300 005 093 - A09

EMC Rainfinity File Management Appliance
Version 7.3
Getting Started Guide

P/N 300-005-093 REV A09
EMC Corporation Corporate Headquarters: Hopkinton, MA 01748-9103

1-508-435-1000 www.EMC.com
Copyright 2007 - 2009 EMC Corporation. All rights reserved. Published December, 2009 EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice. THE INFORMATION IN THIS PUBLICATION IS PROVIDED AS IS. EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Use, copying, and distribution of any EMC software described in this publication requires an applicable software license. For the most up-to-date regulatory document for your product line, go to the Technical Documentation and Advisories section on EMC Powerlink. For the most up-to-date listing of EMC product names, see EMC Corporation Trademarks on EMC.com. All other trademarks used herein are the property of their respective owners.
EMC Rainfinity File Management Appliance Version 7.3 Getting Started Guide
Contents
Preface Chapter 1 Introduction

Overview of File Management ............................................................................ File Management Appliances ............................................................................... File Management with Celerra implementation.......................................... File Mangement with NetApp implementation .......................................... File Management tasks........................................................................................... Using File Management ......................................................................................... 16 17 18 19 20 22
Chapter 2
Appliance Hardware and Port Configurations

Contents of the appliance ...................................................................................... File Management Appliance details .................................................................... File Management High Availability appliance details ...................................... Appliance diagrams .............................................................................................. Port details for FMA-7, FMHA-7, FMA-6, FMHA-6, FMA-5, and FMHA-5.. Port detail for FMA-4 ............................................................................................. 24 25 28 30 33 34
Chapter 3
Deploying the File Management Appliance

File Management deployment process................................................................ File Management Appliance setup ...................................................................... File Management High Availability..................................................................... Celerra primary storage................................................................................... NetApp primary storage ................................................................................. Configuring File Management and File Management High Availability ...... Configuring networking.................................................................................. Configuring the hostname, domain, and DNS server................................. Graphical user interface......................................................................................... Command line interface......................................................................................... Using FMA with the Celerra Data Mover as a source....................................... Adding a Celerra to the FMA configuration ................................................ Configuring FMA for Celerra to EMC Centera or Atmos archiving ........ Configure name resolution ............................................................................. Prerequisites for using Celerra as an archiving source............................... Pre-archiving tasks on the Celerra Control Station .................................... 36 37 38 38 38 39 40 40 40 41 42 42 44 45 46 47
Contents
Using FMA with the NetApp filer as a source.................................................... 52 Prerequisites for using NetApp as an archiving source ............................. 52 vFiler configuration ......................................................................................... 53 Configuring FMA for NetApp archiving ...................................................... 53 Adding a NetApp filer to the FMA configuration ....................................... 54 Adding a Windows server to the FMA configuration ....................................... 56 Configuring a NAS-based repository .................................................................. 57 Using FMA with EMC Centera ............................................................................. 58 Using FMA with an Atmos server........................................................................ 60 Backing up the configuration ................................................................................ 61 Creating a backup dump ................................................................................. 61 Restoring a backup dump................................................................................ 62 Database maintenance............................................................................................ 66 CD clean install........................................................................................................ 66 Software upgrades .................................................................................................. 67 Before upgrading to FMA version 7.3............................................................ 67 CD full upgrade................................................................................................. 68 UPG upgrade ..................................................................................................... 69
Chapter 4
File Management System Settings

Security hardening .................................................................................................. 72 Single security database ................................................................................... 72 Disable root logins ............................................................................................ 73 Strengthen passwords ...................................................................................... 74 Age passwords .................................................................................................. 74 Configuring the GUI access method .................................................................... 75 STIG hardening........................................................................................................ 75 Enabling STIG hardening ................................................................................ 75 Disabling STIG hardening ............................................................................... 76 LDAP client configuration .................................................................................... 77 Global LDAP settings ....................................................................................... 77 LDAP authentication ........................................................................................ 77 Configuring basic LDAP settings ................................................................... 78 Configuring advanced LDAP settings........................................................... 79 RADIUS and TACACS+ ......................................................................................... 80 Certificate management ........................................................................................ 80 Appliance mail delivery settings .......................................................................... 81 Log settings .............................................................................................................. 82 Configuring log rotation .................................................................................. 82 Configuring SCP of rotated log files .............................................................. 82 Alerts................................................................................................................... 84 Configuring email alerts .................................................................................. 85 Configuring SNMP alerts ................................................................................ 86 Enabling SNMP polling ................................................................................... 87 System command accounting................................................................................ 87 Tracking user command history..................................................................... 88 Tracking user login history.............................................................................. 88 Tracking daemon command history .............................................................. 88 Windows domain user............................................................................................ 89 Creating a Windows domain user.................................................................. 89 Adding an admin user to the local administrator group ............................ 89 Configuring Windows 2008 for NTLM ......................................................... 90
Contents
Appendix A
Network Topology Scenarios

Advanced network topologies.............................................................................. Configuring FMA with bonding .......................................................................... Configuring FMA with two subnets.................................................................... Configuring FMA with more than two subnets................................................. 92 93 94 95
Glossary Index
Contents
Figures
Title 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Page 18 19 21 30 30 30 31 31 31 32 32 33 33 34 36 67
Celerra implementation ....................................................................................................... NetApp FPolicy implementation ........................................................................................ Archived report example ..................................................................................................... Rear view of Dell R710 ......................................................................................................... Front view of Dell R710 with bezel removed .................................................................... Rear view of Dell 2950 .......................................................................................................... Front view of Dell 2950 with bezel removed .................................................................... Rear view of HP ProLiant .................................................................................................... Front view of HP ProLiant ................................................................................................... Front view of Dell R710 for High Availability with bezel removed .............................. Front view of Dell 2950 for High Availability with bezel removed .............................. FMA-7 and FMHA-7 port detail ......................................................................................... FMA-6, FMHA-6, and FMHA-5 port detail ...................................................................... FMA-4 port detail .................................................................................................................. Rainfinity File Management process .................................................................................. Example of Celerra property settings in FMA version 7.2 ..............................................
Figures
Tables
Title 1 2 3 4 5 6 7 8
Page 25 25 26 28 28 84 84 85
FMA based on Dell R710 ...................................................................................................... FMA based on Dell 2950 ...................................................................................................... FMA based on HP ProLiant ................................................................................................. FMHA based on Dell R710 .................................................................................................. FMHA based on Dell 2950 ................................................................................................... Critical security alerts ........................................................................................................... Critical operational alerts ..................................................................................................... Critical environmental alerts ...............................................................................................
Tables
10
Preface
As part of an effort to improve and enhance the performance and capabilities of its product lines, EMC periodically releases revisions of its hardware and software. Therefore, some functions described in this document may not be supported by all versions of the software or hardware currently in use. For the most up-to-date information on product features, refer to your product release notes. If a product does not function properly or does not function as described in this document, please contact your EMC representative. Audience This document is part of the Rainfinity File Management Appliance documentation set, and is intended for use by storage management administrators who are new to the Rainfinity File Management Appliance and by existing customers who are new to version 7.3. Related documents include:
Related documentation
EMC Rainfinity File Management Appliance online help Provides detailed reference information on specific product features and functions. EMC Rainfinity File Managment Appliance Release Notes Provides an overview of new features and lists limitations. EMC Rainfinity man pages Provide detailed command-line help, as well as overview information. A good starting point is: man rffm. PDFs of all man pages are available from:
/opt/rainfinity/filemanagement/doc
Preface
11
Preface
Conventions used in this document
EMC uses the following conventions for special notices.

Note: A note presents information that is important, but not hazard-related.
CAUTION A caution contains information essential to avoid data loss or damage to the system or equipment.
IMPORTANT An important notice contains information essential to operation of the software. Typographical conventions EMC uses the following type style conventions in this document: Normal
Used in running (nonprocedural) text for: Names of interface elements (such as names of windows, dialog boxes, buttons, fields, and menus) Names of resources, attributes, pools, Boolean expressions, buttons, DQL statements, keywords, clauses, environment variables, functions, utilities URLs, pathnames, filenames, directory names, computer names, filenames, links, groups, service keys, file systems, notifications Used in running (nonprocedural) text for: Names of commands, daemons, options, programs, processes, services, applications, utilities, kernels, notifications, system calls, man pages Used in procedures for: Names of interface elements (such as names of windows, dialog boxes, buttons, fields, and menus) What user specifically selects, clicks, presses, or types
Bold
Italic
Used in all text (including procedures) for: Full titles of publications referenced in text Emphasis (for example a new term) Variables Used for: System output, such as an error message or script URLs, complete paths, filenames, prompts, and syntax when shown outside of running text Used for: Specific user input (such as commands) Used in procedures for: Variables on command line User input variables Angle brackets enclose parameter or variable values supplied by the user Square brackets enclose optional values Vertical bar indicates alternate selections - the bar means or Braces indicate content that you must specify (that is, x or y or z) Ellipses indicate nonessential information omitted from the example
Courier
Courier bold Courier italic
<> [] | {} ...
12
Preface
Where to get help
EMC support, product, and licensing information can be obtained as follows. Product information For documentation, release notes, software updates, or for information about EMC products, licensing, and service, go to the EMC Powerlink website (registration required) at:
http://Powerlink.EMC.com
Technical support For technical support, go to EMC Customer Service on Powerlink. To open a service request through Powerlink, you must have a valid support agreement. Please contact your EMC sales representative for details about obtaining a valid support agreement or to answer any questions about your account. Your comments Your suggestions will help us continue to improve the accuracy, organization, and overall quality of the user publications. Please send your opinion of this document to:
techpubcomments@EMC.com
13
Preface
14
1
Introduction
This chapter includes the following sections:

Overview of File Management..................................................................................... 16 File Management Appliances ....................................................................................... 17 File Management tasks .................................................................................................. 20 Using File Management ................................................................................................ 22
Introduction
15
Introduction
Overview of File Management

File Management is data archival software that currently runs exclusively on the EMC Rainfinity File Management Appliance (FMA). The software optimizes primary NAS storage by automatically moving inactive files based on policies to less expensive secondary storage. Files that are moved appear as if they are on primary storage. File archiving dramatically improves storage efficiency and backup/restore time, while supporting additional business requirements such as compliance and retention. As an example, the File Management software may be configured to locate all NAS data that has not been accessed in one year, and archive that data to secondary storage. For each file it archives, the File Management software will leave behind a small space-saving stub file that points to the real data on the secondary storage device. When a user tries to access the data in its original location on the primary NAS, the user will be transparently provided with the actual data that the stub points to, from secondary storage. If multi-tier archiving is used, the software may be configured to move archived files from a secondary storage device tier to a tertiary storage device tier. This can be particularly useful in cases where the secondary storage device represents a tier that is smaller, faster, and more expensive to maintain than a larger, slower, and cheaper storage used in the tertiary tier. Once the files are moved, the space-saving stub file on the primary NAS tier would be updated to point to the datas new location on the tertiary storage tier. The File Management High Availbility (FMHA) appliance is a dedicated machine that runs the NetApp and Celerra callback agents and provides high availability for stub file recalls, in case callback agents on the primary FMA are not available. This ensures complete transparency and non-disruptive service for clients. The FMHA dedicated appliance has installation instructions that differ slightly from the FMA.
16
Introduction
File Management Appliances

Rainfinity File Management version 7.3 includes two types of physical appliances. The capabilities and features available on these appliances differ and one or more of each type may be deployed within a customer environment to create a complete solution. The File Management Appliance (FMA) is the foundation of every file archiving deployment. It provides the full range of features available from the product line, including the ability to archive and recall data, perform policy previews, orphan file management, and stub file recovery. It features a robust reporting interface that provides valuable insight into the efficacy of archiving policies. An FMA is delivered pre-loaded with File Management software, or a clean installation can be made by booting off of the FMA Software CD onto an EMC-supplied FMA hardware platform and running the fm_clean command when prompted . The File Management High Availability (FMHA) appliance complements an existing FMA by adding high-availability and load-balancing capabilities when recalling archived data to primary storage. FMHA cannot be used for any purpose other than recall. For example, it does not perform archiving or orphan file management, nor does it have a GUI interface. An FMHA appliance is delivered pre-loaded with FMHA software, or a clean installation can be made by booting off the FMA software CD onto an EMC-supplied FMHA hardware platform. When FMHA appliances are deployed alongside FMA, the underlying APIs of Celerra and NetApp file servers are leveraged to create a highly available and load-balanced environment for data recall. The Celerra and NetApp implementations differ.
17
Introduction
File Management with Celerra implementation

Figure 1 on page 18 shows the recall architecture of a Celerra implementation.
CIFS R/W
CIFS R/W
NFS R/W
HTTP R/W
FTP R/W
SMB over NetBIOS (TCP 139)
SMB over TCP (TCP 445)
NFS (RPC)
HTTP (TCP 80)
FTP (TCP 21)
DHSM
Celerra
File System /etc/hosts HTTP
2
PowerEdge
2950
DNS
Rainfinity FMA
NFS CIFS
Rainfinity FMHA
PowerEdge
2950
Platform API
NFS Repository
CIFS Repository
Centera or Atmos
CNS-001622
Figure 1
Celerra implementation
Circled numbers correspond to the following steps that illustrate the archive and recall process in the Celerra implementation: 1. Clients send read or write operations for files that have been archived. These operations are intercepted by the DHSM layer on the Celerra prior to being serviced from the file system. 2. If the file has been archived to EMC Centera or Atmos storage, the Celerra blade resolves the fully qualified domain name (FQDN) to the IP address of an FM or FMHA appliance. The blade will then use HTTP to read the archived data from the FMA, which in turn reads it from EMC Centera or Atmos using the platform API. If an appliance does not respond to the HTTP read requests, the Celerra blade will use an alternate IP address of another appliance configured in DNS. Every callback server: FM or FMHA, will have its IP address associated with a single hostname in DNS. The FQDN will use that hostname, which may have multiple IP addresses associated with it.
18
Introduction
3. If the file has been archived to an NFS or CIFS repository, the blade will open a connection to the repository and read back the data. 4. The blade will respond to the client operation as usual if the recall was successful, or the client will receive an access denied message if the recall fails.
Note: When Celerra data has been archived to a Celerra, NetApp, or Windows repository, the FMA is not involved at all in the recall process. In such an environment, the FMA-HA is not necessary.
File Mangement with NetApp implementation

Figure 2 on page 19 shows the recall architecture of NetApp FPolicy implementation.
4
CIFS Recall (Writes) SMB over NetBIOS NFS Recall (Writes) CIFS R/W CIFS R/W NFS R/W HTTP R/W FTP R/W
SMB over NetBIOS (TCP 139)
SMB over TCP (TCP 445)
NFS (RPC)
HTTP (TCP 80)
FTP (TCP 21)
FPolicy
Primary
Secondary
WAFL FPolicy API FPolicy API
Rainfinity FMA
PowerEdge
2950
Rainfinity FMHA
PowerEdge
2950
NFS
CIFS/SMB over NetBIOS
Centera SDK
NFS Repository
CIFS Repository
EMC Centera
CNS-001619
Figure 2
NetApp FPolicy implementation
Circled numbers correspond to the following steps that illustrate the archive and recall process in the NetApp FPolicy implementation: 1. Clients send read or write operations for files that have been archived. These operations are intercepted by the FPolicy layer on the NetApp prior to being serviced from the WAFL file system. 2. The NetApp is configured with a primary group of callback servers, such as an FMA and 0 or more FMHA appliances, and a secondary group, such as 0 or more FMHA appliances. The NetApp will send FPolicy callbacks to servers registered in the primary group in round-robin fashion. If a server does not reply to the
19
Introduction
callback, it is removed from its group. If there are no servers in the primary group, the callbacks are distributed in a round-robin fashion among the servers in the secondary group. 3. The FMA or FMHA appliance will connect to the filer using CIFS to read the contents of the stub file. The stub file points to where the file data is stored. The appliance will then connect to the NFS repository, CIFS repository, or EMC Centera cluster where the data was archived and will read the data using the native protocol and the file data will be written back to the NetApp. 4. The filer will respond to the client operation as usual if the recall was successful or with an access denied message if the recall failed.
Note: It is a requirement that the software versions of all Rainfinity appliances match. For example, you should not deploy a configuration where FMA is running version 7.3b2 and FMA-HA providing high availability is running version 7.3b3. While the software does not perform any explicit checks to ensure the versions are compatible, running different software versions is not tested and may result in unexpected behavior.
File Management tasks

File Management may be used to run several different tasks:

