Veritas Access Administrator's Guide

Last Published:
Product(s): Access (7.4.2.400)
Platform: Linux
  1. Section I. Introducing Veritas Access
    1. Introducing Veritas Access
      1.  
        About Veritas Access
      2.  
        Accessing the Access CLISH
      3.  
        Navigating the Access CLISH
      4.  
        Getting help using the Access CLISH
      5.  
        Displaying the command history
      6.  
        Using the more command
  2. Section II. Configuring Veritas Access
    1. Adding users or roles
      1.  
        About user roles and privileges
      2.  
        About the naming requirements for adding new users
      3.  
        Adding Master, System Administrator, and Storage Administrator users
    2. Configuring the network
      1.  
        About configuring the Veritas Access network
      2.  
        About bonding Ethernet interfaces
      3.  
        Bonding Ethernet interfaces
      4.  
        Configuring DNS settings
      5.  
        About Ethernet interfaces
      6.  
        Displaying current Ethernet interfaces and states
      7.  
        Configuring IP addresses
      8.  
        Configuring Veritas Access to use jumbo frames
      9.  
        Configuring VLAN interfaces
      10.  
        Configuring NIC devices
      11.  
        Swapping network interfaces
      12.  
        Excluding PCI IDs from the cluster
      13.  
        About configuring routing tables
      14.  
        Configuring routing tables
      15.  
        Changing the firewall settings
      16.  
        IP load balancing
      17.  
        Configuring Veritas Access in IPv4 and IPv6 mixed mode
    3. Configuring authentication services
      1.  
        About configuring LDAP settings
      2.  
        Configuring LDAP server settings
      3.  
        Administering the Veritas Access cluster's LDAP client
      4.  
        Configuring the NIS-related settings
      5.  
        Configuring NSS lookup order
  3. Section III. Managing Veritas Access storage
    1. Configuring storage
      1.  
        About storage provisioning and management
      2.  
        About configuring disks
      3.  
        About configuring storage pools
      4.  
        Configuring storage pools
      5.  
        About quotas for usage
      6.  
        Enabling, disabling, and displaying the status of file system quotas
      7.  
        Setting and displaying file system quotas
      8.  
        Setting user quotas for users of specified groups
      9.  
        About quotas for CIFS home directories
      10.  
        About Flexible Storage Sharing
      11.  
        Limitations of Flexible Storage Sharing
      12.  
        Workflow for configuring and managing storage using the Veritas Access CLI
      13.  
        Displaying information for all disk devices associated with the nodes in a cluster
      14.  
        Displaying WWN information
      15.  
        Importing new LUNs forcefully for new or existing pools
      16.  
        Initiating host discovery of LUNs
      17.  
        Increasing the storage capacity of a LUN
      18.  
        Formatting or reinitializing a disk
      19.  
        Removing a disk
    2. Configuring data integrity with I/O fencing
      1.  
        About I/O fencing
    3. Configuring ISCSI
      1.  
        About iSCSI
      2.  
        Configuring the iSCSI initiator
      3.  
        Configuring the iSCSI initiator name
      4.  
        Configuring the iSCSI devices
      5.  
        Configuring discovery on iSCSI
      6.  
        Configuring the iSCSI targets
      7.  
        Modifying tunables for iSCSI
    4. Veritas Access as an iSCSI target
      1.  
        About Veritas Access as an iSCSI target
      2.  
        Managing the iSCSI target service
      3.  
        Managing the iSCSI targets
      4.  
        Managing the LUNs
      5.  
        Managing the mappings with iSCSI initiators
      6.  
        Managing the users
  4. Section IV. Managing Veritas Access file access services
    1. Configuring the NFS server
      1.  
        About using the NFS server with Veritas Access
      2.  
        Using the kernel-based NFS server
      3.  
        Accessing the NFS server
      4.  
        Displaying and resetting NFS statistics
      5.  
        Configuring Veritas Access for ID mapping for NFS version 4
      6.  
        Configuring the NFS client for ID mapping for NFS version 4
      7.  
        About authenticating NFS clients
      8. Setting up Kerberos authentication for NFS clients
        1.  
          Adding and configuring Veritas Access to the Kerberos realm
    2. Using Veritas Access as a CIFS server
      1.  
        About configuring Veritas Access for CIFS
      2.  
        About configuring CIFS for standalone mode
      3.  
        Configuring CIFS server status for standalone mode
