Aberdeen AberNAS LX Series

Aberdeen Setup and Administration Guide Publication Date: February 11, 2011-1 -

ABERDEEN LLC END USER LICENSE AGREEMENT This End User License Agreement ( Agreement ) is a legal agreement between Aberdeen LLC ( NE ) and you ( Licensee ) the subject matter of which is NE s Network Attached Storage or Net work Storage Solution products and any applicable updates or upgrades thereto ( Product ) and which may include associated media and printed or electronic (retrievable via computer net works such as the Internet or otherwise) materials ( Documentation ) (collectively referred to herein as Product ). By breaking any seal on the Product, installing, copying or otherwise using the Product ( Licensee s Acceptance ) Licensee agrees to be bound by the terms and conditions of this Agreement. If Licensee does not agree to the terms and conditions of this Agreement, Licensee must not install copy or otherwise use the Product and shall promptly return the Product to the place of purchase for a refund of the purchase price, if any. 1. Grant of License. Subject to the terms and conditions of this Agreement and Licensee s acceptance thereof, NE hereby grants to Licensee and Licensee hereby accepts a personal, non-transferable, nonexclusive license (which shall be revocable pursuant to the terms of this Agreement) to use the Product according to its merchantable purpose and pursuant to the terms and conditions of this Agreement. 2. Network License. Licensee may provide access to the Product for its employees and other applicable users, subject to each of such users understanding and complying with the terms and conditions of this Agreement. Licensee may not, nor any of it s employees nor other applicable users, make a copy of the operating system and its related software applicable to the Product. 3. Limitations and Restrictions. Except as expressly permitted herein, Licensee may not: (i) copy, alter, adapt, modify, translate, or create derivative works of the Product or any portion thereof; (ii) reverse engineer, decompile, disassemble, or at tempt to derive the source code of the Product or any portion thereof, unless and only to the extent any of the foregoing is expressly permitted by applicable law and may not be restricted there under; (iii) separate the Product into component parts for transfer to or use by a third party; (iv) rent, lease, loan, sell, distribute, sublicense or lend the Product; (v) remove, alter or obscure any proprietary notices; or (vi) otherwise use the Product. 4. Reservation of Rights. NE does not grant and Licensee does not obtain any implied licenses under this Agreement. NE reserves all rights, title and interests of any kind that are not expressly granted to Licensee in this Agreement. 5. Intellectual Property Rights. NE retains title to and all ownership interests in all proprietary rights, including without limitation copyrights, trademark rights, patent rights, trade secret rights, and any other intellectual or industrial property rights throughout the world ( IPR ), with respect to the Product and all copies or portions thereof, whether or not incorporated into or used in connection with any other products, including without limitation soft ware or documentation materials. Licensee acknowledges that the Product is licensed and not sold under this Agreement, that nothing in this Agreement shall constitute or be construed to constitute a sale of the Product or any portion or copy thereof and that no title to or ownership interest in any rights, including without limitation IPR, with respect to the Product or any components thereof is transferred to Licensee. 6. DISCL AIMER OF WARR ANT Y. THE PRODUCT IS PROVIDED AS IS WITHOUT ANY WARRANTY OF ANY KIND. NE MAKES NO REPRESENTATION OR WARR ANT Y OF ANY KIND, WHE THER E XPRESS OR IMPLIED (EITHER IN FACT OR BY OPER ATION OF L AW), WITH RESPECT TO OR REL ATING TO THE PRODUCT OR THIS AGREEMENT. NE EXPRESSLY DISCLAIMS ALL IMPLIED WARR ANTIES, INCLUDING, WITHOUT LIMITATION, ALL WARRANTIES OF ACCUR ACY, MERCHANTABILIT Y, FITNESS FOR A PARTICULAR PURPOSE, OR NON- INFRINGEMENT AND ALL WARR ANTIES THAT MAY ARISE FROM COURSE OF DE ALING, COURSE OF PERFORMANCE OR USAGE OF TR ADE. NE DOES NOT WARR ANT THAT THE PRODUCT WILL BE ERROR-FREE OR THAT OPER ATION OF THE PRODUCT WILL BE UNINTERRUPTED, AND HEREBY DISCL AIMS ANY AND ALL LIABILIT Y ON ACCOUNT THEREOF. NE MAKES NO WARR ANT Y THAT ALL ERRORS, FAILURES OR DEFECTS WILL BE CORRECTED. THIS SECTION 6 SHALL BE ENFORCE ABLE TO THE MAXIMUM EXTENT ALLOWED BY APPLICABLE L AW. Some jurisdictions prohibit the exclusion of implied warranties or limitations on how long an implied warrant y may last, so the above limitations may not apply fully to Licensee. In this case Licensee s sole and exclusive remedy for a breach of warrant y shall be, at NE s option and in its sole discretion, replacement or repair of the Product or return thereof for a refund of the purchase price, if any. Such remedy shall be available to Licensee for one (1) year commencing on the date of Licensee s Acceptance and ending on the first anniversary thereof. 7. LIMITATIONS OF LIABILIT Y. IN NO E VENT SHALL NE, ITS AFFILIATES OR SUPPLIERS BE LIABLE TO LICENSEE, ITS AFFILIATES OR CUSTOMERS FOR ANY INCIDENTAL, CONSEQUENTIAL, INDIRECT, SPECIAL OR PUNITIVE DAMAGESWHATSOEVER, INCLUDING WITHOUT LIMITATION DAMAGES FOR LOST PROFITS OR - 2 -

RE VENUE, LOST BUSINESS OPPORTUNITIES, LOST OR INACCESSIBLE DATA OR INFORMATION, UNAUTHORIZED ACCESS TO DATA OR INFORMATION OR OTHER PECUNIARY LOSS, ARISING OUT OF OR REL ATED TO THIS AGREEMENT, THE SUBJECT MAT TER HEREOF OR THE AUTHORIZED OR UNAUTHORIZED USE OF OR INABILIT Y TO USE THE PRODUCT, WHETHER LIABILITY IS ASSERTED IN CONTRACT OR TORT (INCLUDING NEGLIGENCE AND STRICT PRODUCT LIABILIT Y) OR OTHERWISE AND IRRESPECTIVE OF WHE THER NE HAS BEEN ADVISED OF THE POSSIBILIT Y OF ANY SUCH LOSS OR DAMAGE. IN NO EVENT SHALL NE S AGGREGATE LIABILITY UNDER THIS AGREEMENT OR ARISING OUT OF OR RELATED TO THE SUBJECT MATTER HEREOF EXCEED ONE HUNDRED DOLLARS (US $100.00). Some jurisdictions do not allow the limitation of incidental or consequential damages so this limitation may not apply fully to Licensee, but such limitation shall apply to the maximum extent permitted by applicable law. Licensee acknowledges that the pricing of the Product and other terms and conditions of this Agreement reflect the allocation of risk set forth in this Agreement and that NE would not enter into this Agreement without these limitations on its liability. 8. Termination. This Agreement is effective until terminated. Without prejudice to any other rights or remedies NE may have at law or in equity, NE may immediately terminate this Agreement if Licensee fails to comply with any term or condition of this Agreement. Upon termination of this Agreement, Licensee shall immediately discontinue the use of the Product and at NE s option, return to NE and/or certify destruction of the Product and any related materials provided to Licensee by NE, and all full or partial copies thereof (whether in tangible or intangible form), in Licensee s possession or control. Licensee may also terminate this Agreement at any time by providing written notice to NE and certifying destruction of the Product and all full or partial copies thereof (whether in tangible or intangible form) in Licensee s possession or control. 9. General. With Licensee s Acceptance Licensee agrees to be bound by the terms and conditions set forth in this Agreement and Licensee acknowledges that it has read and understands this Agreement. Licensee further agrees that this Agreement is the complete and exclusive statement of the understanding between NE and Licensee which supersedes any proposal or prior agreement, oral or written, and any other communication between NE and Licensee relating to the subject matter of this Agreement. This Agreement may not be modified except in a writing duly signed by an authorized representative of NE and Licensee. If any provision of this Agreement is held to be unenforceable for any reason, the remaining provisions hereof shall be unaffected and shall remain in full force and effect. This Agreement shall be governed by and construed in accordance with the laws of the United States and the State of California as such laws are applied to contracts between California residents entered into and to be performed entirely within California. The United Nations Convention on Contracts for the International Sale of Goods shall not apply to this Agreement. Licensee hereby submits to the sole and exclusive jurisdiction of, and waives any venue objections against, the United States District Court for Northern California and the Superior Court of the State of California for the Count y of Santa Clara and the Santa Clara Municipal Court in regard to all disputes and litigation arising under or relating to this Agreement. Licensee s rights and obligations under this Agreement shall not be assignable, delegable, sub licensable or otherwise transferable, whether voluntarily, by operation of law or otherwise, without NE s prior writ ten approval except as provided herein. NE may freely assign this Agreement and/or its rights and obligations hereunder. Should you have any questions concerning this Agreement, or if you desire to contact NE for any reason, please visit: www.aberdeeninc.com.com. 10. U.S. Government Restricted Rights. If Licensee is an agency or instrumentality of the United States Government, the soft ware and documentation associated with the Product are commercial computer soft ware and commercial computer soft ware documentation, and pursuant to FAR 1. 1 or DFARS 7.7 0, and their successors, as applicable, use, reproduction and disclosure of the Product and its associated soft ware and documentation are governed by the terms of this Agreement. 11. Export Law Assurances. Licensee will not use or otherwise export or re-export the Product except as authorized by United States laws and regulations, including without limitation those of the U.S. Department of Commerce, and, as applicable, the laws and regulations of other jurisdictions. Copyright 2011 Aberdeen LLC All rights reserved. AberNAS and ABERNAS are registered trademarks of Aberdeen. - 3 -

Contents Initial Setup: 9 - Connecting the AberNAS to your Network - Locate and configure the AberNAS using NASFINDER - Assign Static IP or DHCP Logging in to the AberNAS: 11 - Log-in to Command Line Using a Direct Console Connection - Manually Assign Static IP Address - Log-in with Command Line Using a SSH - Enable/Disable SSH Commands - Log-in with Command Line Using Telnet Client - Enable/Disable Telnet Commands Web Administration: 13 - Log-in to the Web Administration Graphical Interface Web Administration: MANAGE / BACKUP and RESTORE / UPDATE: Overview: 13 Web Administration: MANAGE: 15 Server Configuration: General Settings: 16 - Edit General Settings - Synchronize With A Custom NTP (Network Time Protocol) - Server: Delete An Existing NTP (Network Time Protocol) - Server: Provide NTP Synchronization Service To Attached - Client: Provide NTP Synchronization Service To New Clients: Server Configuration: Password Change: 18 - Change your root log-in password Server Configuration: Restart & Shutdown: 19 Network Settings: TCP/IP Setting: 21 - Configuring TCP/IP to Gigabit Port(s) - Remove A Port Network Settings: Port Bonding: 23 - Bond Ports - Remove Bond - Bond Type Definitions Network Settings: Microsoft Networking: 26 - Enable/Disable CIFS/SMB Service - Join Microsoft Workgroup - Join Microsoft Primary Domain Controller (PDC) - Join Microsoft Active Directory Service (ADS) Network Settings: UNIX Networking: 28 - Synchronize With Network Information Service (NIS) Network Settings: Apple Networking: 29 - Allow Apple Clients To Access AberNAS Logical Volumes - 4 -

Network Setting: LDAP Client: 30 - Configure LDAP Client Service Network Settings: DHCP Service: 31 - Enable DHCP Service Network Settings: FTP Service: 32 - Enable FTP Service Network Settings: iscsi Service: 33 - Enable The iscsi Initiator Service - Enable The iscsi Target Service Storage Management: Overview: 36 - Definitions for Volume Group Types - Definition for RAID Volume Types Storage Management: RAID Volume Manager: 38 - Managing RAID Volumes Storage Management: Software RAID Manager: 39 Storage Management: External RAID Manager: 40 Storage Management: USB/1394 Volume: 41 Storage Management: iscsi Initiator Management: 42 - iscsi Target Device Benefits - Discover Available iscsi Target Portals And iscsi Target Devices - Connecting And Disconnecting iscsi Target Devices - PV/RV Information Storage Management: Volume Group Manager: 44 - Creating PV - Removing PV - Adding RV To PV - Separate The PV From Expanded PV - Replace The PV In the Expanded PV With Another RV Storage Management: Logical Volume Manager: 46 - Functions Of Logical Volume Manager - Create A New Logical Volume - Modify An Existing Logical Volume - Delete A Logical Volume Storage Management: Format: 49 - Format a Logical Volume User & Access: Local User Management: 51 - Create Local Users - Access a User s Home Directory - Delete a User From The Local Users List - Modify an Existing User - 5 -

User & Access: Local Group Management: 53 - Create Local User Groups - Add User To User Groups - Modify/Delete Local User Group - Delete A User Group User & Access: Access Control: Microsoft: 55 - Assign Access Control - Host IP Blocking - Add IP Address to Allow or Deny List - Delete an IP Address to Allow or Deny List User & Access: Access Control: UNIX: 57 - Add Host Access - Delete The Host - Security Method For NFS Access - Mounting Syntax User & Access: Access Control: Apple: 60 - Assign Access Control - Restart AFP Service User & Access: Access Control: iscsi: 62 - Global and Target User(s) - Creating A Global User - Creating A Target User - Delete User - Host IP Blocking - Add IP Address To Allow or Deny List - Delete an IP Address To Allow or Deny List User & Access: Quota Management: 65 Monitoring: Notification: 68 - Setup A Failure Notifications Procedure Monitoring: Utilization: 70 Monitoring: General: 72 Monitoring: Server Log: 73 - View A Log Of Activities Monitoring: User Access: 74 View Settings: General Settings: 76 View Settings: Network Settings: 77 View Settings: Storage Management: 79 View Settings: Access Control: 80 View Settings: Server Monitoring: 81-6 -

Web Administration: BACKUP, MIRROR and RESTORE: 82 Snapshot: 82 - Snapshot and Restore - Create Snapshots - Delete Snapshot - Modify Snapshot Server Mirror: 85 - Server Fail-over and Mirror - Before Configuring SFM - Configure SFM - Re-deploy Failed Primary Server Folder Replication: 89 - Folder Replication - Add A Folder For Replication - Enable Replication Scheduling View Setting: 93 - Snap Shot and Restore Web Administration: UPDATE: 95 - AberNAS Update - Updating The ABERNAS To The Latest Patch - Reset Factory Defaults - New License - Save Configuration - Restore Configuration Advanced Features & Trouble Shooting: 100 Access Control Local Settings: 101 - Overview - Concepts & Definitions - Setting Access Control Local - Trouble-Shooting Access Control Local - Changing the Default Settings for Advanced Administrators Folder Replication: 110 - Folder Replication Method 1: Incremental Replication - Folder Replication Method 2: Full Replication - Replication Options - Sample Settings Snapshots: 115 - Snapshot Names - Snapshot Sizes - Snapshot Scheduling Examples - Access Rights to Snapshot Volumes SFM Server Failover & Mirroring: 118 - SFM: Overview - SFM Requirements - Enabling SFM - 7 -

