Guardian Administrator Guide

Guardian™

Administrator Guide

Quantum Corporation2001 Logic DriveSan Jose, CA 95124

www.quantum.com

ii • Guardian Administrator Guide

Copyright © 2002, Quantum Corporation. All rights reserved.Information in this document is subject to change without notice and does not represent a commitment on the part of Quantum Corporation or any of its subsidiaries. The software described in this document is furnished under a license agreement. The software may be used only in accordance with the terms of the license agreement. It is against the law to copy the software on any medium. No part of this manual may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording, for any purpose without the express written permission of Quantum Corporation. You may however make one print copy for your personal use.

Quantum and its subsidiaries reserve the right to revise this publication and to make changes in the content hereof without the obligation of Quantum Corporation to notify any person of such revision or changes.

TrademarksQuantum, the Quantum logo, and Guardian are trademarks of Quantum Corporation registered in the U.S.A. and other countries. Products mentioned herein are for identification purposes only and may be registered trademarks or trademarks of their respective companies. Guardian is a trademark of Quantum Corporation. DataKeeper is a trademark of PowerQuest Corporation. Backup Express is a trademark of Syncsort Incorporated. Windows, Windows NT, and Active Directory are registered trademarks of Microsoft Corporation. Java and Solaris are registered trademarks of Sun Microsystems, Inc. AppleShare, AppleTalk, and Macintosh are registered trademarks of Apple Computer, and AIX are registered trademarks of IBM Corporation. OpenView and HP-UX are trademarks or registered trademarks of Hewlett-Packard Company. BrightStor, Unicenter TNG, and Unicenter are trademarks or registered trademarks of Computer Associates, Inc. Smart UPS and APC are registered trademarks of American Power Conversion Corporation. UNIX is a registered trademark of The Open Group. XFS is a trademark of Silicon Graphics, Inc. Backup Exec, VERITAS NetBackup BusinessServer, and VERITAS NetBackup Datacenter are trademarks or registered trademarks of VERITAS Software Corporation. Legato NetWorker is a trademark of Legato Systems, Inc. Linux is a registered trademark of Linus Torvalds. All other brand names or trademarks are the property of their respective owners. Quantum specifications are subject to change.

PART NUMBER: 70980695-002

• iii

END USER LICENSE AGREEMENT (EULA)

FOR USE OF QUANTUM NETWORK ATTACHED STORAGE SOLUTIONS AND RELATED INSTALLATION UTILITIESSNAP IP, ASSIST AND NASMANAGER (“INSTALLATION UTILITIES”); THE SYSTEM SOFTWARE EMBEDDED IN THE QUANTUM NETWORK ATTACHED STORAGE SOLUTIONS (“EMBEDDED SOFTWARE”); SOFTWARE MARKETED BY QUANTUM OR THAT IS EMBEDDED IN OR OTHERWISE CONSTITUTES A PART OF QUANTUM COMPUTER HARDWARE PRODUCT(S) (SOMETIMES REFERRED TO COLLECTIVELY HEREIN, TOGETHER WITH THE INSTALLATION UTILITIES AND THE EMBEDDED SOFTWARE, AS THE “LICENSED SOFTWARE”), EXCEPT WHERE EXPRESSLY PROVIDED OTHERWISE, ARE PROPRIETARY COMPUTER SOFTWARE BELONGING TO QUANTUM CORPORATION OR ITS LICENSORS. UNITED STATES COPYRIGHT AND OTHER FEDERAL AND STATE LAWS AND INTERNATIONAL LAWS AND TREATIES PROTECT THE INSTALLATION UTILITIES AND EMBEDDED SOFTWARE.

USE OF THE QUANTUM NETWORK ATTACHED STORAGE SOLUTIONS (“SERVER”) OR THE INSTALLATION UTILITIES IMPLIES YOUR AGREEMENT TO THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT. BY USING THE INSTALLATION UTILITIES OR THE SERVER, YOU ARE ENTERING INTO A BINDING CONTRACT WITH QUANTUM CORPORATION. IF YOU DO NOT AGREE TO BE BOUND BY THESE TERMS AND CONDITIONS, YOU MAY NOT USE THE INSTALLATION UTILITIES, THE EMBEDDED SOFTWARE, OR THE SERVER AND SHOULD PROMPTLY RETURN THIS ENTIRE PACKAGE, INCLUDING THE INSTALLATION UTILITIES AND SERVER, TO THE PLACE WHERE YOU PURCHASED IT FOR A FULL REFUND.

1. Ownership and Copyright. The Installation Utilities and Embedded Software are licensed, not sold to you, for use only as permitted by the terms and conditions of this Agreement. Quantum reserves any rights not expressly granted to you. The Licensed Software is composed of multiple separately written and copyrighted modular software programs. Various Licensed Software programs (the “Public Software”) are copyrighted and made available under the GNU General Public License or other licenses that permit copying, modification and redistribution of source code (which licenses are referred to as “Public Licenses”).The Public Software is licensed pursuant to (i) the terms of the applicable Public License located in the related software source code file(s), and/or in its online documentation; and (ii) to the extent allowable under the applicable Public License. The source code is available at oss.quantum.com. To receive a copy of the GNU General Public License, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.All other Licensed Software programs (the “Restricted Software”) are copyrighted by Quantum or its licensors and are licensed pursuant to all of the terms of this Agreement. Copying of the Licensed Software, unless specifically authorized in writing by Quantum, is prohibited by law. You may not use, copy, modify, sell, lease, sublease, or otherwise transfer the Installation Utilities or Embedded Software, or any copy or modification, in whole or in part, except as expressly provided in this Agreement.

PROVISIONS APPLICABLE TO RESTRICTED SOFTWARE ONLY (Articles 2 - 7):

2. License. In consideration of the premises of this License Agreement, your payment of any applicable license fee for Restricted Software, and/or your purchase of a Quantum Server that the Licensed Software accompanies, for the term of intellectual property protection inhering in the Licensed Software, Quantum hereby grants to you a limited, personal, and non-exclusive license to install and execute (“Use”) the Restricted Software solely under the terms and conditions of this Agreement and only on the Server in connection with which Quantum originally provided such Restricted Software. You are given a non-exclusive license to use the Installation Utilities and Embedded Software in conjunction with a Server, make one copy of the Installation Utilities for archival and backup purposes only, and/or transfer your Server and copies of the Installation Utilities and the accompanying documentation to a third party provided that you provide Quantum written notice of the transfer within 30 days after the transfer date and you do not retain any copy of the transferred software. Any such transferee’s rights and obligations with respect to the transferred software and documentation are as set forth in this Agreement.

3. Reproduction of Proprietary Notices. You may not sublicense, distribute, rent, lease, lend or otherwise convey the Restricted Software or any portion thereof to anyone, and under no circumstance may you use or allow the use of the Restricted Software in any manner other than as expressly set forth herein. Copies of the Installation Utilities must be labeled with the Quantum copyright notice and other proprietary legends found on the original media.

4. Protection of Trade Secrets. The Licensed Software contains trade secrets, and in order to protect them, you agree that you will not reverse assemble, decompile or disassemble or otherwise reverse engineer any portion of the Restricted Software, or permit others to do so, except as permitted by applicable law, but then only to the extent that Quantum (and/or its licensors) is not legally entitled to exclude or limit such rights by contract. Except with respect to online documentation copied for backup or archival purposes, you may not copy any documentation pertaining to the Licensed Software. You agree that your use and possession of the Licensed Software is permitted only in accordance with the terms and conditions of this Agreement.

iv • Guardian Administrator Guide

5. Ownership of Restricted Software. You agree and acknowledge that (i) Quantum transfers no ownership interest in the Restricted Software, in the intellectual property in any Restricted Software or in any Restricted Software copy, to you under this Agreement or otherwise, (ii) Quantum and its licensors reserve all rights not expressly granted to you hereunder, and (iii) the Restricted Software is protected by United States Copyright Law and international treaties relating to protection of copyright, and other intellectual property protection laws of the U.S. and other countries.

6. Termination. If you fail to fulfill any of your material obligations under this Agreement, Quantum and/or its licensors may pursue all available legal remedies to enforce this Agreement, and Quantum may, at any time after your default of this Agreement, terminate this Agreement and all licenses and rights granted to you hereunder. You agree that any Quantum suppliers referenced in the Restricted Software are third-party beneficiaries of this Agreement, and may enforce this Agreement as it relates to their intellectual property. You further agree that, if Quantum terminates this Agreement for your default, you will, within thirty (30) days after any such termination, deliver to Quantum or render unusable all Restricted Software originally provided to you hereunder and any copies thereof embodied in any medium.

7. Government End Users. The Installation Utilities, Embedded Software, and accompanying documentation are deemed to be “commercial computer software” and “commercial computer software documentation,” respectively, pursuant to DFAR Section 227.7202, Commercial Computer Software-Restricted Rights at 48 CFR 52.227-19, and FAR Section 12.212, and successor provisions thereof, as applicable. Any use modification, reproduction release, performance, display or disclosure of the Installation Utilities or Embedded Software and accompanying documentation by the U.S. Government shall be governed solely by the terms of this Agreement and shall be prohibited except as expressly permitted by the terms of this Agreement.

