Please enter search query.
Search <book_title>...
Veritas Access Appliance Administrator's Guide
Last Published:
2022-12-07
Product(s):
Appliances (7.4.3)
Platform: Veritas 3340,Access Appliance OS
- Section I. Introducing Access Appliance
- Section II. Configuring Access Appliance
- Managing users
- Configuring the network
- About configuring the Access Appliance network
- About bonding Ethernet interfaces
- Bonding Ethernet interfaces
- Configuring DNS settings
- About Ethernet interfaces
- Displaying current Ethernet interfaces and states
- Configuring IP addresses
- Configuring VLAN interfaces
- Configuring NIC devices
- About configuring routing tables
- Configuring routing tables
- Changing the firewall settings
- Configuring Access Appliance in IPv4 and IPv6 mixed mode
- Support for multiple data subnets
- Configuring authentication services
- About configuring LDAP settings
- Configuring LDAP server settings
- Administering the Access Appliance cluster's LDAP client
- About Active Directory (AD)
- Configuring AD server settings
- Configuring entries for Access Appliance DNS for authenticating to Active Directory (AD)
- Configuring AD/LDAP using the GUI
- Configuring the NIS-related settings
- Configuring NSS lookup order
- Section III. Managing Access Appliance storage
- Configuring storage
- About storage provisioning and management
- About configuring disks
- About configuring storage pools
- Configuring storage pools
- About quotas for usage
- Enabling, disabling, and displaying the status of file system quotas
- Setting and displaying file system quotas
- Setting user quotas for users of specified groups
- About quotas for CIFS home directories
- Workflow for configuring and managing storage using the Access Appliance CLI
- Displaying information for all disk devices associated with the nodes in a cluster
- Displaying WWN information
- Importing new LUNs forcefully for new or existing pools
- Initiating host discovery of LUNs
- Formatting or reinitializing a disk
- Removing a disk
- Managing disks
- Configuring ISCSI
- Access Appliance as an iSCSI target
- About Access Appliance as an iSCSI target
- Managing the iSCSI target service
- Managing the iSCSI targets
- Managing the LUNs
- Managing the mappings with iSCSI initiators
- Managing the users
- Creating an iSCSI target and provisioning LUNs
- Adding an initiator for an iSCSI target
- Removing an initiator for an iSCSI target
- Adding portal IPs for an iSCSI target
- Setting up authentication for an iSCSI target
- Viewing the list of initiators for an iSCSI target
- Viewing the portal IPs for an iSCSI target
- Removing portal IPs for an iSCSI target
- Removing authentication settings for an iSCSI target
- Removing an iSCSI target
- Removing the file system store for an iSCSI target
- Viewing the list of LUNs for an iSCSI target
- Creating a LUN for an iSCSI target
- Increasing the size of a LUN for an iSCSI target
- Reducing the size of a LUN for an iSCSI target
- Removing a LUN for an iSCSI target
- Cloning a LUN for an iSCSI target
- Creating a snapshot of a LUN for an iSCSI target
- Viewing the list of snapshots for an iSCSI target
- Removing a LUN snapshot
- Restoring a LUN snapshot
- Configuring storage
- Section IV. Managing Access Appliance file access services
- Configuring the NFS server
- About using the NFS server with Access Appliance
- Using the kernel-based NFS server
- Accessing the NFS server
- Displaying and resetting NFS statistics
- Configuring Access Appliance for ID mapping for NFS version 4
- Configuring the NFS client for ID mapping for NFS version 4
- About authenticating NFS clients
- Setting up Kerberos authentication for NFS clients
- Using Access Appliance as a CIFS server
- About configuring Access Appliance for CIFS
- About configuring CIFS for standalone mode
- Configuring CIFS server status for standalone mode
- Changing security settings
- About configuring CIFS for Active Directory (AD) domain mode
- Setting NTLM
- About setting trusted domains
- Specifying trusted domains that are allowed access to the CIFS server
- Allowing trusted domains access to CIFS when setting an IDMAP backend to rid
- Allowing trusted domains access to CIFS when setting an IDMAP backend to ldap
- Allowing trusted domains access to CIFS when setting an IDMAP backend to hash
- Allowing trusted domains access to CIFS when setting an IDMAP backend to ad
- About configuring Windows Active Directory as an IDMAP backend for CIFS
- Configuring the Active Directory schema with CIFS-schema extensions
- Configuring the LDAP client for authentication using the CLI
- Setting Active Directory trusted domains
- About storing account information
- Storing user and group accounts
- Reconfiguring the CIFS service
- About mapping user names for CIFS/NFS sharing
- About the mapuser commands
