The installation steps for performing ETERNUS Disk storage system NAS operation is explained.
Installation is implemented in the following order.
Order | Installation Item | Title of Sections Listed | Optional/Required |
---|---|---|---|
1 | Create Shared Folder | Required | |
2 | Create NAS Interface | Required | |
3 | Configure DNS Server | Optional | |
Configure Authentication Server | Optional |
*1: Tasks that must be performed in order to operate the NAS file system are "Required", while tasks that may be omitted are "Optional".
Point
If an authentication system is not implemented then the NAS file system can be accessed from any clients connected to the business LAN. It is strongly recommended that an authentication server is properly configured and implemented.
Create a shared folder in order to configure the folder of the access destination of the NAS file system.
Configure the following for the shared folder:
Subject of Configuration | Configuration Details |
---|---|
Purpose and intended use of the shared folder. You can select either "File Sharing" or "Home Directory".
If you select "Home Directory", you cannot specify values of the following items.
Item Name | Explanation |
---|---|
"homes" is fixed. | |
"CIFS" is fixed. | |
"Disable" is fixed. | |
No specification is allowed. |
The setting items other than listed above are common to all the home directories that are created under the shared folder.
The name of the shared folder.
The protocol to be used by the shared folder.
It is possible to select CIFS, NFS, or both of these protocols.
See
When using a protocol other than CIFS and NFS, refer to the procedure for creating NAS environments described in the ETERNUS Disk storage system manuals.
This is the configuration of the Oplocks function that prevents concurrent file access.
It is possible to configure this only when using the CIFS protocol.
When the Oplocks function is enabled, although improvement of access performance from the client can be expected, it becomes impossible to use the Alternate Data Stream. In addition, when selecting both protocols of CIFS and NFS, it is recommended that the Oplocks function is not enabled.
Settings that are for the SMB encryption function.
The settings can be configured only when using the CIFS protocol.
When the SMB encryption function is enabled, the communications between the client and the ETERNUS Disk storage system are encrypted. In order to use this function, the client must support SMB 3.0.
Note
When data access encryption is enabled, clients that do not support SMB 3.0 cannot access the shared folder.
This is the Access Based Enumeration (ABE) function settings.
The settings can be configured only when using the CIFS protocol.
When the ABE function is enabled, folders and files that cannot be referenced by users accessing the shared folder are not displayed.
This is the volume where the shared folder is to be created.
When no NAS volumes are already defined, a new NAS volume is created.
When NAS volumes are already defined, one of them may be selected, or a new NAS volume may be created.
This is NAS file system block size.
Only specified when creating a new NAS volume.
Information
If you increase the block size, the maximum volume capacity and the maximum file size increases, but the capacity efficiency decreases.
This is the capacity of the NAS volume.
Only specified when creating a new NAS volume.
The capacity that can be specified differs depending on the NAS file system block size. For details, refer to the NAS file system specification described in the ETERNUS Disk storage system manuals.
Information
For NAS volume, a system area of 300 GB is reserved. For this reason, the area available as a file system is the value after subtracting the system area from the area specified for the NAS volume.
For example, if a NAS volume of 3 TB is created, the user area is 2.7 TB and the system area is 0.3 TB.
This is a NAS volume number.
Specify this number when execute the inter-box backup of NAS volumes.
In the ETERNUS DX100 S3/DX200 S3, DX500 S3/DX600 S3 whose firmware version is earlier than V10L51, the NAS volume number must be the same at ETERNUS Disk storage systems as backup source and backup destination respectively.
NAS Backup
This is set for the purpose of backing up the NAS volume data.
When there is no NAS backup volume, create a new NAS backup volume. Where there is a NAS backup volume, you can choose to either create a new NAS backup volume or use an existing NAS backup volume.
The NAS backup volume is created with the following details.
Volume Name | nasVolumeName$bak_N (*1) |
Capacity | Same as the source NAS volume. |
Volume Type | Same as the source NAS volume. |
Thin Provisioning Pool of the Creation Destination | User Selection |
*1: "N" is a sequential number from 0. The number of digits varies.
When a NAS backup volume is created, the following copy group and copy pair are automatically created.
Copy group
The copy group is a group of copy pairs. A copy pair is comprised of a source NAS volume and a destination NAS backup volume.
Copy Group Name | NAS_QuickOPC_nasVolumeName_N (*1,*2) |
Copy Group Type | QuickOPC |
*1: "N" is a sequential number from 0. The number of digits varies.
*2: Characters other than those listed below in nasVolumeName are replaced with hash (#):
One-byte alphanumeric character, minus (-), underscore (_), hash (#), period (.), plus (+)
Copy pair
The copy pair is a definition of a source NAS volume and a destination NAS backup volume. A copy pair is defined within a copy group.
