Transcription
EMC CLOUD TIERING APPLIANCE/VETrial Version Installation InstructionsFile Tiering from NetApp to Atmos Copyright 2011 EMC Corporation. All rights reserved.Publication Date: September, 2011EMC believes the information in this publication is accurate as of its publication date. The information is subject tochange without notice.THE INFORMATION IN THIS PUBLICATION IS PROVIDED “AS IS.” EMC CORPORATION MAKES NOREPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THISPUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESSFOR A PARTICULAR PURPOSE.Use, copying, and distribution of any EMC software described in this publication requires an applicable softwarelicense.For the most up-to-date regulatory document for your product line, go to the Technical Documentation and Advisoriessection on EMC Powerlink.For the most up-to-date listing of EMC trademarks, see the list of EMC Corporation Trademarks on EMC.com.All other trademarks used herein are the property of their respective owners.version: 7.51 of 18
ContentsInstalling Cloud Tiering Appliance/VE . 3Configuring CTA/VE . 8Configuring the CTA Network . 9Configuring the Hostname, Domain, And DNS Server . 9Deploying CTA/VE with NetApp . 10Prerequisites for using NetApp as source storage. 10vFiler configuration . 11Configuring NetApp archiving on the CTA/VE . 12Adding a NetApp filer to the CTA/VE configuration . 12Using CTA/VE with Atmos . 15Windows domain user . 16Creating a Windows domain user . 16Adding an admin user to the local administrator group . 17Configuring Windows 2008 for NTLM . 17version: 7.52 of 18
Installing Cloud Tiering Appliance/VEThe CTA/VE is installed on the VMware server. 0 shows the interoperability.VMware ESX Server interoperabilityVirtual ApplianceVMware ESXServerCommentsCTA/VEESX 3.5 Update 3ESXi 3.5 Update 3ESX 4.0ESXi 4.0ESX 4.1ESXi 4.1Four virtual CPUs, 4 GB of RAM, 512 GB of diskspace, 2 gigabit virtual interfaces are reserved.This example shows the steps to install the CTA/VE on an ESX 3.5 Server host:1. Unzip the ZIP file to create the directory for your virtual appliance. The ZIP file containsthe .OVF file and .VMDK file. For a CTA/VE, the zip file is: fmve- version .zip2. Open the Virtual Infrastructure (VI) Client.Review the ESX Server’s resource usage. To install CTA/VE Trial Version, the ESX servermust have a minimum of: One 64-bit Virtual CPUs (vCPU) 1 GB memory 20GB of disk space for CTA/VENote: System requirements are greater for the CTA/VE production version.To find the appliance with the most free space, consider %CPU and %Memory.version: 7.53 of 18
Virtual Infrastructure ClientSelect the line with the ESX server for the installation. A summary of the CPU, Memory, andDatastore capacities appears.version: 7.54 of 18
Example clientThis ESX server has enough CPU and Memory available to install CTA/VE.3. Import the OVF file. Instructions differ depending upon VMware version. For ESXi 3.5, from the VI Client, select File Virtual Appliance Import.version: 7.55 of 18
Virtual Appliance Import For ESX 4.0, from the VI Client, select File Deploy OVF Template.Deploy OVF Template Using the Import from file selection, type the path to the OVF file or click Browse tolocate the file.version: 7.56 of 18
Import Wizard4. After answering a few basic questions, the summary screen appears. Validate theinformation and click Finish.version: 7.57 of 18
Import Wizard FinishThe import may take up to 30 minutes depending on the network connection between the VIClient and the VMware ESX Server. Approximately 600 MB will initially be transferred acrossthe network.Configuring CTA/VEBefore proceeding with the setup, ensure that you have the following information for theappliance. IP address Subnet mask Hostname Default gateway IP DNS server IP (optional)To set up CTA/VE:version: 7.58 of 18
1. Power on the virtual machine.2. Log in to the appliance. Type root as the login name. Type rain as the password.The File Management setup tool appears. This tool performs basic setup tasks that arenot available through the Cloud Tiering Appliance GUI.3. Select Change File Management Appliance Password, and change the password.4. Select Configure Date and Time to set the time zone and date for the appliance.5. Select Configure File Management Networking. The network configuration menuappears. Use the menu to change interface settings or set global settings such ashostname, DNS and domain servers.Configuring the CTA NetworkTo configure networking:1. Select option 1 from the network configuration menu. The File Management NetworkSetup, Main Menu appears.On the list of available physical interfaces on the appliance, eth0 will be highlighted. Tohighlight a different interface, use the up arrow and down arrow keys.2. With eth0 highlighted, press Enter. The configuration menu for the eth0 interfaceappears: Use the up arrow and down arrow keys to highlight the IP Address field. Press Enterand type a new IP Address value into the New Value column. Press Enter. Repeat the process to provide the Network Mask, Gateway, MTU settings.3. When the configuration for this interface is complete, press the left arrow to exit the eth0interface configuration. To save the interface configuration, highlight Yes and pressEnter. Note that the changes are saved, but will not be committed until the FileManagement Network Setup menu is exited.4. Press the left arrow to exit from the File Management Network Setup menu. Whenprompted, select Yes to commit your changes.Configuring the Hostname, Domain, And DNS ServerConfigure the hostname, domain, and DNS servers:1. Select option 2 from the network configuration menu. The following menu appears:EMC Rainfinity Setup Tool (Configure Hostname, Domain and DNSServer(s))Hostname rsDomain DNS Server Do you want to change the configuration [N]?version: 7.59 of 18
