Snap Server® Administrator Guide GuardianOS v2.
COPYRIGHT Copyright © 2003, Snap Appliance, Inc. All rights reserved. Information in this document is subject to change without notice and does not represent a commitment on the part of Snap Appliance or any of its subsidiaries. The software described in this document is furnished under a license agreement. The software may be used only in accordance with the terms of the license agreement. It is against the law to copy the software on any medium.
END USER LICENSE AGREEMENT (EULA) FOR USE OF SNAP APPLIANCE STORAGE SOLUTIONS AND RELATED INSTALLATION UTILITIES SNAP IP, ASSIST, AND NASMANAGER (“INSTALLATION UTILITIES”); THE SYSTEM SOFTWARE EMBEDDED IN THE SNAP SERVER STORAGE SOLUTION (“EMBEDDED SOFTWARE”); SOFTWARE MARKETED BY SNAP APPLIANCE OR THAT IS EMBEDDED IN OR OTHERWISE CONSTITUTES A PART OF SNAP APPLIANCE COMPUTER HARDWARE PRODUCT(S) (SOMETIMES REFERRED TO COLLECTIVELY HEREIN, TOGETHER WITH THE INSTALLATION UTILITIES AND THE EMBEDDED SOFTWARE, A
. Protection of Trade Secrets. The Licensed Software contains trade secrets, and in order to protect them, you agree that you will not reverse assemble, decompile or disassemble, or otherwise reverse engineer any portion of the Restricted Software, or permit others to do so, except as permitted by applicable law, but then only to the extent that Snap Appliance (and/or its licensors) is not legally entitled to exclude or limit such rights by contract.
COMPUTER ASSOCIATES INTERNATIONAL, INC. ("CA") ETRUST ANTIVIRUS END USER LIMITED LICENSE AGREEMENT (THE "AGREEMENT") CAREFULLY READ THE FOLLOWING TERMS AND CONDITIONS REGARDING YOUR USE OF ETRUST ANTIVIRUS, INCLUDING ITS CODE AND DOCUMENTATION (THE "PROGRAM") BEFOREUSING THE PROGRAM. 1. CA PROVIDES YOU WITH ONE COPY OF THE PROGRAM AND LICENSES THE PROGRAM TO YOU PURSUANT TO THE TERMS OF THIS AGREEMENT. a.
Contents Preface Chapter 1 vii Getting Started 1 Snap Server Features .......................................................................................1 Data Protection ............................................................................................2 Management Applications and Services .................................................3 What’s New in the GuardianOS 2.4 Release ..............................................3 Installing and Using Snap Server Management Applications ....
Setting Up the Snap Server 14000...............................................................24 Snap Server 14000 Hardware Components ...........................................24 Snap Server 14000 Hardware Features ..................................................25 Rack Installation for the Snap Server 14000 ..........................................26 Connecting to the Network .....................................................................27 Connecting to the Power Supply .......................
Chapter 4 Storage Configuration and Management 53 Default Storage Configurations..................................................................54 Storage Configuration Options...................................................................55 RAIDs ..........................................................................................................55 Volumes ......................................................................................................56 Shares ..........................
Joining a Windows Workgroup, Domain, or Active Directory ............80 Notes on Windows Authentication ........................................................80 Interoperability with Active Directory Authentication .......................80 Joining an NIS Domain ................................................................................83 Web (HTTP, HTTPS) Authentication and Encryption ...........................84 Setting Share Access Permissions .....................................................
Backing Up Server and Volume Settings................................................114 The Disaster Recovery Files ...................................................................114 Creating the SnapDRImage and Volume Files ...................................115 Disaster Recovery Procedures ...............................................................116 Performing a Fresh Install in Maintenance Mode ..............................116 Manually Creating the Original RAID Sets and Volumes .............
Chapter 8 Troubleshooting 143 Networking Issues.......................................................................................143 Using Maintenance Modes ........................................................................144 Disaster Recovery and Maintenance Issues ...........................................145 NASManager Installation Issues..............................................................146 Appendix A Snap Server Specifications 147 GuardianOS Specifications ...............
Preface Snap Appliance’s Snap Servers 4200, 4400, 4500, and 14000 are dedicated storage appliances designed for rapid deployment. Audience This guide is intended for system and network administrators charged with installing and maintaining Snap Servers on their network. We assume the administrator is familiar with the basic concepts and tasks of multiplatform network administration. Purpose This guide provides information on the installation, configuration, security, and maintenance of Snap Servers.
Document Organization This document is organized as follows: • Chapter 1, Getting Started, provides a brief introduction to Snap Server software features and components, and provides instructions for installing and using Snap Server management utilities. • Chapter 2, Setup and Initial Configuration, shows you how to unpack, install, and then connect to a Snap Server. Information and instructions on completing the Initial Setup Wizard, configuring a UPS device, and registering your server are also provided.
Typographical Conventions This manual uses the following conventions. Font convention Usage Bold Emphasis Italic • Emphasis • The introduction of a new terms • Settings you select in the Administration Tool Arial Bold Menu commands, command buttons, and navigational links.
Related Documents Documents related to Snap Server models 4400 and 14000 are shown below. Title (Part No.
Contacts Snap Appliance company contacts are listed below. Snap Appliance Corporate Headquarters Snap Appliance, Inc. 2001 Logic Drive San Jose, CA 95124 1.888.310.SNAP (7627) (North America) 408-879-8700 (International) Snap Appliance Web Site http://www.snapappliance.com Service and Technical Support For an immediate response to a service inquiry, use our Expert Knowledge Base System at http://www.snapappliance.com/support.
xii Snap Server Administrator Guide
Chapter 1 Getting Started Snap Servers provide a low-cost, low-maintenance network file sharing solution that supports simultaneous access by Windows clients, UNIX/Linux workstations, and Macintosh clients. Snap Servers 4200, 4400, and 4500 provide enterprise security, management, and performance in a 1U form factor; the Snap Server 14000 in a 3U form factor. Snap Server 14000 Snap Server 4200, 4400, 4500 Snap Servers 4200, 4400, and 4500 support four disks, the 14000 twelve.
Snap Server Features Networking Snap Servers deliver multiplatform file sharing for heterogeneous Windows, UNIX/Linux, and Macintosh environments, enabling fast, seamless deployment into your existing infrastructure. The GuardianOS utilizes dual-Gigabit Ethernet technology to support standalone, load balancing, and failover network bonding modes. For more information, see “Networking Options” on page 37.
What’s New in the GuardianOS 2.4 Release Management Applications and Services Snap Servers offer two separate but integrated interfaces for server configuration. These easy-to-use utilities provide access to all administrative functions. NASManager is java-based utility for discovering and monitoring Snap Servers.
Installing and Using Snap Server Management Applications Installing and Using Snap Server Management Applications Snap Appliance provides two utilities for discovering, configuring, and troubleshooting Snap Servers. NASManager provides automatic discovery of Snap Servers; the browser-based Administration Tool provides easy access to regular configuration tasks.
Installing and Using Snap Server Management Applications Launching NASManager Launch NASManager using one of the methods described in the following table: Operating System Procedure Microsoft Windows XP/Me/ 2000/95/98/NT Click Start. Point to Programs > NASManager, then select NASManager. Macintosh Open the NASManager folder and double-click the NASManager icon. UNIX/Linux For default options: cd to home directory, then run the NASManager command: .
Installing and Using Snap Server Management Applications The Administration Tool The Administration Tool is a browser-based application that allows you to perform a wide range of administrative tasks. The Administration Tool is preinstalled on your Snap Server. Logging into the Administration Tool You access the Administration Tool using either of the supported browsers: Microsoft Internet Explorer (4.0 or better), or Netscape Navigator (4.7x or better).
Installing and Using Snap Server Management Applications Administration Tool Feature Map The Administration Tool consists of a set of integrated features that enable you to manage Snap Servers. The following diagram shows the main navigational structure of the Administration Tool interface.
Installing and Using Snap Server Management Applications Accessing the Features You can access Administration Tool features in one of two ways. The following examples show the different navigational paths you can take to access the RAID Sets feature. From the Administration Tool main menu 1 After logging into the Administration Tool, the main menu opens. (If you are already logged in, click the Home icon to return to the Administration Tool main menu.) 2 Click the RAID Sets link.
Chapter 2 Setup and Initial Configuration Snap Servers are designed to be set up, installed, and operational on your network in less than 15 minutes. This chapter covers how to unpack, install, and then connect to a Snap Server. Information and procedures for initial configuration tasks, such as completing the Initial Setup Wizard, configuring a UPS device, and registering your server are also provided.
