Symantec™ FileStore Command-Line Administrator's Guide · 2011-09-27 · Using DAR without Symantec Enterprise Vault ..... 134 Configuring data archive and retention ..... 135 About

Symantec™ FileStoreCommand-LineAdministrator's Guide

5.7

Symantec FileStore Command-Line Administrator’sGuide

The software described in this book is furnished under a license agreement and may be usedonly in accordance with the terms of the agreement.

Product version: 5.7

Document version: 5.7.0

Legal NoticeCopyright © 2011 Symantec Corporation. All rights reserved.

Symantec, the Symantec logo, Veritas, Veritas Storage Foundation, CommandCentral,NetBackup, Enterprise Vault, and LiveUpdate are trademarks or registered trademarks ofSymantec corporation or its affiliates in the U.S. and other countries. Other names may betrademarks of their respective owners.

This Symantec product may contain third party software for which Symantec is requiredto provide attribution to the third party (“Third Party Programs”). Some of the Third PartyPrograms are available under open source or free software licenses. The License Agreementaccompanying the Software does not alter any rights or obligations you may have underthose open source or free software licenses. See the Third-party Legal Notices documentfor this product, which is available online or included in the base release media.

The product described in this document is distributed under licenses restricting its use,copying, distribution, and decompilation/reverse engineering. No part of this documentmay be reproduced in any form by any means without prior written authorization ofSymantec Corporation and its licensors, if any.

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS,REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OFMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT,ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TOBE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTALOR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING,PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINEDIN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

The Licensed Software and Documentation are deemed to be commercial computer softwareas defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19"Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights inCommercial Computer Software or Commercial Computer Software Documentation", asapplicable, and any successor regulations. Any use, modification, reproduction release,performance, display or disclosure of the Licensed Software and Documentation by the U.S.Government shall be solely in accordance with the terms of this Agreement.

Symantec Corporation350 Ellis StreetMountain View, CA 94043

http://www.symantec.com

http://www.symantec.com

Technical SupportSymantec Technical Support maintains support centers globally. TechnicalSupport’s primary role is to respond to specific queries about product featuresand functionality. The Technical Support group also creates content for our onlineKnowledge Base. The Technical Support group works collaboratively with theother functional areas within Symantec to answer your questions in a timelyfashion. For example, the Technical Support group works with Product Engineeringand Symantec Security Response to provide alerting services and virus definitionupdates.

Symantec’s support offerings include the following:

■ A range of support options that give you the flexibility to select the rightamount of service for any size organization

■ Telephone and/or Web-based support that provides rapid response andup-to-the-minute information

■ Upgrade assurance that delivers software upgrades

■ Global support purchased on a regional business hours or 24 hours a day, 7days a week basis

■ Premium service offerings that include Account Management Services

For information about Symantec’s support offerings, you can visit our Web siteat the following URL:

www.symantec.com/business/support/index.jsp

All support services will be delivered in accordance with your support agreementand the then-current enterprise technical support policy.

Contacting Technical SupportCustomers with a current support agreement may access Technical Supportinformation at the following URL:

www.symantec.com/business/support/contact_techsupp_static.jsp

Before contacting Technical Support, make sure you have satisfied the systemrequirements that are listed in your product documentation. Also, you should beat the computer on which the problem occurred, in case it is necessary to replicatethe problem.

When you contact Technical Support, please have the following informationavailable:

■ Product release level

http://www.symantec.com/business/support/index.jsp

http://www.symantec.com/business/support/contact_techsupp_static.jsp

■ Hardware information

■ Available memory, disk space, and NIC information

■ Operating system

■ Version and patch level

■ Network topology

■ Router, gateway, and IP address information

■ Problem description:

■ Error messages and log files

■ Troubleshooting that was performed before contacting Symantec

■ Recent software configuration changes and network changes

Licensing and registrationIf your Symantec product requires registration or a license key, access our technicalsupport Web page at the following URL:

www.symantec.com/business/support/

Customer serviceCustomer service information is available at the following URL:

www.symantec.com/business/support/

Customer Service is available to assist with non-technical questions, such as thefollowing types of issues:

■ Questions regarding product licensing or serialization

■ Product registration updates, such as address or name changes

■ General product information (features, language availability, local dealers)

■ Latest information about product updates and upgrades

■ Information about upgrade assurance and support contracts

■ Information about the Symantec Buying Programs

■ Advice about Symantec's technical support options

■ Nontechnical presales questions

■ Issues that are related to CD-ROMs or manuals

http://www.symantec.com/business/support/

http://www.symantec.com/business/support/

Support agreement resourcesIf you want to contact Symantec regarding an existing support agreement, pleasecontact the support agreement administration team for your region as follows:

[email protected] and Japan

[email protected], Middle-East, and Africa

[email protected] America and Latin America

DocumentationYour feedback on product documentation is important to us. Send suggestionsfor improvements and reports on errors or omissions. Include the title anddocument version (located on the second page), and chapter and section titles ofthe text on which you are reporting. Send feedback to:

[email protected]

About Symantec ConnectSymantec Connect is the peer-to-peer technical community site for Symantec’senterprise customers. Participants can connect and share information with otherproduct users, including creating forum posts, articles, videos, downloads, blogsand suggesting ideas, as well as interact with Symantec product teams andTechnical Support. Content is rated by the community, and members receivereward points for their contributions.

http://www.symantec.com/connect/storage-management

mailto:[email protected]




http://www.symantec.com/connect/storage-management

Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Chapter 1 Introducing Symantec FileStore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

About FileStore ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19About FileStore features ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Simple installation .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Active/Active Scalable NFS .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Active/Active CIFS .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21NFS Lock Management (NLM) .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Administration .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Storage tiering .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22High-performance data replication .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Integrated content scanning using Symantec AntiVirus for

FileStore ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22About the core strengths of FileStore ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23FileStore key benefits and other applications .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

High performance scaling and seamless growth .... . . . . . . . . . . . . . . . . . . . . . . . 24High availability ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Consolidating and reducing costs of storage .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Enabling scale-out compute clusters and heterogeneous sharing

of data ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26FileStore on the Web .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Using the FileStore product documentation .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Chapter 2 Creating users based on roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

About user roles and privileges ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29About the naming requirements for adding new users ... . . . . . . . . . . . . . . . . . . . . . 30About using the FileStore command-line interface ... . . . . . . . . . . . . . . . . . . . . . . . . . . 31Logging in to the FileStore CLI ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31About accessing the online man pages ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39About creating Master, System Administrator, and Storage

Administrator users ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Creating Master, System Administrator, and Storage Administrator

users ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41About the support user ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Contents

Configuring the support user account ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45Displaying the command history .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Chapter 3 Displaying and adding nodes to a cluster . . . . . . . . . . . . . . . . . . . . . . 49

About the cluster commands .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49About FileStore installation states and conditions .... . . . . . . . . . . . . . . . . . . . . . . . . . . 50Displaying the nodes in the cluster ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52About including new nodes on the cluster ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54Installing FileStore software on additional nodes ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55Adding a node to the cluster ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56Adding a non-preconfigured node .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57Deleting a node from the cluster ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58Shutting down the cluster nodes ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60Rebooting the nodes in the cluster ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

Chapter 4 Configuring storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

About storage provisioning and management ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64About configuring disks ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66Configuring disks ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67About configuring storage pools ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69Configuring storage pools ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72About performing local replication initialization .... . . . . . . . . . . . . . . . . . . . . . . . . . . . 75Detaching one or more pools from the FileStore cluster as a detached

pool set ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76Displaying detached pools ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77Attaching a replication storage pool to a FileStore cluster ... . . . . . . . . . . . . . . . . . 77About displaying information for all disk devices ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78Displaying information for all disk devices associated with nodes in

a cluster ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79Increasing the storage capacity of a LUN .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82Formatting/reinitializing a disk .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83Removing a disk .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83Displaying WWN information .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84Initiating FileStore host discovery of LUNs .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86Importing pools forcefully ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86About I/O fencing .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86Configuring I/O fencing .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89About quotas for file systems .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92Using quota commands for enabling, disabling, and displaying file

system quotas ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94Using quota commands for setting and displaying file system

quotas ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

Contents8

Setting user quotas for users of specified groups .... . . . . . . . . . . . . . . . . . . . . . . . . . . 103About quotas for CIFS home directories ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105Using quotas for CIFS home directories ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108Displaying the quota values for CIFS home directories ... . . . . . . . . . . . . . . . . . . . 115About iSCSI ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

Configuring the iSCSI initiator ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119Configuring the iSCSI initiator name .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120Configuring the iSCSI device ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120Configuring discovery on iSCSI ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

About configuring the iSCSI targets ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125Configuring the iSCSI targets ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127About data archive and retention (DAR) ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130How DAR interacts with other FileStore applications .... . . . . . . . . . . . . . . . . . . . . 132Using DAR without Symantec Enterprise Vault ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134Configuring data archive and retention .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135About data deduplication .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

About best practices for using the FileStore deduplicationfeature ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

Configuring file system deduplication .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

Chapter 5 Configuring Symantec FileStore networksettings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157

About network mode commands .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158Displaying the network configuration and statistics ... . . . . . . . . . . . . . . . . . . . . . . . 159About bonding Ethernet interfaces ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160Bonding Ethernet interfaces ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161About DNS .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163Configuring DNS settings ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165About IP commands .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167About configuring IP addresses ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167Configuring IP addresses ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169About configuring Ethernet interfaces ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173Displaying current Ethernet interfaces and states ... . . . . . . . . . . . . . . . . . . . . . . . . . 174Configuring Ethernet interfaces ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175About configuring routing tables ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176Configuring routing tables ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178About LDAP .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181Before configuring LDAP settings ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181About configuring LDAP server settings ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182Configuring LDAP server settings ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184About administering FileStore cluster's LDAP client ... . . . . . . . . . . . . . . . . . . . . . . 188Administering the FileStore cluster's LDAP client ... . . . . . . . . . . . . . . . . . . . . . . . . . 189

9Contents

About NIS .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190Configuring the NIS-related commands .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191About NSS .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193Configuring NSS lookup order ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194About VLAN interfaces ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195Configuring VLAN interfaces ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196

Chapter 6 Configuring your NFS server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199

About NFS server commands .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199Accessing the NFS server ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200Displaying NFS statistics ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202Displaying file systems and snapshots that can be exported .... . . . . . . . . . . . 203

Chapter 7 Creating and maintaining NFS shares . . . . . . . . . . . . . . . . . . . . . . . . . 205

About NFS file sharing .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205Displaying exported directories ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206Adding an NFS share .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207Sharing directories using CIFS and NFS protocols ... . . . . . . . . . . . . . . . . . . . . . . . . . 211Exporting an NFS snapshot ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214Unexporting a directory or deleting NFS options .... . . . . . . . . . . . . . . . . . . . . . . . . . . 214

Chapter 8 Creating and maintaining file systems . . . . . . . . . . . . . . . . . . . . . . . . 217

About creating and maintaining file systems .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218Listing all file systems and associated information .... . . . . . . . . . . . . . . . . . . . . . . . 222About creating file systems .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226Creating a file system .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227Adding or removing a mirror from a file system .... . . . . . . . . . . . . . . . . . . . . . . . . . . . 230Adding or removing a column from a file system .... . . . . . . . . . . . . . . . . . . . . . . . . . . 232Checking and resynchronizing stale mirrors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233Configuring FastResync for a file system .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235Disabling the FastResync option for a file system .... . . . . . . . . . . . . . . . . . . . . . . . . . 236Increasing the size of a file system .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237Decreasing the size of a file system .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239Checking and repairing a file system .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240Changing the status of a file system .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243Defragmenting a file system .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245Destroying a file system .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246About snapshots ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246

Creating snapshots ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248Displaying snapshots ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249Configuring snapshots ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250

Contents10

About snapshot schedules ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252Creating snapshot schedules ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254Displaying snapshot schedules ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256Configuring snapshot schedules ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256

About instant rollbacks ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258Creating a FileStore space-optimized rollback .... . . . . . . . . . . . . . . . . . . . . . . . . 260Creating a full-sized rollback .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261Listing FileStore instant rollbacks ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262Restoring a file system from an instant rollback .... . . . . . . . . . . . . . . . . . . . . . 262Refreshing an instant rollback from a file system .... . . . . . . . . . . . . . . . . . . . 263Making an instant rollback go online .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264Making an instant rollback go offline ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264Destroying an instant rollback .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265Creating a shared cache object for a FileStore instant

rollback .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265Listing cache objects ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267Destroying a cache object of a FileStore instant rollback .... . . . . . . . . . . 269

About setting up file system alerts for file system usage .... . . . . . . . . . . . . . . . . 269Setting file system alerts ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269Unsetting file system alerts ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271Displaying file system alerts ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271

About the Partition Secure Notification (PSN) feature ... . . . . . . . . . . . . . . . . . . . . 272Enabling the Partition Secure Notification (PSN) feature ... . . . . . . . . . . 273Disabling the Partition Secure Notification (PSN) feature ... . . . . . . . . . . 273Listing the online file systems that have the Partition Secure

Notification (PSN) feature enabled .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274Upgrading a file system to the current layout for running

deduplication .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274

Chapter 9 Using Symantec FileStore as a CIFS server . . . . . . . . . . . . . . . . . . 279

About configuring FileStore for CIFS .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280About configuring CIFS for standalone mode .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282Configuring CIFS server status for standalone mode .... . . . . . . . . . . . . . . . . . . . . . 284About configuring CIFS for NT domain mode .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287Configuring CIFS for the NT domain mode .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289About leaving an NT domain .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292Changing NT domain settings ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292Changing security settings ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294Changing security settings after the CIFS server is stopped .... . . . . . . . . . . . . 294About Active Directory (AD) ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294

Configuring entries for NTP for authenticating to ActiveDirectory (AD) ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295

11Contents

Configuring entries for FileStore DNS for authenticating to ActiveDirectory (AD) ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295

Joining FileStore to Active Directory (AD) ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298Verifying that FileStore has joined Active Directory (AD)

successfully ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300Using the Active Directory CLI wizard for configuring Active

Directory .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300About configuring CIFS for Active Directory (AD) domain mode .... . . . . . . 300

Configuring CIFS for the AD domain mode .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302Using multi-domain controller support in CIFS .... . . . . . . . . . . . . . . . . . . . . . . 305About leaving an AD domain .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305Changing domain settings for AD domain mode .... . . . . . . . . . . . . . . . . . . . . . 306Removing the AD interface ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309

About setting NTLM ..... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309Setting NTLM ..... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311About setting trusted domains .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312

Allowing trusted domains access to CIFS when setting an LDAPIDMAP backend to rid ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312

Allowing trusted domains access to CIFS when setting an LDAPIDMAP backend to ldap .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313

Allowing trusted domains access to CIF when setting an LDAPIDMAP backend to hash .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314

About configuring Windows Active Directory as an LDAP IDMAPbackend for FileStore for CIFS .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315

Configuring the Active Directory schema with CIFS-schemaextensions .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316

Configuring LDAP as an IDMAP backend using the FileStoreCLI ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321

Configuring the CIFS server with the LDAP backend .... . . . . . . . . . . . . . . . 321Setting Active Directory trusted domains .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322

About storing account information .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323Storing user and group accounts ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325About reconfiguring the CIFS service ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326Reconfiguring the CIFS service ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327About managing CIFS shares ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329

About the CIFS export options .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331Setting share properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333Hiding system files when adding or modifying a CIFS normal

share ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334Displaying CIFS share properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336Allowing specified users and groups access to the CIFS

share ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337

Contents12

Denying specified users and groups access to the CIFSshare ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338

Modifying an existing CIFS share ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339Modifying an existing CIFS share with different CIFS

options .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340Exporting a CIFS snapshot ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340Deleting a CIFS share ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341

Sharing file systems using CIFS and NFS protocols ... . . . . . . . . . . . . . . . . . . . . . . . . 342About mapping user names for CIFS/NFS sharing .... . . . . . . . . . . . . . . . . . . . . . . . . 345About load balancing for the normal clustering mode .... . . . . . . . . . . . . . . . . . . . . 346About load balancing for the ctdb clustering mode .... . . . . . . . . . . . . . . . . . . . . . . . 347About managing home directories ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347

Setting the home directory file systems .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348Setting up home directories ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350Displaying home directory usage information .... . . . . . . . . . . . . . . . . . . . . . . . . 352Deleting home directories and disabling creation of home

directories ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353About ctdb clustering modes .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354Exporting a directory as a CIFS share ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355Exporting the same file system/directory as a different CIFS

share ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357About switching the clustering mode .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358

Switching from normal to ctdb clustering mode .... . . . . . . . . . . . . . . . . . . . . . 358Switching from ctdb to normal clustering mode .... . . . . . . . . . . . . . . . . . . . . . 361

About migrating CIFS shares and home directories ... . . . . . . . . . . . . . . . . . . . . . . . . 362Migrating CIFS shares and home directories from normal to ctdb

clustering mode .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364Migrating CIFS shares and home directories from ctdb to normal

clustering mode .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366Setting the aio_fork option .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369Setting the netbios aliases for the CIFS server ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370About managing local users and groups .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371

Creating a local CIFS user ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372About configuring local groups .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374Configuring a local group .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375

Enabling CIFS data migration .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376

Chapter 10 Configuring your FTP server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377

About FTP .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377Displaying FTP server settings ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379About FTP server commands .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379Using the FTP server commands .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380

13Contents

About FTP set commands .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381Using the FTP set commands .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385Implementing all of the FTP> set command changes ... . . . . . . . . . . . . . . . . . . . . . 390About FTP session commands .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391Using the FTP session commands .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392Using the FTP logupload command .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394About FTP local user commands .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394Using the FTP local user commands .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396About FTP local user set commands .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397Using the FTP local user set commands .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399

Chapter 11 Configuring your HTTP server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405

About configuring your HTTP server for accessing FileStoredata ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405

About using the HTTP server commands .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406Starting the HTTP server ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406Stopping the HTTP server ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407Displaying the status for the HTTP server ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407

About HTTP set commands .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407Displaying the current HTTP sessions on each node .... . . . . . . . . . . . . . . . 409Setting the minimum number of idle threads for handling request

spikes ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409Setting the maximum number of idle threads for handling request

spikes ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409Setting the maximum number of threads to be created .... . . . . . . . . . . . . 410Setting the initial number of server threads .... . . . . . . . . . . . . . . . . . . . . . . . . . . 410Setting the maximum number of threads in each server

process ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410Displaying the list of all configurable HTTP options and their

values ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 411About HTTP alias commands .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 411

Adding a mapping from a virtualPath to a realPath .... . . . . . . . . . . . . . . . . . 412Deleting a mapping that is visible to clients as a virtualPath .... . . . . . 413Displaying all the aliases configured on the server ... . . . . . . . . . . . . . . . . . . . 413

About HTTP document root mapping commands .... . . . . . . . . . . . . . . . . . . . . . . . . . . 413Setting the root directory for the HTTP server ... . . . . . . . . . . . . . . . . . . . . . . . . 414Displaying the current root directory for the HTTP server ... . . . . . . . . 415Clearing the root directory setting for the HTTP server ... . . . . . . . . . . . . 415

Chapter 12 Configuring event notifications and audit logs . . . . . . . . . . . 417

About configuring event notifications and audit logs ... . . . . . . . . . . . . . . . . . . . . . 418About severity levels and filters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419

Contents14

About email groups .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419Configuring an email group .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421About syslog event logging .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426Configuring a syslog server ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 427Displaying events on the console ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 429About SNMP notifications .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 429Configuring an SNMP management server ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 430Configuring events for event reporting .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433Exporting events and audits in syslog format to a given URL .... . . . . . . . . . . 434About audit logs ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434Configuring audit logs ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437Disabling the audit log for a file system .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439

Chapter 13 Configuring backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441

About backup .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 442About NetBackup .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 443About the NetBackup Snapshot Client ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444About NetBackup snapshot methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444About NetBackup instant recovery .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445About Fibre Transport ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445About SAN clients ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445About FT media servers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446About the FT Service Manager ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446About zoning the SAN for Fibre Transport ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446About HBAs for SAN clients and FT media servers ... . . . . . . . . . . . . . . . . . . . . . . . . . 447About supported SAN configurations for SAN Client ... . . . . . . . . . . . . . . . . . . . . . . 448Adding a NetBackup master server to work with FileStore ... . . . . . . . . . . . . . . 449Configuring or changing the virtual IP address used by NetBackup

and NDMP data server installation .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 450Configuring the virtual name of NetBackup .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451About the Network Data Management Protocol ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452

About NDMP supported configurations .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453About the NDMP policies ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 455Configuring the NDMP policies ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456Displaying all NDMP policies ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461About retrieving the NDMP data .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462Retrieving the NDMP data .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463Restoring the default NDMP policies ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465

About backup configurations .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466Configuring backup .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467Configuring backups using NetBackup or other third-party backup

applications .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469

15Contents

Chapter 14 Configuring Symantec FileStore Dynamic StorageTiering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471

About FileStore Dynamic Storage Tiering (DST) ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472How FileStore uses Dynamic Storage Tiering .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475About policies ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476Adding or removing a column from a secondary tier of a file

system .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476About adding tiers to file systems .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477Adding tiers to a file system .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 478Removing a tier from a file system .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480About configuring a mirror on the tier of a file system .... . . . . . . . . . . . . . . . . . . 480Configuring a mirror to a tier of a file system .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 481Listing all of the files on the specified tier ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 482Displaying a list of Dynamic Storage Tiering file systems .... . . . . . . . . . . . . . . . 483Displaying the tier location of a specified file ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 484About configuring the policy of each tiered file system .... . . . . . . . . . . . . . . . . . . 484Configuring the policy of each tiered file system .... . . . . . . . . . . . . . . . . . . . . . . . . . . 486Relocating a file or directory of a tiered file system .... . . . . . . . . . . . . . . . . . . . . . . . 490About configuring schedules for all tiered file systems .... . . . . . . . . . . . . . . . . . . 490Configuring schedules for all tiered file systems .... . . . . . . . . . . . . . . . . . . . . . . . . . . . 491Displaying the files that are moved or pruned by running a

policy ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 493Allowing metadata information on the file system to be written on

the secondary tier ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494Restricting metadata information to the primary tier only ... . . . . . . . . . . . . . . 495

Chapter 15 Configuring system information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 497

About system commands .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 498About setting the clock commands .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 499Setting the clock commands .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 500About configuring the locally saved configuration files ... . . . . . . . . . . . . . . . . . . 502Configuring the locally saved configuration files ... . . . . . . . . . . . . . . . . . . . . . . . . . . . 505Using the more command .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507About coordinating cluster nodes to work with NTP servers ... . . . . . . . . . . . . 508Coordinating cluster nodes to work with NTP servers ... . . . . . . . . . . . . . . . . . . . . . 509Displaying the system statistics ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511Displaying file system I/O statistics ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512Using the swap command .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512About the VMware Virtual Center plug-in ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514Using the vplugin commands .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 516About the option commands .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 518Using the option commands .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 521

Contents16

Modifying and displaying the volpagemod_max_memsz parameterof vxtune .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 526

Chapter 16 Using the VMware vSphere extension for SymantecFileStore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 529

About the VMware vSphere extension for FileStore ... . . . . . . . . . . . . . . . . . . . . . . . 530How the VMware vSphere extension for FileStore interacts with other

FileStore applications .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 531Useful links from VMware on NFS support and customization while

cloning virtual machines ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 531Adding storage to ESX servers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 532Creating a virtual machine .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 533Creating virtual machine clones using Symantec FileSnap .... . . . . . . . . . . . . . 533Specifying the number of virtual machine clones to be created .... . . . . . . . 535Specifying where to create the virtual machine clones ... . . . . . . . . . . . . . . . . . . . . 535Specifying the guest operating system if customizing for Linux or

Windows .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 536Specifying network customization parameters for guest operating

systems if using DHCP or Static IP .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 538Configuring the VMware View .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 539Verifying the virtual machine clones ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 541

Chapter 17 Configuring disaster recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 543

About disaster recovery .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 543About DNS update ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 543About the DNS update set command .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 545Configuring the DNS update service ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 546Starting and stopping the DNS update service ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 549Displaying DNS update settings ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 550

Chapter 18 Upgrading Symantec FileStore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 551

About upgrading patches ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 551Displaying the current version of FileStore ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 553About installing patches ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 554About types of patches ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 554Installing patches ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 556Uninstalling patches ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 556Synchronizing software upgrades on a node .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 556

17Contents

Chapter 19 Using Symantec AntiVirus for FileStore . . . . . . . . . . . . . . . . . . . . . . . 559

About Symantec AntiVirus for FileStore ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 560About Symantec AntiVirus for FileStore licensing .... . . . . . . . . . . . . . . . . . . . . . . . . 561About Symantec AntiVirus for FileStore commands .... . . . . . . . . . . . . . . . . . . . . . . 561Displaying Symantec AntiVirus for FileStore configurations .... . . . . . . . . . . 562About configuring Symantec AntiVirus for FileStore on all the nodes

in the cluster ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 563Configuring Symantec AntiVirus for FileStore on the cluster's

nodes ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 564About configuring Auto-Protect on FileStore file systems .... . . . . . . . . . . . . . . 565Configuring Auto-Protect on FileStore file systems .... . . . . . . . . . . . . . . . . . . . . . . . 566About excluding file extensions .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 566Configuring file extensions for the Symantec AntiVirus for FileStore

configuration file ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 567About Symantec AntiVirus for FileStore LiveUpdate ... . . . . . . . . . . . . . . . . . . . . . . 568Using Symantec AntiVirus for FileStore with LiveUpdate ... . . . . . . . . . . . . . . . 570About using Symantec AntiVirus for FileStore quarantine

commands .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 574Using Symantec AntiVirus for FileStore quarantine commands .... . . . . . . 575Setting the Symantec AntiVirus for FileStore action policy ... . . . . . . . . . . . . . 577About using Symantec AntiVirus for FileStore manual scan

commands .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 578Using Symantec AntiVirus for FileStore manual scan

commands .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 579About scheduling a Symantec AntiVirus for FileStore scan job .... . . . . . . . . 580Scheduling a Symantec AntiVirus for FileStore scan job .... . . . . . . . . . . . . . . . . 582

Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 587

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 591

Contents18

Introducing SymantecFileStore

This chapter includes the following topics:

■ About FileStore

■ About FileStore features

■ About the core strengths of FileStore

■ FileStore key benefits and other applications

■ FileStore on the Web

■ Using the FileStore product documentation

About FileStoreFileStore was formerly known as Storage Foundation Scalable File Server.

FileStore is a highly-scalable and highly-available clustered Network AttachedStorage (NAS) software appliance. Based on Storage Foundation Cluster FileSystem technology, FileStore is a complete solution for multi-protocol file serving.FileStore provides an open storage gateway model, including a highly- availableand scalable Network File System (NFS), CIFS, and FTP file serving platform andan easy-to-use administrative interface.

The product includes the following key features:

■ Backup operations using both NDMP and/or the built-in NetBackup client

■ Active/Active CIFS, including integration with Active Directory operations

■ Simple administration through a single GUI and/or CLI interface

1Chapter

■ Active/Active shared data NFS sharing including shared read/write andLDAP/NIS support

■ Simple administration of Fibre Channel Host Bus Adapters (HBAs), file systems,disks, snapshots, and Dynamic Storage Tiering

■ SNMP, syslog, and email notification

■ High-speed asynchronous/episode-based replication for content distributionand data mining

■ Multi-protocol sharing of file systems in a highly-scalable and highly-availablemanner

■ Support for single-node FileStore clusters

■ Create a snapshot schedule that stores the values by minutes, hour,day-of-the-month, month, and day-of-the-week along with the name of thefile system

■ Seamless upgrade and patch management

■ Support information

■ Online man pages

The components of FileStore include a security-hardened, custom-install SUSELinux Enterprise Server (SLES) 11 SP1 operating system, core Storage Foundationservices including Cluster File System, and the FileStore software platform. Thesecomponents are provided on multiple DVDs or a DVD ISO image.

About FileStore featuresFileStore is designed to provide a full-suite of NAS features, in addition toclass-leading performance and scalability. A partial list of these features isdiscussed in the following sections.

Simple installationA single node in the cluster is booted from a DVD containing the operating systemimage, core Storage Foundation, and FileStore modules. While the node boots,the other nodes are defined using IP addresses.

After you install FileStore and the first node is up and running, the rest of thecluster nodes are automatically installed with all necessary components. The keyservices are then automatically started to allow the cluster to begin discoveringstorage and creating file shares.

Introducing Symantec FileStoreAbout FileStore features

20

Active/Active Scalable NFSWith FileStore, all nodes in the cluster can serve the same NFS shares as bothread and write. This creates very high aggregated throughput rates, because youcan use sum of the bandwidth of all nodes. Cache-coherency is maintainedthroughout the cluster.

Active/Active CIFSCIFS is active on all nodes within the FileStore cluster. The specific shares areread/write on the node they reside on, but can failover to any other node in thecluster. FileStore supports CIFS home directory shares.

NFS Lock Management (NLM)The NFS Lock Management (NLM) module allows a customer to use NFS advisoryclient locking in parallel with core SFCFS global lock management. The moduleconsists of failing over the locks among FileStore nodes as well as forwarding allNFS client lock requests to a single NFS lock master.

The result is that no data corruption occurs if a user or application needs to useNFS client locking with an FileStore cluster.

AdministrationFileStore contains a role-based administration model consisting of the followingkey roles:

■ Storage

■ Master

■ System

These roles are consistent with the operational roles in many data centers.

For each role, the administrator uses a simple menu-driven text interface. Thisinterface provides a single point of administration for the entire cluster. A userlogs in as one of those roles on one of the nodes in the cluster and runs commandsthat perform the same tasks on all nodes in the cluster.

You do not need to have any knowledge of the Veritas Storage Foundationtechnology to install or administer an FileStore cluster. If you are currently familiarwith core SFCFS or Storage Foundation in general, you will be familiar with thebasic management concepts.

21Introducing Symantec FileStoreAbout FileStore features

Storage tieringFileStore's built-in Dynamic Storage Tiering (DST) feature can reduce the cost ofstorage by moving data to lower cost storage. FileStore storage tiering alsofacilitates the moving of data between different drive architectures.

Dynamic Storage Tiering lets you do the following:

■ Create each file in its optimal storage tier, based on pre-defined rules andpolicies.

■ Relocate files between storage tiers automatically as optimal storage changes,to take advantage of storage economies.

■ Prune files on secondary tiers automatically as files age and are no longerneeded.

■ Retain original file access paths to minimize operational disruption, forapplications, backup procedures, and other custom scripts.

■ Handle millions of files that are typical in large data centers.

■ Automate these features quickly and accurately.

High-performance data replicationIncluded as a standard feature in the Enterprise Edition of FileStore and optionalon the Standard Edition, FileStore Replication provides for high-performancecontent distribution across multiple clusters. FileStore Replication is asynchronous(sometimes called episodic) and provides for file-based replication between clusters,together with the advantage of being able to only transfer blocks within specificfiles that have changed since the last update. With FileStore Replication, thedestination file system can be on-line for reads, and updates to that destinationcan be as frequent as every fifteen minutes. FileStore Replication is ideal forcontent distribution, or for creating hot-standby replicas of a productionenvironment.

Integrated content scanning using Symantec AntiVirus for FileStoreNew to FileStore is the ability for customers to use Symantec AntiVirus forFileStore. Leveraging content-scanning and anti-virus technology similar to thatfound in the Symantec Endpoint Protection range of products, this feature allowsfor scheduled and real-time (on-demand) scanning of files and other data containedwithin the FileStore cluster. When conducted in real-time, this content-scanningcan be used with multiple file access protocols, including CIFS, NFS, FTP, andHTTP. Files can be automatically quarantined and regular virus definition updatescan be obtained by way of the standard Symantec LiveUpdate service.

Introducing Symantec FileStoreAbout FileStore features

22

About the core strengths of FileStoreFileStore leverages all the capabilities and strengths of the Storage Foundationfamily of products.

FileStore contains all the key features of Storage Foundation Cluster File System5.1 SP1PR3 including:

■ Dynamic Multi-Pathing (DMP)

■ Cluster Volume Manager

■ Cluster File System (CFS)

■ Veritas Cluster Server (VCS)

■ Dynamic Storage Tiering (DST)

■ I/O Fencing

DMP provides load balancing policies and tight integration with array vendors toprovide in-depth failure detection and path failover logic. DMP is compatible withmore hardware than any other similar product, and is a standard componentwithin the FileStore product.

Cluster Volume Manager provides a cluster-wide consistent virtualization layerthat leverages all the strengths of the underlying Veritas Volume Manager (VxVM)technology including online re-layout and resizing of volumes, and online arraymigrations. You can mirror your FileStore file systems across separate physicalframes to ensure maximum availability on the storage tier. This techniqueseamlessly adds or removes new storage, whether single drives or entire arrays.

Cluster File System complies with the Portable Operating System Interface (POSIX)standard. It also provides full cache consistency and global lock management ata file or sub-file level. CFS lets all nodes in the cluster perform metadata or datatransactions. This allows linear scalability in terms of NFS operations per second.

VCS monitors communication, and failover for all nodes in the cluster and theirassociated critical resources. This includes virtual IP addressing failover for allclient connections regardless of the client protocol.

Dynamic Storage Tiering (DST) dynamically and transparently moves files todifferent storage tiers to respond to changing business needs. DST is used inSymantec FileStore as FileStore Storage Tiering.

I/O fencing further helps to guarantee data integrity in the event of a multiplenetwork failure by using the FileStore storage to ensure that cluster membershipcan be determined correctly. This virtually eliminates the chance of a clustersplit-brain from occurring.

23Introducing Symantec FileStoreAbout the core strengths of FileStore

FileStore key benefits and other applicationsFileStore can be used with any application that requires the sharing of files usingthe NFS v3, CIFS, or FTP protocol. Use-cases such as home directories or decisionsupport applications that require sequential shared access, Web pages, andapplications are all ideal for FileStore. FileStore is also applicable when you wantgeneral purpose, high-throughput scale-out processing for your data, togetherwith enterprise-class highly available cluster functionality.

High performance scaling and seamless growthFileStore lets you scale storage and processing independently and seamlessly,online. Because an application may need to scale either storage or processing, orboth, this capability gives you a lot of flexibility.

FileStore automates the installation of new nodes into the running cluster,configures those nodes, and adds the nodes' capacity into the processing tier.FileStore can scale from 1 to 16 nodes with near linear performance scaling. Youcan add processing one node at a time, rather than buying a large, expensiveindependent appliance.

A storage administrator can configure a new array or even add new LUNs froman existing array into the FileStore cluster. FileStore can then scan the storage,automatically see the new LUNs and place them under FileStore control for usein the cluster. All of this is performed online.

At the storage end, resizing of existing file systems can be performed online withno interruption of service. A simple command is used to both add space to anexisting file system and to also reduce (dynamically shrink) the amount of freespace in a specified file system.

The product provides nearly linear scaling in terms of NFS operations per secondand total I/O throughput.

Figure 1-1 depicts this scaling capability.

Introducing Symantec FileStoreFileStore key benefits and other applications

24

Figure 1-1 Example of near-linear performance scaling with FileStore

When using 16-node clusters, extremely high throughput performance numberscan be obtained. This is due to the benefits of near linear FileStore clusterscalability.

High availabilityFileStore has an “always on" file service that provides zero interruption of fileservices for company critical data.

The loss of single or even multiple nodes does not interrupt I/O operations on theclient tier. This is in contrast to the traditional active/passive failover paradigm.Further, with FileStore's modular N-to-N approach to clustered NAS, any nodecan act as a failover for any other node.

The FileStore architecture provides transparent failover for other key servicessuch as NFS lock state, CIFS and FTP daemons, reporting, logging, andbackup/restore operations. The console service that provides access to thecentralized menu-driven interface is automatically failed over to another node.

The installation service is also highly available and can seamlessly recover fromthe initially installed node failing during the installation of the remaining nodesin the cluster.

The use of Veritas Cluster Server technology and software within FileStore is keyto the ability of FileStore to provide best-of-breed high availability, in addition toclass-leading scale-out performance.

Consolidating and reducing costs of storageThe value of consolidating several independent islands of NAS appliances intofewer, larger shared pools has many cost benefits.

25Introducing Symantec FileStoreFileStore key benefits and other applications

A typical enterprise uses 30-40% of its storage. This low storage utilization rateresults in excessive spending on new storage when there is more than adequatefree space in the data center.

With FileStore, you can group storage assets into fewer, larger shared pools. Thisincreases the use of backend LUNs and overall storage.

FileStore also has built-in, pre-configured heterogeneous storage tiering. Thislets you use different types of storage in a primary and secondary tierconfiguration. Using simple policies, data can be transparently moved from theprimary storage tier to the secondary tier. This is ideal when mixing drive typesand architectures such as high-speed SAS drives with cheaper storage, such asSATA-based drives. Furthermore, data can be stored initially on the secondarytier and then promoted to the primary tier dynamically based on a pattern of I/O.This creates an optimal scenario when you use Solid State Disks (SSDs) becausethere will often be a significant change between the amount of SSD storageavailable, and amount of other storage availability, such as SATA drives. Dataand files that are promoted to the primary tier are transferred back to thesecondary tier in accordance with the configured access time policy.

All of this results in substantially increased efficiency, and it can save you moneybecause you make better use of the storage you already have.

Enabling scale-out compute clusters and heterogeneous sharing ofdata

The trend toward scale-out, or grid computing continues to gain pace. There aresignificant performance and cost advantages of moving applications away fromlarge UNIX Symmetrical Multi-Processing (SMP) or mainframe environments andtowards a farm of commodity computer servers running a distributed application.

One of the key inhibitors to scale-out computing is the requirement to provide ashared storage infrastructure for the compute nodes, and enable you to shareheterogeneously as well as scale up as performance requires. FileStore solves bothof these issues by providing a highly scalable and shared storage platform at thestorage tier and by facilitating heterogeneous sharing on the compute tier.

FileStore can provide the performance and availability you need for a large-scaleNFS compute and storage tier. It provides enough throughput and seamless failoverfor this type of architecture – whether a few dozen compute nodes, or scaling toseveral hundred nodes.

Introducing Symantec FileStoreFileStore key benefits and other applications

26

FileStore on the WebFor comprehensive, up-to-date information about FileStore, visit the SymantecWeb site:

http://www.symantec.com/business/support/overview.jsp?pid=55079

Using the FileStore product documentationFileStore product documentation is available in PDF format on the FileStoreinstallation DVD in the /docs directory:

■ Symantec FileStore Web GUI Administrator’s Guide (sfs_admin_gui.pdf)

■ Symantec FileStore Command-Line Administrator’s Guide (sfs_admin.pdf)

■ Symantec FileStore Installation Guide (sfs_install.pdf)

■ Symantec FileStore Replication Guide (sfs_replication.pdf)

■ Symantec FileStore Troubleshooting Guide (sfs_troubleshoot.pdf)

■ Symantec FileStore Release Notes (sfs_relnotes.pdf)

Find additional information at this location:


27Introducing Symantec FileStoreFileStore on the Web



Introducing Symantec FileStoreUsing the FileStore product documentation

28

Creating users based onroles


■ About user roles and privileges

■ About the naming requirements for adding new users

■ About using the FileStore command-line interface

■ Logging in to the FileStore CLI

■ About accessing the online man pages

■ About creating Master, System Administrator, and Storage Administratorusers

■ Creating Master, System Administrator, and Storage Administrator users

■ About the support user

■ Configuring the support user account

■ Displaying the command history

About user roles and privilegesYour privileges within Symantec FileStore (FileStore) are based on what user role(Master, System Administrator, or Storage Administrator) you have been assigned.

The following table provides an overview of the user roles within FileStore.

2Chapter

Table 2-1 User roles within FileStore

DescriptionUser role

Masters are responsible for adding or deleting users, displaying users,and managing passwords. Only the Masters can add or delete otheradministrators.

Master

System Administrators are responsible for configuring andmaintaining the file system, NFS sharing, networking, clustering,setting the current date/time, and creating reports.

SystemAdministrator

Storage Administrators are responsible for provisioning storage andexporting and reviewing reports.

StorageAdministrator

The Support account is reserved for Technical Support use only, and it cannot becreated by administrators. For more information, see the Symantec FileStoreTroubleshooting Guide.

About the naming requirements for adding newusersThe following table provides the naming requirements for adding new FileStoreusers.

Table 2-2 Naming requirements for adding new users

DescriptionGuideline

Letter or an underscore (_)

Must begin with an alphabetic character and the rest of the stringshould be from the following POSIX portable character set:([A-Za-z_][A-Za-z0-9_-.]*[A-Za-z0-9_-.$]).

Starts with

Can be up to 31 characters. If user names are greater than 31characters, you will receive the error, "Invalid user name."

Length

FileStore CLI commands are case-insensitive (for example, the usercommand is the same as the USER command). However, user-providedvariables are case-sensitive (for example, the username Master1 isnot the same as the username MASTER1).

Case

Hyphens (-) and underscores (_) are allowed.Can contain

Creating users based on rolesAbout the naming requirements for adding new users

30

Table 2-2 Naming requirements for adding new users (continued)

DescriptionGuideline

Valid user names include:

■ Name:

■ a.b

■ a_b

■ ______-

Valid syntax

See “Creating Master, System Administrator, and Storage Administrator users”on page 41.

About using the FileStore command-line interfaceYou can enter FileStore commands on the system console or from any host thatcan access FileStore through a session using Secure Socket Shell (SSH) .

FileStore provides the following features to help you when you enter commandson the command line:

■ Command-line help by typing a command and then a question mark (?)

■ Command-line manual (man) pages by typingmanand the name of the commandyou are trying to find

Table 2-3 Conventions used in the FileStore online command-line man pages

DescriptionSymbol

Indicates you must choose one of elements on either side of the pipe.| (pipe)

Indicates that the element inside the brackets is optional.[ ] (brackets)

Indicates that the element inside the braces is part of a group.{ } (braces)

Indicates a variable for which you need to supply a value. Variablesare indicated in italics in the man pages.

< >

Logging in to the FileStore CLIWhen you first log in to the FileStore CLI, use the default username/password ofmaster/master. After you have logged in successfully, change your password.

31Creating users based on rolesAbout using the FileStore command-line interface

Note: Changing the default password is important for system security. If you donot change the default password, a warning message appears the next time youlog in.


By default, the initial password for any user is the same as the username. Forexample, if you logged in as user1, your default password would also be user1.

To use any of the CLI commands, first log in by using the user role you have beenassigned. Then enter the correct mode. These two steps must be performed beforeyou can use any of the commands.

Note: The End User License Agreement (EULA) is displayed the first time you login to the FileStore CLI.

To log in to the FileStore CLI

1 Log in to FileStore using the appropriate user role, System Admin, StorageAdmin, or Master.

2 Enter the name of the mode you want to enter.

For example, to enter the admin mode, you would enter the following:

admin

You can tell you are in the admin mode because you will see the following:

Admin>

The following tables describe all the available modes, commands associated withthat mode, and what roles to use depending on which operation you are performing.

Table 2-4 Admin mode commands

MasterStorageAdmin

SystemAdmin

Admin mode commands

XXXpasswd

XXXshow

Xsupportuser

Xuser

Creating users based on rolesLogging in to the FileStore CLI

32

Table 2-5 Antivirus mode commands

MasterStorageAdmin

SystemAdmin

Antivirus mode commands

XXautoprotect

XXexcludeextension

XXjob

XXliveupdate

XXquarantine

XXscanaction

XXscan

XXservice

XXshow

Table 2-6 Backup mode commands

MasterStorageAdmin

SystemAdmin

Backup mode commands

XXndmp

XXnetbackup

XXshow

XXstart

XXstatus

XXstop

XXvirtual-ip

XXvirtual-name

Table 2-7 CIFS mode commands

MasterStorageAdmin

SystemAdmin

CIFS mode commands

XXhomedir

33Creating users based on rolesLogging in to the FileStore CLI

Table 2-7 CIFS mode commands (continued)

MasterStorageAdmin

SystemAdmin

CIFS mode commands

XXlocal

XXmapuser

XXserver

XXset

XXshare

XXshow

Table 2-8 Cluster mode commands

MasterStorageAdmin

SystemAdmin

Cluster mode commands

XXadd

XXdelete

XXinstall

XXreboot

XXshow

XXshutdown

Table 2-9 Disaster recovery (DR) mode commands

MasterStorage AdminSystem AdminDisaster recoverymode commands

Xdnsupdate

Table 2-10 FTP mode commands

MasterStorageAdmin

SystemAdmin

FTP mode commands

XXlocal

XXlogupload

XXserver


34

Table 2-10 FTP mode commands (continued)

MasterStorageAdmin

SystemAdmin

FTP mode commands

XXsession

XXset

XXshow

Table 2-11 History mode commands

MasterStorageAdmin

SystemAdmin

History mode commands

XXXhistory

Table 2-12 HTTP mode commands

MasterStorageAdmin

SystemAdmin

HTTP mode commands

XXalias

XXdocumentRoot

XXserver

XXsession

XXset

XXshow

Table 2-13 Network mode commands

MasterStorageAdmin

SystemAdmin

Network mode commands

XXbond

XXdns

XXip

XXldap

XXnis

XXnsswitch


Table 2-13 Network mode commands (continued)

MasterStorageAdmin

SystemAdmin

Network mode commands

XXping

XXshow

XXvlan

Table 2-14 NFS mode commands

MasterStorageAdmin

SystemAdmin

NFS mode commands

XXserver

XXshare

XXshow fs

XXstat

Table 2-15 Replication mode commands

MasterStorageAdmin

SystemAdmin

Replication mode commands

XXconfig

Xexclunit

XXjob

XXrepunit

Xrpo

XXschedule

XXservice

XXset

XXshow


36

Table 2-16 Report mode commands

MasterStorageAdmin

SystemAdmin

Report mode commands

XXaudit

XXemail

XXevent

XXXexportevents

XXXshowevents

XXsnmp

XXsyslog

Table 2-17 Storage mode commands

MasterStorageAdmin

SystemAdmin

Storage mode commands

XXdar

Xdedup

XXXdisk grow

XXXdisk list

XXXdisk format

Xdisk remove

XXfencing

XXfs

XXhba

XXXiscsi

XXXmigrate

XXpool

XXquota

XXrollback


Table 2-17 Storage mode commands (continued)

MasterStorageAdmin

SystemAdmin

Storage mode commands

XXscanbus

XXsnapshot

XXtier

Table 2-18 Support mode commands

MasterStorageAdmin

SystemAdmin

Support mode commands

XXdebuginfo

XXgui

XXiostat

XXlicense

XXpciexclusion

XXservices

XXtethereal

XXtop

XXtraceroute

Table 2-19 System mode commands

MasterStorageAdmin

SystemAdmin

System mode commands

XXclock

XXconfig

XXmore

XXntp

XXoption

XXstat


38

Table 2-19 System mode commands (continued)

MasterStorageAdmin

SystemAdmin

System mode commands

XXswap

Xvplugin

Table 2-20 Upgrade mode commands

MasterStorageAdmin

SystemAdmin

Upgrade mode commands

XXpatch

XXshow

About accessing the online man pagesYou access the online man pages by typing man name_of_command at the commandline.

The example shows the result of entering the Network> man ldap command.

Network> man ldap

NAME

ldap - configure LDAP client for authentication

SYNOPSIS

ldap enable

ldap disable

ldap show [users|groups|netgroups]

ldap set {server|port|basedn|binddn|ssl|rootbinddn|users-basedn|

groups-basedn|netgroups-basedn|password-hash} value

ldap get {server|port|basedn|binddn|ssl|rootbinddn|

users-basedn|groups-basedn|netgroups-basedn|password-hash}

You can also type a question mark (?) at the prompt for a list of all the commandsthat are available for the command mode that you are in. For example, if you arewithin the admin mode, if you type a question mark (?), you will see a list of theavailable commands for the admin mode.

sfs> admin ?

Entering admin mode...

sfs.Admin>

39Creating users based on rolesAbout accessing the online man pages

exit --return to the previous menus

logout --logout of the current CLI session

man --display on-line reference manuals

passwd --change the administrator password

show --show the administrator details

supportuser --enable or disable the support user

user --add or delete an administrator

To exit the command mode, enter the following: exit.

For example:

sfs.Admin> exit

sfs>

To exit the system console, enter the following: logout.

For example:

sfs> logout

About creating Master, System Administrator, andStorage Administrator users

Theadmin> user commands add or delete a user, display user settings, and renamethe password.

Note: By default, the password of the new user is the same as the username.

Creating users based on rolesAbout creating Master, System Administrator, and Storage Administrator users

40

Table 2-21 Creating users

DefinitionCommand

Creates the different levels of administrator. You must have masterprivilege.

A user can be a Master user who has all the permissions, includingadd and deleting users. A Storage Administrator has access to onlystorage commands and is responsible for upgrading the cluster andapplying the patches. A System Administrator is responsible forconfiguring the NFS server and exporting the file system, adding anddeleting new nodes to the cluster, and configuring other networkparameters such as DNS and NIS.

See “Creating Master, System Administrator, and StorageAdministrator users” on page 41.

user add

Creates a password.

Passwords can be any length.

By default, the initial password for any user is the same as theusername. For example, if you logged in as user1, your defaultpassword would also be user1.

You will not be prompted to supply the old password.


passwd

Displays a list of current users, or you can specify a particularusername and display both the username and its associated privilege.


show

Deletes a user.


user delete

CreatingMaster, System Administrator, and StorageAdministrator users

To create the different levels of administrator, you must have master privilege.

Note: When creating a user, you must assign a password.

41Creating users based on rolesCreating Master, System Administrator, and Storage Administrator users

To create a Master user

◆ To create a Master user, enter the following:

Admin> user add username master

For example:

Admin> user add master2 master

Creating Master: master2

Success: User master2 created successfully

Changing password for master2.

New password:

Re-enter new password:

Password changed

To create a System Administrator user

◆ To create a System Administrator user, enter the following:

Admin> user add username system-admin

For example:

Admin> user add systemadmin1 system-admin

Creating System Admin: systemadmin1

Success: User systemadmin1 created successfully

To create a Storage Administrator user

◆ To create a Storage Administrator user, enter the following:

Admin> user add username storage-admin

For example:

Admin> user add storageadmin1 storage-admin

Creating Storage Admin: storageadmin1

Success: User storageadmin1 created successfully

Creating users based on rolesCreating Master, System Administrator, and Storage Administrator users

42

To change a user's password

1 To change the password for the current user, enter the following command:

Admin> passwd

You will be prompted to enter the new password for the current user.

2 To change the password for a user other than the current user, enter thefollowing command:

Admin> passwd [username]

You will be prompted to enter the new password for the user.

To display a list of current users

1 To display the current user, enter the following:

Admin> show [username]

2 To display a list of all the current users, enter the following:

Admin> show

For example:

Admin> show

List of Users

-------------

master

user1

user2

To display the details of the administrator with the username master, enterthe following:

Admin> show master

Username : master

Privileges : Master

Admin>

43Creating users based on rolesCreating Master, System Administrator, and Storage Administrator users

To delete a user from FileStore

1 If you want to display the list of all the current users prior to deleting a user,enter the following:

Admin> show

2 To delete a user from FileStore, enter the following:

Admin> user delete username

For example:

Admin> user delete user1

Deleting User: user1

Success: User user1 deleted successfully

About the support userThe supportuser commands are used to enable, disable, or view the status of thesupport user. Only an administrator logged in asmasterhas the privilege to enable,disable, change the password, or check the status of the support user.

You log into the system console and enter the Admin> mode to access thecommands.

See “About using the FileStore command-line interface” on page 31.

Table 2-22 Support user commands

DefinitionCommand

Enables the support user for the tracing and debugging of any node.The enable command lets the support user login remotely.

See “Configuring the support user account” on page 45.

supportuserenable

Changes the support user password. The password can be changed atany time.


supportuserpassword

Checks the status of the support user (whether it is enabled ordisabled).

Note: You must have master privilege to use this command.


supportuser status

Creating users based on rolesAbout the support user

44

Table 2-22 Support user commands (continued)

DefinitionCommand

Disables the support user without permanently removing it from thesystem. By default, the support user is in disable mode whenFileStore is installed.


supportuserdisable

Configuring the support user accountTo enable the support user account

◆ If you want to enable the support user, enter the following:

Admin> supportuser enable

For example:

Admin> supportuser enable

Enabling support user.

support user enabled.

Please change default password.

Admin>

To change the support user password

◆ If you want to change the support user password, enter the following:

Admin> supportuser password

For example:

Admin> supportuser password

Changing password for support.

New password: Re-enter new password:

Password changed

Admin>

45Creating users based on rolesConfiguring the support user account

To check the support user status

◆ If you want to check the status of the support user, enter the following:

Admin> supportuser status

For example:

Admin> supportuser status

support user status : Enabled

Admin>

To disable the support user account

◆ If you want to disable the support user, enter the following:

Admin> supportuser disable

For example:

Admin> supportuser disable

Disabling support user.

support user disabled.

Admin>

Displaying the command historyThe history command displays the commands that you have executed. You canalso view commands executed by another user.

You must be logged in to the system to view the command history.


Creating users based on rolesDisplaying the command history

46

To display command history

◆ To display the command history, enter the following:

SFS> history [username] [number_of_lines]

Displays the command history for a particular user.username

Displays the number of lines of history you want to view.number_of_lines

For example:

SFS> history master 7

Username : master

Privileges : Master

Time Status Message Command

02-12-2009 11:09 Success NFS> server status (server status)

02-12-2009 11:10 Success NFS> server start (server start )

02-12-2009 11:19 Success NFS> server stop (server stop )

02-12-2009 11:28 Success NFS> fs show (show fs )

02-12-2009 15:00 SUCCESS Disk list stats completed (disk list )

02-12-2009 15:31 Success Network shows success (show )

02-12-2009 15:49 Success Network shows success (show )

SFS>

The information displayed from using the history command is:

Displays the time stamp as MM-DD-YYYY HH:MMTime

Displays the status of the command as Success, Error, or Warning.Status

Displays the command description.Message

Displays the actual commands that were executed by you oranother user.

Command

47Creating users based on rolesDisplaying the command history

Creating users based on rolesDisplaying the command history

48

Displaying and addingnodes to a cluster


■ About the cluster commands

■ About FileStore installation states and conditions

■ Displaying the nodes in the cluster

■ About including new nodes on the cluster

■ Installing FileStore software on additional nodes

■ Adding a node to the cluster

■ Adding a non-preconfigured node

■ Deleting a node from the cluster

■ Shutting down the cluster nodes

■ Rebooting the nodes in the cluster

About the cluster commandsThis chapter discusses the FileStore cluster commands. You use these commandsto add or delete nodes to your cluster. The cluster commands are defined inTable 3-1.

To access the commands, log into the administrative console (for master orsystem-admin) and enter Cluster> mode.


3Chapter

Table 3-1 Cluster mode commands

DefinitionCommands

Displays the nodes in the FileStore cluster, their states, CPU load, andnetwork load during the past 15 minutes.

See “Displaying the nodes in the cluster” on page 52.

cluster> show

Installs FileStore software on other nodes in the FileStore cluster.This command installs FileStore software only. It does not install theoperating system software.

Note: This command is not supported on a single-node cluster.

See “Installing FileStore software on additional nodes” on page 55.

cluster> install

Adds a new node to the FileStore cluster. A node can be added to thecluster only after FileStore software is installed on the node.

See “Adding a node to the cluster” on page 56.

cluster> add

Deletes a node from the FileStore cluster.

See “Deleting a node from the cluster” on page 58.

cluster> delete

Shuts down a single node or all of the nodes in the FileStore cluster.Use the nodename that is displayed in the show command.

See “Shutting down the cluster nodes” on page 60.

cluster> shutdown

Reboots a single node or all of the nodes in the FileStore cluster. Usethe nodename that is displayed in the show command.

See “Rebooting the nodes in the cluster” on page 61.

cluster> reboot

About FileStore installation states and conditionsTable 3-2 describes FileStore installation states.

Table 3-2 FileStore installation states

DescriptionInstallation state

The operating system has been installed on the host machine and thehost machine is present in the private network of the FileStore cluster.

Need to Install -FileStore NotInstalled

FileStore installation is in progress on the new node. The stage ofinstallation is also shown.

INSTALLING

Displaying and adding nodes to a clusterAbout FileStore installation states and conditions

50

Table 3-2 FileStore installation states (continued)

DescriptionInstallation state

FileStore has been successfully installed on this node and the node isready to be added to the cluster.

INSTALLED

Node is part of the cluster and FileStore processes are running on it.RUNNING

Node is down and/or FileStore processes are not running on it.FAULTED

Node is leaving the cluster gracefullyLEAVING

Node has exited the cluster gracefullyEXITED

Exact state of the node cannot be determinedUNKNOWN

Depending on the cluster condition as described in Table 3-3, output for theCluster> show command changes.

Table 3-3 Cluster conditions and states

DescriptionCondition

State displays as FAULTED, and there is no installation stateor network statistics.

If the node is configured andpart of the cluster, but thenode is powered off.

State displays as FAULTED, and there is no installation stateor network statistics.

If the node is configured andpart of the cluster, but thenode is physically removedfrom the cluster.

State changes from LEAVING to EXITED.If the node is configured andpart of the cluster, but thenode is shutdown using theCluster> shutdown

command.

Node gets deleted from the cluster, and the node is shownunder the installed node list.

If the node is configured andpart of the cluster, and youissue theCluster> delete

command.

51Displaying and adding nodes to a clusterAbout FileStore installation states and conditions

Table 3-3 Cluster conditions and states (continued)

DescriptionCondition

If the system is powered off, the node displays in theinstalled node list for 2-3 minutes, but attempting to addthe node to the cluster will not work, as the system is in apowered-off state. After 2-3 minutes has expired, the nodeis deleted from the installed node list. If the system ispowered on, the node appears in the installed node list.

If the node is installed, butnot part of the cluster, and ispowered off.

Same behavior as above.If the node is installed, butnot part of the cluster, and isphysically removed.

Displaying the nodes in the clusterYou can display all the nodes in the cluster, their states, CPU load, and networkload during the past 15 minutes.

If you use the Cluster> show currentload option, you can display the CPU andnetwork loads collected from now to the next five seconds.

Displaying and adding nodes to a clusterDisplaying the nodes in the cluster

52

To display a list of nodes in the cluster

1 To display a list of nodes that are part of a cluster, and the systems that areavailable to add to the cluster, enter the following:

Cluster> show

Command output includes the following information. See examples below.

Displays the node name if the node has already been added tothe cluster. Displays the unique identifier for the node if it hasnot been added to the cluster.

Example:

node_01

or

35557d4c-6c05-4718-8691-a2224b621920

Node

Displays the state of the node or the installation state of thesystem along with an IP address of the system if it is installed.

See “About FileStore installation states and conditions”on page 50.

State

Indicates the CPU loadCPU

Indicates the network load for the Public Interface 0pubeth0

Indicates the network load for the Public Interface 1pubeth1

2 For nodes already in the cluster, the following is displayed:

Node State CPU(15 min) pubeth0(15 min) pubeth1(15 min)

% rx(MB/s) tx(MB/s) rx(MB/s) tx(MB/s)

------ ------- ----------- -------- -------- -------- --------

sfs_01 RUNNING 1.35 0.00 0.00 0.00 0.00

sfs_02 RUNNING 1.96 0.00 0.00 0.00 0.00

3 For the nodes not yet added to the cluster, they are displayed with uniqueidentifiers.

Node State---- -----4dd5a565-de6c-4904-aa27-3645cf557119 INSTALLED 5.7 (172.16.113.118)bafd13c1-536a-411a-b3ab-3e3253006209 INSTALLING-Stage-3-of-3 INSTALLING-Stage-4-of-4

53Displaying and adding nodes to a clusterDisplaying the nodes in the cluster

4 For host machines with the operating system installed on them that arepresent in the private network of the cluster, they are displayed with a NEEDTO INSTALL state.

Need to Install NodesNode State---- -----3aa5a565-fe6c-6002-bb27-... FileStore Not Installed 172.16.113.1195dd4a335-de6c-4904-aa95-... FileStore Not Installed 172.16.113.120

5 To display the CPU and network loads collected from now to the next fiveseconds, enter the following:

Cluster> show currentload

Example output:

Node State CPU(5 sec) pubeth0(5 sec) pubeth1(5 sec)

% rx(MB/s) tx(MB/s) rx(MB/s) tx(MB/s)

---- ----- ---------- -------- -------- -------- --------

sfs_01 RUNNING 0.26 0.01 0.00 0.01 0.00

sfs_02 RUNNING 0.87 0.01 0.00 0.01 0.00

sfs_03 RUNNING 10.78 27.83 12.54 0.01 0.00

Statistics for network interfaces will be shown for as each public interfaceavailable on the cluster nodes.

About including new nodes on the clusterAfter you have installed the operating system and FileStore software on the firstnode of the cluster, you need to complete the following procedures to include newnodes on the cluster.

Procedures to include new nodes:

■ Install the appropriate operating system software on the additional nodes.You must install the operating system software first before you install theFileStore software binaries on the node. For more information, see theSymantecFileStore Installation Guide.

■ Install the FileStore software binaries on the node.Software installation can run concurrently on multiple new nodes.See “Installing FileStore software on additional nodes” on page 55.

■ Add the node to your existing cluster.

Displaying and adding nodes to a clusterAbout including new nodes on the cluster

54

After the FileStore software has been installed, the node enters the INSTALLEDstate. It can then be added to the cluster and become operational.See “Adding a node to the cluster” on page 56.

Note: Before proceeding, make sure that all of the nodes are physically connectedto the private and public networks.

Installing FileStore software on additional nodesAfter you install the operating system software and the FileStore software on thefirst node of a cluster, you can use the Cluster> install command to installFileStore software on other nodes on the cluster.

Note: This command is not supported on a single-node cluster.

To install FileStore software on other nodes

1 Log in to the first (master) node in the cluster.

2 To install FileStore software on other nodes on the cluster, enter the following:

Cluster> install nodeip[,nodeip,...]

wherenodeip is the IP address of the node where you want to install FileStoresoftware. Specify the nodeip for any node that is in the NEED TO INSTALLstate. To install on multiple nodes, you can enter more than one IP addressseparated by commas.

Example output:

Cluster> install 172.16.0.21

10% [\] Copying installation script to 172.16.0.21

100% [#] FileStore is installing on 172.16.0.21

Cluster> show

Installed/Installing Nodes

Node State

---- -----

44ec2813-d98c-45f7-9949-d5ec9ed5f383 INSTALLING (Stage 1 of 3:

Download install image)

55Displaying and adding nodes to a clusterInstalling FileStore software on additional nodes

Adding a node to the clusterAfter the FileStore software is installed on a new node, the node is assigned atemporary IP address. The address is displayed in the State field in the output forCluster> show.

For example, the temporary IP address shown above is 172.16.113.118. Thetemporary IP address is only used to add the node to the cluster. Only the nodesin the INSTALLED state can be added to the cluster.

See “Adding a non-preconfigured node” on page 57.

Note: This command is not supported in a single-node cluster.

The coordinator disks must be visible on the newly added node as a prerequisitefor I/O fencing to be configured successfully. Without the coordinator disks, I/Ofencing will not load properly and the node will not be able to obtain clustermembership.

See “About I/O fencing” on page 86.

To add the new node to the cluster

1 Log in to FileStore using the master user role.

2 Enter the cluster mode.

3 To add the new node to the cluster, enter the following:

Cluster> add nodeip

where nodeip is the IP address assigned to the INSTALLED node.

For example:

Cluster> add 172.16.113.118

Checking ssh communication with 172.16.113.118 ...done

Configuring the new node .....done

Adding node to the cluster.........done

Node added to the cluster

New node's name is: sfs_02

4 If a problem occurs while you are adding a node to a cluster (for example, ifthe node is temporarily disconnected from the network), do the following tofix the problem:

To recover the node:

■ Power off the node.

Displaying and adding nodes to a clusterAdding a node to the cluster

56

■ Use the Cluster > delete nodename command to delete the node fromthe cluster.

■ Power on the node.

■ Use the Cluster > add nodeip command to add the node to the cluster.

Adding a non-preconfigured nodeA non-preconfigured node is a node that you did not specify as part of the clusterwhen you first installed and configured FileStore software on the cluster.

To add a non-preconfigured node to the cluster

1 Make sure the appropriate operating system is installed on the nodes youwant to add to the cluster.

2 Obtain the IP address ranges, as described in the Symantec FileStoreInstallation Guide, for the public network interfaces of the nodes to beinstalled.

3 Log in to the master account through the FileStore console and access thenetwork mode.

To log in to the FileStore console:

■ Use ssh master@consoleipaddr where consoleipaddr is the console IPaddress.

■ For the password, enter the default password for the master account,master.You can change the password later by using the Admin> password

command.

Note: Changing the default password is important for system security. Ifyou do not change the default password, a warning message appears thenext time you log in.

4 Add each IP address using the following command:

Network> ip addr add ipaddr netmask type [device]

IP is a protocol that allows addresses to be attached to an Ethernet interface.Each Ethernet interface must have at least one address to use the protocol.Several different addresses can be attached to one Ethernet interface. Addthe ipaddr and thenetmask. type is the type of IP address (virtual or physical).device is the device on which the operation takes place. For example, pubeth0.

57Displaying and adding nodes to a clusterAdding a non-preconfigured node

5 To install FileStore software on the new nodes, use the following command:

Cluster> install nodeip[,nodeip,...]

wherenodeip is the IP address of the node where you want to install FileStoresoftware. To install on multiple nodes at the same time, you can enter morethan one IP address, separated by commas.

The FileStore software is automatically installed on all of the nodes youspecify.

6 Enter Cluster> show to display the status of the node installation as itprogresses.

Cluster> show

The following are the three stages when installing FileStore software on anode:

■ INSTALLING (Stage 1 of 3: Download install image)

■ INSTALLING (Stage 2 of 3: Configure network)

■ INSTALLING (Stage 3 of 3: Installing SFS)

The installing state also contains a unique identifier, as in:

Node State

---- -----

4dd5a565-de6c-4904-aa27-3645cf557119 INSTALLED 5.7 (172.16.113.118)

bafd13c1-536a-411a-b3ab-3e3253006209 INSTALLING (Stage 3 of 3...)

7 When all the nodes you want to add are in the INSTALLED state, enter thefollowing command to add the node to the cluster:

Cluster> add nodeip

where nodeip is the IP address of the node you want to add.

Deleting a node from the clusterThis command deletes a node from the cluster. Use the nodename that is displayedin the Cluster> show command.

Note: This command is not supported in a single-node cluster.

Displaying and adding nodes to a clusterDeleting a node from the cluster

58

If the deleted node was in the RUNNING state prior to deletion, that node wouldbe assigned an IP address that can be used to add the node back to the cluster.

See “About including new nodes on the cluster” on page 54.

If the deleted node was not in the RUNNING state prior to deletion, reboot thedeleted node to assign it an IP address which can be used to add the node backinto the cluster. You must first reinstall the operating system and the FileStoresoftware onto the node before adding it to the cluster. Refer to Symantec FileStoreInstallation Guide.

After the node is deleted from the cluster, IP addresses associated with the nodeare free for use by the cluster for new nodes.

Note: When using the Cluster> shutdown or Cluster> delete or Cluster>reboot commands, you cannot use unique identifiers for node names; thesecommands only work with node names.

To delete a node from the cluster

1 To show the current state of all nodes in the cluster, enter the following:

Cluster> show

2 To delete a node from a cluster, enter the following:

Cluster> delete nodename

where nodename is the nodename that appeared in the listing from the showcommand.

For example:

Cluster> delete sfs_01

Stopping Cluster processes on sfs_01 ...........done

deleting sfs_1's configuration from the cluster .....done

Node sfs_1 deleted from the cluster

If you try to delete a node that is unreachable, you will receive the followingwarning message:

This SFS node is not reachable, you have to re-install the

SFS software after deleting it.

Do you want to delete it now? (y/n)

59Displaying and adding nodes to a clusterDeleting a node from the cluster

Shutting down the cluster nodesYou can shut down a single node or all of the nodes in the cluster. Use thenodename that is displayed in the Cluster> show command.

Note: When using the Cluster> shutdown or Cluster> delete commands, youcannot use a unique identifier to specify a node; these commands only work witha node name.

To shut down a node or all the nodes in a cluster

1 To shut down a node, enter the following:

Cluster> shutdown nodename

nodename indicates the name of the node you want to shut down.

For example:

Cluster> shutdown sfsfiler_04

Stopping Cluster processes on sfsfiler_04

Sent shutdown command to sfsfiler_04. SSH sessions to

sfsfiler_04 may terminate.

2 To shut down all of the nodes in the cluster, enter the following:

Cluster> shutdown all

Use all as the nodename if you want to shut down all of the nodes in thecluster.

For example:

Cluster> shutdown all

Stopping Cluster processes on all

SSH sessions to all nodes may terminate.

Sent shutdown command to sfsfiler_02




Displaying and adding nodes to a clusterShutting down the cluster nodes

60

Rebooting the nodes in the clusterYou can reboot a single node or all of the nodes in the cluster. Use the nodenamethat is displayed in the Cluster> show command.

To reboot a node

1 To reboot a node, enter the following:

Cluster> reboot nodename

nodename indicates the name of the node you want to reboot.

For example:

Cluster> reboot sfsfiler_04

Stopping Cluster processes on sfsfiler_04

Sent reboot command to sfsfiler_04. SSH sessions to

sfsfiler_4 may terminate.

2 To reboot all of the nodes in the cluster, enter the following:

Cluster> reboot all

Use all as the nodename if you want to reboot all of the nodes in the cluster.

For example:

Cluster> reboot all

Stopping Cluster processes on all

SSH sessions to all nodes may terminate.

Sent reboot command to sfsfiler_02




61Displaying and adding nodes to a clusterRebooting the nodes in the cluster

Displaying and adding nodes to a clusterRebooting the nodes in the cluster

62

Configuring storage


■ About storage provisioning and management

■ About configuring disks

■ Configuring disks

■ About configuring storage pools

■ Configuring storage pools

■ About performing local replication initialization

■ Detaching one or more pools from the FileStore cluster as a detached pool set

■ Displaying detached pools

■ Attaching a replication storage pool to a FileStore cluster

■ About displaying information for all disk devices

■ Displaying information for all disk devices associated with nodes in a cluster

■ Increasing the storage capacity of a LUN

■ Formatting/reinitializing a disk

■ Removing a disk

■ Displaying WWN information

■ Initiating FileStore host discovery of LUNs

■ Importing pools forcefully

■ About I/O fencing

4Chapter

■ Configuring I/O fencing

■ About quotas for file systems

■ Using quota commands for enabling, disabling, and displaying file systemquotas

■ Using quota commands for setting and displaying file system quotas

■ Setting user quotas for users of specified groups

■ About quotas for CIFS home directories

■ Using quotas for CIFS home directories

■ Displaying the quota values for CIFS home directories

■ About iSCSI

■ About configuring the iSCSI targets

■ Configuring the iSCSI targets

■ About data archive and retention (DAR)

■ How DAR interacts with other FileStore applications

■ Using DAR without Symantec Enterprise Vault

■ Configuring data archive and retention

■ About data deduplication

About storage provisioning and managementStorage provisioning in FileStore focuses on the storage pool, which is comprisedof a set of disks.

The file system commands accept a set of pools as an argument. For example,creating a file system takes one or more pools, and creates a file system over someor all of the pools. A mirrored file system takes multiple pools as an argumentand creates a file system such that each copy of the data resides on a differentpool.

To provision FileStore storage, verify that the Logical Unit Numbers (LUNS) ormeta-LUNS in your physical storage arrays have been zoned for use with theFileStore cluster. The storage array administrator normally allocates and zonesthis physical storage.

Configuring storageAbout storage provisioning and management

64

Use the FileStore Storage> pool commands to create storage pools using disks(the named LUNS). Each disk can only belong to one storage pool. If you try toadd a disk that is already in use, an error message is displayed.

With these storage pools, use the Storage> fs commands to create file systemswith different layouts (for example mirrored, striped, striped-mirror).

The storage commands are defined in Table 4-1.

To access the commands, log into the administrative console (master,system-admin, or storage-admin) and enter the Storage> mode.



DefinitionCommand

Grows a selected disk if it is resized on the storage array.

See “Increasing the storage capacity of a LUN” on page 82.

disk grow

Lists all of the available disks, and identifies which ones you wantto assign to which pools.

See “About displaying information for all disk devices”on page 78.

disk list

Formats/reinitializes a disk forcefully to reinstate it.

See “Formatting/reinitializing a disk” on page 83.

disk format

Removes specified disks from a cluster.

See “Removing a disk” on page 83.

disk remove

Enables file systems for data archive and retention (DAR).

See “Configuring data archive and retention” on page 135.

dar

Allows you to remove redundant data to improve storageutilization for your primary storage.

See “Configuring file system deduplication” on page 143.

dedup

Protects the data integrity if the split-brain condition occurs.

See “About I/O fencing” on page 86.

fencing

Provides commands for configuring your file system.

See “About creating and maintaining file systems” on page 218.

fs

65Configuring storageAbout storage provisioning and management


DefinitionCommand

Prints the World Wide Name (WWN) information for all of thenodes in the cluster.

See “Displaying WWN information” on page 84.

hba

Links data storage facilities.

See “About iSCSI” on page 117.

iscsi

Configures storage pools.

See “About configuring storage pools” on page 69.

pool

Scans all of the SCSI devices connected to all of the nodes in thecluster.

See “Initiating FileStore host discovery of LUNs ” on page 86.

scanbus

Sets a limit on disk quota to restrict certain aspects of the filesystem usage.

See “About quotas for file systems” on page 92.

quota

About configuring disksDisks and pools can be specified in the same command provided the disks are partof an existing storage pool.

The pool and disk that are specified first are allocated space before other poolsand disks.

If the specified disk is larger than the space allocated, the remainder of the spaceis still utilized when another file system is created spanning the same disk.

Table 4-2 Configure disks commands

DefinitionCommand

You can add a new disk to an existing pool. A disk can belong to onlyone pool.

The minimum size of disks required for creating a pool or adding adisk to the pool is 10 MB.

Note:Disks being used for thepool adddisk command must supportSCSI-3 PGR registrations if I/O fencing is enabled.

See “Configuring disks” on page 67.

pool adddisk

Configuring storageAbout configuring disks

66

Table 4-2 Configure disks commands (continued)

DefinitionCommand

You can move disks from one storage pool to another.

Note: You cannot move a disk from one storage pool to another if thedisk has data on it.


pool mvdisk

You can remove a disk from a pool.

Note: You cannot remove a disk from a pool if the disk has data onit.


If a specified disk does not exist, an error message is displayed. If oneof the disks does not exist, then none of the disks are removed.

A pool cannot exist if there are no disks assigned to it. If a diskspecified to be removed is the only disk for that pool, the pool isremoved as well as the assigned disk.

If the specified disk to be removed is being used by a file system, thenthat disk will not be removed.

pool rmdisk

Configuring disksTo add a disk

◆ To add a new disk to an existing pool, enter the following:

Storage> pool adddisk pool_name disk1[,disk2,...]

Specifies the pool to be added to the disk. If the specified poolname is not an existing pool, an error message is displayed.

pool_name

Specifies the disks to be added to the pool.

To add additional disks, use a comma with no spaces between.

A disk can only be added to one pool, so if the entered disk isalready in the pool, an error message is displayed.

disk1,disk2,...

For example:

Storage> pool adddisk pool2 Disk_2

SFS pool Success V-288-0 Disk(s) Disk_2 are added to pool2

successfully.

67Configuring storageConfiguring disks

To move disks from one pool to another

◆ To move a disk from one pool to another, or from an unallocated pool to anexisting pool, enter the following:

Storage> pool mvdisk src_pool dest_pool disk1[,disk2,...]

Specifies the source pool to move the disks from. If the specifiedsource pool does not exist, an error message is displayed.

src_pool

Specifies the destination pool to move the disks to. If the specifieddestination pool does not exist, a new pool is created with thespecified name. The disk is moved to that pool.

dest_pool

Specifies the disks to be moved.

To specify multiple disks to be moved, use a comma with no spacein between.

If a specified disk is not part of the source pool or does not exist,an error message is displayed. If one of the disks to be moveddoes not exist, all of the specified disks to be moved will not bemoved.

If all of the disks for the pool are moved, the pool is removed(deleted from the system), since there are no disks associatedwith the pool.

disk1,disk2,...

For example:

Storage> pool mvdisk p01 pool2 Disk_0

SFS pool Success V-288-0 Disk(s) moved successfully.

Configuring storageConfiguring disks

68

To remove a disk

1 To remove a disk from a pool, enter the following:

Storage> pool rmdisk disk1[,disk2,...]

where disk1,disk2 specifies the disk(s) to be removed from the pool.

An unallocated pool is a reserved pool for holding disks that are removedfrom other pools.

For example:

Storage> pool list

Pool Name List of disks

---------- --------------

pool1 Disk_0 Disk_1

pool2 Disk_2 Disk_5

pool3 Disk_3 Disk_4

Unallocated Disk_6

Storage> pool rmdisk Disk_6

SFS pool Success V-288-987 Disk(s) Disk_6 are removed successfully.

Storage> pool list

Pool Name List of disks

---------- -------------

pool1 Disk_0 Disk_1

pool2 Disk_2 Disk_5

pool3 Disk_3 Disk_4

The Disk_6 disk no longer appears in the output.

2 To remove additional disks, use a comma with no spaces in between.

For example:

Storage> pool rmdisk disk1,disk2

About configuring storage poolsStorage provisioning in FileStore focuses on the concept of pools. Pools are morea logical construct rather than an architectural component. Pools are looselycollections of disks.

In the FileStore context, a disk is a LUN provisioned from a storage array. EachLUN should be provisioned to all FileStore nodes. Disks must be added to poolsprior to use.

69Configuring storageAbout configuring storage pools

During the initial configuration, you use the Storage> commands to create storagepools, to discover disks, and to assign them to pools. Disk discovery and poolassignment are done once. FileStore propagates disk information to all clusternodes.

You must first create storage pools that can be used to build file systems on. Disksand pools can be specified in the same command provided the disks are part ofan existing storage pool.

The pool and disk specified first are allocated space before other pools and disks.

If the specified disk is larger than the space allocated, the remainder of the spaceis still utilized when another file system is created spanning the same disk.

Table 4-3 Configure storage pool commands

DefinitionCommand

Creates storage pools. You can build file systems on top of them.

Note: Disks being used for the Storage> pool create commandmust support SCSI-3 PGR registrations if I/O fencing is enabled.

Note:The minimum size of disks required for creating a pool or addinga disk to the pool is 10 MB.

See “Configuring storage pools” on page 72.

pool create

Displays the pools and associated disks.

