Introduction to PS Series Management

4-2

The PS Series array can be managed by two methods: Command Line Interface (CLI) Web Browser The CLI is accessible when using the console port directly from the control module serial port or when using Telnet/SSH From the console port the following serial connection parameters are required: 9600 baud

1 STOP bit
No parity 8 data bits No hardware flow control The Management GUI is accessible using either Internet Explorer, Netscape or Mozilla in conjunction with Java software. With this option, it allows for the management of all members within a group. Prior to 4.x firmware the default management configuration allowed you to manage the whole group through a single Well Know Address, WKA, the Group IP address Starting with firmware version 4.0 an alternative method was created. This method allowed you to create a network management network using eth2 on each member with a separate an network management WKA to be used of network management only traffic Starting with firmware version 4.1, Type 7 control modules with 4 Ethernet ports are supported on the PS6000 and PS6500. On Type 7 control modules, port eth3 can be configured as the separate management port. All members in a group must be at firmware version 4.1 or higher in order for a PS6000 or PS6500 to join the group Another possible option is SNMP to monitor the PS Series Storage Array The MIBs can be used to monitor trap events and trap thresholds SNMP MIBs are available from the customer support site

Introduction to PS Series Management

4-3

Introduction to PS Series Management

4-4

CLI Access Software access is done through a standard terminal emulation software package. Hardware connection is dependent upon the type of controller module. Type I control modules (dark gray face plate and two serial ports) requires a Micro-D serial adapter cable and a null modem cable with two DB9, 9-pin female connectors. For Type 2 control modules (blue face plate and single serial port) a null modem cable with one RJ45 connector and one DB9, 9-pin, female connector is required. For Types 3,4,5 ,6 and 7 control modules, a null modem cable with DB-9 female connectors is required. CLI Operation Special keys Command Categories Group management commands are used to manage a group specifying subcommands, parameters, and variables as needed such as account, member, volume, etc. Array Management Commands enable you to perform maintenance tasks on a specific array. You must use a direct serial or Telnet connection to the specific array, such as shutdown, diag, etc. Global commands are the commands that can be executed from any level in the CLI. These commands control CLI behavior such as CLI-settings, clear, exit, help, etc.

Introduction to PS Series Management

4-5

Group management commands allow the PS Series group, consisting of one or more members, to be managed. Refer to the CLI reference for details on using each command.

Introduction to PS Series Management

4-6

Introduction to PS Series Management

4-7

Issue the up command to enable the interface.

Introduction to PS Series Management

4-8

In a group using only the IPv6 protocol, you typically do not need to specify an IPv6 address for the network interfaces. The router broadcasts available addresses. When you enable an interface, it takes one of those addresses.

To use dynamic address

Enable a network interface in an IPv6 group > member select member1 eth select 0 up To configure a static IPv6 address >member select member1 eth select 0 ipv6address \fc00::445a:a17:fcf7:686 > member select member1 eth select 0 up To configure a static IPv6 address for a network interface that is already enabled (up), > member select scale16 eth select 2 ipv6address \fc00::10:127:25:162 Changing the IP address closes all management and iSCSI connections associated with this IP address. Do you really want to change? (y/n) [n]y

Introduction to PS Series Management

4-9

Array management commands are maintenance or hardware oriented commands that allow you to manage a specific array. Do not run the array management commands when connected to the Group IP Address. You must run array management comments from either the serial port or the IP address of eth0, eth1, eth2, or eth3 on the respective array. Those commands are the restart, update, reset, shutdown and diag commands, the diag command can not starting with firmware version 4.x be run from the GUI.

Introduction to PS Series Management

4-10

Introduction to PS Series Management

4-11

Introduction to PS Series Management

4-12

Introduction to PS Series Management

4-13

Browser requirements for the GUI are as follows: Screen resolution for optimum layout of controls and other user interface components is at least 1024 x 768. Java is required. Oracle (Sun) Java 1.5.0 or higher is required. If support for Java is not included with the operating system you must download and install Java support from www.java.com in order to use the GUI.

Browser combination requirements:

Internet Explorer 6.0 or higher . Mozilla Firefox 1.0 or higher with Java 1.5.0 or higher. Safari or Chrome

Introduction to PS Series Management

4-14

The GUI uses the Swing UI platform, Swing is a widget toolkit for Java that was developed and maintained by Oracle (Sun). It is a part of Java Standard Edition and is installed on the client machine as part of Java . Swing UI platform is platform independent, extensible that is customizable and provides native support for Java accessibility API Context sensitive help is located on all panes within the GUI and also on many popup windows that appear.

