Administrator Guide
Table Of Contents
- Dell EqualLogic Group Manager Administrator’s Guide PS Series Firmware Version 9.1 FS Series Firmware Version 4.0
- About This Manual
- About Group Manager
- Architecture Fundamentals
- Set Up the iSCSI SAN
- Post-Setup Tasks
- Data Security
- About Group-Level Security
- Enable or Disable GUI and CLI Access
- Switch Administration Authentication Type
- About Administration Accounts
- Types of Administration Accounts
- Differences Between Authentication Methods
- Administration Account Attributes
- About Security Access Protocols
- SSH Key Pair Authentication
- Minimum Requirements for Administrative Access
- Create a Local Administration Account
- Modify Local Administration Accounts
- Delete Local Administration Accounts
- About RADIUS Accounts
- About LDAP Authorization and Active Directory
- About Single Sign-On
- About SNMP Access to the Group
- About VDS and VSS Authentication
- About IPsec
- About Dedicated Management Networks
- About Volume-Level Security
- Connect Initiators to iSCSI Targets
- Access Control Methods
- About Access Policies
- Access Policies: Use Cases
- Create a New Access Policy
- Create a New Basic Access Point
- Modify or Delete a Basic Access Point
- Modify Access Policies and Basic Access Points by Volume
- Associate Access Control Policies with Volumes
- Create an Access Policy Group
- Associate an Access Policy Group to a Volume
- Manage Access Controls for VDS/VSS Access
- Authenticate Initiators with CHAP
- Display Local CHAP Accounts
- Create a Local CHAP Account
- Modify a Local CHAP Account
- Delete a Local CHAP Account
- Configure CHAP for Initiator Authentication on Existing Volumes
- Configure CHAP for Initiator Authentication on New Volumes
- Configure CHAP Accounts on a RADIUS Authentication Server
- Configure Target Authentication
- About iSNS Servers
- Prevent Discovery of Unauthorized Targets
- About Multihost Access to Targets
- About Snapshot Access Controls
- About NAS Container Security
- PS Series Group Operations
- About Group Network Configuration
- Modify the Group IP Address or Group Name
- Add a Member to an Existing Group
- Set the RAID Policy and Pool for a New Member
- Enable and Disable a Volume RAID Preference
- About Overriding Automatic Load Balancing
- Shut Down a Group
- Create an Empty Storage Pool
- Create a Storage Pool from an Existing Member
- Change a Storage Pool Name or Description
- Merge Storage Pools
- Delete a Storage Pool
- About Groupwide Volume Defaults
- About Space Borrowing
- About Compression of Snapshots and Replicas
- Compression Prerequisites
- About Rehydration
- About Compression Statistics
- Compression Statistics by Pool
- Compression Statistics by Member
- Compression Statistics by Volume
- Member Compression States
- Enable Compression
- Suspend Compression
- Resume Compression
- View Compression Statistics by Pool
- View Compression Statistics by Member
- View Compression Statistics by Volume
- Compression Commands in the CLI
- About Volumes
- Create a Volume
- Modify a Volume Name or Description
- Modify a Volume Permission
- Modify a Volume Alias
- Modify the Administrator for a Volume
- About Smart Tags
- Set a Volume Offline or Online
- Delete a Volume
- About Volume Collections
- About Volume Folders
- About Restoring Deleted Volumes
- About Changing the Reported Volume Size
- About Reclaiming Unallocated Space
- Set a Volume or Snapshot with Lost Blocks Online
