File Storage Operation Manual

Similar documents
Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM

Configuring TheGreenBow VPN Client with a TP-LINK VPN Router

Apliware firewall. TheGreenBow IPSec VPN Client. Configuration Guide.

Load Balancing Advanced Operation Manual

Creating a Gateway to Gateway VPN between Sidewinder G2 and Linux

System administration basics

Linksys RV042. TheGreenBow IPSec VPN Client. Configuration Guide.

TheGreenBow IPsec VPN Client. Configuration Guide Cisco RV325 v1. Website: Contact:

Creating a Client-To-Site VPN. BT Cloud Compute. The power to build your own cloud solutions to serve your specific business needs.

Immotec Systems, Inc. SQL Server 2005 Installation Document

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

How To Set Up A Vpn Tunnel Between Winxp And Zwall On A Pc 2 And Winxp On A Windows Xp 2 On A Microsoft Gbk2 (Windows) On A Macbook 2 (Windows 2) On An Ip

How To Industrial Networking

AlienVault Unified Security Management (USM) 4.x-5.x. Deploying HIDS Agents to Linux Hosts

Symantec Firewall/VPN 200

Cisco SA 500 Series Security Appliance

NETASQ MIGRATING FROM V8 TO V9

Virtual Data Centre. User Guide

Use Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W

Enterprise Cloud. Customer Portal ver2.0 Manual. Ver.1.01

Linux StrongS/Wan, FreeS/Wan or OpenS/Wan

Easy Setup Guide 1&1 CLOUD SERVER. Creating Backups. for Linux

Cisco RV 120W Wireless-N VPN Firewall

VPN SECURITY POLICIES

Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300

Juniper NetScreen 5GT

Watchguard Firebox X Edge e-series

This is a guide on how to create an IPsec VPN tunnel from a local client running Shrew Soft VPN Client to an Opengear device.

Table of Contents. Cisco Cisco VPN Client FAQ

Lab a Configure Remote Access Using Cisco Easy VPN

Managed Backup Service - Agent for Linux Release Notes

Micronet SP881. TheGreenBow IPSec VPN Client Configuration Guide.

Netopia TheGreenBow IPSec VPN Client. Configuration Guide.

NAS 109 Using NAS with Linux

VPN: Installing the IPSec client

ServerPronto Cloud User Guide

Configuring a FortiGate unit as an L2TP/IPsec server

This chapter describes how to set up and manage VPN service in Mac OS X Server.

Creating a Gateway to Client VPN between Sidewinder G2 and a Mac OS X Client

NAS 272 Using Your NAS as a Syslog Server

Establishing a VPN tunnel to CNet CWR-854 VPN router using WinXP IPSec client

Monitoring Operation Manual

INTEGRATION GUIDE. DIGIPASS Authentication for Cisco ASA 5505

How to Create, Setup, and Configure an Ubuntu Router with a Transparent Proxy.

vcloud Director User's Guide

SingTel VPN as a Service. Quick Start Guide

Contents. Pre-Installation Recommendations. Platform Compatibility. G lobal VPN Client SonicWALL Global VPN Client for 64-Bit Clients

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Load Balancing Clearswift Secure Web Gateway

DI-804HV with Windows 2000/XP IPsec VPN Client Configuration Guide

Purple Sturgeon Standard VPN Installation Manual for Windows XP

IHSVPN IHS Secure Network Access

NetPoint Configuration Guide. for thin clients

CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC

Ingate Firewall. TheGreenBow IPSec VPN Client Configuration Guide.

Using IPSec in Windows 2000 and XP, Part 2

Astaro Security Gateway V8. Remote Access via L2TP over IPSec Configuring ASG and Client

Release Notes. Contents. Release Purpose. Pre-Installation Recommendations. Platform Compatibility. Dell SonicWALL Global VPN Client 4.

Technical Notes TN 1 - ETG FactoryCast Gateway TSX ETG 3021 / 3022 modules. How to Setup a GPRS Connection?

