EMC Atmos Administrator’s Guide...EMC Corporation Corporate Headquarters: Hopkinton, MA 01748-9103 1-508-435-1000 EMC® Atmos Version 1.3.2 Administrator’s Guide REV A01 EMC Atmos

EMC® Atmos™

Version 1.3.2

Administrator’s Guide

REV A01

EMC CorporationCorporate Headquarters:

Hopkinton, MA 01748-9103

1-508-435-1000www.EMC.com

2

Copyright © 2008 - 2010 EMC Corporation. All rights reserved.

Published June, 2010

EMC believes the information in this publication is accurate as of its publication date. The information issubject to change without notice.

THE INFORMATION IN THIS PUBLICATION IS PROVIDED “AS IS.” EMC CORPORATION MAKES NOREPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THISPUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY ORFITNESS FOR A PARTICULAR PURPOSE.

Use, copying, and distribution of any EMC software described in this publication requires an applicablesoftware license.

For the most up-to-date regulatory document for your product line, go to the Technical Documentation andAdvisories section on EMC Powerlink.

For the most up-to-date listing of EMC product names, see EMC Corporation Trademarks on EMC.com.

All other trademarks used herein are the property of their respective owners.

EMC Atmos Version 1.3.2 Administrator’s Guide

Contents

PrefaceIntroduction ......................................................................................... 8

Chapter 1 Administrative RolesRoles.................................................................................................... 12

SecurityAdmin ........................................................................... 12SysAdmin.................................................................................... 12TenantAdmin ............................................................................. 12SubtenantAdmin........................................................................ 13

Authentication................................................................................... 13Logging In.......................................................................................... 14

SecurityAdmin and SysAdmin Login .................................... 14TenantAdmin and SubtenantAdmin Login........................... 15

Dashboards ........................................................................................ 16Security Dashboard ................................................................... 16System Dashboard..................................................................... 17Tenant Dashboard ..................................................................... 18Subtenant Dashboard................................................................ 19

SecurityAdmin Tasks ....................................................................... 20Modifying the SecurityAdmin................................................. 20Creating a SysAdmin ................................................................ 20Deleting a SysAdmin ................................................................ 22

Chapter 2 Managing RMGsMaster node ....................................................................................... 24Viewing Details about an RMG ...................................................... 24Adding an RMG................................................................................ 25Adding an Additional IS to an Existing RMG.............................. 25

EMC Atmos Version 1.3.2 Administrator’s Guide 1

Contents

Adding Additional Nodes to an RMG .......................................... 31Viewing and Managing Details for a Node in an RMG.............. 32

Chapter 3 Configuring System SettingsModifying a SysAdmin.................................................................... 36Updating the Software Serial Number .......................................... 36Configuring NTP (Network Time Protocol)................................. 37Configuring a Federation Target.................................................... 37Configuring Security System-wide (Enabling/Disabling SSL) . 39Configuring SSL Certificates System-wide................................... 40Configuring MDS Remote Replication.......................................... 41

Chapter 4 Managing TenantsListing Tenants.................................................................................. 44Creating a Tenant.............................................................................. 45

Controlling the Tenant Namespace Directory Structure..... 45Default Policy............................................................................. 45How to create a tenant .............................................................. 46Configuring an LDAP Server for Remote Authentication .. 47

Renaming a Tenant........................................................................... 49Creating a TenantAdmin................................................................. 50Modifying a TenantAdmin ............................................................. 53Deleting a TenantAdmin ................................................................. 54Adding Nodes to a Tenant .............................................................. 55

Require SSL for Web Service connections.............................. 57Configuring SSL Certificates for a Tenant ............................. 57

Chapter 5 Managing SubtenantsListing Subtenants ............................................................................ 62Creating a Subtenant ........................................................................ 62

Controlling the Subtenant Namespace Directory Structure 62How to create a subtenant........................................................ 63

Renaming or Modifying a Subtenant............................................. 64Creating a Unique ID and Assigning it to a Subtenant............... 66Creating a SubtenantAdmin ........................................................... 66Deleting a SubtenantAdmin............................................................ 69

Chapter 6 Managing PoliciesOverview............................................................................................ 72Policy-based Data Storage ............................................................... 72

EMC Atmos Version 1.3.2 Administrator’s Guide2

Contents

Default policy..................................................................................... 74Policy Specifications ......................................................................... 75

Metadata location....................................................................... 75Replicas........................................................................................ 77Retention/Deletion.................................................................... 83

Policy Selectors .................................................................................. 84Assigning a Policy Selector to a Subtenant.................................... 87Reordering Policies ........................................................................... 87

Chapter 7 System Monitoring, Events, & ReportingOverview ............................................................................................ 90Operational Reporting Framework ................................................ 90Alerts ................................................................................................... 94Email alerts......................................................................................... 94SNMP support ................................................................................... 96

SNMP traps................................................................................. 96Dell traps ..................................................................................... 99SNMP agent ................................................................................ 99Configuring SNMP .................................................................... 99

System reports ................................................................................. 104Configuring system reports.................................................... 104Collecting system reports ....................................................... 106

Log files and log collection ............................................................ 107

Chapter 8 Configuring NFS/CIFS AccessOverview .......................................................................................... 110Configuring NFS ............................................................................. 110Configuring CIFS ............................................................................ 113

Active Directory ....................................................................... 113Configuring CIFS Node Properties ....................................... 115Adding or Editing a CIFS Share............................................. 119

Chapter 9 Getting Performance DataOverview .......................................................................................... 122Example: Getting the Statistics...................................................... 123

Request ...................................................................................... 123Response.................................................................................... 123Browser Output........................................................................ 124Output Fields............................................................................ 124

Example: Resetting the Counters.................................................. 125

3EMC Atmos Version 1.3.2 Administrator’s Guide

Contents

Request...................................................................................... 125Response ................................................................................... 126

Glossary

Index


Title Page

Figures

1 SecurityAdmin and SysAdmin Login Page ............................................... 142 TenantAdmin and SubtenantAdmin Login Page...................................... 153 SecurityAdmin Dashboard ........................................................................... 164 System Dashboard ......................................................................................... 175 Tenant Dashboard.......................................................................................... 186 Subtenant Dashboard .................................................................................... 197 Update My Information ................................................................................ 208 Update My Information ................................................................................ 369 Tenant List....................................................................................................... 4410 Upate My Information................................................................................... 5311 Subtenant List ................................................................................................. 6212 Policy Specification Page............................................................................... 7513 Policy Specification Metadata Location Options....................................... 7614 Policy Specification Customize Options ..................................................... 7915 Policy Specification Enable Stripe Options................................................. 8116 Policy Specification Erasure Code Options ................................................ 8217 Policy Specification Rentention and Deletion Options............................. 8318 Policy Selector Page ....................................................................................... 8419 Alert Information ........................................................................................... 94


Figures


Preface

As part of an effort to improve and enhance the performance and capabilitiesof its product lines, EMC periodically releases revisions of its hardware andsoftware. Therefore, some functions described in this document may not besupported by all versions of the software or hardware currently in use. Forthe most up-to-date information on product features, refer to your productrelease notes.

If a product does not function properly or does not function as described inthis document, please contact your EMC representative.

Note: This document was accurate as of the time of publication. However, asinformation is added, new versions of this document may be released to theEMC Powerlink website. Check the Powerlink website to ensure that you areusing the latest version of this document.

Preface 7

8

Preface

Introduction

Audience This document is part of the Atmos documentation set, and isintended for use by system administrators who are responsible forinstalling, configuring, and maintaining Atmos.

Relateddocumentation

The following EMC publications provide additional information:

◆ EMC Atmos Release Notes

◆ EMC Atmos Conceptual Overview

◆ EMC Atmos Installation and Upgrade Guide

◆ EMC Atmos Administrator’s Guide

◆ EMC Atmos Programmer’s Guide

◆ EMC Atmos System Management API Guide

◆ EMC Atmos Security Configuration Guide

◆ EMC Atmos Non-EMC Software License Agreements

◆ EMC Atmos Hardware Guide

◆ EMC Atmos online help

Conventions used inthis document

EMC uses the following conventions for special notices:

Note: A note presents information that is important, but not hazard-related.

CAUTION!A caution contains information essential to avoid data loss ordamage to the system or equipment.

IMPORTANT!An important notice contains information essential to software orhardware operation.


Preface

Typographical conventionsEMC uses the following type style conventions in this document.

Normal Used in running (nonprocedural) text for:• Names of interface elements (such as names of windows,

dialog boxes, buttons, fields, and menus)• Names of resources, attributes, pools, Boolean expressions,

buttons, DQL statements, keywords, clauses, environmentvariables, functions, utilities

• URLs, pathnames, filenames, directory names, computernames, filenames, links, groups, service keys, file systems,notifications

Bold Used in running (nonprocedural) text for:• Names of commands, daemons, options, programs,

processes, services, applications, utilities, kernels,notifications, system calls, man pages

Used in procedures for:• Names of interface elements (such as names of windows,

dialog boxes, buttons, fields, and menus)• What user specifically selects, clicks, presses, or types

Italic Used in all text (including procedures) for:• Full titles of publications referenced in text• Emphasis (for example a new term)• Variables

Courier Used for:• System output, such as an error message or script• URLs, complete paths, filenames, prompts, and syntax when

shown outside of running text

Courier bold Used for:• Specific user input (such as commands)

Courier italic Used in procedures for:• Variables on command line• User input variables

< > Angle brackets enclose parameter or variable values supplied bythe user

[ ] Square brackets enclose optional values

| Vertical bar indicates alternate selections - the bar means “or”

{ } Braces indicate content that you must specify (that is, x or y or z)

... Ellipses indicate nonessential information omitted from theexample

Introduction 9

10

Preface

Where to get help EMC support, product, and licensing information can be obtained asfollows.

Product information — For documentation, release notes, softwareupdates, or for information about EMC products, licensing, andservice, go to the EMC Powerlink website (registration required) at:

http://Powerlink.EMC.com

Technical support — For technical support, go to Powerlink andchoose Support. On the Support page, you will see several options,including one for making a service request. Note that to open aservice request, you must have a valid support agreement. Pleasecontact your EMC sales representative for details about obtaining avalid support agreement or with questions about your account.

Your comments Your suggestions will help us continue to improve the accuracy,organization, and overall quality of the user publications. Please sendyour opinions of this document to:

[email protected]


http://Powerlink.EMC.com

1

This chapter describes the different administrative roles in the EMC®

Atmos™ system, their creation sequence, and how they worktogether.

◆ Roles..................................................................................................... 12◆ Authentication.................................................................................... 13◆ Logging In ........................................................................................... 14◆ Dashboards ......................................................................................... 16◆ SecurityAdmin Tasks ........................................................................ 20

Administrative Roles

Administrative Roles 11

12


RolesThe system supports four administrative roles: SecurityAdmin,SysAdmin, TenantAdmin, and SubtenantAdmin.

SecurityAdmin The SecurityAdmin is a built-in super-user responsible for initialinstallation and creating SysAdmins.

During the installation process, the SecurityAdmin does thefollowing:

◆ Resets the default SecurityAdmin password.

◆ Creates a SysAdmin role, which is then used to complete theinstallation. This is the only SysAdmin until and unless others areadded.

The system supports only one SecurityAdmin.

SysAdmin The SysAdmin role is responsible for overall management of anAtmos system, including management of segments, RMGs, andnodes; changing faulty disks; and adding new hardware. Specifiedusers may be assigned the SysAdmin role.

SysAdmins also can create new tenants, which are logicalcompartmentalizations of data and resources. Associated with atenant are specific access nodes, security control, and storage policies.A tenant is configured with Web-service or file-system access tospecific nodes.

Users who are assigned the SysAdmin role may be authenticatedagainst either the internal authentication source maintained by theAtmos system (referred to as local authentication) or an externalauthentication source maintained by the customer (referred to asremote authentication). To use an external authentication source,additional configuration must be completed.

Multiple users may be assigned the SysAdmin role.

TenantAdmin The TenantAdmin role is responsible for managing subtenants, andpolicies for the tenant to which they are assigned. The SysAdminassigns specific users the TenantAdmin role within a given tenant.Policies are assigned by the TenantAdmin to a specific subtenant.TenantAdmins are unaware of system resources other than those



defined for their tenant and have no ability to access system resourcesexcept those assigned to their tenant. A TenantAdmin also can doanything that a SubtenantAdmin can do.

A TenantAdmin registers applications (which involves adding newapplications on the Atmos system by generating a UID/SharedSecret) and adds policies for the corresponding applications.

A given tenant can have multiple TenantAdmins, but a givenTenantAdmin can be a TenantAdmin for only one tenant.

SubtenantAdmin Subtenants are logical partitions of tenants that group togetherselected policies, data access, and reporting capabilities. Eachsubtenant has a unique set of users and sees a unique set of data. Agiven object can be seen by only one subtenant. When the SysAdmincreates a tenant, the system automatically creates one correspondingsubtenant (which is identical to the tenant). SysAdmins can choose tocreate additional subtenants within each tenant. SubtenantAdminsassign users to a subtenant.

A SubtenantAdmin can only create a unique ID and assign it to asubtenant.

AuthenticationAuthentication may depend on the internal authentication sourcemaintained by the Atmos system (referred to as local authentication)or an external authentication source maintained by the customer.(referred to as remote authentication).

The authentication service comprises multiple authentication servers(one master and several read-only slaves). If the masterauthentication server temporarily is unavailable (for example,because it is down or there is a network disconnection), a failoverprocess is triggered. This occurs only rarely. Complete failover takessome time (roughly 15 minutes, depending on the size andconfiguration of your system). While failover is in progress, users canbe authenticated against only those authentication servers which areup. During the failover window, while the master authenticationserver is unavailable, write operations (adding and deletingsystem-management users) will fail.

Authentication 13

14


Logging InAccess to the GUI is through a browser. Atmos supports InternetExplorer. For supported versions of the browser and other softwarerelated to Atmos, see the EMC Atmos Installation and Upgrade Guide.

SecurityAdmin andSysAdmin Login

In an Internet Explorer window, enter the URLhttps://hostname/mgmt_login. Alternately, if you already arelogged in as a TenantAdmin or SubtenantAdmin, log out, then clickthe Switch to SystemAdmin login page link on theTenantAdmin/SubtenantAdmin login page.

The login page for SecurityAdmin and SysAdmin appears as shownin Figure 1.

Figure 1 SecurityAdmin and SysAdmin Login Page



Login credentials are case sensitive. Enter the following fields:

◆ Auth Type — Local

◆ User Name — SecurityAdmin/SysAdmin name (the default forSecurityAdmin is SecurityAdmin)

◆ Password — SecurityAdmin/SysAdmin password (the defaultfor SecurityAdmin is #1Passwd)

TenantAdmin andSubtenantAdminLogin

In an Internet Explorer window, enter the URL https://hostname.Alternately, if you already are logged in as a SecurityAdmin orSysAdmin, log out, then click the Switch to TenantAdmin login pagelink on the SecurityAdmin/SysAdmin login page.

The login page for TenantAdmin and SubtenantAdmin appears asshown in Figure 2.

Figure 2 TenantAdmin and SubtenantAdmin Login Page

Login credentials are case sensitive. Enter the following fields:

◆ Tenant — Tenant name

◆ Subtenant — Subtenant name

◆ User Name — TenantAdmin/SubtenantAdmin name

◆ Password — TenantAdmin/SubtenantAdmin password

Logging In 15

16


If you forget your password, click the Forgot Password link on thelogin page. Your password will be mailed to you, if an email addressis specified for your admin role and an SMTP server is set up.

DashboardsSince each role has different privileges, each type of admin sees adifferent dashboard after logging in.

