ECS ADMINISTRATION -

LAB GUIDE
Version 1 - September 2021

PARTICIPANT GUIDE

PARTICIPANT GUIDE

[email protected]
[email protected]
 Dell Confidential and Proprietary

Copyright © 2021 Dell Inc. or its subsidiaries. All Rights Reserved. Dell, EMC and other
trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be
trademarks of their respective owners.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page i

[email protected]
Table of Contents

Exploring your ECS Lab Environment ..................................................................... 2

Connect to your lab equipment ................................................................................ 5
Configure ECS Storage Infrastructure ................................................................... 11
Basic Tests of I/O Access from Various Data Clients ........................................... 26
ECS customization's: ACLs, Bucket Policy, Quotas and Retention .................... 72

ECS Identity and Access Management (IAM) ...................................................... 126

ECS Multi-tenancy with Active Directory/LDAP Integration ............................... 146
ECS Monitoring and Maintenance ........................................................................ 161
Temporary Site Outage (TSO) and Permanent Site Outage (PSO) Lab ............. 173
Optional Lab: GeoDrive ......................................................................................... 201
Optional Lab: NFS .................................................................................................. 216

Summarizing ECS Administration Lab ................................................................. 229

Rack Color and Node Names ................................................................. 232

OpenStack Swift ...................................................................................... 235

ECS Command Line ................................................................................ 238

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc.

Page ii [email protected]
 Exploring your ECS Lab Environment

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 1

[email protected]
Exploring your ECS Lab Environment

Exploring your ECS Lab Environment

Objective: Connect to Your ECS Lab Environment

In this lab, you will perform the following tasks:

 Review Lab Information
 Log In to your Lab Environment

Lab Topology
Review your Lab Environment.

1. In this class, you have a dedicated lab environment including:

1. 1 - Windows Management Station. This server is where you are going to

perform most of the lab exercises. It provides access into the other
components in this lab.

2. 1 – Windows Domain Controller running Active Directory.

3. 1 - CentOS 8 Server. Used for NFS.

4. View Metering and Health information using ECS Portal.

5. Three ECS sites, with one node each. Each node is a VM running ECS 3.5
software (ECS Community Edition – Single node). Real world ECS installs
require a minimum four-node setup; this one-node install is for
demonstration purposes only. It’s worth mentioning that although this is a
virtual environment, all lab exercises perform as a real world ECS 3.5
installation.

ECS Administration - Lab Guide

Page 2 © Copyright 2021 Dell Inc.

[email protected]
 Exploring your ECS Lab Environment

Log In to your Lab Environment

To log in to the VMware Learning Platform (VLP) lab environment, follow these
steps. Use the VLP to complete the lab exercises. If you are in a classroom, use
your personal computer or a student computer. If you are taking the course online,
you may also use your home computer.

1. Launch the Chrome browser, and then go to https://edulab.emc.com

Note: Chrome is the preferred browser and delivers the best experience. If
you do not have Chrome, you can use the browser of your choice.

2. Log in to the VLP using the credentials that your instructor provided.

Username:_______________

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 3

[email protected]
Exploring your ECS Lab Environment

Password:________________

3. In the upper right corner of your browser, Click on Enrollments in the top left.
If you need help Click Help > Tips to review the EduLab Orientation Video or
you can raise your hand. The instructor will get a notification.

ECS Administration - Lab Guide

Page 4 © Copyright 2021 Dell Inc.

[email protected]
 Connect to your lab equipment

Connect to your lab equipment

Scenario:

Review the lab guide for this class and establish a connection to your management
station.

In this lab, you perform the following tasks:

 Connect to the VLP for access to the lab equipment.
 Test VLP access to the management station within your assigned lab pod.

Your Lab Setup

1. Your instructor should have assigned you an ECS lab pod number, your pod
number is the same number that was part of your VLP login. If you don’t have
either of these, contact your instructor.
From your lab configuration sheet, write down the information below for your
pod. You will need it for lab access throughout this class:

My ECS pod
number:_______________________________________________

Management station (Windows

Host):________________________________

If not already, launch the Chrome browser, and then go to

https://edulab.emc.com

Log into the VLP with your account information.

2. At this point the VLP brings you to the Windows management station login
screen. Click CTRL-ALT-DEL button at the top of the screen to get your login
prompt. Once logged in you have convenient access to all needed tools, and
every other host in your pod.

You can connect back into the same session at any time using the following
credentials:

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 5

[email protected]
Connect to your lab equipment

Login: DELL\Administrator
Password: P@ssw0rd!

3. Open Google Chrome browser in your management station (Jump Server) and
either type in the IP address of site 1 ECS node into the address bar
(192.168.1.5) or click on the ECS Site 1 Luna link.

4. If there is a security certificate error, click Advanced and then click Proceed
(unsafe).

ECS Administration - Lab Guide

Page 6 © Copyright 2021 Dell Inc.

[email protected]
 Connect to your lab equipment

5. Provide the authentication below to log into the ECS Portal:

User Name: root

Password: P@ssw0rd!

You change the browser resolution in Chrome to 75% to 80%. This allows you
to see the entire browser application for the ECS Portal.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 7

[email protected]
Connect to your lab equipment

 NOTE: When you login to the ECS portal for the first time, the GETTING
STARTED checklist is invoked. Since you will configure the system following
the lab guide, click: GO TO ECS

6. Once authenticated, take a moment, expand and explore the following options:
Dashboard, Monitor, Manage, and Settings. These options are located on
the left side of the ECS Portal screen.

DO NOT change your password. The instructor will not be able to change it
back and cannot help you.

7. You can use the ECS Portal to change your password, set password rules,
manage user sessions, and set user agreement text.

a. From the ECS Dashboard select Settings then select Security.

ECS Administration - Lab Guide

Page 8 © Copyright 2021 Dell Inc.

[email protected]
 Connect to your lab equipment

b. Explore each tab setting for changes to Password Rules, Sessions and User
Agreement. If changes are made to this section, the user must log out and
log back in for those changes to take effect. Do not make any changes!

8. You will login to the ECS Portals at all the different sites (ECS Site 1 Luna,
ECS Site 2 Phobos, and ECS Site 3 Deimos) and modify the session
timeouts.

1. Go to Settings>Security>Sessions.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 9

[email protected]
Connect to your lab equipment

2. Change the following values:

a. Inactive session timeout (min): 60

b. Inactive UI session timeout (min): 60
3. Click the Save button.

4. Note: Make sure you have made these setting changes on all three ECS
sites.

ECS Administration - Lab Guide

Page 10 © Copyright 2021 Dell Inc.

[email protected]
 Configure ECS Storage Infrastructure

Configure ECS Storage Infrastructure

Scenario:

Using the ECS Portal, configure the core storage infrastructure elements for your
system: Storage Pool(s), VDC(s) and Replication Group(s)

In this lab, you perform the following tasks:

 Login to the ECS Portal for management access to your system.
 Create Storage Pool(s)
 Create VDC(s)
 Create Local Replication Group
 Create VDC Federation and a Global Replication Group

Create Storage Pool

As you prepare ECS for CRUD, (Create, Read, Update and Delete) there are
specific abstracts which must be created to guarantee a successful configuration.

You begin by creating the storage pool.

1. If not already logged in, bring up the Chrome browser and provide the IP
address (192.168.1.5) or click on the ECS Site 1 Luna link. This will open the
ECS Portal login screen. Provide the authentication information below to log
into the ECS Portal:

User Name: root

Password: P@ssw0rd!

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 11

[email protected]
Configure ECS Storage Infrastructure

2. Go to the Storage Pool Management page by navigating to Manage >

Storage Pools

Select: NEW STORAGE POOL

3. You will create a storage pool by entering in the following information:

a. Name: luna_sp1

b. From the Available Nodes field, select the host luna (a minimum of 1 node
is required) and click the arrow to add nodes to the Selected Nodes area.

c. Leave the Cold Storage setting to off.

 Notice the host name of your ECS node. Each node has a unique default
name, and each rack has a unique color. These values make up the name

ECS Administration - Lab Guide

Page 12 © Copyright 2021 Dell Inc.

[email protected]
 Configure ECS Storage Infrastructure

that cannot be changed. Leave the Available Capacity Alerting at their

defaults.
– See the appendix at the end of this lab guide for more information.
d. When the node(s) are selected click Save to create the storage pool.

 Note: The creation of the storage pool is a time sensitive step. You must
allow a minimum of 15 minutes for this to complete. The storage pool will
show Not Ready as its status, you must not proceed to the next lab exercise
until at least 15 minutes has elapsed since the Save button was clicked.
When you select the storage pool and status shows 'Partially Ready' and
node 1 is 'ready to use' you may continue.

4. Create the Storage Pools at the other sites (ECS Site 2 Phobos, and ECS
Site 3 Deimos). Opening new Chrome browser windows and click the website
links for the other ECS sites in separate browser windows. Login to the ECS
Portals at the other site and use the information below to create the other
Storage Pools:

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 13

[email protected]
Configure ECS Storage Infrastructure

a. Portal login credentials: root / P@ssw0rd!

b. ECS Site 2 Phobos settings:

 Storage Pool Name: phobos_sp2

 Host selected: phobos (192.168.1.6)
c. ECS Site 3 Deimos settings:

 Storage Pool Name: deimos_sp3

 Host selected: deimos (192.168.1.7)
Create First VDC
Now that all the storage pools have all been created (Status: Partially Ready), it is
time to configure the first Virtual Data Center, VDC. In this lab exercise, you will
create the first VDC.

1. Log back into the first site’s ECS portal, ECS Site 1 Luna (192.168.1.5)

2. Go to the Virtual Data Center Management page by navigating to Manage >

Virtual Data Center.

a. Before creating the VDC, an Access Key must be generated. Click GET
VDC ACCESS KEY.

3. When the access key is generated, highlight the access key and copy it
<Ctrl>+<C> since it will be required in the next step. Open a new Notepad++
session on the Windows host and paste the Access Key by using the
<Ctrl>+<V> then save this file to the desktop. You will be adding information
during these lab exercises.

ECS Administration - Lab Guide

Page 14 © Copyright 2021 Dell Inc.

[email protected]
 Configure ECS Storage Infrastructure

4. From the Virtual Data Center Management page Virtual Data Center and click
NEW VIRTUAL DATA CENTER.

5. On the New Virtual Data Center page, enter the following information to
successfully create a VDC within your assigned ECS pod:

a. Name: vdc1_luna

b. Key: <Paste the Access Key generated from step 2>

c. Replication Endpoints: Enter the public IP address of each node in the

VDC's storage pools (192.168.1.5). If adding multiple IP addresses supply
them as a comma-separated list

d. Management Endpoints: Enter the public IP address of each node in the

VDC's storage pools (192.168.1.5). If adding multiple IP addresses supply
them as a comma-separated list.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 15

[email protected]
Configure ECS Storage Infrastructure

e. When the information is entered, click Save to create the VDC. Status will
indicate online.

Create a VDC Federation

1. Open a browser window to the second site and provide the IP address
(192.168.1.6) of the ECS Site 2 Phobos node or select the weblink for the
ECS Site 2 Phobos location. This will bring you to the ECS Portal login screen.
Provide the authentication below to log into the ECS Portal at this site location:

User Name: root

ECS Administration - Lab Guide

Page 16 © Copyright 2021 Dell Inc.

[email protected]
 Configure ECS Storage Infrastructure

Password: P@ssw0rd!

You should change the browser resolution in Chrome to 75% to 80%. This
allows you to see the entire browser application for the ECS Portal.

2. Next, go to the Virtual Data Center Management page by navigating to

Manage > Virtual Data Center. Before creating the VDC, an Access key must
be generated.

a. Click Get VDC ACCESS KEY.

When the key is generated, copy it to the Notepad++ on the Windows host.

3. Once you have copied the site 2 key to Notepad++ on your Windows host,
Log out of ECS Site 2 Phobos (192.168.1.6) now!

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 17

[email protected]
Configure ECS Storage Infrastructure

4. Log back in to ECS Site 1 Luna (192.168.1.5) (in case you logged out).

MAKE SURE YOU RETURN TO: ECS Site 1 Luna (192.168.1.5) NOW!!

5. Go to the Virtual Data Center Management page by navigating to Manage >

Virtual Data Center.
Click NEW VIRTUAL DATA CENTER to create a Global Virtual Data Center.
(Federated)

6. On the New Virtual Data Center page, enter the following information to create
a VDC within your assigned ECS Appliance:

a. Name: vdc2_phobos

b. Key: <Paste the Access Key generated for ECS Site 2 from step 2>

c. Replication Endpoints: Enter the IP address of ECS Site 2 Phobos

192.168.1.6

d. Management Endpoints: Enter the IP address of ECS Site 2 Phobos

192.168.1.6

e. When the information is entered, click Save to create the VDC for site 2.
Status will indicate online.

ECS Administration - Lab Guide

Page 18 © Copyright 2021 Dell Inc.

[email protected]
 Configure ECS Storage Infrastructure

7. The VDC Federation is successfully created which is shown by two VDC's with
two different endpoints.

8. You will now create another federated VDC for the third site, ECS Site 3
Deimos.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 19

[email protected]
Configure ECS Storage Infrastructure

a. Log in to the ECS Portal for ECS Site 3 Deimos (192.168.1.7).

 Credentials: root / P@ssw0rd!

b. Go to the Virtual Data Center Management page by navigating to Manage >
Virtual Data Center.

 Click Get VDC ACCESS KEY.

 When the key is generated, copy it to the Notepad++ on the Windows host.
 Once you have copied the site 3 key to Notepad++ on your Windows host:
 Log out of ECS Site 3 Deimos (192.168.1.7) now!
c. Log back in to ECS Site 1 Luna (192.168.1.5) (in case you logged out).

 MAKE SURE YOU RETURN TO: ECS Site 1 Luna (192.168.1.5) NOW!!
d. Go to the Virtual Data Center Management page by navigating to Manage >
Virtual Data Center.

e. Click NEW VIRTUAL DATA CENTER to create a Global Virtual Data

Center. (Federated)

f. On the New Virtual Data Center page, enter the following information to
create a VDC within your assigned ECS Appliance:

 Name: vdc3_deimos
 Key: <Paste the Access Key generated for ECS Site 3 from step 8b>
 Replication Endpoints: Enter the IP address of ECS Site 3 Deimos
192.168.1.7
 Management Endpoints: Enter the IP address of ECS Site 3 Deimos
192.168.1.7
g. When the information is entered, click Save to create the VDC for site 3.
Status will indicate online.

ECS Administration - Lab Guide

Page 20 © Copyright 2021 Dell Inc.

[email protected]
 Configure ECS Storage Infrastructure

h. The VDC Federation is successfully created which is shown by three VDC's

with three different endpoints. Wait about 5 minutes before proceeding to
the next step.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 21

[email protected]
Configure ECS Storage Infrastructure

Create a Replication Group (Local)

Now that the storage pools and VDCs have been created, you will configure a
replication group. In this lab exercise, you will create a local replication group.

1. If not already, login to the ECS Portal on the ECS Site 3 Deimos
(192.168.1.7) location.

2. Navigate to Manage > Replication Group to open the Replication Group

Management page.

a. Click NEW REPLICATION GROUP to create a replication group for your

pod.

3. On the New Replication Group page, enter the following information:

a. Name: rg_local_deimos

b. Leave default settings for Replicate to All Sites ‘Off’ and Geo Replication
type ‘Active’. All buckets in the Replication Group will be local only.

c. Click ADD VDC, the VDC and Storage Pool created in the previous lab will
appear in their respective drop-down (vdc3_deimos and deimos_sp3).

d. Click Save to create the replication group.

ECS Administration - Lab Guide

Page 22 © Copyright 2021 Dell Inc.

[email protected]
 Configure ECS Storage Infrastructure

4. Click the down arrow to the left of the Replication Group Name. Once the local
replication group has been created, its status will show Online.
Contact your instructor if it is not.

Create Replication Groups (Global)

5. If not already, login to the ECS Portal on ECS Site 1 Luna (192.168.1.5).
Credentials: root / P@ssw0rd!

a. Go to the Replication Group Management page by navigating to Manage >

Replication Group.

b. Click NEW REPLICATION GROUP to start creation of the global replication.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 23

[email protected]
Configure ECS Storage Infrastructure

6. Provide the following information to create the replication group:

a. Name: rg_global_luna_phobos_deimos

b. Replicate to All Sites: On

c. Geo Replication Type: Active

d. Click the ADD VDC button and add the following VDCs:

 Target VDC: vdc1_luna Storage Pool: luna_sp1

 Source VDC: vdc2_phobos Storage Pool: phobos_sp2
 Source VDC: vdc3_deimos Storage Pool: deimos_sp3
e. Click the SAVE button to create the global replication group.

f. The active global replication group has been successfully created.

