This chapter describes how to use SGI Management Center for InfiniteStorage (SMC IS) to configure the various components of your system and perform general system administration:
“Network Interface Configuration” describes how to configure and modify the network interfaces for the system
“Storage Configuration” describes how to list filesystems and iSCSI targets
“User and Group Configuration” describes how to configure a name service client, local users, local groups, and user and group quotas
“NFS Configuration” describes how to configure NFS to share filesystems
“CIFS Configuration” describes how to configure CIFS to share filesystems
“SNMP Configuration” describes how to configure basic Simple Network Management Protocol (SNMP)
“Global Configuration” describes how to perform various general administration functions
“Operations” describes how to save changes to the configuration files and restore them, how to gather support and performance data, and how to shut down the system
Figure 3-1 shows the top level Management screen.
You can use SGI Management Center for InfiniteStorage (SMC IS) to configure and modify the network interfaces for the system. When configuring the system, you must consider the difference between the management interface and the remainder of the interfaces in the system.
The management interface is the first interface in the machine (eth0), which is dedicated for use by SMC IS. The remainder of the interfaces in the system are used for fileserving.
You can configure these ports as individual standalone ports or you can group these ports together into a bonded network interface .
Bonding interfaces together gives you the aggregated bandwidth for multiple clients of all of the interfaces that constitute the bonded interface. For most systems, this can significantly increase performance over a system in which all of the interfaces are configured as individual network ports.
For further information, see:
 | Caution: Ensure that the hardware settings are correct before you configure the network interfaces. For information on hardware setting, see the Quick Start Guide for your system. |
When the system is shipped from the factory, the management interface has a preconfigured IP address. When using the Setup Wizard, you connect a laptop to that interface in order to perform the initial setup tasks. For information on the Setup Wizard, see Chapter 2, “Initial System Setup”.
The management interface is always configured as an individual network interface and cannot be part of a bonded interface.
You can modify the management interface by selecting eth0 from the following screen:
Management -> Resources -> Network Interfaces -> Modify
For information on the network configuration parameters you can modify, see “Ethernet Network Interfaces”.
| Caution: If you configure an incorrect IP address for the management interface, you can make SGI Management Center for InfiniteStorage (SMC IS) inaccessible. |
To see the available Ethernet network interfaces and change their parameters, select the following:
Management -> Resources -> Network Interfaces -> Modify
To modify an interface, select it. You can change the following fields:
To see the available InfiniBand network interfaces and change their parameters, select the following:
Management -> Resources -> Network Interfaces -> Modify
To modify an interface, select it. You can change the following fields:
| Enabled | Enables the interface. | |||
| Speed | Displays the port speed of the InfiniBand card, which is usually Autonegotiate . | |||
| Duplex | Displays the duplex of the InfiniBand connection, which is usually Autonegotiate. | |||
| Automatic discovery by DHCP | Specifies that dynamic host configuration protocol (DHCP) will be used to configure the Ethernet interface. (Another system must be the DHCP server.) | |||
| Static | Specifies that a particular IP address is required for the network interface. If you select this, you must provide the IP address and subnet mask. | |||
| Dedicated | Specifies the local and remote IP address for a dedicated network connection between the storage server and another host, for example a dedicated VLAN network or single point-to-point network cable. A dedicated network interface is an interface that has been configured to use a point-to-point connection with a single remote host. All network traffic to and from that server will go via the local dedicated network interface and no other traffic will appear on that interface. Dedicated network interfaces can be useful when there may be a large amount of network traffic to a specific host and you wish to prevent interference with other network traffic to other hosts.
|
A bonded interface is a virtual network interface that consists of real interfaces working in tandem. You use bonded interfaces on NAS systems to increase bandwidth to NFS and CIFS clients.
A virtual interface can provide the aggregated bandwidth of all of the interfaces that you used to create it.
 | Note: Any single client can achieve the bandwidth of only a single interface at a time. A bonded interface increases the aggregate bandwidth for multiple clients. |
For example, if you have three interfaces each with a bandwidth of 10, the aggregate bandwidth is 30. For an individual client, however, the maximum bandwidth remains 10. When additional clients access the bonded interface, the clients are assigned to the subinterfaces, and up to three clients can use a bandwidth of 10 at the same time. Thus multiple clients accessing the system increase the aggregate bandwidth, improving the performance to a maximum bandwidth of 30.
