manualshive.com logo in svg

F5 ARX-VE, Planning Manual


Share
Download
background image

Manually Preparing the Back-End File Servers

ARX Site Planning Guide

1 - 21

As root, edit the /etc/exports file to accomplish all of these goals. To allow 
mounts below the root of the share, you must use the 

-alldirs

 flag. For 

security reasons, BSD only allows this flag for shares that map to block 
devices. On the BSD machine, use the 

df

 command for a list of block 

devices. 

Consider the following example:

BSD2

[/root]#

 

df

Filesystem

  

1K

blocks

     

Used

    

Avail

 

Capacity

  

Mounted

 

on

/dev/da0s1a

    

495726

    

73274

   

382794

    

16%

    

/

devfs

               

1

        

1

        

0

   

100%

    

/dev

/dev/da0s1e

   

4058062

    

10390

  

3723028

     

0%

    

/users

/dev/da0s1f

  

29356354

 

10575988

 

16431858

    

39%

    

/usr

/dev/da0s1d

    

297326

    

11040

   

262500

     

4%

    

/var

BSD2

[/root]#

On the above machine, you can export /, /dev, /users, /usr, and/or /var. 
Consider the following example of a /etc/exports file that exports /usr to the 
ARX:

#

 

Note

 

that

 

in

 

order

 

to

 

allow

 

the

 

Acopia

 

Switch

 

to

 

do

#

 

“submounting”,

 

you

 

must

 

set

 

the

 

export

 

with

 

a

 ‐

alldirs

#

 

flag.

 

This

 

means

 

you

 

must

 

also

 

set

 

the

 

export

 

dir

 

to

 

be

 

a

#

 

top

 

level

 

filesystem

 

found

 

on

 

a

 

/dev/<slice>.

/usr

 ‐

alldirs

 ‐

maproot=0

 ‐

network

 

192.168.25.0

 ‐

mask

 

255.255.255.0

This limits access to IPs only in the 192.168.25.0/24 subnet, the server 
subnet for the ARX. Only the ARX should be able to access this export, 
except for backups or other read-only activities.

To use the edited exports file, force the mountd process to re-read the file. 
As root, find the PID for mountd and then send a kill -HUP to the PID. 

For example:

BSD2

[/root]#

 

ps

 

ax

 

|

 

grep

 

mountd

  

347

  

??

  

Is

     

0:03.21

 

/usr/sbin/mountd

 ‐

r

24817

  

p5

  

S+

     

0:00.00

 

grep

 

mountd

BSD2

[/root]#

 

kill

 ‐

HUP

 

347

BSD2

[/root]#

 

CIFS Servers and Client Authentication

Whereas NFS uses a client’s IP address for access control, CIFS uses the 
client’s user account. Each CIFS share, directory, and file has an associated 
Access Control List (ACL), a list of user accounts and the access privileges 
of each. The ARX passes a CIFS client’s credentials through to each 
back-end server, and the server applies its ACLs to the client’s identity. The 
server has the authority to deny any of the client’s actions based on its ACL 
configuration, just as though the client was accessing the server directly. No 
special preparation is required for CIFS client authentication.

Autonomous ARX operations, such as migrating files between back-end 
CIFS shares, require a Windows user identity so that the ARX can similarly 
access servers. This identity, called a 

proxy user

, is a valid user account in 

Summary of Contents for ARX-VE

Page 1: ...ARX Site Planning Guide 810 0036 00...

Page 2: ......

Page 3: ...Management Operating System Traffix Diameter Load Balancer Traffix Systems Traffix Systems DESIGN Transparent Data Reduction UNITY VAULT VIPRION vCMP virtual Clustered Multiprocessing WA WAN Optimiza...

Page 4: ...1995 1996 The President and Fellows of Harvard University All rights reserved Copyright c 1998 2004 The OpenSSL Project All rights reserved Unless otherwise noted the companies organizations products...

Page 5: ...Rev W add updates for Release 6 00 000 September 2011 Rev X add updates for Release 6 01 000 October 2011 Rev Y refer to licensed limits July 2012 Rev Z add updates for Release 6 02 000 October 2012 R...

Page 6: ...vi...

Page 7: ...1 Site Planning This manual describes network and environmental considerations for installing an Adaptive Resource Switch ARX Use this document to prepare for adding an ARX to your network...

Page 8: ......

