Veritas Access Appliance 8.2 Administrator's Guide

Last Published:
Product(s): Appliances (8.2)
Platform: Veritas 3340,Veritas 3350,Veritas 3360
  1. Section I. Introducing Access Appliance
    1. Introducing Access Appliance
      1.  
        About Access Appliance
      2.  
        About the Access Appliance Dashboard
      3. Getting started with the Access CLISH
        1.  
          Accessing the Access CLISH
        2.  
          Navigating the Access CLISH
        3.  
          Getting help using the Access CLISH
        4.  
          Displaying the command history
        5.  
          Using the more command
      4.  
        Getting started with Access Appliance APIs
  2. Section II. Configuring Access Appliance
    1. Managing users
      1.  
        About user management
      2.  
        About the naming requirements for adding new users
      3.  
        About the naming requirements when assigning roles to domain users
      4.  
        Adding and removing user roles using GUI
      5.  
        Performing user management using CLISH
    2. Managing licenses
      1.  
        About Access Appliance licenses
      2.  
        Managing licenses from the GUI
      3.  
        Managing licenses from the command-line interface
    3. Configuring the network
      1.  
        About configuring the Access Appliance network
      2.  
        About bonding Ethernet interfaces
      3.  
        Bonding Ethernet interfaces
      4.  
        Considerations for configuration a LACP bond
      5.  
        Configuring DNS settings
      6.  
        About Ethernet interfaces
      7.  
        Displaying current Ethernet interfaces and states
      8.  
        Configuring IP addresses
      9.  
        Configuring IP addresses and FQDNs in a non-DNS environment
      10.  
        Configuring VLAN interfaces
      11.  
        Configuring NIC devices
      12.  
        About configuring routing tables
      13.  
        Configuring routing tables
      14.  
        Changing the firewall settings
      15.  
        Configuring Access Appliance in IPv4 and IPv6 mixed mode
      16.  
        Support for multiple data subnets
      17.  
        Adding console FQDN to the network and accessing the GUI using the console FQDN
    4. Configuring authentication services
      1.  
        About configuring LDAP settings
      2.  
        Configuring LDAP server settings
      3.  
        Administering the Access Appliance cluster's LDAP client
      4.  
        About Active Directory (AD)
      5.  
        Configuring AD server settings
      6.  
        Configuring entries for Access Appliance DNS for authenticating to Active Directory (AD)
      7.  
        Configuring AD/LDAP using the GUI
      8.  
        Configuring NSS lookup order
      9.  
        Sign-in options for the Access Appliance UI
      10. Configuring user authentication using digital certificates or smart cards
        1.  
          Adding CA certificates for smart card authentication
        2.  
          Deleting CA certificates
  3. Section III. Managing Access Appliance storage
    1. Configuring storage
      1.  
        About storage provisioning and management
      2.  
        About configuring disks
      3.  
        About configuring storage pools
      4.  
        Configuring storage pools
      5.  
        About quotas for usage
      6.  
        Enabling, disabling, and displaying the status of file system quotas
      7.  
        Setting and displaying file system quotas
      8.  
        Setting user quotas for users of specified groups
      9.  
        About quotas for CIFS home directories
      10.  
        Workflow for configuring and managing storage using the Access Appliance CLI
      11.  
        Displaying information for all disk devices associated with the nodes in a cluster
      12.  
        Displaying WWN information
      13.  
        Importing new LUNs forcefully for new or existing pools
      14.  
        Initiating host discovery of LUNs
    2. Managing disks
      1.  
        Adding disks to a storage pool
      2.  
        Removing disks from a storage pool
      3.  
        Viewing information about disks
      4.  
        Accessing disk details
      5.  
        Discovering disks
      6.  
        Formatting a disk
    3. Access Appliance as an iSCSI target
      1.  
        About Access Appliance as an iSCSI target
      2.  
        Managing the iSCSI target service
      3.  
        Managing the iSCSI targets
      4.  
        Managing the LUNs
      5.  
        Managing the mappings with iSCSI initiators
      6.  
        Managing the users
      7.  
        Creating an iSCSI target and provisioning LUNs
  4. Section IV. Managing Access Appliance file access services
    1. Configuring the NFS server
      1.  
        About using the NFS server with Access Appliance
      2.  
        Using the kernel-based NFS server
      3.  
        Accessing the NFS server
      4.  
        Displaying and resetting NFS statistics
      5.  
        Configuring Access Appliance for ID mapping for NFS version 4
      6.  
        Configuring the NFS client for ID mapping for NFS version 4
      7.  
        About authenticating NFS clients
      8. Setting up Kerberos authentication for NFS clients
        1.  
          Adding and configuring Access Appliance to the Kerberos realm
    2. Using Access Appliance as a CIFS server
      1.  
        About configuring Access Appliance for CIFS
      2. About configuring CIFS for Active Directory (AD) domain mode
        1.  
          Joining Access Appliance to Active Directory (AD)
        2.  
