FMA 7.3.1 Getting Started

EMC® File Management Appliance and
File Management Appliance/VE

Version 7.3.1
Getting Started Guide

P/N 300-005-093
REV A10
EMC Corporation
Corporate Headquarters:
Hopkinton, MA 01748-9103
1-508-435-1000
www.EMC.com
Copyright © 2007 - 2010 EMC Corporation. All rights reserved.
Published May, 2010
EMC believes the information in this publication is accurate as of its publication date. The information is subject to change
without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED “AS IS.” EMC CORPORATION MAKES NO
REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION,
AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR
PURPOSE.
Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.
For the most up-to-date regulatory document for your product line, go to the Technical Documentation and Advisories section
on EMC Powerlink.
For the most up-to-date listing of EMC product names, see EMC Corporation Trademarks on EMC.com.
All other trademarks used herein are the property of their respective owners.
2 EMC File Management Appliance and File Management Appliance/VE Version 7.3.1 Getting Started Guide
Contents
Preface
Chapter 1 Introduction
Overview of EMC File Management Appliance ................................................ 16
File Management High Availability (FMHA) .............................................. 16
File Management Appliance/VE (FMA/VE)............................................... 16
File Management Appliances ............................................................................... 17
File Management with Celerra implementation.......................................... 18
File Mangement with NetApp implementation .......................................... 19
File Management tasks........................................................................................... 20
Using File Management ......................................................................................... 22
Chapter 2 File Management Appliance Hardware and Port Configurations

Contents of the appliance ...................................................................................... 24
File Management Appliance types ................................................................ 24
File Management High Availability appliance types.................................. 24
File Management Appliance details .................................................................... 25
File Management High Availability appliance details ...................................... 28
Appliance diagrams .............................................................................................. 30
Port details for FMA-7, FMHA-7, FMA-6, FMHA-6, FMA-5, and FMHA-5.. 33
Port detail for FMA-4 ............................................................................................. 34
Chapter 3 Deploying File Management

File Management deployment process................................................................ 36
Appliance setup ...................................................................................................... 37
File Management High Availability..................................................................... 38
Celerra primary storage................................................................................... 38
NetApp primary storage ................................................................................. 38
Installing the virtual appliance ............................................................................. 39
Configuring File Management.............................................................................. 42
Configuring the FMA network....................................................................... 43
Configuring the hostname, domain, and DNS server................................. 43
Graphical user interface................................................................................... 44
Command line interface .................................................................................. 44
Using the FMA with the Celerra Data Mover as a source ................................ 45
Adding a Celerra to the File Management configuration........................... 45
Configuring Celerra to EMC Centera or Atmos archiving on the FMA .. 47
EMC File Management Appliance and File Management Appliance/VE Version 7.3.1 Getting Started Guide 3
Configure name resolution.............................................................................. 48
Prerequisites for using Celerra as an archiving source ............................... 49
Prerequisite on the Celerra Control Station ................................................. 50
Using File Management with the NetApp filer as a source.............................. 55
Prerequisites for using NetApp as an archiving source ............................. 55
vFiler configuration ......................................................................................... 56
Configuring NetApp archiving on the FMA ............................................... 56
Adding a NetApp filer to the File Management configuration ................. 57
Adding a Windows server to the File Management configuration ................. 58
Configuring a NAS-based repository .................................................................. 60
Using FMA with EMC Centera ............................................................................. 61
Using File Management with an Atmos server .................................................. 62
Using File Management with a Data Domain server......................................... 63
Backing up the configuration ................................................................................ 64
Creating a backup dump ................................................................................. 65
Restoring a backup dump................................................................................ 66
Maintaining the database....................................................................................... 69
Performing a CD clean install................................................................................ 70
Software upgrades .................................................................................................. 71
Before upgrading FMA to version 7.3 or later.............................................. 71
CD full upgrade................................................................................................. 72
UPG upgrade ..................................................................................................... 72
Shutting down and restarting the appliance....................................................... 73
Chapter 4 File Management System Settings

Security hardening .................................................................................................. 76
Single security database ................................................................................... 76
Disable root logins ............................................................................................ 77
Strengthen passwords ...................................................................................... 78
Age passwords .................................................................................................. 78
Configuring the GUI access method .................................................................... 79
STIG hardening........................................................................................................ 79
Enabling STIG hardening ................................................................................ 79
Disabling STIG hardening ............................................................................... 80
LDAP client configuration .................................................................................... 81
Global LDAP settings ....................................................................................... 81
LDAP authentication ........................................................................................ 81
Configuring basic LDAP settings ................................................................... 82
Configuring advanced LDAP settings........................................................... 83
RADIUS and TACACS+ ......................................................................................... 84
Certificate management ........................................................................................ 84
Appliance mail delivery settings .......................................................................... 85
Log settings .............................................................................................................. 86
Configuring log rotation .................................................................................. 86
Configuring SCP of rotated log files .............................................................. 86
Alerts................................................................................................................... 88
Configuring e-mail alerts ................................................................................. 91
Configuring SNMP alerts ................................................................................ 92
Enabling SNMP polling ................................................................................... 93
System command accounting................................................................................ 93
Tracking user command history..................................................................... 94
Tracking user login history.............................................................................. 94
Tracking daemon command history .............................................................. 94
Windows domain user ........................................................................................... 95
Creating a Windows domain user ................................................................. 95
Adding an admin user to the local administrator group............................ 95
Configuring Windows 2008 for NTLM ......................................................... 96
Appendix A Network Topology Scenarios

Advanced network topologies.............................................................................. 98
Configuring FMA with bonding .................................................................... 98
Configuring File Management with two subnets ........................................ 99
Configuring File Management with more than two subnets..................... 99
VLAN tagging modes for FMA/VE .................................................................. 101
ESX Server virtual switch tagging ............................................................... 101
ESX Server virtual guest tagging ................................................................. 102
Glossary
Index
Figures
Title Page
1 Celerra implementation ....................................................................................................... 18

2 NetApp FPolicy implementation ........................................................................................ 19
3 Archived report example ..................................................................................................... 21
4 Rear view of Dell R710 ......................................................................................................... 30
5 Front view of Dell R710 with bezel removed .................................................................... 30
6 Rear view of Dell 2950 .......................................................................................................... 30
7 Front view of Dell 2950 with bezel removed .................................................................... 31
8 Rear view of HP ProLiant .................................................................................................... 31
9 Front view of HP ProLiant ................................................................................................... 31
10 Front view of Dell R710 for High Availability with bezel removed .............................. 32
11 Front view of Dell 2950 for High Availability with bezel removed .............................. 32
12 FMA-7 and FMHA-7 port detail ......................................................................................... 33
13 FMA-6, FMHA-6, and FMHA-5 port detail ...................................................................... 33
14 FMA-4 port detail .................................................................................................................. 34
15 File Management process ..................................................................................................... 36
16 Example of Celerra property settings in FMA version 7.2 .............................................. 71
Figures
Tables
Title Page
1 FMA that is based on Dell R710 .......................................................................................... 25

2 FMA that is based on Dell 2950 ........................................................................................... 25
3 FMA that is based on HP ProLiant ..................................................................................... 26
4 FMHA appliance that is based on Dell R710 .................................................................... 28
5 FMHA appliance that is based on Dell 2950 ..................................................................... 28
6 VMware ESX Server interoperability with FMA/VE ...................................................... 39
7 Supported SNMP traps ........................................................................................................ 88
8 File Management alerts ........................................................................................................ 88
Tables
Preface
As part of an effort to improve and enhance the performance and capabilities of its product
lines, EMC periodically releases revisions of its hardware and software. Therefore, some
functions described in this document may not be supported by all versions of the software or
hardware currently in use. For the most up-to-date information on product features, refer to
your product release notes.
If a product does not function properly or does not function as described in this document,
please contact your EMC representative.
Audience This document is part of the EMC File Management Appliance documentation set.
The documentation is intended for use by:
◆ Storage management administrators who are new to the EMC File Management
Appliance .
◆ Existing customers who are new to version 7.3.1.
Related Related documents include:

documentation
◆ EMC File Management Appliance online help — Provides detailed reference
information on specific product features and functions.
◆ EMC File Managment Appliance Release Notes — Provides an overview of new
features and lists any limitations.
◆ EMC File Management man pages — Provide detailed command-line help, as
well as overview information. A good starting point is: man rffm. PDFs of all
man pages are available from:
/opt/rainfinity/filemanagement/doc
Preface 11
Preface
Conventions used in EMC uses the following conventions for special notices.
this document
Note: A note presents information that is important, but not hazard-related.
! CAUTION
A caution contains information essential to avoid data loss or damage to the system
or equipment.
! IMPORTANT
An important notice contains information essential to operation of the software.
Typographical conventions
EMC uses the following type style conventions in this document:
Normal Used in running (nonprocedural) text for:
• Names of interface elements (such as names of windows, dialog boxes, buttons,
fields, and menus)
• Names of resources, attributes, pools, Boolean expressions, buttons, DQL
statements, keywords, clauses, environment variables, functions, utilities
• URLs, pathnames, filenames, directory names, computer names, filenames, links,
groups, service keys, file systems, notifications
Bold Used in running (nonprocedural) text for:
• Names of commands, daemons, options, programs, processes, services,
applications, utilities, kernels, notifications, system calls, man pages
Used in procedures for:
• Names of interface elements (such as names of windows, dialog boxes, buttons,
fields, and menus)
• What user specifically selects, clicks, presses, or types
Italic Used in all text (including procedures) for:
• Full titles of publications referenced in text
• Emphasis (for example a new term)
• Variables
Courier Used for:
• System output, such as an error message or script
• URLs, complete paths, filenames, prompts, and syntax when shown outside of
running text
Courier bold Used for:
• Specific user input (such as commands)
Courier italic Used in procedures for:
• Variables on command line
• User input variables
<> Angle brackets enclose parameter or variable values supplied by the user
[] Square brackets enclose optional values
| Vertical bar indicates alternate selections - the bar means “or”
{} Braces indicate content that you must specify (that is, x or y or z)
... Ellipses indicate nonessential information omitted from the example
Preface
Where to get help EMC support, product, and licensing information can be obtained as follows.
Product information — For documentation, release notes, software updates, or for
information about EMC products, licensing, and service, go to the EMC Powerlink
website (registration required) at:
http://Powerlink.EMC.com
Technical support — For technical support, go to EMC Customer Service on
Powerlink. To open a service request through Powerlink, you must have a valid
support agreement. Please contact your EMC sales representative for details about
obtaining a valid support agreement or to answer any questions about your account.
Your comments Your suggestions will help us continue to improve the accuracy, organization, and
overall quality of the user publications. Please send your opinion of this document to:
techpubcomments@EMC.com
13
Preface
1
Introduction
This chapter includes the following sections:

◆ Overview of EMC File Management Appliance ....................................................... 16
◆ File Management Appliances ....................................................................................... 17
◆ File Management tasks .................................................................................................. 20
◆ Using File Management ................................................................................................ 22
Introduction 15
Introduction
Overview of EMC File Management Appliance

The EMC® File Management Appliance (FMA) is data archival technology that
optimizes primary NAS storage by automatically moving inactive files based on
policies to less expensive secondary storage. Files that are moved appear as if they are
on primary storage. File archiving dramatically improves storage efficiency, and
backup and restore time, while supporting additional business requirements such as
compliance and retention.
As an example, an FMA may be configured to locate all NAS data that has not been
accessed in one year, and archive that data to secondary storage. For each file it
archives, the FMA will leave behind a small space-saving stub file that points to the
real data on the secondary storage device. When a user tries to access the data in its
original location on the primary NAS, the user will be transparently provided with
the actual data that the stub points to, from secondary storage.
If multi-tier archiving is used, the FMA may be configured to move archived files
from a secondary storage device tier to a tertiary storage device tier. This can be
particularly useful in cases where the secondary storage device represents a tier that
is smaller, faster, and more expensive to maintain than a larger, slower, and cheaper
storage used in the tertiary tier. Once the files are moved, the space-saving stub file on
the primary NAS tier would be updated to point to the data’s new location on the
tertiary storage tier.
File Management High Availability (FMHA)

The File Management High Availability (FMHA) appliance is a dedicated machine
that runs the NetApp and EMC Celerra® callback agents and provides high
availability for stub file recalls, in case callback agents on the primary FMA are not
available. This ensures complete transparency and nondisruptive service for clients.
Note: The FMHA dedicated appliance has installation instructions that differ slightly from the
FMA.
File Management Appliance/VE (FMA/VE)

The File Management Appliance/VE (FMA/VE) is a VMware virtual appliance
installed on a VMware ESX/ESXi Server. FMA/VE is provided in an
industry-standard virtual appliance distribution that consists of an Open
Virtualization Format (OVF) and Virtual Machine Disk (VMDK) file.
Introduction
File Management Appliances

The EMC File Management Appliance includes two types of physical appliances and
one type of virtual appliance. The capabilities and features available on the
appliances differ. One or more of each type may be deployed within a customer
environment to create a complete solution.
◆ File Management Appliance (FMA) — Is the foundation of every file archiving
deployment. It provides a full range of features including the ability to:
• archive and recall data
• perform policy simulations
• perform orphan file management
• perform stub file recovery
It features a robust reporting interface that provides valuable insight into the
efficacy of archiving policies. An FMA is delivered preloaded with software.
◆ File Management High Availability (FMHA) Appliance — Complements an
existing FMA by adding high-availability and load-balancing capabilities when
recalling archived data to primary storage. FMHA cannot be used for any
purpose other than recall. For example, it does not perform archiving or orphan
file management, nor does it have a graphical user interface. An FMHA appliance
is delivered preloaded with FMHA software.
When FMHA appliances are deployed alongside an FMA, the underlying APIs of
Celerra and NetApp file servers are leveraged to create a highly available and
load-balanced environment for data recall. The Celerra and NetApp
implementations differ as shown in Figure 1 on page 18 and Figure 2 on page 19.
◆ File Management Appliance/VE (FMA/VE) — Runs on a virtual appliance.
Virtual appliances are prebuilt software solutions, comprised of one or more
virtual machines that are packaged, updated, maintained, and managed as a unit.
Unlike a traditional hardware appliance, these software appliances allow
customers to acquire, deploy, and manage preintegrated solution stacks more
quickly and easily.
VMware High Availability (HA) provides high availability for FMA/VE across a
virtualized environment. With the failover protection against hardware and
operating system failures that VMware HA delivers, FMA/VE can offer a disaster
recovery solution.
Depending on the environment, VMware HA features require:
• Virtual Center 2.5 for ESX 3.5
• vCenter Server 4.0 for ESX 4.0
Information on configuring the VMware HA is provided in the VMware
documentation.
File Management Appliances 17

Introduction
File Management with Celerra implementation

Figure 1 on page 18 shows the recall architecture of a Celerra implementation.
4 CIFS R/W CIFS R/W NFS R/W HTTP R/W FTP R/W
1
SMB over SMB over

NFS HTTP FTP
NetBIOS TCP
(RPC) (TCP 80) (TCP 21)
(TCP 139) (TCP 445)
DHSM
Celerra
File System
/etc/hosts
3 FileMover API 2 DNS
EMC FMA PowerEdge

2950
NFS CIFS
EMC FMHA PowerEdge
2950
Platform API
NFS CIFS Centera or Atmos

Repository Repository
CNS-001622
Figure 1 Celerra implementation
Circled numbers correspond to the following steps that illustrate the archive and
recall process in the Celerra implementation:
1. Clients send read/write operations for files that have been archived. These
operations are intercepted by the DHSM layer on the Celerra prior to being
serviced from the filesystem.
2. If the file has been archived to EMC Centera® or EMC Atmos™ storage, the
Celerra blade resolves the fully qualified domain name (FQDN) to one of the
following:
• In an FMA environment, it resolves the FQDN to the IP address of the FMA or
FMHA appliance.
• In an FMA/VE environment, it resolves the FQDN to the IP address of the
FMA/VE.
Introduction
The blade then uses HTTP to read the archived data from the appliance, which in
turn reads it from EMC Centera or Atmos by using the platform API. If an
appliance does not respond to the HTTP read requests, the Celerra blade uses an
alternate IP address of another appliance configured in DNS. Every callback
server (FMA, FMHA, or FMA/VE) has its IP address associated with a single
hostname in DNS. The FQDN uses that hostname, which may have multiple IP
addresses associated with it.
3. If the file has been archived to an NFS or CIFS repository, the blade opens a
connection to the repository and reads back the data.
4. The blade responds to the client operation as usual if the recall was successful, or
the client receives an "access denied" message if the recall fails.
Note: When Celerra data has been archived to a Celerra, NetApp, or Microsoft Windows
repository, the FMA is not involved at all in the recall process. In such an environment, the
FMHA appliance is not necessary.
File Mangement with NetApp implementation

Figure 2 on page 19 shows the recall architecture of NetApp FPolicy implementation.
4 1
CIFS Recall (Writes) CIFS R/W CIFS R/W NFS R/W HTTP R/W FTP R/W
SMB over NetBIOS
NFS Recall (Writes)
SMB over SMB over

NFS HTTP FTP
NetBIOS TCP
(RPC) (TCP 80) (TCP 21)
(TCP 139) (TCP 445)
FPolicy Primary Secondary 2
WAFL
FPolicy API FPolicy API
EMC FMA PowerEdge

2950
EMC FMHA PowerEdge
2950
NFS CIFS/SMB Platform

3 over NetBIOS API
NFS CIFS Centera or Atmos

Repository Repository
CNS-001619
Figure 2 NetApp FPolicy implementation
File Management Appliances 19

Introduction
Circled numbers correspond to the following steps that illustrate the archive and
recall process in the NetApp FPolicy implementation:
1. Clients send read/write operations for files that have been archived. These
operations are intercepted by the FPolicy layer on the NetApp prior to being
serviced from the Write Anywhere File Layout (WAFL) filesystem.
2. The NetApp is configured with the following groups:
• A primary group of callback servers, such as an FMA and possibly one or
more FMHA appliances.
• A secondary group, such as one or more FMHA appliances.
The NetApp will send FPolicy callbacks to servers registered in the primary
group in round-robin fashion. If a server does not reply to the callback, it is
removed from its group. If there are no servers in the primary group, the
callbacks are distributed in a round-robin fashion among the servers in the
secondary group.
For FMA/VE, the primary group of callback servers consists of one or more
virtual machines that are clustered using VMware.
3. The appliance connects to the filer by using CIFS to read the contents of the stub
file. The stub file points to where the file data is stored. The appliance then
connects to the NFS repository, CIFS repository, or EMC Centera cluster where the
data was archived. It then reads the data by using the native protocol and the file
data is written back to the NetApp.
4. The filer responds to the client operation as usual if the recall was successful, or
with an "access denied" message if the recall failed.
Note: It is a requirement that the software versions of all the appliances match. For example, do
not deploy a configuration with an FMA that is running version 7.3b2 and an FMHA that is
running version 7.3b3. While the software does not perform any explicit checks to ensure the
versions are compatible, the running of different software versions has not been tested and
may result in unexpected behavior.
File Management tasks