Security Dashboard When a SecurityAdmin logs into Atmos, the Security Dashboardappears as shown in Figure 3.

Figure 3 SecurityAdmin Dashboard



System Dashboard When a SysAdmin logs into Atmos, the System Dashboard appearsas shown in Figure 4.

Figure 4 System Dashboard

Dashboards 17

18


Tenant Dashboard When a TenantAdmin logs into Atmos, the Tenant Dashboardappears as shown in Figure 5.

Figure 5 Tenant Dashboard



SubtenantDashboard

When a SubtenantAdmin logs into Atmos, the Subtenant Dashboardappears as shown in Figure 6.

Figure 6 Subtenant Dashboard

Dashboards 19

20


SecurityAdmin TasksThis section explains how the SecurityAdmin uses the Atmossystem-management GUI to manage SecurityAdmins andSysAdmins.

Modifying theSecurityAdmin

To view or modify SecurityAdmin information, login as aSecurityAdmin and click Update My Information in the Navigationpane. Figure 7 shows the Update My Information page. Use this pageto change passwords and other information about yourSecurityAdmin account.

Required fields are marked with red asterisks on the page.

Figure 7 Update My Information

Creating aSysAdmin

To create a SysAdmin—that is, to assign the SysAdmin role to auser—follow these steps:

1. Login as SecurityAdmin. The Security Dashboard appears.

Click Add. The Assign System Admin Role page appears.

2. Choose an Authentication Source (Local or Remote).



The system lets you authenticate user accounts locally (internal)to the platform or remotely (external), using a preconfiguredLDAP server.

• If Local is selected, the authentication source is the Atmossystem; skip to step 5.

• Remote authentication requires additional configuration: ifyour site requires external, centralized authentication, youneed to enter the configuration details to enable access. If youchoose remote authentication, an Authentication Addressfield appears.

3. The Authentication Source field contains either a drop-down list(if LDAP servers are already configured) or a message: “Noremote authentication source available.” If there is a drop-downlist, select a remote authentication source; otherwise, you mustconfigure an LDAP server.

Note: Only LDAP is supported as a remote authentication mechanismfor administrators.

4. Enter a User Name and click Assign. If the user does not alreadyexist, you are prompted to add it.

When you create a SysAdmin and specify a Local authenticationsource, the server checks whether the user you input exists; if not,it prompts you to add the user. If you specify a Remoteauthentication source, the server does not check whether the userexists.

In this case, because the authentication source is Local and the username does not exist in the system, you are asked to add the new(local) user.

SecurityAdmin Tasks 21

22


Click OK. The Add New User page appears.

5. Enter the required User Name, Password, and ConfirmPassword fields and any optional fields.

Although the Email field is optional, it is recommend that youuse it. If the new SysAdmin forgets his password, he can get itemailed to him—but only if you fill in this field.

Click Add. The user is added as a SysAdmin and now appears onthe Security Dashboard.

Note: For operations that create/modify system-management users, orassign an administrative role (SysAdmin, TenantAdmin, orSubtenantAdmin) to a user, there is a slight delay before the effect of theoperation is visible on all Atmos nodes, while the Atmos system issynchronized.

Deleting aSysAdmin

To delete a SysAdmin, follow these steps:

1. Login as SecurityAdmin. The Security Dashboard appears.

2. In the row for the SysAdmin you want to remove, click RemoveRole.

3. In the pop-up dialog asking you to confirm, click OK.


2

This chapter describes how to access the functions for managingRMGs through the System Dashboard.

Throughout this chapter, required fields are marked with redasterisks on the page.

◆ Master node ........................................................................................ 24◆ Viewing Details about an RMG ....................................................... 24◆ Adding an RMG................................................................................. 25◆ Adding an Additional IS to an Existing RMG ............................... 25◆ Adding Additional Nodes to an RMG............................................ 31◆ Viewing and Managing Details for a Node in an RMG ............... 32

Managing RMGs

Managing RMGs 23

24

Managing RMGs

Master nodeThe master node is the first node installed in each installation segment.It always has -001 appended to its node name. When a new RMG isadded to the system, it has one installation segment, hence onemaster node. If more installation segments are added to that RMGlater, there are more master nodes: an RMG with N installationsegments has N master nodes.

The initial master node is the first node installed in the first installationsegment in the first RMG in the system (during system installation).This is the node where the SysAdmin must login.

Viewing Details about an RMG1. Login as SysAdmin. The System Dashboard appears. The RMG

List area of the System Dashboard lists all RMGs in this Atmossystem and the location of each RMG.

2. In the RMG List area, click Detail for a given RMG. The RMGSummary page for that RMG appears.

The yellow warning triangles in the Name column indicate thatthere are new, unacknowledged alerts for the node. For details,click the node’s Name.


Managing RMGs

Service Status indicates whether the node is up (green), down(red), configuring ("Configuring"), or if the node replacement hasfailed ("Replacement Failed"). For details, click the node’s Name.

Adding an RMGAn RMG is a collection of segments that share a single domain andlocation identifier. There are three main steps to add an RMG:

◆ Step 1: Launch Atmos Installation on the Master Node (VMwareor physical hardware)

◆ Step 2: Install the Atmos Appliance on the Master Node

◆ Step 3: Add the New RMG

For more information on adding a new RMG, see the EMC AtmosInstallation and Upgrade Guide.

Adding an Additional IS to an Existing RMG

Note: For VMware Installations, each installation segment must use itsown switch for the private network. Before adding an installationsegment here, ensure that it will use a different switch for the privatenetwork than any installation segments that are already installed.

To add an installation segment:

1. Login as SysAdmin to the initial master node. The SystemDashboard appears.

2. In the RMG List area, click Detail for the RMG to which youwant to add an installation segment.

3. In the Operations area, click Add Segment. The Target SegmentConfiguration page appears.

Adding an RMG 25

26

Managing RMGs

4. Choose a segment to configure and click Next. The NetworkConfiguration page appears.

5. Complete the fields as described in the following table.

Field Description

Platform type Select your platform type from the dropdown list:• Server with DAE (external disk cabinet)• Server without DAE (internal storage only)• VMWare (VMWare node, no real disks)

IP Range From/To Specify the public IP addresses for nodes in thisinstallation segment. Enter the upper IP address forthe network. The number of IP addresses you specifyin this range represents the number of nodes in theinstallation segment.


Managing RMGs

6. Click Next. The Application Configuration page appears. You useit to set up your storage and metadata servers.

Subnet Mask Enter a subnet mask that identifies the local networkaddresses defined for the IP Range.

Default Gateway Enter the gateway address. This is critical if you planto access Atmos through the public network.

Hostname Prefix Enter the hostname prefix associated with the IS. Thesystem adds a hyphen after the prefix and before athree-digit, system-generated serial number.The following characters are valid for this field:• The first character must be an alphabetic

character.• Characters following the first character can be one

or more: alpha (a-z,A-Z), number (0-9), dot (.),underscore (_), hyphen (-).

• The last character must be an alphabeticcharacter or a number.

DNS Server Enter the IP address of the name server on the publicinterfaces.

Search DNS Suffix Enter a value which will be appended to a domainname that is not fully qualified. For example, enteringcompany.com here would cause the name www to belooked up as www.company.com. As anotherexample, www.emc.com is fully qualified and wouldbe looked up as is.

NTP Server An NTP server helps synchronize application serversand Atmos nodes. EMC strongly recommends thatyou use an external NTP.You can specify one of the following:Local NTP Server— Select this option when youwant to use the Atmos-supplied NTP server.Remote NTP Server —Select this option when youwant to specify an external NTP server.

Field Description

Adding an Additional IS to an Existing RMG 27

28

Managing RMGs

Use the slider bar to specify whether Atmos will perform morelarge-file operations or small-file operations. Since eachobject/file has a fixed amount of metadata, large files have lessmetadata as a percentage of their size than small files. The ratiospecified here determines the number of drives per nodeallocated to metadata versus user data.

Choose one of the following ways to proceed:

• Click Next, and a default, overall configuration pattern isauto-generated for the system.

• Click Manual Customize to configure each node in thesystem. Use the Manual Customize page to define the diskratio, placement, and action-type storage requirements foreach node. Your policy specifications must reflect the storagedefinitions defined in this setup.

The Manual Customize page is shown below.


Managing RMGs

The Manual Customize fields are as follows:

Field Description

Disk ratio The initial value in this field reflects your slider bar settings on theApplication Configuration page.In a valid metadata:data disk ratio, the metadata part of the ratio is lessthan or equal to the data part of the ratio.When you enter a valid ratio, it gets propagated to the grayed-out fields inthe Disk Ratio column.

Adding an Additional IS to an Existing RMG 29

30

Managing RMGs

7. Click Next to display the Configuration Summary page.

Placement Specify how the storage service allocates new objects to the physical disksunder its management by selecting one of the following values from thedropdown:• OPTIMAL — Round robin: rotate requests equally among all available

storage disks. This is the default.• GREEN — Only one or a few disks are active; the rest are spun down for

energy conservation. When the active disks fill up, the spun-down disksare woken up and used.

• FAST — Use striping by putting blocks of data of the same replica ondifferent disks. This mode allows for a better aggregate throughput to thedisks, by using multiple disk heads to access the same replica. This islike RAID striping.

• BALANCED — Pick the disk with the most available space.

Note: In a VMWare installation, GREEN and FAST are not supported. (Thewarning on the page refers only to GREEN.)

Action Type This specifies the data-at-rest services applied to Storage Servers:• None — No services; normal writes and reads. This is the default.• Checksum — The Storage Server generates a checksum for all data

saved on it. When the data is read, the checksum is verified. When thedata is re-written, the old data also is verified.

• Compression — Data is compressed on write and decompressed onread. This conserves disk space but introduces processing overhead onthe server, so typically it has a negative impact on performance.Compression can be used successfully for objects that are written onceand accessed rarely.

• Deduplication — Deduplication: multiple copies of the data areremoved, and only one copy of the data is maintained. This is intended toconserve storage capacity.

• CompressionDedup — Combination of Compression andDeduplication.

Note: Checksum, Compression, Deduplication, or CompressionDedupmust be specified here if you want to use any of them later, when creating apolicy specification.

Field Description


Managing RMGs

8. Click Next to install the master node. The Installation of theMaster Node page appears. Depending on your installation, thepage has either a Next button or a Finish button.

When the installation is in the Configuring the machine fornetwork communication stage, you are prompted by a SecurityAlert page for a security certificate — In this case, choose ViewCertificate (you will see it is configured with the Atmos masternode name), then Install Certificate (it is added as a Trusted Rootcertificate for your browser). Click OK to proceed with theremaining stages of the installation.

If there is an error during installation of the master node, twomore buttons appear on the page: Restart and Restart fromFailure Point. Click the appropriate button restart the installationprocess for the master node from the beginning or from the pointof failure, respectively.

9. Click Finish.

Adding Additional Nodes to an RMGWhen you add an RMG, you can choose to install only some of thenodes you specify for that RMG. Use the procedure below to installthe additional nodes in that RMG later.

Note: Adding or discovering physical nodes is not supported in the AtmosVirtual Edition.

1. Login as SysAdmin. The System Dashboard appears.

Adding Additional Nodes to an RMG 31

32

Managing RMGs


3. In the Operations area, click Add Node. The Add New Node &View Installation Status page appears, displaying a list of knownnodes in the RMG and their status.

4. Click Discover New Nodes, and the master node in the firstinstallation segment in the RMG interrogates the RMG for slavenodes that respond (via IPMI, Intelligent Platform ManagementInterface) but are not in the list of installed nodes. These are nodesthat are physically connected to the system and to power, but arenot yet installed or powered on.

The list of new nodes is presented. Use Install or Install AllNodes to install new nodes individually or collectively.

Viewing and Managing Details for a Node in an RMG1. Login as SysAdmin. The System Dashboard appears.


3. From the Node List area, click the link for the node you want toview in detail. The node dashboard appears.

The information on the node dashboard differs somewhat,depending on whether it is for a master node or a slave node. Thedashboard for a slave node is as follows:


Managing RMGs

Viewing and Managing Details for a Node in an RMG 33

34

Managing RMGs

The page displays a variety of information for the node. TheOperations area displays the functions you can perform on thenode:

• Power On/Off — Turn the node on or off (not supported inthe Atmos Virtual Edition). Powering off a node that has notbeen properly shutdown can result in unexpected results. Toproperly shutdown a node, login as root and run the systemshutdown command. The Power Off command should only beused under the advice of EMC Customer Support or after youare sure the operating system has been correctly stopped.

• Restart — Reboot the node (not supported in the AtmosVirtual Edition).

• Collect Log — Collect the system log of the node. (You may beasked to do this if a log is needed for debugging purposes. Inthat case, after the log file is collected, you would be directedto send it to EMC.)

• Go to Maintenance Mode — Not currently supported.Maintenance mode stops all Atmos services; you can thendisconnect the node and perform maintenance. Productionmode restores all Atmos services.

• Beacon On, Beacon Off — Turn the node LCD light on or off(not supported in the Atmos Virtual Edition).

• Replace — Reinstall the node using DHCP to retrieve an IPaddress. This applies only to slave nodes (not supported in theAtmos Virtual Edition).

In addition to Operations, the page has several other areas: AlertInformation, Filesystem Information, Disk Information, TaskInformation, and Graphs.


3

This chapter describes how to access and configure system settings.This chapter describes the following topics:

◆ Modifying a SysAdmin ..................................................................... 36◆ Updating the Software Serial Number ........................................... 36◆ Configuring NTP (Network Time Protocol) .................................. 37◆ Configuring a Federation Target ..................................................... 37◆ Configuring Security System-wide (Enabling/Disabling SSL)... 39◆ Configuring SSL Certificates System-wide .................................... 40◆ Configuring MDS Remote Replication ........................................... 41

Configuring SystemSettings

Configuring System Settings 35

36

Configuring System Settings

Modifying a SysAdminTo view or modify SysAdmin information, login as a SysAdmin andclick Update My Information in the Navigation pane. The Update MyInformation page appears as shown in Figure 8. Use this page tochange passwords and other information about your SysAdminaccount.


Figure 8 Update My Information

Updating the Software Serial NumberThe software serial number is used as an access key whenconfiguring system reporting of Atmos configuration data. For moreinformation, see “Configuring MDS Remote Replication” on page 41.The software serial number must be configured before systemreporting can be configured.


2. In the Operations area, click Update Software Serial Number.The Update Software Serial Number page appears.

3. Enter the software serial number and click Submit.



Configuring NTP (Network Time Protocol)Atmos requires strong time synchronization internally (betweenAtmos nodes), and externally between any machines running theAtmos file system and the Atmos system. The Atmos systemimplements internal time synchronization, but EMC recommendsthat you augment it with a high-quality external NTP server(especially for production systems). For more information aboutconfiguring an external NTP server, see the EMC Atmos Installationand Upgrade Guide.


2. In the Operations area, click NTP Configuration. The NTPConfiguration page appears.

3. Select the type of NTP Server, either Remote (the nodessynchronize to a standard reference) or Local (the nodessynchronize to each other but not to a standard reference).

4. Specify the NTP Server host name or address. Here, we usepool.ntp.org, which supplies multiple address from a pool, whichdistributed the load and is more reliable. This is a publiclyavailable resource on the Internet

5. Click Submit.

Configuring a Federation TargetIf you configure a federation target, the TenantAdmin can define apolicy with a replica in that targeted location, that is outside thisAtmos system.

Follow these steps:

Configuring NTP (Network Time Protocol) 37

38


1. Login as SysAdmin, then click Federation Configuration in theNavigation pane. The Cloud Federations page appears initiallyempty, as shown below.

