Administration Guide hp StorageWorks NAS 2000s First Edition(September 2003) Part Number: 345650-001 This guide provides information on performing the administrative tasks necessary to manage the HP StorageWorks NAS 2000s server. Overview information as well as procedural instructions are included in this guide.
© Copyright 2003 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company makes no warranty of any kind with regard to this material, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material.
Contents Contents About this Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11 Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Intended Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Shares . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . HP Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Help. . . . . . . . . .
Contents Managing System Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Creating and Managing Users and Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Creating and Managing File Shares . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 3 Storage Management Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43 Storage Management Process . . . . .
Contents Step 4: Create a Volume on the new logical disk . . . . . . . . . . . . . . . . . . . . . . . . Array Configuration Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using the ACU to Configure Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ACU Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing Disks . . . . . . . . . . . .
Contents Viewing Shadow Copy Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 Disabling Shadow Copies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 Managing Shadow Copies from the NAS Desktop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 Shadow Copies for Shared Folders. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 SMB Shadow Copies . . . .
Contents Managing File Level Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Share Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Share Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Defining Access Control Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents 8 Microsoft Services for NFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .147 Server for NFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147 Authenticating User Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147 Indicating the Computer to Use for the NFS User Mapping Server . . . . . . . . . . . . . . . 148 Logging Events . . . . . .
Contents Using Remote Desktop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 9 NetWare File System Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .175 Installing Services for NetWare . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176 Managing File and Print Services for NetWare . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
About This Guide About this Guide This administration guide provides information to help administrators: ■ Plan the storage configuration About this Guide ■ Setup physical storage ■ Manage users and groups ■ Manage folders and shares ■ Manage a UNIX® file system ■ Manage a NetWare file system ■ Remotely access the NAS 2000s server “About this Guide” topics include: ■ Overview, page 12 ■ Conventions, page 12 ■ Rack Stability, page 14 ■ Getting Help, page 15 NAS 2000s Administration Gu
About this Guide Overview This section covers the following topics: ■ Intended Audience ■ Prerequisites Intended Audience This book is intended for use by system administrators who are experienced with setting up and managing a network server. Prerequisites Before beginning, make sure you consider the items below.
About this Guide Text Symbols The following symbols may be found in the text of this guide. They have the following meanings: WARNING: Text set off in this manner indicates that failure to follow directions in the warning could result in bodily harm or death. Caution: Text set off in this manner indicates that failure to follow directions could result in damage to equipment or data. Note: Text set off in this manner presents commentary, sidelights, or interesting points of information.
About this Guide Power supplies or systems marked with these symbols indicate the presence of multiple sources of power. WARNING: To reduce the risk of personal injury from electrical shock, remove all power cords to completely disconnect power from the power supplies and systems. Any product or assembly marked with these symbols indicates that the component exceeds the recommended weight for one individual to handle safely.
About this Guide Getting Help If you still have a question after reading this guide, contact an HP authorized service provider or access our website: http://www.hp.com. HP Technical Support Telephone numbers for worldwide technical support are listed on the following HP website: http://www.hp.com/support/. From this website, select the country of origin. Note: For continuous quality improvement, calls may be recorded or monitored.
About this Guide 16 NAS 2000s Administration Guide
System Overview 1 The HP StorageWorks NAS 2000s server can be used in many types of computing environments, from basic Microsoft Windows workgroups to complicated multiprotocol domains using DFS, NFS, FTP, HTTP, and Microsoft SMB. The corresponding varieties of clients that can be serviced include any Windows, UNIX, Linux, Novell, or Macintosh variant.
System Overview Product Redundancy The NAS 2000s is specifically designed to perform file serving tasks for networks. Using industry standard components, redundancy of power supplies, NICs, and fans ensures reliability. Other industry standard features, such as redundant array of independent drives (RAID) and remote manageability, further enhance the overall dependability of the NAS 2000s. The server contains dual 36.
System Overview Deployment Scenarios Various deployment scenarios are possible. See the HP StorageWorks NAS 2000s Installation Guide for configurations. Typical application of NAS devices include: ■ File server consolidation As businesses continue to expand their information technology (IT) infrastructures, they must find ways to manage larger environments without a corresponding increase in IT staff.
System Overview Environment Scenarios The NAS 2000s is deployed in one of two security modes: ■ Workgroup ■ Domain (Windows NT Domain or Active Directory Domain) The NAS 2000s uses standard Windows user and group administration methods in each of these environments. For procedural instructions on managing users and groups, see Chapter 5 of this guide. Regardless of the deployment, the NAS 2000s integrates easily into multiprotocol environments, supporting a wide variety of clients.
System Overview User Interfaces There are several user interfaces that administrators can use to access and manage the NAS 2000s. Two of these interfaces are: ■ NAS 2000s WebUI ■ NAS 2000s Desktop Each interface contains the same or similar capabilities, but presents them in a different manner. Each of these interfaces are illustrated in the following sections.
System Overview Menu Tabs Status The Status option displays alerts generated by the WebUI. Network The Network option contains system settings, including system identification, global settings, interfaces settings, administration settings, Telnet settings, and SNMP settings. Disks Use this option to manage disks, volumes, disk quotas, and shadow copies. Users Use this option to manage local users and groups. Shares The administrator creates folders and shares to control access to files.
System Overview Set Server Name Choose a name so that client computers can connect to the server. Set Default Page Choose which page the server appliance displays first. NAS 2000s Desktop The NAS 2000s desktop can be accessed by: ■ Directly connecting a keyboard, mouse, and monitor ■ Using the WebUI Maintenance tab and selecting Remote Desktop ■ Using the Integrated Lights-Out port Note: When using Remote Desktop to connect to the NAS 2000s desktop do not use the window close feature ( ).
System Overview NAS Management Console Click this icon to access the following folders: ■ Core Operating System is used to manage local users and groups, access performance logs and alerts, and manage the event viewer. ■ Disk System contains access to the Compaq Array Configuration Utility and local disk management, including a volume list and a graphical view of the disks. ■ File Sharing contains modules for the configuration of file sharing exports.
Basic Administrative Procedures and Setup Completion 2 Basic system administration functions are discussed in this chapter. This chapter also continues the process of setting up the system that was started using the HP StorageWorks NAS 2000s Installation Guide by discussing additional setup procedures and options. Further steps can also be viewed online by clicking the Installation Overview tab from the primary WebUI screen.
Basic Administrative Procedures and Setup Completion Figure 3: Maintenance menu Setting the System Date and Time To change the system date or time: 1. From the WebUI, select Maintenance and Date/Time. The Date and Time Settings dialog box is displayed. 2. Enter the new values and then click OK. The Maintenance menu is displayed.
Basic Administrative Procedures and Setup Completion Shutting Down or Restarting the Server Caution: Notify users before powering down the system. Both UNIX and Windows NT users can be drastically affected if they are not prepared for a system power-down. 1. From the NAS 2000s WebUI, select Maintenance, Shutdown. Several options are displayed: Restart, Shut Down, and Scheduled Shutdown. Figure 5: Shutdown menu a. To shut down and automatically restart the server, click Restart. b.
Basic Administrative Procedures and Setup Completion Viewing and Maintaining Audit Logs A variety of audit logs are provided on the NAS 2000s. System events are grouped into similar categories, representing the seven different logs. To access the logs from the WebUI, select Maintenance, Logs. The Logs menu is displayed. Figure 6: Logs menu A variety of logs are available and are listed in Figure 6. Each log has viewing, clearing, printing, and saving options.
Basic Administrative Procedures and Setup Completion Using Remote Desktop Remote Desktop is provided in the WebUI to allow for additional remote system administration and the use of approved third-party applications. Backup software and antivirus programs are examples of approved applications. To open a Remote Desktop session from the WebUI, select Maintenance, Remote Desktop. A Remote Desktop session is opened. Enter the appropriate password to log on to the server.
Basic Administrative Procedures and Setup Completion Other applications may become orphaned in this manner when the Remote Desktop session is exited improperly. A maximum of two Remote Desktop sessions may be used at any given time. Improper exit from a session can result in the sessions becoming consumed. Sessions and processes can be terminated using the Terminal Services Manager via Start >Programs >Administrator Tools.
Basic Administrative Procedures and Setup Completion 3. Indicate the types of messages to be sent. ■ Critical alerts ■ Warning alerts ■ Informational alerts 4. Enter the desired e-mail address in the appropriate boxes. 5. After all settings have been entered, click OK. Changing System Network Settings Network properties are entered and managed from the Network menu. Most of these settings are entered as part of the Rapid Startup process.
