EMC® ViPR™ Version 1.1.
Copyright © 2013-2014 EMC Corporation. All rights reserved. Published in USA. Published March, 2014 EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice. The information in this publication is provided as is.
CONTENTS Chapter 1 Prerequisites 7 Checklist for ViPR installation and configuration readiness..............................8 How ViPR virtual appliance is deployed......................................................... 11 ViPR Controller VM requirements................................................................... 11 Prerequisites for ViPR UI................................................................................ 11 VMware requirements.....................................................
CONTENTS Collect EMC SMI-S Provider information........................................... 36 Collect Isilon configuration information............................................36 Collect VNX file configuration information........................................ 37 Collect VPLEX information................................................................ 37 Collect NetApp configuration information.........................................38 Collect EMC RecoverPoint site information..........................
CONTENTS Using the Object Data Service....................................................................... 70 Adding an object data store key....................................................... 70 Testing the object service using the S3 Browser............................... 70 Chapter 6 Setting Up Multiple Tenants 73 Prerequisites for creating multiple tenants.................................................... 74 Configuring multiple tenants with the REST API....................................
CONTENTS 6 EMC ViPR 1.1.
CHAPTER 1 Prerequisites u u u u u u u Checklist for ViPR installation and configuration readiness......................................8 How ViPR virtual appliance is deployed................................................................. 11 ViPR Controller VM requirements........................................................................... 11 Prerequisites for ViPR UI........................................................................................ 11 VMware requirements....................
Prerequisites Checklist for ViPR installation and configuration readiness Use the checklist as an overview of the information needed to install and configure a ViPR virtual appliance. Detailed procedures are described elsewhere in the ViPR documentation. Refer to the EMC ViPR Data Sheet and Compatibility Matrix on support.EMC.com for the specific models and versions supported.
Prerequisites Table 1 Checklist for ViPR installation and configuration readiness (continued) - Basic step - Description Data Sheet and Compatibility Matrix on support.EMC.com for supported SMI-S versions. Refer to "Configure the SMIS Provider" in the EMC ViPR Installation and Configuration Guide for details. - Notes - Done? Identify a vCenter Server ViPR is deployed as a vApp. and ESXi on which to deploy Refer to the EMC ViPR Data the ViPR vApps. Sheet and Compatibility Matrix on support.EMC.
Prerequisites Table 1 Checklist for ViPR installation and configuration readiness (continued) - Basic step Identify two or three DNS servers. Identify two or three NTP servers. - Description Two or three DNS server IPs need to be supplied during ViPR deployment. Two or three NTP servers need to be supplied during ViPR deployment For each ViPR Controller VM, You need this information collect: IP address, IP when deploying the network mask, IP network Controller VM OVA. gateway.
Prerequisites How ViPR virtual appliance is deployed ViPR is deployed as three or five Controller VMs. Deployment steps for the ViPR virtual appliance are described in this guide. Figure 1 Deployment process For ViPR Object Data Service support, additionally deploy one or more data VMs. Deployment steps for Object Data Service are described in Installation and initial configuration of Object Data Service on page 61.
Prerequisites Prerequisites for ViPR CLI The ViPR CLI can run on supported Linux and Windows computers. Although the ViPR CLI is available on a ViPR Controller VM, it is recommended that you install and run it on a different computer. Refer to the EMC ViPR Data Sheet and Compatibility Matrix on support.EMC.com for specific information on supported OS versions and additional requirements of the CLI.
Prerequisites u VNX File Control Stations are at a supported version. See the EMC ViPR Data Sheet and Compatibility Matrix. u Storage pools for VNX File have been created. u Control Stations are operational and will be reachable from ViPR Controller VMs. u VNX SnapSure is installed, configured, and licensed. Preconfiguration requirements for VPLEX systems ViPR supports VPLEX in a Local or Metro configuration. VPLEX Geo configurations are not supported.