- Volume and Snapshot Status
- Volume and Snapshot Requested Status
- About Managing Storage Capacity Utilization On Demand (Thin Provisioning)
- About Improving Pool Space Utilization (Template Volumes and Thin Clones)
- About Data Center Bridging
- VMware Group Access Panel
- NAS Operations
- NAS Cluster Operations
- NAS Cluster Configuration
- NAS Cluster Post-Setup Tasks
- Modify a NAS Cluster Name
- Modify NAS Clusterwide Default NAS Container Settings
- Select an NFS Protocol Version
- Modify the Size of the NAS Reserve
- Add a Local Group for a NAS Cluster
- Delete a Local Group from a NAS Cluster
- Add a Local User on a NAS Cluster
- Modify a Local User on a NAS Cluster
- Delete a Local User from a NAS Cluster
- Map Users for a NAS Cluster
- Set the User Mapping Policy for a NAS Cluster
- Delete a User Mapping for a NAS Cluster
- Configure an Active Directory for a NAS Cluster
- Configure Preferred Domain Controllers
- Leave Active Directory
- Configure or Modify NIS or LDAP for a NAS Cluster
- Delete NIS or LDAP Configuration for a NAS Cluster
- Modify the Client Network Configuration
- Configure DNS for a NAS Cluster
- About the Internal Network Required for NAS Configuration
- About NAS Cluster Maintenance Mode
- Shut Down and Restart a NAS Cluster Manually
- About Deleting a NAS Cluster
- NAS Controller Operations
- NAS Container Operations
- Create a NAS Container
- Modify NAS Clusterwide Default NAS Container Settings
- Modify NAS Clusterwide Default NAS Container Permissions
- Modify NAS Clusterwide Default NFS Export Settings
- Modify NAS Clusterwide Default SMB Share Settings
- Modify a NAS Container Name
- Modify the Size of a NAS Container
- Modify the Snapshot Reserve and Warning Limit for a NAS Container
- Modify the In-Use Space Warning Limit for a NAS Container
- Modify a NAS Container for Few Writers Workloads
- Delete a NAS Container
- NFS Netgroups
- Access NFS Exports
- Create an NFS Export
- Modify the Client Access Setting for an NFS Export
- Modify the Permission for an NFS Export
- Modify the Trusted Users for an NFS Export
- Modify NAS Clusterwide Default NFS Export Settings
- Modify an NFS Export Directory
- Modify an NFS Export
- About NFS Export Security Methods
- Delete an NFS Export
- About SMB Shares
- Access SMB Shares in Windows
- Mount a NAS SMB Share from UNIX
- Create an SMB Share
- Set the SMB Password
- Modify an SMB Share Directory
- Delete an SMB Share
- Rebalance SMB Client Connections Across NAS Controllers
- Enable or Disable SMB Message Signing
- Enable or Disable SMB Message Encryption
- Modify SMB Share NAS Antivirus Settings
- Access-Based Enumeration
- About SMB Home Shares
- Create a NAS Thin Clone
- Client Networks
- About NAS Antivirus Servers
- How NAS Antivirus Protects Data
- NAS Antivirus Server Specifications
- Add a NAS Antivirus Server
- Modify a NAS Antivirus Server
- Delete a NAS Antivirus Server
- About NAS Antivirus Clusterwide Defaults
- Enable the NAS Antivirus Service on an SMB Share
- Monitor the NAS Antivirus Service
- NAS Directory Paths and File Types Scan
- Antivirus Policy
- Access Infected Files
- Create a NAS Container Quota
- Modify a NAS Container Quota
- Delete a NAS Container Quota
- About Quota Directories
- Quotas and NAS Containers
- About NAS Thin Provisioning
- NAS Container Storage Space Terminology
- About NAS Containers
- About Data Rehydration