Archiving Deleting Auxiliary tasks such as stub scanning, backup, and NAS migration
For archiving and deleting, the software leverages a policy engine to define which files should be archived or deleted. Users can combine and evaluate multiple rules together in a single policy. Several rule types for archiving and deleting are included. Before running the archive, delete, or NAS migration task, running a simulation allows administrators to review real-time results without executing the task. The results will return an aggregated summary of total files matched, total bytes potentially archived, and optional list of files stored on the disk. It is a good practice to run a simulation to gain insight into the efficiency of a task before running the task. This is particulatly important for delete tasks, since these tasks remove data.
20
Introduction
Once an archive task is run, results are displayed in a report. Figure 3 on page 21 is an example of an archived report.
Figure 3
Archived report example
Archive tasks may be one of three types:
Archive (with policy) Archives all regular (non-stub) files. Files are selected for archiving based on the archive policy. Multi-tier (with policy) For this archiving task, all regular and stub files are evaluated with the multi_tier policy. If a regular file matches the policy, it is archived. If a stub file matches the policy, archived data is moved to a different repository and the stub is updated to point to the new location. Multi-tier stub (with policy) For this archiving task, only stub files are evaluated with the multi_tier_stub policy. If a stub file matches the policy, archived data is moved to a different repository and the stub is updated to point to the new location. Otherwise, the archived data remains in the current repository. Delete orphan with policy Deletes orphans on primary storage that match the delete_orphans policy. Delete stub with policy The delete stub task deletes stubs that match the delete_stubs policy. Stubs on primary storage and files on the second tier that are either not under or no longer under retention are automatically deleted.
Delete tasks may be one of two types:
Auxiliary tasks are:
Scan stubs When a file is archived, a stub file remains on the source and an entry is added to the FMA database, mapping the name and location of the archived file to its stub. The stub scanning task scans for stubs in the FMA database that are no longer present on the source. When a stub has not been detected for 30 or more days, the archived file is designated as an orphan. Backup The backup task performs periodic backups of data. It is a good practice to schedule backup tasks as part of a regular maintenance program.
File Management tasks
21
Introduction
NAS Migration NAS migration moves all archived data from one NAS repository to a new repository, which may be a NAS repository, an EMC Centera, or an Atmos. All stub files pointing to this data will be updated to point to the new location.
The File Management software also has the capability to recover stub files accidentally deleted by client systems. It can even recover prior versions of files archived to any secondary storage destination.
Using File Management

As with all EMC Rainfinity products, once the appliance has been deployed on the network, the adminstrator can manage data through the FMA graphical user interface (GUI) or command line interface (CLI). To start using the GUI, follow the instructions provided in Graphical user interface on page 40. Online help documents all GUI pages. Technical system details that are not GUI related but are required to configure the FMA are provided in the following chapters and appendixes:

Deploying the File Management Appliance on page 35 File Management System Settings on page 71 Network Topology Scenarios on page 91
If the FMA is not installed on the network, administrators should refer to the sections in this book to configure the FMA properly before use.
22
2
This appendix contains the following sections:

Contents of the appliance.............................................................................................. 24 File Management Appliance details ............................................................................ 25 File Management High Availability appliance details ............................................. 28 Appliance diagrams....................................................................................................... 30 Port details for FMA-7, FMHA-7, FMA-6, FMHA-6, FMA-5, and FMHA-5 ......... 33 Port detail for FMA-4..................................................................................................... 34
23
Contents of the appliance

EMC Rainfinity ships with robust, fault-tolerant hardware consistent with the mission-critical application for which it is used. The following items are included in the box:

Rainfinity 2U 19-inch rackmountable appliance. Two universal rails for mounting the appliance in a 19-inch rack. Two sets of power cords. Copper patch cables for the number of ports on your appliance. Rainfinity bezel. Media kit with documentation CD and the Rainfinity Recovery CD. One serial cable.
The following are items you may need that are not included: VGA monitor, keyboard, and mouse for a system console. The File Management Appliance may be one of the following:
Dell R710 Model FMA-7 ships with two enabled on-board Gigabit Ethernet copper 10/100/1000TX ports. Figure 12 on page 33 shows the port details. Dell 2950 Model FMA-6 and FMA-5 ships with two on-board Gigabit Ethernet copper 10/100/1000TX ports. Figure 13 on page 33 shows the port details. HP ProLiant Model FMA-4 ships with two on-board Gigabit Ethernet copper 10/100/1000TX ports and four copper ports. Figure 14 on page 34 shows the layout of these NICs. Dell R710 Model FMHA-7 ships with two enabled on-board Gigabit Ethernet copper 10/100/1000TX ports. Figure 12 on page 33 shows the port details. Dell 2950 Model FMHA-6 and FMHA-5 ships with two on-board Gigabit Ethernet copper 10/100/1000TX ports. Figure 13 on page 33 shows the port details.
The File Management High Availability appliance may be one of the following:
24
File Management Appliance details

Table 1 on page 25 lists the configurations for the FMA based on the Dell R710 hardware.
Table 1
FMA based on Dell R710 Component Chassis Size Power CPUs Disks RAID Controller CD-ROM Memory Network Interfaces VGA Keyboard Connector Mouse Connector Serial port FMA-7 The Rainfinity appliance is based on Dell R710 11G hardware. 2U form factor Dual 570 watts Dual, 2.0 GHz, E5540 4C/4T 80W 4MB Cache Nehalem-EP Four 1 TB, SATA, 3.5-inch, 7.2 K RPM hard drives in a RAID-1 configuration with two hot spares. Items (b) through (e) in Figure 5 on page 30. SAS6/IR Read-only DVD that can read CD or DVD material for system upgrades. Item (a) in Figure 5 on page 30. 1066-MHz, (2 x 2 GB), Dual ranked RDIMMs Two on-board Gigabit 10/100/1000TX Ethernet copper ports with RJ45 connectors. Item (e) in Figure 4 on page 30. Standard VGA video connector for a system console. Item (a) in Figure 4 on page 30. Standard USB keyboard connector for a system console. Item (d) in Figure 4 on page 30. Standard USB mouse connector for a system console. Item (c) in Figure 4 on page 30. Standard DB9 serial port for a serial-terminal system. Item (b) in Figure 4 on page 30.
Table 2 on page 25 lists the configurations for the FMA based on the Dell 2950 hardware.
Table 2
FMA based on Dell 2950 (page 1 of 2) Component Chassis Size FMA-6 The Rainfinity appliance is based on Dell 2950 hardware. 2U rack-mount form factor with universal rails. Dimensions: 8.6 cm (h), 44.5 cm (w), 66.1 cm (d). Weight: 34 kg. Dual redundant 750 watt hot-plug, power supplies. Total consumption: 5A at 120 V or 2.5 A at 240 V. Dual Intel Xeon 3.00 GHz Quad Core processors with 1333 MHz front-side bus. FMA-5 The Rainfinity appliance is based on Dell 2950 hardware. 2U rack-mount form factor with universal rails. Dimensions: 8.6 cm (h), 44.5 cm (w), 66.1 cm (d). Weight: 34 kg. Dual redundant 750 watt hot-plug, power supplies. Total consumption: 5A at 120 V or 2.5 A at 240 V. Dual Intel Xeon 3.00 GHz Dual Core processors with 1333 MHz front-side bus.
Power
CPUs
25
Table 2
FMA based on Dell 2950 (page 2 of 2) Component Disks FMA-6 Four 250 GB, SATA, 3.5-inch, 7.2K RPM hard drives in a RAID-5 configuration. Items (b) through (e) in Figure 7 on page 31. PERC 6/I integrated controller card with 256 MB of battery backed write cache. The storage controller buffers all writes to disk so that in the event of a critical full-system failure, important state information is saved even during abrupt disk or power failure. Dell DRAC Card. 24x IDE CD-ROM/DVD-ROM drive for system upgrades. Item (a) in Figure 7 on page 31. 667 MHz, (4 x 1 GB), Single Ranked DIMMs Two on-board Gigabit 10/100/1000TX Ethernet copper ports with RJ45 connectors. Item (e) in Figure 6 on page 30. Standard VGA video connector for a system console. Item (a) in Figure 6 on page 30. Standard USB keyboard connector for a system console. Item (d) in Figure 6 on page 30. Standard USB mouse connector for a system console. Item (c) in Figure 6 on page 30. Standard DB9 serial port for a serial-terminal system. Item (b) in Figure 6 on page 30. FMA-5 Six 160 GB, SATA, 3.5-inch, 7.2K RPM hard drives in a RAID-1 configuration. Items (b) through (g) in Figure 7 on page 31. PERC 5/I integrated controller card with 256 MB of battery backed write cache. The storage controller buffers all writes to disk so that in the event of a critical full-system failure, important state information is saved even during abrupt disk or power failure. Dell DRAC Card. 24x IDE CD-ROM drive for system upgrades. Item (a) in Figure 7 on page 31. 667 MHz, (8 x 512 MB), Single Ranked DIMMs Two on-board Gigabit 10/100/1000TX Ethernet copper ports with RJ45 connectors. Item (e) in Figure 6 on page 30. Standard VGA video connector for a system console. Item (a) in Figure 6 on page 30. Standard USB keyboard connector for a system console. Item (d) in Figure 6 on page 30. Standard USB mouse connector for a system console. Item (c) in Figure 6 on page 30. Standard DB9 serial port for a serial-terminal system. Item (b) in Figure 6 on page 30.
RAID Controller
Remote Management CD-ROM
Memory Network Interfaces
VGA
Keyboard Connector
Mouse Connector
Serial port
Table 3 on page 26 lists the configuration for the FMA based on the HP ProLiant hardware.
Table 3
FMA based on HP ProLiant (page 1 of 2) Component Chassis Size Power CPUs Disks FMA-4 The Rainfinity appliance is based on the HP ProLiant DL380 G4 hardware. 2U rack-mount form factor with universal rails. Dimensions: 8.6 cm (h), 44.5 cm (w), 66.1 cm (d). Weight: 27.22 kg. Dual redundant 575 watt, hot-plug, power supplies. Total consumption: 5A at 120V or 2.5A at 240 V. Item (a) in Figure 8 on page 31. Dual Intel Xeon processors 3.6 GHz with 800 MHz front-side bus. Six 146.8 GB, SCSI, 3.5 inch 10K RPM drives in a RAID 5 configuration. Items (b) and (c) in Figure 9 on page 31.
26
Table 3
FMA based on HP ProLiant (page 2 of 2) Component RAID Controller FMA-4 SmartArray 6i storage controller. The storage controller buffers all writes to disk so that in the event of a critical full-system failure, important state information is saved even during abrupt disk or power failure. Not applicable. CD-ROM drive for system upgrades. Item (a) in Figure 9 on page 31. 400 MHz, (4 x 1 GB), Single Ranked DIMMs Two on-board Gigabit 10/100/1000TX Ethernet copper ports with RJ45 connectors. Item (e) in Figure 8 on page 31. In addition, connectivity to the network is made through four copper ports. Item (f) in Figure 8 on page 31. Standard VGA video connector for a system console. Item (g) in Figure 8 on page 31. Standard PS/2 keyboard for a system console. Item (d) in Figure 8 on page 31. Standard PS/2 keyboard connector for a system console. Item (c) in Figure 8 on page 31. Standard DB9 serial port for a serial-terminal system. Item (b) in Figure 8 on page 31.
Remote Management CD-ROM Memory Network Interfaces
VGA Keyboard Connector Mouse Connector Serial port
27
File Management High Availability appliance details

Table 4 on page 28 lists the hardware configurations for the File Management High Availability appliance based on the Dell R710 hardware.
Table 4
FMHA based on Dell R710 Component Chassis Size Power CPUs Disks RAID Controller CD-ROM Memory Network Interfaces VGA Keyboard Connector Mouse Connector Serial port FMHA-7 The Rainfinity appliance is based on Dell R710 11G hardware. 2U form factor Dual 570 watts Single, 2.0 GHz, E5540 4C/4T 80 W 4 MB Cache Nehalem-EP Two 1 TB, SATA, 3.5-inch, 7.2K RPM hard drives in a RAID-1 (SW) configuration. Items (b) and (c) in Figure 10 on page 32. None. Read-only DVD that can read CD or DVD material for system upgrades. Item (a) in Figure 10 on page 32. 1066 MHz, (2 x 2 GB), Dual ranked RDIMMs Two on-board Gigabit 10/100/1000TX Ethernet copper ports with RJ45 connectors. Item (e) in Figure 4 on page 30. Standard VGA video connector for a system console. Item (a) in Figure 4 on page 30. Standard USB keyboard connector for a system console. Item (d) in Figure 4 on page 30. Standard USB mouse connector for a system console. Item (c) in Figure 4 on page 30. Standard DB9 serial port for a serial-terminal system. Item (b) in Figure 4 on page 30.
Table 5 on page 28 lists the hardware configurations for the File Management High Availability appliance based on the Dell 2950 hardware.
Table 5
FMHA based on Dell 2950 (page 1 of 2) Component Chassis FMHA-6 The Rainfinity appliance is based on Dell 2950 hardware. It is a 2U rackmount form factor with universal rails. FMHA-5 The Rainfinity appliance is based on Dell 2950 hardware. It is a 2U rackmount form factor with universal rails.
Size
2U rack-mount form factor with 2U rack-mount form factor with universal rails. Dimensions: 8.6 cm (h), universal rails. Dimensions: 8.6 cm (h), 44.5 cm (w), 66.1 cm (d). Weight: 34 kg. 44.5 cm (w), 66.1 cm (d). Weight: 34 kg. Dual redundant 750 watt hot-plug, power supplies. Single Intel Xeon 2.33 GHz Quad Core processor with 1333 MHz front-side bus. Dual redundant 750 watt hot-plug, power supplies. Single Intel Xeon 1.86 GHz Dual Core processor with 1066 MHz front-side bus.
Power CPU
28
Table 5
FMHA based on Dell 2950 (page 2 of 2) Component Disks FMHA-6 Two 250 GB, SATA, 3.5-inch, 7.2K RPM hard drives in a RAID 1 configuration. Items (b) and (c) in Figure 11 on page 32. PERC 6/I integrated controller card with 256 MB of battery backed write cache. The storage controller buffers all writes to disk so that in the event of a critical full-system failure, important state information is saved even during abrupt disk or power failure. 24x IDE CD-ROM/DVD-ROM drive for system upgrades. Item (a) in Figure 11 on page 32. 4 GB, 533 MHz (4x1 GB), Dual Ranked DIMMs. Two on-board Gigabit 10/100/1000TX Ethernet copper ports with RJ45 connectors. Item (e) in Figure 6 on page 30. Standard VGA video connector for a system console. Item (a) in Figure 6 on page 30. Standard USB keyboard connector for a system console. Item (d) in Figure 6 on page 30. Standard USB mouse connector for a system console. Item (c) in Figure 6 on page 30. Standard DB9 serial port for a serial-terminal system. Item (b) in Figure 6 on page 30. FMHA-5 Two 160 GB, SATA, 3.5-inch, 7.2K RPM hard drives in a RAID 1 configuration. Items (b) and (c) in Figure 11 on page 32. PERC 5/I integrated controller card with 256 MB of battery backed write cache. The storage controller buffers all writes to disk so that in the event of a critical full-system failure, important state information is saved even during abrupt disk or power failure. 24x IDE CD-ROM drive for system upgrades. Item (a) in Figure 11 on page 32. 4 GB, 533 MHz (4x1 GB), Dual Ranked DIMMs. Two on-board Gigabit 10/100/1000TX Ethernet copper ports with RJ45 connectors. Item (e) in Figure 6 on page 30. Standard VGA video connector for a system console. Item (a) in Figure 6 on page 30. Standard USB keyboard connector for a system console. Item (d) in Figure 6 on page 30. Standard USB mouse connector for a system console. Item (c) in Figure 6 on page 30. Standard DB9 serial port for a serial-terminal system. Item (b) in Figure 6 on page 30.
RAID Controller
CD-ROM
Memory Network Interfaces
VGA
Keyboard Connector
Mouse Connector
Serial port
File Management High Availability appliance details
29
Appliance diagrams
These photographs illustrate configurations of the FMA and FMHA based on the Dell and HP hardware.
Figure 4
Rear view of Dell R710
Figure 5
Front view of Dell R710 with bezel removed
Figure 6
Rear view of Dell 2950
30
Figure 7
Front view of Dell 2950 with bezel removed
Figure 8
Rear view of HP ProLiant
Figure 9
Front view of HP ProLiant
Appliance diagrams
31
Figure 10
Front view of Dell R710 for High Availability with bezel removed
Figure 11
Front view of Dell 2950 for High Availability with bezel removed
32
Port details for FMA-7, FMHA-7, FMA-6, FMHA-6, FMA-5, and FMHA-5
Models FMA-7 and FMHA-7 ship with two on-board ports enabled. Figure 12 on page 33 is a rear view of the appliance with the ports labeled.
eth0
eth1
Disabled Disabled
CNS-001354
Figure 12
FMA-7 and FMHA-7 port detail
Models FMA-6, FMHA-6, and FMHA-5 ship with two on-board ports. Figure 13 on page 33 is a rear view of the appliance with the ports labeled.
eth0
eth1
CNS-001259
Figure 13
FMA-6, FMHA-6, and FMHA-5 port detail
Port details for FMA-7, FMHA-7, FMA-6, FMHA-6, FMA-5, and FMHA-5
33
Port detail for FMA-4