Setting Up the Snap Server 4400 Setting Up the Snap Server 4400 Snap Server 4400 Hardware Components You should have all the items shown in the following illustration: 1 Snap Server 4400 5 Power cords 2 Two Ethernet cables 6 Quick Start Guide, User CD, registration and safety information, and DataKeeper Quick Start Guide and CD 3 Stacking clips 4 Rack mount screws (eight in all: four for mount brackets, four for rack post) 7 Rack mount brackets (left and right) 8 Backup Express CDs 10 Snap Server A
Setting Up the Snap Server 4400 Snap Server 4400 Hardware Features The following illustration identifies Snap Server 4400 hardware features. Subsequent sections discuss the status lights, and how to connect the server to the network.
Setting Up the Snap Server 4400 Rack Installation for the Snap Server 4400 The Snap Server 4400 ships with two L-shaped rack mount brackets. You can attach them in one of two ways: (1) to the front of the server for mounting to the front posts of a four-post rack; or, (2) to the middle or front of the server for mounting to both posts of a Telco rack. Caution The following procedure applies to standard EIA racks; other racks may not be able to support the server using only the front posts.
Setting Up the Snap Server 4400 Caution The speed/duplex setting on Snap Servers defaults to autonegotiate. The networking switch or hub to which the server is connected must also be configured to autonegotiate; otherwise, network throughput or connectivity to the server may be seriously impacted. Use the provided Ethernet cables to connect the server to the network. When you connect the network cables to active ports, the network lights on the bezel (LAN 1 and LAN 2) are green.
Setting Up the Snap Server 4400 Initializing the Snap Server 4400 Use the power button on the front of the server to power on and power off the server. To turn on the server, press the power button on the front of the server. The server takes a few minutes to initialize. • A green power LED indicates that the system is on. • An amber system LED indicates a system error. To turn off the server, press and release the power button to begin the shutdown process.
Setting Up the Snap Server 4400 Power, System, and LAN LEDs These status lights are located to the right of the power button. Looking at the server from the front, the lights appear in the following order, from left to right: power LED, system LED, LAN 1 (Ethernet1) LED, and LAN 2 (Ethernet2) LED. They operate as follows: Power LED Solid green The server is powered on. Off The server is powered off. System LED Blinking green (once per second) The server is booted up and operating normally.
Setting Up the Snap Server 4400 Connecting to the Snap Server 4400 To connect to a Snap Server 4400, you need either the server’s name or IP address. The default server name is SNAPnnnnnn, where nnnnnn is the server number. For example, the name of a Snap Server with a server number of 610019 is SNAP610019. The server’s IP address can be discovered using NASManager.
Setting Up the Snap Server 4200/4500 Setting Up the Snap Server 4200/4500 Snap Server 4200/4500 Hardware Components You should have all the items shown in the following illustration: 1 Snap Server 4200/4500 5 Power cords 2 Two Ethernet cables 6 Quick Start Guide, User CD, registration and safety information, and DataKeeper Quick Start Guide and CD 3 Stacking clips 4 Rack mount screws (ten in all: six for mount brackets, four for rack post) 7 Rack mount brackets (left and right) 8 Backup Express CDs
Setting Up the Snap Server 4200/4500 Snap Server 4200/4500 Hardware Features The following illustration identifies Snap Server 4200/4500 hardware features. Subsequent sections discuss the status lights, and how to connect the server to the network.
Setting Up the Snap Server 4200/4500 Rack Installation for the Snap Server 4200/4500 The Snap Server 4200/4500 ships with two L-shaped rack mount brackets. You can attach them in one of two ways: (1) to the front of the server for mounting to the front posts of a four-post rack; or, (2) to the middle or front of the server for mounting to both posts of a Telco rack. Caution The following procedure applies to standard EIA racks; other racks may not be able to support the server using only the front posts.
Setting Up the Snap Server 4200/4500 • If you connect both ports and plan to use a bonded configuration, make sure that both ports are physically connected to the network on the same subnet. For additional information, see “Understanding Dual-Ethernet Bonding Options” on page 39. Caution The speed/duplex setting on Snap Servers defaults to autonegotiate.
Setting Up the Snap Server 4200/4500 Initializing the Snap Server 4200/4500 Use the power button on the front of the server to power on and power off the server. To turn on the server, press the power button on the front of the server. The server takes a few minutes to initialize. • A green power LED indicates that the system is on. • An amber system LED indicates a system error. To turn off the server, press and release the power button to begin the shutdown process.
Setting Up the Snap Server 4200/4500 Power, System, and LAN LEDs These status lights are located to the right of the power button. Looking at the server from the front, the lights appear in the following order, from left to right: power LED, system LED, LAN 1 (Ethernet1) LED, and LAN 2 (Ethernet2) LED. They operate as follows: Power LED Solid green The server is powered on. Off The server is powered off. System LED Blinking green (once per second) The server is booted up and operating normally.
Setting Up the Snap Server 4200/4500 Connecting to the Snap Server 4200/4500 To connect to a Snap Server 4200/4500, you need the server’s name or IP address. The default server name is SNAPnnnnnn, where nnnnnn is the server number. For example, the name of a Snap Server with a server number of 610019 is SNAP610019. The server’s IP address can be discovered using NASManager.
Setting Up the Snap Server 14000 Setting Up the Snap Server 14000 Snap Server 14000 Hardware Components You should have all the items shown in the following illustration: 1 Snap Server 14000 2 Quick Start Guide, User CD, registration and safety information, and DataKeeper Quick Start Guide and CD 7 Two long rear support brackets (recommended for use with four-post racks) 3 Two Ethernet cables 8 Backup Express CDs 4 Two power cord clips 9 Two (left and right) front rack mounting bracket/handle assembl
Setting Up the Snap Server 14000 Snap Server 14000 Hardware Features The following illustration identifies Snap Server hardware features.
Setting Up the Snap Server 14000 Rack Installation for the Snap Server 14000 Be sure to install the server correctly. The server weighs approximately 75 pounds, and rack installation requires two or more people. If you have a four-post rack, Snap Appliance recommends that you use the rear support brackets provided. Caution The following procedure applies to standard EIA racks; other racks may not be able to support the server using only the front post.
Setting Up the Snap Server 14000 6 Immediately place the plastic washers over the studs and fasten the knurled heads to secure the server to the rack. If you have a four-post rack, attach the rear support brackets to the rack and then to the server as follows: 7 Align the slots on the rear support brackets with the mounting holes on the server, and then mark the corresponding rear rack post mounting locations.
Setting Up the Snap Server 14000 Caution The speed/duplex setting on Snap Servers defaults to autonegotiate. The networking switch or hub to which the server is connected must also be configured to autonegotiate; otherwise, network throughput or connectivity to the server may be seriously impacted. Connecting to the Power Supply When you connect the Snap Server to a power source, plug the power cords into two different sources. This strategy protects the server if one power source fails.
Setting Up the Snap Server 14000 Initializing the Snap Server 14000 To initialize the Snap Server 14000, use the following procedure: 1 Make sure the power switches on both power supplies are in the on position (the 1 on the toggle switch is depressed). 2 Depress the front power button until the LCD illuminates System Link (about three seconds). 3 Wait for the server to initialize (a few minutes). Using the Snap Server 14000 LCD The LCD provides status information and event logs.
Initial Configuration Tasks Initial Configuration Tasks The first time you connect to your Snap Server, the Initial Setup Wizard runs. This wizard presents a series of screens that allows you to quickly establish connectivity and basic security for the server. Once you complete the wizard and reboot the server, Snap Appliance recommends that you immediately configure your UPS device and register your server.
Initial Configuration Tasks APC-Brand UPS Configuration Snap Appliance recommends that you use a UPS with the Snap Server. A UPS is the best way to protect your data from unforeseen power outages. Snap Servers are compatible with network-based, APC-brand uninterruptible power supplies that allow you to take advantage of the automatic shutdown capability. Visit the APC Web site for a listing of optimal APC models for use with your Snap Server.
Initial Configuration Tasks • Server name — The default server name is SNAPnnnnnn, where nnnnnn is the server number. • Time settings — The time and date default to the settings on the local network. The time zone defaults to Greenwich time. • Administrator account and password—The default Administrator user name is admin and the default password is also admin. Snap Appliance strongly recommends that you set a new administrator password at this time. Click Continue to view the TCP/IP screen.