Prerequisites u ONTAP version is listed as supported in the EMC ViPR Data Sheet and Compatibility Matrix. u ONTAP is in 7-mode configuration. u You have NetApp licenses for NFS, CIFS, and snapshots. u Run the cifs setup command to perform initial configuration of the filer for CIFS. You must have installed the CIFS license before you run this command. Preconfiguration requirements for fabrics The SAN fabrics you add to ViPR must meet certain preconfiguration requirements.
Prerequisites u IP connectivity between RecoverPoint and the ViPR virtual appliance is required. Preconfiguration requirements for SRDF ViPR supports SRDF for use as a data protection type when you create a virtual pool. The SRDF configuration must meet certain preconfiguration requirements. u VMAX running Enginuity versions as specified in the EMC ViPR Data Sheet and Compatibility Matrix. u One or more front-end directors configured for RDF connectivity.
Prerequisites Configuring multipath software on hosts A supported host must have mulitpath software configured. Refer to the following documentation for details on configuring multipath software on hosts: EMC PowerPath: EMC PowerPath for Linux Installation and Configuration Guide and u EMC PowerPath and PowerPath/VE for Microsoft Windows Installation and Administration Guide. u SuSE Linux Enterprise Server (SLES): Storage Administration Guide under "Configuring the System for Multipathing".
Prerequisites d. The host must be added to the Admin > Physical Assets > Hosts page by a System Administrator. The credentials you supply for the host are of the form: domain\username 3. Check that the host is displayed as valid in the table. After you finish After ViPR is deployed, you can check that the host is displayed as valid in Admin > Physical Assets > Hosts. If you receive the following message WinRM may not be enabled or configured properly, or there may be a network problem.
Prerequisites vipradmin ALL=(ALL) VIPRMGMT Collect information for ViPR Controller VM virtual machines When you deploy ViPR you need to supply an IP address for each Controller VM. Procedure 1. Record the IP addresses needed for deployment. ViPR can be deployed in a configuration of 3 or 5 Controller VMs. Use a unique, static IPv4 address for each Controller VM. All IP addresses must be IPv4, except for the public virtual IP address, which can have an IPv4 address, IPv6, or both.
CHAPTER 2 Deployment Steps u u u u u u u ViPR deployment files............................................................................................20 ViPR deployment properties for Controller VMs......................................................20 Deploying ViPR Controller VMs with vSphere Client................................................21 Obtaining the license file.......................................................................................22 Installing the ViPR CLI on Linux...
Deployment Steps ViPR deployment files ViPR Controller is available as an OVA file that you can download from the ViPR product page on support.EMC.com. - File - vipr-controller-2+1.ova Description For Controller virtual appliance deployment. One VM can go down without affecting availability of the virtual appliance. vipr-controller-3+2.ova For Controller virtual appliance deployment. Two VMs can go down without affecting availability of the virtual appliance.
Deployment Steps - Property name in vSphere Client Key name Description - - You can have both an IPv4 address and an IPv6 address for the public virtual address. See also the restriction in Avoiding conflicts in network virtual IP addresses on page 21 IPv6 prefix length network_prefix_length IPv6 prefix length. Default is 64. IPv6 default gateway network_gateway6 IPv6 address for the public network gateway.
Deployment Steps 5. On the OVF Template Details page, review the details about the appliance. 6. Accept the End User License Agreement. 7. Specify a name for the appliance. 8. Select the host or cluster on which to run the virtual appliance. 9. If resource pools are configured (not required for ViPR), select one. 10.If more than one datastore is attached to the ESX Server, select the datastore for your appliance. 11.
Deployment Steps Installing the ViPR CLI on Linux You can install the ViPR command line interface executable directly from ViPR appliance onto a supported Linux host. Before you begin u You need access to the ViPR appliance host. u You need root access to the Linux host. Procedure 1. Log in to the Linux server as root. 2. Create a temporary directory to download the CLI installer. mkdir cli/temp cd cli/temp 3.
Deployment Steps # ViPR Host fully qualified domain name ViPR_HOSTNAME=example.mydomain.com # ViPR Port Number ViPR_PORT=4443 :wq 8. Run the source command to set the path environment variable for the ViPR executable. source ./viprcli.profile 9. From the command prompt run: viprcli -h. If the help for viprcli is displayed, then the installation is successful.