A storage pool is a collection of disks from shared storage; the pool isused as the source for adding file system capacity as needed.


pool list

Renames a pool.


pool rename

Destroys storage pools used to create file systems. Destroying a pooldoes not delete the data on the disks that make up the storage pool.


pool destroy

Lists the free space in each of the pools.

Free space information includes:

■ Disk name

■ Free space

■ Total space

■ Use %


pool free

Configuring storageAbout configuring storage pools

70

Table 4-3 Configure storage pool commands (continued)

DefinitionCommand

Configures the disk(s) in the pool.

See “About configuring disks” on page 66.

pool adddisk, poolmvdisk, poolrmdisk

Configures local replication initialization.

See “About performing local replication initialization” on page 75.

pool detachset,poolshowdetached,pool attachset

71Configuring storageAbout configuring storage pools

Configuring storage poolsTo create the storage pool used to create a file system

1 List all of the available disks, and identify which ones you want to assign towhich pools.

Storage> disk list

Disk sfs_01

==== ========

disk1 OK

2 To create a storage pool, enter the following:

Storage> pool create pool_name disk1[,disk2,...]

Specifies what the created storage pool will be named. Thestorage pool name should be a string.

pool_name

Specifies the disks to include in the storage pool. If thespecified disk does not exist, an error message is displayed.Use the Storage> disk list command to view theavailable disks.

Each disk can only belong to one storage pool. If you try toadd a disk that is already in use, an error message isdisplayed.

To specify additional disks to be part of the storage pool,use a comma with no space in between.

disk1, disk2,...

For example:

Storage> pool create pool1 Disk_0,Disk_1

SFS pool Success V-288-1015 Pool pool1 created successfully

100% [#] Creating pool pool1

Configuring storageConfiguring storage pools

72

To list your pools

◆ To list your pools, enter the following:

Storage> pool list

For example:

Storage> pool list

Pool List of disks

--------- -------------

pool1 Disk_0 Disk_1

pool2 Disk_2 Disk_3

pool3 Disk_4 Disk_5

To rename a pool

◆ To rename a pool, enter the following:

Storage> pool rename old_name new_name

Specifies the name for the existing pool that will be changed. Ifthe old name is not the name of an existing pool, an error messageis displayed.

old_name

Specifies the new name for the pool. If the specified new namefor the pool is already being used by another pool, an errormessage is displayed.

new_name

For example:

Storage> pool rename pool1 p01

SFS pool Success V-288-0 Disk(s) Pool rename successful.

73Configuring storageConfiguring storage pools

To destroy a storage pool

◆ To destroy a storage pool, enter the following:

Storage> pool destroy pool_name

where pool_name specifies the storage pool to delete. If the specifiedpool_name is not an existing storage pool, an error message is displayed.

For example:

Storage> pool destroy pool1

SFS pool Success V-288-988 Pool pool1 is destroyed.

Because you cannot destroy an Unallocated storage pool, you need to removethe disk from the storage pool using the Storage> pool rmdisk commandprior to trying to destroy the storage pool.


If you want to move the disk from the unallocated pool to another existingpool, you can use the Storage> pool mvdisk command.


To list free space for pools

◆ To list free space for your pool, enter the following:

Storage> pool free [pool_name]

where pool_name specifies the pool for which you want to display free spaceinformation.

If a specified pool does not exist, an error message is displayed.

If pool_name is omitted, the free space for every pool is displayed, butinformation for specific disks is not displayed.

For example:

Storage> pool free

Pool Free Space Total Space Use%

==== ========== =========== ====

pool_1 0 KB 165.49M 100%

pool_2 0 KB 165.49M 100%

pool_3 57.46M 165.49M 65%

Configuring storageConfiguring storage pools

74

About performing local replication initializationLocal replication initialization allows you to initialize replication locally to somelocally-attached disk array, then physically transport the disk array to the locationof the destination file server, and then resume replication over a network linkonce the replication is configured correctly.

Given that replicating an existing dataset can require delivering many terabytesof data to a remote site, physically transporting the disk array to a new location,then resuming the replication can save significant set up time and network costs.For details on local replication initialization, see theSymantecFileStoreReplicationGuide.

The following operations need to occur to perform replication localsynchronization:

■ Define a set of disk, pools, and file systems that can be removed from the localFileStore cluster.

■ Copy files between a set of file systems or directories and a second set of filesystems or directories, so that when the second set of file systems are movedfrom a local system to a remote system, efficient periodic copying can beresumed without a full second copy operation over the network.

■ Attach a removed (detached) set of disks, pools, and file systems to a second(remote) FileStore cluster one-time after they have been removed from thefirst (local) FileStore cluster.

Table 4-4 lists the Storage> pool commands you use for local replicationinitialization.

Note: The Storage> pool attachset, detachset, and showdetached commandsshould be used for local replication initialization only and not for other purposes.

Table 4-4 Local replication initialization commands

DefinitionCommand

Detaches one or more pools from the FileStore cluster as a detachedpool set.

See “Detaching one or more pools from the FileStore cluster as adetached pool set” on page 76.

pool detachset

Displays the detached pools.

See “Displaying detached pools” on page 77.

pool showdetached

75Configuring storageAbout performing local replication initialization

Table 4-4 Local replication initialization commands (continued)

DefinitionCommand

Attaches a detached pool set to the FileStore cluster.

See “Attaching a replication storage pool to a FileStore cluster”on page 77.

pool attachset

Detaching one or more pools from the FileStorecluster as a detached pool set

The Storage> pool detachset command detaches one or more pools from theFileStore cluster as a detached pool set. You can provide a new name for thedetached pool set. This operation unmounts the file systems, creating a separateddisk group from the named pools, and deports that disk group. Once detached,the storage for those pools can be physically removed from the cluster.

To detach one or more pools from the FileStore cluster

◆ To detach one or more pools from the FileStore cluster, enter the following:

Storage> pool detachset pool1[,pool2,...] detach_poolset_name

Specifies one or more pools to detach from the cluster.

To specify multiple pools to detach, use a comma toseparate the pool names with no space in between thepool names.

pool1, pool2, ...

Indicates the new name for the detached pool set.detach_poolset_name

For example:

Storage> pool detachset pool1 detached_pool1

SFS Storage SUCCESS V-288-1655 Pool detachset completed successfully.

Configuring storageDetaching one or more pools from the FileStore cluster as a detached pool set

76

Displaying detached poolsTo display detached pools

◆ To display detached pools, enter the following

Storage> pool showdetached [detach_poolset_name]

where detach_poolset_name is the name of the detached pool set you want todisplay.

For example:

Storage> pool showdetached

DETACHED_POOLSETNAME POOLSET_ID DETACHED_POOLS

==================== ========== ==============

detached_pool2 1276181004.41.src_01 pool2

DETACHED_POOLSET_DISKS

=======================

ams_wms0_34,ams_wms0_35

Storage> pool showdetached detached_pool2

Detached_poolsetname : detached_pool2

Poolsetid : 1276181004.41.src_01

Detached from Cluster : src

Date : 2010.06.10 20:13:15 IST

All detached fsnames : tgt_fs

Detached filesystem : tgt_fs, Associated pools : pool2

Associated repunit : tgt_ru

All detached pools : pool2

Detached pool : pool2, Disks : ams_wms0_34 ams_wms0_35

Attaching a replication storage pool to a FileStorecluster

The Storage> pool attachset command allows you to attach replication storagepool(s) to a FileStore cluster. At the time the replication storage pool is attached,the file systems or pools that are part of the replication storage poolset, can berenamed by using the pattern newname=oldname.

77Configuring storageDisplaying detached pools

Several file systems or replication storage pools can be renamed by listing severalsuch rename patterns in a comma-separated list, as in:

pool attachset poolset1 newfs1=tgt_fs,newpool2=pool2

To attach a replication storage pool to a FileStore cluster

◆ To attach a replication storage pool(s) to a FileStore cluster, enter thefollowing:

Storage> pool attachset poolset_name

[name_mapping]

Indicates the name of the pool set to attach.poolset_name

Specifies a comma-separated list of pools or file systemname pairs in the form of new_name=old_name thatyou want to rename.

name_mapping

For example:

Storage> pool attachset poolset1

Mount Point is being added...

SFS Storage SUCCESS V-288-1653 Pool attachset completed successfully.

About displaying information for all disk devicesThe Storage> disk list command displays the aggregated information of thedisk devices connected to all of the nodes in the cluster.

Table 4-5 Disk devices commands

DefinitionCommand

Displays a list of disks and nodes in tabular form. Each rowcorresponds to a disk, and each column corresponds to a node.

■ If an OK appears in the table, it indicates that the disk thatcorresponds to that row is accessible by the node that correspondsto that column.

■ If an ERR appears in the table, it indicates that the disk thatcorresponds to that row is inaccessible by the node thatcorresponds to that column. This list does not include the internaldisks of each node.

See “Displaying information for all disk devices associated with nodesin a cluster” on page 79.

disk list stats(default)

Configuring storageAbout displaying information for all disk devices

78

Table 4-5 Disk devices commands (continued)

DefinitionCommand

Displays the disk information, including a list of disks and theirproperties. If the console server is unable to access any disk, but ifany other node in the cluster is able to access that disk, then that diskis shown as "---."


disk list detail

Displays the list of multiple paths of disks connected to all of the nodesin the cluster. It also shows the status of each path on each node inthe cluster.


disk list paths

Displays the enclosure name, array name, and array type for aparticular disk that is present on all of the nodes in the cluster.


disk list types

Displaying information for all disk devices associatedwith nodes in a cluster

Depending on which command variable you use, the column headings will differ.

Indicates the disk name.Disk

Indicates the serial number for the disk.Serial Number

Indicates the type of storage enclosure.Enclosure

Indicates the size of the disk.Size

Indicates the percentage of the disk that is being used.Use%

79Configuring storageDisplaying information for all disk devices associated with nodes in a cluster

ID column consists of the following four fields. A ":" separates thesefields.

■ VendorID - Specifies the name of the storage vendor, for example,HITACHI, IBM, EMC, HP, and so on.

■ ProductID - Specifies the ProductID based on vendor. Each vendormanufactures different products. For example, HITACHI hasHDS5700, HDS5800, and HDS9200 products. These products haveProductIDs such as DF350, DF400, and DF500.

■ TargetID - Specifies the TargetID. Each port of an array is a target.Two different arrays or two ports of the same array have differentTargetIDs. TargetIDs start from 0.

■ LunID - Specifies the ID of the LUN. This should not be confusedwith the LUN serial number. LUN serial numbers uniquely identifya LUN in a target. Whereas a LunID uniquely identifies a LUN inan initiator group (or host group). Two LUNS in the same initiatorgroup cannot have the same LunID. For example, if a LUN isassigned to two clusters, then the LunID of that LUN can bedifferent in different clusters, but the serial number is the same.

ID

Name of the enclosure to distinguish between arrays having the samearray name.

Enclosure

Indicates the name of the storage array.Array Name

Indicates the type of storage array and can contain any one of thethree values: Disk for JBODs, Active-Active, and Active-Passive.

Array Type

To display a list of disks and nodes in tabular form

◆ To display a list of disks and nodes in tabular form, enter the following:

Storage> disk list stats

Disk dev_01 dev_02

========== ======== ========

fas2700_13 OK OK

fas2700_14 OK OK

fas2700_15 OK OK

fas2700_16 OK OK

fas2700_17 OK OK

Configuring storageDisplaying information for all disk devices associated with nodes in a cluster

80

To display the disk information

◆ To display the disk information, enter the following:

Storage> disk list detail

Disk Pool Enclosure Size Use%

==== ==== ========== ==== ====

fas2701_4 pool2 fas2701 1.0G 47.3%

fas2701_5 pool1 fas2701 10.0G 44.2%

fas2701_6 pool2 fas2701 1.0G 4.3%

fas2701_7 pool1 fas2701 1.0G 100.0%

ID Serial Number

========================== =============

NETAPP:LUN%5F311170011:0:1 hpasKJZRKpHK

NETAPP:LUN%5F311170011:0:2 hpasKJZRKpaT

NETAPP:LUN%5F311170011:0:3 hpasKJZRKppB

NETAPP:LUN%5F311170011:0:4 hpasKJZRKqKx

To display the disk list paths

◆ To display the disks multiple paths, enter the following:

Storage> disk list paths

Disk Paths dev_01 dev_02

========== ====== ======================== ========================

fas2700_13 Path 1 secondary,enabled,active secondary,enabled,active






81Configuring storageDisplaying information for all disk devices associated with nodes in a cluster

To display information for all disk devices associated with nodes in a cluster

◆ To display information for all of the disk devices connected to all of the nodesin a cluster, enter the following:

Storage> disk list types

Disk Enclosure Array Name Array Type

========== ========= ========== ==========

fas2700_13 fas2700 FAS270 A/P-C-NETAPP







Increasing the storage capacity of a LUNThe Storage> disk grow command lets you increase the storage capacity of apreviously created LUN on a storage array disk.

Warning: When increasing the storage capacity of a disk, make sure that thestorage array does not reformat it. This will destroy the data. For help, contactyour Storage Administrator.

To increase the storage capacity of a LUN

1 Increase the storage capacity of the disk on your storage array. Contact yourStorage Administrator for assistance.

2 Run the FileStore Storage> scanbus command to make sure that the disk isconnected to the FileStore cluster.

See “Initiating FileStore host discovery of LUNs ” on page 86.

3 To increase the storage capacity of the LUN, enter the following:

Storage> disk grow disk_name

where disk_name is the name of the disk.

For example:

Storage> disk grow Disk_0

SFS disk SUCCESS V-288-0 disk grow Disk_0 completed successfully

Configuring storageIncreasing the storage capacity of a LUN

82

Formatting/reinitializing a diskIf the disk does not belong to any group, the Storage> disk format commanderases the first 100M space on the disk(s). You can only format one disk.

To reformat/reinitialize a disk

◆ To reformat/reinitialize a disk, enter the following:

Storage> disk format disk1

where disk1 is the disk that you want to format/reinitialize.

Removing a diskThe Storage> disk remove command allows you to remove disks from a cluster.This command is helpful in situations when the disk attributes are incorrectlylisted in FileStore.

Note: Only the disks that are not a part of a pool can be removed.

The Storage> disk remove command will not destroy the data on the disk, butit removes the disk from the system's configuration. Rebooting the cluster orrunning scanbus will bring back the disk into the system's configuration. Toremove the disk permanently from the system's configuration, you should removethe disk's mapping from the array.

83Configuring storageFormatting/reinitializing a disk

To remove a disk from a cluster

◆ To remove a disk from a cluster, enter the following:

Storage> disk remove disk1[,disk2,...]

Indicates the first disk name that you want to remove from thecluster.

disk1

Indicates the second disk name that you want to remove fromthe cluster.

Disk names are comma-separated without any spaces betweenthe disk names.

disk2

For example:

Storage> disk remove emc0_03ff

Deleting disk emc0_03ff .......

Deleting disk emc0_03ff .......

Deleting disk emc0_03ff .......... done

Displaying WWN informationThe Storage> hba (Host Bus Adapter) command displays World Wide Name(WWN) information for all of the nodes in the cluster. If you want to find theWWN information for a particular node, specify the node name (host name).

To display WWN information

◆ To display the WWN information, enter the following:

Storage> hba [host_name]

where you can use the host_name variable if you want to find WWNinformation for a particular node.

For example, to display WWN information for all the running nodes in thecluster, enter the following:

Storage> hba

Node Host Initiator HBA WWNs

-------------- -----------------------

democluster_01 21:00:00:1b:32:89:15:5f, 21:01:00:1b:32:a9:15:5f

democluster_02 21:00:00:1b:32:89:71:52, 21:01:00:1b:32:a9:71:52

There are two WWNs on each row that represent the two HBAs for each node.

Configuring storageDisplaying WWN information

84

For example, to display WWN information for a particular node, enter thefollowing:

Storage> hba democluster_01

HBA_Node_Name WWN State Speed

------------- --- ----- -----

20:00:00:1b:32:89:15:5f 21:00:00:1b:32:89:15:5f offline 4_Gbit

20:01:00:1b:32:a9:15:5f 21:01:00:1b:32:a9:15:5f offline unknown

Support_Classes Transmitted_FC_Frames Received_FC_frames

--------------- --------------------- ------------------

Class_3 445606 1815671

Class_3 0 0

Link_Failure_Count

------------------

0

B.Storage>

democluster_01 21:00:00:1b:32:1e:5c:ba, 21:01:00:1b:32:3e:5c:ba

Displays the node name for the Host Bus Adapter(HBA).

HBA_Node_Name

Displays World Wide Name (WWN) information.WWN

Available values include:

■ online

■ offline

State

Displays the speed per second.Speed

Displays the class value from/sys/class/fc_host/${host}/supported_classes.

Support_Classes

Displays a value equal to the number of totaltransmitted serial attached SCSI frames across allprotocols.

Transmitted_FC_Frames

Displays a value equal to the number of total receivedserial attached SCSI frames across all protocols.

Received_FC_frames

Displays a value equal to the value of the LINKFAILURE COUNT field of the Link Error Status.

Link_Failure_Count

85Configuring storageDisplaying WWN information

Initiating FileStore host discovery of LUNsThe Storage> scanbus command scans all of the SCSI devices connected to allof the nodes in the cluster. When you add new storage to your devices, you mustscan for new SCSI devices. You only need to issue the command once and all ofthe nodes discover the newly added disks. And the command updates the deviceconfigurations without interrupting the existing I/O activity. The scan does notinform you if there is a change in the storage configuration. You can see the lateststorage configuration using the Storage> disk list command.

You do not need to reboot after scanbus has completed.

To scan SCSI devices

◆ To scan the SCSI devices connected to all of the nodes in the cluster, enterthe following:

Storage> scanbus

For example:

Storage> scanbus

100% [#] Scanning the bus for disks

Importing pools forcefullyThe Storage> scanbus force command tries to import pools forcefully. Thismay help when using Storage> scanbus alone does not work.

To import pools forcefully

◆ To import pools forcefully, enter the following:

Storage> scanbus [force]

About I/O fencingIn the FileStore cluster, one method of communication between the nodes isconducted through heartbeats over private links. If two nodes cannot verify eachother's state because they cannot communicate, then neither node can distinguishif the failed communication is because of a failed link or a failed partner node.The network breaks into two networks that cannot communicate with each otherbut do communicate with the central storage. This condition is referred to as the"split-brain" condition.

Configuring storageInitiating FileStore host discovery of LUNs

86

I/O fencing (also referred to as disk fencing) protects data integrity if the split-braincondition occurs. I/O fencing determines which nodes are to retain access to theshared storage and which nodes are to be removed from the cluster, to preventpossible data corruption.

To protect the data on the shared disks, each system in the cluster must beconfigured to use I/O fencing by making use of special purpose disks calledcoordinator disks. They are standard disks or LUNs that are set aside for use bythe I/O fencing driver. You can specify three disks as coordinator disks.

The coordinator disks act as a global lock device during a cluster reconfiguration.This lock mechanism determines which node is allowed to fence off data drivesfrom other nodes. A system must eject a peer from the coordinator disks beforeit can fence the peer from the data drives. Racing for control of coordinator disksis how fencing helps prevent split-brain. Coordinator disks cannot be used forany other purpose. You cannot store data on them.

To use the I/O fencing feature, specify the disks that will be used as coordinatordisks; you need three coordinator disks. Your minimum configuration must be atwo-node cluster with FileStore software installed and 3+ disks (three of whichwill be used for the coordinator disk group and the rest of the disks will be usedfor storing data).

See Table 4-6 on page 87.

Table 4-6 I/O fencing commands

DefinitionCommand

Checks the status of I/O fencing. It shows whether the coordinatordisk group is currently enabled or disabled. It also shows the statusof the individual coordinator disks.

See “Configuring I/O fencing” on page 89.

fencing status

Checks if the coordinator disk group has three disks. If not, you willneed to add disks to the coordinator disk pool until three are present.

The minimum LUN size is 10MB.


fencing on

87Configuring storageAbout I/O fencing

Table 4-6 I/O fencing commands (continued)

DefinitionCommand

Replaces a coordinator disk with another disk. The command firstchecks the whether the replacement disks is in failed state or not. Ifits in the failed state, then an error appears.

After the command verifies that the replacement disk is not in a failedstate, it checks whether the replacement disk is already being usedby an existing pool (storage or coordinator). If it is not being used byany pool, the original disk is replaced.

Note: If the disk being replaced is in a failed state, then it is mandatoryto delete the disk from the array. This is required because if the faileddisk comes up and works properly, it can lead to an even number offencing disks, and this affects the functionality.


fencing replace

Disables I/O fencing on all of the nodes. This command does not freeup the coordinator disks.


fencing off

Destroys the coordinator pool if I/O fencing is disabled.

Note: This command is not supported for a single-node cluster.


fencing destroy

Configuring storageAbout I/O fencing

88

Configuring I/O fencingTo check the status of I/O fencing

◆ To check the status of I/O fencing, enter the following:

Storage> fencing status

In the following example, I/O fencing is configured on the three disksDisk_0,Disk_1 and Disk_2 and the column header Coord Flag On indicatesthat the coordinator disk group is in an imported state and these disks are ingood condition. If you check the Storage> disk list output, it will be in theOK state.

IO Fencing Status

============================

Disabled

Disk Name Coord Flag On

============== ==============

Disk_0 Yes

Disk_1 Yes

Disk_2 Yes

89Configuring storageConfiguring I/O fencing

To add disks to the coordinator disk group

◆ To add disks to the coordinator disk group, enter the following:

Storage> fencing on [disk1,disk2,disk3]

The three disks are optional arguments and are required only if thecoordinator pool does not contain any disks. You may still provide three disksfor fencing with the coordinator pool already containing three disks. Thiswill, however, remove the three disks previously used for fencing from thecoordinator pool, and configure I/O fencing on the new disks.

Note: Enabling I/O fencing causes a disruption of FileStore services. It issuggested to bring down the FileStore services, enable I/O fencing, and thenresume FileStore services.

For example:

Storage> fencing on

SFS fencing Success V-288-0 IO Fencing feature now Enabled

100% [#] Enabling fencing


IO Fencing Status

=================

Enabled


============== ==============

Disk_0 Yes

Disk_1 Yes

Disk_2 Yes

Configuring storageConfiguring I/O fencing

90

To replace an existing coordinator disk

◆ To replace the existing coordinator disk, enter the following:

Storage> fencing replace src_disk dest_disk

where src_disk is the source disk and dest_disk is the destination disk.

For example:

Storage> fencing replace Disk_2 Disk_3

SFS fencing Success V-288-0 Replaced disk Disk_2

with Disk_3 successfully.

100% [#] Replacing disk Disk_2 with Disk_3


IO Fencing Status

=================

Enabled


============== ==============

Disk_0 Yes

Disk_1 Yes

Disk_3 Yes

To disable I/O fencing

◆ To disable I/O fencing, enter the following:

Storage> fencing off

For example, to disable fencing if it's already enabled:

Storage> fencing off

SFS fencing Success V-288-0 IO Fencing feature now Disabled

100% [#] Disabling fencing

Note: Disabling I/O fencing causes a disruption of FileStore services. It issuggested to bring down the FileStore services, disable I/O fencing, and thenresume FileStore services.

To destroy the coordinator pool

◆ To destroy the coordinator pool, enter the following:

Storage> fencing destroy

91Configuring storageConfiguring I/O fencing

About quotas for file systemsYou use Storage > quota commands for configuring disk quotas on file systemsfor users and groups.

Users and groups visible through different sources of name service lookup(nsswitch), local users, LDAP, NIS, and Windows users can be configured for filessystems or CIFS home directory quotas.

There are two types of disk quotas:

■ Usage quota (numspace) - limits the amount of disk space that can be used ona file system.The numspace quota value must be an integer with a unit. The minimum unitis KB, because the block size in the underlying Veritas File System (VxFS) is1KB, and VxFS calculates numspace quotas based on the number of KBs. Therange for numspace is from 1K to 9007199254740991(2^53 - 1)K.

■ Inode quota (numinodes) - limits the number of inodes that can be created ona file system.An inode is a data structure in a UNIX or UNIX-like file system that describesthe location of some or all of the disk blocks allocated to the file.The numinodes quota value must be an integer without a unit, and the rangeis from 1 to 9999999999999999999(19bit).0 is valid for numspace and numinodes, which means the quota is infinite.

In addition to setting a limit on disk quotas, you can also define a warning level,or soft quota, whereby the FileStore administrator is informed that they arenearing their limit, which is less than the effective limit, or hard quota. Hard quotalimits can be set so that a user is strictly not allowed to cross quota limits. A softquota limit must be less than a hard quota limit for any type of quota.

Table 4-7 File system quota commands

DefinitionCommand

Enables the quota on a specified file system. If the file system nameis not specified, the quota is enabled for all of the online file systems.

See “Using quota commands for enabling, disabling, and displayingfile system quotas” on page 94.

quota fs enable

Disables the quota on a specified file system. If a file system name isnot specified, the quota is disabled on all of the online file systems.


quota fs disable

Configuring storageAbout quotas for file systems

92

Table 4-7 File system quota commands (continued)

DefinitionCommand

Displays the quota status of the specified file system. If a file systemname is not specified, the command displays the quota status for allof the online file systems. This command only displays whether ornot the quota is enabled.


quota fs status

Sets the quota for the user or group on the specified file system. If afile system name is not specified, the quota for the user name or groupname applies to all of the online file systems.

This command does not set the quota for the CIFS home directories.

See “Using quota commands for setting and displaying file systemquotas” on page 96.

quota fs set

Sets the user quota for users of specified groups.

See “Setting user quotas for users of specified groups” on page 103.

quota fssetbygroup

Sets the quota value for all the users and groups for whom the quotahas already been set withset commands. Other users and groups (forwhom the quota has not been set previously) will not be affected.


quota fs setall

Displays the quota values that are already set for user or group.


quota fs show

Changes the default value used for setting future quotas. Existinguser/group quotas are not changed. If a file system name is notspecified, then the default is set for all of the online file systems exceptthe CIFS home directories.


quota fs setdefault

Displays the default quota values for user or group.


quota fsshowdefault

93Configuring storageAbout quotas for file systems

Using quota commands for enabling, disabling, anddisplaying file system quotas

To enable a file system quota

◆ To enable a file system quota, enter the following:

Storage> quota fs enable [fs_name] [{userquota | groupquota}]

File system name you want to set the quota for.fs_name

User quota can be set with hard/soft limits on usage. Usage isdictated by the number of blocks and number of inodes that canbe created by the user.

userquota

Group quota can be set with hard/soft limits on usage. Usage isdictated by the number of blocks and number of inodes that canbe created by all the users in the group.

groupquota

For example, to enable a quota (user and group) for file system fs1:

Storage> quota fs enable fs1

OK Completed

To disable a file system quota

◆ To disable a file system quota, enter the following:

Storage> quota fs disable [fs_name] [{userquota | groupquota}]



userquota


groupquota

For example, to disable the user quota for file system fs1:

Storage> quota fs disable fs1 userquota

OK Completed

Configuring storageUsing quota commands for enabling, disabling, and displaying file system quotas

94

To display the status of a file system quota

◆ To display the status of a file system quota, enter the following:

Storage> quota fs status [fs_name] [{userquota | groupquota}]



userquota


groupquota

For example, to display the status of a file system quota (enabled or disabled):

Storage> quota fs status

FS name User Quota Group Quota

======= ========== ==========

fsmirror Disabled Disabled

quotafs Enabled Enabled

striped1 Enabled Enabled

fs1 Disabled Enabled

OK Completed

95Configuring storageUsing quota commands for enabling, disabling, and displaying file system quotas

Using quota commands for setting and displaying filesystem quotas

To set the quota value

◆ To set the quota value for a file system, enter the following:

Storage> quota fs set [{userquota | groupquota}] user_or_group_names

domain_name [hardlimit | softlimit] [numinodes | numspace]

[value] [fs_name]

For example, to set the user quota (hardlimit and numinodes) of user qtuseron file system fs1:

Storage> quota fs set userquota qtuser qtdomain hardlimit numinodes

957 fs1

OK Completed

Storage> quota fs show fs1 userquota qtuser

User Quota Details for filesystem fs1:

User Space Soft Hard Inodes Soft Hard

Name Used Space Space Used Inodes Inodes

===== ===== ===== ===== ===== ===== ====

qtuser 0 0 0 0 0 957

OK Completed

User quota can be set with hard/soft limits on usage. Usage is dictated by the number ofblocks and number of inodes that can be created by the user.

userquota

Group quota can be set with hard/soft limits on usage. Usage is dictated by the number ofblocks and number of inodes that can be created by all the users in the group.

groupquota

Name of the user or the name of the group for which a quota value is set.

You can specify a comma-separated list of user or group names.

To delete quota values for a user, you have to set all the user quota entries to 0. A user witha UID of 0 is not allowed in a Storage> quota fs set command.

A 0 indicates there is no limitation on the file system.

user_or_group_name

You can specify a domain name when setting file system quotas.

Domain name is the first section of the domain, for example:

symantec.filestore.com

The domain name is symantec in the example above.

domain_name

Configuring storageUsing quota commands for setting and displaying file system quotas

96

Hard quota limits (hardlimit) can also be set so that you are not allowed to exceed the quotalimits.

hardlimit

A quota limit can be set as a soft quota limit (soflimit) where you are warned against exceedingthe quota limits, and there is a grace period during which you are allowed to exceed thequota limits. After the grace period is over, you will not be allowed to exceed the quota limits.

The soflimit has to be less than the hardlimit for any type of quota.

softlimit

Inode quota for the file system.numinodes

Usage quota (numspace) for the file system.numspace

Quota value for the users or groups on a file system.

If a value is not provided, the default value set from using the Storage> quota fs

setdefault command is used.

If Storage> quota fs setdefault is set for particular file systems, then that defaultvalue has precedence.

value


97Configuring storageUsing quota commands for setting and displaying file system quotas

To set all quota values

◆ To set all of the quota values, enter the following:

Storage> quota fs setall [{userquota | groupquota}]

[hardlimit | softlimit] [numinodes | numspace]

[value] [fs_name]

For example, to set all existing user quotas to default values:

Storage> quota fs show fs1




===== ===== ====== ====== ===== ====== =====

a1 0 0 10G 0 1000 10000

qtuser 0 0 0 0 0 957

qtuser2 0 1000K 0 0 0 0

Storage> quota fs setall userquota

OK Completed

Storage> quota fs show fs1




======= ===== ===== ===== ==== ==== =====

a1 0 0 10G 0 1000 1000

qtuser 0 0 0 0 0 1000

qtuser2 0 1000K 0 0 0 1000

User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocksand number of inodes that can be created by the user.

userquota

Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocksand number of inodes that can be created by all the users in the group.

groupquota

Hard quota limit.hardlimit

Soft quota limit.softlimit


Usage quota for the file system.numspace


98




IfStorage> quota fs setdefault is set for particular file systems, then that default valuehas precedence.

If a value is 0 is entered, it is treated as an unlimited quota. If all values for a user or groupquota are 0, the user or group is automatically deleted from the quota settings, which meansthat theStorage> quota fs status command will not show this user's or group's settings,as all quota values are treated as an unlimited quota.

value

To display the file system settings

◆ To display the file system settings, enter the following:

Storage> quota fs show [fs_name] [{userquota | groupquota}]

[user_or_group_names]

For example, to display quota values for the file system:

Storage> quota fs show

User Quota Details for filesystem quotafs:

User Space Soft Hard Files Soft Hard

Name Used Space Space Used Files Files

========== ===== ====== ======= ===== ===== ======

quotauser 10M 1M 20M 1 5 1000

quotauser 9M 1M 10M 1 0 0

qtuser 10M 10M 20M 9 5 1000

qtuser2 19M 5M 20M 1 0 1000




====== ====== ===== ===== ===== ===== =====

a1 0 0 10G 0 1000 1000

qtuser 0 0 0 0 0 1000

qtuser2 0 1000K 0 0 0 1000

User Quota Details for filesystem longfilesystemnameforqt:



====== ===== ===== ===== ===== ==== =====

qtuser 0 0 0 0 901 1000

OK Completed



User quota can be set with hard/soft limits on usage. Usage is dictated by the numberof blocks and number of inodes that can be created by the user.

userquota

Group quota can be set with hard/soft limits on usage. Usage is dictated by the numberof blocks and number of inodes that can be created by all the users in the group.

groupquota



To delete quota values for a user, you will have to set all the user quota entries to 0.A user with a UID of 0 is not allowed in a Storage> quota fs set command.

user_or_group_names


100

To set the default quota values

◆ To set the default quota values, enter the following:

Storage> quota fs setdefault [{userquota | groupquota}]

hardlimit | softlimit numinodes | numspace [value] [fs_name]


userquota


groupquota








If Storage> quota fs setdefault is set for particular file systems, then that defaultvalue has precedence.


value


For example, to set the default group quota value:

Storage> quota fs setdefault groupquota hardlimit numspace 1T

OK Completed


To display the default values

◆ To display the default values, enter the following:

Storage> quota fs showdefault [fs_name] [{userquota | groupquota}]



userquota


groupquota

For example, to display the default quota values:

Storage> quota fs showdefault

Default Quota values:

=====================

Title User/Group Soft Hard Soft Hard

Quota Space Space Files Files

===== =========== ====== ====== ====== =====

Default Quota User Quota - - - 1000

Default Quota Group Quota - 1T - -

Per FS default Quota values:

========================================

FS User/Group Soft Hard Soft Hard

Name Quota Space Space Files Files

===== ============= ===== ===== ===== =====

fs1 User Quota - - - 1000

OK Completed


102

Setting user quotas for users of specified groupsTo set user quotas for users of specified groups

103Configuring storageSetting user quotas for users of specified groups

◆ To set user quotas on users of specified groups, enter the following:

Storage> quota fs setbygroup [group_names] [domain_name]

[hard_or_soft_limit] [numinodes_or_numspace]

[value] [fs_name]

For example, to set the user quota for users of local groups:

Storage> quota fs setbygroup cifsgrp1,cifsgrp2 local softlimit

numspace 50M fs3

OK Completed





======== ====== ====== ====== ====== ======= ======

cifsusr1 0 50M 0 0 0 0

cifsusr2 0 50M 0 0 0 0

cifsusr3 0 50M 0 0 0 0

OK Completed

Storage> cifs local group show cifsgrp1

GroupName UsersList

--------- ---------

cifsgrp1 cifsusr2,cifsusr1

Storage> cifs local group show cifsgrp2

GroupName UsersList

--------- ---------

cifsgrp2 cifsusr3

For example, to set the user quota for users of the winbind group:

Storage> quota fs setbygroup "domain users" javadom

hardlimit numspace 50M fs2

OK Completed





======================= ===== ===== ===== ====== ====== ======

JAVADOM\administrator 0 0 50M 0 0 0

Configuring storageSetting user quotas for users of specified groups

104

JAVADOM\krbtgt 0 0 50M 0 0 0

JAVADOM\support_388945a0 0 0 50M 0 0 0

JAVADOM\java 0 0 50M 0 0 0

JAVADOM\power 0 0 50M 0 0 0

JAVADOM\james 0 0 50M 0 0 0

JAVADOM\12345 0 0 50M 0 0 0

JAVADOM\space 0 0 50M 0 0 0

OK Completed

About quotas for CIFS home directoriesYou use Storage> quota cifshomedir commands to configure quotas for CIFShome directories. Users and groups visible through different sources of nameservice lookup (nsswitch), local users, LDAP, NIS, and Windows users can beconfigured for CIFS home directory quotas.

Default values are entered in a configuration file only. The actual application ofthe quota is done with the set and setall commands using the default valuesprovided.

When a CIFS home directory file system is changed, quota information for a user'shome directory is migrated from the existing home directory file system to thenew home directory file system.

Quota migration results are based on the following logic:

■ Case 1:In the case where the existing home directory file system is NULL, you can setthe new home directory file system to be multiple file systems (for example,fs1, fs2). If the multiple file systems previously had different quota values, thequota status and values from the first file system are migrated to other filesystems in the new home directory. The first file system is the template. Onlythe user/group quota values that existed on the first file system are migrated.Other user/group quota values remain the same on the other file system.

For example, assume the following:

■ The new home directory file systems are fs1 and fs2.

■ user1, user2, and user3 have quota values on fs1.

■ user2, user3, and user4 have quota values on fs2.

For the migration, user/group quota values for user1, user2, and user3 aremigrated from fs1 to fs2. Quota values for user4 are kept the same on fs2, anduser4 has no quota values on fs1.

■ Case 2:

105Configuring storageAbout quotas for CIFS home directories

When the existing home directory file systems are already set, and you changethe file systems for the home directory, the quota status and values need tobe migrated from the existing home directory file systems to the new filesystems. For this migration, the first file system in the existing home directoryacts as the template for migrating quota status and values.For example, if the existing home directory file systems are fs1 and fs2, andthe file systems are changed to fs2, fs3, and fs4, then the user/group quotavalues on fs1 are migrated to fs3 and fs4. Other user/group values on fs3 andfs4 remain the same.

Table 4-8 CIFS home directory quota commands

DefinitionCommand

Changes the default value that will be used for setting future quotason the CIFS home directories. Existing user/group quotas are noteffected.

See “Using quotas for CIFS home directories” on page 108.

quota cifshomedirsetdefault

Displays the default values for the CIFS home directories.


quota cifshomedirshowdefault

Sets the quota value for the users or groups for the CIFS homedirectories.


quota cifshomedirset

Sets the quota value for all users and groups for whom the quota hasalready been set with set commands.


quota cifshomedirsetall

Enables the quota of the CIFS home directories.


quota cifshomedirenable

Disables the quota of the CIFS home directories.


quota cifshomedirdisable

Displays the status of the quota of the CIFS home directories. Thiscommand only displays whether or not the quota is enabled.


quota cifshomedirstatus

Configuring storageAbout quotas for CIFS home directories

106

Table 4-8 CIFS home directory quota commands (continued)

DefinitionCommand

Displays the general quota values on the CIFS home directories peruser or group. This command also displays the consumed (used space)quota for users or groups.

See “Displaying the quota values for CIFS home directories”on page 115.

quota cifshomedirshow

Displays the detailed quota values already set on each file system forCIFS home directories. This command also displays the consumed(used space) quota for users or groups on each file system for the CIFShome directories.

See “Displaying the quota values for CIFS home directories”on page 115.

quota cifshomedirshowdetail

107Configuring storageAbout quotas for CIFS home directories

Using quotas for CIFS home directoriesTo set the default value used for quota limits for CIFS home directories

◆ To set the default value used for quota limits for CIFS home directories, enterthe following:

Storage> quota cifshomedir setdefault userquota | groupquota

hardlimit | softlimit numinodes | numspace [value]


userquota


groupquota






If a value is not specified, then the value is 0.

If Storage> quota fs setdefault is set for particular filesystems, then that default value has precedence.

If a value is 0 is entered, it is treated as an unlimited quota. If allvalues for a user or group quota are 0, the user or group isautomatically deleted from the quota settings, which means thatthe Storage> quota fs show command will not show thisuser's or group's settings, as all quota values are treated as anunlimited quota.

value

For example, to set the default CIFS home directory user quota value:

Storage> quota cifshomedir setdefault userquota hardlimit

numspace 2T

OK Completed

Configuring storageUsing quotas for CIFS home directories

108

To display default quota values for CIFS home directories

◆ To display the default quota values of the CIFS home directories, enter thefollowing:

Storage> quota cifshomedir showdefault [userquota | groupquota]


userquota


groupquota

For example, to display the default CIFS home directory quota values:

Storage> quota cifshomedir showdefault

CIFS homedir default Quota values:

==============================================

User/Group Quota Soft Space Hard Space Soft Inodes Hard Inodes

================ ========== ========== =========== ===========

User Quota - 2T - -

Group Quota - - - -

OK Completed

109Configuring storageUsing quotas for CIFS home directories

To set a quota for CIFS home directories

◆ To set a quota for the user or group for CIFS home directories, enter thefollowing:

Storage> quota cifshomedir set userquota | groupquota

user_or_group_names [domainname] [hardlimit | softlimit]

[numinodes | numspace] [value]

For example, to set the user quota (hardlimit and numinodes) of user qtuseron CIFS home directories:

Storage> quota cifshomedir set userquota qtuser qtdomain hardlimit

numinodes 6549

Storage> quota cifshomedir show

User Quota Details for CIFS homedirfs:


Name Used Space Space Used Inodes Indoes

======== ===== ===== ====== ===== ====== ======

qtuser 0 20M 100M 0 1000 6549

OK Completed

User quota can be set with hard/soft limits on usage. Usage is dictated by the numberof blocks and number of inodes that can be created by the user.

userquota

Group quota can be set with hard/soft limits on usage. Usage is dictated by the numberof blocks and number of inodes that can be created by all the users in the group.

groupquota



To delete quota values for a user, you will have to set all the user quota entries to 0.

A user with a UID of 0 is not allowed in a Storage> quota fs set command.

user_or_group_names

Domain name is the first section of the domain.

For example, in

symantec.filestore.com

the domain name is symantec.

domainname




110



Quota value for the CIFS home directories.



If Storage> quota fs setdefault is set for particular file systems, then thatdefault value has precedence.

If a value is 0 is entered, it is treated as an unlimited quota. If all values for a user orgroup quota are0, the user or group is automatically deleted from the quota settings,which means that the Storage> quota fs status command will not show thisuser's or group's settings, as all quota values are treated as an unlimited quota.

value


To set the quota value for all users and groups

◆ To set the quota value for all users and groups for whom the quota has alreadybeen set with the set commands, enter the following:

Storage> quota cifshomedir setall userquota | groupquota

[hardlimit | softlimit] [numinodes | numspace]

[value]

Other users and groups (for whom quota has not been set previously) will notbe affected.

For example, to set all existing user quotas for CIFS home directories:





======= ====== ====== ===== ===== ====== ======

qtuser 0 20M 100M 0 1000 6549

OK Completed

Storage> quota cifshomedir setall userquota softlimit

numinodes 198

OK Completed





===== ===== ====== ====== ===== ====== ======

qtuser 0 20M 100M 0 198 6549

OK Completed


userquota


groupquota





112


Quota value for CIFS home directories for whom the quota has already been set with set

commands.



IfStorage> quota fs setdefault is set for particular file systems, then that default valuehas precedence.


value

To enable the quota for CIFS home directories

◆ To enable the quota for CIFS home directories, enter the following:

Storage> quota cifshomedir enable [userquota | groupquota]


userquota


groupquota

For example, to enable quotas (user and group quotas) for CIFS homedirectories:

Storage> quota cifshomedir enable

OK Completed


To disable the quota for CIFS home directories

◆ To disable the quota for the CIFS home directories, enter the following:

Storage> quota cifshomedir disable [userquota | groupquota]


userquota


groupquota

For example, to disable the group quota for CIFS home directories:

Storage> quota cifshomedir disable groupquota

OK Completed

To display the status of the quota for CIFS home directories

◆ To display the quota status of the CIFS home directories, enter the following:

Storage> quota cifshomedir status [userquota | groupquota]

Displays only if the quota is enabled or disabled.


userquota


groupquota

For example, to display the status of a CIFS home directory quota (enabledor disabled):

Storage> quota cifshomedir status

FS name User Quota Group Quota

======= ========== ==========

CIFS homedirectories Enabled Disabled

OK Completed


114

Displaying the quota values for CIFS homedirectoriesTo display the quotas for CIFS home directories

◆ To display the quotas for the CIFS home directories, enter the following:

Storage> quota cifshomedir show [userquota | groupquota]

[user_or_group_names] [domain_name]


userquota


groupquota





user_or_group_names

You can display the domain name that was set when setting file system quotas.

Domain name is the first section of the domain, as in symantec.filestore.com. Thedomain name is symantec.

domain_name

For example, to display general quota information for a CIFS home directoryfor both userquota and group quota:

Storage> quota cifshomedir showUser Quota Details for CIFS homedirfs:User Name Space Used Soft Space Hard Space Inodes Used Soft Inodes Hard Inodes========= ========== ========== ========== =========== =========== ===========user06 0 30M 50M 0 0 0user07 0 0 0 0 300 500Group Quota Details for CIFS homedirfs:Group Name Space Used Soft Space Hard Space Inodes Used Soft Inodes Hard Inodes========= ========== ========== ========= =========== =========== ===========group01 0 400M 600M 0 0 0group02 0 0 0 0 60000 80000OK Completed

TheStorage> quota cifshomedir show command does not display the file systemname in the output.

115Configuring storageDisplaying the quota values for CIFS home directories

The CIFS home directory is created on one of the CIFS home directory file systems.FileStore sets CIFS home directory quotas on all of the CIFS home directory filesystems. TheStorage> quota cifshomedir show userquota username commanddisplays the quota and usage information on the file system on which the CIFShome directory is created.

For example, if homedirfs=fs1,fs2, and the home directory of user1 is created onfs1, and the home directory of user2 is created on fs2, then the Storage> quota

cifshomedir show userquota user2 command displays the CIFS home directoryquota and usage on fs2.

To display the quota values that are already set on each file system for the CIFShome directories

◆ To display the quota values that are already set on each file system for theCIFS home directories, enter the following:

Storage> quota cifshomedir showdetail [userquota | groupquota]

[user_or_group_names] [domain_name]


userquota


groupquota





user_or_group_names

You can display the domain name that was set when setting file system quotas.

Domain name is the first section of the domain, as in symantec.filestore.com. Thedomain name is symantec.

domain_name

For example, to display quota information on CIFS home directory file systemsfs1 and fs2 for both userquota and groupquota:

Configuring storageDisplaying the quota values for CIFS home directories

116

Storage> quota cifshomedir showdetailUser Quota Details for filesystem fs1:User Name Space Used Soft Space Hard Space Inodes Used Soft Inodes Hard Inodes========== ========== ========== ========== ========== ========== ==========user06 0 30M 50M 0 0 0user07 0 0 0 0 300 500User Quota Details for filesystem fs2:User Name Space Used Soft Space Hard Space Inodes Used Soft Inodes Hard Inodes========== ========== ========== ========== ========== ========== ==========user06 0 30M 50M 0 0 0user07 0 0 0 0 300 500Group Quota Details for filesystem fs1:Group Name Space Used Soft Space Hard Space Inodes Used Soft Inodes Hard Inodes========== ========== ========== ========== ========== ========== ==========group01 0 400M 600M 0 0 0group02 0 0 0 0 60000 80000Group Quota Details for filesystem fs2:Group Name Space Used Soft Space Hard Space Inodes Used Soft Inodes Hard Inodes========== ========== ========== ========== ========== ========== ==========group01 0 400M 600M 0 0 0group02 0 0 0 0 60000 80000OK Completed

The file system name displays in the output for the Storage> quota cifshomedir

showdetail command.

About iSCSIThe Internet Small Computer System Interface (iSCSI) is an Internet protocol-basedstorage networking standard that links data storage facilities. By carrying SCSIcommands over IP networks, iSCSI facilitates data transfers over Intranets andmanages storage over long distances.

The iSCSI feature allows FileStore servers to use iSCSI disks as shared storage.

Table 4-9 iSCSI commands

DefinitionCommand

Displays the status of the iSCSI initiator service.

See “Configuring the iSCSI initiator” on page 119.

iscsi status

Starts the iSCSI initiator service.


iscsi start

117Configuring storageAbout iSCSI

Table 4-9 iSCSI commands (continued)

DefinitionCommand

Stops the iSCSI initiator service.


iscsi stop

Adds a device for use with the iSCSI initiator. iSCSI initiatorconnections use this device to connect to the target. If there are anyexisting targets, then the iSCSI initiator initiates a connection to alltargets by way of device.


iscsi device add

Deletes a device from the iSCSI configuration. Any existingconnections by way of thedevice to targets is terminated. Ifdeviceis the last device in the iSCSI initiator configuration, and there areexisting targets, then the device cannot be deleted from theconfiguration.


iscsi device del

Lists the devices used by the iSCSI initiator.


iscsi device list

Adds a discovery address to the iSCSI initiator configuration. If noTCP port is specified with thediscovery-address, then the defaultport 3260 is used. Any targets discovered at discovery-addressare automatically logged in.


iscsi discovery add

Deletes a discovery address from the iSCSI initiator configuration.Any targets discovered using discovery-address are also deletedfrom the configuration.


iscsi discovery del

Performs discovery of changes in targets or LUNs atdiscovery-address. Any LUNs or targets that have been removedat discovery-address will be automatically removed from theconfiguration. New LUNs or targets discovered atdiscovery-address will be automatically added and logged into.


iscsi discoveryrediscover

Lists the discovery address present in the iSCSI initiator configuration.


iscsi discovery list

Configuring storageAbout iSCSI

118

Table 4-9 iSCSI commands (continued)

DefinitionCommand

Sets the prefix used to generate initiator names. Initiator names aregenerated asinitiator-name-prefix followed by the node numberof the node.

See “Configuring the iSCSI initiator name” on page 120.

iscsi initiatorname setprefix

Lists the initiator names for all nodes in the cluster.

See “Configuring the iSCSI device” on page 120.

iscsi initiatorname list

Configuring the iSCSI initiatorTo display the iSCSI initiator service

◆ To display the status of the iSCSI initiator server, enter the following:

Storage> iscsi status

For example:

iSCSI Initiator Status on sfs_01 : ONLINE


To start the iSCSI initiator service

◆ To start the iSCSI initiator service, enter the following:

Storage> iscsi start

For example:

Storage> iscsi start





To stop the iSCSI initiator service

◆ To stop the iSCSI initiator service, enter the following:

Storage> iscsi stop

For example:

Storage> iscsi stop


iSCSI Initiator Status on sfs_01 : OFFLINE

iSCSI Initiator Status on sfs_02 : OFFLINE

Configuring the iSCSI initiator nameTo display the iSCSI initiator names

◆ To display the iSCSI initiator names, enter the following:

Storage> iscsi initiator name list

For example:

Storage> iscsi initiator name list

Node Initiator Name

---- --------------

sfs_01 iqn.2009-05.com.test:test.1

sfs_02 iqn.2009-05.com.test:test.2

To configure the iSCSI initiator name

◆ To configure the iSCSI initiator name, enter the following:

Storage> iscsi initiator name setprefix initiatorname-prefix

where initiatorname-prefix is a name that conforms to the naming rules forinitiator and target names as specified in RFC3721. Initiator names for nodesin the cluster are generated by appending the node number to this prefix.

For example:

Storage> iscsi initiator name setprefix iqn.2009-05.com.test:test

Configuring the iSCSI deviceThe iSCSI initiator contains a list of devices from which connections are made totargets.


120

To display the list of devices

◆ To display the list of devices, enter the following:

Storage> iscsi device list

For example:


Device

------

pubeth0

pubeth1

To add an iSCSI device

◆ To add an iSCSI device, enter the following:

Storage> iscsi device add device

where device is the device where the operation takes place.

For example:

Storage> iscsi device add pubeth1


Device

------

pubeth0

pubeth1

To delete an iSCSI device

◆ To delete an iSCSI device, enter the following:

Storage> iscsi device delete device

where device is the device where the operation takes place.

For example:

Storage> iscsi device add pubeth1


Device

------

pubeth0


Configuring discovery on iSCSIThe iSCSI initiator contains a list of discovery addresses.

To display the iSCSI discovery addresses

◆ To display the iSCSI discovery addresses, enter the following:

Storage> iscsi discovery list

For example:


Discovery Address

-----------------

192.168.2.14:3260

192.168.2.15:3260


122

To add a discovery address to the iSCSI initiator

◆ To add a discovery address to the iSCSI initiator, enter the following:

Storage> iscsi discovery add discovery-address

wherediscovery-address is the target address at which an initiator can requesta list of targets using a SendTargets text request as specified in iSCSI protocolof RFC3720. If no port is specified with the discovery address, default port3260 is used.

For example:

Storage> iscsi discovery add 192.168.2.15:3260

Discovery CHAP credentials for sfs_1:

Outgoing CHAP Username : root

Outgoing CHAP Password : ********

Incoming CHAP Username :

Authentication succeeded.

Discovered Targets

------------------

iqn.2001-04.com.example:storage.disk2.sys3.xyz




Logging into target iqn.2001-04.com.example:storage.disk2.sys3.xyz





Discovery Address

-----------------

192.168.2.14:3260

192.168.2.15:3260


To delete an iSCSI discovery address

◆ To delete the targets discovered using this discovery address, enter thefollowing:

Storage> iscsi discovery del discovery-address


For example:

Storage> iscsi discovery del 192.168.2.15:3260


Discovery Address

-----------------

192.168.2.14:3260

To rediscover an iSCSI discovery address

◆ To rediscover an iSCSI discovery address, enter the following:

Storage> iscsi discovery rediscover discovery-address


For example:

Storage> iscsi discovery rediscover 192.168.2.15:3260

Deleted targets

-----------------


New targets

-----------------

iqn.2001-04.com.example:storage.disk6.sys3.new.xyz

Logging into target iqn.2001-04.com.example:storage.disk6.sys3.new.xyz


124

About configuring the iSCSI targetsiSCSI target commands allow you to view or manipulate targets discovered usingthe iscsi discovery add command, or statically added targets using the iscsitarget add command. The iscsi target list command lists all the targetsvisible to the iSCSI initiator. To get detailed information about a target, use theiscsi target listdetail targetname command.

Table 4-10 iSCSI target commands

DefinitionCommand

Adds a static target-portal combination to the iSCSI initiatorconfiguration. The portal-address cannot be the same as anydiscovery-address present in the iSCSI initiator configuration.Connections to portal-address are made for target-name, butno discovery is done for any other targets available atportal-address. If no portal tag is specified withportal-address,the default portal tag of 1 is used.

See “Configuring the iSCSI targets” on page 127.

iscsi target add

Deletes a targettarget-name from the iSCSI initiator configuration.Any existing connections to target-name are terminated.discovery-address or portal-address is the address throughwhich the target becomes visible to the initiator. A target that wasdiscovered at a discovery-address once deleted from an iSCSIinitiator configuration will again be visible to an iSCSI initiator ifre-discovery is done either through isci discovery rediscover

or scanbus commands.


iscsi target del

Allows login to a target target-name from an iSCSI initiator.Connections to target-name are made from all devices present inan iSCSI initiator configuration. discovery-address orportal-address is the address through which the target becomesvisible to the initiator. A target once logged out by the iSCSI initiatoris not logged in until iscsi target login is requested.


iscsi target login

125Configuring storageAbout configuring the iSCSI targets

Table 4-10 iSCSI target commands (continued)

DefinitionCommand

Allows logout from connections to target-name from the iSCSIinitiator. discovery-address or portal-address is the addressthrough which the target becomes visible to the initiator. A targetonce logged out by the iSCSI initiator is not logged in until iscsitarget login is requested.


iscsi target logout

Allows a static target to scan for new LUNs.


iscsi target rescan

Lists the targets visible to the iSCSI initiator.


iscsi target list

Lists detailed information about the target.


iscsi targetlistdetail

Configuring storageAbout configuring the iSCSI targets

126

Configuring the iSCSI targetsTo display the iSCSI targets

◆ To display the iSCSI targets, enter the following:

Storage> iscsi target list

For example:

Storage> iscsi target list

Target

------





iqn.2001-04.com.example2:storage.disk2.sys3.xyz




Discovery Address State Disk

------------------ ----- -----

192.168.2.14:3260 ONLINE disk_0

192.168.2.14:3260 ONLINE disk_2

192.168.2.14:3260 ONLINE disk_3

192.168.2.14:3260 ONLINE disk_1

192.168.2.15:3260 ONLINE disk_4

192.168.2.15:3260 ONLINE disk_5

192.168.2.15:3260 ONLINE disk_6

192.168.2.15:3260 ONLINE disk_7

127Configuring storageConfiguring the iSCSI targets

To display the iSCSI target details

◆ To display the iSCSI target details, enter the following:

Storage> iscsi target listdetail target

where target is the name of the node you want to display the details for.

For example:

Storage> iscsi target listdetail iqn.2001-04.com.example:

storage.disk2.sys3.xyz

Discovery Address : 192.168.2.14:3260

Connections

===========

Portal Address sfs_01 sfs_02

-------------- ----- -----

192.168.2.14:3260,1 2 2

To add an iSCSI target

◆ To add an iSCSI target, enter the following:

Storage> iscsi target add target-name portal-address

Name of the iSCSI target at which SCSI LUNs are available.target-name should conform to the naming rules defined inRFC3721.

target-name

The location where the target is accessible.portal-address

For example:

Storage> iscsi target add iqn.2001-04.com.example:

storage.disk2.sys1.xyz 192.168.2.14:3260

Logging into target iqn.2001-04.com.example:


Storage> iscsi target listdetail iqn.2001-04.com.example:


Connections

===========

Portal Address sfs55_01 sfs55_02

-------------- -------- --------

192.168.2.14:3260,1 1 1

Configuring storageConfiguring the iSCSI targets

128

To delete an iSCSI target

◆ To delete an iSCSI target, enter the following:

Storage> iscsi target del target-name

{discovery-address|portal-address}


target-name

Target address at which an initiator can request a list of targetsusing aSendTargets text request as specified in iSCSI protocolof RFC3720. If no port is specified with the discovery address,default port 3260 is used.

discovery-address


For example:

Storage> iscsi target del iqn.2001-04.com.example:


To login to an iSCSI target

◆ To login to an iSCSI target, enter the following:

Storage> iscsi target login target-name

{discovery-address | portal-address}


target-name


discovery-address


For example:

Storage> iscsi target login iqn.2001-04.com.example:


129Configuring storageConfiguring the iSCSI targets

To logout from an iSCSI target

◆ To logout from an iSCSI target, enter the following:

Storage> iscsi target logout target-name

{discovery-address | portal-address}


target-name


discovery-address


For example:

Storage> iscsi target logout iqn.2001-04.com.example:


To rescan static targets for new LUNs

◆ To rescan a static target for new LUNs, enter the following:

Storage> iscsi target target-name

where target-name is the name of the iSCSI target that you want to rescan.

About data archive and retention (DAR)The FileStore data archive and retention feature enables you to create WORM(write once, read many)-enabled file systems for data archiving.

DAR-enabled file systems are protected against accidental or deliberate fileremoval and tampering. This feature is important for installations that must meetcorporate requirements to ensure that data is archived reliably and securely overa long period of time.

Once a file system is created in FileStore, you can use the Storage> dar commandto mark the file system as DAR-enabled and specify the minimum, maximum, anddefault retention times for WORM files in the archive. After a file system isDAR-enabled, you can use Symantec Enterprise Vault to configure a file as WORMand specify a specific retention time.

Configuring storageAbout data archive and retention (DAR)

130

Marking a file system as DAR-enabled and setting the range of retention times iscontrolled by FileStore. Marking a file as a WORM file and choosing a retentiontime for the file are controlled by Enterprise Vault. Retention times set for thefile must be compatible with the minimum and maximum retention timesconfigured by the Storage> dar enable command. If no retention time is set,the default FileStore retention time is used.

FileStore enforces the immutability of WORM files until their retention date isreached. Once their retention dates have passed, these files can be deleted or theretention date extended. Otherwise, no other operations are allowed on the files.

To use the data archive and retention feature:

■ You must purchase a FileStore license for the feature. The license is based onthe amount of disk space you plan to use for data archive and retention. Afteryou purchase a license, use the Storage> dar licenseset command to specifythe amount of disk space you are licensed to use.

■ Currently, DAR is optimized for Symantec Enterprise Vault environments.When you configure Enterprise Vault to work with FileStore make sure youconfigure Enterprise Vault to be the only "user" of the exported DAR-enabledshares.

■ You can use DAR in environments that do not include Symantec EnterpriseVault.See “Using DAR without Symantec Enterprise Vault” on page 134.

■ You must have an Network Time Protocol (NTP) server enabled and configured.See “About coordinating cluster nodes to work with NTP servers” on page 508.

■ When you use the CIFS> share add command to add a CIFS share for aDAR-enabled file system, make sure you include the no_full_acl exportoption. If you do not set this option, you cannot change a file to WORM throughCIFS.See “About the CIFS export options” on page 331.

You can use Report > audit commands to configure audit logs for DAR-enabledfile systems.

See “About audit logs” on page 434.

System and audit log entries for DAR-related operations can include (but are notlimited to) the following:

■ Attempts to modify the data (or metadata) of a WORM file

■ Attempts to increment (or decrement) the retention date

■ Attempts to delete a DAR-enabled file system

■ Attempts to modify the system clock

131Configuring storageAbout data archive and retention (DAR)

Table 4-11 DAR commands

DefinitionCommand

Sets the licensed disk space capacity for all DAR-enabled file systems.


dar licenseset

Shows the licensed disk space capacity for all DAR-enabled filesystems. This includes the amount of currently-used disk space andthe amount of available disk space.


dar show

Marks a file system as DAR-enabled and sets the minimum, maximum,and default retention times for files in the archive.


dar enable

Displays a list of DAR-enabled file systems, associated retention times,and retention options.


dar list

How DAR interacts with other FileStore applicationsThe FileStore data archive and retention feature is designed and optimized towork with Enterprise Vault. It supports the current version of Enterprise Vaultand is compatible with earlier versions of Enterprise Vault.

In general, other FileStore features and applications preserve both the WORMdata and metadata when accessing and performing operations on files in aDAR-enabled file system, but there are some exceptions. See Table 4-12 for details.

Note: For the latest information on how DAR interacts with other applications,see the Symantec FileStore Release Notes.

Table 4-12 Application support for data archive and retention

DescriptionFeature orApplication

AntiVirus can overwrite DAR protection. If a file is suspected to beinfected, AntiVirus can remove the file even if the file is markedWORM.

AntiVirus

Configuring storageHow DAR interacts with other FileStore applications

132

Table 4-12 Application support for data archive and retention (continued)


Data archive and retention works with the NDMP client andNetBackup.

■ The NDMP client preserves both the WORM data and metadatawhen accessing and performing backup operations on files in aDAR-enabled file system.

■ For the NetBackup client, use pathname/_vxfs_private_/fs_name (instead of/vx/fs_name) to restoreDAR-enabled files.

Backup

DAR-enabled file systems can be accessed over CIFS. However,DAR-enabled files systems cannot be used for CIFS home directories.

CIFS

Currently, commands and operations to create and manageDAR-enabled file systems are available in the FileStore CLI, but notin the FileStore Management Console.

CLI andManagementConsole

Any file system can be enabled for both DAR and deduplication, butyou have to enable DAR first, then deduplication. The reverse sequenceis not supported.

Deduplication

Transfer of files between the storage tiers works as expected(transparent to DAR). DST removal policies cannot remove WORMfiles.

DST

The FTP service cannot be used on DAR-enabled file systems.FTP

Currently, DAR-enabled files systems cannot be accessed over NFS.NFS

You must have a Network Time Protocol (NTP) server enabled andconfigured to use data archive and retention.

NTP

DAR-enabled file systems are supported as a replication source, butnot as a replication target. Data from a normal (not DAR-enabled)share cannot be promoted or migrated into an existing or newDAR-enabled share.

Replication

133Configuring storageHow DAR interacts with other FileStore applications

Table 4-12 Application support for data archive and retention (continued)


Snapshots can be mounted and promoted for DAR-enabled file systems:

■ A warning message appears when a snapshot of a DAR-enabledfile system is mounted.

■ You can restore a snapshot of a DAR-enabled file system, but youmay lose data stored after the snapshot was taken. A warningmessage appears before the restore occurs.

■ Snapshot-based backups that use the NetBackup client typeVxFS_Checkpoint do not work with DAR-enabled file systems.

Snapshot

Using DAR without Symantec Enterprise VaultThe FileStore DAR feature is optimized for use with Symantec Enterprise Vault,but you can use DAR to enable WORM capability in non-EV enviornments.

To enable WORM capability on a CIFS volume:

■ Use the Storage> dar enable command to enable DAR on a CIFS file system.


■ Use CIFS operations to perform the following:

■ Create a file.

■ Add data to the file.

■ As required for WORM compliance, set the file access time (atime) to somedate in the future.

■ Set the file permissions to read-only (RO).

The file will be WORM-compliant until the retention time expires.

Note:This procedure applies to CIFS volumes only. NFS volumes are not supportedat this time.

Configuring storageUsing DAR without Symantec Enterprise Vault

134

Configuring data archive and retentionTo license a DAR-enabled file system

◆ To set the licensed disk capacity for all DAR-enabled file systems, enter thefollowing:

Storage> dar licenseset disk_size

where disk_size is the amount of disk space you have licensed. Disk capacitycan be specified as T (terabyte), G (gigabytes), or M (megabytes).

For example:

Storage> dar licenseset 10G

To show the licensed disk capacity for a DAR-enabled file system

◆ To show the licensed disk capacity for all DAR-enabled file systems, enterthe following:

Storage> dar show

Licensed: 10G

Used: 5.1G

Available: 4.90G

Used%: 51%

To create a DAR-enabled file system

1 Use the Storage> fs create command to create an empty file system.

You can create a new file system and then enable it for data archive andretention.

For example:

Storage> fs create simple fs1 1G pool1

100% [#] Creating simple file system

2 Use the Storage> dar enable command to enable the file system for dataarchive and retention.

Storage> dar enable fs_name [def_retent] [min_retent]

[max_retent] [retent_opt]

Name of the file system you want to enable for data archive andretention. Once a file system is marked DAR-enabled, you cannot remove this setting.

fs_name

135Configuring storageConfiguring data archive and retention

Specifies the default data retention time (in days) for files in aDAR-enabled file system. Retention times are measured relativeto the time the value was set.

Valid values are:

■ number - the number of days

■ inf - infinite retention time

If you do not specify a default data retention time, the default is365 days (1 year).

def_retent

Specifies the minium data retention time for files in aDAR-enabled file system. Retention times are measured relativeto the time the value was set.

Valid values are:



If you do not specify a minimum data retention time, the defaultis 0 days.

min_retent

Specifies the maximum data retention time for files in aDAR-enabled file system. Retention times are measured relativeto the time the value was set.

Valid values are:



If you do not specify a maximum data retention time, the defaultis 10950 days (30 years).

max_retent

Specifies optional retention values.

Choices include:

■ incret | noincret

If the option is incret, you can increase (increment) dataretention times. If the option is noincret, you cannotincrease data retention times.

■ decret | nodecret

If the option is decret, you can decrease (decrement) dataretention times. If the option is nodecret, you cannotdecrease data retention times.

To enter more than one retention option, use a comma to separatethe values. For example, incret,decret.

By default, the options are incret,nodecret.

retent_opt

Configuring storageConfiguring data archive and retention

136

For example:

Storage> dar enable fs1 95 1 365 incret,decret

Note: An error message appears, if you try to use the Storage> dar enable

command on a file system in any of the following states: NFS shared, CIFSshared, FTP shared, or Non-empty.

Listing DAR-enabled file systems

◆ To list DAR-enabled files systems, enter the following:

Storage> dar listDAR Enabled FS STATUS DEF RETENTION MIN RETENTION MAX RETENTION RETENTION OPTIONS============== ====== ============= ============= ============= =================

fs1 Online 95 days 1 days 365 days INC_RETN,DEC_RETNfs3 Offline - - - -fs4 Online 365 days 0 days 10950 days INC_RETN

To delete a DAR-enabled file system

◆ To delete a DAR-enabled file system, enter the following:

Storage> fs destroy fs_name

where fs_name is the name of the file system you want to delete.

For example:

Storage> fs destroy fs1

SFS FS WARNING V-288-0 fs1 is DAR enabled

SFS FS WARNING V-288-0 Are you sure you want to destroy? (yes/no)

You must use theStorage> fs destroyCLI command to delete a DAR-enabledfile system. You cannot use the Destroy option on the File System page ofthe FileStore Management Console.

About data deduplicationData deduplication is the process by which redundant data is eliminated to improvestorage utilization. Using data deduplication, you can reduce the amount of storagerequired for storing user and application data. It is most effective in use-caseswhere many copies of very similar or even identical copies of data are stored. The

137Configuring storageAbout data deduplication

deduplication feature in FileStore provides storage optimization for primarystorage (storage of active data).

Each file in the configured file system is broken into user-configurable chunksfor evaluating duplicates. The smaller the chunk size, the higher the percentageof sharing due to better chances of matches.

Note:Deduplication with a small chunk size increases the deduplication time andload on the system.

Note: In order to use FileStore deduplication, the file system layout must be atthe current version.

See “Upgrading a file system to the current layout for running deduplication”on page 274.

FileStore deduplication is periodic, that is, as per the user-configured frequency,redundant data in the file system is detected and eliminated.

The following are potential use-cases for FileStore file system deduplication:

■ Microsoft Exchange mailboxes

■ DAR-enabled file systems integrated with Symantec Enterprise Vault

■ File systems hosting user home directories

■ Virtual Machine Disk Format (VMDK) or virtual image stores.

Table 4-13 shows an estimated file system data size that can be supported for aFileStore deduplicated file system.

Table 4-13 Relationship between physical and logical data on a file system fortwo billion unique fingerprints with various deduplication ratios

Effectivelogical filesystem datasize

Physical filesystem datasize

Uniquesignature perTB

Deduplicationratio

Fingerprint blocksize

32 TB16 TB128 M50%4K

65 TB23 TB90 M65%4K

200 TB40 TB51 M80%4K

64 TB32 TB64 M50%8K

132 TB46 TB45 M65%8K

Configuring storageAbout data deduplication

138

Table 4-13 Relationship between physical and logical data on a file system fortwo billion unique fingerprints with various deduplication ratios(continued)

Effectivelogical filesystem datasize

Physical filesystem datasize

Uniquesignature perTB

Deduplicationratio

Fingerprint blocksize

400 TB80 TB25 M80%8K

128 TB64 TB32 M50%16K

266 TB93 TB22 M65%16K

800 TB158 TB13 M80 %16K


Figure 4-1 Overview of the deduplication workflow

TheStorage> dedup commands perform administrative functions for the FileStorededuplication feature. The Storage> dedup commands allow you to enable,disable, start, stop, and remove deduplication on a file system. Using the Storage>dedup commands, you can reset several deduplication configuration parametersand display the current deduplication status for your file system.


140

Note: Some configuration parameters can be set as local (specific to a file system)and/or global (applicable to all deduplication-enabled file systems). Localparameters override the value of a global parameter.

Table 4-14 Deduplication commands

DefinitionCommand

Marks a file system as deduplication-enabled.


enable

Disables the deduplication schedule on a file system. Otherinformation, for example, configuration parameters, schedule, andthe deduplication database remain intact.


disable

Displays a list of the deduplication-enabled file systems, and thededuplication parameters of each file system.


list

Starts the manual deduplication process on a specified file system.


start

Stops the deduplication process running on a specified file system.


stop

Displays the current deduplication status.


status

Sets the CPU usage behavior. This parameter can be set as a globaland/or a local parameter.


set cpu

Sets the memory allocation limit in MB. This can be set only as a globalparameter.


set memory

Sets the priority for the deduplication-enabled file system(s). Thisparameter can be set as a global and/or a local parameter.


set priority

Sets the deduplication schedule for running the deduplication process.This can be set only as a local parameter.


schedule set


Table 4-14 Deduplication commands (continued)

DefinitionCommand

Modifies the deduplication schedule.


schedule modify

Deletes the deduplication schedule.


schedule delete

Allows the deduplication process to scan the entire file system andreport on potential space savings by identifying duplicate data.

A dry run can be converted to the actual deduplication if the dry runmeets the specified threshold value.


dryrun

Removes deduplication configuration-related information from thespecified file system.


remove

About best practices for using the FileStore deduplication featureThe following are best practices when using the FileStore deduplication feature:

■ Deduplication is most effective when the file system block size and thededuplication block size are the same for file systems with block sizes of 4Kand above. This also allows the deduplication process to estimate space savingsmore accurately.

■ The smaller the file system block size and the deduplication block size, thehigher is the time required for performing deduplication. Smaller block sizes,for example, 1K and 2K, increase the number of data fingerprints that thededuplication database has to store.Though the file system block size is data-dependent, the recommended blocksize for optimal deduplication is 4K for file systems less than 1TB. For filesystems 1TB and above, it is 8K.

■ For VMware NFS datastores that store Virtual Machine Disk Format (VMDK)images, a 4K block size is optimal.

■ Compressed media files for images, music, and video, like JPEG, mp3, .MOV,and databases do not deduplicate or compress effectively.

■ Home directory file systems are good candidates for deduplication.

■ Data archive and retention (DAR) file systems may be good candidates fordeduplication depending on the workload. Deduplication is more effective if


142

deduplication is turned off in Symantec Enterprise Vault (EV) prior to runningFileStore deduplication.

■ Deduplication is a CPU and I/O intensive process. It is a best practice toschedule deduplication when the load on your file systems is expected to below.

■ Evaluation of changes in the file system is done by the file system's File ChangeLog (FCL). Setting the frequency on a too infrequent basis may cause the FCLto rollover, thereby missing changes and deduplication opportunities to thefile system.

■ After enabling deduplication on file systems with existing data, the firstdeduplication run does a full deduplication. This can be time-consuming, andmay take 12 to 15 hours per TB, so plan accordingly.

■ The deduplication database takes up 1% to 7% of logical file system data. Inaddition, during deduplication processing, an additional but temporary storagespace is required. Though 15% free space is enforced, it is recommended tohave 30% free space when the deduplication block size is less than 4096 (4K)bytes.

■ Any file system can be enabled for both DAR and deduplication, but you haveto enable DAR first, then deduplication. The reverse sequence is not supported.

■ If you plan to use the deduplication scheduler, you must have a Network TimeProtocol (NTP) server enabled and configured.See “About coordinating cluster nodes to work with NTP servers” on page 508.

Configuring file system deduplicationTo enable deduplication on a file system

◆ To enable deduplication on a file system, enter the following:

Storage> dedup enable fs_name blksize

Note: Deduplication must be enabled for a file system before setting filesystem configuration parameters and schedules.

This command also re-enables a deduplication schedule for a file system.

Enabling deduplication does not automatically deduplicate a file system.Deduplication has to be manually started by using the Storage> dedup start

command or by setting up a schedule by using the Storage> dedup set

schedule command. The first deduplication of a file system is always a fulldeduplication of the entire file system. This is an end-to-end deduplication


process that identifies and eliminates duplicate data. Any subsequent attemptto run deduplication on that file system results in incremental deduplication.

Specify the file system name for which you want to enable deduplication.fs_name

Specify the deduplication block size of the file system in bytes, where possible values of bytesare the following:

■ blksize=0 (Default)

■ blksize=1024

■ blksize=2048

■ blksize=4096

■ blksize=8192

■ blksize=16384

■ blksize=32768

■ blksize=65536

■ blksize=131072

Specify the deduplication block size in bytes, for example, 4096. The deduplication block sizeshould be a power of 2. For example, 3K, is not a valid deduplication block size. The deduplicationblock size is a multiple of the file system's block size, and should be equal to or less than 128K.

0 is the default configuration for the deduplication block size.

If blksize=0 is specified while enabling deduplication, then if the file system block size is <4096, then the deduplication block size is set to 4096. Otherwise, the deduplication block sizeis set to the same as the file system block size.

Note: Once the deduplication block size is set when enabling file system deduplication, thededuplication block size cannot be changed. The only way to change the deduplication blocksize is to remove deduplication on the file system and then re-enable deduplication on the filesystem.

blksize

For example, to enable deduplication on the file system fs1, enter:

Storage> dedup enable fs1 blksize=4096

SFS dedup SUCCESS V-288-0 Enabled dedup on file system fs1.

Set memory, cpu, priority as required.

Note: For deduplication-enabled file systems, you are prompted duringStorage> fs offline and Storage> fs destroy operations.

For example:

Storage> dedup list

Default Priority CPU Memory


144

--------------------------------

NORMAL IDLE 2048M

Filesystem Priority CPU Granularity Enabled Schedule NodeList

--------------------------------------------------------------------

/vx/fs1 HIGH YIELD 8192B YES SET node_01,node_02

/vx/fs2 LOW IDLE 1024B YES NONE node_01,node_02


SFS fs WARNING V-288-0 fs1 is deduplication configured.

Are you sure to destroy ? (yes/no) no

SFS fs ERROR V-288-0 Aborting fs destroy command

To start the deduplication process

◆ To manually start the deduplication process, enter the following:

Storage> dedup start fs_name [nodename]

where fs_name is the name of the file system where you want to start thededuplication process and nodename is the node in the cluster where youwant to start deduplication. You can run deduplication on any node in thecluster.

Note: A file system must be deduplication-enabled before being able to startthe deduplication process.

When the deduplication process is started for the first time, a full scan of thefile system is performed. Any subsequent attempt to run deduplicationrequires an incremental scan only.

For example:

Storage> dedup start fs1 node_01

Note: When deduplication is running on a file system, you are promptedduring Storage> fs offline and Storage> fs destroy operations, andthese operations can proceed only after deduplication is stopped by usingthe Storage> dedup stop command.


To stop the deduplication process

◆ To stop the deduplication process running on a file system, enter the followingcommand:

Storage> dedup stop fs_name

where fs_name is the name of the file system where you want to stop thededuplication process.

Note: The deduplication process may not stop immediately as a consistentstate is ensured while stopping. Use the Storage> dedup status commandto verify if the deduplication process has stopped.

To disable deduplication on a file system

◆ To disable deduplication on a file system, enter the following:

Storage> dedup disable fs_name

where fs_name is the name of the deduplication-enabled file system that youwant to disable.

Only the deduplication schedule is suspended for a deduplication-disabledfile system. All other configuration parameters, for example, file systemconfiguration, schedule, and the deduplication database remain intact.

Note:Keeping a file system deduplication-disabled for a significant period oftime may reduce the effectiveness of deduplication when it is re-enabled.


146

To create a deduplication dryrun

◆ To create a deduplication dryrun, enter the following command:

Storage> dedup dryrun fs_name [threshold]

The Storage> dedup dryrun command is useful for determining thestatistics/potential savings on the file system data if actual deduplication isperformed. Most accurate statistics are obtained when the file system blocksize and the deduplication block size are the same.

Specify the file system name for which you want to create adryrun.

fs_name

Specify the threshold percentage in the range of [0-100].

A dryrun is automatically converted to the actual deduplicationif the dryrun meets the threshold value. For example, if youspecified a threshold value of 40%, and if deduplication resultsin a space savings of >=40%, then the dryrun is automaticallyconverted to the actual deduplication.

threshold

To check whether the deduplication dryrun reaches to a threshold value of60%, enter the following:

Storage> dedup dryrun fs1 60

To set the deduplication schedule

◆ To set the deduplication schedule, enter the following:

Storage> dedup schedule set fs_name hours day [freq]

The Storage> dedup schedule set command can only be set as a localparameter.

Two categories of schedules are allowed: run periodicity and type periodicity.The granularity of the schedule is limited to the time of day and the day ofthe month.

Specify the file system where you want to set the deduplicationschedule.

fs_name


Specify the hours value for setting the duplication schedule.