Key areas within the User Interface are the Tree View modifiers; this is the viewable tree of key objects within the Group. The view is dependent on the View selection buttons below the Tree view. The View selection buttons lets you choose one of 4 views; 1) group/member view, 2) Volume view, 3) Replication view and Monitoring view. At the bottom of the main work pane is the Alarms and Operations Panel,, This panel now shows you the type of alarm, Fatal, Warning, and Error and a count as to ho many of the alarms are present along with a count of the operation alerts
The user interface has improved navigation using the traditional mouse . The interface also now includes accessibility improvements that include a fully keyboard accessible Mnemonic keys, with global navigation keys and tab navigation throughout the user interface.

The user interface include

The User interface also includes assistive technologies and support for screen readers (JAWS, NVDA). Currently pending VPAT certification , Voluntary Product Accessibility , Template - conformance with the accessibility standards under Section 508 of the Rehabilitation Act

Introduction to PS Series Management

4-15

The GUI shows four views depending on the View selection buttons that are located below the Tree view. The Tree View allows one of four views; 1) group/member view,, this view lets to manage the group and member objects

2) Volume view, lets to manage the volume object 3) Replication view , lets to manage the replication partnership objects 4) Monitoring view. , lets you manage and monitor the alarms and operations

Introduction to PS Series Management

4-16

Context sensitive help that includes integrated help on keyboard navigation and also application help menu with context help on the per-screen, per-dialog, per-panel level Context sensitive help is located on all panes within the GUI and also on many popup windows that appear. It is a kind of online help that is obtained from a specific point in the state of the software, providing help for the situation that is associated with that state. Context-sensitive help, doesn't need to be accessible for reading as a whole. Each topic is supposed to describe extensively one state, situation, or feature of the software. With this new user interface is allows for easy localization and is considered Localization ready

Introduction to PS Series Management

4-17

Administration Tab Allows for the configuration of group administration account names, access rights and determines whether that administrator can use the GUI, CLI or both to perform administrative tasks. Network Tab Lets you modify the group name, IP address, and description. Time Tab Lets you modify the group date, time, and time zone as needed. Lets you specify an external Network Time Protocol (NTP) server automatically and synchronize time on all the members. Volume Lets you modify the group-wide, default settings that apply to all volumes Space reserved for snapshots Snapshot space warning limit Policy when reserved snapshot space exceeded iSCSI target name prefix iSCSI target alias

Introduction to PS Series Management

4-18

Notification Tab Lets you configure how notifications will be handled. There are three ways to be notified when events within the group occur: General Event email Notification - sends events through email messages to the configured email recipient Remote Server Logging - sends events to the Syslog facility on a remote Syslog server. Email Home - automatically notifies Dell EqualLogic customer support of a hardware component failure or an update to firmware. Email Home is available to all PS Series customers. Response time and assistance depends on validity and level of the service contract. Email Home Process: When Email Home is first enabled, a confirmation message is received stating that the functionality is enabled. If a hardware component fails, the event is logged and an email home message is sent to Dell EqualLogic customer support and to the email you specified when configured email home. When customer support receives an email home message, they will respond to the local email with information on how to proceed (if you have a service agreement). To enable Email Home using the Group Manager GUI: In the Email Home panel select Send email Alerts To Customer Support; then in the Local Contact email field specify a local email address. Specify an SMTP server or email relay to allow any type of email notification by selecting the Network tab. In the Network Services panel click SMTP and enter an IP address for the server. You can specify up to three IP addresses.

Introduction to PS Series Management

4-19

CHAP Tab Lets you configure the CHAP parameters which is a network login protocol that uses a challenge-response mechanism. With CHAP authentication, volume or snapshot access can be restricted to hosts that supply the correct account name and password (or "secret") combination. SNMP Tab

Allows for the group to be monitored using Simple Network Management Protocol (SNMP).
Allows you to configure SNMP read-only access to a group. Default is public read only

Introduction to PS Series Management

4-20

Event Log Event messages are stored in a database and displayed on the console as they occur. The Events window retrieves and displays 100 events at a time. Previous events button can be used to retrieve the next 100 events. You can sort the messages by clicking on the header of any column. Each event is assigned a priority. FATAL catastrophic failure that requires immediate administrator intervention ERROR serious failure that should be investigated and may require administrator intervention WARNING potential problem in the group An event with this priority may become an event with ERROR priority if administrator intervention does not occur INFO normal operational and transitional event that is of interest but does not require intervention

