manualshive.com logo in svg

F5 ARX-VE, Planning Manual


Share
Download
background image

Chapter 1
Site Planning

1 - 32

Planning for a Multi-Protocol Namespace

A multi-protocol namespace supports both NFS and CIFS. You can use it 
with a heterogeneous set of back-end filers with multi-protocol shares. 
Currently-supported filer vendors include NetApp and EMC.

The ARX passes NFS and/or CIFS operations through to the back-end 
shares, which permit or deny the operations based on client identity and 
file/directory permissions. Each filer permits or denies access to files based 
on its own rules, and the ARX passes back the response back to the client.

Important

This has far-reaching implications for client access in a heterogeneous 
volume. If you mix multi-protocol shares from multiple vendors in the same 
volume, client access can change when files migrate from one filer to 
another. This is an unavoidable consequence of different multi-protocol 
implementations from the filer vendors.

Consult your filer documentation (from all vendors) concerning client 
access and the recommended security configurations. Pay particular 
attention to 

non-native access

 to the filer. Non-native access means 

accessing a UNIX file through CIFS, or an NTFS (Windows) file through 
NFS. Of particular interest are the following questions:

How will the client’s identity (UID/GID in UNIX, owner SID and 
primary-group SID in NTFS) be interpreted in the file’s environment?

Is the client’s access restricted in unexpected ways (for example, can an 
NFS client delete NTFS files in a directory where they apparently have 
UNIX write and execute permissions)?

Is the client allowed to change permissions on the non-native file? If so, 
how are the new permissions interpreted in the file’s environment?

Our best practice is to use NTFS Qtrees for NetApp filers whenever you mix 
them with EMC file servers. The following subsections discuss specific best 
practices for various vendors.

NetApp Best Practices

Client Identity

A NetApp filer maps UNIX usernames to NT usernames. If a client has the 
same username for both operating systems, the mapping is straightforward. 
For clients with different usernames in each environment, you can configure 
a map on the NetApp, /etc/usermap.cfg. After the NetApp maps the 
username, it consults the operating system to find the user’s Group ID (in 
UNIX) or primary-group SID (in NT).

Summary of Contents for ARX-VE

Page 1: ...ARX Site Planning Guide 810 0036 00...

Page 2: ......

Page 3: ...Management Operating System Traffix Diameter Load Balancer Traffix Systems Traffix Systems DESIGN Transparent Data Reduction UNITY VAULT VIPRION vCMP virtual Clustered Multiprocessing WA WAN Optimiza...

Page 4: ...1995 1996 The President and Fellows of Harvard University All rights reserved Copyright c 1998 2004 The OpenSSL Project All rights reserved Unless otherwise noted the companies organizations products...

Page 5: ...Rev W add updates for Release 6 00 000 September 2011 Rev X add updates for Release 6 01 000 October 2011 Rev Y refer to licensed limits July 2012 Rev Z add updates for Release 6 02 000 October 2012 R...

Page 6: ...vi...

Page 7: ...1 Site Planning This manual describes network and environmental considerations for installing an Adaptive Resource Switch ARX Use this document to prepare for adding an ARX to your network...

Page 8: ......

Page 9: ...ervers are said to be at the back end As you plan to add a switch to your network it is helpful to remember the sharp division between the switch s front end and back end processing The following figu...

Page 10: ...s and servers Multiple subnet The ARX terminates one or more client subnets and a separate server subnet The following subsections describe each of these topologies One Armed Proxy Topology In a one a...

Page 11: ...RX The ARX has a single physical connection to the client server subnet On the switch you configure the same subnet and VLAN for both front end clients and back end servers You can also add static rou...

Page 12: ...vers into multiple IP subnets You can define multiple subnets static routes and default routes on the ARX to reach any number of subnets at the front end or back end Multiple Subnet Before Installing...

Page 13: ...X has a separate connection to the client subnet and the server subnet in a multiple subnet topology The switch serves as a proxy for CIFS and or NFS transactions between the clients and servers As a...

