Aureum 4.0 Installation Guide IG.40.160531.01
Aureum 40 Installation Guide
IG4016053101
Contents | 3
Contents
Introduction 5How Aureum Works 6
Install Aureum 9Resource Requirements10Aureum Configuration Settings 11Port Requirements and Firewall Settings12Prepare Aureum Installation Resources (Linux) 12Prepare Aureum Installation Resources (Windows) 14Install the Software15Continue the Installation16Create an Admin Account17Import an Aureum License18Provide Aureum Information18Add Resources 19Create a Default Storage Class20Define Outgoing Mail Settings 21Create a Client Registration User22Configure Security 22Connect22
Linux Client-Aureum Registration23Security Levels 23Create an Export 23Install a Linux-based Aureum Client 24Windows Configuration26
POSIX Compliance29Information and Resources 31
Introduction
In this section
bull How Aureum Works
Peaxyreg Aureumtrade installs on your own off-the-shelf hardware tocreate aggregate Peaxy ldquonodesrdquo The Peaxy software uses thesededicated nodes to create Aureum a highly extendable dataaccess and management platform that is managed as a single entitywithin a single namespace
The result is a system with unique capabilities and nodes basedon namespace and data space stores The namespace spans allAureum nodes Aureum responds to changing requirements usinguser-defined variables such as storage class use and data policies
ReliabilityAureum can replicate data so that a single loss does not disruptaccess Built-in redundancy with or without RAID ensures thataccess to your data is uninterrupted The Aureum platform lets youdefine a replication factor for each storage class A storage classis a group of like disks or servers that have the same attributesreplication and performance Choose to have up to four copiesmaintained in parallel Optimize performance redundancy andcost factors in classes of storage within your single namespace
AccessibilityThe unified namespace and a single management IP address(called the Aureum IP address) makes data accessible fromanywhere Because the namespace is unified it doesnt matterwhere on Aureum that data resides Data is easily accessed withoutknowing where the data is stored Even if data is moved to anotherlocation within Aureum the pathname doesnt change Regardlessof changes in networks computers data locations or other factorsAureum gives you one container one access path forever
ScalabilityAdd resources easily without any down time requirementAdding resources adds capacity and performance When you addresources both the additional capacity and the CPU power becomepart of Aureum
Introduction | 6
How Aureum WorksPeaxy designed Aureum for flexibility accessibility scalability and ease of use Heres how it works
Aureum sits on top of your own industry-standard hardware resources Based on your Aureumconfiguration the Peaxy software creates a number of Peaxy-specific nodes to use when building thesystem Peaxy nodes cannot be used for any other purpose This makes expansion as easy as addingnew resources (servers) to an existing environment
You dont need to manually create the individual nodes Peaxy software creates the container layerbased on the way you configure Aureum
Resources that are included in Aureum but not used immediately become spares which are availableon an as-needed basis This allows all Aureum software components to recover from most failurescenarios without manual intervention as long as there are enough spare resources to allow self-healing It also allows you to expand the capacity of a storage class
The following terms explain the abstraction and components of the Aureum architecture
bull Aureum A Peaxy storage and data access facility that manages all of its components within asingle namespace allowing total data access without bottlenecks
bull Hyperserver Either a namespace server or a data space server that manages between one andfour Aureum node members The Aureum namespace enables single disk IO access and allowsthe entire namespace to be persistently contained in RAM for better performance although thenamespace also resides on disk Subsequent directory lookups are done without touching the diskThe Aureum architecture accelerates file access by an order of magnitudeNamespace Hyperserver
A namespace hyperserver contains the path name and system metadata Namespacehyperservers run the namespace service (NS) The namespace is partitioned across allhyperserver members Each namespace hyperserver within Aureum contains a portion of thenamespace information
Data Space HyperserverA data space hyperserver contains actual user data Data space hyperservers run the dataservice (DS) All of the data in Aureum is distributed across all of the data hyperserversconfigured for data use under the rules of the data policy and assigned storage class withbetween zero and three copies stored
bull Hypervisor A hypervisor manages multiple nodes on one host In most cases the termshypervisor server and host are interchangeable Note however that a hypervisor is not the sameas a hyperserver
bull Analytics Service The analytics service (AS) manages the system analytics providing a clear wayunderstand how Aureum is managing data The analytics service is the force behind the analysisviews The analytics service is managed by the analytics node
bull Search Service The search service provides advanced search capabilities and powers Peaxy Findmaking it possible to find data across Aureum Searches are performed using a search query onan index or alias (group of indexes) that administrators create The search service is based onApache Lucene project Solr and SolrCloud SolrCloud provides the ability to set up a cluster ofSolr servers that combines fault tolerance and high availability enabling distributed indexing andsearch Administrators configure servers to support either data access or the search service duringinstallation
bull Storage Class The storage class is the abstraction that specifies performance redundancy andavailability characteristics of all the data hyperservers of the class User-defined data placementpolicies govern the data stored on each storage class
bull Data Class Data classes provide a way to perform storage management and access control basedon a directory structure This allows you to manage your storage based on a logical structure suchas teams and projects complementing the hardware-oriented resource management capabilitiesoffered by storage classes
bull Data Policy The data policies you create provide Aureum with the instructions about where data isstored as well as when and how data will be moved
bull Node Peaxy virtualization node created in containers Peaxy software creates the entire filesystem from virtual constructs Nodes that are members of a hyperserver store copies of the same
Introduction | 7
data or metadata Aureum sets the number of copies during the initial configuration and based onthe attributes of the storage class Aureum creates these nodes solely for its own use
bull Aureum Management Service Aureum management service (AMS) allows you to create and useAureum from physical resources
Overview of Aureum Building BlocksEach part of the Aureum architecture builds on the next To build an Aureum system
1 Rack and cable any physical servers and ensure the resources are accessible on the network2 Provision your resources and configure your physical storage Hardware provisioning is the task of
Admin users and cannot be delegated3 Install the Peaxy software Installation is described in the this guide
The Aureum manager (AMS) uses the configuration settings you define when Aureum creates thenodes It groups them into the appropriate types of hyperservers Aureum uses your configurationsettings to determine the optimal ratio of namespace hyperservers to data space hyperservers
4 Create storage classes and ingest policies for your environment
All of the resourced hyperservers aggregate and become a fully functioning Aureum systemconnected to your network
5 Create data classes to manage storage and access control based on the logical organization ofyour teams and projects
6 Begin ingesting data into Aureum
After the basic setup is complete you can add storage classes and data policies as well as optionalreplication partners When planned correctly these let you automate most data management andadministrative tasks
Aureum provides the Peaxy Management Tool (PMT) a powerful and intuitive browser-based UI formanagement Access data through a Linux-based client or a Windows domain share Peaxy providesseveral roles and allows the creation of others to ensure that the right access level is granted to usersand groups
Install Aureum
In this section
bull Resource Requirementsbull Aureum Configuration Settingsbull Port Requirements and
Firewall Settingsbull Prepare Aureum Installation
Resources (Linux)bull Prepare Aureum Installation
Resources (Windows)bull Install the Softwarebull Continue the Installationbull Create an Admin Accountbull Import an Aureum Licensebull Provide Aureum Informationbull Add Resourcesbull Create a Default Storage
Classbull Define Outgoing Mail Settingsbull Create a Client Registration
Userbull Configure Securitybull Connect
Make sure you have sufficient resources for the Aureum system youare creating After the hardware is racked and accessible to thenetwork use the Aureum manager to create the system
Install Aureum | 10
Resource RequirementsThe requirements for the hardware are minimal and depend on the Aureum configuration you define
The software installation image is self-contained and does not have outside software requirements
Minimum Hardware Requirementsbull Three or more servers compatible with Red Hat Enterprise Linux version 7 64-bit 1
bull Each server should have a minimum of 24 GB RAM and one core per physical device (diskLUN)bull One or more 1 or 10 Gigabit Ethernet connectionsbull One 2 GB USB stick per serverbull One available USB port on each server
Important If you are planning replication you can replicate across only same-sized drives Forexample replication must be between multiple 1 TB drives or between multiple 2 TB drivesand so on
Aureum SolrCloudCompute Node Requirementsbull 4 or more CPU coresbull 64 GB RAMbull 1 TB local storage
Aureum FUSE Client RequirementsAureum clients may be run on either physical or virtual machines and can use either 1 Gigabit or 10Gigabit Ethernet connections
Additionally the client requires
bull 1 or more CPU coresbull 2 GB RAMbull Red Hat Enterprise Linux version 5 6 or 7 64-bit or CentOS 5 6 or 7 64-bit or laterbull FUSE (the Linux File System in User Space)
Aureum Windows Client RequirementsAureum clients may be run on either physical or virtual machines and can use either 1 Gigabit or 10Gigabit Ethernet connections
Additionally the client requires
bull 1 or more CPU coresbull 2 GB RAMbull a supported operating system
2008 SP2 x86 and 64-bit
2008 R2 64-bit
2012 64-bit
Windows Server
2012 R2 64-bit
Vista x86 and 64-bit
Windows 7 x86 and 64-bit
Windows 8 x86 and 64-bit
Windows
Windows 81 x86 and 64-bit
1 The complete list of compatible hardware is available at httpshardwareredhatcom
Install Aureum | 11
Windows 10 x86 and 64-bit
Aureum Configuration SettingsConfiguration settings are needed to install and configure Aureum There can be additional optionalsettings
Table 1 General and Network Settings
Item Description Example
Aureum name Names can be up to 14 alphanumeric characters and cancontain dashes (-) and underscores (_)
Aureum_One
Aureum IPaddress
This is a floating IP address that is used for communicationto and from Aureum Communication can be donethrough the Aureum IP address Peaxy recommendsthat organizations create a DNS entry for Aureum that ismapped to the IP address allowing you to refer to Aureumby a more meaningful name
10213119
IP addresses A list of IP addresses or one or more ranges of IPaddresses that the configuration wizard can use to assignIP addresses to discovered hypervisors If you includemultiple ranges the Aureum manager will use all availableIP addresses in the first range before moving to thesecond
151145011715114520 - 94
Gateway Aureum needs to be assigned a default gateway addressThe gateway is used by each hypervisor and node thatcomprises Aureum
1721601
Subnet mask All hypervisors making up Aureum must reside in the samesubnet This is defined by the subnet mask
25525500
DNS domainsuffix
Working with the DNS server the domain suffix identifiesthe server within a smaller network (like a computer lab)
peaxynet
DNS server list A list of up to three DNS servers to use 55219208672222228888
Time zone The time zone to use (UTC-800) Pacific
NTP server The IP address of the network time protocol (NTP)server that Aureum should use to coordinate time acrossthe entire namespace even if the servers within thenamespace are in disparate locations This can be criticalwhen Aureum needs to compare timestamps
0poolntporg1poolntporg
Averageexpected file size
The selection here is used by the system to determine themost efficient ratio of namespace hyperservers to datahyperservers
bull Small files (less than 1MB)bull Medium files (less than 20MB)bull Large files (greater than 20MB)bull A mixture of file sizes
Large files (greaterthan 20MB)
Replication factor The number of replicas created for data when the filesare assigned to a particular storage class Setting thereplication factor to 2 indicates that the original and one
2
Install Aureum | 12
Item Description Exampleadditional replica of the data are saved providing higheravailability Valid options are 2 3 and 4
Use the appropriate replication factor for each storageclass to implement the best level of protection for criticaldata and to limit wasted consumption for sandboxes andother nonessential data For data that is not critical or forsandboxes you can choose a lower replication factor Usea high replication factor for data that is critical or accessedoften
Table 2 Emailer Settings
Item Description Example
Email server The name of the email server This is usually an SMTPserver
smtpgmailcom
Server port By default port 587 is used Only change this if corporateor security requirements demand it
587
Email serveraccount
Enter a valid email account Aureum uses this account tosend email notifications and replacement passwords
memycompanycom
Password The password that is associated with the valid emailaccount
Send from Only change this if your SMTP server allows it and yourcorporate requirements demand it Normally only serversusing TLS require this entry
memycompanycom
Port Requirements and Firewall SettingsBecause Aureum uses the network for traffic specific ports must be available
The following table describes the ports that must be open for Aureum traffic and client connections
Port Type Used for
53 DNS DNS
443 TCP Encrypted traffic
514 UDP Log Server
3033 TCP Statistic collection
8001 TCP Analytics server
8080 HTTP Windows client
8443 TCP Encrypted traffic
10011 UDP LinuxFUSE client
Prepare Aureum Installation Resources (Linux)The software is installed on each server resource that will become part of Aureum Aureum ishardware agnostic but there must be adequate resources to complete the installation Each serveruses a USB stick to install the software
Make sure that you have the required basic resources described in Resource Requirements Downloadthe software files from wwwpeaxynetsupport A login is required
Install Aureum | 13
1 Download the software installation files
bull Release-ltreleasenumbergtimg is the image to be copied to a USB stick that will initializethe hardware
bull Release-ltreleasenumbergtmd5 is the checksum file that validates the validity of the imagebull samsp-ltreleasenumbergtzip is a compressed file that contains the utilities to move the
image to the USB stick and for the initial configuration of Aureumbull The Aureum client file
bull hfclient-fuse-ltreleasenumbergttargz - the Aureum Linux client installation file2 From a command prompt on your workstation uncompress the installation files Type
sudo unzip samsp-ltreleasenumbergtzip -d tmp
3 As root launch the image copier Double click img-copiersh and click Run on the dialog thatappears
4 Browse to the software image you downloaded (the img file) and select this file
5 Type a label for the USB sticks
The label is used to identify the system during the initial installation and becomes the name of theserver on which it is installed If you use the same label on different sticks the software will add anumeric suffix when creating the host name for example HOST-01 HOST-02 and so on Labelscannot exceed 16 charactersYou can provide a different label for each USB stick but to do so you must copy the image file toeach stick individually
6 Insert the USB sticks into a port on your workstation or a hub connected to your workstation andthen click REFRESH to make them visible to the image copier tool Select the sticks you want fromthose displayed in the destination drives list The USB stick must be at least 2 GB
7 Leave Verify copy operation enabled Peaxy strongly recommends that you do not skip this step
Install Aureum | 14
Depending on the speed on the USB sticks it can take several minutes to complete theverification
8 Enable hypervisor protection if requiredEnable hypervisor protection if the underlying storage consists of non-redundant JBOD (acollection of hard disks that have not been configured to act as a RAID) This creates a softwareRAID 5 configuration for the container store used by AureumYou can disable hypervisor protection if you have a hardware RAID under the disk volumes Thisallows Aureum to use a higher-performing RAID 0 configuration instead
9 Click START10After the copy is complete click EXIT and remove the USB sticks from the workstation or USB hub
The USB stick now contains a bootable image of the Aureum installation software
Prepare Aureum Installation Resources (Windows)The software is installed on each server resource that will become part of Aureum Aureum ishardware agnostic but there must be adequate resources to complete the installation Each serveruses a USB stick to install the software
You must have administrator permissions to install the Aureum software
Your workstation must be running the Java Runtime Environment (JRE) 17 or higher installed in orderto run the image copier
Make sure that you have the required basic resources described in Resource Requirements Downloadthe software files from wwwpeaxynetsupport A login is required
1 Download the software installation files
bull Release-ltreleasenumbergtimg is the image to be copied to a USB stick that will initializethe hardware
bull Release-ltreleasenumbergtmd5 is the checksum file that validates the validity of the imagebull samsp-ltreleasenumbergtzip is a compressed file that contains the utilities to move the
image to the USB stick and for the initial configuration of Aureumbull The Aureum client file
bull hfclient-fuse-ltreleasenumbergttargz - the Aureum Linux client installation file2 On your Windows workstation move to the location of the zip file and unzip the file using any
uncompression program3 Move to the location of the uncompressed file and double-click the executable to start the
installation4 With administrator privileges launch the image copier Double-click img-copierbat
Install Aureum | 15
If the image copier does not launch properly you might need to add javaw to your path Refer toyour Windows Operating System help for instructions
5 Browse to the software image you downloaded (the img file) and select this file then click Run6 Type a label for the USB sticks
The label is used to identify the system during the initial installation and becomes the name of theserver on which it is installed If you use the same label on different USB sticks the software willadd a numeric suffix when creating the host name for example HOST-01 HOST-02 and so onLabels cannot exceed 16 charactersYou can provide a different label for each USB stick but to do so you must copy the image file toeach stick individually
7 Insert the USB sticks into a port on your workstation or a hub connected to your workstation andthen click REFRESH to make them visible to the image copier tool Select the sticks you want fromthose displayed in the destination drives list The USB stick must be at least 2 GB
8 Leave Verify copy operation enabled Peaxy strongly recommends that you do not skip this stepDepending on the speed on the USB sticks it can take several minutes to complete theverification
9 Enable hypervisor protection if requiredEnable hypervisor protection if the underlying storage consists of non-redundant JBOD (acollection of hard disks that have not been configured to act as a RAID) This creates a softwareRAID 5 configuration for the container store used by AureumYou can disable hypervisor protection if you have a hardware RAID under the disk volumes Thisallows Aureum to use a higher-performing RAID 0 configuration instead
10Click START11After the copy is complete click EXIT and remove the USB sticks from the workstation or USB hub
The USB stick now contains a bootable image of the installation software
Install the SoftwareThe installation software on the USB stick installs the Peaxy software and lets you create Aureum
1 Insert one prepared USB stick into each server Servers must have a console attached or beaccessible via an IPMI management tool
Install Aureum | 16
2 Apply power to the servers either individually or with a few seconds in between to complete the
next steps
Note If you have already configured your server to boot from USB skip steps 3 4 and 5
3 Enter the server BIOS and instruct the server to boot from the USB stickThe method used to enter the BIOS depends on the server
4 Ensure that the virtualization setting is enabled in the BIOS5 Save the BIOS changes and reboot the server from the USB stick
After the server has booted from the USB stick and launched the installation software you will seea message at the bottom of the screen telling you that the server is being prepared for installationThis boot process has placed the servers in a discoverable state this plays a role in the nextphase of the installation process
Continue the InstallationAfter the servers have been prepared and the software has been installed begin the configuration
1 On your workstation disable the firewall
On Red Hat Enterprise LinuxCentOS 7 systems use the following commands
systemctl stop firewalld
systemctl disable firewalld
On other Linux-based operating systems use the following commands
service iptables stop
service ip6tables stop
chkconfig ip6tables off only include this command if you want to permanently turn thefirewall off
chkconfig iptables off only include this command if you want to permanently turn thefirewall off
2 On your workstation disable SElinuxYou can check the status of SElinux with sestatus The result should appear as SELinuxstatus disabledIf you do not see disabled
1 Edit etcselinuxconfig and set the SELINUX variable to disabled2 Reboot your client workstation
3 On the workstation launch the Aureum installation management tool Type
sudo tmpsamsp-400ltversiongtsamspsh
Install Aureum | 17
You should see something similar to the following
Launching Management Server Platform version 400rootOpen your browser and enter the URL httpslocalhost to continueDo not terminate samsp it is required to complete cluster configurationYou can view tmpsamsp-40010872logmsplog for detailed progress activity
Important Do not terminate samsp because it is needed to complete clusterconfiguration
4 Open a browser and type
httpslocalhost If you are running the browser on the same workstation running the stand alone MSP orhttpsltip addressgt IP address of the workstation running the standalone MSP
This launches the Peaxy Management Tool If prompted accept the self-signed Peaxy certificate
After the initial setup is complete the IP address changes in the browser address bar This isexpected and correct behavior Now the installation portion of the AMS exits and the integratedAureum manager becomes active
In the next step the Aureum manager guides you through the initial configuration process
Create an Admin AccountThe first step in configuring a new Aureum system is to supply the details for the Admin account Afterthe installation process is complete and Aureum is up and running the Admin account is used to loginto the Aureum web UI (PMT) to perform additional administration tasks such as creating other useraccounts and a client registration password
Important The Admin account has access to critical areas of Aureum Ensure that the Adminaccount is secure
1 Type an email address for the accountThe AMS verifies that the email address is formatted correctly but does not check the validity ofthe email address itself This is the email address to which emails are sent
Note When setting the outgoing mailer settings the use of a customized email addressis highly dependent on the mail server While it might be possible to use a custom emailSEND FROM address many mail servers (such as Gmail) do not allow sending email usinganything other than the registered user account name
2 Type a user name for the accountThe user name must be between 3 and 32 characters and can contain letters numbers dots ()and at signs ()
3 Type a password to be associated with the user name in the previous stepPasswords are case sensitive and should be secure Best practice shows that you should changepasswords regularly
4 Confirm the password by retyping the password exactly as you entered it aboveWhen all of the fields are complete and have the correct format the SUBMIT button turns fromgray to blue
5 Click SUBMIT
The user account information is now created and stored
Important Set up the outgoing emailer settings as soon as possible after completinginstallation of Aureum If you forget or lose your password Aureum cannot send you a newone until the outgoing email is configured
Install Aureum | 18
The next step is to import the Aureum license
Import an Aureum LicenseImporting the license for an Aureum instance activates the Peaxy software License types are assignedto the Admin account that you created at the beginning of the installation
Before you create an Aureum system make sure that you have received your license from Peaxy andthat the license details are correct
Each time you create an Aureum instance you must import a license
1 Select the license to import or drag it onto the files areaThe license is a bdl file that contains all of the files needed to install the license
2 Click IMPORT3 The system installs the license and continues to the next step
Provide Aureum InformationDefining a few basic configuration items is the first step in setting up Aureum
During the first steps of the initial configuration you provide the basic information needed to createAureum its components and the namespace details
1 Enter the Network settingsa) Enter the gateway addressb) Enter the subnet maskc) Enter the primary DNS domain suffix and up to three DNS server addresses
DNS servers must be entered as IP addresses Each DNS server is on a separate line2 Enter the General settings
a) Enter a name for this Aureum instanceNames can be up to 14 characters and can contain letters numbers dashes and underscores
b) Optional Enter a location for the Aureum system for example ldquodatacenterrdquo or ldquoPhoenixofficerdquo
c) Enter the Aureum IP addressd) Optional Enter up to three NTP servers
Including an NTP server ensures that the time stamp for Aureum is always correcte) Select the time zone to use from the drop-down menu
This ensures that all nodes in Aureum use the same time zone3 Define the Namespace settings
Install Aureum | 19
a) Select the average file size that you expect Aureum to containYour expected average file size selection is used by Aureum to determine the most efficientdistribution of hyperservers Aureum uses the selection you make here to determine theestimated ratio of namespace hyperservers to data hyperservers
b) Set the default namespace replication factor from 2 to 4The namespace replication factor is the number of replicas that Aureum creates for thenamespace
4 Click CONTINUE
Add resources to Aureum You can also click CANCEL to cancel the installation
Add ResourcesResources refer to the physical servers that will make up Aureum These can be any commodity serversuch as a 1U or 2U server with any number and size of disks These resources are used to build thenamespace and data hyperservers that form the heart of a running Aureum system
Note After a resource has been added Aureum claims the complete resource Unusedportions of a resource are designated as spares and are used in case of a failure or expansion
1 The system locates all physical servers that have been booted using USB sticks and are currently indiscovery stateYou will see a list of the servers available for inclusion Use the filter to narrow your search by servername
2 Select the servers to add to Aureum
Servers scheduled for selection have a check mark to the left Select the box beside SERVER NAMEto select all servers in the list
3 Enter the required number of IP addresses or an IP range The number of IP addresses neededappears above the IP ADDRESSES entry box
The system determines the number of IP addresses needed to ensure that all Aureum componentscan communicate receiving requests and returning responses Addresses can be individual IPaddresses (xxxxxxxxxxxx) an IP address range (xxxxxxxxx - xxx) or an IP address with a wildcard(xxxxxxxxx) Separate the IP addresses with a space comma or newline
Install Aureum | 20
Aureum only supports IPv4 (the dotted quad format) For example
192168100419216810015-2019216873
4 Define the roles of the serversClick the ROLES column entry for a server and configure the servers to support either data accessor search (SolrCloud) While it is possible to configure a server to support both data access andsearch this setting is not recommended for a production deployment
Note Aureum 40 supports SolrCloud clusters with one or three nodes Aureum 40 doesnot support SolrCloud clusters with either two nodes or more than three nodes
5 Define the bonding for the network port cardsYou should see the same speed for all of the network interfaces (NICs) on this server Use the list ofall NICs that are bonded with the interfaces on this server to form your decision Inactive NICs arenoted as sucha) Click the ETHERNET column entry for the server whose bonding to configure
If the column text is red some interfaces are not bonded to the server If the text is blue allavailable interfaces are bonded
b) Place a check mark next to all of the interfaces to bond to this server Remove the check markfor those interfaces you do not want included in the bond
6 Optional Toggle the server beacon on or offBeacon signals guide you to the server in question This is often used when troubleshooting tolocate a specific server in a large group of servers
7 Click CONTINUEWait for the installation wizard to verify that the IP addresses you entered are valid and can beused The system assigns the IP addresses and sets the state to Pending
8 Click START INSTALLATIONThe button changes from START INSTALLATION to INSTALLATION IN PROGRESS The systemassigns the resources to Aureum and determines the necessary number of dedicated nodesneeded for the configuration The progress is displayed but you can also use the Log link to followindividual progress If some of the servers are not yet ready wait a few moments and retry
The installation process will take some time typically 10 to 20 minutes When complete the IPaddress in the browser will switch from the local IP of your workstation to the Aureum IP addressthat was entered earlier This signals the transition from the AMS you launched earlier (samsp) to theintegrated PMT that is now running on Aureum
The next step is to create a default storage class
Create a Default Storage ClassA storage class groups and manages data hyperservers with similar replication factors capabilitiesand performance configuration
You must configure at least one storage class to use as the default during the initial Aureumconfiguration You can create more storage classes at any time as long as you have the resourcesnecessary
1 You are presented with the create Initial Storage Class option2 Enter the required information to create the storage class
a) Type a name for the storage classClass names can be up to 14 text characters
b) Define the performance levelPerformance levels based on throughput and seek time Select the paired setting that is best foryour expected usage For the widest option select ldquoAnyrdquo
c) Set the replication factor
Install Aureum | 21
Remember all hyperservers assigned to this storage class will use these settings
Note You must include at least the same number of resources to create the specifiedreplication factor For example you cannot have a replication factor of three in anAureum system with only two servers
Because each replication requires some amount of storage the replication factor selectedaffects the amount of total storage available
Tip The Aureum data space is partitioned through all the data-capable hyperserversEach hyperserver can be configured to offer a specified replication factor This lets youstore vital data with high redundancy while more transient data can skip replication inorder to optimize storage and performance costs
d) Optional Enable flexible space allocationEnabling flexible storage space allows the members of the storage class to consume thecapacity needed When more storage space is needed more is allocated automaticallyregardless of the initial allocation Peaxy recommends this option for general use Some casesmight have different needs
e) Optional To make this the default storage class select YESAll data that does not meet the conditions in a specific data policy will be stored on the defaultstorage class (See data policies in the Aureum Administrator Guide)
3 Click CREATE STORAGE CLASS4 To complete the initial installation and configuration click FINALIZE AUREUM then click YES to
confirm the configuration is correct
Important After you click FINALIZE you must wait for the health indicator on the Aureumcard or list turn green before using Aureum
The Aureum installation is complete and the PMT shows the main Aureum window To configureadditional Aureum storage classes and data policies and to understand how to monitor Aureum seethe Aureum Administrator Guide
Define Outgoing Mail SettingsIn order for Aureum to send email notifications and provide lost password recovery you must tellAureum how to send email alerts
Important Configure outgoing email settings as soon as reasonably possible If you lose orforget your password Aureum cannot send reset instructions until you configure the emailsettings
1 Select EMAILER CONFIG from the SETUP WIZARD pane or from the Navigation menu select EMAILER
2 Type the email (SMTP) server to use when sending the emailThe email server must be accessible from Aureum
Install Aureum | 22
3 By default the system uses port 587 This is usually the right setting Only change the EMAILSERVER PORT if your organizations SMTP server requires it
4 Enter a valid user account and password that Aureum will use to send email from this server5 Optional SEND FROM is required only if your email server requires Transport Layer Security (TLS)
If this is the case type the SEND FROM email addressGenerally the recommended SEND FROM address is a working system administrator account
6 Click SAVE
Create a Client Registration UserThe Aureum client registration user and password allow client authentication at mount time
This allows you to create a custom account for authenticating client mounts
1 Click REGISTRATION2 Type a name for the user This will be the username that is authorized to type in the registration
password when an Aureum client is installed3 Type the client registration password This password is used to register the Aureum client for
authentication at mount time4 Click SAVE
Configure SecurityDefine define the level of security for client communication
1 Click SECURITY LEVEL2 Slide the controller to the level of security your data will use
3 Click ACCEPT
ConnectAn Aureum client mounts Aureum and allows access to folders and files Peaxy provides clientsoftware for Linux users and allows Windows users to access Aureum through a Windows share
The Linux-based client uses a FUSE component to remotely access Aureum services Almost all Linuxinstallations include FUSE so you should not need to do anything extra
The Aureum client has a small footprint A very limited set of memory and CPU cycles are needed toperform the client functions Also the Aureum client can be used concurrently with other clients forNFS and other network file systems
When you install the client the client drivers are added to the default system directories To accessthese directories use the mount command (more commonly known as mapping a drive in Windows)to mount the client to the directory
Install Aureum | 23
Mounting a client to an Aureum directory loads all the data structures necessary for the client tointeract with Aureum As the structures change Aureum updates them In order for a client to accessAureum all that is necessary is that the client know the IP address or URL to which the client willconnect and the client-Aureum registration password
Also available is the ability to join a Windows domain and create domain-authenticated users who canaccess different areas of Aureum
Linux Client-Aureum RegistrationThe minimum security level for Aureum is the authenticated mount To ensure that unauthorized usersdont gain access to data Peaxy provides an authenticated mount between Aureum Linux clients andAureum using certificates and registration
Note The process described in this section applies to Linux clients Windows domains userswith credentials from an Active Directory access Aureum through a Windows share
Security is always an important part of any system that provides data access especially when theaccess spans many users and locations Peaxy provides a registration process where the clientand server exchange certificates which are used to authenticate subsequent connections Theregistration provides a mutual authentication method between the client and Aureum allowing theclient access Only authenticated clients are allowed to mount Aureum Other clients cannot use thesame authentication as part of the certificate registration Aureum generates a client key pair that isunique to each client-Aureum connection
How It WorksThe AMS requires a dynamic registration at the initial mount time As part of the registration Aureumgenerates a key pair unique to each client This key pair is persistent so you do not need to re-register the client each time you mount Aureum
This initial registration is required the first time the client mounts Aureum and requires a specialregistration password that is unique to Aureum This password is entered by the Aureum administratorat the workstation on which the client is installed Subsequent client mounts use the client certificateissued during registration
Security LevelsAureum offers varying levels of security
The security level is visible on the Aureum card or list and is indicated in the SECURITY section by thenumber of total locks that are green Gray locks indicate how many additional security levels you canselect For example if there are four total locks and three are green your current security level is 3Message Integrity
bull Data Confidentiality all data in and out of Aureum is verified and encryptedbull Message Integrity message authentication codes verify message integritybull Kerberos Authentication use the Kerberos authentication protocol as the mechanism for
authentication between a client and a server or between one server and another serverbull Authenticated Mount use X509 certificates to mutually authenticate and validate all Aureum
clients and hyperservers in Aureum
Create an ExportCreate an export to allow Linux clients to mount and access Aureum
1 From the Navigation menu select SECURITY gt EXPORTS2 Type the export name3 In the EXPORT CONTENT IN field choose the data class to export
The IN DIRECTORY field automatically populates with the path specified by the chosen data classYou can extend this path but you cannot shorten it For example if the data class specifies the
Install Aureum | 24
engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the export5 Click CREATE6 To edit or delete an export click the corresponding entry in the list
bull To edit the export make the changes needed in the edit panel and click SAVE CHANGESbull To delete an export click the corresponding trash can icon ( ) and confirm the deletion
Install a Linux-based Aureum ClientYou install the Aureum client on physical hardware or on a workstation in the cloud Use the client tomount and access Aureum directories
Before installing the client make sure that your system meets the minimum requirements describedin the Requirements section of this document
Note Aureum uses FUSE in Direct IO mode for better performance The version of FUSErunning on older versions of CentOS Red Hat Enterprise Linux doesnt support mmap whenFUSE is being used this way This might cause some mmap functions such as ACCESS_WRITEMAP_SHARED and PROT_WRITE to fail You can use the mount flag --disable-direct-io-mode to disable Direct IO mode
If you choose to use Direct IO mmap will be disabled on CentOS56 and 57 since those versionsdont support mmap with direct IO Enabling this option will result in a significant performancedegradation on clients using this option Peaxy strongly recommends that you upgrade to a newerversion of Linux
Ensure FUSE and its dependencies have been installed on each client If it has not been installedinstall FUSE according to the instructions for the package you chose On CentOS for example installthis by typing
sudo yum -y install fusex86_64 fuse-develx86_64 fuse-libsx86_64
The version numbers for your installation may differ
If you have installed a version of the fuseko module that is not the Peaxy-specific version runadditional commands at the end of the installation process This prevents kernel-oops messages fromconsuming all of the space in the varspool directory These messages indicate a benign conditiondue to a Linux FUSE problem
Run the following commands
chkconfig --levels 2345 abrt-oops off service abrt-oops stop
Note The client installation sets the following values automatically
Parameter Value set to
netipv4tcp_tw_recycle 1
netipv4tcp_fin_timeout 2
netcorewmem_max 2097152
netcorermem_max 2097152
netcorewmem_default 2097152
netcorermem_default 2097152
Install Aureum | 25
1 Download the Aureum client file from the support section of the Peaxy website at wwwpeaxynetsupport (login is required)The file is downloaded as a targz package and contains an installer It has a name similar tohfclient-fuse-400ltbuildnumbergttargz
2 Unpack the distribution file by typing the following
tar -zxvf hfclient-fuse-400ltbuildnumbergttargz
You will see something like the following
hfclient-fuse-400hfclient-fuse-400setupshhfclient-fuse-400scriptshfclient-fuse-400scriptsupdatedbshhfclient-fuse-400scriptsc_rehashshhfclient-fuse-400scriptssysctlshhfclient-fuse-400scriptsunregshhfclient-fuse-400scriptsconfshhfclient-fuse-400binhfclient-fuse-400binfusehfCentOS-5xhfclient-fuse-400binfusehfhfclient-fuse-400confhfclient-fuse-400confhfconftgz
3 While logged in as root run setupsh installThe driver files are installed in the default system directories You will see something similar to thefollowing
sudo setupsh install
Installer for Peaxy Aureum Client version 40
Checking package contentsInstalling hf client binariesremoved `optpeaxy-40sbinfusehf`binfusehf -gt `optpeaxy-40sbinfusehfInstallation complete
Mount Aureum
Mount Aureum (Linux)After the client is installed use the mount command to mount Aureum
At a command prompt type
sudo mkdir -p ltmnt_pointgtsudo mount -t fusehf hfltmgmt_ipgt ltmnt_pointgt -o user=ltclient registration usernamegt
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is thedirectory that will serve as your local mount point for example mntpeaxy
If you omit -o user=ltclient_user_namegt you would be prompted for the password associatedwith the local admin account to complete the client registration Best practice is to always create aclient registration account and use that password
The first time you mount the client to Aureum you will be prompted for a registration passwordto allow client-Aureum authentication Type the client registration password Otherwise youradministrator must do this for you
Peaxy strongly recommends that you change the password often especially after typing the passwordfor a client registration
If you or your IT administrator have associated a DNS entry with the Aureum IP address you mightwant to use the DNS name as the name for your mount point
Install Aureum | 26
To configure the Aureum client to automatically mount on startup locate the etcfstab file andadd the line
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults 0 0
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is the localmount point for example mntpeaxy
Note If you are running CentOS 7 change this line to add the _netdev flag as below
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults_netdev 0 0
You can now use the Aureum client to access Aureum
Unregister a Linux Client from AureumYou can securely unregister an installed FUSE client from the Aureum system that it mounts
Removing the registration renders the client unable to access Aureum If you use the all option youwill need to perform a new registration setup before you can mount Aureum again
Unregistering a client is done by running the unregsh script Use the following procedure tounregister the client
1 On the workstation running the client open a command prompt2 Move to optpeaxybin the location of the script3 Run the script
bull Type sudo unregsh ltAureumgt to unregister the client from a specific Aureum systemReplace ltAureumgt with the Aureum system to unregister
bull Type sudo unregsh all to unregister the client from all Aureum systems on which theclient is registered
Note Peaxy strongly recommends using the all option before you decommission aclient workstation
Windows ConfigurationDomain users with credentials from an Active Directory can access Aureum through a share
After Aureum joins a domain it sets up network shares for chosen directories (including all containedsubdirectories) To domain users these shares look the same as any other folder that is accessible viathe network
Unlike an Aureum client which mounts to the root of the volume a share allows a user to exportsubdirectories for more granular access
Where to Find ItFrom the Navigation menu select SECURITY gt DOMAINS and SECURITY gt SHARES
Join a DomainBefore you can create a share you must join a Windows domain
You can pre-create a machine account in an Active Directory under a specified OU If you choose notto do so Aureum will try to add a computer account to the default location of ldquoComputersrdquo
Important If Aureum is already joined to a domain joining another domain will replace thejoin not add to it Aureum will only be joined to the most recently joined domain
1 From the Navigation menu select SECURITY gt DOMAINS2 Type the complete Windows domain to join for example engexamplecom3 Type the username with access to the domain The user must have the necessary permissions to
join Aureum to the domain4 Type the password associated with the username or access to modify an object in the OU if the
machine account was pre-created
Install Aureum | 27
5 In the NETBIOS NAME field set the Aureum computer account name you wish to be created in theActive Directory If Aureum is using a pre-created machine account in a specific OU then the nameyou specify here must match that name exactly
6 Click JOIN
After the domain has been joined the JOIN button changes to LEAVE To leave the domain clickLEAVE
Create a ShareCreate a share to allow Windows users to connect to Aureum
Before you can create a share you must join the appropriate domain
1 From the Navigation menu select SECURITY gt SHARES2 Type the name of the share3 In the SHARE CONTENT IN field choose the appropriate data class
The IN DIRECTORY field automatically populates with the path specified by the chosen data classYou can extend this path but you cannot shorten it For example if the data class specifies the engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the share5 Click CREATE
6 To edit or delete a share click the share to be modified
bull To edit the share make the changes needed in the edit panel and click SAVE CHANGESbull To delete the share click the trash can icon ( ) and confirm the deletion
Mount an Aureum Windows ShareDomain-authenticated users can mount and access Aureum directories using a share
After Aureum has been joined to a domain and the share has been created you can easily mount tothe share
The exact mount process is based on your workstation OS
Install Aureum | 28
If you do not already know it you can determine the mount point from Aureum by navigating to theJOIN DOMAIN page and using one of the listed public IP addresses as the mount point Include theshare name when mounting
Peaxy recommends that you take the list of public IP addresses and enter them into your DNS serverlisted under the Aureum NetBIOS name within the appropriate domain In cases where multipleaddresses are used the DNS server automatically round-robins the returned address This ensure thatclient connection load is distributed across the available nodes
As a Windows example to mount a drive letter to Aureum Type
net use ltdrive_lettergt ltpublic addressgtltshare namegt
where ltdrive_lettergt is the drive letter to assign to Aureum ltpublic_addressgt is the IP address usedto join the domain and ltshare_namegt is the share
You then log into the share using your domain-authenticated username and password For exampleMYDOMAINmyname
After mapping the drive access Aureum through Windows Explorer just like you would any otherdrive
If the share does not appear in the Windows Explorer after a change such as a system reboot occursrefresh the view using the Refresh icon ( ) The share should display correctly
You do not have to assign a share to a drive letter however In Windows Explorer type the public IPaddress and share name into the address bar Provide your username and password
POSIX ComplianceAureum provides a POSIX-compliant interface
Most of the Aureum interfaces are POSIX compliant and adhere to the IEEE standard The following isa list of exceptions to compliance
bull The directory nlink count is not incremented when a subdirectory is addedbull inode retention differs from the POSIX specification because there is no way to retain the original
inode number when a rename entails a move to a different device You can display the datahyperserver extent ID instead of the namespace hyperserver Node ID to the caller in the statfamily of calls This does not change when a file or directory is renamed It does change if the file ismigrated from one data hyperserver to another
bull If two mount points are held to the same Aureum and a file is closed on one Aureum does notremove a fcntl lock for the same file on another This is a variance on the way that NFS worksThe internal locking structures take into account the client ID which varies depending on the clientmount If there are two different mounts to a server Aureum treats them as separate machineswhich NFS does not
bull The file locking call flock() is emulated using POSIX byte range locks (fcntl() ) The POSIXcompliance specification does not cover flock() This implementation mirrors the behavior ofNFS The Aureum behavior is slightly different and varies from the POSIX specification as follows
1 As in NFS you must have write permissions to get a write lock2 As in NFS you cannot place both flock() and fcntl() locks on the same file as these locks
will conflict3 An flock() will not inherit across forks4 The flock() will be durable against other file closes but fcntl() locks will not behave within
the POSIX specification5 As well as being removed by an explicit f_unlock record locks are automatically released
when the process terminates or if it closes any file descriptor referring to a file on which locksare held This means that a process can lose the locks on a file like etcpasswd or etcmtab if a library function opens reads and closes it
Information and ResourcesThe latest news and information can always be found on the Peaxy website
Peaxy provides documents that are designed for different audiences These documents furnish acomprehensive explanation of Aureum and how to use it Additionally information is available fromtooltips Each field has a tooltip that adds explanations and any limitations for the item
The most current and accurate information available was included at the time this document wasprepared However changes may occur after the document is released Always read the ReleaseNotes for the most current information
Aureum Installation GuideA step-by-step guide to installing and configuring Aureum into your network
Aureum Administrator GuideA guide to understanding the Aureum architecture Provides details for planning configuring andmonitoring your implementation
Quickstart SeriesA series of two-page guides providing an abbreviated set of instructions for Aureum tasks Theycan be taken in order or used as reminders for individual tasks
Tech NotesSome technical issues are outside the scope of the regular documentation These are presented asTechnical Notes
Contact Peaxy9 am to 5 pm Pacific Standard Time
Main +1 (408) 441-6500
Support +1 (408) 763-3700
By phone
Support toll free US only +1 (844) 277-3299
General information infopeaxynet
Sales salespeaxynet
Support supportpeaxynet
By email
Documentation feedback feedbackpeaxynet
Online wwwpeaxynetsupport (login required)
Peaxy Inc
2380 Bering Dr
By mail
San Jose CA 95131 USA
LegalPeaxyreg and Aureumtrade are registered trademarks of Peaxy Inc
All other trademarks belong to their respective companies
CopyrightsThis document is copyright copy 2016 Peaxy Inc
Aureum software includes portions of the following
bull Amazon Web Services (AWS) Java SDK httpsawsamazoncomsdk-for-java and httpawsamazoncomapache-2-0
bull Apache License Version 20 January 2004bull BEOPEN PYTHON OPEN SOURCE LICENSE AGREEMENT VERSION 1bull BSD 3bull crc32 routine COPYRIGHT copy 1986 Gary S Brownbull Element Tree used under the Python licensebull Erlang Public License (EPL) a derivative work of the Mozilla Public License Now provided under
the Apache 20 licensebull GoogleAuth httpsgithubcomwstrangeGoogleAuthbull GNU Lesser General Public License Version 3 Copyright copy 2007 Free Software Foundation Inc
and GNU Lesser General Public License Version 21 Copyright copy 1999 Free Software FoundationInc
bull Samba is Free Software licensed under the GNU General Public License httpswwwsambaorgsambadocsGPLhtml the Samba project is a member of the Software Freedom Conservancy
bull JSON-C Copyright (c) 2009-2012 Eric Haszlakiewicz and Copyright (c) 2004-2005 MetaparadigmPte Ltd
bull Kerberos Copyright copy 1985-2009 now under the MIT 2 licensebull libcurl Copyright (c) 1996 - 2015 Daniel Stenbergdanielhaxxsebull lshow used under the GPL licensebull MIT (X11) Copyright copy 2007-2015bull RIAK Creative Commons (httpcreativecommonsorg licensesby30)bull Goldrush Copyright copy 2012 Magnus Klaarbull Meld Under ZPL licensebull NSIS (Nullsoft Scriptable Install System) copy 1999-2013bull OpenSSL License Copyright (c) 1998-2016 The OpenSSL Project and Original SSLeay License
Copyright (c) 1995-1998 Eric Youngbull Protobuf Copyright 2008 Google Inc now under the BSD 3 licensebull Setup Tools (setuptools-06c11) Under ZPL licensebull Sodium crypto library (libsodium) ISC license Copyright (c) 2013-2015 Frank Denisbull Solr the Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull TCL Copyright copy Regents of the University of California Sun Microsystems Inc Scriptics
Corporation and other partiesbull The Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull The Apache Tika project Copyright copy The Apache Software Foundationbull VirtualBox Copyright copy 2007 Oracle Corp as part of the GNU GPL V2 Licensebull YAWS Copyright copy 2006 Claes Wikstrom now under the BSD licensebull Apache zookeeper Under the Apache 2 license
Index | 35
Index
bdl license file 18
img 12
MD5 12
zip 12
A
access directories 24Active Directory 26add
resources 19servers 19
Admin 17administrator 17AMS 12 14 15 16Aureum IP address 11Aureum Manager 6 12 14Aureum name 18Aureum overview 5average file size 18
B
beacon turning on or off 19BIOS 15bonding network interface 19bootable USB 12 14browser 15button color 17
C
capacity 10 19CentOS 10checksum 12client registration 22clients 22configuration 11configure email 21connect 22contact 31create
export 23share 27
create Aureum 15create storage class 20
D
dedicated capacity 20dedicated nodes 5default storage class 20directory access 24discover resources 12 14 19discovery state Aureum nodes 12 14disk space required 10DNS server 11DNS servers 18documentation 31domain-authenticated user
domain 27
domain-authentication 22domain suffix 11download images 14
E
editsecurity level 22
emailer settings 21Ethernet
interface 10switch 10
exportCIFS 23create an export 23
F
files needed 12 14firewall 12flexible capacity 20flock 29FUSE 10
G
gateway 11 18
H
hardware requirements 10how to reach Peaxy 31
I
image copier 12 14import a license 18initial configuration 18inode retention 29install
client 24Linux client 24
introduction 5iptables 16
J
javarequired version 12 14
javaw 14
K
Kerberos 22 22 23
L
legal 33levels of security 23license files 18licenses 18
Index | 36
Linux client install 24localhost 15location 18
M
maintenance agreement 18management IP 15mapping 22mount Aureum 24 27mounting 22 22
N
namespace 18Navigation menu
configuration 11security 22
netBIOS 22NIC 19NTP server 11 18
O
outgoing email 21overview
architecture 6Aureum building blocks 6components 6
P
password 17password limitations 17ports 12POSIX compliance 29primary domain 18primary domain suffix 11
R
RAM requirements 10realms 22reboot 12 14recommended configuration 10Red Hat Enterprise Linux 10replication factor 11 18 20resources
needed 10run setup 16
S
samsp 12 14 16security 22 23security levels
security 22 23select the license 18SElinux 16sestatus 16set performance levels 20settings 11setup 16share
CIFS 27
create a share 27Share 26SMTP 17 21software files 14space needed 10storage class creating default 20subnet mask 11Support hours 31
T
tar ball 24time server 18time zone 11 18
U
USB 15USB stick 10 12 14user account 17
V
virtualization 6 15
W
what youll need 11Windows
domain 26join a domain 26share 27
Windows client 10
Y
yum 24
Contents | 3
Contents
Introduction 5How Aureum Works 6
Install Aureum 9Resource Requirements10Aureum Configuration Settings 11Port Requirements and Firewall Settings12Prepare Aureum Installation Resources (Linux) 12Prepare Aureum Installation Resources (Windows) 14Install the Software15Continue the Installation16Create an Admin Account17Import an Aureum License18Provide Aureum Information18Add Resources 19Create a Default Storage Class20Define Outgoing Mail Settings 21Create a Client Registration User22Configure Security 22Connect22
Linux Client-Aureum Registration23Security Levels 23Create an Export 23Install a Linux-based Aureum Client 24Windows Configuration26
POSIX Compliance29Information and Resources 31
Introduction
In this section
bull How Aureum Works
Peaxyreg Aureumtrade installs on your own off-the-shelf hardware tocreate aggregate Peaxy ldquonodesrdquo The Peaxy software uses thesededicated nodes to create Aureum a highly extendable dataaccess and management platform that is managed as a single entitywithin a single namespace
The result is a system with unique capabilities and nodes basedon namespace and data space stores The namespace spans allAureum nodes Aureum responds to changing requirements usinguser-defined variables such as storage class use and data policies
ReliabilityAureum can replicate data so that a single loss does not disruptaccess Built-in redundancy with or without RAID ensures thataccess to your data is uninterrupted The Aureum platform lets youdefine a replication factor for each storage class A storage classis a group of like disks or servers that have the same attributesreplication and performance Choose to have up to four copiesmaintained in parallel Optimize performance redundancy andcost factors in classes of storage within your single namespace
AccessibilityThe unified namespace and a single management IP address(called the Aureum IP address) makes data accessible fromanywhere Because the namespace is unified it doesnt matterwhere on Aureum that data resides Data is easily accessed withoutknowing where the data is stored Even if data is moved to anotherlocation within Aureum the pathname doesnt change Regardlessof changes in networks computers data locations or other factorsAureum gives you one container one access path forever
ScalabilityAdd resources easily without any down time requirementAdding resources adds capacity and performance When you addresources both the additional capacity and the CPU power becomepart of Aureum
Introduction | 6
How Aureum WorksPeaxy designed Aureum for flexibility accessibility scalability and ease of use Heres how it works
Aureum sits on top of your own industry-standard hardware resources Based on your Aureumconfiguration the Peaxy software creates a number of Peaxy-specific nodes to use when building thesystem Peaxy nodes cannot be used for any other purpose This makes expansion as easy as addingnew resources (servers) to an existing environment
You dont need to manually create the individual nodes Peaxy software creates the container layerbased on the way you configure Aureum
Resources that are included in Aureum but not used immediately become spares which are availableon an as-needed basis This allows all Aureum software components to recover from most failurescenarios without manual intervention as long as there are enough spare resources to allow self-healing It also allows you to expand the capacity of a storage class
The following terms explain the abstraction and components of the Aureum architecture
bull Aureum A Peaxy storage and data access facility that manages all of its components within asingle namespace allowing total data access without bottlenecks
bull Hyperserver Either a namespace server or a data space server that manages between one andfour Aureum node members The Aureum namespace enables single disk IO access and allowsthe entire namespace to be persistently contained in RAM for better performance although thenamespace also resides on disk Subsequent directory lookups are done without touching the diskThe Aureum architecture accelerates file access by an order of magnitudeNamespace Hyperserver
A namespace hyperserver contains the path name and system metadata Namespacehyperservers run the namespace service (NS) The namespace is partitioned across allhyperserver members Each namespace hyperserver within Aureum contains a portion of thenamespace information
Data Space HyperserverA data space hyperserver contains actual user data Data space hyperservers run the dataservice (DS) All of the data in Aureum is distributed across all of the data hyperserversconfigured for data use under the rules of the data policy and assigned storage class withbetween zero and three copies stored
bull Hypervisor A hypervisor manages multiple nodes on one host In most cases the termshypervisor server and host are interchangeable Note however that a hypervisor is not the sameas a hyperserver
bull Analytics Service The analytics service (AS) manages the system analytics providing a clear wayunderstand how Aureum is managing data The analytics service is the force behind the analysisviews The analytics service is managed by the analytics node
bull Search Service The search service provides advanced search capabilities and powers Peaxy Findmaking it possible to find data across Aureum Searches are performed using a search query onan index or alias (group of indexes) that administrators create The search service is based onApache Lucene project Solr and SolrCloud SolrCloud provides the ability to set up a cluster ofSolr servers that combines fault tolerance and high availability enabling distributed indexing andsearch Administrators configure servers to support either data access or the search service duringinstallation
bull Storage Class The storage class is the abstraction that specifies performance redundancy andavailability characteristics of all the data hyperservers of the class User-defined data placementpolicies govern the data stored on each storage class
bull Data Class Data classes provide a way to perform storage management and access control basedon a directory structure This allows you to manage your storage based on a logical structure suchas teams and projects complementing the hardware-oriented resource management capabilitiesoffered by storage classes
bull Data Policy The data policies you create provide Aureum with the instructions about where data isstored as well as when and how data will be moved
bull Node Peaxy virtualization node created in containers Peaxy software creates the entire filesystem from virtual constructs Nodes that are members of a hyperserver store copies of the same
Introduction | 7
data or metadata Aureum sets the number of copies during the initial configuration and based onthe attributes of the storage class Aureum creates these nodes solely for its own use
bull Aureum Management Service Aureum management service (AMS) allows you to create and useAureum from physical resources
Overview of Aureum Building BlocksEach part of the Aureum architecture builds on the next To build an Aureum system
1 Rack and cable any physical servers and ensure the resources are accessible on the network2 Provision your resources and configure your physical storage Hardware provisioning is the task of
Admin users and cannot be delegated3 Install the Peaxy software Installation is described in the this guide
The Aureum manager (AMS) uses the configuration settings you define when Aureum creates thenodes It groups them into the appropriate types of hyperservers Aureum uses your configurationsettings to determine the optimal ratio of namespace hyperservers to data space hyperservers
4 Create storage classes and ingest policies for your environment
All of the resourced hyperservers aggregate and become a fully functioning Aureum systemconnected to your network
5 Create data classes to manage storage and access control based on the logical organization ofyour teams and projects
6 Begin ingesting data into Aureum
After the basic setup is complete you can add storage classes and data policies as well as optionalreplication partners When planned correctly these let you automate most data management andadministrative tasks
Aureum provides the Peaxy Management Tool (PMT) a powerful and intuitive browser-based UI formanagement Access data through a Linux-based client or a Windows domain share Peaxy providesseveral roles and allows the creation of others to ensure that the right access level is granted to usersand groups
Install Aureum
In this section
bull Resource Requirementsbull Aureum Configuration Settingsbull Port Requirements and
Firewall Settingsbull Prepare Aureum Installation
Resources (Linux)bull Prepare Aureum Installation
Resources (Windows)bull Install the Softwarebull Continue the Installationbull Create an Admin Accountbull Import an Aureum Licensebull Provide Aureum Informationbull Add Resourcesbull Create a Default Storage
Classbull Define Outgoing Mail Settingsbull Create a Client Registration
Userbull Configure Securitybull Connect
Make sure you have sufficient resources for the Aureum system youare creating After the hardware is racked and accessible to thenetwork use the Aureum manager to create the system
Install Aureum | 10
Resource RequirementsThe requirements for the hardware are minimal and depend on the Aureum configuration you define
The software installation image is self-contained and does not have outside software requirements
Minimum Hardware Requirementsbull Three or more servers compatible with Red Hat Enterprise Linux version 7 64-bit 1
bull Each server should have a minimum of 24 GB RAM and one core per physical device (diskLUN)bull One or more 1 or 10 Gigabit Ethernet connectionsbull One 2 GB USB stick per serverbull One available USB port on each server
Important If you are planning replication you can replicate across only same-sized drives Forexample replication must be between multiple 1 TB drives or between multiple 2 TB drivesand so on
Aureum SolrCloudCompute Node Requirementsbull 4 or more CPU coresbull 64 GB RAMbull 1 TB local storage
Aureum FUSE Client RequirementsAureum clients may be run on either physical or virtual machines and can use either 1 Gigabit or 10Gigabit Ethernet connections
Additionally the client requires
bull 1 or more CPU coresbull 2 GB RAMbull Red Hat Enterprise Linux version 5 6 or 7 64-bit or CentOS 5 6 or 7 64-bit or laterbull FUSE (the Linux File System in User Space)
Aureum Windows Client RequirementsAureum clients may be run on either physical or virtual machines and can use either 1 Gigabit or 10Gigabit Ethernet connections
Additionally the client requires
bull 1 or more CPU coresbull 2 GB RAMbull a supported operating system
2008 SP2 x86 and 64-bit
2008 R2 64-bit
2012 64-bit
Windows Server
2012 R2 64-bit
Vista x86 and 64-bit
Windows 7 x86 and 64-bit
Windows 8 x86 and 64-bit
Windows
Windows 81 x86 and 64-bit
1 The complete list of compatible hardware is available at httpshardwareredhatcom
Install Aureum | 11
Windows 10 x86 and 64-bit
Aureum Configuration SettingsConfiguration settings are needed to install and configure Aureum There can be additional optionalsettings
Table 1 General and Network Settings
Item Description Example
Aureum name Names can be up to 14 alphanumeric characters and cancontain dashes (-) and underscores (_)
Aureum_One
Aureum IPaddress
This is a floating IP address that is used for communicationto and from Aureum Communication can be donethrough the Aureum IP address Peaxy recommendsthat organizations create a DNS entry for Aureum that ismapped to the IP address allowing you to refer to Aureumby a more meaningful name
10213119
IP addresses A list of IP addresses or one or more ranges of IPaddresses that the configuration wizard can use to assignIP addresses to discovered hypervisors If you includemultiple ranges the Aureum manager will use all availableIP addresses in the first range before moving to thesecond
151145011715114520 - 94
Gateway Aureum needs to be assigned a default gateway addressThe gateway is used by each hypervisor and node thatcomprises Aureum
1721601
Subnet mask All hypervisors making up Aureum must reside in the samesubnet This is defined by the subnet mask
25525500
DNS domainsuffix
Working with the DNS server the domain suffix identifiesthe server within a smaller network (like a computer lab)
peaxynet
DNS server list A list of up to three DNS servers to use 55219208672222228888
Time zone The time zone to use (UTC-800) Pacific
NTP server The IP address of the network time protocol (NTP)server that Aureum should use to coordinate time acrossthe entire namespace even if the servers within thenamespace are in disparate locations This can be criticalwhen Aureum needs to compare timestamps
0poolntporg1poolntporg
Averageexpected file size
The selection here is used by the system to determine themost efficient ratio of namespace hyperservers to datahyperservers
bull Small files (less than 1MB)bull Medium files (less than 20MB)bull Large files (greater than 20MB)bull A mixture of file sizes
Large files (greaterthan 20MB)
Replication factor The number of replicas created for data when the filesare assigned to a particular storage class Setting thereplication factor to 2 indicates that the original and one
2
Install Aureum | 12
Item Description Exampleadditional replica of the data are saved providing higheravailability Valid options are 2 3 and 4
Use the appropriate replication factor for each storageclass to implement the best level of protection for criticaldata and to limit wasted consumption for sandboxes andother nonessential data For data that is not critical or forsandboxes you can choose a lower replication factor Usea high replication factor for data that is critical or accessedoften
Table 2 Emailer Settings
Item Description Example
Email server The name of the email server This is usually an SMTPserver
smtpgmailcom
Server port By default port 587 is used Only change this if corporateor security requirements demand it
587
Email serveraccount
Enter a valid email account Aureum uses this account tosend email notifications and replacement passwords
memycompanycom
Password The password that is associated with the valid emailaccount
Send from Only change this if your SMTP server allows it and yourcorporate requirements demand it Normally only serversusing TLS require this entry
memycompanycom
Port Requirements and Firewall SettingsBecause Aureum uses the network for traffic specific ports must be available
The following table describes the ports that must be open for Aureum traffic and client connections
Port Type Used for
53 DNS DNS
443 TCP Encrypted traffic
514 UDP Log Server
3033 TCP Statistic collection
8001 TCP Analytics server
8080 HTTP Windows client
8443 TCP Encrypted traffic
10011 UDP LinuxFUSE client
Prepare Aureum Installation Resources (Linux)The software is installed on each server resource that will become part of Aureum Aureum ishardware agnostic but there must be adequate resources to complete the installation Each serveruses a USB stick to install the software
Make sure that you have the required basic resources described in Resource Requirements Downloadthe software files from wwwpeaxynetsupport A login is required
Install Aureum | 13
1 Download the software installation files
bull Release-ltreleasenumbergtimg is the image to be copied to a USB stick that will initializethe hardware
bull Release-ltreleasenumbergtmd5 is the checksum file that validates the validity of the imagebull samsp-ltreleasenumbergtzip is a compressed file that contains the utilities to move the
image to the USB stick and for the initial configuration of Aureumbull The Aureum client file
bull hfclient-fuse-ltreleasenumbergttargz - the Aureum Linux client installation file2 From a command prompt on your workstation uncompress the installation files Type
sudo unzip samsp-ltreleasenumbergtzip -d tmp
3 As root launch the image copier Double click img-copiersh and click Run on the dialog thatappears
4 Browse to the software image you downloaded (the img file) and select this file
5 Type a label for the USB sticks
The label is used to identify the system during the initial installation and becomes the name of theserver on which it is installed If you use the same label on different sticks the software will add anumeric suffix when creating the host name for example HOST-01 HOST-02 and so on Labelscannot exceed 16 charactersYou can provide a different label for each USB stick but to do so you must copy the image file toeach stick individually
6 Insert the USB sticks into a port on your workstation or a hub connected to your workstation andthen click REFRESH to make them visible to the image copier tool Select the sticks you want fromthose displayed in the destination drives list The USB stick must be at least 2 GB
7 Leave Verify copy operation enabled Peaxy strongly recommends that you do not skip this step
Install Aureum | 14
Depending on the speed on the USB sticks it can take several minutes to complete theverification
8 Enable hypervisor protection if requiredEnable hypervisor protection if the underlying storage consists of non-redundant JBOD (acollection of hard disks that have not been configured to act as a RAID) This creates a softwareRAID 5 configuration for the container store used by AureumYou can disable hypervisor protection if you have a hardware RAID under the disk volumes Thisallows Aureum to use a higher-performing RAID 0 configuration instead
9 Click START10After the copy is complete click EXIT and remove the USB sticks from the workstation or USB hub
The USB stick now contains a bootable image of the Aureum installation software
Prepare Aureum Installation Resources (Windows)The software is installed on each server resource that will become part of Aureum Aureum ishardware agnostic but there must be adequate resources to complete the installation Each serveruses a USB stick to install the software
You must have administrator permissions to install the Aureum software
Your workstation must be running the Java Runtime Environment (JRE) 17 or higher installed in orderto run the image copier
Make sure that you have the required basic resources described in Resource Requirements Downloadthe software files from wwwpeaxynetsupport A login is required
1 Download the software installation files
bull Release-ltreleasenumbergtimg is the image to be copied to a USB stick that will initializethe hardware
bull Release-ltreleasenumbergtmd5 is the checksum file that validates the validity of the imagebull samsp-ltreleasenumbergtzip is a compressed file that contains the utilities to move the
image to the USB stick and for the initial configuration of Aureumbull The Aureum client file
bull hfclient-fuse-ltreleasenumbergttargz - the Aureum Linux client installation file2 On your Windows workstation move to the location of the zip file and unzip the file using any
uncompression program3 Move to the location of the uncompressed file and double-click the executable to start the
installation4 With administrator privileges launch the image copier Double-click img-copierbat
Install Aureum | 15
If the image copier does not launch properly you might need to add javaw to your path Refer toyour Windows Operating System help for instructions
5 Browse to the software image you downloaded (the img file) and select this file then click Run6 Type a label for the USB sticks
The label is used to identify the system during the initial installation and becomes the name of theserver on which it is installed If you use the same label on different USB sticks the software willadd a numeric suffix when creating the host name for example HOST-01 HOST-02 and so onLabels cannot exceed 16 charactersYou can provide a different label for each USB stick but to do so you must copy the image file toeach stick individually
7 Insert the USB sticks into a port on your workstation or a hub connected to your workstation andthen click REFRESH to make them visible to the image copier tool Select the sticks you want fromthose displayed in the destination drives list The USB stick must be at least 2 GB
8 Leave Verify copy operation enabled Peaxy strongly recommends that you do not skip this stepDepending on the speed on the USB sticks it can take several minutes to complete theverification
9 Enable hypervisor protection if requiredEnable hypervisor protection if the underlying storage consists of non-redundant JBOD (acollection of hard disks that have not been configured to act as a RAID) This creates a softwareRAID 5 configuration for the container store used by AureumYou can disable hypervisor protection if you have a hardware RAID under the disk volumes Thisallows Aureum to use a higher-performing RAID 0 configuration instead
10Click START11After the copy is complete click EXIT and remove the USB sticks from the workstation or USB hub
The USB stick now contains a bootable image of the installation software
Install the SoftwareThe installation software on the USB stick installs the Peaxy software and lets you create Aureum
1 Insert one prepared USB stick into each server Servers must have a console attached or beaccessible via an IPMI management tool
Install Aureum | 16
2 Apply power to the servers either individually or with a few seconds in between to complete the
next steps
Note If you have already configured your server to boot from USB skip steps 3 4 and 5
3 Enter the server BIOS and instruct the server to boot from the USB stickThe method used to enter the BIOS depends on the server
4 Ensure that the virtualization setting is enabled in the BIOS5 Save the BIOS changes and reboot the server from the USB stick
After the server has booted from the USB stick and launched the installation software you will seea message at the bottom of the screen telling you that the server is being prepared for installationThis boot process has placed the servers in a discoverable state this plays a role in the nextphase of the installation process
Continue the InstallationAfter the servers have been prepared and the software has been installed begin the configuration
1 On your workstation disable the firewall
On Red Hat Enterprise LinuxCentOS 7 systems use the following commands
systemctl stop firewalld
systemctl disable firewalld
On other Linux-based operating systems use the following commands
service iptables stop
service ip6tables stop
chkconfig ip6tables off only include this command if you want to permanently turn thefirewall off
chkconfig iptables off only include this command if you want to permanently turn thefirewall off
2 On your workstation disable SElinuxYou can check the status of SElinux with sestatus The result should appear as SELinuxstatus disabledIf you do not see disabled
1 Edit etcselinuxconfig and set the SELINUX variable to disabled2 Reboot your client workstation
3 On the workstation launch the Aureum installation management tool Type
sudo tmpsamsp-400ltversiongtsamspsh
Install Aureum | 17
You should see something similar to the following
Launching Management Server Platform version 400rootOpen your browser and enter the URL httpslocalhost to continueDo not terminate samsp it is required to complete cluster configurationYou can view tmpsamsp-40010872logmsplog for detailed progress activity
Important Do not terminate samsp because it is needed to complete clusterconfiguration
4 Open a browser and type
httpslocalhost If you are running the browser on the same workstation running the stand alone MSP orhttpsltip addressgt IP address of the workstation running the standalone MSP
This launches the Peaxy Management Tool If prompted accept the self-signed Peaxy certificate
After the initial setup is complete the IP address changes in the browser address bar This isexpected and correct behavior Now the installation portion of the AMS exits and the integratedAureum manager becomes active
In the next step the Aureum manager guides you through the initial configuration process
Create an Admin AccountThe first step in configuring a new Aureum system is to supply the details for the Admin account Afterthe installation process is complete and Aureum is up and running the Admin account is used to loginto the Aureum web UI (PMT) to perform additional administration tasks such as creating other useraccounts and a client registration password
Important The Admin account has access to critical areas of Aureum Ensure that the Adminaccount is secure
1 Type an email address for the accountThe AMS verifies that the email address is formatted correctly but does not check the validity ofthe email address itself This is the email address to which emails are sent
Note When setting the outgoing mailer settings the use of a customized email addressis highly dependent on the mail server While it might be possible to use a custom emailSEND FROM address many mail servers (such as Gmail) do not allow sending email usinganything other than the registered user account name
2 Type a user name for the accountThe user name must be between 3 and 32 characters and can contain letters numbers dots ()and at signs ()
3 Type a password to be associated with the user name in the previous stepPasswords are case sensitive and should be secure Best practice shows that you should changepasswords regularly
4 Confirm the password by retyping the password exactly as you entered it aboveWhen all of the fields are complete and have the correct format the SUBMIT button turns fromgray to blue
5 Click SUBMIT
The user account information is now created and stored
Important Set up the outgoing emailer settings as soon as possible after completinginstallation of Aureum If you forget or lose your password Aureum cannot send you a newone until the outgoing email is configured
Install Aureum | 18
The next step is to import the Aureum license
Import an Aureum LicenseImporting the license for an Aureum instance activates the Peaxy software License types are assignedto the Admin account that you created at the beginning of the installation
Before you create an Aureum system make sure that you have received your license from Peaxy andthat the license details are correct
Each time you create an Aureum instance you must import a license
1 Select the license to import or drag it onto the files areaThe license is a bdl file that contains all of the files needed to install the license
2 Click IMPORT3 The system installs the license and continues to the next step
Provide Aureum InformationDefining a few basic configuration items is the first step in setting up Aureum
During the first steps of the initial configuration you provide the basic information needed to createAureum its components and the namespace details
1 Enter the Network settingsa) Enter the gateway addressb) Enter the subnet maskc) Enter the primary DNS domain suffix and up to three DNS server addresses
DNS servers must be entered as IP addresses Each DNS server is on a separate line2 Enter the General settings
a) Enter a name for this Aureum instanceNames can be up to 14 characters and can contain letters numbers dashes and underscores
b) Optional Enter a location for the Aureum system for example ldquodatacenterrdquo or ldquoPhoenixofficerdquo
c) Enter the Aureum IP addressd) Optional Enter up to three NTP servers
Including an NTP server ensures that the time stamp for Aureum is always correcte) Select the time zone to use from the drop-down menu
This ensures that all nodes in Aureum use the same time zone3 Define the Namespace settings
Install Aureum | 19
a) Select the average file size that you expect Aureum to containYour expected average file size selection is used by Aureum to determine the most efficientdistribution of hyperservers Aureum uses the selection you make here to determine theestimated ratio of namespace hyperservers to data hyperservers
b) Set the default namespace replication factor from 2 to 4The namespace replication factor is the number of replicas that Aureum creates for thenamespace
4 Click CONTINUE
Add resources to Aureum You can also click CANCEL to cancel the installation
Add ResourcesResources refer to the physical servers that will make up Aureum These can be any commodity serversuch as a 1U or 2U server with any number and size of disks These resources are used to build thenamespace and data hyperservers that form the heart of a running Aureum system
Note After a resource has been added Aureum claims the complete resource Unusedportions of a resource are designated as spares and are used in case of a failure or expansion
1 The system locates all physical servers that have been booted using USB sticks and are currently indiscovery stateYou will see a list of the servers available for inclusion Use the filter to narrow your search by servername
2 Select the servers to add to Aureum
Servers scheduled for selection have a check mark to the left Select the box beside SERVER NAMEto select all servers in the list
3 Enter the required number of IP addresses or an IP range The number of IP addresses neededappears above the IP ADDRESSES entry box
The system determines the number of IP addresses needed to ensure that all Aureum componentscan communicate receiving requests and returning responses Addresses can be individual IPaddresses (xxxxxxxxxxxx) an IP address range (xxxxxxxxx - xxx) or an IP address with a wildcard(xxxxxxxxx) Separate the IP addresses with a space comma or newline
Install Aureum | 20
Aureum only supports IPv4 (the dotted quad format) For example
192168100419216810015-2019216873
4 Define the roles of the serversClick the ROLES column entry for a server and configure the servers to support either data accessor search (SolrCloud) While it is possible to configure a server to support both data access andsearch this setting is not recommended for a production deployment
Note Aureum 40 supports SolrCloud clusters with one or three nodes Aureum 40 doesnot support SolrCloud clusters with either two nodes or more than three nodes
5 Define the bonding for the network port cardsYou should see the same speed for all of the network interfaces (NICs) on this server Use the list ofall NICs that are bonded with the interfaces on this server to form your decision Inactive NICs arenoted as sucha) Click the ETHERNET column entry for the server whose bonding to configure
If the column text is red some interfaces are not bonded to the server If the text is blue allavailable interfaces are bonded
b) Place a check mark next to all of the interfaces to bond to this server Remove the check markfor those interfaces you do not want included in the bond
6 Optional Toggle the server beacon on or offBeacon signals guide you to the server in question This is often used when troubleshooting tolocate a specific server in a large group of servers
7 Click CONTINUEWait for the installation wizard to verify that the IP addresses you entered are valid and can beused The system assigns the IP addresses and sets the state to Pending
8 Click START INSTALLATIONThe button changes from START INSTALLATION to INSTALLATION IN PROGRESS The systemassigns the resources to Aureum and determines the necessary number of dedicated nodesneeded for the configuration The progress is displayed but you can also use the Log link to followindividual progress If some of the servers are not yet ready wait a few moments and retry
The installation process will take some time typically 10 to 20 minutes When complete the IPaddress in the browser will switch from the local IP of your workstation to the Aureum IP addressthat was entered earlier This signals the transition from the AMS you launched earlier (samsp) to theintegrated PMT that is now running on Aureum
The next step is to create a default storage class
Create a Default Storage ClassA storage class groups and manages data hyperservers with similar replication factors capabilitiesand performance configuration
You must configure at least one storage class to use as the default during the initial Aureumconfiguration You can create more storage classes at any time as long as you have the resourcesnecessary
1 You are presented with the create Initial Storage Class option2 Enter the required information to create the storage class
a) Type a name for the storage classClass names can be up to 14 text characters
b) Define the performance levelPerformance levels based on throughput and seek time Select the paired setting that is best foryour expected usage For the widest option select ldquoAnyrdquo
c) Set the replication factor
Install Aureum | 21
Remember all hyperservers assigned to this storage class will use these settings
Note You must include at least the same number of resources to create the specifiedreplication factor For example you cannot have a replication factor of three in anAureum system with only two servers
Because each replication requires some amount of storage the replication factor selectedaffects the amount of total storage available
Tip The Aureum data space is partitioned through all the data-capable hyperserversEach hyperserver can be configured to offer a specified replication factor This lets youstore vital data with high redundancy while more transient data can skip replication inorder to optimize storage and performance costs
d) Optional Enable flexible space allocationEnabling flexible storage space allows the members of the storage class to consume thecapacity needed When more storage space is needed more is allocated automaticallyregardless of the initial allocation Peaxy recommends this option for general use Some casesmight have different needs
e) Optional To make this the default storage class select YESAll data that does not meet the conditions in a specific data policy will be stored on the defaultstorage class (See data policies in the Aureum Administrator Guide)
3 Click CREATE STORAGE CLASS4 To complete the initial installation and configuration click FINALIZE AUREUM then click YES to
confirm the configuration is correct
Important After you click FINALIZE you must wait for the health indicator on the Aureumcard or list turn green before using Aureum
The Aureum installation is complete and the PMT shows the main Aureum window To configureadditional Aureum storage classes and data policies and to understand how to monitor Aureum seethe Aureum Administrator Guide
Define Outgoing Mail SettingsIn order for Aureum to send email notifications and provide lost password recovery you must tellAureum how to send email alerts
Important Configure outgoing email settings as soon as reasonably possible If you lose orforget your password Aureum cannot send reset instructions until you configure the emailsettings
1 Select EMAILER CONFIG from the SETUP WIZARD pane or from the Navigation menu select EMAILER
2 Type the email (SMTP) server to use when sending the emailThe email server must be accessible from Aureum
Install Aureum | 22
3 By default the system uses port 587 This is usually the right setting Only change the EMAILSERVER PORT if your organizations SMTP server requires it
4 Enter a valid user account and password that Aureum will use to send email from this server5 Optional SEND FROM is required only if your email server requires Transport Layer Security (TLS)
If this is the case type the SEND FROM email addressGenerally the recommended SEND FROM address is a working system administrator account
6 Click SAVE
Create a Client Registration UserThe Aureum client registration user and password allow client authentication at mount time
This allows you to create a custom account for authenticating client mounts
1 Click REGISTRATION2 Type a name for the user This will be the username that is authorized to type in the registration
password when an Aureum client is installed3 Type the client registration password This password is used to register the Aureum client for
authentication at mount time4 Click SAVE
Configure SecurityDefine define the level of security for client communication
1 Click SECURITY LEVEL2 Slide the controller to the level of security your data will use
3 Click ACCEPT
ConnectAn Aureum client mounts Aureum and allows access to folders and files Peaxy provides clientsoftware for Linux users and allows Windows users to access Aureum through a Windows share
The Linux-based client uses a FUSE component to remotely access Aureum services Almost all Linuxinstallations include FUSE so you should not need to do anything extra
The Aureum client has a small footprint A very limited set of memory and CPU cycles are needed toperform the client functions Also the Aureum client can be used concurrently with other clients forNFS and other network file systems
When you install the client the client drivers are added to the default system directories To accessthese directories use the mount command (more commonly known as mapping a drive in Windows)to mount the client to the directory
Install Aureum | 23
Mounting a client to an Aureum directory loads all the data structures necessary for the client tointeract with Aureum As the structures change Aureum updates them In order for a client to accessAureum all that is necessary is that the client know the IP address or URL to which the client willconnect and the client-Aureum registration password
Also available is the ability to join a Windows domain and create domain-authenticated users who canaccess different areas of Aureum
Linux Client-Aureum RegistrationThe minimum security level for Aureum is the authenticated mount To ensure that unauthorized usersdont gain access to data Peaxy provides an authenticated mount between Aureum Linux clients andAureum using certificates and registration
Note The process described in this section applies to Linux clients Windows domains userswith credentials from an Active Directory access Aureum through a Windows share
Security is always an important part of any system that provides data access especially when theaccess spans many users and locations Peaxy provides a registration process where the clientand server exchange certificates which are used to authenticate subsequent connections Theregistration provides a mutual authentication method between the client and Aureum allowing theclient access Only authenticated clients are allowed to mount Aureum Other clients cannot use thesame authentication as part of the certificate registration Aureum generates a client key pair that isunique to each client-Aureum connection
How It WorksThe AMS requires a dynamic registration at the initial mount time As part of the registration Aureumgenerates a key pair unique to each client This key pair is persistent so you do not need to re-register the client each time you mount Aureum
This initial registration is required the first time the client mounts Aureum and requires a specialregistration password that is unique to Aureum This password is entered by the Aureum administratorat the workstation on which the client is installed Subsequent client mounts use the client certificateissued during registration
Security LevelsAureum offers varying levels of security
The security level is visible on the Aureum card or list and is indicated in the SECURITY section by thenumber of total locks that are green Gray locks indicate how many additional security levels you canselect For example if there are four total locks and three are green your current security level is 3Message Integrity
bull Data Confidentiality all data in and out of Aureum is verified and encryptedbull Message Integrity message authentication codes verify message integritybull Kerberos Authentication use the Kerberos authentication protocol as the mechanism for
authentication between a client and a server or between one server and another serverbull Authenticated Mount use X509 certificates to mutually authenticate and validate all Aureum
clients and hyperservers in Aureum
Create an ExportCreate an export to allow Linux clients to mount and access Aureum
1 From the Navigation menu select SECURITY gt EXPORTS2 Type the export name3 In the EXPORT CONTENT IN field choose the data class to export
The IN DIRECTORY field automatically populates with the path specified by the chosen data classYou can extend this path but you cannot shorten it For example if the data class specifies the
Install Aureum | 24
engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the export5 Click CREATE6 To edit or delete an export click the corresponding entry in the list
bull To edit the export make the changes needed in the edit panel and click SAVE CHANGESbull To delete an export click the corresponding trash can icon ( ) and confirm the deletion
Install a Linux-based Aureum ClientYou install the Aureum client on physical hardware or on a workstation in the cloud Use the client tomount and access Aureum directories
Before installing the client make sure that your system meets the minimum requirements describedin the Requirements section of this document
Note Aureum uses FUSE in Direct IO mode for better performance The version of FUSErunning on older versions of CentOS Red Hat Enterprise Linux doesnt support mmap whenFUSE is being used this way This might cause some mmap functions such as ACCESS_WRITEMAP_SHARED and PROT_WRITE to fail You can use the mount flag --disable-direct-io-mode to disable Direct IO mode
If you choose to use Direct IO mmap will be disabled on CentOS56 and 57 since those versionsdont support mmap with direct IO Enabling this option will result in a significant performancedegradation on clients using this option Peaxy strongly recommends that you upgrade to a newerversion of Linux
Ensure FUSE and its dependencies have been installed on each client If it has not been installedinstall FUSE according to the instructions for the package you chose On CentOS for example installthis by typing
sudo yum -y install fusex86_64 fuse-develx86_64 fuse-libsx86_64
The version numbers for your installation may differ
If you have installed a version of the fuseko module that is not the Peaxy-specific version runadditional commands at the end of the installation process This prevents kernel-oops messages fromconsuming all of the space in the varspool directory These messages indicate a benign conditiondue to a Linux FUSE problem
Run the following commands
chkconfig --levels 2345 abrt-oops off service abrt-oops stop
Note The client installation sets the following values automatically
Parameter Value set to
netipv4tcp_tw_recycle 1
netipv4tcp_fin_timeout 2
netcorewmem_max 2097152
netcorermem_max 2097152
netcorewmem_default 2097152
netcorermem_default 2097152
Install Aureum | 25
1 Download the Aureum client file from the support section of the Peaxy website at wwwpeaxynetsupport (login is required)The file is downloaded as a targz package and contains an installer It has a name similar tohfclient-fuse-400ltbuildnumbergttargz
2 Unpack the distribution file by typing the following
tar -zxvf hfclient-fuse-400ltbuildnumbergttargz
You will see something like the following
hfclient-fuse-400hfclient-fuse-400setupshhfclient-fuse-400scriptshfclient-fuse-400scriptsupdatedbshhfclient-fuse-400scriptsc_rehashshhfclient-fuse-400scriptssysctlshhfclient-fuse-400scriptsunregshhfclient-fuse-400scriptsconfshhfclient-fuse-400binhfclient-fuse-400binfusehfCentOS-5xhfclient-fuse-400binfusehfhfclient-fuse-400confhfclient-fuse-400confhfconftgz
3 While logged in as root run setupsh installThe driver files are installed in the default system directories You will see something similar to thefollowing
sudo setupsh install
Installer for Peaxy Aureum Client version 40
Checking package contentsInstalling hf client binariesremoved `optpeaxy-40sbinfusehf`binfusehf -gt `optpeaxy-40sbinfusehfInstallation complete
Mount Aureum
Mount Aureum (Linux)After the client is installed use the mount command to mount Aureum
At a command prompt type
sudo mkdir -p ltmnt_pointgtsudo mount -t fusehf hfltmgmt_ipgt ltmnt_pointgt -o user=ltclient registration usernamegt
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is thedirectory that will serve as your local mount point for example mntpeaxy
If you omit -o user=ltclient_user_namegt you would be prompted for the password associatedwith the local admin account to complete the client registration Best practice is to always create aclient registration account and use that password
The first time you mount the client to Aureum you will be prompted for a registration passwordto allow client-Aureum authentication Type the client registration password Otherwise youradministrator must do this for you
Peaxy strongly recommends that you change the password often especially after typing the passwordfor a client registration
If you or your IT administrator have associated a DNS entry with the Aureum IP address you mightwant to use the DNS name as the name for your mount point
Install Aureum | 26
To configure the Aureum client to automatically mount on startup locate the etcfstab file andadd the line
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults 0 0
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is the localmount point for example mntpeaxy
Note If you are running CentOS 7 change this line to add the _netdev flag as below
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults_netdev 0 0
You can now use the Aureum client to access Aureum
Unregister a Linux Client from AureumYou can securely unregister an installed FUSE client from the Aureum system that it mounts
Removing the registration renders the client unable to access Aureum If you use the all option youwill need to perform a new registration setup before you can mount Aureum again
Unregistering a client is done by running the unregsh script Use the following procedure tounregister the client
1 On the workstation running the client open a command prompt2 Move to optpeaxybin the location of the script3 Run the script
bull Type sudo unregsh ltAureumgt to unregister the client from a specific Aureum systemReplace ltAureumgt with the Aureum system to unregister
bull Type sudo unregsh all to unregister the client from all Aureum systems on which theclient is registered
Note Peaxy strongly recommends using the all option before you decommission aclient workstation
Windows ConfigurationDomain users with credentials from an Active Directory can access Aureum through a share
After Aureum joins a domain it sets up network shares for chosen directories (including all containedsubdirectories) To domain users these shares look the same as any other folder that is accessible viathe network
Unlike an Aureum client which mounts to the root of the volume a share allows a user to exportsubdirectories for more granular access
Where to Find ItFrom the Navigation menu select SECURITY gt DOMAINS and SECURITY gt SHARES
Join a DomainBefore you can create a share you must join a Windows domain
You can pre-create a machine account in an Active Directory under a specified OU If you choose notto do so Aureum will try to add a computer account to the default location of ldquoComputersrdquo
Important If Aureum is already joined to a domain joining another domain will replace thejoin not add to it Aureum will only be joined to the most recently joined domain
1 From the Navigation menu select SECURITY gt DOMAINS2 Type the complete Windows domain to join for example engexamplecom3 Type the username with access to the domain The user must have the necessary permissions to
join Aureum to the domain4 Type the password associated with the username or access to modify an object in the OU if the
machine account was pre-created
Install Aureum | 27
5 In the NETBIOS NAME field set the Aureum computer account name you wish to be created in theActive Directory If Aureum is using a pre-created machine account in a specific OU then the nameyou specify here must match that name exactly
6 Click JOIN
After the domain has been joined the JOIN button changes to LEAVE To leave the domain clickLEAVE
Create a ShareCreate a share to allow Windows users to connect to Aureum
Before you can create a share you must join the appropriate domain
1 From the Navigation menu select SECURITY gt SHARES2 Type the name of the share3 In the SHARE CONTENT IN field choose the appropriate data class
The IN DIRECTORY field automatically populates with the path specified by the chosen data classYou can extend this path but you cannot shorten it For example if the data class specifies the engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the share5 Click CREATE
6 To edit or delete a share click the share to be modified
bull To edit the share make the changes needed in the edit panel and click SAVE CHANGESbull To delete the share click the trash can icon ( ) and confirm the deletion
Mount an Aureum Windows ShareDomain-authenticated users can mount and access Aureum directories using a share
After Aureum has been joined to a domain and the share has been created you can easily mount tothe share
The exact mount process is based on your workstation OS
Install Aureum | 28
If you do not already know it you can determine the mount point from Aureum by navigating to theJOIN DOMAIN page and using one of the listed public IP addresses as the mount point Include theshare name when mounting
Peaxy recommends that you take the list of public IP addresses and enter them into your DNS serverlisted under the Aureum NetBIOS name within the appropriate domain In cases where multipleaddresses are used the DNS server automatically round-robins the returned address This ensure thatclient connection load is distributed across the available nodes
As a Windows example to mount a drive letter to Aureum Type
net use ltdrive_lettergt ltpublic addressgtltshare namegt
where ltdrive_lettergt is the drive letter to assign to Aureum ltpublic_addressgt is the IP address usedto join the domain and ltshare_namegt is the share
You then log into the share using your domain-authenticated username and password For exampleMYDOMAINmyname
After mapping the drive access Aureum through Windows Explorer just like you would any otherdrive
If the share does not appear in the Windows Explorer after a change such as a system reboot occursrefresh the view using the Refresh icon ( ) The share should display correctly
You do not have to assign a share to a drive letter however In Windows Explorer type the public IPaddress and share name into the address bar Provide your username and password
POSIX ComplianceAureum provides a POSIX-compliant interface
Most of the Aureum interfaces are POSIX compliant and adhere to the IEEE standard The following isa list of exceptions to compliance
bull The directory nlink count is not incremented when a subdirectory is addedbull inode retention differs from the POSIX specification because there is no way to retain the original
inode number when a rename entails a move to a different device You can display the datahyperserver extent ID instead of the namespace hyperserver Node ID to the caller in the statfamily of calls This does not change when a file or directory is renamed It does change if the file ismigrated from one data hyperserver to another
bull If two mount points are held to the same Aureum and a file is closed on one Aureum does notremove a fcntl lock for the same file on another This is a variance on the way that NFS worksThe internal locking structures take into account the client ID which varies depending on the clientmount If there are two different mounts to a server Aureum treats them as separate machineswhich NFS does not
bull The file locking call flock() is emulated using POSIX byte range locks (fcntl() ) The POSIXcompliance specification does not cover flock() This implementation mirrors the behavior ofNFS The Aureum behavior is slightly different and varies from the POSIX specification as follows
1 As in NFS you must have write permissions to get a write lock2 As in NFS you cannot place both flock() and fcntl() locks on the same file as these locks
will conflict3 An flock() will not inherit across forks4 The flock() will be durable against other file closes but fcntl() locks will not behave within
the POSIX specification5 As well as being removed by an explicit f_unlock record locks are automatically released
when the process terminates or if it closes any file descriptor referring to a file on which locksare held This means that a process can lose the locks on a file like etcpasswd or etcmtab if a library function opens reads and closes it
Information and ResourcesThe latest news and information can always be found on the Peaxy website
Peaxy provides documents that are designed for different audiences These documents furnish acomprehensive explanation of Aureum and how to use it Additionally information is available fromtooltips Each field has a tooltip that adds explanations and any limitations for the item
The most current and accurate information available was included at the time this document wasprepared However changes may occur after the document is released Always read the ReleaseNotes for the most current information
Aureum Installation GuideA step-by-step guide to installing and configuring Aureum into your network
Aureum Administrator GuideA guide to understanding the Aureum architecture Provides details for planning configuring andmonitoring your implementation
Quickstart SeriesA series of two-page guides providing an abbreviated set of instructions for Aureum tasks Theycan be taken in order or used as reminders for individual tasks
Tech NotesSome technical issues are outside the scope of the regular documentation These are presented asTechnical Notes
Contact Peaxy9 am to 5 pm Pacific Standard Time
Main +1 (408) 441-6500
Support +1 (408) 763-3700
By phone
Support toll free US only +1 (844) 277-3299
General information infopeaxynet
Sales salespeaxynet
Support supportpeaxynet
By email
Documentation feedback feedbackpeaxynet
Online wwwpeaxynetsupport (login required)
Peaxy Inc
2380 Bering Dr
By mail
San Jose CA 95131 USA
LegalPeaxyreg and Aureumtrade are registered trademarks of Peaxy Inc
All other trademarks belong to their respective companies
CopyrightsThis document is copyright copy 2016 Peaxy Inc
Aureum software includes portions of the following
bull Amazon Web Services (AWS) Java SDK httpsawsamazoncomsdk-for-java and httpawsamazoncomapache-2-0
bull Apache License Version 20 January 2004bull BEOPEN PYTHON OPEN SOURCE LICENSE AGREEMENT VERSION 1bull BSD 3bull crc32 routine COPYRIGHT copy 1986 Gary S Brownbull Element Tree used under the Python licensebull Erlang Public License (EPL) a derivative work of the Mozilla Public License Now provided under
the Apache 20 licensebull GoogleAuth httpsgithubcomwstrangeGoogleAuthbull GNU Lesser General Public License Version 3 Copyright copy 2007 Free Software Foundation Inc
and GNU Lesser General Public License Version 21 Copyright copy 1999 Free Software FoundationInc
bull Samba is Free Software licensed under the GNU General Public License httpswwwsambaorgsambadocsGPLhtml the Samba project is a member of the Software Freedom Conservancy
bull JSON-C Copyright (c) 2009-2012 Eric Haszlakiewicz and Copyright (c) 2004-2005 MetaparadigmPte Ltd
bull Kerberos Copyright copy 1985-2009 now under the MIT 2 licensebull libcurl Copyright (c) 1996 - 2015 Daniel Stenbergdanielhaxxsebull lshow used under the GPL licensebull MIT (X11) Copyright copy 2007-2015bull RIAK Creative Commons (httpcreativecommonsorg licensesby30)bull Goldrush Copyright copy 2012 Magnus Klaarbull Meld Under ZPL licensebull NSIS (Nullsoft Scriptable Install System) copy 1999-2013bull OpenSSL License Copyright (c) 1998-2016 The OpenSSL Project and Original SSLeay License
Copyright (c) 1995-1998 Eric Youngbull Protobuf Copyright 2008 Google Inc now under the BSD 3 licensebull Setup Tools (setuptools-06c11) Under ZPL licensebull Sodium crypto library (libsodium) ISC license Copyright (c) 2013-2015 Frank Denisbull Solr the Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull TCL Copyright copy Regents of the University of California Sun Microsystems Inc Scriptics
Corporation and other partiesbull The Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull The Apache Tika project Copyright copy The Apache Software Foundationbull VirtualBox Copyright copy 2007 Oracle Corp as part of the GNU GPL V2 Licensebull YAWS Copyright copy 2006 Claes Wikstrom now under the BSD licensebull Apache zookeeper Under the Apache 2 license
Index | 35
Index
bdl license file 18
img 12
MD5 12
zip 12
A
access directories 24Active Directory 26add
resources 19servers 19
Admin 17administrator 17AMS 12 14 15 16Aureum IP address 11Aureum Manager 6 12 14Aureum name 18Aureum overview 5average file size 18
B
beacon turning on or off 19BIOS 15bonding network interface 19bootable USB 12 14browser 15button color 17
C
capacity 10 19CentOS 10checksum 12client registration 22clients 22configuration 11configure email 21connect 22contact 31create
export 23share 27
create Aureum 15create storage class 20
D
dedicated capacity 20dedicated nodes 5default storage class 20directory access 24discover resources 12 14 19discovery state Aureum nodes 12 14disk space required 10DNS server 11DNS servers 18documentation 31domain-authenticated user
domain 27
domain-authentication 22domain suffix 11download images 14
E
editsecurity level 22
emailer settings 21Ethernet
interface 10switch 10
exportCIFS 23create an export 23
F
files needed 12 14firewall 12flexible capacity 20flock 29FUSE 10
G
gateway 11 18
H
hardware requirements 10how to reach Peaxy 31
I
image copier 12 14import a license 18initial configuration 18inode retention 29install
client 24Linux client 24
introduction 5iptables 16
J
javarequired version 12 14
javaw 14
K
Kerberos 22 22 23
L
legal 33levels of security 23license files 18licenses 18
Index | 36
Linux client install 24localhost 15location 18
M
maintenance agreement 18management IP 15mapping 22mount Aureum 24 27mounting 22 22
N
namespace 18Navigation menu