          Verifying that Access Appliance has joined Active Directory (AD) successfully
        3.  
          Using multi-domain controller support in CIFS
        4.  
          About leaving an AD domain
        5.  
          Changing domain settings for AD domain mode
        6.  
          Removing the AD interface
      3.  
        Adding an SPN entry on the Windows client
      4. About setting trusted domains
        1.  
          Specifying trusted domains that are allowed access to the CIFS server
        2.  
          Allowing trusted domains access to CIFS
        3.  
          Setting Active Directory trusted domains
      5.  
        About storing account information
      6.  
        Storing user and group accounts
      7.  
        Reconfiguring the CIFS service
      8.  
        About mapping user names for CIFS/NFS sharing
      9.  
        About the mapuser commands
      10.  
        Adding, removing, or displaying the mapping between CIFS and NFS users
      11.  
        Automatically mapping UNIX users from LDAP to Windows users
      12. About managing home directories
        1.  
          Setting the home directory file systems
        2.  
          Setting up home directories
        3.  
          Displaying home directory usage information
        4.  
          Deleting home directories and disabling creation of home directories
      13. About CIFS clustering modes
        1.  
          About switching the clustering mode
      14. About migrating CIFS shares and home directories
        1.  
          Migrating CIFS shares and home directories from normal to ctdb clustering mode
        2.  
          Migrating CIFS shares and home directories from ctdb to normal clustering mode
      15.  
        Setting the CIFS aio_fork option
      16.  
        Enabling CIFS data migration
    3. Using Access Appliance as an Object Store server
      1.  
        About the Object Store server
      2.  
        Use cases for configuring the Object Store server
      3.  
        Configuring the Object Store server
      4.  
        About buckets and objects
      5.  
        File systems used for objectstore buckets
      6.  
        Enabling WORM on buckets
      7.  
        Object Access SSL certificate
      8.  
        Object Access endpoints
      9.  
        S3 with NFS use case
      10.  
        S3 with NSP use case
      11. Configuring the S3 server using GUI
        1.  
          Setting Object Access server default parameters
        2.  
          Setting up the Object Access server group-specific parameters
        3.  
          Viewing information about S3
        4.  
          Provisioning the S3 bucket using GUI
  5. Section V. Managing Access Appliance security
    1. Managing security
      1.  
        Security overview
      2.  
        About the security meter
    2. Setting up FIPS mode
      1.  
        FIPS 140-2 conformance for Access Appliance
      2.  
        Viewing FIPS status for Access Appliance
      3.  
        Enabling FIPS for Access Appliance
      4.  
        Disabling FIPS mode for NetBackup MSDP
      5.  
        Managing the FIPS mode using the command-line interface
    3. Configuring STIG
      1.  
        STIG overview for Access Appliance
      2.  
        Enabling OS STIG hardening for Access Appliance
      3.  
        Viewing STIG status of an Access Appliance
      4.  
        Enabling STIG using the command-line interface
    4. Setting the banner
      1.  
        Managing the login banner using the UI
      2.  
        Managing the banner from the command-line interface
    5. Setting the password policy
      1.  
        Managing the password policy using the UI
      2.  
        Managing the password policy from the command-line interface
    6. Immutability in Access Appliance
      1.  
        Support for immutability in Access Appliance
      2.  
        About lockdown modes
      3.  
        Selecting or changing the lockdown mode
      4.  
        Accessing the root shell in lockdown mode
      5.  
        Configuring immutability using GUI
    7. Deploying certificates on Access Appliance
      1.  
        About system certificates on Access Appliance
      2.  
        About external certificates on Access Appliance
      3.  
        Deploying ECA using the GUI
      4.  
        Log locations
    8. Single Sign-On (SSO)
      1.  
        About single sign-on (SSO) configuration
      2.  
        Configuring SSO on Access Appliance
      3.  
        Limitations and log locations
    9. Configuring multifactor authentication
      1.  
        About multifactor authentication
      2.  
        Considerations when configuring multifactor authentication
      3.  
        Configuring multifactor authentication for your user account
      4.  
        Disabling multifactor authentication for your user account
      5.  
        Enforcing multifactor authentication for all users
      6.  
        Configuring multifactor authentication for your user account when it is enforced in the cluster
      7.  
        Resetting multifactor authentication for a user
  6. Section VI. Monitoring and troubleshooting
    1. Monitoring the appliance
      1.  
        Testing the appliance hardware
      2. About Veritas AutoSupport on the Access Appliance
        1.  
          Setting up AutoSupport on the appliance
        2.  
          Using a proxy server with the appliance
      3.  
        Setting up email notifications on the appliance
      4.  
        Setting up SNMP notifications on the appliance
    2. Configuring event notifications and audit logs
      1.  
        About troubleshooting
      2.  
        Monitoring command activity
