63312776 Celerra CLI Lab Guide (1)

NAS Operations and ManagementLab Guide

Using the CLI103006

NAS Operations and Management

Lab Guide

(Using the CLI)

Education Services

October 2006

NAS Operations and Management Student Lab Guide

Copyright 2006 EMC Corporation. All Rights Reserved. Version 5.5 Page 2 of 116

Copyright:

Copyright 1996, 2000, 2001, 2002, 2003, 2004, 2005, 2006 EMC Corporation. All Rights Reserved. EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice. THE INFORMATION IN THIS PUBLICATION IS PROVIDED AS IS. EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Use, copying, and distribution of any EMC software described in this publication requires an applicable software license. EMC, ICDA (Integrated Cached Disk Array), and EMC2 (the EMC logo), and Symmetrix, are registered trademarks of EMC Corporation. EMC and SRDF are trademarks of EMC Corporation. All other trademarks used herein are the property of their respective owners.



Trademark Information: EMC Trademarks

EMC2, EMC, Symmetrix, Celerra, CLARiiON, CLARalert, Connectrix, Dantz, Documentum, HighRoad, Legato, Navisphere, PowerPath, ResourcePak, SnapView/IP, SRDF, TimeFinder, VisualSAN, and where information lives are registered trademarks and EMC Automated Networked Storage, EMC ControlCenter, EMC Developers Program, EMC OnCourse, EMC Proven, EMC Snap, Access Logix, AutoAdvice, Automated Resource Manager, AutoSwap, AVALONidm, C-Clip, Celerra Replicator, Centera, CentraStar, CLARevent, CopyCross, CopyPoint, DatabaseXtender, Direct Matrix, Direct Matrix Architecture, EDM, E-Lab, Enginuity, FarPoint, FLARE, GeoSpan, InfoMover, MirrorView, NetWin, OnAlert, OpenScale, Powerlink, PowerVolume, RepliCare, SafeLine, SAN Architect, SAN Copy, SAN Manager, SDMS, SnapSure, SnapView, StorageScope, SupportMate, SymmAPI, SymmEnabler, Symmetrix DMX, Universal Data Tone, and VisualSRM are trademarks of EMC Corporation. All other trademarks used herein are the property of their respective owners.

Third Party Trademarks

AIX is a registered trademark of International Business Machines Corporation. Brocade, SilkWorm, SilkWorm Express, and the Brocade logo are trademarks or registered trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. Compaq and the names of Compaq products referenced herein are either trademarks and/or service marks or registered trademarks and/or service marks of Compaq. Hewlett-Packard, HP, HP-UX, OpenView, and OmniBack are trademarks, or registered trademarks of Hewlett-Packard Company. McDATA, the McDATA logo, and ES-2500 are registered trademarks of McDATA Corporation. Microsoft, Windows, and Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. NobleNet is a registered trademark of Rogue Wave Software, Inc. SANbox is a trademark of QLogic Corporation. Sun, Sun Microsystems, the Sun Logo, SunOS and all Sun-based trademarks and logos, Java, the Java Coffee Cup Logo, and all Java-based trademarks and logos, Solaris, and NFS, are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. UNIX is a registered trademark of The Open Group.

Document Revision History: Rev # File Name Date NAS_Operations_and_Management 04-07-2006 C 10-25-2006



Table of Contents: NAS Operations and Management Student Lab Guide - CLI

Copyright: ...........................................................................................................................2 Trademark Information: ......................................................................................................3 Document Revision History: ...............................................................................................3 Table of Contents: NAS Operations and Management Student Lab Guide....................4 CLI Lab Guide ....................................................................................................................6

Lab 1: Celerra File Server: Basic Configuration................................................................7 Lab 1: Exercise 1: Plan and Configure Data Mover Failover..............................................8 Lab 1: Exercise 2: Configure Data Movers Network Interface Cards.................................9 Lab 1: Exercise 3: Configure File Systems for Celerra.....................................................11 Lab 1: Exercise 4: Configure Data Movers to Mount and Export File Systems ................12 Lab 1: Exercise 5: Managing File Systems ......................................................................14

Lab 2: Securing NFS..........................................................................................................17 Lab 2: Exercise 1: Exporting File Systems: Assigning root to Another Host.....................18 Lab 2: Exercise 2: Configure Celerra File System with Read Mostly Permission...........22 Lab 2: Exercise 3: Integrating Celerra File Server with NIS .............................................24

Lab 3: CIFS in a Microsoft-only Environment..................................................................29 Lab 3: Exercise 1: Configuring Data Mover for CIFS........................................................30 Lab 3 Exercise 2: Move a VDM to a Different Data Mover ..............................................39 Lab 3: Exercise 3: Configuration Cleanup ........................................................................41 Lab 3: Exercise 4: Removing CIFS ..................................................................................40 Lab 3: Exercise 5: Remove a VDM ..................................................................................41

Lab 4: CIFS with NFS.........................................................................................................43 Lab 4: Exercise 1: Migrate Users and Groups for use in passwd and group Files ...........44 Lab 4: Exercise 2: Configure a CIFS Server on Celerra Data Mover in a Domain ...........46 Lab 4: Exercise 3: Configure a Celerra File System for your Data Mover ........................47 Lab 4: Exercise 4: Cleanup CLI........................................................................................51

Lab 5: Implementing Quotas.............................................................................................53 Lab 5 :Exercise 1: Configure Hard and Soft Quotas Using Windows 2000 GUI - CLI ......54 Lab 5 :Exercise 2: Configuring Unix File System Quotas on Celerra ...............................58 Lab 5: Exercise 3: Configuring file system Tree Quotas on Celerra .................................61 Lab 5 :Exercise 4: Windows Cleanup...............................................................................64

Lab 6: Celerra CIFS Features ............................................................................................65 Lab 6: Exercise 1: Configure a CIFS Server on your Celerra Data Mover .......................66 Lab 6: Exercise 2: Configuring CIFS for Home Directories ..............................................68 Lab 6: Exercise 3: File Extension Filtering (exclude .mpg files) .......................................70 Lab 6: Exercise 4: File Extension Filtering (Include only .pdf files)...................................73 Lab 6: Exercise 5: Configure and Implement a DFS Root File System - GUI ONLY ........75 Lab 6: Exercise 6: Removing CIFS ..................................................................................82



Table of Contents: NAS Operations and Management Student Lab Guide - CLI (Cont.)

Lab 7: EtherChannel, Fail Safe Network ..........................................................................85

Lab 7: Exercise 1: Configuring EtherChannel ..................................................................86 Lab 7: Exercise 2: Configuring an FSN ............................................................................88

Lab 8: iSCSI on Celerra .....................................................................................................91 Lab 8 : Exercise 1: Configure iSCSI Target on the Celerra ..............................................92 Lab 8 : Exercise 2: Configure the Windows iSCSI Initiator...............................................94 Lab 8 : Exercise 3: Removing iSCSI Configuration ........................................................101

Lab 9: Configuring a Nested Mountpoint File System..................................................103 Lab 9 : Exercise 1: Configuring a Nested Mountpoint File System.................................104

Lab 10: SnapSure.............................................................................................................107 Lab 10 Exercise 1: Configuring SnapSure .....................................................................108

Lab 11: Celerra Replicator ..............................................................................................113 Lab 11 Exercise 1: Configuring Celerra Replicator.........................................................114

Appendix............................................................................................................................117



CLI Lab Guide This Lab Guide introduces Celerra Manager v5.5. The CLI commands can be executed from one of three places:

1. Putty on your workstation 2. CLI Command in the Celerra Manager tree hierarchy CLI from the GUI supports

most CLI commands. However, it does not support interactive commands, such as nas_quotas. It also does not support running vi or other text editors.

3. Tools in the tree hierarchy > SSH shell This option gives you full access to all CLI

commands, including interactive commands and text editors. This is the option we recommend throughout this lab. When logging in to SSH from Celerra Manager, be sure to log in as nasadmin. You can su to root from there if required. As always, be careful when logged in as root.



