-
Copyright 2006 EMC Corporation. Do not Copy - All Rights
Reserved.
Celerra Feature and Functions - 1
2006 EMC Corporation. All rights reserved.
Celerra Features and FunctionsCelerra Features and Functions
Welcome to Celerra Feature and Functions.
The AUDIO portion of this course is supplemental to the material
and is not a replacement for the student notes accompanying this
course.
EMC recommends downloading the Student Resource Guide from the
Supporting Materials tab, and reading the notes in their
entirety.
These materials may not be copied without EMC's written
consent.
EMC believes the information in this publication is accurate as
of its publication date. The information is subject to change
without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED AS IS. EMC
CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH
RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY
DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A
PARTICULAR PURPOSE.
Use, copying, and distribution of any EMC software described in
this publication requires an applicable software license.
EMC2, EMC, Symmetrix, Celerra, and CLARiiON are registered
trademarks of EMC Corporation, and Celerra Replicator,
ControlCenter, HighRoad, OnCourse, SnapSure, SRDF, and TimeFinder
are trademarks of EMC Corporation.
All other trademarks used herein are the property of their
respective owners.
-
Copyright 2006 EMC Corporation. Do not Copy - All Rights
Reserved.
Celerra Feature and Functions - 2
2006 EMC Corporation. All rights reserved. Celerra Feature and
Functions - 2
Celerra Features and Functions
Upon completion of this course, you should be able to:
y Define how Celerra provides network compatibilityy Describe
how Celerra offers high availability y Identify the features of
Celerra which provide data
replication and recovery
y Describe Celerra's security featuresy Explain the different
management options available to
Celerra
The objectives for this course are shown here. Please take a
moment to read them.
-
Copyright 2006 EMC Corporation. Do not Copy - All Rights
Reserved.
Celerra Feature and Functions - 3
2006 EMC Corporation. All rights reserved. Celerra Feature and
Functions - 3
Network Compatibility
y Explain the network types used by Celerray Explain the network
protocols used by Celerray Define VLANs in a Celerra
environment
This lesson will provide you with an understanding of EMC
Celerra network infrastructure compatibility. Please take a moment
to read the objectives.
-
Copyright 2006 EMC Corporation. Do not Copy - All Rights
Reserved.
Celerra Feature and Functions - 4
2006 EMC Corporation. All rights reserved. Celerra Feature and
Functions - 4
Ethernet
Celerra supports standard Ethernet networks for client access to
Data Movers and management access to the Control Station.
Celerra supports Ethernet networks that run at 10, 100, or 1000
megabyte speed and can use either copper or optical media
connections. Multiple network interface ports and/or cards are
provided for redundancy. The number of possible network connections
and types will vary depending on the specific configuration and
model.
-
Copyright 2006 EMC Corporation. Do not Copy - All Rights
Reserved.
Celerra Feature and Functions - 5
2006 EMC Corporation. All rights reserved. Celerra Feature and
Functions - 5
NFS
UNIX/Linux Client....
.....
UNIX/Linux Client
UNIX/Linux Client
Corporate Data
Corporate Data
The Network File System (NFS) protocol is typically used by UNIX
computers. The Celerra supports Versions 2, 3, and 4 of NFS, both
over TCP and UDP. The Celerra also supports the Network Information
Service (NIS), which maintains consistent user and group
information across multiple servers, and sometimes provides name
services.
-
Copyright 2006 EMC Corporation. Do not Copy - All Rights
Reserved.
Celerra Feature and Functions - 6
2006 EMC Corporation. All rights reserved. Celerra Feature and
Functions - 6
Celerra Network Protocol Support
WindowsMail Server
iSCSI
WindowsFile Server
CIFS
UNIX FTP
Server
UNIX File Server
NFS
UNIX Database
Application
WindowsManagement
StationSNMP
Tape Backup
UNIX
NDMP
The Celerra supports many industry standard networking protocols
which allows it to easily integrate into existing corporate TCP/IP
networks. File transfers are supported with FTP (File Transfer
Protocol). NDMP (Network Data Management Protocol) backup protocols
are also supported on the Celerra, as well as SNMP (Simple Network
Management Protocol) for network monitoring.
-
Copyright 2006 EMC Corporation. Do not Copy - All Rights
Reserved.
Celerra Feature and Functions - 7
2006 EMC Corporation. All rights reserved. Celerra Feature and
Functions - 7
CIFS
Windows
Windows
Windows Corporate Data
Corporate Data
Celerra
The Common Internet File System (CIFS) protocol enables
Microsoft Windows clients to map shared file systems on the Celerra
as network drives. Each Data Mover can be configured as one or more
virtual CIFS server. Each virtual CIFS server can have its own
shares and can belong to a different Windows domain.
-
Copyright 2006 EMC Corporation. Do not Copy - All Rights
Reserved.