ECS Administration - Lab Guide

Page 24 © Copyright 2021 Dell Inc.

[email protected]
 Configure ECS Storage Infrastructure

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 25

[email protected]
Basic Tests of I/O Access from Various Data Clients

Basic Tests of I/O Access from Various Data Clients

Scenario:

Using readily available data clients, test basic I/O access by performing "CRUD"
(Create, Read, Update and Delete) operations on ECS data repositories
(commonly referred to as "buckets")

During this lab, you perform the following tasks:

 Create namespaces, local object users, and buckets for initial testing of I/O
access to your ECS system
 Setup ECS Metadata search
 Validate AWS S3 access to ECS using the S3 object browser
 Validate OpenStack Swift access to ECS using the CyberDuck GUI tool
 Write and read Centera C-Clips to CAS-Enabled ECS Buckets

Create ECS Namespaces, Local Users and Buckets

In this lab, you will perform the following tasks:

Create an ECS Namespace in ECS Portal as root user.

Create an object user then, generate and retrieve the S3 Access Key for that user.

Create a bucket and assign the object user as the bucket owner.

1. If not already logged in, using the Chrome browser and login to the ECS Site 1
Luna portal at 192.168.1.5 using the credentials below.

User Name: root

Password: P@ssw0rd!

ECS Administration - Lab Guide

Page 26 © Copyright 2021 Dell Inc.

[email protected]
 Basic Tests of I/O Access from Various Data Clients

2. Navigate to Manage > Users > Management Users and on the User
Management page, click NEW MANAGEMENT USER.

You will see the two default management users that are created during the
initial deployment of the ECS Appliances.

 emcsecurity: Security Administrator This user can prevent remote SSH

access to nodes by locking them.

 root: System and Security Administrator This user performs the initial
configuration of the ECS system.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 27

[email protected]
Basic Tests of I/O Access from Various Data Clients

3. Enter the following details for the Management User:

a. Select Local User

b. Name: ns1_admin

c. Password: P@ssw0rd!

d. Confirm Password: P@ssw0rd!

e. System Administrator: No

f. System Monitor: No

g. Click Save

h. The following Warning will appear, indicating that the management user you
are creating will not be a valid login unless it is mapped to a Namespace.
Click OK to proceed.

ECS Administration - Lab Guide

Page 28 © Copyright 2021 Dell Inc.

[email protected]
 Basic Tests of I/O Access from Various Data Clients

i. The new management user has been created. You will use this new
management user in the next steps when you create a namespace.

4. Navigate to Manage > Namespaces and on the Namespace Management

page, click NEW NAMESPACE.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 29

[email protected]
Basic Tests of I/O Access from Various Data Clients

5. Enter the following details for the new namespace:

a. Name: ns1

b. Namespace Admin: ns1_admin

1. Note: A namespace can have more than one admin user. If there are
multiple admin users, enter comma separated user names in the User
Admin field. In this lab, we will use the new management user created in the
previous steps.
2. Note: The Namespace Root User is used with S3 Identity and Access
Management feature (called S3 IAM)
c. Domain Group Admin: Leave Blank

d. Select the Replication group from the drop-down:

rg_global_luna_phobos_deimos

e. Leave the remaining namespace options configuration to their default values

for this lab.

f. Click Save.

ECS Administration - Lab Guide

Page 30 © Copyright 2021 Dell Inc.

[email protected]
 Basic Tests of I/O Access from Various Data Clients

g. After successful creation of a namespace, notice that it is listed in the

Namespace Management page, as shown below. You can at any time, use
the Edit action to modify Namespace properties. But note that the
Namespace name once created cannot be modified. You must delete the
namespace using the Delete action and recreate a new Namespace with the
desired name.

h. Who is the owning VDC of this new Namespace?

6. Now, you need to create an object user who can own a bucket and perform
read and write operations to it via an external application. ECS Object users,
can access ECS object storage for CRUD operations (Create, Read, Update
and Delete).

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 31

[email protected]
Basic Tests of I/O Access from Various Data Clients

a. Create a new object user for the namespace that you created in the previous
step. You will then use the object user to perform I/O operations through the
bucket that you will be creating in a later lab step.

b. Navigate to Manage > Users > Object Users. Click NEW OBJECT USER.

7. Enter the following details for the new object user:

a. Name: user1

b. Namespace: <Select your namespace from the drop-down> In this lab,

the namespace created in step 7 will appear (ns1).

 An object user is mapped to a namespace, confining the user’s access only

to the buckets associated with the namespace the user is mapped to.
c. Click NEXT TO ADD PASSWORDS.

ECS Administration - Lab Guide

Page 32 © Copyright 2021 Dell Inc.

[email protected]
 Basic Tests of I/O Access from Various Data Clients

8. This step allows for updates and to add passwords for the new object users.
The Object Access section has options to generate passwords for various
clients (S3, Swift and CAS) that are supported for ECS object store access.

a. Click GENERATE & ADD SECRET KEY in the S3/Atmos section then
select Show Secret Key.

b. Highlight the key press <Ctrl>+<A> then <Ctrl>+<C> to copy the key to the
Notepad++ file on your desktop. You will need this key later to create an S3
account and access the ECS object store using the S3 Browser application.

c. Click Close at the bottom of window.

d. Who is the owning VDC for the user1 object user?

e. Now that you have an object user created and the secret key password, you
will need to create a bucket with this object user as the bucket owner.

9. Navigate to Manage > Buckets

Click NEW BUCKET. (Notice that the namespace ns1 is already selected.)

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 33

[email protected]
Basic Tests of I/O Access from Various Data Clients

10. When creating a new bucket, there are three categories of information to
complete: Basic, Required and Optional.

 Enter the ‘Basic’ information for the new bucket with the following
information:

a. Name: bucket1
b. Namespace: ns1
c. Replication Group: rg_global_luna_phobos_deimos
d. Bucket Owner: user1 (the object username you created in a previous step)
- The bucket owner will have the ability to modify bucket ACLs and thus
provide/remove bucket access to other object users in the namespace.
e. Choose Next.

ECS Administration - Lab Guide

Page 34 © Copyright 2021 Dell Inc.

[email protected]
 Basic Tests of I/O Access from Various Data Clients

11. Below are the ‘Required’ bucket configuration options. For now, leave all of
these at their default values. You will experiment with some of these options in
a later lab.

 File System: Enable/Disable file system access on the bucket using HDFS
or NFS export

 CAS: Enable/Disable CAS data access for the bucket

 Metadata Search: Indexes created for the bucket on specific key values

 Access During Outage: Enable/Disable read/write bucket access during

geo-federated site outage when a Temporary Site Outage (TSO) occurs.

 IMPORTANT NOTE: The Access During Outage (ADO) option can be

turned On and Off as required after a bucket is created, however the (ADO)
Read-Only checkbox can only be selected when you turn On ADO at the
time the bucket is created. It cannot be selected or changed after the bucket
is created.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 35

[email protected]
Basic Tests of I/O Access from Various Data Clients

Click Next.

12. Below are the ‘Optional’ bucket configuration options. Leave all of these at
their default values as you will experiment with some of these options in a later
set of labs.

 Quota: Set storage limit/quota on the bucket

 Bucket Tagging: Key-value pairs associated with the bucket, so objects can
be categorized

 Bucket Retention Period: Retention period of a bucket. Period can be

changed during the lifetime of bucket

Click Save.

ECS Administration - Lab Guide

Page 36 © Copyright 2021 Dell Inc.

[email protected]
 Basic Tests of I/O Access from Various Data Clients

13. Upon successful creation of a bucket, you will see the bucket listed in the
Bucket Management page as shown below.

Note: You can filter and view the buckets in a particular namespace by
selecting the namespace from the Namespace drop-down.

You cannot modify the bucket name, replication group and namespace
attributes of a bucket.

The Edit bucket option, under the Actions list, will allow you to change other
bucket properties like bucket owner, quota, ACLs, etc. which you will explore
in subsequent lab exercises.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 37

[email protected]
Basic Tests of I/O Access from Various Data Clients

Configure ECS Metadata Search

1. To configure metadata search, navigate to Manage > Buckets.
Click NEW BUCKET.

2. Enter the following ‘Basic’ details for the new bucket.

a. Name: bucket2

b. Namespace: ns1

c. Replication Group: rg_global_luna_phobos_deimos

d. Bucket Owner: user1

e. Click Next

ECS Administration - Lab Guide

Page 38 © Copyright 2021 Dell Inc.

[email protected]
 Basic Tests of I/O Access from Various Data Clients

3. In the ‘Required’ section scroll down to Metadata Search.

Click On.

4. To configure metadata search key/value pairs, the namespace admin must

know the metadata attributes that are required to be searchable. While system
metadata attributes are available to be selected, user metadata key/value
pairs need to be manually created.

NOTE: Metadata Search key/value pairs can ONLY be added at the time the
bucket is created and cannot be added to or modified after the bucket is
created.

The following is an example of attributes that can be added to a bucket.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 39

[email protected]
Basic Tests of I/O Access from Various Data Clients

Attributes change depending on customer needs:

image-width (Integer)
image-height (Integer)
image-viewcount (Integer)
gps-latitude (Decimal)
gps-longitude (Decimal)

5. To configure some metadata search keys, enter the following information:

a. From the Type drop-down, select User.

b. In the Name field, type image-width. The name is already prefixed.

c. From the Data Type drop-down, select Integer.

d. Click ADD.

e. Enter the remaining metadata search attributes listed in step 4, then click
Next.

ECS Administration - Lab Guide

Page 40 © Copyright 2021 Dell Inc.

[email protected]
 Basic Tests of I/O Access from Various Data Clients

6. Leave Quota and Bucket Tagging at their defaults.

Click Save.

The new bucket, bucket2 has metadata search Enabled.

Verify that you have created an object user and provisioned 2 buckets. You
will now use the object user to ingest and access data.

Who is the owning VDC for bucket1 and bucket2?

7. To verify that the VDCs are federated and replication has been setup between
the 3 site locations, perform the following:

a. In the Chrome Browser select the ECS Site 2 Phobos and login to the ECS
Portal with credentials: root / P@ssw0rd!

b. Navigate to Manage > Virtual Data Center verify that you can see VDCs
vdc1_luna, vdc2_phobos, and vdc3_deimos.

c. Navigate to Manage > Replication Group verify that you can see the
replication rg_global_luna_phobos_deimos.

d. Navigate to Manage > Namespace verify that you can see the namespace
ns1.

e. Navigate to Manage > Users >Object Users and verify that you can see the
S3 object user user1.

f. Navigate to Manage > Buckets, select the ns1 namespace and verify that
you can see the buckets bucket1 and bucket2.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 41

[email protected]
Basic Tests of I/O Access from Various Data Clients

g. Perform the step b – f on the ECS Site 3 Deimos by logging into the ECS
Portal with credentials: root / P@ssw0rd!

Test I/O Access to ECS from the AWS S3 Browser

In this lab, you will perform the following activities:

 Access the ECS storage using S3 Browser

 Perform CRUD (Create, Read, Update and Delete) operations on ECS buckets
as an object user who you created in the previous lab

1. Open the browser using the shortcut on your Desktop:

2. You will see the Add New Account screen.

Fill in the fields with the following details:

See example below on how to fill in each field.

Once entered, click Add new account.

ECS Administration - Lab Guide

Page 42 © Copyright 2021 Dell Inc.

[email protected]
 Basic Tests of I/O Access from Various Data Clients

3. Once you add the new account the S3 Browser shows 2 buckets, bucket1 and
bucket2 that were created in the previous lab.

You will see that information in the left pane as shown below.

This is because the object user was set as the bucket owner when the bucket
was created.

Added object users in the same namespace cannot view this bucket until the
bucket owner modifies the ACL to allow a new object user to view or operate
on a bucket.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 43

[email protected]
Basic Tests of I/O Access from Various Data Clients

4. If you click the Permissions tab in the bottom pane, you will see that the
object user has Full Control permission set on both buckets, since the bucket
owner by default, would have full access over the bucket.

You will experiment with the bucket permissions also known as ACL (Access
Control List) for different object users later in this lab.

ECS Administration - Lab Guide

Page 44 © Copyright 2021 Dell Inc.

[email protected]
 Basic Tests of I/O Access from Various Data Clients

5. Now select bucket1 to upload some files. Click the Upload button and then
choose Upload files(s) to upload to the bucket. Use any of the files in the
C:\Lab Software\Test Files folder for testing uploads and downloads.

Do the same for bucket2.

6. Now, download some files using the Download button. You can also delete a
file(s) using the Delete button.

7. Close your S3 Browser.

Test I/O Access to ECS from Cyberduck (OpenStack Swift objects)

In this lab, you will perform the following activities:

 Access the ECS storage using Cyberduck Browser

 Create an ECS OpenStack Swift bucket
 Perform CRUD (Create, Read, Update and Delete) operations on the Swift
bucket as an object user

1. Open Chrome browser then navigate to your primary ECS Site 1 Luna
(192.168.1.5).

Click Manage > Users > Object Users, and then click NEW OBJECT USER.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 45

[email protected]
Basic Tests of I/O Access from Various Data Clients

2. Now create an object user named swiftuser1 for connection to ECS using
swift protocol.

Leave Namespace at default ns1

Click NEXT TO ADD PASSWORDS.

ECS Administration - Lab Guide

Page 46 © Copyright 2021 Dell Inc.

[email protected]
 Basic Tests of I/O Access from Various Data Clients

3. Enter the following information:

a. Swift Groups: admin

b. Swift password: P@ssw0rd!

c. Click SET GROUPS AND PASSWORD. You will see a message at the top
indicating success.

d. Click Close when complete and the settings will be saved.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 47

[email protected]
Basic Tests of I/O Access from Various Data Clients

4. Create a second object user:

a. Name: swiftuser2

b. Leave Namespace at default ns1

c. Click the NEXT TO ADD PASSWORDS.

d. Swift Groups: admin

ECS Administration - Lab Guide

Page 48 © Copyright 2021 Dell Inc.

[email protected]
 Basic Tests of I/O Access from Various Data Clients

e. Swift password: P@ssw0rd!

f. Click SET GROUPS AND PASSWORD. You will see a message at the top
indicating success.

g. Click Close when complete and the settings will be saved.

5. Open Cyberduck application.

a. Click the Add button “+” on the bottom left.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 49

[email protected]
Basic Tests of I/O Access from Various Data Clients

6. In the New Connection dialog box, enter the following information:

a. Connection type: OpenStack Swift (Keystone 2.0)

b. Nickname: swiftuser1

c. Server: 192.168.1.5 Port: 9025

d. Tenant ID:Access Key: ns1:swiftuser1 (notice you are identifying the

namespace and the user separated by a colon)

e. Secret Key: P@ssw0rd!

f. Close the dialog box with the X in the upper right corner when done and
settings will be saved.

ECS Administration - Lab Guide

Page 50 © Copyright 2021 Dell Inc.

[email protected]
 Basic Tests of I/O Access from Various Data Clients

7. Double-click the bookmark you just created.

8. Select Continue with the Certificate Error.

If there is a warning about an invalid certificate, select Always Trust then

select Continue.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 51

[email protected]
Basic Tests of I/O Access from Various Data Clients

9. Once the connection is open, go to File and click New Folder.

10. Name the folder container1.

Click Create.

ECS Administration - Lab Guide

Page 52 © Copyright 2021 Dell Inc.

[email protected]
 Basic Tests of I/O Access from Various Data Clients

11. You will now see container1.

The container (Viewable in the ECS Portal) will be created and available for
file upload, download, and delete. It will appear in the ECS Portal as a bucket.

Be sure to select the Namespace which the bucket was created in and verify in
your ECS Portal that the new bucket was created.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 53

[email protected]
Basic Tests of I/O Access from Various Data Clients

12. Using Windows Explorer, navigate to C:\Lab Software folder, open the Test
Files folder then drag and drop Test.txt onto container1 in Cyberduck.