In addition, it is also possible to configure NAS backup individually. Refer to "6.6.4.10 Configuring NAS Backup" for this procedure.
Point
For increased reliability, it is recommended to create Thin Provisioning Pools of the creation destination for the NAS backup volume and the NAS volume in separate Thin Provisioning Pools.
When configuring NAS backup or backing up the NAS volume, an ETERNUS SF AdvancedCopy Manager Local Copy License is required.
NAS Snapshot
Sets the number of generations that the NAS snapshot has and the schedule that the snapshot is captured automatically. This can be configured only when setting a new NAS snapshot. When using an existing NAS snapshot, the existing setting is used. This cannot be modified.
Sets the number of snapshot generations owned.
The settable number of NAS snapshot generations varies with the device model and firmware version number, and with the total number of NAS snapshot generations specified for a target device. Set a value in this item for a target device so that the maximum settable number of NAS snapshot generations is not exceeded.
The total number of NAS snapshot generations specified for a device means the sum of NAS snapshot generations set for all the NAS volumes in the device. The number of generations includes the number of generations taken in Automatic mode and the number of generations taken in Manual mode, as well. Refer to the NAS snapshot specification described in the ETERNUS Disk storage system manual for details.
Sets the schedule that the snapshot is captured automatically. The following items are set.
Item | Explanation |
---|---|
Cycle | Selects the cycle for capturing snapshots. |
Day | Selects the days to capture the snapshot. |
Time | Selects the time to capture the snapshot. When an interval of capturing a snapshot is selected, the selected interval time is automatically checked from the start point of zero time. |
When configuring a new NAS snapshot, the NAS snapshot volume for the collected snapshot backup is automatically created. The NAS snapshot volume is created with the following content.
Volume Name | nasVolumeName$snap_N (*1) |
Capacity | Same as the NAS volume of the backup source |
Volume Type | SDV |
RAID Group Created | User Selection |
*1: "N" is a sequential number from 0. The number of digits varies.
Point
The snapshot is collected based on the time set for the ETERNUS Disk storage system.
When a new NAS snapshot is configured, it automatically goes into start state.
Note
When using the snapshot function, enable SNMP Trap Setup. If SNMP Trap Setup is not enabled, snapshot collection result is not notified. Refer to "Change ETERNUS Disk Storage System Information" in the Web Console Guide for the procedure to change SNMP Trap Setup via Web Console.
Access Settings
The owner and group that issue access rights in relation to the shared folder are configured. For the owner and group, configure a user and group on the authentication server configured with "6.6.3.3 NAS File System Environment Settings" or configure a local user and local group registered with "6.6.2.1 ETERNUS Disk Storage System Configuration" for connecting to NAS. When root is configured as the owner and group that has the access rights of the shared folder, it is possible to access the shared folder from all clients on the business LAN.
Point
Set root to the owner and the group when making first time of the shared folder or the authentication server is a unsetting. Refer to "6.6.4.3 Changing Access Setting for Shared Folder" for the modification procedure when the access authority is given to a specific owner and the group after the authentication server is set.
In order to perform detailed access control such as specifying Read-Only to individual users other than the owner, directly configure this in relation to the authentication server.
Configure host access, permitted and denials, to the shared folder. When a host to permit is not specified, access from all hosts is permitted.
It is possible to configure hosts to deny only when CIFS is specified for the protocol.
It is possible to configure hosts allowed access with root privileges only when NFS is specified for the protocol.
Point
If a user other than root user is specified for an NFS owner and group, the root user of an NFS client cannot operate files in a shared folder with root privileges.
If you specify a host allowed access with root privileges, only the root user of the specified NFS client can operate files in a shared folder with root privileges.
Note
The host access control to the shared folder when NFS is specified for protocol complies with the standard NFS server control.
Since there is priority on the order of specified host names, the specified order is important. Also, the host name specified for root Access Allowed Hosts must correspond to a NFS allowed host in the format of the character string.
Concretely speaking, when specifying multiple host names for the NFS allowed host, the priority order applied to root Access Allowed Hosts differs with the specified format and order. The priority order is as follows. The number 1 shows the highest priority and the number 4 shows the lowest priority. When the priority order is the same, the number listed to the left has a priority.
Priority Order | Specified Format |
---|---|
1 | FQDN |
2 | IP address, IP network (for example: 192.0.2.0/255.255.255.0) |
3 | Others (host name, FQDN that includes *) |
4 | * |
Depending on the specified order, access may not be allowed with root privileges from a host specified for root Access Allowed Hosts. The following is the example:
Inaccessible example with root privileges
Specified IP address and IP network are mixed.