Lab 1: Celerra File Server: Basic Configuration Scenario: Hurricane Marine, LTD has just received shipment of their new

EMC Celerra File Server. The Celerra has been set up and installed by EMC Customer Service. Before going into production, Ira Techi the head of Hurricane Marines IT department, would like to test the capabilities and features of the Celerra. In this lab you will set up the most basic Celerra configurations. When you have completed the lab your Celerra should be on the network with an exported file system accessible to Hurricane Marines UNIX clients.

Purpose:

In this lab you will examine the components of your Data Mover to determine if they are compatible for Data Mover failover. Then you will configure server_2 to use server_3 as its standby Data Mover. Later in this course you will test the functionality of the setup.

Depending on the back-end storage being used, the Data Movers may already be configured with a standby. For example, an NSX00/NSX initial setup configures one Data Mover as a primary and one as a standby.

Objectives: Configure Data Mover failover Configure Celerra Data Movers Network Interface Cards Configure file systems for Celerra. Configure Data Movers to mount and export file systems. Managing file systems.

References: Configuring Celerra Quick Start P/N 300-002-677 Rev A01 Version 5.5 March 2006

Celerra Network Server System Operations P/N 300-002-702 Rev A01 Version 5.5 March 2006



Lab 1 Exercise 1: Plan and Configure Data Mover Failover Step Action

1 Configure Data Mover failover standby relationships: SSH to your Celerra Control Station, logging on as nasadmin

2 View the server table for your Celerra and record the following information for each Data Mover: $ nas_server -list id type slot name _________________________________ _________________________________ _________________________________ _________________________________ _________________________________

3 Confirm that server_2 and server_3 have the same hardware components. $ server_sysconfig server_2 Platform Record the following information from server_2: Processor speed (MHz) _____________ Total main memory (MB) ___________ Mother board _____________________ Bus speed (MHz)__________________ $ server_sysconfig server_2 pci |more Make note of all of the PCI devices in your Data Mover. Now issue the same commands for server_3 and compare the results. Do your two Data Movers have the same hardware components? ______

4 Verify your configuration. $ nas_server info server_2 Does the output from this command identify server_3 as the standby server? ______ $ nas_server info server_3 Does the output of this command indicate that server_3 is a standby for server_2? ______ If server_3 is already configured then go to the next exercise, ignoring steps 5 and 6.

5 Use the server_standby command to configure server_2 to use server_3 as its standby Data Mover; Use the auto policy. $ server_standby server_2 c mover=server_3 policy auto

6 After server_3 reboots, view the server table once again. $ nas_server list What has changed? __________________________________



Lab 1 Exercise 2: Configure Data Movers Network Interface Cards

In this lab you will be configuring Celerra with basic networking settings. The tasks in this lab will likely be required for most Celerra configurations. If you are working with a lab partner, one person will be setting up the configuration while the other observes. You should alternate roles from time to time.

Step Action

1 Preparation:

Before you begin, you will want to confirm the following key information from the Lab IP Address Schema appendix:

Hurricane Marines DNS domain name is: hmarine.com The DNS IP address is: 10.127.*.161 Hurricane Marines NIS domain name is: hmarine.com The NIS IP address is 10.127.*.163 The IP address of your Control Station:

______ . ______ . ______ . ______ The IP address information for server_2 & server_3. server_2:

IP address: ______ . ______ . ______ . ______ Subnet mask: ______ . ______ . ______ . ______ Broadcast address: ______ . ______ . ______ . ______ Default gateway: ______ . ______ . ______ . ______

server_3: IP address: ______ . ______ . ______ . ______ Subnet mask: ______ . ______ . ______ . ______ Broadcast address: ______ . ______ . ______ . ______

Default gateway: ______ . ______ . ______ . ______

2 Configure the network interface card for server_2:

SSH to your Celerras Control Station.

3 Configure the Fast Ethernet card in server_2 to use a transmission speed of 100Mbs, and full duplex mode. $ server_sysconfig server_2 pci x o speed=100,duplex=full where x is the device name, for example cge0 (or ana0) Repeat step 3 for the following Fast Ethernet 10/100 ports: cge1(ana1), cge2(ana2), cge3(ana3).



Step Action

4 Configure the IP address for the 10/100 FastEthernet NIC (port cge0) for server_2. $ server_ifconfig server_2 c D cge0 n cge0-1 p IP 3 IP params for server_2

5 Test the network interface by pinging the external IP address of your Control Station. $ server_ping server_2 This step should work. Was this successful? ______ Ping the IP address of your Windows workstations. This should fail, see next step

6 Configure the default gateway, DNS server address, and the NIS server address for server_2: Configure server_2 to use the default gateway recorded in step 1. $ server_route server_2 a default

7 Test your configuration by pinging from your Data Mover to your Windows workstation. $ server_ping server_2 Note: You may also want to ping back from the Windows workstation to your Data Mover by connecting to your Windows workstation and issuing the Ping command.

8 Configure server_2 to use the names and addresses of the DNS and NIS servers that you recorded in step 1. $ server_dns server_2 hmarine.com $ server_nis server_2 hmarine.com

Answer the following questions using the Celerra man pages as a resource. How would you shut down the network interface temporarily? (See man page for server_ifconfig.)

________________________________________________

How would you delete this configuration? (See man page for server_ifconfig.) ________________________________________________ ________________________________________________



Lab 1 Exercise 3: Configure File Systems for Celerra In this lab you will be configuring Celerra file systems. These file systems will be used in additional

exercises. If you are working with a lab partner, one person will be setting up the configuration while the other observes. You should alternate roles from time to time.

Step Action

1 Preparation:


2 In this exercise you will be configuring file systems. First check to see if there are disks available. $ nas_disk l How many standard (STD/CLSTD) disk volumes are available (not in use)? __________________

3 Create a file system using AVM: Create a 1Gig file system called fs1 using AVM with the proper storage pool depending on the backend storage. $ nas_fs n fs1 -create size=1G pool=storage_pool o slice=Y Where storage_pool would be symm_std (Symmetrix) or clar_r5_performance (CLARiiON)

4 Confirm that your file system was created. $ nas_fs i fs1 Which disks were used to create the file system? ______________________________

5 Confirm that your file system is not in use. $ nas_fs l (Reference second column for in use status.)



Lab 1 Exercise 4: Configure Data Movers to Mount and Export File Systems

The purpose of this exercise is to make your Celerra file systems available for access from the network. If you are working with a lab partner, one person will be setting up the configuration while the other observes. You should alternate roles from time to time.

Step Action

1 Mount your file system to a mountpoint called /mp1 using the default mounting settings. $ server_mount server_ x fs1 /mp1 (Where x is the number of your Data Mover.)

2 Export this file system for the NFS protocol, assigning anonymous users root access:

Export this file system for the NFS protocol, assigning anonymous users root access, UID 0 (zero). $ server_export server_x o anon=0 /mp1 (Where x is the number of your Data Mover.)

NOTE: This step is for verification purposes only. It should not be used for production file systems unless directly requested.

3 Confirm that you exported file system is in the export table:

Confirm the status of your exported file system. $ server_export server_x (Where x is the number of your Data Mover)

Perform the following logged on to a UNIX workstation.

4 Make an NFS mount to the exported file system on your Data Mover:

Log on to the UNIX workstation as root

5 Confirm that you are at the root file system. # cd /

6 Make a directory for your NFS mount. # mkdir studentx (Where x is your Celerra number.)

7 Check the contents of your /studentx directory. # ls studentx (Where x is your Celerra number.)

8 What is in this directory? ______________________________________

9 NFS mount this directory to the exported file system on your Data Mover. # mount z:/mp1 /studentx (Where z is the IP address of the FastEthernet port of your Data Mover, and x is your Celerra number.)

10 Check the contents of your /studentx directory. # ls studentx (Where x is your Celerra number.)



Step Action

11 What is in this directory now? ______________________________________ (By default a new directory is empty. In comparison, a new file system contains a lost+found directory. Therefore, when you created your /studentx directory it should have been empty. However, after NFS mounting it to your Data Mover /studentx is now being redirected to a file system.)

