Nexenta Guide
Nexenta Guide
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
User Guide
Version 3.0
1 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
2 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
Table of Contents
1 Introduction 7 1.1 Terminology 7 1.2 Functional Block Diagram 11 1.3 Storage Limits 12 2 NMC Overview 13 2.1 Accounts 13 2.2 Command Completion 13 2.3 Command Summary 14 2.4 Scripting 15 3 NMV Overview 17 3.1 Accounts 17 3.2 Login 17 3.3 Navigation 17 3.4 Terminal Access 18 3.5 View Log 18 4 Initial Setup 19 5 Managing Data Volumes 24 5.1 Data Redundancy 24 5.2 Create Data Volume 26 5.2.1 De-duplication 28 5.2.2 Auto-expand 29 5.3 Creating various RAID configurations 29 5.4 View Status 29 5.5 Edit Properties 31
3 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
5.6 Expand Data Volume 32 5.7 Destroy Data Volume 34 5.8 Export/Import Data Volumes 35 5.8.1 Export 35 5.8.2 Import 36 5.9 Scrub 38 6 Disk Management 40 6.1 Locating Disks 40 6.2 Viewing Disk Status 41 6.3 Adding Spares to a Data Volume 42 6.4 Adding Global Spares 42 6.5 Adding Cache Devices 44 6.6 Adding Log Devices 45 6.7 Removing a Device 46 6.8 Replacing a Disk 46 6.9 Taking a disk offline 46 6.10 Recovering a previously disconnected disk 47 6.11 Replacing a Redundancy Group 47 6.12 Creating a Mirror 47 6.13 Detaching a Mirror 48 6.14 Re-attaching a Mirror 48 7 Managing Folders 49 7.1 Create Folders 49 7.2 View Status 50 7.3 Edit Properties 50
4 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
7.3.1 Logbias property 51 7.4 Destroy Folder 52 7.5 Search & Indexing 52 7.6 Sharing Folders 53 7.6.1 Sharing Folders with NFS and CIFS 53 8 NFS File Sharing 54 8.1 Create NFS Share 54 8.2 Edit NFS Folder Properties 54 8.3 Mounting on Linux 54 9 CIFS File Sharing 55 9.1 Introduction 55 9.2 Configuring CIFS server 56 9.3 Anonymous Access 59 9.4 Non-anonymous access, workgroup mode 63 9.5 Using Active Directory 70 9.5.1 Joining Active Directory 71 9.5.2 CIFS shares 79 9.5.3 ID mapping 81 9.6 Troubleshooting Active Directory 85 9.6.1 Additional troubleshooting tips 86 10 Managing Snapshots 88 10.1 Create Snapshot 88 10.2 Setup Periodic Snapshots 89 10.3 View Snapshots 90 10.4 View Scheduled Snapshots 90
5 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
10.5 Recover Snapshot 91 10.6 Delete Snapshot 91 11 SCSI Target (Managing Blocks) 93 11.1 Create Zvol 93 11.2 View Zvol Properties 95 11.3 Destroy a Zvol 95 11.4 Add initiators and targets 96 11.5 Create initiator group 96 11.6 Create target group 97 11.7 Create LUN mappings 98 12 Managing iSCSI 100 12.1 Add remote initiator 100 12.2 Create iSCSI target 100 12.3 Create iSCSI target portal group 101 12.4 Setting up CHAP Authentication 101 13 Asynchronous Replication 106 13.1 Auto-Sync 110 13.1.1 Additional Options 111 13.2 Auto-Tier 112 13.2.1 Additional Options 113 14 Synchronous Replication (Auto-CDP) 115 14.1 Installation 115 14.2 Getting Started 116 14.3 The alternative hostname 118 14.4 Enabling Auto-CDP service instance 118
6 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
14.5 Reverse synchronization and DR (disaster recovery) 118 14.6 Volume operations and Auto-CDP 119 14.7 Service monitoring 120 14.8 Auto-CDP configuration properties 121 14.9 Service States 121 14.10 Troubleshooting 121 14.11 Creating Auto-CDP example 123 14.12 Reverse mirroring example 125 15 Operations and Fault Management 128 15.1 Runners 128 15.2 Triggers 131 15.3 Handling an Unrecoverable I/O Error 133 15.4 Handling a System Failure 135 16 Analytics 136 16.1 DTrace 136 16.1.1 DTrace command line 136 16.2 NMV Analytics 137 16.3 I/O Performance 139 16.4 Performance Benchmarks 139 16.4.1 I/O performance benchmark 140 16.4.2 Network performance benchmark 141 17 Managing the Users 146 17.1 Adding Local Appliance Users 146 17.2 Local Appliance Groups 147 17.3 LDAP 148
7 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
17.4 ACLs 149 17.5 User Quotas 152 17.6 Group Quotas 153 18 Managing the Network 154 18.1 Changing Network Interface Settings 154 18.2 Link Aggregation 154 18.3 VLAN 155 18.4 IP Aliasing 157 18.5 TCP Ports used by NexentaStor 158 19 Managing the Appliance 161 19.1 Secure Access 161 19.2 Registering the Commercial Version 163 19.3 Installing/ Removing Plugins 163 19.4 Saving and Restoring Configurations 165 19.5 Upgrades 167 19.6 Contacting Support 167 20 Additional Resources 167 21 About Nexenta Systems 168
8 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
1 Introduction
NexentaStor is a software-based storage appliance based on the Zetta File System (ZFS) from OpenSolaris. NexentaStor supports file and block storage and a variety of advanced storage features such as replication between various storage systems and virtually unlimited snapshots and file sizes.
The product supports direct-attached SCSI, SAS, and SATA disks, and disks remotely connected via iSCSI, FibreChannel, or AoE protocols. Networking support includes 10/100/1G BaseT and many 10G Ethernet solutions, as well as aggregation (802.3ad) and multi-path I/O. For most installations, we recommend 100Mbps Ethernet at a minimum.
An in-kernel CIFS stack is provided and NFS v3 and v4 are supported. For easy access from Windows, WebDAV offers another file sharing option. The product also makes use of rsync, ssh, and zfs send/receive, CIFS and NFS transports for tiering and replication. Block level replication (remote mirroring) is provided as an optional module.
Directory services such as Active Directory and LDAP are supported, including UID mapping, netgroups, and X.509 certificate based client authentication.
1.1 Terminology
Term
NexentaStor SA-API Nexenta Storage Appliance.
Comment
Storage Appliance API. NMS (see next) is a sole provider of SA-API. The API provides access to the appliance's management objects and services. All client management applications use the same API (namely, SA-API) to monitor and administer the appliance. This ensures consistent view of the appliance from all clients, transactional behavior of all management administrative and monitoring operations, and easy third-party integrations.
NMS
Nexenta Management Server. There is only one server instance per appliance. The server provides public and documented Storage Appliance API (SA-API) available to all appliance management and monitoring clients, remote and local, including (but not limited to) NMC.
NMC
Nexenta Management Console. NMC can be used universally to view and configure
every single aspect of the appliance: volumes and folders, storage and network
9 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
Term
Comment
services, fault triggers and statistic collectors. NMC communicates with the local NMS
(see previous) and remote management consoles and management servers to execute user requests. Multiple NMC instances can be running on a given appliance. NMC is a single-login management client with a capability to manage multiple appliances and groups of appliances.
NMV
Nexenta Management View. Web client uses the same SA-API (above) to communicate with the NMS. NMV shows status of all appliances on the network, displays graphical statistics collected by "statistic collectors" (see below), and more. NexentaStor management software is further illustrated in Section Functional Block Diagram below.
Volume
NexentaStor volume is a ZFS pool (a. k. a. zpool), with certain additional attributes. There is a one-to-one relationship between a volume and the underlying ZFS pool.
Folder Auto-Snap
of snapshots, providing regular multiple period scheduling on a per-folder or per-volume basis (with or without recursion into nested folders/filesystems). In addition, auto-snap allows to define a certain snapshot-retention policy. Snapshots can be kept for years, and/or generated frequently throughout the day. Auto-Tier A type of the appliance's storage services. The
can regularly and incrementally copy data from one host (local or remote, appliance or non-appliance) to a destination, local or remote, again of any type. NexentaStor
auto-tier service runs on a variety of transports, and can use snapshots as its
replication sources. This solution fits the more common backup scenarios found in disk-to-disk backup solutions. However, unlike regular backup solutions with only the latest copy available on the backup destination, this solution provides the advantage of both "the latest copy" and a configurable number of previous copies. Auto-Sync A type of the appliance's storage services. The
will maintain a fully synchronized copy of a given volume or folder on another Nexenta Storage Appliance. Where tiering provides a copy, NexentaStor
provides a true mirror, inclusive of all snapshots. The major difference between
auto-tier (see previous) and auto-sync services that the latter transfers both data
and filesystem metadata from its source to its (syncing) destination. This allows for standby hosts, as well as image-perfect recovery sources for reverse mirroring in case of a failure in the primary storage. Auto-CDP Automatic Continuous Data Protection (CDP) service. NexentaStor
auto-cdp service
provides remote mirroring capability. The service allows to replicate disks between two different appliances in real time, at a block level. Conceptually, the service performs a
10 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
Term
Comment
function similar to local disk mirroring scheme of RAID 1 except that in the case of
'volume-
Triggers, Collectors, Reporters, and Indexers - also commonly called "Runners" - are pluggable modules that perform specific Fault Management, Performance Monitoring, Reporting, and archive Indexing tasks. All appliance's runners use the same SA-API (see above) provided by NMS (see above). The runners can be easily added they are the source of future customizations in the product.
COMSTAR
Common Multiprotocol SCSI Target. In addition to providing support for the iSCSI and Fibre Channel protocols, COMSTAR addresses an overall design goal of making it possible to build a fully compliant (in the strict T10 standards sense) block level storage target. NexentaStor can export ZFS storage as fully virtualized thin provisioned FC or iSCSI LUNs. For more information, please refer to the Section SCSI Target. Support for Fibre Channel as a target is available from the optional Target FC plugin.
11 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
Term
LUN
Comment
Physical and logical drives, attached to the appliance directly or via iSCSI or FC SAN, are commonly called LUNs. The terms LUN, hard drive and disk are used interchangeably. See also http://en.wikipedia.org/wiki/Logical_Unit_Number
Zvol
Emulated (virtual) block device based on a given appliance's volume. Can be used as additional swap partition but the primary usage: easy iSCSI integration. Zvol is a powerful and flexible tool also because of its tight integration with the appliance's storage services. Zvol can be thin provisioned, and can be grown over time, both in terms of its effective and maximum size. Thin provisioned (also called "sparse") zvol does not allocate its specified maximum size. At creation time thin provisioned zvol actually allocates only a minimum required to store its own metatadata. You can grow both the effective (actually used) size of the zvol by storing more data on it, and the maximum size of the zvol, by incrementing its property called 'volsize'.
Plugin
NexentaStor extension module that can be easily added (installed) and removed. Plugin uses the same SA-API (see above) as all the rest software components, and implements a certain well-defined (extended) functionality. At installation time, plugin integrates itself with the appliance's core software. Many plugins are integrated with NMC and NMV and add new menus and commands.
System checkpoint
System checkpoint (or simply "checkpoint") is a bootable snapshot of the appliance's operating system. NexentaStor provides a reliable and secure software upgrade mechanism that relies on system checkpoints. Prior to any software upgrade, the current working root filesystem is snapshot-ed and the resulting snapshot is then converted into a bootable system checkpoint, visible via GRUB boot menu. System checkpoint is automatically created when you upgrade the base appliance software and/or install additional (pluggable) modules. For details on the appliance's safe and live upgrade mechanisms, please see Section "Appliance Software Upgrade".