There are three types of values for the hours field:

■ * - indicates every hour.

■ */N - indicates every Nth hour, where N is in the range [1-12].

■ You can also specify 5 comma-separated hours in the rangeof [0-23].

For example:

Storage> dedup schedule modify fs1 0,6,12,18,23 2 3SFS dedup SUCCESS V-288-0 Schedule modify onfile system fs1.

hours

Specify the interval in days for setting the deduplication schedule.

There are three types of values for the day field:

■ * - indicates every day.

■ */N - indicates every Nth day, where N is in the range of [1-15].

■ Any number in the range of [1-7] where:

■ 1 - Sunday

■ 2 - Monday

■ 3 - Tuesday

■ 4 - Wednesday

■ 5 - Thursday

■ 6 - Friday

■ 7 - Saturday

Note: The deduplication scheduler will only pick up the scheduleif the schedule is enabled for deduplication.

day

Specify the frequency to run the deduplication schedule in therange of [1-5]. The default frequency is [1].

This value controls deduplication load on the file system bydistributing phases of deduplication across various runs, andpotentially across systems in the cluster. A value of 4 means,every 4th run deduplicates the file system, whereas the otherruns consolidate the changes.

freq

To modify the deduplication schedule

◆ To modify the deduplication schedule, enter the following:

Storage> dedup schedule modify fs_name hours day freq


148

Specify the file system where you want to modify thededuplication schedule.

fs_name

Specify the hours value for modifying the deduplicationschedule.

There are three types of values for the hours field:

■ * - indicates every hour.


■ You can also specify 5 comma-separated hours in the rangeof [0-23].

For example:

Storage> dedup schedule modify fs1 0,6,12,18,23 2 3SFS dedup SUCCESS V-288-0 Schedule modify onfile system fs1.

hours

Specify the interval in days for modifying the deduplicationschedule.

There are three types of values for the day field:

■ * - indicates every day.


■ Any number in the range of [1-7] where:

■ 1 - Sunday

■ 2 - Monday

■ 3 - Tuesday

■ 4 - Wednesday

■ 5 - Thursday

■ 6 - Friday

■ 7 - Saturday

Note: The deduplication scheduler will only pick up the scheduleif the schedule is enabled for deduplication.

day

Specify the frequency to run the deduplication schedule in therange of [1-5].

freq

To delete the deduplication schedule

◆ To delete the deduplication schedule, enter the following:

Storage> dedup schedule delete fs_name

where fs_name is the name of the file system that you want to delete.


To list the deduplication-enabled file system or file systems

◆ To list the deduplication-enabled file system or file systems, enter thefollowing:

Storage> dedup list fs_name

where fs_name is the name of the deduplication-enabled file system that youwant to list.

For example, to list the deduplication-enabled file systems, fs1, and then fs2,enter:

Storage> dedup list fs1

Priority NORMAL

CPU IDLE

Memory 2048M

Granularity 1024B

Enabled YES

Schedule hours Every hour

Schedule day interval Every day

Schedule frequency 1

NodeList node_01,node_02

Storage> dedup list fs2

Priority NORMAL

CPU IDLE

Memory 2048M

Granularity 1024B

Enabled YES

Schedule hours 00:00, 06:00, 12:00, 18:00, 23:00

Schedule day interval Every Monday

Schedule frequency 3

NodeList node_01,node_02

Schedule hours are displayed as:

■ * - is displayed as "Every hour"

■ */N - is displayed as "Every N hours"

■ 0,6,12,18,23 are shown as "00:00, 06:00, 12:00, 18:00, 23:00"

Note: 0 is replaced by 00:00, 1 is replaced by 01:00, 23 is replaced by 23:00

Schedule day interval is displayed as:


150

■ * - is displayed as "Every day"

■ */N - is displayed as "Every N days"

■ 1 - is displayed as "Every Sunday"

■ 2 - is displayed as "Every Monday"

■ 3 - is displayed as "Every Tuesday"

■ 4 - is displayed as "Every Wednesday"

■ 5- is displayed as "Every Thursday"

■ 6 - is displayed as "Every Friday"

■ 7 - is displayed as "Every Saturday"

If you issue the command without fs_name, you get a list of all thededuplication-enabled file systems.

Storage> dedup list

Default Priority CPU Memory

--------------------------------

NORMAL IDLE 2048M

Filesystem Priority CPU Granularity Enabled Schedule NodeList

--------------------------------------------------------------------

/vx/fs1 HIGH YIELD 8192B YES SET node_01,node_02

/vx/fs2 LOW IDLE 1024B YES NONE node_01,node_02

The Default column header indicates the global value (applicable to alldeduplication-enabled file systems). For example, if you have not set Priority,CPU, and Memory for file system fs1, the deduplication process uses theglobal value. FileStore deduplication uses the default values for global settingsoptions. Local parameters override the value of global parameters.

To obtain status information for a specified deduplicated-enabled file system orall deduplicated-enabled file systems

◆ To obtain status information for deduplicated-enabled file systems, enter thefollowing:

Storage> dedup status [fs_name]

where fs_name is the specified deduplicated-enabled file system for whichyou want to obtain current status information.

If you issue the command without fs_name, you get status information forall deduplicated-enabled file systems. For example:


Storage> dedup statusFilesystem Saving Status Node Type Details---------------------------------------------------------------------------------------/vx/fs1 00% COMPLETED node_01 MANUAL 2011/05/17 16:57:16 End full scan with error/vx/fs2 00% COMPLETED node_01 MANUAL 2011/05/17 16:57:32 End detecting duplicates

and filesystem changes 0

If you issue the command with fs_name, you get the detailed statusinformation for the specified file system, along with any error messages orwarnings.

Storage> dedup status fs2Filesystem Saving Status Node Type Details-------------------------------------------------------------------------------/vx/fs2 00% COMPLETED node_01 MANUAL 2011/05/17 16:57:32 End detecting

duplicates and filesystem changes 02011/05/17 16:57:17 DEDUP_INFO UsingFP block size = 4096 Mode = 0

The following describes the output from the Storage> dedup status

command:

Displays the directory where the file system is mounted.Filesystem

Displays the savings as a percentage. The value can meandifferent things during the course of deduplication.

When the deduplication is in a COMPLETED state, or when thededuplication process is computing the expected deduplication,the value in this column shows the actual sharing in the filesystem. However, when the expected deduplication calculationis complete, this column value shows the expected deduplication.The expected deduplication calculation is based on user dataonly; therefore, at the end of deduplication, the saving percentagemay vary from the expected deduplication percentage. This isbecause the actual file system deduplication percentage not onlytakes into consideration the user data, but also file system anddeduplication metadata. This difference may be pronounced ifthe user data is very small. For a failed deduplication, the valueis undefined.

Savings


152

Displays one of the following status values:

■ RUNNING

■ COMPLETED

■ STOPPED

■ FAILED

■ NONE - indicates that deduplication has not been previouslyrun on this file system.

Status

Indicates the node name where the deduplication job is eitherrunning or has completed for a file system.

Node

The following are the types of deduplication jobs:

■ MANUAL - the deduplication job is started by using eitherthe Storage> dedup start command or the Storage>dedup dryrun command.

■ SCHEDULED - the deduplication job is started by thededuplication scheduler.

Type

Displays the status of the file system deduplication activity.

The deduplication process writes its status in the status log. Therelevant status log is displayed in this column. For a long-runningdeduplication process, the status log may also show the actualfile system sharing as a progress indicator. This actual file systemsharing percentage along with the expected saving percentagein the Saving column gives a good estimate of the progress.When displaying deduplication status for a specific file system,any errors, or warnings for the deduplication run are also shown.The Details column gives a detailed idea of what to look for incase of any issues.

Details

To set the CPU usage for the deduplication-enabled file system

◆ To set the CPU usage for the file system, enter the following:

Storage> dedup set cpu cpuvalue fs_name


Specify the CPU usage behavior for the deduplication-enabledfile system.

Available values are the following:

■ IDLE (default) - indicates that the deduplication processconsumes as much CPU processing as is available. Forexample, if the CPUs are IDLE, then the deduplication processtakes all of the idle CPUs, and performs the deduplication jobfaster. CPU usage may reach 100% on each available CPU.

■ YIELD - indicates that the deduplication process yields theCPU periodically; that is, even if the CPUs are not busy, thededuplication process relinquishes the CPU. More time maybe taken for the same job in some scenarios. However, theyield value ensures that the deduplication process does nothang onto the CPU, or cause CPU usage spikes.

cpuvalue

Specify the deduplication-enabled file system for which you wantto set the CPU usage.

Note: If a file system name is specified, the Storage> dedup

set cpu command sets the CPU value for that file system.Otherwise, the CPU value is applicable to all file systems, whichhave not overridden the CPU value.

fs_name

To set the deduplicationmemory allocation limit for the deduplication-enabled filesystem

◆ To set the deduplication memory limit in MB for the deduplication-enabledfile system, enter the following:

Storage> dedup set memory memvalue

where memvalue is the memory value in MB, for example, 1024.

The memvalue controls the maximum memory per deduplication process.

Note: Care must be taken to increase memvalue if large file systems arepresent. Otherwise, deduplication efficiency may be affected. Since this is alimit value, only the required memory is consumed for smaller file systemdeduplication jobs. Note that scheduled deduplication jobs start deduplicationbased on the available memory; therefore, if available RAM in the systemfalls below the configured memory allocation limit for deduplication, thededuplication scheduler on that system will postpone the scheduleddeduplication. At this point, other systems with available memory will startdeduplication. If the job remains postponed for 1 hour, the job will beabandoned.


154

To set the deduplication priority for the deduplication-enabled file system

◆ To set the deduplication priority (importance) for the deduplication-enabledfile system, enter the following:

Storage> dedup set priority priorityvalue [fs_name]

Specify the importance of deduplication for the file system. Thesetting of this parameter is local (specific to a file system). Thepriorityvalue parameter is used by the deduplication schedulerto evaluate if starting deduplication at the scheduled time isappropriate or not based on the state of the file system at thattime.

priorityvalue is also a load-balancing mechanism whereby aless-loaded system in the cluster may pick up a scheduleddeduplication job.

Available values are the following:

■ LOW (default) - indicates that if the system has sustained CPUusage of 50% or more in the last one hour, the file systemsmarked as LOW have their deduplication schedules skippedwith a message in the syslog.

■ NORMAL - indicates that if the system has sustained CPUusage of 80% or more in the last one hour, the file systemsmarked as NORMAL have their deduplication schedulesskipped with a message in the syslog.

■ HIGH - indicates that starting deduplication is a must for thisfile system, and without evaluating any system state,deduplication is started at the scheduled time.

priorityvalue

Specify the file system where you want to set the deduplicationpriority.

fs_name


To remove deduplication configuration-related information from the specified filesystem

◆ To remove deduplication configuration-related information from the specifiedfile system, enter the following:

Storage> dedup remove fs_name

where fs_name is the name of the file system for which you want to removededuplication.

This command removes all configurations and the deduplication databasefor the specified file system.

Note:This operation cannot be undone, and re-running deduplication on yourfile system may take a significant amount of time.

If you run the Storage> dedup remove command on an incorrect file system,you can stop the deduplication process, and then rerun the Storage> dedup

remove command on the correct file system.

For example:

Storage> dedup remove fs1


156

Configuring SymantecFileStore network settings


■ About network mode commands

■ Displaying the network configuration and statistics

■ About bonding Ethernet interfaces

■ Bonding Ethernet interfaces

■ About DNS

■ Configuring DNS settings

■ About IP commands

■ About configuring IP addresses

■ Configuring IP addresses

■ About configuring Ethernet interfaces

■ Displaying current Ethernet interfaces and states

■ Configuring Ethernet interfaces

■ About configuring routing tables

■ Configuring routing tables

■ About LDAP

■ Before configuring LDAP settings

5Chapter

■ About configuring LDAP server settings

■ Configuring LDAP server settings

■ About administering FileStore cluster's LDAP client

■ Administering the FileStore cluster's LDAP client

■ About NIS

■ Configuring the NIS-related commands

■ About NSS

■ Configuring NSS lookup order

■ About VLAN interfaces

■ Configuring VLAN interfaces

About network mode commandsFileStore network-mode commands let you specify and check the status of networkparameters for the FileStore cluster.

Note:Before you use FileStore network mode commands, you must have a generalunderstanding of IP addresses and networking. If you are not familiar with theterms or output, contact your Network Administrator for help.

As shown in Table 5-1, network node commands are organized into functionalgroups or submodes.

To access the commands, log into your administrative console (master,system-admin, or storage-admin) and enter Network> mode.


Table 5-1 Network submodes

FunctionNetworksubmode

Creates a logical association between two or more Ethernet interfaces.

See “About bonding Ethernet interfaces” on page 160.

Bond

Identifies the DNS parameters that the FileStore cluster can use.

See “About DNS” on page 163.

DNS

Configuring Symantec FileStore network settingsAbout network mode commands

158

Table 5-1 Network submodes (continued)

FunctionNetworksubmode

Manages the FileStore cluster IP addresses.

See “About IP commands” on page 167.

IP

Identifies the LDAP parameters that the FileStore cluster can use.

See “About LDAP” on page 181.

LDAP

Identifies the NIS parameters that the FileStore cluster can use.

See “About NIS” on page 190.

NIS

Provides a single configuration location to identify the services (suchas NIS or LDAP) for network information such as hosts, groups, orpasswords.

See “About NSS” on page 193.

NSS

Views, adds, or deletes VLAN interfaces.

See “About VLAN interfaces” on page 195.

VLAN

Displaying the network configuration and statisticsYou can use the Network> show command to display the current clusterconfiguration and related statistics of the cluster network configuration.

159Configuring Symantec FileStore network settingsDisplaying the network configuration and statistics

To display the network configuration and statistics

◆ To display the cluster's network configuration and statistics, enter thefollowing:

Network> show

Interface Statistics

--------------------

sfs_01

-------------

Interfaces MTU Metric RX-OK RX-DROP RX-ERR RX-FRAME

lo 16436 1 13766 0 0 0

priveth0 1500 1 452390 0 0 0

priveth1 1500 1 325940 0 0 0

pubeth0 1500 1 25806318 0 0 0

pubeth1 1500 1 25755262 0 0 0

TX-OK TX-DROP TX-ERR TX-CAR Flag

13766 0 0 0 LRU

953273 0 0 0 BMR

506641 0 0 0 BMRU

152817 0 0 0 BMRU

673 0 0 0 BMRU

Routing Table

-------------

sfs_01

-------------

Destination Gateway Genmask Flags MSS Window irtt Iface

172.27.75.0 0.0.0.0 255.255.255.0 U 0 0 0 priveth0

10.182.96.0 0.0.0.0 255.255.240.0 U 0 0 0 pubeth0

10.182.96.0 0.0.0.0 255.255.240.0 U 0 0 0 pubeth1

127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo

0.0.0.0 10.182.96.1 0.0.0.0 UG 0 0 0 pubeth0

See “Configuring routing tables” on page 178.

About bonding Ethernet interfacesBond commands associate each set of two or more Ethernet interfaces with oneIP address. This association improves network performance on each FileStorecluster node by increasing the potential bandwidth available on an IP addressbeyond the limits of a single Ethernet interface and by providing redundancy forhigher availability.

Configuring Symantec FileStore network settingsAbout bonding Ethernet interfaces

160

For example, you can bond two 1-Gigabit Ethernet interfaces together to getthroughput greater then 1 GB; actual speed is dependent on your hardwareconfiguration and bonding policies. Moreover, if one of the interfaces fails,communication continues using the single Ethernet interface.

Bond commands let you create, remove, and display a cluster's bonds. When youcreate or delete a bond, it affects the corresponding Ethernet interfaces on theFileStore cluster nodes.

You can only bond public Ethernet interfaces.

Note:When you create or remove a bond, SSH connections with Ethernet interfacesinvolved in that bond may be dropped. When the operation is complete, you mustrestore the SSH connections.

Table 5-2 Bond commands

DefinitionCommand

Displays a bond and its type used to distribute traffic among thebonded interfaces.

See “Bonding Ethernet interfaces” on page 161.

show

Creates a bond between sets of two or more named Ethernet interfaceson all FileStore cluster nodes.


create

Removes a bond between two or more named Ethernet interfaces onall FileStore cluster nodes.


remove

Bonding Ethernet interfacesThe Network> bond create and Network> bond remove operations involvebringing down the interface first and then bringing them back up. This may causethe SSH connections hosted over those interfaces to terminate. Use the physicalconsole of the client rather than SSH when performing Network> bond create

and Network> bond remove operations.

161Configuring Symantec FileStore network settingsBonding Ethernet interfaces

To display a bond

◆ To display a bond and the algorithm used to distribute traffic among thebonded interfaces, enter the following:

Network> bond show

In this example, DEVICES refers to Ethernet interfaces.

Network> bond show

BONDNAME MODE DEVICES

-------- ---- -------

bond0 active-backup pubeth1 pubeth2

To create a bond

◆ To create a bond between sets of two or more Ethernet interfaces on allFileStore cluster nodes, enter the following:

Network> bond create interfacelist mode

Specifies a comma-separated list of public Ethernet interfacesto bond.

interfacelist

Specifies how the bonded Ethernet interfaces divide the traffic.mode

For example:

Network> bond create pubeth1,pubeth2 broadcast

100% [#] Bonding interfaces. Please wait...

bond created, the bond name is: bond0

You can specify a mode either as a number or a character string, as follows:

This mode provides fault tolerance and load balancing. Ittransmits packets in order from the first available slavethrough the last.

balance-rr0

Only one slave in the bond is active. If the active slave fails,a different slave becomes active. To avoid confusing theswitch, the bond's MAC address is externally visible on onlyone port (network adapter).

active-backup1

Transmits based on the selected transmit hash policy.

The default policy is a simple.

This mode provides load balancing and fault tolerance.

balance-xor2

Configuring Symantec FileStore network settingsBonding Ethernet interfaces

162

Transmits everything on all slave interfaces and providesfault tolerance.

broadcast3

Creates aggregation groups with the same speed and duplexsettings. It uses all slaves in the active aggregator based onthe 802.3ad specification.

802.3ad4

Provides channel bonding that does not require specialswitch support. The outgoing traffic is distributed accordingto the current load (computed relative to the speed) on eachslave. The current slave receives incoming traffic. If thereceiving slave fails, another slave takes over its MACaddress.

balance-tlb5

Includes balance-tlb plus Receive Load Balancing (RLB) forIPV4 traffic. This mode does not require any special switchsupport. ARP negotiation load balances the receive.

balance-alb6

To remove a bond

◆ To remove a bond from all of the nodes in a cluster, enter the following:

Network> bond remove bondname

where bondname is the name of the bond configuration.

For example:

Network> bond remove bond0

100% [#] Removing Bond bond0. Please wait...

bond removed : bond0

About DNSThe Domain Name System (DNS) service resolves names to IP addresses.

The DNS commands let you view or change a FileStore cluster's DNS settings.You can configure a FileStore cluster's DNS lookup service to use up to three DNSservers. You must enable the FileStore cluster's DNS name service before youspecify the DNS servers to use for lookups.

163Configuring Symantec FileStore network settingsAbout DNS

Table 5-3 DNS commands

DefinitionCommand

Displays the current settings of the FileStore cluster's DNS lookupservice.

See “Configuring DNS settings” on page 165.

dns show

Enables FileStore to perform DNS lookups.

When DNS is enabled, the FileStore cluster's DNS service uses thedata center's DNS server(s) to determine the IP addresses of networkentities such as SNMP, NTP, LDAP, and NIS servers with which thecluster must communicate.


dns enable

Disables DNS lookups.


dns disable

Specifies the IP addresses of DNS name servers to be used by theFileStore DNS lookup service. The order of the IP addresses is theorder in which the name servers are to be used.

Enter the IP addresses of the name servers. The order of the IPaddresses is the order in which the name servers are to be used.


dns setnameservers

Removes the IP addresses of DNS name servers from the cluster's DNSlookup service database.


dns clearnameservers

Enter the domain name that the FileStore cluster will be in. For therequired information, contact your Network Administrator.

This command clears any previously set domain name.

Before you use this procedure, you must enable the DNS server.


dns setdomainname

Removes the DNS domain name.


dns cleardomainname

Configuring Symantec FileStore network settingsAbout DNS

164

Configuring DNS settingsTo display DNS settings

◆ To display DNS settings, enter the following:

Network> dns show

DNS Status : Disabled

nameserver : 172.16.113.118

domain : symantec.com

To enable DNS settings

◆ To enable DNS settings to allow FileStore hosts to do lookups and verify theresults, enter the following commands:

Network> dns enable

Network>

Network> dns show

DNS Status : Enabled

domain : cluster1.com

nameserver : 10.216.50.132

To disable DNS settings

◆ To disable DNS settings, enter the following:

Network> dns disable

Network>

Network> dns show

DNS Status : Disabled

Old Settings

------------

domain : cluster1.com

nameserver : 10.216.50.132

165Configuring Symantec FileStore network settingsConfiguring DNS settings

To specify IP addresses of DNS name servers

◆ To specify the IP addresses of DNS name servers to be used by the FileStoreDNS service and verify the results, enter the following commands:

Network> dns set nameservers nameserver1 [nameserver2] [nameserver3]

For example:

Network> dns set nameservers 10.216.50.199 10.216.50.200

Network>

Network> dns show


nameserver : 10.216.50.199

nameserver : 10.216.50.200

To remove name servers list used by DNS

◆ To remove the name servers list used by DNS and verify the results, enterthe following commands:

Network> dns clear nameservers

Network>

Network> dns show


To set the domain name for the DNS server

◆ To set the domain name for the DNS server, enter the following:

Network> dns set domainname domainname

where domainname is the domain name for the DNS server.

For example:

Network> dns set domainname example.com

Network>

Network> dns show


domain : example.com

nameserver : 10.216.50.132

Configuring Symantec FileStore network settingsConfiguring DNS settings

166

To remove domain name used by DNS

◆ To remove the domain name used by DNS, enter the following:

Network> dns clear domainname

Network>

Network> dsn show


nameserver : 10.216.50.132

About IP commandsInternet Protocol (IP) commands configure your routing tables, Ethernet interfaces,and IP addresses, and display the settings.

The following sections describe how to configure the IP commands:

■ See “About configuring IP addresses” on page 167.

■ See “About configuring Ethernet interfaces” on page 173.

■ See “About configuring routing tables” on page 176.

About configuring IP addressesEach Ethernet interface must have a physical IP address associated with it. Theseare usually supplied when the FileStore software is installed.

Each Ethernet interface can be configured with a virtual IP address for clusteringpurposes in FileStore. This restriction does not imply that each interface musthave a virtual IP to communicate with the network.

Table 5-4 lists the commands you can use to configure your IP addresses.

Table 5-4 IP commands

DefinitionCommand

Displays the IP addresses, the devices (Ethernet interfaces) they areassigned to, and their attributes.

Note: Any Ethernet interfaces excluded during the initial FileStoreinstallation will not be displayed.

See “Configuring IP addresses” on page 169.

ip addr show

167Configuring Symantec FileStore network settingsAbout IP commands

Table 5-4 IP commands (continued)

DefinitionCommand

Adds a virtual or physical IP address to the FileStore cluster.

FileStore assigns the newly added IP address to an Ethernet interfaceor one of its nodes. Virtual IP addresses are used for communicationamong cluster nodes and with clients on the enterprise network.

By default, this command does not use VLAN Ethernet interfacesunless they are specified in the device option.

FileStore determines the node to which the IP address will be assigned.

After you add a virtual IP address, it takes a few seconds for it to comeonline. If you enter an IP address that is already used in the cluster,an error message is displayed. You cannot enter an invalid IP address(one that is not four bytes or has a byte value greater than 255).

Note: An IP address that does not go online may indicate a problemwith the FileStore cluster. For help, use the Support> services

command, or contact Symantec Technical Support. For moreinformation, see the Symantec FileStore Troubleshooting Guide.


ip addr add

Brings an IP address online on any running node in the cluster. TheIP address does not need to be in the offline mode for this commandto work. You can use this command to switch the IP address from anonline node to another specified node. You can change an IP addressto the online mode if it is in the OFFLINE/FAULTED state. Thiscommand also displays any faults for the IP address on the specifiednode.

Note: An IP address that does not go online may indicate a problemwith the FileStore cluster. For help, use the Support> services

command, or contact Symantec Technical Support. For moreinformation, see the Symantec FileStore Troubleshooting Guide.


ip addr online

Modifies an IP protocol address used by the cluster. You can changeboth the physical IP addresses and virtual IP addresses. If you changethe virtual IP address it terminates the NFS connection on oldipaddr.


ip addr modify

Configuring Symantec FileStore network settingsAbout configuring IP addresses

168

Table 5-4 IP commands (continued)

DefinitionCommand

Deletes an IP protocol address from the cluster. You can delete physicalIP addresses only if they are not being used by any interface of thecluster. You can also delete virtual IP addresses, except for the consoleIP address. When you add or delete an IP address from the cluster,the cluster automatically evens out the number of virtual IP addresseson each node.


ip addr del

Configuring IP addressesTo configure your IP addresses, perform the following commands.

To display all the IP addresses for the cluster

◆ To display all of a cluster's IP addresses, enter the following:

Network> ip addr show

IP Netmask Device Node Type Status

-- ------- ------ ---- ---- ------

10.182.107.53 255.255.240.0 pubeth0 sfs_1 Physical




10.182.107.65 255.255.240.0 pubeth0 sfs_1 Virtual ONLINE (Con IP)

10.182.107.201 255.255.240.0 pubeth0 sfs_2 Virtual ONLINE




The output headings are:

Displays the IP addresses for the cluster.IP

Displays the netmask for the IP address.Netmask

Displays the name of the Ethernet interface for the IP address.Device

Displays the node name associated with the interface.Node

Displays the type of the IP address: physical or virtual.Type

169Configuring Symantec FileStore network settingsConfiguring IP addresses

Displays the status of the IP addresses:

■ ONLINE

■ ONLINE (console IP)

■ OFFLINE

■ FAULTED

A virtual IP can be in the FAULTED state if it is already beingused. It can also be in the FAULTED state if the correspondingdevice is not working on all nodes in the cluster (for example, adisconnected cable).

Status

Configuring Symantec FileStore network settingsConfiguring IP addresses

170

To add an IP address to a cluster

◆ To add an IP address to a cluster, enter the following:

Network> ip addr add ipaddr netmask type [device]

Specifies the IP address to add to the cluster.

Do not use physical IP addresses to access the FileStore cluster.In case of failure, the IP addresses cannot move between nodes.A failure could be either a node failure, an Ethernet interfacefailure, or storage failure.

ipaddr

Specifies the netmask for the IP address.netmask

Specifies the IP type, either virtual or physical.type

Only use this option if you entered virtual for the type.device

For example, to add a virtual IP address on a normal device, enter thefollowing:

Network> ip addr add 10.10.10.10 255.255.255.0 virtual pubeth0

SFS ip addr Success V-288-0 ip addr add successful.

For example, to add a virtual IP address on a bond device, enter the following:

Network> ip addr add 10.10.10.10 255.255.255.0 virtual bond0


For example, to add a virtual IP address on a VLAN device created over anormal device with VLAN ID 3, enter the following:

Network> ip addr add 10.10.10.10 255.255.255.0 virtual pubeth0.3


For example, to add a virtual IP address on a VLAN device created over a bonddevice with VLAN ID 3, enter the following:

Network> ip addr add 10.10.10.10 255.255.255.0 virtual bond0.3


171Configuring Symantec FileStore network settingsConfiguring IP addresses

To change an IP address to the online mode on a specified node

◆ To change an IP address to the online mode on a specified node, enter thefollowing:

Network> ip addr online ipaddr nodename

Specifies the IP address that needs to be brought online.ipaddr

Specifies the nodename on which the IP address needs to bebrought online. If you do not want to enter a specific nodename,enter any with the IP address.

nodename

For example:

Network> ip addr online 10.10.10.15 node5_2

Network> ip addr show

IP Netmask Device Node Type Status

-- ------- ------ ---- ---- ------

10.216.114.212 255.255.248.0 pubeth0 node5_1 Physical




10.216.114.217 255.255.248.0 pubeth0 node5_1 Virtual ONLINE (Con IP)

10.10.10.10 255.255.248.0 pubeth0 node5_1 Virtual ONLINE





Configuring Symantec FileStore network settingsConfiguring IP addresses

172

To modify an IP address

◆ To modify an IP address, enter the following:

Network> ip addr modify oldipaddr newipaddr netmask

Specifies the old IP address to be modified.oldipaddr

Specifies what the new IP address will be.newipaddr

Specifies the netmask for the new IP address.netmask

If the specified oldipaddr is not assigned to the cluster, an error message isdisplayed.

If you enter an invalid IP address (one that is not four bytes or has a bytevalue greater than 255), an error message is displayed.

If the new IP address is already being used, an error message is displayed.

For example:

Network> ip addr modify 10.10.10.15 10.10.10.16 255.255.240.0

SFS ip addr Success V-288-0 ip addr modify successful.

To remove an IP address from the cluster

◆ To remove an IP address from the cluster, enter the following:

Network> ip addr del ipaddr

where ipaddr is the IP address to remove from the cluster.

For example:

Network> ip addr del 10.10.10.15

SFS ip addr Success V-288-0 ip addr del successful.

About configuring Ethernet interfacesYou can display and change the public Ethernet interfaces (for example, pubeth0and pubeth1) whether a link is up or down, and the Ethernet interface's MaximumTransmission Unit (MTU) value.

173Configuring Symantec FileStore network settingsAbout configuring Ethernet interfaces

Table 5-5 Ethernet interface commands

DefinitionCommand

Displays each Ethernet interface's (device) status, if it connected toeach node in the cluster, the speed, MTU, and MAC address.

Note: Any Ethernet interfaces excluded during the initial FileStoreinstallation are not displayed.

See “Displaying current Ethernet interfaces and states” on page 174.

ip link show

Changes the network Ethernet interface's attributes or states.

See “Configuring Ethernet interfaces” on page 175.

ip link set

Displaying current Ethernet interfaces and statesTo display current Ethernet interfaces and states

◆ To display current configurations, enter the following:

Network> ip link show [nodename] [device]

Specifies which node of the cluster to display the attributes.

Enter all to display all IP links.

nodename

Specifies which Ethernet interface on the node to display theattributes.

device

Network> ip link show sfs_1 pubeth0

Nodename Device Status MTU Detect Speed HWaddr

-------- ------ ------ --- ------ ------ ------

sfs_01 pubeth0 UP 1500 yes 100Mb/s 00:0c:29:a8:9d:f3

To display all configurations, enter the following:

Network> ip link show


-------- ------ ------ --- ------ ------ ------


sfs_01 pubeth1 UP 1500 yes 100Mb/s 00:0c:29:a8:9d:fd

sfs_02 pubeth0 UP 1500 yes 100Mb/s 00:0c:29:da:c9:e2

sfs_02 pubeth1 UP 1500 yes 100Mb/s 00:0c:29:da:c9:ec

Configuring Symantec FileStore network settingsDisplaying current Ethernet interfaces and states

174

Configuring Ethernet interfacesTo change an Ethernet interface

◆ To change an Ethernet interface's configuration, enter the following:

Network> ip link set nodename device operation [argument]

Specifies which node of the cluster to configure.

If the node specified is not part of the cluster, then an errormessage is displayed.

To configure all nodes at once, use the all option in thenodename field.

nodename

Specifies the Ethernet interface to configure.

If you enter an Ethernet interface that cannot be configured, anerror message is displayed.

device

Enter one of the following operations:

■ up - Brings the Ethernet interface online.

■ down - Brings the Ethernet interface offline.

■ mtu MTU

- Changes the Ethernet interface's Maximum TransmissionUnit (MTU) to the value that is specified in the argument field.

operation

The argument field is used only when you enter mtu in theoperation field.

Setting the incorrect MTU value causes the console IP to becomeunavailable.

The argument field specifies what the MTU of the specifiedEthernet interface on the specified node should be changed to.

The MTU value must be an unsigned integer between 46 and9216.

If you enter the argument field, but do not enter an MTU in theoperation field, the argument is ignored.

argument

Network> ip link set all pubeth0 mtu 1600

sfs_01 : mtu updated on pubeth0

sfs_02 : mtu updated on pubeth0

Network> ip link show

175Configuring Symantec FileStore network settingsConfiguring Ethernet interfaces


-------- ------ ------ --- ------ ------ ------


sfs_01 pubeth1 UP 1500 yes 100Mb/s 00:0c:29:a8:9d:fd

sfs_02 pubeth0 UP 1600 yes 100Mb/s 00:0c:29:da:c9:e2

sfs_02 pubeth1 UP 1500 yes 100Mb/s 00:0c:29:da:c9:ec

About configuring routing tablesSometimes an FileStore cluster must communicate with network services (forexample, LDAP) using specific gateways in the public network. In these cases, youmust define routing table entries.

These entries consist of the following:

■ The target network node's IP address and accompanying netmask.

■ Gateway’s IP address.

■ Optionally, a specific Ethernet interface via which to communicate with thetarget. This is useful, for example, if the demands of multiple remote clientsare likely to exceed a single gateway’s throughput capacity.

You add or remove routing table entries using the Network> ip route command.

Table 5-6 lists the commands used to configure the routing tables of the nodes inthe cluster.

Table 5-6 Routing table commands

DefinitionCommand

Displays the routing table of the nodes in the cluster. You can entera specific nodename or use all to display the routing tables for allnodes in the cluster.


route show

Configuring Symantec FileStore network settingsAbout configuring routing tables

176

Table 5-6 Routing table commands (continued)

DefinitionCommand

Adds a new route for the cluster. The routing table containsinformation about paths to other networked nodes. You can makerouting table changes on each node of the cluster.

Use all for the nodename to add the route to all of the nodes in thecluster.

Use a netmask value of 255.255.255.255 for the netmask to add a hostroute to ipaddr.

Use a value of 0.0.0.0 for the gateway to add a route that does not useany gateway.

The dev device is an optional argument.

Use any of the public Ethernet interfaces for the device, for example,pubeth0, pubeth1, or any.


route add

Deletes a route used by the cluster. Use all for nodename to deletethe route from all of the nodes in the cluster. The combination ofipaddr and netmask specifies the network or host for which the routeis deleted. Use a value of 255.255.255.255 for the netmask to delete ahost route to ipaddr.


route del

177Configuring Symantec FileStore network settingsAbout configuring routing tables

Configuring routing tablesTo display the routing tables of the nodes in the cluster

◆ To display the routing tables of the nodes in the cluster, enter the following:

Network> ip route show [nodename]

where nodename is the node whose routing tables you want to display. Tosee the routing table for all of the nodes in the cluster, enter all.

For example:

Network> ip route show all

sfs_01

-------------


172.27.75.0 0.0.0.0 255.255.255.0 U 0 0 0 priveth0

10.182.96.0 0.0.0.0 255.255.240.0 U 0 0 0 pubeth0

10.182.96.0 0.0.0.0 255.255.240.0 U 0 0 0 pubeth1

127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo

0.0.0.0 10.182.96.1 0.0.0.0 UG 0 0 0 pubeth0

sfs_02

-------------


172.27.75.0 0.0.0.0 255.255.255.0 U 0 0 0 priveth0

10.182.96.0 0.0.0.0 255.255.240.0 U 0 0 0 pubeth0

10.182.96.0 0.0.0.0 255.255.240.0 U 0 0 0 pubeth1

127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo

0.0.0.0 10.182.96.1 0.0.0.0 UG 0 0 0 pubeth0

Displays the destination network or destination host for which theroute is defined.

Destination

Displays a network node equipped for interfacing with anothernetwork.

Gateway

Displays the netmask.Genmask

Configuring Symantec FileStore network settingsConfiguring routing tables

178

The flags are as follows:

U - Route is up

H - Target is a host

G - Use gateway

Flags

Displays maximum segment size. The default is 0. You cannot modifythis attribute.

MSS

Displays the maximum amount of data the system accepts in a singleburst from the remote host. The default is 0. You cannot modify thisattribute.

Window

Displays the initial round trip time with which TCP connections start.The default is 0. You cannot modify this attribute.

irtt

Displays the interface. On UNIX systems, the device name lo refersto the loopback interface.

Iface

To add to the route table

◆ To add a route entry to the routing table of nodes in the cluster, enter thefollowing:

Network> ip route add nodename ipaddr netmask via gateway [dev device]

Specifies the node to whose routing table the route is to be added.

To add a route path to all the nodes, use all in the nodenamefield.

If you enter a node that is not a part of the cluster, an errormessage is displayed.

nodename

Specifies the destination of the IP address.

If you enter an invalid IP address, then a message notifies youbefore you fill in other fields.

ipaddr

Specifies the netmask associated with the IP address that isentered for the ipaddr field.

Use a netmask value of 255.255.255.255 for the netmask toadd a host route to ipaddr.

netmask

This is a required field. You must type in the word.via

179Configuring Symantec FileStore network settingsConfiguring routing tables

Specifies the gateway IP address used for the route.

If you enter an invalid gateway IP address, then an error messageis displayed.

To add a route that does not use a gateway, enter a value of0.0.0.0.

gateway

Specifies the route device option. You must type in the word.dev

Specifies which Ethernet interface on the node the route path isadded to. This variable is optional.

You can specify the following values:

■ any - Default

■ pubeth0 - Public Ethernet interface

■ pubeth1 - Public Ethernet interface

The Ethernet interface field is required only when you specifydev in the dev field.

If you omit the dev and device fields, FileStore uses a defaultEthernet interface.

dev device

For example:

Network> ip route add sfs_01 10.10.10.10 255.255.255.255

via 0.0.0.0 dev pubeth0

sfs_01: Route added successfully

Configuring Symantec FileStore network settingsConfiguring routing tables

180

To delete route entries from the routing tables of nodes in the cluster

◆ To delete route entries from the routing tables of nodes in the cluster, enterthe following:

Network> ip route del nodename ipaddr netmask

Specify the node from which the node is deleted.

To delete the route entry from all nodes, use the all option inthis field.

nodename

Specifies the destination IP address of the route entry to bedeleted.

If you enter an invalid IP address a message notifies you beforeyou enter other fields.

ipaddr

Specifies the IP address to be used.netmask

For example:

Network> ip route del sfs_01 10.216.128.0 255.255.255.255

sfs_01: Route deleted successfully

About LDAPThe Lightweight Directory Access Protocol (LDAP) is the protocol used tocommunicate with LDAP servers. The LDAP servers are the entities that performthe service. In FileStore the most common use of LDAP is user authentication.

For sites that use an LDAP server for access or authentication, FileStore providesa simple LDAP client configuration interface.

Before configuring LDAP settingsBefore you configure FileStore LDAP settings, obtain the following LDAPconfiguration information from your system administrator:

■ IP address or host name of the LDAP server. You also need the port numberof the LDAP server.

■ Base (or root) distinguished name (DN), for example, cn=employees,c=us. LDAPdatabase searches start here.

181Configuring Symantec FileStore network settingsAbout LDAP

■ Bind distinguished name (DN) and password, for example, ou=engineering,c=us.This allows read access to portions of the LDAP database to search forinformation.

■ Base DN for users, for example, ou=users,dc=com. This allows access to theLDAP directory to search for and authenticate users.

■ Base DN for groups, for example, ou=groups,dc=com. This allows access to theLDAP database, to search for groups.

■ Root bind DN and password. This allows write access to the LDAP database,to modify information, such as changing a user's password.

■ Secure Sockets Layer (SSL). Configures an FileStore cluster to use the SecureSockets Layer (SSL) protocol to communicate with the LDAP server.

■ Password hash algorithm, for example md5, if a specific password encryptionmethod is used with your LDAP server.

The following sections describe how to configure LDAP:

■ See “Configuring LDAP server settings” on page 184.

■ See “Administering the FileStore cluster's LDAP client” on page 189.

About configuring LDAP server settingsTable 5-7 lists the LDAP commands used to configure the LDAP server settings.

Table 5-7 LDAP commands

DefinitionCommand

Sets the base DN value for the LDAP server.

Note: Setting the base DN for the LDAP server is required.

See “Configuring LDAP server settings” on page 184.

set basedn

Sets the hostname or IP address for the LDAP server.


set server

Sets the port number for the LDAP server.


set port

Configuring Symantec FileStore network settingsAbout configuring LDAP server settings

182

Table 5-7 LDAP commands (continued)

DefinitionCommand

Configures an FileStore cluster to use the Secure Sockets Layer (SSL)protocol to communicate with the LDAP server.

If your LDAP server does not use SSL for authentication, sets thisvalue to off (the default value). Consult your system administrator forconfirmation.

If your LDAP server supports SSL, you must set SSL to on. This settingis mandatory. The certificates that are required for SSL areauto-negotiated with the LDAP server when the session is established.


set ssl

Sets the bind Distinguished Name (DN) and its password for the LDAPserver. This DN is used to bind with the LDAP server for read access.For LDAP authentication, most attributes need read access.

Note: Use the LDAP server password. Contact your NetworkAdministrator for assistance.


set binddn

Sets the LDAP root bind DN and its password. This DN is used to bindwith the LDAP server for write access to the LDAP directory. Thissetting is not required for authentication.

To change some attributes of an LDAP entry, the root bind DN isrequired. For example, if a root user wants to change a user's password,the root user must have administrative privileges to write to the LDAPdirectory.

Note: Use the LDAP server password. Contact your NetworkAdministrator for assistance.


set rootbinddn

Sets the LDAP users, groups, and netgroups base Distinguished Name(DN). PAM/NSS uses this DN to search LDAP groups.

Note: You must set the LDAP users, groups, and netgroups base DN.


set users-basedn

set groups-basedn

setnetgroups-basedn

183Configuring Symantec FileStore network settingsAbout configuring LDAP server settings

Table 5-7 LDAP commands (continued)

DefinitionCommand

Sets the LDAP password hash algorithm used when you set or changethe LDAP user's password. The password is encrypted with theconfigured hash algorithm before it is sent to the LDAP server andstored in the LDAP directory.

Note: Setting the LDAP password hash algorithm is optional.


set password-hash

Displays the configured LDAP settings.


get

Clears a configured setting.


clear

Configuring LDAP server settingsYou can set the LDAP base Distinguished Name (base DN). LDAP records arestructured in a hierarchical tree. You access records through a particular path,in this case, a Distinguished Name, or DN. The base DN indicates where in theLDAP directory hierarchy you want to start your search.

Note: For FileStore to access an LDAP directory service, you must specify theLDAP server DNS name or IP address.

To set the base DN for the LDAP server

◆ To set the base DN for the LDAP server, enter the following:

Network> ldap set basedn value

where value is the LDAP base DN in the following format:

dc=yourorg,dc=com

For example:

Network> ldap set basedn dc=example,dc=com

OK Completed

Configuring Symantec FileStore network settingsConfiguring LDAP server settings

184

To set the LDAP server hostname or IP address

◆ To set the LDAP server hostname or IP address, enter the following:

Network> ldap set server value

where value is the LDAP server hostname or IP address.

For example:

Network> ldap set server ldap-server.example.com

OK Completed

For example, if you enter an IP address for the value you get the followingmessage:

Network> ldap set server 10.10.10.10

OK Completed

To set the LDAP server port number

◆ To set the LDAP server port number, enter the following:

Network> ldap set port value

where value is the LDAP server port number.

For example:

Network> ldap set port 555

OK Completed

To set FileStore to use LDAP over SSL

◆ To set FileStore to use LDAP over SSL, enter the following:

Network> ldap set ssl {on|off}

For example:

Network> ldap set ssl on

OK Completed

185Configuring Symantec FileStore network settingsConfiguring LDAP server settings

To set the bind DN for the LDAP server

◆ To set the bind DN for the LDAP server, enter the following:

Network> ldap set binddn value

where value is the LDAP bind DN in the following format:

cn=binduser,dc=yourorg,dc=com

The value setting is mandatory.

You are prompted to supply a password. You must use your LDAP serverpassword.

For example:

Network> ldap set binddn cn

Enter password for 'cn': ***

OK Completed

To set the root bind DN for the LDAP server

◆ To set the root bind DN for the LDAP server, enter the following:

Network> ldap set rootbinddn value

where value is the LDAP root bind DN in the following format:

cn=admin,dc=yourorg,dc=com

You are prompted to supply a password. You must use your LDAP serverpassword.

For example:

Network> ldap set rootbinddn dc

Enter password for 'dc': ***

OK Completed

Configuring Symantec FileStore network settingsConfiguring LDAP server settings

186

To set the LDAP users, groups, or netgroups base DN

◆ To set the LDAP users, groups, or netgroups base DN, enter the following:

Network> ldap set users-basedn value

Network> ldap set groups-basedn value

Network> ldap set netgroups-basedn value

Specifies the value for the users-basedn. For example:

ou=users,dc=example,dc=com (default)

users-basednvalue

Specifies the value for the groups-basedn. For example:

ou=groups,dc=example,dc=com (default)

groups-basednvalue

Specifies the value for the netgroups-basedn. For example:

ou=netgroups,dc=example,dc=com (default)

netgroups-basednvalue

For example:

Network> ldap set users-basedn ou=Users,dc=example,dc=com

OK Completed

To set the password hash algorithm

◆ To set the password hash algorithm, enter the following:

Network> ldap set password-hash {clear|crypt|md5}

For example:

Network> ldap set password-hash clear

OK Completed

187Configuring Symantec FileStore network settingsConfiguring LDAP server settings

To display the LDAP configured settings

◆ To display the LDAP configured settings, enter the following:

Network> ldap get {server|port|basedn|binddn|ssl|rootbinddn|


For example:

Network> ldap get server

LDAP server: ldap-server.example.com

OK Completed

To clear the LDAP setting

◆ To clear the previously configured LDAP setting, enter the following:

Network> ldap clear {server|port|basedn|binddn|ssl|rootbinddn|


For example:

Network> ldap clear binddn

OK Completed

About administering FileStore cluster's LDAP clientYou can display the Lightweight Directory Access Protocol (LDAP) clientconfigurations. LDAP clients use the LDAPv3 protocol to communicate with theserver.

Table 5-8 LDAP client commands

DefinitionCommand

Displays the FileStore cluster's LDAP client configuration.

See “Administering the FileStore cluster's LDAP client” on page 189.

ldap show

Enables the LDAP client configuration.


ldap enable

Disables the LDAP client configuration. This command stops FileStorefrom querying the LDAP service.


ldap disable

Configuring Symantec FileStore network settingsAbout administering FileStore cluster's LDAP client

188

Administering the FileStore cluster's LDAP clientTo display the LDAP client configuration

◆ To display the LDAP client configuration, enter the following:

Network> ldap show [users|groups|netgroups]

Displays the LDAP users that are available in the Name ServiceSwitch (NSS) database.

users

Displays the LDAP groups that are available in the NSS database.groups

Displays the LDAP netgroups that are available in the NSSdatabase.

netgroups

If you do not include one of the optional variables, the command displays allthe configured settings for the LDAP client. For example:

Network> ldap show

LDAP client is enabled.

=======================

LDAP server: ldap_server

LDAP port: 389 (default)

LDAP base DN: dc=example,dc=com

LDAP over SSL: on

LDAP bind DN: cn=binduser,dc=example,dc=com

LDAP root bind DN: cn=admin,dc=example,dc=com

LDAP password hash: md5

LDAP users base DN: ou=Users,dc=example,dc=com

LDAP groups base DN: ou=Groups,dc=example,dc=com

LDAP netgroups base DN: ou=Netgroups,dc=example,dc=com

OK Completed

189Configuring Symantec FileStore network settingsAdministering the FileStore cluster's LDAP client

To enable the LDAP client configuration

◆ To enable the LDAP client configuration, enter the following:

Network> ldap enable

For example:


LDAP clients use the LDAPv3 protocol for communicating with the server.Enabling the LDAP client configures the Pluggable Authentication Module(PAM) files to use LDAP. PAM is the standard authentication framework forLinux.

To disable the LDAP client configuration

◆ To disable the LDAP client configuration, enter the following:

Network> ldap disable

For example:

Network> ldap disable

LDAP clients use the LDAPv3 protocol for communicating with the server.This command configures the PAM configuration files so that they do notuse LDAP.

About NISFileStore supports Network Information Service (NIS), implemented in a NISserver, as an authentication authority. You can use NIS to authenticate computers.

If your environment uses NIS, enable the NIS-based authentication on the FileStorecluster.

Table 5-9 NIS commands

DefinitionCommand

Displays the NIS server name, domain name, the NIS users, groups,and netgroups that are available in the NIS database.

See “Configuring the NIS-related commands” on page 191.

nis show

Sets the NIS domain name in the FileStore cluster.


nis setdomainname

Configuring Symantec FileStore network settingsAbout NIS

190

Table 5-9 NIS commands (continued)

DefinitionCommand

Sets the NIS server name in the FileStore cluster.


nis set servername

Enables the NIS clients in the FileStore cluster. You must set the NISdomain name and NIS server name before you can enable NIS.


nis enable

Disables the NIS clients in the FileStore cluster.


nis disable

Configuring the NIS-related commandsTo display NIS-related settings

◆ To display NIS-related settings, enter the following:

Network> nis show [users|groups|netgroups]

Displays the NIS users that are available in the FileStore cluster'sNIS database.

users

Displays the NIS groups that are available in the FileStorecluster's NIS database.

groups

Displays the NIS netgroups that are available in the FileStorecluster's NIS database.

netgroups

For example:

Network> nis show

NIS Status : Disabled

domain :

NIS Server :

191Configuring Symantec FileStore network settingsConfiguring the NIS-related commands

To set the NIS domain name on all nodes in the cluster

◆ To set the NIS domain name on the cluster nodes, enter the following:

Network> nis set domainname [domainname]

where domainname is the domain name.

For example:

Network> nis domainname domain_1

Setting domainname: "domain_1"

To set NIS server name on all nodes in the cluster

◆ To set the NIS server name on all cluster nodes, enter the following:

Network> nis set servername servername

where servername is the NIS server name. You can use the server's name orIP address.

For example:

Network> nis servername 10.10.10.10

Setting NIS Server "10.10.10.10"

To enable NIS clients

◆ To enable NIS clients, enter the following:

Network> nis enable

For example:

Network> nis enable

Enabling NIS Client on all the nodes.....

Done. Please enable NIS in nsswitch settings for required services.

To view the new settings, enter the following:

Network> nis show

NIS Status : Enabled

domain : domain_1

NIS Server : 10.10.10.10

Configuring Symantec FileStore network settingsConfiguring the NIS-related commands

192

To disable NIS clients

◆ To disable NIS clients, enter the following:

Network> nis disable

For example:

Network> nis disable

Disabling NIS Client on all nodes

Please disable NIS in nsswitch settings for required services.

About NSSName Service Switch (NSS) is an FileStore cluster service which provides a singleconfiguration location to identify the services (such as NIS or LDAP) for networkinformation such as hosts, groups, or passwords.

For example, host information may be on an NIS server. Group information maybe in an LDAP database.

The NSS configuration specifies which network services the FileStore clustershould use to authenticate hosts, users, groups, and netgroups. The configurationalso specifies the order in which multiple services should be queried.

Table 5-10 NSS commands

DefinitionCommand

Displays the NSS configuration.

See “Configuring NSS lookup order” on page 194.

nsswitch show

Configures the order of the NSS services.

See “Configuring NSS lookup order” on page 194.

nsswitch conf

193Configuring Symantec FileStore network settingsAbout NSS

Configuring NSS lookup orderTo display the NSS configuration

◆ To display the NSS configuration, enter the following:

Network> nsswitch show

group: files nis winbind ldap

hosts: files nis dns

netgroup: nis

passwd: files nis winbind ldap

shadow: files winbind

To configure the NSS lookup order

◆ To configure the NSS lookup order, enter the following:

Network> nsswitch conf {group|hosts|netgroups|passed|shadow}

value1 [[value2]] [[value3]] [[value4]]

Selects the group file.group

Selects the hosts file.hosts

Selects the netgroups file.netgroups

Selects the password.passed

Selects the shadow file.shadow

Specifies the following NSS lookup order with the followingvalues:

■ value1 (required)- { files/nis/winbind/ldap }

■ value2 (optional) - { files/nis/winbind/ldap }



value

For example:

Network> nsswitch conf shadow files ldap


group: files nis winbind ldap

hosts: files nis dns

netgroup: nis

passwd: files nis winbind ldap

shadow: files ldap

Configuring Symantec FileStore network settingsConfiguring NSS lookup order

194

To select DNS, you must use the following command:

Network> nsswitch conf hosts

nsswitch conf hosts <value1> [value2] [value3]

--select hosts file

value1 : Choose the type (files) (files)

value2 : Type the type (files/nis/dns) []

value3 : Type the type (files/nis/dns) []

About VLAN interfacesThe virtual LAN (VLAN) feature lets you create VLAN interfaces on the FileStorenodes and administer them as any other VLAN interfaces. The VLAN interfacesare created using Linux support for VLAN interfaces.

Use the Network> vlan commands to view, add, or delete VLAN interfaces.

Note: To use VLAN, your network must have VLAN-supported switches.

Table 5-11 VLAN commands

DefinitionCommand

Displays the VLAN interfaces.

See “Configuring VLAN interfaces” on page 196.

vlan show

Adds a VLAN interface.


vlan add

Deletes a VLAN interface.


vlan del

195Configuring Symantec FileStore network settingsAbout VLAN interfaces

Configuring VLAN interfacesTo display the VLAN interfaces

◆ To display the VLAN interfaces, enter the following:

Network> vlan show

For example:

VLAN DEVICE VLAN id

----- ------ -------

pubeth0.2 pubeth0 2

To add a VLAN interface

◆ To add a VLAN interface, enter the following:

Network> vlan add device vlan_id

Specifies the VLAN interface on which the VLAN interfaces willbe added.

device

Specifies the VLAN ID which the new VLAN interface uses. Validvalues range from 1 to 4095.

vlan_id

For example:

Network> vlan add pubeth1 2

Network> vlan show

VLAN DEVICE VLAN id

----- ------ -------

pubeth0.2 pubeth0 2

pubeth1.2 pubeth1 2

Configuring Symantec FileStore network settingsConfiguring VLAN interfaces

196

To delete a VLAN interface

◆ To delete a VLAN interface, enter the following:

Network> vlan del vlan_device

where the vlan_device is the VLAN name from the Network> vlan show

command.

For example:

Network> vlan del pubeth0.2

Network> vlan show

VLAN DEVICE VLAN id

----- ------ -------

pubeth1.2 pubeth1 2

197Configuring Symantec FileStore network settingsConfiguring VLAN interfaces

Configuring Symantec FileStore network settingsConfiguring VLAN interfaces

198

Configuring your NFS server


■ About NFS server commands

■ Accessing the NFS server

■ Displaying NFS statistics

■ Displaying file systems and snapshots that can be exported

About NFS server commandsThe clustered NFS Server provides file access services to UNIX and Linux clientcomputers via the Network File System (NFS) protocol.

You use the NFS commands to start and stop your NFS server.

See Table 6-1 on page 199.

Note: For the NFS> share commands, see the section referenced below.

See “About NFS file sharing” on page 205.

To access the commands, log into the administrative console (for master,system-admin, or storage-admin) and enter NFS> mode.



DefinitionCommand

Displays the status of the NFS server.

See “Accessing the NFS server” on page 200.

server status

6Chapter

Table 6-1 NFS mode commands (continued)

DefinitionCommand

Starts the NFS server.


server start

Stops the NFS server.


server stop

Prints the NFS statistics.

See “Displaying NFS statistics” on page 202.

stat

Displays all of the online file systems and snapshots that can beexported.

See “Displaying file systems and snapshots that can be exported”on page 203.

show fs

Accessing the NFS serverTo check on the NFS server status

◆ Prior to starting the NFS server, check on the status of the server by entering:

NFS> server status

For example:

NFS> server status

NFS Status on sfs_01 : OFFLINE

NFS Status on sfs_02 : OFFLINE

The states (ONLINE, OFFLINE, and FAULTED) correspond to each FileStorenode identified by the node name. The states of the node may vary dependingon the situation for that particular node.

The possible states of the NFS> server status command are:

Indicates that the node can serve NFS protocols to the client.ONLINE

Indicates the NFS services on that node are down.OFFLINE

Indicates something is wrong with the NFS service on the node.FAULTED

You can run the NFS> server start command to restart the NFS services,and only the nodes where NFS services have problems, will be restarted.

Configuring your NFS serverAccessing the NFS server

200

To start the NFS server

◆ To start the NFS server, enter the following:

NFS> server start

You can use the NFS> server start command to clear an OFFLINE statefrom the NFS> server status output by only restarting the services that areoffline. You can run the NFS> server start command multiple times withoutit affecting the already-started NFS server.

For example:

NFS> server start

..Success.

Run the NFS> server status command again to confirm the change.

NFS> server status

NFS Status on sfs_01 : ONLINE

NFS Status on sfs_02 : ONLINE

To stop the NFS server

◆ To stop the NFS server, enter the following:

NFS> server stop

For example:

NFS> server stop

..Success.

You will receive an error if you try to stop an already stopped NFS server.

201Configuring your NFS serverAccessing the NFS server

Displaying NFS statisticsTo display statistics for all the nodes in the cluster on the NFS server

◆ To display NFS statistics, enter the following:

NFS> stat [nodename]

where nodename specifies the node name for which you are trying to obtainthe statistical information. If the nodename is not specified, statistics for allthe nodes in the cluster are displayed.

For example:

NFS> stat sfs_01

sfs_01

----------------

Server rpc stats:

calls badcalls badauth badclnt xdrcall

52517 0 0 0 0

Server nfs v2:

null getattr setattr root lookup readlink

10 100% 0 0% 0 0% 0 0% 0 0% 0 0%

read wrcache write create remove rename

0 0% 0 0% 0 0% 0 0% 0 0% 0 0%

link symlink mkdir rmdir readdir fsstat

0 0% 0 0% 0 0% 0 0% 0 0% 0 0%

Server nfs v3:

null getattr setattr lookup access readlink

11 0% 17973 35% 0 0% 5951 11% 6997 13% 1034 2%

read write create mkdir symlink mknod

4138 8% 4137 8% 3251 6% 1255 2% 1034 2% 0 0%

remove rmdir rename link readdir readdirplus

0 0% 1 0% 0 0% 0 0% 0 0% 1361 2%

fsstat fsinfo pathconf commit

0 0% 2 0% 0 0% 3067 6%

Configuring your NFS serverDisplaying NFS statistics

202

Displaying file systems and snapshots that can beexported

To display a file system and snapshots that can be exported

◆ To display online file systems and the snapshots that can be exported, enterthe following:

NFS> show fs

For example:

NFS> show fs

FS/Snapshot

===========

fs1

203Configuring your NFS serverDisplaying file systems and snapshots that can be exported

Configuring your NFS serverDisplaying file systems and snapshots that can be exported

204

Creating and maintainingNFS shares


■ About NFS file sharing

■ Displaying exported directories

■ Adding an NFS share

■ Sharing directories using CIFS and NFS protocols

■ Exporting an NFS snapshot

■ Unexporting a directory or deleting NFS options

About NFS file sharingThe Network File System (NFS) protocol enables exported directories (includingall files under the directory that reside on the exported directory's file system)hosted by an NFS server to be accessed by multiple UNIX and Linux client systems.

Using NFS, a local system can mount and use a disk partition or file system froma remote system (an NFS server), as if it were local. The FileStore NFS serverexports a directory , with selected permissions and options, and makes it availableto NFS clients.

The selected permissions and options can also be updated, to restrict or expandthe permitted use. To remove sharing, unexport the NFS directory.

The FileStore NFS service is clustered. The NFS clients continuously retry duringa failover transition. Even if the TCP connection is broken for a short time, the

7Chapter

failover is transparent to NFS clients, and NFS clients regain access transparentlyas soon as the failover is complete.

However, depending on client configuration and the nature of the failure, a clientoperation may time out, resulting in an error message such as: NFS server not

responding, still trying.

You use NFS commands to export or unexport your directories. The NFS> share

commands are defined in Table 7-1.

To access the commands, log into the administrative console (for master,system-admin, or storage-admin) and enter the NFS> mode.



DefinitionCommand

Display exported directories.

See “Displaying exported directories” on page 206.

share show

Export a directory.

See “Adding an NFS share ” on page 207.

share add

Unexport a directory.

See “Unexporting a directory or deleting NFS options” on page 214.

share delete

Displaying exported directoriesYou can display the exported directories and the NFS options that are specifiedwhen the directory was exported.

Creating and maintaining NFS sharesDisplaying exported directories

206

To display exported directories

◆ To display exported directories, enter the following:

NFS> share show

For example:

NFS> share show

/vx/fs2 * (sync)

/vx/fs3 * (secure,ro,no_root_squash)

The command output displays two columns.

Displays the directory that was exported.

For example:

/vx/fs2

Left-hand column

Displays the system that the directory is exported to, and theNFS options with which the directory was exported.

For example:

* (secure,ro,no_root_squash)

Right-handcolumn

Adding an NFS shareYou can export an NFS share with the specified NFS options that can then beaccessed by one or more client systems. The new NFS options are updated afterthe command is run.

If you add a directory that has already been exported with a different NFS option(rw, ro, async, or secure, for example), FileStore provides a warning messagesaying that the directory has already been exported. FileStore updates (overwrite)the old NFS options with the new NFS options.

Directory options appear in parentheses.

If a client was not specified when the NFS> share add command was used, then* is displayed as the system to be exported to, indicating that all clients can accessthe directory.

Directories that have been exported to different clients appear as different entries.Directories that are exported to <world> and other specific clients also appear asdifferent entries.

207Creating and maintaining NFS sharesAdding an NFS share

For example:

Consider the following set of exported directories where only the client (1.1.1.1)has read-write access to directory (fs2), while all other clients have read accessonly.

/vx/fs2 * (ro)

/vx/fs2 1.1.1.1 (rw)

When sharing a directory, FileStore does not check whether the client exists ornot. If you add a share for an unknown client, then an entry appears in the NFS>

show command output.

If the directory (including the underlying file system) does not exist, you will notbe able to export to any client. FileStore gives the following error:

SFS nfs ERROR V-288-1697 Directory /vx/fs1/export does not exist

You cannot export a non-existent directory. TheNFS> show fs command displaysthe list of exportable file systems.

Valid NFS options include the following:

Grants read and write permission to the directory (including allfiles under the directory that reside on the exported directory'sfile system). Hosts mounting this directory will be able to makechanges to the directory.

rw

Grants read-only permission to the directory. Hosts mountingthis directory will not be able to change it.

ro (Default)

Grants synchronous write access to the directory. Forces theserver to perform a disk write before the request is consideredcomplete.

sync (Default)

Grants asynchronous write access to the directory. Allows theserver to write data to the disk when appropriate.

async

Grants secure access to the directory. Requires that clientsoriginate from a secure port. A secure port is between 1-1024.

secure (Default)

Grants insecure access to the directory. Permits client requeststo originate from unprivileged ports (those above 1024).

insecure

Requires authorization of all locking requests.secure_locks

(Default)

Creating and maintaining NFS sharesAdding an NFS share

208

Some NFS clients do not send credentials with lock requests, andtherefore work incorrectly with secure_locks, in which caseyou can only lock world-readable files. If you have such clients,either replace them with better ones, or use theinsecure_locks option.

insecure_locks

Prevents the root user on an NFS client from having rootprivileges on an NFS mount.

This effectively "squashes" the power of the remote root user tothe lowest local user, preventing remote root users from actingas though they were the root user on the local system.

root_squash

(Default)

Disables theroot_squash option. Allows root users on the NFSclient to have root privileges on the NFS server.

no_root_squash

Causes the NFS server to delay writing to the disk if another writerequest is imminent. This can improve performance by reducingthe number of times the disk must be accessed by separate writecommands, reducing write overhead.

wdelay (Default)

Disables the wdelay option.no_wdelay

Verifies that the requested file is in an exported subdirectory. Ifthis option is turned off, the only verification is that the file isin an exported file system.

subtree_check

Sometimes subtree checking can produce problems when arequested file is renamed while the client has the file open. Ifmany such situations are anticipated, it might be better to setno_subtree_check. One such situation might be the export ofthe home directory. Most other situations are best handled withsubtree_check.

no_subtree_check

(Default)

This option allows the FileStore administrator to associate aspecific number as fsid with the share.

fsid (Default)

For example, you could issue the following commands:

NFS> share add rw,async /vx/fs2

NFS> share add rw,sync,secure,root_squash /vx/fs3 10.10.10.10

Note: With root_squash, the root user can access the share, but with 'nobody'permissions.

209Creating and maintaining NFS sharesAdding an NFS share

To export a directory/file system

1 To see your exportable online file systems and snapshots, enter the following:

NFS> show fs

For example:

NFS> show fs

FS/Snapshot

===========

fs2

fs3

2 To see your NFS share options, enter the following:

NFS> share show

For example:

NFS> share show

/vx/fs2 * (sync)


3 To export a directory, enter the following command:

NFS> share add nfsoptions export_dir [client]

Comma-separated list of export options from the set.nfsoptions

Specifies the name of the directory you want to export.

The directory name should start with /vx, and onlya-zA-Z0-9_/@+=.:- characters are allowed forexport_dir.

export_dir

Creating and maintaining NFS sharesAdding an NFS share

210

Clients may be specified in the following ways:

■ Single host - specify a host either by an abbreviated namethat is recognized by the resolver (DNS is the resolver), thefully qualified domain name, or an IP address.

■ Netgroups - netgroups may be given as@group. Only the hostpart of each netgroup member is considered for checkingmembership.

■ IP networks - you can also simultaneously export directoriesto all hosts on an IP sub-network. This is done by specifyingan IP address and netmask pair as address/netmask wherethe netmask can be specified as a contiguous mask length.

If the client is not given, then the specified directory can bemounted or accessed by any client. To re-export new options toan existing share, the new options will be updated after thecommand is run.

client

Example using NFS options:

NFS> share add async /vx/fs1

Exporting *:/vx/fs1 with options async

..Success.

Sharing directories using CIFS and NFS protocolsFileStore provides support for multi-protocol file sharing where the same directory(including all files under the directory that reside on the exported directory's filesystem) can be exported to both Windows and UNIX users using the CIFS and NFSprotocols. The result is an efficient use of storage by sharing a single data setacross multi-application platforms.

Figure 7-1 shows how the directory sharing for the two protocols works.

211Creating and maintaining NFS sharesSharing directories using CIFS and NFS protocols

Figure 7-1 Exporting and/or sharing CIFS and NFS directories

SharedStorage

File SystemFS1

2-nodeFileStorecluster

Data access byCIFS protocol

Data access byNFS protocol

Windows user UNIX user

Note:When a share is exported over both NFS and CIFS protocols, the applicationsrunning on the NFS and CIFS clients may attempt to concurrently read or writethe same file. This may lead to unexpected results since the locking models usedby these protocols are different. For example, an application reads stale data. Forthis reason, FileStore warns you when the share export is requested over NFS orCIFS and the same share has already been exported over CIFS or NFS, when atleast one of these exports allows write access.

Creating and maintaining NFS sharesSharing directories using CIFS and NFS protocols

212

To export a directory to Windows and UNIX users

1 To export a directory to Windows and UNIX users with read-only andread-write permission respectively, go to CIFS mode and enter the followingcommands:

CIFS> show

Name Value

---- -----

netbios name mycluster

ntlm auth yes

allow trusted domains no

homedirfs

idmap backend rid:10000-1000000

workgroup SYMANTECDOMAIN

security ads

Domain SYMANTECDOMAIN.COM

Domain user administrator

Domain Controller SYMSERVER

CIFS> share add fs1 share1 ro

Exporting CIFS filesystem : share1...

CIFS> share show

ShareName FileSystem ShareOptions

share1 fs1 owner=root,group=root,ro

2 Enter the NFS mode and enter the following commands:

CIFS> exit

> nfs

Entering share mode...

NFS> share add rw fs1

SFS nfs WARNING V-288-0 Filesystem (fs1)

is already shared over CIFS with 'ro' permission.

Do you want to proceed (y/n): y

Exporting *:/vx/fs1 with options rw

..Success.

NFS> share show

/vx/fs1 * (rw)

213Creating and maintaining NFS sharesSharing directories using CIFS and NFS protocols

Exporting an NFS snapshotTo export an NFS snapshot

1 To create an NFS snapshot, enter the following for example:

Storage> snapshot create fs5sp1 FS5

See “About snapshots” on page 246.

2 To export the NFS snapshot, enter the following for example:

NFS> share add rw /vx/FS5:fs5sp1


Unexporting a directory or deleting NFS optionsYou can unexport the share of the exported directory.

Note: You will receive an error message if you try to remove a directory that doesnot exist.

To unexport a directory or delete NFS options

1 To see your existing exported resources, enter the following command:

NFS> share show

Only the directories that are displayed can be unexported.

For example:

NFS> share show

/vx/fs2 * (sync)


2 To delete a directory from the export path, enter the following command:

NFS> share delete export_dir [client]

For example:

NFS> share delete /vx/fs3

Removing export path *:/vx/fs3

..Success.

Creating and maintaining NFS sharesExporting an NFS snapshot

214

Specifies the name of the directory you want to delete.

The directory name should start with /vx, and onlya-zA-Z0-9_/@+=.:- characters are allowed in export_dir.

You cannot include single or double quotes that do not enclosecharacters.

NFS> share delete "*:/vx/example"

You cannot use one single quote or one double quote, as in thefollowing example:

NFS> share delete ' "filesystem

export_dir

Clients may be specified in the following ways:

■ Single host - specify a host either by an abbreviated namethat is recognized by the resolver (DNS is the resolver), thefully qualified domain name, or an IP address.

■ Netgroups - netgroups may be given as @group. Only the hostpart of each netgroup member is considered for checkingmembership.

■ IP networks - you can also simultaneously export directoriesto all hosts on an IP sub-network. This is done by specifyingan IP address and netmask pair as address/netmask wherethe netmask can be specified as a contiguous mask length.

If client is included, the directory is removed from the exportpath that was directed at the client.

If a directory is being exported to a specific client, the NFS>share delete command must specify the client to remove thatexport path.

If the client is not specified, then the specified directory can bemounted or accessed by any client.

client

215Creating and maintaining NFS sharesUnexporting a directory or deleting NFS options

Creating and maintaining NFS sharesUnexporting a directory or deleting NFS options

216

Creating and maintainingfile systems


■ About creating and maintaining file systems

■ Listing all file systems and associated information

■ About creating file systems

■ Creating a file system

■ Adding or removing a mirror from a file system

■ Adding or removing a column from a file system

■ Checking and resynchronizing stale mirrors

■ Configuring FastResync for a file system

■ Disabling the FastResync option for a file system

■ Increasing the size of a file system

■ Decreasing the size of a file system

■ Checking and repairing a file system

■ Changing the status of a file system

■ Defragmenting a file system

■ Destroying a file system

■ About snapshots

8Chapter

■ About instant rollbacks

■ About setting up file system alerts for file system usage

■ About the Partition Secure Notification (PSN) feature

■ Upgrading a file system to the current layout for running deduplication

About creating and maintaining file systemsThis chapter discusses the FileStore file system commands. You use thesecommands to configure your file system.

For more information on the Storage> fs commands, see Table 8-1.

File systems consist of both the metadata and the file system data. Metadatacontains information such as the last modification date, creation time, permissions,and so on. The total amount of the space that is required for the metadata dependson the number of files in the file system. A file system with many small filesrequires more space to store metadata. A file system with fewer larger files requiresless space for handling the metadata.

When you create a file system, you need to set aside some space for handling themetadata. The space that is required is generally proportional to the size of thefile system. For this reason, after you create the file system with the Storage>

fs list command the output includes non-zero percentages. The space that isset aside to handle metadata may increase or decrease as needed. For example, afile system on a 1-GB volume takes approximately 35 MB (about 3%) initially tostore metadata. In contrast, a file system of 10 MB requires approximately 3.3 MB(30%) initially for storing the metadata.

File systems can be increased or decreased in size. Dynamic Storage Tiering (DST)functionality is also provided at the file system level.

See “About FileStore Dynamic Storage Tiering (DST)” on page 472.

Any file system can be enabled for both DAR and deduplication, but you have toenable DAR first, then deduplication. The reverse sequence is not supported



To access the commands, log into the administrative console (as a master,system-admin, or storage-admin) and enter Storage> mode.


Creating and maintaining file systemsAbout creating and maintaining file systems

218


DefinitionCommand

Lists all file systems and associated information.

See “Listing all file systems and associated information” on page 222.

fs list

Creates a file system.

See “About creating file systems” on page 226.

fs create

Adds a mirror to a file system.

See “Adding or removing a mirror from a file system” on page 230.

fs addmirror

Removes a mirror from a file system.

See “Adding or removing a mirror from a file system” on page 230.

fs rmmirror

Lets you add a column to a file system.

See “Adding or removing a column from a file system” on page 232.

fs addcolumn

Lets you remove a column from a file system.

See “Adding or removing a column from a file system” on page 232.

fs rmcolumn

Lets you check your file systems for stale mirrors.

See “Checking and resynchronizing stale mirrors” on page 233.

fs checkmirror

Lets you resynchronize any stale mirrors.


fs resync

Lets you display the resynchronization progress running in thebackground.


fs checkresync

Keeps the mirrors in the file system in a consistent state.

See “Configuring FastResync for a file system” on page 235.

resync

Enables the FastResync option for a file system.

See “Configuring FastResync for a file system” on page 235.

fs setfastresync

Disables the FastResync option for a file system.

See “Disabling the FastResync option for a file system” on page 236.

fs unsetfastresync

Increases the size of a file system to a specified size.

See “Increasing the size of a file system” on page 237.

fs growto

219Creating and maintaining file systemsAbout creating and maintaining file systems


DefinitionCommand

Increases the size of a file system by a specified size.

See “Increasing the size of a file system” on page 237.

fs growby

Decreases the size of a file system to a specified size.

See “Decreasing the size of a file system” on page 239.

fs shrinkto

Decreases the size of a file system by a specified size.

See “Decreasing the size of a file system” on page 239.

fs shrinkby

Checks and repairs a file system while the file system is offline.

See “Checking and repairing a file system” on page 240.

fs fsck

Sets and unsets alerts by file system usage and displays current diskusage and alert values.

See “About setting up file system alerts for file system usage”on page 269.

fs alert

Sets and unsets the Enterprise Vault (EV) Partition Secure Notification(PSN) feature on the specified file system.

See “About the Partition Secure Notification (PSN) feature” on page 272.

fs evpsn

Mounts (places online) a file system.

See “Changing the status of a file system” on page 243.

fs online

Unmounts (places offline) a file system.


fs offline

Destroys a file system.

See “Destroying a file system” on page 246.

fs destroy

The deduplication feature does not work if the file system layout isnot at the current version.


This command upgrades the file system layout to the current version.The file system needs to be online for this command to proceed. Youcan find version information about the file system by using theStorage> fs list file_system_name command.

See “Upgrading a file system to the current layout for runningdeduplication” on page 274.

fs upgrade

Creating and maintaining file systemsAbout creating and maintaining file systems

220


DefinitionCommand

Copies a set of files and directories as they were at a particular pointin the past.


snapshot

Creates or remove a snapshot.

See “About snapshot schedules” on page 252.

snapshot schedule

221Creating and maintaining file systemsAbout creating and maintaining file systems

Listing all file systems and associated informationTo list all file systems and associated information

Creating and maintaining file systemsListing all file systems and associated information

222

◆ To list all file systems and associated information, enter the following:

Storage> fs list [fs_name]

where fs_name is optional.

If you enter a file system that does not exist, an error message is displayed.

If you do not enter a specified file system, a list of file systems is displayed.

For example:

223Creating and maintaining file systemsListing all file systems and associated information

Storage> fs list alltaskGeneral Info:===============Block Size: 1024 BytesVersion: Version 8Cluster5_01: online

Primary Tier============Size: 40.00GUse%: 0%Layout: mirrored-stripeMirrors: 2Columns: 2Stripe Unit: 512 KFastResync: Enabled

1. Mirror 01:List of pools: p03List of disks: ams_wms0_12


Secondary Tier==============Size: 40.00GUse%: 0%Layout: mirrored-stripeMirrors: 2Columns: 2Stripe Unit: 512 KFastResync: Enabled



Defrag Status: Not RunningFullfsck Status: Not RunningResync Status:

Creating and maintaining file systemsListing all file systems and associated information

224

Tier 1, Mirror 02: 1.56% Start_time: Jun/20/2011/21:20:02 Work_time: 0:4:18Remaining_time: 4:30:54Tier 2, Mirror 02: 0.21% Start_time: Jun/20/2011/21:33:20 Work_time: 0:0:4Remaining_time: 32:03Rollsync Status:Rollback alltask_roll, Tier 1: 0.16% Start_time: Jun/20/2011/19:12:45 Work_time: 0:0:3

Remaining_time: 30:29Rollback alltask_roll, Tier 2: 0.29% Start_time: Jun/20/2011/19:12:45 Work_time: 0:0:3Remaining_time: 17:01Relayout Status: Not Running

225Creating and maintaining file systemsListing all file systems and associated information

Storage> fs list fsrelayoutGeneral Info:===============Block Size: 1024 BytesVersion: Version 8Cluster5_01: online

Primary Tier============Size: 40.00GUse%: 0%Layout: striped-mirrorMirrors: 5Columns: -Stripe Unit: K

List of pools:List of disks:

Secondary Tier==============Size: 40.00GUse%: 0%Layout: striped-mirrorMirrors: 5Columns: -Stripe Unit: K

List of pools:List of disks:

Defrag Status: Not RunningFullfsck Status: Not RunningResync Status: Not RunningRollsync Status: Not RunningRelayout Status:

Tier 1: 0.04% Start_time: Jun/20/2011/21:48:02 Work_time: 0:26:36Remaining_time: 1134:29:23

Tier 2: 9.44% Start_time: Jun/20/2011/21:48:28 Work_time: 0:26:10Remaining_time: 4:11:01

About creating file systemsThe Storage> fs commands manage file system operations.

Creating and maintaining file systemsAbout creating file systems

226

Table 8-2 Create file systems commands

DefinitionCommand

Creates a simple file system of a specified size. You can specify a blocksize for the file system.

The default block size is determined based on the size of the file systemwhen the file system is created. For example, 1 KB is the default blocksize for up to a 2 TB file system size. Other default block sizes, 2 KB,4 KB, and 8 KB are available for different ranges of file system sizes.If you create a 1 TB file system, and then increase it to 3 TB, the filesystem block size remains at 1KB.