For example, Figure 3-2 shows a configuration in which all clients connect to a single IP address (192.168.0.3 ). The switch is responsible for sharing the load across four bonded interfaces (eth1-eth4). Therefore, four times as many clients can communicate with the same server without a loss in overall performance.
Output load balancing controls how the server chooses which subinterface will send replies. Input load balancing controls how clients are assigned to subinterfaces, and how and when clients are moved from one subinterface to another. Load balancing happens on a per-packet basis. When a client sends a packet, it traverses a switch, which determines at which subinterface the packet arrives. Input load balancing ensures that each client arrives at a different subinterface. The clients see only one interface because the balancing is done by the system.
In addition to configuring a bonded interface in SGI Management Center for InfiniteStorage (SMC IS), you must configure the ports on the switch so that they use either static trunking or 802.3ad dynamic trunking. For more information, refer to the user manual for your switch.
To create a bonded interface, select the following:
Management -> Resources -> Network Interfaces -> Create a bonded interface
The available interfaces are displayed for selection.
When you configure a bonded interface, you specify the following:
| Available interfaces | Specifies the interfaces to be used. | |||
| Bonding mode | Selects a bonding mode that governs the relation of the subinterfaces to a switch and defines the protocol that is used for assigning network switch ports to a bonded interface:
Your choice depends upon what your switch supports:
| |||
| Output Load Balancing | Specifies how the server chooses which subinterface will send replies:
|
| IP address | Specifies the IP address of the new bonded interface. The IP address for a bonded interface must be configured statically. SMC IS does not support DHCP and dedicated IP addresses for bonded interfaces. |
| Subnet mask | Specifies the subnet mask of the new bonded interface. All configured network interfaces should be on different subnets. |
Click Apply Changes to create the bond.
This section discusses the following:
These features are available under the following menu selection:
Management -> Resources -> Storage
To configure notification of failed devices, use the Failure Notification option:
Management -> Resources -> Storage -> Devices -> Failure Notification
For each available platform, enter the interval at which to scan for for device failures (0-59 minutes, 0 to disable), enter one or more email addresses to send notifications to, and check the SNMP trap box to enable that as desired.
Each SNMP trap is sent using the SGI-SSMC-SMI::devstatDriveFailure object identifier. To allow the SNMP monitoring application to fully parse the object, see the procedure in “SNMP Configuration”.
For the LSI MegaRAID platform, any drive whose state is Failed, Unconfigured Bad, or Offline is deemed to have failed.
To display a brief description of the available local filesystems, use the List option:
Management -> Resources -> Storage -> Filesystems -> List
For filesystems that are mounted, storage capacity and usage are displayed, along with related NFS exports and CIFS shares.
Filesystems that are listed in /etc/fstab will be presented with mount and unmount check boxes (except for the root filesystem). Those selected will be put into effect when the Apply button is clicked.
Internet Small Computer Systems Interface (iSCSI) is a protocol that is used to transport SCSI commands across a TCP/IP network. This allows a system to access storage across a network just as if the system were accessing a local physical disk. To a client accessing the iSCSI storage, the storage appears as a disk drive would appear if the storage were local.
In an iSCSI network, the client accessing the storage is called the initiator and runs iSCSI Initiator software. The remote storage that the client accesses is called the target, which is what appears to the initiator as a disk drive.
A common application of an iSCSI network is to configure an Exchange Server as an iSCSI initiator that uses an iSCSI target as its mail store.
Figure 3-3 illustrates iSCSI storage. Each client (initiator) is configured to connect to a specific iSCSI target (an area allocated in the RAID iSCSI storage pool), and views this target as if it were a local disk. The lines in Figure 3-3 indicate data flow.
You can use SGI Management Center for InfiniteStorage (SMC IS) to create iSCSI targets on the RAID storage. An iSCSI initiator will be able to connect to the system and access those targets, format them, and use the targets as it would use a disk drive.
You cannot configure SMC IS itself as an initiator, and you cannot re-export iSCSI targets with NFS or CIFS. In addition, you cannot export existing filesystems that you have created with SMC IS as iSCSI targets; you can create filesystems and configure them to be exported by NFS or CIFS, but you must configure iSCSI targets separately on the RAID device.