12 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
13 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
14 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
2 NMC Overview
The NexentaStor Management Console (NMC) provides a complete set of operations for managing the storage appliance. NMC also includes wizards and the ability to record and replay commands across all deployed NexentaStor instances. Command completion is provided to guide you through the interface. Using 'help keyword' is another way to learn the available commands.
2.1 Accounts
NexentaStor provides a root and admin user account. In NMC, the root user account has rights to perform all actions. The default passwords are nexenta and should be changed immediately after system installation. The passwords can be changed using the NMC command:
nmc:/$ setup appliance password
Whichever way you use to enter commands, NMC will present a number of (completion) choices. To quickly find out the meaning of all those multiple options, type '?' and press Enter. For instance, type show appliance, and press TAB-TAB or Enter:
nmc:/$ show appliance
In response NMC will show a number of options - in this particular case appliance's services and facilities that can be "shown". Note that <?> is part of the show appliance completion set - its presence indicates availability of brief per-option summary descriptions. Next:
15 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
display any given object, setting or status create or destroy any given object; modify any given setting advanced query and selection
destroy destroy any given object: volume, folder, snapshot, storage servi
create create any given object: volume, folder, snapshot, storage servic run share
share (via NFS, CIFS, RSYNC, FTP and WebDAV [31]) a volume or a f Share zvol (Section Terminology) via iSCSI.
unshare unshare a volume or a folder record start and stop NMC recording sessions help
Of these, the primary commands are setup and show. You can run setup usage or show usage to get a comprehensive usage guide for these commands. Search the result using '/' (forward search) and '?' (backward search).
16 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
nmc:/$ setup
Option ?
---------------------------------------------------------
Option ?
---------------------------------------------------------
17 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
2.4 Scripting
NMC is easily scriptable, and can be used to quickly create custom scripts that run periodically, on event, or on-demand:
NMC 'foreach' - an easy LOOP facility Custom scripting: functionality and HowTo
18 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
3 NMV Overview
Nexenta Management View (NMV) is NexentaStors Web-based GUI. Nearly all administrative functions can be performed using this GUI.
3.1 Accounts
NexentaStor provides a root and admin user account. In NMV, the admin user account has rights to perform all actions. The default passwords are nexenta and should be changed immediately after system installation. The passwords can be changed on the Settings tab under the Appliance heading.
3.2 Login
The default management port is 2000. Both HTTP and HTTP/s access are supported.
3.3 Navigation
The primary tabs in NMV are: Status Settings Data Management Analytics The Status pages give you status on the appliance, network, and storage. The Settings pages allow you to make configuration changes to the appliance. The Data Management pages allow you to administer data volumes and folders. The Analytics pages allow you to see storage and network performance trends over time.
19 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
20 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
4 Initial Setup
During the installation process you register your software on the Web and receive a license in email. Next you enter some basic network configuration information such as the default gateway to be used.
After the network configuration is setup the Web server can start. To connect to NMV from a Web browser enter the configured network address in the browser and use port 2000.
Once connected to the Web server for the first time, the installation wizard will lead you through a few basic installation steps.
Initially, you are asked to provide some basic information about the appliance, such as the host and domain name.
Next, you will be asked to set the root and admin user passwords.
21 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
On the next screen provide notification information. Specify SMTP server information to enable automatic issue reporting to Nexenta Support, requesting additional capacity, etc.
22 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
After completing the installation steps, you'll be asked to confirm the settings and save the configuration.
After saving the configuration you are taken to a second installation wizard which will allow you to configure networking, iSCSI, volumes, and folders.
23 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
24 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
The redundancy options in NexentaStor may sound familiar to other standard RAID options, but there are some important differences. For example, NexentaStor always relies on checksums to determine, if data is valid instead of assuming that devices will report an error on the read quest.
For RAID-1 the assumption is that either side of the mirror is equally current and correct. With mirroring in NexentaStor, checksums always validate the data and in the event of conflicts the most recent data with a valid checksum is used. With RAID-5, if the data being written is smaller than the stripe width then multiple I/O operations are needed (read the data, modify it, write it). With NexentaStor RAID-Z1, all writes are full stripe writes. This helps to ensure, that data is always consistent on disk (even in the event of power failures, etc.).
When multiple redundancy groups are in the data volume, NexentaStor will dynamically stripe writes across them. However unlike RAID-0 stripes, the disks participating in the write are dynamically determined and there are no fixed length sequences.
A Note On Redundant Configurations A mirrored volume pool consists of matched drives or drive groups, where by data always has a redundant copy on the mirrored set of disks. Mirroring can make use of other pooled technologies such as parity, allowing multiple groups of disks to be setup each with one primary
25 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
array and one secondary, mirrored array. In most cases, for best reliability and performances, administrators would setup a combined or striped set of mirrored devices (sometimes referred to as RAID 10). In the case of two-way mirrors RAID 10 will halve your overall storage capacity, but will provide the best read/write performance, as reads are striped across all of the primary disks, and writes only require a single duplication of each write to a secondary drive. At any time, any number of failed drives are permitted, as long as no two drives in a paired set fail at the same time. Parity based RAID volumes make use of one or two dedicated drives to maximize capacity without reducing redundancy of stored data. Each write is committed across all drives in a group, including the parity devices, and they further take some penalty in calculating the parity. The reverse is equally true, as reads must combine data and parity across all devices in a group. To improve performance, it is generally recommended to also stripe multiple parity based RAID groups together to allow parallel reads/writes to the disk. This is commonly referred to as RAID 50. Up to one drive in a RAIDZ1 group, or two drives in a RAIDZ2 group can fail at a time without losing data. In the RAID50 setup, you both allow for future expansion with new parity groups, as well as allow for more drive failures, limited still to at most two per group. In both mirrored and parity based RAID volumes, you should establish multiple spare devices equal to the size of each member drive. Redundant, striped arrays of either variety, with sufficient spare disks, allow one to achieve the greatest level of reliability on commodity disks. As disk capacity grows and gets ever cheaper, you can expand on these striped volumes. The ZFS based filesystem allows for continuous volume growth, but consistent disk group sizing across a striped array. is recommended. Therefore, as disk sizes increase, it is considered a good practice to create disk sub-groups of as close to an equal size as possible. Redundant configurations improve not only reliability of your NexentaStor system but performance as well. For mirrored configurations: Random reads scale linearly with the number of disks; writes scale linearly with the number of mirror sets. Read throughput scales linearly with the number of disks; write throughput scales linearly with the number of mirror sets. For parity (RAID-Z, RAID-Z2) configurations: Random I/O reads and writes scale linearly with the number of RAID sets. Sequential I/O throughput scales linearly with the number of data (non-parity) disk
26 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
The redundancy options include mirroring, RAID-Z1 (single parity), RAID-Z2(double parity), and RAID-Z3 (triple parity).
All disks that are not already contained in data volumes are shown. Note that this may include disks mapped to the NexentaStor appliance from other storage systems.
27 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
In addition to choosing the disks, you can also specify the volume name and various properties such as a description, de-duplication, and auto-expand.
5.2.1 De-duplication
De-duplication is a technique for increasing the effective storage capacity within a data volume. Data is examined when it is being written to non-volatile storage. Hashes of the data blocks are compared to entries in the de-duplication table and if there are matches then the existing data blocks reference count is incremented instead of creating a new data block. The following de-duplication options are available:
28 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
De-duplication can save storage capacity and I/O bandwidth, but it will also increase latency. To minimize the performance impact, make sure that the de-duplication table fits in RAM. To estimate the size you can use this formula:
( (Size of pool / average block size) * (270 bytes) ) / estimated dedup ratio
Since there is a performance penalty with de-duplication it is off by default. Turn this option on, if you think you will have a lot of redundant data blocks in the pool. This can be true in virtualized environments or backened storage for email systems.
When de-duplication is turned on, the SHA-256 algorithm (a cryptographic hash algorithm from NIST) is used.
There is a one in 2^256 chance that SHA-256 will report a hash match even though the two blocks being compared are not the same. To ensure this is not an issue, you can include verify as an option which will read the data blocks after a hash match to ensure the blocks are the same.
The de-duplication is also available when using the auto-synch service. See the section on Asynchronous Replication for details.
5.2.2 Auto-expand
Auto-expand will automatically try to expand the size of the data volume when a new disk is added. This is another option that is off by default. One reason for this is to ensure that spare devices dont unexpectedly increase the size of your data volume when they are temporarily activated in response to a disk failure. Once the volume size is expanded it cant be shrunk.
29 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
You are then asked "Continue adding devices to the volume 'my-notexactly-raid50'? Type 'y'.
Group of devices: c1t4d0, c1t5d0, c1t6d0 Group redundancy type: raidz1 Create volume 'my-notexactly-raid50'? y
30 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
From this view you can take actions on the volume such as expanding it, exporting it, deleting it, or editing its properties.
In NMC you can get the status of the data volume using show volume volumename status. This will list the status of each device in the pool, and any I/O or checksum errors that have occurred.
31 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
In particular you can change the de-duplication and auto-expand properties. These properties are described earlier in this section.
In NMC you can see all volume properties using the command:
nmc:/$ show volume <volumename> property
32 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
You can expand a data volume by selecting Grow on the summary page. You will see a page similar to the view when creating a volume. You are adding a new disk group at this point. Select the redundancy level, select the available disks to use, and add them to the pool.
Here is an example of adding a second RAID-Z1 group to a pool to create a configuration roughly similar to RAID 50:
After selecting Grow Volume the disk group is added to the data volume. After adding this new redundancy group to the data volume, NexentaStor will favor writing to this newer group. The goal is to balance the writes across all the redundancy groups over time.
33 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
Note that you will lose all the data in the volume at this point so make sure it is what you want to do!
34 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
5.8.1 Export
The export will unmount any datasets in the volume. The volume meta-data is persistent. After the export, you can then import the volume into a new system and any datasets and ZFS configuration will be restored.
In NMV, the export option can be found on the summary page. A dialog box will appear to confirm your decision to export the volume, as shown below.
5.8.2 Import
35 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
By default, NexentaStor will import existing accessible data volumes when a system starts. You can also import data volumes manually.
The import option is available under the Volumes heading. Selecting Import will show the volumes that can be imported.
'vol-name' is the name of the exported or destroyed volume. You can use new-name to provide a new name for the imported volume so that it wont conflict with any existing volumes. The 'D' option is needed to import a destroyed volume. The 'f' option forces the import, even if the system thinks the volume is already active. The 's' option applies the default auto-snap snapshot policy to the imported volume.
36 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
The NMC command show volume import will show data volumes that can be imported. Volume names are shown along with their GUID. The volumes globally unique identifier may need to be used, for example, if two volumes have been exported or destroyed that used the same name. In this case the syntax would be:
nmc:/$ setup volume import
myvol:380744323214575787.
Here is an example in NMV of a data volume mypool that was created, destroyed, and then recreated with a different set of devices.
In the example above, 'mypool' was first created with six devices, then destroyed, and then re-created as a two-disk mirror. Note that for import to work the underlying drives must not have been used after the export. Thus only the mirrored 'mypool' can be imported in the above example.
To recover properly from failures or unclean shutdowns, import will replay any transactions in the ZFS Intent Log (ZIL). This occurs for regular or forced imports. If a separate ZIL is being used and it is unavailable, then the import will fail. Be sure to use a mirrored ZIL if using a separate log device to protect against this scenario.