Basic Administrative Procedures and Setup Completion Setup Completion After the NAS device is physically set up and the basic configuration is established, additional setup steps must be completed. Depending on the deployment scenario of the NAS device, these steps may vary.
Basic Administrative Procedures and Setup Completion Installing the HP Network Teaming Utility Before using the HP Network Teaming utility, it must be installed. Note: Installing and configuring NIC teaming should always be performed via iLO port or the console using a direct attached keyboard, monitor, and mouse since IP connections could be reset during the configuration process. Do not use Remote Desktop. To install the HP Network Teaming utility: 1.
Basic Administrative Procedures and Setup Completion Figure 10: Network Teaming installation complete 10. Restart the system. Caution: To ensure proper functioning of the software, the server must be restarted at this time. Opening the HP Network Teaming Utility The HP Network Teaming utility is now accessible from the Windows toolbar at the bottom of the NAS server desktop. To open the utility, click the HP Network Teaming utility icon.
Basic Administrative Procedures and Setup Completion Adding and Configuring NICs in a Team Before a NIC is teamed, verify the following: ■ The NICs must be on the same network. ■ The NICs must be DHCP enabled and the DNS server address must be left blank. Note: The teaming utility becomes unstable if static IP addresses, subnets, and DNS addresses are set before teaming. ■ Duplex and speed settings must be set to use the default values. To team the NICs: 1. Open the HP Network Teaming utility.
Basic Administrative Procedures and Setup Completion Figure 13: NIC Properties, Teaming Controls tab, Fault Tolerant option 4. Configure the team by choosing either Fault Tolerant or Load Balancing. The fault tolerance and load balancing options are discussed in the following sections. Fault Tolerance The Fault Tolerance teaming option provides three redundancy control options: ■ Manual—This setting allows change from a Primary NIC to a Secondary NIC only when Switch Now is clicked.
Basic Administrative Procedures and Setup Completion Load Balancing The Load Balancing teaming option provides four load balancing control options: Figure 14: NIC Properties, Teaming Controls tab, Load Balancing option Detailed information about these four load balancing teaming options can be found in the HP Network Teaming Help. ■ Transmit Load Balancing—All transmit IP frames are load balanced among all team members based on a Load Balancing algorithm in the teaming device driver.
Basic Administrative Procedures and Setup Completion 5. Click OK to accept the team properties. 6. Click OK in the HP Network Teaming and Configuration Properties Screen to apply the changes. 7. Click Yes when prompted to apply all configuration changes. Wait while the adapters are configured. This process could take several seconds. 8. The following screen is displayed, indicating that there are additional procedures to perform in the NIC teaming process. Click Yes to reboot now.
Basic Administrative Procedures and Setup Completion Showing a Connection Icon on the Taskbar To show a connection icon: 1. In the Network and Dial up Connections screen, double-click the NIC Team connection, and then click Properties. 2. At the bottom of the screen, select Show icon in task bar when connected, and then click Close. Configuring the TCP/IP Protocol on the New Team After teaming the NICs, a new virtual network adapter for the team is automatically created.
Basic Administrative Procedures and Setup Completion 3. Click Internet Protocol (TCP/IP) and then click Properties. The following screen is displayed: Figure 17: NIC Team TCP/IP Properties dialog box Note: If a NIC is teamed, do not modify the TCP/IP settings for the individual NIC ports. 4. Select Use the following IP address, and enter the IP address and subnet mask. If desired, enter the default gateway. 5. Click OK. The Ethernet Team should be working.
Basic Administrative Procedures and Setup Completion Checking the Status of the Team To check the status of the Ethernet Team, open the HP Network Teaming utility. The Configuration Properties screen is displayed, showing the teamed NICs. Figure 18: NIC Teaming status NIC Teaming Troubleshooting Problems with the NIC teaming feature are diagnosed by the connection icons displayed in the HP Network Teaming and Configuration dialog box. The following table lists the error icons for RJ 45 NICs.
Basic Administrative Procedures and Setup Completion Table 2: NIC Teaming Troubleshooting RJ-45 Description Hardware failure—The driver is installed in the registry and is loaded. The driver is reporting a hardware problem with the NIC. This indicates a serious problem. Contact your HP authorized service provider. Unknown—The server is unable to communicate with the driver for the installed NIC. The NIC is installed in the registry, but the driver is not.
Storage Management Overview 3 With the HP StorageWorks NAS 2000s the administrator has complete control over all storage issues. The NAS administrator uses the Array Configuration Utility (ACU) to manage the hardware storage, Disk Manager to manage the volume level, and Shadow Copies to manage the shadow copies (snapshots). The NAS 2000s is configured at the factory with default system settings and with the NAS operating system installed.
Storage Management Overview Physical Disks RAID Arrays (ACU) Storage Elements Logical Drives (ACU) Visible Disks (Windows Device Manager) Partitioning (Win2K Disk Manager) Q: \Engineering \Marketing NFS Volumes (Logical Disk Manager) R: \Users Logical Storage Elements \Sales Q: @GMT-2003.04.27-04:00:00 Q: @GMT-2003.04.28-04:00:00 \Users \Sales \Marketing \Engineering \Snapshot.0 \Snapshot.
Storage Management Overview Storage Elements Overview Note: Each fully populated HP StorageWorks 4300/4400 Family storage enclosure supports up to 14 hard drives. Preliminary physical storage management tasks involve managing: ■ Physical Hard Drives ■ Arrays ■ Logical Drives (LUNs) Drive array concepts and data protection methods, including fault tolerance options are discussed in this section. This information will help guide decisions on how to best configure the arrays.
Storage Management Overview L1 P1 P2 P3 Figure 21: Configuring the physical drives into an array dramatically improves read/write efficiency Because the read/write heads are active simultaneously, the same amount of data is written to each drive during any given time interval. Each unit of data is termed a block. The blocks form a set of data stripes over all the hard drives in an array, as shown in Figure 22.
Storage Management Overview Logical Drives (LUNs) As previously stated, drive array technology distributes data across a series of individual hard drives to unite these physical drives into one or more higher performance arrays. Distributing the data allows for concurrent access from multiple drives in the array, yielding faster I/O rates than non arrayed drives.
Storage Management Overview Fault-Tolerance Methods Different RAID (redundant array of independent disks) types use different methods of striping the arrays and different ways of writing data and parity to the drives to offer a variety of fault tolerance and capacity usage.
Storage Management Overview Disadvantages ■ All data on logical drive is lost if a hard drive fails ■ Cannot use an online spare ■ Data can only be preserved by being backed up to external media RAID 1+0—Drive Mirroring and Striping In this configuration, information on one drive is duplicated onto a second drive, creating identical copies of the information as shown in Figure 24. Therefore, this method provides the best fault tolerance.
Storage Management Overview Disadvantages Some disadvantages of drive mirroring are: ■ Increased expense—Since many drives must be used for fault tolerance and hard drives must be added in pairs. ■ Decreased storage capacity—Only 50% of the total drive capacity is usable. RAID 5—Distributed Data Guarding Using this method, a block of parity data (rather than redundant data) is calculated for each stripe from the data that is in all other blocks within that stripe.
Storage Management Overview Advantages Distributed data guarding offers: ■ High read and write performance ■ Protection against data loss if one drive fails ■ Increased usable storage capacity, since capacity equal to only one physical drive is used to store parity information Disadvantages Some disadvantages of distributed data guarding are: ■ Lower write performance than RAID 0 or RAID 1+0 ■ Possibility of data loss if a second drive fails before data from the first failed drive has been rebui
Storage Management Overview This technology allows the safe deployment of large capacity disk drives and the creation of very large storage volumes without expensive overhead to protect business critical data. This technology provides more flexibility in responding to drive failures without the fear of costly server downtime.
Storage Management Overview Online Spares Further protection against data loss can be achieved by assigning an online spare (or hot spare) to any configuration except RAID 0. This hard drive contains no data and is contained within the same storage sub system as the other drives in the array. When a hard drive in the array fails, the controller can then automatically rebuild information that was originally on the failed drive onto the online spare.
Storage Management Overview Volumes When planning dynamic disks and volumes there is a limit to the amount of growth a single volume can undergo. Volumes are limited in size and are limited to no more than 32 separate LUNs with each LUN not exceeding 2 terabytes (TB). Volumes also cannot exceed 64 TB of disk space. The RAID level of the LUNs included in a volume must be considered. All of the units that make up a volume should have the same high-availability characteristics.
