Configure Network Communication
Manage NAS servers
NAS servers are software components on the system that are dedicated to managing operations for data transferred through the SMB or NFS protocols. You must configure at least one NAS server before you can create network share storage. You can configure a NAS server to support Windows network shares (SMB), Linux/UNIX network shares, or both.
NAS servers run on each SP and communicate with network hosts through SP ports. Once you configure a NAS server, you can then create file systems from which you export NFS or SMB network shares. Configured hosts map or mount the network shares to access the file system storage.
Each NAS server is identified by an ID.
The following table lists the attributes for NAS servers.
Attributes
|
Description
|
||
---|---|---|---|
ID
|
ID of the NAS server.
|
||
Name
|
Name of the NAS server.
|
||
Health state
|
Health state of the NAS server. The health state code appears in parentheses. Value is one of the following:
|
||
Health details
|
Additional health information. See Appendix A, Reference, for details.
|
||
SP
|
Primary SP on which the NAS server runs.
|
||
Storage pool
|
Associated storage pool identifier.
|
||
Tenant
|
Identifier and name of the tenant.
|
||
Interface
|
ID of the network interface assigned to the NAS server that defines the server IP address and allows the server to communicate with the network and hosts.
|
||
CIFS enabled
|
Indicates whether SMB file systems are enabled on the NAS server. Value is yes or no. Default is no. SMB file systems provide support for SMB network shares.
|
||
Multiprotocol sharing enabled
|
Indicates whether multiprotocol sharing is enabled for all file systems on the NAS server. Valid values are:
|
||
Unix directory service
|
Directory service used for looking up identity information for Unix such as UIDs, GIDs, net groups, and so on. Valid values are:
|
||
Auto user mapping enabled
|
Applies when multiprotocol sharing mode is enabled. Indicates whether a Windows user who is not mapped to a known Unix/Linux username is allowed to access the NAS server's files.
|
||
Default Unix username
|
Default Unix user name or Unix ID that grants file access in the multiprotocol sharing mode. This user name is used for Windows users when the corresponding Unix/Linux user name is not found by the mapping mechanism.
The Unix ID format is @uid=xxxx,gid=yyyy@, where xxxx and yyyy are the decimal numerical values of the UID and the primary GID, respectively. When using this ID, the user does not need to be defined in the UDS. |
||
Default Windows username
|
Default Windows user name that grants file access in the multiprotocol sharing mode. This user name is used for Unix users when the corresponding Windows user name is not found by the mapping mechanism.
|
||
Replication type
|
Indicates in what asynchronous replication this NAS Server is participating. Valid values are:
|
||
Synchronous replication type
|
Indicates in what synchronous replication this NAS Server is participating. Valid values are:
|
||
Replication destination
|
Indicates whether the NAS server is a replication destination. Valid values are:
|
||
Backup only
|
Indicates whether the NAS server is used as backup. This attribute reflects that the NAS server cannot be the production site. This means both planned failover and unplanned failover are disallowed in the backup only NAS server associated replication session.
|
||
Migration destination
|
Indicates whether the NAS server is a destination for a NAS import session. Valid values are:
|
||
Username translation
|
Indicates whether a Unix to/from Windows user name mapping is enabled. Valid values are:
|
||
Packet Reflect enabled
|
Indicates whether the reflection of outbound (reply) packets through the same interface that inbound (request) packets entered is enabled. Valid values are:
|
||
Preferred production interfaces overridden
|
Indicates whether the production preferred interfaces are overridden on the replication destination.
|
||
Preferred production IPv4 interface
|
Specifies the settings for the preferred production IPv4 interface. Valid values are:
|
||
Preferred production IPv6 interface
|
Specifies the settings for the preferred production IPv6 interface. Valid values are:
|
||
Preferred backup IPv4 interface
|
Specifies the settings for the preferred backup and disaster recovery test IPv4 interface. Valid values are:
|
||
Preferred backup IPv6 interface
|
Specifies the settings for the preferred backup and disaster recovery test IPv6 interface. Valid values are:
|
||
Source preferred production IPv4 interface
|
Specifies replicated production IPv4 preferred interface settings on the replication destination. If overridden, this may be different from the
Preferred production IPv4 interface. Valid values are:
|
||
Source preferred production IPv6 interface
|
Specifies replicated production IPv4 preferred interface settings on the replication destination. If overridden, this may be different from the
Preferred production IPv6 interface. Valid values are:
|
||
File space used
|
Displays the total file space used for the specified NAS server.
|
||
Data Reduction space saved
|
Specifies the size saved when using data reduction for this NAS server.
|
||
Data Reduction percent
|
Specifies the storage percentage saved when using data reduction, compared to the total size used by this NAS server.
|
||
Data Reduction ratio
|
Specifies the ratio between data without data reduction, and data after data reduction savings for this NAS server.
|
Create a NAS server
Create a NAS server.
|
NOTE:
The NFSv3 protocol is enabled by default when creating a NAS server.
|
Format
/net/nas/server create -name <value> -sp <value> {-pool <value> | -poolName <value>} [-tenant <value>] [-mpSharingEnabled {no | yes [-autoUserMappingEnabled {yes | no}][-unixDirectoryService {local | ldap | nis | localThenNis | localThenLdap | none}] [-defaultUnixUser <value>] [-defaultWindowsUser <value>]}] [-replDest {yes [-backupOnly {yes | no}] | no}] [-enablePacketReflect {yes | no}]Action qualifiers
Qualifier
|
Description
|
||
---|---|---|---|
-name
|
Specifies the NAS server name.
|
||
-sp
|
Specifies the parent SP for the NAS server. Value is SPA or SPB.
|
||
-pool
|
Specifies the ID of the storage pool for the NAS server.
|
||
-poolName
|
Specifies the name of the storage pool for the NAS server.
|
||
-tenant
|
Specifies the tenant identifier.
|
||
-mpSharingEnabled
|
Indicates whether multiprotocol sharing mode is enabled. Value is yes or no (default).
|
||
-unixDirectoryService
|
Directory Service used for querying identity information for Unix (such as UIDs, GIDs, net groups). Valid values are:
|
||
-autoUserMappingEnabled
|
Indicates whether a Windows user who is not mapped to a known Unix/Linux username is allowed to access the NAS server's files Valid values are:
|
||
-defaultUnixUser
|
Default Unix user name or Unix ID that grants file access in the multiprotocol sharing mode. This user name or ID is used when the corresponding Unix/Linux user name or ID is not found by the mapping mechanism.
The Unix ID format is @uid=xxxx,gid=yyyy@, where xxxx and yyyy are the decimal numerical values of the UID and the primary GID, respectively. When using this ID, the user does not need to be defined in the UDS. |
||
-defaultWindowsUser
|
Default Windows user name that grants file access in the multiprotocol sharing mode. This user name is used when the corresponding Windows user name is not found by the mapping mechanism.
|
||
-replDest
|
Replication destination settings for the NAS server. When this option is set to
yes, only mandatory parameters may be included. All other optional parameters will be inherited from the source NAS server. Valid values are:
|
||
-backupOnly
|
Indicates whether to create NAS server as backup only. The backup only NAS server cannot be a production site, which means both planned failover and unplanned failover are disallowed in a backup only NAS server associated replication session. Valid values:
|
||
-enablePacketReflect
|
Indicates whether the reflection of outbound (reply) packets through the same interface that inbound (request) packets entered is enabled. Valid values are:
|
Example
The following command creates a NAS server with these settings:
- Name is NasServer_1.
- Associated with SP A.
- Associated with storage pool pool_0.
- IP Packet Reflect is enabled.
- The ID of the new NAS server is ID nas_1.
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
ID = nas_1
Operation completed successfully.
View NAS servers
View details about configured NAS servers, including their name, ID, and whether they have enabled support for CIFS (SMB) file systems or NFS file systems. You can filter on the NAS server ID.
|
Format
/net/nas/server [{-id <value> | -name <value> | -tenant {<value> | none}}] showObject qualifiers
Qualifier
|
Description
|
---|---|
-id
|
Type the ID of a NAS server.
|
-name
|
Type the NAS server name.
|
-tenant
|
Type the tenant identifier.
|
Example
The following command displays all details for a list of all configured NAS servers:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/server show -detail
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
1: ID = nas_1
Name = MyVDM1
NetBIOS name =
SP = spa
Storage pool = pool_1
Tenant =
Interface =
NFS enabled = yes
NFSv4 enabled = no
CIFS enabled = no
Workgroup =
Windows domain =
Multiprotocol sharing enabled = no
Unix directory service = none
Auto user mapping enabled =
Default Unix username =
Default Windows username =
Extended Unix credentials enabled = no
Credentials cache retention = 15m
Username translation =
Packet Reflect enabled = yes
Health state = OK (5)
Health details = "The component is operating normally. No action is required."
Replication type = none
Synchronous replication type = none
Replication destination = no
Backup only = no
Migration destination = no
Preferred production interfaces overridden =
Preferred production IPv4 interface = auto
Preferred production IPv6 interface = auto
Preferred backup and DR test IPv4 interface = auto
Preferred backup and DR test IPv6 interface = auto
Source preferred production IPv4 interface =
Source preferred production IPv6 interface =
File space used = 8945901568 (8.3G)
Compression space saved = 0
Compression percent = 0%
Compression ratio = 1:1
Data Reduction space saved = 0
Data Reduction percent = 0%
Data Reduction ratio = 1:1
Change NAS server settings
Modify an existing NAS server.
Format
/net/nas/server {-id <value | -name <value } set [-name <value>] [-sp {spa | spb}] [-mpSharingEnabled {yes | no}] [-unixDirectoryService {ldap | nis | none}] [-autoUserMappingEnabled {yes | no}] [{-defaultAccessDisabled | [-defaultUnixUser <value>] [-defaultWindowsUser <value>]}] [-enablePacketReflect {yes | no }] [-replDest {yes | no }] [-backupOnly {yes | no}] [-preferredProductionOverride { no | yes }][-preferredProductionIPv4 { auto | <value>}] [-preferredProductionIPv6 { auto | <value>}] [-preferredBackupIPv4 {auto | <value>}] [-preferredBackupIPv6 {auto | <value>}Object qualifiers
Qualifier
|
Description
|
---|---|
-id
|
Type the ID of the NAS server to change.
|
-name
|
Type the name of the NAS server to change.
|
Action qualifiers
Qualifier
|
Description
|
||
---|---|---|---|
-name
|
Shared folder server name.
|
||
-sp
|
Owner SP. Valid values are:
|
||
-mpSharingEnabled
|
Indicates whether multiprotocol sharing mode is enabled. Valid values are:
|
||
-unixDirectoryService
|
Directory Service used for querying identity information for Unix (such as UIDs, GIDs, net groups). Valid values are:
|
||
-defaultAccessDisabled
|
Disables file access when no user mapping mechanism is found.
|
||
-autoUserMappingEnabled
|
Indicates whether a Windows user who is not mapped to a known Unix/Linux username is allowed to access the NAS server's files Valid values are:
|
||
-defaultUnixUser
|
Default Unix user name or Unix ID that grants file access in the multiprotocol sharing mode. This user name or ID is used when the corresponding Unix/Linux user name or ID is not found by the mapping mechanism.
The Unix ID format is @uid=xxxx,gid=yyyy@, where xxxx and yyyy are the decimal numerical values of the UID and the primary GID, respectively. When using this ID, the user does not need to be defined in the UDS. |
||
-defaultWindowsUser
|
Default Windows user name that grants file access in the multiprotocol sharing mode. This user name is used when the corresponding Windows user
-defaultWindowsUser name is not found by the mapping mechanism.
|
||
-enablePacketReflect
|
Indicates whether the reflection of outbound (reply) packets through the same interface that inbound (request) packets entered is enabled. Valid values are:
|
||
-replDest
|
Replication destination settings for the NAS server. Valid values are:
|
||
-backupOnly
|
Indicates whether the NAS server is used as backup. Only a replication destination NAS server can be set as backup only. This attribute reflects that the NAS server cannot be the production site. This means both planned failover and unplanned failover are disallowed in the backup only NAS server associated replication session. Valid values are:
|
||
-preferredProductionOverride
|
Override the replicated production interfaces "preferred interface" settings. Valid values are:
|
||
-preferredProductionIPv4
|
Production IPv4 preferred interface settings. The interface must be IPv4 and belong to this server. Valid values are:
|
||
-preferredProductionIPv6
|
Production IPv6 preferred interface settings. The interface must be IPv6 and belong to this server. Valid values are:
|
||
-preferredBackupIPv4
|
Backup and DR test IPv4 preferred interface settings. The interface must be IPv4 and belong to this server. Valid values are:
|
||
-preferredBackupIPv6
|
Backup and DR test IPv6 preferred interface settings. The interface must be IPv6 and belong to this server. Valid values are:
|
Example 1
The following command updates NAS server nas_1 with these settings:
- Enables multiprotocol sharing.
- Uses LDAP as the Unix Directory Service.
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
ID = nas_1
Operation completed successfully.
Example 2
The following command changes the replication settings for NAS server nas_1.
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/server -id nas_1 set -replDest yes
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
ID = nas_1
Operation completed successfully.
Example 3
The following command changes the storage processor to SPB for NAS server nas_1.
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/server -id nas_1 set -sp spb
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
WARNING: Modifying the NAS server's SP disrupts any running NDMP jobs, and may also result in data unavailability for some client configurations other than NFS (v3, v4, and v4.1) and SMB3+CA. The NDMP jobs must be restarted after the SP modification is completed.
Are you sure you want to modify the default SP?
yes / no:yes
ID = nas_1
Operation completed successfully.
|
NOTE:
|
Delete NAS servers
Delete a NAS server.
Prerequisites
Before you can delete a NAS server, you must first delete all storage resources associated with it.
|
NOTICE:
Deleting a NAS server removes everything configured on the NAS server, but does not delete the storage resources that use it. You cannot delete a NAS server while it has any associated storage resources. After the storage resources are deleted, the files and folders inside them cannot be restored from snapshots. Back up the data from the storage resources before deleting them from the system.
|
Format
/net/nas/server {-id <value> | -name <value>} delete [{ -cifsDomUser <value> {-cifsDomPwd <value> | -cifsDomPwdSecure} | -skipUnjoin}]Object qualifiers
Qualifier
|
Description
|
---|---|
-id
|
Type the ID of the NAS server to delete.
|
-name
|
Type the name of the NAS server to delete.
|
Action qualifiers
Qualifier
|
Description
|
||
---|---|---|---|
-cifsDomUser
|
Domain username.
|
||
-cifsDomPwd
|
Domain user password.
|
||
-cifsDomPwdSecure
|
Domain user password in secure mode. This prompts the user to input the password.
|
||
-skipUnjoin
|
Does not unjoin the SMB server from the AD domain before deleting it.
|
Example
The following command deletes NAS server nas_1:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/server –id nas_1 delete
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
Operation completed successfully.
Check and update user mappings for multiprotocol NAS servers
A multiprotocol environment requires the following types of user mappings:
- A Windows user name that maps to a corresponding Unix user name
- A Unix user name that maps to a corresponding Windows user name which uses NFS to access a file system configured with a Windows access policy
- A Unix user name that is not mapped to a corresponding Windows user name which uses NFS to access a file system configured with a Unix or native access policy.
This command uses information from LDAP, NIS, or local files to parse all file systems associated with the NAS server and to update the SID/UID mapping in all nodes.
Format
/net/nas/server {-id <value> | -name <value>} update [-async] {-userMapping [-dryRun] | -confView}Object qualifiers
Qualifier
|
Description
|
---|---|
-id
|
Type the ID of the NAS server to update.
|
-name
|
Type the name of the NAS server to update.
|
Action qualifiers
Qualifier
|
Description
|
||
---|---|---|---|
-async
|
Perform the operation asynchronously.
|
||
-userMapping
|
For all CIFS (SMB) file systems on the NAS server, update the UID/GID and generate a user mapping report. A new UID/GID will be obtained from a Unix Directory Service for the user name of the object owner. The user name will be resolved from Active Directory by the Windows SID.
|
||
-dryRun
|
Generate a user mapping report for downloading. Once users access a file or folder on the NAS server from the SMB protocol, their SID to UID/GID mapping is stored in an internal mapping database. This operation parses the mapping database, and for each mapped user, queries the existing Unix Directory Service and Active Directory Domain Controller to report any inconsistencies between the UID/GID in the Unix Directory Service and the UID/GID stored in the database.
It is recommended that you generate and review the user mapping report right before enabling multiprotocol. This enables you to ensure that your Unix Directory Service can return a UID/GID for every user whose mapping is inconsistent. Otherwise, after multiprotocol is enabled, users with inconsistent mappings may not be able to access files, because their permissions cannot be determined. Also, access to objects created by these users from SMB/CIFS cannot be granted, because the owners cannot be mapped to Unix. When the UID/GID mapping for all NAS server file systems are updated, the mapping report is re-generated automatically.
|
||
-confView
|
Force an immediate refresh of the NAS server configuration snapshot. When the NAS server is acting as replication destination of synchronous replication session, its configuration snapshot is updated every 15 minutes by default.
|
Example 1
The following command generates a user mapping report for NAS server nas_1.
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/server -id nas_1 update -async -userMapping
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
Job ID = 76
Job created successfully.
Example 2
The following command forces an immediate refresh of NAS server nas_1 snapshot.
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/server -id nas_1 update -confView
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
ID = nas_1
Operation completed successfully.
Manage FTP settings
File Transfer Protocol (FTP) is a client/server protocol that operates over TCP/IP and allows file sharing across heterogeneous systems. Secure File Transfer Protocol (SFTP) protocol provides secure file transfer and manipulation functionality by using SSH.
You can configure a NAS server to share files using the FTP or SFTP protocol. Remote clients can be authenticated using a Unix or Windows user name. You can also have the FTP service to accept anonymous user authentication.
Attribute
|
Description
|
||
---|---|---|---|
NAS server
|
Associated NAS server identifier.
|
||
FTP enabled
|
Indicates whether the FTP protocol is enabled. Valid values are:
|
||
SFTP enabled
|
Indicates whether the SFTP protocol is enabled. Valid values are:
|
||
CIFS users enabled
|
Indicates whether Windows (SMB) users can be authenticated by the FTP or SFTP server. Valid values are:
|
||
Unix users enabled
|
Indicates whether Unix users can be authenticated by the FTP or SFTP server. Valid values are:
|
||
Anonymous user enabled
|
Indicates whether the FTP server supports anonymous user authentication. Valid values are:
|
||
Home directory limitation enabled
|
Indicates whether authenticated FTP or SFTP users are limited to their home directories. Valid values are:
|
||
Default home directory
|
Indicates the default home directory for the FTP or SFTP users with no defined or accessible home directory.
|
||
Welcome message
|
Indicates the welcome message that appears to FTP or SFTP users before authentication.
|
||
Message of the day
|
Indicates the message of the day that appears once the FTP or SFTP users log on.
|
||
Audit enabled
|
Indicates whether the FTP or SFTP server has audit file collection enabled. Valid values are:
|
||
Audit files directory
|
Specifies the directory where the audit files for the FTP or SFTP server are stored.
|
||
Audit file maximum size
|
Specifies the maximum file size of the audit files. When the maximum is reached, a new audit file is created.
|
||
Allowed hosts
|
Specifies a comma-separated list of host IPs that are allowed access to the FTP or SFTP server. The IP can be the IPv4, IPv6, or subnet address.