Page 14: ...t side IP addresses are called virtual IPs or VIPs The ARX also requires one or more management IP addresses to load new software images The switch has one out of band management interface and you can...

Page 15: ...against remote NFS clients This is designed as an authentication mechanism To prevent such file servers from denying access to the proxy IP addresses add the proxy IP addresses to your DNS configurati...

Page 16: ...rces the quorum disk The ARX also has an interface for out of band management typically labeled MGMT on its front panel This interface is designed for installations with discrete management networks I...

Page 17: ...client services If you plan to operate in a secure environment these ports must be opened on fire walls in order for the ARX to function properly All client server data is on the inband network The i...

Page 18: ...Enabled by default 23 TELNET TCP Disabled by default 443 HTTPS TCP GUI enabled by default 80 HTTP TCP GUI disabled by default 514 SYSLOG UDP If External Syslog is used 25 SMTP TCP For Email Home 139...

Page 19: ...Default port is configurable 464 lc passwd UDP and TCP 137 138 WINS UDP Name service 88 Kerberos TCP UDP 137 138 NetBIOS TCP UDP 445 Microsoft Directory Services TCP NFS Authentication NIS NIS UDP TC...

Page 20: ...mend using two or more NTP servers for the servers clients and the ARX devices Automatically Discovering Your File Servers Prior to installing an ARX best practices recommend using F5 Data Manager a w...

Page 21: ...es to manually discover any issues for a site without Data Manager Avoiding Name Collisions To prepare multiple file server shares for inclusion in the same namespace volume you should avoid name coll...

Page 22: ...nA 2 3 192 168 25 34 24 25 00 0a 49 17 7c 83 bstnA bstnA 2 4 192 168 25 141 24 25 00 0a 49 17 7c 84 bstnA bstnA 2 5 192 168 25 142 24 25 00 0a 49 17 7c 85 bstnA bstnA 2 6 192 168 25 143 24 25 00 0a 49...

Page 23: ...Export wizard is invoked See the following figure In the wizard select the options to configure for the export Figure 1 8 NFS Export wizard Use this wizard to add your proxy IP addresses to the follow...

Page 24: ...following figure Figure 1 9 NFS Export wizard Commit screen EMC Celerra Server On the EMC Celerra server select NFS Exports See the left hand navigation column in the following figure Click New or cli...

Page 25: ...ain Exports All Data Domain exports are in the backup directory You can use the Data Domain CLI to export one of those directories through NFS Use the nfs add command to create an NFS export specifyin...

Page 26: ...squash lhome budget 192 168 25 144 rw no_root_squash lhome budget 192 168 25 145 rw no_root_squash lhome budget 192 168 25 146 rw no_root_squash lhome budget 192 168 25 147 rw no_root_squash lhome bud...

Page 27: ...ly in the 192 168 25 0 24 subnet the server subnet for the ARX Only the ARX should be able to access this export except for backups or other read only activities To use the edited exports file force t...

Page 28: ...estination share this means that each namespace can use up to 32 concurrent server connections If your installation supports Per Seat licensing this is not an issue For Per Server licensing you must c...

Page 29: ...the EMC Data Domain system allows access to a small number of CIFS clients with read only access However an ARX volume facilitates read write access to the Data Domain share by any of its CIFS client...

Page 30: ...mba for multi protocol namespaces without persistent ACLs Without POSIX ACL and extended attribute support the ARX namespace cannot support persistent ACLs If you intend to deploy Samba work with your...

Page 31: ...es on back end filers among other things The managed volume uses the metadata to manage these file locations through namespace policy A direct volume does not have any metadata and therefore does not...

Page 32: ...File IDs The ARX Inter Operability Matrix lists all of a direct volume s supported NFS filers and clients This matrix is available from the ARX GUI along with this document click the Documentation lin...

Page 33: ...r that has adequate performance and redundancy characteristics as well as adequate space For details on estimating the size required see Sizing the Metadata Share on page 1 28 The namespace software f...

Page 34: ...oosing metadata storage candidates for a namespace Use the information in these sections as guidelines before configuring any namespaces with managed volumes Sizing the Metadata Share A metadata share...