configuration 11security 22
netBIOS 22NIC 19NTP server 11 18
O
outgoing email 21overview
architecture 6Aureum building blocks 6components 6
P
password 17password limitations 17ports 12POSIX compliance 29primary domain 18primary domain suffix 11
R
RAM requirements 10realms 22reboot 12 14recommended configuration 10Red Hat Enterprise Linux 10replication factor 11 18 20resources
needed 10run setup 16
S
samsp 12 14 16security 22 23security levels
security 22 23select the license 18SElinux 16sestatus 16set performance levels 20settings 11setup 16share
CIFS 27
create a share 27Share 26SMTP 17 21software files 14space needed 10storage class creating default 20subnet mask 11Support hours 31
T
tar ball 24time server 18time zone 11 18
U
USB 15USB stick 10 12 14user account 17
V
virtualization 6 15
W
what youll need 11Windows
domain 26join a domain 26share 27
Windows client 10
Y
yum 24
Introduction
In this section
bull How Aureum Works
Peaxyreg Aureumtrade installs on your own off-the-shelf hardware tocreate aggregate Peaxy ldquonodesrdquo The Peaxy software uses thesededicated nodes to create Aureum a highly extendable dataaccess and management platform that is managed as a single entitywithin a single namespace
The result is a system with unique capabilities and nodes basedon namespace and data space stores The namespace spans allAureum nodes Aureum responds to changing requirements usinguser-defined variables such as storage class use and data policies
ReliabilityAureum can replicate data so that a single loss does not disruptaccess Built-in redundancy with or without RAID ensures thataccess to your data is uninterrupted The Aureum platform lets youdefine a replication factor for each storage class A storage classis a group of like disks or servers that have the same attributesreplication and performance Choose to have up to four copiesmaintained in parallel Optimize performance redundancy andcost factors in classes of storage within your single namespace
AccessibilityThe unified namespace and a single management IP address(called the Aureum IP address) makes data accessible fromanywhere Because the namespace is unified it doesnt matterwhere on Aureum that data resides Data is easily accessed withoutknowing where the data is stored Even if data is moved to anotherlocation within Aureum the pathname doesnt change Regardlessof changes in networks computers data locations or other factorsAureum gives you one container one access path forever
ScalabilityAdd resources easily without any down time requirementAdding resources adds capacity and performance When you addresources both the additional capacity and the CPU power becomepart of Aureum
Introduction | 6
How Aureum WorksPeaxy designed Aureum for flexibility accessibility scalability and ease of use Heres how it works
Aureum sits on top of your own industry-standard hardware resources Based on your Aureumconfiguration the Peaxy software creates a number of Peaxy-specific nodes to use when building thesystem Peaxy nodes cannot be used for any other purpose This makes expansion as easy as addingnew resources (servers) to an existing environment
You dont need to manually create the individual nodes Peaxy software creates the container layerbased on the way you configure Aureum
Resources that are included in Aureum but not used immediately become spares which are availableon an as-needed basis This allows all Aureum software components to recover from most failurescenarios without manual intervention as long as there are enough spare resources to allow self-healing It also allows you to expand the capacity of a storage class
The following terms explain the abstraction and components of the Aureum architecture
bull Aureum A Peaxy storage and data access facility that manages all of its components within asingle namespace allowing total data access without bottlenecks
bull Hyperserver Either a namespace server or a data space server that manages between one andfour Aureum node members The Aureum namespace enables single disk IO access and allowsthe entire namespace to be persistently contained in RAM for better performance although thenamespace also resides on disk Subsequent directory lookups are done without touching the diskThe Aureum architecture accelerates file access by an order of magnitudeNamespace Hyperserver
A namespace hyperserver contains the path name and system metadata Namespacehyperservers run the namespace service (NS) The namespace is partitioned across allhyperserver members Each namespace hyperserver within Aureum contains a portion of thenamespace information
Data Space HyperserverA data space hyperserver contains actual user data Data space hyperservers run the dataservice (DS) All of the data in Aureum is distributed across all of the data hyperserversconfigured for data use under the rules of the data policy and assigned storage class withbetween zero and three copies stored
bull Hypervisor A hypervisor manages multiple nodes on one host In most cases the termshypervisor server and host are interchangeable Note however that a hypervisor is not the sameas a hyperserver
bull Analytics Service The analytics service (AS) manages the system analytics providing a clear wayunderstand how Aureum is managing data The analytics service is the force behind the analysisviews The analytics service is managed by the analytics node
bull Search Service The search service provides advanced search capabilities and powers Peaxy Findmaking it possible to find data across Aureum Searches are performed using a search query onan index or alias (group of indexes) that administrators create The search service is based onApache Lucene project Solr and SolrCloud SolrCloud provides the ability to set up a cluster ofSolr servers that combines fault tolerance and high availability enabling distributed indexing andsearch Administrators configure servers to support either data access or the search service duringinstallation
bull Storage Class The storage class is the abstraction that specifies performance redundancy andavailability characteristics of all the data hyperservers of the class User-defined data placementpolicies govern the data stored on each storage class
bull Data Class Data classes provide a way to perform storage management and access control basedon a directory structure This allows you to manage your storage based on a logical structure suchas teams and projects complementing the hardware-oriented resource management capabilitiesoffered by storage classes
bull Data Policy The data policies you create provide Aureum with the instructions about where data isstored as well as when and how data will be moved
bull Node Peaxy virtualization node created in containers Peaxy software creates the entire filesystem from virtual constructs Nodes that are members of a hyperserver store copies of the same
Introduction | 7
data or metadata Aureum sets the number of copies during the initial configuration and based onthe attributes of the storage class Aureum creates these nodes solely for its own use
bull Aureum Management Service Aureum management service (AMS) allows you to create and useAureum from physical resources
Overview of Aureum Building BlocksEach part of the Aureum architecture builds on the next To build an Aureum system
1 Rack and cable any physical servers and ensure the resources are accessible on the network2 Provision your resources and configure your physical storage Hardware provisioning is the task of
Admin users and cannot be delegated3 Install the Peaxy software Installation is described in the this guide
The Aureum manager (AMS) uses the configuration settings you define when Aureum creates thenodes It groups them into the appropriate types of hyperservers Aureum uses your configurationsettings to determine the optimal ratio of namespace hyperservers to data space hyperservers
4 Create storage classes and ingest policies for your environment
All of the resourced hyperservers aggregate and become a fully functioning Aureum systemconnected to your network
5 Create data classes to manage storage and access control based on the logical organization ofyour teams and projects
6 Begin ingesting data into Aureum
After the basic setup is complete you can add storage classes and data policies as well as optionalreplication partners When planned correctly these let you automate most data management andadministrative tasks
Aureum provides the Peaxy Management Tool (PMT) a powerful and intuitive browser-based UI formanagement Access data through a Linux-based client or a Windows domain share Peaxy providesseveral roles and allows the creation of others to ensure that the right access level is granted to usersand groups
Install Aureum
In this section
bull Resource Requirementsbull Aureum Configuration Settingsbull Port Requirements and
Firewall Settingsbull Prepare Aureum Installation
Resources (Linux)bull Prepare Aureum Installation
Resources (Windows)bull Install the Softwarebull Continue the Installationbull Create an Admin Accountbull Import an Aureum Licensebull Provide Aureum Informationbull Add Resourcesbull Create a Default Storage
Classbull Define Outgoing Mail Settingsbull Create a Client Registration
Userbull Configure Securitybull Connect
Make sure you have sufficient resources for the Aureum system youare creating After the hardware is racked and accessible to thenetwork use the Aureum manager to create the system
Install Aureum | 10
Resource RequirementsThe requirements for the hardware are minimal and depend on the Aureum configuration you define
The software installation image is self-contained and does not have outside software requirements
Minimum Hardware Requirementsbull Three or more servers compatible with Red Hat Enterprise Linux version 7 64-bit 1
bull Each server should have a minimum of 24 GB RAM and one core per physical device (diskLUN)bull One or more 1 or 10 Gigabit Ethernet connectionsbull One 2 GB USB stick per serverbull One available USB port on each server
Important If you are planning replication you can replicate across only same-sized drives Forexample replication must be between multiple 1 TB drives or between multiple 2 TB drivesand so on
Aureum SolrCloudCompute Node Requirementsbull 4 or more CPU coresbull 64 GB RAMbull 1 TB local storage
Aureum FUSE Client RequirementsAureum clients may be run on either physical or virtual machines and can use either 1 Gigabit or 10Gigabit Ethernet connections
Additionally the client requires
bull 1 or more CPU coresbull 2 GB RAMbull Red Hat Enterprise Linux version 5 6 or 7 64-bit or CentOS 5 6 or 7 64-bit or laterbull FUSE (the Linux File System in User Space)
Aureum Windows Client RequirementsAureum clients may be run on either physical or virtual machines and can use either 1 Gigabit or 10Gigabit Ethernet connections
Additionally the client requires
bull 1 or more CPU coresbull 2 GB RAMbull a supported operating system
2008 SP2 x86 and 64-bit
2008 R2 64-bit
2012 64-bit
Windows Server
2012 R2 64-bit
Vista x86 and 64-bit
Windows 7 x86 and 64-bit
Windows 8 x86 and 64-bit
Windows
Windows 81 x86 and 64-bit
1 The complete list of compatible hardware is available at httpshardwareredhatcom
Install Aureum | 11
Windows 10 x86 and 64-bit
Aureum Configuration SettingsConfiguration settings are needed to install and configure Aureum There can be additional optionalsettings
Table 1 General and Network Settings
Item Description Example
Aureum name Names can be up to 14 alphanumeric characters and cancontain dashes (-) and underscores (_)
Aureum_One
Aureum IPaddress
This is a floating IP address that is used for communicationto and from Aureum Communication can be donethrough the Aureum IP address Peaxy recommendsthat organizations create a DNS entry for Aureum that ismapped to the IP address allowing you to refer to Aureumby a more meaningful name
10213119
IP addresses A list of IP addresses or one or more ranges of IPaddresses that the configuration wizard can use to assignIP addresses to discovered hypervisors If you includemultiple ranges the Aureum manager will use all availableIP addresses in the first range before moving to thesecond
151145011715114520 - 94
Gateway Aureum needs to be assigned a default gateway addressThe gateway is used by each hypervisor and node thatcomprises Aureum
1721601
Subnet mask All hypervisors making up Aureum must reside in the samesubnet This is defined by the subnet mask
25525500
DNS domainsuffix
Working with the DNS server the domain suffix identifiesthe server within a smaller network (like a computer lab)
peaxynet
DNS server list A list of up to three DNS servers to use 55219208672222228888
Time zone The time zone to use (UTC-800) Pacific
NTP server The IP address of the network time protocol (NTP)server that Aureum should use to coordinate time acrossthe entire namespace even if the servers within thenamespace are in disparate locations This can be criticalwhen Aureum needs to compare timestamps
0poolntporg1poolntporg
Averageexpected file size
The selection here is used by the system to determine themost efficient ratio of namespace hyperservers to datahyperservers
bull Small files (less than 1MB)bull Medium files (less than 20MB)bull Large files (greater than 20MB)bull A mixture of file sizes
Large files (greaterthan 20MB)
Replication factor The number of replicas created for data when the filesare assigned to a particular storage class Setting thereplication factor to 2 indicates that the original and one
2
Install Aureum | 12
Item Description Exampleadditional replica of the data are saved providing higheravailability Valid options are 2 3 and 4
Use the appropriate replication factor for each storageclass to implement the best level of protection for criticaldata and to limit wasted consumption for sandboxes andother nonessential data For data that is not critical or forsandboxes you can choose a lower replication factor Usea high replication factor for data that is critical or accessedoften
Table 2 Emailer Settings
Item Description Example
Email server The name of the email server This is usually an SMTPserver
smtpgmailcom
Server port By default port 587 is used Only change this if corporateor security requirements demand it
587
Email serveraccount
Enter a valid email account Aureum uses this account tosend email notifications and replacement passwords
memycompanycom
Password The password that is associated with the valid emailaccount
Send from Only change this if your SMTP server allows it and yourcorporate requirements demand it Normally only serversusing TLS require this entry
memycompanycom
Port Requirements and Firewall SettingsBecause Aureum uses the network for traffic specific ports must be available
The following table describes the ports that must be open for Aureum traffic and client connections
Port Type Used for
53 DNS DNS
443 TCP Encrypted traffic
514 UDP Log Server
3033 TCP Statistic collection
8001 TCP Analytics server
8080 HTTP Windows client
8443 TCP Encrypted traffic
10011 UDP LinuxFUSE client
Prepare Aureum Installation Resources (Linux)The software is installed on each server resource that will become part of Aureum Aureum ishardware agnostic but there must be adequate resources to complete the installation Each serveruses a USB stick to install the software
Make sure that you have the required basic resources described in Resource Requirements Downloadthe software files from wwwpeaxynetsupport A login is required
Install Aureum | 13
1 Download the software installation files
bull Release-ltreleasenumbergtimg is the image to be copied to a USB stick that will initializethe hardware
bull Release-ltreleasenumbergtmd5 is the checksum file that validates the validity of the imagebull samsp-ltreleasenumbergtzip is a compressed file that contains the utilities to move the
image to the USB stick and for the initial configuration of Aureumbull The Aureum client file
bull hfclient-fuse-ltreleasenumbergttargz - the Aureum Linux client installation file2 From a command prompt on your workstation uncompress the installation files Type
sudo unzip samsp-ltreleasenumbergtzip -d tmp
3 As root launch the image copier Double click img-copiersh and click Run on the dialog thatappears
4 Browse to the software image you downloaded (the img file) and select this file
5 Type a label for the USB sticks
The label is used to identify the system during the initial installation and becomes the name of theserver on which it is installed If you use the same label on different sticks the software will add anumeric suffix when creating the host name for example HOST-01 HOST-02 and so on Labelscannot exceed 16 charactersYou can provide a different label for each USB stick but to do so you must copy the image file toeach stick individually
6 Insert the USB sticks into a port on your workstation or a hub connected to your workstation andthen click REFRESH to make them visible to the image copier tool Select the sticks you want fromthose displayed in the destination drives list The USB stick must be at least 2 GB
7 Leave Verify copy operation enabled Peaxy strongly recommends that you do not skip this step
Install Aureum | 14
Depending on the speed on the USB sticks it can take several minutes to complete theverification
8 Enable hypervisor protection if requiredEnable hypervisor protection if the underlying storage consists of non-redundant JBOD (acollection of hard disks that have not been configured to act as a RAID) This creates a softwareRAID 5 configuration for the container store used by AureumYou can disable hypervisor protection if you have a hardware RAID under the disk volumes Thisallows Aureum to use a higher-performing RAID 0 configuration instead
9 Click START10After the copy is complete click EXIT and remove the USB sticks from the workstation or USB hub
The USB stick now contains a bootable image of the Aureum installation software
Prepare Aureum Installation Resources (Windows)The software is installed on each server resource that will become part of Aureum Aureum ishardware agnostic but there must be adequate resources to complete the installation Each serveruses a USB stick to install the software
You must have administrator permissions to install the Aureum software
Your workstation must be running the Java Runtime Environment (JRE) 17 or higher installed in orderto run the image copier
Make sure that you have the required basic resources described in Resource Requirements Downloadthe software files from wwwpeaxynetsupport A login is required
1 Download the software installation files
bull Release-ltreleasenumbergtimg is the image to be copied to a USB stick that will initializethe hardware
bull Release-ltreleasenumbergtmd5 is the checksum file that validates the validity of the imagebull samsp-ltreleasenumbergtzip is a compressed file that contains the utilities to move the
image to the USB stick and for the initial configuration of Aureumbull The Aureum client file
bull hfclient-fuse-ltreleasenumbergttargz - the Aureum Linux client installation file2 On your Windows workstation move to the location of the zip file and unzip the file using any
uncompression program3 Move to the location of the uncompressed file and double-click the executable to start the
installation4 With administrator privileges launch the image copier Double-click img-copierbat
Install Aureum | 15
If the image copier does not launch properly you might need to add javaw to your path Refer toyour Windows Operating System help for instructions
5 Browse to the software image you downloaded (the img file) and select this file then click Run6 Type a label for the USB sticks
The label is used to identify the system during the initial installation and becomes the name of theserver on which it is installed If you use the same label on different USB sticks the software willadd a numeric suffix when creating the host name for example HOST-01 HOST-02 and so onLabels cannot exceed 16 charactersYou can provide a different label for each USB stick but to do so you must copy the image file toeach stick individually
7 Insert the USB sticks into a port on your workstation or a hub connected to your workstation andthen click REFRESH to make them visible to the image copier tool Select the sticks you want fromthose displayed in the destination drives list The USB stick must be at least 2 GB
8 Leave Verify copy operation enabled Peaxy strongly recommends that you do not skip this stepDepending on the speed on the USB sticks it can take several minutes to complete theverification
9 Enable hypervisor protection if requiredEnable hypervisor protection if the underlying storage consists of non-redundant JBOD (acollection of hard disks that have not been configured to act as a RAID) This creates a softwareRAID 5 configuration for the container store used by AureumYou can disable hypervisor protection if you have a hardware RAID under the disk volumes Thisallows Aureum to use a higher-performing RAID 0 configuration instead
10Click START11After the copy is complete click EXIT and remove the USB sticks from the workstation or USB hub
The USB stick now contains a bootable image of the installation software
Install the SoftwareThe installation software on the USB stick installs the Peaxy software and lets you create Aureum
1 Insert one prepared USB stick into each server Servers must have a console attached or beaccessible via an IPMI management tool
Install Aureum | 16
2 Apply power to the servers either individually or with a few seconds in between to complete the
next steps
Note If you have already configured your server to boot from USB skip steps 3 4 and 5
3 Enter the server BIOS and instruct the server to boot from the USB stickThe method used to enter the BIOS depends on the server
4 Ensure that the virtualization setting is enabled in the BIOS5 Save the BIOS changes and reboot the server from the USB stick
After the server has booted from the USB stick and launched the installation software you will seea message at the bottom of the screen telling you that the server is being prepared for installationThis boot process has placed the servers in a discoverable state this plays a role in the nextphase of the installation process
Continue the InstallationAfter the servers have been prepared and the software has been installed begin the configuration
1 On your workstation disable the firewall
On Red Hat Enterprise LinuxCentOS 7 systems use the following commands
systemctl stop firewalld
systemctl disable firewalld
On other Linux-based operating systems use the following commands
service iptables stop
service ip6tables stop
chkconfig ip6tables off only include this command if you want to permanently turn thefirewall off
chkconfig iptables off only include this command if you want to permanently turn thefirewall off
2 On your workstation disable SElinuxYou can check the status of SElinux with sestatus The result should appear as SELinuxstatus disabledIf you do not see disabled
1 Edit etcselinuxconfig and set the SELINUX variable to disabled2 Reboot your client workstation
3 On the workstation launch the Aureum installation management tool Type
sudo tmpsamsp-400ltversiongtsamspsh
Install Aureum | 17
You should see something similar to the following
Launching Management Server Platform version 400rootOpen your browser and enter the URL httpslocalhost to continueDo not terminate samsp it is required to complete cluster configurationYou can view tmpsamsp-40010872logmsplog for detailed progress activity
Important Do not terminate samsp because it is needed to complete clusterconfiguration
4 Open a browser and type
httpslocalhost If you are running the browser on the same workstation running the stand alone MSP orhttpsltip addressgt IP address of the workstation running the standalone MSP
This launches the Peaxy Management Tool If prompted accept the self-signed Peaxy certificate
After the initial setup is complete the IP address changes in the browser address bar This isexpected and correct behavior Now the installation portion of the AMS exits and the integratedAureum manager becomes active
In the next step the Aureum manager guides you through the initial configuration process
Create an Admin AccountThe first step in configuring a new Aureum system is to supply the details for the Admin account Afterthe installation process is complete and Aureum is up and running the Admin account is used to loginto the Aureum web UI (PMT) to perform additional administration tasks such as creating other useraccounts and a client registration password
Important The Admin account has access to critical areas of Aureum Ensure that the Adminaccount is secure
1 Type an email address for the accountThe AMS verifies that the email address is formatted correctly but does not check the validity ofthe email address itself This is the email address to which emails are sent
Note When setting the outgoing mailer settings the use of a customized email addressis highly dependent on the mail server While it might be possible to use a custom emailSEND FROM address many mail servers (such as Gmail) do not allow sending email usinganything other than the registered user account name
2 Type a user name for the accountThe user name must be between 3 and 32 characters and can contain letters numbers dots ()and at signs ()
3 Type a password to be associated with the user name in the previous stepPasswords are case sensitive and should be secure Best practice shows that you should changepasswords regularly
4 Confirm the password by retyping the password exactly as you entered it aboveWhen all of the fields are complete and have the correct format the SUBMIT button turns fromgray to blue
5 Click SUBMIT
The user account information is now created and stored
Important Set up the outgoing emailer settings as soon as possible after completinginstallation of Aureum If you forget or lose your password Aureum cannot send you a newone until the outgoing email is configured
Install Aureum | 18
The next step is to import the Aureum license
Import an Aureum LicenseImporting the license for an Aureum instance activates the Peaxy software License types are assignedto the Admin account that you created at the beginning of the installation
Before you create an Aureum system make sure that you have received your license from Peaxy andthat the license details are correct
Each time you create an Aureum instance you must import a license
1 Select the license to import or drag it onto the files areaThe license is a bdl file that contains all of the files needed to install the license
2 Click IMPORT3 The system installs the license and continues to the next step
Provide Aureum InformationDefining a few basic configuration items is the first step in setting up Aureum
During the first steps of the initial configuration you provide the basic information needed to createAureum its components and the namespace details
1 Enter the Network settingsa) Enter the gateway addressb) Enter the subnet maskc) Enter the primary DNS domain suffix and up to three DNS server addresses
DNS servers must be entered as IP addresses Each DNS server is on a separate line2 Enter the General settings
a) Enter a name for this Aureum instanceNames can be up to 14 characters and can contain letters numbers dashes and underscores
b) Optional Enter a location for the Aureum system for example ldquodatacenterrdquo or ldquoPhoenixofficerdquo
c) Enter the Aureum IP addressd) Optional Enter up to three NTP servers
Including an NTP server ensures that the time stamp for Aureum is always correcte) Select the time zone to use from the drop-down menu
This ensures that all nodes in Aureum use the same time zone3 Define the Namespace settings
Install Aureum | 19
a) Select the average file size that you expect Aureum to containYour expected average file size selection is used by Aureum to determine the most efficientdistribution of hyperservers Aureum uses the selection you make here to determine theestimated ratio of namespace hyperservers to data hyperservers
b) Set the default namespace replication factor from 2 to 4The namespace replication factor is the number of replicas that Aureum creates for thenamespace
4 Click CONTINUE
Add resources to Aureum You can also click CANCEL to cancel the installation
Add ResourcesResources refer to the physical servers that will make up Aureum These can be any commodity serversuch as a 1U or 2U server with any number and size of disks These resources are used to build thenamespace and data hyperservers that form the heart of a running Aureum system
Note After a resource has been added Aureum claims the complete resource Unusedportions of a resource are designated as spares and are used in case of a failure or expansion
1 The system locates all physical servers that have been booted using USB sticks and are currently indiscovery stateYou will see a list of the servers available for inclusion Use the filter to narrow your search by servername
2 Select the servers to add to Aureum
Servers scheduled for selection have a check mark to the left Select the box beside SERVER NAMEto select all servers in the list
3 Enter the required number of IP addresses or an IP range The number of IP addresses neededappears above the IP ADDRESSES entry box
The system determines the number of IP addresses needed to ensure that all Aureum componentscan communicate receiving requests and returning responses Addresses can be individual IPaddresses (xxxxxxxxxxxx) an IP address range (xxxxxxxxx - xxx) or an IP address with a wildcard(xxxxxxxxx) Separate the IP addresses with a space comma or newline
Install Aureum | 20
Aureum only supports IPv4 (the dotted quad format) For example
192168100419216810015-2019216873
4 Define the roles of the serversClick the ROLES column entry for a server and configure the servers to support either data accessor search (SolrCloud) While it is possible to configure a server to support both data access andsearch this setting is not recommended for a production deployment
Note Aureum 40 supports SolrCloud clusters with one or three nodes Aureum 40 doesnot support SolrCloud clusters with either two nodes or more than three nodes
5 Define the bonding for the network port cardsYou should see the same speed for all of the network interfaces (NICs) on this server Use the list ofall NICs that are bonded with the interfaces on this server to form your decision Inactive NICs arenoted as sucha) Click the ETHERNET column entry for the server whose bonding to configure
If the column text is red some interfaces are not bonded to the server If the text is blue allavailable interfaces are bonded
b) Place a check mark next to all of the interfaces to bond to this server Remove the check markfor those interfaces you do not want included in the bond
6 Optional Toggle the server beacon on or offBeacon signals guide you to the server in question This is often used when troubleshooting tolocate a specific server in a large group of servers
7 Click CONTINUEWait for the installation wizard to verify that the IP addresses you entered are valid and can beused The system assigns the IP addresses and sets the state to Pending
8 Click START INSTALLATIONThe button changes from START INSTALLATION to INSTALLATION IN PROGRESS The systemassigns the resources to Aureum and determines the necessary number of dedicated nodesneeded for the configuration The progress is displayed but you can also use the Log link to followindividual progress If some of the servers are not yet ready wait a few moments and retry
The installation process will take some time typically 10 to 20 minutes When complete the IPaddress in the browser will switch from the local IP of your workstation to the Aureum IP addressthat was entered earlier This signals the transition from the AMS you launched earlier (samsp) to theintegrated PMT that is now running on Aureum
The next step is to create a default storage class
Create a Default Storage ClassA storage class groups and manages data hyperservers with similar replication factors capabilitiesand performance configuration
You must configure at least one storage class to use as the default during the initial Aureumconfiguration You can create more storage classes at any time as long as you have the resourcesnecessary
1 You are presented with the create Initial Storage Class option2 Enter the required information to create the storage class
a) Type a name for the storage classClass names can be up to 14 text characters
b) Define the performance levelPerformance levels based on throughput and seek time Select the paired setting that is best foryour expected usage For the widest option select ldquoAnyrdquo
c) Set the replication factor
Install Aureum | 21
Remember all hyperservers assigned to this storage class will use these settings
Note You must include at least the same number of resources to create the specifiedreplication factor For example you cannot have a replication factor of three in anAureum system with only two servers
Because each replication requires some amount of storage the replication factor selectedaffects the amount of total storage available
Tip The Aureum data space is partitioned through all the data-capable hyperserversEach hyperserver can be configured to offer a specified replication factor This lets youstore vital data with high redundancy while more transient data can skip replication inorder to optimize storage and performance costs
d) Optional Enable flexible space allocationEnabling flexible storage space allows the members of the storage class to consume thecapacity needed When more storage space is needed more is allocated automaticallyregardless of the initial allocation Peaxy recommends this option for general use Some casesmight have different needs
e) Optional To make this the default storage class select YESAll data that does not meet the conditions in a specific data policy will be stored on the defaultstorage class (See data policies in the Aureum Administrator Guide)
3 Click CREATE STORAGE CLASS4 To complete the initial installation and configuration click FINALIZE AUREUM then click YES to
confirm the configuration is correct
Important After you click FINALIZE you must wait for the health indicator on the Aureumcard or list turn green before using Aureum
The Aureum installation is complete and the PMT shows the main Aureum window To configureadditional Aureum storage classes and data policies and to understand how to monitor Aureum seethe Aureum Administrator Guide
Define Outgoing Mail SettingsIn order for Aureum to send email notifications and provide lost password recovery you must tellAureum how to send email alerts
Important Configure outgoing email settings as soon as reasonably possible If you lose orforget your password Aureum cannot send reset instructions until you configure the emailsettings
1 Select EMAILER CONFIG from the SETUP WIZARD pane or from the Navigation menu select EMAILER
2 Type the email (SMTP) server to use when sending the emailThe email server must be accessible from Aureum
Install Aureum | 22
3 By default the system uses port 587 This is usually the right setting Only change the EMAILSERVER PORT if your organizations SMTP server requires it
4 Enter a valid user account and password that Aureum will use to send email from this server5 Optional SEND FROM is required only if your email server requires Transport Layer Security (TLS)
If this is the case type the SEND FROM email addressGenerally the recommended SEND FROM address is a working system administrator account
6 Click SAVE
Create a Client Registration UserThe Aureum client registration user and password allow client authentication at mount time
This allows you to create a custom account for authenticating client mounts
1 Click REGISTRATION2 Type a name for the user This will be the username that is authorized to type in the registration
password when an Aureum client is installed3 Type the client registration password This password is used to register the Aureum client for
authentication at mount time4 Click SAVE
Configure SecurityDefine define the level of security for client communication
1 Click SECURITY LEVEL2 Slide the controller to the level of security your data will use
3 Click ACCEPT
ConnectAn Aureum client mounts Aureum and allows access to folders and files Peaxy provides clientsoftware for Linux users and allows Windows users to access Aureum through a Windows share
The Linux-based client uses a FUSE component to remotely access Aureum services Almost all Linuxinstallations include FUSE so you should not need to do anything extra
The Aureum client has a small footprint A very limited set of memory and CPU cycles are needed toperform the client functions Also the Aureum client can be used concurrently with other clients forNFS and other network file systems
When you install the client the client drivers are added to the default system directories To accessthese directories use the mount command (more commonly known as mapping a drive in Windows)to mount the client to the directory
Install Aureum | 23
Mounting a client to an Aureum directory loads all the data structures necessary for the client tointeract with Aureum As the structures change Aureum updates them In order for a client to accessAureum all that is necessary is that the client know the IP address or URL to which the client willconnect and the client-Aureum registration password
Also available is the ability to join a Windows domain and create domain-authenticated users who canaccess different areas of Aureum
Linux Client-Aureum RegistrationThe minimum security level for Aureum is the authenticated mount To ensure that unauthorized usersdont gain access to data Peaxy provides an authenticated mount between Aureum Linux clients andAureum using certificates and registration
Note The process described in this section applies to Linux clients Windows domains userswith credentials from an Active Directory access Aureum through a Windows share
Security is always an important part of any system that provides data access especially when theaccess spans many users and locations Peaxy provides a registration process where the clientand server exchange certificates which are used to authenticate subsequent connections Theregistration provides a mutual authentication method between the client and Aureum allowing theclient access Only authenticated clients are allowed to mount Aureum Other clients cannot use thesame authentication as part of the certificate registration Aureum generates a client key pair that isunique to each client-Aureum connection
How It WorksThe AMS requires a dynamic registration at the initial mount time As part of the registration Aureumgenerates a key pair unique to each client This key pair is persistent so you do not need to re-register the client each time you mount Aureum
This initial registration is required the first time the client mounts Aureum and requires a specialregistration password that is unique to Aureum This password is entered by the Aureum administratorat the workstation on which the client is installed Subsequent client mounts use the client certificateissued during registration
Security LevelsAureum offers varying levels of security
The security level is visible on the Aureum card or list and is indicated in the SECURITY section by thenumber of total locks that are green Gray locks indicate how many additional security levels you canselect For example if there are four total locks and three are green your current security level is 3Message Integrity
bull Data Confidentiality all data in and out of Aureum is verified and encryptedbull Message Integrity message authentication codes verify message integritybull Kerberos Authentication use the Kerberos authentication protocol as the mechanism for
authentication between a client and a server or between one server and another serverbull Authenticated Mount use X509 certificates to mutually authenticate and validate all Aureum
clients and hyperservers in Aureum
Create an ExportCreate an export to allow Linux clients to mount and access Aureum
1 From the Navigation menu select SECURITY gt EXPORTS2 Type the export name3 In the EXPORT CONTENT IN field choose the data class to export
The IN DIRECTORY field automatically populates with the path specified by the chosen data classYou can extend this path but you cannot shorten it For example if the data class specifies the
Install Aureum | 24
engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the export5 Click CREATE6 To edit or delete an export click the corresponding entry in the list
bull To edit the export make the changes needed in the edit panel and click SAVE CHANGESbull To delete an export click the corresponding trash can icon ( ) and confirm the deletion
Install a Linux-based Aureum ClientYou install the Aureum client on physical hardware or on a workstation in the cloud Use the client tomount and access Aureum directories
Before installing the client make sure that your system meets the minimum requirements describedin the Requirements section of this document
Note Aureum uses FUSE in Direct IO mode for better performance The version of FUSErunning on older versions of CentOS Red Hat Enterprise Linux doesnt support mmap whenFUSE is being used this way This might cause some mmap functions such as ACCESS_WRITEMAP_SHARED and PROT_WRITE to fail You can use the mount flag --disable-direct-io-mode to disable Direct IO mode
If you choose to use Direct IO mmap will be disabled on CentOS56 and 57 since those versionsdont support mmap with direct IO Enabling this option will result in a significant performancedegradation on clients using this option Peaxy strongly recommends that you upgrade to a newerversion of Linux
Ensure FUSE and its dependencies have been installed on each client If it has not been installedinstall FUSE according to the instructions for the package you chose On CentOS for example installthis by typing
sudo yum -y install fusex86_64 fuse-develx86_64 fuse-libsx86_64
The version numbers for your installation may differ
If you have installed a version of the fuseko module that is not the Peaxy-specific version runadditional commands at the end of the installation process This prevents kernel-oops messages fromconsuming all of the space in the varspool directory These messages indicate a benign conditiondue to a Linux FUSE problem
Run the following commands
chkconfig --levels 2345 abrt-oops off service abrt-oops stop
Note The client installation sets the following values automatically
Parameter Value set to
netipv4tcp_tw_recycle 1
netipv4tcp_fin_timeout 2
netcorewmem_max 2097152
netcorermem_max 2097152
netcorewmem_default 2097152
netcorermem_default 2097152
Install Aureum | 25
1 Download the Aureum client file from the support section of the Peaxy website at wwwpeaxynetsupport (login is required)The file is downloaded as a targz package and contains an installer It has a name similar tohfclient-fuse-400ltbuildnumbergttargz
2 Unpack the distribution file by typing the following
tar -zxvf hfclient-fuse-400ltbuildnumbergttargz
You will see something like the following
hfclient-fuse-400hfclient-fuse-400setupshhfclient-fuse-400scriptshfclient-fuse-400scriptsupdatedbshhfclient-fuse-400scriptsc_rehashshhfclient-fuse-400scriptssysctlshhfclient-fuse-400scriptsunregshhfclient-fuse-400scriptsconfshhfclient-fuse-400binhfclient-fuse-400binfusehfCentOS-5xhfclient-fuse-400binfusehfhfclient-fuse-400confhfclient-fuse-400confhfconftgz
3 While logged in as root run setupsh installThe driver files are installed in the default system directories You will see something similar to thefollowing
sudo setupsh install
Installer for Peaxy Aureum Client version 40
Checking package contentsInstalling hf client binariesremoved `optpeaxy-40sbinfusehf`binfusehf -gt `optpeaxy-40sbinfusehfInstallation complete
Mount Aureum
Mount Aureum (Linux)After the client is installed use the mount command to mount Aureum
At a command prompt type
sudo mkdir -p ltmnt_pointgtsudo mount -t fusehf hfltmgmt_ipgt ltmnt_pointgt -o user=ltclient registration usernamegt
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is thedirectory that will serve as your local mount point for example mntpeaxy
If you omit -o user=ltclient_user_namegt you would be prompted for the password associatedwith the local admin account to complete the client registration Best practice is to always create aclient registration account and use that password
The first time you mount the client to Aureum you will be prompted for a registration passwordto allow client-Aureum authentication Type the client registration password Otherwise youradministrator must do this for you
Peaxy strongly recommends that you change the password often especially after typing the passwordfor a client registration
If you or your IT administrator have associated a DNS entry with the Aureum IP address you mightwant to use the DNS name as the name for your mount point
Install Aureum | 26
To configure the Aureum client to automatically mount on startup locate the etcfstab file andadd the line
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults 0 0
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is the localmount point for example mntpeaxy
Note If you are running CentOS 7 change this line to add the _netdev flag as below
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults_netdev 0 0
You can now use the Aureum client to access Aureum
Unregister a Linux Client from AureumYou can securely unregister an installed FUSE client from the Aureum system that it mounts
Removing the registration renders the client unable to access Aureum If you use the all option youwill need to perform a new registration setup before you can mount Aureum again
Unregistering a client is done by running the unregsh script Use the following procedure tounregister the client
1 On the workstation running the client open a command prompt2 Move to optpeaxybin the location of the script3 Run the script
bull Type sudo unregsh ltAureumgt to unregister the client from a specific Aureum systemReplace ltAureumgt with the Aureum system to unregister
bull Type sudo unregsh all to unregister the client from all Aureum systems on which theclient is registered
Note Peaxy strongly recommends using the all option before you decommission aclient workstation
Windows ConfigurationDomain users with credentials from an Active Directory can access Aureum through a share
After Aureum joins a domain it sets up network shares for chosen directories (including all containedsubdirectories) To domain users these shares look the same as any other folder that is accessible viathe network
Unlike an Aureum client which mounts to the root of the volume a share allows a user to exportsubdirectories for more granular access
Where to Find ItFrom the Navigation menu select SECURITY gt DOMAINS and SECURITY gt SHARES
Join a DomainBefore you can create a share you must join a Windows domain
You can pre-create a machine account in an Active Directory under a specified OU If you choose notto do so Aureum will try to add a computer account to the default location of ldquoComputersrdquo
Important If Aureum is already joined to a domain joining another domain will replace thejoin not add to it Aureum will only be joined to the most recently joined domain
1 From the Navigation menu select SECURITY gt DOMAINS2 Type the complete Windows domain to join for example engexamplecom3 Type the username with access to the domain The user must have the necessary permissions to
join Aureum to the domain4 Type the password associated with the username or access to modify an object in the OU if the
machine account was pre-created
Install Aureum | 27
5 In the NETBIOS NAME field set the Aureum computer account name you wish to be created in theActive Directory If Aureum is using a pre-created machine account in a specific OU then the nameyou specify here must match that name exactly
6 Click JOIN
After the domain has been joined the JOIN button changes to LEAVE To leave the domain clickLEAVE
Create a ShareCreate a share to allow Windows users to connect to Aureum
Before you can create a share you must join the appropriate domain
1 From the Navigation menu select SECURITY gt SHARES2 Type the name of the share3 In the SHARE CONTENT IN field choose the appropriate data class
The IN DIRECTORY field automatically populates with the path specified by the chosen data classYou can extend this path but you cannot shorten it For example if the data class specifies the engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the share5 Click CREATE
6 To edit or delete a share click the share to be modified
bull To edit the share make the changes needed in the edit panel and click SAVE CHANGESbull To delete the share click the trash can icon ( ) and confirm the deletion
Mount an Aureum Windows ShareDomain-authenticated users can mount and access Aureum directories using a share
After Aureum has been joined to a domain and the share has been created you can easily mount tothe share
The exact mount process is based on your workstation OS
Install Aureum | 28
If you do not already know it you can determine the mount point from Aureum by navigating to theJOIN DOMAIN page and using one of the listed public IP addresses as the mount point Include theshare name when mounting
Peaxy recommends that you take the list of public IP addresses and enter them into your DNS serverlisted under the Aureum NetBIOS name within the appropriate domain In cases where multipleaddresses are used the DNS server automatically round-robins the returned address This ensure thatclient connection load is distributed across the available nodes
As a Windows example to mount a drive letter to Aureum Type
net use ltdrive_lettergt ltpublic addressgtltshare namegt
where ltdrive_lettergt is the drive letter to assign to Aureum ltpublic_addressgt is the IP address usedto join the domain and ltshare_namegt is the share
You then log into the share using your domain-authenticated username and password For exampleMYDOMAINmyname
After mapping the drive access Aureum through Windows Explorer just like you would any otherdrive
If the share does not appear in the Windows Explorer after a change such as a system reboot occursrefresh the view using the Refresh icon ( ) The share should display correctly
You do not have to assign a share to a drive letter however In Windows Explorer type the public IPaddress and share name into the address bar Provide your username and password
POSIX ComplianceAureum provides a POSIX-compliant interface
Most of the Aureum interfaces are POSIX compliant and adhere to the IEEE standard The following isa list of exceptions to compliance
bull The directory nlink count is not incremented when a subdirectory is addedbull inode retention differs from the POSIX specification because there is no way to retain the original
inode number when a rename entails a move to a different device You can display the datahyperserver extent ID instead of the namespace hyperserver Node ID to the caller in the statfamily of calls This does not change when a file or directory is renamed It does change if the file ismigrated from one data hyperserver to another
bull If two mount points are held to the same Aureum and a file is closed on one Aureum does notremove a fcntl lock for the same file on another This is a variance on the way that NFS worksThe internal locking structures take into account the client ID which varies depending on the clientmount If there are two different mounts to a server Aureum treats them as separate machineswhich NFS does not
bull The file locking call flock() is emulated using POSIX byte range locks (fcntl() ) The POSIXcompliance specification does not cover flock() This implementation mirrors the behavior ofNFS The Aureum behavior is slightly different and varies from the POSIX specification as follows
1 As in NFS you must have write permissions to get a write lock2 As in NFS you cannot place both flock() and fcntl() locks on the same file as these locks
will conflict3 An flock() will not inherit across forks4 The flock() will be durable against other file closes but fcntl() locks will not behave within
the POSIX specification5 As well as being removed by an explicit f_unlock record locks are automatically released
when the process terminates or if it closes any file descriptor referring to a file on which locksare held This means that a process can lose the locks on a file like etcpasswd or etcmtab if a library function opens reads and closes it
Information and ResourcesThe latest news and information can always be found on the Peaxy website
Peaxy provides documents that are designed for different audiences These documents furnish acomprehensive explanation of Aureum and how to use it Additionally information is available fromtooltips Each field has a tooltip that adds explanations and any limitations for the item
The most current and accurate information available was included at the time this document wasprepared However changes may occur after the document is released Always read the ReleaseNotes for the most current information
Aureum Installation GuideA step-by-step guide to installing and configuring Aureum into your network
Aureum Administrator GuideA guide to understanding the Aureum architecture Provides details for planning configuring andmonitoring your implementation
Quickstart SeriesA series of two-page guides providing an abbreviated set of instructions for Aureum tasks Theycan be taken in order or used as reminders for individual tasks
Tech NotesSome technical issues are outside the scope of the regular documentation These are presented asTechnical Notes
Contact Peaxy9 am to 5 pm Pacific Standard Time
Main +1 (408) 441-6500
Support +1 (408) 763-3700
By phone
Support toll free US only +1 (844) 277-3299
General information infopeaxynet
Sales salespeaxynet
Support supportpeaxynet
By email
Documentation feedback feedbackpeaxynet
Online wwwpeaxynetsupport (login required)
Peaxy Inc
2380 Bering Dr
By mail
San Jose CA 95131 USA
LegalPeaxyreg and Aureumtrade are registered trademarks of Peaxy Inc
All other trademarks belong to their respective companies
CopyrightsThis document is copyright copy 2016 Peaxy Inc
Aureum software includes portions of the following
bull Amazon Web Services (AWS) Java SDK httpsawsamazoncomsdk-for-java and httpawsamazoncomapache-2-0
bull Apache License Version 20 January 2004bull BEOPEN PYTHON OPEN SOURCE LICENSE AGREEMENT VERSION 1bull BSD 3bull crc32 routine COPYRIGHT copy 1986 Gary S Brownbull Element Tree used under the Python licensebull Erlang Public License (EPL) a derivative work of the Mozilla Public License Now provided under
the Apache 20 licensebull GoogleAuth httpsgithubcomwstrangeGoogleAuthbull GNU Lesser General Public License Version 3 Copyright copy 2007 Free Software Foundation Inc
and GNU Lesser General Public License Version 21 Copyright copy 1999 Free Software FoundationInc
bull Samba is Free Software licensed under the GNU General Public License httpswwwsambaorgsambadocsGPLhtml the Samba project is a member of the Software Freedom Conservancy
bull JSON-C Copyright (c) 2009-2012 Eric Haszlakiewicz and Copyright (c) 2004-2005 MetaparadigmPte Ltd
bull Kerberos Copyright copy 1985-2009 now under the MIT 2 licensebull libcurl Copyright (c) 1996 - 2015 Daniel Stenbergdanielhaxxsebull lshow used under the GPL licensebull MIT (X11) Copyright copy 2007-2015bull RIAK Creative Commons (httpcreativecommonsorg licensesby30)bull Goldrush Copyright copy 2012 Magnus Klaarbull Meld Under ZPL licensebull NSIS (Nullsoft Scriptable Install System) copy 1999-2013bull OpenSSL License Copyright (c) 1998-2016 The OpenSSL Project and Original SSLeay License
Copyright (c) 1995-1998 Eric Youngbull Protobuf Copyright 2008 Google Inc now under the BSD 3 licensebull Setup Tools (setuptools-06c11) Under ZPL licensebull Sodium crypto library (libsodium) ISC license Copyright (c) 2013-2015 Frank Denisbull Solr the Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull TCL Copyright copy Regents of the University of California Sun Microsystems Inc Scriptics
Corporation and other partiesbull The Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull The Apache Tika project Copyright copy The Apache Software Foundationbull VirtualBox Copyright copy 2007 Oracle Corp as part of the GNU GPL V2 Licensebull YAWS Copyright copy 2006 Claes Wikstrom now under the BSD licensebull Apache zookeeper Under the Apache 2 license
Index | 35
Index
bdl license file 18
img 12
MD5 12
zip 12
A
access directories 24Active Directory 26add
resources 19servers 19
Admin 17administrator 17AMS 12 14 15 16Aureum IP address 11Aureum Manager 6 12 14Aureum name 18Aureum overview 5average file size 18
B
beacon turning on or off 19BIOS 15bonding network interface 19bootable USB 12 14browser 15button color 17
C
capacity 10 19CentOS 10checksum 12client registration 22clients 22configuration 11configure email 21connect 22contact 31create
export 23share 27
create Aureum 15create storage class 20
D
dedicated capacity 20dedicated nodes 5default storage class 20directory access 24discover resources 12 14 19discovery state Aureum nodes 12 14disk space required 10DNS server 11DNS servers 18documentation 31domain-authenticated user
domain 27
domain-authentication 22domain suffix 11download images 14
E
editsecurity level 22
emailer settings 21Ethernet
interface 10switch 10
exportCIFS 23create an export 23
F
files needed 12 14firewall 12flexible capacity 20flock 29FUSE 10
G
gateway 11 18
H
hardware requirements 10how to reach Peaxy 31
I
image copier 12 14import a license 18initial configuration 18inode retention 29install
client 24Linux client 24
introduction 5iptables 16
J
javarequired version 12 14
javaw 14
K
Kerberos 22 22 23
L
legal 33levels of security 23license files 18licenses 18
Index | 36
Linux client install 24localhost 15location 18
M
maintenance agreement 18management IP 15mapping 22mount Aureum 24 27mounting 22 22
N
namespace 18Navigation menu
configuration 11security 22
netBIOS 22NIC 19NTP server 11 18
O
outgoing email 21overview
architecture 6Aureum building blocks 6components 6
P
password 17password limitations 17ports 12POSIX compliance 29primary domain 18primary domain suffix 11
R
RAM requirements 10realms 22reboot 12 14recommended configuration 10Red Hat Enterprise Linux 10replication factor 11 18 20resources
needed 10run setup 16
S
samsp 12 14 16security 22 23security levels
security 22 23select the license 18SElinux 16sestatus 16set performance levels 20settings 11setup 16share
CIFS 27
create a share 27Share 26SMTP 17 21software files 14space needed 10storage class creating default 20subnet mask 11Support hours 31
T
tar ball 24time server 18time zone 11 18
U
USB 15USB stick 10 12 14user account 17
V
virtualization 6 15
W
what youll need 11Windows
domain 26join a domain 26share 27
Windows client 10
Y
yum 24
Introduction | 6
How Aureum WorksPeaxy designed Aureum for flexibility accessibility scalability and ease of use Heres how it works
Aureum sits on top of your own industry-standard hardware resources Based on your Aureumconfiguration the Peaxy software creates a number of Peaxy-specific nodes to use when building thesystem Peaxy nodes cannot be used for any other purpose This makes expansion as easy as addingnew resources (servers) to an existing environment
You dont need to manually create the individual nodes Peaxy software creates the container layerbased on the way you configure Aureum
Resources that are included in Aureum but not used immediately become spares which are availableon an as-needed basis This allows all Aureum software components to recover from most failurescenarios without manual intervention as long as there are enough spare resources to allow self-healing It also allows you to expand the capacity of a storage class
The following terms explain the abstraction and components of the Aureum architecture
bull Aureum A Peaxy storage and data access facility that manages all of its components within asingle namespace allowing total data access without bottlenecks
bull Hyperserver Either a namespace server or a data space server that manages between one andfour Aureum node members The Aureum namespace enables single disk IO access and allowsthe entire namespace to be persistently contained in RAM for better performance although thenamespace also resides on disk Subsequent directory lookups are done without touching the diskThe Aureum architecture accelerates file access by an order of magnitudeNamespace Hyperserver
A namespace hyperserver contains the path name and system metadata Namespacehyperservers run the namespace service (NS) The namespace is partitioned across allhyperserver members Each namespace hyperserver within Aureum contains a portion of thenamespace information
Data Space HyperserverA data space hyperserver contains actual user data Data space hyperservers run the dataservice (DS) All of the data in Aureum is distributed across all of the data hyperserversconfigured for data use under the rules of the data policy and assigned storage class withbetween zero and three copies stored
bull Hypervisor A hypervisor manages multiple nodes on one host In most cases the termshypervisor server and host are interchangeable Note however that a hypervisor is not the sameas a hyperserver
bull Analytics Service The analytics service (AS) manages the system analytics providing a clear wayunderstand how Aureum is managing data The analytics service is the force behind the analysisviews The analytics service is managed by the analytics node
bull Search Service The search service provides advanced search capabilities and powers Peaxy Findmaking it possible to find data across Aureum Searches are performed using a search query onan index or alias (group of indexes) that administrators create The search service is based onApache Lucene project Solr and SolrCloud SolrCloud provides the ability to set up a cluster ofSolr servers that combines fault tolerance and high availability enabling distributed indexing andsearch Administrators configure servers to support either data access or the search service duringinstallation
bull Storage Class The storage class is the abstraction that specifies performance redundancy andavailability characteristics of all the data hyperservers of the class User-defined data placementpolicies govern the data stored on each storage class
bull Data Class Data classes provide a way to perform storage management and access control basedon a directory structure This allows you to manage your storage based on a logical structure suchas teams and projects complementing the hardware-oriented resource management capabilitiesoffered by storage classes
bull Data Policy The data policies you create provide Aureum with the instructions about where data isstored as well as when and how data will be moved
bull Node Peaxy virtualization node created in containers Peaxy software creates the entire filesystem from virtual constructs Nodes that are members of a hyperserver store copies of the same
Introduction | 7
data or metadata Aureum sets the number of copies during the initial configuration and based onthe attributes of the storage class Aureum creates these nodes solely for its own use
bull Aureum Management Service Aureum management service (AMS) allows you to create and useAureum from physical resources
Overview of Aureum Building BlocksEach part of the Aureum architecture builds on the next To build an Aureum system
1 Rack and cable any physical servers and ensure the resources are accessible on the network2 Provision your resources and configure your physical storage Hardware provisioning is the task of
Admin users and cannot be delegated3 Install the Peaxy software Installation is described in the this guide
The Aureum manager (AMS) uses the configuration settings you define when Aureum creates thenodes It groups them into the appropriate types of hyperservers Aureum uses your configurationsettings to determine the optimal ratio of namespace hyperservers to data space hyperservers
4 Create storage classes and ingest policies for your environment
All of the resourced hyperservers aggregate and become a fully functioning Aureum systemconnected to your network
5 Create data classes to manage storage and access control based on the logical organization ofyour teams and projects
6 Begin ingesting data into Aureum
After the basic setup is complete you can add storage classes and data policies as well as optionalreplication partners When planned correctly these let you automate most data management andadministrative tasks
Aureum provides the Peaxy Management Tool (PMT) a powerful and intuitive browser-based UI formanagement Access data through a Linux-based client or a Windows domain share Peaxy providesseveral roles and allows the creation of others to ensure that the right access level is granted to usersand groups
Install Aureum
In this section
bull Resource Requirementsbull Aureum Configuration Settingsbull Port Requirements and
Firewall Settingsbull Prepare Aureum Installation
Resources (Linux)bull Prepare Aureum Installation
Resources (Windows)bull Install the Softwarebull Continue the Installationbull Create an Admin Accountbull Import an Aureum Licensebull Provide Aureum Informationbull Add Resourcesbull Create a Default Storage
Classbull Define Outgoing Mail Settingsbull Create a Client Registration
Userbull Configure Securitybull Connect
Make sure you have sufficient resources for the Aureum system youare creating After the hardware is racked and accessible to thenetwork use the Aureum manager to create the system
Install Aureum | 10
Resource RequirementsThe requirements for the hardware are minimal and depend on the Aureum configuration you define
The software installation image is self-contained and does not have outside software requirements
Minimum Hardware Requirementsbull Three or more servers compatible with Red Hat Enterprise Linux version 7 64-bit 1
bull Each server should have a minimum of 24 GB RAM and one core per physical device (diskLUN)bull One or more 1 or 10 Gigabit Ethernet connectionsbull One 2 GB USB stick per serverbull One available USB port on each server
Important If you are planning replication you can replicate across only same-sized drives Forexample replication must be between multiple 1 TB drives or between multiple 2 TB drivesand so on
Aureum SolrCloudCompute Node Requirementsbull 4 or more CPU coresbull 64 GB RAMbull 1 TB local storage
Aureum FUSE Client RequirementsAureum clients may be run on either physical or virtual machines and can use either 1 Gigabit or 10Gigabit Ethernet connections
Additionally the client requires
bull 1 or more CPU coresbull 2 GB RAMbull Red Hat Enterprise Linux version 5 6 or 7 64-bit or CentOS 5 6 or 7 64-bit or laterbull FUSE (the Linux File System in User Space)
Aureum Windows Client RequirementsAureum clients may be run on either physical or virtual machines and can use either 1 Gigabit or 10Gigabit Ethernet connections
Additionally the client requires
bull 1 or more CPU coresbull 2 GB RAMbull a supported operating system
2008 SP2 x86 and 64-bit
2008 R2 64-bit
2012 64-bit
Windows Server
2012 R2 64-bit
Vista x86 and 64-bit
Windows 7 x86 and 64-bit
Windows 8 x86 and 64-bit
Windows
Windows 81 x86 and 64-bit
1 The complete list of compatible hardware is available at httpshardwareredhatcom
Install Aureum | 11
Windows 10 x86 and 64-bit
Aureum Configuration SettingsConfiguration settings are needed to install and configure Aureum There can be additional optionalsettings
Table 1 General and Network Settings
Item Description Example
Aureum name Names can be up to 14 alphanumeric characters and cancontain dashes (-) and underscores (_)
Aureum_One
Aureum IPaddress
This is a floating IP address that is used for communicationto and from Aureum Communication can be donethrough the Aureum IP address Peaxy recommendsthat organizations create a DNS entry for Aureum that ismapped to the IP address allowing you to refer to Aureumby a more meaningful name
10213119
IP addresses A list of IP addresses or one or more ranges of IPaddresses that the configuration wizard can use to assignIP addresses to discovered hypervisors If you includemultiple ranges the Aureum manager will use all availableIP addresses in the first range before moving to thesecond
151145011715114520 - 94
Gateway Aureum needs to be assigned a default gateway addressThe gateway is used by each hypervisor and node thatcomprises Aureum
1721601
Subnet mask All hypervisors making up Aureum must reside in the samesubnet This is defined by the subnet mask
25525500
DNS domainsuffix
Working with the DNS server the domain suffix identifiesthe server within a smaller network (like a computer lab)
peaxynet
DNS server list A list of up to three DNS servers to use 55219208672222228888
Time zone The time zone to use (UTC-800) Pacific
NTP server The IP address of the network time protocol (NTP)server that Aureum should use to coordinate time acrossthe entire namespace even if the servers within thenamespace are in disparate locations This can be criticalwhen Aureum needs to compare timestamps
0poolntporg1poolntporg
Averageexpected file size
The selection here is used by the system to determine themost efficient ratio of namespace hyperservers to datahyperservers
bull Small files (less than 1MB)bull Medium files (less than 20MB)bull Large files (greater than 20MB)bull A mixture of file sizes
Large files (greaterthan 20MB)
Replication factor The number of replicas created for data when the filesare assigned to a particular storage class Setting thereplication factor to 2 indicates that the original and one
2
Install Aureum | 12
Item Description Exampleadditional replica of the data are saved providing higheravailability Valid options are 2 3 and 4
Use the appropriate replication factor for each storageclass to implement the best level of protection for criticaldata and to limit wasted consumption for sandboxes andother nonessential data For data that is not critical or forsandboxes you can choose a lower replication factor Usea high replication factor for data that is critical or accessedoften
Table 2 Emailer Settings
Item Description Example
Email server The name of the email server This is usually an SMTPserver
smtpgmailcom
Server port By default port 587 is used Only change this if corporateor security requirements demand it
587
Email serveraccount
Enter a valid email account Aureum uses this account tosend email notifications and replacement passwords
memycompanycom
Password The password that is associated with the valid emailaccount
Send from Only change this if your SMTP server allows it and yourcorporate requirements demand it Normally only serversusing TLS require this entry
memycompanycom
Port Requirements and Firewall SettingsBecause Aureum uses the network for traffic specific ports must be available
The following table describes the ports that must be open for Aureum traffic and client connections
Port Type Used for
53 DNS DNS
443 TCP Encrypted traffic
514 UDP Log Server
3033 TCP Statistic collection
8001 TCP Analytics server
8080 HTTP Windows client
8443 TCP Encrypted traffic
10011 UDP LinuxFUSE client
Prepare Aureum Installation Resources (Linux)The software is installed on each server resource that will become part of Aureum Aureum ishardware agnostic but there must be adequate resources to complete the installation Each serveruses a USB stick to install the software
Make sure that you have the required basic resources described in Resource Requirements Downloadthe software files from wwwpeaxynetsupport A login is required
Install Aureum | 13
1 Download the software installation files
bull Release-ltreleasenumbergtimg is the image to be copied to a USB stick that will initializethe hardware
bull Release-ltreleasenumbergtmd5 is the checksum file that validates the validity of the imagebull samsp-ltreleasenumbergtzip is a compressed file that contains the utilities to move the
image to the USB stick and for the initial configuration of Aureumbull The Aureum client file
bull hfclient-fuse-ltreleasenumbergttargz - the Aureum Linux client installation file2 From a command prompt on your workstation uncompress the installation files Type
sudo unzip samsp-ltreleasenumbergtzip -d tmp
3 As root launch the image copier Double click img-copiersh and click Run on the dialog thatappears
4 Browse to the software image you downloaded (the img file) and select this file
5 Type a label for the USB sticks
The label is used to identify the system during the initial installation and becomes the name of theserver on which it is installed If you use the same label on different sticks the software will add anumeric suffix when creating the host name for example HOST-01 HOST-02 and so on Labelscannot exceed 16 charactersYou can provide a different label for each USB stick but to do so you must copy the image file toeach stick individually
6 Insert the USB sticks into a port on your workstation or a hub connected to your workstation andthen click REFRESH to make them visible to the image copier tool Select the sticks you want fromthose displayed in the destination drives list The USB stick must be at least 2 GB
7 Leave Verify copy operation enabled Peaxy strongly recommends that you do not skip this step
Install Aureum | 14
Depending on the speed on the USB sticks it can take several minutes to complete theverification
8 Enable hypervisor protection if requiredEnable hypervisor protection if the underlying storage consists of non-redundant JBOD (acollection of hard disks that have not been configured to act as a RAID) This creates a softwareRAID 5 configuration for the container store used by AureumYou can disable hypervisor protection if you have a hardware RAID under the disk volumes Thisallows Aureum to use a higher-performing RAID 0 configuration instead
9 Click START10After the copy is complete click EXIT and remove the USB sticks from the workstation or USB hub
The USB stick now contains a bootable image of the Aureum installation software
Prepare Aureum Installation Resources (Windows)The software is installed on each server resource that will become part of Aureum Aureum ishardware agnostic but there must be adequate resources to complete the installation Each serveruses a USB stick to install the software
You must have administrator permissions to install the Aureum software
Your workstation must be running the Java Runtime Environment (JRE) 17 or higher installed in orderto run the image copier
Make sure that you have the required basic resources described in Resource Requirements Downloadthe software files from wwwpeaxynetsupport A login is required
1 Download the software installation files
bull Release-ltreleasenumbergtimg is the image to be copied to a USB stick that will initializethe hardware
bull Release-ltreleasenumbergtmd5 is the checksum file that validates the validity of the imagebull samsp-ltreleasenumbergtzip is a compressed file that contains the utilities to move the
image to the USB stick and for the initial configuration of Aureumbull The Aureum client file
bull hfclient-fuse-ltreleasenumbergttargz - the Aureum Linux client installation file2 On your Windows workstation move to the location of the zip file and unzip the file using any
uncompression program3 Move to the location of the uncompressed file and double-click the executable to start the
installation4 With administrator privileges launch the image copier Double-click img-copierbat
Install Aureum | 15
If the image copier does not launch properly you might need to add javaw to your path Refer toyour Windows Operating System help for instructions
5 Browse to the software image you downloaded (the img file) and select this file then click Run6 Type a label for the USB sticks
The label is used to identify the system during the initial installation and becomes the name of theserver on which it is installed If you use the same label on different USB sticks the software willadd a numeric suffix when creating the host name for example HOST-01 HOST-02 and so onLabels cannot exceed 16 charactersYou can provide a different label for each USB stick but to do so you must copy the image file toeach stick individually
7 Insert the USB sticks into a port on your workstation or a hub connected to your workstation andthen click REFRESH to make them visible to the image copier tool Select the sticks you want fromthose displayed in the destination drives list The USB stick must be at least 2 GB
8 Leave Verify copy operation enabled Peaxy strongly recommends that you do not skip this stepDepending on the speed on the USB sticks it can take several minutes to complete theverification
9 Enable hypervisor protection if requiredEnable hypervisor protection if the underlying storage consists of non-redundant JBOD (acollection of hard disks that have not been configured to act as a RAID) This creates a softwareRAID 5 configuration for the container store used by AureumYou can disable hypervisor protection if you have a hardware RAID under the disk volumes Thisallows Aureum to use a higher-performing RAID 0 configuration instead
10Click START11After the copy is complete click EXIT and remove the USB sticks from the workstation or USB hub
The USB stick now contains a bootable image of the installation software
Install the SoftwareThe installation software on the USB stick installs the Peaxy software and lets you create Aureum
1 Insert one prepared USB stick into each server Servers must have a console attached or beaccessible via an IPMI management tool
Install Aureum | 16
2 Apply power to the servers either individually or with a few seconds in between to complete the
next steps
Note If you have already configured your server to boot from USB skip steps 3 4 and 5
3 Enter the server BIOS and instruct the server to boot from the USB stickThe method used to enter the BIOS depends on the server
4 Ensure that the virtualization setting is enabled in the BIOS5 Save the BIOS changes and reboot the server from the USB stick
After the server has booted from the USB stick and launched the installation software you will seea message at the bottom of the screen telling you that the server is being prepared for installationThis boot process has placed the servers in a discoverable state this plays a role in the nextphase of the installation process
Continue the InstallationAfter the servers have been prepared and the software has been installed begin the configuration
1 On your workstation disable the firewall
On Red Hat Enterprise LinuxCentOS 7 systems use the following commands
systemctl stop firewalld
systemctl disable firewalld
On other Linux-based operating systems use the following commands
service iptables stop
service ip6tables stop
chkconfig ip6tables off only include this command if you want to permanently turn thefirewall off
chkconfig iptables off only include this command if you want to permanently turn thefirewall off
2 On your workstation disable SElinuxYou can check the status of SElinux with sestatus The result should appear as SELinuxstatus disabledIf you do not see disabled
1 Edit etcselinuxconfig and set the SELINUX variable to disabled2 Reboot your client workstation
3 On the workstation launch the Aureum installation management tool Type
sudo tmpsamsp-400ltversiongtsamspsh
Install Aureum | 17
You should see something similar to the following
Launching Management Server Platform version 400rootOpen your browser and enter the URL httpslocalhost to continueDo not terminate samsp it is required to complete cluster configurationYou can view tmpsamsp-40010872logmsplog for detailed progress activity
Important Do not terminate samsp because it is needed to complete clusterconfiguration
4 Open a browser and type
httpslocalhost If you are running the browser on the same workstation running the stand alone MSP orhttpsltip addressgt IP address of the workstation running the standalone MSP
This launches the Peaxy Management Tool If prompted accept the self-signed Peaxy certificate
After the initial setup is complete the IP address changes in the browser address bar This isexpected and correct behavior Now the installation portion of the AMS exits and the integratedAureum manager becomes active
In the next step the Aureum manager guides you through the initial configuration process
Create an Admin AccountThe first step in configuring a new Aureum system is to supply the details for the Admin account Afterthe installation process is complete and Aureum is up and running the Admin account is used to loginto the Aureum web UI (PMT) to perform additional administration tasks such as creating other useraccounts and a client registration password
Important The Admin account has access to critical areas of Aureum Ensure that the Adminaccount is secure
1 Type an email address for the accountThe AMS verifies that the email address is formatted correctly but does not check the validity ofthe email address itself This is the email address to which emails are sent
Note When setting the outgoing mailer settings the use of a customized email addressis highly dependent on the mail server While it might be possible to use a custom emailSEND FROM address many mail servers (such as Gmail) do not allow sending email usinganything other than the registered user account name
2 Type a user name for the accountThe user name must be between 3 and 32 characters and can contain letters numbers dots ()and at signs ()
3 Type a password to be associated with the user name in the previous stepPasswords are case sensitive and should be secure Best practice shows that you should changepasswords regularly
4 Confirm the password by retyping the password exactly as you entered it aboveWhen all of the fields are complete and have the correct format the SUBMIT button turns fromgray to blue
5 Click SUBMIT
The user account information is now created and stored
Important Set up the outgoing emailer settings as soon as possible after completinginstallation of Aureum If you forget or lose your password Aureum cannot send you a newone until the outgoing email is configured
Install Aureum | 18
The next step is to import the Aureum license
Import an Aureum LicenseImporting the license for an Aureum instance activates the Peaxy software License types are assignedto the Admin account that you created at the beginning of the installation
Before you create an Aureum system make sure that you have received your license from Peaxy andthat the license details are correct
Each time you create an Aureum instance you must import a license
1 Select the license to import or drag it onto the files areaThe license is a bdl file that contains all of the files needed to install the license
2 Click IMPORT3 The system installs the license and continues to the next step
Provide Aureum InformationDefining a few basic configuration items is the first step in setting up Aureum
During the first steps of the initial configuration you provide the basic information needed to createAureum its components and the namespace details
1 Enter the Network settingsa) Enter the gateway addressb) Enter the subnet maskc) Enter the primary DNS domain suffix and up to three DNS server addresses
DNS servers must be entered as IP addresses Each DNS server is on a separate line2 Enter the General settings
a) Enter a name for this Aureum instanceNames can be up to 14 characters and can contain letters numbers dashes and underscores
b) Optional Enter a location for the Aureum system for example ldquodatacenterrdquo or ldquoPhoenixofficerdquo
c) Enter the Aureum IP addressd) Optional Enter up to three NTP servers
Including an NTP server ensures that the time stamp for Aureum is always correcte) Select the time zone to use from the drop-down menu
This ensures that all nodes in Aureum use the same time zone3 Define the Namespace settings
Install Aureum | 19
a) Select the average file size that you expect Aureum to containYour expected average file size selection is used by Aureum to determine the most efficientdistribution of hyperservers Aureum uses the selection you make here to determine theestimated ratio of namespace hyperservers to data hyperservers
b) Set the default namespace replication factor from 2 to 4The namespace replication factor is the number of replicas that Aureum creates for thenamespace
4 Click CONTINUE
Add resources to Aureum You can also click CANCEL to cancel the installation
Add ResourcesResources refer to the physical servers that will make up Aureum These can be any commodity serversuch as a 1U or 2U server with any number and size of disks These resources are used to build thenamespace and data hyperservers that form the heart of a running Aureum system
Note After a resource has been added Aureum claims the complete resource Unusedportions of a resource are designated as spares and are used in case of a failure or expansion
1 The system locates all physical servers that have been booted using USB sticks and are currently indiscovery stateYou will see a list of the servers available for inclusion Use the filter to narrow your search by servername
2 Select the servers to add to Aureum
Servers scheduled for selection have a check mark to the left Select the box beside SERVER NAMEto select all servers in the list
3 Enter the required number of IP addresses or an IP range The number of IP addresses neededappears above the IP ADDRESSES entry box
The system determines the number of IP addresses needed to ensure that all Aureum componentscan communicate receiving requests and returning responses Addresses can be individual IPaddresses (xxxxxxxxxxxx) an IP address range (xxxxxxxxx - xxx) or an IP address with a wildcard(xxxxxxxxx) Separate the IP addresses with a space comma or newline
Install Aureum | 20
Aureum only supports IPv4 (the dotted quad format) For example
192168100419216810015-2019216873
4 Define the roles of the serversClick the ROLES column entry for a server and configure the servers to support either data accessor search (SolrCloud) While it is possible to configure a server to support both data access andsearch this setting is not recommended for a production deployment
Note Aureum 40 supports SolrCloud clusters with one or three nodes Aureum 40 doesnot support SolrCloud clusters with either two nodes or more than three nodes
5 Define the bonding for the network port cardsYou should see the same speed for all of the network interfaces (NICs) on this server Use the list ofall NICs that are bonded with the interfaces on this server to form your decision Inactive NICs arenoted as sucha) Click the ETHERNET column entry for the server whose bonding to configure
If the column text is red some interfaces are not bonded to the server If the text is blue allavailable interfaces are bonded
b) Place a check mark next to all of the interfaces to bond to this server Remove the check markfor those interfaces you do not want included in the bond
6 Optional Toggle the server beacon on or offBeacon signals guide you to the server in question This is often used when troubleshooting tolocate a specific server in a large group of servers
7 Click CONTINUEWait for the installation wizard to verify that the IP addresses you entered are valid and can beused The system assigns the IP addresses and sets the state to Pending
8 Click START INSTALLATIONThe button changes from START INSTALLATION to INSTALLATION IN PROGRESS The systemassigns the resources to Aureum and determines the necessary number of dedicated nodesneeded for the configuration The progress is displayed but you can also use the Log link to followindividual progress If some of the servers are not yet ready wait a few moments and retry
The installation process will take some time typically 10 to 20 minutes When complete the IPaddress in the browser will switch from the local IP of your workstation to the Aureum IP addressthat was entered earlier This signals the transition from the AMS you launched earlier (samsp) to theintegrated PMT that is now running on Aureum
The next step is to create a default storage class
Create a Default Storage ClassA storage class groups and manages data hyperservers with similar replication factors capabilitiesand performance configuration
You must configure at least one storage class to use as the default during the initial Aureumconfiguration You can create more storage classes at any time as long as you have the resourcesnecessary
1 You are presented with the create Initial Storage Class option2 Enter the required information to create the storage class
a) Type a name for the storage classClass names can be up to 14 text characters
b) Define the performance levelPerformance levels based on throughput and seek time Select the paired setting that is best foryour expected usage For the widest option select ldquoAnyrdquo
c) Set the replication factor
Install Aureum | 21
Remember all hyperservers assigned to this storage class will use these settings
Note You must include at least the same number of resources to create the specifiedreplication factor For example you cannot have a replication factor of three in anAureum system with only two servers
Because each replication requires some amount of storage the replication factor selectedaffects the amount of total storage available
Tip The Aureum data space is partitioned through all the data-capable hyperserversEach hyperserver can be configured to offer a specified replication factor This lets youstore vital data with high redundancy while more transient data can skip replication inorder to optimize storage and performance costs
d) Optional Enable flexible space allocationEnabling flexible storage space allows the members of the storage class to consume thecapacity needed When more storage space is needed more is allocated automaticallyregardless of the initial allocation Peaxy recommends this option for general use Some casesmight have different needs
e) Optional To make this the default storage class select YESAll data that does not meet the conditions in a specific data policy will be stored on the defaultstorage class (See data policies in the Aureum Administrator Guide)
3 Click CREATE STORAGE CLASS4 To complete the initial installation and configuration click FINALIZE AUREUM then click YES to
confirm the configuration is correct
Important After you click FINALIZE you must wait for the health indicator on the Aureumcard or list turn green before using Aureum
The Aureum installation is complete and the PMT shows the main Aureum window To configureadditional Aureum storage classes and data policies and to understand how to monitor Aureum seethe Aureum Administrator Guide
Define Outgoing Mail SettingsIn order for Aureum to send email notifications and provide lost password recovery you must tellAureum how to send email alerts
Important Configure outgoing email settings as soon as reasonably possible If you lose orforget your password Aureum cannot send reset instructions until you configure the emailsettings
1 Select EMAILER CONFIG from the SETUP WIZARD pane or from the Navigation menu select EMAILER
2 Type the email (SMTP) server to use when sending the emailThe email server must be accessible from Aureum
Install Aureum | 22
3 By default the system uses port 587 This is usually the right setting Only change the EMAILSERVER PORT if your organizations SMTP server requires it
4 Enter a valid user account and password that Aureum will use to send email from this server5 Optional SEND FROM is required only if your email server requires Transport Layer Security (TLS)
If this is the case type the SEND FROM email addressGenerally the recommended SEND FROM address is a working system administrator account
6 Click SAVE
Create a Client Registration UserThe Aureum client registration user and password allow client authentication at mount time
This allows you to create a custom account for authenticating client mounts
1 Click REGISTRATION2 Type a name for the user This will be the username that is authorized to type in the registration
password when an Aureum client is installed3 Type the client registration password This password is used to register the Aureum client for
authentication at mount time4 Click SAVE
Configure SecurityDefine define the level of security for client communication
1 Click SECURITY LEVEL2 Slide the controller to the level of security your data will use
3 Click ACCEPT
ConnectAn Aureum client mounts Aureum and allows access to folders and files Peaxy provides clientsoftware for Linux users and allows Windows users to access Aureum through a Windows share
The Linux-based client uses a FUSE component to remotely access Aureum services Almost all Linuxinstallations include FUSE so you should not need to do anything extra
The Aureum client has a small footprint A very limited set of memory and CPU cycles are needed toperform the client functions Also the Aureum client can be used concurrently with other clients forNFS and other network file systems
When you install the client the client drivers are added to the default system directories To accessthese directories use the mount command (more commonly known as mapping a drive in Windows)to mount the client to the directory
Install Aureum | 23
Mounting a client to an Aureum directory loads all the data structures necessary for the client tointeract with Aureum As the structures change Aureum updates them In order for a client to accessAureum all that is necessary is that the client know the IP address or URL to which the client willconnect and the client-Aureum registration password
Also available is the ability to join a Windows domain and create domain-authenticated users who canaccess different areas of Aureum
Linux Client-Aureum RegistrationThe minimum security level for Aureum is the authenticated mount To ensure that unauthorized usersdont gain access to data Peaxy provides an authenticated mount between Aureum Linux clients andAureum using certificates and registration
Note The process described in this section applies to Linux clients Windows domains userswith credentials from an Active Directory access Aureum through a Windows share
Security is always an important part of any system that provides data access especially when theaccess spans many users and locations Peaxy provides a registration process where the clientand server exchange certificates which are used to authenticate subsequent connections Theregistration provides a mutual authentication method between the client and Aureum allowing theclient access Only authenticated clients are allowed to mount Aureum Other clients cannot use thesame authentication as part of the certificate registration Aureum generates a client key pair that isunique to each client-Aureum connection
How It WorksThe AMS requires a dynamic registration at the initial mount time As part of the registration Aureumgenerates a key pair unique to each client This key pair is persistent so you do not need to re-register the client each time you mount Aureum
This initial registration is required the first time the client mounts Aureum and requires a specialregistration password that is unique to Aureum This password is entered by the Aureum administratorat the workstation on which the client is installed Subsequent client mounts use the client certificateissued during registration
Security LevelsAureum offers varying levels of security
The security level is visible on the Aureum card or list and is indicated in the SECURITY section by thenumber of total locks that are green Gray locks indicate how many additional security levels you canselect For example if there are four total locks and three are green your current security level is 3Message Integrity
bull Data Confidentiality all data in and out of Aureum is verified and encryptedbull Message Integrity message authentication codes verify message integritybull Kerberos Authentication use the Kerberos authentication protocol as the mechanism for
authentication between a client and a server or between one server and another serverbull Authenticated Mount use X509 certificates to mutually authenticate and validate all Aureum
clients and hyperservers in Aureum
Create an ExportCreate an export to allow Linux clients to mount and access Aureum
1 From the Navigation menu select SECURITY gt EXPORTS2 Type the export name3 In the EXPORT CONTENT IN field choose the data class to export
The IN DIRECTORY field automatically populates with the path specified by the chosen data classYou can extend this path but you cannot shorten it For example if the data class specifies the
Install Aureum | 24
engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the export5 Click CREATE6 To edit or delete an export click the corresponding entry in the list
bull To edit the export make the changes needed in the edit panel and click SAVE CHANGESbull To delete an export click the corresponding trash can icon ( ) and confirm the deletion
Install a Linux-based Aureum ClientYou install the Aureum client on physical hardware or on a workstation in the cloud Use the client tomount and access Aureum directories
Before installing the client make sure that your system meets the minimum requirements describedin the Requirements section of this document
Note Aureum uses FUSE in Direct IO mode for better performance The version of FUSErunning on older versions of CentOS Red Hat Enterprise Linux doesnt support mmap whenFUSE is being used this way This might cause some mmap functions such as ACCESS_WRITEMAP_SHARED and PROT_WRITE to fail You can use the mount flag --disable-direct-io-mode to disable Direct IO mode
If you choose to use Direct IO mmap will be disabled on CentOS56 and 57 since those versionsdont support mmap with direct IO Enabling this option will result in a significant performancedegradation on clients using this option Peaxy strongly recommends that you upgrade to a newerversion of Linux
Ensure FUSE and its dependencies have been installed on each client If it has not been installedinstall FUSE according to the instructions for the package you chose On CentOS for example installthis by typing
sudo yum -y install fusex86_64 fuse-develx86_64 fuse-libsx86_64
The version numbers for your installation may differ
If you have installed a version of the fuseko module that is not the Peaxy-specific version runadditional commands at the end of the installation process This prevents kernel-oops messages fromconsuming all of the space in the varspool directory These messages indicate a benign conditiondue to a Linux FUSE problem
Run the following commands
chkconfig --levels 2345 abrt-oops off service abrt-oops stop
Note The client installation sets the following values automatically
Parameter Value set to
netipv4tcp_tw_recycle 1
netipv4tcp_fin_timeout 2
netcorewmem_max 2097152
netcorermem_max 2097152
netcorewmem_default 2097152
netcorermem_default 2097152
Install Aureum | 25
1 Download the Aureum client file from the support section of the Peaxy website at wwwpeaxynetsupport (login is required)The file is downloaded as a targz package and contains an installer It has a name similar tohfclient-fuse-400ltbuildnumbergttargz
2 Unpack the distribution file by typing the following
tar -zxvf hfclient-fuse-400ltbuildnumbergttargz
You will see something like the following
hfclient-fuse-400hfclient-fuse-400setupshhfclient-fuse-400scriptshfclient-fuse-400scriptsupdatedbshhfclient-fuse-400scriptsc_rehashshhfclient-fuse-400scriptssysctlshhfclient-fuse-400scriptsunregshhfclient-fuse-400scriptsconfshhfclient-fuse-400binhfclient-fuse-400binfusehfCentOS-5xhfclient-fuse-400binfusehfhfclient-fuse-400confhfclient-fuse-400confhfconftgz
3 While logged in as root run setupsh installThe driver files are installed in the default system directories You will see something similar to thefollowing
sudo setupsh install
Installer for Peaxy Aureum Client version 40
Checking package contentsInstalling hf client binariesremoved `optpeaxy-40sbinfusehf`binfusehf -gt `optpeaxy-40sbinfusehfInstallation complete
Mount Aureum
Mount Aureum (Linux)After the client is installed use the mount command to mount Aureum
At a command prompt type
sudo mkdir -p ltmnt_pointgtsudo mount -t fusehf hfltmgmt_ipgt ltmnt_pointgt -o user=ltclient registration usernamegt
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is thedirectory that will serve as your local mount point for example mntpeaxy
If you omit -o user=ltclient_user_namegt you would be prompted for the password associatedwith the local admin account to complete the client registration Best practice is to always create aclient registration account and use that password
The first time you mount the client to Aureum you will be prompted for a registration passwordto allow client-Aureum authentication Type the client registration password Otherwise youradministrator must do this for you
Peaxy strongly recommends that you change the password often especially after typing the passwordfor a client registration
If you or your IT administrator have associated a DNS entry with the Aureum IP address you mightwant to use the DNS name as the name for your mount point
Install Aureum | 26
To configure the Aureum client to automatically mount on startup locate the etcfstab file andadd the line
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults 0 0
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is the localmount point for example mntpeaxy
Note If you are running CentOS 7 change this line to add the _netdev flag as below
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults_netdev 0 0
You can now use the Aureum client to access Aureum
Unregister a Linux Client from AureumYou can securely unregister an installed FUSE client from the Aureum system that it mounts
Removing the registration renders the client unable to access Aureum If you use the all option youwill need to perform a new registration setup before you can mount Aureum again
Unregistering a client is done by running the unregsh script Use the following procedure tounregister the client
1 On the workstation running the client open a command prompt2 Move to optpeaxybin the location of the script3 Run the script
bull Type sudo unregsh ltAureumgt to unregister the client from a specific Aureum systemReplace ltAureumgt with the Aureum system to unregister
bull Type sudo unregsh all to unregister the client from all Aureum systems on which theclient is registered
Note Peaxy strongly recommends using the all option before you decommission aclient workstation
Windows ConfigurationDomain users with credentials from an Active Directory can access Aureum through a share
After Aureum joins a domain it sets up network shares for chosen directories (including all containedsubdirectories) To domain users these shares look the same as any other folder that is accessible viathe network
Unlike an Aureum client which mounts to the root of the volume a share allows a user to exportsubdirectories for more granular access
Where to Find ItFrom the Navigation menu select SECURITY gt DOMAINS and SECURITY gt SHARES
Join a DomainBefore you can create a share you must join a Windows domain
You can pre-create a machine account in an Active Directory under a specified OU If you choose notto do so Aureum will try to add a computer account to the default location of ldquoComputersrdquo
Important If Aureum is already joined to a domain joining another domain will replace thejoin not add to it Aureum will only be joined to the most recently joined domain
1 From the Navigation menu select SECURITY gt DOMAINS2 Type the complete Windows domain to join for example engexamplecom3 Type the username with access to the domain The user must have the necessary permissions to
join Aureum to the domain4 Type the password associated with the username or access to modify an object in the OU if the
machine account was pre-created
Install Aureum | 27
5 In the NETBIOS NAME field set the Aureum computer account name you wish to be created in theActive Directory If Aureum is using a pre-created machine account in a specific OU then the nameyou specify here must match that name exactly
6 Click JOIN
After the domain has been joined the JOIN button changes to LEAVE To leave the domain clickLEAVE
Create a ShareCreate a share to allow Windows users to connect to Aureum
Before you can create a share you must join the appropriate domain
1 From the Navigation menu select SECURITY gt SHARES2 Type the name of the share3 In the SHARE CONTENT IN field choose the appropriate data class
The IN DIRECTORY field automatically populates with the path specified by the chosen data classYou can extend this path but you cannot shorten it For example if the data class specifies the engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the share5 Click CREATE
6 To edit or delete a share click the share to be modified
bull To edit the share make the changes needed in the edit panel and click SAVE CHANGESbull To delete the share click the trash can icon ( ) and confirm the deletion
Mount an Aureum Windows ShareDomain-authenticated users can mount and access Aureum directories using a share
After Aureum has been joined to a domain and the share has been created you can easily mount tothe share
The exact mount process is based on your workstation OS
Install Aureum | 28
If you do not already know it you can determine the mount point from Aureum by navigating to theJOIN DOMAIN page and using one of the listed public IP addresses as the mount point Include theshare name when mounting
Peaxy recommends that you take the list of public IP addresses and enter them into your DNS serverlisted under the Aureum NetBIOS name within the appropriate domain In cases where multipleaddresses are used the DNS server automatically round-robins the returned address This ensure thatclient connection load is distributed across the available nodes
As a Windows example to mount a drive letter to Aureum Type
net use ltdrive_lettergt ltpublic addressgtltshare namegt
where ltdrive_lettergt is the drive letter to assign to Aureum ltpublic_addressgt is the IP address usedto join the domain and ltshare_namegt is the share
You then log into the share using your domain-authenticated username and password For exampleMYDOMAINmyname
After mapping the drive access Aureum through Windows Explorer just like you would any otherdrive
If the share does not appear in the Windows Explorer after a change such as a system reboot occursrefresh the view using the Refresh icon ( ) The share should display correctly
You do not have to assign a share to a drive letter however In Windows Explorer type the public IPaddress and share name into the address bar Provide your username and password
POSIX ComplianceAureum provides a POSIX-compliant interface
Most of the Aureum interfaces are POSIX compliant and adhere to the IEEE standard The following isa list of exceptions to compliance
bull The directory nlink count is not incremented when a subdirectory is addedbull inode retention differs from the POSIX specification because there is no way to retain the original
inode number when a rename entails a move to a different device You can display the datahyperserver extent ID instead of the namespace hyperserver Node ID to the caller in the statfamily of calls This does not change when a file or directory is renamed It does change if the file ismigrated from one data hyperserver to another
bull If two mount points are held to the same Aureum and a file is closed on one Aureum does notremove a fcntl lock for the same file on another This is a variance on the way that NFS worksThe internal locking structures take into account the client ID which varies depending on the clientmount If there are two different mounts to a server Aureum treats them as separate machineswhich NFS does not
bull The file locking call flock() is emulated using POSIX byte range locks (fcntl() ) The POSIXcompliance specification does not cover flock() This implementation mirrors the behavior ofNFS The Aureum behavior is slightly different and varies from the POSIX specification as follows
1 As in NFS you must have write permissions to get a write lock2 As in NFS you cannot place both flock() and fcntl() locks on the same file as these locks
will conflict3 An flock() will not inherit across forks4 The flock() will be durable against other file closes but fcntl() locks will not behave within
the POSIX specification5 As well as being removed by an explicit f_unlock record locks are automatically released
when the process terminates or if it closes any file descriptor referring to a file on which locksare held This means that a process can lose the locks on a file like etcpasswd or etcmtab if a library function opens reads and closes it
Information and ResourcesThe latest news and information can always be found on the Peaxy website
Peaxy provides documents that are designed for different audiences These documents furnish acomprehensive explanation of Aureum and how to use it Additionally information is available fromtooltips Each field has a tooltip that adds explanations and any limitations for the item
The most current and accurate information available was included at the time this document wasprepared However changes may occur after the document is released Always read the ReleaseNotes for the most current information
Aureum Installation GuideA step-by-step guide to installing and configuring Aureum into your network
Aureum Administrator GuideA guide to understanding the Aureum architecture Provides details for planning configuring andmonitoring your implementation
Quickstart SeriesA series of two-page guides providing an abbreviated set of instructions for Aureum tasks Theycan be taken in order or used as reminders for individual tasks
Tech NotesSome technical issues are outside the scope of the regular documentation These are presented asTechnical Notes
Contact Peaxy9 am to 5 pm Pacific Standard Time
Main +1 (408) 441-6500
Support +1 (408) 763-3700
By phone
Support toll free US only +1 (844) 277-3299
General information infopeaxynet
Sales salespeaxynet
Support supportpeaxynet
By email
Documentation feedback feedbackpeaxynet
Online wwwpeaxynetsupport (login required)
Peaxy Inc
2380 Bering Dr
By mail
San Jose CA 95131 USA
LegalPeaxyreg and Aureumtrade are registered trademarks of Peaxy Inc
All other trademarks belong to their respective companies
CopyrightsThis document is copyright copy 2016 Peaxy Inc
Aureum software includes portions of the following
bull Amazon Web Services (AWS) Java SDK httpsawsamazoncomsdk-for-java and httpawsamazoncomapache-2-0
bull Apache License Version 20 January 2004bull BEOPEN PYTHON OPEN SOURCE LICENSE AGREEMENT VERSION 1bull BSD 3bull crc32 routine COPYRIGHT copy 1986 Gary S Brownbull Element Tree used under the Python licensebull Erlang Public License (EPL) a derivative work of the Mozilla Public License Now provided under
the Apache 20 licensebull GoogleAuth httpsgithubcomwstrangeGoogleAuthbull GNU Lesser General Public License Version 3 Copyright copy 2007 Free Software Foundation Inc
and GNU Lesser General Public License Version 21 Copyright copy 1999 Free Software FoundationInc
bull Samba is Free Software licensed under the GNU General Public License httpswwwsambaorgsambadocsGPLhtml the Samba project is a member of the Software Freedom Conservancy
bull JSON-C Copyright (c) 2009-2012 Eric Haszlakiewicz and Copyright (c) 2004-2005 MetaparadigmPte Ltd
bull Kerberos Copyright copy 1985-2009 now under the MIT 2 licensebull libcurl Copyright (c) 1996 - 2015 Daniel Stenbergdanielhaxxsebull lshow used under the GPL licensebull MIT (X11) Copyright copy 2007-2015bull RIAK Creative Commons (httpcreativecommonsorg licensesby30)bull Goldrush Copyright copy 2012 Magnus Klaarbull Meld Under ZPL licensebull NSIS (Nullsoft Scriptable Install System) copy 1999-2013bull OpenSSL License Copyright (c) 1998-2016 The OpenSSL Project and Original SSLeay License
Copyright (c) 1995-1998 Eric Youngbull Protobuf Copyright 2008 Google Inc now under the BSD 3 licensebull Setup Tools (setuptools-06c11) Under ZPL licensebull Sodium crypto library (libsodium) ISC license Copyright (c) 2013-2015 Frank Denisbull Solr the Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull TCL Copyright copy Regents of the University of California Sun Microsystems Inc Scriptics
Corporation and other partiesbull The Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull The Apache Tika project Copyright copy The Apache Software Foundationbull VirtualBox Copyright copy 2007 Oracle Corp as part of the GNU GPL V2 Licensebull YAWS Copyright copy 2006 Claes Wikstrom now under the BSD licensebull Apache zookeeper Under the Apache 2 license
Index | 35
Index
bdl license file 18
img 12
MD5 12
zip 12
A
access directories 24Active Directory 26add
resources 19servers 19
Admin 17administrator 17AMS 12 14 15 16Aureum IP address 11Aureum Manager 6 12 14Aureum name 18Aureum overview 5average file size 18
B
beacon turning on or off 19BIOS 15bonding network interface 19bootable USB 12 14browser 15button color 17
C
capacity 10 19CentOS 10checksum 12client registration 22clients 22configuration 11configure email 21connect 22contact 31create
export 23share 27
create Aureum 15create storage class 20
D
dedicated capacity 20dedicated nodes 5default storage class 20directory access 24discover resources 12 14 19discovery state Aureum nodes 12 14disk space required 10DNS server 11DNS servers 18documentation 31domain-authenticated user
domain 27
domain-authentication 22domain suffix 11download images 14
E
editsecurity level 22
emailer settings 21Ethernet
interface 10switch 10
exportCIFS 23create an export 23
F
files needed 12 14firewall 12flexible capacity 20flock 29FUSE 10
G
gateway 11 18
H
hardware requirements 10how to reach Peaxy 31
I
image copier 12 14import a license 18initial configuration 18inode retention 29install
client 24Linux client 24
introduction 5iptables 16
J
javarequired version 12 14
javaw 14
K
Kerberos 22 22 23
L
legal 33levels of security 23license files 18licenses 18
Index | 36
Linux client install 24localhost 15location 18
M
maintenance agreement 18management IP 15mapping 22mount Aureum 24 27mounting 22 22
N
namespace 18Navigation menu
configuration 11security 22
netBIOS 22NIC 19NTP server 11 18
O
outgoing email 21overview
architecture 6Aureum building blocks 6components 6
P
password 17password limitations 17ports 12POSIX compliance 29primary domain 18primary domain suffix 11
R
RAM requirements 10realms 22reboot 12 14recommended configuration 10Red Hat Enterprise Linux 10replication factor 11 18 20resources
needed 10run setup 16
S
samsp 12 14 16security 22 23security levels
security 22 23select the license 18SElinux 16sestatus 16set performance levels 20settings 11setup 16share
CIFS 27
create a share 27Share 26SMTP 17 21software files 14space needed 10storage class creating default 20subnet mask 11Support hours 31
T
tar ball 24time server 18time zone 11 18
U
USB 15USB stick 10 12 14user account 17
V
virtualization 6 15
W
what youll need 11Windows
domain 26join a domain 26share 27
Windows client 10
Y
yum 24
Introduction | 7
data or metadata Aureum sets the number of copies during the initial configuration and based onthe attributes of the storage class Aureum creates these nodes solely for its own use
bull Aureum Management Service Aureum management service (AMS) allows you to create and useAureum from physical resources
Overview of Aureum Building BlocksEach part of the Aureum architecture builds on the next To build an Aureum system
1 Rack and cable any physical servers and ensure the resources are accessible on the network2 Provision your resources and configure your physical storage Hardware provisioning is the task of
Admin users and cannot be delegated3 Install the Peaxy software Installation is described in the this guide
The Aureum manager (AMS) uses the configuration settings you define when Aureum creates thenodes It groups them into the appropriate types of hyperservers Aureum uses your configurationsettings to determine the optimal ratio of namespace hyperservers to data space hyperservers
4 Create storage classes and ingest policies for your environment
All of the resourced hyperservers aggregate and become a fully functioning Aureum systemconnected to your network
5 Create data classes to manage storage and access control based on the logical organization ofyour teams and projects
6 Begin ingesting data into Aureum
After the basic setup is complete you can add storage classes and data policies as well as optionalreplication partners When planned correctly these let you automate most data management andadministrative tasks