Configuring the PIX Firewall with PDM

Windows Firewall Configuration with Group Policy for SyAM System Client Installation

Laboratory Exercises V: IP Security Protocol (IPSec)

The VPNaaS Plugin for Fuel Documentation

RecoveryVault Express Client User Manual

Fireware How To VPN. Introduction. Is there anything I need to know before I start? Configuring a BOVPN Gateway

Syncplicity On-Premise Storage Connector

Technical Document. Creating a VPN. GTA Firewall to WatchGuard Firebox SOHO 6 TD: GB-WGSOHO6

DSL-G604T Install Guides

Online Backup Client User Manual

Configure an IPSec Tunnel between a Firebox Vclass & a Check Point FireWall-1

ilaw Installation Procedure

CDN Operation Manual

Online Backup Linux Client User Manual

Lab Configure Cisco IOS Firewall CBAC

Chapter 5 Virtual Private Networking Using IPsec

CLOUD INFRASTRUCTURE VIRTUAL SERVER (SHARED) USER GUIDE

Online Backup Client User Manual

How to install software on VMware ESXi 4.0/4.1

Free Dynamic DNS account you can use one of your choosing I like DynDNS but there's also No-IP and probably others.

Desktop : Ubuntu Desktop, Ubuntu Desktop Server : RedHat EL 5, RedHat EL 6, Ubuntu Server, Ubuntu Server, CentOS 5, CentOS 6

Linux Operating System Security

1. Product Information

INSTALL ZENTYAL SERVER

Online Backup Client User Manual Linux

TechNote. Configuring SonicOS for Amazon VPC

DFL-210/260, DFL-800/860, DFL-1600/2500 How to setup IPSec VPN connection

Intelligent Power Protector User manual extension for Microsoft Virtual architectures: Hyper-V 6.0 Manager Hyper-V Server (R1&R2)

How you configure Iscsi target using starwind free Nas software & configure Iscsi initiator on Oracle Linux 6.4

Avalanche Remote Control User Guide. Version 4.1.3

Dell UPS Local Node Manager USER'S GUIDE EXTENSION FOR MICROSOFT VIRTUAL ARCHITECTURES Dellups.com

Cloud Storage Quick Start Guide

enicq 5 System Administrator s Guide

How to Logon with Domain Credentials to a Server in a Workgroup

How to Backup XenServer VM with VirtualIQ

Firewall Rules (Outbound)

Configuring IPsec VPN with a FortiGate and a Cisco ASA

How to install PowerChute Network Shutdown on VMware ESXi 3.5, 4.0 and 4.1

How To Configure Apple ipad for Cyberoam L2TP

VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets

Transcription:

NTT Communications Cloudⁿ File Storage Operation Manual Ver.1.0 Please refrain from redistributing (including distributing, copying, and providing) the content of this booklet. 1

Version Date of Compil ation Ver.1.0 March 23, 2013 Revision First version created 2

Contents 1. Introduction Page 4-1) Overview of the Service 2) Making Preparation in Advance 2. Taking Management of the File Storage Service Page 6-1) Applying for the File Storage Service 2) Discontinuing the File Storage Service 3. Using File Storage Page 11-1) Using the File Storage Console 2) Connecting IPsec to File Storage (on the Cent OS) 3) Connecting IPsec to File Storage (on Ubuntu) 4) Mounting File Storage 5) Checking File Storage 3

