Nexsan Unity Network Configuration Guide...ContactingNexsan NexsanHeadquarters 900E HamiltonAve,Suite230 Campbell,CA95008USA Support(US):+1866-463-9726 Support(Worldwide):+1760-690-1111

HYPER-UNIFIED STORAGE

Nexsan UnityNetworkConfigurationGuide

Nexsan 900 E. Campbell, CA 95008 | p. 866.263.9726 | www.nexsan.com

Document release date: 1/19/2018, Rev. B

Firmware Version: Unity 2.0

Copyright © 2010—2018Nexsan, Inc. All rights reserved.

TrademarksNexsan® is a trademarkor registered trademarkof Nexsan, Inc. The Nexsan logo is a registered trademarkof Nexsan, Inc.

All other trademarksand registered trademarksare the property of their respective owners.

PatentsThis product is protected byone or more of the following patents, and other pending patent applicationsworldwide:

United StatespatentsUS8,191,841, US8,120,922;

United Kingdom patentsGB2466535B, GB2467622B, GB2467404B, GB2296798B, GB2297636B

About this documentUnauthorized use, duplication, or modification of this document in whole or in part without the written consent of Nexsan Corporation is strictlyprohibited.Nexsan, Inc. reserves the right to make changes to this manual, as well as the equipment and software described in this manual, at any timewithout notice. This manual may contain links to web sites that were current at the time of publication, but have since been moved or becomeinactive. It may also contain links to sites owned and operated by third parties. Nexsan is not responsible for the content of any such third-partysite.

Contents

Contents iii

Chapter 1: Remote support 9Secure remote support connectivity 10Remote support when Unity has no Internet access 10Automatic collection and transfer of system logs 11

Chapter 2: Network interfaces and required IP addresses 13Understanding IP address requirements 14Configuring themanagement interface (nx99) using the Discovery Wizard 15Configuring themanagement interface (nx99) using the nxadmin CLI 17

Chapter 3: Network connectivity considerations 19Understanding link layers 20Understanding network aggregation 21Troubleshooting network issues 21

Chapter 4: LACP (Link Aggregation Control Protocol) 23Requirements and guidelines for implementing LACP 24Understanding link aggregation 24Enabling LACP using the nxadmin CLI 24Troubleshooting LACP 25

Chapter 5: Jumbo Frames 27Enabling jumbo frames using themenu-driven nxadmin CLI 28Setting or modifying IPMI settings 28Troubleshooting Jumbo Frames 29

Chapter 6: VLANs (Virtual LANs) 31Setting up Unity for multiple VLANs 32

Chapter 7: IP-based restrictions 33Setting IP-based restrictions on a CIFS file system 34Setting IP-based restrictions on an NFS share 36Enabling the no_root_squash property on an NFS share 38

Contents

Chapter 8: User authentication requirements 43User authenticationmodes 44Microsoft Active Directory domain requirements 44

Chapter 9: NFS support requirements 47Using an NFS version 3 (NFSv3) client to access an NFS share with Microsoft Active Directory 48Using an NFS version 4 (NFSv4) client to access an NFS share 48

Appendix A: Network ports 53

Appendix B: Useful CLI commands 57callhome 58

De s c rip tio n 5 8Co n tro lle r 5 8Sy n ta x 5 8Op tio n s 5 8Ex amp le 1 5 9Ex amp le 2 5 9Ex amp le 3 5 9

groupadd 60De s c rip tio n 6 0Co n tro lle r 6 0Sy n ta x 6 0Op tio n s 6 0Ex amp le 6 1

nic 61De s c rip tio n 6 1Co n tro lle r 6 1Sy n ta x 6 1Op tio n s 6 2Ex amp le 1 6 9Ex amp le 2 6 9Ex amp le 3 6 9Ex amp le 4 6 9

nfs 70De s c rip tio n 7 0Co n tro lle r 7 0Sy n ta x 7 0Op tio n s 7 0Ex amp le 7 0

nstusermaps 71De s c rip tio n 7 1Co n tro lle r 7 1Sy n ta x 7 1Op tio n s 7 1Ex amp le 1 7 3Ex amp le 2 7 3Ex amp le 3 7 3Ex amp le 4 7 3

setip 74De s c rip tio n 7 4Co n tro lle r 7 4Sy n ta x 7 4Op tio n s 7 4Ex amp le 7 4

useradd 74De s c rip tio n 7 5Co n tro lle r 7 5Sy n ta x 7 5Op tio n s 7 5Ex amp le 7 5

Terminology 76

Index 103

Contents

Nexsan Unity Network Configuration Guide Unity iv

This guide provides an overview of network configuration best practices and troubleshooting guidelines forUnity.

About this document

AudienceThis guide has been prepared for the following audience:

IT system administrators

Engineers

Technicians

ConventionsHere is a list of text conventions used in this document:

Convention Description

underlinedblue

Cross-references (both internal and to the titles of other documents), hyperlinks, URLs,and email addresses.

boldface Text that refers to labels on the physical unit or interactive items in the graphical userinterface (GUI).

monospace Text that is displayed in the command-line interface (CLI) or text that refers to file ordirectory names.

monospacebold

Text strings that must be entered by the user in the command-line interface or in text fieldsin the graphical user interface (GUI).

italics Systemmessages and non-interactive items in the graphical user interface (GUI)References to Software User Guides

Notes, Tips, Cautions, and WarningsNote Notes contain important information, present alternative procedures, or call attention to certain items.Tip Tips contain handy information for end-users, such as other ways to perform an action.

CAUTION: In hardwaremanuals, cautions alert the user to items or situations whichmay causedamage to the unit or result in mild injury to the user, or both. In softwaremanuals, cautions alert theuser to situations whichmay cause data corruption or data loss.

WARNING: Warnings alert the user to items or situations which may result in severe injuryor death to the user.

Nexsan Unity Network Configuration Guide Unity vi

About this document

Contacting NexsanNexsan Headquarters

900 E Hamilton Ave, Suite 230

Campbell, CA 95008 USA

Support (US): +1 866-463-9726

Support (Worldwide): +1 760-690-1111

E-mail: [email protected]

Nexsan Canada

1405 TransCanada Highway, Suite 300

Dorval, QC Canada H9P2V9

Support (Canada): +1 866-463-9726

Nexsan Shipping

302 Enterprise Street , Suite A

Escondido, CA 92029 USA

Nexsan UK

Units 33–35, Parker Centre, Mansfield Road

Derby, DE21 4SZ United Kingdom

Support (Europe): +44 (0)1332 291600

Related documentationThe following Nexsan product manuals contain related information:

Nexsan Unity Hardware ReferenceGuide

Nexsan UnityHardwareMaintenanceGuide, Unity Next Generation

Nexsan Unity Software User Guide

Nexsan Unity nxadmin Command-line Interface ReferenceGuide

Nexsan Unity nxcmdCommand-line Interface ReferenceGuide

Nexsan Unity Snapshots and Replication Guide

Nexsan Unity Storage Expansion ReferenceGuide

Nexsan Unity VMware Best Practices Guide

Nexsan Unity NFS Interoperability

Nexsan Unity Networking Best Practices Guide

Nexsan Unity Performance Best Practices Guide

Nexsan Unity Microsoft Best Practices Guide

Safety noticesAlways observe the following precautions to reduce the risk of injury and equipment damage:

Computer components and disk drives are sensitive to static discharge. Take precautions to dischargeany electrostatic charge from your person before and while handling components with your hands or anytools. Use an anti-static wrist-strap.

The system only be installed in a clean, dry environment. The operating temperature is 10º to 35º C (50º to95º F), with operating relative humidity at 20 to 95%, non-condensing.

Do not install hardware in an enclosed cabinet or other small area without ventilation.

Nexsan Unity www.nexsan.com vii

4

mailto:[email protected]

https://www.nexsan.com/

Ensure correct liftingmethods are used when handling hardware. Special care should be taken whenremoving hardware from its packaging and positioning it into its required location. When lifting hardware,two people at either end should lift slowly with their feet spread out to distribute the weight. Always keepyour back straight and lift with your legs.

When installing the system as a rack-mounted component, ensure that all Nexsan-suppliedmountingfixtures are secure. All bolts and screws should be fully tightened. Failure to comply with this may result inthe unit not being fully supported in the rack and could lead to the product falling from the rack causingpersonal injury or falling onto other rack components.

Ensure that the rack is sufficiently stable by having wall anchors and/or stabilizing legs, and that the floorsupporting the rack has sufficient strength for the overall weight loading.

Only a fully-trained Service Engineer is authorized to disassemble any other part of the hardware, and thenonly when the hardware is powered off.

The system has multiple power connections; as a result, youmust remove all power leads to completelyisolate the power and always use the IEC power cords which are supplied with the system.

CAUTION: All Nexsan Unity Storage Systems are hot-pluggable. However, new expansions mustbe powered on AFTER you connect it to the existing system.

Nexsan Unity Network Configuration Guide Unity viii

4

Chapter 1

Chapter 1:Remote support

Your network infrastructure should facilitate remote support of Unity by an Nexsan Support Engineer—in theevent that a problem arises during installation of the system, or for future technical support needs.This section covers the following topics:

Secure remote support connectivity 10Remote support when Unity has no Internet access 10Automatic collection and transfer of system logs 11

Nexsan Unity www.nexsan.com 9


Secure remote support connectivityThe CallHome service includes a secure Remote Support connectivity mechanism that allows NexsanTechnical Support personnel to securely connect to Unity and troubleshoot issues remotely. This function isnot enabled by default; it must be turned on via the nxadmin Command-line Interface (CLI). The remotesession can be controlled via the CLI during the support session (you can start, stop andmonitor the session,as needed).For remote support to function, the Unity must have Internet access to callhome.nexsan.ca, and at leastone of these TCP ports must be open and allowed between the Unity and the network firewall:

20022

80

443

The CallHome service uses Unity’s primary network interface’s gateway IP address to access the Internet.For further details, see callhome on page 58.

Remote support when Unity has no Internet accessWhen a remote connection to Unity is needed to resolve a support issue, Nexsan Support typically usesCiscoWebEx to establish remote connectivity to your network infrastructure. To allow for remote support,your network should have aMicrosoft Windows (or an Apple) client system that can runWebEx sessions.The client must also support SSH connectivity to Unity.In addition to SSH, Unity supports IPMI (Intelligent Platform Management Interface) connectivity over LAN.Unity’s IPMI interface is provided as a web-based utility that you can access from any standard web browser.The IPMI interface allows you to perform administrative tasks to remotely manage Unity in the event that youare unable to connect to the system using a conventional method—for example, Nexsan Unity™ or SSH.Administrative tasks that you can perform through the IPMI interface include:

configuring network settings for the Unity;

viewing hardware-related error conditions;

launching a remote console session to the Unity;

and performing other maintenance tasks.

The IPMI interface requires 2 IP addresses—one for each controller node; these IP addresses MUST alwaysbe configured as an alternatemeans of remote connectivity to Unity.

Secure remote support connectivity

Nexsan Unity Network Configuration Guide Unity 10

1

Automatic collection and transfer of system logsUnity provides ways to collect and send systems logs with:

autolog

sendlog

The autolog/sendlogmechanism allows Unity to automatically collect and securely transfer system logs toNexsan Technical Support personnel, on a regular or scheduled basis; this allows the Support team to identifyany potential problems that could impact the system. The autolog/sendlogmechanismmust be enabled viathe nxadmin Command-line Interface (CLI) using the callhome command.Unity must have Internet access to callhome.nexsan.ca for the autolog/sendlogmechanism to work, andat least one of these TCP ports must be open and allowed between Unity and the network firewall:

20022

80

443

Note The CallHome service uses Unity’s primary network interface’s gateway IP address to access theInternet.You set up Unity’s CallHome service via the nxadmin Command-line Interface (CLI). For further details, seecallhome on page 58.

Chapter 1: Remote support


1


Automatic collection and transfer of system logs


Chapter 2

Chapter 2:Network interfaces and required IP addresses

Unity provides these network interfaces:1. Management interface (nx99)

You use themanagement interface tomanage Unity using Nexsan Unity. Unity allows themanagementinterface to be on a different subnet without requiring explicit routing. The dedicatedmanagementinterface only carries management traffic; for example: access to Nexsan Unity, SMTP, SNMP, andSSH. All network traffic related to data access (file systems and iSCSI LUNs) is restricted to the otherinterfaces on the system.

2. Primary data network interface (nx0)You use the primary data network interface to access data on Unity (via file systems and/or iSCSILUNs). On some systems, depending on themodel and configuration of the system, the on-board LAN1port (top-most port) is configured as the primary data network interface.

3. Private0This is the network layer for private communication between the two controller nodes on Unity. YouMUST never delete or modify this entry, nor any of the ports assigned to it; doing so will break thesystem.

By default, all ports on an optionally available GigE or 10GigE network interface cards are aggregated as oneinterface for redundancy. For example, all 4 RJ-45 ports on the optionally available 1GigE Quad-port NetworkPCIe card are aggregated as a single interface; this provides redundancy in the event that data connectivityon one of the ports is interrupted.Note Connecting a 10GigE network interface card to a 100Mbps switch is NOT supported.This section covers the following topics:

Understanding IP address requirements 14Configuring themanagement interface (nx99) using the Discovery Wizard 15Configuring themanagement interface (nx99) using the nxadmin CLI 17



Understanding IP address requirementsIn a typical configuration,Unity requires a total of 8 IP addresses:

3 for themanagement interface (nx99), and

5 for the primary data network interface (nx0).

These 8 IP addresses include a combination of physical and virtual IP addresses. You use virtual IPaddresses for accessing Nexsan Nexsan Unity on themanagement interface (nx99) and for accessing data(file systems and/or LUNS) in Pool Resource Groups on the primary data network interface (nx0). Virtual IPaddresses allow end users and client systems on the network to accessUnity as a single entity.IP addresses are also required for Nexsan E-Series storage. Nexsan E-Series enclosures shipped for usewithUnity are DHCP-enabled. During the Site Setup process, youmust specify static IP addresses for all E-Series storage enclosures.The IPMI interface also requires 2 additional IP addresses: 1 per controller.These tables list the IP addresses required for the network interfaces onUnity, including information aboutwhat each IP address is used for.Table 2-1: Management interface (nx99) IP addresses

Management Interface (nx99) Required IP addresses

Themanagement interface requires 3 IP addresses.

1. Management Virtual IP address You use this IP address tomanageUnity via Nexsan Unity:simply type the IP into your internet browser’s address bar toaccess Nexsan Unity. Themanagement virtual IP is set for thecluster as a single entity; thus, if a controller node fails, thesystem always remains accessible.

2. Controller 1 (physical) IP address Physical IP that youmust set on themanagement interface(nx99) for the first controller node in the Cluster.

3. Controller 2 (physical) IP address Physical IP that youmust set on themanagement interface(nx99) for the second controller node in the Cluster.

Table 2-2: Primary data network interface (nx0) IP addresses

Primary data network interface (nx0) Required IP addresses

The primary data network interface (nx0) is the entry point for accessing data in file systems and LUNs.This is the network interface that client systems on the network use to connect to the system for dataaccess.The primary data network interface requires 5 IP addresses.

1. Intersite Virtual IP address This IP address enables connectivity between 2 or more Unitysfor data replication and inter-site communication. Specifically,when you set up data replication, the system prompts you tospecify the intersite virtual IP ofUnity to replicate data to.This IP address is required even in single-site implementations.

Understanding IP address requirements


2

Primary data network interface (nx0) Required IP addresses

2. Controller 1 (physical) IP address Physical IP that you set on the primary data network interface(nx0) for the first controller node in the Cluster.

3. Controller 2 (physical) IP address Physical IP that you set on the primary data network interface(nx0) for the second controller node in the Cluster.

4. Pool Resource Group 1 Virtual IPaddress

5. Pool Resource Group 2 Virtual IPaddress

When you create a storage pool on the Unity, you assign it toone of the two Pool Resource Groups in the cluster. End usersand client systems on the network use the corresponding PoolResource Group’s virtual IP to access their data in the storagepool. For load balancing, each Pool Resource Group is hostedon one of the two controller nodes in the cluster.If a controller node fails,Unity transitions the Pool ResourceGroup(s) on the failed controller, along with all its underlyingstorage pools, to the surviving controller. Data accessibility isNOT impacted, since end users and client systems cancontinue accessing their data using the corresponding PoolResource Group’s virtual IP.

Configuring themanagement interface (nx99) using the DiscoveryWizardYou use the dedicatedmanagement interface tomanage Unity via Nexsan Nexsan Unity. The dedicatedmanagement interface only carries management traffic; for example: access to Nexsan Unity, SMTP, SNMP,and SSH. All network traffic related to data access (shares and LUNs on Unity) is restricted to the othernetwork interfaces on the system.Unity Discovery Wizard supports all Microsoft Windows platforms.Note To restrict management access to Unity, make sure you put themanagement interface (nx99) on adifferent subnet from the primary data network interface (nx0).

► To configure the management interface using the Discovery Wizard:1. Insert the Unity Discovery Wizard CD/DVD in the CD/DVD drive of aMicrosoft Windows system

installed on the same network (and subnet) as Unity.

2. The Discovery Wizard CD/DVD includes an AutoPlay feature; click Run SystemDiscoveryUI.exe tolaunch the Unity Discovery Wizard.If the AutoPlay feature fails to start:

Open theDiscovery folder on the Discovery Wizard CD/DVD.

Double-click SystemDiscoveryUI.exe.

3. Confirm the installation of a driver for the Discovery Wizard.

Chapter 2: Network interfaces and required IP addresses


2


4. When the Discovery Wizard opens, select theDiscovery tab to start the discovery process. Thisprocess may take several minutes to complete.

Figure 2-1: Unity Discovery Wizard

5. Select an Unity for which you want to configure themanagement interface.

Configuring themanagement interface (nx99) using the Discovery Wizard


2

6. Click theConfigure Network button; a pop-up displays.Figure 2-2: Discovery Wizard: Configure theManagement Interface

Note If you select a Unity that you already configured using the Nexsan Unity Site SetupWizard, theUnity Discovery Wizard prompts you for the Nexsan Unity Administrator (nxadmin) password that youconfigured on the system. For uninitialized systems, the Nexsan Unity Administrator (nxadmin)password is not required.

7. Type the relevant network settings for themanagement interface (nx99).

8. Click OK to apply the settings.

Configuring themanagement interface (nx99) using the nxadmin CLIYou use the dedicatedmanagement interface tomanage Unity via Nexsan Nexsan Unity. The dedicatedmanagement interface only carries management traffic; for example: access to Nexsan Unity, SMTP, SNMP,and SSH. All network traffic related to data access (shares and LUNs on Unity) is restricted to the othernetwork interfaces on the system.Note To restrict management access to Unity, make sure you put themanagement interface (nx99) on adifferent subnet from the primary data network interface (nx0).

► To configure the management interface using the nxadmin CLI:1. Connect to Unity via KVM (console).

2. When connected, type nxadmin to log on.

3. Type the default nxadmin password: PASSWORD (all upper-case).

Chapter 2: Network interfaces and required IP addresses


2


4. Type setip. This displays the Unity IP Configuration utility.Figure 2-3: Configuring themanagement interface (nx99) using the nxadmin CLI

5. Type the network settings in each of the corresponding fields for themanagement interface (nx99); usethe Tab key to navigate between fields.Note You do not need to set the network settings for the primary data network interface (nx0); youconfigure this interface in the Site SetupWizard.