2. Select Y. Use the menu to configure the hostname, domain, and DNS servers.3. The new hostname, domain, and DNS server information will be summarized after all thechanges are entered, and you will be given the ability to accept or make further changesto these settings. To keep the new settings and return to the network configurationmenu, press Enter.4. Verify that the network configuration has been committed and network connectivity canbe established properly.Deploying CTA/VE with NetAppTo use the CTA with a NetApp filer, first configure the filer, and then configure the appliance.Prerequisites for using NetApp as source storageTo archive any data from a NetApp filer, the CTA/VE requires access to: SMB over NetBIOS (TCP port 139) ONTAPI (TCP port 80)In addition, to archive NFS data, the CTA/VE will require the following: Portmap v2 RPC service (TCP port 111) Mount v3 RPC service NFS v3 RPC service NLM v4 RPC service Root and read/write export permissions for all NFS data that will be archived inode to pathname mapping is enabled for NFS clients that will access stub filesWhen configuring a NetApp filer on the CTA/VE, plan to provide: All IP addresses that are used by the filer Credentials for local administrator access through both CIFS and ONTAPI The NetBIOS name of the filerNote: If a NetApp filer leverages its vScan interface for virus scanning, the IP addresses of the vScan serversmust be configured on the appliance as excluded clients on the NetApp FPolicy Special Clients configurationpage in the GUI. This allows the virus scanner to scan the stub file upon a recall event. Failure to configureexcluded clients properly will lead to recall failures when vScan is used in conjunction with FPolicy.Direct command line access through Telnet or SSH is not used by the appliance. However,ONTAPI access is used to send a variety of API calls and hence the requirement for a localadministrator’s credentials. If a user other than root is specified, then the following optionmust be set:options httpd.admin.hostsequiv.enable onversion: 7.510 of 18
Ensure that the appliance hostname: Can be resolved to its IP addresses in the local /etc/hosts file of the NetApp filer. Maps to a user with privileges to access the ONTAPI interface in the /etc/hosts.equivfile on the filer.Additional configuration prerequisites vary, depending upon the existing networkenvironment: For NetApp filers that run Data ONTAP 7.2 or later, disable duplicate sessiondetection by setting:options cifs.client.dup-detection offNote: CTA/VE prefers to have this option set to off. However, in cases where the network environmentrequires duplicate session detection, the option can be set to name. To properly support stub files, NetApp FPolicy requires a particular CIFS offline bitattribute on the stub files:o The CIFS protocol must be enabled on the NetApp filer to archive either CIFS orNFS datasets. An active CIFS license must be installed on all file servers that arearchive sources.o NFS-only exports must be shared as well. To properly recall stub files, FPolicy must be enabled (options fpolicy.enable on) andrfpolicy must be the only screen policy registered for reads and writes. If a policy thatmonitors stub files on the NetApp filer was previously installed, manually delete it.To configure NFS archiving, perform the following steps on the NFS-only source directories:1. Create a share at the qtree or volume level for qtree sources.2. Create a share at the volume level for non-qtree sources, that is, those not part of anyqtree.3. Add access to only the CTA/VE user.Note: The CTA/VE does not support name clashes on qtrees. For example, QTREE1 against qtree1. To archive NFS files with Unicode names, configure the NetApp source for UTF-8language encoding with the command:vol lang vol language encoding where language encoding ends with .UTF-8, for example en US.UTF-8.vFiler configurationTo use NetApp vFilers with the CTA/VE, ensure that: The CTA/VE can access to both the vFiler and the hosting NetApp filer.vFilers and main filers are in IP spaces that can reach each other.version: 7.511 of 18