1-1) Overview of the Service Cloudⁿ File Storage provides the service that uses the NFS, a general-purpose protocol for Linux, to enable you to use a storage area of a large capacity and with high integrity. Virtual Server (Linux) IPsec Internet Cloud n Compute (East Japan Region) Cloud n File Storage When you use the Cloudⁿ File Storage service, you can use the NFS protocol from Cloud n Compute to make any use of the storage area with large capacity. In addition, as communications are performed by using the IPsec tunnel from Cloud n Compute, you can use the storage with guaranteed security. You can have an access to use File Storage only from a virtual server running a Linux OS (Cent OS/Ubuntu) in a Cloud n Compute environment (East Japan Region). To apply for the File Storage service, you need to specify the global IP address of the Cloud n Compute virtual server you want to use. In addition, besides a current contract for Cloud n Compute, you need to set up another IPsec to use the service. The File Storage service enables two or more users to share a storage device connected over an IPsec tunnel. The service quality may deteriorate depending on devices and network load. 4

1-2) Making Preparation in Advance Before you start using the Cloudⁿ File Storage service, prepare everything listed below: A virtual server created on Compute to use the File Storage service Prepare a virtual server (running such Linux OS as Cent OS and Ubuntu) created on Compute (the FLAT type in East Japan) as a server to use File Storage in the Cloudⁿ File Storage service. For how to create a virtual server, see "Cloudⁿ Compute (FLAT Type) Operation Manual". "Cloudⁿ User's Guide" Prepare "Guidance of the Contents for Using [Cloud n ]" sent when you make a new application for Cloudⁿ. *Listed below are what you need to prepare as a client PC when you set up the File Storage service. The service that enables you to have an access to the Internet Prepare some service that enables you to have an access to the Internet. Example: Always-on connection and so forth provided by OCN Dial Access Service, OCN ADSL Connection Service, Super OCN, and so on *You can use Internet connection service provided by some other provider. The software that enables you to view the control panel (Web browser software) We recommend Firefox 18.0.1 or later. Note that part of the control panel may not be correctly displayed if you use some other Web browser. You cannot use the File Storage service from a virtual server on Compute (VLAN type). 5

Apply for the File Storage service. 1 2-1) Applying for the File Storage Service Log in to the Cloudⁿ portal. Hover the cursor over the "File Storage" icon for the East Japan region. Click on "Sign Up Now". 2 Click A screen appears for you to confirm your application. If you agree, check Agree". Click on the "Next" button. Click 6

3 2-1) Applying for the File Storage Service A screen appears for you to confirm your application for the File Storage service. Click on the Sign Up" button. Click 4 A screen appears to indicate that your application is accepted. You have just finished your application. Click on Console" to register the IP address. 7

2-1) Applying for the File Storage Service 5 A screen appears for you to apply for the File Storage service. Click on the Next" button. Click To check the global IP address of your virtual server, select the virtual server that uses File Storage from Instance in the menu on the left side. Click on the "NIC" tab. Click 8

6 2-1) Applying for the File Storage Service A screen appears for you to confirm the IP address you want to register. Click on the Register" button. 7 Click A screen appears to indicate that the IP address is registered and you can start using volumes. 9

You can discontinue the File Storage service. 1 2-2) Discontinuing the File Storage Service Log in to the Cloudⁿ portal. Hover the cursor over the "File Storage" icon for your region. Click on Cancel". Click 2 A screen appears for you to confirm your discontinuation. If you agree, check Agree". Click on the "Next" button. Click 10

2-2) Discontinuing the File Storage Service 3 A screen appears for you to reconfirm your discontinuation. Click on the Cancel" button. Click 4 A screen pops up to indicate that your discontinuation is accepted. You have just discontinued the service. 11

Use the File Storage console. 1 3-1) Using the File Storage Console Log in to the Cloudⁿ portal. Hover the cursor over the "File Storage" icon for your region. Click on Console". Click 2 The File Storage console opens. You see the file storage information (including the information about the connection VPN) necessary to use the file storage. You also see the information about the access terminal. 12

3 3-1) Using the File Storage Console Click on the "Application management" tab. You see the two items, Change Volumes and Change IP address. If you want to change Volumes or IP address, please press the buttons. Click 13