For subnets, the following notation convention must be used:
|
||
Allowed users
|
Specifies a comma-separated list of user names that are allowed access to the FTP or SFTP server (numerical user IDs are invalid and ignored).
|
||
Allowed groups
|
Specifics a comma-separated list of user groups that are allowed access to the FTP or SFTP server. Specify the name of the group (numerical group IDs are invalid and ignored).
|
||
Denied hosts
|
Specifies a comma-separated list of host IPs that are denied access to the FTP or SFTP server. The IP can be the IPv4, IPv6, or subnet address.
For subnets, the following notation convention must be used:
|
||
Denied users
|
Specifies a comma-separated list of user names that are denied access to the FTP or SFTP server (numerical user IDs are invalid and ignored).
|
||
Denied groups
|
Specifics a comma-separated list of user groups that are denied access to the FTP or SFTP server. Specify the name of the group (numerical group IDs are invalid and ignored).
|
View FTP settings
View FTP or SFTP server settings for a NAS server.
Format
/net/nas/ftp [-server <value>] showObject qualifier
Qualifier
|
Description
|
---|---|
-server
|
Type the name of the associated NAS server.
|
Example
The following command displays the FTP server settings for a NAS server:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/ftp show
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
1: NAS server = nas_1
FTP enabled = yes
SFTP enabled = no
CIFS users enabled = yes
Unix users enabled = yes
Anonymous user enabled = no
Homedir limitation enabled = no
Default home directory = /home/public
Allowed hosts = 1.2.3.10,1.2.3.11,192.168.0.0/16,2001:db8::/48
Allowed users =
Allowed groups =
Denied hosts =
Denied users = guest,jack,john
Denied groups = guests,group1
Change FTP settings
Modify existing FTP or SFTP settings of a NAS server.
Format
/net/nas/ftp -server <value> set [-ftpEnabled <value>] [-sftpEnabled <value>] [-cifsUserEnabled <value>] [-unixUserEnabled <value>] [-anonymousUserEnabled <value>] [-homedirLimitEnabled <value>] [-defaultHomedir <value>] [-welcome <value>] [-motd <value>] [-auditEnabled {yes|no}] [-auditDir <value>] [-auditMaxSize <value>] {[-allowHost <value>] | [-appendAllowHost <value>] | [-removeAllowHost <value>] | [-denyHost <value>] | [-appendDenyHost <value>] | [-removeDenyHost <value>]} {[-allowUser <value>] | [-appendAllowUser <value>] | [-removeAllowUser <value>] | [-denyUser <value>] | [-appendDenyUser <value>] | [-removeDenyUser <value>]} {[-allowGroup <value>]| [-appendAllowGroup <value>] | [-removeAllowGroup <value>] |[-denyGroup <value>] | [-appendDenyGroup <value>] | [-removeDenyGroup <value>]}Object qualifier
Qualifier
|
Description
|
---|---|
-server
|
Type the name of the NAS server.
|
Action qualifier
Qualifier
|
Description
|
||
---|---|---|---|
-ftpEnabled
|
Indicates whether the FTP server is enabled on the NAS server. Valid values are:
|
||
-sftpEnabled
|
Indicates whether the SFTP server is enabled on the NAS server. Valid values are:
|
||
-cifsUserEnabled
|
Indicates whether Windows (SMB) users can be authenticated by the FTP or SFTP server. Valid values are:
|
||
-unixUserEnabled
|
Indicates whether Unix users can be authenticated by the FTP or SFTP server. Valid values are:
|
||
-anonymousUserEnabled
|
Indicates whether the FTP server supports anonymous user authentication. Valid values are:
|
||
-homedirLimitEnabled
|
Indicates whether authenticated FTP or SFTP users are limited to their home directories. Valid values are:
|
||
-defaultHomedir
|
Type the default home directory for the FTP or SFTP users with no defined or accessible home directory.
|
||
-welcome
|
Type the welcome message that appears to FTP or SFTP users before authentication.
|
||
-motd
|
Type the message of the day that appears once the FTP or SFTP users log on.
|
||
-auditEnabled
|
Indicates whether FTP/SFTP auditing is enabled on the NAS server. Valid values are:
|
||
-auditDir
|
Type the directory where the audit files should be saved.
|
||
-auditMaxSize
|
Type the maximum size for the audit log file. When this maximum is exceeded, a new audit file is created.
|
||
-allowHost
|
Type the comma-separated list of allowed client host IPs. The IP can be the IPv4, IPv6, or subnet address.
For subnets, the following notation convention must be used:
|
||
-appendAllowHost
|
Specify one or multiple comma-separated host IPs to append to existing list of allowed host IP addresses.
|
||
-removeAllowHost
|
Specify one or multiple comma-separated host IPs to remove from the existing list of allowed host IP addresses.
|
||
-denyHost
|
Type the comma-separated list of client host IPs that will be denied access to the FTP/SFTP server. The IP can be the IPv4, IPv6, or subnet address.
For subnets, the following notation convention must be used:
|
||
-appendDenyHost
|
Specify one or multiple comma-separated host IPs to append to existing list of denied host IP addresses.
|
||
-removeDenyHost
|
Specify one or multiple comma-separated host IPs to remove from the existing list of denied host IP addresses.
|
||
-allowUser
|
Type the comma-separated list of user names that will be allowed access to the FTP/SFTP server (numerical user IDs are invalid and ignored).
|
||
-appendAllowUser
|
Specify one or multiple comma-separated user names to append to existing list of allowed users.
|
||
-removeAllowUser
|
Specify one or multiple comma-separated user names to remove from the existing list of allowed users.
|
||
-denyUser
|
Type the comma-separated list of user names that will be denied access to the FTP/SFTP server (numerical user IDs are invalid and ignored).
|
||
-appendDenyUser
|
Specify one or multiple comma-separated user names to append to existing list of denied users.
|
||
-removeDenyUser
|
Specify one or multiple comma-separated user names to remove from the existing list of denied users.
|
||
-allowGroup
|
Type the comma-separated list of user group names that will be allowed access to the FTP/SFTP server (numerical group IDs are invalid and ignored).
|
||
-appendAllowGroup
|
Specify one or multiple comma-separated user group names to append to existing list of allowed groups.
|
||
-removeAllowGroup
|
Specify one or multiple comma-separated user group names to remove from the existing list of allowed groups.
|
||
-denyGroup
|
Type the comma-separated list of user group names that will be denied access to the FTP/SFTP server (numerical group IDs are invalid and ignored).
|
||
-appendDenyGroup
|
Specify one or multiple comma-separated user group names to append to existing list of denied groups.
|
||
-removeDenyGroup
|
Specify one or multiple comma-separated user group names to remove from the existing list of denied groups.
|
Example 1
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/ftp -server nas_1 set -ftpEnabled yes -sftpEnabled no -cifsUserEnabled yes -unixUserEnabled yes -anonymousUserEnabled no -homedirLimitEnabled no -defaultHomedir /home/public -welcome "Welcome to this awesome server"
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
Operation completed successfully.
Example 2
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/ftp -server nas_1 set -denyUser "guest,jack,john" -appendAllowHost 1.2.3.4,1.2.3.5
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
Operation completed successfully.
Manage LDAP settings of a NAS server
The Lightweight Directory Access Protocol (LDAP) is an application protocol for querying and modifying directory services running on TCP/IP networks. LDAP provides central management for network authentication and authorization operations by helping to centralize user and group management across the network.
You can configure a NAS server to use LDAP or NIS as a Unix Directory Service to map users, retrieve netgroups, and build a Unix credential. When an initial LDAP configuration is applied, the system checks for the type of LDAP server. It can be an Active Directory schema (IDMU), IPLANET schema, or an RFC 2307 (open LDAP) schema. By default, the RFC 2307 schema is generated. Once the schema is identified, it is saved inside a ldap.conf file. You can download this LDAP schema, edit it based on your needs, and upload it back again using the CLI commands mentioned in this section.
The following table lists the attributes for LDAP settings for a NAS server.
Attribute
|
Description
|
||
---|---|---|---|
NAS server
|
Unique identifier of the associated NAS server. The LDAP client configuration object is identified by the NAS server ID.
|
||
Servers
|
Relevant IP addresses of the associated LDAP servers. If you want the NAS server to use DNS service discovery to obtain LDAP server IP addresses automatically, do not specify a value for this option.
|
||
Port
|
The TCP/IP port used by the NAS server to connect to the LDAP servers. Default value for LDAP is
389 and LDAPS is
636.
|
||
Protocol
|
Type of LDAP protocol. Valid values are:
|
||
Authentication type
|
Type of authentication for the LDAP server. Valid values are:
|
||
Verify certificate
|
Indicates whether Certification Authority certificate is used to verify the LDAP server certificate for secure SSL connections. Valid values are:
|
||
Use CIFS account (applies to Kerberos authentication)
|
Indicates whether CIFS authentication is used to authenticate to the LDAP server. Valid values are:
|
||
Principal (applies to Kerberos authentication)
|
Specifies the principal name for Kerberos authentication.
|
||
Realm (applies to Kerberos authentication)
|
Specifies the realm name for Kerberos authentication.
|
||
Password (applies to Kerberos authentication)
|
Specifies the associated password for Kerberos authentication.
|
||
Bind DN (applies to Simple authentication)
|
Specifies the Distinguished Name (DN) used when binding.
|
||
Bind password (applies to Simple authentication)
|
Specifies the associated password used when binding.
|
||
Base DN
|
Specifies the DN of the root level in the directory tree in RFC notation, or specifies the dotted domain name.
|
||
Profile DN
|
For an iPlanet LDAP server, specifies the DN of the entry with the configuration profile.
|
||
Replication sync
|
Indicates the status of the LDAP servers addresses list in the NAS server operating as a replication destination. When a replicated LDAP servers list is created on the source NAS server, it is automatically synchronized to the destination. Valid values are:
|
||
Source servers
|
List of LDAP server IP addresses defined on the replication source.
|
View LDAP settings of a NAS server
View LDAP settings of a NAS server.
Format
/net/nas/ldap [-server <value>] showObject qualifier
Qualifier
|
Description
|
---|---|
-server
|
Name of the associated NAS server.
|
Example
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/ldap -server nas_1 show -detail
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
1: NAS server = nas_1
IP address = 10.64.74.64, 10.64.74.74
Port = 636
Protocol = ldaps
Authentication = simple
Use CIFS account =
Principal =
Realm =
Bind DN = cn=administrator,cn=User,dc=emc,dc=com
Base DN = dc=emc,dc=com
Profile DN =
Replication sync = Not replicated
Source servers =
Change LDAP settings of a NAS server
Modify LDAP settings of a NAS server.
Format
/net/nas/ldap -server <value> set {-enabled no | [ -ip <value>] [-port <value>] [-protocol {ldap | ldaps}] [-verifyCert {yes | no}] [-authType {anonymous | kerberos {-useCifsAccount | -principal <value> [-realm <value>] [{-password <value> | -passwordSecure }]} | simple [-bindDn <value> {-bindPasswd <value> | -bindPasswdSecure}]}] [-baseDn <value>] [-profileDn <value>]} [-replSync {auto | overridden}]Object qualifier
Qualifier
|
Description
|
---|---|
-server
|
Identifies the associated NAS server.
|
Action qualifier
Qualifier
|
Description
|
||
---|---|---|---|
-enabled
|
Specify to disable LDAP for an existing NAS server. Valid value is
no.
|
||
-ip
|
Type the IP addresses (separated by comma) of the associated LDAP servers. If you want the NAS server to use DNS service discovery to obtain LDAP server IP addresses automatically, do not specify a value for this option.
|
||
-port
|
Type the port associated with the LDAP server. If LDAPS is used, the default is 363. If LDAP is used, the default port is 389.
|
||
-protocol
|
For a secure SSL connection, use ldaps.
|
||
-verifyCert
|
Specify that uploaded Certification Authority (CA) certificates should be used to verify the certificates of LDAP servers for establishing secure SSL connections. Valid values are:
|
||
-authType
|
Specify the type of authentication for the LDAP server. Valid values are:
|
||
-bindDn (valid only when
simple authentication is used)
|
Type the Distinguished Name (DN) to be used when binding to the server.
|
||
-bindPasswd (valid only when
simple authentication is used)
|
Type the associated password to be used when binding to the server.
|
||
-bindPasswdSecure (valid only when
simple authentication is used)
|
Type the password in secured mode. You will be prompted to enter the password separately.
|
||
-useCifsAccount (valid only when
kerberos authentication is used)
|
Specify whether you want to use CIFS (SMB) authentication. For Kerberos authentication only. Commonly used to configure NAS servers to use IDMU as a Unix Directory Service. (Choose
simple authentication to authenticate AD without using a CIFS account.)
|
||
-principal (valid only when
kerberos authentication is used)
|
Type the principal name for Kerberos authentication.
|
||
-realm (valid only when
kerberos authentication is used)
|
Type the realm name for Kerberos authentication.
|
||
-password (valid only when
kerberos authentication is used)
|
Type the associated password for Kerberos authentication.
|
||
-baseDn
|
Type the DN of the root level in the directory tree in RFC notation, or type the dotted domain name. Valid notation formats include:
|
||
-profileDn
|
For an iPlanet LDAP server, type the DN of the entry with the configuration profile.
|
||
-replSync
|
Status of the LDAP addresses servers list in the NAS server operating as a replication destination. Valid values are:
|
Example
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/ldap -server nas_1 set -ip 10.64.74.64,10.64.74.74 -port 636 -protocol ldaps -authType simple -bindDn "cn=administrator,cn=User,dc=emc,dc=com" -bindPasswd "Ldap123!" -baseDn "dc=mec,dc=com"
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
Operation completed successfully.
Upload an LDAP schema
You can customize the LDAP schema for your NAS server, and upload the new schema file. Once the schema is uploaded, it gets validated. If the schema is valid, it is applied, and your NAS server LDAP configuration is changed.
Example
uemcli -upload -f "LDAP_nas_1.conf" -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/ldap -server nas_1 -type config
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
Operation completed successfully.
Download an LDAP schema
When an initial LDAP configuration is applied, the system checks for the type of LDAP server. Once the schema is identified, the schema is saved inside an ldap.conf file. You can download this LDAP schema using the -download switch, and customize it based on your needs. For more information on switches, see Switches.
Example
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! -download /net/nas/ldap -server nas_1 -type config
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
Operation completed successfully.
Upload a Certification Authority certificate
You can upload Certification Authority (CA) certificates for your NAS LDAP servers. Once you upload the CA certificate, it can be used for validating certificates of an LDAP server.
Example
uemcli –upload -f “MyCert.pem” -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/ldap –server nas_1 –type CACertificate
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
Operation completed successfully.
Download a Certification Authority certificate
A Certification Authority (CA) certificate is used for validating certificates of an LDAP server.
Example
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! –download /net/nas/ldap –server nas_1 –type CACertificate
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
Operation completed successfully.
Manage NAS interfaces
NAS interfaces represent the network interface configured on an Ethernet port for a NAS server.
Attribute
|
Description
|
||
---|---|---|---|
ID
|
ID of the interface.
|
||
NAS server
|
NAS server identifier.
|
||
Preferred
|
Sets the network interface as the preferred source for outgoing traffic. All outgoing DNS or Active Directory requests are forwarded through this interface, and the IP address assigned to this interface is used as the source address of the data packets. For each NAS server, you can choose a single IP address as preferred. Valid values are:
|
||
Port
|
ID of the physical port or link aggregation on an SP on which the interface is running. The ID includes the port name and SP name.
|
||
VLAN ID
|
Virtual local area network (VLAN) ID for the interface. The interface uses the ID to accept packets that have VLAN tags. The value range is 1-4095.
For IP multi-tenancy, the VLAN ID of a NAS server interface must comply with the set of VLAN IDs assigned to a tenant to which the NAS server belongs. Only unassigned VLAN IDs are allowed for NAS servers that do not belong to a tenant.
|
||
IP address
|
IPv4 or IPv6 address.
|
||
Subnet mask
|
IPv4 subnet mask.
|
||
Gateway
|
IPv4 or IPv6 gateway.
|
||
MAC address
|
MAC address of the interface.
|
||
SP
|
SP that uses the interface.
|
||
Role
|
Specifies the use of the file interface. Valid values are:
|
||
Replication sync
|
Applies to production interfaces replicated over replication sessions. Valid values are:
|
||
Health state
|
A numerical value indicating the health of the system. Valid values are:
|
||
Health details
|
Additional health information.
|
||
Source VLAN ID
|
Indicates the value of the corresponding VLAN ID as defined on the source NAS server in a replication session.
|
||
Source IP address
|
Indicates the value of the corresponding IP address as defined on the source NAS server in a replication session.
|
||
Source subnet mask
|
Indicates the value of the corresponding subnet mask as defined on the source NAS server in a replication session.
|
||
Source gateway
|
Indicates the value of the corresponding gateway as defined on the source NAS server in a replication session.
|
Create a NAS interface
Create a NAS interface.
Format
/net/nas/if create [-vlanId <value>] {-server <value> | -serverName <value>} [-preferred] -port <value> -addr <value>] [-netmask <value>] [-gateway <value>] [-role {production | backup}]Action qualifiers
Qualifier
|
Description
|
||
---|---|---|---|
-server
|
NAS server identifier.
|
||
-serverName
|
NAS server name.
|
||
-preferred
|
Specify this qualifier to set the network interface as the preferred source for outgoing traffic. That means that all outgoing DNS or Active Directory requests will be forwarded though interface marked as preferred and will use the IP address assigned to this interface as a source address of the packets.
|
||
-port
|
Type the ID of the SP port or link aggregation that will use the interface.
|
||
-vlanId
|
Type the virtual LAN (VLAN) ID for the interface. The interface uses the ID to accept packets that have VLAN tags. The value range is 1–4095.
|
||
-addr
|
Type the IP address for the interface. The prefix length should be appended to the IPv6 address and, if omitted, will default to 64. For IPv4 addresses, the default length is 24. The IPv4 netmask may be specified in address attribute after slash.
|
||
-netmask
|
Type the subnet mask for the interface.
|
||
-gateway
|
Type the gateway for the interface.
|
||
-role
|
Specify the role of the interface. Valid values are:
|
Example
The following command creates a NAS interface. The interface receives the ID IF_2:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/if create -server nas_1 -port eth0_SPA -addr 10.0.0.1 -netmask 255.255.255.0
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
ID = IF_2
Operation completed successfully.