Page 9: ...ervers are said to be at the back end As you plan to add a switch to your network it is helpful to remember the sharp division between the switch s front end and back end processing The following figu...

Page 10: ...s and servers Multiple subnet The ARX terminates one or more client subnets and a separate server subnet The following subsections describe each of these topologies One Armed Proxy Topology In a one a...

Page 11: ...RX The ARX has a single physical connection to the client server subnet On the switch you configure the same subnet and VLAN for both front end clients and back end servers You can also add static rou...

Page 12: ...vers into multiple IP subnets You can define multiple subnets static routes and default routes on the ARX to reach any number of subnets at the front end or back end Multiple Subnet Before Installing...

Page 13: ...X has a separate connection to the client subnet and the server subnet in a multiple subnet topology The switch serves as a proxy for CIFS and or NFS transactions between the clients and servers As a...

Page 14: ...t side IP addresses are called virtual IPs or VIPs The ARX also requires one or more management IP addresses to load new software images The switch has one out of band management interface and you can...

Page 15: ...against remote NFS clients This is designed as an authentication mechanism To prevent such file servers from denying access to the proxy IP addresses add the proxy IP addresses to your DNS configurati...

Page 16: ...rces the quorum disk The ARX also has an interface for out of band management typically labeled MGMT on its front panel This interface is designed for installations with discrete management networks I...

Page 17: ...client services If you plan to operate in a secure environment these ports must be opened on fire walls in order for the ARX to function properly All client server data is on the inband network The i...

Page 18: ...Enabled by default 23 TELNET TCP Disabled by default 443 HTTPS TCP GUI enabled by default 80 HTTP TCP GUI disabled by default 514 SYSLOG UDP If External Syslog is used 25 SMTP TCP For Email Home 139...

Page 19: ...Default port is configurable 464 lc passwd UDP and TCP 137 138 WINS UDP Name service 88 Kerberos TCP UDP 137 138 NetBIOS TCP UDP 445 Microsoft Directory Services TCP NFS Authentication NIS NIS UDP TC...

Page 20: ...mend using two or more NTP servers for the servers clients and the ARX devices Automatically Discovering Your File Servers Prior to installing an ARX best practices recommend using F5 Data Manager a w...

Page 21: ...es to manually discover any issues for a site without Data Manager Avoiding Name Collisions To prepare multiple file server shares for inclusion in the same namespace volume you should avoid name coll...

Page 22: ...nA 2 3 192 168 25 34 24 25 00 0a 49 17 7c 83 bstnA bstnA 2 4 192 168 25 141 24 25 00 0a 49 17 7c 84 bstnA bstnA 2 5 192 168 25 142 24 25 00 0a 49 17 7c 85 bstnA bstnA 2 6 192 168 25 143 24 25 00 0a 49...

Page 23: ...Export wizard is invoked See the following figure In the wizard select the options to configure for the export Figure 1 8 NFS Export wizard Use this wizard to add your proxy IP addresses to the follow...

Page 24: ...following figure Figure 1 9 NFS Export wizard Commit screen EMC Celerra Server On the EMC Celerra server select NFS Exports See the left hand navigation column in the following figure Click New or cli...

Page 25: ...ain Exports All Data Domain exports are in the backup directory You can use the Data Domain CLI to export one of those directories through NFS Use the nfs add command to create an NFS export specifyin...

Page 26: ...squash lhome budget 192 168 25 144 rw no_root_squash lhome budget 192 168 25 145 rw no_root_squash lhome budget 192 168 25 146 rw no_root_squash lhome budget 192 168 25 147 rw no_root_squash lhome bud...

Page 27: ...ly in the 192 168 25 0 24 subnet the server subnet for the ARX Only the ARX should be able to access this export except for backups or other read only activities To use the edited exports file force t...

Page 28: ...estination share this means that each namespace can use up to 32 concurrent server connections If your installation supports Per Seat licensing this is not an issue For Per Server licensing you must c...

Page 29: ...the EMC Data Domain system allows access to a small number of CIFS clients with read only access However an ARX volume facilitates read write access to the Data Domain share by any of its CIFS client...

Page 30: ...mba for multi protocol namespaces without persistent ACLs Without POSIX ACL and extended attribute support the ARX namespace cannot support persistent ACLs If you intend to deploy Samba work with your...

Page 31: ...es on back end filers among other things The managed volume uses the metadata to manage these file locations through namespace policy A direct volume does not have any metadata and therefore does not...