2. Click Add. The Federation Configuration page appears.

3. Fill out the fields on the page:

• Type — Currently, this always is Atmos onLine.

• Name — Specify a name for this target.

• Address — IP address, fully qualified domain name, orhostname for this target. (If a fully qualified domain name orhostname is used, it must be resolvable by Atmos nodes.)

• Full Token ID — A combination of subtenant ID and a UIDwithin that subtenant, both in the Atmos onLine system that isbeing targeted. The format is subtenant ID/UID.

• Shared Secret — Shared secret for the UID, in the AtmosonLine system that is being targeted.

4. Click Submit. You are returned to the Cloud Federations page,which now shows the target you just configured.



Configuring Security System-wide (Enabling/Disabling SSL)If the Secure Sockets Layer (SSL) protocol on access nodes using WebServices is enabled, Atmos SOAP and REST interfaces can beaccessed only by HTTPS. When Web Service SSL is disabled, AtmosSOAP and REST interfaces can be accessed by HTTP. By default, SSLis enabled.

SSL should be enabled unless one of the following is true”

◆ You secured the connection between the client and server inanother way.

◆ Performance is more important than privacy protection for thedata passing between the client and server (for example, if youare passing unimportant test data).

To change the SSL enablement setting for Web-service access on allnodes, follow the steps below. (To change the SSL enablement settingon all nodes assigned to a specific tenant, see “Configuring SSLCertificates for a Tenant” on page 57.)


2. In the Operations area, click Security Configuration. TheSecurity Configuration page appears.

3. Specify the setting using the Enable or Disable button(whichever is active).

4. Click Back to return to the System Dashboard.

Note: To change the SSL enablement setting for Web-service access on all nodes assigned to a specific tenant, see “Require SSL for Web Service connections” on page 57.

Configuring Security System-wide (Enabling/Disabling SSL) 39

40


Configuring SSL Certificates System-wideServers use certificates for creating an SSL while communicating witheach other over networks. By default, Atmos uses a self-signedcertificate for SSL connections. For the best security, we recommendyou replace the default Atmos certificate with one of your own,signed by your trusted Certificate Authority (CA).

To configure your own SSL certificates for Web-services access on allnodes, follow the steps below. (To configure SSL certificates on allnodes assigned to a specific tenant, see “Configuring SSL Certificatesfor a Tenant” on page 57.)


2. In the Operations area, click SSL Configuration. The UpdateManagement GUI SSL Certificate page appears.

3. Follow the procedure in “Configuring SSL Certificates for aTenant” on page 57.



Configuring MDS Remote ReplicationWhen Atmos is installed, there are two MDS instances running ontwo different nodes in the same RMG, in a master-slave mode. Themaster MDS replicates its data to the slave MDS. If this RMG goesoffline (for example, due to a power or network outage), all objectsowned by this MDS pair are unavailable to the user. The MDS remotereplica feature enables you to configure a secondary RMG location toreplicate metadata. Then, if the primary RMG becomes unavailable,Atmos can read from the secondary RMG.


2. In the Operations area, click MDS remote replica. The MDSRemote Replica Configuration page appears.

3. Select values for Installation Segment 1 and InstallationSegment 2 from the drop-down lists. (These are installationsegments.)

The two installation segments must be in different RMGs. TheGUI enforces this requirement: after you select InstallationSegment 1, the drop-down list for Installation Segment 2changes, so it does not contain any installation segments in thesame RMG as Installation Segment 1.

4. Click Add. The new configuration is listed on the page.

Configuring MDS Remote Replication 41

42



4

This chapter describes how to access the functions for managingtenants through the System Dashboard. This chapter describes thefollowing topics:

◆ Listing Tenants ................................................................................... 44◆ Creating a Tenant............................................................................... 45◆ Renaming a Tenant ............................................................................ 49◆ Creating a TenantAdmin .................................................................. 50◆ Modifying a TenantAdmin............................................................... 53◆ Deleting a TenantAdmin................................................................... 54◆ Adding Nodes to a Tenant ............................................................... 55

Managing Tenants

Managing Tenants 43

44

Managing Tenants

Listing TenantsLogin as SysAdmin, then click Tenant List in the Navigation pane.The Tenant List page appears as shown in Figure 9.

Figure 9 Tenant List

This Tenant List page shows a Tenant Admin named t1admin alreadywas created. Each Name in the Tenant List is a tenant ID; each tenanthas a unique ID that is required at login. You first create a tenant, thenassign TenantAdmins to the tenant.

In this example, for the tenant named t2, the Tenant Admin columnindicates No Tenant Admin, meaning no TenantAdmin role isassigned to this tenant. To complete this tenant, you must assign aTenantAdmin role and one or more nodes to this tenant. For moreinformation, see “Creating a TenantAdmin” on page 50 and “AddingNodes to a Tenant” on page 55.


Managing Tenants

Creating a TenantWhen you create a tenant in the system-management GUI, a defaultsubtenant automatically is created under it. That default subtenanthas the same name, ID, and Authentication Source as the tenant.Default subtenants cannot be deleted.

Controlling theTenant NamespaceDirectory Structure

Each tenant owns a namespace—comprising files anddirectories—that is independent of the namespaces of other tenants.

At the top of the tenant namespace is a tenant root directory, whichAtmos creates when a new tenant is created. The location of thetenant root directory is the same as the location (RMG) where theoperation for tenant creation was invoked through thesystem-management GUI or CLI. Under the tenant root directory aresubtenant root directories. Under the subtenant root directories arethe files and directories created by user applications.

Atmos distributes the namespace to best utilize system resources.Efficient management of the namespace is very important for overallsystem performance. EMC recommends that you balance thenamespace; for example one directory should not contain all or alarge portion of all files.

Namespace considerations are similar for both Atmos file-systemaccess and Web services access with namespace addressing.

Default Policy Whenever a tenant is created (during Atmos installation or later), adefault policy specification is created for that tenant. The defaultpolicy specification, named “default,” is listed on the TenantDashboard. It is defined to have two synchronous replicas, with nolocation or server attribute constraints. It is applied to all objects thatdo not match any user-defined policy selector. If required, theTenantAdmin can modify the default policy specification for a tenant.The default policy for a tenant applies to all subtenants under thattenant. An Atmos system can operate only with a default policy.

Creating a Tenant 45

46

Managing Tenants

How to create atenant

1. Login as SysAdmin, then click Create Tenant in the Navigationpane. The Create Tenant page appears.

2. Choose an Authentication Source (Local or Remote).

The system lets you authenticate tenant accounts locally (internal)to the platform or remotely (external), using a preconfiguredLDAP server.

• If Local is selected, the authentication source is the Atmossystem; skip to step 4.


Note: This authentication source applies to TenantAdmins created within this tenant. See “Creating a TenantAdmin” on page 50.

The Authentication Address field contains either a drop-downlist (if LDAP servers are already configured) or a message: “Noremote authentication source available,” as shown below. If thereis a drop-down list, select a remote Authentication Address.Otherwise, you must configure an LDAP server; see“Configuring an LDAP Server for Remote Authentication” onpage 47.


Managing Tenants

3. Enter a Tenant Name, which must be unique and no more than 30characters.

4. Click Create to create a tenant.

Configuring an LDAPServer for RemoteAuthentication

1. When creating a tenant, click Add next to the AuthenticationSource field. The Remote LDAP Configuration page appears.

Creating a Tenant 47

48

Managing Tenants

2. Complete the fields as described below.

3. Click Save.

Field Description

Auth Name Name of authentication source.This field cannot be edited; it is populated automatically whenyou specify a value for Bind DN.

Bind DN Distinguished name to use to connect to the LDAP server.This field is used to populate the Auth Name field. Forexample, if you enter the following for Bind DN:cn=root,dc=host,dc=example,dc=com then Auth Name isfilled in as follows: host.example.com

Bind Password Password for Bind DN.

Server Name LDAP server locations or IP addresses, separated by spaces.

LDAP Debug Level Debug level for the server.

Protocol LDAP or LDAPS.

Port Number Port number for communicating with the LDAP server.

LDAP Timeout Timeout interval (in milliseconds) to use whencommunicating with the LDAP server.

User Search Path Distinguished name at which to begin user searches on theLDAP server.

Group Search Path Distinguished name at which to begin group searches on theLDAP server.

User Object Class Object class that identifies users in the LDAP hierarchy.

User ID Attribute Attribute that identifies a user login ID.

Group Object Class Object class that identifies groups in the LDAP hierarchy.

Group Name Attribute Attribute that identifies a group name.


Managing Tenants

Renaming a TenantWhen you rename a tenant, the name of its default subtenant also ischanged.

1. Login as SysAdmin, then click Tenant List in the Navigationpane. The Tenant List page appears.

2. Under the Actions column, click Edit next to the tenant you wantto rename. The Tenant Information page appears.

3. Click Rename. The Rename Tenant page appears.

4. Enter the New Tenant Name, then click Submit.

Renaming a Tenant 49

50

Managing Tenants

Creating a TenantAdminOnce you create a tenant, you must assign the TenantAdmin rolewithin this tenant to one or more users. A given tenant can havemultiple TenantAdmins, but a given TenantAdmin can be aTenantAdmin for only one tenant.

Follow these steps:


2. Click Edit for the Tenant you need to modify. The TenantInformation page appears.

3. Click Add Tenant Admin. The Add New Admin page appears.

4. Enter the User Name for this TenantAdmin, and click Save.


Managing Tenants

When you create a TenantAdmin and the authentication sourceassociated with the tenant is Local, the server checks whether theuser you input exists; if not, it prompts you to add the user. If theauthentication source for the tenant is Remote, the server does notcheck whether the user exists.

In this case, because the authentication source is Local and theuser name does not exist in the system, you are asked to add thenew (local) user.

5. Click OK to add the new (local) user to the system. You areprompted to enter the password and other information about theaccount.

6. Enter the required Password and Password Confirm fields andany optional fields.

Creating a TenantAdmin 51

52

Managing Tenants

Although the Email field is optional, we highly recommend youuse it. If the new TenantAdmin forgets his password, he can get itemailed to him—but only if you fill in this field.

Click Save to return to the Tenant Information page. The TenantAdmins area now shows the new TenantAdmin’s user name.



Managing Tenants

Modifying a TenantAdminTo view or modify TenantAdmin information, login as aTenantAdmin and click Update My Information in the Navigationpane. The Update My Information page appears as shown inFigure 10. Use this page to change passwords and other informationabout your TenantAdmin account.


Figure 10 Upate My Information

Modifying a TenantAdmin 53

54

Managing Tenants

Deleting a TenantAdmin1. Login as SysAdmin, then click Tenant List in the Navigation

pane. The Tenant List page appears.


3. In the Tenant Admins area, in the row for the TenantAdmin youwant to remove, click Remove Role.



Managing Tenants

Adding Nodes to a TenantYou can add nodes to a tenant for Web-services or file-system dataaccess. An access node can belong to only one tenant. A single nodemay be assigned as both a Web-services access node and either anNFS or CIFS access node.

After following the steps in the procedure below, you can either

◆ Export NFS and CIFS directly from Atmos, using thesystem-management GUI. To do this, the TenantAdmin adds oredits mount-point shares of NFS/CIFS on the appropriate nodes.

You can use Active Directory to authenticate CIFS users (UIDs).

◆ Export the Atmos file system as NFS. For a step-by-stepprocedure, see the EMC Atmos Installation and Upgrade Guide.

To add nodes to a tenant, follow these steps:



Adding Nodes to a Tenant 55

56

Managing Tenants

3. Under Access Nodes, click Add Access Nodes. The Assign NodeTo Tenant page appears.

4. On the left, select the check box(es) for the node(s) you want toadd for this tenant.

5. For each selected node, check Web Service and/or a File Systemoption, as required.

6. Check Multi Subtenant Access if you want all subtenants underthis tenant to have access to the namespace via the selectednode(s). If you do not check this, only the default subtenant underthis tenant will have access.

7. Click Save. You are returned to the Tenant Information page. Theselected node name now appears in the Access Nodes list for thetenant you modified.

8. Optionally, proceed below to enable/disable or configure SSL.


Managing Tenants

Require SSL for WebServiceconnections

Use Require SSL for Web Service connections to enable and disablethe Secure Sockets Layer (SSL) protocol on access nodes using WebServices. When enabled, Atmos SOAP and REST interfaces can onlybe accessed by HTTPS (plain HTTP requests are refused). Whendisabled, Atmos SOAP and REST interfaces can be accessed by HTTPand HTTPS.

SSL should be enabled unless one of the following is true:

◆ You secured the connection between the client and server inanother way.

◆ Performance is more important than privacy protection for thedata passing between the client and server (for example, if youare passing unimportant test data).

To change the SSL enablement setting for Web-service access on allnodes assigned to this tenant, follow the steps below. To change theSSL enablement setting for Web-service access on all nodes, see“Configuring Security System-wide (Enabling/Disabling SSL)” onpage 39.

1. On the Tenant Information page, click Require SSL for WebService connections (in the Operations area). Note: This linkalways is active, but if you click it before any node is assigned tothe tenant for Web Service access, you get an error message.

2. Specify the setting using the Enable or Disable button(whichever is active).

3. Click Back to return to the Tenant Information page.

Configuring SSLCertificates for aTenant

Servers use certificates for creating an SSL while communicating witheach other over networks. By default, Atmos uses a self-signedcertificate for SSL connections. For the best security, we recommendyou replace the default Atmos certificate with one of your own,signed by your trusted Certificate Authority (CA).

To configure your own SSL certificates for Web-service access on allnodes assigned to this tenant, follow the steps below. To configureSSL certificates on all nodes, login as SysAdmin. On the SystemDashboard, in the Operations area, click SSL Configuration. Continuewith step 2 below.


58

Managing Tenants

1. On the Tenant Information page, click Update Web Service SSLCertificate (in the Operations area). The Update Web Service SSLCertificate page appears.

2. Select the type of Server Certificate you want. This selectionapplies only to the format of the Server Certificate File.

• PKCS7— server certificate sent to a CA for requesting apublic-key certificate

• PKCS12—server certificate file format commonly used tostore private keys with accompanying public key certificatesand are protected with a password-based symmetric key

3. Depending on the type of Server Certificate selected, differentfields appear on the page. Complete the fields as described below.

PKCS7 Fields Description

Certificate Key File A file which stores the PEM-encoded RSA Private Key.

Certificate Key Password The secret to unencrypt the Certificate Key File. If thisis not provided, the non-encrypted private key isaccepted.


Managing Tenants

4. Click Submit.

Server Certificate File A PEM-encoded file that contains the server’s certificate.The Server Certificate File contains just the certificate.

Certificate of Trusted Root CA The public certificate of the trusted root CA certificate.This is the certificate that Atmos trusts. All clients thatcommunicate with Atmos must present a certificatesigned by the same CA or signed by a CA that can belinked back to the trusted CA.

Certificate Chain of CAs A file that contains a set of certificates that allows theSSL protocol to check and validate the integrity of thecertificate presented to it. The root CA certificate mustbe the first certificate in the chain file, followed by one ormore intermediary CA certificates.



Server Certificate File A file which stores the PEM-encoded file that containsthe server’s certificate. The Server Certificate Filecontains both the certificate and the private key.

Password A symmetrix key password use to protect the private keyfor the PKCS12 certificate.

Certificate of Trusted Root CA The public certificate of the trusted root CA certificate.This is the certificate that Atmos trusts. All clients thatcommunicate with Atmos must present a certificatesigned by the same CA or signed by a CA that can belinked back to the trusted CA.

Certificate Chain of CAs\ A file that contains a set of certificates that allows theSSL protocol to check and validate the integrity of thecertificate presented to it. The root CA certificate mustbe the first certificate in the chain file, followed by one ormore intermediary CA certificates.


