ACLs are more complex than mode bits, ACLs can express mch more granlar sets of access rles. OneFS ses the ACL processing rles commonly associated with Windows ACLs. A Windows ACL contains zero or more access control entries (ACEs), each of which represents the secrity identifier (SID) of a ser or a grop as a trstee. In OneFS, an ACL can contain ACEs with a UID, GID, or SID as the trstee. Each ACE contains a set of rights that allow or deny access to a file or folder. An ACE can optionally contain an inheritance flag to specify whether the ACE shold be inherited by child folders and files. Note Instead of the standard three permissions available for mode bits, ACLs have 32 bits of fine-grained access rights. Of these, the pper 16 bits are general and apply to all object types. The lower 16 bits vary between files and directories bt are defined in a way that allows most applications to se the same bits for files and directories. Data access control 77

78 Athentication and access control Rights can be sed for granting or denying access for a given trstee. A ser's access can be blocked explicitly throgh a deny ACE. Access can also be blocked implicitly by ensring that the ser does not directly (or indirectly throgh a grop) appear in an ACE that grants the right in qestion. UNIX permissions In a UNIX environment, file and directory access is controlled by POSIX mode bits, which grant read, write, or execte permissions to the owning ser, the owning grop, and everyone else. OneFS spports the standard UNIX tools for viewing and changing permissions, ls, chmod, and chown. For more information, rn the man ls, man chmod, and man chown commands. All files contain 16 permission bits, which provide information abot the file or directory type and the permissions. The lower 9 bits are groped as three 3-bit sets, called triples, which contain the read, write, and execte (rwx) permissions for each class of sers owner, grop, and other. Yo can set permissions flags to grant permissions to each of these classes. Unless the ser is root, OneFS ses the class to determine whether to grant or deny access to the file. The classes are not cmlative; the first class matched is sed. It is therefore common to grant permissions in decreasing order. Mixed-permission environments NFS access of Windows-created files When a file operation reqests an object s athorization data (for example, with the ls -l command over NFS or with the Secrity tab of the Properties dialog box in Windows Explorer over SMB), OneFS attempts to provide that data in the reqested format. In an environment that mixes UNIX and Windows systems, some translation may be reqired when performing create file, set secrity, get secrity, or access operations. If a file contains an owning ser or grop that is a SID, the system attempts to map it to a corresponding UID or GID before retrning it to the caller. In UNIX, athorization data is retrieved by calling stat(2) on a file and examining the owner, grop, and mode bits. Over NFSv3, the GETATTR command fnctions similarly. The system approximates the mode bits and sets them on the file whenever its ACL changes. Mode bit approximations need to be retrieved only to service these calls. Note SID-to-UID and SID-to-GID mappings are cached in both the OneFS ID mapper and the stat cache. If a mapping has recently changed, the file might report inaccrate information ntil the file is pdated or the cache is flshed. SMB access of UNIX-created files 78 OneFS 7.1 Web Administration Gide No UID-to-SID or GID-to-SID mappings are performed when creating an ACL for a file; all UIDs and GIDs are converted to SIDs or principals when the ACL is retrned. OneFS ses a two-step process for retrning a secrity descriptor, which contains SIDs for the owner and primary grop of an object: 1. The crrent secrity descriptor is retrieved from the file. If the file does not have a discretionary access control list (DACL), a synthetic ACL is constrcted from the file s lower 9 mode bits, which are separated into three sets of permission triples one

79 Athentication and access control each for owner, grop, and everyone. For details abot mode bits, see "UNIX permissions." 2. Two access control entries (ACEs) are created for each triple: the allow ACE contains the corresponding rights that are granted according to the permissions; the deny ACE contains the corresponding rights that are denied. In both cases, the trstee of the ACE corresponds to the file owner, grop, or everyone. After all of the ACEs are generated, any that are not needed are removed before the synthetic ACL is retrned. Roles Yo can permit and limit access to administrative areas of yor EMC Isilon clster on a per-ser basis throgh the se of roles. OneFS incldes bilt-in administrator roles with predefined sets of privileges that cannot be modified. The following list describes what yo can and cannot do throgh roles: Yo can assign privileges throgh role membership. Yo can add any ser to a role as long as the ser can athenticate to the clster. Yo can create cstom roles and assign privileges to those roles. Yo can add sers singly or as grops, inclding well-known grops. Yo can assign a ser as a member of more than one role. Yo can add a grop to a role, which grants to all sers who are members of that grop all of the privileges associated with the role. Yo cannot assign privileges directly to sers or grops. Note When OneFS is first installed, only sers with root- or admin-level can log in and assign sers to roles. Bilt-in roles Bilt-in roles inclde privileges to perform a set of administrative fnctions. The following tables describe each of the bilt-in roles from most powerfl to least powerfl. The tables inclde the privileges and read/write access levels (if applicable) that are assigned to each role. Yo can assign sers and grops to bilt-in roles and to roles that yo create. Table 1 SecrityAdmin role Description Privileges Read/write access Administer secrity configration on the clster, ISI_PRIV_LOGIN_CONSOLE N/A inclding athentication providers, local sers and grops, and role membership. ISI_PRIV_LOGIN_PAPI N/A ISI_PRIV_LOGIN_SSH N/A ISI_PRIV_AUTH ISI_PRIV_ROLE Read/write Read/write Roles 79

80 Athentication and access control Table 2 SystemAdmin role Description Privileges Read/write access Administer all aspects of clster configration that ISI_PRIV_LOGIN_CONSOLE N/A are not specifically handled by the SecrityAdmin role. ISI_PRIV_LOGIN_PAPI N/A ISI_PRIV_LOGIN_SSH N/A ISI_PRIV_SYS_SHUTDOWN ISI_PRIV_SYS_SUPPORT ISI_PRIV_SYS_TIME ISI_PRIV_ANTIVIRUS ISI_PRIV_AUDIT ISI_PRIV_CLUSTER ISI_PRIV_DEVICES ISI_PRIV_EVENT ISI_PRIV_FTP ISI_PRIV_HTTP ISI_PRIV_ISCSI ISI_PRIV_JOB_ENGINE ISI_PRIV_LICENSE ISI_PRIV_NDMP ISI_PRIV_NETWORK ISI_PRIV_NFS ISI_PRIV_NTP ISI_PRIV_QUOTA ISI_PRIV_REMOTE_SUPPORT ISI_PRIV_SMARTPOOLS ISI_PRIV_SMB ISI_PRIV_SNAPSHOT ISI_PRIV_STATISTICS ISI_PRIV_SYNCIQ ISI_PRIV_VCENTER ISI_PRIV_NS_TRAVERSE ISI_PRIV_NS_IFS_ACCESS N/A N/A N/A Read/write Read/write Read/write Read/write Read/write Read/write Read/write Read/write Read/write Read/write Read/write Read/write Read/write Read/write Read/write Read/write Read/write Read/write Read/write Read/write Read/write Read/write N/A N/A 80 OneFS 7.1 Web Administration Gide

81 Athentication and access control Table 3 AditAdmin role Description Privileges Read/write access View all system configration settings. ISI_PRIV_LOGIN_CONSOLE N/A ISI_PRIV_LOGIN_PAPI ISI_PRIV_LOGIN_SSH ISI_PRIV_ANTIVIRUS ISI_PRIV_AUDIT ISI_PRIV_CLUSTER ISI_PRIV_DEVICES ISI_PRIV_EVENT ISI_PRIV_FTP ISI_PRIV_HTTP ISI_PRIV_ISCSI ISI_PRIV_JOB_ENGINE ISI_PRIV_LICENSE SI_PRIV_NDMP ISI_PRIV_NETWORK ISI_PRIV_NFS ISI_PRIV_NTP ISI_PRIV_QUOTA ISI_PRIV_REMOTE_SUPPORT ISI_PRIV_SMARTPOOLS ISI_PRIV_SMB ISI_PRIV_SNAPSHOT ISI_PRIV_STATISTICS ISI_PRIV_SYNCIQ ISI_PRIV_VCENTER N/A N/A Read-only Read-only Read-only Read-only Read-only Read-only Read-only Read-only Read-only Read-only Read-only Read-only Read-only Read-only Read-only Read-only Read-only Read-only Read-only Read-only Read-only Read-only Table 4 VMwareAdmin role Description Privileges Read/write access Administers remotely all aspects of storage ISI_PRIV_LOGIN_PAPI N/A needed by VMware vcenter. ISI_PRIV_ISCSI Read/write ISI_PRIV_NETWORK ISI_PRIV_SMARTPOOLS Read/write Read/write Bilt-in roles 81

82 Athentication and access control Table 4 VMwareAdmin role (contined) Description Privileges Read/write access ISI_PRIV_SNAPSHOT Read/write ISI_PRIV_SYNCIQ ISI_PRIV_VCENTER ISI_PRIV_NS_TRAVERSE ISI_PRIV_NS_IFS_ACCESS Read/write Read/write N/A N/A OneFS privileges Privileges in OneFS are assigned throgh role membership; privileges cannot be assigned directly to sers and grops. Table 5 Login privileges OneFS privilege User right Privilege type ISI_PRIV_LOGIN_CONSOLE Log in from the console Action ISI_PRIV_LOGIN_PAPI Log in to the Platform API and the web administration interface Action ISI_PRIV_LOGIN_SSH Log in throgh SSH Action Table 6 System privileges OneFS privilege User right Privilege type ISI_PRIV_SYS_SHUTDOWN Sht down the system Action ISI_PRIV_SYS_SUPPORT Rn clster diagnostic tools Action ISI_PRIV_SYS_TIME Change the system time Action Table 7 Secrity privileges OneFS privilege User right Privilege type ISI_PRIV_AUTH Configre external athentication providers Read/write ISI_PRIV_ROLE Create new roles and assign privileges Read/write 82 OneFS 7.1 Web Administration Gide

83 Athentication and access control Table 8 Configration privileges OneFS privilege User right Privilege type ISI_PRIV_ANTIVIRUS Configre antivirs scanning Read/write IS_PRIV_AUDIT ISI_PRIV_CLUSTER ISI_PRIV_DEVICES ISI_PRIV_EVENT Configre adit capabilities Configre clster identity and general settings Create new roles and assign privileges View and modify system events Read/write Read/write Read/write Read/write ISI_PRIV_FTP Configre FTP server Read/write ISI_PRIV_HTTP Configre HTTP server Read/write ISI_PRIV_ISCSI Configre iscsi server Read/write ISI_PRIV_JOB_ENGINE ISI_PRIV_LICENSE Schedle clster-wide jobs Activate OneFS software licenses Read/write Read/write ISI_PRIV_NDMP Configre NDMP server Read/write ISI_PRIV_NETWORK Configre network interfaces Read/write ISI_PRIV_NFS Configre the NFS server Read/write ISI_PRIV_NTP Configre NTP Read/write ISI_PRIV_QUOTA ISI_PRIV_REMOTE_SUPPO RT Configre file system qotas Configre remote spport Read/write Read/write ISI_PRIV_SMARTPOOLS Configre storage pools Read/write ISI_PRIV_SMB Configre the SMB server Read/write ISI_PRIV_SNAPSHOT Schedle, take, and view snapshots Read/write ISI_PRIV_SNMP Configre SNMP server Read/write ISI_PRIV_STATISTICS View file system performance statistics Read/write ISI_PRIV_SYNCIQ Configre SyncIQ Read/write ISI_PRIV_VCENTER Configre VMware for vcenter Read/write OneFS privileges 83

84 Athentication and access control Table 9 Namespace privileges OneFS privilege User right Privilege type ISI_PRIV_NS_TRAVERSE Traverse and view directory metadata Action ISI_PRIV_NS_IFS_ACCESS Access the /ifs directory tree throgh the namespace REST service Action Table 10 Platform API-only privileges OneFS privilege User right Privilege type ISI_PRIV_EVENT View and modify system events Read/write ISI_PRIV_LICENSE ISI_PRIV_STATISTICS Activate OneFS software licenses View file system performance statistics Read/write Read/write Command-line interface privileges Yo can perform most tasks granted by a privilege throgh the command-line interface. Some OneFS commands reqire root access; however, if yo do not have root access, most of the commands associated with a privilege can be performed throgh the sdo program. The system atomatically generates a sdoers file of sers based on existing roles. Prefixing a command with sdo allows yo to rn commands that reqire root access. For example, if yo do not have root access, the following command fails: isi sync policy list However, if yo are on the sdoers list, the following command scceeds: sdo isi sync policy list The following tables list all One FS commands available, the associated privilege or rootaccess reqirement, and whether sdo is reqired to rn the command. Note If yo are rnning in compliance mode, additional sdo commands are available. Table 11 Privileges sorted by CLI command isi command Privilege Reqires sdo isi alert ISI_PRIV_EVENT x isi adit ISI_PRIV_AUDIT 84 OneFS 7.1 Web Administration Gide

85 Athentication and access control Table 11 Privileges sorted by CLI command (contined) isi command Privilege Reqires sdo isi ath - exclding isi ath ISI_PRIV_AUTH role isi ath role ISI_PRIV_ROLE isi avscan ISI_PRIV_ANTIVIRUS x isi batterystats ISI_PRIV_STATISTICS x isi config isi dedpe - exclding isi dedpe stats isi dedpe stats root ISI_PRIV_JOB_ENGINE ISI_PRIV_STATISTICS isi devices ISI_PRIV_DEVICES x isi domain root isi ISI_PRIV_CLUSTER x isi events ISI_PRIV_EVENT x isi exttools isi fc isi filepool isi firmware root root ISI_PRIV_SMARTPOOLS root isi ftp ISI_PRIV_FTP x isi get isi hdfs root root isi iscsi ISI_PRIV_ISCSI x isi job ISI_PRIV_JOB_ENGINE isi license ISI_PRIV_LICENSE x isi ln ISI_PRIV_ISCSI x isi ndmp ISI_PRIV_NDMP x isi networks ISI_PRIV_NETWORK x isi nfs ISI_PRIV_NFS isi perfstat ISI_PRIV_STATISTICS x isi pkg isi qota isi readonly root ISI_PRIV_QUOTA root Command-line interface privileges 85

86 Athentication and access control Table 11 Privileges sorted by CLI command (contined) isi command Privilege Reqires sdo isi remotespport ISI_PRIV_REMOTE_SUPPORT isi servicelight ISI_PRIV_DEVICES x isi services isi set isi smartlock isi smb isi snapshot root root root ISI_PRIV_SMB ISI_PRIV_SNAPSHOT isi snmp ISI_PRIV_SNMP x isi stat ISI_PRIV_STATISTICS x isi statistics ISI_PRIV_STATISTICS x isi stats ISI_PRIV_STATISTICS x isi storagepool isi sync ISI_PRIV_SMARTPOOLS ISI_PRIV_SYNCIQ isi tape ISI_PRIV_NDMP x isi target ISI_PRIV_ISCSI x isi pdate root isi version ISI_PRIV_CLUSTER x isi worm isi zone root ISI_PRIV_AUTH Table 12 CLI commands sorted by privilege Privilege isi commands Reqires sdo ISI_PRIV_ANTIVIRUS isi avscan x ISI_PRIV_AUDIT ISI_PRIV_AUTH ISI_PRIV_CLUSTER ISI_PRIV_DEVICES isi adit isi ath - exclding isi ath role isi zone isi isi version isi devices isi servicelight x x 86 OneFS 7.1 Web Administration Gide

87 Athentication and access control Table 12 CLI commands sorted by privilege (contined) Privilege isi commands Reqires sdo ISI_PRIV_EVENT isi alert x isi events ISI_PRIV_FTP isi ftp x ISI_PRIV_ISCSI ISI_PRIV_JOB_ENGINE isi iscsi isi ln isi target isi job isi dedpe - exclding isi dedpe stats x ISI_PRIV_LICENSE isi license x ISI_PRIV_NDMP isi ndmp isi tape x ISI_PRIV_NETWORK isi networks x ISI_PRIV_NFS ISI_PRIV_QUOTA ISI_PRIV_ROLE ISI_PRIV_REMOTE_SUPPORT ISI_PRIV_SMARTPOOLS ISI_PRIV_SMB ISI_PRIV_SNAPSHOT isi nfs isi qota isi ath role isi remotespport isi filepool isi storagepool isi smb isi snapshot ISI_PRIV_SNMP isi snmp x ISI_PRIV_STATISTICS ISI_PRIV_SYNCIQ root isi batterystats isi dedpe stats isi perfstat isi stat isi statistics isi stats isi sync isi config isi domain isi exttools isi fc x Command-line interface privileges 87

88 Athentication and access control Table 12 CLI commands sorted by privilege (contined) Privilege isi commands Reqires sdo isi firmware isi get isi hdfs isi pkg isi readonly isi services isi set isi smartlock isi pdate isi worm Athentication OneFS spports local and remote athentication providers to verify that sers attempting to access the clster are who they claim to be. Anonymos access, which does not reqire athentication, is spported for protocols that allow it. OneFS spports the concrrent se of mltiple athentication provider types, which are analogos to directory services. For example, OneFS is often configred to athenticate Windows clients with Active Directory and to athenticate UNIX clients with LDAP. It is important that yo nderstand their interactions before enabling mltiple providers on the clster. Note OneFS is RFC 2307-compliant. Spported athentication providers NIS, designed by Sn Microsystems, can also be sed to athenticate sers and grops when they access the EMC Isilon clster. OneFS spports local and remote athentication providers to verify that sers attempting to access the clster are who they claim to be. Anonymos access, which does not reqire athentication, is spported for protocols that allow it. OneFS spports the concrrent se of mltiple athentication provider types, which are analogos to directory services. For example, OneFS can be configred to athenticate Windows clients with Active Directory and to athenticate UNIX clients with LDAP. NIS, designed by Sn Microsystems, can also be sed to athenticate sers and grops when they access the Isilon clster. It is important that yo nderstand their interactions before enabling mltiple provider types on the clster. The following table compares featres that are available with each of the athentication providers that OneFS spports. In the following table, an 'x' indicates that a featre is flly spported by a provider; an asterisk (*) indicates that additional configration or spport from another provider is reqired. 88 OneFS 7.1 Web Administration Gide

89 Athentication and access control Athentic ation provider NTLM Kerberos User/ grop managem ent Netgrops UNIX properties Active Directory x x * x LDAP * x x x * NIS x x Local x x x x File x x x Windows properties Athentication provider featres Yo can configre athentication providers for yor environment. Athentication providers spport a mix of the following featres. Featre Description - - Athentication All athentication providers spport plain-text athentication. Some providers can be configred to spport NTLM or Kerberos athentication also. Users and grops Netgrops UNIX-centric ser and grop properties Windows-centric ser and grop properties OneFS provides the ability to manage sers and grops directly on the clster. Used primarily by NFS, netgrops configre access to NFS exports. Login shell, home directory, UID, and GID. Missing information is spplemented by configration templates or additional athentication providers. NetBIOS domain and SID. Missing information is spplemented by configration templates. LDAP The Lightweight Directory Access Protocol (LDAP) is a networking protocol that enables yo to define, qery, and modify directory services and resorces. OneFS can athenticate sers and grops against an LDAP repository in order to grant them access to the clster. OneFS spports Kerberos athentication for an LDAP provider. The LDAP service spports the following featres: Users, grops, and netgrops. Configrable LDAP schemas. For example, the ldapsam schema allows NTLM athentication over the SMB protocol for sers with Windows-like attribtes. Simple bind athentication (with and withot SSL). Redndancy and load balancing across servers with identical directory data. Mltiple LDAP provider instances for accessing servers with different ser data. Encrypted passwords. Athentication provider featres 89

90 Athentication and access control Active Directory The Active Directory directory service is a Microsoft implementation of Lightweight Directory Access Protocol (LDAP), Kerberos, and DNS technologies that can store information abot network resorces. Active Directory can serve many fnctions, bt the primary reason for joining the clster to an Active Directory domain is to perform ser and grop athentication. When the clster joins an Active Directory domain, a single Active Directory machine accont is created. The machine accont is sed to establish a trst relationship with the domain and to enable the clster to athenticate and athorize sers in the Active Directory forest. By defalt, the machine accont is named the same as the clster; however, if the clster name is more than 15 characters long, the name is hashed and displayed after joining the domain. Whenever possible, a single Active Directory instance shold be sed when all domains have a trst relationship. Mltiple instances shold be sed only to grant access to mltiple sets of mtally-ntrsted domains. Note If yo configre an Active Directory provider, Kerberos athentication is provided atomatically. NIS The Network Information Service (NIS) provides athentication and identity niformity across local area networks. OneFS incldes a NIS athentication provider that enables yo to integrate the clster with yor NIS infrastrctre. NIS, designed by Sn Microsystems, can be sed to athenticate sers and grops when they access the clster. The NIS provider exposes the passwd, grop, and netgrop maps from a NIS server. Hostname lookps are also spported. Mltiple servers can be specified for redndancy and load balancing. Note NIS is different from NIS+, which OneFS does not spport. File provider A file provider enables yo to spply an athoritative third-party sorce of ser and grop information to the clster. A third-party sorce is sefl in UNIX and Linx environments that synchronize /etc/passwd, /etc/grop, and etc/netgrop files across mltiple servers. OneFS ses standard BSD /etc/spwd.db and /etc/grop database files as the backing store for the file provider. Yo generate the spwd.db file by rnning the pwd_mkdb command in the OneFS command-line interface (CLI). Yo can script pdates to the database files. On the Isilon clster, a file provider ses libcrypt for password hashing. The Modlar Crypt Format is parsed to determine the hashing algorithm. The following algorithms are spported: MD5 Blowfish 90 OneFS 7.1 Web Administration Gide

91 Athentication and access control NT-Hash SHA-256 SHA-512 Note The bilt-in System file provider incldes services to list, manage, and athenticate against system acconts sch as root, admin, and nobody. It is recommended that yo do not modify the System file provider. Local provider The local provider provides athentication and lookp facilities for ser acconts that were added by an administrator. Local athentication can be sefl when Active Directory, LDAP, or NIS directory services are not sed, or when a specific ser or application needs to access the clster. Local grops can inclde bilt-in grops and Active Directory grops as members. In addition to configring network-based athentication sorces, yo can also manage local sers and grops by configring a local password policy for each node in the clster. OneFS settings specify password complexity, password age and re-se, and password-attempt lockot policies. Managing access permissions Configre access management settings The internal representation of identities and permissions can contain information from UNIX sorces, Windows sorces, or both. Becase access protocols can process the information from only one of these sorces, the system may need to make approximations to present the information in a format the protocol can process. Defalt access settings inclde whether to send NTLMv2 responses for SMB connections; the identity type to store on disk; the Windows workgrop name to se when rnning in local mode; and character sbstittion for spaces encontered in ser and grop names. Procedre 1. Click Clster Management > Access Management > Settings. 2. Configre the following settings as needed. Send NTLMv2 Configres the type of NTLM response that is sent to an SMB client. On-Disk Identity Controls the preferred identity to store on disk. If OneFS is nable to convert an identity to the preferred format, it is stored as is. This setting does not affect identities that are crrently stored on disk. Select one of the following settings: native: Let OneFS determine the identity to store on disk. This is the recommended setting. nix: Always store incoming UNIX identifiers (UIDs and GIDs) on disk. sid: Store incoming Windows secrity identifiers (SIDs) on disk, nless the SID was generated from a UNIX identifier; in that case, convert it back to the UNIX identifier and store it on disk. Local provider 91

92 Athentication and access control Workgrop Specifies the NetBIOS workgrop. The defalt vale is WORKGROUP. Space Replacement For clients that have difficlty parsing spaces in ser and grop names, specifies a sbstitte character. 3. Click Save. After yo finish Modify ACL policy settings If yo changed the on-disk identity selection, it is recommended that yo rn the Repair Permissions job with the 'Convert permissions' repair task to prevent potential permissions errors. Yo can modify ACL policy settings bt the defalt ACL policy settings are sfficient for most clster deployments. CAUTION Becase ACL policies change the behavior of permissions throghot the system, they shold be modified only as necessary by experienced administrators with advanced knowledge of Windows ACLs. This is especially tre for the advanced settings, which are applied regardless of the clster's environment. For UNIX, Windows, or balanced environments, the optimal permission policy settings are selected and cannot be modified. However, yo can choose to manally configre the clster's defalt permission settings if necessary to spport yor particlar environment. Note Yo mst be logged in to the web administration interface to perform this task. For a description of each setting option, see ACL policy settings options. Procedre ACL policy settings options 1. Click Protocols > ACLs > ACL Policies. 2. In the Standard Settings section, nder Environment, click to select the setting that best describes yor environment, or select Configre permission policies manally to configre individal permission policies. 3. If yo selected the Configre permission policies manally option, configre the settings as needed. For more information abot these settings, see ACL policy settings options. 4. In the Advanced Settings section, configre the settings as needed. Yo can configre an ACL policy by choosing from these settings options. Setting Description - - UNIX only Cases clster permissions to operate with UNIX semantics, as opposed to Windows semantics. Enabling this option prevents ACL creation on the system. 92 OneFS 7.1 Web Administration Gide

93 Athentication and access control Setting Description - - Balanced Cases clster permissions to operate in a mixed UNIX and Windows environment. This setting is recommended for most clster deployments. Windows only Configre permission policies manally ACL creation over SMB Cases clster permissions to operate with Windows semantics, as opposed to UNIX semantics. Enabling this option cases the system to retrn an error on UNIX chmod reqests. Allows yo to configre the individal permissions policy settings available nder Permission Policies. Specifies whether to allow or deny creation of ACLs over SMB. Select one of the following options. Do not allow the creation of ACLs over Windows File Sharing (SMB): Prevents ACL creation on the clster. Allow the creation of ACLs over SMB: Allows ACL creation on the Note clster. Inheritable ACLs on the system take precedence over this setting: If inheritable ACLs are set on a folder, any new files and folders created in that folder will inherit the folder's ACL. Disabling this setting does not remove ACLs crrently set on files. If yo want to clear an existing ACL, rn the chmod -b <mode> <file> command to remove the ACL and set the correct permissions. chmod on files with existing ACLs Controls what happens when a chmod operation is initiated on a file with an ACL, either locally or over NFS. This setting controls any elements that set UNIX permissions, inclding File System Explorer. Enabling this policy setting does not change how chmod operations affect files that do not have ACLs. Select one of the following options. Remove the existing ACL and set UNIX permissions instead: For chmod operations, removes any existing ACL and instead sets the chmod permissions. Select this option only if yo do not need permissions to be set from Windows. Remove the existing ACL and create an ACL eqivalent to the UNIX permissions: Stores the UNIX permissions in a Windows ACL. Select this option only if yo want to remove Windows permissions bt do not want files to have synthetic ACLs. Remove the existing ACL and create an ACL eqivalent to the UNIX permissions, for all sers/grops referenced in old ACL: Stores the UNIX permissions in a Windows ACL. Select this option only if yo want to remove Windows permissions bt do not want files to have synthetic ACLs. Merge the new permissions with the existing ACL: Cases Windows and UNIX permissions to operate smoothly in a balanced environment by merging permissions that are applied by chmod with existing ACLs. An ACE for each identity (owner, grop, and everyone) is either modified or created, bt all other ACEs are nmodified. Inheritable ACEs are also left nmodified to enable Windows sers to contine to inherit appropriate ACL policy settings options 93

94 Athentication and access control Setting Description - - permissions. However, UNIX sers can set specific permissions for each of those three standard identities. Deny permission to modify the ACL: Prevents sers from making NFS and local chmod operations. Enable this setting if yo do not want to allow permission sets over NFS. This setting retrns an error when an NFS client attempts to modify the ACL. Ignore operation if file has an existing ACL: Prevents an NFS client from making changes to the ACL. This setting does not retrn an error when a NFS client attempts to modify the ACL. Select this option if yo defined an inheritable ACL on a directory and want to se that ACL for permissions. CAUTION If yo try to rn the chmod command on the same permissions that are crrently set on a file with an ACL, yo may case the operation to silently fail The operation appears to be sccessfl, bt if yo were to examine the permissions on the clster, yo wold notice that the chmod command had no effect. As a workarond, yo can rn the chmod command away from the crrent permissions and then perform a second chmod command to revert to the original permissions. For example, if yor file shows 755 UNIX permissions and yo want to confirm this nmber, yo cold rn chmod 700 file; chmod 755 file ACLs created on directories by UNIX chmod On Windows systems, the access control entries for directories can define finegrained rles for inheritance; on UNIX, the mode bits are not inherited. Making ACLs that are created on directories by the chmod command inheritable is more secre for tightly controlled environments bt may deny access to some Windows sers who wold otherwise expect access. Select one of the following options. Make them inheritable Do not make them inheritable chown on files with existing ACLs Changes a file or folder's owning ser or grop. Select one of the following options. Modify the owner and/or grop permissions: Cases the chown operation to perform as it does in UNIX. Enabling this setting modifies any ACEs in the ACL associated with the old and new owner or grop. Do not modify the ACL: Case the NFS chown operation to fnction as it does in Windows. When a file owner is changed over Windows, no permissions in the ACL are changed. 94 OneFS 7.1 Web Administration Gide

95 Athentication and access control Setting Description - - Note Over NFS, the chown operation changes the permissions and the owner or owning grop. For example, consider a file owned by ser Joe with "rwx------" (700) permissions, signifying "rwx" permissions for the owner, bt no permissions for anyone else. If yo rn the chown command to change ownership of the file to ser Bob, the owner permissions are still "rwx" bt they now represent the permissions for Bob, rather than for Joe. In fact, Joe will have lost all of his permissions. This setting does not affect UNIX chown operations performed on files with UNIX permissions, and it does not affect Windows chown operations, which do not change any permissions. Access checks (chmod, chown) In UNIX environments, only the file owner or sperser has the right to rn a chmod or chown operation on a file. In Windows environments, yo can implement this policy setting to give sers the right to perform chmod operations, called the "change permissions" right, or the right to perform chown operations, called the "take ownership" right. Note The "take ownership" right only gives sers the ability to take file ownership, not to give ownership away. Select one of the following options. Allow only owners to chmod or chown: Cases chmod and chown access checks to operate with UNIX-like behavior. Allow owner and sers with 'take ownership' right to chown, and owner and sers with 'change permissions' right to chmod: Cases chmod and chown access checks to operate with Windows-like behavior. Treatment of "rwx" permissions In UNIX environments, "rwx" permissions signify two things: A ser or grop has read, write, and execte permissions; and a ser or grop has the maximm possible level of permissions. When yo assign UNIX permissions to a file, no ACLs are stored for that file. However, a Windows system processes only ACLs; Windows does not process UNIX permissions. Therefore, when yo view a file's permissions on a Windows system, the clster mst translate the UNIX permissions into an ACL. This type of ACL is called a synthetic ACL. Synthetic ACLs are not stored anywhere; instead, they are dynamically generated as needed and then they are discarded. If a file has UNIX permissions, yo may notice synthetic ACLs when yo rn the ls file command on the clster in order to view a file s ACLs. When yo generate a synthetic ACL, the clster maps UNIX permissions to Windows rights. Windows spports a more granlar permissions model than UNIX does, and it specifies rights that cannot easily be mapped from UNIX permissions. If the clster maps "rwx" permissions to Windows rights, yo mst enable one of the following options. The main difference between "rwx" and "Fll Control" is the broader set of permissions with "Fll Control". Select one of the following options. Retain 'rwx' permissions: Generates an ACE that provides only read, write, and execte permissions. ACL policy settings options 95

96 Athentication and access control Setting Description - - Treat 'rwx' permissions as Fll Control: Generates an ACE that provides the maximm Windows permissions for a ser or a grop by adding the "change permissions" right, the "take ownership" right, and the "delete" right. Grop owner inheritance Operating systems tend to work with grop ownership and permissions in two different ways: BSD inherits the grop owner from the file's parent folder; Windows and Linx inherit the grop owner from the file creator's primary grop. If yo enable a setting that cases the grop owner to be inherited from the creator's primary grop, it can be overridden on a per-folder basis by rnning the chmod command to set the set-gid bit. This inheritance applies only when the file is created. For more information, see the manal page for the chmod command. Select one of the following options. When an ACL exists, se Linx and Windows semantics, otherwise se BSD semantics: Controls file behavior based on whether the new file inherits ACLs from its parent folder. If it does, the file ses the creator's primary grop. If it does not, the file inherits from its parent folder. BSD semantics - Inherit grop owner from the parent folder: Cases the grop owner to be inherited from the file's parent folder. Linx and Windows semantics - Inherit grop owner from the creator's primary grop: Cases the grop owner to be inherited from the file creator's primary grop. chmod (007) on files with existing ACLs Owner permissions Specifies whether to remove ACLs when rnning the chmod (007) command. Select one of the following options. chmod(007) does not remove existing ACL: Sets 007 UNIX permissions withot removing an existing ACL. chmod(007) removes existing ACL and sets 007 UNIX permissions: Removes ACLs from files over UNIX file sharing (NFS) and locally on the clster throgh the chmod (007) command. If yo enable this setting, be sre to rn the chmod command on the file immediately after sing chmod (007) to clear an ACL. In most cases, yo do not want to leave 007 permissions on the file. It is impossible to represent the breadth of a Windows ACL's access rles sing a set of UNIX permissions. Therefore, when a UNIX client reqests UNIX permissions for a file with an ACL over NFS (an action known as a "stat"), it receives an imperfect approximation of the file's tre permissions. By defalt, execting an ls -lcommand from a UNIX client retrns a more open set of permissions than the ser expects. This permissiveness compensates for applications that incorrectly inspect the UNIX permissions themselves when determining whether to attempt a file-system operation. The prpose of this policy setting is to ensre that these applications proceed with the operation to allow the file system to properly determine ser access throgh the ACL. Select one of the following options. Approximate owner mode bits sing all possible owner ACEs: Makes the owner permissions appear more permissive than the actal permissions on the file. 96 OneFS 7.1 Web Administration Gide

97 Athentication and access control Setting Description - - Approximate owner mode bits sing only the ACE with the owner ID: Makes the owner permissions appear more accrate, in that yo see only the permissions for a particlar owner and not the more permissive set. However, this may case access-denied problems for UNIX clients. grop permissions No "deny" ACEs Select one of the following options for grop permissions: Approximate grop mode bits sing all possible grop ACEs: Makes the grop permissions appear more permissive than the actal permissions on the file. Approximate grop mode bits sing only the ACE with the grop ID: Makes the grop permissions appear more accrate, in that yo see only the permissions for a particlar grop and not the more permissive set. However, this may case access-denied problems for UNIX clients. The Windows ACL ser interface cannot display an ACL if any "deny" ACEs are ot of canonical ACL order. However, in order to correctly represent UNIX permissions, deny ACEs may be reqired to be ot of canonical ACL order. Select one of the following options. Remove deny ACEs from synthetic ACLs: Does not inclde "deny" ACEs when generating synthetic ACLs. This setting can case ACLs to be more permissive than the eqivalent mode bits. Do not modify synthetic ACLs and mode bit approximations: Specifies to not modify synthetic ACL generation; deny ACEs will be generated when necessary. CAUTION This option can lead to permissions being reordered, permanently denying access if a Windows ser or an application performs an ACL get, an ACL modification, and an ACL set (known as a "rondtrip") to and from Windows. Access check (times) Yo can control who can change times, which are the access and modification times of a file, by selecting one of the following options. Allow only owners to change times to client-specific times (POSIX compliant): Allows only owners to change times, which complies with the POSIX standard an approach that is probably familiar to administrators of UNIX systems. Allow owners and sers with write access to change times to client-specific times: Allows owners as well as sers with write access to modify times a less restrictive approach that is probably familiar to administrators of Windows systems. Update clster permissions Yo can pdate file permissions or ownership by rnning the Repair Permissions job. To prevent permissions isses that can occr after changing the on-disk identity, rn this Update clster permissions 97

98 Athentication and access control job with the 'convert permissions' task to ensre that the changes are flly propagated throghot the clster. Procedre 1. Click Protocols > ACLs > Repair Permissions Job. 2. Optional: From the Priority list, select the priority level at which to rn the job in relation to other jobs. 3. Optional: From the Impact policy list, select an impact policy for the job to follow. 4. From the Repair task list, select one of the following methods for pdating permissions: Options Convert permissions Clone permissions Inherit permissions Description For each file and directory in the specified Path to repair directory, converts the owner, grop, and access control list (ACL) to the target on-disk identity. Applies the permissions settings for the directory specified by the Template Directory setting to the Path to repair directory. Recrsively applies the ACL of the directory that is specified by the Template Directory setting to each file and sbdirectory in the specified Path to repair directory, according to standard inheritance rles. The remaining settings differ depending on the selected repair task. 5. In the Path to repair field, type or browse to the directory in /ifs whose permissions yo want to repair. 6. Optional: In the Template Directory field, type or browse to the directory in /ifs that yo want to copy permissions from. This setting applies to only the Clone permissions and Inherit permissions repair tasks. 7. Optional: From the Target list, select the preferred on-disk identity type to apply. This setting applies to only the Convert permissions repair task. Options Use defalt system type Use native type Use UNIX type Use SID (Windows) type Description Applies the system's defalt identity type. If a ser or grop does not have an athoritative UNIX identifier (UID or GID), applies the Windows identity type (SID). Applies the UNIX identity type. Applies the Windows identity type. 8. Optional: From the Access Zone list, select an access zone to se for ID mapping. This setting applies to only the Convert permissions repair task. 98 OneFS 7.1 Web Administration Gide

99 Athentication and access control Managing roles Yo can view, add, or remove members of any role. Except for bilt-in roles, whose privileges yo cannot modify, yo can add or remove OneFS privileges on a role-by-role basis. Note Roles take both sers and grops as members. If a grop is added to a role, all sers who are members of that grop are assigned the privileges associated with the role. Similarly, members of mltiple roles are assigned the combined privileges of each role. View roles View privileges Yo can view information abot bilt-in and cstom roles. This procedre mst be performed throgh the command-line interface (CLI). Procedre 1. Establish an SSH connection to any node in the clster. 2. At the command prompt, rn one of the following commands. To view a basic list of all roles on the clster, rn: isi ath roles list To view detailed information abot each role on the clster, inclding member and privilege lists, rn: isi ath roles list --verbose To view detailed information abot a single role, rn the following command, where <role> is the name of the role: isi ath roles view <role> Yo can view ser privileges. This procedre mst be performed throgh the command-line interface (CLI). Yo can view a list of yor privileges or the privileges of another ser sing the following commands: Procedre 1. At the command prompt, rn one of the following commands. To view a list of all privileges: isi ath privileges --verbose To view a list of yor privileges: isi ath id To view a list of privileges for another ser, where <ser> specifies the ser by name: isi ath mapping token <ser> Managing roles 99

100 Athentication and access control Create a cstom role To create a cstom role, yo mst first create an empty role and then add privileges and members to the role. This procedre mst be performed throgh the command-line interface (CLI). Procedre 1. Establish an SSH connection to any node in the clster. 2. At the command prompt, rn the following command, where <name> is the name that yo want to assign to the role and --description <string> specifies an optional description: isi ath roles create <name> [--description <string>] After yo finish Add privileges and members to the role by rnning the isi ath roles modify command. Modify a role Yo can modify the description and the ser or grop membership of any role, inclding bilt-in roles. However, yo cannot modify the name or privileges that are assigned to bilt-in roles. This procedre mst be performed throgh the command-line interface (CLI). Procedre 1. Establish an SSH connection to any node in the clster. 2. At the command prompt, rn the following command, where <role> is the role name and <options> are optional parameters: isi ath roles modify <role> [<options>] Delete a cstom role Deleting a role does not affect the privileges or sers that are assigned to it. Bilt-in roles cannot be deleted. This procedre mst be performed throgh the command-line interface (CLI). Procedre 1. Establish an SSH connection to any node in the clster. 2. At the command prompt, rn the following command, where <role> is the name of the role that yo want to delete: isi ath roles delete <role> 3. At the confirmation prompt, type y. Managing athentication providers Yo can configre one or more LDAP, Active Directory, NIS, and file providers. A local provider is created atomatically when yo create an access zone, which allows yo to create a configration for each access zone so it has its own list of local sers that can 100 OneFS 7.1 Web Administration Gide

101 Athentication and access control Configre an LDAP provider athenticate to it. Yo also can create a password policy for each local provider to enforce password complexity. By defalt, when yo configre an LDAP provider, it is atomatically added to the System access zone. Procedre 1. Click Clster Management > Access Management > LDAP. 2. Click Add an LDAP provider. 3. In the LDAP Provider Name field, type a name for the provider. 4. In the Servers field, type one or more valid LDAP server URIs, one per line, in the format ldaps://server:port (secre LDAP) or ldap://server:port (nonsecre LDAP). Note If yo do not specify a port, the defalt port is sed. The defalt port for non-secre LDAP (ldap://) is 389; for secre LDAP (ldaps://) it is 636. If yo specify non-secre LDAP, the bind password is transmitted to the server in clear text. 5. Optional: Configre the following settings as needed. Load balance servers Select the check box to connect to a random server, or clear the check box to connect according to the order in which the servers are listed in the Servers field. Base Distingished Name Type the distingished name (DN) of the entry at which to start LDAP searches. Base DNs can inclde cn (Common Name), l (Locality), dc (Domain Component), o (Organizational Unit), or other components. For example, dc=emc,dc=com is a base DN for emc.com. Bind to Type the distingished name of the entry at which to bind to the LDAP server. Password Specify the password to se when binding to the LDAP server. Use of this password does not reqire a secre connection; if the connection is not sing Transport Layer Secrity (TLS), the password is sent in clear text. 6. Optional: To modify the defalt settings for ser, grop, and netgrop qeries, click Defalt Qery Settings. 7. Optional: To modify the settings for ser qeries and home directory provisioning, click User Qery Settings. 8. Optional: To modify the settings for grop qeries, click Grop Qery Settings. 9. Optional: To modify the settings for netgrop qeries, click Netgrop Qery Settings. 10.Optional: To modify the defalt LDAP attribtes that contain ser information or to modify LDAP secrity settings, click Advanced LDAP Settings. 11.Click Add LDAP provider. Configre an LDAP provider 101

102 Athentication and access control Managing LDAP providers Modify an LDAP provider Delete an LDAP provider Configre Kerberos settings Yo can view, modify, and delete LDAP providers or yo can stop sing an LDAP provider by removing it from all access zones that are sing it. Yo can modify any setting for an LDAP provider except its name. Yo mst specify at least one server for the provider to be enabled. Procedre 1. Click Clster Management > Access Management > LDAP. 2. In the list of LDAP providers, click View details for the provider whose settings yo want to modify. 3. For each setting that yo want to modify, click Edit, make the change, and then click Save. 4. Optional: Click Close. When yo delete an LDAP provider, it is removed from all access zones. As an alternative, yo can stop sing an LDAP provider by removing it from each access zone that contains it so that the provider remains available for ftre se. Procedre 1. Click Clster Management > Access Management > LDAP. 2. Click Delete for the provider that yo want to delete. 3. In the confirmation dialog box, click Delete. OneFS incldes a Kerberos configration file for Active Directory in addition to the global Kerberos configration file. This procedre is available only throgh the OneFS command-line interface (CLI). Note Most settings reqire modification only if yo are sing a Kerberos Key Distribtion Center (KDC) other than Active Directory for example, if yo are sing an MIT KDC for NFS version 3 or version 4 athentication. Procedre 1. Establish an SSH connection to any node in the clster. 2. Rn the isi ath krb5 command with the add, modify, or delete sbcommand to specify which entries to modify in the Kerberos configration file. 3. Write the changes to the file by rnning the isi ath krb5 write command. Note By defalt, changes are written to the global Kerberos configration file, /etc/ krb5.conf. To pdate the Kerberos configration file for Active Directory, inclde the --path option to specify the /etc/likewise-krb5-ad.conf file. 102 OneFS 7.1 Web Administration Gide

103 Athentication and access control LDAP qery settings Yo can configre the entry point and depth at which to search for LDAP sers, grops, and netgrops. Yo can also configre the settings for ser home directory provisioning. Note OneFS is RFC 2307-compliant. Distingished Name Specifies the base distingished name (base DN) of the entry at which to start LDAP searches for ser, grop, or netgrop objects. Base DNs can inclde cn (Common Name), l (Locality), dc (Domain Component), o (Organizational Unit), or other components. For example, dc=emc,dc=com is a base DN for emc.com. Search Scope Specifies the depth from the base DN at which to perform LDAP searches. The following vales are valid: defalt Applies the search scope that is defined in the defalt qery settings. This option is not available for the defalt qery search scope. base Searches only the entry at the base DN. onelevel Searches all entries exactly one level below the base DN. sbtree Searches the base DN and all entries below it. children Searches all entries below the base DN, exclding the base DN itself. Search Timeot Specifies the nmber of seconds after which to stop retrying and fail a search. The defalt vale is 100. This setting is available only in the defalt qery settings. Qery Filter Specifies the LDAP filter for ser, grop, or netgrop objects. This setting is not available in the defalt qery settings. Athenticate sers from this provider Specifies whether to allow the provider to respond to athentication reqests. This setting is available only in the ser qery settings. Home Directory Naming Specifies the path to se as a template for naming home directories. The path mst begin with /ifs and can contain variables, sch as %U, that are expanded to generate the home directory path for the ser. This setting is available only in the ser qery settings. Managing LDAP providers 103

104 Athentication and access control Create home directories on first login Specifies whether to create a home directory the first time a ser logs in, if a home directory does not already exist for the ser. This setting is available only in the ser qery settings. UNIX Shell Specifies the path to the ser's login shell, for sers who access the file system throgh SSH. This setting is available only in the ser qery settings. LDAP advanced settings Yo can configre LDAP secrity settings and specify the LDAP attribtes that contain ser information. Note OneFS is RFC 2307-compliant. Name Attribte Specifies the LDAP attribte that contains UIDs, which are sed as login names. The defalt vale is id. Common Name Attribte Specifies the LDAP attribte that contains common names (CNs). The defalt vale is cn. Attribte Specifies the LDAP attribte that contains addresses. The defalt vale is mail. GECOS Field Attribte Specifies the LDAP attribte that contains GECOS fields. The defalt vale is gecos. UID Attribte Specifies the LDAP attribte that contains UID nmbers. The defalt vale is idnmber. GID Attribte Specifies the LDAP attribte that contains GIDs. The defalt vale is gidnmber. Home Directory Attribte Specifies the LDAP attribte that contains home directories. The defalt vale is homedirectory. UNIX Shell Attribte Specifies the LDAP attribte that contains UNIX login shells. The defalt vale is loginshell. Netgrop Members Attribte Specifies the LDAP attribte that contains netgrop members. The defalt vale is membernisnetgrop. Netgrop Triple Attribte Specifies the LDAP attribte that contains netgrop triples. The defalt vale is nisnetgroptriple. 104 OneFS 7.1 Web Administration Gide

105 Athentication and access control Grop Members Attribte Specifies the LDAP attribte that contains grop members. The defalt vale is memberuid. Uniqe Grop Members Attribte Specifies the LDAP attribte that contains niqe grop members. This attribte is sed to determine which grops a ser belongs to if the LDAP server is qeried by the ser s DN instead of the ser s name. This setting has no defalt vale. UNIX Password Attribte Specifies the LDAP attribte that contains UNIX passwords. This setting has no defalt vale. Windows Password Attribte Specifies the LDAP attribte that contains Windows passwords. The defalt vale is ntpasswdhash. Certificate Athority File Specifies the fll path to the root certificates file. Reqire secre connection for passwords Specifies whether to reqire a Transport Layer Secrity (TLS) connection. Ignore TLS Errors Contines over a secre connection even if identity checks fail. Configre an Active Directory provider Yo can configre one or more Active Directory providers, each of which mst be joined to a separate Active Directory domain. By defalt, when yo configre an Active Directory provider, it is atomatically added to the System access zone. Note If yo migrate sers to a new or different Active Directory domain, yo mst re-set the ACL domain information after yo configre the new provider. Third-party tools can be sed, sch as Microsoft SbInACL. Procedre 1. Click Clster Management > Access Management > Active Directory. 2. Click Join a domain. 3. In the Domain Name field, type a flly qalified Active Directory domain name. The domain name will also be sed as the provider name. 4. In the User field, type the sername of an accont that is athorized to join the Active Directory domain. 5. In the Password field, type the password of the ser accont. 6. Optional: In the Organizational Unit field, type the name of the organizational nit (OU) to connect to on the Active Directory server. Specify the OU in the form OName or OName1/SbName2. 7. Optional: In the Machine Accont field, type the name of the machine accont. Configre an Active Directory provider 105

106 Athentication and access control Note If yo specified an OU to connect to, the domain join will fail if the machine accont does not reside in the OU. 8. Optional: To enable Active Directory athentication for NFS, select the Enable Secre NFS check box. If yo enable this setting, OneFS registers NFS service principal names (SPNs) dring the domain join. 9. Optional: To configre advanced settings, click Advanced Active Directory Settings. 10.Click Join. Managing Active Directory providers Modify an Active Directory provider Yo can view, modify, and delete Active Directory providers. OneFS incldes a Kerberos configration file for Active Directory in addition to the global Kerberos configration file, both of which yo can configre throgh the command-line interface. Yo can modify the advanced settings for an Active Directory provider. Procedre Delete an Active Directory provider Configre Kerberos settings 1. Click Clster Management > Access Management > Active Directory. 2. In the list of Active Directory providers, click View details for the provider whose settings yo want to modify. 3. Click Advanced Active Directory Settings. 4. For each setting that yo want to modify, click Edit, make the change, and then click Save. 5. Optional: Click Close. When yo delete an Active Directory provider, yo disconnect the clster from the Active Directory domain that is associated with the provider, disrpting service for sers who are accessing it. After yo leave an Active Directory domain, sers can no longer access the domain from the clster. Procedre 1. Click Clster Management > Access Management > Active Directory. 2. In the Active Directory Providers table, click Leave for the domain yo want to leave. 3. In the confirmation dialog box, click Leave. OneFS incldes a Kerberos configration file for Active Directory in addition to the global Kerberos configration file. This procedre is available only throgh the OneFS command-line interface (CLI). 106 OneFS 7.1 Web Administration Gide

107 Athentication and access control Note Most settings reqire modification only if yo are sing a Kerberos Key Distribtion Center (KDC) other than Active Directory for example, if yo are sing an MIT KDC for NFS version 3 or version 4 athentication. Procedre 1. Establish an SSH connection to any node in the clster. 2. Rn the isi ath krb5 command with the add, modify, or delete sbcommand to specify which entries to modify in the Kerberos configration file. 3. Write the changes to the file by rnning the isi ath krb5 write command. Note By defalt, changes are written to the global Kerberos configration file, /etc/ krb5.conf. To pdate the Kerberos configration file for Active Directory, inclde the --path option to specify the /etc/likewise-krb5-ad.conf file. Active Directory provider settings Yo can view or modify the advanced settings for an Active Directory provider. Setting Description - - Services For UNIX Specifies whether to spport RFC 2307 attribtes for domain controllers. RFC 2307 is reqired for Windows UNIX Integration and Services For UNIX technologies. Map to primary domain Ignore Trsted Domains Trsted Domains Domains to Ignore Offline Alerts Enhanced Privacy Home Directory Naming Create Home Directory UNIX Shell Enables the lookp of nqalified ser names in the primary domain. If this setting is not enabled, the primary domain mst be specified for each athentication operation. Ignores all trsted domains. Specifies trsted domains to inclde if the Ignore Trsted Domains setting is enabled. Specifies trsted domains to ignore even if the Ignore Trsted Domains setting is disabled. Sends an alert if the domain goes offline. Encrypts commnication to and from the domain controller. Specifies the path to se as a template for naming home directories. The path mst begin with /ifs and can contain variables, sch as %U, that are expanded to generate the home directory path for the ser. Creates a home directory the first time a ser logs in, if a home directory does not already exist for the ser. Specifies the path to the login shell to se if the Active Directory server does not provide login-shell information. This setting applies only to sers who access the file system throgh SSH. Managing Active Directory providers 107

108 Athentication and access control Setting Description - - Lookp User Looks p Active Directory sers in all other providers before allocating a UID. Match Users with Lowercase Ato-assign UIDs Lookp Grop Match Grops with Lowercase Ato-assign GIDs Make UID/GID assignments for sers and grops in these specific domains Normalizes Active Directory ser names to lowercase before lookp. Enables UID allocation for nmapped Active Directory sers. Looks p Active Directory grops in all other providers before allocating a GID. Normalizes Active Directory grop names to lowercase before lookp. Enables GID allocation for nmapped Active Directory grops. Restricts ser and grop lookps to the specified domains. Managing NIS providers Configre an NIS provider Yo can view and modify NIS providers or delete providers that are no longer needed. As an alternative to deleting a NIS provider, yo can remove it from any access zones that are sing it. By defalt, when yo configre an NIS provider it is atomatically added to the System access zone. Procedre 1. Click Clster Management > Access Management > NIS. 2. Click Add a NIS provider. 3. In the NIS Provider Name field, type a name for the provider. 4. In the Servers field, type one or more valid NIS server IP addresses, host names, or flly qalified domain names (FQDNs), separated by commas. Note If the Load balance servers option is not selected, servers are accessed in the order in which they are listed. 5. Optional: Configre the Load balance servers setting: To connect to a random server, select the check box. To connect according to the order in which the servers are listed in the Servers field, clear the check box. 6. Optional: Click Defalt Qery Settings and then configre the following settings: NIS Domain Specifies the NIS domain name. 108 OneFS 7.1 Web Administration Gide

109 Athentication and access control Search Timeot Specifies the nmber of seconds after which to stop retrying and fail a search. The defalt vale is 100. Retry Freqency Specifies the timeot period in seconds after which a reqest will be retried. The defalt vale is Optional: Click User Qery Settings and then configre the following settings: Athenticate sers from this provider Specifies whether to allow the provider to respond to athentication reqests. Home Directory Naming Specifies the path to se as a template for naming home directories. The path mst begin with /ifs and can contain variables, sch as %U, that are expanded to generate the home directory path for the ser. Create home directories on first login Specifies whether to create a home directory the first time a ser logs in, if a home directory does not already exist for the ser. UNIX Shell Specifies the path to the ser's login shell, for sers who access the file system throgh SSH. 8. Optional: Click Host Name Qery Settings and then configre the Resolve Hosts setting: To enable host resoltion, select the check box. To disable host resoltion, clear the check box. 9. Click Add NIS provider. Modify an NIS provider Delete an NIS provider Yo can modify any setting for an NIS provider except its name. Yo mst specify at least one server for the provider to be enabled. Procedre 1. Click Clster Management > Access Management > NIS. 2. In the list of NIS providers, click View details for the provider whose settings yo want to modify. 3. For each setting that yo want to modify, click Edit, make the change, and then click Save. 4. Click Close. When yo delete an NIS provider, it is removed from all access zones. As an alternative, yo can stop sing an NIS provider by removing it from each access zone that contains it so that the provider remains available for ftre se. Procedre 1. Click Clster Management > Access Management > NIS. Managing NIS providers 109

110 Athentication and access control Configring file providers 2. Click Delete for the provider that yo want to delete. 3. In the confirmation dialog box, click Delete. Yo can configre one or more file providers, each with its own combination of replacement files, for each access zone. Password database files, which are also called ser database files, mst be in binary format. Configre a file provider Yo can specify replacement files for any combination of sers, grops, and netgrops. Procedre 1. Click Clster Management > Access Management > File Provider. 2. Click Add a file provider. 3. In the File Provider Name field, type a name for the file provider. 4. Optional: Specify one or more of the following replacement files. To specify a ser replacement file, in the Users File field, type or browse to the location of the spwd.db file. To specify a grop replacement file, in the Grops File field, type or browse to the location of the grop file. To specify a netgrop replacement file, in the Netgrops File field, type or browse to the location of the netgrop file. 5. Optional: To enable this provider to athenticate sers, select the Athenticate sers from this provider check box. 6. Optional: In the Home Directory Naming field, type the path to se as a template for naming home directories. The path mst begin with /ifs and may contain variables, sch as %U, that are expanded to generate the home directory path for the ser. 7. Optional: To atomatically create a home directory the first time a ser logs in, select the Create home directories on first login check box. This setting applies only if a home directory does not already exist for the ser. 8. Optional: From the UNIX Shell list, select the login shell for sers who access the file system throgh SSH. 9. Click Add File Provider. Generate a password file A file provider reqires the password database file to be in binary format. To generate a binary password file, yo mst rn the pwd_mkdb command in the OneFS command-line interface (CLI). Procedre 1. Establish an SSH connection to any node in the clster. 2. Rn the following command, where -d <directory> specifies the location in which to store the spwd.db file and <file> specifies the location of the sorce password file: pwd_mkdb -d <directory> <file> 110 OneFS 7.1 Web Administration Gide

111 Athentication and access control Note If yo omit the -d option, the file is created in the /etc directory. For fll command sage gidelines, view the manal ("man") page by rnning the man pwd_mkdb command. The following command generates an spwd.db file in the /ifs directory from a password file that is located at /ifs/test.passwd: pwd_mkdb -d /ifs /ifs/test.passwd Managing file providers Each file provider plls directly from p to three replacement database files: a grop file that ses the same format as /etc/grop; a netgrops file; and a binary password file, spwd.db, which provides fast access to the data in a file that ses the /etc/ master.passwd format. Yo mst copy the replacement files to the clster and reference them by their directory path. Note If the replacement files are located otside the /ifs directory tree, yo mst manally distribte them to every node in the clster. Changes that are made to the system provider's files are atomatically distribted across the clster. Modify a file provider Delete a file provider Yo can modify any setting for a file provider, with the exception that yo cannot rename the System file provider. Procedre 1. Click Clster Management > Access Management > File Provider. 2. In the File Providers table, click View details for the provider whose settings yo want to modify. 3. For each setting that yo want to modify, click Edit, make the change, and then click Save. 4. Click Close. To stop sing a file provider, yo can clear all of its replacement file settings or yo can permanently delete the provider. Procedre 1. Click Clster Management > Access Management > File Provider. 2. In the File Providers table, click Delete for the provider that yo want to delete. 3. In the confirmation dialog box, click Delete. Managing file providers 111

112 Athentication and access control Password file format The file provider ses a binary password database file, spwd.db. Yo can generate a binary password file from a master.passwd-formatted file by rnning the pwd_mkdb command. The master.passwd file contains ten colon-separated fields, as shown in the following example: admin:*:10:10::0:0:web UI Administrator:/ifs/home/admin:/bin/zsh The fields are defined below in the order in which they appear in the file. Note UNIX systems often define the passwd format as a sbset of these fields, omitting the Class, Change, and Expiry fields. To convert a file from passwd to master.passwd format, add :0:0: between the GID field and the Gecos field. Username The ser name. This field is case-sensitive. OneFS does not set a limit on the length; however, many applications trncate the name to 16 characters. Password The ser s encrypted password. If athentication is not reqired for the ser, an asterisk (*) can be sbstitted for a password. The asterisk character is garanteed to not match any password. UID GID The UNIX ser identifier. This vale mst be a nmber in the range that is not reserved or already assigned to a ser. Compatibility isses will occr if this vale conflicts with an existing accont's UID. The grop identifier of the ser s primary grop. All sers are a member of at least one grop, which is sed for access checks and can also be sed when creating files. Class This field is not spported by OneFS and shold be left empty. Change OneFS does not spport changing the passwords of sers in the file provider. This field is ignored. Expiry OneFS does not spport the expiration of ser acconts in the file provider. This field is ignored. Gecos This field can store a variety of information bt is sally sed to store the ser s fll name. Home The absolte path to the ser s home directory, beginning at /ifs. 112 OneFS 7.1 Web Administration Gide

113 Athentication and access control Shell The absolte path to the ser s shell. If this field is set to /sbin/nologin, the ser is denied command-line access. Grop file format The file provider ses a grop file in the format of the /etc/grop file that exists on most UNIX systems. The grop file consists of one or more lines containing for colon-separated fields, as shown in the following example: admin:*:10:root,admin The fields are defined below in the order in which they appear in the file. Grop name The name of the grop. This field is case-sensitive. Althogh OneFS does not set a limit on the length of the grop name, many applications trncate the name to 16 characters. Password This field is not spported by OneFS and shold contain an asterisk (*). GID The UNIX grop identifier. Valid vales are any nmber in the range that is not reserved or already assigned to a grop. Compatibility isses will occr if this vale conflicts with an existing grop's GID. Grop members A comma-delimited list of ser names. Netgrop file format A netgrop file consists of one or more netgrops, each of which can contain members. Members of a netgrop can be hosts, sers, or domains that are specified in a member triple. A netgrop can also contain another netgrop. Each entry in a netgrop file consists of the netgrop name, followed by a spacedelimited set of member triples and nested netgrop names. If yo specify a nested netgrop, it mst be defined on a separate line in the file. A member triple takes the form (host, ser, domain), where host is a machine name, ser is a ser name, and domain is a domain name. Any combination is valid except an empty triple (,,). The following sample file contains two netgrops. The 'rootgrp' netgrop contains for hosts: two hosts are defined in member triples and two hosts are contained in the nested 'othergrp' netgrop, which is defined on the second line. rootgrp (myserver, root, somedomain.com) (otherserver, root, somedomain.com) othergrp othergrp (other-win,, somedomain.com) (other-linx,, somedomain.com) Note A new line signifies a new netgrop. Yo can contine a long netgrop entry to the next line by typing a backslash character (\) in the right-most position of the first line. Managing file providers 113

114 Athentication and access control Create a local ser Each access zone incldes a local provider that allows yo to create and manage local sers and grops. When creating a local ser accont, yo can configre its name, password, home directory, UNIX ser identifier (UID), UNIX login shell, and grop memberships. Procedre 1. Click Clster Management > Access Management > Users. 2. From the Select a zone list, select an access zone (for example, System). 3. From the Select a provider list, select the local provider for the zone (for example, LOCAL:System). 4. Click Create a ser. 5. In the Username field, type a sername for the accont. 6. In the Password field, type a password for the accont. 7. Optional: Configre the following additional settings as needed. Allow password to expire: Select this check box to specify that the password is allowed to expire. UID: If this setting is left blank, the system atomatically allocates a UID for the accont. This is the recommended setting. Note Yo cannot assign a UID that is in se by another local ser accont. Fll Name: Type a fll name for the ser. Address: Type an address for the accont. Primary Grop: Click Select grop to specify the owner grop. Additional Grops: Specify any additional grops to make this ser a member of. Home Directory: Type the path to the ser's home directory. If yo do not specify a path, a directory is atomatically created at /ifs/home/<username>. UNIX Shell: This setting applies only to sers who access the file system throgh SSH. From the list, click the shell that yo want. By defalt, the /bin/zsh shell is selected. Enabled: Select this check box to allow the ser to athenticate against the local database for SSH, FTP, HTTP, and Windows file sharing throgh SMB. This setting is not sed for UNIX file sharing throgh NFS. Accont Expires: Optionally select one of the following options: Never expires: Click to specify that this accont does not have an expiration date. Accont expires on: Click to display the Expiration date field, and then type the date in the format mm/dd/yyyy. Prompt password change: Select this check box to prompt for a password change the next time the ser logs in. 8. Click Create User. 114 OneFS 7.1 Web Administration Gide

115 Athentication and access control Create a local grop In the local provider of an access zone, yo can create grops and assign members to them. Procedre 1. Click Clster Management > Access Management > Grops. 2. From the Select a zone list, select an access zone (for example, System). 3. From the Select a provider list that appears, select the local provider for the zone (for example, LOCAL:System). 4. Click the Create a grop link. 5. In the Grop Name box, type a name for the grop. 6. Optional: To override atomatic allocation of the UNIX grop identifier (GID), in the GID box, type a nmerical vale. Note Yo cannot assign a GID that is in se by another grop. It is recommended that yo leave this field blank to allow the system to atomatically generate the GID. 7. Optional: Follow these steps for each member that yo want to add the grop: a. For the Members setting, click Add ser. The Select a User dialog box appears. b. For the Search for setting, select either Users or Well-known SIDs. c. If yo selected Users, specify vales for the following fields: Username: Type all or part of a ser name, or leave the field blank to retrn all sers. Wildcard characters are accepted. Access Zone: Select the access zone that contains the athentication provider that yo want to search. Provider: Select an athentication provider. d. Click Search. e. In the Search Reslts table, select a ser and then click Select. The dialog box closes. 8. Click Create. Managing local sers and grops View a list of sers or grops by provider Althogh yo can view the sers and grops of any athentication provider, yo can create, modify, and delete sers and grops in the local provider only. Yo can view the sers and grops of any athentication provider. Procedre 1. Click Clster Management > Access Management. 2. Click one of the following, depending on what yo want to view: Create a local grop 115

116 Athentication and access control Option Users Grops Description Select this tab to view all sers by provider. Select this tab to view all grops by provider. 3. From the Select a zone list, select an access zone (for example, System). 4. From the Select a provider list, select the local provider for the access zone (for example, LOCAL:System). Modify a local ser Modify a local grop Delete a local ser Yo can modify any setting for a local ser accont except the ser name. Procedre 1. Click Clster Management > Access Management > Users. 2. From the Select a zone list, select an access zone (for example, System). 3. From the Select a provider list, select the local provider for the access zone (for example, LOCAL:System). 4. In the list of sers, click View details for the local ser whose settings yo want to modify. 5. For each setting that yo want to modify, click Edit, make the change, and then click Save. 6. Click Close. Yo can add or remove members from a local grop. Procedre 1. Click Clster Management > Access Management > Grops. 2. From the Select a zone list, select an access zone (for example, System). 3. From the Select a provider list, select the local provider for the access zone (for example, LOCAL:System). 4. In the list of grops, click View details for the local grop whose settings yo want to modify. 5. For the Members setting, click Edit. 6. Add or remove the sers that yo want, and then click Save. 7. Click Close. A deleted ser can no longer access the clster throgh the command-line interface, web administration interface, or file access protocol. When yo delete a local ser accont, its home directory remains in place. Procedre 1. Click Clster Management > Access Management > Users. 2. From the Select a zone list, select an access zone (for example, System). 3. From the Select a provider list, select the local provider for the zone (for example, LOCAL:System). 116 OneFS 7.1 Web Administration Gide

117 Athentication and access control 4. Click Delete for the ser that yo want to delete. 5. In the confirmation dialog box, click Delete. Delete a local grop Yo can delete a local grop even if members are assigned to it; deleting a grop does not affect the members of that grop. Procedre 1. Click Clster Management > Access Management > Grops. 2. From the Select a zone list, select an access zone (for example, System). 3. From the Select a provider list, select the local provider for the zone (for example, LOCAL:System). 4. Click Delete for the grop that yo want to delete. 5. In the confirmation dialog box, click Delete. Configre a local password policy Yo can configre a local password policy for a local provider. This procedre cannot be performed throgh the web administration interface. Note Yo mst configre a separate password policy for each access zone. Each access zone in the clster contains a separate instance of the local provider, which allows each access zone to have its own list of local sers who can athenticate. Password complexity is configred for each local provider, not for each ser. Procedre 1. Establish an SSH connection to any node in the clster. 2. Optional: To view the crrent password settings, rn the following command: isi ath local view system 3. Rn the isi ath local modify command, choosing from local password policy settings options. The --password-complexity parameter mst be specified for each setting, as demonstrated in the following example: isi ath local modify system --password-complexity=lowercase \ --password-complexity=ppercase --password-complexity=nmeric \ --password-complexity=symbol The following command is an example of how to configre a local password policy for a local provider. isi ath local modify provider-name=<provider-name> \ --min-password-length=15 \ --lockot-dration=15m \ --lockot-window=1m \ --lockot-threshold=5 \ --add-password-complexity=ppercase \ --add-password-complexity=nmeric Local password policy settings Yo can configre local password policy settings and specify the defalt for each setting throgh the isi ath local modify command. Password complexity increases the Managing local sers and grops 117

118 Athentication and access control nmber of possible passwords that an attacker mst check before the correct password can be gessed. Setting Description Comments min-password-length Minimm password length in characters. Long passwords are best. The minimm length shold not be so long that sers have a difficlt time entering or remembering the password. password-complexity A list of cases that a new password mst contain. By defalt, the list is empty. Yo can specify as many as for cases. The following cases are valid: ppercase lowercase nmeric symbol (exclding # min-password-age max-password-age password-historylength lockot-dration lockot-threshold The minimm password age. Yo can set this vale sing characters for nits; for example, 4W for 4 weeks, 2d for 2 Days. The maximm password age. Yo can set this vale sing characters for nits; for example, 4W for 4 weeks, 2d for 2 Days. The nmber of historical passwords to keep. New passwords are checked against this list and rejected if the password is already present. The max history length is 24. The length of time in seconds that an accont is locked after a configrable nmber of bad passwords are entered. The nmber of incorrect password attempts before an accont is locked. A A minimm password age can be sed to ensre that a ser cannot enter a temporary password and then immediately change it to the previos password. Attempts to check or set a password before the time expires are denied. Attempts to login after a password expires forces a password change. If a password change dialog cannot be presented, the ser is not allowed to login. To avoid recycling of passwords, yo can specify the nmber of previos passwords to remember. If a new password matches a remembered previos password, it is rejected. After an accont is locked, it is navailable from all sorces ntil it is nlocked. OneFS provides two configrable options to avoid administrator interaction for every locked accont: Specify how mch time mst elapse before the accont is nlocked. Atomatically reset the incorrectpassword conter after a specified time, in seconds. After an accont is locked, it is navailable from all sorces ntil it is nlocked. 118 OneFS 7.1 Web Administration Gide

119 Athentication and access control Setting Description Comments vale of zero disables accont lockot. lockot-window The time that elapses before the incorrect password attempts cont is reset. If the configred nmber of incorrect password attempts is reached, the accont is locked and lockotdration determines the length of time that the accont is locked. A vale of zero disables the window. Managing local sers and grops 119

120

121 CHAPTER 6 Identity management This section incldes the following topics: Identity management Identity types Access tokens Access token generation Identity management 121

122 Identity management Identity management In environments with several different types of directory services, OneFS maps the sers and grops from the separate services to provide a single nified identity on the EMC Isilon clster and niform access control to files and directories, regardless of the incoming protocol. This process is called identity mapping. Isilon clsters are freqently deployed in mltiprotocol environments with mltiple types of directory services, sch as Active Directory and LDAP. When a ser with acconts in mltiple directory services logs in to an Isilon clster, OneFS combines the ser s identities and privileges from all the directory services into a native access token. Yo can configre OneFS settings to inclde a list of rles for token maniplation to control ser identity and privileges. For example, yo can set a ser mapping rle to merge an Active Directory identity and an LDAP identity into a single token that works for access to files stored over both SMB and NFS. The token can inclde grops from Active Directory and LDAP. The mapping rles that yo create can solve identity problems by maniplating access tokens in many ways, inclding the following examples: Athenticate a ser with Active Directory bt give the ser a UNIX identity. Select a primary grop from competing choices in Active Directory or LDAP. Disallow login of sers that do not exist in both Active Directory and LDAP. For more information abot identity management, see the white paper Managing identities with the Isilon OneFS ser mapping service (white paper) at EMC Online Spport ( Identity types OneFS spports three primary identity types, each of which can be stored directly on the file system. These types are ser identifier and grop identifier for UNIX, and secrity identifier for Windows. When yo log on to an Isilon clster, the ser mapper expands yor identity to inclde yor other identities from all the directory services, inclding Active Directory, LDAP, and NIS. After OneFS maps yor identities across the directory services, it generates an access token that incldes the identity information associated with yor acconts. A token incldes the following identifiers: A UNIX ser identifier (UID) and a grop identifier (GID). A UID or GID is a 32-bit nmber with a maximm vale of 4,294,967,295. A secrity identifier (SID) for a Windows ser accont. A SID is a series of athorities and sb-athorities ending with a 32-bit relative identifier (RID). Most SIDs have the form S A-B-C-<RID>, where A, B, and C are specific to a domain or compter and <RID> denotes the object in the domain. A primary grop SID for a Windows grop accont. A list of spplemental identities, inclding all grops in which the ser is a member. The token also contains privileges that stem from administrative role-based access control. On an Isilon clster, a file contains permissions, which appear as an access control list (ACL). The ACL controls access to directories, files, and other secrable system objects. When a ser tries to access a file, OneFS compares the identities in the ser s access token with the file s ACL. OneFS grants access when the file s ACL incldes an access control entry (ACE) that allows the identity in the token to access the file and that does 122 OneFS 7.1 Web Administration Gide