Model FM-4 ships with six copper ports. Figure 14 on page 34 is a rear view of the appliance with the ports labeled. To help identify the ports in the schematic, note that:

eth0, eth1, eth2, and eth3 are on slot 1. eth4 and eth5 are the on-board NICs.
eth0
eth1
eth2
eth3
eth5
eth4
CNS-001260
Figure 14
FMA-4 port detail
34
3
This chapter contains the following sections:

File Management deployment process ....................................................................... 36 File Management Appliance setup.............................................................................. 37 File Management High Availability ............................................................................ 38 Configuring File Management and File Management High Availability .............. 39 Graphical user interface ................................................................................................ 40 Command line interface ................................................................................................ 41 Using FMA with the Celerra Data Mover as a source .............................................. 42 Using FMA with the NetApp filer as a source........................................................... 52 Adding a Windows server to the FMA configuration .............................................. 56 Configuring a NAS-based repository.......................................................................... 57 Using FMA with EMC Centera .................................................................................... 58 Using FMA with an Atmos server............................................................................... 60 Backing up the configuration ....................................................................................... 61 Database maintenance................................................................................................... 66 CD clean install............................................................................................................... 66 Software upgrades ......................................................................................................... 67
35
File Management deployment process

Figure 15 on page 36 illustrates the Rainfinity File Management deployment process.
File Management Setup 1. Configure FMA networking 2. For NetApp archiving and Celerra-Centera or Celerra-Atmos archiving, initialize recall services
Celerra to Centera or Atmos Configuration 1. Configure FileMover API 2. Configure name resolution for recall 3. Configure DHSM
Celerra to NAS Configuration 1. Configure FIleMover API 2. Configure DHSM
NetApp Configuration 1. Configure NetApp options 2. Configure ONTAPI 3. Configure FPolicy (vFilers only)
File Management Configuration 1. Configure primary NAS 2a. Configure NAS repositories 2b. Configure non-NAS repositories
Define Policies 1. Create file matching expressions and archive destinations 2. Specify policy type, retention, delayed stubbing, stub retention (as applicable)
Schedule Task 1. Create an archive, delete, or auxiliary task 2. Select source (as applicable) 3. Select archive conditions or start times (as applicable)
Run Archive Simulation (Optional) 1. Collect real-time results in FMA 2. Review policy efficacy against real-time results
Execute Archiving Policy 1. Determine optimal task scheduling 2. Monitor archiving activity for errors
CNS-001255
Figure 15
Rainfinity File Management process
The top of the flowchart describes deploying the FMA in various environments. File Management Appliance setup on page 37 outlines this process. Steps in the three boxes at the bottom of the flowchart are performed using the File Management GUI. These are documented in the File Management online help.
36
File Management Appliance setup

The FMA arrives with the software installed. Before FMA may be used to perform tasks, the appliance must be properly configured:
Port details used to connect the appliance to the network are provided in Chapter 2, Appliance Hardware and Port Configurations. The File Management software is pre-installed on every new FMA. If the software must be reinstalled without preserving any previous information or data, follow the instructions provided in CD clean install on page 66.
Note: Software upgrades on page 67 provides instructions for upgrading using a CD full upgrade or UPG upgrade.
If a File Management High Availability (FMHA) appliance is being deployed, File Management High Availability on page 38 describes configuration considerations. To install the FMA on the network, follow instructions provided in Configuring File Management and File Management High Availability on page 39. If the system requires security hardening or any other special configuration, Chapter 4, File Management System Settings,provides information for all system settings. Using FMA with the Celerra Data Mover as a source on page 42 Using FMA with the NetApp filer as a source on page 52 Adding a Windows server to the FMA configuration on page 56 Configuring a NAS-based repository on page 57 Using FMA with EMC Centera on page 58 Using FMA with an Atmos server on page 60
Then proceed to configure the FMA for your environment as described in:

File Management Appliance setup
37
File Management High Availability

FMA delivers a simple solution for a redundancy, ensuring that clients do not experience data unavailability due to failure of a Rainfinity appliance. When using File Management High Availability (FMHA) for recall, NetApp and Celerra callback services are configured on the FMHA appliance. These callback services are responsible for reading files from secondary storage such as EMC Centera, Atmos, or Windows servers to the NetApp and Celerra, respectively. This configuration eliminates a single point of failure for the primary callback service and ensures transparent client access to archived data. To fulfill requirement for high availability, recall operations can be handled by a group of FM or FMHA appliances.
Celerra primary storage

For Celerra primary storage archived to an EMC Centera, Data Movers resolve an HTTP Fully Qualified Domain Name (FQDN) to the IP addresses of FMA and FMHA appliances. If a Data Mover identifies multiple IP addresses mapped to the same FQDN, it will pick up the first address it finds and attempt to send the recall request. If the IP address is not responsive, the Data Mover will select subsequent addresses for the FQDN and will attempt to send the recall requests to those addresses. All recall requests generated by a Data Mover when resolving the FQDN are sent to a single Rainfinity appliance even if multiple IP addresses are found. Each Data Mover can be configured to send recall requests to a preferred appliance which provides coarse-grained load balancing of recall requests at the Data Mover level. Using FMA with the Celerra Data Mover as a source on page 42 provides details on configuring Celerra Data Movers. Run ccdsetup on all FMHA appliances that will process recall requests from the Celerra Data Movers. Using this script, link together multiple appliances to process recall requests from a common set of Celerra Data Movers. Configuring FMA for Celerra to EMC Centera or Atmos archiving on page 44 provides details on running ccdsetup. Rainfinity appliances are not involved in recall when FMA is used to archive data from Celerra primary storage to Celerra, NetApp, or Windows secondary storage. The Data Movers will use the CIFS and NFS protocols to recall data directly from secondary storage.
NetApp primary storage

NetApp Filers allow FPolicy clients (such as FMA or FMHA) to register for callbacks in response to user access to files with specific attributes. When using File Management, a callback will be generated when a read or write operation occurs to a file with the CIFS offline bit set. For NetApp primary storage, multiple Rainfinity appliances can register in the primary or secondary FPolicy groups of the filer. In the event that a registered server becomes unresponsive, it is removed from its group. Recall requests will be sent by the filer in a round-robin fashion to the IP addresses registered in the primary group. If there are no responsive IP addresses in the primary group, then the requests are load-balanced across the servers in the secondary group.
38
Run fpsetup on the FMHA appliances that will process recall requests. Using this script, link together multiple appliances that will be able to process recall requests sent from a common set of NetApp Filers. Later, when configuring NetApp Filers, you will have the option to select specific FM and FMHA appliances that will register in the primary and secondary groups. Configuring FMA for NetApp archiving on page 53 provides details on running fpsetup. Rainfinity appliances are always involved in recall when FMA is used to archive data from NetApp primary storage to any secondary storage location. NetApp Filers do not recall data directly from Celerra, EMC Centera, or NetApp storage.
Note: A single FMHA appliance can provide redundancy for multiple FMAs and a single FMA can have multiple FMHA appliances registered to provide redundancy. An FMA should not be used to provide redundancy for another FMA.
Configuring File Management and File Management High Availability

The Rainfinity File Management and File Management High Availability appliances are delivered with their respective versions of software. Each appliance operates as a stand-alone system on the network and must be installed and configured separately. So before proceeding with the setup, ensure that you have the following information for each Rainfinity appliance:

IP address Netmask Hostname Default gateway IP DNS server IP (optional)
To set up a stand-alone configuration: 1. Connect the keyboard, monitor, and mouse to the appliance. The serial cable provided with the FMA and a hyperterm on a PC or laptop may be used. 2. Connect the power cord and power on the appliance. The login prompt appears. 3. Log in to the appliance using the local keyboard and monitor. Type root as the login name. Type rain as the password. The Rainfinity File Management setup tool appears. This tool performs basic setup tasks that are not available through the File Management GUI. 4. Select Change File Management Appliance Password, and change the password. 5. Select Configure Date and Time to set the time zone and date for the Rainfinity appliance. 6. Select Configure File Management Networking. The network configuration menu appears. Use the menu to change interface settings or set global settings such as hostname, domain, and DNS servers.
Configuring File Management and File Management High Availability
39
Configuring networking
To configure networking: 1. Select option 1 from the network configuration menu. The File Management Network Setup, Main Menu appears. On the list of available physical interfaces on the appliance, eth0 will be highlighted. To highlight a different interface, use the up arrow and down arrow keys. 2. With eth0 highlighted, press Enter. The configuration menu for the eth0 interface appears: Use the up arrow and down arrow keys to highlight the IP address field. Press Enter and type a new IP address value into the New Value column. Press Enter. Repeat the process to provide the Network Mask, Gateway, and MTU settings. 3. When the configuration for this interface is complete, press the left arrow to exit the eth0 interface configuration. To save the interface configuration, highlight Yes and press Enter. Note that the changes are saved, but will not be committed until the File Management Network Setup menu is exited. 4. Press the left arrow to exit from the File Management Network Setup menu. When prompted, select Yes to commit your changes.
Configuring the hostname, domain, and DNS server

Configure the hostname, domain, and DNS servers: 1. Select option 2 from the network configuration menu. The following menu appears:
EMC Rainfinity Setup Tool (Configure Hostname, Domain and DNS Server(s)) Hostname = rs Domain = DNS Server = Do you want to change the configuration [N]?
2. Select Y. Use the menu to configure the hostname, domain, and DNS servers. 3. The new hostname, domain, and DNS server information will be summarized after all the changes are entered, and you will be given the ability to accept or make further changes to these settings. To keep the new settings and return to the network configuration menu, press Enter. 4. Verify that the network configuration has been committed and network connectivity can be established properly.
Graphical user interface

To access the graphical user interface from a web browser: 1. In the navigation field of the web browser, type the IP address of the Rainfinity appliance.
40
2. Type the username and password for the default account which are: User Name: admin Password: rain The top view appears:
Schedule Displays a list of scheduled tasks that are currently being processed and the status of each task. Archived Files Displays an archived file report. Also provides a search option to find archived files, recover stub files and delete orphan files. Policies Provides options that apply to creating and managing policies including: A list of policies, file matching expressions, and NAS destinations. Create new policy. Create new file matching expression. Create new NAS destination.
Configuration Provides configuration of users, passwords, logging, primary servers, and secondary destination servers.
Command line interface

As an alternative to the GUI, a command line interface may be used to send commands to the Rainfinity daemon. To log in to the CLI using ssh, the default Username and Password are:

User Name: root Password: rain fmsupportdump Creates a dump of the FM appliance's current state for Rainfinity support. rffm Configures the FMA and issues all commands that the GUI interface supports. To see a list of all commands available, type rffm --help or to view the man page for more detailed help, type man rffm. fmbackup/fmrestore Backs up and restores the configuration as described in Backing up the configuration on page 61. rssystat Displays statistics about the FM appliance.
For FMA, the most commonly used commands are:
Man pages for the command line tools are stored in the Rainfinity software installation directory. To accesss the man pages, type man command_name as in, man rssystat.
Command line interface
41
Using FMA with the Celerra Data Mover as a source

To use the FMA with a Celerra Data Mover, first perform configuration steps on the FMA, and then on the Celerra Control Station (CS).
Adding a Celerra to the FMA configuration

To configure the FMA to add the Celerra Data Mover: 1. Using the FMA GUI, click the File Servers link on the Configuration tab. The File Server List appears. Click New. 2. On the File Server Properties page that appears, select Celerra from the Type list box.
3. Click Recall Settings. The Recall Settings page appears.
Type the username and password for FileMover API authentication and callback HTTP authentication. The system will use this username and password to create an HTTP connection using XML API.
42
Note: This same username and password are used when creating the FileMover API user in step 2 of Pre-archiving tasks on the Celerra Control Station on page 47.
4. Specify the following for the Celerra FileMover: Basic File Server Information Type the Celerra name and select the DART version from the list. If the Data Mover will be involved in CIFS archiving, the NetBIOS name of the CIFS server must be used. Do not use the Fully Qualified Domain Name (FQDN) or IP address.
Note: To identify the Celerra as a Virtual Data Mover, select the checkbox. Virtual Data Movers only support the CIFS protocol.
IP Addresses Type the Celerra Data Mover IP address: When editing an existing server, click Update to retrieve the IP address from the DNS based on the server name. To specify an additional IP address, click Add. The IP address will be added to the list. To delete an existing IP address, select an IP and click Delete. Control Station For DART 5.6, type the IP address of the Celerra Control Station. This will allow FMA to automatically perform some pre-configuration steps for archiving. If this field is empty, FMA will take no action and the pre-configuration steps must be performed manually. CIFS Specific Settings This is the Windows domain user to be used by the Rainfinity appliance. The domain user must be a member of the local administrators group on the Celerra. Windows domain user on page 89 provides more information.
Note: The CIFS credential is not required if the Celerra performs only NFS archiving.
Celerra as Source This option configures the FMA to archive data from the Celerra Data Mover. If more than one FMA is connected to the same Celerra Data Mover, configure only one FMA with this option. This option is only required if the Celerra is serving as a source for archiving. It is not required if the Celerra will only be used for NFS archiving.
CAUTION If more than one FM appliance is configured to archive data from a single Celerra Data Mover, data loss may occur. Celerra Callback Agent Settings This option is required if archiving to an EMC Centera. For the DNS name, type the FQDN of the Celerra Callback DNS entry. Note that the FQDN is case-sensitive. Atmos Callback Agent Settings This option is required if archiving to an Atmos server. For the DNS name, type the FQDN of the Atmos Callback DNS entry. Note that the FQDN is case-sensitive.
Note: The DNS names for the Celerra callback agent and Atmos callback agent must be distinct. They cannot be the same.
43
Directory Exclusion List These are the directories to exclude for all tasks. Rainfinity ignores all system directories such as, etc, lost+found, ckpt by default. 5. Click Commit to define the Celerra FileMover.
Configuring FMA for Celerra to EMC Centera or Atmos archiving

To archive from a Celerra to an EMC Centera or Atmos, configure the Celerra Callback Service so that Rainfinity is in the recall path. Configure the Celerra Callback Service to recall from EMC Centera To configure recall from the EMC Centera: 1. From the console on the FMA which is the primary callback agent, log in as root. 2. Type ! to escape to the command line and type:
/opt/rainfinity/filemanagement/bin/ccdsetup.sh init_rffm
3. When the message appears:

By default the Celerra Callback Daemon will connect to the File Management service on the local machine. Do you wish to configure another File Management Machine? (y/n)
Type N. 4. If there is a secondary callback agent such as an FMHA appliance, log in on that agent as root, and repeat step 2 and step 3. In step 3, type Y to provide the IP address and the root password of the primary callback agent.
Note: If an invalid IP address is provided, the CelerraCallbackDaemon.stdout file located in /var/log/rainfinity/filemanagement will fill with errors indicating that there was no response from the primary agent. To correct the problem, repeat instructions starting from step 2.
Configure the Celerra Callback Service to recall from Atmos To configure recall from the Atmos: 1. From the console on the FMA which is the primary callback agent, log in as root. 2. Type ! to escape to the command line and type:
/opt/rainfinity/filemanagement/bin/acdsetup.sh init_rffm
3. When the message appears:

By default the Celerra Callback Daemon will connect to the File Management service on the local machine. Do you wish to configure another File Management Machine? (y/n)
Type N. 4. If there is a secondary callback agent such as an FMHA appliance, log in on that agent as root, and repeat step 2 and step 3. In step 3, type Y to provide the IP address and root password of the primary callback agent.
Note: If an invalid IP address is provided, the AtmosCallbackDaemon.stdout file located in /var/log/rainfinity/filemanagement will fill with errors indicating that there was no response from the primary agent. To correct the problem, repeat instructions starting from step 2.
44
Configure name resolution