Introduction to PS Series Management

4-21

Audit Log Audit messages are stored in a database and displayed on the console as they occur. Version 5.1 of the PS Series Firmware includes the capability to audit configuration actions that administrators perform in the Group Manager GUI and CLI. In addition, the log notes each time an administrator account is logged into or out of the group. The audit log, located in the Monitoring section

of the Group Manager GUI, can be sorted by administrator account, date and time, or administrator action.
Limitations on Administrator Auditing Capabilities : The following administrative commands are not written to the Audit log: Creation of volume and pool administrator accounts. Assignment of volumes to a volume administrator. Enabling or disabling Data Center Bridging (DCB) for the group.

LDAP configuration actions.

NAS configuration actions. CLI exec command. Shutting down group members.

Introduction to PS Series Management

4-22

Activities area: Allows for deletion/ vacate of a member Gathers and views various statistics relating to the fans, power supplies, network interfaces, and disk drives. Tabs are used to display detailed information about a specific member, such as: Member status: Check the status displayed in the status column. Online Member is a functioning member of the group. iSCSI connections to the member: Number of host iSCSI connections to volumes or snapshot data located on the member. The Member Status window shows much of the same information as the Member Summary window but also includes the following: Member disk space allocation: The current allocation of member disk space; member capacity which is the total amount of usable disk space on the member; spare disks are not included in the usable disk space total Space used by volumes: The amount of usable disk space on the member that is allocated to volumes Space used by snapshots: The amount of usable disk space on the member that contains snapshot data Free member space: The amount of usable disk space that is not allocated to volumes or does not contain snapshot data Network interface status: Checks that a member has at least one functioning network interface Member space utilization: The space utilization panel displays a bar graph depicting how the member space is currently used Enclosure: Displays environmental information about the array including temperature, power supply, and fan status Controllers: Displays control module and battery status and allows you to set the cache mode Disks: Displays the disk configuration and RAID status Network: Displays the network configuration and enables you to configure network interfaces Service: Displays detailed array information such as the backplane serial number which is the arrays serial number Introduction to PS Series Management 4-23

5.1 firmware support LLDP, Link Level Discovery Protocol.

24

Once the member has been initially configured using the Setup or Wizard utility, the members RAID policy must be defined. Start the browser: Login to the group Select the new member Select yes to configure the RAID policy Specify which of the available RAID policies you wish to use for this member RAID 10 RAID 50 RAID 6 RAID 5 must have 24x7 staff on site You can also change the RAID type at any time, be aware that performing this may result in a performance impact to the storage array and the volumes on the array. Also be aware that you can only convert from certain RAID types to other RAID types and that not all conversions are allowed Convert RAID 10 to RAID 50, RAID 5 or RAID 6

Convert RAID 50 to RAID 5 or RAID 6

Convert RAID 5 to RAID 50 or RAID 6

Introduction to PS Series Management

4-25

Within the Performance Monitor, you can add more statistics to the display area, change the length of time between which data points are collected, change the number of data points to save, change the view type (chart, histogram, or data table), and change the scale (linear or logarithmic). To start the Performance Monitor tool from the Group Manager GUI select from the Members list a member, then select either the Disks or Network tab, right-click a row for a drive or an Ethernet port and choose Statistics. The data is displayed in the Performance Monitor main window.

Introduction to PS Series Management

4-26

To change the data a collection preference or to add additional statistics to the monitoring window select the Preferences or Add Statistics button on the main monitoring screen. For the preferences you can change the polling interval as well as the number of data point to save. As you increase the number of data points to save this will increase that total capacity viewable within the chart. For the Statistics you can select the member you wish to collect the statistical dat a on, the data collection item, Disk, network interface, IP, TCP and UDP and what parameter within that collection item you wish to gather statistics on. The example above shows a disk drive on a member and below shows a network interface, IP, TCP and UDP statistic parameters on a member.