      4.  
        Changing security settings
      5. About Active Directory (AD)
        1.  
          Configuring entries for Veritas Access DNS for authenticating to Active Directory (AD)
      6. About configuring CIFS for Active Directory (AD) domain mode
        1.  
          Joining Veritas Access to Active Directory (AD)
        2.  
          Verifying that Veritas Access has joined Active Directory (AD) successfully
        3.  
          Using multi-domain controller support in CIFS
        4.  
          About leaving an AD domain
        5.  
          Changing domain settings for AD domain mode
        6.  
          Removing the AD interface
      7.  
        Setting NTLM
      8. About setting trusted domains
        1.  
          Specifying trusted domains that are allowed access to the CIFS server
        2.  
          Allowing trusted domains access to CIFS when setting an IDMAP backend to rid
        3.  
          Allowing trusted domains access to CIFS when setting an IDMAP backend to ldap
        4.  
          Allowing trusted domains access to CIFS when setting an IDMAP backend to hash
        5.  
          Allowing trusted domains access to CIFS when setting an IDMAP backend to ad
        6.  
          About configuring Windows Active Directory as an IDMAP backend for CIFS
        7.  
          Configuring the Active Directory schema with CIFS-schema extensions
        8.  
          Configuring the LDAP client for authentication using the CLI
        9.  
          Configuring the CIFS server with the LDAP backend
        10.  
          Setting Active Directory trusted domains
      9.  
        About storing account information
      10.  
        Storing user and group accounts
      11.  
        Reconfiguring the CIFS service
      12.  
        About mapping user names for CIFS/NFS sharing
      13.  
        About the mapuser commands
      14.  
        Adding, removing, or displaying the mapping between CIFS and NFS users
      15.  
        Automatically mapping UNIX users from LDAP to Windows users
      16. About managing home directories
        1.  
          Setting the home directory file systems
        2.  
          Setting up home directories
        3.  
          Displaying home directory usage information
        4.  
          Deleting home directories and disabling creation of home directories
      17. About CIFS clustering modes
        1.  
          About switching the clustering mode
      18. About migrating CIFS shares and home directories
        1.  
          Migrating CIFS shares and home directories from normal to ctdb clustering mode
        2.  
          Migrating CIFS shares and home directories from ctdb to normal clustering mode
      19.  
        Setting the CIFS aio_fork option
      20. About managing local users and groups
        1.  
          Creating a local CIFS user
        2.  
          Configuring a local group
      21.  
        Enabling CIFS data migration
    3. Configuring an FTP server
      1.  
        About FTP
      2.  
        Creating the FTP home directory
      3.  
        Using the FTP server commands
      4.  
        About FTP server options
      5.  
        Customizing the FTP server options
      6.  
        Administering the FTP sessions
      7.  
        Uploading the FTP logs
      8.  
        Administering the FTP local user accounts
      9.  
        About the settings for the FTP local user accounts
      10.  
        Configuring settings for the FTP local user accounts
    4. Using Veritas Access as an Object Store server
      1.  
        About the Object Store server
      2.  
        Use cases for configuring the Object Store server
      3.  
        Configuring the Object Store server
      4.  
        About buckets and objects
      5.  
        File systems used for objectstore buckets
      6.  
        S3 with NFS use case
  5. Section V. Monitoring and troubleshooting
    1. Configuring event notifications and audit logs topics
      1.  
        About event notifications
      2.  
        About severity levels and filters
      3.  
        About SNMP notifications
      4.  
        Configuring an email group
      5.  
        Configuring a syslog server
      6.  
        Exporting events in syslog format to a given URL
      7.  
        Displaying events on the console
      8.  
        Configuring events for event reporting
      9.  
        Configuring an SNMP management server
  6. Section VI. Provisioning and managing Veritas Access file systems
    1. Creating and maintaining file systems
      1.  
        About creating and maintaining file systems
      2.  
        About encryption at rest
      3. Considerations for creating a file system
        1.  
          Best practices for creating file systems
        2.  
          Choosing a file system layout type
        3.  
