Snap Server® Administrator Guide GuardianOS v3.
COPYRIGHT Copyright © 2004, Snap Appliance, Inc. All rights reserved worldwide. Information in this document is subject to change without notice and does not represent a commitment on the part of Snap Appliance or any of its subsidiaries. The software described in this document is furnished under a license agreement. The software may be used only in accordance with the terms of the license agreement. It is against the law to copy the software on any medium.
END USER LICENSE AGREEMENT (EULA) FOR USE OF SNAP APPLIANCE STORAGE SOLUTIONS AND RELATED INSTALLATION UTILITIES SNAP IP, ASSIST, AND SNAP SERVER MANAGER (“INSTALLATION UTILITIES”); THE SYSTEM SOFTWARE EMBEDDED IN THE SNAP SERVER STORAGE SOLUTION (“EMBEDDED SOFTWARE”); SOFTWARE MARKETED BY SNAP APPLIANCE OR THAT IS EMBEDDED IN OR OTHERWISE CONSTITUTES A PART OF SNAP APPLIANCE COMPUTER HARDWARE PRODUCT(S) (SOMETIMES REFERRED TO COLLECTIVELY HEREIN, TOGETHER WITH THE INSTALLATION UTILITIES AND THE EMBEDDED SO
purposes, you may not copy any documentation pertaining to the Licensed Software. You agree that your use and possession of the Licensed Software is permitted only in accordance with the terms and conditions of this Agreement. 5 Ownership of Restricted Software.
COMPUTER ASSOCIATES INTERNATIONAL, INC. ("CA") ETRUST ANTIVIRUS END USER LIMITED LICENSE AGREEMENT (THE "AGREEMENT") CAREFULLY READ THE FOLLOWING TERMS AND CONDITIONS REGARDING YOUR USE OF ETRUST ANTIVIRUS, INCLUDING ITS CODE AND DOCUMENTATION (THE "PROGRAM") BEFORE USING THE PROGRAM. 1 CA PROVIDES YOU WITH ONE COPY OF THE PROGRAM AND LICENSES THE PROGRAM TO YOU PURSUANT TO THE TERMS OF THIS AGREEMENT. a.
Contents Preface .....................................................................................xi Chapter 1 Administrative Overview ....................................................................1 GuardianOS Specifications .................................................................... 2 New Features in this Release .................................................................. 5 Snap Server Manager............................................................................
Local Users and Groups .......................................................................24 Windows Workgroup or Domain .........................................................25 NIS Domain .......................................................................................27 Chapter 4 Storage Configuration & Expansion................................................... 29 Default Storage Configuration ..............................................................29 RAIDs ..........................
Backing Up the NetVault for GuardianOS NVDB Directory .................... 63 Recovering the NetVault Database ....................................................... 64 Disaster Recovery Procedural Overview................................................. 66 Chapter 9 CA eTrust Antivirus Software ............................................................69 Antivirus Dependencies........................................................................ 70 Launching the CA eTrust Antivirus GUI .............
x Snap Server Administrator Guide
Preface Audience and Purpose This guide is intended for system and network administrators charged with installing and maintaining Snap Servers on their network. We assume the administrator is familiar with the basic concepts and tasks of multiplatform network administration. This guide provides information on the installation, configuration, security, and maintenance of Snap Servers.
Tips and Cautions Conventions used to call out useful or important information are described next: Tip A tip presents time-saving shortcuts related to the main topic. Caution A caution alerts you to potential hardware or software issues or hazards in the configuration or operation of Snap Servers. Consider cautions carefully before proceeding with any operation.
Finding More Information Product documentation related toGuardianOS Snap Servers and Snap Disk expansion arrays are listed below. The current versions of all these documents are always available from the Snap Appliance documentation center at http:// www.snapappliance.com/support . Source and Location Content Quick Start Guide Details package contents, identifies server hardware components, and provides complete instructions for installing the server to a rack and connecting the server to the network.
xiv Snap Server Administrator Guide
Chapter 1 Administrative Overview Snap Servers are designed as flexible, low-maintenance network file servers optimized for performance and efficiency. Snap Servers run the GuardianOS, built to maximize file I/O throughput across multinetwork protocols. To this end, all unnecessary system control and processing functions that are associated with a general-purpose server have been removed.
GuardianOS Specifications GuardianOS Specifications These specifications apply to all Snap Servers and expansion arrays running the most recent version of the GuardianOS. Feature Specification Network Transport Protocols TCP/IP UDP/IP AppleTalk iSCSI Network Block Protocols iSCSI (Block) Network File Protocols Microsoft (CIFS/SMB) UNIX (NFS v2.0/3.0) Apple (AFP v2.0) HTTP, HTTPS v1.
GuardianOS Specifications Feature Specification System Management Browser-based Administration Tool for remote system administration Snap Server Manager utility (platform independent) SNMP (MIB II and Host Resource MIB) User disk quotas for Windows, UNIX/Linux, Mac, FTP Group disk quotas for UNIX/Linux Environmental monitoring E-mail notification RAID Options RAID 5 (drive striping with parity): For each array, the size of one drive is reserved for parity.
GuardianOS Specifications Feature Specification Data Protection Snapshots for immediate or scheduled point-in-time images of the file system. Local Backup with BakBone Netvault Workgroup Edition. Network Backup with VERITAS NetBackup/Backup Exec, CA BrightStor ARCserve/Enterprise, Legato NetWorker, BakBone Netvault, Microsoft Backup Software for Windows 95/98/NT/2000/Me/XP, or Dantz Retrospect (Macintosh).
New Features in this Release New Features in this Release The major enhancements listed in the following table have been included in the latest release. Feature Description iSCSI Multi-initiator Support Using the Microsoft iSCSI initiator, multiple initiators can now target the same iSCSI disk. BakBone NetVault 7.1.1 NetVault 7.1.1 is now pre-installed on the Snap Server. Previous versions of the GuardianOS shipped with NetVault 7.1. This new version provides support for Windows XP.