Aureum provides the Peaxy Management Tool (PMT) a powerful and intuitive browser-based UI formanagement Access data through a Linux-based client or a Windows domain share Peaxy providesseveral roles and allows the creation of others to ensure that the right access level is granted to usersand groups
Install Aureum
In this section
bull Resource Requirementsbull Aureum Configuration Settingsbull Port Requirements and
Firewall Settingsbull Prepare Aureum Installation
Resources (Linux)bull Prepare Aureum Installation
Resources (Windows)bull Install the Softwarebull Continue the Installationbull Create an Admin Accountbull Import an Aureum Licensebull Provide Aureum Informationbull Add Resourcesbull Create a Default Storage
Classbull Define Outgoing Mail Settingsbull Create a Client Registration
Userbull Configure Securitybull Connect
Make sure you have sufficient resources for the Aureum system youare creating After the hardware is racked and accessible to thenetwork use the Aureum manager to create the system
Install Aureum | 10
Resource RequirementsThe requirements for the hardware are minimal and depend on the Aureum configuration you define
The software installation image is self-contained and does not have outside software requirements
Minimum Hardware Requirementsbull Three or more servers compatible with Red Hat Enterprise Linux version 7 64-bit 1
bull Each server should have a minimum of 24 GB RAM and one core per physical device (diskLUN)bull One or more 1 or 10 Gigabit Ethernet connectionsbull One 2 GB USB stick per serverbull One available USB port on each server
Important If you are planning replication you can replicate across only same-sized drives Forexample replication must be between multiple 1 TB drives or between multiple 2 TB drivesand so on
Aureum SolrCloudCompute Node Requirementsbull 4 or more CPU coresbull 64 GB RAMbull 1 TB local storage
Aureum FUSE Client RequirementsAureum clients may be run on either physical or virtual machines and can use either 1 Gigabit or 10Gigabit Ethernet connections
Additionally the client requires
bull 1 or more CPU coresbull 2 GB RAMbull Red Hat Enterprise Linux version 5 6 or 7 64-bit or CentOS 5 6 or 7 64-bit or laterbull FUSE (the Linux File System in User Space)
Aureum Windows Client RequirementsAureum clients may be run on either physical or virtual machines and can use either 1 Gigabit or 10Gigabit Ethernet connections
Additionally the client requires
bull 1 or more CPU coresbull 2 GB RAMbull a supported operating system
2008 SP2 x86 and 64-bit
2008 R2 64-bit
2012 64-bit
Windows Server
2012 R2 64-bit
Vista x86 and 64-bit
Windows 7 x86 and 64-bit
Windows 8 x86 and 64-bit
Windows
Windows 81 x86 and 64-bit
1 The complete list of compatible hardware is available at httpshardwareredhatcom
Install Aureum | 11
Windows 10 x86 and 64-bit
Aureum Configuration SettingsConfiguration settings are needed to install and configure Aureum There can be additional optionalsettings
Table 1 General and Network Settings
Item Description Example
Aureum name Names can be up to 14 alphanumeric characters and cancontain dashes (-) and underscores (_)
Aureum_One
Aureum IPaddress
This is a floating IP address that is used for communicationto and from Aureum Communication can be donethrough the Aureum IP address Peaxy recommendsthat organizations create a DNS entry for Aureum that ismapped to the IP address allowing you to refer to Aureumby a more meaningful name
10213119
IP addresses A list of IP addresses or one or more ranges of IPaddresses that the configuration wizard can use to assignIP addresses to discovered hypervisors If you includemultiple ranges the Aureum manager will use all availableIP addresses in the first range before moving to thesecond
151145011715114520 - 94
Gateway Aureum needs to be assigned a default gateway addressThe gateway is used by each hypervisor and node thatcomprises Aureum
1721601
Subnet mask All hypervisors making up Aureum must reside in the samesubnet This is defined by the subnet mask
25525500
DNS domainsuffix
Working with the DNS server the domain suffix identifiesthe server within a smaller network (like a computer lab)
peaxynet
DNS server list A list of up to three DNS servers to use 55219208672222228888
Time zone The time zone to use (UTC-800) Pacific
NTP server The IP address of the network time protocol (NTP)server that Aureum should use to coordinate time acrossthe entire namespace even if the servers within thenamespace are in disparate locations This can be criticalwhen Aureum needs to compare timestamps
0poolntporg1poolntporg
Averageexpected file size
The selection here is used by the system to determine themost efficient ratio of namespace hyperservers to datahyperservers
bull Small files (less than 1MB)bull Medium files (less than 20MB)bull Large files (greater than 20MB)bull A mixture of file sizes
Large files (greaterthan 20MB)
Replication factor The number of replicas created for data when the filesare assigned to a particular storage class Setting thereplication factor to 2 indicates that the original and one
2
Install Aureum | 12
Item Description Exampleadditional replica of the data are saved providing higheravailability Valid options are 2 3 and 4
Use the appropriate replication factor for each storageclass to implement the best level of protection for criticaldata and to limit wasted consumption for sandboxes andother nonessential data For data that is not critical or forsandboxes you can choose a lower replication factor Usea high replication factor for data that is critical or accessedoften
Table 2 Emailer Settings
Item Description Example
Email server The name of the email server This is usually an SMTPserver
smtpgmailcom
Server port By default port 587 is used Only change this if corporateor security requirements demand it
587
Email serveraccount
Enter a valid email account Aureum uses this account tosend email notifications and replacement passwords
memycompanycom
Password The password that is associated with the valid emailaccount
Send from Only change this if your SMTP server allows it and yourcorporate requirements demand it Normally only serversusing TLS require this entry
memycompanycom
Port Requirements and Firewall SettingsBecause Aureum uses the network for traffic specific ports must be available
The following table describes the ports that must be open for Aureum traffic and client connections
Port Type Used for
53 DNS DNS
443 TCP Encrypted traffic
514 UDP Log Server
3033 TCP Statistic collection
8001 TCP Analytics server
8080 HTTP Windows client
8443 TCP Encrypted traffic
10011 UDP LinuxFUSE client
Prepare Aureum Installation Resources (Linux)The software is installed on each server resource that will become part of Aureum Aureum ishardware agnostic but there must be adequate resources to complete the installation Each serveruses a USB stick to install the software
Make sure that you have the required basic resources described in Resource Requirements Downloadthe software files from wwwpeaxynetsupport A login is required
Install Aureum | 13
1 Download the software installation files
bull Release-ltreleasenumbergtimg is the image to be copied to a USB stick that will initializethe hardware
bull Release-ltreleasenumbergtmd5 is the checksum file that validates the validity of the imagebull samsp-ltreleasenumbergtzip is a compressed file that contains the utilities to move the
image to the USB stick and for the initial configuration of Aureumbull The Aureum client file
bull hfclient-fuse-ltreleasenumbergttargz - the Aureum Linux client installation file2 From a command prompt on your workstation uncompress the installation files Type
sudo unzip samsp-ltreleasenumbergtzip -d tmp
3 As root launch the image copier Double click img-copiersh and click Run on the dialog thatappears
4 Browse to the software image you downloaded (the img file) and select this file
5 Type a label for the USB sticks
The label is used to identify the system during the initial installation and becomes the name of theserver on which it is installed If you use the same label on different sticks the software will add anumeric suffix when creating the host name for example HOST-01 HOST-02 and so on Labelscannot exceed 16 charactersYou can provide a different label for each USB stick but to do so you must copy the image file toeach stick individually
6 Insert the USB sticks into a port on your workstation or a hub connected to your workstation andthen click REFRESH to make them visible to the image copier tool Select the sticks you want fromthose displayed in the destination drives list The USB stick must be at least 2 GB
7 Leave Verify copy operation enabled Peaxy strongly recommends that you do not skip this step
Install Aureum | 14
Depending on the speed on the USB sticks it can take several minutes to complete theverification
8 Enable hypervisor protection if requiredEnable hypervisor protection if the underlying storage consists of non-redundant JBOD (acollection of hard disks that have not been configured to act as a RAID) This creates a softwareRAID 5 configuration for the container store used by AureumYou can disable hypervisor protection if you have a hardware RAID under the disk volumes Thisallows Aureum to use a higher-performing RAID 0 configuration instead
9 Click START10After the copy is complete click EXIT and remove the USB sticks from the workstation or USB hub
The USB stick now contains a bootable image of the Aureum installation software
Prepare Aureum Installation Resources (Windows)The software is installed on each server resource that will become part of Aureum Aureum ishardware agnostic but there must be adequate resources to complete the installation Each serveruses a USB stick to install the software
You must have administrator permissions to install the Aureum software
Your workstation must be running the Java Runtime Environment (JRE) 17 or higher installed in orderto run the image copier
Make sure that you have the required basic resources described in Resource Requirements Downloadthe software files from wwwpeaxynetsupport A login is required
1 Download the software installation files
bull Release-ltreleasenumbergtimg is the image to be copied to a USB stick that will initializethe hardware
bull Release-ltreleasenumbergtmd5 is the checksum file that validates the validity of the imagebull samsp-ltreleasenumbergtzip is a compressed file that contains the utilities to move the
image to the USB stick and for the initial configuration of Aureumbull The Aureum client file
bull hfclient-fuse-ltreleasenumbergttargz - the Aureum Linux client installation file2 On your Windows workstation move to the location of the zip file and unzip the file using any
uncompression program3 Move to the location of the uncompressed file and double-click the executable to start the
installation4 With administrator privileges launch the image copier Double-click img-copierbat
Install Aureum | 15
If the image copier does not launch properly you might need to add javaw to your path Refer toyour Windows Operating System help for instructions
5 Browse to the software image you downloaded (the img file) and select this file then click Run6 Type a label for the USB sticks
The label is used to identify the system during the initial installation and becomes the name of theserver on which it is installed If you use the same label on different USB sticks the software willadd a numeric suffix when creating the host name for example HOST-01 HOST-02 and so onLabels cannot exceed 16 charactersYou can provide a different label for each USB stick but to do so you must copy the image file toeach stick individually
7 Insert the USB sticks into a port on your workstation or a hub connected to your workstation andthen click REFRESH to make them visible to the image copier tool Select the sticks you want fromthose displayed in the destination drives list The USB stick must be at least 2 GB
8 Leave Verify copy operation enabled Peaxy strongly recommends that you do not skip this stepDepending on the speed on the USB sticks it can take several minutes to complete theverification
9 Enable hypervisor protection if requiredEnable hypervisor protection if the underlying storage consists of non-redundant JBOD (acollection of hard disks that have not been configured to act as a RAID) This creates a softwareRAID 5 configuration for the container store used by AureumYou can disable hypervisor protection if you have a hardware RAID under the disk volumes Thisallows Aureum to use a higher-performing RAID 0 configuration instead
10Click START11After the copy is complete click EXIT and remove the USB sticks from the workstation or USB hub
The USB stick now contains a bootable image of the installation software
Install the SoftwareThe installation software on the USB stick installs the Peaxy software and lets you create Aureum
1 Insert one prepared USB stick into each server Servers must have a console attached or beaccessible via an IPMI management tool
Install Aureum | 16
2 Apply power to the servers either individually or with a few seconds in between to complete the
next steps
Note If you have already configured your server to boot from USB skip steps 3 4 and 5
3 Enter the server BIOS and instruct the server to boot from the USB stickThe method used to enter the BIOS depends on the server
4 Ensure that the virtualization setting is enabled in the BIOS5 Save the BIOS changes and reboot the server from the USB stick
After the server has booted from the USB stick and launched the installation software you will seea message at the bottom of the screen telling you that the server is being prepared for installationThis boot process has placed the servers in a discoverable state this plays a role in the nextphase of the installation process
Continue the InstallationAfter the servers have been prepared and the software has been installed begin the configuration
1 On your workstation disable the firewall
On Red Hat Enterprise LinuxCentOS 7 systems use the following commands
systemctl stop firewalld
systemctl disable firewalld
On other Linux-based operating systems use the following commands
service iptables stop
service ip6tables stop
chkconfig ip6tables off only include this command if you want to permanently turn thefirewall off
chkconfig iptables off only include this command if you want to permanently turn thefirewall off
2 On your workstation disable SElinuxYou can check the status of SElinux with sestatus The result should appear as SELinuxstatus disabledIf you do not see disabled
1 Edit etcselinuxconfig and set the SELINUX variable to disabled2 Reboot your client workstation
3 On the workstation launch the Aureum installation management tool Type
sudo tmpsamsp-400ltversiongtsamspsh
Install Aureum | 17
You should see something similar to the following
Launching Management Server Platform version 400rootOpen your browser and enter the URL httpslocalhost to continueDo not terminate samsp it is required to complete cluster configurationYou can view tmpsamsp-40010872logmsplog for detailed progress activity
Important Do not terminate samsp because it is needed to complete clusterconfiguration
4 Open a browser and type
httpslocalhost If you are running the browser on the same workstation running the stand alone MSP orhttpsltip addressgt IP address of the workstation running the standalone MSP
This launches the Peaxy Management Tool If prompted accept the self-signed Peaxy certificate
After the initial setup is complete the IP address changes in the browser address bar This isexpected and correct behavior Now the installation portion of the AMS exits and the integratedAureum manager becomes active
In the next step the Aureum manager guides you through the initial configuration process
Create an Admin AccountThe first step in configuring a new Aureum system is to supply the details for the Admin account Afterthe installation process is complete and Aureum is up and running the Admin account is used to loginto the Aureum web UI (PMT) to perform additional administration tasks such as creating other useraccounts and a client registration password
Important The Admin account has access to critical areas of Aureum Ensure that the Adminaccount is secure
1 Type an email address for the accountThe AMS verifies that the email address is formatted correctly but does not check the validity ofthe email address itself This is the email address to which emails are sent
Note When setting the outgoing mailer settings the use of a customized email addressis highly dependent on the mail server While it might be possible to use a custom emailSEND FROM address many mail servers (such as Gmail) do not allow sending email usinganything other than the registered user account name
2 Type a user name for the accountThe user name must be between 3 and 32 characters and can contain letters numbers dots ()and at signs ()
3 Type a password to be associated with the user name in the previous stepPasswords are case sensitive and should be secure Best practice shows that you should changepasswords regularly
4 Confirm the password by retyping the password exactly as you entered it aboveWhen all of the fields are complete and have the correct format the SUBMIT button turns fromgray to blue
5 Click SUBMIT
The user account information is now created and stored
Important Set up the outgoing emailer settings as soon as possible after completinginstallation of Aureum If you forget or lose your password Aureum cannot send you a newone until the outgoing email is configured
Install Aureum | 18
The next step is to import the Aureum license
Import an Aureum LicenseImporting the license for an Aureum instance activates the Peaxy software License types are assignedto the Admin account that you created at the beginning of the installation
Before you create an Aureum system make sure that you have received your license from Peaxy andthat the license details are correct
Each time you create an Aureum instance you must import a license
1 Select the license to import or drag it onto the files areaThe license is a bdl file that contains all of the files needed to install the license
2 Click IMPORT3 The system installs the license and continues to the next step
Provide Aureum InformationDefining a few basic configuration items is the first step in setting up Aureum
During the first steps of the initial configuration you provide the basic information needed to createAureum its components and the namespace details
1 Enter the Network settingsa) Enter the gateway addressb) Enter the subnet maskc) Enter the primary DNS domain suffix and up to three DNS server addresses
DNS servers must be entered as IP addresses Each DNS server is on a separate line2 Enter the General settings
a) Enter a name for this Aureum instanceNames can be up to 14 characters and can contain letters numbers dashes and underscores
b) Optional Enter a location for the Aureum system for example ldquodatacenterrdquo or ldquoPhoenixofficerdquo
c) Enter the Aureum IP addressd) Optional Enter up to three NTP servers
Including an NTP server ensures that the time stamp for Aureum is always correcte) Select the time zone to use from the drop-down menu
This ensures that all nodes in Aureum use the same time zone3 Define the Namespace settings
Install Aureum | 19
a) Select the average file size that you expect Aureum to containYour expected average file size selection is used by Aureum to determine the most efficientdistribution of hyperservers Aureum uses the selection you make here to determine theestimated ratio of namespace hyperservers to data hyperservers
b) Set the default namespace replication factor from 2 to 4The namespace replication factor is the number of replicas that Aureum creates for thenamespace
4 Click CONTINUE
Add resources to Aureum You can also click CANCEL to cancel the installation
Add ResourcesResources refer to the physical servers that will make up Aureum These can be any commodity serversuch as a 1U or 2U server with any number and size of disks These resources are used to build thenamespace and data hyperservers that form the heart of a running Aureum system
Note After a resource has been added Aureum claims the complete resource Unusedportions of a resource are designated as spares and are used in case of a failure or expansion
1 The system locates all physical servers that have been booted using USB sticks and are currently indiscovery stateYou will see a list of the servers available for inclusion Use the filter to narrow your search by servername
2 Select the servers to add to Aureum
Servers scheduled for selection have a check mark to the left Select the box beside SERVER NAMEto select all servers in the list
3 Enter the required number of IP addresses or an IP range The number of IP addresses neededappears above the IP ADDRESSES entry box
The system determines the number of IP addresses needed to ensure that all Aureum componentscan communicate receiving requests and returning responses Addresses can be individual IPaddresses (xxxxxxxxxxxx) an IP address range (xxxxxxxxx - xxx) or an IP address with a wildcard(xxxxxxxxx) Separate the IP addresses with a space comma or newline
Install Aureum | 20
Aureum only supports IPv4 (the dotted quad format) For example
192168100419216810015-2019216873
4 Define the roles of the serversClick the ROLES column entry for a server and configure the servers to support either data accessor search (SolrCloud) While it is possible to configure a server to support both data access andsearch this setting is not recommended for a production deployment
Note Aureum 40 supports SolrCloud clusters with one or three nodes Aureum 40 doesnot support SolrCloud clusters with either two nodes or more than three nodes
5 Define the bonding for the network port cardsYou should see the same speed for all of the network interfaces (NICs) on this server Use the list ofall NICs that are bonded with the interfaces on this server to form your decision Inactive NICs arenoted as sucha) Click the ETHERNET column entry for the server whose bonding to configure
If the column text is red some interfaces are not bonded to the server If the text is blue allavailable interfaces are bonded
b) Place a check mark next to all of the interfaces to bond to this server Remove the check markfor those interfaces you do not want included in the bond
6 Optional Toggle the server beacon on or offBeacon signals guide you to the server in question This is often used when troubleshooting tolocate a specific server in a large group of servers
7 Click CONTINUEWait for the installation wizard to verify that the IP addresses you entered are valid and can beused The system assigns the IP addresses and sets the state to Pending
8 Click START INSTALLATIONThe button changes from START INSTALLATION to INSTALLATION IN PROGRESS The systemassigns the resources to Aureum and determines the necessary number of dedicated nodesneeded for the configuration The progress is displayed but you can also use the Log link to followindividual progress If some of the servers are not yet ready wait a few moments and retry
The installation process will take some time typically 10 to 20 minutes When complete the IPaddress in the browser will switch from the local IP of your workstation to the Aureum IP addressthat was entered earlier This signals the transition from the AMS you launched earlier (samsp) to theintegrated PMT that is now running on Aureum
The next step is to create a default storage class
Create a Default Storage ClassA storage class groups and manages data hyperservers with similar replication factors capabilitiesand performance configuration
You must configure at least one storage class to use as the default during the initial Aureumconfiguration You can create more storage classes at any time as long as you have the resourcesnecessary
1 You are presented with the create Initial Storage Class option2 Enter the required information to create the storage class
a) Type a name for the storage classClass names can be up to 14 text characters
b) Define the performance levelPerformance levels based on throughput and seek time Select the paired setting that is best foryour expected usage For the widest option select ldquoAnyrdquo
c) Set the replication factor
Install Aureum | 21
Remember all hyperservers assigned to this storage class will use these settings
Note You must include at least the same number of resources to create the specifiedreplication factor For example you cannot have a replication factor of three in anAureum system with only two servers
Because each replication requires some amount of storage the replication factor selectedaffects the amount of total storage available
Tip The Aureum data space is partitioned through all the data-capable hyperserversEach hyperserver can be configured to offer a specified replication factor This lets youstore vital data with high redundancy while more transient data can skip replication inorder to optimize storage and performance costs
d) Optional Enable flexible space allocationEnabling flexible storage space allows the members of the storage class to consume thecapacity needed When more storage space is needed more is allocated automaticallyregardless of the initial allocation Peaxy recommends this option for general use Some casesmight have different needs
e) Optional To make this the default storage class select YESAll data that does not meet the conditions in a specific data policy will be stored on the defaultstorage class (See data policies in the Aureum Administrator Guide)
3 Click CREATE STORAGE CLASS4 To complete the initial installation and configuration click FINALIZE AUREUM then click YES to
confirm the configuration is correct
Important After you click FINALIZE you must wait for the health indicator on the Aureumcard or list turn green before using Aureum
The Aureum installation is complete and the PMT shows the main Aureum window To configureadditional Aureum storage classes and data policies and to understand how to monitor Aureum seethe Aureum Administrator Guide
Define Outgoing Mail SettingsIn order for Aureum to send email notifications and provide lost password recovery you must tellAureum how to send email alerts
Important Configure outgoing email settings as soon as reasonably possible If you lose orforget your password Aureum cannot send reset instructions until you configure the emailsettings
1 Select EMAILER CONFIG from the SETUP WIZARD pane or from the Navigation menu select EMAILER
2 Type the email (SMTP) server to use when sending the emailThe email server must be accessible from Aureum
Install Aureum | 22
3 By default the system uses port 587 This is usually the right setting Only change the EMAILSERVER PORT if your organizations SMTP server requires it
4 Enter a valid user account and password that Aureum will use to send email from this server5 Optional SEND FROM is required only if your email server requires Transport Layer Security (TLS)
If this is the case type the SEND FROM email addressGenerally the recommended SEND FROM address is a working system administrator account
6 Click SAVE
Create a Client Registration UserThe Aureum client registration user and password allow client authentication at mount time
This allows you to create a custom account for authenticating client mounts
1 Click REGISTRATION2 Type a name for the user This will be the username that is authorized to type in the registration
password when an Aureum client is installed3 Type the client registration password This password is used to register the Aureum client for
authentication at mount time4 Click SAVE
Configure SecurityDefine define the level of security for client communication
1 Click SECURITY LEVEL2 Slide the controller to the level of security your data will use
3 Click ACCEPT
ConnectAn Aureum client mounts Aureum and allows access to folders and files Peaxy provides clientsoftware for Linux users and allows Windows users to access Aureum through a Windows share
The Linux-based client uses a FUSE component to remotely access Aureum services Almost all Linuxinstallations include FUSE so you should not need to do anything extra
The Aureum client has a small footprint A very limited set of memory and CPU cycles are needed toperform the client functions Also the Aureum client can be used concurrently with other clients forNFS and other network file systems
When you install the client the client drivers are added to the default system directories To accessthese directories use the mount command (more commonly known as mapping a drive in Windows)to mount the client to the directory
Install Aureum | 23
Mounting a client to an Aureum directory loads all the data structures necessary for the client tointeract with Aureum As the structures change Aureum updates them In order for a client to accessAureum all that is necessary is that the client know the IP address or URL to which the client willconnect and the client-Aureum registration password
Also available is the ability to join a Windows domain and create domain-authenticated users who canaccess different areas of Aureum
Linux Client-Aureum RegistrationThe minimum security level for Aureum is the authenticated mount To ensure that unauthorized usersdont gain access to data Peaxy provides an authenticated mount between Aureum Linux clients andAureum using certificates and registration
Note The process described in this section applies to Linux clients Windows domains userswith credentials from an Active Directory access Aureum through a Windows share
Security is always an important part of any system that provides data access especially when theaccess spans many users and locations Peaxy provides a registration process where the clientand server exchange certificates which are used to authenticate subsequent connections Theregistration provides a mutual authentication method between the client and Aureum allowing theclient access Only authenticated clients are allowed to mount Aureum Other clients cannot use thesame authentication as part of the certificate registration Aureum generates a client key pair that isunique to each client-Aureum connection
How It WorksThe AMS requires a dynamic registration at the initial mount time As part of the registration Aureumgenerates a key pair unique to each client This key pair is persistent so you do not need to re-register the client each time you mount Aureum
This initial registration is required the first time the client mounts Aureum and requires a specialregistration password that is unique to Aureum This password is entered by the Aureum administratorat the workstation on which the client is installed Subsequent client mounts use the client certificateissued during registration
Security LevelsAureum offers varying levels of security
The security level is visible on the Aureum card or list and is indicated in the SECURITY section by thenumber of total locks that are green Gray locks indicate how many additional security levels you canselect For example if there are four total locks and three are green your current security level is 3Message Integrity
bull Data Confidentiality all data in and out of Aureum is verified and encryptedbull Message Integrity message authentication codes verify message integritybull Kerberos Authentication use the Kerberos authentication protocol as the mechanism for
authentication between a client and a server or between one server and another serverbull Authenticated Mount use X509 certificates to mutually authenticate and validate all Aureum
clients and hyperservers in Aureum
Create an ExportCreate an export to allow Linux clients to mount and access Aureum
1 From the Navigation menu select SECURITY gt EXPORTS2 Type the export name3 In the EXPORT CONTENT IN field choose the data class to export
The IN DIRECTORY field automatically populates with the path specified by the chosen data classYou can extend this path but you cannot shorten it For example if the data class specifies the
Install Aureum | 24
engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the export5 Click CREATE6 To edit or delete an export click the corresponding entry in the list
bull To edit the export make the changes needed in the edit panel and click SAVE CHANGESbull To delete an export click the corresponding trash can icon ( ) and confirm the deletion
Install a Linux-based Aureum ClientYou install the Aureum client on physical hardware or on a workstation in the cloud Use the client tomount and access Aureum directories
Before installing the client make sure that your system meets the minimum requirements describedin the Requirements section of this document
Note Aureum uses FUSE in Direct IO mode for better performance The version of FUSErunning on older versions of CentOS Red Hat Enterprise Linux doesnt support mmap whenFUSE is being used this way This might cause some mmap functions such as ACCESS_WRITEMAP_SHARED and PROT_WRITE to fail You can use the mount flag --disable-direct-io-mode to disable Direct IO mode
If you choose to use Direct IO mmap will be disabled on CentOS56 and 57 since those versionsdont support mmap with direct IO Enabling this option will result in a significant performancedegradation on clients using this option Peaxy strongly recommends that you upgrade to a newerversion of Linux
Ensure FUSE and its dependencies have been installed on each client If it has not been installedinstall FUSE according to the instructions for the package you chose On CentOS for example installthis by typing
sudo yum -y install fusex86_64 fuse-develx86_64 fuse-libsx86_64
The version numbers for your installation may differ
If you have installed a version of the fuseko module that is not the Peaxy-specific version runadditional commands at the end of the installation process This prevents kernel-oops messages fromconsuming all of the space in the varspool directory These messages indicate a benign conditiondue to a Linux FUSE problem
Run the following commands
chkconfig --levels 2345 abrt-oops off service abrt-oops stop
Note The client installation sets the following values automatically
Parameter Value set to
netipv4tcp_tw_recycle 1
netipv4tcp_fin_timeout 2
netcorewmem_max 2097152
netcorermem_max 2097152
netcorewmem_default 2097152
netcorermem_default 2097152
Install Aureum | 25
1 Download the Aureum client file from the support section of the Peaxy website at wwwpeaxynetsupport (login is required)The file is downloaded as a targz package and contains an installer It has a name similar tohfclient-fuse-400ltbuildnumbergttargz
2 Unpack the distribution file by typing the following
tar -zxvf hfclient-fuse-400ltbuildnumbergttargz
You will see something like the following
hfclient-fuse-400hfclient-fuse-400setupshhfclient-fuse-400scriptshfclient-fuse-400scriptsupdatedbshhfclient-fuse-400scriptsc_rehashshhfclient-fuse-400scriptssysctlshhfclient-fuse-400scriptsunregshhfclient-fuse-400scriptsconfshhfclient-fuse-400binhfclient-fuse-400binfusehfCentOS-5xhfclient-fuse-400binfusehfhfclient-fuse-400confhfclient-fuse-400confhfconftgz
3 While logged in as root run setupsh installThe driver files are installed in the default system directories You will see something similar to thefollowing
sudo setupsh install
Installer for Peaxy Aureum Client version 40
Checking package contentsInstalling hf client binariesremoved `optpeaxy-40sbinfusehf`binfusehf -gt `optpeaxy-40sbinfusehfInstallation complete
Mount Aureum
Mount Aureum (Linux)After the client is installed use the mount command to mount Aureum
At a command prompt type
sudo mkdir -p ltmnt_pointgtsudo mount -t fusehf hfltmgmt_ipgt ltmnt_pointgt -o user=ltclient registration usernamegt
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is thedirectory that will serve as your local mount point for example mntpeaxy
If you omit -o user=ltclient_user_namegt you would be prompted for the password associatedwith the local admin account to complete the client registration Best practice is to always create aclient registration account and use that password
The first time you mount the client to Aureum you will be prompted for a registration passwordto allow client-Aureum authentication Type the client registration password Otherwise youradministrator must do this for you
Peaxy strongly recommends that you change the password often especially after typing the passwordfor a client registration
If you or your IT administrator have associated a DNS entry with the Aureum IP address you mightwant to use the DNS name as the name for your mount point
Install Aureum | 26
To configure the Aureum client to automatically mount on startup locate the etcfstab file andadd the line
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults 0 0
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is the localmount point for example mntpeaxy
Note If you are running CentOS 7 change this line to add the _netdev flag as below
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults_netdev 0 0
You can now use the Aureum client to access Aureum
Unregister a Linux Client from AureumYou can securely unregister an installed FUSE client from the Aureum system that it mounts
Removing the registration renders the client unable to access Aureum If you use the all option youwill need to perform a new registration setup before you can mount Aureum again
Unregistering a client is done by running the unregsh script Use the following procedure tounregister the client
1 On the workstation running the client open a command prompt2 Move to optpeaxybin the location of the script3 Run the script
bull Type sudo unregsh ltAureumgt to unregister the client from a specific Aureum systemReplace ltAureumgt with the Aureum system to unregister
bull Type sudo unregsh all to unregister the client from all Aureum systems on which theclient is registered
Note Peaxy strongly recommends using the all option before you decommission aclient workstation
Windows ConfigurationDomain users with credentials from an Active Directory can access Aureum through a share
After Aureum joins a domain it sets up network shares for chosen directories (including all containedsubdirectories) To domain users these shares look the same as any other folder that is accessible viathe network
Unlike an Aureum client which mounts to the root of the volume a share allows a user to exportsubdirectories for more granular access
Where to Find ItFrom the Navigation menu select SECURITY gt DOMAINS and SECURITY gt SHARES
Join a DomainBefore you can create a share you must join a Windows domain
You can pre-create a machine account in an Active Directory under a specified OU If you choose notto do so Aureum will try to add a computer account to the default location of ldquoComputersrdquo
Important If Aureum is already joined to a domain joining another domain will replace thejoin not add to it Aureum will only be joined to the most recently joined domain
1 From the Navigation menu select SECURITY gt DOMAINS2 Type the complete Windows domain to join for example engexamplecom3 Type the username with access to the domain The user must have the necessary permissions to
join Aureum to the domain4 Type the password associated with the username or access to modify an object in the OU if the
machine account was pre-created
Install Aureum | 27
5 In the NETBIOS NAME field set the Aureum computer account name you wish to be created in theActive Directory If Aureum is using a pre-created machine account in a specific OU then the nameyou specify here must match that name exactly
6 Click JOIN
After the domain has been joined the JOIN button changes to LEAVE To leave the domain clickLEAVE
Create a ShareCreate a share to allow Windows users to connect to Aureum
Before you can create a share you must join the appropriate domain
1 From the Navigation menu select SECURITY gt SHARES2 Type the name of the share3 In the SHARE CONTENT IN field choose the appropriate data class
The IN DIRECTORY field automatically populates with the path specified by the chosen data classYou can extend this path but you cannot shorten it For example if the data class specifies the engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the share5 Click CREATE
6 To edit or delete a share click the share to be modified
bull To edit the share make the changes needed in the edit panel and click SAVE CHANGESbull To delete the share click the trash can icon ( ) and confirm the deletion
Mount an Aureum Windows ShareDomain-authenticated users can mount and access Aureum directories using a share
After Aureum has been joined to a domain and the share has been created you can easily mount tothe share
The exact mount process is based on your workstation OS
Install Aureum | 28
If you do not already know it you can determine the mount point from Aureum by navigating to theJOIN DOMAIN page and using one of the listed public IP addresses as the mount point Include theshare name when mounting
Peaxy recommends that you take the list of public IP addresses and enter them into your DNS serverlisted under the Aureum NetBIOS name within the appropriate domain In cases where multipleaddresses are used the DNS server automatically round-robins the returned address This ensure thatclient connection load is distributed across the available nodes
As a Windows example to mount a drive letter to Aureum Type
net use ltdrive_lettergt ltpublic addressgtltshare namegt
where ltdrive_lettergt is the drive letter to assign to Aureum ltpublic_addressgt is the IP address usedto join the domain and ltshare_namegt is the share
You then log into the share using your domain-authenticated username and password For exampleMYDOMAINmyname
After mapping the drive access Aureum through Windows Explorer just like you would any otherdrive
If the share does not appear in the Windows Explorer after a change such as a system reboot occursrefresh the view using the Refresh icon ( ) The share should display correctly
You do not have to assign a share to a drive letter however In Windows Explorer type the public IPaddress and share name into the address bar Provide your username and password
POSIX ComplianceAureum provides a POSIX-compliant interface
Most of the Aureum interfaces are POSIX compliant and adhere to the IEEE standard The following isa list of exceptions to compliance
bull The directory nlink count is not incremented when a subdirectory is addedbull inode retention differs from the POSIX specification because there is no way to retain the original
inode number when a rename entails a move to a different device You can display the datahyperserver extent ID instead of the namespace hyperserver Node ID to the caller in the statfamily of calls This does not change when a file or directory is renamed It does change if the file ismigrated from one data hyperserver to another
bull If two mount points are held to the same Aureum and a file is closed on one Aureum does notremove a fcntl lock for the same file on another This is a variance on the way that NFS worksThe internal locking structures take into account the client ID which varies depending on the clientmount If there are two different mounts to a server Aureum treats them as separate machineswhich NFS does not
bull The file locking call flock() is emulated using POSIX byte range locks (fcntl() ) The POSIXcompliance specification does not cover flock() This implementation mirrors the behavior ofNFS The Aureum behavior is slightly different and varies from the POSIX specification as follows
1 As in NFS you must have write permissions to get a write lock2 As in NFS you cannot place both flock() and fcntl() locks on the same file as these locks
will conflict3 An flock() will not inherit across forks4 The flock() will be durable against other file closes but fcntl() locks will not behave within
the POSIX specification5 As well as being removed by an explicit f_unlock record locks are automatically released
when the process terminates or if it closes any file descriptor referring to a file on which locksare held This means that a process can lose the locks on a file like etcpasswd or etcmtab if a library function opens reads and closes it
Information and ResourcesThe latest news and information can always be found on the Peaxy website
Peaxy provides documents that are designed for different audiences These documents furnish acomprehensive explanation of Aureum and how to use it Additionally information is available fromtooltips Each field has a tooltip that adds explanations and any limitations for the item
The most current and accurate information available was included at the time this document wasprepared However changes may occur after the document is released Always read the ReleaseNotes for the most current information
Aureum Installation GuideA step-by-step guide to installing and configuring Aureum into your network
Aureum Administrator GuideA guide to understanding the Aureum architecture Provides details for planning configuring andmonitoring your implementation
Quickstart SeriesA series of two-page guides providing an abbreviated set of instructions for Aureum tasks Theycan be taken in order or used as reminders for individual tasks
Tech NotesSome technical issues are outside the scope of the regular documentation These are presented asTechnical Notes
Contact Peaxy9 am to 5 pm Pacific Standard Time
Main +1 (408) 441-6500
Support +1 (408) 763-3700
By phone
Support toll free US only +1 (844) 277-3299
General information infopeaxynet
Sales salespeaxynet
Support supportpeaxynet
By email
Documentation feedback feedbackpeaxynet
Online wwwpeaxynetsupport (login required)
Peaxy Inc
2380 Bering Dr
By mail
San Jose CA 95131 USA
LegalPeaxyreg and Aureumtrade are registered trademarks of Peaxy Inc
All other trademarks belong to their respective companies
CopyrightsThis document is copyright copy 2016 Peaxy Inc
Aureum software includes portions of the following
bull Amazon Web Services (AWS) Java SDK httpsawsamazoncomsdk-for-java and httpawsamazoncomapache-2-0
bull Apache License Version 20 January 2004bull BEOPEN PYTHON OPEN SOURCE LICENSE AGREEMENT VERSION 1bull BSD 3bull crc32 routine COPYRIGHT copy 1986 Gary S Brownbull Element Tree used under the Python licensebull Erlang Public License (EPL) a derivative work of the Mozilla Public License Now provided under
the Apache 20 licensebull GoogleAuth httpsgithubcomwstrangeGoogleAuthbull GNU Lesser General Public License Version 3 Copyright copy 2007 Free Software Foundation Inc
and GNU Lesser General Public License Version 21 Copyright copy 1999 Free Software FoundationInc
bull Samba is Free Software licensed under the GNU General Public License httpswwwsambaorgsambadocsGPLhtml the Samba project is a member of the Software Freedom Conservancy
bull JSON-C Copyright (c) 2009-2012 Eric Haszlakiewicz and Copyright (c) 2004-2005 MetaparadigmPte Ltd
bull Kerberos Copyright copy 1985-2009 now under the MIT 2 licensebull libcurl Copyright (c) 1996 - 2015 Daniel Stenbergdanielhaxxsebull lshow used under the GPL licensebull MIT (X11) Copyright copy 2007-2015bull RIAK Creative Commons (httpcreativecommonsorg licensesby30)bull Goldrush Copyright copy 2012 Magnus Klaarbull Meld Under ZPL licensebull NSIS (Nullsoft Scriptable Install System) copy 1999-2013bull OpenSSL License Copyright (c) 1998-2016 The OpenSSL Project and Original SSLeay License
Copyright (c) 1995-1998 Eric Youngbull Protobuf Copyright 2008 Google Inc now under the BSD 3 licensebull Setup Tools (setuptools-06c11) Under ZPL licensebull Sodium crypto library (libsodium) ISC license Copyright (c) 2013-2015 Frank Denisbull Solr the Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull TCL Copyright copy Regents of the University of California Sun Microsystems Inc Scriptics
Corporation and other partiesbull The Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull The Apache Tika project Copyright copy The Apache Software Foundationbull VirtualBox Copyright copy 2007 Oracle Corp as part of the GNU GPL V2 Licensebull YAWS Copyright copy 2006 Claes Wikstrom now under the BSD licensebull Apache zookeeper Under the Apache 2 license
Index | 35
Index
bdl license file 18
img 12
MD5 12
zip 12
A
access directories 24Active Directory 26add
resources 19servers 19
Admin 17administrator 17AMS 12 14 15 16Aureum IP address 11Aureum Manager 6 12 14Aureum name 18Aureum overview 5average file size 18
B
beacon turning on or off 19BIOS 15bonding network interface 19bootable USB 12 14browser 15button color 17
C
capacity 10 19CentOS 10checksum 12client registration 22clients 22configuration 11configure email 21connect 22contact 31create
export 23share 27
create Aureum 15create storage class 20
D
dedicated capacity 20dedicated nodes 5default storage class 20directory access 24discover resources 12 14 19discovery state Aureum nodes 12 14disk space required 10DNS server 11DNS servers 18documentation 31domain-authenticated user
domain 27
domain-authentication 22domain suffix 11download images 14
E
editsecurity level 22
emailer settings 21Ethernet
interface 10switch 10
exportCIFS 23create an export 23
F
files needed 12 14firewall 12flexible capacity 20flock 29FUSE 10
G
gateway 11 18
H
hardware requirements 10how to reach Peaxy 31
I
image copier 12 14import a license 18initial configuration 18inode retention 29install
client 24Linux client 24
introduction 5iptables 16
J
javarequired version 12 14
javaw 14
K
Kerberos 22 22 23
L
legal 33levels of security 23license files 18licenses 18
Index | 36
Linux client install 24localhost 15location 18
M
maintenance agreement 18management IP 15mapping 22mount Aureum 24 27mounting 22 22
N
namespace 18Navigation menu
configuration 11security 22
netBIOS 22NIC 19NTP server 11 18
O
outgoing email 21overview
architecture 6Aureum building blocks 6components 6
P
password 17password limitations 17ports 12POSIX compliance 29primary domain 18primary domain suffix 11
R
RAM requirements 10realms 22reboot 12 14recommended configuration 10Red Hat Enterprise Linux 10replication factor 11 18 20resources
needed 10run setup 16
S
samsp 12 14 16security 22 23security levels
security 22 23select the license 18SElinux 16sestatus 16set performance levels 20settings 11setup 16share
CIFS 27
create a share 27Share 26SMTP 17 21software files 14space needed 10storage class creating default 20subnet mask 11Support hours 31
T
tar ball 24time server 18time zone 11 18
U
USB 15USB stick 10 12 14user account 17
V
virtualization 6 15
W
what youll need 11Windows
domain 26join a domain 26share 27
Windows client 10
Y
yum 24
Install Aureum
In this section
bull Resource Requirementsbull Aureum Configuration Settingsbull Port Requirements and
Firewall Settingsbull Prepare Aureum Installation
Resources (Linux)bull Prepare Aureum Installation
Resources (Windows)bull Install the Softwarebull Continue the Installationbull Create an Admin Accountbull Import an Aureum Licensebull Provide Aureum Informationbull Add Resourcesbull Create a Default Storage
Classbull Define Outgoing Mail Settingsbull Create a Client Registration
Userbull Configure Securitybull Connect
Make sure you have sufficient resources for the Aureum system youare creating After the hardware is racked and accessible to thenetwork use the Aureum manager to create the system
Install Aureum | 10
Resource RequirementsThe requirements for the hardware are minimal and depend on the Aureum configuration you define
The software installation image is self-contained and does not have outside software requirements
Minimum Hardware Requirementsbull Three or more servers compatible with Red Hat Enterprise Linux version 7 64-bit 1
bull Each server should have a minimum of 24 GB RAM and one core per physical device (diskLUN)bull One or more 1 or 10 Gigabit Ethernet connectionsbull One 2 GB USB stick per serverbull One available USB port on each server
Important If you are planning replication you can replicate across only same-sized drives Forexample replication must be between multiple 1 TB drives or between multiple 2 TB drivesand so on
Aureum SolrCloudCompute Node Requirementsbull 4 or more CPU coresbull 64 GB RAMbull 1 TB local storage
Aureum FUSE Client RequirementsAureum clients may be run on either physical or virtual machines and can use either 1 Gigabit or 10Gigabit Ethernet connections
Additionally the client requires
bull 1 or more CPU coresbull 2 GB RAMbull Red Hat Enterprise Linux version 5 6 or 7 64-bit or CentOS 5 6 or 7 64-bit or laterbull FUSE (the Linux File System in User Space)
Aureum Windows Client RequirementsAureum clients may be run on either physical or virtual machines and can use either 1 Gigabit or 10Gigabit Ethernet connections
Additionally the client requires
bull 1 or more CPU coresbull 2 GB RAMbull a supported operating system
2008 SP2 x86 and 64-bit
2008 R2 64-bit
2012 64-bit
Windows Server
2012 R2 64-bit
Vista x86 and 64-bit
Windows 7 x86 and 64-bit
Windows 8 x86 and 64-bit
Windows
Windows 81 x86 and 64-bit
1 The complete list of compatible hardware is available at httpshardwareredhatcom
Install Aureum | 11
Windows 10 x86 and 64-bit
Aureum Configuration SettingsConfiguration settings are needed to install and configure Aureum There can be additional optionalsettings
Table 1 General and Network Settings
Item Description Example
Aureum name Names can be up to 14 alphanumeric characters and cancontain dashes (-) and underscores (_)
Aureum_One
Aureum IPaddress
This is a floating IP address that is used for communicationto and from Aureum Communication can be donethrough the Aureum IP address Peaxy recommendsthat organizations create a DNS entry for Aureum that ismapped to the IP address allowing you to refer to Aureumby a more meaningful name
10213119
IP addresses A list of IP addresses or one or more ranges of IPaddresses that the configuration wizard can use to assignIP addresses to discovered hypervisors If you includemultiple ranges the Aureum manager will use all availableIP addresses in the first range before moving to thesecond
151145011715114520 - 94
Gateway Aureum needs to be assigned a default gateway addressThe gateway is used by each hypervisor and node thatcomprises Aureum
1721601
Subnet mask All hypervisors making up Aureum must reside in the samesubnet This is defined by the subnet mask
25525500
DNS domainsuffix
Working with the DNS server the domain suffix identifiesthe server within a smaller network (like a computer lab)
peaxynet
DNS server list A list of up to three DNS servers to use 55219208672222228888
Time zone The time zone to use (UTC-800) Pacific
NTP server The IP address of the network time protocol (NTP)server that Aureum should use to coordinate time acrossthe entire namespace even if the servers within thenamespace are in disparate locations This can be criticalwhen Aureum needs to compare timestamps
0poolntporg1poolntporg
Averageexpected file size
The selection here is used by the system to determine themost efficient ratio of namespace hyperservers to datahyperservers
bull Small files (less than 1MB)bull Medium files (less than 20MB)bull Large files (greater than 20MB)bull A mixture of file sizes
Large files (greaterthan 20MB)
Replication factor The number of replicas created for data when the filesare assigned to a particular storage class Setting thereplication factor to 2 indicates that the original and one
2
Install Aureum | 12
Item Description Exampleadditional replica of the data are saved providing higheravailability Valid options are 2 3 and 4
Use the appropriate replication factor for each storageclass to implement the best level of protection for criticaldata and to limit wasted consumption for sandboxes andother nonessential data For data that is not critical or forsandboxes you can choose a lower replication factor Usea high replication factor for data that is critical or accessedoften
Table 2 Emailer Settings
Item Description Example
Email server The name of the email server This is usually an SMTPserver
smtpgmailcom
Server port By default port 587 is used Only change this if corporateor security requirements demand it
587
Email serveraccount
Enter a valid email account Aureum uses this account tosend email notifications and replacement passwords
memycompanycom
Password The password that is associated with the valid emailaccount
Send from Only change this if your SMTP server allows it and yourcorporate requirements demand it Normally only serversusing TLS require this entry
memycompanycom
Port Requirements and Firewall SettingsBecause Aureum uses the network for traffic specific ports must be available
The following table describes the ports that must be open for Aureum traffic and client connections
Port Type Used for
53 DNS DNS
443 TCP Encrypted traffic
514 UDP Log Server
3033 TCP Statistic collection
8001 TCP Analytics server
8080 HTTP Windows client
8443 TCP Encrypted traffic
10011 UDP LinuxFUSE client
Prepare Aureum Installation Resources (Linux)The software is installed on each server resource that will become part of Aureum Aureum ishardware agnostic but there must be adequate resources to complete the installation Each serveruses a USB stick to install the software
Make sure that you have the required basic resources described in Resource Requirements Downloadthe software files from wwwpeaxynetsupport A login is required
Install Aureum | 13
1 Download the software installation files
bull Release-ltreleasenumbergtimg is the image to be copied to a USB stick that will initializethe hardware
bull Release-ltreleasenumbergtmd5 is the checksum file that validates the validity of the imagebull samsp-ltreleasenumbergtzip is a compressed file that contains the utilities to move the
image to the USB stick and for the initial configuration of Aureumbull The Aureum client file
bull hfclient-fuse-ltreleasenumbergttargz - the Aureum Linux client installation file2 From a command prompt on your workstation uncompress the installation files Type
sudo unzip samsp-ltreleasenumbergtzip -d tmp
3 As root launch the image copier Double click img-copiersh and click Run on the dialog thatappears
4 Browse to the software image you downloaded (the img file) and select this file
5 Type a label for the USB sticks
The label is used to identify the system during the initial installation and becomes the name of theserver on which it is installed If you use the same label on different sticks the software will add anumeric suffix when creating the host name for example HOST-01 HOST-02 and so on Labelscannot exceed 16 charactersYou can provide a different label for each USB stick but to do so you must copy the image file toeach stick individually
6 Insert the USB sticks into a port on your workstation or a hub connected to your workstation andthen click REFRESH to make them visible to the image copier tool Select the sticks you want fromthose displayed in the destination drives list The USB stick must be at least 2 GB
7 Leave Verify copy operation enabled Peaxy strongly recommends that you do not skip this step
Install Aureum | 14
Depending on the speed on the USB sticks it can take several minutes to complete theverification
8 Enable hypervisor protection if requiredEnable hypervisor protection if the underlying storage consists of non-redundant JBOD (acollection of hard disks that have not been configured to act as a RAID) This creates a softwareRAID 5 configuration for the container store used by AureumYou can disable hypervisor protection if you have a hardware RAID under the disk volumes Thisallows Aureum to use a higher-performing RAID 0 configuration instead
9 Click START10After the copy is complete click EXIT and remove the USB sticks from the workstation or USB hub
The USB stick now contains a bootable image of the Aureum installation software
Prepare Aureum Installation Resources (Windows)The software is installed on each server resource that will become part of Aureum Aureum ishardware agnostic but there must be adequate resources to complete the installation Each serveruses a USB stick to install the software
You must have administrator permissions to install the Aureum software
Your workstation must be running the Java Runtime Environment (JRE) 17 or higher installed in orderto run the image copier
Make sure that you have the required basic resources described in Resource Requirements Downloadthe software files from wwwpeaxynetsupport A login is required
1 Download the software installation files
bull Release-ltreleasenumbergtimg is the image to be copied to a USB stick that will initializethe hardware
bull Release-ltreleasenumbergtmd5 is the checksum file that validates the validity of the imagebull samsp-ltreleasenumbergtzip is a compressed file that contains the utilities to move the
image to the USB stick and for the initial configuration of Aureumbull The Aureum client file
bull hfclient-fuse-ltreleasenumbergttargz - the Aureum Linux client installation file2 On your Windows workstation move to the location of the zip file and unzip the file using any
uncompression program3 Move to the location of the uncompressed file and double-click the executable to start the
installation4 With administrator privileges launch the image copier Double-click img-copierbat
Install Aureum | 15
If the image copier does not launch properly you might need to add javaw to your path Refer toyour Windows Operating System help for instructions
5 Browse to the software image you downloaded (the img file) and select this file then click Run6 Type a label for the USB sticks
The label is used to identify the system during the initial installation and becomes the name of theserver on which it is installed If you use the same label on different USB sticks the software willadd a numeric suffix when creating the host name for example HOST-01 HOST-02 and so onLabels cannot exceed 16 charactersYou can provide a different label for each USB stick but to do so you must copy the image file toeach stick individually
7 Insert the USB sticks into a port on your workstation or a hub connected to your workstation andthen click REFRESH to make them visible to the image copier tool Select the sticks you want fromthose displayed in the destination drives list The USB stick must be at least 2 GB
8 Leave Verify copy operation enabled Peaxy strongly recommends that you do not skip this stepDepending on the speed on the USB sticks it can take several minutes to complete theverification
9 Enable hypervisor protection if requiredEnable hypervisor protection if the underlying storage consists of non-redundant JBOD (acollection of hard disks that have not been configured to act as a RAID) This creates a softwareRAID 5 configuration for the container store used by AureumYou can disable hypervisor protection if you have a hardware RAID under the disk volumes Thisallows Aureum to use a higher-performing RAID 0 configuration instead
10Click START11After the copy is complete click EXIT and remove the USB sticks from the workstation or USB hub
The USB stick now contains a bootable image of the installation software
Install the SoftwareThe installation software on the USB stick installs the Peaxy software and lets you create Aureum
1 Insert one prepared USB stick into each server Servers must have a console attached or beaccessible via an IPMI management tool
Install Aureum | 16
2 Apply power to the servers either individually or with a few seconds in between to complete the
next steps
Note If you have already configured your server to boot from USB skip steps 3 4 and 5
3 Enter the server BIOS and instruct the server to boot from the USB stickThe method used to enter the BIOS depends on the server
4 Ensure that the virtualization setting is enabled in the BIOS5 Save the BIOS changes and reboot the server from the USB stick
After the server has booted from the USB stick and launched the installation software you will seea message at the bottom of the screen telling you that the server is being prepared for installationThis boot process has placed the servers in a discoverable state this plays a role in the nextphase of the installation process
Continue the InstallationAfter the servers have been prepared and the software has been installed begin the configuration
1 On your workstation disable the firewall
On Red Hat Enterprise LinuxCentOS 7 systems use the following commands
systemctl stop firewalld
systemctl disable firewalld
On other Linux-based operating systems use the following commands
service iptables stop
service ip6tables stop
chkconfig ip6tables off only include this command if you want to permanently turn thefirewall off
chkconfig iptables off only include this command if you want to permanently turn thefirewall off
2 On your workstation disable SElinuxYou can check the status of SElinux with sestatus The result should appear as SELinuxstatus disabledIf you do not see disabled
1 Edit etcselinuxconfig and set the SELINUX variable to disabled2 Reboot your client workstation
3 On the workstation launch the Aureum installation management tool Type
sudo tmpsamsp-400ltversiongtsamspsh
Install Aureum | 17
You should see something similar to the following
Launching Management Server Platform version 400rootOpen your browser and enter the URL httpslocalhost to continueDo not terminate samsp it is required to complete cluster configurationYou can view tmpsamsp-40010872logmsplog for detailed progress activity
Important Do not terminate samsp because it is needed to complete clusterconfiguration
4 Open a browser and type
httpslocalhost If you are running the browser on the same workstation running the stand alone MSP orhttpsltip addressgt IP address of the workstation running the standalone MSP
This launches the Peaxy Management Tool If prompted accept the self-signed Peaxy certificate
After the initial setup is complete the IP address changes in the browser address bar This isexpected and correct behavior Now the installation portion of the AMS exits and the integratedAureum manager becomes active
In the next step the Aureum manager guides you through the initial configuration process
Create an Admin AccountThe first step in configuring a new Aureum system is to supply the details for the Admin account Afterthe installation process is complete and Aureum is up and running the Admin account is used to loginto the Aureum web UI (PMT) to perform additional administration tasks such as creating other useraccounts and a client registration password
Important The Admin account has access to critical areas of Aureum Ensure that the Adminaccount is secure
1 Type an email address for the accountThe AMS verifies that the email address is formatted correctly but does not check the validity ofthe email address itself This is the email address to which emails are sent
Note When setting the outgoing mailer settings the use of a customized email addressis highly dependent on the mail server While it might be possible to use a custom emailSEND FROM address many mail servers (such as Gmail) do not allow sending email usinganything other than the registered user account name
2 Type a user name for the accountThe user name must be between 3 and 32 characters and can contain letters numbers dots ()and at signs ()
3 Type a password to be associated with the user name in the previous stepPasswords are case sensitive and should be secure Best practice shows that you should changepasswords regularly
4 Confirm the password by retyping the password exactly as you entered it aboveWhen all of the fields are complete and have the correct format the SUBMIT button turns fromgray to blue
5 Click SUBMIT
The user account information is now created and stored
Important Set up the outgoing emailer settings as soon as possible after completinginstallation of Aureum If you forget or lose your password Aureum cannot send you a newone until the outgoing email is configured
Install Aureum | 18
The next step is to import the Aureum license
Import an Aureum LicenseImporting the license for an Aureum instance activates the Peaxy software License types are assignedto the Admin account that you created at the beginning of the installation
Before you create an Aureum system make sure that you have received your license from Peaxy andthat the license details are correct
Each time you create an Aureum instance you must import a license
1 Select the license to import or drag it onto the files areaThe license is a bdl file that contains all of the files needed to install the license
2 Click IMPORT3 The system installs the license and continues to the next step
Provide Aureum InformationDefining a few basic configuration items is the first step in setting up Aureum
During the first steps of the initial configuration you provide the basic information needed to createAureum its components and the namespace details
1 Enter the Network settingsa) Enter the gateway addressb) Enter the subnet maskc) Enter the primary DNS domain suffix and up to three DNS server addresses
DNS servers must be entered as IP addresses Each DNS server is on a separate line2 Enter the General settings
a) Enter a name for this Aureum instanceNames can be up to 14 characters and can contain letters numbers dashes and underscores
b) Optional Enter a location for the Aureum system for example ldquodatacenterrdquo or ldquoPhoenixofficerdquo
c) Enter the Aureum IP addressd) Optional Enter up to three NTP servers
Including an NTP server ensures that the time stamp for Aureum is always correcte) Select the time zone to use from the drop-down menu
This ensures that all nodes in Aureum use the same time zone3 Define the Namespace settings
Install Aureum | 19
a) Select the average file size that you expect Aureum to containYour expected average file size selection is used by Aureum to determine the most efficientdistribution of hyperservers Aureum uses the selection you make here to determine theestimated ratio of namespace hyperservers to data hyperservers
b) Set the default namespace replication factor from 2 to 4The namespace replication factor is the number of replicas that Aureum creates for thenamespace
4 Click CONTINUE
Add resources to Aureum You can also click CANCEL to cancel the installation
Add ResourcesResources refer to the physical servers that will make up Aureum These can be any commodity serversuch as a 1U or 2U server with any number and size of disks These resources are used to build thenamespace and data hyperservers that form the heart of a running Aureum system
Note After a resource has been added Aureum claims the complete resource Unusedportions of a resource are designated as spares and are used in case of a failure or expansion
1 The system locates all physical servers that have been booted using USB sticks and are currently indiscovery stateYou will see a list of the servers available for inclusion Use the filter to narrow your search by servername
2 Select the servers to add to Aureum
Servers scheduled for selection have a check mark to the left Select the box beside SERVER NAMEto select all servers in the list
3 Enter the required number of IP addresses or an IP range The number of IP addresses neededappears above the IP ADDRESSES entry box
The system determines the number of IP addresses needed to ensure that all Aureum componentscan communicate receiving requests and returning responses Addresses can be individual IPaddresses (xxxxxxxxxxxx) an IP address range (xxxxxxxxx - xxx) or an IP address with a wildcard(xxxxxxxxx) Separate the IP addresses with a space comma or newline
Install Aureum | 20
Aureum only supports IPv4 (the dotted quad format) For example
192168100419216810015-2019216873
4 Define the roles of the serversClick the ROLES column entry for a server and configure the servers to support either data accessor search (SolrCloud) While it is possible to configure a server to support both data access andsearch this setting is not recommended for a production deployment
Note Aureum 40 supports SolrCloud clusters with one or three nodes Aureum 40 doesnot support SolrCloud clusters with either two nodes or more than three nodes
5 Define the bonding for the network port cardsYou should see the same speed for all of the network interfaces (NICs) on this server Use the list ofall NICs that are bonded with the interfaces on this server to form your decision Inactive NICs arenoted as sucha) Click the ETHERNET column entry for the server whose bonding to configure
If the column text is red some interfaces are not bonded to the server If the text is blue allavailable interfaces are bonded
b) Place a check mark next to all of the interfaces to bond to this server Remove the check markfor those interfaces you do not want included in the bond
6 Optional Toggle the server beacon on or offBeacon signals guide you to the server in question This is often used when troubleshooting tolocate a specific server in a large group of servers
7 Click CONTINUEWait for the installation wizard to verify that the IP addresses you entered are valid and can beused The system assigns the IP addresses and sets the state to Pending
8 Click START INSTALLATIONThe button changes from START INSTALLATION to INSTALLATION IN PROGRESS The systemassigns the resources to Aureum and determines the necessary number of dedicated nodesneeded for the configuration The progress is displayed but you can also use the Log link to followindividual progress If some of the servers are not yet ready wait a few moments and retry
The installation process will take some time typically 10 to 20 minutes When complete the IPaddress in the browser will switch from the local IP of your workstation to the Aureum IP addressthat was entered earlier This signals the transition from the AMS you launched earlier (samsp) to theintegrated PMT that is now running on Aureum
The next step is to create a default storage class
Create a Default Storage ClassA storage class groups and manages data hyperservers with similar replication factors capabilitiesand performance configuration
You must configure at least one storage class to use as the default during the initial Aureumconfiguration You can create more storage classes at any time as long as you have the resourcesnecessary
1 You are presented with the create Initial Storage Class option2 Enter the required information to create the storage class
a) Type a name for the storage classClass names can be up to 14 text characters
b) Define the performance levelPerformance levels based on throughput and seek time Select the paired setting that is best foryour expected usage For the widest option select ldquoAnyrdquo
c) Set the replication factor
Install Aureum | 21
Remember all hyperservers assigned to this storage class will use these settings
Note You must include at least the same number of resources to create the specifiedreplication factor For example you cannot have a replication factor of three in anAureum system with only two servers
Because each replication requires some amount of storage the replication factor selectedaffects the amount of total storage available
Tip The Aureum data space is partitioned through all the data-capable hyperserversEach hyperserver can be configured to offer a specified replication factor This lets youstore vital data with high redundancy while more transient data can skip replication inorder to optimize storage and performance costs
d) Optional Enable flexible space allocationEnabling flexible storage space allows the members of the storage class to consume thecapacity needed When more storage space is needed more is allocated automaticallyregardless of the initial allocation Peaxy recommends this option for general use Some casesmight have different needs
e) Optional To make this the default storage class select YESAll data that does not meet the conditions in a specific data policy will be stored on the defaultstorage class (See data policies in the Aureum Administrator Guide)
3 Click CREATE STORAGE CLASS4 To complete the initial installation and configuration click FINALIZE AUREUM then click YES to
confirm the configuration is correct
Important After you click FINALIZE you must wait for the health indicator on the Aureumcard or list turn green before using Aureum
The Aureum installation is complete and the PMT shows the main Aureum window To configureadditional Aureum storage classes and data policies and to understand how to monitor Aureum seethe Aureum Administrator Guide
Define Outgoing Mail SettingsIn order for Aureum to send email notifications and provide lost password recovery you must tellAureum how to send email alerts
Important Configure outgoing email settings as soon as reasonably possible If you lose orforget your password Aureum cannot send reset instructions until you configure the emailsettings
1 Select EMAILER CONFIG from the SETUP WIZARD pane or from the Navigation menu select EMAILER
2 Type the email (SMTP) server to use when sending the emailThe email server must be accessible from Aureum
Install Aureum | 22
3 By default the system uses port 587 This is usually the right setting Only change the EMAILSERVER PORT if your organizations SMTP server requires it
4 Enter a valid user account and password that Aureum will use to send email from this server5 Optional SEND FROM is required only if your email server requires Transport Layer Security (TLS)
If this is the case type the SEND FROM email addressGenerally the recommended SEND FROM address is a working system administrator account
6 Click SAVE
Create a Client Registration UserThe Aureum client registration user and password allow client authentication at mount time
This allows you to create a custom account for authenticating client mounts
1 Click REGISTRATION2 Type a name for the user This will be the username that is authorized to type in the registration
password when an Aureum client is installed3 Type the client registration password This password is used to register the Aureum client for
authentication at mount time4 Click SAVE
Configure SecurityDefine define the level of security for client communication
1 Click SECURITY LEVEL2 Slide the controller to the level of security your data will use
3 Click ACCEPT
ConnectAn Aureum client mounts Aureum and allows access to folders and files Peaxy provides clientsoftware for Linux users and allows Windows users to access Aureum through a Windows share
The Linux-based client uses a FUSE component to remotely access Aureum services Almost all Linuxinstallations include FUSE so you should not need to do anything extra
The Aureum client has a small footprint A very limited set of memory and CPU cycles are needed toperform the client functions Also the Aureum client can be used concurrently with other clients forNFS and other network file systems
When you install the client the client drivers are added to the default system directories To accessthese directories use the mount command (more commonly known as mapping a drive in Windows)to mount the client to the directory
Install Aureum | 23
Mounting a client to an Aureum directory loads all the data structures necessary for the client tointeract with Aureum As the structures change Aureum updates them In order for a client to accessAureum all that is necessary is that the client know the IP address or URL to which the client willconnect and the client-Aureum registration password
Also available is the ability to join a Windows domain and create domain-authenticated users who canaccess different areas of Aureum
Linux Client-Aureum RegistrationThe minimum security level for Aureum is the authenticated mount To ensure that unauthorized usersdont gain access to data Peaxy provides an authenticated mount between Aureum Linux clients andAureum using certificates and registration
Note The process described in this section applies to Linux clients Windows domains userswith credentials from an Active Directory access Aureum through a Windows share
Security is always an important part of any system that provides data access especially when theaccess spans many users and locations Peaxy provides a registration process where the clientand server exchange certificates which are used to authenticate subsequent connections Theregistration provides a mutual authentication method between the client and Aureum allowing theclient access Only authenticated clients are allowed to mount Aureum Other clients cannot use thesame authentication as part of the certificate registration Aureum generates a client key pair that isunique to each client-Aureum connection
How It WorksThe AMS requires a dynamic registration at the initial mount time As part of the registration Aureumgenerates a key pair unique to each client This key pair is persistent so you do not need to re-register the client each time you mount Aureum
This initial registration is required the first time the client mounts Aureum and requires a specialregistration password that is unique to Aureum This password is entered by the Aureum administratorat the workstation on which the client is installed Subsequent client mounts use the client certificateissued during registration
Security LevelsAureum offers varying levels of security
The security level is visible on the Aureum card or list and is indicated in the SECURITY section by thenumber of total locks that are green Gray locks indicate how many additional security levels you canselect For example if there are four total locks and three are green your current security level is 3Message Integrity
bull Data Confidentiality all data in and out of Aureum is verified and encryptedbull Message Integrity message authentication codes verify message integritybull Kerberos Authentication use the Kerberos authentication protocol as the mechanism for
authentication between a client and a server or between one server and another serverbull Authenticated Mount use X509 certificates to mutually authenticate and validate all Aureum
clients and hyperservers in Aureum
Create an ExportCreate an export to allow Linux clients to mount and access Aureum
1 From the Navigation menu select SECURITY gt EXPORTS2 Type the export name3 In the EXPORT CONTENT IN field choose the data class to export
The IN DIRECTORY field automatically populates with the path specified by the chosen data classYou can extend this path but you cannot shorten it For example if the data class specifies the
Install Aureum | 24
engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the export5 Click CREATE6 To edit or delete an export click the corresponding entry in the list
bull To edit the export make the changes needed in the edit panel and click SAVE CHANGESbull To delete an export click the corresponding trash can icon ( ) and confirm the deletion
Install a Linux-based Aureum ClientYou install the Aureum client on physical hardware or on a workstation in the cloud Use the client tomount and access Aureum directories
Before installing the client make sure that your system meets the minimum requirements describedin the Requirements section of this document
Note Aureum uses FUSE in Direct IO mode for better performance The version of FUSErunning on older versions of CentOS Red Hat Enterprise Linux doesnt support mmap whenFUSE is being used this way This might cause some mmap functions such as ACCESS_WRITEMAP_SHARED and PROT_WRITE to fail You can use the mount flag --disable-direct-io-mode to disable Direct IO mode
If you choose to use Direct IO mmap will be disabled on CentOS56 and 57 since those versionsdont support mmap with direct IO Enabling this option will result in a significant performancedegradation on clients using this option Peaxy strongly recommends that you upgrade to a newerversion of Linux
Ensure FUSE and its dependencies have been installed on each client If it has not been installedinstall FUSE according to the instructions for the package you chose On CentOS for example installthis by typing
sudo yum -y install fusex86_64 fuse-develx86_64 fuse-libsx86_64
The version numbers for your installation may differ
If you have installed a version of the fuseko module that is not the Peaxy-specific version runadditional commands at the end of the installation process This prevents kernel-oops messages fromconsuming all of the space in the varspool directory These messages indicate a benign conditiondue to a Linux FUSE problem
Run the following commands
chkconfig --levels 2345 abrt-oops off service abrt-oops stop
Note The client installation sets the following values automatically
Parameter Value set to
netipv4tcp_tw_recycle 1
netipv4tcp_fin_timeout 2
netcorewmem_max 2097152
netcorermem_max 2097152
netcorewmem_default 2097152
netcorermem_default 2097152
Install Aureum | 25
1 Download the Aureum client file from the support section of the Peaxy website at wwwpeaxynetsupport (login is required)The file is downloaded as a targz package and contains an installer It has a name similar tohfclient-fuse-400ltbuildnumbergttargz
2 Unpack the distribution file by typing the following
tar -zxvf hfclient-fuse-400ltbuildnumbergttargz
You will see something like the following
hfclient-fuse-400hfclient-fuse-400setupshhfclient-fuse-400scriptshfclient-fuse-400scriptsupdatedbshhfclient-fuse-400scriptsc_rehashshhfclient-fuse-400scriptssysctlshhfclient-fuse-400scriptsunregshhfclient-fuse-400scriptsconfshhfclient-fuse-400binhfclient-fuse-400binfusehfCentOS-5xhfclient-fuse-400binfusehfhfclient-fuse-400confhfclient-fuse-400confhfconftgz
3 While logged in as root run setupsh installThe driver files are installed in the default system directories You will see something similar to thefollowing
sudo setupsh install
Installer for Peaxy Aureum Client version 40
Checking package contentsInstalling hf client binariesremoved `optpeaxy-40sbinfusehf`binfusehf -gt `optpeaxy-40sbinfusehfInstallation complete
Mount Aureum
Mount Aureum (Linux)After the client is installed use the mount command to mount Aureum
At a command prompt type
sudo mkdir -p ltmnt_pointgtsudo mount -t fusehf hfltmgmt_ipgt ltmnt_pointgt -o user=ltclient registration usernamegt
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is thedirectory that will serve as your local mount point for example mntpeaxy
If you omit -o user=ltclient_user_namegt you would be prompted for the password associatedwith the local admin account to complete the client registration Best practice is to always create aclient registration account and use that password
The first time you mount the client to Aureum you will be prompted for a registration passwordto allow client-Aureum authentication Type the client registration password Otherwise youradministrator must do this for you
Peaxy strongly recommends that you change the password often especially after typing the passwordfor a client registration
If you or your IT administrator have associated a DNS entry with the Aureum IP address you mightwant to use the DNS name as the name for your mount point
Install Aureum | 26
To configure the Aureum client to automatically mount on startup locate the etcfstab file andadd the line
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults 0 0
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is the localmount point for example mntpeaxy
Note If you are running CentOS 7 change this line to add the _netdev flag as below
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults_netdev 0 0
You can now use the Aureum client to access Aureum
Unregister a Linux Client from AureumYou can securely unregister an installed FUSE client from the Aureum system that it mounts
Removing the registration renders the client unable to access Aureum If you use the all option youwill need to perform a new registration setup before you can mount Aureum again
Unregistering a client is done by running the unregsh script Use the following procedure tounregister the client
1 On the workstation running the client open a command prompt2 Move to optpeaxybin the location of the script3 Run the script
bull Type sudo unregsh ltAureumgt to unregister the client from a specific Aureum systemReplace ltAureumgt with the Aureum system to unregister
bull Type sudo unregsh all to unregister the client from all Aureum systems on which theclient is registered
Note Peaxy strongly recommends using the all option before you decommission aclient workstation
Windows ConfigurationDomain users with credentials from an Active Directory can access Aureum through a share
After Aureum joins a domain it sets up network shares for chosen directories (including all containedsubdirectories) To domain users these shares look the same as any other folder that is accessible viathe network
Unlike an Aureum client which mounts to the root of the volume a share allows a user to exportsubdirectories for more granular access
Where to Find ItFrom the Navigation menu select SECURITY gt DOMAINS and SECURITY gt SHARES
Join a DomainBefore you can create a share you must join a Windows domain
You can pre-create a machine account in an Active Directory under a specified OU If you choose notto do so Aureum will try to add a computer account to the default location of ldquoComputersrdquo
Important If Aureum is already joined to a domain joining another domain will replace thejoin not add to it Aureum will only be joined to the most recently joined domain
1 From the Navigation menu select SECURITY gt DOMAINS2 Type the complete Windows domain to join for example engexamplecom3 Type the username with access to the domain The user must have the necessary permissions to
join Aureum to the domain4 Type the password associated with the username or access to modify an object in the OU if the
machine account was pre-created
Install Aureum | 27
5 In the NETBIOS NAME field set the Aureum computer account name you wish to be created in theActive Directory If Aureum is using a pre-created machine account in a specific OU then the nameyou specify here must match that name exactly
6 Click JOIN
After the domain has been joined the JOIN button changes to LEAVE To leave the domain clickLEAVE
Create a ShareCreate a share to allow Windows users to connect to Aureum
Before you can create a share you must join the appropriate domain
1 From the Navigation menu select SECURITY gt SHARES2 Type the name of the share3 In the SHARE CONTENT IN field choose the appropriate data class
The IN DIRECTORY field automatically populates with the path specified by the chosen data classYou can extend this path but you cannot shorten it For example if the data class specifies the engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the share5 Click CREATE
6 To edit or delete a share click the share to be modified
bull To edit the share make the changes needed in the edit panel and click SAVE CHANGESbull To delete the share click the trash can icon ( ) and confirm the deletion
Mount an Aureum Windows ShareDomain-authenticated users can mount and access Aureum directories using a share
After Aureum has been joined to a domain and the share has been created you can easily mount tothe share
The exact mount process is based on your workstation OS
Install Aureum | 28
If you do not already know it you can determine the mount point from Aureum by navigating to theJOIN DOMAIN page and using one of the listed public IP addresses as the mount point Include theshare name when mounting
Peaxy recommends that you take the list of public IP addresses and enter them into your DNS serverlisted under the Aureum NetBIOS name within the appropriate domain In cases where multipleaddresses are used the DNS server automatically round-robins the returned address This ensure thatclient connection load is distributed across the available nodes
As a Windows example to mount a drive letter to Aureum Type
net use ltdrive_lettergt ltpublic addressgtltshare namegt
where ltdrive_lettergt is the drive letter to assign to Aureum ltpublic_addressgt is the IP address usedto join the domain and ltshare_namegt is the share
You then log into the share using your domain-authenticated username and password For exampleMYDOMAINmyname
After mapping the drive access Aureum through Windows Explorer just like you would any otherdrive
If the share does not appear in the Windows Explorer after a change such as a system reboot occursrefresh the view using the Refresh icon ( ) The share should display correctly
You do not have to assign a share to a drive letter however In Windows Explorer type the public IPaddress and share name into the address bar Provide your username and password
POSIX ComplianceAureum provides a POSIX-compliant interface
Most of the Aureum interfaces are POSIX compliant and adhere to the IEEE standard The following isa list of exceptions to compliance
bull The directory nlink count is not incremented when a subdirectory is addedbull inode retention differs from the POSIX specification because there is no way to retain the original
inode number when a rename entails a move to a different device You can display the datahyperserver extent ID instead of the namespace hyperserver Node ID to the caller in the statfamily of calls This does not change when a file or directory is renamed It does change if the file ismigrated from one data hyperserver to another
bull If two mount points are held to the same Aureum and a file is closed on one Aureum does notremove a fcntl lock for the same file on another This is a variance on the way that NFS worksThe internal locking structures take into account the client ID which varies depending on the clientmount If there are two different mounts to a server Aureum treats them as separate machineswhich NFS does not
bull The file locking call flock() is emulated using POSIX byte range locks (fcntl() ) The POSIXcompliance specification does not cover flock() This implementation mirrors the behavior ofNFS The Aureum behavior is slightly different and varies from the POSIX specification as follows
1 As in NFS you must have write permissions to get a write lock2 As in NFS you cannot place both flock() and fcntl() locks on the same file as these locks
will conflict3 An flock() will not inherit across forks4 The flock() will be durable against other file closes but fcntl() locks will not behave within
the POSIX specification5 As well as being removed by an explicit f_unlock record locks are automatically released
when the process terminates or if it closes any file descriptor referring to a file on which locksare held This means that a process can lose the locks on a file like etcpasswd or etcmtab if a library function opens reads and closes it
Information and ResourcesThe latest news and information can always be found on the Peaxy website
Peaxy provides documents that are designed for different audiences These documents furnish acomprehensive explanation of Aureum and how to use it Additionally information is available fromtooltips Each field has a tooltip that adds explanations and any limitations for the item
The most current and accurate information available was included at the time this document wasprepared However changes may occur after the document is released Always read the ReleaseNotes for the most current information
Aureum Installation GuideA step-by-step guide to installing and configuring Aureum into your network
Aureum Administrator GuideA guide to understanding the Aureum architecture Provides details for planning configuring andmonitoring your implementation
Quickstart SeriesA series of two-page guides providing an abbreviated set of instructions for Aureum tasks Theycan be taken in order or used as reminders for individual tasks
Tech NotesSome technical issues are outside the scope of the regular documentation These are presented asTechnical Notes
Contact Peaxy9 am to 5 pm Pacific Standard Time
Main +1 (408) 441-6500
Support +1 (408) 763-3700
By phone
Support toll free US only +1 (844) 277-3299
General information infopeaxynet
Sales salespeaxynet
Support supportpeaxynet
By email
Documentation feedback feedbackpeaxynet
Online wwwpeaxynetsupport (login required)
Peaxy Inc
2380 Bering Dr
By mail
San Jose CA 95131 USA
LegalPeaxyreg and Aureumtrade are registered trademarks of Peaxy Inc
All other trademarks belong to their respective companies
CopyrightsThis document is copyright copy 2016 Peaxy Inc
Aureum software includes portions of the following
bull Amazon Web Services (AWS) Java SDK httpsawsamazoncomsdk-for-java and httpawsamazoncomapache-2-0
bull Apache License Version 20 January 2004bull BEOPEN PYTHON OPEN SOURCE LICENSE AGREEMENT VERSION 1bull BSD 3bull crc32 routine COPYRIGHT copy 1986 Gary S Brownbull Element Tree used under the Python licensebull Erlang Public License (EPL) a derivative work of the Mozilla Public License Now provided under
the Apache 20 licensebull GoogleAuth httpsgithubcomwstrangeGoogleAuthbull GNU Lesser General Public License Version 3 Copyright copy 2007 Free Software Foundation Inc
and GNU Lesser General Public License Version 21 Copyright copy 1999 Free Software FoundationInc
bull Samba is Free Software licensed under the GNU General Public License httpswwwsambaorgsambadocsGPLhtml the Samba project is a member of the Software Freedom Conservancy
bull JSON-C Copyright (c) 2009-2012 Eric Haszlakiewicz and Copyright (c) 2004-2005 MetaparadigmPte Ltd
bull Kerberos Copyright copy 1985-2009 now under the MIT 2 licensebull libcurl Copyright (c) 1996 - 2015 Daniel Stenbergdanielhaxxsebull lshow used under the GPL licensebull MIT (X11) Copyright copy 2007-2015bull RIAK Creative Commons (httpcreativecommonsorg licensesby30)bull Goldrush Copyright copy 2012 Magnus Klaarbull Meld Under ZPL licensebull NSIS (Nullsoft Scriptable Install System) copy 1999-2013bull OpenSSL License Copyright (c) 1998-2016 The OpenSSL Project and Original SSLeay License
Copyright (c) 1995-1998 Eric Youngbull Protobuf Copyright 2008 Google Inc now under the BSD 3 licensebull Setup Tools (setuptools-06c11) Under ZPL licensebull Sodium crypto library (libsodium) ISC license Copyright (c) 2013-2015 Frank Denisbull Solr the Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull TCL Copyright copy Regents of the University of California Sun Microsystems Inc Scriptics
Corporation and other partiesbull The Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull The Apache Tika project Copyright copy The Apache Software Foundationbull VirtualBox Copyright copy 2007 Oracle Corp as part of the GNU GPL V2 Licensebull YAWS Copyright copy 2006 Claes Wikstrom now under the BSD licensebull Apache zookeeper Under the Apache 2 license
Index | 35
Index
bdl license file 18
img 12
MD5 12
zip 12
A
access directories 24Active Directory 26add
resources 19servers 19
Admin 17administrator 17AMS 12 14 15 16Aureum IP address 11Aureum Manager 6 12 14Aureum name 18Aureum overview 5average file size 18
B
beacon turning on or off 19BIOS 15bonding network interface 19bootable USB 12 14browser 15button color 17
C
capacity 10 19CentOS 10checksum 12client registration 22clients 22configuration 11configure email 21connect 22contact 31create
export 23share 27
create Aureum 15create storage class 20
D
dedicated capacity 20dedicated nodes 5default storage class 20directory access 24discover resources 12 14 19discovery state Aureum nodes 12 14disk space required 10DNS server 11DNS servers 18documentation 31domain-authenticated user
domain 27
domain-authentication 22domain suffix 11download images 14
E
editsecurity level 22
emailer settings 21Ethernet
interface 10switch 10
exportCIFS 23create an export 23
F
files needed 12 14firewall 12flexible capacity 20flock 29FUSE 10
G
gateway 11 18
H
hardware requirements 10how to reach Peaxy 31
I
image copier 12 14import a license 18initial configuration 18inode retention 29install
client 24Linux client 24
introduction 5iptables 16
J
javarequired version 12 14
javaw 14
K
Kerberos 22 22 23
L
legal 33levels of security 23license files 18licenses 18
Index | 36
Linux client install 24localhost 15location 18
M
maintenance agreement 18management IP 15mapping 22mount Aureum 24 27mounting 22 22
N
namespace 18Navigation menu
configuration 11security 22
netBIOS 22NIC 19NTP server 11 18
O
outgoing email 21overview
architecture 6Aureum building blocks 6components 6
P
password 17password limitations 17ports 12POSIX compliance 29primary domain 18primary domain suffix 11
R
RAM requirements 10realms 22reboot 12 14recommended configuration 10Red Hat Enterprise Linux 10replication factor 11 18 20resources
needed 10run setup 16
S
samsp 12 14 16security 22 23security levels
security 22 23select the license 18SElinux 16sestatus 16set performance levels 20settings 11setup 16share
CIFS 27
create a share 27Share 26SMTP 17 21software files 14space needed 10storage class creating default 20subnet mask 11Support hours 31
T
tar ball 24time server 18time zone 11 18
U
USB 15USB stick 10 12 14user account 17
V
virtualization 6 15
W
what youll need 11Windows
domain 26join a domain 26share 27
Windows client 10
Y
yum 24
Install Aureum | 10
Resource RequirementsThe requirements for the hardware are minimal and depend on the Aureum configuration you define
The software installation image is self-contained and does not have outside software requirements
Minimum Hardware Requirementsbull Three or more servers compatible with Red Hat Enterprise Linux version 7 64-bit 1
bull Each server should have a minimum of 24 GB RAM and one core per physical device (diskLUN)bull One or more 1 or 10 Gigabit Ethernet connectionsbull One 2 GB USB stick per serverbull One available USB port on each server
Important If you are planning replication you can replicate across only same-sized drives Forexample replication must be between multiple 1 TB drives or between multiple 2 TB drivesand so on
Aureum SolrCloudCompute Node Requirementsbull 4 or more CPU coresbull 64 GB RAMbull 1 TB local storage
Aureum FUSE Client RequirementsAureum clients may be run on either physical or virtual machines and can use either 1 Gigabit or 10Gigabit Ethernet connections
Additionally the client requires
bull 1 or more CPU coresbull 2 GB RAMbull Red Hat Enterprise Linux version 5 6 or 7 64-bit or CentOS 5 6 or 7 64-bit or laterbull FUSE (the Linux File System in User Space)
Aureum Windows Client RequirementsAureum clients may be run on either physical or virtual machines and can use either 1 Gigabit or 10Gigabit Ethernet connections
Additionally the client requires
bull 1 or more CPU coresbull 2 GB RAMbull a supported operating system
2008 SP2 x86 and 64-bit
2008 R2 64-bit
2012 64-bit
Windows Server
2012 R2 64-bit
Vista x86 and 64-bit
Windows 7 x86 and 64-bit
Windows 8 x86 and 64-bit
Windows
Windows 81 x86 and 64-bit
1 The complete list of compatible hardware is available at httpshardwareredhatcom
Install Aureum | 11
Windows 10 x86 and 64-bit
Aureum Configuration SettingsConfiguration settings are needed to install and configure Aureum There can be additional optionalsettings
Table 1 General and Network Settings
Item Description Example
Aureum name Names can be up to 14 alphanumeric characters and cancontain dashes (-) and underscores (_)
Aureum_One
Aureum IPaddress
This is a floating IP address that is used for communicationto and from Aureum Communication can be donethrough the Aureum IP address Peaxy recommendsthat organizations create a DNS entry for Aureum that ismapped to the IP address allowing you to refer to Aureumby a more meaningful name
10213119
IP addresses A list of IP addresses or one or more ranges of IPaddresses that the configuration wizard can use to assignIP addresses to discovered hypervisors If you includemultiple ranges the Aureum manager will use all availableIP addresses in the first range before moving to thesecond
151145011715114520 - 94
Gateway Aureum needs to be assigned a default gateway addressThe gateway is used by each hypervisor and node thatcomprises Aureum
1721601
Subnet mask All hypervisors making up Aureum must reside in the samesubnet This is defined by the subnet mask
25525500
DNS domainsuffix
Working with the DNS server the domain suffix identifiesthe server within a smaller network (like a computer lab)
peaxynet
DNS server list A list of up to three DNS servers to use 55219208672222228888
Time zone The time zone to use (UTC-800) Pacific
NTP server The IP address of the network time protocol (NTP)server that Aureum should use to coordinate time acrossthe entire namespace even if the servers within thenamespace are in disparate locations This can be criticalwhen Aureum needs to compare timestamps
0poolntporg1poolntporg
Averageexpected file size
The selection here is used by the system to determine themost efficient ratio of namespace hyperservers to datahyperservers
bull Small files (less than 1MB)bull Medium files (less than 20MB)bull Large files (greater than 20MB)bull A mixture of file sizes
Large files (greaterthan 20MB)
Replication factor The number of replicas created for data when the filesare assigned to a particular storage class Setting thereplication factor to 2 indicates that the original and one
2
Install Aureum | 12
Item Description Exampleadditional replica of the data are saved providing higheravailability Valid options are 2 3 and 4
Use the appropriate replication factor for each storageclass to implement the best level of protection for criticaldata and to limit wasted consumption for sandboxes andother nonessential data For data that is not critical or forsandboxes you can choose a lower replication factor Usea high replication factor for data that is critical or accessedoften
Table 2 Emailer Settings
Item Description Example
Email server The name of the email server This is usually an SMTPserver
smtpgmailcom
Server port By default port 587 is used Only change this if corporateor security requirements demand it
587
Email serveraccount
Enter a valid email account Aureum uses this account tosend email notifications and replacement passwords
memycompanycom
Password The password that is associated with the valid emailaccount
Send from Only change this if your SMTP server allows it and yourcorporate requirements demand it Normally only serversusing TLS require this entry
memycompanycom
Port Requirements and Firewall SettingsBecause Aureum uses the network for traffic specific ports must be available
The following table describes the ports that must be open for Aureum traffic and client connections
Port Type Used for
53 DNS DNS
443 TCP Encrypted traffic
514 UDP Log Server
3033 TCP Statistic collection
8001 TCP Analytics server
8080 HTTP Windows client
8443 TCP Encrypted traffic
10011 UDP LinuxFUSE client
Prepare Aureum Installation Resources (Linux)The software is installed on each server resource that will become part of Aureum Aureum ishardware agnostic but there must be adequate resources to complete the installation Each serveruses a USB stick to install the software
Make sure that you have the required basic resources described in Resource Requirements Downloadthe software files from wwwpeaxynetsupport A login is required
Install Aureum | 13
1 Download the software installation files
bull Release-ltreleasenumbergtimg is the image to be copied to a USB stick that will initializethe hardware
bull Release-ltreleasenumbergtmd5 is the checksum file that validates the validity of the imagebull samsp-ltreleasenumbergtzip is a compressed file that contains the utilities to move the
image to the USB stick and for the initial configuration of Aureumbull The Aureum client file
bull hfclient-fuse-ltreleasenumbergttargz - the Aureum Linux client installation file2 From a command prompt on your workstation uncompress the installation files Type
sudo unzip samsp-ltreleasenumbergtzip -d tmp
3 As root launch the image copier Double click img-copiersh and click Run on the dialog thatappears
4 Browse to the software image you downloaded (the img file) and select this file
5 Type a label for the USB sticks
The label is used to identify the system during the initial installation and becomes the name of theserver on which it is installed If you use the same label on different sticks the software will add anumeric suffix when creating the host name for example HOST-01 HOST-02 and so on Labelscannot exceed 16 charactersYou can provide a different label for each USB stick but to do so you must copy the image file toeach stick individually
6 Insert the USB sticks into a port on your workstation or a hub connected to your workstation andthen click REFRESH to make them visible to the image copier tool Select the sticks you want fromthose displayed in the destination drives list The USB stick must be at least 2 GB
7 Leave Verify copy operation enabled Peaxy strongly recommends that you do not skip this step
Install Aureum | 14
Depending on the speed on the USB sticks it can take several minutes to complete theverification
8 Enable hypervisor protection if requiredEnable hypervisor protection if the underlying storage consists of non-redundant JBOD (acollection of hard disks that have not been configured to act as a RAID) This creates a softwareRAID 5 configuration for the container store used by AureumYou can disable hypervisor protection if you have a hardware RAID under the disk volumes Thisallows Aureum to use a higher-performing RAID 0 configuration instead
9 Click START10After the copy is complete click EXIT and remove the USB sticks from the workstation or USB hub
The USB stick now contains a bootable image of the Aureum installation software
Prepare Aureum Installation Resources (Windows)The software is installed on each server resource that will become part of Aureum Aureum ishardware agnostic but there must be adequate resources to complete the installation Each serveruses a USB stick to install the software
You must have administrator permissions to install the Aureum software
Your workstation must be running the Java Runtime Environment (JRE) 17 or higher installed in orderto run the image copier
Make sure that you have the required basic resources described in Resource Requirements Downloadthe software files from wwwpeaxynetsupport A login is required
1 Download the software installation files
bull Release-ltreleasenumbergtimg is the image to be copied to a USB stick that will initializethe hardware
bull Release-ltreleasenumbergtmd5 is the checksum file that validates the validity of the imagebull samsp-ltreleasenumbergtzip is a compressed file that contains the utilities to move the
image to the USB stick and for the initial configuration of Aureumbull The Aureum client file
bull hfclient-fuse-ltreleasenumbergttargz - the Aureum Linux client installation file2 On your Windows workstation move to the location of the zip file and unzip the file using any
uncompression program3 Move to the location of the uncompressed file and double-click the executable to start the
installation4 With administrator privileges launch the image copier Double-click img-copierbat
Install Aureum | 15
If the image copier does not launch properly you might need to add javaw to your path Refer toyour Windows Operating System help for instructions
5 Browse to the software image you downloaded (the img file) and select this file then click Run6 Type a label for the USB sticks
The label is used to identify the system during the initial installation and becomes the name of theserver on which it is installed If you use the same label on different USB sticks the software willadd a numeric suffix when creating the host name for example HOST-01 HOST-02 and so onLabels cannot exceed 16 charactersYou can provide a different label for each USB stick but to do so you must copy the image file toeach stick individually
7 Insert the USB sticks into a port on your workstation or a hub connected to your workstation andthen click REFRESH to make them visible to the image copier tool Select the sticks you want fromthose displayed in the destination drives list The USB stick must be at least 2 GB
8 Leave Verify copy operation enabled Peaxy strongly recommends that you do not skip this stepDepending on the speed on the USB sticks it can take several minutes to complete theverification
9 Enable hypervisor protection if requiredEnable hypervisor protection if the underlying storage consists of non-redundant JBOD (acollection of hard disks that have not been configured to act as a RAID) This creates a softwareRAID 5 configuration for the container store used by AureumYou can disable hypervisor protection if you have a hardware RAID under the disk volumes Thisallows Aureum to use a higher-performing RAID 0 configuration instead
10Click START11After the copy is complete click EXIT and remove the USB sticks from the workstation or USB hub
The USB stick now contains a bootable image of the installation software
Install the SoftwareThe installation software on the USB stick installs the Peaxy software and lets you create Aureum
1 Insert one prepared USB stick into each server Servers must have a console attached or beaccessible via an IPMI management tool
Install Aureum | 16
2 Apply power to the servers either individually or with a few seconds in between to complete the
next steps
Note If you have already configured your server to boot from USB skip steps 3 4 and 5
3 Enter the server BIOS and instruct the server to boot from the USB stickThe method used to enter the BIOS depends on the server
4 Ensure that the virtualization setting is enabled in the BIOS5 Save the BIOS changes and reboot the server from the USB stick
After the server has booted from the USB stick and launched the installation software you will seea message at the bottom of the screen telling you that the server is being prepared for installationThis boot process has placed the servers in a discoverable state this plays a role in the nextphase of the installation process
Continue the InstallationAfter the servers have been prepared and the software has been installed begin the configuration
1 On your workstation disable the firewall
On Red Hat Enterprise LinuxCentOS 7 systems use the following commands
systemctl stop firewalld
systemctl disable firewalld
On other Linux-based operating systems use the following commands
service iptables stop
service ip6tables stop
chkconfig ip6tables off only include this command if you want to permanently turn thefirewall off
chkconfig iptables off only include this command if you want to permanently turn thefirewall off
2 On your workstation disable SElinuxYou can check the status of SElinux with sestatus The result should appear as SELinuxstatus disabledIf you do not see disabled
1 Edit etcselinuxconfig and set the SELINUX variable to disabled2 Reboot your client workstation
3 On the workstation launch the Aureum installation management tool Type
sudo tmpsamsp-400ltversiongtsamspsh
Install Aureum | 17
You should see something similar to the following
Launching Management Server Platform version 400rootOpen your browser and enter the URL httpslocalhost to continueDo not terminate samsp it is required to complete cluster configurationYou can view tmpsamsp-40010872logmsplog for detailed progress activity
Important Do not terminate samsp because it is needed to complete clusterconfiguration
4 Open a browser and type
httpslocalhost If you are running the browser on the same workstation running the stand alone MSP orhttpsltip addressgt IP address of the workstation running the standalone MSP
This launches the Peaxy Management Tool If prompted accept the self-signed Peaxy certificate
After the initial setup is complete the IP address changes in the browser address bar This isexpected and correct behavior Now the installation portion of the AMS exits and the integratedAureum manager becomes active
In the next step the Aureum manager guides you through the initial configuration process
Create an Admin AccountThe first step in configuring a new Aureum system is to supply the details for the Admin account Afterthe installation process is complete and Aureum is up and running the Admin account is used to loginto the Aureum web UI (PMT) to perform additional administration tasks such as creating other useraccounts and a client registration password
Important The Admin account has access to critical areas of Aureum Ensure that the Adminaccount is secure
1 Type an email address for the accountThe AMS verifies that the email address is formatted correctly but does not check the validity ofthe email address itself This is the email address to which emails are sent
Note When setting the outgoing mailer settings the use of a customized email addressis highly dependent on the mail server While it might be possible to use a custom emailSEND FROM address many mail servers (such as Gmail) do not allow sending email usinganything other than the registered user account name
2 Type a user name for the accountThe user name must be between 3 and 32 characters and can contain letters numbers dots ()and at signs ()
3 Type a password to be associated with the user name in the previous stepPasswords are case sensitive and should be secure Best practice shows that you should changepasswords regularly