- Configuring SFM - Configuring the Primary NAS Node - - Configuring the Secondary NAS Node - Important Considerations File System Check & Repair: 125 - Performing a File System Check & Repair Emergency Bare Metal Recovery: 128 - Replacing the DOM - Performing USB Recovery - Finishing Up - Logging In After Recovery - Importing Anonymous Volumes - Restoring Configuration Settings: Overview - Restore Configuration Settings - 8 -

Initial Setup Connecting the AberNAS to Your Network: Connect the AberNAS to your network using a standard patch cable plugged into Port 0 as shown below: IMPORTANT! For custom configured AberNAS systems, be sure to check your motherboard documentation to determine the location of LAN PORT 0. PORT 0 must be used or the AberNAS will not be detected by the NASFINDER setup utility. Locate and Configure the AberNAS using NASFINDER: Insert the AberNAS setup CD into a computer that resides on the same network as the AberNAS and run the NASFINDER setup utility. The NASFINDER.EXE utility is found in the following directory on the CD: E:\Aberdeen_Manuals\AberNAS_Network_Attached_Storage\Linux_NAS_Software\NASDirector Once located, run the NASFINDER setup utility using one of the following methods: If you are using Windows: - Double click NASFINDER.exe in the NASDIRECTOR folder to start the setup. If you are using Linux: - Open a Terminal Session and cd to the NASDIRECTOR folder. - Run application using the./nasfinder command. The Following screen will appear showing how many AberNAS units were found on your network: If you have more than one Linux AberNAS unit on your network, run option (2) to differentiate between them by IP address. Otherwise, proceed with option (3) to set the IP address. - 9 -

Press option (3) to set the IP address of the AberNAS. You will be asked to select the Client #. Since only a single AberNAS should be found, select Client #1 and press <ENTER> You will then be prompted for the password. Enter the default AberNAS password 0000 to proceed. After you have entered the correct password, you will be prompted to select your preferred IP address type for the unit. Select (1) to enable DHCP, (2) to setup a static IP address or select (0) to cancel. Most users will select option (2). You will be prompted to enter your preferred static IP address, Netmask and Gateway. Once completed you can verify that your preferred IP address has been properly set by choosing option (2) to show the client information as shown below: Now the server must be rebooted by selecting option (4) for the settings to take effect. From this point on, the AberNAS can be administered via its embedded Web Administration GUI by typing its IP address into your preferred web browser s address field. - 10 -

Logging In to the AberNAS Log-in to Command Line using a Direct Console Connection: If for some reason you are unable to setup the AberNAS for the first time using the NASFINDER Setup Utility, you can connect a keyboard and monitor directly to the AberNAS system and access the Linux Command Line. At the log-in prompt, enter the following login credentials: USER ID: root PASSWORD: 0000 Manually Assign Static IP Address: Once logged into the console, use the following commands to assign an IP Address to the AberNAS: ifdown eth0 ifconfig eth0 IP_Address/24 (Example: ifconfig eth0 10.138.138.150/24) ifup eth0 To confirm changes use the following command: Ifconfig eth0 Once you have confirmed that the IP address has been changed to the correct static IP, you must login to the AberNAS Web Administration GUI from a remote system using the newly assigned IP Address, make the IP changes and click Apply. IMPORTANT! The AberNAS IP can only assigned/changed using either the NASFINDER Setup Utility or the AberNAS Web Administration GUI. Any changes made to the IP Addresses via the command line will be lost once the system is restarted. Log-in to Command Line Using SSH: Open an SSH on another computer and connect to the AberNAS system by entering the appropriate commands. For SSH, enter the following command using the AberNAS system IP address in place of IP_Address: ssh IP_Address (Example: ssh 10.138.138.150) Disable SSH: Note The User ID and Password for SSH are the same as those used for the Direct Console Connection. Enter the following commands to disable SSH access to the AberNAS: service stop sshd chkconfig --level 345 sshd off - 11 -

Enable SSH: Enter the following commands to re-enable SSH on the AberNAS: chkconfig --level 345 sshd on service start sshd Log-in to Command Line Using Telnet: For telnet, enter the following command using the AberNAS system IP address in place of IP_Address: telnet IP_Address (Example: telnet 10.138.138.150) At the log-in prompt, enter the following login credentials: USER ID: admin PASSWORD: 111111 By default, logging in via telnet limits your system rights/permissions to those of a normal user. To gain root access to perform administrative tasks you must first switch to a Super User using the following command: su When prompted for the Super User password, enter the following default root password: 0000 Disable Telnet: Enter the following commands to disable Telnet access to the AberNAS: mv /etc/xinetd.d/telnet /root service xinetd restart - 12 -

Web Administration Log-in to the Web Administration Graphical Interface: Open a web browser on any computer that exists on the same network as the AberNAS and enter the IP address you assigned earlier into the address field as shown below. The AberNAS web GUI will appear. Enter the default User ID and Password: USER ID: root PASSWORD: 0000 Click Enter to complete the AberNAS login process. - 13 -

Web Administration Interface Overview The ABERNAS offers a number of interfaces from which administrative tasks can be performed. This section describes how to navigate through the interface to access the administrative features. The ABERNAS Administration Home (pictured below) is launched after successful log-in. The call outs indicate the functions and information that can be found behind each button: Home Link back to this screen from other administration screens or pages. Help Link to on-line product info and downloadable manual. Tech Support Link to on-line technical support information. About Web Manager Display OS build revision and latest installed patch. Manage Edit Server Configuration, Network Settings, Storage Management, Add/Delete Users and Edit Access Settings, Monitor Server Activity Log, View Settings Backup, Mirror and Restore Create/Edit Snapshots and Restore Settings, Edit Failover and Mirror Settings, Folder Replication, View Settings. Update Apply Latest Patches, Add Licensing, Restore Factory Defaults and Save/Restore AberNAS Configuration Files. - 14 -

Web Administration MANAGE Server Config Network Setting Storage Manage User & Access Monitoring View Setting - 15 -

Web Administration Interface > MANAGE > Server Config > General Settings Enter basic server information here such as server name, date, time and language. The AberNAS records the date and time of events, files and folders based on the system date & time set on this page. Server Name - Enter a unique name to identify the ABERNAS server. Up to 15 alphanumeric characters (without spaces) are allowed for the server name. Server Description - Enter a description of up to 50 alphanumeric characters for this ABERNAS to help identify its use. This is an optional field. Date - Enter the system date in each appropriate field in the mm/dd/yyyy format. For example, you would enter 04192002 for April 19, 2002. Time - Enter system time in the 24-hour format. Indicate hour, minutes and seconds in the hh:mm:ss format. - 16 -

Time Zone - Select the time zone from the pull down menu. The default setting is US/Pacific Standard Time. Language - The default language is US English. If you wish to support a different language, select the language from the pull down menu. This multiple language setting allows users to store and retrieve file and directory names that are in the selected language and US English. You must re-boot the server upon changing language. Synchronize with Preconfigured NTP (Network Time Protocol) Server: 1. Select the SERVER AND CLIENT radio button 2. Select an NTP server from the STRATUM SERVERS pull down menu then click Apply. Synchronize with a Custom NTP (Network Time Protocol) Server: 1. Select the SERVER AND CLIENT radio button. 2. Input the IP address of the NTP server and select Add. Then click Apply. Delete An Existing NTP (Network Time Protocol) Server: 1. Select the NTP server from the Stratum Servers pull down menu. 2. Click DELETE. Provide NTP Synchronization Service To Attached Clients: 1. Select the SERVER AND CLIENT radio button to provide this service to clients NOTE: AberNAS and client must be in the same subnet. Provide NTP Synchronization Service to new Clients: 1. Select the SERVER AND CLIENT radio button. 2. Enter the IP Address and Netmask of the client in the Network Address/Netmask fields. 3. Click Add. NOTE: AberNAS and client must be in the same subnet. After completing the general settings, Click APPLY to continue, or click CANCEL to discard changes and to return to the Administration Home Page. - 17 -

Web Administration Interface > MANAGE > Server Config > Password Change To change your root login password, enter the following information into the fields shown above: Current Password - Enter your current log-in password in this field. NOTE: For security, passwords you enter will be cloaked by asterisks (*) within all password fields. New Password - Enter a new password that consists of 6-8 alphanumeric characters. Non-alphanumeric characters such as \ @$ / ) # (* will not be accepted. Passwords are case-sensitive. Confirm New Password - Re-enter the new password exactly as entered in the previous field. CAUTION: Be sure to record your password in a safe place. If you have forgotten your password, you are required to re-install the AberNAS OS. All data and configuration settings will be lost. Click APPLY to complete the password change or Click CANCEL to discard the password change and return to the Administration Home Page. 18

Web Administration Interface > MANAGE > Server Config > Restart & Shutdown It may be necessary to restart the ABERNAS after system changes, upgrades, errors, etc. NOTE: All connected users are disconnected during restart & shutdown and can reconnect after the system reboots. Restart now - Click this to shut down and reboot the ABERNAS system. Shutdown Now - Click this to completely shut down the ABERNAS system. To manually force immediate shut down of the ABERNAS system, press the power button located on the front panel for more than four seconds. NOTE: After selecting the SHUTDOWN NOW button, the AberNAS system may undergo a short shut down process before turning off. Cancel - Click this to return to the Administration Home without restarting or shutting down. 19

Web Administration MANAGE Server Config Network Setting Storage Manage User & Access Monitoring View Setting 20

Web Administration Interface > MANAGE > Network Setting > TCP/IP Setting Configuring TCP/IP to Gigabit Port(s): NOTE: Multiple Gigabit ports may be configured in the ABERNAS system. 1. Select a desired Gigabit port from the PORT POOL. 2. If necessary, select BLINK to map the listed port with its respective PHYSICAL PORT. 3. Select STATIC, SFM, or DHCP port types. Static Port - Port with a specific IP address provided by the network router or name server. If selected from the PORT POOL, input the TCP/IP information in the appropriate fields. 21

NOTE: Static Port is recommended for servers that will be accessed frequently by remote clients. The DHCP setting may cause clients to become disconnected when the AberNAS system obtains a new IP address from the DHCP server. When using patch v.070620 or later, please input DNS information if the ADS server name is not identical to the domain name. Not having the DNS information may cause the AberNAS to not synchronize with the ADS domain. SFM (Server Fail-over & Mirror) - Dedicated port(s) that is used to connect primary and secondary AberNAS units for data mirroring and fail-over. This port is not used to transfer data to attached clients. NOTE: To configure the SFM port, simply select the available port, select the SFM radio button and click APPLY. No TCP/IP information is needed for the SFM port configuration. DHCP - Allows the AberNAS to receive an IP address from a DHCP server existing in the network. It is recommended that the DHCP setting is used for configuring the AberNAS system. NOTE: For DHCP, TCP/IP information input is not needed. 4. Click APPLY to complete this process. New Gigabit port settings will appear in the Assigned Port Pool. Click CANCEL to discard the changes and return to the Administration Home Page. Remove a Port: 1. Select a desired Gigabit port from ASSIGNED PORT POOL. If necessary, select BLINK to map the listed port with the respective physical port. 2. Click REMOVE to remove the selected port or Click CANCEL to discard the changes and return to the Administration Home Page. The removed port will no longer be listed in the ASSIGNED PORT POOL. 22

Web Administration Interface > MANAGE > Network Setting > Port Bonding Multiple NIC ports may be bonded using one of seven different bonding methods. Bonded ports provide higher throughput as well as different levels of failover. All bonded ports assume the IP address and MAC address of the first port in the bond. Bond Ports: 1. From the UNBONDED PORT POOL, select the desired ports you wish to bond. 2. Select the desired bonding method from the BOND TYPE pull down menu. 3. Click BOND PORTS to complete the configuration or Click CANCEL to discard the changes and return to the Administration Home Page. Any bonded ports will now show as a team under the BONDED PORTS POOL. NOTE: IP addresses for SFM ports are assigned internally. SFM can be viewed in the IP address section. 23

Remove Bond: 1. From the BONDED PORTS POOL, select the bonded team to remove. 2. Click REMOVE BOND to complete removal of port or click CANCEL to discard the changes and return to the Administration Home Page. Bond Type Definitions: Adaptive Load Balancing - Includes *balance-tlb* + receive load balancing (RLB) for IPV4 traffic and does not require any special switch support. The receive load balancing is achieved by ARP negotiation. The bonding driver intercepts the ARP replies sent by the server on their way out and overwrites the SRC HW address with the unique HW address of one of the slaves in the bond such that different clients use different HW addresses for the server. Receive traffic from connections created by the server is also balanced. When the server sends an ARP Request the bonding driver copies and saves the client s IP information from the ARP. When the ARP Reply arrives from the client, its HW address is retrieved and the bonding driver initiates an ARP reply to this client assigning it to one of the slaves in the bond. A problematic outcome of using ARP negotiation for balancing is that each time that an ARP request is broadcasted it uses the HW address of the bond. Hence, clients learn the HW address of the bond and the balancing of receive traffic collapses to the current slave. This is handled by sending updates (ARP Replies) to all the clients with their assigned HW address such that the traffic is redistributed. Receive traffic is also redistributed when a new slave is added to the bond and when an inactive slave is re-activated. The receive load is distributed sequentially (round robin) among the group of highest speed slaves in the bond. When a link is reconnected or a new slave joins the bond the receive traffic is redistributed among all active slaves in the bond by initiating ARP Replies with the selected MAC Address to each of the clients. The up delay mode probe parameter must be set to a value equal or greater than the switch s forwarding delay so that the ARP replies sent to the clients will not be blocked by the switch. 802.3ad Dynamic Link Aggregation - Creates aggregation groups that share the same speed and duplex settings. Transmits and receives on all slaves in the active aggregator. Pre-requisites: 1. Ethtool support in the base drivers for retrieving the speed and duplex of each slave. 2. A switch that supports IEEE 802.3ad dynamic link aggregation. Round-Robin - Transmit in a sequential order from the first available slave through the last. This mode provides load balancing and fault tolerance. Active-Backup - Only one slave in the bond is active. A different slave becomes active if, and only if, the active slave fails. The bond s MAC address is externally visible on only one port (network adapter) to avoid confusing the switch. This mode provides fault tolerance. XOR - Transmit based on (source MAC address XOR d with destination MAC address) module slave count. This selects the same slave for each destination MAC address. This mode provides load balancing and fault tolerance. Broadcasting - Transmits everything on all slave interfaces. This mode provides fault tolerance. TLB (Transmit Load Balancing) - Channel bonding that does not require any special switch support. The outgoing traffic is distributed according to the current load (computed relative to the 24

speed) on each slave. Incoming traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC Address of the failed receiving slave. Prerequisites: 1. Ethtool support in the base drivers for retrieving the speed of each slave. 25