6. When you finish configuring the network settings, tab to the <Validate> option and press Enter.

7. Once the validation process completes, tab to the <OK> option and press Enter.

Configuring themanagement interface (nx99) using the nxadmin CLI


2

Chapter 3

Chapter 3:Network connectivity considerations

This section describes network hardware, cabling, and connectivity considerations. It also providestroubleshooting steps when encountering network issues.This section covers the following topics:

Understanding link layers 20Understanding network aggregation 21Troubleshooting network issues 21



Understanding link layersThe nxadmin Command-line interface (CLI) provides the nic command to view and configure link layer andaggregation information on Unity. The information provided in this section assumes that Unity has themanagement interface (nx99) connected and configured.

► To view link layer information on Unity:1. Access the nxadmin CLI as described in the nxadmin Command-line Interface ReferenceGuide.

2. At the prompt, type:nic show-link

3. Press the Enter key.

This is the typical output of this command on an Unity with themanagement interface (nx99) and a 4-portnetwork interface (add-on) card configured as the primary data network interface (nx0).

Figure 3-1: Viewing link layer information

This list provides detailed information about the entries displayed in the link layer output:private0: This is the network layer for private communication between the two controller nodes on Unity.YouMUST never delete or modify this entry, nor any of the ports assigned to it; doing so will break thesystem.

nx0: This is the primary data network interface; it must always exist.

nx99: This is themanagement interface; it must always exist.

nx#: This identifies secondary data network interfaces (if configured)—typically, nx1, nx2, and so on. YouMUST configure each interface on a separate subnet. Additionally, each interfaceMUST exist on bothcontroller nodes; this is required to use Unity’s network configuration utility (setip) to configure networksettings on the interfaces.

Understanding link layers


3

igb#, ixgbe#: These identify physical ports. The ports are assigned to these interfaces:ixgbe0 and ixgbe1: These ports are assigned to the private0 interface. YouMUST never delete ormodify these ports.

igb0: This is the on-board LAN1 port, located at the bottom of each controller node, closest to thebottom-edge of the controller box. It is assigned to themanagement interface (nx99).

igb1: This is the on-board LAN2 port, located just above the LAN1 port on each controller node; it isunused.

ixgbe2 and ixgbe3: These are the 2 ports on a 2-port, add-on network interface card (NIC)—if installed.The number and designation of these ports differ depending on the type of add-on NIC installed onUnity. If the add-on card has 4 ports, you will also see ixgbe4 and ixgbe5.In a typical configuration, all ports on the add-on NIC are aggregated under nx0 (primary data networkinterface).

Understanding network aggregationUnity supports the organization of network interfaces into link aggregations. A link aggregation consists ofseveral interfaces on a system that are configured together as a single, logical unit. Link aggregation, alsoreferred to as trunking, it is defined in the IEEE 802.3ad Link Aggregation Standard. The IEEE 802.3ad LinkAggregation Standard provides amethod to combine the capacity of multiple full-duplex Ethernet links into asingle logical link. This link aggregation group is then treated as though it were a single link.The example below shows physical adapters that are aggregated:

Figure 3-2: Network aggregation on Unity

► Limitations:All physical ports in the link aggregation groupmust reside on the same logical switch, which in mostscenarios will leave a single point of failure when the physical switch to which both links are connected goesoffline. To counter this, set up each controller on its own switch, so if a switch failure occurs, Unity will failover the resources to the other controller so that traffic flow can continue.

Troubleshooting network issuesHaving a healthy network infrastructure is important to ensure optimal operation of your Unity since typicallyseveral machines will be communicating with Unity over a variety of protocols (AD, NFS, iSCSI, NDMP, andSMTP to name a few). Networking issues canmanifest themselves many ways; some of themore commonsymptoms are inability to connect to an IP, slow connections, and intermittent networking errors.Unity provides several mechanisms tomonitor networking performance. Throughput can bemonitored viaUnity's PerformanceMonitor, or via CLI commands (nic show-link –s). The CLI commands can also

Chapter 3: Network connectivity considerations


3


show per-port granularity to help identify bottlenecks. Every component from the client to Unity should beexamined to determine where the problem lies.

► To verify network status:Verify each controller on Unity can continuously ping its peer controller.

Verify each Unity controller can ping the gateway.

Test that a client can ping each controller and the relevant Virtual IPs.

Check switch configurations; some switches need additional configuration to recognize aggregated links.

Check link speeds with the nic show-phys CLI command.

If the problem is intermittent (dropped packets or lost pings), try removing links from the aggregation.

Network complexity should be reduced as much as possible to try and isolate the faultycomponent/configuration.

► To detect a wrong cabling link between the switches and Unity:For each network port on Unity, ask to the network administrator to bring down the port one by one on theswitch(es).

Verify on both controllers of Unity which port is down and verify if that corresponds with the wantedconfiguration.

This image provides an example of a down link.

► To detect a faulty physical network link between the switches and Unity:Run this command:nic show-link –s

Under the column IERRORS, you will see a value bigger than 0.

Troubleshooting network issues


3

Chapter 4

Chapter 4:LACP (Link Aggregation Control Protocol)

LACP (Link Aggregation Control Protocol) allows multiple individual Ethernet links to be aggregated togetherto form a single logical channel. LACP allows a network device to negotiate an automatic bundling of links bysending LACP packets to the peer (directly connected device that also implements LACP).LACP is typically used for two purposes:1. Load balancing: bundling two or more links together provides increased throughput and a level of load

balancing for when the speed of individual Ethernet lines is limited.

2. Redundancy: links in a LACP aggregation provide an automatic fallback should one of the links fail,providing enhanced resilience. All traffic is routed from the failed link to the remaining links.

Unity supports both active and passive LACP modes:Activemode: places a port into an active negotiating state in which the port initiates negotiations with otherports by sending LACP packets.

Passivemode: places a port into a passive negotiating state in which the port responds to LACP packetsthat it receives but does not initiate LACP packet negotiation.

This section explains how to enable and configure LACP onUnity.

Requirements and guidelines for implementing LACP 24Understanding link aggregation 24Enabling LACP using the nxadmin CLI 24Troubleshooting LACP 25



Requirements and guidelines for implementing LACPThis section lists network and infrastructure requirements for implementing LACP, as well as guidelines/bestpractices for configuring the Ethernet switch(es) for LACP.

LACP only operates point-to-point between two partner devices connected together: for example, Unityand the Ethernet switch(es).

LACP must be enabled at both ends of the link to be operational. Refer to the Ethernet switchmanufacturer's documentation for information on setting up LACP on the Ethernet switch(es).

The link between Unity and the Ethernet switch(es) must be Full-Duplex.

Both Unity and the Ethernet switch(es) must be running at the same speed (1Gbps or 10Gbps).

The Ethernet switch(es) must support the IEEE 802.3ad Link Aggregation Standard.

To prevent a single point-of failure in your configuration, make sure to connect each controller node to adifferent Ethernet switch, as illustrated in this diagramas explained in Understanding network aggregationon page 21.

Understanding link aggregationLink aggregation does NOT work by passing packets across all the links in an aggregate group in a round-robin fashion. When a packet arrives, LACP calculates the source and destination address hash (which canbe L2, L3, or L4 policies, with L4 being the default), and automatically assigns any given source-destinationpair to one of the links in the aggregate. As a result, a single TCP connection can never achieve speedssurpassing the throughput of a single link.For example, while youmight aggregate 4x 1Gbps links into a single aggregate, you'll never get more than1Gbps in any single data transfer. Even in the case of multiple sessions at the same time frommultipleclients, 50/50 load balancing is almost never achieved in real-life implementations; around 70/30 is morecommon.For more information about LACP, see:http://en.wikipedia.org/wiki/Link_aggregation

Enabling LACP using the nxadmin CLIUnity provides the nic command in Unity's menu-based nxadmin CLI for enabling andmonitoring LACP onUnity.

► Before you begin:Enabling LACP over the network will cause disconnection. Perform these steps through KVM console, orthrough IPMI console.

Youmust not enable LACP on nx99 otherwise you will lock yourself out of the system.

CAUTION: On a clustered system, youmust enable LACP on each controller node individually.Before you enable LACP on a controller node, however, youmust transition any Pool ResourceGroups and/or the SystemManagement component to the second controller in the system. Youmust then repeat this process to enable LACP on the second controller.

► To enable and configure LACP on Unity:1. Access the nxadmin CLI.

2. When the NestOS AdminMenu displays, type 5 (Run a Command), and then press Enter.

Requirements and guidelines for implementing LACP


4

3. At the command: prompt, type one of these command to enable LACP onUnity, in either active orpassivemode:

Activemode:nic modify-aggr -L active nx0

Where nx0 represents the primary interface on Unity. You can also enable LACP on the secondaryinterface, if available: to enable LACP on the secondary interface, replace nx0 with nx1.

Passivemode:nic modify-aggr -L passive nx0

Where nx0 represents the primary interface on Unity. You can also enable LACP on the secondaryinterface, if available: to enable LACP on the secondary interface, replace nx0 with nx1.

4. Press Enter. Unity disconnects from the network.

5. Configure the Ethernet switch to set the ports that you want to combine into a logical channel. Unitycomes back online once LACP negotiation is complete.

6. Test and confirm network connectivity to Unity.

Troubleshooting LACP► To detect that LACP is enabled on the switches and not on Unity:

Verify that LACP is enabled on the switches as passive or active; see Enabling LACP using the nxadminCLI on the previous page.

Verify Unity network interface LACP status.

► To verify the network interface LACP status:1. At the command: prompt, type:

nic show-aggr -L

2. Press Enter.You will see similar results as displayed below when the protocol is up.

Chapter 4: LACP (Link Aggregation Control Protocol)


4


Troubleshooting LACP


Chapter 5

Chapter 5:Jumbo Frames

Enabling jumbo frames on Unity can significantly increase network throughput while consuming fewer CPUcycles on the system.

► Before you begin:Youmust make sure to enable jumbo frames on the switch(es) that Unity is connected to, as well as on allclient systems that access Unity.

Youmust make sure that the 10GigE interface is set as the primary interface (nx0) on Unity (for example:ixgbe1, ixgbe2, etc.).

Enabling jumbo frames over the network will cause disconnection. Perform these steps through a KVM orIPMI console. Client systems and applications on the network will temporarily lose connection to Unityduring the reboot and switchover operations. Make sure that client systems with an active connection toany shares on Unity are disconnected; alsomake sure to quiesce any applications with an activeconnection to Unity.

We recommend that IPMI settings be configured for Unity if you are connected to Unity with a system on aseparatemanagement network.

This section covers these topics:

Enabling jumbo frames using themenu-driven nxadmin CLI 28Setting or modifying IPMI settings 28Troubleshooting Jumbo Frames 29



Enabling jumbo frames using themenu-driven nxadmin CLIEnabling on Unity can significantly increase network throughput while consuming fewer CPU cycles on thesystem.

► Before you begin:Youmust make sure to enable jumbo frames on the switch(es) that Unity is connected to, as well as on allclient systems that access Unity.

Youmust make sure that the 10GigE interface is set as the primary interface (nx0) on Unity (for example:ixgbe1, ixgbe2, etc.).

Enabling jumbo frames over the network will cause disconnection. Perform these steps through a KVM orIPMI console. Client systems and applications on the network will temporarily lose connection to Unityduring the reboot and switchover operations. Make sure that client systems with an active connection toany file systems on Unity are disconnected; alsomake sure to quiesce any applications with an activeconnection to Unity.

We recommend that IPMI settings be configured for Unity if you are connected to Unity with a system on aseparatemanagement network.

► To enable jumbo frames on Unity:1. Access the nxadmin CLI.

2. Type this command to set theMTU for the nx0 interface to 9000 bytes (jumbo frames) and press Enter:nic set-linkprop -p mtu=9000 nx0

3. Repeat these steps for any other network interfaces on Unity (such as, nx1); for example:nic set-linkprop -p mtu=9000 nx1

4. Restart the system or the controller node:a. Typemenu and press Enter.

b. When the NestOS AdminMenu displays, type 2 (Shutdown and Reboot Menu), and press Enter.

c. Type 1, and press Enter. The system or controller node reboots; this process may take some time tocomplete.

5. Once the system or controller node reboots, test and confirm network connectivity to Unity.

6. Repeat these steps on the second controller node after you transition cluster resources back to the nodeyou finished configuring.

Setting or modifying IPMI settingsUnity supports IPMI over LAN. To enable IPMI for Unity, youmust connect a network cable to the second on-board 1Gb LAN port at the back of each controller on Unity chassis; this second LAN port is located at thebottom of each controller node, closest to the bottom-edge of the controller box.

► To set IPMI settings:1. If you aremanagingmultiple sites (multi-site management of remote systems): in Unity's tree view, click

the Site node representing Unity that you want to modify IPMI network settings for.

2. Click the node.

Enabling jumbo frames using themenu-driven nxadmin CLI


5

3. Expand the controller node’s Properties panel.Figure 5-1: Cluster Settings properties panel—IPMI tab

4. Select the IPMI tab.

5. Modify IPMI network settings for Unity by overwriting any existing values in the relevant fields:a. Type a new IPMI IP address for each controller node on the system.

b. Specify new IPMI subnet and/or IPMI gateway addresses or Unity.

6. If needed, type a new password for Unity IPMI web-based interface in thePassword field; you need thispassword to access Unity IPMI web-based interface. The default password is ADMIN (all upper case).

7. Click theApply button to set the new IPMI network settings on Unity.

Troubleshooting Jumbo Frames► To verify that the MTU is different from Unity and the target equipment:

Run this command:nic show-link

This image provides an example of Unity with Jumbo Frames enabled on nx0.

You can test the settings by pinging to and from themachine with 9000 byte packets.

► To test from a remote client:Run this command:

On Linux-based platforms:# ping -s 9000 IP 4

where IP is the IP address of Unity.

Chapter 5: Jumbo Frames


5


OnWindows-based platforms:ping –l 9000 IP

where IP is the IP address of Unity.

► To test from Unity using the nxadmin CLI:Run this command:# ping -s IP_of_another_machine 9000 4

Troubleshooting Jumbo Frames


5

Chapter 6

Chapter 6:VLANs (Virtual LANs)

A VLAN (Virtual Local Area Network) is amethod of creating independent logical networks within a physicalnetwork. Unity can be configured to use VLANs to separate the networks. VLAN Tagging is the practice ofinserting a VLAN ID into a packet header in order to identify which VLAN the packet belongs to.On Unity you can configure the nx0 to havemultiple VLANs using the nic command via the nxadmin CLIcommand shell.This section covers these topics:

Setting up Unity for multiple VLANs 32



Setting up Unity for multiple VLANs► To create a setup for multiple VLANs:1. Configure the switch so that the nx0 physical ports (ixgbe2 and ixgbe3) of both controllers are

members of VLAN 1 andmembers of VLAN 26.Then untag VLAN 1 and tag the VLAN 26.

2. Configure the switch so that the nx99 physical ports (igb0) of both controllers aremembers of untaggedVLAN 1.

3. On both controllers of the Unity, run the following command in the nxadmin CLI to create the VLAN:#nic create-vlan –v 26 –l nx0 nx1

Note For details on the nic command, see nic on page 61.

4. In the nxadmin CLI, run the setip command and set the IP addresses for all the subnets. Make surethat the default gateway is set on subnet 1.Note For details on the setip command, see setip on page 74.

Setting up Unity for multiple VLANs


6

Chapter 7

Chapter 7:IP-based restrictions

The nxadmin CLI allows you to restrict access to CIFS and NFS file systems based on a client system’s IPaddress.With this mechanism, you can give a client system, or a group of client systems on a specific subnet, one ofthese access levels to a file system:

Read-write access (rw): when you configure Read-write access for a file system, only a client systemwith an IP address corresponding to the list, or range, of IP addresses that you add to the Read-writeaccess list for the file system is granted both Read andWrite access to the file system. Any client systemwith an IP address that does not correspond to an entry in the Read-write access list is prevented fromaccessing the file system.

Read-only access (ro): when you configure Read-only access for a file system, only a client system withan IP address corresponding to the list, or range, of IP addresses that you add to the Read-only access listfor the file systemis granted Read-only access to the file system. Any client system with an IP addressthat does not correspond to an entry in the Read-only access list is prevented from accessing the filesystem.

No access (none): when you configure No access for a file system, any client system with an IP addresscorresponding to the list, or range, of IP addresses that you add to the No access list for the file systemisprevented from accessing the file system.

You can configure separate access restrictions for each file systemonUnity. In addition, you can configureone, or more, access levels—rw (Read-write), ro (Read-only), or none (No access) for each file system—asneeded. For example, a file systemcan have Read-write and Read-only IP-based accessed restrictionsconfigured for it.Note IP-based restrictions on a file system are additive to file system-level user accesspermissions:When you enable IP-based rw (Read-write) or ro (Read-only) access for a file system tospecific client systems on the network, this does NOT grant user access to the file system; this mechanismis provided to explicitly deny access to any client system with an IP address that does not correspond to anentry in the Read-write or Read-only access lists that you configure for the file system. Once Unity validatesand authorizes a client system’s IP address, it then determines user access to the corresponding file system,based on permission settings you configure for the file systemin Nexsan Unity.You can also set the no_root_squash property on an NFS share to allow NFS clients on the network toconnect to andmount an NFS share on Unity as root; see Enabling the no_root_squash property on an NFSshare on page 38.



In addition, all NFS file systems, by default, have their Read-write flag set to enabled. You can clear thisflag, or set it to enabled again, if needed; you can also set or clear the Read-only or No access list flags forNFS file systems.This section includes these topics:

Setting IP-based restrictions on a CIFS file system below

Setting IP-based restrictions on an NFS share on page 36

Enabling the no_root_squash property on an NFS share on page 38

Setting IP-based restrictions on a CIFS file systemThis section explains how to restrict access to a CIFS file system based on a client machine’s IP address.Youmust run these commands on the controller hosting the CIFS file system.

► To set IP-based restrictions on a CIFS file system:1. In the NestOS AdminMenu, type 6 (Configure File Systems and Active Directory).

2. Press Enter. This displays the File Systems submenu.

3. Type 1 (Configure File System Access Lists).

4. Press Enter. This displays all the file systems configured on Unity.SHARE LIST

0 - SMS share :PayRollData1

rw access-list :@172.21.12.232

1 - SMB share

2 - SMB share

3 - NFS share

:PayRollData2

:PayRollData3

:PayRollData_NFS

rw flag :enabled

Please select the share number, h for info, s to see secondary modes or qto exit:

The file system list displays all the file systems that you configured on Unity, as well as any Read-only,Read-write, or No access IP-based restrictions currently set for each file system. If a file system hasboth CIFS and NFS sharing enabled for it, the file system list displays 2 separate entries for it: an SMB(CIFS) entry and an NFS entry.Note CIFS file systems in the file system list are identified as SMB file system.

Setting IP-based restrictions on a CIFS file system


7

5. In the file systemlist, locate the CIFS file system that you want to set IP-based restrictions on, and typeits file systemnumber; then, press Enter. For example, to set IP-based access restrictions on SMB(CIFS) file system PayRollData2, type 1, and press Enter. This displays the Restrictions Optionsscreen for PayRollData2.SELECTED SHARE:

SMB file system :PayRollData2

INFORMATION:

When the share is primary at this site, the settings will be as shown.