          Determining the initial extent size for a file system
        4.  
          About striping file systems
        5.  
          About creating a tuned file system for a specific workload
        6.  
          About FastResync
        7.  
          About fsck operation
        8.  
          Setting retention in files
        9.  
          Setting WORM over NFS
        10.  
          Manually setting WORM-retention on a file over CIFS
        11.  
          About managing application I/O workloads using maximum IOPS settings
      4.  
        Creating a file system
      5.  
        Bringing the file system online or offline
      6.  
        Listing all file systems and associated information
      7. Modifying a file system
        1.  
          Adding or removing a mirror from a file system
        2.  
          Adding or removing a column from a file system
        3.  
          Increasing the size of a file system
        4.  
          Decreasing the size of a file system
      8. Managing a file system
        1.  
          Defragmenting a file system
        2.  
          Checking and repairing a file system
        3.  
          Configuring FastResync for a file system
        4.  
          Disabling the FastResync option for a file system
        5.  
          Checking and resynchronizing stale mirrors
        6.  
          Setting file system alerts
        7.  
          Displaying file system alert values
        8.  
          Removing file system alerts
      9.  
        Destroying a file system
      10.  
        Upgrading disk layout versions
  7. Section VII. Provisioning and managing Veritas Access shares
    1. Creating shares for applications
      1.  
        About file sharing protocols
      2.  
        About concurrent access
      3.  
        Sharing directories using CIFS and NFS protocols
      4.  
        Sharing a file system as a CIFS home directory
      5.  
        About concurrent access with NFS and S3
    2. Creating and maintaining NFS shares
      1.  
        About NFS file sharing
      2.  
        Displaying file systems and snapshots that can be exported
      3.  
        Exporting an NFS share
      4.  
        Displaying exported directories
      5.  
        About managing NFS shares using netgroups
      6.  
        Unexporting a directory or deleting NFS options
      7.  
        Exporting an NFS share for Kerberos authentication
      8.  
        Mounting an NFS share with Kerberos security from the NFS client
      9.  
        Exporting an NFS snapshot
    3. Creating and maintaining CIFS shares
      1.  
        About managing CIFS shares
      2.  
        Exporting a directory as a CIFS share
      3.  
        Configuring a CIFS share as secondary storage for an Enterprise Vault store
      4.  
        Exporting the same file system/directory as a different CIFS share
      5.  
        About the CIFS export options
      6.  
        Setting share properties
      7.  
        Displaying CIFS share properties
      8.  
        Hiding system files when adding a CIFS normal share
      9.  
        Allowing specified users and groups access to the CIFS share
      10.  
        Denying specified users and groups access to the CIFS share
      11.  
        Exporting a CIFS snapshot
      12.  
        Deleting a CIFS share
      13.  
        Modifying a CIFS share
      14.  
        Making a CIFS share shadow copy aware
    4. Using Veritas Access with OpenStack
      1.  
        About the Veritas Access integration with OpenStack
      2. About the Veritas Access integration with OpenStack Cinder
        1. About the Veritas Access integration with OpenStack Cinder architecture
          1. Veritas Access NFS-based Cinder driver
            1.  
              Configuring Veritas Access with OpenStack Cinder
          2.  
            Veritas Access iSCSI based Cinder driver
        2.  
          Configuring OpenStack Cinder
      3. About the Veritas Access integration with OpenStack Manila
        1.  
          OpenStack Manila use cases
        2.  
          Configuring Veritas Access with OpenStack Manila
        3.  
          Creating a new share backend on the OpenStack controller node
        4.  
          Creating an OpenStack Manila share type
        5.  
          Creating an OpenStack Manila file share
        6.  
          Creating an OpenStack Manila share snapshot
    5. Integrating Veritas Access with Data Insight
      1.  
        Veritas Access integration with Data Insight
  8. Section VIII. Managing Veritas Access storage services
    1. Compressing files
      1. About compressing files
        1.  
          About the compressed file format
        2.  
          About the file compression attributes
        3.  
          About the file compression block size
      2.  
        Use cases for compressing files
