Veritas Access Appliance Administrator's Guide

Last Published:
Product(s): Appliances (7.4.3)
Platform: Veritas 3340,Access Appliance OS
  1. Section I. Introducing Access Appliance
    1. Introducing Access Appliance
      1.  
        About Access Appliance
      2.  
        About the Access Appliance Dashboard
      3. Getting started with the Access CLISH
        1.  
          Accessing the Access CLISH
        2.  
          Navigating the Access CLISH
        3.  
          Getting help using the Access CLISH
        4.  
          Displaying the command history
        5.  
          Using the more command
  2. Section II. Configuring Access Appliance
    1. Managing users
      1.  
        About user management
      2.  
        About the naming requirements for adding new users
      3.  
        About the naming requirements when assigning roles to domain users
      4.  
        Adding and removing user roles using GUI
      5.  
        Performing user management using CLISH
    2. Configuring the network
      1.  
        About configuring the Access Appliance network
      2.  
        About bonding Ethernet interfaces
      3.  
        Bonding Ethernet interfaces
      4.  
        Configuring DNS settings
      5.  
        About Ethernet interfaces
      6.  
        Displaying current Ethernet interfaces and states
      7.  
        Configuring IP addresses
      8.  
        Configuring VLAN interfaces
      9.  
        Configuring NIC devices
      10.  
        About configuring routing tables
      11.  
        Configuring routing tables
      12.  
        Changing the firewall settings
      13.  
        Configuring Access Appliance in IPv4 and IPv6 mixed mode
      14.  
        Support for multiple data subnets
    3. Configuring authentication services
      1.  
        About configuring LDAP settings
      2.  
        Configuring LDAP server settings
      3.  
        Administering the Access Appliance cluster's LDAP client
      4.  
        About Active Directory (AD)
      5.  
        Configuring AD server settings
      6.  
        Configuring entries for Access Appliance DNS for authenticating to Active Directory (AD)
      7.  
        Configuring AD/LDAP using the GUI
      8.  
        Configuring the NIS-related settings
      9.  
        Configuring NSS lookup order
  3. Section III. Managing Access Appliance storage
    1. Configuring storage
      1.  
        About storage provisioning and management
      2.  
        About configuring disks
      3.  
        About configuring storage pools
      4.  
        Configuring storage pools
      5.  
        About quotas for usage
      6.  
        Enabling, disabling, and displaying the status of file system quotas
      7.  
        Setting and displaying file system quotas
      8.  
        Setting user quotas for users of specified groups
      9.  
        About quotas for CIFS home directories
      10.  
        Workflow for configuring and managing storage using the Access Appliance CLI
      11.  
        Displaying information for all disk devices associated with the nodes in a cluster
      12.  
        Displaying WWN information
      13.  
        Importing new LUNs forcefully for new or existing pools
      14.  
        Initiating host discovery of LUNs
      15.  
        Formatting or reinitializing a disk
      16.  
        Removing a disk
    2. Managing disks
      1.  
        Adding disks to a storage pool
      2.  
        Removing disks from a storage pool
      3.  
        Viewing information about disks
      4.  
        Accessing disk details
      5.  
        Discovering disks
      6.  
        Formatting a disk
    3. Configuring ISCSI
      1.  
        About iSCSI
      2.  
        Configuring the iSCSI initiator
      3.  
        Configuring the iSCSI initiator name
      4.  
        Configuring the iSCSI devices
      5.  
        Configuring discovery on iSCSI
      6.  
        Configuring the iSCSI targets
      7.  
        Modifying tunables for iSCSI
    4. Access Appliance as an iSCSI target
      1.  
        About Access Appliance as an iSCSI target
      2.  
        Managing the iSCSI target service
      3.  
        Managing the iSCSI targets
      4.  
        Managing the LUNs
      5.  
        Managing the mappings with iSCSI initiators
      6.  
        Managing the users
      7.  
        Creating an iSCSI target and provisioning LUNs
      8.  
        Adding an initiator for an iSCSI target
      9.  
        Removing an initiator for an iSCSI target
      10.  
        Adding portal IPs for an iSCSI target
      11.  
        Setting up authentication for an iSCSI target
      12.  