SMC IS supports the iscsitarget and tgt packages in SUSE® Linux® Enterprise Server (SLES) 11 for creating targets. They are mutually exclusive; installing tgt removes iscsitarget.
| Note: Due to the nature of iSCSI as a block-level protocol (as distinct from file-level protocols such as NFS and CIFS), particular care must be taken in the event of a system crash, power failure, or extended network outage. See “Power Outage and iSCSI” in Chapter 5. |
This section discusses the following:
Perform the following steps to create an iSCSI target:
Select the Create Target option:
Management -> Resources -> Storage -> iSCSI -> Create Target
The Target Name screen lets you specify the target information. Enter the domain and optional identifier for the iSCSI name and the LUNs for the target in the following fields:
Domain Specifies an iSCSI qualified name (which is a unique name that starts with iqn), then a year and month, then an internet domain name in reverse order. A default name appears based on the current system configuration. If in doubt, leave this field as is.
Identifier Specifies a string that will be used to uniquely identify the target. If you create only one target, this is optional. If you create more than one target, each must have a unique identifier. By default, a unique target identifier is provided for you.
LUNs Specifies logical units (LUNs) to be used for the target. Enter the path to a block device to add to the list. Applicable block devices and logical volumes will be listed in pulldown menus if they are available. Use the buttons on the right to reorder or remove entries in the list.
Click Next.
The Target Options screen defines access to the target. You must specify at least one authentication option:
Note: If more than one initiator were to write to the same target at the same time, there is a high risk of data loss. By using one or more authentication options, you ensure that only one client (initiator) can access an individual target at a time. Authentication:
Initiator IP Address Specifies the IP addresses of the initiators that will be allowed access to this target
Challenge Handshake Authentication Protocol (CHAP) authentication, in which the initiator will supply the following information to the target:
Target Username Specifies the username that the initiator must supply to connect to the target using CHAP authentication. (This is not the username with which you logged in to SMC IS; it is specific to the iSCSI target that you are defining.)
Target CHAP Secret Specifies the password that the initiator must supply to connect to the target using CHAP authentication. It must be in the range from 12 through 16 characters. (This is not the password with which you logged in to SMC IS; it is specific to the iSCSI target you are defining.)
Re-enter Target CHAP Secret Verifies the CHAP secret.
Mutual CHAP authentication, in which the target will supply the following information to the initiator:
Mutual Username Specifies the target username for mutual CHAP authentication. With mutual CHAP authentication, after the initiator supplies a username, the target must supply a username and password back to the initiator. If you leave the Mutual Username field blank, it defaults to the target username.
The mutual name is usually ignored by initiators, which only care about the mutual secret. When the client connects to a target, the iSCSI initiator software verifies that the mutual secret specified in SMC IS matches the secret specified in the initiator.
Mutual CHAP Secret Specifies the mutual CHAP secret.
Note: This secret should be different from the target CHAP secret.
Re-enter Mutual CHAP Secret Verifies the mutual CHAP secret.
You must enter the CHAP username and secret specified on this screen in the iSCSI initiator software on the client in order for the initiator to be able to authenticate with and connect to the target. For a Windows client, this is the username and secret you enter in the Microsoft™ iSCSI Initiator program.
The Confirm screen summarizes the target options you have selected. Click Next to confirm your choices and create the iSCSI target.
The Finished screen indicates that the iSCSI target has been created. Select Done .
After you have created iSCSI targets, select the following to see what initiators are connected to what targets:
Monitoring -> Clients -> iSCSI
SMC IS lets you configure iSCSI targets for use by an iSCSI initiator, such as the Microsoft iSCSI Software Initiator or the iSCSI initiator included with various Linux® and UNIX® distributions.
After you have created an iSCSI target, you must configure the initiator on the client system that will connect to the target. You must specify the following:
Hostname of the storage server
Target identifier
Any CHAP authentication details you configured when creating the target (for specific instructions, see the documentation supplied with your iSCSI initiator)
After the iSCSI initiator has connected to the target, the target will appear as a disk drive on the client system and can then be formatted using the tools supplied with the client operating system.
The following is an example of configuring a Windows client (it assumes that you have already created a target or targets):
Download the iSCSI Initiator from Microsoft's web site (http://www.microsoft.com/ ) and install it on the Windows client.
Open the iSCSI Initiator Control Panel applet.