View NAS interfaces
View a list of NAS interfaces on the system. You can filter on the interface ID.
|
Format
/net/nas/if [ {-id <value> | -port <value> | -server <value> | -serverName <value>} ] showObject qualifiers
Qualifier
|
Description
|
---|---|
-id
|
Type the ID of an interface.
|
-port
|
Type the port the interface is associated with.
|
-server
|
Type the NAS server the interface is associated with.
|
-serverName
|
Type the name of the NAS server the interface is associated with.
|
Example
The following command displays all NAS interfaces on the system:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/if show
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
1: ID = if_0
NAS server = nas_0
Preferred = yes
Port = eth0_spa
VLAN ID = 0
IP address = 3ffe:80c0:22c:4e:a:0:2:7f/64
Subnet mask =
Gateway = fe80::20a8bff:fe5a:967c
SP = SPA
2: ID = if_1
NAS server = nas_1
Preferred = yes
Port = eth1_spa
VLAN ID = 1
IP address = 192.168.1.2
Subnet mask = 255.255.255.0
Gateway = 192.168.1.254
SP = SPA
3: ID = if_2
Type = replication
NAS server =
Preferred = no
Port = eth1_spb
VLAN ID =
IP address = 10.103.75.56
Subnet mask = 255.255.248.0
Gateway = 10.103.72.1
SP = spb
Change NAS interface settings
Change the settings for a NAS interface.
Format
/net/nas/if -id <value> set [-vlanId <value>] [-addr <value>] [-netmask <value>] [-gateway <value>][-preferred] [-replSync {auto | overridden}]Object qualifier
Qualifier
|
Description
|
---|---|
-id
|
Type the ID of the interface to change.
|
Action qualifier
Qualifier
|
Description
|
||
---|---|---|---|
-vlanId
|
Type the virtual LAN (VLAN) ID for the interface. The interface uses the ID to accept packets that have VLAN tags. The value range is 1–4095.
|
||
-addr
|
Specify the IP address for the interface.
|
||
-netmask
|
Specify the IPv4 subnet mask for the interface.
|
||
-gateway
|
Specify the gateway for the interface.
|
||
-preferred
|
Specify this qualifier to set the network interface as the preferred source for outgoing traffic. For each NAS server, you can choose an IPv4 interface and IPv6 interface as the preferred interfaces.
|
||
-replSync
|
Applicable only to NAS server acting as replication destination. Any modification to network address information automatically switches the interface into overridden mode. Valid values are:
|
Example
The following command changes the gateway address for interface IF_1:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456!/net/nas/if –id IF_1 set -gateway 2001:db8:0:170:a:0:2:70
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
ID = IF_1
Operation completed successfully.
Delete NAS interfaces
Delete a NAS interface.
|
CAUTION:
Deleting a NAS interface can break the connection between systems that use it, such as configured hosts.
|
Format
/net/nas/if –id <value> deleteObject qualifier
Qualifier
|
Description
|
---|---|
-id
|
Type the ID of the interface to delete.
|
Example
The following command deletes interface IF_1:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/if –id IF_1 delete
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
Operation completed successfully.
Manage NAS routes
A NAS route represents a route configured on a NAS interface.
Attribute
|
Description
|
---|---|
ID
|
ID of the route.
|
NAS server
|
NAS server identifier.
|
Interface
|
ID of the interface used to reach the gateway.
|
Route type
|
Type of route. Valid values are (case-insensitive):
|
Target
|
IP address for the target network node based on the value of
-type. Value is one of the following:
|
Netmask
|
Subnet mask.
|
Gateway
|
Gateway address.
|
Replication sync
|
If the route source is a NAS server production interface, this is a copy of the
Replication sync attribute of the associated interface. (The associated interface is specified in the
Interface attribute).
If the route source is not a NAS server production interface, the value of this attribute is empty. |
Health state
|
Numerical value indicating the health of the system. Valid values are:
|
Health details
|
Additional health information.
|
Use for external services access
|
Flag indicating whether the route is used for access to external services. Valid values are:
|
Create a NAS route
Create a route for a NAS interface.
Format
/net/nas/route create -if <value> -type {default | host -target <value> | net -target <value> [-netmask <value>]} -gateway <value>Action qualifiers
Qualifier
|
Description
|
---|---|
-if
|
Specify the interface associated with the route. Each interface has its own routing table for use in responding to inbound service requests.
|
-type
|
Specify the type of route. Valid values are (case-insensitive):
|
-target
|
Specify the IP address for the target network node based on the value of
-type:
|
-netmask
|
For a route to a subnet, specify the netmask of the destination subnet.
|
-gateway
|
Specify the gateway for the route.
|
Example
The following command creates a network route for interface if_1 to reach the 10.64.74.x subnet using gateway 10.64.74.1:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/route create -if if_1 -type net -target 10.64.200.10 ‑netmask 255.255.255.0 -gateway 10.64.74.1
Storage system address: 10.64.75.201
Storage system port: 443
HTTPS connection
ID = route_1
Operation completed successfully.
Change NAS route settings
Change the settings for a NAS route.
Format
/net/nas/route -id <value> set [-type {default | host | net}] [-target <value>] [-netmask <value>] [-gateway <value>]Object qualifier
Qualifier
|
Description
|
---|---|
-id
|
Identifies the NAS route object.
|
Action qualifiers
Qualifier
|
Description
|
---|---|
-type
|
Specify the type of route. Valid values are (case-insensitive):
|
-target
|
Specify the IP address for the target network node based on the value of
-type. Valid values are:
|
-netmask
|
For a route to a subnet, specify the netmask of the destination subnet.
|
-gateway
|
Specify the gateway for the route.
|
Example
The following command changes the target IP address to 10.64.200.11, the netmask to 255.255.255.0, and the gateway to 10.64.74.2 for NAS route route_1:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456!/net/nas/route -id route_1 set -target 10.64.200.11 ‑netmask 255.255.255.0 -gateway 10.64.74.2 uemcli
Storage system address: 10.64.75.201
Storage system port: 443
HTTPS connection
ID = route_1
Operation completed successfully.
View NAS routes
View a list of routes for a specified NAS interface or for all NAS interfaces on the system.
|
Format
/net/nas/route [{-id <value> | -server <value> [-useForESAccess {yes | no}] | -if <value>}] showObject qualifiers
Qualifier
|
Description
|
---|---|
-id
|
Specify the ID of the route.
|
-server
|
Specify the NAS server for which to view routes.
|
-useForESAccess
|
Indicate whether you want the system to display only the routes that are used for external services.
|
-if
|
Indicate whether you want the system to display only the routes associated with the specified NAS server.
|
Example
The following command displays all NAS routes on the system:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/route show -detail
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
1: ID = route_1
NAS server = nas_1
Type = net
Target = 10.50.50.10
Netmask = 255.255.255.0
Gateway = 10.0.0.1
Interface = if_1
Health state = OK (5)
Health details = "The component is operating normally. action is required."
Replication sync =
Use for external services access = no
2: ID = route_2
NAS server = nas_1
Type = default
Target =
Netmask =
Gateway = 10.0.0.2
Interface = if_2
Health state = OK (5)
Health details = "The component is operating normally. No action is required."
Replication sync =
Use for external services access = no
3: ID = route_3
NAS server = nas_1
Type = host
Target = 10.50.50.168
Netmask =
Gateway = 10.0.0.3
Interface = if_3
Health state = OK (5)
Health details = "The component is operating normally. No action is required."
Replication sync =
Use for external services access = yes
Delete NAS routes
Delete a NAS route.
|
CAUTION:
Deleting a NAS route can break the connection between systems that use it, such as configured hosts.
|
Format
/net/nas/route -id <value> deleteObject qualifier
Qualifier
|
Description
|
---|---|
-id
|
Specify the ID of the interface to delete.
|
Example
The following command deletes route route_1:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/route -id route_1 delete
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
Operation completed successfully.
Manage Kerberos settings
Settings for custom Kerberos key distribution center servers.
Kerberos is a distributed authentication service designed to provide strong authentication with secret-key cryptography. It works on the basis of "tickets" that allow nodes communicating over a non-secure network to prove their identity in a secure manner. When configured to act as a secure NFS server, the NAS server uses the RPCSEC_GSS security framework and Kerberos authentication protocol to verify users and services. You can configure a secure NFS environment for a multiprotocol NAS server or one that supports Unix-only shares. In this environment, user access to NFS file systems is granted based on Kerberos principal names.
Attribute
|
Description
|
---|---|
NAS server
|
Kerberos realm configuration object, as identified by the NAS server ID.
|
Realm
|
Name of the Kerberos realm.
|
Servers
|
Comma separated list of DNS names for the Kerberos Key Distribution Center (KDC) servers.
|
Port
|
KDC servers TCP port. Default: 88.
|
Configure Kerberos settings
Set Kerberos settings for a NAS server.
Format
/net/nas/kerberos -server <value> set {-enabled no | [ -addr <value>] [-port <value>] [-realm <value>]}Object qualifier
Qualifier
|
Description
|
---|---|
-server
|
Identifies the associated NAS server.
|
Action qualifiers
Qualifier
|
Description
|
||
---|---|---|---|
-enabled
|
Enables Kerberos on the NAS server. Value is
yes or
no.
|
||
-addr
|
Specifies the DNS names of the Kerberos KDC servers, separated by commas.
|
||
-port
|
Specifies the TCP port of the KDC server. Value is any TCP port.
|
||
-realm
|
Identifies the Kerberos realm. When non-unique for the system, the operation returns an error.
|
Example
The following command configures a custom Kerberos realm for NAS server nas_1:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/kerberos -server nas_1 set -addr "master.mydomain.lab.emc.com,slave.mydomain.emc.com" -realm "MYDOMAIN.LAB.EMC.COM"
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
Operation completed successfully.
View Kerberos settings
View Kerberos settings.
Format
/net/nas/kerberos [{-server <value> | -realm <value>}] showObject qualifiers
Qualifier
|
Description
|
---|---|
-server
|
Identifies the associated NAS server.
|
-realm
|
Identifies the associated Kerberos realm.
|
Example
The following command shows Kerberos settings for all of the storage system's NAS servers.
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/kerberos show
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
1: NAS server = nas_2
Realm = TEST.LAB.EMC.COM
Servers = us67890.test.lab.emc.com
2: NAS server = nas_1
Realm = TEST.LAB.EMC.COM
Servers = us12345.test.lab.emc.com
Manage VLANs
Network partitioning is provided through Virtual LANs. VLANs are statically allocated in the system, and the only allowed actions are to assign or de-assign a VLAN ID either to or from a specific tenant.
Each VLAN is identified by an ID.
The following table lists the attributes for VLANs.
Attribute
|
Description
|
---|---|
ID
|
VLAN identifier.
|
Tenant
|
Tenant identifier, if assigned.
|
Interface
|
List of network interfaces that use this VLAN ID for network traffic tagging.
|
View VLANs
View details about configured VLANs. You can filter on the ID of the VLAN.
Format
/net/vlan show {-id <value> | [-from <value>] [-count <value>] [-inUse {yes | no}] [-assigned {yes [-tenant <value>] | no}]}Action qualifiers
Qualifier
|
Description
|
---|---|
-id
|
Identifies the VLAN ID. Valid values are 1 to 4095. If specified, no other VLAN ID range, network interface or tenant assignment selectors are allowed.
|
-from
|
Specifies the lower boundary of the VLAN range to be displayed. Valid values are 1 to 4095. If omitted, the default value is 1.
|
-count
|
Specifies the number of items to be displayed. Valid values are 1 to 4095. If omitted, the default value is 10.
|
-inUse
|
Valid values are:
|
-assigned
|
Valid values are:
|
-tenant
|
If specified, identifies the tenant.
|
Example
The following command displays information for VLANs that are in use starting from 100:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/vlan show -from 100 -inUse yes
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
1: VLAN = 101
Tenant = tenant_1
Interface = if_1,if_3
2: VLAN = 105
Tenant =
Interface = if_5
Manage tenants
IP multi-tenancy provides the ability to assign multiple network namespaces to the NAS Servers on a storage processor. Tenants are used to create isolated file-based (CIFS/NFS) storage partitions. This enables cost-effective tenant management of available resources while ensuring that tenant visibility and management are restricted to assigned resources only.
Each tenant can have its own:
- VLAN domain
- Routing table
- IP firewall
- Virtual interface, traffic separated from virtual device and in Linux Kernel layer
- DNS server or other administrative servers to allow the tenant to have its own authentication and security validation from the Protocol layer
Each tenant is identified by a Universally Unique Identifier (UUID).
The following table lists the attributes for tenants.
Attribute
|
Description
|
---|---|
ID
|
Tenant identifier
|
Name
|
Friendly name of the tenant.
|
UUID
|
Universally unique identifier of a tenant.
|
VLAN
|
Comma-separated list of VLAN IDs assigned to the tenant.
|
Create a tenant
Create a tenant.
Format
/net/tenant create -name <value> -uuid <value> [-vlan <value>]Action qualifiers
Qualifier
|
Description
|
||
---|---|---|---|
-name
|
Specify the tenant name.
|
||
-uuid
|
Specify the Universally Unique Identifier of a tenant.
|
||
-vlan
|
Specify the comma-separated list of VLAN IDs that the tenant can use.
|
Example
The following command creates a tenant with these settings:
- Tenant name is Tenant A.
- UUID is b67cedd7-2369-40c5-afc9-9e8753b88dee.
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
ID = tenant_1
Operation completed successfully.
View tenants
View details about configured tenants. You can filter on the ID of the tenant.
Format
/net/tenant [-id <value>] showObject qualifier
Qualifier
|
Description
|
---|---|
-id
|
Identifies the tenant to be displayed.
|
Example
The following command displays tenant information:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/tenant show
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
1: ID = tenant_1
Name = Tenant A
UUID = b67cedd7-2369-40c5-afc9-9e8753b88dee
VLAN = 102,103,104
Change tenant settings
Change the settings for a tenant.
Format
/net/tenant –id <value> set [ -name <value> ] { [-vlan <value>] | [-addVlan <value>] | [-removeVlan <value>] }Object qualifier
Qualifier
|
Description
|
---|---|
-id
|
Identifies the tenant.
|
Action qualifiers
Qualifier
|
Description
|
||
---|---|---|---|
-name
|
Specify the new name of the tenant.
|
||
-vlan
|
Specify the comma-separated list of VLAN IDs.
|
||
-addVlan
|
Specify the VLAN ID to be assigned to the tenant.
|
||
-removeVlan
|
Specify the VLAN ID to be removed from the tenant.
|
Example
The following command changes the tenant settings for the list of VLAN IDs:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/tenant –id tenant_1 set -vlan 101,102,104
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
Operation completed successfully.
Delete a tenant
Deletes an existing tenant. When you delete an existing tenant, the VLANs associated with that tenant become available for use with other tenants.
Format
/net/tenant -id <value> deleteObject qualifiers
Qualifier
|
Description
|
---|---|
-id
|
Identifies the tenant.
|
Example
The following command deletes a tenant.
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/tenant –id tenant_1 delete
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
ID = tenant_1
Operation completed successfully.
Manage CIFS Servers
CIFS (SMB) servers use the CIFS protocol to transfer files. A CIFS server can participate as a member of a Windows Active Directory domain or operate independently of any Windows domain as a stand-alone CIFS server.
The following table lists the attributes for CIFS servers.
Attribute
|
Description
|
---|---|
ID
|
ID of the CIFS server.
|
NAS server
|
Associated NAS server ID.
|
Name
|
Name of the CIFS server account used when joining the Active Directory.
|
Description
|
Description of the CIFS server.
|
NetBIOS name
|
Server NetBIOS name.
|
Windows domain
|
Windows server domain name.
|
User name
|
Windows domain user name.
|
Password
|
Windows domain user password.
|
Last used organization unit
|
Last used Active Directory organizational unit.
|
Workgroup
|
Workgroup name.
|
Workgroup administrator password
|
Workgroup administrator password.
|
Create a CIFS server
Create a CIFS (SMB) server.
|
NOTE:
Only one CIFS server per NAS server can be created.
|
Format
/net/nas/cifs create {-server <value> | -serverName <value>} [-name <value>] [-description <value>] [-netbiosName <value>] {-domain <value> -username <value> {-passwd <value> | -passwdSecure} [-orgUnit <value>] | -workgroup <value> {-adminPasswd <value> | -adminPasswdSecure}}Action qualifiers
Qualifier
|
Description
|
---|---|
-server
|
Specifies the NAS server identifier.
|
-serverName
|
Specifies the NAS server name.
|
-name
|
Specifies the CIFS server name. By default, this is the same as the value for
serverName. This value is ignored if the CIFS server is standalone.
|
-description
|
Specifies the description of the CIFS server.
|
-netbiosName
|
Specifies the CIFS server NetBIOS name. By default it is generated automatically based on the CIFS server name.
|
-domain
|
Specifies Windows Active Directory domain name.
|
-username
|
Specifies the Active Directory user that will be used to join the CIFS server to AD.
|
-passwd
|
Specifies the AD user password.
|
-passwdSecure
|
Specifies the password in secure mode. The user will be prompted to input the password and the password confirmation.
|
-orgUnit
|
Active directory organizational unit.
|
Example
The following command creates a CIFS server.
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/cifs create -server nas_0 -name CIFSserver1 -description "CIFS description" -domain domain.one.com -username user1 -passwd password1
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
ID = CIFS_0
Operation completed successfully.
View CIFS server
The following command displays CIFS (SMB) server settings.
Format
/net/nas/cifs [{-id <value> | -name <value> | -server <value> | -serverName <value>}] showObject qualifiers
Qualifier
|
Description
|
---|---|
-id
|
Type the ID of the CIFS server.
|
-name
|
Type the name of the CIFS server.
|
-server
|
Type the ID of the associated NAS server.
|
-serverName
|
Type the name of the associated NAS server.
|
Example
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/cifs show
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
1: ID = CIFS_0
NAS server = nas_0
Name = CIFSserver1
Description = CIFS description
NetBIOS name = CIFSserv
Windows domain = domain.one.com
Change CIFS server settings
Modify an existing CIFS (SMB) server.
If moving a CIFS server from one domain to another, include the following options:
- [-domain <value>]
- [-newUsername <value> {-newPasswd <value> | -newPasswdSecure}]
Note that you must specify the username and password of the domain to which the CIFS server was previously joined in order to perform the unjoin. You must also specify the user name and password of the new domain to which it will be joined.
Format
/net/nas/cifs {-id <value> | -name <value>} set [-name <value>] [-description <value>] [-netbiosName <value>] [-currentUsername <value> {-currentPasswd <value> | -currentPasswdSecure} | -skipUnjoin} ] { [-domain <value>] [-newUsername <value> {-newPasswd <value> | -newPasswdSecure} ] | [-orgUnit <value>] | -workgroup <value>] [ {-adminPasswd <value> | -adminPasswdSecure} ] }Object qualifiers
Qualifier
|
Description
|
---|---|
-id
|
Type the ID of the CIFS server to change .
|
-name
|
Type the name of the CIFS server to change.
|
Action qualifiers
Qualifier
|
Description
|
---|---|
-name
|
Specifies the new CIFS server name.
|
-description
|
Specifies the description of the CIFS server.
|
-netbiosName
|
Specifies the new CIFS server NetBIOS name.
|
-domain
|
Specifies the new Windows server domain name.
|
-orgUnit
|
Active Directory organizational unit.
|
-currentUsername
|
Specifies the current domain user.
|
-currentPasswd
|
Specifies the current domain user password.
|
-currentPasswdSecure
|
Specifies the current password in secure mode - the user will be prompted to input the password and the password confirmation.
|
-skipUnjoin
|
Do not unjoin the CIFS server from an AD domain.
|
-newUsername
|
Specifies the new domain user.
|
-newPasswd
|
Specifies the new domain user password.
|
-newPasswdSecure
|
Specifies the new password in secure mode - the user will be prompted to input the password and the password confirmation.
|
-workgroup
|
Specifies the new workgroup of the stand-alone CIFS server.
|
-adminPasswd
|
Specifies the new local admin password of the stand-alone CIFS server.
|
-adminPasswdSecure
|
Specifies the password in secure mode - the user will be prompted to input the password and the password confirmation.
|
Example
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/cifs -id CIFS_0 set -workgroup MyWorkgroup -adminPasswd MyPassword
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
ID = CIFS_0
Operation completed successfully.