- Adding, removing, or displaying the mapping between CIFS and NFS users
- Automatically mapping UNIX users from LDAP to Windows users
- About managing home directories
- About CIFS clustering modes
- About migrating CIFS shares and home directories
- Setting the CIFS aio_fork option
- About managing local users and groups
- Enabling CIFS data migration
- Configuring an FTP server
- About FTP
- Creating the FTP home directory
- Using the FTP server commands
- About FTP server options
- Customizing the FTP server options
- Administering the FTP sessions
- Uploading the FTP logs
- Administering the FTP local user accounts
- About the settings for the FTP local user accounts
- Configuring settings for the FTP local user accounts
- Using Access Appliance as an Object Store server
- Configuring the NFS server
- Section V. Managing Access Appliance security
- Section VI. Monitoring and troubleshooting
- Configuring event notifications and audit logs
- About troubleshooting
- Monitoring command activity
- Monitoring alerts
- About alert management
- Monitoring events
- Viewing reports
- Viewing cluster storage usage
- Viewing file system usage
- About event notifications
- About severity levels and filters
- About SNMP notifications
- Configuring an email group
- Configuring a syslog server
- Exporting events in syslog format to a given URL
- Displaying events on the console
- Configuring events for event reporting
- Configuring an SNMP management server
- Appliance log files
- Configuring event notifications and audit logs
- Section VII. Provisioning and managing Access Appliance file systems
- Creating and maintaining file systems
- About creating and maintaining file systems
- About encryption at rest
- Considerations for creating a file system
- Best practices for creating file systems
- Choosing a file system layout type
- Determining the initial extent size for a file system
- About striping file systems
- About creating a tuned file system for a specific workload
- About FastResync
- About fsck operation
- Setting retention in files
- Setting WORM over NFS
- Manually setting WORM-retention on a file over CIFS
- About managing application I/O workloads using maximum IOPS settings
- Creating a file system
- Bringing the file system online or offline
- Listing all file systems and associated information
- Modifying a file system
- Managing a file system
- Destroying a file system
- Upgrading disk layout versions
- Creating and maintaining file systems
- Section VIII. Provisioning and managing Access Appliance shares
- Creating shares for applications
- Creating and maintaining NFS shares
- About NFS file sharing
- About the NFS shares
- Displaying file systems and snapshots that can be exported
- Exporting an NFS share
- Displaying exported directories
- About managing NFS shares using netgroups
- Unexporting a directory or deleting NFS options
- Exporting an NFS share for Kerberos authentication
- Mounting an NFS share with Kerberos security from the NFS client
- Exporting an NFS snapshot
- Creating and maintaining CIFS shares
- About managing CIFS shares
- About the CIFS shares
- Exporting a directory as a CIFS share
- Configuring a CIFS share as secondary storage for an Enterprise Vault store
- Exporting the same file system/directory as a different CIFS share
- About the CIFS export options
- Setting share properties
- Displaying CIFS share properties
- Hiding system files when adding a CIFS normal share
- Allowing specified users and groups access to the CIFS share
- Denying specified users and groups access to the CIFS share
- Exporting a CIFS snapshot
- Deleting a CIFS share
- Modifying a CIFS share
- Making a CIFS share shadow copy aware
- About managing CIFS shares for Enterprise Vault
- Using Access Appliance with OpenStack
- Integrating Access Appliance with Data Insight
- Section IX. Managing Access Appliance storage services
- Compressing files
- About compressing files
- Best practices for using compression
- Use cases for compressing files
- Compression tasks
- Compressing files
- Showing the scheduled compression job
- Scheduling compression jobs
- Listing compressed files
- Uncompressing files
- Modifying the scheduled compression
- Removing the specified schedule
- Stopping the schedule for a file system
- Removing the pattern-related rule for a file system
- Removing the modified age related rule for a file system
- Configuring episodic replication
- About Access Appliance episodic replication
- How Access Appliance Replication works
- Starting Access Appliance episodic replication
- Setting up communication between the source and the destination clusters
- Setting up the file systems to replicate
- Setting up files to exclude from an episodic replication unit
- Scheduling the episodic replication
- Defining what to replicate
- About the maximum number of parallel episodic replication jobs
