Home » HP Manuals » Storage Devices » HP StorageWorks 4000s » Manual Viewer

HP StorageWorks 4000s NAS 4000s and 9000s Administration Guide - Page 177

Squashed Mappings, User Name Mapping Best Practices

View all HP StorageWorks 4000s manuals

Add to My Manuals
Save this manual to your list of manuals

Page 177 highlights

Microsoft Services for NFS Squashed Mappings If the NFS server does not have a corresponding UID or GID or if the administrator has set other conditions to filter out the user, a process called squashing takes effect. Squashing is the conversion of an unmapped or filtered user to an anonymous user. This anonymous user has very restricted permissions on the system. Squashing helps administrators manage access to their exports by allowing them to restrict access to certain individuals or groups and to squash all others down to restricted (or no) access. Squashing enables the administrator to allow permissions instead of denying access to all the individuals who are not supposed to have access. Figure 100 is a diagram showing an example of how the mapping server works for an ls -al command. Figure 100: Mapping server ls -al command example A double translation, as illustrated in Figure 100, is sometimes necessary because some commands return user ID information. For example, if the NFS request issued was an ls -al command, the return listing of files contains user information (the user and group that own the file). The ls -al command is a UNIX command. It returns a long or full listing of all files. Because this information is contained in a Windows NT Access Control List (ACL), it is not UNIX ready. The ACL information has to be converted back to UNIX UIDs and GIDs for the UNIX systems to understand and display the user information. This second translation is not done for commands that do not return user information. For example, if the NFS request were just to read data from or write data to a file, the second translation would not be performed because there is no returning user information. User Name Mapping Best Practices Below is a brief list of suggested practices: ■ Back up user and group mappings To avoid loss of complex advanced mappings in the case of a system failure, back up the mappings whenever the mappings have been edited or new mappings have been added. ■ Map consistently Groups that are mapped to each other should contain the same users and the members of the groups should be properly mapped to each other to ensure proper file access. Example using User1 and Group1: - Make sure that the Windows User1 is mapped to the corresponding UNIX User1. NAS 4000s and 9000s Administration Guide 177