Deployment Steps Variable Example Value Set VIPR_HOSTNAME under
Deployment Steps Overview of configuration steps After installation, you can configure the ViPR virtual appliance by using the REST API, the command line interface viprcli, or the UI. Refer to the EMC ViPR Installation and Configuration Guide, EMC ViPR REST API Reference, EMC ViPR CLI Reference, and the EMC ViPR Administrator Guide for detailed information on steps, syntax, and payloads.
Deployment Steps Table 4 Overview of configuration steps (continued) - Step 14 15 16 17 - UI (https://ViPR_virtual_ip) Assign networks to virtual arrays (Admin > Virtual Assets > Virtual Arrays > Networks) - REST API - POST /vdc/varrays/{id}/networks Create virtual pools (Admin > Virtual Assets > Virtual Pools) POST /block/vpools Assign physical storage pools to virtual storage pools (Admin > Virtual Assets > Virtual Pools) PUT /block/vpools/{id}/assignmatched-pools Create a project (Admin
CHAPTER 3 Upgrading ViPR Software u u u u u u Upgrade................................................................................................................ 30 Pre-upgrade planning............................................................................................30 Upgrading ViPR software....................................................................................... 31 Post-upgrade steps..............................................................................................
Upgrading ViPR Software Upgrade Use the Admin > System > Upgrade page to: u View the present ViPR version installed on all VMs, and any newer versions available in the upgrade repository. Note The upgrade repository is on an EMC server by default, and can be changed from the Admin > System > Configuration > Upgrade page. u Upgrade to a newer version of ViPR. Table 5 Supported upgrade paths to ViPR 1.1.0 Patch 1 - Version ViPR 1.0.0 - Upgrade path to ViPR 1.1.0 Patch 1 Must first upgrade to ViPR 1.
Upgrading ViPR Software In the unlikely event that there is a need to revert to a snapshot, keep in mind that the ViPR database will be at the state it was in when the snapshot was taken. Procedure 1. Connect using SSH to each ViPR controller VM and shut down with the halt command. 2. Use vSphere Client to take a snapshot of each controller VM. Do not snapshot the virtual machine's memory. 3. When the snapshots are complete, power up the ViPR controller vApp. 4.
Upgrading ViPR Software u After a successful upgrade, discard the pre-upgrade snapshots. Resume regular ViPR backups. Reverting to pre-upgrade snapshots If you need to revert to the VM snapshots made before upgrade, use the vCenter Snapshot Manager. Before you begin You need access to the vCenter Server via vSphere Client where the ViPR VMs are located. You need credentials that allow you to shut down the ViPR VM from the console.
CHAPTER 4 Initial Configuration of ViPR Virtual Appliance u u u u u u u u u u u u u u u u u u u u u u u u u u u u Completing the configuration................................................................................ 34 Avoid out-of-band changes to the physical environment........................................34 Collect information needed during configuration................................................... 34 Initial login and setup...............................................................
Initial Configuration of ViPR Virtual Appliance Completing the configuration After ViPR is deployed, use the UI to complete the configuration steps that are required before users can order ViPR services. u Complete the initial setup steps, using the wizard that runs when you log in as root for the first time. u Add an authentication provider so you can later assign roles and ACLs to external users. u Add physical assets such as storage arrays, fabric managers, and data protection systems.
Initial Configuration of ViPR Virtual Appliance - Setting - Obtain credentials for an account on CMCNE that has admin privileges to the switches. Value Confirm that the switches have been discovered through CMCNE. Confirm that the CMCNE SMI-S provider interface is enabled. Obtain credentials for the SMI-S provider used by CMCNE. Confirm that fabrics have been created and have ports assigned.
Initial Configuration of ViPR Virtual Appliance l The host server running Solutions Enabler (SYMAPI Server) and SMI-S Provider (ECOM) differs from the server where the VMAX service processors or VNX storage processors are running. l For VMAX, the host is able to see the gatekeepers (six minimum). For VNX, the host needs IP connectivity. l The VMAX/VNX array is discovered in the SMI-S Provider.