When the Celerra Data Mover needs to establish a connection to FMA to recall data from an EMC Centera or Atmos, it will try to resolve the FQDN from the HTTP DHSM connection in its local hosts file. If it cannot be resolved locally, the Data Mover will use DNS:
To use local hostname resolution: a. Log in to the Celerra Control station as root and mount the Data Mover to edit the local hosts file with vi:
mount server_2:/ /mnt/source cd /mnt/source/.etc vi hosts
where server_2 is the name of your Celerra Data Mover. b. The edited file will appear similar to the following, where rainccd.domain is the FQDN that will be used to create the HTTP DHSM connection described inCelerra Callback Agent Settings on page 43 or Atmos Callback Agent Settings on page 43:
10.0.0.1 10.0.0.2 10.0.0.1 10.0.0.2 rainccd.domain rainccd.domain rainacd.domain rainacd.domain # # # # CCD CCD ACD ACD on on on on FMHA FMA FMHA FMA
c. Save the file and confirm that the Celerra Control Station is unmounted from the Data Mover:
cd ~ unmount /mnt/source Note: A bug in versions of DART 5.5 prior to 5.5.33.204 will prevent the Data Movers from properly resolving hostnames using the local hosts file. Upgrade to the latest version of DART 5.5 if local hostname resolution will be used to identify the CCD.
45
If local hostname resolution on the Data Mover is not going to be used, create a DNS entry for the Callback Daemon that points to the FMA. Create multiple entries by the same name for each callback appliance. For each entry that is created, select the checkbox for Create associated pointer (PTR) record to ensure that it will be included in the Reverse Lookup Zones list.
Note: The Celerra FileMover supports DNS HA failover. If the DNS server resolves the callback daemon hostname to multiple IP addresses, the Celerra FileMover transparently switches to the server at the next available IP address.
Prerequisites for using Celerra as an archiving source

To archive data from a Celerra Data Mover, the FMA will require access to the FileMover API (TCP port 5080). To archive NFS data, the FMA will require:

Mount v3 RPC service NFS v3 RPC service NLM v4 RPC service Root and read/write export permissions for all NFS data that will be archived
To archive CIFS data, the FMA will require:
SMB over NetBIOS (TCP port 139)
Direct command line access to the Celerra Control Station is not used by the FMA.
46
When configuring a Celerra Data Mover on the FMA, plan to provide:
Credentials for a FileMover API user. This single set of credentials is used for both archive and recall. (For CIFS archiving only) Credentials for local administrator access through CIFS. (For CIFS archiving only) The NetBIOS name of the filer.
Note: The file system access policy must be native.
Pre-archiving tasks on the Celerra Control Station

If a Celerra has not been configured as a source for archiving, perform the following steps: 1. Enable filename translation on the Celerra Control Station. The File Management Appliance (FMA) expects all filenames to come from the Celerra Network Server in UTF-8 format. To preserve filenames correctly, perform the following: a. Log in to the Celerra Control Station as nasadmin. b. Use a text editor to open the file: /nas/site/locale/xlt.cfg. c. Locate the last line of the file. Typically the last line appears as:
::::8859-1.txt: Any thing that didnt match above will be assumed to be latin-1
Add the following line immediately above the last line:

::FMA_IP_ADDR::: FMA requires no translation (UTF-8)
where FMA_IP_ADDR is the IP address of your FMA. d. To update the configuration, type:
/nas/sbin/uc_config -update xlt.cfg
e. To verify the new configuration, type:

/nas/sbin/uc_config -verify FMA_IP_ADDR -mover ALL
where FMA_IP_ADDR is the IP address of your FMA. Output will appear in the format:
server_name : FMA_IP_ADDR is UTF-8
2. Create the FileMover API user. Log in to the Celerra Control Station CLI as root and type the command:
/nas/sbin/server_user <data_mover> -add -md5 -passwd <user>
For example: /nas/sbin/server_user server_2 -add -md5 -passwd rffm 3. Allow the IP addresses of FMA to open connections to the FileMover interface. While logged in to the Celerra Control Station as an administrator (such as nasadmin), run the following command for all IP addresses of all Rainfinity appliances that will perform archiving or service recall requests for the Data Mover:
server_http <data_mover> -append dhsm -users <user> -hosts <ip_address>
For example: server_http server_2 -append dhsm -users rffm -hosts 192.168.0.100,192.168.0.101, <FMA_IP_address>
47
Note: A single Celerra Data Mover can be configured in multiple FMAs as an archiving source, but more than one FMA should never be used to archive data from a single file system. Particular care should be taken in this scenario. Read the Stub Scanner and Orphan File Management sections of the File Management best practices guide for additional information.
4. Enable DHSM (FileMover) for the Data Mover. This is disabled by default with Celerra DART 5.6 and later. This command must be run once to enable DHSM and persists across Data Mover reboots.
server_http <data_mover> service dhsm start
5. Enable DHSM for specific file systems that will be used as archiving sources. This command must be run once per file system to enable DHSM and persists across Data Mover reboots.
fs_dhsm -modify <primary_fs> -state enabled
For example: fs_dhsm -modify fileSystem1 -state enabled 6. Ensure that the DHSM offline attribute is enabled for file systems that will be used for archiving. To verify that the offline attribute is on, run the command:
fs_dhsm -i <fs_name> | grep offline attr
If the offline attribute is on, the following line will appear:

offline attr = on
If the offline attribute is off, turn it on with the command:

fs_dhsm -m <fs_name> -offline_attr on
Create one or more connections from the Data Mover to the secondary storage locations for each file system that will be archived. Each CIFS or NFS repository used to store archived data needs to be configured as a DHSM connection for the Celerra file system. If data will be archived to an EMC Centera or an Atmos cluster, a DHSM connection using the HTTP protocol needs to be configured for the file system. Configuring automatically created DHSM connections FMA can automatically create DHSM connections for Celerra systems running DART 5.6. To configure this feature, perform the following steps on the Celerra and the FMA: 1. Check to see if the XML API server is running. As root user on the Celerra, type:
ps -ef | grep start_xml_api_server | grep -v grep
The following example shows a server that is already running:

[root@celerra01 sbin]# ps -ef | grep start_xml_api_server | grep -v grep root 14821 3226 0 15:41 ? 00:00:00 /bin/sh /nas/sbin/start_xml_api_server
If it is running, restart the server by typing:

/nas/sbin/hup_api
If it is not running, start the server by typing:

/nas/sbin/start_xml_api_server
48
If it fails to start or restart: Delete the file /nas/api/exit_now. Delete the file /nas/api/api_retry. Repeat the process to check if the server is running and to start it. If the XML API server still fails to start, contact Celerra support. 2. Start the DHSM HTTP server on the Celerra:
server_http <data_mover_name> -service dhsm -start
3. Create a new system user for the XML API and FileMover API operations. Use the API GUI on the Celerra Control Station: a. Log in as root and select: Security > Administrators > Users > New. The New User screen appears.
b. Define a new system user: In the root group. With client access option XML API v2 allowed. This is the user for FileMover API settings on the FMA. Use the same user name and password defined for the FileMover API user in in step 2 of Pre-archiving tasks on the Celerra Control Station on page 47. If the user cannot be added to the root group, alternatively the filemover group can be used. 4. Define Celerra Data Mover properties on the FMA. Adding a Celerra to the FMA configuration on page 42 describes the following properties in greater detail: For Control Station, provide the Control Station IPs for DART 5.6. For FileMover Settings, type the username and password created for the new system user.
49
If DHSM connections do not exist, FMA will automatically create the connections before running each archiving task. Configuring manually created DHSM connections DHSM connections must be created manually if any of the following conditions apply:

DART 5.6 is not being used DART 5.6 is being used, with an NFS exported file system on a VDM FMA is not being used to automatically create DHSM connections
Commands to create the connection for different archiving scenarios are provided as follows:
When archiving CIFS data to NAS, you will archive to a CIFS repository configured in FMA. Create a connection to each CIFS repository that will hold archived data. This setting applies to any repository that is part of a multi-tier destination. Log in to the CLI of the Celerra Control Station and type the command:
fs_dhsm -connection <primary_fs> -create -type cifs admin <fqdn>\<domain_administrator> secondary \\<fqdn_of_secondary_server>\<repository_path> -local_server <local_cifs_server>
For example: fs_dhsm -connection fileSystem1 -create -type cifs -admin 'mydomain.prv\administrator' -secondary '\\oldServer.mydomain.prv\FMA\' -local_server ns80dm1
Note: Use the apostrophe instead of quotation marks to encapsulate the CIFS administrative username and UNC path of the secondary storage location.
When archiving NFS data to NAS, you will archive to an NFS repository configured in FMA. Create a connection to each NFS repository that will hold archived data by logging in to the CLI of the Celerra Control Station and type the command:
fs_dhsm -connection <primary_fs> -create -type nfsv3 secondary <fqdn_of_secondary_server>:/<repository_path> -proto TCP useRootCred True
For example: fs_dhsm -connection fileSystem1 -create -type nfsv3 secondary oldServer.mydomain.prv:/FMA -proto TCP useRootCred True
When archiving any type of data to an EMC Centera CAS or Atmos server, recall requests will flow from the Data Mover to FMA and FMHA appliances. To create the connection for an EMC Centera, log in to the CLI of the Celerra Control Station and type the command:
fs_dhsm -connection <primary_fs> -create -type http secondary 'http://<fqdn for CCD>/fmroot' -httpPort 8000 -cgi n -user <user>
For example: fs_dhsm -connection fileSystem1 -create -type http secondary 'http://CCD01.mydomain.prv/fmroot' -httpPort 8000 -cgi n -user rffm When prompted, type a password for the rffm user. To create the connection for an Atmos server, log in to the CLI of the Celerra Control Station and type the command:
fs_dhsm -connection <primary_fs> -create -type http secondary 'http://<fqdn for ACD>/fmroot' -httpPort 9000 -cgi n -user <user>
50
For example: fs_dhsm -connection fileSystem1 -create -type http secondary 'http://ACD01.mydomain.prv/fmroot' -httpPort 9000 -cgi n -user rffm When prompted, type a password for the rffm user. These same settings are used in Adding a Celerra to the FMA configuration on
page 42. The FQDN for the callback daemon is used for Celerra Callback Agent Settings on page 43 or Atmos Callback Agent Settings on page 43. The FQDN must be distinct even if the the Celerra and Atmos callback daemons are running on the same FMA.
The same user and password credentials are used for Recall Settings in step 3. Regardless of the type of connection (CIFS, NFS, or HTTP), the target of a connection should be specified as a hostname or FQDN in the command:
fs_dhsm -connection <primary_fs> -create
When a Celerra Data Mover needs to establish a connection to secondary storage, it will first attempt to resolve the hostname in the local hosts file. If the name cannot be resolved locally, a DNS query is issued by the Data Mover. When archiving to NAS from Celerra, if the local hostname resolution of the Celerra is not going to be used, a DNS A record is required to resolve the FQDN of the secondary storage server to IP addresses. A PTR record (reverse DNS) is also required to map the IP addresses of the secondary storage server to the FQDN.
Note: The Celerra File Level Retention (FLR) enabled file systems cannot be used as an archiving source.
51
Using FMA with the NetApp filer as a source

To use FMA with a NetApp filer, first perform configuration steps on the filer, and then configure the FM appliance.
Prerequisites for using NetApp as an archiving source

To archive any data from a NetApp Filer, FMA will require access to:

SMB over NetBIOS (TCP port 139) ONTAPI (TCP port 80)
In addition, to archive NFS data, FMA will require:

Portmap v2 RPC service (TCP port 111) Mount v3 RPC service NFS v3 RPC service NLM v4 RPC service Root and read/write export permissions for all NFS data that will be archived inode to pathname mapping is enabled for NFS clients accessing stub files
When configuring a NetApp Filer in FMA, plan to provide:

All IP addresses used by the filer Credentials for local administrator access through both CIFS and ONTAPI The NetBIOS name of the filer
Note: If a NetApp filer leverages its vScan interface for virus scanning, the IP
addresses of the vScan servers must be added to FMA as Excluded Clients on the NetApp FPolicy Special Clients configuration page in the GUI. This allows the virus scanner to scan the stub file upon a recall event. Failure to configure excluded clients properly will lead to recall failures when vScan is used in conjunction with Fpolicy. Direct command line access through telnet or ssh is not used by FMA. However, ONTAPI access is used to send a variety of API calls and hence the requirement for a local administrators credentials. If a user other than root is specified, then the following option must be set:
options httpd.admin.hostsequiv.enable on
Ensure that the FMA hostname is resolvable to its IP addresses in the local /etc/hosts file of the NetApp Filer, and that the hostname maps to a user with privileges to access the ONTAPI interface in the /etc/hosts.equiv file on the Filer. Additional configuration prerequisites vary, depending upon the existing network environment:
For NetApp filers running ONTAP 7.2, disable duplicate session detection by setting:
options cifs.client.dup-detection off
To properly support stub files, NetApp FPolicy requires particular CIFS offline bit attribute on the stub files: The CIFS protocol must be enabled on the NetApp Filer to archive either CIFS or NFS datasets. This requires an active CIFS license installed on all file servers that will be archiving sources.
52
NFS only exports must be shared as well.
To properly recall stub files, FPolicy must be enabled (options fpolicy.enable on) and rfpolicy must be the only screen policy registered for reads and writes. If a policy that monitors stub files on the NetApp filer was previously installed, manually delete it. To configure NFS archiving, perform the following steps on the NFS-only source directories: 1. Create a share at the qtree or volume level for qtree sources. 2. Create a share at the volume level for non-qtree sourcesthose not part of any qtree. 3. Add access to the File Management user only.
Note: Rainfinity does not support name clashes on qtrees. For example, QTREE1 against qtree1.
vFiler configuration
Additional configuration prerequisites apply to vFiler support for NetApp filers running ONTAP 7.1:
Manually create rfpolicy configuration on the vFiler with the commands:

fpolicy create rfpolicy screen fpolicy enable rfpolicy fpolicy options rfpolicy required on
Manually configure secondary fpolicy servers with the command:

fpolicy options rfpolicy secondary_servers ip,ip
To use NetApp vFilers with FMA, ensure that:

Rainfinity has access to both the vFiler and the hosting NetApp filer. vFilers and main filers are in IP spaces that can reach each other.
Configuring FMA for NetApp archiving

To archive from the NetApp filer, configure the FPolicy Callback Service on the FMA. 1. Type the following:
/opt/rainfinity/filemanagement/bin/fpsetup.sh init_rffm
2. At the prompt that appears, select the interface on which the FPolicy Callback Daemon should listen for callbacks from NetApp filers. If there is only one interface, it will be selected automatically: If this is the primary callback agent in the environment, type N. If this machine is being configured as the secondary callback agent, type Y. When prompted, type the IP address and the root password of the primary agent.
53
Adding a NetApp filer to the FMA configuration

To configure the FMA to add the NetApp filer: 1. Using the FMA GUI, click the File Server link on the Configuration tab. The File Server Properties dialog box appears. Select NetApp from the Type list box.
2. Specify the following for the NetApp file server: Name Type the NetApp filer NetBIOS name. IP Addresses Type the NetApp filer IP address. When editing an existing server, click Update to retrieve the IP address from the DNS based on the server name. To specify an additional IP address, click Add. The IP address will be added to the list. To delete an existing IP address, select an IP and click Delete. Vfiler Host IP If using a vFiler, type the IP address of the hosting NetApp filer. CIFS Specific Settings This is the Microsoft Windows domain user to be used by the Rainfinity appliance. To avoid permission issues during archiving and recall, add this user as a member of the Domain Admins group with backup operator privileges. If this user cannot be added to the Domain Admins group, add it to the file server's local Administrators group with backup privileges. Windows domain user on page 89 provides more information on administering domain users.
Note: For NetBIOS Domain, use the NetBIOS domain name and not the FQDN. For example, use rainfinity and not rainfinity.com.
NetApp as Source This option configures the FM appliance to archive data from the NetApp filer. If more than one FM appliance is connected to the same NetApp filer, configure only one FM appliance with this option. These options are not required if using this NetApp as a destination.
54
CAUTION If more than one FM appliance is configured to archive data from a single NetApp filer, data loss may occur. NetApp Local Admin Type the username and password of a user on the NetApp filer. The user must be a member of the NetApp local administrators group. Directory Exclusion List These are the directories to exclude for all tasks. Rainfinity ignores all system directories such as etc, lost+found, .snapshot by default. NetApp Fpolicy Callback Agents The primary agent recalls all files when it is registered with the NetApp. A secondary agent recalls files when the primary is unavailable. If the FPolicy Callback Agent is not explicitly configured as a secondary agent, then it is a primary agent and the NetApp file server will load balance between the registered primary agents. If no primary agents respond, then the NetApp filer will contact any of the registered secondary agents. When one of the primary agents is responsive again, the NetApp filer will automatically fail back to the primary agent. For the primary agent, select the agent that is on the same subnet as the NetApp machine. For the secondary agent, select another agent on the same subnet. If no such agent exists, select an agent on the next physically closest subnet. Up to two secondaries are supported. Secondary agents may include FMHA appliances. 3. Click Commit to define the NetApp filer.
55
Adding a Windows server to the FMA configuration