Snap Server Manager • Java Requirements — JRE 1.4.0 or higher must be installed. • MacOS requirements — If you plan to run Snap Server Manager on a Macintosh client, you must upgrade the client to MacOS 10.2 or higher. (Required for JRE 1.4.0 or higher support.) Launching Snap Server Manager Launch Snap Server Manager using one of the methods described in the following table: Operating System Procedure Microsoft Windows 98/NT/XP/ Me/2000/2003 Click Start.
Connecting to the Server for the First Time Connecting to the Server for the First Time Snap Servers are preset to acquire an IP address from a DHCP server. If no DHCP server is found on the network, the Snap Server defaults to an IP address of 10.10.10.10, and you may not be able to see the server on your network. You can discover a Snap Server using either the default server name or the Snap Server Manager (SSM) utility. Use the server name method if you are installing one Snap Server on the network.
Using the Initial Setup Wizard Using the Initial Setup Wizard The first time you connect to a Snap Server via the browser-based Administration Tool, the Initial Setup Wizard runs. The Initial Setup Wizard consists of several screens that allow you to change the server name, set the date and time, set the administrator password, configure TCP/IP settings for the primary Ethernet port (Ethernet1), and register the server. Server Name The default server name is SNAPnnnnnn, where nnnnnn is the server number.
Configuring an APC-Brand UPS Server Registration You must register your server to activate your warranty, to receive Snap Care service and support, to create and track service requests, to download software updates, and to receive exclusive promotional offers. Tip You can register multiple Snap Servers in one operation using Snap Server Manager. For more information, install SSM (see page 5) and refer to the online help.
SnapExtensions SnapExtensions A SnapExtension is a Java application that extends a Snap Server's functionality. The SnapExtension start screen shows the current state of the components of a SnapExtension. Currently, Server to Server Synchronization is the only SnapExtension on offer. Server to Server Synchronization (S2S) Server-to-Server Synchronization is a SnapExtension that moves, copies, or replicates the contents of a share from one Snap Server to another share on one or more different Snap Servers.
Add-On Features Add-On Features Add-on features are software applications, agents, and utilities that extend the capabilities of a Snap Server. Some add-on features are fully functional out-of-thebox; others may require a download and/or the purchase of a license for full operation. For up-to-date information on feature availability, contact Snap Appliance.
Finding More Information Finding More Information Product documentation related toGuardianOS Snap Servers and Snap Disk expansion arrays are listed below. The current versions of all these documents are always available from the Snap Appliance documentation center at http:// www.snapappliance.com/support .
Chapter 2 Network Access to the Server Snap Servers are preconfigured to use DHCP, autonegotiate network settings, and allow access to the server for Windows, NFS, Macintosh, FTP, and HTTP/HTTPS clients. Discussed next are the options for configuring TCP/IP addressing, network bonding, and access protocols. Network bonding options allow you to configure the Snap Server for load balancing and failover. Network protocols control which network clients can access the server.
TCP/IP Options TCP/IP Options GuardianOS Snap Servers ship with Dual Gigabit Ethernet ports. The following table describes TCP/IP options; default settings appear in boldface. Default TCP/IP Settings and Options Option Setting DHCP TCP/IP Addressing Network bonding Description By default, Snap Servers acquire an IP address from the DHCP server on the network. Static Administrators may assign a fixed IP address as necessary.
Configuring TCP/IP Settings Configuring TCP/IP Settings TCP/IP settings are configured on the Network > TCP/IP screen of the Administration Tool. This screen defaults to the current settings for the primary Ethernet port (Ethernet1). Issues in TCP/IP Configuration Consider the following guidelines when connecting a Snap Server to the network.
Configuring TCP/IP Settings Make Sure the Switch is Set to Autonegotiate Speed/Duplex Settings When the server is shipped from the factory, both ports are set to autonegotiate. This setting allows the Snap Server to base speed and duplex settings on the physical port connection to a switch. Thus, the switch/hub to which the Snap Server is cabled must be set to autonegotiate to initially connect to the server; otherwise, network throughput or connectivity to the server may be seriously impacted.
Default Protocol Access Settings Default Protocol Access Settings Snap Servers are preconfigured to allow multiplatform access in heterogeneous Windows, UNIX/Linux, and Macintosh environments. The following table summarizes the Snap Server’s default network protocol access configuration. Protocol Default Comments Windows (CIFS/SMB) Enabled Allows access to Windows clients via the workgroup Workgroup.
Windows SMB Access Support for Windows (SMB) Consider the following information when configuring access for your Windows clients. Windows File and Folder Name Support In Windows, most file and directory names are transmitted as a 2-byte (16 bit) UCS2 character set. However, this is not true in every case. Some are still sent via a single byte character set.
NFS Access NFS Access NFS access to the server is enabled on the Network > NFS screen of the Administration Tool. By default, NFS access is enabled and any NFS client can access the Snap Server through the guest account. NFS client access to shares can be specified by navigating to the Security > Share screen, clicking the name of a share, and then clicking the NFS Access button along the bottom of the screen.
Apple File Protocol Access Apple File Protocol Access Apple (AFP) settings are configured on the Network > AFP screen of the Administration Tool. The default settings provide access to AFP clients over an AppleTalk or TCP/IP network. Macintosh clients can access the server using the local guest user account. For more granular control over Macintosh client access, create local user accounts for Macintosh users.
FTP Access Macintosh Access via a Browser When Only HTTPS Is Enabled If HTTP access is disabled, the Snap Server cannot be accessed using Internet Explorer 5.x for Macintosh. To resolve this issue, either use an alternate browser, or re-enable HTTP access on the Network > Web screen. Sherlock Support for MacOS Sherlock is supported for MacOS 8.1, 9.1, and X v. 10.1.x. For MacOS X v. 10.2.x and higher, the Find tool in the Finder window is fully supported.
HTTP/HTTPS Access HTTP/HTTPS Access Web View is the screen that opens when users access a Snap Server using their Web browsers. This screen displays a list of all shares to which the user has access. Users can navigate the share structure to locate and view or download files, but they cannot modify or upload files. Web View requires the use of either Microsoft Internet Explorer (4.0 or later) or Netscape Navigator (4.7x or later).