Web Administration Interface > MANAGE > Network Setting > Microsoft Networking By default, Microsoft users and user groups (CIFS/SMB) are given access to AberNAS logical volumes. Enable Microsoft Networking Service is automatically selected by default. Enable/disable CIFS/SMB Service: 1. Check or uncheck the Enable Microsoft Networking Service to enable or disable the service. Join Microsoft Workgroup: 1. Select WORKGROUP networking radio button. 2. Enter the Workgroup name in the WORKGROUP OR DOMAIN NAME field. 3. Click APPLY to complete this process or click CANCEL to discard the changes and return to the Administration Home Page. Join Microsoft Primary Domain Controller (PDC): 1. Select DOMAIN radio button. 2. Enter the domain name in the WORKGROUP OR DOMAIN NAME field. 26

3. Enter the IP Address of the PDC in the CONTROLLER field. NOTE: A Primary Domain Controller (PDC) must be available on your network. 4. Enter the Administrator account name and password in the ACCOUNT/PASSWORD fields. 5. Click APPLY to complete this process or Click CANCEL to discard the changes and return to the Administration Home Page. Upon successful synchronization with PDC, PDC sync. successful will appear. NOTE: Synchronizing with PDC or ADS will place all users and user groups in the PDC or ADS server in the AberNAS. When access to the AberNAS is attempted by either PDC or ADS users, the AberNAS will communicate with the PDC or ADS server to authenticate the user and pass through the proper permission. PDC and ADS synchronization cannot exist simultaneously. If synchronization to PDC or ADS fails, reset the AberNAS account from the PDC or ADS server and retry. In some cases, resetting the administrator s password resolves this problem. The AberNAS seeks and lists users and groups in local, LDAP, NLS, and ADS/PDC. In the event of duplicate user IDs, the users and groups will be listed in this order for selection: Local, LDAP, NIS, and ADS/PDC. Join Microsoft Active Directory Service (ADS): 1. Select ADS radio button. 2. Enter the FQDN (Fully Qualified Domain Name) in the DOMAIN NAME field. FQDN Example: xxxxx.com or xxxxx.net or xxxxx.xxxxx.com or xxxxx.xxx.net, etc. 3. Enter the IP address of the ADS server in the CONTROLLER field. NOTE: An active directory service (ADS) must be available in your network. 4. Enter the Administrator account name in the ACCOUNT field and password in the PASSWORD field. 5. Click APPLY to complete this process or click CANCEL to discard the changes and return to the Administration Home Page. Upon successful synchronization with ADS, ADS sync. successful will appear. NOTE: Synchronizing with PDC or ADS will place all users and user groups in the PDC, or ADS server in the AberNAS system (See all Users list in the Users & Access: Microsoft page of the web administration interface). When access to the AberNAS is attempted by either PDC or ADS users, the AberNAS will communicate with the PDC or ADS server to authenticate the user and pass through the proper permission. PDC and ADS synchronization cannot exist simultaneously. In the case that synchronization to PDC or ADS fails, reset the AberNAS account from the PDC or ADS server and retry. Sometimes, resetting the administrator s password resolves the synchronization problem. The AberNAS may also fail to synchronize with ads if the system times for the AberNAS and ADS servers differ. Time for the AberNAS and the ADS server must be the same down to the minute. Check your input for domain name, server IP Address (or name for PDC), user ID and password. For AberNAS units updated with patch v.070620 or later, please input DNS information if the ADS server name is not identical to domain Name. Not having the DNS information may cause the AberNAS to not synchronize with ADS domain. The AberNAS seeks and lists users and groups in local, LDAP, NIS, and ADS/PDC. In the event where you have duplicate user IDs, the above order will be used to list and accept duplicate users and groups. CAUTION: When using SFM configuration, enable ADS synchronization before turning on SFM. If ADS synchronization should require disabling, disable SFM before disabling ADS synchronization. 27

Web Administration Interface > MANAGE > Network Setting > UNIX Networking In order to allow UNIX clients to access ABERNAS logical volumes, the NFS (Network File System) service must be enabled by checking the ENABLE NFS SERVICE check box. Synchronizing with NIS server will place all the users and user groups stored in the NIS server as local users and local user groups in the ABERNAS system. The ABERNAS will communicate with the NIS server to update the user and user group list. In addition, any access attempts made by the NIS users to the ABERNAS logical volume will be authenticated by the user ID and password stored in the NIS server. Synchronize with Network Information Service (NIS): 1. Check ENABLE NFS SERVICE check box. 2. Check ENABLE NIS SERVICE check box. 3. Enter domain name in NIS DOMAIN NAME field. 4. Enter the NIS server name in the NIS SERVER NAME field. 5. Click APPLY to complete the process or click CANCEL to discard the changes and return to the Administration Home Page. NOTE: The AberNAS seeks and lists users and groups in local, LDAP, NIS, and ADS/PDC. In the event where you have duplicate user IDs, the above order will be used to list and accept duplicate users and groups. CAUTION: When using SFM configuration, enable NIS synchronization before turning on SFM. If NIS synchronization should require disabling, disable SFM before disabling NIS synchronization. 28

Web Administration Interface > MANAGE > Network Setting > Apple Networking Allow Apple Clients To Access AberNAS Logical Volumes: 1. Turn on the AFP service by enabling AFP SERVICE check box. NOTE: The AFP service will allow local users and user groups of AberNAS or NIS users and user groups to access AberNAS logical volumes. 2. Click APPLY to complete the process or click CANCEL to discard the changes and return to the Administration Home Page. If Apple clients cannot be mounted, especially OS versions 9.x, to the ABERNAS, enter the following command: rm /usr/local/etc/netatalk/afpd.conf init 6 The system will reboot and attempt to mount to the network share again. 29

Web Administration Interface > MANAGE > Network Setting > LDAP Client LDAP (Lightweight Directory Access Protocol) is a protocol used to access network directory. The ABERNAS supports LDAP. Configure LDAP Client Service: 1. Enable the ENABLE LDAP SERVICE check box to access the LDAP server. 2. Enter IP or host name of the LDAP server in IP or HOST NAME field. 3. Input company and extension in BASE DN field. (Example: dc=mycompany, dc=com) 4. Input ID and extension to access the LDAP server in BIND DN field. (Example: dc=administrator,dc=abernas1) 5. Input password required to access the LDAP server in BIND CREDENTIALS field. (Example: secret. The default setting is a blank field. 6. Click APPLY to complete or click CANCEL to discard the changes and return to the Administration Home Page. Upon synchronization, user list will be listed in the Local User and Local User Group list. NOTE: The AberNAS seeks and lists users/groups in local, LDAP, NIS, and ADS/PDC. In the event where you have duplicate user IDs, the above order will be used to list and accept duplicate users and groups. 30

Web Administration Interface > MANAGE > Network Setting > DHCP Service The DHCP service on the AberNAS can be used to assign IP addresses to the attached clients. Enable DHCP Service: 1. Check ENABLE DHCP check box. 2. Assign IP Address range. 3. Enter Subnet. 4. Enter Gateway. 5. Enter addresses for DNS primary and/or DNS secondary. Entering both primary and secondary is not absolutely required. 6. For client IP address renewal, input appropriate value in the fields for Day, Hour, Min, and Sec. 7. Click APPLY to complete this process or click CANCEL to discard the changes and return to the Administration Home Page. NOTE: The DHCP service on the AberNAS is not intended to replace the DHCP server of the Active Directory Service, Primary Domain Controller or Network Information Service. This feature is to provide convenient management of local clients that are not part of aforementioned network infrastructure. 31

Web Administration Interface > MANAGE > Network Setting > FTP Service Enable FTP Service: 1. Select ENABLE FTP SERVICE check box to allow FTP access to remote users. 2. Select ALLOW ANONYMOUS ACCESS to allow any user to access public directories via FTP. 3. Enable ALLOW UPLOAD to give privileged ability to read/write to public directories via FTP. 4. Select the Logical Volume where the public FTP directory will reside from the ANONYMOUS ROOT pull down menu. 5. Click APPLY to complete or click CANCEL to discard the changes and return to the Administration Home Page. NOTE: For security, it is recommended that the FTP service is provided behind a properly configured firewall to avoid unwanted intrusion over the network. 32

Web Administration Interface > MANAGE > Network Setting > iscsi Service The ABERNAS is equipped with iscsi initiator and target services that attach multiple iscsi target devices and converts them to Logical Volumes for client access. iscsi target devices can reside within the ABERNAS, or in external systems. Enable the iscsi Initiator Service: 1. Select the ENABLE iscsi INITIATOR SERVICE check box to start the initiator service. 2. To change the default initiator name, enter the new name in the INITIATOR NAME field. NOTE: iscsi names must be built in accordance with specific iscsi node naming rules in order to function properly. Here is a summary of the rules: A. Node names are encoded in the UTF-8 character set. Note the initiator service does not support UCS-4 characters. RFC 2044 describes UTF-8 encoding. B. Node names are 223 bytes or less. C. Node names may contain alphabetic characters (a to z), numbers (0 to 9) and three special characters:., -, and :. D. Uppercase characters are always mapped to lowercase. Complete rules for building iscsi node names are described in the iscsi specification and the String profile for iscsi Names internet draft. 33

3. Complete the instructions for enabling the iscsi TARGET Service by completing the instructions below or Click APPLY to save the current settings. Click CANCEL to discard the changes and return to the Administration Home Page. Enable the iscsi Target Service: 1. Select the ENABLE iscsi TARGET SERVICE check box. 2. Use the default name given in the TARGET NAME field or follow the requirements described in the iscsi specification. 3. Click APPLY to complete or click CANCEL to discard the changes and return to the Administration Home Page. 34

Web Administration MANAGE Server Config Network Setting Storage Manage User & Access Monitoring View Setting 35

Web Administration Interface > MANAGE > Storage Management Overview The ABERNAS system with an installed RAID controller can manage a broad range of storage devices for enhanced speed, added storage capacity to virtual disks and decreased impact of disk failure. Through the ABERNAS Web Administrator interface, the administrator can configure the installed RAID controller(s) to manage and format the internal and external storage devices. The Storage Management interfaces in the Web Administrator allow the administrator to: - Define the RAID type and format storage devices - Use the iscsi initiator to connect to external iscsi devices - Convert multiple individual fixed-disks into single large virtual storage volumes - Increase the total storage capacity of virtual storage volumes This section contains definitions for the terms and configurable settings found in the Storage Management interfaces of the Web Administration. Definitions for Volume Group Types: The ABERNAS system uses a hierarchical structure of storage volumes and volume groups in order to manage storage. The Web Administrator RAID Volume Manager provides the interface from which available storage devices can be implemented into this hierarchical structure of storage volumes: Raw Volume (RV) Raw Volumes are the unformatted fixed disks, SCSI and iscsi target devices. In order to be used, RVs must be belong to a named volume group called Physical Volume (PV). Raw Volumes can only belong to a single Physical Volume. Before being assigned to a Physical Volume, any available Raw Volumes are grouped into an RV POOL. Physical Volume (PV) Physical Volumes are collections of 1 to 3 Raw Volumes of varying sizes and types that have been converted into a single virtual storage volume with the total storage capacity equaling the sum of its parts. Up to (55) Physical Volumes can be contained per system. All or a portion of the Physical Volumes can now be partitioned and formatted into Logical Volumes of varying sizes and types. Logical Volume (LV) Logical Volumes are the formatted partitions of the Physical Volumes that can be access by clients. Definition of RAID Volume Types: RAID 0 - Combining multiple disk drives, into a single RAID volume as if it were a single disk drive. Data is written across multiple disk drives which increases the performance of the disk I/O. RAID 0 requires minimum of disk drives and there s no fault tolerance built into the RAID. Any single disk drive failure will cause the entire RAID to fail. Capacity of RAID 0 is equal to the available capacity of all the disk drives combined within the RAID. RAID 1 - Pairing of disk drives such that data is written to both drives. This creates redundancy in data so that failure of either disk drive will not cause total loss of data or access to the data. There s no disk I/O performance gain for RAID 1. RAID 1 requires a minimum of two disk drives and the capacity of RAID 1 is equal to half of the available capacity of all the disk drives combined within the RAID. RAID 3 - RAID 3 provides disk striping and complete data redundancy though a dedicated parity drive. RAID 3 breaks up data into smaller blocks, calculates parity by performing an exclusive-or 36

on the blocks, and then writes the blocks to all but one drive in the array. The parity data created during the exclusive-or is then written to the last drive in the array. If a single drive fails, data is still available by computing the exclusive-or of the contents corresponding strips of the surviving member disk. RAID 3 is best for applications that require very fast data- transfer rates or long data blocks. RAID 5 - Combining three or more disk drives with striping and built-in parity that rotates amongst the configured drives. This allows data sustaining and recovery even after a single drive failure. Disk I/O performance is slower than other RAID levels due to heavier processing requirements. Capacity of RAID 5 is equal to the sum of all drives combined within the RAID minus one drive s available capacity. RAID 6 - Provides the highest reliability. It is similar to RAID 5, but it performs two different parity computations or the same computation on overlapping subsets of the data. RAID 6 can offer fault tolerance greater than RAID 1 or RAID 5 but only consumes the capacity of 2 disk drives for distributed parity data. RAID 6 is an extension of RAID 5 but uses a second, independent distributed parity scheme. Data is striped on a block level across a set of drives, and then a second set of parity is calculated and written across all of the drives. RAID 10 - Using four or more disk drives to pair drives, then stripe across the pairs. In essence, it is the combining of RAID 0 and RAID 1. This provides redundancy in data (due to the paring of drives and each having the same data) as well as an increase in disk I/O performance (due to striping across paired drives). Capacity of RAID 10 is ½ of available capacity of all drives combined within the RAID. RAID x0 - RAID level x0 refers to RAID level 30, 50 and 60. RAID x0 is a combination multiple RAID x volume sets with RAID 0 (striping). Striping helps to increase capacity and performance without adding disks to each RAID x array. The operating system uses the spanned volume in the same way as a regular volume. Up to one drive in each sub-volume (RAID 3 or 5) may fail without loss of data. Up to two drives in each sub-volume (RAID 6) may fail without loss of data. RAID level x0 allows more physical drives in an array. The benefits of doing so are larger volume sets, increased performance and increased reliability. Degraded - Means that the RAID volume is degraded. For example, if 1 of the drives in RAID 1 has failed, then this RAID 1 volume is known to be in a degraded state. Rebuild - Means that a degraded RAID volume is being repaired to the normal state. Rebuild usually takes place when a hot spare or replacement disk, in place of the failed disk, is added to the degraded RAID volume. Hot Spare An active stand-by disk drive that is ready to replace any failed disk drive that belongs to a RAID volume. Hot spares prevent total loss of RAID volume in case of a single disk drive failure, allowing more time for the user to replace the failed disk drive. 37