        Viewing the list of initiators for an iSCSI target
      13.  
        Viewing the portal IPs for an iSCSI target
      14.  
        Removing portal IPs for an iSCSI target
      15.  
        Removing authentication settings for an iSCSI target
      16.  
        Removing an iSCSI target
      17.  
        Removing the file system store for an iSCSI target
      18.  
        Viewing the list of LUNs for an iSCSI target
      19.  
        Creating a LUN for an iSCSI target
      20.  
        Increasing the size of a LUN for an iSCSI target
      21.  
        Reducing the size of a LUN for an iSCSI target
      22.  
        Removing a LUN for an iSCSI target
      23.  
        Cloning a LUN for an iSCSI target
      24.  
        Creating a snapshot of a LUN for an iSCSI target
      25.  
        Viewing the list of snapshots for an iSCSI target
      26.  
        Removing a LUN snapshot
      27.  
        Restoring a LUN snapshot
  4. Section IV. Managing Access Appliance file access services
    1. Configuring the NFS server
      1.  
        About using the NFS server with Access Appliance
      2.  
        Using the kernel-based NFS server
      3.  
        Accessing the NFS server
      4.  
        Displaying and resetting NFS statistics
      5.  
        Configuring Access Appliance for ID mapping for NFS version 4
      6.  
        Configuring the NFS client for ID mapping for NFS version 4
      7.  
        About authenticating NFS clients
      8. Setting up Kerberos authentication for NFS clients
        1.  
          Adding and configuring Access Appliance to the Kerberos realm
    2. Using Access Appliance as a CIFS server
      1.  
        About configuring Access Appliance for CIFS
      2.  
        About configuring CIFS for standalone mode
      3.  
        Configuring CIFS server status for standalone mode
      4.  
        Changing security settings
      5. About configuring CIFS for Active Directory (AD) domain mode
        1.  
          Joining Access Appliance to Active Directory (AD)
        2.  
          Verifying that Access Appliance has joined Active Directory (AD) successfully
        3.  
          Using multi-domain controller support in CIFS
        4.  
          About leaving an AD domain
        5.  
          Changing domain settings for AD domain mode
        6.  
          Removing the AD interface
      6.  
        Setting NTLM
      7. About setting trusted domains
        1.  
          Specifying trusted domains that are allowed access to the CIFS server
        2.  
          Allowing trusted domains access to CIFS when setting an IDMAP backend to rid
        3.  
          Allowing trusted domains access to CIFS when setting an IDMAP backend to ldap
        4.  
          Allowing trusted domains access to CIFS when setting an IDMAP backend to hash
        5.  
          Allowing trusted domains access to CIFS when setting an IDMAP backend to ad
        6.  
          About configuring Windows Active Directory as an IDMAP backend for CIFS
        7.  
          Configuring the Active Directory schema with CIFS-schema extensions
        8.  
          Configuring the LDAP client for authentication using the CLI
        9.  
          Setting Active Directory trusted domains
      8.  
        About storing account information
      9.  
        Storing user and group accounts
      10.  
        Reconfiguring the CIFS service
      11.  
        About mapping user names for CIFS/NFS sharing
      12.  
        About the mapuser commands
      13.  
        Adding, removing, or displaying the mapping between CIFS and NFS users
      14.  
        Automatically mapping UNIX users from LDAP to Windows users
      15. About managing home directories
        1.  
          Setting the home directory file systems
        2.  
          Setting up home directories
        3.  
          Displaying home directory usage information
        4.  
          Deleting home directories and disabling creation of home directories
      16. About CIFS clustering modes
        1.  
          About switching the clustering mode
      17. About migrating CIFS shares and home directories
        1.  
          Migrating CIFS shares and home directories from normal to ctdb clustering mode
        2.  
          Migrating CIFS shares and home directories from ctdb to normal clustering mode
      18.  
        Setting the CIFS aio_fork option
      19. About managing local users and groups
        1.  
          Creating a local CIFS user
        2.  
          Configuring a local group
      20.  
        Enabling CIFS data migration
    3. Configuring an FTP server
      1.  
        About FTP