See “Creating a file system ” on page 227.

fs create simple

Creates a mirrored file system with a specified number of mirrors, alist of pools, and online status. Each mirror uses the disks from thecorresponding pools as listed.


fs create mirrored

Creates a mirrored-stripe file system with a specified number ofcolumns, mirrors, pools, and protection options.


fs createmirrored-stripe

Creates a striped-mirror file system with a specified number of mirrorsand stripes.


fs createstriped-mirror

Creates a striped file system. A striped file system is a file system thatstores its data across multiple disks rather than storing the data onone disk.


fs create striped

Creating a file systemAfter a file system is created, the file system reserves some space for internallogging. Internal logging provides additional data integrity. Due to the space thatis reserved for internal logging, the file system may appear to be used immediatelyafter file system creation. The space that is reserved for internal logging increaseswith the number of nodes in the FileStore cluster.

Log file sizes for the file systems are as follows:

Log size = 60 M per node10 G to 100 G

227Creating and maintaining file systemsCreating a file system

Log size = 100 M per node100 G to 1 T

Log size = 256 MB per node1 T and above

To create a simple file system of a specified size

◆ To create a simple file system with a specified size, enter the following:

Storage> fs create simple fs_name size

pool1[,disk1,...] [blksize=bytes]

For example:

Storage> fs create simple fs2 10m sda

100% [#] Creating simple filesystem

To create a mirrored file system

◆ To create a mirrored file system, enter the following:

Storage> fs create mirrored fs_name size nmirrors

pool1[,disk1,...] [protection=disk|pool] [blksize=bytes]

For example:

Storage> fs create mirrored fs1 100M 2 pool1,pool2

100% [#] Creating mirrored filesystem

To create a mirrored-stripe file system

◆ To create a mirrored-stripe file system, enter the following:

Storage> fs create mirrored-stripe fs_name size nmirrors

ncolumns pool1[,disk1,...]

[protection=disk|pool] [stripeunit=kilobytes] [blksize=bytes]

To create a striped-mirror file system

◆ To create a striped-mirror file system, enter the following:

Storage> fs create striped-mirror fs_name size nmirrors

ncolumns pool1[,disk1,...]

[protection=disk|pool] [stripeunit=kilobytes] [blksize=bytes]

To create a striped file system

◆ To create a striped file system, enter the following:

Creating and maintaining file systemsCreating a file system

228

Storage> fs create striped fs_name size ncolumns

pool1[,disk1,...] [stripeunit=kilobytes]

[blksize=bytes]

Specifies the name of the file system being created. The filesystem name should be a string. If you enter a file that alreadyexists, you receive an error message and the file system is notcreated.

fs_name

Specifies the size of a file system.

To create a file system, you need at least 10 MB of space.

Available units are the following:

■ MB

■ GB

■ TB

You can enter the units with either uppercase (10M) or lowercase(10m) letters.

To see how much space is available on a pool, use the Storage>pool free command.


size

Specifies the number of mirrors for the file system. You mustenter a positive integer.

nmirrors

Specifies the number of columns for the striped file system. Thenumber of columns represents the number of disks to stripe theinformation across. If the number of columns exceeds the numberof disks for the entered pools, an error message is displayed. Thismessage indicates that there is not enough space to create thestriped file system.

ncolumns

Specifies the pool(s) or disk(s) for the file system. If you specifya pool or disk that does not exist, you receive an error message.You can specify more than one pool or disk by separating thename with a comma. Do not include a space between the commaand the name.

To find a list of pools and disks, use the Storage> pool list

command. To find a list of disks, use the Storage> disk list

command.

The disk must be part of the pool or an error message is displayed.

pool1[,disk1,...]

229Creating and maintaining file systemsCreating a file system

If you do not specify a protection option, the default is "disk."

The available options for this field are:

■ disk - Creates mirrors on separate disks.

■ pool - Creates mirrors in separate pools. If there is not enoughspace to create the mirrors, an error message is displayed,and the file system is not created.

protection

Specifies a stripe width (in kilobytes).

Possible values are the following:

■ 128

■ 256

■ 512 (default)

■ 1024

■ 2048

stripeunit=kilobytes

Specifies the block size for the file system.

Possible values of bytes are the following:

■ 1024 (default)

■ 2048

■ 4096

■ 8192

Block sizes can affect the file size. For example, to create a filesystem greater than 32 TB, the block size needs to be 8192.

blksize=bytes

Adding or removing a mirror from a file systemA mirrored file system is one that has copies of itself on other disks or pools.

To add a mirror to a file system

◆ To add a mirror to a file system, enter the following:

Storage> fs addmirror fs_name pool1[,disk1,...]

[protection=disk|pool]

Specifies which file system to add the mirror. If the specified filesystem does not exist, an error message is displayed.

fs_name

Creating and maintaining file systemsAdding or removing a mirror from a file system

230

Specifies the pool(s) or disk(s) to use for the file system. If thespecified pool or disk does not exist, an error message isdisplayed, and the file system is not created. You can specifymore than one pool or disk by separating the name with a comma,but do not include a space between the comma and the name.

To find a list of existing pools and disks, use theStorage> pool

list command.


To find a list of the existing disks, use theStorage> disk list

command.


The disk needs to be part of the pool or an error message isdisplayed.

pool1[,disk1,...]

The default value for the protection field is disk.

Available options are:

■ disk - if the protection is set todisk, then mirrorsare createdon separate disks. This flag only works for file systems of typemirrored, mirrored-striped, and striped-mirror. The disksmay or may not be in the same pool.

■ pool - if the protection is set topool, then mirrors are createdin separate pools. This flag only works for file systems of typemirrored, mirrored-striped, and striped-mirror. If not enoughspace is available, then the file system creation operationfails.

protection

For example:

Storage> fs addmirror fs1 pool3,pool4

231Creating and maintaining file systemsAdding or removing a mirror from a file system

To remove a mirror from a file system

◆ To remove a mirror from a file system, enter the following:

Storage> fs rmmirror fs_name [pool_or_disk_name]

Specifies the file system from which to remove the mirror.If you specify a file system that does not exist, an errormessage is displayed.

fs_name

Specifies the pool or the disk name to remove from themirrored file system that spans the specified pools or disks.If a pool name is the same as the disk name, then the mirrorpresent on the pool is deleted.

pool_or_disk_name

For a striped-mirror file system, if any of the disks are bad, the Storage> fs

rmmirror command disables the mirrors on the disks that have failed. If nodisks have failed, FileStore chooses a mirror to remove.

For example:

Storage> fs rmmirror fs1 AMS_WMS0_0

Adding or removing a column from a file systemYou may want to add or remove a column from a file system in specific situations.Adding columns can help to perform more I/Os in parallel, so you may want toincrease the number of columns in the file system.

Note:For a striped file system when you add a column, the layout that is displayedwhen you issue theStorage> fs list andStorage> fs list fsname commandsmay be different than the original layout of the file system while the relayout(addition of new columns) operation is in progress. The original file system layoutis displayed when the relayout operation is completed.

Creating and maintaining file systemsAdding or removing a column from a file system

232

To add a specified number of columns to a file system

◆ To add a specified number of columns to a file system, enter the following:

Storage> fs addcolumn fs_name ncolumns pool_or_disk_name

Specifies the file system for which you want to addadditional columns.

fs_name

Specifies the number of columns that you want to add tothe file system.

Note: In the case of a striped file system, the number ofthe disks that are specified should be equal to the numberof columns (ncolumns).

Note: In the case of a mirrored-stripe and a striped-mirroredfile system, the disks should be equal to (ncolumns *number_of_mirrors_in_fs).

ncolumns

Specifies the pool or the disk name for the file system.pool_or_disk_name

For example, to add two columns to file system fs1, enter the following:

Storage> fs addcolumn fs1 2 pool3

To remove a column from a file system

◆ To remove a column from a file system, enter the following:

Storage> fs rmcolumn fs_name

where fs_name is the name of the file system for which you want to removethe column.

For example:

Storage> fs rmcolumn fs1

Checking and resynchronizing stale mirrorsYou can check if there is a stale mirror on any of your file systems. If there is astale mirror, the stale mirror needs to be resynchronized, and theresynchronization process needs to be verified.

233Creating and maintaining file systemsChecking and resynchronizing stale mirrors

To check if there are stale mirrors on your file systems

◆ To check if your file systems contain a stale mirror, enter the following:

Storage> fs checkmirror

For example, to display the file systems that have a stale mirror, enter thefollowing:

Storage> fs checkmirror

fs_name:

--------

mirror3

To resynchronize all stale mirrors or a stale mirror for a specified file system

◆ To resynchronize all stale mirrors or a stale mirror for a specified file system,enter the following:

Storage> fs resync [fs_name]

where fs_name is the name of the specified file system where you want toresynchronize for stale mirrors.

If you do not include fs_name, you resynchronize all the stale mirrors for allyour file systems.

For example, to resynchronize all stale mirrors for all file systems, enter thefollowing:

Storage> fs resync

Resync stale mirror for file systems are started in background.

For example, to resynchronize all stale mirrors for a specified file system,enter the following:

Storage> fs resync mirror3

Resync stale mirror for file system mirror3 is started in

background.

Creating and maintaining file systemsChecking and resynchronizing stale mirrors

234

To verify the resynchronization process for your stale mirrors

◆ To verify the resynchronization process for your stale mirrors, enter thefollowing:

Storage> fs checkresync

For example, to display the resynchronization progress running in thebackground, enter the following:

Storage> fs checkresyncFS MIRROR TYPE PROGRESS START_TIME WORK_TIME==================================================================================alltask_roll tier 1 ROLLBACK 0.16% Jun/20/2011/19:12:45 0:0:3alltask_roll tier 2 ROLLBACK 0.29% Jun/20/2011/19:12:45 0:0:3alltask tier 1,mirror 02 RESYNC 1.56% Jun/20/2011/21:20:02 0:4:18alltask tier 2,mirror 02 RESYNC 0.21% Jun/20/2011/21:33:20 0:0:4fsrelayout tier 1 RELAYOUT 0.04% Jun/20/2011/21:48:02 0:26:15fsrelayout tier 2 RELAYOUT 9.44% Jun/20/2011/21:48:28 0:25:49

REMAINING_TIME==============30:2917:014:30:5432:031119:33:444:07:40

Note: If a column addition to a file system is in progress, the output of theStorage> fs checkresync command will include RELAYOUT status.

Configuring FastResync for a file systemIf the power fails or a switch fails mirrors in a file system may not be in a consistentstate.

The Storage> fs setfastresync (Fast Mirror Resynchronization (FastResync))command keeps the mirrors in the file system in a consistent state.

Note:You must have at least two mirrors on the file system to enable FastResync.The setfastresync command is enabled by default.

235Creating and maintaining file systemsConfiguring FastResync for a file system

To enable the FastResync option

◆ To enable FastResync, enter the following:

Storage> fs setfastresync fs_name [pool_or_disk_name]

Specifies the name of the file system for which to enableFastResync. If you specify a file system that does not exist,an error message is displayed. If the FastResync on thespecified file system already has FastResync enabled, anerror message is displayed, and no action is taken.

fs_name

Specifies the pool or the disk name to resynchronize fromthe mirrored file system that spans the specified pool ordisk. If you specify a pool or disk that is not part of themirrored file system, an error message is displayed, and noaction is taken.

pool_or_disk_name

For example, to enable FastResync for a file system, enter the following:

Storage> fs setfastresync fs6

Disabling the FastResync option for a file systemYou can disable the FastResync option for a file system.

Note:When instant rollbacks exist for a volume, you cannot disable the FastResyncoption for a file system.

To disable the FastResync option

◆ To disable the FastResync option, enter the following:

Storage> fs unsetfastresync fs_name

where fs_name specifies the name of the file system for which to disableFastResync. If you specify a file system does not exist, an error message isdisplayed.

For example:

Storage> fs unsetfastresync fs6

Creating and maintaining file systemsDisabling the FastResync option for a file system

236

Increasing the size of a file systemTo increase the size of a file system, it must be online. If the file system is notonline, an error message is displayed, and no action is taken.

To increase the size of a file system to a specified size

◆ To increase the size of a file system to a specified size, enter the following:

Storage> fs growto {primary|secondary} fs_name new_length

[pool1[,disk1,...]]


For example:

Storage> fs growto primary fs1 1G

If no pool is specified with the command, the disks for growing the file systemcan be taken from any available pool. The protection flag takes the defaultvalue of disk in this case. The value of the protection field cannot be set topoolwhen no pool is specified with the command. This operation may convertthe layout of the file system if the command determines that the new filesystem is too large for the original layout.

To increase the size of a file system by a specified size

◆ To increase the size of a file system by a specified size, enter the following:

Storage> fs growby {primary|secondary} fs_name length_change

[pool1[,disk1,...]]


For example:

Storage> fs growby primary fs1 50M

If no pool is specified with the command, the disks for growing the file systemcan be taken from any available pool. The protection flag takes the defaultvalue of disk in this case. The value of the protection field cannot be set topoolwhen no pool is specified with the command. This operation may convertthe layout of the file system if the command determines that the new filesystem is too large for the original layout.

Specifies the primary or the secondary tier.primary|secondary

Specifies the file system whose size is increased. If you specifya file system that does not exist, an error message is displayed.

fs_name

237Creating and maintaining file systemsIncreasing the size of a file system

Expands the file system to a specified size. The size that youspecify must be a positive number, and it must be bigger thanthe size of the existing file system. If the new file system is notlarger than the size of the existing file system, an error messageis displayed, and no action is taken.

This variable is used with theStorage> fs growto command.

new_length

Expands the file system by a specified size. The size that youspecify must be a positive number, and it must be lesser than theavailable space. If it exceeds the available space, an error messageis displayed, and no action is taken.

This variable is used with theStorage> fs growby command.

length_change

Specifies the pool(s) or disk(s) to use for the file system. If youspecify a pool or disk that does not exist, an error message isdisplayed, and the file system is not resized. You can specify morethan one pool or disk by separating the name with a comma;however, do not include a space between the comma and thename.

To find a list of existing pools and disks, use theStorage> pool

list command.


To find a list of the existing disks, use theStorage> disk list

command.


The disk needs to be part of the pool or an error message displays.

pool1[,disk1,...]

The default value for the protection field is disk.


■ disk - if the protection is set todisk, then mirrors are createdon separate disks. This flag only works for file systems of typemirrored, mirrored-striped, and striped-mirror. The disksmay or may not be in the same pool.

■ pool - if the protection is set topool, then mirrors are createdin separate pools. This flag only works for file systems of typemirrored, mirrored-striped, and striped-mirror. If not enoughspace is available, then the file system creation operationfails.

protection

Creating and maintaining file systemsIncreasing the size of a file system

238

Decreasing the size of a file systemYou can decrease the size of the file system.

To decrease the size of the file system, it must be online. If the file system is notonline, an error message is displayed, and no action is taken.

You cannot decrease the size of a file system if a rollback exists. Delete the rollbackfirst before using the Storage> fs shrinkto or Storage> fs shrinkby

commands.

To decrease the size of a file system to a specified size

◆ To decrease the size of a file system, enter the following:

Storage> fs shrinkto {primary|secondary} fs_name new_length

For example:

Storage> fs shrinkto primary fs1 10M

To decrease the size of a file system by a specified size

◆ To decrease the size of a file system, enter the following:

Storage> fs shrinkby {primary|secondary} fs_name length_change

For example:

Storage> fs shrinkby primary fs1 10M

Specifies the primary or the secondary tier.primary | secondary

Specifies the file system whose size decreases. If you specifya file system that does not exist, an error message isdisplayed.

fs_name

Specifies the size to decrease the file system to. The sizethat you specify must be a positive number, and it must besmaller than the size of the existing file system. If the newfile system size is not smaller than the size of the existingfile system, an error message is displayed, and no action istaken.

new_length

Decreases the file system by a specified size. The size thatyou specify must be a positive number, and it must besmaller than the size of the existing file system. If the newfile system size is not smaller than the size of the existingfile system, an error message is displayed, and no action istaken.

length_change

239Creating and maintaining file systemsDecreasing the size of a file system

Checking and repairing a file systemThe Storage> fs fsck command lets you check and repair a file system whilethe file system is offline.

The Storage> fs fsck command tries to perform a normal fsck (check and repair)of the file system first, but if the fullfsck option is set, the command proceedsdepending on the input that is provided by the user.

In most cases, a normal fsck (only log replay) is sufficient to repair a file system.In cases where there is structural damage to the file system's metadata, a full fsckof the file system may be necessary to repair the file system.

Warning: Using the Storage> fs fsck command on an online file system candamage the data on the file system. Only use the Storage> fs fsck commandon a file system that is offline.

Creating and maintaining file systemsChecking and repairing a file system

240

To check and repair a file system

241Creating and maintaining file systemsChecking and repairing a file system

◆ To check and repair a file system, enter the following:

Storage> fs fsck fs_name

where fs_name specifies the file system for which you want to check andrepair.

For example:

Storage> fs fsck fs1

Do you want to do fsck without log replay? yes|no

n

File system fs1 fsck successfully

Storage>



y

File system fs1 fsck successfully

Storage>



n

File system fs1 marked for full fsck. Running full fsck may take

long time for completion.

Do you want to continue? yes|no

n

File system fs1 full fsck canceled.

Storage>



n

File system fs1 marked for full fsck. Running full fsck may take

long time for completion.

Do you want to continue? yes|no

y

Storage>

You can run other command, and you can check the fullfsck status by

Storage>fs list fs1

General Info:

===============

Block Size: 1024 Bytes

Version: Version 8

test_01: offline

test_02: offline

Primary Tier

Creating and maintaining file systemsChecking and repairing a file system

242

============

Size: 1.00G

Use%: -

Layout: simple

Mirrors: -

Columns: -

Stripe Unit: 0.00 K

FastResync: Disabled

Mirror 1:

List of pools: pool

List of disks: disk_4 disk_5

Defrag Status: Not Running

Fullfsck Status: Done successfully

Changing the status of a file systemThe Storage> fs online or Storage> fs offline command lets you mount(online) or unmount (offline) a file system. You cannot access an offline file systemfrom a client.

243Creating and maintaining file systemsChanging the status of a file system

To change the status of a file system

◆ To change the status of a file system, enter one of the following, dependingon which status you use:

Storage> fs online fs_name

Storage> fs offline fs_name

where fs_name specifies the name of the file system that you want to mount(online) or unmount (offline). If you specify a file system that does not exist,an error message is displayed.

For example, to bring a file system online:

Storage> fs list

FS STATUS SIZE LAYOUT MIRRORS COLUMNS USE%

=== ====== ==== ====== ======= ======= ====

fs1 online 5.00G simple - - 10%

fs2 offline 10.00M simple - - -

NFS CIFS SECONDARY POOL

SHARED SHARED TIER LIST

======= ======= ========= =====

no no no pool1

no no no pool2

Storage> fs online fs2

100% [#] Online filesystem

Storage> fs list

FS STATUS SIZE LAYOUT MIRRORS COLUMNS USE%

=== ====== ==== ====== ======= ======= ====

fs1 online 5.00G simple - - 10%

fs2 online 10.00M simple - - 100%

NFS CIFS SECONDARY POOL

SHARED SHARED TIER LIST

======= ======= ========= ====

no no no pool1

no no no pool2

For example, to place a file system offline:

Storage> fs offline fs1

100% [#] Offline filesystem

Creating and maintaining file systemsChanging the status of a file system

244

Defragmenting a file systemTo defragment a file system

◆ To defragment a file system, enter the following:

Storage> fs defrag fs_name time

Specifies the name of the file system that you want to defragment.

Note: The specified file system must be online before attemptingto defragment the file system.

fs_name

Specifies the maximum time to run. The defragmentation optionsare processed until defragmentation is complete, or until thetime limit expires. The time value should be larger than oneminute.

Potential time value output and what the values mean:

■ 10M - indicates 10 minutes

■ 1H20M - indicates 1 hour and 10 minutes

■ Infinite - indicates the defragmentation process continues torun until the defragmentation process is done completely.

There is no limit time.

time


For example:

Storage>fs defrag fs0 1H10M

The file system fs0 is offline, please online fs0 before

defragmentation


it will take some time to do the defragmentation

do you want to continue? yes|no

n

Defragmentation cancelled for fs1


it will take some time to do the defragmentation

do you want to continue? yes|no

y

Storage>

You can run other command, and you can check the defragment status by

Storage>fs list fs1

General Info:

===============

245Creating and maintaining file systemsDefragmenting a file system


test_01: offline

test_02: offline

Primary Tier

============

Size: 1.00G

Use%: -

Layout: simple

Mirrors: -

Columns: -

Stripe Unit: 0.00 K


Mirror 1:

List of pools: pool

List of disks: disk_4 disk_5

Defrag Status: Done successfully

Fullfsck Status: Not Running

Destroying a file systemThe Storage> fs destroy command unmounts a file system and releases itsstorage back to the storage pool. You cannot destroy the file systems that CIFSor NFS share.

To destroy a file system

◆ To destroy a file system, enter the following:

Storage> fs destroy fs_name

where fs_name specifies the name of the file system that you want to destroy.

For example:


100% [#] Destroy filesystem

About snapshotsA snapshot is a virtual image of the entire file system. You can create snapshotsof a parent file system on demand. Physically, it contains only data thatcorresponds to the changes that are made in the parent, and so consumessignificantly less space than a detachable full mirror.

Creating and maintaining file systemsDestroying a file system

246

Snapshots are used to recover from data corruption. If files, or an entire filesystem, are deleted or become corrupted, you can replace them from the latestuncorrupted snapshot. You can mount a snapshot and export it as if it were acomplete file system. Users can then recover their own deleted or corrupted files.You can limit the space snapshots consume by setting a quota on them. If the totalspace that snapshots consume remains above the quota, FileStore rejects attemptsto create additional ones.

You can create a snapshot by either using the snapshot create command or bycreating a schedule that calls the snapshot create command depending on thevalues that are entered for the number of hours or minutes after which thiscommand should run. This method automatically creates the snapshot by storingthe following values in the crontab: minutes, hour, day-of-month, month, andday-of-week.

Table 8-3 Snapshot commands

DefinitionCommand

A storage snapshot is a copy of a set of files and directories as theywere at a particular point in the past. FileStore supports file systemlevel snapshots.

FileStore limits the space a snapshot can use. Snapshots use free spacein the file system from which they were taken.

See “Creating snapshots” on page 248.

snapshot create

Lists all the snapshots for the specified file system. If you do notspecify a file system, snapshots of all the file systems are displayed.

See “Displaying snapshots” on page 249.

snapshot list

Deletes a snapshot.

See “Configuring snapshots” on page 250.

snapshot destroy

Mounts a snapshot.


snapshot online

Unmounts a snapshot.


snapshot offline

Displays snapshot information for all the file systems.


snapshot quota list

247Creating and maintaining file systemsAbout snapshots

Table 8-3 Snapshot commands (continued)

DefinitionCommand

Disables the creation of snapshots on the given file system when thefile system snapshots use space that exceeds a given capacity. Thespace that the snapshots use is restricted.


snapshot quota on

Enables the creation of snapshots on the given file system when thefile system snapshots use space that exceeds a given capacity. Thespace that the snapshots use is not restricted.


snapshot quota off

Restore the given file system by a given snapshot.


snapshot restore

Creating snapshotsTo create a snapshot

◆ To create a snapshot, enter the following:

Storage> snapshot create snapshot_name

fs_name [removable]

Specifies the name for the snapshot.

Note: The following are reserved words for snapshot name:flags, ctime, and mtime.

snapshot_name

Specifies the name for the file system.fs_name

Valid values are:

■ yes

■ no

If the removable attribute is yes, and the file system isoffline, the snapshot is removed automatically if the filesystem runs out of space.

The default value is removable=no.

removable

For example:

Storage> snapshot create snapshot1 fs1

100% [#] Create snapshot

Creating and maintaining file systemsAbout snapshots

248

Displaying snapshotsTo display snapshots

◆ To display snapshots, enter the following:

Storage> snapshot list [fs_name] [schedule_name]

Displays all of the snapshots of the specified file system. If you do not specify a file system, snapshotsof all of the file systems are displayed.

fs_name

Displays the schedule name. If you do not specify a schedule name, then snapshots created underfs_name are displayed.

schedule_name

Storage> snapshot listSnapshot FS Status=================================== == ======snap2 fs1 offlinesc1_24_Jul_2009_21_34_01_IST fs1 offlinesc1_24_Jul_2009_19_34_02_IST fs1 offlinepresnap_sc1_24_Jul_2009_18_34_02_IST fs1 offlinesc1_24_Jul_2009_17_34_02_IST fs1 offline

ctime mtime Removable Preserved Size==================== ==================== ========= ========= ====2009.Jul.27.02:40:43 2009.Jul.27.02:40:57 no No 190.0M2009.Jul.24.21:34:03 2009.Jul.24.21:34:03 yes No 900.0M2009.Jul.24.19:34:04 2009.Jul.24.19:34:04 yes No 7.0G2009.Jul.24.18:34:04 2009.Jul.24.18:34:04 yes Yes 125M2009.Jul.24.17:34:04 2009.Jul.24.17:34:04 yes No 0K

Displays the name of the created snapshots.Snapshot

Displays the file systems that correspond to each created snapshots.FS

Displays whether or not the snapshot is mounted (that is, online or offline).Status

Displays the time the snapshot was created.ctime

Displays the time the snapshot was modified.mtime

Determines if the snapshot should be automatically removes in case the underlying file system runsout of space. You entered either yes or no in the snapshot create snapshot_name fs_name

[removable]

Removable

Determines if the snapshot is preserved when all of the automated snapshots are destroyed.Preserved


Displays the size of the snapshot.Size

Configuring snapshotsTo destroy a snapshot

◆ To destroy a snapshot, enter the following:

Storage> snapshot destroy snapshot_name fs_name

Specifies the name of the snapshot to be destroyed.snapshot_name

Specifies the name of the file system to be destroyed.fs_name

For example:

Storage> snapshot destroy snapshot1 fs1

100% [#] Destroy snapshot

To mount or unmount snapshots

◆ To mount or unmount snapshots, enter one of the following commands,depending on which operation you want to perform:

Storage> snapshot online|offline snapshot_name fs_name

Specifies the name of the snapshot.snapshot_name

Specifies the name of the file system.fs_name

For example, to bring a snapshot online, enter the following:

Storage> snapshot online snapshot1 fs1

100% [#] Online snapshot

For example, to place snapshot offline, enter the following:

Storage> snapshot offline snapshot fs1

100% [#] Offline snapshot


250

To display snapshot quotas

◆ To display snapshot quotas, enter the following:

Storage> snapshot quota list

FS Quota Capacity Limit

== ===== ==============

fs1 on 1G

fs2 off 0

fs3 off 0

To enable or disable a quota limit

◆ To enable or disable a quota limit, enter the following:

Storage> snapshot quota on fs_name [capacity_limit]

Storage> snapshot quota off [fs_name]

Enables the quota limit, which disallows creation ofsnapshots on the given file system when the space used byall the snapshots of that file system exceeds a given capacitylimit.

on

Specifies the name of the file system.fs_name

You can specify a capacity limit on the number of blocksused by all the snapshots for a specified file system. Entera number that needs to be followed by K, M, G, or T (for kilo,mega, giga, or terabyte).

capacity_limit

Disables the quota capacity limit for the specified filesystem.

off

For example, to enable the snapshot quota, enter the following:

Storage> snapshot quota on fs1 1024K

Storage> snapshot quota list

FS Quota Capacity Limit

== ===== ==============

fs1 ON 1024K

For example, to disable the snapshot quota, enter the following:

Storage> snapshot quota off fs1


To restore a snapshot

◆ To restore a snapshot, enter the following:

Storage> snapshot restore snapshot_name fs_name

Specifies the name of the snapshot to be destroyed.snapshot_name

Specifies the name of the file system to be destroyed.fs_name

For example:

Storage> snapshot restore snapshot0 fs0

SFS snapshot WARNING V-288-0 Snapshot created after snapshot0

will be deleted

SFS snapshot WARNING V-288-0 Are you sure to restore file system

fs0 with snapshot ssss? (yes/no)

yes

SFS snapshot SUCCESS V-288-0 File System fs0 restored successfully

by snapshot snapshot0.

About snapshot schedulesThe Storage> snapshot schedule commands let you automatically create orremove a snapshot that stores the values for minutes, hour, day-of-the-month,month, and day-of-the-week in the crontab along with the name of the file system.

To distinguish the automated snapshots, a time stamp corresponding to theirtime of creation is appended to the schedule name. For example, if a snapshot iscreated using the name schedule1 on February 27, 2009 at 11:00 AM, the namebecomes: schedule1_Feb_27_2009_11_00_01_IST.

The crontab interprets the numeric values in a different manner when comparedto the manner in which FileStore interprets the same values. For example,snapshot schedule create schedule1 fs1 30 2 * * * automatically createsa snapshot every day at 2:30 AM, and does not create snapshots every two and ahalf hours. If you wanted to create a snapshot every two and a half hours with atmost 50 snapshots per schedule name, then run snapshot schedule create

schedule1 fs1 50 */30 */2 * * *, where the value */2 implies that theschedule runs every two hours. You can also specify a step value for the otherparameters, such as day-of-month or month and day-of-week as well, and you canuse a range along with a step value. Specifying a range in addition to thenumeric_value implies the number of times the crontab skips for a givenparameter.


252

Note: A best practice is to create only one snapshot schedule for a specified filesystem. Otherwise, when running the Storage> snapshot schedule destroyall

command, it might take a while to complete.

Note: If the master node is being rebooted, snapshot schedules will be missed ifscheduled during the reboot of the master node.

Table 8-4 Snapshot schedule commands

DefinitionCommand

Creates a schedule to automatically create a snapshot of a particularfile system.

See “Creating snapshot schedules” on page 254.

snapshot schedulecreate

Modifies the snapshot schedule of a particular filesystem.

See “Configuring snapshot schedules” on page 256.

snapshot schedulemodify

Creates a schedule to destroy all of the automated snapshots. Thisexcludes the preserved and online snapshots.


snapshot scheduledestroyall

Preserves a limited number of snapshots corresponding to an existingschedule and specific file system name. These snapshots are notremoved as part of thesnapshot schedule autoremovecommand.


snapshot schedulepreserve

Displays all schedules that have been set for automatically creatingsnapshots.


snapshot scheduleshow

Deletes the schedule set for automatically creating snapshots for aparticular file system or for a particular schedule.


snapshot scheduledelete


Creating snapshot schedulesTo create a snapshot schedule

◆ To create a snapshot schedule, enter the following:

Storage> snapshot schedule create schedule_name

fs_name max_snapshot_limit minute [hour] [day_of_the_month]

[month] [day_of_the_week]

For example, to create a schedule for an automated snapshot creation of agiven file system at 3:00 am every day, enter the following:

Storage> snapshot schedule create schedule1 fs1 100 0 3 * * *

When an automated snapshot is created, the entire date value is appended,including the time zone.

Specifies the name of the schedule corresponding to the automatically created snapshot.

The schedule_name cannot contain an underscore ('_') as part of its value. For example, sch_1is not allowed.

schedule_name

Specifies the name of the file system. The file system name should be a string.fs_name

Specifies the number of snapshots that can be created for a given file system and schedulename. This field only accepts numeric input. The range allowed for this parameter is 1-366.

This value would imply that only x number of snapshots can be created for a given file systemand schedule name. If the number of snapshots corresponding to a schedule name is equal toor greater than the value of this field, then snapshots will be automatically destroyed until thenumber of snapshots is less than the maximum snapshot limit value.

Note: If you need to save daily snapshots for up to one year, the max_snapshot_limit is366.

max_snapshot_limit

This parameter may contain either an asterisk like '*/15'', which implies every 15 minutes, ora numeric value between 0-59.

Note: If you are using the '*/xx' format, the smallest value for 'xx' is 15.

You can enter */(15-59) or a range such as 23-43. An asterisk (*) is not allowed.

minute

This parameter may contain either an asterisk, (*), which implies "run every hour," or a numbervalue between 0-23.

You can enter */(0-23), a range such as 12-21, or just the *.

hour

This parameter may contain either an asterisk, (*), which implies "run every day of the month,"or a number value between 1-31.

You can enter */(1-31), a range such ass 3-22, or just the *.

day_of_the_month


254

This parameter may contain either an asterisk, (*), which implies "run every month," or anumber value between 1-12.

You can enter */(1-12), a range such as 1-5, or just the *. You can also enter the first three lettersof any month (must use lowercase letters).

month

This parameter may contain either an asterisk (*), which implies "run every day of the week,"or a numeric value between 0-6. Crontab interprets 0 as Sunday. You can also enter the firstthree letters of the week (must use lowercase letters).

day_of_the_week

For example, to create a schedule for automated snapshot creation of a given filesystem every 3 hours on a daily basis, and only 30 snapshots can be maintainedfor a given snapshot schedule, enter the following:

Storage> snapshot schedule create schedule1 fs1 30 0 */3 * * *


Displaying snapshot schedulesTo display a snapshot schedule

◆ To display all of the schedules for automated snapshots, enter the following:

Storage> snapshot schedule show [fs_name] [schedule_name]

Displays all of the schedules of the specified file system. If nofile system is specified, schedules of all of the file systems aredisplayed.

fs_name

Displays the schedule name. If no schedule name is specified,then all of the schedules created under fs_name are displayed.

schedule_name

For example, to display all of the schedules for creating or removing snapshotsto an existing file system, enter the following:

Storage> snapshot schedule show fs3

FS Schedule Name Max Snapshot Minute Hour Day Month WeekDay

=== ============= ============ ====== ==== === ===== =======

fs3 sched1 30 */20 * * * *

fs3 sched2 20 */45 * * * *

For example, to list the automated snapshot schedules for all file systems,enter the following:

Storage> snapshot schedule show

FS Schedule Name Max Snapshot Minute Hour Day Month WeekDay

=== ============= ============ ====== ==== === ===== =======

fs6 sc1 10 */50 * * * *

fs1 sc1 10 */25 * * * *

Configuring snapshot schedulesIn some instances, snapshots may skip scheduled runs.

This may happen because of the following two reasons:

■ When a scheduled snapshot is set to trigger, the snapshot needs to gain a lockto begin the operation. If any command is issued from the CLI or is runningthrough schedules, and if the command holds a lock, the triggered snapshotschedule is not able to obtain the lock, and the scheduled snapshot fails.

■ When a scheduled snapshot is set to trigger, the snapshot checks if there isany instance of a snapshot creation process running. If there is a snapshot


256

creation process running, the scheduled snapshot aborts, and a snapshot isnot created.

To modify a snapshot schedule

◆ To modify a snapshot schedule, enter the following:

Storage> snapshot schedule modify schedule_name fs_name

max_snapshot_limit minute [hour]

[day_of_the_month] [month] [day_of_the_week]

For example, to modify the existing schedule so that a snapshot is created at2:00 am on the first day of the week, enter the following:

Storage> snapshot schedule modify schedule1 fs1 *2**1

To remove all snapshots

◆ To automatically remove all of the snapshots created under a given scheduleand file system name (excluding the preserved and online snapshots), enterthe following:

Storage> snapshot schedule destroyall schedule_name fs_name

Example 1: If you try to destroy all automated snapshots when two of theautomated snapshots are still mounted, FileStore returns an appropriateerror, and other automated snapshots under the given schedule and filesystem are destroyed.

Storage> snapshot schedule destroyall schedule1 fs1

SFS snapshot ERROR V-288-1074 Cannot destroy snapshot(s)

schedule1_7_Dec_2009_17_58_02_UTC schedule1_7_Dec_2009_16_58_02_UTC

in online state.

Example 2: If you try to destroy all automated snapshots (which are in anoffline state), the operation completes successfully.

Storage> snapshot schedule destroyall schedule2 fs1

100% [#] Destroy automated snapshots


To preserve snapshots

◆ To preserve a number of snapshots corresponding to an existing scheduleand specific file system name, enter the following:

Storage> snapshot schedule preserve schedule_name fs_name

snapshot_name

For example, to preserve a snapshot created according to a given scheduleand file system name, enter the following:

Storage> snapshot schedule preserve schedule fs1

schedule1_Feb_27_16_42_IST

To delete a snapshot schedule

◆ To delete a snapshot schedule, enter the following:

Storage> snapshot schedule delete fs_name [schedule_name]

For example:

Storage> snapshot schedule delete fs1

About instant rollbacksThe Storage> rollback commands manage volume-level snapshots. All rollbackcommands take a file system name as an argument and perform operations onthe underlying volume of that file system.

Both space-optimized and full-sized rollbacks are supported by FileStore.Space-optimized rollbacks use a storage cache, and do not need a complete copyof the original volume's storage space. However, space-optimized rollbacks arenot suitable for write-intensive volumes, because the copy-on-write mechanismmay degrade the performance of the volume. Full-sized rollbacks use more storage,but that has little impact on write performance after synchronization is completed.

Both space-optimized rollbacks and full-sized rollbacks can be used instantly afteroperations such as create, restore, or refresh.

Note:When instant rollbacks exist for a volume, you cannot disable the FastResyncoption for a file system.

Creating and maintaining file systemsAbout instant rollbacks

258

Table 8-5 Rollback snapshot commands

DefinitionCommand

Creates a shared cache object.

See “Creating a shared cache object for a FileStore instantrollback” on page 265.

rollback cache create

Destroys a shared cache object.

See “Destroying a cache object of a FileStore instant rollback”on page 269.

rollback cache destroy

Displays a list of shared cache objects.

See “Listing cache objects ” on page 267.

rollback cache list

Creates a space-optimized instant rollback for a specified filesystem.

See “Creating a FileStore space-optimized rollback” on page 260.

rollback createspace-optimized

Creates a full-sized instant rollback for a specified file system.

See “Creating a full-sized rollback” on page 261.

rollback createfull-sized

Destroys an instant rollback.

See “Destroying an instant rollback” on page 265.

rollback destroy

Displays a list of instant rollbacks.

See “Listing FileStore instant rollbacks” on page 262.

rollback list

Refreshes instant rollback data.

See “Refreshing an instant rollback from a file system”on page 263.

rollback refresh

Restores instant rollback data.

See “Restoring a file system from an instant rollback” on page 262.

rollback restore

Mounts an instant rollback so that it will be available forread/write access.

See “Making an instant rollback go online” on page 264.

rollback online

Unmounts an instant rollback.

See “Making an instant rollback go offline” on page 264.

rollback offline

When creating instant rollbacks for volumes bigger than 1T, there may be errormessages such as the following:

259Creating and maintaining file systemsAbout instant rollbacks

SFS instant_snapshot ERROR V-288-1487 Volume prepare for full-fs1-1

failed.

An error message may occur because the default amount of memory allocated fora Data Change Object (DO) may not be large enough for such big volumes. Youcan use the vxtune command to change the value. The default value is 6M, whichis the memory required for a 1T volume.

To change it to 15M, use the following command:

vxtune volpagemod_max_memsz èxpr 15 \* 1024 \* 1024`

Creating a FileStore space-optimized rollbackTo create a FileStore space-optimized rollback

◆ To create a FileStore space-optimized rollback for a specified file system,enter the following:

Storage> rollback create space-optimized rollback_name

fs_name [cacheobj]

Indicates the name of the rollback.rollback_name

Indicates the name of the file system for where to create thespace-optimized rollback.

fs_name

Indicates the cache object name. If the cache object is specified,then the shared cache object is used. Or FileStore automaticallycreates a cache object for the rollback.

cacheobj

For example:

Storage> rollback create space-optimized snap4 fs4

100%[#] Create rollback


260

Creating a full-sized rollbackTo create a full-sized rollback for a specified file system

◆ To create a FileStore space-optimized rollback for a specified file system,enter the following:

Storage> rollback create full-sized rollback_name

fs_name pool

Indicates the name of the rollback.rollback_name

Indicates the name of the file system for where to create thefull-sized rollback.

fs_name

Indicates the name of the pool for where to create the full-sizedrollback.

The disks used for the rollback are allocated from the specifiedpool.

pool

For example:

Storage> rollback create full-sized snap5 fs4 pool1

100%[#] Create rollback


Listing FileStore instant rollbacksTo list FileStore instant rollbacks

◆ To list FileStore instant rollbacks, enter the following:

Storage> rollback list [fs_name]

where fs_name is the name of the file system where you want to list the instantrollbacks.

If no file system is specified, instant rollbacks are displayed for all the filesystems.

For example:

Storage> rollback list

NAME TYPE FILESYSTEM SNAPDATE

roll5 fullinst fs4 2010/10/15 20:04

roll1 spaceopt bigfs 2010/10/15 17:03

Storage> rollback list fs4

NAME TYPE SNAPDATE CHANGED_DATA SYNCED_DATA

roll5 fullinst 2010/10/15 20:04 640K(0.1%) 800M(100%)

Restoring a file system from an instant rollbackPrior to restoring a file system by a specified rollback, the file system should beoffline.



262

To restore a file system from an instant rollback

1 To restore a file system from an instant rollback, enter the following:

Storage> rollback restore fs_name rollback_name

Indicates the name of the file system that you want to restore.fs_name

Indicates the name of the rollback that you want to restore.rollback_name

For example, to restore a file system by a given instant rollback, enter thefollowing:

Storage> rollback restore fs4 snap4

2 Re-online the file system.

See “Making an instant rollback go online” on page 264.

Re-onlining a file system may take some time depending on the size of thefile system.

Refreshing an instant rollback from a file systemTo refresh an instant rollback from a file system

◆ To refresh an instant rollback from a file system, enter the following:

Storage> rollback refresh rollback_name fs_name

Indicates the name of the rollback that you want to refresh.rollback_name

Indicates the name of the file system that you want torefresh.

fs_name

For example:

Storage> rollback refresh roll5 fs4 SFS rollback WARNING V-288-0

rollback roll5 will be refreshed to filesystem fs4 SFS rollback

WARNING V-288-0 Are you sure to refresh rollback roll5 with

filesystem fs4? (yes/no) yes 100% [#] Refresh rollback SFS rollback

SUCCESS V-288-0 snapshot roll5 refreshed successfully from fs fs4


Making an instant rollback go onlineYou can choose to online an instant rollback and use it as a live file system. If theoriginal file system is offline for some reason, the instant rollback can be used asa backup.

When a instant rollback is mounted and written to with new data, the instantrollback may no longer be suitable for use in restoring the contents of the originalvolume. If you chose to write to an instant rollback, create another instant rollbackas a backup of the original file system.

Making an instant rollback go online

◆ To make an instant rollback go online, enter the following:

Storage> rollback online rollback_name fs_name

Indicates the name of the rollback that you want to go online.rollback_name

Indicates the name of the file system that you want to go online.fs_name

For example:

Storage> rollback online snap1

Online the filesystem of rollback "snap1"

The instant rollback is available for read/write access just as the file system.

Making an instant rollback go offlineMaking an instant rollback go offline

◆ To make an instant rollback go offline, enter the following:

Storage> rollback offline rollback_name fs_name

Indicates the name of the rollback that you want to go offline.rollback_name

Indicates the name of the file system that you want to go offline.fs_name

For example:

Storage> rollback offline snap1 fs1

Offline the filesystem of snapshot "snap1"


264

Destroying an instant rollbackThe instant rollback must be in the offline state before it can be destroyed.


To destroy an instant rollback

◆ To destroy an instant rollback, enter the following:

Storage> rollback destroy rollback_name fs_name

Indicates the name of the rollback that you want to destroy.rollback_name

Indicates the name of the file system that you want todestroy.

fs_name

For example:

Storage> rollback destroy snap1 myfs2

Destroy the snapshot "snap1" of filesystem "myfs2"

Creating a shared cache object for a FileStore instant rollbackYou can create a shared cache object for a FileStore instant rollback.Space-optimized rollbacks use a storage cache to save the data. Using a sharedcache object, cache storage can be shared by all the space-optimized rollbacks.


To create a shared cache object for a FileStore instant rollback

◆ To create a shared cache object for a FileStore instant rollback, enter thefollowing:

Storage> rollback cache create cache_name [cache_size] [pool]

Indicates the name of the cache object you want to createfor the instant rollback.

cache_name

Indicates the cache size for the instant rollback. Cache sizecan be specified in any units, such as M, G, or T.

The size of the shared cache object should be sufficient torecord changes to the file system during intervals betweeninstant rollback refreshes. By default, the size of the cacheobject for an instant rollback is 20% of the total size of theparent file system.

The size of the cache object is dependent on yourenvironment.

cache_size

Indicates the pool for storing the cache object for the instantrollback.

For better performance, the pool used for thespace-optimized rollback should be different from the poolused by the file system.

pool

For example:

Storage> rollback cache create mycache 500m pool1

Create a shared cache object "mycache" with the disks from "pool1",

the size is 500m


266

To convert an existing file system into a cache object with a file type of striped

◆ Run theStorage> rollback cache create command without thecache_sizeand pool parameters:

Storage> rollback cache create cache_name

cache_name should be the same as an existing file system name that is to beconverted.

There will be a confirmation message in the FileStore CLI asking if you wantto convert the specified file system to a cache object. In this way, you cancreate cache objects with any kind of file system type.

For example, the commands used to create a cache object with a file systemtype of striped are listed as follows:

Storage> fs create striped cobj1 100m 2 pool0

100% [#] Creating striped filesystem

Storage> rollback cache create cobj1

SFS rollback WARNING V-288-0 Filesystem cobj1 will be converted to

cache object.

All data on Filesystem cobj1 will be lost

SFS rollback WARNING V-288-0 Are you sure you want to convert cobj1

to a cache object? (yes/no)

yes

100% [#]

Storage> rollback cache list

CACHE NAME TOTAL(Mb) USED(Mb) (%) AVAIL(Mb) (%) SDCNT

cache1 15 15 (100) 0 (0) 2

cobj1 100 4 (4) 96 (96) 0

Listing cache objectsThe Storage> rollback cache list command allows you to list the FileStoreinstant rollbacks that are using a cache object.


To list cache objects for FileStore instant rollbacks

◆ To list cache objects for FileStore instant rollbacks, enter the following:

Storage> rollback cache list [cache_name]

where cache_name is the name of the cache object you want to display forthe instant rollbacks. When cache_name is specified, the instant rollbacksthat are using the cache object are listed.

The disabled cache object is listed with '-' as the attribute. cache2and mycache

are in the DISABLED state.

For example:

Storage> rollback cache list

CACHE NAME TOTAL(Mb) USED(Mb) (%) AVAIL(Mb) (%) SDCNT

cache1 15 15 (100) 0 (0) 2

cobj1 100 4 (4) 96 (96) 0

cache2 - - - - - -

mycache - - - - - -

SDCNT is the number of subdisks that have been created on the cache object.

If the cache object is disabled for some reason, it will automatically berestarted when the Storage> rollback cache list cache_name commandis run.

For example:

Storage> rollback cache list cache2

rollbacks located on cache cache2:

roll3

SFS rollback WARNING V-288-0 Cache object cache2 was DISABLED, trying

to restart it.

SFS rollback INFO V-288-0 Cache object cache2 started successfully.

You can choose to start the cache object, or destroy it after destroying all theinstant rollbacks located on it.

See “Destroying a cache object of a FileStore instant rollback” on page 269.

If you did not assign a cache object, a cache object is internally created forthe instant rollback.


268

Destroying a cache object of a FileStore instant rollbackTo destroy a cache object of a FileStore instant rollback

◆ To destroy a cache object of a FileStore instant rollback, enter the following:

Storage> rollback cache destroy cache_name

where cache_name is the name of the cache object that you want to destroy.

For example:

Storage> rollback cache destroy mycache

You can only destroy the cache object if there is no instant rollback that isusing this cache object.

About setting up file system alerts for file systemusage

The Storage> fs alert commands allow you to set, unset alerts by file systemusage and display current disk usage and alert values. You can set alerts basedon the number of inodes used or the file system space used.

Table 8-6 File system alerts commands

DescriptionCommand

Sets file system alerts based on file system usage.

See “Setting file system alerts” on page 269.

fs alert set

Unsets file system alerts.

See “Unsetting file system alerts” on page 271.

fs alert unset

Displays the current disk space usage and the alert value.

See “Displaying file system alerts” on page 271.

fs alert show

Setting file system alertsYou can set file system alerts based on usage. You can either set the alert basedon the number of inodes used or the file system space used.

File system alerts can be displayed by using the Report> showevents command.

269Creating and maintaining file systemsAbout setting up file system alerts for file system usage

To set file system alerts

◆ To set file system alerts, enter the following:

Storage> fs alert set numinodes | numspace value [fs_name]

where fs_name is the name of the file system for which you want to set thefile system alerts. fs_name is optional.

When setting the alert for numspace, value is the percentage you want to setto trigger the alert. By default, the alert is sent at 80%. The default value canbe modified by not specifying a file system name in the command.

When setting the alert for numinodes, value is the number of inodes used.The default alert value for numinodes is set at 0. An alert will not be sent untilyou set it to a different value.

Examples of alerts:

NUMSPACE alerts in Report> showevents

2011 Nov 14 23:55:02 [CLUS_01,alert,master] [[fs alert]] numspace set

at 70(%) crossed for File System fs1, current usage 98(%)

NUMINODES alert in Report> showevents

2011 Nov 15 00:05:22 [CLUS_01,alert,master] [[fs alert]] numinodes set

at 2000 crossed for File System fs1, current usage 7768

Examples for setting alerts that are file-system specific:

Storage> fs alert set numinodes 2M fs1

SFS fs SUCCESS V-288-663 Alert of type [ numinodes ] set to 2M on the

file system fs1

Storage> fs alert set numinodes 2M

SFS fs SUCCESS V-288-663 Default Alert on the file systems of type

[ numinodes ] set to 2M

Examples for default alerts:

Storage> fs alert set numspace 80 fs1

SFS fs SUCCESS V-288-663 Alert of type [ numspace ] set to 80 on

the file system fs1

Storage> fs alert set numspace 60

SFS fs SUCCESS V-288-663 Default Alert on the file systems of

type [ numspace ] set to 60

Creating and maintaining file systemsAbout setting up file system alerts for file system usage

270

Unsetting file system alertsYou can unset the alerts set on a file system. If you unset an alert on any filesystem, you receive alerts for the file systems based on the default values.

To unset file system alerts

◆ To unset file system alerts, enter the following:

Storage> fs alert unset numinodes | numspace [fs_name]

where fs_name is the name of the file system for which you want to unset thefile system alert. fs_name is optional.

Examples for unsetting alerts that are file-system specific:

Storage> fs alert unset numinodes fs1

SFS fs SUCCESS V-288-663 Alert of type [ numinodes ] set to DEFAULT

value on the file system fs1

Storage> fs alert unset numspace fs1

SFS fs SUCCESS V-288-663 Alert of type [ numspace ] set to DEFAULT

value on the file system fs1

Examples of default alerts for unsetting alerts:

Storage> fs alert unset numinodes

SFS fs SUCCESS V-288-663 Alert of type [ numinodes ] set to

Default value 0

Storage> fs alert unset numspace

SFS fs SUCCESS V-288-663 Alert of type [ numspace ] set to

Default value 80 (%)

Displaying file system alertsYou can display the current disk space usage and the set alert value. A D besidethe value indicates that the value is the default value used throughout the system.

271Creating and maintaining file systemsAbout setting up file system alerts for file system usage

To display file system alerts

◆ To display file system alerts, enter the following:

Storage> fs alert show

For example:

Storage> fs alert show

File System Alert Type Value Current Usage

=========== ========== ========= =============

fs0 numspace 80% (D) 2%

fs0 numinodes 6500 1000

fs1 numspace 80% (D) 2%

fs1 numinodes 8000 10000

fs4 numspace 80(D)% 3%

fs4 numinodes 2000000 (D) 4

About the Partition SecureNotification (PSN) featureFileStore is integrated with Symantec Enterprise Vault, a data archivingapplication, such that FileStore can be used as a backend data store for non-WORMand WORM files for Enterprise Vault. Enterprise Vault can be configured to retainoriginal items that have been archived until the vault store partition has beenbacked up. Enterprise Vault provides a safety copy setting for each vault store forthe above purpose. The safety copy setting can be set to various values likeImmediatelyAfterArchive or Afterbackup. To support the Afterbackup option,the vault store, for example, in this case, FileStore has to provide a notificationto Enterprise Vault after it has successfully made a redundant copy of the data.Enterprise Vault can then remove the safety copies. Enterprise Vault also createsshortcuts and placeholders at this time, if Enterprise Vault is configured to do so.For more information about Enterprise Vault, refer to the Symantec EnterpriseVault Administrator's Guide.

Note:To configure Enterprise Vault to work with partitions supported by FileStore,when the Enterprise Vault Administration Console (VAC) asks you to input theLocation for the new Vault Store Partition, enter the following as an example:\\10.209.105.101\myshare_myfs1\test\. The final backslash (\) needs to be enteredto add the partition.

The Partition Secure Notification (PSN) feature refers to the FileStore featurethat provides the above-mentioned notifications to Enterprise Vault. This featureis supported when either an NDMP backup or the FileStore replication service is

Creating and maintaining file systemsAbout the Partition Secure Notification (PSN) feature

272

used. After each NDMP backup or replication session is completed, PSN finds thelist of all Enterprise Vault partitions in PSN-enabled file systems, and notifiesEnterprise Vault by creating an .xml file in the partition roots in an EnterpriseVault-specified format.

Enabling the Partition Secure Notification (PSN) featureThe Storage> fs evpsn enable command enables the Enterprise Vault (EV)Partition Secure Notification (PSN) feature on the specified file system. Thespecified file system must be online to enable this feature.

To enable the Partition Secure Notification (PSN) feature

◆ To enable the PSN feature, enter the following:

Storage> fs evpsn enable fs_name

where fs_name is the specified file system where you want to enable the PSNfeature.

For example:

Storage> fs evpsn enable fs1

SFS fs SUCCESS V-288-650 evpsn enabled on fs1 successfully.

Disabling the Partition Secure Notification (PSN) featureThe Storage > evpsn disable command disables the Enterprise Vault (EV)Partition Secure Notification (PSN) feature on the specified file system. Thespecified file must be online to disable this feature.

To disable the Partition Secure Notification (PSN) feature

◆ To disable the PSN feature, enter the following:

Storage> fs evpsn disable fs_name

where fs_name is the specified file system where you want to disable the PSNfeature.

For example:

Storage> fs evpsn disable fs1

SFS fs SUCCESS V-288-652 evpsn disabled on fs1 successfully.

273Creating and maintaining file systemsAbout the Partition Secure Notification (PSN) feature

Listing the online file systems that have the Partition SecureNotification (PSN) feature enabled

The Storage> fs evpsn list command displays the list of online file systemsthat have the Enterprise Vault (EV) Partition Secure Notification (PSN) featureenabled.

To list the online file systems that have the Partition Secure Notification (PSN)feature enabled

◆ To list the online file systems that have the Partition Secure Notification(PSN) feature enabled, enter the following:

Storage> fs evpsn list

For example:

Storage> fs evpsn list

FS

============

fs1

Upgrading a file system to the current layout forrunning deduplication

FileStore deduplication will not work if the file system layout is not at the currentversion. The Storage> fs upgrade file_system_name command upgrades thefile system layout to the current version.

Note: The file system needs to be online for this command to proceed.

See “About data deduplication” on page 137.

You can find information about the file system version by using the Storage> fs

list file_system_name command.

Creating and maintaining file systemsUpgrading a file system to the current layout for running deduplication

274

To upgrade a file system to the current layout for running deduplication

275Creating and maintaining file systemsUpgrading a file system to the current layout for running deduplication

◆ To upgrade a file system to the current layout, enter the following:

Storage> fs upgrade file_system_name

Storage> fs upgrade fs1

Upgrading the file system, are you sure that you want to upgrade

the file system, the operation is irreversible, please enter yes/no

yes

SFS fs INFO V-288-670 Proceeding with fs upgrade operation ...

SFS fs SUCCESS V-288-1833 file system upgraded to version 8.

Storage> fs upgrade fs1

SFS fs ERROR V-288-646 File system fs1 is already at upgraded

version 8.

Storage> fs upgrade fssim

SFS fs ERROR V-288-685 fssim must be online to perform upgrade

operation.

Example output displaying the file system layout prior to upgrading a filesystem version:

Storage> fs list fssim

General Info:

===============


Layout: Version 7

d188_01: offline

d188_02: offline

Primary Tier

============

Size: 200.00M

Use%: -

Layout: simple

Mirrors: -

Columns: -

Stripe Unit: 0.00 K


Mirror 1:

List of pools: pd1

List of disks: fas2700_0




276

Example output displaying the file system layout after upgrading a file systemversion:

Storage> fs list fssim

General Info:

===============


Layout: Version 8

d188_01: online

d188_02: online

Primary Tier

============

Size: 200.00M

Use%: 3%

Layout: simple

Mirrors: -

Columns: -

Stripe Unit: 0.00 K


Mirror 1:

List of pools: pd1

List of disks: fas2700_0



277Creating and maintaining file systemsUpgrading a file system to the current layout for running deduplication


278

Using Symantec FileStoreas a CIFS server


■ About configuring FileStore for CIFS

■ About configuring CIFS for standalone mode

■ Configuring CIFS server status for standalone mode

■ About configuring CIFS for NT domain mode

■ Configuring CIFS for the NT domain mode

■ About leaving an NT domain

■ Changing NT domain settings

■ Changing security settings

■ Changing security settings after the CIFS server is stopped

■ About Active Directory (AD)

■ Using the Active Directory CLI wizard for configuring Active Directory

■ About configuring CIFS for Active Directory (AD) domain mode

■ About setting NTLM

■ Setting NTLM

■ About setting trusted domains

■ About storing account information

9Chapter

■ Storing user and group accounts

■ About reconfiguring the CIFS service

■ Reconfiguring the CIFS service

■ About managing CIFS shares

■ Sharing file systems using CIFS and NFS protocols

■ About mapping user names for CIFS/NFS sharing

■ About load balancing for the normal clustering mode

■ About load balancing for the ctdb clustering mode

■ About managing home directories

■ About ctdb clustering modes

■ Exporting a directory as a CIFS share

■ Exporting the same file system/directory as a different CIFS share

■ About switching the clustering mode

■ About migrating CIFS shares and home directories

■ Setting the aio_fork option

■ Setting the netbios aliases for the CIFS server

■ About managing local users and groups

■ Enabling CIFS data migration

About configuring FileStore for CIFSThe Common Internet File System (CIFS), also known as the Server Message Block(SMB), is a network file sharing protocol that is widely used on Microsoft andother operating systems. This chapter describes the initial configuration of theFileStore CIFS service on two clustering modes and three operating modes, andhow to reconfigure the FileStore CIFS service when, some CIFS settings arechanged.

The following clustering modes are supported by FileStore:

■ Normal

Using Symantec FileStore as a CIFS serverAbout configuring FileStore for CIFS

280

■ Clustered Trivial Database (CTDB) - a cluster implementation of the TDB(Trivial database) based on the Berkeley database API

The following operating modes are supported by FileStore:

■ User

■ Domain

■ ADS

Each clustering mode supports all of the three operating modes. The ctdb clusteringmode is a different clustered implementation of FileStore CIFS, which supportsalmost all of the features that are supported by normal clustering mode as wellas some additional features.

Additional features supported in ctdb clustering mode:

■ Directory-level share support

■ Multi-instance share export of a file system/directory

■ Simultaneous access of a share from multiple nodes and therefore better loadbalancing

See “About ctdb clustering modes” on page 354.

FileStore can be integrated into a network that consists of machines runningMicrosoft Windows. You can control and manage the network resources by usingActive Directory or NT workgroup domain controllers.

Before you use FileStore with CIFS, you must have administrator-level knowledgeof the Microsoft operating systems, Microsoft services, and Microsoft protocols(including Active Directory and NT services and protocols).

You can find more information about them at: www.microsoft.com.

To access the commands, log into your administrative console (master,system-admin, or storage-admin) and enter CIFS> mode.


When serving the CIFS clients, FileStore can be configured to operate in one ofthe operating mode environments described in Table 9-1.

281Using Symantec FileStore as a CIFS serverAbout configuring FileStore for CIFS

http://www.microsoft.com

Table 9-1 CIFS operating mode environments

DefinitionMode

Information about the user and group accounts is stored locally onFileStore. FileStore also authenticates users locally using the Linuxpassword and group files. This mode of operation is provided forFileStore testing and may be appropriate in other cases, for example,when FileStore is used in a small network and is not a member of aWindows security domain. In this mode of operation, you must createthe local users and groups; they can access the shared resources subjectto authorization control.

Standalone

FileStore becomes a member of an NT4 security domain. The domaincontroller (DC) stores user and group account information, and theMicrosoft NTLM or NTLMv2 protocol authenticates.

NT Domain

FileStore becomes a member of an AD security domain and isconfigured to use the services of the AD domain controller, such asDNS, LDAP, and NTP. Kerberos, NTLMv2, or NTLM authenticate users.

Active Directory

When FileStore operates in the NT or AD domain mode, it acts as a domain memberserver and not as the domain controller.

About configuring CIFS for standalone modeIf you do not have an AD server or NT domain controller, you can use FileStoreas a standalone server. FileStore is used in standalone mode when testing FileStorefunctionality and when it is not a member of a domain.

Before you configure the CIFS service for the standalone mode, do the following:

■ Make sure that the CIFS server is not running.

■ Set security to user.

■ Start the CIFS server.

To make sure that the configuration has changed, do the following:

■ Check the server status.

■ Display the server settings.

Using Symantec FileStore as a CIFS serverAbout configuring CIFS for standalone mode

282

Table 9-2 Configure CIFS for standalone mode commands

DefinitionCommand

Checks the status of the CIFS server.

See “Configuring CIFS server status for standalone mode” on page 284.

server status

Stops the CIFS server if it is running.


server stop

Checks the security setting.


show

Sets security to user. This is the default value.

In standalone mode you do not need to set the domaincontroller,domainuser, or domain.


set security user

Starts the service in standalone mode.


server start

283Using Symantec FileStore as a CIFS serverAbout configuring CIFS for standalone mode

Configuring CIFS server status for standalone modeTo check the CIFS server status

1 To check the status of the CIFS server, enter the following:

CIFS> server status

Be default, security is set to user, the required setting for standalone mode.The following example shows that security was previously set to ads.

For example:

CIFS> server status

CIFS Status on sfs_01 : ONLINE


Homedirfs : fs1

Security : ads

Domain membership status : Disabled

Domain : SYMANTECDOMAIN.COM

Domain Controller : SYMSERVER

Domain User : administrator

Clustering Mode : normal

2 If the server is running, enter the following:

CIFS> server stop

Stopping CIFS Server.....Success.

Using Symantec FileStore as a CIFS serverConfiguring CIFS server status for standalone mode

284

To check the security setting

1 Check the current settings before setting security, enter the following:

CIFS> show

For example:

Name Value

---- -----

netbios name ctdb

netbios aliases

ntlm auth yes


homedirfs

aio size 1024



security ads




Clustering Mode normal

2 To set security to user, enter the following:

CIFS> set security user

Global option updated. Note: Restart the CIFS server.

285Using Symantec FileStore as a CIFS serverConfiguring CIFS server status for standalone mode

To start the CIFS service in standalone mode

1 To start the service in standalone mode, enter the following:

CIFS: server start

Starting CIFS Server.....Success.

2 To display the new settings, enter the following:

CIFS> show

For example:

Name Value

---- -----


netbios aliases

ntlm auth yes


homedirfs

aio size 1024



security user





3 To make sure that the server is running in standalone mode, enter thefollowing:

CIFS> server status

For example:

CIFS> server status



Homedirfs : fs1

Security : user


The CIFS service is now running in standalone mode.

Using Symantec FileStore as a CIFS serverConfiguring CIFS server status for standalone mode

286

See “About managing local users and groups” on page 371.

See “About managing CIFS shares” on page 329.

About configuring CIFS for NT domain modeBefore you configure the CIFS service for the NT domain mode, do the following:

■ Make sure that an NT domain has already been configured.

■ Make sure that FileStore can communicate with the domain controller (DC)over the network.

■ Make sure that the CIFS server is stopped.

■ Set the domain user, domain, and domain controller.

■ Set the security to domain.


To make sure that the configuration has changed, do the following:

■ Check the server status.

■ Display the server settings.

Table 9-3 Configuring CIFS for NT domain mode commands

DefinitionCommand

Sets the name of the domain user. The credentials of the domainuser will be used at the domain controller while joining thedomain. Therefore the domain user should be an existing NTdomain user who has permission to perform the join domainoperation.

See “Configuring CIFS for the NT domain mode” on page 289.

set domainuser

Sets the name for the NT domain that you would like FileStoreto join and become a member.


set domain

287Using Symantec FileStore as a CIFS serverAbout configuring CIFS for NT domain mode

Table 9-3 Configuring CIFS for NT domain mode commands (continued)

DefinitionCommand

Sets the domain controller server names. You can pass acomma-separated list of primary and backup domain controllerserver names.

Note: If security is set to domain, you can use both the AD serverand the Windows NT 4.0 domain controller as domain controllers.However, if you use the Windows NT 4.0 domain controller, youcan only use the netbios name of the domain controller to set thedomaincontroller parameter.


set domaincontroller

Before you set the security for the domain, you must set thedomaincontroller, domainuser, and domain.


set security

Sets the workgroup name. If the name of the WORKGROUP orNETBIOS domain name is different from the domain name, usethis command to set the WORKGROUP name.


set workgroup

The server joins the NT domain only when the server is startedafter issuing the CIFS> set security command.


server start

Using Symantec FileStore as a CIFS serverAbout configuring CIFS for NT domain mode

288

Configuring CIFS for the NT domain modeTo set the domain user name for NT mode

1 To verify that the CIFS server is stopped, enter the following:

CIFS> server status

2 If the server is running, stop the server. enter the following:

CIFS> server stop

3 To set the user name, enter the following:

CIFS> set domainuser username

whereusername is an existing NT domain user who has permission to performthe join domain operation.

For example:

CIFS> set domainuser administrator


To set the domain for the NT domain node

◆ To set the domain, enter the following:

CIFS> set domain domainname

where domainname is the name of the domain that FileStore will join.

For example:

CIFS> set domain SYMANTECDOMAIN.COM


289Using Symantec FileStore as a CIFS serverConfiguring CIFS for the NT domain mode

To set the domain controller server names for the NT domain mode

◆ To set the domain controller server names, enter the following:

CIFS> set domaincontroller servernames

where servernames is a comma-separated list of primary and backup domaincontroller server names. The server name is the netbios name if it is aWindows NT 4.0 domain controller.

For example, if the domain controller is a Windows NT 4.0 domain controller,enter the server name SYMSERVER:

CIFS> set domaincontroller SYMSERVER


To set security to domain for the NT domain mode

◆ To set security to domain, enter the following:

CIFS> set security security

Enter domain for security.

CIFS> set security domain


To set the workgroup name for the NT domain mode

◆ To set the workgroup name if the WORKGROUP or NetBIOS domain name isdifferent from the domain name, enter the following:

CIFS> set workgroup workgroup

where workgroup sets the WORKGROUP name. If the name of theWORKGROUP or NetBIOS domain name is different from the domain name,use this command to set the WORKGROUP name.

For example, if SIMPLE is the name of the WORKGROUP you want to set, youwould enter the following:

CIFS> set workgroup SIMPLE

Though the following symbols $,( ), ', and & are valid characters for naminga WORKGROUP, the FileStore CIFS implementation does not allow usingthese symbols.

Using Symantec FileStore as a CIFS serverConfiguring CIFS for the NT domain mode

290

To start the CIFS server for the NT domain mode

1 To start the CIFS server, enter the following:

CIFS> server start

You are prompted for a domainuser password by:

CIFS> server start

Trying to become a member in domain SYMANTECDOMAIN.COM ...

Enter password for user 'administrator':

When you enter the correct password, the following messages appear:

Joined domain SYMANTECDOMAIN.COM OK


2 To find the current settings for the domain name, domain controller name,and domain user name, enter the following:

CIFS> show

3 To make sure that the service is running as a member of the NT domain, enterthe following:

CIFS> server status

For example:

CIFS> server status



Homedirfs : fs1

Security : domain

Domain membership status : Enabled





The CIFS service is now running in the NT domain mode. You can export theshares, and domain users can access the shares subject to authentication andauthorization control.

291Using Symantec FileStore as a CIFS serverConfiguring CIFS for the NT domain mode

About leaving an NT domainThere is no FileStore command that lets you leave an NT domain. It happensautomatically when the security or domain settings change, and then starts orstops the CIFS server. Thus, FileStore provides the domain leave operationdepending on existing security and domain settings and new administrativecommands. However, the leave operation requires the credentials of the olddomain’s user.

See “Changing NT domain settings” on page 292.

Table 9-4 Change NT domain settings commands

DefinitionCommand

Sets the domain.

When you change any of the domain settings and you restart the CIFSserver, the CIFS server leaves the old domain. Thus, when a changeis made to either one or more of the domain, domain controller, ordomain user settings, and the next time the CIFS server is started, theCIFS server first attempts to leave the existing join, and then joinsthe NT domain with the new settings.

See “Changing NT domain settings” on page 292.

set domain

Sets the security user.

When you change the security setting, and you start or stop the CIFSserver, the CIFS server leaves the existing NT domain. For example,if you change the security setting from domain to user and you stopor restart the CIFS server, it leaves the NT domain.

See “Changing security settings” on page 294.

If the CIFS server is already stopped, and you change the security toa value other than domain, FileStore leaves the domain. This methodof leaving the domain is provided so that if a CIFS server is alreadystopped, and may not be restarted soon, you have a way to leave anexisting join to the NT domain.

See “Changing security settings after the CIFS server is stopped”on page 294.

set security user

Changing NT domain settingsEach case assumes that the FileStore cluster is part of an NT domain.

Using Symantec FileStore as a CIFS serverAbout leaving an NT domain

292

To verify if cluster is part of NT domain

◆ To verify if your cluster is part of the NT domain, enter the following:

CIFS> server status



Homedirfs : fs1

Security : domain






To change domain settings

1 To stop the CIFS server, enter the following:

CIFS> server stop


2 To change the domain, enter the following:

CIFS> set domain newdomain.com


where newdomain.com is the new domain name.

When you start the CIFS server, the CIFS server tries to leave the existingdomain. This requires the old domainuser to enter their password. After thepassword is supplied, and the domain leave operation succeeds, the CIFSserver joins an NT domain with the new settings.


CIFS> server start

Disabling membership in existing domain SYMANTECDOMAIN.COM

Enter password for user 'administrator' of domain SYMANTECDOMAIN.COM :

Left domain SYMANTECDOMAIN.COM

Trying to become a member in domain NEWDOMAIN.COM


293Using Symantec FileStore as a CIFS serverChanging NT domain settings

Changing security settingsTo change security settings

◆ To set the security to user, enter the following:



To stop the CIFS server:

CIFS> server stop


Enter password for user 'administrator' of domain

SYMANTECDOMAIN.COM :



Changing security settings after the CIFS server isstopped

To change security settings for a CIFS server that has been stopped

◆ To set security to a value other than domain, enter the following:







If the server is stopped, then changing the security mode will disable themembership of the existing domain.

About Active Directory (AD)In order to provide CIFS services, FileStore must be able to authenticate withinthe Windows environment.

Active Directory (AD) is a technology created by Microsoft that provides a varietyof network services including LDAP directory services, Kerberos-based

Using Symantec FileStore as a CIFS serverChanging security settings

294

authentication, Domain Name System (DNS) naming, secure access to resources,and more.

Configuring entries for NTP for authenticating to Active Directory (AD)FileStore will not join the AD domain if its clock is excessively out-of-sync withthe clock on the AD domain controller. Ensure that Network Time Protocol (NTP)is configured on FileStore, preferably on the same NTP server as the AD domaincontroller.

To configure NTP on FileStore for authenticating to Active Directory

1 To set the NTP server on all of the nodes in the cluster, enter the followingcommand:

System> ntp servername server-name

where server-name specifies the server name or the IP address you want toset.

Ensure that the NTP service is enabled with the correct IP address of the NTPserver.

For example:

System> ntp servername 10.182.128.180

2 To enable the NTP server on all of the nodes in the cluster, enter the followingcommand:

System> ntp enable

3 To display the NTP server on all of the nodes in the cluster, enter the followingcommand:

System> ntp show

4 To check the FileStore clock, enter the following command:

System> clock show

Configuring entries for FileStore DNS for authenticating to ActiveDirectory (AD)

Name resolution must be configured correctly on FileStore. Domain Name System(DNS) is usually used for name resolution.

295Using Symantec FileStore as a CIFS serverAbout Active Directory (AD)

To configure entries for FileStore DNS for authenticating to Active Directory

1 Create an entry for the FileStore cluster name.

The cluster name is chosen at the time of installation, and it cannot be resetafterwards. It is also the NetBios name of the cluster, hence it must resolveto an IP address.

2 Configure the FileStore cluster name in DNS so that queries to it return theVirtual IP Addresses (VIPs) associated with the FileStore cluster in around-robin fashion.

This is done by creating separate A records that map the cluster name to eachVIP. So, if there are four VIPs associated with the FileStore cluster (notincluding special VIPs for backup, replication, Symantec AntiVirus forFileStore, and so on), then there must be four A records mapping the clustername to the four VIPs.

Using Symantec FileStore as a CIFS serverAbout Active Directory (AD)

296

3 Verify that the DNS server has correct entries for FileStore by querying froma client:

myclient:~ # nslookup myfilestore

Server: 10.182.108.75

Address: 10.182.108.75#53

Name: myfilestore.sfstest-ad2.local

Address: 10.182.96.31


Address: 10.182.96.30


Address: 10.182.96.29


Address: 10.182.96.28

In the above scenario, the DNS server at 10.182.108.75, with domain namesfstest-ad2.local, has been configured so that queries formyfilestore.sfstest-ad2.local rotate in a round-robin manner among IPaddresses ranging from 10.182.96.28 through 10.182.96.31. All of these areVIPs associated with the FileStore cluster named myfilestore.

After configuring the DNS server correctly, FileStore must be configured asa DNS client.

This is done during installation, but may be modified by using the followingcommands:

Network> dns set domainname sfstest-ad2.local

Network> dns set nameservers 10.182.108.75

Network> dns enable


4 Verify that DNS client parameters are set correctly by entering the followingcommand:

Network> dns show

5 Ensure host resolution is querying DNS by checking nsswitch:


hosts: files dns

In the above scenario, host resolution first looks at files, and then DNS.

Configuring name resolution correctly is critical in order to successfully joinFileStore to Active Directory.

Joining FileStore to Active Directory (AD)To join FileStore to Active Directory (AD)

1 To stop the CIFS server, enter the following command.

CIFS> server stop

2 To set the domain, enter the following command:

CIFS> set domain sfstest-ad2.local

In this example, it is the same as the DNS domain name.

This is the domain name of Active Directory.

3 To set the domain controller, enter the following command:

CIFS> set domaincontroller 10.182.108.75

In this example, it is the same as the DNS server that was configured earlier.

This is the IP address of the Active Directory Domain Controller. However,this is not a requirement . The DNS server and Active Directory can run ondifferent servers, and hence this IP address may be different from the IPaddress of the DNS server.

4 To set the domain user, enter the following command:

CIFS> set domainuser newuser

This is a user whose credentials are used to join the Active Directory domain.The domainuser must have Domain Join privilege into the Active Directorydomain. The domainuser need not be Administrator.

Using Symantec FileStore as a CIFS serverAbout Active Directory (AD)

298

5 To set the security style, enter the following command:

CIFS> set security ads

The other two supported security styles are user for local users and domain

for NT Domains. For authenticating to Active Directory, use the ads securitystyle.

6 To start the CIFS server, enter the following command:

CIFS> server start

FileStore displays the time on the cluster as well as the time on the ActiveDirectory Domain Controller.

If NTP has been configured correctly, then there will be no time skew.

Otherwise, you will need to reconfigure NTP correctly.

See “Configuring entries for NTP for authenticating to Active Directory (AD)”on page 295.

You will be prompted to enter the password of domainuser.


Verifying that FileStore has joined Active Directory (AD) successfullyTo verify that FileStore has joined Active Directory (AD) successfully

◆ To verify that FileStore has joined Active Directory successfully, enter thefollowing command:

CIFS> server status

For example:

CIFS> server status

CIFS Status on ctdb_01 : ONLINE


Homedirfs : fs2,fs6

Security : ads



Workgroup : SYMANTECDOMAIN




Refer to the Domain membership status line of the output to verify that theFileStore cluster has joined the domain (displays as Enabled) if the join issuccessful.

If the cluster did not join the domain, an informative error message is providedindicating why the FileStore cluster cannot join the domain.

Using the Active Directory CLI wizard for configuringActive Directory

About configuring CIFS for Active Directory (AD)domain mode

This section assumes that an Active Directory (AD) domain has already beenconfigured and that FileStore can communicate with the AD domain controller(DC) over the network. The AD domain controller is also referred to as the ADserver.

Using Symantec FileStore as a CIFS serverUsing the Active Directory CLI wizard for configuring Active Directory

300

Table 9-5 Configure CIFS for AD domain mode commands

DefinitionCommand

Sets the name of the domain user. The domain user's credentialswill be used at the domain controller while joining the domain.Therefore, the domain user should be an existing AD user whohas the permission to perform the join domain operation.

See “Configuring CIFS for the AD domain mode” on page 302.

set domainuser

Sets the name of the domain for the AD domain mode thatFileStore will join.


set domain

Sets the domain controller server name.


set domaincontroller

Sets security for the domain.

You must first set the domaincontroller, domainuser, anddomain.


set security

Sets the workgroup name. If the name of the WORKGROUP orNETBIOS domain name is different from the domain name, usethis command to set the WORKGROUP name.


set workgroup

Starts the server.

The CIFS server joins the Active Directory domain only when theserver is started after issuing the CIFS> set security

command.


server start

301Using Symantec FileStore as a CIFS serverAbout configuring CIFS for Active Directory (AD) domain mode

Configuring CIFS for the AD domain modeTo set the domain user for AD domain mode


CIFS> server status

2 If the server is running, stop the server. enter the following:

CIFS> server stop

3 To set the domain user, enter the following:


where username is the name of an existing AD domain user who haspermission to perform the join domain operation.

For example:



To set the domain for AD domain mode

◆ To set the domain for AD domain mode, enter the following:


where domainname is the name of the domain.

For example:

CIFS> set domain SYMANTECDOMAIN.COM


Using Symantec FileStore as a CIFS serverAbout configuring CIFS for Active Directory (AD) domain mode

302

To set the domain controller for AD domain mode

◆ To set the domain controller, enter the following:

CIFS> set domaincontroller servername

where servername is the server's IP address or DNS name.

For example, if the server SYMSERVER has an IP address of 172.16.113.118,you can specify one of the following:



or



To set security to ads

◆ To set security to ads, enter the following:

CIFS> set security security

Enter ads for security.



To set the workgroup

◆ To set the workgroup name if the WORKGROUP or NetBIOS domain name isdifferent from the domain name, enter the following:

CIFS> set workgroup workgroup

where workgroup sets the WORKGROUP name. If the name of theWORKGROUP OR NetBIOS domain name is different from the domain name,use this command to set the WORKGROUP name.