When the share is secondary at this site, the rw and no_root_squash accesslists will be added to the ro lists.

When just a flag is set, it defaults to all.

When the share is secondary, if rw exists with no value, and ro has avalue then a * will appended to the ro access-list.

OPTIONS:

rw - configure the rw access-list (or just the flag).

ro - configure the ro access-list (or just the flag).

none - configure the none access-list (or just the flag).

no_root_squash - configure the no_root_squash access-list (or just theflag).

(please note that with NFS, the default is to have only the rw flag)

Please select an option or q to cancel:

6. Type the access level—rw (Read-write), ro (Read-only), or none (No access)—that you want toconfigure for the file system, and press Enter.For example, if you want only a specific group of client systems on the network to have Read-writeaccess to the file system, type rw and press Enter. This displays the Access Lists screen:

SELECTED SHARE:

SMB filesystem

:PayRollData2

SELECTED TYPE: rw

OPTIONS:

a - add an entry to the (rw) access list.

r - remove an entry from the (rw) access list.

c - clear all entries in the (rw) access list.


Chapter 7: IP-based restrictions


7


7. Type a, add an entry to the [rw] access list, and press Enter; you are prompted to enter the IPaddresses, prefix, or subnet mask, corresponding to the client systems that you want to give Read-writeaccess to the CIFS file system.

Please type in the new entry.

The entry should start with the @ symbol.

The entry can be and IP address (ex: @10.11.1.1)

The entry can be and IP prefix (ex: @10.11)

The entry can be and IP with mask (ex: @10.11/16)

8. Type the corresponding IP addresses, prefix, or subnet mask, preceded by the commercial at symbol(@), and then press Enter.

For example, if you want to give a specific client system Read-write access to the CIFS file system,type the client system’s corresponding IP address: @172.21.12.189

If you want to give two or more client systems with specific IP addresses Read-write access to theCIFS file system, type the corresponding IP addresses in this format:@172.21.12.189:@172.21.12.190

If you want to give client systems on a specific subnet Read-write access to the CIFS file system,type the corresponding IP address range and subnet mask in this format: @172.21/16

If you want to give all client systems on the network Read-write access to the CIFS file system, typethe asterisk symbol (*): *

9. If needed, repeat the last two steps to configure IP-based access restrictions for the file system’s Read-only or No access levels.

Setting IP-based restrictions on an NFS shareThis section explains how to restrict access to a NFS share based on a client machine’s IP address. Youmust run these commands on the controller hosting the NFS share.

► To set IP-based restrictions on an NFS share:1. In the NestOS AdminMenu, type 6 (Configure File Systems and Active Directory).

2. Press Enter. This displays the File Systems sub-menu.


Setting IP-based restrictions on an NFS share


7




1 - SMB share

2 - SMB share

3 - NFS share

:PayRollData2

:PayRollData3

:PayRollData_NFS

rw flag :enabled


The file system list displays all the file systems that you configured on Unity, as well as any Read-only,Read-write, or No access IP-based restrictions currently set for each file system. If a file system hasboth CIFS and NFS sharing enabled for it, the file system list displays 2 separate entries for it: an SMB(CIFS) entry and an NFS entry.

5. In the file system list, locate the NFS share that you want to set IP-based restrictions on, and type its filesystem number; then, press Enter. For example, to set IP-based access restrictions on NFS sharePayRollData_NFS, type 3, and press Enter. This displays the Restrictions Options screen forPayRollData_NFS.SELECTED SHARE:

NFS share :PayRollData_NFS

rw flag :enabled

INFORMATION:





OPTIONS:









7


6. Type the access level—rw (Read-write), ro (Read-only), or none (No access)—that you want toconfigure for the file system, and press Enter.For example, if you want only a specific group of client systems on the network to have Read-writeaccess to the file system, type rw and press Enter. This displays the Access Lists screen.

SELECTED SHARE:


SELECTED TYPE: rw

rw flag :enabled

OPTIONS:



cr - clear all the entries and clear the (rw) flag.

ck - clear all the entries (if there are any) and keep the (rw) flag (oradd it if is not currently set).


7. Type a, add an entry to the [rw] access list, and press Enter; you are prompted to enter the IPaddresses, prefix, or subnet mask, corresponding to the client systems that you want to give Read-writeaccess to the NFS share.

Please type in the new entry.


The entry can be and IP address (ex: @10.11.1.1)

The entry can be and IP prefix (ex: @10.11)

The entry can be and IP with mask (ex: @10.11/16)


For example, if you want to give a specific client system Read-write access to the NFS share, typethe client system’s corresponding IP address: @172.21.12.189

If you want to give two or more client systems with specific IP addresses Read-write access to theNFS share, type the corresponding IP addresses in this format:@172.21.12.189:@172.21.12.190

If you want to give client systems on a specific subnet Read-write access to the NFS share, type thecorresponding IP address range and subnet mask in this format: @172.21/16

If you want to give all client systems on the network Read-write access to the NFS share, type theasterisk symbol (*): *

9. If needed, repeat the last two steps to configure IP-based access restrictions for the file system’s Read-only or No access levels.

Enabling the no_root_squash property on an NFS shareThe nxadmin CLI allows you to enable the no_root_squash (root) property on NFS share. Youmust runthese commands on the controller hosting the NFS share.

Enabling the no_root_squash property on an NFS share


7

The no_root_squash property is a setting that allows NFS clients on the network to connect to andmountan NFS share on Unity as root.

► To enable the no_root_squash property for an NFS share:1. In the NestOS AdminMenu, type 6 (Configure File Systems and Active Directory).

2. Press Enter. This displays the File Systems sub-menu.





1 - SMB share

2 - SMB share

3 - NFS share

:PayRollData2

:PayRollData3

:PayRollData_NFS

rw flag :enabled


The file system list displays all the file systems that you configured on Unity, as well as any Read-only,Read-write, or No access IP-based restrictions currently set for each file system. If a file system hasboth CIFS and NFS sharing enabled for it, the file system list displays 2 separate entries for it: an SMB(CIFS) entry and an NFS entry.



7


5. In the file systems list, locate the NFS share that you want to enable the no_root_squash property for,and type its file system number; then, press Enter. For example, to enable the no_root_squash flag forPayRollData_NFS, type 3, and press Enter. This displays the Restrictions Options screen forPayRollData_NFS.SELECTED SHARE:

NFS file system :PayRollData_NFS

rw flag :enabled

INFORMATION:





OPTIONS:







6. Type no_root_squash and press Enter. This displays the Root Access Lists screen.

SELECTED SHARE:


SELECTED TYPE: rw

rw flag :enabled

OPTIONS:



cr - clear all the entries and clear the (rw) flag.

ck - clear all the entries (if there are any) and keep the (rw) flag (oradd it if is not currently set).




7

7. Type a, add an entry to the [root] access list, and press Enter; you are prompted to enter the IPaddresses, prefix, or subnet mask, corresponding to the client systems that you want to give root accessto the NFS file system.Please type in the new entry.


The entry can be an IP address (ex: @10.11.1.1)

The entry can be an IP prefix (ex: @10.11)

The entry can be an IP with mask (ex: @10.11/16


For example, if you want to give a specific client system root access to the NFS share, type the clientsystem’s corresponding IP address: @172.21.12.189

If you want to give two or more client systems with specific IP addresses root access to the NFSshare, type the corresponding IP addresses in this format: @172.21.12.189:@172.21.12.190

If you want to give client systems on a specific subnet root access to the NFS share, type thecorresponding IP address range and subnet mask in this format: @172.21/16

If you want to give all client systems on the network root access to the NFS share, type: @0/0

Note To enable root access to the NFS share for all client systems on the network using the 0/0 option, youmust also enable the rw flag for the File System; see Setting IP-based restrictions on an NFS share onpage 36.



7




Chapter 8

Chapter 8:User authentication requirements

This section provides information on the user authenticationmodes that you can use in your Unitydeployment.

User authenticationmodes 44Microsoft Active Directory domain requirements 44



User authenticationmodesDuring the initial setup of your site, you select the user authenticationmode that you want to use with yourUnity deployment. Unity supports threemodes for user authentication:

Microsoft Windows Active Directory domain

LDAP Directory service (in UNIX/Linux environments)

Unity authentication

To authenticate users against the user and group accounts stored locally on Unity, use theManage Users andGroups panel; seeManaging users and groups with Unity authentication on page 1.To authenticate users against aMicrosoft Windows Active Directory domain or an LDAP Directory service,use the user and group accounts that aremaintained on theMicrosoft Windows Active Directory server orLDAP Directory server.

CAUTION: RISK OF OUTAGEDo not join Unity with Active Directory to Domain Controllers hosted on VMware. DomainControllers used with Unity and Active Directory must either be a physical device or hostedexternally to Unity.

Microsoft Active Directory domain requirementsThis section describes theMicrosoft Active Directory support requirements for Unity. Carefully review thistable before joining Unity to aMicrosoft Active Directory domain.

Requirement Description

Operating Systems Windows Server 2012

Windows Server 2008 R2

Windows Server 2008 x86 or x64, including:Windows Server 2008 with Service Pack 1

Windows Server 2008 with Service Pack 2

Window Server 2003 R2 x86 or x64

Reverse DNS TheMicrosoft Active Directory implementationmust be configured with areverse DNS lookup zone.

Global catalog andLDAP catalog ports

The primary domain controller that Unity connects to must have both the globalcatalog port (3268) and the LDAP catalog port (389) open. In aMicrosoft ActiveDirectory forest implementation, all domain controllers must have these portsopen.

Time server The primary domain controller that Unity connects to must be configured as areliable time source (time server capability) for the domain. In aMicrosoft ActiveDirectory forest implementation, all domain controllers must have thiscapability.If theMicrosoft Active Directory implementation does not provide, or is notconfigured for, time server capability, youmust specify a valid Network TimeProtocol (NTP) source for Unity to synchronize its date and time with.

User authenticationmodes


8

Requirement Description

Domain administratorprivileges

You will need to provide domain credentials for a domain administrator, or of auser who has full domain administrative privileges.If the user account does not have domain administrator privileges, youmustcreate computer objects for Unity in the Active directory domain, and give thecorresponding user account management access to the objects before joiningthe domain.For procedural steps, see:Delegating control to the non-Administrator user account on page 1, andCreating computer objects on the Active Directory server on page 1.

DNS alias for non-standard domain names

Use a DNS alias if the domain controller name starts with a digit, or containsnonstandard characters. If the name of the primary domain controller that youconfigure Unity to connect to starts with a digit, or contains nonstandardcharacters, youmust set up an alias—made up of only standard characters—forthe domain controller on the DNS server; standard characters include: (A-Z, a-z), digits (0-9), and hyphens (-).Youmust also add a resource record for the alias in the reverse DNS lookupzone. Later, when you configure the Unity to join theMicrosoft Active Directorydomain, youmust specify the domain controller’s alias, including its fullyqualified domain name (FQDN), in the Domain Controller (optional) field.As an example, if the domain controller uses this name: 1MYDC_001.mydomain.lan,1. Create this alias for the domain controller on the DNS server:MYDC-001

2. Add a resource record for the alias in the reverse DNS lookup zone.

3. During the Site Setup process, when configuring Unity to join theMicrosoftActive Directory domain, specify the domain controller’s alias, including itsfully qualified domain name (FQDN), in the Domain Controller (optional)field:MYDC-001.mydomain.lan

Creation of machineaccounts

TheMicrosoft Active Directory implementationmust support the creation ofmachine accounts in the default Organizational Unit (OU). .

Chapter 8: User authentication requirements


8


Microsoft Active Directory domain requirements


Chapter 9

Chapter 9:NFS support requirements

This section details requirements when using the NFS protocol to access data on Unity.To set up NFS using the nfs nxadmin CLI command, see nfs on page 70.

Using an NFS version 3 (NFSv3) client to access an NFS share with Microsoft Active Directory 48Using an NFS version 4 (NFSv4) client to access an NFS share 48



Using an NFS version 3 (NFSv3) client to access an NFS share withMicrosoft Active DirectoryUnity’s nxadmin command line interface (CLI) includes the useradd, groupadd, and idmap combination ofcommands that allow you to enableMicrosoft Active Directory users and/or groups to connect to andauthenticate with an NFS share on Unity through an NFS version 3 (NFSv3) UNIX/Linux client machine.To achieve this, you use the useradd and groupadd commands to add corresponding user and groupaccounts, respectively, to Unity, with the sameUNIX UID (for user accounts) and UNIX GID (for groupaccounts) assigned to the users and groups in theMicrosoft Active Directory domain—see the useradd andgroupadd commands in theNexsan Unity nxadmin CLI ReferenceManual.Then, youmap the user or group accounts that you add to Unity to their corresponding user or group accountnames in theMicrosoft Active Directory domain—see the nstusermaps command in theNexsan Unitynxadmin CLI ReferenceManual.Note NFSv3 uses UID/GID based permissions mapping. This means users must have the sameUID/GID onboth the client and Unity.

► Requirements:Make sure the Active Directory user/group accounts have UNIX UIDs/GIDs configured for them on theMicrosoft Active Directory server.

On Unity, add corresponding user or group accounts with the sameUID (for user accounts) or GID (forgroup accounts) associated with the user or group in theMicrosoft Active Directory domain.

Map the user or group accounts that you add to Unity to their corresponding user or group account namesin theMicrosoft Active Directory domain.

Using an NFS version 4 (NFSv4) client to access an NFS shareTo access or mount an NFS share from anNFS version 4 (NFSv4) client, youmust perform some additionalconfiguration steps, both on Unity where the NFS share exists and on the NFSv4 client computers where youintend tomount the NFS share.Note NSFv4 uses name-based permissions mapping. This means users must have the same name on boththe client and Unity. It also requires an NFSv4 Domain to be set. This must be identical on both Unity and theclient.

► On Unity where the NFS share exists, you must:1. specify a domain name to enable user/groupmapping between Unity and your NFSv4 clients;

2. define NFS settings, such as themaximum number of client connections;

3. use the nxadmin command line interface (CLI) to add user and/or group accounts, respectively, on Unitywith account names that correspond to user and/or group accounts on the NFSv4 client computerswhere you intend tomount the NFS share.

► On the NFSv4 client computers where you intend to mount the NFS share, you must:1. add the NFSv4 domain name you specified on Unity to the /etc/idmapd.conf file;

2. stop and then restart the idmap (Identity Mapping) service;

3. make sure this service starts on system boot up: chkconfig rpcidmapd on;

4. mount the NFS share.

Using an NFS version 3 (NFSv3) client to access an NFS share with Microsoft Active Directory


9

► To configure NFSv4 support:1. In Nexsan Unity's tree view, click the Site node corresponding to Unity where the NFS share exists; this

displays its child nodes.

2. Expand the Site node’s Properties panel.

3. Select the tab.Figure 9-1: Site node's properties panel— tab

4. Specify a domain name to enable user mapping between Unity and your NFSv4 clients:a. Select the check box to enable the domain.

b. In theDomain text box, type a domain name for NFSv4 support. You will be required to specify thisdomain name on all NFSv4 client systems where you intend tomount the NFS share. You can usethe default domain name, NST.domain, or specify a new name; the domain namemust contain aperiod (.).

5. Click Apply to save your settings.

Chapter 9: NFS support requirements


9


6. Use the nxadmin command line interface (CLI) to add user and/or group accounts to Unity with accountnames that correspond to user and/or group accounts on the NFSv4 client computers where you intendtomount the NFS share:a. Access the nxadmin CLI on Unity.

b. Log on as nxadmin.

c. In the NestOS AdminMenu, type 4 (Run a Command).

d. Press theEnter key.

e. At the command: prompt, type the useradd command using this syntax to add a user:useradd -u <uid> <user name>

You cannot use these UID numbers because they are reserved:0 to 101

60001

60002

65534

90000 to 90050

If one of these IDs is already assigned to a user on your network, please contact Nexsan TechnicalSupport to request that they free up the reserved ID.

f. Press theEnter key.

g. At the command: prompt, type the groupadd command using this syntax to add a group:groupadd -u <gid> <group name>

You cannot use theseGID numbers because they are reserved:0 to 101

60001

60002

65534

90000 to 90050

99999

If one of these IDs is already assigned to a user on your network, please contact Nexsan TechnicalSupport to request that they free up the reserved ID.

h. Press theEnter key.

Using an NFS version 4 (NFSv4) client to access an NFS share


9

7. Assign the local user and/or group accounts (that you created in the previous step) access permissionsto the NFS share. You perform this step in the nxamin Command Line Interface (CLI) using theshareacl command:a. Type the shareacl command to display its command reference and options. As an example, to

assign the user bobsummers Full access permissions to the NFS sharePayRollData1 in storagepool FinancePool1, type:shareacl -c append -p FinancePool1 -s PayRollData1 -u bobsummers -afull_set -d allow

To assign Read-only access permissions, replace -a full_set with -a read_set; or, toassign Read/Write access permissions, replace -a full_set with -a write_set.

To deny access, replace -d allow with -d deny.

8. Open the /etc/idmapd.conf file and change the value for the Domain parameter to correspond to theNFSv4 domain name you specified in Step 1; for example:Domain = NST.domain

9. Stop and start the idmap (Identity Mapping) service; for example:service rpcidmapd stop

service rpcidmapd start

10. Make sure this service starts on boot up:chkconfig rpcidmapd on

11. Mount the NFS share.

Chapter 9: NFS support requirements


9


Using an NFS version 4 (NFSv4) client to access an NFS share


This section describes the ports you need to allow on your firewall for Unity to communicate properly withActive Directory, LDAP, and/or NIS servers and all client applications.Notes:

Dynamic TCP ports on Unity: Between 32768 and 65535

Dynamic UDP ports on Unity: Between 32768 and 65535

Dynamic on the client: When the client machine initiates the connection to a port on Unity, it decides whatport Unity should respond to. These ports are known as Ephemeral ports and are dynamically chosen bythe client when the connection is initiated. Different operating systems have a different range of ports tochose from.