Introduction to PS Series Management

4-27

A dedicated management network lets you separate iSCSI traffic (volume I/O) from management traffic (GUI and CLI sessions, and other group management communications). A management network is only used for managing the group. All management-related services, such as the Group Manager GUI and CLI, use the management IP address. With a dedicated management network, the group IP address is no longer used to connect to the group to manage it with the GUI or CLI. Instead, users log in to the management IP address. The group IP address continues to be used for iSCSI access to the group by replication partners and initiators. Considerations This provide for increased security by not having the iSCSI traffic and Management traffic on the same network. This removes one of the network interfaces on each control module of each group member for iSCSI traffic, thus reducing the over all network capacity going to the member from 3 to 2 gigabits (PS5XXX series) or from 4 to 3 gigabits (PS6XXX) per member. This should only be done if there is a requirement for a separate Management network. Configuration Connect all Eth2 cables on all controllers (Eth3 on Type 7 controllers), of all members, to a separate Gigabit Ethernet network switch. Obtain an IP address for the management network interface your are configuring, along with a default gateway and subnet mask. This address must be on a separate subnet from the iSCSI network addresses. From the GUI select Group Configuration > Advanced tab. In the Dedicated Management Network panel, click Configure management network. For each group member, select the eth2 interface and click Configure for management-only access. In the dialog box enter the IP address and subnet mask for the eth2/eth3 interface. Introduction to PS Series Management 4-28

Connection Connect all Eth2 cables on all controllers, of all members, to a separate Gigabit Ethernet network switch. On a PS6000/PS6500, eth3 is the only port that can be used for management. On a PS5000/PS5500, eth2 is the only port that can be used for management.

Obtain an IP address for the management network interface your are configuring, along with a default gateway and subnet mask. This address must be on a separate subnet from the iSCSI network addresses.
Select a network management WKA to use. Configuration From the GUI select Group Configuration > Advanced tab. In the Dedicated Management Network panel, click Configure management network. For each group member, select the eth3 (eth2 on the PS5XXX) interface and click Configure for management-only access. In the dialog box enter the IP address and subnet mask for interface.

Introduction to PS Series Management

4-29

Enclosure view provides environmental information such as temperature, fan status along with power supply status. Controllers view provides the status of each controller, which one is a primary or secondary and also the current firmware version running on the controller. Disks drive view provides status of the disk drives, as far as which drives are the operating normal, failed or spare disk drives.

Introduction to PS Series Management

4-30

To create a new volume: Click Volumes in the leftmost column to manage volumes. Click Create Volume in the activities pane.

Introduction to PS Series Management

4-31

Step 1 of 3 General Volume Settings Name: Provide a unique name, up to 64 alphanumeric characters, used to identify the volume for administrative purposes. Size: Enter a value for the volume size and select the unit (by default, GB) Leave all other values at default for now. Step 2 of 3 Space Reserve Settings Specify the size of the volume in MB or GB. For now, do not specify Thin Provisioned Volume. Step 3 of 3 iSCSI Access settings Specify who can access this volume by: CHAP user name IP address or range of addresses In this example, the IP address of a server has been specified. iSCSI name To prevent inadvertent sharing, all volumes and snapshots created beginning with V4.0 are configured by default to disallow connections from more than one iSCSI qualified name (IQN). In practice, this prevents connections from multiple initiators, assuming (as is the best practice) that all the initiators on a single server use the same IQN. You should enable shared access on specific volumes and snapshots, if your environment coordinates writes properly; for example in cluster environments, VMware ESX environments, etc.

Introduction to PS Series Management

4-32

In shared storage environments, you must control host (server) access to a volume (iSCSI target), both for security reasons and to prevent inadvertent corruption of the volume caused by multiple hosts writing to it in an uncoordinated manner. By default, only one iSCSI qualified name (IQN) is allowed to connect to a volume at one time (that is, multi-host access is disabled). It is best practice for all initiators on a single server to use the same IQN. To allow multiple IQNs to connect to a volume, you must enable multi-host access to the volume. When a host tries to access a volume, if multi-host access is enabled, the group then compares the host credentials to the volumes access control records. If they match, access is allowed. If they do not match, access is denied. This is the same as the behavior in earlier firmware releases. If multi-host access is disabled: If there are no current connections to the volume, the group compares the host credentials to the access control records. If they match, access is allowed. If not, access is denied. If there is a connection to the volume, the group compares the IQN of the current connection to the IQN of the incoming connection. If they are not the same, access is denied. If they are the same, the group compares the host credentials to the access control records. If they match, access is allowed. If not, access is denied. Do not enable multi-host access if your multipathing solution uses the same IQN on all initiators (for example, a software initiator and an HBA), or you can modify the names to be the same. If all initiators have the same IQN, they can access the same volume. The initiators manage the connections and prevent corruption. Enable multi-host access if: Your multipathing solution does not use the same IQN on all initiators, and you cannot modify the names to be the same. You use a cluster environment, which gives the initiators on each cluster host a different IQN. The cluster software manages the connections and prevents corruption. You use an environment, such as a virtual server, that can manage multiple connections to the same volume, for example, through SCSI reservations.