PROVISIONS APPLICABLE TO RESTRICTED SOFTWARE AND, SUBJECT TO SECTION 1, TO PUBLIC SOFTWARE (Articles 8 - 15):

8. Export Laws. Notwithstanding any provision of any Public License to the contrary, Quantum shall have no duty to deliver or otherwise furnish source code of any Public Software if it cannot establish to its reasonable satisfaction that such delivery or furnishing will not violate applicable US laws and regulations. You hereby assure that you will not export or re-export any Licensed Software except in full compliance with all applicable laws, regulations, executive orders and the like pertaining to export and/or re-export, including without limitation USA versions of the same. No Licensed Software may be exported or re-exported into (or to a national or resident of) any country to which the U.S. embargoes goods, or to anyone on the U.S. Treasury Department’s list of Specially Designated Nationals or the U.S. Commerce Department’s Table of Denial Orders. You agree to ascertain necessary licensing procedures and obtain required licenses before exporting or re-exporting either. You also agree to indemnify Quantum and assume all financial responsibility for any losses it may suffer if you do not comply with this paragraph.

9. Disclaimer of Warranties. THE INSTALLATION UTILITIES AND EMBEDDED SOFTWARE ARE LICENSED “AS IS” WITHOUT WARRANTY OF ANY KIND. QUANTUM HEREBY DISCLAIMS ALL WARRANTIES, EXPRESS AND IMPLIED, RELATING TO THE INSTALLATION UTILITIES AND THE EMBEDDED SOFTWARE INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT.

10. Limitation of Liability. IN NO EVENT WILL QUANTUM OR ITS LICENSORS LIABILITY UNDER THIS AGREEMENT EXCEED THE PRICE THAT YOU PAID FOR THE INSTALLATION UTILITIES AND EMBEDDED SOFTWARE. FURTHERMORE, IN NO EVENT WILL QUANTUM OR ITS LICENSORS BE LIABLE FOR ANY LOST PROFITS, LOST DATA, COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR ANY SPECIAL, CONSEQUENTIAL, INCIDENTAL, INDIRECT OR PUNITIVE DAMAGES ARISING OUT OF OR UNDER THIS AGREEMENT OR THE APPLICABLE PUBLIC LICENSE. The limitation of liability set forth in this paragraph will apply whether or not Quantum or its licensor was advised of the possibility of the loss, liability or damages and notwithstanding any failure of essential purpose of any limited remedy. Since some states do not allow exclusions or limitations of liability for consequential or incidental damages, this provision may not apply to you.

11. Waiver. No delay or failure of Quantum to exercise any right under this Agreement, nor any partial exercise thereof, shall be deemed to constitute a waiver of any rights granted hereunder or at law.

12. Unlawful Provision(s). If any provision of the Agreement is held to be unenforceable for any reason, all other provisions of this Agreement shall nevertheless be deemed valid and enforceable to the fullest extent possible.

13. Applicable Law. Except with respect to any Public Software program for which the applicable Public License contains provisions expressly stating the applicable governing law (with respect to which the law so specified shall govern all aspects of such agreement, including the provisions incorporated into such Public License hereunder), the terms of this Agreement (including, to the extent allowable under the Public License, all software governed by a Public License which does not specify a governing law) will be governed by the laws of the State of California, without reference to its choice of law rules, and the United States, including U.S. Copyright laws.

14. Entire Agreement. This Agreement and all applicable Public Licenses supersede all proposals, negotiations, conversations, discussions, all other agreements, oral or written, and all past course of dealing between you and Quantum relating to the Licensed Software or the terms of its license to you, and may only be modified by writing signed by you and Quantum.

15. Contractor/Manufacturer. Quantum Corporation, 2001 Logic Drive, San Jose, CA 95124, USA

• v

Obtaining Service for Your Server

To obtain service or technical support for your Quantum Networked Storage Product, please visit our Web site at www.quantum.com, or call 1.888.338.7627. For immediate response to a service inquiry, customers can submit a question to our Technical Support department using our Expert Knowledge Base System www.quantum.com/nas_support. Suggested answers to your question will then be pulled from our extensive Knowledge Base. However, if you still cannot find your answer, your question will be forwarded to our Technical Support department who will e-mail you with a response.

http://www.quantum.com

http://www.quantum.com/nas_support

vi • Guardian Administrator Guide

vii

Table of Contents

Chapter 1, Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

About This Guide - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1

How This Guide is Organized - - - - - - - - - - - - - - - - - - - - - - - 1

Typographic Conventions - - - - - - - - - - - - - - - - - - - - - - - - - 2

Guardian 4400 Features- - - - - - - - - - - - - - - - - - - - - - - - - - 3

Guardian 14000 Features - - - - - - - - - - - - - - - - - - - - - - - - - 3

NASManager - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 4

Administration Tool - - - - - - - - - - - - - - - - - - - - - - - - - - - - 5

Chapter 2, Setup and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Setting Up the Guardian 4400 - - - - - - - - - - - - - - - - - - - - - - - 8

Guardian 4400 Hardware Components - - - - - - - - - - - - - - - - - - - - - 8

Guardian 4400 Hardware Features - - - - - - - - - - - - - - - - - - - - - - - 9

Rack Installation for the Guardian 4400 - - - - - - - - - - - - - - - - - - - - 10

Understanding the Guardian 4400 Status and Disk Drive Lights - - - - - - - - - 10

Connecting to the Network - - - - - - - - - - - - - - - - - - - - - - - - - - 12

Connecting to the Power Supply - - - - - - - - - - - - - - - - - - - - - - - - 13

Initializing the Guardian 4400 - - - - - - - - - - - - - - - - - - - - - - - - 14

Setting Up the Guardian 14000 - - - - - - - - - - - - - - - - - - - - - - 15

Guardian 14000 Hardware Components - - - - - - - - - - - - - - - - - - - 15

Guardian 14000 Hardware Features - - - - - - - - - - - - - - - - - - - - - 16

Rack Installation for the Guardian 14000 - - - - - - - - - - - - - - - - - - - 17

Connecting to the Network - - - - - - - - - - - - - - - - - - - - - - - - - - 18

Connecting to the Power System- - - - - - - - - - - - - - - - - - - - - - - - 19

viii • Guardian Administrator Guide

Initializing the Guardian14000 - - - - - - - - - - - - - - - - - - - - - - - - 20

Using NASManager - - - - - - - - - - - - - - - - - - - - - - - - - - - - 21

Launching NASManager - - - - - - - - - - - - - - - - - - - - - - - - - - - 21

Displaying NASManager - - - - - - - - - - - - - - - - - - - - - - - - - - - 22

Using NASManager - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 23

Opening the Administration Tool - - - - - - - - - - - - - - - - - - - - - - - 23

Finding the Guardian Server IP Address - - - - - - - - - - - - - - - - - - - - 24

Discovering Guardian Servers- - - - - - - - - - - - - - - - - - - - - - - - - 24

Using the Setup Wizard - - - - - - - - - - - - - - - - - - - - - - - - - - 25

Accessing a Guardian Through Web View - - - - - - - - - - - - - - - - - 29

Using the Administration Tool - - - - - - - - - - - - - - - - - - - - - - - 30

Using the Icons - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 31

Using the Administration Tool User Interface - - - - - - - - - - - - - - - - - - 32

Using the Online Help - - - - - - - - - - - - - - - - - - - - - - - - - - - - 33

Using the Find Icon- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 33

Using the Tech Icon - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 34

Configuring a UPS Device - - - - - - - - - - - - - - - - - - - - - - - - - 34

Registering the Guardian Online - - - - - - - - - - - - - - - - - - - - - - 35

Chapter 3, Networking Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Network Menu - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 38

Reviewing Network Information- - - - - - - - - - - - - - - - - - - - - - - 39

Understanding Speed and Duplex Options- - - - - - - - - - - - - - - - - - 41

Configuring TCP/IP Settings - - - - - - - - - - - - - - - - - - - - - - - - 41

Configuring Dual-Ethernet Options - - - - - - - - - - - - - - - - - - - - - 43

Failover - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 43

Load Balancing - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 43

Synchronizing Time from a Network Service - - - - - - - - - - - - - - - - - 45

Configuring Network File Protocols - - - - - - - - - - - - - - - - - - - - - 46

Configuring Windows Access - - - - - - - - - - - - - - - - - - - - - - - - - 46

Contents • ix

Configuring NFS Access - - - - - - - - - - - - - - - - - - - - - - - - - - - 47

Configuring Apple File Protocol (AFP) Access - - - - - - - - - - - - - - - - - - 49