Initial Configuration Tasks 3 In step 4, register the server. Click the Register online now link to open a separate browser window that provides instructions on how to proceed. (If you prefer to register the server at a later time, you can do so from the System > Registration screen in the Administration Tool.) 4 Reboot the server. Click Reboot. The server reboots to the Web View screen.
Initial Configuration Tasks Configuring your APC-Brand UPS Device To configure an APC-Brand UPS device, you must: (1) enable UPS support on the Snap Server as described in this section; and, (2) identify the Snap Server to the APC software. In the APC UPS browser-based user interface, navigate to the Power Chute configuration page, and add the Snap Server’s IP address to the client list. If you are using DHCP, entering any IP address on your network will work.
Initial Configuration Tasks 4 If you are using two UPS devices, you can select automatic shutdown upon receiving a message from one or both UPS devices. 5 Click Save. Tip The Snap Server 14000’s maximum load is 300 watts. The maximum load for Snap Servers 4200, 4400, and 4500 is 160 watts. To determine how many hours of service your UPS will supply, divide the watt hours of the UPS by the maximum load the Snap Server draws.
Initial Configuration Tasks 36 Snap Server Administrator Guide
Chapter 3 Networking Options Snap Servers are preconfigured to use DHCP, autonegotiate network settings, and allow access to Windows, NFS, Macintosh, FTP, and Web clients. This chapter discusses your options for configuring TCP/IP addressing, network bonding, and access protocols. Network bonding options allow you to configure the Snap Server for load balancing and failover. Network protocols control which network clients can access the server.
Default Networking Configuration Default Networking Configuration Snap Servers are preconfigured to allow multiplatform access in heterogeneous Windows, UNIX/Linux, and Macintosh environments. The following table summarizes the Snap Server’s default networking configuration. 38 Protocol Default Comments TCP/IP DHCP By default, Snap Servers acquire an IP address from the DHCP server on the network.
Configuring TCP/IP Configuring TCP/IP The GuardianOS utilizes dual-Gigabit Ethernet technology to support standalone, load balancing, and failover network bonding modes. The following graphic displays the TCP/IP settings for a dual-Ethernet Snap Server in failover mode with autonegotiated speed and duplex settings. Understanding Dual-Ethernet Bonding Options Network bonding technology treats two ports as a single channel, with the network using one IP address for the server.
Configuring TCP/IP Load Balancing An Ethernet port on any server can become a bottleneck or single point of failure for a network. Using both Ethernet ports in a load balancing scheme increases server bandwidth and helps to keep users connected and files available. In load balancing mode, the transmission load is distributed among aggregated network ports. An intelligent software adaptive agent repeatedly analyzes the traffic flow from the server and distributes the packets based on destination addresses.
Configuring TCP/IP Automatically Negotiating Speed/Duplex Settings The automatic negotiation setting (Auto) allows the Snap Server to base speed and duplex settings on the physical port connection to a switch. When you use autonegotiation, the switch port must be configured to the same setting; otherwise, network throughput or connectivity to the server may be seriously impacted.
Configuring TCP/IP Edit settings as described in the following table, and then click Save to update network TCP/IP settings immediately. If you alter a static IP address or subnet mask, you may also need to reboot the server to activate those changes. Option Settings Port Select either Ethernet1 or Ethernet2 from the pull-down menu as appropriate. Note that the Select Network Bonding option appears only when Ethernet1 is selected. TCP/IP Addressing This defaults to the DHCP-assigned setting.
Managing Network Protocol Access Managing Network Protocol Access The Snap Server provides the standard file-sharing services of a Windows, NFS, Macintosh, HTTP, or FTP server. Users can access local server files, obtain read/ write privileges to local server files, and share files with other clients. The Snap Server does not support other functions of these servers, such as printing or e-mail services.
Managing Network Protocol Access Option Settings Workgroup/Domain This defaults to the Windows workgroup. Enter the workgroup or domain name to which the server belongs. If you join a Windows domain through Advanced Security (Security > Windows), the domain name you entered displays here and can be changed only via the Advanced Security screen.
Managing Network Protocol Access Configuring NFS Access To change NFS access, navigate to the Network > NFS screen. The Valid Client Addresses list box displays the client machines that currently have access to the server via NFS. Edit settings as described in this section, and then click Save to update NFS network settings immediately. For information on security and authentication, see “Security Management” on page 73.
Managing Network Protocol Access Configuring Apple File Protocol (AFP) Access To change AFP settings, navigate to the Network > AFP screen. The default settings provide access to Macintosh clients over an AppleTalk or TCP/IP network. Edit settings as described in the following table, and then click Save to update network AFP settings immediately.
Managing Network Protocol Access Configuring FTP Access for Anonymous Users To change FTP settings for anonymous login, navigate to the Network > FTP screen. The default settings allow read-only access for anonymous users, and read/write access for authorized users. Edit settings as described in this section, and then click Save to update network FTP settings immediately. Option Settings Anonymous Login When you allow anonymous login, FTP users employ an e-mail address as the password.
Managing Network Protocol Access Configuring a DHCP Server To configure the Snap Server as a DHCP server, it must have a static IP address. This static address must meet two conditions: (1) it must lie outside the DHCP range of IP addresses you specify on the DHCP screen; and, (2) it must be part of the same subnet on which the Snap Server is to assign IP addresses. You can assign the Snap Server a static IP address on the Network > TCP/IP screen.
Connecting from a Client Connecting from a Client A Snap Server, once installed, appears on the network as a server with a shared folder. Windows (SMB) Windows clients can connect to the Snap Server using either the server name or IP address. To navigate to the server using Windows Explorer, use one of these procedures: • For Microsoft Windows 2000, Me, or XP clients, navigate to My Network Places > workgroup_name > server_name.
Connecting from a Client Tip You must add Macintosh networking users and groups as local Snap Server users and groups. To Connect to the Snap Server from a Macintosh, use this procedure: 1 Select Network Browser, Chooser, or Connect to Server from the Apple or GO menu. In the Chooser, click the AppleShare icon. 2 If using zones with AppleTalk, select the default zone in the AppleTalk Zones list. 3 Scroll through the list of servers in the Select a File Server list and select your server, then click OK.
Connecting from a Client Web Browser (HTTP) Users can view and download files using a browser, but cannot modify or upload files. To access a specific share directly, Internet users can append the full path to the Snap Server name or URL, as shown in the following examples: http://SNAP61009/Share1/my_files http://10.10.5.23/Share1/my_files Tip Web access is case-sensitive. Capitalization must match exactly for a Web user to gain access.
Connecting from a Client 52 Snap Server Administrator Guide
Chapter 4 Storage Configuration and Management Storage configuration consists of selecting the type of RAID appropriate to your user requirements, setting up one or more volumes (file systems) for the RAID, and defining access to those file systems via shares. This chapter explains the default storage configuration, how to create a different configuration, and how to monitor and maintain the health of storage components.
Default Storage Configurations Default Storage Configurations Snap Servers are preconfigured as a single RAID 5, with a single volume encompassing the entire RAID, and a single share pointing to the volume. The data space is preconfigured to allocate 20 percent of the RAID to Snapshots on the single volume and the remainder of the RAID for the file system.
Storage Configuration Options Storage Configuration Options The default storage configurations offer high levels of data security and storage capacity with a minimum of maintenance overhead. If the default configuration is appropriate to your needs, the only further storage configuration necessary is creating the directory structure, establishing share access to the directories, and setting up Snapshots. You may have requirements or special needs that demand a different configuration.
Storage Configuration Options RAID 1 (Mirrored) RAID 1 uses mirroring, which stores data on one disk drive and copies it to another drive in the RAID. A RAID 1 must contain at least two disk drives: one for the data space and one for redundancy. Though the data space in a RAID 1 can never be larger than a single drive, some administrators prefer to add a third drive (either as a hot spare or a member) for additional redundancy.
Storage Configuration Options Shares A Snap Server share may be thought of as equivalent to a Microsoft networking share, a Macintosh networking shared folder, or an NFS exported file system. The default share provides all users unrestricted access to the entire volume over all supported protocols. Share access security allows administrators to assign read-write or read-only access to users and groups within a share. Access to share can also be restricted by disabling protocols.
Creating New Storage Configurations Creating New Storage Configurations The Snap Server offers two methods of creating a new storage configuration: (1) the RAID Storage wizard lets you quickly create a RAID, a volume to the RAID, and a single share to the volume; or, (2) a sequence of Storage screens requires a little more time, but allows you full control over volume, share, and share access definitions.