If prompted about an invalid certificate, click Continue. This will copy the file to
the container as shown below.

13. Using the Cyberduck application menu bar select Bookmark then select New

ECS Administration - Lab Guide

Page 54 © Copyright 2021 Dell Inc.

[email protected]
 Basic Tests of I/O Access from Various Data Clients

Bookmark.

14. Configure Cyberduck for swiftuser2.

In the New Connection dialog box, enter the following information shown
below.

a. Connection type: OpenStack Swift (Keystone 2.0)

b. Nickname: Swiftuser2

c. Server: 192.168.1.5 Port: 9025

d. Tenant ID:Access Key: ns1:swiftuser2

e. Secret Key: P@ssw0rd!

f. Close the dialog box with the X in the upper right corner when done and
settings will be saved.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 55

[email protected]
Basic Tests of I/O Access from Various Data Clients

15. Double click the new bookmark icon for swiftuser2.

16. You will see container1 created by swiftuser1.

This is because any ECS Swift user by default is added to the admin group.
The admin group has full permissions to all Swift containers. See the appendix
at the end of the lab guide for curl commands you can execute to address this
behavior.

ECS Administration - Lab Guide

Page 56 © Copyright 2021 Dell Inc.

[email protected]
 Basic Tests of I/O Access from Various Data Clients

Put and Get Centera C-Clips from ECS using CAS Tools
In this lab, you will perform the following activities:

 Create a CAS bucket and user

 Access the ECS storage using JCASScript
 Perform CRUD (Create, Read, Update and Delete) operations with JCASScript

1. In the ECS Portal select Manage > Bucket and create a NEW BUCKET.

a. Bucket Name: casbucket

b. Namespace: ns1

c. Replication Group: rg_global_luna_phobos_deimos

d. Bucket Owner: root

e. Click Next.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 57

[email protected]
Basic Tests of I/O Access from Various Data Clients

2. In the required section, enable CAS.

Leave the default settings for Reflection, Expiration and Age.

Click Next.

ECS Administration - Lab Guide

Page 58 © Copyright 2021 Dell Inc.

[email protected]
 Basic Tests of I/O Access from Various Data Clients

3. In the Optional section, leave the defaults and click Save.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 59

[email protected]
Basic Tests of I/O Access from Various Data Clients

4. From the ECS Portal select Manage > Users to create a new object user

a. Select NEW OBJECT USER

b. Name: casuser

c. Use the existing namespace

d. Click NEXT TO ADD PASSWORDS.

ECS Administration - Lab Guide

Page 60 © Copyright 2021 Dell Inc.

[email protected]
 Basic Tests of I/O Access from Various Data Clients

5. Set the CAS password information (perform these steps in the order shown):

1. Enter the CAS password as P@ssw0rd!

2. Click the SET PASSWORD button

3. From the Default Bucket drop-down choose the casbucket you created in
step 1 of this lab exercise.

4. Click SET BUCKET.

5. Click GENERATE PEA FILE

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 61

[email protected]
Basic Tests of I/O Access from Various Data Clients

6. Copy the content of the PEA File generated to the clipboard (Select the text
and press <CTRL> + <C>).

7. In Windows Explorer open Notepad++ then paste the contents of the

ECS Administration - Lab Guide

Page 62 © Copyright 2021 Dell Inc.

[email protected]
 Basic Tests of I/O Access from Various Data Clients

generated PEA File (<CTRL> + <V>) and save the contents in a file named
pea.p to your Desktop.

8. Click Close.

9. From the ECS Portal, navigate to Manage > Buckets.

a. On the Bucket Management page, select your namespace so that your

buckets are listed.

b. Once selected, drop-down the corresponding Actions list and choose Edit
ACL for casbucket

10. Click ADD to add a user ACL.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 63

[email protected]
Basic Tests of I/O Access from Various Data Clients

11. Fill in the User Name field with the CAS object user name you created in step
4 of this lab exercise.

Be sure casuser has Full Control checked on the bucket and click Save.

ECS Administration - Lab Guide

Page 64 © Copyright 2021 Dell Inc.

[email protected]
 Basic Tests of I/O Access from Various Data Clients

12. Using Windows Explorer, navigate to C:\ and locate the JCASScript-win32-
3.2.35 folder

Move the pea.p file on your desktop to the C:\JCASScript-win32-3.2.35 folder.

13. Set CMD window properties.

a. Right Click the Window menu icon and select the Run box. Type cmd and
press OK.

b. Right Click on the upper left corner on the window and select Properties

c. In Options Tab > Edit Options > Quick Edit Mode ensure this box is
checked to allow copy and paste.

d. Click the OK button

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 65

[email protected]
Basic Tests of I/O Access from Various Data Clients

14. Change Directory using cd \JCASScript-win32-3.2.35

Run the command java -jar JCASScript.jar to start the program. You will be
at the CASScript prompt.

15. Run the following command to connect to casbucket:

Note: Command syntax is case sensitive with CAS.

a. poolOpen 192.168.1.5?pea.p

 Note: The command shown is using the relative path to the PEA file. The
absolute path can be specified alternatively using the following command:
b. CASScript> poolOpen <ip_of_ECS node>?C:\JCASScript-win32-
3.2.35\pea.p

ECS Administration - Lab Guide

Page 66 © Copyright 2021 Dell Inc.

[email protected]
 Basic Tests of I/O Access from Various Data Clients

16. Copy a small file from C:\Lab Software\Test Files to the C:\ JCASScript-
win32-3.2.35 directory.

17. Transfer the file and save it on ECS as a clip in the CAS bucket.

a. Type in the command: fileToClip Test.txt

 A New Clip ID (Content Address) will be generated.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 67

[email protected]
Basic Tests of I/O Access from Various Data Clients

18. Now open the new clip.

a. Using your mouse, highlight and copy the new clip ID returned by the
“fileToClip” command from the previous step.

b. Enter the command: clipOpen <ContentAddress>

ECS Administration - Lab Guide

Page 68 © Copyright 2021 Dell Inc.

[email protected]
 Basic Tests of I/O Access from Various Data Clients

19. To view clip properties run the command: clipRawView.

20. To close the clip run the command: clipClose.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 69

[email protected]
Basic Tests of I/O Access from Various Data Clients

21. Run the command: clipTofile <ContentAddress> savedclip.txt

This saves the clip to a file named “savedclip.txt” in your local C:\
JCASScript-win32- 3.2.35 directory. Compare the two clips, Test.txt and
savedclip.txt.

ECS Administration - Lab Guide

Page 70 © Copyright 2021 Dell Inc.

[email protected]
 Basic Tests of I/O Access from Various Data Clients

22. To delete the clip from a CAS bucket run the command: clipDel
<ContentAddress>

1. Once complete, enter exit to close the CASScript program.

2. Close the CMD window.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 71

[email protected]
ECS customization's: ACLs, Bucket Policy, Quotas and Retention

ECS customization's: ACLs, Bucket Policy, Quotas and

Retention

Scenario:

Experiment with ECS features for access control (ACLs), quotas and retention for
object data

In this lab, you perform the following tasks:

 Test ACLs with local object users in ECS
 Create and test a bucket policy
 Configure and verify the enforcement of quotas within ECS
 Define retention policies and understand their effect

Test ACLs with Local Object Users in ECS

This lab includes the usage of ACLs to control the access permissions on buckets
for various object users. You will perform the following tasks:

Create a second, new object user in the existing namespace you created in the
previous lab.

Modify the bucket ACL to provide access to the new object user.

Using the S3 Browser, verify that the ACL defined is regulating read/write access
as you expected.

Experiment with the Group ACL option for a bucket

1. Login to the Primary ECS Site 1 Luna Portal at 192.168.1.5 using the
following credentials:

User Name: root

Password: P@ssw0rd!

ECS Administration - Lab Guide

Page 72 © Copyright 2021 Dell Inc.

[email protected]
 ECS customization's: ACLs, Bucket Policy, Quotas and Retention

2. From the ECS Portal, create a new object user as described below.

a. Navigate to Manage > Users. Click on Object Users, then click NEW
OBJECT USER.

b. User name: user2

c. Namespace: ns1

d. Click NEXT TO ADD PASSWORDS to generate the S3 access key

e. GENERATE & ADD SECRET KEY for the S3 client.

f. Select: Show Secret Key box. <Ctrl>+<A> to select and <Ctrl>+<C> to copy
the key to Notepad++.

g. Click Close at bottom of window.

3. Next, create an account for this object user in S3 Browser.

a. Open S3 Browser

b. In S3 Browser, under Accounts menu select Add New Account.

c. Fill in the fields with the following details shown below.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 73

[email protected]
ECS customization's: ACLs, Bucket Policy, Quotas and Retention

4. After completing the previous step, you will now be using the new S3 account
created for the user2 user.

ECS Administration - Lab Guide

Page 74 © Copyright 2021 Dell Inc.

[email protected]
 ECS customization's: ACLs, Bucket Policy, Quotas and Retention

Change to the user2 account by Selecting Accounts > user2

5. In the Bucket Explorer pane, S3 Browser will automatically list only the
bucket(s) owned by this user2 user. To view other buckets which the same
user has access to (via ACLs), you must use the Add External Bucket under
the Buckets menu of the S3 Browser.

From the S3 Browser, navigate to Buckets > Add External Bucket option.

6. Enter the name of the bucket you created in the previous lab (bucket1) and
click Add External bucket.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 75

[email protected]
ECS customization's: ACLs, Bucket Policy, Quotas and Retention

7. Now the bucket is listed in the left pane as shown:

8. Now, select the bucket to view the contents. You will get the below popup
message.
Click Yes.

9. What do you see?

ECS Administration - Lab Guide

Page 76 © Copyright 2021 Dell Inc.

[email protected]
 ECS customization's: ACLs, Bucket Policy, Quotas and Retention

You get an error stating “Access Denied” as shown below.

This is because, user2 does not have read access privilege on the bucket.

Click OK.

10. Now go check what the bucket ACL looks like in the ECS Portal.

Login to the ECS Site 1 Luna (192.168.1.5) as root with password:

P@ssw0rd!

Navigate to Manage > Buckets.

11. Choose the Edit ACL option from the Actions drop-down of bucket1.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 77

[email protected]
ECS customization's: ACLs, Bucket Policy, Quotas and Retention

12. There are three types of bucket ACLs shown.

• User ACLs - enables admin user to provide read and write privileges on a
bucket for an object user.
• Group ACLs - lets you set permissions for a set of pre-defined group
• Custom Group ACLs - Custom groups are names of user groups for access

You will first test User ACLs and then move on to Group ACLs.
As below, you can see that the User ACL, by default has an entry for the
bucket owner with Full Control permission.

13. You want the user2 user to read bucket contents, so you will add a new rule
for this user.

Click Add in the User ACLs.

Enter the object user name user2

You can see a list of permissions available. Unselect all the permissions
except for Read. You will just assign read privilege to the user.

Click Save.

ECS Administration - Lab Guide

Page 78 © Copyright 2021 Dell Inc.

[email protected]
 ECS customization's: ACLs, Bucket Policy, Quotas and Retention

14. On successful creation of the rule, you can see that the object user was added
to the User ACL list as seen below:

15. Now, go back to the S3 Browser where user2 is logged in and click Refresh.
You can see the files that you uploaded to bucket1 as user1 user from the

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 79

[email protected]
ECS customization's: ACLs, Bucket Policy, Quotas and Retention

previous lab.

16. You can also verify, through the S3 Browser, that user2 has read access to
bucket1. Change the account to user1, and select the Permissions tab.

17. Change the Account user back to user2. Now try performing an Upload
operation.

Did you succeed?

No, because the user2 does not have write permission on the bucket. You
can view the “Access Denied” error in the Tasks pane at the bottom of S3
Browser as shown below:

18. What would you do to enable user2 to perform upload operations?

ECS Administration - Lab Guide

Page 80 © Copyright 2021 Dell Inc.

[email protected]
 ECS customization's: ACLs, Bucket Policy, Quotas and Retention

Experiment with various ACL permissions and test how they affect operations
you can perform from the S3 Browser.

19. You tested how you could use ACLs to give permission to a user for bucket
access.

Now you will see how Group ACLs can be used to provide permissions on a
large set of pre-defined user groups.
Below are the groups available in Group ACLs.

Public: All users, both authenticated and anonymous

All users: All authenticated users
Log delivery: Not Supported
Other: All authenticated users, except the bucket owner

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 81

[email protected]
ECS customization's: ACLs, Bucket Policy, Quotas and Retention

20. You will first try the All users Group ACL. For this, you need to create a new
object user in ECS Portal. From the ECS Portal, create a new object user as
described below.

a. Navigate to Manage > Users.

b. Click on Object Users, and then click New Object User.

c. Username: user3

d. Namespace: ns1

e. Click NEXT TO ADD PASSWORDS to generate the S3 access key

f. Select GENERATE & ADD SECRET KEY for the S3 client. Choose Show
Secret Key.

g. <Ctrl>+<A> to select and <Ctrl>+<C> to copy the key to Notepad++.

h. Click Close at bottom of window.

21. Now, add a new Group ACL rule to allow all users to perform read operation.
In the ECS Portal, navigate to Manage > Buckets.

22. Select your namespace (ns1) from the Namespace dropdown list.

Select Edit ACL from the Actions drop-down for the bucket1 bucket.

Select the Group ACLs tab.

You can see that the Group ACL does not have any rules. Click Add.

23. Select all users from the Group Name drop-down.

ECS Administration - Lab Guide

Page 82 © Copyright 2021 Dell Inc.

[email protected]
 ECS customization's: ACLs, Bucket Policy, Quotas and Retention

Unselect all permissions except the Read permission and click Save.

This rule will provide read permission on the bucket to all authenticated users.

24. Now, your Group ACL will look as shown below:

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 83

[email protected]
ECS customization's: ACLs, Bucket Policy, Quotas and Retention

25. Now that you have read permission set on bucket for all authenticated users
in the same namespace, try to read this bucket as user3 using S3 Browser.

Note: S3 Browser free edition will allow a maximum of two accounts. So, you
will get a warning when you try to add a new account for user3.

Click No when the pop-up appears.

Delete user2 by selecting Accounts > Manage accounts

26. Add a new account for user3. . Fill in the fields with the following information
shown.

ECS Administration - Lab Guide

Page 84 © Copyright 2021 Dell Inc.

[email protected]
 ECS customization's: ACLs, Bucket Policy, Quotas and Retention

27. Change account by selecting Accounts > user3.

28. Add external bucket to get the bucket1 listed on the bucket explorer pane.
Select bucket1 to see that user3 is able to read the bucket. Note that there is
no ACL that specifically adds access to this particular user; our all users
Group ACL enabled the user to read buckets.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 85

[email protected]
ECS customization's: ACLs, Bucket Policy, Quotas and Retention

29. You can also experiment with the public Group ACL. Adding permission to
this group enables even anonymous, or unauthenticated, users to access the
bucket. S3 Browser will not allow you to create an account without any
credentials. So, you will use the curl command-line utility to test public
access.

30. Connect to your ECS Site 1 Luna node using PuTTY to:

IP address: 192.168.1.5
Login: admin
Password: ChangeMe

31. Issue the curl command below, which is an anonymous request to read the

ECS Administration - Lab Guide

Page 86 © Copyright 2021 Dell Inc.

[email protected]
 ECS customization's: ACLs, Bucket Policy, Quotas and Retention

bucket1 bucket.

curl https://192.168.1.5:9021/bucket1/ -H "x-emc-

namespace:ns1" -k

As you see below, you will get the Access Denied error. This is expected,
since the bucket ACL does not permit anonymous user access.

NOTE: If you want the xml output to be in a readable format, you can pipe the
curl command output through xmllint --format -

32. Next in the ECS Portal, create a Group ACL which gives read permission to
the public group. This will allow both authenticated and anonymous users to
perform read access on the bucket.

a. Navigate to Manage > Buckets

b. Select Edit ACL from the Actions drop-down for the bucket1 bucket. Select
the Group ACLs tab.

c. Click Add

 Group Name: public

 Permission: Read
d. Click Save

Upon successful creation, the Group ACL of the bucket will appear as shown.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 87

[email protected]
ECS customization's: ACLs, Bucket Policy, Quotas and Retention

33. Now from the PuTTY session, re-run the curl command:

curl https://192.168.1.5:9021/bucket1/ -H "x-emc-

namespace:ns1" -k

Verify that the command now succeeds.

