manualshive.com logo in svg

F5 ARX-VE, Planning Manual


Share
Download
background image

Planning for a Multi-Protocol Namespace

ARX Site Planning Guide

1 - 33

Non-Native File Permissions (and Qtree Configuration)

Each NetApp qtree can support UNIX-based permissions or NTFS-based 
ACLs. The client’s identity is mapped as discussed above, then their identity 
is applied to the file’s native permissions. For example, consider an NFS 
client who accesses a file on an NTFS qtree: the client’s UNIX username is 
mapped to an NT username, then the NT identity is applied to the file’s 
ACLs.

Note

NetApp mixed-mode qtrees are not currently qualified.

A multi-protocol namespace passes all permissions checks back to the 
qtrees, which permit or deny access to each file or directory. All NetApp 
shares behind a multi-protocol volume must be configured with the same 
permissions type (UNIX, or NTFS).

F5 recommends that you use NTFS qtrees, which offer the richest set of 
file-access permissions.

Timestamp Skew in a Unix Qtree

A NetApp share with a Unix Qtree can create a unique timestamp skew: 
some files may show different timestamps to Unix clients than to CIFS 
clients. The timestamps differ by one hour. This is an indication that the 
timestamp was set before daylight savings time started or ended; it is a 
known issue on NetApp filers. We recommend that you follow NetApp’s 
best practices and set the filer to GMT.

Mapping the Proxy User

As mentioned earlier, the configured proxy user must have full read/write 
privileges from both NFS and CIFS. The NetApp’s NT/UNIX user map 
must equate the proxy-user credentials on the NT side with 

root

 on the 

UNIX side. The user map is in /etc/usermap.cfg, which you can access from 
an NFS client by mounting /vol/vol0. For example, this command sequence 
mounts the NetApp filer at 192.168.25.21 and lists the usermap.cfg file:

rh1:/mnt#

 

mount

 

192.168.25.21:/vol/vol0/etc

 

netapp/

rh1:/mnt#

 

ls

 ‐

l

 

netapp/usermap.cfg

rwxrwx

‐‐‐    

1

 

root

     

root

         

1385

 

Apr

 

25

  

2005

 

netapp/usermap.cfg

rh1:/mnt#

One line maps the Windows proxy user to 

root

. Follow this syntax:

DOMAIN

\

proxy-username

 

==

 

root

where

DOMAIN

 is the Windows domain for the proxy user (use the short 

version; for example, MYDOMAIN instead of 
MYDOMAIN.MYCOMPANY),

proxy-username

 is the Windows username, and

the spaces before and after 

==

 are required.

Summary of Contents for ARX-VE

Page 1: ...ARX Site Planning Guide 810 0036 00...

Page 2: ......

Page 3: ...Management Operating System Traffix Diameter Load Balancer Traffix Systems Traffix Systems DESIGN Transparent Data Reduction UNITY VAULT VIPRION vCMP virtual Clustered Multiprocessing WA WAN Optimiza...

Page 4: ...1995 1996 The President and Fellows of Harvard University All rights reserved Copyright c 1998 2004 The OpenSSL Project All rights reserved Unless otherwise noted the companies organizations products...

Page 5: ...Rev W add updates for Release 6 00 000 September 2011 Rev X add updates for Release 6 01 000 October 2011 Rev Y refer to licensed limits July 2012 Rev Z add updates for Release 6 02 000 October 2012 R...

Page 6: ...vi...

Page 7: ...1 Site Planning This manual describes network and environmental considerations for installing an Adaptive Resource Switch ARX Use this document to prepare for adding an ARX to your network...

Page 8: ......

Page 9: ...ervers are said to be at the back end As you plan to add a switch to your network it is helpful to remember the sharp division between the switch s front end and back end processing The following figu...

Page 10: ...s and servers Multiple subnet The ARX terminates one or more client subnets and a separate server subnet The following subsections describe each of these topologies One Armed Proxy Topology In a one a...

Page 11: ...RX The ARX has a single physical connection to the client server subnet On the switch you configure the same subnet and VLAN for both front end clients and back end servers You can also add static rou...