Creating New Storage Configurations reinstalls the antivirus software (using default settings) on the largest volume. The installation process does not preserve custom antivirus configuration settings. Make a note of any such settings before deleting a RAID or volume. Using the RAID Storage Wizard To create a storage configuration with the RAID Storage Wizard, navigate to the Storage > Wizard screen. The wizard walks you through the storage configuration process.
Creating New Storage Configurations Creating a RAID To create a new RAID, navigate to the Storage > RAID screen. Creating a RAID involves choosing the RAID type, selecting the disk drives to include in the RAID, and then creating the RAID. When finished, you can continue to the Create Volume screen or exit to the RAID Sets screen. Tip Each RAID type requires a minimum number of available drives. A RAID type will only be available if its minimum drive requirement is met. 1 Select the RAID type.
Creating New Storage Configurations Creating a Volume To create a volume, navigate to the Storage > Volumes screen. Creating a volume is a simple process of defining the name, location, and size of the volume. When finished, you can continue to the Create Share screen or exit to the Volumes screen. 1 Define the volume. To begin the process, click Create Volume. On the screen that opens, define the volume’s parameters: • If necessary, select the RAID on which to create the volume.
Creating New Storage Configurations Creating a Share To create a share, navigate to the Storage > Shares screen. Creating a share involves selecting the volume and directory path for the share and then defining share attributes and network access protocols. Before you start, make sure you know the name, volume, and path to the directory to which the share will point. 1 Select a volume. To begin the process, click Create Share.
Managing and Repairing RAIDs Managing and Repairing RAIDs Determining Disk Drive Status To view the status of the disk drives installed on the server, navigate to the Storage > Devices screen. The devices table displays the location, model, and capacity of each drive. The status of each drive is indicated as follows: • Member of...
Managing and Repairing RAIDs Determining RAID Set Status To assess the status of a RAID, navigate to the Storage > RAID Sets screen. Conditions that may require your attention are highlighted in yellow. The RAID table displays the name, type, total capacity (size), and the remaining capacity not allocated to a volume for each RAID. RAID status is indicated as follows: • OK — The RAID is functioning properly. • Degraded — A drive has failed or been removed.
Managing and Repairing RAIDs Tip If you configure a RAID 1 or 5 with a hot spare, the array automatically starts rebuilding with the hot spare when one of the disk drives fails or is removed. To Replace a Disk Drive The following procedure assumes that you are installing a new, out-of-the-box disk drive as a replacement for a failed drive. 1 Remove a disk drive logically from an existing RAID using the Administration Tool. Navigate to the Storage > RAID Sets screen.
Managing and Repairing RAIDs To Add a Drive to an Existing Raid 1 or 5 Using the Administration Tool 1 Navigate to the Storage > RAID Sets screen, and click the name of the RAID 1 or 5 to which you want to add a drive. 2 On the screen that opens, click Add. If you are adding to a RAID 1, select either Hot Spare or Member at the top of the screen. (Adding a member is not available for a RAID 5.) 3 Select one or more drives to add to the configuration, and then click Continue.
Managing Volume Usage Managing Volume Usage The Snap Server offers several tools for monitoring and controlling how storage space on a volume is used. You can dynamically grow and manipulate volumes without rebooting the server. Assessing Volume Status To view information on existing volumes, navigate to the Storage > Volumes screen. The volumes table displays the name, RAID, total capacity (size), and mount point for each volume.
Managing Volume Usage Assigning User or Group Quotas To assign quotas, navigate to the Storage > Quotas screen. Assigning quotas involves enabling quotas for a volume, adding users or NIS groups to one of the volume’s two quota tables, and then setting a limit (in MB) on the amount of space each user or group can consume. 1 Enable quotas for the volume. A check mark in the Enabled column indicates that quotas for a volume are enabled. To enable quotas for a volume, select its check box and click Save.
Managing Volume Usage • To remove a user or group from the table, clear the check box(es) in the Assigned column. 4 Click Save. Any changes you have made take effect immediately. Disabling Quotas To disable quotas, clear a volume’s check box in the Enabled column and click Save. Disabling quotas for a volume deactivates any existing quota assignments you have made, but does not delete them.
Hot Swapping Disk Drives Hot Swapping Disk Drives The term hot swap refers to the ability to remove and add components to a system without the need to turn off the server or interrupt client access to files. Snap Servers permit hot swapping for disk drives. The Snap Server 14000, with dual fan and power supplies, also permits hot swapping for these components (see “Hot Swapping Fans and Power Supply Modules” on page 119).
Hot Swapping Disk Drives Physically Replacing a Disk Drive on the Snap Server 4200, 4400, or 4500 When the power LED is amber and the activity LED is off, the disk drive has failed or is not working correctly. 1 Before proceeding, make sure you have logically removed the drive using the Administrator Tool as described in the previous section. 2 Remove the front bezel. With a hand on each latch, slide both latches on the front bezel toward the center.
Hot Swapping Disk Drives 72 Snap Server Administrator Guide
Chapter 5 Security Management The goal of security management is to control access to files in order to safeguard their integrity and confidentiality. User and group authentication along with share, directory, and file permissions are the main tools of security management, and are the focus of this chapter. The Snap Server offers local, Windows domain, and NIS domain authentication, as well as additional HTTP security options; share-level access permissions; and support for file and folder permissions.
Default Security Settings Default Security Settings Snap Server default security configuration provides one share to the entire volume. All network protocols for the share are enabled, and all users are granted read-write permission to the share. Default Local User and Group Authentication A local user or group is one defined locally on a Snap Server using the Administration Tool. The default users and groups listed below cannot be modified or deleted.
Security Setup and Configuration Tasks Security Setup and Configuration Tasks Summarized next are the steps the administrator must take to configure security on a Snap Server. Figure 1-1 summarizes the steps and methods available to the administrator to perform these tasks. Physically Secure the Server Place the Snap Server in a secured area with restricted access. Anyone who has access to the server could potentially reset the server or remove any hot-swappable component.
Security Setup and Configuration Tasks Configure Users and Groups Authentication validates a user’s identity by requiring the user to provide a registered login name and corresponding password. Administrators have three options for configuring user and group accounts for a Snap Server. • Creating Local Users and Groups — Local users and groups are created, authenticated, and maintained locally on the Snap Server. Tip Macintosh and FTP users must be configured as local users.
Cross-Platform Issues in Authentication Cross-Platform Issues in Authentication Consider the issues raised in this section when choosing and implementing authentication methods in your environment. Macintosh and FTP Access Macintosh clients can access the server using the Guest account; FTP clients can access the server using the anonymous account. For more granular control over Macintosh and FTP access, administrators must create local user accounts for Macintosh and FTP users.
Creating Local Users and Groups Creating Local Users and Groups Local users or groups are created and defined locally on a Snap Server using the Administration Tool. You create local user and group accounts using the Security > Users and Security > Groups screens in the Administration Tool. Notes on Managing Local User and Group Accounts • Duplicate client log-in credentials for local users and groups — To simplify user access, duplicate client log-in credentials on the Snap Server.
Creating Local Users and Groups To create a local group 1 Navigate to the Security > Groups screen. 2 Click Create Group and enter a unique name for the group on the screen that opens. 3 To create the group, click Create. The Group Edit screen opens. 4 Select or Clear a user's check box to add or remove the user from the group. 5 If necessary, edit the GID. 6 Click Save.
Joining a Windows Workgroup, Domain, or Active Directory Joining a Windows Workgroup, Domain, or Active Directory Once joined to a Windows NT, Windows 2000 or Active Directory domain, the Snap Server imports, and then maintains a current list of the users and groups on the domain. Notes on Windows Authentication • You cannot modify Windows domain user or group accounts locally — You must use the domain controller to make modifications.
Joining a Windows Workgroup, Domain, or Active Directory Joining a Windows Workgroup, Domain, or Active Directory To join a workgroup or domain, navigate to the Security > Windows screen. Windows or Active Directory domains resolve user authentication and group membership through the domain controller. To Enable Guest Account Access Select Yes in the Enable Guest Account pull-down menu to allow unknown users to access the Snap Server using the guest account. Select No to disable this feature.
Joining a Windows Workgroup, Domain, or Active Directory 4 An error message about the use of the restrict_anonymous mechanism may appear along the top of the screen. If so, click the link provided on the screen to enter a valid domain (not local) user name and password that the Snap Server can use to communicate with the PDC when the Windows Authentication restrict_anonymous mechanism has been implemented on the network.
Joining an NIS Domain Joining an NIS Domain To simplify administration of multiple systems in large NFS configurations, the Snap Server can join an NIS domain and function as an NIS client. It can then read the users and groups maintained by the NIS domain. • You cannot modify NIS user or group information locally on the server. You must use the NIS server to make modifications.