Celerra Feature and Functions - 8
2006 EMC Corporation. All rights reserved. Celerra Feature and
Functions - 8
File Access Protocols
The file access protocols supported include NFS, CIFS, and
Multipath File Sharing Protocol (MPFS). Although these protocols
share the common goal of enabling a client computer to read and
write files over the network, the details of the protocols vary
widely.
These differences are especially important when configuring a
single file system to be accessible by more than one protocol. The
Celerra enables the transparent sharing of files over the network
to the same files by UNIX (NFS) and Windows (CIFS) clients.
-
Copyright 2006 EMC Corporation. Do not Copy - All Rights
Reserved.
Celerra Feature and Functions - 9
2006 EMC Corporation. All rights reserved. Celerra Feature and
Functions - 9
HighRoad
B l a n k
HighroadClient
Celerra
Storage System
The name of the software solution that supports the MPFS
protocol is HighRoad. HighRoad combines the best features of NAS
and SAN to provide high-speed access to large amounts of data.
In its normal configuration, the client makes a request for a
file, and the Celerra gets the blocks that make up a file from the
storage system and sends the file to a client over the network. In
a HighRoad configuration, the Celerra sends the HighRoad client the
list of blocks that make up a file (metadata), and the HighRoad
client gets those blocks directly from the storage system.
Because the HighRoad client connects to the storage using a
fibre channel SAN connection, the data transfer can be much faster.
The only data that travels over the IP network between the HighRoad
client and the Celerra Data Mover is a small amount of metadata
that describes the file to the client. HighRoad is most beneficial
to applications moving very large files.
-
Copyright 2006 EMC Corporation. Do not Copy - All Rights
Reserved.
Celerra Feature and Functions - 10
2006 EMC Corporation. All rights reserved. Celerra Feature and
Functions - 10
iSCSI
Microsoft Initiatoron the client
iSCSI Target Data Mover
iSCSI (Internet Small Computer Systems Interface) is a transport
protocol for sending SCSI packets over TCP/IP networks. iSCSI
initiators and iSCSI targets are the key components in iSCSI
architecture. Initiators and targets are software (or hardware)
devices that package and transfer SCSI information over an IP
network. An iSCSI initiator encapsulates SCSI commands, data, and
status information in iSCSI packets and sends the packets over an
IP Network to an iSCSI target residing on a storage device.
The initiator resides on the client system and issues commands
to the target, which resides on a storage device. It is the active
component in iSCSI communications and initiates communication with
the target. In almost all cases, the target merely responds to
requests from the initiator and does not institute independent
action.
The target can either be a software device, such as a Celerra
iSCSI target, or a hardware component on an iSCSI HBA. A target is
identified by a unique iSCSI name, either in iSCSI Qualified Name
(IQN) or Extended Unique Identifier (EUI) format. The Data Mover is
the target on the Celerra
iSCSI looks like a local disk to a windows machine. It will give
a Windows admin a SAN like environment, without going through a
switch.
-
Copyright 2006 EMC Corporation. Do not Copy - All Rights
Reserved.
Celerra Feature and Functions - 11
2006 EMC Corporation. All rights reserved. Celerra Feature and
Functions - 11
VLANs
VLAN 3
VLAN 1
VLAN 2
VLANs are logical networks that function independently of the
physical network configuration. A VLAN allows a group of devices to
physically reside on different network segments while communicating
as if they resided on the same network segment.
For example, VLANs enable you to put all of a departments
computers on the same logical subnet, which can increase security
and reduce network broadcast traffic.
-
Copyright 2006 EMC Corporation. Do not Copy - All Rights
Reserved.
Celerra Feature and Functions - 12
2006 EMC Corporation. All rights reserved. Celerra Feature and
Functions - 12
VLAN Tags
VLANs require switches that support the VLAN protocol, IEEE
802.1q. The switches add tags to network packets that identify the
VLAN to which the packets belong. Depending on the capabilities of
the device connected to the switch, the switch either sends the
VLAN tags to the device or removes them.
VLANs are especially useful when configuring standby Data
Movers. Because different Data Movers often service different
VLANs, the standby would need to be connected to all subnets it
might need to serve. Using VLANs, the production and standby Data
Movers can all be physically connected to the same few switches,
and then use VLAN tagging to connect to the appropriate individual
VLANs they serve.
-
Copyright 2006 EMC Corporation. Do not Copy - All Rights
Reserved.
Celerra Feature and Functions - 13
2006 EMC Corporation. All rights reserved. Celerra Feature and
Functions - 13
y Identify and articulate some of the methodologies used by the
Celerra family to provide high availability and data integrity
Celerra High Availability Options
The objectives for this lesson are shown here. Please take a
moment to review them.
-
Copyright 2006 EMC Corporation. Do not Copy - All Rights
Reserved.