For example, if SIMPLE is the name of the WORKGROUP you want to set, youwould enter the following:

CIFS> set workgroup SIMPLE

Though the following symbols $,( ), ', and & are valid characters for naminga WORKGROUP, the FileStore CIFS implementation does not allow usingthese symbols.


To start the CIFS server


CIFS> server start

The skew of the system clock with respect to

Domain controller is: -17 seconds

Time on Domain controller : Thu Dec 4 05:21:47 2008

Time on this system : Thu Dec 4 05:22:04 PST 2008

If the above clock skew is greater than that allowed by the server,

then the system won't be able to join the AD domain

Trying to become a member in AD domain SYMANTECDOMAIN.COM ...


After you enter the correct password for the user administrator belongingto AD domain SYMANTECDOMAIN.COM, the following message appears:



2 To make sure that the service is running, enter the following:

CIFS> server status



Homedirfs : fs1

Security : ads






The CIFS server is now running in the AD domain mode. You can export theshares, and the domain users can access the shares subject to the ADauthentication and authorization control.


304

Using multi-domain controller support in CIFSFileStore allows you to set a comma-separated list of primary and backup domaincontrollers for the given domain.

For example:

CIFS> set domaincontroller SYMSERVER1,SYMSERVER2,SYMSERVER3


You will need to stop and start the CIF server.

See “Reconfiguring the CIFS service” on page 327.

To display the list of domain controllers

◆ To display the list of domain controllers, enter the following:

CIFS> show

Name Value

---- -----

netbios name sfs

ntlm auth yes


homedirfs

aio size 1024

idmap backend rid 10000-1000000


security ads



Domain Controller SYMSERVER1 SYMSERVER2 SYMSERVER3


If the primary domain controller goes down, the CIFS server tries the nextdomain controller in the list until it receives a response. You should alwayspoint FileStore to the trusted domain controllers to avoid any security issues.FileStore will not perform list reduction or reordering, instead it will use thelist as it is. So, avoid entering the redundant name for the same domaincontroller.

About leaving an AD domainThere is no FileStore command that lets you leave an AD domain. It happensautomatically as a part of change in security or domain settings, and then startsor stops the CIFS server. Thus, FileStore provides the domain leave operation


depending on existing security and domain settings and new administrativecommands. However, the leave operation requires the credentials of the olddomain’s user. All of the cases for a domain leave operation have been documentedin Table 9-6.

Table 9-6 Change AD domain mode settings commands

DefinitionCommand

Sets the domain.

When you change any of the domain settings and you restart the CIFSserver, the CIFS server leaves the old domain. Thus, when a changeis made to either one or more of domain, domain controller, or domainuser settings, and the next time the CIFS server is started, the CIFSserver first attempts to leave the existing join and then joins the ADdomain with the new settings.

See “Changing domain settings for AD domain mode” on page 306.

set domain

Sets the security user.

If you change the security setting from ads to user and you stop orrestart the CIFS server, it leaves the AD domain.

When you change the security setting, and you stop or restart theCIFS server, the CIFS server leaves the existing AD domain. Forexample, the CIFS server leaves the existing AD domain if the existingsecurity isads, and the new security is changed touser, and the CIFSserver is either stopped, or started again.


If the CIFS server is already stopped, changing the security to a valueother thanads causes FileStore to leave the domain. Both the methodsmentioned earlier require either stopping or starting the CIFS server.This method of leaving the domain is provided so that if a CIFS serveris already stopped, and may not be restarted in near future, you shouldhave some way of leaving an existing join to AD domain.


set security user

Changing domain settings for AD domain modeEach case assumes that the FileStore cluster is part of an AD domain.


306

To verify cluster is part of an AD domain

◆ To verify that you cluster is part of an AD domain, enter the following:

CIFS> server status

CIFS Status on SFS_01 : ONLINE


Homedirfs : fs1

Security : ads







To change domain settings for AD domain mode

1 To stop the CIFS server, enter the following:

CIFS> server stop


2 To change the domain, enter the following:

CIFS> set domain newdomain.com

When you start the CIFS server, it tries to leave the existing domain. Thisrequires the old domainuser to enter its password. After the password issupplied, and the domain leave operation succeeds, the CIFS server joins anAD domain with the new settings.


CIFS> server start

Disabling membership in existing AD domain SYMANTECDOMAIN.COM




The skew of the system clock with respect to Domain controller is:

-18 seconds

Time on this system: Thu Dec 4 05:21:47 2008

Time on this system : Thu Dec 4 05:22:04 PST 2008



Trying to become a member in AD domain NEWDOMAIN.COM...



308

To change the security settings for the AD domain mode

◆ To set the security to user, enter the following:



To stop the CIFS server:

CIFS> server stop





Left AD domain SYMANTECDOMAIN.COM

Changing security settings with stopped server on the AD domain mode

◆ To set security to a value other than ads, enter the following:






Removing the AD interfaceYou can remove the FileStore cluster from the AD domain by using the ActiveDirectory interface.

To remove the FileStore cluster

1 Open the interface Active Directory Users and Computers.

2 In the domain hierarchy tree, click on Computers.

3 In the details pane, right-click the computer entry corresponding to FileStore(this can be identified by the FileStore cluster name) and click Delete.

About setting NTLMWhen you use FileStore in NT or AD domain mode, there is an optionalconfiguration step that can be done. You can disable the use of Microsoft NTLM(NT LAN Manager) protocol for authenticating users.

309Using Symantec FileStore as a CIFS serverAbout setting NTLM

When FileStore CIFS service is running in the standalone mode (with security setto user) some versions of the Windows clients require NTLM authentication tobe enabled. You can do this by setting CIFS> set ntlm_auth to yes.

When NTLM is disabled and you use FileStore in the NT domain mode, the onlyprotocol available for user authentication is Microsoft NTLMv2. When NTLM isdisabled and you use FileStore in AD domain mode, the available authenticationprotocols is Kerberos and NTLMv2. The one used depends on the capabilities ofboth the FileStore clients, and domain controller. If no special action is taken,FileStore allows the NTLM protocol to be used.

For any specific CIFS connection, all the participants, that is the client machine,FileStore and domain controller select the protocol that they all support and thatprovides the highest security. In the AD domain mode, Kerberos provides thehighest security. In the NT domain mode, NTLMv2 provides the highest security.

Table 9-7 Set NTLM commands

DefinitionCommand

Disables NTLM.

See “Setting NTLM” on page 311.

set ntlm_auth no

Enables NTLM.

See “Setting NTLM” on page 311.

set ntlm_auth yes

Using Symantec FileStore as a CIFS serverAbout setting NTLM

310

Setting NTLMTo disable NTLM


CIFS> server stop


2 To disable NTLM, enter the following:

CIFS> set ntlm_auth no

For example:

CIFS> set ntlm_auth no


3 To start the CIFS service, enter the following:

CIFS> server start


To enable NTLM


CIFS> server stop


2 To enable the NTLM protocol, enter the following:

CIFS> set ntlm_auth yes

For example:

CIFS> set ntlm_auth yes


3 To start the CIFS service, enter the following:

CIFS> server start


311Using Symantec FileStore as a CIFS serverSetting NTLM

About setting trusted domainsThe Microsoft Active Directory supports the concept of trusted domains. Whenyou authenticate users, you can configure domain controllers in one domain totrust the domain controllers in another domain. This establishes the trust relationbetween the two domains. When FileStore is a member in an AD domain, bothFileStore and the domain controller are involved in authenticating the clients.You can configure FileStore to support or not support trusted domains.

Table 9-8 Set trusted domains commands

DefinitionCommand

Enables the use of trusted domains in the AD domain mode.

Note: If the security mode is user, it is not possible to enableAD trusted domains. All the IDMAP backend methods (rid, ldap,and hash) are able to support trusted domains.

See “Setting Active Directory trusted domains” on page 322.

setallow_trusted_domainsyes

Disables the use of trusted domains in the AD domain mode.

See “Setting Active Directory trusted domains” on page 322.

setallow_trusted_domainsno

Allowing trusted domains access to CIFS when setting an LDAP IDMAPbackend to rid

To allow trusted domains access to CIFS when setting LDAP IDMAP backend to rid

1 If the CIFS server is running, enter the following:

CIFS> server stop


2 To set the idmap_backend to rid, enter the following:

CIFS> set idmap_backend rid


3 To set allow_trusted_domains to yes, enter the following:

CIFS> set allow_trusted_domains yes


Using Symantec FileStore as a CIFS serverAbout setting trusted domains

312

4 To start the CIF server again, enter the following:

CIFS> server start


5 To verify the CIFS server status when there are trusted domains, enter thefollowing:

CIFS> server status



Homedirfs : homefs

Security : ads







Trusted Domains : SYMANTECDOMAIN1 [SYMANTECDOMAIN2]

SYMANTECDOMAIN3

Domain names containing square brackets indicate that the domain used tobe a trusted domain, but the domain is currently obsolete.

Allowing trusted domains access to CIFS when setting an LDAP IDMAPbackend to ldap

To allow trusted domains access to CIFS when setting an LDAP IDMAP backend toldap

1 To configure AD as an LDAP IDMAP backend, follow the steps provided at:

See “About configuring Windows Active Directory as an LDAP IDMAP backendfor FileStore for CIFS” on page 315.


CIFS> server stop


3 To set idmap_backend to ldap, enter the following:

CIFS> set idmap_backend ldap


313Using Symantec FileStore as a CIFS serverAbout setting trusted domains




5 To restart the CIFS server again, enter the following:

CIFS> server start



CIFS> server status



Homedirfs : homefs

Security : ads







Trusted Domains : SYMANTECDOMAIN1 SYMANTECDOMAIN2

SYMANTECDOMAIN3

Allowing trusted domains access to CIF when setting an LDAP IDMAPbackend to hash

To allow trusted domains access to CIF when setting an LDAP IDMAP backend tohash


CIFS> server stop


2 To set idmap_backend to hash, enter the following:

CIFS> set idmap_backend hash



314





CIFS> server status



Homedirfs : homefs

Security : ads







Trusted Domains : SYMANTECDOMAIN1 SYMANTECDOMAIN2

SYMANTECDOMAIN3

About configuring Windows Active Directory as an LDAP IDMAPbackend for FileStore for CIFS

The FileStore CIFS server requires equivalent UNIX identities for Windowsaccounts to service requests from Windows clients. In the case of trusted domains,FileStore has to store the mapped UNIX identities (IDMAP) in a centralizeddatabase that is accessible from each of the cluster nodes.

Active Directory (AD), as with any LDAP V3 compliant directory service, canfunction as the backend for FileStore CIFS IDMAP backend storage. When theFileStore CIFS server joins a Windows Active Directory Domain as a memberserver, and you want to use LDAP as an IDMAP backend, then it is necessary tocreate an Active Directory application partition for the IDMAP database. Tosupport the creation of an Active Directory application partition, Windows 2003R2 and above version is required.

Active Directory application partition provides the ability to control the scope ofreplication and allow the placement of replicas in a manner more suitable fordynamic data. As a result, the application directory partition provides thecapability of hosting dynamic data in the Active Directory server, thus allowingADSI/LDAP access to it.


By extending the AD schema with the necessary CIFS-schema extensions, andcreating an AD application partition, it is possible to store CIFS IDMAP data entriesin AD, using one or more domain controllers as IDMAP LDAP backend servers.Also, it is possible to replicate this information in a simple and controlled mannerto a subset of AD domain controllers located either in the same domain or indifferent domains in the AD forest.

Note: A single domain user account is used, for example, cifsuser for settingapplication partition Access Control List (ACL) settings. Make sure the selecteduser naming context has no space key inside (for example,CN=cifsuser1,CN=Users,DC=example,DC=com). A sample AD server is used, forexample, adserver.example.com. Use relevant values when configuring your ADserver.

Configuring the Active Directory schema with CIFS-schema extensionsTo extend the Active Directory schemawith the necessary CIFS-schema extensions

1 Login with SchemaAdmins privileges on the Active Directory Forest SchemaMaster domain controller.

2 Download ADCIFSSchema.zip from the FileStore server(/opt/VRTSnasgw/install/ADCIFSSchema.zip) with software such asWinSCP.exe.

3 Unzip the file and open each .ldf file to perform a search and replace of thestring dc=example,dc=com, replacing the string with the top-level domaincomponent (that is, dc=yourdomain,dc=com) values for the AD forest.

4 Install the schema extensions by executing the schemaupdate.bat file fromthe command prompt.

To validate the schema extensions

1 Execute regsvr32 schmmgmt.dll in a command prompt window to installthe Active Directory Schema Snap-In on the AD server.

2 Enter mmc in Run.

3 On the File menu, click Add/Remove Snapin.

4 In Available snap-ins, click Active Directory Schema, and then click Add.


316

5 Click OK.

6 Click Attributes in the left frame, and try to find uidNumber and gidNumberin the right frame.

Validate that the uidNumber and gidNumber attributes have no minimumor maximum value setting by viewing the properties of the attribute objects.

To create an application partition

1 Open a command prompt window on the domain controller that will hold thefirst replica of the application partition.

2 Enter ntdsutil in the command prompt window.

3 At the ntdsutil command prompt, enter the following:

domain management

If you are using Windows 2008, change this command to the following:

partition management

4 At the domain management command prompt, enter the following:

connection

5 At the connection command prompt, enter the following:

connect to server adserver.example.com

6 At the connection command prompt, enter the following:

quit


7 At the domain management command prompt, enter the following such as:

create nc dc=idmap,dc=example,dc=com null

Example settings:

C:\>ntdsutil

ntdsutil: domain management

domain management: connection

server connections: connect to server adserver.example.com

Binding to adserver.example.com ...

Connected to adserver.si2m.com using credentials of locally logged

on user.

server connections: quit

domain management: create nc dc=idmap,dc=example,dc=com NULL

adding object dc=idmap,dc=example,dc=com

domain management: quit

ntdsutil: quit

Disconnecting from adserver.example.com...


318

8 Once the application partition has been created, open ADSIedit.msc fromRun,then right-click on ADSI Edit in the left frame, and click connect to ... toconnect to the application partition using the settings as indicated:

Enter Domain.Name

Select or enter a DistinguishedName or NamingContext, as in:

dc=idmap,dc=example,dc=com

Connection Point

Select or enter a domain or server, as in:

adserver.example.com

Computer


9 Once connected, select the top-level application partition (for example,dc=idmap,dc=example,dc=com) node in the left panel, and right-click toselect New then Object from the list, and then select SambaUnixIdPool.

When prompted, enter the following values:

cifsidmapOU attribute

10000uidNumber

10000gidNumber

10 Click Finish to complete the configuration.

11 Once the ou=cifsidmap,dc=idmap,dc=example,dc=com container has beencreated, right-click the object, and select properties.

12 On the Security tab, click Add, and proceed to add the cifsuser user account,and grant the account Read, Write, Create All Child Objects, and Delete AllChild Objects permissions.


320

Configuring LDAP as an IDMAP backend using the FileStore CLITo configure LDAP as an IDMAP backend using the FileStore CLI

1 Log into the FileStore cluster CLI using the master account.

2 Configure Network> ldap settings.

Example settings:

Network> ldap set basedn dc=idmap,dc=example,dc=com

Network> ldap set binddn cn=cifsuser,dc=example,dc=com

Network> ldap set rootbinddn cn=cifsuser,cn=users,dc=example,dc=com

Network> ldap set server adserver.example.com


Configuring the CIFS server with the LDAP backendTo configure the CIFS server with the LDAP backend

1 Log into the FileStore cluster CLI using the master account.

2 Set the domain, domaincontroller, and domainuser.

3 Set security to ads.

4 Set idmap_backend to ldap, and specify idmap OU as cifsidmap.

Example settings:

CIFS> set domain example.com


CIFS> set domaincontroller adserver.example.com


CIFS> set idmap_backend ldap cifsidmap

CIFS> server start

5 Start the CIFS server.

The CIFS server will take some time to import all the users from the joineddomain and trusted domain(s) to the application partition. Wait for at leastten minutes before trying to access the shares from Windows clients afterstarting the CIFS server.

To validate that IDMAP entries are being entered correctly in the ActiveDirectory application partition, connect to the Active Directory applicationpartition using an LDAP administration tool, for example, LDP or ADSIEdit.Expand the IDMAP container (ou=cifsidmap). There should be numerousentries.


Setting Active Directory trusted domainsTo enable Active Directory (AD) trusted domains


CIFS> server stop


2 To enable trusted domains, enter the following:


For example:




CIFS> server start


To disable trusted domains


CIFS> server stop


2 To disable trusted domains, enter the following:

CIFS> set allow_trusted_domains no

For example:

CIFS> set allow_trusted_domains no



CIFS> server start



322

About storing account informationFileStore maps between the domain users and groups (their identifiers) and localrepresentation of these users and groups. Information about these mappings canbe stored locally on FileStore or remotely using the DC directory service. FileStoreuses the idmap_backend configuration option to decide where this informationis stored.

This option can be set to one of the following:

Maps SIDs for domain users and groups by deriving UID and GID fromRID on the FileStore CIFS server.

rid

Stores the user and group information in the LDAP directory service.ldap

Maps SIDs for domain users and groups to 31-bit UID and GID by theimplemented hashing algorithm on the FileStore CIFS server.

hash

Note: SID/RID are Microsoft Windows concepts that can be found at:http://msdn.microsoft.com/en-us/library/aa379602(VS.85).aspx.

The rid and hash values can be used in any of the following modes of operation:

■ Standalone

■ NT domain

■ AD domain

rid is the default value for idmap_backend in all of these operational modes. Theldap value can be used if the AD domain mode is used.

323Using Symantec FileStore as a CIFS serverAbout storing account information

http://msdn.microsoft.com/en-us/library/aa379602(VS.85).aspx

Table 9-9 Store account information commands

DefinitionCommand

Configures FileStore to store information about users and groupslocally.

Trusted domains are allowed if allow_trusted_domains is set toyes. The uid_range is set to 10000-1000000 by default.

Change the default range in cases where it is not appropriate toaccommodate local FileStore cluster users, Active Directory, or trusteddomain users.

Do not attempt to modify LOW_RANGE_ID (10000) if user data hasalready been created or copied on the CIFS server. This may lead todata access denied issues since the UID changes.

See “Storing user and group accounts” on page 325.

set idmap_backendrid

Allows you to obtain the unique SID to UID/GID mappings by theimplemented hashing algorithm. Trusted domains are allowed ifallow_trusted_domains is set to yes.


set idmap_backendhash

Configures FileStore to store information about users and groups ina remote LDAP service. You can only use this command when FileStoreis operating in the AD domain mode. The LDAP service can run on thedomain controller or it can be external to the domain controller.

Note: For FileStore to use the LDAP service, the LDAP service mustinclude both RFC 2307 and proper schema extensions.

See “Configuring LDAP as an IDMAP backend using the FileStore CLI”on page 321.

This option tells the CIFS server to obtain SID to UID/GID mappingsfrom a common LDAP backend. This option is compatible with multipledomain environments. So allow_trusted_domains can be set toyes.

If idmap_backend is set to ldap, you must first configure theFileStore LDAP options using the Network> ldap commands.

See “About LDAP” on page 181.


set idmap_backendldap

Using Symantec FileStore as a CIFS serverAbout storing account information

324

Storing user and group accountsTo set idmap_backend to rid


CIFS> server stop


2 To store information about user and group accounts locally, enter thefollowing:

CIFS> set idmap_backend rid [uid_range]

whereuid_range represents the range of identifiers that are used by FileStorewhen mapping domain users and groups to local users and groups. The defaultrange is 10000-1000000.


CIFS> server start


To set idmap_backend to LDAP

1 To make sure that you have first configured LDAP, enter the following:

Network> ldap show


CIFS> server stop


3 To use the remote LDAP store for information about the user and groupaccounts, enter the following:

CIFS> set idmap_backend ldap [idmap_ou]

where idmap_ou represents the CIFS idmap Organizational Unit Name (OU)configured on the LDAP server, which is used by FileStore when mappingusers and groups to local users and groups. The default value is cifsidmap.


CIFS> server start


325Using Symantec FileStore as a CIFS serverStoring user and group accounts

To set idmap_backend to a hash algorithm


CIFS> server stop


2 To store information about user and group accounts locally, enter thefollowing:

CIFS> set idmap_backend hash


CIFS> server start


About reconfiguring the CIFS serviceSometime after you have configured the CIFS service, and used it for awhile, youneed to change some of the settings. For example, you may want to allow the useof trusted domains or you need to move FileStore from one security domain toanother. To carry out these changes, set the new settings and then start the CIFSserver. As a general rule, you should stop the CIFS service before making thechanges.

An example where FileStore is moved to a new security domain (while the modeof operation stays unchanged as, AD domain) is referenced in the section below.


This example deals with reconfiguring CIFS. So make sure that if any of the otherAD services like DNS or NTP are being used by FileStore, that FileStore has alreadybeen configured to use these services from the AD server belonging to the newdomain.

Make sure that the DNS service, NTP service and, if used as an ID mapping store,also the LDAP service, are configured as required for the new domain.

To reconfigure the CIFS service, do the following:

■ Make sure that the server is not running.

■ Set the domain user, domain, and domain controller.


Using Symantec FileStore as a CIFS serverAbout reconfiguring the CIFS service

326

Table 9-10 Reconfigure the CIFS service commands

DefinitionCommand

Changes the configuration option to reflect the values appropriatefor the new domain.


set domainuser



set domain



setdomaincontroller

Starts the server and causes it to leave the old domain and join thenew Active Directory domain.

You can only issue this command after you enter the CIFS> set

security command.


server start

Reconfiguring the CIFS serviceTo set the user name for the AD


CIFS> server status

2 If the server is running, stop the server, and enter the following:

CIFS> server stop

3 To set the user name for the AD, enter the following:


where username is the name of an existing AD domain user who haspermission to perform the join domain operation.

For example:



327Using Symantec FileStore as a CIFS serverReconfiguring the CIFS service

To set the AD domain

◆ To set the AD domain, enter the following:


where domainname is the name of the domain. This command also sets thesystem workgroup. For example:

CIFS> set domain NEWDOMAIN.COM


To set the AD server

◆ To set the AD server, enter the following:

CIFS> set domaincontroller servername

where servername is the AD server IP address or DNS name.

For example, if the AD server SYMSERVER has an IP address of172.16.113.118, you can specify one of the following:



or



If you use the AD server name, you must configure FileStore to use a DNSserver that can resolve this name.

Using Symantec FileStore as a CIFS serverReconfiguring the CIFS service

328

To start the CIFS server


CIFS> server start

The skew of the system clock with respect to Domain controller is:

3 seconds

Time on Domain controller : Fri May 30 06:00:03 2008

Time on this system : Fri May 30 06:00:00 PDT 2008


then the system won’t be able to join the AD domain




Starting CIFS Server..

2 To make sure that the service is running, enter the following:

CIFS> server status

3 To find the current settings, enter the following:

CIFS> show

About managing CIFS sharesYou can export the FileStore file systems to the clients as CIFS shares. When ashare is created, it is given a name. The name is different from the file systemname. Clients use the share name when they import the share. You create andexport a share with one command. The same command binds the share to a filesystem, and you can also use it to specify share properties.

In addition to exporting file systems as CIFS share, you can use FileStore to storethe users' home directories. Each of these home directories is called a home

directory share. Shares which are used to export ordinary file systems (that is,file systems which are not used for home directories), are called ordinary sharesto distinguish them from the home directory shares.

329Using Symantec FileStore as a CIFS serverAbout managing CIFS shares

Table 9-11 Manage the CIFS shares commands

DefinitionCommand

Displays information on one or all exported shares. The informationis displayed for a specific share includes the name of the file systemwhich is being exported and the values of the share options.

See “Setting share properties” on page 333.

share show

Exports a file system with the given sharename or re-export newoptions to an existing share. The new options are updated after thiscommand is run.

This CIFS command, which creates and exports a share, takes as inputthe name of the file system which is being exported, the share name,and optional attributes. You can use the same command for a sharethat is already exported. You can do this if it is required to modify theattributes of the exported share.

A file system used for storing users home directories cannot beexported as a CIFS share, and a file system that is exported as a CIFSshare cannot be used for storing users' home directories.


share add

Stops the associated file system from being exported. Any files anddirectories which may have been created in this file system remainintact; they are not deleted as a result of this operation.


share delete

Allows only the specified users and groups to access the share. If allis specified, then default access restrictions are restored on the share.By default, all users and groups are allowed to access the share.


share allow

Denies the specified users and groups access to the share. If all isspecified, then all the users and groups are not able to access the share.By default, none of the users or groups are denied access to the share.

Note: If a user or group is present in both the share allow andshare deny list, then access is denied to that user or group.


share deny

Allows you to modify any CIFS share.


share modify

Using Symantec FileStore as a CIFS serverAbout managing CIFS shares

330

About the CIFS export optionsThe following are the CIFS export options.

Table 9-12 CIFS export options

DefinitionCIFS export option

There is a share option which specifies if the files in the sharewill be read-only or if both read and write access will be possible,subject to the authentication and authorization checks when aspecific access is attempted. This share option can be given oneof these values, either rw or ro.

Grants read and write permission to the exported share.

rw

Grants read-only permission to the exported share. Files cannotbe created or modified.

ro (Default)

Another configuration option specifies if a user trying to establisha CIFS connection with the share must always provide the username and password, or if they can connect without it. In thiscase, only restricted access to the share will be allowed. The samekind of access is allowed to anonymous or guest user accounts.This share option can have one of the following values, eitherguest or noguest.

FileStore allows restricted access to the share when no user nameor password is provided.

guest

FileStore always requires the user name and password for all ofthe connections to this share.

noguest (Default)

All Windows Access Control Lists (ACLs) are supported exceptin the case when you attempt using the Windows Explorer folderProperties > Security GUI to inherit down to a non-emptydirectory hierarchy while denying all access to yourself.

full_acl

Some advanced Windows Access Control Lists (ACLs)functionality does not work. For example, if you try to create ACLrules on files saved in a CIFS share using Windows explorer whileallowing some set of file access foruser1 and denying file accessfor user2, this is not possible when CIFS shares are exportedusing no_full_acl.

no_full_acl (Default)

Prevents clients from seeing the existence of files and directoriesthat are not readable to them.

The default is: hide_unreadable is set to off.

hide_unreadable


Table 9-12 CIFS export options (continued)


To hide some system files (lost+found, quotas, quotas.grp) fromdisplaying when using a CIFS normal share, you can use theveto_sys_filesCIFS export option. For example, when addinga CIFS normal share, the default is to display the system files.To hide the system files, you must use the veto_sys_filesCIFS export option.

veto_sys_files

When a file system or directory is exported by CIFS, its mode isset to an fs_mode value. It is the UNIX access control set on afile system, and CIFS options like rw/ro do not take precedenceover it. This value is reset to0755when the CIFS share is deleted.

The default is: fs_mode = 1777.

fs_mode

When a directory is created under a file system or directoryexported by CIFS, the necessary permissions are calculated bymapping DOS modes to UNIX permissions. The resulting UNIXmode is then bit-wise 'AND'ed with this parameter. Any bit notset here is removed from the modes set on a directory when it iscreated.

The default is: dir_mask = 0755.

dir_mask

When a file is created under a file system or directory exportedby CIFS, the necessary permissions are calculated by mappingDOS modes to UNIX permissions. The resulting UNIX mode isthen bit-wise 'AND'ed with this parameter. Any bit not set hereis removed from the modes set on a file when it is created.

The default is: create_mask = 0744.

create_mask

FileStore supports the CIFS opportunistic locks. You can enableor disable them for a specific share. The opportunistic locksimprove performance for some workloads, and there is a shareconfiguration option which can be given one of the followingvalues, either oplocks or nooplocks.

FileStore supports opportunistic locks on the files in this share.

oplocks (Default)

No opportunistic locks will be used for this share.

Disable the oplocks when:

■ 1) A file system is exported over both CIFS and NFS protocols.

■ 2) Either CIFS or NFS protocol has read and write access.

nooplocks


332

Table 9-12 CIFS export options (continued)


There are more share configuration options that can be used tospecify the user and group who own the share. If you do notspecify these options for a share, FileStore uses the current valuesas default values for these options. You may want to change thedefault values to allow a specific user or group to be the shareowner.

Irrespective of who are owner and group of the exported share,any CIFS clients can create folders and files in the share. However,there are some operations that require owner privileges; forexample, changing the owner itself, and changing permissionsof the top-level folder (that is, the root directory in UNIX terms).To enable these operations, you can set the owner option to aspecific user name, and this user can perform the privilegedoperations.

owner

By default, the current group is the primary group owner of theroot directory of the exported share. This lets CIFS clients createfolders and files in the share. However, there are some operationsthat require group privileges; for example, changing the groupitself, and changing permissions of the top-level folder (that is,the root directory in UNIX terms). To enable these operations,you can set the group option to a specific group name, and thisgroup can perform the privileged operations.

group

FileStore lets you specify a virtual IP address. This address mustbe part of the FileStore cluster, and is used by the system to servethe share internally.

Note: ip is not a valid CIFS option when using the ctdb clusteringmode.


ip

Setting share propertiesAfter a file system is exported as a CIFS share, you can decide to change one ormore share options. This is done using the same share add command, giving thename of an existing share and the name of the file system exported with thisshare. FileStore will realize the given share has already been exported and thatit is only required to change the values of the share options.

For example, to export the file system fs1 with the name share1, enter thefollowing:


CIFS> share add fs1 share1 "owner=administrator,group=domain

users,rw"

Exporting CIFS filesystem : share1 ...

CIFS> share show


share1 fs1 owner=administrator,group=domain

users,rw

To export a file system

◆ To export a file system, enter the following:

CIFS> share add filesystem sharename [cifsoptions]

An FileStore file system that you want to export as a CIFS share.The given file system must not be currently used for storing thehome directory shares.

The file system or directory path should always start with thefile system name, not with the file system mount point /vx.

filesystem

The name for the newly-exported share. Names of the FileStoreshares can consist of the following characters: lower anduppercase letters "a" - "z" and "A" - "Z," numbers "0" - "9" andspecial characters: "_" and "-". ( "-" cannot be used as the firstcharacter in a share name).

Note: A share name cannot exceed 256 characters.

sharename

A comma-separated list of CIFS export options. This part of thecommand is optional.

If a CIFS export option is not provided, FileStore uses the defaultvalue.

See “About the CIFS export options” on page 331.

cifsoptions

For example, an existing file system called FSA being exported as a sharecalled ABC:

CIFS> share add FSA ABC rw,guest,owner=john,group=abcdev

Hiding system files when adding or modifying a CIFS normal shareWhen adding a CIFS normal share, the default is to display the system files(lost+found, quotas, quotas.grp). To hide the system files, you must use theveto_sys_files CIFS export option.


334


To hide system files when adding or modifying a CIFS normal share

◆ To hide system files when adding a CIFS normal share, enter the following:

CIFS> share add filesystem sharename [cifsoption]

Use the veto_sys_files CIFS export option to hide system files.

For example:

CIFS> share add fs1 share1 veto_sys_files

Exporting CIFS filesystem : share1 ...Success.

CIFS> share show


share1 fs1 owner=root,group=root,fs_mode=1777,veto_sys_files

CIFS> share show


share2 fs2 owner=root,group=root,fs_mode=1777

CIFS> share modify share2 veto_sys_files

Warning: Modifying an already existing share.

..........Done

CIFS> share show


share2 fs2 owner=root,group=root,fs_mode=1777,veto_sys_files


Displaying CIFS share propertiesTo display share properties

1 To display the information about all of the exported shares, enter thefollowing:

CIFS> share show

For example:

CIFS> share show


share1 fs1 owner=root,group=root

2 To display the information about one specific share, enter the following:

CIFS> share show sharename

For example:

CIFS> share show share1

ShareName VIP Address

share1 10.10.10.10


336

Allowing specified users and groups access to the CIFS shareTo allow specified users and groups access to the CIFS share

◆ To allow specified users and groups access to the CIFS share, enter thefollowing:

CIFS> share allow sharename @group1

[,@group2,user1,user2,...]

Name of the CIFS share for which you want to allow specified users and groups access.

Names of the FileStore shares are case- sensitive and can consist of the following characters:lower and uppercase letters "a" - "z" and "A" - "Z," numbers "0" - "9" and special characters: "_"and "-". ( "-", cannot be used as the first character in a share name).

sharename

If the CIFS server joined a domain, and there is a space in the user or group name, the user orgroup name needs to be entered with double quotes (for example, "@domain users").

By default, all groups are allowed to access the shares.

In the case where a CIFS share has joined a domain, and the domain contains trusted domains,and allow_trusted_domains is set to yes on the CIFS server, if you want to allow/denyusers or groups from the trusted domains, the user or group needs to be prefixed with thetrusted domain name. Separate the domain and user/group with a double backslash.

For example:

CIFS> share allow sharename"@domain name\\group name"

group

Name of the CIFS user allowed access to the CIFS share.

By default, all users are allowed to access the shares.

user

If all is specified, then default access restrictions are restored on the CIFSshare.

CIFS> share allow share1 user1,@group1


.........Done


Denying specified users and groups access to the CIFS shareTo deny specified users and groups access to the CIFS share

◆ To deny specified users and groups access to the CIFS share, enter thefollowing:

CIFS> share deny sharename

@group1[,@group2,user1,user2,...]

Name of the CIFS share for which you want to deny specified users and groups access.

Names of the FileStore shares are case- sensitive and can consist of the following characters:lower and uppercase letters "a" - "z" and "A" - "Z," numbers "0" - "9" and special characters: "_"and "-". ( "-", cannot be used as the first character in a share name).

sharename

If the CIFS server joined a domain, and there is a space in the user or group name, the user orgroup name needs to be entered with double quotes (for example, "@domain users").

By default, all groups are allowed to access the shares.

In the case where a CIFS share has joined a domain, and the domain contains trusted domains,and CIFS is set to trusted domains as true, if you want to allow/deny users or groups from thetrusted domains, the user or group needs to be prefixed with the trusted domain name. Separatethe domain and user/group with a double backslash.

For example:

CIFS> share deny sharename"@domain name\\user name"

group

Name of the CIFS user denied access to the CIFS share.

By default, all users are allowed to access the shares.

user

If all is specified, then all the users and groups are not able to access theshare.

CIFS> share deny share1 user1,@group1


.........Done


338

Modifying an existing CIFS shareTo modify an existing CIFS share

◆ To modify an existing CIFS share, enter the following:

CIFS> share modify sharename [cifsoptions]

Name of the CIFS share you want to modify.

Names of the FileStore shares are case- sensitive and can consistof the following characters: lower and uppercase letters "a" - "z"and "A" - "Z," numbers "0" - "9" and special characters: "_" and"-". ( "-", cannot be used as the first character in a share name).

sharename

A comma-separated list of CIFS export options. This part of thecommand is optional.

cifsoptions

For example:

CIFS> share modify share1 ro


Done


Modifying an existing CIFS share with different CIFS optionsTo modify an existing CIFS share with different CIFS options

1 To modify an existing CIFS share with different CIFS options, enter thefollowing:

CIFS> share show



share4 fs4 owner=root,group=root,fs_mode=1777,rw

2 To modify the CIFS share, enter the following:

CIFS> share modify share4 rw,full_acl,oplocks


..Done

The CIFS> share modify command overwrites the previous value forcifsoptions.


3 To list the CIFS shares, enter the following:

CIFS> share show



share4 fs4 owner=root,group=root,fs_mode=1777,rw,

full_acl,oplocks

Exporting a CIFS snapshotTo export a CIFS snapshot

1 To create a CIFS snapshot, enter the following for example:

Storage> snapshot create cf11sp1 CF11


2 To export the CIFS snapshot, enter the following for example:

CIFS> share add CF11:cf11sp1 cf11sp1 rw,guest


A client can access the CIFS snapshot by the CIFS share name, cf11sp1.


340

Deleting a CIFS shareTo delete a CIFS share

1 To delete a share, enter the following:

CIFS> share delete sharename

where sharename is the name of the share you want to delete.

For example:

CIFS> share delete share1

Unexporting CIFS filesystem : share1 ..

2 To confirm the share is no longer exported, enter the following:

CIFS> share show


share2 fs2 owner=root,group=root

In the case of any remanent sessions (sessions that are not closed whiledeleting a CIFS share), FileStore displays the following output:


Unexporting CIFS share : share2 ....Success.

SFS cifs WARNING V-288-0 There are following remanent sessions.

Clients may still access 'share4' unless the relevant processes are

killed.

Remanent Sessions

pid nodename

-----------------

13966 sfsnode_01

14130 sfsnode_02

This is a rare situation, and it occurs if the following conditions are met:

■ CIFS server is online

■ CIFS share that is being deleted is ONLINE

■ There are some existing client connections with that CIFS share

■ While deleting the share, some remanent sessions are left

If any condition is failed above, then the CIFS> share delete commandoutput displays as usual.


Unexporting CIFS share : share2 ....Success.


Sharing file systems using CIFS and NFS protocolsFileStore provides support for multi-protocol file sharing, where the same filesystem can be exported to both Windows and UNIX users using the CIFS and NFS(Network File System) protocols. The result is an efficient use of storage by sharinga single data set across multi-application platforms.

Figure 9-1 shows how file system sharing for the two protocols works.

Figure 9-1 Exporting files systems

SharedStorage

File SystemFS1

2-nodeFileStorecluster

Data access byCIFS protocol

Data access byNFS protocol

Windows user UNIX user

It is recommended that you disable the oplocks option when the following occurs:

■ A file system is exported over both the CIFS and NFS protocols.

■ Either the CIFS and NFS protocol is set with read and write permission.

Using Symantec FileStore as a CIFS serverSharing file systems using CIFS and NFS protocols

342


Note:When a share is exported over both NFS and CIFS protocols, the applicationsrunning on the NFS and CIFS clients may attempt to concurrently read or writethe same file. This may lead to unexpected results since the locking models usedby these protocols are different. For example, an application reads stale data. Forthis reason, FileStore warns you when the share export is requested over NFS orCIFS and the same share has already been exported over CIFS or NFS, when atleast one of these exports allows write access.

343Using Symantec FileStore as a CIFS serverSharing file systems using CIFS and NFS protocols

To export a file system to Windows and UNIX users

1 Go to the NFS mode and enter the following commands:

NFS> share add ro /vx/fs1

Exporting *:/vx/fs1 with options ro

..Success.

NFS> share show

/vx/fs1 *(ro)

2 To export a file system to Windows and UNIX users with read-only permission,go to CIFS mode, and enter the following commands:

CIFS> show

Name Value

---- -----


netbios aliases

ntlm auth yes


homedirfs

aio size 1024



security ads





CIFS> share add fs1 share1 rw

SFS cifs WARNING V-288-0 Filesystem (fs1) is already shared over NFS

with 'ro' permission.

Do you want to proceed (y/n): y

Exporting CIFS filesystem : share1 ..

CIFS> share show


share1 fs1 owner=root,group=root,rw

When the file system in CIFS is set to homedirfs, the FileStore software assumesthat the file system is exported to CIFS users in read and write mode. FileStoredoes not allow you to export the same file system as an CIFS share and a home

Using Symantec FileStore as a CIFS serverSharing file systems using CIFS and NFS protocols

344

directory file system (homedirfs). For example, if the file system fs1 is alreadyexported as a CIFS share, then you cannot set it as homedirfs.

To export a file system set as homedirfs

◆ To request that a file system be used for home directories, you need to exportthe file system. Go to the CIFS mode and enter the following:

CIFS> share show


share1 fs1 owner=root,group=root,rw

CIFS> set homedirfs fs1

SFS cifs ERROR V-288-615 Filesystem (fs1) is already exported

by another CIFS share.

About mapping user names for CIFS/NFS sharingThe CIFS server uses user name mapping to translate login names sent by aWindows client to local or remote UNIX user names. The CIFS server uses filelookup for mapping, and this mapping is unidirectional. You can map a CIFS userto an NFS user, but the reverse operation is not possible.

This functionality can be used for the following purposes:

■ CIFS and NFS sharing by mapping CIFS users to NFS users

■ File sharing among CIFS users by mapping multiple CIFS users to a singleUNIX user

■ Mapping between two UNIX users by using the CIFS> mapuser add

<CIFSusername> LOCAL <NFSusername> command, where both the CIFS userand the NFS user are UNIX users

User name mapping is stored in a configuration file.

When user name mapping takes place is dependent on the current securityconfigurations. If security is set to user, mapping is done prior to authentication,and a password must be provided for the mapped user name. For example, if thereis a mapping between the users CIFSuser1 and NFSuser1. If CIFSuser1 wants toconnect to the FileStore server, then CIFSuser1 needs to provide a password forNFSuser1. In this case, NFSuser1 must be the CIFS local user.

If security is set to either ads or domain, user name mapping is done afterauthentication with the domain controller. This means, the actual password mustbe supplied for the login user CIFSuser1 in the example cited above. In this case,NFSuser1 may not be the CIFS local user.

345Using Symantec FileStore as a CIFS serverAbout mapping user names for CIFS/NFS sharing

For example, to map a CIFS user to an NFS user:

CIFS> mapuser add CIFSuser1 SYMANTECDOMAIN.COM NFSuser1

For example, to show the mapping between a CIFS user and an NFS user:

CIFS> mapuser show

CIFSUserName DomainName NFSUserName

CIFSuser1 SYMANTECDOMAIN NFSuser1

For example, to remove the mapping between a CIFS user and an NFS user:

CIFS> mapuser remove CIFSuser1 SYMANTECDOMAIN.COM

The domain you specify for CIFS user name mapping must be the netbios domainname (instead of the Active Directory DNS domain name) for the user. For example,a netbios domain name might be listed as SYMANTECDOMAIN instead ofSYMANTECDOMAIN.COM (without the .com extension).

To determine the netbios domain name, login to your Active Directory Server andtype the following in a command window:

set | findstr DOMAIN

The results will include:

USERDOMAIN netbios_domain_name

USERDNSDOMAIN Active_Directory_DNS_domain_name

Use the value ofUSERDOMAIN (the netbios domain name) when you map user names.

Note: When setting quotas on home directories and using user name mapping,make sure to set the quota on the home directory using the user name to whichthe original name is mapped.

Note: For mapped Active Directory users to access their home directory CIFSshares, use the following convention: \\filestore\realADuser instead of\\filestore\homes.

About load balancing for the normal clusteringmodeIn normal clustering mode, a CIFS share is served from a single node. CIFS userscan access an exported share on any FileStore node. All of the nodes can

Using Symantec FileStore as a CIFS serverAbout load balancing for the normal clustering mode

346

concurrently perform file operations. All of the file systems are mounted on everynode. The exported shares are also exported from every node.

The following restriction exists for normal clustering mode: only one node at atime can perform file operations on a single share in normal clustering mode. Thedecision which node is currently allowed to perform the file operations for aspecific share is made by the FileStore software and is transparent to the CIFSusers.

Other issues pertaining to normal clustering mode:

■ There is a tie up between a virtual IP address and a share. If a virtual IP addressthat is serving a share is deleted, then the virtual IP address is needed toreschedule that share on another virtual IP address.

■ You can only export the root file system in normal clustering mode.

■ A file system cannot be exported as a different share.

When a CIFS share is accessed by a node that is not the owner of that share,FileStore transparently redirects the access to the node that is the owner of thatshare. So, all of the processing for a CIFS share is performed by the node that isdesignated as the owner of that share.

Use the CIFS> share show command to view which virtual IP address is assignedto a share.

Use the Network> ip addr show command to view which node is assigned avirtual IP address. This shows which node is the current owner of the exportedCIFS shares.

About load balancing for the ctdb clustering modeThe ctdb-based clustering mode provides a guarantee of data integrity andconsistent locking among FileStore nodes. A CIFS share can be served frommultiple nodes simultaneously and therefore provides better load balancing.

A CIFS share can be served from multiple virtual IP addresses (VIPs)simultaneously. There will not be any tie up between a VIP and a CIFS share. Noredistribution of the CIFS share is required while deleting the VIP. A newly-addedVIP can be easily used to serve the CIFS share without any administratorintervention.

About managing home directoriesYou can use FileStore to store the home directories of CIFS users.

347Using Symantec FileStore as a CIFS serverAbout load balancing for the ctdb clustering mode

The home directory share name is identical to the FileStore user name. WhenFileStore receives a new CIFS connection request, it checks if the requested shareis one of the ordinary exported shares. If it is not, FileStore checks if the requestedshare name is the name of an existing FileStore user (either local user or domainuser, depending on the current mode of operation). If a match is found, it meansthat the received connection request is for a home directory share.

You can access your home directory share the same way you access the file systemordinary shares. A user can connect only to his or her own home directory.

Note: The internal directories structure of home directory file systems ismaintained by FileStore. It is recommended not to use a file system as a homedirfsthat has been used by a normal share in the past or vice versa.

Table 9-13 Home directory commands

DefinitionCommand

Specifies one or more file systems to be used for home directories.

See “Setting the home directory file systems” on page 348.

set homedirfs

Enables use of quotas on home directory file systems.


homedir quota

Sets the home directory for the specified user. If the home directorydoes not exist for the specified user, this command creates that user'shome directory.

See “Setting up home directories” on page 350.

homedir set

Displays information about home directories.

See “Displaying home directory usage information” on page 352.

homedir show

Deletes a home directory share.

See “Deleting home directories and disabling creation of homedirectories” on page 353.

homedir delete

Deletes the home directories.

See “Deleting home directories and disabling creation of homedirectories” on page 353.

homedir deleteall

Setting the home directory file systemsHome directory shares are stored in one or more file systems. A single homedirectory can exist only in one of these file systems, but a number of home

Using Symantec FileStore as a CIFS serverAbout managing home directories

348

directories can exist in a single home directory file system. File systems that areto be used for home directories are specified using the CIFS> set homedirfs

command.

When a file system is exported as a homedirfs, its mode is set to a 0755 value. Thistakes place when you start the CIFS server after setting the homedirfs list.

Note: Snapshots cannot be shared as home directory file systems.

To specify one or more file systems as the home directories

1 To reserve one or more file systems for home directories, enter the following:

CIFS> set homedirfs [filesystemlist]

where filesystemlist is a comma-separated list of names of the file systemswhich are used for the home directories.

For example:

CIFS> set homedirfs fs1,fs2,fs3


2 If you want to remove the file systems you previously set up, enter thecommand again, without any file systems:

CIFS> set homedirfs

3 To find which file systems (if any) are currently used for home directories,enter the following:

CIFS> show

After you select one or more of the file systems to be used in this way, youcannot export the same file systems as ordinary CIFS shares.

If you want to change the current selection, for example, to add an additionalfile system to the list of home directory file systems or to specify that no filesystem should be used for home directories, you have to use the same CIFS>set homedirfs command. In each case you must enter the entire new list ofhome directory file systems, which may be an empty list when no homedirectory file systems are required.

FileStore treats home directories differently from ordinary shares. Thedifferences are as follows:

■ An ordinary share is used to export a file system, while a number of homedirectories can be stored in a single file system.

349Using Symantec FileStore as a CIFS serverAbout managing home directories

■ The file systems used for home directories cannot be exported as ordinaryshares.

■ Exporting a home directory share is done differently than exporting anordinary share. Also, removing these two kinds of shares is donedifferently.

■ The configuration options you specify for an ordinary share (such asread-only or use of opportunistic locks) are different from the ones youspecify for a home directory share.

Setting up home directoriesYou can set the home directory for the specified user with the CIFS> homedir

set command. If the home directory does not exist for the specified user, theCIFS> homedir set command creates that user's home directory.

Use the Storage> quota cifshomedir set command to set the quota value forthe specified user. Otherwise, the value set from theStorage> quota cifshomedir

setdefault command is used to configure the quota limit. If either the user ordefault quota is not set, 0 is used as the default value for the unlimited quota.

Once the global quota value is specified, the value applies to the automaticallycreated homedir. For example, if you set the global quota value to Storage> quota

cifshomedir setdefault 100M, and you then create a new homedir in Windows,then the 100M quota value is assigned to that homedir.


350

To set the home directory for the specified user

1 To set the home directory for the specified user, enter the following:

CIFS> homedir set username [domainname] [fsname]

The name of the CIFS user. If a CIFS user name includes a space,enter the user name with double quotes.

For example:

CIFS> homedir set "test user" SYMANTECDOMAIN

username

The domain for the new home directory.domainname

The home directory file system where the user's home directoryis created. If no file system is specified, the user's home directoryis created on the home directory file system that has the fewesthome directories.

fsname

2 To find the current settings for a home directory, enter the following:

CIFS> homedir show [username] [domainname]


For example:

CIFS> homedir show "test user" SYMANTECDOMAINUserName DomainName Usagetest user SYMANTECDOMAIN 0

username

The Active Directory/Windows NT domain name or specifylocalfor the FileStore local user local.

domainname


3 To find the current settings for all home directories, enter the following:

CIFS> homedir show

Because the CIFS> homedir show command takes a long time when thereare more than 1000 CIFS home directories to display, you will be promptedif you want to continue displaying CIFS home directories or not.

If there are more than 1000 CIFS home directories when issuing the CIFS>

homedir show command, you will receive a warning message asking if youwant to continue displaying CIFS home directories. If you answer yes to theprompt, you will see each CIFS home directory. If you answer no, you will notsee any additional output of CIFS home directories.

When you connect to your home directory for the first time, and if the homedirectory has not already been created, FileStore selects one of the availablehome directory file systems and creates the home directory there. The filesystem is selected in a way that tries to keep the number of home directoriesbalanced across all available home directory file systems. The automaticcreation of a home directory does not require any commands, and istransparent to both the users and the FileStore administrators.

The quota limits the amount of disk space you can allocate for the files in ahome directory.

You can set the same quota value for all home directories using the Storage>quota cifshomedir setall command.


Displaying home directory usage informationYou can display information about home directories using the CIFS> homedir

show command.

Note: Information about home directory quotas is up-to-date only when you enablethe use of quotas for the home directory file systems.


352

To display information about home directories

1 To display information about a specific user's home directory, enter thefollowing:

CIFS> homedir show [username] [domainname]


For example:

CIFS> homedir show "test user" SYMANTECDOMAINUserName DomainName Filesystem Usagetest user SYMANTECDOMAIN /vx/fs3 0

username

The domain where the home directory is located.domainname

2 To display information about all home directories, enter the following:

CIFS> homedir show

Deleting home directories and disabling creation of home directoriesYou can delete a home directory share. This also deletes the files andsub-directories in the share.

After a home directory is deleted, if you try to access the same home directoryagain, a new home directory will automatically be created.

If you have an open file when the home directory is deleted, and you try to savethe file, a warning appears:

Warning: Make sure the path or filename is correct.

Save dialog?

Click on the Save button which saves the file to a new home directory.


To delete a home directory share

◆ To delete the home directory of a specific user, enter the following:

CIFS> homedir delete username [domainname]

Do you want to delete homedir for username(y/n):


Respond with y(es) or n(o) to confirm the deletion.

username

The domain it is located in.domainname

You can delete all of the home directory shares with theCIFS> homedir deleteall

command. This also deletes all files and subdirectories in these shares.

After you delete the existing home directories, you can again create the homedirectories manually or automatically.

To delete the home directories

◆ To delete all home directories, enter the following:

CIFS> homedir deleteall

Do you want to delete all home directories (y/n):

Respond with y(es) or n(o) to confirm the deletion.

After you delete the home directories, you can stop FileStore serving homedirectories by using the CIFS> set homedirfs command.

To disable creation of home directories

◆ To specify that there are no home directory file systems, enter the following:

CIFS> set homedirfs

After these steps, FileStore does not serve home directories.

About ctdb clustering modesThe following clustering modes are supported by FileStore:

■ Normal

■ Clustered Trivial Database (CTDB) - a cluster implementation of the TDB(Trivial database) based on the Berkeley database API

The following operating modes are supported by FileStore:

Using Symantec FileStore as a CIFS serverAbout ctdb clustering modes

354

■ User

■ Domain

■ ADS

Each clustering mode supports all of the three operating modes. The ctdb clusteringmode is a different clustered implementation of FileStore CIFS, which supportsalmost all of the features that are supported by normal clustering mode as wellas some additional features.

Additional features supported in ctdb clustering mode:

■ Directory-level share support

■ Multi-instance share export of a file system/directory

■ Simultaneous access of a share from multiple nodes and therefore better loadbalancing

Exporting a directory as a CIFS shareDirectory-level share support is available only in the ctdb clustering mode. If youwant to export a directory as a CIFS share, you must first switch to the ctdbclustering mode.


See “Switching from normal to ctdb clustering mode” on page 358.

Note: This feature is only supported in the ctdb clustering mode.

355Using Symantec FileStore as a CIFS serverExporting a directory as a CIFS share

To check the status of the CIFS server to confirm that the clustering mode is set toctdb

◆ To check the status of the CIFS server to confirm that the clustering mode isset to ctdb, enter the following:

CIFS> server status



Homedirfs : fs1

Security : ads






Clustering Mode : ctdb

To export a directory as a CIFS share

1 To export a directory as a CIFS share, enter the following:

CIFS> share add fs1/FileStore share1 rw,full_acl

Exporting CIFS filesystem : share1 ..Success.

2 To list the shares, enter the following:

CIFS> share show


share1 fs1/FileStore owner=root,group=root,fs_mode=755,rw,full_acl

If the directory name contains a space, enter the directory name with doublequotes (" "). For example:

CIFS> share add "fs1/Symantec FileStore" share2 rw


To list the CIFS shares, enter the following:

CIFS> share show


share2 fs1/FileStore owner=root,group=root,fs_mode=755,rw

share1 fs1/FileStore owner=root,group=root,fs_mode=755,rw,

full_acl

Using Symantec FileStore as a CIFS serverExporting a directory as a CIFS share

356

Exporting the same file system/directory as adifferent CIFS share

In ctdb clustering mode, you can export the same file system or directory as adifferent CIFS share with different available CIFS options. This features allowsyou more granular control over CIFS shares for different sets of users.

If the same file system is exported as different shares in ctdb clustering mode,then after switching to normal clustering mode only one share out of these isavailable, because multi-instance share export is not supported in normalclustering mode.

Note: If the same file system or directory is exported as different shares, then thefs_mode value is the same for all of these shares; that is, the last modified fs_mode

value is applicable for all of those shares.

Note: This feature is only supported in the ctdb clustering mode.

To export a directory with read access to everyone, but write access to the limitedset of users who need to be authenticated

◆ To export a directory with read access to everyone, but write access to thelimited set of users who need to be authenticated, enter the following:

CIFS> share add "fs1/Symantec FileStore" share1 rw,noguest


CIFS> share add "fs1/Symantec FileStore" share2 ro,guest


CIFS> share show


share1 fs1/FileStore owner=root,group=root,fs_mode=755,rw,noguest

share2 fs1/FileStore owner=root,group=root,fs_mode=755,ro,guest

The above example illustrates that the same directory is exported as adifferent CIFS share for guest and noquest users with different sets ofpermissions.

357Using Symantec FileStore as a CIFS serverExporting the same file system/directory as a different CIFS share

About switching the clustering modeYou can switch from normal to ctdb clustering mode or from ctdb to normalclustering mode. You must stop the CIFS server prior to switching to any clustermode.


See “Switching from normal to ctdb clustering mode” on page 358.

See “Switching from ctdb to normal clustering mode” on page 361.

Switching from normal to ctdb clustering modeYou must stop the CIFS server prior to switching to any clustering mode by issuingthe CIFS> server stop command.

In ctdb clustering mode, if the FileStore cluster is joined to the domain, thenstopping the CIFS server always results in leaving the join. This is a special casethat applies to ctdb clustering mode; this behavior does not occur with normalclustering mode.

To switch from normal to ctdb clustering mode

1 To check the status of the CIFS server prior to switching from normal to ctdbclustering mode, enter the following:

CIFS> server status



Homedirfs : fs1

Security : ads








CIFS> server stop

Stopping CIFS Server .....Success.

Using Symantec FileStore as a CIFS serverAbout switching the clustering mode

358

3 To set the CIFS clustering mode to ctdb, enter the following:

CIFS> set clustering_mode ctdb


359Using Symantec FileStore as a CIFS serverAbout switching the clustering mode


CIFS> server start

Disabling membership in AD domain SYMANTECDOMAIN.COM

Enter password for user àdministrator':


Uninstalling `normal' Clustering Mode ......Success.

Installing `ctdb' Clustering Mode .......Success.

Starting CIFS Server ....

The skew of the system clock with respect to Domain controller

SYMSERVER (10.209.110.210) is: 8 seconds

Time on Domain Controller : Thu Aug 19 15:04:22 2010

Time on this system : Thu Aug 19 15:04:14 IST 2010






..Success.


CIFS> server status



Homedirfs : fs1

Security : ads







Using Symantec FileStore as a CIFS serverAbout switching the clustering mode

360

Switching from ctdb to normal clustering modeYou must stop the CIFS server prior to switching to any clustering mode by issuingthe CIFS> server stop command.

Note: Domain membership is disabled while stopping the CIFS server in ctdbclustering mode.

To switch from ctdb to normal clustering mode

1 To check the status of the CIFS server prior to switching from ctdb to normalclustering mode, enter the following:

CIFS> server status



Homedirfs : fs1

Security : ads








CIFS> server stop




Stopping CIFS Server ......Success.

3 To set the CIFS clustering mode to normal, enter the following:

CIFS> set clustering_mode normal


361Using Symantec FileStore as a CIFS serverAbout switching the clustering mode


CIFS> server start

Uninstalling `ctdb' Clustering Mode........Success.

Installing `normal' Clustering Mode........Success.








Enter a password for user àdministrator'




CIFS> server status



Homedirfs : fs1

Security : ads







About migrating CIFS shares and home directoriesYou can migrate CIFS shares and home directories from normal to ctdb clusteringmode and from ctdb to normal clustering mode.

FileStore automatically migrates all CIFS shares and home directories whileswitching from one clustering mode to another. However, it is not possible to

Using Symantec FileStore as a CIFS serverAbout migrating CIFS shares and home directories

362

migrate directory-level shares in the normal clustering mode, becausedirectory-level sharing is not supported in normal clustering mode.

Automatic migration of the content of users (that is, users' home directories) fromone file system to another file system while switching home directories is notsupported. So, if a FileStore administrator changes home directories from fs1 tofs2, then users' home directories are not migrated from fs1 to fs2 automatically.

While migrating from normal to ctdb clustering mode, a simple share is createdfor each split share, because splitting shares is not supported in ctdb clusteringmode.

See “Migrating CIFS shares and home directories from normal to ctdb clusteringmode” on page 364.

See “Migrating CIFS shares and home directories from ctdb to normal clusteringmode” on page 366.

363Using Symantec FileStore as a CIFS serverAbout migrating CIFS shares and home directories

Migrating CIFS shares and home directories from normal to ctdbclustering mode

To migrate CIFS shares and home directories from normal to ctdb clustering mode

1 To check the CIFS server status to confirm that the current cluster mode isset to normal, enter the following:

CIFS> server status



Homedirfs : fs1

Security : ads







2 To list the CIFS shares and home directories, enter the following:

CIFS> share show


share1* fs1 split,owner=root,group=root,fs_mode=1777,

rw,full_acl



CIFS> homedir show

UserName DomainName Usage

test Local -

administrator SYMANTECDOMAIN -

3 To stop the CIFS server before changing the clustering mode to ctdb, enterthe following:

CIFS> server stop


CIFS> set clustering_mode ctdb



364

4 To start the CIFS server in ctdb clustering mode and check the CIFS serverstatus, enter the following:

CIFS> server start




Uninstalling `normal' Clustering Mode........Success.

Installing `ctdb' Clustering Mode........Success.

Starting CIFS Server....


sfsqa_ad.sfsqa.com (10.209.110.210) is: 9 seconds








..Success.

CIFS> server status



Homedirfs : fs1

Security : ads








5 To verify that all the CIFS shares and home directories are properly migratedto the ctdb clustering mode, enter the following:

CIFS> share show


share1 fs1 owner=root,group=root,fs_mode=1777,rw,full_acl



CIFS> homedir show


test Local -


Migrating CIFS shares and home directories from ctdb to normalclustering mode

If a file system is exported as multiple CIFS shares in ctdb clustering mode, thenwhile migrating to normal clustering mode, FileStore creates only one CIFS share,whichever comes first in the list.


366

To migrate a CIFS share and home directory from ctdb to normal clustering mode


CIFS> server status



Homedirfs : fs1

Security : ads







2 To list the CIFS shares and home directories, enter the following:

CIFS> share show


share1 fs1/FileStore owner=root,group=root,fs_mode=755,rw,noguest

share2 fs1/FileStore owner=root,group=root,fs_mode=755,ro,guest



CIFS> homedir show


test Local -


3 To stop the CIFS server to switch the clustering mode to normal, enter thefollowing:

CIFS> server stop




Stopping CIFS Server ......Success.

CIFS> set clustering_mode normal



4 To start the CIFS server in normal clustering mode, enter the following:

CIFS> server start

Uninstalling `ctdb' Clustering Mode.........Success.

Installing `normal' Clustering Mode.........Success.










SFS cifs WARNING V-288-0 Migration of following shares are not

supported in normal clustering mode

Clustering mode

Sharename FS Name

share1 fs1/Symantec FileStore

share2 fs1/Symantec FileStore

Starting CIFS Server......Success.

The warning message indicates that FileStore was unable to migrate thedirectory-level share to normal clustering mode. The rest of the CIFS shareand home directory were migrated.

5 To list the CIFS shares and home directories after migrating to normalclustering mode, enter the following:

CIFS> share show




CIFS> homedir show


test Local -



368

Setting the aio_fork optionThe CIFS> set aio_size option allows you to set an Asynchronous I/O (AIO)read/write size with an unsigned integer.

To set the aio_fork option

◆ To set the aio_fork option, enter the following:

CIFS> set aio_size size

where size is the AIO read/write size.

If size is not set to 0, then enable the aio_fork option, and set it as an AIOread/write size. If size is set to 0, then disable the aio_fork option, and set 0to an AIO read/write size.

For example:

CIFS> set aio_size

set aio_size <size>

--set aio_fork read/write size.

size : Unsigned integer or 0 to disable aio

CIFS> set aio_size 0


CIFS> set aio_size 1024


369Using Symantec FileStore as a CIFS serverSetting the aio_fork option

Setting the netbios aliases for the CIFS serverTo set the netbios aliases for the CIFS server

◆ To set the netbios aliases for the CIFS server, enter the following:

CIFS> set alias [aliaslist]

where aliaslist is either empty (no netbios alias was specified) or acomma-separated list of netbios alias names.

After setting the netbios alias names, you can access the CIFS server by usingthese alias names.

For example, if you want to set an empty alias, you would enter the following:

CIFS> set alias


For example, if you want to set one or multiple netbios alias names, you wouldenter the following:

CIFS> set alias A1,A2,A3


CIFS> show

Name Value

---- -----

netbios name sfs4

netbios aliases A1 A2 A3

ntlm auth yes


homedirfs fs1,fs3

aio size 0



security ads




Clustering Mode ctdb

Using Symantec FileStore as a CIFS serverSetting the netbios aliases for the CIFS server

370

About managing local users and groupsWhen FileStore is operating in the standalone mode, only the local users andgroups of users can establish CIFS connections and access the home directoriesand ordinary shares. The FileStore local files store the information about theseuser and group accounts. Local procedures authenticate and authorize these usersand groups based on the use of names and passwords. You can manage the localusers and groups as described in the rest of this topic.

Accounts for local users can be created, deleted, and information about them canbe displayed using the CIFS> local user commands.

Table 9-14 Manage local users and groups commands

DefinitionCommand

Adds a new user to CIFS. You can add the user to a local group, byentering the group name in the optional grouplist variable. Before youadd the user to a grouplist, you must create the grouplist.

When you create a local user, FileStore assigns a default password tothe new account. The default password is the same as the user name.For example, if you enterusr1 for the user name, the default passwordis also usr1.

See “Creating a local CIFS user” on page 372.

local user add

The default password for a newly-created account is the same as theuser name. You can change the default password using the CIFS>local password command.

The maximum password length is eight characters.


local password

Deletes local user accounts.


local user delete

Displays the user ID and lists the groups to which the user belongs.If you do not enter an optional username, the command lists all CIFSexisting users.


local user show

Adds a user to one or more groups. For existing users, this commandchanges a user's group membership.


local usermembers

371Using Symantec FileStore as a CIFS serverAbout managing local users and groups

Creating a local CIFS userTo create the new local CIFS user

◆ To create a local CIFS user, enter the following:

CIFS> local user add username [grouplist]

where username is the name of the user. The grouplist is a comma-separatedlist of group names.

For example:

CIFS> local user add usr1 grp1,grp2

Adding USER : usr1

Success: User usr1 created successfully

To set the local user password

◆ To set the local password, enter the following:

CIFS> local password username

where username is the name of the user whose password you are changing.

For example, to reset the local user password for usr1, enter the following:

CIFS> local password usr1

Changing password for usr1

New password:*****

Re-enter new password:*****

Password changed for user: 'usr1'

Using Symantec FileStore as a CIFS serverAbout managing local users and groups

372

To display the local CIFS user(s)

1 To display local CIFS users, enter the following:

CIFS> local user show [username]

where username is the name of the user.

For example, to list all local users:

CIFS> local user show

List of Users

-------------

usr1

usr2

usr3

2 To display one local user, enter the following:

CIFS> local user show usr1

Username : usr1

UID : 1000

Groups : grp1

To delete the local CIFS user

◆ To delete a local CIFS user, enter the following:

CIFS> local user delete username

where username is the name of the local user you want to delete.

For example:

CIFS> local user delete usr1

Deleting User: usr1

Success: User usr1 deleted successfully


To change a user's group membership

◆ To change a user's group membership, enter the following:

CIFS> local user members username grouplist

where username is the local user name being added to the grouplist. Groupnames in the grouplist must be separated by commas.

For example:

CIFS> local user members usr3 grp1,grp2

Success: usr3's group modified successfully

About configuring local groupsA local user can be a member of one or more local groups. This group membershipis used in the standalone mode to determine if the given user can perform somefile operations on an exported share. You can create, delete, and displayinformation about local groups using the CIFS> local group command.

Table 9-15 Configure local groups commands

DefinitionCommand

Creates a local CIFS group.

See “Configuring a local group” on page 375.

local group add

Displays the list of available local groups you created.


local group show

Deletes a local CIFS group.


local group delete

Using Symantec FileStore as a CIFS serverAbout managing local users and groups

374

Configuring a local groupTo create a local group

◆ To create a local group, enter the following:

CIFS> local group add groupname

where groupname is the name of the local group.

For example:

CIFS> local group add grp1

Adding GROUP: grp1

Success: Group grp1 created successfully

To list all local groups

◆ To list all existing local groups, enter the following:

CIFS> local group show [groupname]

where groupname lists all of the users that belong to that specific group.

For example:

CIFS> local group show

List of groups

-------------

grp1

grp2

grp3

For example:

CIFS> local group show grp1

GroupName UsersList

--------- ---------

grp1 usr1, usr2, usr3, urs4


To delete the local CIFS groups

◆ To delete the local CIFS group, enter the following:

CIFS> local group delete groupname

where groupname is the name of the local CIFS group.

For example:

CIFS> local group delete grp1

Deleting Group: grp1

Success: Group grp1 deleted successfully

Enabling CIFS data migrationFileStore provides the following command for enabling CIFS data migration:

CIFS> set data_migration yes|no

To enable data migration for the CIFS server

1 To enable data migration for the CIFS server, enter the following:

CIFS> set data_migration yes

2 Restart the CIFS server by entering the following command:

CIFS> server start

3 Map the CIFS share on the Windows domain usingtheFileStore_Cluster_Name\root by the Domain Administrator.

4 Copy the data with ROBOCOPY by entering the following command in aWindows command prompt:

C:\> ROBOCOPY /E /ZB /COPY:DATSO [windows_source_dir] [CIFS_target_dir]

Make sure you have the Windows Resource Kit Tools installed.

5 Disable the CIFS data migration option after migration completes for CIFSserver security by entering the following command:

CIFS> set data_migration no

6 Restart the CIFS server by entering the following command:

CIFS> server start

Using Symantec FileStore as a CIFS serverEnabling CIFS data migration

376

Configuring your FTP server


■ About FTP

■ Displaying FTP server settings

■ About FTP server commands

■ Using the FTP server commands

■ About FTP set commands

■ Using the FTP set commands

■ Implementing all of the FTP> set command changes

■ About FTP session commands

■ Using the FTP session commands

■ Using the FTP logupload command

■ About FTP local user commands

■ Using the FTP local user commands

■ About FTP local user set commands

■ Using the FTP local user set commands

About FTPThe file transfer protocol (FTP) server feature allows clients to access files on theFileStore servers using the FTP protocol. The FTP service providessecure/non-secure access by FTP to files in the FileStore servers. The FTP serviceruns on all of the nodes in the cluster and provides simultaneous read and write

10Chapter

access to the files. The FTP service also provides configurable anonymous accessto the filer. The FTP commands are used to configure the FTP server.

By default, the FTP server is not running. You can start the FTP server using theFTP> server start command. The FTP server starts on the standard FTP port21.

FTP mode commands are listed in Table 10-1.

To access the commands, log into the administrative console (master,system-admin, or storage-admin) and enter FTP> mode.


Table 10-1 FTP mode commands

DefinitionCommand

Displays the FTP server settings.

See “Displaying FTP server settings” on page 379.

show

Starts, stops, and displays the status of the FTP server.

See “About FTP server commands” on page 379.

server

Configures the FTP server.

See “About FTP set commands” on page 381.

set

Displays and terminates the FTP sessions.

See “About FTP session commands” on page 391.

session

Uploads the FTP logs to a URL.

See “Using the FTP logupload command” on page 394.

logupload

Adds, deletes, and displays local user accounts. Configures the localuser settings.

See “About FTP local user commands” on page 394.

local

Configuring your FTP serverAbout FTP

378

Displaying FTP server settingsTo display the FTP settings

◆ To display the FTP settings, enter the following:

FTP> show

Parameter Current Value

--------- -------------

listen_port 21

max_connections 2000

max_conn_per_client 2000

passive_port_range 30000:40000

allow_non_ssl yes

idle_timeout 15 minutes

anonymous_logon no

anonymous_write no

anonymous_login_dir /vx/

allow_anon_fxp no

user_logon yes

homedir_path /vx/ftphomes

allow_delete yes

security local

allow_user_fxp no

About FTP server commandsThe FTP> server commands start, stop, and display the status of the FTP server.

Note: All configuration changes made using the FTP> set commands come intoeffect only when the FTP server is restarted.

Table 10-2 FTP server commands

DefinitionCommand

Displays the status of the FTP server.

See “Using the FTP server commands” on page 380.

server status

379Configuring your FTP serverDisplaying FTP server settings

Table 10-2 FTP server commands (continued)

DefinitionCommand

Starts the FTP server on all nodes. If the FTP server is already started,the FileStore software clears any faults and tries to start the FTPserver.


server start

Stops the FTP server and terminates any existing FTP sessions. Bydefault, the FTP server is not running.


server stop

Using the FTP server commandsTo display the FTP server status

◆ To display the FTP server status, enter

FTP> server status

FTP Status on sfs_01 : OFFLINE


To start the FTP server

◆ To start the FTP server, enter the following:

FTP> server start

To check server status, enter the following:

FTP> server status

FTP Status on sfs_01 : ONLINE

FTP Status on sfs_02 : ONLINE

Configuring your FTP serverUsing the FTP server commands

380

To stop the FTP server

◆ To stop the FTP server, enter the following:

FTP> server stop

To check the server status, enter the following:

FTP> server status



About FTP set commandsThe FTP> set commands let you set various configurable options for the FTPserver.

Table 10-3 FTP set commands

DefinitionCommand

Tells the FTP server whether or not to allow anonymouslogons. Enter yes to allow anonymous users to log on to theFTP server. Enter no (default) to not allow anonymouslogons.

For the changes to take effect, restart the FTP server. EnterFTP> server stop followed by FTP> server start.

See “Using the FTP set commands” on page 385.

set anonymous_logon

Specifies the login directory for anonymous users. Validvalues of this parameter start with /vx/. Make sure that theanonymous user (UID:40 GID:49 UNAME:ftp) has theappropriate permissions to read files in login_directory.



set anonymous_login_dir

381Configuring your FTP serverAbout FTP set commands

Table 10-3 FTP set commands (continued)

DefinitionCommand

Specifies whether or not anonymous users have the [write]value in their login_directory. Enter yes to allow anonymoususers to modify contents of their login_directory. Enter no(default) to not allow anonymous users to modify thecontents of their login_directory. Make sure that theanonymous user (UID:40 GID:49 UNAME:ftp) has theappropriate permissions to modify files in theirlogin_directory.



set anonymous_write

Specifies whether anonymous FTP sessions can performFXP (File eXchange Protocol) transfers. A value ofyesallowsanonymous authenticated sessions to transfer files toanother FTP server using FXP. The default value of thisparameter is no.



set allow_anon_fxp

Specifies whether user FTP sessions can perform FXP (FileeXchange Protocol) transfers. A value of yes allows userauthenticated sessions to transfer files to another FTPserver using FXP. The default value of this parameter is no.



set allow_user_fxp

Specifies whether to allow FTP access for users. A value ofyes allows normal users (non-anonymous users) to log in.



set user_logon

Configuring your FTP serverAbout FTP set commands

382


DefinitionCommand

Specifies whether or not to allow users to delete files on theFTP server. This option only applies to users. It does notapply to anonymous logins. Anonymous logins are neverallowed to delete files.

Enter yes (default) to allow users to delete files on the FTPserver. Enter no to prevent users from deleting files on theFTP server.



set allow_delete

Specifies whether or not to allow non-secure (plain-text)logins into the FTP server. Enter yes (default) to allownon-secure (plain-text) logins to succeed. Enter no to allownon-secure (plain-text) logins to fail.



set allow_non_ssl

Specifies the location of the login directory for users. Validvalues include any path that starts with /vx/.



set homedir_path

Specifies the amount of time in minutes after which an idleconnection is disconnected. Valid values for time_in_minutesrange from 1 to 600 (default value is 15 minutes).



set idle_timeout

Specifies the port number on which the FTP service listensfor connections. Valid values for this parameter range from10-1023. The default value is 21.



set listen_port

383Configuring your FTP serverAbout FTP set commands


DefinitionCommand

Specifies the maximum number of simultaneous FTP clientsallowed. Valid values for this parameter range from 1-9999.The default value is 2000.

For the changes to take effect, you need to restart the FTPserver. Enter FTP> server stop followed by FTP>server start.


set max_connections

Specifies the maximum number of simultaneous FTPconnections that are allowed from a single client IP address.Valid values for this parameter range from 1-9999. Thedefault value is 2000.



set max_conn_per_client

Specifies the range of port numbers to listen on for passiveFTP transfers. The port_range defines a range that isspecified as startingport:endingport. A port_range of30000:40000 specifies that port numbers starting from30000 to 40000 can be used for passive FTP. Valid valuesfor port numbers range from 30000 to 50000. The defaultvalue of this option is 30000:40000.



set passive_port_range

Specifies the type of users that are allowed to log in to theFTP server. Enter nis_ldap (default) to allow users withaccounts configured on NIS or LDAP servers to log in to theFTP server. Users that are created with the FTP > local

user add command cannot log in.

Enter local to allow users with accounts created with theFTP> local user add command to log in to the FTPserver. NIS and LDAP users cannot log in.



set security

Configuring your FTP serverAbout FTP set commands

384

Using the FTP set commandsYou need to stop and then start the FTP server for the new settings to take effect.

To set anonymous logons

◆ To enable anonymous logons, enter the following:

FTP> set anonymous_logon yes|no

Allows the anonymous users to log on to the FTP server.yes

Does not allow anonymous logons.no (default)

FTP> set anonymous_logon yes

Success.

FTP> show

Parameter Current Value New Value

--------- ------------- ---------

listen_port 21




allow_non_ssl yes


anonymous_logon no yes

anonymous_write no

...

FTP> server stop

FTP> server start

FTP> show


--------- -------------

listen_port 21




allow_non_ssl yes


anonymous_logon yes

anonymous_write no

...

385Configuring your FTP serverUsing the FTP set commands

To set anonymous logins

◆ To set anonymous logins, enter the following:

FTP> set anonymous_login_dir login_directory

where the login_directory is the login directory of the anonymous users onthe FTP server.

To set anonymous write access

◆ To set anonymous write access, enter the following:

FTP> set anonymous_write yes|no

Allows the anonymous users to modify the contents of theirlogin_directory.

yes

Does not allow anonymous users to modify the contents of theirlogin_directory.

no (default)

FTP> set anonymous_write yes

To allow users to delete files

◆ To set whether or not to allow users to delete files on the FTP server, enterthe following:

FTP> set allow_delete yes|no

Allows the users to delete files on the FTP server. This settingdoes not apply to anonymous logins. Anonymous logins are neverallowed to delete files.

yes (default)

Prevents the users from deleting files on the FTP server.no

To set non-secure logins

◆ To set non-secure login access to the FTP server, enter the following:

FTP> set allow_non_ssl yes|no

Allows non-secure (plain-text) logins to succeed.yes (default)

Allows non-secure (plain-text) logins to fail.no

Configuring your FTP serverUsing the FTP set commands

386

To specify whether anonymous FTP sessions can perform FXP transfers

◆ To specify whether anonymous FTP sessions can perform FXP (File eXchangeProtocol) transfers, enter the following:

FTP> set allow_anon_fxp yes | no

Allows the anonymous authenticated sessions to transfer filesto another FTP server using FXP.

yes

Prevents the anonymous authenticated sessions fromtransferring files to another FTP server using FXP.

no (default)

To specify whether user FTP sessions can perform FXP transfers

◆ To specify whether user FTP sessions can perform FXP (File eXchangeProtocol) transfers, enter the following:

FTP> set allow_user_fxp yes | no

Allows the user-authenticated sessions to transfer files to anotherFTP server using FXP.

yes

Prevents the user-authenticated sessions from transferring filesto another FTP server using FXP.

no (default)

To specify whether to allow FTP access for users

◆ To specify whether to allow FTP access for users, enter the following:

FTP> set user_logon yes | no

Allows the normal users (non-anonymous users) to log in to theFTP server.

yes (default)

Prevents the normal users (non-anonymous users) from logginginto the FTP server.

no

To set the home directory path

◆ To set the location of the login directory for users, enter the following:

FTP> set homedir_path path

where path is the location of the login directory. Valid values include anypath that starts with /vx/.

FTP> set homedir_path /vx/home


To set idle timeout

◆ To set the amount of time a connection can stay idle before disconnecting,enter the following:

FTP> set idle_timeout time_in_minutes

where time_in_minutes is the amount of time you want the connection to stayidle before it is disconnected.