Storage Management Overview Volume Shadow Copy Service Overview The Volume Shadow Copy Service (VSS) provides an infrastructure for creating point-in-time snapshots (shadow copies) of volumes. VSS supports 64 shadow copies per volume. Shadow Copies of Shared Folders resides within this infrastructure and helps alleviate data loss by creating shadow copies of files or folders that are stored on network file shares at pre-determined time intervals.
Storage Management Overview 56 NAS 2000s Administration Guide
Disk Management 4 Disk Management is core to the Windows NAS product. The process of creating storage elements and presenting them to the NAS OS is facilitated by the use of the WebUI. This chapter documents the contents of the WebUI for disks and volume management. WebUI Disks Tab The online Storage Guide provides an overview of the storage management process as a supplement to this administration guide. The primary web page for facilitating disks and volume creation is illustrated in Figure 27.
Disk Management To manage disks and volumes via the WebUI, click on Disks. Figure 27: Disks menu The Disks tab contains the following task items for configuring the NAS device: Table 4: Disks Tab Options Option 58 Task Array Configuration Utility (ACU) Configure SCSI array controllers installed inside or connected to the NAS system. Arrange individual physical disks as RAID arrays, and create logical disks from those arrays. Disks Manage logical disks.
Disk Management Storage Configuration Overview Physical disks can be arranged as RAID arrays for fault tolerance and enhanced performance, then segmented into logical disks of appropriate sizes for particular storage needs. These logical disks then become the volumes that appear as drives on the NAS server. Step 1: Create Disk Arrays 1. Click Array Configuration Utility on the Disks tab, and log in as an administrator to the Remote Desktop session.
Disk Management Array Configuration Utility RAID arrays and LUNs are created and can be managed using the HP Array Configuration Utility.
Disk Management 3. Log into the ACU utility. The default user name is administrator and the default password is administrator. Figure 28: Systems Management Homepage The Array Configuration Utility is displayed. Figure 29: Array Configuration Utility 4. Select a controller from the list on the left side to begin configuration.
Disk Management ■ The controller named Smart Array 6400 Controller (if present) is used for all externally SCSI attached storage. Caution: On the Smart Array 5i controller there are two logical drives pre-configured under Array A. These two logical drives are configured for the NAS operating system and should not be altered. 5.
Disk Management ACU Guidelines ■ Do not modify Array A off of the Smart Array 5i controller as it contains the NAS OS ■ Spanning more than 14 disks with a RAID 5 volume is not recommended ■ Designate spares for RAID sets to provide greater protection against failures ■ RAID sets cannot span controllers ■ A single array can contain multiple logical drives of varying RAID settings.
Disk Management Figure 30: Manage Disks screen Table 5: Manage Disks Options Option Task Rescan Select to detect a new disk added to the system. By default, drives are dynamically recognized by the system. Occasionally a rescan of the hardware is required. The rescan is not synchronous and may require a browser refresh after the scan is initiated to display the new content. Create New Volume Select to open the Windows GUI Disk Management and create a new volume on a disk that was added to the system.
Disk Management Figure 31: Disk Management utility Note: When the Disk Management utility is accessed, the Remote Desktop connection assumes a dedicated mode and can only be used to manage disks and volumes on the server. Navigating to another page during an open session closes the session. Note: It may take a few moments for the Remote Desktop Connection session to log off when closing Disk Management.
Disk Management ■ When managing basic disks, only the last partition on the disk can be extended unless the disk is changed to dynamic. ■ Basic disks can be converted to dynamic without bringing the system offline or loss of data, but the volume will be unavailable during the conversion. ■ Basic disks can contain up to four primary partitions (or three primary partitions and one extended partition).
Disk Management Figure 32: Volumes tab Table 6: Volumes Page Object/Task Selector Option Task Manage... Select to display the Manage Volumes screen. Schedule Defrag... Select to schedule defragmentation for the selected volume. Set Default Quota Select to set quota limits to manage use of the volume. Settings on this page apply to new users and any users for whom user quota entries have not previously been set. Set Quota Entries Select to show a list of user quota entries.
Disk Management Managing Volumes To manage volumes on the server: 1. On the primary navigation bar, click Disks. 2. Click Volumes. 3. Select the volume to manage. 4. In the Tasks list, click Manage. The Manage Volumes screen is displayed. The Manage Volumes page displays all volumes on the NAS device regardless of their format (NTFS, FAT, or FAT32). Do not tamper with the “Don’t Erase” or the Local C: volume. These are reserved volumes and must be maintained as they exist.
Disk Management Table 7: Manage Volumes Options (Continued) Option Task Extend Opens a page to extend a partition based on a basic disk or it opens Windows Disk Management to extend dynamic based volumes. Rescan Select to detect a volume or partition added to the system or to update the size of a volume that has undergone expansion. The rescan is not synchronous and may require a browser refresh after the scan is initiated to display the new content.
Disk Management To extend a LUN where space is available in the array: 1. Click the Disks tab. 2. Click Array Configuration Utility and log in. 3. Select the appropriate array controller and the appropriate array that the logical drive is contained in. 4. Select the appropriate logical drive. 5. Select Extend Size. 6. Enter the total size of the logical drive in MB (not just the amount to be added) and click OK. 7. Click Save to update the configuration. 8. Close the ACU.
Disk Management Figure 35: Extending a volume Extending a Volume on Dynamic Disks The WebUI allows for the extension of volumes based on a dynamic disk or a set of dynamic disks. To extend a volume perform the following steps: 1. Click the Disks tab. 2. Click the Volumes tab. 3. Click Manage. 4. Select the volume to extend and select Extend. A remote session to Disk Manager is started. 5. To extend a given volume, right-click on the desired volume and select Extend. 6.
Disk Management ■ Type Extend. The volume is extended to the capacity of the underlying disk. To specify the amount to extend or to extend to another disk, type extend [size=N] [disk=N] Size is in MB. ■ Type exit to exit the utility. Scheduling Defragmentation Defragmentation is the process of analyzing local volumes and consolidating fragmented files and folders so that each occupies a single, contiguous space on the volume.
Disk Management If defragmenting volumes on which shadow copies are enabled, use a cluster (or allocation unit) size of 16 KB or larger during the format. Otherwise defragmentation registers as a change by the Shadow Copy process. This increase in the number of changes forces Shadow Copy to delete snapshots as the limit for the cache file is reached. Caution: Allocation unit size cannot be altered without reformatting the drive. Data on a reformatted drive cannot be recovered.
Disk Management Figure 37: Enter new drive letter 5. Click Yes to confirm the drive letter change. Figure 38: Confirm drive letter change 6. If the dialog box in Figure 39 is displayed, select Yes to continue. If the old drive letter needs to be reused, reboot the server after clicking Yes.
Disk Management Disk Quotas Disk quotas track and control disk space use in volumes. Note: To limit the size of a folder or share, see “Directory Quotas” in Chapter 7. Configure the volumes on the server to perform the following tasks: ■ Prevent further disk space use and log an event when a user exceeds a specified disk space limit. ■ Log an event when a user exceeds a specified disk space warning level.
Disk Management Note: When enabling disk quotas on a volume, any users with write access to the volume who have not exceeded their quota limit can store data on the volume. The first time a user writes data to a quota-enabled volume, default values for disk space limit and warning level are automatically assigned by the quota system. To disable quota management on a volume: 1. On the primary navigation bar, click Disks. 2. Click Volumes. 3. Select the volume to manage. 4.
Disk Management To create a new user quota entry: 1. Click New Quota Entry. 2. Select a user. 3. Set the limit. 4. Set the warning level. 5. Click OK. Figure 41: Add new quota entry To change a quota entry: 1. Select the quota to change. 2. Click Properties. 3. Change the limit. 4. Change the warning level. 5. Click OK. To delete a quota entry: 1. Select the quota to change. 2. Click Delete.
Disk Management DiskPart DiskPart.exe is a text-mode command interpreter that enables the administrator to manage disks, partitions, or volumes. When using the list commands, an asterisk (*) appears next to the object with focus. Select an object by its number or drive letter, such as disk 0, partition 1, volume 3, or volume C. When selecting an object, the focus remains on that object until a different object is selected.
Disk Management For a complete list of DiskPart commands, go to the Windows 2003 Desktop on the NAS device via Remote Desktop and select Start >Help and Support, search on DiskPart. Example of using DiskPart The following example shows how to configure a volume on the NAS server.