5.9 Scrub
37 of 159 10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
NexentaStor can periodically check the contents of the data volume. Scrubbing the data volume will read the data blocks checking for errors. If there is redundancy in the pool configuration then NexentaStor can correct any errors it finds. To enable periodic scrubs for a data volume, go to Data Management Auto Services. Choose Create under the Auto Scrub Services heading and you will see the following screen:
Choose an existing data volume from the pull-down list and define scrub schedule. Note that scrubbing is resource-intensive, so it is preferable to perform it during the maintenance time window, if it's possible.
38 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
6 Disk Management
his map, as well as JPEG image of the box (with drive slots shown and enumerated) is used then by the NexentaStor UI to perform related monitoring and management (including fault management) operations. The appliance's GUI does not need to be re-built to work with a new slot mapping. A hardware partner can run a simple utility to pre-generate the slotmap file for a given hardware platform installed with NexentaStor.
Existing drive <=> slot mapping can be modified and additional mappings can be added. You can also make a given drive's LED blink, to identify its exact location in the appliance.
Please use the following NMC commands to view and administer slot mapping:
39 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
If the disk already belongs to a data volume, the volume name will show in the Volume column. If you click on the disk name, you can see additional properties about the disk. If disks have recently been mapped to this host, or if you suspect the configuration information is out-of-date, you can update the information using the Refresh button. Note that re-synchronizing the system with the disk configuration can take some time.
40 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
To set up a device that serves as a spare for multiple volumes, first create a volume and add devices to it. Note that in this example we are setting up a mirror but other redundancy options such as RAID-Z1 would also work.
nmc@myhost:/$ create volume my-mirror Group of devices : c1t1d0, c1t2d0 Group redundancy type : mirror Continue adding devices to the volume 'my-mirror'? (y/n) y
41 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
Group of devices : c1t3d0 Group redundancy type : spare Continue adding devices to the volume 'my-mirror'? (y/n) n
nmc@myhost:/$ create volume my-mirror2 Group of devices : c1t4d0, c1t5d0 Group redundancy type : mirror Continue adding devices to the volume 'my-mirror2'? (y/n) n
Now you have two volumes. To allow for c1t3d0 to be a spare for the second volume, in addition to the first volume, do the following:
At this point each volume is using the device 'c1t3d0' as a spare. If a device fails in either pool, the spare will be activated.
In NMC you can add one or more cache devices to a data volume by clicking Grow in the data volume summary view. The Grow Volume page will appear showing you the available disks. Select one or more disks and then click the button Add to cache. You will see a view similar to the following screenshot:
42 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
You can then click Grow Volume to add the cache device to the volume. Cache devices can improve your read performance for random I/O workloads.
In NMC you can add one or more log devices to a data volume by clicking 'Grow' in the data volume summary view. The Grow Volume page will appear, showing you the available disks. Select one or more disks and then click the button Add to log. You will see a view similar to the following screenshot:
43 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
You can then click Grow Volume to add the log device to the data volume. Note that it is recommended that you mirror your log device. Other types of redundant configurations are not supported.
Option ? mypool
Option ? replace-lun
44 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
This involves re-silvering the disk and can take some time. Using the NMC command:
nmc:/$ show volume <volumename> status
Note that resilvering has to complete before the disk is fully online.
45 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
If you created a data volume without redundancy, you can later create a mirrored configuration. This is also true for a non-redundant separate log device. You can also add a mirror to a mirrored data volume. The command to do this is:
nmc:/$ setup volume <volumename> attach-lun.
Note that the device being added must be at least as large as the existing device or redundancy group.
46 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
7 Managing Folders
7.1 Create Folders
To create a folder in NMC use the command:
nmc:/$ create folder
To create a folder in NMV you can select the 'Create' link under the 'Folders' heading. You will see the screen below where you enter information such as the folder name, description, record size, and other properties.
De-duplication is off for the folder by default because it has a performance impact. Turn it on only if you expect to have duplicate blocks in this file system.
For case-sensitivity, the default choice is mixed which is optimal if the folder is going to be used in mixed CIFS and NFS environments.
47 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
48 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
In NMC you can see all folder properties using the command:
nmc:/$ show folder <foldername> property
Typically, database transaction logs need the shortest latency. Therefore, use
49 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
'logbias=latency' on the corresponding NexentaStor folder or zvol that holds the database data. On the other hand, database data files need to be optimized for throughput. So, the appropriate setting is: 'logbias=throughput'.
If 'logbias' is set to 'throughput', ZFS will not use configured log devices. This property can be set in NMC, as shown below:
nmc:/$ setup folder <foldername> property logbias logbias : throughput
A folder can be deleted in NMV from the folder summary view. Click on the delete icon to remove the folder.
After selecting indexer, a dialog box will appear confirming that you want to create an indexer. Note that the indexer runs at a scheduled time, so searching immediately may not work.
50 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
share a folder using both protocols, there are a couple property settings to be aware of.
When you create a new folder the default setting for casesensitivity is mixed. This will ensure the proper behavior if the folder will be shared via CIFS and NFS. You can change this property only at folder creation time.
Another important property is nbmand. NexentaStor will check this property when you share a folder via NFS that has already been shared with CIFS, or vice versa. If the property is off, you will be asked to change it to on.
CIFS protocol assumes mandatory locking and UNIX traditionally uses advisory locking so it is recommended to set the property 'nbmand' to 'on' in order to enforce mandatory crossprotocol share reservations and byte-range locking in a mixed NFS/CIFS environment.
For 'nbmand' property changes to take effect, the folder need to be remounted. Unmounting and mounting the folder again may cause a temporary loss of client connections. Note that you can remount manually any time later.
51 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
rw : group-engineering:10.16.16.92
ro : group-marketing
root : admin
extra-options:
52 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
In workgroup mode, the CIFS service is responsible for authenticating users locally when access is requested to shared resources. In domain mode, the CIFS service uses pass-through authentication, in which user authentication is delegated to an Active Directory domain controller. Independently of whether you will use appliance's CIFS for anonymous access, non-anonymous (workgroup) or in domain mode, the very first step is to configure CIFS server. You can simply review and accept built-in system defaults.
53 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
Rest of this Section includes: 1. Configuring CIFS server (or reviewing the defaults) 2. Anonymous access 3. Non-anonymous access in workgroup mode 4. Non-anonymous access in domain mode
In NMV, you will find on this page a number of related links to configure, join workgroup, join active directory (Section Using Active Directory), unconfigure, and view the log file (see above). The following screenshot illustrates viewing CIFS logfile:
54 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
In NMC, network services are configured via 'setup network service'. The corresponding NMC command to view the log would be, respectively:
nmc:/$ show network service cifs-server log
The important screen, however, is CIFS Server Settings, which you get by clicking on the link denoted as Configure. In NMC, the corresponding command would be (see footnote):
nmc:/$ setup network service cifs-server configure
55 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
Here, make sure that the server is enabled, and specify a password for anonymous access.
The default password is sent to you in email, along with the product Registration Key. For more information please see NexentaStor Quick Start Guide at http://www.nexenta.com/docs. It is important to change the default pre-configured password for anonymous access.
56 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
In NMC, the corresponding commands are 'show share' and 'show folder' (or 'df'), for instance:
nmc:/$ show share
vdemo/a/b/c - Yes - - -
vdemo/new - Yes - - -
To share a folder, use 'share' command (NMC) or simply check the corresponding checkbox (NMV). In this example, we are sharing folder 'vol1/a/b/':
The operation is recursive it'll share the folder and its sub-folders. Note that in the example above 'vol1/a/b/c' got shared as well.
57 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
1.
Anonymous username
The built-in anonymous username is: 'smb'. Unless you are using Active Directory (Section Using Active Directory), this is the name you will need to specify to access the share. Note that anonymous read/write access is enabled by default. To view or change the default settings, click on the Edit link to the right of the corresponding checkbox (see picture above).
2.
Anonymous password
If you forgot the password, please in NMV go to CIFS Server Settings (under Data Management Shares), click on Configure, and re-enter the password. In NMC, the corresponding command would be: nmc$ setup network service cifs-server configure
3.
Share name:
By convention, a folder named 'volume-name/folder-name' becomes a CIFS share named 'volume-name_folder-name'. That fact is reflected on the previous screenshot: 'vol1/a/b' will be visible on CIFS clients under name 'vol1_a_b' (see above).
58 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
You may change the appliance's generated CIFS share name by simply editing the corresponding field.
Next, on Windows machine go to 'My Computer' 'Tools' 'Map Network drive' and fill the corresponding field with appliance's hostname or IP address.
59 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
If you forgot the password, please go to CIFS Server Settings (under Data Management Shares), click on Configure, and re-enter the password. In NMC, the corresponding command would be:
nmc:/$ setup network service cifs-server configure
Depending on your Windows version, you could modify the ACL of these directories using Windows ACL editor (Right click Properties Security tab). Assuming anonymous access is enabled, we can now start using the NexentaStor folders as Windows directories:
60 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
1.
Operational mode:
NexentaStor supports both workgroup mode and domain mode. For the latter, see Section Using Active Directory in this document.
2.
Group name:
By convention, the pre-configured group of CIFS users is: WORKGROUP. If this group name works for you, you do not need to change anything. Otherwise, to change the default: In NMV go to Setting => Network and click on Join Workgroup link In NMC, run: nmc$ setup network service cifs-server join_workgroup
1.
Share name
By convention, a folder named 'volume-name/folder-name' becomes a CIFS share named 'volume-name_folder-name' (see previous Section). You may change the appliance's generated CIFS share name by simply editing the corresponding field.
2.
User name
The built-in anonymous username is: smb (see previous Section). Non-anonymous user accounts must be added as regular appliance's Unix users as demonstrated in step (A) below (see also Section Notes on User Management and Access Control)
Rest of this section steps (A) through (E) below demonstrate how easily this can be done, and provides NMC and NMV examples.
61 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
Option ? create
Home folder :
Description :
Password : xxxxxx
This newly created user shows up in NMV, which can certainly be used to create users in the first place:
(B) Next, we share an appliance's folder for access from Windows machines. Notice: this time we set anonymous access to false (compare with the previous section Anonymous Access):
nmc:/$ share folder vol1/a
62 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
Recursive : true
The folder 'vol1/a' is now CIFS-shared, and can be seen as shared via NMC and NMV:
Use correct user password to login. In our current example, the password for user 'alice' was specified at user creation time (see step (A) above).
63 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
Once logged in as 'alice', the appliance's folder and its content shows up:
Note that at this point user 'alice' can read but not write.
Read access to CIFS-shared folders is granted by default. Write access need to be explicitly granted via the corresponding operation on the shared folder's ACL.
The following NMC command shows folder's ACL (for more information on Access Control, see Sections Notes on User Management and Access Control and User, Group and ACL Management):
nmc:/$ show folder vol1/a acl
append_data, execute,
list_directory, read_data,
write_acl, write_attributes,
write_data, write_owner,
64 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
write_xattr
(D) Next, we grant write access to user 'alice' using NMC 'setup folder <name> acl' command:
nmc:/$ setup folder vol1/a acl Entity type : user User : alice Permissions : (Use SPACEBAR for multiple selection) DELETE *add_subdirectory *add_file *execute *read_xattr *read_attributes *list_directory *read_data *read_acl *delete delete_child inherit_only no_propagate file_inherit dir_inherit *write_data *write_xattr write_owner write_attributes write_acl ----------------------------------------------------------------------------Select one or multiple permissions for 'user:alice' to access 'vol1/a'. Hit DELETE to delete all permissions granted to 'user:alice'. Navigate with arrow
65 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
In the example above '*' marked extended attributes indicate permissions that were selected for granting 'alice'. In this particular example we are granting 'alice' almost all permissions... For more information, please see Section Notes on User Management and Access Control. Newly added permissions show up in Nexenta Management View GUI, which (as always) can be used to grant permissions in the first place:
(E) At this point user 'alice' can write. For instance, drag and drop a PDF file into the shared folder:
66 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
Do not use name based mapping in workgroup mode. If you do, the mapping daemon (called idmap) will try to search Active Directory (next Section) to resolve the names, and will most probably fail. See Using Active Directory for details. For more information, please make sure to review NexentaStor F.A.Q. pages (searchable by keywords, for instance cifs or CIFS), and/or Section Frequently
Asked Questions in this document.Next Section details NexentaStor usage in domain
mode, via Active Directory. In particular, see the following F.A.Q. article:
How do I share appliance's folders for access from Windows?