12 Change directory to /studentx and create a new file. # cd /studentx # touch filex (Where x is your Celerra number.)

13 Were you able to create a new file? ____________



Lab 1 Exercise 5: Managing File Systems In this lab, you work with existing file systems to check their status, and extend existing file systems. If

you are working with a lab partner, one person will be setting up the configuration while the other observes. You should alternate roles from time to time.

Step Action

1 Managing file systems:


Obtain a list of all Celerra file systems $ nas_fs list

2 Display detailed information on fs1. Which disks are being used for the respective file system? $ nas_fs info fs1 ___________________________________________

3 What percentage of fs1 has been utilized? $ nas_fs size fs1 _______________________________________________

4 Extending a file system:

Extend the file system, fs1, by the specified size of 10 GB using Symmetrix STD disk volumes or CLARiiON CLSTD disk volumes in 4+1 RAID 5. $ nas_fs -xtend fs1 size=10G pool=storage_pool Where storage_pool would be symm_std (Symmetrix) or clar_r5_performance (CLARiiON)

5 Check the detailed information on your file system. $ nas_fs size fs1

6 What is the size of your file system now? _______________________________________________

If necessary take turns with your lab partner to perform the following tasks.

7 Unmount the NFS mountpoint on the UNIX workstation:

Log on to the UNIX workstation as root

8 Unmount the NFS mountpoint. # cd / # umount /studentx (Where x is your Celerra number.)

9 Removing exports, mounts, mountpoints, file systems, and volumes: Log onto the Celerra Control Station as nasadmin

10 Permanently unexport your file system. $ server_export server_x u p /mp1

11 Permanently unmount your file system. $ server_umount server_x p /mp1



Step Action

12 Using the Celerra man pages if needed, delete all of the following: - file systems $ nas_fs delete fs1 - mountpoints on Data Movers $ server_mountpoint server_x delete /mp1

Answer the following question using the Celerra man pages as a resource. How did you unexport and unmount your file systems permanently?

____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________



Lab 2: Securing NFS

Scenario: In Lab 1 you exported a file system for NFS access. However, there was no real security to the file system. A production system, on the other hand, requires the ability to manage security of the file systems that are available to the network. In this lab you will perform some of the options for securing a file system that is exported to the NFS clients. You will demonstrate three of these methods

Purpose:

In this lab you will export a file system and assign root privileges to another UNIX host.

Objectives: Exporting file systems: Assigning root to another host Exporting file systems: Read mostly. Integrating with NIS

References: Configuring NFS on Celerra P/N 300-002-693 Rev A01 Version 5.5 March 2006



Lab 2 Exercise 1: Exporting File Systems: Assigning root to Another Host

In this lab you will export a file system and assign root privileges to another UNIX host. If you are working with a lab partner, one person will be setting up the configuration while the other observes. You should alternate roles from time to time.

Step Action

1 Preparation:

Before you begin this exercise you will want to record the following information:

The IP address of your UNIX workstation: 10.127. ______. ______ The IP address of another UNIX workstation (See below):

10.127. ______. ______

Use the following table to learn which other UNIX workstation to use for this exercise:

If you are at: Use:

sun1 sun2

sun2 sun1

sun3 sun4

sun4 sun3

sun5 sun6

sun6 sun5

2 Create a 10Gig file system called fs2 using AVM with the proper storage pool depending on the backend storage. To conserve and manage disk space, we will set slice option to yes $ nas_fs -name fs2 -create size=10G pool=storage_pool o slice=y

Where: storage_pool would be symm_std (Symmetrix) or clar_r5_performance (CLARiiON)

3 Mount your file system (fs2) to your Data Mover. note: AVM will create the mountpoint for you $ server_mount server_x fs2 /mp2 (Where x is the number of your Data Mover.)

4 Export the file system, assigning root permission to your UNIX workstation:

Use the server_export command to assign root permission to your UNIX workstation. $ server_export server_x o root=y /mp2 (Where x is the number of your Data Mover, and y is the IP address of your UNIX workstation.)



Step Action

Exchange places with your lab partner. (Unless you have been working individually.) 5 Make an NFS mount to the exported file system on your Data Mover from 2 locations:

Log on to the UNIX workstation as root.

6 Confirm that you are at the root file system. # cd /

7 Verify that the /studentx directory is still present (ls command). If it is missing make a directory for your NFS mount. # mkdir /studentx (Where x is the number of your Celerra.)

8 NFS mount this directory to the exported file system on your Data Mover. # mount z:/mp2 /studentx (Where z is the IP address of the FastEthernet port of your Data Mover, and x is your Celerra number.)

9 Change to the /studentx directory and create a new directory and create a new file in that directory. # cd /studentx # mkdir dirx # cd dirx # echo THIS IS A TEST >filex (Where x is the number of your Celerra.) Were you able to create a new directory and file? ____________

10 Telnet to another UNIX workstation as root. # telnet 10.127.*.x (Where x is the IP address of the other UNIX workstation that you recorded in step 1.)

11 Create a directory off of the root file system of your UNIX workstation and name the directory /remotestudentx. (Where x is the number of your Celerra.) # cd / # mkdir /remotestudentx

12 NFS mount the above directory to the file system that you exported in step 5. # mount :/mp2 /remotestudentx (Where x is your Celerra.)

13 Can you navigate to and read the file that you created in step 10? __________________ # cd /remotestudentx/dirx # cat filex (Where x is the number of your Celerra.)

14 # touch filex (Where x is the number of your Celerra)

Do you have write permissions? _____________

15 Exit your telnet session to your other UNIX workstation. # exit



Step Action

16 Administer the permissions of the Data Movers file system from you UNIX workstation:

Verify that you are logged on to your UNIX workstation as root. # who am i # hostname

17 Navigate to the NFS mounted directory # cd /studentx

18 Assign all users full access to dirx # chmod 777 dirx (Where x is the number of your Celerra.)

19 Telnet to the other UNIX workstation.

20 Change user to Selma Witt #su switt

21 Navigate (change directory) to /remotestudentx/dirx suny% cd /remotestudentx/dirx (Where x is the number of your Celerra)

22 suny% mkdir swittx (Where x is the number of your Celerra) Can you create a subdirectory in dirx? _____________

23 Change user to Earl Pallis suny% su epallis password: epallis

24 suny% cd swittx suny% mkdir epallisx (Where x is the number of your Celerra) Can you get into swittx, and create another subdirectory? ______

25 suny% cd .. suny% mkdir epallisx (Where x is the number of your Celerra) Can Earl Pallis create a subdirectory inside dirx? _______

Answer the following question(s). What were the effective permissions in dirx when you exported the file system? (Who had write

access?) __________________________________________________________________ __________________________________________________________________ __________________________________________________________________

What were the effective permissions after you changed mod to 777 of dirx?

__________________________________________________________________ __________________________________________________________________ __________________________________________________________________



Step Action

26 Remove the current configuration: Exit from user epallis. suny% exit suny% Exit from user switt. suny% exit #

27 Unmount /remotedstudentx at the remote workstation. # cd / # umount /remotestudentx (Where x is the number of your Celerra.)

28 Exit from telnet session to your other UNIX workstation. # exit

29 Unmount /studentx at your UNIX workstation. # cd / # umount /studentx (Where x is the number of your Celerra.)

30 Log on to your Celerras Control Station as nasadmin. 31 Permanently unexport your file system.

$ server_export server_x u p /mp2



Lab 2 Exercise 2: Configure Celerra File System with Read Mostly Permission

The purpose of this exercise is to provide a Read-Write permission to some users, while allowing Read-only to others. (Referred to in Celerra documentation as Read mostly.) If you are working with a lab partner, one person will be setting up the configuration while the other observes. You should alternate roles from time to time.

Step Action

1 Provide Read-Write permission to your UNIX workstation, while giving Read-only access to everyone else:

Log on to your Celerras Control Station as nasadmin.

2 Export your file system as Read mostly. Give your UNIX workstation read-write permission, and everyone else read-only permission. $ server_export server_x o anon=0,rw=10.127.*.z /mp2 (Where x is the number of your Data Mover, and z is the IP address of your UNIX workstation.)