Disk Management 80 NAS 2000s Administration Guide
Shadow Copies 5 Overview The Volume Shadow Copy Service provides an infrastructure for creating point-in-time snapshots (shadow copies) of volumes. Shadow Copy supports 64 shadow copies per volume. A shadow copy contains previous versions of the files or folders contained on a volume at a specific point in time.
Shadow Copies Shadow Copy Planning Before setup is initiated on the server and the client interface is made available to end users, consider the following: ■ From what volume will shadow copies be taken? ■ How much disk space should be allocated for shadow copies? ■ Will separate disks be used to store shadow copies? ■ How frequently will shadow copies be made? Identifying the Volume Shadow copies are taken for a complete volume, but not for a specific directory.
Shadow Copies Allocating Disk Space When shadow copies are enabled on a volume, the maximum amount of volume space to be used for the shadow copies can be specified. The default limit is 10 percent of the source volume (the volume being copied). The limit for volumes in which users frequently change files should be increased. Also, note that setting the limit too low causes the oldest shadow copies to be deleted frequently, which defeats the purpose of shadow copies and frustrates users.
Shadow Copies Note: Use the mountvol command with the /p option to dismount the volume and take it offline. Mount the volume and bring it online using the mountvol command or the Disk Management snap-in. Identifying the Storage Area To store the shadow copies of another volume on the same file server, a volume can be dedicated on separate disks. For example, if user files are stored on H:\, another volume such as S:\ can be used to store the shadow copies.
Shadow Copies Shadow Copies and Drive Defragmentation When running Disk Defragmenter on a volume with shadow copies activated, all or some of the shadow copies may be lost, starting with the oldest shadow copies. If defragmenting volumes on which shadow copies are enabled, use a cluster (or allocation unit) size of 16 KB or larger. Utilizing this allocation unit size reduces the number of copy outs occurring on the snapshot.
Shadow Copies Managing Shadow Copies From the WebUI Welcome screen, click Disks, then Shadow Copies to display the Shadow Copies screen. Figure 42: Shadow Copies screen Table 9: Shadow Copies Fields Field 86 Description Volume Lists all volumes of the server on which the Shadow Copies service can be used. Only NTFS file system data volumes that are physically located on the server can support shadow copies.
Shadow Copies Table 10: Shadow Copies Tasks Task Description Enable Click to enable Shadow Copies on the selected volume. Disable Click to enable Shadow Copies on the selected volume. New Shadow Copy Click to immediately create a new shadow copy on the selected volume. View Shadow Copies Click to view a list of shadow copies on the selected volume. Set Schedule Click to set the time and frequency of shadow copies. Properties...
Shadow Copies E: F: G: L: cache file cache file cache file Figure 44: Shadow copies stored on separate volume The main advantage to storing shadow copies on a separate volume is ease of management and performance. Shadow copies on a source volume must be continually monitored and can consume space designated for file sharing. Setting the limit too high takes up valuable storage space. Setting the limit too low can cause shadow copies to be purged too soon, or not created at all.
Shadow Copies Enabling and Creating Shadow Copies Enabling the Shadow Copies service for a volume or creating a shadow copy can be done directly from the Manage Shadow Copies page. Enabling shadow copies on a volume automatically results in several actions: ■ Creates a shadow copy of the selected volume ■ Sets the maximum storage space for the shadow copies ■ Schedules shadow copies to be made at 7 A.M. and 12 noon on weekdays.
Shadow Copies Set Schedules Shadow Copy schedules control how frequently shadow copies of a volume are made. There are a number of factors that can help determine the most effective shadow copy schedule for an organization. These include the work habits and locations of the users. For example, if users do not all live in the same time zone, or they work on different schedules, it is possible to adjust the daily shadow-copy schedule to allow for these differences.
Shadow Copies 3. On the Manage Shadow Copies page, select the volume on which to view shadow copy properties. 4. On the Tasks list, click Properties. The Shadow Copy Properties screen, as shown in Figure 45, lists the number of copies, the date and time the most recent shadow copy was made, and the maximum size setting. Change the maximum size limit for all shadow copies, or choose No limit. For volumes where shadow copies do not exist currently, it is possible to change the location of the cache file.
Shadow Copies Disabling Shadow Copies When shadow copies are disabled on a volume, all existing shadow copies on the volume are deleted as well as the schedule for making new shadow copies. To disable shadow copies on a volume: 1. On the primary navigation bar, click Disks. 2. Click the Shadow Copies tab. 3. On the Manage Shadow Copies page, select one or more volumes on which to disable shadow copies. 4. In the Tasks list, click Disable.
Shadow Copies Figure 46: Accessing shadow copies from My Computer NAS 2000s Administration Guide 93
Shadow Copies Shadow Copies for Shared Folders Shadow Copies are accessed over the network by supported clients and protocols. There are two sets of supported protocols, SMB and NFS. All other protocols are not supported; this would include HTTP, FTP, AppleTalk, and NetWare Shares. For SMB support a client side application denoted as Shadow Copies for Shared Folders is required. The client side application is currently only available for Windows XP and Windows 2000 SP3+.
Shadow Copies Users access shadow copies with Windows Explorer by selecting View, Copy, or Restore, from the Previous Versions tab. See Figure 47. Both individual files and folders may be restored. Figure 47: Client GUI When users view a network folder hosted on the NAS device for which shadow copies are enabled, old versions (prior to the snapshot) of a file or directory are available.
Shadow Copies Access to NFS shadow copy pseudo-subdirectories is governed by normal access-control mechanisms using the permissions stored in the file system. Users can access only those shadow copies to which they have read access at the time the shadow copy is taken. To prevent users from modifying shadow copies, all pseudo-subdirectories are marked read-only, regardless of the user's ownership or access rights, or the permissions set on the original files.
Shadow Copies Recovering a Deleted File or Folder (non-sharepoint or Windows XP/Windows 2003) To recover a deleted file or folder within a folder: 1. Navigate to the folder where the deleted file was stored. 2. Position the cursor over a blank space in the folder. If the cursor hovers over a file, that file will be selected. 3. Right-click the mouse and select Properties from the bottom of the menu. Select the Previous Versions tab. 4.
Shadow Copies Recovering a Deleted File or Folder (sharepoint - Windows 2000 SP3 only) To recover a deleted file or folder at a sharepoint: 1. Navigate to the sharepoint where the deleted file or folder was stored. 2. Recreate the file or folder that was deleted with the exact same name. 3. Right-click the mouse on the newly created file or folder and select Properties from the bottom of the menu. Select the Previous Versions tab. 4.
Shadow Copies Figure 50: Viewing root shares Recovering an Overwritten or Corrupted File Recovering an overwritten or corrupted file is easier than recovering a deleted file because the file itself can be right-clicked instead of the folder. To recover an overwritten or corrupted file use the following procedure: 1. Right-click the overwritten or corrupted file and click Properties. 2. Select Previous Versions. 3. To view the old version, click View.
Shadow Copies Recovering a Folder To recover a folder use the following procedure: 1. Position the cursor so that it is over a blank space in the folder that will be recovered. If the cursor hovers over a file, that file will be selected. 2. Right-click the mouse, select Properties from the bottom of the menu, then click the Previous Versions tab. 3. Choose either Copy or Restore. 4. Choosing Restore enables the user to recover everything in that folder as well as all subfolders.
User and Group Management 6 There are two system environments for users and groups: workgroup and domain. Because users and groups in a domain environment are managed through standard Windows NT or Windows 2000 domain administration methods, this document discusses only local users and groups, which are stored and managed on the NAS device. For information on managing users and groups on a domain, refer to the domain documentation available on the Microsoft website.
User and Group Management The configuration of the domain controller is reflected on the NAS 2000s because it obtains user account information from the domain controller when deployed in a domain environment. As mentioned previously, the server cannot act as a domain controller itself. User and Group Name Planning Effective user and group management is dependent upon how well the user and group names are organized.
User and Group Management Using tags is a helpful convention that indicates the specific access that a particular user has to a network resource. For example, if there is a data share on the device, the network administrator can create a “Data Users ROnly” group and a “Data Users RWrite” group to contain users that have read only or read write access on the share, respectively. Workgroup User and Group Management In a workgroup environment, users and groups are managed through the WebUI of the NAS 2000s.
User and Group Management All available options include: New, Delete, Set a Password, and Properties. When the Local Users dialog box is initially displayed, only the New option is available. After an existing user is selected, the additional actions are displayed. Each of these options is discussed in the following paragraphs. Existing user records can be retrieved in one of two ways: ■ By entering the user's User Name or Full Name in the Search fields to retrieve a specific user record.