For more information on Active Directory, search NexentaStor F.A.Q. pages on the website, and in particular:
How do I integrate NexentaStor into my ACLs or my Active Directory domain?
67 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
1. 2.
Time must be accurate between AD server and the NexentaStor NAS to join DNS servers, search, and domain values need to match what the AD server expects
Please note one sometimes repeated mistake: for the join to succeed, the appliance must be setup so that the Active Directory Domain is the same as the DNS Domain of the appliance. In general, Active Directory functionality depends on the proper configuration of the DNS infrastructure. Microsoft Knowledge Base article "Troubleshooting Active DirectoryRelated DNS Problems" describes the corresponding requirements. Those include DNS server and zone configuration and proper delegations in parent DNS zones, and presence of DNS domain controller locator records (SRV records). These and other guidelines are further described in the User Guide.
To start using AD, you first need to make NexentaStor appliance to become a member server. In AD terms that particular operation is often called join or join-ads. The second step requires identity mapping. Rest of this section illustrates both steps.
If the computer object that represents NexentaStor appliance is already present in the Active Directory, you can use any valid user account to join the appliance to Active
68 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
Directory assuming this particular account has Full Control over this particular computer (appliance). Importantly in the case of the pre-existing computer object in the AD, account used to join the appliance to the Active Directory does not necessarily need to have administrative privileges.
The following assumes that NexentaStor appliance is not present yet in the Active Directory database. The very first step in this case is for the Windows Administrator to create a corresponding computer object. In more detail: Step 1. Start Microsoft Management Console, right click on Computers, and select New:
69 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
Step 3. Once the computer is added, right click on it and select Properties:
Step 4. Optionally, add users/groups that will use this computer and will perform join operation. Click on Security tab, type in user (or group) name, and click on Check Names button.
70 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
Make sure to provide the newly added computer users with Full Control over this computer.
Using Microsoft Management Console and performing Steps 1 through 4 (above) can be skipped in either one of the following two cases:
1. 2.
Account with administrative privileges is used to perform join operation. A record of computer object representing appliance already exists.
The rest of this section assumes that either (1) or (2) above (or both the (1) and the (2)) are true.
To join Active Directory, and subsequently get access to centralized authentication and authorization information, go to NMV's Settings Network and click on Join AD/DNS
71 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
Server:
NMC provides a similar functionality, via 'setup network service cifs-server join-ads':
nmc@testbox1:/$ setup network service cifs-server join_ads
72 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
Note that when connecting to a 2008 domain controller, an additional step is needed which can be done only in the Unix shell:
nmc:/$ !bash
Successful join, or a failure to join Active Directory both manifest themselves with the corresponding NMC printed messages, or NMV messages in its status bar (see the next two screenshots):
For troubleshooting, the first place to look would be the log files under NMV's Settings Network View Log
73 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
Notice the listbox (picture above) that allows to choose one of the associated logs. In NMC, the corresponding command:
nmc:/$ show network service cifs-server log
This command has two completions (Section Navigation): 'networksmb-server:default.log' and 'messages'. Select 'messages'; the following shows an example of 'messages' log:
Nov 5 12:04:06 testbox1 smbd[16289]: [ID 528497 daemon.debug] SmbRdrNtCreate: fid=49160
Nov 5 12:04:06 testbox1 smbd[16289]: [ID 702911 daemon.debug] server=[\\nexenta-win] account_name=[TESTBOX1$] hostname=[TESTBOX1]
Nov 5 12:06:01 testbox1 smbd[16289]: [ID 757673 daemon.debug] 216.129.112.28 ttl=149438 flags=0x0
Nov 5 12:06:01 testbox1 smbd[16289]: [ID 757673 daemon.debug] 216.129.112.18 ttl=600 flags=0x1
Nov 5 12:06:01 testbox1 smbd[16289]: [ID 757673 daemon.debug] 1.1.1.1 ttl=600 flags=0x1
Nov 5 12:06:03 testbox1 smbd[16289]: [ID 757673 daemon.debug] 216.129.112.28 ttl=149434 flags=0x0
Further troubleshooting can be done by investigating service configuration files. Currently this can be done only via NMC. To view CIFS server configuration, run 'show network service cifs-server settings':
nmc:/$ show network service cifs-server settings
74 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
------------------------------------------------------------------
Select cifs-server configuration file for viewing. Navigate with arrow keys (or hjkl), or Ctrl-C to exit.
There are 3 associated configuration files (see above). Advanced users can edit these files as follows:
nmc:/$ setup network service cifs-server settings
------------------------------------------------------------------
Select cifs-server configuration file for viewing. Navigate with arrow keys (or hjkl), or Ctrl-C to exit.
75 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
PROPERTY VALUE
folder vol1/a
share_name vol1_a
comment ""
anonymous_rw true
PROPERTY VALUE
folder vol1/a/b
share_name vol1_a_b
comment ""
anonymous_rw true
In NMV, to display or change existing CIFS shares, or add new ones, go to Data Management Shares:
NMV page Data Management Shares is the single point of control that allows to create folders with a given set of properties, and destroy existing folders. Folders can be filtered by name see the Filter button at the bottom of the screenshot (below). Folders can be shared via CIFS (as well as NFS, FTP, RSYNC, and WebDAV). In addition, the same page is used to view and configure CIFS server settings (see left panel below). All this power and flexibility is available via NMV Data Management
76 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
Shares page:
To configure any given share, first enable it (checkbox in the CIFS column above). This will automatically share the folder using default system settings. You can view and modify those settings by clicking on the Edit link to the right of the checkbox, as shown below:
9.5.3 ID mapping
User name equivalence between Windows users and groups and their counterparts in the UNIX is established via appliance's 'idmap' facility. The 'idmap' mappings persist across reboots. To use CIFS shares for non-anonymous access, please make sure to establish the mapping. To map Windows users/groups onto UNIX users/groups, go to NMV's Settings => Network and click on the Identity Mapping link:
77 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
The example above shows several identity mappings. Group of Windows users called Domain Users is mapped onto Unix group 'staff'. Windows user 'joe' is mapped onto Unix user 'joe', and Windows user 'Alice' onto user 'alice'. All mappings are bi-directional in this case notice the '==' sign in the table above. NMC provides a similar functionality, via 'setup network service cifs-server idmap':
nmc:/$ setup network service cifs-server idmap Mappings Rules : ------------------------------------------------------------------Comma-delimited list of name-based mapping rules. Rule-mapping format is as follows: windows-name[=>|<=|==]unix-name, ... Formats of names one of [winname:|winuser:|wingroup:|unixuser:|unixgroup:]. For unidirectional mapping use [=>|<=]. Use '*' for pattern matching. This field required to be filled in. Press Ctrl-C to exit.
Windows user name must be specified by using one of the following formats:
1. winuser:username@domain-name 2. winuser:'domain-name\username'
Unix user name must be specified in the following format:
unixuser:username
Note that Windows user names are case insensitive, while Solaris user names are case sensitive.
78 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
winuser:'*@mydomain.com'==unixuser:'*'
b) map Unix user 'joe' to Windows user Joe in the domain mydomain.com:
winuser:'[email protected]'==unixuser:joe
ID mapping takes an effect immediately. Following is an example of the file titled New Text Document.txt created by Windows user in the CIFS-shared appliance's folder 'vol1/a/b':
nmc:/$ ls -l vol1/a/b/ total 2 ----------+ 1 admin 2147483650 12 Nov 4 22:11 New Text Document.txt
Notice that Windows Administrator is mapped here onto Unix admin. The following sequence of screenshots shows how to: 1. add new domain user named 'joe' via Windows native GUI 2. join AD as 'joe' 3. map 'joe' => Unix 'admin' user
1) adding new domain user named 'joe' via Windows native GUI:
79 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
2) joining AD as 'joe':
3. mapping 'joe' 'admin'. In effect, 'joe' will have 'admin' permissions as far as working with CIFS shares.
80 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
81 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
production environment Windows <=> Unix ID mapping needs to be approached with a certain planning. See Identity Mapping Administration (Tasks) for more information. Please note: AD user shows up in the appliance after being "idmap-ed" in. Once identity mapping is established, you can then use the resulting Unix username to assign ACLs on a per folder base. 7. Assuming, you are using local Unix users - Double check that the users are visible through the UI. Use for instance NMC command 'show appliance user' 8. Assuming, you are using local Unix users - Add permissions for the Unix user to read/write a given appliance's folder. For illustration purposes, let's assume the folder in-question is called 'vol1/a'. You would need to create a new ACL entry in this folder's ACL, specifying permissions for the user 'joe123' (see step 5 above). Note that this locally created ACL gets used by the native CIFS server after you share this folder ('vol1/a' in this example) via CIFS. In other words, by virtue of the fact that you have created a local ACL entry and mapped a Windows user onto UNIX user, you in fact enabled this Windows user to access the corresponding folder, with the permissions specified in this (locally created) ACL. For more information, please see NexentaStor User Guide, Section "Notes on User Management and Access Control". You can also access this section on-line here. 9. On the Windows side, (use your Windows computer to) log into Active Directory domain. Presumably, you are using at this point the same Windows user name that was specified in the mapping rule at step #6 (above). 10. Optionally, map drive Z: (or any other available drive letter) onto [hostname]/[share]. You can also access this shared folder using Windows Uniform Naming Convention (UNC), as \\hostname\share. The hostname here is certainly a DNS resolvable host name of the NexentaStor appliance, and the share is the name of the CIFS share. Note that default naming of CIFS shares simply substitutes forward slash '/' with underscore '_'. In the example above (see step 6), the default CIFS share name for the folder 'vol1/a' would be: 'vol1_a'. This is further described in the the User Guide, Section "CIFS: Tutorial".
82 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
System log is a facility used by various sub-systems, including CIFS. All sub-systems log their failures and messages in accordance with the current verbosity level. Use the command above to enable detailed debug-level system logging, and try to perform join Active Directory operation (for instance). You can then review system log via:
# dmesg
Note also that the system log is automatically emailed to the product's Technical Support team (Section Documentation Registration Support)
As stated above, correct DNS configuration is important. One typical error that happens when the DNS settings are not correct is recorded in the system log as: "failed to find any domain controllers". This error indicates that the DNS SRV RR lookup for DCs of the specified domain has failed. As the very first troubleshooting step, confirm that a correct DNS server has been specified during join AD operation via NMC (CLI) or NMV (web GUI). Next, assuming the domain name is 'mydomain.com', make sure '_msdcs.mydomain.com' record is present in the DNS database under 'dc._tcp._ldap' Note that being able to resolve hostname to the IP address of the domain controller does not necessarily mean that the DNS configuration is correct.
For more details (and more troubleshooting tips), see CIFS Service troubleshooting.