FTP> set idle_timeout 30

To set the listen port

◆ To set the port number on which the FTP service listens for connections,enter the following:

FTP> set listen_port port_number

where port_number is the port on which the FTP service listens forconnections.

FTP> set listen_port 24

To set the maximum connections

◆ To set the maximum number of allowed simultaneous FTP clients, enter thefollowing:

FTP> set max_connections connections_number

where connections_number is the number of concurrent FTP connectionsthat are allowed on the FTP server.

FTP> set max_connections 3000

To set the maximum connections per client

◆ To set the maximum number of simultaneous FTP connections that areallowed from a single client IP address, enter the following:

FTP> set max_conn_per_client connections_number

where connections_number is the number of concurrent connections that areallowed from a single client.

FTP> set max_conn_per_client 1000

Configuring your FTP serverUsing the FTP set commands

388

To set the range of port numbers

◆ To set the range of port numbers to listen on for passive FTP transfers, enterthe following:

FTP> set passive_port_range port_range

where port_range is the range of port numbers to listen on for passive FTPtransfers.

FTP> set passive_port_range 35000:45000

To set security

◆ To set the type of users that are allowed to log in to the FTP server, enter thefollowing:

FTP> set security nis_ldap|local

Allows the users with accounts configured on NIS or LDAP serversto log in to the FTP server.

nis_ldap

Allows the users with accounts configured with theFTP> local

user add command to log in to the FTP server.local

FTP> set security local


Implementing all of the FTP> set command changesTo implement FTP> set command changes

1 To view all of the FTP> set command changes, enter the following:

FTP> show

Parameter Current Value New Value

--------- ------------- ---------

listen_port 21





allow_non_ssl yes

anonymous_logon no yes

anonymous_write no

anonymous_login_dir /vx/ftpanon

allow_anon_fxp no

user_logon yes


allow_delete yes

security local

allow_user_fxp no

2 To implement the new changes, enter the following:

FTP> server stop

FTP> server start

Configuring your FTP serverImplementing all of the FTP> set command changes

390

3 To view the new command settings, enter the following:

FTP> show


--------- -------------

listen_port 21





allow_non_ssl yes

anonymous_logon yes

anonymous_write no

anonymous_login_dir /vx/ftpanon

allow_anon_fxp no

user_logon yes


allow_delete yes

security local

allow_user_fxp no

About FTP session commandsThe FTP> session commands let you view or terminate the FTP sessions that arecurrently active.

Table 10-4 FTP session Commands

DefinitionCommand

Displays the number of current FTP sessions to each node.

See “Using the FTP session commands” on page 392.

session show

391Configuring your FTP serverAbout FTP session commands

Table 10-4 FTP session Commands (continued)

DefinitionCommand

Displays the details of each session that matches the filter_optionscriteria. If no filter_options are specified, all sessions are displayed. Ifmultiple filter options are provided then sessions matching all of thefilter options are displayed. Filter options can be combined by using','.

The details that are displayed include: Session ID, User, Client IP,Server IP, State (UL for uploading; DL for downloading, or IDLE), andFile (the name of the files that appear are either uploaded ordownloaded). If an '?' appears under User, the session is not yetauthenticated.


session showdetail

Terminates the session that is entered for the session_id variable.What you enter is the same session displayed under Session ID withthe FTP> session showdetail command.


session terminate

Using the FTP session commandsTo display the current FTP sessions

◆ To display the current FTP sessions, enter the following:

FTP> session show

Max Sessions : 2000

Nodename Current Sessions

-------- ----------------

sfs_01 4

sfs_02 2

Configuring your FTP serverUsing the FTP session commands

392

To display the FTP session details

◆ To display the details in the FTP sessions, enter the following:

FTP> session showdetail [filter_options]

where filter_optionsdisplay the details of the sessions under specific headings.Filter options can be combined by using ','. If multiple filter options are used,sessions matching all of the filter options are displayed.

For example, to display all of the session details, enter the following:

FTP> session showdetail

Session ID User Client IP Server IP State File

---------- ---- --------- --------- ----- ----

sfs_01.1111 user1 10.209.105.219 10.209.105.111 IDLE

sfs_01.1112 user2 10.209.106.11 10.209.105.111 IDLE

sfs_02.1113 user3 10.209.107.21 10.209.105.112 IDLE

sfs_01.1117 user4 10.209.105.219 10.209.105.111 DL file123

sfs_02.1118 user1 10.209.105.219 10.209.105.111 UL file345

sfs_01.1121 user5 10.209.111.219 10.209.105.112 IDLE

For example, to display the details of the current FTP sessions to the ServerIP (10.209.105.112), originating from the Client IP (10.209.107.21), enter thefollowing:

FTP> session showdetail server_ip=10.209.105.112,

client_ip=10.209.107.21

Session ID User Client IP Server IP State File

---------- ---- --------- --------- ----- ----

sfs_02.1113 user3 10.209.107.21 10.209.105.112 IDLE

To terminate an FTP session

◆ To terminate one of the FTP sessions that are displayed in the FTP> session

showdetail command, enter the following:

FTP> session terminate session_id

where session_id is the unique identifier for each FTP session that is displayedin the FTP> session showdetail output.

FTP> session terminate sfs_02.1113

Session sfs_02.1113 terminated

393Configuring your FTP serverUsing the FTP session commands

Using the FTP logupload commandThe FTP> logupload command lets you upload the FTP server logs to a specifiedURL.

To upload the FTP server logs

◆ To upload the FTP server logs to a specified URL, enter the following:

FTP> logupload url [nodename]

The URL where the FTP logs are uploaded. The URL supportsboth FTP and SCP (secure copy protocol). If a node name isspecified, only the logs from that node are uploaded.

The default name for the uploaded file is ftp_log.tar.gz.

Passwords that are added directly to the URL are not supported.

url

The node on which the operation occurs. Enter the value all forthe operation to occur on all of the nodes in the cluster.

nodename

Use the password you already set up on the node to which youupload the logs.

password

For example, to upload the logs from all of the nodes to an SCP-based URL:

FTP> logupload scp://user@host:/path/to/directory all

Password:

Collecting FTP logs, please wait.....

Uploading the logs to scp://root@host:/path/to/directory,

please wait...done

For example, to upload the logs from sfs_1 to an FTP-based URL:

FTP> logupload ftp://user@host:/path/to/directory sfs_1

Password:

Collecting FTP logs, please wait.....

Uploading the logs to ftp://root@host:/path/to/directory,

please wait...done

About FTP local user commandsThe FTP> local user commands let you create and manage local user accountson the FTP server.

Configuring your FTP serverUsing the FTP logupload command

394

When you add a local user account, the user's home directory is createdautomatically on the FTP server. User home directories on the FTP server arespecified by path/usernamewhere path is the home directory path configured bythe FTP > set homedir_path command.

Table 10-5 FTP local user Commands

DefinitionCommand

Adds a local user account to the FTP server.

See “Using the FTP local user commands” on page 396.

local user add

Changes the password for a local user account on the FTP server.


local userpassword

Removes a local user account from the FTP server.


local user delete

Shows a list of local user accounts and associated information.


local user show

395Configuring your FTP serverAbout FTP local user commands

Using the FTP local user commandsTo add a local user account

1 To add a local user account, enter the following:

FTP> local user add username

where username is the name of the user whose account you want to add.

2 When the password prompt appears, enter a password for the local user.

3 Type the password again for verification.

For example:

FTP > local user add user1

Input password for user1.

Enter password:

Re-enter password:

Success.

When you add a local user, a home directory for the local user is created basedon the user name of the account and the home directory path that is specifiedfor users. For example, /vx/home/user1.

All users are limited to their home directories and are not allowed to accessfiles on the FTP server beyond their home directories.

To change a password for a local user

1 To change a password for a local user, enter the following:

FTP> local user passwd username

whereusername is the name of the user whose password you want to change.

2 When the password prompt appears, enter a new password, then type thepassword again for verification.

For example:

FTP > local user passwd user1

Enter password:

Re-enter password:

Success.

Configuring your FTP serverUsing the FTP local user commands

396

To delete a local user account

◆ To delete a local user account, enter the following:

FTP> local user delete username

where username is the name of the user whose account you want to delete.

For example:

FTP > local user delete user1

Success.

When you delete a local user account, the local user's home directory is notdeleted.

To show local user accounts

◆ To show local user accounts (and account settings) configured on the FTPserver, enter the following:

FTP> local user showUSER HOMEDIR UPLOAD DOWNLOAD MAX_FILES MAX_USAGE MAX_CONN---- ------- ------ -------- --------- --------- --------localftp1 /localftp1 - - 1000 - -localftp2 /localftp2 20 MB/s - - - -localftp3 /test/asfta - 10 MB/s - 10.00 MB -localftp4 /localftp4 - - - - 20test /test 103 MB/s 203 MB/s - 103.00 MB 10003test2 /test2 - - - - -

About FTP local user set commandsBy default, local user accounts on the FTP server have no limits for the following:

■ Upload bandwidth.

■ Download bandwidth.

■ Number of files and directories in a home directory.

■ The amount of disk space available for files in a home directory.

■ Number of simultaneous connections.

To configure limits for these options, use the FTP> user local set commands.

397Configuring your FTP serverAbout FTP local user set commands

You can also use the FTP> local user set command specify home directoriesfor local users accounts.

Local user changes are effective immediately for new connections. You do notneed to restart the FTP server.

Table 10-6 FTP local user set commands

DefinitionCommand

Specifies the maximum upload bandwidth (in MB/second)for a local user account on the FTP server. By default, thereis no limit on the upload bandwidth for local users.

See “Using the FTP local user set commands” on page 399.

set upload_bandwidth

Specifies the maximum download bandwidth (in MB/second)for a local user account on the FTP server. By default, thereis no limit on the download bandwidth for local users.


set download_bandwidth

Specifies the maximum number of files and directories fora local user account on the FTP server. By default, there isno limit on the upload bandwidth for local users.


set max_files

Specifies the maximum amount of disk space available in alocal user home directory. By default, there is no limit tothe amount of disk space local users can have for their homedirectories.

Values can be specified as M (megabytes), G (gigabytes) or T(terabytes). For example, 200G.


set max_usage

Specifies the maximum number of simultaneous connectionsa local user can have to each node in the cluster. By defaultthere is no limit to the number of connections a local usercan have to the FTP server.


set max_connections

Configuring your FTP serverAbout FTP local user set commands

398

Table 10-6 FTP local user set commands (continued)

DefinitionCommand

Specifies the home directory for a local user account.

The home directory you configure for a local user accountis created relative to the home directory path that isconfigured by theFTP > set homedir_path command.

The default home directory value for local user accounts isusername where username is the login name for the localuser account.

For example, if the home directory path is set to/vx/fs1/ftp_home and the user name is user1, thedefault home directory for user1 is/vx/fs1/ftp_home/user1

Changes to this value are applicable for any newconnections. Configuring a new home directory locationdoes not migrate any existing data in a local user's currenthome directory to the new home directory.


set homedir

Using the FTP local user set commands

Note:Quota values for MAX_FILES and MAX_USAGE are enforced during the commitof the FTP transaction. The transfer might show the status as 100% transferred,but the final commit might fail if the quota is exceeded.

150 Accepted data connection

100%

*****************************************************|

2791 MB 106.58 MB/s 00:00 ETA

553-Quota exceeded: largefile.iso won't be saved

399Configuring your FTP serverUsing the FTP local user set commands

To show local user settings

◆ To show the current settings for local user accounts, enter the following:

FTP> local user showUSER HOMEDIR UPLOAD DOWNLOAD MAX_FILES MAX_USAGE MAX_CONN---- ------- ------ -------- --------- --------- --------localftp1 /localftp1 - - 1000 - -localftp2 /localftp2 20 MB/s - - - -localftp3 /test/asfta - 10 MB/s - 10.00 MB -localftp4 /localftp4 - - - - 20test /test 103 MB/s 203 MB/s - 103.00 MB 10003test2 /test2 - - - - -

To set upload bandwidth

◆ To set the maximum upload bandwidth for a local user account, enter thefollowing:

FTP> local user set upload_bandwidth username max_value

Specifies the name of a user account.username

Specifies the maximum upload bandwidth value (measured inMB/second) for the user's account.

max_value

For example:

FTP > local user set upload_bandwidth user2 40000

Success.

Configuring your FTP serverUsing the FTP local user set commands

400

To set download bandwidth

◆ To set the maximum download bandwidth for a local user account, enter thefollowing:

FTP> local user set download_bandwidth username

max_value


Specifies the maximum download bandwidth value (measuredin MB/second) for the user's account.

max_value

For example:

FTP > local user set download_bandwidth user2 80000

Success.

To set maximum files

◆ To set the maximum number of files and directories for a local user account,enter the following:

FTP> local user set max_files username

number


Specifies the maximum number of files and directories that areallowed in the user's home directory.

max_value

For example:

FTP> local user set max_files user2 5000

Success.


To set maximum disk space usage

◆ To set the maximum amount of disk space that is allowed for a local useraccount, enter the following:

FTP> local user set max_usage username

number


Specifies the maximum amount of disk space available for thefiles that are stored in the user's home directory.

Values can be specified as M (megabytes), G (gigabytes), or T(terabytes). For example, 200G.

number

For example:

FTP> local user set max_usage user2 10T

Success.

To set maximum connections

◆ To set the maximum number of simultaneous connections a local user canhave to the FTP server, enter the following:

FTP> local user set max_connections username

number


Specifies the maximum number of simultaneous connects a usercan have to the FTP server.

number

For example:

FTP> local user set max_connections user2 1000

Success.


402

To set the home directory

◆ To set the home directory for a local user account, enter the following:

FTP> local user set homedir username

dir_name

Specifies that name of a user account.username

Specifies the name of the home directory for the local useraccount.

dir_name

For example:

FTP> local user set homedir user2 home

Success.

The home directory you configure for a local user account is created relativeto the home directory path that is configured by the FTP> set homedir_path

command.

Changes to this value are applicable for any new connections. Configuring anew home directory location does not migrate any existing data in a localuser's current home directory to the new home directory.



404

Configuring your HTTPserver


■ About configuring your HTTP server for accessing FileStore data

■ About using the HTTP server commands

■ About HTTP set commands

■ About HTTP alias commands

■ About HTTP document root mapping commands

About configuring your HTTP server for accessingFileStore data

In addition to CIFS, FTP, and NFS, you can access FileStore file data by way of theHypertext Transfer (HTTP) protocol using a standard HTTP server. You specifythe document root directory of the HTTP server to access data within one or moreFileStore file systems. Then, you can use HTTP protocol to access and downloadthese files.

Note: If you monitor HTTP downloads, Internet Explorer may display an incorrectpercentage for the amount of file downloaded. Occasionally, Internet Explorermight display the download percentage as more than 100%. In addition, InternetExplorer may sometimes only partially download a file, without displaying anerror message for the partial download.

11Chapter

About using the HTTP server commandsYou use the HTTP> server commands to configure a Hypertext Transfer (HTTP)server. The HTTP server allows files to be accessed using the HTTP protocol.

The HTTP server is started on the standard HTTP port 80. By default, the HTTPserver is not running.

Table 11-1 HTTP server commands

DefinitionCommand

Starts the HTTP server.

By default, the HTTP server is not running.

See “Starting the HTTP server” on page 406.

server start

Stops any existing HTTP sessions.

See “Stopping the HTTP server” on page 407.

server stop

Displays the status for the HTTP server.

See “Displaying the status for the HTTP server” on page 407.

server status

Starting the HTTP serverTo start the HTTP server

◆ To start the HTTP server, enter the following:

HTTP> server start

For example:

HTTP> server start

Success.

Configuring your HTTP serverAbout using the HTTP server commands

406

Stopping the HTTP serverTo stop the HTTP server

◆ To stop the HTTP server, enter the following:

HTTP> server stop

For example:

HTTP> server stop

Success.

Displaying the status for the HTTP serverTo display the status for the HTTP server

◆ To display the status for the HTTP server, enter the following:

HTTP> server status

For example:

HTTP> server status

HTTP Status on sfs_01 : ONLINE

HTTP Status on sfs_02 : ONLINE

About HTTP set commandsYou use the HTTP> set commands to set various configurable options for theHTTP server.

You can view the current HTTP sessions using theHTTP> session show command.

You can also display the list of all HTTP configurable options and their valuesusing the HTTP> show command.

Table 11-2 HTTP set commands

DefinitionCommand

Displays the current HTTP sessions on each node.

See “Displaying the current HTTP sessions on each node”on page 409.

session show

407Configuring your HTTP serverAbout HTTP set commands

Table 11-2 HTTP set commands (continued)

DefinitionCommand

Sets the minimum number of threads that need to be kept idleto handle sudden bursts of requests. If there is a sudden burst ofrequests, the HTTP server attempts to use these spare threads.Also, it tries to start additional spare threads in the background.

See “Setting the minimum number of idle threads for handlingrequest spikes” on page 409.

set MinSpareThreads

Sets the maximum number of idle threads to handle requestspikes. If there are more thanMaxSpareThreads idle, then thosethreads are terminated.

See “Setting the maximum number of idle threads for handlingrequest spikes” on page 409.

set MaxSpareThreads

Sets the maximum number of threads that are created. If allMaxThreads are busy, new incoming requests may be blocked ordiscarded.

See “Setting the maximum number of threads to be created”on page 410.

set MaxThreads

Sets the initial number of server threads to start with. If thisvalue is less than MinSpareThreads, the HTTP server initiallystarts with the StartThreads value, and more threads are createduntil there are at least MinSpareThreads idle.

See “Setting the initial number of server threads” on page 410.

set StartThreads

Sets the maximum number of threads in each server process.

See “Setting the maximum number of threads in each serverprocess” on page 410.

set ThreadsPerProc

Displays the list of all configurable HTTP options and theirvalues.

See “Displaying the list of all configurable HTTP options andtheir values” on page 411.

show

Configuring your HTTP serverAbout HTTP set commands

408

Displaying the current HTTP sessions on each nodeTo display the current HTTP sessions on each node

◆ To display the current HTTP sessions on each node, enter the following:

HTTP> session show

For example:

HTTP> session show

Max Sessions: 2000

Nodename Current Sessions

-------- ----------------

sfs_01 4

sfs_02 2

Setting the minimum number of idle threads for handling requestspikes

To set the minimum number of idle threads for handling request spikes

◆ To set the minimum number of idle threads for handling request spikes, enterthe following:

HTTP> set MinSpareThreads value

where value is the minimum number of idle threads. value has to be less thanMaxSpareThreads.

Setting the maximum number of idle threads for handling requestspikes

To set the maximum number of idle threads to handle request spikes

◆ To set the maximum number of idle threads to handle request spikes, enterthe following:

HTTP> set MaxSpareThreads value

where value is the maximum number of idle threads.

For example:

HTTP> set MaxSpareThreads 10

Success.

409Configuring your HTTP serverAbout HTTP set commands

Setting the maximum number of threads to be createdTo set the maximum number of threads to be created

◆ To set the maximum number of threads to be created, enter the following:

HTTP> set MaxThreads value

where value is the maximum number of threads to be created.

Setting the initial number of server threadsTo set the initial number of server threads

◆ To set the initial number of server threads, enter the following:

HTTP> set StartThreads value

where value is the initial number of server threads.

Setting the maximum number of threads in each server processTo set the maximum number of threads in each server process

◆ To set the maximum number of threads in each server process, enter thefollowing:

HTTP> set ThreadsPerProc value

where value is the maximum number of threads in each server process.

Configuring your HTTP serverAbout HTTP set commands

410

Displaying the list of all configurable HTTP options and their valuesTo display the list of all configurable HTTP options and their values

◆ To display the list of all configurable HTTP options and their values, enterthe following:

HTTP> show

For example:

HTTP> show

DocumentRoot /vx/fs_str


--------- --------------

MinSpareThreads 7

MaxSpareThreads 9

MaxThreads 100

StartThreads 8

ThreadsPerProc 4

Virtual Path Real Path

------------ ----------

/fs_str0 /vx/fs_str

About HTTP alias commandsYou use the HTTP> alias commands to configure the HTTP aliases that providemappings of physical directories (realPath) to virtual paths (virtualPath). Changesare visible to new HTTP connections. Existing HTTP connections still use the oldHTTP mappings.

Table 11-3 HTTP alias commands

DefinitionCommand

Adds a mapping from a virtualPath to a realPath. When clients try toaccess a virtualPath, they access the realPath instead. realPath needsto be an existing directory. If a virtualPath ends with a slash (/), thenthe realPath should also end with a slash (/). If a virtualPath does notend with a slash (/), then the realPath should also not end with a slash(/).

See “Adding a mapping from a virtualPath to a realPath” on page 412.

alias add

411Configuring your HTTP serverAbout HTTP alias commands

Table 11-3 HTTP alias commands (continued)

DefinitionCommand

Deletes a mapping that is visible from clients as a virtualPath.

See “Deleting a mapping that is visible to clients as a virtualPath”on page 413.

alias del

Displays all the aliases that are configured on the server.

See “Displaying all the aliases configured on the server” on page 413.

alias show

Adding a mapping from a virtualPath to a realPathTo add a mapping from a virtualPath to a realPath

◆ To add a mapping from a virtualPath to a realPath, enter the following:

HTTP> alias add virtualPath realPath

Virtual path visible from the HTTP server.

For example: /fs_str0.

virtualPath

Existing physical directory location.

realPath needs to be an existing directory, and it needs to belongto the /vx directory.

For example: /vx/fs_str.

realPath

For example:

HTTP> alias add /new/vx/fs_new

Success.


------------ ---------

/fs_str0 /vx/fs_str

/new /vx_fs_new

Configuring your HTTP serverAbout HTTP alias commands

412

Deleting a mapping that is visible to clients as a virtualPathTo delete a mapping that is visible to clients as a virtualPath

◆ To delete a mapping that is visible to clients as a virtualPath, enter thefollowing:

HTTP> alias del virtualPath

where virtualPath is the virtual directory path you created.

For example:

HTTP> alias del /new

Success.

HTTP> alias show


------------ ---------

/fs_str0 /vs/fs_str

Displaying all the aliases configured on the serverTo display all the aliases configured on the server

◆ To display all the aliases that are configured on the server, enter the following:

HTTP> alias show

For example:

HTTP> alias show


------------ ---------

/fs_str0 /vx/fs_str

/new /vx/fs_new

About HTTP document root mapping commandsYou use the HTTP> documentRoot commands to specify and then to display theroot directory for the HTTP server.

413Configuring your HTTP serverAbout HTTP document root mapping commands

Table 11-4 HTTP document root mapping commands

DefinitionCommand

Specifies the root directory for the HTTP server.

For Web serving, '/' represents the root directory.

See “Setting the root directory for the HTTP server” on page 414.

documentRoot set

Displays the root directory for the HTTP server.

See “Displaying the current root directory for the HTTP server”on page 415.

documentRoot show

Removes the existing root directory setting for the HTTP server.This command cannot be run when HTTP server is started. Oncethe setting is cleared, the HTTP server cannot be started untilthe HTTP document root is set again using the HTTP>documentRoot set command.

See “Clearing the root directory setting for the HTTP server”on page 415.

documentRoot clear

Setting the root directory for the HTTP serverTo set the root directory for the HTTP server

◆ To set the root directory for the HTTP server, enter the following:

HTTP> documentRoot set document_root_dir

where document_root_dir is the root directory for the HTTP server.

For example:

HTTP> documentRoot set /vx/test_fs/http_dir

Success.

Configuring your HTTP serverAbout HTTP document root mapping commands

414

Displaying the current root directory for the HTTP serverTo display the current root directory for the HTTP server

◆ To display the current root directory for the HTTP server, enter the following:

HTTP> documentRoot show

For example:

HTTP> documentRoot show

DocumentRoot /vx/test_fs/http_dir

Clearing the root directory setting for the HTTP serverTo clear the root directory setting for the HTTP server

1 Make sure that the HTTP server is stopped.

2 To clear the root directory setting for the HTTP server, enter the following:

HTTP> documentRoot clear

For example:

HTTP> documentRoot clear

Success.

Once this setting is cleared, the HTTP server cannot be started until the HTTPdocument root directory is set again using the HTTP> documentRoot set

command.

415Configuring your HTTP serverAbout HTTP document root mapping commands

Configuring your HTTP serverAbout HTTP document root mapping commands

416

Configuring eventnotifications and audit logs


■ About configuring event notifications and audit logs

■ About severity levels and filters

■ About email groups

■ Configuring an email group

■ About syslog event logging

■ Configuring a syslog server

■ Displaying events on the console

■ About SNMP notifications

■ Configuring an SNMP management server

■ Configuring events for event reporting

■ Exporting events and audits in syslog format to a given URL

■ About audit logs

■ Configuring audit logs

■ Disabling the audit log for a file system

12Chapter

About configuring event notifications and audit logsFileStore monitors the status and health of various network and storagecomponents, and generates events to notify the administrator. FileStore providesa mechanism to send these events to external event monitoring applications likesyslog server, SNMP trap logger, and mail servers . This section explains how toconfigure FileStore so that external event monitoring applications are notifiedof events on the FileStore cluster.

This chapter discusses the FileStore report commands. The Report commandsare defined in Table 12-1.

To access the commands, log in to the administrative console (for master,system-admin, or storage-admin) and enter Report> mode.


Table 12-1 Report mode commands

DefinitionCommand

Configures the events for event reporting.

See “Configuring events for event reporting” on page 433.

event

Exports the events in syslog format to a given URL.

See “Exporting events and audits in syslog format to a given URL”on page 434.

exportevents

Configures an email group.

See “Configuring an email group” on page 421.

email

Configures a syslog server.

See “Configuring a syslog server” on page 427.

syslog

Configures an SNMP management server.

See “Configuring an SNMP management server” on page 430.

snmp

Displays the events.

See “Displaying events on the console” on page 429.

showevents

Configures the audit logs to record file system activity on the filesystems that are enabled for data archive and retention (DAR).See“Configuring audit logs” on page 437.

audit

Configuring event notifications and audit logsAbout configuring event notifications and audit logs

418

About severity levels and filtersFileStore monitors events of different severity levels. Setting the severity to aparticular level informs FileStore to stop notifications about lower-level events.

Notifications are sent for events having the same or higher severity.

Table 12-2 describes the valid FileStore severity levels in descending order ofseverity.

Table 12-2 Severity levels

DescriptionValid value

Indicates that the system is unusableemerg

Indicates that immediate action is requiredalert

Indicates a critical conditioncrit

Indicates an error conditionerr

Indicates a warning conditionwarning

Indicates a normal but a significant conditionnotice

Indicates an informational messageinfo

Indicates a debugging messagedebug

FileStore classifies event notifications by area. Setting the event filter to a specificlevel filters out other areas.

Notifications are sent for events matching the given filter.

The following filters are configurable:

■ Network - if an alert is for a networking event, then selecting the network filtertriggers that alert. If you select the network filter only, and an alert is for astorage-related event, the network alert is not sent.

■ Storage - is for storage-related events, for example, file systems, snapshots,disks, and pools

■ All - resets the filter to show all events.

About email groupsThe Report> email commands configure the email notifications of events.

These commands support the following:

419Configuring event notifications and audit logsAbout severity levels and filters

■ Adding email groups

■ Adding filters to the group

■ Adding email addresses to the email group

■ Adding event severity to the group

■ Configuring an external mail server for sending event notification emails

Table 12-3 Email group commands

DefinitionCommand

Displays an existing email group or details for the email group.


email show

Uses the email groups to combine multiple email addresses into oneentity; the email group is used as the destination of the FileStore emailnotification. Email notification properties can be configured for eachemail group.

When an email group is added initially, it has the all default filter.When a group is added initially, the default severity is info.


email add group

Adds an email address to a group.


email addemail-address

Adds a severity level to an email group.


email add severity

Adds a filter to a group.


email add filter

Deletes an email address.


email delemail-address

Deletes a filter from a specified group.


email del filter

Deletes an email group.


email del group

Deletes a severity from a specified group.


email del severity

Configuring event notifications and audit logsAbout email groups

420

Table 12-3 Email group commands (continued)

DefinitionCommand

Displays the details of the configured mail server .

Obtain the following information:

■ Name of the configured mail server

■ Email user's name

■ Email user's password


email get

Adds an mail server and user account from which email notificationsare sent out.


email set

Deletes the configured mail server by specifying the command withoutany options to delete the mail server .


email set

Configuring an email groupFileStore can be configured to send email messages to users or groups of usersthrough an external SMTP server.

To display attributes of an email group

◆ To display attributes of an email group, enter the following:

Report> email show [group]

where group is optional, and it specifies the group for which to display theattributes. If the specified group does not exist, an error message is displayed.For example:

Report> email show root

Group Name: root

Severity of the events: info,debug

Filter of the events: all,storage

Email addresses in the group: [email protected]

OK Completed

To add a new email group

◆ To add a new email group, enter the following:

421Configuring event notifications and audit logsConfiguring an email group

Report> email add group group

where group specifies the name of the new email group and can only containthe following characters:

■ Alpha characters

■ Numbers

■ Hyphens

■ Underscores

Entering invalid characters results in an error message. If the entered groupalready exists, then no error message is displayed. For example:

Report> email add group alert-grp

OK Completed

Multiple email groups can be defined, each with their own email addresses,event severity, and filter.

To add an email address to an existing group

◆ To add an email address to an existing group, enter the following:

Report> email add email-address group email-address

For example:

Report> email add email-address alert-grp [email protected]

OK Completed

Specifies the group to which the email address is added.If the email group that is specified does not exist, thenan error message is displayed.

group

Specifies the email address to be added to the group.If the email address is not a valid email address, amessage is displayed. If the email address has alreadybeen added to the specified group, a message isdisplayed.

email-address

Configuring event notifications and audit logsConfiguring an email group

422

To add a severity level to an existing email group

◆ To add a severity level to an existing email group, enter the following:

Report> email add severity group severity

For example:

Report> email add severity alert-grp alert

OK Completed

Specifies the email group for which to add the severity.If the email group that is specified does not exist, anerror message is displayed.

group

Indicates the severity level to add to the email group.

See “About severity levels and filters” on page 419.

Entering an invalid severity results in an errormessage, prompting you to enter a valid severity.

Only one severity level is allowed at one time.

You can have two different groups with the sameseverity levels and filters.

Each group can have its own severity definition. Youcan define the lowest level of the severity that triggersall other severities higher than it.

severity


To add a filter to an existing group

◆ To add a filter to an existing group, enter the following:

Report> email add filter group filter

Specifies the email group for which to apply the filter.If the specified email group does not exist, an errormessage is displayed.

group

Specifies the filter for which to apply to the group.


The default filter is all.

A group can have more than one filter, but there maynot be any duplicate filters for the group.

filter

For example:

Report> email add filter root storage

OK Completed

To delete an email address from an existing group

◆ To delete an email address from an existing group, enter the following:

Report> email del email-address group email-address

Specifies the group from which to delete the emailaddress. If the entered group does not exist, an errormessage is displayed.

group

Specifies the email address from which to delete fromthe group. If the email address you entered does notexist for the group, an error message is displayed.

email-address

For example, to delete an existing email address from the email group, enterthe following:

Report> email del email-address root testuser@localhost

Configuring event notifications and audit logsConfiguring an email group

424

To delete a filter from an existing group

◆ To delete a filter from an existing group, enter the following:

Report> email del filter group filter

Specifies the group to remove the filter from. If theentered email group does not exist, an error messageis displayed.

group

Specifies the filter to be removed from the group.


The default filter is all.

If the specified filter is not in the specified group, anerror message is displayed.

filter

To delete an existing email group

◆ To delete an existing email group, enter the following:

Report> email del group group

where group specifies the name of the email group to be deleted. If the emailgroup you specified does not exist, an error message is displayed.

To delete a severity from a specified group

◆ To delete a severity from a specified group, enter the following:

Report> email del severity group severity

Specifies the name of the email group from which theseverity is to be deleted. If the specified email groupdoes not exist, an error message is displayed.

group

Specifies the severity to delete from the specifiedgroup.


A severity cannot be deleted from a group if it does notexist for that group. If this situation occurs, an errormessage is displayed.

severity


To display mail server settings

◆ To display mail server settings, enter the following:

Report> email get

E-Mail Server: smtp.symantec.com

E-Mail Username: adminuser

E-mail User's Password: ********

OK Completed

To add a mail server and user account

◆ To add a mail server and user account from which email notifications aresent out, enter the following:

Report> email set [email-server] [email-user]

Specifies the external mail server from which emailnotifications are sent out.

email-server

Specifies the user account from which email notificationsare sent out.

Ifemail-user is specified, then the password for that useron the SMTP server is required.

email-user

For example:

Report> email set smtp.symantec.com adminuser

Enter password for user 'adminuser': ********

To delete the mail server from sending email messages

◆ To delete the mail server from sending email messages, enter the followingcommand without any options:

Report> email set

About syslog event loggingFileStore can be configured to send system log messages to syslog servers basedon severity and filter.

In FileStore, options include specifying the external system log (syslog) serverfor event reporting, and setting the filter and the severity levels for events. Event

Configuring event notifications and audit logsAbout syslog event logging

426

notifications matching configured severity levels and filters are logged to thoseexternal syslog servers.


Table 12-4 Syslog commands

DefinitionCommands

Displays the list of syslog servers.


syslog show

Adds a syslog server


syslog add

Sets the severity for the syslog server.


syslog set severity

Sets the syslog server filter.


syslog set filter

Displays the values of the configured syslog server.


syslog get filter

Deletes a syslog server.


syslog delete

Configuring a syslog serverFileStore can be configured to send syslog messages to syslog servers based onset severities and filters.

To display the list of syslog servers

◆ To display the list of syslog servers, enter the following:

Report> syslog show

To add a syslog server to receive event notifications

◆ To add a syslog server to receive event notifications, enter the following:

Report> syslog add syslog-server-ipaddr

where syslog-server-ipaddr specifies the host name or the IP address of theexternal syslog server.

427Configuring event notifications and audit logsConfiguring a syslog server

To set the severity of syslog messages

◆ To set the severity of syslog messages to be sent, enter the following:

Report> syslog set severity value

where value indicates the severity of syslog messages to be sent.

For example:

Report> syslog set severity warning


To set the filter level of syslog messages

◆ To set the filter level of syslog messages to be sent, enter the following:

Report> syslog set filter value

where value indicates the filter level of syslog messages to be sent.

For example:

Report> sylog set filter storage

OK Completed


To display the values of the configured filter and severity level settings

◆ To display the values of the configured filter and severity level settings, enterthe following:

Report> syslog get filter|severity

For example:

Report> syslog get severity

Severity of the events: err

OK Completed

To delete a syslog server from receiving message notifications

◆ To delete a syslog server from receiving message notifications, enter thefollowing:

Report> syslog delete syslog-server-ipaddr

syslog-server-ipaddr specifies the host name or the IP address of the syslogserver.

Configuring event notifications and audit logsConfiguring a syslog server

428

Displaying events on the consoleTo display events on the console

◆ To display events on the console, enter the following:

Report> showevents [number_of_events]

where number_of_events specifies the number of events that you want todisplay. If you leave number_of_events blank, or if you enter 0, FileStoredisplays all of the events in the system.

About SNMP notificationsSimple Network Management Protocol (SNMP) is a network protocol to simplifythe management of remote network-attached devices such as servers and routers.SNMP is an open standard system management interface. Information from theManagement Information Base (MIB) can also be exported.

SNMP traps enable the reporting of a serious condition to a management station.The management station is then responsible for initiating further interactionswith the managed node to determine the nature and extent of the problem.

In FileStore, options include specifying the SNMP server to receive traps fromthe FileStore cluster, and selecting the severity of the occurrences to report.


Table 12-5 SNMP commands

DefinitionCommand

Adds an SNMP management server.


snmp add

Displays the current list of SNMP management servers.


snmp show

Deletes an already configured SNMP management server.


snmp delete

Sets the severity for SNMP notifications.


snmp set severity

Sets the filter for SNMP notifications.


snmp set filter

429Configuring event notifications and audit logsDisplaying events on the console

Table 12-5 SNMP commands (continued)

DefinitionCommand

Displays the values of the configured SNMP notifications.


snmp getfilter|severity

Uploads the SNMP Management Information Base (MIB) file to thegiven URL. The URLs support FTP and SCP.

If the url specifies a remote directory, the default file name issfsfs_mib.txt.


snmp exportmib

Configuring an SNMP management serverTo add an SNMP management server to receive SNMP traps

◆ To add an SNMP management server to receive SNMP traps, enter thefollowing:

Report> snmp add snmp-mgmtserver-ipaddr [community_string]

snmp-mgmtserver-ipaddr specifies the host name or the IP address of theSNMP management server.

[community_string] specifies the community name for the SNMP managementserver. The default community_string is public.

When you use theReport> snmp show command,community_stringdisplaysas follows:

[email protected], [email protected]

For example, if using the IP address, enter the following:

Report> snmp add 10.10.10.10

OK Completed

For example, if using the host name, enter the following:

Report> snmp add mgmtserv1.symantec.com

OK Completed

SNMP traps can be sent to multiple SNMP management servers.

Configuring event notifications and audit logsConfiguring an SNMP management server

430

To display the current list of SNMP management servers

◆ To display the current list of SNMP management servers, enter the following:

Report> snmp show

Configured SNMP management servers:

10.10.10.10,mgmtserv1.symantec.com

[email protected], [email protected]

OK Completed

To delete an already configured SNMP management server from receiving SNMPtraps

◆ To delete an already configured SNMP management server from receivingSNMP traps, enter the following:

Report> snmp delete snmp-mgmtserver-ipaddr

snmp-mgmtserver-ipaddr specifies the host name or the IP address of theSNMP management server.

For example:

Report> snmp delete 10.10.10.10

OK Completed

If you input an incorrect value for snmp-mgmtserver-ipaddr, an error messagedisplays.

For example:

Report> snmp delete mgmtserv22.symantec.com

SFS snmp delete ERROR V-288-26 Cannot delete SNMP management server,

it doesn't exist.

To set the severity for SNMP traps to be sent

◆ To set the severity for SNMP traps to be sent, enter the following:

Report> snmp set severity value

where value indicates the severity for the SNMP trap to be sent.

For example:

Report> snmp set severity warning

OK Completed


431Configuring event notifications and audit logsConfiguring an SNMP management server

To set the filter level of SNMP traps

◆ To set the filter level for SNMP traps, enter the following:

Report> snmp set filter value

where value indicates the filter.

For example:

Report> snmp set filter network

OK Completed


To display the filter or the severity levels of SNMP traps to be sent

◆ To display the filter or the severity levels of SNMP traps to be sent, enter thefollowing:

Report> snmp get filter|severity

For example:

Report> snmp get severity

Severity of the events: warning

OK Completed

Report> snmp get filter

Filter for the events: network

OK Completed

To export the SNMP MIB file to a given URL

◆ To export the SNMP MIB file to a given URL, enter the following:

Report> snmp exportmib url

where url specifies the location the SNMP MIB file is exported to.

FTP and SCP URLs are supported.

For example:

Report> snmp exportmib

scp://[email protected]:/tmp/sfsfs_mib.txt

Password: *****

OK Completed

If the url specifies a remote directory, the default file name is sfsfs_mib.txt.

Configuring event notifications and audit logsConfiguring an SNMP management server

432

Configuring events for event reportingTo reduce duplicate events

◆ To reduce the number of duplicate events that are sent for notifications, enterthe following:

Report> event set dup-frequency number

wherenumber indicates time (in seconds) in which only one event (of duplicateevents) is sent for notifications.

For example:

Report> event set dup-frequency 120

OK Completed

where number indicates the number of duplicate events to ignore.

Report> event set dup-number number

For example:

Report> event set dup-number 10

OK Completed

Todisplay the time interval or the number of duplicate events sent for notifications

◆ To display the time interval, enter the following:

Report> event get dup-frequency

For example:

Report> event get dup-frequency

Duplicate events frequency (in seconds): 120

OK Completed

To set the number of duplicate events that are sent for notifications, enterthe following:

Report> event get dup-number

For example:

Report> event get dup-number

Duplicate number of events: 10

OK Completed

433Configuring event notifications and audit logsConfiguring events for event reporting

Exporting events and audits in syslog format to agiven URL

You can export events and audits in syslog format to a given URL.

Supported URLs for upload include:

■ FTP

■ SCP

To export audit events and audits in syslog format

◆ To export events and audits in syslog format to a given URL, enter thefollowing:

Report> exportevents url [audit]

Exports the events in syslog format to the specified URL. URLsupports FTP and SCP. If the URL specifies the remote directory,the default file name is sfsfs_event.log.

url

Exports the audits in syslog format to the specified URL. URLsupports FTP and SCP. If the URL specifies the remote directory,the default file name is sfsfs_audit.log.

audit

For example:

Report> exportevents

scp://[email protected]:/exportevents/event.1

Password: *****

OK Completed

About audit logsUse Report> audit commands to configure audit logs for DAR-enabled filesystems. When it is enabled, the audit log feature tracks file system activity andstores the results in log files.

To configure an audit log:

■ Specify the file system to be logged.Only DAR-enabled file system can be configured for audit logs.

■ Choose which activities (operations) on the file system are included in the log.Only the activities you specify are logged, no other operations are logged.

Configuring event notifications and audit logsExporting events and audits in syslog format to a given URL

434

Note: When audit logs are configured for a DAR-enabled file system, that filesystem cannot be taken offline or destroyed.

Table 12-6 Audit commands

DefinitionCommand

Enables the audit logs on a DAR-enabled file system.

See “Configuring audit logs” on page 437.

audit fs enable

Displays the set of operations (and WORM-only settings) enabled foraudit logs.


audit fs list

Shows the audit logs for a file system.


audit fs show

Disables the audit logs for a file system. Disabling audit logs does notdelete current audit log records.


audit fs disable

Table 12-7 lists the file system operations you can include in audit logs.

Table 12-7 File system operations in audit logs

DefinitionOperation

All file system operations.all

All metadata operations.all_metadata(default)

All file create operations, including the create, mkdir, link, and symlinkoperations.

all_create

All delete file operations, including the delete, unlink, and rmdiroperations.

all_delete

All set extended attribute operations, including the setattr and thesetxattr operations.

all_setxattr

All open file operations.open

All close file operations.close

All file write operations.write

435Configuring event notifications and audit logsAbout audit logs

Table 12-7 File system operations in audit logs (continued)

DefinitionOperation

All file read operations.read

All file rename operations.rename

All file create operations.create

All make directory operations.mkdir

All file link operations.link

All symbolic link operations for files.symlink

All unlink operations.unlink

All remove directory operations.rmdir

All file rename operations.rename

All file set attribute operations.setattr

All file set extended attribute operations.setxattr

All file remove attribute operations.removeattr

All file get attribute operations.getattr

All file get extended attribute operations.getxattr

All file-related list extended attribute operations.list_xattr

Configuring event notifications and audit logsAbout audit logs

436

Configuring audit logsTo enable an audit log

◆ To configure an audit log for a DAR-enabled file system, enter the following:

Report> audit fs enable fs_name [operations] [wormonly=yes|no]

Specifies the name of the file system you want to audit.You can only audit DAR-enabled file systems.

fs_name

A comma-separated list of operations to audit. Onlythe operations you specify are logged.


operations

Valid inputs for the wormonly option arewormonly=yes or wormonly=no.

If you specify wormonly=yes, only the operationswhich are done on WORM files are audited.

If you specify wormonly=no, all files (WORM andnon-WORM) are audited.

The default is wormonly=yes.

wormonly

Report> audit fs enable fs1 read,write wormonly=no

To list operations tracked by an audit log

◆ To list which operations are tracked by an audit log, enter the following:

Report> audit fs list [fs_name]

where fs_name is the name of the file system. If fs_name is not specified, alist of audit log operations for all DAR-enabled file systems is displayed.

Report> audit fs list

File system: fs1

Operations: read,write

Wormonly: wormonly=no

File system: fs2

Operations: all

Wormonly: wormonly=yes

437Configuring event notifications and audit logsConfiguring audit logs

To show audit results for a DAR-enabled file system

◆ To show audit log entries for a file system, enter the following:

Report> audit fs show fs_name [operations] [maxlines]

Specifies the name of the file system whose audit log you wantto view.

fs_name

A comma-separated list of operations to display in the log. Onlylog entries for the operations you specify are displayed. By defaultall_metadata operations are displayed.


operations

The maximum number of lines that are shown for an audit log.If you specify zero (0), all lines in the log are shown. The defaultis 10 lines.

maxlines

Report> audit fs show fs1 all 0

Filename Operation UID Timestamp Success

======== ========= === ========= =======

/vx/fs1/file2 write 0 Aug 18 13:19:04 2010 Success


/vx/fs1/file2 setattr 0 Aug 18 13:16:50 2010 Success

/vx/fs1/file2 create 0 Aug 18 13:16:50 2010 Success





/vx/fs1/file1 setxattr 0 Aug 18 10:31:26 2010 Success




/vx/fs1/file1 unlink 0 Aug 18 10:30:26 2010 Success


Configuring event notifications and audit logsConfiguring audit logs

438

Disabling the audit log for a file systemTo disable the audit log for a file system

◆ To disable the audit log for a file system, enter the following:

Report> audit fs disable fs_name

where fs_name is the name of the file system.

When you disable an audit log, the current audit log records are not deleted.

Report> audit fs disable fs1

439Configuring event notifications and audit logsDisabling the audit log for a file system

Configuring event notifications and audit logsDisabling the audit log for a file system

440

Configuring backup


■ About backup

■ About NetBackup

■ About the NetBackup Snapshot Client

■ About NetBackup snapshot methods

■ About NetBackup instant recovery

■ About Fibre Transport

■ About SAN clients

■ About FT media servers

■ About the FT Service Manager

■ About zoning the SAN for Fibre Transport

■ About HBAs for SAN clients and FT media servers

■ About supported SAN configurations for SAN Client

■ Adding a NetBackup master server to work with FileStore

■ Configuring or changing the virtual IP address used by NetBackup and NDMPdata server installation

■ Configuring the virtual name of NetBackup

■ About the Network Data Management Protocol

■ About backup configurations

■ Configuring backup

13Chapter

■ Configuring backups using NetBackup or other third-party backup applications

About backupThe Backup commands are defined in Table 13-1.

To access the commands, log into the administrative console (for master,system-admin, or storage-admin) and enter the Backup> mode.


Table 13-1 Backup mode commands

DefinitionCommand

Configures the local NetBackup installation of FileStore to use anexternal NetBackup master server, Enterprise Media Manager (EMM)server, or media server.

See “About NetBackup” on page 443.

netbackup

Configures the NetBackup and NDMP data server installation onFileStore nodes to use ipaddr as its virtual IP address.

See “Configuring or changing the virtual IP address used by NetBackupand NDMP data server installation” on page 450.

virtual-ip

Configures the NetBackup installation on FileStore nodes to usenameas its host name.

See “Configuring the virtual name of NetBackup” on page 451.

virtual-name

Transfers data between the data server and the tape server under thecontrol of a client. The Network Data Management Protocol (NDMP)is used for data backup and recovery.

See “About the Network Data Management Protocol” on page 452.

ndmp

Displays the settings of the configured servers.

See “About backup configurations” on page 466.

show

Displays the status of configured servers.


status

Starts the configured servers.


start

Stops the configured servers.


stop

Configuring backupAbout backup

442

About NetBackupFileStore includes built-in client software for Symantec’s NetBackup dataprotection suite. If NetBackup is the enterprise’s data protection suite of choice,file systems hosted by FileStore can be backed up to a NetBackup media server.To configure the built-in NetBackup client, you need the names and IP addressesof the NetBackup master and media servers. Backups are scheduled from thoseservers, using NetBackup’s administrative console.

Consolidating storage reduces the administrative overhead of backing up andrestoring many separate file systems. With a 2255 TB maximum file system size,FileStore makes it possible to collapse file storage into fewer administrative units,thus reducing the number of backup interfaces and operations necessary. Allcritical file data can be backed up and restored through the NetBackup clientsoftware included with FileStore (separately licensed NetBackup master and mediaservers running on separate computers are required), or through any backupmanagement software that supports NAS systems as data sources.

Table 13-2 Netbackup commands

DefinitionCommand

Provides a functioning external NetBackup master server to work withFileStore. FileStore only includes the NetBackup client code on theFileStore nodes. If you want to use NetBackup to back up your FileStorefile systems, you must add an external NetBackup master server.

For NetBackup clients to be compliant with the NetBackup End-UserLicense Agreement (EULA), you must have purchased and enteredvalid license keys on the external NetBackup master server prior toconfiguring NetBackup to work with FileStore.

For more information on entering NetBackup license keys on theNetBackup master server, refer to theSymantecNetBackup InstallationGuide, Release 7.0.1.

See “Adding a NetBackup master server to work with FileStore ”on page 449.

netbackupmaster-server

Adds an external NetBackup Enterprise Media Manager (EMM) server(which can be the same as the NetBackup master server) to work withFileStore.

Note: If you want to use NetBackup to backup FileStore file systems,you must add an external NetBackup EMM server.


netbackupemm-server

443Configuring backupAbout NetBackup

Table 13-2 Netbackup commands (continued)

DefinitionCommand

Adds an external NetBackup media server (if the NetBackup mediaserver is not co-located with the NetBackup master server).

Note: Adding an external NetBackup media server is optional. If youdo not add one, then FileStore uses the NetBackup master server asthe NetBackup media server.


netbackupmedia-server add

Deletes an already configured NetBackup media server.


netbackupmedia-serverdelete

About the NetBackup Snapshot ClientA snapshot is a point-in-time, read-only, disk-based copy of a client volume. Afterthe snapshot is created, NetBackup backs up data from the snapshot, not directlyfrom the client’s primary or original volume. Users and client operations canaccess the primary data without interruption while data on the snapshot volumeis backed up. The contents of the snapshot volume are cataloged as if the backupwas produced directly from the primary volume. After the backup is complete,the snapshot-based backup image on storage media is indistinguishable from atraditional, non-snapshot backup.

About NetBackup snapshot methodsNetBackup can create different types of snapshots. Each snapshot type that youconfigure in NetBackup is called a snapshot method. Snapshot methods enableNetBackup to create snapshots within the storage stack (such as the file system,volume manager, or disk array) where the data resides. If the data resides in alogical volume, NetBackup can use a volume snapshot method to create thesnapshot. If the data resides in a file system, NetBackup can use a file systemmethod, depending on the client operating system and the file system type.

You select the snapshot method in the backup policy as explained under “Selectingthe snapshot method” in the Symantec NetBackup 7.0.1 Snapshot ClientAdministrator's Guide.

Configuring backupAbout the NetBackup Snapshot Client

444

Note:When using FileStore with NetBackup, select the VxFS_Checkpoint snapshotmethod.

About NetBackup instant recoveryThis feature makes backups available for quick recovery from disk. InstantRecovery combines snapshot technology—the image is created with minimalinterruption of user access to data—with the ability to do rapid snapshot-basedrestores. The snapshot is retained on disk as a full backup image.

About Fibre TransportNetBackup Fibre Transport is a method of data transfer. It uses Fibre Channeland a subset of the SCSI command protocol for data movement over a SAN ratherthan TCP/IP over a LAN. It provides a high-performance transport mechanismbetween NetBackup clients and NetBackup media servers.

Fibre Transport supports multiple, concurrent logical connections. The NetBackupsystems that support Fibre Transport contain Fibre Channel HBAs that arededicated to FT communication.

The NetBackup Fibre Transport service is active on both the SAN clients and theNetBackup media servers that connect to the storage.

Throughout this documentation, Fibre Transport connections between NetBackupclients and NetBackup servers are referred to as FT pipes.

About SAN clientsA NetBackup SAN client is a NetBackup client on which the Fibre Transport serviceis activated. The SAN client is similar to the NetBackup SAN media server that isused for the Shared Storage Option; it backs up its own data. However, the SANclient is based on the smaller NetBackup client installation package, so it hasfewer administration requirements and uses fewer system resources.

Usually, a SAN client contains critical data that requires high bandwidth forbackups. It connects to a NetBackup media server over Fibre Channel.

The NetBackup SAN Client Fibre Transport Service manages the connectivity andthe data transfers for the FT pipe on the SAN clients. The SAN client FT servicealso discovers FT target mode devices on the NetBackup media servers and notifiesthe FT Service Manager about them.

445Configuring backupAbout NetBackup instant recovery

About FT media serversA NetBackup FT media server is a NetBackup media server on which the FibreTransport services are activated. NetBackup FT media servers accept connectionsfrom SAN clients and send data to the disk storage.

The host bus adapters (HBAs) that accept connections from the SAN clients usea special NetBackup target mode driver to process FT traffic.

The media server FT service controls data flow, processes SCSI commands, andmanages data buffers for the server side of the FT pipe. It also manages the targetmode driver for the host bus adaptors.

Requires the SAN Client license.

About the FT Service ManagerThe FT Service Manager (FSM) resides on the NetBackup server that hosts theNetBackup Enterprise Media Manager service. FSM interacts with the FT servicesthat run on SAN clients and on FT media servers. FSM discovers, configures, andmonitors FT resources and events. FSM runs in the same process as EMM.

About zoning the SAN for Fibre TransportBefore you can configure and use the NetBackup Fibre Transport (FT) mechanism,the SAN must be configured and operational.

See “About supported SAN configurations for SAN Client” on page 448.

For SAN switched configurations, proper zoning prevents Fibre Transport trafficfrom using the bandwidth that may be required for other SAN activity. Properzoning also limits the devices that the host bus adapter (HBA) ports discover; theports should detect the other ports in their zone only. Without zoning, each HBAport detects all HBA ports from all hosts on the SAN. The potentially large numberof devices may exceed the number that the operating system supports.

Instructions for how to configure and manage a SAN are beyond the scope of theNetBackup documentation. However, the following recommendations may helpyou optimize your SAN traffic.

Table 13-3 describes the zones you should use for your SAN traffic.

Configuring backupAbout FT media servers

446

Note:You must use physical port ID or World Wide Port Name (WWPN) when youspecify the HBA ports on NetBackup Fibre Transport media servers.

Table 13-3 Appliance zones

DescriptionZone

A Fibre Transport zone (or backup zone) should include only specific HBA ports of the hoststhat use Fibre Transport, as follows:

■ Ports on the FT media server HBAs that connect to the SAN clients. These ports use theSymantec Corporation target mode driver.

■ Ports on the SAN client HBAs that connect to the media server ports that are in target mode.The ports on the SAN clients use the standard initiator mode driver.

You must define the FT media server target ports by physical port ID or World Wide PortName (WWPN). The target mode driver WWPNs are not unique because they are derivedfrom the Fibre Channel HBA WWPN.

The NetBackup SAN clients should detect only the HBA ports that are in target mode on theNetBackup media servers. They should not detect HBA ports in initiator mode on theNetBackup media servers. They should not detect the FC HBAs on other hosts.

To promote multistream throughput, each SAN client should detect all target mode devicesof the media server HBA ports in the zone.

A Fibre Transportzone

If the storage is on a SAN, create an external storage zone. The zone should include the HBAports for the storage and the FT media server HBA ports that connect to the storage. All of theports in the storage zone use the standard initiator mode HBA driver.

External storagezone

About HBAs for SAN clients and FT media serversThe Fibre Channel host bus adapter (HBA) and driver requirements differ on theSAN clients and on the NetBackup FT media servers, as follows:

The HBAs on the SAN clients can be any supported FibreChannel HBA. The HBA ports must operate in the defaultinitiator mode.

For the HBAs on the SAN client systems, do the following:

■ Install the drivers for the HBA.

■ Install the utilities for the HBA. Although not requiredfor NetBackup operation, the utilities may help totroubleshoot connectivity problems.

HBAs on SAN clients

447Configuring backupAbout HBAs for SAN clients and FT media servers

The NetBackup media servers that host Fibre Transportrequire the following:

■ For the connections to the SAN clients, use a QLogic HBAthat NetBackup supports for Fibre Transport. For theseHBAs, you must configure them to use the NetBackuptarget mode driver.

■ If you use SAN attached storage, you can use anysupported Fibre Channel HBA to connect to the storage.For these HBAs, you should install the QLogic driver andutilities. The HBA ports that connect to the storage mustremain in the default initiator mode.

■ The HBAs and their drivers must support 256K sizebuffers for data transfer.

HBAs on NetBackup FTmedia servers

For information about supported HBAs, see the NetBackup Release Notes.

About supported SAN configurations for SAN ClientNetBackup supports the following SAN configurations for Fibre Transport:

Connect the NetBackup media servers and SAN clients to aSAN switch as follows:

■ Connect the HBA port on the NetBackup FT media serverto a Fibre Channel switch port.

■ Connect each SAN client HBA port to ports on the sameFibre Channel switch.

■ Define the zones on the switch so that the client(s) andserver(s) are in the same zone. Be aware of the following:

■ You must define the NetBackup FT media servertarget ports by physical port ID or World Wide PortName (WWPN). The target mode driver WWPNs arenot unique because they are derived from the FibreChannel HBA WWPN.

■ You can define SAN client ports by either port ID orWWPN. However, if you use one method only, zonedefinition and management is easier.

Node port (N_Port) switchedconfiguration

Use Fibre Channel arbitrated loop (FC-AL) to connect aNetBackup FT media server HBA port directly to aNetBackup SAN client HBA port.

Note: FC-AL hubs are not supported.

Fibre Channel arbitrated loop(FC-AL) configuration

Configuring backupAbout supported SAN configurations for SAN Client

448

Adding a NetBackup master server to work withFileStore

To add an external NetBackup master server

◆ To add an external NetBackup master server, enter the following:

Backup> netbackup master-server server

where server is the host name of the NetBackup master server. Make surethat server can be resolved through DNS, and its IP address can be resolvedback to server through the DNS reverse lookup.

For example:

Backup> netbackup master-server nbumaster.symantecexample.com

Ok Completed

To add a NetBackup EMM server

◆ To add the external NetBackup EMM server, enter the following:

Backup> netbackup emm-server server

where server is the host name of the NetBackup EMM server. Make sure thatserver can be resolved through DNS, and its IP address can be resolved backto server through the DNS reverse lookup.

For example:

Backup> netbackup emm-server nbumedia.symantecexample.com

OK Completed

To add a NetBackup media server

◆ To add an NetBackup media server, enter the following:

Backup> netbackup media-server add server

where server is the host name of the NetBackup media server. Make sure thatserver can be resolved through DNS, and its IP address can be resolved backto server through the DNS reverse lookup.

For example:

Backup> netbackup media-server add nbumedia.symantecexample.com

OK Completed

449Configuring backupAdding a NetBackup master server to work with FileStore

To delete an already configured NetBackup media server

◆ To delete an already configured NetBackup media server, enter the following:

Backup> netbackup media-server delete server

where server is the host name of the NetBackup media server you want todelete.

For example:

Backup> netbackup media-server delete nbumedia.symantecexample.com

OK Completed

Configuring or changing the virtual IP address usedby NetBackup and NDMP data server installation

You can configure or change the virtual IP address that is used by NetBackup andthe NDMP data server installation on FileStore nodes. This address is a highlyavailable virtual IP address in the cluster.

For information about the Symantec NetBackup 7.0.1 client capability, refer tothe Symantec NetBackup 7.0.1 product documentation set.

Note: If you use NetBackup and the NDMP data server installation on FileStorenodes, configure the virtual IP address using the Backup> virtual-ip commandso that it is different from all of the virtual IP addresses, including the consoleserver IP address and the physical IP addresses used to install FileStore.

Configuring backupConfiguring or changing the virtual IP address used by NetBackup and NDMP data server installation

450

To configure or change the virtual IP address used by NetBackup and NDMP dataserver installation

◆ To configure or change the virtual IP address that is used by NetBackup andthe NDMP data server installation on FileStore nodes, enter the following:

Backup> virtual-ip ipaddr [device]

The virtual IP address to be used with the NetBackup and theNDMP data server installation on the FileStore nodes. Make surethat ipaddr can be resolved back to the host name that isconfigured by using the Backup> virtual-name command.

ipaddr

The Ethernet interface for the virtual IP address.device

For example:

Backup> virtual-ip 10.10.10.10 pubeth1

OK Completed


Configuring the virtual name of NetBackupTo configure or change the NetBackup host name

◆ To configure the NetBackup installation on FileStore nodes to use name asits host name, enter the following:

Backup> virtual-name name

where name is the host name for the NetBackup installation on FileStorenodes.

Backup> virtual-name nbuclient.symantecexample.com

Make sure that name can be resolved through DNS, and its IP address can beresolved back to name through the DNS reverse lookup. Also, make sure thatname resolves to an IP address that is configured by using the Backup>

virtual-ip command.

For example:

Backup> virtual-name nbuclient.symantecexample.com

OK Completed

See “Configuring or changing the virtual IP address used by NetBackup andNDMP data server installation” on page 450.

451Configuring backupConfiguring the virtual name of NetBackup

About the Network Data Management ProtocolThe Network Data Management Protocol (NDMP) is an open protocol fortransferring data between the data server and the tape server under the controlof a client. NDMP is used for data backup and recovery.

NDMP is based on a client-server architecture. The Data Management Applicationis the client and the data and the tape services are the servers. The DataManagement Application initiates the backup session. A single control connectionfrom the Data Management Application to each of the data and the tape servicesand a data connection between the tape and the data services creates a backupsession.

Note: The information in this section assumes that you have the correct backupinfrastructure to support the NDMP environment.

NDMP provides the following services:

■ Defines a mechanism and protocol for controlling the backup, recovery, andother transfers of data between the data server and the tape server.

■ Separates the network attached Data Management Application, data servers, and tape servers participating in archival, recovery, or data migrationoperations.

■ Provides low-level control of tape devices and SCSI media changers.

Table 13-4 NDMP terminology

DefinitionTerminology

The host computer system that executes the NDMP server application.Data is backed up from the NDMP host to either a local tape drive orto a backup device on a remote NDMP host.

host

The virtual state machine on the NDMP host that is controlled usingthe NDMP protocol. This term is used independently ofimplementation. The three types of NDMP services include: dataservice, tape service, and SCSI service.

service

An instance of one or more distinct NDMP services that are controlledby a single NDMP control connection. Thus a Data/Tape/SCSI Serveris an NDMP server providing data, tape, and SCSI services.

server

The configuration of one client and two NDMP services to perform adata management operation such as a backup or a recovery.

session

Configuring backupAbout the Network Data Management Protocol

452

Table 13-4 NDMP terminology (continued)

DefinitionTerminology

The application that controls the NDMP server. The NDMP clientinitiates backup and restore. In NDMP version 4, the client is the DataManagement Application.

client

An application that controls the NDMP session. In NDMP there is amaster-slave relationship. The Data Management Application is thesession master; the NDMP services are the slaves. In NDMP versions1, 2, and 3 the term "NDMP client" is used instead of the DataManagement Application.

Data ManagementApplication

The Backup> ndmp commands configure the default policies that are used duringthe NDMP backup and restore sessions.

In FileStore, NDMP supports the following commands:

■ setenv commands. The set environment commands let you configure thevariables that make up the NDMP backup policies for your environment.

■ getenv commands. The get environment commands display what you haveset up with the setenv commands or the default values of all of the NDMPenvironment variables.

■ showenv command. The show environment command displays all of the NDMPpolicies.

■ restoredefaultenv command. The restore default environment commandrestores the NDMP policies back to their default values.

About NDMP supported configurationsFileStore currently supports the three-way NDMP backup. The data and the tapeservices reside on different nodes on a network. The Data Management Applicationhas two control connections, one to each of the data and the tape services. Thedata and the tape services also have a data connection.

Data travels from the disk on an NDMP host to a tape device on another NDMPhost. Backup data is sent over the local network. The tape drives must be inNDMP-type storage units.

453Configuring backupAbout the Network Data Management Protocol

Figure 13-1 Illustration of three-way NDMP FileStore backup

Tape Library

ControlFlow

NFS clients

DataFlow

NBU MediaServer withNDMP

Primary Storage Array

NBU / TSM / EMCLegato withNDMP

ControlFlow

FileStore – Cluster– NDMP Server

The NDMP commands configure the default policies that are used during theNDMP backup or restore sessions. The Data Management Application (client)initiating the connection for NDMP backup and restore operations to the NDMPdata server or tape server can override these default policies by setting the samepolicy name as environment variable and using any suitable value of thatenvironment variable.

The FileStore NDMP server supports MD5 and text authentication. The DataManagement Application that initiates the connection to the server uses masterfor the user name and for the password for the NDMP backup sessionauthentication. The password can be changed using the Admin> passwd command.



454

About the NDMP policiesThe Backup> ndmp commands configure the default policies which are used duringthe NDMP backup and restore sessions. The DMA (NDMP client) initiating theconnection for the NDMP backup and restore operation to the FileStore NDMPdata server can override these default policies by setting the same policy nameas environment variable and using any suitable value of that environment variable.

Table 13-5 NDMP set commands

DefinitionCommand

Defines how new data is recorded over old data. Thiscommand has three configuration options.

See “Configuring the NDMP policies” on page 456.

ndmp setenvoverwrite_policy

Continues the backup and restore session even if an errorcondition occurs.

During a backup or restore session, if a file or directorycannot be backed up or restored, setting value to yes letsthe session continue with the remaining specified files anddirectories in the list. A log message is sent to the DataManagement Application about the error. Refer to the DataManagement Application documentation for the locationof the NDMP logs.

Some conditions, such as an I/O error, does not let thecommand continue the backup and restore session.


ndmp setenv failure_resilient

Configures the Dynamic Storage Tiering (DST) restorepolicy.

Note: During the restore session, the DST policy onlyapplies to the file system, but it does not become effectiveuntil you run it through the storage tier policy commands.


ndmp setenv restore_dst

Configures the NDMP recursive restore policy to restorethe contents of a directory each time you restore.


ndmp setenvrecursive_restore

Contains the file system backup information for the backupcommand. In the FileStore NDMP environment, thedumpdates file is /etc/ndmp.dumpdates.


ndmp setenvupdate_dumpdates


Table 13-5 NDMP set commands (continued)

DefinitionCommand

States whether or not you want the file history of the backedup data to be sent to the Data Management Application.


ndmp setenv send_history

Lets you bring back previous versions of the files for reviewor to be used. A snapshot is a virtual copy of a set of filesand directories that is taken at a particular point in time.The NDMP use snapshot policy enables the backup of apoint-in-time image of a set of files and directories insteadof a continuous changing set of files and directories.


ndmp setenv use_snapshot

Enables the configuration of the NDMP backup methodpolicy. This policy enables an incremental backup.


ndmp setenv backup_method

Configures the masquerade as a third-party policy.


ndmp setenvmasquerade_as_thirdparty

Configuring the NDMP policies

Caution: No checks are made when the file overwrites the directory or vice versa.The destination path being overwritten is removed recursively.


456

To configure the overwrite policy

◆ To configure the overwrite policy, enter the following:

Backup> ndmp setenv overwrite_policy value

where the variables for value are listed in the following table.

Checks if the file or directory to be restored already exists. If itdoes, the command responds with an error message. A logmessage is returned to the Data Management Application. Referto the Data Management Application documentation for thelocation of the NDMP log messages. The file or directory is notoverwritten.

no_overwrite

Checks if the file or directory already exists. If it does, it isrenamed with the suffix.#ndmp_old and a new file or directoryis created.

rename_old(default)

If the file or directory already exists, it is overwritten. Whilerestoring from incremental backups, set the value tooverwrite_always.

No checks are made when files overwrite a directory. Thedestination path being overwritten is removed recursively.

overwrite_always

For example:

Backup> ndmp setenv overwrite_policy rename_old

Ok Completed

To configure the failure resilient policy

◆ To configure the failure resilient policy, enter the following:

Backup> ndmp setenv failure_resilient value

where the variables for value are yes or no.

The backup and restore session continues even if an errorcondition is encountered. However some conditions, such as theI/O error, cause the backup and restore session to stop.

yes (default)

The backup and restore session terminates immediately when itencounters any error condition.

no


To configure the restore Dynamic Storage Tiering policy

◆ To configure the restore Dynamic Storage Tiering policy, enter the following:

Backup> ndmp setenv restore_dst value


During the backup session, if the specified directory that is setup for backup is a directory in the file system mount point, thenthe Dynamic Storage Tiering policy is backed up. During therestore session, if the Dynamic Storage Tiering policy exists inthe backup stream, the Dynamic Storage Tiering policy that wasbacked up is applied to the restore destination path if that pathis a mount point (full file system restore). The Dynamic StorageTiering policy is not restored if the secondary tier does not existon the destination path. If the Dynamic Storage Tiering policycould not be restored, a log message is returned to the DataManagement Application (refer to the Data ManagementApplication documentation for the location of the NDMP logs).

During the restore, the Dynamic Storage Tiering policy is appliedonly to the file system, but it is not effective until you run itthrough the Storage> tier policy commands.

yes (default)

The Dynamic Storage Tiering policy is not applied even if all ofthe other conditions are met.

no

To configure the recursive restore policy

◆ To configure the recursive restore policy, enter the following:

Backup> ndmp setenv recursive_restore value


If the name list (names of the files and directories to be restoredfrom the backup) specifies a directory, the contents of thatdirectory are restored recursively.

yes (default)

Restores the directory, but not the contents of the directory.no


458

To configure the update dumpdates policy

◆ To configure the update dumpdates policy, enter the following:

Backup> ndmp setenv update_dumpdates value


If NetBackup is used for backup by way of NDMP, use set UPDATE = No inNetBackup to disable updating dumpdates. Or use set UPDATE = "" to stopNetBackup from using a default value of yes.

Updates the dumpdates files by the FileStore NDMP data serverwith the details of the current backup which includes the timeat which the backup was taken, the directory that was backedup, and the level of the backup. This information can be laterused for the next backup session for the incremental and thedifferential backups.

yes (default)

The dumpdates files are not updated.no

To configure the send history policy

◆ To configure the send history policy, enter the following:

Backup> ndmp setenv send_history value


Sends the history of the backed up data to the Data ManagementApplication. The history includes information for every file anddirectory that was backed up, such as name, stat, positioningdata (used for DAR restore), and inode information.

yes (default)

The file history information is not sent to the Data ManagementApplication.

no


To configure the use snapshot policy

◆ To configure the use snapshot policy, enter the following:

Backup> ndmp setenv use_snapshot value


The backup session first takes the snapshot of the file systemwhich is backed up. The snapshot is also taken if any directoryof the file system is backed up. The snapshot that is taken usesthe same storage space as the stprage space of the main filesystem.

yes (default)

The backup session takes the backup of only the live file system.no

To configure the backup method policy

◆ To configure the backup method policy, enter the following:

Backup> ndmp setenv backup_method value

where the variables for value are fcl or mtime.

File Change Log. FCL can be used to directly get the list ofmodified files in the file system and they can then be backed up.However, since FCL is finite in size, it is possible that not all ofthe changes can be recorded in the FCL. In that case, use themtime backup method.

FCL (default)

Time of last modification. By checking the mtimes of the files inthe file system, the time of last backup can be stored reliablysomewhere in the file system, and the time can be used to findall of the modified files since last backup. The location where the'time of last backup' is stored is /etc/ndmp.dumpdates. Thefile name is mentioned when you configure theupdate_dumpdates command.

mtime

For example:

Backup> ndmp setenv backup_method mtime

OK Completed


460

To configure the masquerade as a third-party policy

◆ To configure the masquerade as a third-party policy, enter the following:

Backup> ndmp setenv masquerade_as_thirdparty value


The FileStore NDMP server masquerades as a third-partycompatible device for certain NDMP backup applications.

yes

The FileStore NDMP server does not masquerade as a third-partycompatible device.

no (default)

For example:

Backup> ndmp setenv masquerade_as_thirdparty yes

OK Completed

Backup>

Displaying all NDMP policiesTo display all of the NDMP policies

◆ To display the NDMP policies, enter the following:

Backup> ndmp showenv

For example:

Backup> ndmp showenv

Overwrite policy: Rename old

Failure Resilient: yes

Restore DST policies: yes

Recursive restore: yes

Update dumpdates: yes

Send history: yes

Use snapshot: yes

Backup method: fcl

Masquerade as thirdparty: yes

OK Completed


About retrieving the NDMP data

Table 13-6 NDMP get commands

DefinitionCommand

Defines how new data is recorded over old data. To retrievethe settings for the policy that you set up, use the ndmpgetenv overwrite_policy command.

See “Retrieving the NDMP data” on page 463.

ndmp getenvoverwrite_policy

Enables the continuation of the backup and restore sessioneven if an error condition occurs because a file or directorycannot be backed up or restored. To retrieve the settingsfor the policy that you set up, use the ndmp getenv

failure_resilient command.


ndmp getenvfailure_resilient

Configures the Dynamic Storage Tiering restore policy. Toretrieve the settings for the policy that you set up, use thendmp getenv restore_dst command.


ndmp getenv restore_dst

Enables the configuration of the restore session to restorethe contents of a directory. To retrieve the settings for thepolicy that you set up, use the ndmp getenv

recursive_restore command.


ndmp getenvrecursive_restore

Enables the configuration of the dumpdates file. To retrievethe settings for the policy that you set up, use the ndmpgetenv update_dumpdates command.


ndmp getenvupdate_dumpdates

States whether or not you want the file history of the backedup data to be sent to the Data Management Application. Toretrieve the settings for the policy that you set up, use thendmp getenv send_history command.


ndmp getenv send_history

Enables how much of the files and directories you want tocopy during the backup session. To retrieve the settings forthe policy that you set up, use the ndmp getenv

use_snapshot command.


ndmp getenv use_snapshot


462

Table 13-6 NDMP get commands (continued)

DefinitionCommand

Enables the configuration of the method to back up the filesystem. To retrieve the settings for the policy that you setup, use the ndmp getenv backup_method command.


ndmp getenv backup_method

Configures the NDMP server to masquerade as a third-partycompatible device for certain NDMP backup applications.


ndmp getenvmasquerade_as_thirdparty

Retrieving the NDMP dataTo retrieve the overwrite backup data

◆ To retrieve the overwrite backup data, enter the following:

Backup> ndmp getenv overwrite_policy

For example:

Backup> ndmp getenv overwrite_policy

Overwrite policy: Rename old

OK Completed

To retrieve the failure resilient backup data

◆ To retrieve the failure resilient data, enter the following:

Backup> ndmp getenv failure_resilient

For example:

Backup> ndmp getenv failure_resilient

Failure Resilient: yes

OK Completed


To retrieve the restore Dynamic Storage Tiering data

◆ To retrieve the restore Dynamic Storage Tiering data, enter the following:

Backup> ndmp getenv restore_dst

For example:

Backup> ndmp getenv restore_dst

Restore DST policies: no

OK Completed

To retrieve the recursive restore data

◆ To retrieve the recursive restore data, enter the following:

Backup> ndmp getenv recursive_restore

For example:

Backup> ndmp getenv recursive_restore

Recursive restore: yes

OK Completed

To retrieve the update dumpdates data

◆ To retrieve the update dumpdates data, enter the following:

Backup> ndmp getenv update_dumpdates

For example:

Backup> ndmp getenv update_dumpdates

Update dumpdates: yes

OK Completed

To retrieve the send history data

◆ To retrieve the send history data, enter the following:

Backup> ndmp getenv send_history

For example:

Backup> ndmp getenv send_history

Send history: no

OK Completed


464

To retrieve the NDMP use snapshot data

◆ To retrieve the send history data, enter the following:

Backup> ndmp getenv use_snapshot

For example:

Backup> ndmp getenv use_snapshot

Use snapshot: yes

OK Completed

To retrieve the NDMP backup method

◆ To retrieve the configured backup method policy, enter the following:

Backup> ndmp getenv backup_method

For example:

Backup> ndmp getenv backup_method

Backup Method: fcl

OK Completed

To retrieve the masquerade as a third-party policy

◆ To retrieve the configured masquerade as a third-party policy, enter thefollowing:

Backup> ndmp getenv masquerade_as_thirdparty

For example:

Backup> ndmp getenv masquerade_as_thirdparty

Masquerade as thirdparty: yes

OK Completed

Restoring the default NDMP policiesTo restore the NDMP policies to default values

◆ To restore the NDMP policies to default values, enter the following:

Backup> ndmp restoredefaultenv


About backup configurationsTable 13-7 Backup configuration commands

DefinitionCommand

Displays the NetBackup configured settings. If the settings wereconfigured while the backup and the restore services were running,then they may not be currently in use by the FileStore nodes. Todisplay all of the configured settings, first run the backup> stop

command, then run the backup> start command.

See “Configuring backup” on page 467.

show

Displays if the NetBackup and the NDMP data server have started orstopped on the FileStore nodes. If the NetBackup and the NDMP dataserver have currently started and is running, then Backup> status

displays any on-going backup or restore jobs.



status

Starts processes that handle backup and restore. You can also changethe status of a virtual IP address to online after it has been configuredusing the Backup> virtual-ip command. This command appliesto any currently active node in the cluster that handles backup andrestore jobs.

The Backup> start command does nothing if the backup and therestore processes are already running.


start

Enables the processes that handle backup and restore. You can alsochange the status of a virtual IP address to offline after it has beenconfigured using the Backup> virtual-ip command.

TheBackup> stop command does nothing if backup jobs are runningthat involve FileStore file systems.


stop

Configuring backupAbout backup configurations

466

Configuring backupTo display NetBackup configurations

◆ To display NetBackup configurations, enter the following:

Backup> show

For example:

Backup> show

Virtual name: nbuclient.symantec.com

Virtual IP: 10.10.10.10

NetBackup Master Server: nbumaster.symantec.com

NetBackup EMM Server: nbumaster.symantec.com

NetBackup Media Server(s): not configured

Backup Device: pubeth1

Ok Completed

467Configuring backupConfiguring backup

To display the status of backup services

◆ To display the status of backup services, enter the following:

Backup> status

An example of the status command when no backup services are running:

Backup> status

Virtual IP state : up

Backup service online node : node_01

NDMP Server state : running

NetBackup Client state : running

No backup/restore jobs running.

OK Completed

An example of the status command when the backup jobs that are runninginvolve file systems using NDMP.

Backup> status



NDMP Server state : working

NetBackup Client state : running

Following filesystems are currently busy in backup/restore jobs by

NDMP: myfs1

OK Completed

An example of the status command when the backup jobs that are runninginvolve file systems using the NetBackup client.

Backup> status



NDMP Server state : running

NetBackup Client state : working

Some filesystems are busy in backup/restore jobs by NetBackup Client

OK Completed

Configuring backupConfiguring backup

468

To start backup services

◆ To start backup processes, enter the following:

Backup> start [nodename]

where the optional nodename specifies the node where backup services arestarted.

For example:

Backup> start

OK Completed

To stop backup services

◆ To stop backup services, enter the following:

Backup> stop

For example:

Backup> stop

SFS backup ERROR V-288-0 Cannot stop, some backup jobs are running.