Initial Configuration of ViPR Virtual Appliance - Setting - Port (default is 8080) Value Credentials for the root account on the Isilon array Collect VNX file configuration information You need to supply certain configuration information when adding VNX File storage to the ViPR virtual appliance. Before you begin You need access to the required VNX File information. Procedure 1.
Initial Configuration of ViPR Virtual Appliance Collect NetApp configuration information You need to supply certain configuration information when adding a NetApp array to the ViPR virtual appliance. Before you begin You need access to the required NetApp information. Procedure 1.
Initial Configuration of ViPR Virtual Appliance - Setting SMTP server - Description SMTP server or relay for sending email (For ConnectEMC and Approvals) Port The port on which the SMTP service on the SMTP server is listening for connections. Default is 25, or 465 is TLS/SSL is used. Encryption used? Use TLS/SSL for the SMTP server connections. - Value Note If TLS/SSL encryption used, the SMTP server must have a valid CA certificate.
Initial Configuration of ViPR Virtual Appliance The ViPR root account has all privileges that are needed for initial configuration; it is also the same as the root user on the Controller VMs. The system accounts (sysmonitor, svcuser, and proxyuser) are used internally by ViPR. 3. Select a transport option for ConnectEMC (FTPS (default), SMTP, or none) and enter an email address (user@domain) for the ConnectEMC Service notifications.
Initial Configuration of ViPR Virtual Appliance Authentication provider settings You need to provide certain information when adding or editing an authentication provider. UI name - Name - CLI name (Provider.cfg) name Description and requirements - The name of the authentication provider. You can have multiple providers for different domains. Type mode Active Directory or LDAP. In Provider.cfg (CLI), use ad or ldap. Description description Free text description of the authentication provider.
Initial Configuration of ViPR Virtual Appliance UI name - - CLI name (Provider.cfg) Description and requirements - This user must have Read all inetOrgPerson information in Active Directory. The InetOrgPerson object class is used in several non-Microsoft, Lightweight Directory Access Protocol (LDAP) and X.500 directory services to represent people in an organization.
Initial Configuration of ViPR Virtual Appliance UI name - - CLI name (Provider.cfg) Description and requirements Note Once this value is set for a provider, it cannot be changed, because of the tenants that are using this provider may already have role assignments and permissions configured using group names in a format using the current attribute. Group Whitelist whitelist Optional. One or more group names as defined by the authentication provider.
Initial Configuration of ViPR Virtual Appliance UI name - - CLI name (Provider.cfg) Description and requirements - Note that by default, if no groups are added to the tenant user mapping, users from any groups are accepted, regardless of the whitelist configuration. Active Directory only. Does not apply to other authentication providers. Search Scope searchscope One Level (search for users one level under the search base) or Subtree (search the entire subtree under the search base).
Initial Configuration of ViPR Virtual Appliance Considerations when adding authentication providers When you configure ViPR to work with Active Directory, you must decide whether to manage several domains in a single authentication provider, or to add separate authentication providers for each domain. The decision to add a single authentication provider, or multiple, depends on the number of domains in the environment, and the location on the tree from which the manager user is able to search.
Initial Configuration of ViPR Virtual Appliance Example of one authentication provider managing multiple domains in a single forest In this example, the environment includes a forest with one top domain and two subdomains. A single authentication provider manages all the domains. In this example: 46 u The port for the Global Catalog (central repository of domain information for the forest) in the server URL is 3268. u The domains to be managed are the top domain, security.vipr.
Initial Configuration of ViPR Virtual Appliance Adding a storage system You can add a supported storage system from the Admin view's Physical Assets tab. Before you begin u This operation requires the System Administrator role in ViPR. Procedure 1. Select Admin > Physical Assets > Storage Systems. 2. Add a storage system. 3. Select the storage system type. 4.