Review generated and saved configuration files. There are two configuration files that play a critical role in joining the AD: /etc/resolv.conf and /etc/krb5/krb5.conf
83 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
When you are trying to join Active Directory, the management software - behind the scenes - modifies these two files accordingly. If (and only if) the join is unsuccessful, the modifications are discarded. However. To assist with troubleshooting, the two modified files are stored at a temporary location, as:
/tmp/.nms-resolv.conf.saved
/tmp/.nms-krb5.conf.saved
where [DNS IP] is your actual DNS IP address, and [DOMAIN>] stands for domain name. For instance, assuming 1.1.1.1 is the DNS IP address:
# dig @1.1.1.1 _ldap._tcp.dc._msdcs.mydomain.com SRV +short
Make sure that CIFS service operates in Active Directory mode (see Section above). Use ldaplist to test LDAP/AD user/group database
# ldaplist -l passwd <name of AD user>
This command should return UID and GID numbers. Validate Kerberos configuration:
# kinit <name of AD user>
84 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
A successful Kerberos test will not return any feedback, and the 'klist' command will show a ticket granting ticket (TGT) from the Active Directory DC/KDC. Similar to 'nslookup' or 'dig', this command needs to be executed using the modified (but not committed) Kerberos configuration. Here, again - first, try to join AD. If (and only if) the join is unsuccessful, use /tmp/.nms-krb5.conf.saved instead of /etc/krb5/krb5.conf. And then, try the 'kinit' and/or 'klist' command.
85 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
10 Managing Snapshots
Snapshots are read-only, point-in-time representations of a file system or zvol. Because of the copy-on-write nature of ZFS, snapshots can be created instantaneously.
Enter the name of the snapshot (e.g. mypool/myfolder@now) and indicate whether child folders should be included, and then click Create. The snapshot is taken immediately, and will appear if you then click Show under the Snapshots heading on this page.
86 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
Here you can chose the name of an existing dataset, and specify the schedule: periodic interval, number of days to keep the snapshots, exceptions, trace level. If you need to include subfolders to the snapshots, check recursive. After selecting the desired options, click Create Service.
87 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
From this view you can clone a snapshot or rollback a folder or zvol to this point in time.
From this view you can delete the periodic snapshot or edit the snapshot service. One useful option available from the edit screen is to take a snapshot immediately.
88 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
Alternatively, you can type 'create zvol' and follow the prompts to complete the request.
In NMV you can create a zvol on the SCSI Target page. You will be prompted for the data volume that will contain the new zvol, the zvol name, an optional description, and whether the zvol will have space initially reserved. The block size and maximum size is also specified. You can indicate whether the zvol data should be compressed on the backend storage and how many redundant copies should be stored.
89 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
You will then be asked to provide the snapshot frequency, retention policy, etc.
Zvol can be thin provisioned, and can be grown over time, both in terms of its effective and maximum size. A thin provisioned (also called "sparse") zvol does not allocate its specified maximum size. At creation time a thin provisioned zvol actually allocates only a minimum required to store its own metadata.
You can grow both the effective (actually used) size of the zvol by storing more data on it, and the maximum size of the zvol, by incrementing its property called 'volsize'. In NMC, the latter is done via:
90 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
You can change 'volsize' property anytime. Be careful shrinking a zvol. If you indicate a zvol size less than it is currently using, it may cause a data lost. A similar function is available via the NMV web GUI.
To control writeback caching select 'SCSI Target 'View (Zvols)'. Click on the zvol name and its properties will show up. Select the desired writeback caching mode from the drop down list.
91 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
create one or more initiator groups. Even if you intend to associate only a single initiator with a zvol, the initiator needs to be in an initiator group.
To create an initiator group in NMV, click the link Initiator Groups. Provide a group name and a list of remote initiators for this group, and then click Create.
92 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
Instead of defining and choosing initiator and target groups, you can simply select All. However, remote iSCSI initiators will not find this target if you havent defined at least one iSCSI target.
When creating a LUN mapping you can choose a specific LUN id or let NexentaStor assign one automatically.
93 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
12 Managing iSCSI
You can set default authentication and registration options by clicking the Defaults under the iSCSI heading. For authentication, you can choose CHAP, RADIUS, or none. You can also indicate whether configured targets should be registered with iSNS.
94 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
If the name is left blank then an IQN will be automatically assigned by NexentaStor.
Other fields such as Alias and a CHAP user/secret can also be entered. The CHAP user/secret specified here is used for bidirectional CHAP only. For the non-bidirectional CHAP authentication (The usual case), the CHAP parameters are specified for the initiator on the Initiators page and not here. Finally, clicking on Create button will create the target.
Unless Multiple Targets are needed for a more advanced configuration, this step is only needed once. All the SCSI LUNs created and exported afterwards, will be exposed on the iSCSI SAN via this target.
For NexentaStor iSCSI target, when using standard CHAP, the CHAP secret is set on a per initiator basis. Thai is, for every initiator logging into a NexentaStor iSCSI target (CHAP enabled), the user needs to create an initiator and set its CHAP secret. The CHAP secret
95 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
The use case shown below shows how to set the CHAP secret for a Microsoft iSCSI initiator. Here are the steps:
1. Create a target with auth method set to chap. Or if the target is already created, update it and set auth method to chap. 2. Create a remote initiator and provide its CHAP secret (you can also specify its CHAP user name. However for most cases that is not required). 3. Set the same CHAP secret (as set in step #2 above) on the initiator side. 4. To create a target with CHAP on, Create the target as described before and select 'Auth Method' chap from the drop down list. Do not enter CHAP secret here unless you want to use bidirectional CHAP authentication.
Next create the initiator by selecting 'SCSI Target'->Remote Initiators. Enter the iSCSI name of the initiator. For Microsoft iSCSI initiator, the initiator name is available under 'General' tab of the Microsoft initiator UI. Now enter a CHAP secret for this initiator. The CHAP secret has to be a minimum of 12 characters. Click 'Create' to create the initiator with CHAP secret.
96 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
Now go to the Microsoft Initiator UI and discover this target (This is mostly done by entering the IP address of the NexentaStor appliance under the 'discovery 'target portal' and then going under the 'Target' tab and clicking 'Refresh').
97 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
Select the newly discovered target and click 'LogOn'. In the 'Log On to Target' screen, click 'Advanced...'. Now select Chap Log on information and enter the target secret (same as what was set for the initiator created above). Now, click OK and again OK to logon to the target. At this point the Initiator should be able to logon to the target using CHAP Authentication.
98 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
13 Asynchronous Replication
The continuing growth of disk based storage has had two primary affects. The amount of data to backup is increasingly difficult to fit onto tape or within a backup window, and the costs of capacity of storage makes it feasible to build online backups out of disk subsystems themselves. One of NexentaStors primary uses is in this new digital archiving role. Whereas tapes will always find use, the development of disk based backup systems regulates tape to the final tier of archiving, where offline preservation is the requirement. You will find this product fits many roles, including primary storage, secondary storage to any primary storage array, and even remote site replication and archival.
What makes multi-tier storage possible in Nexentas solution is the auto-tier service, which can regularly copy data from one source, local or remote of any nature, to a destination target again of any type. The only limitation is that at least one of either the source or destination must be local. In large arrays where the appliance encompasses both first tier and second tier storage, youll even see local-to-local tiering. Tiering is accomplished by taking a given filesystem or share, breaking into smaller manageable chunks, and replicating that data at that point in time to another volume. Using snapshots at the target end, one can maintain a full efficient backup of the primary storage at unique intervals typical of backups. Whereas you may have hourly and daily snapshots on your primary NAS, auto-tiering with snapshots will generally have daily, monthly, and even yearly snapshot points, with the same policies for retention of any given periodicity.
One commonly sets up tiering locally, over NFS or CIFS, or using rsync directly with or without SSH. A simple example of tiering data from an NFS file server to our example volume would be to first create a filesystem to tier to and then to setup an auto-tier from our source NFS server.
Auto-tier and auto-sync are not limited just to the first two tiers, as tertiary tiering for more critical data is also common. As legal and business drivers dictate, tiering will also include access policy enforcement, limiting data access to restricted personnel to over longer periods of time.
As either a primary or secondary storage server, NexentaStor can pull or push data regularly at arbitrary intervals, transferring only the periodic changes seen. This can be done as frequently or as sparingly as required, thus being ideal for both large tiering as
99 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
Auto-Tier - In the case of "auto-tier" (or simply, tiering) service, NexentaStor makes use of snapshots and user definable source and destination points to regularly replicate a single copy of a file system to another storage pool, whether local or remote. Using snapshots on the target end, the tiered copy may have arbitrarily different retention and expiration policies and can be administered separately. NexentaStor tiering service runs on a variety of transports, and can use snapshots as its replication sources. This solution fits the more common backup scenarios found in disk-to-disk backup solutions. The auto-tier service is not limited just to the first two tiers, as tertiary tiering for more critical data is also common. As legal and business drivers dictate, tiering will also include access policy enforcement, limiting data access to restricted personnel to over longer periods of time.
Auto-Sync - Another option provided is the "auto-sync" (or simply, syncing) service, which will maintain a fully synchronized copy of a given volume, file system, or emulated block device (a. k. a. zvol, Section Using ZVOLs) on another NAS. Where tiering provides a copy, auto-sync provides a true mirror, an exact replica of data, inclusive of all snapshots and file system properties. Auto-sync uses the built-in ZFS snapshot capability to efficiently identify and replicate only changed blocks. This allows central mapping of multiple snapshots of a file system onto remote storage, all the while maintaining control of the retention and expiration of that data at the replication source. This facility is the most ideal for full disaster recovery.
Both auto-sync and auto-tier are schedulable, fault-managed, tunable NexentaStor Data Replication services that can be used in a variety of backup, archiving, and DR scenarios.
Both auto-sync and auto-tier are designed from ground up to use a variety of transports (a.k.a. protocols), which provides required flexibility to execute over Internet and Intranet, from behind a firewall and in the environment that requires extra security. Both auto-sync and auto-tier support any schedule. You can schedule the services to run every minute, every hour at a given minute of the hour, every few hours, every day at a
100 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
certain time, etc. You can schedule services to run once a year, or at certain day of every second month, and so on. Both auto-sync and auto-tier support all 3 possible directions of the replication: local to local (L2L), local to remote (L2R), and remote to local (R2L). When replicating to or from remote host, the latter does not necessarily need to be a NexentaStor appliance, although in the auto-sync case it must be another ZFS based system.
Both auto-sync and auto-tier provide a combined replication + snapshots capability. You can tier from a given source (for instance, from a given snapshot or a directory), and generate snapshot at the remote or local destination every time the replication has run. As of the version 1.1.6 of the appliance software: the services can be set up to run only once - at a given scheduled time. auto-sync can execute in a daemon mode and run incremental replications every second or every few seconds. auto-sync can be used to replicate locally or remotely the appliance's system folder (a.k.a. root filesystem) that contains appliance's Operating System and configuration. The replication destination may or may be another NexentaStor appliance, and - in the case when it is an appliance - may or may not reside on appliance's system volume. The equivalent tiering capability is not being planned.
Hybrid-tier/sync - NexentaStor provides a hybrid tiering-syncing service which enables a history of changes on the tiering destination. Unlike regular backup solutions with only the latest copy available on the backup target, this solution would have the advantage of both "the latest copy" and a configurable number of previous copies - the latter in accordance with the retention policy.
And still in addition, you could tier from a snapshot, which provides the best combination of transactional snapshot at the source combined with potentially faster transport to copy the data without risking that it is being modified concurrently.
101 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
1.
Data and meta-data. Auto-sync transfers not only data (files, directories) but filesystem meta-data as well, including snapshots.
2.