Protocol Use Direction Unity ports Outgoing ports

SSH CLI access Incoming 22 (TCP) Dynamic on the otherside

HTTP Unity access Incoming 80 (TCP) Dynamic on the otherside

HTTPS Unity access Incoming 443 (TCP) Dynamic on the otherside

HTTPS Updates from theLicense server

Outgoing Dynamic TCP ports 443 (TCP)

NFS NFS locking Incoming 4045 (TCP/UDP) Dynamic on the otherside

NFS NFS status daemon Outgoing Dynamic TCP ports Dynamic on the otherside

NFS NFS mount daemon Incoming Dynamic TCP ports Dynamic on the otherside

NFS NTS port mapper andNFS control

Incoming 111, 2049 (TCP/UDP) Dynamic on the otherside

FTP Passivemode ports Incoming 32768-33768 (TCP) Dynamic on the otherside

Appendix A

Appendix A:Network ports


FTP Data access Incoming 21 (TCP) Dynamic on the otherside

CIFS Data access Incoming 445 (TCP) Dynamic on the otherside

CIFS Permissions Incoming 445 (UDP/TCP) Dynamic on the otherside

NetBIOS Outgoingcommunications

Outgoing Dynamic TCP/UDPports

137, 138, 139(UDP/TCP)

AD Permissions Outgoing Dynamic TCP/UDPports

445 (UDP/TCP)

AD Remote procedure calls(RPC)


Dynamic on the otherside (or 135 for certainversions of WindowsAD)

AD Permissions - Kerberose Outgoing Dynamic UDP ports 88, 464 (TCP/UDP)

AD Permissions - LDAPglobal Catalog Search

Outgoing Dynamic TCP ports 3268, 3269 (TCP)

LDAP Permissions Outgoing Dynamic TCP/UDPports

389, 636 (TCP/UDP)

NIS Permissions Outgoing Dynamic TCP/UDPports

111, or server-definedport (TCP/UDP)

DNS Outgoingcommunications


53 (TCP/UDP)

iSCSI Connection to LUNs onUnity

Incoming 860, 3260 (TCP/UDP) Dynamic on the otherside

iSNS LUN discovery andmanagement

Incoming 3205 (TCP/UDP) Dynamic on the otherside

NTP Time synchronization forexternal storage withUnity

Incoming 123 (UDP) Dynamic on the otherside

NTP Time synchronization forUnity with an outsidesource

Outgoing Dynamic UDP ports 123 (UDP)

NMP NexsanManagementProtocol

Incoming 44844 (TCP/UDP) Dynamic on the otherside

54 Nexsan, Inc.www.nexsan.com

Nexsan UnityNetwork Best Practices Guide

A

http://www.nexsan.com/


SNMP Traps Outgoing Dynamic UDP ports 161 (UDP)

SNMP Gets for systeminformation

Incoming 162 (UDP) Dynamic on the otherside

NDMP NAS backups Incoming 10000 (TCP/UDP) Dynamic on the otherside

Replication Asynchronousreplication

Outgoing Dynamic TCP ports 22, 80, 873 (TCP)

Replication Asynchronousreplication

Incoming 20, 80, 873 (TCP) Dynamic on the otherside

STMP Email notifications Outgoing Dynamic TCP ports 25 (TCP)

CallHome Access to the CallHometechnical supportservice

Outgoing Dynamic TCP ports One of:20022 (TCP)

80 (TCP)

443 (TCP)

Appendix A: Network ports

Nexsan Unity Network Configuration GuideNexsan, Inc.

www.nexsan.com55

A


This section provides complete information on how to use the nxadmin CLI commands mentioned in thismanual:

callhome is used for Unity remote support;

nic is used for configuring network interfaces;

setip is used for IP address configuration;

nfs, nstusermaps, useradd, and groupadd are used for NFS support.

callhome 58groupadd 60nic 61nfs 70nstusermaps 71setip 74useradd 74

Appendix B

Appendix B:Useful CLI commands

callhome► To run this command:1. Access the CLI command shell.

2. Type the command using this syntax.

3. Press Enter.

Description This command provides access to the Call Home service. It allows Nexsan TechnicalSupport personnel to connect to Unity and troubleshoot issues remotely.To use the CallHome service, Unity must have Internet access and at least one of theseports must be open and allowed between Unity and the network firewall:

20022

80

CAUTION: Run this command only if requested by Nexsan Technical Support.Note: To send logs automatically to Technical Support, youmust stop the Call Homeservice and then enable the autolog command.

Controller Run this command on the controller having the issue.

Syntax callhome

[start]

[stop]

[status]

[setclient <IP> <port>]

[test]

[hosts]

[monitor]

[sendlogs]

[update]

[suspend]

[resume]

[reset]

[version]

Options start

This option starts the CallHome service.

stop

This option stops the CallHome service.

status

This option displays the status of the CallHome service.

setclient <IP> <port>

callhome



B


This option allows you to connect to the CallHome service from aworkstation. Enter theIP address and the port number of the client.

test

This option tests connectivity to all knownCallHome service hosts.

hosts

This option lists all SSH and HTTP CallHome servers to which the CallHome service isconnected. It lists the server’s IP address or domain name and the SSH port number. Theconnection is always over SSH. If a direct SSH connection is not possible, the systemwill connect to CallHome servers using SSH over HTTP. In this case, this option will alsodisplay the HTTP server's IP address and port number.

monitor

This optionmonitors the I/O traffic during a CallHome session. It displays the Sent andReceived packets approximately once per second. Press any key to stop themonitoringsession and return to the prompt.

sendlogs

This option packages and sends logs to the CallHome server.Note: This command can only be run when the CallHome service is stopped.

update

This option checks if there are updates of the CallHome version.

suspend

This option pauses the sending of event driven logs to Unity.

resume

This option resumes the sending of event driven logs to Unity.

reset

This option resets the triggers to send event driven logs to Unity.

version

This option returns the CallHome service version. This command is enabled after updatingthe callhome command to its latest version, if you are running an older build of Unity 2.0and you have never used the callhomecommand. See the example below to enable andrun this command.

Example 1 We check the status of the CallHome service.callhome status

The CallHome service is not running.

Example 2 We start the CallHome service.callhome start

Starting CallHome service... Done.

Example 3 Weupdate the callhome command to the new version, then we check if the version is

Appendix B: Useful CLI commands


www.nexsan.com59

B


higher than 0.1.1. Start the CallHome service:

callhome start

2. Wait for a few minutes, until the nxadmin CLI restarts automatically:SSH shell interrupted.

The connection to the SSH shell was broken. The system willattempt to reconnect in 5 seconds.

Copyright 2010-2014 Nexsan Technologies Inc. All RightsReserved.

Loading shell... Ready.

Type 'help' for command list.

Type 'menu' for system menu.

3. The callhome command is now updated. Verify the new version:callhome version

Version: 5.38.0.0

groupadd► To run this command:1. Access the CLI command shell.


3. Press Enter.

Description This command allows you to add local group accounts on Unity that correspond toUNIX/Linux Microsoft Active Directory domain accounts. The members of the groupaccounts that you add to Unity can then access NFS file systems in a Microsoft ActiveDirectory environment.Note: This command does not display a confirmationmessage.

Controller Run this command on either controller.

Syntax groupadd -g <gid> [-o] <group name>

Options -g <gid>

This option assigns the specified group ID <gid> to the group being added. This group IDmust be a non-negative decimal integer below 2147483647.You cannot use these group ID numbers because they are reserved:

0 to 101

60001

60002

65534

90000 to 90050

groupadd



B


If there are conflicting IDs, please contact Nexsan Technical Support.

-o

This option, when used with -g, allows the group ID to be non-unique.

<group name>

This option specifies the group name to be added.

Example groupadd -g 1002 users

nic► To run this command:1. Access the CLI command shell.


3. Press Enter.

Description This command allows you to display and configure advanced network settings on Unity,such as link properties, usage, and aggregation (including creating, adding, modifying,and removing aggregations).Note: The nic command provides several administrative functions for configuring data-link interfaces on Unity. This command is intended for advanced users and/or for NexsanTechnical Support personnel; some options available with this command should only beexecuted with the assistance of a Nexsan Support Engineer.

Controller Youmust run this command on both controller nodes.

Syntax nic

[create-aggr [-t] [-P <policy>] [-L <mode>] [-T <timer>] [-u<address>] -l <linkname1> [-l <linkname2>...] <aggrname>]

[add-aggr [-t] -l <linkname1> [-l <linkname2>...] <aggrname>]

[delete-aggr [-t] <aggrname>]

[modify-aggr [-t] [-P <policy>] [-L <mode>] [-T <time>] [-u<address>] <aggrname>]

[remove-aggr [-t] -l <linkname1> [-l <linkname2>...] <aggrname>]

[show-aggr [-L] [-x] [-o <field>,...] [-p] [-P] [-s [-i<interval>]] [<aggrname>]]

[rename-link <oldlinkname> <newlinkname>]

[show-link -o <field>,... [-p] [-P] [-s [-i <interval>]]<linkname>]

[set-linkprop [-t] -p <prop>=<value>[,...] <linkname>]

[reset-linkprop [-t] [-p <prop>,...] <linkname>]

[show-linkprop [-o <field>,...] [-c] [-P] [-p <prop>,...][<linkname>]]

[show-phys -H [-o <field>,..] [-p] [-P] [<physlinkname>]]



www.nexsan.com61

B


[show-usage [-a] [-p <plotfile>] [-F <format>] [-s<DD/MM/YYYY,HH:MM:SS>] [-e <DD/MM/YYYY,HH:MM:SS>] -f <logfile><linkname>]

create-vlan [-ft] -l <link> -v <vid> [link]

delete-vlan [-t] <link>

show-vlan [-pP] [-o <field>,..] [<link>]

Options create-aggr

This command allows you to create a link aggregation, which treats two or more physicalnetwork connection as a single connection with the specified link name. This optionaccepts the following arguments:

-t: Specifies that the aggregation is temporary. The aggregation lasts until the systemis next rebooted.

-L <mode>: Specifies whether LACP should be used and, if used, themode in whichit should operate. Supported values are off, active, or passive. Default is off.

-l <linkname>(required): Each Ethernet link (or port) in the aggregation is specifiedusing an -l option followed by the name of the link to be included in the aggregation.Multiple links are included in the aggregation by specifyingmultiple -l options.

<aggrname> (required): Sets the name of the link aggregation.

add-aggr

This command allows you to add one or more links to an existing aggregation. It acceptsthe following arguments:

-t: Specifies that the addition is temporary. The addition lasts until the system is nextrebooted, at which time the aggregation returns to its previous configuration.

-l <linkname> (required): Specifies an Ethernet link to add to the aggregation.Multiple links can be added by supplyingmultiple -l options.

<aggrname> (required): Specifies the aggregation to which you wish you add links.

delete-aggr

This command allows you to delete a specified aggregation. It accepts the followingarguments:

-t: Specifies that the deletion is temporary. The aggregation is restored when thesystem is next rebooted.

<aggrname> (required): Specifies the aggregation to be deleted.

modify-aggr

This command allows you tomodify the parameters of a link aggregation. It accepts thefollowing arguments:

-t: Specifies that themodification is temporary. Themodification lasts until thesystem is next rebooted, at which time the aggregation returns to its previousconfiguration.

nic



B


-L <mode>: Specifies whether LACP should be used and, if used, themode in whichit should operate. Supported values are off, active, or passive. The default isoff.

<link name> (required): Specifies the aggregation that you wish tomodify.

remove-aggr

This command allows you to remove one or more links from a specified aggregation. Itaccepts the following arguments:

-t: Specifies that the removal is temporary. The removal lasts until the system is nextrebooted, at which time the aggregation returns to its previous configuration.

-l <linkname> (required): Specifies the link that you wish to remove from theaggregation. Multiple links can be removed by supplyingmultiple -l options.

<link name> (required): Specifies the aggregation from which you wish to removelinks.

show-aggr

This command displays aggregation information, LACP information, or statistics, eitherfor all aggregations or for a specified aggregation.By default, with no arguments, this command displays the following fields for allaggregations:

LINK: The name of the aggregation.

POLICY: The LACP policy of the aggregation.

ADDRPOLICY: Either auto, if the aggregation is configured to automatically configureits unicast MAC address (the default), or fixed, if -u was used to set a fixedMACaddress.

LACPACTIVITY: The LACP mode of the aggregation. Possible values are off,active, or passive, as set by the -L option for create-aggr or modify-aggr.

LACPTIMER: The LACP timer value, as set by the -T option for create-aggr ormodify-aggr. Possible values are short or long.

FLAGS: A set of state flags associated with the aggregation. Currently, no flags aresupported; therefore, this field should always be -----.

The show-aggr command supports the following arguments:



www.nexsan.com63

B


-L: Displays detailed LACP information for the aggregation link and each underlyingport. By default, with no additional arguments, it displays the following fields for eachaggregation and port:


PORT: The name of one of the underlying ports.

AGGREGATABLE: Whether or not the port can be added to an aggregation.

SYNC: If yes, the system considers the port to be synchronized as part of theaggregation.

COLL: If yes, collection of incoming frames is enabled on the associated port.

DIST: If yes, distribution of outgoing frames is enabled on the associated port.

DEFAULTED: If yes, the port has not received LACP data from the LACP partnerand is therefore using default partner information.

EXPIRED: If yes, the receive state of the port is EXPIRED.

-x: Displays additional aggregation information, including detailed information on eachunderlying port. This command displays the following fields for each aggregation andport:


PORT: The name of one of the underlying ports.

SPEED: The speed of the aggregation or port in megabits per second (Mbps).

DUPLEX: Displays the duplex setting (full or half) of the aggregation or port ifthe aggregation STATE is up. Displays unknown in all other cases.

STATE: The state of the aggregation. The possible values are up, down, orunknown.

ADDRESS: TheMAC address of the aggregation or port.

PORTSTATE: Displays the state of the individual port. The possible values areattached or standby.

-o <field>,...: A case-insensitive, comma-separated list of output fields todisplay. The field names must be taken from those listed above, or all to display allfields. The fields applicable to the -o option are limited to those listed under eachoutput mode. For instance, if -L is used, only the fields listed under -L can bespecified.

-p: Displays the command output in a stable, machine-parseable format. The -oargument is required when using -p.

-P: Displays the persistent aggregation configuration rather than the state of therunning system.

-s: Displays aggregation statistics.

-i: Used with -s, used to set an interval, in seconds, at which statistics should bedisplayed. If this argument is not used, statistics will be displayed only once.

<aggrname>: Used to indicate a specific aggregation for which to display information.

nic



B


rename-link

Used to rename a link. The first argument is the current link name. The second argumentis the new name you wish to assign to the link.

show-link

This command displays link configuration or statistics, for one or more data links (networkinterfaces).By default, with no arguments, this command displays the following fields for all datalinks:

LINK: The name of the data link.

CLASS: The class of the data link. The possible values are phys, which is a physicallink, or aggr, which is an aggregation. The show-phys command displays moredetailed information for physical links, and the show-aggr command displays moredetailed information for aggregations.

MTU: Themaximum transmission unit (frame) size for the link, in bytes.

STATE: The link state of the data link. Possible values are up, down, or unknown.

OVER: The physical link over which the data link is operating. This applies toaggregations.

The show-link command accepts the following arguments:-o <field>,...: A case-insensitive, comma-separated list of output fields todisplay. If the -s option is not used, the field names must be taken from those listedabove, or all to display all fields.


-P: Displays the persistent link configuration.

-s: Displays link statistics. The following fields are displayed by default:LINK: The name of the data link.

IPACKETS: The number of packets received on this link.

RBYTES: The number of bytes received on this link.

IERRORS: The number of input errors.

OPACKETS: The number of packets sent on this link.

OBYTES: The number of bytes sent on this link.

OERRORS: The number of output errors.

The -o option can be used to display specific fields.

-i: Used with -s, used to set an interval, in seconds, at which statistics should bedisplayed. If this argument is not used, statistics will be displayed only once.

<linkname>: Used to indicate a specific link for which to display information.

set-linkprop

This command is used to set one or more properties on the specified link. The list ofproperties and their values depends on the link type, the network device driver, and the



www.nexsan.com65

B


networking hardware. Use the show-linkprop command to display these properties.This command takes the following arguments:

-t: Specifies that the changes are temporary. Temporary changes last until thesystem is next rebooted.

-p <prop>=<value>[,...]: A comma-separated list of properties to set to thespecified values.

<linkname>: Used to specify the link for which you wish to set properties.

reset-linkprop

This command is used to reset one or more properties on a specified link to the value thatthey had at startup. If no properties are specified, all properties are reset. This commandtakes the following arguments:

-t: Specifies that the resets are temporary. Temporary resets last until the system isnext restarted.

-p <prop>[,...]: A comma-separated list of properties to reset.

<linkname>: Used to specify the link for which you wish to reset properties.

show-linkprop

This command is used to display the current or persistent values of one or more linkproperties, either for one data link or for all data links.By default, with no arguments, this command displays the current values of the followingfields for all properties on all data links:


PROPERTY: The name of the property.

PERM: The read/write permissions of the properties. Possible values are ro (read-only)or rw (read/write).

VALUE: The current property value. If the value is not set, it is displayed as --. If thevalue is unknown, it is displayed as ?.

DEFAULT: The default value of the property. If the property has no default value, it isdisplayed as --.

POSSIBLE: A comma-separated list of values that the property can have. If thepossible property values are unknown or unbounded, it is displayed as --.

The show-linkprop command accepts the following arguments:-o <field>,...: A case-insensitive, comma-separated list of fields to display. Thefield names must be taken from those listed above, or all to display all fields.

-c: Displays the command output in a stable, machine-parseable format. The -oargument is required when using -c.

-P: Displays persistent link property information instead of current values.

-p prop<[,...]>: A comma-separated list of properties to show.

<linkname>: Used to specify a link for which to display properties.

show-phys

nic



B


This command allows you to display information about the device and attributes of aspecified physical link or of all physical links.By default, with no arguments, this command displays the following fields:


MEDIA: Themedia type provided by the physical data link.

STATE: The state of the physical link. Possible values are up, down, or unknown.

SPEED: The current speed of the link in megabits per second (Mbps).

DUPLEX: For Ethernet links, displays the duplex setting (full or half) of the physicallink if the link STATE is up. Displays unknown in all other cases.

DEVICE: The name of the physical device under this link.

The show-phys command takes the following arguments:-H: Displays hardware resource usage as returned by the network interface card (NIC)driver. The following fields are displayed by default:

LINK: A physical device corresponding to a NIC driver.

GROUP: A collection of RINGS.

GROUPTYPE: Receive (RX) or transmit (TX). All RINGS in a GROUP are of the sametype.

RINGS: A hardware resource used by a data link, subject to assignment by a driverto different GROUPs.

CLIENTS: MAC clients that are using the RINGS within a GROUP.

-o <field>[,...]: A case-insensitive, comma-separated list of output fields todisplay. The field names must be taken from those listed above, or all to display allfields. The fields applicable to the -o option are limited to those listed under eachoutput mode. For instance, if -H is used, only the fields listed under -H can bespecified.


-P: Displays the persistent configuration for all links, including those that have beenremoved from the system. When -P is specified, an additional field, FLAGS, isdisplayed. If a link has FLAGS value of r, it means the physical device associated witha physical link has been removed.

<physlinkname>: Used to specify a physical link for which you wish to displayinformation.

show-usage

This command is used to display historical network usage from a stored extendedaccounting file. The default output is the summary of network usage for all current links forthe entire period for which extended accounting is available. This command takes thefollowing arguments:

-a: Displays all network usage during the period for which extended accounting isavailable, including usage for links that are no longer present.



www.nexsan.com67

B


-f <filename>: The name of the file from which to read the extended accountingrecords of network usage.

-p <plotfile>: Writes the network usage data to a file of the format specified by -F, which is required.

-F <format>: Specifies the format of the plot file defined by -p. Currently, gnuplotis the only supported format.

-s <time>: The time, in DD/MM/YYYY,HH:MM:SS format, from which to beginretrieving network usage data from the extended accounting records. If -s is notspecified, retrieval begins at the earliest time for which data is available.

-e <time>: The time, in DD/MM/YYYY,HH:MM:SS format, at which to stopretrieving network usage data from the extended accounting records. If -e is notspecified, retrieval continues through themost recent available data.