      2.  
        Creating the FTP home directory
      3.  
        Using the FTP server commands
      4.  
        About FTP server options
      5.  
        Customizing the FTP server options
      6.  
        Administering the FTP sessions
      7.  
        Uploading the FTP logs
      8.  
        Administering the FTP local user accounts
      9.  
        About the settings for the FTP local user accounts
      10.  
        Configuring settings for the FTP local user accounts
    4. Using Access Appliance as an Object Store server
      1.  
        About the Object Store server
      2.  
        Use cases for configuring the Object Store server
      3.  
        Configuring the Object Store server
      4.  
        About buckets and objects
      5.  
        File systems used for objectstore buckets
      6.  
        S3 with NFS use case
      7. Configuring the S3 server using GUI
        1.  
          Setting Object Access server default parameters
        2.  
          Setting up the Object Access server group-specific parameters
        3.  
          Viewing information about S3
        4.  
          Provisioning the S3 bucket using GUI
  5. Section V. Managing Access Appliance security
    1. Setting up FIPS mode
      1.  
        FIPS 140-2 conformance for Access Appliance
      2.  
        Viewing FIPS status for Access Appliance
      3.  
        Enabling FIPS for Access Appliance
      4.  
        To enable FIPS using the command-line interface
    2. Configuring STIG
      1.  
        STIG overview for Access Appliance
      2.  
        Enabling OS STIG hardening for Access Appliance
      3.  
        Viewing STIG status of an Access Appliance
      4.  
        Enabling STIG using the command-line interface
  6. Section VI. Monitoring and troubleshooting
    1. Configuring event notifications and audit logs
      1.  
        About troubleshooting
      2.  
        Monitoring command activity
      3.  
        Monitoring alerts
      4. About alert management
        1.  
          Viewing information about alert management
        2.  
          Managing alerts
      5.  
        Monitoring events
      6.  
        Viewing reports
      7.  
        Viewing cluster storage usage
      8.  
        Viewing file system usage
      9.  
        About event notifications
      10.  
        About severity levels and filters
      11.  
        About SNMP notifications
      12.  
        Configuring an email group
      13.  
        Configuring a syslog server
      14.  
        Exporting events in syslog format to a given URL
      15.  
        Displaying events on the console
      16.  
        Configuring events for event reporting
      17.  
        Configuring an SNMP management server
    2. Appliance log files
      1.  
        About appliance log files
      2.  
        Viewing log files using the Support command
      3.  
        Gathering device logs with the DataCollect command
      4.  
        Downloading logs using the Log Transfer Console
      5.  
        Forwarding logs to an external server
  7. Section VII. Provisioning and managing Access Appliance file systems
    1. Creating and maintaining file systems
      1.  
        About creating and maintaining file systems
      2.  
        About encryption at rest
      3. Considerations for creating a file system
        1.  
          Best practices for creating file systems
        2.  
          Choosing a file system layout type
        3.  
          Determining the initial extent size for a file system
        4.  
          About striping file systems
        5.  
          About creating a tuned file system for a specific workload
        6.  
          About FastResync
        7.  
          About fsck operation
        8.  
          Setting retention in files
        9.  
          Setting WORM over NFS
        10.  
          Manually setting WORM-retention on a file over CIFS
        11. About managing application I/O workloads using maximum IOPS settings
          1.  
            Setting the maximum IOPS
      4.  
        Creating a file system
      5.  
        Bringing the file system online or offline
      6.  
        Listing all file systems and associated information
      7. Modifying a file system
        1.  
          Adding or removing a mirror from a file system
        2.  
          Adding or removing a column from a file system
        3.  
          Increasing the size of a file system
        4.  
          Decreasing the size of a file system
      8. Managing a file system
        1.  
          Defragmenting a file system
        2.  
          Checking and repairing a file system
        3.  