Celerra Feature and Functions - 14
2006 EMC Corporation. All rights reserved. Celerra Feature and
Functions - 14
Media Protection and Hardware Redundancy
y Celerra media protection: Ensures uninterrupted access to data
Is transparent to the base operations of the Celerra
y Media protection methodologies include: Parity based RAID
technology to protect data storage volumes Policy configuration
redundant hardware components Data Mover
failover policies Redundant hardware system configurationDual
internal communication paths between the Control Station(s) and
Data Mover(s)Multiple paths to back-end storage
Media protection and hardware redundancy play a key role in
ensuring high Celerra availability. A media protection solution
safeguards against the loss of data in the event of a disk failure.
Hardware redundancy protects against the failure of specific
components by providing a second one.
Depending on the particular Celerra model, data resides on
either a Symmetrix or CLARiiON back-end storage. On these
platforms, media protection options ensure uninterrupted access to
data in the event of disk failure. These media protection options
are transparent to the Celerra.
Both the Symmetrix and CLARiiON offer mirroring and parity based
RAID technology to protect data at the drive level. A mirroring
solution writes I/O to two disks to protect against a failure of
one of them. A parity solution typically uses a set of disks where
data is striped across, and a parity calculation stored. The parity
data is used to rebuild data in case of failure.
The Celerra uses redundant hardware components throughout the
system to achieve high availability. All Celerra critical
components have backup or standby components. Data Movers are
configured with redundant connections to back-end storage for data
access redundancy.
The Control Station communicates to the Data Mover via an
internal LAN on some Celerra models. A redundant LAN is provided.
In addition, redundant Network Interface Cards are included on each
Data Mover for multiple external network interfaces.
-
Copyright 2006 EMC Corporation. Do not Copy - All Rights
Reserved.
Celerra Feature and Functions - 15
2006 EMC Corporation. All rights reserved. Celerra Feature and
Functions - 15
y Group of physical ports that act as a single logical link y
Uses one IP addressy Ethernet switch should support the
FastEtherChannel of CISCO
Network High Availability Features -FastEtherChannel
The Celerra also provides network high availability solutions.
Three methods are available: CISCO FastEtherChannel, support for
Link Aggregation Control Protocol, and FailSafeNetworks (FSN).
A FastEtherChannel consists of a group of physical ports that
act as a single logical link with one IP address. EtherChannels
provide fault tolerance for individual ports. FastEtherChannel, on
a Data Mover, works with Ethernet switches that support the
FastEtherChannel paradigm developed by Cisco Systems.
Although FastEtherChannels provide more overall bandwidth than a
single port, the connection to any single client consists of only
one physical port. The client bandwidth is therefore restricted to
the bandwidth of any one individual port. An increase in bandwidth
for a single client would require multiple network interface cards
with incrementally differentiated MAC addresses, and an Application
that could take advantage of those multiple interfaces by
multiplexing network communication across them.
In this solution, the switch is responsible for the packet
distribution across the ports that make up the channel. If the
connection to one port fails, the switch automatically directs
traffic to one of the remaining ports. When the connection is
restored, the switch automatically resumes usage of the port as
part of the channel.
-
Copyright 2006 EMC Corporation. Do not Copy - All Rights
Reserved.
Celerra Feature and Functions - 16
2006 EMC Corporation. All rights reserved. Celerra Feature and
Functions - 16
Link Aggregation Control Protocol (LACP)y Link Aggregation
Combining links for improved availability If one port fails,
other ports take over
Industry standard IEEE 802.3ad Combines 212 Ethernet ports
into a single virtual link Automatic configuration Deterministic
behavior Statistical load balancing on IP
address, TCP port number or MAC address
Does not increase single client throughput
LINK
Switch
Celerra
A Link Aggregation resembles a FastEtherChannel, but it uses the
Link Aggregation Control Protocol (LACP), part of the IEEE 802.3ad
standard. Unlike FastEtherChannel, Link Aggregation can use any
number of ports between 2 and 12. The choice of FastEtherChannel or
Link Aggregation will be determined by support of either standard
by the network infrastructure. Not all network hardware supports
the CISCO standards.
-
Copyright 2006 EMC Corporation. Do not Copy - All Rights
Reserved.
Celerra Feature and Functions - 17
2006 EMC Corporation. All rights reserved. Celerra Feature and
Functions - 17
Network High Availability Features FailSafeNetwork (FSN)
Device
y Maintain full bandwidth when failed overy Dont require any
special switch configurationy Only one connection in an FSN is
active at a time
Unlike EtherChannel and Link Aggregation, FailSafe Networks can
maintain full bandwidth when failed over, assuming like bandwidth
on both the active and passive configurations. FailSafe Networks do
not require any special switch configuration.
FailSafe Networks (FSN) are configured as sets of ports,
FastEtherChannels, Link Aggregations, or combinations of all.