<linkname>: Used to specify a particular link for which to retrieve network usagedata. If no link is specified, this command retrieves network usage data for all links.

create-vlan [-f] -l <link> -v <vid> [link]

This command creates a virtual LAN with an ID (that is not currently used); for example,nx2, nx3, etc. VLANs are isolated networks that are configured through switches orrouter devices. All VLANs created will use the same physical port as nx0. You can createas many VLANs as you want.Note: The nic create-vlan commandmust be run on both nodes.All packets going over the new interface that you created with create-vlan will betagged with the ID specified with -v.Note: nx0 and nx1 are always untagged by default; youmust untag them on the switchmanually.After creating a VLAN, the new virtual interface displays when you run the setipcommand. Youmust enter the IP addresses, as needed, to configure the VLAN.This command takes the following arguments:

-f: Forces the creation of the VLAN link. Some devices do not allow frame sizes largeenough to include a VLAN header. When creating a VLAN link over such a device, the -f option is needed, and theMTU of the IP interfaces on the resulting VLAN must be setto 1496 instead of 1500.

-l: Specifies the link over which the VLAN is created (for example, nx0).

-v: Specifies the virtual ID of the VLAN.

link: Name of the VLAN link (for example, nx1).

delete-vlan <link>

This command deletes the specified VLAN.

show-vlan [-pP] [-o <field>,..] [<link>]

This command displays the VLAN configuration for all VLAN links or for the specifiedVLAN link.This command accepts these arguments:

nic



B


-p: Displays output using a stable machine-parseable format. Youmust use it with the-o option. The output format is one or more lines of colon (:) delimited fields. The fieldsdisplayed are specific to the sub-command used and are listed under the entry for the -o option for a given sub-command. Output includes only those fields requested bymeans of the -o option, in the order requested. When you request multiple fields, anyliteral colon characters are escaped by a backslash (\) before being output. Similarly,literal backslash characters will also be escaped (\\).

-P: Displays the persistent VLAN configuration rather than the state of the runningsystem.

-o: Displays a case-insensitive, comma-separated list of output fields. The field namemust be one of the fields listed below, or the special value all, to display all fields. Foreach VLAN link, the following fields can be displayed:


vid: ID associated with the VLAN.

over: Name of the physical link over which this VLAN is configured.

flags: Set of flags associated with the VLAN link. Possible flags are f (the VLANwas created using the -f option to create-vlan), and i (the VLAN was implicitlycreated when the DLPI link was opened. These VLAN links are automaticallydeleted on last close of the DLPI link).


Example 1 Wedisplay the CLASS, MTU, and STATE of the nx0 network interface.

nic show-link -o class,mtu,state nx0

CLASS MTU STATE

aggr 1500 up

Example 2 Weadd an additional port, igb6, to the secondary network interface, nx1 by running thiscommand on both nodes:nic add-aggr -l igb6 nx1

Then, it is recommended to verify that the link layer configuration is identical on bothnodes:nic show-link

Example 3 Wedelete a secondary network interface, nx1, by running this command on both nodes:nic delete-aggr nx1

Then, it is recommended to verify that the link layer configuration is identical on bothnodes:nic show-link

Example 4 We create a VLAN called nx2 to which we assign tag 397. nx2will use the nx0 link, andwill send tagged packets with a vlan ID of 397 so the switch will know that tagged packetsof 397will go to VLAN 397.On Controller 1:create-vlan -l nx0 -v 397 nx2



www.nexsan.com69

B


OnController 2:create-vlan -l nx0 -v 397 nx2

Then, we configure the VLAN by assigning a new subnet and set of IP addresses to thenew interface using the setip command. This commandwill open Unity networkconfiguration utility.setip

nfs► To run this command:1. Access the CLI command shell.


3. Press Enter.

Description This command allows you to change or set the NFS version 4 (NFSv4) domain on Unity,and also set the maximum version for NFS, either 3 or 4.Notes:

NFSv3 uses UID/GID based permissions mapping. This means users must have thesame UID/GID on both the client and Unity.

NSFv4 uses name-based permissions mapping. This means users must have thesame name on both the client and Unity.

Controller Run this command on either controller.

Syntax nfs

[domain show | set <domain name>]

[maxversion show | set {3 | 4}]

Options domain

This option allows you to show or set the NFS domain on Unity.Specifying show displays the current domain.

Specifying set and a <domain name> sets the domain name to the specified value.

maxversion

This options allows you to show or set themaximum version for NFS.Specifying show displays the current maximum version.

Specifying set and either 3 or 4 sets themaximum version to the value entered.

Example nfs maxversion show

=4

nfs



B


nstusermaps► To run this command:1. Access the CLI command shell.


3. Press Enter.

Description This command allows you tomap local users toMicrosoft Active Directory users.

Controller Run this command on both controllers for changes to take effect.

Syntax nstusermaps

[-f <command file>]

[add [-d] <name 1> <name 2>...

[dump [-n] [-v]

[export [-f <file name>] <format>]

[flush [-a]]

[get-namemap <name>]

[help]

[import [-F] [-f <file name>] <format>]

[list]

[remove [-a] | [-f|-t <name>] | [-d <name 1> <name2>...]]

[set-namemap [-a <authentication method>] [-D <bind DN>][-j <password file>] <name 1> <name 2>

[show [-c] [-v] identity <target type>]

[unset-namemap [-a <authentication method>] [-D <bind DN>][-j <password file>]

Options [-f <command file>]

This option reads and executes sub-commands from the specified command file. Thenstusermaps -f command reads from standard input.

add [-d] <name 1> <name 2>

This command creates amapping to the corresponding user or group account in theMicrosoft Active Directory domain.nstusermaps add -d <[email protected]> <unixusername>

dump [-n] [-v]

This command displays identity mapping information for users and groups existing onUnity. It show the user or group SID (security ID) and the corresponding GID and UID.

-n displays theWindows groupmaps.

-v displays Windows group security IDs (SID) and their corresponding GIDs.

export [-f <file name>] <format>



www.nexsan.com71

B


This command exports user maps to the specified file and format.

flush [-a]

Flushes the identity mapping cache so that futuremapping requests will be fullyprocessed based on the current rules and directory information. This is a non-disruptiveoperation. A rule change automatically flushes the cache; this manual operation can beused to force newly changed directory information to take effect.

get-namemap <name>

This option displays the directory-based namemapping information from the specifiedname. The name can be a AD or native LDAP user or group object.

help

This command displays the help for the nstusermaps command.

import [-F] [-f <file name>] <format>

This command imports user maps from the specified file and format. The -f file optionreads the rules from the specified file. The -F option flushes existing name-basedmapping rules before adding new ones.

list

This command displays existing user idmaps. If there is no idmap, there is no output.

remove [-a] | [-f|-t <name>] | [-d <[email protected]><unixusername>]

This command removes amapping from the corresponding user or group account in theMicrosoft Active Directory domain. Use -a to remove all mapping information.

set-namemap [-a <authentication method>] [-D <bind DN>] [-j<password file>] <windowsusername> <unixusername>

This option sets namemapping information in the AD or native LDAP user or group object.You can use these arguments with set-namemap:

-a specifies the authenticationmethod whenmodifying native LDAP entry. The defaultvalue is sasl/GSSAPI.

-D uses the distinguished name to bind to the directory.

-j specifies the file containing the password for authentication to the directory.

show [-c] [-v] identity <target type>

This option shows the identity of type, target-type, that the specified namemaps to. If youdo not specify the target type, the non-diagonal mapping is shown. By default, it showsonly mappings that have been established already.

-c forces the evaluation of name-basedmapping configurations or the dynamicallocation of IDs.

-v shows how themapping was generated and also whether themapping was justgenerated or was retrieved from the cache.

unset-namemap [-a <authentication method>] [-D <bind DN>] [-j<password file>]

nstusermaps



B


This option unsets directory-based namemapping information from the specified nameand optional target type. The name can be AD or native LDAP user or group object.

Example 1 Wemap Bob Summer's Microsoft Active Directory domain account to the accountcreated for Bob on Unitynstusermaps add winuser:<[email protected]> unixuser:<bsummers>

Example 2 Wedisplay user maps to view GIDs and UIDs.nstusermaps dump

usid:S-1-5-21-3198797834-3143126336-2597567724-501 ==gid:2147483789

usid:S-1-5-21-3198797834-3143126336-2597567724-501 ==uid:2147483649

gsid:S-1-5-21-3198797834-3143126336-2597567724-513 ==gid:2147483650

gsid:S-1-5-2 == gid:2147483651

Example 3 Wedisplay Windows groupGID and UID.nstusermaps dump -n

wingroup:Domain Users@ES260786-176-01 == gid:2147483650

wingroup:Network == gid:2147483651

wingroup:Guests@BUILTIN == gid:2147483652

winuser:[email protected] == gid:2147483790

winuser:Guest@ES260786-176-01 == uid:2147483649

Example 4 Wedisplay Windows group security IDs (SID) and their corresponding GIDs.nstusermaps dump -v

gsid:S-1-5-21-3198797834-3143126336-2597567724-513 ==gid:2147483650

Method: Ephemeral

gsid:S-1-5-2 == gid:2147483651

Method: Ephemeral

gsid:S-1-5-32-546 == gid:2147483652

Method: Ephemeral

usid:S-1-5-21-3198797834-3143126336-2597567724-501 ==gid:2147483790

Method: Ephemeral

usid:S-1-5-21-3198797834-3143126336-2597567724-501 ==uid:2147483649

Method: Ephemeral



www.nexsan.com73

B


setip► To run this command:1. Access the CLI command shell.


3. Press Enter.

Description This command displays the Unity network configuration utility, where you can modifynetwork settings for the management interface (nx99) and the primary data networkinterface (nx0), or configure IP addresses for a new network interface.1. Type the network settings in each of the corresponding fields; use the Tab key to

navigate between fields.

2. When finished, tab to the <Validate> option and press Enter. Unity validates the newor updated network settings.

3. Once the validation process completes, tab to the <OK> option and press Enter toapply the network settings to the system.

Controller You can run this command on any controller.

Syntax setip

Options None

Example

useradd► To run this command:1. Access the CLI command shell.


3. Press Enter.

setip



B


Description This command allows you to add local user accounts on Unity that correspond toMicrosoft Active Directory domain accounts in an environment with both Linux/UNIX andWindows clients. The user accounts can then access NFS shares.Youmust perform additional steps depending on whether you are using a NFSv3 orNFSv4 client to access sharesYou can also use this command to add local user accounts if you are using NexsanUnityTM authentication.Note: No output gets displayed, except in the case of error.

Controller You can run this command on any controller.

Syntax useradd -u <UID> <name>

Options UID

This parameter specifies the user identification.You cannot use these UID numbers because they are reserved:

0 to 101

60001

60002

65534

90000 to 90050

If there are conflicting IDs, please contact Nexsan Technical Support.

name

This parameter specifies the user name.

Example Weadd user Bob as local account with a UID of 300.useradd -u 300 Bob



www.nexsan.com75

B


Terminology10

10Gb EthernetA 10 gigabit per second (Gb/s) Ethernet connection using either fiber-optic cables or twisted-pair copper wires.

10Gb iSCSIAn iSCSI connection that runs on a 10Gb Ethernet network.

AAccess methodsUnity supports both Read-only anonymous access and Read/Write anonymous access to file systems:

Read-only anonymous access gives all users on the network Read access to the datacontained in a file system, including the ability to display and traverse folders and read thecontents of files.

Read/Write anonymous access gives all users on the network Write access to the datacontained in a file system, including the ability to delete and create folders and files andchange the contents of files.

From the perspective of aWindow-based (CIFS) system, if you enable Read-only anonymous access and/orRead/Write anonymous access to a file system, theEveryone account inWindows is granted access to thefile system; this means that all users on the network have either Read or Read/Write access to the filesystem, depending on the setting you specify in Unity.From the perspective of a UNIX/Linux-based (NFS) system, if you enable Read-only anonymous accessand/or Read/Write anonymous access to a file system, all user accounts on the UNIX/Linux system aregranted access to the file system.See Step 2: Configuring the access method on page 1 andModifying a file system’s sharingmethod onpage 1.

Active/Active ClusteringThe Unity has built-in Active/Active Clustering capability, whereby both controller nodes on the Unity operatein activemode—that is, both controllers can actively serve data in parallel—in addition to providing fullredundancy in the event that one of the controller nodes fails. The Unity’s Active/Active Clusteringconfiguration provides both high-availability and load balancing for your Nexsan storage infrastructure.For details and examples of Active/Active clustering, see Clustering on page 1.

Active DirectoryMicrosoft Active Directory® is a directory service that stores directory information on a network andmakesthis information available to network users and administrators. AD stores information about user accounts,such as names, passwords, phone numbers, and so on, and enables other authorized users on the samenetwork to access this information.See Joining a domain using on page 1.

useradd



B


Active nodeThis refers to the controller node currently hosting the SystemManagement component, which includescluster- and system-related services on Unity. In reality, both controller nodes on Unity operate in activemode, but only one controller can host cluster- and system-related services at any given time.For example, when you need to perform routine or emergency maintenance on the active controller node—youcan transition, or move, the SystemManagement component to the passive controller node in Unity, making itactive.See Clustering overview on page 1.

Anti-static wrist-strapAn antistatic device used to prevent electrostatic discharge (ESD) by safely grounding a person working onelectronic equipment. Also called an ESD strap or a grounding bracelet.

APAL(All Ports / All LUNs) Feature used in a dual-controller, active-active cluster to provide high-availability1during failover on Unity. All LUNs can be accessed through all Fibre Channel ports. This feature also providesload balancing across the two controllers, thus improving the overall performance of the cluster.Each controller hosts a set of LUNs, which can be accessed through the controller’s Fibre Channel ports andiSCSI connections. The direct connection between the controller managing the LUNs and the host is referredto as theOptimized Path.Chassis inter-connectivity provides uninterrupted access to the LUNs hosted by each controller. The directconnection between the controller managing the LUNs and the Fibre Channel host is referred to as theOptimized Path.TheAll Ports / All LUNs feature creates an additional access path from one controller to the set of LUNshosted by the other controller; this is referred to as theNon-Optimized Path. As a result, this feature providesuninterrupted access to the LUNs by usingmultipathing.APAL is supported on Unity 2000, Unity 4000, and Unity 6000. To view examples of All ports / All LUNsclustering, see Clustering on page 1 or Unity 6000 Clustering on page 1.

Asynchronous data replicationThe asynchronous data replication function provides off-site disaster recovery protection for the Unity. Itdelivers high-performance asynchronous replication of your data over both LAN andWAN networks, providingprotection from site-specific and regional disasters.The Unity’s asynchronous data replication function uses snapshot-based replication technology: when youinitiate data replication, the asynchronous data replication function takes a snapshot of the data on the primarysite and sends either the entire contents up to the snapshot to the secondary site—in the case of an initialdata replication; or, only the changes since the last replication—in the case of an incremental update.Because the asynchronous data replication function takes a snapshot of the source data (on the primarysystem), the data always remains accessible to clients during replication. Additionally, the asynchronous datareplication function keeps track of data transfers during replication by checkpointing the data stream. If data

1(Network Basic Input/Output System) API that allows applications on separatecomputers to communicate over a local area network. NetBIOS offers 3 services: Nameservice (UDP port 137), Datagram distribution service (UDP port 138). and Sessionservice (TCP port 139).

Terminology


www.nexsan.com77

B


replication is interrupted—due to a network disconnect issue—the asynchronous data replication functionautomatically restarts replication from themost recent checkpoint.The asynchronous data replication function includes features that reduce bandwidth consumption during datareplication, and consequently minimize the infrastructure cost of data replication and disaster recovery.Specifically, the asynchronous data replication function only replicates the data that changed since the lastreplication—which significantly reduces replication time and bandwidth requirements, particularly where onlysmall parts of large files change or where only file systemmetadata has changed on the primary site.

Authentication modeSeeUser authenticationmode.

Automatic replicationIn asynchronous replication, an automatic replication refers to a scheduled replication that occurs according toa schedule you define. You can configure a separate replication schedule for each storage pool on Unity.

BBitThe smallest unit of digital data, representing a 0 or a 1. Abbreviated “b”.

Boot DriveThe device from which a computer’s operating system is loaded. Typically, an internal hard disk drive (or oneof several partitions on such a drive) is used for this purpose, but any attached storage device—such as anoptical disc drive, a USB flash drive, a SATADom, or other attached storage—can be used.

Browsing snapshotsSee Snapshot browsing.

Browsing replicated datasetsYou browse a replicated file system in the sameway that you browse the source file system on the primaryUnity, except that the replicated file system is a read-only copy of the source file system (but with the samefile system-level access permissions as the source file system).In addition, the replicated file system exists only on the secondary site Unity; as a result, to browse thecontents of a replicated file system, youmust set up a CIFS or NFS mapping to the remote site from theWindows-based (CIFS) system and/or UNIX/Linux-based (NFS) system that you want to access thereplicated file system from; see Accessing an NFS share from UNIX/Linux on page 1.

CCHAPiSCSI initiators and targets prove their identity to each other using the Challenge Handshake AuthenticationProtocol (CHAP). You can use CHAP authentication to restrict iSCSI access to LUNs on Unity; only servers(initiators) that provide the correct user name and password (or secret) combination can connect to LUNs onUnity.Unity’s iSCSI implementation provides several layers of CHAP authentication. See Configuring andmanaging CHAP authentication on page 1.In addition to CHAP authentication, Unity provides LUN masking for added security; see .

useradd



B


CIFS(Common Internet File System) The protocol used inWindows environments for shared folders.

CIFS sharingSee Sharingmethods.

CLI(Command-line interface) A means of interaction between a human user and a computer program, or betweentwo programs, where the user (or client) passes commands in the form of a line of text to a computer program.The Nexsan Unity offers the nxadmin command-line interface. Abbreviated “CLI”.

ClusteringClustering configurations provide both high-availability and load balancing, using the Unity Storage System'sredundacy features, including dual controllers and RAIDs. See also Active/Active Clustering

Cluster ResourcesCluster resources represents the components of a cluster; these include:

Controller 1 and Controller 2

Pool Resource Group 1 and Pool Resource Group 2

SystemManagement

See Clustering overview on page 1.

ControllerCan also be referred to as Controller Node or Node.The controller in Unity acts as the interface between Unity and network clients. Unity has two controllernodes, for which you can configure both cluster and network settings.Controllers host Pool Resource Groups, which, in turn, are assigned storage pools. Typically, for loadbalancing, a controller hosts a single Pool Resource Group, although one controller can host both PoolResource Groups indefinitely, if needed. See Clustering on page 1.

DDHCP(Dynamic Host Configuration Protocol) A communication protocol that lets network administrators managecentrally and automate the assignment of Internet Protocol (IP) addresses in a network.

DIMMDual In-lineMemory Module. The type of random-access memory (RAM) that the Nexsan Unity uses.

Directory ServiceA directory service is the software system that stores, organizes and provides access to information in adirectory. A directory service called a naming service, maps the names of network resources to theirrespective network addresses. With the name service type of directory, a user does not have to remember thephysical address of a network resource; providing a namewill locate the resource. Each resource on the

Terminology


www.nexsan.com79

B


network is considered an object on the directory server. Information about a particular resource is stored asattributes of that object. Information within objects can bemade secure so that only users with the availablepermissions are able to access it.In LDAP, the name is called the Distinguished Name (DN) and is used to refer to a collection of attributes(relative distinguished names) whichmake up the name of a directory entry. See Connecting to an LDAPDirectory service on page 1.

DNS(Domain Name System) A program or computer server that implements a name-service protocol. It maps ahuman-recognizable identifier to a system-internal, often numeric, identification or addressing component(usually an IP address).