Windows 2003 and 2008 servers are supported as CIFS NAS destinations. To configure the FMA to archive to a Windows server: 1. Using the FMA GUI, click the File Servers link on the Configuration tab. The File Server List appears. Click New. 2. The File Server Properties page appears. Select Windows from the Type list box. The Windows Properties page appears:
3. Specify the following for the Windows server: Name Type the logical name to identify the Windows server. IP Addresses Specify the IP address of the Windows server. When editing an existing server, click Update to retrieve the IP address from the DNS based on the server name. To specify an additional IP address, click Add. The IP address will be added to the list. To delete an existing IP address, choose an address and click Delete. CIFS Specific Settings This is the Windows domain user to be used by the Rainfinity appliance. The domain user must be a member of the local administrators group on the Celerra. Windows domain user on page 89 provides more information. 4. Click Commit to define the Windows server.
56
Configuring a NAS-based repository

With a Celerra Data Mover, NetApp filer, or Windows server configured, use FMA to configure a repository on a NAS server.
Note: FMA must have read and write access to any share or export that may be used as an archive source or destination. In addition, FMA must have read and write permission for any file that it may archive.
To set up a NAS repository: 1. Using the FMA GUI, click NAS Repository and NAS group on the Configuration tab. The NAS Repository List and NAS Group List page appears. For Create NAS Repository, click New. The Create New NAS Repository dialog box appears.
2. Specify the following for the NAS repository: File Server Select a file server from the list.
Note: The file server must have a proper DNS entry defined that links the file server name with the IP address.
Protocol Select NFS or CIFS. The source and repository protocol types must
match. If the source protocol is CIFS, the NAS repository protocol must be CIFS, and if the source protocol is NFS, the NAS repository protocol must be NFS.
If the CIFS protocol is selected, use the CIFS user in the file system CIFS DHSM connection string for CIFS Specific Settings when configuring the primary storage on the FMA: Adding a Celerra to the FMA configuration on page 42 provides details on configuring this setting for Celerra NAS. Adding a NetApp filer to the FMA configuration on page 54 provides details on configuring this setting for NetApp. Adding a Windows server to the FMA configuration on page 56 provides details on configuring this setting for Windows. Path Click Browse to select an existing path. Once the path is specified, a name in the form of Repository at <path> appears in the Name field.
Configuring a NAS-based repository
57
Maximum limit of disk usage Type a percentage value for disk usage. Default value is 90%. 3. Click Save Repository. The NAS Repository List reappears with the new NAS repository listed.
Using FMA with EMC Centera

To configure the FMA to archive to an EMC Centera: 1. Using the FMA GUI, click the File Servers link on the Configuration tab. The File Server List appears. Click New. 2. The File Server Properties page appears. Select Centera from the Type list box. The Centera Properties page appears:
58
3. Specify the following for EMC Centera: Name Type the logical name to identify EMC Centera. Access Node IP Specify the IP address of the EMC Centera access node: To specify an additional access node IP, click Add. The IP address will be added to the list and will be added as an entry in the Access Node String field. To delete an existing node, select a node IP and click Delete. Access Node String This is automatically generated when the Access Node IP address is added or deleted. You cannot type data directly into the field. Authentication Select from one of the three choices: Anonymous If selected, no security is used to authenticate with EMC Centera. User profile If selected, type the username and password of the EMC Centera Profile that is to be used for archiving. PEA file This option requires that a Profile and Pool Entry Authorization (PEA) file was created to access EMC Centera, and that a copy of the PEA file resides on the File Management Appliance. If selected, the Pool Entry Authorization (PEA) file is used to authenticate the File Management connection with EMC Centera. Type the path to the file on the local machine or browse for the file. A copy of the file will be stored with the File Management configuration. 4. Click Commit to define EMC Centera.
Using FMA with EMC Centera
59
Using FMA with an Atmos server

The EMC Atmos cloud-optimized storage product is supported as an archiving destination. To configure the FMA to archive to an Atmos: 1. Using the FMA GUI, click the File Servers link on the Configuration tab. The File Server List appears. Click New. 2. The File Server Properties page appears. Select Atmos from the Type list box. The Atmos Properties page appears.
3. Specify the following for Atmos: Name Type the logical name to identify Atmos. DNS Name Specify the name used to resolve the IP addresses in the Atmos cluster. Port The GUI access method. HTTPS is the default and is typically used when Atmos is deployed remotely. HTTP connects through port 80. HTTPS connects through port 10080. Username Type the name corresponding to a user ID with access to storage on the cluster. This username is created on Atmos first. Password Type the password or shared secret that was generated when the username was created on Atmos. 4. Click Commit to define Atmos.
60
Backing up the configuration

The FMA contains configuration information and critical database tables. The FMHA appliance contains no persistent data. If data on an FMHA appliance is lost, the FMHA software must be reinstalled. CD clean install on page 66 provides details on reinstalling FMA and FMHA software. If data on an FMA is lost, the FMA software must be reinstalled and the last backup copy of the configuration and database tables must be restored. For this reason, nightly backups of the FMA configuration and the critical database tables are highly recommended.
Note: Task and simulation log files are not included in a backup. To preserve these files, copy the /opt/rainfinity/filemanagement/log/fws directory to secure storage periodically or before performing a CD clean install.
The backup feature uses the following process:
File Management provides backup scripts to dump appropriate critical data into a gzipped tar file (.tgz). The user copies the tar file to the EMC Centera machine or to other secure storage. To perform a disaster recovery, a restoration script reconstructs the system configuration from the tar file.
Creating a backup dump

Regular backups may be scheduled to run automatically using the GUI: 1. On the Configuration tab, select Backup and Recovery Settings.
61
Under File Management Backup Destination, specify: The number of backups The default value is 5. Select Destination The EMC Centera or NAS repository where the backup files will be stored. Select Disaster Recovery Location The NFS export where the backup catalog file (DBBackup.out) will be stored. 2. On the Schedule tab, select Schedule a new task.
Under Select Task Type, select Auxiliary and Backup. Under Select Start Time, schedule the repeating time for backups to run. To perform a non-recurring backup or to perform a backup immediately, run the script:
/opt/rainfinity/filemanagement/bin/fmbackup
When the backup is complete, the system will return the message:
Done. The backup has been output into /tmp/DUMPFILE.
where DUMPFILE is a unique filename generated by the backup script.
Restoring a backup dump

Backups are typically restored after a system failure. To restore a backup, start with a freshly installed FMA. Steps are performed both using the GUI and from the command line. 1. Configure FMA networking . Configuring networking on page 40 provides details. 2. Configure the hostname, domain, and DNS servers. Configuring the hostname, domain, and DNS server on page 40 provides details. 3. Using the FMA GUI, configure the destination for the restored files. If the backup files were archiving to an EMC Centera, configure an EMC Centera. Using FMA with EMC Centera on page 58 provides details. If the backup files were archiving to a NAS repository, configure a NAS repository. Configuring a NAS-based repository on page 57 provides details. 4. Mount the NFS export where the backup catalog file (DBBackup.out) is stored. This is the Disaster Recovery Location described in step 1 of Creating a backup dump on page 61. 5. Copy DBBackup.out to /opt/rainfinity/filemanagement/conf.
62
6. On the Configuration tab in the FMA GUI, select Backup and Recovery Settings.
Under Recover File Management, select the .tgz file to restore and click Restore. The backup file will be restored to /var/fmrestore. 7. Using database information from DBBackup.out, a restoration script will reconstruct the system configuration from the .tgz file. To run the script, type:
/opt/rainfinity/filemanagement/bin/fmrestore <backup_file.tgz>
As the restoration occurs, the system will prompt for input to: Confirm restoration. Start the FPolicy Callback Service. Start the Callback Daemons. For each question, answer yes. When asked if you want to add another server, answer no. If restoring data to the same machine, the FMA will automatically restart at the conclusion of the restoration process. If restoring data to a different machine, FMA must be manually restarted. Also, original network configuration files such as /etc/hosts, may need to be manually edited to reflect the new IP and hostname of the new machine. Typical output of the fmrestore script is as follows:
[root@fm2 Expanding This will Press any Stopping Stopping Stopping Stopping Stopping bin]# fmrestore /var/fmbackup_7.3_fm2.Sun_27-09-09_08_13.tgz /var/fmbackup_7.3_fm2.Sun_27-09-09_08_13.tgz in /var... overwrite your configuration and database. Are you sure? key to continue or abort now...
FileManagement GUI... Tomcat server FileManagement... File Management watchdog File Management
[ [ [
OK OK OK
] ] ]
Empty the current database...
63
Restore configuration and database... Starting ntpd: Starting FileManagement GUI... Starting Tomcat server Starting FileManagemnt... Starting rslogd (already running): Starting rslogd Monitor (already running): Starting File Management Starting File Management watchdog rssystatd is running
OK
[ [ [ [
OK OK OK OK
] ] ] ]
Do you want to setup FPolicy Callback Service, y/n? y Warning: configuration file, /opt/rainfinity/filemanagement/conf/fcd.xml, already exists. If you select to remove it, all the previous configurations will be missing. Do you wish to remove and recreate it? (y/n)y Stopping FPolicy Server watchdog [ OK ] Stopping FPolicy Server [ OK ] Configuration file removed. By default the FPolicy Callback Daemon will connect to the File Management service on the local machine. Do you wish to configure another File Management machine? (y/n)n Configuring FPolicy callback for File Management machine(s): 127.0.0.1 Since there is only one interface, (10.10.9.56/255.255.255.192), it will be used to receive FPolicy callbacks from NetApp. FPolicy Callback Daemon successfully set up. System service, fpolicycallback, enabled. Starting rslogd (already running): [ OK ] Starting rslogd Monitor (already running): [ OK ] Starting FPolicy Server [ OK ] Starting FPolicy Server watchdog [ OK ] NOTE: Use the rsconfig command to add newly configured File Management IP addresses as passthrough clients on all Rainfinity GFV nodes. Online help for the Stub Awareness Configuration provides information on how to use the rsconfig command. Do you want to setup Celerra Callback Service, y/n? y Warning: configuration file, /opt/rainfinity/filemanagement/conf/ccd.xml, already exists. If you select to remove it, the previous configurations will be missing. Do you wish to remove and recreate it? (y/n)y Stopping celerracallback Server watchdog [ OK ] Stopping celerracallback Server [ OK ] Configuration file removed. By default the Celerra Callback Daemon will connect to the File Management service on the local machine. Do you wish to configure another File Management machine? (y/n)n Configuring Celerra callback for File Management machine(s): 127.0.0.1
64
quiet is set to 0 Since there is only one interface, (10.10.9.56/255.255.255.192), it will be used to receive CelerraDaemon callbacks from Celerra. Initialized encryption key from file Celerra Callback Daemon successfully set up. System service, celerracallback, enabled. Starting rslogd (already running): [ OK ] Starting rslogd Monitor (already running): [ OK ] Starting celerracallback Server [ OK ] Starting celerracallback Server watchdog [ OK ] NOTE: Use the rsconfig command to add newly configured File Management IP addresses as passthrough clients on all Rainfinity GFV nodes. Online help for the Stub Awareness Configuration provides information on how to use the rsconfig command. Do you want to setup Atmos Callback Service, y/n? y Warning: configuration file, /opt/rainfinity/filemanagement/conf/acd.xml, already exists. If you select to remove it, all the previous configurations will be missing. Do you wish to remove and recreate it? (y/n)y Stopping atmoscallback Server watchdog [ OK ] Stopping atmoscallback Server [ OK ] Configuration file removed. By default the Atmos Callback Daemon will connect to the File Management service on the local machine. Do you wish to configure another File Management machine? (y/n)n Configuring Atmos callback for File Management machine(s): 127.0.0.1 quiet is set to 0 Since there is only one interface, (10.10.9.56/255.255.255.192), it will be used to receive AtmosCallbackDaemon callbacks from Celerra. Initialized encryption key from file Atmos Callback Daemon successfully set up. System service, atmoscallback, enabled. Starting rslogd (already running): [ OK ] Starting rslogd Monitor (already running): [ OK ] Starting atmoscallback Server [ OK ] Starting atmoscallback Server watchdog [ OK ] NOTE: Use the rsconfig command to add newly configured File Management IP addresses as passthrough clients on all Rainfinity GFV nodes. Online help for the Stub Awareness Configuration provides information on how to use the rsconfig command. Restore Done.
65
Database maintenance
After archiving millions of files, archiving tasks may become slow as the number of entries in the archival database grows larger. To improve performance, use an FMA process to clear the database of unused entries and re-index the entries that remain. The database maintenance process can take several hours and while the process is running, the File Management daemon must be halted and the GUI may not be used. System administrators should plan to run database maintenance when the FMA is not needed.
Note: Recalls are not interrupted by database maintenance.
Start database maintenance from the console of the FMA by typing:

/opt/rainfinity/filemanagement/bin/rffm doDBMaintenance
A script will stop the File Management daemon and GUI, run the database vacuum process, and then restart the daemon and the GUI. The output of the process is available from: /opt/rainfinity/filemanagement/conf/DBMaintenance.log.
CD clean install
The CD clean install installs all necessary packages and binary files on the Rainfinity hardware. Before starting the installation, check to see if the FM appliance is connected to another appliance for HA, another FM appliance, or a stand-alone appliance with a callback daemon running. If so, stop all callback daemons with the following commands:
fpolicycallback stop celerracallback stop
To perform a CD clean install on an FM or FMHA appliance: 1. If using a downloaded ISO image: a. Run md5sum to verify the image integrity. Rainfinity posts the output of the md5sum commands in the README file that is posted to Powerlink, with all the downloads. Where to get help on page 13 provides information on how to access Powerlink. The ISO file is named:
fm-7.3-##-i686.iso
where ## indicates the particular build number. b. Burn a CD from the ISO image. 2. Insert the Rainfinity CD in the drive. 3. With console access to Rainfinity, restart Rainfinity. 4. When prompted for Installation Options: For an FM installation, type fm_clean. For an FMHA install, type fmha_clean. The appropriate packages are installed. Rainfinity restarts after installation completes and the login prompt appears.
66
5. Log in with username root and password rain. 6. Use the Rainfinity setup script menu that appears to configure the time and network settings.
Note: If FMA will be configured for Celerra to EMC Centera or Atmos archiving, use Recall Settings as described in step 3 of Adding a Celerra to the FMA configuration on page 42 to configure the single set of credentials for recall before running ccdsetup.sh or acdsetup.sh as described in Configuring FMA for Celerra to EMC Centera or Atmos archiving on page 44.
Software upgrades
The Rainfinity File Management software may be upgraded with a CD full upgrade or an UPG upgrade.
Note: After upgrading, run the Rainfinity setup script, rfhsetup, to configure the network settings. Configuring File Management and File Management High Availability on page 39 provides information on how to run the Rainfinity setup script.
Before upgrading to FMA version 7.3