Chapter 3 User & Group Management Authentication validates a user’s identity by requiring the user to provide a registered login name and corresponding password. Snap Servers ship with predefined local users and groups that allow administrative and guest user access to the server via all protocols. Administrators may choose to join the Snap Server to a Windows NT, Windows 2000, or Active Directory domain, and Windows clients can then authenticate to the server using their domain credentials.
Local Users and Groups guidelines: (1) the Snap Server does not recognize users or groups whose identification numbers are less than 100 or greater than 17999; and (2) each UID or GID must be unique. Local Users and Groups Local users or groups are created using the Security > Users and Security > Groups screens in the Administration Tool. Local users and groups are used for administrative and guest access to the server.
Windows Workgroup or Domain Local Account Management Tools The Snap Server offers several tools for creating, modifying, and editing local user and group accounts. Function Navigation Path Local User Management Navigate to the Security > Users screen, from which you can create, view, edit, and delete local users. Local Group Management Navigate to the Security > Groups screen, from which you can create, view, edit, and delete local groups.
Windows Workgroup or Domain Windows Networking Options Windows networks use a domain controller to store user credentials. The domain controller can validate all authentication requests on behalf of other systems in the domain. Option Description Workgroup In a workgroup environment, users and groups are stored and managed separately on each server in the workgroup.
NIS Domain Directory domains as member servers. References to the Snap Server's shares can be added to organizational units (OU) as shared folder objects. Guest Account Access to the Snap Server The Security > Windows screen contains an option that allows unknown users to access the Snap Server using the guest account.
NIS Domain 28 Snap Server Administrator Guide
Chapter 4 Storage Configuration & Expansion Snap Servers are preconfigured as a single RAID 5, with a single volume encompassing 80 percent of RAID capacity, and a single share pointing to the volume. The default storage configuration reserves 20 percent of the data space for snapshots. If the default configuration is appropriate for your needs, you need only create the directory structure, set share access permissions, and (optionally) schedule snapshots.
RAIDs Security Allocation Drives / RAID space is preconfigured to allocate eighty percent of the RAID for the file system and the remaining twenty percent for snapshots.
RAIDs would configure one of the drives as a hot spare.
RAIDs automatically uses the hot spare to rebuild itself without administrator intervention. Snap Servers offer two kinds of hot spares: local and global. Item Description Definitions Local hot spare — A local (or dedicated) hot spare is associated with and is available only to a single RAID. Administrators typically create a local hot spare for RAIDs containing mission-critical data that must always be available.
Volumes Volumes Volumes are created, viewed, edited, and deleted from the Storage > Volumes screen of the Administration Tool. The default volume organizes the Snap Server’s storage capacity into a single volume with a single file system. If you need separate file systems on the same server, you can delete the default volume and create two or more smaller volumes in its place. Consider the following facts and guidelines when planning your new volume configuration.
Quotas • Adding Unallocated Capacity — If there is unallocated capacity remaining on the RAID, you can add this capacity to the volume simply by editing the size field and clicking Save. • Creating a New RAID — If all capacity on the RAID is allocated, and either: (1) a sufficient number of drives to create a new RAID exists, or (2) a RAID of the same type with excess capacity exists, the Expand Volume button appears.
Expansion Arrays how much space each user or group is currently consuming on the volume, allowing for precise tracking of usage patterns. You can set individual quotas for any local, Windows domain, or NIS user known to the Snap Server. Group quotas are available only for NIS groups. Default Quota Assignments and Ranges When you add a user to the quota table, the quota defaults to 100 MB; for a group, the default is 1000 MB. Quotas may range from 1 MB up to the total capacity of the volume.
Expansion Arrays The Snap Disk 10 The Snap Disk 10 expansion array allows you to expand the capacity of a Snap Server 4500 (only) without increasing administrative tasks. You can attach up to two Snap Disk 10s via a Serial ATA cable to a Snap Server 4500. Each expansion array holds four disk drives. A Snap Disk 10 expansion array is powered on, connected to the network, and managed though the Snap Server 4500 to which it is connected.
Expansion Arrays further preparation (other than preparing rack space) is necessary; the Snap Disk 30SA comes with the necessary cables. Otherwise, you will need to purchase and install the Snap Appliance fibre channel card, available from an authorized Snap Appliance reseller. The Snap Disk 32SA The Snap Disk 32SA expansion array works with a Snap Server 15000 or 18000. You can daisy chain up to seven Snap Disk 32SAs via optical cables. Each expansion array holds up to 16 disk drives.
Status Devices On the Storage > Devices screen, an expansion array’s disk drives are distinguished from those of the host server by the label EXTN. The following graphic shows the Devices screen of a host Snap Server 4500. The disk drives of the expansion array connected to Port 1 of the host server’s Serial ATA card display with the label EXTN1; the disk drives of a second expansion array connected to Port 2 display with the label EXTN2.
Status Devices Deleteing Unassigned Global Hot Spares Label Description Location The bay in which the drive is seated Model Device specifications Size Actual available capacity Status Current condition of the device: • Member Of — The RAID to which the drive is assigned. • Unassigned — Not a member of any RAID. • Hot Spare of — The drive is reserved as a local hot spare and is available only the RAID of which it is a member.
Status Devices Understanding the Disk Drive Detail table This screen displays summary information on each enclosure in the system as follows: Label Description Snap Unit The bay in which the drive is seated Model Snap Server or Snap Disk Model Number Server Number Server number Drives The number of disk drives Status Current condition of the unit’s disk drives.
Chapter 5 iSCSI Disks Internet SCSI (iSCSI) is a standard that defines the encapsulation of SCSI packets in TCP and their transmission via IP. On Snap Servers, an iSCSI Disk is based on an expandable, RAID-protected volume but appears to a client machine as a local SCSI drive. This storage virtualization frees the administrator from the physical limitations of direct-attached storage media and allows capacity to be expanded easily as needed.
iSCSI Disk Management and Usage Isolate iSCSI Disks from Other Resources for Backup Purposes It is important to isolate iSCSI Disks from other resources on the Snap Server for two reasons: (1) the file system of an iSCSI Disk differs fundamentally from the Snap Server’s native file system; and (2) iSCSI Disks are managed from client software rather than the Snap Server’s Administration Tool.
iSCSI Disk Management and Usage without some risk. If the Snap Server were to suddenly lose power, for example, data still in cache would be lost. This risk can be minimized by following industry-standard security precautions such as keeping servers in a secured location and connecting power supplies to the mains using a network-based UPS. In most environments, taking these simple precautions virtually eliminates the risk of serious data loss from sudden and unexpected power outages.
iSCSI Disk Management and Usage To Configure iSNS Label Description iSCSI Disk Name The name of each iSCSI disk Volume The volume on which the iSCSI disk was created Device The path of the iSCSI disk file Authentication CHAP or none Size The size of the iSCSI disk Status Current condition of the iSCSI disk: • OK — The iSCSI disk is online and accessible. • Not Mounted — The iSCSI disk is offline.