Page 12: ...vers into multiple IP subnets You can define multiple subnets static routes and default routes on the ARX to reach any number of subnets at the front end or back end Multiple Subnet Before Installing...

Page 13: ...X has a separate connection to the client subnet and the server subnet in a multiple subnet topology The switch serves as a proxy for CIFS and or NFS transactions between the clients and servers As a...

Page 14: ...t side IP addresses are called virtual IPs or VIPs The ARX also requires one or more management IP addresses to load new software images The switch has one out of band management interface and you can...

Page 15: ...against remote NFS clients This is designed as an authentication mechanism To prevent such file servers from denying access to the proxy IP addresses add the proxy IP addresses to your DNS configurati...

Page 16: ...rces the quorum disk The ARX also has an interface for out of band management typically labeled MGMT on its front panel This interface is designed for installations with discrete management networks I...

Page 17: ...client services If you plan to operate in a secure environment these ports must be opened on fire walls in order for the ARX to function properly All client server data is on the inband network The i...

Page 18: ...Enabled by default 23 TELNET TCP Disabled by default 443 HTTPS TCP GUI enabled by default 80 HTTP TCP GUI disabled by default 514 SYSLOG UDP If External Syslog is used 25 SMTP TCP For Email Home 139...

Page 19: ...Default port is configurable 464 lc passwd UDP and TCP 137 138 WINS UDP Name service 88 Kerberos TCP UDP 137 138 NetBIOS TCP UDP 445 Microsoft Directory Services TCP NFS Authentication NIS NIS UDP TC...

Page 20: ...mend using two or more NTP servers for the servers clients and the ARX devices Automatically Discovering Your File Servers Prior to installing an ARX best practices recommend using F5 Data Manager a w...

Page 21: ...es to manually discover any issues for a site without Data Manager Avoiding Name Collisions To prepare multiple file server shares for inclusion in the same namespace volume you should avoid name coll...

Page 22: ...nA 2 3 192 168 25 34 24 25 00 0a 49 17 7c 83 bstnA bstnA 2 4 192 168 25 141 24 25 00 0a 49 17 7c 84 bstnA bstnA 2 5 192 168 25 142 24 25 00 0a 49 17 7c 85 bstnA bstnA 2 6 192 168 25 143 24 25 00 0a 49...

Page 23: ...Export wizard is invoked See the following figure In the wizard select the options to configure for the export Figure 1 8 NFS Export wizard Use this wizard to add your proxy IP addresses to the follow...

Page 24: ...following figure Figure 1 9 NFS Export wizard Commit screen EMC Celerra Server On the EMC Celerra server select NFS Exports See the left hand navigation column in the following figure Click New or cli...

Page 25: ...ain Exports All Data Domain exports are in the backup directory You can use the Data Domain CLI to export one of those directories through NFS Use the nfs add command to create an NFS export specifyin...

Page 26: ...squash lhome budget 192 168 25 144 rw no_root_squash lhome budget 192 168 25 145 rw no_root_squash lhome budget 192 168 25 146 rw no_root_squash lhome budget 192 168 25 147 rw no_root_squash lhome bud...

Page 27: ...ly in the 192 168 25 0 24 subnet the server subnet for the ARX Only the ARX should be able to access this export except for backups or other read only activities To use the edited exports file force t...

Page 28: ...estination share this means that each namespace can use up to 32 concurrent server connections If your installation supports Per Seat licensing this is not an issue For Per Server licensing you must c...

Page 29: ...the EMC Data Domain system allows access to a small number of CIFS clients with read only access However an ARX volume facilitates read write access to the Data Domain share by any of its CIFS client...

Page 30: ...mba for multi protocol namespaces without persistent ACLs Without POSIX ACL and extended attribute support the ARX namespace cannot support persistent ACLs If you intend to deploy Samba work with your...

Page 31: ...es on back end filers among other things The managed volume uses the metadata to manage these file locations through namespace policy A direct volume does not have any metadata and therefore does not...

Page 32: ...File IDs The ARX Inter Operability Matrix lists all of a direct volume s supported NFS filers and clients This matrix is available from the ARX GUI along with this document click the Documentation lin...