DRAM(Dynamic Random-Access Memory) type of random-access memory that stores each bit of data in a separatecapacitor within an integrated circuit. The capacitor can be either charged or discharged; these two states aretaken to represent the two values of a bit, conventionally called 0 and 1. Since even "nonconducting"transistors always leak a small amount, the capacitors will slowly discharge, and the information eventuallyfades unless the capacitor charge is refreshed periodically. Because of this refresh requirement, it is adynamic memory as opposed to static random access memory (SRAM) and other static types of memory.See FASTier.

EElectrostatic discharge (ESD)The sudden andmomentary electric current that flows between two objects at different electrical potentialscaused by direct contact or induced by an electrostatic field. Potentially harmful to electronic components.

EthernetA local area network (LAN) architecture using a bus or star topology and supporting data transfer rates of 10,100, and 1000Mbps. It is one of themost widely implemented LAN standards. The 802.11 protocols are oftenreferred to as “wireless Ethernet.”

Event logAll event messages generated by Unity (including those issued by a Nexsan storage device connectedexternally to the system) are logged to the event logs, which you can then retrieve and display in Unity’sEvent Viewer.The event logs provide a record of past events that have occurred on the system to help youmonitor Unity andits software and hardware components.The Unity records events in the event logs from these source components:

Nexsan Unity: these events are generated by Unity and its software components, includingUnity Clustering, Data Replication, and Snapshots functions.

Storage System: these events are generated by Nexsan storage systems attachedexternally to Unity (via SAS or Fibre Channel), if available, and logged to the event logs.

File System: these events are generated by the Unity operating system.

useradd



B


System: these events are generated by Unity for hardware faults on the system, such asfan, power supply, or disk failures.

All events logged in the event logs are categorized according to four severity levels (or event types):

Critical: designates a severe error that prevents a system component(s) from running. Acritical event may lead the system to an abort situation.

Error: designates an error event that may still allow any affected system component(s) tocontinue running. However, if left unattended, the error event may lead the system to anabort situation.

Warning: designates potentially harmful situations.

Information: designates informational messages that highlight the progress of Unity’ssoftware components, including Unity’s Clustering, Data Replication, and Snapshotsfunctions.

In addition to event logging, Unity also provides automated event notification in one of two forms:

An Email message, which the system sends through an SMTP server that you specify.

An SNMP trap, to notify a central Network Management Station (NMS) of any eventsgenerated by Unity.

See Event logging and notification on page 1.

Expandable storageSee Storage.

Expansion controllerA module of Nexsan expansion units that connects via SAS to a Nexsanmain Unity Storage Expansion’sController Node. Expansion units can be the Unity 5100X, , , and US 224X.

FFailoverThe capability of a system to switch over automatically to a redundant or standby system upon the failure orabnormal termination of the previously active system.Cluster failover: This refers to the act of transitioning, or moving, Pool Resource Groups or the SystemManagement component from one controller node to the other. This can be amanual process that you initiateif you want to shut down a controller for maintenance, or an automatic process initiated by Unity if a controllerfails.Site or pool failover: Typically, you use the failover function to transfer data and system operations to a remotesite in the event of an imminent hardware-related failure on the primary system, or if you want to performsystemmaintenance—for example, a hardware component upgrade or replacement—on the primary system.For disaster recovery, Unity data replication function provides a failover mechanism for your Unitydeployment that allows you to gracefully failover all your data and system operations on the primary Unity tothe corresponding remote Unity.The failover mechanism also includes a promote function that allows you to forcefully promote the remote siteto primary status in your Unity deployment in the event of a complete system failure—due to a catastrophicdisaster—on the primary site.

Terminology


www.nexsan.com81

B


FASTierNexsan’s proprietary cache system that uses SSD and SDRAM technology to increase random I/Operformance of SATA and SAS disk drives. Unity includes support for Nexsan’s FASTier cache devices. TheFASTier cachingmechanism enhances the performance of Unity by caching data to FASTier read, write, orread/write SSD and DRAM cache devices during read or write operations on the system. UnityFASTier cache devices accelerate read and/or write speeds for a storage pool:

FASTier read cache stores frequently-read chunks of data to accelerate read operations onthe system.

FASTier write cache accelerates synchronous write operations to disk.

FASTier read/write cache can be used for either read or write cache for the storage pool.

FCCThe Federal Communications Commission; the federal agency that regulates electromagnetic emissions.

Fibre ChannelA gigabit (Gb) speed network technology primarily used for storage networking and the current standardconnection type for storage area networks (SANs). Despite its name, Fibre Channel signaling can run on bothtwisted-pair copper wire and fiber-optic cables.

Fibre Channel portAny entity that actively communicates over a Fibre Channel network. Usually implemented in a device suchas disk storage or a Fibre Channel switch. Depending on the system, the Fibre Channel ports on NexsanUnity Storage Expansions can support 2Gb/s, 4Gb/s, or 8Gb/s connections.

Fibre Channel switchA network switch compatible with the Fibre Channel protocol. Allows the creation of a Fibre Channel network,which is currently the core component of most storage area networks (SANs).

FirmwareSoftware stored in read-only memory (ROM) or programmable ROM (PROM), therefore becoming apermanent part of a computing device.

Full ReplicationIn asynchronous replication, full replication refers to a replication operation that sends all the data on theprimary Unity to the remote Unity.Only the initial replication, when you first set up asynchronous data replication between two systems, is a fullreplication. All successive replications are incremental.

GGatewayAn Internet working system that joins together the different subnets of a network or two networks that usedifferent base protocols. A network gateway can be implemented completely in software, completely inhardware, or as a combination of both.

useradd



B


Gb(Gigabit) Approximately one billion (1,000,000,000) bits.

Gb/s(Gigabits (Gb) per second) Used to describe the speed of network data transmission.

Gigabit interface converterA standard for transceivers, commonly used with Gigabit (Gb) Ethernet and Fibre Channel, with a hot-swappable electrical interface. Gigabit interface converter ports can support a wide range of physical media,from copper to optical fiber, at lengths of hundreds of kilometers.

GroupGroups are logical expressions of organization, tying users together for a common purpose.For example, if you add a user to a group that has Read/Write permissions to a file system onUnity, the userautomatically inherits the group’s Read/Write permissions to that file system. By adding a user account to agroup, you can avoid having to grant the same access rights and file system-level permissions tomultipleusers one by one. Members of a group canmake the same types of changes to settings in Unity and have thesame access permissions to file systems.Becausemaintaining permissions for a group is easier thanmaintaining permissions for many user accounts,you generally will want to use groups tomanage access to resources in Unity. To assign access rights or filesystem-level permissions to a set of users, assign the permissions or access rights to a group and then grantmembership in the group to each of the users.

Note Unity only supports Microsoft Active Directory domain Security Groups; Distributiongroups are not supported becauseMicrosoft Windows does not allow setting file system-levelaccess permissions for Distribution groups.

In Unity, groups can be:

Microsoft Windows Active Directory domain or LDAP Directory service groups: Unity usesexistingMicrosoft Windows Active Directory domain or LDAP Directory service groupaccounts, and saves supplemental authorization settings on Unity. This allows you to giveaccess rights to log on to Unity and administer Unity to your Microsoft Windows ActiveDirectory domain or LDAP Directory service groups.

Local groups: All account information is created and saved locally on Unity.

You grant access rights to groups by assigning an administrative role to them in Unity; see Nexsan Unityroles and access rights on page 1 and Setting access rights on page 1.

GUI(Graphical user interface) A type of user interface that allows users to interact with electronic devices usingimages rather than text commands. Nexsan Unity Storage Expansions use a graphical user interface forsystem configuration.

HHBA port WWNHBA ports use a uniqueWorldWide Name (WWN), which is an 8-byte (64-bit) identifier in Fibre Channel,similar to that of MAC Addresses on a Network Interface Card (NIC).

Terminology


www.nexsan.com83

B


Unity automatically configures the Fibre Channel HBA ports in target mode. See Fibre Channel initator andAdding a LUN mask on page 1.

Hot spareDisks that you assign to the storage enclosure with the Storage Configurator. If a disk on the system fails,Unity automatically replaces the failed disk with the hot spare, allowing the system to continue operating.Depending on your RAID level and RAID sets selections, and the number of disks available on the system,youmay only be able to assign one disk as a hot spare.See Allocating new storage to the site on page 1 and Resetting the RAID configuration for storage on page 1.

HostA computer, server, or other device which accesses the file systems in a Nexsan Unity storage enclosure.The host can be connected to the storage system with a Fibre Channel, iSCSI, or SAS connection.

HTTPThe Hypertext Transfer Protocol is an application protocol for distributed, collaborative, hypermediainformation systems. HTTP is the foundation of data communication for theWorldWideWeb. Hypertext isstructured text that uses logical links (hyperlinks) between nodes containing text. HTTP is the protocol toexchange or transfer hypertext.

HTTPS(HTTP Secure) Communications protocol for secure communication over a computer network, with especiallywide deployment on the Internet. Technically, it is not a protocol in itself; rather, it is the result of simplylayering the Hypertext Transfer Protocol (HTTP) on top of the SSL/TLS protocol, thus adding the securitycapabilities of SSL/TLS to standard HTTP communications.

II/O(Input/Output) The communication between an information processing system (such as a computer or aNexsan storage system’s Controller Node), and the outside world (either an operator or another informationprocessing system).Inputs are the signals or data received by the system, and outputs are the signals or data sent from it.

IDMU(Microsoft Identity Management for UNIX) IDMU makes it easy to integrate users of Windows operatingsystems into existing UNIX environments. It provides manageability components that simplify networkadministration and account management across both platforms. IDMU allows you tomanage user accountsand passwords onWindows and UNIX systems using Network Information Service (NIS). IDMU also allowsyou to automatically synchronize passwords betweenWindows and UNIX operating systems.

Incremental replicationIn asynchronous replication, incremental replication refers to a replication operation that sends only the datathat changed since the last replication (whether that one was full or incremental).

useradd



B


InitiatorAn application or production system end-point that is capable of initiating an iSCSI session with an iSCSItarget, sending iSCSI commands and I/O requests. Initiators are also identified by unique addressingmethods. See also iSCSI target.

IP(Internet Protocol) The network layer for the TCP/IP protocol suite widely used on Ethernet networks.

IPMI(Intelligent Platform Management Interface) The IPMI interface allows you to perform administrative tasks toremotely manage Unity in the event that you are unable to connect to Unity using a conventional method:through Nexsan Unity or from the nxadmin CLI.Administrative tasks that you can perform through the IPMI interface include:

setting network settings for Unity;

viewing hardware-related error conditions;

launching a remote console session to Unity; and

performing other maintenance tasks on the system.

The Unity IPMI interface is provided as a web-used utility that you can access from a browser using the IPMIIP address. Before you can access Unity’s web-based IPMI interface, youmust first set an IPMI IP address,subnet mask, and a default gateway IP address for Unity in Unity; on a clustered system, youmust set aseparate IPMI IP address for each controller node.See Setting or modifying IPMI settings on page 28.

IQNAn IQN (iSCSI qualified name) is the unique identifier of a device in an iSCSI network. iSCSI uses the formiqn.date.authority:uniqueid for IQNs. For example, the Unity uses this IQN to identify iSCSI targets:iqn.1999-02.com.nexsan:<site name>:<pool name>:<unique ID>

This name indicates that this is an iSCSI device from Nexsan, which was registered as a company inFebruary of 1999. The naming authority is simply the DNS name of the company reversed; in this case,com.nexsan. Following this is the site name, the storage pool namewhere the target exists, and a user-defined unique ID to identify the target.

iSCSIAn abbreviation for Internet Small Computer System Interface, is an Internet Protocol (IP)-based storagenetworking standard that facilitates SCSI-based storage commands to be sent over network structures, suchas a LAN or VPN.

iSCSI targetA storage system end-point on Unity that processes iSCSI commands and I/O requests from an initiator.Each storage pool on Unity can have one, or multiple, iSCSI targets, with amaximum of 256 targets perstorage pool (0 to 255). In turn, each target can have amaximum of 256 LUNs (0 to 255). Each target on Unityis identified by a unique addressingmethod (IQN).A LUN is essentially a block of storage that you add to a storage pool on Unity, and then present to clientsystems (initiators) on the network through a target. For example, usingMicrosoft’s iSCSI Software Initiator,

Terminology


www.nexsan.com85

B


aWindows-based client system on the network sees a LUN, presented through an iSCSI target on Unity, as alocally attached hard disk. In reality, the hard disk that theWindows client sees is a block of storage—or,more specifically, a LUN—which exists on Unity.Because the disk space is virtual, there is no need to add additional hardware to the (Windows) client systemas the LUN is administered through a common network infrastructure. The (Windows) client can then create afile system on the iSCSI target—reading and writing data as if it were on a local disk. In addition, Windowsserver applications, such as Microsoft Exchange andMicrosoft SQL Server, can operate using iSCSI targetson Unity as data repositories. See LUNs on page 1 and iSCSI Functions on page 1.

iSCSI target public aliasThis is a symbolic name that you can assign to a iSCSI target on Unity. The public alias is seen by someiSCSI initiators; it can help you identify the target.The public alias for a storage pool’s default target—that is, the target that Unity creates for a storage poolwhen you first add a LUN to the storage pool—is the pool name. You can change a target’s public alias at anytime.

iSNSThe Internet Storage NameService (iSNS) protocol is designed to facilitate the automated discovery,management, and configuration of iSCSI devices on a TCP/IP network. You can configure iSCSI targets onUnity to use an iSNS server.An iSNS server provides a central management point for LUNs on Unity bydynamically maintaining up-to-date information about their corresponding iSCSI target names.An iSNS servermust already be set up and available on the network in order for Unity to access it.For steps to add an iSNS server, see Adding an iSNS server on page 1.

JJumbo FramesA jumbo frame is essentially an Ethernet frame that is larger than 1,518 bytes. When the frame is 1,518 bytes,theMTU (or payload—not frames) on the Unity is actually 1500 bytes. For the Unity, gigabit Ethernet supportsamaximumMTU (payload) of 9,000 bytes. You will notice the greatest benefit from enabling jumbo frameswhen you transfer large files across your network: since fewer frames are needed to carry the same amount ofdata, transfer speeds go up and CPU utilization goes down.Every device in the path of the file transfer—all your switches (starting with the one in the router), your clientsthat access data on Unity, and Unity, itself—must all have jumbo frames enabled. In addition, each devicemust be capable of passing the same size jumbo frames.See Enabling jumbo frames using on page 1 and Enabling jumbo frames using themenu-driven nxadmin CLIon page 28.

LLACP(Link Aggregation Control Protocol) allows multiple individual Ethernet links to be aggregated together to forma single logical channel. LACP allows a network device to negotiate an automatic bundling of links by sendingLACP packets to the peer (directly connected device that also implements LACP).See LACP (Link Aggregation Control Protocol) on page 23.

useradd



B


LAN(Local area network) A computer network that links devices within a small geographic area, such as a buildingor group of adjacent buildings.

LDAP(Lightweight Directory Access Protocol) LDAP is a protocol used to communicate with a directory service. Itdefines operations to refer to an entity in the directory, to describe the attributes of an entity, and the securityfeatures that can be used to authenticate to the directory and control access to the entities within thedirectory. The protocol is carried directly over TCP for connection-oriented transport (receipt of data isacknowledged) and User Datagram Protocol (UDP) for connectionless transport (no acknowledgment uponsending or receiving data).

LED(Light Emitting Diode) LEDs are used for indicator lights on the front and back of Nexsan Unity StorageExpansions.

LUNA LUN is a term used to describe a block of storage on the Unity. Uniquely numbered, this creates what isreferred to as a Logical Unit Number, or LUN.Unity can contain up to amaximum of 255 LUNs per target.LUNs can be exposed over iSCSI. When associated with an iSCSI target on Unity, a LUN forms a uniqueiSCSI block device that can be accessed by one or more iSCSI initiators.See LUNs on page 1.

LUN IDThe LUN ID is a number used to identify a LUN—from 0 to 254. Each LUN associated to the same target andthe same initiators must have a unique LUN ID. However, if you associate each LUN to a different target or todifferent initiators (even if they are part of the same target), there is no need for the LUN IDs to be different.See Adding a LUN on page 1 and Adding a LUN mask on page 1.

MManagement target (mgmt)Each storage pool on Unity has aManagement target (mgmt) assigned to it by the system, by default. Themanagement target allows a VSS (Volume Snapshot Service or Volume Shadow Copy Service) host to createandmanipulate shadow copies (point-in-time snapshots) of the data in LUNs on Unity.The VSS host connects to a storage pool’s Management target via iSCSI to view, create, andmanagesnapshots of the LUNs in the storage pool. You can assign a CHAP (Challenge Handshake AuthenticationProtocol) user to theManagement target to restrict access to LUN snapshots in a storage pool, to specificVSS hosts.

Manual replicationIn asynchronous replication, amanual, replication is a replication process that you start manually on a storagepool. With offline replication, you can replicate the data in the storage pool to the remote site, or to a USBstorage device attached to the primary site. Same as Offline replication.

Terminology


www.nexsan.com87

B


Mb(Megabit) Approximately onemillion (1,000,000) bits.

Mb/s(Megabits per second) Used to describe the speed of network data transmission.

Microsoft Volume Shadow Copy ServiceMicrosoft Volume Shadow Copy (also referred to as Volume Snapshot Service, Volume Shadow CopyService, or VSS), is a technology included inMicrosoft Windows that allows you to takemanual or automaticbackup copies or snapshots of data.If the Unity is joined to aMicrosoft Active Directory domain, Unity automatically exposes all the snapshots foreach file system/LUN on the Unity to Microsoft Windows (CIFS) clients that access the file system/LUNs—provided theWindows client computers support Microsoft VSS.You can then useMicrosoft VSS on theWindows client computers to restore previous versions of files andfolders from a snapshot of a file system/LUN, or roll back a file system/LUN to a specific point-in-timesnapshot.

Move a storage poolThis refers to the act of moving, or transitioning, a storage pool from one Pool Resource Group to the other.You should only perform this action if you need to rebalance the I/O load on the system, since this changesthe virtual end point through which end users and client systems access the data in the storage pool.When youmove a storage pool from one Pool Resource Group to the other, the data sets (file systems and/oriSCSI LUNs) in the storage pool are no longer accessible through the virtual IP address of the Pool ResourceGroup that the storage pool was previously assigned to. You will need to change all file system and iSCSILUN mappings on client systems to reflect the virtual IP address of the Pool Resource Group to which thestorage pool is currently assigned.SeeMoving a storage pool on page 1.

MPIOMultipathing I/O is designed to providemultiple paths to SAN storage. It provides connection failover and loadbalancing benefits to strengthen the stability of a network storage environment.

Multi-siteUnity allows you tomanage any number of sites within a single instance of Unity. Every Unity site has its ownset of resources independent from other sites. This functionality provides a global point of control formanaging your Nexsan storage infrastructure across multiple geographic locations.When configuring a site that is the primary site of a replicated site, its replicated counterpart is automaticallyadded as well. The same applies when the site is a secondary site.Likewise, disconnecting a site that is part of a replicated pair also disconnects the replicated site.See Understandingmulti-site implementation on page 1.

useradd



B


NNAS(Network-attached storage) File-level computer data storage connected to a computer network providing dataaccess to clients on the network. Network-attached storage uses specialized hardware, software, or both,and is often a specialized device built from the ground up for storing and serving files.