      3.  
        Monitoring alerts
      4. About alert management
        1.  
          Viewing information about alert management
        2.  
          Managing alerts
      5.  
        Monitoring events
      6.  
        Viewing reports
      7.  
        Viewing cluster storage usage
      8.  
        Viewing file system usage
      9.  
        About event notifications
      10.  
        About severity levels and filters
      11.  
        About SNMP notifications
      12.  
        Configuring a syslog server
      13.  
        Displaying events on the console
    3. Appliance log files
      1.  
        About appliance log files
      2. Gathering device logs with the DataCollect command
        1.  
          Collecting default and additional diagnostic logs
      3.  
        Downloading logs using the Log Transfer Console
      4. Forwarding logs to an external server
        1.  
          Configuring log forwarding using the UI
        2.  
          Modifying log forwarding settings using the UI
        3.  
          Removing log forwarding using the UI
        4.  
          Setting up log forwarding using the command-line interface
        5.  
          Viewing the configured settings from the appliance shell menu
  7. Section VII. Provisioning and managing Access Appliance file systems
    1. Creating and maintaining file systems
      1.  
        About creating and maintaining file systems
      2.  
        About encryption at rest
      3. Considerations for creating a file system
        1.  
          Best practices for creating file systems
        2.  
          Choosing a file system layout type
        3.  
          Determining the initial extent size for a file system
        4.  
          About striping file systems
        5.  
          About FastResync
        6.  
          About fsck operation
        7.  
          Enabling WORM on a file system
        8.  
          Setting retention in files
        9.  
          Setting WORM over NFS
        10.  
          Manually setting WORM-retention on a file over CIFS
        11. About managing application I/O workloads using maximum IOPS settings
          1.  
            Setting the maximum IOPS
      4.  
        Creating a file system
      5.  
        Bringing the file system online or offline
      6.  
        Listing all file systems and associated information
      7. Modifying a file system
        1.  
          Adding or removing a mirror from a file system
        2.  
          Adding or removing a column from a file system
        3.  
          Increasing the size of a file system
        4.  
          Decreasing the size of a file system
      8. Managing a file system
        1.  
          Defragmenting a file system
        2.  
          Checking and repairing a file system
        3.  
          Configuring FastResync for a file system
        4.  
          Disabling the FastResync option for a file system
        5.  
          Checking and resynchronizing stale mirrors
        6.  
          Setting file system alerts
        7.  
          Displaying file system alert values
        8.  
          Removing file system alerts
      9.  
        Destroying a file system
      10.  
        Upgrading disk layout versions
  8. Section VIII. Provisioning and managing Access Appliance shares
    1. Creating shares for applications
      1.  
        About file sharing protocols
      2.  
        About concurrent access
      3.  
        Sharing directories using CIFS and NFS protocols
      4.  
        Sharing a file system as a CIFS home directory
      5.  
        About concurrent access with NFS and S3
    2. Creating and maintaining NFS shares
      1.  
        About NFS file sharing
      2. About the NFS shares
        1.  
          Creating an NFS share with continuous replication
        2.  
          Creating an NFS share with episodic replication
        3.  
          Creating an NFS share with encryption
        4.  
          Creating an NFS share with episodic replication and encryption
        5.  
          Creating an NFS share without replication and encryption
      3.  
        Displaying file systems and snapshots that can be exported
      4.  
        Exporting an NFS share
      5.  
        Displaying exported directories
      6.  
        About managing NFS shares using netgroups
      7.  
        Unexporting a directory or deleting NFS options
      8.  
        Exporting an NFS share for Kerberos authentication
      9.  
        Mounting an NFS share with Kerberos security from the NFS client
      10.  
        Exporting an NFS snapshot
    3. Creating and maintaining CIFS shares
      1.  
        About managing CIFS shares
      2. About the CIFS shares
        1.  
          Creating a CIFS share with continuous replication
        2.  
          Creating a CIFS share with episodic replication
        3.  
          Creating a CIFS share with encryption
        4.  
          Creating a CIFS share with episodic replication and encryption
        5.  
          Creating a CIFS share without replication and encryption
      3.  
        Exporting a directory as a CIFS share
      4.  
        Configuring a CIFS share as secondary storage for an Enterprise Vault store
      5.  
        Exporting the same file system/directory as a different CIFS share
      6.  
        About the CIFS export options
      7.  
        Setting share properties
      8.  
        Displaying CIFS share properties
      9.  
        Hiding system files when adding a CIFS normal share
      10.  
        Allowing specified users and groups access to the CIFS share
      11.  
