Home » HP Manuals » Storage Devices » HP ProLiant DL380G5-WSS » Manual Viewer

HP ProLiant DL380G5-WSS 3.7.0 HP StorageWorks HP Scalable NAS File Serving Sof - Page 219

Con security features, User authentication, Role-based security

Get HP ProLiant DL380G5-WSS PDF manuals and user guides

View all HP ProLiant DL380G5-WSS manuals

Add to My Manuals
Save this manual to your list of manuals

Page 219 highlights

12 Configure security features HP Scalable NAS provides the following security features: • Role-Based Security. By default, the root account has full cluster rights and can perform all HP Scalable NAS operations. You can use the Role-Based Security feature to create roles that allow or deny other users and groups the ability to perform specific cluster operations. • An audit trail of cluster operations that change the state or configuration of the cluster, as well as operations that consume large amounts of system resources. The audit messages specify both the operation performed and the user who initiated the operation. User authentication When HP Scalable NAS is installed, it determines whether the Pluggable Authentication Modules (PAM) mechanism is configured on the system. If PAM is installed, a PAM configuration file will be created for the HP Scalable NAS pswebsrv authentication module, and authentication will be done via the method specified in the PAM configuration. If PAM is not installed on the system, authentication will be done with the local shadow password files. NOTE: If PAM is installed after the HP Scalable NAS installation, copy the /etc/opt/ hpcfs/mxauthpw.pam file into the/etc/pam.d/mxauthpw directory, removing the .pam suffix from the file. HP Scalable NAS will then use PAM for authentication. Role-based security When you attempt to perform cluster operations, HP Scalable NAS authenticates your credentials via PAM to determine the user account and the groups to which you HP Scalable NAS File Serving Software administration guide 219