Chapter 6 Share and File Access Snap Appliance has implemented features to accommodate the disparate methods used by the SMB and NFS protocols for sharing data. At the share level, administrators can assign read-write or read-only share access to individual Windows (and local) users and groups. Administrators can also edit the NFS exports file to control how shares are exported to NFS client machines. The SMB and NFS protocols also part ways in their handling of file-level permissions.
Components and Options Components and Options Shares are created and share access is granted using the Administration Tool. Filelevel permissions are configured from a Windows or UNIX/Linux workstation. The following table summarizes the components, options, and tools available for setting up share and file security on Snap Servers. Component Options Security Models (SnapTrees) Directories created on the root of a Snap Server volume are assigned one of two security models: Windows or UNIX.
SnapTrees & Security Models SnapTrees & Security Models Directories created at the root of a Snap Server volume are assigned one of two security models: Windows or UNIX. The security model determines the file-level security scheme that will apply to files, folders, and subdirectories within the toplevel directory. This security-based directory structure is referred to as a SnapTree.
Creating Shares Creating Shares Shares are created, viewed, edited, and deleted from the Storage > Shares screen of the Administration Tool. The default share (SHARE1) maps to the root of the volume and grants access to all users and groups over all protocols. As a security measure, disable any protocols not required for your network environment. Guidelines Consider the following guidelines when creating or deleting shares.
Share-Level Access Permissions Security Models, SnapTrees, and Shares In the course of creating a share that points to a volume or to a directory on the root of the volume (aka SnapTree directory), you must assign a security model to the volume or SnapTree directory. Thereafter, security models for these entities are managed on the Security > SnapTrees screens.
Setting File and Folder Permissions (Windows) • Interaction between share-level and file-level access permissions — When both share-level and file-level permissions apply to a user action, the more restrictive of the two applies. Consider the following examples: Example A: More restrictive file-level access trumps more permissive share-level access.
Setting File and Folder Permissions (Windows) the parent directory. The example displayed in the graphic shows the default settings for a file created by the local user admin.
Setting File and Folder Permissions (Windows) in Windows security are available on the Snap Server. The GuardianOS supports the following file and directory permissions. File- and Directory-Level Access Permissions Read Grants complete read access. It is a combination of List Folder/ Read Data, Read Attributes, Read Extended Attributes, Read Permissions. Write Grants complete write access.
Setting File and Folder Permissions (Windows) To Set File and Directory Permissions and Inheritance (Windows) 1 Using a Windows NT 4.0, 2000, or XP client, map a drive to the Snap Server, logging in as a user with change permissions for the target file or directory. 2 Do one of the following: • In Windows NT, right-click the file or directory, choose Properties, click the Security button, and then select Permissions.
Setting File and Folder Permissions (Windows) 54 Snap Server Administrator Guide
Chapter 7 Snapshots A snapshot is a consistent, stable, point-in-time image of a volume used for backup purposes. Snapshots can satisfy short-term backup situations such as recovering a file deleted in error, or even restoring an entire file system, without resorting to tape. Perhaps more importantly, snapshots can be incorporated as a central component of your backup strategy to ensure that all data in every backup operation is internally consistent and that no data is overlooked or skipped.
Snapshot Management and Usage snapshot and clicking the Rollback button. During the rollback operation, data on the volume will be inaccessible to clients. Cautions (1) Rolling back a volume cannot be undone and should only be used as a last resort after attempts to restore selected directories or files have failed; (2) Performing a rollback on a volume may invalidate the NetVault for GuardianOS nvdb directory for the volume, and may also disable the antivirus software.
Estimating Snapshot Pool Requirements Estimating Snapshot Pool Requirements Snapshot data grows dynamically for as long as a snapshot is active and as long as there is enough space available in the snapshot pool to store them. When the snapshot pool approaches its capacity (at about 95 percent), the Snap Server deletes the oldest snapshot’s data to create space for more recent snapshot data. The default configuration allocates 80 percent of RAID capacity to the volume and 20 percent to the snapshot pool.
Accessing Snapshots • Creating a RAID Group — When two RAIDS are grouped, their snapshot pools are added together. For example, if RAID A with a snapshot pool of 50 MB is grouped with RAID B with a snapshot pool of 25 MB, the resulting RAID Group will have a snapshot pool or 75 MB. Depending on the purpose you had in mind when grouping the RAIDs, the result of combining the two snapshot pools may or may not be desirable, and you will need to readjust the size as described above.
Coordinating Snapshot and Backup Operations Accessing Snapshots Within the Snapshot Share A snapshot share contains a series of directories. Each directory inside the snapshot share represents a different snapshot. The directory names reflect the date and time the snapshot was created. For example, assume the snapshot share named Sales_SNAP contains the following four directories: latest 2003-12-25.120000 2004-01-01.000100 2004-01-07.
Coordinating Snapshot and Backup Operations depending on the number of files in the volume.) For example, assuming you schedule nightly backups for a heavily used volume at 3:00 a.m., you might schedule the snapshot of the volume to run every day at 2:30 a.m., allowing half an hour for the snapshot to run to completion. 2 If necessary, create a share for each volume with snapshot share enabled. In the Administration Tool, begin by navigating to the Security > Shares screen, and then click Create Share.
Chapter 8 Disaster Recovery This chapter explains how to create the files you need to recover a Snap Server’s configuration information, such as network and RAID configurations, as well as volume-specific information, such as ACLs and quota settings. It also discusses what to do if all access to the data on a Snap Server is cut off due to a hardware or software failure.