Configuring FTP Access- - - - - - - - - - - - - - - - - - - - - - - - - - - - 50

Configuring a DHCP Server - - - - - - - - - - - - - - - - - - - - - - - - - 51

Connecting from a Client- - - - - - - - - - - - - - - - - - - - - - - - - - 52

Connecting from a Windows Client - - - - - - - - - - - - - - - - - - - - - - 53

Connecting from an NFS Client - - - - - - - - - - - - - - - - - - - - - - - - 53

Connecting from a Macintosh - - - - - - - - - - - - - - - - - - - - - - - - - 53

Connecting from FTP - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 54

Connecting from the Internet - - - - - - - - - - - - - - - - - - - - - - - - - 55

Chapter 4, Storage Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Storage Menu- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 58

Viewing Devices- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 59

Creating and Managing RAIDs - - - - - - - - - - - - - - - - - - - - - - - 60

RAID Configurations - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 60

Hot Spares - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 61

Default RAID Configurations - - - - - - - - - - - - - - - - - - - - - - - - - 61

Using the Create RAID Set Wizard vs. the Storage Tool - - - - - - - - - - - - - 61

Assessing RAID Set Status - - - - - - - - - - - - - - - - - - - - - - - - - - 63

Identifying a Degraded RAID - - - - - - - - - - - - - - - - - - - - - - - - - 63

Replacing Disk Drives on a RAID - - - - - - - - - - - - - - - - - - - - - - - 64

Adding Disk Drives to a RAID - - - - - - - - - - - - - - - - - - - - - - - - - 65

Creating and Managing Volumes - - - - - - - - - - - - - - - - - - - - - - 66

Naming Volumes - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 66

Default Settings for a New Volume - - - - - - - - - - - - - - - - - - - - - - 66

Creating a Volume - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 66

Assessing Volume Status - - - - - - - - - - - - - - - - - - - - - - - - - - - 67

Managing Volumes - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 67

Creating and Managing Shares - - - - - - - - - - - - - - - - - - - - - - 68

x • Guardian Administrator Guide

Creating a New Share - - - - - - - - - - - - - - - - - - - - - - - - - - - - 68

Mounting Shares from NFS Clients - - - - - - - - - - - - - - - - - - - - - - 70

Creating and Managing Snapshots - - - - - - - - - - - - - - - - - - - - - 70

Accessing Snapshots - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 70

How Snapshots Impact Performance - - - - - - - - - - - - - - - - - - - - - - 71

Shared Snapshot Pool - - - - - - - - - - - - - - - - - - - - - - - - - - - - 71

Estimating Snapshot Space Requirements- - - - - - - - - - - - - - - - - - - - 71

Redefining Space for Snapshots on a Volume- - - - - - - - - - - - - - - - - - 72

Creating a Snapshot - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 72

Scheduling a Snapshot - - - - - - - - - - - - - - - - - - - - - - - - - - - - 72

Assigning and Managing Quotas - - - - - - - - - - - - - - - - - - - - - - 73

Assigning User Quotas - - - - - - - - - - - - - - - - - - - - - - - - - - - - 74

Assigning NIS Group Quotas - - - - - - - - - - - - - - - - - - - - - - - - - 76

Creating Directories - - - - - - - - - - - - - - - - - - - - - - - - - - - - 77

Chapter 5, Security Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

Security Overview - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 79

Overview of Directory, Group, User, and Share Access - - - - - - - - - - - - - 79

Understanding Multiplatform Security Issues - - - - - - - - - - - - - - - - - - 79

Security - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 79

Changing the Server Name and Admin Password- - - - - - - - - - - - - - - - 80

Using UIDs and GIDs with the Guardian Server - - - - - - - - - - - - - - - - - 80

Creating Local Users and Groups - - - - - - - - - - - - - - - - - - - - - - 81

Defining a Local User- - - - - - - - - - - - - - - - - - - - - - - - - - - - - 81

Defining a Local Group - - - - - - - - - - - - - - - - - - - - - - - - - - - 82

Choosing Group Membership for a User - - - - - - - - - - - - - - - - - - - - 83

Authentication - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 83

Local Authentication - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 83

Windows Domain Authentication - - - - - - - - - - - - - - - - - - - - - - - 83

Active Directory Authentication - - - - - - - - - - - - - - - - - - - - - - - - 84

Contents • xi

NIS Authentication - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 84

Joining a Windows Domain - - - - - - - - - - - - - - - - - - - - - - - - 85

Network File System Security - - - - - - - - - - - - - - - - - - - - - - - - 86

Joining an NIS Domain - - - - - - - - - - - - - - - - - - - - - - - - - - 86

Defining HTTP Security - - - - - - - - - - - - - - - - - - - - - - - - - - - 88

Configuring a Secure Shell (SSH) - - - - - - - - - - - - - - - - - - - - - - 89

Access Control Lists - - - - - - - - - - - - - - - - - - - - - - - - - - - - 89

General Guidelines - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 90

Assigning File Ownership- - - - - - - - - - - - - - - - - - - - - - - - - - - 90

Defining a Share and Share Access - - - - - - - - - - - - - - - - - - - - - 91

Creating a Snapshot Share - - - - - - - - - - - - - - - - - - - - - - - - - - 91

Defining Share Access - - - - - - - - - - - - - - - - - - - - - - - - - - - - 92

Physical Security - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 94

Chapter 6, Data Backup and Disaster Recovery . . . . . . . . . . . . . . . . . . . 95

Backing Up Data - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 96

Backup Express for Guardian - - - - - - - - - - - - - - - - - - - - - - - - - 96

Using Snapshots to Optimize Data Backup - - - - - - - - - - - - - - - - - - - 96

Using Server-to-Server Synchronization to Back Up Data - - - - - - - - - - - - 98

Supported Third-Party Backup Packages - - - - - - - - - - - - - - - - - - - - 98

Backing Up Server and Volume Settings - - - - - - - - - - - - - - - - - 100

The Disaster Recovery Files - - - - - - - - - - - - - - - - - - - - - - - - - - 100

Creating the GuardianDRImage and Volume Files- - - - - - - - - - - - - - - - 101

Disaster Recovery Procedures- - - - - - - - - - - - - - - - - - - - - - - 101

Performing a Fresh Install from Maintenance Mode - - - - - - - - - - - - - - - 102

Manually Creating the Original RAID Sets and Volumes - - - - - - - - - - - - - 103

Restoring the Data from Tape - - - - - - - - - - - - - - - - - - - - - - - - - 103

Recovering the Original Server and Volume Configurations - - - - - - - - - - - 103

Recovering from Hardware Failures - - - - - - - - - - - - - - - - - - - - - - 104

xii • Guardian Administrator Guide

Chapter 7, Monitoring and Maintaining the Server . . . . . . . . . . . . . . . 105

Configuring E-mail Notification - - - - - - - - - - - - - - - - - - - - - - 106

Using the Guardian 14000 LCD - - - - - - - - - - - - - - - - - - - - - 107

Viewing System Status Information - - - - - - - - - - - - - - - - - - - - 107

Viewing SCSI Status Information - - - - - - - - - - - - - - - - - - - - - 107

Reviewing Volume Usage - - - - - - - - - - - - - - - - - - - - - - - - 108

Simple Network Management Protocol (SNMP) - - - - - - - - - - - - - - 108

Traps - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 108

Supported Network Manager Applications - - - - - - - - - - - - - - - - - - - 109

Configuring SNMP Alerts - - - - - - - - - - - - - - - - - - - - - - - - - - 109

Viewing the Event Log - - - - - - - - - - - - - - - - - - - - - - - - - - 110

Resetting the Guardian Server to Factory Defaults - - - - - - - - - - - - - 111

Hot Swapping Components - - - - - - - - - - - - - - - - - - - - - - - 112

When to Hot Swap Disk Drives - - - - - - - - - - - - - - - - - - - - - - - - 112

Hot Swapping Disk Drives - - - - - - - - - - - - - - - - - - - - - - - - - - 112

Hot Swapping Fans - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 114

Hot Swapping Power Supplies (Guardian 14000 only) - - - - - - - - - - - - - 114

Chapter 8, Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

Installation Issues - - - - - - - - - - - - - - - - - - - - - - - - - - - - 117

Networking Issues - - - - - - - - - - - - - - - - - - - - - - - - - - - - 117

Security Issues- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 118

Disaster Recovery and Maintenance Issues - - - - - - - - - - - - - - - - - 119

Common Guardian Maintenance Issues - - - - - - - - - - - - - - - - - - - - 119

Guardian 14000 Maintenance Issues - - - - - - - - - - - - - - - - - - - - - 119

Appendix A, Guardian Specifications . . . . . . . . . . . . . . . . . . . . . . . . . 121

Guardian Operating System Specifications - - - - - - - - - - - - - - - - 121

Network Transport Protocols - - - - - - - - - - - - - - - - - - - - - - - - - 121

Network File Protocols - - - - - - - - - - - - - - - - - - - - - - - - - - - - 121

Contents • xiii

Network Client Types- - - - - - - - - - - - - - - - - - - - - - - - - - - - - 121