123 Identity management not inclde an ACE that denies the identity access. OneFS compares the access token of a ser with the ACL of a file. Note For more information abot access control lists, inclding a description of the permissions and how they correspond to POSIX mode bits, see the white paper titled EMC Isilon mltiprotocol data access with a nified secrity model on the EMC Online Spport web site ( When a name is provided as an identifier, it is converted into the corresponding ser or grop object and the correct identity type. There are varios ways that a name can be entered or displayed: UNIX assmes niqe case-sensitive namespaces for sers and grops. For example, "Name" and "name" represent different objects. Windows provides a single, case-insensitive namespace for all objects and also specifies a prefix to target an Active Directory domain (for example, domain\name). Kerberos and NFSv4 define principals, which reqire names to be formatted the same way as addresses (for example, [email protected]). Mltiple names can reference the same object. For example, given the name "spport" and the domain "example.com", spport, EXAMPLE\spport, and [email protected] are all names for a single object in Active Directory. Access tokens An access token is created when the ser first makes a reqest for access. Access tokens represent who a ser is when performing actions on the clster and spply the primary owner and grop identities to se dring file creation. Access tokens are also compared against the ACL or mode bits dring athorization checks. Dring ser athorization, OneFS compares the access token, which is generated dring the initial connection, with the athorization data on the file. All ser and identity mapping occrs dring token generation; no mapping takes place dring permissions evalation. An access token incldes all UIDs, GIDs, and SIDs for an identity, in addition to all OneFS privileges. OneFS exclsively ses the information in the token to determine whether a ser has access to a resorce. It is important that the token contains the correct list of UIDs, GIDs, and SIDs. An access token is created from one of the following sorces: Sorce Athorization method - - Username SMB impersonate ser Kerberized NFSv3 Kerberized NFSv4 montd root mapping HTTP FTP Privilege Attribte Certificate (PAC) SMB NTLM Active Directory Kerberos Access tokens 123

124 Identity management Sorce Athorization method - - User identifier (UID) NFS AUTH_SYS mapping Access token generation For most protocols, the access token is generated from the sername or from the athorization data retrieved dring athentication. The process of token generation and ser mapping is described below: 1. Using the initial identity, the ser is looked p in all configred athentication providers in the access zone, in the order in which they are listed, ntil a match is fond. An exception to this behavior occrs if the AD provider is configred to call other providers, sch as LDAP or NIS. The ser identity and grop list are retrieved from the athenticating provider. Any SIDs, UIDs, or GIDs are added to the initial token. 2. All identities in the token are qeried in the ID mapper. All SIDs are converted to their eqivalent UID/GID and vice versa. These ID mappings are also added to the access token. 3. If the sername matches any ser mapping rles, the rles are processed in order and the token is pdated accordingly. (For details abot ser mapping rles, see "User mapping.") The defalt on-disk identity is calclated sing the final token and the global setting. These identities are sed for newly created files. ID mapping The ID mapping service maps Windows SIDs to UNIX UIDs and, conversely, to control access consistently across protocols. Administrators with advanced knowledge of UNIX and Windows identities can modify the defalt settings that determine how identities are mapped in the system. Note Identity (ID) mapping and ser mapping are different services, despite the similarity in names. Dring athentication, the ID mapping service associates Windows identifiers with UNIX identifiers. When a ser connects to a clster over NFS, the ID mapping service maps the ser s UID and GID to a SID for access to files that another ser stored over SMB. In the same way, when a ser connects to the clster over SMB with a SID, the service maps it to a UID and GID for access to files stored over NFS by a UNIX client. By defalt, the ID mapping service matches acconts with the same name. Mappings are stored in a clster-distribted database called the ID mapper. When retrieving a mapping from the database, the ID mapper takes a sorce and target identity type as inpt. If a mapping already exists between the specified sorce and the reqested type, that mapping is retrned; otherwise, a new mapping is created. Each mapping is stored in the ID mapper database as a one-way relationship from the sorce to the target identity type. Two-way mappings are stored as complementary one-way mappings. 124 OneFS 7.1 Web Administration Gide

125 Identity management Mapping Windows IDs to UNIX IDs Mapping UNIX IDs to Windows IDs If a caller reqests a SID-to-UID or SID-to-GID mapping, OneFS mst first locate the Active Directory ser or grop that is associated with the SID. After locating the Active Directory ser or grop, OneFS applies the following rles in the order listed to create two mappings, one in each direction: 1. If the object has an associated UID or GID throgh an external mapping, create a mapping from the SID. 2. If a mapping for the SID already exists in the ID mapper database, se that mapping. 3. Determine whether a lookp of the ser or grop is necessary in an external sorce, according to the following conditions: The ser or grop is in the primary domain or one of the listed lookp domains. Lookp is enabled for sers or grops. 4. If a lookp is necessary, perform these steps: a. By defalt, normalize the ser or grop name to lowercase. b. Search all athentication providers except Active Directory for a matching ser or grop object by name. c. If an object is fond, se the associated UID or GID to create an external mapping. 5. Allocate an atomatic mapping from the configred range. OneFS creates temporary UID-to-SID and GID-to-SID mappings only if the caller reqests a mapping that does not already exist. The UNIX SIDs that reslt from these mappings are never stored on disk. UIDs and GIDs have a set of pre-defined mappings to and from SIDs. If a UID-to-SID or GID-to-SID mapping is reqested, a temporary UNIX SID is generated in the format S <UID> or S <GID> by applying the following rles: For UIDs, generate a UNIX SID with a domain of S and a resorce ID (RID) matching the UID. For example, the UNIX SID for UID 600 is S For GIDs, generate a UNIX SID with a domain of S and a RID matching the GID. For example, the UNIX SID for GID 800 is S User mapping across systems and identities User mapping provides a way to control permissions by specifying a ser's secrity identifiers, ser identifiers, and grop identifiers. OneFS ses the identifiers to check file or grop ownership. With the ser mapping service, yo can apply rles to modify which ser identity OneFS ses, add spplemental ser identities, and modify a ser's grop membership. The OneFS ser mapper provides a way to control the permissions given to sers by specifying ser and grop identifiers (SIDs, UIDs, and GIDs) for a ser. The ser mapping service combines a ser s identities from different directory services into a single access token and then modifies it according to the rles that yo set. User mapping across systems and identities 125

126 Identity management User mapping gidelines Note Elements of ser-mapping rles Yo can configre mapping rles when yo create an access zone. OneFS maps sers only dring login or protocol access. If yo do not configre rles, a ser who athenticates with one directory service receives fll access to the identity information in other directory services when the accont names are the same. For example, a ser who athenticates with an Active Directory domain as Desktop\jane atomatically receives permissions for the corresponding UNIX ser accont for jane from LDAP or NIS. In the most common scenario, OneFS is connected to two directory services, Active Directory and LDAP. In sch a case, the defalt mapping provides a ser with a UID from LDAP and a SID from the defalt grop in Active Directory. The ser's grops come from Active Directory and LDAP, with the LDAP grops added to the list. To pll grops from LDAP, the mapping service qeries the memberuid. The ser s home directory, gecos, and shell come from Active Directory. Yo can create and configre ser mapping rles in each access zone, following these gidelines. By defalt, every mapping rle is processed. This behavior allows mltiple rles to be applied, bt can present problems when applying a deny all" rle sch as "deny all nknown sers." Additionally, replacement rles may interact with rles that contain wildcard characters. To minimize complexity when configring mltiple mapping rles, it is recommended that yo grop rles by type and organize them in the following order: 1. Replacements: Any ser renaming shold be processed first to ensre that all instances of the name are replaced. 2. Joins: After the names are set by any replacement operations, se join, add, and insert rles to add extra identifiers. 3. Allow/deny: All processing mst be stopped before a defalt deny rle can be applied. To do this, create a rle that matches allowed sers bt does nothing (sch as an add operator with no field options) and has the break option. After enmerating the allowed sers, a catchall deny may be placed at the end to replace anybody nmatched with an empty ser. Within each grop of rles, pt explicit rles before rles involving wildcard characters; otherwise, the explicit rles might be skipped. Yo combine operators with ser names to create a ser-mapping rle. The following elements affect how the ser mapper applies a rle: The operator, which determines the operation that a rle performs Fields for sernames Options A parameter Wildcards 126 OneFS 7.1 Web Administration Gide

127 Identity management Mapping rle operators The operator determines what a mapping rle does. Yo can create ser-mapping rles throgh either the web-administration interface, where the operators are spelled ot in a list, or from the command-line interface. When yo create a mapping rle with the OneFS command-line interface (CLI), yo mst specify an operator with a symbol. The operator affects the direction in which the mapping service processes a rle. For more information abot creating a mapping rle, see the white paper Managing identities with the Isilon OneFS ser mapping service. The following table describes the operators that yo can se in a mapping rle. A rle can contain only one operator. Operator Web interface CLI Direction Description append Append fields from a ser ++ Left-to-right Modifies an access token by adding fields to it. The mapping service appends the fields that are specified in the list of options (ser, grop, grops) to the first identity in the rle. The fields are copied from the second identity in the rle. All appended identifiers become members of the additional grops list. An append rle withot an option performs only a lookp operation; yo mst inclde an option to alter a token. insert replace remove grops Insert fields from a ser Replace one ser with a different ser Remove spplemental grops from a ser += Left-to-right Modifies an existing access token by adding fields to it. Fields specified in the options list (ser, grop, grops) are copied from the new identity and inserted into the identity in the token. When the rle inserts a primary ser or primary grop, it become the new primary ser and primary grop in the token. The previos primary ser and primary grop move to the additional identifiers list. Modifying the primary ser leaves the token s sername nchanged. When inserting the additional grops from an identity, the service adds the new grops to the existing grops. => Left-to-right Removes the token and replaces it with the new token that is identified by the second sername. If the second sername is empty, the mapping service removes the first sername in the token, leaving no sername. If a token contains no sername, OneFS denies access with a no sch ser error. -- Unary Modifies a token by removing the spplemental grops. User mapping across systems and identities 127

128 Identity management Operator Web interface CLI Direction Description join Join two sers together &= Bidirectional Inserts the new identity into the token. If the new identity is the second ser, the mapping service inserts it after the existing identity; otherwise, the service inserts it before the existing identity. The location of the insertion point is relevant when the existing identity is already the first in the list becase OneFS ses the first identity to determine the ownership of new file system objects. Mapping rle options Mapping rles can contain options that target the fields of an access token. A field represents an aspect of a cross-domain access token, sch as the primary UID and primary ser SID from a ser that yo select. Yo can see some of the fields in the OneFS web adminstration interface. User in the web administration interface is the same as sername. Yo can also see fields in an access token by rnning the command isi ath mapping token. For more information abot rnning this command, see View on-disk identity. When yo create a rle, yo can add an option to maniplate how OneFS combines aspects of two identities into a single token. For example, an option can force OneFS to append the spplement grops to a token. A token incldes the following fields that yo can maniplate with ser mapping rles: sername nix_name primary_id primary_ser_sid primary_gid primary_grop_sid additional_ids (incldes spplemental grops) Options control how a rle combines identity information in a token. The break option is the exception: It stops OneFS from processing additional rles. Althogh several options can apply to a rle, not all options apply to all operators. The following table describes the effect of each option and the operators that they work with. Option Operator Description ser insert, append Copies the primary UID and primary ser SID, if they exist, to the token. grops insert, append Copies the primary GID and primary grop SID, if they exist, to the token. grops insert, append Copies all the additional identifiers to the token. (The additional identifiers 128 OneFS 7.1 Web Administration Gide

129 Identity management Option Operator Description exclde the primary UID, the primary GID, the primary ser SID, and the primary grop SID.) defalt_ser all operators except remove grops If the mapping service fails to find the second ser in a rle, the service tries to find the sername of the defalt ser. The name of the defalt ser cannot inclde wildcards. When yo set the option for the defalt ser in a rle with the commandline interface, yo mst set it with an nderscore: defalt_ser. break all operators Stops the mapping service from applying rles that follow the insertion point of the break option. The mapping service generates the final token at the point of the break. User-mapping best practices Yo can follow best practices to simplify ser mapping. Best practice Comments - - Use Active Directory with Use Microsoft Active Directory with Windows Services for UNIX and RFC 2307 and Windows RFC 2307 attribtes to manage Linx, UNIX, and Windows systems. Services for UNIX Integrating UNIX and Linx systems with Active Directory centralizes identity management and eases interoperability, redcing the need for ser mapping rles. Make sre yor domain controllers are rnning Windows Server 2003 or later. Employ a consistent sername strategy Do not se overlapping ID ranges The simplest configrations name sers consistently, so that each UNIX ser corresponds to a similarly named Windows ser. Sch a convention allows rles with wildcards to match names and map them withot explicitly specifying each pair of acconts. In networks with mltiple identity sorces, sch as LDAP and Active Directory with RFC 2307 attribtes, yo shold ensre that UID and GID ranges do not overlap. It is also important that the range from which OneFS atomatically allocates UIDs and GIDs does not overlap with any other ID range. The range from which OneFS atomatically allocates a UID and GID is 1,000,000 to 2,000,000. If UIDs and GIDs overlap across two or more directory services, some sers might gain access to other sers directories and files. User mapping across systems and identities 129

130 Identity management Best practice Comments - - Avoid common UIDs and Yo shold not se well-known UIDs and GIDs in yor ID ranges GIDs becase they are reserved for system acconts. UIDs and GIDs below 1000 are reserved for system acconts; do not assign them to sers or grops. Do not se ser principal names in mapping rles Grop rles by type and order them Yo cannot se a ser principal name(upn) in a ser mapping rle. A ser principal name is an Active Directory domain and sername that are combined into an Internet-style name with symbol, like an address: [email protected]. If yo inclde a UPN in a rle, the mapping service ignores it and may retrn an error. The system processes every mapping rle by defalt, which can present problems when yo apply a rle to deny all nknown sers access. In addition, replacement rles may interact with rles that contain wildcard characters. To minimize complexity, it is recommended that yo grop rles by type and organize them in the following order: 1. Place the rles that replace an identity first to ensre that OneFS replaces all instances of the identity. 2. Set join, add, and insert rles second. 3. Set rles that allow or deny access last. 4. Within each grop of rles, pt explicit rles before rles with wildcards; otherwise, the explicit rles might be skipped. Add the LDAP or NIS primary grop to the spplemental grops When an Isilon clster is connected to Active Directory and LDAP, a best practice is to add the LDAP primary grop to the list of spplemental grops. This lets OneFS honor grop permissions on files created over NFS or migrated from other UNIX storage systems. The same practice is advised when an Isilon clster is connected to both Active Directory and NIS. On-disk identity After the ser mapper resolves a ser's identities, OneFS determines an athoritative identifier for it, which is the preferred on-disk identity. OnesFS stores either UNIX or Windows identities in file metadata on disk. On-disk identity types are UNIX, SID, and native. Identities are set when a file is created or a file's access control data is modified. Almost all protocols reqire some level of mapping to operate correctly, so choosing the preferred identity to store on disk is important. Yo can configre OneFS to store either the UNIX or the Windows identity, or yo can allow OneFS to determine the optimal identity to store. On-disk identity types are UNIX, SID, and native. Althogh yo can change the type of ondisk identity, the native identity is best for a network with UNIX and Windows systems. In native mode, setting the UID as the on-disk identity improves NFS performance. Note When yo pgrade from a version of OneFS that is older than 7.0, the on-disk identity is set to UNIX. The SID on-disk identity is for a homogeneos network of Windows systems managed only with Active Directory. On new installations, the on-disk identity is set to native. 130 OneFS 7.1 Web Administration Gide

131 Identity management The native on-disk identity type allows the OneFS athentication daemon to select the correct identity to store on disk by checking for the identity mapping types in the following order: Order Mapping Description type Algorithmic mapping A SID that matches S UID or S GID in the internal ID mapping database is converted back to the corresponding UNIX identity and the UID and GID are set as the on-disk identity. 2 External mapping 3 Persistent mapping A ser with an explicit UID and GID defined in a directory service (sch as Active Directory with RFC 2307 attribtes, LDAP, NIS, or the OneFS file provider or local provider) has the UNIX identity set as the on-disk identity. Mappings are stored persistently in the identity mapper database. An identity with a persistent mapping in the identity mapper database ses the destination of that mapping as the on-disk identity, which occrs primarily with manal ID mappings. For example, if there is an ID mapping of GID:10000 to S , a reqest for the on-disk storage of GID:10000 retrns S No mapping If a ser lacks a UID or GID even after qerying the other directory services and identity databases, its SID is set as the on-disk identity. In addition, to make sre a ser can access files over NFS, OneFS allocates a UID and GID from a preset range of 1,000,000 to 2,000,000. In native mode, a UID or GID that OneFS generates is never set as the on-disk identity. Note If yo change the on-disk identity, yo shold rn the repairpermissions job. On-disk identity 131

132

133 CHAPTER 7 Aditing This section contains the following topics: Aditing overview Protocol adit events Spported event types Spported adit tools Enable system configration aditing Enable protocol access aditing Aditing settings Integrating with the EMC Common Event Enabler Aditing 133

134 Aditing Aditing overview Protocol adit events Spported event types Yo can adit system configration and SMB protocol activity on the Isilon clster. All adit data is stored and protected in the clster file system and organized in files called adit topics. Yo can export SMB adit data to Varonis DatAdvantage or other third-party vendors that spport the EMC Common Event Enabler (CEE) framework. Yo can view system configration activity on each node throgh a command-line tool. Yo can enable or disable system configration aditing; no additional configration is reqired. If yo enable configration aditing, all configration events that are handled by the API inclding writes, modifications, and deletions are tracked and recorded in the config adit topic. Yo can enable and configre protocol aditing for one or more access zones in the Isilon clster. If yo enable protocol aditing for an access zone, file-access events throgh the SMB protocol are recorded in the protocol adit topic. The protocol adit topic is consmable by aditing applications that spport the EMC Common Event Enabler (CEE), sch as Varonis DatAdvantage for Windows. By defalt, OneFS logs only the events that are handled by Varonis, bt yo can specify which events to log in each access zone. For example, yo might want to adit the defalt set of protocol events in the System access zone bt adit only sccessfl attempts to delete files in a different access zone. By defalt, adited access zones track only events that are sed by Varonis DatAdvantage inclding sccessfl and failed attempts to access files or directories. Althogh recent versions of Varonis DatAdvantage do not directly adit read and write attempts, the intention to read or write is captred by the access bits for a create event. The names of generated events are loosely based on the Windows I/O reqest packet (IRP) model in which all operations begin with a create event to obtain a file handle. All delete, rename, read, write, or set_secrity events mst be preceded by a create event. A close event marks when the client is finished with the file handle that was prodced by a create event. These internally-stored events are translated to events that are forwarded throgh CEE to Varonis DatAdvantage. The CEE export facilities on OneFS perform this mapping. It is important to note that different SMB clients isse different reqests, and that one version of Windows or Mac OS X sing SMB may differ from another. It is also important to note that different versions of an application sch as Microsoft Word or Explorer might make very different SMB protocol reqests. For example, a client with a Microsoft Explorer window open might occasionally generate many events if an atomatic or manal refresh of that window occrs. Becase programs isse reqests with the loggedin ser's credentials, examining file system adit events nder the assmption that they were prposefl ser activities may yield nexpected reslts. Yo can view or modify the event types that are adited in an access zone. By defalt, OneFS adits only the event types that are spported by Varonis DatAdvantage. The following event types are configred by defalt on each adited access zone: 134 OneFS 7.1 Web Administration Gide

135 Aditing Event name Example protocol activity - - create Create a file or directory Open a file, directory, or share Mont a share Delete a file rename delete set_secrity Rename a file or directory Delete a file or directory Attempt to modify file or directory permissions The following event types are available for forwarding throgh CEE bt are nspported by Varonis DatAdvantage: Event name Example protocol activity - - read The first read reqest on an open file handle write close get_secrity The first write reqest on an open file handle The client is finished with an open file handle The client reads secrity information for an open file handle The following protocol adit events are not exported throgh CEE and are nspported by Varonis DatAdvantage: Event name Example protocol activity - - logon SMB session create reqest by a client logoff tree_connect SMB session logoff SMB first attempt to access a share Spported adit tools Yo can configre OneFS to send protocol aditing logs to servers that spport the EMC Common Event Enabler (CEE). CEE has been tested and verified to work with the following applications. Note It is recommended that yo install and configre third-party aditing applications before yo enable the OneFS aditing featre. Otherwise, the backlog consmed by the tool may be so large that reslts may be stale for a prolonged time. Application Spported featres Adit events Varonis DatAdvantage for Windows Usable Access Aditing create Recommendations, Analytics, and Modeling Data Owner Identification and Involvement delete rename Spported adit tools 135

136 Aditing Application Spported featres Adit events set_secrity Enable system configration aditing Yo can enable or disable the aditing of system configration changes. No additional settings are available. Note It is recommended that yo install and configre third-party aditing applications before yo enable the OneFS aditing featre. Otherwise, the backlog consmed by the tool may be so large that reslts may be stale for a prolonged time. Procedre 1. Click Clster Management > Aditing. 2. In the Settings area, select the Enable Configration Change Aditing checkbox. 3. Click Save Changes. Enable protocol access aditing Yo can adit SMB protocol access on a per-access zone basis and optionally forward the generated events to the EMC Common Event Enabler (CEE) for export to third-party prodcts. Note It is recommended that yo install and configre third-party aditing applications before yo enable the OneFS aditing featre. Otherwise, the backlog consmed by the tool may be so large that reslts may be stale for a prolonged time. Procedre 1. Click Clster Management > Aditing. 2. In the Settings area, select the Enable Protocol Access Aditing checkbox. 3. In the Adited Zones area, click Add Zones. 4. In the Select Zones dialog box, select the checkbox for one or more access zones, and then click Add Zones. 5. Optional: In the Event Forwarding area, specify one or more CEE servers to forward logged events to. a. In the CEE Server URIs field, type the URI of each CEE server in the CEE server pool. The OneFS CEE export service ses rond robin load-balancing when exporting events to mltiple CEE servers. Valid URIs start with and inclde the port nmber and path to the CEE server if necessary. b. In the Storage Clster Name field, specify the name of the storage clster to se when forwarding protocol events. 136 OneFS 7.1 Web Administration Gide

137 Aditing Aditing settings This vale is typically the SmartConnect zone name. This setting is reqired only if needed by yor third-party adit application. 6. Click Save Changes. Reslts The following protocol events, which are the only events spported by Varonis DatAdvantage, are collected for adited access zones by defalt: create, delete, rename, and set_secrity. Yo can modify the set of events that are adited in an access zone by rnning the isi zone zones modify command in the command-line interface. Becase each adited event consmes system resorces, it is recommended that yo only configre zones for events that are needed by yor aditing application. Yo can view or modify basic settings for configration change aditing and protocol access aditing. Enable Configration Change Aditing Adits reqests that are made throgh the API for system configration changes. Enable Protocol Access Aditing Adits reqests that are made throgh the SMB protocol to access data. Adited Zones Specifies one or more access zones to adit. This setting applies only to protocol access aditing. CEE Server URIs Specifies one or more CEE server URIs where adit events will be forwarded. The OneFS CEE export service ses rond robin load-balancing when exporting events to mltiple CEE servers. This setting applies only to protocol access aditing. Storage Clster Name Specifies the name of the storage clster to se when forwarding protocol events typically, the SmartConnect zone name. This setting is reqired only if needed by yor third-party adit application. Integrating with the EMC Common Event Enabler OneFS integration with the EMC Common Event Enabler (CEE) allows third-party aditing applications sch as Varonis DatAdvantage to collect and analyze SMB protocol aditing logs. OneFS spports the Common Event Pblishing Agent (CEPA) component of CEE for Windows. For integration with OneFS, yo mst install and configre CEE for Windows on a spported Windows client. Note It is recommended that yo install and configre third-party aditing applications before yo enable the OneFS aditing featre. Otherwise, the backlog consmed by the tool may be so large that reslts may be stale for a prolonged time. Aditing settings 137

138 Aditing Install CEE for Windows To integrate CEE with OneFS, yo mst first install CEE on a compter that is rnning the Windows operating system. Before yo begin Be prepared to extract files from the.iso file, described in the steps below. If yo are not familiar with the process, consider choosing one of the following methods: Note Install WinRAR or another sitable archival program that can open.iso files as an archive, and copy the files. Brn the image to a CD-ROM, and then copy the files. Install SlySoft Virtal CloneDrive, which allows yo to mont an ISO image as a drive that yo can copy files from. Yo shold install a minimm of two servers. Procedre 1. Download the CEE framework software from EMC Online Spport: a. In a web browser, go to b. In the Search Spport field, type Common Event Enabler for Windows, and then click the Search icon. c. Click Common Event Enabler <Version> for Windows, where <Version> is or later, and then follow the instrctions to open or save the.iso file. 2. From the.iso file, extract the 32-bit or 64-bit EMC_CEE_Pack exectable file that yo need. After the extraction completes, the EMC Common Event Enabler installation wizard opens. 3. Click Next to proceed to the License Agreement page. 4. Select the I accept... option to accept the terms of the license agreement, and then click Next. 5. On the Cstomer Information page, type yor ser name and organization, select yor installation preference, and then click Next. 6. On the Setp Type page, select Complete, and then click Next. 7. Click Install to begin the installation. The Installing EMC Common Event Enabler page displays the progress of the installation. When the installation is complete, the InstallShield Wizard Completed page appears. 8. Click Finish to exit the wizard. 9. Restart the system. 138 OneFS 7.1 Web Administration Gide

139 Aditing Configre CEE for Windows After yo install CEE for Windows on a client compter, yo mst configre additional settings throgh the Windows Registry Editor (regedit.exe). Procedre 1. Open the Windows Registry Editor. 2. Configre the following registry keys: Setting Registry location Key Vale CEE HTTP listen port [HKEY_LOCAL_MACHINE\SOFTWARE\EMC\CEE \Configration] HttpPort Enable adit remote endpoints [HKEY_LOCAL_MACHINE\SOFTWARE\EMC\CEE\CEPP \Adit\Configration] Enabled 1 Adit remote endpoints [HKEY_LOCAL_MACHINE\SOFTWARE\EMC\CEE\CEPP \Adit\Configration] EndPoint <EndPoint> Note The HttpPort vale mst match the port in the CEE URIs that yo specify dring OneFS protocol adit configration. The EndPoint vale mst be in the format <EndPoint_Name>@<IP_Address>. Yo can specify mltiple endpoints by separating each vale with a semicolon (;). Specify a single remote endpoint: [HKEY_LOCAL_MACHINE\SOFTWARE\EMC\CEE\CEPP\Adit\Configration] EndPoint = Varonis@ Specify mltiple remote endpoints: [HKEY_LOCAL_MACHINE\SOFTWARE\EMC\CEE\CEPP\Adit\Configration] EndPoint = Varonis@ ;Varonis@ Close the Windows Registry Editor. Configre CEE for Windows 139

140

141 CHAPTER 8 File sharing This section contains the following topics: File sharing overview SMB NFS HTTP and HTTPS FTP Mixed protocol environments Write caching with SmartCache Managing the SMB service Managing SMB shares Managing the NFS service Managing NFS exports Enable and configre FTP file sharing Enable and configre HTTP Home directories File sharing 141

142 File sharing File sharing overview Mlti-protocol spport is bilt into the OneFS operating system, enabling a single file or directory to be accessed throgh SMB for Windows file sharing, NFS for UNIX file sharing, secre shell (SSH), FTP, and HTTP. By defalt, only the SMB and NFS protocols are enabled. OneFS creates the /ifs directory, which is the root directory for all file system data on the clster. The /ifs directory is configred as an SMB share and an NFS export by defalt. Yo can create additional shares and exports within the /ifs directory tree. Note It is recommended that yo do not save data to the root /ifs file path bt in directories below /ifs. The design of yor data storage strctre shold be planned careflly. A well-designed directory optimizes clster performance and clster administration. Yo can set Windows- and UNIX-based permissions on OneFS files and directories. Users who have the reqired permissions and administrative privileges can create, modify, and read data on the clster throgh one or more of the spported file sharing protocols. SMB. Allows Microsoft Windows and Mac OS X clients to access files that are stored on the clster. NFS. Allows UNIX, Linx, Mac OS X, Solaris, and other UNIX-based clients to access files that are stored on the clster. HTTP and HTTPS (with optional DAV). Allows clients to access files that are stored on the clster throgh a web browser. FTP. Allows any client that is eqipped with an FTP client program to access files that are stored on the clster throgh the FTP protocol. SMB OneFS incldes a configrable SMB service to create and manage SMB shares. SMB shares provide Windows clients network access to file system resorces on the clster. Yo can grant permissions to sers and grops to carry ot operations sch as reading, writing, and setting access permissions on SMB shares. The /ifs directory is configred as an SMB share and is enabled by defalt. OneFS spports both ser and anonymos secrity modes. If the ser secrity mode is enabled, sers who connect to a share from an SMB client mst provide a valid ser name with proper credentials. The SMB protocol ses secrity identifiers (SIDs) for athorization data. All identities are converted to SIDs dring retrieval and are converted back to their on-disk representation before they are stored on the clster. When a file or directory is created, OneFS checks the access control list (ACL) of its parent directory. If the ACL contains any inheritable access control entries (ACEs), a new ACL is generated from those ACEs. Otherwise, OneFS creates an ACL from the combined file and directory create mask and create mode settings. OneFS spports the following SMB clients: 142 OneFS 7.1 Web Administration Gide

143 File sharing SMB version Spported operating systems Windows 2000 or later Windows XP or later Mac OS X 10.5 or later 2 Windows Vista or later Windows Server 2008 or later 2.1 Windows 7 or later Windows Server 2008 R2 or later Overlapping display names for SMB shares OneFS spports overlapping display names for SMB shares if the display name appears only once per access zone. All SMB shares belong to a global list of shares and reqire niqe SMB share names. By defalt, sers see the SMB share name when connecting to the EMC Isilon clster; however, yo can configre a display name for the SMB share that sers see instead. Display names mst be niqe within a zone; therefore, if yo wold like more than one SMB share to display the same name yo mst add each share to a separate access zone. For example, yo can assign the "Home" as the display name for an SMB share in zonea and also assign it to a different share in zoneb. NFS OneFS incldes a configrable NFS service to create and manage NFS exports, which provide UNIX clients network access to file system resorces on the clster. The Isilon clster spports NIS and LDAP athentication providers for NFS file sharing. OneFS spports asynchronos and synchronos commnication over NFS. HTTP and HTTPS OneFS incldes a configrable HTTP service, which is sed to reqest files that are stored on the clster and to interact with the web administration interface. OneFS spports both HTTP and its secre variant, HTTPS. Each node in the clster rns an instance of the Apache HTTP Server to provide HTTP access. Yo can configre the HTTP service to rn in different modes. Both HTTP and HTTPS are spported for file transfer, bt only HTTPS is spported for Platform API calls. The HTTPS-only reqirement incldes the web administration interface. In addition, OneFS spports a form of the web-based DAV (WebDAV) protocol that enables sers to modify and manage files on remote web servers. OneFS performs distribted athoring, bt does not spport versioning and does not perform secrity checks. Yo can enable DAV in the web administration interface. Overlapping display names for SMB shares 143

144 File sharing FTP OneFS incldes a secre FTP service called vsftpd, which stands for Very Secre FTP Daemon, that yo can configre for standard FTP and FTPS file transfers. Mixed protocol environments The /ifs directory is the root directory for all file system data in the clster, serving as an SMB share, an NFS export, and a docment root directory. Yo can create additional shares and exports within the /ifs directory tree. Yo can configre yor OneFS clster to se SMB or NFS exclsively. Yo can also enable HTTP, FTP, and SSH. Access rights are consistently enforced across access protocols on all secrity models. A ser is granted or denied the same rights to a file whether sing SMB or NFS. Clsters rnning OneFS spport a set of global policy settings that enable yo to cstomize the defalt access control list (ACL) and UNIX permissions settings. OneFS is configred with standard UNIX permissions on the file tree. Throgh Windows Explorer or OneFS administrative tools, yo can give any file or directory an ACL. In addition to Windows domain sers and grops, ACLs in OneFS can inclde local, NIS, and LDAP sers and grops. After a file is given an ACL, the mode bits are no longer enforced and exist only as an estimate of the effective permissions. Note It is recommended that yo configre ACL and UNIX permissions only if yo flly nderstand how they interact with one another. Write caching with SmartCache Write caching accelerates the process of writing data to the clster. OneFS incldes a write-caching featre called SmartCache, which is enabled by defalt for all files and directories. If write caching is enabled, OneFS writes data to a write-back cache instead of immediately writing the data to disk. OneFS can write the data to disk at a time that is more convenient. Note It is recommended that yo keep write caching enabled. Yo shold also enable write caching for all file pool policies. OneFS interprets writes to the clster as either synchronos or asynchronos, depending on a client's specifications. The impacts and risks of write caching depend on what protocols clients se to write to the clster, and whether the writes are interpreted as synchronos or asynchronos. If yo disable write caching, client specifications are ignored and all writes are performed synchronosly. The following table explains how clients' specifications are interpreted, according to the protocol. 144 OneFS 7.1 Web Administration Gide

145 File sharing Protocol Synchronos Asynchronos NFS The stable field is set to data_sync or file_sync. The stable field is set to nstable. SMB iscsi The write-throgh flag has been applied. The write-cache enabled (WCE) setting is set to false. The write-throgh flag has not been applied. The WCE setting is set to tre. Write caching for asynchronos writes Writing to the clster asynchronosly with write caching is the fastest method of writing data to yor clster. Write caching for asynchronos writes reqires fewer clster resorces than write caching for synchronos writes, and will improve overall clster performance for most workflows. However, there is some risk of data loss with asynchronos writes. The following table describes the risk of data loss for each protocol when write caching for asynchronos writes is enabled: Protocol Risk - - NFS If a node fails, no data will be lost except in the nlikely event that a client of that node also crashes before it can reconnect to the clster. In that sitation, asynchronos writes that have not been committed to disk will be lost. SMB iscsi If a node fails, asynchronos writes that have not been committed to disk will be lost. CAUTION If a node fails, asynchronos writes that have not been committed can case inconsistencies in any file system that is laid ot on the LUN, rendering the file system nsable. Write caching for synchronos writes It is recommended that yo do not disable write caching, regardless of the protocol that yo are writing with. If yo are writing to the clster with asynchronos writes, and yo decide that the risks of data loss are too great, it is recommended that yo configre yor clients to se synchronos writes, rather than disable write caching. Write caching for synchronos writes costs clster resorces, inclding a negligible amont of storage space. Althogh it is not as fast as write caching with asynchronos writes, nless clster resorces are extremely limited, write caching with synchronos writes is faster than writing to the clster withot write caching. Write caching does not affect the integrity of synchronos writes; if a clster or a node fails, none of the data in the write-back cache for synchronos writes is lost. Write caching for asynchronos writes 145

146 File sharing Managing the SMB service Configre SMB file sharing Yo can enable or disable the SMB service and configre global settings for the SMB service, inclding defalt settings that are applied to new SMB shares. Global configration settings for SMB inclde snapshot directory settings and SMB share settings. The global SMB share settings are the same as the settings for individal SMB shares. To change the advanced settings for an individal share, click SMB Shares. CAUTION Modifying the advanced settings cold reslt in operational failres. Be aware of the potential conseqences before committing changes to these settings. Procedre 1. Click Protocols > Windows Sharing (SMB) > SMB Settings. 2. For the SMB service setting, select Enabled. 3. To configre advanced SMB server settings, click SMB Server Settings. 4. To configre advanced SMB share settings, click SMB Share Settings. 5. Click Save. Limit access to /ifs share for the Everyone accont Yo shold limit SMB share access on the root /ifs directory for the Everyone accont. It is a best practice to limit the Everyone accont to read-only access on the root /ifs share. Procedre 1. Click Protocols > Windows Sharing (SMB) > SMB Shares, and then click View details for the /ifs share. 2. Click Edit next to the Users & Grops option. 3. In the User/Grop acconts list, click Edit next to the Everyone accont. 4. Click Specify Permission Level and then select from the following options to define the permissions that yo want to allow the Everyone accont: Fll Control Read-Write Read 5. Click Save. 146 OneFS 7.1 Web Administration Gide

147 File sharing Snapshots directory settings Yo can view and configre the settings that control the snapshots directories in SMB. CAUTION These settings affect the behavior of the SMB service. Changes to these settings can affect all crrent and ftre SMB shares. Setting Setting vale - - Visible at Root Specifies whether to make the.snapshot directory visible at the root of the share. The defalt vale is Yes. Accessible at Root Visible in Sbdirectories Accessible in Sbdirectories Specifies whether to make the.snapshot directory accessible at the root of the share. The defalt vale is Yes. Specifies whether to make the.snapshot directory visible in sbdirectories of the share root. The defalt vale is No. Specifies whether to make the.snapshot directory accessible in sbdirectories of the share root. The defalt vale is Yes. File and directory permission settings Yo can view and configre the defalt sorce permissions and UNIX create mask/mode bits that are applied when a file or directory is created in an SMB share. Note Changes that are made from the SMB Settings tab override the defalt settings for all SMB shares. If the mask and mode bits match the defalt vales, a green check mark next to a setting appears, indicating that the specified read (R), write (W), or execte (X) permission is enabled at the ser, grop, or "other" level. The "other" level incldes all sers who are not listed as the owner of the share, and are not part of the grop level that the file belongs to. Setting Setting vale - - Create Permissions Sets the defalt sorce permissions to apply when a file or directory is created. The defalt vale is Defalt ACL. Create Mask (Dir) Create Mode (Dir) Create Mask (File) Create Mode (File) Specifies UNIX mode bits that are removed when a directory is created, restricting permissions. Mask bits are applied before mode bits are applied. Specifies UNIX mode bits that are added when a directory is created, enabling permissions. Mode bits are applied after mask bits are applied. Specifies UNIX mode bits that are removed when a file is created, restricting permissions. Mask bits are applied before mode bits are applied. Specifies UNIX mode bits that are added when a file is created, enabling permissions. Mode bits are applied after mask bits are applied. Snapshots directory settings 147

148 File sharing SMB performance settings Yo can view and configre the change notify and oplocks performance settings of an SMB share. Note Changes that are made from the SMB Settings tab override the defalt settings for all SMB shares. Setting Setting vale - - Change Notify Configres notification of clients when files or directories change. This helps prevent clients from seeing stale content, bt reqires server resorces. The defalt vale is Norecrse. Oplocks Indicates whether an opportnistic lock (oplock) reqest is allowed. An oplock allows clients to provide performance improvements by sing locally-cached information. The defalt vale is Yes. SMB secrity settings Yo can view and configre the Impersonate Gest, Impersonate User, and NTFS ACL secrity settings of an SMB share. Note Changes that are made from the SMB Settings tab override the defalt settings for all SMB shares. Setting Setting vale - - Impersonate Gest Determines gest access to a share. The defalt vale is Never. Impersonate User NTFS ACL Allows all file access to be performed as a specific ser. This mst be a flly qalified ser name. The defalt vale is No vale. Allows ACLs to be stored and edited from SMB clients. The defalt vale is Yes. Managing SMB shares Yo can configre the rles and other settings that govern the interaction between yor Windows network and individal SMB shares on the clster. OneFS spports %U, %D, %Z, %L, %0, %1, %2, and %3 variable expansion and atomatic provisioning of ser home directories. Yo can configre the sers and grops that are associated with an SMB share, and view or modify their share-level permissions. 148 OneFS 7.1 Web Administration Gide

149 File sharing Note It is recommended that yo configre advanced SMB share settings only if yo have a solid nderstanding of the SMB protocol. Create an SMB share When yo create an SMB share, yo can override the defalt permissions, performance, and access settings. Yo can configre SMB home directory provisioning by inclding expansion variables in the share path to atomatically create and redirect sers to their own home directories. Procedre 1. Click Protocols > Windows Sharing (SMB) > SMB Shares. 2. Click Add a share. 3. In the Share Name field, type a name for the share. Share names can contain p to 80 characters, and can only contain alphanmeric characters, hyphens, and spaces. 4. Optional: In the Description field, type a comment abot the share. A description is optional, bt can be helpfl if yo are managing mltiple shares. This field is limited to 255 characters. 5. In the Directory to be Shared field, type the fll path of the share, beginning with / ifs, or click Browse to locate the share. Note Yo can specify one or more of the following variables in the directory path bt yo mst select the Allow Variable Expansion check box or the string is interpreted literally by the system. Variable Expansion - - %D NetBIOS domain name. %U User name for example, ser_001. %Z Zone name for example, System. %L Host name of the clster, normalized to lowercase. %0 First character of the ser name. %1 Second character of the ser name. %2 Third character of the ser name. For example, if a ser is in a domain named DOMAIN and has a sername of ser_1, the path /ifs/home/%d/%u expands to /ifs/home/domain/ser_1. 6. Apply the initial ACL settings for the directory. Yo can modify these settings later. To apply a defalt ACL to the shared directory, click Apply Windows defalt ACLs. Create an SMB share 149

150 File sharing Note If the Ato-Create Directories setting is enabled, OneFS creates an ACL with the eqivalent of UNIX 700 mode bit permissions for any directory that is created atomatically. To maintain the existing permissions on the shared directory, click Do not change existing permissions. 7. Optional: Configre home directory provisioning settings. To expand path variables sch as %U in the share directory path, select Allow Variable Expansion. To atomatically create home directories when sers access the share for the first time, select Ato-Create Directories. This option is available only if the Allow Variable Expansion option is enabled. 8. Optional: Apply advanced SMB share settings if needed. 9. Click Create. After yo finish Note SMB shares are crrently created with read-only permissions by defalt. To enable access to a share, yo mst modify the share settings to allow sers to write to the share. This fnctionality is available only throgh the OneFS command-line interface. For example, the following command allows the well-known ser Everyone fll permissions to a share named HOMEDIR: isi smb shares permission modify HOMEDIR --wellknown Everyone \ --permission-type allow --permission fll Modify SMB share permissions, performance, or secrity Yo can modify the permissions, performance, and access settings for individal SMB shares. Yo can configre SMB home directory provisioning by sing directory path, or expansion, variables to atomatically create and redirect sers to their own home directories. Note Any changes made to these settings will only affect the settings for this share. If yo need to make changes to the global defalt vales, that can be done from the SMB Settings tab. Procedre 1. Click Protocols > Windows Sharing (SMB) > SMB Shares. 2. From the list of SMB shares, locate the share yo want to modify and then click View details. 3. For each setting that yo want to modify, click Edit, make the change, and then click Save. 4. To modify the settings for file and directory permissions, performance, or secrity, click Advanced SMB Share Settings. 150 OneFS 7.1 Web Administration Gide

151 File sharing Add a ser or grop to an SMB share For each SMB share, yo can add share-level permissions for specific sers and grops. Procedre 1. Click Protocols > Windows Sharing (SMB) > SMB Shares, and then click View details for the share yo want to add a ser or grop to. 2. Click Edit next to the Users & Grops option. The User/Grop permission list for the share appears. 3. Click Add a User or Grop. Then select the option yo want to search for. Options Users Grops Description Enter the sername yo want to search for in the text field, and then click Search. Enter the grop yo want to search for in the text field, and then click Search. Well-known SIDs Skip to step From the Access Zone list, select the access zone yo want to search. 5. From the Provider list, select the athentication provider yo want to search. Only providers that are crrently configred and enabled on the clster are listed. 6. Click Search. The reslts of the search appear in the Search Reslts box. 7. In the search reslts, click the ser, grop, or SID that yo want to add to the SMB share and then click Select. 8. By defalt, the access rights of the new accont are set to "Deny All". To enable a ser or grop to access the share, follow these additional steps: a. Next to the ser or grop accont yo added, click Edit. b. Select the permission level yo want to assign to the ser or grop. The choices are Rn as Root or specific permission levels: Fll Control, Read-Write, or Read. 9. Click Save. Configre overlapping share display names Yo can specify the same display name for mltiple SMB shares by assigning the shares to separate access zones. Procedre 1. Click Clster Management > Access Management > Access Zone. 2. From the Access Zones list, click View details for the zone that yo want to modify. 3. In the SMB Shares area, click Edit. 4. In the drop-down men, select Manally select SMB shares. The SMB Shares area expands to display the SMB Shares in this Zone list. 5. Click Add SMB shares. The Select SMB Shares dialog box appears. Add a ser or grop to an SMB share 151

152 File sharing 6. Select the SMB share yo want to add to this zone and click Select. 7. In the SMB Shares in this Zone list, click Edit to modify the share. 8. Type the overlapping display name yo want in the Display Name field and click Save. 9. In the SMB Shares area, click Save. 10.Repeat this procedre for each SMB share that will se the same display name. After yo finish Yo mst associate an IP address pool with each access zone. The IP address the ser connects throgh specifies which zone the ser is allowed to access. Configre mlti-protocol home directory access Delete an SMB share For sers who will access this share throgh FTP or SSH, yo can ensre that their home directory path is the same whether they connect throgh SMB or they log in throgh FTP or SSH. This command directs the SMB share to se the home directory template that is specified in the ser's athentication provider. This procedre is available only throgh the command-line interface. Procedre 1. Establish an SSH connection to any node in the clster. 2. Rn the following command, where <homedir_share> is the name of the SMB share: isi smb share modify <homedir_share> --path="" Yo can delete SMB shares that are no longer needed. Unsed SMB shares do not hinder clster performance. If yo delete an SMB share, the share path is deleted bt the directory it referenced still exists. If yo create a new share with the same path as the share that was deleted, the directory that the previos share referenced will be accessible again throgh the new share. Procedre 1. Click Protocols > Windows Sharing (SMB) > SMB Shares. 2. From the list of SMB shares, select the share that yo want to delete. Note Yo can delete all of the shares on the clster by selecting the Name/Path option, and then selecting Delete from the drop-down men. 3. Click Delete. 4. In the confirmation dialog box, click Delete to confirm the deletion. Managing the NFS service Configre NFS file sharing 152 OneFS 7.1 Web Administration Gide Yo can enable or disable the NFS service and specify the NFS versions to spport. NFS settings are applied across all nodes in the clster. Yo can enable or disable the NFS service, set the lock protection level, and set the secrity type. These settings are applied across all nodes in the clster. Yo can change

153 File sharing the settings for individal NFS exports as yo create them, or edit the settings for individal exports as needed. Procedre 1. Click Protocols > UNIX Sharing (NFS) > NFS Settings. 2. Enable or disable the NFS service and version spport settings: NFS Service NFSv2 Spport NFSv3 Spport NFSv4 Spport 3. Select the Lock Protection Level setting. 4. Click the Reload Cached Configration btton. The cached NFS export settings are reloaded to ensre that changes to DNS or NIS are applied. 5. In the Users/Grops Mapping men, click Cstom Defalt. A box containing the settings for Map to User Credentials and Also map these ser grops appears. a. To limit access by mapping root sers or all sers to a specific ser or grop, from the Root sers list, click Specific sername and then type the ser names in the text field. A ser is any ser available in one of the configred athorization providers. b. To map sers to grops, select the Also map these sers to grops check box, click Specific ser grop(s), and then type the grop names in the text field. 6. Select the secrity type. The defalt setting is UNIX. 7. Click Save. Create a root-sqashing rle for the defalt NFS export Yo shold create a root-sqashing rle for the defalt NFS export. Procedre 1. Click Protocols > UNIX Sharing (NFS) > NFS Settings. 2. From the list of NFS exports, click View details for the defalt export. 3. In the Users/Grop Mapping men, click Use Cstom. A box containing the settings for Map to User Credentials and Also map these ser grops appears. Option Click Specific sername and then type the ser names iselect the Also map these sers to grops check box, click Specific ser grop(s), and then type the grop names in the text field. Select the Also map these sers to grops check box, click Specific ser grop(s), and then type the grop names in the text field. Description Limit access by mapping root sers or all sers to a specific ser or grop, from the Root sers list. Map sers to grops. 4. Select the secrity type. The defalt setting is UNIX. Create a root-sqashing rle for the defalt NFS export 153

154 File sharing NFS service settings 5. Click Save. The NFS service settings are the global settings that determine how the NFS file sharing service operates. These settings inclde versions of NFS to spport, the lock protection level, NFS exports configration, ser/grop mappings, and secrity types. Setting Description - - Service Enables or disables the NFS service. This setting is enabled by defalt. NFSv2 spport NFSv3 spport NFSv4 spport Lock protection level Enables or disables spport for NFSv2. This setting is enabled by defalt. Enables or disables spport for NFSv3. This setting is enabled by defalt. Enables or disables spport for NFSv4. This setting is disabled by defalt. Determines the nmber of node failres that can happen before a lock may be lost. The defalt vale is +2. NFS performance settings The NFS performance settings are global settings that affect the performance of NFS exports, sch as maximm file size and read/write transfer settings. Setting Description - - Block size The block size reported to NFSv2+ clients. The defalt vale is Commit asynchronosly Directory read transfer Read transfer max Read transfer mltiple Read transfer preferred Readdirpls prefetch Setattr asynchronos Write datasync action Write datasync reply Write filesync action If set to yes, allows NFSv3 and NFSv4 COMMIT operations to be asynchronos. The defalt vale is No. The preferred directory read transfer size reported to NFSv3 and NFSv4 clients. The defalt vale is The maximm read transfer size reported to NFSv3 and NFSv4 clients. The defalt vale is The recommended read transfer size mltiple reported to NFSv3 and NFSv4 clients. The defalt vale is 512. The preferred read transfer size reported to NFSv3 and NFSv4 clients. The nmber of file nodes to be prefetched on readdir. The defalt vale is 10. If set to yes, performs set attribte operations asynchronosly. The defalt vale is No. The action to perform for DATASYNC writes. The defalt vale is DATASYNC. The reply to send for DATASYNC writes. The defalt vale is DATASYNC. The action to perform for FILESYNC writes. The defalt vale is FILESYNC. 154 OneFS 7.1 Web Administration Gide

155 File sharing Setting Description - - Write filesync reply The reply to send for FILESYNC writes. The defalt vale is FILESYNC. Write transfer max Write transfer mltiple Write transfer preferred Write nstable action Write nstable reply The maximm write transfer size reported to NFSv3 and NFSv4 clients. The defalt vale is The recommended write transfer size reported to NFSv3 and NFSv4 clients. The defalt vale is 512. The preferred write transfer size reported to NFSv3 and NFSv4 clients. The defalt vale is The action to perform for UNSTABLE writes. The defalt vale is UNSTABLE. The reply to send for UNSTABLE writes. The defalt vale is UNSTABLE. NFS client compatibility settings The NFS client compatibility settings are global settings that affect the cstomization of NFS exports. These settings inclde the maximm file size, enabling readdirpls, and 32- bit file IDs. Setting Setting vale - - Max file size Specifies the maximm file size to allow. The defalt vale is Readdirpls enable Retrn 32 bit file IDs Enables readdirpls. The defalt vale is yes. Retrns 32-bit file IDs. NFS export behavior settings The NFS export behavior settings are global settings that control options sch as whether non-root sers can set file times, the general encoding settings of an export, whether to look p UIDs (incoming ser identifiers), or set the server clock granlarity. Setting Setting vale - - Can set time Permits non-root sers to set file times. The defalt vale is Yes. Encoding Map Lookp UID Symlinks Time delta Overrides the general encoding settings the clster has for the export. The defalt vale is DEFAULT. Looks p incoming ser identifiers (UIDs) in the local athentication database. The defalt vale is No. Enables symlink spport for the export. The defalt vale is Yes. Sets the server clock granlarity. The defalt vale is 1e-9. NFS client compatibility settings 155

156 File sharing Managing NFS exports The defalt /ifs export is configred to allow UNIX clients to mont any sbdirectory. Yo can view and modify NFS export settings, and yo can delete NFS exports that are no longer needed. Yo mst define all mont points for a given export host as a single export rle, which is the collection of options and constraints that govern the access of an export to the file system. To add a mont point for an export host that appears in the list of export rles, yo mst modify that entry rather than add a new one. Yo can apply individal host rles to each export, or yo can specify all hosts, which eliminates the need to create mltiple rles for the same host. To prevent problems when setting p new exports, be sre to delete export rles for directories that have been removed from the file system. Note Changes to the advanced settings affect all crrent and ftre NFS exports that se defalt settings, and may impact the availability of the NFS file sharing service. Do not make changes to these settings nless yo have experience working with NFS. It is recommended that yo change the defalt vales for individal NFS exports as yo create them, or edit the settings of existing exports. View and configre defalt NFS export settings Create an NFS export Defalt settings apply to all crrent and ftre NFS exports. For each setting, yo can cstomize the defalt vale or select the factory defalt vale. The factory defalt vale cannot be modified. Note Modifying the global defalt vales is not recommended. Yo can override the settings for NFS exports as yo create them, or modify the settings for existing exports. Procedre 1. Click Protocols > UNIX Sharing (NFS) > NFS Settings. 2. Click the NFS export settings men. 3. For each setting that yo want to modify, click System Defalt in the list of options and select Cstom Defalt. Note If a confirmation dialog box appears, click Contine. 4. Make yor changes to the information in the setting vale text field. 5. When yo are finished modifying settings, click Save. OneFS does not restrict the nmber of NFS exports that yo can create. Procedre 156 OneFS 7.1 Web Administration Gide 1. Click Protocols > UNIX Sharing (NFS) > NFS Export.

157 File sharing 2. Click Add an Export. 3. Optional: In the Description field, type a comment that describes the export. 4. Optional: Specify which clients are allowed to access the export. Yo can specify a client by host name, IP address, sbnet, or netgrop. Yo can specify mltiple clients in each field by typing one entry per line. Note If no clients are specified, all clients are allowed to access the export. If yo add the same client to more than one list and the client is entered in the same format for each entry, the client is normalized to a single list in the following order of priority: Root Clients, Always Read-Write Clients, Always Read-Only Clients, Clients. Setting Clients Always Read-Write Clients Always Read-Only Clients Root Clients Description Specifies one or more clients to be allowed access to the export. Access level is controlled throgh export permissions. Specifies one or more clients to be allowed read/write access to the export regardless of the export's access-restriction setting. Eqivalent to adding a client to the Clients list with the Restrict access to readonly setting cleared. Specifies one or more clients to be allowed read-only access to the export regardless of the export's access-restriction setting. Eqivalent to adding a client to the Clients list with the Restrict access to readonly setting selected. Specifies one or more clients to be mapped as root for the export. This setting is eqivalent to adding a client to the Clients list and mapping root sers to the root sername. 5. For the Directory Paths setting, type or browse to the directory that yo want to export. Yo can add more directory paths by clicking Add another directory path. 6. Specify export permissions: Restrict actions to read-only. Enable mont access to sbdirectories. Allow sbdirectories below the path(s) to be monted. 7. Specify User/Grop mapping. If yo select the Use cstom option, yo can limit access by mapping root sers or all sers to a specific ser and grop ID. For root sqash, map root sers to the ser name nobody. 8. Specify Secrity Type(s). If yo select the Use cstom option, yo can select one or more of the following secrity types: UNIX (system) Kerberos5 Kerberos5 Integrity Kerberos5 Privacy Create an NFS export 157

158 File sharing Modify an NFS export Delete an NFS export 9. Configre Advanced NFS Export Settings. 10.Click Save. Yo can modify the settings for individal NFS exports. Procedre 1. Click Protocols > UNIX Sharing (NFS) > NFS Export. 2. From the list of NFS exports, click View details for the export that yo want to modify. 3. For each setting that yo want to modify, click Edit, make the change, and then click Save. 4. Click Close. Yo can delete NFS exports that are no longer needed. Note Yo can delete all the exports on a clster by selecting the Export ID/Path option, and then selecting Delete from the drop-down men. Procedre 1. Click Protocols > UNIX Sharing (NFS) > NFS Export 2. From the list of NFS exports, click the check box for the export that yo want to delete. 3. Click Delete. Check NFS exports for errors 4. In the confirmation dialog box, click Delete to confirm the deletion. Yo can check for errors in NFS exports. This procedre is available only throgh the CLI. Procedre 1. Rn the isi nfs exports check command. In the following example otpt, no errors were fond: ID Message Total: 0 In the following example otpt, export 1 contains a path that does not crrently exist: ID Message '/ifs/test' is not a directory Total: OneFS 7.1 Web Administration Gide

159 File sharing Enable and configre FTP file sharing Yo can set the FTP service to allow any node in the clster to respond to FTP reqests throgh a standard ser accont. Yo can enable the transfer of files between remote FTP servers and enable anonymos FTP service on the root by creating a local ser named anonymos or ftp. When configring FTP access, make sre that the specified FTP root is the home directory of the ser who logs in. For example, the FTP root for local ser jsmith shold be ifs/ home/jsmith. Procedre 1. Click Protocols > FTP Settings. 2. Click Enable. 3. Select one or more of the following settings: Option Server-toserver transfers Anonymos access Local access Description Enables the transfer of files between two remote FTP servers. This setting is disabled by defalt. Enables sers with "anonymos" or "ftp" as the ser name to access files and directories withot reqiring athentication. This setting is disabled by defalt. Enables local sers to access files and directories with their local ser name and password, allowing them to pload files directly throgh the file system. This setting is enabled by defalt. 4. Click Sbmit. Enable and configre HTTP Yo can configre HTTP and DAV to enable sers to edit and manage files collaboratively across remote web servers. This procedre is available only throgh the web administration interface. Procedre 1. Click Protocols > HTTP Settings. 2. From the Service options, select one of the following settings: Option Enable HTTP Disable HTTP and redirect to the web interface Description Allows HTTP access for clster administration and browsing content on the clster. Allows only administrative access to the web administration interface. This is the defalt setting. Enable and configre FTP file sharing 159

160 File sharing Option Disable HTTP entirely Description Closes the HTTP port sed for file access. Users can contine to access the web administration interface by specifying the port nmber in the URL. The defalt port is In the Docment root directory field, type or click Browse to navigate to an existing directory in /ifs, or click File System Explorer to create a new directory and set its permissions. Note The HTTP server rns as the daemon ser and grop. To properly enforce access controls, yo mst grant the daemon ser or grop read access to all files nder the docment root, and allow the HTTP server to traverse the docment root. 4. In the Server hostname field, type the HTTP server name. The server hostname mst be a flly-qalified, SmartConnect zone name and valid DNS name. The name mst begin with a letter and contain only letters, nmbers, and hyphens (-). 5. In the Administrator address field, type an address to display as the primary contact for isses that occr while serving files. 6. From the Active Directory Athentication list, select an athentication setting: Option Off Basic Athentication Only Integrated Athentication Only Integrated and Basic Athentication Basic Athentication with Access Controls Integrated and Basic Ath with Access Controls Description Disables HTTP athentication. Enables HTTP basic athentication. User credentials are sent in plain text. Enables HTTP athentication via NTLM, Kerberos, or both. Enables both basic and integrated athentication. Enables HTTP athentication via NTLM and Kerberos, and enables the Apache web server to perform access checks. Enables HTTP basic athentication and integrated athentication, and enables access checks via the Apache web server. Home directories 7. Click the Enable DAV check box. This allows mltiple sers to manage and modify files collaboratively across remote web servers. 8. Click the Disable access logging check box. 9. Click Sbmit. When yo create a local ser, OneFS atomatically creates a home directory for the ser. OneFS also spports dynamic home directory provisioning for sers who access the clster by connecting to an SMB share or by logging in throgh FTP or SSH. Regardless of 160 OneFS 7.1 Web Administration Gide

161 File sharing Home directory permissions the method by which a home directory was created, yo can configre access to the home directory throgh a combination of SMB, SSH, and FTP. A ser's home directory can be set p with a Windows ACL or with POSIX mode bits, which are then converted into a synthetic ACL. The method by which a home directory is created determines the initial permissions that are set on the home directory. When yo create a local ser, the ser's home directory is created with mode bits by defalt. For sers who athenticate against external sorces, home directories can be dynamically created at login time. If a home directory is created dring a login throgh SSH or FTP, it is set p with mode bits; if a home directory is created dring an SMB connection, it receives either mode bits or an ACL. For example, if an LDAP ser first logs in throgh SSH or FTP, the ser's home directory is created with mode bits. However, if the same ser first connects throgh an SMB share, the home directory is created with the permissions indicated by the configred SMB settings. If the "inherited path ACL" setting is enabled, an ACL is generated; otherwise, mode bits are sed. Note Becase SMB sends an NT password hash to athenticate SMB sers, only sers from athentication providers that can handle NT hashes can log in over SMB. These providers inclde the local provider, Active Directory, and LDAP with Samba extensions enabled. File, NIS, and non-samba LDAP sers cannot log in over SMB. Home directory creation throgh SMB Yo can create an SMB share that incldes expansion variables in the share path, enabling sers to access their home directories by connecting to the share. Yo can enable dynamic creation of home directories that do not exist at SMB connection time. By defalt, an SMB share's directory path is created with a synthetic ACL based on mode bits. Yo can enable the "inheritable ACL" setting on a share to specify that, if the parent directory has an inheritable ACL, it will be inherited on the share path. Note Share permissions are checked when files are accessed, before the nderlying file system permissions are checked. Either of these permissions can prevent access to the file or directory. Create home directories with expansion variables Yo can create SMB share home directories by sing expansion variables, as demonstrated in this example. When sing SMB, home directories are accessed throgh shares. A special home directory share can be set p with a path that ses a special variable expansion syntax to allow a ser to connect to his or her home directory by connecting to this share. Note Home directory share paths mst begin with /ifs/ and mst be within the root path of the access zone in which the home directory SMB share is created. Home directory permissions 161

162 File sharing In the following example, on the clster the --allow-variable-expansion option is enabled to indicate that %U shold be expanded to the ser name (ser411 in this example). The --ato-create-directory option is enabled to indicate that the directory shold be created if it does not exist. When ser411 connects to the share with the net se command, the ser's home directory is created at /ifs/home/ser411. # isi smb shares create HOMEDIR --path=/ifs/home/%u \ --allow-variable-expansion=yes --ato-create-directory=yes # isi smb shares permission modify HOMEDIR --wellknown Everyone \ --permission-type allow --permission fll # isi smb shares view HOMEDIR Share Name: HOMEDIR Path: /ifs/home/%u Description: Client-side Caching Policy: manal Atomatically expand ser names or domain names: Tre Atomatically create home directories for sers: Tre Browsable: Tre Permissions: Accont Accont Type Rn as Root Permission Type Permission Everyone wellknown False allow fll Total: 1... On the ser's Windows client, m: is connected to /ifs/home/ser411 throgh the HOMEDIR share. # net se m: \\clster.company.com\homedir /:ser411 Create home directories with the --inheritable-path-acl option Yo can enable the inheritable ACL option on a share to specify that it is to be inherited on the share path if the parent directory has an inheritable ACL. By defalt, an SMB share's directory path is created with a synthetic ACL based on mode bits. Yo can enable the --inheritable-path-acl option to se the inheritable ACL on all directories that are created, either at share creation time or for those dynamically provisioned when connecting to that share. In this example, the --inheritable-path-acl is enabled on the clster to dynamically provision a ser home directory at first connection to a share on the clster: # isi SMB shares create HOMEDIR_ACL --path=/ifs/home/%u \ --allow-variable-expansion=yes --ato-create-directory=yes \ --inheritable-path-acl=yes # isi SMB shares permission modify HOMEDIR_ACL \ --wellknown Everyone \ --permission-type allow --permission fll On the ser's Windows client: # net se q: \\clster.company.com\homedir_acl /:ser411 The reslt on the clster: # cd /ifs/home/ser411 # ls -lde. drwx ser411 <yor-company> Users 0 Oct 19 16:23./ OWNER: ser:ser411 GROUP: grop:<yor-company> Users CONTROL:dacl_ato_inherited,dacl_protected 0: ser:ser411 allow dir_gen_all,object_inherit,container_inherit 162 OneFS 7.1 Web Administration Gide

163 File sharing Create special home directories with the SMB share %U variable Yo can sed the SMB share %U variable to create a home directory SMB share that maps to a ser name. When yo se an SMB share %U variable so that it maps to a ser name, it is typically with a share path that incldes the %U expansion variable. When a ser attempts to connect to a share matching the login name and it does not exist, he or she connects to the %U share instead and is directed to the expanded path for the %U share. The following example creates a share that matches the athenticated ser login name. For example, ser Zachary will connect to /ifs/home/zachary on the clster when he tries to connect to share zachary in the System zone. # isi smb share create %U /ifs/home/%u \ --allow-variable-expansion=yes --ato-create-directory=yes \ --zone=system In this example from a Windows client, when the net se command is rn on m:, Zachary sees the contents of his /ifs/home/zachary directory: # net se m: \\clster.ip\zachary /:zachary # cd m: # dir In this example, another ser, Cladia, sees the directory contents of /ifs/home/ cladia: # net se m: \\clster.ip\cladia /:cladia # cd m: # dir If Cladia tries to access Zachary's share, however, she cannot connect becase it does not exist for her. Note If another SMB share exists that matches the ser's name, then the ser connects to the explicitly named share rather than the %U share. Athenticating SMB sers Yo can athenticate SMB sers from athentication providers that can handle NT hashes. SMB sends an NT password hash to athenticate SMB sers, so only sers from athentication providers that can handle NT hashes can log in over SMB. The following OneFS-spported athentication providers can handle NT hashes: Note Active Directory Local LDAPSAM (LDAP with Samba extensions enabled) File, NIS, and non-sam LDAP providers cannot handle NT hashes, so sers from those athentication providers cannot log in over SMB. Home directory creation throgh SSH and FTP For sers who access the clster throgh SSH or FTP, yo can configre home directory spport by modifying athentication provider settings. The following athentication provider settings determine how home directories are set p. Home directory creation throgh SSH and FTP 163

164 File sharing Home Directory Naming Specifies the path to se as a template for naming home directories. The path mst begin with /ifs and may contain variables, sch as %U, that are expanded to generate the home directory path for the ser. Create home directories on first login Specifies whether to create a home directory the first time a ser logs in, if a home directory does not already exist for the ser. UNIX Shell Specifies the path to the ser's login shell. This setting applies only to sers who access the file system throgh SSH. Set SSH/FTP home directory creation options Yo can configre home directory spport for a ser who accesses the clster throgh SSH or FTP by specifying athentication provider options. The following athentication provider options affect home directory creation: Note Create Home Directory. A boolean vale that indicates whether to create the home directory if it does not exist. Home Directory Template. The template path name for the ser's home directory, and may contain special variables beginning with '%' that are expanded to generate the home directory path for the ser. The path name mst begin with / ifs/. Login Shell. The defalt login shell for the ser. The ser's login shell may also be provided by the athentication provider. A ser mst have the ISI_PRIV_LOGIN_SSH privilege to log in to a node throgh SSH. The following example demonstrates setting these options for an Active Directory athentication provider. # isi ath ads list Name Athentication Stats DC Name Site YOUR.DOMAIN.NAME.COM Yes online - SEA Total: 1 # isi ath ads modify YOUR.DOMAIN.NAME.COM \ --home-directory-template=/ifs/home/ads/%d/%u \ --create-home-directory=yes # isi ath ads view -v YOUR.DOMAIN.NAME.COM Name: YOUR.DOMAIN.NAME.COM NetBIOS Domain: YOUR... Create Home Directory: Yes Home Directory Template: /ifs/home/ads/%d/%u Login Shell: /bin/sh # id YOUR\\ser_100 id= (<yor-domain>\ser_100) gid= (<yor-domain>\domain sers) \ grops= (<yor-domain>\domain sers), (<yor-domain>\c1t), 1545(Users) The information is verified from an external Unix node, as seen in the reslt of the following command: # ssh <yor-domain>\\[email protected] 164 OneFS 7.1 Web Administration Gide

165 File sharing After logging in, the ser above will be in directory /ifs/home/ads/<yor-domain>/ ser_100, which will be created if it did not previosly exist. Set the SSH or FTP login shell Yo can se the Login Shell option to set the defalt login shell for the ser. By defalt, the Login Shell option, if provided, overrides any login-shell information provided by the athentication provider, except with Active Directory, in which case it simply represents the defalt login shell if the Active Directory server does not provide login-shell information. In the following example, the login shell for all local sers is set to /bin/bash # isi ath local modify System --login-shell=/bin/bash This example sets the defalt login shell for all Active Directory sers in <yor-domain> to /bin/bash: # isi ath ads modify YOUR.DOMAIN.NAME.COM --login-shell=/bin/bash Set SSH/FTP home directory permissions Yo can specify home directory permissions for a home directory accessed throgh SSH or FTP by setting the Home Directory Umask option. When a ser's home directory is created at login throgh SSH or FTP, it is created sing POSIX mode bits. The permissions setting on a ser's home directory is affected by the Home Directory Umask setting of the ser's athentication zone. This example shows how the Home Directory Umask setting can be seen: # isi zone zones view System... Home Directory Umask: 0077 Yo can modify the mask option for a zone with the --home-directory-mask option, specifying an octal nmber as the mask. The following example demonstrates how to allow a grop/others write/execte permission in a home directory. In this example, the ser's home directory is created with mode bits 0755 masked by the mask field, set to the vale of 022. So by defalt, a ser's home directory is created with mode bits 0700 (eqivalent to (0755 & ~(077)) : # isi zone zones modify <zone-name> --home-directory-mask=022 Provision home directories with dot files Yo can provision home directories with dot files. The skeleton directory, which is located at /sr/share/skel by defalt, contains a set of files that are copied to the ser's home directory when a local ser is created or when a ser home directory is dynamically created dring login. Files in the skeleton directory that begin with dot. are renamed to remove the dot prefix when they are copied to the ser's home directory. For example, dot.cshrc is copied to the ser's home directory as.cshrc. This format enables dot files in the skeleton directory to be viewable throgh the command-line interface withot reqiring the ls -a command. For SMB shares that might se home directories that were provisioned with dot files, yo can set an option to prevent sers who connect to the share throgh SMB from viewing the dot files. The following command is sed to determine the defalt skeleton directory zone: # isi zone zones view System Name: System... Skeleton Directory: /sr/share/skel Home directory creation throgh SSH and FTP 165