Backing Up Server and Volume Settings • SnapDRImage — The Snap Server disaster recovery image saves server-specific settings such as server name, network, RAID, volume and share configuration, local user and group lists, and snapshot schedules. There is one SnapDRImage file per server, residing on the root directory of the first volume at the following path: \\server_name\volume_name. Tip The SnapDRImage file is in binary form and can be safely used only with the Snap Server Disaster Recovery tool.
Backing Up the NetVault for GuardianOS NVDB Directory 3 Take no action regarding the volume-specific files. These files will be copied to tape as part of your regular volume backup procedures. Backing Up the NetVault for GuardianOS NVDB Directory This section details the use of the NetVault Database plug-in and offers various tips for its use.
Recovering the NetVault Database 6 Enter a suitable name for the job in the Job Title box and start the backup job by clicking the Submit button on the command toolbar. Tip Only clients successfully added via the NetVault Client Management window will display. Recovering the NetVault Database This section summarizes the procedure necessary for recovering the NetVault Database from tape. For instructional details, see the NetVault for GuardianOS documentation that shipped with your Snap Server.
Recovering the NetVault Database • Do Not Monitor Job Progress During a Recovery — It is strongly recommended that all NetVault windows be closed, and the NetVault GUI be closed during the recovery of the NetVault Database, as this may interfere with the process. Restore Procedure 1 Access the Restore window from the NetVault GUI by clicking the Restore button in the command toolbar. 2 Double-click the NetVault Server that the desired backup was performed from to open it.
Disaster Recovery Procedural Overview Disaster Recovery Procedural Overview The procedures described in this section for responding to a catastrophic event are general in nature and may result in the loss of data. Should such an event actually occur, the exact procedure to follow will vary according to environmental conditions. Snap Appliance strongly recommends you contact a technical service representative before proceeding.
Disaster Recovery Procedural Overview 2 Select the Fresh Install option, and click OK . This operation may take a few minutes. As the operation progresses, the screen reports the progress of the operation. When the operation is finished, scroll to the bottom of the screen, and click Continue. The Continuing Fresh Install Operation screen opens. 3 When the Fresh Install operation is finished, click Reboot.
Disaster Recovery Procedural Overview 2 Restore data using a fully qualified path to a share. When entering the path to the restore directory, use the following format: /share_name/path_to_directory where share_name is case sensitive and path_to_directory points to an existing directory structure. /Finance/Sales For example, entering the path shown to the left restores the data to the Sales directory on the Finance share.
Chapter 9 CA eTrust Antivirus Software The CA eTrust Antivirus software is preinstalled on all GuardianOS Snap Servers. By default, the software is enabled, but no scan jobs or signature updates have been scheduled. (The server will, however, check for signature updates whenever the server is powered on). These and other antivirus configuration and management tasks are performed using the CA eTrust Antivirus GUI, accessed from the Maintenance > Antivirus screen of the Administration Tool.
Antivirus Dependencies Antivirus Dependencies The Snap Server implementation of CA eTrust Antivirus software includes the following features: HTTP Access and Antivirus Configuration To access the CA eTrust Antivirus configuration interface, HTTP must be enabled on the Network > Web screen. Re-enabling the Antivirus Software The antivirus software is enabled by default.
Launching the CA eTrust Antivirus GUI Launching the CA eTrust Antivirus GUI The CA eTrust Antivirus software is enabled by default. Some situations, such as deleting a volume or performing an upgrade procedure, may require you to reenable the software. To learn how the antivirus software interacts with other GuardianOS software components, see “Antivirus Dependencies” on page 70.
The Local Scanner View The Local Scanner View Use the Local Scanner view to scan a Snap Server for infected drives, folders, files, or disks on demand. Local Scanner View of the CA eTrust Antivirus GUI Left-pane Components of the Local Scanner View 72 Component Description Root Directory Displays the directory structure of the Snap Server. As in Windows Explorer, click folder icons to navigate the structure and display subfolders and files in the right-hand pane.
Scan Job Configuration and Scheduling Scan Job Configuration and Scheduling You can run scan jobs on demand or you can configure scan jobs to run periodically. This section outlines the process of configuring and running manual and scheduled scans. For detailed descriptions of all scanning options, see the CA eTrust Antivirus online Help. Tip You may not want to include Snapshot shares (see “Snapshot Management and Usage” on page 55) as part of your virus scan.
Scan Job Configuration and Scheduling Setting the type of files to scan (Selections tab) Use the Selections tab options to choose the types of objects to scan, the types of file extensions to include or exclude from a scan, and the types of compressed files to scan. • File Extensions — You can choose to scan files regardless of extension, or select specific types of extensions to include or exclude.
Signature Updates 2 Schedule the scan. The Schedule tab allows you to set a start date and a repeat interval for the scan. 3 Select the directories to scan. The Directories tab lists all paths that currently exist on the server. You can remove or add new paths as desired. You can also use the Exclude Directories tab to achieve the same result. 4 Click OK. You can view scheduled scan jobs by clicking the Scheduled Scan Jobs folder in the Local Scanner View.
Signature Updates Methods of Downloading and Distributing Signature Updates Method Description UNC Use UNC to distribute signature updates from one Snap Server to another (or from any arbitrary SMB or Windows server). Note that for UNC to work, you must have the Enable Guest Account option set to Yes (Security > Windows) on the Snap Server on which the signature updates reside. Tip Alternatively, you can distribute updates to Snap Servers from any Windows/SMB server.
Signature Updates Updating a Snap Server That Does Not Have Internet Access If you have Snap Servers that do not have Internet access, use the following procedures to download the signature files to a machine with Internet access and then copy them to the Snap Server. Tip When retrieving signature updates, the antivirus software attempts to connect to all the sites in the site list in the order they are listed.
Signature Updates To Distribute Files via UNC If you have more than one Snap Server with no Internet access, you can perform the previous procedure on just one of them (or any Windows/SMB server), and then configure your other Snap Servers to get the update from that server automatically via UNC. 1 Choose Scanner > Signature Update Options, and click the Incoming tab. 2 Click the Add button, and select UNC in the Method list box.