          Configuring FastResync for a file system
        4.  
          Disabling the FastResync option for a file system
        5.  
          Checking and resynchronizing stale mirrors
        6.  
          Setting file system alerts
        7.  
          Displaying file system alert values
        8.  
          Removing file system alerts
      9.  
        Destroying a file system
      10.  
        Upgrading disk layout versions
  8. Section VIII. Provisioning and managing Access Appliance shares
    1. Creating shares for applications
      1.  
        About file sharing protocols
      2.  
        About concurrent access
      3.  
        Sharing directories using CIFS and NFS protocols
      4.  
        Sharing a file system as a CIFS home directory
      5.  
        About concurrent access with NFS and S3
    2. Creating and maintaining NFS shares
      1.  
        About NFS file sharing
      2. About the NFS shares
        1.  
          Creating an NFS share with continuous replication
        2.  
          Creating an NFS share with episodic replication
        3.  
          Creating an NFS share with encryption
        4.  
          Creating an NFS share with episodic replication and encryption
        5.  
          Creating an NFS share without replication and encryption
      3.  
        Displaying file systems and snapshots that can be exported
      4.  
        Exporting an NFS share
      5.  
        Displaying exported directories
      6.  
        About managing NFS shares using netgroups
      7.  
        Unexporting a directory or deleting NFS options
      8.  
        Exporting an NFS share for Kerberos authentication
      9.  
        Mounting an NFS share with Kerberos security from the NFS client
      10.  
        Exporting an NFS snapshot
    3. Creating and maintaining CIFS shares
      1.  
        About managing CIFS shares
      2. About the CIFS shares
        1.  
          Creating a CIFS share with continuous replication
        2.  
          Creating a CIFS share with episodic replication
        3.  
          Creating a CIFS share with encryption
        4.  
          Creating a CIFS share with episodic replication and encryption
        5.  
          Creating a CIFS share without replication and encryption
      3.  
        Exporting a directory as a CIFS share
      4.  
        Configuring a CIFS share as secondary storage for an Enterprise Vault store
      5.  
        Exporting the same file system/directory as a different CIFS share
      6.  
        About the CIFS export options
      7.  
        Setting share properties
      8.  
        Displaying CIFS share properties
      9.  
        Hiding system files when adding a CIFS normal share
      10.  
        Allowing specified users and groups access to the CIFS share
      11.  
        Denying specified users and groups access to the CIFS share
      12.  
        Exporting a CIFS snapshot
      13.  
        Deleting a CIFS share
      14.  
        Modifying a CIFS share
      15.  
        Making a CIFS share shadow copy aware
      16. About managing CIFS shares for Enterprise Vault
        1.  
          Creating a CIFS share for Enterprise Vault with replication
        2.  
          Creating a CIFS share for Enterprise Vault without replication
    4. Using Access Appliance with OpenStack
      1.  
        About the Access Appliance integration with OpenStack
      2. About the Access Appliance integration with OpenStack Cinder
        1. About the Access Appliance integration with OpenStack Cinder architecture
          1. Access Appliance NFS-based Cinder driver
            1.  
              Configuring Access Appliance with OpenStack Cinder
          2.  
            Access Appliance iSCSI based Cinder driver
        2.  
          Configuring OpenStack Cinder
      3. About the Access Appliance integration with OpenStack Manila
        1.  
          OpenStack Manila use cases
        2.  
          Configuring Access Appliance with OpenStack Manila
        3.  
          Creating a new share backend on the OpenStack controller node
        4.  
          Creating an OpenStack Manila share type
        5.  
          Creating an OpenStack Manila file share
        6.  
          Creating an OpenStack Manila share snapshot
    5. Integrating Access Appliance with Data Insight
      1.  
        Access Appliance integration with Data Insight
  9. Section IX. Managing Access Appliance storage services
    1. Compressing files
      1. About compressing files
        1.  
          About the compressed file format
        2.  
          About the file compression attributes
        3.  
          About the file compression block size