166 File sharing The defalt skeleton directory, /sr/share/skel, can be modified in an athentication zone with the --skeleton-directory=<path> option, as shown in this example: # isi zone zones modify System --skeleton-directory=/sr/share/skel2 # isi zone zones view System Name: System... Skeleton Directory: /sr/share/skel2 Home directory creation in a mixed environment Interactions between ACLs and mode bits Interactions with dot-file provisioning If a ser will log in throgh both SMB and SSH, it is recommended that yo set p the home directory so that the path template is the same in the SMB share and each athentication provider against which the ser is athenticating throgh SSH. As an alternative to setting the home directory path in each athentication provider that might be sed, yo can configre an SMB share to se the path that is specified in the ser's athentication provider by setting the share path as an empty string (""). Home directory set p is determined by several factors, inclding how sers athenticate and the options that specify home directory creation. A ser's home directory may be set p with either ACLs or POSIX mode bits, which are converted into a synthetic ACL. The directory of a local ser is created when the local ser is created, and is set p with POSIX mode bits by defalt. Directories can be dynamically provisioned at log in for sers who athenticate against external sorces, and in some cases sers who athenticate against the File provider. In this case, their home directory is created according to how they first log in. For example, if an LDAP ser first logs in throgh SSH or FTP and his or her home directory is created, it is created with POSIX mode bits. If that same ser first connects throgh an SMB home directory share, the home directory is created as dictated by the SMB option settings. If --inherited-path-acl=yes, ACLs are generated. Otherwise, POSIX mode bits are sed. A ser's home directory may or may not contain dot files, depending on the method of first access to the clster. If a home directory is first created throgh SSH access, it has a configration file name that begins with a '.' (for example,.login or.cshrc); if the home directory is created throgh SMB, it may not. If yo are planning an SMB share that ses home directories that have been created either as local sers or throgh home directory creation over SSH or FTP, yo may want to consider the --hide-dot-files=yes option, which can be set so that SMB sers do not see any files that begin with a "." If a ser can log in to the clster throgh both SMB and SSH or FTP and the ser's home directory is dynamically created on first access, then the ser's dot files are set p only if SSH or FTP is sed to first access the clster. If SMB is sed for first access, the dot files are not copied, bt they can be copied manally from the path set in the Skeleton Directory field of the ser's access zone. The following command modifies an SMB share HOMEDIR to hide any files that begin with ".": # isi smb modify share HOMEDIR --hide-dot-files=yes 166 OneFS 7.1 Web Administration Gide

167 File sharing This command reveals the path set in the Skeleton Directory field of the ser's access zone: isi zone zones view <ZONE-NAME>" grep Skeleton Defalt home directory settings in athentication providers The defalt settings that affect how home directories are set p differ based on the athentication provider that the ser athenticates against. Athentication provider Home directory naming Home directory creation UNIX login shell Local /ifs/home/%u Enabled /bin/sh File None Disabled None Active Directory /ifs/home/%d/%u Disabled /bin/sh Note If available, provider information overrides this vale. LDAP None Disabled None NIS None Disabled None Spported expansion variables Yo can inclde expansion variables in an SMB share path or in an athentication provider's home directory template. OneFS spports the following expansion variables. Yo can improve performance and redce the nmber of shares to be managed when yo configre shares with expansion variables. For example, yo can se the %U variable for a share rather than create a share for each ser. When a %U is sed in the name so that each ser's path is different, secrity is still ensred becase each ser can view and access only his or her home directory. Note When yo create an SMB share throgh the web administration interface, yo mst select the Allow Variable Expansion check box or the string is interpreted literally by the system. Variable Vale Description %U User name (for example, ser_001) Expands to the ser name to allow different sers to se different home directories. This variable is typically inclded at the end of the path. For example, for a ser named ser1, the path /ifs/ home/%u is mapped to /ifs/home/ser1. %D NetBIOS domain name (for example, YORK for YORK.EAST.EXAMPLE.COM) Expands to the ser's domain name, based on the athentication provider: Defalt home directory settings in athentication providers 167

168 File sharing Variable Vale Description For Active Directory sers, %D expands to the Active Directory NetBIOS name. For local sers, %D expands to the clster name in ppercase characters. For example, for a clster named clster1, %D expands to CLUSTER1. For sers in the System file provider, %D expands to UNIX_USERS. For sers in other file providers, %D expands to FILE_USERS. For LDAP sers, %D expands to LDAP_USERS. For NIS sers, %D expands to NIS_USERS. %Z Zone name (for example, ZoneABC) %L Host name (clster host name in lowercase) Expands to the access zone name. If mltiple zones are activated, this variable is sefl for differentiating sers in separate zones. For example, for a ser named ser1 in the System zone, the path /ifs/home/%z/%u is mapped to /ifs/home/system/ser1. Expands to the host name of the clster, normalized to lowercase. Limited se. %0 First character of the ser name Expands to the first character of the ser name. %1 Second character of the ser name Expands to the second character of the ser name. %2 Third character of the ser name Expands to the third character of the ser name. Note If the ser name incldes fewer than three characters, the %0, %1, and %2 variables wrap arond. For example, for a ser named ab, the variable maps to a, b, and a. For a ser named a, all three variables map to a. Domain variables in home directory provisioning Yo can se domain variables to specify athentication providers when provisioning home directories. The domain variable is typically sed for Active Directory sers, bt it has a vale set that can be sed for other athentication providers. It expands to the following for the varios athentication providers. Athenticated ser Expands to - - Active Directory User %D = Active Directory NetBIOS name (for example, YORK for provider YORK.EAST.EXAMPLE.COM) Local User If clster is called "clster-name": %D = CLUSTER-NAME (ppercase) 168 OneFS 7.1 Web Administration Gide

169 File sharing Athenticated ser Expands to - - File User %D = UNIX_USERS (for System file provider) %D = FILE_USERS (for all other file providers) LDAP User NIS User %D = LDAP_USERS (for all LDAP athentication providers) %D = NIS_USERS (for all NIS athentication providers) Domain variables in home directory provisioning 169

170

171 CHAPTER 9 Snapshots This section contains the following topics: Snapshots overview Data protection with SnapshotIQ Snapshot disk-space sage Snapshot schedles Snapshot aliases File and directory restoration Snapshot best practices Best practices for creating snapshot schedles File clones Snapshot locks Snapshot reserve SnapshotIQ license fnctionality Creating snapshots with SnapshotIQ Managing snapshots Restoring snapshot data Managing snapshot schedles Managing with snapshot locks Configre SnapshotIQ settings Set the snapshot reserve Snapshots 171

172 Snapshots Snapshots overview A OneFS snapshot is a logical pointer to data that is stored on a clster at a specific point in time. A snapshot references a directory on a clster, inclding all data stored in the directory and its sbdirectories. If the data referenced by a snapshot is modified, the snapshot stores a physical copy of the data that was modified. Snapshots are created according to ser specifications or are atomatically generated by OneFS to facilitate system operations. To create and manage snapshots, yo mst activate a SnapshotIQ license on the clster. Some applications mst generate snapshots to fnction bt do not reqire yo to activate a SnapshotIQ license; by defalt, these snapshots are atomatically deleted when OneFS no longer needs them. However, if yo activate a SnapshotIQ license, yo can retain these snapshots. Yo can view snapshots generated by other modles withot activating a SnapshotIQ license. Yo can identify and locate snapshots by name or ID. A snapshot name is specified by a ser and assigned to the virtal directory that contains the snapshot. A snapshot ID is a nmerical identifier that OneFS atomatically assigns to a snapshot. Data protection with SnapshotIQ Snapshot disk-space sage Yo can create snapshots to protect data with the SnapshotIQ software modle. Snapshots protect data against accidental deletion and modification by enabling yo to restore deleted and modified files. To se SnapshotIQ, yo mst activate a SnapshotIQ license on the clster. Snapshots are less costly than backing p yor data on a separate physical storage device in terms of both time and storage consmption. The time reqired to move data to another physical device depends on the amont of data being moved, whereas snapshots are always created almost instantaneosly regardless of the amont of data referenced by the snapshot. Also, becase snapshots are available locally, end-sers can often restore their data withot reqiring assistance from a system administrator. Snapshots reqire less space than a remote backp becase naltered data is referenced rather than recreated. Snapshots do not protect against hardware or file-system isses. Snapshots reference data that is stored on a clster, and if the data on the clster becomes navailable, the snapshots will also be navailable. Becase of this, it is recommended that yo back p yor data to separate physical devices in addition to creating snapshots. The amont of disk space that a snapshot consmes depends on both the amont of data stored by the snapshot and the amont of data the snapshot references from other snapshots. Immediately after OneFS creates a snapshot, the snapshot consmes a negligible amont of disk space. The snapshot does not consme additional disk space nless the data referenced by the snapshot is modified. If the data that a snapshot references is modified, the snapshot stores read-only copies of the original data. A snapshot consmes only the space that is necessary to restore the contents a directory to the state it was in when the snapshot was taken. 172 OneFS 7.1 Web Administration Gide

173 Snapshots Snapshot schedles Snapshot aliases File and directory restoration To redce disk-space sage, snapshots that reference the same directory reference each other, with older snapshots referencing newer snapshots. If a file is deleted, and several snapshots reference the file, a single snapshot stores a copy the file, and the other snapshots reference the file from the snapshot that stored the copy. The reported size of a snapshot reflects only the amont of data stored by the snapshot and does not inclde the amont of data referenced by the snapshot. Becase snapshots do not consme a set amont of storage space, there is no availablespace reqirement for creating a snapshot. The size of a snapshot grows according to how the data referenced by the snapshot is modified. A clster cannot contain more than 20,000 snapshots. Yo can atomatically generate snapshots according to a snapshot schedle. With snapshot schedles, yo can periodically generate snapshots of a directory withot having to manally create a snapshot every time. Yo can also assign an expiration period that determines when SnapshotIQ deletes each atomatically generated snapshot. A snapshot alias is an optional, alternative name for a snapshot. If a snapshot is assigned an alias, and that alias is later assigned to another snapshot, OneFS atomatically removes the alias from the old snapshot and then assigns the alias to the new snapshot. Snapshot aliases are most sefl when yo specify them in a snapshot schedle. When yo specify an alias in a snapshot schedle, SnapshotIQ assigns the alias to the most recently generated snapshot, enabling yo to qickly identify the most recent snapshot generated according to a schedle. OneFS ses snapshot aliases internally to identify the most recent snapshot generated by OneFS operations. Yo can restore the files and directories that are referenced by a snapshot by copying data from the snapshot, cloning a file from the snapshot, or reverting the entire snapshot. Copying a file from a snapshot creates an additional copy of the file, which will roghly doble the amont of storage space consmed. Even if yo delete the original file from the non-snapshot directory, the copy of the file remains in the snapshot. Unlike copying a file from a snapshot, which immediately consmes additional space on the clster, cloning a file from a snapshot does not consme any additional space on the clster nless the clone or cloned file is modified. Reverting a snapshot replaces the contents of a directory with the data stored in the snapshot. Before a snapshot is reverted, SnapshotIQ creates a snapshot of the directory that is being replaced, which enables yo to ndo the snapshot revert later. Reverting a snapshot can be sefl if yo want to ndo a large nmber of changes that yo made to files and directories. If new files or directories have been created in a directory since a snapshot of the directory was created, those files and directories are deleted when the snapshot is reverted. Snapshot schedles 173

174 Snapshots Snapshot best practices Consider the following snapshot best practices when working with a large nmber of snapshots. It is recommended that yo do not create more than 1,000 snapshots of a single directory to avoid performance degradation. If yo create a snapshot of a root directory, that snapshot conts towards the total nmber of snapshots for any sbdirectories of the root directory. For example, if yo create 500 snapshots of /ifs/data and 500 snapshots of /ifs/data/media, yo have created 1000 snapshots of /ifs/data/media. Avoid creating snapshots of directories that are already referenced by other snapshots. It is recommended that yo do not create more than 1000 hard links per file in a snapshot to avoid performance degradation. Always attempt to keep directory paths as shallow as possible. The deeper the depth of directories referenced by snapshots, the greater the performance degradation. Creating snapshots of directories higher on a directory tree will increase the amont of time it takes to modify the data referenced by the snapshot and reqire more clster resorces to manage the snapshot and the directory. However, creating snapshots of directories lower on directories trees will reqire more snapshot schedles, which can be difficlt to manage. It is recommended that yo do not create snapshots of /ifs or /ifs/data. Yo can create p to 20,000 snapshots on a clster at a time. If yo create a large nmber of snapshots, yo might not be able to manage snapshots throgh the OneFS web administration interface. However, yo can manage any nmber of snapshots throgh the OneFS command-line interface. Note It is recommended that yo do not disable the snapshot delete job. Disabling the snapshot delete job prevents nsed disk space from being freed and can also case performance degradation. Best practices for creating snapshot schedles Snapshot schedle configrations can be categorized by how they delete snapshots: ordered deletions and nordered deletions. An ordered deletion is the deletion of the oldest snapshot of a directory. An nordered deletion is the deletion of a snapshot that is not the oldest snapshot of a directory. Unordered deletions take approximately twice as long to complete and consme more clster resorces than ordered deletions. However, nordered deletions can save space by retaining a smaller total nmber of snapshots. The benefits of nordered deletions verss ordered deletions depend on how often the data referenced by the snapshots is modified. If the data is modified freqently, nordered deletions will save space. However, if data remains nmodified, nordered deletions will most likely not save space, and it is recommended that yo perform ordered deletions to free clster resorces. To implement ordered deletions, assign the same dration period for all snapshots of a directory. The snapshots can be created by one or mltiple snapshot schedles. Always ensre that no more than 1000 snapshots of a directory are created. 174 OneFS 7.1 Web Administration Gide

175 Snapshots To implement nordered snapshot deletions, create several snapshot schedles for a single directory, and then assign different snapshot dration periods for each schedle. Ensre that all snapshots are created at the same time when possible. The following tables describe snapshot schedles that follow snapshot best practices: Table 13 Snapshot schedle configrations Deletion type Snapshot freqency Snapshot time Snapshot expiration Max snapshots retained Ordered deletion (for mostly static data) Every hor Beginning at 12:00 AM Ending at 11:59 AM 1 month 720 Unordered deletion (for freqently modified data) Every other hor Beginning at 12:00 AM Ending at 11:59 PM Every day At 12:00 AM 1 week Every week Satrday at 12:00 AM 1 day 27 1 month Every month The first Satrday of the month at 12:00 AM 3 months File clones SnapshotIQ enables yo to create file clones that share blocks with existing files in order to save space on the clster. A file clone sally consmes less space and takes less time to create than a file copy. Althogh yo can clone files from snapshots, clones are primarily sed internally by OneFS. The blocks that are shared between a clone and cloned file are contained in a hidden file called a shadow store. Immediately after a clone is created, all data originally contained in the cloned file is transferred to a shadow store. Becase both files reference all blocks from the shadow store, the two files consme no more space than the original file; the clone does not take p any additional space on the clster. However, if the cloned file or clone is modified, the file and clone will share only blocks that are common to both of them, and the modified, nshared blocks will occpy additional space on the clster. Over time, the shared blocks contained in the shadow store might become seless if neither the file nor clone references the blocks. The clster rotinely deletes blocks that are no longer needed. Yo can force the clster to delete nsed blocks at any time by rnning the shadow store delete job. Clones cannot contain alternate data streams (ADS). If yo clone a file that contains alternate data streams, the clone will not contain the alternate data streams. File clones 175

176 Snapshots Shadow store considerations Shadow stores are hidden files that are referenced by cloned and dedplicated files. Files that reference shadow stores behave differently than other files. Reading shadow-store references might be slower than reading data directly. Specifically, reading non-cached shadow-store references is slower than reading noncached data. Reading cached shadow-store references takes no more time than reading cached data. When files that reference shadow stores are replicated to another Isilon clster or backed p to a Network Data Management Protocol (NDMP) backp device, the shadow stores are not transferred to the target Isilon clster or backp device. The files are transferred as if they contained the data that they reference from shadow stores. On the target Isilon clster or backp device, the files consme the same amont of space as if they had not referenced shadow stores. When OneFS creates a shadow store, OneFS assigns the shadow store to a storage pool of a file that references the shadow store. If yo delete the storage pool that a shadow store resides on, the shadow store is moved to a pool occpied by another file that references the shadow store. OneFS does not delete a shadow store block immediately after the last reference to the block is deleted. Instead, OneFS waits ntil the ShadowStoreDelete job is rn to delete the nreferenced block. If a large nmber of nreferenced blocks exist on the clster, OneFS might report a negative dedplication savings ntil the ShadowStoreDelete job is rn. Shadow stores are protected at least as mch as the most protected file that references it. For example, if one file that references a shadow store resides in a storage pool with +2 protection and another file that references the shadow store resides in a storage pool with +3 protection, the shadow store is protected at +3. Qotas accont for files that reference shadow stores as if the files contained the data referenced from shadow stores; from the perspective of a qota, shadow store references do not exist. However, if a qota incldes data protection overhead, the qota does not accont for the data protection overhead of shadow stores. iscsi LUN clones Snapshot locks OneFS enables yo to create clones of iscsi logical nits (LUNs) that share blocks with existing LUNs in order to save space on the clster. Internally, OneFS creates iscsi LUN clones by creating file clones. A snapshot lock prevents a snapshot from being deleted. If a snapshot has one or more locks applied to it, the snapshot cannot be deleted and is referred to as a locked snapshot. If the dration period of a locked snapshot expires, OneFS will not delete the snapshot ntil all locks on the snapshot have been deleted. OneFS applies snapshot locks to ensre that snapshots generated by OneFS applications are not deleted prematrely. For this reason, it is recommended that yo do not delete snapshot locks or modify the dration period of snapshot locks. A limited nmber of locks can be applied to a snapshot at a time. If yo create snapshot locks, the limit for a snapshot might be reached, and OneFS cold be nable to apply a snapshot lock when necessary. For this reason, it is recommended that yo do not create snapshot locks. 176 OneFS 7.1 Web Administration Gide

177 Snapshots Snapshot reserve The snapshot reserve enables yo to set aside a minimm percentage of the clster storage capacity specifically for snapshots. If specified, all other OneFS operations are nable to access the percentage of clster capacity that is reserved for snapshots. Note The snapshot reserve does not limit the amont of space that snapshots can consme on the clster. Snapshots can consme a greater percentage of storage capacity specified by the snapshot reserve. It is recommended that yo do not specify a snapshot reserve. SnapshotIQ license fnctionality Yo can create snapshots only if yo activate a SnapshotIQ license on a clster. However, yo can view snapshots and snapshot locks that are created for internal se by OneFS withot activating a SnapshotIQ license. The following table describes what snapshot fnctionality is available depending on whether the SnapshotIQ license is active: Inactive Active Create snapshots and snapshot schedles No Yes Configre SnapshotIQ settings No Yes View snapshot schedles Yes Yes Delete snapshots Yes Yes Access snapshot data Yes Yes View snapshots Yes Yes If yo a SnapshotIQ license becomes inactive, yo will no longer be able to create new snapshots, all snapshot schedles will be disabled, and yo will not be able to modify snapshots or snapshot settings. However, yo will still be able to delete snapshots and access data contained in snapshots. Creating snapshots with SnapshotIQ To create snapshots, yo mst configre the SnapshotIQ licence on the clster. Yo can create snapshots either by creating a snapshot schedle or manally generating an individal snapshot. Manal snapshots are sefl if yo want to create a snapshot immediately, or at a time that is not specified in a snapshot schedle. For example, if yo plan to make changes to yor file system, bt are nsre of the conseqences, yo can captre the crrent state of the file system in a snapshot before yo make the change. Before creating snapshots, consider that reverting a snapshot reqires that a SnapRevert domain exist for the directory that is being reverted. If yo intend on reverting snapshots for a directory, it is recommended that yo create SnapRevert domains for those Snapshot reserve 177

178 Snapshots Create a SnapRevert domain directories while the directories are empty. Creating a domain for a directory that contains less data takes less time. Before yo can revert a snapshot that contains a directory, yo mst create a SnapRevert domain for the directory. It is recommended that yo create SnapRevert domains for a directory while the directory is empty. The root path of the SnapRevert domain mst be the same root path of the snapshot. For example, a domain with a root path of /ifs/data/media cannot be sed to revert a snapshot with a root path of /ifs/data/media/archive. To revert /ifs/data/ media/archive, yo mst create a SnapRevert domain with a root path of /ifs/ data/media/archive. Procedre 1. Click Clster Management > Job Operations > Job Types. 2. In the Job Types area, in the DomainMark row, from the Actions colmn, select Start Job. 3. In the Domain Root Path field, type the path of a snapshot root directory. 4. From the Type of domain list, select SnapRevert. 5. Ensre that the Delete this domain check box is cleared. 6. Click Start Job. Create a snapshot schedle Yo can create a snapshot schedle to continosly generate snapshots of directories. Procedre 1. Click Data Protection > SnapshotIQ > Snapshot Schedles. 2. Click Create a snapshot schedle. 3. Optional: In the Create a Snapshot Schedle area, in the Schedle Name field, type a name for the snapshot schedle. 4. Optional: In the Naming pattern for Generated Snapshots field, type a naming pattern. Each snapshot generated according to this schedle is assigned a name based on the pattern. For example, the following naming pattern is valid: WeeklyBackp_%m-%d-%Y_%H:%M The example prodces names similar to the following: WeeklyBackp_ _14:21 5. In the Directory Path field, specify the directory that yo want to be contained in snapshots that are generated according to this schedle. 6. Specify how often yo want to generate snapshots according to the schedle. Options Generate snapshots every day, or skip generating snapshots for a specified nmber of days. Description From the Snapshot Freqency list, select Daily, and specify how often yo want to generate snapshots. 178 OneFS 7.1 Web Administration Gide

179 Snapshots Options Generate snapshots on specific days of the week, and optionally skip generating snapshots for a specified nmber of weeks. Generate snapshots on specific days of the month, and optionally skip generating snapshots for a specified nmber of months. Generate snapshots on specific days of the year. Description From the Snapshot Freqency list, select Weekly and specify how often yo want to generate snapshots. From the Snapshot Freqency list, select Monthly and specify how often yo want to generate snapshots. From the Snapshot Freqency list, select Yearly and specify how often yo want to generate snapshots. Note A snapshot schedle cannot span mltiple days. For example, yo cannot specify to begin generating snapshots at 5:00 PM Monday and end at 5:00 AM Tesday. To continosly generate snapshots for a period greater than a day, yo mst create two snapshot schedles. For example, to generate snapshots from 5:00 PM Monday to 5:00 AM Tesday, create one schedle that generates snapshots from 5:00 PM to 11:59 PM on Monday, and another schedle that generates snapshots from 12:00 AM to 5:00 AM on Tesday. 7. Optional: To assign an alternative name to the most recent snapshot generated by the schedle, specify a snapshot alias. a. Next to Create an Alias, click Yes. b. To modify the defalt snapshot alias name, in the Alias Name field, type an alternative name for the snapshot. 8. Optional: To specify a length of time that snapshots generated according to the schedle exist on the clster before they are atomatically deleted by OneFS, specify an expiration period. a. Next to Snapshot Expiration, click Snapshots expire. b. Next to Snapshots expire, specify how long yo want to retain the snapshots generated according to the schedle. 9. Click Create. Create a snapshot Yo can create a snapshot of a directory. Procedre 1. Click Data Protection > SnapshotIQ > Smmary. 2. Click Captre a new snapshot. 3. Optional: In the Captre a Snapshot area, in the Snapshot Name field, type a name. 4. In the Directory Path field, specify the directory that yo want the snapshot to contain. 5. Optional: To create an alternative name for the snapshot, specify a snapshot alias. a. Next to Create an Alias, click Yes. Create a snapshot 179

180 Snapshots Snapshot naming patterns b. To modify the defalt snapshot alias name, in the Alias Name field, type an alternative name for the snapshot. 6. Optional: To assign a time that OneFS will atomatically delete the snapshot, specify an expiration period. a. Next to Snapshot Expiration, click Snapshot Expires on. b. In the calendar, specify the day that yo want the snapshot to be atomatically deleted. 7. Click Captre. If yo schedle snapshots to be atomatically generated, either according to a snapshot schedle or a replication policy, yo mst assign a snapshot naming pattern that determines how the snapshots are named. Snapshot naming patterns contain variables that inclde information abot how and when the snapshot was created. The following variables can be inclded in a snapshot naming pattern: Variable Description - - %A The day of the week. %a The abbreviated day of the week. For example, if the snapshot is generated on a Snday, %a is replaced with Sn. %B The name of the month. %b The abbreviated name of the month. For example, if the snapshot is generated in September, %b is replaced with Sep. %C The first two digits of the year. For example, if the snapshot is created in 2012, %C is replaced with 20. %c The time and day. This variable is eqivalent to specifying %a %b %e %T %Y. %d The two digit day of the month. %e The day of the month. A single-digit day is preceded by a blank space. %F The date. This variable is eqivalent to specifying %Y-%m-%d %G The year. This variable is eqivalent to specifying %Y. However, if the snapshot is created in a week that has less than for days in the crrent year, the year that contains the majority of the days of the week is displayed. The first day of the week is calclated as Monday. For example, if a snapshot is created on Snday, Janary 1, 2017, %G is replaced with 2016, becase only one day of that week is in %g The abbreviated year. This variable is eqivalent to specifying %y. However, if the snapshot was created in a week that has less than for days in the crrent year, the year that contains the majority of the days of the week is displayed. The first day of the week is calclated as Monday. For example, if a snapshot is created on Snday, Janary 1, 2017, %g is replaced with 16, becase only one day of that week is in OneFS 7.1 Web Administration Gide

181 Snapshots Variable Description - - %H The hor. The hor is represented on the 24-hor clock. Single-digit hors are preceded by a zero. For example, if a snapshot is created at 1:45 AM, %H is replaced with 01. %h The abbreviated name of the month. This variable is eqivalent to specifying %b. %I The hor represented on the 12-hor clock. Single-digit hors are preceded by a zero. For example, if a snapshot is created at 1:45 AM, %I is replaced with 01. %j The nmeric day of the year. For example, if a snapshot is created on Febrary 1, %j is replaced with 32. %k The hor represented on the 24-hor clock. Single-digit hors are preceded by a blank space. %l The hor represented on the 12-hor clock. Single-digit hors are preceded by a blank space. For example, if a snapshot is created at 1:45 AM, %I is replaced with 1. %M The two-digit minte. %m The two-digit month. %p AM or PM. %{PolicyName} The name of the replication policy that the snapshot was created for. This variable is valid only if yo are specifying a snapshot naming pattern for a replication policy. %R The time. This variable is eqivalent to specifying %H:%M. %r The time. This variable is eqivalent to specifying %I:%M:%S %p. %S The two-digit second. %s The second represented in UNIX or POSIX time. %{SrcClster} The name of the sorce clster of the replication policy that the snapshot was created for. This variable is valid only if yo are specifying a snapshot naming pattern for a replication policy. %T The time. This variable is eqivalent to specifying %H:%M:%S %U The two-digit nmerical week of the year. Nmbers range from 00 to 53. The first day of the week is calclated as Snday. % The nmerical day of the week. Nmbers range from 1 to 7. The first day of the week is calclated as Monday. For example, if a snapshot is created on Snday, % is replaced with 7. %V The two-digit nmerical week of the year that the snapshot was created in. Nmbers range from 01 to 53. The first day of the week is calclated as Monday. If the week of Janary 1 is for or more days in length, then that week is conted as the first week of the year. Snapshot naming patterns 181

182 Snapshots Variable Description - - %v The day that the snapshot was created. This variable is eqivalent to specifying %e-%b-%y. %W The two-digit nmerical week of the year that the snapshot was created in. Nmbers range from 00 to 53. The first day of the week is calclated as Monday. %w The nmerical day of the week that the snapshot was created on. Nmbers range from 0 to 6. The first day of the week is calclated as Snday. For example, if the snapshot was created on Snday, %w is replaced with 0. %X The time that the snapshot was created. This variable is eqivalent to specifying %H:%M:%S. %Y The year that the snapshot was created in. %y The last two digits of the year that the snapshot was created in. For example, if the snapshot was created in 2012, %y is replaced with 12. %Z The time zone that the snapshot was created in. %z The offset from coordinated niversal time (UTC) of the time zone that the snapshot was created in. If preceded by a pls sign, the time zone is east of UTC. If preceded by a mins sign, the time zone is west of UTC. %+ The time and date that the snapshot was created. This variable is eqivalent to specifying %a %b %e %X %Z %Y. %% Escapes a percent sign. "100%%" is replaced with 100%. Managing snapshots Redcing snapshot disk-space sage Yo can delete and view snapshots. Yo can also modify the name, dration period, and alias of an existing snapshot. However, yo cannot modify the data contained in a snapshot; the data contained in a snapshot is read-only. If mltiple snapshots contain the same directories, deleting one of the snapshots might not free the entire amont of space that the system reports as the size of the snapshot. The size of a snapshot is the maximm amont of data that might be freed if the snapshot is deleted. Deleting a snapshot frees only the space that is taken p exclsively by that snapshot. If two snapshots reference the same stored data, that data is not freed ntil both snapshots are deleted. Remember that snapshots store data contained in all sbdirectories of the root directory; if snapshot_one contains /ifs/data/, and snapshot_two contains /ifs/data/dir, the two snapshots most likely share data. If yo delete a directory, and then re-create it, a snapshot containing the directory stores the entire re-created directory, even if the files in that directory are never modified. Deleting mltiple snapshots that contain the same directories is more likely to free data than deleting mltiple snapshots that contain different directories. 182 OneFS 7.1 Web Administration Gide

183 Snapshots If mltiple snapshots contain the same directories, deleting older snapshots is more likely to free disk-space than deleting newer snapshots. Snapshots that are assigned expiration dates are atomatically marked for deletion by the snapshot daemon. If the daemon is disabled, snapshots will not be atomatically deleted by the system. It is recommended that yo do not disable the snapshot daemon. Delete snapshots Yo can delete a snapshot if yo no longer want to access the data contained in the snapshot. OneFS frees disk space occpied by deleted snapshots when the snapshot delete job is rn. Also, if yo delete a snapshot that contains clones or cloned files, data in a shadow store might no longer be referenced by files on the clster; OneFS deletes nreferenced data in a shadow store when the shadow store delete job is rn. OneFS rotinely rns both the shadow store delete and snapshot delete jobs. However, yo can also manally rn the jobs at any time. Procedre 1. Click Data Protection > SnapshotIQ > Snapshots. 2. Specify the snapshots that yo want to delete. a. For each snapshot yo want to delete, in the Saved File System Snapshots table, in the row of a snapshot, select the check box. b. From the Select an action list, select Delete. c. In the confirmation dialog box, click Delete. 3. Optional: To increase the speed at which deleted snapshot data is freed on the clster, rn the snapshot delete job. a. Click Clster Management > Operations. b. In the Rnning Jobs area, click Start Job. c. From the Job list, select SnapshotDelete. d. Click Start. 4. Optional: To increase the speed at which deleted data shared between dedplicated and cloned files is freed on the clster, rn the shadow store delete job. Rn the shadow store delete job only after yo rn the snapshot delete job. a. Click Clster Management > Operations. b. In the Rnning Jobs area, click Start Job. c. From the Job list, select ShadowStoreDelete. d. Click Start. Modify snapshot attribtes Yo can modify the name and expiration date of a snapshot. Procedre 1. Click File System Management > SnapshotIQ > Snapshots. 2. In the Saved File System Snapshots table, in the row of a snapshot, click View Details. Delete snapshots 183

184 Snapshots Modify a snapshot alias 3. In the Snapshot Details area, modify snapshot attribtes. 4. Next to each snapshot attribte that yo modified, click Save. Yo can modify the alias of a snapshot to assign an alternative name for the snapshot. Procedre 1. Click Data Protection > SnapshotIQ > Snapshots. 2. Above the Saved File System Snapshots table, click View snapshot aliases. 3. In the Snapshot Aliases table, in the row of an alias, click View details. 4. In the Snapshot Alias Details pane, in the Alias Name area, click Edit. 5. In the Alias Name field, type a new alias name. 6. Click Save. View snapshots Yo can view all snapshots. Procedre 1. Click Data Protection > SnapshotIQ > Snapshots. 2. In the Saved File System Snapshots table, view snapshots. Snapshot information Yo can view information abot snapshots, inclding the total amont of space consmed by all snapshots. The following information is displayed in the Saved Snapshots area: SnapshotIQ Stats Indicates whether a SnapshotIQ license has been activated on the clster. Total Nmber of Saved Snapshots Indicates the total nmber of snapshots that exist on the clster. Total Nmber of Snapshots Pending Deletion Indicates the total nmber of snapshots that were deleted on the clster since the last snapshot delete job was rn. The space consmed by the deleted snapshots is not freed ntil the snapshot delete job is rn again. Total Nmber of Snapshot Aliases Indicates the total nmber of snapshot aliases that exist on the clster. Capacity Used by Saved Snapshots Indicates the total amont of space consmed by all snapshots. Restoring snapshot data 184 OneFS 7.1 Web Administration Gide Yo can restore snapshot data throgh varios methods. Yo can revert a snapshot or access snapshot data throgh the snapshots directory. From the snapshots directory, yo can either clone a file or copy a directory or a file. The snapshots directory can be accessed throgh Windows Explorer or a UNIX command line.

185 Snapshots Yo can disable and enable access to the snapshots directory for any of these methods throgh snapshots settings. Revert a snapshot Yo can revert a directory back to the state it was in when a snapshot was taken. Before yo begin Create a SnapRevert domain for the directory. Create a snapshot of a directory. Procedre 1. Click Clster Management > Operations > Operations Smmary. 2. In the Rnning Jobs area, click Start job. 3. From the Job list, select SnapRevert. 4. Optional: To specify a priority for the job, from the Priority list, select a priority. Lower vales indicate a higher priority. If yo do not specify a priority, the job is assigned the defalt snapshot revert priority. 5. Optional: To specify the amont of clster resorces the job is allowed to consme, from the Impact policy list, select an impact policy. If yo do not specify a policy, the job is assigned the defalt snapshot revert policy. 6. In the Snapshot field, type the name or ID of the snapshot that yo want to revert, and then click Start. Restore a file or directory sing Windows Explorer If the Microsoft Shadow Copy Client is installed on yor compter, yo can se it to restore files and directories that are stored in snapshots. Note Yo can access p to 64 snapshots of a directory throgh Windows explorer, starting with the most recent snapshot. To access more than 64 snapshots for a directory, access the clster throgh a UNIX command line. Procedre 1. In Windows Explorer, navigate to the directory that yo want to restore or the directory that contains the file that yo want to restore. 2. Right-click the folder, and then click Properties. 3. In the Properties window, click the Previos Versions tab. 4. Select the version of the folder that yo want to restore or the version of the folder that contains the version of the file that yo want to restore. 5. Restore the version of the file or directory. To restore all files in the selected directory, click Restore. To copy the selected directory to another location, click Copy and then specify a location to copy the directory to. To restore a specific file, click Open, and then copy the file into the original directory, replacing the existing copy with the snapshot version. Revert a snapshot 185

186 Snapshots Restore a file or directory throgh a UNIX command line Yo can restore a file or directory throgh a UNIX command line. Procedre Clone a file from a snapshot 1. Open a connection to the clster throgh a UNIX command line. 2. Optional: To view the contents of the snapshot yo want to restore a file or directory from, rn the ls command for a sbdirectory of the snapshots root directory. For example, the following command displays the contents of the /archive directory contained in Snapshot2012Jn04: ls /ifs/.snapshot/snapshot2012jn04/archive 3. Copy the file or directory by sing the cp command. For example, the following command creates a copy of file1: cp /ifs/.snapshot/snapshot2012jn04/archive/file1 \ /ifs/archive/file1_copy Yo can clone a file from a snapshot. This procedre is available only throgh the command-line interface (CLI). Procedre 1. Open a secre shell (SSH) connection to any node in the clster and log in. 2. To view the contents of the snapshot yo want to restore a file or directory from, rn the ls command for a sbdirectory of the snapshots root directory. For example, the following command displays the contents of the /archive directory contained in Snapshot2012Jn04: ls /ifs/.snapshot/snapshot2012jn04/archive 3. Clone a file from the snapshot by rnning the cp command with the -c option. For example, the following command clones test.txt from Snapshot2012Jn04: cp -c /ifs/.snapshot/snapshot2012jn04/archive/test.txt \ /ifs/archive/test_clone.text Managing snapshot schedles Modify a snapshot schedle Yo can modify, delete, and view snapshot schedles. Yo can modify a snapshot schedle. Any changes to a snapshot schedle are applied only to snapshots generated after the modifications are made. Existing snapshots are not affected by schedle modifications. If yo modify the alias of a snapshot schedle, the alias is assigned to the next snapshot generated based on the schedle. However, if yo do this, the old alias is not removed from the last snapshot that it was assigned to. Unless yo manally remove the old alias, the alias will remain attached to the last snapshot that it was assigned to. Procedre 186 OneFS 7.1 Web Administration Gide 1. Click Data Protection > SnapshotIQ > Snapshot Schedles.

187 Snapshots Delete a snapshot schedle 2. In the Snapshot Schedles table, in the row of the snapshot schedle yo want to modify, click View details. 3. In the Snapshot Schedle Details area, modify snapshot schedle attribtes. 4. Next to each snapshot schedle attribte that yo modified, click Save. Yo can delete a snapshot schedle. Deleting a snapshot schedle will not delete snapshots that were previosly generated according to the schedle. Procedre View snapshot schedles 1. Click Data Protection > SnapshotIQ > Snapshot Schedles. 2. In the Snapshot Schedles table, in the row of the snapshot schedle yo want to delete, click Delete. 3. In the Confirm Delete dialog box, click Delete. Yo can view snapshot schedles. Procedre Managing with snapshot locks Create a snapshot lock 1. Click Data Protection > SnapshotIQ > Snapshot Schedles. 2. In the Snapshot Schedles table, view snapshot schedles. 3. Optional: To view detailed information abot a snapshot schedle, in the Snapshot Schedles table, in the row of the snapshot schedle that yo want to view, click View details. Snapshot schedle settings are displayed in the Snapshot Schedle Details area. Snapshots that are schedled to be generated according to the schedle are displayed in the Snapshot Calendar area. Yo can delete, create, and modify the expiration date of snapshot locks. CAUTION It is recommended that yo do not create, delete, or modify snapshots locks nless yo are instrcted to do so by Isilon Technical Spport. Deleting a snapshot lock that was created by OneFS might reslt in data loss. If yo delete a snapshot lock that was created by OneFS, it is possible that the corresponding snapshot might be deleted while it is still in se by OneFS. If OneFS cannot access a snapshot that is necessary for an operation, the operation will malfnction and data loss might reslt. Modifying the expiration date of a snapshot lock created by OneFS can also reslt in data loss becase the corresponding snapshot can be deleted prematrely. Yo can create snapshot locks that prevent snapshots from being deleted. This procedre is available only throgh the command-line interface (CLI). Althogh yo can prevent a snapshot from being atomatically deleted by creating a snapshot lock, it is recommended that yo do not create snapshot locks. To prevent a Delete a snapshot schedle 187

188 Snapshots snapshot from being atomatically deleted, it is recommended that yo extend the dration period of the snapshot by modifying the snapshot. Procedre Modify a snapshot lock expiration date Delete a snapshot lock 1. Open a secre shell (SSH) connection to any node in the clster and log in. 2. Create a snapshot lock by rnning the isi snapshot locks create command. For example, the following command applies a snapshot lock to "SnapshotApril2012", sets the lock to expire in one month, and adds a description of "Maintenance Lock": isi snapshot locks create SnapshotApril expires 1M \ --comment "Maintenance Lock" Yo can modify the expiration date of a snapshot lock. This procedre is available only throgh the command-line interface (CLI). CAUTION It is recommended that yo do not modify the expiration dates of snapshot locks. Procedre 1. Open a secre shell (SSH) connection to any node in the clster and log in. 2. Modify a snapshot lock by rnning the isi snapshot locks modify command. For example, the following command sets a snapshot lock that is applied to "SnapshotApril2012" and has an ID of 1 to expire in two days: isi snapshot locks modify Snapshot2012Apr expires 2D Yo can delete a snapshot lock. This procedre is available only throgh the commandline interface (CLI). CAUTION It is recommended that yo do not delete snapshot locks. Procedre 1. Open a secre shell (SSH) connection to any node in the clster and log in. 2. Delete a snapshot lock by rnning the isi snapshot locks delete command. For example, the following command deletes a snapshot lock that is applied to SnapshotApril2012 and has an ID of 1: isi snapshot locks delete Snapshot2012Apr16 1 The system prompts yo to confirm that yo want to delete the snapshot lock. 3. Type yes and then press ENTER. 188 OneFS 7.1 Web Administration Gide

189 Snapshots Snapshot lock information Yo can view snapshot lock information throgh the isi snapshot locks view and isi snapshot locks list commands. ID Nmerical identification nmber of the snapshot lock. Comment Description of the snapshot lock. This can be any string specified by a ser. Expires The date that the snapshot lock will be atomatically deleted by OneFS. Cont The nmber of times the snapshot lock is held. The file clone operation can hold a single snapshot lock mltiple times. If mltiple file clones are created simltaneosly, the file clone operation holds the same lock mltiple times, rather than creating mltiple locks. If yo delete a snapshot lock that is held more than once, yo will delete only one of the instances that the lock is held. In order to delete a snapshot lock that is held mltiple times, yo mst delete the snapshot lock the same nmber of times as displayed in the cont field. Configre SnapshotIQ settings SnapshotIQ settings Yo can configre SnapshotIQ settings that determine how snapshots can be created and the methods that sers can access snapshot data. Procedre 1. Click Data Protection > SnapshotIQ > Settings. 2. Modify SnapshotIQ settings, and then click Save. SnapshotIQ settings determine how snapshots behave and can be accessed. The following SnapshotIQ settings can be configred: Snapshot Schedling Determines whether snapshots can be generated. Note Disabling snapshot generation might case some OneFS operations to fail. It is recommended that yo do not disable this setting. Ato-create Snapshots Determines whether snapshots are atomatically generated according to snapshot schedles. Ato-delete Snapshots Determines whether snapshots are atomatically deleted according to their expiration dates. Snapshot lock information 189

190 Snapshots NFS Visibility & Accessibility Root Directory Accessible Determines whether snapshot directories are accessible throgh NFS. Root Directory Visible Determines whether snapshot directories are visible throgh NFS. Sb-directories Accessible Determines whether snapshot sbdirectories are accessible throgh NFS. SMB Visibility & Accessible Root Directory Accessible Determines whether snapshot directories are accessible throgh SMB. Root Directory Visible Determines whether snapshot directories are visible throgh SMB. Sb-directories Accessible Determines whether snapshot sbdirectories are accessible throgh SMB. Local Visibility & Accessibility Root Directory Accessible Determines whether snapshot directories are accessible throgh the local file system. Yo can access the local file system throgh an SSH connection or the local console. Root Directory Visible Determines whether snapshot directories are visible throgh the local file system. Yo can access the local file system throgh an SSH connection or the local console. Sb-directories Accessible Determines whether snapshot sbdirectories are accessible throgh the local file system. Yo can access the local file system throgh an SSH connection or the local console. Set the snapshot reserve Yo can specify a minimm percentage of clster-storage capacity that yo want to reserve for snapshots. This procedre is available only throgh the command-line interface (CLI). The snapshot reserve does not limit the amont of space that snapshots are allowed to consme on the clster. Snapshots can consme more than the percentage of capacity specified by the snapshot reserve. It is recommended that yo do not specify a snapshot reserve. Procedre 1. Open a secre shell (SSH) connection to any node in the clster and log in. 2. Set the snapshot reserve by rnning the isi snapshot settings modify command with the --reserve option. 190 OneFS 7.1 Web Administration Gide

191 Snapshots For example, the following command sets the snapshot reserve to 20%: isi snapshot settings modify --reserve 20 Set the snapshot reserve 191

192

193 CHAPTER 10 Dedplication with SmartDedpe This section contains the following topics: Dedplication overview Dedplication jobs Data replication and backp with dedplication Snapshots with dedplication Dedplication considerations Shadow store considerations SmartDedpe license fnctionality Managing dedplication Dedplication with SmartDedpe 193

194 Dedplication with SmartDedpe Dedplication overview Dedplication jobs The SmartDedpe software modle enables yo to save storage space on yor clster by redcing redndant data. Dedplication maximizes the efficiency of yor clster by decreasing the amont of storage reqired to store mltiple files with similar blocks. SmartDedpe dedplicates data by scanning an Isilon clster for identical data blocks. Each block is 8 KB. If SmartDedpe finds dplicate blocks, SmartDedpe moves a single copy of the blocks to a hidden file called a shadow store. SmartDedpe then deletes the dplicate blocks from the original files and replaces the blocks with pointers to the shadow store. Dedplication is applied at the directory level, targeting all files and directories nderneath one or more root directories. Yo can first assess a directory for dedplication and determine the estimated amont of space yo can expect to save. Yo can then decide whether to dedplicate the directory. After yo begin dedplicating a directory, yo can monitor how mch space is saved by dedplication in real time. SmartDedpe does not dedplicate files that are 32 KB and smaller, becase doing so wold consme more clster resorces than the storage savings are worth. Each shadow store can contain p to 255 blocks. Each block in a shadow store can be referenced times. Dedplication is performed by maintenance jobs referred to as dedplication jobs. Yo can monitor and control dedplication jobs as yo wold any other maintenance job on the clster. Althogh the overall performance impact of dedplication is minimal, the dedplication job consmes 256 MB of memory per node. When a dedplication job is first rn on a clster, SmartDedpe samples blocks from each file and creates index entries for those blocks. If the index entries of two blocks match, SmartDedpe scans the blocks adjacent to the matching pair and then dedplicates all dplicate blocks. After a dedplication job samples a file once, new dedplication jobs will not sample the file again ntil the file is modified. The first dedplication job yo rn might take significantly longer to complete than sbseqent dedplication jobs. The first dedplication job mst scan all files nder the specified directories to generate the initial index. If sbseqent dedplication jobs take a long time to complete, this most likely indicates that a large amont of data is being dedplicated. However, it can also indicate that clients are creating a large amont of new data on the clster. If a dedplication job is interrpted dring the dedplication process, the job will atomatically restart the scanning process from where the job was interrpted. It is recommended that yo rn dedplication jobs when clients are not modifying data on the clster. If clients are continally modifying files on the clster, the amont of space saved by dedplication is minimal becase the dedplicated blocks are constantly removed from the shadow store. For most clsters, it is recommended that yo start a dedplication job every ten days. The permissions reqired to modify dedplication settings are not the same as those needed to rn a dedplication job. Althogh a ser mst have the maintenance job permission to rn a dedplication job, the ser mst have the dedplication permission to modify dedplication settings. By defalt, the dedplication job is configred to rn at a low priority. 194 OneFS 7.1 Web Administration Gide

195 Dedplication with SmartDedpe Data replication and backp with dedplication Snapshots with dedplication Dedplication considerations When dedplicated files are replicated to another Isilon clster or backed p to a tape device, the dedplicated files no longer share blocks on the target Isilon clster or backp device. However, althogh yo can dedplicate data on a target Isilon clster, yo cannot dedplicate data on an NDMP backp device. Shadows stores are not transferred to target clsters or backp devices. Becase of this, dedplicated files do not consme less space than non-dedplicated files when they are replicated or backed p. To avoid rnning ot of space, yo mst ensre that target clsters and tape devices have enogh free space to store dedplicated data as if the data had not been dedplicated. To redce the amont of storage space consmed on a target Isilon clster, yo can configre dedplication for the target directories of yor replication policies. Althogh this will dedplicate data on the target directory, it will not allow SyncIQ to transfer shadow stores. Dedplication is still performed by dedplication jobs rnning on the target clster. The amont of clster resorces reqired to backp and replicate dedplicated data is the same as for non-dedplicated data. Yo can dedplicate data while the data is being replicated or backed p. Yo cannot dedplicate the data stored in a snapshot. However, yo can create snapshots of dedplicated data. If yo create a snapshot for a dedplicated directory, and then modify the contents of that directory, the references to shadow stores will be transferred to the snapshot over time. Therefore, if yo enable dedplication before yo create snapshots, yo will save more space on yor clster. If yo implement dedplication on a clster that already has a significant amont of data stored in snapshots, it will take time before the snapshot data is affected by dedplication. Newly created snapshots can contain dedplicated data, bt snapshots created before dedplication was implemented cannot. If yo plan on reverting a snapshot, it is best to revert the snapshot before rnning a dedplication job. Restoring a snapshot can overwrite many of the files on the clster. Any dedplicated files are reverted back to normal files if they are overwritten by a snapshot revert. However, after the snapshot revert is complete, yo can dedplicate the directory and the space savings persist on the clster. Dedplication can significantly increase the efficiency at which yo store data. However, the effect of dedplication varies depending on the clster. Yo can redce redndancy on a clster by rnning SmartDedpe. Dedplication creates links that can impact the speed at which yo can read from and write to files. In particlar, seqentially reading chnks smaller than 512 KB of a dedplicated file can be significantly slower than reading the same small, seqential chnks of a nondedplicated file. This performance degradation applies only if yo are reading noncached data. For cached data, the performance for dedplicated files is potentially better than non-dedplicated files. If yo stream chnks larger than 512 KB, dedplication does not significantly impact the read performance of the file. If yo intend on streaming 8 KB or less of each file at a time, and yo do not plan on concrrently streaming the files, it is recommended that yo do not dedplicate the files. Data replication and backp with dedplication 195

196 Dedplication with SmartDedpe Shadow store considerations Dedplication is most effective when applied to static or archived files and directories. The less files are modified, the less negative impact dedplication has on the clster. For example, virtal machines often contain several copies of identical files that are rarely modified. Dedplicating a large nmber of virtal machines can greatly decrease the amont of storage space consmed. SmartDedpe will not dedplicate redndant information within a file. If a file contains mltiple identical data blocks, SmartDedpe will not dedplicate that data nless another file contains the identical block. SmartDedpe dedplicates directories that contain iscsi LUNs the same as other directories. Shadow stores are hidden files that are referenced by cloned and dedplicated files. Files that reference shadow stores behave differently than other files. SmartDedpe license fnctionality Reading shadow-store references might be slower than reading data directly. Specifically, reading non-cached shadow-store references is slower than reading noncached data. Reading cached shadow-store references takes no more time than reading cached data. When files that reference shadow stores are replicated to another Isilon clster or backed p to a Network Data Management Protocol (NDMP) backp device, the shadow stores are not transferred to the target Isilon clster or backp device. The files are transferred as if they contained the data that they reference from shadow stores. On the target Isilon clster or backp device, the files consme the same amont of space as if they had not referenced shadow stores. When OneFS creates a shadow store, OneFS assigns the shadow store to a storage pool of a file that references the shadow store. If yo delete the storage pool that a shadow store resides on, the shadow store is moved to a pool occpied by another file that references the shadow store. OneFS does not delete a shadow store block immediately after the last reference to the block is deleted. Instead, OneFS waits ntil the ShadowStoreDelete job is rn to delete the nreferenced block. If a large nmber of nreferenced blocks exist on the clster, OneFS might report a negative dedplication savings ntil the ShadowStoreDelete job is rn. Shadow stores are protected at least as mch as the most protected file that references it. For example, if one file that references a shadow store resides in a storage pool with +2 protection and another file that references the shadow store resides in a storage pool with +3 protection, the shadow store is protected at +3. Qotas accont for files that reference shadow stores as if the files contained the data referenced from shadow stores; from the perspective of a qota, shadow store references do not exist. However, if a qota incldes data protection overhead, the qota does not accont for the data protection overhead of shadow stores. Yo can dedplicate data only if yo activate a SmartDedpe license on a clster. However, yo can assess dedplication savings withot activating a SmartDedpe license. If yo activate a SmartDedpe license, and then dedplicate data, the space savings are not lost if the license becomes inactive. Yo can also still view dedplication savings 196 OneFS 7.1 Web Administration Gide

197 Dedplication with SmartDedpe Managing dedplication Assess dedplication space savings while the license is inactive. However, yo will not be able to dedplicate additional data ntil yo re-activate the SmartDedpe license. Yo can manage dedplication on a clster by first assessing how mch space yo can save by dedplicating individal directories. After yo determine which directories are worth dedplicating, yo can configre SmartDedpe to dedplicate those directories specifically. Yo can then monitor the actal amont of disk space yo are saving. Yo can assess the amont of disk space yo will save by dedplicating a directory. Procedre Specify dedplication settings 1. Click File System Management > Dedplication > Settings. 2. In the Assess Dedplication area, click Browse and select a directory that yo want to dedplicate. If yo assess mltiple directories, disk savings are not differentiated by directory in the dedplication report. 3. Click Clster Management > Job Operations > Job Types. 4. In the Job Types table, in the row of the DedpeAssessment job, from the Actions colmn, select Start Job. 5. Click Clster Management > Job Operations > Job Smmary. 6. Wait for the assessment job to complete. When the DedpeAssessment job is complete, the job is removed from the Active Jobs table. 7. Click File System Management > Dedplication > Smmary. In the Dedplication Assessment Reports table, in the row of the most recent assessment job, click View Details. 8. View the amont of disk space that will be saved if yo dedplicate the directory. The nmber of blocks that will be dedplicated is displayed in the Dedped blocks field. Yo can specify which directories yo want to dedplicate. Procedre 1. Click File System Management > Dedplication > Settings. 2. In the Dedplication Settings area, click Browse and select a directory that yo want to dedplicate. 3. Optional: Specify additional directories. a. Click Add another directory path. b. Click Browse and select a directory that yo want to dedplicate. 4. Click Clster Management > Job Operations > Jobs Types. 5. In the Jobs table, in the row of the Dedpe job, click View/Edit. Managing dedplication 197

198 Dedplication with SmartDedpe 6. Click Edit Job Type. View dedplication space savings 7. Modify the settings of the dedplication job, and then click Save Changes. Yo can view the amont of disk space that yo are crrently saving with dedplication. Procedre View a dedplication report 1. Click File System Management > Dedplication > Smmary. 2. In the Dedplication Savings area, view the amont of disk space saved. After a dedplication job completes, yo can view information abot the job in a dedplication report. Procedre 1. Click File System Management > Dedplication > Smmary. 2. Select a dedplication report. Dedplication job report information To view a report abot a dedplication job, in the Dedplication Reports table, click View Report. To view a report abot a dedplication assessment job, in the Dedplication Assessment Reports table, click View Report. Yo can view the following dedplication specific information in dedplication job reports: Start time The time the dedplication job started. End time The time the dedplication job ended. Iteration Cont The nmber of times that SmartDedpe interrpted the sampling process. If SmartDedpe is sampling a large amont of data, SmartDedpe might interrpt sampling in order to start dedplicating the data. After SmartDedpe finishes dedplicating the sampled data, SmartDedpe will contine sampling the remaining data. Scanned blocks The total nmber of blocks located nderneath the specified dedplicated directories. Sampled blocks The nmber of blocks that SmartDedpe created index entries for. Dedped blocks The nmber of blocks that were dedplicated. Dedpe percent The percentage of scanned blocks that were dedplicated. 198 OneFS 7.1 Web Administration Gide

199 Dedplication with SmartDedpe Created dedpe reqests The total nmber of dedplication reqests created. A dedplication reqest is created for each matching pair of data blocks. For example, if yo have 3 data blocks that all match, SmartDedpe creates 2 reqests. One of the reqests cold pair file1 and file2 together and the other reqest cold pair file2 and file3 together. Sccessfl dedpe reqests The nmber of dedplication reqests that completed sccessflly. Failed dedpe reqests The nmber of dedplication reqests that failed. If a dedplication reqest fails, it doesn't mean that the job failed too. A dedplication reqest can fail for any nmber of reasons. For example, the file might have been modified since it was sampled. Skipped files The nmber of files that were not scanned by the dedplication job. SmartDedpe skips files for a nmber of reasons. For example, SmartDedpe skips files that have already been scanned and haven't been modified since. SmartDedpe also skips all files that are smaller than 4 KB. Index entries The nmber of entries that crrently exist in the index. Index lookp attempts The total nmber of lookps that have been done by earlier dedplication jobs pls the nmber of lookps done by this dedplication job. A lookp is when the dedplication job attempts to match a block that was indexed with a block that hasn't been indexed. Index lookp hits The nmber of blocks that matched index entries. Dedplication information Yo can view the amont of disk space saved by dedplication in the Dedplication Savings area: Space Savings The total amont of physical disk space saved by dedplication, inclding protection overhead and metadata. For example, if yo have three identical files that are all 5 GB, the estimated physical saving wold be greater than 10 GB, becase dedplication saved space that wold have been occpied by file metadata and protection overhead. Dedplicated data The amont of space on the clster occpied by directories that were dedplicated. Other data The amont of space on the clster occpied by directories that were not dedplicated. Dedplication information 199

200

201 CHAPTER 11 Data replication with SyncIQ This section contains the following topics: SyncIQ backp and recovery overview Replication policies and jobs Replication snapshots Data failover and failback with SyncIQ Recovery times and objectives for SyncIQ SyncIQ license fnctionality Creating replication policies Managing replication to remote clsters Initiating data failover and failback with SyncIQ Performing disaster recovery for SmartLock directories Managing replication policies Managing replication to the local clster Managing replication performance rles Managing replication reports Managing failed replication jobs Data replication with SyncIQ 201

202 Data replication with SyncIQ SyncIQ backp and recovery overview Replication policies and jobs OneFS enables yo to replicate data from one Isilon clster to another throgh the SyncIQ software modle. Yo mst activate a SyncIQ license on both Isilon clsters before yo can replicate data between them. Yo can replicate data at the directory level while optionally exclding specific files and sb-directories from being replicated. SyncIQ creates and references snapshots to replicate a consistent point-in-time image of a root directory. Metadata sch as access control lists (ACLs) and alternate data streams (ADS) are replicated along with data. SyncIQ enables yo to maintain a consistent backp copy of yor data on another Isilon clster. SyncIQ offers atomated failover and failback capabilities that enable yo to contine operations on another Isilon clster if a primary clster becomes navailable. Data replication is coordinated according to replication policies and jobs. Replication policies specify what data is replicated, where the data is replicated to, and how often the data is replicated. Replication jobs are the operations that replicate data from one Isilon clster to another. SyncIQ generates replication jobs according to replication policies. A replication policy specifies two clsters: the sorce and the target. The clster on which the replication policy exists is the sorce clster. The clster that data is being replicated to is the target clster. When a replication policy starts, SyncIQ generates a replication job for the policy. When a replication job rns, files from a directory on the sorce clster are replicated to a directory on the target clster; these directories are known as sorce and target directories. After the first replication job created by a replication policy finishes, the target directory and all files contained in the target directory are set to a read-only state, and can be modified only by other replication jobs belonging to the same replication policy. There is no limit to the nmber of replication policies that can exist on a clster. Note 202 OneFS 7.1 Web Administration Gide To prevent permissions errors, make sre that ACL policy settings are the same across sorce and target clsters. Yo can create two types of replication policies: synchronization policies and copy policies. A synchronization policy maintains an exact replica of the sorce directory on the target clster. If a file or sb-directory is deleted from the sorce directory, the file or directory is deleted from the target clster when the policy is rn again. Yo can se synchronization policies to fail over and fail back data between sorce and target clsters. When a sorce clster becomes navailable, yo can fail over data on a target clster and make the data available to clients. When the sorce clster becomes available again, yo can fail back the data to the sorce clster. A copy policy maintains recent versions of the files that are stored on the sorce clster. However, files that are deleted on the sorce clster are not deleted from the target clster. Failback is not spported for copy policies. Copy policies are most commonly sed for archival prposes. Copy policies enable yo to remove files from the sorce clster withot losing those files on the target clster. Deleting files on the sorce clster improves performance on the sorce clster while maintaining the deleted files on the target clster. This can be sefl

203 Data replication with SyncIQ Atomated replication policies Sorce and target clster association if, for example, yor sorce clster is being sed for prodction prposes and yor target clster is being sed only for archiving. After creating a job for a replication policy, SyncIQ mst wait ntil the job completes before it can create another job for the policy. Any nmber of replication jobs can exist on a clster at a given time; however, only five replication jobs can rn on a sorce clster at the same time. If more than five replication jobs exist on a clster, the first five jobs rn while the others are qeed to rn. The nmber of replication jobs that a single target clster can spport concrrently is dependent on the nmber of workers available on the target clster. Yo can replicate any nmber of files and directories with a single replication job. Yo can prevent a large replication job from overwhelming the system by limiting the amont of clster resorces and network bandwidth that data synchronization is allowed to consme. Becase each node in a clster is able to send and receive data, the speed at which data is replicated increases for larger clsters. Yo can manally start a replication policy at any time, bt yo can also configre replication policies to start atomatically based on sorce directory modifications or a schedle. Yo can configre a replication policy to rn according to a schedle, so that yo can control when replication is performed. Yo can also configre a replication policy to start when SyncIQ detects a modification to the sorce directory, so that SyncIQ maintains a more crrent version of yor data on the target clster. Schedling a policy can be sefl nder the following conditions: Yo want to replicate data when ser activity is minimal Yo can accrately predict when modifications will be made to the data Configring a policy to start when changes are made to the sorce directory can be sefl nder the following conditions: Yo want retain a consistent copy of yor data at all times Yo are expecting a large nmber of changes at npredictable intervals For policies that are configred to start whenever changes are made to the sorce directory, SyncIQ checks the sorce directories every ten seconds. SyncIQ does not accont for exclded files or directories when detecting changes, so policies that exclde files or directories from replication might be rn nnecessarily. For example, assme that newpolicy replicates /ifs/data/media bt excldes /ifs/data/media/temp. If a modification is made to /ifs/data/media/temp/file.txt, SyncIQ will rn newpolicy, bt will not replicate /ifs/data/media/temp/file.txt. If a policy is configred to start whenever changes are made to its sorce directory, and a replication job fails, SyncIQ will wait one minte before attempting to rn the policy again. SyncIQ will increase this delay exponentially for each failre p to a maximm delay of eight hors. Yo can override the delay by rnning the policy manally at any time. After a job for the policy completes sccessflly, SyncIQ will resme checking the sorce directory every ten seconds. SyncIQ associates a replication policy with a target clster by marking the target clster when the job rns for the first time. Even if yo modify the name or IP address of the Atomated replication policies 203

204 Data replication with SyncIQ target clster, the mark persists on the target clster. When a replication policy is rn, SyncIQ checks the mark to ensre that data is being replicated to the correct location. On the target clster, yo can manally break an association between a replication policy and target directory. Breaking the association between a sorce and target clster cases the mark on the target clster to be deleted. Yo might want to manally break a target association if an association is obsolete. If yo break the association of a policy, the policy is disabled on the sorce clster and yo cannot rn the policy. If yo want to rn the disabled policy again, yo mst reset the replication policy. Note Fll and differential replication Breaking a policy association cases either a fll or differential replication to occr the next time yo rn the replication policy. Dring a fll or differential replication, SyncIQ creates a new association between the sorce and target clsters. Depending on the amont of data being replicated, a fll or differential replication can take a very long time to complete. If a replication policy enconters an isse that cannot be fixed (for example, if the association was broken on the target clster), yo might need to reset the replication policy. If yo reset a replication policy, SyncIQ performs either a fll or differential replication the next time the policy is rn. Yo can specify the type of replication that SyncIQ performs. Dring a fll replication, SyncIQ transfers all data from the sorce clster regardless of what data exists on the target clster. A fll replication consmes large amonts of network bandwidth and can take a very long time to complete. However, a fll replication is less strenos on CPU sage than a differential replication. Dring a differential replication, SyncIQ first checks whether a file already exists on the target clster and then transfers only data that does not already exist on the target clster. A differential replication consmes less network bandwidth than a fll replication; however, differential replications consme more CPU. Differential replication can be mch faster than a fll replication if there is an adeqate amont of available CPU for the differential replication job to consme. Controlling replication job resorce consmption Yo can create rles that limit the network traffic created and the rate at which files are sent by replication jobs. Yo can also specify the nmber of workers that are spawned by a replication policy to limit the amont of clster resorces that are consmed. Also, yo can restrict a replication policy to connect only to a specific storage pool. Yo can create network-traffic rles that control the amont of network traffic generated by replication jobs dring specified time periods. These rles can be sefl if, for example, yo want to limit the amont of network traffic created dring other resorceintensive operations. Yo can create mltiple network traffic rles to enforce different limitations at different times. For example, yo might allocate a small amont of network bandwidth dring peak bsiness hors, bt allow nlimited network bandwidth dring non-peak hors. When a replication job rns, OneFS generates workers on the sorce and target clster. Workers on the sorce clster send data while workers on the target clster write data. OneFS generates no more than 40 workers for a replication job. Yo can modify the maximm nmber of workers generated per node to control the amont of resorces that a replication job is allowed to consme. For example, yo can increase the maximm 204 OneFS 7.1 Web Administration Gide

205 Data replication with SyncIQ nmber of workers per node to increase the speed at which data is replicated to the target clster. Yo can also redce resorce consmption throgh file-operation rles that limit the rate at which replication policies are allowed to send files. However, it is recommended that yo only create file-operation rles if the files yo intend to replicate are predictably similar in size and not especially large. Replication reports After a replication job completes, SyncIQ generates a report that contains detailed information abot the job, inclding how long the job ran, how mch data was transferred, and what errors occrred. If a replication report is interrpted, SyncIQ might create a sbreport abot the progress of the job so far. If the job is then restarted, SyncIQ creates another sbreport abot the progress of the job ntil the job either completes or is interrpted again. SyncIQ creates a sbreport each time the job is interrpted ntil the job completes sccessflly. If mltiple sbreports are created for a job, SyncIQ combines the information from the sbreports into a single report. SyncIQ rotinely deletes replication reports. Yo can specify the maximm nmber of replication reports that SyncIQ retains and the length of time that SyncIQ retains replication reports. If the maximm nmber of replication reports is exceeded on a clster, SyncIQ deletes the oldest report each time a new report is created. Yo cannot cstomize the content of a replication report. Note If yo delete a replication policy, SyncIQ atomatically deletes any reports that were generated for that policy. Replication snapshots Sorce clster snapshots SyncIQ generates snapshots to facilitate replication, failover, and failback between Isilon clsters. Snapshots generated by SyncIQ can also be sed for archival prposes on the target clster. SyncIQ generates snapshots on the sorce clster to ensre that a consistent point-intime image is replicated and that naltered data is not sent to the target clster. Before rnning a replication job, SyncIQ creates a snapshot of the sorce directory. SyncIQ then replicates data according to the snapshot rather than the crrent state of the clster, allowing sers to modify sorce-directory files while ensring that an exact pointin-time image of the sorce directory is replicated. For example, if a replication job of /ifs/data/dir/ starts at 1:00 PM and finishes at 1:20 PM, and /ifs/data/dir/file is modified at 1:10 PM, the modifications are not reflected on the target clster, even if /ifs/data/dir/file is not replicated ntil 1:15 PM. Yo can replicate data according to a snapshot generated with the SnapshotIQ tool. If yo replicate data according to a SnapshotIQ snapshot, SyncIQ does not generate another snapshot of the sorce directory. This method can be sefl if yo want to replicate identical copies of data to mltiple Isilon clsters. Replication reports 205

206 Data replication with SyncIQ Target clster snapshots SyncIQ generates sorce snapshots to ensre that replication jobs do not transfer nmodified data. When a job is created for a replication policy, SyncIQ checks whether it is the first job created for the policy. If it is not the first job created for the policy, SyncIQ compares the snapshot generated for the earlier job with the snapshot generated for the new job. SyncIQ replicates only data that has changed since the last time a snapshot was generated for the replication policy. When a replication job is completed, SyncIQ deletes the previos sorce-clster snapshot and retains the most recent snapshot ntil the next job is rn. When a replication job is rn, SyncIQ generates a snapshot on the target clster to facilitate failover operations. When the next replication job is created for the replication policy, the job creates a new snapshot and deletes the old one. If a SnapshotIQ license has been activated on the target clster, yo can configre a replication policy to generate additional snapshots that remain on the target clster even as sbseqent replication jobs rn. SyncIQ generates target snapshots to facilitate failover on the target clster regardless of whether a SnapshotIQ license has been configred on the target clster. Failover snapshots are generated when a replication job completes. SyncIQ retains only one failover snapshot per replication policy, and deletes the old snapshot after the new snapshot is created. If a SnapshotIQ license has been activated on the target clster, yo can configre SyncIQ to generate archival snapshots on the target clster that are not atomatically deleted when sbseqent replication jobs rn. Archival snapshots contain the same data as the snapshots that are generated for failover prposes. However, yo can configre how long archival snapshots are retained on the target clster. Yo can access archival snapshots the same way that yo access other snapshots generated on a clster. Data failover and failback with SyncIQ SyncIQ enables yo to perform atomated data failover and failback operations between Isilon clsters. If a clster is rendered nsable, yo can fail over to another Isilon clster, enabling clients to access to access their data on the other clster. If the nsable clster becomes accessible again, yo can fail back to the original Isilon clster. For the prposes of explaining failover and failback procedres, the clster originally accessed by clients is referred to as the primary clster, and the clster that client data is originally replicated to is referred to as the secondary clster. Failover is the process that allows clients to modify data on a secondary clster. Failback is the process that allows clients to access data on the primary clster again and begins to replicate data back to the secondary clster. Failover and failback can be sefl in disaster recovery procedres. For example, if a primary clster is damaged by a natral disaster, yo can migrate clients to a secondary clster ntil the primary clster is repaired and then migrate the clients back to the primary clster. Yo can fail over and fail back to facilitate schedled clster maintenance. For example, if yo are pgrading the primary clster, yo might want to migrate clients to a secondary clster ntil the pgrade is complete and then migrate clients back to the primary clster. 206 OneFS 7.1 Web Administration Gide

207 Data replication with SyncIQ Note Data failover and failback is not spported for SmartLock directories. Data failover Data failover is the process of preparing data on a secondary clster to be modified by clients. After yo fail over to a secondary clster, yo can redirect clients to modify their data on the secondary clster. Before failover is performed, yo mst create and rn a replication policy on the primary clster. Yo initiate the failover process on the secondary clster. Failover is performed per replication policy; to migrate data that is spread across mltiple replication policies, yo mst initiate failover for each replication policy. Yo can se any replication policy to fail over. However, if the action of the replication policy is set to copy, any file that was deleted on the primary clster will be present on the secondary clster. When the client connects to the secondary clster, all files that were deleted on the primary clster will be available to the client. If yo initiate failover for a replication policy while an associated replication job is rnning, the failover operation completes bt the replication job fails. Becase data might be in an inconsistent state, SyncIQ ses the snapshot generated by the last sccessfl replication job to revert data on the secondary clster to the last recovery point. If a disaster occrs on the primary clster, any modifications to data that were made after the last sccessfl replication job started are not reflected on the secondary clster. When a client connects to the secondary clster, their data appears as it was when the last sccessfl replication job was started. Data failback Data failback is the process of restoring clsters to the roles they occpied before a failover operation. After data failback is complete, the primary clster hosts clients and replicates data to the secondary clster for backp. The first step in the failback process is pdating the primary clster with all of the modifications that were made to the data on the secondary clster. The next step in the failback process is preparing the primary clster to be accessed by clients. The final step in the failback process is resming data replication from the primary to the secondary clster. At the end of the failback process, yo can redirect sers to resme accessing their data on the primary clster. Yo can fail back data with any replication policy that meets all of the following criteria: The sorce directory is not a SmartLock directory. The policy has been failed over. The policy is a synchronization policy. The policy does not exclde any files or directories from replication. Recovery times and objectives for SyncIQ The Recovery Point Objective (RPO) and the Recovery Time Objective (RTO) are measrements of the impacts that a disaster can have on bsiness operations. Yo can calclate yor RPO and RTO for a disaster recovery with replication policies. RPO is the maximm amont of time for which data is lost if a clster sddenly becomes navailable. For an Isilon clster, the RPO is the amont of time that has passed since Data failover 207

