Enterprise Vault™ Setting up File System Archiving (FSA)

Last Published:
Product(s): Enterprise Vault (15.0)
  1. About this guide
    1.  
      Introducing this guide
    2. Where to get more information about Enterprise Vault
      1.  
        Enterprise Vault training modules
  2. About File System Archiving
    1.  
      About File System Archiving
    2.  
      About using FSA with clustered file servers
    3.  
      About setting up File System Archiving
    4.  
      About FSA policies
    5.  
      About target volumes, folders, and archive points
    6.  
      About client access to FSA-archived items
    7.  
      About archived file permissions
    8. About FSA shortcut files
      1.  
        About internet shortcuts
      2.  
        About placeholder shortcuts
      3.  
        About folder shortcuts
      4.  
        About pass-through recall for placeholder shortcuts
    9.  
      About the FSA Agent
    10.  
      About retention folders
    11.  
      About FSA Reporting
    12.  
      About FSAUtility
  3. Steps to configure File System Archiving
    1.  
      Steps to configure File System Archiving
  4. Adding a Windows file server to File System Archiving
    1.  
      Adding a Windows file server to File System Archiving
    2.  
      Using FSA with the Windows Encrypting File System (EFS)
    3. About archiving from Windows Server 2012 or later file servers
      1.  
        About the ReFS and CSVFS file systems and FSA
      2.  
        About Dynamic Access Control and FSA
      3.  
        About archiving Windows Server 2012 and later deduplicated files with FSA
    4.  
      Account requirements for managing FSA with Windows file servers
    5. Permissions and privileges required by the Vault Service account on Windows file servers
      1.  
        Granting permissions to the Vault Service account if you do not install the FSA Agent
    6.  
      Configuring a file server's firewall for FSA
    7.  
      Adding a Windows file server as an archiving target
  5. Adding a NetApp filer to File System Archiving
    1.  
      Adding a NetApp filer to File System Archiving
    2.  
      Setting the permissions for FSA on a NetApp filer
    3.  
      Adding a NetApp filer as an archiving target
  6. Adding a NetApp C-Mode Vserver to File System Archiving
    1.  
      Adding a NetApp C-Mode Vserver to File System Archiving
    2.  
      Permissions and privileges required by the Vault Service account on NetApp C-mode Vservers
    3.  
      Granting the required permission on each Vserver
    4.  
      Configuring the FPolicy server details
    5.  
      Adding a NetApp C-Mode Vserver as an archiving target
    6.  
      Points to note about File System Archiving on NetApp C-Mode file servers
  7. Adding a Celerra/VNX device to File System Archiving
    1.  
      Adding a Celerra/VNX device to File System Archiving
    2. Preparing a Celerra/VNX device for FSA
      1.  
        Configuring Celerra/VNX pass-through behavior for placeholder shortcuts
      2.  
        The format of the Web Access application URL in the Celerra/VNX fs_dhsm command
      3.  
        Configuring the Data Mover HTTP server to use SSL
      4.  
        Example commands to prepare a Celerra/VNX device for FSA
    3.  
      Adding a Celerra/VNX device as an archiving target
    4.  
      Specifying a cache location for retrieved Celerra/VNX files
  8. Adding a Dell EMC Unity device to File System Archiving
    1.  
      Adding a Dell EMC Unity device to File System Archiving
    2.  
      Preparing a Unity device for FSA
    3.  
      Adding the Unity device as an archiving target
  9. Configuring FSA with clustered file servers
    1.  
      About configuring FSA with clustered file servers
    2.  
      Steps to configure FSA with clustered file servers
    3.  
      Preparing to set up FSA services in a cluster
    4.  
      Adding the Vault Service account to the non-secure VCS cluster for FSA high availability
    5.  
      Adding the virtual file server as an FSA target
    6.  
      Configuring or reconfiguring the FSA resource
    7.  
      Removing the FSA resource from all cluster groups
    8. Troubleshooting the configuration of FSA with clustered file servers
      1.  
        'Failed to collect clustering data' error on starting FSA Cluster Configuration wizard
  10. Installing the FSA Agent
    1. About installing the FSA Agent on a Windows file server
      1.  
        Installing the FSA Agent using the Install FSA Agent wizard
      2.  
        Installing the FSA Agent manually
    2.  
      About FSA Agent uninstallation
    3.  
      Updating the logon credentials of the FSA Agent services
  11. Defining volume and folder policies
    1.  
      About defining FSA volume and folder policies
    2.  
      Creating FSA volume policies and folder policies
    3.  
      About FSA volume policy and folder policy properties
    4. About selecting the shortcut type for an FSA policy
      1.  
        About choosing not to display the file size in NetApp placeholder shortcuts
    5. About FSA policy archiving rules
      1.  
        Tips for creating FSA policy archiving rules
      2.  
        About excluding specific Mac and Windows file types from archiving
      3.  
        FSA shortcut creation options
      4.  
        Notes on FSA shortcut creation
    6.  
      About options for archiving files that have explicit permissions, and files under DAC
  12. Configuring the deletion of archived files on placeholder deletion
    1.  
      About configuring the deletion of archived files on placeholder deletion
