manualshive.com logo in svg

F5 ARX-VE, Planning Manual


Share
Download
background image

Chapter 1
Site Planning

1 - 36

Figure 1.12  

ARX® as a resource proxy between clients and servers

Kerberos authentication simplifies security management: all ACLs on all 
servers can remain the same, and all clients retain the same rights and 
restrictions that they had before inserting the ARX. This proxy mechanism, 
called 

delegation

 in Windows terminology, is possible with Kerberos but 

not with NTLM.

Required Administrative Privileges

Special administrative privileges are required to join an F5 front-end CIFS 
server (

F5 server

) to an AD domain. The domain-join operation has two 

major steps: add the F5 server to the AD domain and raise the “Trusted for 
Delegation” flag for the server. Each of these steps requires a distinct 
administrative privilege:

• “Add workstations to domain” (where the “workstation” is the F5 

server), and

• “Enable computer and user accounts to be trusted for delegation.”

An administrator in the Domain Admins group has both of these privileges. 
You need the username and password of one of these administrators to join 
an F5 server to an AD domain.

Note

Trusting an F5 server for delegation poses no security threat to your 
network. Kerberos authentication was designed with delegation in mind to 
provide a clean way of carrying identity through n-tiered application 
systems. For more information, refer to IETF RFC 1510 or the Microsoft 

servers

DC

clients

Summary of Contents for ARX-VE

Page 1: ...ARX Site Planning Guide 810 0036 00...

Page 2: ......

Page 3: ...Management Operating System Traffix Diameter Load Balancer Traffix Systems Traffix Systems DESIGN Transparent Data Reduction UNITY VAULT VIPRION vCMP virtual Clustered Multiprocessing WA WAN Optimiza...

Page 4: ...1995 1996 The President and Fellows of Harvard University All rights reserved Copyright c 1998 2004 The OpenSSL Project All rights reserved Unless otherwise noted the companies organizations products...

Page 5: ...Rev W add updates for Release 6 00 000 September 2011 Rev X add updates for Release 6 01 000 October 2011 Rev Y refer to licensed limits July 2012 Rev Z add updates for Release 6 02 000 October 2012 R...

Page 6: ...vi...

Page 7: ...1 Site Planning This manual describes network and environmental considerations for installing an Adaptive Resource Switch ARX Use this document to prepare for adding an ARX to your network...

Page 8: ......

Page 9: ...ervers are said to be at the back end As you plan to add a switch to your network it is helpful to remember the sharp division between the switch s front end and back end processing The following figu...

Page 10: ...s and servers Multiple subnet The ARX terminates one or more client subnets and a separate server subnet The following subsections describe each of these topologies One Armed Proxy Topology In a one a...

Page 11: ...RX The ARX has a single physical connection to the client server subnet On the switch you configure the same subnet and VLAN for both front end clients and back end servers You can also add static rou...

Page 12: ...vers into multiple IP subnets You can define multiple subnets static routes and default routes on the ARX to reach any number of subnets at the front end or back end Multiple Subnet Before Installing...

Page 13: ...X has a separate connection to the client subnet and the server subnet in a multiple subnet topology The switch serves as a proxy for CIFS and or NFS transactions between the clients and servers As a...

Page 14: ...t side IP addresses are called virtual IPs or VIPs The ARX also requires one or more management IP addresses to load new software images The switch has one out of band management interface and you can...

Page 15: ...against remote NFS clients This is designed as an authentication mechanism To prevent such file servers from denying access to the proxy IP addresses add the proxy IP addresses to your DNS configurati...

Page 16: ...rces the quorum disk The ARX also has an interface for out of band management typically labeled MGMT on its front panel This interface is designed for installations with discrete management networks I...

Page 17: ...client services If you plan to operate in a secure environment these ports must be opened on fire walls in order for the ARX to function properly All client server data is on the inband network The i...

Page 18: ...Enabled by default 23 TELNET TCP Disabled by default 443 HTTPS TCP GUI enabled by default 80 HTTP TCP GUI disabled by default 514 SYSLOG UDP If External Syslog is used 25 SMTP TCP For Email Home 139...

Page 19: ...Default port is configurable 464 lc passwd UDP and TCP 137 138 WINS UDP Name service 88 Kerberos TCP UDP 137 138 NetBIOS TCP UDP 445 Microsoft Directory Services TCP NFS Authentication NIS NIS UDP TC...

Page 20: ...mend using two or more NTP servers for the servers clients and the ARX devices Automatically Discovering Your File Servers Prior to installing an ARX best practices recommend using F5 Data Manager a w...

Page 21: ...es to manually discover any issues for a site without Data Manager Avoiding Name Collisions To prepare multiple file server shares for inclusion in the same namespace volume you should avoid name coll...

Page 22: ...nA 2 3 192 168 25 34 24 25 00 0a 49 17 7c 83 bstnA bstnA 2 4 192 168 25 141 24 25 00 0a 49 17 7c 84 bstnA bstnA 2 5 192 168 25 142 24 25 00 0a 49 17 7c 85 bstnA bstnA 2 6 192 168 25 143 24 25 00 0a 49...