Page 35: ...olume with millions of files can require multiple gigabytes of metadata However a file system has a limit on the size of each file Thus you must verify that the file system for the metadata share can...

Page 36: ...olume that also supports CIFS This is because an NFS only volume does not have the CIFS credentials required to access a CIFS metadata only share Avoid vol vol0 on NetApp By default a NetApp file serv...

Page 37: ...icy is called new file placement policy in a share farm and it is described in the ARX CLI Storage Management Guide Best Practices for Share Management Once an external share is imported into a manage...

Page 38: ...on to non native access to the filer Non native access means accessing a UNIX file through CIFS or an NTFS Windows file through NFS Of particular interest are the following questions How will the clie...

Page 39: ...show different timestamps to Unix clients than to CIFS clients The timestamps differ by one hour This is an indication that the timestamp was set before daylight savings time started or ended it is a...

Page 40: ...the above user to root on the UNIX side as described below From the EMC CLI use the following command to get a copy of the UNIX passwd file server_file data mover get passwd passwd new where data mov...

Page 41: ...for Use in an Active Directory Domain This section applies to Windows installations that support Active Directory AD domains These installations use Kerberos authentication and require some special c...

Page 42: ...steps add the F5 server to the AD domain and raise the Trusted for Delegation flag for the server Each of these steps requires a distinct administrative privilege Add workstations to domain where the...

Page 43: ...ts The ARX supports a maximum of 64 services each with a distinct FQDN and virtual IP VIP address This maximum is for the sum of all CIFS and NFS services The smaller ARX 500 platform offers up to 16...

Page 44: ...le FRU compact design It offers the same software features as the other ARX platforms differing only in performance and scale Ports 8 x 1GbE copper 1 mgmt data and 7 data Throughput 500MB s Files 768M...

Page 45: ...control switch fabric throughput and external interfaces into a compact design consisting of two FRUs The switch includes a removable front bezel which when attached covers all components except the...

Page 46: ...500 System Specifications Component Specification Dimensions Height 1 703 in Width 16 930 in Depth 26 457 in Weight 31 lb 14 061 kg Power Load 8 55 amps 110Vac 4 3 amps 220Vac Environmental Requireme...

Page 47: ...t bezel Height 3 5 in Width 19 00 in including mounting ear assemblies Depth 24 in Chassis Weight 40 lb 18 14 kg Power Consumption Typical power consumption 2 5A 110VAC 280W 0 98 PF Maximum power cons...

Page 48: ...wer Load 2 5A 110V 1 3A 220V AC DC Power Supply Input 100Vac 4 Amps 240Vac 2Amps 47 63Hz 100 240VAC 47 63Hz 4 2A Environmental Requirements Altitude 60m 197ft min to 1800m 6000 ft max Humidity Operati...

Page 49: ...power modules and one power system frame Two power modules are recommended for full redundancy and load sharing The power supplies require a 10A 220VAC input cord which is provided with the chassis T...

Page 50: ...able Requirements This section contains the cable requirements for all the ARX models Choose from the following ARX 500 Cable Requirements on page 1 44 ARX 1500 Cable Requirement on page 1 45 ARX 2000...

Page 51: ...auto auto negotiate through the CLI When the port speed duplex is forced auto negotiate is disabled automatic MDI MDIX cross over is disabled and you must cable the port using standard cross over or s...

Page 52: ...Ethernet cable RJ 45 connectors Gigabit Ethernet ports copper a 100 1000BASE T Category 5 6 unshielded twisted pair UTP cable 24 AWG a Gigabit Ethernet ports support automatic MDI MDIX cross over This...

Page 53: ...it is a cross over or straight through type However for this feature to work the port speed must be set to auto auto negotiate through the CLI When the port speed duplex is forced auto negotiate is d...

Page 54: ...mode fiber MMF with duplex SC style connectors Distances up to 300m on 50 125um MMF or 33m on 62 5 125um MMF a Gigabit Ethernet ports support automatic MDI MDIX cross over This feature automatically...