Only one connection in an FSN is active at a time. If the
FailSafe device detects that the active connection has failed, the
Data Mover automatically switches to the surviving partner in the
FSN, with the same identity of the failed connections. However, in
the Celerra implementation, it is not recommended that the FSN be
configured with an Active and Passive relationship, but that the
links are just grouped together in the FSN. One of them will be the
passive, dependant upon order of configuration, but when automatic
failover occurs in the event of a failure, and when it is restored,
automatic failback does NOT occur. This recommended configuration
will prevent a flip flop effect if intermittent network failures
occur.
There is no requirement that the connections that make up an FSN
be the same, or that the connections be made to the same network
switch. For example, an FSN could have one connection that is a
single Gigabit Ethernet port and another connection that is a
FastEtherChannel made up of four 100 megabit Ethernet ports. This
having been said, care must be taken to ensure that environmental
expectations are set correctly. It must be understood that a single
Gigabit link might not be able to support client performance and
response times as the FastEtherChannel link.
-
Copyright 2006 EMC Corporation. Do not Copy - All Rights
Reserved.
Celerra Feature and Functions - 18
2006 EMC Corporation. All rights reserved. Celerra Feature and
Functions - 18
Data Mover Failover How Does it Work?
y Standby component takes over for a failed primary componenty
Some Celerra models operate with a single Data Mover or Control
station, making failover impossible
y Control station is responsible for Data mover monitoring
Another method of achieving high availability on the Celerra is
Data Mover failover. Failover occurs when a standby component takes
over for a failed primary component. Data Movers and Control
Stations have failover capability on some Celerra models.Some
Celerra models operate with a single Data Mover or Control Station,
making failover impossible.How does a Data Mover failover work?
Through constant Data Mover monitoring by the Control Station. This
is a policy driven solution and the automatic failover setting of
the policy works in the following fashion:y The Control Station
detects a Data Mover problemy The failing Data Mover is taken
offline, andy The pre-defined standby Data Mover assumes the
network identity of the failed Data Mover,
including the MAC and IP addresses This process takes seconds to
minutes to complete. The standby Data Mover continues serving files
to the failed Data Mover's NFS and CIFS clients. Once the failed
Data Mover is replaced, it will resume its role as the active Data
Mover with administrator managed failback, and the standby Data
Mover will resume its standby role.A single Celerra Data Mover can
be configured to act as a standby for several Data Movers. There
can also be many standby Data Movers in a single Celerra cabinet,
each backing up their own group of Data Movers. The number of
standbys configured depends on how critical the application is and
how much risk can be tolerated.The secondary Control Station is not
a hot spare, but is online and active with the primary Control
Station. If configured, when the primary Control Station fails, the
secondary Control Station will resume all Control Station
operations.
-
Copyright 2006 EMC Corporation. Do not Copy - All Rights
Reserved.
Celerra Feature and Functions - 19
2006 EMC Corporation. All rights reserved. Celerra Feature and
Functions - 19
Scalability
y As the environment changes the Celerra can grow to accommodate
change: Expand Network Storage Increase performance No loss of
service during upgrades on some models Upgradeable Increase client
access File system realignment
A scalable Celerra solution allows for seamless and economic
growth to accommodate changing network storage, performance, and
connectivity needs, with no loss of service to clients. Each member
of the Celerra family offers different configuration and
scalability options.
Celerra models allow for non-disruptive modular Data Mover
upgrades to provide for near linear performance increases and
additional network connectivity within the same footprint.
For example, with Data Mover scalability, the initial Celerra
can be configured with four Data Movers and 16 Network Interface
cards, and later be upgraded with two additional Data Movers to
provide additional processing capability, and to serve more network
clients.
With storage scalability, since the Celerra architecture
separates the front-end from the back-end, there is the flexibility
to consume storage as needed. As the data capacity needs increase,
additional storage can be added to the Symmetrix or CLARiiON
back-end on some Celerra models. This leads to improved disk
utilization.
Additional scalability and flexibility is offered when managing
Celerra file systems. The Celerra has the ability to expand file
systems online. In addition, since all Data Movers can "see" the
entire file space, file systems can be realigned to balance the
load.
-
Copyright 2006 EMC Corporation. Do not Copy - All Rights
Reserved.
Celerra Feature and Functions - 20
2006 EMC Corporation. All rights reserved. Celerra Feature and
Functions - 20
Celerra Data Replication and Recovery Options
y Identify and articulate some of the methodologies used by the
Celerra family to provide data replication and recovery
The objectives for this lesson are shown here. Please take a
moment to review them.
-
Copyright 2006 EMC Corporation. Do not Copy - All Rights
Reserved.
Celerra Feature and Functions - 21
2006 EMC Corporation. All rights reserved. Celerra Feature and
Functions - 21
SnapSure and SnapSure Checkpoints
Production FileSystem
CheckpointFile System SavVol
Client Write toProduction File SystemCelerra
SnapSure enables the creation of a file system point-in-time
view with minimal interruption to the file system being copied.