- NAS Container Data Reduction
- Enable Data Reduction
- Modify NAS Container Data Reduction Settings
- Modify NAS Cluster Default Data Reduction Settings
- Data Reduction Policy
- Create Default Data Reduction Properties
- About NAS Data Reduction Schedules
- FS Series VAAI Plugin
- Diagnose and Resolve NAS Cluster and PS Series Issues
- About Backing Up and Protecting Your Data
- About Volume Data Protection
- Protect NAS Container Data with NDMP
- About Snapshots
- How Snapshots Work
- About Snapshot Reserve
- Create a Snapshot
- Set a Snapshot Online or Offline
- Clone a Snapshot to Create a New Volume
- Modify a Snapshot Name or Description
- Delete Snapshots
- Restore a Volume from a Snapshot
- About Snapshots and NAS Container Data
- About Snapshot Collections
- About Snapshot Space Borrowing
- About Replication
- About Schedules
- About Data Recovery
- About Recovering Data from a Snapshot
- Failback to Primary Operation (Manual)
- Move a Failback Replica Set to a Different Pool
- Replicate to Partner Operation (Manual)
- Switch Partner Roles Permanently
- Make a Temporary Volume Available on the Secondary Group
- Replicate a Recovery Volume to the Primary Group
- Promote an Inbound Replica Set to a Recovery Volume
- How to Handle a Failed Operation
- Fail Back to the Primary Group
- Volume Failover and Failback
- Recover Data from a Replica
- About NAS Disaster Recovery
- About Cloning Volumes
- About Synchronous Replication
- How Synchronous Replication Works
- Compare SyncRep and Traditional Replication
- How Synchronous Replication Protects Volume Availability in Different Scenarios
- Requirements for Using Synchronous Replication
- Synchronous Replication States
- About System Snapshots and SyncRep
- About Synchronous Replication and Snapshots
- About Synchronous Replication Switches and Failovers
- About Synchronous Replication Volume Collections
- About Using Thin Clones and Templates with Synchronous Replication
- Configure Synchronous Replication (SyncRep) on a Volume
- Disable Synchronous Replication (SyncRep) for a Volume
- Monitor Synchronous Replication (SyncRep) Volumes
- Pause Synchronous Replication (SyncRep)
- Resume Synchronous Replication (SyncRep)
- Enable Synchronous Replication (SyncRep) for a Volume Collection
- Disable Synchronous Replication (SyncRep) for a Volume Collection
- Change the Pool Assignment of a Synchronous Replication (SyncRep) Volume
- View the Distribution of a Volume Across Pools
- About Switching and Failing Over SyncRep Pools
- Disconnect the SyncActive Volume
- About Self-Encrypting Drives (SEDs) and AutoSED
- Scenarios Covered by AutoSED
- Scenarios Not Covered by AutoSED
- About Self-Encrypting Drives (SED)
- How Self-Encryption Protects Data
- About SED Members in a Group
- Back Up a Self-Encrypting Drive (SED) Key
- Self-Encrypting Drives (SED) Frequently Asked Questions (FAQ)
- Why are my backups always different?
- Why is a secure-erase command not available?
- What is the difference between a locked drive and a securely erased drive?
- I accidentally reset an SED array. What can I do?
- What if the entire array is stolen?
- What if the grpadmin password is stolen?
- Is it safe to discard or return a locked SED?
- Can I add SEDs to a non-SED array, or vice versa?
- Does a SED system also use RAID?
- Does SED encrypt my volumes?
- If I create a new set of backup units, does the new set invalidate the previous set of backup units?