File Management may be used to run several different tasks:
◆ Archiving
◆ Deleting
◆ Auxiliary tasks, such as stub scanning, backup, and NAS migration
For archiving and deleting, the software leverages a policy engine to define which
files should be archived or deleted. Users can combine and evaluate multiple rules
together in a single policy. Several rule types for archiving and deleting are included.
Before running the archive, delete, or NAS migration task, the running of a
simulation allows administrators to review real-time results without executing the
task. The results will return:
◆ Aggregated summary of total files matched
◆ Total bytes potentially archived
◆ Optional list of files stored on the disk.
Introduction
Run a simulation to gain insight into the efficiency of a task before running the task.
This practice is notably important for the delete tasks, since these tasks remove data.
A report displays results of the task. Figure 3 on page 21 is an example of an archived
report.
Figure 3 Archived report example
Archive tasks may be one of three types:

◆ Archive (with policy) — Archives all regular (non-stub) files. Files are selected for
archiving based on the archive policy.
◆ Multi-tier (with policy) — For this archiving task, all regular and stub files are
evaluated with the multi-tier policy.
• If a regular file matches the policy, it is archived.
• If a stub file matches the policy, archived data is moved to a different
repository and the stub is updated to point to the new location.
◆ Multi-tier stub (with policy) — For this archiving task, only stub files are
evaluated with the multi-tier stub policy. If a stub file matches the policy, archived
data is moved to a different repository and the stub is updated to point to the new
location. Otherwise, the archived data remains in the current repository.
Delete tasks may be one of two types:
◆ Delete orphan with policy — Deletes orphans on secondary storage that match
the delete orphans policy.
◆ Delete stub with policy — The delete stub task deletes stubs that match the delete
stubs policy. Stubs on primary storage and files on the second tier that are no
longer under retention or that were defined without any retention period are
automatically deleted.
File Management tasks 21

Introduction
Auxiliary tasks are:

◆ Scan stubs — When a file is archived, a stub file remains on the source and an
entry is added to the FMA database, and maps the name and location of the
archived file to its stub. The stub scanning task scans for stubs in the FMA
database that are no longer present on the source. When a stub has not been
detected for 30 or more days, the archived file is designated as an orphan.
◆ Backup — The backup task performs periodic backups of the FMA configuration
and database. Schedule backup tasks as part of a regular maintenance program.
◆ NAS Migration — NAS migration moves all archived data from one NAS
repository to a new repository, which may be a NAS repository, an EMC Centera,
or an Atmos. All stub files that point to this data will be updated to point to the
new location.
The File Management software also has the capability to recover stub files
accidentally deleted by client systems. It can even recover prior versions of files
archived to any secondary storage destination.
Using File Management

Once the appliance has been deployed on the network, the adminstrator can manage
data through the File Management graphical user interface (GUI) or command line
interface (CLI). “Graphical user interface” on page 44 explains how to invoke the
GUI. Online help documents all GUI pages.
Technical system details that are not related to the GUI, but are required to configure
the FMA, are provided in the following chapters and appendixes:
◆ Chapter 3, ”Deploying File Management”
◆ Chapter 4, ”File Management System Settings”
◆ Appendix A, “Network Topology Scenarios”
If the FMA is not installed on the network, administrators should refer to the sections
in this book to configure the FMA properly before its use.
2
File Management
Appliance Hardware
and Port Configurations
This chapter contains the following sections:

◆ Contents of the appliance.............................................................................................. 24
◆ File Management Appliance details ............................................................................ 25
◆ File Management High Availability appliance details ............................................. 28
◆ Appliance diagrams....................................................................................................... 30
◆ Port details for FMA-7, FMHA-7, FMA-6, FMHA-6, FMA-5, and FMHA-5 ......... 33
◆ Port detail for FMA-4..................................................................................................... 34
File Management Appliance Hardware and Port Configurations 23

File Management Appliance Hardware and Port
Contents of the appliance

FMA or FMHA ships with robust, fault-tolerant hardware consistent with the
mission-critical application for which it is used.
The following items are included in the appliance package:
◆ A 2U 19-inch rackmountable File Management aAppliance.
◆ Two universal rails for mounting the appliance on a 19-inch rack.
◆ Two sets of power cords.
◆ Copper patch cables for the number of ports on your appliance.
◆ Media kit with documentation CD and the software recovery CD.
◆ One serial cable.
Note: The following are items are not included: VGA monitor, keyboard, and mouse for a
system console.
File Management Appliance types

◆ Dell R710 — Model FMA-7 ships with two enabled on-board gigabit Ethernet
copper 10/100/1000TX ports. Figure 12 on page 33 shows the port details.
◆ Dell 2950 — Model FMA-6 and FMA-5 ships with two on-board gigabit Ethernet
◆ HP ProLiant — Model FMA-4 ships with two on-board gigabit Ethernet copper
10/100/1000TX ports and four copper ports. Figure 14 on page 34 shows the port
details.
File Management High Availability appliance types

◆ Dell R710 — Model FMHA-7 ships with two enabled on-board gigabit Ethernet
◆ Dell 2950 — Model FMHA-6 and FMHA-5 ships with two on-board gigabit
Ethernet copper 10/100/1000TX ports. Figure 13 on page 33 shows the port
details.
File Management Appliance details

Table 1 on page 25 lists the configurations for the FMA that is based on the Dell R710
hardware.
Table 1 FMA that is based on Dell R710
Component FMA-7
Chassis The appliance is based on Dell R710 11G hardware.
Size 2U form factor
Power Dual 570 watts
CPUs Dual, 2.0 GHz, E5540 4C/4T 80W 4MB Cache Nehalem-EP
Disks Four 1 TB, SATA, 3.5-inch, 7.2 K RPM hard drives in a RAID-1 configuration with
two hot spares. Items (b) through (e) in Figure 5 on page 30.
RAID controller SAS6/IR
CD-ROM Read-only DVD that can read CD or DVD material for system upgrades. Item (a) in
Figure 5 on page 30.
Memory 1066-MHz, (2 x 2 GB), dual-ranked RDIMMs
Network interfaces Two on-board gigabit 10/100/1000TX Ethernet copper ports with RJ45 connectors.
Item (e) in Figure 4 on page 30.
VGA Standard VGA video connector for a system console. Item (a) in Figure 4 on
page 30.
Keyboard connector Standard USB keyboard connector for a system console. Item (d) in Figure 4 on
page 30.
Mouse connector Standard USB mouse connector for a system console. Item (c) in Figure 4 on
page 30.
Serial port Standard DB9 serial port for a serial-terminal system. Item (b) in Figure 4 on
page 30.
Table 2 on page 25 lists the configurations for the FMA that is based on the Dell 2950
hardware.
Table 2 FMA that is based on Dell 2950 (page 1 of 2)
Component FMA-6 FMA-5
Chassis The appliance is based on Dell 2950 The appliance is based on Dell 2950
hardware. hardware.
Size 2U rackmount form factor with universal 2U rackmount form factor with universal
rails. Dimensions: 8.6 cm (h), 44.5 cm rails. Dimensions: 8.6 cm (h), 44.5 cm
(w), 66.1 cm (d). Weight: 34 kg. (w), 66.1 cm (d). Weight: 34 kg.
Power Dual redundant 750 watt hot-plug, Dual redundant 750 watt hot-plug,
power supplies. Total consumption: 5A power supplies. Total consumption: 5A
at 120 V or 2.5 A at 240 V. at 120 V or 2.5 A at 240 V.
CPUs Dual Intel Xeon 3.00 GHz Quad Core Dual Intel Xeon 3.00 GHz Dual Core
processors with 1333 MHz front-side processors with 1333 MHz front-side
bus. bus.
File Management Appliance details 25

Table 2 FMA that is based on Dell 2950 (page 2 of 2)
Component FMA-6 FMA-5
Disks Four 250 GB, SATA, 3.5-inch, 7.2K RPM Six 160 GB, SATA, 3.5-inch, 7.2K RPM
hard drives in a RAID-5 configuration. hard drives in a RAID-1 configuration.
Items (b) through (e) in Figure 7 on Items (b) through (g) in Figure 7 on
page 31. page 31.
RAID controller PERC 6/I integrated controller card with PERC 5/I integrated controller card with
256 MB of battery-backed write cache. 256 MB of battery-backed write cache.
The storage controller buffers all writes The storage controller buffers all writes
to disk so that in the event of a critical to disk so that in the event of a critical
full-system failure. Important state full-system failure. Important state
information is saved even during abrupt information is saved even during abrupt
disk or power failure. disk or power failure.
Remote management Dell DRAC Card. Dell DRAC Card.
CD-ROM 24x IDE CD-ROM/DVD-ROM drive for 24x IDE CD-ROM drive for system
system upgrades. Item (a) in Figure 7 upgrades. Item (a) in Figure 7 on
on page 31. page 31.
Memory 667 MHz, (4 x 1 GB), single-ranked 667 MHz, (8 x 512 MB), single-ranked
DIMMs DIMMs
Network interfaces Two on-board gigabit 10/100/1000TX Two on-board gigabit 10/100/1000TX
Ethernet copper ports with RJ45 Ethernet copper ports with RJ45
connectors. Item (e) in Figure 6 on connectors. Item (e) in Figure 6 on
page 30. page 30.
VGA Standard VGA video connector for a Standard VGA video connector for a
system console. Item (a) in Figure 6 on system console. Item (a) in Figure 6 on
page 30. page 30.
Keyboard connector Standard USB keyboard connector for a Standard USB keyboard connector for a
system console. Item (d) in Figure 6 on system console. Item (d) in Figure 6 on
page 30. page 30.
Mouse connector Standard USB mouse connector for a Standard USB mouse connector for a
system console. Item (c) in Figure 6 on system console. Item (c) in Figure 6 on
page 30. page 30.
Serial port Standard DB9 serial port for a Standard DB9 serial port for a
serial-terminal system. Item (b) in serial-terminal system. Item (b) in
Figure 6 on page 30. Figure 6 on page 30.
Table 3 on page 26 lists the configuration for the FMA that is based on the HP
ProLiant hardware.
Table 3 FMA that is based on HP ProLiant (page 1 of 2)
Component FMA-4
Chassis The appliance is based on the HP ProLiant DL380 G4 hardware.
Size 2U rackmount form factor with universal rails. Dimensions: 8.6 cm (h), 44.5 cm (w),
66.1 cm (d). Weight: 27.22 kg.
Power Dual redundant 575 watt, hot-plug, power supplies. Total consumption: 5A at 120V
or 2.5A at 240 V. Item (a) in Figure 8 on page 31.
CPUs Dual Intel Xeon processors 3.6 GHz with 800 MHz front-side bus.
Disks Six 146.8 GB, SCSI, 3.5 inch 10K RPM drives in a RAID 5 configuration. Items (b)
and (c) in Figure 9 on page 31.
Table 3 FMA that is based on HP ProLiant (page 2 of 2)
Component FMA-4
RAID controller SmartArray 6i storage controller.

The storage controller buffers all writes to disk so that in the event of a critical
full-system failure. Important state information is saved even during abrupt disk or
power failure.
Remote management Not applicable.
CD-ROM CD-ROM drive for system upgrades. Item (a) in Figure 9 on page 31.
Memory 400 MHz, (4 x 1 GB), single-ranked DIMMs
Item (e) in Figure 8 on page 31. In addition, connectivity to the network is made
through four copper ports. Item (f) in Figure 8 on page 31.
VGA Standard VGA video connector for a system console. Item (g) in Figure 8 on
page 31.
Keyboard connector Standard PS/2 keyboard for a system console. Item (d) in Figure 8 on page 31.
Mouse connector Standard PS/2 keyboard connector for a system console. Item (c) in Figure 8 on
page 31.
page 31.
File Management Appliance details 27

File Management High Availability appliance details

Table 4 on page 28 lists the hardware configurations for the File Management High
Availability appliance that is based on the Dell R710 hardware.
Table 4 FMHA appliance that is based on Dell R710
Component FMHA-7
Chassis The appliance is based on Dell R710 11G hardware.
Size 2U form factor
Power Dual 570 watts
CPUs Single, 2.0 GHz, E5540 4C/4T 80 W 4 MB Cache Nehalem-EP
Disks Two 1 TB, SATA, 3.5-inch, 7.2K RPM hard drives in a RAID-1 (SW) configuration.
Items (b) and (c) in Figure 10 on page 32.
RAID controller None.
CD-ROM Read-only DVD that can read CD or DVD material for system upgrades. Item (a) in
Figure 10 on page 32.
Memory 1066 MHz, (2 x 2 GB), dual-ranked RDIMMs
Item (e) in Figure 4 on page 30.
VGA Standard VGA video connector for a system console. Item (a) in Figure 4 on
page 30.
Keyboard connector Standard USB keyboard connector for a system console. Item (d) in Figure 4 on
page 30.
Mouse connector Standard USB mouse connector for a system console. Item (c) in Figure 4 on
page 30.
page 30.
Table 5 on page 28 lists the hardware configurations for the File Management High
Availability appliance that is based on the Dell 2950 hardware.
Table 5 FMHA appliance that is based on Dell 2950 (page 1 of 2)
Component FMHA-6 FMHA-5
Chassis The appliance is based on Dell 2950 The appliance is based on Dell 2950
hardware. It is a 2U rackmount form hardware. It is a 2U rackmount form
factor with universal rails. factor with universal rails.
Size 2U rackmount form factor with universal 2U rackmount form factor with universal
rails. Dimensions: 8.6 cm (h), 44.5 cm rails. Dimensions: 8.6 cm (h), 44.5 cm
(w), 66.1 cm (d). Weight: 34 kg. (w), 66.1 cm (d). Weight: 34 kg.
Power Dual redundant 750 watt hot-plug, Dual redundant 750 watt hot-plug,
power supplies. power supplies.
CPU Single Intel Xeon 2.33 GHz Quad Core Single Intel Xeon 1.86 GHz Dual Core
processor with 1333 MHz front-side processor with 1066 MHz front-side
bus. bus.
Table 5 FMHA appliance that is based on Dell 2950 (page 2 of 2)
Component FMHA-6 FMHA-5
Disks Two 250 GB, SATA, 3.5-inch, 7.2K RPM Two 160 GB, SATA, 3.5-inch, 7.2K RPM
hard drives in a RAID 1 configuration. hard drives in a RAID 1 configuration.
Items (b) and (c) in Figure 11 on Items (b) and (c) in Figure 11 on
page 32. page 32.
RAID Controller PERC 6/I integrated controller card with PERC 5/I integrated controller card with
256 MB of battery-backed write cache. 256 MB of battery-backed write cache.
The storage controller buffers all writes The storage controller buffers all writes
to disk so that in the event of a critical to disk so that in the event of a critical
full-system failure. Important state full-system failure. Important state
information is saved even during abrupt information is saved even during abrupt
disk or power failure. disk or power failure.
CD-ROM 24x IDE CD-ROM/DVD-ROM drive for 24x IDE CD-ROM drive for system
system upgrades. Item (a) in Figure 11 upgrades. Item (a) in Figure 11 on
on page 32. page 32.
Memory 4 GB, 533 MHz (4x1 GB), dual-ranked 4 GB, 533 MHz (4x1 GB), dual-ranked
DIMMs. DIMMs.
Network Interfaces Two on-board gigabit 10/100/1000TX Two on-board gigabit 10/100/1000TX
Ethernet copper ports with RJ45 Ethernet copper ports with RJ45
connectors. Item (e) in Figure 6 on connectors. Item (e) in Figure 6 on
page 30. page 30.
VGA Standard VGA video connector for a Standard VGA video connector for a
system console. Item (a) in Figure 6 on system console. Item (a) in Figure 6 on
page 30. page 30.
Keyboard Connector Standard USB keyboard connector for a Standard USB keyboard connector for a
system console. Item (d) in Figure 6 on system console. Item (d) in Figure 6 on
page 30. page 30.
Mouse Connector Standard USB mouse connector for a Standard USB mouse connector for a
system console. Item (c) in Figure 6 on system console. Item (c) in Figure 6 on
page 30. page 30.
Serial port Standard DB9 serial port for a Standard DB9 serial port for a
serial-terminal system. Item (b) in serial-terminal system. Item (b) in
Figure 6 on page 30. Figure 6 on page 30.
File Management High Availability appliance details 29

Appliance diagrams
These photographs illustrate configurations of the FMA and FMHA based on the Dell
and HP hardware.
Figure 4 Rear view of Dell R710
Figure 5 Front view of Dell R710 with bezel removed
Figure 6 Rear view of Dell 2950
Figure 7 Front view of Dell 2950 with bezel removed
Figure 8 Rear view of HP ProLiant
Figure 9 Front view of HP ProLiant
Appliance diagrams 31
Figure 10 Front view of Dell R710 for High Availability with bezel removed
Figure 11 Front view of Dell 2950 for High Availability with bezel removed
Port details for FMA-7, FMHA-7, FMA-6, FMHA-6, FMA-5, and FMHA-5
Models FMA-7 and FMHA-7 ship with two on-board ports enabled. Figure 12 on
page 33 is a rear view of the appliance with the ports labeled.
eth0 eth1 Disabled Disabled
CNS-001354
Figure 12 FMA-7 and FMHA-7 port detail
Models FMA-6, FMHA-6, and FMHA-5 ship with two on-board ports. Figure 13 on
page 33 is a rear view of the appliance with the ports labeled.
eth0 eth1
CNS-001259
Figure 13 FMA-6, FMHA-6, and FMHA-5 port detail
Port details for FMA-7, FMHA-7, FMA-6, FMHA-6, FMA-5, and FMHA-5 33
Port detail for FMA-4

Model FM-4 ships with six copper ports. Figure 14 on page 34 is a rear view of the
appliance with the ports labeled. To help identify the ports in the schematic, note that:
◆ eth0, eth1, eth2, and eth3 are on slot 1.
◆ eth4 and eth5 are the onboard NICs.
eth0 eth1 eth2 eth3
eth5 eth4
CNS-001260
Figure 14 FMA-4 port detail
3
Deploying File
Management

◆ File Management deployment process ....................................................................... 36
◆ Appliance setup.............................................................................................................. 37
◆ File Management High Availability ............................................................................ 38
◆ Installing the virtual appliance .................................................................................... 39
◆ Configuring File Management ..................................................................................... 42
◆ Using the FMA with the Celerra Data Mover as a source........................................ 45
◆ Using File Management with the NetApp filer as a source..................................... 55
◆ Adding a Windows server to the File Management configuration ........................ 58
◆ Configuring a NAS-based repository.......................................................................... 60
◆ Using FMA with EMC Centera .................................................................................... 61
◆ Using File Management with an Atmos server ......................................................... 62
◆ Using File Management with a Data Domain server................................................ 63
◆ Backing up the configuration ....................................................................................... 64
◆ Maintaining the database.............................................................................................. 69
◆ Performing a CD clean install....................................................................................... 70
◆ Software upgrades ......................................................................................................... 71
◆ Shutting down and restarting the appliance.............................................................. 73
Deploying File Management 35