Server Emulation- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 122

Network Security- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 122

System Management - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 122

Automatic IP Address Assignment - - - - - - - - - - - - - - - - - - - - - - - 122

Multiple File System Options - - - - - - - - - - - - - - - - - - - - - - - - - 123

Java Application Environment - - - - - - - - - - - - - - - - - - - - - - - - - 123

Data Protection - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 123

Agency Certifications- - - - - - - - - - - - - - - - - - - - - - - - - - - - - 123

North American Warranty - - - - - - - - - - - - - - - - - - - - - - - - - - 123

Guardian 4400 Specifications - - - - - - - - - - - - - - - - - - - - - - 124

Network Connection - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 124

Physical Specifications - - - - - - - - - - - - - - - - - - - - - - - - - - - - 124

Power- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 124

Operating Environment- - - - - - - - - - - - - - - - - - - - - - - - - - - - 124

Non-operating Environment- - - - - - - - - - - - - - - - - - - - - - - - - - 124

Guardian 14000 Specifications- - - - - - - - - - - - - - - - - - - - - - 125

Network Connection - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 125

Physical Specifications - - - - - - - - - - - - - - - - - - - - - - - - - - - - 125

Power- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 125

Operating Environment- - - - - - - - - - - - - - - - - - - - - - - - - - - - 125

Non-operating Environment- - - - - - - - - - - - - - - - - - - - - - - - - - 125

Appendix B, Third-Party Backup Applications. . . . . . . . . . . . . . . . . . . . 127Installing a BrightStor ARCserve Agent - - - - - - - - - - - - - - - - - - - - - 128

Installing a VERITAS Backup Exec Agent - - - - - - - - - - - - - - - - - - - - 129

Installing a VERITAS NetBackup Client - - - - - - - - - - - - - - - - - - - - - 129

Installing a Legato NetWorker Client- - - - - - - - - - - - - - - - - - - - - - 130

Recovering Backed Up Data with a Legato NetWorker Client - - - - - - - - - - 131

xiv • Guardian Administrator Guide

Appendix C, Backup Express for Guardian . . . . . . . . . . . . . . . . . . . . . 133

Overview - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 133

Feature Highlights - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 133

Tape Drive Support - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 133

Configuration Options - - - - - - - - - - - - - - - - - - - - - - - - - - - - 134

The Backup Express CD- - - - - - - - - - - - - - - - - - - - - - - - - - - - 134

Next Steps - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 135

Managing the Catalog - - - - - - - - - - - - - - - - - - - - - - - - - - 136

Upgrading Backup Express for Jukebox Support - - - - - - - - - - - - - - 136

Glossary- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 139

Index - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 147

1

Chapter 1Getting Started

About This Guide

This guide contains detailed descriptions and examples that explain how to use the Guardian 4400 and 14000 servers, including the NASManager and the Administration Tool utilities. These versatile Linux-based file servers are designed for optimum performance and efficiency. The easy-to-use, browser-based graphical user interface provides a friendly yet powerful tool for administering the server.

How This Guide is Organized

Chapter 1, “Getting Started,” provides information about how this guide is organized, Guardian software and hardware components and features, and start up suggestions.

Chapter 2, “Setup and Configuration,” shows you how to set up the Guardian 4400 and 14000, how to properly unpack and install each server, and how to use NASManager. It also provides an overview of the Administration Tool.

Chapter 3, “Networking Options,”explains how to use the Administration Tool to configure static IP addresses, review network information, configure the dual-Ethernet ports for failover and load balancing, configure network file protocols, and connect to the Guardian server from a client, including Windows, NFS, Macintosh, FTP, and Web clients.

Chapter 4, “Storage Configuration,” explains how to configure RAIDs, view existing storage devices, create and manage volumes, shares, Snapshots, and quotas, and create directories.

Chapter 5, “Security Management,” describes share access, Snapshot shares, UNIX NIS and Windows Domain security, ACL file system security, and multiplatform file security issues.

2 • Guardian Administrator Guide

Typographic Conventions

Chapter 6, “Data Backup and Disaster Recovery,” explains how to use Guardian Snapshot technology in conjunction with Backup Express for Guardian to back up your data, create the files you need to recover a Guardian server’s configuration information, and, if disaster strikes, reinstall the Guardian operating system and restore the server to its original configuration with data intact

Chapter 7, “Monitoring and Maintaining the Server,” describes how to configure E-mail Notification in response to specific events; review system status, volume usage, and the event log; reset the system to the factory defaults; and hot swap drives, fans, and power modules.

Chapter 8, “Troubleshooting,” provides solutions to Guardian installation, set up, networking, security, and maintenance issues.

Glossary, provides definitions for common NAS terms.

Appendix A, “Guardian Specifications,” describes the Guardian hardware specifications in detail.

Appendix B, “Third-Party Backup Applications,” describes how to install the following third party backup agents: CA Brightstor ARCserve, Legato NetWorker, VERITAS NetBackup and Backup Exec.

Appendix C, “Backup Express for Guardian,” describes how to begin using Backup Express with your Guardian server for local tape backups.

Typographic Conventions

This manual uses a variety of typographic font changes to show the difference between menu commands, command line text, and variable information. The following table shows the type conventions that this manual uses:

Font convention Used for...

Bold Menu commands and window titles

Courier Text that you type directly into a text field, a command line, or web page

Italic Variable information where you substitute variable text with a real name

Getting Started • 3

Guardian 4400 Features



Flexible RAID configuration:

• RAID 5 (disk striping with parity): For each array, the capacity of one disk is reserved for parity checking (default array configuration of four disks)

• RAID 1 (disk mirroring): One drive’s data replicated to one or more drives

• RAID 0 (disk striping): Large, virtual drive with data striped across all drives of the array; no loss in usable capacity

• Dual Ethernet ports for failover and load balancing

• Four disk drives that support hot swapping

• A browser-based Administration Tool to help you configure and administer the server

• Snapshots, recovery images, and support for third-party backup agents for backup and disaster recovery

Flexible RAID configuration:

• RAID 5 (disk striping with parity): For each array, the capacity of one disk is reserved for parity checking (default array configuration of 11 disks with a hot spare)

• RAID 1 (disk mirroring): One drive’s data replicated to one or more drives

• RAID 0 (disk striping): Large, virtual drive with data striped across all drives of the array; no loss in usable capacity

• Dual Ethernet ports for failover and load balancing

• An LCD on the front panel that displays the IP address, server name, system status, and error notifications

• Twelve disk drives that support hot swapping

• A browser-based Administration Tool to help you configure and administer the server

• Snapshots, recovery images, and support for third-party backup agents for backup and disaster recovery


NASManager

NASManager

NASManager is a Java-based, platform-independent application that you use to discover and administer Guardian servers. NASManager provides a list of all Guardian servers that that operate within given subnet. You can use NASManager to perform basic administration tasks, or to access the Administration Tool, which provides advanced configuration tools.

Getting Started • 5

Administration Tool

Administration Tool

The Administration Tool is a sophisticated, browser-based application used for administering your server. This utility enables you to perform a wide range of tasks, including the following:

• Creating shares and defining share access

• Setting and changing passwords

• Configuring the server for a variety of network protocols

• Configuring RAIDs, volumes, quotas, shares, and directories

• Performing backup and recovery operations

The Administration Tool provides several wizards to streamline procedures. It is highly recommended that you run the Initial Setup Wizard, which enables you to set the name of your server, assign static IP addresses, and register your server. You can only run the Setup Wizard once. Other wizards include RAID and Share configuration.


Administration Tool

7

Chapter 2Setup and Configuration

This chapter covers how to unpack, connect, and install your server. The chapter also provides instructions for how to use the Administration Tool to connect to the server and to configure basic settings. The following topics are included in this chapter:

• Setting Up the Guardian 4400 provides information about how to unpack and install the Guardian 4400.

• Setting Up the Guardian 14000 provides information about how to unpack and install the Guardian 14000.

• Using NASManager describes how to launch and use the NASManager tool. This tool helps you to find your Guardian servers.

• Using the Setup Wizard describes how to complete the four setup screens. Be sure to check the prerequisites for completing this wizard.

• Using the Administration Tool provides an overview of the Administration Tool, including how to use the navigation and search tools.

• Configuring a UPS Device provides information on how to configure a Guardian server to a shut down automatically upon receipt of a message from a network-based UPS.

• Registering the Guardian Online shows you how to register your Guardian server.


Setting Up the Guardian 4400


Guardian 4400 Hardware ComponentsYou should have all the items shown in the following illustration:

1. Guardian 4400 5. Power cord2. Two Ethernet cables 6. Quick Start Guide and User CD, Safety

information, and DataKeeper QuickStart Guide and CD

3. Stacking clips 7. Rack mount brackets (left & right)4. Rack mount screws (8 in all: 4 for

mount brackets, 4 for rack post)8. Backup Express CDs

Setup and Configuration • 9


Guardian 4400 Hardware FeaturesThis section provides an overview of the Guardian hardware features. Subsequent sections discuss the status lights, and how to connect the server to the network.