Add the storage server to the list of Target Portals.
Select the iSCSI target to connect to from the Targets list and click Log On.
Specify CHAP authentication details in the Advanced settings.
Use the following tool to partition and format the target and assign a drive letter:
Start Menu -> Administrative Tools -> Computer Management -> Disk Management
The iSCSI menu also provides the following management options:
| List Targets | |
| Create Target | |
| Modify Target | Modifies the authentication settings you defined on the Target Options screen when you created an iSCSI target. |
| Destroy Target | |
| Stop/Start | Stops or starts the iSCSI service. If you are backing up the system, taking the iSCSI service offline ensures that the data is in a consistent state. |
SGI Management Center for InfiniteStorage (SMC IS) lets you configure the following:
SGI Management Center for InfiniteStorage (SMC IS) can create and add user and group accounts to access the storage server locally. This is a local database only; these users and groups do not interact with the users and groups provided by the name server. If you search the site directory and do not find the user or group data you are looking for, the system searches this local database. The local user accounts will be used for authentication for CIFS shares if you are not using LDAP or Active Directory authentication.
| Caution: If you create a local user and subsequently add that user in the sitewide directory, access problems may result. For example, if you create local user Fred with a UID of 26, Fred will be able to create local files. But if you subsequently add a user Fred on a sitewide name services directory with a different UID, user Fred will be unable to access those local files because the system will use the sitewide name and UID first. |
If you are using LDAP or Active Directory as a name service client, a user must be present in LDAP or Active Directory and you will not be able to authenticate local users and groups. In this case, adding local users and groups may be useful for ID mapping, but authentication does not use the local password files.
When you select the Import option for either Local Users or Local Groups , you can choose among the following actions:
Merge the imported new users or groups with the current list, ignoring any accounts or groups with the same name. (That is, if there is an existing user or group, keep it rather than the new imported user or group.)
Merge the imported new users and groups with the current list, overwriting any exists in accounts or groups of the same name. (That is, if there is an existing user or group, replace it with the new imported user or group.)
Replace all current unrestricted users or groups with the new imported users or groups.
Accounts with a UID or GID of less than 1000 are considered restricted and are not imported or replaced.
If you use a shadow file, which is a file that is protected from all access by non-root users and stores the encrypted passwords, then you can use the Import Users screen to import this file as well as the password file itself.
SGI Management Center for InfiniteStorage (SMC IS) will create new filesystems with both user and group quotas enabled by default.
This section discusses the following:
You can use the following screen to specify the user for whom you want to modify quotas:
Management -> Resources -> Users & Groups -> User Quotas
Enter the name of the user and click Submit. (To modify the default for user quotas, leave the field blank.) The following screen displays the current amount of disk space that can be used (disk limits, in KiB) and the number of files that can be owned (file limits):
The soft limit is the number of 1-KiB blocks or the number of files that the user is expected to remain below. If a user hits the soft limit, a grace period of 7 days will begin. If the user still exceeds the soft limit after the grace period expires, the user will not be able to write to that filesystem until he or she removes files in order to reduce usage.
The hard limit is the number of 1-KiB blocks or the number of files that the user cannot exceed. If a user's usage reaches the hard limit, he or she will be immediately unable to write any more data.
| Note: The administrator can set quotas for the root user. However, instead of enforcing these quotas against the root user specifically, they will apply to all users that do not have their own quotas set. In other words, setting quotas for the root user will set the default quotas for all normal users and groups. (The actual root user is exempt from quota limits.) |
You can use the following screen to specify the group for which you want to modify quotas:
Management -> Resources -> Users & Groups -> Group Quotas
Enter the name of the group and click Submit. (To modify the default for group quotas, leave the field blank.) The following screen displays the current amount of disk space that can be used (disk limits, in KiB) and the number of files that can be owned (file limits):
The soft limit is the number of 1-KiB blocks or the number of files that the group is expected to remain below. If any user in that group hits the soft limit, a grace period of 7 days will begin. If the user still exceeds the soft limit after the grace period expires, the user will not be able to write to that filesystem until he or she removes files in order to reduce usage.