208 Data replication with SyncIQ SyncIQ license fnctionality Creating replication policies Exclding directories in replication the last completed replication job started. The RPO is never greater than the time it takes for two consective replication jobs to rn and complete. If a disaster occrs while a replication job is rnning, the data on the secondary clster is reverted to the state it was in when the last replication job completed. For example, consider an environment in which a replication policy is schedled to rn every three hors, and replication jobs take two hors to complete. If a disaster occrs an hor after a replication job begins, the RPO is for hors, becase it has been for hors since a completed job began replicating data. RTO is the maximm amont of time reqired to make backp data available to clients after a disaster. The RTO is always less than or approximately eqal to the RPO, depending on the rate at which replication jobs are created for a given policy. If replication jobs rn continosly, meaning that another replication job is created for the policy before the previos replication job completes, the RTO is approximately eqal to the RPO. When the secondary clster is failed over, the data on the clster is reset to the state it was in when the last job completed; resetting the data takes an amont of time proportional to the time it took sers to modify the data. If replication jobs rn on an interval, meaning that there is a period of time after a replication job completes before the next replication job for the policy starts, the relationship between RTO and RPO depends on whether a replication job is rnning when the disaster occrs. If a job is in progress when a disaster occrs, the RTO is roghly eqal to the RPO. However, if a job is not rnning when a disaster occrs, the RTO is negligible becase the secondary clster was not modified since the last replication job ran, and the failover process is almost instantaneos. Yo can replicate data to another Isilon clster only if yo activate a SyncIQ license on both the local clster and the target clster. If a SyncIQ license becomes inactive, yo cannot create, rn, or manage replication policies. Also, all previosly created replication policies are disabled. Replication policies that target the local clster are also disabled. However, data that was previosly replicated to the local clster is still available. Yo can create replication policies that determine when data is replicated with SyncIQ. Yo can exclde directories from being replicated by replication policies even if the directories exist nder the specified sorce directory. Note Yo cannot fail back replication policies that exclde directories. By defalt, all files and directories nder the sorce directory of a replication policy are replicated to the target clster. However, yo can prevent directories nder the sorce directory from being replicated. If yo specify a directory to exclde, files and directories nder the exclded directory are not replicated to the target clster. If yo specify a directory to inclde, only the files and 208 OneFS 7.1 Web Administration Gide

209 Data replication with SyncIQ Exclding files in replication directories nder the inclded directory are replicated to the target clster; any directories that are not contained in an inclded directory are exclded. If yo both inclde and exclde directories, any exclded directories mst be contained in one of the inclded directories; otherwise, the exclded-directory setting has no effect. For example, consider a policy with the following settings: The root directory is /ifs/data The inclded directories are /ifs/data/media/msic and /ifs/data/ media/movies The exclded directories are /ifs/data/archive and /ifs/data/media/ msic/working In this example, the setting that excldes the /ifs/data/archive directory has no effect becase the /ifs/data/archive directory is not nder either of the inclded directories. The /ifs/data/archive directory is not replicated regardless of whether the directory is explicitly exclded. However, the setting that excldes the /ifs/data/ media/msic/working directory does have an effect, becase the directory wold be replicated if the setting was not specified. In addition, if yo exclde a directory that contains the sorce directory, the excldedirectory setting has no effect. For example, if the root directory of a policy is /ifs/ data, explicitly exclding the /ifs directory does not prevent /ifs/data from being replicated. Any directories that yo explicitly inclde or exclde mst be contained in or nder the specified root directory. For example, consider a policy in which the specified root directory is /ifs/data. In this example, yo cold inclde both the /ifs/data/ media and the /ifs/data/sers/ directories becase they are nder /ifs/data. Exclding directories from a synchronization policy does not case the directories to be deleted on the target clster. For example, consider a replication policy that synchronizes /ifs/data on the sorce clster to /ifs/data on the target clster. If the policy excldes /ifs/data/media from replication, and /ifs/data/media/ file exists on the target clster, rnning the policy does not case /ifs/data/ media/file to be deleted from the target clster. If yo do not want specific files to be replicated by a replication policy, yo can exclde them from the replication process throgh file-matching criteria statements. Yo can configre file-matching criteria statements dring the replication-policy creation process. Note Yo cannot fail back replication policies that exclde files. A file-criteria statement can inclde one or more elements. Each file-criteria element contains a file attribte, a comparison operator, and a comparison vale. Yo can combine mltiple criteria elements in a criteria statement with Boolean "AND" and "OR" operators. Yo can configre any nmber of file-criteria definitions. Configring file-criteria statements can case the associated jobs to rn slowly. It is recommended that yo specify file-criteria statements in a replication policy only if necessary. Modifying a file-criteria statement will case a fll replication to occr the next time that a replication policy is started. Depending on the amont of data being replicated, a fll replication can take a very long time to complete. Exclding files in replication 209

210 Data replication with SyncIQ For synchronization policies, if yo modify the comparison operators or comparison vales of a file attribte, and a file no longer matches the specified file-matching criteria, the file is deleted from the target the next time the job is rn. This rle does not apply to copy policies. File criteria options Yo can configre a replication policy to exclde files that meet or do not meet specific criteria. Yo can specify file criteria based on the following file attribtes: Date created Incldes or excldes files based on when the file was created. This option is available for copy policies only. Yo can specify a relative date and time, sch as "two weeks ago", or specific date and time, sch as "Janary 1, 2012." Time settings are based on a 24-hor clock. Date accessed Incldes or excldes files based on when the file was last accessed. This option is available for copy policies only, and only if the global access-time-tracking option of the clster is enabled. Yo can specify a relative date and time, sch as "two weeks ago", or specific date and time, sch as "Janary 1, 2012." Time settings are based on a 24-hor clock. Date modified Incldes or excldes files based on when the file was last modified. This option is available for copy policies only. Yo can specify a relative date and time, sch as "two weeks ago", or specific date and time, sch as "Janary 1, 2012." Time settings are based on a 24-hor clock. 210 OneFS 7.1 Web Administration Gide

211 Data replication with SyncIQ File name Incldes or excldes files based on the file name. Yo can specify to inclde or exclde fll or partial names that contain specific text. The following wildcard characters are accepted: Note Alternatively, yo can filter file names by sing POSIX reglar-expression (regex) text. Isilon clsters spport IEEE Std (POSIX.2) reglar expressions. For more information abot POSIX reglar expressions, see the BSD man pages. Table 14 Replication file matching wildcards Wildcard Description - - * Matches any string in place of the asterisk. For example, m* matches movies and m123. [ ] Matches any characters contained in the brackets, or a range of characters separated by a dash. For example, b[aei]t matches bat, bet, and bit. For example, 1[4-7]2 matches 142, 152, 162, and 172. Yo can exclde characters within brackets by following the first bracket with an exclamation mark. For example, b[!ie] matches bat bt not bit or bet. Yo can match a bracket within a bracket if it is either the first or last character. For example, [[c]at matches cat and [at. Yo can match a dash within a bracket if it is either the first or last character. For example, car[-s] matches cars and car-.? Matches any character in place of the qestion mark. For example, t?p matches tap, tip, and top. Path Incldes or excldes files based on the file path. This option is available for copy policies only. Yo can specify to inclde or exclde fll or partial paths that contain specified text. Yo can also inclde the wildcard characters *,?, and [ ]. Size Incldes or excldes files based on their size. Note File sizes are represented in mltiples of 1024, not File criteria options 211

212 Data replication with SyncIQ Type Incldes or excldes files based on one of the following file-system object types: Soft link Reglar file Directory Configre defalt replication policy settings Yo can configre defalt settings for replication policies. If yo do not modify these settings when creating a replication policy, the specified defalt settings are applied. Procedre 1. Click Data Protection > SyncIQ > Settings. 2. In the Defalt Policy Settings section, specify how yo want replication policies to connect to target clsters by selecting one of the following options: Click Connect to any nodes in the clster. Click Connect to only the nodes in the sbnet and pool if the target clster name specifies a SmartConnect zone. 3. Specify which nodes yo want replication policies to connect to when a policy is rn. Options Connect policies to all nodes on a sorce clster. Connect policies only to nodes contained in a specified sbnet and pool. Description Click Rn the policy on all nodes in this clster. a. Click Rn the policy only on nodes in the specified sbnet and pool. b. From the Sbnet and pool list, select the sbnet and pool. Note Create a replication policy SyncIQ does not spport dynamically allocated IP address pools. If a replication job connects to a dynamically allocated IP address, SmartConnect might reassign the address while a replication job is rnning, which wold disconnect the job and case it to fail. 4. Click Sbmit. 212 OneFS 7.1 Web Administration Gide Yo can create a replication policy with SyncIQ that defines how and when data is replicated to another Isilon clster. Configring a replication policy is a five-step process. Configre replication policies careflly. If yo modify any of the following policy settings after the policy is rn, OneFS performs either a fll or differential replication the next time the policy is rn: Sorce directory Inclded or exclded directories File-criteria statement

213 Data replication with SyncIQ Target clster name or address This applies only if yo target a different clster. If yo modify the IP or domain name of a target clster, and then modify the replication policy on the sorce clster to match the new IP or domain name, a fll replication is not performed. Target directory Configre basic policy settings Yo mst configre basic settings for a replication policy. Procedre 1. Click Data Protection > SyncIQ > Policies. 2. Click Create a SyncIQ policy. 3. In the Settings area, in the Policy name field, type a name for the replication policy. 4. Optional: In the Description field, type a description for the replication policy. 5. In the Action area, specify the type of replication policy. To copy all files from the sorce directory to the target directory, click Copy. Note Failback is not spported for copy policies. To copy all files from the sorce directory to the target directory and delete any files on the target directory that are not in the sorce directory, click Synchronize. 6. In the Rn job area, specify whether replication jobs will be rn. Options Rn jobs only when manally initiated by a ser. Rn jobs atomatically according to a schedle. Rn jobs atomatically every time a change is made to the sorce directory. Description Click Only manally. a. Click On a schedle. b. Specify a schedle. If yo configre a replication policy to rn more than once a day, yo cannot configre the interval to span across two calendar days. For example, yo cannot configre a replication policy to rn every hor starting at 7:00 PM and ending at 1:00 AM. Click Whenever the sorce is modified. After yo finish The next step in the process of creating a replication policy is specifying sorce directories and files. Create a replication policy 213

214 Data replication with SyncIQ Specify sorce directories and files Yo mst specify the directories and files yo want to replicate. Procedre 1. In the Sorce Clster area, in the Sorce Root Directory field, type the fll path of the sorce directory that yo want to replicate to the target clster. Yo mst specify a directory contained in /ifs. Yo cannot specify the / ifs/.snapshot directory or sbdirectory of it. 2. Optional: Prevent specific sbdirectories of the root directory from being replicated. To inclde a directory, in the Inclded Directories area, click Add a directory path. To exclde a directory, in the Exclded Directories area, click Add a directory path. 3. Optional: Prevent specific files from being replicated by specifying file matching criteria. a. In the File Matching Criteria area, select a filter type. b. Select an operator. c. Type a vale. Files that do not meet the specified criteria will not be replicated to the target clster. For example, if yo specify File Type doesn't match.txt, SyncIQ will not replicate any files with the.txt file extension. If yo specify Created after 08/14/2013, SyncIQ will not replicate any files created before Agst 14th, If yo want to specify more than one file matching criterion, yo can control how the criteria relate to each other by clicking either Add an "Or" condition or Add an "And" condition. 4. Specify which nodes yo want the replication policy to connect to when the policy is rn. Options Connect the policy to all nodes in the sorce clster. Connect the policy only to nodes contained in a specified sbnet and pool. Description Click Rn the policy on all nodes in this clster. a. Click Rn the policy only on nodes in the specified sbnet and pool. b. From the Sbnet and pool list, select the sbnet and pool. Note SyncIQ does not spport dynamically allocated IP address pools. If a replication job connects to a dynamically allocated IP address, SmartConnect might reassign the address while a replication job is rnning, which wold disconnect the job and case it to fail. After yo finish The next step in the process of creating a replication policy is specifying the target directory. 214 OneFS 7.1 Web Administration Gide

215 Data replication with SyncIQ Specify the policy target directory Yo mst specify a target clster and directory to replicate data to. Procedre 1. In the Target Clster area, in the Target Host field, type one of the following: The flly qalified domain name of any node in the target clster. The host name of any node in the target clster. The name of a SmartConnect zone in the target clster. The IPv4 or IPv6 address of any node in the target clster. localhost Note This will replicate data to another directory on the local clster. SyncIQ does not spport dynamically allocated IP address pools. If a replication job connects to a dynamically allocated IP address, SmartConnect might reassign the address while a replication job is rnning, which wold disconnect the job and case it to fail. 2. In the Target Directory field, type the absolte path of the directory on the target clster that yo want to replicate data to. CAUTION If yo specify an existing directory on the target clster, ensre that the directory is not the target of another replication policy. If this is a synchronization policy, ensre that the directory is empty. All files are deleted from the target of a synchronization policy the first time the policy is rn. If the specified target directory does not already exist on the target clster, the directory is created the first time the job is rn. It is recommended that yo do not specify the /ifs directory. If yo specify the /ifs directory, the entire target clster is set to a read-only state, preventing yo from storing any other data on the clster. If this is a copy policy, and files in the target directory share the same name as files in the sorce directory, the target directory files are overwritten when the job is rn. 3. If yo want replication jobs to connect only to the nodes inclded in the SmartConnect zone specified by the target clster, click Connect only to the nodes within the target clster SmartConnect Zone. After yo finish Configre policy target snapshot settings The next step in the process of creating a replication policy is specifying policy target snapshot settings. Yo can optionally specify how archival snapshots are generated on the target clster. Yo can access archival snapshots the same way that yo access SnapshotIQ snapshots. SyncIQ always retains one snapshot on the target clster to facilitate failover, regardless of these settings. Create a replication policy 215

216 Data replication with SyncIQ Procedre 1. To create archival snapshots on the target clster, in the Target Snapshots area, click Captre snapshots on the target clster. 2. Optional: To modify the defalt alias of the last snapshot created according to the replication policy, in the Snapshot Alias Name field, type a new alias. Yo can specify the alias name as a snapshot naming pattern. For example, the following naming pattern is valid: %{PolicyName}-on-%{SrcClster}-latest The previos example prodces names similar to the following: newpolicy-on-clster1-latest 3. Optional: To modify the snapshot naming pattern for snapshots created according to the replication policy, in the Snapshot Naming Pattern field, type a naming pattern. Each snapshot generated for this replication policy is assigned a name based on this pattern. For example, the following naming pattern is valid: %{PolicyName}-from-%{SrcClster}-at-%H:%M-on-%m-%d-%Y The example prodces names similar to the following: newpolicy-from-clster1-at-10:30-on Select one of the following options: Click Snapshots do not expire. Click Snapshots expire after... and specify an expiration period. After yo finish Configre advanced policy settings The next step in the process of creating a replication policy is configring advanced policy settings. Yo can optionally configre advanced settings for a replication policy. Procedre 1. Optional: In the Worker Threads Per Node field, specify the maximm nmber of concrrent processes per node that will perform replication operations. Note Do not modify the defalt setting withot conslting Isilon Technical Spport. 2. Optional: From the Log Level list, select the level of logging yo want SyncIQ to perform for replication jobs. The following log levels are valid, listed from least to most verbose: Click Error. Click Notice. 216 OneFS 7.1 Web Administration Gide Click Network Activity. Click File Activity. 3. Optional: If yo want SyncIQ to perform a checksm on each file data packet that is affected by the replication policy, select the Validate File Integrity check box. If yo enable this option, and the checksm vales for a file data packet do not match, SyncIQ retransmits the affected packet.

217 Data replication with SyncIQ 4. Optional: To modify the length of time SyncIQ retains replication reports for the policy, in the Keep Reports For area, specify a length of time. After the specified expiration period has passed for a report, SyncIQ atomatically deletes the report. Some nits of time are displayed differently when yo view a report than how they were originally entered. Entering a nmber of days that is eqal to a corresponding vale in weeks, months, or years reslts in the larger nit of time being displayed. For example, if yo enter a vale of 7 days, 1 week appears for that report after it is created. This change occrs becase SyncIQ internally records report retention times in seconds and then converts them into days, weeks, months, or years. 5. Optional: Specify whether to record information abot files that are deleted by replication jobs by selecting one of the following options: Click Record when a synchronization deletes files or directories. Click Do not record when a synchronization deletes files or directories. This option is applicable for synchronization policies only. After yo finish Save replication policy settings Create a SyncIQ domain The next step in the process of creating a replication policy is saving the replication policy settings. SyncIQ does not create replication jobs for a replication policy ntil yo save the policy. Before yo begin Review the crrent settings of the replication policy. If necessary, modify the policy settings. Procedre 1. Click Create Policy. After yo finish Yo can increase the speed at which yo can failback a replication policy by creating a SyncIQ domain for the sorce directory of the policy. Yo can create a SyncIQ domain to increase the speed at which failback is performed for a replication policy. Becase yo can fail back only synchronization policies, it is not necessary to create SyncIQ domains for copy policies. Failing back a replication policy reqires that a SyncIQ domain be created for the sorce directory. OneFS atomatically creates a SyncIQ domain dring the failback process. However, if yo intend on failing back a replication policy, it is recommended that yo create a SyncIQ domain for the sorce directory of the replication policy while the directory is empty. Creating a domain for a directory that contains less data takes less time. Procedre 1. Click Clster Management > Job Operations > Job Types. 2. In the Job Types area, in the DomainMark row, from the Actions colmn, select Start Job. 3. In the Domain Root Path field, type the path of a sorce directory of a replication policy. Create a SyncIQ domain 217

218 Data replication with SyncIQ Assess a replication policy 4. From the Type of domain list, select SyncIQ. 5. Ensre that the Delete domain check box is cleared. 6. Click Start Job. Before rnning a replication policy for the first time, yo can view statistics on the files that wold be affected by the replication withot transferring any files. This can be sefl if yo want to preview the size of the data set that will be transferred if yo rn the policy. Note Yo can assess only replication policies that have never been rn before. Procedre 1. Click Data Protection > SyncIQ > Policies. 2. In the SyncIQ Policies table, in the row of a replication policy, from the Actions colmn, select Assess Sync. 3. Click Data Protection > SyncIQ > Smmary. 4. After the job completes, in the SyncIQ Recent Reports table, in the row of the replication job, click View Details. The report displays the total amont of data that wold have been transferred in the Total Data field. Managing replication to remote clsters Start a replication job Yo can manally rn, view, assess, pase, resme, cancel, resolve, and reset replication jobs that target other clsters. After a policy job starts, yo can pase the job to sspend replication activities. Afterwards, yo can resme the job, contining replication from the point where the job was interrpted. Yo can also cancel a rnning or pased replication job if yo want to free the clster resorces allocated for the job. A pased job reserves clster resorces whether or not the resorces are in se. A cancelled job releases its clster resorces and allows another replication job to consme those resorces. No more than five rnning and pased replication jobs can exist on a clster at a time. However, an nlimited nmber of canceled replication jobs can exist on a clster. If a replication job remains pased for more than a week, SyncIQ atomatically cancels the job. Yo can manally start a replication job for a replication policy at any time. If yo want to replicate data according to an existing snapshot, at the OneFS command prompt, rn the isi sync jobs start command with the --sorce-snapshot option. Yo cannot replicate data according to snapshots generated by SyncIQ. Procedre 1. Click Data Protection > SyncIQ > Policies. 2. In the SyncIQ Policies table, in the Actions colmn for a job, select Start Job. 218 OneFS 7.1 Web Administration Gide

219 Data replication with SyncIQ Pase a replication job Yo can pase a rnning replication job and then resme the job later. Pasing a replication job temporarily stops data from being replicated, bt does not free the clster resorces replicating the data. Procedre Resme a replication job Cancel a replication job 1. Click Data Protection > SyncIQ > Smmary. 2. In the Active Jobs table, in the Actions colmn for a job, click Pase Rnning Job. Yo can resme a pased replication job. Procedre 1. Click Data Protection > SyncIQ > Smmary. 2. In the Crrently Rnning table, in the Actions colmn for a job, click Resme Rnning Job. Yo can cancel a rnning or pased replication job. Cancelling a replication job stops data from being replicated and frees the clster resorces that were replicating data. Yo cannot resme a cancelled replication job. To restart replication, yo mst start the replication policy again. Procedre View active replication jobs 1. Click Data Protection > SyncIQ > Smmary. 2. In the Active Jobs table, in the Actions colmn for a job, click Cancel Rnning Job. Yo can view information abot replication jobs that are crrently rnning or pased. Procedre Replication job information 1. Click Data Protection > SyncIQ > Policies. 2. In the Active Jobs table, review information abot active replication jobs. Yo can view information abot replication jobs throgh the Active Jobs table. Stats The stats of the job. The following job statses are possible: Rnning The job is crrently rnning withot error. Pased The job has been temporarily pased. Policy Name The name of the associated replication policy. Started The time the job started. Pase a replication job 219

220 Data replication with SyncIQ Elapsed How mch time has elapsed since the job started. Transferred The nmber of files that have been transferred, and the total size of all transferred files. Sorce Directory The path of the sorce directory on the sorce clster. Target Host The target directory on the target clster. Actions Displays any job-related actions that yo can perform. Initiating data failover and failback with SyncIQ Yo can fail over from one Isilon clster to another if, for example, a clster becomes navailable. Yo can then fail back to a primary clster if the primary clster becomes available again. Yo can revert failover if yo decide that the failover was nnecessary, or if yo failed over for testing prposes. If yo fail over a schedled replication policy on the secondary clster, and the corresponding policy on the primary clster rns a replication job, the job might fail and the policy might be set to an nrnnable state. To resolve this, modify the replication policy so that it is set to rn only manally, resolve the policy, and complete the failback process. After yo complete the failback process, yo can modify the policy to rn according to a schedle again. Note Fail over data to a secondary clster Althogh yo cannot fail over or fail back SmartLock directories, yo can recover SmartLock directories on a target clster. After yo recover SmartLock directories, yo can migrate them back to the sorce clster. Yo can fail over to a secondary Isilon clster if, for example, a clster becomes navailable. Before yo begin Create and sccessflly rn a replication policy. Complete the following procedre for each replication policy that yo want to fail over. Procedre 1. On the secondary Isilon clster, click Data Protection > SyncIQ > Local Targets. 2. In the SyncIQ Local Targets table, in the row for a replication policy, from the Actions colmn, select Allow Writes. After yo finish Revert a failover operation 220 OneFS 7.1 Web Administration Gide Direct clients to begin accessing the secondary clster. Failover reversion ndoes a failover operation on a secondary clster, enabling yo to replicate data from the primary clster to the secondary clster again. Failover reversion

221 Data replication with SyncIQ is sefl if the primary clster becomes available before data is modified on the secondary clster or if yo failed over to a secondary clster for testing prposes. Before yo begin Fail over a replication policy. Reverting a failover operation does not migrate modified data back to the primary clster. To migrate data that clients have modified on the secondary clster, yo mst fail back to the primary clster. Complete the following procedre for each replication policy that yo want to fail over: Procedre Fail back data to a primary clster 1. Click Data Protection > SyncIQ > Local Targets. 2. In the SyncIQ Local Targets table, in the row for a replication policy, from the Actions colmn, select Disallow Writes. After yo fail over to a secondary clster, yo can fail back to the primary clster. Before yo begin Fail over a replication policy. Procedre 1. On the primary clster, click Data Protection > SyncIQ > Policies. 2. In the SyncIQ Policies table, in the row for a replication policy, from the Actions colmn, select Resync-prep. SyncIQ creates a mirror policy for each replication policy on the secondary clster. SyncIQ names mirror policies according to the following pattern: <replication-policy-name>_mirror 3. On the secondary clster, replicate data to the primary clster by sing the mirror policies. Yo can replicate data either by manally starting the mirror policies or by modifying the mirror policies and specifying a schedle. 4. Prevent clients from accessing the secondary clster and then rn each mirror policy again. To minimize impact to clients, it is recommended that yo wait ntil client access is low before preventing client access to the clster. 5. On the primary clster, click Data Protection > SyncIQ > Local Targets. 6. In the SyncIQ Local Targets table, from the Actions colmn, select Allow Writes for each mirror policy. 7. On the secondary clster, click Data Protection > SyncIQ > Policies. 8. In the SyncIQ Policies table, from the Actions colmn, select Resync-prep for each mirror policy. After yo finish Redirect clients to begin accessing the primary clster. Fail back data to a primary clster 221

222 Data replication with SyncIQ Performing disaster recovery for SmartLock directories Althogh yo cannot fail over or fail back SmartLock directories, yo can recover SmartLock directories on a target clster. After yo recover SmartLock directories, yo can migrate them back to the sorce clster. Recover SmartLock directories on a target clster Yo can recover SmartLock directories that yo have replicated to a target clster. Before yo begin Create and sccessflly rn a replication policy. Complete the following procedre for each SmartLock directory that yo want to recover. Procedre 1. On the target clster, click Data Protection > SyncIQ > Local Targets. 2. In the SyncIQ Local Targets table, in the row of the replication policy, enable writes to the target directory of the policy. If the last replication job completed sccessflly and a replication job is not crrently rnning, select Allow Writes. If a replication job is crrently rnning, wait ntil the replication job completes, and then select Allow Writes. If the primary clster became navailable while a replication job was rnning, select Break Association. 3. If yo clicked Break Association, restore any files that are left in an inconsistent state. a. Delete all files that are not committed to a WORM state from the target directory. b. Copy all files from the failover snapshot to the target directory. Failover snapshots are named according to the following naming pattern: SIQ-Failover-<policy-name>-<year>-<month>-<day>_<hor>-<minte>- <second> Snapshots are stored in the /ifs/.snapshot directory. 4. If any SmartLock directory configration settings, sch as an atocommit time period, were specified for the sorce directory of the replication policy, apply those settings to the target directory. Becase atocommit information is not transferred to the target clster, files that were schedled to be committed to a WORM state on the sorce clster will not be schedled to be committed at the same time on the target clster. To ensre that all files are retained for the appropriate time period, yo can commit all files in target SmartLock directories to a WORM state. For example, the following command atomatically commits all files in /ifs/data/smartlock to a WORM state after one minte. isi smartlock modify --path /ifs/data/smartlock --atocommit 1n After yo finish Redirect clients to begin accessing the target clster. 222 OneFS 7.1 Web Administration Gide

223 Data replication with SyncIQ Migrate SmartLock directories Yo might want to migrate SmartLock directories if yo restored the directories on a target clster, and want to transfer those directories either back to the sorce clster or to a new clster. Procedre 1. On a clster, create a replication policy for each policy that yo want to migrate. The policies mst meet the following reqirements: The sorce directory is the SmartLock directory that yo are migrating. The target directory is an empty SmartLock directory. The sorce and target directories mst be of the same SmartLock type. For example, if the target directory is a compliance directory, the sorce mst also be a compliance directory. 2. Replicate data to the target clster by rnning the policies yo created. Yo can replicate data either by manally starting the policies or by specifying a policy schedle. 3. Optional: To ensre that SmartLock protection is enforced for all files, commit all files in the SmartLock sorce directory to a WORM state. Becase atocommit information is not transferred to the target clster, files that were schedled to be committed to a WORM state on the sorce clster will not be schedled to be committed at the same time on the target clster. To ensre that all files are retained for the appropriate time period, yo can commit all files in target SmartLock directories to a WORM state. For example, the following command atomatically commits all files in /ifs/data/ smartlock to a WORM state after one minte. isi smartlock modify --path /ifs/data/smartlock --atocommit 1n This step is nnecessary if yo have not configred an atocommit time period for the SmartLock directory being replicated. 4. Prevent clients from accessing the sorce clster and rn the policy that yo created. To minimize impact to clients, it is recommended that yo wait ntil client access is low before preventing client access to the clster. 5. On the target clster, click Data Protection > SyncIQ > Local Targets. 6. In the SyncIQ Local Targets table, in the row of each replication policy, from the Actions colmn, select Allow Writes. 7. Optional: If any SmartLock directory configration settings, sch as an atocommit time period, were specified for the sorce directories of the replication policies, apply those settings to the target directories. 8. Optional: Delete the copy of yor SmartLock data on the sorce clster. If the SmartLock directories are compliance directories or enterprise directories with the privileged delete fnctionality permanently disabled, yo cannot recover the space consmed by the sorce SmartLock directories ntil all files are released from a WORM state. If yo want to free the space before files are released from a WORM state, contact Isilon Technical Spport for information abot reformatting yor clster. Migrate SmartLock directories 223

224 Data replication with SyncIQ Managing replication policies Modify a replication policy Yo can modify, view, enable and disable replication policies. Yo can modify the settings of a replication policy. If yo modify any of the following policy settings after a policy rns, OneFS performs either a fll or differential replication the next time the policy rns: Sorce directory Inclded or exclded directories File-criteria statement Target clster This applies only if yo target a different clster. If yo modify the IP or domain name of a target clster, and then modify the replication policy on the sorce clster to match the new IP or domain name, a fll replication is not performed. Target directory Procedre Delete a replication policy 1. Click Data Protection > SyncIQ > Policies. 2. In the SyncIQ Policies table, in the row for a policy, click View/Edit. 3. In the View SyncIQ Policy Details dialog box, click Edit Policy. 4. Modify the settings of the replication policy, and then click Save Changes. Yo can delete a replication policy. Once a policy is deleted, SyncIQ no longer creates replication jobs for the policy. Deleting a replication policy breaks the target association on the target clster, and allows writes to the target directory. If yo want to temporarily sspend a replication policy from creating replication jobs, yo can disable the policy, and then enable the policy again later. Procedre 1. Click Data Protection > SyncIQ > Policies. Enable or disable a replication policy 2. In the SyncIQ Policies table, in the row for a policy, select Delete Policy. 3. In the confirmation dialog box, click Delete. Yo can temporarily sspend a replication policy from creating replication jobs, and then enable it again later. Note If yo disable a replication policy while an associated replication job is rnning, the rnning job is not interrpted. However, the policy will not create another job ntil the policy is enabled. 224 OneFS 7.1 Web Administration Gide

225 Data replication with SyncIQ View replication policies Procedre 1. Click Data Protection > SyncIQ > Policies. 2. In the SyncIQ Policies table, in the row for a replication policy, select either Enable Policy or Disable Policy. If neither Enable Policy nor Disable Policy appears, verify that a replication job is not rnning for the policy. If an associated replication job is not rnning, ensre that the SyncIQ license is active on the clster. Yo can view information abot replication policies. Procedre Replication policy information Replication policy settings 1. Click Data Protection > SyncIQ > Policies. 2. In the SyncIQ Policies table, review information abot replication policies. Yo can view information abot replication policies throgh the SyncIQ Policies table. Policy Name The name of the policy. State Whether the policy is enabled or disabled. Last Known Good When the last sccessfl job ran. Schedle When the next job is schedled to rn. A vale of Manal indicates that the job can be rn only manally. A vale of When sorce is modified indicates that the job will be rn whenever changes are made to the sorce directory. Sorce Directory The path of the sorce directory on the sorce clster. Target Host : Directory The IP address or flly qalified domain name of the target clster and the fll path of the target directory. Actions Any policy-related actions that yo can perform. Yo configre replication policies to rn according to replication policy settings. Policy name The name of the policy. Description Describes the policy. For example, the description might explain the prpose or fnction of the policy. Enabled Determines whether the policy is enabled. View replication policies 225

226 Data replication with SyncIQ Action Determines the how the policy replicates data. All policies copy files from the sorce directory to the target directory and pdate files in the target directory to match files on the sorce directory. The action determines how deleting a file on the sorce directory affects the target. The following vales are valid: Copy If a file is deleted in the sorce directory, the file is not deleted in the target directory. Synchronize Deletes files in the target directory if they are no longer present on the sorce. This ensres that an exact replica of the sorce directory is maintained on the target clster. Rn job Determines whether jobs are rn atomatically according to a schedle or only when manally specified by a ser. Last Sccessfl Rn Displays the last time that a replication job for the policy completed sccessflly. Last Started Displays the last time that the policy was rn. Sorce Root Directory The fll path of the sorce directory. Data is replicated from the sorce directory to the target directory. Inclded Directories Determines which directories are inclded in replication. If one or more directories are specified by this setting, any directories that are not specified are not replicated. Exclded Directories Determines which directories are exclded from replication. Any directories specified by this setting are not replicated. File Matching Criteria Determines which files are exclded from replication. Any files that do not meet the specified criteria are not replicated. Restrict Sorce Nodes Determines whether the policy can rn on all nodes on the sorce clster or rn only on specific nodes. Target Host The IP address or flly qalified domain name of the target clster. Target Directory The fll path of the target directory. Data is replicated to the target directory from the sorce directory. Restrict Target Nodes Determines whether the policy can connect to all nodes on the target clster or can connect only to specific nodes. Captre Snapshots Determines whether archival snapshots are generated on the target clster. Snapshot Alias Name Specifies an alias for the latest archival snapshot taken on the target clster. Snapshot Naming Pattern Specifies how archival snapshots are named on the target clster. 226 OneFS 7.1 Web Administration Gide

227 Data replication with SyncIQ Snapshot Expiration Specifies how long archival snapshots are retained on the target clster before they are atomatically deleted by the system. Workers Threads Per Node Specifies the nmber of workers per node that are generated by OneFS to perform each replication job for the policy. Log Level Specifies the amont of information that is recorded for replication jobs. More verbose options inclde all information from less verbose options. The following list describes the log levels from least to most verbose: Notice Incldes job and process-level activity, inclding job starts, stops, and worker coordination information. This is the recommended log level. Error Incldes events related to specific types of failres. Network Activity Incldes more job-level activity and work-item information, inclding specific paths and snapshot names. File Activity Incldes a separate event for each action taken on a file. Do not select this option withot first conslting Isilon Technical Spport. Replication logs are typically sed for debgging prposes. If necessary, yo can log in to a node throgh the command-line interface and view the contents of the /var/log/isi_migrate.log file on the node. Validate File Integrity Determines whether OneFS performs a checksm on each file data packet that is affected by a replication job. If a checksm vale does not match, OneFS retransmits the affected file data packet. Keep Reports For Specifies how long replication reports are kept before they are atomatically deleted by OneFS. Log Deletions on Synchronization Determines whether OneFS records when a synchronization job deletes files or directories on the target clster. The following replication policy fields are available only throgh the OneFS command-line interface. Sorce Sbnet Specifies whether replication jobs connect to any nodes in the clster or if jobs can connect only to nodes in a specified sbnet. Sorce Pool Specifies whether replication jobs connect to any nodes in the clster or if jobs can connect only to nodes in a specified pool. Password Set Specifies a password to access the target clster. Report Max Cont Specifies the maximm nmber of replication reports that are retained for this policy. Replication policy settings 227

228 Data replication with SyncIQ Target Compare Initial Sync Determines whether fll or differential replications are performed for this policy. Fll or differential replications are performed the first time a policy is rn and after a policy is reset. Sorce Snapshot Archive Determines whether snapshots generated for the replication policy on the sorce clster are deleted when the next replication policy is rn. Enabling archival sorce snapshots does not reqire yo to activate the SnapshotIQ license on the clster. Sorce Snapshot Pattern If snapshots generated for the replication policy on the sorce clster are retained, renames snapshots according to the specified rename pattern. Sorce Snapshot Expiration If snapshots generated for the replication policy on the sorce clster are retained, specifies an expiration period for the snapshots. Restrict Target Network Determines whether replication jobs connect only to nodes in a given SmartConnect zone. This setting applies only if the Target Host is specified as a SmartConnect zone. Target Detect Modifications Determines whether SyncIQ checks the target directory for modifications before replicating files. By defalt, SyncIQ always checks for modifications. Note Disabling this option cold reslt in data loss. It is recommended that yo conslt Isilon Technical Spport before disabling this option. Resolve Determines whether yo can manally resolve the policy if a replication job enconters an error. Managing replication to the local clster Cancel replication to the local clster Yo can interrpt replication jobs that target the local clster. Yo can cancel a crrently rnning job that targets the local clster, or yo can break the association between a policy and its specified target. Breaking a sorce and target clster association cases SyncIQ to perform a fll replication the next time the policy is rn. Yo can cancel a replication job that is targeting the local clster. Procedre 1. Click Data Protection > SyncIQ > Local Targets. 2. In the SyncIQ Local Targets table, specify whether to cancel a specific replication job or all replication jobs targeting the local clster. To cancel a specific job, in the row for a replication job, select Cancel Rnning Job. To cancel all jobs targeting the local clster, select the check box to the left of Policy Name and then select Cancel Selection from the Select a blk action list. 228 OneFS 7.1 Web Administration Gide

229 Data replication with SyncIQ Break local target association Yo can break the association between a replication policy and the local clster. Breaking the target association will allow writes to the target directory bt will also reqire yo to reset the replication policy before yo can rn the policy again. CAUTION After a replication policy is reset, SyncIQ performs a fll or differential replication the next time the policy is rn. Depending on the amont of data being replicated, a fll or differential replication can take a very long time to complete. Procedre 1. Click Data Protection > SyncIQ > Local Targets. 2. In the SyncIQ Local Targets table, in the row for a replication policy, select Break Association. 3. In the Confirm dialog box, click Yes. View replication policies targeting the local clster Yo can view information abot replication policies that are crrently replicating data to the local clster. Procedre Remote replication policy information 1. Click Data Protection > SyncIQ > Local Targets. 2. In the SyncIQ Local Targets table, view information abot replication policies. Yo can view information abot replication policies that are crrently targeting the local clster. The following information is displayed in the SyncIQ Local Targets table: ID The ID of the replication policy. Policy Name The name of the replication policy. Sorce Host The name of the sorce clster. Sorce Clster GUID The GUID of the sorce clster. Coordinator IP The IP address of the node on the sorce clster that is acting as the job coordinator. Updated The time when data abot the policy or job was last collected from the sorce clster. Target Path The path of the target directory on the target clster. Stats The crrent stats of the replication job. Break local target association 229

230 Data replication with SyncIQ Actions Displays any job-related actions that yo can perform. Managing replication performance rles Create a network traffic rle Yo can manage the impact of replication on clster performance by creating rles that limit the network traffic created and the rate at which files are sent by replication jobs. Yo can create a network traffic rle that limits the amont of network traffic that replication policies are allowed to generate dring a specified time period. Procedre Create a file operations rle 1. Click Data Protection > SyncIQ > Performance Rles. 2. Click Create a SyncIQ Performance Rle. 3. From the Rle Type list, select Bandwidth. 4. In the Limit field, specify the maximm nmber of bytes per second that replication policies are allowed to send. 5. In the Schedle area, specify the time and days of the week that yo want to apply the rle. 6. Click Create Performance Rle. Yo can create a file-operations rle that limits the nmber of files that replication jobs can send per second. Procedre Modify a performance rle 1. Click Data Protection > SyncIQ > Performance Rles. 2. Click Create a SyncIQ Performance Rle. 3. From the Rle Type list, select Bandwidth. 4. In the Limit field, specify the maximm nmber of files per second that replication policies are allowed to send. 5. In the Schedle area, specify the time and days of the week that yo want to apply the rle. 6. Click Create Performance Rle. Yo can modify a performance rle. Procedre 1. Click Data Protection > SyncIQ > Performance Rles. 2. In the SyncIQ Performance Rles, in the row for the rle yo want to modify, click View/Edit. 3. Click Edit Performance Rle. 4. Modify rle settings, and then click Save Changes. 230 OneFS 7.1 Web Administration Gide

231 Data replication with SyncIQ Delete a performance rle Yo can delete a performance rle. Procedre Enable or disable a performance rle View performance rles 1. Click Data Protection > SyncIQ > Performance Rles. 2. In the SyncIQ Performance Rles table, in the row for the rle yo want to delete, select Delete Rle. 3. In the Confirm Delete dialog box, click Delete. Yo can disable a performance rle to temporarily prevent the rle from being enforced. Yo can also enable a performance rle after it has been disabled. Procedre 1. Click Data Protection > SyncIQ > Performance Rles. 2. In the SyncIQ Performance Rles table, in the row for a rle yo want to enable or disable, select either Enable Rle or Disable Rle. Yo can view information abot replication performance rles. Procedre Managing replication reports 1. Click Data Protection > SyncIQ > Performance Rles. 2. In the SyncIQ Performance Rles table, view information abot performance rles. In addition to viewing replication reports, yo can configre how long reports are retained on the clster. Yo can also delete any reports that have passed their expiration period. Configre defalt replication report settings Yo can configre the defalt amont of time that SyncIQ retains replication reports for. Yo can also configre the maximm nmber of reports that SyncIQ retains for each replication policy. Procedre 1. Click Data Protection > SyncIQ > Settings. 2. In the Report Settings area, in the Keep Reports For area, specify how long yo want to retain replication reports for. After the specified expiration period has passed for a report, SyncIQ atomatically deletes the report. Some nits of time are displayed differently when yo view a report than how yo originally enter them. Entering a nmber of days that is eqal to a corresponding vale in weeks, months, or years reslts in the larger nit of time being displayed. For example, if yo enter a vale of 7 days, 1 week appears for that report after it is created. This change occrs becase SyncIQ internally records report retention times in seconds and then converts them into days, weeks, months, or years for display. Delete a performance rle 231

232 Data replication with SyncIQ Delete replication reports View replication reports 3. In the Nmber of Reports to Keep Per Policy field, type the maximm nmber of reports yo want to retain at a time for a replication policy. 4. Click Sbmit. Replication reports are rotinely deleted by SyncIQ after the expiration date for the reports has passed. SyncIQ also deletes reports after the nmber of reports exceeds the specified limit. Excess reports are periodically deleted by SyncIQ; however, yo can manally delete all excess replication reports at any time. This procedre is available only throgh the command-line interface (CLI). Procedre 1. Open a secre shell (SSH) connection to any node in the clster and log in. 2. Delete excess replication reports by rnning the following command: isi sync reports rotate Yo can view replication reports and sbreports. Procedre Replication report information 1. Click Data Protection > SyncIQ > Reports. 2. In the SyncIQ Reports table, in the row for a report, click View Details. If a report is composed of sbreports, the report is displayed as a folder. Sbreports are displayed as files within report folders. Yo can view information abot replication jobs throgh the Reports table. Policy Name The name of the associated policy for the job. Yo can view or edit settings for the policy by clicking the policy name. Started Indicates when the job started. Ended Indicates when the job ended. Dration Indicates how long the job took to complete. Transferred The total nmber of files that were transferred dring the job rn, and the total size of all transferred files. For assessed policies, Assessment appears. 232 OneFS 7.1 Web Administration Gide

233 Data replication with SyncIQ Sync Type The action that was performed by the replication job. Initial Sync Indicates that either a differential or a fll replication was performed. Incremental Sync Indicates that only modified files were transferred to the target clster. Failover / Failback Allow Writes Indicates that writes were enabled on a target directory of a replication policy. Failover / Failback Disallow Writes Indicates that an allow writes operation was ndone. Failover / Failback Resync Prep Indicates that an association between files on the sorce clster and files on the target clster was created. This is the first step in the failback preparation process. Failover / Failback Resync Prep Domain Mark Indicates that a SyncIQ domain was created for the sorce directory. This is the second step in the failback preparation process. Failover / Failback Resync Prep Restore Indicates that a sorce directory was restored to the last recovery point. This is the third step in the failback preparation process. Failover / Failback Resync Prep Finalize Indicates that a mirror policy was created on the target clster. This is the last step in the failback preparation process. Upgrade Indicates that a policy-conversion replication occrred after pgrading the OneFS operating system or merging policies. Sorce The path of the sorce directory on the sorce clster. Target The IP address or flly qalified domain name of the target clster. Actions Displays any report-related actions that yo can perform. Managing failed replication jobs If a replication job fails de to an error, SyncIQ might disable the corresponding replication policy. For example SyncIQ might disable a replication policy if the IP or hostname of the target clster is modified. If a replication policy is disabled, the policy cannot be rn. To resme replication for a disabled policy, yo mst either fix the error that cased the policy to be disabled, or reset the replication policy. It is recommended that yo attempt to fix the isse rather than reset the policy. If yo believe yo have fixed the error, yo can retrn the replication policy to an enabled state by resolving the policy. Yo can then rn the policy again to test whether the isse was fixed. If yo are nable to fix the isse, Managing failed replication jobs 233

234 Data replication with SyncIQ yo can reset the replication policy. However, resetting the policy cases a fll or differential replication to be performed the next time the policy is rn. Note Resolve a replication policy Depending on the amont of data being synchronized or copied, a fll and differential replications can take a very long time to complete. If SyncIQ disables a replication policy de to a replication error, and yo fix the isse that cased the error, yo can resolve the replication policy. Resolving a replication policy enables yo to rn the policy again. If yo cannot resolve the isse that cased the error, yo can reset the replication policy. Procedre Reset a replication policy 1. Click Data Protection > SyncIQ > Policies. 2. In the Policies table, in the row for a policy, select Resolve. If a replication job enconters an error that yo cannot resolve, yo can reset the corresponding replication policy. Resetting a policy cases OneFS to perform a fll or differential replication the next time the policy is rn. Resetting a replication policy deletes the latest snapshot generated for the policy on the sorce clster. CAUTION Depending on the amont of data being replicated, a fll or differential replication can take a very long time to complete. Reset a replication policy only if yo cannot fix the isse that cased the replication error. If yo fix the isse that cased the error, resolve the policy instead of resetting the policy. Procedre 1. Click Data Protection > SyncIQ > Policies. Perform a fll or differential replication 2. In the SyncIQ Policies table, in the row for a policy, select Reset Sync State. After yo reset a replication policy, yo mst perform either a fll or differential replication. Before yo begin Reset a replication policy. Procedre 1. Open a secre shell (SSH) connection to any node in the clster and log in throgh the root or compliance administrator accont. 2. Specify the type of replication yo want to perform by rnning the isi sync policies modify command. To perform a fll replication, disable the --target-compare-initial-sync option. 234 OneFS 7.1 Web Administration Gide

235 Data replication with SyncIQ For example, the following command disables differential synchronization for newpolicy: isi sync policies modify newpolicy \ --target-compare-initial-sync false To perform a differential replication, enable the --target-compareinitial-sync option. For example, the following command enables differential synchronization for newpolicy: isi sync policies modify newpolicy \ --target-compare-initial-sync tre 3. Rn the policy by rnning the isi sync jobs start command. For example, the following command rns newpolicy: isi sync jobs start newpolicy Perform a fll or differential replication 235

236

237 CHAPTER 12 Data layot with FlexProtect This section contains the following topics: FlexProtect overview File striping Reqested data protection FlexProtect data recovery Reqesting data protection Reqested protection settings Reqested protection disk space sage Data layot with FlexProtect 237

238 Data layot with FlexProtect FlexProtect overview An Isilon clster is designed to continosly serve data, even when one or more components simltaneosly fail. OneFS ensres data availability by striping or mirroring data across the clster. If a clster component fails, data stored on the failed component is available on another component. After a component failre, lost data is restored on healthy components by the FlexProtect proprietary system. Data protection is specified at the file level, not the block level, enabling the system to recover data qickly. Becase all data, metadata, and parity information is distribted across all nodes, the clster does not reqire a dedicated parity node or drive. This ensres that no single node limits the speed of the rebild process. File striping OneFS ses the internal network to atomatically allocate and stripe data across nodes and disks in the clster. OneFS protects data as the data is being written. No separate action is necessary to stripe data. OneFS breaks files into smaller logical chnks called stripes before writing the files to disk; the size of each file chnk is referred to as the stripe nit size. Each OneFS block is 8 KB, and a stripe nit consists of 16 blocks, for a total of 128 KB per stripe nit. Dring a write, OneFS breaks data into stripes and then logically places the data in a stripe nit. As OneFS stripes data across the clster, OneFS fills the stripe nit according to the nmber of nodes and protection level. OneFS can continosly reallocate data and make storage space more sable and efficient. As the clster size increases, OneFS stores large files more efficiently. Reqested data protection 238 OneFS 7.1 Web Administration Gide The reqested protection of data determines the amont of redndant data created on the clster to ensre that data is protected against component failres. OneFS enables yo to modify the reqested protection in real time while clients are reading and writing data on the clster. OneFS provides several data protection settings. Yo can modify these protection settings at any time withot rebooting or taking the clster or file system offline. When planning yor storage soltion, keep in mind that increasing the reqested protection redces write performance and reqires additional storage space for the increased nmber of nodes. OneFS ses the Reed Solomon algorithm for N+M protection. In the N+M data protection model, N represents the nmber of data-stripe nits, and M represents the nmber of simltaneos node or drive failres or a combination of node and drive failres that the clster can withstand withot incrring data loss. N mst be larger than M. In addition to N+M data protection, OneFS also spports data mirroring from 2x to 8x, allowing from two to eight mirrors of data. In terms of overall clster performance and resorce consmption, N+M protection is often more efficient than mirrored protection. However, becase read and write performance is redced for N+M protection, data mirroring might be faster for data that is pdated often and is small in size. Data mirroring reqires significant overhead and might not always be the best data-protection method. For example, if yo enable 3x mirroring, the specified content is dplicated three times on the clster; depending on the amont of content mirrored, this can consme a significant amont of storage space.

239 Data layot with FlexProtect FlexProtect data recovery OneFS ses the FlexProtect proprietary system to detect and repair files and directories that are in a degraded state de to node or drive failres. OneFS protects data in the clster based on the configred protection policy. OneFS rebilds failed disks, ses free storage space across the entire clster to frther prevent data loss, monitors data, and migrates data off of at-risk components. OneFS distribtes all data and error-correction information across the clster and ensres that all data remains intact and accessible even in the event of simltaneos component failres. Under normal operating conditions, all data on the clster is protected against one or more failres of a node or drive. However, if a node or drive fails, the clster protection stats is considered to be in a degraded state ntil the data is protected by OneFS again. OneFS reprotects data by rebilding data in the free space of the clster. While the protection stats is in a degraded state, data is more vlnerable to data loss. Becase data is rebilt in the free space of the clster, the clster does not reqire a dedicated hot-spare node or drive in order to recover from a component failre. Becase a certain amont of free space is reqired to rebild data, it is recommended that yo reserve adeqate free space throgh the virtal hot spare featre. As yo add more nodes, the clster gains more CPU, memory, and disks to se dring recovery operations. As a clster grows larger, data restriping operations become faster. Smartfail Node failres OneFS protects data stored on failing nodes or drives throgh a process called smartfailing. Dring the smartfail process, OneFS places a device into qarantine. Data stored on qarantined devices is read only. While a device is qarantined, OneFS reprotects the data on the device by distribting the data to other devices. After all data migration is complete, OneFS logically removes the device from the clster, the clster logically changes its width to the new configration, and the node or drive can be physically replaced. OneFS smartfails devices only as a last resort. Althogh yo can manally smartfail nodes or drives, it is recommended that yo first conslt Isilon Technical Spport. Occasionally a device might fail before OneFS detects a problem. If a drive fails withot being smartfailed, OneFS atomatically starts rebilding the data to available free space on the clster. However, becase a node might recover from a failre, if a node fails, OneFS does not start rebilding data nless the node is logically removed from the clster. Becase node loss is often a temporary isse, OneFS does not atomatically start reprotecting data when a node fails or goes offline. If a node reboots, the file system does not need to be rebilt becase it remains intact dring the temporary failre. If yo configre N+1 data protection on a clster, and one node fails, all of the data is still accessible from every other node in the clster. If the node comes back online, the node rejoins the clster atomatically withot reqiring a fll rebild. To ensre that data remains protected, if yo physically remove a node from the clster, yo mst also logically remove the node from the clster. After yo logically remove a node, the node atomatically reformats its own drives, and resets itself to the factory FlexProtect data recovery 239

240 Data layot with FlexProtect Reqesting data protection defalt settings. The reset occrs only after OneFS has confirmed that all data has been reprotected. Yo can logically remove a node sing the smartfail process. It is important that yo smartfail nodes only when yo want to permanently remove a node from the clster. If yo remove a failed node before adding a new node, data stored on the failed node mst be rebilt in the free space in the clster. After the new node is added, OneFS distribtes the data to the new node. It is more efficient to add a replacement node to the clster before failing the old node becase OneFS can immediately se the replacement node to rebild the data stored on the failed node. Yo can reqest the protection of a file or directory by setting its reqested protection. This flexibility enables yo to protect distinct sets of data at different levels. The defalt reqested protection of node pools is N+2:1, which means that two drives or one node can fail withot casing any data loss. For clsters or node pools containing less than two petabytes or fewer than 16 nodes, N+2:1 is the recommended reqested protection. However, if the clster or node pool is larger, yo might consider higher reqested protection. OneFS allows yo to reqest protection that the clster is crrently incapable of matching. If yo reqest an nmatchable protection, the clster will contine trying to match the reqested protection ntil a match is possible. For example, in a for-node clster, yo might reqest a protection of 5x. In this example, OneFS wold protect the data at 4x ntil yo added a fifth node to the clster, at which point OneFS wold reprotect the data at the 5x. Note For 4U Isilon IQ X-Series and NL-Series nodes, and IQ 12000X/EX combination platforms, the minimm clster size of three nodes reqires a minimm of N+2:1. Reqested protection settings Reqested protection settings determine the level of hardware failre that a clster can recover from withot sffering data loss. Reqested protection Minimm nmber of Definition setting nodes reqired N+1 3 The clster can recover from one drive or node failre withot sstaining any data loss. N+2:1 3 The clster can recover from two simltaneos drive failres or one node failre withot sstaining any data loss. N+2 5 The clster can recover from two simltaneos drive or node failres withot sstaining any data loss. 240 OneFS 7.1 Web Administration Gide

241 Data layot with FlexProtect Reqested protection Minimm nmber of Definition setting nodes reqired N+3:1 3 The clster can recover from three simltaneos drive failres or one node failre withot sstaining any data loss. N+3 7 The clster can recover from three simltaneos drive or node failres withot sstaining any data loss. N+4 9 The clster can recover from for simltaneos drive or node failres withot sstaining any data loss. Nx (Data mirroring) N For example, 5x reqires a minimm of five nodes. The clster can recover from N - 1 node failres withot sstaining data loss. For example, 5x protection means that the clster can recover from for node failres Reqested protection disk space sage Increasing the reqested protection of data also increases the amont of space consmed by the data on the clster. The parity overhead for N + M protection depends on the file size and the nmber of nodes in the clster. The percentage of parity overhead declines as the clster gets larger. The following table describes the estimated amont of overhead depending on the reqested protection and the size of the clster or node pool. The does not reflect recommended protection levels based on clster size. Nmber +1 +2: : of nodes (33%) (33%) 3x (25%) (25%) (50%) (25%) 4x (20%) (20%) (40%) (20%) 4x 5x (17%) (17%) (33%) (17%) (14%) (14%) (29%) (17%) (13%) (12.5%) (25%) (17%) (11%) (11%) (22%) (17%) (50%) 5x (43%) 5x (38%) (50%) (33%) (44%) Reqested protection disk space sage 241

242 Data layot with FlexProtect Nmber +1 +2: : of nodes (10%) (11%) (20%) (17%) (30%) (40%) (8%) (11%) (17%) (17%) (25%) (33%) (7%) (11%) (14%) (17%) (21%) (29%) (6%) (11%) (13%) (17%) (19%) (25%) (6%) (11%) (11%) (17%) (17%) (22%) (6%) (11%) (11%) (16%) (16%) (20%) (6%) (11%) (11%) (16%) (16%) (20%) The parity overhead for mirrored data protection is not affected by the nmber of nodes in the clster. The following table describes the parity overhead for reqested mirrored protection. 2x 3x 4x 5x 6x 7x 8x % 67% 75% 80% 83% 86% 88% 242 OneFS 7.1 Web Administration Gide

243 CHAPTER 13 NDMP backp This section contains the following topics: NDMP backp and recovery overview NDMP two way backp Snapshot-based incremental backps NDMP protocol spport Spported DMAs NDMP hardware spport NDMP backp limitations NDMP performance recommendations Exclding files and directories from NDMP backps Configring basic NDMP backp settings Managing NDMP ser acconts Managing NDMP backp devices Managing NDMP backp ports Managing NDMP backp sessions Managing restartable backps Sharing tape drives between clsters Managing defalt NDMP settings Managing snapshot based incremental backps View NDMP backp logs NDMP backp 243

244 NDMP backp NDMP backp and recovery overview In OneFS, yo can back p and restore file-system data throgh the Network Data Management Protocol (NDMP). From a backp server, yo can direct backp and recovery processes between an Isilon clster and backp devices sch as tape devices, media servers, and virtal tape libraries (VTLs). OneFS spports both NDMP three-way backp and NDMP two-way backp. Dring an NDMP three-way backp operation, a data management application (DMA) on a backp server instrcts the clster to start backing p data to a tape media server that is either attached to the LAN or directly attached to the DMA. Dring a two-way NDMP backp, a DMA on a backp server instrcts a Backp Accelerator node on the clster to start backing p data to a tape media server that is attached to the Backp Accelerator node. NDMP two-way backp is the most efficient method in terms of clster resorce consmption. However, NDMP two-way backp reqires that yo attach one or more Backp Accelerator nodes to the clster. In both the NDMP two-way and three-way backp models, file history data is transferred from the clster to the backp server. Before a backp begins, OneFS creates a snapshot of the targeted directory, then backs p the snapshot, which ensres that the backp image represents a specific point in time. Yo do not need to activate a SnapshotIQ license on the clster to perform NDMP backps. If yo have activated a SnapshotIQ license on the clster, yo can generate a snapshot throgh the SnapshotIQ tool, and then back p the same snapshot to mltiple tape devices. If yo back p a SnapshotIQ snapshot, OneFS does not create another snapshot for the backp. Note If yo are backing p SmartLock directories for compliance prposes, it is recommended that yo do not specify atocommit time periods for the SmartLock directories. This is becase, depending on the atocommit period, files in the SmartLock directories may still be sbject to change. NDMP two way backp 244 OneFS 7.1 Web Administration Gide To perform NDMP two-way backps, yo mst attach a Backp Accelerator node to yor Isilon clster and attach a tape device to the Backp Accelerator node. Yo mst then se OneFS to detect the tape device before yo can back p to that device. Yo can connect spported tape devices directly to the Fibre Channel ports of a Backp Accelerator node. Alternatively, yo can connect Fibre Channel switches to the Fibre Channel ports on the Backp Accelerator node, and connect tape and media changer devices to the Fibre Channel switches. For more information, see yor Fibre Channel switch docmentation abot zoning the switch to allow commnication between the Backp Accelerator node and the connected tape and media changer devices. If yo attach tape devices to a Backp Accelerator node, the clster detects the devices when yo start or restart the node or when yo re-scan the Fibre Channel ports to discover devices. If a clster detects tape devices, the clster creates an entry for the path to each detected device. If yo connect a device throgh a Fibre Channel switch, mltiple paths can exist for a single device. For example, if yo connect a tape device to a Fibre Channel switch, and

245 NDMP backp then connect the Fibre Channel switch to two Fibre Channel ports, OneFS creates two entries for the device, one for each path. Note If yo perform an NDMP two-way backp operation, yo mst assign static IP addresses to the Backp Accelerator node. If yo connect to the clster throgh a data management application (DMA), yo mst connect to the IP address of a Backp Accelerator node. If yo perform an NDMP three-way backp, yo can connect to any node in the clster. Snapshot-based incremental backps Yo can implement snapshot-based incremental backps to increase the speed at which these backps are performed. Dring a snapshot-based incremental backp, OneFS checks the snapshot taken for the previos NDMP backp operation and compares it to a new snapshot. OneFS then backs p all data that was modified since the last snapshot was made. If the incremental backp does not involve snapshots, OneFS mst scan the directory to discover which files were modified. OneFS can perform incremental backps significantly faster if snapshots are referenced. Yo can perform incremental backps withot activating a SnapshotIQ license on the clster. Althogh SnapshotIQ offers a nmber of sefl featres, it does not enhance snapshot capabilities in NDMP backp and recovery. If yo implement snapshot-based incremental backps, OneFS retains each snapshot taken for NDMP backps ntil a new backp of the same or lower level is performed. However, if yo do not implement snapshot-based incremental backps, OneFS atomatically deletes each snapshot generated after the corresponding backp is completed or canceled. The following table lists whether spported data management applications (DMAs) can perform snapshot-based incremental backps: Table 15 DMA spport for snapshot-based incremental backps DMA Spported - - Symantec NetBackp Yes EMC Networker EMC Avamar Commvalt Simpana IBM Tivoli Storage Manager Symantec Backp Exec Dell NetValt ASG-Time Navigator Yes No No No Yes Yes Yes Snapshot-based incremental backps 245

246 NDMP backp NDMP protocol spport Yo can back p clster data throgh version 3 or 4 of the NDMP protocol. OneFS spports the following featres of NDMP versions 3 and 4: Fll (level 0) NDMP backps Incremental (levels 1-10) NDMP backps Note In a level 10 NDMP backp, only data changed since the most recent incremental (level 1-9) backp or the last level 10 backp is copied. By repeating level 10 backps, yo can be assred that the latest versions of files in yor data set are backed p withot having to rn a fll backp. Token-based NDMP backps NDMP TAR backp type Path-based and dir/node file history format Direct Access Restore (DAR) Directory DAR (DDAR) Inclding and exclding specific files and directories from backp Backp of file attribtes Backp of Access Control Lists (ACLs) Backp of Alternate Data Streams (ADSs) Backp Restartable Extension (BRE) OneFS spports connecting to clsters throgh IPv4 or IPv6. Spported DMAs NDMP backps are coordinated by a data management application (DMA) that rns on a backp server. OneFS spports the following DMAs: Symantec NetBackp EMC NetWorker EMC Avamar Symantec Backp Exec IBM Tivoli Storage Manager Dell NetValt CommValt Simpana (IPv6 protocol only) ASG-Time Navigator 246 OneFS 7.1 Web Administration Gide

247 NDMP backp NDMP hardware spport OneFS can backp data to and restore data from tape devices and virtal tape libraries (VTL). OneFS spports the following types of emlated and physical tape devices: LTO-3 LTO-4 LTO-5 OneFS spports the following virtal tape libraries (VTLs): FalconStor VTL 5.20 Data Domain VTL or later NDMP backp limitations OneFS NDMP backps have the following limitations: OneFS does not back p file system configration data, sch as file protection level policies and qotas. OneFS does not spport mltiple concrrent backps onto the same tape. OneFS does not spport restoring data from a file system other than OneFS. However, yo can migrate data via the NDMP protocol from a NetApp or EMC VNX storage system to OneFS. Backp Accelerator nodes cannot interact with more than 1024 device paths, inclding the paths of tape and media changer devices. For example, if each device has for paths, yo can connect 256 devices to a Backp Accelerator node. If each device has two paths, yo can connect 512 devices. OneFS does not spport more than 64 concrrent NDMP sessions per Backp Accelerator node. NDMP performance recommendations Consider the following recommendations to optimize OneFS NDMP backps. General performance recommendations Install the latest patches for OneFS and yor data management application (DMA). If yo are backing p mltiple directories that contain small files, set p a separate schedle for each directory. If yo are performing three-way NDMP backps, rn mltiple NDMP sessions on mltiple nodes in yor Isilon clster. Restore files throgh Direct Access Restore (DAR) and Directory DAR (DDAR). This is especially recommended if yo restore files freqently. However, it is recommended that yo do not se DAR to restore a fll backp or a large nmber of files, as DAR is better sited to restoring smaller nmbers of files. Use the largest tape record size available for yor version of OneFS. The largest tape record size for OneFS versions and later is 256 KB. The largest tape record size for versions of OneFS earlier than is 128 KB. NDMP hardware spport 247

248 NDMP backp If possible, do not inclde or exclde files from backp. Inclding or exclding files can affect backp performance, de to filtering overhead. Limit the depth of nested sbdirectories in yor file system. Limit the nmber of files in a directory. Distribte files across mltiple directories instead of inclding a large nmber of files in a single directory. Networking recommendations Assign static IP addresses to Backp Accelerator nodes. Configre SmartConnect zones to specify pools of IP address ranges that are exclsive to NDMP backp operations. Connect NDMP sessions only throgh SmartConnect zones that are exclsively sed for NDMP backp. Configre mltiple policies when schedling backp operations, with each policy captring a portion of the file system. Do not attempt to back p the entire file system throgh a single policy. Backp Accelerator recommendations Rn a maximm of for concrrent streams per Backp Accelerator node. Note This is recommended only if yo are backing p a significant amont of data. Rnning for concrrent streams might not be necessary for smaller backps. Attach more Backp Accelerator nodes to larger clsters. The recommended nmber of Backp Accelerator nodes is listed in the following table. Table 16 Nodes per Backp Accelerator node Node type Recommended nmber of nodes per Backp Accelerator node - - X-Series 3 NL-Series 3 S-Series 3 Attach more Backp Accelerator nodes if yo are backing p to more tape devices. The following table lists the recommended nmber of tape devices per backp accelerator node: Table 17 Tape devices per Backp Accelerator node Tape device type Recommended nmber of tape devices per Backp Accelerator node - - LTO-5 3 LTO-4 4 LTO-3 8 DMA-specific recommendations Apply path-based file history instead of directory/inode (dir/node) file history. 248 OneFS 7.1 Web Administration Gide

249 NDMP backp Trn on mlti-streaming, which enables OneFS to back p data to mltiple tape devices at the same time. Exclding files and directories from NDMP backps Yo can exclde files and directories from NDMP backp operations by specifying NDMP environment variables throgh a data management application (DMA). If yo inclde a file or directory, all other files and directories are atomatically exclded from backp operations. If yo exclde a file or directory, all files and directories except the exclded one are backed p. Yo can inclde or exclde files and directories by specifying the following character patterns: Table 18 NDMP file and directory matching wildcards Character Description Example Incldes or excldes the following directories * Takes the place of any character or characters [] Takes the place of a range of letters or nmbers archive* data_store_[a-f] data_store_[0-9] /ifs/data/archive1 /ifs/data/archive42_a/media /ifs/data/data_store_a /ifs/data/data_store_c /ifs/data/data_store_8? Takes the place of any single character ser_? /ifs/data/ser_1 /ifs/data/ser_2 \ Incldes a blank space ser\ 1 /ifs/data/ser 1 Unanchored patterns sch as home or ser1 target a string of text that might belong to many files or directories. Anchored patterns target specific file pathnames, sch as ifs/ data/home. Yo can inclde or exclde either type of pattern. For example, sppose yo want to back p the /ifs/data/home directory, which contains the following files and directories: /ifs/data/home/ser1/file.txt /ifs/data/home/ser2/ser1/file.txt /ifs/data/home/ser3/other/file.txt /ifs/data/home/ser4/emptydirectory If yo simply inclde the /ifs/data/home directory, all files and directories, inclding emptydirectory wold be backed p. If yo specify both inclde and exclde patterns, any exclded files or directories nder the inclded directories wold not be backed p. If the exclded directories are not fond in any of the inclded directories, the exclde specification wold have no effect. Note Specifying nanchored patterns can degrade the performance of backps. It is recommended that yo avoid nanchored patterns whenever possible. Exclding files and directories from NDMP backps 249

250 NDMP backp Configring basic NDMP backp settings Configre and enable NDMP backp Disable NDMP backp Yo can configre NDMP backp settings to control how these backps are performed for the clster. Yo can also configre OneFS to interact with a specific data management application (DMA) for NDMP backps. OneFS prevents NDMP backps by defalt. Before yo can perform NDMP backps, yo mst enable NDMP backps and configre NDMP settings. Procedre 1. Click Data Protection > Backp > NDMP Settings. 2. In the Service area, click Enable. 3. Optional: To specify a port throgh which data management applications (DMAs) access the clster, or the DMA vendor that OneFS is to interact with, in the Settings area, click Edit settings. In the Port nmber field, type a port nmber. From the DMA vendor list, select the name of the DMA vendor to manage backp operations. If yor DMA vendor is not inclded in the list, select generic. However, note that any vendors not inclded on the list are not officially spported and might not fnction as expected. 4. Click Add administrator to add an NDMP ser accont throgh which yor DMA can access the clster. a. In the Add Administrator dialog box, in the Name field, type a name for the accont. b. In the Password and Confirm password fields, type a password for the accont. c. Click Sbmit. Yo can disable NDMP backp if yo no longer want to se this backp method. Procedre View NDMP backp settings 1. Click Data Protection > Backp > NDMP Settings. 2. In the Service area, click Disable. Yo can view crrent NDMP backp settings. These settings define whether NDMP backp is enabled, the port throgh which yor data management application (DMA) connects to the clster, and the DMA vendor that OneFS is configred to interact with. Procedre 1. Click Data Protection > Backp > NDMP Settings and view NDMP backp settings. 2. In the Settings area, review NDMP backp settings. 250 OneFS 7.1 Web Administration Gide

251 NDMP backp NDMP backp settings Managing NDMP ser acconts Create an NDMP ser accont Yo can configre the following settings to control how NDMP backps are performed on the clster. Port nmber The nmber of the port throgh which the data management application (DMA) can connect to the clster. DMA vendor The DMA vendor that the clster is configred to interact with. Yo can create, delete, and modify the passwords of NDMP ser acconts. Before yo can perform NDMP backps, yo mst create an NDMP ser accont throgh which yor data management application (DMA) can access the Isilon clster. Procedre 1. Click Data Protection > Backp > NDMP Settings. 2. In the NDMP Administrators area, click Add administrator. 3. In the Add Administrator dialog box, in the Name field, type a name for the accont. 4. In the Password and Confirm password fields, type a password for the accont. 5. Click Sbmit. Modify the password of an NDMP ser accont Yo can modify the password for an NDMP ser accont. Procedre 1. Click Data Protection > Backp > NDMP Settings. 2. In the NDMP Administrator table, in the row for an NDMP ser accont, click Change password. 3. In the Password and Confirm password fields, type a new password for the accont. 4. Click Sbmit. Delete an NDMP ser accont Yo can delete an NDMP ser accont. Procedre 1. Click Data Protection > Backp > NDMP Settings. 2. In the NDMP Administrators table, in the row for an NDMP ser accont, click Delete. 3. In the Confirm dialog box, click Yes. NDMP backp settings 251

252 NDMP backp View NDMP ser acconts Yo can view information abot NDMP ser acconts. Procedre 1. Click Data Protection > Backp > NDMP Settings. Managing NDMP backp devices Detect NDMP backp devices 2. In the NDMP administrators area, review information abot NDMP ser acconts. After yo attach a tape or media changer device to a Backp Accelerator node, yo mst configre OneFS to detect and establish a connection to the device. After the connection between the clster and the backp device is established, yo can modify the name that the clster has assigned to the device, or disconnect the device from the clster. If yo connect a tape device or media changer to a Backp Accelerator node, yo mst configre OneFS to detect the device. Only then can OneFS back p data to and restore data from the device. In OneFS, yo can scan a specific node, a specific port, or all ports on all nodes. Procedre 1. Click Data Protection > Backp > Devices. 2. Click Discover devices. 3. Optional: To scan only a specific node for NDMP devices, from the Nodes list, select a node. 4. Optional: To scan only a specific port for NDMP devices, from the Ports list, select a port. If yo specify a port and a node, only the specified port on the node is scanned. However, if yo specify only a port, the specified port will be scanned on all nodes. 5. Optional: To remove entries for devices or paths that have become inaccessible, select the Delete inaccessible paths or devices check box. 6. Click Sbmit. Reslts For each device that is detected, an entry is added to either the Tape Devices or Media Changers tables. Modify the name of an NDMP backp device Yo can modify the name of an NDMP backp device in OneFS. Procedre 1. Click Data Protection > Backp > Devices. 2. In the Tape Devices table, click the name of a backp device entry. 3. In the Rename Device dialog box, in the Device Name field, type a new name for the backp device. 4. Click Sbmit. 252 OneFS 7.1 Web Administration Gide