If a deployment includes multiple Celerras or VDMs, and different FileMover API credentials are being used for each Celerra or VDM, additional steps are required before upgrading to FMA version 7.3. For FMA version 7.2, the username and password settings for the FileMover API used in archiving, and the Celerra Callback Agent used for recall were set individually on the Celerra Properties page and could be different as shown in Figure 16 on page 67.
Figure 16
Example of Celerra property settings in FMA version 7.2
For FMA version 7.3, a simpler method of authentication verification has been implemented. The username and password settings for the FileMover API and the Celerra Callback Agent are the same. When upgrading to FMA version 7.3, the Celerra Callback Agent settings used for FMA version 7.2 are automatically applied to FMA version 7.3. If multiple usernames and passwords were configured, only the first set will be preserved. This username
Software upgrades
67
and password will be the single set of credentials for recall as described in step 3 of
Adding a Celerra to the FMA configuration on page 42.
To reduce any potential complication from the consolidation of these settings, before upgrading to FMA version 7.3, use FMA version 7.2 to reconfigure the FileMover API settings and Celerra Callback Agent settings to a single set of credentials and apply the same settings to all Celerras. When choosing the set to use, it is best to copy the Celerra Callback Agent settings to the FileMover settings. For example, the username for FileMover Settings in Figure 16 on page 67 would be changed from dhsm_user to rffm and the password would be changed, respectively. This same single set would be used for the FileMover and Callback Agent settings on all Celerras. If the FileMover settings are changed, it will not be possible to archive until the FileMover API is reconfigured with the new username and password. To re-create the user, perform step 2 of Pre-archiving tasks on the Celerra Control Station on page 47. If the Celerra Callback Agent settings are changed, it will not be possible to recall until the DHSM connections are re-created with the new username and password. 1. Delete the DHSM connections with the option recall_policy set to no. 2. Follow the steps in Configuring manually created DHSM connections on page 50 and use the single set of credentials to re-create the connections manually.
CD full upgrade
The CD full upgrade refreshes all system software packages. To perform a CD full upgrade on an FM or FMHA appliance: 1. Insert the Rainfinity CD in the drive. 2. Type reboot. The machine will restart.
Note: To abort the upgrade, power down the node, remove the CD, and reboot.
3. When the boot prompt appears: For FM, type fm_upgrade. For FMHA, type fmha_upgrade. The CD installation is fully automatic. No user interaction is required. The fm_upgrade process begins with a database pretest script that checks to see if the FMA databases are consistent between the old and new releases. If the pretest finds inconsistencies, the upgrade will exit with a "Failed to upgrade database" error message. Contact EMC technical support to correct the problem before restarting the upgrade. If no problems are encountered, installation is complete after about 10 minutes. Eject the CD and restart the appliance.
Note: On the HP platform, the CD is ejected. Press Enter to restart the appliance.
68
UPG upgrade
Minor version changes require only a UPG upgrade. This upgrade changes the core packages. The UPG upgrade is much faster than a full CD upgrade: 1. If the FMA GUI is running, log out. 2. Stop the File Management daemon with the command:
filemanagement stop
3. Download the FM upgrade file to the root directory on the appliance:

rf_7.3-##.i686.upg
where ## indicates the build number. 4. Back up the FMA configuration with the command:
fmbackup
The process writes a backup file to /var/fmbackup.<machine_name>.<timestamp>.tgz. Copy the fmbackup file to another system. If needed for disaster recovery, restore the backup with the command:
fmrestore /var/fmbackup.<machine_name>.<timestamp>.tgz
Restoring a backup dump on page 62 provides more details on the fmrestore command. 5. Start the upgrade with the command:
/opt/rainfinity/filemanagement/bin/rfupgrade rf_7.3-##.i686.upg
The upgrade process begins with a database pretest script that checks to see if the FMA databases are consistent between the old and new releases. If the pretest finds inconsistencies, the upgrade will exit with a "Failed to upgrade database" error message. Contact EMC technical support to correct the problem before restarting the upgrade. If no problems are encountered, the process upgrades the excecutables. 6. Start the callbacks with the following commands:
fpolicycallback start celerracallback start atmoscallback start
If using a NetApp, Configuring FMA for NetApp archiving on page 53 provides instructions on how to configure the FPolicy Callback Service. If using a Celerra, Configuring FMA for Celerra to EMC Centera or Atmos archiving on page 44 provides instructions on how to configure the Celerra Callback Service for EMC Centera or Atmos. 7. Wait at least 30 seconds for the FCD and CCD to register with the daemon. 8. If upgrading on an FMA, start the File Management daemon.
Note: For large databases, the upgrade between versions (for example, 7.2.5 to 7.3) will require significantly more time than the upgrade within the same version. To avoid any disruption during the upgrade process, it is best to start the File Management daemon from a server that will not be rebooted or shutdown.
Type the command:

filemanagement start
Software upgrades
69
70
4
This chapter contains the following sections:

Security hardening ......................................................................................................... 72 Configuring the GUI access method ........................................................................... 75 STIG hardening............................................................................................................... 75 LDAP client configuration ............................................................................................ 77 RADIUS and TACACS+................................................................................................ 80 Certificate management ................................................................................................ 80 Appliance mail delivery settings ................................................................................. 81 Log settings ..................................................................................................................... 82 System command accounting....................................................................................... 87 Windows domain user................................................................................................... 89
71
Security hardening
By default, security hardening is not enabled: 1. To configure security hardening: a. Start the Rainfinity setup tool, type rfhsetup. b. Select Configure System Security. 2. A set of security settings options appears. Select Harden Appliance. The default settings for the items that affect the appliance security level are: Use single security database =no Disable root logins =no Strengthen passwords =no Age passwords =no Harden to STIG requirements =disabled If any of the settings is set to a non-default value, security hardening is enabled. Conversely, when all four settings are no, security hardening is disabled and this disabled security level is referred to as the default level.
Note: In addition to the security settings, the GUI access method may also be configured from the Harden Appliance menu. By default, the GUI is accessible over both http and https. Enabling https only or redirecting http to https does not change the appliance setting to hardened.
Single security database

If the single security database setting is enabled, all authentication on the device will go through standard Linux Pluggable Authentication Modules (PAMs). This applies to both GUI and CLI access. Both the GUI and the CLI provide two types of users:

Admin users belonging to the wheel group and Rainfinity groups Ops users belonging to the Rainfinity group
CLI users are configured independently from the GUI users. Admin users An admin user who is a member of the wheel group and logged in through ssh can su to: Create/delete other users Run rfhsetup To add an admin user for access from the CLI: a. Log in to the Rainfinity appliance as root. b. Type the following commands:
adduser G rainfinity,wheel <username> passwd <username>
72
Ops users
An ops user belongs to the Rainfinity group. To add an ops user for access from the CLI: a. Log in to the Rainfinity appliance as root b. Type the following commands:
adduser G rainfinity <username> passwd <username>
Linux PAM users
A Linux PAM user is created through the CLI. When a Linux PAM user is logged in to the GUI with the single security database setting enabled, the users role (admin or ops) is cached for the duration of the session. If the administrator changes the users setting while the user is logged in, the users role will not be refreshed until one of the three following conditions occurs:

User logs out. GUI is restarted. Cached user information in the Tomcat server expires due to inactivity.
Adding users with the GUI To add a new admin or ops user with the GUI: 1. Log in as admin. 2. From the Configuration tab, select Rainfinity Users. 3. Select Add a New User. In the Rainfinity User Properties dialog box that appears: a. Type the name. b. Type a new password. c. Specify the type of user: Super User The admin user. Regular User The ops user.
Note: When the single security database setting is disabled, users created through the GUI are allowed to log in through the GUI but not the CLI. In addition, if the single security database setting is enabled, user accounts cannot be created through the GUI. If the user attempts to invoke the configuration page for Rainfinity Users, a warning will appear.
Disable root logins

If root logins are disabled, the only way to add new users or to run rfhsetup is for an admin user (such as a user who belongs to the wheel group) to log in to the device, and then su to root. When the disable root logins setting is being changed to yes, Rainfinity checks to ensure that:
There is at least one admin user other than root who belongs to the wheel group. This user must have a configured password.
Security hardening
73
The wheel users are in the local /etc/group file. Rainfinity ignores LDAP users while performing this check because LDAP servers occasionally become unreachable. The same holds true for RADIUS users.
Note: It is strongly recommended that a small set of admin users are locally configured for each Rainfinity appliance and that the bulk of admin and ops users are configured on an LDAP server. In this way, the management of these users scales to large networks.
Strengthen passwords
If the passwd command is run with password strengthening enabled, your new password must be at least eight characters long and satisfy the following requirements:

At least three characters are different from the previous password. At least one character is an uppercase letter. At least one character is a number. At least one character is a special character.
In a clustered environment, run the passwd command on both the primary and backup nodes.
Note: The root user can change any password including its own to any value, regardless of the Password Strengthening setting.
Age passwords
If password aging is enabled, every user (except root) who can log in with a shell account will have an aging password. The root user configures:

When to print a user warning that a password is about to expire. The maximum number of days a password can remain valid before it must be changed. How often a password may be changed. The number of days following password expiration after which the account will be locked. Once an account is locked, only the root user can unlock the account by using the change command to change the age of the password.
Note: If a large number of devices are deployed, a central authentication service (such as LDAP) should be used. Password administration through the central site greatly facilitates user scalability, as one user is not required to log in to every deployed Rainfinity appliance to update an aging password.
74
Configuring the GUI access method

By default, the GUI can be accessed by both http and https. To change this for the File Management Appliance: 1. Start the Rainfinity setup tool, type rfhsetup. 2. Select Configure System Security. 3. A set of security settings options appears. Select Harden Appliance. 4. Select Configure GUI access method: To disable access over http, select Only enable GUI access over https. To redirect http traffic to https instead of disabling http, select Redirect GUI access over http to https.
STIG hardening
Security Technical Implementation Guide (STIG) is a set of security guidelines issued by the US Department of Defense. These STIG UNIX guidelines define how UNIX/Linux appliances should behave from a security standpoint.
Enabling STIG hardening

Rainfinity provides an option for hardening the appliance to meet the UNIX STIG Guide (Version 5, Release 1). When STIG hardening is enabled, the security settings change as follows:
The user will be required to type the root password to gain access to the Rainfinity appliance in single user mode. After three consecutive login attempts, the account will be disabled. Only the root user can re-enable a disabled account. The login delay between login prompts will be increased from 2 to 4 seconds. New passwords are required to be a minimum of nine characters in length. When changing passwords, the past five passwords cannot be reused as the new password value. The root accounts home directory will be set to a permission value of 700. Man page file permissions will be set to 644. User-directories must not contain undocumented startup files with permissions greater than 750 (that is, they must allow write access only for that user). The system and default user umask must be set to 077. Access to the cron utility will be restricted using the cron.allow and cron.deny files. Crontab file permissions above 700 will not be permitted (in the /etc/cron.daily, /etc/cron.hourly, /etc/cron.weekly directories). The inetd.conf file permissions will be set to 440. Unnecessary accounts, for example, games and news will be deleted. sysctl.conf file will be set to 600 permission.
Configuring the GUI access method
75
To enable STIG hardening on the FM/FMHA appliances, perform the following steps: 1. Start the Rainfinity setup tool, type rfhsetup. 2. Select Configure System Security. 3. Select Harden Appliance. 4. Select Harden to STIG requirements. 5. When prompted with Enable changes to conform to STIG Hardening requirements?, type Y.
Disabling STIG hardening

When STIG hardening is disabled, the security settings change as follows:

No password prompt will be made prior to connecting in single-user mode. User accounts will not be locked, even after three or more failed login attempts. The login delay will be set to the current default setting, which is less than 4 seconds at this time. When changing passwords, the minimum length will be: If password hardening is enabled: 8 characters, with at least 1 lowercase, 1 uppercase, 1 digit, and 1 special character. If password hardening and STIG hardening are disabled: the minimum requirements for the new password is that it should be six characters long.
When STIG hardening is disabled, the user can reuse previously set passwords. The /root directory permissions will be reset to 750. Man page file permissions will be left at 644 (that is, this STIG hardening change will not be undone). User-directory permissions will not be restored to the value prior to STIG hardening. The system and default user umask must be set to 022. Unnecessary groups/accounts that are deleted during STIG hardening will remain deleted even after STIG hardening is disabled. Access to the cron utility will not be restricted using the cron.allow and cron.deny files.
To disable STIG hardening on the FM appliance, perform the following steps: 1. Start the Rainfinity setup tool, type rfhsetup. 2. Select Configure System Security. 3. Select Harden Appliance. 4. Select Harden to STIG requirements. 5. When prompted with Enable changes to conform to STIG Hardening requirements?, type N.
76
In addition, STIG hardening will be disabled when the appliance hardening level is reset to the default level as follows: 1. Start the Rainfinity setup tool, type rfhsetup. 2. Select Configure System Security. 3. Select Remove Appliance Hardening Settings.
LDAP client configuration

LDAP directory trees are used to represent hierarchical directory information, such as people and phone numbers belonging to an organization. Rainfinity supports Lightweight Directory Access Protocol (LDAP) for user authentication and authorization.
Global LDAP settings
Global LDAP settings affect all LDAP operations. The following settings impact how the LDAP client on the Rainfinity appliance will behave when the LDAP server does not respond. Bind type There are two types of binds:
Hard Rainfinity will continue to retry the bind attempt until a maximum timeout is reached. Soft Rainfinity will attempt to bind once and abort if the server does not respond. Search time limit The amount of time that the LDAP client will wait for an initial response from the server. Bind time limit The amount of time that the LDAP client will attempt to bind. By default, these time limits are set to 10 seconds to allow the appliance to remain responsive when the LDAP server is down, and to fail over to an alternate authentication mechanism, if another mechanism is configured.
Time limits There are two types of time limits.
Server type The Rainfinity LDAP client works with three types of LDAP servers:

OpenLDAP Active directory with SFU 3.5 support Active directory with RFC 2307 support
LDAP authentication
When LDAP is configured, LDAP authentication is established through a sequence of events.
A user connects to the Rainfinity appliance. The user is challenged for user authentication. The Rainfinity LDAP client contacts the LDAP server to validate the users credentials. To validate that the client is trusted, the server attempts: To accept anonymous bind attempts, such as accepting all connections without a password. To accept a plain-text password sent over an unencrypted communication channel. To establish a secure communication channel with the client, and then authenticate using a plain-text password or SASL.
77
The client establishes the secure communication channel as follows: The client requests the servers public key. The client validates that the servers public certificate is signed by a known Certificate Authority (CA). The client then encrypts its data using the servers public certificate. Only the private key stored on the server can decrypt this data. Initial data from the client contains negotiation information that the server and client will both use to establish a secure communication channel. Just as the client uses the servers public key to encrypt its first message, the server ensures that the client is authentic by requesting the clients public certificate, and validating that it is signed by a known Certificate Authority. After the secure channel is established, the password is exchanged. If SASL is configured, it may be used instead of a password.
The server and client may negotiate an encryption scheme to secure all traffic between them.
Once authentication is established and an encryption scheme is optionally selected, the LDAP client will request user authentication.
Configuring basic LDAP settings

To start LDAP configuration: 1. Start the Rainfinity setup tool, type rfhsetup. 2. Select Configure System Security. 3. Select Configure LDAP. 4. Select Enable LDAP. Configure the basic LDAP settings:
Maximum time the LDAP client will wait for an initial response from the server Type a period of time. The client will retry after waiting for 2 seconds, and thereafter continue retrying after doubling the wait time from the previous retry attempt. The client will continue retries until either the server responds or the configured LDAP search time limit is exceeded. The default time limit is 10 seconds.
LDAP bind policy Select soft or hard. The default setting is hard, and indicates that the client will retry bind connections to the LDAP server.
Maximum time the LDAP client will wait for a bind response from the server Type a period of time. If the bind policy is set to soft, this setting has no effect. If the bind policy is set to hard, this policy will cause a bind retry mechanism to occur.
LDAP server type Select from the supported server types: OpenLDAP Applies to LDAP servers distributed by OpenLDAP. Active Directory deployed with Services For Unix (SFU) 3.5
78
Active Directory with RFC2307 support

Note: Other LDAP servers have not been validated for Rainfinity version 7.2 or later.
IP address or hostname for the LDAP server When using SSL and TLS, type the hostname that matches the hostname used in the certificate generation. If an IP address was used in the certificate generation instead of the hostname, type the IP address.
Note: Failure to type the proper information will create problems during the LDAP setup. This is one of the most common configuration errors during LDAP setup.
LDAP basedn Type the suffix for your domain name. Advanced LDAP settings Type Y, to configure a bind password, or enable SASL (Kerberos), SSL, or TLS. If advanced LDAP settings are left unconfigured, anonymous bind without a bind password is used by default.
If the GUI is running and LDAP is enabled through rssetup, the GUI will not recognize LDAP authentication attempts until it is restarted by typing the command:
/opt/rainfinity/filemanagement/bin/fmgui restart
To avoid this problem, enable external authentication (LDAP, RADIUS, TACACS+) before enabling the single security database. Then invoke the GUI.
Configuring advanced LDAP settings

Once basic configuration is complete, the user may continue to configure advanced LDAP settings:
Anonymous or simple bind If simple is selected: Type the binddn user+domain name that will be used to connect to the LDAP server. Type the password that will be used to authenticate with the LDAP server.
SASL To configure SASL, provide: SASL KDC address Domain name Kerberos principal details
Note: When configuring SASL, enter the absolute path for the scp path. ~ is not supported as root home.
Encryption type Select cleartext, SSL, or TLS.
79
Option for the LDAP client to validate the servers certificate Select Y if using SSL or TLS. Rainfinity will prompt you to scp the CA certificate.
Option for the LDAP server to validate the clients certificate Before enabling this option, ensure that the clients key and certificate were generated and placed on the Rainfinity client.
RADIUS and TACACS+