Initial Configuration of ViPR Virtual Appliance 5. Save. SMI-S providers You can use the SMI-S Providers tab (Admin > Physical Assets > SMI-S Providers) to add an SMI-S provider and discover all storage known to it. Adding an SMI-S provider You can add an SMI-S provider to ViPR and use it to discover VMAX and VNX block storage. Before you begin u This operation requires the System Administrator role in ViPR. Procedure 1. Select Admin > Physical Assets > SMI-S Providers. 2. Add an SMI-S Provider. 3.
Initial Configuration of ViPR Virtual Appliance 4. Save. The fabric manager is automatically registered and all discovered networks associated with the switch are registered. Data protection systems You can use the Data Protection Systems tab (Admin > Physical Assets > Data Protection Systems) to add a protection system such as EMC RecoverPoint to ViPR. Adding a data protection system You can add a data protection system on the Admin view's Physical Asset tab.
Initial Configuration of ViPR Virtual Appliance u When adding Windows hosts using LDAP or Active Directory domain account credentials, the domain user credentials must be in the same domain where the Windows host is located; otherwise the Windows host discovery will fail. Procedure 1. Select Admin > Physical Assets > Hosts. 2. Add a host. 3. Specify the operating system of the host, assign it a name by which it will be known in ViPR, and enter its fully qualified domain name or IP address. 4.
Initial Configuration of ViPR Virtual Appliance created, hosts are added to the cluster. Hosts can be added to the cluster while creating or editing a host in ViPR, or from the Clusters page. A host can only exist in one cluster. Once a host is part of a ViPR cluster, service operations can be performed exclusively on a single host, or shared across the hosts in a cluster. u Hosts that are not currently in use in a ViPR service, can be moved to different clusters by adding it to the new cluster.
Initial Configuration of ViPR Virtual Appliance vCenters You can use the vCenters tab (Admin > Physical Assets > vCenters) to add a vCenter to ViPR which storage can be exported and mounted as a datastore. Adding a vCenter server Add a vCenter Server to make provisioned volumes available to ESX hosts. You can add a vCenter from the Admin view's Physical Asset tab. Before you begin u This operation requires the System Administrator role in ViPR. Procedure 1. Select Admin > Physical Assets > vCenters. 2.
Initial Configuration of ViPR Virtual Appliance Adding a virtual array You should create one virtual array for each physical site, enterprise SAN, or computing "pod". Before you begin u This operation requires the System Administrator role in ViPR. u At a minimum, a virtual array defines the type of SAN Zoning that will occur when a volume is exported from the array, and must include one or more networks u Storage systems are brought into the virtual array with the networks. Procedure 1.
Initial Configuration of ViPR Virtual Appliance Adding an IP network Networks for IP connected storage must be manually created, and added to the virtual array. Before you begin u This operation requires the System Administrator role in ViPR. u There are two ways to access the IP networks page either Procedure 1. Go to the Add IP Networks page: Option Description From the Networks page a. Go to the Admin > Virtual Assets > Networks page. b. Click Add IP Network. From the Virtual Array page a.
Initial Configuration of ViPR Virtual Appliance case, the performance and protection characteristics of the virtual pool would determine that it provides high performance storage. Hence, when giving a name to the virtual pool, you might choose "gold" or "tier1" to indicate that the storage provides the highest performance.
Initial Configuration of ViPR Virtual Appliance 4. Select the storage type, Block. The criteria you specify will determine the physical storage pools that are eligible to be part of this virtual pool. 5. Select a provisioning type (thick, thin). 6. Select one or more virtual storage arrays that can contribute physical storage pools to the virtual pool. A virtual pool must be associated with at least one virtual array. 7. Select one or more storage-type-specific protocols used to access the data: FC, iSCSI.
Initial Configuration of ViPR Virtual Appliance The matching physical storage pools (listed under Storage Pools) will be saved in this virtual pool. Setting RecoverPoint data protection criteria for a block virtual pool You can set RecoverPoint criteria when you create or edit a block virtual pool. Before you begin u This operation requires the System Administrator role in ViPR.