User and Group Management Modifying a User Password Follow these steps to modify a user password: 1. In the Local Users dialog box, select the user whose password needs to be changed. Then, click Set a Password. The Set Password dialog box is displayed. 2. Enter the password and click OK. The Local Users dialog box is displayed again. Modifying User Properties To modify other user properties: 1. From the Local Users dialog box, select the user whose record needs to be modified. Then, click Properties.
User and Group Management Managing Local Groups Managing groups includes the following tasks: ■ Adding a new group ■ Deleting a group ■ Modifying group properties, including user memberships Local groups in a workgroup environment are managed through the Users option in the WebUI. In the WebUI, under Users, Local Groups is the Local Groups on Server dialog box. All workgroup group administration tasks are performed in the Local Groups on Server Appliance dialog box.
User and Group Management Adding a New Group To add a group: 1. In the Local Groups dialog box, click New. The Create New Group dialog box is displayed. Figure 55: Create New Group dialog box, General tab 2. Enter the group name and description. 3. To indicate the user members of this group, click Members. See “Modifying Group Properties” for procedural instructions on entering group members. 4. After all group information is entered, click OK.
User and Group Management Modifying Group Properties To modify other group properties: 1. From the Local Groups dialog box, select the desired group and then click Properties. The Properties dialog box is displayed. Figure 56: Group Properties dialog box, General tab Within the Properties dialog box are two tabs: ■ General tab ■ Members tab Each of these tabs is discussed in the following paragraphs. 2. Enter the desired changes in each of the tabs. Then, click OK.
User and Group Management ■ To add an existing local user to a group: 1. Select the desired user from the Add user or group box 2. Click the Add button. 3. Click OK to save the changes. ■ To remove an existing local user from a group: 1. Select the desired user from the Members box. 2. Click Remove. 3. Click OK to save the changes. ■ To add user or group from a domain to this group, the scroll bar at the right of the screen may need to be used to scroll up the screen display: 1.
User and Group Management 110 NAS 2000s Administration Guide
Folder, Printer, and Share Management 7 The HP StorageWorks NAS 2000s supports several file sharing protocols, including DFS, NFS, FTP, HTTP, and Microsoft SMB. This chapter discusses overview information as well as procedural instructions for the setup and management of the file shares for the supported protocols. In addition, discussions on security at the file level and at the share level are included in this chapter.
Folder, Printer, and Share Management Navigating to a Specific Volume or Folder When you work with volumes and folders, the first task is to gain access to the desired volume or folder. The steps are the same, whether navigating to a volume or a folder: 1. To navigate to a specific volume or folder, from the WebUI, select Shares and then Folders. Initially, the Volumes dialog box is displayed. This initial dialog box displays all system volumes. Figure 58: Volumes dialog box 2.
Folder, Printer, and Share Management Figure 59: Folders dialog box After accessing the desired folder, the following actions can be performed: ■ Creating a new folder ■ Deleting a folder ■ Modifying folder properties ■ Creating a new share for the volume or folder ■ Managing shares for the volume or folder Creating a New Folder To create a new folder: 1. From the Shares directory, navigate to the Folders menu and then select New. The Create New Folder dialog box is displayed.
Folder, Printer, and Share Management Figure 60: Create a New Folder dialog box, General tab 3. In the Compress tab, indicate whether and how this folder and its contents are to be compressed. 4. After all information for the new folder is entered, click OK. Deleting a Folder To delete a folder: 1. From the Shares directory, navigate to the folder to delete. Select the folder and then click Delete. The Delete Folder dialog box is displayed. Summary information about the deletion is displayed.
Folder, Printer, and Share Management Figure 61: Folder Properties dialog box, General tab 2. In the General tab, enter the new information for the folder, which may include: ■ Folder Name ■ Folder Attributes 3. In the Compress tab, indicate whether and how this folder and its contents are to be compressed. 4. After all changes have been completed, click OK. The Folders dialog box is displayed again.
Folder, Printer, and Share Management Figure 62: Create New Share dialog box, General tab 3. Enter the information for the share, including the name of the share, the allowed protocols, and corresponding permissions. Note: The Share path is the path of the previously selected volume or folder. This field is automatically completed by the system. 4. Select the appropriate tab to enter protocol specific information. See the “Managing Shares” section for detailed information about these entries. 5.
Folder, Printer, and Share Management Note: This section discusses managing shares from the Folders menu, and is an overview of the procedures. Complete details on the process of managing shares are included in the discussion that documents creating shares through the Shares menu. See the “Managing Shares” section later in this chapter for these details. To create, delete, and manage shares for a particular volume or folder while in the Folders menu: 1.
Folder, Printer, and Share Management Figure 63: Security Properties dialog box Several options are available in the Security tab dialog box: 118 ■ To add users and groups to the permissions list, click Add. Then follow the dialog box instructions. ■ To remove users and groups from the permissions list, highlight the desired user or group and then click Remove. ■ The center section of the Security tab provides a listing of permission levels.
Folder, Printer, and Share Management Figure 64: Advanced security settings To modify specific permissions assigned to a particular user or group for a selected file or folder in the Advanced screen: 1. Select the desired user or group. 2. Click Edit. 3. Check all the permissions that you want to enable, and clear the permissions that you want to disable. Enable or disable permissions by selecting the Allow box to enable permission or the Deny box to disable permission.
Folder, Printer, and Share Management Figure 65: User or Group Permission Entry dialog box Other functionality available in the Advanced Security Settings tab is illustrated in Figure 64 and includes: ■ Add a new user or group. Click Add, and then follow the dialog box instructions. ■ Remove a user or group. Click Remove. ■ Replace permission entries on all child objects with entries shown here that apply to child objects.
Folder, Printer, and Share Management Figure 66: Advanced Security Settings, Auditing tab dialog box 4. Click Add to display the Select User or Group dialog box. Figure 67: Select User or Group dialog box Note: Click Advanced to search for users or groups. 5. Select the user or group. 6. Click OK. Figure 68 illustrates the Auditing Entry screen that is displayed.
Folder, Printer, and Share Management Figure 68: Auditing Entry dialog box for folder name NTSF Test 7. Select the desired Successful and Failed audits for the user or group as shown in Figure 68. 8. Click OK. Note: Auditing must be enabled to configure this information. Use the local Computer Policy Editor to configure the audit policy on the NAS 2000s. The Owner tab allows for taking ownership of files.
Folder, Printer, and Share Management Figure 69: Advanced Security Settings, Owner tab dialog box The current owner of the file or folder is listed at the top of the screen. To take ownership: 1. Select the appropriate user or group from the Change owner to list. 2. If it is also necessary to take ownership of subfolders and files, enable the Replace owner on subcontainers and objects box. 3. Click OK to execute the commands.
Folder, Printer, and Share Management Share Management There are several ways to set up and manage shares. The WebUI provides screens for setting up and managing shares. Additional methods include using a command line interface, Windows Explorer, or NAS Management Console. This guide demonstrates using the WebUI to set up and manage shares. As previously mentioned, the file sharing security model of the NAS device is based on the NTFS file-level security model.
Folder, Printer, and Share Management Integrating Local File System Security into Windows Domain Environments ACLs include properties specific to users and groups from a particular workgroup server or domain environment. In a multidomain environment, user and group permissions from several domains can apply to files stored on the same device. Users and groups local to the NAS 2000s can be given access permissions to shares managed by the device.
Folder, Printer, and Share Management NFS Compatibility Issues When planning to manage CIFS and NFS shares, consider two specific requirements. Note: Further information, including details about the NFS Service and the User Mapping service, is available in the “UNIX File System Management” chapter. ■ NFS service does not support spaces in the names for NFS file shares. NFS translates any spaces in an export into an underscore character. Additional translations can be set up for files.
Folder, Printer, and Share Management Figure 70: Create a New Share dialog box, General tab 2. Enter the following information: ■ Share name ■ Share path ■ Client protocol types To create a folder for the new share, check the indicated box and the system will create the folder at the same time it creates the share. Protocol specific tabs are available to enter sharing and permissions information for each sharing type. See “Modifying Share Properties” for detailed information on these tabs. 3.
Folder, Printer, and Share Management Modifying Share Properties To change share settings: 1. From the Shares menu, select the share to modify and then click Properties. The General tab of the Share Properties dialog box is displayed. Figure 71: Share Properties dialog box, General tab The name and path of the selected share is displayed. 2. To enter or change client protocol information, check the appropriate boxes and then click the corresponding tabs.