These point-in-time views, called checkpoints, are not complete
copies of the file system. Instead, the checkpoint contains only
the original data for blocks that have changed since the checkpoint
was created. A checkpoint can use considerably less storage than a
complete copy.
-
Copyright 2006 EMC Corporation. Do not Copy - All Rights
Reserved.
Celerra Feature and Functions - 22
2006 EMC Corporation. All rights reserved. Celerra Feature and
Functions - 22
SnapSure Checkpoints and SavVols
Each production file system can have many checkpoints, each
representing the exact state of the file system at a different
time. The data for all checkpoints of a file system is stored in a
single volume called the SavVol. The SavVol can be configured to
automatically expand if it runs out of space.
A checkpoint can be shared or exported. Checkpoints are always
read-only. Users can recover accidentally deleted or corrupted
files by copying them from the checkpoint back to the production
file system. Checkpoints are also useful for testing applications
and for making tape backups of file systems.
-
Copyright 2006 EMC Corporation. Do not Copy - All Rights
Reserved.
Celerra Feature and Functions - 23
2006 EMC Corporation. All rights reserved. Celerra Feature and
Functions - 23
TimeFinder/FS
Another method of data replication provided by the Celerra is
TimeFinder/FS. Like SnapSure, TimeFinder/FS enables you to create a
point-in-time view of a file system.
Different than SnapSure, TimeFinder/FS creates a mirror image of
the file system and is therefore equal in size to the original. If
TimeFinder/FS is dynamically mirroring the original file system,
the copy cannot be exported or shared without first stopping the
mirroring.
If not dynamically mirroring the file system, the copy is
independent of the original file system, and can be exported and
shared read / write on another Data Mover in the Celerra.
A TimeFinder/FS copy can be used for backing up a consistent
image to tape while the original file system continues to
change.This is of great value when the backup window is small, or
non-existent.
TimeFinder/FS can also be used to restore a deleted or corrupted
file, or file system. Lastly, the copy can be used for testing new
applications with real data before putting the applications into
production.
-
Copyright 2006 EMC Corporation. Do not Copy - All Rights
Reserved.
Celerra Feature and Functions - 24
2006 EMC Corporation. All rights reserved. Celerra Feature and
Functions - 24
Replication - Local
SavVol
Another method of data replication available is Celerra
Replicator. The Celerra Replicator option produces a read-only copy
of a production file system.
Local replication produces a read-only copy of the production
file system using a shared SavVol for use by two Data Movers in the
same cabinet. The primary Data Mover processes the reads and writes
from the network clients and the secondary Data Mover exports the
read-only copy of the file system for backup and application
testing.
This copy can be used by a Data Mover in the same cabinet or a
Data Mover at a remote site. Because the copy is only periodically
synchronized to the source file system, Celerra Replicator is not a
disaster recovery solution. This is a DART based feature and will
work with any Celerra model.
-
Copyright 2006 EMC Corporation. Do not Copy - All Rights
Reserved.
Celerra Feature and Functions - 25
2006 EMC Corporation. All rights reserved. Celerra Feature and
Functions - 25
Replication - Remote
Remote replication creates a read-only copy of the production
file system at the remote site. This is done by transferring
changes made to a file system from a local site to a file system at
a remote site over an IP network. Automatic or manual data transfer
can be configured using commands entered at the Control
Station.
Celerra Replicator can be used to distribute content to remote
sites for Web serving, distance learning, and similar uses. It can
also be used for backup and application testing.
Replication is done over an IP network, without distance
limitations. In planning replication, the network implications need
to be understood at the primary site in order to correctly size the
network connection between the primary and secondary sites. In
addition, bandwidth, transfer rate, and affect on network are
considered.
-
Copyright 2006 EMC Corporation. Do not Copy - All Rights
Reserved.
Celerra Feature and Functions - 26
2006 EMC Corporation. All rights reserved. Celerra Feature and
Functions - 26
OnCourse
Another method of replicating data from the Celerra to remote
servers is available with OnCourse software. OnCourse is a data
movement product that enables secure, automated distribution of
data between Celerra and other systems across IP networks.
The OnCourse data transfer system consists of the Transfer
Manager, and a collection of Transfer Agents. The Transfer Manager
coordinates and logs the data transfer activities carried out by
the distributed Transfer Agents. The Transfer Agents are installed
on remote computer systems and are responsible for the actual
transfer of data.
With OnCourse, data can be replicated between two or more
systems, aggregated from many systems to a central node, or
distributed to many nodes from a central system. Data can be pushed
or pulled among these systems.
-
Copyright 2006 EMC Corporation. Do not Copy - All Rights
Reserved.