Deploying File Management
File Management deployment process

Figure 15 on page 36 illustrates the EMC File Management deployment process.
File Management Setup
1. Configure FMA networking
2. For NetApp archiving and
Celerra-EMC Centera or Celerra-Atmos
archiving, initialize recall services
Celerra to EMC Centera or

Atmos Configuration NetApp Configuration
Celerra to NAS Configuration
1. Configure FileMover API 1. Configure NetApp options
1. Configure FIleMover API 2. Configure ONTAPI
2. Configure name resolution
2. Configure DHSM 3. Configure FPolicy (vFilers only)
for recall
3. Configure DHSM
File Management Configuration

1. Configure primary NAS
2a. Configure NAS repositories
2b. Configure non-NAS repositories
Define Policies
1. Create file matching expressions
and archive destinations
2. Specify policy type, retention, delayed
stubbing, stub retention (as applicable)
Create Task
1. Create an archive, delete, or
auxiliary task
2. Select source (as applicable)
Run Simulation Task (Optional)

1. Select Run Simulation Now
2. Collect real-time results in FMA
3. Review policy efficacy against
real-time results
Run Policy Task

1. Determine optimal task scheduling
2. Select archive conditions or start
times (as applicable)
3. Monitor archiving activity for errors
CNS-001255
Figure 15 File Management process
The top of the flowchart describes deploying File Management in various

environments. “Appliance setup” on page 37 outlines this process.
In a Celerra to NAS configuration, the NAS repositories may be a Celerra Data
Mover, NetApp filer, Windows server, or Data Domain server.
Steps in the five boxes at the bottom of the flowchart are performed by using the File
Management GUI. The File Management online help describes these steps in more
detail.
Appliance setup
The appliance arrives with the software installed. Before it may be used to perform
tasks, the appliance and the software must be properly configured:
◆ If an FMA is being deployed, port details that are used to connect the appliance to
the network are provided in Chapter 2, ”File Management Appliance Hardware
and Port Configurations.”
The File Management software is preinstalled on every new appliance. If the
software must be reinstalled without preserving any previous information or
data, follow the instructions provided in “Performing a CD clean install” on
page 70.
“Software upgrades” on page 71 provides instructions to perform a CD full
upgrade or UPG upgrade.
◆ If a File Management High Availability (FMHA) appliance is being deployed,
“File Management High Availability” on page 38 describes configuration
considerations.
◆ If an FMA/VE is being deployed, follow the instructions in “Installing the virtual
appliance” on page 39.
◆ To install the appliance on the network, follow instructions provided in
“Configuring File Management” on page 42.
◆ If the system requires security hardening or any other special configuration,
Chapter 4, ”File Management System Settings,”provides information for all
system settings.
Then proceed to configure the appliance for your environment as described in:
◆ “Using the FMA with the Celerra Data Mover as a source” on page 45
◆ “Using File Management with the NetApp filer as a source” on page 55
◆ “Adding a Windows server to the File Management configuration” on page 58
◆ “Configuring a NAS-based repository” on page 60
◆ “Using FMA with EMC Centera” on page 61
◆ “Using File Management with a Data Domain server” on page 63
Appliance setup 37
File Management High Availability

File Management delivers a solution for a redundancy, which ensures that clients do
not experience data unavailability due to failure of an appliance.
When using File Management High Availability (FMHA) for recall, NetApp and
Celerra callback services are configured on the FMHA appliance. These services
handle file recall from secondary storage such as EMC Centera, Atmos, Microsoft
Windows, or Data Domain servers to primary storage, such as NetApp or Celerra.
This configuration eliminates a single point of failure for the primary callback service
and ensures transparent client access to archived data.
To fulfill requirements for high availability, recall operations can be handled by a
group of File Management or FMHA appliances. High availability does not apply to
the FMA/VE.
Celerra primary storage

For Celerra primary storage archived to an EMC Centera or Atmos, Data Movers
resolve an HTTP fully qualified domain name (FQDN) to the IP addresses of File
Management and FMHA appliances. If a Data Mover identifies multiple IP addresses
mapped to the same FQDN, it will select the first address it finds and attempt to send
the recall request. If the IP address is not responsive, the Data Mover will select
subsequent addresses for the FQDN and attempt to send the recall requests to those
addresses.
All recall requests generated by a Data Mover when resolving the FQDN are sent to a
single appliance even if multiple IP addresses are found. Each Data Mover can be
configured to send recall requests to a preferred appliance which provides
coarse-grained load balancing of recall requests at the Data Mover level. “Using the
FMA with the Celerra Data Mover as a source” on page 45 provides details on
configuring Celerra Data Movers.
Run ccdsetup or acdsetup on all FMHA appliances that will process recall requests
from the Celerra Data Movers. These scripts link multiple appliances to process recall
requests from a common set of Celerra Data Movers. “Configuring Celerra to EMC
Centera or Atmos archiving on the FMA” on page 47 provides details on ccdsetup
and acdsetup.
No additional appliances are involved in recall when the FMA archives data from
Celerra primary storage to NAS repositories serving as secondary storage. The Data
Movers use the CIFS and NFS protocols to recall data directly from secondary
storage.
NetApp primary storage

NetApp filers allow FPolicy clients (such as FMA or FMHA) to register for callbacks
in response to user access to files with specific attributes. When using File
Management, a callback will be generated when a read/write operation occurs to a
file with the CIFS offline bit set.
For NetApp primary storage, multiple appliances can register in the primary or
secondary FPolicy groups of the filer. In the event that a registered server becomes
unresponsive, it is removed from its group. Recall requests will be sent by the filer in
a round-robin fashion to the IP addresses registered in the primary group. If there are
no responsive IP addresses in the primary group, then the requests are load-balanced
across the servers in the secondary group.
Run fpsetup on the FMHA appliances that will process recall requests. Use this script
to link together multiple appliances that will process recall requests that are sent from
a common set of NetApp Filers. Later, when configuring NetApp filers, you will have
the option to select specific FM and FMHA appliances that will register in the
primary and secondary groups. “Configuring NetApp archiving on the FMA” on
page 56 provides details on fpsetup.
Appliances are always involved in recall when the FMA archives data from NetApp
primary storage to any secondary storage location. NetApp filers do not recall data
directly from Celerra, EMC Centera, or NetApp storage.
Note: A single FMHA appliance can provide redundancy for multiple FMAs. A single FMA
can have multiple FMHA appliances registered to provide redundancy. Do not use an FMA to
provide redundancy for another FMA.
Installing the virtual appliance

FMA/VE is installed on the VMware server. Table 6 on page 39 shows the
interoperability.
Table 6 VMware ESX Server interoperability with FMA/VE
VMware ESX Server Comments
ESX 3.5 Update 3 Four 64-bit virtual CPUs, 4 GB of RAM, 512 GB of disk space, 2 gigabit virtual
ESXi 3.5 Update 3 interfaces are reserved.
ESX 4.0 64-bit Intel hardware with VT support (EM64T and VT in the chip and BIOS) is
ESXi 4.0 required.
Hardware and firmware requirements for 64-bit guest operating systems are listed at
the VMware web site.
The following example shows the steps to install the FMA/VE virtual appliance on
an ESX 3.5 Server host:
1. Unzip the file to create the directory for your virtual appliance. The Zip file
contains the .OVF file and .VMDK file.
2. Open the Virtual Infrastructure (VI) Client.
Installing the virtual appliance 39

a. To find the appliance with the most free space, consider %CPU and %Memory.
b. Select the line for the ESX Server: 10.10.35.101. A summary of the CPU,
memory, and data store capacities appears.
This ESX Server has enough CPU and memory available to install the FMA/VE.
3. Import the OVF file. Instructions differ depending upon VMware version.
• For ESXi 3.5 Server, from the VI Client, select File > Virtual Appliance >
Import.
• For ESX 4.0 Server, from the VI Client, select File > Deploy OVF Template.
4. Using the Import from file selection, type the path to the OVF file or click Browse
to locate the file.
Installing the virtual appliance 41

5. After answering a few basic questions, the summary screen appears. Validate the
information and click Finish.
6. The import may take 3–30 minutes depending on the network connection
between the VI Client and the VMware ESX Server. Approximately 600 MB will
initially be transferred across the network.
If the FMA/VE will be configured for Celerra to EMC Centera archiving, use
FileMover Settings as described in step 3 of “Adding a Celerra to the File
Management configuration” on page 45 to configure the single set of credentials for
recall. Then run ccdsetup.sh or acdsetup.sh as described in “Configuring Celerra to
EMC Centera or Atmos archiving on the FMA” on page 47 .
Configuring File Management

Before proceeding with the setup, ensure that you have the following information for
each appliance:
◆ IP address
◆ Subnet mask
◆ Hostname
◆ Default gateway IP
◆ DNS server IP (optional)
1. Set up the appliance:
• For an FMA or FMHA appliance, connect the keyboard, monitor, and mouse
to the appliance. The serial cable provided with the FMA and a
HyperTerminal on a PC or laptop may be used. Connect the power cord and
power on the appliance.
• For an FMA/VE, power on the appliance.
2. Log in to the appliance by using the local keyboard and monitor. Type root as the
login name. Type rain as the password.
The Rainfinity setup tool appears. This tool performs basic setup tasks that are
not available through the File Management GUI.
3. Select Change File Management Appliance Password, and change the password.
4. Select Configure Date and Time to set the time zone and date for the appliance.
5. Select Configure File Management Networking. The network configuration
menu appears.
Use the menu to change interface settings or set global settings such as hostname,
domain, and DNS servers.
Configuring the FMA network

To configure the FMA network:
1. Select option 1 from the Network Configuration menu. The File Management
Network Setup, Main Menu appears.
On the list of available physical interfaces on the appliance, eth0 appears
highlighted. To highlight a different interface, use the up arrow and down arrow
keys.
2. With eth0 highlighted, press Enter. The configuration menu for the eth0 interface
appears:
• Use the up arrow and down arrow keys to highlight the IP address field. Press
Enter and type a new IP address value into the New Value column. Press
Enter.
• Repeat the process to provide the subnet mask, gateway, and MTU settings.
3. When the configuration for this interface is complete, press the left arrow key to
exit the eth0 interface configuration.
4. To save the interface configuration, select Yes and press Enter. Note that the
changes are saved, but will not be implemented until the File Management
Network Setup menu is exited.
5. Press the left arrow key to exit from the File Management Network Setup, Main
Menu. When prompted, select Yes to save your changes.
Configuring the hostname, domain, and DNS server

Configure the hostname, domain, and DNS servers:
1. Select option 2 from the network configuration menu. The following menu
appears:
EMC Rainfinity Setup Tool (Configure Hostname, Domain and DNS
Server(s))
Hostname = rs
Domain =
DNS Server =
Do you want to change the configuration [Y/N]?

2. Type Y. Use the menu to configure the hostname, domain, and DNS servers.
The new hostname, domain, and DNS server information is summarized after all
the changes are entered, and you are given the ability to accept or make further
changes to these settings. To keep the new settings and return to the network
configuration menu, press Enter.
Configuring File Management 43

3. Verify that the network configuration has been saved and network connectivity
can be established properly.
Graphical user interface

To access the graphical user interface from a web browser:
1. In the navigation field of the web browser, type the IP address of the appliance.
2. Type the username and password for the default account which are:
• Username: admin
• Password: rain
Tabs appear as follows:
◆ Schedule — Displays a list of scheduled tasks that are currently being processed
and the status of each task.
◆ Archived Files — Displays an archived file report. Also provides a search option
to find archived files, recover stub files, and delete orphan files.
◆ Policies — Provides options that apply to creating and managing policies,
including:
• A list of policies, file matching expressions, and NAS destinations.
• Create new policy.
• Create new file matching expression.
• Create new NAS destination.
◆ Configuration — Provides configuration of users, passwords, logging, primary
servers, and secondary destination servers.
Command line interface

As an alternative to the GUI, you can use a command line interface to send
commands to the File Management daemon.
To log in to the CLI by using SSH, the default username and password are:
◆ Username: root
◆ Password: rain
The most commonly used commands are:
◆ fmsupportdump — Creates a dump of the appliance's current state for technical
support.
◆ rffm — Configures the appliance and issues all commands that the GUI interface
supports. To see a list of all commands available, type rffm --help or to view the
man page for more detailed help, type man rffm.
◆ fmbackup/fmrestore — Backs up and restores the configuration as described in
“Backing up the configuration” on page 64.
◆ rssystat — Displays statistics about the FMA.

Man pages for the command line tools are stored in the software installation
directory. To accesss the man pages, type man command_name as in, man rssystat.
Using the FMA with the Celerra Data Mover as a source

To use the FMA with a Celerra Data Mover, first perform configuration steps on the
appliance, and then on the Celerra Control Station.
Adding a Celerra to the File Management configuration

1. Click the File Servers link on the Configuration tab. The File Server List appears.
Click New.
2. On the File Server Properties page that appears, select Celerra from the Type list
box.
3. Click FileMover Settings.

The FileMover Settings page appears.
Using the FMA with the Celerra Data Mover as a source 45

Type the username and password for FileMover API authentication and callback
HTTP authentication. The system uses this username and password to create an
HTTP connection by using XML API.
This same username and password are used when creating the FileMover API
user in step 2 of “Prerequisite on the Celerra Control Station” on page 50.
4. Specify the following for the Celerra FileMover:
• Basic File Server Information — Type the Celerra name and select the DART
version from the list. If the Data Mover will be involved in CIFS archiving, the
NetBIOS name of the CIFS server must be used. Do not use the fully qualified
domain name (FQDN) or IP address.
Note: To identify the Celerra as a Virtual Data Mover, select the checkbox. Virtual Data
Movers support only the CIFS protocol.
• IP Addresses — Type the Celerra Data Mover IP address:

– When editing an existing server, click Update to retrieve the IP address
from the DNS that is based on the server name.
– To specify an additional IP address, click Add.
– To delete an existing IP address, select an IP and click Delete.
• Control Station — For DART 5.6, type the IP address of the Celerra Control
Station. This allows File Management to automatically perform some
preconfiguration steps for archiving. If this field is empty, the FMA takes no
action. The preconfiguration steps must be performed manually.
• CIFS Specific Settings — This is the Windows domain user to be used by the
appliance. The domain user must be a member of the local administrator’s
group on the Celerra. “Windows domain user” on page 95 provides more
information.
Note: The CIFS credential is not required if the Celerra performs only NFS archiving.
• Celerra as Source — This option configures File Management to archive data

from the Celerra Data Mover. If more than one appliance is connected to the
same Celerra Data Mover, configure only one appliance with this option. This
option is required only if the Celerra is serving as a source for archiving. It is
not required if the Celerra will be used only for NFS archiving.
! CAUTION
Multiple appliances may be configured to archive data from a single Celerra
Data Mover, but more than one FMA or FMA/VE should never be used to
archive data from a single filesystem.
• Celerra Callback Agent Settings

This option is required if archiving to an EMC Centera. For the CCD DNS
name, type the FQDN of the Celerra Callback DNS entry. Note that the FQDN
is case-sensitive.
• Atmos Callback Agent Settings
This option is required if archiving to an Atmos server. For the ACD DNS
name, type the FQDN of the Atmos Callback DNS entry. Note that the FQDN
is case-sensitive.
Note: The DNS names for the Celerra Callback agent and Atmos Callback agent must
be distinct. They cannot be the same.
• Directory Exclusion List — These are the directories to exclude for all tasks.
File Management ignores all system directories such as, etc, lost+found, and
ckpt by default.
5. Click Commit to define the Celerra FileMover.
Configuring Celerra to EMC Centera or Atmos archiving on the FMA

To archive from a Celerra to an EMC Centera or Atmos, configure the Celerra
Callback Service so that the FMA is in the recall path.
Configure the Celerra Callback Service to recall from EMC Centera

To configure recall from the EMC Centera:
1. From the console on the appliance which is the primary callback agent, log in as
root.
2. Type ! to escape to the command line and type:
/opt/rainfinity/filemanagement/bin/ccdsetup.sh init_rffm
3. Type n when the following message appears:
By default the Celerra Callback Daemon will connect to the File
Management service on the local machine.
Do you wish to configure another File Management Machine? (y/n)
4. If there is a secondary callback agent such as an FMHA appliance, log in on that
agent as root, and repeat step 2 and step 3. In step 3, type y to provide the IP
address and the root password of the primary callback agent.
If an invalid IP address is provided, the CelerraCallbackDaemon.stdout file
located in /var/log/rainfinity/filemanagement will fill with errors to indicate
that there was no response from the primary agent. To correct the problem, repeat
step 2 through step 4 of this procedure.
Configure the Celerra Callback Service to recall from Atmos

To configure recall from the Atmos:
1. From the console on the appliance which is the primary callback agent, log in as
root.
2. Type ! to escape to the command line and type:
/opt/rainfinity/filemanagement/bin/acdsetup.sh init_rffm
3. Type n when the following message appears:
By default the Atmos Callback Daemon will connect to the File
Do you wish to configure another File Management Machine? (y/n)
4. If there is a secondary callback agent such as an FMHA appliance, log in on that
agent as root, and repeat step 2 and step 3. In step 3, type y to provide the IP
address and root password of the primary callback agent.
If an invalid IP address is provided, the AtmosCallbackDaemon.stdout file
located in /var/log/rainfinity/filemanagement will fill with errors to indicate
that there was no response from the primary agent. To correct the problem, repeat
step 2 through step 4 of this procedure.