Web Administration Interface > MANAGE > Storage Management RAID Volume Manager Managing RAID Volumes: The RAID Volume Manager page serves as a portal to the RAID controller s dedicated web administration GUI (Graphical User Interface). The number of RAID controllers shown on the page will vary based on the size of the AberNAS server. For example, a 1U AberNAS will have a single RAID Manager whereas an 8U AberNAS will have two. Click on Launch RAID Manager Controller #0 or #1 to manage the physical disks connected to each controller in the AberNAS. Changes made to the RAID configuration may require a reboot. Once changes are complete be sure to click Restart Now so any changes can be applied. A separate user name and password will be required to login to the RAID Mangers and they are not the same as those used for the AberNAS system itself. The default user name and password for the AberNAS RAID Managers are shown below: User Name: admin Password: 0000 IMPORTANT! Please see the RAID Adapter User Guide included on the AberNAS documentation CD for complete RAID controller settings and configuration options. 38

Web Administration Interface > MANAGE > Storage Management Software RAID Manager Certain models of the AberNAS (2U and smaller) may have this page available in the Storage Manage section of the GUI. The Software RAID Manager is only used when no HW RAID controllers are used in the system or when external iscsi volumes are connected. RAID Volumes (RDV) may be created using the Software RAID function with HDD's within the system or external (iscsi Volumes) to the system. To Create RAID: 1. Select disk(s) from Disk Pool. (External iscsi volume shows IP address in addition to the volume name) 2. Select RAID type & size. Select Create/Add button. To Add Hot Spare or to rebuild a degraded RAID Volume: 1. Select available disk from Disk Pool 2. Select Hot Spare from RAID Type and RDV from RDV Pool 3. Select Create/Add button 4. Select Refresh to detect newly added RV/RDV Note: Creating SW RAID Volume using external iscsi Volumes require min. 3 iscsi Target systems with proper license option. 39

Web Administration Interface > MANAGE > Storage Management External RAID Manager Certain models of the AberNAS (2U and Higher) may have this page available in the Storage Manage section of the GUI. The External RAID Manager serves as a shortcut to manage any Aberdeen XDAS units that may be connected to the AberNAS which would normally be managed by opening a separate web browser window. This enables the user to manage all RAID devices through a single management interface. 1. Input IP address or URL of the web based manager for the RAID HBA. 2. Input desired description for the web based manager. (Example: Aberdeen XDAS) Select Add. 3. Upon adding the web based manager, it will be listed in the RAID HBA CN Pool with its address and description. Note: Some RAID HBAs require system reboot in order to execute RDV related functions such as create, modify or delete RAID volume. Refer to the user's guide supplied by the RAID HBA manufacturer. 40

Web Administration Interface > MANAGE > Storage Management USB/1394 Volume Manager The USB/1394 Volume Manager is used to add external storage to the AberNAS so it can be shared out as network storage. To Add USB/1394 Volume: 1. Select USB/1394 Volume from Raw Volume Pool 2. Input name of device in Assign Device Name then select Add button 3. Selected USB/1394 Volume will be added to External Storage Volume Pool with assigned name. To Remove USB/1394 Volume: 1. Select USB/1394 Volume from External Storage Volume Pool 2. Select Remove button. Unfinished process to USB/1394 Volume may be interrupted. Warning: USB/1394 Volume is not intended to be used as part of a RAID Volume. Do not remove USB/1394 Volume without selecting the Remove button, as it may result in unexpected failure. 41

Web Administration Interface > MANAGE > Storage Management iscsi Initiator Management The iscsi Initiator Manager connects the ABERNAS system to internal and external iscsi target devices. iscsi Target Devices Benefits: - Expand storage volume without having to add more disk drives to the ABERNAS. 42

- Ability to manage Logical Volumes residing both internally and externally to the ABERNAS system. - Aggregate multiple iscsi target devices into a single, large, storage space. - No Fibre Channel or SCSI bus needed to connect to external storage subsystem. Discover Available iscsi Target Portals and iscsi Target Devices: 1. Input IP ADDRESS and PORT NUMBER (3 60 is default) of the system that contains iscsi target devices. 2. For iscsi target devices that use Challenge Handshake Authentication Protocol (CHAP), enter the USER ID and PASSWORD for the OUTGOING and INCOMING fields. OUTGOING authenticates the ABERNAS system when it access remote iscsi target device hosts. INCOMING authenticates remote iscsi target device hosts when it connects to the ABERNAS iscsi initiator systems. 3. Click on DISCOVERY and list of iscsi target devices will displayed on the LIST field. 4. To remove an iscsi target device, select it from the LIST and click REMOVE. Connecting And disconnecting iscsi Target devices: 1. Select desired iscsi target device to connect 2. If selected iscsi target devices use CHAP, then enter the OUTGOING and INCOMING USER ID and PASSWORD. 3. Click LOG IN button to connect, or to disconnect, select the desired iscsi target device then click the LOG OUT button. PV/RV Information: This information lists the status of any detected iscsi target devices. PV POOL shows connected iscsi target devices that are part of Physical Volume list. RV POOL shows the available iscsi target devices that have not been connected. 43

Web Administration Interface > MANAGE > Storage Management Volume Group Manager Volume Group is comprised of Physical Volume (PV), Expanded Physical Volume (Exp. PV), and Raw Volume (RV). Volume Group Manager features: - Convert RV to PV - Add RV to PV, thus, creating Expanded PV - Remove PV to RV Pool - Remove or Replace RV that s been added to PV 44

Creating PV: Creating PV is to convert the RV from the RV Pool to PV. Once RV is converted to PV, it is ready to be converted to Logical Volume (LV). Conversion from PV to LV means PV is formatted and ready to be used by clients attached to the ABERNAS. To create PV, select the desired RV from the RV POOL and click CREATE PV. Removing PV: PVs in the PV POOL or EXPANDED PV POOL can be removed and converted into RV. To remove PV, select the desired PV from the PV POOL or EXTENDED PV POOL. Adding RV to PV: RV s in the RV POOL can be added to the PV in the PV POOL to expand the capacity of the original PV, or, insert more LVs. To add the RV to the PV, select the desired available volumes from the PV POOL list, then click ADD RV TO PV. This process adds RV to the existing PV, thus, creating the Expanded PV. The added RV is now named PV. NOTE: RV s that were iscsi target devices or SCSI devices require manual conversion into LVs to be usable by the attached clients. Separate The PV From Expanded PV: To remove the PV that s been added to the PV, click on the PV from the EXPANDED PV POOL and click on REMOVE PV FROM EXP. PV. This process removes the PV from the EXPANDED PV, converts the PV to RV and places it in the RV POOL as an RV. Physical Volume Expansion may be used to combine multiple PVs to create a single, large PV. This process can be useful when combining multiple PVs belonging to different RAID controller cards. Replace The PV In the Expanded PV with Another RV: To replace a PV belonging to an Expanded PV with another RV, all necessary volumes can be selected at once rather than removing first, then, adding next. Select the PV belonging to EXPANDED PV, select the RV you wish to replace the PV selected, click on REPLACE PV IN EXP. PV or click CANCEL to discard the changes and return to the Administration Home Page. CAUTION: Removing PV, separating PV, or replacing PV will cause the PV to loose its data. 45

Web Administration Interface > MANAGE > Storage Management Logical Volume Manager A Logical Volume (LV) is a formatted storage volume in PV that can be shared by network clients attached to the AberNAS. By default, all users are given access to a logical volume. To assign exclusive access to specific users or user groups, go to the User and Access section. Functions of Logical Volume Manager: - Create Logical Volume - Designate file system or iscsi to Logical Volume - Modify Logical Volume - Delete Logical Volume NOTE: The Reiser File System has superior performance when working with smaller size files, such as database files. The XFS file system has superior performance when working with large size files, such as video. LV size cannot be decreased in XFS. In order to decrease the size of the LV, it must first be deleted and then recreated. XFS LVs can be increased in size without deleting the volume. 46

Creating a New Logical Volume: 1. Select a Physical Volume with available space from the PHYSICAL VOLUME pull down menu. NOTE: Do not use identical names for logical Volumes, even if they belong to different physical Volumes. 2. Enter a unique name in the VOLUME NAME field. Names can be up to 15 alphanumeric characters and must not contain spaces. 3. If it is beneficial to add a description of this Logical Volume to help identify its use, enter that description in the VOLUME DESCRIPTION field using up to 50 alphanumeric characters. This is an optional field. 4. Enter the storage size of the Logical Volume in Megabytes in the VOLUME SIZE field, keeping in mind the amount of available space. 5. Select a file system for the Logical Volume from the VOLUME FILESYSTEM pull down menu. Reiser FS and XFS support network clients such as Microsoft, UNIX/Linux, and Apple. iscsi is a network based block device connected through SCSI over IP protocol, formatted and used as a network storage volume. 6. Click on CREATE to complete the configuration of this Logical Volume or click CANCEL to discard the changes and return to the Administration Home Page. Repeat the above steps to create and configure additional logical volumes. Modify an Existing Logical Volume: 1. Select the Physical Volume containing the Logical Volume to modify from the PHYSICAL VOLUME pull down menu. The Logical Volume(s) contained in the selected Physical Volume will populate in the EXISTING LOGICAL VOLUME pull down menu. 2. Select the Logical Volume to modify from the EXISTING LOGICAL VOLUME pull down menu. The current Logical Volume information is immediately displayed on the screen. 3. Modify the VOLUME NAME, VOLUME DESCRIPTION, VOLUME TYPE and/or VOLUME SIZE as needed. CAUTION: Changing the VOLUME FILE SYSTEM type will delete all data on the device. 4. To complete the modification, click on MODIFY or click CANCEL to discard the changes and return to the Administration Home Page. Delete a Logical Volume: NOTE: Size cannot be modified if snapshot Volume is attached to the logical Volume. 1. Select the Physical Volume that contains the Logical Volume you wish to delete from the PHYSICAL VOLUME pull down menu. A list of Logical Volumes for the selected Physical Volume appears in the EXISTING LOGICAL VOLUME pull down menu. 2. Select the Logical Volume to delete from the EXISTING LOGICAL VOLUME pull down menu. CAUTION: Deleting logical Volumes cannot be undone and data will be lost. Be sure to select the correct logical Volume. If snapshot Volume is associated with the selected logical Volume, snapshot Volume must be deleted first. 47

3. Click DELETE at the bottom of the page. The selected Logical Volume is removed from the Select Logical Volume list or click CANCEL to discard the changes and return to the Administration Home Page. NOTE: Logical Volume cannot be deleted if snapshot Volume is attached to the logical Volume. 48

Web Administration Interface > MANAGE > Storage Management Format Format a logical volume to erase all of its contents. Although it is not required, you can also change the logical volume name. CAUTION: Formatting a physical volume cannot be undone and you will be asked to confirm your request. Be sure to move data you need to save to another location before formatting the volume. Format a Logical Volume: 1. Select the logical volume from the LOGICAL VOLUME pull down menu. 2. To change the VOLUME NAME (optional), enter the new name in the ENTER NEW NAME field. Names can be up to 15 alphanumeric characters and must not contain spaces. 3. Click on FORMAT. The AberNAS immediately begins to format the selected logical volume. Click CANCEL to discard the changes and return to the Administration Home Page. 49

Web Administration MANAGE Server Config Network Setting Storage Manage User & Access Monitoring View Setting 50

Web Administration Interface > MANAGE > User & Access Local User Management Local users are those user accounts that are created within the AberNAS specifically for access to the AberNAS files and folders. Once local users are created, they can be assigned to logical volumes as individual users or as part of a user group. Create Local Users: 1. Enter the user name with a maximum of 5 characters in the USER NAME field. 2. Enter a unique password in the PASSWORD fields - between 6-8 alphanumeric characters without spaces. The password is case-sensitive. 3. Click CREATE to add the user to the local user list or click CANCEL to discard the changes and return to the Administration Home Page. Repeat the steps above to create additional local users. NOTE: The AberNAS seeks and lists users and groups in local, LDAP, NIS, and ADS/PDC. Duplicate user IDs and groups will also be listed in this order: local, LDAP, NIS, and ADS/PDC. 51

Access a User s Home directory: A Home directory is a private directory that is a designated for a user. This user has the highest level of access control to this directory designated by the Administrator/Owner. Home directory can be accessed by using two methods: 1. Map to the Logical Volume Share that contains the user home directory. 2. Access via Web browser by entering ftp://user_name@server.com or IP address of the server. Delete a User From The Local Users List: 1. Select the user to delete from the USER LIST. 2. Click DELETE to complete this process or click CANCEL to discard the changes and return to the Administration Home Page. CAUTION: Deleting users cannot be undone and you will be asked to confirm deletion. Be sure to select the correct user(s). Modify an Existing User: 1. Select the user from the USER LIST. 2. Enter the new information in the appropriate fields. 3. Click APPLY CHANGES to complete this process or click CANCEL to discard the changes and return to the Administration Home Page. 52

Web Administration Interface > MANAGE > User & Access Local Group Management User groups are formed to easily manage a group of users and apply access levels to the entire group for specific logical volumes. The new user groups you create will be available to assign to logical volumes on the Microsoft and Apple Access Control Pages. Create Local User Groups: 1. Enter a unique name for the user group in the LOCAL USER GROUP NAME field, up to a maximum of 15 alphanumeric characters. 2. Click CREATE. The new local user group will appear in the LOCAL GROUPS list or click CANCEL to discard the changes and return to the Administration Home Page. Add User To User Groups: 1. Select the group from the LOCAL GROUPS list. 2. Select the user from the ALL USERS list and click ADD. Multiple users can be selected using the CTRL and SHIFT keys. NOTE: The AberNAS seeks and lists users and groups in local, LDAP, NIS, and ADS/PDC. In the event where you have duplicate user IDs, the above order will be used to list and accept duplicate users and groups. 53

Modify/delete Local User Groups: 1. Select the user group to modify from the LOCAL GROUPS list. The members of the user group are immediately displayed in the GROUP USERS list. 2. Add a user by selecting the user from the ALL USERS list and clicking on ADD or Delete a user by selecting the user from the GROUP USERS list and click REMOVE. 3. Repeat the steps above until you have modified all necessary user groups. NOTE: To change the name of the user group, you must delete the existing user group and re-create with the desired name. Delete a User Group: 1. Select the user group to delete from the LOCAL GROUPS list. 2. Click DELETE. The selected user group is removed from the LOCAL GROUPS list. Click CANCEL to discard the changes and return to the Administration Home Page. CAUTION: Deleting user groups cannot be undone and you will be asked to confirm deletion. Be sure to select the correct user group(s). 54

Web Administration Interface > MANAGE > User & Access Access Control Microsoft Once logical volumes have been created, users or user groups can be assigned to have access to specific logical volumes. By default, all users are given access to a new logical volume. You can assign exclusive access rights to a logical volume to one user group or to individual users. Furthermore, you can specify an individual user, who is part of a user group, to have higher or lower access level than the rest of the group. This section controls the access control at the directory level. For sub-directory and file level access control, user must assign them directly to the sub-directory, or file, from the Microsoft client. 55