Page 32: ...File IDs The ARX Inter Operability Matrix lists all of a direct volume s supported NFS filers and clients This matrix is available from the ARX GUI along with this document click the Documentation lin...

Page 33: ...r that has adequate performance and redundancy characteristics as well as adequate space For details on estimating the size required see Sizing the Metadata Share on page 1 28 The namespace software f...

Page 34: ...oosing metadata storage candidates for a namespace Use the information in these sections as guidelines before configuring any namespaces with managed volumes Sizing the Metadata Share A metadata share...

Page 35: ...olume with millions of files can require multiple gigabytes of metadata However a file system has a limit on the size of each file Thus you must verify that the file system for the metadata share can...

Page 36: ...olume that also supports CIFS This is because an NFS only volume does not have the CIFS credentials required to access a CIFS metadata only share Avoid vol vol0 on NetApp By default a NetApp file serv...

Page 37: ...icy is called new file placement policy in a share farm and it is described in the ARX CLI Storage Management Guide Best Practices for Share Management Once an external share is imported into a manage...

Page 38: ...on to non native access to the filer Non native access means accessing a UNIX file through CIFS or an NTFS Windows file through NFS Of particular interest are the following questions How will the clie...

Page 39: ...show different timestamps to Unix clients than to CIFS clients The timestamps differ by one hour This is an indication that the timestamp was set before daylight savings time started or ended it is a...

Page 40: ...the above user to root on the UNIX side as described below From the EMC CLI use the following command to get a copy of the UNIX passwd file server_file data mover get passwd passwd new where data mov...

Page 41: ...for Use in an Active Directory Domain This section applies to Windows installations that support Active Directory AD domains These installations use Kerberos authentication and require some special c...

Page 42: ...steps add the F5 server to the AD domain and raise the Trusted for Delegation flag for the server Each of these steps requires a distinct administrative privilege Add workstations to domain where the...

Page 43: ...ts The ARX supports a maximum of 64 services each with a distinct FQDN and virtual IP VIP address This maximum is for the sum of all CIFS and NFS services The smaller ARX 500 platform offers up to 16...

Page 44: ...le FRU compact design It offers the same software features as the other ARX platforms differing only in performance and scale Ports 8 x 1GbE copper 1 mgmt data and 7 data Throughput 500MB s Files 768M...

Page 45: ...control switch fabric throughput and external interfaces into a compact design consisting of two FRUs The switch includes a removable front bezel which when attached covers all components except the...

Page 46: ...500 System Specifications Component Specification Dimensions Height 1 703 in Width 16 930 in Depth 26 457 in Weight 31 lb 14 061 kg Power Load 8 55 amps 110Vac 4 3 amps 220Vac Environmental Requireme...

Page 47: ...t bezel Height 3 5 in Width 19 00 in including mounting ear assemblies Depth 24 in Chassis Weight 40 lb 18 14 kg Power Consumption Typical power consumption 2 5A 110VAC 280W 0 98 PF Maximum power cons...

Page 48: ...wer Load 2 5A 110V 1 3A 220V AC DC Power Supply Input 100Vac 4 Amps 240Vac 2Amps 47 63Hz 100 240VAC 47 63Hz 4 2A Environmental Requirements Altitude 60m 197ft min to 1800m 6000 ft max Humidity Operati...

Page 49: ...power modules and one power system frame Two power modules are recommended for full redundancy and load sharing The power supplies require a 10A 220VAC input cord which is provided with the chassis T...

Page 50: ...able Requirements This section contains the cable requirements for all the ARX models Choose from the following ARX 500 Cable Requirements on page 1 44 ARX 1500 Cable Requirement on page 1 45 ARX 2000...

Page 51: ...auto auto negotiate through the CLI When the port speed duplex is forced auto negotiate is disabled automatic MDI MDIX cross over is disabled and you must cable the port using standard cross over or s...

Page 52: ...Ethernet cable RJ 45 connectors Gigabit Ethernet ports copper a 100 1000BASE T Category 5 6 unshielded twisted pair UTP cable 24 AWG a Gigabit Ethernet ports support automatic MDI MDIX cross over This...

Page 53: ...it is a cross over or straight through type However for this feature to work the port speed must be set to auto auto negotiate through the CLI When the port speed duplex is forced auto negotiate is d...

Page 54: ...mode fiber MMF with duplex SC style connectors Distances up to 300m on 50 125um MMF or 33m on 62 5 125um MMF a Gigabit Ethernet ports support automatic MDI MDIX cross over This feature automatically...