The hard limit is the number of 1-KiB blocks or the number of files that the group cannot exceed. If the usage for a user in that group reaches the hard limit, he or she will be immediately unable to write any more data.
| Note: The administrator can set quotas for the root group. However, instead of enforcing these quotas against the root group specifically, they will apply to all groups that do not have their own quotas set. In other words, setting quotas for the root group will set the default quotas for all normal groups. (The actual root user is exempt from quota limits.) |
To configure filesystems so that they are available for network clients by means of the NFS network protocol, select the following:
Management -> Services -> NFS
This screen displays a link for Global Options and all of the filesystems that have been created with SMC IS, whether or not they have been enabled for export.
To specify NFSv4 options, select Global Options. To change the export options, select an individual filesystem name or All Filesystems. See:
| Note: Reverse lookup for NFS clients must be properly configured in the DNS server. |
The Global Options screen lets you specify the following:
| Enable NFSv4 | Specifies whether NFSv4 is enabled (checked) or not. If enabled, an NFS exported filesystem will be accessible via both NFSv3 and NFSv4. The following fields are only relevant if you have enabled NFSv4. | |||
| NFS serving domain | Specifies the serving domain. If NFSv4 is enabled, the mapping of user/group IDs between the client and server requires both to belong to the same NFS serving domain. | |||
| Enable Kerberos | Specifies whether Kerberos™ is enabled (checked) or not. Enabling Kerberos forces encrypted authentication between the NFS client and server. Furthermore, the NFS exported filesystems will only be accessible to a Kerberos enabled client via NFSv4. The following fields are only relevant if you have enabled Kerberos.
| |||
| Realm | Specifies the Kerberos realm in which the NFSv4 server operates. | |||
| Domain | Specifies the DNS domain name that corresponds to the realm. | |||
| KDC | Specifies the key distribution center (KDC). In most cases, the KDC will be the same system as the Kerberos admin server. However, if the admin server in your Kerberos environment is not used for granting tickets, then set the KDC to the system that grants tickets. | |||
| Admin Server | Specifies the server containing the master copy of the realm database. | |||
| Keep Existing Keytab | Select this radio button to keep the existing keytab without changes. | |||
| Update Keytab | Select this radio button to change the principal user and password for the existing keytab. | |||
| Principal | Specifies a user that belongs to the Kerberos server with sufficient privileges to generate a keytab for the NFS server. | |||
| Password | Specifies the principal's password. | |||
| Upload Keytab | Copies the selected file to /etc/krb5.keytab on the NFS server. Click Browse to see a list of available files. | |||
| Verify Keytab | Specifies that the keytab should be verified. This is not supported by Active Directory. |
You can choose to export or not export a filesystem by clicking the check box. The current export point is shown following the Directory label. To export a subdirectory under the export point, enter its path in the text field (a leading “/” may be omitted.)
When you enable a filesystem for export, you can do one of the following:
After specifying the configuration parameters, click Apply changes.
If you select Use export options, you must specify the following:
| Read-only | Specifies that the client has access to the filesystem but cannot modify files or create new files. | |||||||
| Asynchronous writes | Specifies whether or not to use asynchronous writes. Data that is written by the client can be buffered on the server before it is written to disk. This allows the client to continue to do other work as the server continues to write the data to the disk. By default, writes are performed synchronously, which ensures that activity on the client is suspended when a write occurs until all outstanding data has been safely stored onto stable storage. | |||||||
| Allow access from unprivileged ports | Allows access for Mac OS X clients or other NFS clients that initiate mounts from port numbers greater than 1024. If there are no such clients on your network, leave this option unchecked. | |||||||
| All hosts | Allows connections from anywhere on a network. | |||||||
| Local subnet | Allows connections from the indicated subnet. You can select any subnet from those that have been defined for the network interfaces. | |||||||
| Kerberos aware clients (krb5) | Allows connections only from those systems that are Kerberos aware (if Kerberos is enabled in “Global Options”) over NFSv4. | |||||||
| Kerberos with Integrity support aware clients (krb5i). | Allows connections only from those systems that are Kerberos with Integrity support aware (if Kerberos is enabled in “Global Options”) over NFSv4 | |||||||
| Restrict to hosts | Specifies the set of hosts that are permitted to access the NFS filesystem. You can specify the hosts by hostname or IP address; separate values with a space or tab. For example, you could restrict access to only the hosts on a Class C subnet by specifying something like the following:
To allow hosts of IP address 150.203.5.* and myhost.mynet.edu.au, specify the following:
You can also specify hosts by network/subnet mask pairs and by netgroup names if the system supports netgroups. To allow hosts that match the network/subnet mask of 150.203.15.0/255.255.255.0 , you would specify the following:
To allow two hosts, hostA and hostB, specify the following:
|
If you select Use custom definition, you can enter any NFS export options that are supported in the Linux /etc/exports file.