Assign Access Control: To assign users and/or user groups access to a logical volume, follow the steps below: 1. Select the logical volume that you wish to give user access to from the SELECT LOGICAL VOLUME pull down menu. 2. Select the user(s) and/or user group(s) from the ALL USERS list. 3. Select FULL CONTROL, READ/WRITE, READ ONLY or DENY from the ACCESS CONTROL radio button list for setting the access levels: - FULL CONTROL Read, write, and delete file privileges to the selected logical volume - READ/WRITE Read and write files to the selected logical volume. Users will not be able to delete files. - READ ONLY Read privileges to the selected logical volume. Users will not be able to add new files, modify files or delete files. - DENY All access is denied to the selected logical volume for the user. This is necessary when you wish to give access to a user group except for an individual user within that group. Any individual user within a user group can be assigned with different access level from the rest of the user group by assigning a different access level to the individual user for the logical volume. The individual user access level takes priority over the user group access level. User will not be able to read, write or delete any files within the logical volume. 4. Click on ADD. 5. To remove a user or user group from the logical volume, select them from the ASSIGNED USERS list and click REMOVE. 6. Add or delete additional user(s) and/or user group(s) to the logical volume by repeating steps 1 through 5 above. Host IP Blocking: In addition to user level access control, you can specify host-level security by adding the host IP addresses to the ALLOW or DENY host IP blocking lists. Add IP Address to Allow or Deny List: 1. Select the logical volume that you wish to assign host IP blocking from the SELECT LOGICAL VOLUME pull down menu. 2. Enter the IP address of the host in the appropriate ALLOW or DENY fields then click ADD to add the IP address to the respective list. Click CANCEL to discard the changes and return to the Administration Home Page. Delete an IP Address to Allow or Deny List: 1. Select the logical volume where you wish to assign host IP blocking from the SELECT LOGICAL VOLUME pull down menu. 2. Select the IP address from the ALLOW or DENY pull down menu, then click DELETE to remove the IP Address from the respective list. Click CANCEL to discard the changes and return to the Administration Home Page. NOTE: When an IP address is added to the Allow List, those on the Allow List are the only host IP addresses that will be allowed to access the logical Volume. When an IP address is added to the Deny List, those on the Deny list are the only host IP addresses that will be denied from accessing the logical Volume. 56

Web Administration Interface > MANAGE > User & Access Access Control UNIX NOTE: Synchronizing the AberNAS with NIS does not automatically give NIS Users access to the logical Volume. All Logical Volumes to be accessed by NIS users must first be mounted by the host computer. Add Host Access: 1. Select the logical volume that you wish to give host access to from the SELECT LOGICAL VOLUME pull down menu. 2. Click Enable NFS Access. NOTE: Selecting Enable NFS SERVICE from the Network Settings Interface of the web administration GUI enables global NFS access. Disabling this option disables NFS access completely. Unless NFS access is added with host IP address for each logical volume, NFS access for that logical volume is disabled. As a result, the pull down menu of the NFS access for the logical volume share is disabled by default. 57

3. Type in the IP address of the UNIX host in the Host/Host Group Address field and select the desired mounting options for this host. Up to four access levels may be applied to each host that is added to the logical volume: - ROOT SQUASH Any user logging in as root will be assigned a different user ID so that limited privilege of read/write/delete is assigned to the logged-in user. - ALL SQUASH Any user logging in will be assigned a different user ID so that limited privilege of read/write/delete is assigned to the logged in user. - READ ONLY Any user logging in can have read-only access. - SECURE Secure option limits the user that can mount to NFS file system to super users only (TCP/IP port #10 4 and below). If a third party application exists that allows non-super users to mount to the NFS file system, secure option should be deselected. - ASYNC Allows the NFS server to violate the NFS protocol and reply to requests before any changes made by that request have been committed to stable storage (e.g. disc drive). Using this option usually improves performance, but at the cost that an unclean server restart (i.e. a crash) can cause data to be lost or corrupted. - SUBTREE CHECK If a subdirectory of a file system is exported, but the whole file system isn t then whenever an NFS request arrives, the server must check not only that the accessed file is in the appropriate file system but also that it is in the exported tree. By default, top directory permission is set to rwx/rwx/rwx. To modify, select the desired rwx permission settings for OWNER, GROUP and OTHER from the TOP DIRECTORY PERMISSION check boxes. NOTE: For detailed explanations of Root Squash, All Squash, Read Only, Secure, etc, please refer to following URL: http://linux.die.net/man/5/exports STICKY BIT When Sticky bit is enabled on a directory, files inside the directory may be renamed or removed only by the owner of the file, the owner of the directory, or the super user (even if the modes of the directory would otherwise allow such an operation). 3. Click MODIFY to complete or click CANCEL to discard the changes and return to the Administration Home Page. NOTE: STICKY BIT is used to allow only the root or the owner of the file to unlink or rename the file. When disabled, anyone that has access to the directory can rename or unlink the file. Delete The Host: 1. Select the IP address from the IP ADDRESS pull down menu. 2. Click DELETE or click CANCEL to discard the changes and return to the Administration Home Page. NOTE: Each IP address must be deleted manually. Changing the logical volume share and setting it to DISABLE does NOT delete the IP address(es). Security Method for NFS Access: The AberNAS implements standard UNIX security for NFS access. This means that the UNIX host that is added to the logical volume can mount to the logical volume with assigned access 58

privileges. Any user logging into the host is authenticated by the NIS (Network Information Service) server or the UNIX host s own security. After the user is logged into the host, he/she is able to access the logical volume on the AberNAS with read/write/delete or read-only privilege, depending on the access privilege that was assigned to the host. Individual subdirectories created by the user can be secured by applying one of the following: 1. OWNER ONLY 2. USER GROUP THAT THE USER BELONGS TO 3. EVERYONE IN THE SUB-DIRECTORY. Mounting Syntax: AberNAS shares are mounted under the /exports directory. Sample mounting syntax is as below: mount -t nfs 10.1.1.201:/exports/share0 /host local directory Sample Mounting Syntax: mount -t nfs vers=3,tcp,rsize=16384,wsize=16384 10.1.1.201:/exports/share0 /mnt 59

Web Administration Interface > MANAGE > User & Access Access Control Apple Once logical volumes have been created, local or NIS, users or user groups can be assigned to have access to specific logical volumes. By default, all users are given access to a new logical volume. You can assign exclusive access rights to a logical volume to one individual user or one entire user group. Furthermore, you can specify an individual user, who is part of a user group, to have higher or lower access level than the rest of the group. This section controls the access control at the directory level. For sub-directory and file level access control, user must assign them directly to the sub-directory or file, from the host. Assign Access Control: To assign users and/or user groups access to a logical volume, follow the steps below: 1. Select the logical volume that you wish to give user access to from the SELECT LOGICAL VOLUME pull down menu. 2. Select the users and/or user groups from the ALL USERS list. 3. Select FULL CONTROL, READ/WRITE, READ ONLY or DENY from the ACCESS CONTROL radio button list for setting the access levels: - READ/WRITE Read and write files to the selected logical volume. Users will not be able to delete files. 60

- READ ONLY Read privileges to the selected logical volume. Users will not be able to add new files, modify files or delete files. - DENY All access is denied to the selected logical volume for the user. This is necessary when you wish to give access to a user group except for an individual user within that group. Any individual user within a user group can be assigned with different access level from the rest of the user group by assigning a different access level to the individual user for the logical volume. The individual user access level takes priority over the user group access level. User will not be able to read, write or delete any files within the logical volume. 4. Click ADD to complete this process. 5. To remove a user or user group from the logical volume, select them from the ASSIGNED USERS list and click REMOVE. 6. To ADD or DELETE additional user(s) and/or user group(s) to the logical volume repeat all of the steps shown above. 7. Apply the following options if necessary by selecting their respective fields: - casefold option: Casefold option handles how case names should be managed. - tolower: Lower cases names in both directions. - toupper: Upper cases names in both directions. - xlatelower: Client sees lower case, server sees upper case. - Xlateupper: Client sees upper case, server sees lower case. - mswindows: Forces filename restrictions imposed by MS WinXX and invokes the MS default codepage (iso8859-1) if one is not already specified. - prodos: Provides compatibility with Apple II clients. - nohex: Disables hex. - crlf conversion: Enables crlf translation for TEXT files. - usedots: Don t do hex translation for dot files. This makes all files such as.parent,.apple* illegal. Dot files created on the server side will be invisible to the client. - read only: Specifies the share as being read only for all users. - limitsize: Hack for older Macintosh using newer Appleshare clients to limit the disk size reporting to GB. 8. Click APPLY to complete this process or click CANCEL to discard the changes and return to the Administration Home Page. Restart AFP Service: 1. Click RESTART SERVICE to restart the AFP service. 61

Web Administration Interface > MANAGE > User & Access Access Control iscsi User and Access control can be applied to iscsi target devices with User ID & Password as well as by Host IP of the client. Global Users - Define the access control for all iscsi target devices within the ABERNAS system. Having access as a global user allows this user to scan and view all iscsi target devices in the system. 62

Target Users - Define the access control for individual iscsi target devices. Each target device may have a different user ID and password, thus, the user may not have access to all of the target devices in the system. Host IP Blocking - Controls access to each iscsi target device by allowing or disallowing Host IP addresses of the client. This feature is a subset of Target Users, thus, each iscsi target device must have its own HOST IP BLOCKING list. Global and Target User(s): There are two ways to control access at the user level: 1. INCOMING: Incoming user and password controls any users that are trying to access the iscsi target device from another host in the network. This is the case for both Global Users and Target Users. 2. OUTGOING: Outgoing user and password controls the authenticity of iscsi target device to the inquiring user. This is to certify to the incoming user that the system that they re trying to access is indeed the system they ve intended to access. NOTE: This feature is not supported by all iscsi initiators. Please refer to your iscsi initiator manual for details. NOTE: Only 1 user ID and password is used for Outgoing user. INCOMING and OUTGOING user(s) can apply to both Global User and Target User. Creating a Global User: 1. Enter the user name and password in the USER NAME and PASSWORD fields. 2. CONFIRM PASSWORD. 3. Click ADD to create the user and add user name to the USER LIST. Same steps apply to both Incoming and Outgoing Users. Creating a Target User: 1. Select LV from the SELECT LOGICAL VOLUME pull down menu. 2. Input user name and password in the USER NAME and PASSWORD fields. NOTE: Length of the password and character requirements depend on the iscsi Initiator used. Refer to your iscsi Initiator manual for details. 3. Confirm the password. 4. Click ADD. This will create the user and add the user to the USER LIST. Same steps apply to both Incoming and Outgoing Users. NOTE: The user list for iscsi target devices, both Global and Target, is separate from the user list that belongs to local, NIS and ADS/PDC. 63

Delete User: Select the desired user from the USER LIST and click the respective DELETE button. This applies to any user, Global or Target, Incoming or Outgoing. Host IP Blocking: In addition to user level access control, you can specify host-level security by adding the host IP address to the ALLOW or DENY host IP blocking lists. Add IP Address to Allow or Deny List: 1. Select the logical volume that you wish to assign host IP blocking from the SELECT LOGICAL VOLUME pull down menu. 2. Enter the IP address and access port number (3260 is default) of the host in appropriate ALLOW or DENY fields then click ADD to add the IP address to the respective list. Click CANCEL to discard the changes and return to the Administration Home Page. Delete an IP Address to Allow or Deny List: 1. Select the logical volume where you wish to assign host IP blocking from the SELECT LOGICAL VOLUME pull down menu. 2. Enter the IP address and access port number (3260 is default) of the host in appropriate ALLOW or DENY fields then click DELETE to add the IP address to the respective list. Click CANCEL to discard the changes and return to the Administration Home. NOTE: When an IP address is added to the allow list, those on the allow list are the only host IP addresses that will be allowed to access the target. When the IP address is added to the Deny List, those on the Deny List are the only host IP addresses that will be denied access the target. 64

Web Administration Interface > MANAGE > User & Access Quota Management Quota management allows the administrator to apply limitation on capacity and number of files used by each user. 1. Select logical volume to apply the quota value from SELECT LOGICAL VOLUME pull down menu. 2. Check the ENABLE QUOTA box and click APPLY. By clicking APPLY, additional settings will become visible. 65

3. Set the block limit (capacity limit) for all users/user groups by entering a value in the SET ALL BLOCK LIMITS field or Set a different block limit for each user/user group by entering values in the user/user group fields below. 4. Set the maximum number of files allowed for all users in the NUMBER OF FILES field or Set a different file limit for each user/user group by entering values in the user/user group fields below. 5. Click APPLY to complete. NOTE: Usage field next to BLOCK LIMIT and FILE LIMIT shows the current usage by the user. Quota scheme is designed to monitor aggregate usage of all the users/groups. As a result, sum of quota assigned for the logical volume may exceed the total capacity of the logical volume. Quota is not active if the logical volume has EVERYBODY ACCESS assigned for Access Control. Deleting logical volume when quota is assigned will erase all quota assignment. To reset quota, deactivate and reactivate quota for desired logical volume. CAUTION: When using in SFM configuration, enable quota before enabling SFM. If SFM requires disabling, disable quota before disabling SFM. 66

Web Administration MANAGE Server Config Network Setting Storage Manage User & Access Monitoring View Setting 67

Web Administration Interface > MANAGE > Monitoring Notification The AberNAS is equipped with features that will notify designated administrators with failure notifications via e-mail. Setup a Failure notifications Procedure: 1. SMTP Server IP Address Enter the IP address and Account information of an outgoing mail server that will be used to send e-mail notifications. 2. E-mail Addresses Enter the full e-mail addresses (e.g. name@company.com) for up to three administrators who are to be notified when any of the above selected failures occur. 3. Send Test E-mail If selected, a test notification message will be sent to each e-mail address entered in the E-MAIL ADDRESSES fields after the APPLY button is pressed. 4. Enable UPS The COM port of the ABERNAS may be connected to an Uninterruptable Power Supply (UPS) monitor port. When the UPS is activated due to a power loss, a notification will be sent to each e-mail entered in the E-MAIL ADDRESSES fields. NOTE: Must use a simple signaling Cable for proper functionality with the AberNAS system. 68

5. SNMP When enabled, monitoring applications may receive ABERNAS status via SNMP protocol. 6. Temperature/Fan Monitoring Temperature, CPU/Chassis fans may be monitored via Web administration. In addition, any over-temp. (above 75 C ambient) or fan failure (if connected fans have tachometer output for RPM) status will be notified by e-mail. CAUTION: By default, temperature and fan monitoring are disabled. This is to prevent automatic system shutdown when an unknown motherboard is configured. The AberNAS OS must be able to communicate with the server monitoring chips (often referred to lm or I2C sensors) in order to properly use this feature. Unrecognized chips may result in improper temperature and fan readers. 7. Click APPLY to complete, or click CANCEL to discard the changes and return to the Administration Home Page. 69