    2.  
      Configuring the deletion of archived files on placeholder deletion for Windows file servers and NetApp filers
    3. Configuring the deletion of files on placeholder deletion for Dell EMC Celerra/VNX devices
      1.  
        Troubleshooting the deletion of files on placeholder deletion for Dell EMC Celerra/VNX devices
  13. Configuring target volumes, target folders, and archive points
    1. About adding target volumes, target folders, and archive points for FSA
      1.  
        About the checks for existing archives for an FSA folder path
    2.  
      Adding a target volume for FSA
    3.  
      Adding a target folder and archive points for FSA
    4. About managing archive points
      1.  
        Viewing, editing, or deleting archive points in the Administration Console
    5. Archive point properties
      1.  
        Archive point properties: General tab
      2.  
        Archive point properties: Indexing tab
    6. Effects of modifying, moving, or deleting folders
      1.  
        Effects of modifying folders with folder policies
      2.  
        Effects of modifying folders with archive points
    7. About deleting target folders, volumes, and file servers
      1.  
        Deleting a target folder from FSA
      2.  
        Deleting a target volume from FSA
      3.  
        Deleting a target file server from FSA
  14. Configuring pass-through recall for placeholder shortcuts
    1.  
      About configuring pass-through recall for placeholder shortcuts
    2. Configuring pass-through recall for a Windows file server
      1.  
        About configuring pass-through recall for a file server cluster
      2.  
        Registry values for pass-through recall on Windows file servers
    3.  
      Configuring pass-through recall for a NetApp filer
  15. Configuring and managing retention folders
    1. Configuring retention folders
      1.  
        Creating a retention folder policy
      2.  
        Adding a target folder with a retention folder policy from the Administration Console
      3.  
        About controlling whether FSA recreates deleted or moved retention folders
      4.  
        About testing the effects of a retention folder configuration
    2. About assigning a retention folder policy using the Command Line Interface (CLI)
      1.  
        The format of the RtnFolder.exe settings file
      2.  
        Example RtnFolder.exe commands
    3. Managing retention folders
      1.  
        Disabling the archiving of retention folders for an FSA target
      2.  
        Assigning a different retention folder policy to a target folder
  16. Configuring and running FSA tasks
    1.  
      About configuring and running FSA tasks
    2.  
      Adding a File System Archiving task
    3.  
      Scheduling a File System Archiving task
    4.  
      Setting the FSA folder permissions synchronization schedule
    5.  
      Scheduling the deletion of archived files on placeholder deletion for Dell EMC Celerra/VNX
    6.  
      Configuring FSA version pruning
    7. Using Run Now to process FSA targets manually
      1.  
        Processing an FSA target volume manually
      2.  
        Running a File System Archiving task manually
    8.  
      About File System Archiving task reports
    9.  
      About scheduling storage expiry for FSA
  17. Configuring file system filtering
    1.  
      About custom filters for File System Archiving
    2.  
      Configuring file system filters
    3.  
      About file system filter reports
  18. Managing the file servers
    1.  
      About managing the target file servers
    2.  
      About backing up the target file servers
    3.  
      About virus-checking the target file servers
    4. About changing the placeholder recall rate settings
      1.  
        Changing the placeholder recall rate settings for a Windows file server
      2.  
        Changing the placeholder recall rate settings for a NetApp file server
    5. About preventing unwanted file recalls from placeholder shortcuts
      1.  
        Using FSA backup mode to prevent file recalls
      2.  
        Prohibiting a program from recalling files that FSA has archived
      3.  
        Preventing file recalls on Celerra/VNX
  19. PowerShell cmdlets for File System Archiving
    1.  
      About the PowerShell cmdlets for File System Archiving
    2.  
      Running the File System Archiving cmdlets
    3.  
      Creating PowerShell scripts using File System Archiving cmdlets
    4.  
      File System Archiving cmdlets error handling
  20. Appendix A. Permissions and privileges required for the Vault Service account on Windows file servers
    1.  
      About the permissions and privileges required for the Vault Service account on Windows file servers
    2.  
      Group membership requirements for the Vault Service account
    3.  
      DCOM permissions required by the Vault Service account
    4.  
      WMI control permissions required by the Vault Service account
    5.  
      Local security user rights required by the Vault Service account
    6. Permissions required by the Vault Service account for the FSA Agent
      1.  
        FSA Agent service permissions required by the Vault Service account
      2.  
        Enterprise Vault installation folder permissions required by the Vault Service account
      3.  
        File server registry hive permissions required by the Vault Service account
    7.  
      Permissions required by the Vault Service account to support the FSA resource on clustered file servers
    8.  
      FSA target share and folder permissions required by the Vault Service account

