Administrator Guide
Table Of Contents
- Dell EqualLogic Group Manager Administrator’s Guide PS Series Firmware Version 9.1 FS Series Firmware Version 4.0
- About This Manual
- About Group Manager
- Architecture Fundamentals
- Set Up the iSCSI SAN
- Post-Setup Tasks
- Data Security
- About Group-Level Security
- Enable or Disable GUI and CLI Access
- Switch Administration Authentication Type
- About Administration Accounts
- Types of Administration Accounts
- Differences Between Authentication Methods
- Administration Account Attributes
- About Security Access Protocols
- SSH Key Pair Authentication
- Minimum Requirements for Administrative Access
- Create a Local Administration Account
- Modify Local Administration Accounts
- Delete Local Administration Accounts
- About RADIUS Accounts
- About LDAP Authorization and Active Directory
- About Single Sign-On
- About SNMP Access to the Group
- About VDS and VSS Authentication
- About IPsec
- About Dedicated Management Networks
- About Volume-Level Security
- Connect Initiators to iSCSI Targets
- Access Control Methods
- About Access Policies
- Access Policies: Use Cases
- Create a New Access Policy
- Create a New Basic Access Point
- Modify or Delete a Basic Access Point
- Modify Access Policies and Basic Access Points by Volume
- Associate Access Control Policies with Volumes
- Create an Access Policy Group
- Associate an Access Policy Group to a Volume
- Manage Access Controls for VDS/VSS Access
- Authenticate Initiators with CHAP
- Display Local CHAP Accounts
- Create a Local CHAP Account
- Modify a Local CHAP Account
- Delete a Local CHAP Account
- Configure CHAP for Initiator Authentication on Existing Volumes
- Configure CHAP for Initiator Authentication on New Volumes
- Configure CHAP Accounts on a RADIUS Authentication Server
- Configure Target Authentication
- About iSNS Servers
- Prevent Discovery of Unauthorized Targets
- About Multihost Access to Targets
- About Snapshot Access Controls
- About NAS Container Security
- PS Series Group Operations
- About Group Network Configuration
- Modify the Group IP Address or Group Name
- Add a Member to an Existing Group
- Set the RAID Policy and Pool for a New Member
- Enable and Disable a Volume RAID Preference
- About Overriding Automatic Load Balancing
- Shut Down a Group
- Create an Empty Storage Pool
- Create a Storage Pool from an Existing Member
- Change a Storage Pool Name or Description
- Merge Storage Pools
- Delete a Storage Pool
- About Groupwide Volume Defaults
- About Space Borrowing
- About Compression of Snapshots and Replicas
- Compression Prerequisites
- About Rehydration
- About Compression Statistics
- Compression Statistics by Pool
- Compression Statistics by Member
- Compression Statistics by Volume
- Member Compression States
- Enable Compression
- Suspend Compression
- Resume Compression
- View Compression Statistics by Pool
- View Compression Statistics by Member
- View Compression Statistics by Volume
- Compression Commands in the CLI
- About Volumes
- Create a Volume
- Modify a Volume Name or Description
- Modify a Volume Permission
- Modify a Volume Alias
- Modify the Administrator for a Volume
- About Smart Tags
- Set a Volume Offline or Online
- Delete a Volume
- About Volume Collections
- About Volume Folders
- About Restoring Deleted Volumes
- About Changing the Reported Volume Size
- About Reclaiming Unallocated Space
- Set a Volume or Snapshot with Lost Blocks Online
- Volume and Snapshot Status
- Volume and Snapshot Requested Status
- About Managing Storage Capacity Utilization On Demand (Thin Provisioning)
- About Improving Pool Space Utilization (Template Volumes and Thin Clones)
- About Data Center Bridging
- VMware Group Access Panel
- NAS Operations
- NAS Cluster Operations
- NAS Cluster Configuration
- NAS Cluster Post-Setup Tasks
- Modify a NAS Cluster Name
- Modify NAS Clusterwide Default NAS Container Settings
- Select an NFS Protocol Version
- Modify the Size of the NAS Reserve
- Add a Local Group for a NAS Cluster
- Delete a Local Group from a NAS Cluster
- Add a Local User on a NAS Cluster
- Modify a Local User on a NAS Cluster
- Delete a Local User from a NAS Cluster
- Map Users for a NAS Cluster
- Set the User Mapping Policy for a NAS Cluster
- Delete a User Mapping for a NAS Cluster
- Configure an Active Directory for a NAS Cluster
- Configure Preferred Domain Controllers
- Leave Active Directory
- Configure or Modify NIS or LDAP for a NAS Cluster
- Delete NIS or LDAP Configuration for a NAS Cluster
- Modify the Client Network Configuration
- Configure DNS for a NAS Cluster
- About the Internal Network Required for NAS Configuration
- About NAS Cluster Maintenance Mode
- Shut Down and Restart a NAS Cluster Manually
- About Deleting a NAS Cluster
- NAS Controller Operations
- NAS Container Operations
- Create a NAS Container
- Modify NAS Clusterwide Default NAS Container Settings