Web Administration Interface > MANAGE > Monitoring Utilization 70

Monitor the following the AberNAS utilization parameters in real time: CPU Displays the percentage of CPU utilization. Multiple CPUs or CPU cores will be listed individually. System Memory Displays % of system memory being used and includes cached data. Disk I/O Utilization Displays disk I/O in MB. Network Utilization Displays accumulated received and transmitted to and from the ABERNAS. Click REFRESH to view the latest status, or Click CANCEL to return to the Administration Home Page. NOTE: Utilization page refreshes every 30 seconds. 71

Web Administration Interface > MANAGE > Monitoring General Monitor the following areas real time: Server Uptime Displays how long the AberNAS has been running in days, hours and minutes since it was turned on. Server Temperature Displays the current temperature and fan status of the AberNAS. NOTE: If the temperature reaches above 75 C, Over-temp is displayed and an e-mail notification is sent to the addresses listed on the Notification page. Fan Status (RPM) Displays rotation speed and status of the CPU and chassis fans in RPM. SNMP Displays Enabled if activated. To view the latest status, click REFRESH, or Click CANCEL to return to the Administration Home Page. 72

Web Administration Interface > MANAGE > Monitoring Server Log All actions, events and messages occurring on the AberNAS system are recorded and can be viewed on the SERVER LOG page of the Web Administration GUI. This comprehensive log of activities can be useful for troubleshooting problems or managing the AberNAS system. NOTE: The AberNAS begins recording all server events and activities in the server log as soon as it is installed. View A Log of Activities: Navigate to the SERVER LOG page and enter the number of days to be displayed in the logs. Click REFRESH to view the most current logs. Click REMOVE to delete the current log information. Click CANCEL to return to the Administration Home Page. The server log on this page is filtered to report events that were determined to be most commonly used. For an expanded log of the ABERNAS, login via the command line. All directories in /var/log/ can be viewed for various types of system logs. 73

Web Administration Interface > MANAGE > Monitoring User Access This feature allows the administrator to view information about the user(s) that are accessing the ABERNAS system, including the type of computer(s) used to log in and details about the file(s) it accessed. Click REFRESH to update the list of user(s) and the file(s) currently being accessed, or Click CLOSE to return to the Administration Home Page. 74

Web Administration MANAGE Server Config Network Setting Storage Manage User & Access Monitoring View Setting 75

Web Administration Interface > MANAGE > View Setting General Setting View the Server Configuration settings for the following: - Server Name - Server Description - Date and Time - Time Zone - Language - NTP These settings can be changed on the SERVER CONFIGURATION pages of the ABERNAS Web Administration GUI. Click CANCEL to return to the Administration Home Page. 76

Web Administration Interface > MANAGE > View Setting Network Settings View the Network Setting configurations for the following: - TCP/IP settings for Gigabit - Port Bonding - Microsoft Networking - UNIX Networking 77

- Apple Networking - LDAP Client - DHCP Service - FTP Service - iscsi Initiator Service These settings are configured and can be changed on the NETWORK SETTINGS pages of the ABERNAS Web Administration GUI. Click CANCEL to return to the Administration Home Page. 78

Web Administration Interface > MANAGE > View Setting Storage Management View the Storage Management configurations for the following: - RAID Volumes - Physical Volumes - Logical Volume Shares - File System - Maintenance These settings are configured and can be changed on the SERVER MANAGEMENT pages of the AberNAS Web Administration GUI. Click CANCEL to return to the Administration Home Page. 79

Web Administration Interface > MANAGE > View Setting Access Control View the User & Access configurations for the following: - IP address list of all Microsoft hosts with security status - IP address list of all UNIX hosts with security status These settings are configured and can be changed on the USER & ACCESS pages of the AberNAS Web Administration GUI. Click CANCEL to return to the Administration Home Page. 80

Web Administration Interface > MANAGE > View Setting Server Monitoring View the Server Monitoring configurations for the following: - SMTP IP address - Email Addresses (up to three notification email addresses) These settings are configured and can be changed on the SERVER MONITORING NOTIFICATIONS pages of the ABERNAS Web Administration GUI. Click CANCEL to return to the Administration Home Page. 81

Web Administration Back Up Mirror and Restore Snapshot Server Mirror Folder Replication View Setting 82

Web Administration Interface > Backup Mirror and Restore > Snapshot Snapshot and Restore: The AberNAS is equipped with Snapshot technology where it can take scheduled snapshot of its Logical Volume(s) to retrieve files that were accidentally erased. The total number of Snapshots per AberNAS system is three, regardless of number of PV s or LV s existent on the system. The three volume limit was placed as it is the typical maximum used by users. The quantity of Snapshot volumes may be increased if necessary, please contact Aberdeen Technical support for details. NOTE: Snapshots are assigned to individual logical volumes as snapshot volumes. Snapshot volumes reside in the same physical volume as the logical volume. As a result, physical volumes must have adequate free space to support both the snapshot volume and contents of the logical volumes. The size of the snapshot volume varies depending on the environment in which the AberNAS system is deployed. If there are frequent changes to the files by large number of users, and multiple snapshots are required per logical Volume, then, higher capacity should be considered for the snapshot volume. The AberNAS uses block level method, where changes in the logical volume are written to the snapshot volume(s) simultaneously. As a result, having multiple snapshot volumes per logical volume requires multiple writes. Performance degradation for disk I/O is affected by the number of snapshot volumes per logical volume and the frequency of changes in the logical volume. If the maximum capacity for the snapshot volumes has been reached, the system will no longer be able to create new snapshots. When this occurs, the administrator will be notified. 83

Create Snapshots: 1. Input name in the SNAPSHOT SHARE NAME field (Up to 15 alpha numeric characters). 2. Select the LV from the VOLUME LIST pull down menu. NOTE: The PV in which this LV will reside must have adequate free space. 3. Input description in the SNAPSHOT DESCRIPTION field. This is optional. 4. Enter the capacity (in MBs) for Snapshot Volume in the SNAPSHOT SIZE field. (Time based is the specified time that each Snapshot is taken. For example, hour of the day, day of the week, or date of the month. 5. For Time based schedule, select DAY, WEEK or MONTH from the FREQUENCY pull down menu : - Day: Enter hour and minute of the day to take Snapshot. Value of 1 is 1:00AM. - Week: Enter day, hour and minute of the week to take Snapshot. Value 1 is Monday. - Month: Enter date, hour and minute of the month to take Snapshot. Value of 1 is 1 st. 6. Click CREATE to create Snapshot Volume, or Click CANCEL to return to the Administration Home Page. Delete Snapshot: 1. Select desired Snapshot from the SNAPSHOT list. If you cannot locate the Snapshot Volume, change to another LV by selecting a different LV from VOLUME LIST pull down menu. Click DELETE to delete the Snapshot Volume, or click CANCEL to return to the Administration Home Page. Modify Snapshot: First delete the Snapshot, then recreate. See above for instructions for creating and deleting Snapshots. Click CANCEL to undo changes and return to home page. 84

Web Administration Back Up Mirror and Restore Snapshot Server Mirror Folder Replication View Setting 85

Web Administration Interface > Backup Mirror and Restore > Server Mirror Server Fail-over and Mirror (SFM): Server Fail-over and Mirror (SFM) is an optional feature used to bind two AberNAS servers as one so as to write data to both systems simultaneously. In addition, this feature also provides server service fail-over so that clients attached to the primary server can be serviced by the secondary server in the event that primary server is not able to provide the service. The clients accessing the primary server, in most cases, will not notice the fail-over process when the secondary AberNAS takes over. Each AberNAS system has two groups of network port(s). One group is dedicated for client serving (Data ports) and the other group is dedicated for data copying and communicating (SFM ports) with each other. Both groups of network ports may be bonded for higher throughput as well as fail-over within NIC ports. Before Configuring SFM: - Both systems should have at least one NIC port dedicated for SFM use. Connection between two systems may be via crossover cable or connected to a switch. When using a switch, it is recommended that the switch for the SFM ports be separate from Data ports. NOTE: SFM port may be configured simply by clicking on the available port and selecting SFM. TCP/IP information is not needed for SFM port. - Both systems must have same number of PVs and LVs as well as same capacity for PVs and LVs. Name the PVs and LVs the same for both systems. - Both systems should be connected to the same subnet. - If ADS/PDC and/or NIS synchronization is planned, synchronize ADS/PDC and/or NIS before starting SFM configuration for the primary server. If ADS/PDC and/or NIS synchronization need to be disabled, disable SFM first. - Plan three IP addresses: 1. Data IP address for primary server. For example, 10.1.1.100 2. Data IP address for secondary server. For example, 10.1.1.101 86

3. IP address for Service port. Service port is the virtual port used for clients to connect to the AberNAS system in SFM mode. For example, 10.1.1.200. 4. For this manual, the following IP addresses will be used for example: - Primary server IP address: 10.1.1.100 - Secondary server IP address: 10.1.1.101 - Service port IP address: 10.1.1.200 Configure SFM: 1. Power up primary server. Secondary server must be turned off. 2. Configure the TCPI/IP for Data port and SFM port in Network Setting TCP/IP configuration. IP address for primary server s Data port would be (10.1.1.100). SFM port is assigned by the AberNAS, simply click on the available NIC port, SFM radio button and click Apply. 3. Go to SFM page found in Backup, Mirror and Restore section, and select Primary radio button. Input Service IP address (10.1.1.200) and Secondary IP address (10.1.1.101) 4. Reboot the primary server. Configuration of the primary server is done. 5. Power up secondary server. Primary server should be on at this time. 6. Configure the TCP/IP for Data port and SFM port in Network Setting / TCP/IP configuration. The IP address for secondary server s Data port would be (10.1.1.101). The SFM port is assigned by the AberNAS. Simply click on the available NIC port, SFM radio button and click Apply. 7. Go to SFM page found in Backup, Mirror and Restore section, and select Secondary radio button. Input Service IP address (10.1.1.200) and Primary IP address (10.1.1.100). 8. Reboot the secondary server. 9. Both systems SFM page will now indicate that the sync is configured. 10. Clients need to map to network storage available from 10.1.1.200. 11. If the primary server should be incapable of serving its clients due to: - Disconnected NIC port - Powe r outage - RAID volume corruption - OS kernel panic Secondary server will take over the service and all data on the primary server will be available, except, for those that were being written when the primary server failed. Re-deploy Failed Primary Server: 1. Fix the problem that disabled the primary server. NOTE: The re-deployment option of the primary server exists so that it can become the secondary server. The former secondary server now becomes the primary server. 87

2. The AberNAS server to be re-deployed must meet the requirements detailed under Before Configuring SFM. 3. Configure TCP/IP for the Data port in line with above example. Data port IP address would be (10.1.1.100). 4. If the server requires reconfiguration for RAID, Mirror the secondary server that is active. 5. Follow the steps above to configure the server to synchronize with primary server (formerly the secondary server). 6. Boot the former primary sever, it will sync and take position of secondary server. NOTE: If the primary server had data stored before configuring SFM, it will immediately start to copy its data to the secondary server. Copy process time will vary depending on the size and type of file(s) on the primary server. When the former primary server (now secondary server) is re-deployed, data copy from former secondary server (now primary server) to former primary server (now secondary server) will take place immediately. Since server-to-server data mirroring involves multiple writes of same data, overall throughput of the AberNAS will be reduced. Performance varies on usage, type of data being transmitted, and the overall load on the AberNAS. 88

Web Administration Back Up Mirror and Restore Snapshot Server Mirror Folder Replication View Setting 89

Web Administration Interface > Backup Mirror and Restore > Folder Replication Folder Replication: Add A Folder For Replication: 1. Click ADD. This page will expand to reveal more options. NOTE: Folder replication can be configured with multiple schedules to support one to many and many to one. 2. Enter a unique name for the for this folder replication set (Up to 15 alpha numeric characters) in the NAME field. 3. Enter the full path to the source folder in the SOURCE field. Input the path for the target folder. For local folder path, click BROWSE LOCAL VOLUMES. NOTE: This is an example of how the path to the source should appear in the target field: 192.168.1.2:/exports/shared 4. Enter the full path of the location of the replicated folder, or target folder, in the TARGET field. To search for an existing folder, click BROWSE LOCAL VOLUMES. NOTE: This is an example of how the path to the source should appear in the source field: 192.168.1.2:/exports/shared 90

5. Set optional features for this Folder Replication set in the OPTIONS check boxes and fields. Enable Replication Scheduling - Allows the schedule to be set for the replication. Schedule can be set in the Schedule section: Hourly Select minute of the hour. Daily - Select the hour and minute of the day. 91

Weekly - Select the day, hour and minute of the week. Monthly Select date, hour and minute for the date of the month Delete files on destination that no longer exists on source As data is being copied to the target folder, it will delete any files that are no longer present in the source folder. Enable file Compression This feature compresses the file by utilizing the gzip compression protocol. Full file copy Default setting for folder replication is to copy only the changes (incremental checks) after the first full copy. This feature ignores the incremental checks and applies full copy. Limit I/O bandwidth Limits the amount of bandwidth allow for this Folder Replication set to the designated value in KBytes/second. A value of zero (0) will give this set unlimited bandwidth. Number of revisions to be preserved Indicates number of copy revisions to keep. 6. Set the SCHEDULE for replication by hours and minutes. Click SAVE to save this setting, or Repeat the process above to create multiple replication schedules or click CANCEL to return to the Administration Home Page. 92

Web Administration Back Up Mirror and Restore Snapshot Server Mirror Folder Replication View Setting 93

Web Administration Interface > Backup Mirror and Restore > View Setting View Settings: Snap Shot and Restore View the Snapshot & Restore configurations for the following: Snapshot & Restore - Indicates whether the feature is on or off. Snapshot Volumes - Displays all snapshot volumes available for snapshot and restore. These settings are configured and can be changed on the Snapshot & Restore page of the AberNAS Web Administration GUI. Click CANCEL to return to the Administration Home Page. 94

Web Administration UPDATE 95

Web Administration Interface > UPDATE - AberNAS Update: Software updates for the AberNAS will be available from time to time. Contact Aberdeen Technical Support to check if updates are available and to obtain download information. CAUTION: Be sure to update your AberNAS when it is not in service. A Reboot will be required and will temporarily disable the service that the AberNAS provides to its users. Updates should be treated like system BIOS updates. If you are not experiencing any problems, do not perform any updates. Updating the AberNAS to the Latest Patch: 1. Login to the Web Administration GUI of the AberNAS and proceed to the UPDATE section. 2. Click BROWSE and locate the patch file. 3. Select the patch file. (The path to the file will be displayed in the text field). 4. Click UPDATE to complete this process or click CANCEL to cancel the update return to the Administration Home Page. 5. When prompted, click REBOOT to reboot the AberNAS system. NOTE: A Reboot will end services to any attached clients. Reboot only when appropriate. CAUTION: The AberNAS does not provide any warranty of data loss due to patch updates. It is recommended that users backup important data before updating patches for the OS. Applying an older version of the patch will revert the OS version to the previous version. Reset Factory defaults: Click Factory Default or click CANCEL to cancel the update return to the Administration Home Page. 96