Configuring backups using NetBackup or otherthird-party backup applications

You can backup FileStore using the Symantec NetBackup 7.0.1 client capability,or backup applications from other third-party companies that use the standardNFS mount to backup over the network. The FileStore ISO image includes theSymantec NetBackup 7.0.1 FileStore client code.

For information about the Symantec NetBackup 7.0.1 client capability, refer tothe Symantec NetBackup 7.0.1 product documentation set.

The Backup> netbackup commands configure the local NetBackup installationof FileStore to use an external NetBackup master server, Enterprise Media Manager(EMM) server, or media server. When NetBackup is installed on FileStore, it actsas a NetBackup client to perform IP-based backups of FileStore file systems.

Note:A new public IP address, not an IP address that is currently used, is requiredfor configuring the NetBackup client. Use the Backup> virtual-ip and Backup>

virtual-name commands to configure the NetBackup client.

469Configuring backupConfiguring backups using NetBackup or other third-party backup applications

Configuring backupConfiguring backups using NetBackup or other third-party backup applications

470

Configuring SymantecFileStore Dynamic StorageTiering


■ About FileStore Dynamic Storage Tiering (DST)

■ How FileStore uses Dynamic Storage Tiering

■ About policies

■ Adding or removing a column from a secondary tier of a file system

■ About adding tiers to file systems

■ Adding tiers to a file system

■ Removing a tier from a file system

■ About configuring a mirror on the tier of a file system

■ Configuring a mirror to a tier of a file system

■ Listing all of the files on the specified tier

■ Displaying a list of Dynamic Storage Tiering file systems

■ Displaying the tier location of a specified file

■ About configuring the policy of each tiered file system

■ Configuring the policy of each tiered file system

■ Relocating a file or directory of a tiered file system

14Chapter

■ About configuring schedules for all tiered file systems

■ Configuring schedules for all tiered file systems

■ Displaying the files that are moved or pruned by running a policy

■ Allowing metadata information on the file system to be written on thesecondary tier

■ Restricting metadata information to the primary tier only

About FileStore Dynamic Storage Tiering (DST)The FileStore Dynamic Storage Tiering (DST) feature makes it possible to allocatetwo tiers of storage to a file system.

The following features are part of the FileStore Dynamic Storage Tiering solution:

■ Relocate files between primary and secondary tiers automatically as files ageand become less business critical.

■ Prune files on secondary tiers automatically as files age and are no longerneeded.

■ Promote files from a secondary storage tier to a primary storage tier based onI/O temperature.

■ Retain original file access paths to eliminate operational disruption, forapplications, backup procedures, and other custom scripts.

■ Let you manually move folders, files and other data between storage tiers.

■ Enforce the policies that automatically scan the file system and relocate filesthat match the appropriate tiering policy.

In FileStore, there are two predefined tiers for storage:

■ Current active tier 1 (primary) storage.

■ Tier 2 (secondary) storage for aged or older data.

To configure FileStore DST, add tier 2 (secondary) storage to the configuration.Specify where the archival storage resides (storage pool) and the total size.

Files can be moved from the active storage after they have aged for a specifiednumber of days, depending on the policy selected. The number of days for filesto age (not accessed) before relocation can be changed at any time.

Note: An aged file is a file that exists without being accessed.

Configuring Symantec FileStore Dynamic Storage TieringAbout FileStore Dynamic Storage Tiering (DST)

472

Figure 14-1 depicts the features of FileStore and how it maintains applicationtransparency.

Figure 14-1 Dynamic Storage Tiering features

/one-file-system

/sales /sales/financial /sales/development

/current /forecast /current /forecast/current /forecast/2007 /2008 /current /forecast/current /forecast/new /history

storage

Primary Tier Secondary Tier

mirrored

RAID5

If you are familiar with Veritas Volume Manager (VxVM), every FileStore filesystem is a multi-volume file system (one file system resides on two volumes).The DST tiers are predefined to simplify the interface. When an administratorwants to add storage tiering, a second volume is added to the volume set, and theexisting file system is encapsulated around all of the volumes in the file system.

This chapter discusses the FileStore storage commands. You use these commandsto configure tiers on your file systems. The Storage commands are defined inTable 14-1.

473Configuring Symantec FileStore Dynamic Storage TieringAbout FileStore Dynamic Storage Tiering (DST)

You log into the administrative console (for master, system-admin, orstorage-admin) and enter Storage> mode to access the commands.



DefinitionCommand

Adds the different types of storage tier to the file system.

See “About adding tiers to file systems” on page 477.

tier add

Removes a tier from a file system.

See “Removing a tier from a file system” on page 480.

tier remove

Adds a mirror to a tier of a file system.

See “About configuring a mirror on the tier of a file system”on page 480.

tier addmirror

Removes a mirror from a tier of a file system.

See “About configuring a mirror on the tier of a file system”on page 480.

tier rmmirror

Lets you add a column to a secondary tier.

See “Adding or removing a column from a secondary tier of a filesystem” on page 476.

tier addcolumn

Lets you remove a column from a secondary tier of a file system.

See “Adding or removing a column from a secondary tier of a filesystem” on page 476.

tier rmcolumn

Lists all of the files on the specified tier.

See “Listing all of the files on the specified tier” on page 482.

tier listfiles

Displays the tier location of a specified file.

See “Displaying the tier location of a specified file” on page 484.

tier mapfile

Configures the policy of each tiered file system.

See “About configuring the policy of each tiered file system”on page 484.

tier policy

Relocates a file or directory.

See “Relocating a file or directory of a tiered file system” on page 490.

tier relocate

Configuring Symantec FileStore Dynamic Storage TieringAbout FileStore Dynamic Storage Tiering (DST)

474


DefinitionCommand

Creates the schedules for all tiered file systems.

See “About configuring schedules for all tiered file systems”on page 490.

tier schedule

Displays a list of files that are moved or pruned by running a policy.

See “Displaying the files that are moved or pruned by running a policy”on page 493.

tier query

Allows the metadata information on the file system to be written onthe secondary tier.

See “Allowing metadata information on the file system to be writtenon the secondary tier” on page 494.

tier allowmetadatayes

Restricts the metadata information to the primary tier only.

See “Restricting metadata information to the primary tier only”on page 495.

tier allowmetadatano

How FileStore uses Dynamic Storage TieringFileStore provides two types of tiers:

■ Primary tier

■ Secondary tier

Each newly created file system has only one primary tier initially. This tier cannotbe removed.

For example, the following operations are applied to the primary tier:

Storage> fs addmirror

Storage> fs growto

Storage> fs shrinkto

The Storage> tier commands manage file system DST tiers.

AllStorage> tier commands take a file system name as an argument and performoperations on the combined construct of that file system.

The FileStore file system default is to have a single storage tier. An additionalstorage tier can be added to enable storage tiering. A file system can only supporta maximum of two storage tiers.

475Configuring Symantec FileStore Dynamic Storage TieringHow FileStore uses Dynamic Storage Tiering

Storage> tier commands can be used to perform the following:

■ Adding/removing/modifying the secondary tier

■ Setting policies

■ Scheduling policies

■ Locating tier locations of files

■ Listing the files that are located on the primary or the secondary tier

■ Moving files from the secondary tier to the primary tier

■ Allowing metadata information on the file system to be written on thesecondary tier

■ Restricting metadata information to the primary tier only

About policiesEach tier can be assigned a policy.

The policies include:

■ Specify on which tier (primary or secondary) the new files get created.

■ Relocate files from the primary tier to the secondary tier based on any numberof days of inactivity of a file.

■ Relocate files from the secondary tier to the primary tier based on the AccessTemperature of the file.

■ Prune files on the secondary tier based on any number of days of inactivity ofa file.

Adding or removing a column from a secondary tierof a file system

You can add a column to a secondary tier of a file system.

Configuring Symantec FileStore Dynamic Storage TieringAbout policies

476

To add a column to a secondary tier of a file system

◆ To add a column to a secondary tier of a file system, enter the following:

Storage> tier addcolumn fs_name ncolumns pool_or_disk_name

Specifies the file system for which you want to add a columnto a secondary tier of the file system.

fs_name

Specifies the number of columns that you want to add tothe secondary tier of the file system.

Note: In the case of striped file systems, the number of disksthat are specified should be equal to the number of columns(ncolumns).

Note: In the case of mirrored-striped and striped-mirroredfile systems, the disks that are specified should be equal to(ncolumns * number_of_mirrors_in_fs).

ncolumn

Specifies the pool or the disk name for the tiered file system.pool_or_disk_name

For example, to add two columns to the secondary tier of file system fs1, enterthe following:

Storage> tier addcolumn fs1 2 pool3

To remove a column from a secondary tier of a file system

◆ To remove a column from a secondary tier of a file system, enter the following:

Storage> tier rmcolumn fs_name

where fs_name is the name of the tiered file system, the secondary tier ofwhich you want to remove the column from.

For example:

Storage> tier rmcolumn fs1

About adding tiers to file systemsYou can add different types of tiers to file systems.

477Configuring Symantec FileStore Dynamic Storage TieringAbout adding tiers to file systems

Table 14-2 Tier add commands

DefinitionCommand

Adds a second tier to a file system. The storage type of the second tieris independent of the protection level of the first tier.

See “Adding tiers to a file system” on page 478.

tier add simple

Adds a mirrored second tier to a file system.


tier add mirrored

Adds a striped second tier to a file system.


tier add striped

Adds a mirrored-striped second tier to a file system.


tier addmirrored-stripe

Adds a striped-mirror second tier to a file system.


tier addstriped-mirror

Adding tiers to a file systemTo add a second tier to a file system

◆ To add a tier to a file system where the volume layout is "simple"(concatenated), enter the following:

Storage> tier add simple fs_name size pool1[,disk1,...]

To add a mirrored tier to a file system

◆ To add a mirrored tier to a file system, enter the following:

Storage> tier add mirrored fs_name size nmirrors

pool1[,disk1,...] [protection=disk|pool]

For example:

Storage> tier add mirrored fs1 100M 2 pool3,pool4

100% [#] Creating mirrored secondary tier of filesystem

Configuring Symantec FileStore Dynamic Storage TieringAdding tiers to a file system

478

To add a striped tier to a file system

◆ To add a striped tier to a file system, enter the following:

Storage> tier add striped fs_name size ncolumns

pool1[,disk1,...] [stripeunit=kilobytes]

To add a mirrored-striped tier to a file system

◆ To add a mirrored-striped tier to a file system, enter the following:

Storage> tier add mirrored-stripe fs_name size nmirrors ncolumns

pool1[,disk1,...] [protection=disk|pool] [stripeunit=kilobytes]

To add a striped-mirror tier to a file system

◆ To add a striped-mirror tier to a file system, enter the following:

Storage> tier add striped-mirror fs_name size nmirrors ncolumns

pool1[,disk1,...] [protection=disk|pool] [stripeunit=kilobytes]

Specifies the name of the file system to which the mirrored tieris added. If the specified file system does not exist, an errormessage is displayed.

fs_name

Specifies the size of the tier to be added to the file system (forexample, 10m, 10M, 25g, 100G).

size

Specifies the numbers of columns to add to the striped tiered filesystem.

ncolumns

Specifies the number of mirrors to be added to the tier for thespecified file system.

nmirrors

Specifies the pool(s) or disk(s) that is used for the specified tieredfile system. If the specified pool or disk does not exist, an errormessage is displayed. You can specify more than one pool or diskby separating the pool or the disk name with a comma, but donot include a space between the comma and the name.


pool1[,disk1,...]

479Configuring Symantec FileStore Dynamic Storage TieringAdding tiers to a file system

If no protection level is specified, disk is the default protectionlevel.

The protection level of the second tier is independent of theprotection level of the first tier.


■ disk - If disk is entered for the protection field, then mirrorsare created on separate disks. The disks may or may not bein the same pool.

■ pool - Ifpool is entered for the protection field, then mirrorsare created in separate pools. If not enough space is available,then the file system is not created.

protection

Specifies a stripe width of either 128K, 256k, 512K, 1M, or 2M.The default stripe width is 512K.

stripeunit=kilobytes

Removing a tier from a file systemThe Storage> tier remove command removes a tier from the file system andreleases the storage that is used by the file system back to the storage pool. Thiscommand requires that the file system be online, and that no data resides on thesecondary tier.

If the storage tier to be removed contains any data residing on it, then the tiercannot be removed from the file system.

To remove a tier from a file system

◆ To remove a tier from a file system, enter the following:

Storage> tier remove fs_name

where fs_name specifies the name of the tiered file system that you want toremove.

For example:

Storage> tier remove fs1

About configuring amirror on the tier of a file systemThese commands add or remove mirrors to the tier of the file system.

Configuring Symantec FileStore Dynamic Storage TieringRemoving a tier from a file system

480

Table 14-3 Tier mirror commands

DefinitionCommand

Adds a mirror to a tier of a file system.

See “Configuring a mirror to a tier of a file system” on page 481.

tier addmirror

Removes a mirror from a tier of a file system.

Note: For a striped-mirror file system, if any of the disks are bad, thiscommand disables the mirrors from the tiered file system for whichthe disks have failed. If no disks have failed, FileStore chooses a mirrorto remove from the tiered file system.

See “Configuring a mirror to a tier of a file system” on page 481.

tier rmmirror

Configuring a mirror to a tier of a file systemTo add a mirror to a tier of a file system

◆ To add a mirror to a tier of a file system, enter the following:

Storage> tier addmirror fs_name pool1[,disk1,...]


Specifies the file system to which a mirror is added. If thespecified file system does not exist, an error message is displayed.

fs_name

Specifies the pool(s) or disk(s) that are used as a mirror for thespecified tiered file system. You can specify more than one poolor disk by separating the name with a comma. But do not includea space between the comma and the name.


pool1[,disk1,...]

If no protection level is specified, disk is the default protectionlevel.


■ disk - If disk is entered for the protection field, then mirrorsare created on separate disks. The disks may or may not bein the same pool.

■ pool - Ifpool is entered for the protection field, then mirrorsare created in separate pools. If not enough space is available,then the file system is not created.

protection

For example:

481Configuring Symantec FileStore Dynamic Storage TieringConfiguring a mirror to a tier of a file system

Storage> tier addmirror fs1 pool5

100% [#] Adding mirror to secondary tier of filesystem

To remove a mirror from a tier of a file system

◆ To remove a mirror from a tier of a file system, enter the following:

Storage> tier rmmirror fs_name

where fs_name specifies the name of the tiered file system from which youwant to remove a mirror.

For example:

Storage> tier rmmirror fs1

This command provides another level of detail for the remove mirroroperation. You can use the command to specify which mirror you want toremove by specifying the pool name or disk name.

The disk must be part of a specified pool.

To remove a mirror from a tier spanning a specified pool or disk

◆ To remove a mirror from a tier that spans a specified pool or disk, enter thefollowing:

Storage> tier rmmirror fs_name [pool_or_disk_name]

Specifies the name of the file system from which to remove amirror. If the specified file system does not exist, an errormessage is displayed.

fs_name

Specifies the pool or disk from which the mirror of the tiered filesystem spans.

pool_or disk_name

The syntax for the Storage> tier rmmirror command is the same for bothpool and disk. If you try to remove a mirror using Storage> fs rmmirror

fs1 abc, FileStore first checks for the pool with the name abc, then FileStoreremoves the mirror spanning on that pool. If there is no pool with the nameabc, then FileStore removes the mirror that is on the abc disk. If there is nodisk with the name abc, then an error message is displayed.

Listing all of the files on the specified tierYou can list all of the files that reside on either the primary tier or the secondarytier.

Configuring Symantec FileStore Dynamic Storage TieringListing all of the files on the specified tier

482

Note: If the tier contains a large number of files, it may take some time before theoutput of this command is displayed.

To list all of the files on the specified tier

◆ To list all of the files on the specified tier, enter the following:

Storage> tier listfiles fs_name {primary|secondary}

where fs_name indicates the name of the tiered file system from which youwant to list the files. You can specify to list files from either the primary orthe secondary tier.

For example:

Storage> tier listfiles fs1 secondary

Displaying a list of Dynamic Storage Tiering filesystems

You can display a list of Dynamic Storage Tiering file systems using the Storage>fs list command.

See “Listing all file systems and associated information” on page 222.

483Configuring Symantec FileStore Dynamic Storage TieringDisplaying a list of Dynamic Storage Tiering file systems

Displaying the tier location of a specified fileTo display the tier location of a specified file

◆ To display the tier location of a specified file, enter the following:

Storage> tier mapfile fs_name file_path

Specifies the name of the file system for which the specified fileon the tiered file system resides. If the specified file system doesnot exist, an error message is displayed.

fs_name

Specifies the tier location of the specified file. The path of thefile is relative to the file system.

file_path

For example, to show the location of a.txt, which is in the root directory ofthe fs1 file system, enter the following:

tier mapfile fs1 /a.txt

Tier Extent Type File Offset Extent Size

==== =========== =========== ===========

Primary Data 0 Bytes 1.00 KB

About configuring the policy of each tiered file systemYou can configure the policy of each tiered file system.

Table 14-4 Tier policy commands

DefinitionCommand

Displays the policy for each tiered file system. You can have one policyfor each tiered file system.

See “Configuring the policy of each tiered file system” on page 486.

tier policy list

Modifies the policy of a tiered file system.

The new files are created on the primary tier. If a file has not beenaccessed for more than seven days, the files are moved from theprimary tier to the secondary tier. If the access temperature is morethan five for of the files in the secondary tier, these files are movedfrom the secondary tier to the primary tier. The access temperatureis calculated over a three-day period.


tier policy modify

Configuring Symantec FileStore Dynamic Storage TieringDisplaying the tier location of a specified file

484

Table 14-4 Tier policy commands (continued)

DefinitionCommand

Specifies the prune policy of a tiered file system.

Once files have aged on the secondary tier, the prune policy can beset up to delete those aged files automatically.

The sub-commands under this command are:

■ tier policy prune list

■ tier policy prune modify

■ tier policy prune remove


tier policy prune

Runs the policy of a tiered file system.


tier policy run

Removes the policy of a tiered file system.


tier policy remove

485Configuring Symantec FileStore Dynamic Storage TieringAbout configuring the policy of each tiered file system

Configuring the policy of each tiered file systemTo display the policy of each tiered file system

◆ To display the policy of each tiered file system, enter the following:

Storage> tier policy list

For example:

Storage> tier policy list

FS Create on Days MinAccess Temp PERIOD

== ========= ==== ============== ======

fs1 primary 2 3 4

Each tier can be assigned a policy. A policy that is assigned to a file systemhas three parts:

Specifies on which tier the new files are created.file creation

Indicates when a file has to be moved from the primary tier tothe secondary tier. For example, if the days option of the tier isset to 10, and if a file has not been accessed for more than 10days, then it is moved from the primary tier of the file system tothe secondary tier.

inactive files

Measures the number of I/O requests to the file during the periodas designated by the period. In other words, it is the number ofread or write requests that are made to a file over a specifiednumber of 24-hour periods, divided by the number of periods. Ifthe access temperature of a file exceedsminacctemp (where theaccess temperature is calculated over a period of time previouslyspecified) then this file is moved from the secondary tier to theprimary tier.

accesstemperature

Configuring Symantec FileStore Dynamic Storage TieringConfiguring the policy of each tiered file system

486

To modify the policy of a tiered file system

◆ To modify the policy of a tiered file system, enter the following:

Storage> tier policy modify fs_name {primary|secondary} days

minacctemp period

The name of the tiered file system from which you want to modifya policy.

fs_name

Causes the new files to be created on the primary or the secondarytier. You need to input either primary or secondary.

tier

Number of days from which the inactive files move from theprimary to the secondary tier.

days

The minimum access temperature value for moving files fromthe secondary to the primary tier.

minacctemp

The number of past days used for calculating the accesstemperature.

period

For example:

Storage> tier policy modify fs1 primary 6 5 3

SFS fs SUCCESS V-288-0 Successfully modifies

tiering policy for File system fs1

To display the prune policy of a tiered file system

◆ To display the prune policy of a tiered file system, enter the following:

Storage> tier policy prune list

For example:

Storage> tier policy prune list

FS Delete After

=============== ============

fs1 200

fs2 disabled

By default, the prune policy status of a tiered file system is disabled. Thedelete_after indicates the number of days after which the files can bedeleted.

487Configuring Symantec FileStore Dynamic Storage TieringConfiguring the policy of each tiered file system

To modify the prune policy of a tiered file system

◆ To modify the prune policy of a tiered file system, enter the following:

Storage> tier policy prune modify fs_name delete_after

Name of the tiered file system from which you want to modifythe prune policy.

fs_name

Number of days after which the inactive files are deleted.delete_after

For example:

Storage> tier policy prune modify fs0 180

You have set the Prune policy to file system , system will automatically

delete the inactive files on secondary tier.

Do you want to continue with setting the Tier Prune policy? (y/n)

Y

SFS fs SUCCESS V-288-0 Successfully modified the Prune policy for File

system fs0

To remove the prune policy of a tiered file system

◆ To remove the prune policy of a tiered file system, enter the following:

Storage> tier policy prune remove fs_name

where fs_name is the name of the tiered file system from which you want toremove the prune policy.

For example:

Storage> tier policy prune remove fs1

SFS fs SUCCESS V-288-0 Successfully removed the Prune policy for

File system fs1

Configuring Symantec FileStore Dynamic Storage TieringConfiguring the policy of each tiered file system

488

To run the policy of a tiered file system

◆ To run the policy of a tiered file system, enter the following:

Storage> tier policy run fs_name

where fs_name indicates the name of the tiered file system for which youwant to run a policy.

For example:

Storage> tier policy run fs1

SFS fs INFO V-288-1221 The command may take some time to execute,

pressing CTRL + C, will abort the command.

SFS fs SUCCESS V-288-1275 Successfully ran tiering policy for File

system fs1

To remove the policy of a tiered file system

◆ To remove the policy of a tiered file system, enter the following:

Storage> tier policy remove fs_name

where fs_name indicates the name of the tiered file system from which youwant to remove a policy.

For example:

Storage> tier policy remove fs1

SFS fs SUCCESS V-288-0 Successfully removed

tiering policy for File system fs1

You can run the policy of a tiered file system, which would be similar toscheduling a job to run your policies, except in this case running the policyis initiated manually. The Storage> tier policy run command moves theolder files from the primary tier to the secondary tier, or prunes the inactivefiles on the secondary tier, according to the policy setting.

489Configuring Symantec FileStore Dynamic Storage TieringConfiguring the policy of each tiered file system

Relocating a file or directory of a tiered file systemTo relocate a file or directory

◆ To relocate a file or directory, enter the following:

Storage> tier relocate fs_name dirPath

The name of the tiered file system from which you want torelocate a file or directory. The relocation of the file or directoryis done from the secondary tier to the primary tier.

fs_name

Enter the relative path of the directory (dirPath) you want torelocate. Or enter the relative path of the file (FilePath) that youwant to relocate.

dirPath

Note: Relocation is not possible if the primary tier of the file system is full.No error message displays.

About configuring schedules for all tiered file systemsThetier schedule commands display, modify, and remove the tiered file systems.

Table 14-5 Tier schedule commands

DefinitionCommand

Modifies the schedule of a tiered file system.

See “Configuring schedules for all tiered file systems” on page 491.

tier schedulemodify

Displays the schedules for all tiered file systems.

You can have one schedule for each tiered file system.

You cannot create a schedule for a non-existent or a non-tiered filesystem.


tier schedule list

Removes the schedule of a tiered file system.


tier scheduleremove

Configuring Symantec FileStore Dynamic Storage TieringRelocating a file or directory of a tiered file system

490

Configuring schedules for all tiered file systemsTo modify the schedule of a tiered file system

491Configuring Symantec FileStore Dynamic Storage TieringConfiguring schedules for all tiered file systems

◆ To modify the schedule of a tiered file system, enter the following:

Storage> tier schedule modify fs_name minute hour

day_of_the_month month day_of_the_week

For example, enter the following:

Storage> tier schedule modify fs1 1 1 1 * * *

SFS fs SUCCESS V-288-0 Command 'tier schedule modify'

executed successfully for fs1

Note: If a previous schedule operation is still running, a new schedule is notcreated until the previous schedule operation is completed.

Specifies the file system where the schedule of the tieredfile system resides. If the specified file system does not exist,an error message is displayed.

fs_name

This parameter may contain either an asterisk, (*), whichimplies "every minute," or a numeric value between 0-59.

You can enter */(0-59), a range such as 23-43, or only the *.

minute

This parameter may contain either an asterisk, (*), whichimplies "run every hour," or a number value between 0-23.


hour

This parameter may contain either an asterisk, (*), whichimplies "run every day of the month," or a number valuebetween 1-31.


day_of_the_month

This parameter may contain either an asterisk, (*), whichimplies "run every month," or a number value between 1-12.

You can enter */(1-12), a range such as 1-5, or only the *.You can also enter the first three letters of any month (mustuse lowercase letters).

month

This parameter may contain either an asterisk (*), whichimplies "run every day of the week," or a numeric valuebetween 0-6. The number 0 is interpreted as Sunday. Youcan also enter the first three letters of the week (must uselowercase letters).

day_of_the_week

Configuring Symantec FileStore Dynamic Storage TieringConfiguring schedules for all tiered file systems

492

To display schedules for all tiered file systems

◆ To display schedules for all tiered file systems, enter the following:

Storage> tier schedule list [fs_name]

where fs_name indicates the name of the tiered file system for which youwant to run a policy.

For example:

Storage> tier schedule list

FS Minute Hour Day Month WeekDay

=== ====== ==== === ===== =======

fs1 1 1 1 * *

To remove the schedule of a tiered file system

◆ To remove the schedule of a tiered file system, enter the following:

Storage> tier schedule remove fs_name

where fs_name is the name of the tiered file system from which you want toremove a schedule.

For example:

Storage> tier schedule remove fs1

SFS fs SUCCESS V-288-0 Command tier schedule remove

executed successfully for fs1

Displaying the files that are moved or pruned byrunning a policy

You can display the list of files that are moved or pruned by running a policy. Thisfeature is very useful as a "what if" type of analysis. The command does notphysically move any file blocks.

493Configuring Symantec FileStore Dynamic Storage TieringDisplaying the files that are moved or pruned by running a policy

To display a list of files that are moved or pruned by running a policy

◆ To display a list of files that are moved or pruned by running a policy, enterthe following:

Storage> tier query fs_name

where fs_name is the name of the tiered file system for which you want todisplay a list of files that moved or pruned by running a policy.

For example:

Storage> tier query fs1

Are you sure, this command may take a long time to execute and

extensively use the system resources, enter yes/no

Continuing with the command, you can press CTRL+C to abort

the command

Yes

/a.txt

/b.txt

/c.txt

/d.txt

Allowing metadata information on the file system tobe written on the secondary tier

The Storage> tier allowmetadata yes command allows the metadatainformation on the specified file system to be written on the secondary tier aswell. By default, the secondary tier is not configured for storing metadatainformation on the file system. Tiers configured with this option show metaOK inthe column SECONDARY TIER of the Storage> fs list command output.

Configuring Symantec FileStore Dynamic Storage TieringAllowing metadata information on the file system to be written on the secondary tier

494

To allow metadata information on the file system to be written on the secondarytier

◆ To allow metadata information on the file system to be written on thesecondary tier, enter the following:

Storage> tier allowmetadata yes fs_name

where fs_name is the name of the file system where metadata informationcan be written on the secondary tier.

For example:

Storage> tier allowmetadata yes fs1

SFS fs SUCCESS V-288-0 Configured the secondary tier for storing

metadata information.

Restrictingmetadata information to the primary tieronly

The Storage> tier allowmetadata no command restricts the metadatainformation to the primary tier only. If the primary tier gets full, the writeoperations to the secondary tier are not served as the metadata updates. They arerestricted to the primary tier only.

To restrict metadata information to the primary tier only

◆ To restrict metadata information to the primary tier only, enter the following:

Storage> tier allowmetadata no fs_name

where fs_name is the name of the file system where the metadata informationis restricted to the primary tier only.

For example:

Storage> tier allowmetadata no fs1

SFS fs SUCCESS V-288-0 Configured the secondary tier for storing

no metadata information.

495Configuring Symantec FileStore Dynamic Storage TieringRestricting metadata information to the primary tier only

Configuring Symantec FileStore Dynamic Storage TieringRestricting metadata information to the primary tier only

496

Configuring systeminformation


■ About system commands

■ About setting the clock commands

■ Setting the clock commands

■ About configuring the locally saved configuration files

■ Configuring the locally saved configuration files

■ Using the more command

■ About coordinating cluster nodes to work with NTP servers

■ Coordinating cluster nodes to work with NTP servers

■ Displaying the system statistics

■ Displaying file system I/O statistics

■ Using the swap command

■ About the VMware Virtual Center plug-in

■ Using the vplugin commands

■ About the option commands

■ Using the option commands

■ Modifying and displaying the volpagemod_max_memsz parameter of vxtune

15Chapter

About system commandsThe system commands set or show the date and time of the system, and start,stop, or check the status of the NTP server. The system command class also letsyou display cluster-wide performance statistics, swap network interfaces, andenable or disable the more filter on output of the administrative console. It alsocontains option command displays and configures the tunable parameters. Thesystem commands are listed in Table 15-1.

To access the commands, log into the administrative console (for master,system-admin, or storage-admin) and enter the System> mode.


Table 15-1 System mode commands

DefinitionCommand

Sets or shows the date and time of the system, including setting timezones and displaying the list of regions.

See “About setting the clock commands” on page 499.

clock

Imports or exports the FileStore configuration settings.

See “About configuring the locally saved configuration files”on page 502.

config

Enables, disables, or checks the status of the more filter.

See “Using the more command” on page 507.

more

Sets the Network Time Protocol (NTP) server on all of the nodes inthe cluster.

See “About coordinating cluster nodes to work with NTP servers”on page 508.

ntp

Displays the system, Dynamic Multi-Pathing (DMP), andprocess-related node-wide statistics.

See “Displaying the system statistics” on page 511.

stat

Swaps two network interfaces in a cluster.

See “Using the swap command” on page 512.

swap

Lets you register, unregister, and check the registration status of thespecified FileStore cluster with a VMware Virtual Center Server.

See “Using the vplugin commands” on page 516.

vplugin

Configuring system informationAbout system commands

498

Table 15-1 System mode commands (continued)

DefinitionCommand

Adjusts a variety of tunable variables that affect the cluster-wideFileStore settings.

See “Using the option commands” on page 521.

See “Modifying and displaying the volpagemod_max_memsz parameterof vxtune” on page 526.

option

About setting the clock commandsThese commands set or show the date and time of the system, including settingtime zones and displaying the list of regions.

Warning: Changing the system clock may cause timing conflicts for scheduledoperations such as replication, Dynamic Storage Tiering (DST), and snapshot. Usecaution when making a change.

Table 15-2 Clock commands

DefinitionCommand

Displays the current system date and time.

See “Setting the clock commands” on page 500.

clock show

Sets the system date and time.


clock set

Sets the time zone for the system.

Note: This command only accepts the name of a city or GMT(Greenwich Mean Time).


clock timezone

Sets the region for the system.


clock regions

499Configuring system informationAbout setting the clock commands

Setting the clock commandsTo display the current date and time of the system

◆ To display the current system date and time, enter the following:

System> clock show

For example:

System> clock show

Fri Feb 20 12:16:30 PST 2009

To set the system date and time

◆ To set the system date and time, enter the following:

System> clock set time day month year

HH:MM:SS using a 24-hour clock

Pacific Daylight Time (PDT) is the time zone used for the system.Greenwich Mean Time (GMT) is the time zone used for the BIOS.

time

1..31day

January, February, March, April, May, June, July, August,September, October, November, December

month

YYYYyear

For example:

System> clock set 12:00:00 17 July 2009

.Done.

Fri Jul 17 12:00:00 PDT 2009

SFS clock WARNING V-288-0 Changing cluster time is dangerous and

may affect replication, DST, snapshot and other functionalities.

Configuring system informationSetting the clock commands

500

To set the time zone and region for the system

1 To set the time zone for the system, enter the following:

System> clock timezone timezone

2 To reset the time zone on your system, enter the following:

System> clock timezone region

The system resets to the time zone for that specific region.

For example:

System> clock show

Thu Apr 3 09:40:26 PDT 2008

System> clock timezone GMT

Setting time zone to: GMT

..Done.

Thu Apr 3 16:40:37 GMT 2008

System> clock show

Thu Apr 3 16:40:47 GMT 2008

System> clock timezone Los_Angeles

Setting time zone to: Los_Angeles

..Done.

Thu Apr 3 09:41:06 PDT 2008

System> clock show

Thu Apr 3 09:41:13 PDT 2008

To display the region for the system

◆ To display the region for the system, enter the following:

System> clock regions [region]

501Configuring system informationSetting the clock commands

Specifies the region for the system.

Valid values include:

■ Africa

■ America

■ Asia

■ Australia

■ Canada

■ Europe

■ GMT-offset - (for example, GMT, GMT +1, GMT +2)

■ Pacific

■ US

region

For example:

System> clock regions US

The software responds with the areas included in the US region.

System> clock regions US

Alaska

Aleutian

Arizona

Central

East-Indiana

Eastern

Hawaii

Indiana-Starke

Michigan

Mountain

Pacific

Samoa

About configuring the locally saved configuration filesYou can use the FileStore import and export features to save and restoreconfiguration information. Saving configuration information is useful when youare upgrade FileStore software and you want to backup and restore yourconfiguration settings.

You can export the configuration settings and save them in a local file, or you canexport configuration settings and save them to a remote machine as specified by

Configuring system informationAbout configuring the locally saved configuration files

502

a URL. You can import configuration settings from a local file, or you can importconfiguration settings from a remote machine as specified by a URL.

Table 15-3 Configuration commands

DefinitionCommand

Views the locally saved configuration files.

See “Configuring the locally saved configuration files” on page 505.

config list

Exports the configuration settings locally.


config export local

Exports the configuration settings remotely.


config exportremote

Imports the configuration settings locally.

Warning: Running the system> config import commandoverwrites all of your existing configuration settings except clustername.


config import local

Imports the configuration settings remotely.

Warning: Running the system> config import commandoverwrites all of your existing configuration settings except clustername.


config importremote

Deletes the locally saved configuration file.


config delete

When you use the System> config import local or System> config import

remote commands to import a locally saved configuration, you can import allconfiguration information in the file, or you can use the config_type option tocontrol what type of configuration information is imported. See Table 15-4 for alist of configuration types you can import.

Table 15-4 Import configuration types

DescriptionConfiguration type(config_type)

Imports the DNS, LDAP, NIS, nsswitch settings (does not includeIP).

network

503Configuring system informationAbout configuring the locally saved configuration files

Table 15-4 Import configuration types (continued)

DescriptionConfiguration type(config_type)

Imports a list of users and passwords. This list includes CIFS localusers and groups.

admin

Imports all configuration information.all

Imports report settings.report

Imports the NTP settings.system

Imports public IP addresses, virtual IP addresses, and console IPaddresses. Be careful before using this import option. The networkconnection to the console server is lost after a configuration fileis imported. You need to reconnect to the console server.

cluster-specific

Imports all configuration information except for cluster-specificinformation.

all_except_cluster_specific

Imports the NFS settings.nfs

Imports the CIFS settings.

Note: To import cifs local users and groups you have to importthe admin the module also.

cifs

Imports the FTP setting.ftp

Imports the HTTP settings.http

Imports the NBU client and NDMP configuration (excluding thevirtual-name and the virtual-ip).

backup

Imports the replication settings.replication

Imports the dynamic storage tiering (DST) information andautomated snapshot schedules.

storage_schedules

Imports the antivirus settings.antivirus

Imports the default quota values and the quota status informationfor file systems.

storage_quota

Configuring system informationAbout configuring the locally saved configuration files

504

Configuring the locally saved configuration filesTo list configuration settings

◆ To view locally saved configuration files, enter the following:

System> config list

To export configuration settings either locally or remotely

◆ To export configuration settings locally, enter the following:

System> config export local file_name

For example:

System> config export local 2007_July_20

To export configuration settings remotely, enter the following:

System> config export remote URL

For example:

System> config export remote

ftp://[email protected]/configs/config1.tar.gz

Password: *******

Specifies the saved configuration file.file_name

Specifies the URL of the export file (supported protocols are FTPand SCP).

URL

505Configuring system informationConfiguring the locally saved configuration files

To import configuration settings locally

◆ To import configuration settings locally, enter the following:

System> config import local file_name [config_type]

{network|admin|all|report|system|cluster_specific|

all_except_cluster_specific|nfs|cifs|ftp|http|backup|replication|

storage_schedules|antivirus|storage_quota}

Specifies the name of the configuration file to be imported savedin a local file.

file_name

Specifies the type of configuration to import.

This parameter is optional.

If config_type is left blank, config_type defaults to all.


config_type

For example:

System> config import local 2007_July_20 network

Backup of current configuration was saved as 200907150515

network configuration was imported

Configuration files are replicated to all the nodes

where 200907150515 is the date (20090715 = July 15, 2009) and the time (0515= hour 5 and 15 minutes).

Configuring system informationConfiguring the locally saved configuration files

506

To import configuration settings remotely

◆ To import configuration settings remotely, enter the following:

System> config import remote URL [config_type]

{network|admin|all|report|system|cluster_specific|

all_except_cluster_specific|nfs|cifs|ftp|http|backup|replication|

storage_schedules|antivirus|storage_quota}

Specifies the saved configuration file.file_name

Specifies the saved configuration at a remote machine as specifiedby a URL.

URL

Specifies the type of configuration to import.

This parameter is optional.

If config_type is left blank, config_type defaults to all.


config_type

For example:

System> config import remote ftp://[email protected]/home/user1/

2008_July_20.tar.gz report

Password: *******

To delete the locally saved configuration file

◆ To delete the locally saved configuration file, enter the following:

System> config delete file_name

file_name specifies the locally saved configuration file for which to delete.

Using the more commandThe System> more command enables, disables, or checks the status of the more

filter. The default setting is enable, which lets you page through the text onescreen at a time.

507Configuring system informationUsing the more command

To modify and view the more filter setting

◆ To modify and view the more filter setting, enter the following:

System> more enable|disable|status

Enables the more filter on all of the nodes in the cluster.enable

Disables the more filter on all of the nodes in the cluster.disable

Displays the status of the more filter.status

For example:

System> more status

Status : Enabled

System> more disable

SFS more Success V-288-748 more deactivated on console

System> more enable

SFS more Success V-288-751 more activated on console

About coordinating cluster nodes to work with NTPservers

You can set the Network Time Protocol (NTP) server on all of the nodes in thecluster.

Table 15-5 NTP commands

DefinitionCommand

Sets the NTP server on all of the nodes in the cluster.

See “Coordinating cluster nodes to work with NTP servers” on page 509.

ntp servername

Displays the NTP status and server name.


ntp show

Enables the NTP server on all of the nodes in the cluster.


ntp enable

Disables the NTP server on all of the nodes in the cluster.


ntp disable

Configuring system informationAbout coordinating cluster nodes to work with NTP servers

508

Table 15-5 NTP commands (continued)

DefinitionCommand

Synchronizes the date on the NTP server across all of the nodes in thecluster.


ntp sync

Coordinating cluster nodes to work with NTP serversTo set the NTP server on all of the nodes in the cluster

◆ To set the NTP server on all of the nodes in the cluster, enter the following:

System> ntp servername server-name

where server-name specifies the name of the server or IP address you wantto set.

For example:

System> ntp servername ntp.symantec.com

Setting NTP server = ntp.symantec.com

..Done.

Use 127.127.1.0 as the IP address for selecting the local clock as the timesource for the NTP server.

To display the status of the NTP server

◆ To display NTP status and server name, enter the following:

System> ntp show

Example output:

System> ntp show

Status: Enabled

Server Name: ntp.symantec.com

509Configuring system informationCoordinating cluster nodes to work with NTP servers

To enable the NTP server

◆ To enable the NTP server on all of the nodes in the cluster, enter the following:

System> ntp enable

For example:

System> ntp enable

Enabling ntp server: ntp.symantec.com ..Done.

To disable the NTP server

◆ To disable the NTP server on all of the nodes in the cluster, enter the following:

System> ntp disable

For example:

System> ntp disable

Disabling ntp server:..Done.

System> ntp show

Status : Disabled

Server Name: ntp.symantec.com

To synchronize the date on the NTP server on all of the nodes in the cluster

◆ To synchronize the date on the NTP server on all of the nodes in the cluster,enter the following:

System> ntp sync

You must have enabled the NTP server before using the System> ntp sync

command. If the status of the NTP server is Partially Enabled or Disabled,you receive the following error message:

Please enable ntp in all nodes before sync the date

For example:

System> ntp sync

Date is synchronized with NTP server.

Configuring system informationCoordinating cluster nodes to work with NTP servers

510

Displaying the system statisticsThe System> stat command displays the system, Dynamic Multipathing (DMP),and process-related node-wide statistics. The load in the displayed output is theload from the last 1, 5, and 15 minutes.

To display the system statistics

◆ To display cluster wide or node-wide statistics, enter the following:

System> stat sys|dmp|all|cluster [node]

Displays the system-related statistics.sys

Displays the DMP-related statistics.dmp

Displays the aggregate of the I/O and network performancesfrom each node and averages out the number of nodes in thecluster to show the statistics at the cluster level. The variablenode does not apply to this option.

cluster

Displays the system and DMP-related statistics of one node at atime in the cluster or all of the nodes in the cluster.

all

The name of the node in the cluster.node

To view the cluster-wide network and I/O throughput, enter the following:

System> stat cluster

Gathering statistics...

Cluster wide statistics::::

=======================================

IO throughput :: 0

Network throughput :: 1.205

511Configuring system informationDisplaying the system statistics

Displaying file system I/O statisticsTo display file system I/O statistics

◆ To display file system I/O statistics, enter the following:

System> stat fsio [fsname]

where fsname is the name of the file system for which you want to displaythe file system I/O statistics.

System> stat fsio testfs1

OPERATIONS BLOCKS AVG TIME(ms)

NAME READ WRITE READ WRITE READ WRITE

---- ------- ------ ----- -------------------

Node: sfs1_0

==============

testfs1_tier1 532 206 2336 7486 1.17 9.98

testfs1_tier2 1 1 2 16 4.00 8.00

Node: sfs1_1

==============

testfs1_tier1 369 168 1970 3218 2.12 7.67

testfs1_tier2 1 0 2 0 0.00 0.00

Using the swap commandThe System> swap command can be used for swapping two network interfaces ofa node in a cluster. This command helps set up the cluster properly in cases wherethe first node of a cluster cannot be pinged.

Figure 15-1 describes a scenario whereby using the System> swap command, youcan use the more powerful 10G network interfaces to carry the public networkload.

Configuring system informationDisplaying file system I/O statistics

512

Figure 15-1 Scenario for using System> swap for network interfaces

A System Administrator can use the System> swap command in the followingways:

■ In a multi-node cluster: System> swap allows swapping of public interfacesonly. This is normally done to have the same interface sequencing on all nodesin the cluster.

■ In a single-node cluster: System> swap can be done for both public and privateinterfaces. Swapping of one private and one public interface is also possible.

If input to the System> swap command contains one public and one privateinterface, and there are two separate switches for the private and the publicnetwork, then before you run the System> swap command, the SystemAdministrator has to exchange cable connections between these interfaces.

Running the System> swap command requires stopping the given interfaces,which causes the following:

■ After you run the System> swap command, all SSH connection(s) hosted onthe input interfaces terminate.

■ If a public interface is involved when issuing the System> swap command, allVirtual IP addresses (VIPs) hosted on that interface are brought down first,and are brought back up after System> swap is complete.

■ If the System> swap command is run remotely, due to SSH connectiontermination, its end status may not be visible to the end user. You can checkthe status of the System> swap command under history, by reconnecting tothe cluster.

Note: FileStore recommends not to use the System> swap command when activeI/O load is present on the cluster.

513Configuring system informationUsing the swap command

To use the swap command

◆ To use the System> swap command, enter the following:

System> swap interface1 interface2 [nodename]

Indicates the name of the first network interface.interface1

Indicates the name of the second network interface.interface2

Indicates the name of the node. If nodename is not provided, theSystem> swap command is executed on the current node in thecluster.

nodename

For example, to swap two network interfaces:

System> swap pubeth0 priveth0 sfs_01

All ssh connection(s) to swapped interfaces need to start again

after this command.

Do you want to continue [Enter "y/yes" to continue]...

Check status of this command in history.

About the VMware Virtual Center plug-inThe VMware Virtual Center (vCenter) plug-in is part of the VMware vSphereextension for FileStore feature.

See “About the VMware vSphere extension for FileStore” on page 530.

After registering your FileStore cluster using the System> vplugin commands,you can use the VMware Virtual Center plug-in to do the following:

■ Create virtual machine clones using Symantec FileSnap technologyA FileSnap is a space-optimized copy of a file in the same name space, storedin the same file system.

■ Add storage from a FileStore cluster to ESX servers

Use the FileStore System> vplugin commands to register, unregister, or checkthe registration status of your FileStore cluster with a VMware Virtual CenterServer.

The System> vplugin commands are listed in Table 15-6.

If the vCenter Server is not configured to use the default port number, you needto specify the port number using the [:port] option for all the System> vplugin

commands.

Configuring system informationAbout the VMware Virtual Center plug-in

514


Table 15-6 vplugin commands

DefinitionCommand

Allows you to register the specified FileStore cluster with a vCenterServer.


vplugin register

Allows you to unregister the specified FileStore cluster from a vCenterServer.


vplugin unregister

Checks the registration status of the specified FileStore cluster witha vCenter Server.


vplugin status

515Configuring system informationAbout the VMware Virtual Center plug-in

Using the vplugin commandsTo register a FileStore cluster with a vCenter Server

◆ To register a specified FileStore cluster with a vCenter Server, enter thefollowing:

System> vplugin register vcenter_server[:port] vcenter_login

Enter the IP address for the vCenter Server with which you wantto register.

If the vCenter Server is not configured to use the default portnumber, you need to specify the port number.

See “About the VMware Virtual Center plug-in” on page 514.

vcenter_server[:port]

Enter the vCenter Server login.

The vCenter Server administrator can choose the login name.

vcenter_login

For example, to register this FileStore cluster with a vCenter Server:

System> vplugin register 10.182.47.9 Administrator

Enter password for Administrator: *******

Cluster plug-in has been successfully registered. Restart

vSphere Client before continuing.

SFS vplugin SUCCESS V-288-2572 Plugin has been successfully

registered.

For example, to register this FileStore cluster with a vCenter Server with anon-default port number:

System> vplugin register 10.182.47.9:8443 Administrator


Cluster plug-in has been successfully registered. Restart

vSphere Client before continuing.


registered.

Configuring system informationUsing the vplugin commands

516

To unregister a FileStore cluster with a vCenter Server

◆ To unregister a specified FileStore cluster from a vCenter Server, enter thefollowing:

System> vplugin unregister vcenter_server[:port] vcenter_login

Enter the IP address for the vCenter Server with which you wantto unregister.






vcenter_login

Note: The VMware Virtual Center plug-in should be unregistered anytimethe FileStore cluster is uninstalled or upgraded to a newer version.

For example, to unregister this FileStore cluster with a vCenter Server:

System> vplugin unregister 10.182.47.9 Administrator


Cluster plug-in has been successfully unregistered from this

VMware vCenter Server.


unregistered.

517Configuring system informationUsing the vplugin commands

To check the registration status of a FileStore cluster with a vCenter Server

◆ To check the registration status of a specified FileStore cluster with a vCenterServer, enter the following:

System> vplugin status vcenter_server[:port] vcenter_login

Enter the IP address for the vCenter Server for which you wantto check the registration status.






vcenter_login

For example, to display the registration status of this FileStore cluster on avCenter Server:

System> vplugin status 10.182.47.9 Administrator


Cluster plug-in (version=2.0.0) found on this VMware

vCenter Server.

About the option commandsThe option commands were created to let you adjust a variety of tunable variablesthat affect the global FileStore settings. The tunable variables that can be changedor displayed are listed in Table 15-7.

Note: Only system administrators with advanced knowledge of DynamicMultipathing (DMP) I/O policies should use the DMP-related commands underthe System> option. For assistance, contact Symantec Technical Support.

Table 15-7 option commands

DefinitionCommand

Displays the number of Network File System (NFS) daemons for eachnode in the cluster.


option show nfsd

Configuring system informationAbout the option commands

518

Table 15-7 option commands (continued)

DefinitionCommand

Modifies the number of Network File System (NFS) daemons on all ofthe nodes in the cluster. The range for the number of daemons youcan modify is 1 to 512.

Warning: The option modify nfsd command overwrites theexisting configuration settings.


option modify nfsd

Displays the type of Dynamic Multipathing (DMP) I/O policycorresponding to enclosure, arrayname, and arraytype for each nodein a cluster.


option show dmpio

Modifies the Dynamic Multipathing (DMP) I/O policy, correspondingto the enclosure, arrayname, and arraytype.

Warning: Check the sequence before modifying the I/O policy. Thepolicies need to be applied in following sequence: arraytype,arrayname, and enclosure. The enclosure-based modification ofthe I/O policy overwrites the I/O policy that was set using thearrayname and thearraytype for that particular enclosure. In turn,the arrayname-based modification of the I/O policy overwrites theI/O policy that was set using the arraytype for that particulararrayname.


option modifydmpio

Resets the Dynamic Multipathing (DMP) I/O policy setting for thegiven input (enclosure, arrayname, and arraytype). Use thiscommand when you want to change the I/O policy from the previouslyset enclosure to arrayname. The settings hierarchy is enclosure,arrayname, and arraytype, so to modify the I/O policy to arraytype,you need to reset arrayname and enclosure.

Note: This command does not set the default I/O policy.


option reset dmpio

Displays the ninodes cache size in the cluster.


option showninodes

519Configuring system informationAbout the option commands


DefinitionCommand

Changes the cache size of the global inodes. If your system caches alarge number of metadata transactions, or if there is significant virtualmemory manager usage, tuning this parameter may improveperformance. The range for the inode cache size is from 10000 to2097151.

Warning: The option modify ninodes command requires acluster-wide restart.


option modifyninodes

Displays the global value of the write_throttle parameter.


option showtunefstab

Modifies the global write_throttle parameter for all the mounted filesystems.

The write_throttle parameter is useful in situations where acomputer system combines a large amount of memory and slow storagedevices. In this configuration, sync operations (such as fsync()) maytake so long to complete that a system appears to hang. This behavioroccurs because the file system created dirty buffers (in-memoryupdates) faster than they can be asynchronously flushed to diskwithout slowing system performance.

Lowering the value of write_throttle limits the number of dirty buffersper file that a file system generates before flushing the buffers to disk.When the number of dirty buffers reaches the write_throttle thresholdfor a file, the file system starts flushing buffers to disk even if freememory is available.

The default value of write_throttle is zero, which puts no limiton the number of dirty buffers per file.


option modifytunefstab

Displays the value of the dmptune attribute.


option showdmptune

Modifies the value for either the dmp_path_age or thedmp_health_time attributes.


option modifydmptune

Configuring system informationAbout the option commands

520


DefinitionCommand

Lets you display the maximum memory (measured in kilobytes) thatis allocated for cache object metadata.


option showvxtune

Lets you modify the maximum memory (measured in kilobytes) thatis allocated for cache object metadata.


option modifyvxtune

Using the option commandsTo display the NFS daemons

◆ To display the number of NFS daemons, enter the following:

System> option show nfsd

For example:

System> option show nfsd

NODENAME NUMBER_DAEMONS

-------- --------------

sfs_01 96

sfs_02 96

To change the NFS daemons

◆ To change the number of NFS daemons, enter the following:

System> option modify nfsd number [nodename]

For example:

System> option modify nfsd 97

521Configuring system informationUsing the option commands

To display the DMP I/O policy

◆ To display the dmpio policy, enter the following:

System> option show dmpio

For example:

NODENAME TYPE ENCLR/ARRAY IOPOLICY

--------- --------- ----------- --------

sfs_01 arrayname disk balanced

sfs_01 enclosure disk minimumq

If you want to view your current enclosure names, use the followingcommand:


For example:


Disk Pool Enclosure Size

===== ==== ========== ====

sda_01 p1 OTHER_DISKS 10.00G

ID Serial Number

== =============

VMware%2C:VMware%20Virtual%20S:0:0 -

To change the DMP I/O policy

◆ To change the DMP I/O policy, enter the following:

System> option modify dmpio

{enclosure enclr_name|arrayname array_name|arraytype {A/A|A/P|...}}

iopolicy={adaptive|adaptiveminq|balanced|minimumq|priority|

round-robin|singleactive}

The dmpio policy variables are the following:

Name of the enclosure to distinguish between arrays havingthe same array name.

enclr_nameenclosure

Name of the array. Two physical array boxes of the samemake have the same array name.

array_namearrayname

Configuring system informationUsing the option commands

522

A multipathing type of array. Use one of the following:

active-active, active-active-A, active-active-A-HDS,active-active-A-HP, APdisk, active-passive, active-passive-C,active-passiveF-VERITAS, active-passiveF-T3PLUS,active-passiveF-LSI, active-passiveG, active-passiveG-C,Disk, CLR-A-P, CLR-A-PF

array_typearraytype

In storage area network (SAN) environments, this optiondetermines the paths that have the least delays, andschedules the I/O on the paths that are expected to carry ahigher load. Priorities are assigned to the paths inproportion to the delay.

adaptiveiopolicy

The I/O is scheduled according to the length of the I/O queueon each path. The path with the shortest queue is assignedthe highest priority.

adaptiveminq

Takes into consideration the track cache to balance the I/Oacross paths.

balanced

Uses a minimum I/O queue policy. The I/O is sent on thepaths that have the minimum number of I/O requests in thequeue. This policy is suitable for low-end disks or JBODswhere a significant track cache does not exist. This policyis the default for Active/Active (A/A) arrays.

minimumq

Assigns the path with the highest load carrying capacity asthe priority path. This policy is useful when the paths in aSAN have unequal performances, and you want to enforceload balancing manually.

priority

Sets a standard round-robin policy for the I/O. This policyis the default for Active/Passive (A/P) and AsynchronousActive/Active (A/A-A) arrays.

round-robin

The I/O is channeled through the single active path.singleactive

To reset the DMP I/O policy

◆ To reset the DMP I/O policy, enter the following:

System> option reset dmpio

{enclosure enclr_name|arrayname array_name|arraytype {A/A|A/P|...}}


To display the ninodes cache size

◆ To display the ninodes cache size, enter the following:

System> option show ninodes

For example:

System> option show ninodes

INODE_CACHE_SIZE

----------------

2000343

To change the ninodes cache size

◆ To change the ninodes cache size, enter the following:

System> option modify ninodes number

For example:

System> option modify ninodes 2000343

SFS option WARNING V-288-0 This will require cluster wide reboot.

Do you want to continue (y/n)?

To display the tunefstab parameter

◆ To display the tunefstab parameter, enter the following:

System> option show tunefstab

For example:


NODENAME ATTRIBUTE VALUE

-------- --------- -----

sfs_01 write_throttle 0

Configuring system informationUsing the option commands

524

To modify the tunefstab parameter

◆ To modify the tunefstab parameter, enter the following:

System> option modify tunefstab write_throttle value

where value is the number you assign to the write_throttle parameter.

For example:

System> option modify tunefstab write_throttle 20003



-------- --------- -----



To display the value of the dmptune attribute

◆ To display the value of the dmptune attribute, enter the following:

System> option show dmptune

For example:

System> option show dmptune


-------- --------- -----

sfs_01 dmp_path_age 57

sfs_01 dmp_health_time 44


To modify the value of the dmp_path_age and dmp_health_time attributes

◆ To modify the value of the dmp_path_age and dmp_health_time attributes,enter the following:

System> option modify dmptune {dmp_path_age value | dmp_health_time

value}

Modify the value of dmp_health_time.

This attribute sets the time in seconds for which a path muststay healthy. If a path’s state changes back from enabled todisabled within this time period, DMP marks the path asintermittently failing, and does not re-enable the path for I/Ountil dmp_path_age seconds elapse. The default value ofdmp_health_time is 60 seconds. A value of 0 prevents DMPfrom detecting intermittently failing paths.

dmp_path_agevalue

Sets the time in seconds for which a path must stay healthy. If apath's state changes back from enabled to disabled within thistime period, DMP marks the path as intermittently failing, andDMP does not re-enable the path for I/O until thedmp_path_ageseconds have elapsed.

The default value of dmp_health_time is 60 seconds. A valueof 0 prevents DMP from detecting intermittently failing paths.

dmp_health_timevalue

For example:

System> option modify dmptune dmp_path_age 40

System> option modify dmptune dmp_health_time 50

Modifying and displaying thevolpagemod_max_memsz parameter of vxtune

You can modify the maximum memory measured in kilobytes that is allocatedfor cache object metadata. The default value for volpagemod_max_memsz is set to6144 KB. The value that should be used is determined by the total size of volumesfor which instant rollbacks are taken.

Configuring system informationModifying and displaying the volpagemod_max_memsz parameter of vxtune

526

To modify the volpagemod_max_memsz parameter of vxtune

◆ To modify the volpagemod_max_memsz parameter of vxtune, enter thefollowing:

System> option modify vxtune volpagemod_max_memsz value

The following formula can be used to calculate the required value ofvolpagemod_ max_memsz:

size_in_KB=6 * (total_filesystem_size_in_GB) * (64/region_size_in_KB)

region_size can be set to 256 KB by default for large file systems.

For example, to modify the volpagemod_max_memsz parameter of vxtune,enter the following:

System> option modify vxtune volpagemod_max_memsz 12288

To display the value of the vxtune parameters

◆ To display the value of the vxtune parameters, enter the following:

System> option show vxtune

For example, to display the value of the vxtune parameters, enter thefollowing:

System> option show vxtune

NODENAME TUNABLE VALUE(KB)

-------- ------- ---------

sfs_01 volpagemod_max_memsz 12288

sfs_02 volpagemod_max_memsz 12288

527Configuring system informationModifying and displaying the volpagemod_max_memsz parameter of vxtune

Configuring system informationModifying and displaying the volpagemod_max_memsz parameter of vxtune

528

Using the VMware vSphereextension for SymantecFileStore


■ About the VMware vSphere extension for FileStore

■ How the VMware vSphere extension for FileStore interacts with other FileStoreapplications

■ Useful links from VMware on NFS support and customization while cloningvirtual machines

■ Adding storage to ESX servers

■ Creating a virtual machine

■ Creating virtual machine clones using Symantec FileSnap

■ Specifying the number of virtual machine clones to be created

■ Specifying where to create the virtual machine clones

■ Specifying the guest operating system if customizing for Linux or Windows

■ Specifying network customization parameters for guest operating systems ifusing DHCP or Static IP

■ Configuring the VMware View

■ Verifying the virtual machine clones

16Chapter

About the VMware vSphere extension for FileStoreFileStore provides the benefits of a highly-scalable NAS and NFS solution forVMware ESX server workloads.

The VMware vSphere extension for FileStore enables the following functionality:

■ Provides a VMware vCenter Server plug-in for seamless integration into thevSphere user interface.

The VMware vCenter Server plug-in gives you the ability to do the following:

■ Quickly clone hundreds of virtual machines based off a single golden imageusing Symantec FileSnap technology, a component of SymantecVirtualStore.

■ Add storage from a FileStore cluster to multiple ESX servers.

Figure 16-1 FileStore architecture in VMware vSphere

With this architecture, the FileStore cluster provides NAS storage that is mountedon your VMware ESX servers as an NFS datastore. The FileStore cluster providesVCenter plug-ins that can be invoked through the vSphere client user interface.

Using the VMware vSphere extension for Symantec FileStoreAbout the VMware vSphere extension for FileStore

530

How the VMware vSphere extension for FileStoreinteracts with other FileStore applications

Note: For the latest information on how the VMware vSphere extension forFileStore interacts with other applications, see the Symantec FileStore ReleaseNotes.

Table 16-1 Application support for the VMware vSphere extension for FileStore

DescriptionFeature orapplication

When restoring a virtual machine using either the embeddedNetBackup client or NDMP from a backup, it is required to turn offthe virtual machine before restoring. Once the restore is completed,the virtual machine can be turned on.

Backup

Useful links from VMware on NFS support andcustomization while cloning virtual machines

To learn more about NFS support and customization while cloning virtualmachines, refer to the following locations.

■ Best practices for running VMware vSphere on Network Attached Storage(White paper):http://vmware.com/files/pdf/VMware_NFS_BestPractices_WP_EN.pdf

■ VirtualCenter2 templates usage and best practices (White paper). Best practicesfor setting up templates and guest customization:http://www.vmware.com/pdf/vc_2_templates_usage_best_practices_wp.pdf

■ vSphere Basic System Administration Guide. See the guest operating systemscustomization chapter.https://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_admin_guide.pdf

531Using the VMware vSphere extension for Symantec FileStoreHow the VMware vSphere extension for FileStore interacts with other FileStore applications

http://vmware.com/files/pdf/VMware_NFS_BestPractices_WP_EN.pdf

http://www.vmware.com/pdf/vc_2_templates_usage_best_practices_wp.pdf

https://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_admin_guide.pdf

Adding storage to ESX serversTo add storage to ESX servers

1 Right-click on a datacenter, cluster, folder, or an ESX server in the vSphereClient window. Choose Addstorage from clustername, where clustername isthe FileStore cluster that has been registered with this vCenter Server, andfrom which you want to add storage.

2 In the Add Symantec Storage window, specify ESX server information, NFSstorage, and datastore information in the appropriate fields.

In the ESX Servers table, check the ESX server(s) to which youwant to add storage.

The ESX servers that are displayed under the ESX Host Namecolumn depend on what entity you selected in step 1. If the entityselected is a datacenter, all the ESX servers in the datacenter aredisplayed. If the entity selected is a folder, all the ESX servers inthe folder are displayed. If the entity selected is a cluster, thenall the ESX servers in that cluster are displayed.

Basically, a datacenter, a cluster, or a folder are containers ofESX servers.

ESX Servers

In the NFS Storage Properties table, in the drop-down menu,select a virtual IP address.

Virtual IP Address

In the NFS Storage Properties table, in the drop-down menu,select the directory path of the NFS share.

Share

In the NFS Storage Properties table, check if you want themounted NFS share to be read-only.

Mount NFS ReadOnly

A datastore name is automatically generated based on the virtualIP address and the NFS share that you selected.

You can change the datastore name to whatever you choose.

Note:The datastore name must be unique. If the datastore nameis not unique, you receive an error message after clicking Submit.

Datastore Name

3 Click Submit.

Using the VMware vSphere extension for Symantec FileStoreAdding storage to ESX servers

532

Creating a virtual machineTo create a virtual machine

◆ Create a virtual machine.

See the VMware vSphere Virtual Machine Administration Guide.

http://www.vmware.com/pdf/vsphere4/r41/vsp_41_vm_admin_guide.pdf

If you plan on using or integrating the virtual machine with VMware View,create a virtual machine for use with VMware View.

See the VMware View Administrator's Guide.

http://www.vmware.com/pdf/view45_admin_guide.pdf

Note: If you plan to use the VMware vApp and OVF templates, then you mustdisable the vApp.

See the Symantec FileStore Release Notes for more information.

MAC address conflicts may arise if static addresses are used.

See the VMware Knowledge Base Article on changing the MAC address of ahosted virtual machine for more information.

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=507

Creating virtual machine clones using SymantecFileSnap

This section describes how to create virtual machine clones using SymantecFileSnap. FileSnap is a component of Symantec VirtualStore.

Note:Before being able to create virtual machine clones using Symantec FileSnap,you must have registered your FileStore cluster with a vCenter Server using theFileStore CLI. You must also have created a virtual machine.


See “Creating a virtual machine” on page 533.

533Using the VMware vSphere extension for Symantec FileStoreCreating a virtual machine

http://www.vmware.com/pdf/vsphere4/r41/vsp_41_vm_admin_guide.pdf

http://www.vmware.com/pdf/view45_admin_guide.pdf

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=507

To create virtual machine clones using Symantec FileSnap

1 Right-click on the virtual machine you want to clone, and select FileSnap onclustername in the vSphere Client window.

Depending upon whether the virtual disks belong to a Symantec datastore(CNFS/VirtualStore), the GUI allows or disallows the cloning operation of thevirtual machine. To allow cloning, at least one virtual disk must be from aSymantec datastore. If the NEXT button is not displayed, then the GUI displaysa message that the cloning operation is not allowed on this virtual machine.

2 In the Security alert window, click Yes.

See “Specifying the number of virtual machine clones to be created”on page 535.

Using the VMware vSphere extension for Symantec FileStoreCreating virtual machine clones using Symantec FileSnap

534

Specifying the number of virtual machine clones tobe created

To specify the number of virtual machine clones to be created

1 In the Clone Name Pattern window of the Symantec Quick Clone VirtualMachineWizard, enter virtual machine clone information in the appropriatefields.

Specify the number of virtual machine clones you want to create.Number of Clones

Specify the name of the virtual machine clone.

The clone name should only contain alpha-numeric characters,underscores, and or hyphens.

Clone Name

Specify the number of the virtual machine clone that you wantto start creating clones from.

Start From

2 Click Next.

See “Specifying where to create the virtual machine clones” on page 535.

Specifyingwhere to create the virtualmachine clonesTo specify where to create the virtual machine clones

1 In the Clone Target window of the Symantec Quick Clone Virtual MachineWizard, enter the datacenter, ESX host/cluster, and the resource pool forcreating virtual machine clones in the appropriate fields.

From the drop-down menu, select the datacenter where you wantthe virtual machine clones to reside.

Datacenter(required)

From the drop-down menu, select the ESX host/cluster whereyou want the virtual machine clones to reside.

ESX Host(required)

From the drop-down menu, select the resource pool for runningthe virtual machine clones.

A resource pool is a VMware term; it is a division of computingresources that are used to manage allocations between virtualmachines.

Resource Pool

535Using the VMware vSphere extension for Symantec FileStoreSpecifying the number of virtual machine clones to be created

If you want to customize the guest OS and network for virtualmachine clones, check the Customize theguestOSandnetworkfor virtual machine clones checkbox.

Customize theguest OS andnetwork for virtualmachine clones

If you want to customize the VMware View, check the CustomizeVMware View checkbox.

Configure theVMware View

If you want to customize the virtual machine for advancedconfiguration, check the Customize for advanced VMconfiguration checkbox.

This feature lets you:

■ Select a vmdk file for performing a full copy of a particulardisk while creating a virtual machine clone.

■ Ability to create a virtual machine clone of a single vmdk filerather than a full virtual machine clone.

Customize foradvanced VMconfiguration

2 Click Next.

See “Specifying the guest operating system if customizing for Linux orWindows” on page 536.

Specifying the guest operating system if customizingfor Linux or Windows

To specify the guest operating system if customizing the guest operating systemfor Linux

1 In the GuestOSCustomization window of the SymantecQuickCloneVirtualMachine Wizard, specify the guest operating system parameters for virtualmachine clones if you want to customize the guest operating system for Linux.

Specify the guest operating system name that you want tocustomize.

Guest OS Name

Specify the number of the virtual machine clone that you wantto start from.

Start From

2 Click Next.

Using the VMware vSphere extension for Symantec FileStoreSpecifying the guest operating system if customizing for Linux or Windows

536

To specify the guest operating system if customizing the guest operating systemfor Windows

1 In the GuestOSCustomization window of the SymantecQuickCloneVirtualMachine Wizard, specify the guest operating system parameters for virtualmachine clones if you want to customize the guest operating system forWindows.

Specify the guest operating system name that you want tocustomize.

The guest OS name should only contain alpha-numeric charactersand or hyphens.

The full host name (concatenated Guest OS Name and StartFrom) cannot be greater than 63 characters.

Guest OS Name

Specify the number of the virtual machine clone that you wantto start from.

Start From

Specify the product ID for the virtual machine clone.

The product ID should only contain alpha-numeric characters,underscores, and or hyphens.

Product ID

Specify the user name for the virtual machine clone.

The user name should only contain alpha-numeric characters,underscores, and or hyphens.

User Name

Specify the name of the company you are from.Company

From the drop-down menu, specify the time zone for creatingthe virtual machine clone.

Timezone

2 Click Next.

See “Specifying network customization parameters for guest operatingsystems if using DHCP or Static IP” on page 538.

537Using the VMware vSphere extension for Symantec FileStoreSpecifying the guest operating system if customizing for Linux or Windows

Specifying network customization parameters forguest operating systems if using DHCP or Static IP

To specify network customization parameters for guest operating systems if usingDHCP

1 If you checked the Customize theguestOSandnetworkforvirtualmachineclones checkbox on the Clone Target window of the Symantec Quick CloneVirtual Machine Wizard, the Network Customization window appears.


Each virtual machine may have multiple network adapters.

2 In the Network Customization window, if you select DHCP as the IPAssignment, you do not need to specify values for the IPAddress, Netmask,and the Gateway fields.

3 Click Next.

To specify network customization parameters for guest operating systems if usingStatic IP

1 If you checked the Customize theguestOSandnetworkforvirtualmachineclones checkbox on the Clone Target window of the Symantec Quick CloneVirtual Machine Wizard, the Network Customization window appears.


2 In the Network Customization window, if you select Static IP as the IPAssignment, enter information in the appropriate fields.

If you select Static IP from the drop-down menu, you need toenter values for IP Address, Netmask, and Gateway fields.

Note: Static IP address assignment is not supported for Windows7 or Windows Server 2008 virtual machine clones.

IP Assignment

Specify a valid IP address for the network adapter card.

Each virtual machine may have multiple network adapters.

IP Address

Specify a valid netmask address for the network adapter.Netmask

Specify a valid gateway IP address for the network adapter.Gateway

3 Click Next.

See “Configuring the VMware View” on page 539.

Using the VMware vSphere extension for Symantec FileStoreSpecifying network customization parameters for guest operating systems if using DHCP or Static IP

538

Configuring the VMware ViewTo configure the VMware View

1 If you checked the ConfigVMwareView checkbox on the CloneTarget windowof the Symantec Quick Clone Virtual Machine Wizard, the VMware ViewConfiguration window appears.


539Using the VMware vSphere extension for Symantec FileStoreConfiguring the VMware View

2 In the VMware View Configuration window, enter information in theappropriate fields to import cloned virtual machines as a new Desktop Poolin the VMware View.

Specify the name of the server or IP address for the server forimporting cloned virtual machines.

Note: You must log on to the vCenter Server using the same IPaddress or a fully-qualified domain name (FQDN) that the VMwareView Server uses to access the vCenter Server for successfulintegration of the cloned virtual machines into the VMware ViewServer.

Server Name/IPAddress

Specify the user name for the VMware administrator.

You must enter a user name.

Username

Specify the password for the server for importing the clonedvirtual machines.

You must enter a password.

Password

Specify the domain for importing the cloned virtual machines.

Note: To be accessed by the VMware View Server, virtualmachines must be joined to a domain. The SymantecQuickCloneVirtualMachineWizard can automatically join virtual machineclones to the domain entered on the VMwareViewConfigurationwindow. This operation requires that both Customize the guestOS and Config VMware View are checked on the Clone Targetwindow.

See “Specifying where to create the virtual machine clones”on page 535.

Domain

Specify the pool ID for importing the cloned virtual machines.

You must enter a pool ID.

Pool ID

Specify if you want persistent pools by checking this checkbox.

Pool persistence indicates if users are allocated a dedicateddesktop. This option statically assigns the desktop to a user onthe first connection. All user documents, applications, andsettings are retained between sessions.

Pool Persistence

3 Click Next.

See “Verifying the virtual machine clones” on page 541.

Using the VMware vSphere extension for Symantec FileStoreConfiguring the VMware View

540

Verifying the virtual machine clonesTo verify the list of requested virtual machine clones

1 In the Summary window of the Symantec Quick Clone Virtual MachineWizard, verify the list of requested virtual machine clones.

2 If you want to turn on the virtual machine clones after they are created, checkthe Power on clones after creation checkbox.

3 Click Submit.

541Using the VMware vSphere extension for Symantec FileStoreVerifying the virtual machine clones

Using the VMware vSphere extension for Symantec FileStoreVerifying the virtual machine clones

542

Configuring disasterrecovery


■ About disaster recovery

■ About DNS update

■ About the DNS update set command

■ Configuring the DNS update service

■ Starting and stopping the DNS update service

■ Displaying DNS update settings

About disaster recoveryFileStore disaster recovery includes a series of commands and procedures availableto help you recover quickly from system failures. Currently, the disaster recoveryfeatures includes a set of DNS update commands which enable you to keep DNSserver support active during failover situations.

About DNS updateThe FileStore DNS update feature enables users to update DNS records so thatclients can be served from a different cluster. This feature is useful in failoversituations where an active FileStore cluster must be brought down and the servicesmoved to the backup cluster.

Consider the scenario shown in Figure 17-1. In this example, there are two FileStoreclusters (Cluster 1 and Cluster 2). Cluster 1 is the active cluster. Cluster 2 is the

17Chapter

"backup" cluster, the cluster that can run services when Cluster 1 is brought down.Data is kept in synchronization between the two clusters using the FileStorereplication feature. However, at any given time, the DNS server stores resourcerecords for only one cluster.

In previous releases, DNS updates had to be done manually when cluster operationswere switched form one cluster to another. Now, you can use FileStore DNS updatecommands to update the DNS server. The DNS update feature is supported forUNIX and Linux-based DNS servers only. Windows-based DNS servers are notsupported.

Figure 17-1 Active and backup clusters

By default, the DNS update service is offline. To use the DNS update service, firstuse the DR> dnsupdate set command to configure the DNS update serviceparameters, then use the DR> dnsupdate start command to start the service.

Table 17-1 DNS update commands

DescriptionCommand

Shows the configuration settings for DNS update. Configurationsettings include the DNS server name, DNS domain name, key filelocation, and so on. This command also shows the status of theDNS update service on the local and the remote clusters.

See “Displaying DNS update settings” on page 550.

dnsupdate show

Configuring disaster recoveryAbout DNS update

544

Table 17-1 DNS update commands (continued)

DescriptionCommand

Starts the DNS update service on the local cluster and uploadscluster-specific information to the DNS server. Any new clientsare served from the cluster where the command was issued.

See “Starting and stopping the DNS update service” on page 549.

dnsupdate start

Stops the DNS update service on the local cluster. DNS informationfor the local cluster is removed from the DNS server. When theDNS update service is stopped on the local cluster, new clients areserved from the "backup" cluster, provided the DNS update servicehas been started on the backup cluster.

See “Starting and stopping the DNS update service” on page 549.

dnsupdate stop

Configures the DNS update service parameters.

See “About the DNS update set command” on page 545.

dnsupdate set

About the DNS update set commandUse the DR> dnsupdate set command to configure the DNS update service. If noreplication links have been added to the DNS update configuration, theconfiguration parameters apply to the local cluster only. If replication links havebeen added, the configuration parameters are applied to both the local and theremote cluster.

Make sure that the DNS update service is offline before you set configurationparameters. If the service is online on a cluster, the parameters cannot be set onthat cluster.

Table 17-2 DNS update set command arguments

DefinitionCommand

Sets the IP address of the DNS server where name resolutionrecords are uploaded.

See “Configuring the DNS update service” on page 546.

set dns_server

Sets the domain name that is associated with the DNS server.This domain specifies the service that is hosted on the cluster.Clients use the domain name to access the cluster's service.


set domain_name

545Configuring disaster recoveryAbout the DNS update set command

Table 17-2 DNS update set command arguments (continued)

DefinitionCommand

Sets the SCP path to the transaction signature (TSIG) key filesfor the DNS server. These files are used to send secure updatesto the DNS server. Once this path is provided, FileStore keeps alocal copy of key files on each node of the cluster.


set keyfiles

Configures the specified replication link with the same DNSupdate parameters as on the local cluster.

The DR> dnsupdate set addreplink command does notcreate replication links, it only configures them for the DNSupdate service.

Replication links are created using theReplication> config

command. See for the Symantec FileStore Replication Guide formore information.


set addreplink

Removes a replication link from the DNS update configuration.


set delreplink

Configuring the DNS update serviceUse the DR> dnsupdate set command to configure the DNS update serviceparameters.

You can configure DNS update service parameters on a cluster only when the DNSupdate service is offline for the cluster. The parameter changes take effect whenthe DNS update service is started.

To set the DNS server

◆ To set the DNS server where configuration information is uploaded, enterthe following:

DR> dnsupdate set dns_server ip_address

where ip_address is the IP address of the DNS server.

For example:

DR> dnsupdate set dns_server 172.10.409.251

SFS DNSupdate SUCCESS V-288-0 operation dnsserver 172.10.409.251

successful on cluster1.

Configuring disaster recoveryConfiguring the DNS update service

546

To set the domain name

◆ To set the domain name that is associated with the DNS server, enter thefollowing:

DR> dnsupdate set domain_name domain_name

where domain_name is the domain name. This domain specifies the servicethat is hosted on the cluster. Clients use the domain name to access thecluster's service.

For example:

DR> dnsupdate set domain_name sfs.example.com

SFS DNSupdate SUCCESS V-288-0 operation domain_name

sfs.example.com successful on cluster1.

To set the keyfiles path

◆ To set the path to the TSIG key files for the DNS server, enter the following:

DR> dnsupdate set keyfiles scp-URL filename.key filename.private

Indicates the SCP URL where the key files are stored for the DNSserver.

The TSIG key files are a pair of files that are generated by theDNS server administrator. They are used for making secureupdates to the DNS server. One file in the pair has a *.keyextension. The other file has a *.private extension.

scp-URL

Indicates the file name for the *.key TSIG file.filename.key

Indicates the file name for the *.private TSIG file.filename.private

For example:

DR> dnsupdate set keyfiles scp://lkarnes@mkt1:/secure/

Kexample.com.+157+20648.key Kexample.com.+157+20648.private

Password:*******

SFS DNSUpdate SUCCESS V-288-0 operation keyfile

Kexample.com.+157+20648.private successful on cluster1.

547Configuring disaster recoveryConfiguring the DNS update service

To add a replication link to the DNS update configuration

◆ To add a replication link to the DNS update configuration, enter the following:

DR> dnsupdate addreplink link_name

where link_name is the name of a replication link.

The DR> dnsupdate set addreplink command does not create a replicationlink, instead it configures the specified replication link with the same DNSupdate parameters as on the local cluster.

For example:

DR> dnsupdate addreplink Rep1

SFS DNSUpdate SUCCESS V-288-0 operation addreplink Rep1


When you add a replication link to the DNS update configuration, existingparameters for the DNS update service are set on both the local and the remotecluster.

For example:

SFS DNSupdate SUCCESS V-288-0 operation dnsserver

172.10.409.251 successful on cluster2.