4 Confirm the password by retyping the password exactly as you entered it aboveWhen all of the fields are complete and have the correct format the SUBMIT button turns fromgray to blue
5 Click SUBMIT
The user account information is now created and stored
Important Set up the outgoing emailer settings as soon as possible after completinginstallation of Aureum If you forget or lose your password Aureum cannot send you a newone until the outgoing email is configured
Install Aureum | 18
The next step is to import the Aureum license
Import an Aureum LicenseImporting the license for an Aureum instance activates the Peaxy software License types are assignedto the Admin account that you created at the beginning of the installation
Before you create an Aureum system make sure that you have received your license from Peaxy andthat the license details are correct
Each time you create an Aureum instance you must import a license
1 Select the license to import or drag it onto the files areaThe license is a bdl file that contains all of the files needed to install the license
2 Click IMPORT3 The system installs the license and continues to the next step
Provide Aureum InformationDefining a few basic configuration items is the first step in setting up Aureum
During the first steps of the initial configuration you provide the basic information needed to createAureum its components and the namespace details
1 Enter the Network settingsa) Enter the gateway addressb) Enter the subnet maskc) Enter the primary DNS domain suffix and up to three DNS server addresses
DNS servers must be entered as IP addresses Each DNS server is on a separate line2 Enter the General settings
a) Enter a name for this Aureum instanceNames can be up to 14 characters and can contain letters numbers dashes and underscores
b) Optional Enter a location for the Aureum system for example ldquodatacenterrdquo or ldquoPhoenixofficerdquo
c) Enter the Aureum IP addressd) Optional Enter up to three NTP servers
Including an NTP server ensures that the time stamp for Aureum is always correcte) Select the time zone to use from the drop-down menu
This ensures that all nodes in Aureum use the same time zone3 Define the Namespace settings
Install Aureum | 19
a) Select the average file size that you expect Aureum to containYour expected average file size selection is used by Aureum to determine the most efficientdistribution of hyperservers Aureum uses the selection you make here to determine theestimated ratio of namespace hyperservers to data hyperservers
b) Set the default namespace replication factor from 2 to 4The namespace replication factor is the number of replicas that Aureum creates for thenamespace
4 Click CONTINUE
Add resources to Aureum You can also click CANCEL to cancel the installation
Add ResourcesResources refer to the physical servers that will make up Aureum These can be any commodity serversuch as a 1U or 2U server with any number and size of disks These resources are used to build thenamespace and data hyperservers that form the heart of a running Aureum system
Note After a resource has been added Aureum claims the complete resource Unusedportions of a resource are designated as spares and are used in case of a failure or expansion
1 The system locates all physical servers that have been booted using USB sticks and are currently indiscovery stateYou will see a list of the servers available for inclusion Use the filter to narrow your search by servername
2 Select the servers to add to Aureum
Servers scheduled for selection have a check mark to the left Select the box beside SERVER NAMEto select all servers in the list
3 Enter the required number of IP addresses or an IP range The number of IP addresses neededappears above the IP ADDRESSES entry box
The system determines the number of IP addresses needed to ensure that all Aureum componentscan communicate receiving requests and returning responses Addresses can be individual IPaddresses (xxxxxxxxxxxx) an IP address range (xxxxxxxxx - xxx) or an IP address with a wildcard(xxxxxxxxx) Separate the IP addresses with a space comma or newline
Install Aureum | 20
Aureum only supports IPv4 (the dotted quad format) For example
192168100419216810015-2019216873
4 Define the roles of the serversClick the ROLES column entry for a server and configure the servers to support either data accessor search (SolrCloud) While it is possible to configure a server to support both data access andsearch this setting is not recommended for a production deployment
Note Aureum 40 supports SolrCloud clusters with one or three nodes Aureum 40 doesnot support SolrCloud clusters with either two nodes or more than three nodes
5 Define the bonding for the network port cardsYou should see the same speed for all of the network interfaces (NICs) on this server Use the list ofall NICs that are bonded with the interfaces on this server to form your decision Inactive NICs arenoted as sucha) Click the ETHERNET column entry for the server whose bonding to configure
If the column text is red some interfaces are not bonded to the server If the text is blue allavailable interfaces are bonded
b) Place a check mark next to all of the interfaces to bond to this server Remove the check markfor those interfaces you do not want included in the bond
6 Optional Toggle the server beacon on or offBeacon signals guide you to the server in question This is often used when troubleshooting tolocate a specific server in a large group of servers
7 Click CONTINUEWait for the installation wizard to verify that the IP addresses you entered are valid and can beused The system assigns the IP addresses and sets the state to Pending
8 Click START INSTALLATIONThe button changes from START INSTALLATION to INSTALLATION IN PROGRESS The systemassigns the resources to Aureum and determines the necessary number of dedicated nodesneeded for the configuration The progress is displayed but you can also use the Log link to followindividual progress If some of the servers are not yet ready wait a few moments and retry
The installation process will take some time typically 10 to 20 minutes When complete the IPaddress in the browser will switch from the local IP of your workstation to the Aureum IP addressthat was entered earlier This signals the transition from the AMS you launched earlier (samsp) to theintegrated PMT that is now running on Aureum
The next step is to create a default storage class
Create a Default Storage ClassA storage class groups and manages data hyperservers with similar replication factors capabilitiesand performance configuration
You must configure at least one storage class to use as the default during the initial Aureumconfiguration You can create more storage classes at any time as long as you have the resourcesnecessary
1 You are presented with the create Initial Storage Class option2 Enter the required information to create the storage class
a) Type a name for the storage classClass names can be up to 14 text characters
b) Define the performance levelPerformance levels based on throughput and seek time Select the paired setting that is best foryour expected usage For the widest option select ldquoAnyrdquo
c) Set the replication factor
Install Aureum | 21
Remember all hyperservers assigned to this storage class will use these settings
Note You must include at least the same number of resources to create the specifiedreplication factor For example you cannot have a replication factor of three in anAureum system with only two servers
Because each replication requires some amount of storage the replication factor selectedaffects the amount of total storage available
Tip The Aureum data space is partitioned through all the data-capable hyperserversEach hyperserver can be configured to offer a specified replication factor This lets youstore vital data with high redundancy while more transient data can skip replication inorder to optimize storage and performance costs
d) Optional Enable flexible space allocationEnabling flexible storage space allows the members of the storage class to consume thecapacity needed When more storage space is needed more is allocated automaticallyregardless of the initial allocation Peaxy recommends this option for general use Some casesmight have different needs
e) Optional To make this the default storage class select YESAll data that does not meet the conditions in a specific data policy will be stored on the defaultstorage class (See data policies in the Aureum Administrator Guide)
3 Click CREATE STORAGE CLASS4 To complete the initial installation and configuration click FINALIZE AUREUM then click YES to
confirm the configuration is correct
Important After you click FINALIZE you must wait for the health indicator on the Aureumcard or list turn green before using Aureum
The Aureum installation is complete and the PMT shows the main Aureum window To configureadditional Aureum storage classes and data policies and to understand how to monitor Aureum seethe Aureum Administrator Guide
Define Outgoing Mail SettingsIn order for Aureum to send email notifications and provide lost password recovery you must tellAureum how to send email alerts
Important Configure outgoing email settings as soon as reasonably possible If you lose orforget your password Aureum cannot send reset instructions until you configure the emailsettings
1 Select EMAILER CONFIG from the SETUP WIZARD pane or from the Navigation menu select EMAILER
2 Type the email (SMTP) server to use when sending the emailThe email server must be accessible from Aureum
Install Aureum | 22
3 By default the system uses port 587 This is usually the right setting Only change the EMAILSERVER PORT if your organizations SMTP server requires it
4 Enter a valid user account and password that Aureum will use to send email from this server5 Optional SEND FROM is required only if your email server requires Transport Layer Security (TLS)
If this is the case type the SEND FROM email addressGenerally the recommended SEND FROM address is a working system administrator account
6 Click SAVE
Create a Client Registration UserThe Aureum client registration user and password allow client authentication at mount time
This allows you to create a custom account for authenticating client mounts
1 Click REGISTRATION2 Type a name for the user This will be the username that is authorized to type in the registration
password when an Aureum client is installed3 Type the client registration password This password is used to register the Aureum client for
authentication at mount time4 Click SAVE
Configure SecurityDefine define the level of security for client communication
1 Click SECURITY LEVEL2 Slide the controller to the level of security your data will use
3 Click ACCEPT
ConnectAn Aureum client mounts Aureum and allows access to folders and files Peaxy provides clientsoftware for Linux users and allows Windows users to access Aureum through a Windows share
The Linux-based client uses a FUSE component to remotely access Aureum services Almost all Linuxinstallations include FUSE so you should not need to do anything extra
The Aureum client has a small footprint A very limited set of memory and CPU cycles are needed toperform the client functions Also the Aureum client can be used concurrently with other clients forNFS and other network file systems
When you install the client the client drivers are added to the default system directories To accessthese directories use the mount command (more commonly known as mapping a drive in Windows)to mount the client to the directory
Install Aureum | 23
Mounting a client to an Aureum directory loads all the data structures necessary for the client tointeract with Aureum As the structures change Aureum updates them In order for a client to accessAureum all that is necessary is that the client know the IP address or URL to which the client willconnect and the client-Aureum registration password
Also available is the ability to join a Windows domain and create domain-authenticated users who canaccess different areas of Aureum
Linux Client-Aureum RegistrationThe minimum security level for Aureum is the authenticated mount To ensure that unauthorized usersdont gain access to data Peaxy provides an authenticated mount between Aureum Linux clients andAureum using certificates and registration
Note The process described in this section applies to Linux clients Windows domains userswith credentials from an Active Directory access Aureum through a Windows share
Security is always an important part of any system that provides data access especially when theaccess spans many users and locations Peaxy provides a registration process where the clientand server exchange certificates which are used to authenticate subsequent connections Theregistration provides a mutual authentication method between the client and Aureum allowing theclient access Only authenticated clients are allowed to mount Aureum Other clients cannot use thesame authentication as part of the certificate registration Aureum generates a client key pair that isunique to each client-Aureum connection
How It WorksThe AMS requires a dynamic registration at the initial mount time As part of the registration Aureumgenerates a key pair unique to each client This key pair is persistent so you do not need to re-register the client each time you mount Aureum
This initial registration is required the first time the client mounts Aureum and requires a specialregistration password that is unique to Aureum This password is entered by the Aureum administratorat the workstation on which the client is installed Subsequent client mounts use the client certificateissued during registration
Security LevelsAureum offers varying levels of security
The security level is visible on the Aureum card or list and is indicated in the SECURITY section by thenumber of total locks that are green Gray locks indicate how many additional security levels you canselect For example if there are four total locks and three are green your current security level is 3Message Integrity
bull Data Confidentiality all data in and out of Aureum is verified and encryptedbull Message Integrity message authentication codes verify message integritybull Kerberos Authentication use the Kerberos authentication protocol as the mechanism for
authentication between a client and a server or between one server and another serverbull Authenticated Mount use X509 certificates to mutually authenticate and validate all Aureum
clients and hyperservers in Aureum
Create an ExportCreate an export to allow Linux clients to mount and access Aureum
1 From the Navigation menu select SECURITY gt EXPORTS2 Type the export name3 In the EXPORT CONTENT IN field choose the data class to export
The IN DIRECTORY field automatically populates with the path specified by the chosen data classYou can extend this path but you cannot shorten it For example if the data class specifies the
Install Aureum | 24
engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the export5 Click CREATE6 To edit or delete an export click the corresponding entry in the list
bull To edit the export make the changes needed in the edit panel and click SAVE CHANGESbull To delete an export click the corresponding trash can icon ( ) and confirm the deletion
Install a Linux-based Aureum ClientYou install the Aureum client on physical hardware or on a workstation in the cloud Use the client tomount and access Aureum directories
Before installing the client make sure that your system meets the minimum requirements describedin the Requirements section of this document
Note Aureum uses FUSE in Direct IO mode for better performance The version of FUSErunning on older versions of CentOS Red Hat Enterprise Linux doesnt support mmap whenFUSE is being used this way This might cause some mmap functions such as ACCESS_WRITEMAP_SHARED and PROT_WRITE to fail You can use the mount flag --disable-direct-io-mode to disable Direct IO mode
If you choose to use Direct IO mmap will be disabled on CentOS56 and 57 since those versionsdont support mmap with direct IO Enabling this option will result in a significant performancedegradation on clients using this option Peaxy strongly recommends that you upgrade to a newerversion of Linux
Ensure FUSE and its dependencies have been installed on each client If it has not been installedinstall FUSE according to the instructions for the package you chose On CentOS for example installthis by typing
sudo yum -y install fusex86_64 fuse-develx86_64 fuse-libsx86_64
The version numbers for your installation may differ
If you have installed a version of the fuseko module that is not the Peaxy-specific version runadditional commands at the end of the installation process This prevents kernel-oops messages fromconsuming all of the space in the varspool directory These messages indicate a benign conditiondue to a Linux FUSE problem
Run the following commands
chkconfig --levels 2345 abrt-oops off service abrt-oops stop
Note The client installation sets the following values automatically
Parameter Value set to
netipv4tcp_tw_recycle 1
netipv4tcp_fin_timeout 2
netcorewmem_max 2097152
netcorermem_max 2097152
netcorewmem_default 2097152
netcorermem_default 2097152
Install Aureum | 25
1 Download the Aureum client file from the support section of the Peaxy website at wwwpeaxynetsupport (login is required)The file is downloaded as a targz package and contains an installer It has a name similar tohfclient-fuse-400ltbuildnumbergttargz
2 Unpack the distribution file by typing the following
tar -zxvf hfclient-fuse-400ltbuildnumbergttargz
You will see something like the following
hfclient-fuse-400hfclient-fuse-400setupshhfclient-fuse-400scriptshfclient-fuse-400scriptsupdatedbshhfclient-fuse-400scriptsc_rehashshhfclient-fuse-400scriptssysctlshhfclient-fuse-400scriptsunregshhfclient-fuse-400scriptsconfshhfclient-fuse-400binhfclient-fuse-400binfusehfCentOS-5xhfclient-fuse-400binfusehfhfclient-fuse-400confhfclient-fuse-400confhfconftgz
3 While logged in as root run setupsh installThe driver files are installed in the default system directories You will see something similar to thefollowing
sudo setupsh install
Installer for Peaxy Aureum Client version 40
Checking package contentsInstalling hf client binariesremoved `optpeaxy-40sbinfusehf`binfusehf -gt `optpeaxy-40sbinfusehfInstallation complete
Mount Aureum
Mount Aureum (Linux)After the client is installed use the mount command to mount Aureum
At a command prompt type
sudo mkdir -p ltmnt_pointgtsudo mount -t fusehf hfltmgmt_ipgt ltmnt_pointgt -o user=ltclient registration usernamegt
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is thedirectory that will serve as your local mount point for example mntpeaxy
If you omit -o user=ltclient_user_namegt you would be prompted for the password associatedwith the local admin account to complete the client registration Best practice is to always create aclient registration account and use that password
The first time you mount the client to Aureum you will be prompted for a registration passwordto allow client-Aureum authentication Type the client registration password Otherwise youradministrator must do this for you
Peaxy strongly recommends that you change the password often especially after typing the passwordfor a client registration
If you or your IT administrator have associated a DNS entry with the Aureum IP address you mightwant to use the DNS name as the name for your mount point
Install Aureum | 26
To configure the Aureum client to automatically mount on startup locate the etcfstab file andadd the line
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults 0 0
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is the localmount point for example mntpeaxy
Note If you are running CentOS 7 change this line to add the _netdev flag as below
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults_netdev 0 0
You can now use the Aureum client to access Aureum
Unregister a Linux Client from AureumYou can securely unregister an installed FUSE client from the Aureum system that it mounts
Removing the registration renders the client unable to access Aureum If you use the all option youwill need to perform a new registration setup before you can mount Aureum again
Unregistering a client is done by running the unregsh script Use the following procedure tounregister the client
1 On the workstation running the client open a command prompt2 Move to optpeaxybin the location of the script3 Run the script
bull Type sudo unregsh ltAureumgt to unregister the client from a specific Aureum systemReplace ltAureumgt with the Aureum system to unregister
bull Type sudo unregsh all to unregister the client from all Aureum systems on which theclient is registered
Note Peaxy strongly recommends using the all option before you decommission aclient workstation
Windows ConfigurationDomain users with credentials from an Active Directory can access Aureum through a share
After Aureum joins a domain it sets up network shares for chosen directories (including all containedsubdirectories) To domain users these shares look the same as any other folder that is accessible viathe network
Unlike an Aureum client which mounts to the root of the volume a share allows a user to exportsubdirectories for more granular access
Where to Find ItFrom the Navigation menu select SECURITY gt DOMAINS and SECURITY gt SHARES
Join a DomainBefore you can create a share you must join a Windows domain
You can pre-create a machine account in an Active Directory under a specified OU If you choose notto do so Aureum will try to add a computer account to the default location of ldquoComputersrdquo
Important If Aureum is already joined to a domain joining another domain will replace thejoin not add to it Aureum will only be joined to the most recently joined domain
1 From the Navigation menu select SECURITY gt DOMAINS2 Type the complete Windows domain to join for example engexamplecom3 Type the username with access to the domain The user must have the necessary permissions to
join Aureum to the domain4 Type the password associated with the username or access to modify an object in the OU if the
machine account was pre-created
Install Aureum | 27
5 In the NETBIOS NAME field set the Aureum computer account name you wish to be created in theActive Directory If Aureum is using a pre-created machine account in a specific OU then the nameyou specify here must match that name exactly
6 Click JOIN
After the domain has been joined the JOIN button changes to LEAVE To leave the domain clickLEAVE
Create a ShareCreate a share to allow Windows users to connect to Aureum
Before you can create a share you must join the appropriate domain
1 From the Navigation menu select SECURITY gt SHARES2 Type the name of the share3 In the SHARE CONTENT IN field choose the appropriate data class
The IN DIRECTORY field automatically populates with the path specified by the chosen data classYou can extend this path but you cannot shorten it For example if the data class specifies the engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the share5 Click CREATE
6 To edit or delete a share click the share to be modified
bull To edit the share make the changes needed in the edit panel and click SAVE CHANGESbull To delete the share click the trash can icon ( ) and confirm the deletion
Mount an Aureum Windows ShareDomain-authenticated users can mount and access Aureum directories using a share
After Aureum has been joined to a domain and the share has been created you can easily mount tothe share
The exact mount process is based on your workstation OS
Install Aureum | 28
If you do not already know it you can determine the mount point from Aureum by navigating to theJOIN DOMAIN page and using one of the listed public IP addresses as the mount point Include theshare name when mounting
Peaxy recommends that you take the list of public IP addresses and enter them into your DNS serverlisted under the Aureum NetBIOS name within the appropriate domain In cases where multipleaddresses are used the DNS server automatically round-robins the returned address This ensure thatclient connection load is distributed across the available nodes
As a Windows example to mount a drive letter to Aureum Type
net use ltdrive_lettergt ltpublic addressgtltshare namegt
where ltdrive_lettergt is the drive letter to assign to Aureum ltpublic_addressgt is the IP address usedto join the domain and ltshare_namegt is the share
You then log into the share using your domain-authenticated username and password For exampleMYDOMAINmyname
After mapping the drive access Aureum through Windows Explorer just like you would any otherdrive
If the share does not appear in the Windows Explorer after a change such as a system reboot occursrefresh the view using the Refresh icon ( ) The share should display correctly
You do not have to assign a share to a drive letter however In Windows Explorer type the public IPaddress and share name into the address bar Provide your username and password
POSIX ComplianceAureum provides a POSIX-compliant interface
Most of the Aureum interfaces are POSIX compliant and adhere to the IEEE standard The following isa list of exceptions to compliance
bull The directory nlink count is not incremented when a subdirectory is addedbull inode retention differs from the POSIX specification because there is no way to retain the original
inode number when a rename entails a move to a different device You can display the datahyperserver extent ID instead of the namespace hyperserver Node ID to the caller in the statfamily of calls This does not change when a file or directory is renamed It does change if the file ismigrated from one data hyperserver to another
bull If two mount points are held to the same Aureum and a file is closed on one Aureum does notremove a fcntl lock for the same file on another This is a variance on the way that NFS worksThe internal locking structures take into account the client ID which varies depending on the clientmount If there are two different mounts to a server Aureum treats them as separate machineswhich NFS does not
bull The file locking call flock() is emulated using POSIX byte range locks (fcntl() ) The POSIXcompliance specification does not cover flock() This implementation mirrors the behavior ofNFS The Aureum behavior is slightly different and varies from the POSIX specification as follows
1 As in NFS you must have write permissions to get a write lock2 As in NFS you cannot place both flock() and fcntl() locks on the same file as these locks
will conflict3 An flock() will not inherit across forks4 The flock() will be durable against other file closes but fcntl() locks will not behave within
the POSIX specification5 As well as being removed by an explicit f_unlock record locks are automatically released
when the process terminates or if it closes any file descriptor referring to a file on which locksare held This means that a process can lose the locks on a file like etcpasswd or etcmtab if a library function opens reads and closes it
Information and ResourcesThe latest news and information can always be found on the Peaxy website
Peaxy provides documents that are designed for different audiences These documents furnish acomprehensive explanation of Aureum and how to use it Additionally information is available fromtooltips Each field has a tooltip that adds explanations and any limitations for the item
The most current and accurate information available was included at the time this document wasprepared However changes may occur after the document is released Always read the ReleaseNotes for the most current information
Aureum Installation GuideA step-by-step guide to installing and configuring Aureum into your network
Aureum Administrator GuideA guide to understanding the Aureum architecture Provides details for planning configuring andmonitoring your implementation
Quickstart SeriesA series of two-page guides providing an abbreviated set of instructions for Aureum tasks Theycan be taken in order or used as reminders for individual tasks
Tech NotesSome technical issues are outside the scope of the regular documentation These are presented asTechnical Notes
Contact Peaxy9 am to 5 pm Pacific Standard Time
Main +1 (408) 441-6500
Support +1 (408) 763-3700
By phone
Support toll free US only +1 (844) 277-3299
General information infopeaxynet
Sales salespeaxynet
Support supportpeaxynet
By email
Documentation feedback feedbackpeaxynet
Online wwwpeaxynetsupport (login required)
Peaxy Inc
2380 Bering Dr
By mail
San Jose CA 95131 USA
LegalPeaxyreg and Aureumtrade are registered trademarks of Peaxy Inc
All other trademarks belong to their respective companies
CopyrightsThis document is copyright copy 2016 Peaxy Inc
Aureum software includes portions of the following
bull Amazon Web Services (AWS) Java SDK httpsawsamazoncomsdk-for-java and httpawsamazoncomapache-2-0
bull Apache License Version 20 January 2004bull BEOPEN PYTHON OPEN SOURCE LICENSE AGREEMENT VERSION 1bull BSD 3bull crc32 routine COPYRIGHT copy 1986 Gary S Brownbull Element Tree used under the Python licensebull Erlang Public License (EPL) a derivative work of the Mozilla Public License Now provided under
the Apache 20 licensebull GoogleAuth httpsgithubcomwstrangeGoogleAuthbull GNU Lesser General Public License Version 3 Copyright copy 2007 Free Software Foundation Inc
and GNU Lesser General Public License Version 21 Copyright copy 1999 Free Software FoundationInc
bull Samba is Free Software licensed under the GNU General Public License httpswwwsambaorgsambadocsGPLhtml the Samba project is a member of the Software Freedom Conservancy
bull JSON-C Copyright (c) 2009-2012 Eric Haszlakiewicz and Copyright (c) 2004-2005 MetaparadigmPte Ltd
bull Kerberos Copyright copy 1985-2009 now under the MIT 2 licensebull libcurl Copyright (c) 1996 - 2015 Daniel Stenbergdanielhaxxsebull lshow used under the GPL licensebull MIT (X11) Copyright copy 2007-2015bull RIAK Creative Commons (httpcreativecommonsorg licensesby30)bull Goldrush Copyright copy 2012 Magnus Klaarbull Meld Under ZPL licensebull NSIS (Nullsoft Scriptable Install System) copy 1999-2013bull OpenSSL License Copyright (c) 1998-2016 The OpenSSL Project and Original SSLeay License
Copyright (c) 1995-1998 Eric Youngbull Protobuf Copyright 2008 Google Inc now under the BSD 3 licensebull Setup Tools (setuptools-06c11) Under ZPL licensebull Sodium crypto library (libsodium) ISC license Copyright (c) 2013-2015 Frank Denisbull Solr the Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull TCL Copyright copy Regents of the University of California Sun Microsystems Inc Scriptics
Corporation and other partiesbull The Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull The Apache Tika project Copyright copy The Apache Software Foundationbull VirtualBox Copyright copy 2007 Oracle Corp as part of the GNU GPL V2 Licensebull YAWS Copyright copy 2006 Claes Wikstrom now under the BSD licensebull Apache zookeeper Under the Apache 2 license
Index | 35
Index
bdl license file 18
img 12
MD5 12
zip 12
A
access directories 24Active Directory 26add
resources 19servers 19
Admin 17administrator 17AMS 12 14 15 16Aureum IP address 11Aureum Manager 6 12 14Aureum name 18Aureum overview 5average file size 18
B
beacon turning on or off 19BIOS 15bonding network interface 19bootable USB 12 14browser 15button color 17
C
capacity 10 19CentOS 10checksum 12client registration 22clients 22configuration 11configure email 21connect 22contact 31create
export 23share 27
create Aureum 15create storage class 20
D
dedicated capacity 20dedicated nodes 5default storage class 20directory access 24discover resources 12 14 19discovery state Aureum nodes 12 14disk space required 10DNS server 11DNS servers 18documentation 31domain-authenticated user
domain 27
domain-authentication 22domain suffix 11download images 14
E
editsecurity level 22
emailer settings 21Ethernet
interface 10switch 10
exportCIFS 23create an export 23
F
files needed 12 14firewall 12flexible capacity 20flock 29FUSE 10
G
gateway 11 18
H
hardware requirements 10how to reach Peaxy 31
I
image copier 12 14import a license 18initial configuration 18inode retention 29install
client 24Linux client 24
introduction 5iptables 16
J
javarequired version 12 14
javaw 14
K
Kerberos 22 22 23
L
legal 33levels of security 23license files 18licenses 18
Index | 36
Linux client install 24localhost 15location 18
M
maintenance agreement 18management IP 15mapping 22mount Aureum 24 27mounting 22 22
N
namespace 18Navigation menu
configuration 11security 22
netBIOS 22NIC 19NTP server 11 18
O
outgoing email 21overview
architecture 6Aureum building blocks 6components 6
P
password 17password limitations 17ports 12POSIX compliance 29primary domain 18primary domain suffix 11
R
RAM requirements 10realms 22reboot 12 14recommended configuration 10Red Hat Enterprise Linux 10replication factor 11 18 20resources
needed 10run setup 16
S
samsp 12 14 16security 22 23security levels
security 22 23select the license 18SElinux 16sestatus 16set performance levels 20settings 11setup 16share
CIFS 27
create a share 27Share 26SMTP 17 21software files 14space needed 10storage class creating default 20subnet mask 11Support hours 31
T
tar ball 24time server 18time zone 11 18
U
USB 15USB stick 10 12 14user account 17
V
virtualization 6 15
W
what youll need 11Windows
domain 26join a domain 26share 27
Windows client 10
Y
yum 24
Install Aureum | 11
Windows 10 x86 and 64-bit
Aureum Configuration SettingsConfiguration settings are needed to install and configure Aureum There can be additional optionalsettings
Table 1 General and Network Settings
Item Description Example
Aureum name Names can be up to 14 alphanumeric characters and cancontain dashes (-) and underscores (_)
Aureum_One
Aureum IPaddress
This is a floating IP address that is used for communicationto and from Aureum Communication can be donethrough the Aureum IP address Peaxy recommendsthat organizations create a DNS entry for Aureum that ismapped to the IP address allowing you to refer to Aureumby a more meaningful name
10213119
IP addresses A list of IP addresses or one or more ranges of IPaddresses that the configuration wizard can use to assignIP addresses to discovered hypervisors If you includemultiple ranges the Aureum manager will use all availableIP addresses in the first range before moving to thesecond
151145011715114520 - 94
Gateway Aureum needs to be assigned a default gateway addressThe gateway is used by each hypervisor and node thatcomprises Aureum
1721601
Subnet mask All hypervisors making up Aureum must reside in the samesubnet This is defined by the subnet mask
25525500
DNS domainsuffix
Working with the DNS server the domain suffix identifiesthe server within a smaller network (like a computer lab)
peaxynet
DNS server list A list of up to three DNS servers to use 55219208672222228888
Time zone The time zone to use (UTC-800) Pacific
NTP server The IP address of the network time protocol (NTP)server that Aureum should use to coordinate time acrossthe entire namespace even if the servers within thenamespace are in disparate locations This can be criticalwhen Aureum needs to compare timestamps
0poolntporg1poolntporg
Averageexpected file size
The selection here is used by the system to determine themost efficient ratio of namespace hyperservers to datahyperservers
bull Small files (less than 1MB)bull Medium files (less than 20MB)bull Large files (greater than 20MB)bull A mixture of file sizes
Large files (greaterthan 20MB)
Replication factor The number of replicas created for data when the filesare assigned to a particular storage class Setting thereplication factor to 2 indicates that the original and one
2
Install Aureum | 12
Item Description Exampleadditional replica of the data are saved providing higheravailability Valid options are 2 3 and 4
Use the appropriate replication factor for each storageclass to implement the best level of protection for criticaldata and to limit wasted consumption for sandboxes andother nonessential data For data that is not critical or forsandboxes you can choose a lower replication factor Usea high replication factor for data that is critical or accessedoften
Table 2 Emailer Settings
Item Description Example
Email server The name of the email server This is usually an SMTPserver
smtpgmailcom
Server port By default port 587 is used Only change this if corporateor security requirements demand it
587
Email serveraccount
Enter a valid email account Aureum uses this account tosend email notifications and replacement passwords
memycompanycom
Password The password that is associated with the valid emailaccount
Send from Only change this if your SMTP server allows it and yourcorporate requirements demand it Normally only serversusing TLS require this entry
memycompanycom
Port Requirements and Firewall SettingsBecause Aureum uses the network for traffic specific ports must be available
The following table describes the ports that must be open for Aureum traffic and client connections
Port Type Used for
53 DNS DNS
443 TCP Encrypted traffic
514 UDP Log Server
3033 TCP Statistic collection
8001 TCP Analytics server
8080 HTTP Windows client
8443 TCP Encrypted traffic
10011 UDP LinuxFUSE client
Prepare Aureum Installation Resources (Linux)The software is installed on each server resource that will become part of Aureum Aureum ishardware agnostic but there must be adequate resources to complete the installation Each serveruses a USB stick to install the software
Make sure that you have the required basic resources described in Resource Requirements Downloadthe software files from wwwpeaxynetsupport A login is required
Install Aureum | 13
1 Download the software installation files
bull Release-ltreleasenumbergtimg is the image to be copied to a USB stick that will initializethe hardware
bull Release-ltreleasenumbergtmd5 is the checksum file that validates the validity of the imagebull samsp-ltreleasenumbergtzip is a compressed file that contains the utilities to move the
image to the USB stick and for the initial configuration of Aureumbull The Aureum client file
bull hfclient-fuse-ltreleasenumbergttargz - the Aureum Linux client installation file2 From a command prompt on your workstation uncompress the installation files Type
sudo unzip samsp-ltreleasenumbergtzip -d tmp
3 As root launch the image copier Double click img-copiersh and click Run on the dialog thatappears
4 Browse to the software image you downloaded (the img file) and select this file
5 Type a label for the USB sticks
The label is used to identify the system during the initial installation and becomes the name of theserver on which it is installed If you use the same label on different sticks the software will add anumeric suffix when creating the host name for example HOST-01 HOST-02 and so on Labelscannot exceed 16 charactersYou can provide a different label for each USB stick but to do so you must copy the image file toeach stick individually
6 Insert the USB sticks into a port on your workstation or a hub connected to your workstation andthen click REFRESH to make them visible to the image copier tool Select the sticks you want fromthose displayed in the destination drives list The USB stick must be at least 2 GB
7 Leave Verify copy operation enabled Peaxy strongly recommends that you do not skip this step
Install Aureum | 14
Depending on the speed on the USB sticks it can take several minutes to complete theverification
8 Enable hypervisor protection if requiredEnable hypervisor protection if the underlying storage consists of non-redundant JBOD (acollection of hard disks that have not been configured to act as a RAID) This creates a softwareRAID 5 configuration for the container store used by AureumYou can disable hypervisor protection if you have a hardware RAID under the disk volumes Thisallows Aureum to use a higher-performing RAID 0 configuration instead
9 Click START10After the copy is complete click EXIT and remove the USB sticks from the workstation or USB hub
The USB stick now contains a bootable image of the Aureum installation software
Prepare Aureum Installation Resources (Windows)The software is installed on each server resource that will become part of Aureum Aureum ishardware agnostic but there must be adequate resources to complete the installation Each serveruses a USB stick to install the software
You must have administrator permissions to install the Aureum software
Your workstation must be running the Java Runtime Environment (JRE) 17 or higher installed in orderto run the image copier
Make sure that you have the required basic resources described in Resource Requirements Downloadthe software files from wwwpeaxynetsupport A login is required
1 Download the software installation files
bull Release-ltreleasenumbergtimg is the image to be copied to a USB stick that will initializethe hardware
bull Release-ltreleasenumbergtmd5 is the checksum file that validates the validity of the imagebull samsp-ltreleasenumbergtzip is a compressed file that contains the utilities to move the
image to the USB stick and for the initial configuration of Aureumbull The Aureum client file
bull hfclient-fuse-ltreleasenumbergttargz - the Aureum Linux client installation file2 On your Windows workstation move to the location of the zip file and unzip the file using any
uncompression program3 Move to the location of the uncompressed file and double-click the executable to start the
installation4 With administrator privileges launch the image copier Double-click img-copierbat
Install Aureum | 15
If the image copier does not launch properly you might need to add javaw to your path Refer toyour Windows Operating System help for instructions
5 Browse to the software image you downloaded (the img file) and select this file then click Run6 Type a label for the USB sticks
The label is used to identify the system during the initial installation and becomes the name of theserver on which it is installed If you use the same label on different USB sticks the software willadd a numeric suffix when creating the host name for example HOST-01 HOST-02 and so onLabels cannot exceed 16 charactersYou can provide a different label for each USB stick but to do so you must copy the image file toeach stick individually
7 Insert the USB sticks into a port on your workstation or a hub connected to your workstation andthen click REFRESH to make them visible to the image copier tool Select the sticks you want fromthose displayed in the destination drives list The USB stick must be at least 2 GB
8 Leave Verify copy operation enabled Peaxy strongly recommends that you do not skip this stepDepending on the speed on the USB sticks it can take several minutes to complete theverification
9 Enable hypervisor protection if requiredEnable hypervisor protection if the underlying storage consists of non-redundant JBOD (acollection of hard disks that have not been configured to act as a RAID) This creates a softwareRAID 5 configuration for the container store used by AureumYou can disable hypervisor protection if you have a hardware RAID under the disk volumes Thisallows Aureum to use a higher-performing RAID 0 configuration instead
10Click START11After the copy is complete click EXIT and remove the USB sticks from the workstation or USB hub
The USB stick now contains a bootable image of the installation software
Install the SoftwareThe installation software on the USB stick installs the Peaxy software and lets you create Aureum
1 Insert one prepared USB stick into each server Servers must have a console attached or beaccessible via an IPMI management tool
Install Aureum | 16
2 Apply power to the servers either individually or with a few seconds in between to complete the
next steps
Note If you have already configured your server to boot from USB skip steps 3 4 and 5
3 Enter the server BIOS and instruct the server to boot from the USB stickThe method used to enter the BIOS depends on the server
4 Ensure that the virtualization setting is enabled in the BIOS5 Save the BIOS changes and reboot the server from the USB stick
After the server has booted from the USB stick and launched the installation software you will seea message at the bottom of the screen telling you that the server is being prepared for installationThis boot process has placed the servers in a discoverable state this plays a role in the nextphase of the installation process
Continue the InstallationAfter the servers have been prepared and the software has been installed begin the configuration
1 On your workstation disable the firewall
On Red Hat Enterprise LinuxCentOS 7 systems use the following commands
systemctl stop firewalld
systemctl disable firewalld
On other Linux-based operating systems use the following commands
service iptables stop
service ip6tables stop
chkconfig ip6tables off only include this command if you want to permanently turn thefirewall off
chkconfig iptables off only include this command if you want to permanently turn thefirewall off
2 On your workstation disable SElinuxYou can check the status of SElinux with sestatus The result should appear as SELinuxstatus disabledIf you do not see disabled
1 Edit etcselinuxconfig and set the SELINUX variable to disabled2 Reboot your client workstation
3 On the workstation launch the Aureum installation management tool Type
sudo tmpsamsp-400ltversiongtsamspsh
Install Aureum | 17
You should see something similar to the following
Launching Management Server Platform version 400rootOpen your browser and enter the URL httpslocalhost to continueDo not terminate samsp it is required to complete cluster configurationYou can view tmpsamsp-40010872logmsplog for detailed progress activity
Important Do not terminate samsp because it is needed to complete clusterconfiguration
4 Open a browser and type
httpslocalhost If you are running the browser on the same workstation running the stand alone MSP orhttpsltip addressgt IP address of the workstation running the standalone MSP
This launches the Peaxy Management Tool If prompted accept the self-signed Peaxy certificate
After the initial setup is complete the IP address changes in the browser address bar This isexpected and correct behavior Now the installation portion of the AMS exits and the integratedAureum manager becomes active
In the next step the Aureum manager guides you through the initial configuration process
Create an Admin AccountThe first step in configuring a new Aureum system is to supply the details for the Admin account Afterthe installation process is complete and Aureum is up and running the Admin account is used to loginto the Aureum web UI (PMT) to perform additional administration tasks such as creating other useraccounts and a client registration password
Important The Admin account has access to critical areas of Aureum Ensure that the Adminaccount is secure
1 Type an email address for the accountThe AMS verifies that the email address is formatted correctly but does not check the validity ofthe email address itself This is the email address to which emails are sent
Note When setting the outgoing mailer settings the use of a customized email addressis highly dependent on the mail server While it might be possible to use a custom emailSEND FROM address many mail servers (such as Gmail) do not allow sending email usinganything other than the registered user account name
2 Type a user name for the accountThe user name must be between 3 and 32 characters and can contain letters numbers dots ()and at signs ()
3 Type a password to be associated with the user name in the previous stepPasswords are case sensitive and should be secure Best practice shows that you should changepasswords regularly
4 Confirm the password by retyping the password exactly as you entered it aboveWhen all of the fields are complete and have the correct format the SUBMIT button turns fromgray to blue
5 Click SUBMIT
The user account information is now created and stored
Important Set up the outgoing emailer settings as soon as possible after completinginstallation of Aureum If you forget or lose your password Aureum cannot send you a newone until the outgoing email is configured
Install Aureum | 18
The next step is to import the Aureum license
Import an Aureum LicenseImporting the license for an Aureum instance activates the Peaxy software License types are assignedto the Admin account that you created at the beginning of the installation
Before you create an Aureum system make sure that you have received your license from Peaxy andthat the license details are correct
Each time you create an Aureum instance you must import a license
1 Select the license to import or drag it onto the files areaThe license is a bdl file that contains all of the files needed to install the license
2 Click IMPORT3 The system installs the license and continues to the next step
Provide Aureum InformationDefining a few basic configuration items is the first step in setting up Aureum
During the first steps of the initial configuration you provide the basic information needed to createAureum its components and the namespace details
1 Enter the Network settingsa) Enter the gateway addressb) Enter the subnet maskc) Enter the primary DNS domain suffix and up to three DNS server addresses
DNS servers must be entered as IP addresses Each DNS server is on a separate line2 Enter the General settings
a) Enter a name for this Aureum instanceNames can be up to 14 characters and can contain letters numbers dashes and underscores
b) Optional Enter a location for the Aureum system for example ldquodatacenterrdquo or ldquoPhoenixofficerdquo
c) Enter the Aureum IP addressd) Optional Enter up to three NTP servers
Including an NTP server ensures that the time stamp for Aureum is always correcte) Select the time zone to use from the drop-down menu
This ensures that all nodes in Aureum use the same time zone3 Define the Namespace settings
Install Aureum | 19
a) Select the average file size that you expect Aureum to containYour expected average file size selection is used by Aureum to determine the most efficientdistribution of hyperservers Aureum uses the selection you make here to determine theestimated ratio of namespace hyperservers to data hyperservers
b) Set the default namespace replication factor from 2 to 4The namespace replication factor is the number of replicas that Aureum creates for thenamespace
4 Click CONTINUE
Add resources to Aureum You can also click CANCEL to cancel the installation
Add ResourcesResources refer to the physical servers that will make up Aureum These can be any commodity serversuch as a 1U or 2U server with any number and size of disks These resources are used to build thenamespace and data hyperservers that form the heart of a running Aureum system
Note After a resource has been added Aureum claims the complete resource Unusedportions of a resource are designated as spares and are used in case of a failure or expansion
1 The system locates all physical servers that have been booted using USB sticks and are currently indiscovery stateYou will see a list of the servers available for inclusion Use the filter to narrow your search by servername
2 Select the servers to add to Aureum
Servers scheduled for selection have a check mark to the left Select the box beside SERVER NAMEto select all servers in the list
3 Enter the required number of IP addresses or an IP range The number of IP addresses neededappears above the IP ADDRESSES entry box
The system determines the number of IP addresses needed to ensure that all Aureum componentscan communicate receiving requests and returning responses Addresses can be individual IPaddresses (xxxxxxxxxxxx) an IP address range (xxxxxxxxx - xxx) or an IP address with a wildcard(xxxxxxxxx) Separate the IP addresses with a space comma or newline
Install Aureum | 20
Aureum only supports IPv4 (the dotted quad format) For example
192168100419216810015-2019216873
4 Define the roles of the serversClick the ROLES column entry for a server and configure the servers to support either data accessor search (SolrCloud) While it is possible to configure a server to support both data access andsearch this setting is not recommended for a production deployment
Note Aureum 40 supports SolrCloud clusters with one or three nodes Aureum 40 doesnot support SolrCloud clusters with either two nodes or more than three nodes
5 Define the bonding for the network port cardsYou should see the same speed for all of the network interfaces (NICs) on this server Use the list ofall NICs that are bonded with the interfaces on this server to form your decision Inactive NICs arenoted as sucha) Click the ETHERNET column entry for the server whose bonding to configure
If the column text is red some interfaces are not bonded to the server If the text is blue allavailable interfaces are bonded
b) Place a check mark next to all of the interfaces to bond to this server Remove the check markfor those interfaces you do not want included in the bond
6 Optional Toggle the server beacon on or offBeacon signals guide you to the server in question This is often used when troubleshooting tolocate a specific server in a large group of servers
7 Click CONTINUEWait for the installation wizard to verify that the IP addresses you entered are valid and can beused The system assigns the IP addresses and sets the state to Pending
8 Click START INSTALLATIONThe button changes from START INSTALLATION to INSTALLATION IN PROGRESS The systemassigns the resources to Aureum and determines the necessary number of dedicated nodesneeded for the configuration The progress is displayed but you can also use the Log link to followindividual progress If some of the servers are not yet ready wait a few moments and retry
The installation process will take some time typically 10 to 20 minutes When complete the IPaddress in the browser will switch from the local IP of your workstation to the Aureum IP addressthat was entered earlier This signals the transition from the AMS you launched earlier (samsp) to theintegrated PMT that is now running on Aureum
The next step is to create a default storage class
Create a Default Storage ClassA storage class groups and manages data hyperservers with similar replication factors capabilitiesand performance configuration
You must configure at least one storage class to use as the default during the initial Aureumconfiguration You can create more storage classes at any time as long as you have the resourcesnecessary
1 You are presented with the create Initial Storage Class option2 Enter the required information to create the storage class
a) Type a name for the storage classClass names can be up to 14 text characters
b) Define the performance levelPerformance levels based on throughput and seek time Select the paired setting that is best foryour expected usage For the widest option select ldquoAnyrdquo
c) Set the replication factor
Install Aureum | 21
Remember all hyperservers assigned to this storage class will use these settings
Note You must include at least the same number of resources to create the specifiedreplication factor For example you cannot have a replication factor of three in anAureum system with only two servers
Because each replication requires some amount of storage the replication factor selectedaffects the amount of total storage available
Tip The Aureum data space is partitioned through all the data-capable hyperserversEach hyperserver can be configured to offer a specified replication factor This lets youstore vital data with high redundancy while more transient data can skip replication inorder to optimize storage and performance costs
d) Optional Enable flexible space allocationEnabling flexible storage space allows the members of the storage class to consume thecapacity needed When more storage space is needed more is allocated automaticallyregardless of the initial allocation Peaxy recommends this option for general use Some casesmight have different needs
e) Optional To make this the default storage class select YESAll data that does not meet the conditions in a specific data policy will be stored on the defaultstorage class (See data policies in the Aureum Administrator Guide)
3 Click CREATE STORAGE CLASS4 To complete the initial installation and configuration click FINALIZE AUREUM then click YES to
confirm the configuration is correct
Important After you click FINALIZE you must wait for the health indicator on the Aureumcard or list turn green before using Aureum
The Aureum installation is complete and the PMT shows the main Aureum window To configureadditional Aureum storage classes and data policies and to understand how to monitor Aureum seethe Aureum Administrator Guide
Define Outgoing Mail SettingsIn order for Aureum to send email notifications and provide lost password recovery you must tellAureum how to send email alerts
Important Configure outgoing email settings as soon as reasonably possible If you lose orforget your password Aureum cannot send reset instructions until you configure the emailsettings
1 Select EMAILER CONFIG from the SETUP WIZARD pane or from the Navigation menu select EMAILER
2 Type the email (SMTP) server to use when sending the emailThe email server must be accessible from Aureum
Install Aureum | 22
3 By default the system uses port 587 This is usually the right setting Only change the EMAILSERVER PORT if your organizations SMTP server requires it
4 Enter a valid user account and password that Aureum will use to send email from this server5 Optional SEND FROM is required only if your email server requires Transport Layer Security (TLS)
If this is the case type the SEND FROM email addressGenerally the recommended SEND FROM address is a working system administrator account
6 Click SAVE
Create a Client Registration UserThe Aureum client registration user and password allow client authentication at mount time
This allows you to create a custom account for authenticating client mounts
1 Click REGISTRATION2 Type a name for the user This will be the username that is authorized to type in the registration
password when an Aureum client is installed3 Type the client registration password This password is used to register the Aureum client for
authentication at mount time4 Click SAVE
Configure SecurityDefine define the level of security for client communication
1 Click SECURITY LEVEL2 Slide the controller to the level of security your data will use
3 Click ACCEPT
ConnectAn Aureum client mounts Aureum and allows access to folders and files Peaxy provides clientsoftware for Linux users and allows Windows users to access Aureum through a Windows share
The Linux-based client uses a FUSE component to remotely access Aureum services Almost all Linuxinstallations include FUSE so you should not need to do anything extra
The Aureum client has a small footprint A very limited set of memory and CPU cycles are needed toperform the client functions Also the Aureum client can be used concurrently with other clients forNFS and other network file systems
When you install the client the client drivers are added to the default system directories To accessthese directories use the mount command (more commonly known as mapping a drive in Windows)to mount the client to the directory
Install Aureum | 23
Mounting a client to an Aureum directory loads all the data structures necessary for the client tointeract with Aureum As the structures change Aureum updates them In order for a client to accessAureum all that is necessary is that the client know the IP address or URL to which the client willconnect and the client-Aureum registration password
Also available is the ability to join a Windows domain and create domain-authenticated users who canaccess different areas of Aureum
Linux Client-Aureum RegistrationThe minimum security level for Aureum is the authenticated mount To ensure that unauthorized usersdont gain access to data Peaxy provides an authenticated mount between Aureum Linux clients andAureum using certificates and registration
Note The process described in this section applies to Linux clients Windows domains userswith credentials from an Active Directory access Aureum through a Windows share
Security is always an important part of any system that provides data access especially when theaccess spans many users and locations Peaxy provides a registration process where the clientand server exchange certificates which are used to authenticate subsequent connections Theregistration provides a mutual authentication method between the client and Aureum allowing theclient access Only authenticated clients are allowed to mount Aureum Other clients cannot use thesame authentication as part of the certificate registration Aureum generates a client key pair that isunique to each client-Aureum connection
How It WorksThe AMS requires a dynamic registration at the initial mount time As part of the registration Aureumgenerates a key pair unique to each client This key pair is persistent so you do not need to re-register the client each time you mount Aureum
This initial registration is required the first time the client mounts Aureum and requires a specialregistration password that is unique to Aureum This password is entered by the Aureum administratorat the workstation on which the client is installed Subsequent client mounts use the client certificateissued during registration
Security LevelsAureum offers varying levels of security
The security level is visible on the Aureum card or list and is indicated in the SECURITY section by thenumber of total locks that are green Gray locks indicate how many additional security levels you canselect For example if there are four total locks and three are green your current security level is 3Message Integrity
bull Data Confidentiality all data in and out of Aureum is verified and encryptedbull Message Integrity message authentication codes verify message integritybull Kerberos Authentication use the Kerberos authentication protocol as the mechanism for
authentication between a client and a server or between one server and another serverbull Authenticated Mount use X509 certificates to mutually authenticate and validate all Aureum
clients and hyperservers in Aureum
Create an ExportCreate an export to allow Linux clients to mount and access Aureum
1 From the Navigation menu select SECURITY gt EXPORTS2 Type the export name3 In the EXPORT CONTENT IN field choose the data class to export
The IN DIRECTORY field automatically populates with the path specified by the chosen data classYou can extend this path but you cannot shorten it For example if the data class specifies the
Install Aureum | 24
engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the export5 Click CREATE6 To edit or delete an export click the corresponding entry in the list
bull To edit the export make the changes needed in the edit panel and click SAVE CHANGESbull To delete an export click the corresponding trash can icon ( ) and confirm the deletion
Install a Linux-based Aureum ClientYou install the Aureum client on physical hardware or on a workstation in the cloud Use the client tomount and access Aureum directories
Before installing the client make sure that your system meets the minimum requirements describedin the Requirements section of this document
Note Aureum uses FUSE in Direct IO mode for better performance The version of FUSErunning on older versions of CentOS Red Hat Enterprise Linux doesnt support mmap whenFUSE is being used this way This might cause some mmap functions such as ACCESS_WRITEMAP_SHARED and PROT_WRITE to fail You can use the mount flag --disable-direct-io-mode to disable Direct IO mode
If you choose to use Direct IO mmap will be disabled on CentOS56 and 57 since those versionsdont support mmap with direct IO Enabling this option will result in a significant performancedegradation on clients using this option Peaxy strongly recommends that you upgrade to a newerversion of Linux
Ensure FUSE and its dependencies have been installed on each client If it has not been installedinstall FUSE according to the instructions for the package you chose On CentOS for example installthis by typing
sudo yum -y install fusex86_64 fuse-develx86_64 fuse-libsx86_64
The version numbers for your installation may differ
If you have installed a version of the fuseko module that is not the Peaxy-specific version runadditional commands at the end of the installation process This prevents kernel-oops messages fromconsuming all of the space in the varspool directory These messages indicate a benign conditiondue to a Linux FUSE problem
Run the following commands
chkconfig --levels 2345 abrt-oops off service abrt-oops stop
Note The client installation sets the following values automatically
Parameter Value set to
netipv4tcp_tw_recycle 1
netipv4tcp_fin_timeout 2
netcorewmem_max 2097152
netcorermem_max 2097152
netcorewmem_default 2097152
netcorermem_default 2097152
Install Aureum | 25
1 Download the Aureum client file from the support section of the Peaxy website at wwwpeaxynetsupport (login is required)The file is downloaded as a targz package and contains an installer It has a name similar tohfclient-fuse-400ltbuildnumbergttargz
2 Unpack the distribution file by typing the following
tar -zxvf hfclient-fuse-400ltbuildnumbergttargz
You will see something like the following
hfclient-fuse-400hfclient-fuse-400setupshhfclient-fuse-400scriptshfclient-fuse-400scriptsupdatedbshhfclient-fuse-400scriptsc_rehashshhfclient-fuse-400scriptssysctlshhfclient-fuse-400scriptsunregshhfclient-fuse-400scriptsconfshhfclient-fuse-400binhfclient-fuse-400binfusehfCentOS-5xhfclient-fuse-400binfusehfhfclient-fuse-400confhfclient-fuse-400confhfconftgz
3 While logged in as root run setupsh installThe driver files are installed in the default system directories You will see something similar to thefollowing
sudo setupsh install
Installer for Peaxy Aureum Client version 40
Checking package contentsInstalling hf client binariesremoved `optpeaxy-40sbinfusehf`binfusehf -gt `optpeaxy-40sbinfusehfInstallation complete
Mount Aureum
Mount Aureum (Linux)After the client is installed use the mount command to mount Aureum
At a command prompt type
sudo mkdir -p ltmnt_pointgtsudo mount -t fusehf hfltmgmt_ipgt ltmnt_pointgt -o user=ltclient registration usernamegt
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is thedirectory that will serve as your local mount point for example mntpeaxy
If you omit -o user=ltclient_user_namegt you would be prompted for the password associatedwith the local admin account to complete the client registration Best practice is to always create aclient registration account and use that password
The first time you mount the client to Aureum you will be prompted for a registration passwordto allow client-Aureum authentication Type the client registration password Otherwise youradministrator must do this for you
Peaxy strongly recommends that you change the password often especially after typing the passwordfor a client registration
If you or your IT administrator have associated a DNS entry with the Aureum IP address you mightwant to use the DNS name as the name for your mount point
Install Aureum | 26
To configure the Aureum client to automatically mount on startup locate the etcfstab file andadd the line
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults 0 0
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is the localmount point for example mntpeaxy
Note If you are running CentOS 7 change this line to add the _netdev flag as below
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults_netdev 0 0
You can now use the Aureum client to access Aureum
Unregister a Linux Client from AureumYou can securely unregister an installed FUSE client from the Aureum system that it mounts
Removing the registration renders the client unable to access Aureum If you use the all option youwill need to perform a new registration setup before you can mount Aureum again
Unregistering a client is done by running the unregsh script Use the following procedure tounregister the client
1 On the workstation running the client open a command prompt2 Move to optpeaxybin the location of the script3 Run the script
bull Type sudo unregsh ltAureumgt to unregister the client from a specific Aureum systemReplace ltAureumgt with the Aureum system to unregister
bull Type sudo unregsh all to unregister the client from all Aureum systems on which theclient is registered
Note Peaxy strongly recommends using the all option before you decommission aclient workstation
Windows ConfigurationDomain users with credentials from an Active Directory can access Aureum through a share
After Aureum joins a domain it sets up network shares for chosen directories (including all containedsubdirectories) To domain users these shares look the same as any other folder that is accessible viathe network
Unlike an Aureum client which mounts to the root of the volume a share allows a user to exportsubdirectories for more granular access
Where to Find ItFrom the Navigation menu select SECURITY gt DOMAINS and SECURITY gt SHARES
Join a DomainBefore you can create a share you must join a Windows domain
You can pre-create a machine account in an Active Directory under a specified OU If you choose notto do so Aureum will try to add a computer account to the default location of ldquoComputersrdquo
Important If Aureum is already joined to a domain joining another domain will replace thejoin not add to it Aureum will only be joined to the most recently joined domain
1 From the Navigation menu select SECURITY gt DOMAINS2 Type the complete Windows domain to join for example engexamplecom3 Type the username with access to the domain The user must have the necessary permissions to
join Aureum to the domain4 Type the password associated with the username or access to modify an object in the OU if the
machine account was pre-created
Install Aureum | 27
5 In the NETBIOS NAME field set the Aureum computer account name you wish to be created in theActive Directory If Aureum is using a pre-created machine account in a specific OU then the nameyou specify here must match that name exactly
6 Click JOIN
After the domain has been joined the JOIN button changes to LEAVE To leave the domain clickLEAVE
Create a ShareCreate a share to allow Windows users to connect to Aureum
Before you can create a share you must join the appropriate domain
1 From the Navigation menu select SECURITY gt SHARES2 Type the name of the share3 In the SHARE CONTENT IN field choose the appropriate data class
The IN DIRECTORY field automatically populates with the path specified by the chosen data classYou can extend this path but you cannot shorten it For example if the data class specifies the engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the share5 Click CREATE
6 To edit or delete a share click the share to be modified
bull To edit the share make the changes needed in the edit panel and click SAVE CHANGESbull To delete the share click the trash can icon ( ) and confirm the deletion
Mount an Aureum Windows ShareDomain-authenticated users can mount and access Aureum directories using a share
After Aureum has been joined to a domain and the share has been created you can easily mount tothe share
The exact mount process is based on your workstation OS
Install Aureum | 28
If you do not already know it you can determine the mount point from Aureum by navigating to theJOIN DOMAIN page and using one of the listed public IP addresses as the mount point Include theshare name when mounting
Peaxy recommends that you take the list of public IP addresses and enter them into your DNS serverlisted under the Aureum NetBIOS name within the appropriate domain In cases where multipleaddresses are used the DNS server automatically round-robins the returned address This ensure thatclient connection load is distributed across the available nodes
As a Windows example to mount a drive letter to Aureum Type
net use ltdrive_lettergt ltpublic addressgtltshare namegt
where ltdrive_lettergt is the drive letter to assign to Aureum ltpublic_addressgt is the IP address usedto join the domain and ltshare_namegt is the share
You then log into the share using your domain-authenticated username and password For exampleMYDOMAINmyname
After mapping the drive access Aureum through Windows Explorer just like you would any otherdrive
If the share does not appear in the Windows Explorer after a change such as a system reboot occursrefresh the view using the Refresh icon ( ) The share should display correctly
You do not have to assign a share to a drive letter however In Windows Explorer type the public IPaddress and share name into the address bar Provide your username and password
POSIX ComplianceAureum provides a POSIX-compliant interface
Most of the Aureum interfaces are POSIX compliant and adhere to the IEEE standard The following isa list of exceptions to compliance
bull The directory nlink count is not incremented when a subdirectory is addedbull inode retention differs from the POSIX specification because there is no way to retain the original
inode number when a rename entails a move to a different device You can display the datahyperserver extent ID instead of the namespace hyperserver Node ID to the caller in the statfamily of calls This does not change when a file or directory is renamed It does change if the file ismigrated from one data hyperserver to another
bull If two mount points are held to the same Aureum and a file is closed on one Aureum does notremove a fcntl lock for the same file on another This is a variance on the way that NFS worksThe internal locking structures take into account the client ID which varies depending on the clientmount If there are two different mounts to a server Aureum treats them as separate machineswhich NFS does not
bull The file locking call flock() is emulated using POSIX byte range locks (fcntl() ) The POSIXcompliance specification does not cover flock() This implementation mirrors the behavior ofNFS The Aureum behavior is slightly different and varies from the POSIX specification as follows
1 As in NFS you must have write permissions to get a write lock2 As in NFS you cannot place both flock() and fcntl() locks on the same file as these locks
will conflict3 An flock() will not inherit across forks4 The flock() will be durable against other file closes but fcntl() locks will not behave within
the POSIX specification5 As well as being removed by an explicit f_unlock record locks are automatically released
when the process terminates or if it closes any file descriptor referring to a file on which locksare held This means that a process can lose the locks on a file like etcpasswd or etcmtab if a library function opens reads and closes it
Information and ResourcesThe latest news and information can always be found on the Peaxy website
Peaxy provides documents that are designed for different audiences These documents furnish acomprehensive explanation of Aureum and how to use it Additionally information is available fromtooltips Each field has a tooltip that adds explanations and any limitations for the item
The most current and accurate information available was included at the time this document wasprepared However changes may occur after the document is released Always read the ReleaseNotes for the most current information
Aureum Installation GuideA step-by-step guide to installing and configuring Aureum into your network
Aureum Administrator GuideA guide to understanding the Aureum architecture Provides details for planning configuring andmonitoring your implementation
Quickstart SeriesA series of two-page guides providing an abbreviated set of instructions for Aureum tasks Theycan be taken in order or used as reminders for individual tasks
Tech NotesSome technical issues are outside the scope of the regular documentation These are presented asTechnical Notes
Contact Peaxy9 am to 5 pm Pacific Standard Time
Main +1 (408) 441-6500
Support +1 (408) 763-3700
By phone
Support toll free US only +1 (844) 277-3299
General information infopeaxynet
Sales salespeaxynet
Support supportpeaxynet
By email
Documentation feedback feedbackpeaxynet
Online wwwpeaxynetsupport (login required)
Peaxy Inc
2380 Bering Dr
By mail
San Jose CA 95131 USA
LegalPeaxyreg and Aureumtrade are registered trademarks of Peaxy Inc
All other trademarks belong to their respective companies
CopyrightsThis document is copyright copy 2016 Peaxy Inc
Aureum software includes portions of the following
bull Amazon Web Services (AWS) Java SDK httpsawsamazoncomsdk-for-java and httpawsamazoncomapache-2-0
bull Apache License Version 20 January 2004bull BEOPEN PYTHON OPEN SOURCE LICENSE AGREEMENT VERSION 1bull BSD 3bull crc32 routine COPYRIGHT copy 1986 Gary S Brownbull Element Tree used under the Python licensebull Erlang Public License (EPL) a derivative work of the Mozilla Public License Now provided under
the Apache 20 licensebull GoogleAuth httpsgithubcomwstrangeGoogleAuthbull GNU Lesser General Public License Version 3 Copyright copy 2007 Free Software Foundation Inc
and GNU Lesser General Public License Version 21 Copyright copy 1999 Free Software FoundationInc
bull Samba is Free Software licensed under the GNU General Public License httpswwwsambaorgsambadocsGPLhtml the Samba project is a member of the Software Freedom Conservancy
bull JSON-C Copyright (c) 2009-2012 Eric Haszlakiewicz and Copyright (c) 2004-2005 MetaparadigmPte Ltd
bull Kerberos Copyright copy 1985-2009 now under the MIT 2 licensebull libcurl Copyright (c) 1996 - 2015 Daniel Stenbergdanielhaxxsebull lshow used under the GPL licensebull MIT (X11) Copyright copy 2007-2015bull RIAK Creative Commons (httpcreativecommonsorg licensesby30)bull Goldrush Copyright copy 2012 Magnus Klaarbull Meld Under ZPL licensebull NSIS (Nullsoft Scriptable Install System) copy 1999-2013bull OpenSSL License Copyright (c) 1998-2016 The OpenSSL Project and Original SSLeay License
Copyright (c) 1995-1998 Eric Youngbull Protobuf Copyright 2008 Google Inc now under the BSD 3 licensebull Setup Tools (setuptools-06c11) Under ZPL licensebull Sodium crypto library (libsodium) ISC license Copyright (c) 2013-2015 Frank Denisbull Solr the Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull TCL Copyright copy Regents of the University of California Sun Microsystems Inc Scriptics
Corporation and other partiesbull The Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull The Apache Tika project Copyright copy The Apache Software Foundationbull VirtualBox Copyright copy 2007 Oracle Corp as part of the GNU GPL V2 Licensebull YAWS Copyright copy 2006 Claes Wikstrom now under the BSD licensebull Apache zookeeper Under the Apache 2 license
Index | 35
Index
bdl license file 18
img 12
MD5 12
zip 12
A
access directories 24Active Directory 26add
resources 19servers 19
Admin 17administrator 17AMS 12 14 15 16Aureum IP address 11Aureum Manager 6 12 14Aureum name 18Aureum overview 5average file size 18
B
beacon turning on or off 19BIOS 15bonding network interface 19bootable USB 12 14browser 15button color 17
C
capacity 10 19CentOS 10checksum 12client registration 22clients 22configuration 11configure email 21connect 22contact 31create
export 23share 27
create Aureum 15create storage class 20
D
dedicated capacity 20dedicated nodes 5default storage class 20directory access 24discover resources 12 14 19discovery state Aureum nodes 12 14disk space required 10DNS server 11DNS servers 18documentation 31domain-authenticated user
domain 27
domain-authentication 22domain suffix 11download images 14
E
editsecurity level 22
emailer settings 21Ethernet
interface 10switch 10
exportCIFS 23create an export 23
F
files needed 12 14firewall 12flexible capacity 20flock 29FUSE 10
G
gateway 11 18
H
hardware requirements 10how to reach Peaxy 31
I
image copier 12 14import a license 18initial configuration 18inode retention 29install
client 24Linux client 24
introduction 5iptables 16
J
javarequired version 12 14
javaw 14
K
Kerberos 22 22 23
L
legal 33levels of security 23license files 18licenses 18
Index | 36
Linux client install 24localhost 15location 18
M
maintenance agreement 18management IP 15mapping 22mount Aureum 24 27mounting 22 22
N
namespace 18Navigation menu
configuration 11security 22
netBIOS 22NIC 19NTP server 11 18
O
outgoing email 21overview
architecture 6Aureum building blocks 6components 6
P
password 17password limitations 17ports 12POSIX compliance 29primary domain 18primary domain suffix 11
R
RAM requirements 10realms 22reboot 12 14recommended configuration 10Red Hat Enterprise Linux 10replication factor 11 18 20resources
needed 10run setup 16
S
samsp 12 14 16security 22 23security levels
security 22 23select the license 18SElinux 16sestatus 16set performance levels 20settings 11setup 16share
CIFS 27
create a share 27Share 26SMTP 17 21software files 14space needed 10storage class creating default 20subnet mask 11Support hours 31
T
tar ball 24time server 18time zone 11 18
U
USB 15USB stick 10 12 14user account 17
V
virtualization 6 15
W
what youll need 11Windows
domain 26join a domain 26share 27
Windows client 10
Y
yum 24
Install Aureum | 12
Item Description Exampleadditional replica of the data are saved providing higheravailability Valid options are 2 3 and 4
Use the appropriate replication factor for each storageclass to implement the best level of protection for criticaldata and to limit wasted consumption for sandboxes andother nonessential data For data that is not critical or forsandboxes you can choose a lower replication factor Usea high replication factor for data that is critical or accessedoften
Table 2 Emailer Settings
Item Description Example
Email server The name of the email server This is usually an SMTPserver
smtpgmailcom
Server port By default port 587 is used Only change this if corporateor security requirements demand it
587
Email serveraccount
Enter a valid email account Aureum uses this account tosend email notifications and replacement passwords
memycompanycom
Password The password that is associated with the valid emailaccount
Send from Only change this if your SMTP server allows it and yourcorporate requirements demand it Normally only serversusing TLS require this entry
memycompanycom
Port Requirements and Firewall SettingsBecause Aureum uses the network for traffic specific ports must be available
The following table describes the ports that must be open for Aureum traffic and client connections
Port Type Used for
53 DNS DNS
443 TCP Encrypted traffic
514 UDP Log Server
3033 TCP Statistic collection
8001 TCP Analytics server
8080 HTTP Windows client
8443 TCP Encrypted traffic
10011 UDP LinuxFUSE client
Prepare Aureum Installation Resources (Linux)The software is installed on each server resource that will become part of Aureum Aureum ishardware agnostic but there must be adequate resources to complete the installation Each serveruses a USB stick to install the software
Make sure that you have the required basic resources described in Resource Requirements Downloadthe software files from wwwpeaxynetsupport A login is required
Install Aureum | 13
1 Download the software installation files
bull Release-ltreleasenumbergtimg is the image to be copied to a USB stick that will initializethe hardware
bull Release-ltreleasenumbergtmd5 is the checksum file that validates the validity of the imagebull samsp-ltreleasenumbergtzip is a compressed file that contains the utilities to move the
image to the USB stick and for the initial configuration of Aureumbull The Aureum client file
bull hfclient-fuse-ltreleasenumbergttargz - the Aureum Linux client installation file2 From a command prompt on your workstation uncompress the installation files Type
sudo unzip samsp-ltreleasenumbergtzip -d tmp
3 As root launch the image copier Double click img-copiersh and click Run on the dialog thatappears
4 Browse to the software image you downloaded (the img file) and select this file
5 Type a label for the USB sticks
The label is used to identify the system during the initial installation and becomes the name of theserver on which it is installed If you use the same label on different sticks the software will add anumeric suffix when creating the host name for example HOST-01 HOST-02 and so on Labelscannot exceed 16 charactersYou can provide a different label for each USB stick but to do so you must copy the image file toeach stick individually
6 Insert the USB sticks into a port on your workstation or a hub connected to your workstation andthen click REFRESH to make them visible to the image copier tool Select the sticks you want fromthose displayed in the destination drives list The USB stick must be at least 2 GB
7 Leave Verify copy operation enabled Peaxy strongly recommends that you do not skip this step
Install Aureum | 14
Depending on the speed on the USB sticks it can take several minutes to complete theverification
8 Enable hypervisor protection if requiredEnable hypervisor protection if the underlying storage consists of non-redundant JBOD (acollection of hard disks that have not been configured to act as a RAID) This creates a softwareRAID 5 configuration for the container store used by AureumYou can disable hypervisor protection if you have a hardware RAID under the disk volumes Thisallows Aureum to use a higher-performing RAID 0 configuration instead
9 Click START10After the copy is complete click EXIT and remove the USB sticks from the workstation or USB hub
The USB stick now contains a bootable image of the Aureum installation software
Prepare Aureum Installation Resources (Windows)The software is installed on each server resource that will become part of Aureum Aureum ishardware agnostic but there must be adequate resources to complete the installation Each serveruses a USB stick to install the software
You must have administrator permissions to install the Aureum software
Your workstation must be running the Java Runtime Environment (JRE) 17 or higher installed in orderto run the image copier
Make sure that you have the required basic resources described in Resource Requirements Downloadthe software files from wwwpeaxynetsupport A login is required
1 Download the software installation files
bull Release-ltreleasenumbergtimg is the image to be copied to a USB stick that will initializethe hardware
bull Release-ltreleasenumbergtmd5 is the checksum file that validates the validity of the imagebull samsp-ltreleasenumbergtzip is a compressed file that contains the utilities to move the
image to the USB stick and for the initial configuration of Aureumbull The Aureum client file
bull hfclient-fuse-ltreleasenumbergttargz - the Aureum Linux client installation file2 On your Windows workstation move to the location of the zip file and unzip the file using any
uncompression program3 Move to the location of the uncompressed file and double-click the executable to start the
installation4 With administrator privileges launch the image copier Double-click img-copierbat
Install Aureum | 15
If the image copier does not launch properly you might need to add javaw to your path Refer toyour Windows Operating System help for instructions
5 Browse to the software image you downloaded (the img file) and select this file then click Run6 Type a label for the USB sticks
The label is used to identify the system during the initial installation and becomes the name of theserver on which it is installed If you use the same label on different USB sticks the software willadd a numeric suffix when creating the host name for example HOST-01 HOST-02 and so onLabels cannot exceed 16 charactersYou can provide a different label for each USB stick but to do so you must copy the image file toeach stick individually
7 Insert the USB sticks into a port on your workstation or a hub connected to your workstation andthen click REFRESH to make them visible to the image copier tool Select the sticks you want fromthose displayed in the destination drives list The USB stick must be at least 2 GB
8 Leave Verify copy operation enabled Peaxy strongly recommends that you do not skip this stepDepending on the speed on the USB sticks it can take several minutes to complete theverification
9 Enable hypervisor protection if requiredEnable hypervisor protection if the underlying storage consists of non-redundant JBOD (acollection of hard disks that have not been configured to act as a RAID) This creates a softwareRAID 5 configuration for the container store used by AureumYou can disable hypervisor protection if you have a hardware RAID under the disk volumes Thisallows Aureum to use a higher-performing RAID 0 configuration instead
10Click START11After the copy is complete click EXIT and remove the USB sticks from the workstation or USB hub
The USB stick now contains a bootable image of the installation software
Install the SoftwareThe installation software on the USB stick installs the Peaxy software and lets you create Aureum
1 Insert one prepared USB stick into each server Servers must have a console attached or beaccessible via an IPMI management tool
Install Aureum | 16
2 Apply power to the servers either individually or with a few seconds in between to complete the
next steps
Note If you have already configured your server to boot from USB skip steps 3 4 and 5
3 Enter the server BIOS and instruct the server to boot from the USB stickThe method used to enter the BIOS depends on the server
4 Ensure that the virtualization setting is enabled in the BIOS5 Save the BIOS changes and reboot the server from the USB stick
After the server has booted from the USB stick and launched the installation software you will seea message at the bottom of the screen telling you that the server is being prepared for installationThis boot process has placed the servers in a discoverable state this plays a role in the nextphase of the installation process
Continue the InstallationAfter the servers have been prepared and the software has been installed begin the configuration
1 On your workstation disable the firewall
On Red Hat Enterprise LinuxCentOS 7 systems use the following commands
systemctl stop firewalld
systemctl disable firewalld
On other Linux-based operating systems use the following commands
service iptables stop
service ip6tables stop
chkconfig ip6tables off only include this command if you want to permanently turn thefirewall off
chkconfig iptables off only include this command if you want to permanently turn thefirewall off
2 On your workstation disable SElinuxYou can check the status of SElinux with sestatus The result should appear as SELinuxstatus disabledIf you do not see disabled
1 Edit etcselinuxconfig and set the SELINUX variable to disabled2 Reboot your client workstation
3 On the workstation launch the Aureum installation management tool Type
sudo tmpsamsp-400ltversiongtsamspsh
Install Aureum | 17
You should see something similar to the following
Launching Management Server Platform version 400rootOpen your browser and enter the URL httpslocalhost to continueDo not terminate samsp it is required to complete cluster configurationYou can view tmpsamsp-40010872logmsplog for detailed progress activity
Important Do not terminate samsp because it is needed to complete clusterconfiguration
4 Open a browser and type
httpslocalhost If you are running the browser on the same workstation running the stand alone MSP orhttpsltip addressgt IP address of the workstation running the standalone MSP
This launches the Peaxy Management Tool If prompted accept the self-signed Peaxy certificate
After the initial setup is complete the IP address changes in the browser address bar This isexpected and correct behavior Now the installation portion of the AMS exits and the integratedAureum manager becomes active
In the next step the Aureum manager guides you through the initial configuration process
Create an Admin AccountThe first step in configuring a new Aureum system is to supply the details for the Admin account Afterthe installation process is complete and Aureum is up and running the Admin account is used to loginto the Aureum web UI (PMT) to perform additional administration tasks such as creating other useraccounts and a client registration password
Important The Admin account has access to critical areas of Aureum Ensure that the Adminaccount is secure
1 Type an email address for the accountThe AMS verifies that the email address is formatted correctly but does not check the validity ofthe email address itself This is the email address to which emails are sent
Note When setting the outgoing mailer settings the use of a customized email addressis highly dependent on the mail server While it might be possible to use a custom emailSEND FROM address many mail servers (such as Gmail) do not allow sending email usinganything other than the registered user account name
2 Type a user name for the accountThe user name must be between 3 and 32 characters and can contain letters numbers dots ()and at signs ()
3 Type a password to be associated with the user name in the previous stepPasswords are case sensitive and should be secure Best practice shows that you should changepasswords regularly
4 Confirm the password by retyping the password exactly as you entered it aboveWhen all of the fields are complete and have the correct format the SUBMIT button turns fromgray to blue
5 Click SUBMIT
The user account information is now created and stored
Important Set up the outgoing emailer settings as soon as possible after completinginstallation of Aureum If you forget or lose your password Aureum cannot send you a newone until the outgoing email is configured
Install Aureum | 18
The next step is to import the Aureum license
Import an Aureum LicenseImporting the license for an Aureum instance activates the Peaxy software License types are assignedto the Admin account that you created at the beginning of the installation
Before you create an Aureum system make sure that you have received your license from Peaxy andthat the license details are correct
Each time you create an Aureum instance you must import a license
1 Select the license to import or drag it onto the files areaThe license is a bdl file that contains all of the files needed to install the license
2 Click IMPORT3 The system installs the license and continues to the next step
Provide Aureum InformationDefining a few basic configuration items is the first step in setting up Aureum
During the first steps of the initial configuration you provide the basic information needed to createAureum its components and the namespace details
1 Enter the Network settingsa) Enter the gateway addressb) Enter the subnet maskc) Enter the primary DNS domain suffix and up to three DNS server addresses
DNS servers must be entered as IP addresses Each DNS server is on a separate line2 Enter the General settings
a) Enter a name for this Aureum instanceNames can be up to 14 characters and can contain letters numbers dashes and underscores
b) Optional Enter a location for the Aureum system for example ldquodatacenterrdquo or ldquoPhoenixofficerdquo
c) Enter the Aureum IP addressd) Optional Enter up to three NTP servers
Including an NTP server ensures that the time stamp for Aureum is always correcte) Select the time zone to use from the drop-down menu
This ensures that all nodes in Aureum use the same time zone3 Define the Namespace settings
Install Aureum | 19
a) Select the average file size that you expect Aureum to containYour expected average file size selection is used by Aureum to determine the most efficientdistribution of hyperservers Aureum uses the selection you make here to determine theestimated ratio of namespace hyperservers to data hyperservers
b) Set the default namespace replication factor from 2 to 4The namespace replication factor is the number of replicas that Aureum creates for thenamespace
4 Click CONTINUE
Add resources to Aureum You can also click CANCEL to cancel the installation
Add ResourcesResources refer to the physical servers that will make up Aureum These can be any commodity serversuch as a 1U or 2U server with any number and size of disks These resources are used to build thenamespace and data hyperservers that form the heart of a running Aureum system
Note After a resource has been added Aureum claims the complete resource Unusedportions of a resource are designated as spares and are used in case of a failure or expansion
1 The system locates all physical servers that have been booted using USB sticks and are currently indiscovery stateYou will see a list of the servers available for inclusion Use the filter to narrow your search by servername
2 Select the servers to add to Aureum
Servers scheduled for selection have a check mark to the left Select the box beside SERVER NAMEto select all servers in the list
3 Enter the required number of IP addresses or an IP range The number of IP addresses neededappears above the IP ADDRESSES entry box
The system determines the number of IP addresses needed to ensure that all Aureum componentscan communicate receiving requests and returning responses Addresses can be individual IPaddresses (xxxxxxxxxxxx) an IP address range (xxxxxxxxx - xxx) or an IP address with a wildcard(xxxxxxxxx) Separate the IP addresses with a space comma or newline
Install Aureum | 20
Aureum only supports IPv4 (the dotted quad format) For example
192168100419216810015-2019216873
4 Define the roles of the serversClick the ROLES column entry for a server and configure the servers to support either data accessor search (SolrCloud) While it is possible to configure a server to support both data access andsearch this setting is not recommended for a production deployment
Note Aureum 40 supports SolrCloud clusters with one or three nodes Aureum 40 doesnot support SolrCloud clusters with either two nodes or more than three nodes
5 Define the bonding for the network port cardsYou should see the same speed for all of the network interfaces (NICs) on this server Use the list ofall NICs that are bonded with the interfaces on this server to form your decision Inactive NICs arenoted as sucha) Click the ETHERNET column entry for the server whose bonding to configure
If the column text is red some interfaces are not bonded to the server If the text is blue allavailable interfaces are bonded
b) Place a check mark next to all of the interfaces to bond to this server Remove the check markfor those interfaces you do not want included in the bond
6 Optional Toggle the server beacon on or offBeacon signals guide you to the server in question This is often used when troubleshooting tolocate a specific server in a large group of servers
7 Click CONTINUEWait for the installation wizard to verify that the IP addresses you entered are valid and can beused The system assigns the IP addresses and sets the state to Pending
8 Click START INSTALLATIONThe button changes from START INSTALLATION to INSTALLATION IN PROGRESS The systemassigns the resources to Aureum and determines the necessary number of dedicated nodesneeded for the configuration The progress is displayed but you can also use the Log link to followindividual progress If some of the servers are not yet ready wait a few moments and retry
The installation process will take some time typically 10 to 20 minutes When complete the IPaddress in the browser will switch from the local IP of your workstation to the Aureum IP addressthat was entered earlier This signals the transition from the AMS you launched earlier (samsp) to theintegrated PMT that is now running on Aureum
The next step is to create a default storage class
Create a Default Storage ClassA storage class groups and manages data hyperservers with similar replication factors capabilitiesand performance configuration
You must configure at least one storage class to use as the default during the initial Aureumconfiguration You can create more storage classes at any time as long as you have the resourcesnecessary
1 You are presented with the create Initial Storage Class option2 Enter the required information to create the storage class
a) Type a name for the storage classClass names can be up to 14 text characters
b) Define the performance levelPerformance levels based on throughput and seek time Select the paired setting that is best foryour expected usage For the widest option select ldquoAnyrdquo
c) Set the replication factor
Install Aureum | 21
Remember all hyperservers assigned to this storage class will use these settings
Note You must include at least the same number of resources to create the specifiedreplication factor For example you cannot have a replication factor of three in anAureum system with only two servers
Because each replication requires some amount of storage the replication factor selectedaffects the amount of total storage available
Tip The Aureum data space is partitioned through all the data-capable hyperserversEach hyperserver can be configured to offer a specified replication factor This lets youstore vital data with high redundancy while more transient data can skip replication inorder to optimize storage and performance costs
d) Optional Enable flexible space allocationEnabling flexible storage space allows the members of the storage class to consume thecapacity needed When more storage space is needed more is allocated automaticallyregardless of the initial allocation Peaxy recommends this option for general use Some casesmight have different needs
e) Optional To make this the default storage class select YESAll data that does not meet the conditions in a specific data policy will be stored on the defaultstorage class (See data policies in the Aureum Administrator Guide)
3 Click CREATE STORAGE CLASS4 To complete the initial installation and configuration click FINALIZE AUREUM then click YES to
confirm the configuration is correct
Important After you click FINALIZE you must wait for the health indicator on the Aureumcard or list turn green before using Aureum
The Aureum installation is complete and the PMT shows the main Aureum window To configureadditional Aureum storage classes and data policies and to understand how to monitor Aureum seethe Aureum Administrator Guide
Define Outgoing Mail SettingsIn order for Aureum to send email notifications and provide lost password recovery you must tellAureum how to send email alerts
Important Configure outgoing email settings as soon as reasonably possible If you lose orforget your password Aureum cannot send reset instructions until you configure the emailsettings
1 Select EMAILER CONFIG from the SETUP WIZARD pane or from the Navigation menu select EMAILER
2 Type the email (SMTP) server to use when sending the emailThe email server must be accessible from Aureum
Install Aureum | 22
3 By default the system uses port 587 This is usually the right setting Only change the EMAILSERVER PORT if your organizations SMTP server requires it
4 Enter a valid user account and password that Aureum will use to send email from this server5 Optional SEND FROM is required only if your email server requires Transport Layer Security (TLS)
If this is the case type the SEND FROM email addressGenerally the recommended SEND FROM address is a working system administrator account
6 Click SAVE
Create a Client Registration UserThe Aureum client registration user and password allow client authentication at mount time
This allows you to create a custom account for authenticating client mounts
1 Click REGISTRATION2 Type a name for the user This will be the username that is authorized to type in the registration
password when an Aureum client is installed3 Type the client registration password This password is used to register the Aureum client for
authentication at mount time4 Click SAVE
Configure SecurityDefine define the level of security for client communication
1 Click SECURITY LEVEL2 Slide the controller to the level of security your data will use
3 Click ACCEPT
ConnectAn Aureum client mounts Aureum and allows access to folders and files Peaxy provides clientsoftware for Linux users and allows Windows users to access Aureum through a Windows share
The Linux-based client uses a FUSE component to remotely access Aureum services Almost all Linuxinstallations include FUSE so you should not need to do anything extra
The Aureum client has a small footprint A very limited set of memory and CPU cycles are needed toperform the client functions Also the Aureum client can be used concurrently with other clients forNFS and other network file systems
When you install the client the client drivers are added to the default system directories To accessthese directories use the mount command (more commonly known as mapping a drive in Windows)to mount the client to the directory
Install Aureum | 23
Mounting a client to an Aureum directory loads all the data structures necessary for the client tointeract with Aureum As the structures change Aureum updates them In order for a client to accessAureum all that is necessary is that the client know the IP address or URL to which the client willconnect and the client-Aureum registration password
Also available is the ability to join a Windows domain and create domain-authenticated users who canaccess different areas of Aureum
Linux Client-Aureum RegistrationThe minimum security level for Aureum is the authenticated mount To ensure that unauthorized usersdont gain access to data Peaxy provides an authenticated mount between Aureum Linux clients andAureum using certificates and registration
Note The process described in this section applies to Linux clients Windows domains userswith credentials from an Active Directory access Aureum through a Windows share
Security is always an important part of any system that provides data access especially when theaccess spans many users and locations Peaxy provides a registration process where the clientand server exchange certificates which are used to authenticate subsequent connections Theregistration provides a mutual authentication method between the client and Aureum allowing theclient access Only authenticated clients are allowed to mount Aureum Other clients cannot use thesame authentication as part of the certificate registration Aureum generates a client key pair that isunique to each client-Aureum connection
How It WorksThe AMS requires a dynamic registration at the initial mount time As part of the registration Aureumgenerates a key pair unique to each client This key pair is persistent so you do not need to re-register the client each time you mount Aureum
This initial registration is required the first time the client mounts Aureum and requires a specialregistration password that is unique to Aureum This password is entered by the Aureum administratorat the workstation on which the client is installed Subsequent client mounts use the client certificateissued during registration
Security LevelsAureum offers varying levels of security
The security level is visible on the Aureum card or list and is indicated in the SECURITY section by thenumber of total locks that are green Gray locks indicate how many additional security levels you canselect For example if there are four total locks and three are green your current security level is 3Message Integrity
bull Data Confidentiality all data in and out of Aureum is verified and encryptedbull Message Integrity message authentication codes verify message integritybull Kerberos Authentication use the Kerberos authentication protocol as the mechanism for
authentication between a client and a server or between one server and another serverbull Authenticated Mount use X509 certificates to mutually authenticate and validate all Aureum
clients and hyperservers in Aureum
Create an ExportCreate an export to allow Linux clients to mount and access Aureum
1 From the Navigation menu select SECURITY gt EXPORTS2 Type the export name3 In the EXPORT CONTENT IN field choose the data class to export
The IN DIRECTORY field automatically populates with the path specified by the chosen data classYou can extend this path but you cannot shorten it For example if the data class specifies the
Install Aureum | 24
engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the export5 Click CREATE6 To edit or delete an export click the corresponding entry in the list
bull To edit the export make the changes needed in the edit panel and click SAVE CHANGESbull To delete an export click the corresponding trash can icon ( ) and confirm the deletion
Install a Linux-based Aureum ClientYou install the Aureum client on physical hardware or on a workstation in the cloud Use the client tomount and access Aureum directories
Before installing the client make sure that your system meets the minimum requirements describedin the Requirements section of this document
Note Aureum uses FUSE in Direct IO mode for better performance The version of FUSErunning on older versions of CentOS Red Hat Enterprise Linux doesnt support mmap whenFUSE is being used this way This might cause some mmap functions such as ACCESS_WRITEMAP_SHARED and PROT_WRITE to fail You can use the mount flag --disable-direct-io-mode to disable Direct IO mode
If you choose to use Direct IO mmap will be disabled on CentOS56 and 57 since those versionsdont support mmap with direct IO Enabling this option will result in a significant performancedegradation on clients using this option Peaxy strongly recommends that you upgrade to a newerversion of Linux
Ensure FUSE and its dependencies have been installed on each client If it has not been installedinstall FUSE according to the instructions for the package you chose On CentOS for example installthis by typing
sudo yum -y install fusex86_64 fuse-develx86_64 fuse-libsx86_64
The version numbers for your installation may differ
If you have installed a version of the fuseko module that is not the Peaxy-specific version runadditional commands at the end of the installation process This prevents kernel-oops messages fromconsuming all of the space in the varspool directory These messages indicate a benign conditiondue to a Linux FUSE problem
Run the following commands
chkconfig --levels 2345 abrt-oops off service abrt-oops stop
Note The client installation sets the following values automatically
Parameter Value set to
netipv4tcp_tw_recycle 1
netipv4tcp_fin_timeout 2
netcorewmem_max 2097152
netcorermem_max 2097152
netcorewmem_default 2097152
netcorermem_default 2097152
Install Aureum | 25
1 Download the Aureum client file from the support section of the Peaxy website at wwwpeaxynetsupport (login is required)The file is downloaded as a targz package and contains an installer It has a name similar tohfclient-fuse-400ltbuildnumbergttargz
2 Unpack the distribution file by typing the following
tar -zxvf hfclient-fuse-400ltbuildnumbergttargz
You will see something like the following
hfclient-fuse-400hfclient-fuse-400setupshhfclient-fuse-400scriptshfclient-fuse-400scriptsupdatedbshhfclient-fuse-400scriptsc_rehashshhfclient-fuse-400scriptssysctlshhfclient-fuse-400scriptsunregshhfclient-fuse-400scriptsconfshhfclient-fuse-400binhfclient-fuse-400binfusehfCentOS-5xhfclient-fuse-400binfusehfhfclient-fuse-400confhfclient-fuse-400confhfconftgz
3 While logged in as root run setupsh installThe driver files are installed in the default system directories You will see something similar to thefollowing
sudo setupsh install
Installer for Peaxy Aureum Client version 40
Checking package contentsInstalling hf client binariesremoved `optpeaxy-40sbinfusehf`binfusehf -gt `optpeaxy-40sbinfusehfInstallation complete
Mount Aureum
Mount Aureum (Linux)After the client is installed use the mount command to mount Aureum
At a command prompt type
sudo mkdir -p ltmnt_pointgtsudo mount -t fusehf hfltmgmt_ipgt ltmnt_pointgt -o user=ltclient registration usernamegt
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is thedirectory that will serve as your local mount point for example mntpeaxy
If you omit -o user=ltclient_user_namegt you would be prompted for the password associatedwith the local admin account to complete the client registration Best practice is to always create aclient registration account and use that password
The first time you mount the client to Aureum you will be prompted for a registration passwordto allow client-Aureum authentication Type the client registration password Otherwise youradministrator must do this for you
Peaxy strongly recommends that you change the password often especially after typing the passwordfor a client registration
If you or your IT administrator have associated a DNS entry with the Aureum IP address you mightwant to use the DNS name as the name for your mount point
Install Aureum | 26
To configure the Aureum client to automatically mount on startup locate the etcfstab file andadd the line
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults 0 0
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is the localmount point for example mntpeaxy
Note If you are running CentOS 7 change this line to add the _netdev flag as below
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults_netdev 0 0
You can now use the Aureum client to access Aureum
Unregister a Linux Client from AureumYou can securely unregister an installed FUSE client from the Aureum system that it mounts
Removing the registration renders the client unable to access Aureum If you use the all option youwill need to perform a new registration setup before you can mount Aureum again
Unregistering a client is done by running the unregsh script Use the following procedure tounregister the client
1 On the workstation running the client open a command prompt2 Move to optpeaxybin the location of the script3 Run the script
bull Type sudo unregsh ltAureumgt to unregister the client from a specific Aureum systemReplace ltAureumgt with the Aureum system to unregister
bull Type sudo unregsh all to unregister the client from all Aureum systems on which theclient is registered
Note Peaxy strongly recommends using the all option before you decommission aclient workstation
Windows ConfigurationDomain users with credentials from an Active Directory can access Aureum through a share
After Aureum joins a domain it sets up network shares for chosen directories (including all containedsubdirectories) To domain users these shares look the same as any other folder that is accessible viathe network
Unlike an Aureum client which mounts to the root of the volume a share allows a user to exportsubdirectories for more granular access
Where to Find ItFrom the Navigation menu select SECURITY gt DOMAINS and SECURITY gt SHARES
Join a DomainBefore you can create a share you must join a Windows domain
You can pre-create a machine account in an Active Directory under a specified OU If you choose notto do so Aureum will try to add a computer account to the default location of ldquoComputersrdquo
Important If Aureum is already joined to a domain joining another domain will replace thejoin not add to it Aureum will only be joined to the most recently joined domain
1 From the Navigation menu select SECURITY gt DOMAINS2 Type the complete Windows domain to join for example engexamplecom3 Type the username with access to the domain The user must have the necessary permissions to
join Aureum to the domain4 Type the password associated with the username or access to modify an object in the OU if the
machine account was pre-created
Install Aureum | 27
5 In the NETBIOS NAME field set the Aureum computer account name you wish to be created in theActive Directory If Aureum is using a pre-created machine account in a specific OU then the nameyou specify here must match that name exactly
6 Click JOIN
After the domain has been joined the JOIN button changes to LEAVE To leave the domain clickLEAVE
Create a ShareCreate a share to allow Windows users to connect to Aureum
Before you can create a share you must join the appropriate domain
1 From the Navigation menu select SECURITY gt SHARES2 Type the name of the share3 In the SHARE CONTENT IN field choose the appropriate data class
The IN DIRECTORY field automatically populates with the path specified by the chosen data classYou can extend this path but you cannot shorten it For example if the data class specifies the engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the share5 Click CREATE
6 To edit or delete a share click the share to be modified
bull To edit the share make the changes needed in the edit panel and click SAVE CHANGESbull To delete the share click the trash can icon ( ) and confirm the deletion
Mount an Aureum Windows ShareDomain-authenticated users can mount and access Aureum directories using a share