- Modify NAS Clusterwide Default NAS Container Permissions
- Modify NAS Clusterwide Default NFS Export Settings
- Modify NAS Clusterwide Default SMB Share Settings
- Modify a NAS Container Name
- Modify the Size of a NAS Container
- Modify the Snapshot Reserve and Warning Limit for a NAS Container
- Modify the In-Use Space Warning Limit for a NAS Container
- Modify a NAS Container for Few Writers Workloads
- Delete a NAS Container
- NFS Netgroups
- Access NFS Exports
- Create an NFS Export
- Modify the Client Access Setting for an NFS Export
- Modify the Permission for an NFS Export
- Modify the Trusted Users for an NFS Export
- Modify NAS Clusterwide Default NFS Export Settings
- Modify an NFS Export Directory
- Modify an NFS Export
- About NFS Export Security Methods
- Delete an NFS Export
- About SMB Shares
- Access SMB Shares in Windows
- Mount a NAS SMB Share from UNIX
- Create an SMB Share
- Set the SMB Password
- Modify an SMB Share Directory
- Delete an SMB Share
- Rebalance SMB Client Connections Across NAS Controllers
- Enable or Disable SMB Message Signing
- Enable or Disable SMB Message Encryption
- Modify SMB Share NAS Antivirus Settings
- Access-Based Enumeration
- About SMB Home Shares
- Create a NAS Thin Clone
- Client Networks
- About NAS Antivirus Servers
- How NAS Antivirus Protects Data
- NAS Antivirus Server Specifications
- Add a NAS Antivirus Server
- Modify a NAS Antivirus Server
- Delete a NAS Antivirus Server
- About NAS Antivirus Clusterwide Defaults
- Enable the NAS Antivirus Service on an SMB Share
- Monitor the NAS Antivirus Service
- NAS Directory Paths and File Types Scan
- Antivirus Policy
- Access Infected Files
- Create a NAS Container Quota
- Modify a NAS Container Quota
- Delete a NAS Container Quota
- About Quota Directories
- Quotas and NAS Containers
- About NAS Thin Provisioning
- NAS Container Storage Space Terminology
- About NAS Containers
- About Data Rehydration
- NAS Container Data Reduction
- Enable Data Reduction
- Modify NAS Container Data Reduction Settings
- Modify NAS Cluster Default Data Reduction Settings
- Data Reduction Policy
- Create Default Data Reduction Properties
- About NAS Data Reduction Schedules
- FS Series VAAI Plugin
- Diagnose and Resolve NAS Cluster and PS Series Issues
- About Backing Up and Protecting Your Data
- About Volume Data Protection
- Protect NAS Container Data with NDMP
- About Snapshots
- How Snapshots Work
- About Snapshot Reserve
- Create a Snapshot
- Set a Snapshot Online or Offline
- Clone a Snapshot to Create a New Volume
- Modify a Snapshot Name or Description
- Delete Snapshots
- Restore a Volume from a Snapshot
- About Snapshots and NAS Container Data
- About Snapshot Collections
- About Snapshot Space Borrowing
- About Replication
- About Schedules
- About Data Recovery
- About Recovering Data from a Snapshot
- Failback to Primary Operation (Manual)
- Move a Failback Replica Set to a Different Pool
- Replicate to Partner Operation (Manual)
- Switch Partner Roles Permanently
- Make a Temporary Volume Available on the Secondary Group
- Replicate a Recovery Volume to the Primary Group
- Promote an Inbound Replica Set to a Recovery Volume
- How to Handle a Failed Operation
- Fail Back to the Primary Group
- Volume Failover and Failback
- Recover Data from a Replica
- About NAS Disaster Recovery
- About Cloning Volumes
- About Synchronous Replication
- How Synchronous Replication Works
- Compare SyncRep and Traditional Replication
- How Synchronous Replication Protects Volume Availability in Different Scenarios
- Requirements for Using Synchronous Replication
- Synchronous Replication States
- About System Snapshots and SyncRep
- About Synchronous Replication and Snapshots
- About Synchronous Replication Switches and Failovers
- About Synchronous Replication Volume Collections
- About Using Thin Clones and Templates with Synchronous Replication
- Configure Synchronous Replication (SyncRep) on a Volume
- Disable Synchronous Replication (SyncRep) for a Volume
- Monitor Synchronous Replication (SyncRep) Volumes
- Pause Synchronous Replication (SyncRep)
- Resume Synchronous Replication (SyncRep)
- Enable Synchronous Replication (SyncRep) for a Volume Collection
- Disable Synchronous Replication (SyncRep) for a Volume Collection
- Change the Pool Assignment of a Synchronous Replication (SyncRep) Volume
- View the Distribution of a Volume Across Pools
- About Switching and Failing Over SyncRep Pools
- Disconnect the SyncActive Volume
- About Self-Encrypting Drives (SEDs) and AutoSED
- Scenarios Covered by AutoSED
- Scenarios Not Covered by AutoSED
- About Self-Encrypting Drives (SED)
- How Self-Encryption Protects Data
- About SED Members in a Group
- Back Up a Self-Encrypting Drive (SED) Key
- Self-Encrypting Drives (SED) Frequently Asked Questions (FAQ)
- Why are my backups always different?