Web (HTTP, HTTPS) Authentication and Encryption Web (HTTP, HTTPS) Authentication and Encryption When a user connects to a Snap Server via the HTTP protocol, the Web View screen displays a list of all shares (and Snapshot shares, if any). Web View supports Netscape Navigator 4.7 and above and Microsoft Internet Explorer 4.0 and above.
Setting Share Access Permissions Setting Share Access Permissions The GuardianOS supports share-level as well as file & directory-level permissions (discussed in the next section) for all local and Windows domain users and groups. The default permission granted to users and groups when they are granted access to the share is full control. Administrators may restrict selected users and groups to read-only access.
Setting Share Access Permissions Assigning Read-Only Access to NFS Users You can assign read-write or read-only share permissions on an individual basis to local and Windows domain users and groups that have access to a share. That is, you can assign some users and groups read-only access to the share, and other users and groups read-write access to the same share. The NFS protocol, however, does not support this type of user-level access control.
Setting Share Access Permissions Setting Share Access Permissions A newly created share defaults to the following access settings: Attribute Default Description Protocol Access All Protocol access is set during the process of creating a share (see page 62). Unless explicitly disabled, access to the share is granted over all supported protocols. Protocol Access Type All Users may view the share via any enabled protocol.
Setting Share Access Permissions Explorer. For example, assume SHARE1 is set as hidden. Windows users will not see the share when viewing the server through Network Neighborhood, or when performing a net view \\servername on the Snap Server. Tip Windows users who have access rights to a hidden share can still access the share by entering the precise path to the share directly into their file system viewer.
Setting File and Folder Permissions Setting File and Folder Permissions The GuardianOS supports the use of the Windows NT, 2000, or XP interface to set directory and file permissions for local and domain/ADS users and groups on the Snap Server. On a directory, administrators can also set inheritance permissions that will be inherited by subordinate folders and files created within the directory.
Setting File and Folder Permissions Setting File and Directory Access Permissions and Inheritance Directory and file access permissions are set using Windows NT, 2000, or XP security tools, but not all the options available in Windows security are available on the Snap Server. The GuardianOS supports the following file and directory permissions. File- and Level Access Permissions Read Grants complete read access.
Setting File and Folder Permissions To set file and directory permissions and inheritance 1 Using a Windows NT 4.0, 2000, or XP client, map a drive to the Snap Server, logging in as a user with change permissions for the target file or directory. 2 Do one of the following: • In Windows NT, right-click the file or directory, choose Properties, click the Security button, and then click Permissions . • In Windows 2000, right-click the file or directory, choose Properties, and then click the Security tab.
Setting File and Folder Permissions GuardianOS File and Directory Access Permissions Summary Administrators may want to keep this summary handy when setting file and directory access permissions. GuardianOS File and Folder Access Permissions The GuardianOS permits the following types of permissions. Bolded permissions are created by default. The user owner and group owner cannot be deleted, but their permissions can be modified by using NT 4.0, Windows 2000, XP security tools.
Chapter 6 Data Protection This chapter covers backup and disaster recovery procedures that can ensure your company’s data is secured and accessible at all times. The Snap Server supports a variety of native as well as third-party technologies that you can use to implement a disaster recovery strategy appropriate to your environment and current practices.
Data Backup Options Data Backup Options Snap Appliance provides four native applications—Snapshots, Backup Express for GuardianOS, Server-to-Server Synchronization, and DataKeeper —that you can use to enhance your backup procedures. Backup Express for GuardianOS provides native tape backup support, Snapshots ensure that the file system you back up is internally consistent and complete, and S2S provides an alternative way to back up data to disk.
Data Backup Options • Snapshot rollback — If you need to restore a file system to a previous state, you can do so without resorting to tape. The rollback feature allows you to use any Snapshot to restore an entire volume to a previous state, including ACL and quota information. • Backup optimization — When you back up a live volume directly, there is a chance that the internal consistency of the file system may be compromised; that is, files that reference other files in the system may become asynchronous.
Data Backup Options Server-to-Server Synchronization Server-to-Server Synchronization (S2S) is a SnapExtension that copies the contents of a share from one Snap Server to another share on one or more different Snap Servers. Any Snap Server server can be used as either a source or a destination for replicated content. Once you set up a synchronization task, the source server sends messages advising all destination servers to begin synchronizing data.
Data Backup Options Supported Native and Third-Party Backup Solutions Native Backup Solutions Third-Party Backup Solutions CA BrightStor ARCserve v7 CA BrightStor Enterprise Backup v10 Legato NetWorker 6.1.1 Veritas Backup Exec v 8.6 Veritas NetBackup DataCenter 3.4.
Using Snapshots Configuring third-party backup solutions To configure a Snap Server to work with one of the supported backup solutions, you must: (1) install the backup agent software on the Snap Server; (2) inform the Snap Server of the IP addresses of each backup master server; and, (3) inform the backup software of the Snap Server’s IP address. Instructions for these procedures are given in “Third-Party Backup Applications” on page 153.
Using Snapshots Recurring Snapshots A recurring Snapshot runs according to a schedule you specify. A recurring Snapshot schedule works like a log file rotation, where a certain number of recent Snapshots are automatically generated and retained as long as possible, after which the oldest Snapshot is discarded. Managing the Snapshot Pool Snapshots are stored on a RAID in a Snapshot pool, or space reserved within the RAID for this purpose.
Using Snapshots Accessing Snapshots Snapshots are accessed via a Snapshot share. Just as a share provides access to a portion of a live volume (or file system), a Snapshot share provides access to the same portion of the file system on all current Snapshots of the volume. The Snapshot share’s path into Snapshots mimics the original share’s path into the live volume. You create a Snapshot share by selecting the Create Snapshot Share option in the course of creating a live-volume share.
Using Snapshots 1 Create the Snapshot definition. To begin the process, click Create Snapshot. In the screen that opens, complete the following information to define the Snapshot: • Name the Snapshot. • Identify the source volume. • If you plan to create a tape backup from the Snapshot, choose Yes from the Create Recovery File pull-down menu. (See the next section for information on coordinating Snapshots and backup operations.) Click Continue to schedule the Snapshot.
Using Snapshots Coordinating Snapshot and Backup Operations Like backups, Snapshots can be scheduled to recur at a designated time and interval. In addition to synchronizing the backup and Snapshot schedules, you must create a share (and Snapshot share) to the root of the volume so that the backup software can access the Snapshot. 1 Create a Snapshot for each volume you want to back up. In the Administration Tool, navigate to the Storage > Snapshots screen, and click Create Snapshot.
Using Snapshots Each directory inside the Snapshot share represents a different Snapshot. The directory names reflect the date and time the Snapshot was created. However, the latest directory always points to the latest Snapshot (in this case, 2003-0107.020100, or January 7th, 2003, at 2:01 a.m.). In this case, configuring the backup software to copy from \SHARE1_SNAP\latest ensures that the most recently created Snapshot is always archived.
Using Backup Express for GuardianOS Using Backup Express for GuardianOS This section provides an overview of Backup Express for GuardianOS concepts and discusses using the software to perform backup and restore operations on Snap Servers. The procedures for installing the Backup Express GUI on a client machine and performing basic configuration tasks are described in the Quick Start Guide, found in the sleeve of the Backup Express for GuardianOS User CD.
Using Backup Express for GuardianOS Components Backup Express for GuardianOS is comprised of the following major components. • Snap Server Master Server — A master server is one that contains the Backup Express product, including the catalog and modules that control media management, scheduling and distributed processing. This software is preinstalled on all Snap Servers. • Backup Express GUI — The Backup Express graphical user interface (GUI) is used for all configuration and administrative tasks.
Using Backup Express for GuardianOS Restore Modes A restore mode is a method of restoring data appropriate to particular situations or types of data. Backup Express for GuardianOS offers four restore modes: • Catalog — Use catalog mode to specify exactly what to restore. In catalog mode, Backup Express displays your enterprise tree structure. You can select data to restore at the node group, node, drive, directory, or file level.
Using Backup Express for GuardianOS Backup Schemes A backup schedule incorporates one of the following three types of operations known as backup schemes: • Base — Backs up all target files on the Snap Server • Differential — Backs up all target files on the Snap Server that have changed since the last base backup of the same name • Incremental — Backs up target files on the Snap Server that have changed since the last backup of any type with the same name Each backup scheme may have different parameters s
Using Backup Express for GuardianOS Backing Up Data Backing up data involves creating a backup definition and then scheduling the backup. A backup definition is a set of parameters that define key elements of a backup operation. To access the Backup Definition screen, click Backup at the Administrator Menu. The Backup Definition screen opens. 1 Name the backup definition. Click the New Backup Definition button. In the Define New Backup Job dialog box that opens, enter a unique job name and click OK.