Alert Options 4 Click OK. The path you entered appears in Download Sources list box. 5 Click Download Now. Verifying Download Events Use the following procedure to verify download and distribution events. 1 Select View > Log Viewer. 2 In the left-hand pane, select Distribution Events. Distribution events are listed in the upper right-hand pane in chronological order. 3 Select a distribution event. The details of the distribution event display in the lower pane.
The Move Directory The Move Directory You can configure scans to move infected files to the move folder (Scanner > Local Scanner Options). To view infected files, click the Move directory on the left-hand pane of the Local Scanner View.
Log View Log View The Log View provides easy access to detailed information on scan, distribution, and other events. To access this view select Log View from the View menu. Log View with Local Scanner selected Option Description Local Scanner Displays summary information about scan jobs that have run RealTime Scanner Not Supported Scheduled Scanner Displays summary information on scheduled scans that have run General Events Displays the Event log for a given day.
Log View 82 Snap Server Administrator Guide
Chapter 10 Troubleshooting Snap Servers This chapter describes basic techniques for identifying and resolving common hardware and networking issues. Topics in Troubleshooting Snap Servers • The Meaning of LED Indicators • System Reset Options • Networking Issues • Miscellaneous Issues • Phone Home Support Additional Resources Resource Description Knowledge Base Search for solutions to specific issues by clicking the Knowledge Base link on the Snap Appliance support page: http://www.snapappliance.
The Meaning of LED Indicators The Meaning of LED Indicators LED indicators provide information on the status of basic connectivity, disk drives, fan modules, and power supply modules.
The Meaning of LED Indicators System LED Solid amber The server has encountered a system error. Blinking green then amber The server has booted to maintenance mode. For more information, see “Using Maintenance Modes to Perform System Resets” on page 93. LAN 1 and LAN 2 LEDs Solid green The server is active and connected to the network on the network port. Off The port is disconnected or the Ethernet cable is not connected or linked to an active switch.
The Meaning of LED Indicators Power Supply Module Indicator LEDs If a power supply fails on a Snap Server 14000, a failure message appears on the front LCD display. On the back of the server, there is a status light on each of the power modules, and below the power supply enclosure two activity lights.
The Meaning of LED Indicators Snap Server18000 Status & Drive Light Behavior The server has two status lights, two network lights, and two lights for each of the eight disk drives, as shown in the following illustration: Power LED System LED LAN LEDs 1 2 3 4 Disk Drive LEDs 5 6 7 8 Power, System, and LAN LEDs Looking at the server from the front, the lights appear in the following order, from left to right: power LED, system LED, LAN 1 (Ethernet1) LED, and LAN 2 (Ethernet2) LED.
The Meaning of LED Indicators Disk Drive LEDs Disk drive LEDs on the Snap Server 18000 are located on the bezel to the right of the LED display. The left light indicates drive health. The right light indicates drive activity.
The Meaning of LED Indicators Fan Module LED Indicator Lights The Snap Server has no external LEDs that indicate the status of a fan module. The Monitoring > Status screen of the Administration Tool indicates when a fan has failed. When the cover of the chassis is removed, the Fault LED on the failed module will be lit. The Fault LED of a Snap Server 18000 fan module is identified in the following illustration. To remove a failed fan module, squeeze its handles together and lift the module out of the unit.
The Meaning of LED Indicators Snap Disk 10 Disk Drive and Power Supply Module LEDs This section describes the LED indicators on the Snap Disk 10’s disk drives and power module. Disk Drive LEDs The Snap Disk 10 has two lights below each disk drive. The Status light (left) indicates power. The Activity light (right) indicates drive activity.
The Meaning of LED Indicators Snap Disk 30SA and Snap Disk 32SA Disk Drive & Power/Fan Module Behavior This section describes the LED indicators on the Snap Disk 30SA and Snap Disk 32SA’s disk drives and power /fan modules. Snap Disk 30SA and Snap Disk 32SA Disk Drive LEDs The Snap Disk 30SA and Snap Disk 32SA have two LEDs at the edge of each disk drive as shown in the following illustration.
System Reset Options Snap Disk 30SA and Snap Disk 32SA Power/Fan Module LEDs The Power/Fan module has four LED indicators as shown in the following illustration. To remove the module, squeeze the two latches on the handle together and then withdraw the module by pulling the handle towards you.
System Reset Options Resetting the Snap Server to Factory Defaults The GuardianOS allows you to reset different components of the system. Default settings can be found in the default configuration sections of Chapters 2, 3, and 4 of the Administrator Guide. Caution Each reset option requires a reboot of the server. To prevent possible data corruption or loss, make sure all users are disconnected from the Snap Server before proceeding.
System Reset Options Mode Description 3 As in mode 1, clears the IP address stored on the network, resets the server to use DHCP, and resets speed/duplex settings to autonegotiate. Mode 3 additionally, resets network bonding to standalone and resets all network protocols to factory defaults. 4 As in mode 1, clears the IP address stored on the network, resets the server to use DHCP, and resets speed/duplex settings to autonegotiate.
Networking Issues Networking Issues The Server Cannot Be Accessed over the Network Inaccessibility may be caused by a number of reasons. To resolve this issue, use one of the following methods: • Verify that you have the correct IP address of the server, and try to connect again. • Verify that the LED for the primary Ethernet port is lit. (This light indicates network connectivity.) If the light is not lit, do the following in the order indicated: a The most likely cause is the physical connection.
Networking Issues The Snap Server Does Not Operate Properly on a Network Running GigabitFull-Duplex For Gigabit Ethernet to operate properly, both the switch and the Snap Server’s primary Ethernet port (Ethernet1) must be set to Auto (autonegotiate). Any other setting will result in unexpected behavior and reduced performance.
Networking Issues mismatch between the switch/hub and the Ethernet port on the Snap Server. To resolve this problem, verify that both settings (if using both of the server's Ethernet ports) on the switch/hub match the setting on the server. When the server is shipped from the factory, both ports are set to autonegotiate. Therefore, the switch/ hub must be set to autonegotiate to initially connect to the server.
Networking Issues You Cannot Log in as root to the Snap Server The root account password is tied to the admin accout password. If you cannot log in as root, change the password for the admin account on the System > General Settings screen. Use the admin password to log in as root. Snap Disk 10 Disk Drives do not Appear on the Storage > Devices screen.