Delete a CIFS server
Delete an existing CIFS (SMB) server.
|
NOTE:
When you delete an existing CIFS server or convert it to a stand-alone configuration, you must specify the current credentials (username and password) to properly unjoin it from the domain and remove the computer account from Active Directory. You can use the
-skipUnjoin option to delete the CIFS server without removing the computer account from AD. (This will require the administrator to manually remove the account from AD.) The
-skipUnjoin option can also be used when AD is not operational or cannot be reached. If you ran this command without the username and password, you will not be able to join the CIFS server with the same name back again. To join the same CIFS server back to the domain, you will then need to first change its name.
|
Format
/net/nas/cifs {-id <value> | -name <value>} delete [ {-username <value> {-passwd <value> | -passwdSecure} | -skipUnjoin} ]Object qualifiers
Qualifier
|
Description
|
---|---|
-id
|
Type the ID of the CIFS server to delete.
|
-name
|
Identifies the CIFS server name.
|
Action qualifiers
Qualifier
|
Description
|
||
---|---|---|---|
-username
|
Specifies the domain username. Not required for stand-alone CIFS servers.
|
||
-passwd
|
Specifies the domain user password. Not required for stand-alone CIFS servers.
|
||
-passwdSecure
|
Specifies the password in secure mode. This prompts the user to input the password.
|
||
-skipUnjoin
|
Does not unjoin the CIFS server from the AD domain before deleting it.
|
Example
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/cifs -id CIFS_0 delete
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
ID = CIFS_0
Operation completed successfully.
Manage NFS servers
NFS servers use the NFS protocol to transfer files.
The following table lists the attributes for NAS servers.
Attribute
|
Description
|
---|---|
ID
|
ID of the NFS server.
|
NAS server
|
Associated NAS server ID.
|
Hostname
|
NFS server hostname. When an SMB server is joined to an Active Directory (AD) domain, the NFS server hostname is defaulted to the SMB computer name. If you configure NFS secure to use a custom realm for Kerberos authentication, this hostname can be customized.
|
NFSv3 enabled
|
Indicates whether NFS shares can be accessed by using the NFSv3 protocol. Valid values are
yes or
no (default is
yes).
|
NFSv4 enabled
|
Indicates whether NFS shares can be accessed by using the NFSv4 protocol. Valid values are
yes or
no (default is
no).
|
Secure NFS enabled
|
Indicates whether secure NFS (with Kerberos) is enabled. Value is yes or no.
|
Kerberos KDC type
|
Indicates the type of KDC realm to use for NFS secure. Value is one of the following:
|
Service principal name
|
Comma-separated list of service principal names to used to authenticate to the Kerberos realm. The name is automatically deducted from the NFS server hostname and the selected realm.
|
Extended Unix credentials enabled
|
Use more than 16 Unix groups. Value is yes or no (default).
|
Credentials cache retention
|
Credentials cache refreshing timeout, in minutes.
|
Create an NFS server
Create an NFS server.
|
NOTE:
Only one NFS server per NAS server can be created.
|
Format
/net/nas/nfs create {-server <value> | -serverName <value>} [-hostname <value>] [-v3 {yes | no}][-v4 {yes | no}] [-secure {no | yes [-kdcType {Windows | custom}]}] [-username <value> {-passwd <value> | -passwdSecure}] [-extendedUnixCredEnabled {yes|no}] [-credCacheRetention <value>]Action qualifiers
Qualifier
|
Description
|
---|---|
-server
|
Specifies the NAS server identifier.
|
-serverName
|
Specifies the NAS server name.
|
-hostname
|
Specifies the hostname for the NFS server. This is used in Kerberos and DNS registration, so that the client can specify this name when mounting exports. By default, the hostname is the same as the SMB computer name or NAS server name.
|
-v3
|
Indicates whether NFS shares can be accessed using the NFSv4 protocol. Value is yes (default) or no.
|
-v4
|
Indicates whether NFS shares can be accessed using the NFSv4 protocol. Value is yes or no (default).
|
-secure
|
Indicates whether to enable secure NFS (with Kerberos). Value is yes or no (default). To enable secure NFS, you must also configure the NAS server Kerberos object, specify a corresponding KDC type using the
-kdcType qualifier, and upload the keytab file (generated with kadmin).
|
-kdcType
|
Specifies the type of type of KDC realm to use for NFS secure. Value is one of the following:
|
-username
|
(Applies when the
-kdcType is Windows.) Specifies a user name with administrative rights to register the service principal in the AD domain.
|
-passwd
|
(Applies when the
-kdcType is Windows.) Specifies the AD domain administrator password.
|
-passwdSecure
|
Specifies the password in secure mode. The user will be prompted to input the password and the password confirmation.
|
-extendedUnixCredEnabled
|
Specifies whether there are more than 16 Unix groups. Valid value is yes or no (default).
|
-credCacheRetention
|
Specifies the amount of time (in minutes) when the credential cache refreshes or times out. Default value is 15 minutes.
|
Example
The following command creates an NFS server on NAS server nas_1 with ID nfs_1 that supports NFSv4 and NFS secure.
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/nfs create -server nas_1 -v4 yes -secure yes
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
ID = nfs_1
Operation completed successfully.
View an NFS server
The following command displays NFS server settings.
Format
/net/nas/nfs [{-id <value> | -server <value> | -serverName <value> | -hostname <value>}] showObject qualifiers
Qualifier
|
Description
|
---|---|
-id
|
Type the ID of the NFS server to view.
|
-server
|
Type the ID of the associated NAS server.
|
-serverName
|
Type the name of the associated NAS server.
|
-hostname
|
Type the hostname for the NFS server. The FDQN or short name formats are supported.
|
Example
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/nfs show -detail
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
1: ID = nfs_1
NAS server = nas_1
Hostname = SATURN
NFSv3 enabled = yes
NFSv4 enabled = yes
Secure NFS enabled = yes
Kerberos KDC type = Windows
Service principal name = nfs/SATURN.domain.lab.emc.com, nfs/SATURN
Extended Unix credentials enabled = no
Credentials cache retention = 15
Change NFS server settings
Modify an existing NFS server.
Format
/net/nas/nfs [-id <value>] set [-hostname <value>] [-v3 {yes | no}] [-v4 {yes | no}] [-secure {no | yes [-kdcType {Windows | custom}]}] [-username <value> {-passwd <value> | -passwdSecure}] [-extendedUnixCredEnabled {yes | no}] [-credCacheRetention <value>]Object qualifier
Qualifier
|
Description
|
---|---|
-id
|
Identifies the NFS server to change.
|
Action qualifiers
Qualifier
|
Description
|
---|---|
-hostname
|
Specifies the new hostname for the NFS server. This is used in Kerberos and DNS registration, so that the client can specify this name when mounting exports. By default, the hostname is the same as the SMB computer name or NAS server name
|
-v3
|
Indicates whether NFS shares can be accessed using the NFSv3 protocol. Valid values are
yes or
no.
|
-v4
|
Indicates whether NFS shares can be accessed using the NFSv4 protocol. Valid values are
yes or
no.
|
-secure
|
Indicates whether to enable secure NFS (with Kerberos). Value is yes or no. To enable secure NFS, you must also configure the NAS server Kerberos object, specify a corresponding KDC type using the
-kdcType qualifier, and upload the keytab file (generated with kadmin).
|
-kdcType
|
Specifies the type of type of KDC realm to use for NFS secure. Value is one of the following:
|
-username
|
(Applies when the
-kdcType is Windows.) Specifies a user name with administrative rights to register the service principal in the AD domain.
|
-password
|
(Applies when the
-kdcType is Windows.) Specifies the AD domain administrator password.
|
-passwdSecure
|
Specifies the password in secure mode. The user will be prompted to input the password and the password confirmation.
|
-skipUnjoin
|
(Applies when the KDC realm type is Windows.) Deletes the NFS server without automatically unregistering the NFS service principals from the AD domain.
|
-extendedUnixCredEnabled
|
Specifies whether there are more than 16 Unix groups. Valid values are yes or no.
|
-creditCacheRetention
|
Specifies the amount of time (in minutes) when the credential cache refreshes or times out. Default value is 15 minutes.
|
Example
The following command changes the credit cache retention period for NFS server nfs_1.
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/nfs -id nfs_1 set -credCacheRetention 20
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
ID = nfs_1
Operation completed successfully.
Delete an NFS server
Delete an existing NFS server. The NFS server cannot be deleted if it has any associated resources, such as NFS shares, on the NAS server.
Format
/net/nas/nfs -id <value> delete [-username <value> {-passwd <value> | -passwdSecure}] [-skipUnjoin]Object qualifier
Qualifier
|
Description
|
---|---|
-id
|
Identifies the NFS server to delete.
|
Action qualifiers
Qualifier
|
Description
|
---|---|
-username (applies when the KDC realm type is Windows)
|
Specifies a user name with administrative rights to unregister the service principal from the AD domain.
|
-passwd (applies when the KDC realm type is Windows)
|
Specifies the AD domain administrator password.
|
-passwdSecure
|
Specifies the password in secure mode. The user will be prompted to input the password and the password confirmation.
|
-skipUnjoin (applies when the KDC realm type is Windows)
|
Deletes the NFS server without automatically unregistering the NFS service principals from the AD domain.
|
Example
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/nfs -id nfs_1 delete
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
Operation completed successfully.
Manage Common Anti Virus Agent (CAVA)
The following table lists the attributes for CAVA:
Attribute
|
Description
|
||
---|---|---|---|
NAS server
|
Associated NAS server identifier.
|
||
Enabled
|
Indicates if CAVA is enabled. Valid values are:
|
View CAVA settings
View details about CAVA settings.
Format
/net/nas/cava [-server <value>] showObject qualifier
Qualifier
|
Description
|
---|---|
-server
|
Identifies the associated NAS server.
|
Example
The following command displays the CAVA settings:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/cava show
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
1: NAS server = nas_0
Enabled = yes
2: NAS server = nas_1
Enabled = no
Change CAVA settings
Modify the CAVA settings.
Format
/net/nas/cava -server <value> set -enabled {yes | no}Object qualifier
Qualifier
|
Description
|
---|---|
-server
|
Identifies the associated NAS server.
|
Action qualifier
Qualifier
|
Description
|
||
---|---|---|---|
-enabled
|
Specify whether CAVA is enabled. Valid values are:
|
Example
The following command enables CAVA:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/cava -server nas_1 set -enabled yes
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
Operation completed successfully.
Manage Events Publishing configuration settings
Events Publishing allows third-party applications to register to receive event notification and context from the storage system when accessing file systems by using the SMB or NFS protocols. The Common Event Publishing Agent (CEPA) delivers to the application both event notification and associated context in one message. Context may consist of file metadata or directory metadata that is needed to decide business policy.
You must define at least one event option (pre-, post-, or post-error event) when Events Publishing is enabled.
- Pre-event notifications are sent before processing an SMB or NFS client request.
- Post-event notifications are sent after a successful SMB or NFS client request.
- Post-error event notifications are sent after a failed SMB or NFS client request.
Attributes
|
Description
|
---|---|
NAS server
|
Identifies the associated NAS server.
|
Enabled
|
Identifies whether Events Publishing is enabled on the NAS Server. Valid values are:
|
Pre-event failure policy
|
Policy applied when a pre-event notification fails. Valid values are:
|
Post-event failure policy
|
Policy applied when a post-event notification fails. The policy is also applied to post-error events. Valid values are:
|
HTTP port
|
HTTP port number for connectivity to the CEPA server. The default value is 12228. The HTTP protocol is used to connect to CEPA servers. It is not protected by a username or password.
|
HTTP enabled
|
Identifies whether connecting to CEPA servers by using the HTTP protocol is enabled. When enabled, a connection by using HTTP is tried first. If HTTP is either disabled or the connection fails, then connection through the MS-RPC protocol is tried if all CEPA servers are defined by a fully-qualified domain name (FQDN). When an SMB server is defined in a NAS server in the Active Directory (AD) domain, the NAS server's SMB account is used to make an MS-RPC connection. Valid values are:
|
Username
|
When using the MS-RPC protocol, name of a Windows user allowed to connect to CEPA servers.
|
Password
|
When using the MS-RPC protocol, password of the Windows user defined by the username.
|
Heartbeat
|
Time interval (in seconds) between scanning CEPA servers to detect their online or offline status. The default is 10 seconds. The range is from 1 through 120 seconds.
|
Timeout
|
Time in ms to determine whether a CEPA server is offline. The default is 1,000 ms. The range is from 50 ms through 5,000 ms.
|
Health state
|
Health state of Events Publishing. The health state code appears in parentheses. Valid values are:
|
Health details
|
Additional health information. See Appendix A, Reference, for details.
|
View CEPA configuration settings
View details about CEPA configuration settings.
Format
/net/nas/event/config [-server <value>] showObject qualifier
Qualifier
|
Description
|
---|---|
-server
|
Identifies the associated NAS server.
|
Example
The following example displays the CEPA settings.
uemcli /net/nas/event/config -server nas_1 show -detail
Storage system address: 10.1.2.100
Storage system port: 443
HTTPS connection
1: NAS server = nas_1
Enabled = yes
Pre-event failure policy = ignore
Post-event failure policy = ignore
HTTP port = 12228
HTTP enabled = yes
Username = user1
Heartbeat = 10s
Timeout = 1000ms
Health state = OK (5)
Health details = The Events Publishing Service is operating normally.
Change CEPA configuration settings
Modify the Events Publishing configuration. When you create a NAS server, an Events Publishing configuration object is automatically created with default values.
Format
/net/nas/event/config –server <value> set [-enabled {yes | no}] [-preEventPolicy {ignore | deny}] [-postEventPolicy {ignore | accumulate | guarantee | deny}] [-httpPort <value>] [-httpEnabled {yes | no}] [-username <value> {-passwd <value> | -passwdSecure}] [-heartbeat <value>] [-timeout <value>]Object qualifier
Qualifier
|
Description
|
---|---|
-server
|
Identifies the associated NAS server.
|
Action qualifiers
Qualifier
|
Description
|
||
---|---|---|---|
-enabled
|
Identifies whether Events Publishing is enabled on the NAS Server. Valid values are:
|
||
-preEventPolicy
|
Identifies the policy applied when a pre-event notification fails. Valid values are:
|
||
-postEventPolicy
|
Identifies the policy applied when a post-event notification fails. The policy is also applied to post-error events. Valid values are:
|
||
-httpPort
|
HTTP port number used for connectivity to the CEPA server. The default value is 12228. The HTTP protocol is used to connect to CEPA servers. It is not protected by a username or password.
|
||
-httpEnabled
|
Specifies whether connecting to CEPA servers by using the HTTP protocol is enabled. When enabled, a connection by using HTTP is tried first. If HTTP is either disabled or the connection fails, then connection through the MS-RPC protocol is tried if all CEPA servers are defined by a fully-qualified domain name (FQDN). The SMB account of the NAS server in the Active Directory domain is used to make the connection by using MS-RPC. Valid values are (case insensitive):
|
||
-username
|
Name of a Windows user who is allowed to connect to CEPA servers.
|
||
-passwd
|
Password of the Windows user defined by the username.
|
||
-passwdSecure
|
Specifies the password in secure mode. The user is prompted to specify the password.
|
||
-heartbeat
|
Time interval between scanning CEPA servers (in seconds) to detect their online or offline status. The default is 10 seconds. The range is from 1 through 120 seconds.
|
||
-timeout
|
Time in ms to determine whether a CEPA server is offline. The default is 1,000 ms. The range is from 50 ms through 5,000 ms.
|
Example
The following command enables Events Publishing and sets the post-event policy to accumulate.
uemcli /net/nas/event/config -server nas_1 set -enabled yes -postEventPolicy accumulate
Storage system address: 10.1.2.100
Storage system port: 443
HTTPS connection
Operation completed successfully.
Manage CEPA pool configuration settings
Event pools configure the types of events published by the NAS Server, and the addresses of CEPA servers.
Events Publishing must be enabled for both the NAS server and the file system. Certain types of events can be enabled for either the NFS protocol, the SMB protocol, or both NFS and SMB on a file system basis.
Attributes
|
Description
|
---|---|
ID
|
Identifies the Events Publishing pool.
|
NAS server
|
Identifies the associated NAS server.
|
Name
|
Identifies the Events Publishing pool name.
|
Addresses
|
Addresses of the CEPA servers. A CEPA pool allows using IPv4, IPv6, and FQDN addresses.
|
Replication sync
|
Applicable only when the NAS server is replicated through a replication session. Valid values are:
When an Events Publishing pool servers list is created on the source of a replication, it is auto-synchronized to the destination NAS server. IP address changes or deletions from the Events Publishing pool servers list on a source Events Publishing server have no effect on overridden Events Publishing pool servers on the destination. |
Source addresses
|
Addresses of the CEPA servers defined on the replication source. A CEPA pool allows using IPv4, IPv6, and FQDN addresses.
|
Pre-events
|
Lists the selected pre-events. The NAS server sends a request event notification to the CEPA server before an event occurs and processes the response. The valid events are defined in the table that follows.
|
Post-events
|
Lists the selected post-events. The NAS server sends a notification after an event occurs. The valid events are defined in the table that follows.
|
Post-error events
|
Lists the selected post-error events. The NAS server sends notification after an event generates an error. The valid events are defined in the table that follows.
|
Value
|
Definition
|
Protocol
|
---|---|---|
OpenFileNoAccess
|
Sends a notification when a file is opened for a change other than read or write access (for example, read or write attributes on the file).
|
|
OpenFileRead
|
Sends a notification when a file is opened for read access.
|
|
OpenFileReadOffline
|
Sends a notification when an offline file is opened for read access.
|
|
OpenFileWrite
|
Sends a notification when a file is opened for write access.
|
|
OpenFileWriteOffline
|
Sends a notification when an offline file is opened for write access.
|
|
OpenDir
|
Sends a notification when a directory is opened.
|
SMB/CIFS
|
FileRead
|
Sends a notification when a file read is received over NFS.
|
NFS (v3/v4)
|
FileWrite
|
Sends a notification when a file write is received over NFS.
|
NFS (v3/v4)
|
CreateFile
|
Sends a notification when a file is created.
|
|
CreateDir
|
Sends a notification when a directory is created.
|
|
DeleteFile
|
Sends a notification when a file is deleted.
|
|
DeleteDir
|
Sends a notification when a directory is deleted.
|
|
CloseModified
|
Sends a notification when a file is changed before closing.
|
|
CloseUnmodified
|
Sends a notification when a file is not changed before closing.
|
|
CloseDir
|
Sends a notification when a directory is closed.
|
SMB/CIFS
|
RenameFile
|
Sends a notification when a file is renamed.
|
|
RenameDir
|
Sends a notification when a directory is renamed.
|
|
SetAclFile
|
Sends a notification when the security descriptor (ACL) on a file is changed.
|
SMB/CIFS
|
SetAclDir
|
Sends a notification when the security descriptor (ACL) on a directory is changed.
|
SMB/CIFS
|
SetSecFile
|
Sends a notification when a file security change is received over NFS.
|
NFS (v3/v4)
|
SetSecDir
|
Sends a notification when a directory security change is received over NFS.
|
NFS (v3/v4)
|
Create a CEPA pool
Create a CEPA pool.
