• Configuring NAS servers

    PDF

    Configuring NAS servers

    Overview of configuring NAS servers

    Before you can provision SMB file storage on the storage system, a NAS server that is appropriate for managing SMB must be running on the system. A NAS server is a file server that uses the SMB protocol, NFS protocol, or both to share data with network hosts. It also catalogs, organizes, and optimizes read and write operations to the associated file systems.

    Configuring a NAS server requires specifying the following information:

    • SP that the NAS server will run on.
    • Pool used to store the NAS server's configuration data, such as anti-virus configurations, NDMP settings, network Interfaces, and IP addresses.
    • IP addresses that will be assigned to the NAS server to allow network hosts to access the shared data.

    You can balance the performance load on the storage system's SPs by choosing which NAS servers run on each SP, and which file systems are associated with which NAS server. For example, if you plan to provide file systems for two high-load database applications, you can choose to run a separate NAS server on each SP, and provision the storage for each application from a separate NAS server. This balances system performance by ensuring that the applications draw their processing resources from separate SPs.

    Create a NAS server for Windows-only file sharing (SMB)

    Before you begin

    Obtain the following information:

    • (Optional) Name of the tenant to associate with the NAS server.
    • Name of the pool to store the NAS server's metadata.
    • Storage Processor (SP) on which the NAS server will run.
    • IP address information for the NAS server.
    • VLAN ID, if the switch port supports VLAN tagging. If you associate a tenant with the NAS server, you must choose a VLAN ID.
    • If you are configuring a standalone NAS server, obtain the NetBIOS name, and workgroup, and define what will be used for the standalone SMB server's local administrator account.
    • If you are joining the NAS server to the Active Directory (AD), configure NTP on the storage system. Then obtain the SMB computer name (used to access SMB shares), Windows domain name, and the username and password of a domain administrator or a user who has a sufficient domain access level to join the AD. You can optionally specify the NetBIOS name and organizational unit. The NetBIOS name defaults to the first 15 characters of the SMB server name. The organizational unit defaults to OU=Computers,OU=EMC NAS servers.
    • DNS server information (optional for a standalone NAS server).
    • Replication information (optional).

    It is recommended that you balance the number of NAS servers on both SPs.

    Procedure
    1. Under Storage, select File > NAS Servers.
    2. Select the Add icon.
    3. On the General and Interface pages, specify the relevant settings. Note the following:
      • On the General page, the Server name identifies the NAS server. It is not a network name.
      • Optionally select a tenant to associate with the NAS server.
        Note:  Once you create a NAS server that has an associated tenant, you cannot change this association.
      • On the Interface page, optionally select a VLAN. If you selected a tenant on the General page, you must select a VLAN. The list of VLANs represent the VLANs associated with the selected tenant.
    4. On the Sharing Protocols page:
      • Select Windows Shares (SMB, CIFS). Then select Standalone to create a standalone SMB server, or select Join to the Active Directory domain to create a domain member SMB server.
      • If you join the NAS server to the AD, optionally click Advanced to change the default NetBios name and organizational unit.
    5. On the DNS page, configure DNS for the NAS server. This step is mandatory when joining to an AD domain, but optional for a standalone NAS server.
    6. On the Replication page, optionally select a replication mode and Recovery Point Objective (RPO) for the NAS server.

    Configure NAS server sharing protocols and FTP/SFTP settings

    You can configure SMB support when you create a NAS server or change its properties. You can configure FTP/SFTP support for an existing NAS server only.

    If you are creating a NAS server, access the NAS server sharing protocol options from the Sharing Protocols window in the Create a NAS server wizard.

    If you are changing NAS server properties, follow these steps to access the NAS server sharing protocol and FTP options:

    1. Under Storage, select File > NAS Servers.
    2. Select the relevant NAS server, and then select the Edit icon.
    3. Select the Sharing Protocols tab.
    SMB support

    If you are changing NAS server properties, select the SMB sub-tab on the Sharing Protocols tab.

    Task
    Description
    Enable or disable the NAS server's ability to serve files using the SMB protocol.
    Select or clear the Enable Windows shares (SMB, CIFS Server) option. You cannot disable this option if multiprotocol sharing mode is enabled.
    Configure SMB without Active Directory (AD) support.
    Select Standalone and specify the requested information.
    Configure SMB with AD support.
    1. Select Join to the Active Directory domain.
    2. Specify the requested information.
    3. Optionally, click Show Advanced to change the default NetBios name and organizational unit.
    FTP/SFTP support

    You can configure FTP or FTP over SSH (SFTP) settings for an existing NAS server only. Select the FTP sub-tab on the Sharing Protocols tab.

    Task
    Description
    Enable or disable the NAS server's ability to share files using the FTP protocol.
    Select or clear Enable FTP. If this option is selected, optionally click the other options to customize user authentication, user home directory, and message settings.
    Enable or disable the NAS server's ability to share files using the SFTP protocol.
    Select or clear Enable SFTP. If this option is selected, optionally click the other options to customize user authentication, user home directory, and message settings.