Folder, Printer, and Share Management Figure 72: Share Properties dialog box, Windows Sharing tab 2. Select Offline settings. 3. Set the permissions. The Permissions box lists the currently approved users for this share. ■ To add a new user or group, either select a user or group from the box at the bottom right of the screen or manually enter the user or group name in the Add a user or group box and then click Add. That user or group is added to the Permissions box.
Folder, Printer, and Share Management Figure 73: Share Properties dialog box, UNIX Sharing tab 2. Indicate the access permissions. Select the machine from the main user display box and then select the appropriate access method from the Access permissions drop down box. The types of access are: ■ Read-only—Use this permission to restrict write access to the share. ■ Read-write—Use this permission to allow clients to read or write to the share.
Folder, Printer, and Share Management Protocol Parameter Settings As previously mentioned, the NAS 2000s supports the following protocols: ■ DFS ■ NFS ■ FTP ■ HTTP ■ Microsoft SMB This section discusses the parameter settings for each protocol type. To access and enter protocol parameter settings: 1. From the Shares menu, select Sharing Protocols. The File-Sharing Protocols dialog box is displayed. Figure 74: File-Sharing Protocols dialog box 2. Protocols and their statuses are listed.
Folder, Printer, and Share Management DFS Protocol Settings With Distributed File System (DFS) and the Windows SMB protocol, files can be distributed across multiple servers and appear to users as if they reside in one place on the network. A configuration containing multiple shares is known as a virtual namespace. Using Distributed File System (DFS), system administrators can make it easy for users to access and manage files that are physically distributed across a network.
Folder, Printer, and Share Management Figure 75: DFS Win32 GUI DFS Administration Tool The DFS Administration Tool provides extended functionality not found in the WebUI.
Folder, Printer, and Share Management Setting DFS Sharing Defaults The We UI can be used to set the default DFS settings provided when creating a shared folder. When a new shared folder is create, the DFS defaults may be overridden. To set DFS sharing defaults: 1. On the primary navigation bar, choose Shares. 2. Choose Sharing Protocols. 3. Select DFS, and then choose Properties. Figure 76: DFS properties, general tab 4.
Folder, Printer, and Share Management 3. Select DFS, and then choose Properties. Figure 77: Local DFS Root tab 4. On the Local DFS Root tab, type the name of the DFS root in the Root name box. 5. In the Folder path box, type the path of the folder that corresponds to the root. Click Create folder if the folder does not exist. 6. Choose Create DFS Root, and then choose OK. Deleting a Local DFS Root The WebUI enables the deletion of a local stand-alone DFS root on the server only.
Folder, Printer, and Share Management Publishing a New Share in DFS Once a root has been established either on the local machine or one in the network, shares can be published in order to extend the virtual name space. For example, several shares can be created for a DFS root labeled “Engineering.” The shares might be titled “Documentation,” “Technical Specs,” and “Project Info.
Folder, Printer, and Share Management Figure 79: DFS share example, mapped drive In this case, Documentation exists on G:\documentation, Technical Specs exists on G:\technical specs and Project Info exists on C:\project info on the local machine but they are all accessible via \\DOCNASBOX\engineering. Publishing an Existing Share in DFS To enable an existing shares for DFS, perform the following steps: 1. Select Shares from the WebUI. 2. Select the target share from the table and select Publish in DFS.
Folder, Printer, and Share Management Storage Management The storage management features built into the NAS 2000s are composed of three main features and are applicable at the directory level of a share. These features include: ■ Directory Quotas ■ File Screening ■ Storage Reports Each of these feature sets are describe below. For procedures and methods, refer to the online help available within the web UI via the ? in the right hand corner of each accompanying feature management page.
Folder, Printer, and Share Management Because of the differences in the amount of storage requested for a file extension operation and the amount actually allocated by Windows 2003 for that extension, the user may be allowed to exceed his quota by as much as one cluster. For example, assume the user has a quota of 100 KB and has used 96 KB on a file system with a cluster size of 8 KB. The user creates a file of 1 KB. Windows 2003 requests 1024 bytes be allocated for the file.
Folder, Printer, and Share Management Within each policy, there are a number of configuration screens that are presented in the form of a wizard. The wizard collects the following information to create a policy: ■ Name of Policy ■ Disk space limit and Unit of measurement ■ Passive limit (If selected the limit will issue warnings but will not prevent access.
Folder, Printer, and Share Management Use caution when placing screening parameters on the system partition. If certain classes of files are screened from the system partition, the operating system may not have the access to save temporary working files. It is a good idea to exclude systems directories from screening. Another option is to create a passive screening policy that allows files to be saved but the file activity to be logged.
Folder, Printer, and Share Management Print Services Printer services are a new feature added to the NAS 2000s that has not been available previously. The new service supports network printers only and is not intended for use with locally attached printers (USB or Parallel port connected).
Folder, Printer, and Share Management Note: While the “All Windows” support may be selected at this step, it is more efficient to add the alternative operating systems on each printer after the wizards are complete. See section below on “Adding Additional Operating System Support”. 6. Click Next on the Summary page and an Add Printer Wizard will start. 7. Select Local Printer and uncheck “automatically detect install my plug and play printers” click Next.
Folder, Printer, and Share Management Removing the Print Server Role To remove the print server role: 1. Click Start > Settings > Control Panel, double-click Administrative Tools, and then double-click Manage Your Server. 2. Click on Add or Remove a Roll. 3. A wizard will start. Click Next. 4. Select Printer Server from the list of Server Roles and click Next. 5. Select the checkbox Remove the printer role, click Next. 6. The Printer role will be removed, click Finish.
Folder, Printer, and Share Management 10. Enter a Share Name for the printer that will used on the network, click Next. 11. Enter a location description and a comment, click Next. 12. Select Print a test page and click Next. 13. Click Finish. A test page prints. Click OK if the page printed otherwise select Troubleshoot. Adding Additional Operating System Support By default, support is added for Windows 2000 and Windows XP.
Folder, Printer, and Share Management 146 NAS 2000s Administration Guide
Microsoft Services for NFS 8 Microsoft Services for NFS is a comprehensive software package designed to provide complete UNIX environment integration into a Windows NT, Windows 2000, Windows 2003, or Active Directory domain file server. Services for NFS manages tasks on both Windows and UNIX platforms. Tasks include creating NFS exports from Windows and administering user name mappings.
Microsoft Services for NFS Permissions are granted on a per-export basis; each export has its own permissions, independent of other exports on the system. For example, file system a can be exported to allow only the Accounting department access, and file system m can be exported allowing only the Management department access. If a user in Management needs access to the Accounting information, the A export permissions can be modified to let that one user's client machine have access.
Microsoft Services for NFS Note: If the authentication software is not installed on all domain controllers that have user name mappings, including Primary Domain Controllers, Backup Domain Controllers, and Active Directory Domains, then domain user name mappings will not work correctly. Figure 81: Microsoft Services for NFS screen, Settings tab Logging Events Various levels of auditing are available. Auditing sends Services for NFS events to a file for later review and establishes log-setting behavior.
Microsoft Services for NFS Figure 82: Server for NFS screen, Logging tab Server for NFS Server Settings The NAS 2000s has new features for Services for NFS included in the Services for NFS administration GUI. The new features include settings that affect performance, such as toggling between TCP and UDP NFS versions 2 and 3. Other Server for NFS server settings include those that affect how file names are presented to NFS clients, such as allowing hidden files and allowing case sensitive lookups.
Microsoft Services for NFS Figure 83: Server for NFS screen, Server Settings tab NAS 2000s Administration Guide 151
Microsoft Services for NFS Installing NFS Authentication Software on the Domain Controllers and Active Directory Domain Controllers The NFS Authentication software must be installed on all Primary Domain Controllers (PDCs) and backup domain controllers (BDCs) that have Windows users mapped to UNIX users. This includes Active Directory domains. For instructions on setting up user mappings, see “NFS User and Group Mappings.
Microsoft Services for NFS Microsoft Services for Unix 3.0 CD has been included with the NAS 2000s and is needed for the following procedure. To install the Authentication software on the domain controllers (CD Method): 1. Insert the Microsoft Windows Services for UNIX compact disc into the CD-ROM drive of the domain controller. 2. In the Microsoft Windows Services for UNIX Setup Wizard dialog box, click Next. 3. In the User name box, type your name.