60

Managing Tenants


5

This chapter describes how the TenantAdmin and SubtenantAdminuse the system-management GUI to manage subtenants. A TenantAdmin can do anything that a SubtenantAdmin can do. Thischapter describes the following topics:

◆ Listing Subtenants.............................................................................. 62◆ Creating a Subtenant ......................................................................... 62◆ Renaming or Modifying a Subtenant.............................................. 64◆ Creating a Unique ID and Assigning it to a Subtenant ................ 66◆ Creating a SubtenantAdmin............................................................. 66◆ Deleting a SubtenantAdmin............................................................. 69

ManagingSubtenants

Managing Subtenants 61

62

Managing Subtenants

Listing SubtenantsLogin as TenantAdmin. The Tenant Dashboard appears. The Subtenant List area is shown in Figure 11.

Figure 11 Subtenant List

Creating a SubtenantWhen you create a tenant, a default subtenant automatically iscreated under it. That default subtenant has the same name, ID, andAuthentication Source as the tenant. Default subtenants cannot bedeleted.

Controlling theSubtenantNamespaceDirectory Structure

Each subtenant owns a namespace—comprising files anddirectories—that is independent of the namespaces of othersubtenants in the same tenant.Subtenant namespaces are locatedunder tenant namespaces.

At the top of subtenant namespace is a subtenant root directory,which Atmos creates when a new subtenant is created. The locationof the subtenant root directory is the same as the location (RMG)where the operation for subtenant creation was invoked through thesystem-management GUI or CLI. Under the subtenant rootdirectories are the files and directories created by user applications.

Atmos distributes the namespace to best utilize system resources.Efficient management of the namespace is very important for overallsystem performance. The namespace should be balanced, onedirectory should not contain all or a large portion of all files.

By default, the metadata records of new directories and files arecreated in the same location (RMG) as the parent directory where thedirectories and files (user data) are created. This default behavior canbe overridden by a metadata location policy.


Managing Subtenants

Namespace considerations are similar for both Atmos file-systemaccess and Web services access with namespace addressing.

How to create asubtenant

1. Login as TenantAdmin. The Tenant Dashboard appears.

2. In the Subtenant List area, click Add. The Create Subtenant pageappears.

3. Specify an Authentication Source (Local or Remote).

The system lets you authenticate subtenant accounts locally(internal) to the platform or remotely (external), using apreconfigured LDAP server.

• If Local is selected, the authentication source is the Atmossystem. Skip to step 5.


Note: Once a subtenant is created, you cannot modify its authenticationsource.

4. The Authentication Address field contains either a drop-downlist (if LDAP servers are already configured) or a message: “Noremote authentication source available” (shown below). If there isa drop-down list, select a remote Authentication Address.Otherwise, you must configure an LDAP server. For moreinformation about configuring an LDAP server, see “Configuringan LDAP Server for Remote Authentication” on page 47.

5. Specify a Subtenant Name, then click Create. The TenantDashboard appears again, this time showing the new subtenant.

Creating a Subtenant 63

64

Managing Subtenants

Renaming or Modifying a SubtenantA tenant's default subtenant cannot be renamed directly. However,when a tenant is renamed, both its name and its default subtenant’sname are changed.


2. In the Subtenant List area, click Edit next to the subtenant youwant to modify. The Subtenant Information page appears.

Complete the fields as described below.

Field Description

Subtenant ID UID of the subtenant

Subtenant Name Name assigned to the subtenant

Authentication Source Local or Remote authentication


Managing Subtenants

3. Use the Rename button or links to modify fields.

Capacity Disk space used by the subtenant

Default Policy Specification The default policy to be used for this subtenant.

Subtenant Admins Area where you can add/delete SubtenantAdmins forthis subtenant.

UID Information about Web-service UIDs belonging to thissubtenant. A UID can be assigned to only onesubtenant. To add a UID to this subtenant, click Add,then see “ Creating a Unique ID and Assigning it to aSubtenant” on page 66.This area of the page also enables you to regenerate thesecret key (shared secret), disable a UID, and email thesecret key to the email address associated with this UID.To update the email information for a UID, click the UID.This page lists both UIDs and SubtenantAdmins. UIDsread and write data. SubtenantAdmins are foradministration.

Access Nodes for NFS/CIFS Lists nodes with the NFS or CIFS service which can beaccessed by this subtenant.

Policy Selectors Lists the policy selectors that are associated with thesubtenant

Field Description

Renaming or Modifying a Subtenant 65

66

Managing Subtenants

Creating a Unique ID and Assigning it to a SubtenantAfter a user creates an application, it is registered. This involvesproviding a User ID (UID) and then generating a unique key (orshared secret). After generating this UID and shared secret, it must beprovided to the application developer who will use them both toauthenticate this application for web service requests to the system.

To create a UID:

1. Login as SubtenantAdmin. The Subtenant Dashboard appears.

2. In the UID List area, click Add. The Add UID page appears.

3. Under UID, enter a new ID, which is unique for this subtenant.

4. Optionally, enter an email address. This is used to email the secretkey, if that action is specified on the Subtenant Dashboard.

5. Click Add. The Subtenant Information page appears, listing thenew UID and the Shared Secret that the system generated for it.Give this information to your application developer for use inauthenticating access to the system for Web-service requests.

The shared secret can be disabled, enabled, or regenerated. When ashared secret is disabled, the user is no longer able to access thesystem through web services. To restore access, enable the sharedsecret. A shared secret can also be regenerated. The user will need thenew shared secret in order to access the system. There is no way torevert to a previous shared secret once a new one has been generated.

Creating a SubtenantAdmin1. Login as TenantAdmin. The Tenant Dashboard appears.

2. In the Subtenant List area, click Edit for a given subtenant. TheSubtenant Information page appears.


Managing Subtenants

3. In the Subtenant Admins area, click Add. Add New Admin pageappears.

4. Enter the User Name for this SubtenantAdmin, and click Save.

When you create a SubtenantAdmin and the authenticationsource associated with the tenant is Local, the server checkswhether the user you input exists. If the user does not exist, itprompts you to add the user. If the authentication source for thetenant is Remote, the server does not check whether the userexists.

In this case, because the authentication source is Local and theuser name does not exist in the system, you are asked to create thenew (local) user.

Creating a SubtenantAdmin 67

68

Managing Subtenants

5. Click OK to add the new (local) user to the system. You areprompted to enter the password and other information about theaccount.

6. Enter the required Password and Password Confirm fields andany optional fields.

Although the Email field is optional, we highly recommend youuse it. If the new TenantAdmin forgets his password, he can get itemailed to him—but only if you fill in this field.

Click Save to return to the Tenant Dashboard. The SubtenantAdmins area now shows the new SubtenantAdmin’s user name.



Managing Subtenants

Deleting a SubtenantAdmin1. Login as TenantAdmin. The Tenant Dashboard appears.

2. In the Subtenant List area, click Edit for a given subtenant. TheSubtenant Information page appears.

3. In the Subtenant Admins area, in the row for theSubtenantAdmin you want to remove, click Remove Role.


Deleting a SubtenantAdmin 69

70

Managing Subtenants


6

This chapter describes how the TenantAdmin and SubtenantAdminuses the system-management GUI to manage policies. This chapterdescribes the following topics:

◆ Overview............................................................................................. 72◆ Policy-based Data Storage ................................................................ 72◆ Default policy ..................................................................................... 74◆ Policy Specifications .......................................................................... 75◆ Policy Selectors ................................................................................... 84◆ Assigning a Policy Selector to a Subtenant .................................... 87◆ Reordering Policies ............................................................................ 87

Managing Policies

Managing Policies 71

72

Managing Policies

OverviewPolicy management involves defining a passive strategy for storing,retrieving, and managing objects and metadata. In the Atmos system,objects may include any type of binary content. Atmos relies on thePolicy Manager to process this content, and it enables you toassociate a policy with every object-management event. In addition,you associate metadata with objects as a way to understand theirorganization. As a result, you can achieve passive automation ofobject management for a variety of events, according to media typeand related user or system metadata.

The TenantAdmin determines the nature of policies that run on thesystem. Policies implemented by a TenantAdmin apply only to thenodes defined for the tenant into which the TenantAdmin is placed.The TenantAdmin determines how object data is treated withinAtmos based on a variety of conditions, including object types andevents. Events associated with objects include creation, deletion,versioning, sorting, and updating. You can define discrete policiesthat automatically manage your stored data assets by specifyingstorage services, data transformations, placement strategies,workflows, and lifecycle management, all through the placement anddefinition of policies.

Policy definition is complex, so EMC recommends that you designyour policies carefully and thoroughly, before implementing them.Begin by familiarizing yourself with the information in this chapter tosee which design decisions must be made for each policy.

Policy-based Data StorageAtmos provides policy-based data storage, which enables anadministrator to define policies that guide how data is stored in thesystem. Policies are defined via the system-management GUI.Policies are triggered by metadata (user metadata or systemmetadata).

For example, suppose an administrator sets up three policies: Gold,Silver, and Bronze. These might correspond to service levels ofdifferent users or of different data objects for the same user. The Goldpolicy specifies three synchronous replicas and one asynchronousreplica at specific locations (for example, Boston, New York, andShanghai, or perhaps locations close to the users who will access the


Managing Policies

data), with one replica compressed. The Silver policy specifies twosynchronous replicas at specific locations. The Bronze policy isintended for data that is used only infrequently and for whichinexpensive storage is required. It specifies two synchronous replicas(to minimize the chance of losing data) and compression, but nolocation. It allows the system to determine where the data is located.

Policy definitions have two main components:

◆ Policy Selector—this defines the conditions under which a policyis triggered. These conditions are specified as expressions usinguser or system metadata. For example, the Gold policy mighthave a condition that the user ID is “VP.” In this case, any datarequests by a Vice President will be handled subject to the Goldpolicy, which is backed up with significant storage resources, sothe Vice President’s data requests are handled very quickly. TheSilver policy might have a condition that there is a metadata tagof “Finance.” If the user has set a metadata tag indicating that thisdata is for the Finance department, the Silver policy applies to it.The Bronze policy might have a condition that the data is emailthat has not been accessed for three months.

◆ Policy Specification—this defines what happens when a policy isselected for use. Policy specifications include the following:

• Number, type (synchronous or asynchronous), and location ofreplicas.

• Transformations applied to replicas, such as compression anddeduplication.

• Striping across servers and/or across disks on a server.

• Server attributes, such as “green” specifies that most disks arespun down for energy conservation.

• A retention period, during which data cannot be modified.

• A deletion period (also called an expiration period), afterwhich the data is deleted.

• Location of metadata. This affects the selection of an MDS.

• Whether all the replicas are internal or they are federated.Federated replicas are distributed across a combination ofinternal Atmos systems and external systems (for example,Atmos onLine).

You can view a policy as an if-then statement: the policy selector isthe “if” clause, and the policy specification is the “then” clause.

Policy-based Data Storage 73

74

Managing Policies

Each combination of a policy selector and a policy specification is aseparate policy. The administrator can define a variety of policyspecifications, each of which can be used repeatedly (with differentpolicy selectors) to create multiple policies.

Policies are evaluated in the order in which they are listed in thesystem. Users can control this order. The policy that is used is the firstpolicy encountered with a selector that matches the object data ormetadata.

The use of flexible policies enables the system administrator to bettercontrol storage through a large, distributed system, without having todelve down to the level of individual directories.

Policy management is handled within the Metadata Service (MDS),by the Policy Manager (PM). The PM supports the MDS by storingpolicies and selecting appropriate policies for objects andinstantiating abstract policies into concrete layout descriptions.

Policy management always is invoked on create requests, sometimeson metadata updates, and rarely on reads and user-data updates. (Itis invoked on reads or user-data updates if the user sets appropriatemetadata triggers to cause such policy evaluation.)

Default policyWhenever a tenant is created (during Atmos installation or later), adefault policy specification is created for that tenant. The defaultpolicy specification, named “default,” is listed on the TenantDashboard. It is defined to have two synchronous replicas, with nolocation or server attribute constraints. It is applied to all objects thatdo not match any user-defined policy selector. The TenantAdmin canmodify the default policy specification for a tenant. The defaultpolicy for a tenant applies to all subtenants under that tenant. AnAtmos system can operate with only the default policy.


Managing Policies

Policy SpecificationsThe Policy Specification page, shown in Figure 12, is used to definepolicy specifications. This page is accessed by logging into Atmos as aTenantAdmin and clicking Add in the Policy Specifications area.

Figure 12 Policy Specification Page

The Policy Specification page enables you to define:

◆ The policy specification name

◆ Where metadata will be stored

◆ The number and type of replicas

◆ Retention and deletion times

Metadata location Atmos divides objects (or files) into two parts: user data andmetadata. User data is application data, such as Word files, text files,movies, and MP3 files. User data is managed by the Storage Service(SS). Metadata is stored on disks managed by the Metadata Service(MDS). There are two types of metadata:

◆ System metadata—this includes filename, file size, modificationdate, creation date, access-control lists, and object ID.

◆ User metadata—this comprises arbitrary, custom, name-valuepairs. Examples of user metadata is artist name (for MP3 data)and customer type.

Policy Specifications 75

76

Managing Policies

Every object in Atmos has information associated with it thatincludes system and user metadata, describes its layout, and lists anyparents and children (for file-system objects). The interface to thesystem is an object interface. While there is support for a namespace,every file is identified by an object ID.

The Metadata location setting controls the location where themetadata records of new files and directories are created. There aretwo options, sameAs and otherThan. The drop-down list to the rightof this field allows you to select one of these options:

The Metadata location drop-down menus on the Policy Specificationpage, shown in Figure 13, enable you to control where file anddirectory metadata is stored.

Figure 13 Policy Specification Metadata Location Options

Table 1 lists the available metadata location options.

Atmos supports dynamic location definitions. $client designates thelocation of the client where an operation is executed. A policy usingthe $client location descriptor stores the replica on a storage service atthe same location as the client that initiated the request.$clientCreateLoc designates the location of the client where the objectis or was created. A policy using the $clientCreateLoc locationdescriptor stores the replica on a storage service at the same locationas the client where the object is or was created.

Table 1 Metadata Location Options

Field Description

sameAs Store the object's metadata information in the same location as the data.

otherThan Store the object's metadata information in a different location from the data.

ANY For the Web-service object interface, this is a location at or close to theclient, for the Web-service namespace interface or file-system interface,this is the location of the subtenant root directory.

RMG A specific RMG location that you defined when adding RMGs.

$client The location where the data request is received.


Managing Policies

For example, consider an Atmos system with two locations, Bostonand Denver. At each location, there are several Atmos nodes runningthe Atmos storage server and client services. If a Boston application(UID) creates an object whose policy has a replica with location equals sameAs $client, that replica is stored in Boston. If a Denverapplication (UID) creates another object with the same policy, its$client location-driven replica is stored in Denver. In the case where apolicy is triggered by object creation, $client is interpreted the sameas $clientCreateLoc.

Replicas Two types of replicas may be created and associated with objects:synchronous and asynchronous. A given object may have both typesof replicas.

SynchronousReplication

In general, synchronous replicas are bit-for-bit copies of each otherthat are identical at any point in time. A successful writeacknowledgement may not be returned to the client until allsynchronous replicas are written. This has performance ramificationsdirectly related to the number of synchronous replicas, their distancefrom each other, and the type of connections that exist between thoselocations.

When an MDS returns metadata to the client, the client can determinewhich SSs contain synchronous replicas for the data being updated.The client is responsible for updating synchronous replicas, so itneeds to talk to those SSs immediately.