3 Test Read-Write permission from your workstation:

Log on to your UNIX workstation as root

4 Mount the /studentx directory to the file system exported in step 2 of this exercise. (See Exercise 1, Step 9 for details)

5 Verify that you have read-write permission by creating a directory named unixz. (Where z is the number of your UNIX workstation.) # cd /studentx # mkdir unixz (Where x is the number of your Celerra, and z is the number of your UNIX workstation.) Were you able to create the directory? ________________________

6 Verify that you have Read-only access from other locations: Log onto your other UNIX workstation as root. (See Exercise 1, Step 1)

7 Mount your /remotestudentx directory to the file system that you exported in step 2

8 Verify that you have read-only permission by trying to create a directory named remoteunixz. (Where z is the number of the remote UNIX workstation.) # cd /remotestudentx # mkdir remoteunixz (Where x is the number of your Celerra, and z is the number of your other UNIX workstation.) Were you able to create the directory? ________________________

9 Can you read the directory created in step 5? ______________ # cd unixz # ls al (Where unixz is the directory that was created in step 5.)



Step Action

Answer the following question.

In step 2, how would you have provided read-write access to all hosts in your subnet? (man server_export)

__________________________________________________________________ __________________________________________________________________

__________________________________________________________________

Clean Up.

10 Unmount your UNIX workstations from /mp2 and unexport all file systems from your Data Mover: Umount /remotestudentx. # cd / # umount /remotestudentx

11 End your telnet session to your other UNIX workstation # exit Connection closed

12 Umount /studentx. # cd / # umount /studentx

13 Log on to your Control Station as nasadmin.

14 Permanently remove all exports from your Data Mover. $ server_export server_x u p a



Lab 2 Exercise 3: Integrating Celerra File Server with NIS Mr. Techi would ultimately like to administer security on the Celerra by integrating it with NIS. In this

exercise you will configure your Data Mover to use NIS. You will also test this configuration by providing certain users access to his or her own directories on the Data Movers file system. If you are working with a lab partner, one person will be setting up the configuration while the other observes. You should alternate roles from time to time.

Step Action

1 Preparation:

Before you begin this exercise you will want to record the following information: The IP address of your Hurricane Marines NIS server 10.127. ______.163 The IP address of another UNIX workstation (See below): 10.127. ______ . ______ Use the following table to learn which other UNIX workstation to use for this exercise:

If you are at: Use:

sun1 sun2 (10.127.*.12)

sun2 sun1 (10.127.*.11)

sun3 sun4 (10.127.*.14)

sun4 sun3 (10.127.*.13)

sun5 sun6 (10.127.*.16)

sun6 sun5 (10.127.*.15)

2 Configure your Data Mover to use NIS:

Log on to your Celerras Control Station as nasadmin

3 Verify and/or configure your Data Mover to integrate with Hurricane Marines NIS server. Verify: $ server_nis server_x If required configure: $ server_nis server_x hmarine.com 10.127.*.163 (Where x is the number of your Data Mover.)

4 Export your file system, assigning root privilege to your UNIX workstation: Verify that file system fs2 is still mounted to /mp2 on server_2 $ server_mount server_2

5 Export your file system, assigning root privilege to your UNIX workstation. $ server_export server_x o root=10.127.*.z /mp2 (Where x is the number of your Data Mover, and z is the IP address of your UNIX workstation.)



Step Action

6 Mount the file system from your UNIX workstation: Log on to your UNIX workstation as root

7 Verify that your /studentx directory is no longer mounted. # mount

8 Mount the /studentx directory to the file system exported in step 5. # cd / # mount :/mp2 /studentx (Where x is the number of your Celerra.)

9 Test permissions for the file system: Still as root of your UNIX workstation, change to the /studentx directory, and try to create a subdirectory. Name the subdirectory root.unixz. (Where z is the number of your UNIX workstation.) # cd /studentx # mkdir root.unixz (Where x is the number of your Celerra, and z is the number of your UNIX workstation.) Were you able to create the subdirectory? _____________

10 Telnet to the other UNIX workstation (See Lab 2 Exercise 1 Step 1) and log on as root.

11 Verify that your /remotestudentx directory is still present and is not mounted. # cd / # ls # mount

12 NFS mount /remotestudentx to your Data Movers file system that you exported in step 5. # cd / # mount :/mp2 /remotestudentx (Where x is the number of your Celerra.)

13 Change directory to /remotestudentx # cd /remotestudentx

14 Can you read the directory root.unixz? __________________ # cd root.unixz

15 Try to create a new directory inside /remotestudentx? # cd .. # mkdir root.unixy (Where y is the number of the other UNIX workstation to which you have a telnet session.) Were you able to create the directory? _________________ Why, or why not? __________________________________________

16 Exit your telnet session. (You should now be logged on to your local UNIX workstation as root.)



Step Action

17 Can Etta Place create a directory inside /studentx? # su eplace sunz% cd /studentx sunz% mkdir eplace Could she create the directory? __________

18 As root, create a directory for Etta Place and assign her ownership. sunz% exit # cd /studentx # mkdir eplace # chown eplace eplace

19 Does Etta now have write permission in /studentx/eplace? # su eplace sunz% cd /studentx/eplace sunz% mkdir eplace2 Etta should now have read-write access to her own directory

20 Using the commands illustrated in this exercise, telnet to the other UNIX workstation again. This time switch user to Etta Place. Verify that she has read-write access from the other workstation as well

21 Exit out of any user prompts to get back to a root prompt (Do not su to root). As root, unmount /remotestudentx. (Note: If your umount command returns a message that /remotestudentx is busy, then one of your users still as a process associated with this mountpoint.)

22 Exit your telnet session to the other UNIX workstation.

23 Try accessing your Data Movers exported file system as different users, experimenting to see what kind of permissions users have with each others directories. (See Appendix 4 for a list of users. Passwords are the same as the usernames in UNIX.)

If necessary take turns with your lab partner to perform the following tasks.

24 Unmount the NFS mountpoint on the UNIX workstation: Log on to the UNIX workstation as root.

25 Unmount the NFS mountpoint # cd / # umount /studentx (Where x is your Celerra number.)

26 Removing exports, mounts, mountpoints, file systems, and volumes: Log onto the Celerra Control Station as nasadmin.



Step Action



29 Using the Celerra man pages if needed, delete all of the following: - file systems - meta volumes - stripe volumes - slice volumes - mountpoints on Data Movers



Lab 3: CIFS in a Microsoft-only Environment

Scenario: The IS department of Hurricane Marine requires that all of Hurricane Marines Microsoft clients be able to store their data on the Celerra. Ultimately, all users in the enterprise (both UNIX and Microsoft clients) will store their data in one location. At the present time, you will test how the Celerra supports only Microsoft users.

Purpose:

In this lab, you will configure a directory in a file system on the Celerra that will be available to Hurricane Marines users. All users are accessing the file system from a Microsoft network. Usermapper will map Windows users to UNIX IDs. You will establish that your Celerra environment is ready for working with VDMs, be creating a VDM, and moving it and its CIFS server to another Data Mover. You will also create Local Groups on the CIFS server and manage permissions from the Windows network.

Objectives: Configure a Data Mover for CIFS Configure a CIFS server on a VDM Move a VDM to a different Data Mover Access a Celerra file system from a CIFS client Administer permissions on a CIFS share from Windows

References: Configuring CIFS on Celerra P/N 300-002-678 Rev A01 Version 5.5 March 2006 Configuring Virtual Data Movers for Celerra P/N 300-002-726 Rev A01 Version 5.5 March 2006



Lab 3: Exercise 1: Configuring Data Mover for CIFS Step Action

Preparation: Consult your IP Appendix to confirm 2 valid IP addresses that you can use to configure two interfaces Verify\Create interfaces on the proper devices:

cge0-1 on your Data Mover 2 o This should be already configured

cge0-2 on your Data Mover 2 (ask your instructor for an IP address)

o This should require your configuration

cge0-2 on your Data Mover 3 o This should require your configuration

Note: It is important that the new interfaces have the same name on both Data Mover 2 and Data Mover 3.