Format
/net/nas/event/pool create -server <value> -name <value> -addr <value> [-preEvents <value>] [-postEvents <value>] [-postErrEvents <value>]Action qualifiers
Qualifier
|
Description
|
---|---|
-server
|
Identifies the associated NAS server.
|
-name
|
Specifies a CEPA pool name. The name must be unique for each NAS server.
|
-addr
|
Specifies a comma-separated list of addresses of the CEPA servers. You can specify IPv4, IPv6, and FQDN addresses.
|
-preEvents
|
Specifies the comma-separated list of pre-events.
|
-postEvents
|
Specifies the comma-separated list of post-events.
|
-postErrEvents
|
Specifies the comma-separated list of post-error events.
|
Example
The following command creates a CEPA pool and a list of post events for which to be notified.
uemcli /net/nas/event/pool create -server nas_1 -name mypool1 -addr 10.1.2.100 -postEvents CreateFile,DeleteFile
Storage system address: 10.1.2.100
Storage system port: 443
HTTPS connection
ID = cepa_pool_1
Operation completed successfully.
View CEPA pool settings
View details about a CEPA pool.
Format
/net/nas/event/pool [{-id <value> | -server <value> | -name <value>}] showObject qualifier
Qualifier
|
Description
|
---|---|
-id
|
Identifies the Events Publishing pool.
|
-server
|
Identifies the associated NAS server.
|
-name
|
Identifies the Events Publishing pool name.
|
Example
The following command displays information about a CEPA pool.
uemcli /net/nas/event/pool -server nas_1 show
Storage system address: 10.1.2.100
Storage system port: 443
HTTPS connection
1: ID = cepa_pool_1
NAS server = nas_1
Name = MyCepaPool
Addresses = 10.1.2.2
Pre-events =
Post-events = CreateFile, DeleteFile
Post-error events =
Change CEPA pool settings
Modify settings for an existing Events Publishing pool.
Format
/net/nas/event/pool -id <value> set [-name <value>] [-addr <value>] [-preEvents <value>] [-postEvents <value>] [-postErrEvents <value>] [-replSync {auto | overridden}]Object qualifier
Qualifier
|
Description
|
---|---|
-id
|
Identifies the Events Publishing pool.
|
Action qualifiers
Qualifier
|
Description
|
---|---|
-name
|
Specifies a CEPA Pool name. The name is unique for any specified NAS server.
|
-addr
|
Specifies a comma-separated list of addresses of the CEPA servers. A CEPA pool allows IPv4, IPv6, and FQDN addresses.
|
-preEvents
|
Specifies the comma-separated list of pre-events.
|
-postEvents
|
Specifies the comma-separated list of post-events.
|
-postErrEvents
|
Specifies the comma separated list of post-error events.
|
-replSync
|
Applicable only when the NAS server is operating as a replication destination. The valid values are:
When a replicated Events Publishing pool servers list is created on the source Events Publishing server, it is auto-synchronized to the destination. Changes or deletions of IP addresses from the Events Publishing pool servers list on a source Events Publishing service have no effect on an overridden Events Publishing pool servers list on the destination. |
Example
The following command changes the name for a CEPA pool.
uemcli /net/nas/event/pool -id cepa_pool_1 set -name TestCepaPool
Storage system address: 10.1.2.100
Storage system port: 443
HTTPS connection
ID = cepa_pool_1
Operation completed successfully.
Delete a CEPA pool
Deletes a CEPA pool.
Before you begin
The Events Publishing service requires at least one CEPA pool. If you delete the last CEPA pool, the Events Publishing service becomes disabled.
Format
/net/nas/event/pool [{-id <value> | -name <value>}] deleteObject qualifiers
Qualifier
|
Description
|
---|---|
-id
|
Identifies the Events Publishing pool.
|
-name
|
Identifies the Events Publishing pool name.
|
Example
The following command deletes a CEPA pool.
uemcli /net/nas/event/pool –id cepa_pool_1 delete
Storage system address: 10.1.2.100
Storage system port: 443
HTTPS connection
Operation completed successfully.
Manage VMware NAS protocol endpoint servers
VMware protocol endpoint servers are NFS-based NAS servers enabled to provide an I/O path from the VMware host to it's respective File VVol datastore on the storage system.
When creating a NAS protocol endpoint server, you can choose which IP address the NAS PE will use from the list of IP interfaces already created for the NAS server. It is recommended that you enable at least two NAS servers for VVols, one on each SP, for high availability. The system will select one of these NAS PEs automatically based on which will maximize throughput.
Attribute
|
Description
|
---|---|
ID
|
VMware protocol endpoint identifier.
|
NAS server
|
Identifier of the associated NAS server for NAS PEs.
|
NAS server interface
|
Identifier of the NAS server IP interface to be used by the VMware NAS protocol endpoint server.
|
|
NOTE:
Only one VMware protocol endpoint server per NAS server is supported.
|
Create protocol endpoint servers
Create VMware protocol endpoints servers for File VVols.
Format
/net/nas/vmwarepe create [-async] {-server <value> | -serverName <value>} -if <value>Action qualifier
Qualifier
|
Description
|
---|---|
-async
|
Run the operation in asynchronous mode.
|
-server
|
Type the identifier of the NAS server.
|
-serverName
|
Type the name of the NAS server.
|
-if
|
Type the name of the identifier for the NAS IP interface to be used by the VMware protocol endpoint server.
|
Example
The following example creates a protocol endpoint server on NAS server "nas_1" with the IP interface "if_1".
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/vmwarepe create -server nas_1 -if if_ 1
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
ID = PES_0
Operation completed successfully.
View VMware protocol endpoint servers
View VMware protocol endpoints servers for File VVols.
Format
/net/nas/vmwarepe [{-id <value> | -server <value> | -serverName <value>}] showAction qualifier
Qualifier
|
Description
|
---|---|
-id
|
Type the identifier of the NAS protocol endpoint server.
|
-server
|
Type the identifier of the associated NAS server.
|
-serverName
|
Type the name of the associated NAS server.
|
Example
The following example shows the details for all of the VMware protocol endpoint servers on the system.
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456!/net/nas/vmwarepe show -detail
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
1: ID = PES_0
NAS server = nas_1
NAS server interface = if_1
Delete protocol endpoint servers
Delete a VMware protocol endpoints server.
Format
/net/nas/vmwarepe -id <value> delete [-async] [-force]Object qualifiers
Qualifier
|
Description
|
---|---|
-id
|
Type the identifier or the VMware protocol endpoint server to be deleted.
|
Action qualifiers
Qualifier
|
Description
|
---|---|
-async
|
Run the operation in asynchronous mode.
|
-force
|
Unconditionally removes all VMware NAS protocol endpoints using the VMware protocol endpoint server and unbinds all virtual volumes using the protocol endpoint server.
|
Example
The following example deletes VMware NAS protocol endpoint server "PES_0".
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/vmwarepe –id PES_0 delete
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
Operation completed successfully.
Manage reverse CHAP for mutual CHAP authentication
The Challenge Handshake Authentication Protocol (CHAP) is a security protocol that defines a method for authenticating hosts (initiators) and iSCSI nodes (targets). When CHAP is enabled, an iSCSI target will “challenge” an initiator that attempts to establish a connection with it. If the initiator does not respond with a valid password (called a secret), the target refuses the connection. CHAP authentication can be one-way, where only the target authenticates the initiator, or reverse (also called mutual), where the target and initiator authenticate each other. Compared to one-way CHAP, enabling reverse CHAP provides an extra level of security. To set one-way CHAP authentication, create an iSCSI CHAP account for a host. Manage iSCSI CHAP accounts for one-way CHAP authentication explains the commands for configuring one-way CHAP authentication.
|
NOTE:
For reverse CHAP, the secret password you specify applies to all iSCSI nodes on the system. Also, the CHAP secret specified for any host configuration must be different from the reverse CHAP password specified for iSCSI nodes.
|
The iSCSI reverse CHAP object manages the username/secret used by the target (storage system) to respond to a challenge from an initiator (host).
Specify reverse CHAP secret settings
The following table lists the iSCSI reverse CHAP attributes.
Attribute
|
Description
|
---|---|
Username
|
The reverse CHAP user name.
|
Secret
|
The reverse CHAP secret (password).
|
Secret format
|
The reverse CHAP input format. Value is one of the following:
|
Sets the reverse CHAP username and secret.
Format
/net/iscsi/reversechap set { [–username <value>] {-secret <value> | -secretSecure} [-secretFormat { ascii | hex } ] | -noChap}Action qualifiers
Qualifier
|
Description
|
||
---|---|---|---|
-username
|
The reverse CHAP user name.
|
||
-secret
|
Specifies the reverse CHAP secret (password).
|
||
-secretSecure
|
Specifies the password in secure mode - the user will be prompted to input the password.
|
||
-secretFormat
|
The reverse CHAP input format. Value is one of the following:
|
||
-noChap
|
Remove the reverse CHAP credentials.
|
Example
uemcli /net/iscsi/reversechap set -secret xyz0123456789
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
Operation completed successfully.
View reverse CHAP secret settings
View whether a reverse CHAP secret password has been configured for iSCSI nodes.
|
Format
/net/iscsi/reversechap showExample
The following command shows the current reverse CHAP setting:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/iscsi/reversechap show
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
1: Username = ReverseChapUser
Set up iSNS for iSCSI storage
The iSNS protocol (iSNSP) allows centralized management of iSCSI devices. An iSNS server can provide services such as remote discovery and configuration for iSCSI nodes and hosts. When iSNSP is in use, both the iSCSI nodes (targets) and hosts (initiators) on the network must be configured to use the iSNS server. You create a single iSNS server record for the system. The following table lists the attributes for iSNS server records.
Attribute
|
Description
|
---|---|
ID
|
ID of the iSNS server record.
|
Server
|
Name or IP address of an iSNS server.
|
Create iSNS server records
Create an iSNS server record to specify an iSNS server for the system to use. When you create an iSNS server record, it will overwrite the existing record on the system.
Format
/net/iscsi/isns create -server <value>Action qualifiers
Qualifier
|
Description
|
---|---|
-server
|
Type the name or IP address of the iSNS server.
|
Example
The following command creates an iSNS server record for server IP address 10.5.2.128. The server record receives the ID iSNS_10.5.2.128:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/iscsi/isns create –server 10.5.2.128
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
ID = isns_0
Operation completed successfully.
View iSNS server records
View details for configured iSNS server records.
|
Format
/net/iscsi/isns showExample
The following command shows details for the iSNS server record:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/iscsi/isns show
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
ID = isns_0
Operation completed successfully.
Delete iSNS server records
Delete an iSNS server record.
Format
/net/iscsi/isns -id <value> deleteObject qualifier
Qualifier
|
Description
|
---|---|
-id
|
Type the ID of the iSNS server record to delete.
|
Example
The following command deletes the iSNS server record isns_0:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/iscsi/isns -id isns_0 delete
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
Operation completed successfully.
Change iSNS server record settings
Modify an existing iSNS server record.
Format
/net/iscsi/isns -id <value> set -server <value>Object qualifier
Qualifier
|
Description
|
---|---|
-id
|
Type the ID of the iSNS server record to delete.
|
Action qualifiers
Qualifier
|
Description
|
---|---|
-server
|
New IP address associated with the iSNS server.
|
Example
The following command modifies the iSNS server record:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/iscsi/isns -id isns_0 set -server 10.5.2.130
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
ID = isns_0
Operation completed successfully.
Manage iSCSI configuration
The following table lists the attributes for iSCSI configuration.
Attribute
|
Description
|
---|---|
CHAP required
|
Specifies whether CHAP authentication is required in order to access iSCSI storage. Valid values are:
|
View iSCSI configuration
View details about the iSCSI configuration.
Format
/net/iscsi/config showExample
The following command shows details for the iSCSI configuration:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/iscsi/config show
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
1: CHAP required = yes
Change iSCSI configuration
Modify the iSCSI configuration.
Format
/net/iscsi/config set -chapRequired {yes | no}Object qualifier
Qualifier
|
Description
|
---|---|
-chapRequired
|
Specify whether CHAP authentication is required. Values are case-sensitive. Valid values are:
|
Example
The following command denies host access without CHAP authentication:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/iscsi/config set -chapRequired yes
Storage system address:10.0.0.1
Storage system port: 443
HTTPS connection
Operation completed successfully.
Manage iSCSI nodes (servers)
iSCSI nodes, or iSCSI Servers, are software components on the system that are dedicated to managing operations for data transferred through the iSCSI protocol. iSCSI nodes run on each Ethernet port and communicate with network hosts through the SP ports.
iSCSI nodes handle storage creation, monitoring, and management tasks for iSCSI LUNs. Hosts connect to the LUN through iSCSI initiators.
Each iSCSI node is identified by an ID.
Manage reverse CHAP for mutual CHAP authentication explains how to configure reverse CHAP authentication between iSCSI hosts and nodes.
The following table lists the attributes for iSCSI nodes.
Attribute
|
Description
|
||
---|---|---|---|
ID
|
ID of the iSCSI node.
|
||
Alias
|
Name of the iSCSI node.
|
||
IQN
|
iSCSI qualified name (IQN) for the node. The iSCSI protocol outlines a specific address syntax for iSCSI devices that communicate on a network. The iSCSI addresses are called IQNs. Each IQN includes a Type field, Date field, Naming Authority field, and String field. For example:
iqn.1992-07.com.emc:apm000650039080000-3
|
||
SP
|
Primary SP on which the node runs..
|
||
Health state
|
Health state of the iSCSI node. The health state code appears in parentheses. Value is one of the following:
|
||
Health details
|
Additional health information. See Appendix A, Reference, for health information details.
|
||
Port
|
Associated network port identifier.
|
||
Interfaces
|
ID of each network interface assigned to the iSCSI node. The interface defines the IP address for the node and allows it to communicate with the network and hosts.
|
View iSCSI nodes
View details about iSCSI nodes. You can filter on the iSCSI node ID.
|
Format
/net/iscsi/node [–id <value>] showObject qualifier
Qualifier
|
Description
|
---|---|
-id
|
Type the ID of an iSCSI node.
|
Example
The following command lists all iSCSI nodes on the system:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/iscsi/node show
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
1: ID = ISCSIN_1
Alias = MyISCSIserver1
IQN = iqn.1992-05.com.emc:fcnch0821001340000-1
Health state = OK (5)
SP = SPA
Port = eth0_SPA
Interfaces = IF_1,IF_2
2: ID = ISCSIN_2
Name = MyISCSIserver2
IQN = iqn.1992-05.com.emc:fcnch0821001340001-1
Health state = OK (5)
SP = SPA
Port = eth1_SPA
Interfaces = IF_3
Change iSCSI node settings
Change the network interface alias assigned to the node.
Format
/net/iscsi/node –id <value> set -alias <value>Object qualifier
Qualifier
|
Description
|
---|---|
-id
|
Type the ID of the iSCSI node to change.
|
Action qualifier
Qualifier
|
Description
|
---|---|
-alias
|
User-friendly name that identifies the iSCSI node.
|
Example
The following command assigns an alias to the ISCSIN_1 node:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/iscsi/node -id ISCSIN_1 set -alias “My iSCSI node”
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
ID = ISCSIN_1
Operation completed successfully.
Manage Ethernet ports
View and change the settings for the network ports on each SP.
The following table describes the port attributes.
Attribute
|
Description
|
||
---|---|---|---|
ID
|
ID of the port.
|
||
Name
|
Name of the port.
|
||
SP
|
Name of the SP on which the port resides. Value is SPA or SPB.
|
||
Protocols
|
Types of protocols the port supports. Value is one of the following:
|
||
MTU size
|
Maximum transmission unit (MTU) packet size (in bytes) that the port can transmit. Default is 1500 bytes per packet.
|
||
Requested MTU size
|
MTU size set by the user.
|
||
Available MTU size
|
List of available MTU sizes.
|
||
Speed
|
Current link speed of the port.
|
||
Requested speed
|
Link speed set by the user.
|
||
Available speeds
|
List of available speed values.
|
||
Health state
|
Health state of the port. The health state code appears in parentheses. Value is one of the following:
|
||
Health details
|
Additional health information. See Appendix A, Reference, for health information details.
|
||
Aggregated port ID
|
If the port is in a link aggregation, the ID of the link aggregation appears.
Manage link aggregations explains how to configure link aggregations on the SP ports.
|
||
Connector type
|
Physical connector type. Valid values are:
|
||
MAC address
|
Unique identifier assigned to a network device for communications on a network segment.
|
||
SFP supported speeds
|
List of supported speed values of the inserted Small Form-factor Pluggable.
|
||
SFP supported protocols
|
List of supported protocols of the inserted Small Form-factor Pluggable. Valid values are:
|
View Ethernet port settings
View details about the network ports. You can filter on the port ID.
|
Format
/net/port/eth [-id <value>] showObject qualifier
Qualifier
|
Description
|
---|---|
-id
|
Type the ID of the port.
|
Example
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/port/eth show -detail
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
1: ID = spa_eth2
Name = SP A Ethernet Port 2
SP = spa
Protocols = file, net, iscsi
MTU size = 4500
Requested MTU size = 4500
Available MTU sizes = 1280-9216
Linux device name = eth2
Speed = 1 Gbps
Requested speed = auto
Available speeds = 1 Gbps, 10 Gbps, 100 Mbps, auto
Health state = OK (5)
Health details = "The port is operating normally."
Aggregated port ID = None
FSN port ID = None
Connector type = RJ45
MAC address = 00:60:16:7A:7F:CF
SFP supported speeds =
SFP supported protocols =
2: ID = spa_eth3
Name = SP A Ethernet Port 3
SP = spa
Protocols = file, net, iscsi
MTU size = 1500
Requested MTU size = 1500
Available MTU sizes = 1500, 9000
Linux device name = eth3
Speed = 1 Gbps
Requested speed = auto
Available speeds = 1 Gbps, 10 Gbps, 100 Mbps, auto
Health state = OK (5)
Health details = "The port is operating normally."
Aggregated port ID = None
FSN port ID = None
Connector type = RJ45
MAC address = 00:60:16:7A:7F:CE
SFP supported speeds =
SFP supported protocols =
Change Ethernet port settings
|
NOTE:
The new settings are applied to a pair of symmetrical ports on dual SP systems.
|
Change the maximum transmission unit size and port speed for an Ethernet port.