CAUTION: Selecting this option is destructive and will reset all settings, including deleting logical volumes (that will erase all data). The decision must be confirmed in the following confirmation window. IMPORTANT! To prevent the erasure of the data volumes, physically remove or unseat the hard drives from the storage enclosure. Once the factory defaults have been restored you must import the data volumes before the volumes can be accessed by the AberNAS and its users. Importing anonymous volumes is covered in detail on page 134. New License: Click NEW LICENCE to enter the MAC address of a new port or other new options or click your browser s back button to cancel the update return to the Administration Home. 97

Save Configuration: Once you have completely setup the AberNAS it is a good idea to save its configuration every now and then. If at any time the AberNAS OS drive fails or the volume becomes corrupt, the AberNAS settings can be quickly restored after Emergency Bare Metal Recovery by restoring the configuration file that is generated by the Save Configuration option. To backup the AberNAS configuration settings: 1. Click Save Configuration 2. When prompted to download the Configuration File, click Save. 3. Browse to your desired download location and click Save again. The AberNAS Configuration File size will vary depending on the number of users, permissions and shares configured on the AberNAS. Generally this file is no larger than 10MB. 98

Restore Configuration: In the event that the AberNAS OS drive fails or the volume becomes corrupt, the AberNAS must be restored by using the Emergency Bare Metal Recovery outlined in the next section of this manual. Once the AberNAS has been recovered, the AberNAS configuration settings can also be restored by using the Restore Configuration option. To restore the AberNAS configuration settings: 1. Specify the location of the saved Configuration File by clicking Browse 2. Browse to and select the desired Configuration File then click Open 3. The file location should now appear in the field next to the Browse button 4. Click Restore Configuration. Successfully Updated will appear when complete. 5. Click Reboot to restart the system and activate the restored settings. 99

Advanced Features & Troubleshooting Access Control Folder Replication Snapshots SFM Server Failover & Mirroring File System Check & Repair Emergency Bare Metal Recovery 100

Access Control Overview: This section is dedicated to managing the Local Users ACL permission assignments in Windows environments. Local Users User accounts manually created on the NAS, not imported or synchronized from Windows ADS or from Unix/Linux NIS. For Windows Active Directory users, after using the Access Control -Microsoft to assign the users/groups access permission to the share (logical volume), please use Windows ADS to define the access permission for folders, subfolders, and files. For Unix/Linux users, please Access Control Unix to define access permissions on the share (logical volume) and Unix/Linux users can also utilize the NIS service defined in the Network Setting>Unix Networking>Enable NIS Service section of this manual. For most SMBs (Small and Medium Business), there are no existing ADS or NIS in place and most of the NAS user accounts are Local Users. Under such environment, in order to have Folder-Level and File-Level access control, the Access Control - Local is needed. User(s) = Local User(s) Group(s) = Local Group(s) Directory = Folder Subdirectory = Subfolder Volume = Logical Volume Share = Network Share Concepts & Definitions: Local Users User accounts manually created on the NAS, not imported or synchronized from Windows ADS or from Unix/Linux NIS. Full Control User User(s) defined as having Full-Control for the volume in Access Control Microsoft have the same status as root. Quota assignments do not apply to such users. Use caution when defining Full-Control users. Owner A single user who creates a file or directory is the Owner of that file or directory. If an owner is marked as Unknown, the owner is either root or a user with root status, such as a user with Full-Control. Group A group of users, defined in the Local Group Management, can also be selected to have default access permissions for a file or for a directory. It can be considered as a group of owners for the file or directory. Others All other users who are not included in Owner and users not included in Group. Access Permissions Access permissions include selection of: R =Read, W=Write, and X=Execution. Depending on the Sticky Bit status, Write permission may or may not include Delete or Rename. 101

Sticky Bit Each directory (folder) and subdirectory (subfolder), including the top level of a volume which is the top folder, has a sticky bit associated with it. If the sticky bit is set (checked), then for all the files in that directory, users/groups with read / write permissions will be able to read and write, but won t be able to delete files, and won t be able to rename files. With the sticky bit set (checked), by default only those users who has Full-Control permissions and/or the file owner(s) can delete and/or rename files in that directory. Without the sticky bit set (uncheck), any users who have write permission will be able to delete/rename files in that directory. NOTE By default, the Sticky Bit for each directory is not set (unchecked) (This is only true after version 071017) Default Permission Settings Each file and directory has its own access permission associated with it when it is created. The permission setting is revealed to the administrator to change or not. The permissions are assigned based on predefined default values. IT staff/administrators may want the default settings for two extremes. Some IT/administrators want every directory to be writable by any and all users until he/she manually restricts it, and any and all users can read, write, delete any file until he/she restricts it. Some others want the exact opposite: disallow every thing first and then manually enable the rights on need-to basis. Since it is not possible to satisfy both types of administrators at the same time, we select to go for the conservative way: Restrict it first, then manually enable it on need-to basis. You will see this philosophy implemented in our Access Control Local later on. Permission Propagation Access permissions for a folder ONLY apply to that folder and the files in that folder by default. If you want to pass-down the same access permission settings to subfolders and files in those subfolders, specifically select/check boxes of Apply to all subdirectories and files. Access Control Microsoft This is volume level permission assignment. It defines who can have Read, Write, Execution, and Deletion rights to the volume. This must be done first before moving on to Access Control Local. Access Control Local This is folder-level and file-level access control for local users. 102

Setting Access Control Local 1. Entering Access Control Local: AberNAS1 and AberNAS 2 are the volumes/shares on the NAS. These shares are seen from the eyes of the clients as folders and/or directories and they are top level directories/folders. By default, the sticky bit for the top level directory is not set. Users with write permission will be able to write, delete, and rename any files in this directory. This setting should meet most of the users needs. If that is the case, skip step 2, and move on to step 3. If you want to set the sticky bit for the top directory so that you can have more control over the access rights, click Edit. Clicking Edit will bring you to step 2. 103

2. Setting Top Directory Sticky Bit: Clicking on Edit will bring you to the Access Control UNIX page. Check mark the Sticky box, and click Modify. By setting the sticky bit, files in the directory can be deleted and renamed ONLY by the file owner and user(s) with Full Control status. After setting the sticky bit, click on the Access Control Local on the Menu bar to continue setting up the Local ACL. 104

3. Samples: Sample/ is a subfolder under the top folder (AberNAS1). Sample_File.txt is a file under the top folder (AberNAS1). Next, we will go through the ACL Folder and File settings. 105

4: ACL File Setting: 1 - Name of the file for which you are setting ACL. 2 - Owner for the file. You can select a user from the scroll down window to be the Owner of the file. Unknown is displayed when its owner is root and/or any user with Full Control status. 3 - Group name. You can select an existing user group from the scroll-down window. It is an elected option. If you don t have a group to assign permissions for this file, leave it as unknown. 4 - Sticky bit. By default it is not set. In most cases, leave it alone. 5 - Owner permission setting. By default, Owner s rights are: read, write, execution, delete, and rename. 6 - Group permission setting. If the Group is defined, by default, the Group s rights are: read and execution. No write, No delete, and No rename. If you want to assign the write permission, just simply check the box w. 7 - Others permission setting. Others means all and any other users who are not the Owner s defined in #2 and who are not included in the Group defined in #6. By default, the Others rights are: read and execution. No write, No delete, and No rename. If you want to assign the write permission, just simply check the box w. 8 - Apply saves any changes that have been made. If options 1-8 in the top portion of screen do not satisfy your needs, use the window at the lower portion screen to manually add the user and groups into the Assigned Users list. 106

5: ACL Folder Setting: 1 - Name of the folder for which you are setting ACL. 2 - Owner for the folder. You can select a user from the scroll down window to be the Owner of the file. Unknown is displayed when its owner is root and/or any user with Full Control status. 3 - Group name. You can select an existing user group from the scroll-down window. It is an elected option. If you don t have a group to assign permissions for this file, leave it as unknown. 4 - Sticky bit. By default it is not set. In most cases, leave it alone. 5 - Owner permission setting. By default, Owner s rights are: read, write, execution, delete, and rename. 6 - Group permission setting. If the Group is defined, by default, the Group s rights are: read and execution. No write, No delete, and No rename. If you want to assign the write permission, just simply check the box w. 7 - Others permission setting. Others means all and any other users who are not the Owner s defined in #2 and who are not included in the Group defined in #6. By default, the Others rights are: read and execution. No write, No delete, and No rename. If you want to assign the write permission, just simply check the box w. 8 - Folder can contain subfolders or even multiple level subfolders. If you want to pass the same permissions settings and owner ship settings down to all the subfolders and files in those subfolders, please check the Apply to all subdirectory and files box. 9 - Apply saves any changes that have been made. If options 1-8 in the top portion of screen do not satisfy your needs, use the window at the lower portion screen to manually add the user and groups into the Assigned Users list. 107

Trouble-Shooting Access Control Local Scenario - 1: A user has the write permission to a folder, but the user can not delete or rename the file/files in it. Solution - 1: Check to see if this user is the owner or is in the owner group of the file/files. If the user is not the owner or is not in the owner group, then check to see if the Sticky Bit is set. Uncheck the Sticky bit and that should take care of it. Solution - 2: Add this user to the owner group. Scenario - 2: A user has been removed from the user list due to he/she is no longer with the company. How can I access the directories and files created by this user? Solution - 1: If the user is the sole owner of those files and directories, after the user is removed, the owner becomes unknown. Use any user who has Full-Control status to access them. Solution - 2: Use Access Control Local to assign a new owner or a group of owners to them. Scenario - 3: A user has read, write, and execution rights to a folder and files in that folder, but it seems like the permission is only valid within that folder and the permissions do not have any effects in the subfolders. Solution: Check the top portion of the window and place checks in the boxes for Owner, Group, and Permission. Then check the box Apply to all subdirectories and files. Scenario - 4: I removed a user from the Assigned Users list for a file or a directory but the user still cannot access the file or directory, why? Solution - 1: Look at the top portion of window. If the user belongs to a group, and that group happens to be in as the Group defined in the top portion of window with access permissions, then this user still has access rights to the file or directory. To disallow the access for this user, either remove the user from the group, or deselect the group as the group of owners from the top portion of the window, or uncheck the boxes of r, w, and x for the group. Solution - 2: Look at the top portion of window. If Others is allowed with access permissions, and if this user belongs to Others, then this user still has access rights to the files/folders. To disallow the access for this user, under Others, uncheck the boxes of r, w, and x. Doing so will disallow all other users who belong to Others too. In that case, you may need to manually add those users to the Assigned Users at the lower portion of window. 108

Changing the Default Settings for Advanced Administrators: When a directory is created, the default permission setting is: Owner Read, Write, and Execution Group Read only. No execution. No write, no delete, no rename Others Read only. No execution. No write, no delete, no rename Well, if you are one of those who want to allow directories with read/write permissions for every body by default, and you know enough Linux, then perform the following steps: 1. Login to the NAS via ssh 2. Navigate to /usr/local/samba/swat/message/message.custom 3. Use VI to modify message.custom 4. Add and save these two lines to the end of message.custom (include the and note that it is case sensitive): CREATE_MASK, 0777 DIRECTORY_MASK, 0777 5. Restart the NAS The new default permission settings will only apply to the network shares (volumes) created after the message.custom modification. It has no effect to the shares created prior to the message.custom modifications. After the default settings have been modified, the Folder ACL should appear as shown below: 109

Advanced Features & Troubleshooting Access Control Folder Replication Snapshots SFM Server Failover & Mirroring File System Check & Repair Emergency Bare Metal Recovery 110

Folder Replication AberNAS Folder Replication can replicate folders (files) locally to itself, or to another AberNAS in the same LAN, or over internet/vpn/wan. The Replication can be initiated by the source unit or by the destination unit. Replication is a scheduled batch processing job instead of real time job. It is designed to be folder/file-based replication instead of volume base. The AberNAS can replicate data at block level or file level depending on which replication methods will be used. Folder Replication Method 1: Incremental Replication The first replication scheduled will always be a full replication. Subsequent replications can be differential. The replicator compares which blocks have been changed within a file, then transfers only the changed blocks across the wire to the destination NAS. The destination NAS reconstructs the files based on the previously saved file and the newly transferred blocks. This method is good for sending data over WAN links where bandwidth is limited. The source NAS will need to use quite some system resources at times to go through all the files to compare and calculate what to transfer before it can initiate the replication. Incremental Replication is typically used for Database applications and email applications because these types of applications typically work on blocks and modify only certain blocks. So only the changed blocks get put through the wire for replication. Folder Replication Method 2: Full Replication Full Replication copies from the source to the destination the entire file that is new or the file that has been changed or modified. Full replication uses very little processor overhead, but may take up some network bandwidth. Bandwidth Control is provided to address this issue. Bandwidth Control allows pre-defining the maximum network bandwidth the replicator can use for replication so that there is always enough available network bandwidth for regular productivity. Even with Full Replication, if a file has not been changed, at the scheduled replication time, that file will not be copied over the wire, instead, on the destination side, the remote NAS will copy it from the previously saved folder within the remote NAS. Both Replication methods, Differential Replication and Full Replication, support multiversioning. Multi-versioning enables administrators to get the old data back even after several days have passed. 111

Replication Options: By default, the option Enable Replication Scheduling is turned on. If you want to manually trigger the replication, simply un-check this option, and click on button Replicate Now. By default, the replication type is Differential/Incremental. If you want to use Full Copy, simply check the option: Full file copy, no incremental checks. By using Full copy, the source NAS will not use system resources to go through each file to find changed blocks. 112