Section	Page
Administration Guide	1
Table of Contents	3
About this Guide	13
Overview	14
Intended Audience	14
Prerequisites	14
Conventions	15
Document Conventions	15
Text Symbols	15
Equipment Symbols	16
Rack Stability	17
Getting Help	17
HP Technical Support	17
HP Storage Website	17
HP Authorized Reseller	17
Chapter 1, System Overview	19
Product Definition and Information	19
Server Hardware and Software Features	19
Product Manageability	19
Product Redundancy	20
Deployment Scenarios	21
Configuration Options for the NAS Server	21
NAS Server as a Single Device	22
NAS Server as a Clustered Pair	23
Multi Node Support Beyond Two Nodes	23
Connecting NAS Servers to the Network	23
NAS Server Single Device Deployment	24
NAS Server Cluster Deployment	25
Environment Scenarios	26
Workgroup	26
Domain	26
User Interfaces	27
NAS Server Web-Based User Interface	27
Menu Tabs	27
Welcome Screen Contents	28
NAS Server Desktop	29
NAS Management Console	30
NIC Team Setup	30
Chapter 2, Basic Administrative Procedures and Setup Completion	31
Basic Administrative Procedures	31
Setting the System Date and Time	32
Shutting Down or Restarting the Server	33
Viewing and Maintaining Audit Logs	34
Using Remote Desktop	35
Improper Closure of Remote Desktop	35
Setting up E-mail Alerts	36
Changing System Network Settings	37
Setup Completion	38
Activating the iLO Port Using the License Key	38
Setting up Ethernet NIC Teams (Optional)	38
Installing the HP Network Teaming Utility	39
Opening the HP Network Teaming Utility	40
Adding and Configuring NICs in a Team	41
Configuring the NIC Team Properties	44
Checking the Status of the Team	47
NIC Teaming Troubleshooting	48
Using Secure Path	48
Clustering the NAS Server	49
Managing System Storage	49
Creating and Managing Users and Groups	49
Creating and Managing File Shares	49
Chapter 3, Storage Management Overview	51
Storage Management Process	51
Storage Elements Overview	53
Physical Hard Drives	53
Arrays	53
Logical Drives (LUNs)	55
Fault-Tolerance Methods	56
RAID 0-Data Striping	56
RAID 1+0-Drive Mirroring and Striping	57
RAID 5-Distributed Data Guarding	58
RAID ADG-Advanced Data Guarding and RAID 5DP-Double Parity	59
Online Spares	61
Physical Storage Best Practices	61
Logical Storage Elements Overview	61
Partitions	61
Volumes	62
Utilizing Storage Elements	62
Volume Shadow Copy Service Overview	63
File System Elements	63
File-Sharing Elements	63
Clustered Server Elements	64
Chapter 4, Disk Management	65
WebUI Disks Tab	65
Storage Configuration Overview	67
Array Configuration Utility (MSA1000 and internal OS drives only)	69
Using the ACU to Configure Storage	69
ACU Guidelines	72
Managing Disks	73
Creating a New Volume via the WebUI	74
Advanced Disk Management	75
Guidelines for Managing Disks	76
Volumes Page	77
Managing Volumes	79
Dynamic Growth	80
Scheduling Defragmentation	84
Managing Disks After Quick Restore	85
Disk Quotas	87
Enabling Quota Management	87
Setting User Quota Entries	88
DiskPart	90
Example of using DiskPart	91
Chapter 5, Shadow Copies	93
Overview	93
Shadow Copy Planning	94
Identifying the Volume	94
Allocating Disk Space	94
Identifying the Storage Area	96
Determining Creation Frequency	96
Shadow Copies and Drive Defragmentation	97
Mounted Drives	97
Managing Shadow Copies	98
The Shadow Copy Cache File	99
Enabling and Creating Shadow Copies	101
Viewing a List of Shadow Copies	101
Set Schedules	102
Scheduling Shadow Copies	102
Deleting a Shadow Copy Schedule	102
Viewing Shadow Copy Properties	102
Disabling Shadow Copies	104
Managing Shadow Copies from the NAS Desktop	105
Shadow Copies for Shared Folders	106
SMB Shadow Copies	106
NFS Shadow Copies	107
Recovery of Files or Folders	108
Recovering a Deleted File or Folder	109
Recovering an Overwritten or Corrupted File	110
Recovering a Folder	110
Backup and Shadow Copies	110
Chapter 6, User and Group Management	111
Domain Compared to Workgroup Environments	111
User and Group Name Planning	112
Managing User Names	112
Managing Group Names	112
Workgroup User and Group Management	113
Managing Local Users	113
Adding a New User	114
Deleting a User	115
Modifying a User Password	116
Modifying User Properties	116
Managing Local Groups	117
Adding a New Group	118
Deleting a Group	118
Modifying Group Properties	119
Chapter 7, Folder, Printer, and Share Management	121
Folder Management	121
Navigating to a Specific Volume or Folder	122
Creating a New Folder	123
Deleting a Folder	124
Modifying Folder Properties	124
Creating a New Share for a Volume or Folder	125
Managing Shares for a Volume or Folder	126
Managing File Level Permissions	127
Share Management	134
Share Considerations	134
Defining Access Control Lists	134
Integrating Local File System Security into Windows Domain Environments	135
Comparing Administrative (Hidden) and Standard Shares	135
Planning for Compatibility between File Sharing Protocols	135
NFS Compatibility Issues	136
Managing Shares	136
Creating a New Share	136
Deleting a Share	137
Modifying Share Properties	138
Protocol Parameter Settings	141
DFS Protocol Settings	142
Deploying DFS	142
DFS Administration Tool	143
Accessing the DFS Namespace from other Computers	143
Setting DFS Sharing Defaults	144
Creating a Local DFS Root	144
Deleting a Local DFS Root	145
Publishing a New Share in DFS	146
Publishing an Existing Share in DFS	147
Removing a Published Share from DFS	147
Storage Management	148
Directory Quotas	148
Establishing Directory Quotas	149
File Screening	151
Storage Reports	152
Print Services	153
Configuring the Print Server	153
Removing the Print Server Role	155
Adding an Additional Printer	155
Adding Additional Operating System Support	156
Installing Print Services for UNIX	156
Chapter 8, Microsoft Services for NFS	157
Server for NFS	157
Authenticating User Access	157
Indicating the Computer to Use for the NFS User Mapping Server	158
Logging Events	159
Server for NFS Server Settings	160
Installing NFS Authentication Software on the Domain Controllers and Active Directory Domain Controllers	162
Understanding NTFS and UNIX Permissions	164
NFS File Shares	164
Creating a New Share	164
Deleting a Share	166
Modifying Share Properties	166
Anonymous Access to an NFS Share	168
Encoding Types	169
NFS Only	169
NFS Protocol Properties Settings	169
NFS Async/Sync Settings	170
NFS Locks	171
NFS Client Groups	173
Adding a New Client Group	174
Deleting a Client Group	174
Editing Client Group Information	175
NFS User and Group Mappings	176
Types of Mappings	176
Explicit Mappings	176
Simple Mappings	176
Squashed Mappings	177
User Name Mapping Best Practices	177
Creating and Managing User and Group Mappings	178
General Tab	178
Simple Mapping Tab	179
Explicit User Mapping Tab	180
Explicit Group Mapping Tab	181
Backing up and Restoring Mappings	183
Backing up User Mappings	183
Restoring User Mappings	183
Creating a Sample NFS File Share	184
Remote Desktop	186
Using Remote Desktop	186
Chapter 9, NetWare File System Management	187
Installing Services for NetWare	188
Managing File and Print Services for NetWare	190
Creating and Managing NetWare Users	191
Adding Local NetWare Users	191
Enabling Local NetWare User Accounts	192
Managing NCP Volumes (Shares)	193
Creating a New NCP Share	193
Modifying NCP Share Properties	195
Chapter 10, Cluster Administration	197
Cluster Overview	197
Multi Node Support Beyond Two Nodes	197
Cluster Terms and Components	198
Nodes	198
Resources	198
Virtual Servers	199
Failover	199
Quorum Disk	199
Cluster Concepts	200
Sequence of Events for Cluster Resources	200
Hierarchy of Cluster Resource Components	202
Cluster Planning	203
Storage Planning	203
Network Planning	204
Protocol Planning	205
Preparing for Cluster Installation	206
Before Beginning Installation	206
HP StorageWorks NAS Software Updates	206
Checklists for Cluster Server Installation	207
Network Requirements	207
Shared Disk Requirements	207
Cluster Installation	208
Setting Up Networks	208
Configure the Private Network Adapter	209
Configure the Public Network Adapter	209
Rename the Local Area Network Icons	209
Verifying Connectivity and Name Resolution	209
Verifying Domain Membership	209
Setting Up a Cluster User Account	209
About the Quorum Disk	209
Configuring Shared Disks	210
Verifying Disk Access and Functionality	210
Install Cluster Service Software	211
Creating a Cluster	211
Adding Nodes to a Cluster	212
Geographically Dispersed Clusters	214
HP Storage Works NAS Software Updates	214
Cluster Groups and Resources, including File Shares	214
Cluster Group Overview	215
Node Based Cluster Groups	215
Load Balancing	215
Cluster Resource Overview	216
File Share Resource Planning Issues	216
Resource Planning	216
Permissions and Access Rights on Share Resources	217
NFS Cluster Specific Issues	217
Non Cluster Aware File Sharing Protocols	218
Creating a New Cluster Group	218
Adding New Storage to a Cluster	219
Creating Physical Disk Resources	219
Creating File Share Resources	221
Setting Permissions for a SMB File Share	222
Creating NFS Share Resources	223
Setting Permissions for an NFS Share	224
Creating IP Address Resources	226
Creating Network Name Resources	227
Basic Cluster Administration Procedures	228
Failing Over and Failing Back	228
Restarting One Cluster Node	228
Shutting Down One Cluster Node	229
Powering Down the Cluster	229
Powering Up the Cluster	230
Shadow Copies in a Clustered Environment	231
Creating a Cluster Printer Spooler	231
Chapter 11, Remote Access Methods and Monitoring	233
Web Based User Interface	234
Remote Desktop	234
Integrated Lights-Out Port	234
Features	235
Security Features	235
Manage Users Feature	235
Manage Alerts Feature	236
Integrated Lights-Out Port Configuration	236
Using the Integrated Lights-Out Port to Access the NAS Server	237
Telnet Server	238
Enabling Telnet Server	238
Sessions Information	238
HP Insight Manager Version 7	238