    FTP access can be authenticated using the same methods as SMB. Once authentication is complete, access is the same as SMB for security and permission purposes. If the format is domain@user or domain&#xser, SMB authentication is used. SMB authentication uses the Windows Domain Controller.

    To use local files for FTP access, the passwd file must include an encrypted password for the users. This password is used for FTP access only. The passwd file uses the same format and syntax as a standard Unix system, so you can leverage this to generate the local passwd file. On a Unix system, use useradd to add a new user and passwd to set the password for that user. Then, copy the hashed password from the /etc/shadow file, add it to the second field in the /etc/passwd file, and upload the /etc/passwd file to the NAS server.

    Change NAS server properties

    When changing NAS server properties, note that you cannot disable DNS for NAS servers that support SMB file sharing and that are joined to an Active Directory (AD).

    Procedure
    1. Under Storage, select File > NAS Servers.
    2. Select the relevant NAS server, and then select the Edit icon.
    3. On the General tab:
      • Change the NAS server name.
      • Select SP Owner to transition from one SP to the other SP for this NAS server. For example, you may want to do this if you have an overloaded SP, and want to reduce the load by moving the server to the other SP.
    4. On the Network tab:
      • Select the Interfaces & Routes sub-tab to add, change, delete, or verify NAS server interfaces, enable or disable IP packet reflect for the NAS server, or change the NAS server's preferred interfaces. Select an interface, and then select Show external routes for interfaces to access the per-interface routing table, where you can add, change, or delete the selected interface's routes for responding to client requests.
      • Select the Routes to External Services sub-tab to add, change, or verify NAS server routes for external service requests, or to configure default gateways.
    5. On the Naming Services tab, configure DNS and either configure the UNIX Directory Service (UDS) for the NAS server (LDAP or NIS) or use local files. Alternatively, you can use local files with a UDS. In this case, the system checks the local files first.
    6. On the Sharing Protocols tab:
      • Select the SMB sub-tab to enable or disable support for Windows shares and to change SMB properties.
      • Select the FTP sub-tab to enable or disable FTP or SFTP, or to change FTP or SFTP properties.
    7. On the Protection & Events tab:
      • Select the NDMP Backup sub-tab to enable or disable NDMP, and to change the NDMP password.
      • Select the DHSM sub-tab to enable or disable Distributed Hierarchical Storage Management (DHSM) and to change the DHSM password.
      • Select the Events Publishing sub-tab to enable or disable Events Publishing, create or modify an event pool, and create or modify events policy settings.
    8. On the Security tab, select the Antivirus sub-tab to enable or disable the antivirus service and to retrieve or upload the antivirus configuration file.
    9. On the Replication tab, optionally select a replication mode and Recovery Point Objective (RPO) for the NAS server.

    View the active LDAPS CA certificate for a NAS server

    This option is available for anonymous and simple LDAP authentication that uses SSL and enforces certification.

    Procedure
    1. Under Storage, select File > NAS Servers.
    2. Select the relevant NAS server from the list, and then select the Edit icon.
    3. Select the Naming Services tab, and then select the LDAP/NIS sub-tab.
    4. Click Retrieve CA Certificate.

    Upload an LDAPS CA certificate for a NAS server

    Procedure
    1. Under Storage, select File > NAS Servers.
    2. Select the relevant NAS server, and click the Edit icon.
    3. On the Naming Services tab, select the LDAP/NIS sub-tab.
    4. Select LDAP Secure (Use SSL) and Enforce Certification Authority (CA) Certificate, if these options are not already selected. These options are available for Anonymous and Simple authentication.
    5. Select Upload CA Certificate, locate the certificate to upload, locate the certificate, and click Start Upload.

    NDMP settings

    The Network Data Management Protocol (NDMP) provides a standard for backing up file servers on a network. NDMP allows centralized applications to back up file servers running on various platforms and platform versions. NDMP reduces network congestion by isolating control path traffic from data path traffic, which permits centrally managed and monitored local backup operations. Enabling NDMP for file system storage resources makes it possible to use third party NDMP products to back up and restore file system data.

    You can enable NDMP by configuring NAS server settings.

    Understanding Common AntiVirus Agent (CAVA)

    Common AntiVirus Agent (CAVA) provides an antivirus solution to clients using a NAS server. It uses an industry-standard SMB protocol in a Microsoft Windows Server environment. CAVA uses third-party antivirus software to identify and eliminate known viruses before they infect files on the storage system.

    Why is antivirus important?

    The storage system is resistant to the invasion of viruses because of its architecture. The NAS server runs data access in real-time using an embedded operating system. Third parties are unable to run programs containing viruses on this operating system. Although the operating system software is resistant to viruses, Windows clients that access the storage system require virus protection. Virus protection on clients reduces the chance that they will store an infected file on the server, and protects them if they open an infected file. This antivirus solution consists of a combination of the operating system software, CAVA agent, and a third-party antivirus engine. The CAVA software and a third-party antivirus engine must be installed on a Windows Server in the domain.

    For additional information about CAVA, which is part of Common Event Enabler (CEE), refer to Using the Common Event Enabler on Windows Platforms on Online Support.