NOTE: If you want the xml output to be in a readable format, you can pipe the
curl command output through xmllint --format -

Define an ECS Bucket Policy

This lab includes the usage of bucket policies that can be created or modified
through the ECS Portal You will perform the following tasks:

 Create a bucket policy on a bucket.

 Test the bucket policy.

34. If not already, login to the ECS Portal on ECS Site 1 Luna (192.168.1.5) with
the credentials: root / P@ssw0rd!

ECS Administration - Lab Guide

Page 88 © Copyright 2021 Dell Inc.

[email protected]
 ECS customization's: ACLs, Bucket Policy, Quotas and Retention

35. Navigate to Manage > Buckets and select the ns1 namespace from the
dropdown.

36. Add a new bucket called bucket6 owned by object user1 on replication group
rg_global_luna_phobos_deimos.

37. Click the arrow next to the Edit Bucket for bucket6 and select Edit Policy.

38. The Bucket Policy Management view is displayed. This view allows you to
create or edit bucket polices. There are different editing modes you can select.
For this lab we will use the default edit mode, Format JSON data, with
proper indentation and line feeds.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 89

[email protected]
ECS customization's: ACLs, Bucket Policy, Quotas and Retention

39. You will now create a bucket policy on bucket6 that allows object user2 to
write and read objects from bucket2 from IP address 192.168.1.5. Recall that
bucket6 is owned by user1.

Enter the following JSON code, exactly as shown, into the Bucket Policy
Editor:

Note: In the C:/Lab Software directory on the jump server there is a text file
called bucketpolicy.txt that contains this JSON code.

ECS Administration - Lab Guide

Page 90 © Copyright 2021 Dell Inc.

[email protected]
 ECS customization's: ACLs, Bucket Policy, Quotas and Retention

Click the SAVE button.

40. Start up the S3 Browser. Navigate to Accounts > Manage accounts and
delete the user3 account. Click Save changes.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 91

[email protected]
ECS customization's: ACLs, Bucket Policy, Quotas and Retention

41. Navigate to Accounts > Add new accounts and add a new S3 account
user2:

ECS Administration - Lab Guide

Page 92 © Copyright 2021 Dell Inc.

[email protected]
 ECS customization's: ACLs, Bucket Policy, Quotas and Retention

42. You will now be using the new S3 account created for the user2 user.

a. Change to the user2 account by selecting Accounts > user2

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 93

[email protected]
ECS customization's: ACLs, Bucket Policy, Quotas and Retention

43. To view bucket6 you must use the Add External Bucket under the Buckets
menu of the S3 Browser.

a. From the S3 Browser, navigate to Buckets > Add External Bucket option.

44. Enter the name of the bucket you created in the previous lab (bucket6) and
click Add External bucket.

45. Upload some objects to bucket6 from C:\Lab Software\Test Files.

Try deleting objects as well.

ECS Administration - Lab Guide

Page 94 © Copyright 2021 Dell Inc.

[email protected]
 ECS customization's: ACLs, Bucket Policy, Quotas and Retention

Define ECS retention policies and Study Their Effect

This lab includes the usage of retention policy and retention period on objects and
bucket. You will perform the following tasks:

 Create retention policies in namespace.

 Set retention period on bucket.
 Use S3curl to create objects with retention policies and retention period.
 Experiment with bucket and object retention and determine which take
precedence.

1. You will first experiment with retention period option on buckets. Login to the
ECS Site 1 Luna (192.168.1.5) Portal using the below credentials:

User Name: root

Password: P@ssw0rd!

2. Navigate to Manage > Buckets

In the Bucket Management page, select your namespace ns1 from the drop-
down.

For the bucket1 bucket, click on Edit Bucket.

3. In the Edit Bucket page, select Next, then select Next again. You will see the
Bucket Retention Period section.

The retention period is set at the bucket or object level. It prevents the
objects to be modified or deleted until the retention period elapses, after the

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 95

[email protected]
ECS customization's: ACLs, Bucket Policy, Quotas and Retention

original object creation time.

The bucket retention period can be set in units ranging from seconds to
years.

There is also an Infinite option which when checked. This option prevents any
modification of the object indefinitely.

For this experiment: set the bucket retention to 1 months.

Click Save.

4. Now, go to the S3 Browser and select user1 account.

Click on a file in the bucket1 to select it and click Delete.

ECS Administration - Lab Guide

Page 96 © Copyright 2021 Dell Inc.

[email protected]
 ECS customization's: ACLs, Bucket Policy, Quotas and Retention

5. Click Yes on the delete file confirmation pop-up.

The delete operation failed because the object/file creation time is not more
than the 1-month retention period that you had set on the bucket. You can see
the error message by clicking on the Failed task in the Tasks pane at the
bottom of the S3 Browser.

As you see the status message states that the object cannot be deleted
because it is subject to retention.

6. Modify the retention period of the bucket to a smaller duration (duration less
than the current age of your test object, based on its creation time).
Try again to delete the object in the bucket. You can see that the Delete
operation succeeds without any problem.

7. Next, you will explorer namespace retention policies.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 97

[email protected]
ECS customization's: ACLs, Bucket Policy, Quotas and Retention

Retention policies are configured for the Namespace level. Multiple retention
policies can be defined for a given Namespace.
Policies can be applied to objects using S3 curl commands.

Navigate to Manage > Namespace then click Edit on your ns1 Namespace.

8. In the Retention Policies section enter the following values for the new
retention policy:

Name: retention10min
Value: 10 minutes

Click ADD

Create another retention policy using the following values.

Name: retention20min
Value: 20 minutes

Click ADD

Click Save.

You will use these two retention polices, retention10min and retention20min,
on two different objects in the bucket1 and test how retention works.

ECS Administration - Lab Guide

Page 98 © Copyright 2021 Dell Inc.

[email protected]
 ECS customization's: ACLs, Bucket Policy, Quotas and Retention

9. The ECS Portal does not offer the ability to set retention policy on objects. You
will need to use s3curl utility to set this option.

s3curl is the Amazon S3 authentication tool for curl. Since ECS uses custom
header with x-emc string prefixed, the s3curl script needs to be modified to
include the x-emc in the header attribute.

You can find the pre-modified s3curl.pl file at C:\Lab Software\s3curl path in
your management station. You can find more information and details on
modifications to the s3curl.pl file at https://www.dell.com/support/home/.
You must have an account and sign in to view documentation.

The C:\Lab Software\s3curl path has these two files:

s3curl.pl – The modified s3curl file to include x-emc in header.

dot_s3curl.txt – The sample configuration file containing the authentication
details.

You will copy these files to your primary ECS node using WinSCP.

Open WinSCP from your desktop and login into ECS Site 1 Luna
(192.168.1.5)
User Name: admin Password: ChangeMe

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 99

[email protected]
ECS customization's: ACLs, Bucket Policy, Quotas and Retention

10. Once logged into WinSCP you will be in the /home/admin directory of the
node. If you see a warning message appear, click Yes to continue.

11. In the left side pane change to the C:\Lab Software\s3curl directory. Select
the 2 files, s3curl.pl and dot_s3curl.txt then drag them over to /home/admin
directory.

When completed exit out of the WinSCP tool.

ECS Administration - Lab Guide

Page 100 © Copyright 2021 Dell Inc.

[email protected]
 ECS customization's: ACLs, Bucket Policy, Quotas and Retention

12. Log in to your ECS node, ECS Site 1 Luna (192.168.1.5) as

admin/ChangeMe using PuTTY on your management station.

Note: The dot_s3curl.txt you will find in the s3curl directory MUST be
renamed to .s3curl on the ECS node and reside in the home directory of the
admin user, (/home/admin).

Use the Linux mv command. (Example: mv dot_s3curl.txt .s3curl)

Now you need to update the my_profile section with your object user’s
credentials and update the endpoints with the IP address of your ECS node
that you are currently logged in and its hostname.

Run “hostname” command to get the FQDN of your ECS node.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 101

[email protected]
ECS customization's: ACLs, Bucket Policy, Quotas and Retention

1. Issue the command: vi .s3curl

2. Edit the .s3curl file that you copied to the /home/admin directory and
perform the below changes, then save the .s3curl file.

3. To edit the file contents using vi you will need to place vi into INSERT mode
by pressing the i key on the keyboard. You use the keyboard arrow keys
to move the cursor around to the desired locations that need to be edited.

ECS Administration - Lab Guide

Page 102 © Copyright 2021 Dell Inc.

[email protected]
 ECS customization's: ACLs, Bucket Policy, Quotas and Retention

Once you have completed ALL the changes, take vi out of INSERT mode by
pressing the ESC key on the keyboard. To save the file with changes, type:
wq!

13. Change the permission on the s3curl files by running the following. Make sure
you are in the /home/admin directory.

Issue the command: pwd

Now enter:
chmod 600 .s3curl
chmod 755 s3curl.pl

14. In the PuTTY session, run the below command to test if s3curl is functional.

./s3curl.pl

If everything is properly configured, this should display the s3curl help.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 103

[email protected]
ECS customization's: ACLs, Bucket Policy, Quotas and Retention

15. Now try to upload a file to the bucket2 bucket as an object and set retention
policy on that object.
You will need new files in your ECS node to test the retention policy feature.

Copy a few small files from C:\Lab Software\Test Files location in your
management station to the ECS node using WinSCP.

16. On the ECS Node in Putty run the S3curl command as below:

ECS Administration - Lab Guide

Page 104 © Copyright 2021 Dell Inc.

[email protected]
 ECS customization's: ACLs, Bucket Policy, Quotas and Retention

./s3curl.pl --debug --id=my_profile --put Test2.txt -- -H 'x-emc-retention-

policy:retention10min' https://192.168.1.5:9021/bucket2/Test2.txt -k

You can see that the command has executed successfully.

17. Now, go to the S3 Browser and click Refresh.

Click on the file that you uploaded using s3curl.

Then, select the Http Headers tab in the bottom pane like you see below.

You can see that there is a new header x-emc-retention-policy set with the
retention policy as value. You will not find this header for other files that you
uploaded directly from S3 Browser.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 105

[email protected]
ECS customization's: ACLs, Bucket Policy, Quotas and Retention

18. Click on other files uploaded through S3 Browser and check their headers.

Using a retention policy with objects instead of hard coding a retention period
value provides more manageability. Any change to the retention policy
automatically applies to every object configured with that particular retention
policy.

19. Similar to the above, you can upload other objects and set a different retention
policy on them. Upload another sample file with the retention20min retention
policy using S3curl and check its http header.

20. Now, try to delete the file before the retention policy expires.

Similar to the retention period set on bucket: the retention policy will not let you
to delete the object until the object lifetime exceeds the time period specified
via the retention policy.

21. You can also set a specific retention time period on objects using S3curl
commands.

Go back to your the ECS node session in PuTTY and create a new file for
upload using below command.

echo “retention period test” >> retentionperiod.txt

Enter ls to verify file creation.

Now, run the S3curl upload command shown below:

./s3curl.pl --debug --id=my_profile --put

retentionperiod.txt -- -H 'x-emc-retention-period:600'
https://192.168.1.5:9021/bucket2/retentionperiod.txt -k

Note: The unit of retention period in the command above is in seconds. So, in
the command you are setting object retention of 10 minutes on the
retentionperiod.txt file.

You can see below that the command has executed successfully.

Verify this in the S3 Browser.

ECS Administration - Lab Guide

Page 106 © Copyright 2021 Dell Inc.

[email protected]
 ECS customization's: ACLs, Bucket Policy, Quotas and Retention

22. Go back to your S3 Browser and click Refresh.

Do you see the new file you uploaded in the previous step? Click on the file to
select it.

Select the Http Headers tab and view the headers.

In this case, there is a new header x-emc-retention-period added.

23. Repeat the delete file operation with its retention period set.

24. At this point, you understand what retention period and policies are, and how
they work on object and bucket level.

Next, experiment with which takes precedence, the retention set at bucket

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 107

[email protected]
ECS customization's: ACLs, Bucket Policy, Quotas and Retention

level or the object level. You can do that by trying the scenario below:

1. Set retention period on bucket1 to 10 minutes.

2. Set retention period on object to 5 minutes.

Now, try to delete the object after 5 minutes. What happens, are you able to
delete the object?

Next, you can try the reverse: set the retention period on the bucket to be less
than the retention period of the object. Then try deleting the object and
observe the behavior.

Advanced Retention Management

This lab includes applying advanced retention settings to a CAS Bucket. You will
be applying the following settings using the Min/Max Governor:

 Enforce Retention Information in Object

 Bucket Retention Period
 Minimum Fixed Retention Period
 Maximum Fixed Retention Period
 Minimum Variable Retention Period
 Maximum Variable Retention Period

1. If not already, login to the ECS Site 1 Luna portal at 192.168.1.5 using the
credentials below:

User name: root

Password: P@ssw0rd!

ECS Administration - Lab Guide

Page 108 © Copyright 2021 Dell Inc.

[email protected]
 ECS customization's: ACLs, Bucket Policy, Quotas and Retention

2. Navigate to Manage > Buckets. In the Bucket Management page, select your
namespace ns1 from the Namespace drop-down list. Click Edit Bucket on
your casbucket.

3. Select Next then Next again to view the Optional setting page.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 109

[email protected]
ECS customization's: ACLs, Bucket Policy, Quotas and Retention

4. In the Optional Edit Bucket page, scroll down to the Enforce Retention
section.

Here are the options for advanced retention settings are displayed. Below is
the detailed description of the options displayed.

Enforce Retention: If this control is enabled, no CAS object can be created

without retention information (period or policy). An attempt to save such an
object will return an error.

Bucket Retention Period: The bucket retention period is set at the bucket or
object level. It prevents the objects to be modified or deleted until the retention
period elapses, after the original object creation time. If both a bucket-level
and an object-level retention period are set, the longer period will be enforced
on the bucket. In a Compliance-enabled environment, Bucket Retention Period
is mandatory unless retention information in the object is enforced.

Minimum/Maximum Fixed Retention Period: This feature governs the

ECS Administration - Lab Guide

Page 110 © Copyright 2021 Dell Inc.

[email protected]
 ECS customization's: ACLs, Bucket Policy, Quotas and Retention

retention periods specified in objects. If an object's retention period is outside

of the bounds specified here, an attempt to write the object fails. Min/max
retention constrains are applied to any C-Clip written to a bucket. If a clip is
migrated by any SDK-based third-party tool, the retention should be within
bounds. Else, an error is received.

Minimum/Maximum Variable Retention Period: This feature governs

variable retention periods specified in objects using Event-Based Retention
(EBR). If an object's new retention period is outside of the bounds specified
here, an attempt to write the object in response to the trigger fails.

5. The retention period can be set in units ranging from seconds to years. There
is also an Infinite option which when selected from the drop-down prevents
any modification of the object indefinitely.

For this exercise, set the following values:

 Enforce Retention: On

 Bucket Retention Period: 1 Years

 Minimum Fixed Retention Period: 1 Years

 Maximum Fixed Retention Period: Infinite

 Minimum Variable Retention Period: 3 Years

 Maximum Variable Retention Period: Infinite

 Click Save.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 111

[email protected]
ECS customization's: ACLs, Bucket Policy, Quotas and Retention

Configure and verify enforcement of ECS quotas

In this lab, you will experiment on implications of setting hard quota at the
namespace and at the bucket level. You will perform the following tasks.

 Create a management user (Namespace Administrator)

 Create a new namespace with the Namespace Administrator as the owner
 Enable hard quota on the namespace
 Create two buckets in the namespace, with one of the buckets enabled with
hard quota
 Test the quota behavior

1. Login to the ECS Site Luna portal at 192.168.1.5 using the credentials below:

User name: root

Password: P@ssw0rd!

ECS Administration - Lab Guide

Page 112 © Copyright 2021 Dell Inc.

[email protected]
 ECS customization's: ACLs, Bucket Policy, Quotas and Retention

2. First, you will create a new Namespace Administrator.

Namespace Administrator is a management user without system

administrative privileges. The Namespace Administrator has permission to
manage buckets and users in the Namespace this user owns.

Navigate to Manage > Users.

Select the Management Users tab.
Then, click NEW MANAGEMENT USER.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 113

[email protected]
ECS customization's: ACLs, Bucket Policy, Quotas and Retention

3. In the New Management User page, enter the below information.

Select Local User option (A Namespace Administrator can be a local ECS

user or a user in Active Directory)

Name: ns2_admin

Password: P@ssw0rd!