AsynchronousReplication

Asynchronous replication offers some level of disaster recovery whilenot affecting performance as much as synchronous replication.Asynchronous replication is done on a best-effort basis. The systemtries to keep asynchronous replicas up to date, but while suchupdates will be made eventually, there is no guarantee of when theywill occur.

For example, assume we are writing to an object that has twosynchronous and one asynchronous replicas. Whenever an object iswritten, the client updates the SSs containing the synchronousreplicas. When the client completes the updates, the API returns aclose request, which is sent to the MDS. That close request containsinformation about what the client did while they had the object open,for example, which blocks were written (made “dirty”) and which, ifany, blocks failed. The MDS closes the object and acknowledges thatto the client.


78

Managing Policies

In the background, the MDS creates a new request for the Job Service(JS). The JS is responsible for all asynchronous data-maintenancetasks, like asynchronous replication and consistency checking. It runson most Atmos nodes and is an application that sits on top of theclient.

Every policy must specify at least one replica, and a policy canspecify an unlimited number of replicas. Any Atmos SS can host areplica.

When defining replica requirements, be sure that the specifiedresources are available in the system. Before a policy is created,Atmos verifies that the specified Server Attributes are actuallyavailable. The Location specification determines how resources arechecked.

For example, if the location is specified as a constant, such as Boston,then Atmos checks the nodes in Boston for the specified resources. IfBoston does not have the resources, an error is returned indicatingthat the resources were not found. If the location is specified by the$client variable, and there are three locations in the system: Boston,Denver, and London, then Atmos checks the nodes at Boston, Denver,and London for the specified resources. All three locations arechecked because the $client variable can designate either Boston,Denver, or London as the location. If the resources are not found at allthree locations, an error is returned indicating that the resources werenot found.


Managing Policies

Customize The Customize option enables you to customize where and howobjects are stored, as shown in Figure 14.

Figure 14 Policy Specification Customize Options

The location drop-down menus enable you to control where thereplica is stored. Table 2 lists the available location options:

Table 2 Replica Location Options

Field Description

sameAs Store the replica in the same location as the object.

otherThan Store the replica in a different location from the object. In systems wherethere are more than two RMGs, otherThan does not enable you tospecify which other location should be used.

ANY For the Web-service object interface, this is a location at or close to theclient. For the Web-service namespace interface or filesystem interface,this is the location of the subtenant root directory.

$client Designates the location of the client where an operation is executed. Apolicy using the $client location descriptor stores the replica on a SS atthe same location as the client that initiated the request.

$clientCreateLoc Designates the location of the client where the object is/was created. Apolicy using the $clientCreateLoc location descriptor stores the replicaon a SS at the same location as the client where the object is/wascreated.


80

Managing Policies

Server Attributes describe how the SS allocates new objects to thephysical disks under its management. The action attribute specifiesthe type of data-at-rest transformations that are applied to the replicadata when stored on the server.

Table 3 lists the available placement strategies.

The server can apply data transformations to the object. Table 4 liststhe available data transformations.

Table 3 Placement Strategies

Field Description

OPTIMAL Rotate requests equally among all available storage disks (round robin).

FAST Use striping by putting blocks of data of the same replica on differentdisks. This mode allows for a better aggregate throughput to the disksby using multiple disk heads to access the same replica. This is likeRAID striping.

GREEN Only one or a few disks are active, the rest are spun down for energyconservation. When the active disks fill up, the spun-down disks arewoken up and used. This option is not supported in the Atmos VirtualEdition.

BALANCED Pick the disk with the most available space.

Table 4 Data Transformations

Field Description

None No services are performed (normal writes and reads). This is thedefault.

Any Pick any storage server regardless of how it is configured (forexample, whether it is configured for compression).

Checksum The storage server generates a checksum for all data saved on it.When the data is read, the checksum is verified. When the data isre-written, the old data is also verified.

Compression Data is compressed on write and decompressed on read. Thisconserves disk space but introduces processing overhead on theserver, so typically it has a negative impact on performance.Compression can be used successfully for objects that are writtenonce and accessed rarely.

Deduplication Multiple copies of the data are removed and only one copy of thedata is maintained. This is intended to conserve storage capacity.Atmos Virtual Edition does not support Deduplication.


Managing Policies

Striping Striping enables you to put blocks of data of the same replica ondifferent nodes. The Enable Stripe options are shown in Figure 15.

Figure 15 Policy Specification Enable Stripe Options

Table 5 lists the striping options.

Erasure Code Erasure Code provides data redundancy without the overhead ofreplication. Erasure Code divides an object into m data fragments andk coding fragments. Each fragment is then stored on a different disk.Using this method, the original object can be reconstructed from them and k fragments. Atmos supports two overhead configurations:9/12 configuration (Data=9, Code=3) and 10/16 configuration(Data=10, Code=6), as shown in Figure 16.

CompressionDedup A combination of Compression and Deduplication.

Table 4 Data Transformations (continued)

Field Description

Table 5 Striping Options

Field Description

Stripe Number Number of nodes to stripe across.

Stripe Size Amount of data written to each node.

Stripe Unit Options are B, KB, MB, GB, and TB.


82

Managing Policies

Figure 16 Policy Specification Erasure Code Options

Table 6 lists the Erasure Code options:

Because Erasure Code has an enhanced data protection mechanism,concurrent write and read operations of an object may result in anI/O error until the write operation has completed.

Federate Federate is active only if a federation target was defined by theSysAdmin. If Federate is active, a drop-down list is available whichcontains the federation names that were defined by the SysAdmin.For more information see, “Configuring a Federation Target” onpage 37.

Table 6 Erasure Code Options

Field Description

Erasure CodeAlgorithm: CRS

CRS (Cauchy Reed-Solomon) is the default algorithm.

Fragmentation:Data=9, Code=3

This configuration tolerates up to three drive failures and has a 33%storage overhead.

Fragmentation:Data=10, Code=6

This configuration tolerates up to six drive failures and has a 60%storage overhead.


Managing Policies

Federated replicas do not work if the clocks of the federation targetservers are not synchronized: the write to the federated replica fails,and the federated replica is marked as stale. Make sure the clocks ofthe federation target servers and the Atmos client server aresynchronized.

Read access Replica selection for read access determines how the Atmos clientchooses a replica when a read operation is performed. Typically, forprotection, availability, and performance purposes, Atmos objectshave multiple replicas. The client can choose any of the replicas intheir current state.

Options for read access are:

◆ geographic—chooses the closest replica in geographic terms.

◆ random—picks a replica at random.

Retention/Deletion Policies can specify retention and deletion (expiration) periods. Aretention period is a period during which the data cannot be modified.A deletion (expiration) period is a period after which the data isdeleted. Deletion (expiration) applies only to files, not directories.The retention and deletion fields are shown in Figure 17.

Figure 17 Policy Specification Rentention and Deletion Options

The periods are specified as month, day, hour, minute, and second. Ifboth retention and deletion are enabled, the deletion period must belonger than the retention period


84

Managing Policies

Policy SelectorsPolicy selection is a process where Atmos applies a set of XQueryexpressions to determine which policy is applied to the object. Thepolicy selection XQuery expressions are defined by a series of policyselector descriptions. Each selector descriptor specifies the selectioncriteria for a different policy, including the object operation, whichtriggers the policy. To complete the process, a policy specificationmust be selected from a list available to the subtenant.

IMPORTANT!Some objects may have one policy triggered on object (or metadata) creation and another triggered on object (or metadata) update. If so,at least one synchronous replica in the create policy specificationmust exactly match a synchronous replica in the update policyspecification, or the update will fail.

The Policy Selectors page, shown in Figure 18, is used to define policyselectors. This page is accessed by logging into Atmos as aTenantAdmin and clicking Add in the Policy Selectors area.

Figure 18 Policy Selector Page


Managing Policies

There are three ways to create a selector:

◆ User metadata—build the policy selector expression from themenu using user metadata tags

◆ System metedata—build the policy selector expression from themenu using system metadata tags

◆ Advanced Policy Selector—input the XQuery expressionmanually

Table 7 lists the available selector descriptions.

Table 7 Policy Selector Descriptions

Field Description

Specification Policy specifications available to the subtenant, which is used oncethe policy is triggered.

Metadata Tag Indicates which metadata field will be used to intercept. The field canbe either system metadata attribute or user metadata attributedepending on which method of entry is chosen. System metadatatags include:• atime—last access time• mtime—last modified time• ctime—change time• itime—create time• uid— UID from UID List, where you create new applications from• gid—group ID, N/A to Web Service users; ignore• size—object size in bytesThe time format for atime, mtime, ctime, itime is as follows:YYYY-MM-DDTHH:MnMn:SSZWhere: YYYY = Year, MM = Month, DD = Day, HH = Hour, MnMn =Minutes, SS = Seconds. Note that there is a T in between DD andHH, and also a Z at the end.For example, April 12, 2008 at 3:35 would be displayed as:2008-04-12T03:45:00Z

Policy Selectors 85

86

Managing Policies

Match Operator Indicates which operator will be used in the selector expression. Thefollowing operators are available:• Equals—matches the defined entry• Starts With—starts with the defined entry• Ends With—ends with the defined entry• Contains—contains the defined entry• <—less than the defined entry• =—equals the defined entry• >—greater than the defined entry• <=—less than or equal to the defined entry• >=—greater than or equal to the defined entry

Metadata Value Indicates what value will be intercepted for the Metadata Tag.

XQuery Expression Enter the XQuery expression that will be used to determine whichpolicy is applied to the object.For example, a query for all objects of .jpg file type would have thefollowing expression://objname[ends-with(.,'.jpg')]

On Event Indicates when the action is triggered. The following object eventscause evaluation of policies on existing objects:• ON_CREATE—this event is triggered when an object matching

this definition is created.• ON_SMD_UPDATE—this event is triggered when a change in the

system metadata of an object is made. System metadataincludes: atime, mtime, ctime, uid, gid, mode, ACL, DACL,expiration time, and retention time (ACL, expiration time, andretention time are extended attributes available in the Atmosreserved namespace). Policy evaluation is only triggered whenattributes are changed directly through commands, such aschmod, chown, and truncate. Attribute changes caused byindirect operations, such as modifying the data, does not triggerpolicy evaluation. Note that for write operations throughCIFS/Samba, the Samba server calls the utime subroutine tochange the modification and access times of the file touched,which will trigger policy evaluation.

• ON_UMD_UPDATE—this event is triggered when a change in theuser metadata of an object is made.

Table 7 Policy Selector Descriptions (continued)

Field Description


Managing Policies

Assigning a Policy Selector to a SubtenantAfter you define a policy, you assign it to a subtenant. Up to 16policies can be assigned to a single subtenant.


2. In the Policy Selectors area, click the Assign link for the policyselector to assign. The Assign Policy page appears.

3. Select the check box of the subtenant.

4. Click Submit.

Reordering PoliciesAtmos evaluates policies in the order in which they appear in thesystem. The first one that matches is used.

1. Login as SubtenantAdmin. The Subtenant Dashboard appears.

2. In the Policy Selectors area, click Reorder. The Reorder Policypage appears.

Assigning a Policy Selector to a Subtenant 87

88

Managing Policies

3. Use the Up and Down buttons to reorder the policies.

4. Click Submit.


7

This chapter describes how to configure and use Atmos systemmonitoring (the operational reporting framework), eventnotifications, system reporting, and log collection.

This chapter describes the following topics:

◆ Overview............................................................................................. 90◆ Operational Reporting Framework ................................................. 90◆ Alerts.................................................................................................... 94◆ Email alerts.......................................................................................... 94◆ SNMP support .................................................................................... 96◆ System reports .................................................................................. 104◆ Log files and log collection ............................................................. 107

System Monitoring,Events, & Reporting

System Monitoring, Events, & Reporting 89

90

System Monitoring, Events, & Reporting

OverviewAtmos provides various types of notifications and reports that helpyou to maintain and troubleshoot your Atmos system.

Atmos provides the following types of notificatons:

◆ alerts—created when situations result in errors and warnings, orto provide information. Sources may come from either hardwareor software.

◆ email— email notifications can be sent based on severity, whichwill trigger the email alerts. Each RMG has its own email alertconfiguration.

◆ SNMP—both SNMP trap generation and SNMP standard(MIB-II) MIB access are supported. For MIB access, the SNMPagent must be configured.

Atmos also provides log collection and system reports, which areused by EMC Technical Support when troubleshooting:

◆ log collection—collects logs for debugging purposes. After thelogs are collected, you can save the log package and send them toEMC Technical Support.

◆ system report—collects data about your Atmos configuration andsends a report to the EMC System Reports database, through theSystem Report (SYR) mechanism. System reports are sent to theEMC System Reports Database to improve customer service, andallow EMC to provide timely support for Atmos issues.

Operational Reporting FrameworkThe Operational Reporting Framework serves as an early warningsystem alerting you to unfavorable system conditions. The featureallows you to monitor Atmos system resources, which can save youtime and effort when troubleshooting system issues.

To use this feature, you must select monitor targets and threshold values.The monitor target is the service or resource you want to monitor. Thethreshold value triggers the reporting action when that value is eitherreached or exceeded. The reporting action sends out notifications toyou and includes alerts, emails, or SNMP traps.



To configure the operational reporting framework:


2. In the Operations area, click Reporting Framework. TheOperational Reporting Framework page appears. By default, the Memory, Filesystem, Swap, Sync Policy, Service Restart, Network Adapter Status, Node Temperature (not supported on Atmos Virtual Edition), and CPU alerts are configured.

3. To modify an existing reporting condition, click Edit (in theOperation column) on the same line as the condition you want tomodify.

To add a new reporting condition, click Add.

The Operational Reporting Framework Configuration pageappears.

4. Complete the fields on the page.

The Monitor Target is the name of the service or resource beingmonitored. Once a target is created, you can edit or delete theselected target, but you cannot create two conditions with thesame target. There are several valid values as shown below.

Operational Reporting Framework 91

92


Name Description

CPU Any CPU in the system. This enables the MauiNodeCPUSNMP trap, if SNMP is configured.

Memory System memory. This enables the MauiNodeMemorySNMP trap, if SNMP is configured. Because Atmos memoryutilization is often at 90% or higher, a threshold settingbelow 90% may result in many alerts.

Filesystem The database for storage, organization, manipulation, andretrieval of data. This enables the MauiNodeFileSystemSNMP trap, if SNMP is configured.

Swap A portion of the hard disk drive that is used for virtualmemory. This enables the MauiNodeSwap SNMP trap, ifSNMP is configured.

Service Status Status of all system services. This enables theMauiAppServiceCrash SNMP trap, if SNMP is configured.

Service Memory Memory consumption (in GB) of all system services. Thisenables the MauiAppServiceMemory SNMP trap, if SNMPis configured.

Sync Policy Propagation of policy changes (creation, deletion, ormodification) to replicas. This enables theMauiTrapPolicySyncFail SNMP trap, if SNMP is configured.

RMG Status RMG status or connection. This enables the MauiRmgDownSNMP trap, if SNMP is configured.

Segment Status Segment status or connection. This enables theMauiSegmentDown SNMP trap, if SNMP is configured.

Node Status Node status or connection. This enables theMauiNodeDown SNMP trap, if SNMP is configured.

Service Restart A service was restarted. This enables theMauiAppServiceRestart SNMP trap, if SNMP is configured.

Network Adapter Status Network service is shutdown. This enables theMauiNodeIntfCarrier SNMP trap, if SNMP is configured.

Node Temperature Node temperature is too high. This enables theMauiNodeTempThreshold SNMP trap, if SNMP isconfigured.