SFS DNSupdate SUCCESS V-288-0 operation domain_name

sfs.example.com successful on cluster2.


Kexample.com.+157+20648.private successful on cluster2.


scp://lkarnes@mkt1:/secure/ successful on cluster2.

To delete a replication link from the DNS update configuration

◆ To delete a replication link to the DNS update configuration, enter thefollowing:

DR> dnsupdate delreplink link_name

where link_name is the name of a replication link.

The DR> dnsupdate set delreplink command does not delete a replicationlink, instead it removes the link from the DNS update configuration.

For example:

DR> dnsupdate delreplink Rep1

SFS DNSUpdate SUCCESS V-288-0 operation delreplink Rep1


Configuring disaster recoveryConfiguring the DNS update service

548

Starting and stopping the DNS update serviceTo start the DNS update service

◆ To start the DNS update service, enter the following:

DR> dnsupdate start

Starting...

SFS DNSupdate SUCCESS V-288-0 DNSupdate started.

The DR> dnsupdate start command works on the local cluster only.

When the DNS service is started, FileStore updates the DNS server with aType-A DNS record that contains a list of VIP addresses for the cluster. Basedon this record, the DNS server uses a round-robin method to resolve thedomain name with the appropriate VIPs.

Among the clusters that are configured for the DNS update service, the servicecan be online on only one cluster at a time. If the DNS update service is onlineon any of the remote clusters that are configured through replication links,then the service cannot be started on the local cluster.

To stop the DNS update service

◆ To stop the DNS update service, enter the following:

DR> dnsupdate stop

Stopping...

SFS DNSupdate SUCCESS V-288-0 DNSupdate stopped.

The DR> dnsupdate stop command works on the local cluster only.

549Configuring disaster recoveryStarting and stopping the DNS update service

Displaying DNS update settingsTo display DNS update settings

◆ To display DNS update status and configuration settings, enter the following:

DR> dnsupdate show

Status

Location Console IP Status

-------- ---------- ------

Local 10.209.188.192 ONLINE

Rep1 10.733.195.186 OFFLINE

Rep2 10.733.195.187 OFFLINE

Configuration

Parameter Value

--------- -----

DNSServer 172.10.409.251

DomainName sfs.example.com

Keyfile Kexample.com.+157+20648.private

Status on the remote cluster is shown only if related replication links havebeen added to the configuration.

Configuring disaster recoveryDisplaying DNS update settings

550

Upgrading SymantecFileStore


■ About upgrading patches

■ Displaying the current version of FileStore

■ About installing patches

■ About types of patches

■ Installing patches

■ Uninstalling patches

■ Synchronizing software upgrades on a node

About upgrading patchesThe upgrade commands install or uninstall upgrades to the FileStore software.The upgrades can be patches or drivers. The software is installed or uninstalledon all of the nodes. The upgrade commands are defined in Table 18-1.

To access the commands, log into the administrative console (for master,system-admin, or storage-admin) and enter the Upgrade> mode.


Note:To avoid potential upgrade issues, stop all workloads from clients, and thenre-initiate the upgrade.

18Chapter

Table 18-1 Upgrade mode commands

DefinitionCommand

Displays the current version of FileStore, the patch level. TheUpgrade> show detail command displays information about majorupgrades.

Error messages are displayed if any of the nodes in the cluster do nothave matching software versions or operating system packagesinstalled.

See “Displaying the current version of FileStore” on page 553.

show

Downloads the patch from the specified URL and installs it on all ofthe nodes.

See “About installing patches” on page 554.

patch install

Uninstalls the software upgrade from all of the nodes up to thespecified version.


patchuninstall-upto

Synchronizes the specified node.


patch sync

Upgrading Symantec FileStoreAbout upgrading patches

552

Displaying the current version of FileStoreTo display the current version of FileStore

1 To display the current version of FileStore and the patch level, enter thefollowing:

Upgrade> show

For example:

Upgrade> show

5.7 ENTERPRISE EDITION (Fri April 15 16:12:40 2011),

Installed on Thurs April 21 09:23:28 PDT 2011

2 To display the current version of FileStore, the patch level, and majorupgrades, enter the following:

Upgrade> show detail

For example:

Upgrade> show detail

5.7 ENTERPRISE EDITION (Fri April 15 16:12:40 2011),

Installed on Thurs April 21 09:23:28 PDT 2011

Major Upgrade(s)

================

Upgraded from 5.6P2 to 5.7 (Mon April 11 08:40:23 2011) on

Tues April 12 17:21:18 PDT 2011

553Upgrading Symantec FileStoreDisplaying the current version of FileStore

About installing patchesTable 18-2 Patch commands

DefinitionCommand

Downloads the patch from a specified URL and install it on all of thenodes. TheUpgrade> patch install command first synchronizesthe nodes that have different software versions compared to the othernodes.

Note: After you have installed, uninstalled, or synchronized a newFileStore patch into your cluster, the list of available commands mayhave changed. Please re-login to the CLI to access the updated features.

See “Installing patches” on page 556.

patch install

Uninstalls the software upgrade from all of the nodes up to thespecified version. You must specify the versions of software up to theversion that you want to uninstall. This command first synchronizesthe nodes that have different software versions compared to othernodes in the cluster.


patchuninstall-upto

Forcefully synchronizes the specified node, bringing it up to thecurrently installed software version of the remaining nodes in thecluster.

You only need to install the patch on one node, and then run theUpgrade> patch sync command to synchronize all of the nodes.


patch sync

About types of patchesFileStore patches can be divided into two types based on if a patch requires arestart of the cluster or not:

■ 1) Patches that do not require a cluster restart.This patch upgrades only FileStore-related binaries and any operating systemRPMs that do not require a restart after you apply the patch.Type 1 patches do not require a cluster restart, so the direct upgrade processcan be used. The direct upgrade process does not bring down any nodes orresources while the patch is applied, and the upgrade applies the patch on allthe nodes in parallel. The cluster remains in a running state serving clientswhile the upgrade process is running.

Upgrading Symantec FileStoreAbout installing patches

554

■ 2) Patches that require a cluster restart.This patch upgrades operating system RPMs and FileStore binaries that requirea restart of the cluster. These patches require a one-time cluster restart.Type 2 patches require a one-time cluster restart, so use the phased upgradeprocess to minimize downtime. In a phased upgrade, the upgrade processselects one of the nodes, called the first-stage node, and stops all services andresources on the first-stage node. All resources failover to other nodes includingthe VIP groups. During the failover process, the clients connected to the firststage node VIP are intermittently interrupted. For the clients that do nottimeout, the service resumes after the VIP goes back online on one of thesecond-stage nodes. The first-stage node is upgraded first. While the upgradeprocess is running on the first-stage node, the remaining nodes (second-stagenodes) continue serving clients. Once the first-stage node has been upgraded,it restarts the first-stage node. Immediately after the first-stage node comesup, the upgrade process stops the services and resources on the remainingnodes. When the first-stage node comes up, all services and resources areonline and serving clients. Meanwhile, the phased upgrade starts the patchupgrade process on the remaining nodes. After completion of the patch upgradeon the remaining nodes, the cluster recovers to normal and services arebalanced across the cluster.In the case of a phased upgrade, you are prompted with a message such as thefollowing:

Applying this patch requires reboot of cluster node(s) and

uses a phased upgrade mechanism. In phased upgrade method, the patch

will be applied on one of the cluster nodes in first phase and then on

rest of the nodes in second phase. There will be a downtime of service

between these two phases. Do you want to continue with phased

installation of this patch? [y|n]

Also, in the case if a phased upgrade fails, the patch synchronization processdoes not bring a node back to the same level as for the console node. Failednodes should be added back to the cluster using the Cluster> install andCluster> add commands.

Note: An uninstall is not supported for phased-upgrade patches.

Note: FileStore does not support rollback if the patch upgrades any RPMs.

555Upgrading Symantec FileStoreAbout types of patches

Installing patchesTo install the latest patches on your system

◆ To install the latest patches, enter the following:

Upgrade> patch install URL

where URL is the URL location from where you can download the softwarepatch. The URL supports HTTP, FTP, and SCP protocols for download. Theuser name and password for the HTTP and FTP protocols are supported.

For example, you can download a FileStore patch from an HTTP server withauthentication and install it.

http://[email protected]/SFS_UPDATES/SFS.iso

tg3.ko:3.71b,megaraid_sas.ko:00.00.03.16

Enter password for user 'admin': **********

Please wait. Upgrade is in progress...

Patch upgraded on all nodes of cluster.

Uninstalling patchesTo uninstall patches

◆ To uninstall the software upgrades, enter the following:

Upgrade> patch uninstall-upto version

where version specifies the versions of software up to the version that youwant to uninstall.

For example:

Upgrade> patch uninstall-upto 5.6P1

OK Completed

Synchronizing software upgrades on a nodeThe Upgrade> patch sync command checks that all the nodes are on the samepatch level or not. If not, FileStore brings the nodes that are on different patchlevels to the same patch level as for the console node.

Upgrading Symantec FileStoreInstalling patches

556

To forcefully synchronize software upgrades on a node

◆ To forcefully synchronize software upgrades on a node, enter the following:

Upgrade> patch sync nodename

wherenodename specifies the node that needs to be synchronized to the samesoftware version as the one currently installed in the cluster.

For example:

Upgrade> patch sync node2

...............

Syncing software upgrades on node2...

SFS patch SUCCESS V-288-122 Patch sync completed.

557Upgrading Symantec FileStoreSynchronizing software upgrades on a node

Upgrading Symantec FileStoreSynchronizing software upgrades on a node

558

Using Symantec AntiVirusfor FileStore


■ About Symantec AntiVirus for FileStore

■ About Symantec AntiVirus for FileStore licensing

■ About Symantec AntiVirus for FileStore commands

■ Displaying Symantec AntiVirus for FileStore configurations

■ About configuring Symantec AntiVirus for FileStore on all the nodes in thecluster

■ Configuring Symantec AntiVirus for FileStore on the cluster's nodes

■ About configuring Auto-Protect on FileStore file systems

■ Configuring Auto-Protect on FileStore file systems

■ About excluding file extensions

■ Configuring file extensions for the Symantec AntiVirus for FileStoreconfiguration file

■ About Symantec AntiVirus for FileStore LiveUpdate

■ Using Symantec AntiVirus for FileStore with LiveUpdate

■ About using Symantec AntiVirus for FileStore quarantine commands

■ Using Symantec AntiVirus for FileStore quarantine commands

■ Setting the Symantec AntiVirus for FileStore action policy

19Chapter

■ About using Symantec AntiVirus for FileStore manual scan commands

■ Using Symantec AntiVirus for FileStore manual scan commands

■ About scheduling a Symantec AntiVirus for FileStore scan job

■ Scheduling a Symantec AntiVirus for FileStore scan job

About Symantec AntiVirus for FileStoreFileStore software lets you access data through numerous protocols includingNFS, CIFS, and FTP. You can store your data on the network-attached storage.Symantec AntiVirus for FileStore provides on-access virus protection for the datathat can be accessed through FileStore. Symantec AntiVirus for FileStore detectsand prevents the spread of malicious virus code before your data is compromised.

Symantec AntiVirus for FileStore provides two methods for protecting data:

■ Auto-Protect (AP) scan - protects files and file systems as they are accessed(when a file is opened, modified, or executed)You can use the Auto-Protect method to conduct client access on-demandscanning of NFS, CIFS, or other protocols within FileStore.Symantec AntiVirus for FileStore provides support for the Auto-Protect methodthrough use of the autoprotect commands.

See “About configuring Auto-Protect on FileStore file systems” on page 565.

■ Scheduled scan - scans file systems for viruses when requested or at scheduledintervalsYou can use the Scheduled scan method to have automated scans occur atregular times, or to manually scan file systems on an as-needed basis.Symantec AntiVirus for FileStore provides support for Scheduled scans throughuse of the job and scan commands.

See “About scheduling a Symantec AntiVirus for FileStore scan job” on page 580.See “About using Symantec AntiVirus for FileStore manual scan commands”on page 578.

Note:Symantec AntiVirus for FileStore is based on Symantec Endpoint Protectiontechnology and is an optional component of the FileStore product. SymantecAntiVirus for FileStore requires you to have a valid Symantec Endpoint Protectionmaintenance agreement in order for the product feature to be licensed correctly.

Using Symantec AntiVirus for FileStoreAbout Symantec AntiVirus for FileStore

560

Figure 19-1 Symantec AntiVirus for FileStore overview

Client Server

1. Client opens a file. 2. Symantec AntiVirus forFileStore scans the file.3. If a virus is found,Symantec AntiVirus forFileStore reacts based on thepolicies.

4. Client is allowed ordenied access to the file.

The client attempts to access a file from the share. A file becomes a candidatefor scanning when it is accessed.

1.

If Auto-Protect (AP) is enabled on the share, Symantec AntiVirus for FileStoreverifies if the file needs to be scanned or not based on parameters, such as fileextensions. If Auto-Protect is not enabled on that share, it lets you access thefile without Symantec AntiVirus for FileStore intervention.

2.

If the file is a candidate to be scanned, Symantec AntiVirus for FileStore scansthe file and takes the specified action, such as delete, quarantine, or clean, basedon the indicated scan action policies.

3.

Based on the scan results, you are allowed or denied access to the file.4.

About Symantec AntiVirus for FileStore licensingFileStore includes the ability to enable scheduled and Auto-Protect (on-demand)antivirus scanning within the FileStore cluster and without requiring externalservers. If you use the Symantec AntiVirus for FileStore antivirus feature, tocomply with the Symantec Endpoint Protection End-User License Agreement(EULA), you must have purchased the appropriate number of licenses. Contactyour Symantec account representative or channel partner representative for moreinformation on licensing Symantec AntiVirus for FileStore.

About Symantec AntiVirus for FileStore commandsTo access the commands, log into your administrative console (master,system-admin, or storage-admin) and enter Antivirus> mode.


561Using Symantec AntiVirus for FileStoreAbout Symantec AntiVirus for FileStore licensing

Table 19-1 Symantec AntiVirus for FileStore commands

DefinitionsCommands

Enables or disables Auto-Protect (AP) on specified file systems.autoprotect

Adds or deletes file extensions to/from the Symantec AntiVirus forFileStore configuration file. Symantec AntiVirus for FileStoreskipsscanning the files whose file extensions are in the excluded list. Bydefault, Symantec AntiVirus for FileStore scans all the files.

excludeextension

Creates and configures the scan task that is identified by a uniquejob_name.

job

Adds, updates, views, and schedules LiveUpdates to SymantecAntiVirus for FileStore for updating virus definitions.

liveupdate

Lists, deletes, repairs, and provides information about quarantineditems.

quarantine

Manually starts, stops, and gives status of the file systems.scan

Sets the Symantec AntiVirus for FileStore action policy. SymantecAntiVirus for FileStore takes action according to action policies whena virus is detected in a file. Available action policies are delete,quarantine, clean, and leave.

scanaction

Starts or stops the Symantec AntiVirus for FileStore service. Thecommand also displays the status of Symantec AntiVirus for FileStoreon each node. By default, the Symantec AntiVirus for FileStoreserviceis stopped on all of the nodes.

service

Displays all of the configuration details of Symantec AntiVirus forFileStore. For example, list of file extensions (doc, exe, zip) and scanaction details (clean, delete).

show

Displaying Symantec AntiVirus for FileStoreconfigurations

The show command displays the Symantec AntiVirus for FileStore logs andconfiguration details.

Using Symantec AntiVirus for FileStoreDisplaying Symantec AntiVirus for FileStore configurations

562

To display Symantec AntiVirus for FileStore configurations

◆ To display Symantec AntiVirus for FileStore logs configuration details, enterthe following:

Antivirus> show logs [number_of_jobs]

wherenumber_of_jobs is the number of scan jobs. You can enter a 0 to displayall scan logs.

For example:

Antivirus> show logs 2

JOB NAME FS NAME SCAN START TIME SCAN END TIME TIME TO SCAN TOTAL THREATS-------- ------- ------------------- ------------------ ------------ -------------MANUALSCAN fs1 2009/06/04 04:03:02 2009/06/02 04:08:03 5 Mins 0job1 fs1 2009/06/03 05:12:01 2009/06/03 05:22:02 10 Mins 3

FILES OMITTED FILES SCANNED NODE NAME------------- ------------- ---------0 100 cluster_010 500 cluster_02

THREAT NAME FILE NAME ACTION TAKEN---------------------- -------------------- --------------------EICAR Test String /vx/fs1/eicar.com Quarantine succeeded.EICAR Test String /vx/fs1/eicarcom2.zip>>eicar_com.zip>>eicar.comQuarantine succeeded.

/vx/fs1/eicarcom2.zip Quarantine succeeded.EICAR Test String /vx/fs1/eicar.com.txt Quarantine succeeded.

About configuring Symantec AntiVirus for FileStoreon all the nodes in the cluster

The service command enables, disables, or displays status for the SymantecAntiVirus for FileStore service on all of the nodes in the cluster.

563Using Symantec AntiVirus for FileStoreAbout configuring Symantec AntiVirus for FileStore on all the nodes in the cluster

Table 19-2 Symantec AntiVirus for FileStore cluster node configurationcommands

DefinitionCommand

Starts Symantec AntiVirus for FileStore on all of the nodes in a cluster.

By default, Symantec AntiVirus for FileStore is disabled on all of thenodes in the cluster.

See “Configuring Symantec AntiVirus for FileStore on the cluster'snodes” on page 564.

service start

Stops Symantec AntiVirus for FileStore on all of the nodes in thecluster.


service stop

Displays the status of the Symantec AntiVirus for FileStore serviceon each node.


service status

Configuring Symantec AntiVirus for FileStore on thecluster's nodes

To start Symantec AntiVirus for FileStore on all nodes in the cluster

◆ To start Symantec AntiVirus for FileStore on all of the nodes in a cluster,enter the following:

Antivirus> service start

By default, the Symantec AntiVirus for FileStore service is offline.

If the Symantec AntiVirus for FileStore service is already started, SymantecAntiVirus for FileStore clears the faults (if any), and then tries to start theSymantec AntiVirus for FileStore service.

For example:

Antivirus> service start

Using Symantec AntiVirus for FileStoreConfiguring Symantec AntiVirus for FileStore on the cluster's nodes

564

To stop Symantec AntiVirus for FileStore on all nodes in the cluster

◆ To stop Symantec AntiVirus for FileStore on all nodes in a cluster, enter thefollowing:

Antivirus> service stop

You receive an error if you try to stop an already stopped Symantec AntiVirusfor FileStore service.

For example:

Antivirus> service stop

To display Symantec AntiVirus for FileStore status on all nodes in the cluster

◆ To display the status of the Symantec AntiVirus for FileStore service on allthe nodes in the cluster, enter the following:

Antivirus> service status

For example:

Antivirus> service status

About configuring Auto-Protect on FileStore filesystems

The autoprotect command enables or disables Auto-Protect (AP) antivirusprotection on specified file system(s) or on all of the FileStore file systems.

The default option enables Auto-Protect on all FileStore file systems.

Table 19-3 autoprotect commands

DefinitionCommand

Enables Auto-Protect on a specified file system(s) or all of the filesystems.

See “Configuring Auto-Protect on FileStore file systems” on page 566.

autoprotect enable

Disables Auto-Protect on a specified file system(s) or all of the filesystems.

See “Configuring Auto-Protect on FileStore file systems” on page 566.

autoprotectdisable

565Using Symantec AntiVirus for FileStoreAbout configuring Auto-Protect on FileStore file systems

Configuring Auto-Protect on FileStore file systemsTo enable Auto-Protect on FileStore file systems

◆ To enable automatic antivirus protection on individual file systems, enterthe following:

Antivirus> autoprotect enable fs_name1,fs_name2

where fs_name1 and fs_name2 are the names of the file systems.

For example, to enable Auto-Protect on specified file systems, enter thefollowing:

Antivirus> autoprotect enable fs1,fs2

By default, Auto-Protect is disabled on newly created file systems. If you issuethe autoprotect enable command without any options, Auto-Protect isenabled on all the file systems in the cluster.

For example, to enable Auto-Protect on all the file systems in the cluster,enter the following:

Antivirus> autoprotect enable

To disable Auto-Protect on FileStore file systems

◆ To disable Auto-Protect on FileStore file systems, enter the following:

Antivirus> autoprotect disable fs_name1,fs_name2

where fs_name1 and fs_name2 are the names of the file systems for whichAuto-Protect should be disabled.

For example:

Antivirus> autoprotect disable fs1,fs2

About excluding file extensionsThe excludeextension command lets you exclude file extensions so they are notincluded in the Symantec AntiVirus for FileStore scan.

Note: File extensions are case-sensitive.

Using Symantec AntiVirus for FileStoreConfiguring Auto-Protect on FileStore file systems

566

Table 19-4 File extension exclusion commands

DefinitionCommand

Adds the file extensions to the Symantec AntiVirus for FileStoreconfiguration file. Symantec AntiVirus for FileStore software doesnot scan the files that are contained in this configuration file.

See “Configuring file extensions for the Symantec AntiVirus forFileStore configuration file” on page 567.

excludeextensionadd

Deletes the files extensions from the Symantec AntiVirus for FileStoreconfiguration file. After the files are deleted from the configurationfile, they are scanned by the Symantec AntiVirus for FileStoresoftware.


excludeextensiondelete

Displays the list of file extensions currently in the Symantec AntiVirusfor FileStore configuration file.


excludeextensionlist

Configuring file extensions for theSymantecAntiVirusfor FileStore configuration file

To add file extensions to the Symantec AntiVirus for FileStore configuration file

◆ To add file extensions to the Symantec AntiVirus for FileStore configurationfile and eliminate the files from being scanned, enter the following:

Antivirus> excludeextension add file_extension1,file_extension2

where file_extension1,file_extension2 are the names of the file extensions youwant to add to the Symantec AntiVirus for FileStore configuration file.

For example:

Antivirus> excludeextension add txt,DOC

SFS antivirus SUCCESS V-288-1128 File extension txt,DOC added

567Using Symantec AntiVirus for FileStoreConfiguring file extensions for the Symantec AntiVirus for FileStore configuration file

To delete file extensions from the Symantec AntiVirus for FileStore configurationfile

◆ To delete file extensions from the Symantec AntiVirus for FileStoreconfiguration file and include the files in the Symantec AntiVirus for FileStorescan, enter the following:

Antivirus> excludeextension delete file_extension1,file_extension2

where file_extension1,file_extension2 are the names of the file extensions youwant to delete from the Symantec AntiVirus for FileStore configuration file.

For example:

Antivirus> excludeextension delete txt

SFS antivirus SUCCESS V-288-1128 File extension txt deleted

To display the list of file extensions in the Symantec AntiVirus for FileStoreconfiguration file

◆ To display the list of file extensions in the Symantec AntiVirus for FileStoreconfiguration file, enter the following:

Antivirus> excludeextension list

For example:

Antivirus> excludeextension list

Parameter Value

---------------------------------- -----

File excluded extension list DOC

About Symantec AntiVirus for FileStore LiveUpdateThe liveupdate feature is used to add LiveUpdate servers to Symantec AntiVirusfor FileStore for updating virus definitions.

Table 19-5 Symantec AntiVirus for FileStore liveupdate commands

DefinitionCommand

Adds the LiveUpdate servers to Symantec AntiVirus for FileStore forupdating virus definitions.

See “Using Symantec AntiVirus for FileStore with LiveUpdate”on page 570.

liveupdateserveradd

Using Symantec AntiVirus for FileStoreAbout Symantec AntiVirus for FileStore LiveUpdate

568

Table 19-5 Symantec AntiVirus for FileStore liveupdate commands (continued)

DefinitionCommand

Deletes a Symantec AntiVirus for FileStore LiveUpdate server or proxyfrom the LiveUpdate servers list.


liveupdateserverdelete

Runs a LiveUpdate of the virus definitions immediately.


liveupdate start

Creates a schedule for the LiveUpdate.


liveupdateschedule create

Modifies a schedule for the LiveUpdate.


liveupdateschedule modify

Deletes the schedule of the LiveUpdate.


liveupdateschedule delete

Displays the LiveUpdate schedule.


liveupdateschedule show

569Using Symantec AntiVirus for FileStoreAbout Symantec AntiVirus for FileStore LiveUpdate

Using Symantec AntiVirus for FileStore withLiveUpdate

To add the LiveUpdate servers to Symantec AntiVirus for FileStore

◆ To add the LiveUpdate servers to Symantec AntiVirus for FileStore, enterthe following:

Antivirus> liveupdate serveradd url

where url is either an HTTP, FTP, or proxy server URL.

For example:

Antivirus> liveupdate server add http://sample.com

SFS antivirus SUCCESS V-288-1263 Server added to liveupdate

server database.

The master node assigns a server ID to the given input. You can add amaximum of 10 servers and 1 proxy server to the LiveUpdate server list.

To delete the server or proxy from the LiveUpdate servers list

◆ To delete the server or proxy from the LiveUpdate servers list, enter thefollowing:

Antivirus> liveupdate serverdelete serverid | proxy

Specifies the ID of the server to be deleted from the LiveUpdateserver list.

serverid

Specifies the proxy server to be deleted from the LiveUpdateserver list.

proxy

For example, this command deletes the proxy server from the LiveUpdateservers list, if the proxy server exists.

Antivirus> liveupdate serverdelete proxy

SFS antivirus SUCCESS V-288-1274 Successfully

proxy server deleted from liveupdate server database.

For example, this command deletes the server that is associated with serverID 3.

Antivirus> liveupdate serverdelete 3

SFS antivirus SUCCESS V-288-1278 Successfully

server with id 3 deleted from liveupdate server database.

Using Symantec AntiVirus for FileStoreUsing Symantec AntiVirus for FileStore with LiveUpdate

570

To run LiveUpdate on Symantec AntiVirus for FileStore

◆ To immediately run LiveUpdate on Symantec AntiVirus for FileStore, enterthe following:

Antivirus> liveupdate start

For example, this command runs LiveUpdate immediately.

Antivirus> liveupdate start

Please wait liveupdate in progress

SFS antivirus SUCCESS V-288-1108 Done

571Using Symantec AntiVirus for FileStoreUsing Symantec AntiVirus for FileStore with LiveUpdate

To create a new schedule for LiveUpdate on Symantec AntiVirus for FileStore

◆ To create a schedule for LiveUpdate on Symantec AntiVirus for FileStore,enter the following:

Antivirus> liveupdate schedule create minute hour


Specifies the minutes for the LiveUpdate.

This field may contain either an asterisk '*', which implies'every minute' or a numeric value between the range of 0-59.

minute

Specifies the hour for the LiveUpdate.

This field may contain either an asterisk '*', which impliesrunning every hour, or a numeric value between the rangeof 0-23.

hour

Specifies the day of the month for the LiveUpdate.

This field may contain either an asterisk '*', which impliesrunning every day of the month, or a numeric value betweenthe range of 1-31.

day_of_the_month

Specifies the month for the LiveUpdate.

This field may contain either an asterisk '*', which impliesrunning every month, or a numeric value between the rangeof 1-12. In addition to the numeric values, this field can alsoaccept names of month as an argument, with the first threeletters of the month (case-insensitive) serving as input forthe given parameter.

month

Specifies the day of the week for the LiveUpdate.

This field may contain either an asterisk '*', which impliesrunning every day of the week, or a numeric value betweenthe range of 0-7, with both 0 and 7 being interpreted asSunday by crontab. In addition, this parameter can alsoaccept names, with the first three letters of the month(case-insensitive) serving as an input value.

day_of_the_week

You can only create one LiveUpdate schedule.

For example, this command invokes LiveUpdate every Monday.

Antivirus> liveupdate schedule create * * * * 1

SFS antivirus SUCCESS V-288-1255 Scheduled liveupdate

successfully created

Using Symantec AntiVirus for FileStoreUsing Symantec AntiVirus for FileStore with LiveUpdate

572

To modify the LiveUpdate schedule

◆ To modify a schedule for LiveUpdate on Symantec AntiVirus for FileStore,enter the following:

Antivirus> liveupdate schedule modify minute hour


Modify the minutes for the LiveUpdate.

This field may contain either an asterisk '*', which implies'every minute' or a numeric value between the range of 0-59.

minute

Modify the hour for the LiveUpdate.

This field may contain either an asterisk '*', which impliesrunning every hour, or a numeric value between the rangeof 0-23.

hour

Modify the day of the month for the LiveUpdate.

This field may contain either an asterisk '*', which impliesrunning every day of the month, or a numeric value betweenthe range of 1-31.

day_of_the_month

Modify the month for the LiveUpdate.

This field may contain either an asterisk '*', which impliesrunning every month, or a numeric value between the rangeof 1-12. In addition to the numeric values, this field can alsoaccept names of month as an argument, with the first threeletters of the month (case-insensitive) serving as input forthe given parameter.

month

Modify the day of the week for the LiveUpdate.

This field may contain either an asterisk '*', which impliesrunning every day of the week, or a numeric value betweenthe range of 0-7, with both 0 and 7 being interpreted asSunday by crontab. In addition, this parameter can alsoaccept names, with the first three letters of the month(case-insensitive) serving as an input value.

day_of_the_week

For example, this command modifies the LiveUpdate schedule.

Antivirus> liveupdate schedule modify 0 1 * * *


successfully modified

573Using Symantec AntiVirus for FileStoreUsing Symantec AntiVirus for FileStore with LiveUpdate

To delete the current LiveUpdate schedule

◆ To delete the current LiveUpdate schedule, enter the following:

Antivirus> liveupdate schedule delete

For example, this command deletes the LiveUpdate schedule.

Antivirus> liveupdate schedule delete


successfully deleted

To display the current LiveUpdate schedule

◆ To display the current LiveUpdate schedule, enter the following:

Antivirus> liveupdate schedule show

For example, this command displays the current LiveUpdate schedule.

Antivirus> liveupdate schedule show

Liveupdate scheduled on 0 1 * * *

About using Symantec AntiVirus for FileStorequarantine commands

Symantec AntiVirus for FileStore places the scanned files that have not passedthe virus protection software in quarantine. The quarantine commands let youdisplay information about these files, delete the files, repair the files, or restorethe quarantined files.

Table 19-6 Symantec AntiVirus for FileStore quarantine commands

DefinitionCommand

Lists all of the files that have been quarantined.

See “Using Symantec AntiVirus for FileStore quarantine commands”on page 575.

quarantine list

Deletes the quarantined files.


quarantine delete

Using Symantec AntiVirus for FileStoreAbout using Symantec AntiVirus for FileStore quarantine commands

574

Table 19-6 Symantec AntiVirus for FileStore quarantine commands (continued)

DefinitionCommand

Repairs the quarantined files.


quarantine repair

Restores the quarantined files.


quarantine restore

Displays information about quarantined files.


quarantine info

Using Symantec AntiVirus for FileStore quarantinecommands

To list all of the quarantined files

◆ To list all of the files that have been quarantined, enter the following:

Antivirus> quarantine list

For example:

Antivirus> quarantine list

QID Quarantine file

--- ---------------

sfs_01_5BA00000 /vx/fs2/eicar.com

sfs_01_5BA00001 /vx/fs1/eicarcom2.zip

sfs_02_5BA00002 /vx/fs1/eicar.com.txt

Each quarantined file is associated with an ID. Each node stores quarantinedfiles locally. If any node is removed from a cluster, quarantined files on thatnode are lost.

For example:

sfs_01_5BA00000 is the ID of the /vx/fs2/eicar.com quarantined file.

575Using Symantec AntiVirus for FileStoreUsing Symantec AntiVirus for FileStore quarantine commands

To delete the quarantined files

◆ To delete the quarantined files, enter the following:

Antivirus> quarantine delete [id]

where id is the specified quarantined file to be deleted. Each quarantined filehas an ID. If no ID is entered, all of the quarantined files are deleted.

For example:

Antivirus> quarantine delete sfs_01_5BA00000

Please wait ... It will take some time ...


To repair a quarantined file

◆ To repair a quarantined file, enter the following:

Antivirus> quarantine repair [id]

where id is the specified quarantined file to be repaired. Each quarantinedfile has an ID. If no ID is entered, all of the quarantined files are repaired.

For example:

Antivirus> quarantine repair sfs_01_5BA00000,

sfs_02_6BA00000

Please wait ... It will take some time ...


To restore a quarantined file

◆ To restore a quarantined file, enter the following:

Antivirus> quarantine restore [id]

where id is the specified quarantined file to be restored. Each quarantinedfile has an ID. If no ID is entered, all of the quarantined files are restored.

For example:

Antivirus> quarantine restore sfs_01_5BA00000,

sfs_01_6BA00000

Using Symantec AntiVirus for FileStoreUsing Symantec AntiVirus for FileStore quarantine commands

576

To display information about quarantined files

◆ To display information about specified quarantined files, enter the following:

Antivirus> quarantine info [id]

where id is the specified file you want information about.

For example:

Antivirus> quarantine info sfs_01_5BA00000

Item: 5BA00000

Description: /vx/fs1/eicar.com

Full Path: /vx/fs1/eicar.com

Log Line: 270502050402,5,1,1,sfs_01,root,EICAR Test String,

/vx/fs1/eicar.com,1,5,1,256,33570852,"",1243933471,,

Flags: INFECTED

Quarantined: Tue Jun 2 05:04:02 2009

Created: Tue Jun 2 05:04:02 2009

Last Accessed: Tue Jun 2 05:04:02 2009

Last Modified: Tue Jun 2 05:02:47 2009

Setting the Symantec AntiVirus for FileStore actionpolicy

Thescanaction command sets the Symantec AntiVirus for FileStore action policy.Based on this policy, Symantec AntiVirus for FileStore takes action when a virusis detected in a file.

577Using Symantec AntiVirus for FileStoreSetting the Symantec AntiVirus for FileStore action policy

To set the Symantec AntiVirus for FileStore action policy

◆ To set the Symantec AntiVirus for FileStore action policy, so that SymantecAntiVirus for FileStore reacts when a virus is detected in a file, enter thefollowing:

Antivirus> scanaction primary_action secondary_action

where primary_action secondary_action are the names of the policies youwant the Symantec AntiVirus for FileStore policy to take action on.

These polices are:

Deletes the virus-infected file if a virus is found.delete

Quarantines the virus-infected file if a virus is found. Quarantinedfiles are stored on local storage.

quarantine

Attempts to clean the virus from the file if a virus is found.clean

Leaves the virus-infected file as is. Symantec AntiVirus forFileStore does not take any action if a virus is found.

leave

For example, if Symantec AntiVirus for FileStore detects a virus in a file,Symantec AntiVirus for FileStore first tries to clean the virus from the infectedfile (primary_action). If the clean action fails, Symantec AntiVirus for FileStorequarantines the infected file (secondary_action)

Antivirus> scanaction clean quarantine

SFS antivirus SUCCESS V-288-1050

Antivirus configuration updated with given scan actions.

Note: You can configure a single scan action by setting the same action forboth the primary and the secondary scan.

About using Symantec AntiVirus for FileStoremanualscan commands

The scan command lets you scan specific file systems for viruses, instead of theentire node.

Using Symantec AntiVirus for FileStoreAbout using Symantec AntiVirus for FileStore manual scan commands

578

Table 19-7 Symantec AntiVirus for FileStore manual scan commands

DefinitionCommand

Starts the manual scan on the file systems.

See “Using Symantec AntiVirus for FileStore manual scan commands”on page 579.

scan start

Displays the manual scan status , which shows if the scan is in progressor done.


scan status

Stops the manual scan.


scan stop

Using Symantec AntiVirus for FileStore manual scancommands

To start the manual scan

◆ To start the manual scan on the specified file systems on the preferred node,enter the following:

Antivirus> scan start fs_name1,fs_name2

[preferred_node]

where fs_name1,fs_name2, preferred_node are the file system names forperforming a manual scan.

If a preferred_node is not specified, the master node determines the node forrunning the scan.

For example:

Antivirus> scan start fs1,fs2,fs3

SFS antivirus SUCCESS V-288-1187 Manual scan started on

fs1,fs2,fs3.

579Using Symantec AntiVirus for FileStoreUsing Symantec AntiVirus for FileStore manual scan commands

To display the scan status from a manual scan

◆ To display the manual scan status (if the scan is in progress or done), enterthe following:

Antivirus> scan status

For example:

Antivirus> scan status

SFS antivirus SUCCESS V-288-1185 Manual scan is in progress

on fs1,fs2,fs3.

To stop the manual scan

◆ To stop the manual scan if there are any manual scans running in thebackground, enter the following:

Antivirus> scan stop

For example:

Antivirus> scan stop

SFS antivirus SUCCESS V-288-1188 Manual scan stopped

successfully.

About scheduling a Symantec AntiVirus for FileStorescan job

Use the job command to schedule a Symantec AntiVirus for FileStore scan job.The specified job_name must be unique.

Table 19-8 Scan scheduling commands

CommandDefinition

Creates a schedule for a scan that the job_name identifies.

See “Scheduling a Symantec AntiVirus for FileStore scan job”on page 582.

job create

Modifies the schedule for a scan that the job_name identifies.


job modify

Using Symantec AntiVirus for FileStoreAbout scheduling a Symantec AntiVirus for FileStore scan job

580

Table 19-8 Scan scheduling commands (continued)

CommandDefinition

Enables the given job_name scan schedule.


job enable

Disables the given job_name scan schedule.


job disable

Displays information about the given job_name.


job show

Stops the given job_name from running.


job stop

Deletes the given job_name.


job delete

581Using Symantec AntiVirus for FileStoreAbout scheduling a Symantec AntiVirus for FileStore scan job

Scheduling a Symantec AntiVirus for FileStore scanjob

To create a schedule for running a scan job

◆ To create a schedule for running a scan job identified by the assigned jobname, enter the following:

Antivirus> job create job_name fs_name1,fs_name2

minute hour day_of_the_month month day_of_the_week [preferred_node]

Enter a unique job name for the scan.job_name

Enter the name of the file system you want to scan.fs_name

Enter the minutes for scheduling the scan.minute

Enter the hour for scheduling the scan.hour

Enter the day of the month for scheduling the scan.day_of_the_month

Enter the month for scheduling the scan.month

Enter the day of the week for scheduling the scan.day_of_the_week

Enter the preferred node for running the scan job. If no nodename appears, the master node selects a node from thecluster and assigns the scheduled scan on that node.

preferred_node(optional)

For example, to create a schedule for scanning the file systems fs1 and fs2

every Sunday, you would enter the following:

Antivirus> job create job1 fs1,fs2 0 0 * * 0

SFS antivirus SUCCESS V-288-1169 Job job1 successfully created

Using Symantec AntiVirus for FileStoreScheduling a Symantec AntiVirus for FileStore scan job

582

To modify the schedule for a scan job

◆ To modify the already created scan job, enter the following:

Antivirus> job modify job_name fs_name1,fs_name2

minute hour day_of_the_month month day_of_the_week

[preferred_node]

Modify the unique job name for the scan.job_name

Modify the name of the file system you want to scan.fs_name

Modify the minutes for scheduling the scan.minute

Modify the hour for scheduling the scan.hour

Modify the day of the month for scheduling the scan.day_of_the_month

Modify the month for scheduling the scan.month

Modify the day of the week for scheduling the scan.day_of_the_week

Modify the preferred node for running the scan job. If nonode name appears, the master node selects a node fromthe cluster and assigns the scheduled scan on that node.

preferred_node(optional)

For example, to modify job1 for scanning the file system fs3 on the sfs_02

node on the first day of every month, you would enter the following:

Antivirus> job modify job1 fs3 0 0 1 * * sfs_02

SFS antivirus SUCCESS V-288-1168 Job job1 modified.

To enable the scan schedule

◆ To enable the scheduled scan job, enter the following:

Antivirus> job enable job_name

where job_name is the unique name for the scan.

For example:

Antivirus> job enable job1

SFS antivirus SUCCESS V-288-1168 Job job1 enabled.

583Using Symantec AntiVirus for FileStoreScheduling a Symantec AntiVirus for FileStore scan job

To disable the scan schedule

◆ To disable the scheduled scan, enter the following:

Antivirus> job disable job_name


For example:

Antivirus> job disable job1

SFS antivirus SUCCESS V-288-1168 Job job1 disabled.

To display information about the scan schedule

◆ To display information about the scheduled scan job, enter the following:

Antivirus> job show job_name


For example:

Antivirus> job show job1

Jobname FS State Minute Hour Day Month Week

======= == ===== ====== ==== ==== ===== =====

job1 fs1 DISABLED * * * *

Preferrednode

=============

*

To stop the scan schedule

◆ To stop the scheduled scan from running, enter the following:

Antivirus> job stop job_name is


For example:

Antivirus> job stop job1

SFS antivirus ERROR V-288-1042 job1 job is not running.


584

To delete the scan schedule

◆ To delete the scheduled scan, enter the following:

Antivirus> job delete job_name


For example:

Antivirus> job delete job1

SFS antivirus SUCCESS V-288-1167 Job job1 deleted.

585Using Symantec AntiVirus for FileStoreScheduling a Symantec AntiVirus for FileStore scan job


586

CIFS See Common Internet File System.

Clustered Trivial

Database

A cluster implementation of the TDB (Trivial database) based on the Berkeleydatabase API.

Common Internet File

System

A network protocol that provides the foundation for Windows-based file sharingand other network utilities. FileStore supports Common Internet File Systemsharing.

console IP address A virtual IP address that is configured for administrative access to the FileStorecluster management console.

coordinator disks In FileStore, three or more LUNs designated to function as part of the I/O fencingmechanism. You cannot use coordinator disks to store user data.

CTDB See Clustered Trivial Database.

DAR See Data Archive and Retention.

data archive and

retention

Combined Enterprise Vault and FileStore feature that supports both write onceread many (WORM) and non-WORM archives. DAR-enabled file systems areprotected against accidental or deliberate file removal and tampering.

data connection The connection between the two NDMP servers that carry the data stream. Thedata connection in NDMP is either an NDMP interprocess communicationmechanism (for local operations) or a TCP/IP connection (for 3-way operations).

data management An application that controls the NDMP session. In NDMP there is a master-slaverelationship. The data management application is the session master; the NDMPservices are the slaves. In NDMP versions 1, 2, and 3 the term "NDMP client" isused instead of data management application.

data master A node that contains the authoritative copy of a Trivial database (TDB) record.

data service An NDMP service that transfers data between primary storage and the dataconnection.

datastore A database that integrates data from multiple sources such as fibre channel, iSCSILUNs, or NAS volumes.

deduplication database A database that stores the mapping of the data fingerprints to one or more datasegments.

Glossary

deduplication

percentage

A measure of freed storage as a result of deduplication. It is another way ofrepresenting the deduplication ratio. For example, if deduplicating 1 TB frees up800 GB, the deduplication percentage is 80%.

deduplication ratio The ratio of logical to physical storage. In other words, a deduplication ratio of5:1 denotes that 200 GB of allocated storage actually accounts for 1 TB of data.

DM See data master.

DST See Dynamic Storage Tiering.

fingerprint block size The data size on which a fingerprint is calculated for detecting duplicates. Thesmaller the granularities, the better the match detection. It cannot be less thanthe file system block size.

guest operating system An operating system installed on a virtual machine.

mirrored file system A file system that is constructed and managed by a technique for automaticallymaintaining one or more copies of the file system, using separate underlyingstorage for each copy. If a storage failure occurs, then access is maintained throughthe remaining accessible mirrors.

NDMP Network data management protocol. NDMP is a widely used protocol throughwhich an NDMP-compliant backup application can control the backups and restoresfor an NDMP host. NetBackup requires the NetBackup for NDMP separately-pricedoption to support NDMP.

NDMP client An application that controls the NDMP session. See also data managementapplication.

NDMP host The host computer system that executes the NDMP server application. Data isbacked up from the NDMP host to either a local tape drive or to a backup deviceon a remote NDMP host.

NDMP server An instance of one or more distinct NDMP services controlled by a single NDMPcontrol connection. Thus a data/tape/SCSI server is an NDMP server providingdata, tape, or SCSI services.

NDMP service The state computer on the NDMP host accessed with the Internet protocol andcontrolled using the NDMP protocol. This term is used independently ofimplementation. The three types of NDMP services are: data service, tape service,and SCSI service.

NDMP session The configuration of one data management application and two NDMP servicesto perform a data management operation such as a backup or a recovery.

Netbackup Pure Disk The deduplication engine for NetBackup, enabling efficient, storage-optimizeddata protection for the data center, remote office, and virtual environments.NetBackup PureDisk is a software-based deduplication solution that is tightly

Glossary588

integrated with NetBackup. PureDisk is ideal for unique environments that requirehigh performance and scalability.

Network Attached

Storage

A file-level computer data storage that is connected to a network that providesdata access to network-capable clients.

Network File System A protocol that lets the user on a client computer access files over a network. Tothe client's applications the files appear as if they resided on one of the localdevices.

Network Time Protocol A protocol for synchronizing computer system clocks over packet-switched,variable-latency data networks.

NFS See Network File System.

NFS lock management A feature that lets a customer use the Network File System (NFS) advisory clientlocking feature in parallel with core Cluster File System (CFS) global lockmanagement.

no_root_squash An NFS sharing option. Does not map requests from the UID 0. This option is onby default.

NTP See Network Time Protocol.

oplocks A file-locking mechanism that is designed to improve performance by controllingthe caching of files on the client.

private interconnect An internal IP network that is used by the Scalable File Server to facilitatecommunications between the Scalable File Server server nodes.

recovery master A node that contains fcntl-locks on distributed file systems and initiates therecovery process.

RM See recovery master.

round-robin DNS A technique in which a DNS server, not a dedicated computer, performs the loadbalancing.

Samba An open-source implementation of the SMB file sharing protocol. It provides fileand print services to SMB/CIFS clients.

share A specification of a file system or proper subset of a file system, which supportsshared access to a file system through an NFS or CIFS server. The specificationdefines the folder or directory that represents the file system along with accesscharacteristics and limitations.

shared extent An extent shared by multiple files. A shared extent is freed only when there areno more references to it in any file.

soft limit A file system quota for inode and block consumption that can be established forindividual users or groups. If a user exceeds the soft limit, there is a grace period,

589Glossary

during which the quota can be exceeded. After the grace period has expired, nomore inodes or data blocks can be allocated.

snapshot A point-in-time image or replica of a file system that looks identical to the filesystem from which the snapshot was taken.

storage pool A logical construct that contains one or more LUNs from which file systems canbe created.

Symantec NetBackup A Symantec software product that backs up, archives, and restores files, directories,or raw partitions that reside on a client system.

syslog A standard for forwarding log messages in an IP network. The term refers to boththe syslog protocol and the application sending the syslog messages.

tape service An NDMP service that transfers data between secondary storage and the dataconnection and allows the data management application to manipulate and accessthe secondary storage.

vCenter plug-in One or more components extending collective capabilities of the vSphere Clientand the vCenter Server.

Virtual Machine Disk One or more files underlying the physical image of a virtual machine.

VMware vCenter Server A management server from VMware allowing management of ESX servers andVMware VDI.

VMware vSphere Client A Windows-based GUI for accessing vCenter Server capabilities.

World Wide Name A 64-bit identifier that is used in Fibre Channel networks to uniquely identifyeach element in the network (nodes and ports).

WWN See World Wide Name.

Glossary590

Aabout

Active Directory (AD) 294administering FileStore cluster's LDAP

client 188backup configurations 466bonding Ethernet interfaces 160changing share properties 333configuring CIFS for AD domain mode 300configuring disks 66configuring Ethernet interfaces 173configuring FileStore for CIFS 280configuring IP addresses 167configuring iSCSI targets 125configuring locally saved configuration files 502configuring routing tables 176configuring storage pools 69creating and maintaining file systems 218creating file systems 226data archive and retention 130data deduplication 137disk lists 78DNS 163DNS update 543DNS update commands 545excluding file extensions from Symantec

AntiVirus for FileStore scans 566FileStore VMware Virtual Center plug-in 514FTP 377FTP local user 394FTP local user set 397FTP server 379FTP session 391FTP set 381I/O fencing 86installing patches 554IP commands 167iSCSI 117LDAP 181leaving AD domain 305leaving NT domain 292

about (continued)load balancing for the normal clustering

mode 346local replication initialization 75managing CIFS shares 329managing home directories 347NDMP policies 455NDMP supported configurations 453Network Data Management Protocol 452network services 158NFS file sharing 205NIS 190option commands 518reconfiguring CIFS service 326retrieving the NDMP data 462scheduling a Symantec AntiVirus for FileStore

scan job 580setting NTLM 309setting trusted domains 312setting up file system alerts 269snapshot schedules 252snapshots 246storage provisioning and management 64storing account information 323support user 44Symantec AntiVirus for FileStore 560Symantec AntiVirus for FileStore

commands 561Symantec AntiVirus for FileStore

LiveUpdate 568Symantec AntiVirus for FileStore manual scan

commands 578Symantec AntiVirus for FileStore quarantine

commands 574types of patches 554VLAN interfaces 195

accessingFileStore product documentation 27man pages 39

Active Directorysetting the trusted domains for 322

Index

Active Directory (AD)about 294configuring FileStore to authenticate to an AD

domain controller 295joining FileStore to 298verifying FileStore has joined successfully 300

AD domain modechanging domain settings 306configuring CIFS 300security settings 306setting domain 302setting domain user 302setting security 302starting CIFS server 302

AD interfaceusing 309

AD trusted domainsdisabling 322

add local userFTP 396

addinga column to a file system 232a column to a tiered file system 476a severity level to an email group 421a syslog server 427an email address to a group 421an email group 421CIFS share 333disks 67external NetBackup master server to work with

FileStore 449filter to a group 421IP address to a cluster 169mapping from a virtualPath to a realPath 412mirror to a file system 230mirror to a tier of a file system 481mirrored tier to a file system 478mirrored-striped tier to a file system 478NetBackup Enterprise Media Manager (EMM)

server 449NetBackup media server 449NFS share 207second tier to a file system 478SNMP management server 430striped tier to a file system 478striped-mirror tier to a file system 478users

naming requirements for 30VLAN interfaces 196

administering FileStore cluster's LDAP clientabout 188

aio_fork optionsetting 369

alertsfile system unsetting 271

aliasesdisplaying configured on the server 413

allowingmetadata information to be written on the

secondary tier 494specified users and groups access to the CIFS

share 337attaching

replication storage pool to a FileStore cluster 77audit logs

about 434configuring 418, 437disabling for a file system 439

Auto-Protectconfiguring on file systems 565–566

Bbackup configurations

about 466backup services

displaying the status of 467starting 467stopping 467

best practicesfor using the FileStore deduplication feature 142

bind distinguished namesetting for LDAP server 184

bondingEthernet interfaces 161

bonding Ethernet interfacesabout 160

Ccache object

destroying for an instant rollback 269cache objects

listing 267changing

an IP address to onlineon any running node 169

configuration of an Ethernet interface 175DMP I/O policy 521

Index592

changing (continued)domain settings 292domain settings for AD domain mode 306local CIFS user password 372NFS daemons 521ninodes cache size 521security settings 294security settings after CIFS server is

stopped 294share properties about 333status of a file system 243support user password 45

checkingand repairing a file system 240for stale mirrors on file systems 233I/O fencing status 89on the status of the NFS server 200support user status 45

CIFSallowing specified users and groups access to

the CIFS share 337configuring schema extensions 316denying specified users and groups access to the

CIFS share 338export options 331modifying an existing CIFS share 339standalone mode 282using multi-domain controller support 305

CIFS and NFS protocolsshare directories 211sharing file systems 342

CIFS clustering modesabout 280switching from ctdb to normal 361switching from normal to ctdb 358

CIFS data migrationenabling 376

CIFS home directoriesdisplaying the quota values for 115quotas 105using quotas for 108

CIFS operating modesabout 280

CIFS serverchanging security settings after stopped 294configuring with the LDAP backend 321starting 327

CIFS server statusstandalone mode 284

CIFS servicestandalone mode 284

CIFS shareadding 333deleting 341exporting as a directory 355exporting the same file system/directory as a

different CIFS share 357modifying existing 340

CIFS share and home directorymigrating from ctdb to normal clustering

mode 366CIFS shares and home directories

migrating from ctdb clustering modes 362migrating from normal to ctdb clustering

mode 364CIFS snapshot

exporting 340CIFS/NFS sharing

mapping user names 345clearing

DNS domain names 165DNS name servers 165LDAP configured settings 184

CLIlogging in to 31

client configurationsdisplaying 189LDAP server 189

clock commandsabout 499

clusteradding an IP address to 169adding the new node to 56changing an IP address to online for any running

node 169deleting a node from 58displaying a list of nodes 52displaying all the IP addresses for 169including new nodes 54installing software on other nodes 55rebooting a nodes or all nodes 61shutting down a node or all nodes in a cluster 60

clustering modesctdb 354

columnsadding or removing 232adding or removing from a tiered file system 476

593Index

command historydisplaying 46

Command-Line Interface (CLI)how to use 31

commandsdns update set 545HTTP alias 411HTTP document root mapping 413HTTP server 406

configurablelist of all HTTP options and their values 411

configurationof an Ethernet interface

changing 175configuration files

deleting the locally saved 505viewing locally saved 505

configuration settingsexporting either locally or remotely 505importing either locally or remotely 505

configuringAD schema with CIFS-schema extensions 316audit logs 437Auto-Protect on file systems 565–566backup using NetBackup 469CIFS for standalone mode 282CIFS server with the LDAP backend 321DAR without Symantec Enterprise Vault 134data archive and retention 135disaster recovery 543DNS update 546email groups 419event notifications and audit logs 418file extensions in Symantec AntiVirus for

FileStore configuration file 567file system 143FileStore for CIFS 280FileStore to authenticate to an AD domain

controller 295HTTP server 405IP routing 178iSCSI device 120iSCSI discovery 122iSCSI initiator 119iSCSI initiator name 120iSCSI targets 127masquerade as third-party policy 456NDMP backup method policy 456NDMP failure resilient policy 456

configuring (continued)NDMP overwrite policy 456NDMP recursive restore policy 456NDMP restore Dynamic Storage Tiering

policy 456NDMP send history policy 456NDMP update dumpdates policy 456NDMP use snapshot policy 456NetBackup virtual IP address 450NetBackup virtual name 451NSS 193NSS lookup order 194Symantec AntiVirus for FileStore on all the

nodes in the cluster 563Symantec AntiVirus for FileStore on the cluster's

nodes 564VLAN interfaces 196VMware View 539Windows Active Directory as an LDAP IDMAP

backend 315configuring CIFS

NT domain mode 287configuring disks

about 66configuring Ethernet interfaces

about 173configuring IP addresses

about 167configuring iSCSI targets

about 125configuring locally saved configuration files

about 502configuring routing tables

about 176configuring storage pools

about 69converting

existing file system into a cache object 265coordinatingcoordinating cluster nodes

to work with NTP servers 508coordinator disks

replacing 89core strengths

FileStore 23creating

full-sized rollback 261local CIFS group 375local CIFS user 372

Index594

creating (continued)Master, System Administrator, and Storage

Administrator users 41mirrored file systems 227mirrored-stripe file systems 227shared cache object 265simple file systems 227snapshot schedules 254snapshots 248space-optimized instant rollbacks 260storage pools 72striped file systems 227striped-mirror file systems 227users 41virtual machine 533

creating and maintaining file systemsabout 218

creating file systemsabout 226

creating virtual machine clonesspecifying where to create 535using Symantec FileSnap 533

ctdb clustering modeabout 354directory-level share support 355load balancing 347switching the clustering mode 358

current Ethernet interfaces and statesdisplaying 174

current usersdisplaying list 41

Ddata archive and retention

about 130configuring 135interaction with other applications 132using without Symantec Enterprise Vault 134

data deduplicationabout 137

decreasingsize of a file system 239

deduplicationconfiguring file system 143

defaultpasswords

resetting Master, System Administrator,and Storage Administrator users 41

defragmentingfile systems 245

delete local userFTP 396

deletinga node from the cluster 58already configured SNMP management

server 430CIFS share 341configured mail server 421configured NetBackup media server 449email address from a specified group 421email groups 421filter from a specified group 421home directories 353home directory of given user 353local CIFS group 375local CIFS user 372locally saved configuration file 505mapping that is visible to clients as a

virtualPath 413NFS options 214route entries from routing tables of nodes in

cluster 178severity from a specified group 421snapshot schedules 256syslog server 427users 41VLAN interfaces 196

denyingspecified users and groups access to the CIFS

share 338destroying

a file system 246cache object of an instant rollback 269I/O fencing 89instant rollbacks 265snapshots 250storage pools 72

detached pool setrenaming 76

detached poolsdisplaying 77

directoriesdisplaying exported 206unexporting the share 214

directory-level share supportctdb clustering mode 355

595Index

disablingAD trusted domains 322audit logs for a file system 439creation of home directories 353DNS settings 165FastResync option 236I/O fencing 89LDAP clients

configurations 189NIS clients 191NTLM 311NTP server 509Partition Secure Notification (PSN) feature 273quota limits used by snapshots 250support user account 45

disaster recoveryconfiguring 543

diskformatting 83removing 83

disk listsabout 78

disksadding 67removing 67

displayingall the aliases configured on the server 413all the IP addresses for cluster 169command history 46current Ethernet interfaces and states 174current HTTP sessions on each node 409current list of SNMP management servers 430current root directory for the HTTP server 415current version 553detached pools 77DMP I/O policy 521DNS settings 165events on the console 429existing email groups or details 421exported directories 206file system 271file system I/O statistics 512file systems that can be exported 203files moved or pruned by running a policy 493FTP server settings 379home directory usage information 352information for all disk devices for nodes in a

cluster 79LDAP client configurations 189

displaying (continued)LDAP configured settings 184list of all configurable HTTP options and their

values 411list of current users 41list of Dynamic Storage Tiering systems 483list of nodes in a cluster 52list of syslog servers 427local CIFS group 375local CIFS user 372NDMP backup method 463NDMP failure resilient data 463NDMP masquerade as third-party 463NDMP overwrite data 463NDMP recursive restore data 463NDMP restore Dynamic Storage Tiering

data 463NDMP send history data 463NDMP update dumpdates data 463NDMP use snapshot data 463NDMP variables 461NetBackup configurations 467network configuration and statistics 159NFS daemons 521NFS statistics 202ninodes cache size 521NIS-related commands 191NSS configuration 194option tunefstab 521policy of each tiered file system 486routing tables of the nodes in the cluster 178schedules for all tiered file systems 491share properties 336snapshot quotes 250snapshot schedules 256snapshots 249snapshots that can be exported 203status of backup services 467status of the NTP server 509Symantec AntiVirus for FileStore

configuration 562Symantec AntiVirus for FileStore logs 562Symantec AntiVirus for FileStore stats 562system date and time 500system statistics 511tier location of a specified file 484time interval or number of duplicate events for

notifications 433values of the configured SNMP notifications 430

Index596

displaying (continued)values of the configured syslog server 427VLAN interfaces 196volpagemod_max_memsz parameter of

vxtune 526displaying WWN information 84DMP I/O policy

changing 521displaying 521resetting 521

DNSabout 163domain names

clearing 165name servers

clearing 165specifying 165

settingsdisabling 165displaying 165enabling 165

DNS updateabout 543configuring 546displaying the settings for 550

DNS update commandsabout 545

DNS update servicestarting 549stopping 549

DNS update set commandabout 545

domainsetting 327setting user name 327

domain controllersetting 327

domain namefor the DNS server

setting 165domain settings

changing 292domain user

NT domain mode 289

Eemail address

adding to a group 421deleting from a specified group 421

email groupsabout 419adding 421deleting 421displaying existing and details 421

enablingCIFS data migration 376DNS settings 165FastResync for a file system 235I/O fencing 89LDAP client configurations 189NIS clients 191NTLM 311NTP server 509Partition Secure Notification (PSN) feature 273quota limits used by snapshots 250support user account 45

ESX serversadding storage to 532

Ethernet interfacesbonding 161changing configuration of 175

event notificationsconfiguring 418displaying time interval for 433

event reportingsetting events for 433

eventsdisplaying on the console 429

export optionsCIFS 331

exportingaudit events in syslog format to a given URL 434CIFS snapshot 340configuration settings 505directory as a CIFS share 355events in syslog format to a given URL 434NFS snapshot 214same file system/directory as a different CIFS

share 357SNMP MIB file to a given URL 430

Ffile data

accessing by way of the HTTP server 405file extensions

configuring in Symantec AntiVirus for FileStoreconfiguration file 567

597Index

file extensions (continued)excluding from Symantec AntiVirus for FileStore

scans 566file system

converting into a cache object 265upgrading to the current layout for running

deduplication 274file system alerts

about setting up 269displaying 271setting 269unsetting 271

file system deduplicationconfiguring 143

file system I/O statisticsdisplaying 512

file system quotasfor enabling, disabling, and displaying 94setting and displaying 96

file systemsadding a mirror to 230changing the status of 243checking and repairing 240checking for stale mirrors 233creating 227decreasing the size of 239defragmenting 245destroying 246disabling FastResync option 236Dynamic Storage Tiering

displaying 483enabling FastResync 235increasing the size of 237listing with associated information 222quotas 92removing a mirror from 230restoring from an instant rollback 262that can be exported

displayed 203FileStore

about 19core strengths of 23key features 19product documentation 27Web resources 27

FileStore deduplication featurebest practices for using 142

FileStore Dynamic Storage Tieringabout 472

FileStore integration with VMware Virtual Centerabout 514

FileStore softwareadding a non-preconfigured node 57

filterabout 419adding to a group 421deleting from a specified group 421

forcefullyimporting pools 86

formattinga disk 83

FTPabout 377add local user 396delete local user 396implementing command changes 390local user password 396local user set download bandwidth 399local user set home directory 399local user set maximum connections 399local user set maximum disk usage 399local user set maximum files 399local user set upload bandwidth 399logupload 394server start 380server status 380server stop 380session show 392session showdetail 392session terminate 392set allow delete 385set anonymous login 385set anonymous logon 385set anonymous write 385set home directory path 385set listen port 385set maximum connections per client 385set non-secure logins 385set security 385show local users 396

FTP local userabout 394

FTP local user setabout 397

FTP serverabout 379settings displaying 379

Index598

FTP sessionabout 391

FTP setabout 381

Ggroup membership

managing 372guest operating system

specifying if customizing for Linux orWindows 536

Hhiding

system files when adding or modifying a CIFSnormal share 334

history commandusing 46

home directoriessetting up 350

home directory file systemssetting 348

home directory of given userdeleting 353

home directory usage informationdisplaying 352

hostname or IP addresssetting for LDAP server 184

how to useCommand-Line Interface (CLI) 31

HTTP aliascommands 411

HTTP serverclearing the root directory setting 415commands about 406configuring for accessing file data 405displaying the current root directory for 415displaying the status for 407document root mapping commands 413set commands about 407setting the root directory 414starting 406stopping 407

HTTP sessionsdisplaying on each node 409

II/O fencing

about 86checking status 89destroying 89disabling 89enabling 89

idle threadssetting the maximum number for handling

request spikes 409setting the minimum number for request

spikes 409implementing

FTP command changes 390importing

configuration settings 505pools forcefully 86

includingnew nodes in the cluster 54

increasingLUN storage capacity 82size of a file system 237

initiating host discovery of LUNs 86installation states and conditions

about 50installing

software on other nodes on the cluster 55installing patches 556

about 554instant recovery

NetBackup 445instant rollbacks

about 258creating a shared cache object 265creating full-sized 261creating space-optimized 260destroying 265listing 262making go offline 264making go online 264refreshing from a file system 263restoring a file system from 262

interactions with other FileStore applicationsVMware vSphere extension for FileStore 531

IP addressesadding to a cluster 169displaying for the cluster 169modifying 169removing from the cluster 169

599Index

IP commandsabout 167

IP routingconfiguring 178

iSCSIabout 117

iSCSI deviceconfiguring 120

iSCSI discoveryconfiguring 122

iSCSI initiatorconfiguring 119

iSCSI initiator nameconfiguring 120

iSCSI targetsconfiguring 127

Jjoining

FileStore to Active Directory (AD) 298

LLDAP

about 181before configuring settings 181configuring server settings 182setting up as an IDMAP backend using the

FileStore CLI 321LDAP password hash algorithm

setting password for 184LDAP server

clearing configured settings 184disabling client configurations 189displaying client configurations 189displaying configured settings 184enabling client configurations 189setting over SSL 184setting port number 184setting the base distinguished name 184setting the bind distinguished name 184setting the hostname or IP address 184setting the password hash algorithm 184setting the root bind DN 184setting the users, groups, and netgroups base

DN 184leaving

AD domain 305NT domain 292

licensing Symantec AntiVirus for FileStore 561list of Dynamic Storage Tiering file systems

displaying 483list of nodes

displaying in a cluster 52listing

all file systems and associated information 222all of the files on the specified tier 482cache objects 267free space for storage pools 72instant rollbacks 262Partition Secure Notification (PSN) online file

systems that have this feature enabled 274storage pools 72

load balancingctdb clustering mode 347

local CIFS groupscreating 375deleting 375displaying 375managing 374

local CIFS usercreating 372deleting 372displaying 372

local CIFS user passwordchanging 372

local replication initialization 75local user and groups

managing 371local user password

FTP 396local user set download bandwidth

FTP 399local user set home directory

FTP 399local user set maximum connections

FTP 399local user set maximum disk usage

FTP 399local user set maximum files

FTP 399local user set upload bandwidth

FTP 399logging

in to CLI 31logupload

FTP 394

Index600

LUN storage capacityincreasing 82

LUNsinitiating host discovery 86

Mmail server

deleting the configured mail server 421obtaining details for 421setting the details of external 421

man pageshow to access 39

managingCIFS shares 329group membership 372home directories 347local CIFS groups 374local users and groups 371

mappingdeleting that is visible to clients as a

virtualPath 413from a virtualPath to a realPath 412

masquerade as third-party policyconfiguring 456

Master, System Administrator, and StorageAdministrator users

creating 41metadata information

allowing to be written on the secondary tier 494restricting to the primary tier only 495

migratingCIFS share and home directory from ctdb to

normal clustering mode 366CIFS shares and home directories 362CIFS shares and home directories from normal

to ctdb clustering mode 364mirrored file systems

creating 227mirrored tier

adding to a file system 478mirrored-stripe file systems

creating 227mirrored-striped tier

adding to a file system 478modifying

an existing CIFS share 339an IP address 169existing CIFS share 340option tunefstab 521

modifying (continued)policy of a tiered file system 486schedule of a tiered file system 491snapshot schedules 256volpagemod_max_memsz parameter of

vxtune 526more command

using 507mounting snapshots 250moving disks

from one storage pool to another 67

Nnaming requirements for

adding users 30NDMP backup method

displaying 463NDMP backup method policy

configuring 456NDMP failure resilient data

displaying 463NDMP failure resilient policy

configuring 456NDMP masquerade as third-party

displaying 463NDMP overwrite data

displaying 463NDMP overwrite policy

configuring 456NDMP policies

about 455restoring 465

NDMP recursive restore datadisplaying 463

NDMP recursive restore policyconfiguring 456

NDMP restore Dynamic Storage Tiering datadisplaying 463

NDMP restore Dynamic Storage Tiering policyconfiguring 456

NDMP send history datadisplaying 463

NDMP send history policyconfiguring 456

NDMP supported configurationsabout 453

NDMP update dumpdates datadisplaying 463

601Index

NDMP update dumpdates policyconfiguring 456

NDMP use snapshot datadisplaying 463

NDMP use snapshot policyconfiguring 456

NDMP variablesdisplaying 461

NetBackupabout 443configuring NetBackup virtual IP address 450configuring virtual name 451displaying configurations 467instant recovery 445Snapshot Client 444snapshot methods 444

NetBackup EMM server. See NetBackup EnterpriseMedia Manager (EMM) server

NetBackup Enterprise Media Manager (EMM) serveradding to work with FileStore 449

NetBackup master serverconfiguring to work with FileStore 449

NetBackup media serveradding 449deleting 449

netbios aliases for the CIFS serversetting 370

networkconfiguration and statistics 159

network customization parametersspecifying for guest operating systems if using

DHCP or Static IP 538Network Data Management Protocol

about 452network services

about 158NFS daemons

changing 521displaying 521

NFS file sharingabout 205

NFS optionsdeleting 214

NFS serverchecking on the status 200starting 200stopping 200

NFS shareadding 207

NFS snapshotexporting 214

NFS statisticsdisplaying 202

ninodes cache sizechanging 521displaying 521

NISabout 190clients

disabling 191enabling 191

domain namesetting on all the nodes of cluster 191

related commandsdisplaying 191

server namesetting on all the nodes of cluster 191

nodeadding a non-preconfigured node 57adding to the cluster 54, 56in a cluster

displaying information for all diskdevices 79

normal clustering modeload balancing 346

NSSconfiguring 193displaying configuration 194lookup order

configuring 194NT domain mode

configuring CIFS 287domain user 289setting domain 289setting domain controller 289setting security 289setting the workgroup name 289starting CIFS server 289

NTLMdisabling 311enabling 311

NTP servercoordinating cluster nodes to work with 509disabling 509displaying the status of 509enabling 509

NTP serversworking with 508

Index602

number of virtual machines to be createdspecifying 535

Oobtaining

details of the configured email server 421offline

making an instant rollback go offline 264online

making an instant rollback go 264option commands

about 518option tunefstab

displaying 521modifying 521

PPartition Secure Notification (PSN) feature

about 272disabling 273enabling 273listing the online file systems that have this

feature enabled 274password

changing a user's password 41patch level

displaying current versions of 553patches

installing 556synchronizing 556types of 554uninstalling 556upgrading 551

policiesabout 476displaying files moved or pruned by running 493displaying for each tiered file system 486modifying for a tiered file system 486relocating from a tiered file system 490removing from a tiered file system 486running for a tiered file system 486

preservingsnapshot schedules 256

privilegesabout 29

Qquota commands

enabling, disabling, and displaying file systemquotas 94

for setting and displaying file system quotas 96quota limits

enabling or disabling snapshot 250quotas

CIFS home directories 105displaying the quota values for CIFS home

directories 115for file systems 92setting user quotas for users of specified

groups 103using for CIFS home directories 108

Rrebooting

a node or all nodes in cluster 61reconfiguring CIFS service

about 326refreshing

instant rollbacks from a file system 263regions and time zones

setting 500registering

FileStore cluster with the VMware Virtual CenterServer 516

relocatingpolicy of a tiered file system 490

removinga column from a file system 232a column from a tiered file system 476a disk 83disks 67IP address from the cluster 169mirror from a file system 230mirror from a tier spanning a specified disk 481mirror from a tier spanning a specified pool 481mirror from a tiered file system 481policy of a tiered file system 486schedule of a tiered file system 491snapshot schedules 256tier from a file system 480

renamingdetached pool set 76storage pools 72

replacingcoordinator disks 89

603Index

replication storage poolattaching 77

resettingdefault passwords

Master, System Administrator, and StorageAdministrator users 41

DMP I/O policy 521restoring

a file system from an instant rollback 262ndmp policies 465

restrictingmetadata information to the primary tier

only 495resynchronizing

stale mirrors on file systems 233retrieving the NDMP data

about 462roles

about 29root directory

setting for the HTTP server 414root directory setting

clearing for the HTTP server 415route entries

deleting from routing tables 178routing tables

of the nodes in the clusterdisplaying 178

runningpolicy of a tiered file system 486

Sschedule

displaying for all tiered file systems 491modifying for a tiered file system 491removing from a tiered file system 491

schedulingSymantec AntiVirus for FileStore scan jobs 580,

582second tier

adding to a file system 478security

standalone mode 284security settings

AD domain mode 306changing 294

server startFTP 380

server statusFTP 380

server stopFTP 380

server threadssetting the initial number 410setting the maximum number in each server

process 410servers

adding LiveUpdate servers 570session show

FTP 392session showdetail

FTP 392session terminate

FTP 392set allow delete

FTP 385set anonymous login

FTP 385set anonymous logon

FTP 385set anonymous write

FTP 385set commands

HTTP server 407set home directory path

FTP 385set listen port

FTP 385set maximum connections per client

FTP 385set non-secure logins

FTP 385set security

FTP 385setting

AD domain mode 302aio_fork option 369base distinguished name for the LDAP

server 184bind distinguished name for LDAP server 184clock commands 499details of the external mail server 421domain 327domain controller 327domain name for the DNS server 165domain user name 327events for event reporting 433

Index604

setting (continued)file system alerts 269filter of the syslog server 427home directory file systems 348initial number of server threads 410LDAP as an IDMAP backend using the FileStore

CLI 321LDAP IDMAP backend to hash for accessing

CIFS 314LDAP IDMAP backend to ldap for trusted domain

access to CIFS 313LDAP IDMAP backend to rid for access to

CIFS 312LDAP password hash algorithm 184LDAP server hostname or IP address 184LDAP server over SSL 184LDAP server port number 184LDAP users, groups, and netgroups base DN 184maximum number of idle threads for handling

request spikes 409maximum number of threads in each server

process 410maximum number to be created 410minimum number of idle threads for request

spikes 409netbios aliases for the CIFS server 370NIS domain name on all the nodes of cluster 191NT domain mode 289NT domain mode domain controller 289NTLM 309regions and time zones 500root bind DN for the LDAP server 184severity of the syslog server 427SNMP filter notifications 430SNMP severity notifications 430Symantec AntiVirus for FileStore action

policy 577system date and time 500the NIS server name on all the nodes of

cluster 191trusted domains 312trusted domains for the Active Directory 322user quotas for users of specified groups 103workgroup name 289

setting domain userAD domain mode 302

setting securityAD domain mode 302NT domain mode 289

setting uphome directories 350

severity levelsabout 419adding to an email group 421

severity notificationssetting 430

share directoriesCIFS and NFS protocols 211

share propertiesdisplaying 336

shared cache objectcreating 265

sharingfile systems using CIFS and NFS protocols 342

show local usersFTP 396

showingsnapshot schedules 256

shutting downnode or all nodes in a cluster 60

snapshot methodsNetBackup 444

snapshot schedulesabout 252creating 254deleting 256displaying 256modifying 256preserving 256removing 256showing 256

snapshotsabout 246creating 248destroying 250displaying 249displaying quotas 250enabling or disabling quota limits 250mounting 250that can be exported

displayed 203unmounting 250

SNMPfilter notifications

setting 430management server

adding 430deleting configured 430

605Index

SNMP (continued)management server (continued)

displaying current list of 430MIB file

exporting to a given URL 430notifications

displaying the values of 430server

setting severity notifications 430specified group

deleting a severity from 421specifying

DNS name servers 165number of virtual machine clones to be

created 535specifying guest operating system

if customizing for Linux or Windows 536specifying network customization parameters for

guest operating systemsif customizing for DHCP or Static IP 538

SSLsetting the LDAP server for 184

standalone modeCIFS server status 284CIFS service 284security 284

startingbackup services 467CIFS server 327DNS update service 549HTTP server 406NFS server 200

starting CIFS serverAD domain mode 302NT domain mode 289

statusdisplaying for the DNS update service 550displaying for the HTTP server 407

stoppingbackup services 467DNS update service 549HTTP server 407NFS server 200

storageadding to ESX servers 532

storage poolscreating 72destroying 72listing 72

storage pools (continued)listing free space 72moving disks from one to another 67renaming 72

storage provisioning and managementabout 64

storingaccount information 323user and group accounts in LDAP 325user and group accounts locally 325

striped file systemscreating 227

striped tieradding to a file system 478

striped-mirror file systemscreating 227

striped-mirror tieradding to a file system 478

support userabout 44

support user accountdisabling 45enabling 45

support user passwordchanging 45

support user statuschecking 45

swap commandusing 512

switchingCIFS clustering modes from normal to ctdb 358ctdb clustering mode 358from ctdb to normal clustering mode 361

Symantec AntiVirus for FileStoreabout 560commands about 561configuring on the cluster's nodes 564displaying configuration 562displaying logs 562displaying stats 562licensing 561manual scan commands 578quarantine commands about 574scheduling scan jobs 582setting action policies 577using manual scan commands 579using quarantine commands 575

Symantec AntiVirus for FileStore LiveUpdateabout 568

Index606

Symantec AntiVirus for FileStore LiveUpdate(continued)

adding LiveUpdate servers 570Symantec Enterprise Vault

Partition Secure Notification (PSN) 272Symantec FileSnap

creating virtual machine clones with 533synchronizing patches 556syslog event logging

about 426syslog format

exporting audit events to a given URL 434exporting events to a given URL 434

syslog serveradding 427deleting 427displaying the list of 427displaying the values of 427setting the filter of 427setting the severity of 427

system commandsabout 498

system date and timedisplaying 500setting 500

system fileshiding when adding or modifying a CIFS normal

share 334system statistics

displaying 511

Tthreads

setting the maximum number to be created 410tier

adding a tier to a file system 481displaying location of a specified file 484listing all of the specified files on 482removing a mirror from 481removing a mirror spanning a specified pool 481removing from a file system 480removing from a tier spanning a specified

disk 481trusted domains

allowing access to CIF when setting an LDAPIDMAP backend to hash 314

allowing access to CIFS when setting an LDAPIDMAP backend to ldap 313

trusted domains (continued)allowing access to CIFS when setting an LDAP

IDMAP backend to rid 312

Uunexporting

share of exported directory 214uninstalling

patches 556unmounting snapshots 250upgrading

file system to the current layout for runningdeduplication 274

patches 551user and group accounts in LDAP

storing 325user and group accounts locally

storing 325user names

mapping for CIFS/NFS sharing 345user roles and privileges

about 29users

adding new 30changing passwords 41creating 41deleting 41

usingAD interface 309history command 46more command 507multi-domain controller support in CIFS 305swap command 512Symantec AntiVirus for FileStore manual scan

commands 579Symantec AntiVirus for FileStore quarantine

commands 575

Vverifying

FileStore has joined Active Directory (AD) 300virtual machine clones 541

viewinglist of locally saved configuration files 505

virtual IP addressconfiguring or changing for NetBackup 450

virtual machinecreating 533

607Index

virtual machine clonesspecifying where to create 535verifying 541

virtual nameconfiguring for NetBackup 451

VLANabout interfaces 195adding interfaces 196configuring interfaces 196deleting interfaces 196displaying interfaces 196

VMware Viewconfiguring 539

VMware Virtual Center Serverregistering the FileStore with 516

VMware vSphere extension for FileStoreabout 530interactions with other FileStore

applications 531volpagemod_max_memsz parameter of vxtune

modifying 526vxtune parameters

displaying 526

WWeb resources for FileStore 27Windows Active Directory

configuring as an LDAP IDMAP backend 315WWN information

displaying 84

Index608

Documents

Symantec™ FileStore Command-Line Administrator's Guide · 2011-09-27 · Using DAR without Symantec Enterprise Vault ..... 134 Configuring data archive and retention ..... 135 About