For example, the following entry gives 192.168.10.1 read-write access, but read-only access to all other IP addresses:
192.168.10.1(rw) *(ro) |
| Note: There cannot be a space between the IP address and the export option. |
For information on the /etc/exports file, see the exports(5) man page. [1]
To configure filesystems so that they are available for network clients by means of the CIFS network protocol, select the following:
Management -> Services -> CIFS
All of the filesystems created with SGI Management Center for InfiniteStorage (SMC IS) are displayed on this screen, whether or not they have been enabled for sharing. To share a file, select it and click the Shared? box. The current share path is shown following the Directory label. To share a subdirectory under the share path, enter its path in the text field (a leading “/” may be omitted.)
Specify the following Share Options:
| Share name | Specifies the name under which the filesystem will appear to a Windows client, as displayed in its Network Neighborhood. | ||||||||
| Comment | Specifies an arbitrary string to describe the share. | ||||||||
| Read-only | Specifies that the client has access to the filesystem but cannot modify files or create new files. | ||||||||
| Allow guest users | Specifies that users can gain access to the CIFS filesystem without authenticating. Uncheck this option to allow connections only to valid users. By default, the CIFS protocol requires a password for authentication. If you are configured as an Active Directory client, then the authentication is distributed. See “Active Directory”. | ||||||||
| Always synchronize writes | Ensures that write activity on the client is suspended when a write occurs until all outstanding data has been safely stored onto stable storage. If you do not check this box, data that is written by the client can be buffered on the server before it is written to disk. This allows the client to continue to do other writing as the server continues to write the data to the disk. This is the faster write option and is recommended. | ||||||||
| Allow symbolic linking outside of the share | Specifies that symbolic links made by NFS users that point outside of the Samba share will be followed.
| ||||||||
| All hosts | Allows connections from anywhere on a network. | ||||||||
| Local subnets | Allows connections from the indicated subnet. You can select one subnet in this field and you must choose it from the available interfaces as set in the Network Interfaces screen. | ||||||||
| Restrict to hosts | Specifies the set of hosts that are permitted to access the CIFS filesystem. You can specify the hosts by name or IP number; separate values by a space or tab. For example, you could restrict access to only the hosts on a Class C subnet by specifying something like the following:
To allow hosts of IP address 150.203.5.* and myhost.mynet.edu.au, specify the following:
You can also specify hosts by network/subnet mask pairs and by netgroup names if the system supports netgroups. You can use the EXCEPT keyword to limit a wildcard list. For example, to allow all IP address in 150.203.*.* except one address (150.203.6.66), you would specify the following:
To allow hosts that match the network/subnet mask of 150.203.15.0/255.255.255.0 , you would specify the following:
To allow two hosts, hostA and hostB , specify the following:
|
After specifying the configuration parameters, select Apply changes.
SGI Management Center for InfiniteStorage (SMC IS) lets you configure basic SNMP monitoring support on your storage server. In order to query the SNMP service and receive SNMP traps, you will require an external management station with appropriately configured monitoring software.
To configure the SNMP service, select the following:
Management -> Services -> SNMP
The SNMP screen lets you configure the following parameters:
| Enable SNMP | Enables or disables the SNMP service. | |
| Allow SNMP access from | Specifies the IP address of the Network Monitoring Station (NMS) or the network segment that is allowed to access the SNMP service. | |
| Trap destination | Specifies the IP address of your NMS for receiving default SNMP traps. | |
| Community string | Specifies the SNMP community string to use when sending SNMP traps and when querying the SNMP service. The default is public. | |
| System name | Specifies the system name. This field is automatically set by SMC IS to the hostname of the server. However, you may change this to something more appropriate to your environment. | |
| System location | Specifies the physical location of the storage server (optional). | |
| System contact | Specifies the contact details (such as the name and email address) of one or more persons responsible for administration of the server (optional). | |
| System description | Provides addition descriptive information for identifying the server (optional). |
After applying your configuration changes to the SNMP service, you should receive start/stop SNMP v2 traps notifying you that the SNMP service has been restarted.