- Self-Encrypting Drives (SED) Examples
- Self-Encrypting Drives (SED) Advanced Encryption
- About Monitoring
- Tools That Monitor and Manage Storage Performance
- Monitor Group Members
- About Storage Performance
- Monitor Administrative Sessions
- Monitor Snapshot Schedules
- Monitor Volumes and Snapshots
- About Monitoring Replication
- About Monitoring Replication Operations
- Monitor Alarms and Operations
- About Diagnostics
- Troubleshooting Performance Issues
- Third-Party Copyrights
Issuer: C=US, ST=New Hampshire, L=Nashua, O=Dell Equallogic, OU=Networking and
iSCSI, CN=Joe Secure/emailAddress=Joe_Secure@dell.com
Validity
Not Before: Oct 14 19:01:25 2014 GMT
Not After : Oct 14 19:01:25 2015 GMT
Subject: C=US, ST=New Hampshire, L=Nashua, O=Dell Equallogic, OU=Networking and
iSCSI, CN=Joe Secure/emailAddress=Joe_Secure@dell.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c1:01:43:7f:63:96:ef:e2:c0:3c:9f:2c:0c:4e:
a6:73:e4:12:d3:cf:b1:2f:72:92:7b:67:1a:94:17:
08:09:83:ff:27:f6:fb:8b:95:4e:11:b1:3c:34:4b:
11:00:29:2b:95:50:e4:96:5a:ea:0a:73:8d:5d:09:
47:ac:88:b3:b3:6e:96:3a:29:ef:ff:6d:46:b6:3c:
5f:b6:68:05:af:f9:03:f5:52:30:fc:ce:94:30:3b:
08:98:1d:1c:9c:29:67:47:8d:2e:5c:c9:6f:1d:0a:
b7:92:1d:8a:9e:28:96:59:83:fa:5b:c6:0c:e1:75:
7d:09:d2:50:fa:c1:de:43:e8:62:df:fc:28:4f:6e:
21:ae:f8:2e:13:f6:e4:f0:6d:d6:49:0a:21:69:6c:
78:d3:25:dc:cf:d3:4f:bb:7e:c6:f1:74:17:b9:f7:
fd:66:e2:72:e5:02:0d:46:e2:9a:a2:06:70:a1:15:
af:dd:09:80:8b:e8:1b:c5:5f:0d:b6:17:47:cd:18:
8e:c5:69:a9:22:fd:2c:92:73:1f:e3:72:a2:8d:93:
fa:df:d8:a3:8f:fc:e0:69:35:62:80:cc:4b:07:34:
88:ac:c9:a9:0e:c0:34:a2:89:bb:11:27:b8:5e:64:
7a:2a:04:a5:59:76:a1:50:d3:c7:13:e8:de:63:e1:
75:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7C:29:98:0E:A8:78:57:38:0C:88:4C:BA:6E:99:8B:55:64:B4:12:1D
X509v3 Authority Key Identifier:
keyid:7C:29:98:0E:A8:78:57:38:0C:88:4C:BA:6E:99:8B:55:64:B4:12:1D
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
2e:c1:56:89:b5:be:ad:d3:72:20:ba:76:6d:e3:35:3b:0e:3c:
f7:5e:43:e8:b2:bc:e7:62:96:91:cd:64:ab:a5:39:74:8d:ab:
a0:30:4d:78:af:19:73:19:fb:b6:18:0c:e9:70:fd:c4:30:26:
c2:00:db:75:97:f6:19:0e:07:9e:01:96:e6:a9:a4:7f:0f:8f:
2e:c3:96:b7:bb:b4:41:f7:48:d2:12:93:03:61:7a:91:53:49:
97:24:80:f2:52:d0:ac:55:d3:f3:97:de:2a:22:26:db:7c:ff:
1b:c9:b1:1f:4e:19:43:4b:99:9b:51:6e:f4:55:ed:89:9c:fe:
d1:96:66:f8:5b:56:53:3d:dc:f5:ca:16:28:d7:5d:33:12:18:
61:c8:9a:a2:16:0d:36:6c:a4:a2:ab:60:a8:ff:41:4f:63:de:
83:2f:a1:b2:5e:5b:e6:c2:b7:23:5e:1e:d5:22:99:e1:50:93:
3c:a8:29:db:cf:ff:f3:d2:65:ec:67:13:71:70:37:1e:e5:12:
c9:5c:e0:76:b4:36:b5:b0:e0:59:42:81:d6:12:50:17:24:d6:
34:06:82:22:08:0f:ea:fc:7b:83:e7:10:12:aa:00:10:f9:e3:
cb:db:71:ab:99:45:3a:d0:07:b7:9c:12:e8:91:fa:63:d8:34:
cd:70:24:47
3. Now generate a 2048-bit key for the two local certificates:
1.21 draoidoir:fwoods> openssl genrsa -out client.key 2048
Generating RSA private key, 2048 bit long modulus
...........................................+++.....+++
e is 65537 (0x10001)
4. Generate a "certificate request" for the array (kirt5):
1.31 draoidoir:fwoods> openssl req -key client.key -new -out kirt5.csr
84
About Group-Level Security