Configure name resolution

When the Celerra Data Mover needs to establish a connection to the appliance to
recall data from an EMC Centera or Atmos, it tries to resolve the FQDN from the
HTTP DHSM connection in its local hosts file. If it cannot be resolved locally, the Data
Mover will use DNS.
◆ To use local hostname resolution:
a. Log in to the Celerra Control station as root and mount the Data Mover to edit
the local hosts file with vi:
mount server_2:/ /mnt/source
cd /mnt/source/.etc
vi hosts
where server_2 is the name of your Celerra Data Mover.
b. Edit the host file to add one line for each appliance, similar to the following
example:
10.0.0.1 <rainccd.domain> # CCD on FMHA
10.0.0.2 <rainccd.domain> # CCD on FMA
10.0.0.3 <rainccd.domain> # CCD on FMA/VE
10.0.0.1 <rainacd.domain> # ACD on FMHA
10.0.0.2 <rainacd.domain> # ACD on FMA
10.0.0.3 <rainacd.domain> # ACD on FMA/VE
where:
– rainccd.domain is the FQDN that will be used to create the HTTP DHSM
connection described in“Celerra Callback Agent Settings” on page 46.
– rainacd.domain is the FQDN that will be used to create the HTTP DHSM
connection described in “Atmos Callback Agent Settings” on page 46.
c. Save the file and confirm that the Celerra Control Station is not mounted to the
Data Mover:
cd ~
umount /mnt/source
Note: A bug in versions of DART 5.5 prior to 5.5.33.204 will prevent the Data Movers from
properly resolving hostnames that use the local hosts file. Upgrade to the latest version of
DART 5.5 if local hostname resolution will be used to identify the CCD.
◆ To use DNS:
a. Create a DNS entry for the callback daemon that points to the appliance.
b. Create multiple entries by the same name for each callback appliance.
c. For each entry that is created, select the checkbox for Create associated
pointer (PTR) record to ensure that it will be included in the Reverse Lookup
Zones list.
Note: The Celerra FileMover supports DNS HA failover. If the DNS server resolves the callback
daemon hostname to multiple IP addresses, the Celerra FileMover transparently switches to
the server at the next available IP address.
Prerequisites for using Celerra as an archiving source

To archive data from a Celerra Data Mover, the appliance requires access to the
FileMover API (TCP port 5080).
To archive NFS data, the appliance needs the following:
◆ Mount v3 RPC service
◆ NFS v3 RPC service
◆ NLM v4 RPC service
◆ Root and read/write export permissions for all NFS data that will be archived
To archive CIFS data, the appliance needs SMB over NetBIOS (TCP port 139).
Direct command line access to the Celerra Control Station is not used by the
appliance.

When configuring a Celerra Data Mover on the appliance, plan to provide:

◆ Credentials for a FileMover API user. This single set of credentials is used for
both archive and recall.
◆ (For CIFS archiving only) Credentials for local administrator access through CIFS.
◆ (For CIFS archiving only) The NetBIOS name of the filer.
Prerequisite on the Celerra Control Station

If a Celerra has not been configured as a source for archiving, perform the following
steps:
1. Enable filename translation on the Celerra Control Station.
The FMA, FMHA, or FMA/VE expects that all filenames are derived from the
Celerra Network Server in UTF-8 format. To preserve filenames correctly:
a. Log in to the Celerra Control Station as nasadmin.
b. Use a text editor to open the file: /nas/site/locale/xlt.cfg.
c. Locate the last line of the file. Typically the last line appears as:
::::8859-1.txt: Any thing that didn’t match above will be assumed
to be latin-1
Add the following line immediately above the last line:
::FMA_IP_ADDR::: FMA requires no translation (UTF-8)
where FMA_IP_ADDR is the IP address of your appliance.
d. To update the configuration, type:
/nas/sbin/uc_config -update xlt.cfg
e. To verify the new configuration, type:
/nas/sbin/uc_config -verify FMA_IP_ADDR -mover ALL
where FMA_IP_ADDR is the IP address of your appliance. Output will appear
in the format:
server_name : FMA_IP_ADDR is UTF-8
2. Create the FileMover API user. Log in to the Celerra Control Station CLI as root
and type the command:
/nas/sbin/server_user <data_mover> -add -md5 -passwd <user>
For example: /nas/sbin/server_user server_2 -add -md5 -passwd rffm
3. Allow the IP addresses of the FMA, FMHA, or FMA/VE to open connections to
the FileMover interface. While logged in to the Celerra Control Station as an
administrator (such as “nasadmin”), run the following command for all IP
addresses of all appliances that will perform archiving or service recall requests
for the Data Mover:
server_http <data_mover> -append dhsm -users <user> -hosts
<ip_address>
For example: server_http server_2 -append dhsm -users rffm -hosts
192.168.0.100,192.168.0.101, <FMA_IP_address>
Note: A single Celerra Data Mover can be configured as an archiving source with multiple
appliances, but more than one FMA or FMA/VE should never be used to archive data
from a single filesystem.
4. Enable DHSM (FileMover) for the Data Mover. DHSM was disabled by default
with Celerra DART 5.6 and later. To enable DHSM and keep it enabled if the Data
Mover reboots, run the following command once:
server_http <data_mover> –service dhsm –start
5. Enable DHSM for specific filesystems that will be used as archiving sources. To
enable DHSM and keep it enabled if the Data Mover reboots, run the following
command once per filesystem.
fs_dhsm -modify <primary_fs> -state enabled
For example: fs_dhsm -modify fileSystem1 -state enabled
6. Ensure that the DHSM offline attribute is enabled for filesystems that will be used
for archiving. To verify that the offline attribute is on, run the command:
fs_dhsm -i <fs_name> | grep ’offline attr’
• If the offline attribute is on, the following line will appear:
offline attr = on
• If the offline attribute is off, turn it on with the command:
fs_dhsm -m <fs_name> -offline_attr on
Note: Once the offline attribute is set to on, it must remain on or File Management
archiving will not work.
Create one or more connections from the Data Mover to the secondary storage
locations for each filesystem that will be archived. Each CIFS or NFS repository used
to store archived data needs to be configured as a DHSM connection for the Celerra
filesystem. If data will be archived to an EMC Centera or an Atmos cluster, a DHSM
connection that uses the HTTP protocol needs to be configured for the filesystem.
Configuring automatically created DHSM connections

FMA, FMHA, or FMA/VE can automatically create DHSM connections for Celerra
systems that run DART 5.6.
To configure this feature, perform the following steps on the Celerra and the
appliance:
1. Check to see if the XML API server is running. As root user on the Celerra, type:
ps -ef | grep start_xml_api_server | grep -v grep
The following example shows a server that is already running:
[root@celerra01 sbin]# ps -ef | grep start_xml_api_server | grep -v
grep
root 14821 3226 0 15:41 ? 00:00:00 /bin/sh
/nas/sbin/start_xml_api_server
• If it is running, restart the server by typing:
/nas/sbin/hup_api
• If it is not running, start the server by typing:
/nas/sbin/start_xml_api_server

If the server fails to start or restart:

a. Delete the file /nas/api/exit_now.
b. Delete the file /nas/api/api_retry.
c. Repeat the process to check if the server is running and to start it.
If the XML API server still fails to start, contact Celerra support.
2. Start the DHSM HTTP server on the Celerra:
server_http <data_mover_name> -service dhsm -start
3. Create a new system user for the XML API and FileMover API operations. Use
the API GUI on the Celerra Control Station:
a. Log in as root and select: Security > Administrators > Users > New.
The New User screen appears.
b. Define a new system user:

– In the root group.
– With client access option XML API v2 allowed.
This is the user for FileMover API settings on the FMA, FMHA, or FMA/VE. Use
the same username and password that was defined for the FileMover API user in
in step 2 of “Prerequisite on the Celerra Control Station” on page 50. If the user
cannot be added to the root group, use the filemover group instead.
Password Expiration appears blank, but DART 5.6 may fix a number of days. If
the password expires, the FMA will be unable to connect to the Data Mover to
automatically create DHSM connections. When a user password is updated or
changed on the Celerra Control Station, update the FileMover settings for the
Celerra Properties on the appliance as in step 3 of “Adding a Celerra to the File

Management configuration” on page 45 and update the DHSM connection password
with the command:
fs_dhsm -connection <primary_fs> -modify <cid> -password
<new_password>
4. Define Celerra Data Mover properties on the FMA or FMA/VE. “Adding a

Celerra to the File Management configuration” on page 45 describes the
following properties in greater detail:
• For Control Station, provide the Control Station IPs for DART 5.6.
• For FileMover Settings, type the username and password that were created for
the new system user.
If DHSM connections do not exist, the FMA automatically creates the connections
before running each archiving task.
Configuring manually created DHSM connections

DHSM connections must be created manually if any of the following conditions
apply:
◆ DART 5.6 is not being used.
◆ DART 5.6 is being used, but with an NFS-exported filesystem on a VDM.
◆ File Management is not being used to automatically create DHSM connections.
Commands to create the connection for different archiving scenarios are provided as
follows:
◆ When archiving CIFS data to NAS, you archive to a CIFS repository configured
on the appliance.
Create a connection to each CIFS repository that will hold archived data. This
setting applies to any repository that is part of a multi-tier destination. Log in to
the CLI of the Celerra Control Station and type the command:
fs_dhsm -connection <primary_fs> -create -type cifs –admin
‘<fqdn>\<domain_administrator>’ –secondary
‘\\<fqdn_of_secondary_server>\<repository_path>’ -local_server
<local_cifs_server>
For example: fs_dhsm -connection fileSystem1 -create -type cifs -admin
'mydomain.prv\administrator' -secondary '\\oldServer.mydomain.prv\FMA\'
-local_server ns80dm1
Note: Use the apostrophe instead of quotation marks to encapsulate the CIFS
administrative username and UNC path of the secondary storage location.
◆ When archiving NFS data to NAS, you archive to an NFS repository configured
on the appliance.
Create a connection to each NFS repository that will hold archived data. Log in to
the CLI of the Celerra Control Station, and type the command:
fs_dhsm -connection <primary_fs> -create -type nfsv3 –secondary
‘<fqdn_of_secondary_server>:/<repository_path>’ -proto TCP
–useRootCred True
For example: fs_dhsm -connection fileSystem1 -create -type nfsv3 –secondary
‘oldServer.mydomain.prv:/FMA’ -proto TCP –useRootCred True

◆ When archiving any type of data to an EMC Centera CAS or Atmos server, recall
requests will flow from the Data Mover to FMA, FMHA, or FMA/VE.
• To create the connection for an EMC Centera, log in to the CLI of the Celerra
Control Station, and type the command:
fs_dhsm -connection <primary_fs> -create -type http –secondary
'http://<fqdn for CCD>/fmroot' -httpPort 8000 -cgi n -user <user>
For example: fs_dhsm -connection fileSystem1 -create -type http –secondary
'http://CCD01.mydomain.prv/fmroot' -httpPort 8000 -cgi n -user rffm
When prompted, type a password for the ‘rffm’ user.
• To create the connection for an Atmos server, log in to the CLI of the Celerra
Control Station and type the command:
fs_dhsm -connection <primary_fs> -create -type http –secondary
'http://<fqdn for ACD>/fmroot' -httpPort 9000 -cgi n -user <user>
For example: fs_dhsm -connection fileSystem1 -create -type http –secondary
'http://ACD01.mydomain.prv/fmroot' -httpPort 9000 -cgi n -user rffm
When prompted, type a password for the ‘rffm’ user.
These same settings are used in “Adding a Celerra to the File Management
configuration” on page 45.
• The FQDN for the callback daemon is used for “Celerra Callback Agent
Settings” on page 46 or “Atmos Callback Agent Settings” on page 46. The
FQDN must be distinct even if the the Celerra and Atmos callback daemons
are running on the same appliance.
• The same user and password credentials are used for FileMover Settings in step 3.
Regardless of the type of connection (CIFS, NFS, or HTTP), the target of a connection
should be specified as a hostname or FQDN in the command:
fs_dhsm -connection <primary_fs> -create
◆ When a Celerra Data Mover needs to establish a connection to secondary storage,
it first attempts to resolve the hostname in the local hosts file. If the name cannot
be resolved locally, the Data Mover then issues a DNS query.
◆ When archiving to NAS from Celerra, a DNS record is required to resolve the
FQDN of the secondary storage server to IP addresses if the local hostname
resolution of the Celerra is not going to be used. A PTR record (reverse DNS) is
also required to map the IP addresses of the secondary storage server to the
FQDN.
Note: The Celerra File Level Retention (FLR) enabled filesystems cannot be used as an
archiving source.
Using File Management with the NetApp filer as a source

To use File Management with a NetApp filer, first configure the filer, and then
configure the appliance.
Prerequisites for using NetApp as an archiving source

To archive any data from a NetApp filer, the FMA, FMHA appliance, or FMA/VE
requires access to:
◆ SMB over NetBIOS (TCP port 139)
◆ ONTAPI (TCP port 80)
In addition, to archive NFS data, the FMA, FMHA appliance, or FMA/VE will
require the following:
◆ Portmap v2 RPC service (TCP port 111)
◆ Mount v3 RPC service
◆ NFS v3 RPC service
◆ NLM v4 RPC service
◆ Root and read/write export permissions for all NFS data that will be archived
◆ inode to pathname mapping is enabled for NFS clients that will access stub files
When configuring a NetApp filer on the FMA or FMA/VE, plan to provide:
◆ All IP addresses that are used by the filer
◆ Credentials for local administrator access through both CIFS and ONTAPI
◆ The NetBIOS name of the filer
Note: If a NetApp filer leverages its vScan interface for virus scanning, the IP addresses of the
vScan servers must be configured on the appliance as excluded clients on the NetApp FPolicy
Special Clients configuration page in the GUI. This allows the virus scanner to scan the stub
file upon a recall event. Failure to configure excluded clients properly will lead to recall
failures when vScan is used in conjunction with FPolicy.
Direct command line access through Telnet or SSH is not used by File Management.
However, ONTAPI access is used to send a variety of API calls and hence the
requirement for a local administrator’s credentials. If a user other than root is
specified, then the following option must be set:
options httpd.admin.hostsequiv.enable on
Ensure that the appliance hostname:
◆ Can be resolved to its IP addresses in the local /etc/hosts file of the NetApp filer.
◆ Maps to a user with privileges to access the ONTAPI interface in the
/etc/hosts.equiv file on the filer.
Additional configuration prerequisites vary, depending upon the existing network
environment:
◆ For NetApp filers that run Data ONTAP 7.2 or later, disable duplicate session
detection by setting:
options cifs.client.dup-detection off
Using File Management with the NetApp filer as a source 55

◆ To properly support stub files, NetApp FPolicy requires a particular CIFS offline
bit attribute on the stub files:
• The CIFS protocol must be enabled on the NetApp filer to archive either CIFS
or NFS datasets. An active CIFS license must be installed on all file servers that
are archive sources.
• NFS-only exports must be shared as well.
◆ To properly recall stub files, FPolicy must be enabled (options fpolicy.enable on)
and rfpolicy must be the only screen policy registered for reads and writes. If a
policy that monitors stub files on the NetApp filer was previously installed,
manually delete it.
◆ To configure NFS archiving, perform the following steps on the NFS-only source
directories:
1. Create a share at the qtree or volume level for qtree sources.
2. Create a share at the volume level for non-qtree sources, that is, those not part
of any qtree.
3. Add access to only the File Management user.
Note: File Management does not support name clashes on qtrees. For example, QTREE1
against qtree1.
vFiler configuration
Additional configuration prerequisites apply to vFiler support for NetApp filers that
run ONTAP 7.1:
◆ Manually create rfpolicy configuration on the vFiler with the commands:
fpolicy create rfpolicy screen
fpolicy enable rfpolicy
fpolicy options rfpolicy required on
◆ Manually configure secondary FPolicy servers with the command:
fpolicy options rfpolicy secondary_servers ip,ip
To use NetApp vFilers with File Management, ensure that:
◆ The FMA can access to both the vFiler and the hosting NetApp filer.
◆ vFilers and main filers are in IP spaces that can reach each other.
Configuring NetApp archiving on the FMA

To archive from the NetApp filer, configure the FPolicy callback service on the FMA,
FMHA appliance, or FMA/VE.
1. Type the following:
/opt/rainfinity/filemanagement/bin/fpsetup.sh init_rffm
2. At the prompt that appears, select the interface on which the FPolicy callback
daemon should listen for callbacks from NetApp filers. If there is only one
interface, it will be selected automatically:
• If this is the primary callback agent in the environment, type n.
• If this machine is being configured as the secondary callback agent, type y.

When prompted, type the IP address and the root password of the primary
agent.
Adding a NetApp filer to the File Management configuration

1. Click the File Server link on the Configuration tab. The File Server Properties
dialog box appears. Select NetApp from the Type list box.
2. Specify the following for the NetApp file server:

• Name — Type the NetApp filer NetBIOS name.
• IP Addresses — Type the NetApp filer IP address.
– To specify an additional IP address, click Add. The IP address is added to
the list.
• Vfiler Host IP — If using a vFiler, type the IP address of the hosting NetApp
filer.
appliance. To avoid permission issues during archiving and recall, add this
user as a member of the domain administrator group with backup operator
privileges. If this user cannot be added to the domain administrator group,
add it to the file server's local Administrators group with backup privileges.
“Windows domain user” on page 95 provides more information on
administering domain users.
Note: For NetBIOS Domain, use the NetBIOS domain name and not the FQDN. For
example, use emc and not emc.com.
Using File Management with the NetApp filer as a source 57

• NetApp as Source — This option configures the FMA to archive data from the
NetApp filer. If more than one FMA is connected to the same NetApp filer,
configure only one FMA with this option. These options are not required if
this NetApp is used as a destination.
! CAUTION
If more than one FMA is configured to archive data from a single NetApp
filer, data loss may occur.
• NetApp Local Admin — Type the username and password of a user on the
NetApp filer. The user must be a member of the NetApp local administrator’s
group.
• Directory Exclusion List
These are the directories to exclude for all tasks. File Management ignores all
system directories such as etc, lost+found, .snapshot by default.
• NetApp FPolicy callback agents
The primary agent recalls all files when it is registered with the NetApp. A
secondary agent recalls files when the primary is unavailable.
– If the FPolicy callback agent is not explicitly configured as a secondary
agent, then it is a primary agent and the NetApp file server will load
balance between the registered primary agents.
– If no primary agents respond, then the NetApp filer will contact any of the
registered secondary agents. When one of the primary agents is responsive
again, the NetApp filer will automatically fail back to the primary agent.
For the primary agent, select the agent that is on the same subnet as the
NetApp machine. For the secondary agent, select another agent on the same
subnet. If no such agent exists, select an agent on the next physically closest
subnet. Up to two secondaries are supported. Secondary agents may include
FMHA appliances.
3. Click Commit to define the NetApp filer.
Adding a Windows server to the File Management configuration

Windows 2003 and 2008 servers are supported as CIFS NAS destinations. Configure
File Management to archive to a Windows server.
2. Click New. The File Server Properties page appears.
3. Select Windows from the Type list box. The Windows Properties page appears:
4. Specify the following for the Windows server:

• Name — Type a name to identify the Windows server.
• IP Addresses — Specify the IP address of the Windows server.
– To specify an additional IP address, click Add. The IP address is added to
the list.
– To delete an existing IP address, choose an address and click Delete.
appliance. The domain user must be a member of the local administrator’s
group on the Celerra. “Windows domain user” on page 95 provides more
information.
5. Click Commit to define the Windows server.
Adding a Windows server to the File Management configuration 59

Configuring a NAS-based repository

Any Celerra Data Mover, NetApp filer, Windows, or Data Domain server can be
configured as a NAS-based repository.
Note: The appliance must have read/write access to any share or export that may be used as an
archive source or destination. In addition, the appliance must have read/write permission for
any file that it may archive.
1. Click NAS Repository and NAS group on the Configuration tab. The NAS
Repository List and NAS Group List page appears.
2. For Create NAS Repository, click New. The Create New NAS Repository dialog
box appears.
3. Specify the following for the NAS repository:

• File Server — Select a file server from the list.
Note: The file server must have a proper DNS entry defined that links the file server
name with the IP address.
• Protocol — Select NFS or CIFS. The source and repository protocol types must
match.
– If the source protocol is CIFS, the NAS repository protocol must be CIFS.
– If the source protocol is NFS, the NAS repository protocol must be NFS.
If the CIFS protocol is selected, use the CIFS user in the filesystem CIFS DHSM
connection string for CIFS specific settings when configuring the primary
storage on the appliance:
– “Adding a Celerra to the File Management configuration” on page 45
provides details on configuring this setting for Celerra NAS.
– “Adding a NetApp filer to the File Management configuration” on page 57
provides details on configuring this setting for NetApp.
– “Adding a Windows server to the File Management configuration” on
page 58 provides details on configuring this setting for Windows.
• Path — Click Browse to select an existing path.
Once the path is specified, a name in the form of Repository at <path>
appears in the Name field.
• Maximum limit of disk usage — Type a percentage value for disk usage.
Default value is 90%.
4. Click Save Repository. The NAS Repository List reappears with the new NAS
repository listed.
Using FMA with EMC Centera

3. Select Centera from the Type list box. The Centera Properties page appears:
4. Specify the following for EMC Centera:

• Name — Type a name to identify the EMC Centera.
Using FMA with EMC Centera 61

• Access Node IP — Specify the IP address of the EMC Centera access node:
– To specify an additional access node IP, click Add. The IP address is added
both to the list and as an entry in the Access Node String field. If an EMC
Centera cluster is being used, a hostname can be used in place of an IP
address.
– To delete an existing node, select a node IP and click Delete.
• Access Node String — This is automatically generated when the Access Node
IP address is added or deleted. You cannot type data directly into the field.
• Authentication
Select from one of the three choices:
– Anonymous — If selected, no security is used to authenticate with EMC
Centera.
– User profile — If selected, type the username and password of the EMC
Centera profile that is to be used for archiving.
– PEA file — This option requires that a profile and pool entry authorization
(PEA) file was created to access EMC Centera, and that a copy of the PEA
file resides on the File Management Appliance. If selected, the PEA file is
used to authenticate the File Management connection with EMC Centera.
Type the path to the file on the local machine or browse for the file. A copy
of the file will be stored with the File Management configuration.
5. Click Commit to define EMC Centera.
Using File Management with an Atmos server

The Atmos cloud-optimized storage product is supported as an archiving
destination. Configure File Management to archive to an Atmos.
3. Select Atmos from the Type list box. The Atmos Properties page appears.
4. Specify the following for Atmos:

• Name — Type a name to identify the Atmos.
• DNS Name — Specify the name used to resolve the IP addresses in the Atmos
cluster.
• Port — The GUI access method. HTTPS is the default and is typically used
when Atmos is deployed remotely.
– HTTP connects through port 80.
– HTTPS connects through port 10080.
• Username — Type the name that corresponds to a user ID with access to
storage on the cluster. This username is created on Atmos first.
• Password — Type the password or shared secret that was generated when the
username was created on Atmos.
5. Click Commit to define Atmos.
Using File Management with a Data Domain server

The EMC Data Domain storage product is supported as an archiving destination.
Configure File Management to archive to Data Domain.
3. Select Data Domain from the Type list box. The Data Domain Properties page
appears.
Using File Management with a Data Domain server 63

4. Specify the following for Data Domain:

• Name — Type a name to identify the Data Domain server.
• IP Addresses — Type the IP address of the Data Domain server:
– To specify an additional IP address, click Add. The IP address will be
added to the list.
5. Click Commit to define Data Domain server.
Backing up the configuration

The FMA and FMA/VE contain configuration information and critical database
tables. The FMHA appliance contains no persistent data. If data on an FMHA
appliance is lost, the FMHA software must be reinstalled. “Performing a CD clean
install” on page 70 provides details on reinstalling software.
If data on an FMA or an FMA/VE is lost, the software must be reinstalled and the last
backup copy of the configuration and database tables must be restored. For this
reason, backup the FMA or FMA/VE configuration and the critical database tables
nightly.
Note: Task and simulation log files are not included in a backup. To preserve these files, copy
the /opt/rainfinity/filemanagement/log/fws directory to secure storage either periodically or
before performing a CD clean install.
The backup feature uses the following process:

◆ File Management provides backup scripts to dump appropriate critical data into a
gzipped tar file (.tgz).
◆ The user copies the tar file to the EMC Centera machine or to other secure storage.
Disaster recovery uses a restoration script to reconstruct the system configuration
from the tar file.
Creating a backup dump

Regular backups may be scheduled to run automatically.
1. On the Configuration tab, select Backup and Recovery Settings.
Under File Management Backup Destination, specify:

• The number of backups — The default value is 5.
• Select Destination — The EMC Centera or NAS repository where the backup
files will be stored.
• Select Disaster Recovery Location — The NFS export where the backup
catalog file (DBBackup.out) will be stored.
2. On the Schedule tab, select Schedule a new task.
• Under Select Task Type, select Auxiliary and Backup.

• Under Select Start Time, schedule the repeating time for backups to run.
Backing up the configuration 65

To perform a nonrecurring backup, or to perform a backup immediately, run the

script:
/opt/rainfinity/filemanagement/bin/fmbackup
When the backup is complete, the system returns the message:
Done. The backup has been output into /tmp/DUMPFILE.
where DUMPFILE is a unique filename generated by the backup script.
Restoring a backup dump

Backups are typically restored after a system failure. To restore a backup, start with a
freshly installed appliance. Steps are performed from both the GUI and the command
line.
1. Configure networking. “Configuring the FMA network” on page 43 provides
details.
2. Configure the hostname, domain, and DNS servers. “Configuring the hostname,
domain, and DNS server” on page 43 provides details.
3. Configure the destination for the restored files.
• If the backup files were archiving to an EMC Centera, configure an EMC
Centera as the destination for the restored files. “Using FMA with EMC
Centera” on page 61 provides details.
• If the backup files were archiving to a NAS repository, configure a NAS
repository as the destination for the restored files. “Configuring a NAS-based
repository” on page 60 provides details.
4. Mount the NFS export where the backup catalog file (DBBackup.out) is stored.
This is the disaster recovery location described in step 1 of “Creating a backup
dump” on page 65.
5. Copy DBBackup.out to /opt/rainfinity/filemanagement/conf.
6. On the Configuration tab in the GUI, select Backup and Recovery Settings.
Under Recover File Management, select the .tgz file to restore and click Restore.
The backup file will be restored to /var/fmrestore.
7. Using database information from DBBackup.out, a restoration script reconstructs
the system configuration from the .tgz file selected in step 6. To run the script,
type:
/opt/rainfinity/filemanagement/bin/fmrestore <backup_file.tgz>
As the restoration occurs, the system will prompt for input to:
• Confirm restoration.
• Start the FPolicy callback service for a NetApp.
• Start the callback daemons for Celerra and for Atmos.
At each prompt, type y. When asked if you want to add another server, type n.
If restoring data to the same machine, File Management automatically restarts at the
conclusion of the restoration process. If restoring data to a different machine, File
Management must be manually restarted. Also, original network configuration files,
such as /etc/hosts, may need to be manually edited to reflect the new IP and
hostname of the new machine.
Typical output of the fmrestore script is as follows:
[root@fm2 bin]# fmrestore /var/fmbackup_7.3_fm2.Sun_27-09-09_08_13.tgz
Expanding /var/fmbackup_7.3_fm2.Sun_27-09-09_08_13.tgz in /var...
This will overwrite your configuration and database. Are you sure?
Press any key to continue or abort now...
Stopping FileManagement GUI...

Stopping Tomcat server [ OK ]
Stopping FileManagement...
Stopping File Management watchdog [ OK ]
Stopping File Management [ OK ]
Empty the current database...
Restore configuration and database...

Starting ntpd:
Starting FileManagement GUI...

Starting Tomcat server [ OK ]
Starting FileManagemnt...
Starting rslogd (already running): [ OK ]
Starting rslogd Monitor (already running): [ OK ]
Starting File Management [ OK ]
Starting File Management watchdog [ OK ]
rssystatd is running
Do you want to setup FPolicy Callback Service, y/n?

y
Warning: configuration file,
/opt/rainfinity/filemanagement/conf/fcd.xml, already exists. If you
select to remove it, all the previous configurations will be missing.
Do you wish to remove and recreate it? (y/n)y
Stopping FPolicy Server watchdog [ OK ]
Stopping FPolicy Server [ OK ]
Configuration file removed.
By default the FPolicy Callback Daemon will connect to the File

Do you wish to configure another File Management machine? (y/n)n

Configuring FPolicy callback for File Management machine(s):
Backing up the configuration 67

127.0.0.1
Since there is only one interface, (10.10.9.56/255.255.255.192), it

will be
used to receive FPolicy callbacks from NetApp.
FPolicy Callback Daemon successfully set up.
System service, fpolicycallback, enabled.

Starting FPolicy Server [ OK ]
Starting FPolicy Server watchdog [ OK ]
NOTE: Use the rsconfig command to add newly configured File
Management IP addresses as passthrough clients on all Rainfinity GFV
nodes. Online help for the Stub Awareness Configuration provides
information on how to use the rsconfig command.
Do you want to setup Celerra Callback Service, y/n?

y
/opt/rainfinity/filemanagement/conf/ccd.xml, already exists. If you
select to remove it, the previous configurations will be missing.
Stopping celerracallback Server watchdog [ OK ]
Stopping celerracallback Server [ OK ]
By default the Celerra Callback Daemon will connect to the File


Configuring Celerra callback for File Management machine(s):
127.0.0.1
quiet is set to 0
will be
used to receive CelerraDaemon callbacks from Celerra.
Initialized encryption key from file

Celerra Callback Daemon successfully set up.
System service, celerracallback, enabled.

Starting celerracallback Server [ OK ]
Starting celerracallback Server watchdog [ OK ]
Do you want to setup Atmos Callback Service, y/n?

y
/opt/rainfinity/filemanagement/conf/acd.xml, already exists. If you
select to remove it, all the previous configurations will be missing.
Stopping atmoscallback Server watchdog [ OK ]
Stopping atmoscallback Server [ OK ]
By default the Atmos Callback Daemon will connect to the File


Configuring Atmos callback for File Management machine(s):
127.0.0.1
quiet is set to 0
will be
used to receive AtmosCallbackDaemon callbacks from Celerra.
Initialized encryption key from file

Atmos Callback Daemon successfully set up.
System service, atmoscallback, enabled.

Starting atmoscallback Server [ OK ]
Starting atmoscallback Server watchdog [ OK ]
Restore Done.
Maintaining the database

After archiving millions of files, archiving tasks may become slow as the number of
entries in the archival database grows larger. To improve performance, use a File
Management process to clear the database of unused entries and reindex the entries
that remain.
The database maintenance process can take several hours. While the process is
running, the File Management daemon must be halted and the GUI may not be used.
System administrators should plan to run database maintenance when the appliance
is not needed.
Note: Recalls are not interrupted by database maintenance.
To start database maintenance from the console of the appliance, type:

/opt/rainfinity/filemanagement/bin/rffm doDBMaintenance
As a result, a script takes the following steps:
1. Stops the File Management daemon and GUI.
2. Runs the database vacuum process.
3. Restarts the daemon and the GUI.
The output of the process is available from:
/opt/rainfinity/filemanagement/conf/DBMaintenance.log.
Maintaining the database 69

Performing a CD clean install

The CD clean install installs all necessary packages and binary files on the hardware.
Before starting the installation, check to see if the FMA is connected to another
appliance for HA, another FMA, or a stand-alone appliance with a callback daemon
running. If so, stop all callback daemons with the following commands:
fpolicycallback stop
atmoscallback stop
celerracallback stop
To perform a CD clean install on an FMA or FMHA appliance:
1. If using a downloaded ISO image:
a. Run md5sum to verify the image integrity.
EMC posts the output of the md5sum commands in the README file that is
posted to Powerlink, with all the downloads. “Where to get help” on page 13
provides information on how to access Powerlink.
The ISO file is named:
fm-7.3-##-i686.iso
where ## indicates the particular build number.
b. Burn a CD from the ISO image.
2. Insert the software recovery CD in the drive.
3. With console access to the appliance, restart File Management.
4. When prompted for installation options:
• For an FMA installation, type fm_clean.
• For an FMHA installation, type fmha_clean.
The appropriate packages are installed.
A restart occurs after installation completes and the login prompt appears.
5. Log in with username root and password rain.
6. Use the Rainfinity setup tool menu that appears to configure the time and
network settings.
If File Management will be configured for Celerra to EMC Centera or Atmos
archiving, use FileMover Settings as described in step 3 of “Adding a Celerra to the
File Management configuration” on page 45. Configure the single set of credentials
for recall before running ccdsetup.sh or acdsetup.sh as described in “Configuring
Celerra to EMC Centera or Atmos archiving on the FMA” on page 47.
Software upgrades
The EMC File Management software may be upgraded with a CD full upgrade or a
UPG upgrade.
After upgrading, run the Rainfinity setup tool, rfhsetup, to configure the network
settings. “Configuring File Management” on page 42 provides information on how to
run the Rainfinity setup tool.
Before upgrading FMA to version 7.3 or later

If a deployment includes more than one Celerra or VDM, and different FileMover
API credentials are being used for each Celerra or VDM, additional steps are required
before upgrading to version 7.3 or later.
For version 7.2, the username and password settings for the FileMover API used in
archiving, and the Celerra Callback Agent used for recall, were separate settings on
the Celerra Properties page and could be different as shown in Figure 16 on page 71.
Figure 16 Example of Celerra property settings in FMA version 7.2
For version 7.3 or later, a simpler method of authentication verification has been
implemented. The username and password settings for the FileMover API and the
Celerra Callback Agent are the same.
When upgrading, the Celerra Callback Agent settings used for File Management
version 7.2 are automatically applied to File Management version 7.3 or later. If
multiple usernames and passwords were configured, only the first set will be
preserved. This username and password will be the single set of credentials for recall
as described in step 3 of “Adding a Celerra to the File Management configuration” on
page 45.
To reduce any potential complication from the consolidation of these settings, before
upgrading to File Management version 7.3 or later, use FMA version 7.2 to
reconfigure the FileMover API settings and Celerra Callback Agent settings to a
single set of credentials and apply the same settings to all Celerra file servers. When
choosing the set to use, it is best to copy the Celerra Callback Agent settings to the
FileMover settings. For example, the username for FileMover Settings in Figure 16 on
page 71 would be changed from dhsm_user to rffm, and the password would be
changed respectively. This same single set would be used for the FileMover and
Callback Agent settings on all Celerra file servers.
Software upgrades 71
If the FileMover settings are changed, it will not be possible to archive until the
FileMover API is reconfigured with the new username and password. To re-create the
user, perform step 2 of “Prerequisite on the Celerra Control Station” on page 50.
If the Celerra Callback Agent settings are changed, it will not be possible to recall
until the DHSM connections are re-created with the new username and password.
1. Delete the DHSM connections with the option recall_policy set to no.
2. Follow the steps in “Configuring manually created DHSM connections” on
page 53. Use the single set of credentials to re-create the connections manually.
CD full upgrade The CD full upgrade refreshes all system software packages. If upgrading both an
FMA and an FMHA appliance, upgrade the FMA first.
1. Insert the software recovery CD in the drive.
2. Type reboot. The machine will restart.
Note: To abort the upgrade, power down the node, remove the CD, and reboot.
3. When the boot prompt appears:

• For FM, type fm_upgrade.
• For FMHA, type fmha_upgrade.
The CD installation is fully automatic. No user interaction is required.
The fm_upgrade process begins with a database pretest script that checks to see if
the File Management databases are consistent between the old and new releases.
If the pretest finds inconsistencies, the upgrade will exit with a "Failed to upgrade
database" error message. Contact an EMC Customer Support Representative to
correct the problem before restarting the upgrade.
4. If no problems are encountered, installation is complete after about 10 minutes.
Eject the CD and restart the appliance.
Note: On the HP platform, the CD ejects automatically. Press Enter to restart the appliance.
UPG upgrade Minor version changes require only a UPG upgrade. This upgrade changes the core
packages. The UPG upgrade is much faster than a full CD upgrade. If upgrading both
an FMA and an FMHA appliance, upgrade the FMA first.
1. If the FMA GUI is running, log out.
2. Stop the File Management daemon with the command:
filemanagement stop
3. Download the upgrade file to the root directory on the appliance:
rf_7.3-##.i686.upg
where ## indicates the build number.
4. Back up the File Management configuration with the command:
fmbackup
The process writes a backup file to
/var/fmbackup.<machine_name>.<timestamp>.tgz.
Copy the fmbackup file to another system. If needed for disaster recovery, restore
the backup with the command:
fmrestore /var/fmbackup.<machine_name>.<timestamp>.tgz
“Restoring a backup dump” on page 66 provides more details on the fmrestore
command.
5. Start the upgrade with the command:
/opt/rainfinity/filemanagement/bin/rfupgrade rf_7.3-##.i686.upg
The upgrade process begins with a database pretest script that checks to see if the
File Management databases are consistent between the old and new releases. If
the pretest finds inconsistencies, the upgrade will exit with a "Failed to upgrade
database" error message. Contact an EMC Customer Support Representative to
correct the problem before restarting the upgrade.
If no problems are encountered, the process upgrades the excecutables.
Note: For large databases, the upgrade between versions (for example, 7.2.5 to 7.3) will
require significantly more time than the upgrade within the same version (for example, 7.2
to 7.2.5). To avoid any disruption during the upgrade process, start the File Management
daemon in a screen session on a server that will not be rebooted or shutdown.
6. Start the callbacks with the following commands:

celerracallback start
atmoscallback start
fpolicycallback start
• If using a Celerra, “Configuring Celerra to EMC Centera or Atmos archiving
on the FMA” on page 47 provides instructions on how to configure the Celerra
Callback Service for EMC Centera or Atmos.
• If using a NetApp, “Configuring NetApp archiving on the FMA” on page 56
provides instructions on how to configure the FPolicy Callback Service.
7. Wait at least 30 seconds for the FCD and CCD to register with the daemon.
Shutting down and restarting the appliance

To shut down and restart a working FMA or FMA/VE:
1. Stop all services with the commands:
filemanagement stop
celerracallback stop
atmoscallback stop
fpolicycallback stop
2. Either shut down or reboot the appliance.
• To shut down the appliance, type the command:
shutdown now
• To reboot the appliance , type the command:
reboot
For FMHA, only the callback services are stopped. The filemanagement stop
command is not used.
Shutting down and restarting the appliance 73

4
File Management
System Settings

◆ Security hardening ......................................................................................................... 76
◆ Configuring the GUI access method ........................................................................... 79
◆ STIG hardening............................................................................................................... 79
◆ LDAP client configuration ............................................................................................ 81
◆ RADIUS and TACACS+................................................................................................ 84
◆ Certificate management ................................................................................................ 84
◆ Appliance mail delivery settings ................................................................................. 85
◆ Log settings ..................................................................................................................... 86
◆ System command accounting....................................................................................... 93
◆ Windows domain user................................................................................................... 95
File Management System Settings 75

File Management System Settings
Security hardening
By default, security hardening is not enabled:
To configure security hardening:
1. Start the Rainfinity setup tool, type rfhsetup.
2. Select Configure System Security. A set of security settings options appears.
3. Select Harden Appliance.
The default settings for the items that affect the appliance security level are:
• Use single security database =no
• Disable root logins =no
• Strengthen passwords =no
• Age passwords =no
• Harden to STIG requirements =disabled
When all four settings are “no,” security hardening is disabled and this disabled
security level is referred to as the default level.
If any of the settings is set to a non-default value, security hardening is enabled.
Note: In addition to the security settings, the GUI access method may also be configured
from the Harden Appliance menu. By default, the GUI is accessible over both http and
https. Enabling https only or redirecting http to https does not change the appliance
setting to hardened.
Single security database

If the single security database setting is enabled, all authentication on the device will
go through standard Linux Pluggable Authentication Modules (PAMs). This applies
to both GUI and CLI access.
Both the GUI and the CLI provide two types of users:
◆ Admin users belonging to the wheel group and Rainfinity groups
◆ Ops users belonging to the Rainfinity group
CLI users are configured independently from the GUI users.
Admin users An admin user who is a member of the wheel group and logged in through SSH can
become a superuser to:
• Create/delete other users
• Run rfhsetup
To add an admin user for access from the CLI:
a. Log in to the FMA as root.
b. Type the following commands:
adduser –G rainfinity,wheel <username>
passwd <username>
Ops users An ops user belongs to the Rainfinity group.