Using Backup Express for GuardianOS Restoring Data Restoring data involves creating a restore definition and then scheduling the restore. A restore definition is a set of parameters that define key elements of a restore operation. To access the Restore Definition screen, click Restore at the Administrator Menu. The Restore Definition screen appears. 1 Name the restore definition. Click the New Restore Definition button.
Using Backup Express for GuardianOS • To schedule the restore operation, click the Stopwatch button along the top of the screen. For instructions on using the Scheduler dialog box that opens, see page 111. When finished, save the restore definition. 7 Save the restore definition. Click Save.
Using Backup Express for GuardianOS To use a preset backup schedule (backup only) The two pre-set backup schedules are Base/Incremental and Base/Differential. They are weekly schedules that run a base backup once a week and an Incremental or Differential backup on the remaining days.
Using Backup Express for GuardianOS Managing the Catalog Because the catalog tells you which tape contains the most recent version of a file, it is vital that you back up the catalog regularly. Restoring your system in the event of a severe system failure will be arduous and time-consuming without a usable copy of the catalog. Without the catalog, you will have to rely on manual tracking of backups. Tip The Snap Server is preconfigured with a single volume.
Using Backup Express for GuardianOS To restore the catalog Make sure you know the volser number and the partition number (on the tape drive on which the catalog is stored). 1 Prepare the backup media. Manually load the tape on which the catalog is stored to the appropriate device. 2 Open the Define Catalog Restore dialog box. From the Administrator Menu, select the Catalog button. On the Catalog Menu that opens, click the Catalog Restore button to open the Define Catalog Restore dialog box.
Backing Up Server and Volume Settings Backing Up Server and Volume Settings In addition to backing up the data on the Snap Server, you may also back up its system and volume settings.
Backing Up Server and Volume Settings Tip The Create Recovery Files option in the Snapshot feature automatically updates the volume-specific files at the time the Snapshot is taken. If you do not use Snapshots to back up a volume to tape, you must manually regenerate these files whenever you change ACL or quota information to ensure that you are backing up the most current volume settings.
Backing Up Server and Volume Settings Disaster Recovery Procedures Caution The procedures described in this section for responding to a catastrophic event are general in nature, and may result in the loss of data. Should such an event actually occur, the exact procedure to follow will vary according to environmental conditions. Snap Appliance strongly recommends you contact a technical service representative before proceeding.
Backing Up Server and Volume Settings This operation may take a few minutes. As the operation progresses, the screen reports the progress of the operation. When the operation is finished, scroll to the bottom of the screen, and click Continue. The Continuing Fresh Install Operation screen opens. 3 When the Fresh Install operation is finished, click Reboot. Rebooting takes about three minutes, after which you can refresh the screen by clicking the Home icon in the upper right corner of the screen.
Backing Up Server and Volume Settings Restoring the Data from Tape If you are using Backup Express for GuardianOS, you must restore the catalog to the first volume before proceeding to restore data from tape (for instructions, see “To restore the catalog” on page 113). Users of other backup software packages may require variations in this procedure. 1 Determine the restoration procedure for your backup software.
Recovering from Hardware Failures (Snap Server 14000 Only) Recovering from Hardware Failures (Snap Server 14000 Only) This section contains procedures for recovering from hardware components on the Snap Server 14000 only. Procedures for hot swapping disk drives, which also applies to other Snap Servers, appear on page 70. Chassis Failure The chassis includes the backplane. In the unlikely event that the chassis of your Snap Server 14000 fails, you can transfer its drives to another Snap Server.
Recovering from Hardware Failures (Snap Server 14000 Only) Power Supply Module Indicator Lights A second set of power supply module indicator lights is located below the two power supplies: a green light and an amber light. The green light is continuously lit when the power supplies are active and working properly. A blinking green light indicates that one of the power supply modules is not active. The amber light comes on when a module is not functioning properly.
Chapter 7 Monitoring and Maintaining Snap Servers This chapter describes how to use the Administration Tool to monitor and maintain a Snap Server. It includes information on configuring e-mail notification, eTrust InoculateIT, SNMP, accessing server status information, viewing the event log, and resetting server settings to factory defaults. • Configuring E-mail Notification — Provides requirements and options for configuring e-mail notification for system events.
Configuring E-mail Notification Configuring E-mail Notification To configure the server to send e-mail alerts in response to system events, navigate to the System > E-mail Notification screen. To set up e-mail alerts, you will need: (1) the SMTP server’s IP address; and, (2) the e-mail address of each recipient who is to receive an alert.
Simple Network Management Protocol (SNMP) Supported Network Manager Applications You can use any network manager application that adheres to the SNMP V2 protocol with the Snap Server. The following products have been successfully tested with Snap Servers: CA Unicenter TNg, HP Open View, and Tivoli NetView. Configuring the Server for SNMP To configure the Snap Server as an SNMP agent, navigate to the System > SNMP screen.
Using Status Screens • Private Community — To enable SNMP managers to remotely configure this server, enter the name of one or more private communities, or accept the default private. Create unique public and private names. As a precaution against unauthorized access, Snap Appliance recommends that you create your own public and private community names. • Server Location — Enter information that helps a user identify the physical location of the server.
Using the Event Log Using the Event Log Use the Monitoring > Event Log screen to view a summary of all operations performed on the server. Yellow indicates a caution, red indicates an error, and blue indicates information. You can control the appearance of this screen using the following controls: • Use the controls along the top of the screen to select the severity level, time range, and order of events displayed. • Click Refresh to update the Event Log.
Resetting the Snap Server to Factory Defaults Resetting the Snap Server to Factory Defaults The GuardianOS allows you to reset different components of the system. Default settings can be found in the default configuration sections of chapters 3, 4, and 5. Caution Each reset option requires a reboot of the server. To prevent possible data corruption or loss, make sure all users are disconnected from the Snap Server before proceeding.
eTrust InoculateIT eTrust InoculateIT The Computer Associates antivirus software is a powerful antivirus solution that is preinstalled on all Snap Servers. The software, certified by the International Computer Security Association (ICSA) to detect 100 percent of viruses in the wild, uses a rule-based, analytical virus scanner to detect known viruses. By default, the eTrust InoculateIT software is enabled on Snap Servers, but no scan jobs or signature update schedules are configured.
eTrust InoculateIT Local Scanner and Log Views The eTrust browser interface offers two views (or modes) that display different administrative functions: 1) the default Local Scanner view provides scheduling and scanning options; and, 2) the Log Viewer view allows you to view and manage the scanning activity logs. To change views, select the desired option from the View menu. (A third view, the Administrator’s View, is not available for Snap Servers.
eTrust InoculateIT 2 To launch the Configuration GUI, click the Configure eTrust InoculateIT link. The eTrust InoculateIT splash screen appears. The first time you connect, it may take from 30 seconds to several minutes for the GUI to load, depending on the speed of your connection. 3 The CA Antivirus Security Login dialog box appears. Enter the same admin user name and password (case-sensitive) you have established for the Administration Tool, and then click OK.
eTrust InoculateIT Subsequent sections briefly describe the main features of the Local Scanner; see the online Help for detailed descriptions of all of the Local Scanner options and procedures for using these features. The Local Scanner Window The Local Scanner window displays a list of items available for scanning on the left side of the window, and displays the contents of a selected item on the right side of the window.
eTrust InoculateIT Setting the Scan Options Scan options are displayed on the Scan tab of the Scanner Options dialog box. Use these options to change the scan level, change the scanning engine or detection options, and to control how to treat an infection if one is found. These options can be used for both local scanning and scheduled scanning. Safety Level — You can set the scan safety level to Secure or Reviewer mode. Use the Secure mode as the standard method for scanning files completely.
eTrust InoculateIT Setting Selection Options Selection options are displayed on the Selection tab of the Scanner Options dialog box. Use the Selection options to choose the types of objects to scan, the types of file extensions to include or exclude from a scan, and the types of compressed files to scan. Objects to Scan — You can only choose the scan files setting on the Snap Server.
eTrust InoculateIT Viewing Directory Paths Directory paths are displayed on the Directory tab of the Scanner Options dialog box. The Directory options display the locations of the directories used by the antivirus software. In addition, the Rename Extension is displayed. Filtering File Information for Logs Log filter options are displayed on the Log tab of the Scanner Options dialog box. You can specify the types of events that are written to a log.