3-2) Connecting IPsec to File Storage (on the Cent OS) Connect to File Storage over the IPsec connection from the virtual server (Cent OS) on Compute (East Japan region) having the IP address registered to start using the service. In the steps described below, it is assumed that the following settings are made, which can be confirmed on the File Storage console. [Information You Need to Have] 153.128.xx.xx The global IP address of the virtual server you have registered [Information Provided When You Start Using the Service] presharedkey Preshared key for the IPsec connection 180.37.yy.yy The global IP address of the destination of Ipsec connection 192.168.zz.zz File Storage target IP address 1 2 Install OpenSwan as it is necessary for IPsec connection. # yum install openswan Set up the filtering (iptables) to use IPsec connection. # iptables -I INPUT -p udp -s 180.37.yy.yy -d 153.128.xx.xx dport 500 -j ACCEPT # iptables -I FORWARD -s 153.128.xx.xx -d 192.168.zz.zz -j ACCEPT # iptables -I FORWARD -d 153.128.xx.xx -s 192.168.zz.zz -j ACCEPT # iptables -I OUTPUT -p udp -d 180.37.yy.yy -s 153.128.xx.xx sport 500 -j ACCEPT # iptables -I OUTPUT -p esp -d 180.37.yy.yy -s 153.128.xx.xx -j ACCEPT Save the settings for the next startup. # service iptables save 3 Follow this step only when you have a firewall specified with iptables. (This is not necessary if you have used an official template for creation.) Set up the setting file of OpenSwan as follows: # vi /etc/ipsec.conf (Omitted) include /etc/ipsec.d/*.conf // (The sharp sign (#) at the start of the line is deleted.) 14

3-2) Connecting IPsec to File Storage (on the Cent OS) 4 Create a new connection setting file as shown below: # vi /etc/ipsec.d/fs.conf ( "fs" can be any number. This is used for connection.) conn fs authby=secret auto=start pfs=yes type=tunnel rekey=no keyingtries=3 left=153.128.xx.xx right=180.37.yy.yy // ( The Compute global IP address) // ( The global IP address at the destination of connection) rightsourceip=192.168.zz.zz // ( The IP address of the target of Filestorage) 5 Set up the key information that is used for the IPsec connection. # vi /etc/ipsec.secrets include /etc/ipsec.d/*.secrets // ( The sharp sign (#) at the start of the line is deleted.) 6 # vi /etc/ipsec.d/fs.secrets ( "fs" is the same number as in step 5.) 153.128.xx.xx 180.37.yy.yy : PSK " presharedkey " Disable SELinux for the IPsec connection # setenforce 0 # vi /etc/sysconfig/selinux SELINUX=disabled // ( Revised from enforced) 15

7 8 3-2) Connecting IPsec to File Storage (on the Cent OS) Change the setting file of the kernel parameters as shown below: # vi /etc/sysctl.conf (Omitted) net.ipv4.ip_forward = 1 // ( Changed from 0) (From the last line in the file, add the following lines.) net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.default.send_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 net.ipv4.conf.lo.send_redirects = 0 net.ipv4.conf.lo.accept_redirects = 0 net.ipv4.conf.eth0.send_redirects = 0 net.ipv4.conf.eth0.accept_redirects = 0 Validate the settings shown above. # sysctl -p 9 Start the ipsec process. # service ipsec start 16