Page 55: ...fficient for connecting to a Terminal Server For a direct connection to the serial port on a management station such as a laptop an RJ 45 to DB9 adapter is also included in the kit Figure 1 13 RJ 45 M...

Page 56: ...n the system Here is the table that describes the console port pinout The following table shows the pinout assignments for the ARX 1500 and the ARX 2500 Table 1 15 SCM ACM console port signaling cabli...

Page 57: ...ARX 500 Connectors The ARX 500 has four rear panel ports for cabling as shown in Figure 1 15 Figure 1 15 ARX 500 rear panel ports The following table describes the cable connectors used on the ARX 500...

Page 58: ...X 2000 Table 1 18 ARX 1500 Cable Connectors Interface Connector Purpose Console labeled CONSOLE on back of switch RJ 45 Serial port for CLI access Management labeled MGMT on back of switch RJ 45 Ether...

Page 59: ...labeled MGMT on back of switch RJ 45 Ethernet port for CLI or GUI access Gigabit Ethernet Optical ports Copper ports small form factor Pluggable SFP RJ 45 Two optical ports for 10 Gbps Ethernet conne...

Page 60: ...red in the Data Manager database From this definition you can generate the automated DOS and ARX CLI command scripts and step by step deployment instructions that constitute an ARX deployment workflow...

Page 61: ...ing up virtual servers Data Manager is not involved during the network configuration phase but can provide significant support during the storage configuration phase However if you choose not to use D...

Page 62: ...pying the latest ARX configuration to a remote host every time the configuration changes You can use the configuration parameters later to recover from a disaster and or to facilitate switch replaceme...

Page 63: ...iguration page click the Help button in the upper right hand corner and follow the instructions Contacting Customer Service You can use the following methods to contact F5 Networks Customer Service F5...

Page 64: ...Chapter 1 Site Planning 1 58...

Reviews:

No comments

Related manuals for ARX-VE

D-Link SmartPro DGS-1500-20 Reference Manual preview
SmartPro DGS-1500-20
Brand: D-Link Pages: 113
D-Link xStack DGS-3120 Series Cli Reference Manual preview
xStack DGS-3120 Series
Brand: D-Link Pages: 1150
GE GuardSwitch 300 Series Quick Start Manual preview
GuardSwitch 300 Series
Brand: GE Pages: 4
Cabletron Systems SMALL OFFICE CyberSwitch 150 Manual preview
SMALL OFFICE CyberSwitch 150
Brand: Cabletron Systems Pages: 106
Eaton SOL30 Series Instruction Leaflet preview
SOL30 Series
Brand: Eaton Pages: 4
Collective Minds Xbox One Media Hub Instruction Manual preview
Xbox One Media Hub
Brand: Collective Minds Pages: 19
3onedata ES1026-2F Quick Installation Manual preview
ES1026-2F
Brand: 3onedata Pages: 2
QCT QuantaMesh T1048-LB9M Installation Manual preview
QuantaMesh T1048-LB9M
Brand: QCT Pages: 34
SMART-AVI HDR4X2 Installation Manual preview
HDR4X2
Brand: SMART-AVI Pages: 2
NTI UNIMUX-nXm-UHD Installation And Operation Manual preview
UNIMUX-nXm-UHD
Brand: NTI Pages: 69
Hisselektronik Safeline 2000 Light Manual For Programmering preview
Safeline 2000 Light
Brand: Hisselektronik Pages: 9
W Box Technologies 0E-8P65W4POE Manual preview
0E-8P65W4POE
Brand: W Box Technologies Pages: 10
Unipoe PM5003GSN User Manual preview
PM5003GSN
Brand: Unipoe Pages: 9
Cabletron Systems ELS10-26TX User Manual preview
ELS10-26TX
Brand: Cabletron Systems Pages: 116
A10 Thunder series 930 Installation Manual preview
Thunder series 930
Brand: A10 Pages: 44
Raritan TMCAT17 series Quick Setup Manual preview
TMCAT17 series
Brand: Raritan Pages: 7
Leviton 47693-ESM Product Specifications preview
47693-ESM
Brand: Leviton Pages: 2
KDS KD-MSW8x3 Operating Instructions Manual preview
KD-MSW8x3
Brand: KDS Pages: 10

Brands by name

Popular brands

Load more brands