1 Before you begin, you will want to note or record the following key information: The IP address of the customers DNS server: 10.127. ____. 161 The Fully Qualified Domain Name (FQDN) of the Windows 2000 domain that will hold the Data Movers computer account. corp.hmarine.com The computer name and IP Address for your Data Mover. (See Appendix E, Hurricane Marine, IP Addresses and Schema).

2 You will require two production Data Movers in this lab with their own network interfaces. Log onto your Celerra Control Station as nasadmin and verify that server_2 and server_3 are type 1 servers (i.e. not standby Data Movers). $ nas_server list Earlier, you assigned one Data Mover a primary role, and the other Data Mover a role as secondary. This lab requires two active Data Movers. To delete the relationship between the primary and standby: $ server_standby server_2 d mover To convert server_3 to primary: $ server_setup server_3 type nas Verify the status of internal Usermapper. Ensure that it is enabled on server_2. $ server_usermapper server_2 If it is not: $ server_usermapper server_2 enable



Step Action

3 Create network interfaces on the device cge0 of server_2 and server_3. Use the IP addresses and names that you noted above. $ server_ifconfig server_2 c D cge0 n cge0-2 p IP $ server_ifconfig server_3 c D cge0 n cge0-2 p IP Verify that your routes are configured on BOTH Data Movers. (server_route)

4 Set the time and date of your Data Movers to agree with that of the KDC (Key Distribution Center).You will need to work with the instructor to get the correct time from the Windows 2000 server. $ server_date server_x YYMMDDHHMM Where: x is the number of your Data Mover YY is the current year MM is the current month DD is the current date HH is the current hour is 24-hour format MM is the current minute Example: To set the date and time to Oct. 1, 2006 at 2:05 PM, type: $ server_date server_2 0610011405

5 Set your Data Movers to synchronize with the KDC as a time server. $ server_date server_2 timesvc start ntp 10.127.*.162 $ server_date server_3 timesvc start ntp 10.127.*.162

6 Remove the previous DNS configuration for your Data Mover. $ server_dns server_x delete hmarine.com (Where x is the number of your Data Mover.)

7 Confirm with the DNS administrator (your instructor) that the forward (corp.hmarine.com) zone has Allow dynamic updates set to yes.



Step Action The following will be demonstrated to you by your instructor

8 INSTRUCTOR: To verify that Allow dynamic updates is set to yes perform the following while logged on to the DC for hmarine.com.

Click on Start > Run Type dnsmgmt.msc This should open the Windows 2000 DNS Management Console.

Click the + sign to the left of the DNS server under the tree to expand the domain. You should see the forward lookup zone.

Click the + sign to the left of Forward Lookup Zones display should look similar to the following:

To verify that Allow dynamic updates is set to yes: You will need to confirm the following zones: hmarine.com Forward Lookup Zone Click on a zone (for example 10.127.50.x Subnet) to highlight it.

Right-click on the same zone to select Properties.

You should see the following window. The Allow dynamic updates option is in the center of the window. It should be set to Yes.



Step Action The following is to be performed by the students.

9 Configure both Data Movers for DNS using the corp.hmarine.com domain. Then stop and start DNS. $ server_dns server_x corp.hmarine.com 10.127.*.161 $ server_dns server_x o stop $ server_dns server_x o start (Where x is the number of your Data Mover.)

10 Ask the instructor to reset the Administrators password for corp.hmarine.com.

11 Start the CIFS service on both Data Movers. $ server_setup server_x P cifs o start (Where x is the number of your Data Mover.)

12 Create a CIFS server on Data Mover 2 for use in the Windows 2000 domain corp.hmarine.com. $ server_cifs server_x a compname=celydm2,domain=corp.hmarine.com,interface=cge0-1 (Where y is the number of your Celerra.)

13 Configure the CIFS server to join the Windows 2000 domain. $ server_cifs server_x J compname=celydm2,domain=corp.hmarine.com,admin=administrator password: (Ask instructor about the correct password) (Where y is the number of your Celerra.)




14 Create a Virtual Data Mover on server_2 and name it vdm1. $ nas_server -name vdm1 type vdm -create server_2

15 Examine the output from the previous command. What is the name of the VDMs root file system? ___________________ What is the status of the VDM? ___________________

16 List the mounted file systems for server_2. $ server_mount server_2 Confirm that the root file system of the new VDM is mounted to server_2.

17 Create a CIFS server on vdm1 for use in the Windows 2000 domain corp.hmarine.com. $ server_cifs vdm1 a compname=vdmcifsy,domain=corp.hmarine.com,interface=cge0-2 (Where y is the number of your Celerra.)

18 Configure the CIFS server to join the Windows 2000 domain. $ server_cifs vdm1 J compname=vdmcifsy,domain=corp.hmarine.com,admin=administrator password: (Where y is the number of your Celerra.)

19 Ask your instructor to show the following results to you: The containers that were created EMC Celerra & Computers The computer accounts in that container The DNS entries in the forward lookup zone

20 Create a file system named fs3 using Automatic Volume Manager. Make the file system at least 5 GB in size. $ nas_fs n fs3 c size=5G pool=clar_r5_performance (or symm_std) This command may take a few minutes to complete. Note: If your class is using Symmetrix storage, the pool will be symm_std. If your class is using Clariion storage, the pool will be clar_r5_perfomance. If you are unsure which pool to use, ask your instructor. Run the command nas_fs size fs3 to discover the actual size of the file system that was made. The actual size of the file system is dependent upon what type of storage pool was used to create the file system and the options associated. Note: When creating a file system using the symm_std or symm_std_rdf_src storage pools, the default is not to slice the volumes. The result is a file system that uses the sum total space derived from the striping of several disk volumes together and may be larger than the requested file system size. This setting may be overridden with the o slice=y option. When the clar_r1, clar_r5_performance, clar_r5_economy, clarata_r3, and clarata_archive pools are specified, the default is to slice the volumes. This option will result in a file system which is the size that was requested. This setting may be overridden with the o slice=n option.




21 Mount the file system to a mountpoint on your Virtual Data Mover; name the mountpoint /win2k. $ server_mount vdm1 fs3 /win2k

22 Export /win2k for CIFS using the share name w2kdata. $ server_export vdm1 P cifs n w2kdata /win2k

23 Logon to your Windows 2000 workstation as administrator of corp.hmarine.com. Connect to one of your CIFS servers using the UNC (Universal Naming Convention) path Start > Run > Type \\celydm2 (Where y is the number of your Celerra.) You should be able to connect using this method, but will be unable to see your exported file system. This is because it was mounted to and exported by the VDM you created. Connect to your other CIFS server using the UNC path Start > Run > Type \\vdmcifsy (Where y is the number of your Celerra.) You should be able to connect using this method, and should be looking at the share of your exported file system. What contents are displayed in the w2kdata share? _________________________ _________________________ You should see the lost&found and .etc directories. What could you have done differently in order to hide these two directories from the CIFS share? __________________________________________________________ ____________________________________________________________ NOTE: The Data Movers CIFS servers do not display in Network Neighborhood because there are no Microsoft Windows computers in that network segment. This is expected behavior. If it is desired that the CIFS servers appear in the browse list, then at least one Microsoft Windows computer must reside in the same network segment. For more information on Network Neighborhood and the browse list see the Microsoft Knowledge Base at http://support.microsoft.com. (See articles Q117633, Q120151, etc.)

24 NOTE: What follows is an example. The creation of the CIFS Full and CIFS Read-only Local Groups and managing their associated permissions are simply to illustrate basic User/Group/Permissions management concepts. In production settings, you can create groups that suit your own needs or simply use the built-in, default groups. Using the Windows 2000 Computer Management console, create a Local Group on the Data Mover. Start > Run > type compmgmt.msc and click OK.

25 Verify that Computer Management (Local) at the top of the Tree window pane is highlighted. From the menu choose Action > Connect to another computer In the Select Computer dialog box, select the computer name of your VDMs CIFS server and click



OK. Result: The Computer Management console should now say Computer Management (VDMCIFSy.CORP.HMARINE.COM) at the top of the Tree window pane. (Where y is the number of your Celerra.)