Section	Page
HP Scalable NAS File Serving Software administration guide	1
Table of Contents	3
About this guide	20
Intended audience	20
HP technical support	20
Subscription service	20
HP websites	21
Documentation feedback	21
1 Quick start checklist	23
2 Introduction	27
Product features	27
Overview	29
The structure of a cluster	29
Software components	30
Shared SAN devices	32
Cluster Volume Manager	32
PSFS filesystems	32
HP Scalable NAS databases	33
Export Groups and Virtual NFS Services	33
Virtual hosts and failover protection	34
Service and device monitors	34
Event notifier services	35
SNMP sub-agent	35
Cluster design guidelines	35
Server memory	35
Supported configurations	35
Single FC port, single FC switch, single FC fabric	36
Single FC port, dual FC switches, single FC fabric	37
Dual FC ports, dual FC switches, single FC fabric	38
Dual FC ports, dual FC switches, dual FC fabrics	39
iSCSI configuration	40
3 Cluster Administration	41
Administrative considerations	41
Network operations	41
Servers	42
SAN	42
Cluster software requirements	43
Tested configuration limits	43
HP Scalable NAS	43
FS Option for Linux	44
Dynamic volumes	44
Filesystem limits	44
Cluster management applications	44
User authentication	45
Manage a cluster with the HP Scalable NAS Management Console	45
Start the Management Console	45
Authentication parameters and bookmarks	46
Manage bookmarks	47
Update an existing .matrixrc file to use new features	49
Disconnect from a cluster	50
Exit a Management Console session	50
Manage a cluster from the command line	50
The Management Console	50
Servers tab	51
Virtual Hosts tab	52
Applications tab	53
Filesystems tab	54
Cluster alerts	55
View installed software	56
Using the HP Scalable NAS SNMP sub-agent	56
Start or stop snmpd	57
HP Scalable NAS processes and mxinit	57
Process monitoring	58
View HP Scalable NAS process status	58
mxinit configuration file	59
Start or stop HP Scalable NAS	59
Start or stop HP Scalable NAS with the pmxs script	59
Start or stop HP Scalable NAS with mxinit	60
Administer init.d scripts	61
Back up and restore the cluster configuration	61
HP Scalable NAS configuration	61
FS Option for Linux configuration	62
Save the Export Group configuration	62
Save the NLM state	62
Back up and restore membership partitions	63
Quotas information for PSFS filesystems	63
Firewalls and network port numbers	64
Configure firewalls (optional)	64
External network port numbers	64
Internal network port numbers	65
NFS network port numbers	66
Samba/CIFS network port numbers	67
Change configurable port numbers	67
HP Scalable NAS entries in the /etc/services file	67
HP Scalable NAS man pages	68
4 Configure servers	71
Add a new server to a cluster	71
Add a New Fibre Channel switch	71
Add a new server	72
Modify server properties	73
Other server configuration procedures	74
Move a server	74
Delete a server	74
Disable a server	74
Enable a server	75
Change the IP address for a server	75
HP Scalable NAS license file	75
Upgrade the license file	75
Supported HP Scalable NAS features	76
Migrate existing servers to HP Scalable NAS	76
Configure servers for DNS load balancing	77
5 Configure network interfaces	79
Overview	79
Administrative traffic	79
Network topology	80
Using bonded NICs with HP Scalable NAS	80
Virtual hosts	80
Network interfaces and the Management Console	81
Administrative network failover	81
Making network changes	82
Allow, discourage, or exclude administrative traffic	82
Enable or disable a network interface for virtual hosting	83
Add or modify a network interface	83
Remove a stale network interface	84
6 Configure the SAN	85
Overview	85
SAN configuration requirements	85
Storage Control Layer module	85
Device names	86
Device database and membership partitions	86
Device access	86
Disk partition alignment	87
Import SAN disks	87
Deport SAN disks	89
Change the partitioning on a disk	90
Display local disk information	90
Storage Summary window	91
Display disk information with sandiskinfo	92
Disk information	92
Show partition information	93
Show local device information	93
Show filesystem information	93
Show available volumes	94
Options for dynamic volumes	94
Show available subdevices	94
Show dynamic volumes	94
Show properties for dynamic volumes	95
Display unimported dynamic volumes	95
Multipath I/0 (MPIO) support	95
Linux Device Mapper Multipath	95
HP Scalable NAS mxmpio utility	96
Enable or disable failover for a server	97
Enable or disable failover for a PSD device	97
Specify the path for I/O	97
An example of changing the I/O path	98
Display status information	99
Set the timeout value	99
Display MPIO statistics	100
Other MPIO support	100
Enable the MPIO failover feature on QLogic drivers	100
Format of the fc_pcitable file	100
Edit the fc_pcitable file	101
Third-party MPIO and fabric fencing	101
7 Configure dynamic volumes	103
Overview	103
Basic and dynamic volumes	103
Types of dynamic volumes	103
Dynamic volume names	104
Volume signature	104
Configuration limits	104
Guidelines for creating dynamic volumes	105
Create a dynamic volume	105
Dynamic volume properties	109
Extend a dynamic volume	110
Delete a dynamic volume	112
Recreate a dynamic volume	113
Convert a basic volume to a dynamic volume	114
Dynamic volume recovery	115
Deport a dynamic volume	116