Note: As mentioned in the descriptions above, the Monitor Target valuescorrespond to SNMP traps. To enable these traps, you must configurethem as reporting conditions (in the procedure described in this section)and configure SNMP (see “SNMP support” on page 96”).

The Threshold Value is the value that triggers a reporting action.Valid values for Threshold Value depend on the setting forMonitor Target as shown below.

The Reporting Action is the action that is triggered after thethreshold is reached. Valid values are shown below.

The Number of Reports applies only if Monitor Target is set to CPU, Filesystem, Memory, Swap, or Service. This is the maximum number of times a report is generated during a given reporting period (from when the threshold is exceeded until the threshold is no longer exceeded).

5. Click Submit. You return to the Operational ReportingFramework page.

Monitor Target Threshold Value

CPU, Memory, Filesystem, Swap Usage > 70%... Usage > 95%

Service Status, Network Adapter Status Down

Service Memory Usage > 1 GB... Usage > 5 GB

Sync Policy Failed

Node Status, Segment Status, RMG Status Connection Lost

Service Restart Restart

Node Temperature Over Temperature

Action Description

Alert Add an alert to the database.

Email Send an email. Requires email configuration.

SNMP Trap Send an SNMP trap. Traps (notifications) can be sent to an SNMPnetwork-management station) to relay hardware failures and otherexceptions. Requires SNMP configuration (see “SNMP support” onpage 96).

Operational Reporting Framework 93

94


AlertsThe Alert Information area, which is displayed on the NodeInformation page, contains a list of alerts relative to the node, asshown in Figure 19. Alerts are created when situations result in errorsand warnings, or to provide information. Sources may come fromeither hardware or software.

Figure 19 Alert Information

The Alert Information that can be displayed includes:

◆ Severity—there are four levels of severity, each represented by acolor:

• Critical—red warning sign

• Error—red warning sign

• Warning—yellow warning sign

• Informational—orange warning sign

◆ Status—the state can be either New or Confirmed

◆ Received Time—time when the system receives the alert

◆ Description—a brief message about the alert

To confirm or delete an alert:

1. Click the navigation buttons to move between pages.

2. Click the row of the alert.

3. Click Confirm or Delete.

Email alertsThe Email Configuration page is used to set email alert options forthe RMG. Each RMG has its own email alert configuration.



Note: The SNMP daemon sends shutdown and coldstart alerts each time theSNMP daemon is shut down or restarted. To receive these email alerts, SMTPmust be configured and an email address must be provided on the UpdateMy Information page. When SNMP or SMTP is enabled, each node in theRMG may send multiple alerts.



3. In the Operations area, click Configure Email. The EmailConfiguration page appears.

4. Complete the fields as described below.

Field Description

Enable Alert Email Service Enable by selecting the check box and filing out the fields.This is required to receive email alerts.Important: Email alerts must be configured for at least oneRMG, for password-reminder emails to work.

Mail Sending Server IP address of the SMTP server that will deliver alertmessages and password-reminder emails.

User Account The user name of the mail-sending server, which is theemail address authenticated by the SMTP server.

Email alerts 95

96


5. Click Submit.

SNMP supportAtmos supports both SNMP trap generation and SNMP standard(MIB-II) MIB access. For MIB access, the SNMP agent must beconfigured. SNMP traps and the SNMP agent can be configured atthe same time or separately.

You can configure SNMP system-wide or for a specific RMG.

SNMP traps Traps (notifications) can be sent to an SNMP network-managementstation (NMS) to relay hardware failures and other exceptions. Thefeature is selectively enabled via the management user interface. Youneed to configure the address and port of the network-managementstation and the SNMP community name.

Traps require a network-management station to receive the traps,hardware to generate true hardware-related events, and themanagement interface to configure SNMP notifications. Specificevents are described in the event table, corresponding to hardwarefailures. Each particular failure should generate an SNMP trap that isreceived on the configured network-management station.

Atmos supports the SNMP traps listed in Table 8.

Password Account password.

Alert Severity For Mailing Severity which will trigger the email alerts: Critical, Error,Warning, or Informational.

Alert Email Account The email account to receive the alerts.

Field Description

Table 8 SNMP Traps

Component Trap Name/Identifier Monitor Target Value Description/Recovery

Cluster MauiTrapGeneric /.1.3.6.1.4.1.1139.16.1.1

— This is a generic trap used to testand verify connectivity.

Node MauiNodeDown/.1.3.6.1.4.1.1139.16.1.2

Node Status Node has lost power orconnectivity.Check the power or the networkadapter.



Node MauiNodeTempThreshold /.1.3.6.1.4.1.1139.16.1.3

Node Temperature Node temperature is too high.Power down the node and fix thetemperature problem.

Node MauiNodeIntfCarrier /.1.3.6.1.4.1.1139.16.1.4

Network Adapter Status The external network interface isdisconnected.Plug in the network cable.

Disk array enclosure (DAE) MauiDAEDiskFailure.1.3.6.1.4.1.1139.16.1.5

— A DAE disk failed.Replace the drive.

DAE MauiDAEFanOperation /.1.3.6.1.4.1.1139.16.1.6

— A DAE fan is not reporting backcorrectly.Replace the fan unit.

DAE MauiDAEBackplane /.1.3.6.1.4.1.1139.16.1.7

— (Not supported on currenthardware.)

DAE MauiDAEEnclosureFail /.1.3.6.1.4.1.1139.16.1.8

— DAE controller failure.Replace the DAE enclosurecontroller.

DAE MauiDAETempThreshold /.1.3.6.1.4.1.1139.16.1.9

— DAE temperature is too high.Correct the heat problem.

Application MauiAppServiceRestart /.1.3.6.1.4.1.1139.16.1.10

Service Restart mmon reports that it restarted anapplication.

Node MauiNodeCPU /.1.3.6.1.4.1.1139.16.1.13

CPU There is high CPU use at a node.Restart the service that consumestoo much CPU.

Node MauiNodeMemory /.1.3.6.1.4.1.1139.16.1.14

Memory There is high memory use at anode.Restart the service that consumestoo much memory.

Node MauiNodeFileSystem /.1.3.6.1.4.1.1139.16.1.15

Filesystem There is high file-system use at anode.Add more disks or nodes, or free upunused space

Node MauiNodeSwap /.1.3.6.1.4.1.1139.16.1.16

Swap There is high swap-space use at anode.Restart the service that consumestoo much memory.

Application MauiAppServiceCrash /.1.3.6.1.4.1.1139.16.1.17

Service Status An Atmos service crashed.Restart the service.

Table 8 SNMP Traps (continued)


SNMP support 97

98


Application MauiAppServiceMemory /.1.3.6.1.4.1.1139.16.1.18

Service Memory An Atmos process uses too muchmemory.Restart the service if necessary.

Cluster MauiTrapPolicySyncFail /.1.3.6.1.4.1.1139.16.1.20

Sync Policy Policy synchronization failed.Repeat the policy synchronizationprocedure.

RMG MauiRmgDown.1.3.6.1.4.1.1139.16.1.21

RMG Status RMG has lost power or connectivity.Check the power or the networkadapter.

Segment MauiSegmentDown /.1.3.6.1.4.1.1139.16.1.22

Segment Status Segment has lost power orconnectivity.Check the power or the networkadapter.

Management DB MAUI_MGMTDB_OID.1.3.6.1.4.1.1139.16.1.28

pgreplicate/postgresqlservice status

A mangement database servicehas stopped.Manually start the stopped service.

DAE MauiDAECriticalEvent.1.3.6.1.4.1.1139.16.1.29

— DAE has a critical failure. Check thepower supply for a failure.

Cluster RECOVER_DISK_OID.1.3.6.1.4.1.1139.16.1.98

Filesystem An SS disk has potentially failed.Manually verify that the disk hastruly failed.

Cluster NUM_EXCEPTION_RECS_OID.1.3.6.1.4.1.1139.16.1.99

Filesystem Number of exceptional objects tobe recovered on the node. Thesystem is polled for exceptionalobjects every 12 hours. Exceptionalobjects will be recoveredautomatically by Atmos every 24hours.

Table 8 SNMP Traps (continued)




Dell traps Atmos forwards Dell OpenManage hardware traps (10892.mib anddcstorag.mib) to either your NMS or email. All Dell system traps forall severities (informational, warning, and critical) are forwarded. Toreceive these traps as email alerts, SMTP must be configured and anemail address must be provided on the Update My Information page.When SNMP or SMTP is enabled, each node in the RMG may sendmultiple alerts. Atmos Virtual Edition does not support forwardingDell OpenManage hardware traps, even if the ESX server is a Dellsystem.

For a complete description of the instrumentation traps that can beforwarded by Atmos, see the Dell OpenManage SNMP Reference Guide.

SNMP agent The SNMP agent is the SNMP daemon that runs on Atmos andlistens on the SNMPD port for SNMP requests from an NMS.Whereas SNMP traps are sent from Atmos to an NMS, SNMPrequests are sent from NMS to Atmos.

The following SNMP standard MIBs are available for query throughSNMP:

◆ system {mib-2 1}◆ interfaces {mib-2 2}◆ at {mib-2 3}◆ ip {mib-2 4}◆ icmp {mib-2 5}◆ tcp {mib-2 6}◆ udp {mib-2 7}◆ snmp {mib-2 11}◆ host resources {mib-2 25}◆ snmpv2 {internet 6}

For details on these MIBs, see IETF (Internet Engineering Task Force)RFC 1213.

Configuring SNMP There are two SNMP configuration pages: System SNMPConfiguration and RMG SNMP Configuration. The System SNMPConfiguration page is used to configure SNMP system-wide, whereasthe RMG SNMP Configuration page is used to configure SNMP forone RMG. Both configuration pages are configured in the same way.

SNMP support 99

100


To configure SNMP:


2. Do one of the following:

• To configure SNMP system-wide: In the Operations area, clickSNMP Configuration. The System SNMP Configuration pageappears.

• To configure SNMP for one RMG: In the RMG List area, clickDetail for a given RMG. The RMG Summary page for thatRMG appears. In the Operations area, click Configure SNMP.The RMG SNMP Configuration page appears.

Both the System SNMP Configuration and RMG SNMPConfiguration pages are shown below.



3. (RMG configuration only) To use system-level SNMP settings forthis RMG, select the Use system SNMP configuration check box.If you select Use system SNMP configuration, all other fields aregrayed out.

To configure SNMP for just the specified RMG, de-select Usesystem SNMP configuration and continue below.

Note: If you previously specified system-level SNMP settings, Use system SNMP configuration is selected. By deselecting it and entering different information in the RMG SNMP Configuration page, you can change the settings for just the specified RMG.

4. Fill out the fields in the NMS Configuration area:

• NMS Host Address — Enter the IP address or host name.

• NMS Host Port — Enter the port number. The default is 162.

• NMS Community Name — Enter the SNMP communityname for the NMS.

5. Fill out the fields in the SNMP Trap Configuration area:

SNMP support 101

102


• Enable SNMP Traps — Select this check box to enable theconfiguration; this means SNMP trap messages are sent. If thisbox is not checked, the configuration is saved but the “enable”flag is not set, so SNMP trap messages are not sent.

• Send System Uptime Trap Every 30 Seconds — This is usedas a node-heartbeat mechanism by an SNMP NMS.

Note: The settings for Enable SNMP and Send System Uptime Trap Every 30 Seconds apply to the entire system or RMG (depending on whether you are using the System SNMP Configuration or RMG SNMP Configuration page). The settings for these two fields that get stored are the settings in effect when you click Submit at the end of this procedure.

6. When the NMS Host Address, NMS Host Port, and CommunityName fields are filled in, the Test button is enabled. Click this totest the connection to the NMS server. A “busy” icon is displayedwhile the test is ongoing. The result message (the popup) will beprompted after the test finishes.

• If the NMS server test is unsuccessful, one of several errormessages appears, depending on the circumstances. Retry thetest or contact EMC Customer Support.

• If the NMS server test is successful, a success messageappears; click OK to proceed. On the SNMP Configurationpage, the Add button is now enabled. Click Add; the NMSserver is added to the Atmos database, and information aboutthe server is listed on the SNMP Configuration page, as shownbelow. For each server that you add, links are provided to Test(to retest a server that was added previously) and Delete theserver.



7. (Optional) To add additional SNMP servers: specify additionalvalues for NMS Host Address, NMS Host Port, and NMSCommunity Name. Click Test and wait for the test to complete,then click Add. If multiple servers are configured, they are listedon the SNMP Configuration page in the order in which they areadded, and they are tried by Atmos in that same order.

8. If needed, configure the trap(s) of interest as reporting conditions.While some SNMP traps are enabled by default, some traps alsomust be configured as reporting conditions to be enabled. Thesetraps are the ones listed in “SNMP traps” on page 96” that haveentries in the Monitor Target Value column. The Monitor Targetmust be specified when configuring these traps as reportingconditions.

9. Select the Enable SNMP Agent for MIB Access checkbox and fillout the fields in the SNMP Agent Configuration area:

SNMP support 103

104


• SNMP Agent Community Name — Enter an agentcommunity name. This name will be compared with the NMSCommunity Name used in the SNMP query. The two namesmust match for the SNMP daemon to respond to the SNMPquery/request.

• SNMP Agent Contact Email — Optionally, enter an emailaddress of the system contact for SNMP information. Thisfield is populated in the “system” MIB, in the sysContact OID.

10. Click Submit.

System reportsAtmos can collect system configuration data and send a report to theEMC System Reports database, through the System Report (SYR)mechanism. System reports are sent to the EMC System ReportsDatabase to improve customer service, and allow EMC to providetimely support for Atmos issues.

Configuring systemreports

The System Report Configuration page is used to configure Atmos tobe able to securely send Atmos configuration information to EMCsupport personnel. This enables EMC to receive detailed informationabout your Atmos environment, including: system information, RMGinformation, and tenant information. An SMTP connection is used tosend the configuration information. Once the configurationinformation is received, it is analyzed by a service automation toolcalled SYR. SYR serves as a repository for configuration data and isused to provide faster problem resolution.

The procedure in this section configures Atmos for system reporting.To actually collect the data, see “Collecting system reports” onpage 106.

Before using system report configuration, a software serial numbermust be provided and email service must be configured.

To configure system reports:


2. In the Operations area, click System Report Configuration. TheSystem Report Configuration page appears.



If you have not already configured the software serial numberand an SMTP server, a warning message appears on the page (asshown below), and you cannot configure system reporting (theEnable system report service check box is disabled).

3. To enable system reporting, select the Enable system reportservice check box, and fill in the other fields on the page:

• Customer Name — The name of a contact person at thecustomer site.

• Site ID — A value that uniquely identifies the site location.

• Customer Contact Email — An email address to which amessage is sent, indicating whether the report collection wassuccessful. If it was successful, a complete copy of thecollected data also is sent to this address.

• Customer Contact Name — Optional. Name of the customercontact.

4. To disable system reporting that was already set up, deselect thecheck box and click Save.

5. Click Save.

System reports 105

106


Collecting systemreports

The Collect System Report page is used to collect and then sendAtmos configuration information to EMC support personnel. Thisfeature is enabled and configured using the System ReportConfiguration page. Once the configuration information is collected,it is sent to a service automation tool called SYR, which serves as arepository for configuration data and is used to provide fasterproblem resolution.

Before you can collect system reports, you must configure systemreporting (see “Configuring system reports” on page 104).

EMC recommends that you collect a system report after installationor upgrade, and both before and after making configuration changes.This provides EMC with a record of the current configuration of acustomer's system, which can be helpful in resolving issues.

To collect system reports:


2. In the Operations area, click Collect System Report. The CollectSystem Report page appears, first indicating that system-reportinformation collection is in process, then indicating that theinformation collection has completed and will be sent to SYR(EMC’s internal name for its System Reporting group).