After Aureum has been joined to a domain and the share has been created you can easily mount tothe share
The exact mount process is based on your workstation OS
Install Aureum | 28
If you do not already know it you can determine the mount point from Aureum by navigating to theJOIN DOMAIN page and using one of the listed public IP addresses as the mount point Include theshare name when mounting
Peaxy recommends that you take the list of public IP addresses and enter them into your DNS serverlisted under the Aureum NetBIOS name within the appropriate domain In cases where multipleaddresses are used the DNS server automatically round-robins the returned address This ensure thatclient connection load is distributed across the available nodes
As a Windows example to mount a drive letter to Aureum Type
net use ltdrive_lettergt ltpublic addressgtltshare namegt
where ltdrive_lettergt is the drive letter to assign to Aureum ltpublic_addressgt is the IP address usedto join the domain and ltshare_namegt is the share
You then log into the share using your domain-authenticated username and password For exampleMYDOMAINmyname
After mapping the drive access Aureum through Windows Explorer just like you would any otherdrive
If the share does not appear in the Windows Explorer after a change such as a system reboot occursrefresh the view using the Refresh icon ( ) The share should display correctly
You do not have to assign a share to a drive letter however In Windows Explorer type the public IPaddress and share name into the address bar Provide your username and password
POSIX ComplianceAureum provides a POSIX-compliant interface
Most of the Aureum interfaces are POSIX compliant and adhere to the IEEE standard The following isa list of exceptions to compliance
bull The directory nlink count is not incremented when a subdirectory is addedbull inode retention differs from the POSIX specification because there is no way to retain the original
inode number when a rename entails a move to a different device You can display the datahyperserver extent ID instead of the namespace hyperserver Node ID to the caller in the statfamily of calls This does not change when a file or directory is renamed It does change if the file ismigrated from one data hyperserver to another
bull If two mount points are held to the same Aureum and a file is closed on one Aureum does notremove a fcntl lock for the same file on another This is a variance on the way that NFS worksThe internal locking structures take into account the client ID which varies depending on the clientmount If there are two different mounts to a server Aureum treats them as separate machineswhich NFS does not
bull The file locking call flock() is emulated using POSIX byte range locks (fcntl() ) The POSIXcompliance specification does not cover flock() This implementation mirrors the behavior ofNFS The Aureum behavior is slightly different and varies from the POSIX specification as follows
1 As in NFS you must have write permissions to get a write lock2 As in NFS you cannot place both flock() and fcntl() locks on the same file as these locks
will conflict3 An flock() will not inherit across forks4 The flock() will be durable against other file closes but fcntl() locks will not behave within
the POSIX specification5 As well as being removed by an explicit f_unlock record locks are automatically released
when the process terminates or if it closes any file descriptor referring to a file on which locksare held This means that a process can lose the locks on a file like etcpasswd or etcmtab if a library function opens reads and closes it
Information and ResourcesThe latest news and information can always be found on the Peaxy website
Peaxy provides documents that are designed for different audiences These documents furnish acomprehensive explanation of Aureum and how to use it Additionally information is available fromtooltips Each field has a tooltip that adds explanations and any limitations for the item
The most current and accurate information available was included at the time this document wasprepared However changes may occur after the document is released Always read the ReleaseNotes for the most current information
Aureum Installation GuideA step-by-step guide to installing and configuring Aureum into your network
Aureum Administrator GuideA guide to understanding the Aureum architecture Provides details for planning configuring andmonitoring your implementation
Quickstart SeriesA series of two-page guides providing an abbreviated set of instructions for Aureum tasks Theycan be taken in order or used as reminders for individual tasks
Tech NotesSome technical issues are outside the scope of the regular documentation These are presented asTechnical Notes
Contact Peaxy9 am to 5 pm Pacific Standard Time
Main +1 (408) 441-6500
Support +1 (408) 763-3700
By phone
Support toll free US only +1 (844) 277-3299
General information infopeaxynet
Sales salespeaxynet
Support supportpeaxynet
By email
Documentation feedback feedbackpeaxynet
Online wwwpeaxynetsupport (login required)
Peaxy Inc
2380 Bering Dr
By mail
San Jose CA 95131 USA
LegalPeaxyreg and Aureumtrade are registered trademarks of Peaxy Inc
All other trademarks belong to their respective companies
CopyrightsThis document is copyright copy 2016 Peaxy Inc
Aureum software includes portions of the following
bull Amazon Web Services (AWS) Java SDK httpsawsamazoncomsdk-for-java and httpawsamazoncomapache-2-0
bull Apache License Version 20 January 2004bull BEOPEN PYTHON OPEN SOURCE LICENSE AGREEMENT VERSION 1bull BSD 3bull crc32 routine COPYRIGHT copy 1986 Gary S Brownbull Element Tree used under the Python licensebull Erlang Public License (EPL) a derivative work of the Mozilla Public License Now provided under
the Apache 20 licensebull GoogleAuth httpsgithubcomwstrangeGoogleAuthbull GNU Lesser General Public License Version 3 Copyright copy 2007 Free Software Foundation Inc
and GNU Lesser General Public License Version 21 Copyright copy 1999 Free Software FoundationInc
bull Samba is Free Software licensed under the GNU General Public License httpswwwsambaorgsambadocsGPLhtml the Samba project is a member of the Software Freedom Conservancy
bull JSON-C Copyright (c) 2009-2012 Eric Haszlakiewicz and Copyright (c) 2004-2005 MetaparadigmPte Ltd
bull Kerberos Copyright copy 1985-2009 now under the MIT 2 licensebull libcurl Copyright (c) 1996 - 2015 Daniel Stenbergdanielhaxxsebull lshow used under the GPL licensebull MIT (X11) Copyright copy 2007-2015bull RIAK Creative Commons (httpcreativecommonsorg licensesby30)bull Goldrush Copyright copy 2012 Magnus Klaarbull Meld Under ZPL licensebull NSIS (Nullsoft Scriptable Install System) copy 1999-2013bull OpenSSL License Copyright (c) 1998-2016 The OpenSSL Project and Original SSLeay License
Copyright (c) 1995-1998 Eric Youngbull Protobuf Copyright 2008 Google Inc now under the BSD 3 licensebull Setup Tools (setuptools-06c11) Under ZPL licensebull Sodium crypto library (libsodium) ISC license Copyright (c) 2013-2015 Frank Denisbull Solr the Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull TCL Copyright copy Regents of the University of California Sun Microsystems Inc Scriptics
Corporation and other partiesbull The Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull The Apache Tika project Copyright copy The Apache Software Foundationbull VirtualBox Copyright copy 2007 Oracle Corp as part of the GNU GPL V2 Licensebull YAWS Copyright copy 2006 Claes Wikstrom now under the BSD licensebull Apache zookeeper Under the Apache 2 license
Index | 35
Index
bdl license file 18
img 12
MD5 12
zip 12
A
access directories 24Active Directory 26add
resources 19servers 19
Admin 17administrator 17AMS 12 14 15 16Aureum IP address 11Aureum Manager 6 12 14Aureum name 18Aureum overview 5average file size 18
B
beacon turning on or off 19BIOS 15bonding network interface 19bootable USB 12 14browser 15button color 17
C
capacity 10 19CentOS 10checksum 12client registration 22clients 22configuration 11configure email 21connect 22contact 31create
export 23share 27
create Aureum 15create storage class 20
D
dedicated capacity 20dedicated nodes 5default storage class 20directory access 24discover resources 12 14 19discovery state Aureum nodes 12 14disk space required 10DNS server 11DNS servers 18documentation 31domain-authenticated user
domain 27
domain-authentication 22domain suffix 11download images 14
E
editsecurity level 22
emailer settings 21Ethernet
interface 10switch 10
exportCIFS 23create an export 23
F
files needed 12 14firewall 12flexible capacity 20flock 29FUSE 10
G
gateway 11 18
H
hardware requirements 10how to reach Peaxy 31
I
image copier 12 14import a license 18initial configuration 18inode retention 29install
client 24Linux client 24
introduction 5iptables 16
J
javarequired version 12 14
javaw 14
K
Kerberos 22 22 23
L
legal 33levels of security 23license files 18licenses 18
Index | 36
Linux client install 24localhost 15location 18
M
maintenance agreement 18management IP 15mapping 22mount Aureum 24 27mounting 22 22
N
namespace 18Navigation menu
configuration 11security 22
netBIOS 22NIC 19NTP server 11 18
O
outgoing email 21overview
architecture 6Aureum building blocks 6components 6
P
password 17password limitations 17ports 12POSIX compliance 29primary domain 18primary domain suffix 11
R
RAM requirements 10realms 22reboot 12 14recommended configuration 10Red Hat Enterprise Linux 10replication factor 11 18 20resources
needed 10run setup 16
S
samsp 12 14 16security 22 23security levels
security 22 23select the license 18SElinux 16sestatus 16set performance levels 20settings 11setup 16share
CIFS 27
create a share 27Share 26SMTP 17 21software files 14space needed 10storage class creating default 20subnet mask 11Support hours 31
T
tar ball 24time server 18time zone 11 18
U
USB 15USB stick 10 12 14user account 17
V
virtualization 6 15
W
what youll need 11Windows
domain 26join a domain 26share 27
Windows client 10
Y
yum 24
Install Aureum | 13
1 Download the software installation files
bull Release-ltreleasenumbergtimg is the image to be copied to a USB stick that will initializethe hardware
bull Release-ltreleasenumbergtmd5 is the checksum file that validates the validity of the imagebull samsp-ltreleasenumbergtzip is a compressed file that contains the utilities to move the
image to the USB stick and for the initial configuration of Aureumbull The Aureum client file
bull hfclient-fuse-ltreleasenumbergttargz - the Aureum Linux client installation file2 From a command prompt on your workstation uncompress the installation files Type
sudo unzip samsp-ltreleasenumbergtzip -d tmp
3 As root launch the image copier Double click img-copiersh and click Run on the dialog thatappears
4 Browse to the software image you downloaded (the img file) and select this file
5 Type a label for the USB sticks
The label is used to identify the system during the initial installation and becomes the name of theserver on which it is installed If you use the same label on different sticks the software will add anumeric suffix when creating the host name for example HOST-01 HOST-02 and so on Labelscannot exceed 16 charactersYou can provide a different label for each USB stick but to do so you must copy the image file toeach stick individually
6 Insert the USB sticks into a port on your workstation or a hub connected to your workstation andthen click REFRESH to make them visible to the image copier tool Select the sticks you want fromthose displayed in the destination drives list The USB stick must be at least 2 GB
7 Leave Verify copy operation enabled Peaxy strongly recommends that you do not skip this step
Install Aureum | 14
Depending on the speed on the USB sticks it can take several minutes to complete theverification
8 Enable hypervisor protection if requiredEnable hypervisor protection if the underlying storage consists of non-redundant JBOD (acollection of hard disks that have not been configured to act as a RAID) This creates a softwareRAID 5 configuration for the container store used by AureumYou can disable hypervisor protection if you have a hardware RAID under the disk volumes Thisallows Aureum to use a higher-performing RAID 0 configuration instead
9 Click START10After the copy is complete click EXIT and remove the USB sticks from the workstation or USB hub
The USB stick now contains a bootable image of the Aureum installation software
Prepare Aureum Installation Resources (Windows)The software is installed on each server resource that will become part of Aureum Aureum ishardware agnostic but there must be adequate resources to complete the installation Each serveruses a USB stick to install the software
You must have administrator permissions to install the Aureum software
Your workstation must be running the Java Runtime Environment (JRE) 17 or higher installed in orderto run the image copier
Make sure that you have the required basic resources described in Resource Requirements Downloadthe software files from wwwpeaxynetsupport A login is required
1 Download the software installation files
bull Release-ltreleasenumbergtimg is the image to be copied to a USB stick that will initializethe hardware
bull Release-ltreleasenumbergtmd5 is the checksum file that validates the validity of the imagebull samsp-ltreleasenumbergtzip is a compressed file that contains the utilities to move the
image to the USB stick and for the initial configuration of Aureumbull The Aureum client file
bull hfclient-fuse-ltreleasenumbergttargz - the Aureum Linux client installation file2 On your Windows workstation move to the location of the zip file and unzip the file using any
uncompression program3 Move to the location of the uncompressed file and double-click the executable to start the
installation4 With administrator privileges launch the image copier Double-click img-copierbat
Install Aureum | 15
If the image copier does not launch properly you might need to add javaw to your path Refer toyour Windows Operating System help for instructions
5 Browse to the software image you downloaded (the img file) and select this file then click Run6 Type a label for the USB sticks
The label is used to identify the system during the initial installation and becomes the name of theserver on which it is installed If you use the same label on different USB sticks the software willadd a numeric suffix when creating the host name for example HOST-01 HOST-02 and so onLabels cannot exceed 16 charactersYou can provide a different label for each USB stick but to do so you must copy the image file toeach stick individually
7 Insert the USB sticks into a port on your workstation or a hub connected to your workstation andthen click REFRESH to make them visible to the image copier tool Select the sticks you want fromthose displayed in the destination drives list The USB stick must be at least 2 GB
8 Leave Verify copy operation enabled Peaxy strongly recommends that you do not skip this stepDepending on the speed on the USB sticks it can take several minutes to complete theverification
9 Enable hypervisor protection if requiredEnable hypervisor protection if the underlying storage consists of non-redundant JBOD (acollection of hard disks that have not been configured to act as a RAID) This creates a softwareRAID 5 configuration for the container store used by AureumYou can disable hypervisor protection if you have a hardware RAID under the disk volumes Thisallows Aureum to use a higher-performing RAID 0 configuration instead
10Click START11After the copy is complete click EXIT and remove the USB sticks from the workstation or USB hub
The USB stick now contains a bootable image of the installation software
Install the SoftwareThe installation software on the USB stick installs the Peaxy software and lets you create Aureum
1 Insert one prepared USB stick into each server Servers must have a console attached or beaccessible via an IPMI management tool
Install Aureum | 16
2 Apply power to the servers either individually or with a few seconds in between to complete the
next steps
Note If you have already configured your server to boot from USB skip steps 3 4 and 5
3 Enter the server BIOS and instruct the server to boot from the USB stickThe method used to enter the BIOS depends on the server
4 Ensure that the virtualization setting is enabled in the BIOS5 Save the BIOS changes and reboot the server from the USB stick
After the server has booted from the USB stick and launched the installation software you will seea message at the bottom of the screen telling you that the server is being prepared for installationThis boot process has placed the servers in a discoverable state this plays a role in the nextphase of the installation process
Continue the InstallationAfter the servers have been prepared and the software has been installed begin the configuration
1 On your workstation disable the firewall
On Red Hat Enterprise LinuxCentOS 7 systems use the following commands
systemctl stop firewalld
systemctl disable firewalld
On other Linux-based operating systems use the following commands
service iptables stop
service ip6tables stop
chkconfig ip6tables off only include this command if you want to permanently turn thefirewall off
chkconfig iptables off only include this command if you want to permanently turn thefirewall off
2 On your workstation disable SElinuxYou can check the status of SElinux with sestatus The result should appear as SELinuxstatus disabledIf you do not see disabled
1 Edit etcselinuxconfig and set the SELINUX variable to disabled2 Reboot your client workstation
3 On the workstation launch the Aureum installation management tool Type
sudo tmpsamsp-400ltversiongtsamspsh
Install Aureum | 17
You should see something similar to the following
Launching Management Server Platform version 400rootOpen your browser and enter the URL httpslocalhost to continueDo not terminate samsp it is required to complete cluster configurationYou can view tmpsamsp-40010872logmsplog for detailed progress activity
Important Do not terminate samsp because it is needed to complete clusterconfiguration
4 Open a browser and type
httpslocalhost If you are running the browser on the same workstation running the stand alone MSP orhttpsltip addressgt IP address of the workstation running the standalone MSP
This launches the Peaxy Management Tool If prompted accept the self-signed Peaxy certificate
After the initial setup is complete the IP address changes in the browser address bar This isexpected and correct behavior Now the installation portion of the AMS exits and the integratedAureum manager becomes active
In the next step the Aureum manager guides you through the initial configuration process
Create an Admin AccountThe first step in configuring a new Aureum system is to supply the details for the Admin account Afterthe installation process is complete and Aureum is up and running the Admin account is used to loginto the Aureum web UI (PMT) to perform additional administration tasks such as creating other useraccounts and a client registration password
Important The Admin account has access to critical areas of Aureum Ensure that the Adminaccount is secure
1 Type an email address for the accountThe AMS verifies that the email address is formatted correctly but does not check the validity ofthe email address itself This is the email address to which emails are sent
Note When setting the outgoing mailer settings the use of a customized email addressis highly dependent on the mail server While it might be possible to use a custom emailSEND FROM address many mail servers (such as Gmail) do not allow sending email usinganything other than the registered user account name
2 Type a user name for the accountThe user name must be between 3 and 32 characters and can contain letters numbers dots ()and at signs ()
3 Type a password to be associated with the user name in the previous stepPasswords are case sensitive and should be secure Best practice shows that you should changepasswords regularly
4 Confirm the password by retyping the password exactly as you entered it aboveWhen all of the fields are complete and have the correct format the SUBMIT button turns fromgray to blue
5 Click SUBMIT
The user account information is now created and stored
Important Set up the outgoing emailer settings as soon as possible after completinginstallation of Aureum If you forget or lose your password Aureum cannot send you a newone until the outgoing email is configured
Install Aureum | 18
The next step is to import the Aureum license
Import an Aureum LicenseImporting the license for an Aureum instance activates the Peaxy software License types are assignedto the Admin account that you created at the beginning of the installation
Before you create an Aureum system make sure that you have received your license from Peaxy andthat the license details are correct
Each time you create an Aureum instance you must import a license
1 Select the license to import or drag it onto the files areaThe license is a bdl file that contains all of the files needed to install the license
2 Click IMPORT3 The system installs the license and continues to the next step
Provide Aureum InformationDefining a few basic configuration items is the first step in setting up Aureum
During the first steps of the initial configuration you provide the basic information needed to createAureum its components and the namespace details
1 Enter the Network settingsa) Enter the gateway addressb) Enter the subnet maskc) Enter the primary DNS domain suffix and up to three DNS server addresses
DNS servers must be entered as IP addresses Each DNS server is on a separate line2 Enter the General settings
a) Enter a name for this Aureum instanceNames can be up to 14 characters and can contain letters numbers dashes and underscores
b) Optional Enter a location for the Aureum system for example ldquodatacenterrdquo or ldquoPhoenixofficerdquo
c) Enter the Aureum IP addressd) Optional Enter up to three NTP servers
Including an NTP server ensures that the time stamp for Aureum is always correcte) Select the time zone to use from the drop-down menu
This ensures that all nodes in Aureum use the same time zone3 Define the Namespace settings
Install Aureum | 19
a) Select the average file size that you expect Aureum to containYour expected average file size selection is used by Aureum to determine the most efficientdistribution of hyperservers Aureum uses the selection you make here to determine theestimated ratio of namespace hyperservers to data hyperservers
b) Set the default namespace replication factor from 2 to 4The namespace replication factor is the number of replicas that Aureum creates for thenamespace
4 Click CONTINUE
Add resources to Aureum You can also click CANCEL to cancel the installation
Add ResourcesResources refer to the physical servers that will make up Aureum These can be any commodity serversuch as a 1U or 2U server with any number and size of disks These resources are used to build thenamespace and data hyperservers that form the heart of a running Aureum system
Note After a resource has been added Aureum claims the complete resource Unusedportions of a resource are designated as spares and are used in case of a failure or expansion
1 The system locates all physical servers that have been booted using USB sticks and are currently indiscovery stateYou will see a list of the servers available for inclusion Use the filter to narrow your search by servername
2 Select the servers to add to Aureum
Servers scheduled for selection have a check mark to the left Select the box beside SERVER NAMEto select all servers in the list
3 Enter the required number of IP addresses or an IP range The number of IP addresses neededappears above the IP ADDRESSES entry box
The system determines the number of IP addresses needed to ensure that all Aureum componentscan communicate receiving requests and returning responses Addresses can be individual IPaddresses (xxxxxxxxxxxx) an IP address range (xxxxxxxxx - xxx) or an IP address with a wildcard(xxxxxxxxx) Separate the IP addresses with a space comma or newline
Install Aureum | 20
Aureum only supports IPv4 (the dotted quad format) For example
192168100419216810015-2019216873
4 Define the roles of the serversClick the ROLES column entry for a server and configure the servers to support either data accessor search (SolrCloud) While it is possible to configure a server to support both data access andsearch this setting is not recommended for a production deployment
Note Aureum 40 supports SolrCloud clusters with one or three nodes Aureum 40 doesnot support SolrCloud clusters with either two nodes or more than three nodes
5 Define the bonding for the network port cardsYou should see the same speed for all of the network interfaces (NICs) on this server Use the list ofall NICs that are bonded with the interfaces on this server to form your decision Inactive NICs arenoted as sucha) Click the ETHERNET column entry for the server whose bonding to configure
If the column text is red some interfaces are not bonded to the server If the text is blue allavailable interfaces are bonded
b) Place a check mark next to all of the interfaces to bond to this server Remove the check markfor those interfaces you do not want included in the bond
6 Optional Toggle the server beacon on or offBeacon signals guide you to the server in question This is often used when troubleshooting tolocate a specific server in a large group of servers
7 Click CONTINUEWait for the installation wizard to verify that the IP addresses you entered are valid and can beused The system assigns the IP addresses and sets the state to Pending
8 Click START INSTALLATIONThe button changes from START INSTALLATION to INSTALLATION IN PROGRESS The systemassigns the resources to Aureum and determines the necessary number of dedicated nodesneeded for the configuration The progress is displayed but you can also use the Log link to followindividual progress If some of the servers are not yet ready wait a few moments and retry
The installation process will take some time typically 10 to 20 minutes When complete the IPaddress in the browser will switch from the local IP of your workstation to the Aureum IP addressthat was entered earlier This signals the transition from the AMS you launched earlier (samsp) to theintegrated PMT that is now running on Aureum
The next step is to create a default storage class
Create a Default Storage ClassA storage class groups and manages data hyperservers with similar replication factors capabilitiesand performance configuration
You must configure at least one storage class to use as the default during the initial Aureumconfiguration You can create more storage classes at any time as long as you have the resourcesnecessary
1 You are presented with the create Initial Storage Class option2 Enter the required information to create the storage class
a) Type a name for the storage classClass names can be up to 14 text characters
b) Define the performance levelPerformance levels based on throughput and seek time Select the paired setting that is best foryour expected usage For the widest option select ldquoAnyrdquo
c) Set the replication factor
Install Aureum | 21
Remember all hyperservers assigned to this storage class will use these settings
Note You must include at least the same number of resources to create the specifiedreplication factor For example you cannot have a replication factor of three in anAureum system with only two servers
Because each replication requires some amount of storage the replication factor selectedaffects the amount of total storage available
Tip The Aureum data space is partitioned through all the data-capable hyperserversEach hyperserver can be configured to offer a specified replication factor This lets youstore vital data with high redundancy while more transient data can skip replication inorder to optimize storage and performance costs
d) Optional Enable flexible space allocationEnabling flexible storage space allows the members of the storage class to consume thecapacity needed When more storage space is needed more is allocated automaticallyregardless of the initial allocation Peaxy recommends this option for general use Some casesmight have different needs
e) Optional To make this the default storage class select YESAll data that does not meet the conditions in a specific data policy will be stored on the defaultstorage class (See data policies in the Aureum Administrator Guide)
3 Click CREATE STORAGE CLASS4 To complete the initial installation and configuration click FINALIZE AUREUM then click YES to
confirm the configuration is correct
Important After you click FINALIZE you must wait for the health indicator on the Aureumcard or list turn green before using Aureum
The Aureum installation is complete and the PMT shows the main Aureum window To configureadditional Aureum storage classes and data policies and to understand how to monitor Aureum seethe Aureum Administrator Guide
Define Outgoing Mail SettingsIn order for Aureum to send email notifications and provide lost password recovery you must tellAureum how to send email alerts
Important Configure outgoing email settings as soon as reasonably possible If you lose orforget your password Aureum cannot send reset instructions until you configure the emailsettings
1 Select EMAILER CONFIG from the SETUP WIZARD pane or from the Navigation menu select EMAILER
2 Type the email (SMTP) server to use when sending the emailThe email server must be accessible from Aureum
Install Aureum | 22
3 By default the system uses port 587 This is usually the right setting Only change the EMAILSERVER PORT if your organizations SMTP server requires it
4 Enter a valid user account and password that Aureum will use to send email from this server5 Optional SEND FROM is required only if your email server requires Transport Layer Security (TLS)
If this is the case type the SEND FROM email addressGenerally the recommended SEND FROM address is a working system administrator account
6 Click SAVE
Create a Client Registration UserThe Aureum client registration user and password allow client authentication at mount time
This allows you to create a custom account for authenticating client mounts
1 Click REGISTRATION2 Type a name for the user This will be the username that is authorized to type in the registration
password when an Aureum client is installed3 Type the client registration password This password is used to register the Aureum client for
authentication at mount time4 Click SAVE
Configure SecurityDefine define the level of security for client communication
1 Click SECURITY LEVEL2 Slide the controller to the level of security your data will use
3 Click ACCEPT
ConnectAn Aureum client mounts Aureum and allows access to folders and files Peaxy provides clientsoftware for Linux users and allows Windows users to access Aureum through a Windows share
The Linux-based client uses a FUSE component to remotely access Aureum services Almost all Linuxinstallations include FUSE so you should not need to do anything extra
The Aureum client has a small footprint A very limited set of memory and CPU cycles are needed toperform the client functions Also the Aureum client can be used concurrently with other clients forNFS and other network file systems
When you install the client the client drivers are added to the default system directories To accessthese directories use the mount command (more commonly known as mapping a drive in Windows)to mount the client to the directory
Install Aureum | 23
Mounting a client to an Aureum directory loads all the data structures necessary for the client tointeract with Aureum As the structures change Aureum updates them In order for a client to accessAureum all that is necessary is that the client know the IP address or URL to which the client willconnect and the client-Aureum registration password
Also available is the ability to join a Windows domain and create domain-authenticated users who canaccess different areas of Aureum
Linux Client-Aureum RegistrationThe minimum security level for Aureum is the authenticated mount To ensure that unauthorized usersdont gain access to data Peaxy provides an authenticated mount between Aureum Linux clients andAureum using certificates and registration
Note The process described in this section applies to Linux clients Windows domains userswith credentials from an Active Directory access Aureum through a Windows share
Security is always an important part of any system that provides data access especially when theaccess spans many users and locations Peaxy provides a registration process where the clientand server exchange certificates which are used to authenticate subsequent connections Theregistration provides a mutual authentication method between the client and Aureum allowing theclient access Only authenticated clients are allowed to mount Aureum Other clients cannot use thesame authentication as part of the certificate registration Aureum generates a client key pair that isunique to each client-Aureum connection
How It WorksThe AMS requires a dynamic registration at the initial mount time As part of the registration Aureumgenerates a key pair unique to each client This key pair is persistent so you do not need to re-register the client each time you mount Aureum
This initial registration is required the first time the client mounts Aureum and requires a specialregistration password that is unique to Aureum This password is entered by the Aureum administratorat the workstation on which the client is installed Subsequent client mounts use the client certificateissued during registration
Security LevelsAureum offers varying levels of security
The security level is visible on the Aureum card or list and is indicated in the SECURITY section by thenumber of total locks that are green Gray locks indicate how many additional security levels you canselect For example if there are four total locks and three are green your current security level is 3Message Integrity
bull Data Confidentiality all data in and out of Aureum is verified and encryptedbull Message Integrity message authentication codes verify message integritybull Kerberos Authentication use the Kerberos authentication protocol as the mechanism for
authentication between a client and a server or between one server and another serverbull Authenticated Mount use X509 certificates to mutually authenticate and validate all Aureum
clients and hyperservers in Aureum
Create an ExportCreate an export to allow Linux clients to mount and access Aureum
1 From the Navigation menu select SECURITY gt EXPORTS2 Type the export name3 In the EXPORT CONTENT IN field choose the data class to export
The IN DIRECTORY field automatically populates with the path specified by the chosen data classYou can extend this path but you cannot shorten it For example if the data class specifies the
Install Aureum | 24
engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the export5 Click CREATE6 To edit or delete an export click the corresponding entry in the list
bull To edit the export make the changes needed in the edit panel and click SAVE CHANGESbull To delete an export click the corresponding trash can icon ( ) and confirm the deletion
Install a Linux-based Aureum ClientYou install the Aureum client on physical hardware or on a workstation in the cloud Use the client tomount and access Aureum directories
Before installing the client make sure that your system meets the minimum requirements describedin the Requirements section of this document
Note Aureum uses FUSE in Direct IO mode for better performance The version of FUSErunning on older versions of CentOS Red Hat Enterprise Linux doesnt support mmap whenFUSE is being used this way This might cause some mmap functions such as ACCESS_WRITEMAP_SHARED and PROT_WRITE to fail You can use the mount flag --disable-direct-io-mode to disable Direct IO mode
If you choose to use Direct IO mmap will be disabled on CentOS56 and 57 since those versionsdont support mmap with direct IO Enabling this option will result in a significant performancedegradation on clients using this option Peaxy strongly recommends that you upgrade to a newerversion of Linux
Ensure FUSE and its dependencies have been installed on each client If it has not been installedinstall FUSE according to the instructions for the package you chose On CentOS for example installthis by typing
sudo yum -y install fusex86_64 fuse-develx86_64 fuse-libsx86_64
The version numbers for your installation may differ
If you have installed a version of the fuseko module that is not the Peaxy-specific version runadditional commands at the end of the installation process This prevents kernel-oops messages fromconsuming all of the space in the varspool directory These messages indicate a benign conditiondue to a Linux FUSE problem
Run the following commands
chkconfig --levels 2345 abrt-oops off service abrt-oops stop
Note The client installation sets the following values automatically
Parameter Value set to
netipv4tcp_tw_recycle 1
netipv4tcp_fin_timeout 2
netcorewmem_max 2097152
netcorermem_max 2097152
netcorewmem_default 2097152
netcorermem_default 2097152
Install Aureum | 25
1 Download the Aureum client file from the support section of the Peaxy website at wwwpeaxynetsupport (login is required)The file is downloaded as a targz package and contains an installer It has a name similar tohfclient-fuse-400ltbuildnumbergttargz
2 Unpack the distribution file by typing the following
tar -zxvf hfclient-fuse-400ltbuildnumbergttargz
You will see something like the following
hfclient-fuse-400hfclient-fuse-400setupshhfclient-fuse-400scriptshfclient-fuse-400scriptsupdatedbshhfclient-fuse-400scriptsc_rehashshhfclient-fuse-400scriptssysctlshhfclient-fuse-400scriptsunregshhfclient-fuse-400scriptsconfshhfclient-fuse-400binhfclient-fuse-400binfusehfCentOS-5xhfclient-fuse-400binfusehfhfclient-fuse-400confhfclient-fuse-400confhfconftgz
3 While logged in as root run setupsh installThe driver files are installed in the default system directories You will see something similar to thefollowing
sudo setupsh install
Installer for Peaxy Aureum Client version 40
Checking package contentsInstalling hf client binariesremoved `optpeaxy-40sbinfusehf`binfusehf -gt `optpeaxy-40sbinfusehfInstallation complete
Mount Aureum
Mount Aureum (Linux)After the client is installed use the mount command to mount Aureum
At a command prompt type
sudo mkdir -p ltmnt_pointgtsudo mount -t fusehf hfltmgmt_ipgt ltmnt_pointgt -o user=ltclient registration usernamegt
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is thedirectory that will serve as your local mount point for example mntpeaxy
If you omit -o user=ltclient_user_namegt you would be prompted for the password associatedwith the local admin account to complete the client registration Best practice is to always create aclient registration account and use that password
The first time you mount the client to Aureum you will be prompted for a registration passwordto allow client-Aureum authentication Type the client registration password Otherwise youradministrator must do this for you
Peaxy strongly recommends that you change the password often especially after typing the passwordfor a client registration
If you or your IT administrator have associated a DNS entry with the Aureum IP address you mightwant to use the DNS name as the name for your mount point
Install Aureum | 26
To configure the Aureum client to automatically mount on startup locate the etcfstab file andadd the line
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults 0 0
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is the localmount point for example mntpeaxy
Note If you are running CentOS 7 change this line to add the _netdev flag as below
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults_netdev 0 0
You can now use the Aureum client to access Aureum
Unregister a Linux Client from AureumYou can securely unregister an installed FUSE client from the Aureum system that it mounts
Removing the registration renders the client unable to access Aureum If you use the all option youwill need to perform a new registration setup before you can mount Aureum again
Unregistering a client is done by running the unregsh script Use the following procedure tounregister the client
1 On the workstation running the client open a command prompt2 Move to optpeaxybin the location of the script3 Run the script
bull Type sudo unregsh ltAureumgt to unregister the client from a specific Aureum systemReplace ltAureumgt with the Aureum system to unregister
bull Type sudo unregsh all to unregister the client from all Aureum systems on which theclient is registered
Note Peaxy strongly recommends using the all option before you decommission aclient workstation
Windows ConfigurationDomain users with credentials from an Active Directory can access Aureum through a share
After Aureum joins a domain it sets up network shares for chosen directories (including all containedsubdirectories) To domain users these shares look the same as any other folder that is accessible viathe network
Unlike an Aureum client which mounts to the root of the volume a share allows a user to exportsubdirectories for more granular access
Where to Find ItFrom the Navigation menu select SECURITY gt DOMAINS and SECURITY gt SHARES
Join a DomainBefore you can create a share you must join a Windows domain
You can pre-create a machine account in an Active Directory under a specified OU If you choose notto do so Aureum will try to add a computer account to the default location of ldquoComputersrdquo
Important If Aureum is already joined to a domain joining another domain will replace thejoin not add to it Aureum will only be joined to the most recently joined domain
1 From the Navigation menu select SECURITY gt DOMAINS2 Type the complete Windows domain to join for example engexamplecom3 Type the username with access to the domain The user must have the necessary permissions to
join Aureum to the domain4 Type the password associated with the username or access to modify an object in the OU if the
machine account was pre-created
Install Aureum | 27
5 In the NETBIOS NAME field set the Aureum computer account name you wish to be created in theActive Directory If Aureum is using a pre-created machine account in a specific OU then the nameyou specify here must match that name exactly
6 Click JOIN
After the domain has been joined the JOIN button changes to LEAVE To leave the domain clickLEAVE
Create a ShareCreate a share to allow Windows users to connect to Aureum
Before you can create a share you must join the appropriate domain
1 From the Navigation menu select SECURITY gt SHARES2 Type the name of the share3 In the SHARE CONTENT IN field choose the appropriate data class
The IN DIRECTORY field automatically populates with the path specified by the chosen data classYou can extend this path but you cannot shorten it For example if the data class specifies the engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the share5 Click CREATE
6 To edit or delete a share click the share to be modified
bull To edit the share make the changes needed in the edit panel and click SAVE CHANGESbull To delete the share click the trash can icon ( ) and confirm the deletion
Mount an Aureum Windows ShareDomain-authenticated users can mount and access Aureum directories using a share
After Aureum has been joined to a domain and the share has been created you can easily mount tothe share
The exact mount process is based on your workstation OS
Install Aureum | 28
If you do not already know it you can determine the mount point from Aureum by navigating to theJOIN DOMAIN page and using one of the listed public IP addresses as the mount point Include theshare name when mounting
Peaxy recommends that you take the list of public IP addresses and enter them into your DNS serverlisted under the Aureum NetBIOS name within the appropriate domain In cases where multipleaddresses are used the DNS server automatically round-robins the returned address This ensure thatclient connection load is distributed across the available nodes
As a Windows example to mount a drive letter to Aureum Type
net use ltdrive_lettergt ltpublic addressgtltshare namegt
where ltdrive_lettergt is the drive letter to assign to Aureum ltpublic_addressgt is the IP address usedto join the domain and ltshare_namegt is the share
You then log into the share using your domain-authenticated username and password For exampleMYDOMAINmyname
After mapping the drive access Aureum through Windows Explorer just like you would any otherdrive
If the share does not appear in the Windows Explorer after a change such as a system reboot occursrefresh the view using the Refresh icon ( ) The share should display correctly
You do not have to assign a share to a drive letter however In Windows Explorer type the public IPaddress and share name into the address bar Provide your username and password
POSIX ComplianceAureum provides a POSIX-compliant interface
Most of the Aureum interfaces are POSIX compliant and adhere to the IEEE standard The following isa list of exceptions to compliance
bull The directory nlink count is not incremented when a subdirectory is addedbull inode retention differs from the POSIX specification because there is no way to retain the original
inode number when a rename entails a move to a different device You can display the datahyperserver extent ID instead of the namespace hyperserver Node ID to the caller in the statfamily of calls This does not change when a file or directory is renamed It does change if the file ismigrated from one data hyperserver to another
bull If two mount points are held to the same Aureum and a file is closed on one Aureum does notremove a fcntl lock for the same file on another This is a variance on the way that NFS worksThe internal locking structures take into account the client ID which varies depending on the clientmount If there are two different mounts to a server Aureum treats them as separate machineswhich NFS does not
bull The file locking call flock() is emulated using POSIX byte range locks (fcntl() ) The POSIXcompliance specification does not cover flock() This implementation mirrors the behavior ofNFS The Aureum behavior is slightly different and varies from the POSIX specification as follows
1 As in NFS you must have write permissions to get a write lock2 As in NFS you cannot place both flock() and fcntl() locks on the same file as these locks
will conflict3 An flock() will not inherit across forks4 The flock() will be durable against other file closes but fcntl() locks will not behave within
the POSIX specification5 As well as being removed by an explicit f_unlock record locks are automatically released
when the process terminates or if it closes any file descriptor referring to a file on which locksare held This means that a process can lose the locks on a file like etcpasswd or etcmtab if a library function opens reads and closes it
Information and ResourcesThe latest news and information can always be found on the Peaxy website
Peaxy provides documents that are designed for different audiences These documents furnish acomprehensive explanation of Aureum and how to use it Additionally information is available fromtooltips Each field has a tooltip that adds explanations and any limitations for the item
The most current and accurate information available was included at the time this document wasprepared However changes may occur after the document is released Always read the ReleaseNotes for the most current information
Aureum Installation GuideA step-by-step guide to installing and configuring Aureum into your network
Aureum Administrator GuideA guide to understanding the Aureum architecture Provides details for planning configuring andmonitoring your implementation
Quickstart SeriesA series of two-page guides providing an abbreviated set of instructions for Aureum tasks Theycan be taken in order or used as reminders for individual tasks
Tech NotesSome technical issues are outside the scope of the regular documentation These are presented asTechnical Notes
Contact Peaxy9 am to 5 pm Pacific Standard Time
Main +1 (408) 441-6500
Support +1 (408) 763-3700
By phone
Support toll free US only +1 (844) 277-3299
General information infopeaxynet
Sales salespeaxynet
Support supportpeaxynet
By email
Documentation feedback feedbackpeaxynet
Online wwwpeaxynetsupport (login required)
Peaxy Inc
2380 Bering Dr
By mail
San Jose CA 95131 USA
LegalPeaxyreg and Aureumtrade are registered trademarks of Peaxy Inc
All other trademarks belong to their respective companies
CopyrightsThis document is copyright copy 2016 Peaxy Inc
Aureum software includes portions of the following
bull Amazon Web Services (AWS) Java SDK httpsawsamazoncomsdk-for-java and httpawsamazoncomapache-2-0
bull Apache License Version 20 January 2004bull BEOPEN PYTHON OPEN SOURCE LICENSE AGREEMENT VERSION 1bull BSD 3bull crc32 routine COPYRIGHT copy 1986 Gary S Brownbull Element Tree used under the Python licensebull Erlang Public License (EPL) a derivative work of the Mozilla Public License Now provided under
the Apache 20 licensebull GoogleAuth httpsgithubcomwstrangeGoogleAuthbull GNU Lesser General Public License Version 3 Copyright copy 2007 Free Software Foundation Inc
and GNU Lesser General Public License Version 21 Copyright copy 1999 Free Software FoundationInc
bull Samba is Free Software licensed under the GNU General Public License httpswwwsambaorgsambadocsGPLhtml the Samba project is a member of the Software Freedom Conservancy
bull JSON-C Copyright (c) 2009-2012 Eric Haszlakiewicz and Copyright (c) 2004-2005 MetaparadigmPte Ltd
bull Kerberos Copyright copy 1985-2009 now under the MIT 2 licensebull libcurl Copyright (c) 1996 - 2015 Daniel Stenbergdanielhaxxsebull lshow used under the GPL licensebull MIT (X11) Copyright copy 2007-2015bull RIAK Creative Commons (httpcreativecommonsorg licensesby30)bull Goldrush Copyright copy 2012 Magnus Klaarbull Meld Under ZPL licensebull NSIS (Nullsoft Scriptable Install System) copy 1999-2013bull OpenSSL License Copyright (c) 1998-2016 The OpenSSL Project and Original SSLeay License
Copyright (c) 1995-1998 Eric Youngbull Protobuf Copyright 2008 Google Inc now under the BSD 3 licensebull Setup Tools (setuptools-06c11) Under ZPL licensebull Sodium crypto library (libsodium) ISC license Copyright (c) 2013-2015 Frank Denisbull Solr the Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull TCL Copyright copy Regents of the University of California Sun Microsystems Inc Scriptics
Corporation and other partiesbull The Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull The Apache Tika project Copyright copy The Apache Software Foundationbull VirtualBox Copyright copy 2007 Oracle Corp as part of the GNU GPL V2 Licensebull YAWS Copyright copy 2006 Claes Wikstrom now under the BSD licensebull Apache zookeeper Under the Apache 2 license
Index | 35
Index
bdl license file 18
img 12
MD5 12
zip 12
A
access directories 24Active Directory 26add
resources 19servers 19
Admin 17administrator 17AMS 12 14 15 16Aureum IP address 11Aureum Manager 6 12 14Aureum name 18Aureum overview 5average file size 18
B
beacon turning on or off 19BIOS 15bonding network interface 19bootable USB 12 14browser 15button color 17
C
capacity 10 19CentOS 10checksum 12client registration 22clients 22configuration 11configure email 21connect 22contact 31create
export 23share 27
create Aureum 15create storage class 20
D
dedicated capacity 20dedicated nodes 5default storage class 20directory access 24discover resources 12 14 19discovery state Aureum nodes 12 14disk space required 10DNS server 11DNS servers 18documentation 31domain-authenticated user
domain 27
domain-authentication 22domain suffix 11download images 14
E
editsecurity level 22
emailer settings 21Ethernet
interface 10switch 10
exportCIFS 23create an export 23
F
files needed 12 14firewall 12flexible capacity 20flock 29FUSE 10
G
gateway 11 18
H
hardware requirements 10how to reach Peaxy 31
I
image copier 12 14import a license 18initial configuration 18inode retention 29install
client 24Linux client 24
introduction 5iptables 16
J
javarequired version 12 14
javaw 14
K
Kerberos 22 22 23
L
legal 33levels of security 23license files 18licenses 18
Index | 36
Linux client install 24localhost 15location 18
M
maintenance agreement 18management IP 15mapping 22mount Aureum 24 27mounting 22 22
N
namespace 18Navigation menu
configuration 11security 22
netBIOS 22NIC 19NTP server 11 18
O
outgoing email 21overview
architecture 6Aureum building blocks 6components 6
P
password 17password limitations 17ports 12POSIX compliance 29primary domain 18primary domain suffix 11
R
RAM requirements 10realms 22reboot 12 14recommended configuration 10Red Hat Enterprise Linux 10replication factor 11 18 20resources
needed 10run setup 16
S
samsp 12 14 16security 22 23security levels
security 22 23select the license 18SElinux 16sestatus 16set performance levels 20settings 11setup 16share
CIFS 27
create a share 27Share 26SMTP 17 21software files 14space needed 10storage class creating default 20subnet mask 11Support hours 31
T
tar ball 24time server 18time zone 11 18
U
USB 15USB stick 10 12 14user account 17
V
virtualization 6 15
W
what youll need 11Windows
domain 26join a domain 26share 27
Windows client 10
Y
yum 24
Install Aureum | 14
Depending on the speed on the USB sticks it can take several minutes to complete theverification
8 Enable hypervisor protection if requiredEnable hypervisor protection if the underlying storage consists of non-redundant JBOD (acollection of hard disks that have not been configured to act as a RAID) This creates a softwareRAID 5 configuration for the container store used by AureumYou can disable hypervisor protection if you have a hardware RAID under the disk volumes Thisallows Aureum to use a higher-performing RAID 0 configuration instead
9 Click START10After the copy is complete click EXIT and remove the USB sticks from the workstation or USB hub
The USB stick now contains a bootable image of the Aureum installation software
Prepare Aureum Installation Resources (Windows)The software is installed on each server resource that will become part of Aureum Aureum ishardware agnostic but there must be adequate resources to complete the installation Each serveruses a USB stick to install the software
You must have administrator permissions to install the Aureum software
Your workstation must be running the Java Runtime Environment (JRE) 17 or higher installed in orderto run the image copier
Make sure that you have the required basic resources described in Resource Requirements Downloadthe software files from wwwpeaxynetsupport A login is required
1 Download the software installation files
bull Release-ltreleasenumbergtimg is the image to be copied to a USB stick that will initializethe hardware
bull Release-ltreleasenumbergtmd5 is the checksum file that validates the validity of the imagebull samsp-ltreleasenumbergtzip is a compressed file that contains the utilities to move the
image to the USB stick and for the initial configuration of Aureumbull The Aureum client file
bull hfclient-fuse-ltreleasenumbergttargz - the Aureum Linux client installation file2 On your Windows workstation move to the location of the zip file and unzip the file using any
uncompression program3 Move to the location of the uncompressed file and double-click the executable to start the
installation4 With administrator privileges launch the image copier Double-click img-copierbat
Install Aureum | 15
If the image copier does not launch properly you might need to add javaw to your path Refer toyour Windows Operating System help for instructions
5 Browse to the software image you downloaded (the img file) and select this file then click Run6 Type a label for the USB sticks
The label is used to identify the system during the initial installation and becomes the name of theserver on which it is installed If you use the same label on different USB sticks the software willadd a numeric suffix when creating the host name for example HOST-01 HOST-02 and so onLabels cannot exceed 16 charactersYou can provide a different label for each USB stick but to do so you must copy the image file toeach stick individually
7 Insert the USB sticks into a port on your workstation or a hub connected to your workstation andthen click REFRESH to make them visible to the image copier tool Select the sticks you want fromthose displayed in the destination drives list The USB stick must be at least 2 GB
8 Leave Verify copy operation enabled Peaxy strongly recommends that you do not skip this stepDepending on the speed on the USB sticks it can take several minutes to complete theverification
9 Enable hypervisor protection if requiredEnable hypervisor protection if the underlying storage consists of non-redundant JBOD (acollection of hard disks that have not been configured to act as a RAID) This creates a softwareRAID 5 configuration for the container store used by AureumYou can disable hypervisor protection if you have a hardware RAID under the disk volumes Thisallows Aureum to use a higher-performing RAID 0 configuration instead
10Click START11After the copy is complete click EXIT and remove the USB sticks from the workstation or USB hub
The USB stick now contains a bootable image of the installation software
Install the SoftwareThe installation software on the USB stick installs the Peaxy software and lets you create Aureum
1 Insert one prepared USB stick into each server Servers must have a console attached or beaccessible via an IPMI management tool
Install Aureum | 16
2 Apply power to the servers either individually or with a few seconds in between to complete the
next steps
Note If you have already configured your server to boot from USB skip steps 3 4 and 5
3 Enter the server BIOS and instruct the server to boot from the USB stickThe method used to enter the BIOS depends on the server
4 Ensure that the virtualization setting is enabled in the BIOS5 Save the BIOS changes and reboot the server from the USB stick
After the server has booted from the USB stick and launched the installation software you will seea message at the bottom of the screen telling you that the server is being prepared for installationThis boot process has placed the servers in a discoverable state this plays a role in the nextphase of the installation process
Continue the InstallationAfter the servers have been prepared and the software has been installed begin the configuration
1 On your workstation disable the firewall
On Red Hat Enterprise LinuxCentOS 7 systems use the following commands
systemctl stop firewalld
systemctl disable firewalld
On other Linux-based operating systems use the following commands
service iptables stop
service ip6tables stop
chkconfig ip6tables off only include this command if you want to permanently turn thefirewall off
chkconfig iptables off only include this command if you want to permanently turn thefirewall off
2 On your workstation disable SElinuxYou can check the status of SElinux with sestatus The result should appear as SELinuxstatus disabledIf you do not see disabled
1 Edit etcselinuxconfig and set the SELINUX variable to disabled2 Reboot your client workstation
3 On the workstation launch the Aureum installation management tool Type
sudo tmpsamsp-400ltversiongtsamspsh
Install Aureum | 17
You should see something similar to the following
Launching Management Server Platform version 400rootOpen your browser and enter the URL httpslocalhost to continueDo not terminate samsp it is required to complete cluster configurationYou can view tmpsamsp-40010872logmsplog for detailed progress activity
Important Do not terminate samsp because it is needed to complete clusterconfiguration
4 Open a browser and type
httpslocalhost If you are running the browser on the same workstation running the stand alone MSP orhttpsltip addressgt IP address of the workstation running the standalone MSP
This launches the Peaxy Management Tool If prompted accept the self-signed Peaxy certificate
After the initial setup is complete the IP address changes in the browser address bar This isexpected and correct behavior Now the installation portion of the AMS exits and the integratedAureum manager becomes active
In the next step the Aureum manager guides you through the initial configuration process
Create an Admin AccountThe first step in configuring a new Aureum system is to supply the details for the Admin account Afterthe installation process is complete and Aureum is up and running the Admin account is used to loginto the Aureum web UI (PMT) to perform additional administration tasks such as creating other useraccounts and a client registration password
Important The Admin account has access to critical areas of Aureum Ensure that the Adminaccount is secure
1 Type an email address for the accountThe AMS verifies that the email address is formatted correctly but does not check the validity ofthe email address itself This is the email address to which emails are sent
Note When setting the outgoing mailer settings the use of a customized email addressis highly dependent on the mail server While it might be possible to use a custom emailSEND FROM address many mail servers (such as Gmail) do not allow sending email usinganything other than the registered user account name
2 Type a user name for the accountThe user name must be between 3 and 32 characters and can contain letters numbers dots ()and at signs ()
3 Type a password to be associated with the user name in the previous stepPasswords are case sensitive and should be secure Best practice shows that you should changepasswords regularly
4 Confirm the password by retyping the password exactly as you entered it aboveWhen all of the fields are complete and have the correct format the SUBMIT button turns fromgray to blue
5 Click SUBMIT
The user account information is now created and stored
Important Set up the outgoing emailer settings as soon as possible after completinginstallation of Aureum If you forget or lose your password Aureum cannot send you a newone until the outgoing email is configured
Install Aureum | 18
The next step is to import the Aureum license
Import an Aureum LicenseImporting the license for an Aureum instance activates the Peaxy software License types are assignedto the Admin account that you created at the beginning of the installation
Before you create an Aureum system make sure that you have received your license from Peaxy andthat the license details are correct
Each time you create an Aureum instance you must import a license
1 Select the license to import or drag it onto the files areaThe license is a bdl file that contains all of the files needed to install the license
2 Click IMPORT3 The system installs the license and continues to the next step
Provide Aureum InformationDefining a few basic configuration items is the first step in setting up Aureum
During the first steps of the initial configuration you provide the basic information needed to createAureum its components and the namespace details
1 Enter the Network settingsa) Enter the gateway addressb) Enter the subnet maskc) Enter the primary DNS domain suffix and up to three DNS server addresses
DNS servers must be entered as IP addresses Each DNS server is on a separate line2 Enter the General settings
a) Enter a name for this Aureum instanceNames can be up to 14 characters and can contain letters numbers dashes and underscores
b) Optional Enter a location for the Aureum system for example ldquodatacenterrdquo or ldquoPhoenixofficerdquo
c) Enter the Aureum IP addressd) Optional Enter up to three NTP servers
Including an NTP server ensures that the time stamp for Aureum is always correcte) Select the time zone to use from the drop-down menu
This ensures that all nodes in Aureum use the same time zone3 Define the Namespace settings
Install Aureum | 19
a) Select the average file size that you expect Aureum to containYour expected average file size selection is used by Aureum to determine the most efficientdistribution of hyperservers Aureum uses the selection you make here to determine theestimated ratio of namespace hyperservers to data hyperservers
b) Set the default namespace replication factor from 2 to 4The namespace replication factor is the number of replicas that Aureum creates for thenamespace
4 Click CONTINUE
Add resources to Aureum You can also click CANCEL to cancel the installation
Add ResourcesResources refer to the physical servers that will make up Aureum These can be any commodity serversuch as a 1U or 2U server with any number and size of disks These resources are used to build thenamespace and data hyperservers that form the heart of a running Aureum system
Note After a resource has been added Aureum claims the complete resource Unusedportions of a resource are designated as spares and are used in case of a failure or expansion
1 The system locates all physical servers that have been booted using USB sticks and are currently indiscovery stateYou will see a list of the servers available for inclusion Use the filter to narrow your search by servername
2 Select the servers to add to Aureum
Servers scheduled for selection have a check mark to the left Select the box beside SERVER NAMEto select all servers in the list
3 Enter the required number of IP addresses or an IP range The number of IP addresses neededappears above the IP ADDRESSES entry box
The system determines the number of IP addresses needed to ensure that all Aureum componentscan communicate receiving requests and returning responses Addresses can be individual IPaddresses (xxxxxxxxxxxx) an IP address range (xxxxxxxxx - xxx) or an IP address with a wildcard(xxxxxxxxx) Separate the IP addresses with a space comma or newline
Install Aureum | 20
Aureum only supports IPv4 (the dotted quad format) For example
192168100419216810015-2019216873
4 Define the roles of the serversClick the ROLES column entry for a server and configure the servers to support either data accessor search (SolrCloud) While it is possible to configure a server to support both data access andsearch this setting is not recommended for a production deployment
Note Aureum 40 supports SolrCloud clusters with one or three nodes Aureum 40 doesnot support SolrCloud clusters with either two nodes or more than three nodes
5 Define the bonding for the network port cardsYou should see the same speed for all of the network interfaces (NICs) on this server Use the list ofall NICs that are bonded with the interfaces on this server to form your decision Inactive NICs arenoted as sucha) Click the ETHERNET column entry for the server whose bonding to configure
If the column text is red some interfaces are not bonded to the server If the text is blue allavailable interfaces are bonded
b) Place a check mark next to all of the interfaces to bond to this server Remove the check markfor those interfaces you do not want included in the bond
6 Optional Toggle the server beacon on or offBeacon signals guide you to the server in question This is often used when troubleshooting tolocate a specific server in a large group of servers
7 Click CONTINUEWait for the installation wizard to verify that the IP addresses you entered are valid and can beused The system assigns the IP addresses and sets the state to Pending
8 Click START INSTALLATIONThe button changes from START INSTALLATION to INSTALLATION IN PROGRESS The systemassigns the resources to Aureum and determines the necessary number of dedicated nodesneeded for the configuration The progress is displayed but you can also use the Log link to followindividual progress If some of the servers are not yet ready wait a few moments and retry
The installation process will take some time typically 10 to 20 minutes When complete the IPaddress in the browser will switch from the local IP of your workstation to the Aureum IP addressthat was entered earlier This signals the transition from the AMS you launched earlier (samsp) to theintegrated PMT that is now running on Aureum
The next step is to create a default storage class
Create a Default Storage ClassA storage class groups and manages data hyperservers with similar replication factors capabilitiesand performance configuration
You must configure at least one storage class to use as the default during the initial Aureumconfiguration You can create more storage classes at any time as long as you have the resourcesnecessary
1 You are presented with the create Initial Storage Class option2 Enter the required information to create the storage class
a) Type a name for the storage classClass names can be up to 14 text characters
b) Define the performance levelPerformance levels based on throughput and seek time Select the paired setting that is best foryour expected usage For the widest option select ldquoAnyrdquo
c) Set the replication factor
Install Aureum | 21
Remember all hyperservers assigned to this storage class will use these settings
Note You must include at least the same number of resources to create the specifiedreplication factor For example you cannot have a replication factor of three in anAureum system with only two servers
Because each replication requires some amount of storage the replication factor selectedaffects the amount of total storage available
Tip The Aureum data space is partitioned through all the data-capable hyperserversEach hyperserver can be configured to offer a specified replication factor This lets youstore vital data with high redundancy while more transient data can skip replication inorder to optimize storage and performance costs
d) Optional Enable flexible space allocationEnabling flexible storage space allows the members of the storage class to consume thecapacity needed When more storage space is needed more is allocated automaticallyregardless of the initial allocation Peaxy recommends this option for general use Some casesmight have different needs
e) Optional To make this the default storage class select YESAll data that does not meet the conditions in a specific data policy will be stored on the defaultstorage class (See data policies in the Aureum Administrator Guide)
3 Click CREATE STORAGE CLASS4 To complete the initial installation and configuration click FINALIZE AUREUM then click YES to
confirm the configuration is correct
Important After you click FINALIZE you must wait for the health indicator on the Aureumcard or list turn green before using Aureum
The Aureum installation is complete and the PMT shows the main Aureum window To configureadditional Aureum storage classes and data policies and to understand how to monitor Aureum seethe Aureum Administrator Guide
Define Outgoing Mail SettingsIn order for Aureum to send email notifications and provide lost password recovery you must tellAureum how to send email alerts
Important Configure outgoing email settings as soon as reasonably possible If you lose orforget your password Aureum cannot send reset instructions until you configure the emailsettings
1 Select EMAILER CONFIG from the SETUP WIZARD pane or from the Navigation menu select EMAILER
2 Type the email (SMTP) server to use when sending the emailThe email server must be accessible from Aureum
Install Aureum | 22
3 By default the system uses port 587 This is usually the right setting Only change the EMAILSERVER PORT if your organizations SMTP server requires it
4 Enter a valid user account and password that Aureum will use to send email from this server5 Optional SEND FROM is required only if your email server requires Transport Layer Security (TLS)
If this is the case type the SEND FROM email addressGenerally the recommended SEND FROM address is a working system administrator account
6 Click SAVE
Create a Client Registration UserThe Aureum client registration user and password allow client authentication at mount time
This allows you to create a custom account for authenticating client mounts
1 Click REGISTRATION2 Type a name for the user This will be the username that is authorized to type in the registration
password when an Aureum client is installed3 Type the client registration password This password is used to register the Aureum client for
authentication at mount time4 Click SAVE
Configure SecurityDefine define the level of security for client communication
1 Click SECURITY LEVEL2 Slide the controller to the level of security your data will use
3 Click ACCEPT
ConnectAn Aureum client mounts Aureum and allows access to folders and files Peaxy provides clientsoftware for Linux users and allows Windows users to access Aureum through a Windows share
The Linux-based client uses a FUSE component to remotely access Aureum services Almost all Linuxinstallations include FUSE so you should not need to do anything extra
The Aureum client has a small footprint A very limited set of memory and CPU cycles are needed toperform the client functions Also the Aureum client can be used concurrently with other clients forNFS and other network file systems
When you install the client the client drivers are added to the default system directories To accessthese directories use the mount command (more commonly known as mapping a drive in Windows)to mount the client to the directory
Install Aureum | 23
Mounting a client to an Aureum directory loads all the data structures necessary for the client tointeract with Aureum As the structures change Aureum updates them In order for a client to accessAureum all that is necessary is that the client know the IP address or URL to which the client willconnect and the client-Aureum registration password
Also available is the ability to join a Windows domain and create domain-authenticated users who canaccess different areas of Aureum
Linux Client-Aureum RegistrationThe minimum security level for Aureum is the authenticated mount To ensure that unauthorized usersdont gain access to data Peaxy provides an authenticated mount between Aureum Linux clients andAureum using certificates and registration
Note The process described in this section applies to Linux clients Windows domains userswith credentials from an Active Directory access Aureum through a Windows share
Security is always an important part of any system that provides data access especially when theaccess spans many users and locations Peaxy provides a registration process where the clientand server exchange certificates which are used to authenticate subsequent connections Theregistration provides a mutual authentication method between the client and Aureum allowing theclient access Only authenticated clients are allowed to mount Aureum Other clients cannot use thesame authentication as part of the certificate registration Aureum generates a client key pair that isunique to each client-Aureum connection
How It WorksThe AMS requires a dynamic registration at the initial mount time As part of the registration Aureumgenerates a key pair unique to each client This key pair is persistent so you do not need to re-register the client each time you mount Aureum
This initial registration is required the first time the client mounts Aureum and requires a specialregistration password that is unique to Aureum This password is entered by the Aureum administratorat the workstation on which the client is installed Subsequent client mounts use the client certificateissued during registration
Security LevelsAureum offers varying levels of security
The security level is visible on the Aureum card or list and is indicated in the SECURITY section by thenumber of total locks that are green Gray locks indicate how many additional security levels you canselect For example if there are four total locks and three are green your current security level is 3Message Integrity
bull Data Confidentiality all data in and out of Aureum is verified and encryptedbull Message Integrity message authentication codes verify message integritybull Kerberos Authentication use the Kerberos authentication protocol as the mechanism for
authentication between a client and a server or between one server and another serverbull Authenticated Mount use X509 certificates to mutually authenticate and validate all Aureum
clients and hyperservers in Aureum
Create an ExportCreate an export to allow Linux clients to mount and access Aureum
1 From the Navigation menu select SECURITY gt EXPORTS2 Type the export name3 In the EXPORT CONTENT IN field choose the data class to export
The IN DIRECTORY field automatically populates with the path specified by the chosen data classYou can extend this path but you cannot shorten it For example if the data class specifies the
Install Aureum | 24
engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the export5 Click CREATE6 To edit or delete an export click the corresponding entry in the list
bull To edit the export make the changes needed in the edit panel and click SAVE CHANGESbull To delete an export click the corresponding trash can icon ( ) and confirm the deletion
Install a Linux-based Aureum ClientYou install the Aureum client on physical hardware or on a workstation in the cloud Use the client tomount and access Aureum directories
Before installing the client make sure that your system meets the minimum requirements describedin the Requirements section of this document
Note Aureum uses FUSE in Direct IO mode for better performance The version of FUSErunning on older versions of CentOS Red Hat Enterprise Linux doesnt support mmap whenFUSE is being used this way This might cause some mmap functions such as ACCESS_WRITEMAP_SHARED and PROT_WRITE to fail You can use the mount flag --disable-direct-io-mode to disable Direct IO mode
If you choose to use Direct IO mmap will be disabled on CentOS56 and 57 since those versionsdont support mmap with direct IO Enabling this option will result in a significant performancedegradation on clients using this option Peaxy strongly recommends that you upgrade to a newerversion of Linux
Ensure FUSE and its dependencies have been installed on each client If it has not been installedinstall FUSE according to the instructions for the package you chose On CentOS for example installthis by typing
sudo yum -y install fusex86_64 fuse-develx86_64 fuse-libsx86_64
The version numbers for your installation may differ
If you have installed a version of the fuseko module that is not the Peaxy-specific version runadditional commands at the end of the installation process This prevents kernel-oops messages fromconsuming all of the space in the varspool directory These messages indicate a benign conditiondue to a Linux FUSE problem
Run the following commands
chkconfig --levels 2345 abrt-oops off service abrt-oops stop
Note The client installation sets the following values automatically
Parameter Value set to
netipv4tcp_tw_recycle 1
netipv4tcp_fin_timeout 2
netcorewmem_max 2097152
netcorermem_max 2097152
netcorewmem_default 2097152
netcorermem_default 2097152
Install Aureum | 25
1 Download the Aureum client file from the support section of the Peaxy website at wwwpeaxynetsupport (login is required)The file is downloaded as a targz package and contains an installer It has a name similar tohfclient-fuse-400ltbuildnumbergttargz
2 Unpack the distribution file by typing the following
tar -zxvf hfclient-fuse-400ltbuildnumbergttargz
You will see something like the following
hfclient-fuse-400hfclient-fuse-400setupshhfclient-fuse-400scriptshfclient-fuse-400scriptsupdatedbshhfclient-fuse-400scriptsc_rehashshhfclient-fuse-400scriptssysctlshhfclient-fuse-400scriptsunregshhfclient-fuse-400scriptsconfshhfclient-fuse-400binhfclient-fuse-400binfusehfCentOS-5xhfclient-fuse-400binfusehfhfclient-fuse-400confhfclient-fuse-400confhfconftgz
3 While logged in as root run setupsh installThe driver files are installed in the default system directories You will see something similar to thefollowing
sudo setupsh install
Installer for Peaxy Aureum Client version 40
Checking package contentsInstalling hf client binariesremoved `optpeaxy-40sbinfusehf`binfusehf -gt `optpeaxy-40sbinfusehfInstallation complete
Mount Aureum
Mount Aureum (Linux)After the client is installed use the mount command to mount Aureum
At a command prompt type
sudo mkdir -p ltmnt_pointgtsudo mount -t fusehf hfltmgmt_ipgt ltmnt_pointgt -o user=ltclient registration usernamegt
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is thedirectory that will serve as your local mount point for example mntpeaxy
If you omit -o user=ltclient_user_namegt you would be prompted for the password associatedwith the local admin account to complete the client registration Best practice is to always create aclient registration account and use that password
The first time you mount the client to Aureum you will be prompted for a registration passwordto allow client-Aureum authentication Type the client registration password Otherwise youradministrator must do this for you
Peaxy strongly recommends that you change the password often especially after typing the passwordfor a client registration
If you or your IT administrator have associated a DNS entry with the Aureum IP address you mightwant to use the DNS name as the name for your mount point
Install Aureum | 26
To configure the Aureum client to automatically mount on startup locate the etcfstab file andadd the line
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults 0 0
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is the localmount point for example mntpeaxy
Note If you are running CentOS 7 change this line to add the _netdev flag as below
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults_netdev 0 0
You can now use the Aureum client to access Aureum
Unregister a Linux Client from AureumYou can securely unregister an installed FUSE client from the Aureum system that it mounts
Removing the registration renders the client unable to access Aureum If you use the all option youwill need to perform a new registration setup before you can mount Aureum again
Unregistering a client is done by running the unregsh script Use the following procedure tounregister the client
1 On the workstation running the client open a command prompt2 Move to optpeaxybin the location of the script3 Run the script
bull Type sudo unregsh ltAureumgt to unregister the client from a specific Aureum systemReplace ltAureumgt with the Aureum system to unregister
bull Type sudo unregsh all to unregister the client from all Aureum systems on which theclient is registered
Note Peaxy strongly recommends using the all option before you decommission aclient workstation
Windows ConfigurationDomain users with credentials from an Active Directory can access Aureum through a share
After Aureum joins a domain it sets up network shares for chosen directories (including all containedsubdirectories) To domain users these shares look the same as any other folder that is accessible viathe network
Unlike an Aureum client which mounts to the root of the volume a share allows a user to exportsubdirectories for more granular access
Where to Find ItFrom the Navigation menu select SECURITY gt DOMAINS and SECURITY gt SHARES
Join a DomainBefore you can create a share you must join a Windows domain
You can pre-create a machine account in an Active Directory under a specified OU If you choose notto do so Aureum will try to add a computer account to the default location of ldquoComputersrdquo
Important If Aureum is already joined to a domain joining another domain will replace thejoin not add to it Aureum will only be joined to the most recently joined domain
1 From the Navigation menu select SECURITY gt DOMAINS2 Type the complete Windows domain to join for example engexamplecom3 Type the username with access to the domain The user must have the necessary permissions to
join Aureum to the domain4 Type the password associated with the username or access to modify an object in the OU if the
machine account was pre-created
Install Aureum | 27
5 In the NETBIOS NAME field set the Aureum computer account name you wish to be created in theActive Directory If Aureum is using a pre-created machine account in a specific OU then the nameyou specify here must match that name exactly
6 Click JOIN
After the domain has been joined the JOIN button changes to LEAVE To leave the domain clickLEAVE
Create a ShareCreate a share to allow Windows users to connect to Aureum
Before you can create a share you must join the appropriate domain
1 From the Navigation menu select SECURITY gt SHARES2 Type the name of the share3 In the SHARE CONTENT IN field choose the appropriate data class
The IN DIRECTORY field automatically populates with the path specified by the chosen data classYou can extend this path but you cannot shorten it For example if the data class specifies the engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the share5 Click CREATE
6 To edit or delete a share click the share to be modified
bull To edit the share make the changes needed in the edit panel and click SAVE CHANGESbull To delete the share click the trash can icon ( ) and confirm the deletion
Mount an Aureum Windows ShareDomain-authenticated users can mount and access Aureum directories using a share
After Aureum has been joined to a domain and the share has been created you can easily mount tothe share
The exact mount process is based on your workstation OS
Install Aureum | 28
If you do not already know it you can determine the mount point from Aureum by navigating to theJOIN DOMAIN page and using one of the listed public IP addresses as the mount point Include theshare name when mounting
Peaxy recommends that you take the list of public IP addresses and enter them into your DNS serverlisted under the Aureum NetBIOS name within the appropriate domain In cases where multipleaddresses are used the DNS server automatically round-robins the returned address This ensure thatclient connection load is distributed across the available nodes
As a Windows example to mount a drive letter to Aureum Type
net use ltdrive_lettergt ltpublic addressgtltshare namegt
where ltdrive_lettergt is the drive letter to assign to Aureum ltpublic_addressgt is the IP address usedto join the domain and ltshare_namegt is the share
You then log into the share using your domain-authenticated username and password For exampleMYDOMAINmyname
After mapping the drive access Aureum through Windows Explorer just like you would any otherdrive
If the share does not appear in the Windows Explorer after a change such as a system reboot occursrefresh the view using the Refresh icon ( ) The share should display correctly
You do not have to assign a share to a drive letter however In Windows Explorer type the public IPaddress and share name into the address bar Provide your username and password
POSIX ComplianceAureum provides a POSIX-compliant interface
Most of the Aureum interfaces are POSIX compliant and adhere to the IEEE standard The following isa list of exceptions to compliance
bull The directory nlink count is not incremented when a subdirectory is addedbull inode retention differs from the POSIX specification because there is no way to retain the original
inode number when a rename entails a move to a different device You can display the datahyperserver extent ID instead of the namespace hyperserver Node ID to the caller in the statfamily of calls This does not change when a file or directory is renamed It does change if the file ismigrated from one data hyperserver to another
bull If two mount points are held to the same Aureum and a file is closed on one Aureum does notremove a fcntl lock for the same file on another This is a variance on the way that NFS worksThe internal locking structures take into account the client ID which varies depending on the clientmount If there are two different mounts to a server Aureum treats them as separate machineswhich NFS does not
bull The file locking call flock() is emulated using POSIX byte range locks (fcntl() ) The POSIXcompliance specification does not cover flock() This implementation mirrors the behavior ofNFS The Aureum behavior is slightly different and varies from the POSIX specification as follows
1 As in NFS you must have write permissions to get a write lock2 As in NFS you cannot place both flock() and fcntl() locks on the same file as these locks
will conflict3 An flock() will not inherit across forks4 The flock() will be durable against other file closes but fcntl() locks will not behave within
the POSIX specification5 As well as being removed by an explicit f_unlock record locks are automatically released
when the process terminates or if it closes any file descriptor referring to a file on which locksare held This means that a process can lose the locks on a file like etcpasswd or etcmtab if a library function opens reads and closes it
Information and ResourcesThe latest news and information can always be found on the Peaxy website
Peaxy provides documents that are designed for different audiences These documents furnish acomprehensive explanation of Aureum and how to use it Additionally information is available fromtooltips Each field has a tooltip that adds explanations and any limitations for the item
The most current and accurate information available was included at the time this document wasprepared However changes may occur after the document is released Always read the ReleaseNotes for the most current information
Aureum Installation GuideA step-by-step guide to installing and configuring Aureum into your network
Aureum Administrator GuideA guide to understanding the Aureum architecture Provides details for planning configuring andmonitoring your implementation
Quickstart SeriesA series of two-page guides providing an abbreviated set of instructions for Aureum tasks Theycan be taken in order or used as reminders for individual tasks
Tech NotesSome technical issues are outside the scope of the regular documentation These are presented asTechnical Notes
Contact Peaxy9 am to 5 pm Pacific Standard Time
Main +1 (408) 441-6500
Support +1 (408) 763-3700
By phone
Support toll free US only +1 (844) 277-3299
General information infopeaxynet
Sales salespeaxynet
Support supportpeaxynet
By email
Documentation feedback feedbackpeaxynet
Online wwwpeaxynetsupport (login required)
Peaxy Inc
2380 Bering Dr
By mail
San Jose CA 95131 USA
LegalPeaxyreg and Aureumtrade are registered trademarks of Peaxy Inc
All other trademarks belong to their respective companies
CopyrightsThis document is copyright copy 2016 Peaxy Inc
Aureum software includes portions of the following
bull Amazon Web Services (AWS) Java SDK httpsawsamazoncomsdk-for-java and httpawsamazoncomapache-2-0
bull Apache License Version 20 January 2004bull BEOPEN PYTHON OPEN SOURCE LICENSE AGREEMENT VERSION 1bull BSD 3bull crc32 routine COPYRIGHT copy 1986 Gary S Brownbull Element Tree used under the Python licensebull Erlang Public License (EPL) a derivative work of the Mozilla Public License Now provided under
the Apache 20 licensebull GoogleAuth httpsgithubcomwstrangeGoogleAuthbull GNU Lesser General Public License Version 3 Copyright copy 2007 Free Software Foundation Inc
and GNU Lesser General Public License Version 21 Copyright copy 1999 Free Software FoundationInc
bull Samba is Free Software licensed under the GNU General Public License httpswwwsambaorgsambadocsGPLhtml the Samba project is a member of the Software Freedom Conservancy
bull JSON-C Copyright (c) 2009-2012 Eric Haszlakiewicz and Copyright (c) 2004-2005 MetaparadigmPte Ltd
bull Kerberos Copyright copy 1985-2009 now under the MIT 2 licensebull libcurl Copyright (c) 1996 - 2015 Daniel Stenbergdanielhaxxsebull lshow used under the GPL licensebull MIT (X11) Copyright copy 2007-2015bull RIAK Creative Commons (httpcreativecommonsorg licensesby30)bull Goldrush Copyright copy 2012 Magnus Klaarbull Meld Under ZPL licensebull NSIS (Nullsoft Scriptable Install System) copy 1999-2013bull OpenSSL License Copyright (c) 1998-2016 The OpenSSL Project and Original SSLeay License
Copyright (c) 1995-1998 Eric Youngbull Protobuf Copyright 2008 Google Inc now under the BSD 3 licensebull Setup Tools (setuptools-06c11) Under ZPL licensebull Sodium crypto library (libsodium) ISC license Copyright (c) 2013-2015 Frank Denisbull Solr the Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull TCL Copyright copy Regents of the University of California Sun Microsystems Inc Scriptics
Corporation and other partiesbull The Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull The Apache Tika project Copyright copy The Apache Software Foundationbull VirtualBox Copyright copy 2007 Oracle Corp as part of the GNU GPL V2 Licensebull YAWS Copyright copy 2006 Claes Wikstrom now under the BSD licensebull Apache zookeeper Under the Apache 2 license
Index | 35
Index
bdl license file 18
img 12
MD5 12
zip 12
A
access directories 24Active Directory 26add
resources 19servers 19
Admin 17administrator 17AMS 12 14 15 16Aureum IP address 11Aureum Manager 6 12 14Aureum name 18Aureum overview 5average file size 18
B
beacon turning on or off 19BIOS 15bonding network interface 19bootable USB 12 14browser 15button color 17
C
capacity 10 19CentOS 10checksum 12client registration 22clients 22configuration 11configure email 21connect 22contact 31create
export 23share 27
create Aureum 15create storage class 20
D
dedicated capacity 20dedicated nodes 5default storage class 20directory access 24discover resources 12 14 19discovery state Aureum nodes 12 14disk space required 10DNS server 11DNS servers 18documentation 31domain-authenticated user
domain 27
domain-authentication 22domain suffix 11download images 14
E
editsecurity level 22
emailer settings 21Ethernet
interface 10switch 10
exportCIFS 23create an export 23
F
files needed 12 14firewall 12flexible capacity 20flock 29FUSE 10
G
gateway 11 18
H
hardware requirements 10how to reach Peaxy 31
I
image copier 12 14import a license 18initial configuration 18inode retention 29install
client 24Linux client 24
introduction 5iptables 16
J
javarequired version 12 14
javaw 14
K
Kerberos 22 22 23
L
legal 33levels of security 23license files 18licenses 18
Index | 36
Linux client install 24localhost 15location 18
M
maintenance agreement 18management IP 15mapping 22mount Aureum 24 27mounting 22 22
N
namespace 18Navigation menu
configuration 11security 22
netBIOS 22NIC 19NTP server 11 18
O
outgoing email 21overview
architecture 6Aureum building blocks 6components 6
P
password 17password limitations 17ports 12POSIX compliance 29primary domain 18primary domain suffix 11
R
RAM requirements 10realms 22reboot 12 14recommended configuration 10Red Hat Enterprise Linux 10replication factor 11 18 20resources
needed 10run setup 16
S
samsp 12 14 16security 22 23security levels
security 22 23select the license 18SElinux 16sestatus 16set performance levels 20settings 11setup 16share
CIFS 27
create a share 27Share 26SMTP 17 21software files 14space needed 10storage class creating default 20subnet mask 11Support hours 31
T
tar ball 24time server 18time zone 11 18
U
USB 15USB stick 10 12 14user account 17
V
virtualization 6 15
W
what youll need 11Windows
domain 26join a domain 26share 27
Windows client 10
Y
yum 24
Install Aureum | 15
If the image copier does not launch properly you might need to add javaw to your path Refer toyour Windows Operating System help for instructions
5 Browse to the software image you downloaded (the img file) and select this file then click Run6 Type a label for the USB sticks
The label is used to identify the system during the initial installation and becomes the name of theserver on which it is installed If you use the same label on different USB sticks the software willadd a numeric suffix when creating the host name for example HOST-01 HOST-02 and so onLabels cannot exceed 16 charactersYou can provide a different label for each USB stick but to do so you must copy the image file toeach stick individually
7 Insert the USB sticks into a port on your workstation or a hub connected to your workstation andthen click REFRESH to make them visible to the image copier tool Select the sticks you want fromthose displayed in the destination drives list The USB stick must be at least 2 GB
8 Leave Verify copy operation enabled Peaxy strongly recommends that you do not skip this stepDepending on the speed on the USB sticks it can take several minutes to complete theverification
9 Enable hypervisor protection if requiredEnable hypervisor protection if the underlying storage consists of non-redundant JBOD (acollection of hard disks that have not been configured to act as a RAID) This creates a softwareRAID 5 configuration for the container store used by AureumYou can disable hypervisor protection if you have a hardware RAID under the disk volumes Thisallows Aureum to use a higher-performing RAID 0 configuration instead
10Click START11After the copy is complete click EXIT and remove the USB sticks from the workstation or USB hub
The USB stick now contains a bootable image of the installation software
Install the SoftwareThe installation software on the USB stick installs the Peaxy software and lets you create Aureum
1 Insert one prepared USB stick into each server Servers must have a console attached or beaccessible via an IPMI management tool
Install Aureum | 16
2 Apply power to the servers either individually or with a few seconds in between to complete the
next steps
Note If you have already configured your server to boot from USB skip steps 3 4 and 5
3 Enter the server BIOS and instruct the server to boot from the USB stickThe method used to enter the BIOS depends on the server
4 Ensure that the virtualization setting is enabled in the BIOS5 Save the BIOS changes and reboot the server from the USB stick
After the server has booted from the USB stick and launched the installation software you will seea message at the bottom of the screen telling you that the server is being prepared for installationThis boot process has placed the servers in a discoverable state this plays a role in the nextphase of the installation process
Continue the InstallationAfter the servers have been prepared and the software has been installed begin the configuration
1 On your workstation disable the firewall
On Red Hat Enterprise LinuxCentOS 7 systems use the following commands
systemctl stop firewalld
systemctl disable firewalld
On other Linux-based operating systems use the following commands
service iptables stop
service ip6tables stop
chkconfig ip6tables off only include this command if you want to permanently turn thefirewall off
chkconfig iptables off only include this command if you want to permanently turn thefirewall off
2 On your workstation disable SElinuxYou can check the status of SElinux with sestatus The result should appear as SELinuxstatus disabledIf you do not see disabled
1 Edit etcselinuxconfig and set the SELINUX variable to disabled2 Reboot your client workstation
3 On the workstation launch the Aureum installation management tool Type
sudo tmpsamsp-400ltversiongtsamspsh
Install Aureum | 17
You should see something similar to the following
Launching Management Server Platform version 400rootOpen your browser and enter the URL httpslocalhost to continueDo not terminate samsp it is required to complete cluster configurationYou can view tmpsamsp-40010872logmsplog for detailed progress activity
Important Do not terminate samsp because it is needed to complete clusterconfiguration
4 Open a browser and type
httpslocalhost If you are running the browser on the same workstation running the stand alone MSP orhttpsltip addressgt IP address of the workstation running the standalone MSP
This launches the Peaxy Management Tool If prompted accept the self-signed Peaxy certificate
After the initial setup is complete the IP address changes in the browser address bar This isexpected and correct behavior Now the installation portion of the AMS exits and the integratedAureum manager becomes active
In the next step the Aureum manager guides you through the initial configuration process
Create an Admin AccountThe first step in configuring a new Aureum system is to supply the details for the Admin account Afterthe installation process is complete and Aureum is up and running the Admin account is used to loginto the Aureum web UI (PMT) to perform additional administration tasks such as creating other useraccounts and a client registration password
Important The Admin account has access to critical areas of Aureum Ensure that the Adminaccount is secure
1 Type an email address for the accountThe AMS verifies that the email address is formatted correctly but does not check the validity ofthe email address itself This is the email address to which emails are sent
Note When setting the outgoing mailer settings the use of a customized email addressis highly dependent on the mail server While it might be possible to use a custom emailSEND FROM address many mail servers (such as Gmail) do not allow sending email usinganything other than the registered user account name
2 Type a user name for the accountThe user name must be between 3 and 32 characters and can contain letters numbers dots ()and at signs ()
3 Type a password to be associated with the user name in the previous stepPasswords are case sensitive and should be secure Best practice shows that you should changepasswords regularly
4 Confirm the password by retyping the password exactly as you entered it aboveWhen all of the fields are complete and have the correct format the SUBMIT button turns fromgray to blue
5 Click SUBMIT
The user account information is now created and stored
Important Set up the outgoing emailer settings as soon as possible after completinginstallation of Aureum If you forget or lose your password Aureum cannot send you a newone until the outgoing email is configured
Install Aureum | 18
The next step is to import the Aureum license
Import an Aureum LicenseImporting the license for an Aureum instance activates the Peaxy software License types are assignedto the Admin account that you created at the beginning of the installation
Before you create an Aureum system make sure that you have received your license from Peaxy andthat the license details are correct
Each time you create an Aureum instance you must import a license
1 Select the license to import or drag it onto the files areaThe license is a bdl file that contains all of the files needed to install the license
2 Click IMPORT3 The system installs the license and continues to the next step
Provide Aureum InformationDefining a few basic configuration items is the first step in setting up Aureum
During the first steps of the initial configuration you provide the basic information needed to createAureum its components and the namespace details
1 Enter the Network settingsa) Enter the gateway addressb) Enter the subnet maskc) Enter the primary DNS domain suffix and up to three DNS server addresses
DNS servers must be entered as IP addresses Each DNS server is on a separate line2 Enter the General settings
a) Enter a name for this Aureum instanceNames can be up to 14 characters and can contain letters numbers dashes and underscores
b) Optional Enter a location for the Aureum system for example ldquodatacenterrdquo or ldquoPhoenixofficerdquo
c) Enter the Aureum IP addressd) Optional Enter up to three NTP servers
Including an NTP server ensures that the time stamp for Aureum is always correcte) Select the time zone to use from the drop-down menu
This ensures that all nodes in Aureum use the same time zone3 Define the Namespace settings
Install Aureum | 19
a) Select the average file size that you expect Aureum to containYour expected average file size selection is used by Aureum to determine the most efficientdistribution of hyperservers Aureum uses the selection you make here to determine theestimated ratio of namespace hyperservers to data hyperservers
b) Set the default namespace replication factor from 2 to 4The namespace replication factor is the number of replicas that Aureum creates for thenamespace
4 Click CONTINUE
Add resources to Aureum You can also click CANCEL to cancel the installation
Add ResourcesResources refer to the physical servers that will make up Aureum These can be any commodity serversuch as a 1U or 2U server with any number and size of disks These resources are used to build thenamespace and data hyperservers that form the heart of a running Aureum system
Note After a resource has been added Aureum claims the complete resource Unusedportions of a resource are designated as spares and are used in case of a failure or expansion
1 The system locates all physical servers that have been booted using USB sticks and are currently indiscovery stateYou will see a list of the servers available for inclusion Use the filter to narrow your search by servername
2 Select the servers to add to Aureum
Servers scheduled for selection have a check mark to the left Select the box beside SERVER NAMEto select all servers in the list
3 Enter the required number of IP addresses or an IP range The number of IP addresses neededappears above the IP ADDRESSES entry box
The system determines the number of IP addresses needed to ensure that all Aureum componentscan communicate receiving requests and returning responses Addresses can be individual IPaddresses (xxxxxxxxxxxx) an IP address range (xxxxxxxxx - xxx) or an IP address with a wildcard(xxxxxxxxx) Separate the IP addresses with a space comma or newline
Install Aureum | 20
Aureum only supports IPv4 (the dotted quad format) For example
192168100419216810015-2019216873
4 Define the roles of the serversClick the ROLES column entry for a server and configure the servers to support either data accessor search (SolrCloud) While it is possible to configure a server to support both data access andsearch this setting is not recommended for a production deployment
Note Aureum 40 supports SolrCloud clusters with one or three nodes Aureum 40 doesnot support SolrCloud clusters with either two nodes or more than three nodes
5 Define the bonding for the network port cardsYou should see the same speed for all of the network interfaces (NICs) on this server Use the list ofall NICs that are bonded with the interfaces on this server to form your decision Inactive NICs arenoted as sucha) Click the ETHERNET column entry for the server whose bonding to configure
If the column text is red some interfaces are not bonded to the server If the text is blue allavailable interfaces are bonded
b) Place a check mark next to all of the interfaces to bond to this server Remove the check markfor those interfaces you do not want included in the bond
6 Optional Toggle the server beacon on or offBeacon signals guide you to the server in question This is often used when troubleshooting tolocate a specific server in a large group of servers
7 Click CONTINUEWait for the installation wizard to verify that the IP addresses you entered are valid and can beused The system assigns the IP addresses and sets the state to Pending
8 Click START INSTALLATIONThe button changes from START INSTALLATION to INSTALLATION IN PROGRESS The systemassigns the resources to Aureum and determines the necessary number of dedicated nodesneeded for the configuration The progress is displayed but you can also use the Log link to followindividual progress If some of the servers are not yet ready wait a few moments and retry
The installation process will take some time typically 10 to 20 minutes When complete the IPaddress in the browser will switch from the local IP of your workstation to the Aureum IP addressthat was entered earlier This signals the transition from the AMS you launched earlier (samsp) to theintegrated PMT that is now running on Aureum
The next step is to create a default storage class
Create a Default Storage ClassA storage class groups and manages data hyperservers with similar replication factors capabilitiesand performance configuration
You must configure at least one storage class to use as the default during the initial Aureumconfiguration You can create more storage classes at any time as long as you have the resourcesnecessary
1 You are presented with the create Initial Storage Class option2 Enter the required information to create the storage class
a) Type a name for the storage classClass names can be up to 14 text characters
b) Define the performance levelPerformance levels based on throughput and seek time Select the paired setting that is best foryour expected usage For the widest option select ldquoAnyrdquo
c) Set the replication factor
Install Aureum | 21
Remember all hyperservers assigned to this storage class will use these settings
Note You must include at least the same number of resources to create the specifiedreplication factor For example you cannot have a replication factor of three in anAureum system with only two servers
Because each replication requires some amount of storage the replication factor selectedaffects the amount of total storage available
Tip The Aureum data space is partitioned through all the data-capable hyperserversEach hyperserver can be configured to offer a specified replication factor This lets youstore vital data with high redundancy while more transient data can skip replication inorder to optimize storage and performance costs
d) Optional Enable flexible space allocationEnabling flexible storage space allows the members of the storage class to consume thecapacity needed When more storage space is needed more is allocated automaticallyregardless of the initial allocation Peaxy recommends this option for general use Some casesmight have different needs
e) Optional To make this the default storage class select YESAll data that does not meet the conditions in a specific data policy will be stored on the defaultstorage class (See data policies in the Aureum Administrator Guide)
3 Click CREATE STORAGE CLASS4 To complete the initial installation and configuration click FINALIZE AUREUM then click YES to
confirm the configuration is correct
Important After you click FINALIZE you must wait for the health indicator on the Aureumcard or list turn green before using Aureum
The Aureum installation is complete and the PMT shows the main Aureum window To configureadditional Aureum storage classes and data policies and to understand how to monitor Aureum seethe Aureum Administrator Guide
Define Outgoing Mail SettingsIn order for Aureum to send email notifications and provide lost password recovery you must tellAureum how to send email alerts
Important Configure outgoing email settings as soon as reasonably possible If you lose orforget your password Aureum cannot send reset instructions until you configure the emailsettings
1 Select EMAILER CONFIG from the SETUP WIZARD pane or from the Navigation menu select EMAILER
2 Type the email (SMTP) server to use when sending the emailThe email server must be accessible from Aureum
Install Aureum | 22
3 By default the system uses port 587 This is usually the right setting Only change the EMAILSERVER PORT if your organizations SMTP server requires it
4 Enter a valid user account and password that Aureum will use to send email from this server5 Optional SEND FROM is required only if your email server requires Transport Layer Security (TLS)
If this is the case type the SEND FROM email addressGenerally the recommended SEND FROM address is a working system administrator account
6 Click SAVE
Create a Client Registration UserThe Aureum client registration user and password allow client authentication at mount time
This allows you to create a custom account for authenticating client mounts
1 Click REGISTRATION2 Type a name for the user This will be the username that is authorized to type in the registration
password when an Aureum client is installed3 Type the client registration password This password is used to register the Aureum client for
authentication at mount time4 Click SAVE
Configure SecurityDefine define the level of security for client communication
1 Click SECURITY LEVEL2 Slide the controller to the level of security your data will use
3 Click ACCEPT
ConnectAn Aureum client mounts Aureum and allows access to folders and files Peaxy provides clientsoftware for Linux users and allows Windows users to access Aureum through a Windows share
The Linux-based client uses a FUSE component to remotely access Aureum services Almost all Linuxinstallations include FUSE so you should not need to do anything extra
The Aureum client has a small footprint A very limited set of memory and CPU cycles are needed toperform the client functions Also the Aureum client can be used concurrently with other clients forNFS and other network file systems
When you install the client the client drivers are added to the default system directories To accessthese directories use the mount command (more commonly known as mapping a drive in Windows)to mount the client to the directory
Install Aureum | 23
Mounting a client to an Aureum directory loads all the data structures necessary for the client tointeract with Aureum As the structures change Aureum updates them In order for a client to accessAureum all that is necessary is that the client know the IP address or URL to which the client willconnect and the client-Aureum registration password
Also available is the ability to join a Windows domain and create domain-authenticated users who canaccess different areas of Aureum
Linux Client-Aureum RegistrationThe minimum security level for Aureum is the authenticated mount To ensure that unauthorized usersdont gain access to data Peaxy provides an authenticated mount between Aureum Linux clients andAureum using certificates and registration
Note The process described in this section applies to Linux clients Windows domains userswith credentials from an Active Directory access Aureum through a Windows share
Security is always an important part of any system that provides data access especially when theaccess spans many users and locations Peaxy provides a registration process where the clientand server exchange certificates which are used to authenticate subsequent connections Theregistration provides a mutual authentication method between the client and Aureum allowing theclient access Only authenticated clients are allowed to mount Aureum Other clients cannot use thesame authentication as part of the certificate registration Aureum generates a client key pair that isunique to each client-Aureum connection
How It WorksThe AMS requires a dynamic registration at the initial mount time As part of the registration Aureumgenerates a key pair unique to each client This key pair is persistent so you do not need to re-register the client each time you mount Aureum
This initial registration is required the first time the client mounts Aureum and requires a specialregistration password that is unique to Aureum This password is entered by the Aureum administratorat the workstation on which the client is installed Subsequent client mounts use the client certificateissued during registration
Security LevelsAureum offers varying levels of security
The security level is visible on the Aureum card or list and is indicated in the SECURITY section by thenumber of total locks that are green Gray locks indicate how many additional security levels you canselect For example if there are four total locks and three are green your current security level is 3Message Integrity
bull Data Confidentiality all data in and out of Aureum is verified and encryptedbull Message Integrity message authentication codes verify message integritybull Kerberos Authentication use the Kerberos authentication protocol as the mechanism for
authentication between a client and a server or between one server and another serverbull Authenticated Mount use X509 certificates to mutually authenticate and validate all Aureum
clients and hyperservers in Aureum
Create an ExportCreate an export to allow Linux clients to mount and access Aureum
1 From the Navigation menu select SECURITY gt EXPORTS2 Type the export name3 In the EXPORT CONTENT IN field choose the data class to export
The IN DIRECTORY field automatically populates with the path specified by the chosen data classYou can extend this path but you cannot shorten it For example if the data class specifies the
Install Aureum | 24
engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the export5 Click CREATE6 To edit or delete an export click the corresponding entry in the list
bull To edit the export make the changes needed in the edit panel and click SAVE CHANGESbull To delete an export click the corresponding trash can icon ( ) and confirm the deletion