Microsoft Services for NFS Understanding NTFS and UNIX Permissions When creating a NFS export, make sure that the NTFS permissions on the share allows the correct permissions that you want assigned for users/groups.
Microsoft Services for NFS Figure 84: Create a New Share dialog box, General tab 2. In the General tab, enter the share name and path. Check the Unix (NFS) client protocol check box. Note: Uncheck the Microsoft SMB option if you do not want to allow SMB access to the share. Note: NFS service does not support the use of spaces in the names for NFS file shares. NFS translates any spaces in an export into an underscore character.
Microsoft Services for NFS To delete a share: 1. From the Shares menu, select the share to be deleted, and then click Delete. 2. Verify that this is the correct share, and then click OK. Modifying Share Properties To change share settings: 1. From the Shares menu, select the share to modify and then click Properties. The General tab of the Share Properties dialog box is displayed. Figure 85: Share Properties dialog box, General tab The name and path of the selected share is displayed. 2.
Microsoft Services for NFS Figure 86: UNIX Sharing tab 3. From the UNIX Sharing tab of the Share Properties dialog box, a. Indicate the allowed clients. Select the machine to include in the Select a group box or manually enter the NFS client computer name or IP address. Then click Add. b. Indicate the access permissions. Select the machine from the main user display box and then select the appropriate access method from the Access permissions drop down box.
Microsoft Services for NFS Encoding Types Encoding types can be selected using the WebUI. These include the default ANSI as well as EUC-JP. Other encoding types include: ■ ANSI (default) ■ BIG5 (Chinese) ■ EUC-JP (Japanese) ■ EUC-KR (Korean) ■ EUC-TW (Chinese) ■ GB2312-80 (Simplified Chinese) ■ KSC5601 (Korean) ■ SHIFT-JIS (Japanese) If the option is set to ANSI on systems configured for non-English locales, the encoding scheme is set to the default encoding scheme for the locale.
Microsoft Services for NFS Figure 87: NFS Sharing Protocols menu NFS properties include: ■ Async/Sync Settings ■ Locks ■ Client Groups ■ User and Group Mappings Settings for asynchronous/synchronous writes and service locks are discussed together in the following paragraphs of this chapter. Client groups and user and group mappings are each discussed in separate sections later in this chapter.
Microsoft Services for NFS Note: Using synchronous writes allows for greater data integrity. Asynchronous writes will increase performance but will reduce data integrity as the data is cached before being written to disk. Changing the write state causes the NFS service to be restarted. Notify users before toggling this setting. Figure 88: NFS Async/Sync Settings dialog box NFS Locks NFS supports the ability to lock files.
Microsoft Services for NFS To enter locking parameters: 1. From the WebUI, access the NFS Protocol Properties menu by selecting Shares, Sharing Protocols. Select NFS Protocol and then click Properties. The NFS Properties menu is displayed. 2. In the NFS Properties menu, select NFS Locks. The NFS Locks dialog box is displayed. Figure 89 is an illustration of the NFS Locks dialog box. All clients that have locks on system files are listed in the Clients that hold locks box. 3.
Microsoft Services for NFS NFS Client Groups The Client Groups feature gives administrators a method of assigning access permissions to a set of clients. The administrator creates a client group, gives it a name, and then inserts clients into the group by client name or IP address. After the client group is created, the administrator adds or removes permissions for the entire group, instead of allowing or denying access for each individual client machine.
Microsoft Services for NFS Adding a New Client Group To add a new client group: 1. From the NFS Client Groups dialog box, click New. The New NFS Client Group dialog box is displayed. Figure 91: New NFS Client Group dialog box 2. Enter the name of the new group. 3. Enter the client name or their IP address. 4. Click Add. The system adds the client to the displayed list of members. 5. To remove a client from the group, select the client from the Members box and then click Remove. 6.
Microsoft Services for NFS Editing Client Group Information To modify the members of an existing client group: 1. From the NFS Client Groups dialog box, select the group to modify, and click Edit. The Edit NFS Client Group dialog box is displayed. Current members of the group are listed in the Members box. Figure 92: Edit NFS Client Groups dialog box 2. To add a client to the group, enter the client name or IP address in the Client name box, and then click Add.
Microsoft Services for NFS NFS User and Group Mappings When a fileserver exports files within a homogeneous environment, there are no problems with authentication. It is a simple matter of making a direct comparison to determine whether the user should be allowed access to the file, and what level of access to allow. However, when a fileserver works in a heterogeneous environment, some method of translating user access is required.
Microsoft Services for NFS Squashed Mappings If the NFS server does not have a corresponding UID or GID or if the administrator has set other conditions to filter out the user, a process called squashing takes effect. Squashing is the conversion of an unmapped or filtered user to an anonymous user. This anonymous user has very restricted permissions on the system.
Microsoft Services for NFS — Make sure that the Windows Group1 is mapped to the corresponding UNIX Group1. — Make sure that User1 is a member of Group1 on both Windows and UNIX. ■ Map properly — Valid UNIX users should be mapped to valid Windows users. — Valid UNIX groups should be mapped to valid Windows groups. — Mapped Windows user must have the Access this computer from the Network privilege, or the mapping will be squashed.
Microsoft Services for NFS Figure 94: User and Group Mappings dialog box, General tab From the General tab of the User and Group Mappings dialog box: 1. If an NIS server is being used: a. Select Use NIS server. b. Enter the NIS domain name. c. Enter the NIS server name. This field is optional, but recommended. In the Hours and Minutes fields, indicate how often the system will connect to the NIS domain to update the user list. 2. If custom password and group files are being used: a.
Microsoft Services for NFS Figure 95: User and Group Mappings dialog box, Simple Mapping tab Explicit User Mapping Tab Explicit (or advanced) mappings allow the administrator to map any user or group manually to any other user and group. Advanced mappings override simple mappings, giving administrators the capability of using simple mapping for most users and then using advanced mappings for the users with unique names on the different systems.
Microsoft Services for NFS Figure 96: User and Group Mappings dialog box, Explicit User Mapping tab To create explicit user mappings: 1. Click the List UNIX Users button to populate the UNIX users box. 2. To map a local Windows user to a UNIX user, highlight the Windows user in the Windows local users box and highlight the UNIX user that you want to map, and then click Add. The Explicitly mapped users box at the bottom of the screen is populated with the new mappings.
Microsoft Services for NFS Figure 97: User and Group Mappings dialog box, Explicit Group Mapping tab To create explicit group mappings: 1. Click the List UNIX Groups button to populate the UNIX Groups box. 2. To map a local Windows group to a UNIX group, highlight the Windows group in the Windows local groups box and highlight the UNIX group to map, and then click Add. The Explicitly mapped groups box at the bottom of the screen is populated with the new mappings.
Microsoft Services for NFS Backing up and Restoring Mappings The user name-mapping server has the capability to save and retrieve mappings from files. This capability is useful for backing up mapping settings prior to making changes and for exporting the mapping file from one server to others, using the same mapping information. The user name-mapping server can save existing mappings to a file or load them from a file and populate the mapping server.
Microsoft Services for NFS 2. Type the path and name of the file in the File path and name field or click Browse to locate the file. 3. After locating the file, click Restore. Creating a Sample NFS File Share HP recommends performing the following tests to verify that the setup of the shares, user mappings, and permissions grant the desired access to the NFS shares. 1. Create an NFS share. NFS Shares are All Machines, read-only by default.
Microsoft Services for NFS Remote Desktop In addition to the WebUI, Remote Desktop is available for remote administration of Services for UNIX. This service let users connect to machines, log on, and obtain command prompts remotely. See Table 12 for a list of commonly used commands. Using Remote Desktop Microsoft Remote Desktop can be used to remotely access the NAS 2000s desktop. This provides the administrator flexibility to automate setups and other tasks.
NetWare File System Management 9 File and Print Services for NetWare (FPNW) is one part of the Microsoft software package called Services for NetWare. The most common use of the NetWare network operating system is as a file and print server. Customers using NetWare as the platform to host their file and print services have become accustomed to its interface from both a user and an administrator point of view and have built up an investment in NetWare file and print services.
NetWare File System Management Installing Services for NetWare The installation of FPNW on the NAS 2000s allows for a smooth integration with existing Novell servers. FPNW allows a Windows 2000-based server to emulate a NetWare file and print server to users, clients, and administrators. This emulation allows authentication from Novell clients, the use of Novel logon scripts, the creation of Novell volumes (shares), the use of Novell file attributes, and many other Novell features.