26 In the Tree window pane: a) Expand System Tools b) Expand Local Users and Groups c) Click on the Groups

27 Create a local group for full access on the Data Mover. Add the Domain Admins, Managers and the

two engineering Global Groups from Hurricane Marines CORP domain to this local group.

a. With the Groups folder highlighted choose Action from the main menu and choose New Group

b. In the New Group dialog box enter the Group name CIFS_Full and a description of Permissions Test.

c. Click on the Add button. In the Select Users or Groups dialog box, choose corp.hmarine.com from the Look in: drop-down menu. Double-click on the following groups to add them to the group then click OK to return to the New Group dialog box. Domain Admins Propulsion Engineering Structural Engineering Managers

d. In the New Group dialog box you should now see these four groups in the list. Click the

Create button to complete creation of this Local Group on the Data Mover.

The New Group dialog box will remain open for creation of additional groups.

28 Repeat the previous step (omitting part a) to create a Local Group named CIFS Read Only and add the East Sales and West Sales groups (from the CORP domain) to the CIFS Read Only group. After clicking the Create button in part d, click the Close button to close the New Group dialog box. You should now see the two groups that you created in the right window pane of the Computer Management console.

29 With the Computer Management console still connected to your CIFS server, expand the Shared Folders object in the Tree window pane. Click on the Shares folder to open the list of shares on the CIFS server.

30 Right-click on your w2kdata share and choose Properties.

31 In the data Properties dialog box choose the Share Permissions tab.

32 Click on the Add button to add users and/or groups to the permissions list.

33 In the Select Users, Computers or Groups dialog box, choose VDMCIFSy.CORP.HMARINE.COM from the Look in: drop-down menu.

34 In the Select Users or Groups dialog box, double-click on the CIFS_Full and CIFS Read Only groups to add them to the list. Then click OK to return to the Share Permissions tab.




35 In the Share Permissions tab, select each of the groups, one at a time, and assign the following permissions. CIFS_FULL: Full: Selected (checked) Change: Selected (checked) Read: Selected (checked) CIFS Read Only: Full: Not selected (unchecked) Change: Not selected (unchecked) Read: Selected (checked)

36 Select the Everyone group and click on the Remove button to remove this group from the list.

37 Click on the OK button to close the Properties dialog box. You have now completed setting permissions on your CIFS servers share. NOTE: There are many methods to manage permissions. The method you have just performed is only an example and is not better or worse than other methods. Log off of the Windows 2000 workstation as Domain Administrator.

38 Log back on to the Windows 2000 workstation as Liza Minacci (username lminacci) of the Managers group. (See Windows 2000 Users and Group Memberships in the appendix for a list of usernames.)

39 Connect to your CIFS server using the UNC path. Start > Run > \\vdmcifsy (Where y is the number of your Celerra.) A window should open displaying your w2kdata share, shown as a folder icon.

40 Open the w2kdata folder and try to create a new text document named manager1.txt. Were you able to create the file? ______ Since Liza is in the Managers group, she should be able to create the file.

41 Repeat the 3 preceding steps logging on as Eddie Pope (username: epope) of the Propulsion Engineering group, and create a file named propulsion.txt. Were you able to create the file? ______ Eddie should also be able to create a file.



Lab 3 Exercise 2: Move a VDM to a Different Data Mover Step Action

1 On your Control Station, examine the information on your VDMs root file system. $ /nas/sbin/rootnas_fs info root_fs_vdm_vdm1 What is the state for the r/w server? _______________________

2 Prior to moving your VDM, the destination Data Mover (server_3) must have a network interface, a default gateway, DNS configured, and the CIFS service started. Refer to Lab 3, Exercise 1 for assistance.

3 Move vdm1 to server_3 $ nas_server v vdm1 move server_3 Validate that the appropriate records were created in DNS.

4 Again, examine the information on your VDMs root file system. $ /nas/sbin/rootnas_fs info root_fs_vdm_vdm1 What is the value for the r/w server? _______________________ You should see the r/w server changed from server_2 to server_3.

5 Verify that the CIFS service is started on server_3. To start $ server_setup server_3 P cifs o start If you get an error Failed to complete command, check the server_log. Chances are the service is already running, so getting an error when you try to turn on a service that is already running should be expected.

6 Log on to your Windows workstation as Sage Early (username searly) of the East Sales group and verify that you can access your CIFS server on your VDM now that it has been moved. Start > Run > \\vdmcifsy\w2kdata

You may have to flush the workstation DNS cache. This can be done via cmd prompt on Windows client workstation.

At the cmd prompt: type: ipconfig /flushdns In addition to reload remote cache name table; type: nbtstat -R

In addition, you may have to resolve the hostname to IP; type: ping a When the folder opens, create a file in the w2kdata share, using a file name of sales.txt. Were you able to create the file? ______ Can you read any existing files? ______ Sage should not be able to create a file, but he should be able to read the existing files.



Lab 3: Exercise 3: Removing CIFS Step Action 1 Using the Windows 2000 Computer Management console, delete the CIFS_full and CIFS Read only

on the Local Groups. Start > Run > type compmgmt.msc and click OK

From the menu choose Action > Connect to another computer In the Select Computer dialog box, select the computer name of your VDMs CIFS server and click OK In the Tree window pane:

Expand System Tools Expand Local Users and Groups Click on the Groups

Right-Click on CIFS_FULL and click on Delete Right-Click on CIFS Read Only and click on Delete

2 Logon to the Control Station as nasadmin. Unjoin both CIFS servers from the Windows domain. $ server_cifs server_x U compname=celydm2,domain=corp.hmarine.com,admin=administrator password: $ server_cifs vdm1 U compname=vdmcifsy,domain=corp.hmarine.com,admin=administrator password: (Where y is the number of your Celerra.)

3 Stop and delete the CIFS server from the Data Movers configuration. $ server_setup server_x P cifs o stop $ server_cifs server_x d compname=celydm2 $ server_cifs vdm1 d compname=vdmcifsy (Where y is the number of your Celerra.)

4 Remove all CIFS configurations from the Data Mover. $ server_setup server_x P cifs o delete (Where x is the number of your Data Mover.) Explanation of the above steps: In step 2, the Unjoin gracefully removes the CIFS servers computer accounts from Active Directory and from Dynamic DNS. The Data Mover, however still holds the specific configuration information for those particular CIFS servers (celydm2 and vdmcifsy). Step 3 removes the CIFS servers configuration information (for celydm2 and vdmcifsy), however global CIFS configurations remain. This is very useful if a Data Mover has multiple CIFS servers residing on it. Using delete you can remove one CIFS server while leaving the others intact. On the other hand, if you desire to remove all CIFS servers and configurations you could skip step 3 and go directly to step 4. In this step, all CIFS configurations on the Data Mover are removed at once.



Lab 3: Exercise 4: Configuration Cleanup

Step Action

1 Permanently unexport all file systems. $ server_export server_x u p -a $ server_export vdm1 u p n w2kdata

2 Permanently unmount all file systems. $ server_umount server_x p a $ server_umount vdm1 p /win2k

3 Remove the created mountpoint. $ server_mountpoint vdm1 d /win2k

4 Delete file systems $ nas_fs d fs3

5 Stop the Internal Usermapper services. $ server_usermapper server_2 disable

Lab 3 Exercise 5: Remove a VDM

Step Action

1 Delete the Virtual Data Mover. $ nas_server d vdm1

2 Configure server_3 back to a standby role. $ server_ifconfig server_3 d cge0-2 $ server_standby server_2 c mover=server_3 policy auto To verify: $ nas_server l

Follow up question: What would you have to do to gain access to the file system share via the CIFS server you created on the physical Data Mover? ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________



Lab 4: CIFS with NFS

Scenario: Ira Techi, the head of the IS department of Hurricane Marine, has requested that all of Hurricane Marines Microsoft clients be able to store their data on the Celerra. Ultimately, he would like having all users in the enterprise (both UNIX and Microsoft clients) store their data in one location and access that data through a single product. In the preceding lab, you configured the Celerra to support Hurricane Marines Microsoft clients only and employed Usermapper to map the CIFS user/group accounts to UNIX IDs. Now you will configure a single Celerra file system that can be used to support both his NFS and CIFS clients. This will call for using NTMigrate for mapping IDs. Mr. Techi has requested that you configure Celerra to support the following:

1. Migration and merger of Microsoft and NIS users to local passwd and group files on the Data Mover.

2. Mr. Techi would like his UNIX administrator to be the central point of administration. In other words, all access (both CIFS and NFS) to the file system will be controlled via the NFS/UNIX permissions.