      3.  
        Best practices for using compression
      4. Compression tasks
        1.  
          Compressing files
        2.  
          Showing the scheduled compression job
        3.  
          Scheduling compression jobs
        4.  
          Listing compressed files
        5.  
          Uncompressing files
        6.  
          Modifying the scheduled compression
        7.  
          Removing the specified schedule
        8.  
          Stopping the schedule for a file system
        9.  
          Removing the pattern-related rule for a file system
        10.  
          Removing the modified age related rule for a file system
    2. Configuring episodic replication
      1.  
        About Veritas Access episodic replication
      2.  
        How Veritas Access episodic replication works
      3.  
        Starting Veritas Access episodic replication
      4.  
        Setting up communication between the source and the destination clusters
      5.  
        Setting up the file systems to replicate
      6.  
        Setting up files to exclude from an episodic replication unit
      7.  
        Scheduling the episodic replication
      8.  
        Defining what to replicate
      9.  
        About the maximum number of parallel episodic replication jobs
      10.  
        Managing an episodic replication job
      11.  
        Replicating compressed data
      12.  
        Displaying episodic replication job information and status
      13.  
        Synchronizing an episodic replication job
      14.  
        Behavior of the file systems on the episodic replication destination target
      15.  
        Accessing file systems configured as episodic replication destinations
      16. Episodic replication job failover and failback
        1.  
          Process summary
        2.  
          Overview of the planned failover process
        3.  
          Overview of the planned failback process
        4.  
          Overview of the unplanned failover process
        5.  
          Overview of the unplanned failback process
    3. Configuring continuous replication
      1.  
        About Veritas Access continuous replication
      2. How Veritas Access continuous replication works
        1.  
          How data flows in continuous replication synchronous mode
        2.  
          How data flows in continuous replication asynchronous mode
      3.  
        Starting Veritas Access continuous replication
      4.  
        Setting up communication between the source and the target clusters
      5.  
        Setting up the file system to replicate
      6.  
        Managing continuous replication
      7.  
        Displaying continuous replication information and status
      8.  
        Unconfiguring continuous replication
      9. Continuous replication failover and failback
        1.  
          Process summary
        2.  
          Overview of the planned failover process
        3.  
          Overview of the planned failback process
        4.  
          Overview of the unplanned failover process
        5.  
          Overview of the unplanned failback process
    4. Using snapshots
      1.  
        About snapshots
      2.  
        Creating snapshots
      3.  
        Displaying snapshots
      4.  
        Managing disk space used by snapshots
      5.  
        Bringing snapshots online or taking snapshots offline
      6.  
        Restoring a snapshot
      7.  
        About snapshot schedules
      8.  
        Configuring snapshot schedules
      9.  
        Managing automated snapshots
    5. Using instant rollbacks
      1.  
        About instant rollbacks
      2.  
        Creating a space-optimized rollback
      3.  
        Creating a full-sized rollback
      4.  
        Listing Veritas Access instant rollbacks
      5.  
        Restoring a file system from an instant rollback
      6.  
        Refreshing an instant rollback from a file system
      7.  
        Bringing an instant rollback online
      8.  
        Taking an instant rollback offline
      9.  
        Destroying an instant rollback
      10.  
        Creating a shared cache object for Veritas Access instant rollbacks
      11.  
        Listing cache objects
      12.  
        Destroying a cache object of a Veritas Access instant rollback
  9. Section IX. Reference
    1. Appendix A. Veritas Access documentation
      1.  
        Using the Veritas Access product documentation
      2.  
        About accessing the online man pages
    2. Appendix B. Veritas Access tuning
      1.  
        File system mount-time memory usage
    3. Appendix C. Manual steps for addition and deletion of nodes in a non-SSH environment
      1.  
        Adding a new node to a Veritas Access cluster
      2.  
        Deleting a node from a Veritas Access cluster
  10.  
    Index