253 NDMP backp Delete an entry for an NDMP backp device If yo physically remove an NDMP device from a clster, OneFS retains the entry for the device. Yo can delete a device entry for a removed device. Yo can also remove the device entry for a device that is still physically attached to the clster; this cases OneFS to disconnect from the device. If yo remove a device entry for a device that is connected to the clster, and yo do not physically disconnect the device, OneFS will detect the device the next time it scans the ports. Yo cannot remove a device entry for a device that is crrently in se. Procedre View NDMP backp devices 1. Click Data Protection > Backp > Devices. 2. In the Tape Devices table, in the row for the target device, click Delete device. 3. In the Confirm dialog box, click Yes. Yo can view information abot tape and media changer devices that are crrently attached to yor Isilon clster. Procedre NDMP backp device settings 1. Click Data Protection > Backp > Devices. 2. In the Tape Devices and Media Changers tables, review information abot NDMP backp devices. OneFS creates a device entry for each device yo attach to the clster throgh a Backp Accelerator node. The following table describes the settings available in the Tape Devices and Media Changers tables: Table 19 NDMP backp device settings Setting Description - - Name A device name assigned by OneFS. State WWN Prodct Serial Nmber Paths LUN Port ID Indicates whether the device is in se. If data is crrently being backed p to or restored from the device, Read/Write appears. If the device is not in se, Closed appears. The world wide node name (WWNN) of the device. The name of the device vendor and the model name or nmber of the device. The serial nmber of the device. The name of the Backp Accelerator node that the device is attached to and the port nmber or nmbers to which the device is connected. The logical nit nmber (LUN) of the device. The port ID of the device that binds the logical device to the physical device. Delete an entry for an NDMP backp device 253

254 NDMP backp Table 19 NDMP backp device settings (contined) Setting Description - - WWPN The world wide port name (WWPN) of the port on the tape or media changer device. Managing NDMP backp ports Modify NDMP backp port settings Yo can manage the Fibre Channel ports that connect tape and media changer devices to a Backp Accelerator node. Yo can also enable, disable, or modify the settings of an NDMP backp port. Yo can modify the settings of an NDMP backp port. Procedre 1. Click Data Protection > Backp > Ports. 2. In the Sessions table, click the name of a port. Enable or disable an NDMP backp port 3. In the Edit Port dialog box, modify port settings as needed, and then click Sbmit. Yo can enable or disable an NDMP backp port. Procedre View NDMP backp ports 1. Click Data Protection > Backp > Ports. 2. In the Ports table, in the row of a port, click Enable or Disable. Yo can view information abot Fibre Channel ports of Backp Accelerator nodes attached to a clster. Procedre NDMP backp port settings 1. Click Data Protection > Backp > Ports. 2. In the Ports table, review information abot NDMP backp ports. OneFS assigns defalt settings to each port on each Backp Accelerator node attached to the clster. These settings identify each port and specify how the port interacts with NDMP backp devices. The settings that appear in the Ports table are as follows: Table 20 NDMP backp port settings Setting Description - - Port The name of the Backp Accelerator node, and the nmber of the port. 254 OneFS 7.1 Web Administration Gide

255 NDMP backp Table 20 NDMP backp port settings (contined) Setting Description - - Topology The type of Fibre Channel topology that the port is configred to spport.. Options are: Point to Point A single backp device or Fibre Channel switch directly connected to the port. Loop Mltiple backp devices connected to a single port in a circlar formation. Ato Atomatically detects the topology of the connected device. This is the recommended setting, and is reqired if yo are sing a switchedfabric topology. WWNN WWPN The world wide node name (WWNN) of the port. This name is the same for each port on a given node. The world wide port name (WWPN) of the port. This name is niqe to the port. Rate The rate at which data is sent throgh the port. The rate can be set to 1 Gb/s, 2 Gb/s, 4 Gb/s, 8 Gb/s, and Ato. 8 Gb/s is available for A100 nodes only. If set to Ato, OneFS atomatically negotiates with the DMA to determine the rate. Ato is the recommended setting. Managing NDMP backp sessions End an NDMP session View NDMP sessions Yo can view the stats of NDMP backp sessions or terminate a session that is in progress. Yo can end an NDMP backp or restore session at any time. Procedre 1. Click Data Protection > Backp > Sessions. 2. In the Sessions table, in the row of the NDMP session that yo want to end, click Kill. 3. In the Confirm dialog box, click Yes. Yo can view information abot active NDMP sessions. Procedre 1. Click Data Protection > Backp > Sessions. 2. In the Sessions table, review information abot NDMP sessions. Managing NDMP backp sessions 255

256 NDMP backp NDMP session information Yo can view information abot active NDMP sessions. The following information is inclded in the Sessions table, as follows: Table 21 NDMP session information Item Description - - Session The niqe identification nmber that OneFS assigned to the session. Elapsed Transferred Throghpt Client/Remote Mover/Data Operation How mch time has elapsed since the session started. The amont of data that was transferred dring the session. The average throghpt of the session over the past five mintes. The IP address of the backp server that the data management application (DMA) is rnning on. If a three-way NDMP backp or restore operation is crrently rnning, the IP address of the remote tape media server also appears. The crrent state of the data mover and the data server. The first word describes the activity of the data mover. The second word describes the activity of the data server. The data mover and data server send data to and receive data from each other dring backp and restore operations. The data mover is a component of the backp server that receives data dring backps and sends data dring restore operations. The data server is a component of OneFS that sends data dring backps and receives information dring restore operations. The following states might appear: Active The data mover or data server is crrently sending or receiving data. Pased The data mover is temporarily nable to receive data. While the data mover is pased, the data server cannot send data to the data mover. The data server cannot be pased. Idle The data mover or data server is not sending or receiving data. Listen The data mover or data server is waiting to connect to the data server or data mover. The type of operation (backp or restore) that is crrently in progress. If no operation is in progress, this field is blank. Backp (0-10) Indicates that data is crrently being backed p to a media server. The nmber indicates the level of NDMP backp. 256 OneFS 7.1 Web Administration Gide

257 NDMP backp Table 21 NDMP session information (contined) Item Description - - Restore Indicates that data is crrently being restored from a media server. Sorce/Destination Device Mode If an operation is crrently in progress, specifies the /ifs directories that are affected by the operation. If a backp is in progress, displays the path of the sorce directory that is being backed p. If a restore operation is in progress, displays the path of the directory that is being restored along with the destination directory to which the tape media server is restoring data. If yo are restoring data to the same location that yo backed p yor data from, the same path appears twice. The name of the tape or media changer device that is commnicating with the clster. How OneFS is interacting with data on the backp media server, as follows: Read/Write OneFS is reading and writing data dring a backp operation. Read OneFS is reading data dring a restore operation. Raw The DMA has access to tape drives, bt the drives do not contain writable tape media. Managing restartable backps Configre restartable backps A restartable backp is a type of NDMP backp that yo can enable in yor data management application (DMA). If a restartable backp fails, for example, becase of a power otage, yo can restart the backp from a checkpoint close to the point of failre. In contrast, when a non-restartable backp fails, yo mst back p all data from the beginning, regardless of what was transferred dring the initial backp process. After yo enable restartable backps from yor DMA, yo can manage restartable backp contexts from OneFS. These contexts are the data that OneFS stores to facilitate restartable backps. Each context represents a checkpoint that the restartable backp process can retrn to if a backp fails. Restartable backps are spported only for EMC NetWorker 8.1 and later. Yo mst configre EMC NetWorker to enable restartable backps and, optionally, define the checkpoint interval. If yo do not specify a checkpoint interval, NetWorker ses the defalt interval of 5 GB. Managing restartable backps 257

258 NDMP backp Procedre 1. Configre the client and the directory path that yo want to back p as yo wold normally. 2. In the Client Properties dialog box, enable restartable backps. a. On the General screen, click the Checkpoint enabled checkbox. b. Specify File in the Checkpoint granlarity drop-down list. 3. In the Application information field, type any NDMP variables that yo want to specify. The following specifies a checkpoint interval of 1 GB. CHECKPOINT_INTERVAL_IN_BYTES=1GB 4. Finish configration and click OK in the Client Properties dialog box. 5. Start the backp. Delete a restartable backp context 6. If the backp is interrpted, for example, becase of a power failre, restart it. a. Browse to the Monitoring screen, and locate the backp process in the Grops list. b. Right-click on the backp process, and in the context men, click Restart. NetWorker atomatically restarts the backp from the last checkpoint. After a restartable backp context is no longer needed, yor data management application (DMA) atomatically reqests that OneFS delete the context. Yo can manally delete a restartable backp context before the DMA reqests it. Note It is recommended that yo do not manally delete restartable backp contexts. Manally deleting a restartable backp context reqires yo to restart the corresponding NDMP backp from the beginning. Procedre View restartable backp contexts 1. Rn the isi ndmp extensions contexts delete command. The following command deletes a restartable backp context with an ID of 792eeb8a e2-aa e91a4: isi ndmp extensions contexts delete 792eeb8a e2- aa e91a4 Yo can view restartable backp contexts that have been configred. Procedre 1. View all backp contexts by rnning the following command: isi ndmp extensions contexts list 2. To view detailed information abot a specific backp context, rn the isi ndmp extensions contexts view command. The following command displays detailed information abot a backp context with an ID of 792eeb8a e2-aa e91a4: isi ndmp extensions contexts view 792eeb8a e2- aa e91a4 258 OneFS 7.1 Web Administration Gide

259 NDMP backp Configre restartable backp settings Yo can specify the nmber of restartable backp contexts that OneFS retains at a time, p to a maximm of 1024 contexts. Procedre View restartable backp settings 1. Rn the isi ndmp extensions settings modify command. The following command sets the maximm nmber of restartable backp contexts to 128: isi ndmp extensions settings modify --bre_max_contexts 128 Yo can view the crrent limit of restartable backp contexts that OneFS retains at one time. Procedre 1. Rn the following command: isi ndmp extensions settings view Sharing tape drives between clsters Mltiple Isilon clsters, or an Isilon clster and a third-party NAS system, can be configred to share a single tape drive. This helps to maximize the se of the tape infrastrctre in yor data center. In yor data management application (DMA), yo mst configre NDMP to control the tape drive and ensre that it is shared properly. The following configrations are spported. OneFS Versions* Spported DMAs Tested configrations EMC NetWorker 8.0 and later Symantec NetBackp 7.5 and later Isilon Backp Accelerator with a second Backp Accelerator Isilon Backp Accelerator with a NetApp storage system * The tape drive sharing fnction is not spported in the OneFS release. EMC NetWorker refers to the tape drive sharing capability as DDS (dynamic drive sharing). Symantec NetBackp ses the term SSO (shared storage option). Conslt yor DMA vendor docmentation for configration instrctions. Managing defalt NDMP settings In OneFS, yo can manage NDMP backp and restore operations by specifying defalt NDMP environment variables. Yo can also override defalt NDMP environment variables Configre restartable backp settings 259

260 NDMP backp Set defalt NDMP settings for a directory throgh yor data management application (DMA). For more information abot specifying NDMP environment variables throgh yor DMA, see yor DMA docmentation. Yo can set defalt NDMP settings for a directory. Procedre 1. Open a secre shell (SSH) connection to any node in the clster and log in. 2. Set defalt NDMP settings by rnning the isi ndmp settings variables create command. Modify defalt NDMP settings for a directory For example, the following command sets the defalt file history format to path-based format for /ifs/data/media: isi ndmp settings variables create /ifs/data/media HIST F Yo can modify the defalt NDMP settings for a directory. Procedre 1. Open a secre shell (SSH) connection to any node in the clster and log in. 2. Modify defalt NDMP settings by rnning the isi ndmp settings variables modify command. For example, the following command sets the defalt file history format to path-based format for /ifs/data/media: isi ndmp settings variables modify /ifs/data/media HIST F 3. Optional: To remove a defalt NDMP setting for a directory, rn the isi ndmp settings variables delete command: View defalt NDMP settings for directories For example, the following command removes the defalt file history format for /ifs/data/media: isi ndmp settings variables delete /ifs/data/media --name HIST Yo can view the defalt NDMP settings for directories. Procedre 1. Open a secre shell (SSH) connection to any node in the clster and log in. 2. View defalt NDMP settings by rnning the following command: isi ndmp settings variables list 260 OneFS 7.1 Web Administration Gide

261 NDMP backp NDMP environment variables Yo can specify defalt settings of NDMP backp and restore operations throgh NDMP environment variables. Yo can also specify NDMP environment variables throgh yor data management application (DMA). Table 22 NDMP environment variables Environment variable Valid vales Defalt Description BACKUP_MODE= TIMESTAMP SNAPSHOT TIMESTAMP Enables or disables snapshotbased incremental backps. To enable snapshot-based incremental backps, specify SNAPSHOT. To disable snapshotbased incremental backps, specify TIMESTAMP. FILESYSTEM= <file-path> None Specifies the fll path of the directory yo want to back p. Mst be specified by the DMA before starting the backp, or an error is generated. LEVEL= <integer> 0 Specifies the level of NDMP backp to perform. The following vales are valid: Performs a fll NDMP backp. Performs an incremental backp at the specified level. Performs nlimited incremental backps. UPDATE= Y N Y Determines whether OneFS pdates the dmp dates file. Y OneFS pdates the dmp dates file. N OneFS does not pdate the dmp dates file. HIST= <file-historyformat> Y Specifies the file history format. The following vales are valid: D Specifies dir/node file history. NDMP environment variables 261

262 NDMP backp Table 22 NDMP environment variables (contined) Environment variable Valid vales Defalt Description F Y N Specifies path-based file history. Specifies the defalt file history format determined by yor NDMP backp settings. Disables file history. DIRECT= Y N N Enables or disables Direct Access Restore (DAR) and Directory DAR (DDAR). The following vales are valid: Y Enables DAR and DDAR. N Disables DAR and DDAR. FILES= <file-matchingpattern> None If yo specify this option, OneFS backs p only files and directories that meet the specified pattern. Separate mltiple patterns with a space. EXCLUDE= <file-matchingpattern> None If yo specify this option, OneFS does not back p files and directories that meet the specified pattern. Separate mltiple patterns with a space. RESTORE_HARDLINK _BY_TABLE= Y N N Determines whether OneFS recovers hard links by bilding a hard-link table dring restore operations. Specify this option if hard links were incorrectly backed p, and restore operations are failing. If a restore operation fails becase hard links were incorrectly backed p, the following message appears in the NDMP backp logs: Bad hardlink path for <path> CHECKPOINT_INTERVAL _IN_BYTES= <size> 5 GB Specifies the checkpoint interval for a restartable backp. If a restartable backp fails dring the backp process, yo can restart the backp from where the 262 OneFS 7.1 Web Administration Gide

263 NDMP backp Table 22 NDMP environment variables (contined) Environment variable Valid vales Defalt Description process failed. The <size> parameter is the space between each checkpoint. Note that this variable can only be set from the DMA. For example, if yo specify 2 GB, yor DMA wold create a checkpoint each time 2 GB of data were backed p. Restartable backps are spported only for EMC NetWorker 8.1 and later. Managing snapshot based incremental backps After yo enable snapshot-based incremental backps, yo can view and delete the snapshots created for these backps. Enable snapshot-based incremental backps for a directory Yo can configre OneFS to perform snapshot-based incremental backps for a directory by defalt. Yo can also override the defalt setting in yor data management application (DMA). Procedre 1. Rn the isi ndmp settings variable create command. The following command enables snapshot-based incremental backps for /ifs/ data/media: isi ndmp settings variables create /ifs/data/media BACKUP_MODE SNAPSHOT Delete snapshots for snapshot-based incremental backps Yo can delete snapshots created for snapshot-based incremental backps. Note It is recommended that yo do not delete snapshots created for snapshot-based incremental backps. If all snapshots are deleted for a path, the next backp performed for the path is a fll backp. Procedre 1. Rn the isi ndmp dmpdates delete command. The following command deletes all snapshots created for backing p /ifs/data/ media: isi ndmp dmpdates delete /ifs/data/media Managing snapshot based incremental backps 263

264 NDMP backp View snapshots for snapshot-based incremental backps Yo can view snapshots generated for snapshot-based incremental backps. Procedre View NDMP backp logs 1. Rn the following command: isi ndmp dmpdates list Yo can view information abot NDMP backp and restore operations throgh NDMP backp logs. Procedre 1. Click Data Protection > Backp > Logs. 2. In the Log Location area, from the Node list, select a node. 3. In the Log Contents area, review information abot NDMP backp and restore operations. 264 OneFS 7.1 Web Administration Gide

265 CHAPTER 14 File retention with SmartLock This section contains the following topics: SmartLock overview Compliance mode SmartLock directories Replication and backp with SmartLock SmartLock license fnctionality SmartLock considerations Set the compliance clock View the compliance clock Creating a SmartLock directory Managing SmartLock directories Managing files in SmartLock directories File retention with SmartLock 265

266 File retention with SmartLock SmartLock overview Compliance mode SmartLock directories Yo can prevent sers from modifying and deleting files on an EMC Isilon clster with the SmartLock software modle. Yo mst activate a SmartLock license on a clster to protect data with SmartLock. With the SmartLock software modle, yo can create SmartLock directories and commit files within those directories to a write once read many (WORM) state. Yo cannot erase or re-write a file committed to a WORM state. After a file is removed from a WORM state, yo can delete the file. However, yo can never modify a file that has been committed to a WORM state, even after it is removed from a WORM state. SmartLock compliance mode enables yo to protect yor data in compliance with the reglations defined by U.S. Secrities and Exchange Commission rle 17a-4. Yo can pgrade a clster to compliance mode dring the initial clster configration process, before yo activate the SmartLock license. To pgrade a clster to SmartLock compliance mode after the initial clster configration process, contact Isilon Technical Spport. If yo pgrade a clster to compliance mode, yo will not be able to log in to that clster throgh the root ser accont. Instead, yo can log in to the clster throgh the compliance administrator accont that is configred either dring initial clster configration or when the clster is pgraded to compliance mode. If yo are logged in throgh the compliance administrator accont, yo can perform administrative tasks throgh the sdo command. In a SmartLock directory, yo can commit a file to a WORM state manally or yo can configre SmartLock to atomatically commit the file. Yo can create two types of SmartLock directories: enterprise and compliance. However, yo can create compliance directories only if the clster has been pgraded to SmartLock compliance mode. Before yo can create SmartLock directories, yo mst activate a SmartLock license on the clster. If yo commit a file to a WORM state in an enterprise directory, the file can never be modified and cannot be deleted ntil the retention period passes. However, if yo are logged in throgh the root ser accont, yo can delete the file before the retention period passes throgh the privileged delete featre. The privileged delete featre is not available for compliance directories. Enterprise directories reference the system clock to facilitate time-dependent operations, inclding file retention. Compliance directories enable yo to protect yor data in compliance with the reglations defined by U.S. Secrities and Exchange Commission rle 17a-4. If yo commit a file to a WORM state in a compliance directory, the file cannot be modified or deleted before the specified retention period has expired. Yo cannot delete committed files, even if yo are logged in to the compliance administrator accont. Compliance directories reference the compliance clock to facilitate time-dependent operations, inclding file retention. Yo mst set the compliance clock before yo can create compliance directories. Yo can set the compliance clock only once. After yo set the compliance clock, yo cannot modify the compliance clock time. The compliance clock is controlled by the compliance clock daemon. Becase a ser can disable the compliance clock daemon, it is possible 266 OneFS 7.1 Web Administration Gide

267 File retention with SmartLock for a ser to increase the retention period of WORM committed files in compliance mode. However, it is not possible to decrease the retention period of a WORM committed file. Replication and backp with SmartLock Yo mst ensre that SmartLock directories remain protected dring replication and backp operations. If yo are replicating SmartLock directories with SyncIQ, it is recommended that yo configre all nodes on the sorce and target clsters into Network Time Protocol (NTP) peer mode to ensre that the node clocks are synchronized. For compliance clsters, it is recommended that yo configre all nodes on the sorce and target clsters into NTP peer mode before yo set the compliance clock to ensre that the compliance clocks are initially set to the same time. Note Do not configre SmartLock settings for a target SmartLock directory nless yo are no longer replicating data to the directory. Configring an atocommit time period for a target SmartLock directory can case replication jobs to fail. If the target SmartLock directory commits a file to a WORM state, and the file is modified on the sorce clster, the next replication job will fail becase it cannot pdate the file. SmartLock replication and backp limitations Be aware of the limitations of replicating and backing p SmartLock directories with SyncIQ and NDMP. If the sorce or target directory of a SyncIQ policy is a SmartLock directory, replication might not be allowed. For more information, see the following table: Sorce directory type Target directory type Allowed Non-SmartLock Non-SmartLock Yes Non-SmartLock SmartLock enterprise Yes Non-SmartLock SmartLock compliance No SmartLock enterprise Non-SmartLock Yes; however, retention dates and commit stats of files will be lost. SmartLock enterprise SmartLock enterprise Yes SmartLock enterprise SmartLock compliance No SmartLock compliance Non-SmartLock No SmartLock compliance SmartLock enterprise No SmartLock compliance SmartLock compliance Yes If yo replicate SmartLock directories to another clster with SyncIQ, the WORM state of files is replicated. However, SmartLock directory configration settings are not transferred to the target directory. For example, if yo replicate a directory that contains a committed file that is set to expire on March 4th, the file is still set to expire on March 4th on the target clster. However, if Replication and backp with SmartLock 267

268 File retention with SmartLock SmartLock license fnctionality SmartLock considerations Set the compliance clock 268 OneFS 7.1 Web Administration Gide the directory on the sorce clster is set to prevent files from being committed for more than a year, the target directory is not atomatically set to the same restriction. If yo back p data to an NDMP device, all SmartLock metadata relating to the retention date and commit stats is transferred to the NDMP device. If yo restore data to a SmartLock directory on the clster, the metadata persists on the clster. However, if the directory that yo restore to is not a SmartLock directory, the metadata is lost. Yo can restore to a SmartLock directory only if the directory is empty. Yo mst activate a SmartLock license on a clster before yo can create SmartLock directories and commit files to a WORM state. If a SmartLock license becomes inactive, yo will not be able to create new SmartLock directories on the clster, modify SmartLock directory configration settings, or delete files committed to a WORM state in enterprise directories before their expiration dates. However, yo can still commit files within existing SmartLock directories to a WORM state. If a SmartLock license becomes inactive on a clster that is rnning in SmartLock compliance mode, root access to the clster is not restored. It is recommended that yo create files otside of SmartLock directories and then transfer them into a SmartLock directory after yo are finished working with the files. If yo are ploading files to a clster, it is recommended that yo pload the files to a non-smartlock directory, and then later transfer the files to a SmartLock directory. If a file is committed to a WORM state while the file is being ploaded, the file will become trapped in an inconsistent state. Files can be committed to a WORM state while they are still open. If yo specify an atocommit time period for a directory, the atocommit time period is calclated according to the length of time since the file was last modified, not when the file was closed. If yo delay writing to an open file for more than the atocommit time period, the file will be committed to a WORM state the next time yo attempt to write to it. In a Microsoft Windows environment, if yo commit a file to a WORM state, yo can no longer modify the hidden or archive attribtes of the file. Any attempt to modify the hidden or archive attribtes of a WORM committed file will generate an error. This can prevent third-party applications from modifying the hidden or archive attribtes. Before yo can create SmartLock compliance directories, yo mst set the compliance clock. This procedre is available only throgh the command-line interface (CLI). Setting the compliance clock configres the clock to the same time as the clster system clock. Before yo set the compliance clock, ensre that the clster system clock is set to the correct time. After the compliance clock is set, if the compliance clock becomes nsynchronized with the system clock, the compliance clock slowly corrects itself to match the system clock. The compliance clock corrects itself at a rate of approximately one week per year. Procedre 1. Open a secre shell (SSH) connection to any node in the clster and log in throgh the compliance administrator accont.

269 File retention with SmartLock 2. Set the compliance clock by rnning the following command. isi worm cdate set View the compliance clock Yo can view the crrent time of the compliance clock. This procedre is available only throgh the command-line interface (CLI). Procedre 1. Open a secre shell (SSH) connection to any node in the clster and log in throgh the compliance administrator accont. 2. View the compliance clock by rnning the following command: isi worm cdate The system displays otpt similar to the following: Crrent Compliance Clock Date/Time: :00:00 Creating a SmartLock directory Yo can create a SmartLock directory and configre settings that control how long files are retained in a WORM state and when files are atomatically committed to a WORM state. It is recommended that yo set SmartLock configration settings only once and do not modify the settings after files have been added to the SmartLock directory. If an atocommit time period is specified for the directory, modifying SmartLock configration settings can affect the retention period of files, even if the atocommit time period of the files has already expired. Yo cannot move or rename a directory that contains a SmartLock directory. Retention periods A retention period is the length of time that a file remains in a WORM state before being released from a WORM state. Yo can configre SmartLock directory settings that enforce defalt, maximm, and minimm retention periods for the directory. If yo manally commit a file, yo can optionally specify the date that the file is released from a WORM state. Yo can configre a minimm and a maximm retention period for a SmartLock directory to prevent files from being retained for too long or too short a time period. It is recommended that yo specify a minimm retention period for all SmartLock directories. For example, assme that yo have a SmartLock directory with a minimm retention period of two days. At 1:00 PM on Monday, yo commit a file to a WORM state, and specify the file to be released from a WORM state on Tesday at 3:00 PM. The file will be released from a WORM state two days later on Wednesday at 1:00 PM, becase releasing the file earlier wold violate the minimm retention period. Yo can also configre a defalt retention period that is assigned when yo commit a file withot specifying a date to release the file from a WORM state. Atocommit time periods Yo can configre an atocommit time period for SmartLock directories. After a file has been in a SmartLock directory withot being modified for the specified atocommit time View the compliance clock 269

270 File retention with SmartLock Create a SmartLock directory period, the file is atomatically committed to a WORM state the next time that file is accessed by a ser. After the atocommit time period for a file passes, the file contines to reference the crrent atocommit time period ntil the file is accessed by a ser. Therefore, increasing the atocommit time period of a directory might case files to be committed to a WORM state later than expected. For example, assme that yo have a SmartLock directory with an atocommit time period of one day, and an expiration period of one day. Yo then copy a file into the SmartLock directory on Monday, at 3:00 PM. At 5:00 PM on Tesday, yo increase the atocommit time period to two days. If the file was not accessed, sers can modify or delete the file ntil 3:00 PM on Wednesday. Decreasing the atocommit time period of a directory can case a file to be released from a WORM state earlier than expected. For example, assme that yo have a SmartLock directory with an atocommit time period of one day, and a defalt expiration period of one day. Yo then copy a file into the SmartLock directory on Monday, at 3:00 PM. If, at 4:00 PM on Tesday, the file was not accessed by a ser, and yo decrease the atocommit time period to two hors, the file is set to be removed from a WORM state at 5:00 PM on Tesday, instead of 3:00 PM on Wednesday. Modifying the minimm, maximm, or defalt retention period of a SmartLock directory can modify the retention period of files, even after the atocommit time period of a file expires. For example, assme that yo have a SmartLock directory with an atocommit time period of two days, and a defalt expiration period of one day. Yo then copy a file into the SmartLock directory on Monday, at 3:00 PM. If, by 4:00 PM on Wednesday, the file was not accessed by a ser, and yo decrease the defalt retention period to two hors, the file is removed from a WORM state at 5:00 PM on Wednesday, instead of 3:00 PM on Thrsday. If yo specify an atocommit time period along with a minimm, maximm, or defalt retention period, the retention period is calclated according to the time that the atocommit period expires. For example, assme that yo have a SmartLock directory with a minimm retention period of two days and an atocommit time period of one day. At 1:00 PM on Monday, yo modify a file; then, at 5:00 PM on Tesday, yo access the file, and the file is committed to a WORM state. The retention period expires on Thrsday at 1:00 PM, two days after the atocommit time period for the file expired. If the atocommit time period expires for a file, and the file is accessed by a ser, the file is committed to a WORM state. However, the read-write permissions of the file are not modified. The file is still committed to a WORM state; the file can never be modified, and it cannot be deleted ntil the specified retention period expires. However, the WORM state is not indicated by the read-write permissions. Yo can create a SmartLock directory and commit files in that directory to a WORM state. This procedre is available only throgh the command-line interface (CLI). Before creating a SmartLock directory, be aware of the following conditions and reqirements: Yo cannot create a SmartLock directory as a sbdirectory of an existing SmartLock directory. Hard links cannot cross SmartLock directory bondaries. Creating a SmartLock directory cases a corresponding SmartLock domain to be created for that directory. Procedre 270 OneFS 7.1 Web Administration Gide 1. Open a secre shell (SSH) connection to any node in the clster and log in.

271 File retention with SmartLock 2. Rn the isi worm domains create command to create a SmartLock directory. The path specified in the isi worm domains create command cannot be the path of an existing directory. The following command creates a compliance directory with a defalt retention period of for years, a minimm retention period of three years, and an maximm retention period of five years: sdo isi worm mkdir --path /ifs/data/dir --compliance \ --defalt 4y --min 3y --max 5y The following command creates an enterprise directory with an atocommit time period of thirty mintes and a minimm retention period of three months: isi worm mkdir --path /ifs/data/dir --atocommit 30n --min 3m Managing SmartLock directories Modify a SmartLock directory Yo can modify the defalt, minimm, and maximm retention period and the atocommit period for a SmartLock directory at any time. A SmartLock directory can be renamed only if the directory is empty. Yo can modify the SmartLock configration settings for a SmartLock directory. This procedre is available only throgh the command-line interface (CLI). Note It is recommended that yo set SmartLock configration settings only once and do not modify the settings after files are added to the SmartLock directory. Procedre View SmartLock directory settings 1. Open a secre shell (SSH) connection to any node in the clster and log in. 2. Modify SmartLock configration settings by rnning the isi worm modify command. For example, the following command sets the defalt retention period to one year: isi worm modify --path /ifs/data/protected_directory \ --defalt 1y Yo can view the SmartLock configration settings for SmartLock directories. This procedre is available only throgh the command-line interface (CLI). Procedre 1. Open a secre shell (SSH) connection to any node in the clster and log in. 2. View all SmartLock domains by rnning the following command: isi worm domains list The system displays otpt similar to the following example: ID Path Type /ifs/data/smartlock/directory1 enterprise /ifs/data/smartlock/directory2 enterprise /ifs/data/smartlock/directory3 enterprise Managing SmartLock directories 271

272 File retention with SmartLock 3. Optional: To view detailed information abot a specific SmartLock directory, rn the isi worm domains view command. The following command displays detailed information abot /ifs/data/ SmartLock/directory2: SmartLock directory configration settings isi worm domains view /ifs/data/smartlock/directory2 The system displays otpt similar to the following example: ID: Path: /ifs/data/smartlock/directory2 Type: enterprise LIN: Atocommit Offset: 30m Override Date: - Privileged Delete: off Defalt Retention: 1Y Min Retention: 3M Max Retention: - Total Modifies: 3/32 Max Yo can configre SmartLock directory settings that determine when files are committed to and how long files are retained in a WORM state for a given directory. All SmartLock directories are assigned the following settings: ID The nmerical ID of the corresponding SmartLock domain. Root path The path of the directory. Type The type of directory. Enterprise directories display SmartLock. Compliance directories display Compliance. Override date The override retention date for the directory. Files committed to a WORM state are not released from a WORM state ntil after the specified date, regardless of the maximm retention period for the directory or whether a ser specifies a retention period expiration date. Defalt retention period The defalt retention period for the directory. If a retention period expiration date is not explicitly assigned by a ser, the defalt retention period is assigned to the file when it is committed to a WORM state. Times are expressed in the format "<integer> <time>", where <time> is one of the following vales: Vale Description - - y Specifies years m w d Specifies months Specifies weeks Specifies days 272 OneFS 7.1 Web Administration Gide

273 File retention with SmartLock Minimm retention period The minimm retention period for the directory. Files are retained in a WORM state for at least the specified amont of time, even if a ser specifies an expiration date that reslts in a shorter retention period. Times are expressed in the format "<integer> <time>", where <time> is one of the following vales: Vale Description - - y Specifies years m w d Specifies months Specifies weeks Specifies days Maximm retention period The maximm retention period for the directory. Files are retained in a WORM state for longer than the specified amont of time, even if a ser specifies an expiration date that reslts in a longer retention period. Times are expressed in the format "<integer> <time>", where <time> is one of the following vales: Vale Description - - y Specifies years m w d Specifies months Specifies weeks Specifies days Atocommit period The atocommit time period for the directory. After a file exists in this SmartLock directory withot being modified for the specified time period, the file is atomatically committed the next time the file is accessed by a ser. Times are expressed in the format "<integer> <time>", where <time> is one of the following vales: Vale Description - - y Specifies years m w d h n Specifies months Specifies weeks Specifies days Specifies hors Specifies mintes SmartLock directory configration settings 273

274 File retention with SmartLock Privileged delete Indicates whether files in the directory can be deleted throgh the privileged delete fnctionality. On A root ser can delete files committed to a WORM state by rnning the isi worm filedelete command. Off WORM committed files cannot be deleted, even throgh the isi worm filedelete command. Disabled (Permanently) WORM committed files cannot be deleted, even throgh the isi worm filedelete command. After this setting is set, the setting cannot be modified. Managing files in SmartLock directories Yo can commit files in SmartLock directories to a WORM state by removing the readwrite privileges of the file. Yo can also set a specific date at which the retention period of the file expires. Once a file is committed to a WORM state, yo can increase the retention period of the file, bt yo cannot decrease the retention period of the file. Yo cannot move a file that has been committed to a WORM state, even after the retention period for the file has expired. The retention period expiration date is set by modifying the access time of a file. In a UNIX command line, the access time can be modified throgh the toch command. Althogh there is no method of modifying the access time throgh Windows Explorer, yo can modify the access time throgh Windows Powershell. Accessing a file does not set the retention period expiration date. If yo rn the toch command on a file in a SmartLock directory withot specifying a date on which to release the file from a SmartLock state, and yo commit the file, the retention period is atomatically set to the minimm retention period specified for the SmartLock directory. If yo have not specified a minimm retention period for the SmartLock directory, the file is assigned a retention period of zero seconds. It is recommended that yo specify a minimm retention period for all SmartLock directories. Set a retention period throgh a UNIX command line Yo can specify when a file will be released from a WORM state throgh a UNIX command line. Procedre 1. Open a connection to any node in the clster throgh a UNIX command line and log in. 2. Set the retention period by modifying the access time of the file throgh the toch command. The following command sets an expiration date of Jne 1, 2015 for /ifs/data/ test.txt: toch -at /ifs/data/test.txt 274 OneFS 7.1 Web Administration Gide

275 File retention with SmartLock Set a retention period throgh Windows Powershell Yo can specify when a file will be released from a WORM state throgh Microsoft Windows Powershell. Procedre 1. Open the Windows PowerShell command prompt. 2. Optional: Establish a connection to the clster by rnning the net se command. The following command establishes a connection to the /ifs directory on clster.ip.address.com: net se "\\clster.ip.address.com\ifs" /ser:root password 3. Specify the name of the file yo want to set a retention period for by creating an object. The file mst exist in a SmartLock directory. The following command creates an object for /smartlock/file.txt: $file = Get-Item "\\clster.ip.address.com\ifs\smartlock\file.txt" 4. Specify the retention period by setting the last access time for the file. The following command sets an expiration date of Jly 1, 2015 at 1:00 PM: $file.lastaccesstime = Get-Date "2015/7/1 1:00 pm" Commit a file to a WORM state throgh a UNIX command line Yo can commit a file to a WORM state throgh a UNIX command line. To commit a file to a WORM state, yo mst remove all write privileges from the file. If a file is already set to a read-only state, yo mst first add write privileges to the file, and then retrn the file to a read-only state. Procedre 1. Open a connection to the clster throgh a UNIX command line and log in. 2. Remove write privileges from a file by rnning the chmod command. The following command removes write privileges of /ifs/data/smartlock/ file.txt: chmod go-w /ifs/data/smartlock/file.txt Commit a file to a WORM state throgh Windows Explorer Yo can commit a file to a WORM state throgh Microsoft Windows Explorer. This procedre describes how to commit a file throgh Windows 7. To commit a file to a WORM state, yo mst apply the read-only setting. If a file is already set to a read-only state, yo mst first remove the file from a read-only state and then retrn it to a read-only state. Procedre 1. In Windows Explorer, navigate to the file yo want to commit to a WORM state. 2. Right-click the folder and then click Properties. 3. In the Properties window, click the General tab. 4. Select the Read-only check box, and then click OK. Set a retention period throgh Windows Powershell 275

276 File retention with SmartLock Override the retention period for all files in a SmartLock directory Yo can override the retention period for files in a SmartLock directory. All files committed to a WORM state within the directory will remain in a WORM state ntil after the specified day. This procedre is available only throgh the command-line interface (CLI). If files are committed to a WORM state after the retention period is overridden, the override date fnctions as a minimm retention date. All files committed to a WORM state do not expire ntil at least the given day, regardless of ser specifications. Procedre Delete a file committed to a WORM state 1. Open a connection to the clster throgh a UNIX command line. 2. Override the retention period expiration date for all WORM committed files in a SmartLock directory by rnning the isi worm modify command. For example, the following command overrides the retention period expiration date of /ifs/data/smartlock to Jne 1, 2014: isi worm modify --path /ifs/data/smartlock --override Yo can delete a WORM committed file before the expiration date only if yo are logged in as the root ser. This procedre is available only throgh the command-line interface (CLI). Before yo begin Privileged delete fnctionality mst not be permanently disabled for the SmartLock directory that contains the file. Procedre 1. Open a connection to the clster throgh a UNIX command line and log in throgh the root ser accont. 2. If privileged delete fnctionality was disabled for the SmartLock directory, modify the directory by rnning the isi worm domains modify command with the -- privileged-delete option. For example, the following command enables privileged delete for /ifs/data/ enterprise: isi worm modify --path /ifs/data/enterprise --privdel on 3. Delete the WORM committed file by rnning the isi worm filedelete command. For example, the following command deletes /ifs/worm/enterprise/file: isi worm filedelete /ifs/worm/enterprise/file The system displays otpt similar to the following:!! Are yo sre? Please enter 'yes' to confirm: (yes, [no]) 4. Type yes and then press ENTER. 276 OneFS 7.1 Web Administration Gide

277 File retention with SmartLock View WORM stats of a file Yo can view the WORM stats of an individal file. This procedre is available only throgh the command-line interface (CLI). Procedre 1. Open a connection to the clster throgh a UNIX command line. 2. View the WORM stats of a file by rnning the isi worm files view command. For example, the following command displays the WORM stats of /ifs/worm/ enterprise/file: isi worm info --path /ifs/worm/enterprise/file --verbose View WORM stats of a file 277

278

279 CHAPTER 15 Protection domains This section contains the following topics: Protection domains overview Protection domain considerations Create a protection domain Delete a protection domain View protection domains Protection domain types Protection domains 279

280 Protection domains Protection domains overview Protection domains are markers that prevent modifications to files and directories. If a domain is applied to a directory, the domain is also applied to all of the files and sbdirectories nder the directory. Yo can specify domains manally; however, OneFS sally creats domains atomatically. There are three types of domains: SyncIQ, SmartLock, and SnapRevert. SyncIQ domains can be assigned to sorce and target directories of replication policies. OneFS atomatically creates a SyncIQ domain for the target directory of a replication policy the first time that the policy is rn. OneFS also atomatically creates a SyncIQ domain for the sorce directory of a replication policy dring the failback process. Yo can manally create a SyncIQ domain for a sorce directory before yo initiate the failback process, bt yo cannot delete a SyncIQ domain that mark the target directory of a replication policy. SmartLock domains are assigned to SmartLock directories to prevent committed files from being modified or deleted. OneFS atomatically creates a SmartLock domain when a SmartLock directory is created. Yo cannot delete a SmartLock domain. However, if yo delete a SmartLock directory, OneFS atomatically deletes the SmartLock domain associated with the directory. SnapRevert domains are assigned to directories that are contained in snapshots to prevent files and directories from being modified while a snapshot is being reverted. OneFS does not atomatically create SnapRevert domains. Yo cannot revert a snapshot ntil yo create a SnapRevert domain for the directory that the snapshot contains. Yo can create SnapRevert domains for sbdirectories of directories that already have SnapRevert domains. For example, yo cold create SnapRevert domains for both /ifs/ data and /ifs/data/archive. Yo can delete a SnapRevert domain if yo no longer want to revert snapshots of a directory. Protection domain considerations Yo can manally create protection domains before they are reqired by OneFS to perform certain actions. However, manally creating protection domains can limit yor ability to interact with the data marked by the domain. Copying a large nmber of files into a protection domain might take a very long time becase each file mst be marked individally as belonging to the protection domain. Yo cannot move directories in or ot of protection domains. However, yo can move a directory contained in a protection domain to another location within the same protection domain. Creating a protection domain for a directory that contains a large nmber of files will take more time than creating a protection domain for a directory with fewer files. Becase of this, it is recommended that yo create protection domains for directories while the directories are empty, and then add files to the directory. If a domain is crrently preventing the modification or deletion of a file, yo cannot create a protection domain for a directory that contains that file. For example, if /ifs/data/smartlock/file.txt is set to a WORM state by a SmartLock domain, yo cannot create a SnapRevert domain for /ifs/data/. 280 OneFS 7.1 Web Administration Gide

281 Protection domains Create a protection domain Yo can create replication or snapshot revert domains to facilitate snapshot revert and failover operations. Yo cannot create a SmartLock domain. OneFS atomatically creates a SmartLock domain when yo create a SmartLock directory. Procedre 1. Click Clster Management > Job Operations > Job Types. 2. In the Job Types area, in the DomainMark row, from the Actions colmn, select Start Job. 3. In the Domain Root Path field, type the path of the directory yo want to create a protection domain for. 4. From the Type of domain list, specify the type of domain yo want to create. 5. Ensre that the Delete this domain check box is cleared. 6. Click Start Job. Delete a protection domain Yo can delete a replication or snapshot revert domain if yo want to move directories ot of the domain. Yo cannot delete a SmartLock domain. OneFS atomatically deletes a SmartLock domain when yo delete a SmartLock directory. Procedre 1. Click Clster Management > Job Operations > Job Types. 2. In the Job Types area, in the DomainMark row, from the Actions colmn, select Start Job. 3. In the Domain Root Path field, type the path of the directory yo want to delete a protection domain for. 4. From the Type of domain list, specify the type of domain yo want to delete. 5. Select Delete this domain. 6. Click Start Job. View protection domains Yo can view protection domains on a clster. This procedre is available only throgh the command-line interface (CLI). Procedre Protection domain types 1. Open a secre shell (SSH) connection to any node in the clster and log in. 2. View protection domains by rnning the isi domain list command. There are three general protection domain types: SmartLock, SnapRevert, and SyncIQ. Each protection domain type can be divided into additional sbcategories. The following domain types appear in the otpt of the isi domain list command. Create a protection domain 281

282 Protection domains SmartLock SmartLock domain of an enterprise directory. Compliance SmartLock domain of a compliance directory. SyncIQ SyncIQ domain that prevents sers from modifying files and directories. SyncIQ, Writable SyncIQ domain that allows sers to modify files and directories. SnapRevert SnapRevert domain that prevents sers from modifying files and directories while a snapshot is being reverted. Writable, SnapRevert SnapRevert domain that allows sers to modify files and directories. If Incomplete is appended to a domain type, OneFS is in the process of creating the domain. An incomplete domain does not prevent files from being modified or deleted. 282 OneFS 7.1 Web Administration Gide

283 CHAPTER 16 Data-at-rest-encryption This section contains the following topics: Data-at-rest encryption overview Self-encrypting drives Data secrity on self-encrypted drives Data migration to a self-encrypted-drives clster Chassis and drive states Smartfailed drive ERASE and REPLACE state examples Data-at-rest-encryption 283

284 Data-at-rest-encryption Data-at-rest encryption overview Self-encrypting drives Yo can enhance data secrity with a EMC Isilon clster that contains only selfencrypting-drive nodes, providing data-at-rest protection. The OneFS system is available as a clster that is composed of Isilon OneFS nodes that contain only self-encrypting drives (SEDs). The system reqirements and management of data at rest on self-encrypting nodes are identical to that of nodes that do not contain self-encrypting drives. Clsters of mixed node types are not spported. Self-encrypting drives store data on a EMC Isilon clster that is specially designed for data-at-rest encryption. Data-at-rest- encryption on self-encrypted drives occrs when data that is stored on a device is encrypted to prevent nathorized data access. All data written to the storage device is encrypted when it is stored, and all data read from the storage device is decrypted when it is read. The stored data is encrypted with a 256-bit data AES encryption key and decrypted in the same manner. OneFS controls data access by combining the drive athentication key with on-disk data-encryption keys. Note All nodes in a clster mst be of the self-encrypting drive type. Mixed nodes are not spported. Data secrity on self-encrypted drives Smartfailing self-encrypted drives garantees data secrity after removal. Data on self-encrypted drives is protected from nathorized access by athenticating encryption keys. Encryption keys never leave the drive. When a drive is locked, sccessfl athentication nlocks the drive for data access. The data on self-encrypted drives is rendered inaccessible in the following conditions: When a self-encrypting drive is smartfailed, drive athentication keys are deleted from the node. The data on the drive cannot be decrypted and is therefore nreadable, which secres the drive. When a drive is smartfailed and removed from a node, the encryption key on the drive is removed. Becase the encryption key for reading data from the drive mst be the same key that was sed when the data was written, it is impossible to decrypt data that was previosly written to the drive. When yo smartfail and then remove a drive, it is cryptographically erased. Note Smartfailing a drive is the preferred method for removing a self-encrypted drive. Removing a node that has been smartfailed garantees that data is inaccessible. When a self-encrypting drive loses power, the drive locks to prevent nathorized access. When power is restored, data is again accessible when the appropriate drive athentication key is provided. 284 OneFS 7.1 Web Administration Gide

285 Data-at-rest-encryption Data migration to a self-encrypted-drives clster Yo can migrate data from yor existing clster to a clster of self-encrypted-drive nodes. The Isilon clster does not spport the coexistence of reglar and self-encrypted nodes. However, if yo have data on an existing Isilon clster that yo want to migrate to a clster of self-encrypted nodes, yo can add self-encrypted nodes to yor existing clster one time only to migrate yor data. Note Before yo begin the data-migration process, both clsters mst be pgraded to the same OneFS version. Dring data migration, an error is generated that indicates yo are rnning in mixed mode, which is not spported and is not secre. The data migrated to the self-encrypted drives is not secre ntil the smartfail process is completed for the non-encrypted drives. CAUTION Data migration to a clster of self-encrypted-drive nodes mst be performed by Isilon Professional Services. For more information, contact yor EMC Isilon representative. Chassis and drive states Yo can view chassis and drive state details. In a clster, the combination of nodes in different degraded states determines whether read reqests, write reqests, or both work. A clster can lose write qorm bt keep read qorm. OneFS provides details abot the stats of chassis and drives in yor clster. The following table describes all the possible states that yo may enconter in yor clster. State Description Interface Error state HEALTHY All drives in the node are fnctioning correctly. CLI, web administration interface SMARTFAIL or Smartfail or restripe in progress The drive is in the process of being removed safely from the file system, either becase of an I/O error or by ser reqest. Nodes or drives in a smartfail or read-only state affect only write qorm. CLI, web administration interface NOT AVAILABLE A drive can be navailable for a variety of reasons. Yo can click the bay to view detailed information abot this condition. CLI, web administration interface X Note In the web administration interface, this state incldes the ERASE and SED_ERROR command-line interface states. Data migration to a self-encrypted-drives clster 285

286 Data-at-rest-encryption State Description Interface Error state SUSPENDED This state indicates that drive activity is temporarily sspended and the drive is not in se. The state is manally initiated and does not occr dring normal clster activity. CLI, web administration interface NOT IN USE REPLACE STALLED NEW USED PREPARING A node in an offline state affects both read and write qorm. The drive was smartfailed sccessflly and is ready to be replaced. The drive is stalled and ndergoing stall evalation. Stall evalation is the process of checking drives that are slow or having other isses. Depending on the otcome of the evalation, the drive may retrn to service or be smartfailed. This is a transient state. The drive is new and blank. This is the state that a drive is in when yo rn the isi dev - a add command. The drive was added and contained an Isilon GUID bt the drive is not from this node. This drive likely will be formatted into the clster. The drive is ndergoing a format operation. The drive state changes to HEALTHY when the format is sccessfl. CLI, web administration interface CLI only CLI only CLI only CLI only CLI only EMPTY No drive is in this bay. CLI only WRONG_TYPE The drive type is wrong for this node. For example, a non-sed drive in a SED node, SAS instead of the expected SATA drive type. CLI only BOOT_DRIVE Uniqe to the A100 drive, which has boot drives in its bays. CLI only SED_ERROR The drive cannot be acknowledged by the OneFS system. Note CLI, web administration interface X In the web administration interface, this state is inclded in Not available. ERASE The drive is ready for removal bt needs yor attention becase the data has not been erased. Yo can erase the drive manally to garantee that data is removed. CLI only Note In the web administration interface, this state is inclded in Not available. 286 OneFS 7.1 Web Administration Gide

287 Data-at-rest-encryption State Description Interface Error state INSECURE Data on the self-encrypted drive is accessible by nathorized personnel. Self-encrypting drives shold never be sed for non-encrypted data prposes. CLI only X Note In the web administration interface, this state is labeled Unencrypted SED. UNENCRYPTED SED Data on the self-encrypted drive is accessible by nathorized personnel. Self-encrypting drives shold never be sed for non-encrypted data prposes. Web administration interface only X Note In the command-line interface, this state is labeled INSECURE. Smartfailed drive ERASE and REPLACE state examples Yo can see different drive states dring the smartfail process. The following command-line otpt examples demonstrate the difference between the REPLACE and ERASE states dring the smartfail process. my-clster# isi dev Node 1, [ATTN] Bay 1 Lnm 11 [SMARTFAIL] SN:Z296M8HK YE04 /dev/da1 Bay 2 Lnm 10 [HEALTHY] SN:Z296M8N EYE03 /dev/da2 Bay 3 Lnm 9 [HEALTHY] SN:Z296LBP EYE03 /dev/da3 Bay 4 Lnm 8 [HEALTHY] SN:Z296LCJW BYE03 /dev/da4 Bay 5 Lnm 7 [HEALTHY] SN:Z296M8XB KYE03 /dev/da5 Bay 6 Lnm 6 [HEALTHY] SN:Z295LXT YE03 /dev/da6 Bay 7 Lnm 5 [HEALTHY] SN:Z296M8ZF KYE03 /dev/da7 Bay 8 Lnm 4 [HEALTHY] SN:Z296M8SD EYE03 /dev/da8 Bay 9 Lnm 3 [HEALTHY] SN:Z296M8QA EYE03 /dev/da9 Bay 10 Lnm 2 [HEALTHY] SN:Z296M8Q EYE03 /dev/da10 Bay 11 Lnm 1 [HEALTHY] SN:Z296M8SP EYE04 /dev/da11 Bay 12 Lnm 0 [HEALTHY] SN:Z296M8QZ JYE03 /dev/da12 Smartfail completes sccessflly and the drive state changes to REPLACE: my-clster# isi dev Node 1, [ATTN] Bay 1 Lnm 11 [REPLACE] SN:Z296M8HK YE04 /dev/da1 Smartfailed drive ERASE and REPLACE state examples 287

288 Data-at-rest-encryption Bay 2 Lnm 10 [HEALTHY] SN:Z296M8N EYE03 /dev/da2 Bay 3 Lnm 9 [HEALTHY] SN:Z296LBP EYE03 /dev/da3 Bay 4 Lnm 8 [HEALTHY] SN:Z296LCJW BYE03 /dev/da4 Bay 5 Lnm 7 [HEALTHY] SN:Z296M8XB KYE03 /dev/da5 Bay 6 Lnm 6 [HEALTHY] SN:Z295LXT YE03 /dev/da6 Bay 7 Lnm 5 [HEALTHY] SN:Z296M8ZF KYE03 /dev/da7 Bay 8 Lnm 4 [HEALTHY] SN:Z296M8SD EYE03 /dev/da8 Bay 9 Lnm 3 [HEALTHY] SN:Z296M8QA EYE03 /dev/da9 Bay 10 Lnm 2 [HEALTHY] SN:Z296M8Q EYE03 /dev/da10 Bay 11 Lnm 1 [HEALTHY] SN:Z296M8SP EYE04 /dev/da11 Bay 12 Lnm 0 [HEALTHY] SN:Z296M8QZ JYE03 /dev/da12 A drive in bay 3 is smartfailed: my-clster# isi dev isi dev Node 1, [ATTN] Bay 1 Lnm 11 [REPLACE] SN:Z296M8HK YE04 /dev/da1 Bay 2 Lnm 10 [HEALTHY] SN:Z296M8N EYE03 /dev/da2 Bay 3 Lnm 9 [SMARTFAIL] SN:Z296LBP EYE03 N/A Bay 4 Lnm 8 [HEALTHY] SN:Z296LCJW BYE03 /dev/da4 Bay 5 Lnm 7 [HEALTHY] SN:Z296M8XB KYE03 /dev/da5 Bay 6 Lnm 6 [HEALTHY] SN:Z295LXT YE03 /dev/da6 Bay 7 Lnm 5 [HEALTHY] SN:Z296M8ZF KYE03 /dev/da7 Bay 8 Lnm 4 [HEALTHY] SN:Z296M8SD EYE03 /dev/da8 Bay 9 Lnm 3 [HEALTHY] SN:Z296M8QA EYE03 /dev/da9 Bay 10 Lnm 2 [HEALTHY] SN:Z296M8Q EYE03 /dev/da10 Bay 11 Lnm 1 [HEALTHY] SN:Z296M8SP EYE04 /dev/da11 Bay 12 Lnm 0 [HEALTHY] SN:Z296M8QZ JYE03 /dev/da12 Smartfail is nsccessfl for bay 3, changing the drive state to ERASE. Becase the drive cold not be crypto-erased, OneFS attempts to delete the drive password: my-clster# isi dev Node 1, [ATTN] Bay 1 Lnm 11 [REPLACE] SN:Z296M8HK YE04 /dev/da1 Bay 2 Lnm 10 [HEALTHY] SN:Z296M8N EYE03 /dev/da2 Bay 3 Lnm 9 [ERASE] SN:Z296LBP EYE03 /dev/da3 Bay 4 Lnm 8 [HEALTHY] SN:Z296LCJW BYE03 /dev/da4 Bay 5 Lnm 7 [HEALTHY] SN:Z296M8XB KYE03 /dev/da5 Bay 6 Lnm 6 [HEALTHY] SN:Z295LXT YE03 /dev/da6 Bay 7 Lnm 5 [HEALTHY] SN:Z296M8ZF 288 OneFS 7.1 Web Administration Gide

289 Data-at-rest-encryption KYE03 /dev/da7 Bay 8 Lnm 4 [HEALTHY] SN:Z296M8SD EYE03 /dev/da8 Bay 9 Lnm 3 [HEALTHY] SN:Z296M8QA EYE03 /dev/da9 Bay 10 Lnm 2 [HEALTHY] SN:Z296M8Q EYE03 /dev/da10 Bay 11 Lnm 1 [HEALTHY] SN:Z296M8SP EYE04 /dev/da11 Bay 12 Lnm 0 [HEALTHY] SN:Z296M8QZ JYE03 /dev/da12 Smartfailed drive ERASE and REPLACE state examples 289

290

291 CHAPTER 17 SmartQotas This section contains the following topics: SmartQotas overview Qota types Defalt qota type Usage acconting and limits Disk-sage calclations Qota notifications Qota notification rles Qota reports Creating qotas Managing qotas Managing qota notifications Managing qota reports Basic qota settings Advisory limit qota notification rles settings Soft limit qota notification rles settings Hard limit qota notification rles settings Limit notification settings Qota report settings Cstom notification template variable descriptions SmartQotas 291

292 SmartQotas SmartQotas overview The SmartQotas modle is an optional qota-management tool that monitors and enforces administrator-defined storage limits. Using acconting and enforcement qota limits, reporting capabilities, and atomated notifications, SmartQotas manages storage se, monitors disk storage, and isses alerts when disk-storage limits are exceeded. Qotas help yo manage storage sage according to criteria that yo define. Qotas are sed as a method of tracking and sometimes limiting the amont of storage that a ser, grop, or project consmes. Qotas are a sefl way of ensring that a ser or department does not infringe on the storage that is allocated to other sers or departments. In some qota implementations, writes beyond the defined space are denied, and in other cases, a simple notification is sent. The SmartQotas modle reqires a separate license. For additional information abot the SmartQotas modle or to activate the modle, contact yor EMC Isilon sales representative. Qota types OneFS ses the concept of qota types as the fndamental organizational nit of storage qotas. Storage qotas comprise a set of resorces and an acconting of each resorce type for that set. Storage qotas are also called storage domains. Storage qotas creation reqires three identifiers: The directory to monitor. Whether snapshots are to be tracked against the qota limit. The qota type (directory, ser, or grop). Yo can choose a qota type from the following entities: Directory A specific directory and its sbdirectories. User Either a specific ser or defalt ser (every ser). Specific-ser qotas that yo configre take precedence over a defalt ser qota. Grop All members of a specific grop or all members of a defalt grop (every grop). Any specific-grop qotas that yo configre take precedence over a defalt grop qota. Associating a grop qota with a defalt grop qota creates a linked qota. Yo can create mltiple qota types on the same directory, bt they mst be of a different type or have a different snapshot option. Yo can specify qota types for any directory in OneFS and nest them within each other to create a hierarchy of complex storage-se policies. Nested storage qotas can overlap. For example, the following qota settings ensre that the finance directory never exceeds 5 TB, while limiting the sers in the finance department to 1 TB each: Set a 5 TB hard qota on /ifs/data/finance. Set 1 TB soft qotas on each ser in the finance department. 292 OneFS 7.1 Web Administration Gide

293 SmartQotas Note Yo shold not create qotas of any type on the OneFS root (/ifs). A root-level qota may significantly degrade performance. Defalt qota type Defalt qotas atomatically create other qotas for sers or grops in a specified directory. A defalt qota specifies a policy for new entities that match a trigger. The defaltser@/ifs/cs becomes specific-ser@/ifs/cs for each specific-ser that is not otherwise defined. For example, yo can create a defalt-ser qota on the /ifs/dir-1 directory, where that directory is owned by the root ser. The defalt-ser type atomatically creates a new domain on that directory for root and adds the sage there: my-onefs-1# mkdir /ifs/dir-1 my-onefs-1# isi qota qotas create /ifs/dir-1 defalt-ser my-onefs-1# isi qota qotas ls --path=/ifs/dir-1 Type AppliesTo Path Snap Hard Soft Adv Used defalt-ser DEFAULT /ifs/dir-1 No b ser root /ifs/dir-1 No b Now add a file that is owned by a different ser (admin). my-onefs-1# toch /ifs/dir-1/somefile my-onefs-1# chown admin /ifs/dir-1/somefile my-onefs-1# isi qota qotas ls --path=/ifs/dir-1 Type AppliesTo Path Snap Hard Soft Adv Used defalt-ser DEFAULT /ifs/dir-1 No b ser root /ifs/dir-1 No b ser admin /ifs/dir-1 No b Total: 3 In this example, the defalt-ser type created a new specific-ser type atomatically (ser:admin) and added the new sage to it. Defalt-ser does not have any sage becase it is sed only to generate new qotas atomatically. Defalt-ser enforcement is copied to a specific-ser (ser:admin), and the inherited qota is called a linked qota. In this way, each ser accont gets its own sage acconting. Defalts can overlap. For example, defalt-ser@/ifs/dir-1 and defalt-ser@/ifs/cs both may be defined. If the defalt enforcement changes, OneFS storage qotas propagate the changes to the linked qotas asynchronosly. Becase the pdate is asynchronos, there is some delay before pdates are in effect. If a defalt type, sch as every ser or every grop, is deleted, OneFS deletes all children that are marked as inherited. As an option, yo can delete the defalt withot deleting the children, bt it is important to note that this action breaks inheritance on all inherited children. Contining with the example, add another file that is owned by the root ser. Becase the root type exists, the new sage is added to it. my-onefs-1# toch /ifs/dir-1/anotherfile my-onefs-1# isi qota ls -v --path=/ifs/dir-1 --format=list Type: defalt-ser AppliesTo: DEFAULT Path: /ifs/dir-1 Snap: No Thresholds Hard : - Defalt qota type 293

294 SmartQotas Soft : - Adv : - Grace : - Usage Files : 0 With Overhead : 0.00b W/O Overhead : 0.00b Over: - Enforced: No Container: No Linked: Type: ser AppliesTo: root Path: /ifs/dir-1 Snap: No Thresholds Hard : - Soft : - Adv : - Grace : - Usage Files : 2 With Overhead : 3.50K W/O Overhead : 55.00b Over: - Enforced: No Container: No Linked: Yes Type: ser AppliesTo: admin Path: /ifs/dir-1 Snap: No Thresholds Hard : - Soft : - Adv : - Grace : - Usage Files : 1 With Overhead : 1.50K W/O Overhead : 0.00b Over: - Enforced: No Container: No Linked: Yes The enforcement on defalt-ser is copied to the specific-ser when the specific-ser allocates within the type, and the new inherited qota type is also a linked qota. Note Configration changes for linked qotas mst be made on the parent qota that the linked qota is inheriting from. Changes to the parent qota are propagated to all children. To override configration from the parent qota, yo mst nlink the qota first. Usage acconting and limits 294 OneFS 7.1 Web Administration Gide Storage qotas spport two sage types that yo can create to manage storage space. The sage types are acconting and enforcement limits. Yo can configre OneFS qotas by sage type to track or limit storage se. The acconting option, which monitors disk-storage se, is sefl for aditing, planning, and billing. Enforcement limits set storage limits for sers, grops, or directories.