Install a Linux-based Aureum ClientYou install the Aureum client on physical hardware or on a workstation in the cloud Use the client tomount and access Aureum directories
Before installing the client make sure that your system meets the minimum requirements describedin the Requirements section of this document
Note Aureum uses FUSE in Direct IO mode for better performance The version of FUSErunning on older versions of CentOS Red Hat Enterprise Linux doesnt support mmap whenFUSE is being used this way This might cause some mmap functions such as ACCESS_WRITEMAP_SHARED and PROT_WRITE to fail You can use the mount flag --disable-direct-io-mode to disable Direct IO mode
If you choose to use Direct IO mmap will be disabled on CentOS56 and 57 since those versionsdont support mmap with direct IO Enabling this option will result in a significant performancedegradation on clients using this option Peaxy strongly recommends that you upgrade to a newerversion of Linux
Ensure FUSE and its dependencies have been installed on each client If it has not been installedinstall FUSE according to the instructions for the package you chose On CentOS for example installthis by typing
sudo yum -y install fusex86_64 fuse-develx86_64 fuse-libsx86_64
The version numbers for your installation may differ
If you have installed a version of the fuseko module that is not the Peaxy-specific version runadditional commands at the end of the installation process This prevents kernel-oops messages fromconsuming all of the space in the varspool directory These messages indicate a benign conditiondue to a Linux FUSE problem
Run the following commands
chkconfig --levels 2345 abrt-oops off service abrt-oops stop
Note The client installation sets the following values automatically
Parameter Value set to
netipv4tcp_tw_recycle 1
netipv4tcp_fin_timeout 2
netcorewmem_max 2097152
netcorermem_max 2097152
netcorewmem_default 2097152
netcorermem_default 2097152
Install Aureum | 25
1 Download the Aureum client file from the support section of the Peaxy website at wwwpeaxynetsupport (login is required)The file is downloaded as a targz package and contains an installer It has a name similar tohfclient-fuse-400ltbuildnumbergttargz
2 Unpack the distribution file by typing the following
tar -zxvf hfclient-fuse-400ltbuildnumbergttargz
You will see something like the following
hfclient-fuse-400hfclient-fuse-400setupshhfclient-fuse-400scriptshfclient-fuse-400scriptsupdatedbshhfclient-fuse-400scriptsc_rehashshhfclient-fuse-400scriptssysctlshhfclient-fuse-400scriptsunregshhfclient-fuse-400scriptsconfshhfclient-fuse-400binhfclient-fuse-400binfusehfCentOS-5xhfclient-fuse-400binfusehfhfclient-fuse-400confhfclient-fuse-400confhfconftgz
3 While logged in as root run setupsh installThe driver files are installed in the default system directories You will see something similar to thefollowing
sudo setupsh install
Installer for Peaxy Aureum Client version 40
Checking package contentsInstalling hf client binariesremoved `optpeaxy-40sbinfusehf`binfusehf -gt `optpeaxy-40sbinfusehfInstallation complete
Mount Aureum
Mount Aureum (Linux)After the client is installed use the mount command to mount Aureum
At a command prompt type
sudo mkdir -p ltmnt_pointgtsudo mount -t fusehf hfltmgmt_ipgt ltmnt_pointgt -o user=ltclient registration usernamegt
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is thedirectory that will serve as your local mount point for example mntpeaxy
If you omit -o user=ltclient_user_namegt you would be prompted for the password associatedwith the local admin account to complete the client registration Best practice is to always create aclient registration account and use that password
The first time you mount the client to Aureum you will be prompted for a registration passwordto allow client-Aureum authentication Type the client registration password Otherwise youradministrator must do this for you
Peaxy strongly recommends that you change the password often especially after typing the passwordfor a client registration
If you or your IT administrator have associated a DNS entry with the Aureum IP address you mightwant to use the DNS name as the name for your mount point
Install Aureum | 26
To configure the Aureum client to automatically mount on startup locate the etcfstab file andadd the line
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults 0 0
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is the localmount point for example mntpeaxy
Note If you are running CentOS 7 change this line to add the _netdev flag as below
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults_netdev 0 0
You can now use the Aureum client to access Aureum
Unregister a Linux Client from AureumYou can securely unregister an installed FUSE client from the Aureum system that it mounts
Removing the registration renders the client unable to access Aureum If you use the all option youwill need to perform a new registration setup before you can mount Aureum again
Unregistering a client is done by running the unregsh script Use the following procedure tounregister the client
1 On the workstation running the client open a command prompt2 Move to optpeaxybin the location of the script3 Run the script
bull Type sudo unregsh ltAureumgt to unregister the client from a specific Aureum systemReplace ltAureumgt with the Aureum system to unregister
bull Type sudo unregsh all to unregister the client from all Aureum systems on which theclient is registered
Note Peaxy strongly recommends using the all option before you decommission aclient workstation
Windows ConfigurationDomain users with credentials from an Active Directory can access Aureum through a share
After Aureum joins a domain it sets up network shares for chosen directories (including all containedsubdirectories) To domain users these shares look the same as any other folder that is accessible viathe network
Unlike an Aureum client which mounts to the root of the volume a share allows a user to exportsubdirectories for more granular access
Where to Find ItFrom the Navigation menu select SECURITY gt DOMAINS and SECURITY gt SHARES
Join a DomainBefore you can create a share you must join a Windows domain
You can pre-create a machine account in an Active Directory under a specified OU If you choose notto do so Aureum will try to add a computer account to the default location of ldquoComputersrdquo
Important If Aureum is already joined to a domain joining another domain will replace thejoin not add to it Aureum will only be joined to the most recently joined domain
1 From the Navigation menu select SECURITY gt DOMAINS2 Type the complete Windows domain to join for example engexamplecom3 Type the username with access to the domain The user must have the necessary permissions to
join Aureum to the domain4 Type the password associated with the username or access to modify an object in the OU if the
machine account was pre-created
Install Aureum | 27
5 In the NETBIOS NAME field set the Aureum computer account name you wish to be created in theActive Directory If Aureum is using a pre-created machine account in a specific OU then the nameyou specify here must match that name exactly
6 Click JOIN
After the domain has been joined the JOIN button changes to LEAVE To leave the domain clickLEAVE
Create a ShareCreate a share to allow Windows users to connect to Aureum
Before you can create a share you must join the appropriate domain
1 From the Navigation menu select SECURITY gt SHARES2 Type the name of the share3 In the SHARE CONTENT IN field choose the appropriate data class
The IN DIRECTORY field automatically populates with the path specified by the chosen data classYou can extend this path but you cannot shorten it For example if the data class specifies the engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the share5 Click CREATE
6 To edit or delete a share click the share to be modified
bull To edit the share make the changes needed in the edit panel and click SAVE CHANGESbull To delete the share click the trash can icon ( ) and confirm the deletion
Mount an Aureum Windows ShareDomain-authenticated users can mount and access Aureum directories using a share
After Aureum has been joined to a domain and the share has been created you can easily mount tothe share
The exact mount process is based on your workstation OS
Install Aureum | 28
If you do not already know it you can determine the mount point from Aureum by navigating to theJOIN DOMAIN page and using one of the listed public IP addresses as the mount point Include theshare name when mounting
Peaxy recommends that you take the list of public IP addresses and enter them into your DNS serverlisted under the Aureum NetBIOS name within the appropriate domain In cases where multipleaddresses are used the DNS server automatically round-robins the returned address This ensure thatclient connection load is distributed across the available nodes
As a Windows example to mount a drive letter to Aureum Type
net use ltdrive_lettergt ltpublic addressgtltshare namegt
where ltdrive_lettergt is the drive letter to assign to Aureum ltpublic_addressgt is the IP address usedto join the domain and ltshare_namegt is the share
You then log into the share using your domain-authenticated username and password For exampleMYDOMAINmyname
After mapping the drive access Aureum through Windows Explorer just like you would any otherdrive
If the share does not appear in the Windows Explorer after a change such as a system reboot occursrefresh the view using the Refresh icon ( ) The share should display correctly
You do not have to assign a share to a drive letter however In Windows Explorer type the public IPaddress and share name into the address bar Provide your username and password
POSIX ComplianceAureum provides a POSIX-compliant interface
Most of the Aureum interfaces are POSIX compliant and adhere to the IEEE standard The following isa list of exceptions to compliance
bull The directory nlink count is not incremented when a subdirectory is addedbull inode retention differs from the POSIX specification because there is no way to retain the original
inode number when a rename entails a move to a different device You can display the datahyperserver extent ID instead of the namespace hyperserver Node ID to the caller in the statfamily of calls This does not change when a file or directory is renamed It does change if the file ismigrated from one data hyperserver to another
bull If two mount points are held to the same Aureum and a file is closed on one Aureum does notremove a fcntl lock for the same file on another This is a variance on the way that NFS worksThe internal locking structures take into account the client ID which varies depending on the clientmount If there are two different mounts to a server Aureum treats them as separate machineswhich NFS does not
bull The file locking call flock() is emulated using POSIX byte range locks (fcntl() ) The POSIXcompliance specification does not cover flock() This implementation mirrors the behavior ofNFS The Aureum behavior is slightly different and varies from the POSIX specification as follows
1 As in NFS you must have write permissions to get a write lock2 As in NFS you cannot place both flock() and fcntl() locks on the same file as these locks
will conflict3 An flock() will not inherit across forks4 The flock() will be durable against other file closes but fcntl() locks will not behave within
the POSIX specification5 As well as being removed by an explicit f_unlock record locks are automatically released
when the process terminates or if it closes any file descriptor referring to a file on which locksare held This means that a process can lose the locks on a file like etcpasswd or etcmtab if a library function opens reads and closes it
Information and ResourcesThe latest news and information can always be found on the Peaxy website
Peaxy provides documents that are designed for different audiences These documents furnish acomprehensive explanation of Aureum and how to use it Additionally information is available fromtooltips Each field has a tooltip that adds explanations and any limitations for the item
The most current and accurate information available was included at the time this document wasprepared However changes may occur after the document is released Always read the ReleaseNotes for the most current information
Aureum Installation GuideA step-by-step guide to installing and configuring Aureum into your network
Aureum Administrator GuideA guide to understanding the Aureum architecture Provides details for planning configuring andmonitoring your implementation
Quickstart SeriesA series of two-page guides providing an abbreviated set of instructions for Aureum tasks Theycan be taken in order or used as reminders for individual tasks
Tech NotesSome technical issues are outside the scope of the regular documentation These are presented asTechnical Notes
Contact Peaxy9 am to 5 pm Pacific Standard Time
Main +1 (408) 441-6500
Support +1 (408) 763-3700
By phone
Support toll free US only +1 (844) 277-3299
General information infopeaxynet
Sales salespeaxynet
Support supportpeaxynet
By email
Documentation feedback feedbackpeaxynet
Online wwwpeaxynetsupport (login required)
Peaxy Inc
2380 Bering Dr
By mail
San Jose CA 95131 USA
LegalPeaxyreg and Aureumtrade are registered trademarks of Peaxy Inc
All other trademarks belong to their respective companies
CopyrightsThis document is copyright copy 2016 Peaxy Inc
Aureum software includes portions of the following
bull Amazon Web Services (AWS) Java SDK httpsawsamazoncomsdk-for-java and httpawsamazoncomapache-2-0
bull Apache License Version 20 January 2004bull BEOPEN PYTHON OPEN SOURCE LICENSE AGREEMENT VERSION 1bull BSD 3bull crc32 routine COPYRIGHT copy 1986 Gary S Brownbull Element Tree used under the Python licensebull Erlang Public License (EPL) a derivative work of the Mozilla Public License Now provided under
the Apache 20 licensebull GoogleAuth httpsgithubcomwstrangeGoogleAuthbull GNU Lesser General Public License Version 3 Copyright copy 2007 Free Software Foundation Inc
and GNU Lesser General Public License Version 21 Copyright copy 1999 Free Software FoundationInc
bull Samba is Free Software licensed under the GNU General Public License httpswwwsambaorgsambadocsGPLhtml the Samba project is a member of the Software Freedom Conservancy
bull JSON-C Copyright (c) 2009-2012 Eric Haszlakiewicz and Copyright (c) 2004-2005 MetaparadigmPte Ltd
bull Kerberos Copyright copy 1985-2009 now under the MIT 2 licensebull libcurl Copyright (c) 1996 - 2015 Daniel Stenbergdanielhaxxsebull lshow used under the GPL licensebull MIT (X11) Copyright copy 2007-2015bull RIAK Creative Commons (httpcreativecommonsorg licensesby30)bull Goldrush Copyright copy 2012 Magnus Klaarbull Meld Under ZPL licensebull NSIS (Nullsoft Scriptable Install System) copy 1999-2013bull OpenSSL License Copyright (c) 1998-2016 The OpenSSL Project and Original SSLeay License
Copyright (c) 1995-1998 Eric Youngbull Protobuf Copyright 2008 Google Inc now under the BSD 3 licensebull Setup Tools (setuptools-06c11) Under ZPL licensebull Sodium crypto library (libsodium) ISC license Copyright (c) 2013-2015 Frank Denisbull Solr the Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull TCL Copyright copy Regents of the University of California Sun Microsystems Inc Scriptics
Corporation and other partiesbull The Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull The Apache Tika project Copyright copy The Apache Software Foundationbull VirtualBox Copyright copy 2007 Oracle Corp as part of the GNU GPL V2 Licensebull YAWS Copyright copy 2006 Claes Wikstrom now under the BSD licensebull Apache zookeeper Under the Apache 2 license
Index | 35
Index
bdl license file 18
img 12
MD5 12
zip 12
A
access directories 24Active Directory 26add
resources 19servers 19
Admin 17administrator 17AMS 12 14 15 16Aureum IP address 11Aureum Manager 6 12 14Aureum name 18Aureum overview 5average file size 18
B
beacon turning on or off 19BIOS 15bonding network interface 19bootable USB 12 14browser 15button color 17
C
capacity 10 19CentOS 10checksum 12client registration 22clients 22configuration 11configure email 21connect 22contact 31create
export 23share 27
create Aureum 15create storage class 20
D
dedicated capacity 20dedicated nodes 5default storage class 20directory access 24discover resources 12 14 19discovery state Aureum nodes 12 14disk space required 10DNS server 11DNS servers 18documentation 31domain-authenticated user
domain 27
domain-authentication 22domain suffix 11download images 14
E
editsecurity level 22
emailer settings 21Ethernet
interface 10switch 10
exportCIFS 23create an export 23
F
files needed 12 14firewall 12flexible capacity 20flock 29FUSE 10
G
gateway 11 18
H
hardware requirements 10how to reach Peaxy 31
I
image copier 12 14import a license 18initial configuration 18inode retention 29install
client 24Linux client 24
introduction 5iptables 16
J
javarequired version 12 14
javaw 14
K
Kerberos 22 22 23
L
legal 33levels of security 23license files 18licenses 18
Index | 36
Linux client install 24localhost 15location 18
M
maintenance agreement 18management IP 15mapping 22mount Aureum 24 27mounting 22 22
N
namespace 18Navigation menu
configuration 11security 22
netBIOS 22NIC 19NTP server 11 18
O
outgoing email 21overview
architecture 6Aureum building blocks 6components 6
P
password 17password limitations 17ports 12POSIX compliance 29primary domain 18primary domain suffix 11
R
RAM requirements 10realms 22reboot 12 14recommended configuration 10Red Hat Enterprise Linux 10replication factor 11 18 20resources
needed 10run setup 16
S
samsp 12 14 16security 22 23security levels
security 22 23select the license 18SElinux 16sestatus 16set performance levels 20settings 11setup 16share
CIFS 27
create a share 27Share 26SMTP 17 21software files 14space needed 10storage class creating default 20subnet mask 11Support hours 31
T
tar ball 24time server 18time zone 11 18
U
USB 15USB stick 10 12 14user account 17
V
virtualization 6 15
W
what youll need 11Windows
domain 26join a domain 26share 27
Windows client 10
Y
yum 24
Install Aureum | 16
2 Apply power to the servers either individually or with a few seconds in between to complete the
next steps
Note If you have already configured your server to boot from USB skip steps 3 4 and 5
3 Enter the server BIOS and instruct the server to boot from the USB stickThe method used to enter the BIOS depends on the server
4 Ensure that the virtualization setting is enabled in the BIOS5 Save the BIOS changes and reboot the server from the USB stick
After the server has booted from the USB stick and launched the installation software you will seea message at the bottom of the screen telling you that the server is being prepared for installationThis boot process has placed the servers in a discoverable state this plays a role in the nextphase of the installation process
Continue the InstallationAfter the servers have been prepared and the software has been installed begin the configuration
1 On your workstation disable the firewall
On Red Hat Enterprise LinuxCentOS 7 systems use the following commands
systemctl stop firewalld
systemctl disable firewalld
On other Linux-based operating systems use the following commands
service iptables stop
service ip6tables stop
chkconfig ip6tables off only include this command if you want to permanently turn thefirewall off
chkconfig iptables off only include this command if you want to permanently turn thefirewall off
2 On your workstation disable SElinuxYou can check the status of SElinux with sestatus The result should appear as SELinuxstatus disabledIf you do not see disabled
1 Edit etcselinuxconfig and set the SELINUX variable to disabled2 Reboot your client workstation
3 On the workstation launch the Aureum installation management tool Type
sudo tmpsamsp-400ltversiongtsamspsh
Install Aureum | 17
You should see something similar to the following
Launching Management Server Platform version 400rootOpen your browser and enter the URL httpslocalhost to continueDo not terminate samsp it is required to complete cluster configurationYou can view tmpsamsp-40010872logmsplog for detailed progress activity
Important Do not terminate samsp because it is needed to complete clusterconfiguration
4 Open a browser and type
httpslocalhost If you are running the browser on the same workstation running the stand alone MSP orhttpsltip addressgt IP address of the workstation running the standalone MSP
This launches the Peaxy Management Tool If prompted accept the self-signed Peaxy certificate
After the initial setup is complete the IP address changes in the browser address bar This isexpected and correct behavior Now the installation portion of the AMS exits and the integratedAureum manager becomes active
In the next step the Aureum manager guides you through the initial configuration process
Create an Admin AccountThe first step in configuring a new Aureum system is to supply the details for the Admin account Afterthe installation process is complete and Aureum is up and running the Admin account is used to loginto the Aureum web UI (PMT) to perform additional administration tasks such as creating other useraccounts and a client registration password
Important The Admin account has access to critical areas of Aureum Ensure that the Adminaccount is secure
1 Type an email address for the accountThe AMS verifies that the email address is formatted correctly but does not check the validity ofthe email address itself This is the email address to which emails are sent
Note When setting the outgoing mailer settings the use of a customized email addressis highly dependent on the mail server While it might be possible to use a custom emailSEND FROM address many mail servers (such as Gmail) do not allow sending email usinganything other than the registered user account name
2 Type a user name for the accountThe user name must be between 3 and 32 characters and can contain letters numbers dots ()and at signs ()
3 Type a password to be associated with the user name in the previous stepPasswords are case sensitive and should be secure Best practice shows that you should changepasswords regularly
4 Confirm the password by retyping the password exactly as you entered it aboveWhen all of the fields are complete and have the correct format the SUBMIT button turns fromgray to blue
5 Click SUBMIT
The user account information is now created and stored
Important Set up the outgoing emailer settings as soon as possible after completinginstallation of Aureum If you forget or lose your password Aureum cannot send you a newone until the outgoing email is configured
Install Aureum | 18
The next step is to import the Aureum license
Import an Aureum LicenseImporting the license for an Aureum instance activates the Peaxy software License types are assignedto the Admin account that you created at the beginning of the installation
Before you create an Aureum system make sure that you have received your license from Peaxy andthat the license details are correct
Each time you create an Aureum instance you must import a license
1 Select the license to import or drag it onto the files areaThe license is a bdl file that contains all of the files needed to install the license
2 Click IMPORT3 The system installs the license and continues to the next step
Provide Aureum InformationDefining a few basic configuration items is the first step in setting up Aureum
During the first steps of the initial configuration you provide the basic information needed to createAureum its components and the namespace details
1 Enter the Network settingsa) Enter the gateway addressb) Enter the subnet maskc) Enter the primary DNS domain suffix and up to three DNS server addresses
DNS servers must be entered as IP addresses Each DNS server is on a separate line2 Enter the General settings
a) Enter a name for this Aureum instanceNames can be up to 14 characters and can contain letters numbers dashes and underscores
b) Optional Enter a location for the Aureum system for example ldquodatacenterrdquo or ldquoPhoenixofficerdquo
c) Enter the Aureum IP addressd) Optional Enter up to three NTP servers
Including an NTP server ensures that the time stamp for Aureum is always correcte) Select the time zone to use from the drop-down menu
This ensures that all nodes in Aureum use the same time zone3 Define the Namespace settings
Install Aureum | 19
a) Select the average file size that you expect Aureum to containYour expected average file size selection is used by Aureum to determine the most efficientdistribution of hyperservers Aureum uses the selection you make here to determine theestimated ratio of namespace hyperservers to data hyperservers
b) Set the default namespace replication factor from 2 to 4The namespace replication factor is the number of replicas that Aureum creates for thenamespace
4 Click CONTINUE
Add resources to Aureum You can also click CANCEL to cancel the installation
Add ResourcesResources refer to the physical servers that will make up Aureum These can be any commodity serversuch as a 1U or 2U server with any number and size of disks These resources are used to build thenamespace and data hyperservers that form the heart of a running Aureum system
Note After a resource has been added Aureum claims the complete resource Unusedportions of a resource are designated as spares and are used in case of a failure or expansion
1 The system locates all physical servers that have been booted using USB sticks and are currently indiscovery stateYou will see a list of the servers available for inclusion Use the filter to narrow your search by servername
2 Select the servers to add to Aureum
Servers scheduled for selection have a check mark to the left Select the box beside SERVER NAMEto select all servers in the list
3 Enter the required number of IP addresses or an IP range The number of IP addresses neededappears above the IP ADDRESSES entry box
The system determines the number of IP addresses needed to ensure that all Aureum componentscan communicate receiving requests and returning responses Addresses can be individual IPaddresses (xxxxxxxxxxxx) an IP address range (xxxxxxxxx - xxx) or an IP address with a wildcard(xxxxxxxxx) Separate the IP addresses with a space comma or newline
Install Aureum | 20
Aureum only supports IPv4 (the dotted quad format) For example
192168100419216810015-2019216873
4 Define the roles of the serversClick the ROLES column entry for a server and configure the servers to support either data accessor search (SolrCloud) While it is possible to configure a server to support both data access andsearch this setting is not recommended for a production deployment
Note Aureum 40 supports SolrCloud clusters with one or three nodes Aureum 40 doesnot support SolrCloud clusters with either two nodes or more than three nodes
5 Define the bonding for the network port cardsYou should see the same speed for all of the network interfaces (NICs) on this server Use the list ofall NICs that are bonded with the interfaces on this server to form your decision Inactive NICs arenoted as sucha) Click the ETHERNET column entry for the server whose bonding to configure
If the column text is red some interfaces are not bonded to the server If the text is blue allavailable interfaces are bonded
b) Place a check mark next to all of the interfaces to bond to this server Remove the check markfor those interfaces you do not want included in the bond
6 Optional Toggle the server beacon on or offBeacon signals guide you to the server in question This is often used when troubleshooting tolocate a specific server in a large group of servers
7 Click CONTINUEWait for the installation wizard to verify that the IP addresses you entered are valid and can beused The system assigns the IP addresses and sets the state to Pending
8 Click START INSTALLATIONThe button changes from START INSTALLATION to INSTALLATION IN PROGRESS The systemassigns the resources to Aureum and determines the necessary number of dedicated nodesneeded for the configuration The progress is displayed but you can also use the Log link to followindividual progress If some of the servers are not yet ready wait a few moments and retry
The installation process will take some time typically 10 to 20 minutes When complete the IPaddress in the browser will switch from the local IP of your workstation to the Aureum IP addressthat was entered earlier This signals the transition from the AMS you launched earlier (samsp) to theintegrated PMT that is now running on Aureum
The next step is to create a default storage class
Create a Default Storage ClassA storage class groups and manages data hyperservers with similar replication factors capabilitiesand performance configuration
You must configure at least one storage class to use as the default during the initial Aureumconfiguration You can create more storage classes at any time as long as you have the resourcesnecessary
1 You are presented with the create Initial Storage Class option2 Enter the required information to create the storage class
a) Type a name for the storage classClass names can be up to 14 text characters
b) Define the performance levelPerformance levels based on throughput and seek time Select the paired setting that is best foryour expected usage For the widest option select ldquoAnyrdquo
c) Set the replication factor
Install Aureum | 21
Remember all hyperservers assigned to this storage class will use these settings
Note You must include at least the same number of resources to create the specifiedreplication factor For example you cannot have a replication factor of three in anAureum system with only two servers
Because each replication requires some amount of storage the replication factor selectedaffects the amount of total storage available
Tip The Aureum data space is partitioned through all the data-capable hyperserversEach hyperserver can be configured to offer a specified replication factor This lets youstore vital data with high redundancy while more transient data can skip replication inorder to optimize storage and performance costs
d) Optional Enable flexible space allocationEnabling flexible storage space allows the members of the storage class to consume thecapacity needed When more storage space is needed more is allocated automaticallyregardless of the initial allocation Peaxy recommends this option for general use Some casesmight have different needs
e) Optional To make this the default storage class select YESAll data that does not meet the conditions in a specific data policy will be stored on the defaultstorage class (See data policies in the Aureum Administrator Guide)
3 Click CREATE STORAGE CLASS4 To complete the initial installation and configuration click FINALIZE AUREUM then click YES to
confirm the configuration is correct
Important After you click FINALIZE you must wait for the health indicator on the Aureumcard or list turn green before using Aureum
The Aureum installation is complete and the PMT shows the main Aureum window To configureadditional Aureum storage classes and data policies and to understand how to monitor Aureum seethe Aureum Administrator Guide
Define Outgoing Mail SettingsIn order for Aureum to send email notifications and provide lost password recovery you must tellAureum how to send email alerts
Important Configure outgoing email settings as soon as reasonably possible If you lose orforget your password Aureum cannot send reset instructions until you configure the emailsettings
1 Select EMAILER CONFIG from the SETUP WIZARD pane or from the Navigation menu select EMAILER
2 Type the email (SMTP) server to use when sending the emailThe email server must be accessible from Aureum
Install Aureum | 22
3 By default the system uses port 587 This is usually the right setting Only change the EMAILSERVER PORT if your organizations SMTP server requires it
4 Enter a valid user account and password that Aureum will use to send email from this server5 Optional SEND FROM is required only if your email server requires Transport Layer Security (TLS)
If this is the case type the SEND FROM email addressGenerally the recommended SEND FROM address is a working system administrator account
6 Click SAVE
Create a Client Registration UserThe Aureum client registration user and password allow client authentication at mount time
This allows you to create a custom account for authenticating client mounts
1 Click REGISTRATION2 Type a name for the user This will be the username that is authorized to type in the registration
password when an Aureum client is installed3 Type the client registration password This password is used to register the Aureum client for
authentication at mount time4 Click SAVE
Configure SecurityDefine define the level of security for client communication
1 Click SECURITY LEVEL2 Slide the controller to the level of security your data will use
3 Click ACCEPT
ConnectAn Aureum client mounts Aureum and allows access to folders and files Peaxy provides clientsoftware for Linux users and allows Windows users to access Aureum through a Windows share
The Linux-based client uses a FUSE component to remotely access Aureum services Almost all Linuxinstallations include FUSE so you should not need to do anything extra
The Aureum client has a small footprint A very limited set of memory and CPU cycles are needed toperform the client functions Also the Aureum client can be used concurrently with other clients forNFS and other network file systems
When you install the client the client drivers are added to the default system directories To accessthese directories use the mount command (more commonly known as mapping a drive in Windows)to mount the client to the directory
Install Aureum | 23
Mounting a client to an Aureum directory loads all the data structures necessary for the client tointeract with Aureum As the structures change Aureum updates them In order for a client to accessAureum all that is necessary is that the client know the IP address or URL to which the client willconnect and the client-Aureum registration password
Also available is the ability to join a Windows domain and create domain-authenticated users who canaccess different areas of Aureum
Linux Client-Aureum RegistrationThe minimum security level for Aureum is the authenticated mount To ensure that unauthorized usersdont gain access to data Peaxy provides an authenticated mount between Aureum Linux clients andAureum using certificates and registration
Note The process described in this section applies to Linux clients Windows domains userswith credentials from an Active Directory access Aureum through a Windows share
Security is always an important part of any system that provides data access especially when theaccess spans many users and locations Peaxy provides a registration process where the clientand server exchange certificates which are used to authenticate subsequent connections Theregistration provides a mutual authentication method between the client and Aureum allowing theclient access Only authenticated clients are allowed to mount Aureum Other clients cannot use thesame authentication as part of the certificate registration Aureum generates a client key pair that isunique to each client-Aureum connection
How It WorksThe AMS requires a dynamic registration at the initial mount time As part of the registration Aureumgenerates a key pair unique to each client This key pair is persistent so you do not need to re-register the client each time you mount Aureum
This initial registration is required the first time the client mounts Aureum and requires a specialregistration password that is unique to Aureum This password is entered by the Aureum administratorat the workstation on which the client is installed Subsequent client mounts use the client certificateissued during registration
Security LevelsAureum offers varying levels of security
The security level is visible on the Aureum card or list and is indicated in the SECURITY section by thenumber of total locks that are green Gray locks indicate how many additional security levels you canselect For example if there are four total locks and three are green your current security level is 3Message Integrity
bull Data Confidentiality all data in and out of Aureum is verified and encryptedbull Message Integrity message authentication codes verify message integritybull Kerberos Authentication use the Kerberos authentication protocol as the mechanism for
authentication between a client and a server or between one server and another serverbull Authenticated Mount use X509 certificates to mutually authenticate and validate all Aureum
clients and hyperservers in Aureum
Create an ExportCreate an export to allow Linux clients to mount and access Aureum
1 From the Navigation menu select SECURITY gt EXPORTS2 Type the export name3 In the EXPORT CONTENT IN field choose the data class to export
The IN DIRECTORY field automatically populates with the path specified by the chosen data classYou can extend this path but you cannot shorten it For example if the data class specifies the
Install Aureum | 24
engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the export5 Click CREATE6 To edit or delete an export click the corresponding entry in the list
bull To edit the export make the changes needed in the edit panel and click SAVE CHANGESbull To delete an export click the corresponding trash can icon ( ) and confirm the deletion
Install a Linux-based Aureum ClientYou install the Aureum client on physical hardware or on a workstation in the cloud Use the client tomount and access Aureum directories
Before installing the client make sure that your system meets the minimum requirements describedin the Requirements section of this document
Note Aureum uses FUSE in Direct IO mode for better performance The version of FUSErunning on older versions of CentOS Red Hat Enterprise Linux doesnt support mmap whenFUSE is being used this way This might cause some mmap functions such as ACCESS_WRITEMAP_SHARED and PROT_WRITE to fail You can use the mount flag --disable-direct-io-mode to disable Direct IO mode
If you choose to use Direct IO mmap will be disabled on CentOS56 and 57 since those versionsdont support mmap with direct IO Enabling this option will result in a significant performancedegradation on clients using this option Peaxy strongly recommends that you upgrade to a newerversion of Linux
Ensure FUSE and its dependencies have been installed on each client If it has not been installedinstall FUSE according to the instructions for the package you chose On CentOS for example installthis by typing
sudo yum -y install fusex86_64 fuse-develx86_64 fuse-libsx86_64
The version numbers for your installation may differ
If you have installed a version of the fuseko module that is not the Peaxy-specific version runadditional commands at the end of the installation process This prevents kernel-oops messages fromconsuming all of the space in the varspool directory These messages indicate a benign conditiondue to a Linux FUSE problem
Run the following commands
chkconfig --levels 2345 abrt-oops off service abrt-oops stop
Note The client installation sets the following values automatically
Parameter Value set to
netipv4tcp_tw_recycle 1
netipv4tcp_fin_timeout 2
netcorewmem_max 2097152
netcorermem_max 2097152
netcorewmem_default 2097152
netcorermem_default 2097152
Install Aureum | 25
1 Download the Aureum client file from the support section of the Peaxy website at wwwpeaxynetsupport (login is required)The file is downloaded as a targz package and contains an installer It has a name similar tohfclient-fuse-400ltbuildnumbergttargz
2 Unpack the distribution file by typing the following
tar -zxvf hfclient-fuse-400ltbuildnumbergttargz
You will see something like the following
hfclient-fuse-400hfclient-fuse-400setupshhfclient-fuse-400scriptshfclient-fuse-400scriptsupdatedbshhfclient-fuse-400scriptsc_rehashshhfclient-fuse-400scriptssysctlshhfclient-fuse-400scriptsunregshhfclient-fuse-400scriptsconfshhfclient-fuse-400binhfclient-fuse-400binfusehfCentOS-5xhfclient-fuse-400binfusehfhfclient-fuse-400confhfclient-fuse-400confhfconftgz
3 While logged in as root run setupsh installThe driver files are installed in the default system directories You will see something similar to thefollowing
sudo setupsh install
Installer for Peaxy Aureum Client version 40
Checking package contentsInstalling hf client binariesremoved `optpeaxy-40sbinfusehf`binfusehf -gt `optpeaxy-40sbinfusehfInstallation complete
Mount Aureum
Mount Aureum (Linux)After the client is installed use the mount command to mount Aureum
At a command prompt type
sudo mkdir -p ltmnt_pointgtsudo mount -t fusehf hfltmgmt_ipgt ltmnt_pointgt -o user=ltclient registration usernamegt
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is thedirectory that will serve as your local mount point for example mntpeaxy
If you omit -o user=ltclient_user_namegt you would be prompted for the password associatedwith the local admin account to complete the client registration Best practice is to always create aclient registration account and use that password
The first time you mount the client to Aureum you will be prompted for a registration passwordto allow client-Aureum authentication Type the client registration password Otherwise youradministrator must do this for you
Peaxy strongly recommends that you change the password often especially after typing the passwordfor a client registration
If you or your IT administrator have associated a DNS entry with the Aureum IP address you mightwant to use the DNS name as the name for your mount point
Install Aureum | 26
To configure the Aureum client to automatically mount on startup locate the etcfstab file andadd the line
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults 0 0
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is the localmount point for example mntpeaxy
Note If you are running CentOS 7 change this line to add the _netdev flag as below
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults_netdev 0 0
You can now use the Aureum client to access Aureum
Unregister a Linux Client from AureumYou can securely unregister an installed FUSE client from the Aureum system that it mounts
Removing the registration renders the client unable to access Aureum If you use the all option youwill need to perform a new registration setup before you can mount Aureum again
Unregistering a client is done by running the unregsh script Use the following procedure tounregister the client
1 On the workstation running the client open a command prompt2 Move to optpeaxybin the location of the script3 Run the script
bull Type sudo unregsh ltAureumgt to unregister the client from a specific Aureum systemReplace ltAureumgt with the Aureum system to unregister
bull Type sudo unregsh all to unregister the client from all Aureum systems on which theclient is registered
Note Peaxy strongly recommends using the all option before you decommission aclient workstation
Windows ConfigurationDomain users with credentials from an Active Directory can access Aureum through a share
After Aureum joins a domain it sets up network shares for chosen directories (including all containedsubdirectories) To domain users these shares look the same as any other folder that is accessible viathe network
Unlike an Aureum client which mounts to the root of the volume a share allows a user to exportsubdirectories for more granular access
Where to Find ItFrom the Navigation menu select SECURITY gt DOMAINS and SECURITY gt SHARES
Join a DomainBefore you can create a share you must join a Windows domain
You can pre-create a machine account in an Active Directory under a specified OU If you choose notto do so Aureum will try to add a computer account to the default location of ldquoComputersrdquo
Important If Aureum is already joined to a domain joining another domain will replace thejoin not add to it Aureum will only be joined to the most recently joined domain
1 From the Navigation menu select SECURITY gt DOMAINS2 Type the complete Windows domain to join for example engexamplecom3 Type the username with access to the domain The user must have the necessary permissions to
join Aureum to the domain4 Type the password associated with the username or access to modify an object in the OU if the
machine account was pre-created
Install Aureum | 27
5 In the NETBIOS NAME field set the Aureum computer account name you wish to be created in theActive Directory If Aureum is using a pre-created machine account in a specific OU then the nameyou specify here must match that name exactly
6 Click JOIN
After the domain has been joined the JOIN button changes to LEAVE To leave the domain clickLEAVE
Create a ShareCreate a share to allow Windows users to connect to Aureum
Before you can create a share you must join the appropriate domain
1 From the Navigation menu select SECURITY gt SHARES2 Type the name of the share3 In the SHARE CONTENT IN field choose the appropriate data class
The IN DIRECTORY field automatically populates with the path specified by the chosen data classYou can extend this path but you cannot shorten it For example if the data class specifies the engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the share5 Click CREATE
6 To edit or delete a share click the share to be modified
bull To edit the share make the changes needed in the edit panel and click SAVE CHANGESbull To delete the share click the trash can icon ( ) and confirm the deletion
Mount an Aureum Windows ShareDomain-authenticated users can mount and access Aureum directories using a share
After Aureum has been joined to a domain and the share has been created you can easily mount tothe share
The exact mount process is based on your workstation OS
Install Aureum | 28
If you do not already know it you can determine the mount point from Aureum by navigating to theJOIN DOMAIN page and using one of the listed public IP addresses as the mount point Include theshare name when mounting
Peaxy recommends that you take the list of public IP addresses and enter them into your DNS serverlisted under the Aureum NetBIOS name within the appropriate domain In cases where multipleaddresses are used the DNS server automatically round-robins the returned address This ensure thatclient connection load is distributed across the available nodes
As a Windows example to mount a drive letter to Aureum Type
net use ltdrive_lettergt ltpublic addressgtltshare namegt
where ltdrive_lettergt is the drive letter to assign to Aureum ltpublic_addressgt is the IP address usedto join the domain and ltshare_namegt is the share
You then log into the share using your domain-authenticated username and password For exampleMYDOMAINmyname
After mapping the drive access Aureum through Windows Explorer just like you would any otherdrive
If the share does not appear in the Windows Explorer after a change such as a system reboot occursrefresh the view using the Refresh icon ( ) The share should display correctly
You do not have to assign a share to a drive letter however In Windows Explorer type the public IPaddress and share name into the address bar Provide your username and password
POSIX ComplianceAureum provides a POSIX-compliant interface
Most of the Aureum interfaces are POSIX compliant and adhere to the IEEE standard The following isa list of exceptions to compliance
bull The directory nlink count is not incremented when a subdirectory is addedbull inode retention differs from the POSIX specification because there is no way to retain the original
inode number when a rename entails a move to a different device You can display the datahyperserver extent ID instead of the namespace hyperserver Node ID to the caller in the statfamily of calls This does not change when a file or directory is renamed It does change if the file ismigrated from one data hyperserver to another
bull If two mount points are held to the same Aureum and a file is closed on one Aureum does notremove a fcntl lock for the same file on another This is a variance on the way that NFS worksThe internal locking structures take into account the client ID which varies depending on the clientmount If there are two different mounts to a server Aureum treats them as separate machineswhich NFS does not
bull The file locking call flock() is emulated using POSIX byte range locks (fcntl() ) The POSIXcompliance specification does not cover flock() This implementation mirrors the behavior ofNFS The Aureum behavior is slightly different and varies from the POSIX specification as follows
1 As in NFS you must have write permissions to get a write lock2 As in NFS you cannot place both flock() and fcntl() locks on the same file as these locks
will conflict3 An flock() will not inherit across forks4 The flock() will be durable against other file closes but fcntl() locks will not behave within
the POSIX specification5 As well as being removed by an explicit f_unlock record locks are automatically released
when the process terminates or if it closes any file descriptor referring to a file on which locksare held This means that a process can lose the locks on a file like etcpasswd or etcmtab if a library function opens reads and closes it
Information and ResourcesThe latest news and information can always be found on the Peaxy website
Peaxy provides documents that are designed for different audiences These documents furnish acomprehensive explanation of Aureum and how to use it Additionally information is available fromtooltips Each field has a tooltip that adds explanations and any limitations for the item
The most current and accurate information available was included at the time this document wasprepared However changes may occur after the document is released Always read the ReleaseNotes for the most current information
Aureum Installation GuideA step-by-step guide to installing and configuring Aureum into your network
Aureum Administrator GuideA guide to understanding the Aureum architecture Provides details for planning configuring andmonitoring your implementation
Quickstart SeriesA series of two-page guides providing an abbreviated set of instructions for Aureum tasks Theycan be taken in order or used as reminders for individual tasks
Tech NotesSome technical issues are outside the scope of the regular documentation These are presented asTechnical Notes
Contact Peaxy9 am to 5 pm Pacific Standard Time
Main +1 (408) 441-6500
Support +1 (408) 763-3700
By phone
Support toll free US only +1 (844) 277-3299
General information infopeaxynet
Sales salespeaxynet
Support supportpeaxynet
By email
Documentation feedback feedbackpeaxynet
Online wwwpeaxynetsupport (login required)
Peaxy Inc
2380 Bering Dr
By mail
San Jose CA 95131 USA
LegalPeaxyreg and Aureumtrade are registered trademarks of Peaxy Inc
All other trademarks belong to their respective companies
CopyrightsThis document is copyright copy 2016 Peaxy Inc
Aureum software includes portions of the following
bull Amazon Web Services (AWS) Java SDK httpsawsamazoncomsdk-for-java and httpawsamazoncomapache-2-0
bull Apache License Version 20 January 2004bull BEOPEN PYTHON OPEN SOURCE LICENSE AGREEMENT VERSION 1bull BSD 3bull crc32 routine COPYRIGHT copy 1986 Gary S Brownbull Element Tree used under the Python licensebull Erlang Public License (EPL) a derivative work of the Mozilla Public License Now provided under
the Apache 20 licensebull GoogleAuth httpsgithubcomwstrangeGoogleAuthbull GNU Lesser General Public License Version 3 Copyright copy 2007 Free Software Foundation Inc
and GNU Lesser General Public License Version 21 Copyright copy 1999 Free Software FoundationInc
bull Samba is Free Software licensed under the GNU General Public License httpswwwsambaorgsambadocsGPLhtml the Samba project is a member of the Software Freedom Conservancy
bull JSON-C Copyright (c) 2009-2012 Eric Haszlakiewicz and Copyright (c) 2004-2005 MetaparadigmPte Ltd
bull Kerberos Copyright copy 1985-2009 now under the MIT 2 licensebull libcurl Copyright (c) 1996 - 2015 Daniel Stenbergdanielhaxxsebull lshow used under the GPL licensebull MIT (X11) Copyright copy 2007-2015bull RIAK Creative Commons (httpcreativecommonsorg licensesby30)bull Goldrush Copyright copy 2012 Magnus Klaarbull Meld Under ZPL licensebull NSIS (Nullsoft Scriptable Install System) copy 1999-2013bull OpenSSL License Copyright (c) 1998-2016 The OpenSSL Project and Original SSLeay License
Copyright (c) 1995-1998 Eric Youngbull Protobuf Copyright 2008 Google Inc now under the BSD 3 licensebull Setup Tools (setuptools-06c11) Under ZPL licensebull Sodium crypto library (libsodium) ISC license Copyright (c) 2013-2015 Frank Denisbull Solr the Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull TCL Copyright copy Regents of the University of California Sun Microsystems Inc Scriptics
Corporation and other partiesbull The Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull The Apache Tika project Copyright copy The Apache Software Foundationbull VirtualBox Copyright copy 2007 Oracle Corp as part of the GNU GPL V2 Licensebull YAWS Copyright copy 2006 Claes Wikstrom now under the BSD licensebull Apache zookeeper Under the Apache 2 license
Index | 35
Index
bdl license file 18
img 12
MD5 12
zip 12
A
access directories 24Active Directory 26add
resources 19servers 19
Admin 17administrator 17AMS 12 14 15 16Aureum IP address 11Aureum Manager 6 12 14Aureum name 18Aureum overview 5average file size 18
B
beacon turning on or off 19BIOS 15bonding network interface 19bootable USB 12 14browser 15button color 17
C
capacity 10 19CentOS 10checksum 12client registration 22clients 22configuration 11configure email 21connect 22contact 31create
export 23share 27
create Aureum 15create storage class 20
D
dedicated capacity 20dedicated nodes 5default storage class 20directory access 24discover resources 12 14 19discovery state Aureum nodes 12 14disk space required 10DNS server 11DNS servers 18documentation 31domain-authenticated user
domain 27
domain-authentication 22domain suffix 11download images 14
E
editsecurity level 22
emailer settings 21Ethernet
interface 10switch 10
exportCIFS 23create an export 23
F
files needed 12 14firewall 12flexible capacity 20flock 29FUSE 10
G
gateway 11 18
H
hardware requirements 10how to reach Peaxy 31
I
image copier 12 14import a license 18initial configuration 18inode retention 29install
client 24Linux client 24
introduction 5iptables 16
J
javarequired version 12 14
javaw 14
K
Kerberos 22 22 23
L
legal 33levels of security 23license files 18licenses 18
Index | 36
Linux client install 24localhost 15location 18
M
maintenance agreement 18management IP 15mapping 22mount Aureum 24 27mounting 22 22
N
namespace 18Navigation menu
configuration 11security 22
netBIOS 22NIC 19NTP server 11 18
O
outgoing email 21overview
architecture 6Aureum building blocks 6components 6
P
password 17password limitations 17ports 12POSIX compliance 29primary domain 18primary domain suffix 11
R
RAM requirements 10realms 22reboot 12 14recommended configuration 10Red Hat Enterprise Linux 10replication factor 11 18 20resources
needed 10run setup 16
S
samsp 12 14 16security 22 23security levels
security 22 23select the license 18SElinux 16sestatus 16set performance levels 20settings 11setup 16share
CIFS 27
create a share 27Share 26SMTP 17 21software files 14space needed 10storage class creating default 20subnet mask 11Support hours 31
T
tar ball 24time server 18time zone 11 18
U
USB 15USB stick 10 12 14user account 17
V
virtualization 6 15
W
what youll need 11Windows
domain 26join a domain 26share 27
Windows client 10
Y
yum 24
Install Aureum | 17
You should see something similar to the following
Launching Management Server Platform version 400rootOpen your browser and enter the URL httpslocalhost to continueDo not terminate samsp it is required to complete cluster configurationYou can view tmpsamsp-40010872logmsplog for detailed progress activity
Important Do not terminate samsp because it is needed to complete clusterconfiguration
4 Open a browser and type
httpslocalhost If you are running the browser on the same workstation running the stand alone MSP orhttpsltip addressgt IP address of the workstation running the standalone MSP
This launches the Peaxy Management Tool If prompted accept the self-signed Peaxy certificate
After the initial setup is complete the IP address changes in the browser address bar This isexpected and correct behavior Now the installation portion of the AMS exits and the integratedAureum manager becomes active
In the next step the Aureum manager guides you through the initial configuration process
Create an Admin AccountThe first step in configuring a new Aureum system is to supply the details for the Admin account Afterthe installation process is complete and Aureum is up and running the Admin account is used to loginto the Aureum web UI (PMT) to perform additional administration tasks such as creating other useraccounts and a client registration password
Important The Admin account has access to critical areas of Aureum Ensure that the Adminaccount is secure
1 Type an email address for the accountThe AMS verifies that the email address is formatted correctly but does not check the validity ofthe email address itself This is the email address to which emails are sent
Note When setting the outgoing mailer settings the use of a customized email addressis highly dependent on the mail server While it might be possible to use a custom emailSEND FROM address many mail servers (such as Gmail) do not allow sending email usinganything other than the registered user account name
2 Type a user name for the accountThe user name must be between 3 and 32 characters and can contain letters numbers dots ()and at signs ()
3 Type a password to be associated with the user name in the previous stepPasswords are case sensitive and should be secure Best practice shows that you should changepasswords regularly
4 Confirm the password by retyping the password exactly as you entered it aboveWhen all of the fields are complete and have the correct format the SUBMIT button turns fromgray to blue
5 Click SUBMIT
The user account information is now created and stored
Important Set up the outgoing emailer settings as soon as possible after completinginstallation of Aureum If you forget or lose your password Aureum cannot send you a newone until the outgoing email is configured
Install Aureum | 18
The next step is to import the Aureum license
Import an Aureum LicenseImporting the license for an Aureum instance activates the Peaxy software License types are assignedto the Admin account that you created at the beginning of the installation
Before you create an Aureum system make sure that you have received your license from Peaxy andthat the license details are correct
Each time you create an Aureum instance you must import a license
1 Select the license to import or drag it onto the files areaThe license is a bdl file that contains all of the files needed to install the license
2 Click IMPORT3 The system installs the license and continues to the next step
Provide Aureum InformationDefining a few basic configuration items is the first step in setting up Aureum
During the first steps of the initial configuration you provide the basic information needed to createAureum its components and the namespace details
1 Enter the Network settingsa) Enter the gateway addressb) Enter the subnet maskc) Enter the primary DNS domain suffix and up to three DNS server addresses
DNS servers must be entered as IP addresses Each DNS server is on a separate line2 Enter the General settings
a) Enter a name for this Aureum instanceNames can be up to 14 characters and can contain letters numbers dashes and underscores
b) Optional Enter a location for the Aureum system for example ldquodatacenterrdquo or ldquoPhoenixofficerdquo
c) Enter the Aureum IP addressd) Optional Enter up to three NTP servers
Including an NTP server ensures that the time stamp for Aureum is always correcte) Select the time zone to use from the drop-down menu
This ensures that all nodes in Aureum use the same time zone3 Define the Namespace settings
Install Aureum | 19
a) Select the average file size that you expect Aureum to containYour expected average file size selection is used by Aureum to determine the most efficientdistribution of hyperservers Aureum uses the selection you make here to determine theestimated ratio of namespace hyperservers to data hyperservers
b) Set the default namespace replication factor from 2 to 4The namespace replication factor is the number of replicas that Aureum creates for thenamespace
4 Click CONTINUE
Add resources to Aureum You can also click CANCEL to cancel the installation
Add ResourcesResources refer to the physical servers that will make up Aureum These can be any commodity serversuch as a 1U or 2U server with any number and size of disks These resources are used to build thenamespace and data hyperservers that form the heart of a running Aureum system
Note After a resource has been added Aureum claims the complete resource Unusedportions of a resource are designated as spares and are used in case of a failure or expansion
1 The system locates all physical servers that have been booted using USB sticks and are currently indiscovery stateYou will see a list of the servers available for inclusion Use the filter to narrow your search by servername
2 Select the servers to add to Aureum
Servers scheduled for selection have a check mark to the left Select the box beside SERVER NAMEto select all servers in the list
3 Enter the required number of IP addresses or an IP range The number of IP addresses neededappears above the IP ADDRESSES entry box
The system determines the number of IP addresses needed to ensure that all Aureum componentscan communicate receiving requests and returning responses Addresses can be individual IPaddresses (xxxxxxxxxxxx) an IP address range (xxxxxxxxx - xxx) or an IP address with a wildcard(xxxxxxxxx) Separate the IP addresses with a space comma or newline
Install Aureum | 20
Aureum only supports IPv4 (the dotted quad format) For example
192168100419216810015-2019216873
4 Define the roles of the serversClick the ROLES column entry for a server and configure the servers to support either data accessor search (SolrCloud) While it is possible to configure a server to support both data access andsearch this setting is not recommended for a production deployment
Note Aureum 40 supports SolrCloud clusters with one or three nodes Aureum 40 doesnot support SolrCloud clusters with either two nodes or more than three nodes
5 Define the bonding for the network port cardsYou should see the same speed for all of the network interfaces (NICs) on this server Use the list ofall NICs that are bonded with the interfaces on this server to form your decision Inactive NICs arenoted as sucha) Click the ETHERNET column entry for the server whose bonding to configure
If the column text is red some interfaces are not bonded to the server If the text is blue allavailable interfaces are bonded
b) Place a check mark next to all of the interfaces to bond to this server Remove the check markfor those interfaces you do not want included in the bond
6 Optional Toggle the server beacon on or offBeacon signals guide you to the server in question This is often used when troubleshooting tolocate a specific server in a large group of servers
7 Click CONTINUEWait for the installation wizard to verify that the IP addresses you entered are valid and can beused The system assigns the IP addresses and sets the state to Pending
8 Click START INSTALLATIONThe button changes from START INSTALLATION to INSTALLATION IN PROGRESS The systemassigns the resources to Aureum and determines the necessary number of dedicated nodesneeded for the configuration The progress is displayed but you can also use the Log link to followindividual progress If some of the servers are not yet ready wait a few moments and retry
The installation process will take some time typically 10 to 20 minutes When complete the IPaddress in the browser will switch from the local IP of your workstation to the Aureum IP addressthat was entered earlier This signals the transition from the AMS you launched earlier (samsp) to theintegrated PMT that is now running on Aureum
The next step is to create a default storage class
Create a Default Storage ClassA storage class groups and manages data hyperservers with similar replication factors capabilitiesand performance configuration
You must configure at least one storage class to use as the default during the initial Aureumconfiguration You can create more storage classes at any time as long as you have the resourcesnecessary
1 You are presented with the create Initial Storage Class option2 Enter the required information to create the storage class
a) Type a name for the storage classClass names can be up to 14 text characters
b) Define the performance levelPerformance levels based on throughput and seek time Select the paired setting that is best foryour expected usage For the widest option select ldquoAnyrdquo
c) Set the replication factor
Install Aureum | 21
Remember all hyperservers assigned to this storage class will use these settings
Note You must include at least the same number of resources to create the specifiedreplication factor For example you cannot have a replication factor of three in anAureum system with only two servers
Because each replication requires some amount of storage the replication factor selectedaffects the amount of total storage available
Tip The Aureum data space is partitioned through all the data-capable hyperserversEach hyperserver can be configured to offer a specified replication factor This lets youstore vital data with high redundancy while more transient data can skip replication inorder to optimize storage and performance costs
d) Optional Enable flexible space allocationEnabling flexible storage space allows the members of the storage class to consume thecapacity needed When more storage space is needed more is allocated automaticallyregardless of the initial allocation Peaxy recommends this option for general use Some casesmight have different needs
e) Optional To make this the default storage class select YESAll data that does not meet the conditions in a specific data policy will be stored on the defaultstorage class (See data policies in the Aureum Administrator Guide)
3 Click CREATE STORAGE CLASS4 To complete the initial installation and configuration click FINALIZE AUREUM then click YES to
confirm the configuration is correct
Important After you click FINALIZE you must wait for the health indicator on the Aureumcard or list turn green before using Aureum
The Aureum installation is complete and the PMT shows the main Aureum window To configureadditional Aureum storage classes and data policies and to understand how to monitor Aureum seethe Aureum Administrator Guide
Define Outgoing Mail SettingsIn order for Aureum to send email notifications and provide lost password recovery you must tellAureum how to send email alerts
Important Configure outgoing email settings as soon as reasonably possible If you lose orforget your password Aureum cannot send reset instructions until you configure the emailsettings
1 Select EMAILER CONFIG from the SETUP WIZARD pane or from the Navigation menu select EMAILER
2 Type the email (SMTP) server to use when sending the emailThe email server must be accessible from Aureum
Install Aureum | 22
3 By default the system uses port 587 This is usually the right setting Only change the EMAILSERVER PORT if your organizations SMTP server requires it
4 Enter a valid user account and password that Aureum will use to send email from this server5 Optional SEND FROM is required only if your email server requires Transport Layer Security (TLS)
If this is the case type the SEND FROM email addressGenerally the recommended SEND FROM address is a working system administrator account
6 Click SAVE
Create a Client Registration UserThe Aureum client registration user and password allow client authentication at mount time
This allows you to create a custom account for authenticating client mounts
1 Click REGISTRATION2 Type a name for the user This will be the username that is authorized to type in the registration
password when an Aureum client is installed3 Type the client registration password This password is used to register the Aureum client for
authentication at mount time4 Click SAVE
Configure SecurityDefine define the level of security for client communication
1 Click SECURITY LEVEL2 Slide the controller to the level of security your data will use
3 Click ACCEPT
ConnectAn Aureum client mounts Aureum and allows access to folders and files Peaxy provides clientsoftware for Linux users and allows Windows users to access Aureum through a Windows share
The Linux-based client uses a FUSE component to remotely access Aureum services Almost all Linuxinstallations include FUSE so you should not need to do anything extra
The Aureum client has a small footprint A very limited set of memory and CPU cycles are needed toperform the client functions Also the Aureum client can be used concurrently with other clients forNFS and other network file systems
When you install the client the client drivers are added to the default system directories To accessthese directories use the mount command (more commonly known as mapping a drive in Windows)to mount the client to the directory
Install Aureum | 23
Mounting a client to an Aureum directory loads all the data structures necessary for the client tointeract with Aureum As the structures change Aureum updates them In order for a client to accessAureum all that is necessary is that the client know the IP address or URL to which the client willconnect and the client-Aureum registration password
Also available is the ability to join a Windows domain and create domain-authenticated users who canaccess different areas of Aureum
Linux Client-Aureum RegistrationThe minimum security level for Aureum is the authenticated mount To ensure that unauthorized usersdont gain access to data Peaxy provides an authenticated mount between Aureum Linux clients andAureum using certificates and registration
Note The process described in this section applies to Linux clients Windows domains userswith credentials from an Active Directory access Aureum through a Windows share
Security is always an important part of any system that provides data access especially when theaccess spans many users and locations Peaxy provides a registration process where the clientand server exchange certificates which are used to authenticate subsequent connections Theregistration provides a mutual authentication method between the client and Aureum allowing theclient access Only authenticated clients are allowed to mount Aureum Other clients cannot use thesame authentication as part of the certificate registration Aureum generates a client key pair that isunique to each client-Aureum connection
How It WorksThe AMS requires a dynamic registration at the initial mount time As part of the registration Aureumgenerates a key pair unique to each client This key pair is persistent so you do not need to re-register the client each time you mount Aureum
This initial registration is required the first time the client mounts Aureum and requires a specialregistration password that is unique to Aureum This password is entered by the Aureum administratorat the workstation on which the client is installed Subsequent client mounts use the client certificateissued during registration
Security LevelsAureum offers varying levels of security
The security level is visible on the Aureum card or list and is indicated in the SECURITY section by thenumber of total locks that are green Gray locks indicate how many additional security levels you canselect For example if there are four total locks and three are green your current security level is 3Message Integrity
bull Data Confidentiality all data in and out of Aureum is verified and encryptedbull Message Integrity message authentication codes verify message integritybull Kerberos Authentication use the Kerberos authentication protocol as the mechanism for
authentication between a client and a server or between one server and another serverbull Authenticated Mount use X509 certificates to mutually authenticate and validate all Aureum
clients and hyperservers in Aureum
Create an ExportCreate an export to allow Linux clients to mount and access Aureum
1 From the Navigation menu select SECURITY gt EXPORTS2 Type the export name3 In the EXPORT CONTENT IN field choose the data class to export
The IN DIRECTORY field automatically populates with the path specified by the chosen data classYou can extend this path but you cannot shorten it For example if the data class specifies the
Install Aureum | 24
engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the export5 Click CREATE6 To edit or delete an export click the corresponding entry in the list
bull To edit the export make the changes needed in the edit panel and click SAVE CHANGESbull To delete an export click the corresponding trash can icon ( ) and confirm the deletion
Install a Linux-based Aureum ClientYou install the Aureum client on physical hardware or on a workstation in the cloud Use the client tomount and access Aureum directories
Before installing the client make sure that your system meets the minimum requirements describedin the Requirements section of this document
Note Aureum uses FUSE in Direct IO mode for better performance The version of FUSErunning on older versions of CentOS Red Hat Enterprise Linux doesnt support mmap whenFUSE is being used this way This might cause some mmap functions such as ACCESS_WRITEMAP_SHARED and PROT_WRITE to fail You can use the mount flag --disable-direct-io-mode to disable Direct IO mode
If you choose to use Direct IO mmap will be disabled on CentOS56 and 57 since those versionsdont support mmap with direct IO Enabling this option will result in a significant performancedegradation on clients using this option Peaxy strongly recommends that you upgrade to a newerversion of Linux
Ensure FUSE and its dependencies have been installed on each client If it has not been installedinstall FUSE according to the instructions for the package you chose On CentOS for example installthis by typing
sudo yum -y install fusex86_64 fuse-develx86_64 fuse-libsx86_64
The version numbers for your installation may differ
If you have installed a version of the fuseko module that is not the Peaxy-specific version runadditional commands at the end of the installation process This prevents kernel-oops messages fromconsuming all of the space in the varspool directory These messages indicate a benign conditiondue to a Linux FUSE problem
Run the following commands
chkconfig --levels 2345 abrt-oops off service abrt-oops stop
Note The client installation sets the following values automatically
Parameter Value set to
netipv4tcp_tw_recycle 1
netipv4tcp_fin_timeout 2
netcorewmem_max 2097152
netcorermem_max 2097152
netcorewmem_default 2097152
netcorermem_default 2097152
Install Aureum | 25
1 Download the Aureum client file from the support section of the Peaxy website at wwwpeaxynetsupport (login is required)The file is downloaded as a targz package and contains an installer It has a name similar tohfclient-fuse-400ltbuildnumbergttargz
2 Unpack the distribution file by typing the following
tar -zxvf hfclient-fuse-400ltbuildnumbergttargz
You will see something like the following
hfclient-fuse-400hfclient-fuse-400setupshhfclient-fuse-400scriptshfclient-fuse-400scriptsupdatedbshhfclient-fuse-400scriptsc_rehashshhfclient-fuse-400scriptssysctlshhfclient-fuse-400scriptsunregshhfclient-fuse-400scriptsconfshhfclient-fuse-400binhfclient-fuse-400binfusehfCentOS-5xhfclient-fuse-400binfusehfhfclient-fuse-400confhfclient-fuse-400confhfconftgz
3 While logged in as root run setupsh installThe driver files are installed in the default system directories You will see something similar to thefollowing
sudo setupsh install
Installer for Peaxy Aureum Client version 40
Checking package contentsInstalling hf client binariesremoved `optpeaxy-40sbinfusehf`binfusehf -gt `optpeaxy-40sbinfusehfInstallation complete
Mount Aureum
Mount Aureum (Linux)After the client is installed use the mount command to mount Aureum
At a command prompt type
sudo mkdir -p ltmnt_pointgtsudo mount -t fusehf hfltmgmt_ipgt ltmnt_pointgt -o user=ltclient registration usernamegt
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is thedirectory that will serve as your local mount point for example mntpeaxy
If you omit -o user=ltclient_user_namegt you would be prompted for the password associatedwith the local admin account to complete the client registration Best practice is to always create aclient registration account and use that password
The first time you mount the client to Aureum you will be prompted for a registration passwordto allow client-Aureum authentication Type the client registration password Otherwise youradministrator must do this for you
Peaxy strongly recommends that you change the password often especially after typing the passwordfor a client registration
If you or your IT administrator have associated a DNS entry with the Aureum IP address you mightwant to use the DNS name as the name for your mount point
Install Aureum | 26
To configure the Aureum client to automatically mount on startup locate the etcfstab file andadd the line
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults 0 0
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is the localmount point for example mntpeaxy
Note If you are running CentOS 7 change this line to add the _netdev flag as below
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults_netdev 0 0
You can now use the Aureum client to access Aureum
Unregister a Linux Client from AureumYou can securely unregister an installed FUSE client from the Aureum system that it mounts
Removing the registration renders the client unable to access Aureum If you use the all option youwill need to perform a new registration setup before you can mount Aureum again
Unregistering a client is done by running the unregsh script Use the following procedure tounregister the client
1 On the workstation running the client open a command prompt2 Move to optpeaxybin the location of the script3 Run the script
bull Type sudo unregsh ltAureumgt to unregister the client from a specific Aureum systemReplace ltAureumgt with the Aureum system to unregister
bull Type sudo unregsh all to unregister the client from all Aureum systems on which theclient is registered
Note Peaxy strongly recommends using the all option before you decommission aclient workstation
Windows ConfigurationDomain users with credentials from an Active Directory can access Aureum through a share
After Aureum joins a domain it sets up network shares for chosen directories (including all containedsubdirectories) To domain users these shares look the same as any other folder that is accessible viathe network
Unlike an Aureum client which mounts to the root of the volume a share allows a user to exportsubdirectories for more granular access
Where to Find ItFrom the Navigation menu select SECURITY gt DOMAINS and SECURITY gt SHARES
Join a DomainBefore you can create a share you must join a Windows domain
You can pre-create a machine account in an Active Directory under a specified OU If you choose notto do so Aureum will try to add a computer account to the default location of ldquoComputersrdquo
Important If Aureum is already joined to a domain joining another domain will replace thejoin not add to it Aureum will only be joined to the most recently joined domain
1 From the Navigation menu select SECURITY gt DOMAINS2 Type the complete Windows domain to join for example engexamplecom3 Type the username with access to the domain The user must have the necessary permissions to
join Aureum to the domain4 Type the password associated with the username or access to modify an object in the OU if the
machine account was pre-created
Install Aureum | 27
5 In the NETBIOS NAME field set the Aureum computer account name you wish to be created in theActive Directory If Aureum is using a pre-created machine account in a specific OU then the nameyou specify here must match that name exactly
6 Click JOIN
After the domain has been joined the JOIN button changes to LEAVE To leave the domain clickLEAVE
Create a ShareCreate a share to allow Windows users to connect to Aureum
Before you can create a share you must join the appropriate domain
1 From the Navigation menu select SECURITY gt SHARES2 Type the name of the share3 In the SHARE CONTENT IN field choose the appropriate data class
The IN DIRECTORY field automatically populates with the path specified by the chosen data classYou can extend this path but you cannot shorten it For example if the data class specifies the engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the share5 Click CREATE
6 To edit or delete a share click the share to be modified
bull To edit the share make the changes needed in the edit panel and click SAVE CHANGESbull To delete the share click the trash can icon ( ) and confirm the deletion
Mount an Aureum Windows ShareDomain-authenticated users can mount and access Aureum directories using a share
After Aureum has been joined to a domain and the share has been created you can easily mount tothe share
The exact mount process is based on your workstation OS
Install Aureum | 28
If you do not already know it you can determine the mount point from Aureum by navigating to theJOIN DOMAIN page and using one of the listed public IP addresses as the mount point Include theshare name when mounting
Peaxy recommends that you take the list of public IP addresses and enter them into your DNS serverlisted under the Aureum NetBIOS name within the appropriate domain In cases where multipleaddresses are used the DNS server automatically round-robins the returned address This ensure thatclient connection load is distributed across the available nodes
As a Windows example to mount a drive letter to Aureum Type
net use ltdrive_lettergt ltpublic addressgtltshare namegt
where ltdrive_lettergt is the drive letter to assign to Aureum ltpublic_addressgt is the IP address usedto join the domain and ltshare_namegt is the share
You then log into the share using your domain-authenticated username and password For exampleMYDOMAINmyname
After mapping the drive access Aureum through Windows Explorer just like you would any otherdrive
If the share does not appear in the Windows Explorer after a change such as a system reboot occursrefresh the view using the Refresh icon ( ) The share should display correctly
You do not have to assign a share to a drive letter however In Windows Explorer type the public IPaddress and share name into the address bar Provide your username and password
POSIX ComplianceAureum provides a POSIX-compliant interface
Most of the Aureum interfaces are POSIX compliant and adhere to the IEEE standard The following isa list of exceptions to compliance
bull The directory nlink count is not incremented when a subdirectory is addedbull inode retention differs from the POSIX specification because there is no way to retain the original
inode number when a rename entails a move to a different device You can display the datahyperserver extent ID instead of the namespace hyperserver Node ID to the caller in the statfamily of calls This does not change when a file or directory is renamed It does change if the file ismigrated from one data hyperserver to another
bull If two mount points are held to the same Aureum and a file is closed on one Aureum does notremove a fcntl lock for the same file on another This is a variance on the way that NFS worksThe internal locking structures take into account the client ID which varies depending on the clientmount If there are two different mounts to a server Aureum treats them as separate machineswhich NFS does not
bull The file locking call flock() is emulated using POSIX byte range locks (fcntl() ) The POSIXcompliance specification does not cover flock() This implementation mirrors the behavior ofNFS The Aureum behavior is slightly different and varies from the POSIX specification as follows
1 As in NFS you must have write permissions to get a write lock2 As in NFS you cannot place both flock() and fcntl() locks on the same file as these locks
will conflict3 An flock() will not inherit across forks4 The flock() will be durable against other file closes but fcntl() locks will not behave within
the POSIX specification5 As well as being removed by an explicit f_unlock record locks are automatically released
when the process terminates or if it closes any file descriptor referring to a file on which locksare held This means that a process can lose the locks on a file like etcpasswd or etcmtab if a library function opens reads and closes it
Information and ResourcesThe latest news and information can always be found on the Peaxy website
Peaxy provides documents that are designed for different audiences These documents furnish acomprehensive explanation of Aureum and how to use it Additionally information is available fromtooltips Each field has a tooltip that adds explanations and any limitations for the item
The most current and accurate information available was included at the time this document wasprepared However changes may occur after the document is released Always read the ReleaseNotes for the most current information
Aureum Installation GuideA step-by-step guide to installing and configuring Aureum into your network
Aureum Administrator GuideA guide to understanding the Aureum architecture Provides details for planning configuring andmonitoring your implementation
Quickstart SeriesA series of two-page guides providing an abbreviated set of instructions for Aureum tasks Theycan be taken in order or used as reminders for individual tasks
Tech NotesSome technical issues are outside the scope of the regular documentation These are presented asTechnical Notes
Contact Peaxy9 am to 5 pm Pacific Standard Time
Main +1 (408) 441-6500
Support +1 (408) 763-3700
By phone
Support toll free US only +1 (844) 277-3299
General information infopeaxynet
Sales salespeaxynet
Support supportpeaxynet
By email
Documentation feedback feedbackpeaxynet
Online wwwpeaxynetsupport (login required)
Peaxy Inc
2380 Bering Dr
By mail
San Jose CA 95131 USA
LegalPeaxyreg and Aureumtrade are registered trademarks of Peaxy Inc
All other trademarks belong to their respective companies
CopyrightsThis document is copyright copy 2016 Peaxy Inc
Aureum software includes portions of the following
bull Amazon Web Services (AWS) Java SDK httpsawsamazoncomsdk-for-java and httpawsamazoncomapache-2-0
bull Apache License Version 20 January 2004bull BEOPEN PYTHON OPEN SOURCE LICENSE AGREEMENT VERSION 1bull BSD 3bull crc32 routine COPYRIGHT copy 1986 Gary S Brownbull Element Tree used under the Python licensebull Erlang Public License (EPL) a derivative work of the Mozilla Public License Now provided under
the Apache 20 licensebull GoogleAuth httpsgithubcomwstrangeGoogleAuthbull GNU Lesser General Public License Version 3 Copyright copy 2007 Free Software Foundation Inc
and GNU Lesser General Public License Version 21 Copyright copy 1999 Free Software FoundationInc
bull Samba is Free Software licensed under the GNU General Public License httpswwwsambaorgsambadocsGPLhtml the Samba project is a member of the Software Freedom Conservancy
bull JSON-C Copyright (c) 2009-2012 Eric Haszlakiewicz and Copyright (c) 2004-2005 MetaparadigmPte Ltd
bull Kerberos Copyright copy 1985-2009 now under the MIT 2 licensebull libcurl Copyright (c) 1996 - 2015 Daniel Stenbergdanielhaxxsebull lshow used under the GPL licensebull MIT (X11) Copyright copy 2007-2015bull RIAK Creative Commons (httpcreativecommonsorg licensesby30)bull Goldrush Copyright copy 2012 Magnus Klaarbull Meld Under ZPL licensebull NSIS (Nullsoft Scriptable Install System) copy 1999-2013bull OpenSSL License Copyright (c) 1998-2016 The OpenSSL Project and Original SSLeay License
Copyright (c) 1995-1998 Eric Youngbull Protobuf Copyright 2008 Google Inc now under the BSD 3 licensebull Setup Tools (setuptools-06c11) Under ZPL licensebull Sodium crypto library (libsodium) ISC license Copyright (c) 2013-2015 Frank Denisbull Solr the Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull TCL Copyright copy Regents of the University of California Sun Microsystems Inc Scriptics
Corporation and other partiesbull The Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull The Apache Tika project Copyright copy The Apache Software Foundationbull VirtualBox Copyright copy 2007 Oracle Corp as part of the GNU GPL V2 Licensebull YAWS Copyright copy 2006 Claes Wikstrom now under the BSD licensebull Apache zookeeper Under the Apache 2 license
Index | 35
Index
bdl license file 18
img 12
MD5 12
zip 12
A
access directories 24Active Directory 26add
resources 19servers 19
Admin 17administrator 17AMS 12 14 15 16Aureum IP address 11Aureum Manager 6 12 14Aureum name 18Aureum overview 5average file size 18
B
beacon turning on or off 19BIOS 15bonding network interface 19bootable USB 12 14browser 15button color 17
C
capacity 10 19CentOS 10checksum 12client registration 22clients 22configuration 11configure email 21connect 22contact 31create
export 23share 27
create Aureum 15create storage class 20
D
dedicated capacity 20dedicated nodes 5default storage class 20directory access 24discover resources 12 14 19discovery state Aureum nodes 12 14disk space required 10DNS server 11DNS servers 18documentation 31domain-authenticated user
domain 27
domain-authentication 22domain suffix 11download images 14
E
editsecurity level 22
emailer settings 21Ethernet
interface 10switch 10
exportCIFS 23create an export 23
F
files needed 12 14firewall 12flexible capacity 20flock 29FUSE 10
G
gateway 11 18
H
hardware requirements 10how to reach Peaxy 31
I
image copier 12 14import a license 18initial configuration 18inode retention 29install
client 24Linux client 24
introduction 5iptables 16
J
javarequired version 12 14
javaw 14
K
Kerberos 22 22 23
L
legal 33levels of security 23license files 18licenses 18
Index | 36
Linux client install 24localhost 15location 18
M
maintenance agreement 18management IP 15mapping 22mount Aureum 24 27mounting 22 22
N
namespace 18Navigation menu
configuration 11security 22
netBIOS 22NIC 19NTP server 11 18
O
outgoing email 21overview
architecture 6Aureum building blocks 6components 6
P
password 17password limitations 17ports 12POSIX compliance 29primary domain 18primary domain suffix 11
R
RAM requirements 10realms 22reboot 12 14recommended configuration 10Red Hat Enterprise Linux 10replication factor 11 18 20resources
needed 10run setup 16
S
samsp 12 14 16security 22 23security levels
security 22 23select the license 18SElinux 16sestatus 16set performance levels 20settings 11setup 16share
CIFS 27
create a share 27Share 26SMTP 17 21software files 14space needed 10storage class creating default 20subnet mask 11Support hours 31
T
tar ball 24time server 18time zone 11 18
U
USB 15USB stick 10 12 14user account 17
V
virtualization 6 15
W
what youll need 11Windows
domain 26join a domain 26share 27
Windows client 10
Y
yum 24
Install Aureum | 18
The next step is to import the Aureum license
Import an Aureum LicenseImporting the license for an Aureum instance activates the Peaxy software License types are assignedto the Admin account that you created at the beginning of the installation
Before you create an Aureum system make sure that you have received your license from Peaxy andthat the license details are correct
Each time you create an Aureum instance you must import a license
1 Select the license to import or drag it onto the files areaThe license is a bdl file that contains all of the files needed to install the license
2 Click IMPORT3 The system installs the license and continues to the next step
Provide Aureum InformationDefining a few basic configuration items is the first step in setting up Aureum
During the first steps of the initial configuration you provide the basic information needed to createAureum its components and the namespace details
1 Enter the Network settingsa) Enter the gateway addressb) Enter the subnet maskc) Enter the primary DNS domain suffix and up to three DNS server addresses
DNS servers must be entered as IP addresses Each DNS server is on a separate line2 Enter the General settings
a) Enter a name for this Aureum instanceNames can be up to 14 characters and can contain letters numbers dashes and underscores
b) Optional Enter a location for the Aureum system for example ldquodatacenterrdquo or ldquoPhoenixofficerdquo
c) Enter the Aureum IP addressd) Optional Enter up to three NTP servers
Including an NTP server ensures that the time stamp for Aureum is always correcte) Select the time zone to use from the drop-down menu
This ensures that all nodes in Aureum use the same time zone3 Define the Namespace settings
Install Aureum | 19
a) Select the average file size that you expect Aureum to containYour expected average file size selection is used by Aureum to determine the most efficientdistribution of hyperservers Aureum uses the selection you make here to determine theestimated ratio of namespace hyperservers to data hyperservers
b) Set the default namespace replication factor from 2 to 4The namespace replication factor is the number of replicas that Aureum creates for thenamespace
4 Click CONTINUE
Add resources to Aureum You can also click CANCEL to cancel the installation
Add ResourcesResources refer to the physical servers that will make up Aureum These can be any commodity serversuch as a 1U or 2U server with any number and size of disks These resources are used to build thenamespace and data hyperservers that form the heart of a running Aureum system
Note After a resource has been added Aureum claims the complete resource Unusedportions of a resource are designated as spares and are used in case of a failure or expansion
1 The system locates all physical servers that have been booted using USB sticks and are currently indiscovery stateYou will see a list of the servers available for inclusion Use the filter to narrow your search by servername
2 Select the servers to add to Aureum
Servers scheduled for selection have a check mark to the left Select the box beside SERVER NAMEto select all servers in the list
3 Enter the required number of IP addresses or an IP range The number of IP addresses neededappears above the IP ADDRESSES entry box
The system determines the number of IP addresses needed to ensure that all Aureum componentscan communicate receiving requests and returning responses Addresses can be individual IPaddresses (xxxxxxxxxxxx) an IP address range (xxxxxxxxx - xxx) or an IP address with a wildcard(xxxxxxxxx) Separate the IP addresses with a space comma or newline
Install Aureum | 20
Aureum only supports IPv4 (the dotted quad format) For example
192168100419216810015-2019216873
4 Define the roles of the serversClick the ROLES column entry for a server and configure the servers to support either data accessor search (SolrCloud) While it is possible to configure a server to support both data access andsearch this setting is not recommended for a production deployment
Note Aureum 40 supports SolrCloud clusters with one or three nodes Aureum 40 doesnot support SolrCloud clusters with either two nodes or more than three nodes
5 Define the bonding for the network port cardsYou should see the same speed for all of the network interfaces (NICs) on this server Use the list ofall NICs that are bonded with the interfaces on this server to form your decision Inactive NICs arenoted as sucha) Click the ETHERNET column entry for the server whose bonding to configure
If the column text is red some interfaces are not bonded to the server If the text is blue allavailable interfaces are bonded
b) Place a check mark next to all of the interfaces to bond to this server Remove the check markfor those interfaces you do not want included in the bond
6 Optional Toggle the server beacon on or offBeacon signals guide you to the server in question This is often used when troubleshooting tolocate a specific server in a large group of servers
7 Click CONTINUEWait for the installation wizard to verify that the IP addresses you entered are valid and can beused The system assigns the IP addresses and sets the state to Pending
8 Click START INSTALLATIONThe button changes from START INSTALLATION to INSTALLATION IN PROGRESS The systemassigns the resources to Aureum and determines the necessary number of dedicated nodesneeded for the configuration The progress is displayed but you can also use the Log link to followindividual progress If some of the servers are not yet ready wait a few moments and retry
The installation process will take some time typically 10 to 20 minutes When complete the IPaddress in the browser will switch from the local IP of your workstation to the Aureum IP addressthat was entered earlier This signals the transition from the AMS you launched earlier (samsp) to theintegrated PMT that is now running on Aureum
The next step is to create a default storage class
Create a Default Storage ClassA storage class groups and manages data hyperservers with similar replication factors capabilitiesand performance configuration
You must configure at least one storage class to use as the default during the initial Aureumconfiguration You can create more storage classes at any time as long as you have the resourcesnecessary
1 You are presented with the create Initial Storage Class option2 Enter the required information to create the storage class
a) Type a name for the storage classClass names can be up to 14 text characters
b) Define the performance levelPerformance levels based on throughput and seek time Select the paired setting that is best foryour expected usage For the widest option select ldquoAnyrdquo
c) Set the replication factor
Install Aureum | 21
Remember all hyperservers assigned to this storage class will use these settings
Note You must include at least the same number of resources to create the specifiedreplication factor For example you cannot have a replication factor of three in anAureum system with only two servers
Because each replication requires some amount of storage the replication factor selectedaffects the amount of total storage available
Tip The Aureum data space is partitioned through all the data-capable hyperserversEach hyperserver can be configured to offer a specified replication factor This lets youstore vital data with high redundancy while more transient data can skip replication inorder to optimize storage and performance costs
d) Optional Enable flexible space allocationEnabling flexible storage space allows the members of the storage class to consume thecapacity needed When more storage space is needed more is allocated automaticallyregardless of the initial allocation Peaxy recommends this option for general use Some casesmight have different needs
e) Optional To make this the default storage class select YESAll data that does not meet the conditions in a specific data policy will be stored on the defaultstorage class (See data policies in the Aureum Administrator Guide)
3 Click CREATE STORAGE CLASS4 To complete the initial installation and configuration click FINALIZE AUREUM then click YES to
confirm the configuration is correct
Important After you click FINALIZE you must wait for the health indicator on the Aureumcard or list turn green before using Aureum
The Aureum installation is complete and the PMT shows the main Aureum window To configureadditional Aureum storage classes and data policies and to understand how to monitor Aureum seethe Aureum Administrator Guide
Define Outgoing Mail SettingsIn order for Aureum to send email notifications and provide lost password recovery you must tellAureum how to send email alerts
Important Configure outgoing email settings as soon as reasonably possible If you lose orforget your password Aureum cannot send reset instructions until you configure the emailsettings
1 Select EMAILER CONFIG from the SETUP WIZARD pane or from the Navigation menu select EMAILER
2 Type the email (SMTP) server to use when sending the emailThe email server must be accessible from Aureum
Install Aureum | 22
3 By default the system uses port 587 This is usually the right setting Only change the EMAILSERVER PORT if your organizations SMTP server requires it
4 Enter a valid user account and password that Aureum will use to send email from this server5 Optional SEND FROM is required only if your email server requires Transport Layer Security (TLS)
If this is the case type the SEND FROM email addressGenerally the recommended SEND FROM address is a working system administrator account
6 Click SAVE
Create a Client Registration UserThe Aureum client registration user and password allow client authentication at mount time
This allows you to create a custom account for authenticating client mounts
1 Click REGISTRATION2 Type a name for the user This will be the username that is authorized to type in the registration
password when an Aureum client is installed3 Type the client registration password This password is used to register the Aureum client for
authentication at mount time4 Click SAVE
Configure SecurityDefine define the level of security for client communication
1 Click SECURITY LEVEL2 Slide the controller to the level of security your data will use
3 Click ACCEPT
ConnectAn Aureum client mounts Aureum and allows access to folders and files Peaxy provides clientsoftware for Linux users and allows Windows users to access Aureum through a Windows share
The Linux-based client uses a FUSE component to remotely access Aureum services Almost all Linuxinstallations include FUSE so you should not need to do anything extra
The Aureum client has a small footprint A very limited set of memory and CPU cycles are needed toperform the client functions Also the Aureum client can be used concurrently with other clients forNFS and other network file systems
When you install the client the client drivers are added to the default system directories To accessthese directories use the mount command (more commonly known as mapping a drive in Windows)to mount the client to the directory
Install Aureum | 23
Mounting a client to an Aureum directory loads all the data structures necessary for the client tointeract with Aureum As the structures change Aureum updates them In order for a client to accessAureum all that is necessary is that the client know the IP address or URL to which the client willconnect and the client-Aureum registration password
Also available is the ability to join a Windows domain and create domain-authenticated users who canaccess different areas of Aureum
Linux Client-Aureum RegistrationThe minimum security level for Aureum is the authenticated mount To ensure that unauthorized usersdont gain access to data Peaxy provides an authenticated mount between Aureum Linux clients andAureum using certificates and registration
Note The process described in this section applies to Linux clients Windows domains userswith credentials from an Active Directory access Aureum through a Windows share
Security is always an important part of any system that provides data access especially when theaccess spans many users and locations Peaxy provides a registration process where the clientand server exchange certificates which are used to authenticate subsequent connections Theregistration provides a mutual authentication method between the client and Aureum allowing theclient access Only authenticated clients are allowed to mount Aureum Other clients cannot use thesame authentication as part of the certificate registration Aureum generates a client key pair that isunique to each client-Aureum connection
How It WorksThe AMS requires a dynamic registration at the initial mount time As part of the registration Aureumgenerates a key pair unique to each client This key pair is persistent so you do not need to re-register the client each time you mount Aureum
This initial registration is required the first time the client mounts Aureum and requires a specialregistration password that is unique to Aureum This password is entered by the Aureum administratorat the workstation on which the client is installed Subsequent client mounts use the client certificateissued during registration
Security LevelsAureum offers varying levels of security
The security level is visible on the Aureum card or list and is indicated in the SECURITY section by thenumber of total locks that are green Gray locks indicate how many additional security levels you canselect For example if there are four total locks and three are green your current security level is 3Message Integrity
bull Data Confidentiality all data in and out of Aureum is verified and encryptedbull Message Integrity message authentication codes verify message integritybull Kerberos Authentication use the Kerberos authentication protocol as the mechanism for
authentication between a client and a server or between one server and another serverbull Authenticated Mount use X509 certificates to mutually authenticate and validate all Aureum
clients and hyperservers in Aureum
Create an ExportCreate an export to allow Linux clients to mount and access Aureum
1 From the Navigation menu select SECURITY gt EXPORTS2 Type the export name3 In the EXPORT CONTENT IN field choose the data class to export
The IN DIRECTORY field automatically populates with the path specified by the chosen data classYou can extend this path but you cannot shorten it For example if the data class specifies the
Install Aureum | 24
engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the export5 Click CREATE6 To edit or delete an export click the corresponding entry in the list
bull To edit the export make the changes needed in the edit panel and click SAVE CHANGESbull To delete an export click the corresponding trash can icon ( ) and confirm the deletion
Install a Linux-based Aureum ClientYou install the Aureum client on physical hardware or on a workstation in the cloud Use the client tomount and access Aureum directories
Before installing the client make sure that your system meets the minimum requirements describedin the Requirements section of this document
Note Aureum uses FUSE in Direct IO mode for better performance The version of FUSErunning on older versions of CentOS Red Hat Enterprise Linux doesnt support mmap whenFUSE is being used this way This might cause some mmap functions such as ACCESS_WRITEMAP_SHARED and PROT_WRITE to fail You can use the mount flag --disable-direct-io-mode to disable Direct IO mode
If you choose to use Direct IO mmap will be disabled on CentOS56 and 57 since those versionsdont support mmap with direct IO Enabling this option will result in a significant performancedegradation on clients using this option Peaxy strongly recommends that you upgrade to a newerversion of Linux
Ensure FUSE and its dependencies have been installed on each client If it has not been installedinstall FUSE according to the instructions for the package you chose On CentOS for example installthis by typing
sudo yum -y install fusex86_64 fuse-develx86_64 fuse-libsx86_64
The version numbers for your installation may differ
If you have installed a version of the fuseko module that is not the Peaxy-specific version runadditional commands at the end of the installation process This prevents kernel-oops messages fromconsuming all of the space in the varspool directory These messages indicate a benign conditiondue to a Linux FUSE problem
Run the following commands
chkconfig --levels 2345 abrt-oops off service abrt-oops stop
Note The client installation sets the following values automatically
Parameter Value set to
netipv4tcp_tw_recycle 1
netipv4tcp_fin_timeout 2
netcorewmem_max 2097152
netcorermem_max 2097152
netcorewmem_default 2097152
netcorermem_default 2097152
Install Aureum | 25
1 Download the Aureum client file from the support section of the Peaxy website at wwwpeaxynetsupport (login is required)The file is downloaded as a targz package and contains an installer It has a name similar tohfclient-fuse-400ltbuildnumbergttargz
2 Unpack the distribution file by typing the following
tar -zxvf hfclient-fuse-400ltbuildnumbergttargz
You will see something like the following
hfclient-fuse-400hfclient-fuse-400setupshhfclient-fuse-400scriptshfclient-fuse-400scriptsupdatedbshhfclient-fuse-400scriptsc_rehashshhfclient-fuse-400scriptssysctlshhfclient-fuse-400scriptsunregshhfclient-fuse-400scriptsconfshhfclient-fuse-400binhfclient-fuse-400binfusehfCentOS-5xhfclient-fuse-400binfusehfhfclient-fuse-400confhfclient-fuse-400confhfconftgz
3 While logged in as root run setupsh installThe driver files are installed in the default system directories You will see something similar to thefollowing
sudo setupsh install
Installer for Peaxy Aureum Client version 40
Checking package contentsInstalling hf client binariesremoved `optpeaxy-40sbinfusehf`binfusehf -gt `optpeaxy-40sbinfusehfInstallation complete
Mount Aureum
Mount Aureum (Linux)After the client is installed use the mount command to mount Aureum
At a command prompt type
sudo mkdir -p ltmnt_pointgtsudo mount -t fusehf hfltmgmt_ipgt ltmnt_pointgt -o user=ltclient registration usernamegt
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is thedirectory that will serve as your local mount point for example mntpeaxy
If you omit -o user=ltclient_user_namegt you would be prompted for the password associatedwith the local admin account to complete the client registration Best practice is to always create aclient registration account and use that password
The first time you mount the client to Aureum you will be prompted for a registration passwordto allow client-Aureum authentication Type the client registration password Otherwise youradministrator must do this for you
Peaxy strongly recommends that you change the password often especially after typing the passwordfor a client registration
If you or your IT administrator have associated a DNS entry with the Aureum IP address you mightwant to use the DNS name as the name for your mount point
Install Aureum | 26
To configure the Aureum client to automatically mount on startup locate the etcfstab file andadd the line
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults 0 0
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is the localmount point for example mntpeaxy
Note If you are running CentOS 7 change this line to add the _netdev flag as below
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults_netdev 0 0
You can now use the Aureum client to access Aureum
Unregister a Linux Client from AureumYou can securely unregister an installed FUSE client from the Aureum system that it mounts
Removing the registration renders the client unable to access Aureum If you use the all option youwill need to perform a new registration setup before you can mount Aureum again
Unregistering a client is done by running the unregsh script Use the following procedure tounregister the client
1 On the workstation running the client open a command prompt2 Move to optpeaxybin the location of the script3 Run the script
bull Type sudo unregsh ltAureumgt to unregister the client from a specific Aureum systemReplace ltAureumgt with the Aureum system to unregister
bull Type sudo unregsh all to unregister the client from all Aureum systems on which theclient is registered
Note Peaxy strongly recommends using the all option before you decommission aclient workstation
Windows ConfigurationDomain users with credentials from an Active Directory can access Aureum through a share
After Aureum joins a domain it sets up network shares for chosen directories (including all containedsubdirectories) To domain users these shares look the same as any other folder that is accessible viathe network
Unlike an Aureum client which mounts to the root of the volume a share allows a user to exportsubdirectories for more granular access
Where to Find ItFrom the Navigation menu select SECURITY gt DOMAINS and SECURITY gt SHARES
Join a DomainBefore you can create a share you must join a Windows domain
You can pre-create a machine account in an Active Directory under a specified OU If you choose notto do so Aureum will try to add a computer account to the default location of ldquoComputersrdquo
Important If Aureum is already joined to a domain joining another domain will replace thejoin not add to it Aureum will only be joined to the most recently joined domain
1 From the Navigation menu select SECURITY gt DOMAINS2 Type the complete Windows domain to join for example engexamplecom3 Type the username with access to the domain The user must have the necessary permissions to
join Aureum to the domain4 Type the password associated with the username or access to modify an object in the OU if the
machine account was pre-created
Install Aureum | 27
5 In the NETBIOS NAME field set the Aureum computer account name you wish to be created in theActive Directory If Aureum is using a pre-created machine account in a specific OU then the nameyou specify here must match that name exactly
6 Click JOIN
After the domain has been joined the JOIN button changes to LEAVE To leave the domain clickLEAVE
Create a ShareCreate a share to allow Windows users to connect to Aureum
Before you can create a share you must join the appropriate domain
1 From the Navigation menu select SECURITY gt SHARES2 Type the name of the share3 In the SHARE CONTENT IN field choose the appropriate data class
The IN DIRECTORY field automatically populates with the path specified by the chosen data classYou can extend this path but you cannot shorten it For example if the data class specifies the engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the share5 Click CREATE
6 To edit or delete a share click the share to be modified
bull To edit the share make the changes needed in the edit panel and click SAVE CHANGESbull To delete the share click the trash can icon ( ) and confirm the deletion
Mount an Aureum Windows ShareDomain-authenticated users can mount and access Aureum directories using a share
After Aureum has been joined to a domain and the share has been created you can easily mount tothe share
The exact mount process is based on your workstation OS
Install Aureum | 28
If you do not already know it you can determine the mount point from Aureum by navigating to theJOIN DOMAIN page and using one of the listed public IP addresses as the mount point Include theshare name when mounting
Peaxy recommends that you take the list of public IP addresses and enter them into your DNS serverlisted under the Aureum NetBIOS name within the appropriate domain In cases where multipleaddresses are used the DNS server automatically round-robins the returned address This ensure thatclient connection load is distributed across the available nodes
As a Windows example to mount a drive letter to Aureum Type
net use ltdrive_lettergt ltpublic addressgtltshare namegt
where ltdrive_lettergt is the drive letter to assign to Aureum ltpublic_addressgt is the IP address usedto join the domain and ltshare_namegt is the share
You then log into the share using your domain-authenticated username and password For exampleMYDOMAINmyname
After mapping the drive access Aureum through Windows Explorer just like you would any otherdrive
If the share does not appear in the Windows Explorer after a change such as a system reboot occursrefresh the view using the Refresh icon ( ) The share should display correctly
You do not have to assign a share to a drive letter however In Windows Explorer type the public IPaddress and share name into the address bar Provide your username and password
POSIX ComplianceAureum provides a POSIX-compliant interface
Most of the Aureum interfaces are POSIX compliant and adhere to the IEEE standard The following isa list of exceptions to compliance
bull The directory nlink count is not incremented when a subdirectory is addedbull inode retention differs from the POSIX specification because there is no way to retain the original
inode number when a rename entails a move to a different device You can display the datahyperserver extent ID instead of the namespace hyperserver Node ID to the caller in the statfamily of calls This does not change when a file or directory is renamed It does change if the file ismigrated from one data hyperserver to another