- Managing an episodic replication job
- Replicating compressed data
- Displaying episodic replication job information and status
- Synchronizing an episodic replication job
- Behavior of the file systems on the episodic replication destination target
- Accessing file systems configured as episodic replication destinations
- Episodic replication job failover and failback
- Configuring continuous replication
- About Access Appliance continuous replication
- How Access Appliance continuous replication works
- Starting Access Appliance continuous replication
- Setting up communication between the source and the target clusters
- Setting up the file system to replicate
- Managing continuous replication
- Displaying continuous replication information and status
- Unconfiguring continuous replication
- Continuous replication failover and failback
- Addition of multiple file systems to a Replicated Volume Group
- Using snapshots
- Using instant rollbacks
- About instant rollbacks
- Creating a space-optimized rollback
- Creating a full-sized rollback
- Listing Access Appliance instant rollbacks
- Restoring a file system from an instant rollback
- Refreshing an instant rollback from a file system
- Bringing an instant rollback online
- Taking an instant rollback offline
- Destroying an instant rollback
- Creating a shared cache object for Access Appliance instant rollbacks
- Listing cache objects
- Destroying a cache object of a Access Appliance instant rollback
- Compressing files
- Section X. Reference
- Index
Performing user management using CLISH
The following administrator role is included with Access Appliance:
Master
You can add additional users with these roles. To add the different administrator roles, you must have master privilege.
Note:
When adding a new user, you must assign a password.
To add a user with specific privileges
- Enter the following to add a user with specific privileges:
Admin> user add username role
where role is the role that you want to assign to the user.
Note:
The AD username cannot contain space.
To delete a user
- Enter the following to delete a specified user from the current system.
Admin> user delete username
To change a user's password
- Enter the following command to change the password for the current user:
Admin> passwd
You are prompted to enter the old password first. If the password matches, then you are prompted to enter the new password for the current user.
- Enter the following command to change the password for a user other than the current user:
Admin> passwd [username]
You are prompted to enter the old password first. If the password matches, then you are prompted to enter the new password for the user.
Note:
A user that does not have master role (Appliance Administrator role) cannot change the password via command-line interface (by connecting to a node using SSH and accessing the command-line interface). The user must log in to the Access Appliance GUI and change the password.
- To change the default password of the sysadmin user (IPMI user account), enter the following command:
Admin> ipmi passwd username old_password new_password
where username is sysadmin
To display a list of current users
- Enter the following to display the current user:
Admin> show [username]
- Enter the following to display a list of all the current users:
Admin> show
Enter the following to display the details of the administrator with the user name master:
Admin> show master
To add master role to a local or domain user
- Enter the following to add a user role to Access Appliance:
Admin> user modify role add username role domain
where domain can be local, ad or ldap.
Domain is an optional argument with the default value as local.
For local user, only the username is required.
You can assign only a master role to LDAP and AD users.
For AD, enter
domain\\username.For LDAP, enter
username.
To delete a master role from a local or domain user
- Enter the following to delete the master role from a user account:
Admin> user modify role delete username role domain
To add a role to a domain group
- Enter the following to add a role to a specific domain group:
Admin> group modify role add groupname role domain
where domain can be ad or ldap.
Note:
The AD group name cannot contain a space.
For AD, enter
domain\\groupname.For LDAP, enter
groupname.
To remove a role from a domain group
- Enter the following to delete the specified role from a specific domain group:
Admin> group modify role delete groupname role domain
where domain can be ad or ldap.
Note:
If the domain user is AD or LDAP, then you must configure NSS for that user using the Network nsswitch conf command. For an LDAP user, the NSS lookup should be set to ldap and for an AD user, the NSS lookup should be set to winbind. For more information, See Configuring NSS lookup order.