To add an ops user for access from the CLI:
1. Log in to the File Management appliance as root
2. Type the following commands:
adduser –G rainfinity <username>
passwd <username>
Linux PAM users A Linux PAM user is created through the CLI. When a Linux PAM user is logged in to
the GUI with the single security database setting enabled, the user’s role (admin or
ops) is cached for the duration of the session.
If the administrator changes the user’s setting while the user is logged in, the user’s
role will not be refreshed until one of the three following conditions occurs:
◆ User logs out.
◆ GUI is restarted.
◆ Cached user information in the Tomcat server expires due to inactivity.
Adding users with the GUI

To add a new admin or ops user with the GUI:
1. Log in as admin.
2. From the Configuration tab, select Rainfinity Users.
3. Select Add a New User. In the Rainfinity User Properties dialog box that
appears:
a. Type the name.
b. Type a new password.
c. Specify the type of user:
– Super User — The admin user.
– Regular User — The ops user.
Note: When the single security database setting is disabled, users created through the GUI are
allowed to log in through the GUI but not the CLI. In addition, if the single security database
setting is enabled, user accounts cannot be created through the GUI. If the user attempts to
invoke the configuration page for Rainfinity users, a warning appears.
Disable root logins

If root logins are disabled, the only way to add new users or to run rfhsetup is for an
admin user (such as a user who belongs to the wheel group) to log in to the device,
and then become a root user.
When the setting to disable root logins is being changed to yes, File Management
checks to ensure that:
◆ There is at least one admin user other than root who belongs to the wheel group.
This user must have a configured password.
Security hardening 77
◆ The wheel users are in the local /etc/group file. File Management ignores LDAP
users while performing this check because LDAP servers occasionally become
unreachable. The same holds true for RADIUS users.
Note: Configure a small set of admin users locally for each FMA. Most admin and ops users are
configured on an LDAP server. In this way, the management of these users scales to large
networks.
Strengthen passwords
If the passwd command is run with password strengthening enabled, your new
password must be at least eight characters long and satisfy the following
requirements:
◆ At least three characters are different from the previous password.
◆ At least one character is an uppercase letter.
◆ At least one character is a number.
◆ At least one character is a special character.
In a clustered environment, run the passwd command on both the primary and
backup nodes.
Note: The root user can change any password including its own to any value, regardless of the
password strengthening setting to strengthen it.
Age passwords
If password aging is enabled, every user (except root) who can log in with a shell
account will have an aging password. The root user configures:
◆ When to print a user warning that a password is about to expire.
◆ The maximum number of days a password can remain valid before it must be
changed.
◆ How often a password may be changed.
◆ The number of days following password expiration after which the account will
be locked. Once an account is locked, only the root user can unlock the account by
using the change command to change the age of the password.
Note: If a large number of devices are deployed, a central authentication service (such as
LDAP) should be used. Password administration through the central site greatly facilitates user
scalability, as one user is not required to log in to every deployed File Management appliance
to update an aging password.
Configuring the GUI access method

By default, the GUI can be accessed by both HTTP and HTTPS. To change this for the
File Management Appliance:
2. Select Configure System Security. A set of security settings options appears.
4. Select Configure GUI access method:
• To disable access over HTTP, select Only enable GUI access over https.
• To redirect http traffic to HTTPS instead of disabling HTTP, select Redirect
GUI access over http to https.
STIG hardening
Security Technical Implementation Guide (STIG) is a set of security guidelines issued by
the US Department of Defense. These STIG UNIX guidelines define how
UNIX/Linux appliances should behave from a security standpoint.
Enabling STIG hardening

The FMA provides an option for hardening the appliance to meet the UNIX STIG
Guide (Version 5, Release 1). When STIG hardening is enabled, the security settings
change as follows:
◆ The user must type the root password to gain access to the File Management
appliance in single user mode.
◆ After three consecutive login attempts, the account is disabled. Only the root user
can reenable a disabled account.
◆ The login delay between login prompts increases from 2 to 4 seconds.
◆ New passwords are required to be a minimum of nine characters in length.
◆ When changing passwords, the past five passwords cannot be reused as the new
password value.
◆ The root account’s home directory will be set to a permission value of 700.
◆ Man page file permissions will be set to 644.
◆ User-directories must not contain undocumented startup files with permissions
greater than 750 (that is, they must allow write access only for that user).
◆ The system and default user umask must be set to 077.
◆ Access to the cron utility will be restricted using the cron.allow and cron.deny
files.
◆ Crontab file permissions above 700 will not be permitted (in the /etc/cron.daily,
/etc/cron.hourly, /etc/cron.weekly directories).
◆ The inetd.conf file permissions will be set to 440.
◆ Unnecessary accounts, for example, games and news will be deleted.
◆ sysctl.conf file will be set to 600 permission.
Configuring the GUI access method 79

To enable STIG hardening on the FMA and FMHA appliances:

2. Select Configure System Security.
4. Select Harden to STIG requirements.
5. When prompted with Enable changes to conform to STIG Hardening
requirements?, type y.
Disabling STIG hardening

When STIG hardening is disabled, the security settings change as follows:
◆ No password prompt is made prior to connecting in single-user mode.
◆ User accounts are unlocked, even after three or more failed login attempts.
◆ The login delay is set to the current default setting, which is less than four
seconds at this time.
◆ When changing passwords, the minimum length must be:
• If password hardening is enabled: eight characters, with at least one
lowercase, one uppercase, one digit, and one special character.
• If password hardening and STIG hardening are disabled: the minimum
requirements for the new password is that it should be six characters long.
◆ When STIG hardening is disabled, the user can reuse previously set passwords.
◆ The /root directory permissions is reset to 750.
◆ Man page file permissions remains at 644. That is, this STIG hardening change is
retained.
◆ User-directory permissions remains at the value prior to STIG hardening.
◆ The system and default user umask must be set to 022.
◆ Unnecessary groups/accounts that are deleted during STIG hardening remain
deleted even after STIG hardening is disabled.
◆ Access to the cron utility is unrestricted using the cron.allow and cron.deny files.
To disable STIG hardening on the FMA:
4. Select Harden to STIG requirements.
5. When prompted with Enable changes to conform to STIG Hardening
requirements?, type N.
STIG hardening is disabled when the appliance hardening level is reset to the default
level as follows:
3. Select Remove Appliance Hardening Settings.
LDAP client configuration

LDAP directory trees are used to represent hierarchical directory information, such as
people and phone numbers that belong to an organization. The FMA supports
Lightweight Directory Access Protocol (LDAP) for user authentication and
authorization.
Global LDAP settings Global LDAP settings affect all LDAP operations. The following settings impact how
the LDAP client on the File Management appliance will behave when the LDAP
server does not respond.
Bind type — There are two types of binds:
◆ Hard — File Management will continue to retry the bind attempt until a
maximum timeout is reached.
◆ Soft — File Management will attempt to bind once and abort if the server does not
respond.
Time limits — There are two types of time limits.
◆ Search time limit — The amount of time that the LDAP client will wait for an
initial response from the server.
◆ Bind time limit — The amount of time that the LDAP client will attempt to bind.
By default, these time limits are set to 10 seconds to allow the appliance to remain
responsive when the LDAP server is down, and to fail over to an alternate
authentication mechanism, if another mechanism is configured.
Server type — The File Management LDAP client works with three types of LDAP
servers:
◆ OpenLDAP
◆ Active directory with SFU 3.5 support
◆ Active directory with RFC 2307 support
LDAP authentication When LDAP is configured, LDAP authentication is established through a sequence of
events.
◆ A user connects to the File Management appliance. The user is challenged for user
authentication.
◆ The File Management LDAP client contacts the LDAP server to validate the
user’s credentials. To validate that the client is trusted, the server attempts:
• To accept anonymous bind attempts, such as accepting all connections without
a password.
• To accept a plain-text password sent over an unencrypted communication
channel.
• To establish a secure communication channel with the client, and then
authenticate by using a plain-text password or SASL.
The client establishes the secure communication channel as follows:
– The client requests the server’s public key.
– The client validates that the server’s public certificate is signed by a known
Certificate Authority (CA).
LDAP client configuration 81

– The client then encrypts its data using the server’s public certificate. Only
the private key stored on the server can decrypt this data.
Initial data from the client contains negotiation information that the server and
client will both use to establish a secure communication channel.
Just as the client uses the server’s public key to encrypt its first message, the
server ensures that the client is authentic by requesting the client’s public
certificate, and validating that it is signed by a known Certificate Authority.
After the secure channel is established, the password is exchanged. If SASL is
configured, it may be used instead of a password.
◆ The server and client may negotiate an encryption scheme to secure all traffic
between them.
Once authentication is established and an encryption scheme is optionally selected,
the LDAP client will request user authentication.
Configuring basic LDAP settings

To start LDAP configuration:
3. Select Configure LDAP.
4. Select Enable LDAP.
Configure the basic LDAP settings:
◆ Maximum time the LDAP client will wait for an initial response from the server
Type a period of time. The client will retry after waiting for 2 seconds, and
thereafter continue retrying after doubling the wait time from the previous retry
attempt. The client will continue retries until either the server responds or the
configured LDAP search time limit is exceeded. The default time limit is 10
seconds.
◆ LDAP bind policy
Select soft or hard. The default setting is hard, and indicates that the client will
retry bind connections to the LDAP server.
◆ Maximum time the LDAP client will wait for a bind response from the server
Type a period of time. If the bind policy is set to soft, this setting has no effect. If
the bind policy is set to hard, this policy will cause a bind retry mechanism to
occur.
◆ LDAP server type
Select from the supported server types:
• OpenLDAP — Applies to LDAP servers distributed by OpenLDAP.
• Active Directory deployed with Services For Unix (SFU) 3.5
• Active Directory with RFC2307 support
Note: Other LDAP servers have not been validated for File Management version 7.2 or
later.
◆ IP address or hostname for the LDAP server
When using SSL and TLS, type the hostname that matches the hostname used in
the certificate generation. If an IP address was used in the certificate generation
instead of the hostname, type the IP address.
Note: Failure to type the proper information will create problems during the LDAP setup.
This is one of the most common configuration errors during LDAP setup.
◆ LDAP basedn
Type the suffix for your domain name.
◆ Advanced LDAP settings
Type Y, to configure a bind password, or enable SASL (Kerberos), SSL, or TLS. If
advanced LDAP settings are left unconfigured, anonymous bind without a bind
password is used by default.
If the GUI is running and LDAP is enabled through rssetup, the GUI will not
recognize LDAP authentication attempts until it is restarted by typing the command:
/opt/rainfinity/filemanagement/bin/fmgui restart
To avoid this problem:
1. Enable external authentication (LDAP, RADIUS, TACACS+) before enabling the
single security database.
2. Invoke the GUI.
Configuring advanced LDAP settings

Once basic configuration is complete, the user may continue to configure advanced
LDAP settings:
◆ Anonymous or simple bind
If simple is selected:
• Type the binddn user+domain name that will be used to connect to the LDAP
server.
• Type the password that will be used to authenticate with the LDAP server.
◆ SASL
To configure SASL, provide:
• SASL KDC address
• Domain name
• Kerberos principal details
Note: When configuring SASL, enter the absolute path for the scp path. ~ is not supported
as root home.
◆ Encryption type
Select cleartext, SSL, or TLS.
◆ Option for the LDAP client to validate the server’s certificate
Type Y if using SSL or TLS. File Management will prompt you to scp the CA
certificate.
◆ Option for the LDAP server to validate the client’s certificate
LDAP client configuration 83

Before enabling this option, ensure that the client’s key and certificate were
generated and placed on the File Management client.
RADIUS and TACACS+

To configure RADIUS or TACACS+:
2. Select Display advanced menu options.
A set of security settings options appears:
a. Configure RADIUS:
– Type the RADIUS server address
– Type 1812 as the default RADIUS port number
b. Configure TACACS+:
– Type the server address
– Type the server secret
Note: After the appliance checks with the RADIUS and TACACS+ servers for authentication, it
will, by default, check the local /etc/passwd file for authorization information.
If the user does not exist in the local file, add the user with the commands:
useradd –G rainfinity,wheel <adminusername>
useradd –G rainfinity <opsusername>
Using multiple authentication methods

If TACACS+ or LDAP, and RADIUS are configured, File Management will attempt to
authenticate users in the following order:
◆ Credentials are checked against either the TACACS+ or the LDAP database.
◆ If TACACS+ or LDAP authentication fails, credentials are checked against the
RADIUS database.
◆ If RADIUS authentication fails, credentials are checked against the local
authentication database including the /etc/shadow, /etc/group, and
/etc/passwd information stored on the File Management appliance.
Certificate management
When configuring LDAP, TLS, and SSL for authentication, key and certificate files are
required. In order for authentication encryption to work correctly, these keys and
certificates must be:
◆ Periodically refreshed
◆ Correctly located on the appliance
Each certificate has an expiration date. Every week, File Management checks the
validity of each certificate. Certificate warning information is logged into the
/var/log/secure file, and if the alert is enabled, e-mail is sent when the certificate is
due to expire. Once a certificate expiration warning is received, SSL/TLS certificates
must be updated.
To update and manage the keys and certificates:

3. Select Certificate Management.
4. To update either:
• Certificate Authority (CA) public certificate
• Client key and certificate for use with SSL/TLS
a. Select Update Certificate.
b. Type Y.
c. Type the scp path from which the selected certificate or key file will be copied
to the File Management or File Management High Availability appliance.
Appliance mail delivery settings

File Management supports delivery of alerts through e-mail. To send these alerts,
sendmail must be properly configured. A menu is provided within the rfhsetup tool.
To use this menu:
2. Select Configure Appliance Mail Configuration. The Appliance Mail
Configuration menu appears.
Follow the prompts to configure:
a. Change Configuration — When prompted, type Y.
b. Sender’s e-mail address — Type the address that will appear in the From field
of the alert e-mails sent by the File Management appliance. For example,
johndoe@acme.com.
c. SMTP server — Type the server to which mail should be sent. For example,
mailhub.eng.acme.com.
d. e-mail verification — Type a recipient e-mail address to which test e-mails
may be sent. For example, adminjoe@acme.org. The rfhsetup script will
attempt to verify the mail configuration by sending two e-mails.
Wait a few minutes. Check the e-mail account to see if these e-mails were
successfully received.
3. Mail Test 1 — To confirm the receipt of an e-mail with the subject Mail Test 1, type
Y. Otherwise, type N.
4. Mail Test 2 — To confirm the receipt of an e-mail with the subject Mail Test 2, type
Y. Otherwise, type N.
If either of the test e-mails was received, mail delivery is working and mail setup is
done.
If neither test e-mail was received, verify:
◆ The name of the SMTP server. Check with your system administrator.
◆ The e-mail address provided for the test e-mail.
◆ The SMTP server is reachable. Try to ping it.
Appliance mail delivery settings 85

Log settings
When the security level is set to harden, any event that might affect the security of the
system is written to the File Management log files. Use the Rainfinity setup tool to
administer and preserve log files.
Configuring log rotation

With log rotation, the user controls the periodic rotation of files.
To configure log rotation:
2. Select Display advanced menu options.
3. Select Configure Logging Options.
4. Select Configure Log Rotation.
5. Follow the prompts to configure:
• Log rotation frequency — Daily, weekly, or monthly
• Rotation mode — Size or time
• Max log size (for non-debug files)
• Max debug log size
• Number of copies to keep for each log file
Configuring SCP of rotated log files