3. Create a file system that is exported to both NFS and CIFS clients. 4. Hide the lost&found and /.etc directories that are at the root of the Celerra file

system. 5. The initial permissions should be such that any user has full control over the

objects he/she creates, and read only access to objects created by other users. Mr. Techi would like to be able to audit attempted failed access to the Celerra file system.

Purpose:

In this lab you will configure a directory in a file system on Celerra such that users will be able to access the file system from both UNIX and Microsoft clients. You will configure the Data Movers with passwd and group files generated using NTMigrate. All permissions will be administered from a single UNIX workstation. Details of your CIFS configuration are as follows: User validation: Passwd and group files on Data Movers Security mode: NT (default) Dialect: NT1 (default) Access Checking Policy: UNIX File Locking: No lock / Opportunistic locks, on (default)

Objectives: Migrate all Microsoft and NIS users into passwd and group files using NTMigrate.

Configure the Data Mover for CIFS Configure a file system for NFS export, to be administered by the UNIX

admin Removing CIFS

References: Managing Celerra for a Multiprotocol Environment P/N 300-002-676 Rev A01 Version 5.5 March 2006



Lab 4 Exercise 1: Migrate all Microsoft Users and Groups for use in passwd and group Files using NTMigrate Mr. Techi wants to configure file systems for concurrent access by NFS and CIFS users. Combine

the migrated Microsoft users with the list of users and groups from the NIS server. Place the combined information on the Data Mover. If you are working with a lab partner, one person will be setting up the configuration while the other observes. You should alternate roles from time to time.

Lab 4 Exercise 1: Migrate all Microsoft Users and Groups for use in passwd and group Files using NTMigrate

Mr. Techi wants to configure file systems for concurrent access by NFS and CIFS users. Combine

the migrated Microsoft users with the list of users and groups from the NIS server. Place the combined information on the Data Mover. If you are working with a lab partner, one person will be setting up the configuration while the other observes. You should alternate roles from time to time.

Note to students: The NTMigrate process can be lengthy if you are unfamiliar with your network surroundings. For the purposes of this lab, the files produced via the NTMigrate process have been created for you.



Step Action

1 Copy the necessary files to your Control Station: Logon to Celerra Manager as nasadmin. Select Tools > SSH Shell and login as nasadmin. Then su to root and change to the /home/nasadmin directory

2 Create a working directory named work, and change to that directory. # mkdir work # cd work

3 FTP to the instructors FTP server and get the following files: - pass.2 - group.2 # ftp 10.127.50.1 Name : nasadmin Password: (ask instructor for password) ftp> cd /ntmigfiles/ ftp> mget *.2 (Type y each time when prompted to confirm.) ftp> bye

4 Verify user IDs: Examine /home/nasadmin/work/pass.2 to verify that, although each user has two accounts (Windows and UNIX), they have the same UID for both accounts. # cat pass.2 |grep eplace Etta Place should have two account entries: - eplace - eplace.corp What is the UID for eplace? _________ What is the UID for eplace. corp? _________

5 Place the passwd and group files in the ./etc directory of the Data Mover: Using the server_file command, FTP pass.2 and group.2 to the Data Mover as passwd and group. $ pwd You should see /home/nasadmin/work $ server_file server_x p pass.2 passwd $ server_file server_x p group.2 group (Where x is the number of your Data Mover.) The user and group information is now in the /.etc directory of your Data Mover. If you would like to confirm this you can type the following command to list the Data Movers list of user accounts. # /nas/sbin/server_user server_x list



Lab 4 Exercise 2: Configure a CIFS Server on Celerra Data Mover to be a member of corp.hmarine.com domain If you are working with a lab partner, one person will be setting up the configuration while the other

observes. You should alternate roles from time to time. Step Action

1 Preparation: Before you begin, you will want to note or record the following key information: The IP address of the customers DNS server: 10.127. ______ . 161 The Fully Qualified Domain Name (FQDN) of the Windows 2000 domain that will hold the Data Movers computer account. corp.hmarine.com The computer name (compname) for your Data Mover. (See Appendix 5, Hurricane Marine, IP Addresses and Schema)_____________________________

2 Configure CIFS: Log on to the Control Station as nasadmin.

3 Confirm that your Data Movers DNS configuration is still present. $ server_dns server_ x You should see corp.hmarine.com and 10.127.*.161 in the output.

4 Start the CIFS service on your Data Mover. $ server_setup server_ x P cifs o start

5 Add the compname to your Data Movers CIFS configuration using the information from step 1. $ server_cifs server_2 a compname=celydm2,domain=corp.hmarine.com,interface=cge0-1 (Where y is the number of your Celerra.)

6 Join the Windows 2000 domain. $ server_cifs server_x J compname=celydm2,domain=corp.hmarine.com,admin=administrator (Where y is the number of your Celerra.) password: (ask instructor for password)



Lab 4 Exercise 3: Configure a Celerra File System for your Data Mover Assure that the access checking policy is set so that both CIFS and NFS client must satisfy UNIX

permissions. Mr. Techi requires that permissions that he sets from UNIX have effect on both NFS and CIFS users. Each user must have full control over his or her own data, yet have read-only access to other users data by default. Additionally, Ira does not want NFS or CIFS users to have access to the lost&found nor the /.etc directories that are at the root of the Celerra file system. If you are working with a lab partner, one person will be setting up the configuration while the other observes. You should alternate roles from time to time.

Step Action

1 Export a new file system with the proper access checking policy: Log on to the Celerra Control Station as nasadmin.

2 Verify that there are no file systems on any Celerra disks. $ nas_disk l

3 Create a file system named fs5 using Automatic Volume Manager. Make the file system at least 7 GB in size. $ nas_pool -l $ nas_fs n fs5 c size=7G pool=symm_std o slice=y (if using Symmetrix) $ nas_fs n fs5 c size=7G pool=clar_r5_performance (if using CLARiiON) Note: If you are unsure, ask the instructor what backend to use. Can you recall how to check the size of the file system that was created?

4 Create a mountpoint on your Data Mover. Name the mountpoint /mp5 $ server_mountpoint server_x c /mp5 (Where x is the number of your Data Mover.)

5 Mount the file system fs5 to /mp5 so that both NFS and CIFS clients must satisfy UNIX security. $ server_mount server_x o accesspolicy=UNIX fs5 /mp5 (Where x is the number of your Data Mover.)

6 Export fs5 so that root privilege is assigned to a single UNIX admin workstation. (For now, use the IP address of your UNIX workstation.) $ server_export server_ x o root=IP_Address /mp5 (Where x is the number of your Data Mover.)

7 Create a directory on the file system for export with CIFS: Log on to your UNIX workstation as root.

8 Verify that the /studentx directory is not mounted to anything. # mount If it is still mounted, unmount it. # umount /studentx



Step Action

9 Mount /studentx via NFS to the file system that you exported from the Data Mover in Exercise 1 step 6. # mount z:/mp5 /studentx (Where x is the number of your Celerra, and z is the IP address of your Data Mover.)

10 Create a directory inside /studentx for export to all users. Name the directory data. Give all users full access to this directory. Then unmount /studentx. # cd /studentx # mkdir data # chmod 777 data # cd / # umount /studentx (Where x is your student number.) What will be the effective permissions for each user inside the data directory? _______________________________________________ In the data directory, each user will have permission to create their own objects and have full access to what they create. However, they will only have read access to objects created by other users.