Format
/net/port/eth -id <value> set [-mtuSize <value>] [-speed <value>]Object qualifier
Qualifier
|
Description
|
---|---|
-id
|
Type the ID of the network port.
|
Action qualifier
Qualifier
|
Description
|
---|---|
-mtuSize
|
Type the maximum transmission unit packet size (in bytes) for the port:
|
-speed
|
Type the port speed.
|
Example
The following command sets the MTU size for Ethernet port 0 (eth0) on SP A to 9000 bytes:
uemcli /net/port/eth –id spa_eth0 set –mtuSize 9000
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
ID = spa_eth0
ID = spb_eth0
Operation completed successfully.
Manage SAS ports (physical deployments only)
View the settings for the SAS ports on each SP. The following table describes the port attributes.
Attribute
|
Description
|
---|---|
ID
|
ID of the port.
|
Name
|
Name of the port.
|
SP
|
Name of the SP on which the port resides. Valid values are:
|
Speed
|
Current link speed of the port.
|
Health state
|
Health state of the port. The health state code appears in parentheses. Valid values are:
|
Health details
|
Additional health information. See
Health details for health information details.
|
Connector type
|
Physical connector type. Valid values are:
|
View SAS settings
View details about the SAS ports. You can filter on the port ID.
|
Format
/net/port/sas [-id <value>] showObject qualifier
Qualifier
|
Description
|
---|---|
-id
|
Type the ID of the port.
|
Example
uemcli /net/port/sas show
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
1: ID = spa_sas0
Name = SP A SAS Port 0
SP = spa
Speed =
Health state = OK_BUT (7)
2: ID = spa_sas1
Name = SP A SAS Port 1
SP = spa
Speed = 6 Gbps
Health state = OK (5)
Manage FC ports
View and change the settings for the FC ports on each SP.
The following table describes the port attributes.
Attribute
|
Description
|
---|---|
ID
|
ID of the port.
|
Name
|
Name of the port.
|
SP
|
Name of the SP on which the port resides.
|
WWN
|
World Wide Name (WWN) of the port.
|
Speed
|
Current link speed of the port.
|
Requested speed
|
Link speed set by the user.
|
Available speed
|
List of available speed values.
|
Health state
|
Health state of the port. The health state code appears in parentheses. Value is one of the following:
|
Health details
|
Additional health information. See Appendix A, Reference, for health information details.
|
Connector type
|
Physical connector type. Valid values are:
|
SFP supported speeds
|
List of supported speed values of the inserted Small Form-factor Pluggable.
|
SFP supported protocols
|
List of supported protocols of the inserted Small Form-factor Pluggable. Valid values are:
|
Replication capability
|
Type of replication capability. Valid values are:
|
View FC port settings
View details about the FC ports. You can filter on the port ID.
Format
/net/port/fc [-id <value>] showObject qualifier
Qualifier
|
Description
|
---|---|
-id
|
Type the ID of the port.
|
Example
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/port/fc show -detail
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
1: ID = spa_fc4
Name = SP A FC Port 4
SP = spa
WWN = 50:06:BD:01:60:05:8E:50:06:01:64:3D:E0:05:8E
Speed = 1 Gbps
Requested speed = auto
Available speeds = 4 Gbps, 8 Gbps, 16 Gbps, auto
Health state = OK (5)
Health details = "The port is operating normally."
SFP supported speeds = 4 Gbps, 8 Gbps, 16 Gbps
SFP supported protocols = FibreChannel
Replication capability = Sync replication
SFP supported mode = Multimode
Change port settings
Change the speed for an FC port.
Format
/net/port/fc -id <value> set -speed <value>Object qualifier
Qualifier
|
Description
|
---|---|
-id
|
Type the ID of the FC port.
|
Action qualifier
Qualifier
|
Description
|
---|---|
-speed
|
Type the port speed.
|
Example
The following command sets the speed for FC port fc1 on SP A to 1 Gbps:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/port/fc –id spa_fc1 set –speed 1Gbps
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
ID = spa_fc1
Operation completed successfully.
Manage uncommitted ports
This command is used to manage uncommitted network ports.
Uncommitted ports must be initialized in order to be used by the system. Use the CLI to view information on the uncommitted and removed system Small Form-factor Pluggable (SFP) ports.
Attribute
|
Description
|
---|---|
ID
|
Port identifier.
|
Name
|
Port name.
|
SP
|
Storage processor on which the port resides.
|
Health state
|
Current health state of the port. Valid states are:
|
Health details
|
Additional health information.
|
Connector type
|
Physical connector type associated with the uncommitted port. Valid values are:
|
SFP supported speeds
|
List of supported speed values of the inserted SFP.
|
SFP supported protocols
|
List of supported protocols of the inserted SFP. Valid values are:
|
View uncommitted ports
Use this command to view a list of uncommitted ports on the system.
View details about uncommited ports.
Format
/net/port/unc [-id <value>] showObject qualifier
Qualifier
|
Description
|
---|---|
-id
|
Type the ID of the port.
|
Example
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/port/unc show -detail
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
1: ID = spb_unc5
Name = SP B Uncommitted Port 5
SP = spb
Health state = OK (5)
Health details = "The Small Form-factor Pluggable (SFP) module in this Uncommitted port has been removed. Since the port is not in use, no action is required."
Connector type = LC
SFP supported speeds =
SFP supported protocols =
2: ID = spa_unc5
Name = SP A Uncommitted Port 5
SP = spa
Health state = OK (5)
Health details = "The Uncommitted port is uninitialized. It needs to be committed before it can be used."
Connector type = LC
SFP supported speeds = 10 Gbps
SFP supported protocols = Ethernet
3: ID = spb_iom_1_unc0
Name = SP B I/O Module 1 Uncommitted Port 0
SP = spb
Health state = OK (5)
Health details = "The Uncommitted port is uninitialized. It needs to be committed before it can be used."
Connector type = RJ45
SFP supported speeds =
SFP supported protocols =
Manage Management network interfaces
Configure management network interfaces to remotely manage and monitor the system, the network, and configured hosts. Specify the IP address for the interface as well as the IP addresses for the subnet mask and gateway. View details about existing management interfaces configured on the system through the Connection Utility. Each management interface is identified by its IP protocol version. IPv4 and IPv6 can be configured, independently of each other, at the same time, but they cannot both be disabled at the same time. The netmask can be specified with the appropriate prefix length, separated from the IP address with a /, such as 10.0.0.1/24. This is optional for IPv4, but required for IPv6. There can be up to five IPv6 addresses assigned automatically. Only one IPv6 address can be set manually.
The following table lists the interface attributes with a description of each.
Attribute
|
Description
|
---|---|
IP protocol version
|
IP protocol version. Valid values are:
|
Address origin
|
IP settings origin. Valid values are:
|
IP address
|
IPv4 or IPv6 address.
|
Subnet mask
|
IPv4 subnet mask.
|
Gateway
|
IPv4 or IPv6 gateway.
|
MAC address
|
MAC address associated with the interface.
|
View management interfaces
View a list of interfaces on the system. You can filter on the interface ID.
Format
/net/if/mgmt showExample
The following command displays all management interfaces on the system:
uemcli /net/if/mgmt show
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
1: IP protocol version = ipv4
Address origin = static
IP address = 10.0.0.1
Subnet mask = 255.255.255.0
Gateway = 10.0.0.2
2: IP protocol version = ipv6
Address origin = automatic
IP address = 3ffe:80c0:22c:4e:a:0:2:7f/64
Subnet mask =
Gateway = 3ffe
Change interface settings
Change the settings for an interface.
Format
/net/if/mgmt set { -ipv4 | -ipv6 } {disabled | automatic | static [-addr <value>] [-netmask <value>] [-gateway <value>] }Action qualifier
Qualifier
|
Description
|
||
---|---|---|---|
-ipv4
|
Specifies the IPv4 origin. Value is one of the following:
|
||
-ipv6
|
Specifies the IPv6 origin. Value is one of the following:
|
||
-addr
|
Specifies the IPv4 or IPv6 address of the interface. Optionally, you can also specify the prefix length in the following format:
<IP address>/<prefix length> .
|
||
-netmask
|
Specifies the IPv4 subnet mask for the interface.
|
||
-gateway
|
Specifies the IPv4 or IPv6 gateway for the interface.
|
Example
The following command changes the IP address, the netmask, and the gateway for interface IF_1:
uemcli /net/if/mgmt set -ipv4 static -addr 192.168.1.1 -netmask 255.255.255.0 -gateway 192.168.1.2
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
Operation completed successfully.
Manage network interfaces
Create interfaces to enable and control access between the system, the network, and configured hosts. Specify the IP address for the interface as well as the IP addresses for the subnet mask and gateway.
You can create the following types of interfaces:
- iSCSI interfaces for controlling access to iSCSI storage. You assign the interface to an iSCSI node.
- Replication interfaces for replication-related data or management traffic.
The system configures each interface on a pair of symmetrical SP ports. The interface can be moved between SPs. You have the option of indicating which SP the interface will use, either a physical port or a link aggregation port. You also have the option of specifying a virtual LAN (VLAN) ID, for communicating with VLAN networks.
Each interface is identified by an ID.
The following table lists the interface attributes with a description of each.
Attribute
|
Description
|
||
---|---|---|---|
ID
|
ID of the interface.
|
||
Type
|
Interface type. Value is one of the following:
|
||
Port
|
ID of the physical port or link aggregation on an SP on which the interface is running. The ID includes the port name and SP name.
|
||
VLAN ID
|
Virtual local area network (VLAN) ID for the interface. The interface uses the ID to accept packets that have VLAN tags. The value range is 1-4095.
|
||
IP address
|
IPv4 or IPv6 address.
|
||
Subnet mask
|
IPv4 subnet mask.
|
||
Gateway
|
IPv4 or IPv6 gateway.
|
||
MAC address
|
MAC address of the interface.
|
||
SP
|
SP that uses the interface.
|
||
Health state
|
A numerical value indicating the health of the system. Value is one of the following:
|
||
Health details
|
Additional health information.
|
Create interfaces
Create an interface.
Format
/net/if create [ -async ] [-vlanId <value>] -type { iscsi | replication} -port <value> -addr <value> [-netmask <value>] [-gateway <value>]Action qualifier
Qualifier
|
Description
|
||
---|---|---|---|
-async
|
Run the creation operation in asynchronous mode.
|
||
-type
|
Specify the interface type. Value is one of the following:
|
||
-port
|
Specify the ID of the SP port or link aggregation that will use the interface.
|
||
-vlanId
|
Specify the virtual LAN (VLAN) ID for the interface. The interface uses the ID to accept packets that have VLAN tags. The value range is 1–4095.
|
||
-addr
|
Specify the IP address for the interface. The prefix length should be appended to the IPv6 address and, if omitted, will default to 64. For IPv4 addresses, the default length is 24. The IPv4 netmask may be specified in address attribute after slash.
|
||
-netmask
|
Specify the subnet mask for the interface.
|
||
-gateway
|
Specify the gateway for the interface.
|
Example
The following command creates a replication interface. The interface receives the ID IF_1:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/if create -type replication -port eth1_spb -addr 10.0.0.1 -netmask 255.255.255.0 -gateway 10.0.0.1
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
ID = IF_1
Operation completed successfully.
View interfaces
View a list of interfaces on the system. You can filter on the interface ID.
|
Format
/net/if [ {-id <value> | -port <value> | -type <value>} ] showObject qualifier
Qualifier
|
Description
|
---|---|
-id
|
Type the ID of an interface.
|
-port
|
Type the port the interface is associated with.
|
-type
|
Specify the type of the interface. Valid values are:
|
Example
The following command displays the details of all interfaces on the system.
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/if show -detail
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
1: ID = if_0
Type = file
NAS server = nas_0
Port = eth0_spa
VLAN ID = 0
IP address = 3ffe:80c0:22c:4e:a:0:2:7f/64
Subnet mask =
Gateway = fe80::20a8bff:fe5a:967c
IPv4 mode =
IPv4 address =
IPv4 subnet mask =
IPv4 gateway =
IPv6 mode = static
IPv6 address = 3ffe:80c0:22c:4e:a:0:2:7f/64
IPv6 link-local address =
IPv6 gateway = fe80::20a8bff:fe5a:967c
MAC address = EA:3E:22:3F:0C:62
SP = spa
Preferred = yes
2: ID = if_1
Type = file
NAS server = nas_1
Port = eth1_spb
VLAN ID = 1
IP address = 192.168.1.2
Subnet mask = 255.255.255.0
Gateway = 192.168.1.254
IPv4 mode = static
IPv4 address = 192.168.1.2
IPv4 subnet mask = 255.255.255.0
IPv4 gateway = 192.168.1.254
IPv6 mode =
IPv6 address =
IPv6 link-local address =
IPv6 gateway =
MAC address = EA:3E:22:21:7A:78
SP = spa
Preferred = yes
3: ID = if_2
Type = replication
NAS server =
Port = eth1_spb
VLAN ID =
IP address = 10.103.75.56
Subnet mask = 255.255.248.0
Gateway = 10.103.72.1
IPv4 mode = static
IPv4 address = 10.103.75.56
IPv4 subnet mask = 255.255.248.0
IPv4 gateway = 10.103.72.1
IPv6 mode =
IPv6 address =
IPv6 gateway =
MAC address = EA:3E:22:6D:BA:40
SP = spb
Preferred = no
Change interface settings
Change the settings for an interface.
Format
/net/if -id <value> set [-vlanId <value>] [-addr <value>] [-netmask <value>] [-gateway <value>]Object qualifier
Qualifier
|
Description
|
---|---|
-id
|
Type the ID of the interface to change.
|
Action qualifier
Qualifier
|
Description
|
||
---|---|---|---|
-vlanId
|
Type the virtual LAN (VLAN) ID for the interface. The interface uses the ID to accept packets that have VLAN tags. The value range is 1–4095.
|
||
-addr
|
Specify the IP address for the interface.
|
||
-netmask
|
Specify the IPv4 subnet mask for the interface.
|
||
-gateway
|
Specify the gateway for the interface.
|
Example
The following command changes the gateway address for interface IF_1:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456!/net/if –id IF_1 set -gateway 2001:db8:0:170:a:0:2:70
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
ID = IF_1
Operation completed successfully.
Delete interfaces
Delete an interface.
|
NOTICE:
Deleting an interface can break the connection between systems that use it, such as configured hosts.
|
Format
/net/if –id <value> deleteObject qualifier
Qualifier
|
Description
|
---|---|
-id
|
Type the ID of the interface to delete.
|
Example
The following command deletes interface IF_1:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/if –id IF_1 delete
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
Operation completed successfully.
Manage static IP routes
A route determines where to forward a packet destined for a non-local subnet so it can reach its destination, whether that destination is a network or host. A static IP route is a host, network, or default route that is configured manually.
The system selects a route in order from most specific to least specific, as follows:
- Host (most specific)
- Network
- Default (least specific)
|
NOTE:
An IP route connects an interface (IP address) to the larger network through a gateway. Without the route, the interface is no longer accessible outside its immediate subnet. As a result, network shares and exports associated with the interface are no longer available to clients outside of its immediate subnet.
|
Each route is identified by an ID.
The following table describes the attributes for static IP routes.
Attribute
|
Description
|
---|---|
ID
|
ID of the route.
|
Interface ID
|
ID of the interface the route uses to reach the gateway. The interface is associated with a SP.
View interfaces explains how to view the network interface IDs.
|
Route type
|
Type of route. Valid values are:
|
Target
|
IP address of the target network node based on the specified route type. Valid values are:
|
Netmask
|
For a subnet route, the IP address of the subnet mask.
|
Gateway
|
IP address of the gateway.
|
Health state
|
A numerical value indicating the health of the system. Valid values are:
|
Health details
|
Additional health information. See Appendix A, Reference, for health information details.
|
Create IP routes
Create an IP route.
|
NOTE:
To change a route, delete it and re-create it with the new settings.
|
Format
/net/route create -if <value> -type {default | host -target <value> | net -target <value> [-netmask <value>]} [-gateway <value>]Action qualifier
Qualifier
|
Description
|
||
---|---|---|---|
-if
|
Type the ID of the interface that the route will use to reach the gateway.
View interfaces explains how to view the network interface IDs.
|
||
-type
|
Type the type of route. Value is one of the following:
|
||
-target
|
Type the IP address for the target network node based on the value of
-type. Value is one of the following:
|
||
-netmask
|
For a route to a subnet, type the IP address of the subnet mask.
|
||
-gateway
|
Type the gateway IP address for the route.
|
Example
The following command creates a network route for interface if_1 to reach the 10.64.74.x subnet using gateway 10.64.74.1:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/route create –if IF_1 –type net –target 10.64.200.10 netmask 255.255.255.0 –gateway 10.64.74.1
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
ID = RT_1
Operation completed successfully.
View IP routes
View details about IP routes. You can filter on the route ID.
|
Format
/net/route [ {-id <value> | -if <value>} ] showObject qualifier
Qualifier
|
Description
|
---|---|
-id
|
Specifies the ID of a route.
|
-if
|
Specifies the network interface for which you want to return routes.
|
Example
The following command displays details of the IP routes RT_1, RT_2, and RT_3:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/route show -detail
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
1: ID = RT_1
Type = net
Target = 10.64.74.10
Netmask = 255.255.255.0
Gateway = 10.0.0.1
Interface = IF_1
Health state = OK (5)
2: ID = RT_2
Type = default
Target =
Netmask =
Gateway = 10.64.74.2
Interface = IF_2
Health state = OK (5)
3: ID = RT_3
Type = host
Target = 10.64.74.168
Netmask =
Gateway = 10.0.0.3
Interface = IF_3
Health state = OK (5)
Change IP routes
Modify an existing IP route.
Format
/net/route set route -id <value> set [-type {default | host | net}] [-target <value> [-netmask <value>]] [-gateway <value>]Object qualifier
Qualifier
|
Description
|
---|---|
-id
|
Identifies the route object.
|
Action qualifier
Qualifier
|
Description
|
---|---|
-type
|
Specify the type of route. Only one default IPv4 route instance is allowed. Valid values are (case-insensitive):
|
-target
|
Specify the destination IP address or a range of IP addresses. If the route type is:
Default prefix length is 24 for IPv4 address and 64 for IPv6 address. Valid values are:
|
-netmask
|
For a route to a subnet, type the IP address of the subnet mask.
|
-gateway
|
Specify the gateway IP address for the route.
|
Example
The following command changes the target IP address to 10.64.200.11, the netmask to 255.255.255.0, and the gateway to 10.64.74.2 for IP route RT_1:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/route -id RT_1 set -target 10.64.200.11 ‑netmask 255.255.255.0 -gateway 10.64.74.2
Storage system address: 10.64.75.201
Storage system port: 443
HTTPS connection
ID = RT_1
Operation completed successfully.
Delete IP routes
Delete an IP route.
Format
/net/route –id <value> deleteObject qualifier
Qualifier
|
Description
|
---|---|
-id
|
Type the ID of the route to delete.
|
Example
The following command deletes route RT_1:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/route –id RT_1 delete
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
Operation completed successfully.
Manage link aggregations
Link aggregation lets you link physical ports (for example, port 0 and port 1) on a SP to a single logical port and therefore lets you use up to four Ethernet ports on the SP. If your system has two SPs, and you link two physical ports, the same ports on both SPs are linked for redundancy. For example, if you link port 0 and port 1, the system creates a link aggregation for these ports on SP A and a link aggregation on SP B.