Import a dynamic volume	117
Unimported volumes	118
Importable volumes	118
Unimportable volumes	118
Reuse subdevices in unimportable volumes	119
8 Configure PSFS filesystems	121
Overview	121
Filesystem features	121
Concurrent access by multiple servers	121
Standard filesystem operations and semantics	121
Journaling filesystem	122
Server registry	122
Filesystem management and integrity	122
Filesystem synchronization and device locking	123
Recover from a server shutdown	123
Filesystem quotas	123
Filesystem restrictions	124
Create a filesystem	125
Create a filesystem from the Management Console	125
Filesystem options	127
Recreate a filesystem	128
Create a filesystem from the command line	129
The mx command	129
The mkpsfs command	130
Mount a filesystem	132
Mount a filesystem from the Management Console	132
Shared mount options	133
Server mount options	133
Uses for filesystems mounted with DB Optimized	135
Note for Oracle Real Application Clusters users	135
Advanced mount options	136
Mount a filesystem from the command line	137
The HP Scalable NAS mx fs command	137
The Linux mount command	138
Create the administrative filesystem	139
Determine the size for the administrative filesystem	139
Create the filesystem	140
Mount the administrative filesystem on new nodes	142
Enlarge the administrative filesystem	142
Unmount a filesystem	142
Unmount from the Management Console	142
Unmount from the command line	143
Persistent mounts	143
Persistent mounts on a server	143
Persistent mounts for a filesystem	144
View or change filesystem properties	145
Volume tab	145
Extend a mounted filesystem	146
Features tab	147
Quotas tab	147
View filesystem status	148
View Filesystem errors for a server	149
Check a filesystem for errors	149
Other filesystem operations	151
Configure atime updates	151
Enable atime updates for a node	151
Disable atime updates for a filesystem	152
Suspend a filesystem for backups	152
Resize a filesystem manually	153
Destroy a filesystem	155
Recover an evicted filesystem	155
Context Dependent Symbolic Links	155
Examples	156
Locate a target by its hostname	156
Locate a target by its machine type	157
Locate a target that is not on a PSFS filesystem	158
Cluster-wide file locking	158
Create a semaphore	159
Lock a semaphore	159
Unlock a semaphore	159
Delete a semaphore	159
9 Configure FS Option for Linux	161
Overview	161
FS Option concepts and definitions	161
Export Groups	161
Export records	162
Virtual NFS Services	162
Supported NFS versions	163
Tested configuration limits	163
RPC program usage	163
Export Group overview	163
Export records and groups	164
Virtual NFS Services	164
One or many Export Groups?	164
High availability and failover support	164
Caveats regarding Export Groups	165
Mount PSFS filesystems	165
Considerations for ensuring data safety	166
Add an Export Group	166
NFS Exports tab	168
Save export records to a local file	171
Virtual NFS Services tab	171
Create a spanning set of Virtual NFS Services	173
High-availability monitors	175
Global NFS monitor	175
Export Group monitor	175
Advanced options for Export Group monitors	176
Probe configuration	176
Probe severity	177
Scripts	179
View Export Group properties	182
Other Export Group procedures	183
Modify an Export Group	183
Disable an Export Group	184
Enable an Export Group	184
Clear an error associated with an Export Group	184
Delete an Export Group	184
Configure the global NFS probe settings	185
Configure Virtual NFS Services	186
Sample configurations	186
Active-active failover configuration	186
Active-passive failover configuration	186
Guidelines for creating Virtual NFS Services	187
Add a Virtual NFS Service	187
Migrate a Virtual NFS Service	190
From the Servers or Virtual Hosts tab	190
From the Applications tab	191
From the command line	191
Other Virtual NFS Service procedures	191
Update a Virtual NFS Service	191
Disable a Virtual NFS Service	191
Enable a Virtual NFS Service	191
Delete a Virtual NFS Service	192
NFS clients	192
Timeout configuration	192
Client mounts	192
Client mount options	193
NFS reads and writes	194
DB Optimized mount option	194
sync and async mount options	195
Requirements for using Windows NFS clients	195
Using the NLM protocol	195
Clear NLM locks after a power failure on an NFS client	196
Virtualized NFSD RPC reply caches	197
Network recommendations	198
Adjust the NIC parameters	199
Adjust operating system parameters	200
10 Manage filesystem quotas	201
Hard and soft filesystem limits	201
Enable or disable quotas	201
Mount filesystems with quotas	203
Manage quotas	204
Quota editor	204
Quota searches	205
View or change limits for a user or group	206
Add quotas for a user or group	207
Remove quotas for a user or group	210
Export quota information to a file	210
Manage quotas from the command line	210
Linux quota commands	210
Back up and restore quotas	211
psfsdq command	211
psfsrq command	212
Examples	212
11 Manage hardware snapshots	213
Supported arrays	213
HP MSA2000 storage arrays	213
HP EVA storage arrays	214
HP XP storage arrays	214
Engenio storage arrays	214
Create a snapshot or snapclone	214
Verify available storage	215
Snapshot procedure	215
Errors during snapshot operations	216
Delete a snapshot	216
Mount or unmount snapshots	217
12 Configure security features	219