Log rotation is the first step in archiving the File Management system logs. These log
files are eventually deleted as a part of the normal rotation process. However, in
many customer environments, it may be necessary to preserve these files by copying
them to a remote server. Use File Management to create a tar file of these rotated
system and File Management logs, then secure copy them to a remote server.
Configuring the public-private key exchange — Prior to configuring secure copy
(SCP) of rotated log files, a public-private key exchange must take place.
To configure the public-private key exchange:
1. Log in to the FM or FMHA appliance as root.
2. Generate the public key by typing ssh-keygen -t rsa.
• When prompted, press Enter to accept default answers for:
– File in which to save the key, or /root/.ssh/id_rsa
– No passphrase
– Confirm no passphrase
• At the end of the configuration, a message appears acknowledging:
– Your identification is saved in /root/.ssh/id_rsa.
– Your public key is saved in /root/.ssh/id_rsa.pub.
3. For the external server where the log files will be placed, create a user with write
access to the copy directory. Do not use the root user.
Note: In the following steps, server is the IP address or hostname of the external server, and
user is the name of the user on the external server which will copy the files.
4. Log in to the FM or FMHA appliance and use SSH to:

a. Create the directory ~/.ssh by typing the command:
ssh <user>@<server> mkdir -p .ssh
b. Type the user password.
c. Append the public key on the FM or FMHA appliance by typing the
command:
cat /root/.ssh/id_rsa.pub | ssh <user>@<server> 'cat >>
.ssh/authorized_keys'
d. Type the user password.
e. Set correct permissions by typing the command:
ssh <user>@<server> chmod -R 700 .ssh
f. Type the user password.
5. To verify successful completion, attempt to log in to the external server as user
from the root account on the File Management appliance by typing:
ssh <<user>@<server>
You should not be prompted for a password.
You can now successfully use SCP without a password to send the rotated log files to
your external server.
Configuring SCP of rotated log files by using rfhsetup — Once the public-private
key exchange is completed, configure scp of rotated log files:
3. Select Configure SCP of Rotated Log Files.
• The SCP Remote Address — The IP address or hostname of the external
server. This is the external server referenced in “Configuring the
public-private key exchange” on page 86.
• The username to whose account the log files will be copied — The name of the
user on the external server who will copy the files. Same as the user provided
in “Configuring the public-private key exchange” on page 86.
• The full path to the directory at the remote site where the log files should be
placed. The user must have write access to this directory.
Following the configuration, File Management will test SCP by attempting to copy a
test file. If this test fails, the SCP settings will be accepted, but SCP is probably not
configured properly. Correct the error that is blocking SCP and rerun the Rainfinity
setup tool.
Log settings 87
Alerts
File Management can be configured to monitor various system log files and send
e-mail to alert whenever an event occurs.
Table 7 on page 88 lists the SNMP traps for which File Management will send a
notification.
Table 7 Supported SNMP traps
Notification name MIB where it is defined SNMP OID
eRAAlertDaemonRestarted EMC-RAINFINITY-ALERTS-MIB 1.3.6.1.4.1.1139.9.3.2.0.1
eRAAlertsHistoryReset EMC-RAINFINITY-ALERTS-MIB 1.3.6.1.4.1.1139.9.3.2.0.2
eRARainfinityAlert EMC-RAINFINITY-ALERTS-MIB 1.3.6.1.4.1.1139.9.3.2.0.4
eRAGenericAlert EMC-RAINFINITY-ALERTS-MIB 1.3.6.1.4.1.1139.9.3.2.0.5
eRASecurityAlert EMC-RAINFINITY-ALERTS-MIB 1.3.6.1.4.1.1139.9.3.2.0.3
eRHSTemperatureAlert EMC-RAINFINITY-HARDWARE-STATUS-MIB 1.3.6.1.4.1.1139.9.3.1.0.1
eRHSFanAlert EMC-RAINFINITY-HARDWARE-STATUS-MIB 1.3.6.1.4.1.1139.9.3.1.0.2
eRHSPowerSupplyAlert EMC-RAINFINITY-HARDWARE-STATUS-MIB 1.3.6.1.4.1.1139.9.3.1.0.3
eRHSMemoryAlert EMC-RAINFINITY-HARDWARE-STATUS-MIB 1.3.6.1.4.1.1139.9.3.1.0.4
eRHSDiskAlert EMC-RAINFINITY-HARDWARE-STATUS-MIB 1.3.6.1.4.1.1139.9.3.1.0.5
eRHSNICAlert EMC-RAINFINITY-HARDWARE-STATUS-MIB 1.3.6.1.4.1.1139.9.3.1.0.6
File Management alerts are classified by type:

◆ Rainfinity alerts
◆ Generic alerts
◆ Security alerts
◆ Hardware alerts
Table 8 on page 88 lists all File Management alerts.
Table 8 File Management alerts (1 of 4)
Index Pattern name Description Type SNMP OID
001-0001 CLI login CLI session opened secuirtyAlert 1.3.6.1.4.1.1139.9.3.2.0.3
001-0002 CLI logout CLI session closed secuirtyAlert 1.3.6.1.4.1.1139.9.3.2.0.3
001-0003 Authentication failure secuirtyAlert 1.3.6.1.4.1.1139.9.3.2.0.3
001-0004 Telnet alert Access through Telnet has secuirtyAlert 1.3.6.1.4.1.1139.9.3.2.0.3

been attempted (and the
Telnet server is running).
001-0005 Failed to bind to LDAP Attempt to bind to the LDAP secuirtyAlert 1.3.6.1.4.1.1139.9.3.2.0.3
server server failed. This could be
due to a misconfigured
LDAP server address, or
due to a network
connectivity issue. The user
could see delays in logging
in or executing commands if
the LDAP server is
unavailable.
001-0006 Log rotation rainfinityAlert 1.3.6.1.4.1.1139.9.3.2.0.4
001-0007 SCP of system log files Secure copy of system log genericAlert 1.3.6.1.4.1.1139.9.3.2.0.5
files.
001-0008 SCP of Rainfinity log files Secure copy of Rainfinity log genericAlert 1.3.6.1.4.1.1139.9.3.2.0.5
files.
001-0010 Accepted password A user’s password has been secuirtyAlert 1.3.6.1.4.1.1139.9.3.2.0.3

accepted.
001-0011 Security level change System security level has secuirtyAlert 1.3.6.1.4.1.1139.9.3.2.0.3
been modified.
001-0013 Certificate expiration One certificate will expire secuirtyAlert 1.3.6.1.4.1.1139.9.3.2.0.3

warning soon or has already expired.
001-0014 Failed password A user’s password has secuirtyAlert 1.3.6.1.4.1.1139.9.3.2.0.3

failed.
001-0015 Password expiry change Appliance password expiry genericAlert 1.3.6.1.4.1.1139.9.3.2.0.3

settings have been
changed.
001-0016 Password changed A user’s password has been secuirtyAlert 1.3.6.1.4.1.1139.9.3.2.0.3

changed.
001-0017 Log alerts system rfalertd has been started. secuirtyAlert 1.3.6.1.4.1.1139.9.3.2.0.3
enabled
001-0018 Log alerts system rfalertd has been secuirtyAlert 1.3.6.1.4.1.1139.9.3.2.0.3

disabled terminated.
001-3001 Rfhsetup alert rfhsetup script has been rainfinityAlert 1.3.6.1.4.1.1139.9.3.2.0.3

launched.
002-1001 Temperature alert A temperature sensor hardwareAlert 1.3.6.1.4.1.1139.9.3.1.0.1

reading exceeds or drops
below a safe threshold.
002-1002 Fan alert A fan status has changed, or hardwareAlert 1.3.6.1.4.1.1139.9.3.1.0.2

a fan failure occurs.
002-1003 Power supply alert A power supply status has hardwareAlert 1.3.6.1.4.1.1139.9.3.1.0.3
changed, or a power supply
failure occurs.
Log settings 89
002-1004 Memory alert A memory hardware status hardwareAlert 1.3.6.1.4.1.1139.9.3.1.0.4

has changed, or a memory
hardware failure occurs.
Note that if a memory
hardware failure occurs, the
system may shut down prior
to generating the alert.
002-1005 Disk alert A disk status has changed, hardwareAlert 1.3.6.1.4.1.1139.9.3.1.0.5

or when a disk failure
occurs. This alert is related
to the mechanical operation
of the hard disk, and does
not provide any indication of
the disk capacity utilization.
Alerts 002-1007 and
003-0001 are generated for
capacity utilization.
002-1006 NIC alert A network card status has hardwareAlert 1.3.6.1.4.1.1139.9.3.1.0.5

changed, or when a network
card failure (or port failure
within that network card)
occurs.
002-1007 Capacity utilization alert Disk capacity utilization genericAlert 1.3.6.1.4.1.1139.9.3.2.0.5

exceeds the preconfigured
threshold of 85%.
002-1008 Timezone alert Time zone has been genericAlert 1.3.6.1.4.1.1139.9.3.2.0.5

changed.
002-3001 Problem starting File File Management daemon is rainfinityAlert 1.3.6.1.4.1.1139.9.3.2.0.3

Management not present.
002-3002 File Management File Management daemon rainfinityAlert 1.3.6.1.4.1.1139.9.3.2.0.4

stopped has been stopped.
002-3003 File Management started File Management daemon rainfinityAlert 1.3.6.1.4.1.1139.9.3.2.0.4

has been started.
003-0001 Partition full Disk partition is full. This genericAlert 1.3.6.1.4.1.1139.9.3.2.0.5

alert is triggered when any
partition on the system
exceeds 99% utilization.

enabled has been enabled.

disabled has been disabled.
301-0003 FMHA alert (FCD) FMHA is unable to contact rainfinityAlert 1.3.6.1.4.1.1139.9.3.2.0.4

FMA with NetApp as
primary storage.
302-0001 FMHA alert (CCD) FMHA is unable to contact rainfinityAlert 1.3.6.1.4.1.1139.9.3.2.0.4

FMA with Celerra as
primary storage.
303-0001 GUI user logged in rainfinityAlert 1.3.6.1.4.1.1139.9.3.2.0.4

successfully
303-0002 GUI login attempt failed rainfinityAlert 1.3.6.1.4.1.1139.9.3.2.0.4
303-0003 GUI user logged out rainfinityAlert 1.3.6.1.4.1.1139.9.3.2.0.4
304-0001 Exceeds threshold NAS Repository exceeds rainfinityAlert 1.3.6.1.4.1.1139.9.3.2.0.4

the configured threshold.
701-0001 Centera alert Unable to open connection rainfinityAlert 1.3.6.1.4.1.1139.9.3.2.0.4

to EMC Centera.
801-0001 Recall failure alert A recall attempt from rainfinityAlert 1.3.6.1.4.1.1139.9.3.2.0.4

archvied storage has failed.
All alerts are listed in the Log Pattern Index of the GUI.
A different throttle time may be applied to each alert pattern. If alerts occur more
than once within a specified throttle time, the repeated alerts are suppressed.
Note: In order to generate alert e-mail messages from the device, sendmail must be configured.
Configuring e-mail alerts

Use the GUI to review and configure the list of e-mail alerts:
1. Click the Alert Settings link on the Configuration tab.
2. Click the Edit log alert Pattern link.
A list of alerts with the various alert settings appears:
• Alerts may be individually enabled.
• If alerts occur more than once within a specified time period, edit the throttle
time to suppress the repeated alerts. A different throttle time may be applied
to each alert.
Note: Only admin users can view this configuration page.
To configure e-mail alerts from the command line:

3. Select Configure Log Alerts.
• Select Yes, when asked to enable alerts.
• Specify one or more e-mail addresses separated by a space or comma, to
receive the alerts.
Log settings 91
Configuring SNMP alerts

Use the GUI to configure SNMP alerts:
1. Click the SNMP Configuration link on the Configuration tab.
2. On the SNMP Settings page that appears, add a notification host. This is the host
to which alerts will be sent:
• IP address
• UDP port
• Community string
• Security type
3. Click Commit.
4. Click the Alert Settings link on the Configuration tab.
5. Under Alerts, click Enable SNMP alerts.
Note: Only admin users can view this configuration page.
To configure SNMP alerts from the command line:

1. Configure the SNMP Notification Host:
a. Start the Rainfinity setup tool, type rfhsetup.
b. Select Configure Logging Options.
c. Select Configure SNMP.
d. Select Configuration SNMP Notification Hosts.
e. Add the SNMP Notification Hosts:
– The number of hosts that may be added is unlimited.
– For each host, specify: IPv4 address, UDP port number, SNMP community
string, and SNMP version.
– The community string must be alphanumeric, and may include dashes and
underscores.
2. Enable SNMP alert generation:
a. Start the Rainfinity setup tool, type rfhsetup.
b. Select Configure Logging Options.
c. Select Configure Log Alerts.
d. Follow the prompts to configure:
– Select Yes, when asked to enable alerts.
– Specify the type of alert delivery. Select either e-mail only, SNMP only, or
e-mail and SNMP.
Enabling SNMP polling

Use the GUI to enable SNMP polling:
1. Click the SNMP Configuration link on the Configuration tab.
2. On the SNMP Settings page that appears:
a. Type a community string.
b. Select a security type.
c. Click Add. The community string is added to the Current Community String
list.
3. Click Commit.
To enable SNMP polling from the command line, configure the SNMP Community
String to be used for polling:
3. Select Configure SNMP.
4. Select Configuration SNMP Community Strings.
5. Add the SNMP Community Strings.
• The number of strings that may be added is unlimited.
• For each string, specify the SNMP community string and SNMP version.
• The community string must be alphanumeric, and may include dashes and
underscores.
Note: To poll for SNMP objects without enabling rfalertd, execute the command: service
rfsnmp start from the root account. This restarts SNMP and no alert history is viewable until
the alert daemon is restarted.
System command accounting

File Management provides the ability to track any command that is successfully
executed and launches a new process.
To track command history, File Management uses the psacct Process Accounting
package. This package tracks commands that are entered. In addition to commands,
File Management extends this package to track command arguments.
To enable System Command Accounting on the FMA:
2. Select Configure Logging Options
3. Select Configure System Command Accounting
4. Type Y to enable system command accounting.
System command accounting 93

Tracking user command history

After enabling System Command Accounting, admin users can track the list of
commands entered on the system with the tool: /opt/rainfinity/bin/rflastcomm.
To use this tool, admin users must be a superuser. Examples of its use are as follows:
◆ To list the commands entered by all users, use the tool without any options, or:
/opt/rainfinity/bin/rflastcomm
◆ To list the commands entered by a specific user, type:
/opt/rainfinity/bin/rflastcomm –u <username>
◆ To list commands entered by a user since a start date on 5 p.m. on June 6, 2007,
use the tool with the following arguments:
/opt/rainfinity/bin/rflastcomm –u <username> –s ‘2007-06-06
17:00:00’
◆ To track system/daemon/session history, type:
/opt/rainfinity/bin/rfquerycshis.sh
◆ For a help menu and additional options, type:
/opt/rainfinity/bin/rflastcomm --help
Tracking user login history

After enabling System Command Accounting, admin users can track the login
history with the tool:/usr/bin/last.
To run this tool, admin users must su as root first.
This tool is part of the standard psacct Process Accounting package. For detailed info
on using this tool, type: man last.
Tracking daemon command history

To query daemon command history, such as xmlrpc commands issued to the daemon
from the GUI or through various File Management CLI commands, use the tool:
/opt/rainfinity/bin/rfquerycshis.sh.
◆ To obtain the daemon command history, type:
/opt/rainfinity/bin/rfquerycshis.sh -t dc
◆ To query the system command history, type:
/opt/rainfinity/bin/rfquerycshis.sh -t sc
◆ To query the user login history, type :
/opt/rainfinity/bin/rfquerycshis.sh -t ls
◆ To list hardware related messages from the system log files, type:
/opt/rainfinity/bin/rfquerycshis.sh -t hw
Windows domain user

When a new file server is added to the FMA configuration, CIFS specific settings
include the username and password for the Windows domain user to be used by the
FMA. Before adding a new CIFS file server, use the instructions in the following
sections to set up the Windows domain user:
◆ “Creating a Windows domain user” on page 95
◆ “Adding an admin user to the local administrator group” on page 95
In addition, when using an FMA in a Windows 2008 domain, the domain controller
Group Policy Object (GPO) must be configured to support NT LAN Manager
(NTLM) versions 1 and 2 for CIFS authentication. “Configuring Windows 2008 for
NTLM” on page 96 provides information on how to modify the domain controller
configuration.
Creating a Windows domain user

To create an administrator in the Windows 2000, 2003, or 2008 domain:
1. Log in to the primary domain controller as the Domain Administrator.
2. From the Start menu, select Start > Programs > Administrative Tools > Active
Directory Users and Computers.
3. Right-click Users.
4. Select New > User. The New Object — User dialog box appears:
a. In the Full name box, type Rainfinity Administrator.
b. In the Login name box, type rsadmin.
The rsadmin login is the Rainfinity Administrator Windows Domain user.
c. Type a password.
This password is the rsadmin Windows password.
d. (Optional) Select Password Never Expires.
5. Click Finish.
Note: If you have NetApp Filers but no Windows 2000, 2003, or 2008 servers in your domain,
then you must include rsadmin in the domain administrator group. Otherwise you will not be
able to include the rsadmin user in the NetApp filers’ administrators group.
Adding an admin user to the local administrator group

The rsadmin account must be added to the administrators group on the CIFS file
servers that will be involved in FMA archiving. To add a Rainfinity Windows domain
user on a NetApp filer or an EMC Celerra Data Mover:
1. Log in to the primary domain controller as the Domain Administrator.
2. From the Start menu, select Start > Programs > Administrative Tools >
Computer Management. The MMC application appears.
Windows domain user 95

3. To start a Computer Management session with the file server:

a. From the Action menu, select Connect to another computer. The Select
Computer dialog box appears.
b. Click Browse or type the file server name to select the NetApp or Celerra to
connect to.
c. Click OK.
4. To include the rsadmin user in the administrator group for the CIFS file server:
a. Under System Tools, in the folder Local Users and Groups, select Groups.
b. Select Administrators. The Administrators Properties dialog box appears.
c. Click Add. The Select Users or Groups dialog box appears.
– Click Locations. From the Locations menu, select the domain instead of the
local computer.
– Under Enter the object names to select, type rsadmin to add the domain
user.
d. Click OK. The Administrator’s Properties dialog box reappears with the
newly added rsadmin user.
e. Click OK.
Repeat this process for any other file servers that will be involved in FMA archiving.
Configuring Windows 2008 for NTLM

By default, the Windows 2008 domain controller supports Kerberos authentication
only and disables NTLM authentication. The FMA supports only NTLM versions 1
and 2 authentication for CIFS. Kerberos is not supported. To use an FMA in a
Windows 2008 domain, confirm that the domain controller is configured for NTLM
authentication:
1. Log in to the Windows 2008 domain controller as the Domain Administrator.
2. From the Start menu, select Run. In the Run dialogue box that appears, type
gpmc.msc and click OK. The Group Policy Management dialog box appears.
3. Expand the domain. Under Group Policy Objects, right-click Default Domain
Policy and select Edit. The Group Policy Management Editor appears.
4. Under Computer Configuration, select Policies > Window Settings > Security
Settings > Local Policies > Security Options.
In the list of policies, scroll down to Network security: LAN Manager
Authentication. Confirm that the policy setting shows that NTLM is configured
for authentication.
5. This step applies to Celerra DART 5.5. Under Computer Configuration, select
Policies > Administrative Templates > System > Net Logon.
In the Net Logon list that appears, double-click Allow cryptography algorithms
compatible with Windows NT 4.0. Confirm that the setting is enabled.
6. Close the Group Policy Management Editor.
A
Network Topology
Scenarios
The appendix includes the following sections:

◆ Advanced network topologies ..................................................................................... 98
◆ VLAN tagging modes for FMA/VE.......................................................................... 101
Network Topology Scenarios 97