        Denying specified users and groups access to the CIFS share
      12.  
        Exporting a CIFS snapshot
      13.  
        Deleting a CIFS share
      14.  
        Modifying a CIFS share
      15.  
        Making a CIFS share shadow copy aware
      16. About managing CIFS shares for Enterprise Vault
        1.  
          Creating a CIFS share for Enterprise Vault with episodic replication
        2.  
          Creating a CIFS share for Enterprise Vault with continuous replication
        3.  
          Creating a CIFS share for Enterprise Vault without replication
    4. Integrating Access Appliance with Data Insight
      1.  
        Access Appliance integration with Data Insight
  9. Section IX. Managing Access Appliance storage services
    1. Configuring episodic replication
      1.  
        About Access Appliance episodic replication
      2.  
        How Access Appliance Replication works
      3.  
        Starting Access Appliance episodic replication
      4.  
        Setting up communication between the source and the destination clusters
      5.  
        Setting up the file systems to replicate
      6.  
        Setting up files to exclude from an episodic replication unit
      7.  
        Scheduling the episodic replication
      8.  
        Defining what to replicate
      9.  
        About the maximum number of parallel episodic replication jobs
      10.  
        Managing an episodic replication job
      11.  
        Replicating compressed data
      12.  
        Displaying episodic replication job information and status
      13.  
        Synchronizing an episodic replication job
      14.  
        Behavior of the file systems on the episodic replication destination target
      15.  
        Accessing file systems configured as episodic replication destinations
      16. Configuring an episodic replication job using the GUI
        1.  
          Enabling or disabling an episodic replication job
        2.  
          Synchronizing an episodic replication job
        3.  
          Failing over or failing back an episodic replication job
        4.  
          Unconfiguring an episodic replication job
      17. Episodic replication job failover and failback
        1.  
          Process summary
        2.  
          Overview of the planned failover process
        3.  
          Overview of the planned failback process
        4.  
          Overview of the unplanned failover process
        5.  
          Overview of the unplanned failback process
    2. Configuring continuous replication
      1.  
        About Access Appliance continuous replication
      2. How Access Appliance continuous replication works
        1.  
          How data flows in continuous replication synchronous mode
        2.  
          How data flows in continuous replication asynchronous mode
      3.  
        Starting Access Appliance continuous replication
      4.  
        Setting up communication between the source and the destination clusters
      5.  
        Setting up the file system to replicate
      6.  
        Managing continuous replication
      7.  
        Displaying continuous replication information and status
      8.  
        Unconfiguring continuous replication
      9.  
        Preserving the file system on the destination cluster
      10.  
        Cloud tiering with continuous replication
      11.  
        Configuring Enterprise Vault with continuous replication
      12. Configuring a continuous replication job using the GUI
        1.  
          Stopping or starting a continuous replication job
        2.  
          Pausing and resuming a continuous replication job
        3.  
          Failing over or failing back a continuous replication job
        4.  
          Unconfiguring a continuous replication job
      13. Continuous replication failover and failback
        1.  
          Process summary
        2.  
          Overview of the planned failover process
        3.  
          Overview of the planned failback process
        4.  
          Overview of the unplanned failover process
        5.  
          Overview of the unplanned failback process
      14.  
        Addition of multiple file systems to a Replicated Volume Group
    3. Using snapshots
      1.  
        About snapshots
      2.  
        Enabling WORM on storage snapshots
      3.  
        Creating snapshots
      4.  
        Displaying snapshots
      5.  
        Managing disk space used by snapshots
      6.  
        Bringing snapshots online or taking snapshots offline
      7.  
        Restoring a snapshot
      8.  
        About snapshot schedules
      9.  
        Configuring snapshot schedules
      10.  
        Managing automated snapshots
    4. Using instant rollbacks
      1.  
        About instant rollbacks
      2.  
        Creating a space-optimized rollback
      3.  
        Creating a full-sized rollback
      4.  
        Listing Access Appliance instant rollbacks
      5.  
        Restoring a file system from an instant rollback
      6.  
        Refreshing an instant rollback from a file system
      7.  
        Bringing an instant rollback online
      8.  
        Taking an instant rollback offline
      9.  
        Destroying an instant rollback
      10.  
        Creating a shared cache object for Access Appliance instant rollbacks
      11.  
        Listing cache objects
      12.  
        Destroying a cache object of a Access Appliance instant rollback
  10. Section X. Reference
    1. Appendix A. Access Appliance documentation
      1.  
        Using the Access Appliance product documentation
      2.  
        About accessing the online man pages
  11.  
    Index