Introduction to PS Series Management

4-33

Administrative roles and how they can manage the EqualLogic SAN is dependent on the role that that administrator has within the SAN grpadmin is the initial administrator created when the group is first created. This role can do everything from creating the group , performing firmware upgrades to creating pools, volumes and performing replications Group Admin can perform all that the grpadmin role can do except for performing firmware updates

Pool administrators Can manage the volumes, members, snapshots, and other objects only in the pool or pools for which the account has authorization. Optionally, pool administrators can view information about all group objects.
Read Only allows a user only the ability to look at group but they cannot perform any changes or additions Volume Admin Provides the capability for multiple customers to share the group and to be unaware of the other customers using the group, Not be able to view or affect other customers admin accounts. Not be able to view or affect other customers volume configuration or volume data, and not to be able to change any group or pool settings. This now removes the burden of having to be a Group or pool administrator when it comes to creating and managing a volume. The volume admin account type provides the ability to create and manage its own volumes. This is accomplished by the group administrator distributing the workload to trusted accounts.

Introduction to PS Series Management

4-34

Pool administrator - Can manage the volumes, members, snapshots, and other objects only in the pool or pools for which the account has authorization. Optionally, pool administrators can view information about all group objects. Volume administrator - Can manage only the volumes for which the account has authorization. Additionally, volume administrators can view information about pools to which the account has access.

Volume administrators have a restricted view of group information; for example, they cannot see volumes owned by other administrators.

Introduction to PS Series Management

4-35

As the grpadmin you must create the volume admin accounts, they can not be created by any other user. The grpadmin can also assign existing volumes to a volume admin. If the volume is not assigned to a volume admin then only the grpadmin can manage the volume Volume Admin restrictions: A volume admin can only see its own admin account. A volume admin can only see its own volumes.

A volume admin can only see pool information for pools in which it has quota.
A volume admin can never view group/pool information that would allow it gain additional information (for instance viewing the SNMP community names).

All pool and volume operations can be done from either the CLI or the GUI. The GUI provides additional extras, including pie charts for displaying storage utilization. The volume admin feature is hidden until the first volume admin account is created. RADIUS authentication is fully supported for both pool and volume admin accounts. The design scales to 100 total accounts, including both locally defined admin accounts and RADIUS logins. The group admin can now delete RADIUS login proxy accounts.

Introduction to PS Series Management

4-36

Volume admin user account information and characteristics A volume admin will have the following common attributers name - name of the volume admin user password password that is used at log in for the volume administrator Contact - general contact information

Description description of the user

Pool - what pool or pools this user can create volume in Quota - how much of the pool space can this user use to create and modify volumes Partner this is the replication partner that this volume can be replicated with by this volume administrator A volume admin can never use storage without it counting against its quota. This implies that a volume admin is not allowed to un-assign a volume that it owns. This also prevents any operation that may result in an unassigned volume. An exception to this is during replication, a volume admin may have temporary use of the free pool space.

Introduction to PS Series Management

4-37

To create a Volume admin first select in the Group Configuration the Administration Tab. Then select in the Administration Accounts area the add , to add a new user. Once you have selected the add user and the Add User Wizard will start. On the step 1, General Settings enter the users Account name , password and a description of the volume administrator On the step 2, Account permissions, enter the user type and Enable the account. If the user is Volume Administrator then you will need to define ; what pool or pools the volume Administrator can access volumes in and also what is the Quota, allowed space , that this users can create volumes in On the step 3, Replication Partners, Select for the list of partners, the partner that this Volume Administrator can replicate volumes to On the step 4, Contact Information, enter the Volume Administrator contact information

Introduction to PS Series Management

4-38

Active Directory Group authentication - The largest advantage for using Active Directory groups are that there is good scalability for large environments with many users in which you can quickly add many administrator accounts to the group. - If users are removed from the Active Directory group, you do not need to update the arrays list of administrator accounts. Active Directory User authentication - Good for smaller environments in which only a few Active Directory accounts are added - PS Series Group Administrator controls which user accounts are in the group.

Introduction to PS Series Management

4-39

- A local user account on the PS Series array will supersede and Active Directory account. - A user will supersede a group - At this time the most current version of firmware will only support one Active Directory domain - All group members must have the 5.1 version of the Equallogic firmware installed for the group to authenticate against the Microsoft Active Directory database

Introduction to PS Series Management

4-40

Introduction to PS Series Management

4-41

Introduction to PS Series Management

4-42