Network Topology Scenarios
Advanced network topologies

For many environments, using a single networking interface will satisfy networking
requirements. However, there are cases when more complex topologies are needed.
◆ Combining ethernet interfaces to form a bonded interface. This topology is used
for high availability, to protect the FMA installation from a single point of failure.
“Configuring FMA with bonding” on page 98 provides details on how to set up
this network topology.
◆ Using two subnets, one for the NAS primary storage tier, and another for either
the NAS/CAS secondary tier or for a management interface. “Configuring File
Management with two subnets” on page 99 provides details on how to set up this
network topology.
◆ Using more than two subnets, for example, when there are three teams using an
FMA distributed across three different subnets. “Configuring File Management
with more than two subnets” on page 99 provides details on how to set up this
network topology.
Configuring FMA with bonding

This configuration applies to the FMA installation and is commonly used when fault
tolerance must be built into the networking layer. In this example, eth0+eth1 are
combined into a bonded interface that is configured with the balance-rr bonding
mode:
1. Start the network configuration menu:
a. Type rfhsetup from the FMA command prompt to invoke the system setup
menu.
b. Select Configure File Management Networking. The network configuration
menu appears.
c. Select Configure Networking.
2. Add new bond interface:
a. Type A to add an interface. Use the right arrow to highlight Bond, and press
Enter.
b. When prompted for a name of the new bond, use the up arrow to
autogenerate a name. The name generated is bond1. Press Enter to complete.
3. Edit new bond setting:
a. Use the up and down arrows to select the bond1 interface. Press Enter to edit
the configuration.
b. Specify a value for each item:
– For Slave, type eth0 eth1.
– For Trunking Mode, select balance-rr.
Complete other values as needed.
c. Once the interface configuration is defined, press the left arrow to exit the
current menu. When prompted, select Yes to keep the new setting.
4. Save new settings, exit, and restart network services:

a. Press the left arrow to exit the main menu. When prompted, select Yes to save
the configuration.
b. The setup utility will restart the FMA network services for the new
configuration and return to the network configuration menu.
Note: This configuration does not apply to FMA/VE.
Configuring File Management with two subnets

In this example, File Management is configured for two subnets with two physical
ports (eth0, eth1):
menu.
menu appears.
2. Edit settings for the physical ports eth0 and eth1:
a. Use the up and down arrows to select eth0 and press Enter. The configuration
menu for the eth0 interface appears.
b. Provide information for each item to properly configure the interface.
– Press Enter to edit an item, the press Enter again to complete.
– Press the left arrow to exit the menu.
– Select Yes to keep new settings.
c. Repeat these steps for the eth1 interface.
3. Save new settings, exit, and restart network services:
the configuration.
b. The setup utility will restart the FMA network services according to the new
configuration and return to the network configuration setup menu.
Configuring File Management with more than two subnets

In this example, File Management is configured for more than two subnets with two
physical interfaces. This configuration utilizes VLAN tagging and the switch
connected to the FMA ethernet ports must be properly configured for tagging. In
Cisco terminology, the switchport mode is set to trunk, and the required VLANs are
allowed on the ports:
menu.
Advanced network topologies 99


menu appears.
2. Add new bond interface:
a. Type A to add an interface. Use the right arrow to select Bond, and press
Enter.
b. When prompted for the name of the new interface, press the up arrow to
generate a name. The name generated is bond1. Press Enter to complete.
3. Edit the bond configuration:
a. Use the up and down arrows to select the new bond interface. Press Enter. The
configuration menu for the interface appears.
b. For Slave, type eth0 eth1. Complete other values as needed.
c. Once the interface configuration is defined, press the left arrow to exit the
current menu. When prompted, select Yes to keep the new setting.
Note: Configuration settings are saved, but are not implemented until the File
Management Network Setup menu is exited.
4. Add new VLAN interfaces:

a. Type A to add an interface. Use the right arrow to select Vlan, and press Enter.
b. Type a name for the VLAN bond interface. The naming convention is
<interface>.<vlan-ID>. For example, eth0.5 is a VLAN interface on eth0 with a
VLAN ID of 5
c. Repeat these steps to create two more VLAN bond interfaces.
5. Edit the VLAN configuration:
a. Use the up and down arrows to select the new VLAN interface. Press Enter.
The configuration menu for the interface appears.
b. Provide information for each item to properly configure the interface:
– Press Enter to edit an item, and then press Enter again to complete.
– Press the left arrow to exit the menu.
– Select Yes to keep the new settings.
c. Repeat these steps for each new VLAN interface.
6. Save the new settings, exit, and restart network services:
the configuration.
b. The setup utility will restart the FMA network services for the new
configuration and return to the network configuration menu.
VLAN tagging modes for FMA/VE

FMA/VE supports two VLAN tagging modes:
◆ “ESX Server virtual switch tagging” on page 101
◆ “ESX Server virtual guest tagging” on page 102
ESX Server virtual switch tagging

In the Virtual Switch Tagging (VST) mode, a VLAN ID is assigned to an ESX Server
switch port. Untagged layer 2 traffic is sent by using the link between the switch port
and the FMA/VE interface. When the switch receives this traffic, it directs it to the
configured VLAN.
On the FMA/VE, configure each physical eth1, eth2, eth3 or eth4 port with an IP
address, Net Mask, and Default Gateway.
Note: When using the VST mode, do not create a VLAN interface.
Configuring the VLAN number on the ESX switchport in VST mode

Virtual switch tagging is enabled when the port group’s VLAN ID is set to any
number between 1 and 4094, inclusive.
To use VST, create appropriate port groups. Give each port group a label and a VLAN
ID. Port group values must be unique on a virtual switch. Once the port group is
created, you can use the port group label in the virtual machine configuration.
To configure port group properties:
1. Log in to the VMware VI Client and select the server from the inventory panel.
The hardware configuration page for this server appears.
2. On the Configuration tab, click Networking.
3. Click Properties for a network. The vSwitch Properties dialog box appears.
4. On the Ports tab, select the port group and click Edit.
5. In the Properties dialog box for the port group, click the General tab to edit:
• Network Label — This is the name of the port group that you are creating.
• VLAN ID — This identifies the VLAN that the port group’s network traffic
will use.
6. Click OK to exit the vSwitch Properties dialog box.
VLAN tagging modes for FMA/VE 101

ESX Server virtual guest tagging

In the virtual guest tagging (VGT) mode, the link between the ESX Server switch port
and the FMA/VE ethernet port is permitted to carry traffic for multiple VLANs. This
is achieved by adding a VLAN ID or tag to each layer 2 frame transmitted between
the switch port and the FMA/VE ethernet port.
In Cisco parlance, this link is a trunk link.
The advantage of this link is that during VMware VMotion, the remote ESX Server
re-creates the trunk port, and the administrator does not need to preconfigure the
VLANs on the destination ESX Server/Switch combination. The use of VGT prevents
errors during VMotion.
Configuring VGT on To configure VGT:

the ESX Server
1. Log in to the VMware VI Client, and select the server from the inventory panel.
The hardware configuration page for this server appears.
2. On the Configuration tab, click Networking.
3. Click Properties for a network. The vSwitch Properties dialog box appears.
4. On the Ports tab, select the port group and click Edit.
5. In the Properties dialog box for the port group, click the General tab to edit:
• Network Label — This is the name of the port group that you are creating.
• VLAN ID — This identifies the VLAN that the port group’s network traffic
will use. To use VGT, type 4095.
6. Click OK to exit the vSwitch Properties dialog box.
Configuring VLAN On the FMA/VE side, the VGT mode requires the creation of VLAN interfaces on top
interfaces on the of the FMA/VE ethernet interface. IP addresses are assigned only to the VLAN
FMA/VE interfaces. Use the rfhsetup networking menu to bring the ethernet interface up.
To add a VLAN interface on the FMA/VE:
1. Log in to the FMA/VE. The rfhsetup configuration menu appears.
2. Select Configure FileManagement networking. The Network configuration
menu appears.
3. Select Configure Networking. A list of interfaces appears as follows:
FileManagement Network Setup, Main Menu
Name IP Address Network Mask Up/Down Comment
eth0 DOWN Unconfigured

1 of 4 entries displayed
Command: [Q]uit [A]dd [R]emove [S]ave [U]p [D]own re[F]resh [H]elp
Status: OK
rfhsetup <- Network configuration -> Interface eth0's
configuration
4. Type A to add a new interface. Use the left and right arrows to select a VLAN
interface and press Enter.
5. Type a name for the VLAN interface. The naming convention is

<bond>.<vlan-ID>. For example, to add VLAN ID 20 on eth0, the name will be
eth0.20. After typing the name, press Enter.
The new VLAN bond interface (for example, eth0.20) will be added to the
interface list.
6. Use the up and down arrows to select the newly created VLAN interface. Press
the right arrow. The eth0.20 VLAN configuration screen appears. Add the IP
address, netmask, and gateway.
7. Use the left arrow to exit the eth0.20 configuration menu and save the
configuration.
8. Use the left arrow to exit the Configure Networking menu and apply the saved
configuration.
VLAN tagging modes for FMA/VE 103

Glossary
This glossary contains terms related to file management. Many of these terms are
used in this manual.
A
API Application programming interface. A source code interface provided by the
computer application to support requests for services.
archiving Process that walks the share/export and performs policy-based file archiving.
Atmos Callback File Management callback service to support FileMover recall from Atmos.
Service
C
Celerra Callback File Management callback service to support FileMover recall from EMC Centera.
Service
Celerra FileMover HSM implementation used to support offline files on the Celerra.
D
DHSM Distributed Hierarchical Storage Management is the former name for Celerra
FileMover.
E
EMC Centera API API used to write and read files from EMC Centera.
EMC Centera content Unique key to the saved file on EMC Centera.
address
F
File version Multiple copies on secondary storage of the same file or path.
FileMover API API over HTTP exposed by Celerra Data Mover to create stub files.
FPolicy Callback File Management callback daemon used to support NetApp Fpolicy recall from all
Daemon (FCD) secondary storage.
FPolicy server NetApp Fpolicy server. Provides notification when client accesses stub files.
Glossary
FQDN Fully qualified domain name. Used with the Celerra Callback DNS entry.
H
HSM Hardware security module.
L
LDAP Lightweight Directory Access Protocol
M
MB Megabyte, 106 bytes.
N
NAS Network attached storage.
O
orphan file Files on the secondary storage with no reference to the primary storage.
P
primary storage NAS device that exports CIFS or NFS volumes.
R
RADIUS Remote Authentication Dial In User Service
retention period Number of days from time of archiving that a file can not be deleted.
S
secondary storage Data storage that is a backup to primary storage.
SNMP Simple Network Management Protocol
STIG Security Technical Implementation Guide
stub file/offline files Files that appear as normal files on the primary storage but point to data content
stored on the secondary storage.
T
TACACS+ Terminal Access Controller Access-Control System Plus
V
VMotion VMware VMotion technology is virtual machine mobility unique to VMware.
Index
A Celerra
access node IP 62 Atmos settings 46
access node string 62 callback agent settings 46
acdsetup.sh 47 configure in File Management GUI 45
admin user 76 Control Station 46
age passwords 78 DART version 46
alert settings file management configuration 45
email 91 FileMover API user 50
SNMP 92 FQDN 38, 46
alerts 88 prearchiving tasks 50
anonymous 62 source 46
anonymous bind 83 VDM 46
appliance Celerra callback agent
diagrams 30 before upgrade 71
rails 24 Celerra properties 46
Atmos Celerra Callback Service 47
configure in File Management GUI 62 celerracallback
creating connection from Celerra 54 FM upgrade 73
DNS name 63 stop 70
recall from 47 Certificate Authority 81
shared secret 63 certificate authority 85
Atmos callback agent 46 certificate management 84
atmoscallback chassis
FM upgrade 73 File Management 25, 26
stop 70 FMHA 28
authentication 62 CIFS specific settings
Celerra 46
NetApp 57
B Windows 59
backup dump cifs.client.dup-detection 55
create 65 clean install 70
File Management 64 cleartext 83
restore 66 CLI login 44
bind policy 81 client certificate 85
bind type 81 client configuration 81
command history 93
C command line interface 44
callback daemon community string 93
clean install 70 control station 46
DNS entry 48
ccdsetup.sh 47
CD clean install 70
CD full upgrade 72
Index
D FMHA
DART version 46 appliance details 28
Data Domain 63 CD full upgrade 72
database maintenance 69 configuring on Celerra 38
DBMaintenance.log 69 configuring on NetApp 38
Deploy OVF Template 41 UPG upgrade 72
DHSM 51 fmha_clean 70
automatically create connections 51 fmha_upgrade 72
connection password 53 fmrestore 44, 66, 67
manually create connections 53 fmsupportdump 44
directory exclusion 47, 58 fpolicy callback agent 58
disaster recovery 64 FPolicy Callback Service 56
disks fpolicy.enable 56
File Management 26 fpolicycallback
FMHA 29 FM upgrade 73
DNS entry 48, 60 stop 70
DNS server 43 fpsetup.sh 56
domain 43 FQDN 38, 46
DUMPFILE 66 fs_dhsm 53
duplicate session disable 55 Fully Qualified Domain Name. See FQDN
E G
EMC Centera global LDAP 81
access node IP 62 graphical user interface 44
access node string 62 GUI 44
authentication 62
creating connection from Celerra 54 H
recall from 47 harden appliance 76, 79, 84
enable SNMP alerts 92 host IP 57
ESX 39 hostname 43
hostname resolution 48
F
File Management I
adding Celerra 45 installation 70
adding NetApp 57 ISO image 70
backup 64, 66
Celerra to EMC Centera archiving 47
configure Atmos server 62 K
configure Data Domain server 63 Kerberos 83
configure Windows server 58
disable duplicate session 55 L
high availability appliance details 28 last 94
NetApp archiving 56 LDAP 84
overview 16 advanced settings 83
restore 64 authentication 81
filemanagement 72 basic settings 82
FileMover API 50 bind policy 82
setting before upgrading 71 global settings 81
setting in FMA 46 server type 81, 82
setting on Celerra 52 time limits 81
FileMover settings 45 Linux PAM users 77
fm_clean 70 local admin 58
fm_upgrade 72 local authentication database 84
FM-4 34 log alert pattern 91
FM-5 33 logs
FMA setup 43 alerts 88
fmbackup 44 rotating 86
before upgrade 72
creating backup 66
Index
M restore
md5sum 70 dumpfile 66
memory file management 66
File Management 26, 27 reverse lookup zones 49
FMHA 29 rfalertd 93
rffm 44
rfhsetup 76, 79, 82, 84, 85, 86, 87, 91, 93
N rflastcomm 94
NAS repository 60 rfpolicy 56
NAS repository list 61 rfsnmp 93
nasadmin 50 rfupgrade 73
NetApp root logins 77
directory exclusion 47, 58 rotating logs 86
file management configuration 55 rsadmin 95
FPolicy callback agent 58 rssystat 45
local admin 58
prerequisites as archiving source 55
source 58 S
vFiler 56 SASL 83
vFiler host IP 57 scp 86
network interfaces security hardening
File Management 26, 27 features 76
FMHA 29 logs 86
networking 43 sendmail 91
notification host 92 serial port
File Management 26, 27
FMHA 29
O server type 81
online help 22 shared secret 63
Open LDAP 81 simple bind 83
ops user 77 single security database 76
OVF file 39 SNMP
community string 93
P notification host 92
PAM. See pluggable authentication module SNMP alerts 92
passwords 78 SNMP polling 93
PEA file 62 STIG hardening 79
pluggable authentication module 76 strengthen passwords 78
Pool Entry Authentication file 62 system command accounting 93
port detail
FM-4 34 T
FM-5 33 TACACS+ 84
pretest script 72, 73 tgz file 66
Process Acounting package 93 time limits 81
psacct 93 TLS 83
track command history 94
R track user login history 94
RADIUS 84
RAID Controller U
FMHA 29 uc_config 50
RAID controller Unicode 50
FMA on Dell 26 UPG upgrade 72
FMA on HP 27 upgrade
rails 24 CD full 72
rainacd.domain 48 FileMover API considerations 71
rainccd.domain 48 pretest script 72, 73
Rainfinity setup tool 43 UPG 72
recall_policy 72 user profile 62
repository 60 UTF-8 50
Index
V
vFiler 56
VGT 102
VI Client 42
virtual data mover 46
VLAN tagging mode
virtual guest tagging 102
virtual switch tagging 101
VMDK file 39
VMotion 102
VMware
ESX 4.0 server 39
ESXi 3.5 server 39
VST 101
W
web service specific settings 63
wheel group 76
Windows 58
Windows domain user 95
X
xlt.cfg 50

FMA 7.3.1 Getting Started

Diunggah oleh

Informasi Dokumen

Deskripsi Asli:

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

FMA 7.3.1 Getting Started

Diunggah oleh

Hak Cipta:

Format Tersedia

EMC® File Management Appliance and

File Management Appliance/VE

Getting Started Guide

Published May, 2010

Chapter 2 File Management Appliance Hardware and Port Configurations

Chapter 3 Deploying File Management

Chapter 4 File Management System Settings

Appendix A Network Topology Scenarios

1 Celerra implementation ....................................................................................................... 18

1 FMA that is based on Dell R710 .......................................................................................... 25

Related Related documents include:

This chapter includes the following sections:

Overview of EMC File Management Appliance

File Management High Availability (FMHA)

File Management Appliance/VE (FMA/VE)

File Management Appliances

File Management Appliances 17

File Management with Celerra implementation

SMB over SMB over

3 FileMover API 2 DNS

EMC FMA PowerEdge

NFS CIFS Centera or Atmos

Figure 1 Celerra implementation

File Mangement with NetApp implementation

NFS Recall (Writes)

SMB over SMB over

FPolicy Primary Secondary 2

FPolicy API FPolicy API

EMC FMA PowerEdge

NFS CIFS/SMB Platform

NFS CIFS Centera or Atmos

Figure 2 NetApp FPolicy implementation

File Management Appliances 19

File Management tasks

Figure 3 Archived report example

Archive tasks may be one of three types:

File Management tasks 21

Auxiliary tasks are:

Using File Management

This chapter contains the following sections:

File Management Appliance Hardware and Port Configurations 23

Contents of the appliance

File Management Appliance types

File Management High Availability appliance types

File Management Appliance details

Table 1 FMA that is based on Dell R710

Chassis The appliance is based on Dell R710 11G hardware.

Size 2U form factor

Power Dual 570 watts

RAID controller SAS6/IR

Memory 1066-MHz, (2 x 2 GB), dual-ranked RDIMMs

Table 2 FMA that is based on Dell 2950 (page 1 of 2)

Component FMA-6 FMA-5

File Management Appliance details 25

Table 2 FMA that is based on Dell 2950 (page 2 of 2)

Component FMA-6 FMA-5

Remote management Dell DRAC Card. Dell DRAC Card.

Table 3 FMA that is based on HP ProLiant (page 1 of 2)

Chassis The appliance is based on the HP ProLiant DL380 G4 hardware.

Table 3 FMA that is based on HP ProLiant (page 2 of 2)

RAID controller SmartArray 6i storage controller.

Remote management Not applicable.

Memory 400 MHz, (4 x 1 GB), single-ranked DIMMs