      2.  
        Best practices for using compression
      3.  
        Use cases for compressing files
      4. Compression tasks
        1.  
          Compressing files
        2.  
          Showing the scheduled compression job
        3.  
          Scheduling compression jobs
        4.  
          Listing compressed files
        5.  
          Uncompressing files
        6.  
          Modifying the scheduled compression
        7.  
          Removing the specified schedule
        8.  
          Stopping the schedule for a file system
        9.  
          Removing the pattern-related rule for a file system
        10.  
          Removing the modified age related rule for a file system
    2. Configuring episodic replication
      1.  
        About Access Appliance episodic replication
      2.  
        How Access Appliance Replication works
      3.  
        Starting Access Appliance episodic replication
      4.  
        Setting up communication between the source and the destination clusters
      5.  
        Setting up the file systems to replicate
      6.  
        Setting up files to exclude from an episodic replication unit
      7.  
        Scheduling the episodic replication
      8.  
        Defining what to replicate
      9.  
        About the maximum number of parallel episodic replication jobs
      10.  
        Managing an episodic replication job
      11.  
        Replicating compressed data
      12.  
        Displaying episodic replication job information and status
      13.  
        Synchronizing an episodic replication job
      14.  
        Behavior of the file systems on the episodic replication destination target
      15.  
        Accessing file systems configured as episodic replication destinations
      16. Episodic replication job failover and failback
        1.  
          Process summary
        2.  
          Overview of the planned failover process
        3.  
          Overview of the planned failback process
        4.  
          Overview of the unplanned failover process
        5.  
          Overview of the unplanned failback process
    3. Configuring continuous replication
      1.  
        About Access Appliance continuous replication
      2. How Access Appliance continuous replication works
        1.  
          How data flows in continuous replication synchronous mode
        2.  
          How data flows in continuous replication asynchronous mode
      3.  
        Starting Access Appliance continuous replication
      4.  
        Setting up communication between the source and the target clusters
      5.  
        Setting up the file system to replicate
      6.  
        Managing continuous replication
      7.  
        Displaying continuous replication information and status
      8.  
        Unconfiguring continuous replication
      9. Continuous replication failover and failback
        1.  
          Process summary
        2.  
          Overview of the planned failover process
        3.  
          Overview of the planned failback process
        4.  
          Overview of the unplanned failover process
        5.  
          Overview of the unplanned failback process
      10.  
        Addition of multiple file systems to a Replicated Volume Group
    4. Using snapshots
      1.  
        About snapshots
      2.  
        Creating snapshots
      3.  
        Displaying snapshots
      4.  
        Managing disk space used by snapshots
      5.  
        Bringing snapshots online or taking snapshots offline
      6.  
        Restoring a snapshot
      7.  
        About snapshot schedules
      8.  
        Configuring snapshot schedules
      9.  
        Managing automated snapshots
    5. Using instant rollbacks
      1.  
        About instant rollbacks
      2.  
        Creating a space-optimized rollback
      3.  
        Creating a full-sized rollback
      4.  
        Listing Access Appliance instant rollbacks
      5.  
        Restoring a file system from an instant rollback
      6.  
        Refreshing an instant rollback from a file system
      7.  
        Bringing an instant rollback online
      8.  
        Taking an instant rollback offline
      9.  
        Destroying an instant rollback
      10.  
        Creating a shared cache object for Access Appliance instant rollbacks
      11.  
        Listing cache objects
      12.  
        Destroying a cache object of a Access Appliance instant rollback
  10. Section X. Reference
    1. Appendix A. Access Appliance documentation
      1.  
        Using the Access Appliance product documentation
      2.  
        About accessing the online man pages
  11.  
    Index