If you navigate away from the Collect System Report page beforethe information collection completes, the information continuesto be collected and, if it succeeds, the report is sent. Regardless ofwhether it succeeds, you do not receive any status information.



Log files and log collectionEach Atmos node has numerous logs. The MDS and SS, for example,maintain many log files that are used by Atmos to improve systemperformance.

A portion of the available disk space is consumed by log files. Forexample, the MDS maintains 1000 log files by default, whichconsumes about 10 GB of disk space (once MDS has claimed this diskspace, it is reserved even if the objects that were written are deleted).The SS also maintains many log files, which are removed every 12hours by default. Logging defaults can be changed. For moreinformation, contact EMC Technical Support.

EMC Technical Support may ask you to collect logs for debuggingpurposes.

To collect the logs:


2. Under Operations, click Collect Logs. A warning notice appears:log collection takes several minutes, impacts system performance,and prevents you from doing anything else with thesystem-management GUI.

3. To proceed, click OK. The Log Collection page appears.

Log files and log collection 107

108


4. To view the log, click Download the log package. (A log package isa collection of logs from multiple nodes.) The log packagedownloads, and you are prompted whether to open or save it.

5. Click Open, Save, or Cancel.


8

This chapter describes how to export NFS and CIFS directly fromAtmos, using the system-management GUI.

This chapter describes the following topics:

◆ Overview........................................................................................... 110◆ Configuring NFS .............................................................................. 110◆ Configuring CIFS ............................................................................. 113

Configuring NFS/CIFSAccess

Configuring NFS/CIFS Access 109

110

Configuring NFS/CIFS Access

OverviewThis chapter describes how to export NFS and CIFS directly fromAtmos, using the system-management GUI.

To enable NFS or CIFS access to Atmos nodes:

◆ The SysAdmin adds Atmos nodes to a tenant, so that tenant (andits subtenants) can be accessed via the NFS/CIFS service of thosenodes. For more information, see “Adding Nodes to a Tenant” onpage 55.

◆ Then the TenantAdmin or SubtenantAdmin adds or editsmount-point shares of NFS/CIFS on the appropriate nodes, for aspecific subtenant. For more information, see “Configuring NFS”on page 110 or “Configuring CIFS” on page 113.

Note: Before you configure NFS or CIFS access to Atmos, you shouldsynchronize your external servers’ times with your Atmos NTP server time(see “Configuring NTP (Network Time Protocol)” on page 37.

Configuring NFS1. Do one of the following:

• Login as SubtenantAdmin. The Subtenant Dashboard appears.

• Login as a TenantAdmin. On the Tenant Dashboard, in theSubtenant List area, click Edit next to a subtenant. TheSubtenant Information page appears.

On either page (Subtenant Dashboard or Subtenant Information),the area called Access Nodes for NFS/CIFS shows a list of nodeswith the NFS or CIFS service which can be accessed.



2. Under Service Type, click the appropriate NFS link. The NodeNFS Information page appears.

3. To get details about a share, move your mouse anywhere over thetable row for that share, and a popup window appears. To add anew NFS share, click Add. To edit or delete a current share, clickEdit or Delete for that share. If you click Add or Edit, the NFSConfiguration page appears.

4. Add or edit the fields on the NFS Configuration page. Parameterswith red asterisks are required.

Field Description

Share Path If you are editing an existing share, this field is populated andcannot be changed. This is a directory to which the user of theservice is to be given access. This should be the full path nameof the directory from the root of the tenant namespace.

Configuring NFS 111

112


Allow Host The hosts that access the share. Valid values are:Single machine—A fully qualified domain name (which can beresolved by the server), hostname (which can be resolved by theserver), or IP address.Series of machines specified with wildcards—Use the * or ?character to specify a string match. Wildcards are not to be usedwith IP addresses; however, they may work accidentally ifreverse DNS lookups fail. When specifying wildcards in fullyqualified domain names, dots (.) are not included in the wildcard.For example, *.example.com includes one.example.com butdoes not include one.two.example.com.IP networks—Use a.b.c.d/z, where a.b.c.d is the network and z isthe number of bits in the netmask (for example, 192.168.0.0/24).Another acceptable format is a.b.c.d/netmask, where a.b.c.d isthe network and netmask is the netmask (for example,192.168.100.8/255.255.255.0).Netgroups—Use the format @group-name, where group-nameis the NIS netgroup name.

Permission Specifies whether the directory is read-only or has read/writepermissions The default is Read/Write.

Authorization User access. Valid values are:all_squash—Treat all client users as anonymous users.root_squash—Do not treat a remote root user as local root.no_root_squash—Treat a remote root user as local root. This isthe default.

Sync Write If Yes, the server cannot reply to requests until the changesmade by the request are written to the disk. The default value isYes.For advanced parameters, click the Advanced check box andspecify the advanced parameters. The advanced parameters areused to define and map user and group IDs to anonymousaccounts. Advanced parameters are optional.

Secure If Yes, requires that all requests originate from a port lower than1024. If No, requests from any port number are accepted. Thedefault is Yes.

Anonymous UID Sets the user ID of the anonymous account, to map all requeststo one user.

Anonymous GID Sets the group ID of the anonymous account, to map all requeststo one user.

Squash UIDs A list of user IDs that are subject to anonymous mapping; forexample: 0-15,20,25-50.

Field Description



Configuring CIFSAll CIFS configuration should be done through thesystem-management GUI. Do not modify the Samba/CIFSconfiguration file manually.

Atmos does not support two different CIFS shares with the sameshare path on different nodes, unless the nodes have been configuredfor high availability. For more information on how to configurehighly available CIFS shares in an Atmos environment, see the EMCAtmos CIFS Failover using Microsoft Distributed File System whitepaper.

Active Directory Active Directory is supported for authenticating only CIFS users(UIDs), not Atmos administrators.

The Atmos CIFS server can be a member of Microsoft ActiveDirectory. In this mode, clients can be authenticated centrally by anActive Directory server. We recommend you use Active Directorywhen most clients belong to a Windows domain.

Note: If you intend to configure Active Directory for CIFS authentication, then before configuring CIFS node properties in the following procedure, be sure to synchronize your Active Directory server time with your Atmos NTP server time. For more information about configuring anexternal NTP server, see the EMC Atmos Installation and UpgradeGuide.

1. Login as a TenantAdmin. On the Tenant Dashboard, in theSubtenant List area, click Edit next to a subtenant. The SubtenantInformation page appears.

The area called Access Nodes for NFS/CIFS shows a list of nodeswith the NFS or CIFS service which can be accessed.

Squash GIDs A list of group IDs that are subject to anonymous mapping; forexample, 0-15,20,25-50.

Field Description

Configuring CIFS 113

114


2. Under Service Type, click the appropriate CIFS link. The NodeCIFS Information page appears.

3. Do one of the following:

• To get details about a share, move your mouse anywhere overthe table row for that share, and a popup window appears.

• To delete a share, click Delete for that share. The Node CIFSInformation page gets updated by removing the share youdeleted.

• To prepare to add your first CIFS share, click NodeConfiguration. The CIFS Node Configuration page appears.Continue with “Configuring CIFS Node Properties” onpage 115. You should do node configuration before adding thefirst share.

• To add a new CIFS share (after doing a CIFS Nodeconfiguration), click Add. The CIFS Share Configuration pageappears. Continue with “Adding or Editing a CIFS Share” onpage 119.

• To edit an existing CIFS share, click Edit for that share. TheCIFS Share Configuration page appears. Continue with“Adding or Editing a CIFS Share” on page 119.



Configuring CIFSNode Properties

1. Start with the CIFS Node Configuration page.

2. Edit the fields on this page. If the Shared security option isselected, you must provide a Netbios Name. If the ADS securityoption is selected, you must provide the RID Range, ActiveDirectory Domain, Active Directory Administrator, ActiveDirectory Password, and Active Directory DNS parameters.

Field Description

Node Name The name of the node.

Workgroup The workgroup your server will appear to be in when queried byclients. The default is WORKGROUP. When Security is set toADS, Workgroup is the short name of the domain. If you definethe wrong value, the server will not be able to join the ADSdomain.

Server String The string that will appear in the browse lists next to the machinename. The default is EMC_Atmos.

Netbios Name The NetBIOS name by which a server is known. By default, thisis the same as the first component of the host's DNS name.


116


Allowed Hosts A set of hosts which are permitted to access a service. Settingsapply to all services, regardless of whether the individual servicehas a different setting. You can specify the hosts by name or IPnumber. You also can specify hosts by network/netmask pairsand by netgroup names if your system supports netgroups. Thedefault is no entry, meaning all hosts are allowed. Here areseveral examples.Example 1: Allow all IPs in 150.203.*.*; except one:150.203. EXCEPT 150.203.6.66Example 2: Allow hosts that match the given network/netmask:150.203.15.0/255.255.255.0Example 3: Allow two specific hosts:lalans, calomb

Preferred Master Controls the election of a master node in the CIFS domain andwhether nmbd is a preferred master browser for its workgroup.(nmbd is a daemon service involved in the CIFS server. Itqueries the domain or share names in the domain.)Valid values are Yes, No, and Auto. If Yes, nmbd has a slightadvantage in winning the election. If No, nmdb cannot win theelection. If Auto, the election is random. The default is No.

Encrypt Passwords Specifies whether to encrypt CIFS user passwords. By default,Windows NT 4.0 SP3 and above and Windows 98 expectencrypted passwords. The default is Yes.

Winbind Use DefaultDomain

Specifies whether the winbindd daemon operates on userswithout a domain component in their usernames. Users without adomain component are treated as part of the winbindd server'sown domain. The default is No.

IDmap UID The range of user IDs that are allocated for the purpose ofmapping UNIX users to NT user SIDs. This range of user IDsshould not contain any existing local or NIS users; that is, itshould be beyond the maximum UID value of the local system, toavoid overlapping.

IDmap GID The range of group IDs that are allocated for the purpose ofmapping UNIX groups to NT group SIDs. This range of group IDsshould not contain any existing local or NIS groups; that is, itshould be beyond the maximum GID value of the local system, toavoid overlapping.

Field Description



Security Affects how clients respond to the server. There are two options,Share and ADS. There are two security modes Atmos does notsupport: User (because Atmos does not support internal CIFSuser management) and Domain.* Share—The client authenticates itself separately for eachshare. With each connection request, a client sends a password,but not a user name (although modern CIFS client do send auser name; for example, Windows XP sends the current loginname). The client expects a password to be associated witheach share, independent of the user. The CIFS server mustdetermine what user name the client wants to use.

Note: Share mode should only be used for testing purposes.

Atmos CIFS does not support user configuration, so with Sharesecurity mode, the only use model is configuring a CIFS shareas an anonymous read-only server.There are several techniques to determine the correct UNIX userto use on behalf of the client:1. If the Guest Only parameter is set, the user is immediately

granted access to the share with the rights of the user“nobody,” no password checking is performed, and all newfiles will belong to the user “nobody.”

2. If a username is sent with the share-connection request, thatusername is added as a potential username.

3. If the client did a previous logon request (the SessionSetupSMB call), the username sent in this SMB is added as apotential username.

4. The name of the service the client requested is added as apotential username.

5. The NetBIOS name of the client is added to the list as apotential username.

6. Any users on the user list are added as potential usernames.Active Directory:* ADS—The Atmos CIFS server can be a member of MicrosoftActive Directory. In this mode, clients can be authenticatedcentrally by an Active Directory server. We recommend you useActive Directory when most clients belong to a Windows domain.If ADS is selected, the CIFS Node Configuration page expandsto display the additional ADS settings (all fields listed below,which appear below Security on the image above).

User Name Mapping By default, Atmos currently uses Active Directory Relative ID(RID) user mapping schema. This schema maps the RID of anobject AD Security ID to a range specified in the CIFSconfiguration to provide a unique ID for a user/group. Thisschema is only valid for a Single Domain.

Field Description


118


3. Click Submit.

As mentioned above, this configuration will fail unless yourexternal servers’ times are synchronized with the Atmos NTPserver time (see “Configuring NTP (Network Time Protocol)” onpage 37. To ensure this, a dialog box appears with the followingnotice:

Is your Active Directory server time synchronized withyour Atmos NTP server time? If not, DO NOT PROCEED. Seethe Atmos documentation for details.

If your Active Directory server times are synchronized, click OKon the dialog, to return to the Node CIFS Information page.Otherwise, click Cancel on the dialog, to return to the CIFS NodeConfiguration page.

RID Range Specifies the range of user/group IDs that are allocated for thepurpose of mapping UNIX users to NT user RIDs. This range ofuser IDs should not contain any existing local or NIS users orgroups; that is, it should be beyond the maximum UID value ofthe local system to avoid overlapping. A sample range is 20001 -30000.

Active DirectoryDomain

The fully qualified domain name of the database server. TheActive Directory domain is used as the Active Directory serviceequivalent of the NT4 domain. This must be specified inall-capital letters.

Active DirectoryServer

A directory service used to store information about the networkresources. The Active Directory server is either an IP address ora simple host name.

Active DirectoryAdministrator

The user name of the Active Directory administrator.

Active DirectoryPassword

The password of the Active Directory administrator.

Active Directory DNS The IP address or simple host name of the Active Directory DNSserver.

Field Description



Adding or Editing aCIFS Share

1. Start with the CIFS Share Configuration page.

2. Edit the fields on the CIFS Share Configuration page. Parameterswith red asterisks are required.

Field Description

Node Name The name of the node.

Tenant The tenant in which the node is a member.

Subtenant The subtenant in which the node is a member.

Share Name The name of the directory to be shared.

Share Path A directory to which the user of the service is to be given access.

Public If Yes, no password is required to connect to the service;privileges are those of the guest account. The default is Yes.

Browseable Controls whether this share is seen in the list of available sharesin a net view and in the browse list. The default is Yes.

Read Only If Yes, users of the service cannot create or modify files in theservice's directory. The default is No.

Comments This text field is seen next to a share when a client queries theserver, either via the network neighborhood or via net view to listwhat shares are available.

Guest Only If Yes, only guest connections to the service are permitted. Thisparameter has no effect unless Public is set for the service. Thedefault is Yes.


120


3. Click Submit. You return to the Node CIFS Information page.

Valid Users A list of groups/users who are allowed to login to this service. Ifthis is empty (the default), any user can login. Groups arespecified using the @ symbol. To specify a group namedGroup1, you would enter @Group1. To specify a user nameduser1, you would enter user1. To specify both Group1 andUser1, you would enter: @Group1, User1

Create Mask When a file is created, the necessary permissions are calculatedaccording to the mapping from DOS modes to UNIXpermissions, and the resulting UNIX mode is bit-wise AND-edwith this parameter. This parameter may be thought of as abit-wise mask for a file’s UNIX access modes. Any bit not sethere is removed from the modes set on a file when it is created.The default value of this parameter removes the “group” and“other” write and execute bits from the UNIX modes.

Directory Mask The octal modes used when converting DOS modes to UNIXmodes when creating UNIX directories. When a directory iscreated, the necessary permissions are calculated according tothe mapping from DOS modes to UNIX permissions, and theresulting UNIX mode is bit-wise AND-ed with this parameter.This parameter may be thought of as a bit-wise mask for adirectory’s UNIX access modes. Any bit not set here is removedfrom the modes set on a directory when it is created. The defaultvalue of this parameter removes the “group” and “other” write bitsfrom the UNIX mode, allowing only the user who owns thedirectory to modify it.