- Why is a secure-erase command not available?
- What is the difference between a locked drive and a securely erased drive?
- I accidentally reset an SED array. What can I do?
- What if the entire array is stolen?
- What if the grpadmin password is stolen?
- Is it safe to discard or return a locked SED?
- Can I add SEDs to a non-SED array, or vice versa?
- Does a SED system also use RAID?
- Does SED encrypt my volumes?
- If I create a new set of backup units, does the new set invalidate the previous set of backup units?
- Self-Encrypting Drives (SED) Examples
- Self-Encrypting Drives (SED) Advanced Encryption
- About Monitoring
- Tools That Monitor and Manage Storage Performance
- Monitor Group Members
- About Storage Performance
- Monitor Administrative Sessions
- Monitor Snapshot Schedules
- Monitor Volumes and Snapshots
- About Monitoring Replication
- About Monitoring Replication Operations
- Monitor Alarms and Operations
- About Diagnostics
- Troubleshooting Performance Issues
- Third-Party Copyrights
9. Select whether to use the default port for the selected protocol, or specify a dierent port.
10. Type the Base DN for the Active Directory server, or select Get Default to use the default value. The Base DN can be up to
254 ASCII characters.
11. Select whether to use anonymous connections to the server or type a Bind DN.
12. If a Bind DN is specied, type the Bind password. Passwords can be up to 63 ASCII characters.
13. To test the new Active Directory settings, click the Test AD settings button. Group Manager tests the Active Directory settings
for all servers. If authentication fails, a dialog box opens, listing the Active Directory servers with which connections could not
be established. If no connections can be established, you can accept the conguration as is or click Cancel and check the
Active Directory settings again.
14. Click OK.
Modify Active Directory Accounts and Groups
When you modify Active Directory accounts and groups, the following restrictions apply:
• You cannot change the account name. Instead, you must delete the account and then add it back with the updated name in
Active Directory.
• You cannot modify cached accounts. You can only view their conguration details.
• You cannot change the account type. Instead, you must delete the account and recreate it with the desired account type.
When you modify Active Directory groups, the following considerations apply:
• An Active Directory security/distribution group is added to the PS Series group with the attribute that all members of the AD
group now have access. If changes are made to any members of the group, the changes are automatically integrated the next
time the members log in to the group.
– When a new user is added to the Active Directory group, the user automatically has access to the group.
– When an Active Directory user is removed from the AD group, the user no longer has access to the group.
– When the user name of a current member of the AD group is modied in Active Directory, no changes need to be made for
that user on the PS Series group.
• When you change the name of the Active Directory group, the group must be deleted from the PS Series group and then re-
added with the new name.
To change an Active Directory account or group:
1. Click Group → Group Conguration.
2. Click the Administration tab.
3. In the Accounts and Groups panel, select either:
• All accounts and groups to view both local and remote accounts.
• Active Directory users to view only Active Directory user accounts.
• Active Directory groups to view only Active Directory group accounts.
4. Select the account and click Modify. The Modify Administration Account dialog box opens.
In the dialog box, use the Account type section to change attributes of the account type:
• If the account type is Pool administrator or Volume administrator, you can use the Pool access section to specify the pools
to which the account has access and the storage quota for the account.
• If the account type is Pool administrator, you can use the Additional access section to give the account read-only access to
the entire group.
You can also grant read-only accounts permission to save diagnostics and save cong from this dialog box.
5. To change replication partners for a volume administrator, click the Replication Partners tab and change the selections.
NOTE: Only users with group administrator privileges can modify the NAS container replication conguration.
6. Click OK.
Test the Active Directory Server
After you have added the Active Directory server, test your connection by clicking Test AD settings. The rmware tests all of the
Active Directory servers in the list and reports the results of each connection attempt.
About Group-Level Security
65