Match case Limit results 1 per page

Microsoft Services for NFS

177

NAS 4000s and 9000s Administration Guide

Squashed Mappings

If the NFS server does not have a corresponding UID or GID or if the administrator has set

other conditions to filter out the user, a process called squashing takes effect. Squashing is the

conversion of an unmapped or filtered user to an anonymous user. This anonymous user has

very restricted permissions on the system. Squashing helps administrators manage access to

their exports by allowing them to restrict access to certain individuals or groups and to squash

all others down to restricted (or no) access. Squashing enables the administrator to allow

permissions instead of denying access to all the individuals who are not supposed to have

access.

Figure 100

is a diagram showing an example of how the mapping server works for an

ls -al

command.

Figure 100:

Mapping server

ls -al

command example

A double translation, as illustrated in

Figure 100

, is sometimes necessary because some

commands return user ID information. For example, if the NFS request issued was an

ls -al

command, the return listing of files contains user information (the user and group that own the

file). The

ls -al

command is a UNIX command. It returns a long or full listing of all files.

Because this information is contained in a Windows NT Access Control List (ACL), it is not

UNIX ready. The ACL information has to be converted back to UNIX UIDs and GIDs for the

UNIX systems to understand and display the user information.

This second translation is not done for commands that do not return user information. For

example, if the NFS request were just to read data from or write data to a file, the second

translation would not be performed because there is no returning user information.

User Name Mapping Best Practices

Below is a brief list of suggested practices:

■

Back up user and group mappings

To avoid loss of complex advanced mappings in the case of a system failure, back up the

mappings whenever the mappings have been edited or new mappings have been added.

■

Map consistently

Groups that are mapped to each other should contain the same users and the members of

the groups should be properly mapped to each other to ensure proper file access.

Example using User1 and Group1:

—

Make sure that the Windows User1 is mapped to the corresponding UNIX User1.