Write List A list of groups/users who have read-write access to a service(comma separated). This option overrides the Read Onlyparameter. To specify a group named Group1, you would enter@Group1. To specify a user named user1, you would enteruser1. To specify both Group1 and User1, you would enter:@Group1, User1

Field Description


9

This chapter explains how to obtain performance data from anyworkstation that can access an Atmos server. This chapter describesthe following topics:

◆ Overview........................................................................................... 122◆ Example: Getting the Statistics....................................................... 123◆ Example: Resetting the Counters................................................... 125

Getting PerformanceData

Getting Performance Data 121

122

Getting Performance Data

OverviewThe /wsstats Web page presents basic Web-services performancedata. Performance data can be obtained by anyone with networkaccess to the HTTP servers that run on Atmos nodes. There are twoways to get the performance data. From any workstation that canaccess an Atmos server running httpd (the HTTP daemon), do one ofthe following:

◆ Point your browser to http://node-name/wsstats. Theperformance data for that server is displayed.

◆ Run a program to do a GET of http://node-name/wsstats. Asimple XML document is returned for reading or machineconsumption. An example is shown below; the items you inputare in bold.

Above, node-name is the Atmos node name or IP address of an Atmosserver running httpd. For many installations, this is an IP address. Ifthe node on which the Apache Web server is installed has a FullyQualified Domain Name (FQDN), however, a hostname is returned(as shown in “Example: Getting the Statistics” on page 123).

Each node has a separate instance of the Web server and, hence, aseparate instance of wsstats to be collected by the client. If there is aload balancer in front of Atmos at your installation (a commonoccurrence), node-name is not the concentrator, but the Atmos nodesto which the concentrator points.



Example: Getting the StatisticsThe example requests use REST request syntax.

In the examples, curl is a command utility that allows one to doHTTP transactions from the command line, instead of interactivelyusing a browser.

Request [root@deuce /]# curl -v http://10.5.113.242/wsstats* About to connect() to 10.5.113.242 port 80 (#0)* Trying 10.5.113.242... connected* Connected to 10.5.113.242 (10.5.113.242) port 80 (#0)> GET /wsstats HTTP/1.1> User-Agent: curl/7.16.4 (x86_64-redhat-linux-gnu)libcurl/7.16.4 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.8> Host: 10.5.113.242> Accept: */*>< HTTP/1.1 200 OK< Date: Wed, 27 May 2009 21:03:39 GMT< Server: Apache< Content-Length: 559< Connection: close< Content-Type: text/xml;charset=ascii

Response <WSStat><Node name="10.5.113.242"/><ReadsPerSec>675.80</ReadsPerSec><WritesPerSec>1102.43</WritesPerSec><DeletesPerSec>171.57</DeletesPerSec><TransPerSec>1949.80</TransPerSec><MeanReadLatencyMS>4.557</MeanReadLatencyMS><MeanWriteLatencyMS>153.282</MeanWriteLatencyMS><MeanLatencyMS>89.206</MeanLatencyMS><Reads>31087</Reads><Writes>50712</Writes><Deletes>7892</Deletes><Total>89691</Total><ReadLatencyMS>141660</ReadLatencyMS><WriteLatencyMS>7773233</WriteLatencyMS><DeleteLatencyMS>86112</DeleteLatencyMS><UptimeMS>46711</UptimeMS>

</WSStat>* Closing connection #0[root@deuce /]#

Example: Getting the Statistics 123

124


Browser Output

Output Fields The output is interpreted as follows:

◆ Node name is the server name in the node-name field of therequest for the /wsstats page, as defined by the Apache Webserver when it logs.

◆ Reads, Writes, and Deletes are defined in Table 9.

◆ Total is the sum of reads, writes, and deletes.

◆ The per-second (PerSec) rate for each of the three transactiontypes is calculated as the count divided by the total uptime sincethe last server restart.

◆ Mean latency is the sum of the individual latencies reported atlogging time, divided by the total number of transactions. Therealso are latencies calculated by operation type in a similarmanner.

Table 9 Reads, Writes, and Deletes

REST SOAP

Reads GET and HEAD transactions List, Get, and Read transactions

Writes PUT and POST transactions Create, Set, Update, and Version Transactions

Deletes DELETE transactions Delete transactions



◆ Separately, the total accumulated latency is reported for eachoperation (ReadLatencyMS, WriteLatencyMS, andDeleteLatencyMS) and for the uptime (UptimeLatencyMS), inmilliseconds. This allows you to sample at any requiredfrequency and calculate latencies for that interval.

Example: Resetting the CountersTo reset all the counters, add the query string ?reset:

Request [romanm2@deuce ~]$ curl -vhttp://deuce.lss.emc.com/wsstats?reset* About to connect() to deuce.lss.emc.com port 80 (#0)* Trying 168.159.116.103... connected* Connected to deuce.lss.emc.com (168.159.116.103) port80 (#0)> GET /wsstats?reset HTTP/1.1> User-Agent: curl/7.16.4 (x86_64-redhat-linux-gnu)libcurl/7.16.4 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.8> Host: deuce.lss.emc.com> Accept: */*>< HTTP/1.1 200 OK< Date: Wed, 30 Jul 2008 18:27:03 GMT< Server: Apache/2.2.8 (Fedora)< Content-Length: 276< Connection: close< Content-Type: text/xml;charset=ascii

Example: Resetting the Counters 125

126


Response <WSStat><Node name="deuce.lss.emc.com"/><ReadsPerSec>0.00</ReadsPerSec><WritesPerSec>0.00</WritesPerSec><DeletesPerSec>0.00</DeletesPerSec><TransPerSec>0.00</TransPerSec><MeanReadLatencyMS>0.000</MeanReadLatencyMS><MeanWriteLatencyMS>0.000</MeanWriteLatencyMS><MeanLatencyMS>0.000</MeanLatencyMS><Reads>0</Reads><Writes>0</Writes><Deletes>0</Deletes><Total>0</Total><ReadLatencyMS>0</ReadLatencyMS><WriteLatencyMS>0</WriteLatencyMS><DeleteLatencyMS>0</DeleteLatencyMS><UptimeMS>0</UptimeMS>

</WSStat>* Closing connection #0


Glossary

This glossary contains terms related to the Atmos system. Many ofthese terms are used in this manual.

Cclient Data access is provided through either a file-system client or a web

services client.

customer network The “public” network that connects nodes. The customer networkhandles data traffic. It is assigned an externally facing IP address onthe customer’s network.

Ffederation When defining policies, replicas can be federated. Federated replicas

are distributed across a combination of internal Atmos systems andexternal Atmos-based systems. Atmos supports access to federateddata via file-system and Web-services access mechanisms.

file-system client File-system access is provided via NFS (Network File System), CIFS(Common Internet File System), or installable file systems for specificoperating systems.

GGeoProtect Provides better protection optimized for the cloud. GeoProtect

increases the availability of your content, reduces storage overhead,and improves access to content.


128

Glossary

Iinitial master node The first node installed in the first installation segment in the first

RMG in the system (during system installation). There is only oneinitial master node in an entire Atmos system.

installation segment A set of nodes that share the same “private,” management subnet.Functionally, this is a set of nodes that share the same master node.The other nodes in the installation segment are slaves. An installationsegment is one or more racks.

JJS Job Service. The JS is responsible for all asynchronous

data-maintenance tasks. The JS runs on most Atmos nodes and is anapplication that sits on top of the client software. It is called by theMDS.

Llocation Typically identifies the physical location of the RMG. The RMG’s

location is specified during system installation.

Mmanagement network The “private” network that handles internal management and

installation. It automatically is assigned a private IP address.

master node The first node installed in each installation segment. It always has-001 appended to its node name. When a new RMG is added to thesystem, it has one installation segment, hence one master node. Ifmore installation segments are added to that RMG later, there aremore master nodes: an RMG with N installation segments has Nmaster nodes. The very first master node in an Atmos system is theinitial master node.

MDS Metadata Service. This is where metadata is stored.

MDLS Metadata Location Service. The MDLS is a large, distributed indexthat maps object IDs to the MDSs responsible for those objects. Thepurpose of the MDLS is to determine an MDS that will handle thedata request.


Glossary

metadata One of two components of an object, along with user data. Metadatais divided into:

• System metadata — Examples are filename, file size, modificationdate, timestamps, and access-control lists.

• User metadata — This comprises arbitrary key/value pairs.Examples of user metadata is artist name (for example, for MP3data) and customer type.

Nnamespace Data access provided by a file-system client occurs in the context of a

namespace.

node A physical server containing a collection of Atmos services. Eachnode contains one client (a Web services client or a file-system client),zero or one RMSs, zero or one MDLSs, multiple MDSs, one SS.

PPB Petabyte, 1015 bytes.

PM Policy Manager service.The PM is part of the MDS. It stores policiesand selecting appropriate policies for objects and instantiatingabstract policies into concrete layout descriptions.

policy A combination of a policy selector and a policy specification.

policy selector The conditions under which a policy is triggered. If you view a policyas an if-then statement: the selector is the “if” clause.

policy specification A description of what happens when a policy is selected for use, suchas information about replicas, striping, and server attributes. If youview a policy as an if-then statement: the specification is the “then”clause.

RRMG Resource Management Group. A collection of installation segments

that share a single domain. In almost all cases, this is equivalent to asubnet on the “public,” customer network. You can create multiple


130

Glossary

RMGs on the same subnet, as long as each RMG has a uniqueaddress. RMGs are responsible for monitoring and discovering nodeswithin the subnet.

RMS Resource Manager Service. The RMS constantly probes the networkto find out what machines are on the network, what services arerunning on those machines, and what properties those services have.Properties vary according to the service, such as total storageavailable, unused storage, location, and features like compression,encryption, and striping.

SSS Storage Server. A physical server on which user data is stored.

subtenant A logical subset of a tenant that group together selected policies, dataaccess (that is, file-system or Web-service namespaces), and reportingcapabilities. When the SysAdmin creates a tenant, the systemautomatically creates one corresponding subtenant (which isidentical to the tenant). SysAdmins can choose to create additionalsubtenants within each tenant.

TTB Terabyte, 1012 bytes.

tenant A conceptual subset of the storage resources within an Atmos system.Associated with a tenant are specific storage resources, securitycontrol, storage policies, and access to the data stored on that tenant'sresources. Each tenant has a name that is unique system-wide.

Tenant Admin A role within a specific tenant, assigned to one or more users.TenantAdmins control the storage resources, security and storagepolicies, and data usage of the tenant to which they are assigned. Agiven user can be a TenantAdmin for multiple tenants.TenantAdmins are unaware of system resources other than thosedefined for their tenant, nor any ability to access those resources.

Uuser data One of two components of an object, along with metadata.


Glossary

Wweb services client A flexible Web-services client interface allows direct access to the

object API over SOAP or REST. This enables customers to implementa solution without needing to understand the underlyingimplementation. Using the Atmos Web-services interface allowscustomers to quickly integrate Atmos with existing applications that,like Atmos, have a service-oriented architecture.


132

Glossary


Index

Numerics10892.mib 99

Aaccess nodes 55, 110Active Directory 55, 113ADS 117alerts 24, 94Atmos file system 55, 110authentication

adding and deleting users 13external 12failover 13internal 12servers 13source 20

BBALANCED object storage 80beacon on/off 34

CCertificate Authority 40, 57certificates 40checksum 80CIFS 55, 110Cloud Federations 38community name 96compression 80CompressionDedup 81

Ddashboard

security 16subtenant 19system 17tenant 18

data transformations 80dcstorag.mib 99deduplication 80default policy specification 74default policy, tenant 45deletion period 83Dell OpenManage 99

Eemail

configuring alerts for an RMG 94OpenManage hardware traps 99SysAdmin 22

Erasure Code 81exceptional objects 98external authentication 12

Ffailover, authentication 13federation 37, 38, 82file system 55, 110

GGeoProtect 127GREEN object storage 80


134

Index

HHTTP daemon 122

Iinitial master node 24installation segment 24, 32internal authentication 12Internet Explorer 14IPMI 32

LLDAP

server 21logs

collect system log 34collecting logs 107disk space consumption 107log package 108

Mmaintenance mode 34managing policies 72master node 24MDS remote replication 41metadata

location 76overview 72system 85user 85

MIB access 96Monitor Target 91

Nnamespace 45, 62network management station 96NFS 55, 110nodes

access node 55CIFS access 110discovering new nodes 32information 32installing 32master 32NFS access 110

Node List 32reinstall 34restarting 34slave 32tenants 55

notifications 96NTP server 37, 110

Oobject storage

BALANCED 80FAST 80GREEN 80OPTIMAL 80

ON_CREATE 86ON_SMD_UPDATE 86ON_UMD_UPDATE 86

Pperformance data 121PKCS12 58PKCS7 58placement strategies 80policy

default policy specification 74defining policies 73defining policy selector 84definition 72deletion period 83Erasure Code 81federate 82management 72Manager 72match operators 86metadata 75overview 72reordering 87replicas 78retention period 83selector 73specification 73striping 81triggers 86XQuery expressions 86

private network 25public-key certificate 58


Index

Rremote replication (MDS) 41Replacement Failed error 25replicas 78Reporting Framework 91reports 106REST interface 39, 57restarting nodes 34retention period 83RMG

adding nodes 31definition 25new 24

rolesSecurityAdmin 12SubtenantAdmin 12SysAdmin 12TenantAdmin 12

SSamba 113Secure Sockets Layer 39security dashboard 16SecurityAdmin

login credentials 15login page 15password 20

segment 24server attributes 80service status 25Shared Secret 66shutdown command 34slave node 32, 34SMTP 95SNMP

agent 96community name 96configure for RMG 96configure system-wide 96daemon 95, 99email contact 104enabling traps 102standard MIBs 99traps 96

SOAP interface 39, 57software serial number 36, 105

SSL certificates 40, 57statistics 123striping 81SubtenantAdmin 13

email address 68login credentials 15login page 15password 68

subtenantsauthentication source 62creating 62dashboard 19definition 13list 62namespace 62renaming 64root directory 62SubtenantAdmin role 66

SYR, see system reporting 90, 104SysAdmin 12

deleting a TenantAdmin 54login credentials 15login page 15password 15

system dashboard 17system log 34system reporting

Atmos configuration 36configuring 104database 90, 104reports 106

Ttenant dashboard 18TenantAdmin 12

creating a SubtenantAdmin 66deleting a SubtenantAdmin 69email address 52login credentials 15login page 15password 51Update My Information 53

tenantsauthentication source 46creating 45default policy 45

135EMC Atmos Version 1.3.2 Administrator’s Guide

136

Index

default policy specification 74default subtenant 64LDAP configuration 47list 44namespace 45nodes 55renaming 49root directory 45TenantAdmin role 50

trapsMAUI_MGMTDB_OID 98MauiAppServiceCrash 97MauiAppServiceMemory 98MauiAppServiceRestart 97MauiDAEBackplane 97MauiDAECriticalEvent 98MauiDAEDiskFailure 97MauiDAEEnclosureFail 97MauiDAEFanOperation 97MauiDAETempThreshold 97MauiNodeCPU 97MauiNodeDown 96MauiNodeFileSystem 97MauiNodeIntfCarrier 97MauiNodeMemory 97MauiNodeSwap 97MauiNodeTempThreshold 97MauiRmgDown 98MauiSegmentDown 98MauiTrapGeneric 96MauiTrapPolicySyncFail 98NUM_EXCEPTION_RECS_OID 98overview 96RECOVER_DISK_OID 98

UUID 66

VVMware 25

XXQuery expressions 86


Documents

EMC Atmos Administrator’s Guide...EMC Corporation Corporate Headquarters: Hopkinton, MA 01748-9103 1-508-435-1000 EMC® Atmos Version 1.3.2 Administrator’s Guide REV A01 EMC Atmos