Configuring the Object Store server

This section describes how to configure the Object Store server.

Note:

The IPs used by S3 server must be different from the virtual IP used by the Veritas Data Deduplication server.

To configure the Object Store server

  1. Log on to Access Appliance using the Access Appliance command-line interface.
  2. You can either use an existing pool or create a default storage pool (at least one) on the cluster.

    You can see the list of existing pools using the storage pool list command.

    You can create a new pool using the storage create pool command.

    storage> pool create pool1 disk1,disk2,disk3,disk4
  3. Use the storage pool that was created in Step 2 as the default object access pool.

    You need to set the default pool, as it is required for enabling the Object Store server.

    objectaccess> set pools pool1

    Note:

    Based on your storage requirements, you can configure different types of storage pools by using the Object Store group commands.

  4. Verify the configured storage pool.
    objectaccess> show
  5. Enable and start the Object Store server. 
    objectaccess> server enable
    objectaccess> server start
  6. Configure the cluster using any authentication server (AD or LDAP).

    See the following manual pages for more information on configuring AD or LDAP:

    • CLISH> network man ldap
    • CLISH> network man ad
  7. Create the access and secret keys for the authorized user, or any user in the authentication server.

    You have two options for creating the access and the secret keys, either using the Access Appliance RESTful APIs or by using the Access Appliance helper script.

    Create the access and secret keys using the Access Appliance RESTful APIs:

    • Before using the Access Appliance RESTful APIs, set the host name resolution for the host as shown in the objectaccess> show output against ADMIN_URL.

    • See the Access Appliance Object Access API Guide on the SORT site for accessing the Object Store server (S3) user management APIs.

    • After creating your access and secret key, you can create a bucket using the S3 API.

    Create the access and the secret keys using the Access Appliance helper script:

    • Add the ADMIN_URL name in your /etc/hosts file.