bull If two mount points are held to the same Aureum and a file is closed on one Aureum does notremove a fcntl lock for the same file on another This is a variance on the way that NFS worksThe internal locking structures take into account the client ID which varies depending on the clientmount If there are two different mounts to a server Aureum treats them as separate machineswhich NFS does not
bull The file locking call flock() is emulated using POSIX byte range locks (fcntl() ) The POSIXcompliance specification does not cover flock() This implementation mirrors the behavior ofNFS The Aureum behavior is slightly different and varies from the POSIX specification as follows
1 As in NFS you must have write permissions to get a write lock2 As in NFS you cannot place both flock() and fcntl() locks on the same file as these locks
will conflict3 An flock() will not inherit across forks4 The flock() will be durable against other file closes but fcntl() locks will not behave within
the POSIX specification5 As well as being removed by an explicit f_unlock record locks are automatically released
when the process terminates or if it closes any file descriptor referring to a file on which locksare held This means that a process can lose the locks on a file like etcpasswd or etcmtab if a library function opens reads and closes it
Information and ResourcesThe latest news and information can always be found on the Peaxy website
Peaxy provides documents that are designed for different audiences These documents furnish acomprehensive explanation of Aureum and how to use it Additionally information is available fromtooltips Each field has a tooltip that adds explanations and any limitations for the item
The most current and accurate information available was included at the time this document wasprepared However changes may occur after the document is released Always read the ReleaseNotes for the most current information
Aureum Installation GuideA step-by-step guide to installing and configuring Aureum into your network
Aureum Administrator GuideA guide to understanding the Aureum architecture Provides details for planning configuring andmonitoring your implementation
Quickstart SeriesA series of two-page guides providing an abbreviated set of instructions for Aureum tasks Theycan be taken in order or used as reminders for individual tasks
Tech NotesSome technical issues are outside the scope of the regular documentation These are presented asTechnical Notes
Contact Peaxy9 am to 5 pm Pacific Standard Time
Main +1 (408) 441-6500
Support +1 (408) 763-3700
By phone
Support toll free US only +1 (844) 277-3299
General information infopeaxynet
Sales salespeaxynet
Support supportpeaxynet
By email
Documentation feedback feedbackpeaxynet
Online wwwpeaxynetsupport (login required)
Peaxy Inc
2380 Bering Dr
By mail
San Jose CA 95131 USA
LegalPeaxyreg and Aureumtrade are registered trademarks of Peaxy Inc
All other trademarks belong to their respective companies
CopyrightsThis document is copyright copy 2016 Peaxy Inc
Aureum software includes portions of the following
bull Amazon Web Services (AWS) Java SDK httpsawsamazoncomsdk-for-java and httpawsamazoncomapache-2-0
bull Apache License Version 20 January 2004bull BEOPEN PYTHON OPEN SOURCE LICENSE AGREEMENT VERSION 1bull BSD 3bull crc32 routine COPYRIGHT copy 1986 Gary S Brownbull Element Tree used under the Python licensebull Erlang Public License (EPL) a derivative work of the Mozilla Public License Now provided under
the Apache 20 licensebull GoogleAuth httpsgithubcomwstrangeGoogleAuthbull GNU Lesser General Public License Version 3 Copyright copy 2007 Free Software Foundation Inc
and GNU Lesser General Public License Version 21 Copyright copy 1999 Free Software FoundationInc
bull Samba is Free Software licensed under the GNU General Public License httpswwwsambaorgsambadocsGPLhtml the Samba project is a member of the Software Freedom Conservancy
bull JSON-C Copyright (c) 2009-2012 Eric Haszlakiewicz and Copyright (c) 2004-2005 MetaparadigmPte Ltd
bull Kerberos Copyright copy 1985-2009 now under the MIT 2 licensebull libcurl Copyright (c) 1996 - 2015 Daniel Stenbergdanielhaxxsebull lshow used under the GPL licensebull MIT (X11) Copyright copy 2007-2015bull RIAK Creative Commons (httpcreativecommonsorg licensesby30)bull Goldrush Copyright copy 2012 Magnus Klaarbull Meld Under ZPL licensebull NSIS (Nullsoft Scriptable Install System) copy 1999-2013bull OpenSSL License Copyright (c) 1998-2016 The OpenSSL Project and Original SSLeay License
Copyright (c) 1995-1998 Eric Youngbull Protobuf Copyright 2008 Google Inc now under the BSD 3 licensebull Setup Tools (setuptools-06c11) Under ZPL licensebull Sodium crypto library (libsodium) ISC license Copyright (c) 2013-2015 Frank Denisbull Solr the Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull TCL Copyright copy Regents of the University of California Sun Microsystems Inc Scriptics
Corporation and other partiesbull The Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull The Apache Tika project Copyright copy The Apache Software Foundationbull VirtualBox Copyright copy 2007 Oracle Corp as part of the GNU GPL V2 Licensebull YAWS Copyright copy 2006 Claes Wikstrom now under the BSD licensebull Apache zookeeper Under the Apache 2 license
Index | 35
Index
bdl license file 18
img 12
MD5 12
zip 12
A
access directories 24Active Directory 26add
resources 19servers 19
Admin 17administrator 17AMS 12 14 15 16Aureum IP address 11Aureum Manager 6 12 14Aureum name 18Aureum overview 5average file size 18
B
beacon turning on or off 19BIOS 15bonding network interface 19bootable USB 12 14browser 15button color 17
C
capacity 10 19CentOS 10checksum 12client registration 22clients 22configuration 11configure email 21connect 22contact 31create
export 23share 27
create Aureum 15create storage class 20
D
dedicated capacity 20dedicated nodes 5default storage class 20directory access 24discover resources 12 14 19discovery state Aureum nodes 12 14disk space required 10DNS server 11DNS servers 18documentation 31domain-authenticated user
domain 27
domain-authentication 22domain suffix 11download images 14
E
editsecurity level 22
emailer settings 21Ethernet
interface 10switch 10
exportCIFS 23create an export 23
F
files needed 12 14firewall 12flexible capacity 20flock 29FUSE 10
G
gateway 11 18
H
hardware requirements 10how to reach Peaxy 31
I
image copier 12 14import a license 18initial configuration 18inode retention 29install
client 24Linux client 24
introduction 5iptables 16
J
javarequired version 12 14
javaw 14
K
Kerberos 22 22 23
L
legal 33levels of security 23license files 18licenses 18
Index | 36
Linux client install 24localhost 15location 18
M
maintenance agreement 18management IP 15mapping 22mount Aureum 24 27mounting 22 22
N
namespace 18Navigation menu
configuration 11security 22
netBIOS 22NIC 19NTP server 11 18
O
outgoing email 21overview
architecture 6Aureum building blocks 6components 6
P
password 17password limitations 17ports 12POSIX compliance 29primary domain 18primary domain suffix 11
R
RAM requirements 10realms 22reboot 12 14recommended configuration 10Red Hat Enterprise Linux 10replication factor 11 18 20resources
needed 10run setup 16
S
samsp 12 14 16security 22 23security levels
security 22 23select the license 18SElinux 16sestatus 16set performance levels 20settings 11setup 16share
CIFS 27
create a share 27Share 26SMTP 17 21software files 14space needed 10storage class creating default 20subnet mask 11Support hours 31
T
tar ball 24time server 18time zone 11 18
U
USB 15USB stick 10 12 14user account 17
V
virtualization 6 15
W
what youll need 11Windows
domain 26join a domain 26share 27
Windows client 10
Y
yum 24
Install Aureum | 19
a) Select the average file size that you expect Aureum to containYour expected average file size selection is used by Aureum to determine the most efficientdistribution of hyperservers Aureum uses the selection you make here to determine theestimated ratio of namespace hyperservers to data hyperservers
b) Set the default namespace replication factor from 2 to 4The namespace replication factor is the number of replicas that Aureum creates for thenamespace
4 Click CONTINUE
Add resources to Aureum You can also click CANCEL to cancel the installation
Add ResourcesResources refer to the physical servers that will make up Aureum These can be any commodity serversuch as a 1U or 2U server with any number and size of disks These resources are used to build thenamespace and data hyperservers that form the heart of a running Aureum system
Note After a resource has been added Aureum claims the complete resource Unusedportions of a resource are designated as spares and are used in case of a failure or expansion
1 The system locates all physical servers that have been booted using USB sticks and are currently indiscovery stateYou will see a list of the servers available for inclusion Use the filter to narrow your search by servername
2 Select the servers to add to Aureum
Servers scheduled for selection have a check mark to the left Select the box beside SERVER NAMEto select all servers in the list
3 Enter the required number of IP addresses or an IP range The number of IP addresses neededappears above the IP ADDRESSES entry box
The system determines the number of IP addresses needed to ensure that all Aureum componentscan communicate receiving requests and returning responses Addresses can be individual IPaddresses (xxxxxxxxxxxx) an IP address range (xxxxxxxxx - xxx) or an IP address with a wildcard(xxxxxxxxx) Separate the IP addresses with a space comma or newline
Install Aureum | 20
Aureum only supports IPv4 (the dotted quad format) For example
192168100419216810015-2019216873
4 Define the roles of the serversClick the ROLES column entry for a server and configure the servers to support either data accessor search (SolrCloud) While it is possible to configure a server to support both data access andsearch this setting is not recommended for a production deployment
Note Aureum 40 supports SolrCloud clusters with one or three nodes Aureum 40 doesnot support SolrCloud clusters with either two nodes or more than three nodes
5 Define the bonding for the network port cardsYou should see the same speed for all of the network interfaces (NICs) on this server Use the list ofall NICs that are bonded with the interfaces on this server to form your decision Inactive NICs arenoted as sucha) Click the ETHERNET column entry for the server whose bonding to configure
If the column text is red some interfaces are not bonded to the server If the text is blue allavailable interfaces are bonded
b) Place a check mark next to all of the interfaces to bond to this server Remove the check markfor those interfaces you do not want included in the bond
6 Optional Toggle the server beacon on or offBeacon signals guide you to the server in question This is often used when troubleshooting tolocate a specific server in a large group of servers
7 Click CONTINUEWait for the installation wizard to verify that the IP addresses you entered are valid and can beused The system assigns the IP addresses and sets the state to Pending
8 Click START INSTALLATIONThe button changes from START INSTALLATION to INSTALLATION IN PROGRESS The systemassigns the resources to Aureum and determines the necessary number of dedicated nodesneeded for the configuration The progress is displayed but you can also use the Log link to followindividual progress If some of the servers are not yet ready wait a few moments and retry
The installation process will take some time typically 10 to 20 minutes When complete the IPaddress in the browser will switch from the local IP of your workstation to the Aureum IP addressthat was entered earlier This signals the transition from the AMS you launched earlier (samsp) to theintegrated PMT that is now running on Aureum
The next step is to create a default storage class
Create a Default Storage ClassA storage class groups and manages data hyperservers with similar replication factors capabilitiesand performance configuration
You must configure at least one storage class to use as the default during the initial Aureumconfiguration You can create more storage classes at any time as long as you have the resourcesnecessary
1 You are presented with the create Initial Storage Class option2 Enter the required information to create the storage class
a) Type a name for the storage classClass names can be up to 14 text characters
b) Define the performance levelPerformance levels based on throughput and seek time Select the paired setting that is best foryour expected usage For the widest option select ldquoAnyrdquo
c) Set the replication factor
Install Aureum | 21
Remember all hyperservers assigned to this storage class will use these settings
Note You must include at least the same number of resources to create the specifiedreplication factor For example you cannot have a replication factor of three in anAureum system with only two servers
Because each replication requires some amount of storage the replication factor selectedaffects the amount of total storage available
Tip The Aureum data space is partitioned through all the data-capable hyperserversEach hyperserver can be configured to offer a specified replication factor This lets youstore vital data with high redundancy while more transient data can skip replication inorder to optimize storage and performance costs
d) Optional Enable flexible space allocationEnabling flexible storage space allows the members of the storage class to consume thecapacity needed When more storage space is needed more is allocated automaticallyregardless of the initial allocation Peaxy recommends this option for general use Some casesmight have different needs
e) Optional To make this the default storage class select YESAll data that does not meet the conditions in a specific data policy will be stored on the defaultstorage class (See data policies in the Aureum Administrator Guide)
3 Click CREATE STORAGE CLASS4 To complete the initial installation and configuration click FINALIZE AUREUM then click YES to
confirm the configuration is correct
Important After you click FINALIZE you must wait for the health indicator on the Aureumcard or list turn green before using Aureum
The Aureum installation is complete and the PMT shows the main Aureum window To configureadditional Aureum storage classes and data policies and to understand how to monitor Aureum seethe Aureum Administrator Guide
Define Outgoing Mail SettingsIn order for Aureum to send email notifications and provide lost password recovery you must tellAureum how to send email alerts
Important Configure outgoing email settings as soon as reasonably possible If you lose orforget your password Aureum cannot send reset instructions until you configure the emailsettings
1 Select EMAILER CONFIG from the SETUP WIZARD pane or from the Navigation menu select EMAILER
2 Type the email (SMTP) server to use when sending the emailThe email server must be accessible from Aureum
Install Aureum | 22
3 By default the system uses port 587 This is usually the right setting Only change the EMAILSERVER PORT if your organizations SMTP server requires it
4 Enter a valid user account and password that Aureum will use to send email from this server5 Optional SEND FROM is required only if your email server requires Transport Layer Security (TLS)
If this is the case type the SEND FROM email addressGenerally the recommended SEND FROM address is a working system administrator account
6 Click SAVE
Create a Client Registration UserThe Aureum client registration user and password allow client authentication at mount time
This allows you to create a custom account for authenticating client mounts
1 Click REGISTRATION2 Type a name for the user This will be the username that is authorized to type in the registration
password when an Aureum client is installed3 Type the client registration password This password is used to register the Aureum client for
authentication at mount time4 Click SAVE
Configure SecurityDefine define the level of security for client communication
1 Click SECURITY LEVEL2 Slide the controller to the level of security your data will use
3 Click ACCEPT
ConnectAn Aureum client mounts Aureum and allows access to folders and files Peaxy provides clientsoftware for Linux users and allows Windows users to access Aureum through a Windows share
The Linux-based client uses a FUSE component to remotely access Aureum services Almost all Linuxinstallations include FUSE so you should not need to do anything extra
The Aureum client has a small footprint A very limited set of memory and CPU cycles are needed toperform the client functions Also the Aureum client can be used concurrently with other clients forNFS and other network file systems
When you install the client the client drivers are added to the default system directories To accessthese directories use the mount command (more commonly known as mapping a drive in Windows)to mount the client to the directory
Install Aureum | 23
Mounting a client to an Aureum directory loads all the data structures necessary for the client tointeract with Aureum As the structures change Aureum updates them In order for a client to accessAureum all that is necessary is that the client know the IP address or URL to which the client willconnect and the client-Aureum registration password
Also available is the ability to join a Windows domain and create domain-authenticated users who canaccess different areas of Aureum
Linux Client-Aureum RegistrationThe minimum security level for Aureum is the authenticated mount To ensure that unauthorized usersdont gain access to data Peaxy provides an authenticated mount between Aureum Linux clients andAureum using certificates and registration
Note The process described in this section applies to Linux clients Windows domains userswith credentials from an Active Directory access Aureum through a Windows share
Security is always an important part of any system that provides data access especially when theaccess spans many users and locations Peaxy provides a registration process where the clientand server exchange certificates which are used to authenticate subsequent connections Theregistration provides a mutual authentication method between the client and Aureum allowing theclient access Only authenticated clients are allowed to mount Aureum Other clients cannot use thesame authentication as part of the certificate registration Aureum generates a client key pair that isunique to each client-Aureum connection
How It WorksThe AMS requires a dynamic registration at the initial mount time As part of the registration Aureumgenerates a key pair unique to each client This key pair is persistent so you do not need to re-register the client each time you mount Aureum
This initial registration is required the first time the client mounts Aureum and requires a specialregistration password that is unique to Aureum This password is entered by the Aureum administratorat the workstation on which the client is installed Subsequent client mounts use the client certificateissued during registration
Security LevelsAureum offers varying levels of security
The security level is visible on the Aureum card or list and is indicated in the SECURITY section by thenumber of total locks that are green Gray locks indicate how many additional security levels you canselect For example if there are four total locks and three are green your current security level is 3Message Integrity
bull Data Confidentiality all data in and out of Aureum is verified and encryptedbull Message Integrity message authentication codes verify message integritybull Kerberos Authentication use the Kerberos authentication protocol as the mechanism for
authentication between a client and a server or between one server and another serverbull Authenticated Mount use X509 certificates to mutually authenticate and validate all Aureum
clients and hyperservers in Aureum
Create an ExportCreate an export to allow Linux clients to mount and access Aureum
1 From the Navigation menu select SECURITY gt EXPORTS2 Type the export name3 In the EXPORT CONTENT IN field choose the data class to export
The IN DIRECTORY field automatically populates with the path specified by the chosen data classYou can extend this path but you cannot shorten it For example if the data class specifies the
Install Aureum | 24
engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the export5 Click CREATE6 To edit or delete an export click the corresponding entry in the list
bull To edit the export make the changes needed in the edit panel and click SAVE CHANGESbull To delete an export click the corresponding trash can icon ( ) and confirm the deletion
Install a Linux-based Aureum ClientYou install the Aureum client on physical hardware or on a workstation in the cloud Use the client tomount and access Aureum directories
Before installing the client make sure that your system meets the minimum requirements describedin the Requirements section of this document
Note Aureum uses FUSE in Direct IO mode for better performance The version of FUSErunning on older versions of CentOS Red Hat Enterprise Linux doesnt support mmap whenFUSE is being used this way This might cause some mmap functions such as ACCESS_WRITEMAP_SHARED and PROT_WRITE to fail You can use the mount flag --disable-direct-io-mode to disable Direct IO mode
If you choose to use Direct IO mmap will be disabled on CentOS56 and 57 since those versionsdont support mmap with direct IO Enabling this option will result in a significant performancedegradation on clients using this option Peaxy strongly recommends that you upgrade to a newerversion of Linux
Ensure FUSE and its dependencies have been installed on each client If it has not been installedinstall FUSE according to the instructions for the package you chose On CentOS for example installthis by typing
sudo yum -y install fusex86_64 fuse-develx86_64 fuse-libsx86_64
The version numbers for your installation may differ
If you have installed a version of the fuseko module that is not the Peaxy-specific version runadditional commands at the end of the installation process This prevents kernel-oops messages fromconsuming all of the space in the varspool directory These messages indicate a benign conditiondue to a Linux FUSE problem
Run the following commands
chkconfig --levels 2345 abrt-oops off service abrt-oops stop
Note The client installation sets the following values automatically
Parameter Value set to
netipv4tcp_tw_recycle 1
netipv4tcp_fin_timeout 2
netcorewmem_max 2097152
netcorermem_max 2097152
netcorewmem_default 2097152
netcorermem_default 2097152
Install Aureum | 25
1 Download the Aureum client file from the support section of the Peaxy website at wwwpeaxynetsupport (login is required)The file is downloaded as a targz package and contains an installer It has a name similar tohfclient-fuse-400ltbuildnumbergttargz
2 Unpack the distribution file by typing the following
tar -zxvf hfclient-fuse-400ltbuildnumbergttargz
You will see something like the following
hfclient-fuse-400hfclient-fuse-400setupshhfclient-fuse-400scriptshfclient-fuse-400scriptsupdatedbshhfclient-fuse-400scriptsc_rehashshhfclient-fuse-400scriptssysctlshhfclient-fuse-400scriptsunregshhfclient-fuse-400scriptsconfshhfclient-fuse-400binhfclient-fuse-400binfusehfCentOS-5xhfclient-fuse-400binfusehfhfclient-fuse-400confhfclient-fuse-400confhfconftgz
3 While logged in as root run setupsh installThe driver files are installed in the default system directories You will see something similar to thefollowing
sudo setupsh install
Installer for Peaxy Aureum Client version 40
Checking package contentsInstalling hf client binariesremoved `optpeaxy-40sbinfusehf`binfusehf -gt `optpeaxy-40sbinfusehfInstallation complete
Mount Aureum
Mount Aureum (Linux)After the client is installed use the mount command to mount Aureum
At a command prompt type
sudo mkdir -p ltmnt_pointgtsudo mount -t fusehf hfltmgmt_ipgt ltmnt_pointgt -o user=ltclient registration usernamegt
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is thedirectory that will serve as your local mount point for example mntpeaxy
If you omit -o user=ltclient_user_namegt you would be prompted for the password associatedwith the local admin account to complete the client registration Best practice is to always create aclient registration account and use that password
The first time you mount the client to Aureum you will be prompted for a registration passwordto allow client-Aureum authentication Type the client registration password Otherwise youradministrator must do this for you
Peaxy strongly recommends that you change the password often especially after typing the passwordfor a client registration
If you or your IT administrator have associated a DNS entry with the Aureum IP address you mightwant to use the DNS name as the name for your mount point
Install Aureum | 26
To configure the Aureum client to automatically mount on startup locate the etcfstab file andadd the line
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults 0 0
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is the localmount point for example mntpeaxy
Note If you are running CentOS 7 change this line to add the _netdev flag as below
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults_netdev 0 0
You can now use the Aureum client to access Aureum
Unregister a Linux Client from AureumYou can securely unregister an installed FUSE client from the Aureum system that it mounts
Removing the registration renders the client unable to access Aureum If you use the all option youwill need to perform a new registration setup before you can mount Aureum again
Unregistering a client is done by running the unregsh script Use the following procedure tounregister the client
1 On the workstation running the client open a command prompt2 Move to optpeaxybin the location of the script3 Run the script
bull Type sudo unregsh ltAureumgt to unregister the client from a specific Aureum systemReplace ltAureumgt with the Aureum system to unregister
bull Type sudo unregsh all to unregister the client from all Aureum systems on which theclient is registered
Note Peaxy strongly recommends using the all option before you decommission aclient workstation
Windows ConfigurationDomain users with credentials from an Active Directory can access Aureum through a share
After Aureum joins a domain it sets up network shares for chosen directories (including all containedsubdirectories) To domain users these shares look the same as any other folder that is accessible viathe network
Unlike an Aureum client which mounts to the root of the volume a share allows a user to exportsubdirectories for more granular access
Where to Find ItFrom the Navigation menu select SECURITY gt DOMAINS and SECURITY gt SHARES
Join a DomainBefore you can create a share you must join a Windows domain
You can pre-create a machine account in an Active Directory under a specified OU If you choose notto do so Aureum will try to add a computer account to the default location of ldquoComputersrdquo
Important If Aureum is already joined to a domain joining another domain will replace thejoin not add to it Aureum will only be joined to the most recently joined domain
1 From the Navigation menu select SECURITY gt DOMAINS2 Type the complete Windows domain to join for example engexamplecom3 Type the username with access to the domain The user must have the necessary permissions to
join Aureum to the domain4 Type the password associated with the username or access to modify an object in the OU if the
machine account was pre-created
Install Aureum | 27
5 In the NETBIOS NAME field set the Aureum computer account name you wish to be created in theActive Directory If Aureum is using a pre-created machine account in a specific OU then the nameyou specify here must match that name exactly
6 Click JOIN
After the domain has been joined the JOIN button changes to LEAVE To leave the domain clickLEAVE
Create a ShareCreate a share to allow Windows users to connect to Aureum
Before you can create a share you must join the appropriate domain
1 From the Navigation menu select SECURITY gt SHARES2 Type the name of the share3 In the SHARE CONTENT IN field choose the appropriate data class
The IN DIRECTORY field automatically populates with the path specified by the chosen data classYou can extend this path but you cannot shorten it For example if the data class specifies the engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the share5 Click CREATE
6 To edit or delete a share click the share to be modified
bull To edit the share make the changes needed in the edit panel and click SAVE CHANGESbull To delete the share click the trash can icon ( ) and confirm the deletion
Mount an Aureum Windows ShareDomain-authenticated users can mount and access Aureum directories using a share
After Aureum has been joined to a domain and the share has been created you can easily mount tothe share
The exact mount process is based on your workstation OS
Install Aureum | 28
If you do not already know it you can determine the mount point from Aureum by navigating to theJOIN DOMAIN page and using one of the listed public IP addresses as the mount point Include theshare name when mounting
Peaxy recommends that you take the list of public IP addresses and enter them into your DNS serverlisted under the Aureum NetBIOS name within the appropriate domain In cases where multipleaddresses are used the DNS server automatically round-robins the returned address This ensure thatclient connection load is distributed across the available nodes
As a Windows example to mount a drive letter to Aureum Type
net use ltdrive_lettergt ltpublic addressgtltshare namegt
where ltdrive_lettergt is the drive letter to assign to Aureum ltpublic_addressgt is the IP address usedto join the domain and ltshare_namegt is the share
You then log into the share using your domain-authenticated username and password For exampleMYDOMAINmyname
After mapping the drive access Aureum through Windows Explorer just like you would any otherdrive
If the share does not appear in the Windows Explorer after a change such as a system reboot occursrefresh the view using the Refresh icon ( ) The share should display correctly
You do not have to assign a share to a drive letter however In Windows Explorer type the public IPaddress and share name into the address bar Provide your username and password
POSIX ComplianceAureum provides a POSIX-compliant interface
Most of the Aureum interfaces are POSIX compliant and adhere to the IEEE standard The following isa list of exceptions to compliance
bull The directory nlink count is not incremented when a subdirectory is addedbull inode retention differs from the POSIX specification because there is no way to retain the original
inode number when a rename entails a move to a different device You can display the datahyperserver extent ID instead of the namespace hyperserver Node ID to the caller in the statfamily of calls This does not change when a file or directory is renamed It does change if the file ismigrated from one data hyperserver to another
bull If two mount points are held to the same Aureum and a file is closed on one Aureum does notremove a fcntl lock for the same file on another This is a variance on the way that NFS worksThe internal locking structures take into account the client ID which varies depending on the clientmount If there are two different mounts to a server Aureum treats them as separate machineswhich NFS does not
bull The file locking call flock() is emulated using POSIX byte range locks (fcntl() ) The POSIXcompliance specification does not cover flock() This implementation mirrors the behavior ofNFS The Aureum behavior is slightly different and varies from the POSIX specification as follows
1 As in NFS you must have write permissions to get a write lock2 As in NFS you cannot place both flock() and fcntl() locks on the same file as these locks
will conflict3 An flock() will not inherit across forks4 The flock() will be durable against other file closes but fcntl() locks will not behave within
the POSIX specification5 As well as being removed by an explicit f_unlock record locks are automatically released
when the process terminates or if it closes any file descriptor referring to a file on which locksare held This means that a process can lose the locks on a file like etcpasswd or etcmtab if a library function opens reads and closes it
Information and ResourcesThe latest news and information can always be found on the Peaxy website
Peaxy provides documents that are designed for different audiences These documents furnish acomprehensive explanation of Aureum and how to use it Additionally information is available fromtooltips Each field has a tooltip that adds explanations and any limitations for the item
The most current and accurate information available was included at the time this document wasprepared However changes may occur after the document is released Always read the ReleaseNotes for the most current information
Aureum Installation GuideA step-by-step guide to installing and configuring Aureum into your network
Aureum Administrator GuideA guide to understanding the Aureum architecture Provides details for planning configuring andmonitoring your implementation
Quickstart SeriesA series of two-page guides providing an abbreviated set of instructions for Aureum tasks Theycan be taken in order or used as reminders for individual tasks
Tech NotesSome technical issues are outside the scope of the regular documentation These are presented asTechnical Notes
Contact Peaxy9 am to 5 pm Pacific Standard Time
Main +1 (408) 441-6500
Support +1 (408) 763-3700
By phone
Support toll free US only +1 (844) 277-3299
General information infopeaxynet
Sales salespeaxynet
Support supportpeaxynet
By email
Documentation feedback feedbackpeaxynet
Online wwwpeaxynetsupport (login required)
Peaxy Inc
2380 Bering Dr
By mail
San Jose CA 95131 USA
LegalPeaxyreg and Aureumtrade are registered trademarks of Peaxy Inc
All other trademarks belong to their respective companies
CopyrightsThis document is copyright copy 2016 Peaxy Inc
Aureum software includes portions of the following
bull Amazon Web Services (AWS) Java SDK httpsawsamazoncomsdk-for-java and httpawsamazoncomapache-2-0
bull Apache License Version 20 January 2004bull BEOPEN PYTHON OPEN SOURCE LICENSE AGREEMENT VERSION 1bull BSD 3bull crc32 routine COPYRIGHT copy 1986 Gary S Brownbull Element Tree used under the Python licensebull Erlang Public License (EPL) a derivative work of the Mozilla Public License Now provided under
the Apache 20 licensebull GoogleAuth httpsgithubcomwstrangeGoogleAuthbull GNU Lesser General Public License Version 3 Copyright copy 2007 Free Software Foundation Inc
and GNU Lesser General Public License Version 21 Copyright copy 1999 Free Software FoundationInc
bull Samba is Free Software licensed under the GNU General Public License httpswwwsambaorgsambadocsGPLhtml the Samba project is a member of the Software Freedom Conservancy
bull JSON-C Copyright (c) 2009-2012 Eric Haszlakiewicz and Copyright (c) 2004-2005 MetaparadigmPte Ltd
bull Kerberos Copyright copy 1985-2009 now under the MIT 2 licensebull libcurl Copyright (c) 1996 - 2015 Daniel Stenbergdanielhaxxsebull lshow used under the GPL licensebull MIT (X11) Copyright copy 2007-2015bull RIAK Creative Commons (httpcreativecommonsorg licensesby30)bull Goldrush Copyright copy 2012 Magnus Klaarbull Meld Under ZPL licensebull NSIS (Nullsoft Scriptable Install System) copy 1999-2013bull OpenSSL License Copyright (c) 1998-2016 The OpenSSL Project and Original SSLeay License
Copyright (c) 1995-1998 Eric Youngbull Protobuf Copyright 2008 Google Inc now under the BSD 3 licensebull Setup Tools (setuptools-06c11) Under ZPL licensebull Sodium crypto library (libsodium) ISC license Copyright (c) 2013-2015 Frank Denisbull Solr the Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull TCL Copyright copy Regents of the University of California Sun Microsystems Inc Scriptics
Corporation and other partiesbull The Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull The Apache Tika project Copyright copy The Apache Software Foundationbull VirtualBox Copyright copy 2007 Oracle Corp as part of the GNU GPL V2 Licensebull YAWS Copyright copy 2006 Claes Wikstrom now under the BSD licensebull Apache zookeeper Under the Apache 2 license
Index | 35
Index
bdl license file 18
img 12
MD5 12
zip 12
A
access directories 24Active Directory 26add
resources 19servers 19
Admin 17administrator 17AMS 12 14 15 16Aureum IP address 11Aureum Manager 6 12 14Aureum name 18Aureum overview 5average file size 18
B
beacon turning on or off 19BIOS 15bonding network interface 19bootable USB 12 14browser 15button color 17
C
capacity 10 19CentOS 10checksum 12client registration 22clients 22configuration 11configure email 21connect 22contact 31create
export 23share 27
create Aureum 15create storage class 20
D
dedicated capacity 20dedicated nodes 5default storage class 20directory access 24discover resources 12 14 19discovery state Aureum nodes 12 14disk space required 10DNS server 11DNS servers 18documentation 31domain-authenticated user
domain 27
domain-authentication 22domain suffix 11download images 14
E
editsecurity level 22
emailer settings 21Ethernet
interface 10switch 10
exportCIFS 23create an export 23
F
files needed 12 14firewall 12flexible capacity 20flock 29FUSE 10
G
gateway 11 18
H
hardware requirements 10how to reach Peaxy 31
I
image copier 12 14import a license 18initial configuration 18inode retention 29install
client 24Linux client 24
introduction 5iptables 16
J
javarequired version 12 14
javaw 14
K
Kerberos 22 22 23
L
legal 33levels of security 23license files 18licenses 18
Index | 36
Linux client install 24localhost 15location 18
M
maintenance agreement 18management IP 15mapping 22mount Aureum 24 27mounting 22 22
N
namespace 18Navigation menu
configuration 11security 22
netBIOS 22NIC 19NTP server 11 18
O
outgoing email 21overview
architecture 6Aureum building blocks 6components 6
P
password 17password limitations 17ports 12POSIX compliance 29primary domain 18primary domain suffix 11
R
RAM requirements 10realms 22reboot 12 14recommended configuration 10Red Hat Enterprise Linux 10replication factor 11 18 20resources
needed 10run setup 16
S
samsp 12 14 16security 22 23security levels
security 22 23select the license 18SElinux 16sestatus 16set performance levels 20settings 11setup 16share
CIFS 27
create a share 27Share 26SMTP 17 21software files 14space needed 10storage class creating default 20subnet mask 11Support hours 31
T
tar ball 24time server 18time zone 11 18
U
USB 15USB stick 10 12 14user account 17
V
virtualization 6 15
W
what youll need 11Windows
domain 26join a domain 26share 27
Windows client 10
Y
yum 24
Install Aureum | 20
Aureum only supports IPv4 (the dotted quad format) For example
192168100419216810015-2019216873
4 Define the roles of the serversClick the ROLES column entry for a server and configure the servers to support either data accessor search (SolrCloud) While it is possible to configure a server to support both data access andsearch this setting is not recommended for a production deployment
Note Aureum 40 supports SolrCloud clusters with one or three nodes Aureum 40 doesnot support SolrCloud clusters with either two nodes or more than three nodes
5 Define the bonding for the network port cardsYou should see the same speed for all of the network interfaces (NICs) on this server Use the list ofall NICs that are bonded with the interfaces on this server to form your decision Inactive NICs arenoted as sucha) Click the ETHERNET column entry for the server whose bonding to configure
If the column text is red some interfaces are not bonded to the server If the text is blue allavailable interfaces are bonded
b) Place a check mark next to all of the interfaces to bond to this server Remove the check markfor those interfaces you do not want included in the bond
6 Optional Toggle the server beacon on or offBeacon signals guide you to the server in question This is often used when troubleshooting tolocate a specific server in a large group of servers
7 Click CONTINUEWait for the installation wizard to verify that the IP addresses you entered are valid and can beused The system assigns the IP addresses and sets the state to Pending
8 Click START INSTALLATIONThe button changes from START INSTALLATION to INSTALLATION IN PROGRESS The systemassigns the resources to Aureum and determines the necessary number of dedicated nodesneeded for the configuration The progress is displayed but you can also use the Log link to followindividual progress If some of the servers are not yet ready wait a few moments and retry
The installation process will take some time typically 10 to 20 minutes When complete the IPaddress in the browser will switch from the local IP of your workstation to the Aureum IP addressthat was entered earlier This signals the transition from the AMS you launched earlier (samsp) to theintegrated PMT that is now running on Aureum
The next step is to create a default storage class
Create a Default Storage ClassA storage class groups and manages data hyperservers with similar replication factors capabilitiesand performance configuration
You must configure at least one storage class to use as the default during the initial Aureumconfiguration You can create more storage classes at any time as long as you have the resourcesnecessary
1 You are presented with the create Initial Storage Class option2 Enter the required information to create the storage class
a) Type a name for the storage classClass names can be up to 14 text characters
b) Define the performance levelPerformance levels based on throughput and seek time Select the paired setting that is best foryour expected usage For the widest option select ldquoAnyrdquo
c) Set the replication factor
Install Aureum | 21
Remember all hyperservers assigned to this storage class will use these settings
Note You must include at least the same number of resources to create the specifiedreplication factor For example you cannot have a replication factor of three in anAureum system with only two servers
Because each replication requires some amount of storage the replication factor selectedaffects the amount of total storage available
Tip The Aureum data space is partitioned through all the data-capable hyperserversEach hyperserver can be configured to offer a specified replication factor This lets youstore vital data with high redundancy while more transient data can skip replication inorder to optimize storage and performance costs
d) Optional Enable flexible space allocationEnabling flexible storage space allows the members of the storage class to consume thecapacity needed When more storage space is needed more is allocated automaticallyregardless of the initial allocation Peaxy recommends this option for general use Some casesmight have different needs
e) Optional To make this the default storage class select YESAll data that does not meet the conditions in a specific data policy will be stored on the defaultstorage class (See data policies in the Aureum Administrator Guide)
3 Click CREATE STORAGE CLASS4 To complete the initial installation and configuration click FINALIZE AUREUM then click YES to
confirm the configuration is correct
Important After you click FINALIZE you must wait for the health indicator on the Aureumcard or list turn green before using Aureum
The Aureum installation is complete and the PMT shows the main Aureum window To configureadditional Aureum storage classes and data policies and to understand how to monitor Aureum seethe Aureum Administrator Guide
Define Outgoing Mail SettingsIn order for Aureum to send email notifications and provide lost password recovery you must tellAureum how to send email alerts
Important Configure outgoing email settings as soon as reasonably possible If you lose orforget your password Aureum cannot send reset instructions until you configure the emailsettings
1 Select EMAILER CONFIG from the SETUP WIZARD pane or from the Navigation menu select EMAILER
2 Type the email (SMTP) server to use when sending the emailThe email server must be accessible from Aureum
Install Aureum | 22
3 By default the system uses port 587 This is usually the right setting Only change the EMAILSERVER PORT if your organizations SMTP server requires it
4 Enter a valid user account and password that Aureum will use to send email from this server5 Optional SEND FROM is required only if your email server requires Transport Layer Security (TLS)
If this is the case type the SEND FROM email addressGenerally the recommended SEND FROM address is a working system administrator account
6 Click SAVE
Create a Client Registration UserThe Aureum client registration user and password allow client authentication at mount time
This allows you to create a custom account for authenticating client mounts
1 Click REGISTRATION2 Type a name for the user This will be the username that is authorized to type in the registration
password when an Aureum client is installed3 Type the client registration password This password is used to register the Aureum client for
authentication at mount time4 Click SAVE
Configure SecurityDefine define the level of security for client communication
1 Click SECURITY LEVEL2 Slide the controller to the level of security your data will use
3 Click ACCEPT
ConnectAn Aureum client mounts Aureum and allows access to folders and files Peaxy provides clientsoftware for Linux users and allows Windows users to access Aureum through a Windows share
The Linux-based client uses a FUSE component to remotely access Aureum services Almost all Linuxinstallations include FUSE so you should not need to do anything extra
The Aureum client has a small footprint A very limited set of memory and CPU cycles are needed toperform the client functions Also the Aureum client can be used concurrently with other clients forNFS and other network file systems
When you install the client the client drivers are added to the default system directories To accessthese directories use the mount command (more commonly known as mapping a drive in Windows)to mount the client to the directory
Install Aureum | 23
Mounting a client to an Aureum directory loads all the data structures necessary for the client tointeract with Aureum As the structures change Aureum updates them In order for a client to accessAureum all that is necessary is that the client know the IP address or URL to which the client willconnect and the client-Aureum registration password
Also available is the ability to join a Windows domain and create domain-authenticated users who canaccess different areas of Aureum
Linux Client-Aureum RegistrationThe minimum security level for Aureum is the authenticated mount To ensure that unauthorized usersdont gain access to data Peaxy provides an authenticated mount between Aureum Linux clients andAureum using certificates and registration
Note The process described in this section applies to Linux clients Windows domains userswith credentials from an Active Directory access Aureum through a Windows share
Security is always an important part of any system that provides data access especially when theaccess spans many users and locations Peaxy provides a registration process where the clientand server exchange certificates which are used to authenticate subsequent connections Theregistration provides a mutual authentication method between the client and Aureum allowing theclient access Only authenticated clients are allowed to mount Aureum Other clients cannot use thesame authentication as part of the certificate registration Aureum generates a client key pair that isunique to each client-Aureum connection
How It WorksThe AMS requires a dynamic registration at the initial mount time As part of the registration Aureumgenerates a key pair unique to each client This key pair is persistent so you do not need to re-register the client each time you mount Aureum
This initial registration is required the first time the client mounts Aureum and requires a specialregistration password that is unique to Aureum This password is entered by the Aureum administratorat the workstation on which the client is installed Subsequent client mounts use the client certificateissued during registration
Security LevelsAureum offers varying levels of security
The security level is visible on the Aureum card or list and is indicated in the SECURITY section by thenumber of total locks that are green Gray locks indicate how many additional security levels you canselect For example if there are four total locks and three are green your current security level is 3Message Integrity
bull Data Confidentiality all data in and out of Aureum is verified and encryptedbull Message Integrity message authentication codes verify message integritybull Kerberos Authentication use the Kerberos authentication protocol as the mechanism for
authentication between a client and a server or between one server and another serverbull Authenticated Mount use X509 certificates to mutually authenticate and validate all Aureum
clients and hyperservers in Aureum
Create an ExportCreate an export to allow Linux clients to mount and access Aureum
1 From the Navigation menu select SECURITY gt EXPORTS2 Type the export name3 In the EXPORT CONTENT IN field choose the data class to export
The IN DIRECTORY field automatically populates with the path specified by the chosen data classYou can extend this path but you cannot shorten it For example if the data class specifies the
Install Aureum | 24
engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the export5 Click CREATE6 To edit or delete an export click the corresponding entry in the list
bull To edit the export make the changes needed in the edit panel and click SAVE CHANGESbull To delete an export click the corresponding trash can icon ( ) and confirm the deletion
Install a Linux-based Aureum ClientYou install the Aureum client on physical hardware or on a workstation in the cloud Use the client tomount and access Aureum directories
Before installing the client make sure that your system meets the minimum requirements describedin the Requirements section of this document
Note Aureum uses FUSE in Direct IO mode for better performance The version of FUSErunning on older versions of CentOS Red Hat Enterprise Linux doesnt support mmap whenFUSE is being used this way This might cause some mmap functions such as ACCESS_WRITEMAP_SHARED and PROT_WRITE to fail You can use the mount flag --disable-direct-io-mode to disable Direct IO mode
If you choose to use Direct IO mmap will be disabled on CentOS56 and 57 since those versionsdont support mmap with direct IO Enabling this option will result in a significant performancedegradation on clients using this option Peaxy strongly recommends that you upgrade to a newerversion of Linux
Ensure FUSE and its dependencies have been installed on each client If it has not been installedinstall FUSE according to the instructions for the package you chose On CentOS for example installthis by typing
sudo yum -y install fusex86_64 fuse-develx86_64 fuse-libsx86_64
The version numbers for your installation may differ
If you have installed a version of the fuseko module that is not the Peaxy-specific version runadditional commands at the end of the installation process This prevents kernel-oops messages fromconsuming all of the space in the varspool directory These messages indicate a benign conditiondue to a Linux FUSE problem
Run the following commands
chkconfig --levels 2345 abrt-oops off service abrt-oops stop
Note The client installation sets the following values automatically
Parameter Value set to
netipv4tcp_tw_recycle 1
netipv4tcp_fin_timeout 2
netcorewmem_max 2097152
netcorermem_max 2097152
netcorewmem_default 2097152
netcorermem_default 2097152
Install Aureum | 25
1 Download the Aureum client file from the support section of the Peaxy website at wwwpeaxynetsupport (login is required)The file is downloaded as a targz package and contains an installer It has a name similar tohfclient-fuse-400ltbuildnumbergttargz
2 Unpack the distribution file by typing the following
tar -zxvf hfclient-fuse-400ltbuildnumbergttargz
You will see something like the following
hfclient-fuse-400hfclient-fuse-400setupshhfclient-fuse-400scriptshfclient-fuse-400scriptsupdatedbshhfclient-fuse-400scriptsc_rehashshhfclient-fuse-400scriptssysctlshhfclient-fuse-400scriptsunregshhfclient-fuse-400scriptsconfshhfclient-fuse-400binhfclient-fuse-400binfusehfCentOS-5xhfclient-fuse-400binfusehfhfclient-fuse-400confhfclient-fuse-400confhfconftgz
3 While logged in as root run setupsh installThe driver files are installed in the default system directories You will see something similar to thefollowing
sudo setupsh install
Installer for Peaxy Aureum Client version 40
Checking package contentsInstalling hf client binariesremoved `optpeaxy-40sbinfusehf`binfusehf -gt `optpeaxy-40sbinfusehfInstallation complete
Mount Aureum
Mount Aureum (Linux)After the client is installed use the mount command to mount Aureum
At a command prompt type
sudo mkdir -p ltmnt_pointgtsudo mount -t fusehf hfltmgmt_ipgt ltmnt_pointgt -o user=ltclient registration usernamegt
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is thedirectory that will serve as your local mount point for example mntpeaxy
If you omit -o user=ltclient_user_namegt you would be prompted for the password associatedwith the local admin account to complete the client registration Best practice is to always create aclient registration account and use that password
The first time you mount the client to Aureum you will be prompted for a registration passwordto allow client-Aureum authentication Type the client registration password Otherwise youradministrator must do this for you
Peaxy strongly recommends that you change the password often especially after typing the passwordfor a client registration
If you or your IT administrator have associated a DNS entry with the Aureum IP address you mightwant to use the DNS name as the name for your mount point
Install Aureum | 26
To configure the Aureum client to automatically mount on startup locate the etcfstab file andadd the line
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults 0 0
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is the localmount point for example mntpeaxy
Note If you are running CentOS 7 change this line to add the _netdev flag as below
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults_netdev 0 0
You can now use the Aureum client to access Aureum
Unregister a Linux Client from AureumYou can securely unregister an installed FUSE client from the Aureum system that it mounts
Removing the registration renders the client unable to access Aureum If you use the all option youwill need to perform a new registration setup before you can mount Aureum again
Unregistering a client is done by running the unregsh script Use the following procedure tounregister the client
1 On the workstation running the client open a command prompt2 Move to optpeaxybin the location of the script3 Run the script
bull Type sudo unregsh ltAureumgt to unregister the client from a specific Aureum systemReplace ltAureumgt with the Aureum system to unregister
bull Type sudo unregsh all to unregister the client from all Aureum systems on which theclient is registered
Note Peaxy strongly recommends using the all option before you decommission aclient workstation
Windows ConfigurationDomain users with credentials from an Active Directory can access Aureum through a share
After Aureum joins a domain it sets up network shares for chosen directories (including all containedsubdirectories) To domain users these shares look the same as any other folder that is accessible viathe network
Unlike an Aureum client which mounts to the root of the volume a share allows a user to exportsubdirectories for more granular access
Where to Find ItFrom the Navigation menu select SECURITY gt DOMAINS and SECURITY gt SHARES
Join a DomainBefore you can create a share you must join a Windows domain
You can pre-create a machine account in an Active Directory under a specified OU If you choose notto do so Aureum will try to add a computer account to the default location of ldquoComputersrdquo
Important If Aureum is already joined to a domain joining another domain will replace thejoin not add to it Aureum will only be joined to the most recently joined domain
1 From the Navigation menu select SECURITY gt DOMAINS2 Type the complete Windows domain to join for example engexamplecom3 Type the username with access to the domain The user must have the necessary permissions to
join Aureum to the domain4 Type the password associated with the username or access to modify an object in the OU if the
machine account was pre-created
Install Aureum | 27
5 In the NETBIOS NAME field set the Aureum computer account name you wish to be created in theActive Directory If Aureum is using a pre-created machine account in a specific OU then the nameyou specify here must match that name exactly
6 Click JOIN
After the domain has been joined the JOIN button changes to LEAVE To leave the domain clickLEAVE
Create a ShareCreate a share to allow Windows users to connect to Aureum
Before you can create a share you must join the appropriate domain
1 From the Navigation menu select SECURITY gt SHARES2 Type the name of the share3 In the SHARE CONTENT IN field choose the appropriate data class
The IN DIRECTORY field automatically populates with the path specified by the chosen data classYou can extend this path but you cannot shorten it For example if the data class specifies the engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the share5 Click CREATE
6 To edit or delete a share click the share to be modified
bull To edit the share make the changes needed in the edit panel and click SAVE CHANGESbull To delete the share click the trash can icon ( ) and confirm the deletion
Mount an Aureum Windows ShareDomain-authenticated users can mount and access Aureum directories using a share
After Aureum has been joined to a domain and the share has been created you can easily mount tothe share
The exact mount process is based on your workstation OS
Install Aureum | 28
If you do not already know it you can determine the mount point from Aureum by navigating to theJOIN DOMAIN page and using one of the listed public IP addresses as the mount point Include theshare name when mounting
Peaxy recommends that you take the list of public IP addresses and enter them into your DNS serverlisted under the Aureum NetBIOS name within the appropriate domain In cases where multipleaddresses are used the DNS server automatically round-robins the returned address This ensure thatclient connection load is distributed across the available nodes
As a Windows example to mount a drive letter to Aureum Type
net use ltdrive_lettergt ltpublic addressgtltshare namegt
where ltdrive_lettergt is the drive letter to assign to Aureum ltpublic_addressgt is the IP address usedto join the domain and ltshare_namegt is the share
You then log into the share using your domain-authenticated username and password For exampleMYDOMAINmyname
After mapping the drive access Aureum through Windows Explorer just like you would any otherdrive
If the share does not appear in the Windows Explorer after a change such as a system reboot occursrefresh the view using the Refresh icon ( ) The share should display correctly
You do not have to assign a share to a drive letter however In Windows Explorer type the public IPaddress and share name into the address bar Provide your username and password
POSIX ComplianceAureum provides a POSIX-compliant interface
Most of the Aureum interfaces are POSIX compliant and adhere to the IEEE standard The following isa list of exceptions to compliance
bull The directory nlink count is not incremented when a subdirectory is addedbull inode retention differs from the POSIX specification because there is no way to retain the original
inode number when a rename entails a move to a different device You can display the datahyperserver extent ID instead of the namespace hyperserver Node ID to the caller in the statfamily of calls This does not change when a file or directory is renamed It does change if the file ismigrated from one data hyperserver to another
bull If two mount points are held to the same Aureum and a file is closed on one Aureum does notremove a fcntl lock for the same file on another This is a variance on the way that NFS worksThe internal locking structures take into account the client ID which varies depending on the clientmount If there are two different mounts to a server Aureum treats them as separate machineswhich NFS does not
bull The file locking call flock() is emulated using POSIX byte range locks (fcntl() ) The POSIXcompliance specification does not cover flock() This implementation mirrors the behavior ofNFS The Aureum behavior is slightly different and varies from the POSIX specification as follows
1 As in NFS you must have write permissions to get a write lock2 As in NFS you cannot place both flock() and fcntl() locks on the same file as these locks
will conflict3 An flock() will not inherit across forks4 The flock() will be durable against other file closes but fcntl() locks will not behave within
the POSIX specification5 As well as being removed by an explicit f_unlock record locks are automatically released
when the process terminates or if it closes any file descriptor referring to a file on which locksare held This means that a process can lose the locks on a file like etcpasswd or etcmtab if a library function opens reads and closes it
Information and ResourcesThe latest news and information can always be found on the Peaxy website
Peaxy provides documents that are designed for different audiences These documents furnish acomprehensive explanation of Aureum and how to use it Additionally information is available fromtooltips Each field has a tooltip that adds explanations and any limitations for the item
The most current and accurate information available was included at the time this document wasprepared However changes may occur after the document is released Always read the ReleaseNotes for the most current information
Aureum Installation GuideA step-by-step guide to installing and configuring Aureum into your network
Aureum Administrator GuideA guide to understanding the Aureum architecture Provides details for planning configuring andmonitoring your implementation
Quickstart SeriesA series of two-page guides providing an abbreviated set of instructions for Aureum tasks Theycan be taken in order or used as reminders for individual tasks
Tech NotesSome technical issues are outside the scope of the regular documentation These are presented asTechnical Notes
Contact Peaxy9 am to 5 pm Pacific Standard Time
Main +1 (408) 441-6500
Support +1 (408) 763-3700
By phone
Support toll free US only +1 (844) 277-3299
General information infopeaxynet
Sales salespeaxynet
Support supportpeaxynet
By email
Documentation feedback feedbackpeaxynet
Online wwwpeaxynetsupport (login required)
Peaxy Inc
2380 Bering Dr
By mail
San Jose CA 95131 USA
LegalPeaxyreg and Aureumtrade are registered trademarks of Peaxy Inc
All other trademarks belong to their respective companies
CopyrightsThis document is copyright copy 2016 Peaxy Inc
Aureum software includes portions of the following
bull Amazon Web Services (AWS) Java SDK httpsawsamazoncomsdk-for-java and httpawsamazoncomapache-2-0
bull Apache License Version 20 January 2004bull BEOPEN PYTHON OPEN SOURCE LICENSE AGREEMENT VERSION 1bull BSD 3bull crc32 routine COPYRIGHT copy 1986 Gary S Brownbull Element Tree used under the Python licensebull Erlang Public License (EPL) a derivative work of the Mozilla Public License Now provided under
the Apache 20 licensebull GoogleAuth httpsgithubcomwstrangeGoogleAuthbull GNU Lesser General Public License Version 3 Copyright copy 2007 Free Software Foundation Inc
and GNU Lesser General Public License Version 21 Copyright copy 1999 Free Software FoundationInc
bull Samba is Free Software licensed under the GNU General Public License httpswwwsambaorgsambadocsGPLhtml the Samba project is a member of the Software Freedom Conservancy
bull JSON-C Copyright (c) 2009-2012 Eric Haszlakiewicz and Copyright (c) 2004-2005 MetaparadigmPte Ltd
bull Kerberos Copyright copy 1985-2009 now under the MIT 2 licensebull libcurl Copyright (c) 1996 - 2015 Daniel Stenbergdanielhaxxsebull lshow used under the GPL licensebull MIT (X11) Copyright copy 2007-2015bull RIAK Creative Commons (httpcreativecommonsorg licensesby30)bull Goldrush Copyright copy 2012 Magnus Klaarbull Meld Under ZPL licensebull NSIS (Nullsoft Scriptable Install System) copy 1999-2013bull OpenSSL License Copyright (c) 1998-2016 The OpenSSL Project and Original SSLeay License
Copyright (c) 1995-1998 Eric Youngbull Protobuf Copyright 2008 Google Inc now under the BSD 3 licensebull Setup Tools (setuptools-06c11) Under ZPL licensebull Sodium crypto library (libsodium) ISC license Copyright (c) 2013-2015 Frank Denisbull Solr the Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull TCL Copyright copy Regents of the University of California Sun Microsystems Inc Scriptics
Corporation and other partiesbull The Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull The Apache Tika project Copyright copy The Apache Software Foundationbull VirtualBox Copyright copy 2007 Oracle Corp as part of the GNU GPL V2 Licensebull YAWS Copyright copy 2006 Claes Wikstrom now under the BSD licensebull Apache zookeeper Under the Apache 2 license
Index | 35
Index
bdl license file 18
img 12
MD5 12
zip 12
A
access directories 24Active Directory 26add
resources 19servers 19
Admin 17administrator 17AMS 12 14 15 16Aureum IP address 11Aureum Manager 6 12 14Aureum name 18Aureum overview 5average file size 18
B
beacon turning on or off 19BIOS 15bonding network interface 19bootable USB 12 14browser 15button color 17
C
capacity 10 19CentOS 10checksum 12client registration 22clients 22configuration 11configure email 21connect 22contact 31create
export 23share 27
create Aureum 15create storage class 20
D
dedicated capacity 20dedicated nodes 5default storage class 20directory access 24discover resources 12 14 19discovery state Aureum nodes 12 14disk space required 10DNS server 11DNS servers 18documentation 31domain-authenticated user
domain 27
domain-authentication 22domain suffix 11download images 14
E
editsecurity level 22
emailer settings 21Ethernet
interface 10switch 10
exportCIFS 23create an export 23
F
files needed 12 14firewall 12flexible capacity 20flock 29FUSE 10
G
gateway 11 18
H
hardware requirements 10how to reach Peaxy 31
I
image copier 12 14import a license 18initial configuration 18inode retention 29install
client 24Linux client 24
introduction 5iptables 16
J
javarequired version 12 14
javaw 14
K
Kerberos 22 22 23
L
legal 33levels of security 23license files 18licenses 18
Index | 36
Linux client install 24localhost 15location 18
M
maintenance agreement 18management IP 15mapping 22mount Aureum 24 27mounting 22 22
N
namespace 18Navigation menu
configuration 11security 22
netBIOS 22NIC 19NTP server 11 18
O
outgoing email 21overview
architecture 6Aureum building blocks 6components 6
P
password 17password limitations 17ports 12POSIX compliance 29primary domain 18primary domain suffix 11
R
RAM requirements 10realms 22reboot 12 14recommended configuration 10Red Hat Enterprise Linux 10replication factor 11 18 20resources
needed 10run setup 16
S
samsp 12 14 16security 22 23security levels
security 22 23select the license 18SElinux 16sestatus 16set performance levels 20settings 11setup 16share
CIFS 27
create a share 27Share 26SMTP 17 21software files 14space needed 10storage class creating default 20subnet mask 11Support hours 31
T
tar ball 24time server 18time zone 11 18
U
USB 15USB stick 10 12 14user account 17
V
virtualization 6 15
W
what youll need 11Windows
domain 26join a domain 26share 27
Windows client 10
Y
yum 24
Install Aureum | 21
Remember all hyperservers assigned to this storage class will use these settings
Note You must include at least the same number of resources to create the specifiedreplication factor For example you cannot have a replication factor of three in anAureum system with only two servers
Because each replication requires some amount of storage the replication factor selectedaffects the amount of total storage available
Tip The Aureum data space is partitioned through all the data-capable hyperserversEach hyperserver can be configured to offer a specified replication factor This lets youstore vital data with high redundancy while more transient data can skip replication inorder to optimize storage and performance costs
d) Optional Enable flexible space allocationEnabling flexible storage space allows the members of the storage class to consume thecapacity needed When more storage space is needed more is allocated automaticallyregardless of the initial allocation Peaxy recommends this option for general use Some casesmight have different needs
e) Optional To make this the default storage class select YESAll data that does not meet the conditions in a specific data policy will be stored on the defaultstorage class (See data policies in the Aureum Administrator Guide)
3 Click CREATE STORAGE CLASS4 To complete the initial installation and configuration click FINALIZE AUREUM then click YES to
confirm the configuration is correct
Important After you click FINALIZE you must wait for the health indicator on the Aureumcard or list turn green before using Aureum
The Aureum installation is complete and the PMT shows the main Aureum window To configureadditional Aureum storage classes and data policies and to understand how to monitor Aureum seethe Aureum Administrator Guide
Define Outgoing Mail SettingsIn order for Aureum to send email notifications and provide lost password recovery you must tellAureum how to send email alerts
Important Configure outgoing email settings as soon as reasonably possible If you lose orforget your password Aureum cannot send reset instructions until you configure the emailsettings
1 Select EMAILER CONFIG from the SETUP WIZARD pane or from the Navigation menu select EMAILER
2 Type the email (SMTP) server to use when sending the emailThe email server must be accessible from Aureum
Install Aureum | 22
3 By default the system uses port 587 This is usually the right setting Only change the EMAILSERVER PORT if your organizations SMTP server requires it
4 Enter a valid user account and password that Aureum will use to send email from this server5 Optional SEND FROM is required only if your email server requires Transport Layer Security (TLS)
If this is the case type the SEND FROM email addressGenerally the recommended SEND FROM address is a working system administrator account
6 Click SAVE
Create a Client Registration UserThe Aureum client registration user and password allow client authentication at mount time
This allows you to create a custom account for authenticating client mounts
1 Click REGISTRATION2 Type a name for the user This will be the username that is authorized to type in the registration
password when an Aureum client is installed3 Type the client registration password This password is used to register the Aureum client for
authentication at mount time4 Click SAVE
Configure SecurityDefine define the level of security for client communication
1 Click SECURITY LEVEL2 Slide the controller to the level of security your data will use
3 Click ACCEPT
ConnectAn Aureum client mounts Aureum and allows access to folders and files Peaxy provides clientsoftware for Linux users and allows Windows users to access Aureum through a Windows share
The Linux-based client uses a FUSE component to remotely access Aureum services Almost all Linuxinstallations include FUSE so you should not need to do anything extra
The Aureum client has a small footprint A very limited set of memory and CPU cycles are needed toperform the client functions Also the Aureum client can be used concurrently with other clients forNFS and other network file systems
When you install the client the client drivers are added to the default system directories To accessthese directories use the mount command (more commonly known as mapping a drive in Windows)to mount the client to the directory
Install Aureum | 23
Mounting a client to an Aureum directory loads all the data structures necessary for the client tointeract with Aureum As the structures change Aureum updates them In order for a client to accessAureum all that is necessary is that the client know the IP address or URL to which the client willconnect and the client-Aureum registration password
Also available is the ability to join a Windows domain and create domain-authenticated users who canaccess different areas of Aureum
Linux Client-Aureum RegistrationThe minimum security level for Aureum is the authenticated mount To ensure that unauthorized usersdont gain access to data Peaxy provides an authenticated mount between Aureum Linux clients andAureum using certificates and registration
Note The process described in this section applies to Linux clients Windows domains userswith credentials from an Active Directory access Aureum through a Windows share
Security is always an important part of any system that provides data access especially when theaccess spans many users and locations Peaxy provides a registration process where the clientand server exchange certificates which are used to authenticate subsequent connections Theregistration provides a mutual authentication method between the client and Aureum allowing theclient access Only authenticated clients are allowed to mount Aureum Other clients cannot use thesame authentication as part of the certificate registration Aureum generates a client key pair that isunique to each client-Aureum connection
How It WorksThe AMS requires a dynamic registration at the initial mount time As part of the registration Aureumgenerates a key pair unique to each client This key pair is persistent so you do not need to re-register the client each time you mount Aureum
This initial registration is required the first time the client mounts Aureum and requires a specialregistration password that is unique to Aureum This password is entered by the Aureum administratorat the workstation on which the client is installed Subsequent client mounts use the client certificateissued during registration
Security LevelsAureum offers varying levels of security
The security level is visible on the Aureum card or list and is indicated in the SECURITY section by thenumber of total locks that are green Gray locks indicate how many additional security levels you canselect For example if there are four total locks and three are green your current security level is 3Message Integrity
bull Data Confidentiality all data in and out of Aureum is verified and encryptedbull Message Integrity message authentication codes verify message integritybull Kerberos Authentication use the Kerberos authentication protocol as the mechanism for
authentication between a client and a server or between one server and another serverbull Authenticated Mount use X509 certificates to mutually authenticate and validate all Aureum
clients and hyperservers in Aureum
Create an ExportCreate an export to allow Linux clients to mount and access Aureum
1 From the Navigation menu select SECURITY gt EXPORTS2 Type the export name3 In the EXPORT CONTENT IN field choose the data class to export
The IN DIRECTORY field automatically populates with the path specified by the chosen data classYou can extend this path but you cannot shorten it For example if the data class specifies the
Install Aureum | 24
engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the export5 Click CREATE6 To edit or delete an export click the corresponding entry in the list
bull To edit the export make the changes needed in the edit panel and click SAVE CHANGESbull To delete an export click the corresponding trash can icon ( ) and confirm the deletion
Install a Linux-based Aureum ClientYou install the Aureum client on physical hardware or on a workstation in the cloud Use the client tomount and access Aureum directories
Before installing the client make sure that your system meets the minimum requirements describedin the Requirements section of this document
Note Aureum uses FUSE in Direct IO mode for better performance The version of FUSErunning on older versions of CentOS Red Hat Enterprise Linux doesnt support mmap whenFUSE is being used this way This might cause some mmap functions such as ACCESS_WRITEMAP_SHARED and PROT_WRITE to fail You can use the mount flag --disable-direct-io-mode to disable Direct IO mode
If you choose to use Direct IO mmap will be disabled on CentOS56 and 57 since those versionsdont support mmap with direct IO Enabling this option will result in a significant performancedegradation on clients using this option Peaxy strongly recommends that you upgrade to a newerversion of Linux
Ensure FUSE and its dependencies have been installed on each client If it has not been installedinstall FUSE according to the instructions for the package you chose On CentOS for example installthis by typing
sudo yum -y install fusex86_64 fuse-develx86_64 fuse-libsx86_64
The version numbers for your installation may differ
If you have installed a version of the fuseko module that is not the Peaxy-specific version runadditional commands at the end of the installation process This prevents kernel-oops messages fromconsuming all of the space in the varspool directory These messages indicate a benign conditiondue to a Linux FUSE problem
Run the following commands
chkconfig --levels 2345 abrt-oops off service abrt-oops stop
Note The client installation sets the following values automatically
Parameter Value set to
netipv4tcp_tw_recycle 1
netipv4tcp_fin_timeout 2
netcorewmem_max 2097152
netcorermem_max 2097152
netcorewmem_default 2097152
netcorermem_default 2097152
Install Aureum | 25
1 Download the Aureum client file from the support section of the Peaxy website at wwwpeaxynetsupport (login is required)The file is downloaded as a targz package and contains an installer It has a name similar tohfclient-fuse-400ltbuildnumbergttargz
2 Unpack the distribution file by typing the following
tar -zxvf hfclient-fuse-400ltbuildnumbergttargz
You will see something like the following
hfclient-fuse-400hfclient-fuse-400setupshhfclient-fuse-400scriptshfclient-fuse-400scriptsupdatedbshhfclient-fuse-400scriptsc_rehashshhfclient-fuse-400scriptssysctlshhfclient-fuse-400scriptsunregshhfclient-fuse-400scriptsconfshhfclient-fuse-400binhfclient-fuse-400binfusehfCentOS-5xhfclient-fuse-400binfusehfhfclient-fuse-400confhfclient-fuse-400confhfconftgz
3 While logged in as root run setupsh installThe driver files are installed in the default system directories You will see something similar to thefollowing
sudo setupsh install
Installer for Peaxy Aureum Client version 40
Checking package contentsInstalling hf client binariesremoved `optpeaxy-40sbinfusehf`binfusehf -gt `optpeaxy-40sbinfusehfInstallation complete
Mount Aureum
Mount Aureum (Linux)After the client is installed use the mount command to mount Aureum
At a command prompt type
sudo mkdir -p ltmnt_pointgtsudo mount -t fusehf hfltmgmt_ipgt ltmnt_pointgt -o user=ltclient registration usernamegt
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is thedirectory that will serve as your local mount point for example mntpeaxy
If you omit -o user=ltclient_user_namegt you would be prompted for the password associatedwith the local admin account to complete the client registration Best practice is to always create aclient registration account and use that password
The first time you mount the client to Aureum you will be prompted for a registration passwordto allow client-Aureum authentication Type the client registration password Otherwise youradministrator must do this for you
Peaxy strongly recommends that you change the password often especially after typing the passwordfor a client registration
If you or your IT administrator have associated a DNS entry with the Aureum IP address you mightwant to use the DNS name as the name for your mount point
Install Aureum | 26
To configure the Aureum client to automatically mount on startup locate the etcfstab file andadd the line
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults 0 0
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is the localmount point for example mntpeaxy
Note If you are running CentOS 7 change this line to add the _netdev flag as below
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults_netdev 0 0
You can now use the Aureum client to access Aureum
Unregister a Linux Client from AureumYou can securely unregister an installed FUSE client from the Aureum system that it mounts
Removing the registration renders the client unable to access Aureum If you use the all option youwill need to perform a new registration setup before you can mount Aureum again
Unregistering a client is done by running the unregsh script Use the following procedure tounregister the client
1 On the workstation running the client open a command prompt2 Move to optpeaxybin the location of the script3 Run the script
bull Type sudo unregsh ltAureumgt to unregister the client from a specific Aureum systemReplace ltAureumgt with the Aureum system to unregister
bull Type sudo unregsh all to unregister the client from all Aureum systems on which theclient is registered
Note Peaxy strongly recommends using the all option before you decommission aclient workstation
Windows ConfigurationDomain users with credentials from an Active Directory can access Aureum through a share
After Aureum joins a domain it sets up network shares for chosen directories (including all containedsubdirectories) To domain users these shares look the same as any other folder that is accessible viathe network
Unlike an Aureum client which mounts to the root of the volume a share allows a user to exportsubdirectories for more granular access
Where to Find ItFrom the Navigation menu select SECURITY gt DOMAINS and SECURITY gt SHARES
Join a DomainBefore you can create a share you must join a Windows domain
You can pre-create a machine account in an Active Directory under a specified OU If you choose notto do so Aureum will try to add a computer account to the default location of ldquoComputersrdquo
Important If Aureum is already joined to a domain joining another domain will replace thejoin not add to it Aureum will only be joined to the most recently joined domain
1 From the Navigation menu select SECURITY gt DOMAINS2 Type the complete Windows domain to join for example engexamplecom3 Type the username with access to the domain The user must have the necessary permissions to
join Aureum to the domain4 Type the password associated with the username or access to modify an object in the OU if the
machine account was pre-created
Install Aureum | 27
5 In the NETBIOS NAME field set the Aureum computer account name you wish to be created in theActive Directory If Aureum is using a pre-created machine account in a specific OU then the nameyou specify here must match that name exactly
6 Click JOIN
After the domain has been joined the JOIN button changes to LEAVE To leave the domain clickLEAVE
Create a ShareCreate a share to allow Windows users to connect to Aureum
Before you can create a share you must join the appropriate domain
1 From the Navigation menu select SECURITY gt SHARES2 Type the name of the share3 In the SHARE CONTENT IN field choose the appropriate data class
The IN DIRECTORY field automatically populates with the path specified by the chosen data classYou can extend this path but you cannot shorten it For example if the data class specifies the engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the share5 Click CREATE
6 To edit or delete a share click the share to be modified
bull To edit the share make the changes needed in the edit panel and click SAVE CHANGESbull To delete the share click the trash can icon ( ) and confirm the deletion
Mount an Aureum Windows ShareDomain-authenticated users can mount and access Aureum directories using a share
After Aureum has been joined to a domain and the share has been created you can easily mount tothe share
The exact mount process is based on your workstation OS
Install Aureum | 28
If you do not already know it you can determine the mount point from Aureum by navigating to theJOIN DOMAIN page and using one of the listed public IP addresses as the mount point Include theshare name when mounting
Peaxy recommends that you take the list of public IP addresses and enter them into your DNS serverlisted under the Aureum NetBIOS name within the appropriate domain In cases where multipleaddresses are used the DNS server automatically round-robins the returned address This ensure thatclient connection load is distributed across the available nodes
As a Windows example to mount a drive letter to Aureum Type
net use ltdrive_lettergt ltpublic addressgtltshare namegt
where ltdrive_lettergt is the drive letter to assign to Aureum ltpublic_addressgt is the IP address usedto join the domain and ltshare_namegt is the share
You then log into the share using your domain-authenticated username and password For exampleMYDOMAINmyname
After mapping the drive access Aureum through Windows Explorer just like you would any otherdrive
If the share does not appear in the Windows Explorer after a change such as a system reboot occursrefresh the view using the Refresh icon ( ) The share should display correctly
You do not have to assign a share to a drive letter however In Windows Explorer type the public IPaddress and share name into the address bar Provide your username and password
POSIX ComplianceAureum provides a POSIX-compliant interface
Most of the Aureum interfaces are POSIX compliant and adhere to the IEEE standard The following isa list of exceptions to compliance
bull The directory nlink count is not incremented when a subdirectory is addedbull inode retention differs from the POSIX specification because there is no way to retain the original
inode number when a rename entails a move to a different device You can display the datahyperserver extent ID instead of the namespace hyperserver Node ID to the caller in the statfamily of calls This does not change when a file or directory is renamed It does change if the file ismigrated from one data hyperserver to another
bull If two mount points are held to the same Aureum and a file is closed on one Aureum does notremove a fcntl lock for the same file on another This is a variance on the way that NFS worksThe internal locking structures take into account the client ID which varies depending on the clientmount If there are two different mounts to a server Aureum treats them as separate machineswhich NFS does not
bull The file locking call flock() is emulated using POSIX byte range locks (fcntl() ) The POSIXcompliance specification does not cover flock() This implementation mirrors the behavior ofNFS The Aureum behavior is slightly different and varies from the POSIX specification as follows
1 As in NFS you must have write permissions to get a write lock2 As in NFS you cannot place both flock() and fcntl() locks on the same file as these locks
will conflict3 An flock() will not inherit across forks4 The flock() will be durable against other file closes but fcntl() locks will not behave within
the POSIX specification5 As well as being removed by an explicit f_unlock record locks are automatically released
when the process terminates or if it closes any file descriptor referring to a file on which locksare held This means that a process can lose the locks on a file like etcpasswd or etcmtab if a library function opens reads and closes it
Information and ResourcesThe latest news and information can always be found on the Peaxy website
Peaxy provides documents that are designed for different audiences These documents furnish acomprehensive explanation of Aureum and how to use it Additionally information is available fromtooltips Each field has a tooltip that adds explanations and any limitations for the item
The most current and accurate information available was included at the time this document wasprepared However changes may occur after the document is released Always read the ReleaseNotes for the most current information
Aureum Installation GuideA step-by-step guide to installing and configuring Aureum into your network
Aureum Administrator GuideA guide to understanding the Aureum architecture Provides details for planning configuring andmonitoring your implementation
Quickstart SeriesA series of two-page guides providing an abbreviated set of instructions for Aureum tasks Theycan be taken in order or used as reminders for individual tasks
Tech NotesSome technical issues are outside the scope of the regular documentation These are presented asTechnical Notes
Contact Peaxy9 am to 5 pm Pacific Standard Time
Main +1 (408) 441-6500
Support +1 (408) 763-3700
By phone
Support toll free US only +1 (844) 277-3299
General information infopeaxynet
Sales salespeaxynet
Support supportpeaxynet
By email
Documentation feedback feedbackpeaxynet
Online wwwpeaxynetsupport (login required)
Peaxy Inc
2380 Bering Dr
By mail
San Jose CA 95131 USA
LegalPeaxyreg and Aureumtrade are registered trademarks of Peaxy Inc
All other trademarks belong to their respective companies
CopyrightsThis document is copyright copy 2016 Peaxy Inc
Aureum software includes portions of the following
bull Amazon Web Services (AWS) Java SDK httpsawsamazoncomsdk-for-java and httpawsamazoncomapache-2-0
bull Apache License Version 20 January 2004bull BEOPEN PYTHON OPEN SOURCE LICENSE AGREEMENT VERSION 1bull BSD 3bull crc32 routine COPYRIGHT copy 1986 Gary S Brownbull Element Tree used under the Python licensebull Erlang Public License (EPL) a derivative work of the Mozilla Public License Now provided under
the Apache 20 licensebull GoogleAuth httpsgithubcomwstrangeGoogleAuthbull GNU Lesser General Public License Version 3 Copyright copy 2007 Free Software Foundation Inc
and GNU Lesser General Public License Version 21 Copyright copy 1999 Free Software FoundationInc
bull Samba is Free Software licensed under the GNU General Public License httpswwwsambaorgsambadocsGPLhtml the Samba project is a member of the Software Freedom Conservancy
bull JSON-C Copyright (c) 2009-2012 Eric Haszlakiewicz and Copyright (c) 2004-2005 MetaparadigmPte Ltd
bull Kerberos Copyright copy 1985-2009 now under the MIT 2 licensebull libcurl Copyright (c) 1996 - 2015 Daniel Stenbergdanielhaxxsebull lshow used under the GPL licensebull MIT (X11) Copyright copy 2007-2015bull RIAK Creative Commons (httpcreativecommonsorg licensesby30)bull Goldrush Copyright copy 2012 Magnus Klaarbull Meld Under ZPL licensebull NSIS (Nullsoft Scriptable Install System) copy 1999-2013bull OpenSSL License Copyright (c) 1998-2016 The OpenSSL Project and Original SSLeay License
Copyright (c) 1995-1998 Eric Youngbull Protobuf Copyright 2008 Google Inc now under the BSD 3 licensebull Setup Tools (setuptools-06c11) Under ZPL licensebull Sodium crypto library (libsodium) ISC license Copyright (c) 2013-2015 Frank Denisbull Solr the Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull TCL Copyright copy Regents of the University of California Sun Microsystems Inc Scriptics
Corporation and other partiesbull The Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull The Apache Tika project Copyright copy The Apache Software Foundationbull VirtualBox Copyright copy 2007 Oracle Corp as part of the GNU GPL V2 Licensebull YAWS Copyright copy 2006 Claes Wikstrom now under the BSD licensebull Apache zookeeper Under the Apache 2 license
Index | 35
Index
bdl license file 18
img 12
MD5 12
zip 12
A
access directories 24Active Directory 26add
resources 19servers 19
Admin 17administrator 17AMS 12 14 15 16Aureum IP address 11Aureum Manager 6 12 14Aureum name 18Aureum overview 5average file size 18
B
beacon turning on or off 19BIOS 15bonding network interface 19bootable USB 12 14browser 15button color 17
C
capacity 10 19CentOS 10checksum 12client registration 22clients 22configuration 11configure email 21connect 22contact 31create
export 23share 27
create Aureum 15create storage class 20
D
dedicated capacity 20dedicated nodes 5default storage class 20directory access 24discover resources 12 14 19discovery state Aureum nodes 12 14disk space required 10DNS server 11DNS servers 18documentation 31domain-authenticated user
domain 27
domain-authentication 22domain suffix 11download images 14
E
editsecurity level 22
emailer settings 21Ethernet
interface 10switch 10
exportCIFS 23create an export 23
F
files needed 12 14firewall 12flexible capacity 20flock 29FUSE 10
G
gateway 11 18
H
hardware requirements 10how to reach Peaxy 31
I
image copier 12 14import a license 18initial configuration 18inode retention 29install
client 24Linux client 24
introduction 5iptables 16
J
javarequired version 12 14
javaw 14
K
Kerberos 22 22 23
L
legal 33levels of security 23license files 18licenses 18
Index | 36
Linux client install 24localhost 15location 18
M
maintenance agreement 18management IP 15mapping 22mount Aureum 24 27mounting 22 22
N
namespace 18Navigation menu
configuration 11security 22
netBIOS 22NIC 19NTP server 11 18
O
outgoing email 21overview
architecture 6Aureum building blocks 6components 6
P
password 17password limitations 17ports 12POSIX compliance 29primary domain 18primary domain suffix 11
R
RAM requirements 10realms 22reboot 12 14recommended configuration 10Red Hat Enterprise Linux 10replication factor 11 18 20resources
needed 10run setup 16
S
samsp 12 14 16security 22 23security levels
security 22 23select the license 18SElinux 16sestatus 16set performance levels 20settings 11setup 16share
CIFS 27
create a share 27Share 26SMTP 17 21software files 14space needed 10storage class creating default 20subnet mask 11Support hours 31
T
tar ball 24time server 18time zone 11 18
U
USB 15USB stick 10 12 14user account 17
V
virtualization 6 15
W
what youll need 11Windows
domain 26join a domain 26share 27
Windows client 10
Y
yum 24
Install Aureum | 22
3 By default the system uses port 587 This is usually the right setting Only change the EMAILSERVER PORT if your organizations SMTP server requires it
4 Enter a valid user account and password that Aureum will use to send email from this server5 Optional SEND FROM is required only if your email server requires Transport Layer Security (TLS)
If this is the case type the SEND FROM email addressGenerally the recommended SEND FROM address is a working system administrator account
6 Click SAVE
Create a Client Registration UserThe Aureum client registration user and password allow client authentication at mount time
This allows you to create a custom account for authenticating client mounts
1 Click REGISTRATION2 Type a name for the user This will be the username that is authorized to type in the registration
password when an Aureum client is installed3 Type the client registration password This password is used to register the Aureum client for
authentication at mount time4 Click SAVE
Configure SecurityDefine define the level of security for client communication
1 Click SECURITY LEVEL2 Slide the controller to the level of security your data will use
3 Click ACCEPT
ConnectAn Aureum client mounts Aureum and allows access to folders and files Peaxy provides clientsoftware for Linux users and allows Windows users to access Aureum through a Windows share
The Linux-based client uses a FUSE component to remotely access Aureum services Almost all Linuxinstallations include FUSE so you should not need to do anything extra
The Aureum client has a small footprint A very limited set of memory and CPU cycles are needed toperform the client functions Also the Aureum client can be used concurrently with other clients forNFS and other network file systems
When you install the client the client drivers are added to the default system directories To accessthese directories use the mount command (more commonly known as mapping a drive in Windows)to mount the client to the directory
Install Aureum | 23
Mounting a client to an Aureum directory loads all the data structures necessary for the client tointeract with Aureum As the structures change Aureum updates them In order for a client to accessAureum all that is necessary is that the client know the IP address or URL to which the client willconnect and the client-Aureum registration password
Also available is the ability to join a Windows domain and create domain-authenticated users who canaccess different areas of Aureum
Linux Client-Aureum RegistrationThe minimum security level for Aureum is the authenticated mount To ensure that unauthorized usersdont gain access to data Peaxy provides an authenticated mount between Aureum Linux clients andAureum using certificates and registration
Note The process described in this section applies to Linux clients Windows domains userswith credentials from an Active Directory access Aureum through a Windows share
Security is always an important part of any system that provides data access especially when theaccess spans many users and locations Peaxy provides a registration process where the clientand server exchange certificates which are used to authenticate subsequent connections Theregistration provides a mutual authentication method between the client and Aureum allowing theclient access Only authenticated clients are allowed to mount Aureum Other clients cannot use thesame authentication as part of the certificate registration Aureum generates a client key pair that isunique to each client-Aureum connection
How It WorksThe AMS requires a dynamic registration at the initial mount time As part of the registration Aureumgenerates a key pair unique to each client This key pair is persistent so you do not need to re-register the client each time you mount Aureum
This initial registration is required the first time the client mounts Aureum and requires a specialregistration password that is unique to Aureum This password is entered by the Aureum administratorat the workstation on which the client is installed Subsequent client mounts use the client certificateissued during registration
Security LevelsAureum offers varying levels of security
The security level is visible on the Aureum card or list and is indicated in the SECURITY section by thenumber of total locks that are green Gray locks indicate how many additional security levels you canselect For example if there are four total locks and three are green your current security level is 3Message Integrity
bull Data Confidentiality all data in and out of Aureum is verified and encryptedbull Message Integrity message authentication codes verify message integritybull Kerberos Authentication use the Kerberos authentication protocol as the mechanism for
authentication between a client and a server or between one server and another serverbull Authenticated Mount use X509 certificates to mutually authenticate and validate all Aureum
clients and hyperservers in Aureum
Create an ExportCreate an export to allow Linux clients to mount and access Aureum
1 From the Navigation menu select SECURITY gt EXPORTS2 Type the export name3 In the EXPORT CONTENT IN field choose the data class to export
The IN DIRECTORY field automatically populates with the path specified by the chosen data classYou can extend this path but you cannot shorten it For example if the data class specifies the
Install Aureum | 24
engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the export5 Click CREATE6 To edit or delete an export click the corresponding entry in the list
bull To edit the export make the changes needed in the edit panel and click SAVE CHANGESbull To delete an export click the corresponding trash can icon ( ) and confirm the deletion
Install a Linux-based Aureum ClientYou install the Aureum client on physical hardware or on a workstation in the cloud Use the client tomount and access Aureum directories
Before installing the client make sure that your system meets the minimum requirements describedin the Requirements section of this document
Note Aureum uses FUSE in Direct IO mode for better performance The version of FUSErunning on older versions of CentOS Red Hat Enterprise Linux doesnt support mmap whenFUSE is being used this way This might cause some mmap functions such as ACCESS_WRITEMAP_SHARED and PROT_WRITE to fail You can use the mount flag --disable-direct-io-mode to disable Direct IO mode
If you choose to use Direct IO mmap will be disabled on CentOS56 and 57 since those versionsdont support mmap with direct IO Enabling this option will result in a significant performancedegradation on clients using this option Peaxy strongly recommends that you upgrade to a newerversion of Linux
Ensure FUSE and its dependencies have been installed on each client If it has not been installedinstall FUSE according to the instructions for the package you chose On CentOS for example installthis by typing
sudo yum -y install fusex86_64 fuse-develx86_64 fuse-libsx86_64
The version numbers for your installation may differ
If you have installed a version of the fuseko module that is not the Peaxy-specific version runadditional commands at the end of the installation process This prevents kernel-oops messages fromconsuming all of the space in the varspool directory These messages indicate a benign conditiondue to a Linux FUSE problem
Run the following commands
chkconfig --levels 2345 abrt-oops off service abrt-oops stop
Note The client installation sets the following values automatically
Parameter Value set to
netipv4tcp_tw_recycle 1
netipv4tcp_fin_timeout 2
netcorewmem_max 2097152
netcorermem_max 2097152
netcorewmem_default 2097152
netcorermem_default 2097152
Install Aureum | 25
1 Download the Aureum client file from the support section of the Peaxy website at wwwpeaxynetsupport (login is required)The file is downloaded as a targz package and contains an installer It has a name similar tohfclient-fuse-400ltbuildnumbergttargz
2 Unpack the distribution file by typing the following
tar -zxvf hfclient-fuse-400ltbuildnumbergttargz
You will see something like the following
hfclient-fuse-400hfclient-fuse-400setupshhfclient-fuse-400scriptshfclient-fuse-400scriptsupdatedbshhfclient-fuse-400scriptsc_rehashshhfclient-fuse-400scriptssysctlshhfclient-fuse-400scriptsunregshhfclient-fuse-400scriptsconfshhfclient-fuse-400binhfclient-fuse-400binfusehfCentOS-5xhfclient-fuse-400binfusehfhfclient-fuse-400confhfclient-fuse-400confhfconftgz
3 While logged in as root run setupsh installThe driver files are installed in the default system directories You will see something similar to thefollowing
sudo setupsh install
Installer for Peaxy Aureum Client version 40
Checking package contentsInstalling hf client binariesremoved `optpeaxy-40sbinfusehf`binfusehf -gt `optpeaxy-40sbinfusehfInstallation complete
Mount Aureum
Mount Aureum (Linux)After the client is installed use the mount command to mount Aureum
At a command prompt type
sudo mkdir -p ltmnt_pointgtsudo mount -t fusehf hfltmgmt_ipgt ltmnt_pointgt -o user=ltclient registration usernamegt
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is thedirectory that will serve as your local mount point for example mntpeaxy
If you omit -o user=ltclient_user_namegt you would be prompted for the password associatedwith the local admin account to complete the client registration Best practice is to always create aclient registration account and use that password
The first time you mount the client to Aureum you will be prompted for a registration passwordto allow client-Aureum authentication Type the client registration password Otherwise youradministrator must do this for you
Peaxy strongly recommends that you change the password often especially after typing the passwordfor a client registration
If you or your IT administrator have associated a DNS entry with the Aureum IP address you mightwant to use the DNS name as the name for your mount point
Install Aureum | 26
To configure the Aureum client to automatically mount on startup locate the etcfstab file andadd the line
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults 0 0
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is the localmount point for example mntpeaxy
Note If you are running CentOS 7 change this line to add the _netdev flag as below
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults_netdev 0 0
You can now use the Aureum client to access Aureum
Unregister a Linux Client from AureumYou can securely unregister an installed FUSE client from the Aureum system that it mounts
Removing the registration renders the client unable to access Aureum If you use the all option youwill need to perform a new registration setup before you can mount Aureum again
Unregistering a client is done by running the unregsh script Use the following procedure tounregister the client
1 On the workstation running the client open a command prompt2 Move to optpeaxybin the location of the script3 Run the script
bull Type sudo unregsh ltAureumgt to unregister the client from a specific Aureum systemReplace ltAureumgt with the Aureum system to unregister
bull Type sudo unregsh all to unregister the client from all Aureum systems on which theclient is registered
Note Peaxy strongly recommends using the all option before you decommission aclient workstation
Windows ConfigurationDomain users with credentials from an Active Directory can access Aureum through a share
After Aureum joins a domain it sets up network shares for chosen directories (including all containedsubdirectories) To domain users these shares look the same as any other folder that is accessible viathe network
Unlike an Aureum client which mounts to the root of the volume a share allows a user to exportsubdirectories for more granular access
Where to Find ItFrom the Navigation menu select SECURITY gt DOMAINS and SECURITY gt SHARES
Join a DomainBefore you can create a share you must join a Windows domain
You can pre-create a machine account in an Active Directory under a specified OU If you choose notto do so Aureum will try to add a computer account to the default location of ldquoComputersrdquo
Important If Aureum is already joined to a domain joining another domain will replace thejoin not add to it Aureum will only be joined to the most recently joined domain
1 From the Navigation menu select SECURITY gt DOMAINS2 Type the complete Windows domain to join for example engexamplecom3 Type the username with access to the domain The user must have the necessary permissions to
join Aureum to the domain4 Type the password associated with the username or access to modify an object in the OU if the
machine account was pre-created
Install Aureum | 27
5 In the NETBIOS NAME field set the Aureum computer account name you wish to be created in theActive Directory If Aureum is using a pre-created machine account in a specific OU then the nameyou specify here must match that name exactly
6 Click JOIN
After the domain has been joined the JOIN button changes to LEAVE To leave the domain clickLEAVE
Create a ShareCreate a share to allow Windows users to connect to Aureum
Before you can create a share you must join the appropriate domain
1 From the Navigation menu select SECURITY gt SHARES2 Type the name of the share3 In the SHARE CONTENT IN field choose the appropriate data class
The IN DIRECTORY field automatically populates with the path specified by the chosen data classYou can extend this path but you cannot shorten it For example if the data class specifies the engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the share5 Click CREATE
6 To edit or delete a share click the share to be modified
bull To edit the share make the changes needed in the edit panel and click SAVE CHANGESbull To delete the share click the trash can icon ( ) and confirm the deletion
Mount an Aureum Windows ShareDomain-authenticated users can mount and access Aureum directories using a share
After Aureum has been joined to a domain and the share has been created you can easily mount tothe share
The exact mount process is based on your workstation OS
Install Aureum | 28
If you do not already know it you can determine the mount point from Aureum by navigating to theJOIN DOMAIN page and using one of the listed public IP addresses as the mount point Include theshare name when mounting
Peaxy recommends that you take the list of public IP addresses and enter them into your DNS serverlisted under the Aureum NetBIOS name within the appropriate domain In cases where multipleaddresses are used the DNS server automatically round-robins the returned address This ensure thatclient connection load is distributed across the available nodes
As a Windows example to mount a drive letter to Aureum Type
net use ltdrive_lettergt ltpublic addressgtltshare namegt
where ltdrive_lettergt is the drive letter to assign to Aureum ltpublic_addressgt is the IP address usedto join the domain and ltshare_namegt is the share
You then log into the share using your domain-authenticated username and password For exampleMYDOMAINmyname
After mapping the drive access Aureum through Windows Explorer just like you would any otherdrive
If the share does not appear in the Windows Explorer after a change such as a system reboot occursrefresh the view using the Refresh icon ( ) The share should display correctly
You do not have to assign a share to a drive letter however In Windows Explorer type the public IPaddress and share name into the address bar Provide your username and password
POSIX ComplianceAureum provides a POSIX-compliant interface
Most of the Aureum interfaces are POSIX compliant and adhere to the IEEE standard The following isa list of exceptions to compliance
bull The directory nlink count is not incremented when a subdirectory is addedbull inode retention differs from the POSIX specification because there is no way to retain the original
inode number when a rename entails a move to a different device You can display the datahyperserver extent ID instead of the namespace hyperserver Node ID to the caller in the statfamily of calls This does not change when a file or directory is renamed It does change if the file ismigrated from one data hyperserver to another
bull If two mount points are held to the same Aureum and a file is closed on one Aureum does notremove a fcntl lock for the same file on another This is a variance on the way that NFS worksThe internal locking structures take into account the client ID which varies depending on the clientmount If there are two different mounts to a server Aureum treats them as separate machineswhich NFS does not
bull The file locking call flock() is emulated using POSIX byte range locks (fcntl() ) The POSIXcompliance specification does not cover flock() This implementation mirrors the behavior ofNFS The Aureum behavior is slightly different and varies from the POSIX specification as follows
1 As in NFS you must have write permissions to get a write lock2 As in NFS you cannot place both flock() and fcntl() locks on the same file as these locks
will conflict3 An flock() will not inherit across forks4 The flock() will be durable against other file closes but fcntl() locks will not behave within
the POSIX specification5 As well as being removed by an explicit f_unlock record locks are automatically released
when the process terminates or if it closes any file descriptor referring to a file on which locksare held This means that a process can lose the locks on a file like etcpasswd or etcmtab if a library function opens reads and closes it
Information and ResourcesThe latest news and information can always be found on the Peaxy website
Peaxy provides documents that are designed for different audiences These documents furnish acomprehensive explanation of Aureum and how to use it Additionally information is available fromtooltips Each field has a tooltip that adds explanations and any limitations for the item
The most current and accurate information available was included at the time this document wasprepared However changes may occur after the document is released Always read the ReleaseNotes for the most current information
Aureum Installation GuideA step-by-step guide to installing and configuring Aureum into your network
Aureum Administrator GuideA guide to understanding the Aureum architecture Provides details for planning configuring andmonitoring your implementation
Quickstart SeriesA series of two-page guides providing an abbreviated set of instructions for Aureum tasks Theycan be taken in order or used as reminders for individual tasks
Tech NotesSome technical issues are outside the scope of the regular documentation These are presented asTechnical Notes
Contact Peaxy9 am to 5 pm Pacific Standard Time
Main +1 (408) 441-6500
Support +1 (408) 763-3700
By phone
Support toll free US only +1 (844) 277-3299
General information infopeaxynet
Sales salespeaxynet
Support supportpeaxynet
By email
Documentation feedback feedbackpeaxynet
Online wwwpeaxynetsupport (login required)
Peaxy Inc
2380 Bering Dr
By mail
San Jose CA 95131 USA
LegalPeaxyreg and Aureumtrade are registered trademarks of Peaxy Inc
All other trademarks belong to their respective companies
CopyrightsThis document is copyright copy 2016 Peaxy Inc
Aureum software includes portions of the following
bull Amazon Web Services (AWS) Java SDK httpsawsamazoncomsdk-for-java and httpawsamazoncomapache-2-0
bull Apache License Version 20 January 2004bull BEOPEN PYTHON OPEN SOURCE LICENSE AGREEMENT VERSION 1bull BSD 3bull crc32 routine COPYRIGHT copy 1986 Gary S Brownbull Element Tree used under the Python licensebull Erlang Public License (EPL) a derivative work of the Mozilla Public License Now provided under
the Apache 20 licensebull GoogleAuth httpsgithubcomwstrangeGoogleAuthbull GNU Lesser General Public License Version 3 Copyright copy 2007 Free Software Foundation Inc
and GNU Lesser General Public License Version 21 Copyright copy 1999 Free Software FoundationInc
bull Samba is Free Software licensed under the GNU General Public License httpswwwsambaorgsambadocsGPLhtml the Samba project is a member of the Software Freedom Conservancy
bull JSON-C Copyright (c) 2009-2012 Eric Haszlakiewicz and Copyright (c) 2004-2005 MetaparadigmPte Ltd
bull Kerberos Copyright copy 1985-2009 now under the MIT 2 licensebull libcurl Copyright (c) 1996 - 2015 Daniel Stenbergdanielhaxxsebull lshow used under the GPL licensebull MIT (X11) Copyright copy 2007-2015bull RIAK Creative Commons (httpcreativecommonsorg licensesby30)bull Goldrush Copyright copy 2012 Magnus Klaarbull Meld Under ZPL licensebull NSIS (Nullsoft Scriptable Install System) copy 1999-2013bull OpenSSL License Copyright (c) 1998-2016 The OpenSSL Project and Original SSLeay License
Copyright (c) 1995-1998 Eric Youngbull Protobuf Copyright 2008 Google Inc now under the BSD 3 licensebull Setup Tools (setuptools-06c11) Under ZPL licensebull Sodium crypto library (libsodium) ISC license Copyright (c) 2013-2015 Frank Denisbull Solr the Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull TCL Copyright copy Regents of the University of California Sun Microsystems Inc Scriptics
Corporation and other partiesbull The Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull The Apache Tika project Copyright copy The Apache Software Foundationbull VirtualBox Copyright copy 2007 Oracle Corp as part of the GNU GPL V2 Licensebull YAWS Copyright copy 2006 Claes Wikstrom now under the BSD licensebull Apache zookeeper Under the Apache 2 license
Index | 35
Index
bdl license file 18
img 12
MD5 12
zip 12
A
access directories 24Active Directory 26add
resources 19servers 19
Admin 17administrator 17AMS 12 14 15 16Aureum IP address 11Aureum Manager 6 12 14Aureum name 18Aureum overview 5average file size 18
B
beacon turning on or off 19BIOS 15bonding network interface 19bootable USB 12 14browser 15button color 17
C
capacity 10 19CentOS 10checksum 12client registration 22clients 22configuration 11configure email 21connect 22contact 31create
export 23share 27
create Aureum 15create storage class 20
D
dedicated capacity 20dedicated nodes 5default storage class 20directory access 24discover resources 12 14 19discovery state Aureum nodes 12 14disk space required 10DNS server 11DNS servers 18documentation 31domain-authenticated user