Initial Configuration of ViPR Virtual Appliance Procedure 1. Select Admin > Virtual Assets > Virtual Pools. 2. Click Add or select an existing virtual pool name to edit. 3. Set properties as described in Creating or editing a virtual pool for block storage type on page 55. 4. For Remote Protection, select VPLEX Distributed or VPLEX Local. a. If you select VPLEX Distributed, select an existing virtual array to act as a destination for the distributed volume.
Initial Configuration of ViPR Virtual Appliance 5. Select a provisioning type (thick, thin). 6. Select one or more virtual storage arrays that can contribute physical storage pools to the virtual pool. A virtual pool must be associated with at least one virtual array. 7. Select one or more storage-type-specific protocols used to access the data. The options for file are NFS and CIFS. 8. Select a system type. For file, the options are EMC VNX, EMC Isilon, NetApp, or none. 9.
Initial Configuration of ViPR Virtual Appliance a. Check the Enable Quota box b. In the Quota field, enter the maximum amount of storage that you want to allow. 6. To assign project permissions to other users, select Add ACL. An ACL field is displayed allowing you enter a user or group name and assign a permission. 7. Enter the name of a user or group and set the Type field to be consistent. 8. Select the access permission for the user as either ALL or BACKUP.
CHAPTER 5 Installation and Initial Configuration of ViPR Data Services u u u u u u u u u u u Setting up ViPR Data Services................................................................................62 Obtaining Data Services deployment files and HDFS support files......................... 63 Data Services prerequisite steps........................................................................... 63 Choosing an IP network to support Data Services..................................................
Installation and Initial Configuration of ViPR Data Services Setting up ViPR Data Services One or more Data Services VMs must be added to ViPR, and a data services virtual pool must be created and provisioned in the ViPR virtual data center, before users can perform object or HDFS data operations using ViPR Data Services. A summary of the procedure that must be performed to set up the Data Services is provided below and is followed by the detailed steps.
Installation and Initial Configuration of ViPR Data Services Option Description Without base URL Tenant namespace and bucket are provided with the x-emc headers in the REST request. With base URL Encode the tenant namespace and bucket in the hostname part of the URL. Obtaining Data Services deployment files and HDFS support files To install one or more data VMs to enable ViPR Data Services, you will need to download the vipr-*-dataservice.zip from the ViPR product page on support.EMC.com.
Installation and Initial Configuration of ViPR Data Services Choosing an IP network to support Data Services Select the IP network that provides the file storage systems that underpin Data Services. If an IP network that provides file storage does not exist, create it. Before you begin This operation requires the System Administrator role in ViPR. Procedure 1. Select Admin > Data Services > Setup. 2.
Installation and Initial Configuration of ViPR Data Services u The IPv4 address or hostname of all data VMs must have been added to the controller node configuration using the procedure in Configuring the ViPR controller to allow access by data VMs on page 64. u If you are deploying the data node(s) immediately after deploying the ViPR virtual appliance, wait until the ViPR virtual appliance status on the Dashboard tab says "Stable" (about 2 minutes).
Installation and Initial Configuration of ViPR Data Services If you have a previously downloaded .iso file, do not use it if you have made any controller node configuration changes since it was downloaded. Use a newly downloaded .iso file. During deployment, the ISO image is mounted by vCenter and configuration information required by the data node VM is obtained. This information comprises the addresses and ports of the controller node services that the data node needs to access. 7.
Installation and Initial Configuration of ViPR Data Services l. Review the selections you have made at the Ready to Complete page and select Finish. 9. Once the deployment has completed successfully, start each data node VM, one at a time, and check to see that the data node VM appears in the ViPR Virtual Appliance area of the UI Dashboard: Admin > System > Dashboard.
Installation and Initial Configuration of ViPR Data Services 5. Select the virtual array that will provide the data store. The file virtual pools that you will be offered will be those associated with the selected array. 6. Select the file virtual pool that will provide the file system that underlies the data store. 7. Enter the size of the data store. 8. Select the data services virtual pool to which this data store belongs.