295 SmartQotas Acconting The acconting option tracks bt does not limit disk-storage se. Using the acconting option for a qota, yo can monitor inode cont and physical and logical space resorces. Physical space refers to all of the space sed to store files and directories, inclding data and metadata in the domain. Logical space refers to the sm of all files sizes, exclding file metadata and sparse regions. User data storage is tracked sing logical-space calclations, which do not inclde protection overhead. As an example, by sing the acconting option, yo can do the following: Track the amont of disk space sed by varios sers or grops to bill each ser, grop, or directory for only the disk space sed. Review and analyze reports that help yo identify storage sage patterns and define storage policies. Plan for capacity and other storage needs. Enforcement limits Enforcement limits inclde all of the fnctionality of the acconting option, pls the ability to limit disk storage and send notifications. Using enforcement limits, yo can logically partition a clster to control or restrict how mch storage that a ser, grop, or directory can se. For example, yo can set hard- or soft-capacity limits to ensre that adeqate space is always available for key projects and critical applications and to ensre that sers of the clster do not exceed their allotted storage capacity. Optionally, yo can deliver real-time qota notifications to sers, grop managers, or administrators when they are approaching or have exceeded a qota limit. Note If a qota type ses the acconting-only option, enforcement limits cannot be sed for that qota. The actions of an administrator logged in as root may psh a domain over a qota threshold. For example, changing the protection level or taking a snapshot has the potential to exceed qota parameters. System actions sch as repairs also may psh a qota domain over the limit. The system provides three types of administrator-defined enforcement thresholds. Threshold Description type - - Hard Limits disk sage to a size that cannot be exceeded. If an operation, sch as a file write, cases a qota target to exceed a hard qota, the following events occr: the operation fails an alert is logged to the clster a notification is issed to specified recipients. Writes resme when the sage falls below the threshold. Soft Allows a limit with a grace period that can be exceeded ntil the grace period expires. When a soft qota is exceeded, an alert is logged to the clster and a notification is issed to specified recipients; however, data writes are permitted dring the grace period. Usage acconting and limits 295

296 SmartQotas Threshold Description type - - If the soft threshold is still exceeded when the grace period expires, data writes fail, and a hard-limit notification is issed to the recipients yo have specified. Writes resme when the sage falls below the threshold. Advisory An informational limit that can be exceeded. When an advisory qota threshold is exceeded, an alert is logged to the clster and a notification is issed to specified recipients. Advisory thresholds do not prevent data writes. Disk-sage calclations For each qota that yo configre, yo can specify whether data-protection overhead is inclded in ftre disk-sage calclations. Most qota configrations do not need to inclde overhead calclations. If yo do not inclde data-protection overhead in sage calclations for a qota, ftre disk-sage calclations for the qota inclde only the space that is reqired to store files and directories. Space that is reqired for the data-protection setting of the clster is not inclded. Consider the same example ser, who is now restricted by a 40 GB qota that does not inclde data-protection overhead in its disk-sage calclations. If yor clster is configred with a 2x data-protection level and the ser writes a 10 GB file to the clster, that file consmes 20 GB of space bt the 10GB for the data-protection overhead is not conted in the qota calclation. In this example, the ser has reached 25 percent of the 40 GB qota by writing a 10 GB file to the clster. This method of disk-sage calclation is recommended for most qota configrations. If yo inclde data-protection overhead in sage calclations for a qota, ftre disksage calclations for the qota inclde the total amont of space that is reqired to store files and directories, in addition to any space that is reqired to accommodate yor data-protection settings, sch as parity or mirroring. For example, consider a ser who is restricted by a 40 GB qota that incldes data-protection overhead in its disk-sage calclations. If yor clster is configred with a 2x data-protection level (mirrored) and the ser writes a 10 GB file to the clster, that file actally consmes 20 GB of space: 10 GB for the file and 10 GB for the data-protection overhead. In this example, the ser has reached 50 percent of the 40 GB qota by writing a 10 GB file to the clster. Note Cloned and dedplicated files are treated as ordinary files by qotas. If the qota incldes data protection overhead, the data protection overhead for shared data is not inclded in the sage calclation. Yo can configre qotas to inclde the space that is consmed by snapshots. A single path can have two qotas applied to it: one withot snapshot sage, which is the defalt, and one with snapshot sage. If yo inclde snapshots in the qota, more files are inclded in the calclation than are in the crrent directory. The actal disk sage is the sm of the crrent directory and any snapshots of that directory. Yo can see which snapshots are inclded in the calclation by examining the.snapshot directory for the qota path. 296 OneFS 7.1 Web Administration Gide

297 SmartQotas Note Only snapshots created after the QotaScan job finishes are inclded in the calclation. Qota notifications Qota notifications are generated for enforcement qotas, providing sers with information when a qota violation occrs. Reminders are sent periodically while the condition persists. Each notification rle defines the condition that is to be enforced and the action that is to be exected when the condition is tre. An enforcement qota can define mltiple notification rles. When thresholds are exceeded, atomatic notifications can be sent to specified sers, or yo can monitor notifications as system alerts or receive s for these events. Notifications can be configred globally, to apply to all qota domains, or be configred for specific qota domains. Enforcement qotas spport the following notification settings. A given qota can se only one of these settings. Limit notification settings Description - - Trn Off Notifications for this Disables all notifications for the qota. Qota Use Defalt Notification Rles Use Cstom Notification Rles Uses the global defalt notification for the specified type of qota. Enables the creation of advanced, cstom notifications that apply to the specific qota. Cstom notifications can be configred for any or all of the threshold types (hard, soft, or advisory) for the specified qota. Qota notification rles Yo can write qota notification rles to generate alerts that are triggered by event thresholds. When an event occrs, a notification is triggered according to yor notification rle. For example, yo can create a notification rle that sends an when a disk-space allocation threshold is exceeded by a grop. Yo can configre notification rles to trigger an action according to event thresholds (a notification condition). A rle can specify a schedle, sch as "every day at 1:00 AM," for execting an action or immediate notification of certain state transitions. When an event occrs, a notification trigger may execte one or more actions, sch as sending an or sending a clster alert to the interface. The following examples demonstrate the types of criteria that yo can se to configre notification rles. Notify when a threshold is exceeded; at most, once every 5 mintes Notify when allocation is denied; at most, once an hor Notify while over threshold, daily at 2 AM Notify while grace period expired weekly, on Sndays at 2 AM Notifications are triggered for events groped by the following categories: Qota notifications 297

298 SmartQotas Instant notifications Incldes the write-denied notification, triggered when a hard threshold denies a write, and the threshold-exceeded notification, triggered at the moment a hard, soft, or advisory threshold is exceeded. These are one-time notifications becase they represent a discrete event in time. Ongoing notifications Generated on a schedled basis to indicate a persisting condition, sch as a hard, soft, or advisory threshold being over a limit or a soft threshold's grace period being expired for a prolonged period. Qota reports The OneFS SmartQotas modle provides reporting options that enable administrators to manage clster resorces and analyze sage statistics. Storage qota reports provide a smmarized view of the past or present state of the qota domains. After raw reporting data is collected by OneFS, yo can prodce data smmaries by sing a set of filtering parameters and sort types. Storage-qota reports inclde information abot violators, groped by threshold types. Yo can generate reports from a historical data sample or from crrent data. In either case, the reports are views of sage data at a given time. OneFS does not provide reports on data aggregated over time, sch as trending reports, bt yo can se raw data to analyze trends. There is no configration limit on the nmber of reports other than the space needed to store them. OneFS provides three methods of data collection and reporting: Schedled reports are generated and saved on a reglar interval. Ad hoc reports are generated and saved at the reqest of the ser. Live reports are generated for immediate and temporary viewing. Schedled reports are placed by defalt in the /ifs/.isilon/smartqotas/ reports directory, bt the location is configrable to any directory nder /ifs. Each generated report incldes qota domain definition, state, sage, and global configration settings. By defalt, ten reports are kept at a time, and older reports are prged. Yo can create ad hoc reports at any time to view the crrent state of the storage qotas system. These live reports can be saved manally. Ad hoc reports are saved to a location that is separate from schedled reports to avoid skewing the timed-report sets. Creating qotas Yo can create two types of storage qotas to monitor data: acconting qotas and enforcement qotas. Storage qota limits and restrictions can apply to specific sers, grops, or directories. The type of qota that yo create depends on yor goal. Enforcement qotas monitor and limit disk sage. Yo can create enforcement qotas that se any combination of hard limits, soft limits, and advisory limits. Note Enforcement qotas are not recommended for snapshot-tracking qota domains. Acconting qotas monitor, bt do not limit, disk sage. 298 OneFS 7.1 Web Administration Gide

299 SmartQotas Note Create an acconting qota After yo create a new qota, it begins to report data almost immediately, bt the data is not valid ntil the QotaScan job completes. Before sing qota data for analysis or other prposes, verify that the QotaScan job has finished. Yo can create an acconting qota to monitor bt not limit disk sage. Optionally, yo can inclde snapshot data, data-protection overhead, or both in the acconting qota. Procedre 1. Click File System Management > SmartQotas > Qotas & Usage. 2. On the Storage Qotas & Usage page, click Create a storage qota. 3. From the Qota Type list, select the target for this qota: a directory, ser, or grop. 4. Depending on the target that yo selected, select the entity that yo want to apply the qota to. For example, if yo selected User from the Qota Type list, yo can target either all sers or a specific ser. 5. In the Directory path field, type the path and directory for the qota, or click Browse, and then select a directory. 6. Optional: In the Usage Acconting area, select the options that yo want. To inclde snapshot data in the acconting qota, select the Inclde Snapshot Data check box. To inclde the data-protection overhead in the acconting qota, select the Inclde Data-Protection Overhead check box. To inclde snapshot data in the acconting qota, select the Inclde Snapshot Data check box. 7. In the Usage Limits area, click No Usage Limit (Acconting Only). 8. Click Create Qota. After yo finish Create an enforcement qota After yo create a qota, it begins to report data almost immediately, bt the data is not valid ntil the QotaScan job completes. Before sing qota data for analysis or other prposes, verify that the QotaScan job has finished. Yo can create an enforcement qota to monitor and limit disk sage. Yo can create enforcement qotas that set hard, soft, and advisory limits. Procedre 1. Click File System Management > SmartQotas > Qotas & Usage. 2. On the Storage Qotas & Usage page, click Create a storage qota. 3. From the Qota Type list, select the target for this qota: a directory, ser, or grop. 4. Depending on the target that yo selected, select the entity that yo want to apply the qota to. For example, if yo selected User from the Qota Type list, yo can target all sers or a specific ser. Create an acconting qota 299

300 SmartQotas Managing qotas 5. In the Directory path field, type the path and directory for the qota, or click Browse, and then select a directory. 6. Optional: In the Usage Acconting area, click the Inclde Snapshot Data check box, the Inclde Data-Protection Overhead check box, or both to inclde them in the qota. 7. In the Usage Limits area, click Specify Usage Limits. 8. Click the check box next to the option for each type of limit that yo want to enforce. 9. Type nmerals in the fields and select from the lists the vales that yo want to se for the qota. 10.In the Limit Notations area, click the notification option that yo want to apply to the qota. 11.To generate an event notification, select the Create clster event check box. 12.Optional: If yo selected the option to se cstom notification rles, click the link to expand the cstom notification type that applies to the sage-limit selections. 13.Click Create Qota. After yo finish After yo create a qota, it begins to report data almost immediately bt the data is not valid ntil the QotaScan job completes. Before sing qota data for analysis or other prposes, verify that the QotaScan job has finished. Yo can modify the configred vales of a storage qota, and yo can enable or disable a qota. Yo can also create qota limits and restrictions that apply to specific sers, grops, or directories. Qota management in OneFS is simplified by the qota search featre, which helps yo to locate a qota or qotas by sing filters. Yo can nlink qotas that are associated with a parent qota, and configre cstom notifications for qotas. Yo can also disable a qota temporarily and then enable it when needed. Note Moving qota directories across qota domains is not spported. Search for qotas Yo can search for a qota sing a variety of search criteria. By defalt, all storage qotas and display options are listed on this page before yo apply report or search filters. If the Qotas & Storage section is collapsed, click Define qota display. Procedre 1. Click File System Management > SmartQotas > Qotas & Usage. 2. In the Qotas & Usage area, for Report Filters, select Search for specific qotas within this report. 3. In the Qota Type list, select the qota type that yo want to find. 4. If yo selected User Qota or Grop qota for a qota type, type a fll or partial ser or grop name in the User or Grop field. Yo can se the wildcard character (*) in the User or Grop field. 300 OneFS 7.1 Web Administration Gide

301 SmartQotas To search for only defalt sers, select the Only show defalt sers checkbox. To search for only defalt grops, select the Only show defalt grops check box. 5. In the Directory Path field, type a fll or partial path. Yo can se the wildcard character (*) in the Directory Path field. To search sbdirectories, select the Inclde sbdirectories check box. To search for only qotas that are in violations, select the Only show qotas for which sage limits are crrently in violation check box. 6. Optional: Click Update Display. Qotas that match the search criteria appear in the sections where qotas are listed. Reslts An acconting or enforcement qota with a threshold vale of zero is indicated by a dash ( ). Yo can click the colmn headings to sort the reslt set. Note To clear the reslt set and display all storage qotas, in the Qotas & Usage area, select Show all qotas and sage for this report for Report Filters, and then click Update Display. Manage qotas Qotas help yo monitor and analyze the crrent or historical se of disk storage. Yo can search for qotas, and yo can view, modify, delete, and nlink a qota. An initial QotaScan job mst rn for the defalt or schedled qotas, or the data displayed may be incomplete. Before yo modify a qota, consider how the changes will affect the file system and end sers. Note The options to edit or delete a qota appear only when the qota is not linked to a defalt qota. The option to nlink a qota is available only when the qota is linked to a defalt qota. Procedre 1. Click File System Management > SmartQotas > Qotas & Usage. 2. From the Qota Report options, select the type of qota report that yo want to view or manage. To monitor and analyze crrent disk storage se, click Show crrent qotas and sage (Live Report). To monitor and analyze historical disk storage se, click Show archived qota report to select from the list of archived schedled and manally generated qota reports. 3. For Report Filters, select the filters to be sed for this qota report. To view all information in the qota report, click Show all qotas and sage for this report. Manage qotas 301

302 SmartQotas To filter the qota report, click Search for specific qotas within this report, and then select the filters that yo want to apply. 4. Click Update Display. 5. Optional: Select a qota to view its settings or to perform the following management actions. To review or edit this qota, click View details. To delete this qota, click Delete. To nlink a linked qota, click Unlink. Note Configration changes for linked qotas mst be made on the parent (defalt) qota that the linked qota is inheriting from. Changes to the parent qota are propagated to all children. If yo want to override configration from the parent qota, yo mst first nlink the qota. Export a qota configration file Yo can export qota settings as a configration file, which can then be imported for rese to another Isilon clster. Yo can also store the exported qota configrations in a location otside of the clster. Yo can pipe the XML report to a file or directory. The file can then be imported to another clster. Procedre Import a qota configration file 1. Establish an SSH connection to any node in the clster. 2. At the command prompt, rn the following command: isi_classic qota list --export The qota configration file displays as raw XML. Yo can import qota settings in the form of a configration file that has been exported from another Isilon clster. Procedre 1. Establish an SSH connection to any node in the clster. 2. Navigate to the location of the exported qota configration file. 3. At the command prompt, rn the following command, where <filename> is the name of an exported configration file: isi_classic qota import --from-file=<filename> The system parses the file and imports the qota settings from the configration file. Qota settings that yo configred before importing the qota configration file are retained, and the imported qota settings are effective immediately. 302 OneFS 7.1 Web Administration Gide

303 SmartQotas Managing qota notifications Qota notifications can be enabled or disabled, modified, and deleted. By defalt, a global qota notification is already configred and applied to all qotas. Yo can contine to se the global qota notification settings, modify the global notification settings, or disable or set a cstom notification for a qota. Enforcement qotas spport for types of notifications and reminders: Threshold exceeded Over-qota reminder Grace period expired Write access denied If a directory service is sed to athenticate sers, yo can configre notification mappings that control how addresses are resolved when the clster sends a qota notification. If necessary, yo can remap the domain that is sed for qota notifications and yo can remap Active Directory domains, local UNIX domains, or both. Configre defalt qota notification settings Yo can configre defalt global qota notification settings that apply to all qotas of a specified threshold type. The cstom notification settings that yo configre for a qota take precedence over the defalt global notification settings. Procedre 1. Click File System Management > SmartQotas > Settings. 2. Optional: On the Qota Settings page, for Schedled Reporting, select On. 3. Click Change Schedle, and then select a report freqency from the list. 4. Select the reporting schedle options that yo want, and then click Select. 5. In the Schedled Report Archiving area, yo can configre the following size and directory options: To configre the nmber of live reports that yo want to archive, type the nmber of reports in the Limit archive size field. To specify an archive directory that is different from the defalt, in the Archive Directory field, type the path or click Browse to select the path. 6. In the Manal Report Archiving area, yo can configre the following size and directory options: To configre the nmber of live reports that yo want to archive, type the nmber of reports in the Limit archive size field. To specify an archive directory that is different from the defalt, in the Archive Directory field, type the path or click Browse to select the path. 7. In the Mapping Rles area, choose each mapping rle that yo want to se by selecting the check box in the Provider Type colmn. 8. In the Notification Rles area, define defalt notification rles for each rle type. To expand the list of limit notifications rles types, click Defalt Notifications Settings. Managing qota notifications 303

304 SmartQotas To display defalt settings options for advisory-limit notification rles, click Advisory Limit Notification Rles. To set the advisory-limit options that yo want, click Event: Advisory Limit Vale Exceeded and Event: While Advisory Limit Remains Exceeded. To display defalt settings for soft-limit notifications, click Soft Limit Notification Rles. To set the soft-limit options that yo want, click Event: Soft Limit Vale Exceeded, Event: While Soft Limit Remains Exceeded, Event: Soft Limit Grace Period Expired, and Event: Soft Limit Write Access Denied. To display the options for a hard-limit notification rle, click Hard Limit Notification Rles. To set the hard-limit options that yo want, click Event: Hard Limit Write Access Denied and Event: While Hard Limit Remains Exceeded. 9. Click Save. After yo finish After yo create a new qota, it begins to report data almost immediately, bt the data is not valid ntil the QotaScan job completes. Before sing qota data for analysis or other prposes, verify that the QotaScan job has finished. Configre cstom qota notification rles Yo can configre cstom qota notification rles that apply only to a specified qota. Before yo begin To configre a cstom notification rle, an enforcement qota mst exist or be in the process of being created. To configre notifications for an existing enforcement qota, follow the procedre to modify a qota and then se these steps from the Qota Details pane of the specific qota. Qota-specific cstom notification rles mst be configred for that qota. If notification rles are not configred for a qota, the defalt event notification configration is sed. For more information abot configring defalt notification rles, see Create an event notification rle. Procedre 1. In the Limit Notifications area, click Use Cstom Notification Rles. The links display for the rles options that are available for the type of notification that yo have selected for this qota. 2. Click the View details, and then click Edit limit notifications. 3. Click the link for the limit notification type that yo want to configre for this qota. From the list, select the target for this qota: a directory, ser, or grop. The Limit Notification Rles options display for the selection type. 4. Select or type the vales to configre the cstom notification rle for this qota. 5. Click Create qota when yo have completed configring the settings for this notification rle. Reslts The qota appears in the Qotas & Usage list. 304 OneFS 7.1 Web Administration Gide

305 SmartQotas After yo finish Map an notification rle for a qota After yo create a new qota, it begins to report data almost immediately, bt the data is not valid ntil the QotaScan job completes. Before sing qota data for analysis or other prposes, verify that the QotaScan job has finished. notification mapping rles control how addresses are resolved when the clster sends a qota notification. If necessary, yo can remap the domain sed for SmartQotas notifications. Yo can remap Active Directory Windows domains, local UNIX domains, or NIS domains. Note Yo mst be logged in to the web administration interface to perform this task. Procedre 1. Click File System Management > SmartQotas > Settings. 2. Optional: In the Mapping area, click Create an mapping rle. 3. From the Provider Type list, select the provider type for this notification rle. 4. From the Crrent Domain list, select the domain that yo want to se for the mapping rle. 5. In the Map-to-Domain field, type the name of the domain that yo want to map notifications to. Repeat this step if yo want to map more than one domain. 6. Click Save Rle. Configre a cstom qota notification template If notifications are enabled, yo can configre cstom templates for notifications. If the defalt notification templates do not meet yor needs, yo can configre yor own cstom notification templates sing a combination of text and SmartQotas variables. Procedre 1. Open a text editor and create a.txt file that incldes any combination of text and OneFS notification variables. 2. Save the template file as ASCII text or in ISO format. 3. Upload the file to an appropriate directory on the Isilon clster. For example, /ifs/templates. Example 1 Example of a cstom qota notification text file The following example illstrates a cstom template to notify recipients abot an exceeded qota. Text-file contents with variables The disk qota on directory <ISI_QUOTA_PATH> owned by <ISI_QUOTA_OWNER> was exceeded. The <ISI_QUOTA_TYPE> qota limit is <ISI_QUOTA_THRESHOLD>, and <ISI_QUOTA_USAGE> is in se. Please free some disk space Map an notification rle for a qota 305

306 SmartQotas Example 1 Example of a cstom qota notification text file (contined) by deleting nnecessary files. For more information, contact Jane Anderson in IT. contents with resolved variables The disk qota on directory /ifs/data/sales_tools/collateral owned by jsmith was exceeded. The hard qota limit is 10 GB, and 11 GB is in se. Please free some disk space by deleting nnecessary files. For more information, contact Jane Anderson in IT. After yo finish Managing qota reports Create a qota report schedle To se the cstom template, click Clster Managements > General Settings > Settings, and select the cstom template in the Event Notification Settings area. Yo can configre and schedle reports to help yo monitor, track, and analyze storage se on an Isilon clster. Yo can view and schedle reports and cstomize report settings to track, monitor, and analyze disk storage se. Qota reports are managed by configring settings that give yo control over when reports are schedled, how they are generated, where and how many are stored, and how they are viewed. The maximm nmber of schedled reports that are available for viewing in the web-administration interface can be configred for each report type. When the maximm nmber of reports are stored, the system deletes the oldest reports to make space for new reports as they are generated. Yo can configre qota report settings to generate the qota report on a specified schedle. These settings determine whether and when schedled reports are generated, and where and how the reports are stored. If yo disable a schedled report, yo can still rn nschedled reports at any time. Procedre 1. Click File System Management > SmartQotas > Settings. 2. Optional: On the Qota settings page, for Schedled Reporting, click On. The Report Freqency option appears. 3. Click Change schedle, and select the report freqency that yo want to set from the list. 4. Select the reporting schedle options that yo want. 5. Click Save. Reslts Reports are generated according to yor criteria and can be viewed in the Generated Reports Archive. 306 OneFS 7.1 Web Administration Gide

307 SmartQotas Generate a qota report Locate a qota report In addition to schedled qota reports, yo can generate a report to captre sage statistics at a point in time. Before yo begin Qotas mst exist and the initial QotaScan job mst rn before yo can generate a qota report. Procedre 1. Click File System Management > SmartQotas > Generated Reports Archive. 2. In the Generated Qota Reports Archive area, click Generate a qota report. 3. Click Generate Report. Reslts The new report appears in the Qota Reports list. Yo can locate qota reports, which are stored as XML files, and se yor own tools and transforms to view them. Procedre 1. Establish an SSH connection to any node in the clster. 2. Navigate to the directory where qota reports are stored. The following path is the defalt qota report location: /ifs/.isilon/smartqotas/reports If qota reports are not in the defalt directory, yo can rn the isi qota settings command to find the directory where they are stored. 3. At the command prompt, rn one of the following commands: Options To view a list of all qota reports in the specified directory To view a specific qota report in the specified directory Description Rn the following command: ls -a *.xml Rn the following command: ls <filename>.xml Basic qota settings When yo create a storage qota, the following attribtes mst be defined, at a minimm. When yo specify sage limits, additional options are available for defining yor qota. Option Description - - Directory Path The directory that the qota is on. Generate a qota report 307

308 SmartQotas Option Description - - User Qota Select to atomatically create a qota for every crrent or ftre ser that stores data in the specified directory. Grop Qota Inclde Snapshot Data Inclde Data-Protection Overhead No Usage Limit Specify Usage Limits Select to atomatically create a qota for every crrent or ftre grop that stores data in the specified directory. Select to cont all snapshot data in sage limits; cannot be changed after the qota is created. Select to cont protection overhead in sage limits. Select to accont for sage only. Select to enforce advisory, soft, or absolte limits. Advisory limit qota notification rles settings Yo can configre cstom qota notification rles for advisory limits for a qota. These settings are available when yo select the option to se cstom notification rles. Option Description Exceeded Remains exceeded Send Specify the type of to se. Yes Yes Notify owner Select to send an notification to the owner of the entity. Yes Yes Notify another Select to send an notification to another recipient and type the recipient's address. Yes Yes Message template Select from the following template types for se in formatting notifications: Yes Yes Defalt (leave Message Template field blank to se defalt) Cstom Create clster event Select to generate an event notification for the qota when exceeded. Yes Yes Delay Specify the length of time (hors, days, weeks) to delay before generating a notification. Yes No Freqency Specify the notification and alert freqency: daily, weekly, monthly, yearly; depending on selection, specify intervals, day to send, time of day, mltiple s per rle. No Yes 308 OneFS 7.1 Web Administration Gide

309 SmartQotas Soft limit qota notification rles settings Yo can configre cstom soft limit notification rles for a qota. These settings are available when yo select the option to se cstom notification rles. Option Description Exceeded Remains exceeded Grace period expired Send Specify the recipient of the notification. Yes Yes Yes Yes Write access denied Notify owner Notify another Message template Create clster event Delay Freqency Select to send an notification to the owner of the entity. Select to send an notification to another recipient and type the recipient's address. Select from the following template types for se in formatting notifications: Defalt (leave Message Template field blank to se defalt) Cstom Select to generate an event notification for the qota. Specify the length of time (hors, days, weeks) to delay before generating a notification. Specify the notification and alert freqency: daily, weekly, monthly, yearly; depending on selection, specify intervals, day to send, time of day, mltiple s per rle. Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No No Yes No Yes Yes No Hard limit qota notification rles settings Yo can configre cstom qota notification rles for hard limits for a qota. These settings are available when yo select the option to se cstom notification rles. Option Description Write access Exceeded denied Send Specify the recipient of the notification. Yes Yes Notify owner Select to send an notification to the owner of the entity. Yes Yes Notify another Select to send an notification to another recipient and type the recipient's address. Yes Yes Message template Select from the following template types for se in formatting notifications: Yes Yes Defalt (leave Message Template field blank to se defalt) Soft limit qota notification rles settings 309

310 SmartQotas Option Description Write access Exceeded denied Cstom Create clster event Select to generate an event notification for the qota when exceeded. Yes Yes Delay Specify the length of time (hors, days, weeks) to delay before generating a notification. Yes No Freqency Specify the notification and alert freqency: daily, weekly, monthly, yearly; depending on selection, specify intervals, day to send, time of day, mltiple s per rle. No Yes Limit notification settings Yo have three notification options when yo create an enforcement qota: se defalt notification rles, trn off notifications, or se cstom notification rles. Enforcement qotas spport the following notification settings for each threshold type. A qota can se only one of these settings. Notification setting Description - - Use Defalt Notification Rles Uses the defalt notification rles that yo configred for the specified threshold type. Trn Off Notifications for this Qota Use Cstom Notification Rles Disables all notifications for the qota. Provides settings to create basic cstom notifications that apply to only this qota. Qota report settings Yo can configre qota report settings that track disk sage. These settings determine whether and when schedled reports are generated, and where and how reports are stored. When the maximm nmber of reports are stored, the system deletes the oldest reports to make space for new reports as they are generated. Setting Description - - Schedled Enables or disables the schedled reporting featre. reporting Off. Manally generated on-demand reports can be rn at any time. On. Reports rn atomatically according to the schedle that yo specify. Report freqency Specifies the interval for this report to rn: daily, weekly, monthly, or yearly. Yo can se the following options to frther refine the report schedle. Generate report every. Specify the nmeric vale for the selected report freqency; for example, every 2 months. Generate reports on. Select the day or mltiple days to generate reports. Select report day by. Specify date or day of the week to generate the report. 310 OneFS 7.1 Web Administration Gide

311 SmartQotas Setting Description - - Generate one report per specified by. Set the time of day to generate this report. Schedled report archiving Generate mltiple reports per specified day. Set the intervals and times of day to generate the report for that day. Determines the maximm nmber of schedled reports that are available for viewing on the SmartQotas Reports page. Limit archive size for schedled reports to a specified nmber of reports. Type the integer to specify the maximm nmber of reports to keep. Archive Directory. Browse to the directory where yo want to store qota reports for archiving. Manal report archiving Determines the maximm nmber of manally generated (on-demand) reports that are available for viewing on the SmartQotas Reports page. Limit archive size for live reports to a specified nmber of reports. Type the integer to specify the maximm nmber of reports to keep. Archive Directory. Browse to the directory where yo want to store qota reports for archiving. Cstom notification template variable descriptions If the defalt OneFS notification templates do not meet yor needs, yo can configre and pload yor own cstom templates for SmartQotas notifications. An template can contain text and, optionally, variables that represent vales. Yo can se any of the SmartQotas variables in yor templates. Template files mst be saved as a.txt file. Variable Description Example ISI_QUOTA_PATH Path of qota domain /ifs/data ISI_QUOTA_THRESHOLD Threshold vale 20 GB ISI_QUOTA_USAGE Disk space in se 10.5 GB ISI_QUOTA_OWNER Name of qota domain owner jsmith ISI_QUOTA_TYPE Threshold type Advisory ISI_QUOTA_GRACE Grace period, in days 5 days ISI_QUOTA_EXPIRATION Expiration date of grace period Fri Feb 23 14:23:19 PST 2007 ISI_QUOTA_NODE Hostname of the node on which the qota event occrred somehost-prod-wf-1 Cstom notification template variable descriptions 311

312

313 CHAPTER 18 Storage Pools This section contains the following topics: Storage pools overview Abot storage pools Atoprovisioning Virtal hot spare Spillover Node pools SSD pools Tiers File pools File pool policies Managing node pools Managing tiers Creating file pool policies Managing file pool policies Monitoring storage pools Storage Pools 313

314 Storage Pools Storage pools overview Storage pools allows yo to organize clster resorces as logical grops (called node pools and tiers), and to create policies that store or move files among these grops atomatically, based on criteria yo specify. Node pools are sets of like nodes that are groped into a single pool of storage. Node pool membership changes atomatically throgh the addition or removal of nodes to or from the clster. Storage pools are node pools and ser-defined tiers. File pools are logical sets of files that are defined by the ser, sch as all JPG files, all files nder the directory /ifs/data/ingest, or all files created more than a month ago. Data storage in storage pools is defined by file pool policies. File pool policies identify logical grops of files, and the actions to perform on them. For example, one policy can store all files of a specific type and age in a specific node pool. Another can move all files in a specific path, that have been changed after a specific date, to a specific tier. If a SmartPools license is not active, all files belong to the defalt file pool and are governed by the defalt file pool policy. Additional featres are available when yo activate the SmartPools license, sch as the ability to create mltiple file pools and file pool policies that store specified files and directories in a particlar storage pool. Spillover management, another featre that is available when yo activate a SmartPools license, lets yo define how write operations are handled when a storage pool is not writable. Virtal hot spare allocation, which reserves space for data repair if a drive fails, is available regardless of whether a SmartPools license is active. The following table compares storage pool featres based on whether a SmartPools license is active. Featre Inactive Active Atomatic storage pool provisioning Yes Yes Directed spillover No Yes Policy-based data movement No Yes Virtal hot spare Yes Yes Abot storage pools OneFS provides storage pools to simplify the management and storage of data. Node pools and tiers are types of storage pools. Storage pools are the gropings of physical devices where OneFS stores yor data. File pools are logical gropings of files that yo define. Node pools are sets of physical nodes that are groped by eqivalence class to optimize reliability and reqested data protection settings. OneFS creates node pools atomatically when the system is installed and whenever nodes are added or removed. The atomatic creation of node pools is referred to as ato-provisioning. Tiers are collections of node pools that yo grop to optimize storage according to need, sch as a mission-critical high-speed tier that is best sited to data archiving. File pool policies specify operations on files in the file pool. For example, yo can create a file pool policy for a file extension that reqires high availability, and then direct those files to a storage pool that provides the fastest reads or read/writes. And yo can create 314 OneFS 7.1 Web Administration Gide

315 Storage Pools another file pool policy to evalate the last accessed date, allowing yo to target storage pools best sited for archiving for historical or reglatory prposes. When yo install OneFS, the system creates one file pool for the Isilon clster. This defalt file pool contains all the files in the clster and is governed by a defalt file pool policy. The defalt file pool policy operations apply to all files not governed by a higherpriority file pool policy. If yo activate a SmartPools license, yo can create mltiple file pools. OneFS incldes the following basic featres. Defalt file pool A single set of files of all types that is governed by the defalt file pool policy. Node pools Grops of eqivalence-class nodes that are associated in a single pool of storage. Tiers Grops of node pools sed to optimize data storage according to yor storage needs. Activating a SmartPools license adds the following featres. File pools Logical sets of files that yo define by characteristics sch as file type, directory, or age. File pool policies Rles-based filtering and operations that yo configre to store data in specified storage pools. By creating file-filtering rles sch as file size, type, access time, and location to configre a file pool policy, yo can configre reqested protection and I/O optimization settings and atomate data storage according to yor needs. If yo activate a SmartPools license, yo can create cstomizable file pool templates that are optimized for archiving, extra protection, performance, and VMware files. Storage pool spillover Atomated node-capacity overflow management. Spillover defines how to handle write operations when a storage pool is not writable. When spillover is enabled, data is redirected to a specified storage pool. If spillover is disabled, new data writes fail and an error message appears. Note If a SmartPools license has not been activated, files are stored on any available node pools across the clster. Atoprovisioning Atoprovisioning is the process of atomatically assigning storage by node type to improve the performance and reliability of the file storage system. When yo configre a clster, OneFS atomatically assigns nodes to node pools in yor clster. This node assignment is called atoprovisioning. Atoprovisioning redces the time reqired for the manal management tasks associated with configring storage pools and resorce planning. Atoprovisioning 315

316 Storage Pools Note Nodes are not provisioned, meaning they are not associated with each other and not writable, ntil at least three nodes of an eqivalence class are added to the clster. If yo have added only two nodes of an eqivalence class to yor clster, no data is stored on the nodes ntil yo add a third node of the same eqivalence-class. If yo remove nodes from a provisioned clster so that fewer than three eqivalenceclass nodes remain, the pool is nderprovisioned. In this sitation, when two like nodes remain, they are still writable; if only one node remains, it is not writable bt it remains readable. Virtal hot spare Virtal hot spare allocation settings allow yo to allocate space to se to repair data in the event a drive fails. Virtal hot spare reserves the free space needed to rebild the data if a disk fails. For example, if yo specify two virtal drives and 15 percent, each node pool reserves virtal drive space that is eqivalent to two drives or 15 percent of their total capacity (which ever is larger) to rebild a failed drive. Yo can reserve space in node pools across the clster for this prpose, p to the eqivalent of a maximm of for fll drives. Yo define virtal hot spare allocation sing these options: A minimm nmber of virtal drives in the node pool (1-4). A minimm percentage of total disk space (0-20 percent). A combination of minimm virtal drives and total disk space. Note The larger nmber of the two factors (minimm nmber of virtal drives or percentage of total disk space), rather than their sm, determines the space allocated for virtal hot spare. It is important to nderstand the following information when configring VHS settings: If yo configre both settings, the enforced minimm vale satisfies both reqirements. If yo select the option to redce the amont of available space, free-space calclations do not inclde the space reserved for the virtal hot spare. The reserved virtal hot spare free space is sed for write operations nless yo select the option to deny new data writes. If Redce amont of available space is enabled while Deny new data writes is disabled, it is possible for the file system to report tilization as more than 100 percent. Note Virtal hot spare reservations affect spillover. If the virtal hot spare option Deny writes is enabled bt Redce amont of available space is disabled, spillover occrs before the file system reports 100% tilization. Spillover If yo activate a SmartPools license, yo can designate a storage pool to receive spill data when the hardware specified by a file pool policy is not writable. If yo do not want 316 OneFS 7.1 Web Administration Gide

317 Storage Pools data to spill over from a different location becase the specified node pool or tier is fll or not writable, yo can disable this featre. Spillover management is available after yo activate a SmartPools license. Yo can direct write operations to a specified storage pool in the clster when there is not enogh space to write a file according to the storage pool policy. Note Virtal hot spare reservations affect spillover. If the setting Deny writes is enabled bt Dedce amont of available space is disabled, spillover occrs before the file system reports 100% tilization. Node pools A node pool is a groping of eqivalence-class nodes. As yo add nodes to the OneFS clster, OneFS atomatically place them into pools. This is referred to as atoprovisioning. Each node in the OneFS clster is a peer, and any node can handle a data reqest. Yo can apply file pool policies to move files to specific node pools or tiers that have different performance and capacity characteristics. Each node added to a clster increases the clster's aggregate disk, cache, CPU, and network capacity. OneFS atomatically adds nodes to specific node pools based on matching characteristics sch as drive size, RAM, series, and SSD-node ratio. Nodes with similar characteristics are called eqivalenceclass nodes. Note Manal node pool management If yo attempt to remove nodes from either a manally managed or atomatically managed node pool so that the removal leaves only one or two nodes in the pool, the removal fails. Yo can, however, move all nodes from an atomatically managed node pool into one that is manally managed. When yo remove a node from a manally managed node pool, OneFS atoprovisions the node into a node pool of the same eqivalence class. Yo can manally provision nodes from an existing node pool into a node pool that yo define. If the node pools atoprovisioned by OneFS do not meet yor needs, yo can create node pools manally by moving nodes into a pool that yo specify and configre. This enables yo to se SmartPools to store data on specific nodes according to yor prposes. CAUTION Manally managed node pools may not provide the same performance and efficiency as atomatically managed node pools, particlarly if yor changes reslt in fewer than 20 nodes in the manally managed node pool. For this reason, it is best to allow OneFS to atoprovision nodes nless yo have an advanced nderstanding of how the SmartPools featre works. Node pools 317

318 Storage Pools SSD pools OneFS clsters can contain both HDDs and SSDs. When OneFS atoprovisions nodes, it places nodes with SSDs into eqivalence-class node pools. The SSD strategy defined in the defalt file pool determines how SSD nodes are sed within the clster. Clsters that inclde both hard-disk drives (HDDs) and solid-state drives (SSDs) are optimized by yor SSD strategy options to increase performance across a wide range of workflows. Yo can configre file pool policies to apply specific SSD strategies as needed. When yo select SSD options dring the creation of a file pool policy, yo can identify the directories and files in the OneFS clster that reqire faster or slower performance. When the file pool policy rns, OneFS atomatically moves that data to the appropriate storage pool and drive type. Global namespace acceleration (GNA) allows data stored on node pools withot SSDs to se SSDs elsewhere in the clster to store extra metadata mirrors. Extra metadata mirrors accelerate metadata read operations. Yo can only enable GNA if 20% or more of the nodes in the clster contain at least one SSD and 1.5% or more of the total clster storage is SSD-based. For best reslts, ensre that at least 2.0% of the total clster storage is SSD-based before enabling global namespace acceleration. Note GNA reqires a minimm of 20% of accessible clster nodes to have SSD drives. If the ratio of SSD to non-ssd nodes falls below this threshold, GNA is not active even if enabled. GNA is reactivated when the ratio is corrected. When GNA is inactive, existing SSD mirrors are readable bt newly written metadata does not inclde the extra SSD mirror. The following SSD strategy options are listed in order of slowest to fastest choices: Avoid SSDs Writes all associated file data and metadata to HDDs only. CAUTION Use this option to free SSD space only after conslting with Isilon Technical Spport personnel. Using this strategy may negatively affect performance. Metadata read acceleration Writes both file data and metadata to HDDs. This is the defalt setting. An extra mirror of the file metadata is written to SSDs, if available. The SSD mirror is in addition to the nmber reqired to satisfy the reqested protection. Enabling GNA makes read acceleration available to files in node pools that do not contain SSDs. GNA is only for metadata and extra mirrors. Metadata read/write acceleration Writes file data to HDDs and metadata to SSDs, when available. This strategy accelerates metadata writes in addition to reads bt reqires abot for to five times more SSD storage than the Metadata read acceleration setting. Enabling GNA does not affect read/write acceleration. 318 OneFS 7.1 Web Administration Gide

319 Storage Pools Data on SSDs Uses SSD node pools for both data and metadata, regardless of whether global namespace acceleration is enabled. This SSD strategy does not reslt in the creation of additional mirrors beyond the normal reqested protection bt reqires significantly increased storage reqirements compared with the other SSD strategy options. Tiers File pools A tier is a ser-defined collection of node pools that yo can specify as a storage pool for files. A node pool can belong to only one tier. Yo can create tiers to assign yor data to any of the node pools in the tier. For example, yo can assign a collection of node pools to a tier specifically created to store data that reqires high availability and fast access. In a three-tier system, this classification may be Tier 1. Yo can classify data that is sed less freqently or that is accessed by fewer sers as Tier-2 data. Tier 3 sally comprises data that is seldom sed and can be archived for historical or reglatory prposes. File pools are sets of files that yo define to apply policy-based control of the storage characteristics of yor data. The initial installation of OneFS places all files in the clster into a single file pool, which is sbject to the defalt file pool policy. SmartPools enables yo to define additional file pools, and create policies that move files in these pools to specific node pools and tiers. File pool policies match specific file characteristics (sch as file size, type, date of last access or a combination of these and other factors), and define specific storage operations for files that match them. The following examples demonstrate a few ways yo can configre file pool policies: Yo can create a file pool policy for a specific file extension that reqires high availability. Yo can configre a file pool policy to store that type of data in a storage pool that provides the fastest reads or read/writes. Yo can create another file pool policy to evalate last accessed date, allowing yo to store older files in storage pool best sited for archiving for historical or reglatory prposes. File pool policies File pool policies define file storage among storage pools, optimization for file access patterns, and reqested file protection settings. SmartPools agments the basic OneFS storage pool featres to give yo the ability to create mltiple file pools, so yo can store files in specific node pools or tiers based on criteria yo define. Yo configre file pool policies with filtering rles and operations that are both systemand ser-defined. Yo can then set reqested protection settings and I/O optimization settings for files types that yo specify. Yo can inclde mltiple criteria in a file pool policy, inclding time-based filters for the date that a file was last accessed, modified, or created. Yo can also define a relative elapsed time instead of a date, sch as three days before the crrent date. The nlicensed OneFS SmartPools technology allows yo to configre the defalt file pool policy for managing the node pools that are created when the clster is atoprovisioned. Tiers 319

320 Storage Pools Managing node pools Add or move node pools in a tier The defalt file pool contains all files and is stored in any node pool. Defalt file pool operations are defined by settings of the defalt file pool policy. Yo cannot reorder or remove the defalt file pool policy. The settings in the defalt file pool policy apply to all files that are not covered by another file pool policy. For example, data that is not covered by a file pool policy can be moved to a tier that yo identify as a defalt for this prpose. All file pool policy operations are exected when the SmartPools job rns. When new files are created, OneFS temporarily chooses a storage pool policy, sing a mechanism based on file pool policies sed when the last SmartPools job ran. The system may apply new storage settings and move these files again when the next SmartPools job rns, based on a matching file pool policy. Yo can add nodes to a tier or change the reqested protection for a node pool. Yo can grop node pools into tiers and move node pools among tiers. Procedre 1. Click File System Management > SmartPools > Smmary. The SmartPools page appears and displays two gropings: the crrent capacity sage and a list of tiers and node pools. 2. In the Tiers & Node Pools area, select and drag a node pool to the tier name to add it to the tier. To add a node pool that is crrently in another tier, expand that tier and drag and drop the node pool to the target tier name. To remove a node pool from a tier, drag and drop the node pool to the clster icon. 3. Contine dragging and dropping node pools ntil yo complete the tier. Each node that yo added to the tier appears nder the tier name when it is in an expanded state. Change the name or reqested protection of a node pool Yo can change the name or the reqested protection of a node pool. Procedre 1. Click File System Management > SmartPools > Smmary. 2. In the Tiers & Node Pools section, in the row of the node pool that yo want to modify, click Edit. A dialog box appears. 3. Enter a name for the node pool, select the reqested protection from the list, or do both. A node pool name can contain alphanmeric characters and nderscores bt cannot begin with a nmber. 4. Click Sbmit. 320 OneFS 7.1 Web Administration Gide

321 Storage Pools Managing tiers Create a tier Rename a tier Delete a tier Yo can grop node pools into tiers and move node pools among tiers to most efficiently se resorces or for other clster management prposes. Yo can grop node pools into a tier that yo can specify as a storage pool for files. Procedre 1. Click File System Management > SmartPools > Smmary. The SmartPools page appears and displays two gropings: the crrent capacity sage and a list of tiers and node pools. 2. In the Tiers & Node Pools section, click Create a Tier. 3. In the dialog box that displays, enter a name for the tier, and click Sbmit. The tier appears in the list of tiers and node pools. 4. Select and drag a node pool to the tier name to add it to the tier. Contine dragging and dropping node pools ntil yo complete the tiered grop. Each node pool that yo added to the tier appears nder the tier name when it is in an expanded state. Yo can modify the name of a tier. A tier name can contain alphanmeric characters and nderscores bt cannot begin with a nmber. Procedre 1. Click File System Management > SmartPools > Smmary. The SmartPools page appears and displays two gropings: the crrent capacity sage and a list of tiers and node pools. 2. In the Tiers & Node Pools area, in the row of the tier yo want to rename, click Edit. 3. In the dialog box that displays, type a name for this tier and click Sbmit. The newly named tier appears in the list of tiers and node pools. When yo delete a tier, the nodes it contains become top-level storage pools. Procedre 1. Click File System Management > SmartPools > Smmary. The SmartPools page appears and displays two gropings: crrent capacity sage and a list of tiers and node pools. 2. In the Tiers & Node Pools area, in the row of the tier that yo want to delete, click Delete. 3. In the confirmation dialog box that displays, click Yes to confirm the deletion. Managing tiers 321

322 Storage Pools Reslts Creating file pool policies 322 OneFS 7.1 Web Administration Gide The tier is removed from the list of tiers and node pools. Yo configre file pool policies to identify logical grops of files, and specify storage operations for them. Yo mst activate a SmartPools license before yo can create file pool policies. File pool policies have two parts: the criteria that define a logical grop of files, and the operations the policy applies to them. File pool policies spport detailed definition of file pools. Yo can define file pools based on file characteristics, sch as file type, size, path and time of last access. Yo can combine these criteria with boolean AND and OR operators. Operations to apply to these grops inclde reqested protection and I/O optimization. For example, yo can create one file pool policy that identifies all JPG files in a certain path, that are larger than 2MB AND were last accessed one month ago, and moves them to a specific node pool. Another policy might take all files that match a specific matching pattern (all files ending in.xls, for example), that exist in a specific directory, and that were accessed in the last week and move them to a pool with SSD nodes. File pool policies make it possible to policies that perform these and other operations, qickly and easily. As many as for file pool policies can apply to a file (one per operation) if the stop processing option is not selected. For file pool policy operations are available: Set the data/snapshot storage target (inclding SSD strategy). Set the SmartCache to enabled/disabled. Set the reqested protection. Set the data access pattern. Yo can configre each of these settings for a file in for separate file pool policies, inclde them all in one file pool policy, or se a combination of the two. When the SmartPools job rns, it applies file pool policies in the order of the display. When a file type matches the criteria defined in the filter settings, the operations are applied. After the list is traversed, if any of the for operations are not applied to a file type, the operations defined in the defalt file pool policy then apply to those files. In this way, the defalt file pool policy ensres that all for operations apply to each file, even if an operation is missing from a ser-defined file pool policy. If a file belongs to mltiple file pools with operations specifying the same setting, only the operation of the file pool policy with the higher priority applies. Consider the following example: File pool policy 1 targets the X storage pool for all JPG files, and file pool policy 2 targets the NL storage pool for all files created more than month ago. Sometimes files match the criteria in both file pool policies, so those files are stored in the X storage pool becase that file pool policy is higher in the list. If a file type matches mltiple file pool policies, sbseqent file pool policies in the list are not evalated. If one file pool policy operation sets the data storage target of JPG files to a nearline node pool and a sbseqent file pool policy operation sets the data access pattern to random for all files smaller than 2 MB, then all JPG files smaller than 2 MB are moved to nearline storage, bt their data access pattern is set to random only if the Stop processing option is not selected in the first file pool policy. If that option is selected, the data access pattern for JPG files smaller than 2MB is set according to the operation defined in the defalt file pool policy. OneFS provides cstomizable template policies that archive older files, increase the reqested protection for specified files, send files that are saved to a particlar path to a higher-performance storage pool, and change the data access pattern for VMWare files.

323 Storage Pools Yo also can copy any file pool policy except the defalt file pool policy, and modify the settings to meet yor needs. Note Yo can reorder the file pool policy list at any time, bt the defalt file pool policy is always last in the list of file pool policies. Add a file pool policy Yo can configre a file pool policy to filter files according to criteria that yo specify, inclding reqested protection and I/O optimization settings. Zero or more operations can be defined per policy. CAUTION If existing file pool policies direct data to a specific storage pool, do not configre other file pool policies that match this data with anywhere for the Data storage target option. Becase the specified storage pool is inclded when yo se anywhere, target specific storage pools to avoid nintentional file storage locations. Procedre 1. Click File System Management > SmartPools > File Pool Policies. The SmartPools page appears and displays three gropings: a list of file pool policies, a list of template policies, and latest scan job reslts. 2. On the SmartPools page, click Add a file pool policy. 3. In the Basic Settings area, type a policy name and a description for this file pool policy. 4. In the Filter Settings areas, click Add criteria. 5. In the Configre File Matching Criteria window, configre file matching criteria and click Add. 6. Optional: Select or clear the Stop processing more rles for files matching this filter check box. Note If the stop processing option is selected, only the first matching policy in the list will be applied if mltiple file pool policies are configred for this entity. 7. In the Protections Settings area, choose and configre the target and reqested protection. 8. In the I/O Optimization Settings area, choose the options that yo want this file pool policy to apply. 9. Click Sbmit. The Storage Pools page appears and the file pool policy that yo created is displayed in the list. Reslts The file pool policy is not applied ntil the next schedled SmartPools job rns. To rn the job immediately, click Start SmartPools Job. Add a file pool policy 323

324 Storage Pools File pool file-matching options Yo can configre a file pool policy for files that meet specific criteria. The following options can be selected in File System Management > SmartPools > File Pool Policies > Filter Settings. Note OneFS spports UNIX shell-style (glob) pattern matching for file name attribtes and paths. For information abot the characters that can be selected for pattern matching, see Valid wildcard characters. The following table lists the file attribtes that yo can se to define a file pool policy. File attribte Specifies - - File name Incldes or excldes files based on the file name. Yo can specify whether to inclde or exclde fll or partial names that contain specific text. Wildcard characters are allowed. Location (Path) File type Incldes or excldes files based on the file path. Yo can specify whether to inclde or exclde fll or partial paths that contain specified text. Yo can also inclde the wildcard characters *,?, and [ ]. Incldes or excldes files based on one of the following filesystem object types: Reglar file Directory Other File size Incldes or excldes files based on their size. Note File sizes are represented in mltiples of 1024, not Modified time (mtime) Create time (birthtime) Metadata change time (ctime) Incldes or excldes files based on when the file was last modified. Yo can specify a relative date and time, sch as "older than 2 weeks," or a specific date and time, sch as "before Janary 1, 2012." Time settings are based on a 24-hor clock. Incldes or excldes files based on when the file was created. Yo can specify a relative date and time, sch as "older than 2 weeks," or a specific date and time, sch as "before Janary 1, 2012." Time settings are based on a 24-hor clock. Incldes or excldes files based on when the file metadata was last modified. This option is available only if the global access-time-tracking option of the clster is enabled. 324 OneFS 7.1 Web Administration Gide

325 Storage Pools File attribte Specifies - - Yo can specify a relative date and time, sch as "older than 2 weeks," or a specific date and time, sch as "before Janary 1, 2012." Time settings are based on a 24-hor clock. Access time (atime) Incldes or excldes files based on when the file was last accessed based on the following nits of time: Yo can specify a relative date and time, sch as "older than 2 weeks," or a specific date and time, sch as "before Janary 1, 2012." Time settings are based on a 24-hor clock. Note Becase it affects performance, access time tracking as a file pool policy criterion is disabled by defalt. User attribte Incldes or excldes files based on a cstom ser-defined attribte. Valid wildcard characters Yo can combine wildcard characters with file-matching options to define a file pool policy. OneFS spports UNIX shell-style (glob) pattern matching for file name attribtes and paths. For more information abot file criteria that can be sed for pattern matching, see File pool file-matching options. The following table lists the valid wildcard characters that yo can combine with filematching options to define a file pool policy. Wildcard Description - - * Matches any string in place of the asterisk. For example, m* matches movies and m123. [a-z ] Matches any characters contained in the brackets, or a range of characters separated by a hyphen. For example, b[aei]t matches bat, bet, and bit. For example, 1[4-7]2 matches 142, 152, 162, and 172. Yo can exclde characters within brackets by following the first bracket with an exclamation mark. For example, b[!ie] matches bat bt not bit or bet. Yo can match a bracket within a bracket if it is either the first or last character. For example, [[c]at matches cat and [at. Yo can match a hyphen within a bracket if it is either the first or last character. For example, car[-s] matches cars and car-.? Matches any character in place of the qestion mark. For example, t?p matches tap, tip, and top. Valid wildcard characters 325

326 Storage Pools Defalt file pool reqested protection settings Defalt protection settings inclde specifying the data storage target, snapshot storage target, reqested protection, and SSD strategy for files that are filtered by the defalt file pool policy. Setting Description Notes Data storage target Specifies the storage pool that yo want to target with this file pool policy. Note CAUTION If existing file pool policies direct data to a specific storage pool, do not configre other file pool policies with anywhere for the Data storage target option. Becase the specified storage pool is inclded when yo se anywhere, target specific storage pools to avoid nintentional file storage locations. Select one of the following options to define yor SSD strategy: Metadata read acceleration Defalt. Write both file data and metadata to HDDs and metadata to SSDs. Accelerates metadata reads only. Uses less SSD space than the Metadata read/write acceleration setting. Metadata read/write acceleration Write metadata to SSD pools. Uses significantly more SSD space than Metadata read acceleration, bt accelerates metadata reads and writes. Avoid SSDs Write all associated file data and metadata to HDDs only. CAUTION Use this to free SSD space only after conslting with Isilon Technical Spport personnel; may negatively affect performance. If GNA is not enabled and the storage pool that yo choose to target does not contain SSDs, yo cannot define a strategy. Metadata read acceleration writes both file data and metadata to HDD storage pools bt adds an additional SSD mirror if possible to accelerate read performance. Uses HDDs to provide reliability and an extra metadata mirror to SSDs, if available, to improve read performance. Recommended for most ses. When yo select Metadata read/ write acceleration, the strategy ses SSDs, if available in the storage target, for performance and reliability. The extra mirror may be from a different storage pool sing GNA enabled or from the same node pool. Neither the Data on SSDs strategy nor the Metadata read/write acceleration strategy reslt in the creation of additional mirrors beyond the normal reqested protection. Both file data and metadata are stored on SSDs if available within the file pool policy. This option reqires a significant amont of SSD storage. Data on SSDs Use SSDs for both data and metadata. Regardless of whether global namespace acceleration is enabled, any SSD blocks reside on the storage target if there is room. 326 OneFS 7.1 Web Administration Gide

327 Storage Pools Setting Description Notes Snapshot storage target Specifies the storage pool that yo want to target for snapshot storage with this file pool policy. The settings are the same as those for Data storage target, bt apply to snapshot data. Notes for Data storage target apply to snapshot storage target Reqested protection Defalt of storage pool. Assign the defalt reqested protection of the storage pool to the filtered files. Specific level. Assign a specified reqested protection to the filtered files. To change the reqested protection, select a new vale from the list. Defalt file pool I/O optimization settings Yo can manage the I/O optimization settings that are sed in the defalt file pool policy, inclding files with manally managed attribtes. To allow SmartPools to overwrite optimization settings that were configred sing File System Explorer or the isi set command, select the Inclding files with manallymanaged I/O optimization settings option in the Defalt Protection Settings grop. Setting Description Notes SmartCache Enables or disables SmartCache. SmartCache enabled is the recommended setting for optimal write performance. With asynchronos writes, the Isilon server bffers writes in memory. However, if yo want to disable this bffering, please configre yor applications to se synchronos writes. If that is not possible, disable SmartCache. Data access pattern Defines the optimization settings for accessing data: Concrrency, Streaming, or Random. By defalt, iscsi LUNs are configred to se a random access pattern. Other files and directories se a concrrent access pattern by defalt. Managing file pool policies File pool policies can be modified, reordered, copied, or removed. The defalt file pool policy can be modified, and template policies can be applied. Yo can perform the following file pool policy management tasks: Modify file pool policies Modify the defalt file pool policy Copy file pool policies Use a file pool policy template Reorder file pool policies Delete file pool policies Defalt file pool I/O optimization settings 327

328 Storage Pools Configre defalt file pool policy settings Yo configre file pool policies to filter and store files according to criteria that yo define. File pool policy settings inclde protection settings and I/O optimization settings. Procedre 1. Click File System Management > SmartPools > Settings. 2. On the SmartPools Settings page, select yor defalt settings, and then click Sbmit. Reslts OneFS applies changes to the defalt file pool policy settings when the next schedled SmartPools job rns. Configre defalt file pool protection settings Yo can configre defalt file pool protection settings. The defalt settings are applied to any file that is not covered by another file pool policy. CAUTION If existing file pool policies direct data to a specific storage pool, do not add or modify a file pool policy to the anywhere option for the Data storage target option. Target a specific file pool instead. Procedre 1. Click File System Management > SmartPools > Settings. 2. In the SmartPools Settings section, choose the settings that yo want apply as the global defalt for Data storage target, Snapshot storage target, or Protection level. 3. Click Sbmit. Configre defalt I/O optimization settings The settings that yo selected are applied to any entity that is not covered by another file pool policy. Yo can configre defalt I/O optimization settings. Procedre 1. Click File System Management > SmartPools > Settings. 2. In the Defalt File Pool I/O Optimization Settings area, select the settings that yo want apply as the global defalt for SmartCache and Data access pattern. 3. Click Sbmit. OneFS applies the new settings to all files and directories not covered by another file pool policy. 328 OneFS 7.1 Web Administration Gide

329 Storage Pools Modify a file pool policy Copy a file pool policy Yo can modify the name, description, filter criteria, and the protection and I/O optimization settings applied by a file pool policy. CAUTION If existing file pool policies direct data to a specific storage pool, do not configre other file pool policies with anywhere for the Data storage target option. Becase the specified storage pool is inclded when yo se anywhere, target specific storage pools to avoid nintentional file storage locations. Procedre 1. Click File System Management > SmartPools > File Pool Policies. 2. In the File Pool Policies area, in the Actions colmn of the file pool policy yo want to modify, click Copy. 3. Make yor changes in the appropriate areas and click Sbmit. Reslts Changes to the file pool policy are applied when the next SmartPools job rns. To rn the job immediately, click Start SmartPools Job. Yo can copy and modify the settings of any file pool policy with the exception of the defalt file pool policy. Procedre 1. Click File System Management > SmartPools > File Pool Policies. The SmartPools page appears and displays three gropings: a list of file pool policies, a list of template policies, and latest scan job reslts. 2. In the File Pool Policies area, click Copy in the Actions colmn of the file pool policy that yo want to copy. 3. Make changes in the appropriate areas and click Sbmit. A copy of the file pool policy is added to the list of policies in the File Pool Policies area. Reslts Prioritize a file pool policy OneFS prefaces the copied policy with Copy of, so that yo can differentiate it from the sorce policy. File pool policies are evalated in descending order according to their position in the file pool policies list. By defalt, new policies are inserted immediately above the defalt file pool policy. Yo can give a policy higher or lower priority by moving it p or down the list. The defalt policy is always the last in the list, and applies to all files that are not matched by any othrer file pool policy. Modify a file pool policy 329

330 Storage Pools Procedre Use a file pool template policy Delete a file pool policy 1. Click File System Management > SmartPools > File Pool Policies. The SmartPools page appears and displays three gropings: a list of file pool policies, a list of template policies, and the latest scan job reslts. 2. In the Order colmn of the File Pool Policies area, select the policy that yo want to move. 3. Click either Move p or Move down ntil the policy is positioned where yo want it in the order. Yo can se a OneFS template to configre file pool policies. Procedre 1. Click File System Management > SmartPools > File Pool Policies. The SmartPools page appears and displays three grops: a list of file pool policies, a list of template policies, and the latest scan job reslts. 2. In the Action colmn of the Template Policies area, in the row of the template yo want to se, click Use. The file pool policy settings options appear, with vales pre-configred for the type of template that yo selected. 3. Optional: Rename the template or modify the template policy settings. 4. Click Sbmit. Reslts The policy is added to the File Pool Policies list. Yo can delete any file pool policy except the defalt policy. When yo delete a file pool policy, the operations for the next matching file pool policy apply and may store them in a different storage pool. Files are not moved to another storage pool ntil the SmartPools job rns. Procedre 1. Click File System Management > SmartPools > File Pool Policies. The SmartPools page appears and displays three gropings: a list of file pool policies, a list of template policies, and latest scan job reslts. 2. In the File Pool Policies area, in the Actions colmn of the file pool policy yo want to remove, click Delete. 3. In the confirmation dialog box, click Yes to confirm the deletion. Reslts The file pool policy is removed from the list in the File Pool Policies area. 330 OneFS 7.1 Web Administration Gide

331 Storage Pools SmartPools settings SmartPools settings inclde directory protection, global namespace acceleration, virtal hot spare, spillover, reqested protection management, and I/O optimization management. Setting Description Notes Directory protection Increases the amont of protection for directories at a higher level than the directories and files that they contain, so that data that is not lost can still be accessed. When devices failres reslt in data loss (for example, three drives or two nodes in a +2:1 policy), enabling this setting ensres that intact data is still accessible. The option to Protect directories at one level higher shold be enabled. When this setting is disabled, the directory that contains a file pool is protected according to yor protection-level settings, bt the devices sed to store the directory and the file may not be the same. There is potential to lose nodes with file data intact bt not be able to access the data becase those nodes contained the directory. As an example, consider a clster that has a +2 defalt file pool protection setting and no additional file pool policies. OneFS directories are always mirrored, so they are stored at 3x, which is the mirrored eqivalent of the +2 defalt. This configration can sstain a failre of two nodes before data loss or inaccessibility. If this setting is enabled, all directories are protected at 4x. If the clster experiences three node failres, althogh individal files may be inaccessible, the directory tree is available and provides access to files that are still accessible. In addition, if another file pool policy protects some files at a higher level, these too are accessible in the event of a three-node failre. Global namespace acceleration Virtal hot spare Specifies whether to allow per-file metadata to se SSDs in the node pool. Disabled. Restrict per-file metadata to the storage pool policy of the file, except in the case of spillover. This is the defalt setting. Enabled. Allow per-file metadata to se the SSDs in any node pool. Reserves a minimm amont of space in the node pool that can be sed for data repair in the event of a drive failre. To reserve disk space for se as a virtal hot spare, select one or both of the following options: Redce amont of available space. Sbtracts the space reserved for virtal hot spare when calclating available free space. Deny new data writes. Prevents write operations from sing reserved disk space. This setting is available only if 20 percent or more of the nodes in the clster contain SSDs and at least 1.5 percent of the total clster storage is SSD-based. Note that if nodes are added to or removed from a clster, and the SSD thresholds are no longer satisfied, GNA becomes inactive. GNA remains enabled, so that if the SSD thresholds are met again, GNA is reactivated. If yo configre both the minimm nmber of virtal drives and a minimm percentage of total disk space when yo configre reserved VHS space, the enforced minimm vale satisfies both reqirements. If this setting is enabled and Deny new data writes is disabled, it is possible for the file system tilization to be reported at more than 100%. SmartPools settings 331

332 Storage Pools Setting Description Notes VHS space to reserve. Yo can reserve a minimm nmber of virtal drives (1-4), as well as a minimm percentage of total disk space (0-20%). Global spillover Specifies how to handle write operations to a node pool that is not writable. Spillover data to Protection management I/O optimization management Enabled. Redirect write operations from a node pool that is not writable to another node pool. Disabled. Retrn a disk space error for write operations to a node pool that is not writable Specifies which storage pool to target when a storage pool is not writable. Uses SmartPools technology to manage storage pool policies and reqested protection settings. SmartPools manages protection settings. Specify that SmartPools manages the protection settings. Yo can optionally modify the defalt settings nder Defalt Inclding files with manally-managed protection settings. Overwrite any protection settings that were configred throgh File System Explorer or the command-line interface. Uses SmartPools technology to manage I/O optimization. SmartPools manages I/O optimization settings. Specify that SmartPools technology is sed to manage I/O optimization. Inclding files with manally-managed protection settings. Overwrite any I/O optimization settings that were configred throgh File System Explorer or the commandline interface When spillover is enabled bt it is important that data writes do not fail, select anywhere for the Spillover data to setting, even if file pool policies send data to specific pools. Disabling both protection management and I/O optimization management settings disables SmartPools fnctionality. Disabling both protection management and I/O optimization management settings disables SmartPools fnctionality. Yo can modify the defalt settings in the Defalt I/O Optimization Settings grop (optional). Monitoring storage pools Yo can access information on storage pool health, performance, and stats for individal nodes. Information is available on node-specific network traffic, internal and external network interfaces, and drive stats. Yo can assess pool health and performance by viewing the following information: Sbpool stats Node stats New events Clster size 332 OneFS 7.1 Web Administration Gide

333 Storage Pools Monitor storage pools Clster throghpt CPU sage Yo also can configre real-time and historical performance to be graphed in the web administration interface. Yo can view the stats and details of storage pools. Note OneFS shortens storage pool names that are longer than 40 characters. To view the fll storage pool name, rest the mose pointer over the shortened name to display a tooltip of the long name. Procedre View nhealthy sbpools View file pool job reslts 1. Click File System Management > SmartPools > Smmary. The SmartPools page appears and displays two gropings: the crrent capacity sage and a list of storage pools. 2. In the Crrent Capacity Usage area, move the pointer over the sage bar-graph measrements to view details. 3. In the Tiers & Node Pools area, expand any tiers to view all storage pool information. OneFS exposes nhealthy sbpools in a list. Procedre 1. Click File System Management > SmartPools > Smmary. The SmartPools page appears and displays three gropings: the crrent capacity sage, a list of storage pools, and any nhealthy sbpools. 2. In the Unhealthy Sbpools area, review details of any problematic sbpools. Yo can review detailed reslts from the last time the SmartPools job ran. Procedre 1. Click File System Management > SmartPools > File Pool Policies. The SmartPools page appears and displays three gropings: a list of file pool policies, a list of template policies, and the latest scan job reslts. 2. In the Latest Job Reslts area, scroll throgh the job reslts to see the details for each file pool policy. Monitor storage pools 333

334

335 CHAPTER 19 System jobs This section contains the following topics: System jobs overview System jobs library Job operation Job performance impact Job priorities Managing system jobs Managing impact policies Viewing job reports and statistics System jobs 335

336 System jobs System jobs overview The most critical fnction of OneFS is maintaining the integrity of data on yor Isilon clster. Other important system maintenance fnctions inclde monitoring and optimizing performance, detecting and mitigating drive and node failres, and freeing p available space. Becase maintenance fnctions se system resorces and can take hors to rn, OneFS performs them as jobs that rn in the backgrond throgh a service called Job Engine. The time it takes for a job to rn can vary significantly depending on a nmber of factors. These inclde other system jobs that are rnning at the same time; other processes that are taking p CPU and I/O cycles while the job is rnning; the configration of yor clster; the size of yor data set; and how long since the last iteration of the job was rn. Up to three jobs can rn simltaneosly. To ensre that maintenance jobs do not hinder yor prodctivity or conflict with each other, Job Engine categorizes them, rns them at different priority and impact levels, and can temporarily sspend them (with no loss of progress) to enable higher priority jobs and administrator tasks to proceed. In the case of a power failre, Job Engine ses a checkpoint system to resme jobs as close as possible to the point at which they were interrpted. The checkpoint system helps Job Engine keep track of job phases and tasks that have already been completed. When the clster is back p and rnning, Job Engine restarts the job at the beginning of the phase or task that was in process when the power failre occrred. As system administrator, throgh the Job Engine service, yo can monitor, schedle, rn, terminate, and apply other controls to system maintenance jobs. The Job Engine provides statistics and reporting tools that yo can se to determine how long different system jobs take to rn in yor OneFS environment. Note To initiate any Job Engine tasks, yo mst have the role of SystemAdmin in the OneFS system. System jobs library OneFS contains a library of jobs that rns in the backgrond to maintain yor Isilon clster. Some jobs are atomatically started by OneFS when particlar conditions arise, and some jobs have a defalt schedle. However, yo can rn all jobs manally or schedle them according to yor workflow. Job name Description Exclsion Impact Priority Operation Set Policy AtoBalance Balances free space in a clster, and is most efficient in clsters that contain only hard disk drives (HDDs). Rn as part of MltiScan, or atomatically by the system if MltiScan is disabled. Restripe Low 4 Ato 336 OneFS 7.1 Web Administration Gide

337 System jobs Job name Description Exclsion Impact Priority Operation Set Policy AtoBalanceLin Balances free space in a clster, and is most efficient in clsters when file system metadata is stored on solid state drives (SSDs). Rn as part of MltiScan, or atomatically by the system if MltiScan is disabled. Restripe Low 4 Ato AVScan Collect Dedpe* DedpeAssessment DomainMark FlexProtect Performs an antivirs scan on all files. Reclaims free space that previosly cold not be freed becase the node or drive was navailable. Rn as part of MltiScan, or atomatically by the system if MltiScan is disabled. Scans a directory for redndant data blocks and dedplicates all redndant data stored in the directory. Available only if yo activate a SmartDedpe license. Scans a directory for redndant data blocks and reports an estimate of the amont of space that cold be saved by dedplicating the directory. Associates a path, and the contents of that path, with a domain. Scans the file system after a device failre to ensre that all files remain protected. FlexProtect is most efficient in clsters that contain only HDDs. None Low 6 Manal Mark Low 4 Ato None Low 4 Manal None Low 6 Manal None Low 5 Manal Restripe Medim 1 Ato System jobs library 337

338 System jobs Job name Description Exclsion Impact Priority Operation Set Policy FlexProtectLin Scans the file system after a node failre to ensre that all files remain protected. Most efficient when file system metadata is stored on SSDs. Restripe Medim 1 Ato FSAnalyze IntegrityScan MediaScan Gathers information abot the file system. Verifies file system integrity. Locates and clears media-level errors from disks. None Low 1 Schedled Mark Medim 1 Manal Restripe Low 8 Schedled MltiScan Performs the work of the AtoBalance and Collect jobs simltaneosly. Restripe Mark Low 4 Ato PermissionRepair QotaScan* SetProtectPls ShadowStoreDelete SmartPools* SnapRevert SnapshotDelete Corrects file and directory permissions in the /ifs directory. Updates qota acconting for domains created on an existing file tree. Available only if yo activate a SmartQotas license. Applies a defalt file policy across the clster. Rns only if a SmartPools license is not active. Frees space that is associated with a shadow store. Enforces SmartPools file policies. Available only if yo activate a SmartPools license. Reverts an entire snapshot back to head. Creates free space associated with deleted snapshots. None Low 5 Manal None Low 6 Ato Restripe Low 6 Manal None Low 2 Schedled Restripe Low 6 Schedled None Low 5 Manal None Medim 2 Ato 338 OneFS 7.1 Web Administration Gide

339 System jobs Job name Description Exclsion Impact Priority Operation Set Policy TreeDelete Deletes a specified file path in the /ifs None Medim 4 Manal directory. * Available only if yo activate an additional license Job operation OneFS incldes system maintenance jobs that rn to ensre that yor Isilon clster performs at peak health. Throgh the Job Engine, OneFS rns a sbset of these jobs atomatically, as needed, to ensre file and data integrity, check for and mitigate drive and node failres, and optimize free space. For other jobs, for example, Dedpe, yo can se Job Engine to start them manally or schedle them to rn atomatically at reglar intervals. The Job Engine rns system maintenance jobs in the backgrond and prevents jobs within the same classification (exclsion set) from rnning simltaneosly. Two exclsion sets are enforced: restripe and mark. Restripe job types are: AtoBalance AtoBalanceLin FlexProtect FlexProtectLin MediaScan MltiScan SetProtectPls SmartPools Mark job types are: Collect IntegrityScan MltiScan Note that MltiScan is a member of both the restripe and mark exclsion sets. Yo cannot change the exclsion set parameter for a job type. The Job Engine is also sensitive to job priority, and can rn p to three jobs, of any priority, simltaneosly. Job priority is denoted as 1 10, with 1 being the highest and 10 being the lowest. The system ses job priority when a conflict among rnning or qeed jobs arises. For example, if yo manally start a job that has a higher priority than three other jobs that are already rnning, Job Engine pases the lowest-priority active job, rns the new job, then restarts the older job at the point at which it was pased. Similarly, if yo start a job within the restripe exclsion set, and another restripe job is already rnning, the system ses priority to determine which job shold rn (or remain rnning) and which job shold be pased (or remain pased). Other job parameters determine whether jobs are enabled, their performance impact, and schedle. As system administrator, yo can accept the job defalts or adjst these parameters (except for exclsion set) based on yor reqirements. Job operation 339

340 System jobs Job performance impact When a job starts, the Job Engine distribtes job segments phases and tasks across the nodes of yor clster. One node acts as job coordinator and continally works with the other nodes to load-balance the work. In this way, no one node is overbrdened, and system resorces remain available for other administrator and system I/O activities not originated from the Job Engine. After completing a task, each node reports task stats to the job coordinator. The node acting as job coordinator saves this task stats information to a checkpoint file. Conseqently, in the case of a power otage, or when pased, a job can always be restarted from the point at which it was interrpted. This is important becase some jobs can take hors to rn and can se considerable system resorces. The Job Engine service monitors system performance to ensre that maintenance jobs do not significantly interfere with reglar clster I/O activity and other system administration tasks. Job Engine ses impact policies that yo can manage to control when a job can rn and the system resorces that it consmes. Job Engine has for defalt impact policies that yo can se bt not modify. The defalt impact policies are: Impact policy Allowed to rn Resorce consmption LOW Any time of day. Low MEDIUM Any time of day. Medim HIGH Any time of day. High OFF_HOURS Otside of bsiness hors. Bsiness hors are defined as 9AM to 5pm, Monday throgh Friday. OFF_HOURS is pased dring bsiness hors. Low If yo want to specify other than a defalt impact policy for a job, yo can create a cstom policy with new settings. Jobs with a low impact policy have the least impact on available CPU and disk I/O resorces. Jobs with a high impact policy have a significantly higher impact. In all cases, however, the Job Engine ses CPU and disk throttling algorithms to ensre that tasks that yo initiate manally, and other I/O tasks not related to the Job Engine, receive a higher priority. Job priorities Job priorities determine which job takes precedence when more than three jobs of different exclsion sets attempt to rn simltaneosly. The Job Engine assigns a priority vale between 1 and 10 to every job, with 1 being the most important and 10 being the least important. The maximm nmber of jobs that can rn simltaneosly is three. If a forth job with a higher priority is started, either manally or throgh a system event, the Job Engine pases one of the lower-priority jobs that is crrently rnning. The Job Engine places the 340 OneFS 7.1 Web Administration Gide

341 System jobs Managing system jobs pased job into a priority qee, and atomatically resmes the pased job when one of the other jobs is completed. If two jobs of the same priority level are schedled to rn simltaneosly, and two other higher priority jobs are already rnning, the job that is placed into the qee first is rn first. The Job Engine enables yo to control periodic system maintenance tasks that ensre OneFS file system stability and integrity. As maintenance jobs rn, the Job Engine constantly monitors and mitigates their impact on the overall performance of the clster. As system administrator, yo can tailor these jobs to the specific workflow of yor Isilon clster. Yo can view active jobs and job history, modify job settings, and start, pase, resme, cancel, and pdate job instances. View active jobs View job history Start a job If yo are noticing slower system response while performing administrative tasks, yo can view jobs that are crrently rnning on yor Isilon clster. Procedre 1. Click Clster Management > Job Operations > Job Smmary. 2. In the Active Jobs table, view stats information abot all crrently rnning jobs, job settings, and progress details. a. Yo can perform blk actions on the active jobs by selecting the Stats check box, then selecting an action from the Select a blk action drop-down list. If yo want to check the last time a critical job ran, yo can view recent activity for a specific job, or for all jobs. Procedre 1. Click Clster Management > Job Operations > Job Reports. The Job Reports table displays a chronological list of the last ten job events that have occrred on the clster. Event information incldes the time the event occrred, the job responsible for the event, and event reslts. 2. Filter reports by job type by selecting the job from the Filter by Job Type drop-down list and clicking Reset. 3. Click on View Details next to a job name to view recent events for only that job. Recent events for the job appear in the View Job Report Details window, and inclde information sch as start time, dration, and whether or not the job was sccessfl. By defalt, only some system maintenance jobs are schedled to rn atomatically. However, yo can start any of the jobs manally at any time. Procedre 1. Click Clster Management > Job Operations > Job Smmary. 2. In the Active Jobs window, select the job yo want to start and click More. Managing system jobs 341

342 System jobs 3. Click Start Rnning Job. Pase a job Resme a job Cancel a job Update a job Yo can pase a job temporarily to free p system resorces. Procedre 1. Click Clster Management > Job Operations > Job Smmary. 2. In the Active Jobs table, click More for the job that yo want to pase. 3. Click Pase Rnning Job in the men that appears. The job remains pased ntil yo resme it. Yo can resme a pased job. Procedre 1. Click Clster Management > Job Operations > Job Smmary. 2. In the Active Jobs table, click More for the job that yo want to pase. 3. Click Resme Rnning Job in the men that appears. Reslts The job contines from the phase or task at which it was pased. If yo want to free p system resorces, or for any reason, yo can permanently discontine a rnning, pased, or waiting job. Procedre 1. Click Clster Management > Job Operations > Job Smmary. 2. In the Active Jobs table, click More for the job that yo want to cancel. 3. Click Cancel Rnning Job in the men that appears. Yo can change the priority and impact policy of a rnning, waiting, or pased job. When yo pdate a job, only the crrent instance of the job rns with the pdated settings. The next instance of the job retrns to the defalt settings for that job. Note To change job settings permanently, see "Modify job type settings." Procedre 1. Click Clster Management > Job Operations > Job Smmary. 2. In the Active Jobs table, click View/Edit for the job that yo want to pdate. 3. In the View Active Job Details window, click Edit Job. a. Select a new priority level from the Priority drop-down list. b. Select an impact policy level from the Impact Policy drop-down list. 342 OneFS 7.1 Web Administration Gide

343 System jobs Modify job type settings 4. Click Save Changes. When yo pdate a rnning job, the job atomatically resmes. When yo pdate a pased or idle job, the job remains in that state ntil yo restart it. Yo can cstomize system maintenance jobs for yor administrative workflow by modifying the defalt priority level, impact level, and schedle for a job type. Procedre 1. Click Clster Management > Job Operations > Job Types. 2. In the Job Types table, locate the row for the policy yo want to modify and click View / Edit. The View Job Type Details window appears, displaying crrent defalt settings, schedle, crrent state, and recent activity. 3. Click Edit Job Type. The Edit Job Type Details window appears. 4. Modify the details yo want to change. Yo can modify the defalt priority, the defalt impact policy, whether the job is enabled, and whether the job rns manally or on a schedle. 5. Click Schedled to modify a job schedle, then select the schedle option from the drop-down list. 6. Click Save Changes. The modifications are saved and applied to all instances of that job type. The reslts are shown in the View Job Type Details window. 7. Click Close. Managing impact policies Create an impact policy For system maintenance jobs that rn throgh the Job Engine service, yo can create and assign policies that help control how jobs affect system performance. As system administrator, yo can create, copy, modify, and delete impact policies, and view their settings. The Job Engine incldes for impact policies, which yo cannot modify or delete. However, yo can create and configre new impact policies. Procedre 1. Click Clster Management > Job Operations > Impact Policies. 2. Click Add an Impact Policy. The Create Impact Policy window appears. 3. In the Name text field, type a name for the policy. This field is reqired. 4. In the Description text field, type a comment abot the impact policy. Inclde information specific to the impact policy sch as niqe schedle parameters or logistical reqirements that make the impact policy necessary. 5. Click Add an Impact Policy Interval. Modify job type settings 343