Page 23: ...Export wizard is invoked See the following figure In the wizard select the options to configure for the export Figure 1 8 NFS Export wizard Use this wizard to add your proxy IP addresses to the follow...

Page 24: ...following figure Figure 1 9 NFS Export wizard Commit screen EMC Celerra Server On the EMC Celerra server select NFS Exports See the left hand navigation column in the following figure Click New or cli...

Page 25: ...ain Exports All Data Domain exports are in the backup directory You can use the Data Domain CLI to export one of those directories through NFS Use the nfs add command to create an NFS export specifyin...

Page 26: ...squash lhome budget 192 168 25 144 rw no_root_squash lhome budget 192 168 25 145 rw no_root_squash lhome budget 192 168 25 146 rw no_root_squash lhome budget 192 168 25 147 rw no_root_squash lhome bud...

Page 27: ...ly in the 192 168 25 0 24 subnet the server subnet for the ARX Only the ARX should be able to access this export except for backups or other read only activities To use the edited exports file force t...

Page 28: ...estination share this means that each namespace can use up to 32 concurrent server connections If your installation supports Per Seat licensing this is not an issue For Per Server licensing you must c...

Page 29: ...the EMC Data Domain system allows access to a small number of CIFS clients with read only access However an ARX volume facilitates read write access to the Data Domain share by any of its CIFS client...

Page 30: ...mba for multi protocol namespaces without persistent ACLs Without POSIX ACL and extended attribute support the ARX namespace cannot support persistent ACLs If you intend to deploy Samba work with your...

Page 31: ...es on back end filers among other things The managed volume uses the metadata to manage these file locations through namespace policy A direct volume does not have any metadata and therefore does not...

Page 32: ...File IDs The ARX Inter Operability Matrix lists all of a direct volume s supported NFS filers and clients This matrix is available from the ARX GUI along with this document click the Documentation lin...

Page 33: ...r that has adequate performance and redundancy characteristics as well as adequate space For details on estimating the size required see Sizing the Metadata Share on page 1 28 The namespace software f...

Page 34: ...oosing metadata storage candidates for a namespace Use the information in these sections as guidelines before configuring any namespaces with managed volumes Sizing the Metadata Share A metadata share...

Page 35: ...olume with millions of files can require multiple gigabytes of metadata However a file system has a limit on the size of each file Thus you must verify that the file system for the metadata share can...

Page 36: ...olume that also supports CIFS This is because an NFS only volume does not have the CIFS credentials required to access a CIFS metadata only share Avoid vol vol0 on NetApp By default a NetApp file serv...

Page 37: ...icy is called new file placement policy in a share farm and it is described in the ARX CLI Storage Management Guide Best Practices for Share Management Once an external share is imported into a manage...

Page 38: ...on to non native access to the filer Non native access means accessing a UNIX file through CIFS or an NTFS Windows file through NFS Of particular interest are the following questions How will the clie...

Page 39: ...show different timestamps to Unix clients than to CIFS clients The timestamps differ by one hour This is an indication that the timestamp was set before daylight savings time started or ended it is a...

Page 40: ...the above user to root on the UNIX side as described below From the EMC CLI use the following command to get a copy of the UNIX passwd file server_file data mover get passwd passwd new where data mov...

Page 41: ...for Use in an Active Directory Domain This section applies to Windows installations that support Active Directory AD domains These installations use Kerberos authentication and require some special c...

Page 42: ...steps add the F5 server to the AD domain and raise the Trusted for Delegation flag for the server Each of these steps requires a distinct administrative privilege Add workstations to domain where the...

Page 43: ...ts The ARX supports a maximum of 64 services each with a distinct FQDN and virtual IP VIP address This maximum is for the sum of all CIFS and NFS services The smaller ARX 500 platform offers up to 16...

Page 44: ...le FRU compact design It offers the same software features as the other ARX platforms differing only in performance and scale Ports 8 x 1GbE copper 1 mgmt data and 7 data Throughput 500MB s Files 768M...

Page 45: ...control switch fabric throughput and external interfaces into a compact design consisting of two FRUs The switch includes a removable front bezel which when attached covers all components except the...

Page 46: ...500 System Specifications Component Specification Dimensions Height 1 703 in Width 16 930 in Depth 26 457 in Weight 31 lb 14 061 kg Power Load 8 55 amps 110Vac 4 3 amps 220Vac Environmental Requireme...

Page 47: ...t bezel Height 3 5 in Width 19 00 in including mounting ear assemblies Depth 24 in Chassis Weight 40 lb 18 14 kg Power Consumption Typical power consumption 2 5A 110VAC 280W 0 98 PF Maximum power cons...

Page 48: ...wer Load 2 5A 110V 1 3A 220V AC DC Power Supply Input 100Vac 4 Amps 240Vac 2Amps 47 63Hz 100 240VAC 47 63Hz 4 2A Environmental Requirements Altitude 60m 197ft min to 1800m 6000 ft max Humidity Operati...

Page 49: ...power modules and one power system frame Two power modules are recommended for full redundancy and load sharing The power supplies require a 10A 220VAC input cord which is provided with the chassis T...