Confirm Password: P@ssw0rd!

System Administrator: No (Leave the default value)

System Monitor: No (Leave the default value)

Click Save.

Click OK to warning.

Note: As mentioned in the New Management User page, a management user

without the System Administrator rights will be able to login to the ECS portal
only if the user is mapped as a Namespace Administrator for a namespace.

ECS Administration - Lab Guide

Page 114 © Copyright 2021 Dell Inc.

[email protected]
 ECS customization's: ACLs, Bucket Policy, Quotas and Retention

4. After successful creation of management user, you can see the user listed in
the Management User page.

5. The next step is to create a new namespace, mapping the management user
created in previous step, as the Namespace Admin. You will also enable hard
quota setting on this namespace.

Navigate to Manage > Namespace

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 115

[email protected]
ECS customization's: ACLs, Bucket Policy, Quotas and Retention

Create a new namespace with the below details:

a. Name: ns2

b. Namespace Admin: ns2_admin

c. Replication Group: rg_global_luna_phobos_deimos

d. On Namespace Quota: Enabled with 'Block access at' set to 2 GiB

e. Send Notification at: 2GiB

f. Leave Default Bucket Quota: Off

There are three options available to choose from, related to Namespace

quota:

ECS Administration - Lab Guide

Page 116 © Copyright 2021 Dell Inc.

[email protected]
 ECS customization's: ACLs, Bucket Policy, Quotas and Retention

Notification Only at: Known as soft quota, this option will trigger a notification
when the capacity used reaches the specified limit.

Block Access Only at: Known as a hard quota setting which, when reached,
prevents write/update access to buckets in the namespace.

Block Access at: Known as a hard quota setting which, when reached,
prevents write/update access to the buckets in the namespace and the quota
setting at which you are notified.

Note: 1 GiB is the minimum value that can be set for the quota.

Click Save.

6. Now that you have a namespace created, the next step is to login to the ECS
Portal as the new Namespace Administrator and create buckets in the
namespace.

Logout from the portal and login as Namespace Administrator using the
credentials below:

User Name: ns2_admin

Password: P@ssw0rd!

7. As a Namespace Administrator, you will now create an object user. This object
user will be used to perform read and write operations on the buckets created
in the ns2 namespace.

a. From the ECS Portal select Manage > Users > NEW OBJECT USER

b. Create new local object user user4

c. Select ns2 to map the user to the namespace

d. Select Next to Add Passwords.

e. Generate S3 secret access key and copy it to Notepad++.

f. Select Close when complete

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 117

[email protected]
ECS customization's: ACLs, Bucket Policy, Quotas and Retention

8. You are now going to create a bucket in the namespace with the user4
created in the previous step as the owner. You will also enable quota on this
bucket.

From the ECS Portal select Manage > Buckets.

In the Bucket Management page, select your namespace ns2 from the drop-
down.

Click New Bucket and create a bucket with the following details for Basic
Configuration:

Note: Like the namespace quota, a hard quota is set on this bucket to prevent
upload operations when the bucket’s quota limit is reached.

1. Name: bucket4

2. Namespace: ns2

3. Replication Group: rg_global_luna_phobos_deimos

4. Bucket Owner: user4

5. Select Next then select Next on the Required page

6. On the Option page select the following:

7. Quota On with ‘Block Access at’ set to 1 GiB

8. Send Notification set to 1 GiB

9. Click Save.

ECS Administration - Lab Guide

Page 118 © Copyright 2021 Dell Inc.

[email protected]
 ECS customization's: ACLs, Bucket Policy, Quotas and Retention

9. Now create another bucket in the same namespace ns2. But this bucket will
not have quota enabled.

Use the following details to create new bucket in the Basic section:

a. Name: bucket5

b. Namespace: ns2

c. Replication Group: rg_global_luna_phobos_deimos

d. Bucket Owner: user4 (object user you created earlier in this lab)

e. Click Next then Next again so that you are on the Optional page.

f. On the Optional page ensure that Quota is Off

g. Click Save

10. Upon successful creation of bucket5 the Bucket Management page would
look as seen below. You can see that bucket4 has 1 GiB of hard quota
enabled and bucket5 does not have any quota set.

11. Now try to perform an upload operation to these buckets.

Start the S3 Browser.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 119

[email protected]
ECS customization's: ACLs, Bucket Policy, Quotas and Retention

Choose Accounts > Manage Accounts

Delete account user3

Create a new account for user4.

From the menu bar select Accounts then select Add new account

Fill in the fields with the following details then select Add new account.

Then select your new account in the S3 Browser: user4.

ECS Administration - Lab Guide

Page 120 © Copyright 2021 Dell Inc.

[email protected]
 ECS customization's: ACLs, Bucket Policy, Quotas and Retention

12. In the S3 Browser’s Bucket Explorer pane on the left, you can see the buckets

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 121

[email protected]
ECS customization's: ACLs, Bucket Policy, Quotas and Retention

bucket4 and bucket5 listed by default. This is because the user4 is the owner
of both the buckets.

Now upload some files into bucket4 from C:\Lab Software\Test Files path in
your management station.

Choose three of the largest mp4 files for the upload operation.

13. You can see below that bucket4 has around 1.38 GB of files.

14. Upload two files to bucket5 total size not more than 1 GiB

Check the number of files in a bucket and the total object size in it from the
Properties tab in the bottom of S3 Browser.

Select the bucket name and then select the Properties tab to view the
corresponding information.

15. To test the quota option, it is very important to check the ECS Metering and

ECS Administration - Lab Guide

Page 122 © Copyright 2021 Dell Inc.

[email protected]
 ECS customization's: ACLs, Bucket Policy, Quotas and Retention

ensure that the number of objects in the buckets (bucket4 and bucket5) listed
in the Metering page match the actual number of files/objects in the bucket.

To verify the object counts in the ECS Portal, ensure you are logged in as
ns2_admin.Navigate to Monitor then select Metering.

a. Select Last 24 Hours in the Date Time Range filter.

b. Select the namespace from the list in the left pane using the arrow icon and
then select the bucket4 and bucket5 from the list using the arrow icon.

c. Click Apply.

Scroll down to see the number of objects, objects created, and objects deleted
in the bucket.

16. As you see below, the Object Count should display the actual number of
objects along with size of the uploaded objects in the respective bucket.

IMPORTANT: There can be an update time lag. Before you move on to the
next lab steps insure that the object count is correct. This may require you to
apply the defined filter multiply times.

17. Using the user4 account in the S3 Browser, upload files into bucket5 from

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 123

[email protected]
ECS customization's: ACLs, Bucket Policy, Quotas and Retention

C:\Lab Software\Test Files location in your management station.

At some point when you try to upload additional files the upload operation will
fail based on the Block Access at setting that you have defined.

Select the Failed tab.

You can see that the status shows “Failed – Forbidden: Check if quota has
been exceeded” error.

But you did not enable quotas on bucket5.

So why did the upload operation fail?

18. Log out of your ECS Portal, then log back in as root. As root user, navigate to
Monitor > Events, then select the Alerts.

Highlighted below are the quota exceeded notifications for the namespace
ns2, as well as for bucket4.

ECS Administration - Lab Guide

Page 124 © Copyright 2021 Dell Inc.

[email protected]
 ECS customization's: ACLs, Bucket Policy, Quotas and Retention

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 125

[email protected]
ECS Identity and Access Management (IAM)

ECS Identity and Access Management (IAM)

Scenario:

In the Identity and Access Management Lab Exercise you will:

 Configure IAM users and groups

 Attach managed polices
 Create inline policies

IAM Configuration
19. If not already, login to the ECS Site 1 Luna portal at (192.168.1.5) using the
credentials below:

User name: root

Password: P@ssw0rd!

20. Select Manage > Namespace. Click the Edit button for the ns1 namespace.

21. Look at the Namespace Root User field, it is automatically populated with
root@@ns1. This is the default format.

ECS Administration - Lab Guide

Page 126 © Copyright 2021 Dell Inc.

[email protected]
 ECS Identity and Access Management (IAM)

22. Click the MANAGE button next to the Namespace Root User field.

23. Select On to enable UI access for the Namespace root user for IAM.

Enter the Namespace Root User password and the Confirm Namespace Root
User password:

a. Namespace Root User Password: P@ssw0rd!

b. Confirm Namespace Root User Password: P@ssw0rd!

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 127

[email protected]
ECS Identity and Access Management (IAM)

Click the SAVE button.

24. Navigate to the Manage > Identity and Access (S3). On the Identity and
Access Management page, select the ns1 namespace from the dropdown.

25. Click NEW USER and enter the following information:

ECS Administration - Lab Guide

Page 128 © Copyright 2021 Dell Inc.

[email protected]
 ECS Identity and Access Management (IAM)

a. Name: iamuser

b. Click Next

26. On the Permissions page, the new user can be added to a group and attach
policies. For now, leave the default settings. We will add a group and setup
policy later. Click Next.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 129

[email protected]
ECS Identity and Access Management (IAM)

27. Here you can attach tags to add metadata to the new user. Leave this blank.
Click NEXT.

28. Review the new user configuration and click Create User. The new user is
created with an Access key ID and the Access Secret Key.

To save the access information, either copy and paste the Access key ID and
Access Secret Key to Notepad or you can download the (dot)csv file.

Click the Download (dot)csv and open Notepad or Notepad++. Here you
can see the Access Key ID and Access Secret Key for the IAM user.

ECS Administration - Lab Guide

Page 130 © Copyright 2021 Dell Inc.

[email protected]
 ECS Identity and Access Management (IAM)

Click Complete.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 131

[email protected]
ECS Identity and Access Management (IAM)

29. Now you will use S3curl to test the IAM user permissions. Open a PuTTY
session to 192.168.1.5

Click Open.

30. Login with the credentials: admin / ChangeMe

31. Now you will edit the .s3curl file using the vi command.

vi .s3curl

To edit the file contents using vi you will need to place vi into INSERT mode
by pressing the i key on the keyboard. You use the keyboard arrow keys to
move the cursor around to the desired locations that need to be edited.

Add the following lines to the .s3curl file:

ECS Administration - Lab Guide

Page 132 © Copyright 2021 Dell Inc.

[email protected]
 ECS Identity and Access Management (IAM)

Once you have completed ALL the changes, take vi out of INSERT mode by
pressing the ESC key on the keyboard. To save the file with changes, type
:wq!

Now test access to bucket1 using the IAM user called iamuser using the
s3curl.pl command.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 133

[email protected]
ECS Identity and Access Management (IAM)

Run the following command: ./s3curl.pl --debug --

id=my_IAM_profile -- https://192.168.1.5:9021/bucket1 -k

The result is an access denied because permissions are not configured for
the IAM user.

32. You will now add permissions to the iamuser. Logout of the ECS Portal and
login as the Namespace Root User:

Login: root@@ns1
Password: P@ssw0rd!

ECS Administration - Lab Guide

Page 134 © Copyright 2021 Dell Inc.

[email protected]
 ECS Identity and Access Management (IAM)

33. Navigate to Manage > Identity and Access (S3). Select ns1 from
Namespace dropdown, and select the Policies tab.

34. In this tab, you can create a new managed policy or use one of the five
predefined managed policies provided. You then can attach a policy to a
user, group or role.

35. To do this; select the Users tab. We will create an inline policy only for the
specific IAM user created earlier.

A policy is created either through the visual editor or using JSON

a. Select Edit for the IAM user

b. Select the Permissions tab

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 135

[email protected]
ECS Identity and Access Management (IAM)

c. Click Add Inline Policy and Enter a name for the policy:

a. Name: iampolicy1

Click NEXT.

Use the Visual Editor option;

a. In the Service field you must select one of three choices. Select S3.
 Actions allow you to set the granularity of the user’s permissions.
b. Select List to enable ListBucket and ListAllMyBuckets permissions.

ECS Administration - Lab Guide

Page 136 © Copyright 2021 Dell Inc.

[email protected]
 ECS Identity and Access Management (IAM)

c. Here you can select a specific bucket or all resources. Select All Resources.
d. Request Condition allows you to set a source IP restriction or create a
condition key. We will skip this field.

Click Next
36. In the Review page, verify your choices and click SAVE. A new inline Policy

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 137

[email protected]
ECS Identity and Access Management (IAM)

has been added to the user.

37. Now you will test the access permissions for the new IAM user using the
s3curl command.

a. PuTTY into the node 192.168.1.5 with credentials admin / ChangeMe

b. Run the following command:

c. /s3curl.pl --debug --id=my_IAM_profile --

https://192.168.1.5:9021/bucket1 -k

ECS Administration - Lab Guide

Page 138 © Copyright 2021 Dell Inc.

[email protected]
 ECS Identity and Access Management (IAM)

The contents of bucket1 are listed. If you attempted to write a new object to
bucket1, it would fail with an access denied error. The IAM user does not have
write permissions to bucket1. Write command example below:
./s3curl.pl --debug --id=my_IAM_profile --put Test.txt --
https://192.168.1.5:9021/bucket1/Test.txt -k
38. IAM also supports groups and roles. You will now create a group and add the
IAM User to it.

a. Navigate to Manage > Identity and Access (S3). Select the Groups tab,
select ns1 from the Namespace dropdown, and click NEW GROUP.

b. Enter the Group Name iamgroup1 and Click Next

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 139

[email protected]
ECS Identity and Access Management (IAM)

Select ECS Managed. A list of pre-defined policies are listed. Select the policy
called ECSS3FullAccess.

NOTE: If a new policy needs to be created, you must go to the Policy tab in
the Identity and Access Management page and create the new Managed
Policy first.

ECS Administration - Lab Guide

Page 140 © Copyright 2021 Dell Inc.

[email protected]
 ECS Identity and Access Management (IAM)

Click Next

Review the new group and the policies that are attached.

Click Save.

The new group has need created. Now you will add a user to the group. Click
the down arrow next to the Edit button and select Add Users.

Select the user iamuser and then click Add Users.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 141

[email protected]
ECS Identity and Access Management (IAM)

Click OK to ‘Are you sure to add 1 user(s) to group IAMgroup?’

The new user is added to the group and will follow the policies of that group.

39. Re-run the s3curl command to create a new object in bucket1:

./s3curl.pl --debug --id=my_IAM_profile --put Test.txt --

https://192.168.1.5:9021/bucket1/Test.txt -k

You can go to the S3 Browser, change accounts to user1, select bucket1,

then select the object Test.txt. Click the Properties tab and you will see that
the object was created and is owned by urn:ecs:iam::ns1:root

ECS Administration - Lab Guide

Page 142 © Copyright 2021 Dell Inc.

[email protected]
 ECS Identity and Access Management (IAM)

40. Similar to IAM user access keys, the namespace Root Access Key tab
creates access keys for the Root user account to access S3 and the IAM
APIs.

Recall that a namespace has a Root user (root@@<Some Namespace>)

associated with it that can be enabled. When enabled the user has an IAM
access key.

These are also long-term credentials which consists of an access key ID and
secret access key.

This user can have two Access Keys associated with access at any time.

1. Navigate to Manage > Identity and Access (S3). Select the namespace
ns1 from the dropdown. Then click the Root Access Key tab.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 143

[email protected]
ECS Identity and Access Management (IAM)

2. Click CREATE ACCESS KEY.

 To save the root access information, you can either copy and paste the
Access key ID and Access Secret Key to Notepad or you can Download
(dot)csv.

Click Close

ECS Administration - Lab Guide

Page 144 © Copyright 2021 Dell Inc.

[email protected]
 ECS Identity and Access Management (IAM)

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 145

[email protected]
ECS Multi-tenancy with Active Directory/LDAP Integration

ECS Multi-tenancy with Active Directory/LDAP

Integration

Scenario:

Using readily available data clients, test basic I/O access by performing "CRUD"
operations on ECS data repositories (commonly referred to as "buckets")

In this lab, you perform the following tasks:

 Review the pre-configured domain, groups, and domain users in your Active
Directory server
 Configure the Active Directory server as an Authentication Provider using the
ECS Portal
 Create and customize two namespaces to service a dual-tenant environment
(Finance and Sales groups)
 Test I/O client access to ECS using Active Directory domain users in both
tenants

Review the Configuration of an Active Directory Server

This lab environment includes the Active Directory setup used for multi-tenancy.