Each link aggregation is identified by an ID.
|
NOTE:
The cabling on SP A must be identical to the cabling on SP B, or you cannot configure link aggregation.
|
Link aggregation has the following advantages:
- Increases overall throughput since two physical ports are linked into one logical port.
- Provides basic load balancing across linked ports since the network traffic is distributed across multiple physical ports.
- Provides redundant ports so that if one port in a linked pair fails, the system does not lose connectivity.
|
NOTE:
With link aggregation, both linked ports must be connected to the same switch and the switch must be configured to use link aggregation that uses the Link Aggregation Control Protocol (LACP). The documentation that came with your switch should provide more information on using LACP.
|
The following table describes the attributes for link aggregation.
Attribute
|
Description
|
||
---|---|---|---|
ID
|
ID of the link aggregation. The ID is a combination of the link ID and the SP that contains the linked ports.
|
||
Ports
|
IDs of the linked physical ports. The port names include the name of the SP that contains the ports.
|
||
SP
|
Name of the SP on which the ports are linked. Valid values are:
|
||
MTU size
|
Maximum transmission unit (MTU) packet size (in bytes) for the linked ports. Default is 1500 bytes per packet.
|
||
Linux device name
|
Linux network device name.
|
||
FSN port ID
|
ID of the FSN port to which the link aggregation belongs, if it is part of an FSN.
|
||
Available MTU size
|
List of available MTU sizes.
|
||
Health state
|
Health state of the link aggregation. The health state code appears in parentheses. Value is one of the following:
|
||
Health details
|
Additional health information.
|
Create link aggregations
Create a link aggregation by linking two physical ports on an SP to create a logical port.
Format
/net/la create –ports <value> [-mtuSize <value>]Action qualifier
Qualifier
|
Description
|
---|---|
-ports
|
Type the IDs of the physical ports to link on the SP. Separate the IDs with a comma. For example, to link ports 0 and 1 on SPA, type: eth0_SPA,eth1_SPA.
|
-mtuSize
|
Type the MTU size (in bytes) for the linked ports. The MTU size can be set to a custom value between 1280 and 9216.
Specific I/O modules may restrict allowed range for MTU size value. The MTU size values of 1500 bytes (default) and 9000 bytes (jumbo frame) are supported by all interfaces and I/O modules. |
Example
The following command links port 0 and port 1 on SPA with the default MTU size. The system has two SPs, so port 0 and port 1 on SPB are also linked, which results in two link aggregation IDs:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/la create -ports "eth0_SPA,eth1_SPA"
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
ID = la0_SPA
ID = la0_SPB
Operation completed successfully.
View link aggregations
View details about link aggregations. You can filter on the link aggregation ID.
Format
/net/la [-id <value>] showObject qualifier
Qualifier
|
Description
|
---|---|
-id
|
Type the ID of the link aggregation.
|
Example
The following command shows the link aggregations on the system, in this case, for both SPA and SPB:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/la show -detail
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
1: ID = spa_la_0_2
SP = spa
Ports = spa_iom_0_eth2, spa_iom_0_eth3
FSN port ID = None
MTU size = 3456
Available MTU sizes = 1280-9216
Linux device name = bond12
Health state = OK (5)
Health details = "The component is operating normally. No action is required."
Operational status =
2: ID = spb_la_0_2
SP = spb
Ports = spb_iom_0_eth2, spb_iom_0_eth3
FSN port ID = None
MTU size = 3456
Available MTU sizes = 1280-9216
Linux device name = bond12
Health state = OK (5)
Health details = "The component is operating normally. No action is required."
Operational status =
Change link aggregations
Change the settings of a link aggregation.
Format
/net/la -id <value> set [-ports <value>] [-mtuSize <value>]Object qualifier
Qualifier
|
Description
|
---|---|
-id
|
Type the ID of the link aggregation to change.
|
Action qualifier
Qualifier
|
Description
|
---|---|
-ports
|
Type the IDs of the physical ports to link on the SP. Separate the IDs with a comma. For example, to link ports 0 and 1 on SPA, type: eth0_SPA,eth1_SPA
|
-mtuSize
|
Type the MTU size (in bytes) for the linked ports. The MTU size can be set to a custom value between 1280 and 9216.
Specific I/O modules may restrict allowed range for MTU size value. The MTU size values of 1500 bytes (default) and 9000 bytes (jumbo frame) are supported by all interfaces and I/O modules. |
Example
The following command changes the MTU size for link aggregation la0_SPA to 9000 bytes. The system has two SPs, so MTU size is updated for both link aggregation IDs:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/la –id la0_SPA set –mtuSize 9000
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
ID = la0_SPA
ID = la0_SPB
Operation completed successfully.
Delete link aggregations
Delete a link aggregation.
Format
/net/la [-id <value>] deleteObject qualifier
Qualifier
|
Description
|
---|---|
-id
|
Type the ID of the link aggregation to delete.
|
Example
The following command deletes link aggregation la0_SPA. The system has two SPs, so link aggregation la0_SPB is also deleted:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/la –id la0_SPA delete
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
ID = la0_SPA
ID = la0_SPB
Operation completed successfully.
Manage Fail-safe networking (physical deployments only)
Learn about Fail-safe networking (FSN) and which attributes are used to manage FSN in the CLI.
A Fail-Safe Network (FSN) is a high-availability feature that extends link failover into the network by providing switch-level redundancy. An FSN appears as a single link with a single MAC address and potentially multiple IP addresses. An FSN can be a port, a link aggregation, or any combination of the two. An FSN adds an extra layer of availability to link aggregations alone. Link aggregations provide availability in the event of a port failure. FSNs provide availability in the event of a switch failure. Each port or link aggregation is considered as a single connection. Only one connection in an FSN is active at a time. All the connections making up the FSN share a single hardware (MAC) address.
If the system detects a failure of the active connection, it will automatically switch to the standby connection in the FSN. That new connection assumes the network identity of the failed connection, until the primary connection is available again. You can designate which connection is the primary port/connection. To ensure connectivity in the event of a hardware failure, create FSN devices on multiple I/O modules or onboard ports. The FSN components are connected to different switches. If the network switch for the active connection fails, the FSN fails over to a connection using a different switch, thus extending link failover out into the network.
When replicating from one Unity system to another, configure the FSN the same way on both systems as a best practice. You will need to manually configure the FSN on the destination before setting up replication. Otherwise, if you set up the FSN on the destination after replication is configured, you will need to use the override option to select the FSN as the interface for the destination NAS server.
|
NOTE:
A NAS server IP interface should be build on the highest level logical device. If you want to repurpose a port or link aggregation currently used as a NAS server IP interface for an FSN, you will need to remove the IP interface from the NAS server, create the FSN, and reassign the IP interface to the FSN device.
|
Attribute
|
Description
|
||
---|---|---|---|
ID
|
ID of the Fail-Safe Networking port.
|
||
SP
|
Storage processor the FSN is on.
|
||
MTU size
|
Maximum Transmission Unit (MTU) size.
|
||
Available MTU sizes
|
List of available MTU sizes.
|
||
Linux device name
|
Name of the Linux network device.
|
||
Primary port
|
ID of the primary port used in the FSN. The primary port cannot be removed.
|
||
Secondary ports
|
Comma-separated list of the other secondary ports in the FSN. This includes both link aggregations and ethernet ports.
|
||
Active port
|
ID of the active port for the FSN.
|
||
Health state
|
The health state of the FSN. Valid values are:
|
||
Health details
|
Detailed health information for the FSN.
|
Create an FSN
Use the CLI to create a fail-safe network.
Create a fail-safe network using two or more ports or link aggregations.
Format
/net/fsn create -primaryPort <value> -secondaryPorts <value> [-mtuSize <value>]Action qualifier
Qualifier
|
Description
|
---|---|
-primaryPort
|
Type the ID of the primary port for the FSN. This can be either an ethernet port or link aggregation.
|
-secondaryPorts
|
Type the comma-separated list of additional port or link aggregation IDs to be included in the FSN.
|
-mtuSize
|
Optionally, type the Maximum Transmission Unit size for the FSN. The MTU must be in the range allowed for all of the ports included in the FSN. The MTU size can be set to a custom value between 1280 and 9216.
Specific I/O modules may restrict allowed range for MTU size value. The MTU size values of 1500 bytes (default) and 9000 bytes (jumbo frame) are supported by all interfaces and I/O modules. |
Example
The following example creates an FSN where the primary port is a single ethernet port, and the secondary ports include a link aggregation and additional single ethernet port.
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/fsn create -primaryPort spa_eth0 -secondaryPorts "spa_la_2,spa_eth3"
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
ID = spa_fsn_0
ID = spb_fsn_0
Operation completed successfully.
View FSN settings
Review the list and details of each FSN on the system.
Format
/net/fsn [-id <value>] showObject qualifier
Qualifier
|
Description
|
---|---|
-id
|
Type the ID for the FSN port for which you would like to view details. Do not specify to see details for all FSNs on the system.
|
Example
The following example shows the details of all the FSNs on the system.
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/fsn show -detail
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
1: ID = spa_fsn_0_1
SP = spa
Primary port = spa_iom_0_eth1
Secondary ports = spa_la_2
Active port = spa_iom_0_eth1
MTU size = 1500
Available MTU sizes = 1500,9000
Health state = OK (5)
Health details = "FSN port is operating normally."
2: ID = spb_fsn_0_1
SP = spb
Primary port = spb_iom_0_eth1
Secondary ports = spb_la_2
Active port = spb_iom_0_eth1
MTU size = 1500
Available MTU sizes = 1500,9000
Health state = OK (5)
Health details = "FSN port is operating normally."
Change an FSN
Make changes to an existing FSN.
Change a fail-safe network by modifying the included secondary ports or MTU sizes.
Format
/net/fsn -id <value> set [-secondaryPorts <value>] [-mtuSize <value>]Object qualifier
Qualifier
|
Description
|
---|---|
-id
|
Type the ID of the FSN port.
|
Action qualifier
Qualifier
|
Description
|
---|---|
-secondaryPorts
|
Type the list of full IDs of the physical ports and/or link aggregation ports for the FSN. Remove any from the list you wanted deleted from the FSN, and add any you want included.
|
-mtuSize
|
Type the new Maximum Transmission Unit (MTU) size for the FSN. The MTU must be in the range allowed for all of the ports included in the FSN. The MTU size can be set to a custom value between 1280 and 9216.
Specific I/O modules may restrict allowed range for MTU size value. The MTU size values of 1500 bytes (default) and 9000 bytes (jumbo frame) are supported by all interfaces and I/O modules. |
Example 1
The following example changes the MTU size of the FSN "spa_fsn_0".
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/fsn -d spa_fsn_0 set -mtuSize 9000
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
ID = spa_fsn_0
ID = spb_fsn_0
Operation completed successfully.
Example 2
The following example shows an attempt to add Ethernet port "spa_iom_0_eth2" to FSN "spa_fsn_0", however this ethernet port is already in use for another link aggregation and could not be added independently to the FSN.
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/fsn -d spa_fsn_0 set -secondaryPorts spa_iom_0_eth2
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
Operation failed. Error code: 0x6000851
One of the specified ports cannot be used to configure an FSN because to it is already included in an FSN or link aggregation. (Error Code:0x6000851)
Delete an FSN
Delete an FSN from the system.
Delete a fail-safe network.
Format
/net/fsn -id <value> deleteObject qualifier
Qualifier
|
Description
|
---|---|
-id
|
Type the ID of the FSN port.
|
Example
The following example deletes FSN "spa_fsn_0"
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/fsn -id spa_fsn_0 delete
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
ID = spa_fsn_0
ID = spb_fsn_0
Operation completed successfully.
Manage DNS settings
A domain name server (DNS) is a network service responsible for converting domain names to their corresponding IP addresses. The system uses DNS services to resolve network names and IP addresses for the network services it needs (for example, for NTP and SMTP servers) and so that it can obtain IP addresses for hosts addressed by network names rather than IP addresses.
During the initial system configuration process you must specify the network address of at least one DNS server for resolving host names to IP addresses. Later, you can add, delete, or change DNS server settings.
You can configure multiple DNS server domains to specify each domain and IP address of the DNS servers for the system to use. By default, the system uses the top entry in the list as the current DNS. The remaining list provides a hierarchy of DNS servers to use if the first-choice server becomes unavailable. If the first DNS server in the list becomes unavailable, the system proceeds to the next DNS server in the list, and so on. You can also specify default DNS server addresses to indicate which addresses the system will use first.
DNS domains allow configuring DNS server addresses. All addresses are grouped under user-defined DNS server domains. DNS settings are identified by NAS server domain ID. NAS server DNS settings should allow DNS resolution of all names within an SMB server domain in order for the SMB protocol to operate normally within an Active Directory domain.
|
NOTICE:
You must configure at least one valid DNS server entry in the domain for the system. Deleting the last DNS entry can disrupt network communication to the device, and potentially interrupt communication between the system and the hosts that use its storage resources.
|
The following table lists the attributes for DNS domains.
Attribute
|
Description
|
||
---|---|---|---|
NAS server
|
ID of the associated NAS server.
|
||
Name
|
Name of the DNS domain.
|
||
Auto-configuration enabled
|
Indicates whether DNS addresses are configured automatically.
|
||
Name servers
|
List of IP addresses that correspond to the name servers in the domain.
|
||
Replication sync
|
Indicates the status of the DNS list in the NAS server operating as a replication destination. When a replicated DNS servers list is created on the source NAS server, it is automatically synchronized to the destination. Valid values are:
|
||
Source name servers
|
List of name server IP addresses defined on the replication source.
|
Configure DNS settings
Configure the DNS settings for the storage system.
Format
/net/dns/config set {-nameServer <value> | -auto | -noNameServer}Action qualifier
Qualifier
|
Description
|
---|---|
-nameServer
|
Type a list of DNS server addresses to designate as default addresses. Separate the addresses with a comma. The system uses the addresses in the order in which you type them.
|
-auto
|
Set DNS addresses dynamically.
|
-noNameServer
|
Clear the list of IP addresses.
|
Example
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/dns/config set -nameServer “128.222.132.29,128.222.132.32”
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
Operation completed successfully.
View default DNS addresses
View the DNS server addresses designated as a default.
Format
/net/dns/config showExample
The following command displays the DNS server addresses:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/dns/config show
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
1. Auto-configuration enabled = no
Name servers = 10.5.3.29,10.5.3.32,2001:db8:170:9400:212:3fff:fe2a:8812
View DNS server domains
View details about configured DNS server domains.
|
Format
/net/nas/dns [-server <value>] showObject qualifier
Qualifier
|
Description
|
---|---|
-server
|
Type the ID of the associated NAS server.
|
Example
The following command lists all DNS server domains:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/dns -server nas_1 show -detail
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
1: NAS server = nas_1
Name = domain.one.com
Name servers = 10.64.74.1,10.64.74.201
Replication sync = Overridden
Source name servers = 10.64.74.1,10.64.74.201
Configure a DNS domain
Configure a DNS server domain.
Format
/net/nas/dns -server <value> set { [-name <value>] [-nameServer <value>]| -enabled no} [-replSync {auto | overridden}]Object qualifier
Qualifier
|
Description
|
---|---|
-server
|
Type the name of the associated NAS server.
|
Action qualifier
Qualifier
|
Description
|
---|---|
-name
|
Type the name of the associated NAS server.
|
-nameServer
|
Type the IP addresses of the DNS servers. Separate the addresses using a comma.
|
-enabled
|
Set the value to no to remove DNS settings for the NAS server. Valid value is no.
|
-replSync
|
Status of the DNS list in the NAS server operating as a replication destination. Valid values are:
|
Example
The following command deletes the DNS domain domain.two.com:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/dns –server nas_1 set -name “newdomain.one.com”
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
Operation completed successfully.
Manage NTP server settings
|
NOTE:
NTP is not required, but some functionality is unavailable without it.
|
The system relies on the network time protocol (NTP) as a standard for synchronizing the system clock with other nodes on the network. NTP provides a way of synchronizing clocks of distributed systems within approximately one millisecond of each other. A Windows Active Directory domain controller can operate as a time server if the Windows Time Service is running on it.
Some applications will not operate correctly if the clock on the system is not synchronized with the clock on connected hosts. Configure the system and any connected hosts to use the same time server. Doing so does the following:
- Minimizes the chance that synchronization issues will arise between the system and connected hosts.
- Reduces the difficulty of reconciling timestamps used for log information in the different systems.
|
NOTE:
When using a NAS server for CIFS (SMB) network shares, the system cannot access an Active Directory domain unless the system is synchronized within five minutes of the Active Directory controller for the domain where the network shares reside.
|
You can configure a total of three NTP server addresses for the system. All NTP server addresses are grouped into a single NTP server record. NTP is not required, but some functionality is unavailable without it.
The following table lists the attributes for the NTP server record.
Attribute
|
Description
|
---|---|
ID
|
ID of the NTP server record.
|
Server
|
Name or IP address of an NTP server.
|
Create an NTP server record
Create an NTP server to specify an IP address of each NTP server the system will use.
|
NOTE:
By default, the first NTP server address you specify will become the primary.
|
Format
/net/ntp/server create –server <value> [-force {noReboot | allowReboot | allowDU}]Action qualifier
Qualifier
|
Description
|
||
---|---|---|---|
-server
|
Type the name or IP address of an NTP server.
|
||
-force
|
Accept or decline the system reboot, which may be needed to complete the time change. If the qualifier isn't specified, you will be asked to confirm reboot if it's needed. Valid values are:
|
Example
The following creates an NTP server record that contains NTP server address 0.north-america.pool.ntp.org:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/ntp/server create –server 0.north-america.pool.ntp.org
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
ID = NTP_0.north-america.pool.ntp.org
Operation completed successfully.
View NTP server settings
View details about the NTP server.
|
Format
/net/ntp/server [-id <value>] showObject qualifier
Qualifier
|
Description
|
---|---|
-id
|
Type the ID of the NTP server.
|
Example
The following command displays the NTP server record, which contains two NTP server addresses:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/ntp/server show
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
1: ID = NTP_0.north-america.pool.ntp.org
Server = 0.north-america.pool.ntp.org
2: ID = NTP_1.north-america.pool.ntp.org
Server = 1.north-america.pool.ntp.org
Configure NTP server settings
Configure the NTP server setting.
Format
/net/ntp/server set –addr <value>Action qualifier
Qualifier
|
Description
|
---|---|
-addr
|
Enter a list of one or more IP addresses or network names of each NTP server to include in the NTP server setting. Separate the addresses with a comma.
|
Example
The following command adds two IP addresses to the NTP server setting:
uemcli -d 10.0.0.1 -u Local/joe -p 12345 /net/ntp/server set –addr “10.64.75.55,10.64.75.44”Delete NTP server settings
Delete an NTP server record to remove the NTP settings.
|
NOTE:
If you delete the primary NTP server record, the system automatically determines the NTP server record to use.
|
Format
/net/ntp/server –id <value> deleteAction qualifier
Qualifier
|
Description
|
---|---|
-id
|
Type the ID of the NTP server setting to delete.
|
Example
The following command deletes NTP server setting NTP_10.5.1.207:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/ntp/server –id NTP_10.5.1.207 delete
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
Operation completed successfully.