If NetApp vFilers are being used for file migration, the root password is not the same as theNDMP password. Before configuring NDMP for the vFiler on the CTA/VE, use the NetApp CLIto retrieve the NDMP password by typing:ndmpd password rootEither use this password, or create a new NDMP username and password when configuringNDMP in Adding a NetApp filer to the CTA/VE configuration.Configuring NetApp archiving on the CTA/VETo archive from the NetApp filer, configure the FPolicy callback service on the CTA/VE.1. Type the following:fpsetup init rffm2. At the prompt that appears, select the interface on which the FPolicy callback daemonshould listen for callbacks from NetApp filers. If there is only one interface, it will beselected automatically: If this is the primary callback agent in the environment, type n. If this machine is being configured as the secondary callback agent, type y. Whenprompted, type the IP address and the root password of the primary agent.Adding a NetApp filer to the CTA/VE configuration1. Click the File Server link on the Configuration tab. The File Server Properties dialog boxappears. Select NetApp from the Type list box.version: 7.512 of 18
NetApp properties2. Specify the following for the NetApp file server: Name — Type the NetApp filer NetBIOS name. IP Addresses — Type the NetApp filer IP address.o When editing an existing server, click Update to retrieve the IP address from theDNS that is based on the server name.o To specify an additional IP address, click Add. The IP address is added to the list.o To delete an existing IP address, select an IP and click Delete. Vfiler Host IP — If using a vFiler, type the IP address of the hosting NetApp filer. CIFS Specific Settings — This is the Windows domain user to be used by theappliance. To avoid permission issues during archiving, recall, and migration, addthis user as a member of the domain administrator group with backup operatorprivileges. If this user cannot be added to the domain administrator group, add it tothe file server's local Administrators group with backup privileges.Note: For NetBIOS Domain, use the NetBIOS domain name and not the FQDN. For example, use emcand not emc.com. NDMP Specific Settings — For file migration, type the username and password for anNDMP user on the NetApp source. By default, the port for NDMP traffic is 10000.version: 7.513 of 18
The NDMP user must belong to the backup operators group. To create a user in thebackup operators group, log in as root on the NetApp, and type:useradmin user add user -g "Backup Operators"where user is the username for login.CAUTION: The command will prompt for a password, but this is not the NDMP password and is notused for the NDMP specific settings.The NDMP password is automatically created when the user is created. Use the NetAppCLI to retrieve the NDMP password by typing:ndmpd password user where user is a user in the backup operators group. Use this password for the NDMPspecific settings.Note:For a NetApp filer, the root username and password can also be used as the NDMP usernameand password. However for a vFiler, the NDMP password is different from the root password. vFilerconfiguration provides instructions on how to find the NDMP password for the root user on a vFiler. NetApp as Source — This option configures the CTA/VE to archive data from theNetApp filer. If multiple appliances are connected to the same NetApp filer, only oneappliance should be configured with the NetApp as Source. These options are notrequired if this NetApp is used as a destination.CAUTION: Multiple appliances may be configured to archive data from a single NetApp filer, but onlyone CTA/VE should be used to archive data from a single filesystem. NetApp Local Admin — Type the username and password of a user on the NetAppfiler. The user must be a member of the NetApp local administrator’s group. Directory Exclusion List - These are the directories to exclude for all tasks that usescanning. The CTA/VE ignores all system directories such as, etc, lost found, andckpt by default.CAUTION: Verify that stub files are not in the excluded directories. CTA will not access the excludeddirectories and the stub files will become orphans. NetApp FPolicy callback agents - The primary agent recalls all files when it isregistered with the NetApp. A secondary agent recalls files when the primary isunavailable.version: 7.514 of 18
o If the FPolicy callback agent is not explicitly configured as a secondary agent,then it is a primary agent and the NetApp file server will load balance betweenthe registered primary agents.o If no primary agents respond, then the NetApp filer will contact any of theregistered secondary agents. When one of the primary agents is responsiveagain, the NetApp filer will automatically fail back to the primary agent.For the primary agent, select the agent that is on the same subnet as the NetAppmachine. For the secondary agent, select another agent on the same subnet. If no suchagent exists, select an agent on the next physically closest subnet. Up to twosecondaries are supported.3. Click Commit to define the NetApp filer.Using CTA/VE with AtmosTo configure the CTA/VE for an Atmos:1. Click the File Servers link on the Configuration tab. The File Server List appears.2. Click New. The File Server Properties page appears.3. Select Atmos from the Type list box. The Atmos Properties page appears.Atmos Properties4. Specify the following for Atmos:version: 7.515 of 18