1. To demonstrate the multi-tenancy feature of ECS, the following structure is

created in Active Directory.

Two user groups named Finance and Sales reside in AD. These groups will
be considered as individual tenants and they will have their own namespace
created in ECS.

Note: This structure is used for simple proof-of-concept (POC) only. There is
a single Active Directory server which simulates a realistic representation of an
Enterprise customer using ECS, with multiple business units within the
enterprise representing ECS tenants. All business units are sharing a single
Active Directory setup.

ECS Administration - Lab Guide

Page 146 © Copyright 2021 Dell Inc.

[email protected]
 ECS Multi-tenancy with Active Directory/LDAP Integration

2. In this lab, each user group within Active Directory (i.e. each tenant) will have
two types of user: Admin and Object. The Active Directory structure is
preconfigured and made available for you in this lab.

You will use these Active Directory details to add your authentication provider
from the ECS Portal.

All users will have the same AD privilege and will be part of two AD groups:
Domain users and User group, and the user group is named by their tenant.

Shown below are the properties of fadmin and fuser1 for the Finance tenant.

Similarly, Sales group users have access to sadmin and suser1 users which
are members of Domain users and the Sales tenant.

From the ECS perspective, the Admin users (fadmin & sadmin) will be
considered as management users - specifically, namespace admins. They
will have access to the ECS Portal with limited capabilities - each can manage

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 147

[email protected]
ECS Multi-tenancy with Active Directory/LDAP Integration

their own namespace, e.g. add or remove users in their own namespace.

fuser1, fuser2, suser1 and suser2 are ECS Object users who will have
access only to the ECS object store, to perform CRUD operations.

In your Active Directory environment, all users have been configured with
P@ssw0rd! as their respective password.

Add Active Directory server as an ECS authentication provider

In this lab, you will add an Active Directory server as the authentication provider to
your ECS instance.

1. Login to your ECS Portal 192.168.1.5 using the credentials below:

User Name: root

Password: P@ssw0rd!

2. Navigate to Manage > Authentication

In Authentication Provider Management page, click NEW AUTHENTICATION

PROVIDER.

ECS Administration - Lab Guide

Page 148 © Copyright 2021 Dell Inc.

[email protected]
 ECS Multi-tenancy with Active Directory/LDAP Integration

3. In the New Authentication Provider page, enter the following values from the
below table (NOTE: There are NO spaces after the commas):

The Group whitelist below are the Active Directory groups which will be
allowed to access the ECS storage.

Click Save.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 149

[email protected]
ECS Multi-tenancy with Active Directory/LDAP Integration

a. Upon successful addition of the ECS authentication provider, your

authentication provider management screen will appear as below.

4. From the ECS Portal select Users > Management Users. You will create two
new management users which are [email protected] and [email protected]

Select: NEW MANAGEMENT USER

Select: AD/LDAP User or AD Group

Select User from the drop-down.

Username: [email protected]

System Administrator: No

System Monitor: No

Click Save

Click OK to the message displayed

Perform the same operation for the sadmin account

You will use this authentication provider in the next lab to create namespaces
with domain configuration.

ECS Administration - Lab Guide

Page 150 © Copyright 2021 Dell Inc.

[email protected]
 ECS Multi-tenancy with Active Directory/LDAP Integration

Configure ECS Namespaces with Domain Groups for Multi-

tenancy
In this lab, you will create namespaces with domain configuration.

1. Login to the ECS Portal 192.168.1.5 using below credentials

User Name: root

Password: P@ssw0rd!

2. Next, you need to create namespaces for the tenants (Finance and Sales)
with Domain details.

Navigate to Manage > Namespace

Click on NEW NAMESPACE

3. Enter the following values for the new namespace.

Name: finance_ns

User Admin: [email protected]

Domain Group Admin: [email protected]

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 151

[email protected]
ECS Multi-tenancy with Active Directory/LDAP Integration

Replication Group: rg_global_luna_phobos_deimos

Once complete entering, scroll down to the button showing DOMAIN.

4. Click DOMAIN.

Enter the following values for the Domain configuration:

NOTE: no spaces between the entries above.

ECS Administration - Lab Guide

Page 152 © Copyright 2021 Dell Inc.

[email protected]
 ECS Multi-tenancy with Active Directory/LDAP Integration

Click Save.

a. Domain: dell.edu

b. Groups: Finance (This namespace will be assigned for Finance tenant

users)

c. Attribute: objectCategory

d. Values: CN=Person, CN=Schema, CN=Configuration, DC=dell, DC=edu

NOTE: no spaces between the entries above.

e. Click Save.

5. Upon successful creation of the Finance Domain namespace, it will be listed

in the Namespace Management page as shown below.

6. Log out of the ECS Portal. Now login to ECS Portal 192.168.1.5 as the new
Namespace Administrator using these credentials:

User Name: [email protected]

Password: P@ssw0rd!

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 153

[email protected]
ECS Multi-tenancy with Active Directory/LDAP Integration

Click Dashboard in the navigation pane. Ignore any errors that might appear
at the top of your browser.

Is that done by ECS, or by some other component in your environment?

7. Navigate to Manage > Namespace

Notice that the Namespace Management page has only one namespace
listed, which is owned by [email protected]

When you login as this Namespace Admin, you can only view the namespace
that this Admin account owns.

8. Navigate to other ECS management views like Storage pools, VDC etc. Are
you able to view the details?

You cannot see those details because the Namespace Administrator’s access
is limited to bucket and object user management of a namespace. The user
will not be authorized to view other ECS system administrative attributes.

9. Navigate to User Management page to add a new (Domain) object user

using the below details. Click on NEW OBJECT USER

Name: [email protected]

ECS Administration - Lab Guide

Page 154 © Copyright 2021 Dell Inc.

[email protected]
 ECS Multi-tenancy with Active Directory/LDAP Integration

Namespace: finance_ns

Click NEXT TO GENERATE PASSWORDS

Click GENERATE & ADD SECRET KEY in the S3/Atmos section then select
Show Secret Key. Copy this key to Notepad++ as you will be using it to verify
I/O access.

Select Close

Now, logoff from the ECS portal and login as [email protected] using the AD
password.

You can see that the authentication succeeds against AD/LDAP, but the user
will not be able to view or perform any operation in the ECS Portal because
the user is not authorized.

Logoff from the ECS portal.

10. Login to the ECS Portal 192.168.1.5 as root user with P@ssw0rd! as the
password.

Navigate to the Namespace Management (Manage > Namespace) page and

create another namespace for the Sales tenant using the below details.

Name: sales_ns

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 155

[email protected]
ECS Multi-tenancy with Active Directory/LDAP Integration

Namespace Admin: [email protected]

Domain Group Admin: [email protected]

Replication Group: rg_global_luna_phobos_deimos

Domain: dell.edu

Groups: Sales

Attribute: objectCategory

Values: CN=Person, CN=Schema, CN=Configuration, DC=dell, DC=edu

11. Click DOMAIN and add the following information:

Domain: dell.edu

Groups: Sales

Attribute: objectCategory

Values: CN=Person, CN=Schema, CN=Configuration, DC=dell, DC=edu

NOTE: No spaces between the entries above.

Click Save.

12. Now, log off from the ECS portal and login as the Sales namespace
administrative user using these credentials:

User Name: [email protected]

Password: P@ssw0rd!

13. Navigate through different pages and observe what this user can view and the
actions the user is able to perform.

Were you able to see other namespaces and their object users?

ECS Administration - Lab Guide

Page 156 © Copyright 2021 Dell Inc.

[email protected]
 ECS Multi-tenancy with Active Directory/LDAP Integration

Verify I/O Access to ECS from Tenant Users using AD

In this lab, you will verify data isolation in the ECS multi-tenant setup by performing
I/O operations.

1. Now that you have the secret access key and object user created for the
domain user [email protected] from the previous lab, follow the steps below to
perform read/write operations in the S3 Browser.

The trial version of the S3 Browser only allows up to two accounts, you will
need to delete one account: S3 Browser Accounts > Manage Accounts >
Delete user4.

Create a new account for [email protected] using the secret access key from
the ECS Portal.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 157

[email protected]
ECS Multi-tenancy with Active Directory/LDAP Integration

2. Ensure you are logged into the ECS Portal as either root or [email protected]

3. Select Manage > Buckets > NEW BUCKET, and create a new bucket for
[email protected]

Bucket name: fuser1bucket

Namespace: finance_ns

Replication Group: rg_global_luna_phobos_deimos

Bucket Owner: [email protected]

ECS Administration - Lab Guide

Page 158 © Copyright 2021 Dell Inc.

[email protected]
 ECS Multi-tenancy with Active Directory/LDAP Integration

Click NEXT > NEXT > SAVE

4. Go to the S3 Browser, select Accounts > [email protected]

The fuser1bucket appears in the bucket pane.

5. Upload a few files from C:\Lab Software\Test Files path in your management
station to verify I/O access.

6. (OPTIONAL STEP)

Perform the same operation using the Sales tenant group and Sales users.
Then, create a bucket for a Sales user in the S3 Browser.

You can then test the multi-tenancy data isolation by trying to read the buckets

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 159

[email protected]
ECS Multi-tenancy with Active Directory/LDAP Integration

created by Finance tenant users.

Follow the instructions in the the previous lab: “Test ACLs with local object
users in ECS” to create ACLs and add external buckets.

ECS Administration - Lab Guide

Page 160 © Copyright 2021 Dell Inc.

[email protected]
 ECS Monitoring and Maintenance

ECS Monitoring and Maintenance

Scenario:

Browse through the ECS Monitoring Data and Perform Basic Health Checks

In this lab, you will perform the following tasks:

 Explore Dashboard categories

 Explore the metering capabilities of ECS using the ECS Portal
 View resource usage using ECS monitoring features
 Check hardware health and monitoring history

EMC Portal Dashboard

1. Login to the ECS Portal 192.168.1.5 as Username: root password:
P@ssw0rd!

From the ECS Portal Dashboard you will see basic system information. You
can hover your mouse cursor over points in the performance graph. Click on a
highlighted category to examine more details.

Expand Monitor.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 161

[email protected]
ECS Monitoring and Maintenance

2. In the ECS Portal under Monitor select Metering.

From the Date Time Range drop-down select Custom. In the From field,
enter yesterday’s date. Similarly, in the To field, enter today’s date. Your
Namespace ns1 along with others will show up in the Namespace listing.

Select Namespace for ns1. This will populate the Select Buckets listing with
the buckets you have previously created.

From the Select Buckets list select all buckets that are part of ns1 namespace by
using the arrow icon.

Click Apply. Once applied, scroll down the screen to view object metrics and
traffic that have occurred during the custom date range selected.

ECS Administration - Lab Guide

Page 162 © Copyright 2021 Dell Inc.

[email protected]
 ECS Monitoring and Maintenance

3. Using the Monitor menu, select Events and observe the recent Audit and
Alert activities which have occurred during your lab exercises.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 163

[email protected]
ECS Monitoring and Maintenance

4. From the Monitor menu, select Capacity Utilization to view Capacity, Used
Capacity, Garbage Collection, Erasure Encoding and CAS Processing.

Click the History button to view the Capacity history. You can hover your
mouse cursor over points in the graph to view metrics at a specific time.

Many of these report views also have filtering capabilities as well.

ECS Administration - Lab Guide

Page 164 © Copyright 2021 Dell Inc.

[email protected]
 ECS Monitoring and Maintenance

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 165

[email protected]
ECS Monitoring and Maintenance

5. Navigate to System Health then choose the Hardware Health tab.

Now choose All Nodes and Disks. This will show your node(s) and status.
You can click your Node(s) name to view further details.

ECS Administration - Lab Guide

Page 166 © Copyright 2021 Dell Inc.

[email protected]
 ECS Monitoring and Maintenance

6. Navigate to Geo Replication.

There are several tabs available to view details on the geo-configuration.

Click through these tabs to view each of their attributes.

NOTE: If your ECS is not configured for Geo Replication the fields will be
blank.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 167

[email protected]
ECS Monitoring and Maintenance

ECS Administration - Lab Guide

Page 168 © Copyright 2021 Dell Inc.

[email protected]
 ECS Monitoring and Maintenance

Alert Policies
Alert policies are created to alert about metrics and are triggered when the
specified conditions are met. Alert policies are created per VDC. There are two
types of alert policy:

System alert policies

 System alert policies are predefined and exist in ECS during deployment.
 All the metrics have an associated system alert policy.
 System alert policies cannot be updated or deleted.
 System alert policies can be enabled/disabled.
 Alert is sent to the UI and all channels (SNMP, SYSLOG, and Secure Remote
Services).

User-defined alert policies

 You can create User-defined alert policies for the required metrics.
 Alert is sent to the UI and customer channels (SNMP and SYSLOG).

For more information on Alert Messages please consult the latest ECS Monitoring
Guide. You must sign in, or create a account for access to ECS
Documentation. https://www.dell.com/support/home/en-us

7. Alert policies are configured from the ECS Portal. Select Settings > Alerts
Policy.

Shown below are some of the pre-defined system alerts.

To create a new User Defined Alert Policy, select NEW ALERT POLICY

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 169

[email protected]
ECS Monitoring and Maintenance

8. New Alert Policy configuration page.

ECS Administration - Lab Guide

Page 170 © Copyright 2021 Dell Inc.

[email protected]
 ECS Monitoring and Maintenance

1. Give a unique Alert policy name.

2. Use the metric type drop-down menu to select a metric type. Metric Type is
a grouping of statistics. It consists of:

a. Btree Statistics
b. CAS GC Statistic
c. Geo Replication Statistics
d. Metering Statistics
e. Garbage Collection Statistics
f. EKM
3. Use the metric name drop-down menu to select a metric name which is
based off the metric type.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 171

[email protected]
ECS Monitoring and Maintenance

4. Select level:

 To inspect metrics at the node level, select Node.

 To inspect metrics at the VDC level, select VDC.
5. Select polling interval

 Polling Interval determines how frequently data should be checked. Each

polling interval gives one data point which is compared against the specified
condition and when the condition is met, alert is triggered.
6. Select instances:

 Instances describe how many data points to check and how many should
match the specified conditions to trigger an alert. For metrics where
historical data is not available only the latest data is used.
7. Select conditions:

 You can set the threshold values and alert type with Conditions. The alerts
can be either a Warning Alert, Error Alert, or Critical Alert.
8. To add more conditions with multiple thresholds and with different alert
levels, select Add Condition.

9. Once complete Click Save.

ECS Administration - Lab Guide

Page 172 © Copyright 2021 Dell Inc.

[email protected]
 Temporary Site Outage (TSO) and Permanent Site Outage (PSO) Lab

Temporary Site Outage (TSO) and Permanent Site

Outage (PSO) Lab

Scenario:

This lab will simulate a VDC Temporary Site Outage (TSO). It will allow you to see
how ECS reacts to a TSO events and to allow you to see the behavior with Access
During Outage (ADO) enabled on a Federated Global bucket that is part of a three
(3) site VDC global replication group. You will also initiate a Permanent Site Outage
(PSO) and observe a Failover process.

In this lab, you will perform the following tasks:

 Simulate a network failure on one of three VDCs that are part of a global
replication group.
 Observe the behavior and process that the ECS system goes through to allow
continued access to objects from the other VDC sites in the global replication
group with ADO enabled.
 Access existing data objects and write new data objects via the S3 Browser
during the TSO event from the remaining VDC site nodes.
 Permanently remove the failed VDC from the global replication group, initiating
a Permanent Site Outage (PSO) via the ECS Portal.
 Observe the behavior and process that the ECS system uses, called Failover,
to re-protect objects and meta data on the remaining VDCs in the global
replication group via the ECS Portal.

Set ADO on Bucket1

9. The next thing you will do is to set Access During Outage (ADO) on bucket1.
You will NOT turn on ADO for bucket2. Recall that both buckets are owned by
object user user1, and that both were created via the vdc1_luna site, making
it the owning VDC.

a. If not already log into the ECS Portal on ECS Site 1 Luna (192.168.1.5)
using the credentials root/P@ssw0rd!

b. Select Manage > Buckets to bring up Bucket Management.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 173

[email protected]
Temporary Site Outage (TSO) and Permanent Site Outage (PSO) Lab

c. Select the ns1 namespace.

d. Select Edit Bucket for bucket1.

e. Click the NEXT button.