To configure RADIUS or TACACS+: 1. Start the Rainfinity setup tool, type rfhsetup. 2. Select Display advanced menu options. 3. Select Configure System Security. A set of security settings options appears: a. Configure RADIUS: Type the RADIUS server address Type 1812 as the default RADIUS port number b. Configure TACACS+: Type the server address Type the server secret
Note: After the appliance checks with the RADIUS and TACACS+ servers for authentication, it will, by default, check the local /etc/passwd file for authorization information.
If the user does not exist in the local file, add the user with the commands:
useradd G rainfinity,wheel <adminusername> useradd G rainfinity <opsusername>
Using multiple authentication methods If TACACS+ or LDAP, and RADIUS are configured, Rainfinity will attempt to authenticate users in the following order:

Credentials are checked against either the TACACS+ or the LDAP database. If TACACS+ or LDAP authentication fails, credentials are checked against the RADIUS database. If RADIUS authentication fails, credentials are checked against the local authentication database including the /etc/shadow, /etc/group, and /etc/passwd information stored on the Rainfinity appliance.
Certificate management
When configuring LDAP, TLS, and SSL for authentication, key and certificate files are required. In order for authentication encryption to work correctly, these keys and certificates must be:

Periodically refreshed Correctly located on the appliance
80
Each certificate has an expiration date. Every week, Rainfinity checks the validity of each certificate. Certificate warning information is logged into the /var/log/secure file, and if the alert is enabled, email is sent when the certificate is due to expire. Once a certificate expiration warning is received, SSL/TLS certificates must be updated. To update and manage the keys and certificates: 1. Start the Rainfinity setup tool, type rfhsetup. 2. Select Configure System Security. 3. Select Certificate Management. 4. To update either: Certificate Authority (CA) public certificate Client key and certificate for use with SSL/TLS a. Select Update Certificate. b. Select Y. c. Type the scp path from which the selected certificate or key file will be copied to the File Management or File Management High Availability appliance.
Appliance mail delivery settings

Rainfinity supports delivery of alerts through email. To send these alerts, sendmail must be properly configured. A menu is provided within the rfhsetup tool. To use this menu, follow these steps: 1. Start the Rainfinity setup tool, type rfhsetup. 2. Select Configure Appliance Mail Configuration. 3. The Appliance Mail Configuration menu appears. Follow the prompts to configure: a. Change Configuration When prompted, type Y. b. Senders email address Type the address that will appear in the From field of the alert emails sent by the Rainfinity Appliance. For example, johndoe@acme.com. c. SMTP server Type the server to which mail should be sent. For example, mailhub.eng.acme.com. d. email verification Type a recipient email address to which test emails may be sent. For example, adminjoe@acme.org. The rfhsetup script will attempt to verify the mail configuration by sending two emails. Wait a few minutes. Check the email account to see if these emails were successfully received. 4. Rainfinity Mail Test 1 To confirm the receipt of an email with the subject Rainfinity Mail Test 1, type Y. Otherwise, type N. 5. Rainfinity Mail Test 2 To confirm the receipt of an email with the subject Rainfinity Mail Test 2, type Y. Otherwise, type N. If either of the test emails was received, mail delivery is working and mail setup is done.
Appliance mail delivery settings
81
If neither test email was received, verify:

The name of the SMTP server. Check with your system administrator. The email address provided for the test email. The SMTP server is reachable. Try pinging it.
Log settings
When the security level is set to harden, any event that might affect the security of the system is written to the Rainfinity log files. Use the Rainfinity setup tool to administer and preserve log files.
Configuring log rotation

With log rotation, the user controls the periodic rotation of files. To configure log rotation: 1. Start the Rainfinity setup tool, type rfhsetup. 2. Select Display advanced menu options. 3. Select Configure Logging Options. 4. Select Configure Log Rotation. 5. Follow the prompts to configure: Log rotation frequency Daily, weekly, or monthly. Rotation mode Size or time. Max log size (for non-debug files). Max debug log size. Number of copies to keep for each log file.
Configuring SCP of rotated log files

Log rotation is the first step in archiving the Rainfinity system logs. These log files are eventually deleted as a part of the normal rotation process. However, in many customer environments, it may be necessary to preserve these files by copying them to a remote server. Use Rainfinity to create a tar file of these rotated system and Rainfinity logs, then secure copy them to a remote server. Configuring the public-private key exchange Prior to configuring secure copy (SCP) of rotated log files, a public-private key exchange must take place. To configure the public-private key exchange: 1. Log in to the FM or FMHA appliance as root. 2. Generate the public key by typing ssh-keygen -t rsa. When prompted, press Enter to accept default answers for: File in which to save the key, or /root/.ssh/id_rsa No passphrase Confirm no passphrase
82
At the end of the configuration, a message appears acknowledging: Your identification is saved in /root/.ssh/id_rsa. Your public key is saved in /root/.ssh/id_rsa.pub. 3. For the external server where the log files will be placed, create a user with write access to the copy directory. Do not use the root user.
Note: In the following steps, server is the IP address or hostname of the external server and user is the name of the user on the external server which will copy the files.
4. Log in to the FM or FMHA appliance and use ssh to: a. Create the directory ~/.ssh by typing the command:
ssh <user>@<server> mkdir -p .ssh
b. Type the user password. c. Append the public key on the FM or FMHA appliance by typing the command:
cat /root/.ssh/id_rsa.pub | ssh <user>@<server> 'cat >> .ssh/authorized_keys'
d. Type the user password. e. Set correct permissions by typing the command:
ssh <user>@<server> chmod -R 700 .ssh
f. Type the user password. 5. To verify successful completion, attempt to log in to the external server as user from the root account on Rainfinity by typing:
ssh <<user>@<server>
You should not be prompted for a password. You can now successfully use SCP without a password to send the rotated log files to your external server. Configuring SCP of rotated log files using rfhsetup Once the public-private key exchange is completed, configure scp of rotated log files: 1. Start the Rainfinity setup tool, type rfhsetup. 2. Select Configure Logging Options. 3. Select Configure SCP of Rotated Log Files. 4. Follow the prompts to configure: The SCP Remote Address The IP address or hostname of the external server. This is the external server referenced in Configuring the public-private key exchange on page 82. The username to whose account the log files will be copied The name of the user on the external server who will copy the files. Same as the user provided in Configuring the public-private key exchange on page 82. The full path to the directory at the remote site where the log files should be placed. The user must have write access to this directory. Following the configuration, Rainfinity will test SCP by attempting to copy a test file. If this test fails, the SCP settings will be accepted, but SCP is probably not configured properly. Correct the error that is blocking SCP and rerun the Rainfinity setup tool.
Log settings
83
Alerts
Rainfinity can be configured to monitor various system log files and send an email or SNMP alert whenever an event of interest occurs. The most critical Rainfinity alerts are grouped by type:

Security alerts Operational alerts Environmental alerts
Table 6 on page 84 lists security alerts that apply to all Rainfinity appliances.
Table 6
Critical security alerts Index 001-0005 Pattern name Failed to bind to LDAP server Description Attempt to bind to the LDAP server failed. This could be due to a misconfigured LDAP server address, or due to a network connectivity issue. The user could see delays in logging in or executing commands if the LDAP server is unavailable. System security level has been modified. One certificate will expire soon or has already expired.
001-0011 001-0013
Security level change Certificate expiration warning
Table 7 on page 84 lists operational alerts that are specific to the File Management Appliance.
Table 7
Critical operational alerts Index 001-0017 001-0018 002-3001 002-3002 002-3003 002-1007 003-0001 301-0001 301-0002 301-0003 301-0007 Pattern name Log alerts system enabled Log alerts system disabled Description rfalertd has been started. rfalertd has been terminated.
Rainfinity daemon not present File Management daemon is not present. Rainfinity stopped Rainfinity started Capacity utilization Partition full Rainfinity enabled Rainfinity disabled FMHA alert (FCD) Could not update capacity values FMHA alert (CCD) Exceeds threshold Centera alert File Management daemon has been stopped. File Management daemon has been started. Disk capacity utilization exceeds the preconfigured threshold of 85%. Disk partition is full. This alert is triggered when any partition on the system exceeds 99% utilization. File Management daemon has been enabled. File Management daemon has been disabled. FMHA is unable to contact FMA with NetApp as primary storage. FMA is unable to obtain disk capacity values for primary servers. Restart the File Management daemon. If the alert persists, contact Rainfinity technical support. FMHA is unable to contact FMA with Celerra as primary storage. NAS Repository exceeds the configured threshold. Unable to open connection to EMC Centera.
302-0001 304-0001 701-0001
84
Table 8 on page 85 lists environmental alerts that apply to all Rainfinity appliances.
Table 8
Critical environmental alerts Index 002-1001 002-1002 002-1003 002-1004 Pattern name Temperature alert Fan alert Power supply alert Memory alert Description Sent when a temperature sensor reading exceeds or drops below a safe threshold. Sent when a fan status has changed, or a fan failure occurs. Sent when a power supply status has changed, or a power supply failure occurs. Sent when a memory hardware status has changed, or a memory hardware failure occurs. Note that if a memory hardware failure occurs, the system may shutdown prior to generating the alert. Sent when a disk status has changed, or when a disk failure occurs. This alert is related to the mechanical operation of the hard disk, and does not provide any indication of the disk capacity utilization. Alerts 002-1007 and 003-0001 are generated for capacity utilization. Sent when a network card status has changed, or when a network card failure (or port failure within that network card) occurs.
002-1005
Disk alert
002-1006
NIC alert
All alerts are listed in the Log Pattern Index of the Rainfinity GUI. A different throttle time may be applied to each alert pattern. If alerts occur more than once within a specified throttle time, the repeated alerts are suppressed.
Note: In order to generate alert email messages from the device, sendmail must be configured.
Configuring email alerts

To review and configure the list of email alerts using the GUI: 1. Click the Alert Settings link on the Configuration tab. 2. Click the Edit log alert Pattern link. A list of alerts with the various alert settings appears: Alerts may be individually enabled. If alerts occur more than once within a specified time period, edit the throttle time to suppress the repeated alerts. A different throttle time may be applied to each alert.
Note: Only admin users can view this configuration page.
To configure email alerts from the command line: 1. Start the Rainfinity setup tool, type rfhsetup. 2. Select Configure Logging Options. 3. Select Configure Log Alerts. 4. Follow the prompts to configure: Select Yes, when asked to enable alerts. Specify one or more email addresses separated by a space or comma, to receive the alerts.
Log settings
85
Configuring SNMP alerts

To configure SNMP alerts using the GUI: 1. Click the SNMP Configuration link on the Configuration tab. 2. On the SNMP Settings page that appears, add a notification host. This is the host to which alerts will be sent: IP address UDP port Community string Security type Click Commit. 3. Click the Alert Settings link on the Configuration tab. 4. Under Alerts, click Enable SNMP alerts.
Note: Only admin users can view this configuration page.
To configure SNMP alerts from the command line: 1. Configure the SNMP Notification Host: a. Start the Rainfinity setup tool, type rfhsetup. b. Select Configure Logging Options. c. Select Configure SNMP. d. Select Configuration SNMP Notification Hosts. e. Add the SNMP Notification Hosts: The number of hosts that may be added is unlimited. For each host, specify: IPv4 address, UDP port number, SNMP community string, and SNMP verion. The community string must be alphanumeric, and may include dashes and underscores. 2. Enable SNMP alert generation: a. Start the Rainfinity setup tool, type rfhsetup. b. Select Configure Logging Options. c. Select Configure Log Alerts. d. Follow the prompts to configure: Select Yes, when asked to enable alerts. Specify the type of alert delivery. Select either email only, SNMP only, or email and SNMP.
86
Enabling SNMP polling

To enable SNMP polling using the GUI: 1. Click the SNMP Configuration link on the Configuration tab. 2. On the SNMP Settings page that appears: Type a community string. Select a security type. Click Add. The community string is added to the Current Community String list. 3. Click Commit. To enable SNMP polling from the command line, configure the SNMP Community String to be used for polling: 1. Start the Rainfinity setup tool, type rfhsetup. 2. Select Configure Logging Options. 3. Select Configure SNMP. 4. Select Configuration SNMP Community Strings. 5. Add the SNMP Community Strings. The number of strings that may be added is unlimited. For each string, specify the SNMP community string and SNMP version. The community string must be alphanumeric, and may include dashes and underscores.
Note: To poll for SNMP objects without enabling rfalertd, execute the command: service rfsnmp start from the root account. This restarts SNMP and no alert history is viewable until the alert daemon is restarted.
System command accounting

Rainfinity provides the ability to track any command that is successfully executed and launches a new process. To track command history, Rainfinity uses the psacct Process Accounting package. This package tracks commands that are entered. In addition to commands, Rainfinity extends this package to track command arguments. To enable System Command Accounting on the FM appliance: 1. Start the Rainfinity setup tool, type rfhsetup. 2. Select Configure Logging Options 3. Select Configure System Command Accounting 4. Type Y to enable system command accounting.
System command accounting
87
Tracking user command history

After enabling System Command Accounting, admin users can track the list of commands entered on the system with the tool: /opt/rainfinity/bin/rflastcomm. To use this tool, admin users must su to root first. Examples of its use are as follows:
To list the commands entered by all users, use the tool without any options, or:
/opt/rainfinity/bin/rflastcomm
To list the commands entered by a specific user, type:

/opt/rainfinity/bin/rflastcomm u <username>
To list commands entered by a user since a start date on 5 P.M. on June 6, 2007, use the tool with the following arguments:
/opt/rainfinity/bin/rflastcomm u <username> s 2007-06-06 17:00:00
To track system/daemon/session history, type:

/opt/rainfinity/bin/rfquerycshis.sh
For a help menu and additional options, type:

/opt/rainfinity/bin/rflastcomm --help
Tracking user login history

After enabling System Command Accounting, admin users can track the login history with the tool:/usr/bin/last. To run this tool, admin users must su as root first. This tool is part of the standard psacct Process Accounting package. For detailed info on using this tool, type: man last.
Tracking daemon command history

To query daemon command history such as xmlrpc commands issued to the daemon from the GUI or via various Rainfinity CLI commands, use the tool: /opt/rainfinity/bin/rfquerycshis.sh.
To obtain the daemon command history, type:

/opt/rainfinity/bin/rfquerycshis.sh -t dc
To query the system command history, type:

/opt/rainfinity/bin/rfquerycshis.sh -t sc
To query the user login history, type :

/opt/rainfinity/bin/rfquerycshis.sh -t ls
To list hardware related messages from the system log files, type:
/opt/rainfinity/bin/rfquerycshis.sh -t hw
88
Windows domain user

When a new file server is added to the FMA configuration, CIFS specific settings include the username and password for the Windows domain user to be used by the FMA. Before adding a new CIFS file server, use the instructions in the following sections to set up the Windows domain user:

Creating a Windows domain user on page 89 Adding an admin user to the local administrator group on page 89
In addition, when using an FMA in a Windows 2008 domain, the domain controller Group Policy Object (GPO) must be configured to support NTLM versions 1 and 2 for CIFS authentication. Configuring Windows 2008 for NTLM on page 90 provides information on how to modify the domain controller configuration.
Creating a Windows domain user

To create an administrator in the Windows 2000, 2003, or 2008 domain: 1. Log in to the primary domain controller as the Domain Administrator. 2. From the Start menu, select Start > Programs > Administrative Tools > Active Directory Users and Computers. 3. Right-click Users. 4. Select New > User. The New Object User dialog box appears: a. In the Full name box, type Rainfinity Administrator. b. In the Login name box, type rsadmin. rsadmin is the Rainfinity Administrator Windows Domain user. c. Type a password. This password is the rsadmin Windows password. d. Optionally, select Password Never Expires. 5. Click Finish.
Note: If you have NetApp Filers but no Windows 2000, 2003, or 2008 servers in your domain, then you must include rsadmin in the Domain Admin group. Otherwise you will not be able to include the rsadmin user in the NetApp Filers administrators group.
Adding an admin user to the local administrator group