Exporting an NFS share

You can export an NFS share with the specified NFS options that can then be accessed by one or more client systems.

If you add a directory that has already been exported with a different NFS option (rw, ro, async, or secure, for example), Access Appliance provides a warning message saying that the directory has already been exported. Access Appliance updates (overwrite) the old NFS options with the new NFS options.

Directory options appear in parentheses.

If a client was not specified when the NFS> share add command was used, then * is displayed as the system to be exported to, indicating that all clients can access the directory.

Directories that have been exported to multiple clients appear as separate entries. Directories that are exported to <world> and other specific clients also appear as separate entries.

For example:

Consider the following set of exported directories where only the client (1.1.1.1) has read-write access to directory (fs2), while all other clients have read access only.

/vx/fs2        * (ro)
/vx/fs2  1.1.1.1 (rw)

When sharing a directory, Access Appliance does not check whether the client exists or not. If you add a share for an unknown client, then an entry appears in the NFS> show command output.

The NFS> show fs command displays the list of exportable file systems. If a directory does not exist, the directory is automatically created and exported when you try to export it.

Valid NFS options include the following:

rw

Grants read and write permission to the directory (including all files under the directory that reside on the exported directory's file system). Hosts mounting this directory will be able to make changes to the directory.

ro (Default)

Grants read-only permission to the directory. Hosts mounting this directory will not be able to change it.

sync (Default)

Grants synchronous write access to the directory. Forces the server to perform a disk write before the request is considered complete.

async

Grants asynchronous write access to the directory. Allows the server to write data to the disk when appropriate.

secure (Default)

Grants secure access to the directory. Requires that clients originate from a secure port. A secure port is between 1-1024.

insecure

Grants insecure access to the directory. Permits client requests to originate from unprivileged ports (those above 1024).

secure_locks (Default)

Requires authorization of all locking requests.

insecure_locks

Some NFS clients do not send credentials with lock requests, and therefore work incorrectly with secure_locks, in which case you can only lock world-readable files. If you have such clients, either replace them with better ones, or use the insecure_locks option.

root_squash (Default)

Prevents the root user on an NFS client from having root privileges on an NFS mount.

This effectively "squashes" the power of the remote root user to the lowest local user, preventing remote root users from acting as though they were the root user on the local system.

no_root_squash

Disables the root_squash option. Allows root users on the NFS client to have root privileges on the NFS server.

wdelay (Default)

Causes the NFS server to delay writing to the disk if another write request is imminent. This can improve performance by reducing the number of times the disk must be accessed by separate write commands, reducing write overhead.

Note:

The wdelay option is deprecated, and is supported for backward-compatibility only.

no_wdelay

Disables the wdelay option.

The no_wdelay option has no effect if the async option is also set.

Note:

The no_wdelay option is deprecated, and is supported for backward-compatibility only. Using the no_wdelay option is always effective.

subtree_check

Verifies that the requested file is in an exported subdirectory. If this option is turned off, the only verification is that the file is in an exported file system.

no_subtree_check (Default)

Sometimes subtree checking can produce problems when a requested file is renamed while the client has the file open. If many such situations are anticipated, it might be better to set no_subtree_check. One such situation might be the export of the home directory. Most other situations are best handled with subtree_check.

fsid (Default)

Allows the Access Appliance administrator to associate a specific number as fsid with the share.

nordirplus

Allows you to disable a readdirplus remote procedure call (RPC).

sec

Specifies the Kerberos security options for exporting an NFS share. The value can be krb5, krb5i , krb5p, or sys. The sys option does not provide Kerberos authentication. The other options use Kerberos V5 to authenticate users to the NFS server.

Note:

With root_squash, the root user can access the share, but with 'nobody' permissions.

To export a directory/file system

  1. To see your exportable online file systems and snapshots, enter the following: 
    NFS> show fs
  2. To see your NFS shares and their options, enter the following:
    NFS> share show
  3. To export a directory, enter the following command:
    NFS> share add nfsoptions export_dir [client]

    nfsoptions

    Comma-separated list of export options from the set.

    export_dir

    Specifies the name of the directory you want to export.

    The directory name should start with /vx, and only a-zA-Z0-9_/@+=.:- characters are allowed for export_dir.

    client

    Clients may be specified in the following ways:

    • Single host - specify a host either by an abbreviated name that is recognized by the resolver (DNS is the resolver), the fully qualified domain name, or an IP address.

    • Netgroups - specify netgroups as @group. Only the host part of each netgroup member is considered for checking membership.

    • IP networks - specify an IP address and netmask pair (address/netmask) to simultaneously export directories to all hosts on an IP sub-network. Specify the netmask as a contiguous mask length. You can specify either an IPv4 address or an IPv6 address.

    If the client is not given, then the specified directory can be mounted or accessed by any client. To re-export new options to an existing share, the new options will be updated after the command is run.