NIS(Network Information Service) One of the three UNIX directory services supported by Unity. NIS is a client–server directory service protocol for distributing system configuration data such as user and host namesbetween computers in a UNIX network environment. It was originally called Yellow Pages or YP. A NIS/YPsystemmaintains and distributes a central directory of user and group information, host names, e-mail aliasesand other text-based tables of information in a computer network.

NDMP(Network DataManagement Protocol) Open standard protocol used to transport data between networkattached storage (NAS) devices and backup devices. This removes the need for transporting the data throughthe backup server itself, thus enhancing speed and removing load from the backup server. It enables backupvendors and NAS storage vendors to work together without creating specific ports for each vendor andstorage array in addition to allowing storage array vendors to have their arrays backup-ready without installingextra backup client software.Unitys include a NDMP plug-in that allows you to back up data from Unity to an industry-standard backup andrestore solution that supports NDMP. The plug-in preserves all access rights for CIFS and NFS shares onUnity, and uses background snapshots for fast backups. See Setting NDMP configuration options on page 1.

NetBIOS(Network Basic Input/Output System) API that allows applications on separate computers to communicateover a local area network.NetBIOS offers 3 services:- Name service (UDP port 137)- Datagram distribution service (UDP port 138)- Session service (TCP port 139).

NestOSNestOS is an optimized embedded operating system that runs on Unity. If you do not have access to Unity,you can run CLI commands against the NestOS command shell from any client machine with network accessto Unity, or from a console connected directly to Unity via KVM.

NFS(Network File System) A protocol allowing a user on a client computer to access files over a network in amanner similar to how local storage is accessed. Used inmost UNIX environments for folder or devicesharing. File Systems on Unity support NFS sharing.

NFS sharingSee Sharingmethods.

Terminology


www.nexsan.com89

B


NFSv3(Network File System version 3) In Microsoft Active Directory environments, if you want to give an ActiveDirectory user and/or group access to an NFS share on Unity from aUNIX/Linux client machine, youmustfirst add a corresponding user or group account to Unity, with the sameUID (for user accounts) or GID (forgroup accounts) that the user/group account is assigned in theMicrosoft Active Directory domain. Then, youmust map the user or group account that you add to Unity to its corresponding user or group account in theMicrosoft Active Directory domain.Unity’s nxadmin CLI (Command Line Interface) provides a set of commands for adding user and/or groupaccounts with specific UIDs/GIDs to Unity, and thenmapping the accounts to their corresponding accountsin theMicrosoft Active Directory domain. For more information, see useradd, groupadd, and idmap in theCLI. See also Using an NFS version 3 (NFSv3) client to access an NFS share with Microsoft Active Directoryon page 48.

NFSv4(Network File System version 4) NSFv4 uses name-based permissions mapping. This means users musthave the same name on both the client and Unity. It also requires an NFSv4 Domain to be set. This must beidentical on both Unity and the client. To access an NFS share from anNFS version 4 (NFSv4) client, youmust perform specific configuration steps, see Using an NFS version 4 (NFSv4) client to access an NFSshare on page 48.

NMP(Network Management Protocol) Suite of network protocols that define the processes, procedures andpolicies for managing, monitoring andmaintaining a computer network. NMP conveys andmanages theoperations and communications performed on a computer network.

NodeSeeController.

NTP(Network Time Protocol) A protocol designed to synchronize the clocks of devices over a network. See Timeserver.

OOffline replicationIn asynchronous replication, an offline, or manual, replication is a replication process that you start manuallyon a storage pool. With offline replication, you can replicate the data in the storage pool to the remote Unity, orto a USB storage device attached to the primary Unity.

OU (Organizational Unit)A useful type of directory object that is contained within domains is the organizational unit (OU). OUs areActive Directory containers into which you can place users, groups, computers, and other OUs. AnOUcannot contain objects from other domains.AnOU is the smallest scope or unit to which you can assign Group Policy settings or delegate administrativeauthority. Using OUs, you can create containers within a domain that represent the hierarchical, logicalstructures in your organization. You can thenmanage the configuration and use of accounts and resourcesbased on your organizational model.

useradd



B


OUs can contain other OUs. You can extend a hierarchy of OUs as necessary tomodel your organization'shierarchy within a domain. Using OUs helps youminimize the number of domains that are required for yournetwork.You can useOUs to create an administrativemodel that you can scale to any size. A user can haveadministrative authority for all OUs in a domain or for a single OU. An administrator of an OU does not have tohave administrative authority for any other OUs in the domain.

PPassive nodeThis refers to the controller node that currently is NOT hosting the SystemManagement component, whichincludes cluster- and system-related services on the Unity.Although both controller nodes on Unity operate in activemode, only one controller can host cluster- andsystem-related services at any given time.For example, when you need to perform routine or emergency maintenance on the active controller node—youcan transition, or move, the SystemManagement component to the passive controller node in Unity, making itactive.See Clustering overview on page 1.

PCIe(Peripheral Component Interconnect Express) A computer expansion card standard designed to replace theolder Peripheral Component Interconnect (PCI), PCI-eXtended (PCI-X), and Accelerated Graphics Port(AGP) standards.

PeerAlso referred to as peer site, peer system, or replication peer. In asynchronous replication, a peer siterepresents an Unity that you set up data replication to/from.

PoolA storage pool is a user-defined virtual grouping of volumes available on the Unity. Pools allow you to organizeyour storage into logical groups; expose file systems as shares toWindows-based (CIFS) and/or UNIX/Linux-based (NFS) clients on the network; expose blocks of storage as LUNs to iSCSI initiators on the network; andreplicate all the data in the pool, or just a subset of it, for disaster recovery.Unity allows you to create as many storage pools as there are available volumes (RAID sets) on the system.If Unity has both internal storage and Nexsan Unity expansion unit(s) connected externally via SAS, you cancreate storage pools by combining volumes from both themain unit and the expansion unit(s)—provided theRAID level configurations are the same on both storage systems (or, enclosures).

Pool Resource GroupWhen you create a storage pool on the Unity, you assign it to one of the two Pool Resource Groups in thecluster. In turn, each Pool Resource Group, along with the storage pools assigned to it, is hosted on one of thetwo controller nodes on the Unity. By default, each controller node hosts a single Pool Resource Group. Thisconfiguration ensures a balanced load on the system.During the initial setup of Unity, you assign a virtual IP address to each Pool Resource Group. End users andclient systems on the network access their data (through file systems and/or iSCSI LUNs) in the storagepools using the corresponding Pool Resource Group’s virtual IP address. For more information about dataaccessibility through Pool Resource Groups, see Example of typical cluster implementation.

Terminology


www.nexsan.com91

B


SeeClustering overview on page 1

Primary siteSee Site.

PSU(Power supply unit) A module that regulates electrical power to the components of Nexsan Unity StorageExpansions.

Public aliasThis is a symbolic name that you can assign to a target on Unity. The public alias is seen by some iSCSIinitiators; it can help you identify the iSCSI target. The public alias for a storage pool’s default target is the poolname. You can change a target’s public alias at any time.

RRAID(Redundant Array of Independent Disks) A storagemethod in which data, along with information used for errorcorrection, such as parity buts or Hamming codes, is distributed among two or more hard disk drives in orderto improve performance and reliability.Unity supports RAID 5, RAID 6, and RAID 10. See Allocating new storage to the site on page 1 and Resettingthe RAID configuration for storage on page 1.

RAID 5RAID 5 provides redundancy by writing data and parity information across three or more drives, therebyincreasing performance. You need at least 3 disk drives for a RAID 5 implementation.RAID 5 can withstand a single disk failure without losing data or access to data. It is ideally suited fortransaction processing, database applications, file and print servers.

RAID 6RAID 6 is similar to RAID 5, but with better fault tolerance. RAID 6 stripes blocks of data and parity across anarray of drives like RAID 5, except that it calculates two sets of parity information for each parcel of data. Thissignificantly improves fault tolerance: RAID 6 can withstand the failure of any two drives in the array withoutlosing data or access to data.You need at least 4 disk drives for a RAID 6 implementation. RAID 6 is ideally suited for the sameapplications as RAID 5, but in situations where additional fault tolerance is required. We recommend addingNexsan FASTier cache devices to a RAID 6 implementation to improve write performance.

RAID 10RAID 10 provides very high performance and redundancy. Data is simultaneously mirrored and striped.RAID 10 can, under certain circumstances, support multiple drive failures. It is ideally suited for situationswhere both high performance and redundancy are important. RAID 10 implementation on Unity has someunique requirements; see Understanding performance limitations whenmixing volumes with different RAIDlevels on page 1.

useradd



B


RAM(Random-access memory) A memory chip that allows stored data to be accessed at any time in any order.Commonly used in computers as main operatingmemory. Values in random-access memory are oftenvolatile; information is lost if power is removed from themodule.

RemoteIn asynchronous replication, a remote or secondary site represents the system to which data from the primaryUnity is replicated.In a deployment where asynchronous replication is not implemented, a remote Unity represents a site that isbeingmanaged remotely from another Unity or site. See Site.

ReplicaIn asynchronous replication, a replica, or a storage pool’s replica, refers to the target storage pool that iscreated on the secondary Unity. The replica is an exact copy of its source storage pool on the primary Unity.Replicas can be promoted to full file systems, after which replication between the two storage pools is nolonger possible.

ReplicationReplication can be asynchronous or synchronous.Asynchronous data replication allows you to replicate data between two sites —a primary and a remoteUnity—over a LAN orWAN connection. See Asynchronous data replication.The synchronous data replication feature allows you to synchronously replicate a storage pool between twoNexsan E-Series systems connected to an Unity via SAS (or Fibre Channel). See Synchronous datareplication.

Rollback functionUnity allows you to roll back all the data in a file system/LUN to a specific point-in-time snapshot of the filesystem/LUN. The rollback function reverts a file system/LUN’s contents to what they were at the time thesnapshot was taken, including all file- and folder-level permission settings and file system/LUN-level accessattributes. This function also automatically deletes all snapshots that are newer than the snapshot that you rollback to, including snapshots that have browsing enabled.Unity provides the rollback function for extreme circumstances: for example, if all the data in a filesystem/LUN is corrupted and can no longer be recovered. The rollback function overwrites all the existingdata in the file system/LUN with the contents of the snapshot that you roll back to; any new data that wasadded after the snapshot is recorded, including updates to existing data, is lost during the rollback process.

ROM(Read-only memory) A memory chip that stores values but cannot be changed by normal programinstructions. Values in read-only memory are nonvolatile; they are retained even when the unit is powereddown.

SSAN(Storage area network) An architecture that provides for attachment of remote computer storage devices toservers in such a way that the devices appear as locally attached to the operating system.

Terminology


www.nexsan.com93

B


SAS(Serial Attached SCSI) A serial version of the SCSI interface. A point-to-point architecture that uses a diskcontroller with four or more channels that operate simultaneously. Each full-duplex channel, known as a SASport, transfers data at 1.5Gb/s, 3Gb/s, or 6Gb/s in each direction. SAS also supports Serial ATA (SATA)drives, which can bemixed with SAS drives in a variety of configurations.

SATA(Serial Advanced Technology Attachment) A connection standard for fixed and removable hard disk drives.

Scheduled replicationIn asynchronous replication, a scheduled replication refers to an automatic replication that occurs according toa schedule you define. You can configure a separate replication schedule for each storage pool on Unity.

ScrubbingThe Unity provides a disk scrubbingmechanism that checks the physical hard disks, which comprise thevolumes in a storage pool on the Unity, for read or write errors.The storage pool scrubbingmechanism scans a storage pool to identify data integrity problems. It sequentiallyreads all the data on the hard disks, as well as the data’s corresponding parity information, and rebuilds paritywherever needed. Performing routine scrubbing on a storage pool prevents parity errors and data corruption.You can enable/disable a pool scrub schedule on both the primary storage pool and on its replica on thesecondary Unity. By default, the scrub schedule is enabled on the replica.See Scrubbing a storage pool on page 1.

SCSISmall Computer System Interface. A collection of standards and proposed standards for input/output (I/O)communication, primarily intended for connecting storage subsystems or devices to hosts.

SecondaryIn asynchronous replication, a remote or secondary site represents the system to which data from the primaryUnity is replicated.In a deployment where asynchronous replication is not implemented, a remote Unity represents a site that isbeingmanaged remotely from another Unity or site.

SFP(Small Form-factor Pluggable) A type of gigabit interface converter (GBIC) in a compact form factor. The FibreChannel ports or 10Gb iSCSI ports on Nexsan storage devices are SFPs.

Shadow copySeeMicrosoft Volume Shadow Copy Service.

Sharing methodThese sharingmethods are available in Unity:CIFS sharingThe CIFS sharingmethod uses the Common Internet File Service (CIFS) protocol to expose a file system.Most operating systems, includingWindows, Linux, andOS X can connect via CIFS.

useradd



B


CIFS is also known as SMB. Unity supports CIFS (SMB) versions 1, 2, and 3.When you expose a file system using the CIFS sharingmethod, Unity emulates the file-serving functions of aWindows file server, including:

File manipulation (read, write, create, delete, move, and copy)

File locking and byte-range locking

File access control with support for the semantics of Windows NTFS ACLs; seeWindowsand UNIX Access Control Lists (ACLs)

File and directory attributes (read-only and archive)

NFS sharingThe NFS sharingmethod uses the Network File System (NFS) protocol to expose a file system toUNIX/Linux-based systems. NFS is used by UNIX/Linux-based platforms to file system files across thenetwork. Unity supports NFS version 3 (NFSv3) and NFS version 4 (NFSv4).When you expose a file system using the NFS sharingmethod, the Unity implements the file-servingfunctions of an NFS server, including:

File manipulation (read, write, link, create, and so on)

Directory manipulation (mkdir, readdir, lookup, and so on)

Byte-range file locking

UNIX-style ACL attributes (such as, rwx) for owner, group owner, and other; for moreinformation, seeWindows and UNIX Access Control Lists (ACLs)

File and directory attributes (sizes, access times, and so on)

Hard links and symbolic (soft) links

CIFS and NFS sharingSelecting both CIFS and NFS sharingmethods allows you to expose a file system toWindows andUNIX/Linux-based systems over both the CIFS and NFS protocols. This is calledmixed-mode operation.Although Unity integrates seamlessly in mixed environments, the CIFS and NFS protocols are quite differentand can present some challenges.File and folder name representation:

OnWindows, individual components of a file name—specifically, each folder along the path,and the final file name—are limited to 255 characters, and the total path length is limited toapproximately 32,000 characters.

On UNIX/Linux, individual components of a file name—specifically, each subdirectory alongthe path, and the final file name—are limited to 255 characters.

It is important to note that someWindows Applications, includingWindows Explorer will notlet you create a physical path (including folders and the final file name) greater than 255characters. However, Windows Explorer is able to browse a physical path (including foldersand the final file name) greater than 255 characters.

File names may contain any Unicode character. Windows 2003, Windows Vista, Windows2008, andWindows 7-based systems canmake full use of Unicode, but Windows 9x andNFS clients support only the Latin-1 version of extended ASCII.

File Locks in mixed-mode operation:

Terminology


www.nexsan.com95

B


When aCIFS client reads or writes to a file in a file system onUnity, it respects the locksthat both CIFS and/or NFS clients take out on the file.

In contrast, an NFS client only respects the locks taken out on a file by a CIFS client. NFSclients must therefore check for existing NFS locks with the Network Lock Manager (NLM)protocol used in UNIX/Linux environments. Unity supports bothmonitored and non-monitored NFS file locks.

To configure or modify the sharingmethod, see Step 2: Configuring the sharingmethod on page 1 andModifying a file system’s sharingmethod on page 1.To access an NFS share from anNFS version 4 (NFSv4) client, youmust perform specific configurationsteps, see Using an NFS version 4 (NFSv4) client to access an NFS share on page 48.To access an NFS share from NFS version 3, see Using an NFS version 3 (NFSv3) client to access an NFSshare with Microsoft Active Directory on page 48.

SiteA site—also referred to as the local site, active site, or primary site (in a replicated environment)—representsa geographic location that hosts a Unity. More specifically, a site can contain either:

a Unity with no external storage;

a Unity with one or multiple Nexsan storage systems connected to it (via Fibre Channel orSAS).

A remote site—also referred to as a secondary site or a replication site (in a replicated environment)—represents either:

a site that is designated as the data replication site for the local site;

a site that is beingmanaged remotely from the local site.

A site can be the primary site in a replicated environment and also perform double-duty as the remote datareplication site for another Unity.See Setting up the on page 1 and Understandingmulti-site implementation on page 1.

Site nameA site name allows you to assign a unique label to an Unity on the network. This label can then help youidentify the function and/or physical location of Unity. For example, Finance3rd can describe a Unity that isdesignated as a file server/data repository for financial and/or accounting data, and which is currently locatedon the 3rd floor.The site name is particularly useful in identifying sites in multi-site environments, where a single Unitysessionmanages multiple sites on the network (remote site management).See Step 2: Configuring the site information on page 1 andModifying the site name on page 1.

SMB(Server Message Block) CIFS—also referred to as SMB—is used by Windows-based systems to share filesand printers across the network. Use this sharingmethod if your environment consists mainly of Windows-based systems. See CIFS sharing.

useradd



B


SNMP(Simple Network Management Protocol) The SNMP agent included in Unity allows you to send SNMP trapsto a Network Management Station—such as, HP OpenView or CA Unicenter—when a Critical, Error, and/orWarning event is generated by a source component of Unity.See Setting up SNMP notification on page 1.

SMTP(SimpleMail Transfer Protocol) Nexsan Unity sends email notifications to the SMTP server, which thenroutes the email notifications to the recipients that you specify.See Configuring SMTP server settings for the site on page 1.

SnapshotA snapshot is a read-only copy of a file system/LUN at a specific point in time. Think of a snapshot as afrozen image of the data in a file system/LUN at the time the snapshot is recorded. You can use snapshots tomaintain a set of previous versions of all the files in a file system/LUN, which can serve as temporarybackups of your data.For example, if a set of files in a file system/LUN are accidentally (or maliciously) deleted or overwritten, youcan easily restore individual files from a snapshot of the file system/LUN by browsing the snapshot (andaccessing it from aWindows-based (CIFS) system and/or a UNIX/Linux-based (NFS) system). Or, if all thedata in a file system/LUN becomes corrupted, you can restore the data to a specific point-in-time snapshotusing the rollback function.Unity allows you to takemanual snapshots of a file system/LUN and also set a schedule for automaticsnapshots. You can create a separate snapshots schedule for each file system/LUN onUnity.The snapshot is created almost instantly, and initially consumes no additional disk space within the storagepool where the file system/LUN resides. When data within the file system/LUN changes—new data is addedor existing data is updated—the snapshot maintains a reference to the previous copy of the data, and Unityupdates the snapshot size accordingly. Unity protects the file’s original data blocks from being overwritten; itstores the new updates in a new location. Unity maintains records and pointers to keep track of the data andfile changes.This results in minimal disk space consumption and also allows for rapid recovery of data in case of a diskwrite error, a corrupted file, or a programmalfunction.

Snapshots browsingThe Unity provides amechanism that allows you to access a snapshot from aWindows-based system and/ora UNIX/Linux-based system and browse its contents—in the sameway that you access a file system or aLUN. A snapshot that you browse is a read-only copy of its parent file system/LUN and its contents mirror theparent file system/LUN’s contents at the time the snapshot is recorded.You can use Unity’s snapshot browsingmechanism to recover individual files from a snapshot in case thefiles are accidentally deleted or overwritten, or corrupted in the snapshot’s parent file system/LUN. Unitymaintains all of the parent file system/LUN’s access-level attributes with the snapshots to ensure anyrecovery is authorized. This means that you can safely authorize all users—that have access to the filesystem/LUN—to browse a snapshot and recover their own lost data from the snapshot.This also applies to replicated snapshots.