To access this label, remove the front bezel. The server number is comprised exclusively of numerics.To access this label, remove the front bezel. The 10-character alphanumeric serial number appears on the second label.

1. Power button 8. Front bezel2. System LEDs (Status Lights) 9. Power connector3. Release latches 10. Service connector4. Disk drive status lights 11. USB connectors (disabled)5. Server number label 12. Ethernet 2 connector 6. Serial number label 13. Ethernet 1 connector (primary)7. Hot swap disk drives 14. SCSI connector (optional on the 4806B

model)



Rack Installation for the Guardian 4400The Guardian 4400 ships with two L-shaped rack mount brackets. You can attach them in one of two ways: (1) to the front of the server for mounting to the front posts of a four-post rack; or, (2) to the middle of the server for mounting to both posts of a telco rack.

1. Make sure you have the following items necessary for rack installation:

• Two (left and right) front rack mounting bracket assemblies

• Four rack ear screws to attach the brackets to the server

• Four rack mounting screws to attach the brackets to the rack posts

• Phillips screwdriver

2. Attach the L-shaped brackets to the front or to the middle of the server using the four screws provided.

3. Insert the server into the rack and attach the server to the posts using the remaining four screws. You may need a second person to support the server while tightening down the mounting screws.

Understanding the Guardian 4400 Status and Disk Drive LightsThe server has two status lights, two network lights, and two lights for each of the four disk drives. Quantum recommends that you become familiar with the operation of these lights.

Status and Network Lights

The status and network lights are located to the right of the power button. When you look at the server from the front, the lights appear in the following order, from left to right: Power LED, System LED, LAN 1 (Ethernet 1) LED, and LAN 2 (Ethernet 2) LED. They operate as follows:

• The Power LED displays the following states:

• A solid green light indicates that the server is powered on.

• A blinking green light indicates that the server is powered down, but connected to power.

• An off light indicates that the server is powered down and not connected to power.



• The System LED normally blinks green (once per second) after the server has booted up. It displays an amber light when there is a system error.

• The LAN 1 LED is green when the system is active and connected to the network on the LAN 1 port. A flashing green light indicates activity between the system and other devices on the network. When the light is off, the port is disconnected or the Ethernet cable is not connected/linked to an active hub or switch.

• The LAN 2 LED is green when the system is active and connected to the network on the LAN 2 port. A flashing green light indicates activity between the system and other devices on the network. When the light is off, the port is disconnected or the Ethernet cable is not connected/linked to an active hub or switch.

Disk Drive Lights

The Guardian 4400 has two lights below each disk drive. The left light indicates power. The right light indicates activity. The lights display the following states:

• When the power LED is green and the activity LED is off, the disk drive is installed properly but is not active.

• When the power LED is green and the activity LED flashes amber, the disk drive is installed properly and is actively reading/writing information.

• When the power LED is amber and the activity LED is off, the disk drive is installed, but not working correctly.

• When you remove a disk drive, both LEDs are off.



Connecting to the NetworkThe server has dual Ethernet ports that can connect to 10BaseT, 100BaseT, or 1000BaseT networks. A dual-port configuration offers added advantages, such as load balancing and failover. You may connect one or both of the ports. If you connect only one port, it must be the primary port (identified on page 9.)

Use the provided Ethernet cables to connect the server to the network. When you connect the network cables to an active port, the network lights on the bezel (LAN 1 and LAN 2) are green.

For information about configuring the Ethernet ports, see “Configuring Dual-Ethernet Options” on page 43.



Connecting to the Power SupplyWhen you connect the Guardian server, plug the power cord into a UPS if possible. Consider the following:

• Connect the cord to the UPS and connect the UPS to a properly grounded outlet.

• If no UPS is available, connect the power cord to a properly grounded electrical outlet.

1. Plug the power cord (female end) into the power connector on the server.

2. Plug the power cord (male end) into a UPS or a properly grounded electrical outlet.



Initializing the Guardian 4400Use the power button on the front of the server to power up and power down the server.

To power up the server, press the power button on the front of the server. The server takes a few minutes to initialize.

• A green power LED indicates that the system is on.

• An amber system LED indicates a system error.

To power down the server, press and release the power button to begin the shutdown process. Do not depress this button for more than four seconds.

Note: The Guardian 4400 has a persistent power state. When a physical loss of power occurs, the Guardian server returns to same operation it had when the power went out. Therefore, if the system was powered down preceding the power loss, it will remain powered down when the power is restored.




Guardian 14000 Hardware ComponentsYou should have all the items shown in the following illustration:

1. Guardian 14000 6. 16 black and four rear support mount screws

2. The Quick Start Guide and User CD, the DataKeeper Quick Start Guide and CD, Registration, and Safety information

7. Two long rear support brackets (recommended for use with 4-post racks)

3. Two Ethernet cables 8. Backup Express CDs

4. Two power cord clips 9. Two (left and right) front rack mounting Bracket/Handle assemblies

5. Four quick-release screw assemblies consisting of the knurled head, the threaded stud, and plastic washer

10. Two power cords



Guardian 14000 Hardware Features

To access this label, open the front bezel. The server number is comprised exclusively of numerics.To access this label, open the front bezel. The 10-character alphanumeric serial number appears on the second label.

1. Power button 10. Power supply activity lights2. System LEDs (Status Lights) 11. Service diagnostic connector3. LCD 12. Fan status lights4. Disk drive status lights 13. Ethernet 1 connector (primary)5. Fans 14. SCSI connector6. Power supply status lights 15. Ethernet 2 connector7. Power supply on/off switches 16. Server number label8. Power supplies 17. Serial Number label9. Power connectors

System

Link



Rack Installation for the Guardian 14000

Warning: Be sure to install the server correctly. The server weighs approximately 75 pounds, and rack installation requires two or more people. If you have a four-post rack, Quantum recommends that you use the rear support brackets provided.

1. Before installing the rack, make sure you have the following items:

• Two (left and right) front rack mounting bracket assemblies (ears)

• Four quick-release screw assemblies (knurled head, threaded stud, and plastic washer)

• 16 black screws (12 to attach the front rack mounting bracket assemblies and four to attach the long rear support brackets to the sides of the server)

• Two long rear support brackets, recommended for use with four-post racks

• One Phillips screwdriver

2. Separate the four quick-release screws into component parts (knurled heads, threaded studs, and plastic washers).

3. Determine the mounting height for the server in the rack, and then mount the threaded studs from the four quick-release screws into the rack at that height.

4. Attach the front bracket assemblies to the front of the server using 12 of the black screws provided (six for each front bracket assembly).

5. With at least one other person, temporarily support the server, and align the slots on the front brackets with the threaded studs of the quick-release screws.

6. Immediately place the plastic washers over the studs and fasten the knurled heads to secure the server to the rack.



If you have a four-post rack, attach the rear support brackets to the rack and then to the server as follows:

1. Align the slots on the rear support brackets with the mounting holes on the server, and then mark the corresponding rear rack post mounting locations.

2. Use the four long silver screws to attach the rear support brackets to the back posts of the rack.

3. Use the remaining four black screws to attach the long rear support brackets to the server.

Connecting to the NetworkThe server has dual Ethernet ports to connect to 10Base-T, 100BaseT-, or 1000Base-T networks. A dual port configuration offers added advantages, such as load balancing and failover.

You may also configure the Guardian 14000 with a single Ethernet connection. If you do, be sure to use the primary port, which is located beneath the two fans.

Use the provided Ethernet cables to connect the server to the network as shown in the following illustration:

Note: The Ethernet port (found below the two fans) is the primary port. Use this port to connect to the network. If you use only the Ethernet port on the NIC, the server’s IP address will not appear on the LCD.



For information about configuring the Ethernet ports, see “Configuring Dual-Ethernet Options” on page 43.

Connecting to the Power SystemWhen you connect the Guardian server to a power source, plug the power cords into two different sources. This strategy protects the server if one power source fails. Consider the following scenarios:

• For the best protection from power failures, connect each power cord to two different UPS (uninterruptible power supply) units. Each UPS should have a minimum rating of 160 watt hours.

• If you have only one UPS, connect one cord to the UPS and the other to a properly grounded electrical outlet.

• If no UPS units are available, connect the power cords to two properly grounded electrical outlets on different circuits.

1. Plug the power cords (female ends) into the power connectors on the server.

2. Plug the power cords (male ends) into properly grounded electrical outlets.

Note: Do not plug both cords into the same multiple-outlet surge protector or one two-socket wall outlet.



Initializing the Guardian14000

1. Make sure the power switches on both power supplies are in the on position (the 1 on the toggle switch is depressed).

2. Depress the front power button until the LCD illuminates (about three seconds).

3. Wait for the server to initialize. The initialization process takes a few minutes.

System

Link


Using NASManager

Using NASManager

NASManager is a Java-based, platform-independent application designed to discover and administer Guardian servers. You can use NASManager to display and modify the settings you have created. You can also perform key administration tasks, such as setting the IP address, and shutting down or rebooting the server. The NASManager Online Help provides additional information.