eTrust InoculateIT Setting Signature Update Options To set signature update options, choose Scanner > Signature Update Options. The Signature Update Options dialog box that opens consists of three tabs: • Schedule • Incoming • Outgoing (These options are not supported on the Snap Server.) Use these options to set up when to collect the signature updates, where to get them, and which engine versions and platforms to include.
eTrust InoculateIT Setting Incoming Options Use the Incoming tab to define the sources of signature updates. The Download Sources List displays sites from which you can download signatures. Snap Servers are preconfigured to get signatures via ftp from ftpav.ca.com. Add — Click this button to display the Source Select dialog, in which you can add a download method and a source for the update to the list.
eTrust InoculateIT Updating a Snap Server That Does Not Have Internet Access If you have Snap Servers that do not have Internet access, use the following procedures to download the signature files to a machine with Internet access and then copy them to the Snap Server. 1 Using a workstation with Internet access, go to ftp://ftpav.ca.com/pub/ inoculan/scaneng and download the following files. • All *.tar files containing the word Linux, e.g., fi_Linux_i386.tar and ii_Linux_i386.tar • All *.
eTrust InoculateIT Distributing Updates from One Snap Server to Another To Distribute Files via UNC If you have more than one Snap Server with no Internet access, you can perform the previous procedure on just one of them, and then configure your other Snap Servers to get the update from that Snap Server automatically via UNC. 1 Choose Scanner > Signature Update Options, and click the Incoming tab. 2 Click the Add button, and select UNC in the Method list box.
eTrust InoculateIT Understanding Alert Options This section describes the integrated options in the Computer Associates antivirus software GUI that allow you to set options for managing the information that is passed to the Alert Manager on the Snap Server. These options allow you to tailor the notification information that is provided to the Alert Manager, cut down on message traffic, and minimize the dissemination of notifications that are not critical.
eTrust InoculateIT Managing Report Criteria Use the Report Criteria options to manage how frequently messages from the General Event Log are reported, based on the settings for the Report To options. The Queue Up and Time Out After options work together. Messages are reported based on whichever limit is reached first. Options Description Queue Up Records Use the Queue Up option to specify a number of message records to collect in the General Event Log.
eTrust InoculateIT Custom Notification Use the custom notification option to customize sets of notification messages for the different services. Choose one of the available service modules and select from a list of associated notification messages. Use these options to specify which messages you want to send as notifications. This limits the messages that are reported. For each service module, you can select specific messages that you want reported. The following service modules are available.
eTrust InoculateIT Using the Move Directory To view infected files, make sure you are in Local Scanner view and click the Move Folder directory on the left of the window. Infected files appear on the right. When a file is put in the Move Folder, it is given a unique name to identify it. Thus, if you had infected files with the same names that were stored in different directories, they remain distinct if they are moved.
eTrust InoculateIT The Log Viewer List The Log Viewer list can contain logs for the following categories of scan jobs. • Local Scanner — This directory contains a list of logs that report the results of the scan jobs that have run on your Snap Server. • Scheduled Scanner — This directory contains a list of scheduled scan jobs. For each job, there is a scan log that contains the results for each time that the job has run, listed by the scheduled date and time.
Chapter 8 Troubleshooting This chapter describes common troubleshooting suggesting regarding installation, networking, security, and data protection issues. For more troubleshooting tips, visit the Snap Appliance Web site at http://www.snapappliance.com/support. Networking Issues Problem: The server cannot be accessed over the network. Solution: Inaccessibility may be caused by a number of reasons.
Using Maintenance Modes Problem: The network does not have a DHCP server and the Snap Server IP address is unknown. Answer: Install NASManager from the Snap Server User CD onto a client workstation. You can then use the utility discover all Snap Servers on your network, and to assign a static IP addresses as necessary. Problem: Apple users cannot log on to the Snap Server as Windows users.
Disaster Recovery and Maintenance Issues tool such as a pen or pencil to press the button). On the 4200 and 4500, remove the front bezel and press the white button, located to the left of the black power button. The system will reboot, and after about a minute, the system light should begin to alternately flash amber and green. When you next access the server, the initial maintenance mode (Recovery Console) screen opens. This will change the Snap Server’s IP address.
NASManager Installation Issues Solution: Use one of the following methods as appropriate. • Snap Server 4200, 4400, and 4500: Press the Reset button on the Snap Server to reset the admin password to the default setting of admin. (Pressing the Reset button also boots the system into Maintenance mode). • Snap Server 14000: Use Maintenance Mode 2 to clear the administrative password, then use the Administration Tool to set a new password.
Appendix A Snap Server Specifications This appendix contains specifications for the Snap Server 4200, 4400, 4500, and the Snap Server 14000. Specifications are subject to change without notice. Up-to-date specifications are posted at http://www.snapappliance.com. GuardianOS Specifications These specifications apply to all Snap Servers running the GuardianOS.
GuardianOS Specifications Feature Specification Server Emulation Windows 2000 Windows NT 4.0 AppleShare 6.0 NFS 2.0/3.
Snap Server 4400 Specifications Snap Server 4400 Specifications Feature Specification Network Connection Autosensing 10/100/1000Base-T, dual RJ-45 network connectors, with support for load-balancing and failover. Dimensions Width .....................16.7 in (42.5 cm) Depth .....................18.4 in (46.8 cm) Height ....................1.65 in (4.2 cm), 1U Weight ...................20.5 lbs (9.3 kg) Power Power Rating: 100-240 VAC, 50-60Hz, autosensing Input Current: 3.6A (RMS) for 115VAC, 1.
Snap Server 4200/4500 Specifications Snap Server 4200/4500 Specifications Feature Specification Network Connection Autosensing 10/100/1000Base-T, dual RJ-45 network connectors, with support for load-balancing and failover. Dimensions Width .....................16.8 in (42.7 cm) Depth .....................23 in (58.4 cm) Height ....................1.66 in (4.2 cm), 1U Weight ...................28 lbs (12.7 kg) Power Power Rating: 250W, 100-240 VAC, 50-60Hz, Input Current: 3.6A (RMS) for 115VAC, 1.
Snap Server 14000 Specifications Snap Server 14000 Specifications Feature Specification Network Connection Autosensing 10/100/1000Base-T, dual RJ-45 network connectors, with support for load-balancing and failover. Dimensions Width.....................17.0 in (43.2 cm) Depth.....................23.0 in (58.4 cm) Height....................5.0 in (12.7 cm), 3U Weight....................75.0 lbs (34.1 kg) Power Power Rating: 100-240 VAC, 50-60Hz, autosensing Input Current: 5.0A (RMS) for 115VAC, 2.
Taiwan Statement Taiwan Statement !" #$%&'()*+ ,-. Safety Precautions • Environmental Conditions — Make sure the physical environment in which the server resides falls within the specifications for your model as described in this chapter. • Installing the Server — During installation, make sure the server is always placed on a surface capable of supporting its weight.
Appendix B Third-Party Backup Applications This appendix describes how to install the following backup agents on the Snap Server from a Linux or a Windows backup host system: • CA BrightStor ARCServe 2000 v7.0 Workgroup Edition/Advanced Edition • VERITAS NetBackup DataCenter and BusinesServer v3.4 • VERITAS Backup Exec v8.6 • Legato NetWorker v6.1.1 These backup packages do not support the backup of extended POSIX ACLs.
Preparing to Install a Third Party Backup Agent • A secure shell (SSH) client — To remotely install any backup agent on the Snap Server, you must use have a secure shell (SSH) client installed on a remote workstation. The Snap Appliance SSH implementation is compatible with both SSH1 and SSH2. If you do not already have an SSH client installed, you can download free or low-cost SSH applications from the Internet.
Installing Third-Party Agent Software General Guidelines Before proceeding with your installation, make note of the following: • The Snap Server Backup and Restore Path — Backup servers often request the path for backup and restore operations on the Snap Server. When you configure a backup server to see the agent or client running on the Snap Server, use the following path: /shares/sharename where sharename is the name of the share to be backed up.
Installing Third-Party Agent Software 6 To unpack the agent files for CA BrightStor ARCServe 2000 v7.0, enter the following commands at the prompt, and press Enter after each one. Tip When you unpack the agent files, ignore errors regarding the bin group and bin user will appear. These errors will not affect installation or use of the agent. rpm -ivh --nodeps calicens.rpm rpm -ivh --nodeps uagent.rpm rpm -ivh --nodeps asagent.