Page 50: ...able Requirements This section contains the cable requirements for all the ARX models Choose from the following ARX 500 Cable Requirements on page 1 44 ARX 1500 Cable Requirement on page 1 45 ARX 2000...

Page 51: ...auto auto negotiate through the CLI When the port speed duplex is forced auto negotiate is disabled automatic MDI MDIX cross over is disabled and you must cable the port using standard cross over or s...

Page 52: ...Ethernet cable RJ 45 connectors Gigabit Ethernet ports copper a 100 1000BASE T Category 5 6 unshielded twisted pair UTP cable 24 AWG a Gigabit Ethernet ports support automatic MDI MDIX cross over This...

Page 53: ...it is a cross over or straight through type However for this feature to work the port speed must be set to auto auto negotiate through the CLI When the port speed duplex is forced auto negotiate is d...

Page 54: ...mode fiber MMF with duplex SC style connectors Distances up to 300m on 50 125um MMF or 33m on 62 5 125um MMF a Gigabit Ethernet ports support automatic MDI MDIX cross over This feature automatically...

Page 55: ...fficient for connecting to a Terminal Server For a direct connection to the serial port on a management station such as a laptop an RJ 45 to DB9 adapter is also included in the kit Figure 1 13 RJ 45 M...

Page 56: ...n the system Here is the table that describes the console port pinout The following table shows the pinout assignments for the ARX 1500 and the ARX 2500 Table 1 15 SCM ACM console port signaling cabli...

Page 57: ...ARX 500 Connectors The ARX 500 has four rear panel ports for cabling as shown in Figure 1 15 Figure 1 15 ARX 500 rear panel ports The following table describes the cable connectors used on the ARX 500...

Page 58: ...X 2000 Table 1 18 ARX 1500 Cable Connectors Interface Connector Purpose Console labeled CONSOLE on back of switch RJ 45 Serial port for CLI access Management labeled MGMT on back of switch RJ 45 Ether...

Page 59: ...labeled MGMT on back of switch RJ 45 Ethernet port for CLI or GUI access Gigabit Ethernet Optical ports Copper ports small form factor Pluggable SFP RJ 45 Two optical ports for 10 Gbps Ethernet conne...

Page 60: ...red in the Data Manager database From this definition you can generate the automated DOS and ARX CLI command scripts and step by step deployment instructions that constitute an ARX deployment workflow...

Page 61: ...ing up virtual servers Data Manager is not involved during the network configuration phase but can provide significant support during the storage configuration phase However if you choose not to use D...

Page 62: ...pying the latest ARX configuration to a remote host every time the configuration changes You can use the configuration parameters later to recover from a disaster and or to facilitate switch replaceme...

Page 63: ...iguration page click the Help button in the upper right hand corner and follow the instructions Contacting Customer Service You can use the following methods to contact F5 Networks Customer Service F5...

Page 64: ...Chapter 1 Site Planning 1 58...

Reviews:

No comments

Related manuals for ARX-VE

S&C 2000 series Instructions For Field Assembly And Installation preview
2000 series
Brand: S&C Pages: 26
S&C 2000 series Installation And Operation Manual preview
2000 series
Brand: S&C Pages: 37
S&C 2000 series Installation Manual preview
2000 series
Brand: S&C Pages: 28
CALIENT S320 Repair And Diagnostics Field Manual preview
S320
Brand: CALIENT Pages: 22
Talkswitch switch Start Manual preview
switch
Brand: Talkswitch Pages: 17
LAUMAS TLB Installation And User Manual preview
TLB
Brand: LAUMAS Pages: 40
3Com 3C17539 Datasheet preview
3C17539
Brand: 3Com Pages: 12
3Com S7906E - Switch Datasheet preview
S7906E - Switch
Brand: 3Com Pages: 8
Hama Data Switch Operating Instruction preview
Data Switch
Brand: Hama Pages: 10
StarTech.com MSTCDP122DP Quick Start Manual preview
MSTCDP122DP
Brand: StarTech.com Pages: 2
Clever Little Box Wi-View 300V User Manual preview
Wi-View 300V
Brand: Clever Little Box Pages: 15
Tripp Lite B155-002-DP-V2 Owner'S Manual preview
B155-002-DP-V2
Brand: Tripp Lite Pages: 12
Cabletron Systems 6H122-08 User Manual preview
6H122-08
Brand: Cabletron Systems Pages: 170
Videplus JAR-SW16-P300 User Manual preview
JAR-SW16-P300
Brand: Videplus Pages: 13
Ubiquiti EdgeSwitch Quick Start Manual preview
EdgeSwitch
Brand: Ubiquiti Pages: 14
Advantech EKI-7659CPI User Manual preview
EKI-7659CPI
Brand: Advantech Pages: 101
TRENDnet TK-407K - KVM Switch - USB Specifications preview
TK-407K - KVM Switch - USB
Brand: TRENDnet Pages: 2
LevelOne FSW-1640TX User Manual preview
FSW-1640TX
Brand: LevelOne Pages: 35

Brands by name

Popular brands

Load more brands