To allow the SNMP monitoring application to fully parse trap objects, do the following:
On the trap destination system, install the sgi-snmpagent-mibs package from the SGI Foundation Software media.
Copy the following file from the storage server system to the same directory on the trap destination system:
/opt/sgi/snmpagents/mibs/sgi-ssmc-smi.mib
Make the management information bases (MIBs) in /opt/sgi/snmpagents/mibs known to the SNMP monitoring application.
The following sections describe the following aspects of system administration that you can perform with SGI Management Center for InfiniteStorage (SMC IS):
Use the System Name screen to set the following system components:
| System name | Specifies the fully qualified domain name (FQDN) for this storage server. The default system name is sgiserver.
| |||
| Workgroup | Specifies the NetBIOS workgroup to which the machine should belong. The default is WORKGROUP. If you are not using CIFS, you can ignore this setting. | |||
| Default network gateway | Specifies the IP address of the router that this system should use to communicate with machines that are outside of its subnet. | |||
| Management IP address | Specifies the IP address of the management interface. | |||
| Subnet mask | Specifies the subnet mask of the management interface. | |||
| Use DHCP | Specifies whether or not to use dynamic host configuration protocol (DHCP). |
You can also use the Network Interfaces screen for eth0 to configure or modify the management interface. For information on these options, see “Ethernet Network Interfaces”.
The Name Service Client screen lets you specify a name service (or directory service) for the system. A name service is the application that manages the information associated with the network users. For example, it maps user names with user IDs and group names with group IDs. It allows for centralized administration of these management tasks.
You can specify whether you are using local files (if you have no sitewide protocol and names and IDs are kept locally on server), Active Directory services, lightweight directory access protocol (LDAP), or the sitewide network information service (NIS).
| Note: When specifying servers on the Name Service Client screen, you must use IP addresses rather than hostnames, because the system may require a name service client to determine the IP address from the hostname. |
The Local Files Only selection specifies that an external name server will not be used. All user and group name to ID mapping will be done using local users and groups. See “Local Users and Groups”.
Active Directory is a directory service that implements LDAP in a Windows environment. It provides a hierarchical structure for organizing access to data. CIFS authentication will automatically use the Active Directory service.
| Note: The Active Directory section is disabled if there are no Active Directory DNS servers specified. See “DNS and Hostnames”. |
The following Active Directory components appear on the Name Service Client screen:
| Active Directory domain | Specifies the full domain name of the Active Directory.
| |||||
| Domain Controller | Specifies a domain controller. | |||||
| Administrative user | Specifies the user with administrator privileges. | |||||
| Allow this user to remotely manage CIFS share permissions | Specifies whether or not the Administrative user shown will be able to use the Windows MMC Computer Management GUI to manipulate CIFS share permissions remotely when you join the Active Directory domain. | |||||
| Password | Specifies the password for the administrator user. For security reasons, the Active Directory password cannot contain the following characters:
| |||||
| Re-enter password | Verifies the password for the administrative user. | |||||
| UID/GID Mapping | Lets you manage UNIX user ID (UID) and group ID (GID) mapping on the Active Directory server, using one of the following:
|
| Caution: Depending on your environment, making changes to the UID/GID mapping may result in ownership changes of user files. |
Lightweight directory access protocol (LDAP) is a networking protocol that organizes access to data in a directory tree structure. Each entry in the tree has a unique identifier called the distinguished name.
The default LDAP server IP address is the local host. You will probably need to specify a different IP address.
Fields:
| LDAP server | Specifies the IP address of the LDAP server. | ||
| Base | Specifies the distinguished name of the base of the subtree you will be searching. | ||
| Root binddn | Specifies the distinguished name of the user to whom you are assigning root privileges for administration. This is expressed as a node in the directory tree that refers to a user account. | ||
| Password | Specifies the password that will be required to authenticate against the LDAP server. For security reasons, the LDAP password cannot contain the following characters:
| ||
| Re-enter password | Verifies the password that will be required to authenticate against the LDAP server. |
To use LDAP for CIFS authentication, you must configure the LDAP server to use the RFC2307bis or NIS schema to supply POSIX account information. In addition, you must add a Samba schema to the LDAP database. These schemas specify how the user and group data is organized in the database. The database must be organized using these particular schemas so that the CIFS authentication mechanism is able to extract the data it needs.