Folder and Directory. Auto-tier can have a directory within a filesystem as its top level source, while auto-sync cannot. To be able to transfer meta-data, auto-sync must have a folder (filesystem) as its top level source.
3.
Copying over. When executing the very first time, auto-tier can write over the existing files and directories at the destination. When executing the very first time, auto-sync cannot copy over an existing destination - it will create new folder(s) at the destination, and keep those folders fully in-sync with the source folders after each subsequent scheduled run of the service. Those new folders will be complete clones of the folders at the source.
Independently of its transport, auto-sync always re-creates source snapshots at the destination.
When deciding which NexentaStor data replication service to deploy in your environment, please see the following F.A.Q. entry on the website support page: What is the difference between 'auto-sync' and 'auto-tier' storage services?
See also:
Section Frequently Asked Questions F.A.Q. entry: What is the difference between 'auto-sync' and 'auto-tier' storage services?
When choosing between NexentaStor data replication services, please see the following entry in the Section Frequently Asked Questions above, or on the website support page: What is the difference between 'auto-sync' and 'auto-tier' storage services?
To protect, replicate, recover, or restore appliance's configuration, and/or to clone the entire appliance's root filesystem, please see the following entry in the Section Frequently Asked Questions above, or on the website support page:: How can I protect/replicate/recover/restore appliance's system configuration and the OS itself
102 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
13.1 Auto-Sync
The NexentaStor auto-sync service transfers snapshots between storage systems. The service is built on the ZFS send/receive capability. It assumes that the source and target systems are using ZFS.
Auto-sync replicates dataset snapshots and can be configured to send only the incremental changes. A key advantage is that it also replicates the dataset properties.
To setup an auto-sync service in NMV, select Auto Services under the Data Management tab and then select Create under the Auto-Sync Services heading.
The auto-sync service includes a de-duplication capability for the data transfer. Both the sending and receiving systems need to support de-duplication. By using de-duplication you may be able to reduce the amount of data sent across the network. As blocks are sent, if they are a duplicate then only a reference is sent instead of the full data block. This can
103 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
be especially beneficial over slow or expensive network links. De-duplication is managed separately for each auto-sync replication stream.
Trace level Rate limit Auto-mount location Force replication Auto-clone RSYNC options Service Retry
13.2 Auto-Tier
To setup an auto-tier service in NMV, select Auto Services under the Data Management tab and then select Create under the Auto-Tier Services heading.
104 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
Trace level Rate limit RSYNC fanout Tiering snapshot Exclude folders RSYNC options Service Retry
105 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
Comment Can use any network adapter that supports the TCP/IP protocol The direction of replication can be reversed at any time. The operation is also known as reverse update. The typical scenario includes: 1) failure of a primary volume 2) importing and continued usage of the secondary volume 3) reverse synchronization secondary => primary
Active logging
Continue logging operations whenever the Remote Mirror software is disabled or interrupted.
Multihop sets
Replicate data from one primary volume to a secondary volume; the secondary volume then replicates the data again to another secondary volume, and so on, in daisy-chain fashion.
Mutual backup
Concurrently transmit data copies to and receive data copies from a remote volume. Also known as a
bilateral relationship.
Resynchronize volumes following disk, link, system, and storage platform outages; you only replicate those blocks that were modified since the last synchronization Use RAID volumes as part of your Remote Mirror software strategy. Volumes can be any RAID level.
Port 121 is the default TCP/IP port used by the Remote Mirror software. The firewall must be opened to allow RPC traffic to/from this well-known port address.
14.1 Installation
106 of 159 10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
Before installing the Auto-CDP plugin, please make sure that the data volume that you intend to replicate exists. Also make sure that both appliances are SSH-bound and networking connectivity is properly setup.
Even if your data volume is unused, the initial syncing will take a significant amount of time because of the block-level sector-by-sector transfer of all of its (unused) blocks over the IP network. Please see the following F.A.Q.: I'm using auto-cdp plugin to block-mirror my storage. Initial replication is very slow.
To verify that Auto-CDP plugin is available for installation, run the following command:
Note that plugins can also be installed using the NexentaStor Web GUI.
The installation will require NMS restart and NMC re-login. After installation, use NMV or NMC to verify that the plugin is successfully installed. In NMC, that corresponding operation would be:
nmc$ show plugin autocdp
The command will display the plugin version, as well as other useful information.
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
1. Select local (primary) data volume to replicate. The name of the service instance is in
form :volname.
Document Convention Assuming there is a volume named 'vol1', the corresponding Auto-CDP service will be named
name of the volume to block-mirror using Auto-CDP, and simultaneously, the name of the corresponding Auto-CDP service.
Note, Auto-CDP service cannot be created for syspool the appliance's system volume.
1. Select remote appliance. Specifying existing SSH-bound appliance registered on local appliancecreator ;
2. Select disks on the remote appliance to serve as block-level replicas of the disks of the local (primary) volume. As always, to carry out the 1-2-3 steps, NMC provides a guided multiple-choice interactive environment. As always, the same steps can be executed via command line, using the options specified above. Once initiated, Auto-CDP will transfer the local (primary) volume's metadata, which will effectively create a secondary (remote) volume out of the corresponding remote disks. The appliance's Auto-CDP will keep both data and ZFS metadata on the replicated disks in-sync, at all times. Note: Auto-CDP requires using either DNS hostname for the local and remote appliances, or their "replacement" via local host tables. See 'setup appliance hosts -h' for more information. The following NMC wizard command can be used for service instance creation:
108 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
For details on service creation and all supported command line options, please see the corresponding man page:
To modify/show parameters of newly created Auto-CDP service use the following commands:
where althost is the alternative hostname to be used for the Auto-CDP service instance created.
109 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
This enables the remote mirror replication for the primary volume and also uses the remote mirror scoreboard logs to start the resynchronization process so that the corresponding secondary data volume becomes a full replica of the primary volume. Sizes of the remote (secondary) disks (a. k. a. LUNs) must be equal or greater than the corresponding primary disks that are being replicated. Once enabled, NexentaStor Auto-CDP service instance will update a remotely mirrored data volume. Only the blocks logged as changed in the remote mirror scoreboards are updated. Use '-f' (force) option when the primary and the secondary volumes/luns might be different and no logging information exists to incrementally resynchronize the volumes/luns. Reverse synchronization and DR (disaster recovery) At some point in time the secondary setup will be used as a disaster recovery (DR) site. There are two scenarios which needs to be considered while failing over to secondary setup: 1. Primary site is still active and you just want to manually switch to the secondary for primary maintenance operations. The assumption is that Auto-CDP service instance was in replication mode. In this case, the following command needs to be executed on primary:
nmc:/$ setup volume volname export
The command above will gracefully disable instance :volname after export completes. After command is complete, the following command needs to be executed on secondary:
nmc:/$ setup volume import volname
110 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
The :volname instance will stay in logging mode and once primary site is up the export/import operations can be repeated. After import command is complete on primary, execute the following command to enable reverse synchronization back from secondary to primary:
nmc:/$ setup auto-cdp :volname enable -r
The '-r' option (reverse) used to reverse the direction of synchronization: that is, synchronize from the secondary volume to the primary. With the '-r' option the primary volume becomes a passive destination while the secondary volume is considered active source (of the changes). 2. Primary site is down and you need to forcefully switch to secondary. The graceful Auto-CDP service instance disable is not possible in this case and loss of data may occur. However, the filesystem on a secondary setup is going to be always in consistent state due to transactional nature of ZFS and synchronous mode of SNDR operation. On the secondary setup, execute the following command to forcefully import data volume:
'-f' option will disregard host checking and forcefully import data volume on a
secondary setup. The rest of operations could be done similar to (1). The reverse operation '-r' then resumes Remote Mirror replication of new updates from the primary volume to the secondary volume automatically so that the volume sets remain synchronized. We recommend to quiesce the workload to the volume sets during the restore/refresh operation. This action ensures that the primary and secondary volumes match before replication of new updates resumes.
111 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
desired; 4. Volume import will ensure that corresponding Auto-CDP instance is enabled if desired; 5. Volume destroy will ensure that corresponding Auto-CDP instance is removed; 6. Simple-Failover service ensures that Auto-CDP configuration is securely transferred to all machines with-in the simple-failover group and automatically activates Auto-CDP service on failover machine;
t Volume type
s Volume status
112 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
113 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
volume failed (VF) - an I/O operation to the local data volume has failed ; bitmap failed (BF) - an I/O operation to the local bitmap volume has failed ; need sync (SN) - a sync to this volume has been interrupted. It needs to be completed. The direction of the data flow must not be changed until one or the other is done; need reverse sync (RN) - a reverse sync to this volume has been interrupted. It needs to be completed (or restored via Point-in-Time Copy). The direction of the data flow must not be changed until one or the other is done; logging (L) - incoming writes are logged in the bitmap devices only. Data is not replicated to the remote site. need sync and need reverse sync are all sub-states of logging such that writes are logged in the bitmap, but not replicated; reverse syncing (RS) - a secondary to primary copy is in progress; syncing a primary to secondary copy is in progress.
14.9 Troubleshooting
To troubleshoot, execute either one of the following commands: 1. To re-enable the entire service corresponding to instance :volname:
nmc$ setup auto-cdp :volname enable
2. To re-enable the entire service and fully resynchronize the associated primary volume volname to secondary volume. Beware, this operation may take a long time to complete:
114 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
4. To re-enable and fully resynchronize the specific <LUN> pair for service instance :volname:
nmc$ setup auto-cdp :volname lun <LUN> enable -f
5. To reset all Auto-CDP services and re-initialize AVS databases on both sides active and passive:
nmc$ setup auto-cdp reset
WARNING! This operation will reset Auto-CDP service to its initial (post-creation) state.
6. As a troubleshooting example, to replace failed drive just run standard volume command:
nmc$ setup volume volname replace-lun
The major difference between all of the commands listed above is: granularity. The first two commands (1,2) execute on a level of the entire service instance, with the corresponding action applied to all associated disk pairs. Use command (1) if you want to move service from logging mode back to replication. The second pair (3,4) of troubleshooting actions is LUN specific. These two commands (3,4) are especially useful when a single or a few specific pairs of syncing LUNs appear to be stuck in a so called "logging" mode and will not change states. Another relevant scenario is related to importing of the secondary volume. If the newly imported mirrored volume shows faulted drive(s), use the LUN specific re-synchronization to troubleshoot. The reset command (5) is plugin/service wide and will affect all instance on both active and passive sides. The disk replacement, as well as all other disk management operations, tightly integrated with the service and the right action will be taken if corresponding Auto-CDP instance is present. Simply execute normal volume management operation and do not worry about the complexity associated with AVS disk set management.