Installation and Initial Configuration of ViPR Data Services Adding a Base URL This task is only necessary if you use object clients that encode the location of an object, its namespace and bucket, in a URL. In that case you can specify a base URL that will be used, together with the namespace, as the path to objects in a tenant. Before you begin This operation requires the System Administrator role in ViPR.
Installation and Initial Configuration of ViPR Data Services Using the Object Data Service Once you have configured data services, clients can access object storage using the ViPR API or using an existing object client, such as the S3 browser. Steps are provided to enable you to demonstrate that the object service is configured, and that you can create buckets and store objects in the buckets using the S3 browser.
Installation and Initial Configuration of ViPR Data Services - Account Setting Secret Access Key - Description This is the ViPR object store key that must be generated from the UI or by using the ViPR CLI or API. You can copy it from the ViPR UI and paste it into this field. 3. At the Add New Account Dialog, click Advanced (in the bottom left-hand corner). 4. Check the Use Amazon S3 Compatible Storage box. 5.
CHAPTER 6 Setting Up Multiple Tenants u u u u Prerequisites for creating multiple tenants............................................................ 74 Configuring multiple tenants with the REST API......................................................74 Configuring multiple tenants with the CLI.............................................................. 79 Creating data store (secret) keys...........................................................................
Setting Up Multiple Tenants Prerequisites for creating multiple tenants ViPR can be configured with multiple tenants. Each tenant has its own environment for creating and managing storage. Storage resources assigned to a tenant cannot be accessed by users from other tenants.
Setting Up Multiple Tenants multi-domain forest ldaps://MyLDAPServer.yourco.
Setting Up Multiple Tenants You can control the users mapped into a tenant by specifying attributes. For example, if you only want users assigned to a specific department in AD to be mapped into the tenant, you can set key/value attributes. For example: domain2.yourco.com department development Alternatively, you can map users into the tenant based on their AD group.
Setting Up Multiple Tenants a. Get a list of virtual arrays. Request GET /vdc/varrays Response urn:storageos:VirtualArray:1b86bbe1-c939-49d3b0ae-027dc95b1ccc: VSA Use one of the virtual array IDs for the next step. This example shows the following ID: urn:storageos:VirtualArray:1b86bbe1-c939-49d3b0ae-027dc95b1ccc: b.
Setting Up Multiple Tenants vsp1 file b. Retrieve the urn of a virtual pool and add the tenant to the ACL for that pool. You must be authenticated as a user with the System Administrator or Security Administrator role to perform this operation.
Setting Up Multiple Tenants If you have assigned a user to the Tenant Administrator role for the tenant, they will automatically have access to the project. You can use the projects/{id}/acl path to assign permissions to a user for the project. For example: Request PUT projects/ urn:storageos:Project: 60a3069e-74cc-4e79-9857-1c121ce1635a:/acl USE bsmith@domain2.yourco.com 9.
Setting Up Multiple Tenants l Create an authentication provider at the Admin > Security > Authentication Providers menu of the ViPR UI. l Create an authentication provider using the CLI, as follows: a. Create a provider.cfg file in local folder. The content of provider.cfg should resemble the example below. [Camb AD] mode:ad url:ldap://192.0.2.
Setting Up Multiple Tenants viprcli varray allow -name Isilon_Virtual_Array -tenant marketing 6. If you want to a assign access to a virtual pool to the newly-created tenant, you can use the following steps. By default, the access control list (ACL) for a virtual pool is wide open and all tenants have access. Once you assign a tenant to the ACL for a virtual pool, only that tenant will have access unless you assign other tenants to the ACL. a.
Setting Up Multiple Tenants Creating data store (secret) keys Each object user requires their user id, from LDAP or Active Directory, and a secret key, also called an object data store key. To generate a secret key for a user, use one of these three methods: u Choose User Menu > Manage Data Store Keys from the ViPR UI. u Call the following CLI operation: viprcli secretkeyuser add -uid u Call this ViPR REST API. POST object/secret-keys Request body