Celerra Feature and Functions - 27
2006 EMC Corporation. All rights reserved. Celerra Feature and
Functions - 27
SRDF Disaster Solution
Campus distance 60 km (network distance)
SRDF ensures that the file systems on a Data Mover remain
available to users on the network even if the Celerra at the
primary site is unavailable. SRDF provides a mirror copy of
data.
Both synchronous and asynchronous SRDF are available.
Synchronous SRDF may be chosen for mission critical applications
with a zero fault tolerance. Asynchronous SRDF may be chosen in
cases where a minimal loss of data is acceptable.
-
Copyright 2006 EMC Corporation. Do not Copy - All Rights
Reserved.
Celerra Feature and Functions - 28
2006 EMC Corporation. All rights reserved. Celerra Feature and
Functions - 28
SRDF Failover
If a disaster were to occur at the local site, a failover would
be manually activated. The SRDF standby Data Movers would assume
the network addresses of the Data Movers at the disaster site.
Clients would then resume service. The entire disaster site would
failover to the remote Celerra site.
A more complex configuration uses two production sites, each
acting as the standby for the other. Each Symmetrix is partitioned
into production and backup volumes. Likewise, each Celerra has both
production and SRDF standby Data Movers. If one site fails, the
other site takes over and serves the clients of both sites.
Synchronous SRDF cannot tolerate network delays. Therefore,
careful planning is required to assure that the distance between
the sites is appropriate, and that network latencies are minimized.
For this reason, it is recommended that the two sites be within one
millisecond round trip transit time (usually approximately 60
kilometers) of each other.
-
Copyright 2006 EMC Corporation. Do not Copy - All Rights
Reserved.
Celerra Feature and Functions - 29
2006 EMC Corporation. All rights reserved. Celerra Feature and
Functions - 29
Celerra Backup
Tape Library UnitBackup Server
Celerra Storage
The Celerra not only provides solutions for data replication to
disk, but also provides tape backup solutions. The options
available include network backup and NDMP backup. Each will be
described.
With a network backup configuration, the tape device is attached
to a backup server running software for scheduling, cataloging, and
Tape Library Unit support. Data flows from the storage system to
the Data Mover and then across the network to a backup server with
an attached tape device. This solution is best suited for
medium-capacity backups with no multi-protocol support. Since
significant amounts of data are traversing the network, a dedicated
backup network is commonly used.
-
Copyright 2006 EMC Corporation. Do not Copy - All Rights
Reserved.
Celerra Feature and Functions - 30
2006 EMC Corporation. All rights reserved. Celerra Feature and
Functions - 30
NDMP Backup
Tape Library Unit
The second backup option for the Celerra is NDMP backup. The
NDMP architecture uses a client/server model in which the backup
software is the NDMP client to the NDMP server (Data Mover). Backup
data flows from the storage system to the Data Mover to an attached
tape library backup device, without traversing the network. Only
the backup software's control information travels across the
network, therefore minimizing traffic.
An NDMP three-way backup involves three hosts: the NDMP client,
the Data Mover acting as the NDMP server, and the Data Mover
running the tape service. The NDMP client communicates to the Data
Mover owning the data to be backed up. The Data Mover retrieves the
data from disk and passes it to the Data Mover with the tape
library attached. Both file system and control data travel across
the network.
Celerra can also write data backups to a Virtual Tape Library. A
Virtual Tape Library, or VTLU, is a device you can configure within
the Celerra, typically utilizing a low cost storage are disk
drive.
-
Copyright 2006 EMC Corporation. Do not Copy - All Rights
Reserved.
Celerra Feature and Functions - 31
2006 EMC Corporation. All rights reserved. Celerra Feature and
Functions - 31
Securing User Access to Data
y Identify and articulate some of the methodologies used by the
Celerra family to integrate with existing user access security
environments and maintaining data integrity between them
The objectives for this lesson are shown here. Please take a
moment to review them.
-
Copyright 2006 EMC Corporation. Do not Copy - All Rights
Reserved.
Celerra Feature and Functions - 32
2006 EMC Corporation. All rights reserved. Celerra Feature and
Functions - 32
User Authentication
y Process to determine the level of access of each usery Share
Level allows access to File System without any
password
y User authentication is used both in Unix and Windows
environment
y Celerra provides four authentication options: Share level UNIX
Authentication Windows NT/2000/2003 authentication Authenticate as
a local user
Authentication is the process of determining whether someone is,
in fact, who they are declared to be. In computer networks,
authentication is commonly done through the use of logon passwords.
Celerra provides three user authentication options. They are share
level authentication, UNIX authentication, and NT/2000/2003
authentication.
Configurations with few security requirements use share level
authentication. This option allows access to file systems without
any password. Optionally, with passwords enabled, any CIFS or NFS
user presenting a valid password receives access to the data. This
option is not often used.
User authentication is more commonly used both in UNIX and
Windows environments. In a UNIX environment, the authentication of
NFS users is assumed to be performed by the NFS client machine when
the user logs on, using the local authentication method.