11 Export the data directory for NFS and CIFS: Log on to the Celerra Control Station as nasadmin.

12 Unexport /mp5, then export the /mp5/data directory for NFS and CIFS. For NFS, export access to your UNIX subnet. For CIFS, use the share name celdata $ server_export server_x u p /mp5 $ server_export server_x o access=10.127.*.0/255.255.255.224 /mp5/data $ server_export server_x P cifs n celdata /mp5/data (Where x is the number of your Data Mover.) (Where * = your subnet)

13 Verification: Log on to you UNIX workstation as root and mount /studentx to /mp5/data. # mount Data_Mover_IP:/mp5/data /studentx

14 Switch user to Etta Place and change to the /studentx/data directory and try to create a directory named eplace. # su eplace sunz% cd /studentx sunz% mkdir eplace (Where x is the number of your Celerra.) Was Etta able to create the directory? _________

15 Create a file named etta.txt inside the eplace directory. Then exit from user eplace. sunz% cd eplace sunz% echo GO TEST >etta.txt sunz% cd / sunz% exit #



Step Action

16 Change user to Seve Wassi (user:swassi, password: swassi), and try to read etta.txt. # su swassi sunz% cd /studentx/eplace sunz% cat etta.txt Can Seve read the file? __________

17 Enter the following command to try to create a file. sunz% echo TEST FILE >seve.txt Can Seve write inside Ettas directory? _______

18 Create a directory in /studentx named swassi, and create the file there. Then exit from user swassi.sunz% cd .. sunz% pwd /studentx sunz% mkdir swassi sunz% cd swassi sunz% echo TEST FILE >seve.txt sunz% cd / sunz% exit # Seve Wassi should be able to write in his own directory.

19 Logon to your Windows workstation as Seve Wassi from the CORP domain. (username:swassi, no password)

20 Using the UNC path, connect to your Data Mover. (Start > Run > \\celydm2) Open the celdata share. You should see the directories that you created from the UNIX workstation.

21 Open seve.txt inside the swassi directory. Try to modify the file and save the changes. Where you able to modify the file? _________ Seve should be able to modify his own file.

22 Now try to open, modify, and save changes to etta.txt inside the eplace directory. What happened? _______________________________________ Seve should have read-only access to Ettas file.

23 Logoff of Windows, and logon as Eva Song (username: esong, no password

24 Click on Start > Run > \\celydm2\celdata\ (Where y is the number of your Celerra.)

25 Create a new folder in the data share. Name the folder esong.

26 Log on to your UNIX workstation as root and su to Eva Song (esong).



Step Action

27 Can Eva work in her directory that she created from Windows while she is logged on to UNIX? sunz% cd /studentx/esong sunz% touch eva.txt sunz% cd / sunz% exit # (Where x is your student number) Eva should be able to create this file in her directory. Was she successful? _____________________________________

28 Log off of UNIX and log off of your Windows workstation as esong.

29 As root, unmount /studentx. # umount /studentx

This exercise has established the following objectives: Permission set from UNIX is effective on both NFS and CIFS users. Users cannot see the lost&found or the /.etc directories on the Celerra file system Each user should have full ownership of their own objects regardless of which system

through which they login. By default, users have read-only access to other users data.



Lab 4 Exercise 4: Cleanup CLI Step Action

1 Unmount the NFS mountpoint on the UNIX workstation: Log on to the UNIX workstation as root.

2 Unmount the NFS mountpoint # cd / # umount /studentx (Where x is your Celerra number.)

3 Unjoin domain, stop CIFS , and delete computer account (See Lab 3 for specifics, if necessary)

4 Removing exports, mounts, mountpoints, file systems, and volumes: Log onto the Celerra Control Station as nasadmin.

5 Using the server_file command, remove the passwd and group files from your Data Mover by placing blank files. $ cd \home\nasadmin $ touch passblank $ touch groupblank $ server_file server_x p passblank passwd $ server_file server_x p groupblank group (Where x is the number of your Data Mover.)



8 Using the Celerra man pages if needed, delete all of the following: - file systems - meta volumes - mountpoints on Data Movers

9 Restart the primary usermapper service on server_2. $ server_usermapper server_2 enable



Lab 5: Implementing Quotas

Scenario:

Mr. Techi would like to be able to impose quotas on the file system at the user level and directory level. The Hurricane Marine workstations are running Windows and Unix Operating Systems. He has requested that you perform the configuration on both of them, and that you confirm the functionality of the quotas.

Objectives: Configure hard and soft quotas using the Windows 2000 GUI Configuring Unix file system quotas on Celerra Configuring file system Tree Quotas on Celerra Prepare for upcoming labs remove all CIFS configurations

References: Using Quotas on Celerra P/N 300-002-686 Rev A01 v5.5 March 2006



Lab 5 Exercise 1: Configure Hard and Soft Quotas Using Windows 2000 GUI - CLI

Step Action

1 Preparation: If it is desired for a message to be received by the end user when soft quotas are exceeded, then a param entry must be set and the clients messenger service must be enabled. Use vi to add the following lines to the /nas/server/slot_x/param file of your Data Mover to support soft quota messages. (Where x is the number of your Data Mover.) param quota policy=filesize param cifs sendMessage=3

2 If the CIFS service has NOT been started in a previous lab, then start CIFS and setup your Data Mover for CIFS in the Windows 2000 domain corp.hmarine.com. Verify usermapper is enabled (not initialized). If it is not please consult earlier labs for instructions. # server_setup server_x -P cifs -o start # server_cifs server_x a compname=celydm2,domain=corp.hmarine.com,interface=ana0-1(or cge0-1) (Where y is the number of your Celerra.)

3 Configure the Data Mover to join the Windows 2000 domain (If it has not been done in a previous lab). # server_cifs server_x J compname=celydm2,domain=corp.hmarine.com,admin=administrator password:

4 Reboot your Data Mover $ server_cpu server_x r now (Where x is the number of your Data Mover.)

5 Create a 2 Gigabyte File System (fs6), mount it with a mountpoint of /win2k, and export it with a share name of w2kdata. $ nas_pool list (Get the AVM storage pool) $ nas_fs n fs6 c size=2G pool=My_AVM_pool o slice=y $ server_mount server_x fs6 /win2k $ server_export server_x P cifs n w2kdata /win2k (Where x is the number of your Data Mover)

6 Set default user quotas on your CIFS exported file system using the Windows 2000 GUI: Log on to your Windows 2000 workstation as the Administrator of corp.hmarine.com.



Step Action

7 Map a network drive to your w2kdata share Open a DOS prompt on your Win2K system and type the following command: net use z: \\celydm2\w2kdata (Where y is the number of your Celerra.)

8 Open the Properties of the Z: drive Open My Computer > Right-click w2kdata on celydm2 > Choose Properties > Select the Quotas tab.

9 Enable quotas by clicking on Enable quota management.

10 Click on Deny disk space to users exceeding quota limit

11 Below the caption Select the default quota limit for new users on this volume: verify that Limit disk space to is selected and set it limit to 10MB, this is the hard quota. Set the soft quota to 5MB in the window labeled Set warning level to.

12 Choose to log both event choices.

13 Test the soft and hard quota limits: Log off of your Windows 2000 workstation and log back in as eping. On the desktop area of eping you should see the file 4MB-file.

14 Right-click on 4MB-file and choose Copy

15 Open a window for your Data Movers w2kdata share. Click on Start > Run Type \\celydm2\w2kdata (Where y is the number of your Celerra.)

16 Create a folder named eping. Click on File > New > Folder and enter the name for the folder.

17 Open the eping folder and, from the menu choose Edit > Paste. 4MB-file should now be copied into the eping folder.

18 Rename the 4MB copy of the file From the menu choose Edit > Copy > Edit > Paste The file Copy of 4MB-file should appear.

19 Log off of your Windows 2000 workstation and log back on as Administrator of CORP.

20 Verify that Z: is still mapped to your w2kdata share. Click on Start > Run and Type net use z: If it is not mapped, map a network drive to your win2k share Click on Start > Run > \\celydm2\w2kdata (Where y is the number of your Celerra.)



Step Action

21 Open the Properties of the Z: drive Open My Compute

63312776 Celerra CLI Lab Guide (1)

Documents

Transcript of 63312776 Celerra CLI Lab Guide (1)