NetWare File System Management Figure 100: Installing File and Print Services for NetWare Managing File and Print Services for NetWare To access FPNW: 1. From the desktop of the NAS 2000s, click Start > Settings > Control Panel, and then double-click FPNW. Figure 101: File and Print Services for NetWare screen 2. Enter an FPNW Server Name and Description. This name must be different from the server name used by Windows or LAN Manager-based clients to refer to the server.
NetWare File System Management 3. Indicate a Home directory root path. This path is relative to where the Sysvol volume has been installed. This will be the root location for the individual home directories. If the directory specified does not already exist, it must first be created. 4. Click Users to: See connected users, disconnect users, send broadcast messages to all users connected to the server, and to send a message to a specific user. 5.
NetWare File System Management Enabling Local NetWare User Accounts 1. In the Users folder (NMC, Core Operating System, Local Users and Groups), right-click an NCP client listed in the right pane of the screen and then click Properties. 2. Select the NetWare Services tab. Figure 103: NetWare Services tab 3. Select Maintain NetWare compatible login. 4. Set other NetWare options for the user and click OK.
NetWare File System Management Managing NCP Volumes (Shares) NCP file shares are created in the same manner as other file shares; however, there are some unique settings. NCP shares can be created and managed using the NAS Management Console. Note: NCP shares can be created only after Microsoft Services for NetWare is installed. See the previous section “Installing Services for NetWare” for instructions on installing SFN. Creating a New NCP Share To create a new file share: 1.
NetWare File System Management 4. In Share Name, type the name of the share. Users will see this name. 5. In Description, type a description for the share. Click Next.
NetWare File System Management 6. The dialog box illustrated in Figure 105 is displayed. Figure 105: NetWare Basic Share Permissions dialog box 7. Select the appropriate permissions level. If a custom permissions level is desired, select the Customize share and folder permissions radio button and then click Custom. The Customize Permissions dialog box is displayed. Figure 106 is an illustration of the Customize Permissions dialog box.
NetWare File System Management Figure 106: Customize Permissions dialog box, Share Permissions tab 8. In the Share Permissions tab, select the appropriate permissions level for each user or group that is configured to have access to that share. 9. To enter file system permissions, select the Security tab. The following dialog box is displayed.
NetWare File System Management Figure 107: Customize Permissions dialog box, Security tab 10. In the Security tab of the Permissions dialog box, enter the file system security properties that apply to the share folder on the server. 11. After the permissions have been entered, click OK to return to the Create Shared Folder screens. Click Finish to create the share. 12. To create additional shares, click Yes at the “Create another shared folder” prompt. Otherwise, click No to exit.
NetWare File System Management NOTES: 1. Permissions can be set on a shared volume regardless of its type of file system. 2. Share permissions are effective only when the share is accessed over the network. 3. The group of permissions you set for the share applies equally to all files and subdirectories in the volume. 4. Permissions on an NTFS share operate in addition to NTFS permissions set on the directory itself. Share permissions specify the maximum access allowed.
NetWare File System Management 186 NAS 2000s Administration Guide
Remote Access Methods and Monitoring 10 The HP StorageWorks NAS 2000s comes from the factory with full remote manageability.
Remote Access Methods and Monitoring Web Based User Interface The NAS 2000s includes a Web based user interface (WebUI) for the administrator to remotely manage the machine. Of all of the remote access methods, the WebUI is the most intuitive and easiest to learn and use. The WebUI permits complete system management, including system configuration, user and group management, shares management, UNIX file system management, and storage management. To access the WebUI: 1. Launch a Web browser. 2.
Remote Access Methods and Monitoring Features The Integrated Lights-Out port provides the following features: Note: The remote client console must have a direct browser connection to the Integrated Lights-Out port without passing through a proxy server or firewall. ■ Hardware based graphical remote console access ■ Remote restart ■ Server failure alerting ■ Integration with Insight Manager ■ Local Area Network (LAN) access through onboard NIC ■ Browser support for Internet Explorer 5.
Remote Access Methods and Monitoring Manage Alerts Feature The Manage Alerts feature allows the user to: ■ Select alert types received ■ Generate a global test alert ■ Generate an individual test alert ■ Clear pending alerts ■ Enable alerts Refer to the Integrated Lights-Out Port User Guide for more information about the Integrated Lights-Out port features and functionality.
Remote Access Methods and Monitoring Using the Integrated Lights-Out Port to Access the NAS 2000s Using the Web interface of a client machine is the recommended procedure for remotely accessing the server: 1. In the URL field of the Web browser, enter the IP address of the Integrated Lights-Out port. Note: The iLO port can also be accessed from the HP Utilities tab of the WebUI by clicking the remote management link. 2.
Remote Access Methods and Monitoring Enabling Telnet Server Telnet Server can be enabled in two ways. The first is to use Remote Desktop to access a command line interface and enter the following command: net start tlntsvr The Telnet Server service needs to be enabled prior to running this command. The service can be enabled by opening the services MMC: 1. Select Start, Run, then type services.msc. 2. Locate the Telnet service, right-click on it, then select Properties. 3.
Index A editing NFS 164 managing NFS 162 conventions document 12 equipment symbols 13 text symbols 13 creating NFS file shares 154 ACL defined 124 translating 166 ADG (Advanced Data Guarding) 51 alerts, e-mail, setting up 30 array controller purpose 46 arrays defined 45 audience 12 Authentication software, installing 152 authorized reseller, HP 15 C cache file, shadow copies 87 CIFS administration 102 share support 125 client groups adding NFS 163 deleting NFS 163 NAS 2000s Administration Guide Index
Index Ethernet NIC teams adding 35 checking status 41 configuring 36 configuring properties 38 configuring TCP/IP 39 renaming the connection 38 setting up 32 showing connection icon 39 troubleshooting 41 events, Services for NFS, logging 149 explicit group mapping 170 explicit mappings 165, 169 exports 148 F fail on fault setting 36 fault tolerance for NIC teams 36 methods supported 48 features redundancy 18 File and Print Services for NetWare. See FPNW.
Index I iLO. See Integrated Lights-Out Port Insight Manager defined 17 described 192 Integrated Lights-Out port accessing NAS 2000s 191 activating 32 configuration 190 described 17, 188 features 189 license key 32 L license key, iLO port 32 load balancing 37 switch-assisted 37 transmit 37 NAS 2000s Administration Guide with IP address 37 with MAC address 37 localhost 148 locks, NFS 160 logging, Services for NFS events 149 logical drives.
Index M management, storage 43 managing system storage 42 mappings backup and restore 172 best practices 166 creating 167 data stored 167 explicit 165, 169 NFS 165 simple 165, 168 squashed 166 mount points creating 53 not supported with NFS 53 mounted drives and shadow copies 85 N NAS 2000s defined 17 desktop 23 restarting 27 shutting down 27 supported fault tolerance methods 48 using iLO to access 191 utilities 17 NCP creating new share 180 shares, modifying properties 184 NetWare adding local users 178
Index R S rack stability, warning 14 RAID ADG advantages 52 ADG disadvantages 52 ADG explained 51 level on server 18 RAID 0 46 RAID 0 advantages 48 RAID 0 disadvantages 49 RAID 0 explained 48 RAID 1 advantages 49 RAID 1 disadvantages 50 RAID 1 explained 49 RAID 1+0 explained 49 RAID 5 advantages 51 RAID 5 disadvantages 51 RAID 5 explained 50 summary of methods 52 rapid startup wizard defined 17 redundancy 18 remote access iLO port 188 Insight Manager 192 methods listed 187 Remote Desktop 188 Telnet Serve
Index shares administrative 125 creating new 115, 126 creating new NCP 180 deleting 127 managing 124 managing for a volume or folder 116 modifying NCP properties 184 modifying NFS properties 156 modifying properties 128 NCP 180 NFS tests 173 NFS, creating 154 NFS, deleting 156 path 116 standard 125 UNIX 129 web (HTTP) 130 Windows tab 128 shutting down the server 27 simple mapping 168 simple mappings 165 smart switch 36 software installing Authentication 152 squashed mappings 166 squashing 148 storage contr
Index V W virtual storage 43 Volume Shadow Copy Service 81 volumes creating new share 115 creating Novell 175 managing shares for 116 navigating to 112 NCP 180 planning 54 warning rack stability 14 symbols on equipment 13 web sharing 130 websites HP storage 15 WebUI accessing 21 defined 17 launching 188 Windows sharing 128 workgroup environment 20 NAS 2000s Administration Guide 199
Index 200 NAS 2000s Administration Guide