SSD(Solid State Disk) A high-performance storage device that contains nomoving parts.

Terminology


www.nexsan.com97

B


See FASTier.

SSL(Secure Sockets Layer) A commonly used protocol for transmitting private documents via the Internet. SSLworks by using a public key to encrypt data that is transferred over the SSL connection. The SSL protocolsecures the following data: I/O, serial port, and VSIP communication; it does not apply to audio and videotransmission.See Logging on to Unity on page 1.

Storage enclosureOnUnity, a storage enclosure can be a Nexsan external storage system: this refers to a Nexsan E-Seriesstorage system connected externally to Unity via a SAS add-on card (optional).

E18™ / E18V™ / E18VT™ (serial #)

E48™ / E48V™ / E48VT™ (serial #)

E60™ / E60V™ /E60VT™ (serial #)

Unity Storage Expansions that connect to the Nexsan E-Series:

E18X™/E18XV™ (serial #)



A storage enclosure can be internal storage: internal storage is composed of SAS disks drives installed inthe front bay of the Unity5100. The NST5100 includes 16 slots by default, with one slot typically used for aFASTier write cache device. The remaining slots can be used for 15 direct-attached, hot-swappable SASdrives.A storage enclosure can also be a Nexsan Unity Storage Expansion connected to the Unity via SAS:

The Nexsan US 224X™unit connects to the or via a SAS add-on card (optional).

All disk storage on Unity is represented as volumes.

Storage poolSee Pool.

SubnetA subnetwork, or subnet, is a logically visible subdivision of a TCP/IP network. All computers in a subnethave IP addresses with the same prefix. Addresses in the same subnet are reachable without going through arouter, and thus can be reached by broadcast.When connecting to Unity, the client computer must be on the same network and subnet as Unity.

Subnet maskA means of restricting IP addresses on a subnet to a specific range.

Synchronous data replicationThe synchronous data replication feature essentially mirrors all the data contained in a storage pool between asourceNexsan E-Series system and a target Nexsan E-Series system—both of which are connected to thesameUnity via SAS (or Fibre Channel). You designate the storage system to use as the source—that is, the

useradd



B


system onwhich you create the storage pool and store your data—and the target, where the source data ismirrored.Synchronous replication ensures that a copy of the data, which is identical to the source copy, is created atthe time the source copy is updated. An I/O-update operation is not considered done until completion isconfirmed on both the source and the target. An incomplete operation is rolled back on both the source andtarget, ensuring that the target is always an exact mirror image of the source.If either the source or target system fails for any reason, your users and applications can continue to accesstheir data on the storage system that is currently online. When you restore the second system, Unityautomatically reestablishes the synchronous link between the two systems.In addition, you can later promote themirror (storage pool) on the target system to an independent storage poolin your Unity deployment. Promoting themirror (storage pool) severs the synchronous link between the sourceandmirror and creates a second, independent copy of the storage pool—with both copies containing exactlythe same data.

SystemManagementThe SystemManagement component includes all system- and cluster-related services on Unity. You assignthe SystemManagement component themanagement virtual IP address during the initial setup of thesystem.Notes: You use themanagement virtual IP address to access Unity.The SystemManagement component is hosted only on one controller node in the cluster at any given time.This controller node is typically referred to as the active node, while the other controller is considered passive.In reality, both nodes are active, but only one controller node can host the cluster services.In a failover situation, where the active controller node—that is, the node currently hosting the SystemManagement component—fails, or needs to be shut down for maintenance, Unity automatically transitionsthe SystemManagement component to the passive controller, making it active.See Network interfaces and required IP addresses on page 13, Moving cluster resources on page 1,Restarting the cluster or individual controller nodes on page 1and Shutting down the cluster or individualcluster nodes on page 1

TTarget public aliasSee iSCSI target public alias.

TCP/IP(Transmission Control Protocol/Internet Protocol) The set of communications protocols used for the Internetand other similar networks. TCP provides reliable delivery of messages between networked computers. IPuses numeric IP addresses to join network segments.

Time serverUnity uses a time server, or NTP (Network Time Protocol) server, to synchronize its date and time with. Thisensures that the date and time settings on Unity are synchronized with the Active Directory or LDAP serveron the network—which, in turn, ensures accurate time for time stamps and log files, as well as networktransactions, such as, user authentication.If you do not specify a time server, Unity synchronizes its date and time with theMicrosoft Active Directoryserver or the LDAP Directory Server that it is connected to; the corresponding domain server MUST supportthis implementation.

Terminology


www.nexsan.com99

B


SeeModifying the time server on page 1.

Thin ProvisioningThin Provisioning allows you to dynamically allocate disk space to a client system (initiator) connected to theLUN onUnity. With Thin Provisioning, you can flexibly allocate disk space (on a LUN) to the client system(initiator), in order to expand the storage capacity available to the client system at anytime. Specifically, ThinProvisioning allows you to specify the size of the virtual volume that initiators on the network see when theyconnect to a LUN, irrespective of the actual space that you reserve for the LUN in the storage pool.The size of a LUN’s virtual volume is not constrained by the storage pool’s physical capacity; you can set anyreasonable value, provided you intend to fulfill the LUN’s virtual capacity with physical space, some time inthe near future. You can flexibly allocate disk space to the LUN, on an as needed basis, without the need toimmediately allocate physical storage.See Step 21: Setting the LUN name and block size on page 1.

UUserUsers can be either people (meaning accounts tied to physical users) or accounts which exist for specificapplications to use.Each user can be associated with multiple groups and automatically inherits their access rights and share-level permissions. All access rights and permissions are additive, whichmeans that a user inherits the sum ofaccess rights and permissions of all groups that the user belongs to. For example, if group A grants a certainright, you cannot revoke it in group B.In Unity, users can be:

Microsoft Windows Active Directory domain or LDAP Directory service users: Unity usesexistingMicrosoft Windows Active Directory domain or LDAP Directory service useraccounts, and saves supplemental authorization settings on Unity. This allows you to giveaccess rights to log on to Unity and administer Unity to your Microsoft Windows ActiveDirectory domain or LDAP Directory service users.

Local users: All account information is created and saved locally on Unity.

You grant access rights to users by assigning an administrative role to them in Unity; see Nexsan Unity rolesand access rights on page 1 and Setting access rights on page 1.

User authentication modeUnity supports threemodes for user authentication:

Microsoft Windows Active Directory domain

LDAP Directory service (in UNIX/Linux environments)

Unity authentication

With Unity authentication, a user enters a user name and password to log on to Unity, and Unity verifies thatthey match a user name and password stored locally on the Unity. With authentication through aMicrosoftWindows Active Directory domain or an LDAP Directory service, a user enters a user name and password inthe sameUnity login window and Unity checks theMicrosoft Windows Active Directory server or LDAPDirectory server for amatching user record.

useradd



B


Regardless of the type of authentication, Unity uses the information in your configuration to determine thetype of access that a user has to Unity—site-level or pool-level access—as well as the file system-levelaccess permissions that are granted to the user.See User authenticationmodes on page 44 and Understanding access rights on page 1.Benefits of Microsoft Windows Active Directory domain or an LDAP Directory service:

Convenient account setup: Your users can use the same login credentials to log on to Unitythat they use to log on to theMicrosoft Windows Active Directory domain or LDAP Directoryservice. This saves you the time and effort involved in creating individual user accounts andgroups in Unity.

Efficient access control: Unity allows you to configure the access rights to the file systemson Unity for each of your Microsoft Windows Active Directory domain or LDAP Directoryservice users or groups.

Robust security: Allows you to enforce the passwordmanagement policies that areimplemented in your corporate infrastructure.

Additional file systemmanagement features available with Microsoft Windows ActiveDirectory: When joining aMicrosoft Windows Active Directory domain, you can useMicrosoft’s Volume Shadow Copy function on yourWindows client machines to restoreprevious versions of files and folders from a snapshot of a file system, or roll back a filesystem to a specific point-in-time snapshot. Additionally, you can useMicrosoft’s Quotamanagement function to limit the amount of disk space used by individual users on a filesystem.

VVMware VAAIUnity includes a built-in VAAI (vStorage APIs for Array Integration) plugin to provide hardware acceleration onUnity when integrated into a VMware ESX/ESXi environment. VAAI hardware acceleration functionalityenables the VMware ESX/ESXi host to offload specific virtual machine and storagemanagement operationsto Unity. With storage hardware assistance, the VMware ESX/ESXi host performs these operations fasterand consumes less CPU, memory, and storage fabric bandwidth.The Unity supports these 4 VAAI primitives:

Full Copy

Block Zeroing

Block Unmap

Hardware assisted locking

See Enabling VMware VAAI hardware acceleration for a LUN on page 1.

VolumeA volume represents a virtual subset of the aggregated disk space available on Unity, or on a Nexsan E-Series connected externally to Unity via Fibre Channel or SAS, or an Nexsan Expansion unit connected toUnity via SAS.Nexsan Unity presents the disk space available on Unity, or on any Nexsan storage enclosure attachedexternally to Unity, as volumes. The total number of volumes available on Unity’s internal disk storage, as

Terminology


www.nexsan.com101

B


well as on storage systems attached externally to Unity, depends on the RAID level (5, 6, or 10) and RAIDsets that you specify during the site setup. All disk storage on Unity is represented as volumes.See Storage and Pool. See also Understanding performance limitations whenmixing volumes with differentRAID levels on page 1, and Resetting the RAID configuration for storage on page 1.

VSS Hardware Provider(Volume Shadow Service) Unity's VSS Hardware Provider enables a VSS host to create andmanipulateshadow copies (point-in-time snapshots) of the data in LUNs on Unity. The VSS Hardware Provider supportsWindows Volume Snapshot Service (or Volume Shadow Copy Service). The VSS Hardware Provider servesas the interface betweenWindows Volume Shadow Copy Service running on a host system and Unity.The Unity's VSS Hardware Provider serves as the interface betweenWindows Volume Shadow CopyService running on a host system and the Unity. Upon receiving instructions from a VSS host to create,mount, and restore snapshots, the VSS Hardware Provider sends the appropriate commands to the Unity andreturns the result of these commands to the host.The VSS Hardware Provider supports snapshot management for any Windows Server applications, such asMicrosoft SQL Server andMicrosoft Exchange, and also for LUNs hosted on external storage, such asNexsan E-Series or a Nexsan Unity Storage Expansion.The VSS Hardware Provider includes aWindows Shell extension that adds a Unity property page formanaging shadow copies on the VSS host. .Youmust install the VSS Hardware Provider on aWindows Server host, and then use the host’s initiator toconnect to a storage pool’s management iSCSI target for viewing, creating, andmanaging snapshots of theLUNs in the storage pool.

WWAN(Wide Area Network) A computer network that spans a relatively large geographical area. Typically, aWANconsists of two or more local area networks (LANs).

WizardA graphical user interface type that presents a user with a sequence of dialog boxes that lead the user througha series of well-defined steps.

useradd



B


Index

AAccess to the CallHome service 58Accessing

NFS shares 78ACLs 95Active Directory 21, 44, 53, 100

domain requirements 44ports 54time server 99

Active mode 23Active/Active clustering 76Adding local group accounts that

correspond to UNIX/Linux MicrosoftActive Directory domain accounts 60

Adding local user accounts 75Adding one or more links to an existing

aggregation 62All ports / All LUNs feature 77autolog 11Automatic collection and transfer of system

logs 11

BBenefits of authenticating users 101Browsing snapshots 78

Ccallhome 10-11, 58

hosts 59monitor 59ports 55sendlogs 59start 58

status 58stop 58test 59version 59

Changing the NFS version 4 (NFSv4)domain 70

CIFS 33CIFS ports 54CIFS shares 34CIFS sharing 34, 37, 39, 54, 76, 94Cisco WebEx 10CLI commands 57Collection of system logs 11Configuring advanced network settings 61Configuring IPMI settings 28Configuring LACP 24Configuring nx99 using nxadmin CLI 17Configuring nx99 using the Discovery

Wizard 15Configuring the NST appliance for multiple

VLANs 32Connectivity for remote support 10Considerations

Network 19Controller IP addresses 14

DData Replication 80Defining network settings 74Deleting a link aggregration 62Displaying historical network usage 67Displaying information about the device and

attributes of a physical link 66Displaying link aggregation information 63Displaying link configuration or statistics 65Displaying the current or persistent values

of one or more link properties 66Displaying the NST appliance network

configuration utility 74

Index


DNS alias 44DNS ports 54Dynamic TCP ports 53Dynamic UDP ports 53

EEnabling IPMI 28Enabling jumbo frames 28Enabling LACP 25Enabling LACP on the NST appliance 23Enabling the no_root_squash property on

an NFS file system 38Environment with both Linux/UNIX and

Windows clients 75Ethernet switches for LACP 24-25

FFaulty physical network link 22File locks 95File name representation 95Folder name representation 95FTP ports 53Full-Duplex 24

GGID 48, 60, 90Global catalog 44groupadd 48, 60

-g 60-o 61<group name> 61

Hhosts

callhome 59HTTP hosts 59HTTP ports 53HTTPS ports 53

IIDMU 48igb# 21Intersite Virtual IP address 14IP-based restrictions 33IP address requirements 14

IPMI 10IPMI console 24, 27-28IPMI settings 28iSCSI 21iSCSI ports 54iSNS ports 54ixgbe# 21

JJumbo frames 28

KKVM console 24

LLACP 23

configuring 24monitoring 25Requirements and guidelines 24Understanding link aggregation 24

LDAP 44, 53, 72, 100LDAP catalog 44LDAP ports 54LDAP server 99Limitations of network aggregation 21Link aggregation 21, 24, 61Link layers 20Load balancing 23

MManagement interface IP addresses 14Management Virtual IP address 14Managing

events 81Mapping local users to Microsoft Active

Directory users 71Menu-driven nxadmin CLI

Configure Share Access Lists 34, 36,38

Microsoft Active Directory 44, 48, 60, 71,75-76

Mirror pool 99Mixed mode operation 95Modifying a link aggregration 62Modifying network settings 74monitor

callhome 59Monitoring LACP 25

Index


MTU 29, 86

NNDMP 21NDMP ports 55NestOS Admin Menu

Shutdown and Reboot menu 28NestOS Shares Menu

Configure Share Access Lists 34, 36,38

NetBIOS ports 54Network aggregation 21Network considerations 19Network interfaces

link layers 20naming convention 20

Network issues 21Network ports 53Network Time Protocol (NTP) 44nfs 70

domain 70maxversion 70

NFS 21, 33NFS ports 53NFS shares 36, 75NFS sharing vii, 34, 36, 38, 47-48, 53, 57,

60, 75-76, 95NFSv3 48nic 61

add-aggr 62create-aggr 62delete-aggr 62modify-aggr 25, 62remove-aggr 63rename-link 65reset-linkprop 66set-linkprop 28, 65show-aggr 25, 63show-link 65show-linkprop 66show-phys 66show-usage 67

nic create-vlan 32nic show-link 20-21, 29nic show-phys 22NIS 53NMP ports 54No access 33No Internet access 10no_root_squash property 38Non-Optimized Path 77nstusermaps 48, 71

-f 71add 71dump 71export 71flush 72

get-namemap 72help 72import 72list 72remove 72set-namemap 72show 72unset-namemap 72

NTP ports 54nx# 20nx0 21, 25, 31-32, 74

IP addresses 14Network interface 13

nx1 25nx99 20, 32, 74

Configuration using using theDiscovery Wizard 15

Configuration using nxadmin CLI 17IP addresses 14Network interface 13

nxadmin CLI commands 57

Oon-board LAN1 port 13Optimized path 77

PPassive mode 23Peer site 91Permissions 54ping 29Pool resource group

Virtual IP address 15Ports 53private0 13, 20-21

RRead-only access 33Read-only anonymous access 76Read-write access 33Read/Write anonymous access 76Redundancy 23Remote support 10Removing one or more links from an

existing aggregation 63Renaming a link 65Replication ports 55Requirements and guidelines for

implementing LACP 24Resetting one or more properties on a

specified link 66


Index


Rollback function 93

SSecure remote support 10sendlog 11sendlogs

callhome 59setip 74Setting

quota 101Setting IP-based restrictions on a CIFS

share 34Setting IP-based restrictions on an NFS

share 36Setting one or more properties on the

specified link 65Setting the maximum version for NFS 70Setting the NFS version 4 (NFSv4)

domain 70Setting up the NST appliance for multiple

VLANs 32Share

Rollback function 93SHH hosts 59SMTP 13, 15, 17, 21, 81Snapshot

Rollback function 93SNMP 13, 15, 17, 55, 81SNMP ports 55SSH 10SSH ports 53start

callhome 58Starting the NST appliance network

configuration utility 74status

callhome 58STMP ports 55stop

callhome 58System logs 11SystemDiscoveryUI.exe 15

TTagging a VLAN 32TCP ports 10-11, 53test

callhome 59Time server support 44Transfer of system logs 11Troubleshooting Jumbo Frames 29Troubleshooting LACP issues 25Troubleshooting network issues 21

UUDP ports 53UID 48, 90

useradd 75Understanding link aggregation 24Understanding link layers 20Unity authentication 44, 100Useful CLI commands 57User access permissions 33User authentication modes 44useradd 48, 74

<name> 75UID 75

Using an NFS version 3 (NFSv3) client toaccess an NFS share 48

Using an NFS version 4 (NFSv4) client toaccess an NFS share 48

VVerifying network status 22Virtual IP 22Virtual Local Area Network 31VLANs 31vStorage APIs for Array Integration 101

WWrong cabling link 22

Nexsan Headquarters

900 E Hamilton Ave, Suite 230

Campbell, CA 95008 USA

Support (US): +1 866-463-9726

Support (Worldwide): +1 760-690-1111

E-mail: [email protected]

Nexsan Canada

1405 TransCanada Highway, Suite 300

Dorval, QC Canada H9P2V9

Support (Canada): +1 866-463-9726

Nexsan Shipping

302 Enterprise Street , Suite A

Escondido, CA 92029 USA

Nexsan UK

Units 33–35, Parker Centre, Mansfield Road

Derby, DE21 4SZ United Kingdom

Support (Europe): +44 (0)1332 291600

Copyright © 2010—2018Nexsan, Inc.. All RightsReserved.

Nexsan® is a trademarkor registered trademarkof Nexsan, Inc.. The Nexsanlogo is a registered trademarkof Nexsan, Inc..

All other trademarksand registered trademarksare the property of theirrespective owners.

Document Reference: 20180119PM033332

This product is protected byone or more of the following patents, and otherpending patent applicationsworldwide:

United StatespatentsUS8,191,841, US8,120,922;

United Kingdom patentsGB2466535B, GB2467622B, GB2467404B,GB2296798B, GB2297636B

Nexsan UnityNext Generation Hardware

mailto:[email protected]

Nexsan Unity Network Configuration Guide...ContactingNexsan NexsanHeadquarters 900E HamiltonAve,Suite230 Campbell,CA95008USA Support(US):+1866-463-9726 Support(Worldwide):+1760-690-1111

Documents