      Where the ADMIN_URL is admin.<cluster_name> and the port is 8144. This url should point to the Access Appliance management console IP address.

    • Location of the helper script: /opt/VRTSnas/scripts/utils/objectaccess/objectaccess_client.py

    • The Access Appliance helper script can be used from any client system that has Python installed.

    • To run the script, your S3 client needs to have the argparse and requests Python modules.

      If these modules are missing, install both these modules using pip or easy_install.

    • If the Object Store server is enabled without the SSL option, you need to add the --insecure option.

      clus_01 ~# ./objectaccess_client.py --server 
admin.clus:8144 --username <uname> --create_key --insecure

    • Create the access and the secret key using the Access Appliance helper script by providing the username, password, and ADMIN_URL (check the online Help of the Access Appliance helper script for all of the provided operations like list key and delete key).

      Create a secret key:

      clus_01:~ # ./objectaccess_client.py --create_key 
--server admin.clus:8144 --username localuser1 --password root123 
--insecure
UserName                : localuser1
AccessKeyId             : Y2FkODU2NTU2MjVhYzV
Status                  : Active
SecretAccessKey         : ODk0YzQxMDhkMmRjM2M5OTUzNjI5OWIzMDgyNzY

      The <localuser1> is the local user created on both the Access Appliance cluster nodes with same unique ID.

      List a secret key for the specified user:

      clus_01:~ # ./objectaccess_client.py --list_key --server 
admin.clus:8144 --username localuser2 --password root123 --insecure

      Delete a secret key for the specified user:

      clus_01:~ # ./objectaccess_client.py --delete_key 
ZTkyNDdjZTViM2EyMWZ --server admin.clus:8144 --username localuser2 
--password root123 --insecure
  8. Use the following objectaccess command to see all the existing access and secret keys in the Access Appliance cluster:
    objectaccess> account user show
Changing the Object Store server options

It is possible to change an already set parameter or set new parameters by specifying different options. For example, you can change the other Object Store server defaults, such as fs_type, fs_size, and other options.

After setting the defaults, you can verify whether the proper value is assigned or not.

objectaccess> set fs_type
mirrored mirrored-stripe simple striped striped-mirror
objectaccess> set fs_type simple
ACCESS ObjectAccess INFO V-288-0 Set fs_type successful.
objectaccess> set fs_size 2G
ACCESS ObjectAccess INFO V-288-0 Set operation successful.
objectaccess> show
Name           Value
=============  =========================

Server Status   Enabled
Admin_URL       http://endpoint1:8144
S3_URL          http://dataendpoint:8143
admin_port      8144
s3_port         8143
ssl             no
max_s3_threads  8
pools           pool_default
fs_size         2g
fs_type         simple
fs_blksize      8192
fs_pdirenable   yes
fs_encrypt      off
fs_worm         yes
retention_min   3600s
retention_max   36000s
Using the group option for bucket creation

If you have multiple users, and you want to set different default values for different sets of users, you can use the group option.

You can also use the group option to use the existing file systems for bucket creation instead of creating a new file system for every bucket. If you set the group fs_sharing option to yes, and if any request for bucket creation comes from a user who is part of that group, then the S3 server searches for any existing file system created by the specific group user. If an existing file system is found, it uses the existing file system. Otherwise, it creates a new file system for the bucket.

To use the group option

  1. Create a group in the authentication server (AD/LDAP) and add the required users to that group.
  2. Set the group specific configuration for the group created in the authentication server.
  3. Set or unset the defaults per your requirements.
    objectaccess>  group set fs_type simple VRTS-grp
ACCESS ObjectAccess INFO V-288-0 Group set fs-type successful.
    objectaccess> group set pool VRTS-grp pool1
ACCESS ObjectAccess INFO V-288-0 Success.
    objectaccess>  group show
Group Name   Fs Sharing   Fs Size   Fs Type   Pool(s)
===========  ===========  ========  ========  ========
VRTS-grp     -            -         simple    pool1
    objectaccess> group show
Group Name   Fs Sharing   Fs Size   Fs Type   Pool(s)
===========  ===========  ========  ========  ========
VRTS-grp     -            -         -         pool1