115 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
In the following example appliance 'testbox1' is a primary, 'testbox2' is a secondary. This example includes all NMC prompts it is a complete demonstration of auto-cdp creation:
nmc@testbox1:/$ create auto-cdp Remote appliance : 192.168.37.128
Remote for c2t1d0 : c2t1d0 Remote for c2t0d0 : c2t0d0 Creating new Auto CDP service 'auto-cdp:vol1', please wait... Successfully created service 'auto-cdp:vol1' Enable it now? Yes
Enabling service, please wait... PROPERTY name max_q_fbas autosync max_q_writes async_threads state to_host from_host type TESTBOX1 c2t1d0 c2t0d0 => => VALUE :vol1 16384 off 4096 2 syncing testbox2 testbox1 active TESTBOX2 c2t1d0 c2t0d0
Once the initial synchronization between a pair of active (primary) and passive (secondary) volumes commences, you can monitor it either via 'show auto-cdp <name> stats' or 'show auto-cdp <name> iostat' NMC commands. In fact, these two commands are always useful, in terms of monitoring the data replication traffic, whether this is auto-cdp, auto-sync or auto-tier service. However, auto-cdp traffic monitoring is particularly useful at the time of the initial block-level syncing:
116 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
It is recommended not to use the primary (active) volume during the very first (the initial) CDP synchronization. Any updates on the primary during this period of time may considerably delay the initial synchronization. Note also that during this phase a major part of the available I/O bandwidth is used by the auto-cdp service, which is yet another reason to let it run through as soon as possible. See 'show
Once the traffic stops, you'll be able to see the block-level replicated volume on the remote side:
nmc@testbox2:/$ show auto-cdp :vol1 -v
PROPERTY VALUE
name :vol1
117 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
max_q_fbas 16384
autosync off
max_q_writes 4096
async_threads 2
state logging
to_host testbox2
from_host testbox1
type passive
TESTBOX1 TESTBOX2
One critically important guideline in re CDP: It is recommended NOT to have the primary and secondary volume imported simultaneously. In fact, NexentaStor software will prevent this from happening. Still, note: the remotely mirrored volume may be imported only at one side, primary or secondary, at any given moment.
118 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
In short, several preparation steps need to be performed before actually enabling reverse mirroring from 'testbox2' to 'testbox1' (Step #5 below):
Step #1. testbox1 (primary): first, export vol1
volume: vol1
state: ONLINE
config:
vol1 ONLINE 0 0 0
mirror ONLINE 0 0 0
c2t0d0 ONLINE 0 0 0
c2t1d0 ONLINE 0 0 0
119 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
Step #3. ...using secondary volume until (and if) the problem with primary is resolved...
volume: vol1
state: ONLINE
120 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
121 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
This shows:
several fault triggers (all with extension check, Section Fault Management), followed by statistic collectors, followed by storage and network service reporters, followed by two specific indexers with their associated folders (Section Indexing NexentaStor Archives).
In NMV, you can view runners by selecting Runners under the Data Management tab:
The appliance's framework allows you to add runners. NexentaStor runners have the advantage of exercising the entire NMS-provided SA-API (Section "Terminology"; see also [3], Section References), execute periodically, and/or on event, and/or run constantly in the background.
NexentaStor runners rely on the mailing facility which can be configured in NMC using the command 'setup appliance mailer'.
122 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
All appliance's runners are runtime-configurable. Runners' times-to-run and other properties can be changed via:
nmc:/$ setup trigger
Each of the setup commands listed above has its show counterpart, to show the existing configuration and runtime status:
nmc@myhost:/$ show trigger
For instance:
nmc:/$ setup trigger cpu-utilization
This can be used to disable, enable, run, and configure standard fault trigger that monitors CPU utilization. For instance, press TAB-TAB or Enter, type or select 'property', and view all 'cpu-utilization' properties available for tuning. You could change the alarm-generating thresholds (in this case - low and critically low idle CPU), make it run more or less frequent, etc.
nmc:/$ show trigger cpu-utilization -v
This will show the trigger's current runtime state, status and existing configuration in detail (notice the verbose -v option).
123 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
15.2 Triggers
Part of the NexentaStor Fault Management facility is realized through Fault Triggers. A fault trigger, or simply, a trigger, is a special kind of a pluggable runner module ('help
runners') that performs a certain fault management and monitoring operation(s). Each
If any of the monitored conditions are violated, a fault trigger raises an alarm, which manifests itself in several ways:
email notification to the administrator, with detailed description of the fault, including: severity, time, scope, suggested troubleshooting action, and often an excerpt of a related log with details. red color showing up via one of the NMC 'show' operations detailed below. show trigger all-faults show trigger <name> show appliance runners show faults all-appliances and message posted to appliance's Inbox (see Section Inbox).
Notifications of hardware faults are immediate. Unlike many other potentially faulty conditions that are getting periodically "polled", any hardware fault itself triggers the appliance's fault management logic, that in turn includes email notification.
To see all available fault triggers in NMC, use the command show trigger all.
In all cases a trigger that "carries" the alarm will be shown in red, assuming NMC colors are enabled. In addition, the faulted trigger will try to notify system administrator via appliance's mailing facility. Therefore, as already noted elsewhere, it is important to setup the appliance's mailer.
124 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
Trigger counts the fault conditions every time it runs. Typically, the fault trigger will send email once the faulty condition is observed a certain configurable number of times. Typically, after that the trigger itself goes into 'maintenance' state - it will still run and count the faulty conditions but it will not send email notification anymore - that is, until system administrator clears it from its maintenance state:
nmc:/$ setup trigger <name> clear-faults
Similar to the rest appliance's runners, triggers are flexible, in terms of their runtime behavior and trigger-specific conditions they monitor. For details on any specific fault trigger, run:
nmc:/$ show trigger <name> -v
where <name> stands for the trigger's name, and -v (verbose) is used to display details
The appliance includes one special fault trigger 'nms-check'. This trigger performs fault management/monitoring function for the Fault Management facility itself. Nms-check tracks NMS connectivity failures and internal errors.
125 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
Fault class : fault.fs.zfs.vdev.io Description : The number of I/O errors associated with a ZFS device exceeded acceptable levels. Refer to http://sun.com/msg/ZFS-8000-FD for more information.
The following is the type of email you might receive if you have FMA checks enabled and your appliance mailier is properly configured.
1. Manually recover the faulted device. As specified in the fault report, it makes sense to review the posted URL (http://sun.com/msg/ZFS-8000-FD in this case) for the latest tips and guidelines.
126 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
In the case of FC/iSCSI/USB attached drives, please verify connectivity to the corresponding target(s). Next, ssh into the appliance as root. At this point NMC will automatically determine the presence of a faulted condition and will prompt you to execute corrective action (you will simply need to press Enter).
2. The second option is simple: power cycle the appliance. This may cause an unrecoverable loss of data: the in-flight data that was not committed to stable storage at the time of the hardware failure will be lost. However, the existing data on the affected volume will not be corrupted. After power cycling, the entire faulted volume (that is, the volume that contains the faulted drive) will be marked 'offline' and inaccessible.
127 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
16 Analytics
16.1 DTrace
DTrace is a comprehensive dynamic tracing framework created by Sun Microsystems to analyze performance and troubleshoot problems on production systems in real time. For in-depth guide on DTrace language and details, please visit DTrace at OpenSolaris.org.
DTrace can be used to generate performance profiles and analyze bottlenecks. DTrace can help to troubleshoot problems by providing detailed views of the system internals.
To start using DTrace, type 'dtrace' at NMC prompt and use TAB-TAB to navigate, or simply press Enter and make a selection. DTrace is functionally sub-divided into sections, as follows:
nmc:/$ dtrace
Option ?
------------------------------------------------------
In most cases examples are provided; to see an example, select 'example' option. For instance:
nmc:/$ dtrace cpu cpuwalk example
128 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
To override the default behavior of any given dtrace utility, specify extra options in the command line, for instance:
nmc:/$ dtrace cpu cpuwalk 5
This will run for 5 seconds (as opposed to running until Ctrl-C is pressed by default). Use TAB-TAB to navigate and make a selection. For details on particular command line options use help (-h), for instance:
nmc:/$ dtrace cpu cpuwalk -h
You can close a chart by clicking the x icon in the upper right, or by clicking the remove
129 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
button for the appropriate entry in the chart list at the top of the screen.
The header panel as well as any chart can be shuttered closed by using the triangleshaped toggle button next to the x button.
To reorder charts, click in the blue heading (title) area and drag the chart where you wish to display it. The chart list will update to show the new order.
If the series lines of a chart are difficult to see in the default line chart presentation, you can click the bar chart icon in the upper left of the toolbar to change the view.
will show capacity, number of reads and writes, and read and write bandwidth.
Performance benchmark functionality is included in a form of extensions pluggable modules (plugins). These particular plugins are available to all users and can be installed into both Developer Edition and Commercial Editions.
NexentaStor includes currently two pluggable (micro-) benchmarks described in the subsequent sections: I/O benchmark and network performance benchmark.
130 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
To list benchmarks (and other plugins) available in the remote central software repository:
nmc:/$ show plugin remotely-available
This benchmark is using well known Bonnie++ tool, it is based on the Bonnie benchmark written originally by Tim Bray.
Block. The file is read using read(2). This should be a very pure
131 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
Example:
Testing 'vol2'. Optimal mode. Using 1022MB files and 8192 blocks.
Iperf is a commonly used network testing tool that can create TCP and UDP data streams and measure the throughput of a network that is carrying them. Iperf is a modern tool for network performance measurement written in C++. Iperf allows the user to set various parameters that can be used for testing a network, or alternately for optimizing or tuning a network. Iperf has a client and server functionality,
132 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
and can measure the throughput between the two ends, either unidirectonally or bi-directionally. It is open source software and runs on various platforms including linux, unix and windows. It is supported by the National Laboratory for Applied Network Research.
Usage: [-s]
[-P numthreads] [-i interval] [-l length] [-w window] [-t time][hostname]
[-c] [client-options]
133 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
This plugin is based on a popular Iperf tool used to measure network performance. The benchmark is easy to set up. It requires two hosts, one - to run iperf in server mode, another - to connect to the iperf server and run as a client. Use -s option to specify server mode.
The easiest way to run this benchmark is to select a host for the server and type 'run benchmark iperf-benchmark -s'. Next, go to the host that will run iperf client and type 'run benchmark iperfbenchmark'. You will be prompted to specify the server's hostname or IP address. See more examples below.
c) specify any/all iperf command line option, as per iperf manual page.
Examples:
Example 1.
Let's say, there are two appliances: hostA and hostB. On appliance hostA run:
This will execute iperf in a server mode. On appliance hostB the iperf client connects to hostA and drives the traffic using default parameter settings:
134 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
Example 2.
Notice that all these parameters are specified on the client side only. There is no need to restart iperf server in order to change window size, interval between bandwidth reports, etc.
Example 3.
Same as Example #1, except that iperf server is not specified in the command line. Instead, NMC will prompt you to select the server interactively from a list of all ssh-bound appliances:
Example 4.
135 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
You can specify any number of valid iperf server and/or client command line option, as per iperf documentation. Unlike the most basic command line options listed above, the rest command line options are not validated and do not have NMC provided defaults. Unlike the most basic command line options listed above, the rest command line options are passed to iperf AS IS.
136 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
nmc:/$ setup appliance user jack property uidNumber User id (uid) : 1001
To change the owner of the folder use the NMC command setup folder foldername ownership.
137 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
17.3 LDAP
The Lightweight Directory Access Protocol (LDAP) is a common protocol interface to Network Directory Services. Widely deployed directory services are Domain Name Service (DNS), NIS (Network Information Service), etc. They provide the clients with information such as host IP addresses, usernames, passwords and home directories. LDAP is a widely-deployed, simple and efficient network protocol for accessing information directories. LDAP typically runs over TCP; it has the potential to consolidate existing Network Directory Services into a single global directory.
138 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
NexentaStor provides easy to use LDAP integration, specifically for usage in the NFS environments. In addition, LDAP user and group management can be deployed with NFSv4 the default NFS version provided by the appliance. In general, LDAP based user and group management is required to consistently utilize ZFS extended Access Control List (ACLs) across heterogeneous file services instead of POSIX permissions and attributes.
It is recommended that you use LDAP for centralized user management. NexentaStor is an LDAP client in this case. To use NexentaStor with LDAP server, make sure the server is available. You will need your base DN, with either anonymous or authenticated SASL bindings (the latter requiring account DN and password), and netgroup, user, and group subtree DNs if known. Netgroup (a group of hosts) is only necessary if currently supported by the LDAP server and is of interest. You define authentication information for communicating with an LDAP server within NMV on the Settings tab in Misc. Services.