The Rainfinity administrator account must be added to the Administrators group on the CIFS file servers that will be involved in FMA archiving. To add a Rainfinity Windows domain user on a NetApp filer or an EMC Celerra Data Mover: 1. Log in to the primary domain controller as the Domain Administrator. 2. From the Start menu, select Start > Programs > Administrative Tools > Computer Management. The MMC application appears. 3. To start a Computer Management session with the file server: a. From the Action menu, select Connect to another computer. The Select Computer dialog box appears.
Windows domain user
89
b. Click Browse or type the file server name to select the NetApp or Celerra to connect to. c. Click OK. 4. To include the rsadmin user in the Administrator group for the CIFS File Server: a. Under System Tools, in the folder Local Users and Groups, select Groups. b. Select Administrators. The Administrators Properties dialog box appears. c. Click Add. The Select Users or Groups dialog box appears. Click Locations. From the Locations menu, select the domain instead of the local computer. Under Enter the object names to select, type rsadmin to add the domain user. d. Click OK. The Administrators Properties dialog box reappears with the newly added rsadmin user. e. Click OK. Repeat this process for any other file servers that will be involved in FMA archiving.
Configuring Windows 2008 for NTLM

By default, the Windows 2008 domain controller supports Kerberos authentication only and disables NTLM authentication. File Management only supports NTLM versions 1 and 2 authentication for CIFS. Kerberos is not supported. To use an FMA in a Windows 2008 domain, confirm that the domain controller is configured for NTLM authentication: 1. Log in to the Windows 2008 domain controller as the Domain Administrator. 2. From the Start menu, select Run. In the Run dialogue box that appears, type gpmc.msc and click OK. The Group Policy Management dialog box appears. 3. Expand the domain. Under Group Policy Objects, right-click Default Domain Policy and select Edit. The Group Policy Management Editor appears. 4. Under Computer Configuration, select Policies > Window Settings > Security Settings > Local Policies > Security Options. In the list of policies, scroll down to Network security: LAN Manager Authentication. Confirm that the policy setting shows that NTLM is configured for authentication. 5. This applies to Celerra DART 5.5. Under Computer Configuration, select Policies > Administrative Templates > System > Net Logon. In the Net Logon list that appears, double-click Allow cryptography algorithms compatible with Windows NT 4.0. Confirm that the setting is enabled. 6. Close the Group Policy Management Editor.
90
A
The appendix includes the following sections:

Advanced network topologies ..................................................................................... 92 Configuring FMA with bonding.................................................................................. 93 Configuring FMA with two subnets ........................................................................... 94 Configuring FMA with more than two subnets ........................................................ 95
91
Advanced network topologies

For many environments, using a single networking interface will satisfy networking requirements. However, there are cases when more complex topologies are needed:
Combining ethernet interfaces to form a bonded interface. This topology is used for high availability, to protect the FMA installation from a single point of failure. Configuring FMA with bonding on page 93 provides details on how to set up this network topology. Using two subnets, one for the NAS primary storage tier, and another for either the NAS/CAS secondary tier or for a management interface. Configuring FMA with two subnets on page 94 provides details on how to set up this network topology. Using more than two subnets, for example, when there are three teams using an FMA distributed across three different subnets. Configuring FMA with more than two subnets on page 95 provides details on how to set up this network topology.
92
Configuring FMA with bonding

This configuration is commonly used when fault tolerance must be built into the networking layer. In this example, eth0+eth1 are combined into a bonded interface that is configured with the balance-rr bonding mode. 1. Start the network configuration menu: a. Type rfhsetup from the FMA command prompt to invoke the system setup menu. b. Select Configure File Management Networking. The network configuration menu appears. c. Select Configure Networking. 2. Add new bond interface: a. Type A to add an interface. Use the right arrow to highlight Bond, and press Enter. b. When prompted for a name of the new bond, use the up arrow to auto-generate a name. The name generated is bond1. Press Enter to complete. 3. Edit new bond setting: a. Use the up and down arrows to select the bond1 interface. Press Enter to edit the configuration. b. Specify a value for each item: For Slave, type eth0 eth1. For Trunking Mode, select balance-rr. Complete other values as needed. c. Once the interface configuration is defined, press the left arrow to exit the current menu. When prompted, answer Yes to keep the new setting. 4. Save new settings, exit, and restart network services: a. Press the left arrow to exit the main menu. When prompted, select Yes to commit the configuration. b. The setup utility will restart the FMA network services for the new configuration and return to the network configuration menu.
Configuring FMA with bonding
93
Configuring FMA with two subnets

In this example, FMA is configured for two subnets with two physical ports (eth0, eth1): 1. Start the network configuration menu: a. Type rfhsetup from the FMA command prompt to invoke the system setup menu. b. Select Configure File Management Networking. The network configuration menu appears. c. Select Configure Networking. 2. Edit settings for the physical ports eth0 and eth1: a. Use the up and down arrows to select eth0 and press Enter. The configuration menu for the eth0 interface appears. b. Provide information for each item to properly configure the interface. Press Enter to edit an item, the press Enter again to complete. Press the left arrow to exit the menu. Answer Yes to keep new settings. c. Repeat these steps for the eth1 interface. 3. Save new settings, exit, and restart network services: a. Press the left arrow to exit the main menu. When prompted, select Yes to commit the configuration. b. The setup utility will restart the FMA network services according to the new configuration and return to the network configuration setup menu.
94
Configuring FMA with more than two subnets

In this example, FMA is configured for more than two subnets with two physical interfaces. This configuration utilizes VLAN tagging and the switch connected to the FMA ethernet ports must be properly configured for tagging. Using Cisco terminology, the switchport mode is set to trunk and the required VLANs are allowed on the ports: 1. Start the network configuration menu: a. Type rfhsetup from the FMA command prompt to invoke the system setup menu. b. Select Configure File Management Networking. The network configuration menu appears. c. Select Configure Networking. 2. Add new bond interface: a. Type A to add an interface. Use the right arrow to select Bond, and press Enter. b. When prompted for the name of the new interface, press the up arrow to generate a name. The name generated is bond1. Press Enter to complete. 3. Edit the bond configuration: a. Use the up and down arrows to select the new bond interface. Press Enter. The configuration menu for the interface appears. b. For Slave, type eth0 eth1. Complete other values as needed. c. Once the interface configuration is defined, press the left arrow to exit the current menu. When prompted, answer Yes to keep the new setting.
Note: Configuration settings are saved, but are not committed yet.
4. Add new VLAN interfaces: a. Type A to add an interface. Use the right arrow to select Vlan, and press Enter. b. Type a name for the VLAN bond interface. The naming convention is <interface>.<vlan-ID>. For example, eth0.5 is a VLAN interface on eth0 with a VLAN ID of 5 c. Repeat these steps to create two more VLAN bond interfaces. 5. Edit the VLAN configuration: a. Use the up and down arrows to select the new VLAN interface. Press Enter. The configuration menu for the interface appears. b. Provide information for each item to properly configure the interface: Press Enter to edit an item, and then press Enter again to complete. Press the left arrow to exit the menu. Answer Yes to keep the new settings. c. Repeat these steps for each new VLAN interface.
Configuring FMA with more than two subnets
95
6. Save the new settings, exit, and restart network services: a. Press the left arrow to exit the main menu. When prompted, select Yes to commit the configuration. b. The setup utility will restart the FMA network services for the new configuration and return to the network configuration menu.
96
Glossary
This glossary contains terms related to file management. Many of these terms are used in this manual.
A
API Application programming interface. A source code interface provided by the computer application to support requests for services. Process that walks the share/export and performs policy-based file archiving. File Management callback service to support FileMover recall from Atmos.
archiving Atmos Callback Service
C
Celerra Callback Service Celerra FileMover File Management callback service to support FileMover recall from EMC Centera. HSM implementation used to support offline files on the Celerra.
D
DHSM Distributed Hierarchical Storage Management is the former name for Celerra FileMover.
E
EMC Centera API EMC Centera content address API used to write and read files from EMC Centera. Unique key to the saved file on EMC Centera.
F
File version FileMover API Fpolicy Callback Daemon (FCD) Fpolicy server Multiple copies on secondary storage of the same file or path. API over HTTP exposed by Celerra Data Mover to create stub files. File Management callback daemon used to support NetApp Fpolicy recall from all secondary storage. NetApp Fpolicy server. Provides notification when client accesses stub files.
97
Glossary
FQDN
Fully Qualified Domain Name. Used with the Celerra Callback DNS entry.
H
HSM Hardware security module.
L
LDAP Lightweight Directory Access Protocol
M
MB Megabyte, 106 bytes.
N
NAS Network attached storage.
O
orphan file Files on the secondary storage with no reference to the primary storage.
P
primary storage NAS device that exports CIFS or NFS volumes.
R
RADIUS retention period Remote Authentication Dial In User Service Number of days from time of archiving that a file can not be deleted.
S
secondary storage SNMP STIG stub file/offline files Data storage that is a backup to primary storage. Simple Network Management Protocol Security Technical Implementation Guide Files that appear as normal files on the primary storage but point to data content stored on the secondary storage.
T
TACACS+ Terminal Access Controller Access-Control System Plus
V
VMotion VMware VMotion technology is virtual machine mobility unique to VMware.
98
Index
A
access node IP 59 access node string 59 acdsetup.sh 44 admin user 72 age passwords 74 alert settings email 85 SNMP 86 alerts 84 anonymous 59 anonymous bind 79 appliance diagrams 30 rails 24 Atmos configure in File Management GUI 60 creating connection from Celerra 50 DNS name 60 recall from 44 shared secret 60 Atmos callback agent 43 atmoscallback FM upgrade 69 authentication 59
B
backup dump create 61 File Management 61 restore 62 bind policy 77 bind type 77
C
callback daemon 66 ccdsetup.sh 44 CD clean install 66 CD full upgrade 68 Celerra Atmos settings 43 callback agent settings 43
Control Station 43 DART version 43 file management configuration 42 FileMover API user 47 FQDN 38, 43 prearchiving tasks 47 source 43 VDM 43 Celerra callback agent before upgrade 68 Celerra properties 43 Celerra Callback Service 44 celerracallback FM upgrade 69 stop 66 Certificate Authority 78 certificate authority 81 certificate management 80 chassis File Management 25, 26 FMHA 28 CIFS specific settings Celerra 43 NetApp 54 Windows 56 cifs.client.dup-detection 52 clean install ISO image 66 cleartext 79 CLI login 41 client certificate 81 client configuration 77 command history 87 command line interface 41 community string 87 control station 43
D
DART version 43 database maintenance 66 DBMaintenance.log 66
99
Index
DHSM 48 automatically create connections 48 manually create connections 50 directory exclusion 44, 55 disaster recovery 61 disks File Management 26 FMHA 29 DNS entry 57 Callback Daemon 46 DNS server 40 domain 40 DUMPFILE 62 duplicate session disable 52
E
EMC Centera access node IP 59 access node string 59 authentication 59 configure in File Management GUI 58 creating connection from Celerra 50 recall from 44 enable SNMP alerts 86
FMHA appliance details 28 configuring on Celerra 38 configuring on NetApp 38 overview 16 fmha_clean 66 fmha_upgrade 68 fmrestore 41, 62, 63 fmsupportdump 41 fpolicy callback agent 55 FPolicy Callback Service 53 fpolicy.enable 53 fpolicycallback FM upgrade 69 stop 66 fpsetup.sh 53 FQDN 38, 43 fs_dhsm 50 Fully Qualified Domain Name. See FQDN
G
global LDAP 77 graphical user interface 40 GUI login 40
F
File Management adding Celerra 42 adding NetApp 54 backup 61, 62 Celerra to EMC Centera archiving 44 configure Atmos server 60 configure EMC Centera 58 configure NetApp 42, 54 configure Windows server 56 disable duplicate session 52 high availability appliance details 28 high availability overview 16 NetApp archiving 53 overview 16 restore 61 File Management setup tool 39 filemanagement 69 FileMover API 47 setting before upgrading 68 setting in FMA 42 setting on Celerra 49 fm_clean 66 fm_upgrade 68 FM-4 34 FM-5 33 FMA setup networking 40 fmbackup 41 before upgrade 69 creating backup 62
H
harden appliance 72, 75, 80 hostname 40 hostname resolution 45
I
installation 66 ISO image 66
K
Kerberos 79
L
last 88 LDAP 80 advanced settings 79 authentication 77 basic settings 78 bind policy 78 global settings 77 server type 77, 78 time limits 77 Linux PAM users 73 local admin 55 local authentication database 80 log alert pattern 85 logs alerts 84 rotating 82
100
Index
M
md5sum 66 memory File Management 26, 27 FMHA 29
N
NAS repository 57 NAS repository list 58 nasadmin 47 NetApp configure in File Management GUI 42, 54 directory exclusion 44, 55 file management configuration 52 FPolicy callback agent 55 local admin 55 prerequisites as archiving source 52 source 54 vFiler 53 vFiler host IP 54 network interfaces File Management 26, 27 FMHA 29 notification host 86
restore dumpfile 62 file management 62 reverse lookup zones 46 rfalertd 87 rffm 41 rfhsetup 72, 75, 78, 80, 81, 82, 83, 85, 87 rflastcomm 88 rfpolicy 53 rfsnmp 87 rfupgrade 69 root logins 73 rotating logs 82 rsadmin 89 rssystat 41
S
SASL 79 scp configure 82 security hardening features 72 logs 82 sendmail 85 serial port File Management 26, 27 FMHA 29 server type 77 shared secret 60 simple bind 79 single security database 72 SNMP community string 87 notification host 86 SNMP alerts 86 SNMP polling 87 STIG hardening 75 strengthen passwords 74 system command accounting 87
O
online help 22 Open LDAP 77 ops user 73
P
PAM. See pluggable authentication module passwords strengthen 74 PEA file 59 pluggable authentication module definition 72 Pool Entry Authentication file 59 port detail FM-4 34 FM-5 33 pretest script 68, 69 Process Acounting package 87 psacct 87
T
TACACS+ 80 tgz file 62 time limits 77 TLS 79 track command history 88 track user login history 88
R
RADIUS 80 RAID Controller FMHA 29 RAID controller 26, 27 rails 24 rainacd.domain 45 rainccd.domain 45 rainfinity group ops user definition 73 recall settings 42 recall_policy 68 repository 57
U
uc_config 47 Unicode 47 UPG upgrade 69 upgrade CD full 68 pretest script 68, 69 UPG 69 upgrading FileMover API 68
101
Index
user profile 59 UTF-8 47
V
vFiler 53 host IP 54 virtual data mover 43
W
web service specific settings 60 wheel group 72 Windows 56 Windows domain user 89
X
xlt.cfg 47
102

300 005 093 - A09

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

300 005 093 - A09

Uploaded by

Copyright:

Available Formats

EMC Rainfinity File Management Appliance

Getting Started Guide

EMC Corporation Corporate Headquarters: Hopkinton, MA 01748-9103

Preface Chapter 1 Introduction

Appliance Hardware and Port Configurations

Deploying the File Management Appliance

File Management System Settings

Network Topology Scenarios

Conventions used in this document

EMC uses the following conventions for special notices.

Courier bold Courier italic

Where to get help

This chapter includes the following sections:

Overview of File Management

File Management Appliances

File Management Appliances

File Management with Celerra implementation

SMB over NetBIOS (TCP 139)

SMB over TCP (TCP 445)

HTTP (TCP 80)

FTP (TCP 21)

File Mangement with NetApp implementation

SMB over NetBIOS (TCP 139)

SMB over TCP (TCP 445)

HTTP (TCP 80)

FTP (TCP 21)

WAFL FPolicy API FPolicy API

CIFS/SMB over NetBIOS

NetApp FPolicy implementation

File Management tasks

Archived report example

Archive tasks may be one of three types:

Delete tasks may be one of two types:

Auxiliary tasks are:

Using File Management

This appendix contains the following sections:

Appliance Hardware and Port Configurations

Appliance Hardware and Port Configurations

Contents of the appliance

Appliance Hardware and Port Configurations

File Management Appliance details

File Management Appliance details

Appliance Hardware and Port Configurations

Remote Management CD-ROM

Memory Network Interfaces

Appliance Hardware and Port Configurations

Remote Management CD-ROM Memory Network Interfaces

VGA Keyboard Connector Mouse Connector Serial port

File Management Appliance details

Appliance Hardware and Port Configurations

File Management High Availability appliance details

Appliance Hardware and Port Configurations

Memory Network Interfaces

File Management High Availability appliance details

Appliance Hardware and Port Configurations

Rear view of Dell R710

Front view of Dell R710 with bezel removed

Rear view of Dell 2950

Appliance Hardware and Port Configurations

Front view of Dell 2950 with bezel removed

Rear view of HP ProLiant

Front view of HP ProLiant