Page 55: ...fficient for connecting to a Terminal Server For a direct connection to the serial port on a management station such as a laptop an RJ 45 to DB9 adapter is also included in the kit Figure 1 13 RJ 45 M...

Page 56: ...n the system Here is the table that describes the console port pinout The following table shows the pinout assignments for the ARX 1500 and the ARX 2500 Table 1 15 SCM ACM console port signaling cabli...

Page 57: ...ARX 500 Connectors The ARX 500 has four rear panel ports for cabling as shown in Figure 1 15 Figure 1 15 ARX 500 rear panel ports The following table describes the cable connectors used on the ARX 500...

Page 58: ...X 2000 Table 1 18 ARX 1500 Cable Connectors Interface Connector Purpose Console labeled CONSOLE on back of switch RJ 45 Serial port for CLI access Management labeled MGMT on back of switch RJ 45 Ether...

Page 59: ...labeled MGMT on back of switch RJ 45 Ethernet port for CLI or GUI access Gigabit Ethernet Optical ports Copper ports small form factor Pluggable SFP RJ 45 Two optical ports for 10 Gbps Ethernet conne...

Page 60: ...red in the Data Manager database From this definition you can generate the automated DOS and ARX CLI command scripts and step by step deployment instructions that constitute an ARX deployment workflow...

Page 61: ...ing up virtual servers Data Manager is not involved during the network configuration phase but can provide significant support during the storage configuration phase However if you choose not to use D...

Page 62: ...pying the latest ARX configuration to a remote host every time the configuration changes You can use the configuration parameters later to recover from a disaster and or to facilitate switch replaceme...

Page 63: ...iguration page click the Help button in the upper right hand corner and follow the instructions Contacting Customer Service You can use the following methods to contact F5 Networks Customer Service F5...

Page 64: ...Chapter 1 Site Planning 1 58...

Reviews:

No comments

Related manuals for ARX-VE

Gefen HD-441 User Manual preview
HD-441
Brand: Gefen Pages: 11
D-Link xStack DES-3500 Series Cli Manual preview
xStack DES-3500 Series
Brand: D-Link Pages: 260
D-Link DXS-3600 Series Reference Manual preview
DXS-3600 Series
Brand: D-Link Pages: 48
D-Link DXS-3400 SERIES Quick Start Manual preview
DXS-3400 SERIES
Brand: D-Link Pages: 3
D-Link Web Smart Switch DGS-1210-16 Product Manual preview
Web Smart Switch DGS-1210-16
Brand: D-Link Pages: 71
D-Link DGS-1016A Datasheet preview
DGS-1016A
Brand: D-Link Pages: 3
D-Link DGS-1100-26MP Getting Started Manual preview
DGS-1100-26MP
Brand: D-Link Pages: 56
D-Link xStack DES-3800 Series Cli Manual preview
xStack DES-3800 Series
Brand: D-Link Pages: 326
D-Link xStack DES-3526 Cli Manual preview
xStack DES-3526
Brand: D-Link Pages: 222
D-Link DGS-1008G Quick Install Manual preview
DGS-1008G
Brand: D-Link Pages: 2
D-Link DXS-1210 Series Manual preview
DXS-1210 Series
Brand: D-Link Pages: 20
IBM RackSwitch G8332 Product Manual preview
RackSwitch G8332
Brand: IBM Pages: 18
Daxten SCOUTCOMBO - Installation Manual preview
SCOUTCOMBO -
Brand: Daxten Pages: 7
eao 04 Series Assembly Instructions preview
04 Series
Brand: eao Pages: 2
eao 04 Series Assembly Instruction preview
04 Series
Brand: eao Pages: 2
Fema DCM Series Assembly And Operating Instructions Manual preview
DCM Series
Brand: Fema Pages: 96
Eaton ATC-900 Manual preview
ATC-900
Brand: Eaton Pages: 40
Intermatic T7802BC Supplementary Manual preview
T7802BC
Brand: Intermatic Pages: 1

Brands by name

Popular brands

Load more brands