Note that in addition to Unix based LDAP, NexentaStor provides Active Directory integration
139 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
- an implementation of LDAP directory services by Microsoft for use primarily in Windows environments (Section Using Active Directory).
Finally, NexentaStor LDAP client provides integrated ability to authenticate itself using X.509 certificates. Management console and management UI both provide the corresponding interfaces.
17.4 ACLs
NexentaStor provides native extended Access Control Lists (ACLs), capable of handling CIFS ACLs, as well as NFSv4 ACLs, as well as POSIX permissions natively in the same filesystem. The appliance supports full management of per-user, per-group, per-folder ACLs in its user interface, while also populating the system with accounts and groups that you may have already defined in Active Directory or other LDAP-based directory service.
NexentaStor User and Access Control management has the following characteristics: Support both local and LDAP (or AD) managed users and groups. In LDAP or Active Directory configurations, the local users and groups can be used to override centralized settings. Native extended Access Control Lists (ACLs), that are both CIFS and NFSv4 compliant.
Following are two screenshots that show, first, appliance users (most of which are retrieved from LDAP in this case), and the management GUI capability to administer access control to a given folder (and its subfolders all operations on ACLs are recursive, to reduce the amount of administration).
140 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
Notice that in the case below a local 'test-user' and LDAP-defined 'rfgroup' are granted a special set of permissions:
NexentaStor CLI management client provides the same capabilities via command line. The users and groups can be retrieved (that is, 'shown'), created and deleted, extended permissions can be modified and all the rest related management operations can be executed using either NMV or/and NMC.
141 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
NexentaStor ACLs are native across ZFS, CIFS, and NFSv4, and as such have no conflict in how they are operated on. Generally, one accomplishes ACL management via the following tasks: local user or LDAP configuration definition of per-user or per-group capabilities per volume or folder overall management of ACLs and ACEs system wide, allowing overriding of end user activity via CIFS/NFS
A note on NFSv3 vs. ACL NFSv3 relies on POSIX permissions, which are a subset of ZFS extended ACLs. Thus, NFSv3 clients will only check with the POSIX level permissions. However, even though POSIX permissions may otherwise grant a permission to a user, that will be nullified if the extended ACL on the server is defined and otherwise denies that access.
Option ? userquota
User : fred
userquota@fred : 2m
142 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
To view the current user quota for fred you can do this in NMC:
nmc:/$ show folder mypool/home property userquota@fred
Option ? groupqouta
Group : staff
groupquota@staff : 100m
To view the current group quota for group 'staff' in NMC, run:
nmc:/$ show folder mypool/home property groupquota@staff
143 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
144 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
Link aggregation is used to combine multiple physical Ethernet links into one logical link to increase bandwidth and to protect against failures.
To create a link aggregation, type create network aggregation in NMC. You can show existing link aggregates in NMC using show network aggregation, as demonstrated here.
In this example, interface aggr1 is the aggregation of the two physical network interfaces e1000g0 and e1000g1. The physical interfaces are then no longer visible for network
145 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
administration and monitoring, unless you first destroy the aggregation using the NMC command
nmc:/$ destroy network aggregation
Aggregation requires the switch to support Link Aggregation Control Protocol (LACP), which is a method to control the bundling of several physical ports together to form a single logical channel. LACP allows a network device to negotiate an automatic bundling of links by sending LACP packets to the peer (a directly connected device that also implements LACP).
The default mode for NexentaStor aggregations. LACP packets are not generated; The system generates LACP packets at regular intervals The system generates LACP packets only when it receives an LACP packet from the switch. When both the aggregation and the switch are configured in passive mode, they cannot exchange LACP packets
18.3 VLAN
A virtual LAN, commonly known as a VLAN, is a group of hosts with a common set of requirements that communicate as if they were attached to the broadcast domain, regardless of their physical location. VLANs are created to provide the segmentation services traditionally provided by routers in LAN configurations. VLANs address issues such as scalability, security, and network management. The standard protocol used to configure virtual LANs is IEEE 802.1Q.
To configure a virtual LAN from NMC, use the command setup network interface, as
146 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
VLAN Id :
------------------------------------------------------
In this example a Virtual LAN is created with Ethernet frames carrying extra 4 bytes of VLAN header, as per 802.1Q specification. The VLAN header in turn will have the (12 bit) VLAN Id that was provided in the NMC dialog (above).
General information on VLAN and the 802.1Q standard is available on the web, for instance: IEEE's 802.1Q standard 1998 version (2003 version)(2005 version)
Once created, a VLAN can be modified via DHCP or statically, exactly in the same way you would configure an existing physical networking interface or aggregated link. For instance:
The same ability to show and administer VLANs is available in the Web GUI.
147 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
VLANs can be provisioned over physical interfaces and aggregated links. Both options are supported.
18.4 IP Aliasing
IP aliasing associates more than one IP address with a given networking interface. Physical networking interfaces, VLANs, and aggregated links can be aliased. Use the NMC command
nmc:/$ setup network interface
to configure an IP alias.
For instance, the following configures an IP alias over the existing (physical) interface e1000g1:
nmc:/$ setup network interface e1000g1 ipalias
IP alias Id :
---------------------------------------------------------------
Once created, an IP-aliased interface can be configured via DHCP or statically, as you would configure an existing physical networking interface or aggregated link. Here is an example:
nmc:/$ setup network interface ipalias e1000g1:2
148 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
Option ?
---------------------------------------------------------
FTP 21/tcp SSH 22/tcp WebDAV 80/tcp Sun RPC 111/tcp CIFS (netbios) 139/tcp CIFS 445/tcp
149 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
RSYNC 873/tcp Appliance's Web GUI (NMV) 2000/tcp NMS 2001/tcp NMC 2002/tcp NMDTRACE 2003/tcp NFS 2049/tcp NFS 4045/tcp NDMP server 10000/tcp
Disabling a network service closes the corresponding listening port. To disable a given service, please use the NMC command setup network service or the corresponding NMV page.
In addition to the ports open on the appliance itself, NexentaStor communicates to an outside TCP and UDP servers on the following IANA documented ports:
22/tcp SSH (ssh-bind to remote appliances) 123/udp NTP 636/tcp LDAP 3260/tcp iSCSI initiator 3205/tcp iSNS 25/tcp SMTP (fault reporting, tech support requests)
150 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
151 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
poweroff power off the appliance checkpoint take a system checkpoint domainname set the domain name hostname set the host name mailer change settings for email notifications netmasks set subnetwork masks reboot restart the appliance timezone change the timezone for the appliance user edit appliance user information usergrop edit appliance user group information
You can see the full list of available options when you type setup appliance.
152 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
In all cases, access to appliance requires client authentication. NexentaStor supports two authentication mechanisms:
via IP address of the client machine via ssh-keygen generated authentication keys.
The 2nd, ssh-keygen based, mechanism is the preferred one. This is the mechanism used by NexentaStor appliances to communicate between themselves. The latter is required to run storage replication services, to execute in a group mode, to switch between appliances for the purposes of centralized management. To enable inter-appliance communication, simply use NMC 'ssh-bind' command (see Note on SSH Binding). Once the appliances are ssh-bound, all the capabilities mentioned above are enabled automatically and executed in a secure way.
To use IPv4 address based authentication, simply make sure that IP address of your management client machine is recorded on the appliance, via NMC 'setup appliance authentication' command, and select 'iptable' option. Administrative access to the appliance is required to perform this command. Alternatively, to use ssh-keygen generated authentication keys with your management application running on Windows, Linux or any other platform, use the same NMC command 'setup appliance authentication' command, and select option 'keys'.
153 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
This will indicate whether you are using the trial or commercial edition, and how many days are left in a trial. After obtaining the commercial license, you can register in NMC using the command
nmc:/$ setup appliance register
or click on the 'Register' link at the top of the page in NMV. In NMV a form similar to the following will appear, where you can enter the new license key:
You can request additional capacity using the 'Add Capacity' link in NMV. This will also require you to update the license key. Capacity is based on raw disk drive capacity, and log, cache, and spare devices are excluded from the calculation.
154 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
Auto-CDP (Continuous Data Protection). Must be installed on a pair of (replicating) appliances. NMV based API browser I/O and network performance benchmarks network traffic probe HA plugin called simple-failover. Must be installed on each appliance - member of a simple-failover group. virtualization management plugin VM DataCenter Target FC WORM (Write Once, Read Many)
Note that plugins are not downloadable from the website. Pluggable modules are distributed exactly in the same way as NexentaStor software upgrades and updates: via built-in reliable transactional upgrade mechanism (see NexentaStor overview, Section "Software Upgrade"). To list already installed plugins, as well as plugins available for installation, run:
nmc:/$ show plugin
Alternatively, you can view, install and uninstall the NexentaStor extension modules using appliance's web GUI. Free Trial users - please note that commercial plugins are available upon request. When
155 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
156 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
Restore all auto-service configuration of a volume (the appliance and other volumes configurations are not changed):
nmc:/$ setup appliance configuration restore -V <volume-name>
The directory name can be relative or absolute. Using either choice has some implications for NexentaStor configuations: Relative: Then an appliance-specific configuration (mailer, plugins, hostname settings etc) is saved on the syspool and auto-services configurations are saved on volumes (each volume contains configuration of it`s own auto-services only). Absolute: All configuration is saved to the given directory. Inside it sub-directories for each volume are created. Use this option to make a backup of the configuration. Running the save or restore command without using the "-F" parameter makes appliance use a default directory name. To display the current value, run:
nmc:/$ setup appliance configuration location
19.5 Upgrades
You can upgrade the NexentaStor appliance using the NMC command:
nmc:/$ setup appliance upgrade
To upgrade the data volume to the latest version, use the NMC command:
nmc:/$ setup volume <volumename> version-upgrade
To update the folder to the latest version, use the NMC command:
nmc:/$ setup folder <foldername> version-upgrade.
157 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
158 of 159
10/10/2011 1:26 PM
http://www.nexenta.com/static/user-guide-html/NexentaStor-UserG...
20 Additional Resources
For troubleshooting product issues, please contact [email protected]. For licensing questions, please email to [email protected]
For more advanced questions related to the product, be sure to check our FAQ for the latest information. Nexenta Systems has various professional services offerings to assist with installing and managing the product. Training courses on high availability and other features of NexentaStor are also available. For service and training offerings, check our website at http://www.nexenta.com. For background information on ZFS, read the Introduction to ZFS available on the OpenSolaris website at http://www.opensolaris.org/os/community/zfs/whatis/. Another useful source on how to best configure ZFS is the ZFS Best Practices Guide For tutorials and demos, visit: http://www.nexenta.com/corp/tutorials-a-demos
About Nexenta Systems Founded in 2005 and privately held, Nexenta Systems, Inc., has developed NexentaStor, the leading open storage enterprise class hardware independent storage solution and sponsors NexentaCore, an open source operating system that combines the high performance and reliability of OpenSolaris with the ease-of-use and breadth of applications of Linux. Both solutions leverage the revolutionary file system ZFS. More information about Nexenta Systems, Inc. and free trials of the ZFS-based NexentaStor can be found at www.nexenta.com or call: (877) 862-7770.
As always, there is no need to remember this command. Simply enter setup, and then keep pressing TAB-TAB and making selection. http://en.wikipedia.org/wiki/Active_Directory The work is underway to support CIFS workgroup mode (section Non-anonymous access, workgroup mode) with LDAP. As of the time of this writing, CIFS workgroup mode works with local Unix users and groups.
159 of 159
10/10/2011 1:26 PM