3-2) Connecting IPsec to File Storage (on the Cent OS) 10 Check the integrity of the ipsec settings. # ipsec verify Checking your system to see if IPsec got installed and started correctly: Version check and ipsec on-path Linux Openswan U2.6.32/K2.6.32-279.el6.x86_64 (netkey) Checking for IPsec support in kernel SAref kernel support [N/A] NETKEY: Testing for disabled ICMP send_redirects NETKEY detected, testing for disabled ICMP accept_redirects Testing against enforced SElinux mode Checking that pluto is running Pluto listening for IKE on udp 500 Pluto listening for NAT-T on udp 4500 Checking for 'ip' command Checking /bin/sh is not /bin/dash Checking for 'iptables' command Opportunistic Encryption Support [DISABLED] 11 The settings are correct if there is no [FAILED] in the result. See the log file to check the ipsec connection. # cat /var/log/secure (Omitted) Mar 5 11:00:08 cent-with-disk pluto[27533]: "fs" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+DONTREKEY+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#1 msgid:c5fb4624 proposal=defaults pfsgroup=oakley_group_modp2048} Mar 5 11:00:08 cent-with-disk pluto[27533]: "fs" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 Mar 5 11:00:08 cent-with-disk pluto[27533]: "fs" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x381ca3ab <0x4126aab5 xfrm=aes_128-hmac_sha1 NATOA=none NATD=none DPD=none} The connection is correct if the last line includes "IPsec SA established tunnel mode". 17

3-3) Connecting IPsec to File Storage (on Ubuntu) Establish the IPsec connection to File Storage from the virtual server (Ubuntu) on Compute (East Japan region) having the IP address registered at the time of the service start. In the steps described below, it is assumed that the following settings are made, which can be confirmed on the File Storage console. [Information You Need to Have] 153.128.xx.xx The global IP address of the virtual server you have registered [Information Provided When You Start Using the Service] presharedkey Preshared key for the IPsec connection 180.37.yy.yy The global IP address of the destination of Ipsec connection 192.168.zz.zz File Storage target IP address 1 2 3 Install OpenSwan as it is necessary for IPsec connection $ sudo apt-get install openswan Set up the setting file of OpenSwan as shown below: $ sudo vi /etc/ipsec.conf (Omitted) protostack=netkey // ( Changed from auto) (From the last line in the file, add the following lines.) include /etc/ipsec.d/*.conf // (The sharp sign (#) at the start of the line is deleted.) Create a new connection setting file as shown below: $ sudo vi /etc/ipsec.d/fs.conf ( "fs" can be any number. This is used for connection.) conn fs authby=secret auto=start pfs=yes type=tunnel rekey=no keyingtries=3 left=153.128.xx.xx right=180.37.yy.yy // ( The Compute global IP address) // ( The global IP address at the destination of connection) rightsourceip=192.168.zz.zz // ( The IP address of the target of Filestorage) 18

4 5 6 7 3-3) Connecting IPsec to File Storage (on Ubuntu) Set up the key information used for IPsec connection. $ sudo vi /etc/ipsec.secrets (The last line in the file is commented out.) #include /var/lib/openswan/ipsec.secrets.inc (From the last line in the file, add the following line.) include /etc/ipsec.d/*.secrets // ( The sharp sign at the start of the like is deleted.) $ sudo vi /etc/ipsec.d/fs.secrets ( "fs" is the same number as in step 3.) 153.128.xx.xx 180.37.yy.yy : PSK " presharedkey " Change the setting file of the kernel parameters as shown below: $ sudo vi /etc/sysctl.conf (Omitted) net.ipv4.ip_forward = 1 // (Delete the sharp sign (#) at the start of the line to validate the statement.) (From the last line in the file, add the following lines.) net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.default.send_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 net.ipv4.conf.lo.send_redirects = 0 net.ipv4.conf.lo.accept_redirects = 0 net.ipv4.conf.eth0.send_redirects = 0 net.ipv4.conf.eth0.accept_redirects = 0 Validate the settings shown above. $ sudo sysctl -p Start the ipsec process. # service ipsec start 19