Preparing a Unity device for FSA

Enterprise Vault supports EMC Unity VSA as a file system archiving target. This section describes how to prepare and add a Unity device for File System Archiving.

To prepare a Unity device for FSA using Dell EMC Unity Unisphere VSA

  1. Log on to Dell EMC Unity Unisphere VSA.
  2. Add a Unity account for Enterprise Vault to use for authentication on the Unity device.

    • Click Update System Settings.

    • On the left-hand pane, click Users and Groups.

    • Select User Management. Click the '+' icon to add a new user.

    • In the Create User or Group dialog box, select Local User, and click Next.

    • Enter the details of the new Unity account, and click Next.

    • Select Storage Administrator and click Next.

    • Click Finish, and then click Close.

    • Click Close to close the Settings dialog box.

  3. Enable Distributed Hierarchical Storage Management (DHSM) for the NAS server that will be used as the FSA target.

    • On the left-hand pane, click Storage > File, and then click the NAS Servers tab.

    • Select the NAS server and edit the properties.

    • In the properties window, click the Protection and Events tab.

    • In the left-hand pane, click DHSM.

    • Select the Enable DHSM check box.

    • Enter the details of the Unity Storage Administrator account created in the earlier step.

    • Clear the Enforce HTTP Secure checkbox. HTTPS is not supported.

    • Click Apply to complete this step.

    • Click Close to close the properties dialog box.

  4. Edit the properties of all the file systems that corresponding to the NAS server that you want to archive from.

    • Select a File system and edit the properties.

    • Click the Advanced tab.

    • Select the Sync Writes Enabled, Oplocks Enabled, Notify On Write Enabled ,and Notify On Access Enabled check boxes.

    • Click Apply to save the settings.

    • Click Close to close the properties dialog box.

  5. In the left-hand pane, click System > Service, and click the Service Tasks tab. Make sure that SSH is enabled.
  6. Connect to EMC Unity using SSH (use Management IP and username should be service account name)
  7. Configure a DHSM connection to use for recall requests.

    • Run the following command:

      uemcli -u Local/admin -p Unity_Admin_Account_Password /net/nas/dhsmconn create -fs fs_id -secondaryUrl http://EV_Server_FQDN/EnterpriseVault -mode enabled -readPolicy full -secondaryUsername User@Domain -secondaryPassword Password

      For example,

      uemcli -u Local/admin -p p4ssw0rd /net/nas/dhsmconn create -fs fs_1 -secondaryUrl http://evserver.example.local/EnterpriseVault -mode enabled -readPolicy full -secondaryUsername vsa@example.local -secondaryPassword p@ssw0rd

      Where:

      p4ssw0rd is the password of the Unity administrator account.

      fs_1 is the ID of file system attached to the NAS server. To get the ID of the file system use the following as the URL in a web browser: https:// Unity_IP_Or_FQDN/api/types/filesystem/instances?fields=id,name. The output will contain the list of file systems along with their name and IDs. Look for the ID for your file system.

      http://evserver.example.local/EnterpriseVault is the URL of Enterprise Vault Web Access application.

      vsa@example.local is the Vault Service account that will have access to all the archives from which files are restored.

      p@ssw0rdd is the password to the Vault Service account.