344 System jobs Copy an impact policy Modify an impact policy a. In the Add an Impact Policy Interval window, select the impact level and start and end times from the drop-down lists. b. Click Add Impact Policy Interval. The Add an Impact Policy Interval window disappears, and the settings yo selected appear in the Impact Schedle table. 6. Click Create Impact Policy. Yor copy of the impact policy is saved and is listed in alphabetical order in the Impact Policies table. Yo can se a defalt impact policy as the template for a new policy by making and modifying a copy. Procedre 1. Click Clster Management > Job Operations > Impact Policies. 2. In the Impact Policies table, locate the row for the policy yo want to copy and click More. The Copy Impact Policy window appears. 3. In the Name field, type a name for the new policy. 4. In the Description text field, enter a description for the new policy. Inclde information specific to the impact policy sch as niqe schedle parameters or logistical reqirements that make the impact policy necessary. 5. Click Add an Impact Policy Interval. a. In the Add an Impact Policy Interval window, select the impact level and start and end times from the drop-down lists. b. Click Add Impact Policy Interval. The Add an Impact Policy Interval window closes, and the settings yo selected appear in the Impact Schedle table. 6. Click Copy Impact Policy. Yor copy of the impact policy is saved and is listed in alphabetical order in the Impact Policies table. Yo can change the name, description, and impact intervals of a cstom impact policy. Before yo begin Yo cannot modify the defalt impact policies, HIGH, MEDIUM, LOW, and OFF_HOURS. If yo want to modify a policy, create and modify a copy of a defalt policy. Procedre 1. Navigate to Clster Management > Job Operations > Impact Policies. 2. In the Impact Policies table, click View / Edit for the policy yo want to modify. The Edit Impact Policy window appears. 3. Click Edit Impact Policy, and modify one or all of the following: 344 OneFS 7.1 Web Administration Gide

345 System jobs Options Description Policy description a. In the Description field, type a new overview for the impact policy. b. Click Sbmit. Impact schedle a. In the Impact Schedle area, modify the schedle of the impact policy by adding, editing, or deleting impact intervals. b. Click Save Changes. Delete an impact policy The modified impact policy is saved and listed in alphabetical order in the Impact Policies table. Yo can delete impact policies that yo have created. Yo cannot delete defalt impact policies, HIGH, MEDIUM, LOW, and OFF_HOURS. Procedre 1. Click Clster Management > Job Operations > Impact Policies. 2. In the Impact Policies table, click More next to the cstom impact policy that yo want to delete. 3. Click Delete. View impact policy settings A confirmation dialog box appears. 4. In the confirmation dialog box, click Delete. Yo can view the impact policy settings for any job. Procedre 1. Click Clster Management > Job Operations > Job Types. The Job Types table is displayed. 2. If necessary, scroll throgh the Job Types table to find a specific job. Viewing job reports and statistics The impact policy settings for the job are shown in the Job Types table. Yo can generate reports for system jobs and view statistics to better determine the amonts of system resorces being sed. Most system jobs controlled by the Job Engine rn at a low priority and with a low impact policy, and generally do not have a noticeable impact on clster performance. A few jobs, becase of the critical fnctions they perform, rn at a higher priority and with a medim impact policy. These jobs inclde FlexProtect and FlexProtect Lin, FSAnalyze, SnapshotDelete, and TreeDelete. As a system administrator, if yo are concerned abot the impact a system job might have on clster performance, yo can view job statistics and reports. These tools enable Delete an impact policy 345

346 System jobs View statistics for a job in progress yo to view detailed information abot job load, inclding CPU and memory sage and I/O operations. Yo can view statistics for a job in progress. Procedre 1. Click Clster Management > Job Operations > Job Smmary. Yo can view jobs that are rnning in the Active Jobs area. 2. Click the View/Edit option to the right of the job entry. Reslts View a report for a completed job The View Active Jobs Details screen opens, where yo can view statistics sch as processed data, elapsed time, phase, and progress, inclding an estimate of the time remaining for the job to complete. After a job finishes, yo can view a report abot the job. Before yo begin A report for a job is not available ntil after the job is completed. Procedre 1. Click Clster Management > Job Operations > Job Reports. The Job Reports screen appears with a list of the last 10 completed jobs. 2. Locate the job whose report yo want to view. If the job is not on the first page of the Job Reports screen, click the right-arrow icon to page throgh the list ntil yo locate yor job. 3. Click View Details. The View Job Report Details screen appears, listing job statistics sch as elapsed time, CPU and memory sage, and total I/O operations. 4. When yo are finished viewing the report, click Close. 346 OneFS 7.1 Web Administration Gide

347 CHAPTER 20 Networking This section contains the following topics: Networking overview Abot the internal network External client network overview Configring the internal network Configring an external network Managing external client connections with SmartConnect Managing network interface provisioning rles Networking 347

348 Networking Networking overview Abot the internal network Internal IP address ranges After yo determine the topology of yor network, yo can set p and manage yor internal and external networks. There are two types of networks associated with an EMC Isilon clster: Internal Nodes commnicate with each other sing a high speed low latency InfiniBand network. Yo can optionally configre a second Infiniband network as a failover for redndancy and secrity. External Clients connect to the clster throgh the external network with Ethernet. The Isilon clster spports standard network commnication protocols, inclding NFS, SMB, HTTP, and FTP. The clster incldes varios external Ethernet connections, providing flexibility for a wide variety of network configrations. External network speeds vary by prodct. Yo can manage both the internal and external network settings from the OneFS web administration interface and the command-line interface. The EMC Isilon clster mst connect to at least one high-speed, low-latency Infiniband switch for internal commnications and data transfer. The connection to the Infiniband switch is also referred to as an internal network. The internal network is separate from the external network (typically Ethernet) by which sers access the clster. Upon initial configration of yor clster, OneFS creates a defalt internal network for the Infiniband switch called int-a. A second Infiniband switch can be added for redndancy and failover; the defalt name is int-b/failover. The nmber of IP addresses assigned to the internal network determines how many nodes can be joined to the EMC Isilon clster. When yo initially configre the clster, yo specify one or more IP address ranges for the internal InfiniBand network. This range of addresses is sed by the nodes to commnicate with each other. It is recommended that yo create a range of addresses large enogh to accommodate adding additional nodes to yor clster. If the IP address range defined dring the initial configration is too restrictive for the size of the internal network, yo can add ranges to the int-a network and int-b network. For certain configration changes, sch as deleting an IP address assigned to a node, the clster mst be restarted. While all clsters will have, at minimm, one internal Infiniband network (int-a), to enable a second internal network (int-b) yo mst assign another IP address range to it. To enable internal network failover, assign an IP address range to the failover network. This range is sed to refer to the actal IP addresses in se to provide seamless internal IP address failover. 348 OneFS 7.1 Web Administration Gide

349 Networking Internal network failover Yo can configre an internal switch as a failover network to provide redndancy for intraclster commnications. Enable an internal failover network by connecting the int-a interfaces of each node in the clster to one switch, connecting the int-b ports on each node to another switch, and then restarting the EMC Isilon clster. In addition to the IP address range assigned to the int-a internal network, if yo enable failover on a second Infiniband switch, yo mst assign an IP address range that points to actal IP addresses sed by the clster. These addresses enable seamless failover in the event that either the int-a or int-b switches fail. External client network overview External network settings Yo connect a client compter to the EMC Isilon clster throgh the external network. OneFS spports network sbnets, IP address pools, and featres network provisioning rles to simplify configration. Sbnets simplify external (front-end) network management and provide flexibility in implementing and maintaining the clster network. Yo can create IP address pools within sbnets to partition yor network interfaces according to workflow or node type. Yo can configre external network settings throgh provisioning rles and then those rles are applied to nodes that are added to the clster. Yo mst initially configre the defalt external IP sbnet in IPv4 format. After configration is complete, yo can configre additional sbnets sing IPv4 or IPv6. IP address pools can be associated with a node or a grop of nodes as well as with the NIC ports on the nodes. For example, based on the network traffic that yo expect, yo might decide to establish one sbnet for storage nodes and another sbnet for accelerator nodes. How yo set p yor external network sbnets depends on yor network topology. In a basic network topology where all client-node commnication occrs throgh a single gateway, only a single external sbnet is reqired. If clients connect throgh mltiple sbnets or internal connections, yo mst configre mltiple external network sbnets. A defalt external network sbnet is created dring the initial set p of yor EMC Isilon clster. Yo can make modifications to this sbnet, create new sbnets, and make additional configration changes to the external network. Dring initial clster setp, OneFS performs the following actions: Creates a defalt external network sbnet called sbnet0, with the specified netmask, gateway, and SmartConnect service address. Creates a defalt IP address pool called pool0 with the specified IP address range, the SmartConnect zone name, and the external interface of the first node in the clster as the only member. Creates a defalt network provisioning rle called rle0, which atomatically assigns the first external interface for all newly added nodes to pool0. Adds pool0 to sbnet0 and configres pool0 to se the virtal IP of sbnet0 as its SmartConnect service address. Sets the global, otbond DNS settings to the domain name server list and DNS search list, if provided. Internal network failover 349

350 Networking Once the initial external network has been established, yo can configre the following information abot yor external network: Netmask IP address range Gateway Domain name server list (optional) DNS search list (optional) SmartConnect zone name (optional) SmartConnect service address (optional) Yo can make modifications to the external network throgh the web administration interface and the command-line interface. IP address pools Yo can partition EMC Isilon clster nodes and external network interfaces into logical IP address pools. IP address pools are also tilized when configring SmartConnect zones and IP failover spport for protocols sch as NFS. Mltiple pools for a single sbnet are available only if yo activate a SmartConnect Advanced license. IP address pools: Map available addresses to configred interfaces. Belong to external network sbnets. Partition network interfaces on yor clster into pools. Can be to assigned to grops in yor organization. The IP address pool of a sbnet consists of one or more IP address ranges and a set of clster interfaces. All IP address ranges in a pool mst be niqe. A defalt IP address pool is configred dring the initial clster setp throgh the command-line configration wizard. Yo can modify the defalt IP address pool at any time. Yo can also add, remove, or modify additional IP address pools. If yo add external network sbnets to yor clster throgh the sbnet wizard, yo mst specify the IP address pools that belong to the sbnet. IP address pools are allocated to external network interfaces either dynamically or statically. The static allocation method assigns one IP address per pool interface. The IP addresses remain assigned, regardless of that interface's stats, bt the method does not garantee that all IP addresses are assigned. The dynamic allocation method distribtes all pool IP addresses, and the IP address can be moved depending on the interface's stats and connection policy settings. Connection balancing with SmartConnect SmartConnect balances client connections to the EMC Isilon clster. The SmartConnect modle is available in two modes: Basic If yo have not activated a SmartConnect advanced license, SmartConnect operates in Basic mode. Basic mode balances client connections by sing a rond robin policy. Basic mode is limited to static IP address allocation and to one IP address pool per external network sbnet. This mode is inclded with OneFS as a standard featre. 350 OneFS 7.1 Web Administration Gide

351 Networking Advanced If yo activate a SmartConnect Advanced license, SmartConnect operates in Advanced mode. Advanced mode enables client connection balancing based on rond robin, CPU tilization, connection conting, or network throghpt. Advanced mode spports IP failover and allows IP address pools to spport mltiple DNS zones within a single sbnet. The following information describes the SmartConnect DNS client-connection balancing policies: Rond Robin This method selects the next available node on a rotating basis. This is the defalt state (after SmartConnect is activated) if no other policy is selected. Note Rond robin is the only connection policy available withot activating a SmartConnect Advanced license. Connection Cont This method determines the nmber of open TCP connections on each available node and optimizes the clster sage. Network Throghpt This method determines the average throghpt on each available node to optimize the clster sage. CPU Usage This method determines the average CPU tilization on each available node to optimize the clster sage. Note SmartConnect reqires that yo add a new name server (NS) record to the existing athoritative DNS zone that contains the clster and that yo delegate the SmartConnect zone as a flly qalified domain name (FQDN). External IP failover Yo can redistribte IP addresses for external IP failover if one or more node interfaces becomes navailable. SmartConnect Basic does not spport IP failover. Yo can enable dynamic IP allocation and IP failover in yor EMC Isilon clster if yo activate a SmartConnect Advanced license. Dynamic IP allocation ensres that all IP addresses in the IP address pool are assigned to member interfaces. Dynamic IP allocation allows clients to connect to any IP addresses in the pool and receive a response. If a node or an interface becomes navailable, OneFS moves the IP address to other member interfaces in the IP address pool. IP failover ensres that all of the IP addresses in the pool are assigned to an available node. When an node interface becomes navailable, the dynamic IP address of the node is redistribted among the remaining available node interfaces. Sbseqent client connections are directed to the node interface that is assigned to that IP address. External IP failover 351

352 Networking If a SmartConnect Advanced license is active on the clster, yo may have enabled IP failover when yo configred yor external network settings. Yo can also modify yor sbnet settings at any time to enable IP failover for selected IP address pools. IP failover occrs when a pool has dynamic IP address allocation set. Yo can frther configre IP failover for yor network environment with the following options: IP allocation method This method ensres that all of the IP addresses in the pool are assigned to an available node. Rebalance policy This policy controls how IP addresses are redistribted when the node interface members for a given IP address pool become available after a period of navailability. IP failover policy This policy determines how to redistribte the IP addresses among remaining members of an IP address pool when one or more members are navailable. NIC aggregation Network interface card (NIC) aggregation, also known as link aggregation, is optional, and enables yo to combine the bandwidth of a node's physical network interface cards into a single logical connection. NIC aggregation provides improved network throghpt. Note Configring link aggregation is an advanced fnction of network switches. Conslt yor network switch docmentation before configring yor EMC Isilon clster for link aggregation. NIC aggregation can be configred dring the creation of a new external network sbnet. Alternatively, yo can configre NIC aggregation on the existing IP address pool of a sbnet. OneFS provides spport for the following link aggregation methods: Link Aggregation Control Protocol (LACP) Spports the IEEE 802.3ad Link Aggregation Control Protocol (LACP). This method is recommended for switches that spport LACP and is the defalt mode for new pools. Legacy Fast EtherChannel (FEC) mode This method is compatible with aggregated configrations in earlier versions of OneFS. Etherchannel (FEC) This method is a newer implementation of the Legacy FEC mode. Active / Passive Failover This method transmits all data throgh the master port, which is the first port in the aggregated link. The next active port in an aggregated link takes over if the master port is navailable. Rond-Robin This method balances otbond traffic across all active ports in the aggregated link and accepts inbond traffic on any port. 352 OneFS 7.1 Web Administration Gide

353 Networking Some NICs may allow aggregation of ports only on the same network card. For LACP and FEC aggregation modes, the switch mst spport IEEE 802.3ad link aggregation. Since the trnks on the network switch mst also be configred, the node mst be connected with the correct ports on the switch. VLANs Virtal LAN (VLAN) tagging is an optional setting that enables an EMC Isilon clster to participate in mltiple virtal networks. Yo can partition a physical network into mltiple broadcast domains, or virtal local area networks (VLANs). Yo can enable a clster to participate in a VLAN which allows mltiple clster sbnet spport withot mltiple network switches; one physical switch enables mltiple virtal sbnets. VLAN tagging inserts an ID into packet headers. The switch refers to the ID to identify from which VLAN the packet originated and to which network interface a packet shold be sent. DNS name resoltion Yo can designate p to three DNS servers and p to six search domains for yor external network. Yo can configre the DNS server settings dring initial clster configration with the command-line Configration wizard. After the initial configration, yo can modify the DNS server settings throgh the web administration interface or throgh the isi networks command. IPv6 spport Yo can configre dal stack spport for IPv6. With dal-stack spport in OneFS, yo can configre both IPv4 and IPv6 addresses. However, configring an EMC Isilon clster to se IPv6 exclsively is not spported. When yo set p the clster, the initial sbnet mst consist of IPv4 addresses. The following table describes important distinctions between IPv4 and IPv6. IPv4 IPv bit addresses 128-bit addresses Sbnet mask Address Resoltion Protocol (ARP) Prefix length Neighbor Discovery Protocol (NDP) Configring the internal network Yo can modify the internal network settings of yor EMC Isilon clster. Yo can perform the following actions: Modify the IP address ranges of the internal network and the int-b/failover network Modify the internal network netmask Configre and enable an internal failover network VLANs 353

354 Networking Disable internal network failover Modify the internal IP address range Yo can configre the int-b/failover network to provide backp in the event of an int-a network failre. Configration involves specifying a valid netmask and IP address range for the failover network. Each internal Infiniband network reqires an IP address range. The ranges shold have a sfficient nmber of IP addresses for present operating conditions as well as ftre expansion and addition of nodes. Yo can add, remove, or migrate IP addresses for both the internal (int-a) and failback (int-b) networks. Procedre 1. Click Clster Management > Network Configration. 2. In the Internal Networks Settings area, select the network that yo want to add IP addresses for. To select the int-a network, click int-a. To select the int-b/failover network, click int-b/failover. 3. In the IP Ranges area, yo can add, delete, or migrate yor IP address ranges. Ideally the new range is contigos with the previos one. For example, if yor crrent IP address range is , the new range shold start with Click Sbmit. Modify the internal network netmask Yo can modify the netmask vale for the internal network. If the netmask is too restrictive for the size of the internal network, yo mst modify the netmask settings. It is recommended that yo specify a class C netmask, sch as , for the internal netmask. This netmask is large enogh to accommodate ftre clsters. Note For the changes in netmask vale to take effect, yo mst reboot the clster. Procedre 1. Click Clster Configration > Network Configration. 2. In the Internal Network Settings area, select the network that yo want to configre the netmask for. To select the int-a network, click int-a. To select the int-b/failover network, click int-b / Failover. 3. In the Netmask field, type a netmask vale. Yo cannot modify the netmask vale if the change invalidates any node addresses. 4. Click Sbmit. 354 OneFS 7.1 Web Administration Gide A dialog box prompts yo to reboot the clster. 5. Specify when yo want to reboot the clster. To immediately reboot the clster, click Yes. When the clster finishes rebooting, the login page appears.

355 Networking Click No to retrn to the Edit Internal Network page withot changing the settings or rebooting the clster. Configre and enable an internal failover network Yo can enable an internal failover network on yor EMC Isilon clster. By defalt, the intb and internal failover networks are disabled. Procedre 1. Click Clster Management > Network Configration. 2. In the Internal Network Settings area, click int-b/failover. 3. In the IP Ranges area, for the int-b network, click Add range. 4. On the Add IP Range dialog box, enter the IP address at the low end of the range in the first IP range field. 5. In the second IP range field, type the IP address at the high end of the range. Ensre that there is no overlap of IP addresses between the int-a and int-b/failover network ranges. For example, if the IP address range for the int-a network is , specify a range of for the int-b network. 6. Click Sbmit. 7. In the IP Ranges area for the Failover network, click Add range. Add an IP address range for the failover network, ensring there is no overlap with the int-a network or the int-b network. The Edit Internal Network page appears, and the new IP address range appears in the IP Ranges list. 8. In the Settings area, specify a valid netmask. Ensre that there is no overlap between the IP address range for the int-b network or for the failover network. It is recommended that yo se a class C netmask, sch as , for the internal network. 9. In the Settings area, for State, click Enable to enable the int-b and failover networks. 10.Click Sbmit. Disable internal network failover The Confirm Clster Reboot dialog box appears. 11.Restart the clster by clicking Yes. Yo can disable the int-b and failover internal networks. Procedre 1. Click Clster Management > Network Configration. 2. In the State area, click Disable. 3. Click Sbmit. The Confirm Clster Reboot dialog box appears. 4. Restart the clster by clicking Yes. Configre and enable an internal failover network 355

356 Networking Configring an external network Yo can configre all external network connections between the EMC Isilon clster and client compters. Adding a sbnet Yo can add and configre an external sbnet. Adding a sbnet to the external network encompasses these tasks: Procedre 1. Configring sbnet settings. 2. Adding an IP address to a new sbnet. 3. Optional: Configring SmartConnect settings for a new sbnet. 4. Selecting interface members for a new sbnet. Configre sbnet settings Yo can add a sbnet to the external network of a clster sing the web administration interface or the Isilon command line. This procedre describes sing the web administration interface to add a sbnet. Procedre 1. Click Clster Management > Network Configration. 2. In the External Network Settings area, click Add sbnet. 3. In the Basic section, in the Name field, type a niqe name for the sbnet. The name can be p to 32 alphanmeric characters long and can inclde nderscores or hyphens, bt not spaces or other pnctation. 4. Optional: In the Description field, type a descriptive comment abot the sbnet. The comment can be no more than 128 characters. 5. Specify the IP address format for the sbnet and configre an associated netmask or prefix length setting: For an IPv4 sbnet, click IPv4 in the IP Family list. In the Netmask field, type a dotted decimal octet (x.x.x.x) that represents the sbnet mask. For an IPv6 sbnet, click IPv6 in the IP family list. In the Prefix length field, type an integer (ranging from 1 to 128) that represents the network prefix length. 6. In the MTU list, type or select the size of the maximm transmission nits the clster ses in network commnication. Any nmerical vale is allowed, bt mst be compatible with yor network and the configration of all devices in the network path. Common settings are 1500 (standard frames) and 9000 (jmbo frames). Althogh OneFS spports both 1500 MTU and 9000 MTU, sing a larger frame size for network traffic permits more efficient commnication on the external network between clients and clster nodes. Note To benefit from sing jmbo frames, all devices in the network path mst be configred to se jmbo frames. 356 OneFS 7.1 Web Administration Gide

357 Networking 7. In the Gateway address field, type the IP address of the gateway server device throgh which the clster commnicates with systems otside of the sbnet. 8. In the Gateway priority field, type an integer for the priority of the sbnet gateway for nodes assigned to more than one sbnet. Yo can configre only one defalt gateway per node, bt each sbnet can be assigned a gateway. When a node belongs to more than one sbnet, this option enables yo to define the preferred defalt gateway. A vale of 1 represents the highest priority, and 10 represents the lowest priority. 9. If yo plan to se SmartConnect for connection balancing, in the SmartConnect service IP field, type the IP address that will receive all incoming DNS reqests for each IP address pool according to the client connection policy. Yo mst have at least one sbnet configred with a SmartConnect service IP in order to se connection balancing. 10.Optional: In the Advancedsection, yo can enable VLAN tagging if yo want to enable the clster to participate in virtal networks. Note Configring a VLAN reqires advanced knowledge of network switches. Conslt yor network switch docmentation before configring yor clster for a VLAN. 11.If yo enable VLAN tagging, yo mst also type a VLAN ID that corresponds to the ID nmber for the VLAN set on the switch, with a vale from 2 to Optional: In the Hardware load balancing field, type the IP address for a hardware load balancing switch sing Direct Server Retrn (DSR). This rotes all client traffic to the clster throgh the switch. The switch determines which node handles the traffic for the client, and passes the traffic to that node. 13.Click Next. The Step 2 of 4 -- IP Address Pool Settings dialog box appears. After yo finish Add an IP address pool to a new sbnet The next step in the process of adding a new sbnet is adding an IP address pool. Yo can partition the external network interface of yor clster into grops, or pools, of niqe IP address ranges in a sbnet. Before yo begin Yo mst specify basic sbnet settings by completing the previos sbnet wizard page. Note If yor clster is rnning SmartConnect Basic for connection balancing, yo can configre only one IP address pool per sbnet. If yo activate a SmartConnect Advanced license, yo can configre nlimited IP address pools per sbnet. Procedre 1. In the Step 2 of 4 IP Address Pool Settings dialog box, type a niqe Name for the IP address pool. The name can be p to 32 alphanmeric characters long and can inclde nderscores or hyphens, bt no spaces or other pnctation. 2. Type a Description for the IP address pool. The description can contain p to 128 characters. Adding a sbnet 357

358 Networking 3. In the Access zone list, click to select an access zone for the pool. OneFS incldes a defalt system access zone. 4. In the IP range (low-high) area, click New. OneFS adds an IP address range with defalt Low IP and High IP vales. 5. Click to select the defalt Low IP vale. Replace the defalt vale with the starting IP address of the sbnet's IP address pool. 6. Click to select the defalt High IP vale. Replace the defalt vale with the ending IP address of the sbnet's IP address pool. 7. Optional: Add IP address ranges to the IP address pool by repeating steps 3 throgh 6 as needed. 8. Click Next. The Step 3 of 4 SmartConnect Settings dialog box appears. After yo finish The next step in the process of adding a new sbnet is configring SmartConnect settings, which is optional. If yo do not wish to configre SmartConnect settings, the next step is adding network interface members to the new sbnet. Configre SmartConnect settings for a new sbnet Yo can configre sbnet connection balancing for a clster's external network with the defalt SmartConnect Basic featre of OneFS. Yo can configre advanced settings if yo activate a SmartConnect Advanced license. Before yo begin Yo mst specify basic sbnet settings and add at least one IP address pool range to the new sbnet by completing the previos sbnet wizard pages. Yo can configre SmartConnect as an optional modle to balance client connections on the external network of yor clster. A SmartConnect Advanced license mst be active for certain options. An active SmartConnect Advanced license adds additional advanced balancing policies to evenly distribte CPU sage, client connections, or throghpt. An active license also lets yo define IP address pools to spport mltiple DNS zones in a sbnet. In addition, SmartConnect spports IP failover, also known as NFS failover. In contrast, with SmartConnect Basic yo can only set a rond robin balancing policy. Note SmartConnect reqires that yo add a new name server (NS) record to the existing athoritative DNS zone that contains the clster and that yo delegate the SmartConnect zone as a flly qalified domain name (FQDN). Procedre 1. In the Step 3 of 4 SmartConnect Settings dialog box, type a Zone name for the SmartConnect zone that this IP address pool represents. The zone name mst be niqe among the pools served by the SmartConnect service sbnet specified in Step 3 below. 2. In the Connection policy list, select the type of connection balancing policy set by the IP address pool of this sbnet. The connection balancing policy determines how SmartConnect distribtes incoming DNS reqests across the members of an IP address pool. 358 OneFS 7.1 Web Administration Gide

359 Networking Options Rond Robin Connection Cont Description Selects the next available node on a rotating basis, and is the defalt policy if no other policy is selected. Determines the nmber of open TCP connections on each available node to optimize the clster sage. Network Throghpt Sets the overall average throghpt volme on each available node to optimize the clster sage. CPU Usage Examines average CPU tilization on each available node to optimize the clster sage. 3. In the SmartConnect service sbnet list, select the name of the external network sbnet whose SmartConnect service will answer DNS reqests on behalf of the IP address pool. A pool can have only one SmartConnect service answering DNS reqests. If this option is left blank, the IP address pool the sbnet belongs to is exclded when SmartConnect answers incoming DNS reqests for the clster. Note If yo have activated a SmartConnect Advanced license, complete the following steps for the options in the SmartConnect Advanced section of this wizard page. 4. In the IP allocation method list, select the method by which IP addresses are assigned to the member interfaces for this IP address pool: Options Static Description Select this IP allocation method to assign IP addresses when member interfaces are added to the IP pool. As members are added to the pool, this method allocates the next nsed IP address from the pool to each new member. After an IP address is allocated, the pool member keeps the address indefinitely nless one of the following items is tre: The member interface is removed from the network pool. The member node is removed from the clster. The member interface is moved to another IP address pool. Dynamic Select this IP allocation method to ensre that all IP addresses in the IP address pool are assigned to member interfaces, which allows clients to connect to any IP addresses in the pool and be garanteed a response. If a node or an interface becomes navailable, their IP addresses are atomatically moved to other available member interfaces in the pool. If yo select the dynamic IP allocation method, yo can specify the SmartConnect Rebalance policy and the IP failover policy in the next two steps. 5. Select the type of SmartConnect Rebalance policy to redistribte IP addresses. IP address redistribtion occrs when node interface members in an IP address pool become available. These options can only be selected if the IP allocation method is set to Dynamic. Adding a sbnet 359

360 Networking Options Atomatic Failback (defalt) Description Atomatically redistribtes IP addresses. The atomatic rebalance is triggered by a change to one of the following items. Clster membership. Clster external network configration. A member network interface. Manal Failback Does not redistribte IP addresses ntil yo manally isse a rebalance command throgh the command-line interface. 6. The IP failover policy also known as NFS failover determines how to redistribte the IP addresses among remaining members of an IP address pool when one or more members are navailable. In order to enable IP failover, set the IP allocation method to Dynamic, and then select an IP failover policy: Options Rond Robin Connection Cont Description Selects the next available node on a rotating basis, and is the defalt policy if no other policy is selected. Determines the nmber of open TCP connections on each available node to optimize the clster sage. Network Throghpt Sets the overall average throghpt volme on each available node to optimize the clster sage. CPU Usage Examines average CPU tilization on each available node to optimize the clster sage. 7. Click Next to store the changes that yo made to this wizard page. The Step 4 of 4 IP Address Pool members dialog box appears. After yo finish Select interface members for a new sbnet The next step in the process of adding a new sbnet is adding network interface members. Yo can select which network interfaces are in the IP address pool that belongs to the external network sbnet. Before yo begin Yo mst specify basic sbnet settings and add at least one IP address pool range to the new sbnet by completing previos sbnet wizard pages. Procedre 1. In the Step 4 of 4 IP Address Pool Members dialog box, select which Available interfaces on which nodes yo want to assign to the crrent IP address pool, and then click the right arrow btton to move them to the Interfaces in crrent pool. Alternatively, drag and drop the selected interfaces between the Available interfaces table and the Interfaces in crrent pool table. Selecting an available interface for a node that has a Type designated Aggregation bonds together the external interfaces for the selected node. 360 OneFS 7.1 Web Administration Gide

361 Networking In the case of aggregated links, choose the aggregation mode that corresponds to the switch settings from the Aggregation mode drop-down. Note Managing external network sbnets Modify external sbnet settings Configring link aggregation reqires advanced knowledge of how to configre network switches. Conslt yor network switch docmentation before configring yor clster for link aggregation. 2. When yo have finished assigning external network interfaces to the IP address pool, click Sbmit. The external sbnet settings yo configred by sing the Sbnet wizard appear on the Edit Sbnet page. Yo can configre sbnets on an external network to manage connections between the EMC Isilon clster and client compters. Yo can modify the sbnet for the external network. Note Modifying an external network sbnet that is in se can disable access to the clster and the web administration interface. OneFS displays a warning if deleting a sbnet will terminate commnication between the clster and the web administration interface. Procedre 1. Click Clster Management > Network Configration. 2. In the External Network Settings area, click the name of the sbnet yo want to modify. 3. In the Settings area, click Edit. 4. Modify the Basic sbnet settings as needed. Options Description Netmask MTU Gateway address Gateway priority Description A descriptive comment that can be p to 128 characters. The sbnet mask for the network interface. This field appears only for IPv4 sbnets. The maximm size of the transmission nits the clster ses in network commnication. Any nmerical vale is allowed, bt might not be compatible with yor network. Common settings are 1500 (standard frames) and 9000 (jmbo frames). The IP address of the gateway server throgh which the clster commnicates with systems otside of the sbnet. The priority of the sbnet's gateway for nodes that are assigned to more than one sbnet. Only one defalt gateway can be configred on each Isilon node, bt each sbnet can have its own gateway. If a node belongs to more than one sbnet, this option enables yo to define the preferred defalt gateway. A Managing external network sbnets 361

362 Networking Options SmartConnect service IP Description vale of 1 is the highest priority, with 10 being the lowest priority. The IP address that receives incoming DNS reqests from otside the clster. SmartConnect responds to these DNS reqests for each IP address pool according to the pool's clientconnection policy. To se connection balance, at least one sbnet mst be configred with a SmartConnect service IP address. 5. Optional: Modify the Advanced settings as needed. Note Configring a virtal LAN reqires advanced knowledge of network switches. Conslt yor network switch docmentation before configring yor clster for a VLAN. If yo are not sing a virtal LAN, leave the VLAN options disabled. Options VLAN tagging VLAN ID Hardware load balancing IPs Description Yo can enable VLAN tagging. VLAN tagging allows a clster to participate in mltiple virtal networks. VLAN spport provides secrity across sbnets that is otherwise available only by prchasing additional network switches. If yo enabled VLAN tagging, type a VLAN ID that corresponds to the ID nmber for the VLAN that is set on the switch, with a vale from 1 to Yo can enter the IP address for a hardware load balancing switch that ses Direct Server Retrn (DSR). Remove an external sbnet 6. Click Sbmit. Yo can delete an external network sbnet that yo no longer need. Deleting an external network sbnet that is in se can prevent access to the clster and the web administration interface. OneFS displays a warning if deleting a sbnet will terminate commnication between the clster and the web administration interface. Procedre 1. Click Clster Management > Network Configration. 2. In the External Network Settings area, click the name of the sbnet yo want to delete. The Edit Sbnet page appears for the sbnet yo specified. 3. Click Delete sbnet. A confirmation dialoge box appears. 4. Click Yes to delete the sbnet. If the sbnet yo are deleting is sed to commnicate with the web administration interface, the confirmation message will contain an additional warning. 362 OneFS 7.1 Web Administration Gide

363 Networking Create a static rote Remove a static rote Yo can create a static rote to connect to networks that are navailable throgh the defalt rotes. Yo configre a static rote on a per-pool basis. A static rote can be configred only with the command-line interface and only with the IPv4 protocol. Procedre 1. Open a secre shell (SSH) connection to any node in the clster and log in. 2. Create a static rote by rnning the following command: isi networks modify pool --name <sbnetname>:<poolname> --add-static-rotes <sbnet>/ <netmask>-<gateway> The system displays otpt similar to the following example: Modifying pool 'sbnet0:pool0': Saving: OK OK 3. To verify that the static rote was created, rn the following command: isi networks ls pools -v. Yo can remove static rotes. Procedre 1. Open a secre shell (SSH) connection to any node in the clster and log in. 2. Remove a static rote by rnning the following command: isi networks modify pool --name <sbnetname>:<poolname> --remove-static-rotes <sbnet>/ <netmask>-<gateway> The system displays otpt similar to the following example: Modifying pool 'sbnet0:pool0': Enable or disable VLAN tagging Saving: OK 3. To ensre that the static rote was created, rn the following command: isi networks ls pools -v. Yo can configre a clster to participate in mltiple virtal private networks, also known as virtal LANs or VLANs. Yo can also configre a VLAN when creating a sbnet sing the Sbnet wizard. Procedre 1. Click Clster Management > Network Configration. 2. In the External Network Settings area, click the name of the sbnet that contains the IP address pool that yo want to add interface members to. 3. In the Settings area for the sbnet, click Edit. 4. In the VLAN tagging list, select Enabled or Disabled. If yo select Enabled, proceed to the next step. If yo select Disabled, proceed to Step In the VLAN ID field, type a nmber between 2 and 4094 that corresponds to the VLAN ID nmber set on the switch. Managing external network sbnets 363

364 Networking 6. Click Sbmit. Managing IP address pools IP address pools allow yo to manage the IP addresses clients se to connect to an EMC Isilon clster. Yo can also add network interfaces to IP address pools. Each IP address pool is associated with a sbnet. Add an IP address pool Yo can add an IP address pool to a external network sbnet. Procedre 1. Click Clster Management > Network Configration. 2. Click the name of the sbnet to which yo are adding an IP address pool. 3. In the IP Address Pools area, click Add pool. 4. Specify basic settings for the new IP address pool and click Next. 5. Optional: Specify SmartConnect settings and click Next. 6. Optional: Add network interface members and click Sbmit. Modify an IP address pool Delete an IP address pool Modify a SmartConnect zone Yo can se the web interface to modify IP address pool settings. Procedre 1. Click Clster Management > Network Configration. 2. Click the name of the sbnet containing the pool yo want to modify. 3. In the Basic Settings area, click Edit for the IP address pool yo want to modify. 4. Modify the address pool settings and click Sbmit. Yo can se the web interface to delete IP address pool settings. Procedre 1. Click Clster Management > Network Configration. 2. Click the name of the sbnet containing the pool yo want to delete. 3. Click Delete pool by the pool yo want to delete. Yo can modify the settings of a SmartConnect zone that yo created for an external network sbnet sing the Sbnet wizard. Procedre 1. Click Clster Management > Network Configration. 2. Click the name of the external network sbnet that contains the SmartConnect zone yo want to modify. 3. In the SmartConnect settings area of the pool containing the SmartConnect settings yo want to modify, click Edit. 4. Modify the Zone name, and then click Sbmit. The SmartConnect zone shold be a flly-qalified domain name (FQDN). 364 OneFS 7.1 Web Administration Gide

365 Networking Disable a SmartConnect zone Yo can remove a SmartConnect zone from an external network sbnet. Procedre 1. Click Clster Management > Network Configration. 2. Click the name of the external network sbnet that contains the SmartConnect zone yo want to disable. 3. In the SmartConnect settings area for the pool containing the SmartConnect zone yo want to delete, click Edit. 4. To disable the SmartConnect zone, delete the name of the SmartConnect zone from the Zone name field and leave the field blank. 5. Click Sbmit to disable the SmartConnect zone. Configre IP failover Yo can configre IP failover to reassign an IP address from an navailable node to a fnctional node, which enables clients to contine commnicating with the clster, even after a node becomes navailable. Procedre 1. Click Clster Management > Network Configration 2. In the External Network Settings area, click the name of the sbnet for which yo want to set p IP failover. 3. Expand the area of the pool yo want to modify and click Edit in the SmartConnect Settings area. 4. Optional: In the Zone name field, enter a name for the zone, sing no more than 128 characters. 5. In the Connection Policy list, select a balancing policy: Options Rond Robin Connection Cont Description Selects the next available node on a rotating basis, and is the defalt state if no other policy is selected. Determines the nmber of open TCP connections on each available node to optimize the clster sage. Network Throghpt Uses the overall average throghpt volme on each available node to optimize the clster sage. CPU Usage Examines average CPU tilization on each available node to optimize the clster sage. 6. If yo prchased a license for SmartConnect Advanced, yo will also have access to the following lists: IP allocation method This setting determines how IP addresses are assigned to clients. Select either Dynamic or Static. Rebalance Policy This setting defines the client redirection policy for when a node becomes navailable. The IP allocation list mst be set to Dynamic in order for rebalance policy options to be selected. Managing IP address pools 365

366 Networking IP failover policy This setting defines the client redirection policy when an IP address becomes navailable. Allocate IP addresses to accommodate new nodes Yo can expand capacity by adding new nodes to yor Isilon clster. After the hardware installation is complete, yo can allocate IP addresses for a new node on one of the clster's existing external network sbnets, and then add the node's external interfaces to the sbnet's IP address pool. Yo can also se network provisioning rles to atomate the process of configring the external network interfaces for new nodes when they are added to a clster, althogh yo may still need to allocate more IP addresses for the new nodes, depending on how many are already configred. Procedre 1. Click Clster Management > Network Configration. 2. In the External Network Settings area, click the name of the sbnet that contains the IP address pool that yo want to allocate more IP addresses to in order to accommodate the new nodes. 3. In the Basic settings area, click Edit. 4. Click New to add a new IP address range sing the Low IP and High IP fields. or click the respective vale in either the Low IP or High IP colmns and type a new beginning or ending IP address. 5. Click Sbmit. 6. In the Pool members area, click Edit. Managing network interface members Modify the interface members of a sbnet 7. In the Available Interfaces table, select one or more interfaces for the newly added node, and then click the right arrow btton to move the interfaces into the Interfaces in crrent pool table. 8. Click Sbmit to assign the new node interfaces to the IP address pool. Yo can assign nodes and network interfaces to specific IP address pools. Yo can also aggregate network interfaces and specify the aggregation method. Yo can se the web interface to modify interface member settings. Procedre 1. Click Clster Management > Network Configration. 2. In the External Network Settings area, click the sbnet containing the interface members yo want to modify. 3. Click Edit next to the Pool members area. 366 OneFS 7.1 Web Administration Gide

367 Networking Remove interface members from an IP address pool Configre NIC aggregation Yo can se the web interface to remove interface members from an IP address pool. Procedre 1. Click Clster Management > Network Configration. 2. In the External Network Settings area, click the name of the sbnet containing the IP address pool that yo want to remove the interface member(s) for. 3. In the Pool members area, click Edit. 4. Remove a node's interface from the IP address pool by clicking the node's name in the Interfaces in crrent pool colmn, and then click the left arrow btton. Yo can also drag and drop node interfaces between the Available Interfaces list and the Interfaces in crrent poolcolmn. 5. When yo have finished removing node interfaces from the IP address pool, click Sbmit. Yo can configre clster IP address pools to se NIC aggregation. Before yo begin Yo mst enable NIC aggregation on the clster before yo can enable NIC aggregation on the switch. If the clster is configred bt the switch is not configred, then the clster can contine to commnicate. If the switch is configred, bt the clster is not configred, the clster cannot commnicate, and yo are nable to configre the clster for NIC aggregation. This procedre describes how to configre network interface card (NIC) aggregation for an IP address pool belonging to an existing sbnet. Yo can also configre NIC aggregation while configring an external network sbnet sing the Sbnet wizard. Configring NIC aggregation means that mltiple, physical external network interfaces on a node are combined into a single logical interface. If a node has two external Gigabit Ethernet interfaces, both will be aggregated. On a node with both Gigabit and 10 Gigabit Ethernet interfaces, both types of interfaces can be aggregated, bt only with interfaces of the same type. NIC aggregation cannot be sed with mixed interface types. An external interface for a node cannot be sed by an IP address pool in both an aggregated configration and an individal interface. Yo mst remove the individal interface for a node from the Interfaces in crrent pool table before configring an aggregated NIC. Otherwise, the web administration interface displays an error message when yo click Sbmit. Note Configring link aggregation reqires advanced knowledge of network switches. Conslt yor network switch docmentation before configring yor clster for NIC aggregation. Procedre 1. Click Clster Management > Network Configration. 2. In the External Network Settings area, click the name of the sbnet that contains the IP address pool that yo want to add aggregated interface members to. 3. In the Pool members area, click Edit. In the case of mltiple IP address pools, expand the pool that yo want to add the aggregated interfaces to, and then click Edit in the Pool members area. Managing network interface members 367

368 Networking 4. In the Available interfaces table, click the aggregated interface for the node, which is indicated by a listing of AGGREGATION in the Type colmn. For example, if yo want to aggregate the network interface card for Node 2 of the clster, click the interface named ext-agg, Node 2 nder Available interfaces, and then click the right-arrow btton to move the aggregated interface to the Interfaces in crrent pool table. 5. From the Aggregation mode drop-down, select the appropriate aggregation mode that corresponds to the network switch settings. Note Conslt yor network switch docmentation for spported NIC aggregation modes. OneFS spports the following NIC aggregation modes: Options Link Aggregation Control Protocol (LACP) Legacy Fast EtherChannel (FEC) mode Etherchannel (FEC) Active / Passive Failover Rond-Robin Tx Description Spports the IEEE 802.3ad Link Aggregation Control Protocol (LACP). This method is recommended for switches that spport LACP and is the defalt mode for new pools. This method is compatible with aggregated configrations in earlier versions of OneFS. This method is the newer implementation of the Legacy FEC mode. This method transmits all data transmits throgh the master port, which is the first port in the aggregated link. The next active port in an aggregated link takes over if the master port is navailable. This method balances otbond traffic across all active ports in the aggregated link and accepts inbond traffic on any port. 6. Click Sbmit. NIC and LNI aggregation options Network interface card (NIC) and logical network interface (LNI) mapping options can be configred for aggregation. The following list provides gidelines for interpreting the aggregation options. Nodes spport mltiple network card configrations. LNI nmbering corresponds to the physical positioning of the NIC ports as fond on the back of the node. LNI mappings are nmbered from left to right. Aggregated LNIs are listed in the order in which they are aggregated at the time they are created. NIC names correspond to the network interface name as shown in command-line interface tools sch as ifconfig and netstat. 368 OneFS 7.1 Web Administration Gide

369 Networking LNI NIC Aggregated LNI Aggregated NIC Aggregated NIC (Legacy FEC mode ext-1 em0 ext-agg = ext-1 + ext-2 lagg0 fec0 ext-2 em1 ext-1 em2 ext-agg = ext-1 + ext-2 lagg0 fec0 ext-2 em3 ext-agg-2 = ext-3 + ext-4 lagg1 fec1 ext-3 ext-4 em0 em1 ext-agg-3 = ext-3 + ext-4 + ext-1 + ext-2 lagg2 fec2 ext-1 em0 ext-agg = ext-1 + ext-2 lagg0 fec0 ext-2 em1 10gige-agg-1 = 10gige gige-2 lagg1 fec1 10gige-1 cxgb0 10gige-1 cxgb1 Remove an aggregated NIC from an IP address pool Yo can remove an aggregated NIC configration from an IP address pool if yor network environment has changed. However, yo mst first replace the aggregated setting with single-nic settings in order for the node to contine spporting network traffic. Procedre Move nodes between IP address pools 1. Click Clster Management > Network Configration. 2. In the External Network Settings area, click the name of the sbnet that contains the IP address pol with the NIC aggregation settings yo want to remove. 3. In the Pool members area, click Edit. 4. Select the name of the aggregated NIC for the node that yo want to remove in the Interfaces in crrent pool table, and then click the left arrow btton to move the name into the Available interfaces table. 5. Select one or more individal interfaces for the node in the Available interfaces table, and then click the right arrow btton to move the interfaces into the Interfaces in crrent pool table. 6. When yo have completed modifying the node interface settings, click Sbmit. Yo can move nodes between IP address pools in the event of a network reconfigration or installation of a new network switch. The process of moving nodes between IP address pools involves creating a new IP address pool and then assigning it to the nodes so that they are temporarily servicing mltiple sbnets. After testing that the new IP address pool is working correctly, the old IP address pool can safely be deleted. Procedre 1. Create a new IP address pool with the interfaces belonging to the nodes yo want to move. 2. Verify that the new IP address pool fnctions properly by connecting to the nodes yo want to move with IP addresses from the new pool. Managing network interface members 369

370 Networking 3. Delete the old IP address pool. Reassign a node to another external sbnet Yo can move a node interface to a different sbnet. Nodes can be reassigned to other sbnets. Procedre 1. Click Clster Management > Network Configration. 2. In the External Settings area, click the sbnet containing the node that yo want to modify. 3. In the IP Address Pools area, click Edit next to the Pool members area. 4. Reassign the interface members that yo want to move by dragging and dropping them from one colmn to other, or by clicking on an interface member and sing the left arrow and right arrow bttons. Configre DNS settings Yo can configre the domain name servers (DNS) and DNS search list to resolve host names for the EMC Isilon clster. Procedre 1. Click Clster Management > Networking Configration. 2. In the DNS Settingsarea, click Edit. 3. In the Domain name server(s) field, enter p to three domain name server IP addresses. Yo can specify domain name server addresses in IPv4 or IPv6 format. 4. In the DNS search list field, enter p to six DNS search sffixes. DNS search sffixes are appended to nqalified host names. 5. Optional: In the DNS resolver options field, enter advanced DNS configration variables. Note Setting DNS resolver options may change how OneFS performs DNS lookps. Do not set DNS resolver options nless directed to do so by Isilon Technical Spport. 6. Click Sbmit. Managing external client connections with SmartConnect Configre client connection balancing Yo can manage settings that determine how IP addresses are allocated to client connection reqests. With the Basic SmartConnect modle, yo can specify connection balancing and IP allocation policies. If yo have activated a Advanced SmartConnect license, yo can also specify settings that manage IP failover and rebalancing. Yo can configre connection balancing for yor clster's external network connections with SmartConnect. Before yo begin 370 OneFS 7.1 Web Administration Gide Yo mst first enable SmartConnect by setting p a SmartConnect service address on the external network sbnet that answers incoming DNS reqests.

371 Networking Yo might have already configred SmartConnect while setting p an external network sbnet sing the Sbnet wizard. However, yo can configre or modify connection balancing settings at any time as yor networking reqirements change. Procedre 1. Click Clster Management > Network Configration. 2. In the External Network Settings area, click the link for the sbnet that yo want to configre for connection balancing. 3. In the Settings area, verify that the SmartConnect service IP was configred. If the SmartConnect service IP field reads Not set, click Edit, and then specify the IP address that DNS reqests are directed to. 4. In the SmartConnect settings area, click Edit. 5. In the Zone name field, type a name for the SmartConnect zone that this IP address pool represents. The zone name mst be niqe among the pools served by the SmartConnect service sbnet that is specified in Step 7 below. 6. In the Connection policy drop-down list, select the type of connection balancing policy that is configred for the IP address pool for this zone. The policy determines how SmartConnect distribtes incoming DNS reqests across the members of an IP address pool. Note Rond robin is the only connection policy available if yo have not activated a SmartConnect Advanced license. Options Rond Robin Connection Cont Description Selects the next available node on a rotating basis, and is the defalt policy if no other policy is selected. Determines the nmber of open TCP connections on each available node to optimize the clster sage. Network Throghpt Sets the overall average throghpt volme on each available node to optimize the clster sage. CPU Usage Examines average CPU tilization on each available node to optimize the clster sage. 7. In the SmartConnect service sbnet list, select the name of the external network sbnet whose SmartConnect service answers DNS reqests on behalf of the IP address pool. A pool can have only one SmartConnect service answering DNS reqests. If this option is left blank, the IP address pool that the SmartConnect service belongs to is exclded when SmartConnect answers incoming DNS reqests for the clster. If yo have activated a SmartConnect Advanced license, complete the following steps in the SmartConnect Advanced area. 8. In the IP allocation method list, select the method by which IP addresses are assigned to the member interfaces for this IP address pool. Configre client connection balancing 371

372 Networking Managing network interface provisioning rles Create a node provisioning rle Yo can configre provisioning rles to atomate the configration of external network interfaces. Provisioning rles specify how new nodes are configred when they are added to an EMC Isilon clster If the new node type matches the type defined in a rle, the new node's interface name is added to the sbnet and the IP address pool specified in the rle. For example, yo can create a provisioning rle that configres new Isilon storage nodes, and another rle that configres new accelerator nodes. OneFS atomatically checks for mltiple provisioning rles when new rles are added to ensre there are no conflicts. Configre one or more provisioning rles to atomate the process of adding new nodes to yor Isilon clster. All Isilon nodes spport provisioning rles. Before yo begin External network sbnets and IP address pools mst be configred before creating node provisioning rles. Yo mst also verify that the IP address pool inclded in the provisioning rle has sfficient IP addresses to accommodate the new node's client connections. Procedre 1. Click Clster Management > Network Configration. 2. In the Provisioning Rles area, click Add rle. 3. In the Name field, type a niqe name for the provisioning rle. The rle name can be a maximm of 32 characters and can inclde spaces or other pnctation. 4. Optional: In the Description field, type a descriptive comment abot the provisioning rle. 5. In the If node type is list, select the type of node to which yo want to apply the rle: Options Any Storage-i Accelerator-i Storage Accelerator Description Apply the provisioning rle to all types of Isilon nodes that join the clster. Apply the provisioning rle only to Isilon i-series storage nodes that join the clster. Apply the provisioning rle only to Isilon i-series performance accelerator nodes that join the clster. Apply the provisioning rle only to Isilon storage nodes that join the clster. Apply the provisioning rle only to performance-accelerator nodes that join the clster. 372 OneFS 7.1 Web Administration Gide

373 Networking Options Backp-Accelerator Description Apply the provisioning rle only to Isilon backp-accelerator nodes that join the clster. 6. In the then assign interface list, assign one of the following interfaces to the external network sbnet and IP address pool for the node specified in the rle: Options ext-1 ext-2 ext-3 ext-4 ext-agg ext-agg-2 ext-agg-3 ext-agg-4 10gige-1 10gige-2 10gige-agg-1 Description The first external Gigabit Ethernet interface on the clster. The second external Gigabit Ethernet interface on the clster. The third external Gigabit Ethernet interface on the clster. The forth external Gigabit Ethernet interface on the clster. The first and second external Gigabit Ethernet interfaces aggregated together. The third and forth external Gigabit Ethernet interfaces aggregated together. The first for external Gigabit Ethernet interfaces aggregated together. All six Gigabit Ethernet interfaces aggregated together. The first external 10 Gigabit Ethernet interface on the clster. The second external 10 Gigabit Ethernet interface on the clster. The first and second external 10 Gigabit Ethernet interfaces aggregated together. 7. In the Sbnet list, select the external sbnet that the new node will join. 8. In the Pool list, select the IP address pool of the sbnet that shold be sed by the new node. 9. Click Sbmit. Modify a node provisioning rle Yo can modify node provisioning rles. Procedre 1. Click Clster Configration > Network Configration. 2. In the Provisioning Rles area, click the name of the rle yo want to modify. 3. Modify the provisioning rle settings as needed. 4. Click Sbmit. Modify a node provisioning rle 373

374 Networking Delete a node provisioning rle Yo can delete a provisioning rle that is no longer necessary. Procedre 1. Click Clster Management > Network Configration. 2. In the Provisioning Rles area, click Delete next to the rle yo want to delete. A confirmation dialog box appears. 3. Click Yes to delete the rle, or click No to keep the rle. 374 OneFS 7.1 Web Administration Gide

375 CHAPTER 21 Hadoop This section contains the following topics: Hadoop overview OneFS Hadoop spport Hadoop clster integration Managing HDFS Secring HDFS connections throgh Kerberos Hadoop 375

376 Hadoop Hadoop overview OneFS Hadoop spport Hadoop is a flexible, open-sorce framework for large-scale distribted comptation. The OneFS file system can be configred for native spport of the Hadoop Distribted File System (HDFS) protocol, enabling yor clster to participate in a Hadoop system. HDFS integration reqires yo to activate a separate license. To obtain additional information or to enable HDFS spport for yor EMC Isilon clster, contact yor EMC Isilon sales representative. An HDFS implementation adds HDFS to the list of protocols that can be sed to access the OneFS file system. Implementing HDFS on an Isilon clster does not create a separate HDFS file system. The clster can contine to be accessed throgh NFS, SMB, FTP, and HTTP. The HDFS implementation from Isilon is a lightweight protocol layer between the OneFS file system and HDFS clients. Unlike with a traditional HDFS implementation, files are stored in the standard POSIX-compatible file system on an Isilon clster. This means files can be accessed by the standard protocols that OneFS spports, sch as NFS, SMB, FTP, and HTTP as well as HDFS. Files that will be processed by Hadoop can be loaded by sing standard Hadoop methods, sch as hadoop fs -pt, or they can be copied by sing an NFS or SMB mont and accessed by HDFS as thogh they were loaded by Hadoop methods. Also, files loaded by Hadoop methods can be read with an NFS or SMB mont. The spported versions of Hadoop are as follows: Apache Hadoop Apache Hadoop Apache Hadoop 1.0.x Apache Hadoop Apache Hadoop 2.0.x CDH 3 CDH 4 CDH 4.2 Greenplm HD 1.1 Greenplm HD 1.2 Pivotal HD HAWQ Hortonworks Data Platform OneFS 7.1 Web Administration Gide

377 Hadoop Hadoop clster integration Managing HDFS Configre the HDFS protocol To enable native HDFS spport in OneFS, yo mst integrate the Isilon clster with a clster of Hadoop compte nodes. This process reqires configration of the Isilon clster as well as each Hadoop compte node that needs access to the clster. To keep the HDFS service performing efficiently on an Isilon clster, yo will need to be familiar with the ser and system configration options available as part of an HDFS implementation. Yo can manage an HDFS implementation by sing the following methods: Hadoop client machines are configred directly throgh their Hadoop installation directory. A secre shell (SSH) connection to a node in the Isilon clster is sed to configre the HDFS service. Yo can specify which HDFS distribtion to se, and yo can set the logging level, the root path, the Hadoop block size, and the nmber of available worker threads. By defalt, sbnet0:pool0 binds to the /defalt-rack. As a reslt, a Hadoop client connects over HDFS to the datanodes with interfaces that are assigned to the pool. Yo configre HDFS by rnning the isi hdfs command in the OneFS command-line interface. Procedre 1. Open a secre shell (SSH) connection to any node in the clster and log in by sing the root accont. Note Yo can combine mltiple options with a single isi hdfs command. For command sage and syntax, rn the isi hdfs -h command. 2. To set the defalt logging level for the Hadoop daemon across the clster, rn the isi hdfs command with the --log-level option. Valid vales are listed below, in descending order from the highest to the lowest logging level. The defalt vale is NOTICE. The vales are case-sensitive. EMERG: A panic condition. This is normally broadcast to all sers. ALERT: A condition that shold be corrected immediately, sch as a corrpted system database. CRIT: Critical conditions, sch as hard device errors. ERR: Errors. WARNING: Warning messages. NOTICE: Conditions that are not error conditions, bt may need special handling. INFO: Informational messages. Hadoop clster integration 377

378 Hadoop DEBUG: Messages that contain information typically of se only when debgging a program. For example, the following command sets the log level to WARNING: isi hdfs --log-level=warning 3. To set the path on the clster to present as the HDFS root directory, rn the isi hdfs command with the --root-path option. Valid vales inclde any directory path beginning at /ifs, which is the defalt HDFS root directory. For example, the following command sets the root path to /ifs/hadoop: isi hdfs --root-path=/ifs/hadoop 4. To set the Hadoop block size, rn the isi hdfs command with the --block-size option. Valid vales are 4KB to 1GB. The defalt vale is 64MB. For example, the following command sets the block size to 32 MB: isi hdfs --block-size=32mb 5. To tne the nmber of worker threads that HDFS ses, rn the isi hdfs command with the --nm-threads option. Valid vales are 1 to 256 or ato, which is calclated as twice the nmber of cores. The defalt vale is ato. For example, the following command specifies 8 worker threads: isi hdfs --nm-threads=8 6. To allocate IP addresses from an IP address pool, rn the isi hdfs racks modify command. The following command allocates IP addresses from a pool named pool1, which is in the sbnet0 sbnet. isi hdfs racks modify --name=/defalt-rack --add-ippool=sbnet0:pool1 Note All pools are assigned to the /defalt-rack by defalt. After yo finish To access files on OneFS by sing the HDFS protocol, yo mst first create a local Hadoop ser that maps to a ser on a Hadoop client. The ser can be any local ser. Create a local ser To access files on OneFS by sing the HDFS protocol, yo mst first create a local Hadoop ser that maps to a ser on a Hadoop client. Procedre 1. Open a secre shell (SSH) connection to any node in the clster and log in by sing the root ser accont. 2. At the command prompt, rn the isi ath sers create command to create a local ser. For example, isi ath sers create --name="ser1". 378 OneFS 7.1 Web Administration Gide

379 Hadoop Enable or disable the HDFS service The HDFS service, which is enabled by defalt after yo activate an HDFS license, can be enabled or disabled by rnning the isi services command. Procedre 1. Open a secre shell (SSH) connection to any node in the clster and log in by sing the root ser accont. 2. At the command prompt, rn the isi service command to enable or disable the HDFS service, isi_hdfs_d. To enable the HDFS service, rn the following command: isi services isi_hdfs_d enable To disable the HDFS service, rn the following command: isi services isi_hdfs_d disable Secring HDFS connections throgh Kerberos Yo can secre HDFS connections on a clster with either MIT Kerberos or Microsoft Active Directory with Kerberos. Configring HDFS athentication with MIT Kerberos Yo can configre HDFS to athenticate throgh MIT Kerberos on an EMC Isilon clster. Before yo begin, confirm the following checklist items: The clster is rnning properly with HDFS in simple secrity athentication mode. A SmartConnect zone is configred on the Isilon clster and hostname resoltion is correct. System clocks on the Isilon nodes and the Hadoop clients are synchronized with a formal time sorce sch as Active Directory or NTP. Yo know how to configre Linx and Unix systems to work with Kerberos. Yo know how to manage an EMC Isilon clster throgh the command-line interface. Yo mst perform the following tasks in seqence to configre HDFS athentication throgh Kerberos. 1. Configre the realm, hostnames, and domain for HDFS. 2. Configre OneFS for Kerberos. 3. Configre the krb5.conf file. 4. Configre clster settings for HDFS. 5. Modify Hadoop configration files for Kerberos athentication. For more information abot athenticating HDFS connections throgh Kerberos, see the white paper EMC Isilon Best Practices for Hadoop Data Storage. Enable or disable the HDFS service 379

380 Hadoop Configre the realm, hostnames, and domain for HDFS Yo mst add yor realm, set the host names of the KDC and the KDC admin server, and specify the defalt realm as part of setting p Kerberos athentication over HDFS. Before yo begin These instrctions assme the following prereqisites: Yo have already configred a Kerberos system with a resolvable hostname for the KDC and a resolvable hostname for the KDC admin server. Yo know how to configre client compters to work with Kerberos athentication. Yo have established an SSH connection to a node in the clster and are logged in as the root ser. Realm names mst be ppercase. Procedre Configre OneFS for Kerberos 1. Rn the following command to add the realm and set the KDC and KDC admin server, where <REALM>, <kdc-hostname>, and <kdc-admin-server-hostname> are placeholders for yor realm, KDC, and KDC admin server, respectively: isi ath krb5 add realm --realm=<realm> \ --kdc=<kdc-hostname> \ --admin-server=<kdc-admin-server-hostname> 2. Then rn the following command to set the defalt realm, where <REALM> is the name that yo specified for the realm name: isi ath krb5 modify defalt --defalt-realm=<realm> 3. Next, write a krb5.conf file by rnning the following command: isi ath krb5 write 4. Rn the following command to verify that yo added the realm correctly: kadmin -p <admin-principal-name> kadmin: qit Yo mst configre clster settings and then create and copy a keytab file to nodes on the clster. Before yo begin These instrctions assme the following prereqisites: Yo have already configred a Kerberos system with a resolvable hostname for the KDC and a resolvable hostname for the KDC admin server. Yo know how to configre client compters to work with Kerberos athentication. Yo have created a SmartConnect zone for yor Isilon clster. If yo have not, see Managing external client connections with SmartConnect. Yo configre the clster to se the principal that matches the name of the SmartConnect zone that yo created. This principal mst be added to the KDC and exported to the keytab file, which is then copied to the nodes in the clster. Procedre 1. Rn the following command to set the HDFS principal to be sed and retrn the principal that yo mst add to yor KDC, where <SmartConnect-zone-name> is the name 380 OneFS 7.1 Web Administration Gide

381 Hadoop of the SmartConnect zone that yo created for yor clster. Yo mst be logged on as the root ser to rn this command: isi hdfs krb5 --kerb-instance=<smartconnect-zone-name> 2. Rn the following commands on the clster with the kadmin tility to create a principal on the KDC, where <admin-principal-name> is the vale for the admin credentials for yor KDC, and the principal that is being created is the one retrned from the previos command: kadmin -p <admin-principal-name> add_principal -randkey hdfs/<smartconnect-zone-name> 3. In the kadmin tility, rn the following command to add the principal to a keytab file and export the keytab file with a niqe file name: ktadd -k <keytab /path/filename> hdfs/<smartconnect-zone-name> kadmin: qit 4. In the OneFS command-line interface, secrely copy the keytab file to all the nodes in yor clster. Yo can script this copying task if yo have several nodes. The following command is jst one example of a script that copies the keytab files to every node: Configre the HDFS daemon to se yor keytab file for ip in `isi_nodes %{internal}`; do scp <keytab /path/filename> $ip:/etc/; done Yor final step in configring Kerberos athentication over HDFS is to configre the HDFS daemon to se yor keytab file. Before yo begin Yo mst be logged in as the root ser to rn this command. Yo mst set the OneFS HDFS daemon to se the keytab file that yo exported: Procedre 1. In the OneFS command-line interface, configre the OneFS HDFS daemon to se the keytab file that yo exported by rnning the following command, where <filename> is a placeholder for the name of yor keytab file: isi hdfs krb5 --keytab=/etc/<filename> After yo finish Yo mst modify the Hadoop configration files on yor Hadoop clients as the final step in configring HDFS athentication throgh Kerberos. Configring HDFS athentication with Active Directory Kerberos Yo can athenticate and athorize HDFS connections with Kerberos and Microsoft Active Directory. Before yo begin, confirm the following checklist items: The clster is rnning properly with HDFS in simple secrity athentication mode. A SmartConnect zone is configred on the Isilon clster and hostname resoltion is correct. Yo know how to configre Linx and Unix systems to work with Kerberos and Active Directory. Yo know how to manage an EMC Isilon clster throgh the command-line interface. Yo mst perform the following tasks in seqence to configre HDFS athentication throgh Active Directory Kerberos. Configring HDFS athentication with Active Directory Kerberos 381

382 Hadoop 1. Create HDFS ser acconts in Active Directory. 2. Create keytab files for HDFS ser acconts. 3. Configre the krb5.conf file. 4. Configre clster settings for HDFS. Create HDFS ser acconts in Active Directory 5. Modify Hadoop configration files for Kerberos athentication. For more information abot athenticating HDFS connections throgh Kerberos, see the white paper EMC Isilon Best Practices for Hadoop Data Storage. Yo mst create HDFS-specific ser acconts in Active Directory before yo configre Kerberos athentication. Yo mst create ser acconts in Active Directory for HDFS, the JobTracker, and the TaskTracker with a service principal name. Note After yo configre Kerberos athentication, yo cannot se a local ser on a Hadoop compte client to access HDFS data on an EMC Isilon clster; yo mst se an accont in Active Directory. Procedre 1. With standard Active Directory tools, create HDFS ser acconts, similar to the following patterns for the three service principal names, where <jt-sername>@<domain> and <tt-ser-name>@<domain> are placeholders for JobTracker and TaskTracker ser names: hdfs@<domain> <jt-ser-name>@<domain> <tt-ser-name>@<domain> Create keytab files for HDFS ser acconts Yo mst create keytab files for the HDFS ser acconts with Microsoft's ktpass tility and distribte them to Hadoop compte clients. After the keytab files are created, yo mst distribte them to the Hadoop compte clients that need them. To avoid accont name conflicts after yo configre Kerberos, yo may need to delete any local acconts on yor Isilon clster if yo created them for the Hadoop services; that is, ser acconts sch as hdfs, mapred, and hadoop, in addition to the local grop named hadoop. Procedre 1. Rn a command similar to the following example to create keytab files for Active Directory sers with the ktpass tility: ktpass princ <ser>/<comptername>@<domain> \ mapser<ser>@<domain> +rndpass -ot Docments/ser.keytab \ /ptype KRB5_NT_PRINCIPAL 2. Establish a secre connection sch as SCP and distribte the keytab files to the Hadoop compte clients that need them. 382 OneFS 7.1 Web Administration Gide

383 Hadoop Note Configre clster settings for HDFS The Kerberos keytab file contains an encrypted, local copy of the host's key, which if compromised may potentially allow nrestricted access to the host compter. It is crcial to protect the keytab file with file-access permissions. Yo mst configre settings on the clster as part of setting p HDFS athentication with Active Directory and Kerberos. Before yo begin These instrctions assme the following prereqisites: Yo know how to configre client compters to work with Kerberos athentication. Yo have established an SSH connection to a node in the clster and are logged in as the root ser. Procedre 1. Rn the following commands to join the clster to the Active Directory domain, where <DOMAIN> is a placeholder for yor domain name. Note Yo can skip this command if yo are already joined to a domain: isi ath ads create <DOMAIN> administrator isi ath ads modify --provider-name=<domain> --assme-defaltdomain=tre 2. Next, rn the following commands, where <SmartConnect-zone-name> is a placeholder for the SmartConnect zone that the Hadoop compte clients are connecting to: isi hdfs krb5 --kerb-instance=<smartconnect-zone-name> isi hdfs krb5 --keytab=dynamic:/sr/lib/ \ kt_isi_pstore.so:hdfs:<domain> isi ath ads spn create --spn=hdfs/<smartconnect-zone-name> \ --domain=<domain> --ser=administrator After yo finish Yo mst modify the Hadoop configration files on yor Hadoop clients as the final step in configring HDFS athentication with Kerberos throgh Active Directory. Modifying Hadoop configration files for Kerberos athentication Yo mst modify for files when yo make changes to Kerberos athentication over HDFS. To configre Kerberos athentication, yo mst modify for Hadoop configration files on yor Hadoop compte clients: krb5.conf mapred-site.xml hdfs-site.xml core-site.xml Yo mst restart the Hadoop daemons on the compte clients to apply the changes. Modifying Hadoop configration files for Kerberos athentication 383

384 Hadoop Configre the krb5.conf file Modify the hdfs-site.xml file Yo mst configre Hadoop compte client settings to se Active Directory. Before yo begin Yo mst be logged in as the root ser to rn the commands in this task. When yo configre the krb5.conf file on the Hadoop client, yo mst inclde the defalt domain and server settings for the KDC. Procedre 1. On the Hadoop compte client, open the krb5.conf file in a text editor and provide information similar to the following example, where vales in angle brackets are placeholders for vales specific to yor environment: [logging] defalt = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefalts] defalt_realm = <DOMAIN> dns_lookp_realm = false dns_lookp_kdc = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = tre [realms] <DOMAIN> = { kdc = <kdc-hostname> admin_server = <kdc-admin-server-hostname> } [domain_realm].<domain> = <DOMAIN> <DOMAIN> = <DOMAIN> 2. Save and close the krb5.conf. 3. Make sre that both the Isilon clster and the Hadoop compte clients se either Active Directory or the same NTP server as their time sorce. The Kerberos standard reqires that system clocks be no more than 5 mintes apart. Yo mst provide the vales for namenodes and datanodes in the hdfs-site.xml file. On the Hadoop compte client, add the following properties to the hdfs-site.xml file. Procedre 384 OneFS 7.1 Web Administration Gide 1. Open the file hdfs-site.xml with a text editor and make the following changes according to the following example, where <SmartConnect-zone-name> is a placeholder from the resolvable hostname for the EMC Isilon clster: <?xml version="1.0"?> <!-- hdfs-site.xml --> <configration> <property> <name>dfs.namenode.keytab.file</name> <vale>/etc/krb5.keytab</vale> </property> <property> <name>dfs.namenode.kerberos.principal</name>

385 Hadoop DOMAIN></vale> </property> <property> <name>dfs.datanode.keytab.file</name> <vale>/etc/krb5.keytab</vale> </property> <property> <name>dfs.datanode.kerberos.principal</name> DOMAIN></vale> </property> </configration> 2. Save the changes to the file. 3. Restart the Hadoop daemons on the compte client to apply the changes in the Hadoop configration file. Modify the core-site.xml file for athentication and athorization Yo mst provide the vales for athentication and athorization in the coresite.xml file. On the Hadoop compte client, add the following athentication and athorization properties to the core-site.xml file. Procedre 1. Open the file core-site.xml with a text editor and make the following changes, sing the following example for configring two compte clients with a service principal name (SPN): <?xml version="1.0"?> <!-- core-site.xml --> <configration> <property> <name>fs.defalt.name</name> <vale>hdfs://<clster-smarconnect-name>:8020</vale> <!--make sre yo have the isi_hdfs_d license on the clster--> </property> <property> <name>hadoop.rpc.protection</name> <vale>athentication</vale> <description> This field sets the qality of protection for secred sasl connections. Possible vales are athentication, integrity and privacy. Athentication means athentication only and no integrity or privacy; integrity implies athentication and integrity are enabled; and privacy implies all of athentication, integrity and privacy are enabled. </description> </property> <property><property> <name>hadoop.secrity.athentication</name> <vale>kerberos</vale> </property> <property> <name>hadoop.secrity.athorization</name> <vale>tre</vale> </property> </configration> 2. Save the changes to the file. 3. Restart the Hadoop daemons on the compte client to apply the changes in the Hadoop configration file. Modifying Hadoop configration files for Kerberos athentication 385

386 Hadoop Modify the mapred-site.xml file. Yo mst provide the vales for JobTracker and TaskTracker in the mapred-site.xml file. On the Hadoop compte client, add the following athentication and athorization properties in the mapred-site.xml file. Note To rn Hadoop jobs or distcp, yo mst make sre that the principals that the Hadoop daemons are sing, the vale of the TaskTracker s and JobTracker s Kerberos principal in mapred-site.xml, map to sers on the Isilon clster and can be resolved on the clster by sing either OneFS local sers or sers from LDAP or Active Directory. Procedre 1. Open the file mapred-site.xml with a text editor. 2. Add the principal for the JobTracker and the location of its keytab file to mapredsite.xml, sing the following example for configring two compte clients with a service principal name (SPN): <?xml version="1.0"?> <!-- mapred-site.xml --> <configration> <property> <name>mapredce.jobtracker.kerberos.principal</name> <vale><jt-ser-name>/_host@<realm DOMAIN></vale> </property> <property> <name>mapredce.jobtracker.keytab.file</name> <vale>/etc/<jt-ser-name>.keytab</vale> </property> Next, add the principal for the TaskTracker and the location of its keytab file, sing the following example: <property> <name>mapredce.tasktracker.kerberos.principal</name> <vale><tt-ser-name>/_host@<realm DOMAIN></vale> </property> <property> <name>mapredce.tasktracker.keytab.file</name> <vale>/etc/<tt-ser-name>.keytab</vale> </property> </configration> 3. Save the changes to the file. Test the Kerberos connection to the clster 4. Restart the Hadoop daemons on the compte client to apply the changes in the Hadoop configration file. Yo shold verify that the connection to yor clster throgh Kerberos is working. Before yo begin 386 OneFS 7.1 Web Administration Gide These instrctions assme the following prereqisites: Yo have already configred a Kerberos system with a resolvable hostname for the KDC and a resolvable hostname for the KDC admin server. Test the connection from a compte client and then rn a sample MapRedce job to verify yor configration.