Allowed hosts: 192.0.2.0/255.255.255.0, 192.0.2.100 root Access Allowed Hosts: 192.0.2.100
In the above configuration, the access from the host with IP address 192.0.2.100 is not allowed with root privileges. The reason of being inaccessible is that the IP address 192.0.2.100 falls under 192.0.2.0/255.255.255.0 specified to the left of the allowed host and 192.0.2.0/255.255.255.0 is not specified for root Access Allowed Hosts.
In this case, considering the priority order, specify the IP address first as follows.
Allowed hosts: 192.0.2.100, 192.0.2.0/255.255.255.0 root Access Allowed Hosts: 192.0.2.100
Accessible example with root privileges
Specified FQDN and IP network are mixed.
Allowed hosts: 192.0.2.0/255.255.255.0, fqdn.example.com root Access Allowed Hosts: fqdn.example.com
When "fqdn.example.com" specified in FQDN is defined as IP address 192.0.2.100, set as listed above, and when accessing from the host of 192.0.2.100, access is allowed with root privileges. The reason of being accessible is that "fqdn.example.com" specified in FQDN is applicable to high priority of allowed hosts.
Configure access permission to the shared folder with CIFS protocol on a per user/group basis.
Note
When CIFS access permission has been configured, the users/groups that are not permitted to access cannot access the shared folder with CIFS protocol.
Quota Settings
Sets limits on the quantity consumed of disk/number of files for shared folders.
The following items are set:
Disk Space (Warning, Limit)
File Count (Warning, Limit)
In addition, the following are automatically configured when creating the shared folder:
The state of whether writing to the shared folder is enabled or disabled is displayed. The client can only write into a shared folder for which writing authority is enabled, or folders and files subordinate to such a shared folder.
When the shared folder is created, writing is enabled by default.
Refer to "6.6.4.2 Changing Basic Setting for Shared Folder" for information on how to change write authority.
The state of whether the sharing of the shared folder is active (Online) or inactive (Offline) is displayed. For a folder where sharing has been made active, a client is able to access files via the NAS interface.
When the shared folder is created, sharing is in an active state by default.
Refer to "6.6.4.8 Activating Sharing" or "6.6.4.9 Stopping Sharing" for information on how to change the shared status.
Shared folders can be created up to 256 folders per device.
See
Refer to "Create Shared Folder" in the Web Console Guide for information on how to create using Web Console.
Create a NAS Interface in order to configure a public IP address and a port to access the shared folder.
The following can be configured with this function:
Subject of Configuration | Configuration Details |
---|---|
NAS Interface (Port)
Configure whether to enable/disable RIP configuration.
When the RIP setting is enabled, its own routing table is automatically generated based on the routing table broadcast from the router connected to the port, and the access route set in the NAS interface can be automatically selected.
When the RIP setting is disabled, there is dynamic generation of the routing table.
Point
When the RIP configuration is enabled, in order to dynamically create the routing table of the NAS interface, enable the RIP configuration of the router that is connected.
When the RIP setting is disabled, the NAS interface cannot select its own access route. Set the routing table manually using the ETERNUS Disk storage system command.
Configure the Allocation port and the Redundant port of the NAS interface. The shared folder is accessed via the port configured as the Allocation port.
When the Allocation port is down, the shared folder can be accessed via the port configured as the Redundant port. It is also possible to use a single port operation format where a Redundant port is not configured.
Point
By setting the VLAN ID, 1 port can be allocated to multiple NAS interfaces.
The following ports cannot be selected for the Allocation port:
Member ports of bonding port
The following port cannot be selected for Redundant port:
Port of same CM as assignment Allocation port
Redundant port of other port
Member port of bonding port
When a Redundant port is not configured, it is not possible to access the shared folder when the Allocation port goes down. For this reason, it is recommended that a Redundant port be configured.
Configure the Allocation port and Redundant port for the shared folder access connection method.
The method for configuration of the connection type is as follows:
Connection Settings | Configuration Method |
---|---|
Single connection | Specify only an Allocation port, and create a NAS interface. |
Active-Standby connection | Specify an Allocation port and a Redundant port, and create a NAS interface. |
Active-Active connection | There are the two following configuration methods.
|
The Allocation ports and the Redundant ports for the NAS interface can be set as operating mode of member port and bonding port.
Point
The following ports cannot be selected for bonding ports.
Port of CM different from the master port
Port to which a NAS interface has already been assigned
Duplicated port
The operating mode that is the method of determining the communication ports from the bonding ports can be selected from the following.