    • On the remote certificate prompt, choose Accept and store.

  8. Verify that the settings are correctly applied using the following command:

    uemcli -u Local/admin -p Unity_Admin_Password /net/nas/dhsmconn -fs fs_id show

    For example:

    uemcli -u Local/admin -p Admin123# /net/nas/dhsmconn -fs fs_1 show

    The following is an example output:

    Storage system address: 127.0.0.1
Storage system port: 443
HTTPS connection
1: ID = DHSMConnection_1
File system = fs_1
Secondary url = http://evserver.example.local/EnterpriseVault
Secondary port = 80
Secondary username = vsa@example.local
Local port =
  9. Add the Vault Service account as a member of the Administrators group of the Dell EMC UnityVSA server:

    • In Windows, start Computer Management.

    • In the Computer Management console, select Action > Connect to another computer. Enter the name of the NAS server.

    • Add the Vault Service account to the Administrators group.

To prepare a Unity device for FSA using SSH

  1. Connect to EMC Unity using SSH.
  2. Add a Unity account for Enterprise Vault to use for authentication on the Unity device, using this command:

    uemcli -u Local/admin -p Unity_Admin_Password /user/account create -name Account_Name -type local -passwdSecure -role storageadmin

    Example:

    uemcli -u Local/admin -p p4ssw0rd /user/account create -name unityaccount -type local -passwdSecure -role storageadmin

    Where:

    p4ssw0rd is the password of the Administrator account on Unity.

    unityaccount is the name of the local Storage Administrator account.

    local is the type of the user account. The new Unity account must be a local user.

    -passwdSecure Prompts you to specify the password and confirm the password when the command runs.

    storageadmin is the role for the new account. The new Unity account must be assigned to the Storage Administrator role.

    The following is an example output:

    Storage system address: 127.0.0.1
Storage system port: 443
HTTPS connection
[Secure] For local users, type the user password.
Password:
Confirm password:
ID = user_unityaccount
Operation completed successfully.
  3. Enable Distributed Hierarchical Storage Management (DHSM) for a NAS server.

    • Get the ID of the file system by using the following as the URL in a web browser:

      https://Unity_IP_Or_FQDN/api/types/filesystem/instances?fields=id,name.

      The output will contain the list of file systems along with their name and IDs. Look for the ID for your file system.

    • Enable DHSM on the NAS server, using following command:

      uemcli -u Local/admin -p Unity_Admin_Password /net/nas/dhsm -server <NAS_id> set -state Enabled -username Storage_Admin_User -passwdSecure -enableHTTPS no

      For example:

      uemcli -u Local/admin -p p4ssw0rd /net/nas/dhsm -server nas_1 set -state Enabled -username unityaccount -passwdSecure -enableHTTPS no

      Where:

      p4ssw0rd is the password of the Administrator account on Unity.

      nas_1 is the ID of the associated NAS server.

      unityaccount is the name of the local Storage Administrator account.

      -passwdSecure Prompts you to specify the password and confirm the password when the command runs.

      The following is an example output: 

      Storage system address: 127.0.0.1
Storage system port: 443
HTTPS connection
[Secure] The advanced storage access password.
Password:
Confirm password:
Operation completed successfully.

    • Verify that DHSM is configured correctly, by using the following command:

      uemcli -u Local/admin -p Unity_Admin_Password /net/nas/dhsm -server <NAS_id> show

      For example:

      uemcli -u Local/admin -p Admin123# /net/nas/dhsm -server nas_1 show

      The following is an example output:

      Storage system address: 127.0.0.1
Storage system port: 443
HTTPS connection
1: NAS server = nas_1
State = Enabled
  4. Configure a DHSM connection to use for recall requests.