-
Copyright 2006 EMC Corporation. Do not Copy - All Rights
Reserved.
Celerra Feature and Functions - 33
2006 EMC Corporation. All rights reserved. Celerra Feature and
Functions - 33
Windows 2000/2003/NT Authentication
y Uses the native W2K methodology with LDAP and Kerberosy Users
must be mapped to UIDs and GIDsy Windows NT users are authenticated
using the Security Account
Manager
In a Windows 2000/2003/NT environment, user authentication is
accomplished using the native Windows 2000/2003 methodology with
LDAP (Lightweight Data Access Protocol) and Kerberos. The Active
Directory contains all of the domain objects and their attributes.
Kerberos is the security mechanism used. Because the Celerra uses
UNIX - style user IDs and group IDs for user authentication,
Windows 2000/2003/NT users must be mapped to UIDs and GIDs.
In a Windows NT environment, the NT LAN Manager (NTLM)
methodology is used in the same way as with any NT authentication.
Users are authenticated at the Domain Controller using the Security
Account Manager (SAM). In a mixed NT/2000 or NT/2003 environment,
all Windows NT users must be mapped to UNIX-like User IDs and Group
IDs at the Data Mover.
-
Copyright 2006 EMC Corporation. Do not Copy - All Rights
Reserved.
Celerra Feature and Functions - 34
2006 EMC Corporation. All rights reserved. Celerra Feature and
Functions - 34
Access Checking Policy
y Determine which users have permission to access a fileyWindows
environment use ACLs to control object accessy UNIX environment
access classes called owner and
group
y The access mode in a UNIX environment are read, write and
execute
Once the user is authenticated, security at the file or
directory level must also be checked. Access checking policies
determine which users have permission to access a file, and what
action those users can perform against the file.
Access checking policies are different in UNIX and Windows
environments. In a Windows environment, Access Control Lists, or
ACLs, control object access. ACLs list the users and groups that
can access an object, and specify what those users can do with the
object. ACLs are supported on the Celerra.
In a UNIX environment, access classes called owner, group, and
other are used in conjunction with access modes. The access modes
are read, write, and execute. These are also supported on the
Celerra.
Because UNIX and Windows implement access checking differently,
the Celerra defines four access checking policies to accommodate
these differences. The policies provide administrative flexibility
in controlling how objects are accessed in a mixed NFS and CIFS
environment, where both protocols require access to the same
data.
-
Copyright 2006 EMC Corporation. Do not Copy - All Rights
Reserved.
Celerra Feature and Functions - 35
2006 EMC Corporation. All rights reserved. Celerra Feature and
Functions - 35
File Locking
y Provides file integrity when more than one user might access
thesame filey Manage attempts to read, write, or lock a file that
is held by another
usery Different locking mechanism between the Unix and
Windows
Environments
File locking offers another level of security. File locking
provides a mechanism for ensuring file integrity when more than one
user might access the same file. File locks manage attempts to
read, write, or lock a file that is held by another user. The file
locking option selected depends on business requirements and
whether the network environment is CIFS only, or NFS and CIFS.
The locking mechanisms are handled differently in UNIX and
Windows environments. CIFS locks are generally more restrictive
than NFS. For example, no other users can access a locked file with
CIFS. NFS offers cooperative access in that other users can access
a locked file.
-
Copyright 2006 EMC Corporation. Do not Copy - All Rights
Reserved.
Celerra Feature and Functions - 36
2006 EMC Corporation. All rights reserved. Celerra Feature and
Functions - 36
Celerra Lock Policies
Celerra Network Server provides three different locking
policies: nolock, wlock, and rwlock. File locking provides a
mechanism for ensuring file integrity when more than one user tries
to access the same file. File locks manage attempts to read, write,
or lock a file that is in use by another user. These locks on files
behave differently if being accessed by an NFS verses a CIFS
client.
-
Copyright 2006 EMC Corporation. Do not Copy - All Rights
Reserved.
Celerra Feature and Functions - 37
2006 EMC Corporation. All rights reserved. Celerra Feature and
Functions - 37
Data Protection Anti-Virus Solution
y Celerra AntiVirus Agent along with third party antivirus
software both running on separate server
y Virus Checking client agent runs on the Data Movery When virus
is detected the VC client instructs the virus checking server
to perform a configured action
Another form of security is that of protection against viruses.
Because Data Movers run DART, they are not vulnerable to viruses
themselves. However, if a file containing a virus is stored on the
file server, any Windows client that accesses the file is
vulnerable to the virus.
The Celerra solution is CAVA, or Celerra AntiVirus Agent, along
with third party antivirus software, both running on a separate
server. A Virus Checking (VC) client agent runs on the Data
Mover.