For a description of how to add the Samba schema to a Fedora® Directory Server, see:
http://directory.fedora.redhat.com/wiki/Howto:Samba |
For a description of how to add the samba schema to an OpenLDAP® Server, see:
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html#id327194 |
The following website provides another description of an OpenLDAP configuration:
http://www.unav.es/cti/ldap-smb/ldap-smb-3-howto.html |
For other LDAP servers (such as the Sun Directory Server, Novell's eDirectory, and IBM's Tivoli Directory Server) the above information may be useful; however, please refer to the relevant documentation for your server product for more information.
Network information service (NIS) is a network lookup service that provides a centralized database of information about the network to systems participating in the service. The NIS database is fully replicated on selected systems and can be queried by participating systems on an as-needed basis. Maintenance of the database is performed on a central system.
Specify the following:
| Domain name | Specifies the NIS domain name for this system. | |
| NIS server IP address | Specifies the IP address of the NIS server. If the NIS server is on the same subnet as SGI Management Center for InfiniteStorage (SMC IS), SMC IS finds the NIS server IP address and provides it as a default. If you are not on the same subnet, you must enter the address in this field. |
Click Apply changes.You will then be presented with a confirmation screen that allows you to verify whether or not you want to commit the changes.
You can use the DNS and Hostnames screen to specify how to map hostnames to IP addresses for the system. Click Edit local hosts table to access the Hosts screen, where you can edit the /etc/hosts file that contains local mappings or import the contents of a file you specify. For information on the /etc/hosts file, see the hosts(5) man page.
You can also specify the DNS servers to map hostnames to IP addresses and to resolve hostnames that are incomplete.
| Domain Search |
Specifies the domain name or names of the DNS servers that the system uses to provide hostname-to-IP-address translation. If you have multiple domains, list them in the order you want to use for lookup. This is important in cases where you have two machines with the same name, each on a different domain, to establish the lookup priority. | |
| Nameserver # | You can specify up to three IP addresses for the DNS name servers to use. If an address you specify is down, the system will use the next one. |
Use the Time and Date screen to set the following:
| Time Zone | Sets the local time zone. You can choose a time zone from a drop-down list of options or you can set a custom time zone. For example, the following specifies what the name of the time zone is for both standard and daylight savings periods, and when the change-over is from daylight to standard and back again (going from standard to daylight on the 10th month and the 5th Sunday, and back again on the 4th month and the first Sunday):
For more information about custom time-zone format, see the tzfile man page. | ||
| NTP Time Synchronization | Enables automatic time synchronization with Network Time Protocol (NTP). The NTP protocol is used to synchronize clocks on computer systems over a network. Select Apply NTP changes keep the system's time in synchronization with an NTP server or Set time from NTP server to go off and synchronize it now once only. If the server has Internet access, see the following website for information about using the public NTP timeserver: | ||
| Set Current Time and Date | Sets the system date (in the format year/month/day ) and time directly instead of using NTP time synchronization. |
The following sections describe other operations you can perform with SGI Management Center for InfiniteStorage (SMC IS):
The Save/Restore Configuration screen screen lets you save the current SGI Management Center for InfiniteStorage (SMC IS) configuration or restore a previously saved version. The configuration information saved includes how the interfaces are configured and what filesystems should be mounted. You may find this useful if you have made an error in the present configuration and you wish to return to a previously configured state.
| Caution: This procedure does not provide a system backup and specifically does not save or restore user data; it provides a snapshot record of the configuration. |
This screen lists previously saved configurations, labeled by date. After restoring a configuration, you should restart the system.
If there is a problem with the system, SGI Call Center Support may request support data in order to find and resolve the problem. The Gather Support Data screen lets you generate an archive containing copies of the storage server's software and hardware configuration and log files.
To collect the data, select Yes, gather information. This process can take more than 30 seconds on large RAID configurations and requires at least 200 MB of free space in /tmp.
This screen lets you capture and download archives of performance data from the server on which SGI Management Center for InfiniteStorage (SMC IS) is running. SGI may request such an archive for performance-analysis purposes, but please be aware that it may contain potentially sensitive information such as network traces.
| Note: The Performance Data screen in SMC IS is only available if you have installed the oprofile and ethereal packages. |