Miscellaneous Issues You Are Unable to See Your Domain Users When Trying to Set Up Windows Security Permissions on File Folders The Snap Server (GuardianOS) has joined the Active Directory domain properly, and you can see the domain users when you set Share permissions from the browser-based Administration Tool. Make sure the Windows client (PC) you are trying to set permissions from is assigned a valid DNS server. You can check your Windows client using the ipconfig command from a command prompt.
Phone Home Support The Server Is Not Responding to File Requests or Configuration Commands Call your Snap Appliance technical support representative. Problems with Cable Arm on the 18000 with a SCSI Cable Attached The size of the connector on an attached SCSI cable may prevent the 18000 from fully withdrawing into a rack when the cable management arm is attached. To resolve this problem, remove the cable management arm.
Phone Home Support Complete the following fields as appropriate and click Send. Text Field Description Subject: (Required) Enter a concise description that identifies the issue. Case: (Required) Select New Case if you are e-mailing technical support for the first time. Select Existing Case if you have previously contacted technical support concerning the issue. Case Number: If you selected Existing Case above, enter the case number provided by technical support.
Phone Home Support 102 Snap Server Administrator Guide
Appendix K Third-Party Backup Applications This appendix describes how to install the following backup agents on the Snap Server from a Linux or a Windows backup host system: • CA BrightStor ARCServe 2000 v7.0 • CA BrightStor ARCServe Backup v9.0 • CA BrightStor Enterprise Backup v10.0 • Legato NetWorker v6.1.1 • VERITAS NetBackup v3.4.1 • VERITAS Backup Exec v8.6, v9.0, v9.1 • VERITAS NetBackup 4.5 Feature Pack 6 for Windows Tip These backup packages do not support the backup of extended POSIX ACLs.
Preparing to Install a Third-Party Backup Agent Preparing to Install a Third-Party Backup Agent Before performing one of the backup agent installation procedures described in this appendix, make sure you have the following information and tools: • Backup and media server IP addresses — Most backup agents need to know the IP addresses of the backup and media servers you plan to use with the Snap Server.
Pre-installation Tasks Pre-installation Tasks Perform the following tasks prior to installing any agents. 1 Identify backup and media servers to the Snap Server. In the Administration Tool, navigate to the Maintenance > Host File Editor screen and click Add.
Installing Third-Party Agent Software Installing Third-Party Agent Software For purposes of illustration, the procedures in this section assume that (1) you are using the default Snap Server configuration; and (2) you have created a directory called agent (to which to copy your agent/client files) on the default share (SHARE1), such that the path to the directory is /shares/SHARE1/agent.
Installing Third-Party Agent Software 7 To change to the agent directory, enter one of the following commands and press Enter: cd /opt/uagent (for ARCserve 2000 v7 only) cd /opt/CA/uagent (for ARCserve v9 and Enterprise v10) 8 To start the agent, enter the following command and press Enter: ./uagentsetup The BrightStorARCserve agent is now installed.
Installing Third-Party Agent Software 6 To run the Backup Exec agent installation, type the following command: ./INSTALL Then press Enter and follow the prompts, using the default install locations and default options. Caution You must respond to “yes” or “no” prompts in lowercase (y or n); using uppercase will cause an error and abort the procedure. 7 When prompted for the platform, enter n and press Enter to reject the default selection; then specify the Linux 2.
Installing Third-Party Agent Software Installing a VERITAS NetBackup 3.4.1 Client This section describes how to install the UNIX/Linux agent from VERITAS NetBackup. 1 Copy the NetBackup NBClients directory and the Linux directory from the root of the NetBackup CD to the agent directory on the Snap Server. 2 Connect to the Snap Server via SSH, and login as admin using your admin user password.
Installing Third-Party Agent Software Installing the VERITAS NetBackup 4.5 FP6 Client This section describes how to install the Veritas NetBackup 4.5 FP agent on a Snap Server to enable interoperability with NetBackup 4.5 Feature Pack 6 for Windows. Procedures for installing from the following media are given: • The CD for Veritas NetBackup 4.5 Feature Pack 6 for AIX, HP-UX • The tarball named NB45FP6_AIX_HP_Linux.tar.
Installing Third-Party Agent Software 8 You will be prompted for the NetBackup server name and for the NetBackup client name. • Specify the hostname of the already existing NetBackup Server on your network for the NetBackup server. • Specify the name of the Snap Server to which you are installing as the NetBackup client. Errors Messages To Be Ignored Tip Towards the end of the installation, errors about copying Java UI files that are of no consequence to backup functionality may display.
Installing Third-Party Agent Software Installing from a CD 1 Copy the NetBackup NBClients directory and the Linux directory from the root of the NetBackup CD to the agent directory on the Snap Server. 2 Connect to the Snap Server via SSH, and login as admin using your admin user password. 3 To change to superuser, enter the following command and press Enter: su - 4 At the prompt, enter the admin user password, and press Enter.
Installing Third-Party Agent Software 8 You will be prompted for the NetBackup server name and for the NetBackup client name. • Specify the hostname of the already existing NetBackup Server on your network for the NetBackup server. • Specify the name of the Snap Server to which you are installing as the NetBackup client. Errors Messages To Be Ignored Tip Towards the end of the installation, errors about copying Java UI files that are of no consequence to backup functionality may display.
Installing Third-Party Agent Software Installing a Legato NetWorker Client This section describes how to install the Legato NetWorker UNIX/Linux client as well as special procedures Legato NetWorker users must use in order to perform backup and restore operations on the Snap Server. To Install the Legato Networker Client 1 Connect to the Snap Server via SSH, and login as admin using your admin user password.
Installing Third-Party Agent Software Backup and Restore Operations with a Legato NetWorker Client This section describes special procedures Legato NetWorker users must use in order to perform backup and restore operations on the Snap Server. To Add the Snap Server as a Root User For backup operations, NetWorker requires that the Snap Server be configured as a root user. To add the Snap Server root user as one of the administrators, use the following procedure.