Use the Guardian User CD to install NASManager on a client computer. NASManager supports Windows, UNIX, Macintosh, and Linux clients.

Launching NASManagerThe following table describes how to log on to NASManager from different clients:

Operating System To Log on to NASManager:

Microsoft Windows XP/Me/2000/95/98/NT

Click the Start button. Point to Programs > NASManager, then select NASManager.

Macintosh Open the NASManager folder and double-click the NASManager icon.

UNIX/Linux For default options:

1. cd to home directory

2. Run the NASManager command:./runNASManager

If you selected not to create links:

1. cd to home directory

2. cd to the NASManager directory

3. Run the NASManager command:./NASManager


Using NASManager

Displaying NASManagerWhen you launch NASManager, the screen displays the names of any Guardian servers that are currently online and connected to the same subnet.

The following table explains the fields in the NASManager console:

Name Name of the server

Model Name Model name of the server

IP Address The IP address

How Acquired How the IP address was assigned to the server (DHCP or static)

OS Version The operating system version

Discovery State The time the last discovery information was retrieved from the server


Using NASManager

Using NASManager NASManager has four basic tools: Get Information, Set IP Address, Administer via the Web Browser, and Reboot. Use the three icons in the upper left side to access the Get Information, Set IP Address, and Administer via the Web Browser tools. You can also select these three tools and Reboot from the Administration Tool pull-down menu, or by right-clicking on a Guardian server name.

The following list describes the NASManager Tools that you can access from the Tools menu:

• Get Information is a read-only screen that displays information about the server, including the server hardware, OS version, and server status. It also provides network information, such as IP address, gateway and Ethernet address of the primary Ethernet port.

• Default Server Name is QNTMnnnnnn, where nnnnnn is the server number on your server. For example, number 140020 defaults to QNTM140020.

• Set IP Address displays your IP address. If you do not have a DHCP server, use this screen to set or modify a static IP address.

• Administer via Web Browser opens your Web browser to the Administration Tool for this server.

• Shutdown/Reboot shuts down or restarts the server.

• Edit Remote Server List adds or removes remote Guardian servers that are not on the same subnet.

• Options specifies how frequently the NASManager refreshes and specifies a port address.

• Refresh refreshes the NASManager screen.

Opening the Administration Tool

1. Highlight a server name from the list.

2. Choose Tools > Administer via Web Browser. The Administration Tool login screen opens.

3. Enter the default administrator user name and password: admin, admin. You can change these in the Initial Setup Wizard or in System Settings > General.

OR

In a Web browser, enter the IP address of the Guardian server using the following format:


Using NASManager

http://1.2.3.4

4. Click Enter.

Finding the Guardian Server IP AddressThe primary Ethernet port IP address is available from the following locations:

• The LCD panel on the front of the Guardian 14000 displays the IP address. The 4400 does not have an LCD panel, so you must use NASManager to view the IP address.

• The NASManager screen displays the IP address for any Guardian servers that are online.

• The Get Information screen in NASManager displays the IP address for this server.

• The Set TCP/IP screen in NASManager and in the Administration Tool displays the Dynamic Host Configuration Protocol (DHCP) assigned IP address or the statically assigned server IP address.

Note: If your server LCD shows the default IP address of 10.10.10.10, it means that no DHCP server was found on the network, and that the Guardian server has not been assigned a static IP address. You may not be able to see the server on your network, and thus you may be unable to access the Administration Tool. In this situation, you must use NASManager to find the server and assign it a static IP address.

Discovering Guardian ServersUse NASManager to locate other Guardian servers on the network. At startup, NASManager begins to broadcast discovery request packets to the network. Guardian servers that receive discovery requests respond with information. With Discovery enabled, remote servers that you specify on the Remote Server List appear in the same list as servers discovered on the same subnet. NASManager automatically refreshes server status information at a specified interval. By default, both Discovery and Auto Refresh are enabled.

Discovery is limited to the current subnet. If you cannot find a specified Guardian, use the following procedure to manually add the server:

To Add a Server

1. From the Tools menu, select Edit Remote Server List.

2. Click Add.

3. In the text box, enter the name or IP address of the server you want to add to the list.


Using the Setup Wizard

4. Click OK.

To Set the Refresh Interval

1. Select Tools > Options.

2. Drag the Refresh slider to the desired position.


The first time you access your Guardian server, the Setup Wizard runs. The Setup Wizard consists of the following screens:

• The General Information screen, to change the server name, set the date and time, and set a new administrator password

• The TCP/IP settings screen, to set TCP/IP settings

• The Registration screen, to register your server online.

• The Reboot screen, to reboot the server and allow the new settings to take effect

If you do not plan to use the default values, it is highly recommended that you assemble the following information you will need to complete the fields before you run the wizard.

• The name of the server

• An administrator password

• The IP address for the Guardian server

• The subnet mask

• The default gateway

• The domain server IP address

If you do not have all the information, you can configure these settings at a later date using the following screens in Administration Tool:

• The System Settings > General screen to change the server name

• The Network Settings > TCP/IP screen to change the TCP/IP setting

• The Maintenance > Shutdown/Reboot screen to reboot the system

• The System Settings > Registration screen to register the server online

Setup Wizard: General Information

The General Information screen enables you to change the server name, set the time, and set an administrator password.



The fields are defined as follows:

• The Server Name text field contains the default name of the server as it appears on the network.

• The Date, Time, and Time Zone display the local source of time and date information available on your network. You can also set the Time Zone.

• Enter a new Admin Password in each password field. Quantum strongly recommends that you set a new administrator password for this system.



To Complete the General Information Screen

1. Keep the default server name or use this field to enter a new server name.

2. Confirm that the Date and Time are correct or enter the correct information in the fields. Select the correct Time Zone from the pull-down menu.

3. Enter a new Admin Password in each password field.

Note: The factory default password is admin. Quantum recommends that you assign a new password immediately. To make the password secure, use alphanumeric characters and vary the case. For example, a password might be CAM16due. Do not write the password where someone else might find it, and change it regularly.

4. Click Continue to open the next Wizard screen.

Setup Wizard: Configure TCP/IP Address

Use this screen to configure TCP/IP settings for the primary Ethernet port. In the Guardian 4400, LAN 1 is the primary Ethernet port. In the Guardian 14000, the primary Ethernet port is below the fans. You can obtain the TCP/IP settings from the DHCP server. If you use the DHCP assigned settings, the server obtains them from the DHCP server immediately.

If you do not have a DHCP server or you prefer to assign a static IP address, enter valid information for a static IP address, Subnet Mask, Default Gateway, Domain Name Server, and WINS Server(s).



To Configure the TCP/IP Address

1. If the network has a DHCP server, the Obtain TCP/IP... radio button is selected. If you plan to use the DHCP server, click Continue.

2. If you do not have a DHCP server, select the Select IP address... radio button. Enter the following information:

• A valid static IP Address

• The Subnet Mask; the default value is 255.255.255.0

• The Default Gateway IP address, the Domain Name Server IP address, and the WINS server IP address (optional)

3. Click Continue to open the next wizard screen.

Setup Wizard: License Agreement

Read the license and click Accept. You must agree to the license terms to use the Guardian server.

Setup Wizard: Registration

To activate StorageCare On-site Service and Support, you must register your Guardian server. Registration also entitles you to receive e-mail notification of OS and accompanying software updates, to receive special Quantum promotions, and to provide input to the design of future products. Click the Register online now link to open a separate browser window that provides instructions on how to proceed.

Setup Wizard: Reboot

Click the Reboot button. The server reboots to the Web View screen.


Accessing a Guardian Through Web View

Accessing a Guardian Through Web View

To access a Guardian server, enter its name or IP address in the location or address field of a Web browser. The Web View screen, which is a “public” view of the server, appears first.

At the bottom of the screen are two links:

• Login opens the Enter Network Password dialog box.

• Administration opens the Administration Tool menu, or the Enter Network Password dialog box if you have not already logged in.

To Obtain Administrator Access

1. You need administrator-level access privileges to access the Administration Tool. Click Administration on the Web View screen.

2. In the Enter Network Password dialog box, enter a valid user name and password.

3. Click OK.


Using the Administration Tool


The Administration Tool screen is the browser-based interface to the Guardian server. Only users with administrator rights can access this menu.



Using the Icons The Administration Tool has the following four icons, located in the top-right corner of the screen:

• Home—Returns you to the Administration Tool menu from any level in the Administration hierarchy (The Home icon is grayed out on the Web View screen.)

• Find—Locates all the Quantum Guardian servers on your subnet

• Help—Opens context-sensitive online help for Administration Tool screens (The Help icon is grayed out on screens that do not require explanation, such as navigation screens.)

• Tech—Provides a link to the Quantum technical support site

For information about the Administration Tool and other information related to hardware, click the Quantum Guardian logo in the upper left corner of the screen.

The Administration Tool screen displays the following topics:

• System

• Network

• Storage

• Security

• Maintenance

• Monitoring

Beneath each topic is a list of related tasks.