How does CAVA work? A network client attempts to write to, or
close, a network file. The VC client on the Data Mover notifies the
CAVA of the names of files that need to be scanned for viruses. For
most files, the CAVA passes the files signature to the antivirus
program, which checks the signature against its virus definitions.
File access is blocked until the file is checked by the third party
virus checking server. If a virus is not detected, access to the
file will be allowed. If a virus is detected, the VC client
instructs the virus checking server to perform certain actions as
specified in the configuration parameters. These actions include
such things as repair the file, rename the file, change the file
extension, move the file, or delete the file.
-
Copyright 2006 EMC Corporation. Do not Copy - All Rights
Reserved.
Celerra Feature and Functions - 38
2006 EMC Corporation. All rights reserved. Celerra Feature and
Functions - 38
Celerra Management Interface Options
y Identify and articulate some of the methodologies used by the
Celerra family to provide a management infrastructure
The objectives for this lesson are shown here. Please take a
moment to review them.
-
Copyright 2006 EMC Corporation. Do not Copy - All Rights
Reserved.
Celerra Feature and Functions - 39
2006 EMC Corporation. All rights reserved. Celerra Feature and
Functions - 39
Command Line Interface
server_mount server_2 o rw fs1 /mnt1server_export server_2 o
annon=0, /mnt1
Celerra
The Celerra Command Line Interface, or CLI, is the original
Celerra management tool and one of the most versatile. Using the
CLI, the administrator can configure file systems, failover,
disaster recovery solutions, virus checking, network interfaces,
network topologies, replications requirements, and mounting and
export file systems.
Most administrative tasks can be completed using the CLI on the
Control Station. Note that the Data Movers do not have a CLI.
Commands are entered at the Control Station which, in turn,
sends the necessary commands to the Data Movers and storage
systems. The administrator can use either local or remote access to
the Control Station.
The Control Station runs an EMC-customized version of Linux. The
standard Linux scripting and scheduling tools can be used with the
Celerra CLI. For those administrators who prefer a Graphical User
Interface, the options will be discussed next.
The command line can be accessed on the Control Station via SSH
interface (i.e. PuTTy) or telnet.
-
Copyright 2006 EMC Corporation. Do not Copy - All Rights
Reserved.
Celerra Feature and Functions - 40
2006 EMC Corporation. All rights reserved. Celerra Feature and
Functions - 40
Celerra Graphical User Interface
The Celerra offers two Graphical User Interface management tools
for administrators who prefer a graphical view rather than a
command line. They are Celerra Manager and Celerra Monitor. Celerra
Monitor is launched from Celerra Manager.
-
Copyright 2006 EMC Corporation. Do not Copy - All Rights
Reserved.
Celerra Feature and Functions - 41
2006 EMC Corporation. All rights reserved. Celerra Feature and
Functions - 41
EMC ControlCenter Support
ControlCenter has device management support for Celerra. The
ControlCenter Celerra Agent runs on Windows and has enhanced
discovery and monitoring capabilities. The user can view properties
information regarding Data Movers, devices, network adapters and
interfaces, mount points, exports, file systems, and volumes from
the ControlCenter Console. Health alerting information can also be
viewed.
-
Copyright 2006 EMC Corporation. Do not Copy - All Rights
Reserved.
Celerra Feature and Functions - 42
2006 EMC Corporation. All rights reserved. Celerra Feature and
Functions - 42
Microsoft Management Console Snap-ins
The Microsoft Management Console (MMC) is an application that
provides a GUI in which consoles can be created, saved, and opened.
It does not provide management, but rather a framework in which
management tools can operate. Consoles are used to manage computer
components, and include such items as wizards, tasks, and snap-ins.
EMC provides Celerra specific snap-ins, which can be used to manage
specific aspects of the Celerra.
An anti-virus snap-in is available to manage the virus-checking
parameters used with Celerra AntiVirus Agent and third-party
antivirus programs. A Home Directory snap-in is also available to
associate a user name with a directory. This feature simplifies the
administration of personal shares and the process of connecting to
them.
The audit policy snap-in can be used to determine which Data
Mover security events are logged in the Security log. The log can
then be viewed with the Windows Event Viewer. The User Rights
assignment snap-in can be used to manage which users and groups
have task privileges to a Data Mover.
Unix User Management allows Windows users who have Unix accounts
to have those user IDs in a local directory.
-
Copyright 2006 EMC Corporation. Do not Copy - All Rights
Reserved.
Celerra Feature and Functions - 43
2006 EMC Corporation. All rights reserved. Celerra Feature and
Functions - 43
Course Summary
y Define how Celerra provides network compatibilityy Describe
how Celerra offers high availability y Define the features of
Celerra which provide Data
Replication and Recovery
y Explain Celerra security featuresy Describe the different
Management options available to
Celerra
These are the key points covered in this training. Please take a
moment to review them.
This concludes the training. Please proceed to the Course
Completion slide to access the Assessment.