ECS Administration - Lab Guide

Page 174 © Copyright 2021 Dell Inc.

[email protected]
 Temporary Site Outage (TSO) and Permanent Site Outage (PSO) Lab

f. Under the Access During Outage section, select On. Leave the Read-Only
checkbox un-checked.

g. Click the SAVE button.

Simulate Temporary Site Outage (TSO)

10. You will now simulate a Temporary Site Outage (TSO).

a. Open the CONSOLES window in your VLP lab environment (left-hand side of
the VLP) to log into ECS Site 1 Luna (192.168.1.5).

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 175

[email protected]
Temporary Site Outage (TSO) and Permanent Site Outage (PSO) Lab

b. Login to the luna node with the credentials: admin/ChangeMe

c. You are going to use a tool called Network Manager Text User Interface
(nmtui) to disable the network port on the luna node. The nmtui tool is a handy
tool that allows you to easily configure your network interfaces in Linux system.
 At the command prompt type in the following command: nmtui <return>

 Use the arrow keys on your keyboard to select the option Activate a
connection. Hit the Enter key on your keyboard.
d. Use the arrow keys on your keyboard to select the option Activate a
connection. Hit the Enter key on your keyboard.

ECS Administration - Lab Guide

Page 176 © Copyright 2021 Dell Inc.

[email protected]
 Temporary Site Outage (TSO) and Permanent Site Outage (PSO) Lab

e. The Wired view will come up, and the ens192 network interface will be
highlighted.

f. Use the right arrow key on your keyboard and highlight the Deactivate option
and hit the Enter key on your keyboard. You will see the Wired view for the
ens192 network change to Activate. This means that the ens192 network
interface has been deactivated.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 177

[email protected]
Temporary Site Outage (TSO) and Permanent Site Outage (PSO) Lab

g. Use the down arrow key and select Back and hit the Enter key.
h. Use the down arrow keys to select the Quit option and hit the Enter key on your
keyboard.

ECS Administration - Lab Guide

Page 178 © Copyright 2021 Dell Inc.

[email protected]
 Temporary Site Outage (TSO) and Permanent Site Outage (PSO) Lab

Note: Stay logged in to the luna host via the console window, you will use it
later to activate the network port using the nmtui tool.
11. At this point the network port on the luna node is down. Go back into the ECS
Portal on the ECS Site 2 Phobos (192.168.1.6) and select Manage >
Replication Group.

Click the down arrow on the replication group called

rg_global_luna_phobos_deimos. You will see that vdc1_luna has a status
of Unattainable.

12. At this point, you do not have a Temporary Site Outage (TSO). The other

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 179

[email protected]
Temporary Site Outage (TSO) and Permanent Site Outage (PSO) Lab

VDCs (phobos and deimos) will continue to try and re-establish

communication with the luna VDC site. After about 15 minutes the other VDC
sites in the replication group will declare the VDC site failed. When this occurs,
we have a TSO event. Wait the 15 minutes for this to happen.

Go back to the replication group called rg_global_luna_phobos_deimos

under the Replication Group Management view (select Manage >
Replication Group), refresh the view and you will see that the luna VDC site
now has a status of Temporarily Unavailable.

13. You can also verify the luna VDC site failure by going to the Dashboard View
or the Alert View in the ECS Portal for either the Phobos VDC site and/or the
Deimos VDC site.

ECS Administration - Lab Guide

Page 180 © Copyright 2021 Dell Inc.

[email protected]
 Temporary Site Outage (TSO) and Permanent Site Outage (PSO) Lab

In the Alert View click the Acknowledge button under the Actions column for
both the Phobos VDC site (192.168.1.6), and the Deimos VDC site
(192.168.1.7) in their respective ECS Portals.

14. Now that ECS has detected the TSO for the luna VDC site, bring up the S3
Browser application. Select the Accounts tab > Manage accounts.

15. From the Storage Accounts window, select the user1 account and click the
Edit button.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 181

[email protected]
Temporary Site Outage (TSO) and Permanent Site Outage (PSO) Lab

16. Verify or change the REST Endpoint to 192.168.1.6:9021. Click Save

changes.

Then click Save changes on the Storage Accounts window.

ECS Administration - Lab Guide

Page 182 © Copyright 2021 Dell Inc.

[email protected]
 Temporary Site Outage (TSO) and Permanent Site Outage (PSO) Lab

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 183

[email protected]
Temporary Site Outage (TSO) and Permanent Site Outage (PSO) Lab

17. You are connected to the phobos node on vdc2_phobos. This is one of the
non-owning VDCs for bucket1, bucket2, and object user user1. luna_vdc1 is
owning VDC site for the buckets and the user.

Selecting bucket1 with ADO turned On which allows you to get to the data
objects in bucket1.

With ADO turned Off on bucket2 this non-owning site is NOT allowed access
to the data objects, access fails.

ECS Administration - Lab Guide

Page 184 © Copyright 2021 Dell Inc.

[email protected]
 Temporary Site Outage (TSO) and Permanent Site Outage (PSO) Lab

18. If you change or modify the S3 Account for user1 to a node at ECS Site 3
Deimos you will see the same behavior because the site is non-owning VDC
site.

a. Select the Accounts tab > Manage accounts.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 185

[email protected]
Temporary Site Outage (TSO) and Permanent Site Outage (PSO) Lab

b. From the Storage Accounts window, select the user1 account and click the
edit button.

c. Change the REST Endpoint to 192.168.1.7:9021. Click the Save changes.

Then click the Save changes on the Storage Accounts window.

ECS Administration - Lab Guide

Page 186 © Copyright 2021 Dell Inc.

[email protected]
 Temporary Site Outage (TSO) and Permanent Site Outage (PSO) Lab

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 187

[email protected]
Temporary Site Outage (TSO) and Permanent Site Outage (PSO) Lab

19. Now try and access bucket1 and bucket2 from the deimos node
(192.168.1.7:9021) at ECS Site 3 Deimos VDC. You again will see the same
behavior on bucket1 and bucket2.

ECS Administration - Lab Guide

Page 188 © Copyright 2021 Dell Inc.

[email protected]
 Temporary Site Outage (TSO) and Permanent Site Outage (PSO) Lab

20. The next steps are going fail the VDC known as vdc1_luna and remove it
from the replication group rg_global_luna_phobos_deimos. This process is
known as a Permanent Site Outage (PSO).

21. Select Manage > Virtual Data Center and click the down arrow next to the
Edit button for vdc1_luna. Select Fail the VDC.

22. A Confirm VDC Failure message comes up. Click the checkbox confirmation
to fail the VDC and click the OK button.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 189

[email protected]
Temporary Site Outage (TSO) and Permanent Site Outage (PSO) Lab

23. Refresh the screen and you will see that vdc1_luna has a status of
Permanently Failed.

24. Select Manage > Replication Group and click the down arrow to open up the
rg_global_luna_phobos_deimos replication group. Click the Edit button.

ECS Administration - Lab Guide

Page 190 © Copyright 2021 Dell Inc.

[email protected]
 Temporary Site Outage (TSO) and Permanent Site Outage (PSO) Lab

25. Click the Remove button for the vdc1_luna Virtual Data Center.

Then click SAVE

26. A Confirm Remove VDC message comes up. You must click the checkbox,
and then click the OK button. Then click the SAVE button.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 191

[email protected]
Temporary Site Outage (TSO) and Permanent Site Outage (PSO) Lab

27. Go to Monitor > Geo Replication > Failover Processing to see that the
rg_global_luna_phobos_deimos replication group has gone into a failover
process to sync up the remaining VDCs in this replication group.

NOTE: Wait about 5 minutes, this may take a few minutes for the process to
kick-off and show up in the ECS Portal view and Dashboard.

ECS Administration - Lab Guide

Page 192 © Copyright 2021 Dell Inc.

[email protected]
 Temporary Site Outage (TSO) and Permanent Site Outage (PSO) Lab

On the Dashboard in the ECS Portal under Geo Monitoring section, you can
also see that a Failover is in progress.

You can login to the ECS Site 3 Deimos ECS Portal and go to Monitor >
Geo Replication >Failover Processing to see that a failover process is also
occurring on this VDC.

28. Go to Manage > Replication Group and rename the global replication group.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 193

[email protected]
Temporary Site Outage (TSO) and Permanent Site Outage (PSO) Lab

Click the Edit button and change the name of the replication group in the
name fields. You will see that you now have a local replication group and a two
VDC global replication group.

1. Rename Global Replication Group

 From: rg_global_luna_phobos_deimos
 To: rg_global_phobos_deimos

29. The final step is to delete the failed VDC from the configuration.

1. Go to Manage > Virtual Data Center, select the Edit button for vdc1_luna,
and select Delete.

 A Delete Confirmation message will appear, click the OK button.

ECS Administration - Lab Guide

Page 194 © Copyright 2021 Dell Inc.

[email protected]
 Temporary Site Outage (TSO) and Permanent Site Outage (PSO) Lab

30. Eventually the Failover process will get to 100% on both the phobos VDC
and deimos VDC indicating the data objects and metadata have been
resynchronized and re-protected.

Clean Up
31. To clean up, you will reconnect the network port of the luna server node.

a. Open the CONSOLES window in your VLP lab environment (left-hand side
of the VLP) to log into the node luna (IP: 192.168.1.5)

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 195

[email protected]
Temporary Site Outage (TSO) and Permanent Site Outage (PSO) Lab

b. Login to the luna node with the credentials: admin/ChangeMe

c. Run the following command: nmtui <return>

d. Use the arrow keys on your keyboard to select the option Activate a
connection. Hit the Enter key on your keyboard.

ECS Administration - Lab Guide

Page 196 © Copyright 2021 Dell Inc.

[email protected]
 Temporary Site Outage (TSO) and Permanent Site Outage (PSO) Lab

e. The Wired view will come up, and the ens192 network interface will be
highlighted.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 197

[email protected]
Temporary Site Outage (TSO) and Permanent Site Outage (PSO) Lab

f. Use the right arrow key on your keyboard and highlight the Activate option
and hit the Enter key on your keyboard. You will see the Wired view for the
ens192 network change to Deactivate. This means that the ens192 network
interface has been re-enabled.

ECS Administration - Lab Guide

Page 198 © Copyright 2021 Dell Inc.

[email protected]
 Temporary Site Outage (TSO) and Permanent Site Outage (PSO) Lab

g. Use the down arrow key and select Back and hit the Enter key.

h. Use the down arrow keys to select the Quit option and hit the Enter key on
your keyboard. Exit out of the luna node console.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 199

[email protected]
Temporary Site Outage (TSO) and Permanent Site Outage (PSO) Lab

ECS Administration - Lab Guide

Page 200 © Copyright 2021 Dell Inc.

[email protected]
 Optional Lab: GeoDrive

Optional Lab: GeoDrive

Scenario:

In this lab, you perform the following tasks:

 Install and use ECS GeoDrive software to create a virtual drive for Windows
server

Dell EMC™ ECS GeoDrive™ provides a local file system interface through which
you can store and retrieve files on a Dell EMC ™ Cloud server. Use GeoDrive to
store and retrieve files (such as pictures, movies and documents) in the cloud using
the same applications and tools that you use today.

ECS GeoDrive Tool

1. You will Install the GeoDrive tool (GeoDrive.2.2_x64.exe) located in your
management station.

Click Next at the introduction screen.

 Using Windows Explorer, navigate to the location of the GeoDrive

executable, C:\Lab Software then double-click the GeoDrive executable to
start the setup wizard. Click Run on the Open File – Security Warning
message.

 Click OK on the language selection window:

1. Click Install on the required items window:

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 201

[email protected]
Optional Lab: GeoDrive

2. After the required items are installed a reboot is required. Save changes you
have made to Notepad++ and close all windows. Click Yes to start the
reboot.

ECS Administration - Lab Guide

Page 202 © Copyright 2021 Dell Inc.

[email protected]
 Optional Lab: GeoDrive

2. When the reboot is finished, select the CTRL+ALT+DEL button and login to
the management jump server:

Login: DELL\Administrator
Password: P@ssw0rd!

3. Login to the ECS Portal on the luna VDC (192.168.1.5) credentials: root /
P@ssw0rd!

4. Create a new S3 objects user and a new bucket that the new object user
owns.

Object User Information

User Namespace: ns1

User Name: user6 (Generate an S3 Secret Key for this object user and record
it in Notepad++)

Bucket Information
Bucket Name: bucket7 (bucket owner is object user6)

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 203

[email protected]
Optional Lab: GeoDrive

Bucket Namespace: ns1

Replication Group: rg_global_luna_phobos_deimos

5. Click Run on the Open File – Security Warning message, click OK on the
language selection window.

6. When the GeoDrive Setup Wizard appears, click Next at the introduction
screen.

a. Accept the license agreement. Choose Next.

ECS Administration - Lab Guide

Page 204 © Copyright 2021 Dell Inc.

[email protected]
 Optional Lab: GeoDrive

b. Accept the defaults, then click Next.

c. Clear the optional setting for the Enable GeoDrive Feedback checkbox and
click Install.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 205

[email protected]
Optional Lab: GeoDrive

d. Accept the automatically close applications and click the OK button.

e. Once installation completes, click the Finish button.

ECS Administration - Lab Guide

Page 206 © Copyright 2021 Dell Inc.

[email protected]
 Optional Lab: GeoDrive

7. Click the Windows Start Icon in the lower left-hand corner and click the Dell
EMC GeoDrive.

8. When the GeoDrive application opens up select Hosts and click the Add
button.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 207

[email protected]
Optional Lab: GeoDrive

9. Fill in the fields with the following information:

a. Server Name: ECS

b. Description: ECS Appliance

c. User ID: user6

d. Secret Access Key: Secret Key for the user6 object user

e. Use https or http: HTTPS

f. Port Override: checked and set to 9021

g. Host name / IP: 192.168.1.6

h. Click the << Add button

ECS Administration - Lab Guide

Page 208 © Copyright 2021 Dell Inc.

[email protected]
 Optional Lab: GeoDrive

10. Click the Test button to validate the connect to the ECS node:

11. The Connection Test Results screen appears. You may get a security
certificate error.

Click the Install button to install a certificate into the computer certificate store.

Click the OK button when the certificate is successfully installed.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 209

[email protected]
Optional Lab: GeoDrive

12. Click the Test button again, and you should get the Connection Test Results
with a result of Success. Click the Close button. Then click the OK button.

13. Click the Close button on the add Hosts window:

ECS Administration - Lab Guide

Page 210 © Copyright 2021 Dell Inc.

[email protected]
 Optional Lab: GeoDrive

14. Click the Add GeoDrive Icon and fill in the following information:

a. GeoDrive: select E

b. Description: ECS GeoDrive

c. Leave local Storage Option: default settings

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 211

[email protected]
Optional Lab: GeoDrive

d. Click Next

15. Under the Settings section, select the ECS host from the drop down and select
bucket7 from the Bucket list drop down. Leave all other setting as their
defaults.

Click Next.

ECS Administration - Lab Guide

Page 212 © Copyright 2021 Dell Inc.

[email protected]
 Optional Lab: GeoDrive

16. On the Logging screen, leave the default setting and click the Finish button.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 213

[email protected]
Optional Lab: GeoDrive

17. You should now have a GeoDrive configured as:

Drive: E

Host: ECS

Status: Active

ECS Administration - Lab Guide

Page 214 © Copyright 2021 Dell Inc.

[email protected]
 Optional Lab: GeoDrive

18. You can now use the E Drive (GeoDrive) on the Windows Jump Server to
write and read data to/from the ECS Appliance.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 215

[email protected]
Optional Lab: NFS

Optional Lab: NFS

Scenario:

Configure a new bucket in ECS and access that bucket as NFS Share from a Linux
host using the local Linux user. The already created user1 will be used.

In this lab, you perform the following tasks:

 Create new Linux user
 Create new bucket for NFS
 Create user mapping
 Mounting NFS export
 Write files to the NFS export

Create a new filesystem bucket and a new user in your Linux host
1. Using PuTTY connect to your Linux box using IP address 192.168.1.8
(Hostname: CentOS8) with the following credentials:

Username: root
Password: P@ssw0rd!