Using the Administration Tool User InterfaceThe Administration Tool consists of a set of integrated tools to help you manage Guardian servers. For example, the three tasks you completed in the Set Up Wizard are located in the System, Network, and Maintenance topics.

The following diagram shows the tasks within each topic.

Administration Tools

SecurityNetwork System MaintenanceStorage

Information

TCP/IP

Web

Windows

UNIX NFS

Apple

FTP

RAID Wizard

Devices

RAID Sets

Volumes

Shares

Quotas

Snapshots

General

Date/Time

E-mail Notification

SNMP Alerts

Share Access

Users

Groups

Factory Defaults

UNIX NIS

Disaster Recovery

OS Update

Monitoring

Volume Usage

Windows

Status

SCSI Monitoring

Feature Licensing

SSH

UPS

Registration

DirectoriesDHCP

Host File Editor

Event Log

Shutdown/Reboot



Using the Online HelpThe online help is context-sensitive. Click the Help button to open an Administration Tool topic.

Note: If the Help icon is grayed out, the menu or screen has no online help.

Using the Find Icon The Find tool displays all the available Guardian servers on the same subnet.

To Use Find

1. Click the Find button to open NAS Finder.

2. To refresh the screen, click Update.

3. To open a server or to view its shares, click the server IP address.The Enter Network Password dialog box appears.

4. Enter the password and click OK. The Administration Tool menu for the server displays.


Configuring a UPS Device

Using the Tech IconUse the Tech icon to access technical support information.

Click the Tech icon to open the Guardian technical support home page. You can find technical support including online registration, a knowledge base to answer your questions, and downloads for documentation and additional software.

To access the Guardian knowledge base directly, enter the following address in a browser:

http://www.quantum.com/nas_support

Configuring a UPS Device

You can configure a Guardian server to shut down automatically upon receipt of a message from a network-based, APC-brand UPS. Visit www.quantum.com for a listing of optimal APC models for use with your Guardian server.

The Guardian 14000 maximum load is 300 watts. The Guardian 4400 maximum load is 160 watts. To determine how many hours of service your UPS will supply, divide the watt hours of the UPS by the maximum load the Guardian server draws. The result is the number of hours your UPS should supply power to maintain your Guardian server.

Note: In addition to enabling UPS support on the Guardian server, you must also identify the Guardian server to the APC software. In the APC UPS browser-based user interface, navigate to the Power Chute configuration page, and add the Guardian server’s IP address to the client list. If using DHCP, entering any IP address on your network will work.

To Enable UPS Support on the Guardian Server

The full procedure for enabling UPS support for the Guardian 14000 is given below. Because the Guardian 4400 can connect to only one UPS device, only the steps 1 through 3 apply.

1. Navigate to the System > UPS screen.


Registering the Guardian Online

2. Select Yes from the pull-down menu to enable UPS support. Select No to disable UPS support.

3. Enter the following values for each UPS device:

• IP address

• APC User name

• APC Authentication Phrase

4. If you are using two UPS devices, you can select automatic shutdown upon receiving a message from one or both UPS devices.

5. Click Save.


To activate StorageCare On-site Service and Support, you must register your Guardian server.

1. Navigate to the System > Registration screen.



2. Click the Register online now link to open a separate browser window that provides instructions for registering your server.

3. When you complete the registration form, click Exit.

37

Chapter 3Networking Options

This chapter describes options and procedures for configuring TCP/IP settings, including load balancing and failover options, enabling access protocols, and gaining access to the server from various clients.

• Reviewing Network Information on the Network Information screen, which displays the current network settings of the Guardian server.

• Understanding Speed and Duplex Options provides the background information you need to configure Guardian Ethernet ports.

• Configuring TCP/IP Settings provides instructions for modifying TCP/IP addressing for a single- or dual-Ethernet installation.

• Configuring Dual-Ethernet Options discusses failover and load balancing options in a dual-Ethernet configuration.

• Configuring Network File Protocols provides instructions on how to configure the Guardian server to accept Windows, NFS, AFP (Macintosh), FTP, Web, and DHCP clients.

• Connecting from a Client provides instructions on connecting the server via Windows, Macintosh, Linux, and UNIX clients.


Network Menu

Network Menu

The Network menu is located on Administration Tool menu. The menu opens the Network screens as follows:

• Network Information is a read-only file of your current network configuration.

• TCP/IP assigns an IP address, domain name, domain name server IP address, WINS server IP address, and speed/duplex settings.

• Web (HTTP/HTTPS) selects automatic guest login and/or HTTPS access.

• Windows (SMB) enables Windows networking, sets the Workgroup/Domain name, selects language code pages, and enables Oplock (Opportunistic Locking).

• NFS enables NFS and sets valid client addresses.

• AppleTalk (AFP) enables AppleTalk support, sets AppleTalk addresses, and configures AppleTalk for TCP/IP.

• FTP Server enables the Guardian server server as an FTP server and sets anonymous login.

• DHCP Server enables the Guardian server server as a DHCP server for a small network to assign TCP/IP addresses within the specified range.

Networking Options • 39

Reviewing Network Information


The Network > Information screen is a read-only screen that displays the current network settings of the Guardian server. Use the Network > TCP/IP screen to modify the values on this screen.

You can configure the Ethernet ports in the following modes:

• As two separate interfaces in Standalone mode

• As a bonded interface in Failover mode

• As a bonded interface in Load Balance mode



Network Information Field Settings

The following table defines the network settings:

Port Name Ethernet1 and/or Ethernet2

IP Address Obtained by DHCP or Static

IP Address The unique 32-bit value that identifies the location of the server. This address consists of a network address, optional subnetwork address, and host address. It displays as four addresses ranging from 1 to 255 separated by periods.

Subnet Mask A portion of a network that shares a common address component. On TCP/IP networks, subnets are all devices with IP addresses that have the same prefix.

Default Gateway The network address of the gateway is the hardware or software that bridges the gap between two otherwise unroutable networks. It allows data to be transferred among computers that are on different subnets.

Domain Name Server The IP address of the network server that maintains the list of all host names.

Domain Name The ASCII name that identifies the domain for a group of computers within a network.

WINS Server The Windows Internet Naming Service server, which locates network resources in a TCP/IP-based Windows network by automatically configuring and maintaining the name and IP address mapping tables.

Ethernet Address The unique six-digit hexadecimal (0-9, A-F) number that identifies the Ethernet port.

Speed Status 10Mbps, 100Mbps, or 1000Mbps

Duplex Status Half-duplex indicates two-way data flow, one way at a time. Full-duplex indicates two-way data flow simultaneously. Most hubs negotiate half duplex.


Understanding Speed and Duplex Options

Understanding Speed and Duplex Options

The Ethernet ports are capable of 10/100/1000 Mbps speeds, half/full duplex, and autonegotiating configurations. The speed setting establishes the rate for transmission and reception of data. The duplex setting causes the Ethernet port to transmit packets in one-way or two-ways at the same time.

Half-duplex Ethernet allows one-way transfer of data at a specified speed. Full-duplex Ethernet doubles the carrying capacity of a connection between two systems by allowing each system to simultaneously transmit and receive data. For example, a 100 Mbps/half allows 100Mbps transfer speed in one direction at a time. A 100/full allows 100Mbps transfer speed in both send and receive directions.

Busy networks that involve large file transfers between multiple clients benefit most from a full-duplex Ethernet, since you can send and receive traffic simultaneously from several clients. However, you can only use full-duplex when the Guardian server is connected to an Ethernet switched port. Shared hubs do not support full-duplex.

The Auto setting enables automatic negotiation of the speed and duplex based on the physical port connection to a switch. If you select Auto, the switch port must be configured to the same setting as the Guardian server.

The Auto setting is the only allowable option for a Gigabit port. You cannot implement Gigabit support in a shared hub configuration. Do not try to force a Gigabit setting or you will encounter problems.

Note: The networking switch or hub must match the setting you selected; otherwise, the network throughput or connectivity to the server may be seriously impacted.

Configuring TCP/IP Settings

Use this screen to configure or modify TCP/IP addressing for a single or dual-Ethernet installation. This screen shows the current network information for the selected Ethernet port. Consider the following scenarios:

• If you did not complete the TCP/IP wizard, use this screen to configure the primary Ethernet port (Ethernet1).

• If you use two Ethernet ports, use this screen to configure the Ethernet ports for standalone, failover, and load balancing. For more information on how to configure dual Ethernet ports, see “Configuring Dual-Ethernet Options” on page 43.

To Configure the TCP/IP Screen

The fields marked with an asterisk are required; others are optional.


Configuring TCP/IP Settings

1. Navigate to the Network > TCP/IP screen.

2. Click the Obtain TCP/IP settings... radio button to assign your Guardian server an IP address from a DHCP server.

OR

Click the Set IP address... radio button to enter the IP address information for the following fields:

• IP address (required)

• Subnet mask (required)

• Default gateway (optional)

• Domain Name Server (optional)

• Domain Name (optional)

• WINS Server (optional)

3. Select the network speed and duplex setting combination from the pop-up menu, or leave the default setting Auto enabled. You must have entered an IP address to select these settings. You can manually configure the following speed/duplex combinations.