Mode | Name | Explanation |
---|---|---|
0 | Load distribution | Performs load distribution using round robin. |
1 | Active backup | Communicates on one port, and when communication is not possible, switches over to other ports. This does not perform load distribution. |
2 | Load distribution | Performs load distribution based on EXCLUSIVE OR of recipient/sender |
4 | IEEE802.3ad | Performs load distribution following the IEEE802.3ad standard. |
5 | Load distribution | Transmit performs load distribution in line with Link speed. Receive is only performed on one port. |
6 | Load distribution | Transmit performs load distribution in line with Link speed. Receive allocates a communication ports as necessary for each communication partner. With IPv6, there is the same operation as mode 5. |
Further, when the operating mode is "load distribution (EXCLUSIVE OR)" or "IEEE802.3ad", has policy is set as the method of determining the port.
Name | Explanation |
---|---|
MAC Address | This is determined using an EXCLUSIVE OR of the sender and recipient MAC addresses. |
MAC Address and IP Address | This is determined using an EXCLUSIVE OR of the sender and recipient MAC addresses and IP addresses. |
IP Address and Port Number | This is determined using an EXCLUSIVE OR of the sender and recipient IP addresses and port numbers. |
Point
Specify "1" for Restriction on the number of detached ports of the switch. The number "1" is set by default.
The Restriction on the number of detached ports indicates the allowable number of ports disconnected from members making up a bonding port. When the number of detached ports is less than the restriction number, the bonding port is disabled. For example, if number "1" is specified for the Restriction on the number of detached ports and 4 ports make up a bonding port, when all the 4 ports become unavailable, the bonding port is disabled. When all the ports are recovered, the bonding port gets enabled.
The function required for LAN switch varies depending on the operating mode of bonding port.
Refer to the ETERNUS Disk storage system manuals for the function required for switch by operating mode.
NAS Interface (network)
Sets the IP address used for the NAS interface. Either an IPv4 address, IPv6 address or both can be configured.
Sets the tag VLAN ID configured for the NAS interface.
By setting the VLAN ID for the NAS interface, the NAS interface can be additionally allocated for ports that other NAS interfaces have allocated.
Note
When multiple NAS interface are assigned to the same port using the VLAN ID, the NAS interface must all be in different subnets.
Port VLAN is not supported for connection between ETERNUS Disk storage system and switch.
See
Refer to "Create NAS Interface" in the Web Console Guide for information on settings using Web Console.
Note
When the same subnet is assigned to the same CM, the behavior is to communicate using only a specific port.
Where the network is allocated in an Active-Active connection form, it is necessary to set the same network address between CM.
To create a NAS interface, allocate a new NAS interface to NAS ports and then restart the service to access the shared folder by the CIFS protocol. Before the restart process is completed, the shared folder is not accessible from the existing NAS interface by the CIFS protocol. Wait a few moments to access it again.
If Spanning Tree Protocol (STP) is implemented into the LAN switch for connecting to NAS ports, when the STP function is enabled, access to the shared folders may fail.
Take the following steps to disable the STP function:
When the STP function is not required for network configuration:
Disable the STP function of the LAN switch.
When the STP function is required for network configuration:
At only the NAS port connected part of the connection ports of the LAN switch, disable the STP function or configure Port-Fast.
Configures the NAS file system environment settings
DNS Server
The ETERNUS Disk storage system NAS file system sets the DNS Server for performing name resolution.
The DNS Server is in both IPv4 and IPv6 formats. A primary DNS Server and secondary DNS Server can be registered for each.
Information
When Active Directory authentication Servers on which the DNS feature is enabled are registered in the ETERNUS Disk storage system, name resolution is performed using the DNS feature on the Active Directory authentication server. In this case, the DNS Server information can be displayed on Web Console.
Authentication Server
Perform configuration of the authentication server to perform client access control to the NAS file system.
Depending on the type of protocol for access, specify the following for the authentication method:
Specify this when accessing the NAS file system using the CIFS protocol.
Specify this when accessing the NAS file system using the NFS protocol.
Note
The authentication methods that can be operated differ with each protocol. For this reason, when the shared folder is accessed with an authentication method that is not supported, the authentication system does not operate.
In the operation using Active Directory, it is required to synchronize the time between the ETERNUS Disk storage system and the Active Directory installed authentication server. It is recommended to automatically correct the time by Network Time Protocol (NTP).
When a local user/local group for connecting to NAS is created on the ETERNUS Disk storage system, you cannot set up an authentication server.
It is possible to register a maximum of 3 authentication servers for each authentication method.
See
Refer to "Configure Authentication Server" in the Web Console Guide for information on settings using Web Console.
Set the access authority to the owner and the group if necessary for the shared folder made by "6.6.3.1 Creating Shared Folder" after setting the authentication server.