User authentication	219
Role-based security	219
Add a new role	221
Allow or deny rights	223
Assign rights manually	224
Assign rights using a template	224
Assign accounts to a role	225
Tips for specifying accounts	227
View effective rights	227
Other role-based security procedures	228
Export or import roles	228
Enable or disable a role	229
Modify a role	229
Rename a role	230
Delete a role	230
View role information from the command line	230
Manage account information from the command line	230
Assign roles to an account	230
Remove roles from an account	231
List roles assigned to an account	231
HP Scalable NAS audit trail	231
Audit log messages	231
13 Configure event notifiers and view events	233
Overview	233
Event logs	233
View event logs	234
Event notifier services	234
HP Scalable NAS MIBs	234
Cluster event viewer	234
View event details	236
Filter the event output	236
View events from the command prompt	237
View the Cluster Log	237
View outstanding alerts	237
Insert a message into the cluster log	238
Configure event notifier services	238
Select events for a notifier service	239
Configure the SNMP notifier service	240
Configure the email notifier service	242
Configure the script notifier service	244
View configurations from the command line	245
Test notifier services	245
Enable or disable a notifier service	245
Restore notifier event settings to default values	245
Import or export the notifier event settings	246
Using custom notifier scripts	246
Event information	246
Script requirements	247
Script variables	247
14 Configure and manage replication	249
Overview	249
The sentinel node	250
Cluster requirements	250
Change required for SLES10	250
Replication tuning	250
Best practices for replication	252
Modify system parameters	253
ssh configuration	254
Configure replication	255
Configure replication for a virtual host IP on the destination cluster	255
Correct the known.hosts file	256
Configure replication for a node IP on the destination cluster	257
Create the replication configuration file	257
Duplicate the source filesystem layout on the destination cluster	260
How replication works	260
Manage replication operations	261
The replication state	262
Check the replication state	262
Replication state transitions and rplcontrol	263
rplcontrol syntax	265
Determine when replication is complete	266
Restore replicated files	266
Start or stop replication	266
Start replication	267
Restart replication when it is not running on the cluster	267
Stop all replication programs	267
Stop/start logging and transport operations	268
Modify the replication configuration	268
End the current replication interval and start a new interval	269
Reelect the sentinel node	269
Create a custom ssh key pair	269
Hard link behavior	270
Troubleshooting	270
Replication files	270
Replication logs	270
Replication history file	271
Debug log	272
Repair damaged or deleted ssh keys	272
Fix connection errors	272
Resend a transmission after a replication failure	272
Pause replication when network connection interruptions occur	273
Start replication manually during debugging	273
Enable debug messages	273
15 Cluster operations on the Applications tab	275
Applications overview	275
Create applications	275
The Applications tab	276
Application states	277
Filter the applications display	279
Using the Applications tab	281
“Drag and drop” operations	281
Applications	282
Virtual hosts or Virtual NFS Services	282
Device monitors	283
Menu operations	283
Applications	283
Servers	284
Virtual hosts	284
Virtual NFS Services and Export Groups	284
Service and device monitors	285
16 Performance monitoring	287
Create the administrative filesystem	287
Using the Performance Dashboard	287
Performance views	288
Display locations on the dashboard	288
Cluster Report	290
Physical View	290
Filesystem Aggregate View	291
Filesystem Detail View	292
Metrics View	293
Host View	294
Node View	295
Host-Specific Filesystem View	296
Performance Dashboard metrics	297
Using the NFSd thread usage metric	298
Start or stop performance monitoring	299
Troubleshooting	299
fsockopen error: Connection refused	300
17 Configure virtual hosts	301
Overview	301
Cluster health and virtual host failover	301
Guidelines for creating and using virtual hosts	302
Add or modify a virtual host	303
Configure applications for virtual hosts	306
Other virtual host procedures	306
Enable or disable a virtual host	306
Change the virtual IP address for a virtual host	307
Rehost a virtual host	307
Delete a virtual host	308
Virtual hosts and failover	309
Virtual host activeness policy	309
Customize service and device monitors for failover	311
Specify failover/failback behavior	311
Select a backup interface for failover	311
Specify failback behavior of the virtual host	312
AUTOFAILBACK	312
NOFAILBACK	312
Failback policy and monitor probe severity	313
18 Configure service monitors	315
Overview	315
Service monitors and virtual hosts	315
Service monitors and failover	315
Types of service monitors	316
FTP service monitor	316
HTTP service monitor	317
SMTP service monitor	317
TCP service monitor	317
Custom service monitor	318
Add or modify a service monitor	318
Advanced settings for service monitors	320
Service monitor policy	320
Timeout and failure severity	321
Service priority	322
Probe type	322