Manage NIS server domains
The Network Information Service (NIS) consists of a directory service protocol for maintaining and distributing system configuration information, such as user and group information, hostnames, and e-mail aliases to network hosts. For example, to back up data on file system shares, some NDMP products require information from NIS servers to back up file system data.
NIS server addresses are grouped under domains, which are identified by domain IDs.
The following table lists the attributes for NIS servers domains.
Attribute
|
Description
|
||
---|---|---|---|
NAS server
|
ID of the associated NAS server.
|
||
Domain
|
Name of the NIS server domain.
|
||
Servers
|
List of IP addresses of the NIS servers in the domain.
|
||
Replication sync
|
Indicates the status of the NIS server addresses list in the NAS server operating as a replication destination. When a replicated NIS servers list is created on the source NAS server, it is automatically synchronized to the destination. Valid values are:
|
||
Source servers
|
List of IP addresses for the NIS servers defined on the replication source.
|
View NIS server domains
View details about NIS server domains.
Format
/net/nas/nis [-server <value>] showObject qualifier
Qualifier
|
Description
|
---|---|
-server
|
Type the ID of the associated NAS server
|
Example
The following command displays details about the NIS server domain:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/nis show -detail
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
1: NAS server = nas_0
Domain = nis.one.com
Servers = nisserver1.one.com,10.64.74.1
Replication sync = Overridden
Source servers = 10.64.74.74,10.64.74.1
Change NIS server domains
Add NIS server addresses to an NIS server domain.
Format
/net/nas/nis –server <value> set { [-domain <value>] [–ip <value>] | {-enabled no}} [-replSync {auto | overridden}]Object qualifier
Qualifier
|
Description
|
---|---|
-server
|
Type the ID of the associated NAS server
|
Action qualifier
Qualifier
|
Description
|
---|---|
-domain
|
Type the NIS domain name.
|
-ip
|
Type the IP addresses of the NIS servers to include in the domain. Separate the addresses with a comma.
|
-enabled
|
Set the value to no to remove NIS settings for the NAS server. Valid value is no.
|
-replSync
|
Status of the NIS list in the NAS server operating as a replication destination. Valid values are:
|
Example
The following command adds a new IP address to NIS server domain nis.two.com:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/nis –id nis.two.com set –ip “10.64.74.200”
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
Operation completed successfully.
Manage SMTP server settings
The system uses the Simple Mail Transport Protocol (SMTP) to e-mail alerts, based on alert severity, of system events to specified e-mail addresses and to EMC support. Once you provide the IP address of the SMTP server to use, you can enable the following features on the system:
- E-mail alerts — The system sends e-mail alerts of system events to the specified IP address when it encounters alert or error conditions. The system uses the first IP address you specify.
Configure alert settings explains how to specify the alert severity of which to e-mail alerts. All IP addresses are grouped under a single SMTP server setting.
The following table lists the attributes for SMTP server settings.
Attribute
|
Description
|
---|---|
ID
|
ID of the SMTP server.
|
Address
|
IP address of the SMTP server.
|
Port
|
Port of the SMTP server.
|
Encryption level
|
Encryption level (SSL method) used to communicate with the SMTP server. Valid values are:
|
Authentication type
|
Type of authentication used to log in to the SMTP server. Valid value are:
|
User name
|
User name used to log in to the SMTP server.
|
Bypass proxy
|
Indicates whether or not the global proxy settings will be bypassed.
|
View SMTP server settings
View the IP addresses of the SMTP servers.
|
Format
/net/smtp [-id <value>] showObject qualifier
Qualifier
|
Description
|
---|---|
-id
|
Type the ID of an SMTP server.
|
Example
The following command lists the IP addresses of the two SMTP servers in the setting:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/smtp show
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
1: ID = default
Address = 192.168.0.15
Port = 25
Encryption level = SSL
Authentication type = Plain
User name = test
Bypass proxy = no
Configure SMTP server settings
Specify the IP addresses for the SMTP server setting.
Format
/net/smtp -id <value> set -addr <value> [-port <value>] [-encryptLevel {none|startTLS|ssl}] [-authType {none|plain|login|cram_md5|digest_md5}] [-user <value> {-passwd <value> |-passwdSecure}][-bypassproxy {yes|no}]Object qualifier
Qualifier
|
Description
|
---|---|
-id
|
Type the ID of an SMTP server for which to specify an IP address.
|
Action qualifier
Qualifier
|
Description
|
---|---|
-addr
|
Type the IP address for the SMTP server. Note that the address can be either IPv4 or IPv6.
|
-port
|
Enter the port of the SMTP server.
|
-encryptLevel
|
Specifies the encryption level (SSL method) of the SMTP server. Valid values are:
|
-authType
|
Specifies the authentication type of the SMTP server. Valid values are:
|
-user
|
Specifies the user name of the SMTP server.
|
-passwd
|
Specifies the password of the SMTP server.
|
-passwdSecure
|
Specifies the password in secure mode. The user will be prompted to input the password.
|
-bypassproxy
|
Specifies whether the global proxy settings are bypassed when accessing the SMTP server. Valid values are:
|
Example
The following command sets the IP address for the default SMTP server that the system will use:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/smtp -id default set -addr 10.64.74.16 -port 25 -encryptLevel ssl -authType plain -user test -passwd test
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
Operation completed successfully.
Manage NDMP server settings
The Network Data Management Protocol (NDMP) provides a standard for backing up file servers on a network. NDMP allows centralized applications to back up file servers that run on various platforms and platform versions. NDMP reduces network congestion by isolating control path traffic from data path traffic, which permits centrally managed and monitored local backup operations.
Enable NDMP to use NDMP products for backing up and restoring data on file system storage.
The following table lists the attributes for NDMP servers.
Attribute
|
Description
|
---|---|
NAS server
|
ID of the associated NAS server.
|
Enabled
|
Indication of whether NDP is enabled. Value is yes or no.
|
Username
|
User name for accessing the NDMP server.
|
Password
|
Password for accessing the NDMP server.
|
View NDMP server settings
View whether NDMP is enabled or disabled.
Format
/net/nas/ndmp [-server <value>] showObject qualifier
Qualifier
|
Description
|
---|---|
-server
|
Type the ID of the associated NAS server.
|
Example
The following command displays the NDMP settings, which show that NDMP is enabled:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/ndmp show
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
1: NAS server = nas_0
Enabled = yes
2: NAS server = nas_1
Enabled = no
Configure NDMP server settings
Configure NDMP server settings, which includes enabling or disabling NDMP and changing the password for accessing the NDMP server.
Format
/net/nas/ndmp -server <value> set -enabled {yes {-passwd <value> | -passwdSecure} | no}Object qualifier
Qualifier
|
Description
|
---|---|
-server
|
Type the ID of the associated NAS server.
|
Action qualifier
Qualifier
|
Description
|
---|---|
-enabled
|
Enable NDMP. Value is yes or no. For yes, type the NDMP server password.
|
-passwd
|
Type the password for the NDMP server. You must specify the password when enabling NDMP.
|
-passwdSecure
|
Specify the password in secure mode - the user will be prompted to input the password and the password confirmation.
|
Example
The following command enables NDMP:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/ndmp -server nas_0 set –enabled yes –passwd “Password0123”
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
Operation completed successfully.
Manage LDAP settings
The Lightweight Directory Access Protocol (LDAP) is an application protocol for querying and modifying directory services running on TCP/IP networks. LDAP provides central management for network authentication and authorization operations by helping to centralize user and group management across the network. Integrating the system into an existing LDAP environment provides a way to control user and user group access to the system through Unisphere CLI or Unisphere.
After you configure LDAP settings for the system, you can manage users and user groups, within the context of an established LDAP directory structure. For instance, you can assign access permissions to Unisphere CLI that are based on existing users and groups.
|
NOTE:
The system uses the LDAP settings only for facilitating control of access to Unisphere CLI and Unisphere, not for access to storage resources.
|
The following table lists the attributes for LDAP settings.
|
NOTE:
If you intend to use LDAP with SSL, you must upload the CA certificate of the LDAP server to the system by using the
-upload command before configuring the LDAP settings. For example:
|
Attribute
|
Description
|
||
---|---|---|---|
ID
|
ID of the LDAP server.
|
||
Auto discovery enabled
|
Indicates whether the LDAP server names are obtained using DNS. To use this feature, the DNS server for the LDAP domain must be configured as the first server in the list of DNS servers.
|
||
Name
|
Server hostnames or IP addresses of the LDAP servers, specified as a comma-separated list. If IP addresses are specified, the DNS Server for the LDAP domain must be configured with a reverse lookup so that it provides the FQDN for the specified IP addresses.
|
||
Domain name
|
Domain name for the LDAP server.
|
||
Port
|
Port number used by the directory server for LDAP communications. By default, LDAP uses port 389, and LDAP over SSL (LDAPS) uses port 636.
For forest-level authentication, specify port 3268 for LDAP or port 3269 for LDAPS. |
||
Protocol
|
Indication of whether the LDAP protocol uses SSL for secure network communication. SSL provides encryption and authentication capabilities. SSL encrypts data over the network and provides message and server authentication. Value is one of the following:
|
||
Bind DN
|
Distinguished name (DN) for a user with administrator privileges on the LDAP Server. The DN can be expressed in several formats. For example:
cn=Administrator,cn=Users,dc=mycompany,dc=com Administrator@mycompany.com mycompany.com/Administrator |
||
Bind password
|
Password to be used for binding to the LDAP server. This is the password for the user specified in the
Bind DN attribute.
|
||
User search path
|
Path to search for users on the directory server. For example:
ou=People,dc=lss,dc=emc,dc=com.
|
||
Group search path
|
Path to search for groups on the directory server. For example:
uid=<name>,ou=people,dc=<domaincomponent>,or dc=<domain component>.
|
||
User ID attribute
|
Name of the LDAP attribute whose value indicates the user ID. Default value is uid. For forest-level authenticaion, specify
userPrincipalName.
|
||
Group name attribute
|
Name of the LDAP attribute whose value indicates the group name. Default value is cn.
|
||
User object class
|
LDAP object class for users. Default is user. In Active Directory, groups and users are stored in the same hierarchical directory path and the class is called group.
|
||
Group object class
|
LDAP object class for groups. Default value is group. In Active Directory, groups and users are stored in the same directory path and the class is called group.
|
||
Group member class
|
Name of the LDAP attribute whose value contains names of group members within a group. Default value is member.
|
||
Certificate filepath
|
Path to (filename of) the trusted certificate file used for one-way LDAP server authentication. The chain cannot contain the server certificate.
|
||
LDAP timeout
|
Timeout for the LDAP server in milliseconds. If the system does not receive a reply from the LDAP server after the specified timeout, it stops sending requests. Default value is 10,000 milliseconds, or 10 seconds.
|
Configure LDAP settings
Configure LDAP settings to control user access to Unisphere CLI and Unisphere from an LDAP server.
|
NOTE:
If you intend to use LDAP with SSL, you must upload the CA certificate of the LDAP server to the system by using the
-upload command before configuring the LDAP settings. For example:
|
Format
/net/ldap create [{-name <value> | -autoDiscoveryEnabled}] –domain <value> [-port <value>] [-protocol {ldap|ldaps -certFilePath <value>}] -bindDn <value> {-bindPasswd <value> | -bindPasswdSecure} [-userSearchPath <value>] [-groupSearchPath <value>] [-userIdAttr <value>] [-groupNameAttr <value>] [-userObjectClass <value>] [-groupObjectClass <value>] [-groupMemberAttr <value>] [-timeout <value>]Action qualifier
Qualifier
|
Description
|
||
---|---|---|---|
-name
|
Type the LDAP IP addresses or hostnames as a comma-separated string. If IP addresses are specified, the DNS server for the LDAP domain must be configured with a reverse lookup so that it provides the FQDN for a specified IP address.
|
||
-autoDiscoveryEnabled
|
Specify to direct the system to obtain the LDAP server addresses using DNS. To use this feature, the DNS server for the LDAP domain must be configured as the first server in the list of DNS servers.
|
||
-domain
|
Type the domain name for the LDAP server.
|
||
-protocol
|
Specify whether the LDAP protocol uses SSL for secure network communication. SSL provides encryption and authentication capabilities. SSL encrypts data over the network and provides message and server authentication. Valid values are:
|
||
-certFilePath
|
Path to (filename of) the trusted certificate file used for one way server authentication.
|
||
-port
|
Type the port number used by the directory server for LDAP communications. By default, LDAP uses port 389, and LDAP over an SSL uses port 636. For forest-level authentication, specify port 3268 for LDAP or port 3269 for LDAPS.
|
||
-bindDn
|
Type the distinguished name (DN) for a user with administrator privileges on the LDAP Server. The DN can be expressed in several formats. For example:
cn=Administrator,cn=Users,dc=mycompany,dc=com Administrator@mycompany.com mycompany.com/Administrator |
||
-bindPasswd
|
Type the password to be used for binding to the LDAP server. This is the password for the user specified in the
Bind DN attribute.
|
||
-bindPasswdSecure
|
Specify the password in secure mode - the user will be prompted to input the password.
|
||
-userSearchPath
|
Type the path to search for users on the directory server. For example:
ou=People,dc=lss,dc=emc,dc=com
|
||
-groupSearchPath
|
Type the path to search for groups on the directory server. For example:
ai.uid=<name>,ou=people,dc=<domaincomponent>,or dc=<domain component>.
|
||
-userIdAttr
|
Type the name of the LDAP attribute whose value indicates the user ID. Default value is
uid.
|
||
-groupNameAttr
|
Type the LDAP object class for users. Default value is user. In Active Directory, groups and users are stored in the same hierarchical directory path and the class is called group.
|
||
-groupObjectClass
|
Type the LDAP object class for groups. Default value is group. In Active Directory, groups and users are stored in the same directory path and the class is called group.
|
||
-groupMemberAttr
|
Type the name of the LDAP attribute whose value contains names of group members within a group. Default value is
member.
|
||
-timeout
|
Type the timeout for the LDAP server in milliseconds. If the system does not receive a reply from the LDAP server after the specified timeout, it stops sending requests. Default is 10,000 milliseconds, or 10 seconds.
|
Example 1: Creating an LDAP configuration with a specific LDAP server address specified
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/ldap create -name lpso242.lss.emc.com -domain domain.example.com -port 389 -protocol ldap -bindDn "cn=Directory Manager" -bindPasswd Password0123 -userSearchPath "ou=People,dc=lss,dc=emc,dc=com" -groupSearchPath "ou=Groups,dc=lss,dc=emc,dc=com" -userIdAttr "uid" ‑groupNameAttr "cn" -userObjectClass "interOrgPerson" -groupObjectClass "groupOfUniqueNames" -groupMemberAttr "uniqueMember" -timeout 40000
Storage system address: 10.64.75.201
Storage system port: 443
HTTPS connection
ID = LDAP_1
Operation completed successfully.
Example 2: Creating an LDAP configuration with multiple LDAP server address specified
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/ldap create -name lpso242.lss.emc.com,lpso243.lss.emc.com -domain domain.example.com -port 389 -protocol ldap -bindDn "cn=Directory Manager" -bindPasswd Password0123 -userSearchPath "ou=People,dc=lss,dc=emc,dc=com" -groupSearchPath "ou=Groups,dc=lss,dc=emc,dc=com" -userIdAttr "uid" -groupNameAttr "cn" -userObjectClass "interOrgPerson" -groupObjectClass "groupOfUniqueNames" -groupMemberAttr "uniqueMember" -timeout 40000
Storage system address: 10.64.75.201
Storage system port: 443
HTTPS connection
ID = LDAP_1
Operation completed successfully
Example 3: Creating an LDAP configuration using auto discovery through DNS to configure the server addresses
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/ldap create -autoDiscoveryEnabled -domain domain.example.com -port 389 -protocol ldap -bindDn "cn=Administartor,ou=Users,dc=domain,dc=example,dc=com" -bindPasswd Password0123 -userSearchPath "ou=Users,dc=domain,dc=example,dc=com" -groupSearchPath "ou=Groups,dc=domain,dc=example,dc=com" -userIdAttr "uid" -groupNameAttr "cn" -userObjectClass "interOrgPerson" -groupObjectClass "groupOfUniqueNames" -groupMemberAttr "uniqueMember" -timeout 40000
Storage system address: 10.64.75.201
Storage system port: 443
HTTPS connection
ID = LDAP_1
Operation completed successfully
View LDAP settings
View details for configured LDAP settings.
|
Format
/net/ldap [-id <value>] showObject qualifier
Qualifier
|
Description
|
---|---|
-id
|
Type the ID of the LDAP setting.
|
Example
The following command displays the LDAP settings:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/ldap show
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
1: ID = LDAP_1
Server name = lpso242.lss.emc.com
Domain = local
Protocol = ldap
Port = 389
Change LDAP settings
Update a configured LDAP setting.
|
NOTE:
If you intend to use LDAP with SSL, you must upload the CA certificate of the LDAP server to the system by using the
-upload command before configuring the LDAP settings. For example:
|
Format
/net/ldap –id <value> set [{-name <value> | -autoDiscoveryEnabled}] [-port <value>] [-protocol {ldap | ldaps {-certFilePath <value>}}] [-bindDn <value>] [-bindPasswd <value> | -bindPasswdSecure] [-userSearchPath <value>] [-groupSearchPath <value>] [-userIdAttr <value>] [-groupNameAttr <value>] [-userObjectClass <value>] [-groupObjectClass <value>] [-groupMemberAttr <value>] [-timeout <value>]Object qualifier
Qualifier
|
Description
|
---|---|
-id
|
Type the ID of the LDAP setting to change.
|
Action qualifier
Qualifier
|
Description
|
||
---|---|---|---|
-name
|
Type the IP addresses or hostnames of the primary directory servers to use for authentication. The values you type depends on the format of the subject field entry in each directory server's certificate. Typically, this requires a hostname. Type the LDAP IP addresses or hostnames as a comma-separated string. If IP addresses are specified, the DNS Server for the LDAP domain must be configured with a reverse lookup so that it provides the FQDN for the specified IP addresses.
|
||
-autoDiscoveryEnabled
|
Specify to direct the system to obtain the LDAP server addresses or hostnames using DNS. DNS must be configured for this option to take effect.
|
||
-domain
|
Type the domain name for the LDAP server.
|
||
-port
|
Type the port number used by the directory server for LDAP communications. By default, LDAP uses port 389, and LDAP over an SSL uses port 636. For forest-level authentication, specify port 3268 for LDAP or port 3269 for LDAPS.
|
||
-protocol
|
Type whether the LDAP protocol uses SSL for secure network communication. SSL provides encryption and authentication capabilities. SSL encrypts data over the network and provides message and server authentication. Value is one of the following:
|
||
-certFilePath
|
Path to (filename of) the trusted certificate file used for one way server authentication.
|
||
-bindDn
|
Type the distinguished name (DN) for a user with administrator privileges on the LDAP Server. The DN can be expressed in several formats. For example:
cn=Administrator,cn=Users,dc=mycompany,dc=com Administrator@mycompany.com mycompany.com/Administrator |
||
-bindPasswd
|