The Enable File Compression option can be used for both Differential and Full copy. Uncheck it if the folder contains video files, graphic files and/or zip files which have already been highly compressed. The Limit I/O bandwidth, Kbytes per second option is to set the maximum network bandwidth that the replication can use in association with the option of Full file copy. But if the replication is scheduled to run after working hours, you may ignore it. The Number of revisions to be preserved option is to define how many versions of files will be kept. You can define as many versions as you want as long as the destination capacity is sufficient. On the remote destination NAS, folders will be created and will be displayed as folder0, folder1, folder2, etc. Schedulding can be configured: Hourly, Daily, Weekly, and Monthly. Sample Settings: Following are some examples on how you can use scheduling options to achieve different types of data backups: replicate0 & Hourly & 24 revision Replicates every hour, and will keep 24 copies of all files, which covers a whole day. replicate0 & Daily 8:30 & 7 revision + Destination Folder-0 Replicates every day at 8:30AM. Since it is 7 revision, it will keep copies from Mon, Tue, Wed, Thu, Fri, Sat, and Sun (the entire week). replicate1 & Daily 9:30 & 7 revision + Destination Folder-1 Replicates every day at 9:30AM. Since it is 7 revision, it will keep copies for the entire week. replicate2 & Daily 10:30 & 7 revision + Destination Folder-2 Replicates every day at 10:30AM, and it will keep copies for the entire week. replicate3 & Daily 11:30 & 7 revision + Destination Folder-3 Replicates every day at 11:30AM, and it will keep copies for the entire week. replicate4 & Daily 12:30 & 7 revision + Destination Folder-4 Replicate every day at 12:30PM, and it will keep copies for the entire week. replicate5 & Daily 13:30 & 7 revision + Destination Folder-5 Replicates every day at 1:30PM, and it will keep copies for the entire week. replicate6 & Daily 14:30 & 7 revision + Destination Folder-6 Replicates every day at 2:30PM, and it will keep copies for the entire week. replicate7 & Daily 15:30 & 7 revision + Destination Folder-7 Replicates every day at 3:30PM, and it will keep copies for the entire week. replicate8 & Daily 16:30 & 7 revision + Destination Folder-8 Replicates every day at 4:30PM, and it will keep copies for the entire week. replicate9 & Daily 17:30 & 7 revision + Destination Folder-9 Replicates every day at 5:30PM, and it will keep copies for the entire week. In the above example, replicate0 ~ replicate9 covers 8 working hours, plus whatever happens before working hours and covers seven days a week. Notice that even though the source folder is 113

the same, each replication job has a different destination folder. Nine replication jobs have nine different destination folders. In the next example, the accounting dept does its inventory on every end of the month and would like to replicate the updated result and keep it for the whole year: replicate0 & Monthly 1, 8:30 & 12 Replicates on every 1st of the month, and will keep 12 copies to cover the entire year. 114

Advanced Features & Troubleshooting Access Control Folder Replication Snapshots SFM Server Failover & Mirroring File System Check & Repair Emergency Bare Metal Recovery 115

Snapshots The AberNAS snapshot engine uses the COW (copy-on-write) implementation. Snapshots are scheduled and support taking and keeping multiple snapshots. Snapshot Names: Snapshots are actually "shares" just like the regular data share in the eye of the AberNAS system. For this reason, the share needs to have a "share name". For example, suppose you have a data share named "DATA". The first snapshot of "DATA" would be: DATASP1 The second snapshot of "DATA" would be: "DATASP2" You can define the snapshot names to be any thing that makes sense to you. Snapshot Sizes: Depending on the size of the original volume and the amount of available space, the Snapshot size is 20% - 35% of the original volume size. For example, if the "DATA" is 100GB (100000MB), then the recommended snapshot size for "DATASP1" would be 30GB(30000MB) and another 30GB(30000MB) as the snapshot size for "SATASP2". NOTE: If the available space is less than what you define the snapshot will not be created. Snapshot Scheduling Examples: Scenario 1: 4 hourly snapshots - scheduled to run daily at 5 am, 10 am, 3 pm and 8 pm. Use "DATA" at 100GB as an example. "DATASP1" Size = 30000MB Frequency = Day (Daily) Day = 5:0:0 (5AM) Create "DATASP2" Size = 30000MB Frequency = Day (Daily) Day = 10:0:0 (10AM) Create "DATASP3" Size = 30000MB Frequency = Day (Daily) Day = 15:0:0 (3PM) Create 116

"DATASP4" Size = 30000MB Frequency = Day (daily) Day = 20:0:0 (8PM) Create You should now have four snapshots. Each snapshot is taken at the predefined point-in-time. Scenario 2: 6 nightly snapshots - scheduled to run Monday - Saturday at 12:00am. First Snapshot to Create: "DATASP1" Size = 30000MB Frequency = Week (Weekly) Week = 1 ( Monday )(Day of the week) Day = 0:0:0 (12 AM )(Hour of the day) Create Last Snapshot to Create: "DATASP6" Size = 30000MB Frequency = Week (Weekly) Week = 6 (Saturday)(Day of the week) Day = 0:0:0 (12 AM)(Hour of the day) Create Access Rights to Snapshot Volumes: The snapshot volume/share adopts the same access right for users from the original data volume/share. So if User-A has access rights to "DATA", then User-A will automatically have all the access rights to "DATASP" or "DATASP1" ~ "DATASP6". The Snapshot volumes are Read-Only. So the client user can do the data recovery without troubling the administrator. 117

Advanced Features & Troubleshooting Access Control Folder Replication Snapshots SFM Server Failover & Mirroring File System Check & Repair Emergency Bare Metal Recovery 118

SFM Server Failover & Mirroring SFM Overview: SFM is an optional (Licensed) high-availability function that allows two (2) AberNAS units to be mirrored in the same LAN and provides one virtual IP to clients for accessing data. In case the primary AberNAS has failed, the secondary NAS will automatically take over. The mirroring and failover is automatic and transparent, so client access to data remains uninterrupted. SFM is also referred to as NAS-to-NAS Mirroring. SFM provides Real Time, Synchronized, Block level and Volume-based data replication. A write operation writes to the Primary NAS and then the Primary NAS writes to the Secondary NAS. The write operation is not finished until the Primary NAS receives a Write Finish acknowledgement from the Secondary NAS. SFM Requirements: To support SFM, each AberNAS (node) needs at least two NIC ports, one NIC port for providing data access to the LAN and a second NIC port for heart-beat and data mirroring between nodes. An SFM License Key is required and must be entered into the AberNAS before SFM can be configured. Enabling SFM: To get started with SFM it must first be enabled by entering the purchased SFM License key into the AberNAS. 1. From the AberNAS Web Administration Home Page click UPDATE 119

2. Click New License 3. Enter the SFM License Key into the field provided and click Submit The AberNAS SFM option is now ready to be configured. NOTE: For complete SFM Setup and Configuration see Server Mirror section of this manual on page 85. 120

Configuring SFM: 1. Click on Back Up Mirror and Restore from the AberNAS Administration Home Page. 2. Click on Here to be taken to the SFM network settings page. 121

3. Select your preferred network port from the Port Pool List. CAUTION! Do not assign SFM to the existing Gigabit Copper #0 Port. This port is used for AberNAS administration purposes only. Use only available ports listed in the Port Pool List. Selecting Gigabit Copper #0 from the Assigned Port Pool will result in disconnection from the AberNAS Administration GUI and the AberNAS IP will have to be reconfigured before it can be accessed again. 122

In the SFM configuration, there are three (3) IPs to be setup: 1. Service IP (virtual IP) 2. Primary Node IP 3. Secondary Node IP Primary: The Primary AberNAS is the Active Node. The Active Node is the one that network clients will write-to and read-from during normal operation. Configuring the Primary NAS Node: 1. Select Primary 2. Enter the Service IP: xxx.xxx.xxx.xxx (Virtual IP) 3. Enter the Secondary IP: xxx.xxx.xxx.xxx (Standby/Failover IP) 123

Secondary: The Secondary AberNAS is the Standby node and it is not accessible during normal operation. Configuring the Secondary NAS Node: 1. While the Primary NAS Node is up and running, select Secondary 2. Enter the Service IP: xxx.xxx.xxx.xxx (Virtual IP) 3. Enter the Primary IP: xxx.xxx.xxx.xxx (IP that will take over control) The Service IP (virtual IP) of the mirroring pair is presented to network clients for data access. When the Primary AberNAS fails, the services and data access automatically failover to the Secondary AberNAS, the failover is automatic and transparent to network clients. When the original Primary NAS becomes available again, if it has the original OS on DOM, then the re-mirroring from the current Active Node (original Secondary NAS) to the New Node (original Primary NAS) is automatic. If the failed-and-replaced AberNAS is a completely new node, then it will need to be configured as the Secondary Node. Important Considerations: - SFM option supports a maximum of 14TB total NAS storage. - SFM function does not work on ReiserFS. When creating Logical Volumes, please select XFS as the file system when SFM is planned for use. - SFM is NAS-to-NAS mirroring based on the whole unit, so each NAS should have the same number volumes and each volume should have the same size. - SFM provides continuous data protection and high availability for clients, but it has a negative impact on performance so it is only suitable for LAN. SFM is not recommended for WAN/VPN/Internet. For data protection over WAN/VPN/Internet, Folder-Replication is ideal and recommended. - When setting up the Primary NAS Node, it must be the only NAS online. When setting up the Secondary NAS Node, the Primary NAS Node must be online first. 124

Advanced Features & Troubleshooting Access Control Folder Replication Snapshots SFM Server Failover & Mirroring File System Check & Repair Emergency Bare Metal Recovery 125

File System Check & Repair In the event that the AberNAS encounters disk I/O errors or kernel problems that cause the system to become unstable or corrupt, it may be necessary to run a File System Check and Repair. To determine whether or not an I/O error has occurred, check the following logs using the command line: /var/log/messages /var/log/messages.1 /var/log/messages.2 Use the following command to view a particular log: vi /var/log/messages.1 Once you have read the output press Q. To exit the viewer type q and press <Enter> to return to the command line. Some AberNAS models use IDE type DOMs (Disk-On-Module) and some newer models ship with SATA type DOMs. The DOM is where the AberNAS OS is embedded. Knowing the DOM s interface is important when reading through the event logs to help determine whether or not that particular device is failing. All models use one or more Areca SATA/SAS RAID controllers which are connected to either PCI-X or PCI-E motherboard slots. These adapters control the DATA volumes. Performing a File System Check and Repair: To run a file system check and repair perform the following steps: 1. Find/View the volume that needs to be checked by using the df or df h command. The output should appear similar to the following: 2. Unmount the volume you wish to check and repair by using the following command: umount /exports/abernas1 126

3. Now that the volume has been unmounted, use the following command to check and repair the volume: xfs_repair /dev/mapper/v0-lvol0 Once the check and repair has completed the following screen should be displayed: 4. Restart the NAS using the reboot command. The volume will be remounted automatically. 127

Advanced Features & Troubleshooting Access Control Folder Replication Snapshots SFM Server Failover & Mirroring File System Check & Repair Emergency Bare Metal Recovery 128

Emergency Bare Metal Recovery Aberdeen LX Series AberNAS systems use a highly fault-tolerant solid state DOM (Disk-On- Module) storage device which contains the AberNAS OS. In the rare event that this device fails or becomes corrupt, it will be necessary to replace the failed DOM and perform an AberNAS bare metal recovery. As an added layer of protection, all servers now ship with a USB Recovery Key that can be used to restore the AberNAS back to its original factory default state. Replacing the DOM: 1. Power down the AberNAS and remove the top cover of the chassis. 2. Locate the DOM which will be plugged into the motherboard on either the Primary IDE Port or SATA Port #0. 3. Disconnect the power connector from the DOM 4. Remove the DOM from the IDE or SATA socket 5. Plug the replacement DOM into the IDE or SATA socket 6. Plug the power connector back into the DOM 7. Power on the AberNAS and press <DEL> to enter the BIOS Configuration 8. Verify that the DOM shows up under the BIOS BOOT menu Performing USB Recovery: 1. Insert the USB Recovery Key into one of the systems USB ports 2. Power cycle or reboot the server and press <DEL> to enter the BIOS Configuration 3. Navigate to the BIOS BOOT menu, select the Hard Disk Drives menu option and verify that the USB Recovery Key shows up as the 1st BOOT DEVICE in the list and that the DOM is listed second. Make changes if necessary. (See Below) IMPORTANT! To prevent accidental copy of the recovery image to existing critical data volume(s) you may choose to physically remove the data drives from the storage enclosure before performing the USB recovery. Although this is not absolutely necessary, it is a fool-proof way to prevent accidental erasure of disks and loss of data. 129

4. Navigate to the Boot Device Priority menu option and verify that the USB Recovery Key shows up as the 1st Boot Device. Make changes if necessary. (See Below) 5. Power on the system. The following screen will appear: 6. Cho ose option 2 and press <Enter>. The following screen will appear asking to confirm the previous selection. 7. Select option 2 again and press <Enter>. The following screen will appear asking for a final confirmation to overwrite all data and settings to recover the AberNAS OS. 8. Press any key to begin the AberNAS recovery process and reset to factory defaults. 130

During recovery, the following screen will be displayed which can be used to monitor the progress of the AberNAS recovery: The Emergency Bare Metal Recovery takes approximately 10 minutes to complete. Once the recovery has completed, Remove the USB Recovery Key from the system and Press any key to restart or simply power down the server using the server s power button. After the server has been shutdown, any drives that were removed or unseated from the storage enclosure during the recovery process can now be replaced or reseated. The drives must be inserted back into the storage enclosure in order to import the volumes back into the AberNAS. Finishing Up: Since the AberNAS has now been set back to its original factory defaults, you must run the NASFINDER Setup Utility or ifconfig from the command line to assign the IP Address. NOTE: Refer to the Initial Setup section at the beginning of this manual for detailed setup instructions. 131

Logging In After Recovery: Once an IP address has been assigned to the AberNAS, log into the Web Administration GUI from a remote client system. You will be prompted for the original license key which is unique to every AberNAS system. Enter the License Key into the field provided and click Submit. IMPORTANT! The original AberNAS License Key is found inside the AberNAS documentation CD case included with the server. Contact Aberdeen Technical Support (800)552-6868 if you are unable to locate your AberNAS License Key. 132

Once the AberNAS License Key has been entered the following screen may appear: If the above screen appears, do not make any selections. Continue by clicking Save. Note: The devices and parameters shown above differ from one AberNAS model to the other. Do not use it as a baseline when managing and monitoring your specific AberNAS model. 133

Importing Anonymous Volumes: Once the AberNAS has been restored the data volume(s) must first be imported before they can be accessed by the AberNAS. 1. Click on Manage from the AberNAS Administration Home Page. 2. Navigate to the Storage Manage section of the AberNAS GUI then select Logical Volume Manager. 3. A list of volumes available for import will be listed under Anonymous Volumes as shown below: 134

4. Type the original volume name in the Volume Name field to describe the Volume(s) then click Import. Important! Use of the original volume name is very important since the share name is dependent on this setting. Use of a different volume name will require a remap of shares on the clients and could be very time consuming. The AberNAS data volume(s) should now be accessible. Restoring Configuration Settings: Overview Now that the AberNAS has been successfully recovered and data volume(s) have been imported, you may choose to restore its previous configuration settings such as the server name, network and user settings, file shares, etc. Having a recently saved Configuration File on hand can save a lot of time especially if the AberNAS resides on a large network with many users and shares. Restore Configuration Settings: 1. Navigate to the Web Administration Home Page and click Update 2. Click Browse to specify the location where the Configuration File was last saved. 3. The file location should now appear in the field next to the Browse button. 4. Click Restore Configuration. Successfully Updated will appear when complete. 5. Click Reboot to restart the system and automatically apply the restored settings. The recovery process is now complete. 135

136