About the CIFS export options

The following are the CIFS export options.

Table: CIFS export options

CIFS export option

Definition

rw

There is a share option which specifies if the files in the share will be read-only or if both read and write access will be possible, subject to the authentication and authorization checks when a specific access is attempted. This share option can be given one of these values, either rw or ro.

Grants read and write permission to the exported share.

ro (Default)

Grants read-only permission to the exported share. Files cannot be created or modified.

guest

This configuration option specifies if a user trying to establish a CIFS connection with the share must always provide the user name and password, or if they can connect without it. In this case, only restricted access to the share will be allowed. The same kind of access is allowed to anonymous or guest user accounts. This share option can have one of the following values, either guest or noguest.

Veritas Access allows restricted access to the share when no user name or password is provided.

noguest (Default)

Veritas Access always requires the user name and password for all of the connections to this share.

full_acl

All Windows Access Control Lists (ACLs) are supported except in the case when you attempt using the Windows Explorer folder Properties > Security GUI to inherit down to a non-empty directory hierarchy while denying all access to yourself.

no_full_acl (Default)

Some advanced Windows Access Control Lists (ACLs) functionality does not work. For example, if you try to create ACL rules on files saved in a CIFS share using Windows explorer while allowing some set of file access for user1 and denying file access for user2, this is not possible when CIFS shares are exported using no_full_acl.

hide_unreadable

Prevents clients from seeing the existence of files and directories that are not readable to them.

The default is: hide_unreadable is set to off.

veto_sys_files

To hide some system files (lost+found, quotas, quotas.grp) from displaying when using a CIFS normal share, you can use the veto_sys_files CIFS export option. For example, when adding a CIFS normal share, the default is to display the system files. To hide the system files, you must use the veto_sys_files CIFS export option.

fs_mode

When a file system or directory is exported by CIFS, its mode is set to an fs_mode value. It is the UNIX access control set on a file system, and CIFS options like rw/ro do not take precedence over it. This value is reset to 0755 when the CIFS share is deleted.

The default is: fs_mode = 1777.

dir_mask

When a directory is created under a file system or directory exported by CIFS, the necessary permissions are calculated by mapping DOS modes to UNIX permissions. The resulting UNIX mode is then bit-wise 'AND'ed with this parameter. Any bit not set here is removed from the modes set on a directory when it is created.

The default is: dir_mask = 0775.

create_mask

When a file is created under a file system or directory exported by CIFS, the necessary permissions are calculated by mapping DOS modes to UNIX permissions. The resulting UNIX mode is then bit-wise 'AND'ed with this parameter. Any bit not set here is removed from the modes set on a file when it is created.

The default is: create_mask = 0775.

oplocks (Default)

Veritas Access supports the CIFS opportunistic locks. You can enable or disable them for a specific share. The opportunistic locks improve performance for some workloads, and there is a share configuration option which can be given one of the following values, either oplocks or nooplocks.

Veritas Access supports opportunistic locks on the files in this share.

nooplocks

No opportunistic locks will be used for this share.

Disable the oplocks when:

  • 1) A file system is exported over both CIFS and NFS protocols.

  • 2) Either CIFS or NFS protocol has read and write access.

owner

There are more share configuration options that can be used to specify the user and group who own the share. If you do not specify these options for a share, Veritas Access uses the current values as default values for these options. You may want to change the default values to allow a specific user or group to be the share owner.

Irrespective of who are owner and group of the exported share, any CIFS clients can create folders and files in the share. However, there are some operations that require owner privileges; for example, changing the owner itself, and changing permissions of the top-level folder (that is, the root directory in UNIX terms). To enable these operations, you can set the owner option to a specific user name, and this user can perform the privileged operations.

group

By default, the current group is the primary group owner of the root directory of the exported share. This lets CIFS clients create folders and files in the share. However, there are some operations that require group privileges; for example, changing the group itself, and changing permissions of the top-level folder (that is, the root directory in UNIX terms). To enable these operations, you can set the group option to a specific group name, and this group can perform the privileged operations.

ip

Veritas Access lets you specify a virtual IP address. If you set ip=virtualip, the share is located on the specified virtual IP address. This address must be part of the Veritas Access cluster, and is used by the system to serve the share internally.

Note:

ip is not a valid CIFS option when using the ctdb clustering mode.

See About CIFS clustering modes.

max_connections

Specify the maximum limit for concurrent CIFS connections for a CIFS share.

The default value is 0, indicating that there are no limited connections.

shadow_copy

Indicates that this is a shadow_copy capable CIFS share.

See Making a CIFS share shadow copy aware.

enable_encryption

If enable_encryption is set, then all the traffic to a share must be encrypted once the connection has been made to the share. The server will return an access denied message to all unencrypted requests on such a share. As SMB3 is the max protocol, only SMB3 clients supporting encryption will be able to connect to the share.

disable_encryption

If disable_encryption is set, then encryption cannot be negotiated by the client. SMB1, SMB2, and SMB3 clients can connect to the share.

enable_durable_handles

Enables support for durable handles for CIFS shares. Enabling this option disables use of POSIX/fcntl locks. Exporting the same CIFS share using NFS may result in data corruption. For support for durable handles on CIFS shares, you must specify this option.