8 3-3) Connecting IPsec to File Storage (on Ubuntu) Check the integrity of the ipsec settings. # ipsec verify Checking your system to see if IPsec got installed and started correctly: Version check and ipsec on-path Linux Openswan U2.6.37/K3.5.0-17-generic (netkey) Checking for IPsec support in kernel SAref kernel support [N/A] NETKEY: Testing XFRM related proc values Checking that pluto is running Pluto listening for IKE on udp 500 Pluto listening for NAT-T on udp 4500 Checking for 'ip' command Checking /bin/sh is not /bin/dash [WARNING] Checking for 'iptables' command Opportunistic Encryption Support [DISABLED] 9 The settings are correct if there is no [FAILED] in the result. See the log file to check the ipsec connection. $ sudo cat /var/log/auth.log (Omitted) Mar 6 11:24:29 ubuntu1210 pluto[18697]: "fs" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+DONTREKEY+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#1 msgid:7dc84e68 proposal=defaults pfsgroup=oakley_group_modp2048} Mar 6 11:24:29 ubuntu1210 pluto[18697]: "fs" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 Mar 6 11:24:29 ubuntu1210 pluto[18697]: "fs" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x153f0614 <0xbb4dd4f3 xfrm=aes_128-hmac_sha1 NATOA=none NATD=none DPD=none} The connection is correct if the last line includes "IPsec SA established tunnel mode". 20

3-4) Mounting File Storage Mount File Storage over the IPsec tunnel connected in section 3-2), "Connecting IPsec to File Storage". In the steps described below, it is assumed that the following settings are made: [Information You Need to Have] /mnt/filestorage The direction at the destination of mounting File Storage [Information Provided When Start Using the Service] 192.168.zz.zz File Storage target IP address BSDN123456789_01 The volume name of the File Storage you use 1 2 Create a directory as the destination of mounting File Storage. (This step is not necessary if you already have a directly.) In the cse of Ubuntu, install "nfs-common" that is necessary for mounting. # mkdir /mnt/filestorage $ sudo apt-get install nfs-common ( Only when you use ubuntu) Mount File Storage to the directory at the destination of mounting File Storage. # mount -t nfs -o vers=3,tcp,hard 192.168.zz.zz:/BSDN123456789_01 /mnt/filestorage 1Mount Option Option Name (Argument) 1Mount option Description 2File Storage volume 3Mount directory -t Specify this option as the service is provided in NFS nfs Specify the file system as NFS -o Specify the options to use this service. vers=3 tcp hard intr Specify the version of the NFS Specify the protocol as TCP Specify the option to make the system keep retrying connection until connection is reestablished if a NW failure or the like interferes with the connection to the service Specify the option to enable a client to interrupt the file access when the hard option is used to keep retrying 21

3-4) Mounting File Storage 2 File Storage Volume Specify [File Storage target IP address]:/[the volume name of the File Storage you use]. Volume names are defined as described below. BSDN123456789_[capacity] * 123456789 here is actually a 9-digit number uniquely assigned to the customer. <Example> In the case of a customer who applies for 30TB First volume: BSDN123456789_01 Second volume: BSDN123456789_02 Third volume: BSDN123456789_03 The three volumes listed above will be provided. 22

Check if File Storage is correctly mounted. 1 3-5) Checking File Storage Use the "mount" command to check the integrity of the mounting. # mount /dev/mapper/volgroup-lv_root on / type ext4 (rw) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw) devpts on /dev/pts type devpts (rw,gid=5,mode=620) tmpfs on /dev/shm type tmpfs (rw,rootcontext="system_u:object_r:tmpfs_t:s0") /dev/vda1 on /boot type ext4 (rw) none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw) sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw) 192.168.xx.xx:/ BSDN123456789_01 on /mnt/extradisk type nfs (rw,vers=3,tcp,hard,addr=192.168.xx.xx) 2 Use the "df" command to check the capacity and the free capacity. # df -h Filesystem Size Used Avail Use% Mounted on /dev/mapper/volgroup-lv_root 36G 1.7G 32G 5% / tmpfs 939M 0 939M 0% /dev/shm /dev/vda1 485M 37M 423M 8% /boot 192.168.xx.xx:/ BSDN123456789_01 9.9T 1015G 8.4T 11% /mnt/extradisk 23

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information