Installing Third-Party Agent Software where filename is the name of agent file. Then press Enter to list the files and directories that you are installing. 6 To run the Backup Exec agent installation, type the following command: ./INSTALL Then press Enter and follow the prompts, using the default install locations and default options. Caution You must respond to “yes” or “no” prompts in lower case (y or n); using uppercase will cause an error and abort the procedure.
Installing Third-Party Agent Software Installing a VERITAS NetBackup Client This section describes how to install the UNIX/Linux agent from VERITAS NetBackup. 1 Copy the NetBackup NBClients directory and the Linux directory from the root of the NetBackup CD to the agent directory on the Snap Server. 2 Connect to the Snap Server via SSH, and log in as admin using your admin user password. 3 To change to superuser, enter the following command and press Enter.
Installing Third-Party Agent Software Installing a Legato NetWorker Client This section describes how to install the Legato NetWorker UNIX/Linux client. 1 Connect to the Snap Server via SSH, and log in as admin using your admin user password. 2 To change to superuser, enter the following command and press Enter. su 3 At the prompt, enter the admin user password, and press Enter.
Installing Third-Party Agent Software Backup & Restore Operations with a Legato NetWorker Client This section describes special procedures Legato NetWorker users must use in order to perform backup and restore operations on the Snap Server. To Add the Snap Server as a Root User For backup operations, NetWorker requires that the Snap Server be configured as a root user. To add the Snap Server root user as one of the administrators, use the following procedure. 1 Open the NetWorker Administrator application.
Installing Third-Party Agent Software 4 Enter one of the following commands, then press Enter: • If recovering data to its original location: recover -s backupservername -c snapservername -f -i “/shares/ SHARE1/data/” -a where /shares/SHARE1/Data/ is the path of the data you are restoring.
Installing Third-Party Agent Software 162 Snap Server Administrator Guide
Appendix C Upgrading Backup Express for Jukebox Support Jukebox (robotic tape library) support enables unattended, lights-out backup operations. Upgrade packages that offer various levels of Jukebox support are available from the Snap Appliance Web site (http://www.snapappliance.com). When you purchase an upgrade, you receive a Proof of Purchase (PoP) number. The PoP number is used to obtain a license key that enables functions in your software.
Upgrade Notes The Backup Express for GuardianOS manuals are in PDF format and are in the manuals subdirectory on the Backup Express for GuardianOS User CD-ROM. You can find the instructions for setting up automated tape libraries for use with Backup Express for GuardianOS in the Backup Express Jukebox Setup Guide (bexjuke.pdf). If further assistance is required, contact Backup Express Technical Support at (201) 930-8280.
Glossary Term Definition Access Permissions A rule associated with a share, a file, or a directory to regulate which users can have access to the share and in what manner. ACL (access control list) Access control lists control access to directories and files. Each list includes a set of access control entries, which contain the meta data that the system uses to determine access parameters for specified users and groups.
Term Definition AllLocalUsers group The AllLocalUsers Group is the default group for all users on Snap Servers. Local users are set up by the Snap Server administrator. Network users or Windows Domain users are not part of the AllLocalUsers group. AllUsers group The AllUsers Group is a collection of all users. The Snap Server automatically maintains the AllUsers group. Array A series of objects all of which are the same size and type.
Term Definition Default gateway The network address of the gateway is the hardware or software that bridges the gap between two otherwise unroutable networks. It allows data to be transferred among computers that are on different subnets. Degraded A RAID state caused by the failure or removal of a disk drive.
Term Definition Ethernet Ethernet is the most widely-installed local area network technology. The most commonly installed Ethernet systems are called 10Base-T and provide transmission speeds up to 10 megabits per second (Mbps). Fast Ethernet or 100BaseT provides transmission speeds up to 100 Mbps and is typically used for LAN backbone systems, supporting workstations with 10Base-T cards.
Term Definition Host name The unique name by which a computer is known on a network. It is used to identify the computer in electronic information interchange. Hot spare A hot spare is a disk drive that can automatically replace a damaged drive in a RAID 1 or 5. If one disk drive in a RAID fails, or is not operating properly, the RAID automatically uses the hot spare to rebuild itself without administrator intervention.
Term Definition LCD (liquid crystal display) An electronic device that uses liquid crystal to display messages on the Snap Server 14000. LED (light emitting diode) An electronic device that lights up when electricity is passed through it used on the Snap Server 4400 as status lights.
Term Definition Mounted Describes a file system that is available. Multi-homed Describes a Snap Server that is connected to two or more networks or has two or more network addresses. NAS (network attached storage) Hard disk storage that is set up with its own network address as opposed to being attached to the department computer that is serving applications to a network's workstation users.
Term Definition POSIX (portable operating system interface) A set of standard operating system interfaces based on the UNIX operating system. The need for standardization arose because enterprises using computers wanted to develop programs that could run on multiple platforms without the need to recode. The Snap Server uses Extended POSIX ACLs. Protocol A standardized set of rules that specifies the format, timing, sequencing, and/or error checking for data transmissions.
Term Definition Server number A numeric derived from the MAC address of your Snap Server’s primary Ethernet port that is used to uniquely identify a Snap Server. Server-to-Server Synchronization (S2S) A SnapExtension that copies the contents of a share from one Snap Appliance server to another share on one or more different Snap Servers. S2S is designed to work with Snap Servers and other Snap Server Storage Solutions.
Term Definition SNMP (simple network management A system to monitor and manage network devices such as protocol computers, routers, bridges, and hubs. SNMP views a network as a collection of cooperating, communicating devices, consisting of managers and agents. SSH (secure shell) A service that provides a remote console for special system administration and customer support access to the server.
Term Definition UNC (Universal Naming Convention) In a network, the UNC is a way to identify a shared file in a computer without having to specify (or know) the storage device it is on. In the Windows OS, the UNC name format is as follows: \\server_name\share_name\path\file_name UPS (uninterrupted power supply) A UPS device allows your computer to keep running for a short time when the primary power source is lost. It also provides protection from power surges.
176 Snap Server Administrator Guide
Index A Access protocol access to shares 62 protocol access to the Snap Server 37 share- and file-level access.
options 94 PowerQuest DataKeeper 96 Server-to-Server Synchronization 96 supported native and third party 97 Backup Express for Guardian OS 95 components of 105 defining backup jobs 108 installing 104 managing the catalog 112 supported configurations 104 types of backup operations 105 user CD 104 Bonded network configuration defined 39 physical cabling for 4200/4500 20 4400 12 14000 27 Browser using to connect via FTP 50 D Dantz Retrospect Express Server 5.
NIS 83 setting permissions for 89 Windows 81 setting share access to 85 Dual-Ethernet. See Ethernet.
Hot swapping disk drives 71 accessing from Web View 51 to Administration Tool 6 fans (14000) 120 power supplies (14000) 119 HP Open View 123 M Macintosh and hidden shares 51 I enabling Appletalk for 46 Initial Setup Wizard, using 31 launching NASManager on 5 Installing antivirus software 58 NASManager 4 Internal temperature, e-mail notification of 122 IP address, setting local user requirement 50 mounting shares on OS X 50 Maintenance Modes 144 Monitoring configuring SNMP alerts 123 e-mail notifica
P Paths connecting via web browser 51 for backing up snapshots 102 for distributing antivirus updates 136, 137 for restoring a "cured" file 141 for restoring backed-up data to 118 for selecting shares to back up 108 Permissions share- and file-level interaction 85 file-level default behavior 89 GuardianOS processing of 91 setting folder inheritance 90 share-level defaults 85 NFS restrictions and 86 setting 87 Power supply RAID 0 (striped) 59 RAID 1 (mirrored) 56 RAID 5 (striping with parity) 56 types, choo
Snap Server 14000 25 14000 Snap Server 4200/4500 18 connecting dual-Ethernet ports 27 connecting to UPS 28 hardware components 24 hot swapping power supplies 119 rack installation 26 turning on 29 backup and restore path 155 Snap Server 4400 11 Server registration performing 35 requirements for 31 Server-to-Server Synchronization. See S2S Setup wizard, using 31 Shared-hub configurations 41 Shares defined 54 /shares directory 118 access.
NASManager 5 System status, reviewing 124 Veritas Backup Exec supported versions 97 Veritas Backup Exec v 8.6 97 T VERITAS NetBackup TCP/IP Veritas NetBackup configuring 41 options 39 Technical Support xi Tivoli NetView 123 installing agent 158 supported versions 97 Veritas NetBackup DataCenter 3.4.
184 Snap Server Administrator Guide