2. If not already, login to the ECS Site 1 Luna Portal VDC (192.168.1.6) and
create a new filesystem bucket and enable it for filesystem.

a. Select Manage > Buckets > NEW BUCKET

b. Bucket Name: nfsbucket

c. Namespace: ns1

d. Replication Group: rg_global_luna_phobos_deimos

e. Bucket Owner: user1

3. In the Required section enter the following:

a. Select File System On

ECS Administration - Lab Guide

Page 216 © Copyright 2021 Dell Inc.

[email protected]
 Optional Lab: NFS

b. Default Bucket Group: users

c. Group File Permissions: Read, Write, Execute

d. Group Directory Permissions: Read, Write, Execute

e. Click Next

f. Click Save on the Optional page.

4. Open the S3 Browser application and verify that you can see the nfsbucket
bucket with the user1 object user account selected.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 217

[email protected]
Optional Lab: NFS

5. PuTTY to the CentOS8 node (192.168.1.8) that you will use as the NFS client.
Create a new Linux user “user1” on the CentOS8 node.

Credentials for CentOS8 are: root / P@ssw0rd!

Run the following commands:

a. useradd user1

b. id user1

c. Copy the UID, GID and groups number

ECS Administration - Lab Guide

Page 218 © Copyright 2021 Dell Inc.

[email protected]
 Optional Lab: NFS

6. Using su utility become user user1 by running the following command:

a. su - user1

7. Execute the following command as user1:

a. mkdir nfs

The nfs directory will be used later, to mount the nfs export from ECS.
8. Type “logout” or “exit” to return back to the root prompt.

Do not close the PuTTY session.

Create a new NFS export (filesystem share)

In this lab, you are going to create the mapping between the Unix user/group to
ECS.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 219

[email protected]
Optional Lab: NFS

If the translation is not created, when you attempt to mount the ECS NFS share to
your Linux system and try to list the contents of the directory, a large number will
be displayed instead of showing the username and group name of the local Linux
user.

9. From the ECS Portal (on the luna VDC node) select File and click the NEW
USER / GROUP MAPPING tab. Click NEW USER/GROUP MAPPING

10. Type the following information:

a. User/Group Name: user1

b. Namespace: ns1

c. ID: Enter the number acquired in step 3 of Create a new user in our Linux
host

d. Type: User

e. Click Save

ECS Administration - Lab Guide

Page 220 © Copyright 2021 Dell Inc.

[email protected]
 Optional Lab: NFS

11. Select File, click the Exports tab. Select your namespace, ns1 then click on
NEW EXPORT.

12. Type in the following information:

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 221

[email protected]
Optional Lab: NFS

a. Namespace: ns1

b. Bucket: nfsbucket

c. In Export Host Options click ADD.

Enter the following:

a. Export Host: 192.168.1.8

b. Permissions: Click on “Read/Write”

c. Write Transfer Policy: Click on “Async”

d. Authentication: Click on “Sys”

e. (optional) Mounting Directories Allow: Click on “Yes” As shown below:

ECS Administration - Lab Guide

Page 222 © Copyright 2021 Dell Inc.

[email protected]
 Optional Lab: NFS

f. Click Add.

g. Now click Save

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 223

[email protected]
Optional Lab: NFS

The export should look like the above.

Mounting the ECS NFS Export to the Linux system

13. Bring up your PuTTY session with the Linux system, IP address 192.168.1.8

14. Examine the NFS exports from ECS using the following command:

1. showmount -e 192.168.1.6

ECS Administration - Lab Guide

Page 224 © Copyright 2021 Dell Inc.

[email protected]
 Optional Lab: NFS

15. Execute the following command as root user:

1. mount -t nfs -o "vers=3,sec=sys,proto=tcp,nolock"

192.168.1.6:/ns1/nfsbucket /home/user1/nfs

16. As root, try to change directory to /home/user1/nfs by executing the following

command:

1. cd /home/user1/nfs

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 225

[email protected]
Optional Lab: NFS

As root, you are not allowed to enter this directory.

17. Using the su utility, become user user1, by executing the following command:

1. su - user1

18. Execute the following commands:

1. cd nfs

2. ls -la

19. Now you will create a dummy file using the following command:

 echo “NFS” > f1

and then enter

 ls –la

ECS Administration - Lab Guide

Page 226 © Copyright 2021 Dell Inc.

[email protected]
 Optional Lab: NFS

20. From the S3 browser login using the user1 account.

21. Select your nfsbucket, like below:

The file f1, created on previous steps, is accessible through S3 protocol.

22. Now upload a file from C:\Lab Software\Test Files directory to the
nfsbucket, as shown below:

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 227

[email protected]
Optional Lab: NFS

23. Open your PuTTY session and execute the command:

a. ls -la

The file “ECS EX3000 DIMM Replacement.mp4” was uploaded using S3

browser to the nfsbucket and is accessible through NFS protocol.

ECS Administration - Lab Guide

Page 228 © Copyright 2021 Dell Inc.

[email protected]
 Summarizing ECS Administration Lab

Summarizing ECS Administration Lab

Lab Scenario Wrap-Up

Using ECS Community Edition Software and various I/O tools in this lab you have
become familiar with the following:

 ECS Portal
 Configure an ECS storage infrastructure
 Validate I/O access using S3, Swift, CAS and Hadoop
 Explore the use of Retention, ACLs, Bucket Policies, and Quotas
 Test I/O client access to ECS using Active Directory service
 Explore the Temporary Site Outage (TSO) and Permanent Site Outage (PSO)
with and without Access During Outage (ADO)
 Configure and use ECS NFS
 Configure and use ECS Geo-Drive

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 229

[email protected]
[email protected]
Appendix

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 231

[email protected]
Rack Color and Node Names

Rack Color and Node Names

ECS Administration - Lab Guide

Page 232 © Copyright 2021 Dell Inc.

[email protected]
 Rack Color and Node Names

Names and Colors

List of default Rack and Node names for ECS hardware appliance.

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 233

[email protected]
Rack Color and Node Names

ECS Administration - Lab Guide

Page 234 © Copyright 2021 Dell Inc.

[email protected]
 OpenStack Swift

OpenStack Swift

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 235

[email protected]
OpenStack Swift

OpenStack Swift curl commands to limit container access

This step is optional, and you should feel free to proceed to the next
exercise, after just reviewing it.

If you wish to limit container1 access, you will need to run some curl commands.
You can run curl by opening an SSH session (with credentials: admin/ChangeMe)
to your primary ECS node, using PuTTY from your virtual desktop.

The following commands assign object user swiftuser1 to group1 and configure
the bucket container1 with group1 permissions. In this example, any users in this
group will have read-only access to container1 after all the commands are run.

Note: Substitute values in <> as described.

1. #Set variables for ECS login

 export MANAGEMENT_ENDPOINT=https://<your-ecs-node-
ip>:4443

 export MANAGEMENT_USER=root

 export MANAGEMENT_PASSWORD=P@ssw0rd!
2. #Get authentication token

 curl -I -s --location-trusted -k

 $MANAGEMENT_ENDPOINT/login -u

 "$MANAGEMENT_USER:$MANAGEMENT_PASSWORD"
3. #Set variable for management token
 export MANAGEMENT_TOKEN=<token-returned-by-last-command>
4. #Check management group of swift user

 curl -s $MANAGEMENT_ENDPOINT/object/user-
password/<swift-username> -k -H "X-SDS-AUTH-
TOKEN:$MANAGEMENT_TOKEN" -H "Accept: application/json"
5. #Set swift login variables
 export SWIFT_USER=<swift-username>

 export SWIFT_PASSWORD=<swift-password>

ECS Administration - Lab Guide

Page 236 © Copyright 2021 Dell Inc.

[email protected]
 OpenStack Swift

 export SWIFT_ENDPOINT=https://<your-ecs-node-ip>:9025
6. #Authenticate using swift as object user

 curl -I -s -k -H "X-Auth-User:$SWIFT_USER" -H "X-Auth-

Key:$SWIFT_PASSWORD" $SWIFT_ENDPOINT/auth/v1.0
7. #Set variable for Swift token
 export SWIFT_TOKEN='<X-AUTH-TOKEN response header
value>'
8. #Set group1 ACL for container

 curl -I -s -k -X POST -H "X-Auth-Token:$SWIFT_TOKEN" -H

"X-Container-Read:group1"
$SWIFT_ENDPOINT/v1/<ns1>/<swift-container>
9. #Assign Swift user to group1

 curl -s -X POST -k -H "X-SDS-AUTH-

TOKEN:$MANAGEMENT_TOKEN" -H "Accept:application/json" -H
"Content-Type:application/json" --data-binary
"{\"password\":\"swift\",\"groups_list\":[\"group1\"],\"
namespace\":\"<ns1>\"}"
$MANAGEMENT_ENDPOINT/object/user-password/swiftuser1
10. #Verify swift user can access container

 curl -I -s -k -H "X-Auth-Token:$SWIFT_TOKEN" -H
"Accept:application/json"
$SWIFT_ENDPOINT/v1/<ns1>/<swift-container>

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 237

[email protected]
ECS Command Line

ECS Command Line

ECS Administration - Lab Guide

Page 238 © Copyright 2021 Dell Inc.

[email protected]
 ECS Command Line

Configure ECS using the CLI

The following are Examples only.

For more information on ECS: https://www.dell.com/support/home/en-us

You must sign in, or create a account for access to ECS Documentation.

Create a profile Example

A profile contains the hostname/IP, a port, and a management user who then
authenticates a profile to the host. Profiles are stored in .json files in the home
directory with the name prefix ecscliconfig_. The ECS CLI uses the active
profile to authenticate and send commands. The asterisk (*) next to a profile name
indicates the active profile.

Create and authenticate at least one profile to configure the ECS CLI.

Note: You can create several profiles but only one profile is active at any time.

Procedure:

1. Type the following command to create a profile:

 ecscli config -pf demoprofile
2. At the prompt, type the following information for the profile:
 hostname/IP
 port
 management user
 Running without an active config profile
Please enter the default ECS hostname or IP
(127.0.0.1): 10.1.83.51
Please enter the default command port (4443):
Please enter the default user for the profile (root):

Entered saveConfig profileName = demoprofile

Will be saved to base
path:/Users/username/ecscliconfig_ Saving profile to:
/Users/username/ ecscliconfig_demoprofile_.json

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 239

[email protected]
ECS Command Line

List of existing configuration profiles:

*demoprofile- hostname:10.1.83.51.4443 user:root
3. Type the following command to generate a list of profiles including the active
profile:
 ecscli config list
 Running with config profile: anotherdemoprofile User:
username host:port: 10.1.60.60.4443
List of existing configuration profiles:
*anotherdemoprofile – hostname:10.1.60.60:4443
user:username demoprofile – hostname:10.1.83.51:4443
user:root
4. Type the following command to change the active profile:
 ecscli config set -pf demoprofile
 Running with config profile: anotherdemoprofile
User:username host:port:10.1.60.60:4443
List of existing configuration profiles:
anotherdemoprofile – hostname:10.1.60.60:4443
user:username
*demoprofile – hostname:10.1.83.51:4443 user:root
5. Type the following command to delete a profile:

 ecscli config delete -pf demoprofile

 Running with config profile: demoprofile User:root
host:port: 10.1.83.51:4443 List of existing
configuration profiles:
*anotherdemoprofile – hostname: 10.1.60.60:4443
user:username
Authenticate profile Example

The ECS CLI configuration handles the -hostname and -port arguments, and the
tokens for subsequent management requests. However, you are required to
authenticate a profile. Profile authentication stores a token which remains active for
24 hours. When the token becomes inactive, you must re-authenticate the profile.
You can also re-authenticate a profile before a token becomes inactive.

ECS Administration - Lab Guide

Page 240 © Copyright 2021 Dell Inc.

[email protected]
 ECS Command Line

Procedure:

1. Type the following command to authenticate an active profile:

 ecscli authenticate
 Running with config profile: demoprofile User:admin
host:port:10.1.83.51:4443 Password:
Authentication result:admin: Authenticated Successfully
/Users/username/demoprofile/rootcookie: Cookie saved
successfully
Use the most common ECS CLI commands Example

Type the following command to list the storage pools:

 ecscli objectvpool list

 Running with config profile: demoprofile User:admin
host:port:10.1.83.51:4443
{'data_service_vpool': [{'isAllowAllNamespaces': True,
'remote': None, 'name': 'plylab- NR', 'enable_rebalancing':
True, 'global': None, 'creation_time': 1466176011859,
'isFullRep': False, 'vdc': None, 'inactive': False,
'varrayMappings': [{'name':
'urn:storageos:VirtualDataCenterData:407b6b6c-bda4-4ba4-
89f7-220ac3d9c044', 'value':
'urn:storageos:VirtualArray:29e03370-5d30-45ff-8f5c-
0a208e67b3d0'}], 'id':
'urn:storageos:ReplicationGroupInfo:1068238b-fdc4-4258-
a044-41d0ee81d7bc:global', 'description': ''}]}

Type the following command to list the nodes:

 ecscli nodes list

 {
"node": [
{
"ip": "10.245.137.85",
"isLocal": true,
"nodeid": "10.245.137.85",
"nodename": "layton-strawberry.ecs.lab.emc.com", "rackId":

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 241

[email protected]
ECS Command Line

"strawberry",
"version": "3.0.0.0.86239.1c9e5ec"
},
{
"ip": "10.245.137.86",
"isLocal": false, "nodeid": "10.245.137.86",
"nodename": "logan-strawberry.ecs.lab.emc.com", "rackId":
"strawberry",
"version": "3.0.0.0.86239.1c9e5ec"
},
{
"ip": "10.245.137.87",
"isLocal": false, "nodeid": "10.245.137.87",
"nodename": "lehi-strawberry.ecs.lab.emc.com", "rackId":
"strawberry",
"version": "3.0.0.0.86239.1c9e5ec"
},
{
"ip": "10.245.137.88",
"isLocal": false, "nodeid": "10.245.137.88",
"nodename": "murray-strawberry.ecs.lab.emc.com", "rackId":
"strawberry",
"version": "3.0.0.0.86239.1c9e5ec"
}
]
}

Type the following command to see a list of ECS CLI commands:

 ecscli -h
 The ecscli command line tool has a configuration profile that will handle the
optional args (ie hostname, port, cookie). However, a top level command is
required possibly followed by a subcommand and options for that. Please use -h
for a list of commands and info.
 positional arguments:
{config,authenticate,authentication,baseurl,billing,bucket,
cas,datastore,failedzones,keystore,meter,mgmtuserinfo,monit
or,nodes,objectuser,objectvpool,nfs,secretkeyuser,system,na
mespace,varray,vdc_data,vdc,passwordgroup,dashboard,transfo

ECS Administration - Lab Guide

Page 242 © Copyright 2021 Dell Inc.

[email protected]
 ECS Command Line

rmation,vdc_keystore}
Use One Of Commands
config ecscli profile configuration
authenticate Authenticate ECS user
authentication Operations on Authentication
baseurl Operations on Base URL
billing Operations to retrieve ECS billing information
bucket Operations on Bucket
cas Operations on CAS profile
datastore Operations on datastore
failedzones Get failed zone information
keystore Operations on keystore
meter Get metering statistics for the given time bucket
mgmtuserinfo Operations on Mgmtuserinfo
monitor Get monitoring events for the given time bucket
nodes Operations to retrieve ECS datanodes information
objectuser Operations on Objectuser
objectvpool Operations on ObjectVPool
nfs Operations on NFS
secretkeyuser Operations on Secretkeyuser
system Operations on system
namespace Operations on Namespace
varray Operations on varray
vdc_data Operations on VirtualDataCenter
vdc Operations on VirtualDataCenter
passwordgroup Operations on Passwordgroup
dashboard Operations on replication group links
transformation Operations on Centera transformation
vdc_keystore Operations on vdc keystore certificate

optional arguments:
-h, --help show this help message and exit
-hostname <hostname>, -hn <hostname>
Hostname (fully qualifiled domain name) or IPv4
address (i.e. 192.0.2.0) or IPv6 address inside quotes
and brackets (i.e. "[2001:db8::1]") of ECS
-port <port_number>, -po <port_number>
port number of ECS
-cf <cookiefile>, -cookiefile <cookiefile>

ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 243

[email protected]
ECS Command Line

Full name of cookiefile

-v, --version, -version
show version number of program and exit.

ECS Administration - Lab Guide

Page 244 © Copyright 2021 Dell Inc.

[email protected]
 ECS Administration - Lab Guide

© Copyright 2021 Dell Inc. Page 245

[email protected]