    • Run the following command:

      uemcli -u Local/admin -p Unity_Admin_Account_Password /net/nas/dhsmconn create -fs fs_id -secondaryUrl http://EV_Server_FQDN/EnterpriseVault -mode enabled -readPolicy full -secondaryUsername User@Domain -secondaryPassword Password

      For example,

      uemcli -u Local/admin -p p4ssw0rd /net/nas/dhsmconn create -fs fs_1 -secondaryUrl http://evserver.example.local/EnterpriseVault -mode enabled -readPolicy full -secondaryUsername vsa@example.local -secondaryPassword p@ssw0rd

      Where:

      p4ssw0rd is the password of the Unity administrator account.

      fs_1 is the ID of file system attached to the NAS server. To get the ID of the file system use the following as the URL in a web browser: https:// Unity_IP_Or_FQDN/api/types/filesystem/instances?fields=id,name. The output will contain the list of file systems along with their name and IDs. Look for the ID for your file system.

      http://evserver.example.local/EnterpriseVault is the URL of Enterprise Vault Web Access application.

      vsa@example.local is the Vault Service account that will have access to all the archives from which files are restored.

      p@ssw0rdd is the password to the Vault Service account.

    • On the remote certificate prompt, choose Accept and store.

  5. Verify that the settings are correctly applied using the following command:

    uemcli -u Local/admin -p Unity_Admin_Password /net/nas/dhsmconn -fs fs_id show

    For example:

    uemcli -u Local/admin -p Admin123# /net/nas/dhsmconn -fs fs_1 show

    The following is an example output:

    Storage system address: 127.0.0.1
Storage system port: 443
HTTPS connection
1: ID = DHSMConnection_1
File system = fs_1
Secondary url = http://evserver.example.local/EnterpriseVault
Secondary port = 80
Secondary username = vsa@example.local
Local port =
  6. Edit the properties of all the file systems that corresponding to the NAS server that you want to archive from, using the following command:

    uemcli -u Local/admin -p Unity_Admin_Password /stor/prov/fs -name File_System_Name set -cifsOpLocks yes -cifsNotifyOnWrite yes -cifsNotifyOnAccess yes -cifsSyncWrites yes

    For example:

    uemcli -u Local/admin -p Admin123# /stor/prov/fs -name TESTFS set -cifsOpLocks yes -cifsNotifyOnWrite yes -cifsNotifyOnAccess yes -cifsSyncWrites yes

    The following is an example output:

    Storage system address: 127.0.0.1
Storage system port: 443
HTTPS connection
ID = res_1
Operation completed successfully.
Configuring Unity pass-through behavior for placeholder shortcuts

You can use the Dell EMC Unity read policy with placeholder recalls, if required. The Unity -readPolicy parameter determines how a read request is handled for a file in secondary storage. For example, you can opt to pass a file directly through to the client without recalling it to the Unity device. Unity then recalls the file only if a write request is received.

For pass-through, Unity uses the same cache on the Enterprise Vault server that you set up for Enterprise Vault to use when retrieving files for the Unity device.

Note:

If you configure Unity pass-through, do not configure the Enterprise Vault option to delete archived files on placeholder deletion, as this combination can lead to data loss.

To configure the Unity pass-through behavior, include the -readPolicy parameter in one of the following commands:

  • The dhsmconn create command to define the DHSM connection that the Unity device uses for recall requests. This method sets the pass-through behavior for all the placeholders that are created through the connection.

  • The dhsmconn modify command to configure a Unity device. This method sets the pass-through behavior for all the placeholders on the file system.

The syntax of the -readPolicy parameter is as follows:

-readPolicy [full | passthrough | partial | none]

The effect of the values is as follows:

  • full. Recall the whole file to Unity on read request before the data is returned.

  • passthrough. Retrieve the data without recalling the data to Unity.

  • partial. Retrieve only the blocks that are required to satisfy the client read request.

  • none (the default value). The setting has no effect.

For example, the following command syntax configures pass-through for a file system:

uemcli -u Local/admin -p Admin@123 /net/nas/dhsmconn -id DHSMConnection_ID modify -readPolicy passthrough

Where DHSMConnection_ID is the DHSM connection identifier of the file system on Unity.