Page 33: ...r that has adequate performance and redundancy characteristics as well as adequate space For details on estimating the size required see Sizing the Metadata Share on page 1 28 The namespace software f...

Page 34: ...oosing metadata storage candidates for a namespace Use the information in these sections as guidelines before configuring any namespaces with managed volumes Sizing the Metadata Share A metadata share...

Page 35: ...olume with millions of files can require multiple gigabytes of metadata However a file system has a limit on the size of each file Thus you must verify that the file system for the metadata share can...

Page 36: ...olume that also supports CIFS This is because an NFS only volume does not have the CIFS credentials required to access a CIFS metadata only share Avoid vol vol0 on NetApp By default a NetApp file serv...

Page 37: ...icy is called new file placement policy in a share farm and it is described in the ARX CLI Storage Management Guide Best Practices for Share Management Once an external share is imported into a manage...

Page 38: ...on to non native access to the filer Non native access means accessing a UNIX file through CIFS or an NTFS Windows file through NFS Of particular interest are the following questions How will the clie...

Page 39: ...show different timestamps to Unix clients than to CIFS clients The timestamps differ by one hour This is an indication that the timestamp was set before daylight savings time started or ended it is a...

Page 40: ...the above user to root on the UNIX side as described below From the EMC CLI use the following command to get a copy of the UNIX passwd file server_file data mover get passwd passwd new where data mov...

Page 41: ...for Use in an Active Directory Domain This section applies to Windows installations that support Active Directory AD domains These installations use Kerberos authentication and require some special c...

Page 42: ...steps add the F5 server to the AD domain and raise the Trusted for Delegation flag for the server Each of these steps requires a distinct administrative privilege Add workstations to domain where the...

Page 43: ...ts The ARX supports a maximum of 64 services each with a distinct FQDN and virtual IP VIP address This maximum is for the sum of all CIFS and NFS services The smaller ARX 500 platform offers up to 16...

Page 44: ...le FRU compact design It offers the same software features as the other ARX platforms differing only in performance and scale Ports 8 x 1GbE copper 1 mgmt data and 7 data Throughput 500MB s Files 768M...

Page 45: ...control switch fabric throughput and external interfaces into a compact design consisting of two FRUs The switch includes a removable front bezel which when attached covers all components except the...

Page 46: ...500 System Specifications Component Specification Dimensions Height 1 703 in Width 16 930 in Depth 26 457 in Weight 31 lb 14 061 kg Power Load 8 55 amps 110Vac 4 3 amps 220Vac Environmental Requireme...

Page 47: ...t bezel Height 3 5 in Width 19 00 in including mounting ear assemblies Depth 24 in Chassis Weight 40 lb 18 14 kg Power Consumption Typical power consumption 2 5A 110VAC 280W 0 98 PF Maximum power cons...

Page 48: ...wer Load 2 5A 110V 1 3A 220V AC DC Power Supply Input 100Vac 4 Amps 240Vac 2Amps 47 63Hz 100 240VAC 47 63Hz 4 2A Environmental Requirements Altitude 60m 197ft min to 1800m 6000 ft max Humidity Operati...

Page 49: ...power modules and one power system frame Two power modules are recommended for full redundancy and load sharing The power supplies require a 10A 220VAC input cord which is provided with the chassis T...

Page 50: ...able Requirements This section contains the cable requirements for all the ARX models Choose from the following ARX 500 Cable Requirements on page 1 44 ARX 1500 Cable Requirement on page 1 45 ARX 2000...

Page 51: ...auto auto negotiate through the CLI When the port speed duplex is forced auto negotiate is disabled automatic MDI MDIX cross over is disabled and you must cable the port using standard cross over or s...

Page 52: ...Ethernet cable RJ 45 connectors Gigabit Ethernet ports copper a 100 1000BASE T Category 5 6 unshielded twisted pair UTP cable 24 AWG a Gigabit Ethernet ports support automatic MDI MDIX cross over This...

Page 53: ...it is a cross over or straight through type However for this feature to work the port speed must be set to auto auto negotiate through the CLI When the port speed duplex is forced auto negotiate is d...