Installing Third-Party Agent Software 4 Enter one of the following commands, and press Enter: • To recover data to its original location: recover -s backupservername -c snapservername -f -i “/shares/ SHARE1/data/” -a where /shares/SHARE1/data is the path of the data you are restoring.
Glossary Term Definition access permissions A rule associated with a share, a file, or a directory to regulate which users can have access to the share and in what manner. ACL (access control list) The list that controls access to directories and files. Each ACL includes a set of access control entries, which contain the metadata that the system uses to determine access parameters for specified users and groups.
Term Definition authentication The validation of a user’s identity by requiring the user to provide a registered login name and corresponding password. autonegotiation An Ethernet feature that automatically negotiates the fastest Ethernet speed and duplex setting between a port and a hub or switch. This is the default setting and is recommended. autosensing An Ethernet feature that automatically senses the current Ethernet speed setting.
Term Definition disaster recovery A strategy that allows a company to return to normal activities after a catastrophic interruption. Through failover to a parallel system or by restoration of the failed system, disaster recovery restores the system to its normal operating mode. disk A rigid platter, usually constructed of aluminum or mylar, with a magnetic surface that allows the recording of data, that is stored inside the drive.
Term Definition FTP (File Transfer Protocol) A standard Internet protocol that provides a way to exchange files between computers on the Internet. By default, a Snap Server is set up to be an FTP server. full-duplex A type of transmission that allows communicating systems to both transmit and receive data simultaneously. gateway The hardware or software that bridges the gap between two network subnets. It allows data to be transferred among computers that are on different subnets.
Term Definition I/O (input/output) The operation of transferring data to or from a device, typically through an interface protocol like CIFS, NFS, or HTTP. The Snap Server presents a file system to the user and handles block I/O internally to a RAID array. Inheritance In Windows permissions, inheritance is the concept that when permissions for a folder are defined, any subfolders within the defined folder inherit its permissions.
Term Definition Linux A UNIX-like OS that was designed to provide personal computer users a free or very low-cost operating system comparable to traditional and usually more expensive UNIX systems. The GuardianOS is based on the Linux OS. load balancing A process available only in dual-Ethernet configurations. The Ethernet port transmission load is distributed among two network ports (assuming the cards are configured for load balancing).
Term Definition NAS (network attached storage) Hard disk storage that is set up with its own network address as opposed to being attached to the department computer that is serving applications to a network's workstation users. By removing storage access and its management from the department server, both application programming and files can be served faster because they are not competing for the same processor resources.
Term Definition POSIX (Portable Operating System Interface) A set of standard operating system interfaces based on the UNIX operating system. The need for standardization arose because enterprises using computers wanted to develop programs that could run on multiple platforms without the need to recode. The Snap Server uses Extended POSIX ACLs. protocol A standardized set of rules that specifies the format, timing, sequencing, and/or error checking for data transmissions.
Term Definition restrict anonymous A Windows feature in which anonymous users cannot list domain user names and enumerate share names. Microsoft has provided a mechanism in the Registry called restrict anonymous for administrators to restrict the ability for anonymous logon users (also known as NULL session connections) to list account names and enumerate share names.
Term Definition SnapDRImage The Snap Server disaster recovery image that saves serverspecific settings such as server name, network, RAID, volume and share configuration, local user and group lists, and snapshot schedules. SnapExtension A Java application that extends a Snap Server's functionality. SnapExtensions are produced both by Snap Appliance and third-party vendors. snapshot A consistent, stable, point-in-time image of a volume (file system) used for backup purposes.
Term Definition static IP address An IP address defined by the system administrator rather than by an automated system, such as DHCP. The Snap Server allows administrators to use DHCP-assigned or statically assigned IP addresses. striping A RAID storage technique that distributes data evenly among all disks in the array. subnet mask A portion of a network that shares a common address component. On TCP/IP networks, subnets are all devices with IP addresses that have the same prefix.
Term Definition Windows domain authentication Windows-based networks use a domain controller to store user credentials. The domain controller can validate all authentication requests on behalf of other systems in the domain. The domain controller can also generate encrypted challenges to test the validity of user credentials. Other systems use encrypted challenges to respond to CIFS/SMB clients that request access to a share.
Index Chapter 12Symbols components 70 distributing updates 77 enabling 11 excluding snapshots from 73 Symbols .
C CA BrightStor ARCserve, installing agent 106 CA eTrust Antivirus, see Antivirus Cable management arm 100 Chooser, see MacintoshOS Client access, configuring Apple (AFP) 20 FTP 21 e-mail feedback on xi related to Snap Servers xiii E Ethernet, see Gigabit Ethernet Expand Volume button 34 Exports file, NFS 45 EXTN 38 HTTPS/HTTP 22 NFS 19 Windows (SMB) 17 Code page support 18 Connecting to Snap Servers 7 F Factory defaults, resetting to 93 Failover, see Network bonding Features, new in this release 5 Fiel
H Hardware Components, purchasing new 83 Hidden Shares 48 Host File Editor 105 restrictions on 14 Local hot spares 31 Login to Admin Tool 7 to antivirus GUI 71 Hot spares 31 HTTPS/HTTP configuring 22 HTTPS incompatibility with MSIE 5.
O Operating system, see GuardianOS P Paths for backing up snapshots 60 for distributing antivirus updates 77, 78 for restoring a "cured" file 80 to SnapDRImage 62 to volume disaster recovery files 62 Permissions share- and file-level interaction 50 file-level default behavior 50 GuardianOS processing of 53 setting folder inheritance 52 share-level defaults 49 Phone home support 100 Reset Options 92 S S2S 10 Security file-level access permissions 50 local authentication 24 resetting default ACLs for volum
SnapDRImage 62 Snapshot shares 58 Snapshots autobackup of volume settings 62 coordinating with backup jobs 59 estimating storage requirements for 57 excluding from antivirus scans 73 excluding iSCSI Disks from 42 ways to adjust pool size 57 SnapTree 47 Specifications, GuardianOS 2 Speed/duplex options 14 SSH 105 Standalone 15 Switch-based load balancing (GEC or FEC) 14 T TCP/IP V VERITAS Backup Exec, installing agent for 107 NetBackup, installing agent for 109 Volumes and antivirus software 33 and NetVaul
134 Snap Server Administrator Guide