Name — Type the logical name to identify Atmos. DNS Name — Specify the name used to resolve the IP addresses in the Atmoscluster. Port — The GUI access method. HTTPS is the default and is typically used whenAtmos is deployed remotely.Select HTTPS or HTTP to specify the communication protocol. The default port for HTTPS(10080) or HTTP (80) automatically appears. If your Atmos connects to HTTPS or HTTPthrough a different port, type the number. Username — Type the UID or Subtenant on the Atmos. FMA uses this UID to accessstorage on the cluster. If there is a subtenant, specify the username as: Subtenant ID / UID , where Subtenant ID is an alphanumeric string generated bythe Atmos.Note: The UID is not the Tenant Name, the Subtenant Name, or the Subtenant ID. Password — Type the Shared Secret associated with the UID on the SubtenantInformation page of the Atmos.5. Click Commit to define Atmos.Windows domain userWhen a new file server is added to the CTA/VE configuration, CIFS specific settings includethe username and password for the Windows domain user to be used by the CTA/VE. Beforeadding a new CIFS file server, you must set up the Windows domain user.In addition, when using CTA/VE in a Windows 2008 domain, the domain controller GroupPolicy Object (GPO) must be configured to support NTLM versions 1 and 2 for CIFSauthentication. Configuring Windows 2008 for NTLM provides information on how to modifythe domain controller configuration.Creating a Windows domain userTo create an administrator in the Windows 2000, 2003, or 2008 domain:1. Log in to the primary domain controller as the Domain Administrator.2. From the Start menu, select Start Programs Administrative Tools Active DirectoryUsers and Computers.3. Right-click Users.4. Select New User. The New Object — User dialog box appears: In the Full name box, type CTA Administrator. In the Login name box, type CTAdmin.CTAdmin is the CTA Administrator Windows Domain user.version: 7.516 of 18
o Type a password.This password is the CTAdmin Windows password.o (Optional) select Password Never Expires.5. Click Finish.Note: If you have NetApp filers but no Windows 2000, 2003, or 2008 servers in your domain, then you mustinclude CTAdmin in the domain administrators group. Otherwise you will not be able to include the CTAdminuser in the NetApp filers’ administrators group.Adding an admin user to the local administrator groupThe CTAdmin account must be added to the administrators group on the CIFS file serversthat will be involved in CTA/VE archiving. To add a CTA/VE Windows domain user on aNetApp filer:1. Log in to the primary domain controller as the Domain Administrator.2. From the Start menu, select Start Programs Administrative Tools ComputerManagement. The MMC application appears.3. To start a Computer Management session with the file server: From the Action menu, select Connect to another computer. The Select Computerdialog box appears. Click Browse or type the file server name to select the NetApp to connect to. Click OK.4. To include the CTAdmin user in the administrator group for the CIFS File Server: Under System Tools, in the folder Local Users and Groups, select Groups. Select Administrators. The Administrators Properties dialog box appears. Click Add. The Select Users or Groups dialog box appears.o Click Locations. From the Locations menu, select the domain instead of the localcomputer.o Under Enter the object names to select, type CTAdmin to add the domain user. Click OK. The Administrator’s Properties dialog box reappears with the newly addedCTAdmin user. Click OK.5. Repeat this process for any other file servers that will be involved in CTA/VE archiving.Configuring Windows 2008 for NTLMBy default, the Windows 2008 domain controller supports Kerberos authentication only anddisables NTLM authentication. The CTA/VE only supports NTLM versions 1 and 2version: 7.517 of 18
authentication for CIFS. Kerberos is not supported. To use CTA/VE in a Windows 2008domain, confirm that the domain controller is configured for NTLM authentication:1. Log in to the Windows 2008 domain controller as the Domain Administrator.2. From the Start menu, select Run. In the Run dialogue box that appears, type gpmc.mscand click OK. The Group Policy Management dialog box appears.3. Expand the domain. Under Group Policy Objects, right-click Default Domain Policy andselect Edit. The Group Policy Management Editor appears.4. Under Computer Configuration, select Policies Window Settings Security Settings Local Policies Security Options.In the list of policies, scroll down to Network security: LAN Manager Authentication.Confirm that the policy setting shows that NTLM is configured for authentication.5. Close the Group Policy Management Editor.version: 7.518 of 18
Note: If a NetApp filer leverages its vScan interface for virus scanning, the IP addresses of the vScan servers must be configured on the appliance as excluded clients on the NetApp FPolicy Special Clients configuration page in the GUI. This allows the virus scanner to scan the stub file upon a recall event. Failure to configure