Page 54: ...mode fiber MMF with duplex SC style connectors Distances up to 300m on 50 125um MMF or 33m on 62 5 125um MMF a Gigabit Ethernet ports support automatic MDI MDIX cross over This feature automatically...

Page 55: ...fficient for connecting to a Terminal Server For a direct connection to the serial port on a management station such as a laptop an RJ 45 to DB9 adapter is also included in the kit Figure 1 13 RJ 45 M...

Page 56: ...n the system Here is the table that describes the console port pinout The following table shows the pinout assignments for the ARX 1500 and the ARX 2500 Table 1 15 SCM ACM console port signaling cabli...

Page 57: ...ARX 500 Connectors The ARX 500 has four rear panel ports for cabling as shown in Figure 1 15 Figure 1 15 ARX 500 rear panel ports The following table describes the cable connectors used on the ARX 500...

Page 58: ...X 2000 Table 1 18 ARX 1500 Cable Connectors Interface Connector Purpose Console labeled CONSOLE on back of switch RJ 45 Serial port for CLI access Management labeled MGMT on back of switch RJ 45 Ether...

Page 59: ...labeled MGMT on back of switch RJ 45 Ethernet port for CLI or GUI access Gigabit Ethernet Optical ports Copper ports small form factor Pluggable SFP RJ 45 Two optical ports for 10 Gbps Ethernet conne...

Page 60: ...red in the Data Manager database From this definition you can generate the automated DOS and ARX CLI command scripts and step by step deployment instructions that constitute an ARX deployment workflow...

Page 61: ...ing up virtual servers Data Manager is not involved during the network configuration phase but can provide significant support during the storage configuration phase However if you choose not to use D...

Page 62: ...pying the latest ARX configuration to a remote host every time the configuration changes You can use the configuration parameters later to recover from a disaster and or to facilitate switch replaceme...

Page 63: ...iguration page click the Help button in the upper right hand corner and follow the instructions Contacting Customer Service You can use the following methods to contact F5 Networks Customer Service F5...

Page 64: ...Chapter 1 Site Planning 1 58...

Reviews:

No comments

Related manuals for ARX-VE

D-Link DGS-1024D - Switch Quick Installation Manual preview
DGS-1024D - Switch
Brand: D-Link Pages: 16
D-Link DGS-1016D - Switch User Manual preview
DGS-1016D - Switch
Brand: D-Link Pages: 44
D-Link DES-6000 Series Firmware Update Manual preview
DES-6000 Series
Brand: D-Link Pages: 3
D-Link DES-5024 - Switch Application Notes preview
DES-5024 - Switch
Brand: D-Link Pages: 2
D-Link DES-3828 - xStack Switch - Stackable Datasheet preview
DES-3828 - xStack Switch - Stackable
Brand: D-Link Pages: 3
D-Link DES-3550 User Manual preview
DES-3550
Brand: D-Link Pages: 192
D-Link DES-3326 Configuration Manual preview
DES-3326
Brand: D-Link Pages: 9
D-Link DES-3226L User Manual preview
DES-3226L
Brand: D-Link Pages: 110
D-Link DES-1026G User Manual preview
DES-1026G
Brand: D-Link Pages: 10
D-Link DES-1008D Manual preview
DES-1008D
Brand: D-Link Pages: 17
D-Link DES-1005P Quick Install Manual preview
DES-1005P
Brand: D-Link Pages: 4
D-Link DGS-1210-28P Manual preview
DGS-1210-28P
Brand: D-Link Pages: 9
D-Link DES-1024D Brochure preview
DES-1024D
Brand: D-Link Pages: 4
D-Link DGS-105 - Switch Datasheet preview
DGS-105 - Switch
Brand: D-Link Pages: 4
D-Link DES-1024D Quick Install Manual preview
DES-1024D
Brand: D-Link Pages: 2
D-Link des-1016a Quick Install Manual preview
des-1016a
Brand: D-Link Pages: 2
Magnetrol TK1 Operating Manual preview
TK1
Brand: Magnetrol Pages: 12
Magnimage V4 Series User Manual preview
V4 Series
Brand: Magnimage Pages: 53

Brands by name

Popular brands

Load more brands