387 Hadoop Procedre 1. On a compte client, rn the following commands to validate the connection to the clster: s hdfs kinit hdfs@<realm DOMAIN> $HADOOP_HOME/bin/hadoop fs -ls / 2. Rn commands similar to the following example to initiate a MapRedce job: passwd hdfs <password> s hdfs $HADOOP_HOME/sbin/start-yarn.sh $HADOOP_HOME/bin/hadoop jar \ $HADOOP_EXAMPLES/hadoop-mapredce-examples.jar pi Sample commands for configring MIT Kerberos athentication over HDFS These command-line examples move throgh the commands to set p OneFS to work with an MIT Kerberos 5 KDC. The following command example configres an Isilon SmartConnect zone named waikerb-sc: kdc-demo-1# isi networks modify sbnet --name=sbnet0 \ --sc-service-addr= Modifying sbnet 'sbnet0': Saving: OK kdc-demo-1# isi networks modify pool --name=sbnet0:pool0 \ --zone=wai-kerb-sc --sc-sbnet=sbnet0 Modifying pool 'sbnet0:pool0': Saving: OK The following command example rns on an Isilon node named kdc-demo-1. The name of the MIT Kerberos 5 KDC and admin server is york.east.example.com. kdc-demo-1# isi ath krb5 add realm \ --realm=east.example.com --kdc=york.east.example.com \ --admin-server=york.east.example.com kdc-demo-1# isi ath krb5 modify defalt \ --defalt-realm=east.example.com kdc-demo-1# isi ath krb5 write kdc-demo-1# kadmin -p root/[email protected] Athenticating as principal root/[email protected] with password. Password for root/[email protected]: kadmin: qit kdc-demo-1# ping wai-kerb-sc PING wai-kerb-sc.east.example.com ( ): 56 data bytes 64 bytes from : icmp_seq=0 ttl=64 time=0.561 ms kdc-demo-1# isi hdfs krb5 --kerb-instance=wai-kerb-sc Add this principal to yor KDC: \ hdfs/wai-kerb-sc.east.example.com@<your-realm.com> kdc-demo-1# kadmin -p root/admin Athenticating as principal root/admin with password. Password for root/[email protected]: kadmin: add_principal -randkey hdfs/wai-kerb-sc.east.example.com WARNING: no policy specified for hdfs/[email protected]; defalting to no policy Principal "hdfs/[email protected]" created. kadmin: ktadd -k /ifs/hdfs.keytab hdfs/wai-kerb-sc.east.example.com Entry for principal hdfs/wai-kerb-sc.east.example.com with kvno 3, Sample commands for configring MIT Kerberos athentication over HDFS 387

388 Hadoop Trobleshooting Kerberos athentication encryption type AES-256 CTS mode with 96-bit SHA-1 HMAC added to keytab WRFILE:/ifs/hdfs.keytab. Entry for principal hdfs/wai-kerb-sc.east.example.com with kvno 3, encryption type ArcFor with HMAC/md5 added to keytab WRFILE:/ifs/hdfs.keytab. Entry for principal hdfs/wai-kerb-sc.east.example.com with kvno 3, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/ifs/hdfs.keytab. Entry for principal hdfs/wai-kerb-sc.east.example.com with kvno 3, encryption type DES cbc mode with CRC-32 added to keytab WRFILE:/ifs/hdfs.keytab. kdc-demo-1# for ip in `isi_nodes %{internal}`; do scp /ifs/hdfs.keytab $ip:/etc/;done Password: hdfs.keytab 100% KB/s 0.7KB/s 00:00 Max throghpt: 0.7KB/s kdc-demo-1# kinit -k -t /etc/hdfs.keytab \ hdfs/wai-kerb-sc.east.example.com kdc-demo-1# klist Ticket cache: FILE:/tmp/krb5cc_0 Defalt principal: hdfs/[email protected] Valid starting Expires Service principal 01/28/14 15:15:34 01/29/14 01:15:34 krbtgt/[email protected] renew ntil 01/29/14 15:13:46 kdc-demo-1# kdestroy kdc-demo-1# isi hdfs krb5 --keytab=/etc/hdfs.keytab Kerberos athentication problems can be difficlt to diagnose, bt yo can check the following settings to trobleshoot yor configration. Follow these steps to trobleshoot athentication problems: Check all the configration parameters, inclding the location and validity of the keytab file. Check ser and grop acconts for permissions. Make sre that there are no dplicate acconts across systems, sch as a local hdfs accont on OneFS and an hdfs accont in Active Directory. Make sre that the system clocks on the Isilon nodes and the Hadoop clients are synchronized with a formal time sorce sch as Active Directory or NTP. The Kerberos standard reqires that system clocks be no more than 5 mintes apart. Check to confirm that the service principal name of a Hadoop service, sch as TaskTracker, is not mapped to more than one object in Active Directory. 388 OneFS 7.1 Web Administration Gide

389 CHAPTER 22 Antivirs This section contains the following topics: Antivirs overview On-access scanning Antivirs policy scanning Individal file scanning Antivirs scan reports ICAP servers Spported ICAP servers Anitvirs threat responses Configring global antivirs settings Managing ICAP servers Create an antivirs policy Managing antivirs policies Managing antivirs scans Managing antivirs threats Managing antivirs reports Antivirs 389

390 Antivirs Antivirs overview Yo can scan the files yo store on an Isilon clster for compter virses and other secrity threats by integrating with third-party scanning services throgh the Internet Content Adaptation Protocol (ICAP). OneFS sends files throgh ICAP to a server rnning third-party antivirs scanning software. These servers are referred to as ICAP servers. ICAP servers scan files for virses. After an ICAP server scans a file, it informs OneFS of whether the file is a threat. If a threat is detected, OneFS informs system administrators by creating an event, displaying near real-time smmary information, and docmenting the threat in an antivirs scan report. Yo can configre OneFS to reqest that ICAP servers attempt to repair infected files. Yo can also configre OneFS to protect sers against potentially dangeros files by trncating or qarantining infected files. Before OneFS sends a file to be scanned, it ensres that the scan is not redndant. If a file has already been scanned and has not been modified, OneFS will not send the file to be scanned nless the virs database on the ICAP server has been pdated since the last scan. Note Antivirs scanning is available only if all nodes in the clster are connected to the external network. On-access scanning Yo can configre OneFS to send files to be scanned before they are opened, after they are closed, or both. Sending files to be scanned after they are closed is faster bt less secre. Sending files to be scanned before they are opened is slower bt more secre. If OneFS is configred to ensre that files are scanned after they are closed, when a ser creates or modifies a file on the clster, OneFS qees the file to be scanned. OneFS then sends the file to an ICAP server to be scanned when convenient. In this configration, sers can always access files withot any delay. However, it is possible that after a ser modifies or creates a file, a second ser might access the file before the file is scanned. If a virs was introdced to the file from the first ser, the second ser will be able to access the infected file. Also, if an ICAP server is nable to scan a file, the file will still be accessible to sers. If OneFS ensres that files are scanned before they are opened, when a ser attempts to download a file from the clster, OneFS first sends the file to an ICAP server to be scanned. The file is not sent to the ser ntil the scan is complete. Scanning files before they are opened is more secre than scanning files after they are closed, becase sers can access only scanned files. However, scanning files before they are opened reqires sers to wait for files to be scanned. Yo can also configre OneFS to deny access to files that cannot be scanned by an ICAP server, which can increase the delay. For example, if no ICAP servers are available, sers will not be able to access any files ntil the ICAP servers become available again. If yo configre OneFS to ensre that files are scanned before they are opened, it is recommended that yo also configre OneFS to ensre that files are scanned after they are closed. Scanning files as they are both opened and closed will not necessarily improve secrity, bt it will sally improve data availability when compared to scanning files only when they are opened. If a ser wants to access a file, the file may have already 390 OneFS 7.1 Web Administration Gide

391 Antivirs Antivirs policy scanning Individal file scanning Antivirs scan reports been scanned after the file was last modified, and will not need to be scanned again if the ICAP server database has not been pdated since the last scan. Yo can create antivirs scanning policies that send files from a specified directory to be scanned. Antivirs policies can be rn manally at any time, or configred to rn according to a schedle. Antivirs policies target a specific directory on the clster. Yo can prevent an antivirs policy from sending certain files within the specified root directory based on the size, name, or extension of the file. Antivirs policies do not target snapshots. Only on-access scans inclde snapshots. Antivirs scans are handled by the OneFS job engine, and fnction the same as any system job. Yo can send a specific file to an ICAP server to be scanned at any time. If a virs is detected in a file bt the ICAP server is nable to repair it, yo can send the file to the ICAP server after the virs database had been pdated, and the ICAP server might be able to repair the file. Yo can also scan individal files to test the connection between the clster and ICAP servers. OneFS generates reports abot antivirs scans. Each time that an antivirs policy is rn, OneFS generates a report for that policy. OneFS also generates a report every 24 hors that incldes all on-access scans that occrred dring the day. Antivirs scan reports contain the following information: The time that the scan started. The time that the scan ended. The total nmber of files scanned. The total size of the files scanned. The total network traffic sent. The network throghpt that was consmed by virs scanning. Whether the scan scceeded. The total nmber of infected files detected. The names of infected files. The threats associated with infected files. How OneFS responded to detected threats. The name and IP address of the ser that triggered the scan. This information is not inclded in reports triggered by antivirs scan policies. Antivirs policy scanning 391

392 Antivirs ICAP servers The nmber of ICAP servers that are reqired to spport an Isilon clster depends on how virs scanning is configred, the amont of data a clster processes, and the processing power of the ICAP servers. If yo intend to scan files exclsively throgh antivirs scan policies, it is recommended that yo have a minimm of two ICAP servers per clster. If yo intend to scan files on access, it is recommended that yo have at least one ICAP server for each node in the clster. If yo configre more than one ICAP server for a clster, it is important to ensre that the processing power of each ICAP server is relatively eqal. OneFS distribtes files to the ICAP servers on a rotating basis, regardless of the processing power of the ICAP servers. If one server is significantly more powerfl than another, OneFS does not send more files to the more powerfl server. Spported ICAP servers OneFS spports ICAP servers rnning the following antivirs scanning software: Symantec Scan Engine 5.2 and later. Trend Micro Interscan Web Secrity Site 3.1 and later. Kaspersky Anti-Virs for Proxy Server 5.5 and later. McAfee VirsScan Enterprise 8.7 and later with VirsScan Enterprise for Storage 1.0 and later. Anitvirs threat responses Yo can configre the system to repair, qarantine, or trncate any files that the ICAP server detects virses in. OneFS and ICAP servers react in one or more of the following ways when threats are detected: Alert All threats that are detected case an event to be generated in OneFS at the warning level, regardless of the threat response configration. Repair The ICAP server attempts to repair the infected file before retrning the file to OneFS. Qarantine OneFS qarantines the infected file. A qarantined file cannot be accessed by any ser. However, a qarantined file can be removed from qarantine by the root ser if the root ser is connected to the clster throgh secre shell (SSH). If yo backp yor clster throgh NDMP backp, qarantined files will remain qarantined when the files are restored. If yo replicate qarantined files to another Isilon clster, the qarantined files will contine to be qarantined on the target clster. Qarantines operate independently of access control lists (ACLs). Trncate OneFS trncates the infected file. When a file is trncated, OneFS redces the size of the file to zero bytes to render the file harmless. 392 OneFS 7.1 Web Administration Gide

393 Antivirs Yo can configre OneFS and ICAP servers to react in one of the following ways when threats are detected: Repair or qarantine Attempts to repair infected files. If an ICAP server fails to repair a file, OneFS qarantines the file. If the ICAP server repairs the file sccessflly, OneFS sends the file to the ser. Repair or qarantine can be sefl if yo want to protect sers from accessing infected files while retaining all data on a clster. Repair or trncate Attempts to repair infected files. If an ICAP server fails to repair a file, OneFS trncates the file. If the ICAP server repairs the file sccessflly, OneFS sends the file to the ser. Repair or trncate can be sefl if yo do not care abot retaining all data on yor clster, and yo want to free storage space. However, data in infected files will be lost. Alert only Only generates an event for each infected file. It is recommended that yo do not apply this setting. Repair only Attempts to repair infected files. Afterwards, OneFS sends the files to the ser, whether or not the ICAP server repaired the files sccessflly. It is recommended that yo do not apply this setting. If yo only attempt to repair files, sers will still be able to access infected files that cannot be repaired. Qarantine Qarantines all infected files. It is recommended that yo do not apply this setting. If yo qarantine files withot attempting to repair them, yo might deny access to infected files that cold have been repaired. Trncate Trncates all infected files. It is recommended that yo do not apply this setting. If yo trncate files withot attempting to repair them, yo might delete data nnecessarily. Configring global antivirs settings Exclde files from antivirs scans Yo can configre global antivirs settings that are applied to all antivirs scans by defalt. Yo can prevent files from being scanned by antivirs policies. Procedre 1. Click Data Protection > Antivirs > Settings. 2. In the File size restriction area, specify whether to exclde files from being scanned based on size. Click Scan all files regardless of size. Click Only scan files smaller than the maximm file size and specify a maximm file size. 3. In the Filename restrictions area, specify whether to exclde files from being scanned based on file names and extensions. Configring global antivirs settings 393

394 Antivirs Click Scan all files. Click Only scan files with the following extensions or filenames. Click Scan all files except those with the following extensions or filenames. 4. Optional: If yo chose to exclde files based on file names and extensions, specify which files will be selected. a. In the Extensions area, click Edit list, and specify extensions. b. In the Filenames area, click Edit list, and specify filenames. Yo can specify the following wild cards: Wildcard Description - - * Matches any string in place of the asterisk. For example, specifying m* wold match movies and m123. [ ] Matches any characters contained in the brackets, or a range of characters separated by a dash. For example, specifying b[aei]t wold match bat, bet, and bit. For example, specifying 1[4-7]2 wold match 142, 152, 162, and 172. Yo can exclde characters within brackets by following the first bracket with an exclamation mark. For example, specifying b[!ie] wold match bat bt not bit or bet. Yo can match a bracket within a bracket if it is either the first or last character. For example, specifying [[c]at wold match cat, and [at. Yo can match a dash within a bracket if it is either the first or last character. For example, specifying car[-s] wold match cars, and car-.? Matches any character in place of the qestion mark. For example, specifying t?p wold match tap, tip, and top. 5. Click Sbmit. Configre on-access scanning settings Yo can configre OneFS to atomatically scan files as they are accessed by sers. Onaccess scans operate independently of antivirs policies. Procedre 1. Click Data Protection > Antivirs > Settings. 2. In the On Access Scans area, specify whether yo want files to be scanned as they are accessed. To reqire that all files be scanned before they are opened by a ser, select Scan files when they are opened, and then specify whether yo want to allow access to files that cannot be scanned. To scan files after they are closed, select Scan files when they are closed. 3. In the Directories to be scanned area, specify the directories that yo want to apply on-access settings to. 394 OneFS 7.1 Web Administration Gide

395 Antivirs If no directories are specified, on-access scanning settings are applied to all files. If yo specify a directory, only files from the specified directories will be scanned as they are accessed. 4. Click Sbmit. Configre antivirs threat response settings Yo can configre how OneFS responds to detected threats. Procedre 1. Click Data Protection > Antivirs > Settings. 2. In the Action on detection area, specify how yo want OneFS to react to potentially infected files. Configre antivirs report retention settings Yo can configre how long OneFS retains antivirs reports before atomatically deleting them. Procedre Enable or disable antivirs scanning 1. Click Data Protection > Antivirs > Settings. 2. In the Reports area, specify how long yo want OneFS to keep reports for. Yo can enable or disable all antivirs scanning. This procedre is available only throgh the web administration interface. Procedre Managing ICAP servers Add and connect to an ICAP server 1. Click Data Protection > Antivirs > Smmary. 2. In the Service area, click Enable or Disable. Before yo can send files to be scanned on an ICAP server, yo mst configre OneFS to connect to the server. Yo can test, modify, and remove an ICAP server connection. Yo can also temporarily disconnect and reconnect to an ICAP server. Yo can add and connect to an ICAP server. After a server is added, OneFS can send files to the server to be scanned for virses. Procedre 1. Click Data Protection > Antivirs > Smmary. 2. In the ICAP Servers area, click Add server. 3. In the Add ICAP Server dialog box, in the ICAP URL field, type the IP address of an ICAP server. 4. Optional: In the Description field, type a description of this ICAP server. 5. Click Sbmit. The ICAP server is displayed in the ICAP Servers table. Configre antivirs threat response settings 395

396 Antivirs Test an ICAP server connection Yo can test the connection between the clster and an ICAP server. This procedre is available only throgh the web administration interface. Procedre Modify ICAP connection settings 1. Click Data Protection > Antivirs > Smmary. 2. In the ICAP Servers table, in the row for the ICAP server, click Test connection. If the connection test scceeds, the Stats colmn displays a green icon. If the connection test fails, the Stats colmn displays a red icon. Yo can modify the IP address and optional description of ICAP server connections. Procedre 1. Click Data Protection > Antivirs > Smmary. 2. In the ICAP Servers table, in the row for an ICAP server, click Edit. 3. Modify settings, and then click Sbmit. Temporarily disconnect from an ICAP server If yo want to prevent OneFS from sending files to an ICAP server, bt want to retain the ICAP server connection settings, yo can temporarily disconnect from the ICAP server. Procedre Reconnect to an ICAP server Remove an ICAP server 1. Click Data Protection > Antivirs > Smmary. 2. In the ICAP Servers table, in the row for an ICAP server, click Disable. Yo can reconnect to an ICAP server that yo have temporarily disconnected from. Procedre 1. Click Data Protection > Antivirs > Smmary. 2. In the ICAP Servers table, in the row for an ICAP server, click Enable. Yo can permanently disconnect from the ICAP server. Procedre 1. Click Data Protection > Antivirs > Smmary. 2. In the ICAP Servers table, in the row for an ICAP server, click Delete. 396 OneFS 7.1 Web Administration Gide

397 Antivirs Create an antivirs policy Yo can create an antivirs policy that cases specific files to be scanned for virses each time the policy is rn. Procedre 1. Click Data Protection > Antivirs > Policies. 2. Click Add policy. 3. In the Name field, type a name for the antivirs policy. 4. Click Add directory and select a directory that yo want to scan. Optionally, repeat this step to specify mltiple directories. 5. In the Restrictions area, specify whether yo want to enforce the file size and name restrictions specified by the global antivirs settings. Click Enforce file size and filename restrictions. Click Scan all files within the root directories. 6. In the Rn policy area, specify whether yo want to rn the policy according to a schedle or manally. Schedled policies can also be rn manally at any time. Options Rn the policy only manally. Rn the policy according to a schedle. Description Click Manally a. Click Schedled. b. In the Interval area, specify on what days yo want the policy to rn. c. In the Freqency area, specify how often yo want the policy to rn on the specified days. 7. Click Sbmit. Managing antivirs policies Modify an antivirs policy Yo can modify and delete antivirs policies. Yo can also temporarily disable antivirs policies if yo want to retain the policy bt do not want to scan files. Yo can modify an antivirs policy. Procedre 1. Click Data Protection > Antivirs > Policy. 2. In the Policies table, click the name of the antivirs policy that yo want to modify. 3. Modify settings, and then click Sbmit. Create an antivirs policy 397

398 Antivirs Delete an antivirs policy Yo can delete an antivirs policy. Procedre Enable or disable an antivirs policy View antivirs policies 1. Click Data Protection > Antivirs > Policies. 2. In the Policies table, in the row for an antivirs policy, click Delete. Yo can temporarily disable antivirs policies if yo want to retain the policy bt do not want to scan files. Procedre 1. Click Data Protection > Antivirs > Policies. 2. In the Policies table, in the row for an antivirs policy, click Enable or Disable. Yo can view antivirs policies. Procedre 1. Click Data Protection > Antivirs > Policies. 2. In the Policies table, view antivirs policies. Managing antivirs scans Scan a file Yo can scan mltiple files for virses by manally rnning an antivirs policy, or scan an individal file withot an antivirs policy. Yo can also stop antivirs scans. Yo can manally scan an individal file for virses. This procedre is available only throgh the command-line interface (CLI). Procedre Manally rn an antivirs policy 1. Open a secre shell (SSH) connection to any node in the clster and log in. 2. Rn the isi avscan manal command. For example, the following command scans /ifs/data/virs_file: isi avscan manal /ifs/data/virs_file Yo can manally rn an antivirs policy at any time. This procedre is available only throgh the web administration interface. Procedre 1. Click Data Protection > Antivirs > Policies. 2. In the Policies table, in the row for a policy, click Start. 398 OneFS 7.1 Web Administration Gide

399 Antivirs Stop a rnning antivirs scan Yo can stop a rnning antivirs scan. This procedre is available only throgh the web administration interface. Procedre Managing antivirs threats Manally qarantine a file 1. Click Data Protection > Antivirs > Smmary. 2. In the Crrently Rnning table, in the row for an antivirs scan, click Cancel. Yo can repair, qarantine, or trncate files in which threats are detected. If yo think that a qarantined file is no longer a threat, yo can rescan the file or remove the file from qarantine. Yo can qarantine a file to prevent the file from being accessed by sers. Procedre 1. Click Data Protection > Antivirs > Detected Threats. 2. In the Detected Threats table, in the row of a file, click Qarantine. Rescan a file Yo can rescan the file for virses if, for example, yo believe that a file is no longer a threat. Procedre 1. Click Data Protection > Antivirs > Detected Threats. 2. In the Detected Threats table, in the row of a file, click Rescan. Remove a file from qarantine Manally trncate a file Yo can remove a file from qarantine if, for example, yo believe that the file is no longer a threat. Procedre 1. Click Data Protection > Antivirs > Detected Threats. 2. In the Detected Threats table, in the row of a file, click Restore. If a threat is detected in a file, and the file is irreparable and no longer needed, yo can trncate the file. Procedre 1. Click Data Protection > Antivirs > Detected Threats. 2. In the Detected Threats table, in the row for a file, click Trncate. The Confirm dialog box appears. 3. Click Yes. Stop a rnning antivirs scan 399

400 Antivirs View threats Yo can view files that have been identified as threats by an ICAP server. Procedre 1. Click Data Protection > Antivirs > Detected Threats. 2. In the Detected Threats table, view potentially infected files. Antivirs threat information Yo can view information abot the antivirs threats that are reported by an ICAP server. Stats The color of the icon indicates the stats of the potentially infected file. Red OneFS did not take any action on the file. Orange OneFS trncated the file. Yellow OneFS qarantined the file. Threat Displays the name of the detected threat as it is recognized by the ICAP server. Filename Displays the name of the potentially infected file. Directory Displays the directory in which the file is located. Remediation Indicates how OneFS responded to the file when the threat was detected. If OneFS did not qarantine or trncate the file, Infected appears. Detected Displays the time that the file was detected. Policy Displays the name of the antivirs policy that cased the threat to be detected. If the threat was detected as a reslt of a manal antivirs scan of an individal file, Manal scan appears. Crrently Displays the crrent state of the file. File size Displays the size of the file in bytes. Trncated files display a size of zero bytes. 400 OneFS 7.1 Web Administration Gide

401 Antivirs Managing antivirs reports Export an antivirs report View antivirs reports View antivirs events In addition to viewing antivirs reports throgh the web administration interface, yo can export reports to a comma-separated vales (CSV) file. Yo can also view events that are related to antivirs activity. Yo can export an antivirs report to a comma separated vales (CSV) file. Procedre 1. Click Data Protection > Antivirs > Reports. 2. In the Reports table, in the row for a report, click Export. 3. Save the CSV file. Yo can view antivirs reports. Procedre 1. Click Data Protection > Antivirs > Reports. 2. In the Reports table, in the row for a report, click View Details. Yo can view events that relate to antivirs activity. Procedre 1. Click Dashboard > Events > Event History. 2. In the Event History table, view all events. All events related to antivirs scans are classified as warnings. The following events are related to antivirs activities: Anti-Virs scan fond threats A threat was detected by an antivirs scan. These events refer to specific reports on the Antivirs Reports page bt do not provide threat details. No ICAP Servers available OneFS is nable to commnicate with any ICAP servers. ICAP Server Unresponsive or Invalid OneFS is nable to commnicate with an ICAP server. Managing antivirs reports 401

402

403 CHAPTER 23 iscsi This section contains the following topics: iscsi overview iscsi targets and LUNs isns client service Access control for iscsi targets iscsi considerations and limitations Spported SCSI mode pages Spported iscsi initiators Configring the iscsi and isns services Managing iscsi targets Configring iscsi initiator access control Creating iscsi LUNs Managing iscsi LUNs iscsi 403

404 iscsi iscsi overview The Isilon iscsi modle enables cstomers to provide block storage for Microsoft Windows, Linx, and VMware systems over an IP network. To access the iscsi modle, yo mst activate a separate license. Note The iscsi modle is spported by exception only and is limited to certain se cases. It is recommended that yo find other soltions for yor block storage reqirements. Yo can create and manage iscsi targets on a clster. The targets are available as SCSI block devices on which yo can store strctred and nstrctred data. iscsi targets contain one or more logical nits, each niqely identified by a logical nit nmber (LUN). Yo can format and connect to targets, sch as physical disk devices, on the local file system. Yo can configre each target to limit access to a list of initiators. Yo can also reqire initiators to athenticate with a target by sing the Challenge-Handshake Athentication Protocol (CHAP). The iscsi modle incldes the following featres: Spport for Microsoft Internet Storage Name Service (isns) server Isilon SmartConnect Advanced dynamic IP allocation Isilon FlexProtect Data mirroring from 2x to 8x LUN cloning iscsi targets and LUNs One-way CHAP athentication Initiator access control A logical nit is a storage object (sch as a disk or disk array) that is accessible by an iscsi target on an Isilon clster. Each logical nit is niqely identified by a logical nit nmber (LUN). Althogh a LUN is an identifier for a logical nit, the terms are often sed interchangeably. A logical nit mst be associated with a target, and each target can contain one or more logical nits. The following table describes the three types of LUNs that the Isilon iscsi modle spports: LUN Type Description - - Normal A normal LUN is the defalt LUN type for clone and imported LUNs, and the only type available for newly created LUNs. Normal LUNs are either writeable or read-only. Snapshot Clone A snapshot LUN is a copy of a normal LUN or another snapshot LUN. Althogh snapshot LUNs reqire little time and disk space to create, they are read-only. Yo can create snapshot LUNs by cloning existing normal or snapshot LUNs, bt yo cannot create snapshot clones of clone LUNs. A clone LUN is a copy of a normal, snapshot, or clone LUN. Clone LUNs are implemented sing overlay and mask files in conjnction with a snapshot. Clone 404 OneFS 7.1 Web Administration Gide

405 iscsi LUN Type Description - - LUNs reqire little time and disk space to create, and the LUN is flly writeable. Yo can create clone LUNs by cloning or importing existing LUNs. SmartConnect and iscsi targets isns client service Access control for iscsi targets CHAP athentication Yo can specify a SmartConnect service IP or virtal IP address for an initiator when connecting to iscsi targets. When an initiator connects to a target with the SmartConnect service, the iscsi session is redirected to a node in the clster, based on the SmartConnect connection policy settings. The defalt connection policy setting is rond robin. If the SmartConnect service is configred for dynamic IP allocation, connections are redirected to other nodes in case of failre. Dynamic IP allocation is available only if yo activate a SmartConnect Advanced license. iscsi initiators can discover and connect to iscsi targets throgh the Microsoft Internet Storage Name Service (isns) protocol. The isns server establishes a repository of active iscsi nodes. The nodes can be initiators or targets. In addition, yo can enable, disable, configre, and test the isns client service throgh the iscsi modle in OneFS. The iscsi modle spports Challenge-Handshake Athentication Protocol (CHAP) and initiator access control for connections to individal targets. The CHAP and initiator access control secrity options can be implemented together or sed separately. Yo can athenticate initiator connections to iscsi targets with the Challenge-Handshake Athentication Protocol (CHAP). Yo can restrict initiator access to a target by enabling CHAP athentication and then adding ser:secret pairs to the target's CHAP secrets list. If yo enable CHAP athentication, initiators are reqired to provide a valid ser:secret pair to athenticate their connections to the target. CHAP athentication is disabled by defalt. Note The Isilon iscsi modle does not spport mtal CHAP athentication. SmartConnect and iscsi targets 405

406 iscsi Initiator access control Yo can control which initiators are allowed to connect to a target by enabling initiator access control and configring the target's initiator access list. By defalt, initiator access control is disabled, and all initiators are allowed to access the target. Yo can restrict access to a target by enabling access control and then adding initiators to the target's initiator access list. If yo enable access control bt leave the initiator access list empty, no initiators are able to access the target. iscsi considerations and limitations When planning yor iscsi deployment, be aware of the following limitations and considerations. Mltipath I/O (MPIO) is recommended only for iscsi workflows that have primarily read-only operations. The node mst invalidate the data cache on all other nodes dring file-write operations and performance decreases in proportion to the nmber of write operations. If all MPIO sessions are connected to the same node, performance shold not decrease. The Isilon iscsi modle spports one-way Challenge-Handshake Athentication Protocol (CHAP). The athentication configration is shared by all of the nodes, so a target athenticates its initiator regardless of the node the initiator is connecting throgh. The Isilon iscsi modle spports the importing of normal LUNs only. Importing snapshot LUNs and clone LUNs is not spported. Yo cannot back p and then restore a snapshot or clone LUN, or replicate snapshot or clone LUNs to another clster. It is recommended that yo deploy a backp application to back p iscsi LUNs on the iscsi client, as the backp application ensres that the LUN is in a consistent state at the time of backp. The Isilon iscsi modle does not spport the following: Internet Protocol Secrity (IPsec) Mltiple connections per session (MCS) iscsi host bs adaptors (HBAs) Mtal CHAP athentication Spported SCSI mode pages The SCSI Mode Sense command is sed to obtain device information from mode pages in a target device. The Mode Select command is sed to set new vales. OneFS spports the following mode pages: Mode page name Page code Sbpage code Caching mode page* 08h 00h Retrn all mode pages only 3Fh 00h Control mode page** 0Ah 00h Informational exceptions control mode page 1Ch 00h 406 OneFS 7.1 Web Administration Gide

407 iscsi Spported iscsi initiators * For the caching mode page, OneFS spports the write cache enable (WCE) parameter only. ** OneFS spports qerying this mode page throgh the Mode Sense command, bt does not spport changing the fields of this page throgh the Mode Select command. OneFS or later is compatible with the following iscsi initiators. Operating System iscsi Initiator - - Microsoft Windows 2003 (32-bit and 64-bit) Microsoft iscsi Initiator 2.08 or later (Certified) Microsoft Windows 2008 (32-bit and 64-bit) Microsoft Windows 2008 R2 (64-bit only) Red Hat Enterprise Linx 5 VMware ESX 4.0 and ESX 4.1 VMware ESXi 4.0 and ESXi 4.1 VMware ESXi 5.0 Microsoft iscsi Initiator (Certified) Microsoft iscsi Initiator (Certified) Linx Open-iSCSI Initiator (Spported) iscsi Initiator (Certified) iscsi Initiator (Certified) iscsi Initiator (Certified) Configring the iscsi and isns services Configre the iscsi service Yo can disable or enable and configre the iscsi service and the isns client service. Yo can find targets for iscsi initiators throgh the isns client service. The settings for the iscsi and isns services are applied to all of the nodes in the clster. Yo cannot modify these settings for individal nodes. Yo can enable or disable the iscsi service for all the nodes in a clster. Before yo disable the iscsi service, be aware of the following considerations: All of the crrent iscsi sessions will be terminated for all the nodes in the clster. Initiators cannot establish new sessions ntil the iscsi service is re-enabled. Procedre 1. Click File System Management > iscsi > Settings. 2. In the iscsi Service area, set the service state that yo want: If the service is disabled, yo can enable it by clicking Enable. If the service is enabled, yo can disable it by clicking Disable. Spported iscsi initiators 407

408 iscsi Configre the isns client service Yo can configre and enable or disable the Internet Storage Name Service (isns), which iscsi initiators se to discover targets. Procedre 1. Click File System Management > iscsi > Settings. 2. In the isns Client Service area, configre the isns client service settings: isns server address: Type the IP address of the isns server with which yo want to register iscsi target information. isns server port: Type the isns server port nmber. The defalt port nmber is Click Test connection to validate the isns configration settings. If the connection to the isns server fails, check the isns server address and the isns server port nmber. 4. Click Sbmit. View iscsi sessions and throghpt 5. Change the service to the state that yo want: If the service is disabled, yo can enable it by clicking Enable. Enabling the service allows OneFS to register information abot iscsi targets. If the service is enabled, yo can disable it by clicking Disable. Disabling the service prevents OneFS from registering information abot iscsi targets. If the iscsi service is enabled on the clster, yo can view a smmary of crrent iscsi sessions and crrent throghpt. Note To view historical iscsi throghpt data, yo mst obtain the EMC Isilon InsightIQ virtal appliance, which reqires yo to activate a separate license. For more information, contact yor EMC Isilon representative. Procedre 1. Click File System Management > iscsi > Smmary. 2. Review the crrent throghpt data and crrent session information. The Crrent Throghpt area displays a chart that illstrates overall inbond and otbond throghpt across all iscsi sessions dring the past hor, measred in kilobits per second (Kbps). This chart atomatically pdates every 15 seconds. The Crrent Sessions area displays information abot each crrent connection between an initiator and a target, inclding the client and target IP addresses; node, target, and LUN; operations per second; and the inbond, otbond, and total throghpt in bits per second. Yo can view details abot a target by clicking the target name. 408 OneFS 7.1 Web Administration Gide

409 iscsi Managing iscsi targets Create an iscsi target Yo can configre one or more targets for an iscsi server, and each target can contain one or more logical nits. iscsi initiators on clients establish connections to the targets. Targets define connection endpoints and serve as container objects for logical nits on an iscsi server. Yo can control access to the target by configring SmartConnect pools, initiator access control, and athentication with the Challenge-Handshake Athentication Protocol (CHAP). The iscsi modle discovers targets throgh a server rnning Microsoft Internet Storage Name Service (isns). Yo can configre one or more iscsi targets, each with its own settings for initiator access control and athentication. A target is reqired as a container object for one or more logical nits. Procedre 1. Click File System Management > iscsi > Targets & Logical Units. 2. In the Targets area, click Add target. 3. In the Name field, type a name for the target. The name mst begin with a letter and can contain only lowercase letters, nmbers, and hyphens (-). 4. In the Description field, type a descriptive comment for the target. 5. In the Defalt path field, type the fll path of the directory, beginning with /ifs, where the logical nit nmber (LUN) directory is created, or click Browse to select a directory. Note This directory is sed only if no other directory is specified dring LUN creation or if a LUN is not created. The directory mst be in the /ifs directory tree. The fll path to the directory is reqired, and wildcard characters are not spported. 6. Add one or more SmartConnect pools for the target to connect with. This setting overrides any global defalt SmartConnect pools that are configred for iscsi targets. a. For the SmartConnect pool(s) setting, click Edit list. b. Move pools between the Available Pools and Selected Pools lists by clicking a pool and then clicking the right or left arrow. To remove all selected pools at once, click clear. c. Click OK. 7. Click Sbmit. 8. Optional: In the Initiator Access Control area, enable and configre the settings for initiator access control. a. Click Enable to restrict target access to initiators that are added to the initiator access control settings. b. Click Add initiator. Managing iscsi targets 409

410 iscsi c. In the Initiator name field, type the name of the initiator that yo want to allow to access this target, or click Browse to select from a list of initiators. An initiator name mst begin with an iqn. prefix. d. Click OK. Note To contine adding initiators, click OK and add another. When yo are finished adding initiators, click OK. 9. Optional: In the CHAP Athentication area, enable and configre Challenge- Handshake Athentication Protocol (CHAP) settings. Note If CHAP athentication is enabled and the CHAP secrets list is empty, no initiators can access the target. a. Click Enable to reqire initiators to athenticate with the target. b. Click Add sername. c. In the Username field, type the name that the initiator will se to athenticate with the target. Yo can specify an initiator's iscsi qalified name (IQN) as the sername. Depending on whether yo specify an IQN, valid sernames differ in the following ways: If yo specify an IQN as the sername, the Username vale mst begin with an iqn. prefix. The characters that are allowed after the iqn. prefix are alphanmeric characters, periods (.), hyphens (-), and colons (:). All other sernames can se alphanmeric characters, periods (.), hyphens (-), and nderscores (_). Note CHAP sernames and passwords are case sensitive. d. In the Secret and Confirm secret fields, type the secret that the initiator will se to athenticate with the target. A CHAP secret mst be 12 to 16 characters long and can contain any combination of letters, nmbers, and symbols. e. Click OK. 10.Click Sbmit. Modify iscsi target settings Yo can modify a target's description, change the path where logical nit directories are created, and modify the list of SmartConnect pools that the target ses. Yo can also manage the target's settings for initiator access control and athentication. Procedre 1. Click File System Management > iscsi > Targets & Logical Units. 2. In the Targets area, nder Actions, click Edit for the target that yo want to modify. 3. Modify the target's settings as needed. 410 OneFS 7.1 Web Administration Gide

411 iscsi Delete an iscsi target Note Changing the defalt path does not affect existing logical nits. Changing the secrity settings does not affect existing connections. 4. Click Sbmit. When yo delete a target, all of the logical nit nmbers (LUNs) that are contained in the target are also deleted, and all the data that is stored in the LUNs is deleted. Additionally, any iscsi sessions that are connected to the target are terminated. This operation cannot be ndone. Procedre View iscsi target settings 1. Click File System Management > iscsi > Targets & Logical Units. 2. In the Targets area, nder Actions, click Delete for the target that yo want to delete. 3. In the confirmation dialog box, click Yes. The target and all LUNs and LUN data that are contained in the target are deleted, and any iscsi sessions on the target are terminated. Yo can view information abot a target, inclding its iscsi qalified name (IQN), defalt LUN directory path, capacity, and SmartConnect pool settings. Yo can also view the logical nits that are associated with the target as well as the settings for initiator access control and athentication. Procedre 1. Click File System Management > iscsi > Targets & Logical Units. 2. In the Targets area, click the name of a target. 3. Review the following sections for information on the target. To modify these settings, click Edit target. Target Details: Displays the target name, IQN, description, defalt path, capacity, and SmartConnect pool settings. The name and IQN cannot be modified. Logical Units: Displays any logical nits that are contained in the target. Yo can add or import a logical nit, or manage existing logical nits. Yo can also select the colmns to display or hide. Allowed Initiators: Displays the target's initiator access control stats, and lists the names of any initiators that are allowed to access the target when access control is enabled. CHAP Athentication: Displays the target's CHAP athentication stats, and lists all ser:secret pairs for the target. Configring iscsi initiator access control Yo can configre access control to specify which initiators are allowed to connect to a target. Access control is disabled by defalt. If yo enable initiator access control for an iscsi target, access to that target is limited to a specified list of allowed initiators. If yo modify a target's access control settings, the Delete an iscsi target 411

412 iscsi Configre iscsi initiator access control changes are applied to sbseqent connection reqests. Crrent connections are naffected. Yo can configre access control to specify which initiators are allowed to connect to a target. If initiator access control is enabled for an iscsi target, access is limited to a list of initiators. Access control is disabled by defalt. Note Modifications to a target's access control settings are applied to sbseqent connection reqests. Crrent connections are not affected. Procedre 1. Click File System Management > iscsi > Targets & Logical Units. 2. In the Targets area, nder Actions, click Edit for the target whose initiator access state yo want to change. 3. In the Initiator Access Control area, configre the access control state. If access control is disabled, click Enable to restrict target access to initiators that yo add to the initiator access list. Note If yo disable access control and the initiator access list is empty, no initiators are able to connect to the target. If access control is enabled, click Disable to allow all initiators access to the target. Note Control initiator access to a target If yo disable access control, the list of allowed initiators is ignored. 4. Add initiators by clicking Add initiator. Yo can control access to a target by adding initiators to its initiator access list. If yo enable initiator access control, the initiator access list specifies which initiator names are allowed to access the target. However, the initiator access list is ignored nless initiator access control is enabled. Procedre 1. Click File System Management > iscsi > Targets & Logical Units. 2. In the Targets area, nder Actions, click Edit for the target that yo want to allow an initiator to access. 3. In the Initiator Access Control area, click Add initiator. 4. In the Initiator name field, type the name of the initiator that yo want to allow to access the target, or click Browse to select from a list of known initiators. An initiator name reqires the iqn. prefix. 5. Click OK. 412 OneFS 7.1 Web Administration Gide

413 iscsi Modify initiator name 6. To contine adding initiators, click OK and add another. 7. When yo are finished adding initiators, click OK. Yo can rename or replace an initiator that is allowed to connect to a target when access control is enabled. Procedre 1. Click File System Management > iscsi > Targets & Logical Units. 2. In the Targets area, nder Actions, click Edit for the target that yo want to modify. 3. In the Initiator Access Control area, click Edit for the initiator that yo want to modify. 4. Modify the initiator name. 5. Click OK. Remove an initiator from the access list Yo can remove an initiator from a target's initiator access list so that the initiator is no longer able to connect to a target when access control is enabled. Note If yo remove all of the allowed initiators for a target and access control is enabled, the target will deny new connections ntil yo disable access control. Removing an allowed initiator for a target does not affect the initiator's access to other targets. Create a CHAP secret Procedre 1. Click File System Management > iscsi > Targets & Logical Units. 2. In the Targets area, nder Actions, click Edit for the target that yo want to modify. 3. In the Initiator Access Control area, nder Actions, click Delete for the initiator that yo want to remove from the access list. 4. In the confirmation dialog box, click Yes. To se CHAP athentication, yo mst create ser:secret pairs in the target's CHAP secrets list and enable CHAP athentication. Initiators mst then athenticate with the target by providing a ser:secret pair. Procedre 1. Click File System Management > iscsi > Targets & Logical Units. 2. In the Targets area, nder Actions, click Edit for the target that yo want to create a CHAP secret for. 3. In the CHAP Athentication area, click Add sername. 4. In the Username field, type the name that the initiator ses to athenticate with the target. Yo can specify an initiator's iscsi qalified name (IQN) as the sername. Modify initiator name 413

414 iscsi Modify a CHAP secret Delete a CHAP secret If yo specify an IQN as the sername, the Username vale mst begin with an iqn. prefix. The characters that are allowed after the iqn. prefix are alphanmeric characters, periods (.), hyphens (-), and colons (:). All other sernames can se alphanmeric characters, periods (.), hyphens (-), and nderscores (_). Note CHAP sernames and passwords are case sensitive. 5. In the Secret and Confirm secret fields, type the secret that the initiator will se to athenticate with the target. A CHAP secret mst be 12 to 16 characters long and can contain any combination of letters, nmbers, and symbols. 6. Click OK. Yo can modify the settings for a CHAP ser:secret pair. Procedre 1. Click File System Management > iscsi > Targets & Logical Units. 2. In the Targets area, nder Actions, click Edit for the target that yo want to modify a CHAP ser:secret pair for. 3. In the CHAP Athentication area, nder Actions, click Edit for the sername whose settings yo want to modify. 4. Make the changes that yo want, and then click OK. Yo can delete a CHAP ser:secret pair that is no longer needed. Note If yo delete all of a target's CHAP secrets and CHAP athentication is enabled, no initiators are able to access the target ntil yo disable CHAP athentication. Procedre 1. Click File System Management > iscsi > Targets & Logical Units. 2. In the Targets area, nder Actions, click Edit for the target that yo want to delete a CHAP ser:secret pair for. 3. In the CHAP Athentication area, nder Actions, click Delete for the CHAP ser:secret pair that yo want to delete. 4. In the confirmation dialog box, click Yes. Enable or disable CHAP athentication Yo can enable or disable CHAP athentication for a target. Note Modifications to a target's CHAP athentication stats are applied to sbseqent connection reqests. Crrent connections are naffected. 414 OneFS 7.1 Web Administration Gide

415 iscsi Procedre Creating iscsi LUNs 1. Click File System Management > iscsi > Targets & Logical Units. 2. In the Targets area, nder Actions, click Edit for the target whose CHAP athentication state yo want to modify. 3. In the CHAP Athentication area, configre the initiator's CHAP athentication state. If CHAP athentication is disabled, yo can click Enable to reqire initiators to athenticate with the target. Note If CHAP athentication is enabled and the CHAP secrets list is empty, no initiator is able to access the target. If CHAP athentication is enabled, click Disable to stop athenticating initiators with the target. Note If CHAP athentication is disabled, the CHAP secrets list is ignored. 4. Add CHAP ser:secret pairs by clicking Add sername. Yo can create a new LUN or yo can clone an existing LUN to form a new LUN. LUN cloning, like LUN creation, is asynchronos. When yo create a LUN, yo can set its target assignment, LUN nmber, directory path, size, provisioning policy, access state, write access, protection settings, and I/O optimization settings. The LUN nmber niqely identifies the logical nit. When yo clone an existing LUN, yo can set that LUN to be part of the same target or a different target. A cloned LUN is inaccessible by iscsi initiators ntil the cloning is complete. To clone a LUN, yo mst enable the Isilon SnapshotIQ modle, which reqires yo to activate a separate license. For more information, contact yor EMC Isilon sales representative. Create an iscsi LUN Yo can create a logical nit and assign it to an iscsi target for access. Note When yo create a logical nit, yo mst assign it to an existing iscsi target. Each target can contain one or more logical nits. Procedre 1. Click File System Management > iscsi > Targets & Logical Units. 2. In the Logical Units area, click Add logical nit. 3. In the Add Logical Unit area, in thedescription field, type a descriptive comment for the logical nit. 4. From the Target list, select the target that will contain the logical nit. Creating iscsi LUNs 415

416 iscsi 5. Select one of the LUN nmber options. To assign the next available nmber to the logical nit, click Atomatic. This is the defalt setting. To manally assign a nmber to the logical nit, click Manal and then, in the Nmber field, type an integer vale. The vale mst be within the range and mst not be assigned to another logical nit within the target. By defalt, the LUN nmber forms part of the directory name that is created for storing the LUN data. 6. To manally specify the path where the LUN directory is created, in the Path field, type the fll path of the directory, beginning with /ifs, or click Browse to select the directory. The directory mst be in the /ifs directory tree. Yo mst specify the fll path to the directory, and wildcard characters are not allowed. The defalt path is /ifs/iscsi/ ISCSI.LUN.<TargetName>.<LUNnmber>, where <TargetName> is the Target vale and <LUNnmber> is the LUN nmber. 7. In the Size field, specify the LUN capacity by typing an integer vale and then selecting a nit of measre from the list (MB, GB, or TB). The minimm LUN size is 1 MB. The maximm LUN size is determined by the OneFS file system. After yo create a LUN, yo can increase its size, bt yo cannot decrease it. 8. Select one of the Provisioning options. To specify that blocks are nallocated ntil they are written, click Thin provision. To immediately allocate all the blocks, click Pre-allocate space. This is the defalt setting. Note Allocation of all the blocks for a large LUN can take hors or even days. 9. Select one of the LUN access options. To make the LUN accessible, click Online. This is the defalt setting. To make the LUN inaccessible, click Offline. 10.Select one of the Write access options. To allow iscsi initiators to write to the LUN, click Read-Write. This is the defalt setting. To prevent iscsi initiators from writing to the LUN, click Read-Only. 11.Under Protection Settings, from the Disk pool list, select the disk pool to contain the logical nit. 12.From the SSD strategy list, select to specify a strategy to se if solid-state drives (SSDs) are available. Metadata read acceleration (Recommended): Writes metadata and all ser data on hard disk drives (HDDs) and additionally creates a mirror backp of the metadata on an SSD. Depending on the global namespace acceleration setting, the SSD mirror may be an extra mirror in addition to the nmber reqired to satisfy the protection level. Metadata read/write acceleration with performance redndancy (Reqires more SSD space): Writes all metadata on an SSD and writes all ser data on HDDs. 416 OneFS 7.1 Web Administration Gide

417 iscsi Data on SSDs (Reqires most SSD space): Similar to metadata acceleration, bt also writes one copy of the file's ser data (if mirrored) or all of the data (if not mirrored) on SSDs. Regardless of whether global namespace acceleration is enabled, any SSD blocks reside on the file's target pool if there is room. This SSD strategy does not create additional mirrors beyond the normal protection level. Avoid SSDs (Redces performance): Never ses SSDs; writes all associate file data and metadata to HDDs only. 13.From the Protection level list, select a protection policy for the logical nit. Select Use iscsi defalt (2x), which is the recommended setting for best performance, or one of the mirrored options, sch as 2x to 8x. 14.Select one of the Write Cache options. To prevent write caching for files that contain LUN data, click Disabled. This is the recommended setting for LUNs. To allow write caching for files that store LUN data, click Enable. Note The Write Cache option controls whether file writes are sent to the coalescer or the endrant cache. With Write Cache disabled, which is the defalt and recommended setting, all file writes are sent to the endrant cache. The endrant cache is a committed data garantee. If Write Cache is enabled, all file writes are sent to the coalescer. Write caching can improve performance, bt can lead to data loss if a node loses power or crashes while ncommitted data is in the write cache. 15.Select one of the Data access pattern options. To select a random access pattern, click Random. This is the recommended setting for LUNs. To select a concrrent access pattern, click Concrrency. To select a streaming access pattern, click Streaming. Streaming access patterns can improve performance in some workflows. 16.Click Sbmit. Clone an iscsi LUN Yo can clone an existing LUN to a create a new LUN. Procedre 1. Click File System Management > iscsi > Targets & Logical Units. 2. In the Logical Units area, nder Actions, click Clone for the logical nit that yo want to clone. The page pdates and the clone options appear. Most of the fields for these options are poplated with information from the logical nit yo selected to clone. 3. From the LUN type list, select Normal, Clone, or Snapshot. 4. Modify the other settings as needed. Note The settings for the clone vary according to the sorce LUN type. 5. Click Sbmit. Clone an iscsi LUN 417

418 iscsi iscsi LUN cloning operations Depending on the clone LUN type, the contents (or blocks) of a sorce LUN are either copied or referenced, and the attribtes may or may not be copied. In general, clone and snapshot type clone operations are fast, whereas normal type clones can take several mintes or even hors to create, depending on the size of the LUN. The following table describes the reslt of each cloning operation. Sorce LUN Clone LUN Reslt type type Normal Normal A snapshot of the sorce LUN is created. The clone LUN is then created by copying the LUN data from the snapshot. After completing the copy, the snapshot is deleted. The copy process may take several hors to complete for large LUNs if the sorce LUN has a pre-allocated provisioning policy. The copy process may also take several mintes for thinly provisioned LUNs that are significantly sed. Normal Snapshot A snapshot of the sorce LUN is created. The clone LUN is configred to reference the data from the snapshot. The snapshot is deleted when the clone is deleted. Normal Clone A snapshot of the sorce LUN is created. The system then creates a clone LUN that references data from the snapshot. Snapshot Normal The clone LUN is created by copying the LUN data from the snapshot. The copy process may take several mintes to complete for large LUNs if the sorce LUN has a pre-allocated provisioning policy. The copy process may also take several mintes for thinly provisioned LUNs that are heavily sed. Snapshot Snapshot The clone LUN is configred to reference the data from the same snapshot that the sorce LUN references. The nderlying snapshot is not deleted when a LUN is deleted nless the LUN being deleted is the last LUN referencing the snapshot. Snapshot Clone The clone LUN is configred to reference the data from the same snapshot that the sorce LUN references. The nderlying snapshot is not deleted when a LUN is deleted nless the LUN being deleted is the only LUN referencing the snapshot. Clone Normal A snapshot of the sorce LUN is created. The clone LUN is then created by copying the LUN data from the snapshot. After completing the copy, the snapshot is deleted. The copy process may take several mintes to complete for large LUNs if the sorce LUN has a pre-allocated provisioning policy. The copy process may also take several mintes for thinly provisioned LUNs that are heavily sed Clone Snapshot Not allowed. Clone Clone A clone of the clone LUN is created. The clone LUN is configred to reference data from the snapshot. Managing iscsi LUNs Yo can manage a LUN in the following ways. Modify a LUN Delete a LUN Migrate a LUN to another target 418 OneFS 7.1 Web Administration Gide

419 iscsi Import a LUN View LUN settings Modify an iscsi LUN Yo can modify only certain settings for a logical nit. Procedre 1. Click File System Management > iscsi > Targets & Logical Units. 2. In the Logical Units area, nder Actions, click Edit for the logical nit that yo want to modify. 3. Modify the logical nit's settings. 4. Click Sbmit. Delete an iscsi LUN Deleting a logical nit permanently deletes all data on the logical nit. This operation cannot be ndone. Procedre 1. Click File System Management > iscsi > Targets & Logical Units. 2. In the Logical Units area, nder Actions, click Delete for the logical nit that yo want to delete. 3. In the confirmation dialog box, click Yes. Migrate an iscsi LUN to another target Yo can move a logical nit from one target to another, change the vale of its logical nit nmber (LUN), or pdate the path to the LUN directory. Yo cannot modify the path of a snapshot LUN. The name of a logical nit comprises its target name and its LUN vale. The two parts of the name are separated by a colon (sch as "mytarget:0"). Procedre 1. Click File System Management > iscsi > Targets & Logical Units. 2. In the Logical Units area, nder Actions, click Move for the logical nit that yo want to move. 3. In the To target list, click to select a new target for the logical nit. 4. Click one of the To LUN nmber options. To assign the next available nmber to the logical nit, click Atomatic. This is the defalt setting. To manally assign a nmber to the logical nit, click Manal and then, in the Nmber box, type an integer vale. The vale mst be within the range and mst not be assigned to another logical nit. 5. To configre the path where the LUN directory is created, in the To path box, type the fll path of the directory, or click Browse to select the directory. If a path is not specified, the LUN directory is nchanged from the original directory where that LUN was created. 6. Click Sbmit. Modify an iscsi LUN 419

420 iscsi Import an iscsi LUN View iscsi LUN settings Yo can recreate logical nits that were replicated to a remote clster or that were backed p and then restored to a remote clster. The iscsi modle does not spport replicating or restoring logical nit snapshots or clone copies. Procedre 1. Click File System Management > iscsi > Targets & Logical Units. 2. In the Logical Units area, click Import logical nit. 3. In the Description field, type a descriptive comment for the logical nit. 4. In the Sorce path field, type the fll path (beginning with /ifs) of the directory that contains the logical nit that yo want to import, or click Browse to select the directory. 5. From the Target list, select the target that will contain the logical nit. 6. Select one of the LUN nmber options. To assign the next available nmber to the logical nit, click Atomatic. This is the defalt setting. To manally assign a nmber to the logical nit, click Manal, and then in the Nmber field, type an integer vale. The vale mst be within the range and mst not be assigned to another logical nit. 7. Select one of the LUN access options. To make the LUN accessible, click Online. This is the defalt setting. To make the LUN inaccessible, click Offline. 8. Select one of the Write access options. To allow iscsi initiators to write to the LUN, click Read-Write. This is the defalt setting. To prevent iscsi initiators from writing to the LUN, click Read-Only. 9. Select one of the caching options. To allow write caching for files storing LUN data, click Enabled. To prevent write caching for files storing LUN data, click Disabled. 10.Click Sbmit. Yo can view information abot a logical nit, inclding its logical nit nmber (LUN), iscsi target, LUN type, LUN directory path, iscsi qalified name, and other settings. Procedre 1. Click File System Management > iscsi > Targets & Logical Units. 2. In the Logical Units area, nder Target:LUN, click the name of the logical nit that yo want to view. 3. The following settings display: LUN: Displays the nmerical identifier of the logical nit. Yo can modify the LUN vale by sing the move operation. 420 OneFS 7.1 Web Administration Gide

421 iscsi Target: Displays the name of the iscsi target that contains the logical nit. Yo can modify the target by sing the move operation. Description: Displays an optional description for the logical nit. Yo can modify the description by clicking Edit LUN. Type: Displays the LUN type (normal, clone, or snapshot). Yo cannot modify this setting. Size: Displays the LUN capacity. Yo can increase the size of normal or snapshot LUNs by clicking Edit LUN, bt yo cannot decrease the size. Yo cannot modify the size of snapshot LUNs. Stats: Displays the connection stats (online or offline) and write access permissions (read-only or read-write) of the LUN. Yo can modify write-access settings for normal or clone LUNs by clicking Edit LUN. Yo cannot modify writeaccess settings for snapshot LUNs. Path: Displays the path to the directory where the LUN files are stored. Yo can change the path for normal or snapshot LUNs by sing the move operation. Yo cannot modify the path for snapshot LUNs. Disk pool: Displays the disk pool of the LUN. Yo can modify the disk pool by clicking Edit LUN. Protection level: Displays the mirroring level (sch as 2x, 3x, 4x, and so on) or FlexProtect protection policy for the LUN. Yo can modify the protection policy for normal or clone LUNs by clicking Edit LUN. Yo cannot modify these settings for snapshot LUNs. Write Cache: Displays whether SmartCache is enabled or disabled. Yo can change this setting for normal or clone LUNs by clicking Edit LUN. Yo cannot modify these settings for snapshot LUNs. Data access pattern: Displays the access pattern setting (Random, Concrrency, or Streaming) for the LUN. Yo can change the access pattern for normal or clone LUNs by clicking Edit LUN. Yo cannot modify these settings for snapshot LUNs. SCSI name: Displays the iscsi qalified name (IQN) of the LUN. Yo cannot modify this setting. EUI: Displays the extended niqe identifier (EUI), which niqely identifies the LUN. Yo cannot modify this setting. NAA: Displays the LUN's T11 Network Address Athority (NAA) namespace. Yo cannot modify this setting. Serial nmber: Displays the serial nmber of the LUN. Yo cannot modify this setting. View iscsi LUN settings 421

422

423 CHAPTER 24 VMware integration This section contains the following topics: VMware integration overview VAAI VASA Configring VASA spport Disable or re-enable VASA VMware integration 423

424 VMware integration VMware integration overview OneFS integrates with VMware infrastrctres, inclding vsphere, vcenter, and ESXi. VMware integration enables yo to view information abot and interact with Isilon clsters throgh VMware applications. OneFS interacts with VMware infrastrctres throgh VMware vsphere API for Storage Awareness (VASA) and VMware vsphere API for Array Integration (VAAI). OneFS integrates with VMware vcenter throgh the Isilon for vcenter plg-in. The Isilon for vcenter plg-in enables yo to locally backp and restore virtal machines on an Isilon clster. For more information abot Isilon for vcenter, see the following docments: Isilon for vcenter Release Notes Isilon for vcenter Installation Gide Isilon for vcenter User Gide VAAI OneFS ses VMware vsphere API for Array Integration (VAAI) to spport offloading specific virtal machine storage and management operations from VMware ESXi hypervisors to an Isilon clster. VAAI spport enables yo to accelerate the process of creating virtal machines and virtal disks. For OneFS to interact with yor vsphere environment throgh VAAI, yor VMware environment mst inclde ESXi 5.0 or later hypervisors. If yo enable VAAI capabilities for an Isilon clster, when yo clone a virtal machine residing on the clster throgh VMware, OneFS clones the files related to that virtal machine. For more information on file clones, see Clones. VAAI spport for block storage OneFS spport for VMware vsphere API for Array Integration (VAAI) for block storage is enabled by defalt. Note The iscsi modle is spported by exception only and is limited to certain se cases. It is recommended that yo find other soltions for yor block storage reqirements. OneFS spports the following VAAI primitives for block storage: Note Hardware Assisted Locking Fll Copy Block Zeroing OneFS does not spport the thin provisioning block reclaim mechanism. 424 OneFS 7.1 Web Administration Gide

425 VMware integration VAAI spport for NAS To enable OneFS to se VMware vsphere API for Array Integration (VAAI) for NAS, yo mst install the VAAI NAS plg-in for Isilon on the ESXi server. For more information on the VAAI NAS plg-in for Isilon, see the VAAI NAS plg-in for Isilon Release Notes. VASA Isilon VASA alarms OneFS commnicates with VMware vsphere throgh VMware vsphere API for Storage Awareness (VASA). VASA spport enables yo to view information abot Isilon clsters throgh vsphere, inclding Isilon-specific alarms in vcenter. VASA spport also enables yo to integrate with VMware profile driven storage by providing storage capabilities for Isilon clsters in vcenter. For OneFS to commnicate with vsphere throgh VASA, yor VMware environment mst inclde ESXi 5.0 or later hypervisors. If the VASA service is enabled on an Isilon clster and the clster is added as a VMware vsphere API for Storage Awareness (VASA) vendor provider in vcenter, OneFS is generates alarms in vsphere. The following table describes the alarm that OneFS generates: Alarm name Description - - Thin-provisioned LUN There is not enogh available space on the clster to allocate space for capacity exceeded writing data to thinly provisioned LUNs. If this condition persists, yo will not be able to write to the virtal machine on this clster. To resolve this isse, yo mst free storage space on the clster. VASA storage capabilities OneFS integrates with VMware vcenter throgh VMware vsphere API for Storage Awareness (VASA) to display storage capabilities of Isilon clsters in vcenter. The following storage capabilities are displayed throgh vcenter: Archive The Isilon clster is composed of Isilon NL-Series nodes. The clster is configred for maximm capacity. Performance The Isilon clster is composed of Isilon i-series, Isilon X-Series, or Isilon S-Series nodes. The clster is configred for maximm performance. Note The Isilon I-Series and X-Series nodes contain Solid State Drives (SSDs). If a clster is composed of i-series, X-Series, or S-Series nodes, bt does not contain SSDs, the clster is recognized as a capacity clster. VAAI spport for NAS 425

426 VMware integration Capacity The Isilon clster is composed of Isilon X-Series nodes that do not contain SSDs. The clster is configred for a balance between performance and capacity. Hybrid The Isilon clster is composed of nodes associated with two or more storage capabilities. For example, if the clster contained both Isilon S-Series and NL-Series nodes, the storage capability of the clster is displayed as Hybrid. Configring VASA spport To enable VMware vsphere API for Storage Awareness (VASA) spport for a clster, yo mst enable the VASA daemon on the clster, download the Isilon vendor provider certificate and add the Isilon vendor provider in vcenter. Enable VASA Yo mst enable an Isilon clster to commnicate with VMware vsphere API for Storage Awareness (VASA) by enabling the VASA daemon. Procedre 1. Open a secre shell (SSH) connection to any node in the clster and log in. 2. Enable VASA by rnning the following command: isi services isi_vasa_d enable Download the Isilon vendor provider certificate To add an Isilon clster VASA vendor provider in VMware vcenter, yo mst se a vendor provider certificate. Yo can download a vendor provider certificate from an Isilon clster. Procedre 1. In a spported web browser, connect to an Isilon clster at <IPAddress>, where <IPAddress> is the IP address of the Isilon clster. 2. Retrieve the secrity certificate and save the certificate to a location on yor machine. For more information abot exporting a secrity certificate, see the docmentation of yor browser. Note Record the location of where yo saved the certificate. Yo will need this file path when adding the vendor provider in vcenter. Add the Isilon vendor provider Yo mst add an Isilon clster as a vendor provider in VMware vcenter before yo can view information abot the storage capabilities of the clster throgh vcenter. Before yo begin Download a vendor provider certificate. Procedre 1. In vcenter, navigate to the Add Vendor Provider window. 426 OneFS 7.1 Web Administration Gide

427 VMware integration 2. Fill ot the following fields in the Add Vendor Provider window: Name Type a name for this VASA provider. Specify as any string. For example, type EMC Isilon Systems. URL Type where <IPAddress> is the IP address of a node in the Isilon clster. Login Type root. Password Type the password of the root ser. Certificate location Type the file path of the vendor provider certificate for this clster. 3. Select the Use Vendor Provider Certificate box. 4. Click OK. Disable or re-enable VASA Yo can disable or re-enable an Isilon clster to commnicate with VMware vsphere throgh VMware vsphere API for Storage Awareness (VASA). To disable spport for VASA, yo mst disable both the VASA daemon and the Isilon web administration interface. Yo will not be able to administer the clster throgh an internet browser while the web interface is disabled. To re-enable spport for VASA, yo mst enable both the VASA daemon and the web interface. Procedre 1. Open a secre shell (SSH) connection to any node in the clster and log in. 2. Disable or enable the web interface by rnning one of the following commands: isi services apache2 disable isi services apache2 enable 3. Disable or enable the VASA daemon by rnning one of the following commands: isi services isi_vasa_d disable isi services isi_vasa_d enable Disable or re-enable VASA 427

428

429 CHAPTER 25 File System Explorer This section contains the following topics: File System Explorer overview Browse the file system Create a directory Modify file and directory properties View file and directory properties File and directory properties File System Explorer 429

430 File System Explorer File System Explorer overview The File System Explorer is a web-based interface that enables yo to manage the content stored on the clster. Yo can se the File System Explorer to navigate the Isilon file system (/ifs), add directories, and manage file and directory properties inclding data protection, I/O optimization, and UNIX permissions. The File System Explorer is available only if yo are logged in throgh the root ser accont. Isilon file system directory permissions are initially set to allow fll access for all sers. Any ser can delete any file, regardless of the permissions on the individal file. Depending on yor environment, yo want to establish permission restrictions throgh the File System Explorer. Yo can view and configre file and directory properties from within Windows clients that are connected to the clster. However, becase Windows and UNIX permissions differ from one another, yo mst be carefl not to make any nwanted changes that affect file and directory access. Note The File System Explorer displays p to 1000 files in a directory. If more than 1000 files exist within a directory, the files are displayed withot additional information, sch as file size and last modified date. Browse the file system Create a directory Yo can browse the Isilon file system (/ifs) throgh the File System Explorer. Procedre 1. Navigate to File System Management > File System Explorer. 2. View files and directories. Yo can expand and collapse directories in the Directories pane. The contents of the selected directory are displayed in the right pane. Yo can view the contents of another directory by clicking the directory in the Directories pane. Yo can create a directory nder /ifs throgh the File System Explorer. Procedre 1. Navigate to File System Management > File System Explorer. 2. In the Directories pane, specify where yo want to create the directory. 3. Click Add Directory. 4. In the New Directory Properties dialog box, in the Directory name field, type a name for the directory. 5. From the User list, select the owner of the directory. 6. From the Grop list, select the grop for the directory. 7. From the Permissions table, specify the basic permissions for the directory. 8. Click Sbmit. 430 OneFS 7.1 Web Administration Gide

431 File System Explorer Modify file and directory properties Yo can modify the data protection, I/O optimization, and UNIX permission properties of files and directories throgh the File System Explorer. Procedre 1. Navigate to File System Management > File System Explorer. 2. In the Directories pane, click the directory that contains the file or directory that yo want to modify permissions for. 3. In the right pane, in the row of the file or directory yo want to modify permissions for, click Properties. 4. In the Properties dialog box, specify the properties of the file or directory. 5. Click Sbmit. View file and directory properties Yo can view the data protection, I/O optimization, and UNIX permission properties of files and directories throgh the File System Explorer. Procedre File and directory properties 1. Navigate to File System Management > File System Explorer. 2. In the Directories pane, click the directory that contains the file or directory that yo want to view permissions for. 3. In the right pane, in the row of the file or directory yo want to view permissions for, click Properties. 4. In the Properties dialog box, view the properties of the file or directory. Each file and directory is assigned specific data protection, I/O optimization, and UNIX permission properties that yo can view throgh the File System Explorer. The following properties are displayed in the Properties dialog box of the File System Explorer: Protection Settings Settings management Specifies whether protection settings are managed manally or by SmartPools. If yo modify either or both protection settings, this property atomatically refreshes to Manally managed. If yo specify Managed by SmartPools, the protection settings will atomatically refresh to match the SmartPools specifications the next time the SmartPools job is rn. Disk pool The disk pool whose reqested protection is applied if SmartPools is configred to manage protection settings. This property is available only if SmartPools is licensed and enabled on the clster. Modify file and directory properties 431

432 File System Explorer SSD The SSD strategy that will be sed for ser data and metadata if solid-state drives (SSDs) are available. The following SSD strategies are available: Metadata acceleration OneFS creates a mirror backp of file metadata on an SSD and writes the rest of the metadata pls all ser data to hard disk drives (HDDs). Depending on the global namespace acceleration setting, the SSD mirror might be an extra mirror in addition to the nmber reqired to satisfy the protection level. Avoid SSDs OneFS does not write data or metadata to SSDs. OneFS writes all data and metadata to HDDs only. Data on SSDs Similar to metadata acceleration, OneFS creates a mirror backp of file metadata on an SSD and writes the rest of the metadata pls all ser data to hard disk drives. However, OneFS also writes one copy of the file ser data (if mirrored) or all of the data (if not mirrored) to SSDs. All SSD blocks reside on the file target pool if there is adeqate space available, regardless of whether global namespace acceleration is enabled. OneFS does not create additional mirrors beyond the normal protection level. Actal protection The FlexProtect or data-mirroring reqested protection for this file or directory. If SmartPools is licensed and enabled on the clster, the defalt reqested protection for files and directories is inherited from the specified disk pool. I/O Optimization Settings Settings Management Specifies whether I/O Optimization Settings are managed manally or by SmartPools. If yo modify either or both I/O optimization settings, this property atomatically refreshes to Manally managed. If yo specify Managed by SmartPools, the I/O optimization settings vales will atomatically refresh to match the SmartPools specifications the next time the SmartPools job is rn. SmartCache Specifies whether write caching with SmartCache is enabled for this file or directory. 432 OneFS 7.1 Web Administration Gide

433 File System Explorer Data access pattern The optimization settings for accessing data. The following data access patterns are available: Concrrency File or directory is optimized to spport many clients simltaneosly. Streaming File or directory is optimized for high-speed streaming of a single file. For example, this pattern can be sefl if a single client needs to read very qickly from a single file. Random File or directory is optimized for npredictable access. The defalt data access pattern of iscsi LUNs is the random access pattern. The defalt data access pattern of other files and directories is the concrrent access pattern. UNIX Permissions User The owner of the file or directory. Grop The grop of the file or directory. Permissions The basic permissions for the file or directory. File and directory properties 433

434