domain 27
domain-authentication 22domain suffix 11download images 14
E
editsecurity level 22
emailer settings 21Ethernet
interface 10switch 10
exportCIFS 23create an export 23
F
files needed 12 14firewall 12flexible capacity 20flock 29FUSE 10
G
gateway 11 18
H
hardware requirements 10how to reach Peaxy 31
I
image copier 12 14import a license 18initial configuration 18inode retention 29install
client 24Linux client 24
introduction 5iptables 16
J
javarequired version 12 14
javaw 14
K
Kerberos 22 22 23
L
legal 33levels of security 23license files 18licenses 18
Index | 36
Linux client install 24localhost 15location 18
M
maintenance agreement 18management IP 15mapping 22mount Aureum 24 27mounting 22 22
N
namespace 18Navigation menu
configuration 11security 22
netBIOS 22NIC 19NTP server 11 18
O
outgoing email 21overview
architecture 6Aureum building blocks 6components 6
P
password 17password limitations 17ports 12POSIX compliance 29primary domain 18primary domain suffix 11
R
RAM requirements 10realms 22reboot 12 14recommended configuration 10Red Hat Enterprise Linux 10replication factor 11 18 20resources
needed 10run setup 16
S
samsp 12 14 16security 22 23security levels
security 22 23select the license 18SElinux 16sestatus 16set performance levels 20settings 11setup 16share
CIFS 27
create a share 27Share 26SMTP 17 21software files 14space needed 10storage class creating default 20subnet mask 11Support hours 31
T
tar ball 24time server 18time zone 11 18
U
USB 15USB stick 10 12 14user account 17
V
virtualization 6 15
W
what youll need 11Windows
domain 26join a domain 26share 27
Windows client 10
Y
yum 24
Install Aureum | 23
Mounting a client to an Aureum directory loads all the data structures necessary for the client tointeract with Aureum As the structures change Aureum updates them In order for a client to accessAureum all that is necessary is that the client know the IP address or URL to which the client willconnect and the client-Aureum registration password
Also available is the ability to join a Windows domain and create domain-authenticated users who canaccess different areas of Aureum
Linux Client-Aureum RegistrationThe minimum security level for Aureum is the authenticated mount To ensure that unauthorized usersdont gain access to data Peaxy provides an authenticated mount between Aureum Linux clients andAureum using certificates and registration
Note The process described in this section applies to Linux clients Windows domains userswith credentials from an Active Directory access Aureum through a Windows share
Security is always an important part of any system that provides data access especially when theaccess spans many users and locations Peaxy provides a registration process where the clientand server exchange certificates which are used to authenticate subsequent connections Theregistration provides a mutual authentication method between the client and Aureum allowing theclient access Only authenticated clients are allowed to mount Aureum Other clients cannot use thesame authentication as part of the certificate registration Aureum generates a client key pair that isunique to each client-Aureum connection
How It WorksThe AMS requires a dynamic registration at the initial mount time As part of the registration Aureumgenerates a key pair unique to each client This key pair is persistent so you do not need to re-register the client each time you mount Aureum
This initial registration is required the first time the client mounts Aureum and requires a specialregistration password that is unique to Aureum This password is entered by the Aureum administratorat the workstation on which the client is installed Subsequent client mounts use the client certificateissued during registration
Security LevelsAureum offers varying levels of security
The security level is visible on the Aureum card or list and is indicated in the SECURITY section by thenumber of total locks that are green Gray locks indicate how many additional security levels you canselect For example if there are four total locks and three are green your current security level is 3Message Integrity
bull Data Confidentiality all data in and out of Aureum is verified and encryptedbull Message Integrity message authentication codes verify message integritybull Kerberos Authentication use the Kerberos authentication protocol as the mechanism for
authentication between a client and a server or between one server and another serverbull Authenticated Mount use X509 certificates to mutually authenticate and validate all Aureum
clients and hyperservers in Aureum
Create an ExportCreate an export to allow Linux clients to mount and access Aureum
1 From the Navigation menu select SECURITY gt EXPORTS2 Type the export name3 In the EXPORT CONTENT IN field choose the data class to export
The IN DIRECTORY field automatically populates with the path specified by the chosen data classYou can extend this path but you cannot shorten it For example if the data class specifies the
Install Aureum | 24
engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the export5 Click CREATE6 To edit or delete an export click the corresponding entry in the list
bull To edit the export make the changes needed in the edit panel and click SAVE CHANGESbull To delete an export click the corresponding trash can icon ( ) and confirm the deletion
Install a Linux-based Aureum ClientYou install the Aureum client on physical hardware or on a workstation in the cloud Use the client tomount and access Aureum directories
Before installing the client make sure that your system meets the minimum requirements describedin the Requirements section of this document
Note Aureum uses FUSE in Direct IO mode for better performance The version of FUSErunning on older versions of CentOS Red Hat Enterprise Linux doesnt support mmap whenFUSE is being used this way This might cause some mmap functions such as ACCESS_WRITEMAP_SHARED and PROT_WRITE to fail You can use the mount flag --disable-direct-io-mode to disable Direct IO mode
If you choose to use Direct IO mmap will be disabled on CentOS56 and 57 since those versionsdont support mmap with direct IO Enabling this option will result in a significant performancedegradation on clients using this option Peaxy strongly recommends that you upgrade to a newerversion of Linux
Ensure FUSE and its dependencies have been installed on each client If it has not been installedinstall FUSE according to the instructions for the package you chose On CentOS for example installthis by typing
sudo yum -y install fusex86_64 fuse-develx86_64 fuse-libsx86_64
The version numbers for your installation may differ
If you have installed a version of the fuseko module that is not the Peaxy-specific version runadditional commands at the end of the installation process This prevents kernel-oops messages fromconsuming all of the space in the varspool directory These messages indicate a benign conditiondue to a Linux FUSE problem
Run the following commands
chkconfig --levels 2345 abrt-oops off service abrt-oops stop
Note The client installation sets the following values automatically
Parameter Value set to
netipv4tcp_tw_recycle 1
netipv4tcp_fin_timeout 2
netcorewmem_max 2097152
netcorermem_max 2097152
netcorewmem_default 2097152
netcorermem_default 2097152
Install Aureum | 25
1 Download the Aureum client file from the support section of the Peaxy website at wwwpeaxynetsupport (login is required)The file is downloaded as a targz package and contains an installer It has a name similar tohfclient-fuse-400ltbuildnumbergttargz
2 Unpack the distribution file by typing the following
tar -zxvf hfclient-fuse-400ltbuildnumbergttargz
You will see something like the following
hfclient-fuse-400hfclient-fuse-400setupshhfclient-fuse-400scriptshfclient-fuse-400scriptsupdatedbshhfclient-fuse-400scriptsc_rehashshhfclient-fuse-400scriptssysctlshhfclient-fuse-400scriptsunregshhfclient-fuse-400scriptsconfshhfclient-fuse-400binhfclient-fuse-400binfusehfCentOS-5xhfclient-fuse-400binfusehfhfclient-fuse-400confhfclient-fuse-400confhfconftgz
3 While logged in as root run setupsh installThe driver files are installed in the default system directories You will see something similar to thefollowing
sudo setupsh install
Installer for Peaxy Aureum Client version 40
Checking package contentsInstalling hf client binariesremoved `optpeaxy-40sbinfusehf`binfusehf -gt `optpeaxy-40sbinfusehfInstallation complete
Mount Aureum
Mount Aureum (Linux)After the client is installed use the mount command to mount Aureum
At a command prompt type
sudo mkdir -p ltmnt_pointgtsudo mount -t fusehf hfltmgmt_ipgt ltmnt_pointgt -o user=ltclient registration usernamegt
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is thedirectory that will serve as your local mount point for example mntpeaxy
If you omit -o user=ltclient_user_namegt you would be prompted for the password associatedwith the local admin account to complete the client registration Best practice is to always create aclient registration account and use that password
The first time you mount the client to Aureum you will be prompted for a registration passwordto allow client-Aureum authentication Type the client registration password Otherwise youradministrator must do this for you
Peaxy strongly recommends that you change the password often especially after typing the passwordfor a client registration
If you or your IT administrator have associated a DNS entry with the Aureum IP address you mightwant to use the DNS name as the name for your mount point
Install Aureum | 26
To configure the Aureum client to automatically mount on startup locate the etcfstab file andadd the line
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults 0 0
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is the localmount point for example mntpeaxy
Note If you are running CentOS 7 change this line to add the _netdev flag as below
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults_netdev 0 0
You can now use the Aureum client to access Aureum
Unregister a Linux Client from AureumYou can securely unregister an installed FUSE client from the Aureum system that it mounts
Removing the registration renders the client unable to access Aureum If you use the all option youwill need to perform a new registration setup before you can mount Aureum again
Unregistering a client is done by running the unregsh script Use the following procedure tounregister the client
1 On the workstation running the client open a command prompt2 Move to optpeaxybin the location of the script3 Run the script
bull Type sudo unregsh ltAureumgt to unregister the client from a specific Aureum systemReplace ltAureumgt with the Aureum system to unregister
bull Type sudo unregsh all to unregister the client from all Aureum systems on which theclient is registered
Note Peaxy strongly recommends using the all option before you decommission aclient workstation
Windows ConfigurationDomain users with credentials from an Active Directory can access Aureum through a share
After Aureum joins a domain it sets up network shares for chosen directories (including all containedsubdirectories) To domain users these shares look the same as any other folder that is accessible viathe network
Unlike an Aureum client which mounts to the root of the volume a share allows a user to exportsubdirectories for more granular access
Where to Find ItFrom the Navigation menu select SECURITY gt DOMAINS and SECURITY gt SHARES
Join a DomainBefore you can create a share you must join a Windows domain
You can pre-create a machine account in an Active Directory under a specified OU If you choose notto do so Aureum will try to add a computer account to the default location of ldquoComputersrdquo
Important If Aureum is already joined to a domain joining another domain will replace thejoin not add to it Aureum will only be joined to the most recently joined domain
1 From the Navigation menu select SECURITY gt DOMAINS2 Type the complete Windows domain to join for example engexamplecom3 Type the username with access to the domain The user must have the necessary permissions to
join Aureum to the domain4 Type the password associated with the username or access to modify an object in the OU if the
machine account was pre-created
Install Aureum | 27
5 In the NETBIOS NAME field set the Aureum computer account name you wish to be created in theActive Directory If Aureum is using a pre-created machine account in a specific OU then the nameyou specify here must match that name exactly
6 Click JOIN
After the domain has been joined the JOIN button changes to LEAVE To leave the domain clickLEAVE
Create a ShareCreate a share to allow Windows users to connect to Aureum
Before you can create a share you must join the appropriate domain
1 From the Navigation menu select SECURITY gt SHARES2 Type the name of the share3 In the SHARE CONTENT IN field choose the appropriate data class
The IN DIRECTORY field automatically populates with the path specified by the chosen data classYou can extend this path but you cannot shorten it For example if the data class specifies the engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the share5 Click CREATE
6 To edit or delete a share click the share to be modified
bull To edit the share make the changes needed in the edit panel and click SAVE CHANGESbull To delete the share click the trash can icon ( ) and confirm the deletion
Mount an Aureum Windows ShareDomain-authenticated users can mount and access Aureum directories using a share
After Aureum has been joined to a domain and the share has been created you can easily mount tothe share
The exact mount process is based on your workstation OS
Install Aureum | 28
If you do not already know it you can determine the mount point from Aureum by navigating to theJOIN DOMAIN page and using one of the listed public IP addresses as the mount point Include theshare name when mounting
Peaxy recommends that you take the list of public IP addresses and enter them into your DNS serverlisted under the Aureum NetBIOS name within the appropriate domain In cases where multipleaddresses are used the DNS server automatically round-robins the returned address This ensure thatclient connection load is distributed across the available nodes
As a Windows example to mount a drive letter to Aureum Type
net use ltdrive_lettergt ltpublic addressgtltshare namegt
where ltdrive_lettergt is the drive letter to assign to Aureum ltpublic_addressgt is the IP address usedto join the domain and ltshare_namegt is the share
You then log into the share using your domain-authenticated username and password For exampleMYDOMAINmyname
After mapping the drive access Aureum through Windows Explorer just like you would any otherdrive
If the share does not appear in the Windows Explorer after a change such as a system reboot occursrefresh the view using the Refresh icon ( ) The share should display correctly
You do not have to assign a share to a drive letter however In Windows Explorer type the public IPaddress and share name into the address bar Provide your username and password
POSIX ComplianceAureum provides a POSIX-compliant interface
Most of the Aureum interfaces are POSIX compliant and adhere to the IEEE standard The following isa list of exceptions to compliance
bull The directory nlink count is not incremented when a subdirectory is addedbull inode retention differs from the POSIX specification because there is no way to retain the original
inode number when a rename entails a move to a different device You can display the datahyperserver extent ID instead of the namespace hyperserver Node ID to the caller in the statfamily of calls This does not change when a file or directory is renamed It does change if the file ismigrated from one data hyperserver to another
bull If two mount points are held to the same Aureum and a file is closed on one Aureum does notremove a fcntl lock for the same file on another This is a variance on the way that NFS worksThe internal locking structures take into account the client ID which varies depending on the clientmount If there are two different mounts to a server Aureum treats them as separate machineswhich NFS does not
bull The file locking call flock() is emulated using POSIX byte range locks (fcntl() ) The POSIXcompliance specification does not cover flock() This implementation mirrors the behavior ofNFS The Aureum behavior is slightly different and varies from the POSIX specification as follows
1 As in NFS you must have write permissions to get a write lock2 As in NFS you cannot place both flock() and fcntl() locks on the same file as these locks
will conflict3 An flock() will not inherit across forks4 The flock() will be durable against other file closes but fcntl() locks will not behave within
the POSIX specification5 As well as being removed by an explicit f_unlock record locks are automatically released
when the process terminates or if it closes any file descriptor referring to a file on which locksare held This means that a process can lose the locks on a file like etcpasswd or etcmtab if a library function opens reads and closes it
Information and ResourcesThe latest news and information can always be found on the Peaxy website
Peaxy provides documents that are designed for different audiences These documents furnish acomprehensive explanation of Aureum and how to use it Additionally information is available fromtooltips Each field has a tooltip that adds explanations and any limitations for the item
The most current and accurate information available was included at the time this document wasprepared However changes may occur after the document is released Always read the ReleaseNotes for the most current information
Aureum Installation GuideA step-by-step guide to installing and configuring Aureum into your network
Aureum Administrator GuideA guide to understanding the Aureum architecture Provides details for planning configuring andmonitoring your implementation
Quickstart SeriesA series of two-page guides providing an abbreviated set of instructions for Aureum tasks Theycan be taken in order or used as reminders for individual tasks
Tech NotesSome technical issues are outside the scope of the regular documentation These are presented asTechnical Notes
Contact Peaxy9 am to 5 pm Pacific Standard Time
Main +1 (408) 441-6500
Support +1 (408) 763-3700
By phone
Support toll free US only +1 (844) 277-3299
General information infopeaxynet
Sales salespeaxynet
Support supportpeaxynet
By email
Documentation feedback feedbackpeaxynet
Online wwwpeaxynetsupport (login required)
Peaxy Inc
2380 Bering Dr
By mail
San Jose CA 95131 USA
LegalPeaxyreg and Aureumtrade are registered trademarks of Peaxy Inc
All other trademarks belong to their respective companies
CopyrightsThis document is copyright copy 2016 Peaxy Inc
Aureum software includes portions of the following
bull Amazon Web Services (AWS) Java SDK httpsawsamazoncomsdk-for-java and httpawsamazoncomapache-2-0
bull Apache License Version 20 January 2004bull BEOPEN PYTHON OPEN SOURCE LICENSE AGREEMENT VERSION 1bull BSD 3bull crc32 routine COPYRIGHT copy 1986 Gary S Brownbull Element Tree used under the Python licensebull Erlang Public License (EPL) a derivative work of the Mozilla Public License Now provided under
the Apache 20 licensebull GoogleAuth httpsgithubcomwstrangeGoogleAuthbull GNU Lesser General Public License Version 3 Copyright copy 2007 Free Software Foundation Inc
and GNU Lesser General Public License Version 21 Copyright copy 1999 Free Software FoundationInc
bull Samba is Free Software licensed under the GNU General Public License httpswwwsambaorgsambadocsGPLhtml the Samba project is a member of the Software Freedom Conservancy
bull JSON-C Copyright (c) 2009-2012 Eric Haszlakiewicz and Copyright (c) 2004-2005 MetaparadigmPte Ltd
bull Kerberos Copyright copy 1985-2009 now under the MIT 2 licensebull libcurl Copyright (c) 1996 - 2015 Daniel Stenbergdanielhaxxsebull lshow used under the GPL licensebull MIT (X11) Copyright copy 2007-2015bull RIAK Creative Commons (httpcreativecommonsorg licensesby30)bull Goldrush Copyright copy 2012 Magnus Klaarbull Meld Under ZPL licensebull NSIS (Nullsoft Scriptable Install System) copy 1999-2013bull OpenSSL License Copyright (c) 1998-2016 The OpenSSL Project and Original SSLeay License
Copyright (c) 1995-1998 Eric Youngbull Protobuf Copyright 2008 Google Inc now under the BSD 3 licensebull Setup Tools (setuptools-06c11) Under ZPL licensebull Sodium crypto library (libsodium) ISC license Copyright (c) 2013-2015 Frank Denisbull Solr the Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull TCL Copyright copy Regents of the University of California Sun Microsystems Inc Scriptics
Corporation and other partiesbull The Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull The Apache Tika project Copyright copy The Apache Software Foundationbull VirtualBox Copyright copy 2007 Oracle Corp as part of the GNU GPL V2 Licensebull YAWS Copyright copy 2006 Claes Wikstrom now under the BSD licensebull Apache zookeeper Under the Apache 2 license
Index | 35
Index
bdl license file 18
img 12
MD5 12
zip 12
A
access directories 24Active Directory 26add
resources 19servers 19
Admin 17administrator 17AMS 12 14 15 16Aureum IP address 11Aureum Manager 6 12 14Aureum name 18Aureum overview 5average file size 18
B
beacon turning on or off 19BIOS 15bonding network interface 19bootable USB 12 14browser 15button color 17
C
capacity 10 19CentOS 10checksum 12client registration 22clients 22configuration 11configure email 21connect 22contact 31create
export 23share 27
create Aureum 15create storage class 20
D
dedicated capacity 20dedicated nodes 5default storage class 20directory access 24discover resources 12 14 19discovery state Aureum nodes 12 14disk space required 10DNS server 11DNS servers 18documentation 31domain-authenticated user
domain 27
domain-authentication 22domain suffix 11download images 14
E
editsecurity level 22
emailer settings 21Ethernet
interface 10switch 10
exportCIFS 23create an export 23
F
files needed 12 14firewall 12flexible capacity 20flock 29FUSE 10
G
gateway 11 18
H
hardware requirements 10how to reach Peaxy 31
I
image copier 12 14import a license 18initial configuration 18inode retention 29install
client 24Linux client 24
introduction 5iptables 16
J
javarequired version 12 14
javaw 14
K
Kerberos 22 22 23
L
legal 33levels of security 23license files 18licenses 18
Index | 36
Linux client install 24localhost 15location 18
M
maintenance agreement 18management IP 15mapping 22mount Aureum 24 27mounting 22 22
N
namespace 18Navigation menu
configuration 11security 22
netBIOS 22NIC 19NTP server 11 18
O
outgoing email 21overview
architecture 6Aureum building blocks 6components 6
P
password 17password limitations 17ports 12POSIX compliance 29primary domain 18primary domain suffix 11
R
RAM requirements 10realms 22reboot 12 14recommended configuration 10Red Hat Enterprise Linux 10replication factor 11 18 20resources
needed 10run setup 16
S
samsp 12 14 16security 22 23security levels
security 22 23select the license 18SElinux 16sestatus 16set performance levels 20settings 11setup 16share
CIFS 27
create a share 27Share 26SMTP 17 21software files 14space needed 10storage class creating default 20subnet mask 11Support hours 31
T
tar ball 24time server 18time zone 11 18
U
USB 15USB stick 10 12 14user account 17
V
virtualization 6 15
W
what youll need 11Windows
domain 26join a domain 26share 27
Windows client 10
Y
yum 24
Install Aureum | 24
engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the export5 Click CREATE6 To edit or delete an export click the corresponding entry in the list
bull To edit the export make the changes needed in the edit panel and click SAVE CHANGESbull To delete an export click the corresponding trash can icon ( ) and confirm the deletion
Install a Linux-based Aureum ClientYou install the Aureum client on physical hardware or on a workstation in the cloud Use the client tomount and access Aureum directories
Before installing the client make sure that your system meets the minimum requirements describedin the Requirements section of this document
Note Aureum uses FUSE in Direct IO mode for better performance The version of FUSErunning on older versions of CentOS Red Hat Enterprise Linux doesnt support mmap whenFUSE is being used this way This might cause some mmap functions such as ACCESS_WRITEMAP_SHARED and PROT_WRITE to fail You can use the mount flag --disable-direct-io-mode to disable Direct IO mode
If you choose to use Direct IO mmap will be disabled on CentOS56 and 57 since those versionsdont support mmap with direct IO Enabling this option will result in a significant performancedegradation on clients using this option Peaxy strongly recommends that you upgrade to a newerversion of Linux
Ensure FUSE and its dependencies have been installed on each client If it has not been installedinstall FUSE according to the instructions for the package you chose On CentOS for example installthis by typing
sudo yum -y install fusex86_64 fuse-develx86_64 fuse-libsx86_64
The version numbers for your installation may differ
If you have installed a version of the fuseko module that is not the Peaxy-specific version runadditional commands at the end of the installation process This prevents kernel-oops messages fromconsuming all of the space in the varspool directory These messages indicate a benign conditiondue to a Linux FUSE problem
Run the following commands
chkconfig --levels 2345 abrt-oops off service abrt-oops stop
Note The client installation sets the following values automatically
Parameter Value set to
netipv4tcp_tw_recycle 1
netipv4tcp_fin_timeout 2
netcorewmem_max 2097152
netcorermem_max 2097152
netcorewmem_default 2097152
netcorermem_default 2097152
Install Aureum | 25
1 Download the Aureum client file from the support section of the Peaxy website at wwwpeaxynetsupport (login is required)The file is downloaded as a targz package and contains an installer It has a name similar tohfclient-fuse-400ltbuildnumbergttargz
2 Unpack the distribution file by typing the following
tar -zxvf hfclient-fuse-400ltbuildnumbergttargz
You will see something like the following
hfclient-fuse-400hfclient-fuse-400setupshhfclient-fuse-400scriptshfclient-fuse-400scriptsupdatedbshhfclient-fuse-400scriptsc_rehashshhfclient-fuse-400scriptssysctlshhfclient-fuse-400scriptsunregshhfclient-fuse-400scriptsconfshhfclient-fuse-400binhfclient-fuse-400binfusehfCentOS-5xhfclient-fuse-400binfusehfhfclient-fuse-400confhfclient-fuse-400confhfconftgz
3 While logged in as root run setupsh installThe driver files are installed in the default system directories You will see something similar to thefollowing
sudo setupsh install
Installer for Peaxy Aureum Client version 40
Checking package contentsInstalling hf client binariesremoved `optpeaxy-40sbinfusehf`binfusehf -gt `optpeaxy-40sbinfusehfInstallation complete
Mount Aureum
Mount Aureum (Linux)After the client is installed use the mount command to mount Aureum
At a command prompt type
sudo mkdir -p ltmnt_pointgtsudo mount -t fusehf hfltmgmt_ipgt ltmnt_pointgt -o user=ltclient registration usernamegt
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is thedirectory that will serve as your local mount point for example mntpeaxy
If you omit -o user=ltclient_user_namegt you would be prompted for the password associatedwith the local admin account to complete the client registration Best practice is to always create aclient registration account and use that password
The first time you mount the client to Aureum you will be prompted for a registration passwordto allow client-Aureum authentication Type the client registration password Otherwise youradministrator must do this for you
Peaxy strongly recommends that you change the password often especially after typing the passwordfor a client registration
If you or your IT administrator have associated a DNS entry with the Aureum IP address you mightwant to use the DNS name as the name for your mount point
Install Aureum | 26
To configure the Aureum client to automatically mount on startup locate the etcfstab file andadd the line
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults 0 0
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is the localmount point for example mntpeaxy
Note If you are running CentOS 7 change this line to add the _netdev flag as below
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults_netdev 0 0
You can now use the Aureum client to access Aureum
Unregister a Linux Client from AureumYou can securely unregister an installed FUSE client from the Aureum system that it mounts
Removing the registration renders the client unable to access Aureum If you use the all option youwill need to perform a new registration setup before you can mount Aureum again
Unregistering a client is done by running the unregsh script Use the following procedure tounregister the client
1 On the workstation running the client open a command prompt2 Move to optpeaxybin the location of the script3 Run the script
bull Type sudo unregsh ltAureumgt to unregister the client from a specific Aureum systemReplace ltAureumgt with the Aureum system to unregister
bull Type sudo unregsh all to unregister the client from all Aureum systems on which theclient is registered
Note Peaxy strongly recommends using the all option before you decommission aclient workstation
Windows ConfigurationDomain users with credentials from an Active Directory can access Aureum through a share
After Aureum joins a domain it sets up network shares for chosen directories (including all containedsubdirectories) To domain users these shares look the same as any other folder that is accessible viathe network
Unlike an Aureum client which mounts to the root of the volume a share allows a user to exportsubdirectories for more granular access
Where to Find ItFrom the Navigation menu select SECURITY gt DOMAINS and SECURITY gt SHARES
Join a DomainBefore you can create a share you must join a Windows domain
You can pre-create a machine account in an Active Directory under a specified OU If you choose notto do so Aureum will try to add a computer account to the default location of ldquoComputersrdquo
Important If Aureum is already joined to a domain joining another domain will replace thejoin not add to it Aureum will only be joined to the most recently joined domain
1 From the Navigation menu select SECURITY gt DOMAINS2 Type the complete Windows domain to join for example engexamplecom3 Type the username with access to the domain The user must have the necessary permissions to
join Aureum to the domain4 Type the password associated with the username or access to modify an object in the OU if the
machine account was pre-created
Install Aureum | 27
5 In the NETBIOS NAME field set the Aureum computer account name you wish to be created in theActive Directory If Aureum is using a pre-created machine account in a specific OU then the nameyou specify here must match that name exactly
6 Click JOIN
After the domain has been joined the JOIN button changes to LEAVE To leave the domain clickLEAVE
Create a ShareCreate a share to allow Windows users to connect to Aureum
Before you can create a share you must join the appropriate domain
1 From the Navigation menu select SECURITY gt SHARES2 Type the name of the share3 In the SHARE CONTENT IN field choose the appropriate data class
The IN DIRECTORY field automatically populates with the path specified by the chosen data classYou can extend this path but you cannot shorten it For example if the data class specifies the engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the share5 Click CREATE
6 To edit or delete a share click the share to be modified
bull To edit the share make the changes needed in the edit panel and click SAVE CHANGESbull To delete the share click the trash can icon ( ) and confirm the deletion
Mount an Aureum Windows ShareDomain-authenticated users can mount and access Aureum directories using a share
After Aureum has been joined to a domain and the share has been created you can easily mount tothe share
The exact mount process is based on your workstation OS
Install Aureum | 28
If you do not already know it you can determine the mount point from Aureum by navigating to theJOIN DOMAIN page and using one of the listed public IP addresses as the mount point Include theshare name when mounting
Peaxy recommends that you take the list of public IP addresses and enter them into your DNS serverlisted under the Aureum NetBIOS name within the appropriate domain In cases where multipleaddresses are used the DNS server automatically round-robins the returned address This ensure thatclient connection load is distributed across the available nodes
As a Windows example to mount a drive letter to Aureum Type
net use ltdrive_lettergt ltpublic addressgtltshare namegt
where ltdrive_lettergt is the drive letter to assign to Aureum ltpublic_addressgt is the IP address usedto join the domain and ltshare_namegt is the share
You then log into the share using your domain-authenticated username and password For exampleMYDOMAINmyname
After mapping the drive access Aureum through Windows Explorer just like you would any otherdrive
If the share does not appear in the Windows Explorer after a change such as a system reboot occursrefresh the view using the Refresh icon ( ) The share should display correctly
You do not have to assign a share to a drive letter however In Windows Explorer type the public IPaddress and share name into the address bar Provide your username and password
POSIX ComplianceAureum provides a POSIX-compliant interface
Most of the Aureum interfaces are POSIX compliant and adhere to the IEEE standard The following isa list of exceptions to compliance
bull The directory nlink count is not incremented when a subdirectory is addedbull inode retention differs from the POSIX specification because there is no way to retain the original
inode number when a rename entails a move to a different device You can display the datahyperserver extent ID instead of the namespace hyperserver Node ID to the caller in the statfamily of calls This does not change when a file or directory is renamed It does change if the file ismigrated from one data hyperserver to another
bull If two mount points are held to the same Aureum and a file is closed on one Aureum does notremove a fcntl lock for the same file on another This is a variance on the way that NFS worksThe internal locking structures take into account the client ID which varies depending on the clientmount If there are two different mounts to a server Aureum treats them as separate machineswhich NFS does not
bull The file locking call flock() is emulated using POSIX byte range locks (fcntl() ) The POSIXcompliance specification does not cover flock() This implementation mirrors the behavior ofNFS The Aureum behavior is slightly different and varies from the POSIX specification as follows
1 As in NFS you must have write permissions to get a write lock2 As in NFS you cannot place both flock() and fcntl() locks on the same file as these locks
will conflict3 An flock() will not inherit across forks4 The flock() will be durable against other file closes but fcntl() locks will not behave within
the POSIX specification5 As well as being removed by an explicit f_unlock record locks are automatically released
when the process terminates or if it closes any file descriptor referring to a file on which locksare held This means that a process can lose the locks on a file like etcpasswd or etcmtab if a library function opens reads and closes it
Information and ResourcesThe latest news and information can always be found on the Peaxy website
Peaxy provides documents that are designed for different audiences These documents furnish acomprehensive explanation of Aureum and how to use it Additionally information is available fromtooltips Each field has a tooltip that adds explanations and any limitations for the item
The most current and accurate information available was included at the time this document wasprepared However changes may occur after the document is released Always read the ReleaseNotes for the most current information
Aureum Installation GuideA step-by-step guide to installing and configuring Aureum into your network
Aureum Administrator GuideA guide to understanding the Aureum architecture Provides details for planning configuring andmonitoring your implementation
Quickstart SeriesA series of two-page guides providing an abbreviated set of instructions for Aureum tasks Theycan be taken in order or used as reminders for individual tasks
Tech NotesSome technical issues are outside the scope of the regular documentation These are presented asTechnical Notes
Contact Peaxy9 am to 5 pm Pacific Standard Time
Main +1 (408) 441-6500
Support +1 (408) 763-3700
By phone
Support toll free US only +1 (844) 277-3299
General information infopeaxynet
Sales salespeaxynet
Support supportpeaxynet
By email
Documentation feedback feedbackpeaxynet
Online wwwpeaxynetsupport (login required)
Peaxy Inc
2380 Bering Dr
By mail
San Jose CA 95131 USA
LegalPeaxyreg and Aureumtrade are registered trademarks of Peaxy Inc
All other trademarks belong to their respective companies
CopyrightsThis document is copyright copy 2016 Peaxy Inc
Aureum software includes portions of the following
bull Amazon Web Services (AWS) Java SDK httpsawsamazoncomsdk-for-java and httpawsamazoncomapache-2-0
bull Apache License Version 20 January 2004bull BEOPEN PYTHON OPEN SOURCE LICENSE AGREEMENT VERSION 1bull BSD 3bull crc32 routine COPYRIGHT copy 1986 Gary S Brownbull Element Tree used under the Python licensebull Erlang Public License (EPL) a derivative work of the Mozilla Public License Now provided under
the Apache 20 licensebull GoogleAuth httpsgithubcomwstrangeGoogleAuthbull GNU Lesser General Public License Version 3 Copyright copy 2007 Free Software Foundation Inc
and GNU Lesser General Public License Version 21 Copyright copy 1999 Free Software FoundationInc
bull Samba is Free Software licensed under the GNU General Public License httpswwwsambaorgsambadocsGPLhtml the Samba project is a member of the Software Freedom Conservancy
bull JSON-C Copyright (c) 2009-2012 Eric Haszlakiewicz and Copyright (c) 2004-2005 MetaparadigmPte Ltd
bull Kerberos Copyright copy 1985-2009 now under the MIT 2 licensebull libcurl Copyright (c) 1996 - 2015 Daniel Stenbergdanielhaxxsebull lshow used under the GPL licensebull MIT (X11) Copyright copy 2007-2015bull RIAK Creative Commons (httpcreativecommonsorg licensesby30)bull Goldrush Copyright copy 2012 Magnus Klaarbull Meld Under ZPL licensebull NSIS (Nullsoft Scriptable Install System) copy 1999-2013bull OpenSSL License Copyright (c) 1998-2016 The OpenSSL Project and Original SSLeay License
Copyright (c) 1995-1998 Eric Youngbull Protobuf Copyright 2008 Google Inc now under the BSD 3 licensebull Setup Tools (setuptools-06c11) Under ZPL licensebull Sodium crypto library (libsodium) ISC license Copyright (c) 2013-2015 Frank Denisbull Solr the Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull TCL Copyright copy Regents of the University of California Sun Microsystems Inc Scriptics
Corporation and other partiesbull The Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull The Apache Tika project Copyright copy The Apache Software Foundationbull VirtualBox Copyright copy 2007 Oracle Corp as part of the GNU GPL V2 Licensebull YAWS Copyright copy 2006 Claes Wikstrom now under the BSD licensebull Apache zookeeper Under the Apache 2 license
Index | 35
Index
bdl license file 18
img 12
MD5 12
zip 12
A
access directories 24Active Directory 26add
resources 19servers 19
Admin 17administrator 17AMS 12 14 15 16Aureum IP address 11Aureum Manager 6 12 14Aureum name 18Aureum overview 5average file size 18
B
beacon turning on or off 19BIOS 15bonding network interface 19bootable USB 12 14browser 15button color 17
C
capacity 10 19CentOS 10checksum 12client registration 22clients 22configuration 11configure email 21connect 22contact 31create
export 23share 27
create Aureum 15create storage class 20
D
dedicated capacity 20dedicated nodes 5default storage class 20directory access 24discover resources 12 14 19discovery state Aureum nodes 12 14disk space required 10DNS server 11DNS servers 18documentation 31domain-authenticated user
domain 27
domain-authentication 22domain suffix 11download images 14
E
editsecurity level 22
emailer settings 21Ethernet
interface 10switch 10
exportCIFS 23create an export 23
F
files needed 12 14firewall 12flexible capacity 20flock 29FUSE 10
G
gateway 11 18
H
hardware requirements 10how to reach Peaxy 31
I
image copier 12 14import a license 18initial configuration 18inode retention 29install
client 24Linux client 24
introduction 5iptables 16
J
javarequired version 12 14
javaw 14
K
Kerberos 22 22 23
L
legal 33levels of security 23license files 18licenses 18
Index | 36
Linux client install 24localhost 15location 18
M
maintenance agreement 18management IP 15mapping 22mount Aureum 24 27mounting 22 22
N
namespace 18Navigation menu
configuration 11security 22
netBIOS 22NIC 19NTP server 11 18
O
outgoing email 21overview
architecture 6Aureum building blocks 6components 6
P
password 17password limitations 17ports 12POSIX compliance 29primary domain 18primary domain suffix 11
R
RAM requirements 10realms 22reboot 12 14recommended configuration 10Red Hat Enterprise Linux 10replication factor 11 18 20resources
needed 10run setup 16
S
samsp 12 14 16security 22 23security levels
security 22 23select the license 18SElinux 16sestatus 16set performance levels 20settings 11setup 16share
CIFS 27
create a share 27Share 26SMTP 17 21software files 14space needed 10storage class creating default 20subnet mask 11Support hours 31
T
tar ball 24time server 18time zone 11 18
U
USB 15USB stick 10 12 14user account 17
V
virtualization 6 15
W
what youll need 11Windows
domain 26join a domain 26share 27
Windows client 10
Y
yum 24
Install Aureum | 25
1 Download the Aureum client file from the support section of the Peaxy website at wwwpeaxynetsupport (login is required)The file is downloaded as a targz package and contains an installer It has a name similar tohfclient-fuse-400ltbuildnumbergttargz
2 Unpack the distribution file by typing the following
tar -zxvf hfclient-fuse-400ltbuildnumbergttargz
You will see something like the following
hfclient-fuse-400hfclient-fuse-400setupshhfclient-fuse-400scriptshfclient-fuse-400scriptsupdatedbshhfclient-fuse-400scriptsc_rehashshhfclient-fuse-400scriptssysctlshhfclient-fuse-400scriptsunregshhfclient-fuse-400scriptsconfshhfclient-fuse-400binhfclient-fuse-400binfusehfCentOS-5xhfclient-fuse-400binfusehfhfclient-fuse-400confhfclient-fuse-400confhfconftgz
3 While logged in as root run setupsh installThe driver files are installed in the default system directories You will see something similar to thefollowing
sudo setupsh install
Installer for Peaxy Aureum Client version 40
Checking package contentsInstalling hf client binariesremoved `optpeaxy-40sbinfusehf`binfusehf -gt `optpeaxy-40sbinfusehfInstallation complete
Mount Aureum
Mount Aureum (Linux)After the client is installed use the mount command to mount Aureum
At a command prompt type
sudo mkdir -p ltmnt_pointgtsudo mount -t fusehf hfltmgmt_ipgt ltmnt_pointgt -o user=ltclient registration usernamegt
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is thedirectory that will serve as your local mount point for example mntpeaxy
If you omit -o user=ltclient_user_namegt you would be prompted for the password associatedwith the local admin account to complete the client registration Best practice is to always create aclient registration account and use that password
The first time you mount the client to Aureum you will be prompted for a registration passwordto allow client-Aureum authentication Type the client registration password Otherwise youradministrator must do this for you
Peaxy strongly recommends that you change the password often especially after typing the passwordfor a client registration
If you or your IT administrator have associated a DNS entry with the Aureum IP address you mightwant to use the DNS name as the name for your mount point
Install Aureum | 26
To configure the Aureum client to automatically mount on startup locate the etcfstab file andadd the line
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults 0 0
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is the localmount point for example mntpeaxy
Note If you are running CentOS 7 change this line to add the _netdev flag as below
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults_netdev 0 0
You can now use the Aureum client to access Aureum
Unregister a Linux Client from AureumYou can securely unregister an installed FUSE client from the Aureum system that it mounts
Removing the registration renders the client unable to access Aureum If you use the all option youwill need to perform a new registration setup before you can mount Aureum again
Unregistering a client is done by running the unregsh script Use the following procedure tounregister the client
1 On the workstation running the client open a command prompt2 Move to optpeaxybin the location of the script3 Run the script
bull Type sudo unregsh ltAureumgt to unregister the client from a specific Aureum systemReplace ltAureumgt with the Aureum system to unregister
bull Type sudo unregsh all to unregister the client from all Aureum systems on which theclient is registered
Note Peaxy strongly recommends using the all option before you decommission aclient workstation
Windows ConfigurationDomain users with credentials from an Active Directory can access Aureum through a share
After Aureum joins a domain it sets up network shares for chosen directories (including all containedsubdirectories) To domain users these shares look the same as any other folder that is accessible viathe network
Unlike an Aureum client which mounts to the root of the volume a share allows a user to exportsubdirectories for more granular access
Where to Find ItFrom the Navigation menu select SECURITY gt DOMAINS and SECURITY gt SHARES
Join a DomainBefore you can create a share you must join a Windows domain
You can pre-create a machine account in an Active Directory under a specified OU If you choose notto do so Aureum will try to add a computer account to the default location of ldquoComputersrdquo
Important If Aureum is already joined to a domain joining another domain will replace thejoin not add to it Aureum will only be joined to the most recently joined domain
1 From the Navigation menu select SECURITY gt DOMAINS2 Type the complete Windows domain to join for example engexamplecom3 Type the username with access to the domain The user must have the necessary permissions to
join Aureum to the domain4 Type the password associated with the username or access to modify an object in the OU if the
machine account was pre-created
Install Aureum | 27
5 In the NETBIOS NAME field set the Aureum computer account name you wish to be created in theActive Directory If Aureum is using a pre-created machine account in a specific OU then the nameyou specify here must match that name exactly
6 Click JOIN
After the domain has been joined the JOIN button changes to LEAVE To leave the domain clickLEAVE
Create a ShareCreate a share to allow Windows users to connect to Aureum
Before you can create a share you must join the appropriate domain
1 From the Navigation menu select SECURITY gt SHARES2 Type the name of the share3 In the SHARE CONTENT IN field choose the appropriate data class
The IN DIRECTORY field automatically populates with the path specified by the chosen data classYou can extend this path but you cannot shorten it For example if the data class specifies the engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the share5 Click CREATE
6 To edit or delete a share click the share to be modified
bull To edit the share make the changes needed in the edit panel and click SAVE CHANGESbull To delete the share click the trash can icon ( ) and confirm the deletion
Mount an Aureum Windows ShareDomain-authenticated users can mount and access Aureum directories using a share
After Aureum has been joined to a domain and the share has been created you can easily mount tothe share
The exact mount process is based on your workstation OS
Install Aureum | 28
If you do not already know it you can determine the mount point from Aureum by navigating to theJOIN DOMAIN page and using one of the listed public IP addresses as the mount point Include theshare name when mounting
Peaxy recommends that you take the list of public IP addresses and enter them into your DNS serverlisted under the Aureum NetBIOS name within the appropriate domain In cases where multipleaddresses are used the DNS server automatically round-robins the returned address This ensure thatclient connection load is distributed across the available nodes
As a Windows example to mount a drive letter to Aureum Type
net use ltdrive_lettergt ltpublic addressgtltshare namegt
where ltdrive_lettergt is the drive letter to assign to Aureum ltpublic_addressgt is the IP address usedto join the domain and ltshare_namegt is the share
You then log into the share using your domain-authenticated username and password For exampleMYDOMAINmyname
After mapping the drive access Aureum through Windows Explorer just like you would any otherdrive
If the share does not appear in the Windows Explorer after a change such as a system reboot occursrefresh the view using the Refresh icon ( ) The share should display correctly
You do not have to assign a share to a drive letter however In Windows Explorer type the public IPaddress and share name into the address bar Provide your username and password
POSIX ComplianceAureum provides a POSIX-compliant interface
Most of the Aureum interfaces are POSIX compliant and adhere to the IEEE standard The following isa list of exceptions to compliance
bull The directory nlink count is not incremented when a subdirectory is addedbull inode retention differs from the POSIX specification because there is no way to retain the original
inode number when a rename entails a move to a different device You can display the datahyperserver extent ID instead of the namespace hyperserver Node ID to the caller in the statfamily of calls This does not change when a file or directory is renamed It does change if the file ismigrated from one data hyperserver to another
bull If two mount points are held to the same Aureum and a file is closed on one Aureum does notremove a fcntl lock for the same file on another This is a variance on the way that NFS worksThe internal locking structures take into account the client ID which varies depending on the clientmount If there are two different mounts to a server Aureum treats them as separate machineswhich NFS does not
bull The file locking call flock() is emulated using POSIX byte range locks (fcntl() ) The POSIXcompliance specification does not cover flock() This implementation mirrors the behavior ofNFS The Aureum behavior is slightly different and varies from the POSIX specification as follows
1 As in NFS you must have write permissions to get a write lock2 As in NFS you cannot place both flock() and fcntl() locks on the same file as these locks
will conflict3 An flock() will not inherit across forks4 The flock() will be durable against other file closes but fcntl() locks will not behave within
the POSIX specification5 As well as being removed by an explicit f_unlock record locks are automatically released
when the process terminates or if it closes any file descriptor referring to a file on which locksare held This means that a process can lose the locks on a file like etcpasswd or etcmtab if a library function opens reads and closes it
Information and ResourcesThe latest news and information can always be found on the Peaxy website
Peaxy provides documents that are designed for different audiences These documents furnish acomprehensive explanation of Aureum and how to use it Additionally information is available fromtooltips Each field has a tooltip that adds explanations and any limitations for the item
The most current and accurate information available was included at the time this document wasprepared However changes may occur after the document is released Always read the ReleaseNotes for the most current information
Aureum Installation GuideA step-by-step guide to installing and configuring Aureum into your network
Aureum Administrator GuideA guide to understanding the Aureum architecture Provides details for planning configuring andmonitoring your implementation
Quickstart SeriesA series of two-page guides providing an abbreviated set of instructions for Aureum tasks Theycan be taken in order or used as reminders for individual tasks
Tech NotesSome technical issues are outside the scope of the regular documentation These are presented asTechnical Notes
Contact Peaxy9 am to 5 pm Pacific Standard Time
Main +1 (408) 441-6500
Support +1 (408) 763-3700
By phone
Support toll free US only +1 (844) 277-3299
General information infopeaxynet
Sales salespeaxynet
Support supportpeaxynet
By email
Documentation feedback feedbackpeaxynet
Online wwwpeaxynetsupport (login required)
Peaxy Inc
2380 Bering Dr
By mail
San Jose CA 95131 USA
LegalPeaxyreg and Aureumtrade are registered trademarks of Peaxy Inc
All other trademarks belong to their respective companies
CopyrightsThis document is copyright copy 2016 Peaxy Inc
Aureum software includes portions of the following
bull Amazon Web Services (AWS) Java SDK httpsawsamazoncomsdk-for-java and httpawsamazoncomapache-2-0
bull Apache License Version 20 January 2004bull BEOPEN PYTHON OPEN SOURCE LICENSE AGREEMENT VERSION 1bull BSD 3bull crc32 routine COPYRIGHT copy 1986 Gary S Brownbull Element Tree used under the Python licensebull Erlang Public License (EPL) a derivative work of the Mozilla Public License Now provided under
the Apache 20 licensebull GoogleAuth httpsgithubcomwstrangeGoogleAuthbull GNU Lesser General Public License Version 3 Copyright copy 2007 Free Software Foundation Inc
and GNU Lesser General Public License Version 21 Copyright copy 1999 Free Software FoundationInc
bull Samba is Free Software licensed under the GNU General Public License httpswwwsambaorgsambadocsGPLhtml the Samba project is a member of the Software Freedom Conservancy
bull JSON-C Copyright (c) 2009-2012 Eric Haszlakiewicz and Copyright (c) 2004-2005 MetaparadigmPte Ltd
bull Kerberos Copyright copy 1985-2009 now under the MIT 2 licensebull libcurl Copyright (c) 1996 - 2015 Daniel Stenbergdanielhaxxsebull lshow used under the GPL licensebull MIT (X11) Copyright copy 2007-2015bull RIAK Creative Commons (httpcreativecommonsorg licensesby30)bull Goldrush Copyright copy 2012 Magnus Klaarbull Meld Under ZPL licensebull NSIS (Nullsoft Scriptable Install System) copy 1999-2013bull OpenSSL License Copyright (c) 1998-2016 The OpenSSL Project and Original SSLeay License
Copyright (c) 1995-1998 Eric Youngbull Protobuf Copyright 2008 Google Inc now under the BSD 3 licensebull Setup Tools (setuptools-06c11) Under ZPL licensebull Sodium crypto library (libsodium) ISC license Copyright (c) 2013-2015 Frank Denisbull Solr the Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull TCL Copyright copy Regents of the University of California Sun Microsystems Inc Scriptics
Corporation and other partiesbull The Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull The Apache Tika project Copyright copy The Apache Software Foundationbull VirtualBox Copyright copy 2007 Oracle Corp as part of the GNU GPL V2 Licensebull YAWS Copyright copy 2006 Claes Wikstrom now under the BSD licensebull Apache zookeeper Under the Apache 2 license
Index | 35
Index
bdl license file 18
img 12
MD5 12
zip 12
A
access directories 24Active Directory 26add
resources 19servers 19
Admin 17administrator 17AMS 12 14 15 16Aureum IP address 11Aureum Manager 6 12 14Aureum name 18Aureum overview 5average file size 18
B
beacon turning on or off 19BIOS 15bonding network interface 19bootable USB 12 14browser 15button color 17
C
capacity 10 19CentOS 10checksum 12client registration 22clients 22configuration 11configure email 21connect 22contact 31create
export 23share 27
create Aureum 15create storage class 20
D
dedicated capacity 20dedicated nodes 5default storage class 20directory access 24discover resources 12 14 19discovery state Aureum nodes 12 14disk space required 10DNS server 11DNS servers 18documentation 31domain-authenticated user
domain 27
domain-authentication 22domain suffix 11download images 14
E
editsecurity level 22
emailer settings 21Ethernet
interface 10switch 10
exportCIFS 23create an export 23
F
files needed 12 14firewall 12flexible capacity 20flock 29FUSE 10
G
gateway 11 18
H
hardware requirements 10how to reach Peaxy 31
I
image copier 12 14import a license 18initial configuration 18inode retention 29install
client 24Linux client 24
introduction 5iptables 16
J
javarequired version 12 14
javaw 14
K
Kerberos 22 22 23
L
legal 33levels of security 23license files 18licenses 18
Index | 36
Linux client install 24localhost 15location 18
M
maintenance agreement 18management IP 15mapping 22mount Aureum 24 27mounting 22 22
N
namespace 18Navigation menu
configuration 11security 22
netBIOS 22NIC 19NTP server 11 18
O
outgoing email 21overview
architecture 6Aureum building blocks 6components 6
P
password 17password limitations 17ports 12POSIX compliance 29primary domain 18primary domain suffix 11
R
RAM requirements 10realms 22reboot 12 14recommended configuration 10Red Hat Enterprise Linux 10replication factor 11 18 20resources
needed 10run setup 16
S
samsp 12 14 16security 22 23security levels
security 22 23select the license 18SElinux 16sestatus 16set performance levels 20settings 11setup 16share
CIFS 27
create a share 27Share 26SMTP 17 21software files 14space needed 10storage class creating default 20subnet mask 11Support hours 31
T
tar ball 24time server 18time zone 11 18
U
USB 15USB stick 10 12 14user account 17
V
virtualization 6 15
W
what youll need 11Windows
domain 26join a domain 26share 27
Windows client 10
Y
yum 24
Install Aureum | 26
To configure the Aureum client to automatically mount on startup locate the etcfstab file andadd the line
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults 0 0
where ltmgmt_ipgt is the Aureum IP address for example 172161061 and ltmnt_pointgt is the localmount point for example mntpeaxy
Note If you are running CentOS 7 change this line to add the _netdev flag as below
hfltmgmt_ipgt ltmnt_pointgt fusehf defaults_netdev 0 0
You can now use the Aureum client to access Aureum
Unregister a Linux Client from AureumYou can securely unregister an installed FUSE client from the Aureum system that it mounts
Removing the registration renders the client unable to access Aureum If you use the all option youwill need to perform a new registration setup before you can mount Aureum again
Unregistering a client is done by running the unregsh script Use the following procedure tounregister the client
1 On the workstation running the client open a command prompt2 Move to optpeaxybin the location of the script3 Run the script
bull Type sudo unregsh ltAureumgt to unregister the client from a specific Aureum systemReplace ltAureumgt with the Aureum system to unregister
bull Type sudo unregsh all to unregister the client from all Aureum systems on which theclient is registered
Note Peaxy strongly recommends using the all option before you decommission aclient workstation
Windows ConfigurationDomain users with credentials from an Active Directory can access Aureum through a share
After Aureum joins a domain it sets up network shares for chosen directories (including all containedsubdirectories) To domain users these shares look the same as any other folder that is accessible viathe network
Unlike an Aureum client which mounts to the root of the volume a share allows a user to exportsubdirectories for more granular access
Where to Find ItFrom the Navigation menu select SECURITY gt DOMAINS and SECURITY gt SHARES
Join a DomainBefore you can create a share you must join a Windows domain
You can pre-create a machine account in an Active Directory under a specified OU If you choose notto do so Aureum will try to add a computer account to the default location of ldquoComputersrdquo
Important If Aureum is already joined to a domain joining another domain will replace thejoin not add to it Aureum will only be joined to the most recently joined domain
1 From the Navigation menu select SECURITY gt DOMAINS2 Type the complete Windows domain to join for example engexamplecom3 Type the username with access to the domain The user must have the necessary permissions to
join Aureum to the domain4 Type the password associated with the username or access to modify an object in the OU if the
machine account was pre-created
Install Aureum | 27
5 In the NETBIOS NAME field set the Aureum computer account name you wish to be created in theActive Directory If Aureum is using a pre-created machine account in a specific OU then the nameyou specify here must match that name exactly
6 Click JOIN
After the domain has been joined the JOIN button changes to LEAVE To leave the domain clickLEAVE
Create a ShareCreate a share to allow Windows users to connect to Aureum
Before you can create a share you must join the appropriate domain
1 From the Navigation menu select SECURITY gt SHARES2 Type the name of the share3 In the SHARE CONTENT IN field choose the appropriate data class
The IN DIRECTORY field automatically populates with the path specified by the chosen data classYou can extend this path but you cannot shorten it For example if the data class specifies the engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the share5 Click CREATE
6 To edit or delete a share click the share to be modified
bull To edit the share make the changes needed in the edit panel and click SAVE CHANGESbull To delete the share click the trash can icon ( ) and confirm the deletion
Mount an Aureum Windows ShareDomain-authenticated users can mount and access Aureum directories using a share
After Aureum has been joined to a domain and the share has been created you can easily mount tothe share
The exact mount process is based on your workstation OS
Install Aureum | 28
If you do not already know it you can determine the mount point from Aureum by navigating to theJOIN DOMAIN page and using one of the listed public IP addresses as the mount point Include theshare name when mounting
Peaxy recommends that you take the list of public IP addresses and enter them into your DNS serverlisted under the Aureum NetBIOS name within the appropriate domain In cases where multipleaddresses are used the DNS server automatically round-robins the returned address This ensure thatclient connection load is distributed across the available nodes
As a Windows example to mount a drive letter to Aureum Type
net use ltdrive_lettergt ltpublic addressgtltshare namegt
where ltdrive_lettergt is the drive letter to assign to Aureum ltpublic_addressgt is the IP address usedto join the domain and ltshare_namegt is the share
You then log into the share using your domain-authenticated username and password For exampleMYDOMAINmyname
After mapping the drive access Aureum through Windows Explorer just like you would any otherdrive
If the share does not appear in the Windows Explorer after a change such as a system reboot occursrefresh the view using the Refresh icon ( ) The share should display correctly
You do not have to assign a share to a drive letter however In Windows Explorer type the public IPaddress and share name into the address bar Provide your username and password
POSIX ComplianceAureum provides a POSIX-compliant interface
Most of the Aureum interfaces are POSIX compliant and adhere to the IEEE standard The following isa list of exceptions to compliance
bull The directory nlink count is not incremented when a subdirectory is addedbull inode retention differs from the POSIX specification because there is no way to retain the original
inode number when a rename entails a move to a different device You can display the datahyperserver extent ID instead of the namespace hyperserver Node ID to the caller in the statfamily of calls This does not change when a file or directory is renamed It does change if the file ismigrated from one data hyperserver to another
bull If two mount points are held to the same Aureum and a file is closed on one Aureum does notremove a fcntl lock for the same file on another This is a variance on the way that NFS worksThe internal locking structures take into account the client ID which varies depending on the clientmount If there are two different mounts to a server Aureum treats them as separate machineswhich NFS does not
bull The file locking call flock() is emulated using POSIX byte range locks (fcntl() ) The POSIXcompliance specification does not cover flock() This implementation mirrors the behavior ofNFS The Aureum behavior is slightly different and varies from the POSIX specification as follows
1 As in NFS you must have write permissions to get a write lock2 As in NFS you cannot place both flock() and fcntl() locks on the same file as these locks
will conflict3 An flock() will not inherit across forks4 The flock() will be durable against other file closes but fcntl() locks will not behave within
the POSIX specification5 As well as being removed by an explicit f_unlock record locks are automatically released
when the process terminates or if it closes any file descriptor referring to a file on which locksare held This means that a process can lose the locks on a file like etcpasswd or etcmtab if a library function opens reads and closes it
Information and ResourcesThe latest news and information can always be found on the Peaxy website
Peaxy provides documents that are designed for different audiences These documents furnish acomprehensive explanation of Aureum and how to use it Additionally information is available fromtooltips Each field has a tooltip that adds explanations and any limitations for the item
The most current and accurate information available was included at the time this document wasprepared However changes may occur after the document is released Always read the ReleaseNotes for the most current information
Aureum Installation GuideA step-by-step guide to installing and configuring Aureum into your network
Aureum Administrator GuideA guide to understanding the Aureum architecture Provides details for planning configuring andmonitoring your implementation
Quickstart SeriesA series of two-page guides providing an abbreviated set of instructions for Aureum tasks Theycan be taken in order or used as reminders for individual tasks
Tech NotesSome technical issues are outside the scope of the regular documentation These are presented asTechnical Notes
Contact Peaxy9 am to 5 pm Pacific Standard Time
Main +1 (408) 441-6500
Support +1 (408) 763-3700
By phone
Support toll free US only +1 (844) 277-3299
General information infopeaxynet
Sales salespeaxynet
Support supportpeaxynet
By email
Documentation feedback feedbackpeaxynet
Online wwwpeaxynetsupport (login required)
Peaxy Inc
2380 Bering Dr
By mail
San Jose CA 95131 USA
LegalPeaxyreg and Aureumtrade are registered trademarks of Peaxy Inc
All other trademarks belong to their respective companies
CopyrightsThis document is copyright copy 2016 Peaxy Inc
Aureum software includes portions of the following
bull Amazon Web Services (AWS) Java SDK httpsawsamazoncomsdk-for-java and httpawsamazoncomapache-2-0
bull Apache License Version 20 January 2004bull BEOPEN PYTHON OPEN SOURCE LICENSE AGREEMENT VERSION 1bull BSD 3bull crc32 routine COPYRIGHT copy 1986 Gary S Brownbull Element Tree used under the Python licensebull Erlang Public License (EPL) a derivative work of the Mozilla Public License Now provided under
the Apache 20 licensebull GoogleAuth httpsgithubcomwstrangeGoogleAuthbull GNU Lesser General Public License Version 3 Copyright copy 2007 Free Software Foundation Inc
and GNU Lesser General Public License Version 21 Copyright copy 1999 Free Software FoundationInc
bull Samba is Free Software licensed under the GNU General Public License httpswwwsambaorgsambadocsGPLhtml the Samba project is a member of the Software Freedom Conservancy
bull JSON-C Copyright (c) 2009-2012 Eric Haszlakiewicz and Copyright (c) 2004-2005 MetaparadigmPte Ltd
bull Kerberos Copyright copy 1985-2009 now under the MIT 2 licensebull libcurl Copyright (c) 1996 - 2015 Daniel Stenbergdanielhaxxsebull lshow used under the GPL licensebull MIT (X11) Copyright copy 2007-2015bull RIAK Creative Commons (httpcreativecommonsorg licensesby30)bull Goldrush Copyright copy 2012 Magnus Klaarbull Meld Under ZPL licensebull NSIS (Nullsoft Scriptable Install System) copy 1999-2013bull OpenSSL License Copyright (c) 1998-2016 The OpenSSL Project and Original SSLeay License
Copyright (c) 1995-1998 Eric Youngbull Protobuf Copyright 2008 Google Inc now under the BSD 3 licensebull Setup Tools (setuptools-06c11) Under ZPL licensebull Sodium crypto library (libsodium) ISC license Copyright (c) 2013-2015 Frank Denisbull Solr the Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull TCL Copyright copy Regents of the University of California Sun Microsystems Inc Scriptics
Corporation and other partiesbull The Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull The Apache Tika project Copyright copy The Apache Software Foundationbull VirtualBox Copyright copy 2007 Oracle Corp as part of the GNU GPL V2 Licensebull YAWS Copyright copy 2006 Claes Wikstrom now under the BSD licensebull Apache zookeeper Under the Apache 2 license
Index | 35
Index
bdl license file 18
img 12
MD5 12
zip 12
A
access directories 24Active Directory 26add
resources 19servers 19
Admin 17administrator 17AMS 12 14 15 16Aureum IP address 11Aureum Manager 6 12 14Aureum name 18Aureum overview 5average file size 18
B
beacon turning on or off 19BIOS 15bonding network interface 19bootable USB 12 14browser 15button color 17
C
capacity 10 19CentOS 10checksum 12client registration 22clients 22configuration 11configure email 21connect 22contact 31create
export 23share 27
create Aureum 15create storage class 20
D
dedicated capacity 20dedicated nodes 5default storage class 20directory access 24discover resources 12 14 19discovery state Aureum nodes 12 14disk space required 10DNS server 11DNS servers 18documentation 31domain-authenticated user
domain 27
domain-authentication 22domain suffix 11download images 14
E
editsecurity level 22
emailer settings 21Ethernet
interface 10switch 10
exportCIFS 23create an export 23
F
files needed 12 14firewall 12flexible capacity 20flock 29FUSE 10
G
gateway 11 18
H
hardware requirements 10how to reach Peaxy 31
I
image copier 12 14import a license 18initial configuration 18inode retention 29install
client 24Linux client 24
introduction 5iptables 16
J
javarequired version 12 14
javaw 14
K
Kerberos 22 22 23
L
legal 33levels of security 23license files 18licenses 18
Index | 36
Linux client install 24localhost 15location 18
M
maintenance agreement 18management IP 15mapping 22mount Aureum 24 27mounting 22 22
N
namespace 18Navigation menu
configuration 11security 22
netBIOS 22NIC 19NTP server 11 18
O
outgoing email 21overview
architecture 6Aureum building blocks 6components 6
P
password 17password limitations 17ports 12POSIX compliance 29primary domain 18primary domain suffix 11
R
RAM requirements 10realms 22reboot 12 14recommended configuration 10Red Hat Enterprise Linux 10replication factor 11 18 20resources
needed 10run setup 16
S
samsp 12 14 16security 22 23security levels
security 22 23select the license 18SElinux 16sestatus 16set performance levels 20settings 11setup 16share
CIFS 27
create a share 27Share 26SMTP 17 21software files 14space needed 10storage class creating default 20subnet mask 11Support hours 31
T
tar ball 24time server 18time zone 11 18
U
USB 15USB stick 10 12 14user account 17
V
virtualization 6 15
W
what youll need 11Windows
domain 26join a domain 26share 27
Windows client 10
Y
yum 24
Install Aureum | 27
5 In the NETBIOS NAME field set the Aureum computer account name you wish to be created in theActive Directory If Aureum is using a pre-created machine account in a specific OU then the nameyou specify here must match that name exactly
6 Click JOIN
After the domain has been joined the JOIN button changes to LEAVE To leave the domain clickLEAVE
Create a ShareCreate a share to allow Windows users to connect to Aureum
Before you can create a share you must join the appropriate domain
1 From the Navigation menu select SECURITY gt SHARES2 Type the name of the share3 In the SHARE CONTENT IN field choose the appropriate data class
The IN DIRECTORY field automatically populates with the path specified by the chosen data classYou can extend this path but you cannot shorten it For example if the data class specifies the engineeringsoftware directory you can extend this path to be engineeringsoftwareqa However youcannot shorten the path to be engineering
Note The system root data class specifies the root () directory You can extend this path inany way you choose The path must start with a slash and wildcards are not allowed
4 Optional Include a description to provide more information about the share5 Click CREATE
6 To edit or delete a share click the share to be modified
bull To edit the share make the changes needed in the edit panel and click SAVE CHANGESbull To delete the share click the trash can icon ( ) and confirm the deletion
Mount an Aureum Windows ShareDomain-authenticated users can mount and access Aureum directories using a share
After Aureum has been joined to a domain and the share has been created you can easily mount tothe share
The exact mount process is based on your workstation OS
Install Aureum | 28
If you do not already know it you can determine the mount point from Aureum by navigating to theJOIN DOMAIN page and using one of the listed public IP addresses as the mount point Include theshare name when mounting
Peaxy recommends that you take the list of public IP addresses and enter them into your DNS serverlisted under the Aureum NetBIOS name within the appropriate domain In cases where multipleaddresses are used the DNS server automatically round-robins the returned address This ensure thatclient connection load is distributed across the available nodes
As a Windows example to mount a drive letter to Aureum Type
net use ltdrive_lettergt ltpublic addressgtltshare namegt
where ltdrive_lettergt is the drive letter to assign to Aureum ltpublic_addressgt is the IP address usedto join the domain and ltshare_namegt is the share
You then log into the share using your domain-authenticated username and password For exampleMYDOMAINmyname
After mapping the drive access Aureum through Windows Explorer just like you would any otherdrive
If the share does not appear in the Windows Explorer after a change such as a system reboot occursrefresh the view using the Refresh icon ( ) The share should display correctly
You do not have to assign a share to a drive letter however In Windows Explorer type the public IPaddress and share name into the address bar Provide your username and password
POSIX ComplianceAureum provides a POSIX-compliant interface
Most of the Aureum interfaces are POSIX compliant and adhere to the IEEE standard The following isa list of exceptions to compliance
bull The directory nlink count is not incremented when a subdirectory is addedbull inode retention differs from the POSIX specification because there is no way to retain the original
inode number when a rename entails a move to a different device You can display the datahyperserver extent ID instead of the namespace hyperserver Node ID to the caller in the statfamily of calls This does not change when a file or directory is renamed It does change if the file ismigrated from one data hyperserver to another
bull If two mount points are held to the same Aureum and a file is closed on one Aureum does notremove a fcntl lock for the same file on another This is a variance on the way that NFS worksThe internal locking structures take into account the client ID which varies depending on the clientmount If there are two different mounts to a server Aureum treats them as separate machineswhich NFS does not
bull The file locking call flock() is emulated using POSIX byte range locks (fcntl() ) The POSIXcompliance specification does not cover flock() This implementation mirrors the behavior ofNFS The Aureum behavior is slightly different and varies from the POSIX specification as follows
1 As in NFS you must have write permissions to get a write lock2 As in NFS you cannot place both flock() and fcntl() locks on the same file as these locks
will conflict3 An flock() will not inherit across forks4 The flock() will be durable against other file closes but fcntl() locks will not behave within
the POSIX specification5 As well as being removed by an explicit f_unlock record locks are automatically released
when the process terminates or if it closes any file descriptor referring to a file on which locksare held This means that a process can lose the locks on a file like etcpasswd or etcmtab if a library function opens reads and closes it
Information and ResourcesThe latest news and information can always be found on the Peaxy website
Peaxy provides documents that are designed for different audiences These documents furnish acomprehensive explanation of Aureum and how to use it Additionally information is available fromtooltips Each field has a tooltip that adds explanations and any limitations for the item
The most current and accurate information available was included at the time this document wasprepared However changes may occur after the document is released Always read the ReleaseNotes for the most current information
Aureum Installation GuideA step-by-step guide to installing and configuring Aureum into your network
Aureum Administrator GuideA guide to understanding the Aureum architecture Provides details for planning configuring andmonitoring your implementation
Quickstart SeriesA series of two-page guides providing an abbreviated set of instructions for Aureum tasks Theycan be taken in order or used as reminders for individual tasks
Tech NotesSome technical issues are outside the scope of the regular documentation These are presented asTechnical Notes
Contact Peaxy9 am to 5 pm Pacific Standard Time
Main +1 (408) 441-6500
Support +1 (408) 763-3700
By phone
Support toll free US only +1 (844) 277-3299
General information infopeaxynet
Sales salespeaxynet
Support supportpeaxynet
By email
Documentation feedback feedbackpeaxynet
Online wwwpeaxynetsupport (login required)
Peaxy Inc
2380 Bering Dr
By mail
San Jose CA 95131 USA
LegalPeaxyreg and Aureumtrade are registered trademarks of Peaxy Inc
All other trademarks belong to their respective companies
CopyrightsThis document is copyright copy 2016 Peaxy Inc
Aureum software includes portions of the following
bull Amazon Web Services (AWS) Java SDK httpsawsamazoncomsdk-for-java and httpawsamazoncomapache-2-0
bull Apache License Version 20 January 2004bull BEOPEN PYTHON OPEN SOURCE LICENSE AGREEMENT VERSION 1bull BSD 3bull crc32 routine COPYRIGHT copy 1986 Gary S Brownbull Element Tree used under the Python licensebull Erlang Public License (EPL) a derivative work of the Mozilla Public License Now provided under
the Apache 20 licensebull GoogleAuth httpsgithubcomwstrangeGoogleAuthbull GNU Lesser General Public License Version 3 Copyright copy 2007 Free Software Foundation Inc
and GNU Lesser General Public License Version 21 Copyright copy 1999 Free Software FoundationInc
bull Samba is Free Software licensed under the GNU General Public License httpswwwsambaorgsambadocsGPLhtml the Samba project is a member of the Software Freedom Conservancy
bull JSON-C Copyright (c) 2009-2012 Eric Haszlakiewicz and Copyright (c) 2004-2005 MetaparadigmPte Ltd
bull Kerberos Copyright copy 1985-2009 now under the MIT 2 licensebull libcurl Copyright (c) 1996 - 2015 Daniel Stenbergdanielhaxxsebull lshow used under the GPL licensebull MIT (X11) Copyright copy 2007-2015bull RIAK Creative Commons (httpcreativecommonsorg licensesby30)bull Goldrush Copyright copy 2012 Magnus Klaarbull Meld Under ZPL licensebull NSIS (Nullsoft Scriptable Install System) copy 1999-2013bull OpenSSL License Copyright (c) 1998-2016 The OpenSSL Project and Original SSLeay License
Copyright (c) 1995-1998 Eric Youngbull Protobuf Copyright 2008 Google Inc now under the BSD 3 licensebull Setup Tools (setuptools-06c11) Under ZPL licensebull Sodium crypto library (libsodium) ISC license Copyright (c) 2013-2015 Frank Denisbull Solr the Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull TCL Copyright copy Regents of the University of California Sun Microsystems Inc Scriptics
Corporation and other partiesbull The Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull The Apache Tika project Copyright copy The Apache Software Foundationbull VirtualBox Copyright copy 2007 Oracle Corp as part of the GNU GPL V2 Licensebull YAWS Copyright copy 2006 Claes Wikstrom now under the BSD licensebull Apache zookeeper Under the Apache 2 license
Index | 35
Index
bdl license file 18
img 12
MD5 12
zip 12
A
access directories 24Active Directory 26add
resources 19servers 19
Admin 17administrator 17AMS 12 14 15 16Aureum IP address 11Aureum Manager 6 12 14Aureum name 18Aureum overview 5average file size 18
B
beacon turning on or off 19BIOS 15bonding network interface 19bootable USB 12 14browser 15button color 17
C
capacity 10 19CentOS 10checksum 12client registration 22clients 22configuration 11configure email 21connect 22contact 31create
export 23share 27
create Aureum 15create storage class 20
D
dedicated capacity 20dedicated nodes 5default storage class 20directory access 24discover resources 12 14 19discovery state Aureum nodes 12 14disk space required 10DNS server 11DNS servers 18documentation 31domain-authenticated user
domain 27
domain-authentication 22domain suffix 11download images 14
E
editsecurity level 22
emailer settings 21Ethernet
interface 10switch 10
exportCIFS 23create an export 23
F
files needed 12 14firewall 12flexible capacity 20flock 29FUSE 10
G
gateway 11 18
H
hardware requirements 10how to reach Peaxy 31
I
image copier 12 14import a license 18initial configuration 18inode retention 29install
client 24Linux client 24
introduction 5iptables 16
J
javarequired version 12 14
javaw 14
K
Kerberos 22 22 23
L
legal 33levels of security 23license files 18licenses 18
Index | 36
Linux client install 24localhost 15location 18
M
maintenance agreement 18management IP 15mapping 22mount Aureum 24 27mounting 22 22
N
namespace 18Navigation menu
configuration 11security 22
netBIOS 22NIC 19NTP server 11 18
O
outgoing email 21overview
architecture 6Aureum building blocks 6components 6
P
password 17password limitations 17ports 12POSIX compliance 29primary domain 18primary domain suffix 11
R
RAM requirements 10realms 22reboot 12 14recommended configuration 10Red Hat Enterprise Linux 10replication factor 11 18 20resources
needed 10run setup 16
S
samsp 12 14 16security 22 23security levels
security 22 23select the license 18SElinux 16sestatus 16set performance levels 20settings 11setup 16share
CIFS 27
create a share 27Share 26SMTP 17 21software files 14space needed 10storage class creating default 20subnet mask 11Support hours 31
T
tar ball 24time server 18time zone 11 18
U
USB 15USB stick 10 12 14user account 17
V
virtualization 6 15
W
what youll need 11Windows
domain 26join a domain 26share 27
Windows client 10
Y
yum 24
Install Aureum | 28
If you do not already know it you can determine the mount point from Aureum by navigating to theJOIN DOMAIN page and using one of the listed public IP addresses as the mount point Include theshare name when mounting
Peaxy recommends that you take the list of public IP addresses and enter them into your DNS serverlisted under the Aureum NetBIOS name within the appropriate domain In cases where multipleaddresses are used the DNS server automatically round-robins the returned address This ensure thatclient connection load is distributed across the available nodes
As a Windows example to mount a drive letter to Aureum Type
net use ltdrive_lettergt ltpublic addressgtltshare namegt
where ltdrive_lettergt is the drive letter to assign to Aureum ltpublic_addressgt is the IP address usedto join the domain and ltshare_namegt is the share
You then log into the share using your domain-authenticated username and password For exampleMYDOMAINmyname
After mapping the drive access Aureum through Windows Explorer just like you would any otherdrive
If the share does not appear in the Windows Explorer after a change such as a system reboot occursrefresh the view using the Refresh icon ( ) The share should display correctly
You do not have to assign a share to a drive letter however In Windows Explorer type the public IPaddress and share name into the address bar Provide your username and password
POSIX ComplianceAureum provides a POSIX-compliant interface
Most of the Aureum interfaces are POSIX compliant and adhere to the IEEE standard The following isa list of exceptions to compliance
bull The directory nlink count is not incremented when a subdirectory is addedbull inode retention differs from the POSIX specification because there is no way to retain the original
inode number when a rename entails a move to a different device You can display the datahyperserver extent ID instead of the namespace hyperserver Node ID to the caller in the statfamily of calls This does not change when a file or directory is renamed It does change if the file ismigrated from one data hyperserver to another
bull If two mount points are held to the same Aureum and a file is closed on one Aureum does notremove a fcntl lock for the same file on another This is a variance on the way that NFS worksThe internal locking structures take into account the client ID which varies depending on the clientmount If there are two different mounts to a server Aureum treats them as separate machineswhich NFS does not
bull The file locking call flock() is emulated using POSIX byte range locks (fcntl() ) The POSIXcompliance specification does not cover flock() This implementation mirrors the behavior ofNFS The Aureum behavior is slightly different and varies from the POSIX specification as follows
1 As in NFS you must have write permissions to get a write lock2 As in NFS you cannot place both flock() and fcntl() locks on the same file as these locks
will conflict3 An flock() will not inherit across forks4 The flock() will be durable against other file closes but fcntl() locks will not behave within
the POSIX specification5 As well as being removed by an explicit f_unlock record locks are automatically released
when the process terminates or if it closes any file descriptor referring to a file on which locksare held This means that a process can lose the locks on a file like etcpasswd or etcmtab if a library function opens reads and closes it
Information and ResourcesThe latest news and information can always be found on the Peaxy website
Peaxy provides documents that are designed for different audiences These documents furnish acomprehensive explanation of Aureum and how to use it Additionally information is available fromtooltips Each field has a tooltip that adds explanations and any limitations for the item
The most current and accurate information available was included at the time this document wasprepared However changes may occur after the document is released Always read the ReleaseNotes for the most current information
Aureum Installation GuideA step-by-step guide to installing and configuring Aureum into your network
Aureum Administrator GuideA guide to understanding the Aureum architecture Provides details for planning configuring andmonitoring your implementation
Quickstart SeriesA series of two-page guides providing an abbreviated set of instructions for Aureum tasks Theycan be taken in order or used as reminders for individual tasks
Tech NotesSome technical issues are outside the scope of the regular documentation These are presented asTechnical Notes
Contact Peaxy9 am to 5 pm Pacific Standard Time
Main +1 (408) 441-6500
Support +1 (408) 763-3700
By phone
Support toll free US only +1 (844) 277-3299
General information infopeaxynet
Sales salespeaxynet
Support supportpeaxynet
By email
Documentation feedback feedbackpeaxynet
Online wwwpeaxynetsupport (login required)
Peaxy Inc
2380 Bering Dr
By mail
San Jose CA 95131 USA
LegalPeaxyreg and Aureumtrade are registered trademarks of Peaxy Inc
All other trademarks belong to their respective companies
CopyrightsThis document is copyright copy 2016 Peaxy Inc
Aureum software includes portions of the following
bull Amazon Web Services (AWS) Java SDK httpsawsamazoncomsdk-for-java and httpawsamazoncomapache-2-0
bull Apache License Version 20 January 2004bull BEOPEN PYTHON OPEN SOURCE LICENSE AGREEMENT VERSION 1bull BSD 3bull crc32 routine COPYRIGHT copy 1986 Gary S Brownbull Element Tree used under the Python licensebull Erlang Public License (EPL) a derivative work of the Mozilla Public License Now provided under
the Apache 20 licensebull GoogleAuth httpsgithubcomwstrangeGoogleAuthbull GNU Lesser General Public License Version 3 Copyright copy 2007 Free Software Foundation Inc
and GNU Lesser General Public License Version 21 Copyright copy 1999 Free Software FoundationInc
bull Samba is Free Software licensed under the GNU General Public License httpswwwsambaorgsambadocsGPLhtml the Samba project is a member of the Software Freedom Conservancy
bull JSON-C Copyright (c) 2009-2012 Eric Haszlakiewicz and Copyright (c) 2004-2005 MetaparadigmPte Ltd
bull Kerberos Copyright copy 1985-2009 now under the MIT 2 licensebull libcurl Copyright (c) 1996 - 2015 Daniel Stenbergdanielhaxxsebull lshow used under the GPL licensebull MIT (X11) Copyright copy 2007-2015bull RIAK Creative Commons (httpcreativecommonsorg licensesby30)bull Goldrush Copyright copy 2012 Magnus Klaarbull Meld Under ZPL licensebull NSIS (Nullsoft Scriptable Install System) copy 1999-2013bull OpenSSL License Copyright (c) 1998-2016 The OpenSSL Project and Original SSLeay License
Copyright (c) 1995-1998 Eric Youngbull Protobuf Copyright 2008 Google Inc now under the BSD 3 licensebull Setup Tools (setuptools-06c11) Under ZPL licensebull Sodium crypto library (libsodium) ISC license Copyright (c) 2013-2015 Frank Denisbull Solr the Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull TCL Copyright copy Regents of the University of California Sun Microsystems Inc Scriptics
Corporation and other partiesbull The Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull The Apache Tika project Copyright copy The Apache Software Foundationbull VirtualBox Copyright copy 2007 Oracle Corp as part of the GNU GPL V2 Licensebull YAWS Copyright copy 2006 Claes Wikstrom now under the BSD licensebull Apache zookeeper Under the Apache 2 license
Index | 35
Index
bdl license file 18
img 12
MD5 12
zip 12
A
access directories 24Active Directory 26add
resources 19servers 19
Admin 17administrator 17AMS 12 14 15 16Aureum IP address 11Aureum Manager 6 12 14Aureum name 18Aureum overview 5average file size 18
B
beacon turning on or off 19BIOS 15bonding network interface 19bootable USB 12 14browser 15button color 17
C
capacity 10 19CentOS 10checksum 12client registration 22clients 22configuration 11configure email 21connect 22contact 31create
export 23share 27
create Aureum 15create storage class 20
D
dedicated capacity 20dedicated nodes 5default storage class 20directory access 24discover resources 12 14 19discovery state Aureum nodes 12 14disk space required 10DNS server 11DNS servers 18documentation 31domain-authenticated user
domain 27
domain-authentication 22domain suffix 11download images 14
E
editsecurity level 22
emailer settings 21Ethernet
interface 10switch 10
exportCIFS 23create an export 23
F
files needed 12 14firewall 12flexible capacity 20flock 29FUSE 10
G
gateway 11 18
H
hardware requirements 10how to reach Peaxy 31
I
image copier 12 14import a license 18initial configuration 18inode retention 29install
client 24Linux client 24
introduction 5iptables 16
J
javarequired version 12 14
javaw 14
K
Kerberos 22 22 23
L
legal 33levels of security 23license files 18licenses 18
Index | 36
Linux client install 24localhost 15location 18
M
maintenance agreement 18management IP 15mapping 22mount Aureum 24 27mounting 22 22
N
namespace 18Navigation menu
configuration 11security 22
netBIOS 22NIC 19NTP server 11 18
O
outgoing email 21overview
architecture 6Aureum building blocks 6components 6
P
password 17password limitations 17ports 12POSIX compliance 29primary domain 18primary domain suffix 11
R
RAM requirements 10realms 22reboot 12 14recommended configuration 10Red Hat Enterprise Linux 10replication factor 11 18 20resources
needed 10run setup 16
S
samsp 12 14 16security 22 23security levels
security 22 23select the license 18SElinux 16sestatus 16set performance levels 20settings 11setup 16share
CIFS 27
create a share 27Share 26SMTP 17 21software files 14space needed 10storage class creating default 20subnet mask 11Support hours 31
T
tar ball 24time server 18time zone 11 18
U
USB 15USB stick 10 12 14user account 17
V
virtualization 6 15
W
what youll need 11Windows
domain 26join a domain 26share 27
Windows client 10
Y
yum 24
POSIX ComplianceAureum provides a POSIX-compliant interface
Most of the Aureum interfaces are POSIX compliant and adhere to the IEEE standard The following isa list of exceptions to compliance
bull The directory nlink count is not incremented when a subdirectory is addedbull inode retention differs from the POSIX specification because there is no way to retain the original
inode number when a rename entails a move to a different device You can display the datahyperserver extent ID instead of the namespace hyperserver Node ID to the caller in the statfamily of calls This does not change when a file or directory is renamed It does change if the file ismigrated from one data hyperserver to another
bull If two mount points are held to the same Aureum and a file is closed on one Aureum does notremove a fcntl lock for the same file on another This is a variance on the way that NFS worksThe internal locking structures take into account the client ID which varies depending on the clientmount If there are two different mounts to a server Aureum treats them as separate machineswhich NFS does not
bull The file locking call flock() is emulated using POSIX byte range locks (fcntl() ) The POSIXcompliance specification does not cover flock() This implementation mirrors the behavior ofNFS The Aureum behavior is slightly different and varies from the POSIX specification as follows
1 As in NFS you must have write permissions to get a write lock2 As in NFS you cannot place both flock() and fcntl() locks on the same file as these locks
will conflict3 An flock() will not inherit across forks4 The flock() will be durable against other file closes but fcntl() locks will not behave within
the POSIX specification5 As well as being removed by an explicit f_unlock record locks are automatically released
when the process terminates or if it closes any file descriptor referring to a file on which locksare held This means that a process can lose the locks on a file like etcpasswd or etcmtab if a library function opens reads and closes it
Information and ResourcesThe latest news and information can always be found on the Peaxy website
Peaxy provides documents that are designed for different audiences These documents furnish acomprehensive explanation of Aureum and how to use it Additionally information is available fromtooltips Each field has a tooltip that adds explanations and any limitations for the item
The most current and accurate information available was included at the time this document wasprepared However changes may occur after the document is released Always read the ReleaseNotes for the most current information
Aureum Installation GuideA step-by-step guide to installing and configuring Aureum into your network
Aureum Administrator GuideA guide to understanding the Aureum architecture Provides details for planning configuring andmonitoring your implementation
Quickstart SeriesA series of two-page guides providing an abbreviated set of instructions for Aureum tasks Theycan be taken in order or used as reminders for individual tasks
Tech NotesSome technical issues are outside the scope of the regular documentation These are presented asTechnical Notes
Contact Peaxy9 am to 5 pm Pacific Standard Time
Main +1 (408) 441-6500
Support +1 (408) 763-3700
By phone
Support toll free US only +1 (844) 277-3299
General information infopeaxynet
Sales salespeaxynet
Support supportpeaxynet
By email
Documentation feedback feedbackpeaxynet
Online wwwpeaxynetsupport (login required)
Peaxy Inc
2380 Bering Dr
By mail
San Jose CA 95131 USA
LegalPeaxyreg and Aureumtrade are registered trademarks of Peaxy Inc
All other trademarks belong to their respective companies
CopyrightsThis document is copyright copy 2016 Peaxy Inc
Aureum software includes portions of the following
bull Amazon Web Services (AWS) Java SDK httpsawsamazoncomsdk-for-java and httpawsamazoncomapache-2-0
bull Apache License Version 20 January 2004bull BEOPEN PYTHON OPEN SOURCE LICENSE AGREEMENT VERSION 1bull BSD 3bull crc32 routine COPYRIGHT copy 1986 Gary S Brownbull Element Tree used under the Python licensebull Erlang Public License (EPL) a derivative work of the Mozilla Public License Now provided under
the Apache 20 licensebull GoogleAuth httpsgithubcomwstrangeGoogleAuthbull GNU Lesser General Public License Version 3 Copyright copy 2007 Free Software Foundation Inc
and GNU Lesser General Public License Version 21 Copyright copy 1999 Free Software FoundationInc
bull Samba is Free Software licensed under the GNU General Public License httpswwwsambaorgsambadocsGPLhtml the Samba project is a member of the Software Freedom Conservancy
bull JSON-C Copyright (c) 2009-2012 Eric Haszlakiewicz and Copyright (c) 2004-2005 MetaparadigmPte Ltd
bull Kerberos Copyright copy 1985-2009 now under the MIT 2 licensebull libcurl Copyright (c) 1996 - 2015 Daniel Stenbergdanielhaxxsebull lshow used under the GPL licensebull MIT (X11) Copyright copy 2007-2015bull RIAK Creative Commons (httpcreativecommonsorg licensesby30)bull Goldrush Copyright copy 2012 Magnus Klaarbull Meld Under ZPL licensebull NSIS (Nullsoft Scriptable Install System) copy 1999-2013bull OpenSSL License Copyright (c) 1998-2016 The OpenSSL Project and Original SSLeay License
Copyright (c) 1995-1998 Eric Youngbull Protobuf Copyright 2008 Google Inc now under the BSD 3 licensebull Setup Tools (setuptools-06c11) Under ZPL licensebull Sodium crypto library (libsodium) ISC license Copyright (c) 2013-2015 Frank Denisbull Solr the Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull TCL Copyright copy Regents of the University of California Sun Microsystems Inc Scriptics
Corporation and other partiesbull The Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull The Apache Tika project Copyright copy The Apache Software Foundationbull VirtualBox Copyright copy 2007 Oracle Corp as part of the GNU GPL V2 Licensebull YAWS Copyright copy 2006 Claes Wikstrom now under the BSD licensebull Apache zookeeper Under the Apache 2 license
Index | 35
Index
bdl license file 18
img 12
MD5 12
zip 12
A
access directories 24Active Directory 26add
resources 19servers 19
Admin 17administrator 17AMS 12 14 15 16Aureum IP address 11Aureum Manager 6 12 14Aureum name 18Aureum overview 5average file size 18
B
beacon turning on or off 19BIOS 15bonding network interface 19bootable USB 12 14browser 15button color 17
C
capacity 10 19CentOS 10checksum 12client registration 22clients 22configuration 11configure email 21connect 22contact 31create
export 23share 27
create Aureum 15create storage class 20
D
dedicated capacity 20dedicated nodes 5default storage class 20directory access 24discover resources 12 14 19discovery state Aureum nodes 12 14disk space required 10DNS server 11DNS servers 18documentation 31domain-authenticated user
domain 27
domain-authentication 22domain suffix 11download images 14
E
editsecurity level 22
emailer settings 21Ethernet
interface 10switch 10
exportCIFS 23create an export 23
F
files needed 12 14firewall 12flexible capacity 20flock 29FUSE 10
G
gateway 11 18
H
hardware requirements 10how to reach Peaxy 31
I
image copier 12 14import a license 18initial configuration 18inode retention 29install
client 24Linux client 24
introduction 5iptables 16
J
javarequired version 12 14
javaw 14
K
Kerberos 22 22 23
L
legal 33levels of security 23license files 18licenses 18
Index | 36
Linux client install 24localhost 15location 18
M
maintenance agreement 18management IP 15mapping 22mount Aureum 24 27mounting 22 22
N
namespace 18Navigation menu
configuration 11security 22
netBIOS 22NIC 19NTP server 11 18
O
outgoing email 21overview
architecture 6Aureum building blocks 6components 6
P
password 17password limitations 17ports 12POSIX compliance 29primary domain 18primary domain suffix 11
R
RAM requirements 10realms 22reboot 12 14recommended configuration 10Red Hat Enterprise Linux 10replication factor 11 18 20resources
needed 10run setup 16
S
samsp 12 14 16security 22 23security levels
security 22 23select the license 18SElinux 16sestatus 16set performance levels 20settings 11setup 16share
CIFS 27
create a share 27Share 26SMTP 17 21software files 14space needed 10storage class creating default 20subnet mask 11Support hours 31
T
tar ball 24time server 18time zone 11 18
U
USB 15USB stick 10 12 14user account 17
V
virtualization 6 15
W
what youll need 11Windows
domain 26join a domain 26share 27
Windows client 10
Y
yum 24
Information and ResourcesThe latest news and information can always be found on the Peaxy website
Peaxy provides documents that are designed for different audiences These documents furnish acomprehensive explanation of Aureum and how to use it Additionally information is available fromtooltips Each field has a tooltip that adds explanations and any limitations for the item
The most current and accurate information available was included at the time this document wasprepared However changes may occur after the document is released Always read the ReleaseNotes for the most current information
Aureum Installation GuideA step-by-step guide to installing and configuring Aureum into your network
Aureum Administrator GuideA guide to understanding the Aureum architecture Provides details for planning configuring andmonitoring your implementation
Quickstart SeriesA series of two-page guides providing an abbreviated set of instructions for Aureum tasks Theycan be taken in order or used as reminders for individual tasks
Tech NotesSome technical issues are outside the scope of the regular documentation These are presented asTechnical Notes
Contact Peaxy9 am to 5 pm Pacific Standard Time
Main +1 (408) 441-6500
Support +1 (408) 763-3700
By phone
Support toll free US only +1 (844) 277-3299
General information infopeaxynet
Sales salespeaxynet
Support supportpeaxynet
By email
Documentation feedback feedbackpeaxynet
Online wwwpeaxynetsupport (login required)
Peaxy Inc
2380 Bering Dr
By mail
San Jose CA 95131 USA
LegalPeaxyreg and Aureumtrade are registered trademarks of Peaxy Inc
All other trademarks belong to their respective companies
CopyrightsThis document is copyright copy 2016 Peaxy Inc
Aureum software includes portions of the following
bull Amazon Web Services (AWS) Java SDK httpsawsamazoncomsdk-for-java and httpawsamazoncomapache-2-0
bull Apache License Version 20 January 2004bull BEOPEN PYTHON OPEN SOURCE LICENSE AGREEMENT VERSION 1bull BSD 3bull crc32 routine COPYRIGHT copy 1986 Gary S Brownbull Element Tree used under the Python licensebull Erlang Public License (EPL) a derivative work of the Mozilla Public License Now provided under
the Apache 20 licensebull GoogleAuth httpsgithubcomwstrangeGoogleAuthbull GNU Lesser General Public License Version 3 Copyright copy 2007 Free Software Foundation Inc
and GNU Lesser General Public License Version 21 Copyright copy 1999 Free Software FoundationInc
bull Samba is Free Software licensed under the GNU General Public License httpswwwsambaorgsambadocsGPLhtml the Samba project is a member of the Software Freedom Conservancy
bull JSON-C Copyright (c) 2009-2012 Eric Haszlakiewicz and Copyright (c) 2004-2005 MetaparadigmPte Ltd
bull Kerberos Copyright copy 1985-2009 now under the MIT 2 licensebull libcurl Copyright (c) 1996 - 2015 Daniel Stenbergdanielhaxxsebull lshow used under the GPL licensebull MIT (X11) Copyright copy 2007-2015bull RIAK Creative Commons (httpcreativecommonsorg licensesby30)bull Goldrush Copyright copy 2012 Magnus Klaarbull Meld Under ZPL licensebull NSIS (Nullsoft Scriptable Install System) copy 1999-2013bull OpenSSL License Copyright (c) 1998-2016 The OpenSSL Project and Original SSLeay License
Copyright (c) 1995-1998 Eric Youngbull Protobuf Copyright 2008 Google Inc now under the BSD 3 licensebull Setup Tools (setuptools-06c11) Under ZPL licensebull Sodium crypto library (libsodium) ISC license Copyright (c) 2013-2015 Frank Denisbull Solr the Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull TCL Copyright copy Regents of the University of California Sun Microsystems Inc Scriptics
Corporation and other partiesbull The Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull The Apache Tika project Copyright copy The Apache Software Foundationbull VirtualBox Copyright copy 2007 Oracle Corp as part of the GNU GPL V2 Licensebull YAWS Copyright copy 2006 Claes Wikstrom now under the BSD licensebull Apache zookeeper Under the Apache 2 license
Index | 35
Index
bdl license file 18
img 12
MD5 12
zip 12
A
access directories 24Active Directory 26add
resources 19servers 19
Admin 17administrator 17AMS 12 14 15 16Aureum IP address 11Aureum Manager 6 12 14Aureum name 18Aureum overview 5average file size 18
B
beacon turning on or off 19BIOS 15bonding network interface 19bootable USB 12 14browser 15button color 17
C
capacity 10 19CentOS 10checksum 12client registration 22clients 22configuration 11configure email 21connect 22contact 31create
export 23share 27
create Aureum 15create storage class 20
D
dedicated capacity 20dedicated nodes 5default storage class 20directory access 24discover resources 12 14 19discovery state Aureum nodes 12 14disk space required 10DNS server 11DNS servers 18documentation 31domain-authenticated user
domain 27
domain-authentication 22domain suffix 11download images 14
E
editsecurity level 22
emailer settings 21Ethernet
interface 10switch 10
exportCIFS 23create an export 23
F
files needed 12 14firewall 12flexible capacity 20flock 29FUSE 10
G
gateway 11 18
H
hardware requirements 10how to reach Peaxy 31
I
image copier 12 14import a license 18initial configuration 18inode retention 29install
client 24Linux client 24
introduction 5iptables 16
J
javarequired version 12 14
javaw 14
K
Kerberos 22 22 23
L
legal 33levels of security 23license files 18licenses 18
Index | 36
Linux client install 24localhost 15location 18
M
maintenance agreement 18management IP 15mapping 22mount Aureum 24 27mounting 22 22
N
namespace 18Navigation menu
configuration 11security 22
netBIOS 22NIC 19NTP server 11 18
O
outgoing email 21overview
architecture 6Aureum building blocks 6components 6
P
password 17password limitations 17ports 12POSIX compliance 29primary domain 18primary domain suffix 11
R
RAM requirements 10realms 22reboot 12 14recommended configuration 10Red Hat Enterprise Linux 10replication factor 11 18 20resources
needed 10run setup 16
S
samsp 12 14 16security 22 23security levels
security 22 23select the license 18SElinux 16sestatus 16set performance levels 20settings 11setup 16share
CIFS 27
create a share 27Share 26SMTP 17 21software files 14space needed 10storage class creating default 20subnet mask 11Support hours 31
T
tar ball 24time server 18time zone 11 18
U
USB 15USB stick 10 12 14user account 17
V
virtualization 6 15
W
what youll need 11Windows
domain 26join a domain 26share 27
Windows client 10
Y
yum 24
LegalPeaxyreg and Aureumtrade are registered trademarks of Peaxy Inc
All other trademarks belong to their respective companies
CopyrightsThis document is copyright copy 2016 Peaxy Inc
Aureum software includes portions of the following
bull Amazon Web Services (AWS) Java SDK httpsawsamazoncomsdk-for-java and httpawsamazoncomapache-2-0
bull Apache License Version 20 January 2004bull BEOPEN PYTHON OPEN SOURCE LICENSE AGREEMENT VERSION 1bull BSD 3bull crc32 routine COPYRIGHT copy 1986 Gary S Brownbull Element Tree used under the Python licensebull Erlang Public License (EPL) a derivative work of the Mozilla Public License Now provided under
the Apache 20 licensebull GoogleAuth httpsgithubcomwstrangeGoogleAuthbull GNU Lesser General Public License Version 3 Copyright copy 2007 Free Software Foundation Inc
and GNU Lesser General Public License Version 21 Copyright copy 1999 Free Software FoundationInc
bull Samba is Free Software licensed under the GNU General Public License httpswwwsambaorgsambadocsGPLhtml the Samba project is a member of the Software Freedom Conservancy
bull JSON-C Copyright (c) 2009-2012 Eric Haszlakiewicz and Copyright (c) 2004-2005 MetaparadigmPte Ltd
bull Kerberos Copyright copy 1985-2009 now under the MIT 2 licensebull libcurl Copyright (c) 1996 - 2015 Daniel Stenbergdanielhaxxsebull lshow used under the GPL licensebull MIT (X11) Copyright copy 2007-2015bull RIAK Creative Commons (httpcreativecommonsorg licensesby30)bull Goldrush Copyright copy 2012 Magnus Klaarbull Meld Under ZPL licensebull NSIS (Nullsoft Scriptable Install System) copy 1999-2013bull OpenSSL License Copyright (c) 1998-2016 The OpenSSL Project and Original SSLeay License
Copyright (c) 1995-1998 Eric Youngbull Protobuf Copyright 2008 Google Inc now under the BSD 3 licensebull Setup Tools (setuptools-06c11) Under ZPL licensebull Sodium crypto library (libsodium) ISC license Copyright (c) 2013-2015 Frank Denisbull Solr the Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull TCL Copyright copy Regents of the University of California Sun Microsystems Inc Scriptics
Corporation and other partiesbull The Apache Lucene project Copyright copy 2010 The Apache Software Foundationbull The Apache Tika project Copyright copy The Apache Software Foundationbull VirtualBox Copyright copy 2007 Oracle Corp as part of the GNU GPL V2 Licensebull YAWS Copyright copy 2006 Claes Wikstrom now under the BSD licensebull Apache zookeeper Under the Apache 2 license
Index | 35
Index
bdl license file 18
img 12
MD5 12
zip 12
A
access directories 24Active Directory 26add
resources 19servers 19
Admin 17administrator 17AMS 12 14 15 16Aureum IP address 11Aureum Manager 6 12 14Aureum name 18Aureum overview 5average file size 18
B
beacon turning on or off 19BIOS 15bonding network interface 19bootable USB 12 14browser 15button color 17
C
capacity 10 19CentOS 10checksum 12client registration 22clients 22configuration 11configure email 21connect 22contact 31create
export 23share 27
create Aureum 15create storage class 20
D
dedicated capacity 20dedicated nodes 5default storage class 20directory access 24discover resources 12 14 19discovery state Aureum nodes 12 14disk space required 10DNS server 11DNS servers 18documentation 31domain-authenticated user
domain 27
domain-authentication 22domain suffix 11download images 14
E
editsecurity level 22
emailer settings 21Ethernet
interface 10switch 10
exportCIFS 23create an export 23
F
files needed 12 14firewall 12flexible capacity 20flock 29FUSE 10
G
gateway 11 18
H
hardware requirements 10how to reach Peaxy 31
I
image copier 12 14import a license 18initial configuration 18inode retention 29install
client 24Linux client 24
introduction 5iptables 16
J
javarequired version 12 14
javaw 14
K
Kerberos 22 22 23
L
legal 33levels of security 23license files 18licenses 18
Index | 36
Linux client install 24localhost 15location 18
M
maintenance agreement 18management IP 15mapping 22mount Aureum 24 27mounting 22 22
N
namespace 18Navigation menu
configuration 11security 22
netBIOS 22NIC 19NTP server 11 18
O
outgoing email 21overview
architecture 6Aureum building blocks 6components 6
P
password 17password limitations 17ports 12POSIX compliance 29primary domain 18primary domain suffix 11
R
RAM requirements 10realms 22reboot 12 14recommended configuration 10Red Hat Enterprise Linux 10replication factor 11 18 20resources
needed 10run setup 16
S
samsp 12 14 16security 22 23security levels
security 22 23select the license 18SElinux 16sestatus 16set performance levels 20settings 11setup 16share
CIFS 27
create a share 27Share 26SMTP 17 21software files 14space needed 10storage class creating default 20subnet mask 11Support hours 31
T
tar ball 24time server 18time zone 11 18
U
USB 15USB stick 10 12 14user account 17
V
virtualization 6 15
W
what youll need 11Windows
domain 26join a domain 26share 27
Windows client 10
Y
yum 24
Index | 35
Index
bdl license file 18
img 12
MD5 12
zip 12
A
access directories 24Active Directory 26add
resources 19servers 19
Admin 17administrator 17AMS 12 14 15 16Aureum IP address 11Aureum Manager 6 12 14Aureum name 18Aureum overview 5average file size 18
B
beacon turning on or off 19BIOS 15bonding network interface 19bootable USB 12 14browser 15button color 17
C
capacity 10 19CentOS 10checksum 12client registration 22clients 22configuration 11configure email 21connect 22contact 31create
export 23share 27
create Aureum 15create storage class 20
D
dedicated capacity 20dedicated nodes 5default storage class 20directory access 24discover resources 12 14 19discovery state Aureum nodes 12 14disk space required 10DNS server 11DNS servers 18documentation 31domain-authenticated user
domain 27
domain-authentication 22domain suffix 11download images 14
E
editsecurity level 22
emailer settings 21Ethernet
interface 10switch 10
exportCIFS 23create an export 23
F
files needed 12 14firewall 12flexible capacity 20flock 29FUSE 10
G
gateway 11 18
H
hardware requirements 10how to reach Peaxy 31
I
image copier 12 14import a license 18initial configuration 18inode retention 29install
client 24Linux client 24
introduction 5iptables 16
J
javarequired version 12 14
javaw 14
K
Kerberos 22 22 23
L
legal 33levels of security 23license files 18licenses 18
Index | 36
Linux client install 24localhost 15location 18
M
maintenance agreement 18management IP 15mapping 22mount Aureum 24 27mounting 22 22
N
namespace 18Navigation menu
configuration 11security 22
netBIOS 22NIC 19NTP server 11 18
O
outgoing email 21overview
architecture 6Aureum building blocks 6components 6
P
password 17password limitations 17ports 12POSIX compliance 29primary domain 18primary domain suffix 11
R
RAM requirements 10realms 22reboot 12 14recommended configuration 10Red Hat Enterprise Linux 10replication factor 11 18 20resources
needed 10run setup 16
S
samsp 12 14 16security 22 23security levels
security 22 23select the license 18SElinux 16sestatus 16set performance levels 20settings 11setup 16share
CIFS 27
create a share 27Share 26SMTP 17 21software files 14space needed 10storage class creating default 20subnet mask 11Support hours 31
T
tar ball 24time server 18time zone 11 18
U
USB 15USB stick 10 12 14user account 17
V
virtualization 6 15
W
what youll need 11Windows
domain 26join a domain 26share 27
Windows client 10
Y
yum 24
Index | 36
Linux client install 24localhost 15location 18
M
maintenance agreement 18management IP 15mapping 22mount Aureum 24 27mounting 22 22
N
namespace 18Navigation menu
configuration 11security 22
netBIOS 22NIC 19NTP server 11 18
O
outgoing email 21overview
architecture 6Aureum building blocks 6components 6
P
password 17password limitations 17ports 12POSIX compliance 29primary domain 18primary domain suffix 11
R
RAM requirements 10realms 22reboot 12 14recommended configuration 10Red Hat Enterprise Linux 10replication factor 11 18 20resources
needed 10run setup 16
S
samsp 12 14 16security 22 23security levels
security 22 23select the license 18SElinux 16sestatus 16set performance levels 20settings 11setup 16share
CIFS 27
create a share 27Share 26SMTP 17 21software files 14space needed 10storage class creating default 20subnet mask 11Support hours 31
T
tar ball 24time server 18time zone 11 18
U
USB 15USB stick 10 12 14user account 17
V
virtualization 6 15
W
what youll need 11Windows
domain 26join a domain 26share 27
Windows client 10
Y
yum 24