Warning: Auto is recommended as the optimal solution for speed settings. If you manually configure speed/duplex settings, you must also configure the hub or switch with the same settings after you click the Save button.

4. Click Save to reboot the server. You must reboot the server to activate these settings.

Setting Speed Duplex

Auto Negotiated Negotiated

10Mbps/half 10 Mbps Half

10Mbps/full 10 Mbps Full




Configuring Dual-Ethernet Options


This section describes how to configure Ethernet1 and Ethernet2 for dual-Ethernet options. A dual-Ethernet configuration enables you to perform failover and load balancing functions.

You can set up the two Ethernet ports as:

• Two separate network ports. A pull-down menu that allows you to select Ethernet1 or Ethernet2 displays at the top of the TCP/IP screen.

• A bonded channel that uses both Ethernet ports in a load balancing scheme.

• A bonded channel in failover mode that uses the first Ethernet port as the primary network interface and the second Ethernet port as the backup.

In a bonded configuration, the network uses one IP address for the server. When configuring the Ethernet ports for load balancing or failover, be sure to connect both ports to the same switch on the same subnet. Also make sure they have the same speed/duplex setting.

FailoverRedundant network interfaces ensure that an active port is available at all times. If the primary port (Ethernet1) fails due to a hardware or cable problem, the secondary port (Ethernet2) assumes its network identity. The transition is transparent to users, although some users may experience a few seconds of inactivity. If the failed port comes back online, it resumes its role as the primary interface. The Failover mode ensures server availability to the network, however it does not provide switch fault tolerance.

Load Balancing Dual ports increase server bandwidth and help to keep users connected and files available. An Ethernet port on any server can become a bottleneck or single point of failure for a network. In a load balancing mode, the transmission load is distributed among aggregated network ports. An intelligent software adaptive agent repeatedly analyzes the traffic flow from the server and distributes the packets based on destination addresses. Load balancing can only occur on Layer 3 routed protocols (IP).



Configuring Ethernet1

1. Select Ethernet1 from the pull-down menu.

2. Do one of the following:

• Click the Obtain TCP/IP settings... radio button to assign your Guardian server an IP address from a DHCP server.

• Click the Set IP address... radio button to enter the IP address information for the following fields:

IP address (required)

Subnet mask (required)

Default gateway (optional)

Domain Name Server (IP address, optional)

Domain Name (ASCII text, optional)

WINS server (optional)


Synchronizing Time from a Network Service

3. Select the network speed and duplex setting combination from the pop-up menu, or enable the Auto default setting. You can configure the following speed and duplex options:

You must use Auto to take advantage of a full-Gigabit connection.

4. Choose one or more of the following options:

• Standalone provides two separate interfaces (one IP address per port).

• Failover enables Ethernet2 to automatically take over the connection if Ethernet1 fails. Only one port is active at one time.

• Load Balancing enable both ports to share the transmission load while the primary port (Ethernet1) receives and transmits.

5. Click Save to update the network settings.

Synchronizing Time from a Network Service

Synchronization is essential to the smooth operation of network systems. A difference of milliseconds can cause problems in computer systems. Security mechanisms depend on coordinated times across the network. File system updates performed by multiple computers also depend on synchronized clock times.

When you join an Active Directory Services (ADS) domain, the server synchronizes time with the ADS server.

Setting Speed Duplex

Auto Negotiated Negotiated






Configuring Network File Protocols


This section shows you how to configure the Guardian server to accept Windows, NFS, AFP (Macintosh), FTP, Web, and DHCP clients.

Configuring Windows AccessUse the Network > Windows screen to configure access for (CIFS/SMB) Windows clients. The server provides the standard file-sharing services of a Windows server.

With CIFS/SMB, you can:

• Access local server files

• Obtain read/write privileges to local server files

• Share files with other clients

The Guardian Server has been tested with the Microsoft Windows 95/98/Me, NT 4.0, 2000, and XP operating systems.

To Configure Windows Access

1. Navigate to the Network > Windows screen.

Note: The Guardian server provides most standard file-sharing services of a Windows 2000 server. It does not support other functions of a Windows server, such as printing.

2. To enable Windows CIFS/SMB, select Yes from the pull-down menu. Select No to disable access to this server via the CIFS/SMB protocol.

3. Enter the Workgroup/Domain Name to which the server belongs. By default, the Guardian server is configured as part of Windows Workgroup.



If you join a Windows domain through Advanced Security (Security > Windows), the domain name you entered displays here and can only be changed via the Advanced Security screen.

4. For Language Support, select the code page used by Windows clients when they transmit file and folder names in a single-byte character set:

• North America/Europe refers to code page 850 (Western Europe including Afrikaans, Basque, Catalan, Dutch, English, French, German, Italian, Indonesian, Icelandic, and Spanish)

• United States refers to code page 437 (US English, Indonesian, Basque, Catalan)

• Nordic/Europe refers to code page 865 [Northern Europe including Danish, Finnish, Norwegian (Bokmål), Norwegian (Nyorsk), and Swedish]

Note: The Guardian server supports the primary Icelandic code page (865), but does not support the secondary page (861).

5. You can enable or disable Oplock (opportunistic locking). Yes allows the Windows client to take advantage of opportunistic locking, which can help performance if the user has exclusive access to a file. No disables Oplock.

6. Click Save.

Security and Authentication for Windows

For information on security and authentication, see Chapter 5, "Security Management."

Configuring NFS AccessA share on a Guardian server is equivalent to an exported file system on an NFS server. NFS users can mount Guardian shares and access content directly, or mount a subdirectory of a share. NFS uses dynamic mounting with auto-mount or static mounting with automatic remount when the server restarts after it is shut down. The Guardian server supports NFS v2/v3.

To Configure NFS Access

1. Navigate to the Network > NFS screen.The Valid Client Addresses list box displays the client machines that currently have access to the server via NFS.



2. In the Enable pull-down menu, select Yes to enable access to this server via the NFS protocol.


• To grant universal access, make sure the Valid Client Addresses list box is blank. If necessary, select one or more entries and click Delete. Universal access eliminates validation, and grants access to all computers.

• To grant access to specific clients, click Add. In the Valid Client Addresses field, enter the client IP addresses, separated by commas (in an environment with name resolution, you can enter host names as well). When finished, click OK. The client addresses appear in the list box.

4. Click Save.

Guardian Security and Authentication for NFS

For information on security and authentication for NFS, see Chapter 5, "Security Management."

Supported Clients

The Guardian server has been tested with the following Linux/UNIX networking clients:

• Red Hat Linux 6.2, 7.0, 7.1, 7.2, 7.3

• HP-UX 11, AIX 4.3.3,5.1 UNIXWare 7.1.1

• Sun Solaris 7, 8, 9

• OpenServer 5.0.5



Supported Protocols

The Guardian server supports the following versions of NFS:

Configuring Apple File Protocol (AFP) AccessUse the Network > AppleTalk screen to configure AFP access for Apple clients. You must set up Macintosh networking users and groups as local Guardian users.

To Configure AppleTalk Access

1. Navigate to the Network > AppleTalk screen.

2. Select Yes from the pull-down menu to Enable AppleTalk access. Select No to disable access to this server from the AFP protocol.

Protocol Version Source

NFS 2.0, 3.0 RFC 1094, RFC 1813

Mount 1.0, 2.0, 3.0 RFC 1094 Appendix A, RFC 1813

PC/NFS 2.0 Protocols for X/Open PC Networking (PC) NFS

Lockd 1.0, 4.0 RFC 1094, RFC1813



3. Select the AppleTalk check box to use the AppleTalk protocol. Clear the checkbox to disable the AppleTalk protocol.

4. Zone The Guardian server scans its local subnet for the presence of an AppleTalk router, and adjusts the behavior of this field accordingly:

• If an AppleTalk router is detected, a pull-down menu displaying the available zones appears. Choose one of the following options: a) leave the field blank to use the default zone; or, b) select the appropriate zone from the pull-down menu.

• If an AppleTalk router is not detected, a text field displays, and the Guardian server will act as an AppleTalk router, assigning net.node addresses and routing traffic on its local subnet only. Choose one of the following options: a) leave the field blank to use the default zone; or, b) enter a zone name in the text field.

Using the default zone ensures proper coordination among multiple Guardian servers on the same subnet and provides greater compliance with third-party software. If you have a compelling reason to specify a zone, Quantum strongly recommends that do so only under the supervision of an experienced network administrator or Quantum technical support staff.

5. To assign a static Appletalk address to the server, enter the 16-bit network number, and the eight-bit node number in the AppleTalk Address (net.node) text field. To avoid conflicts with other Quantum servers on the same subnet, Quantum recommends you leave this field blank.

6. Select the TCP/IP check box to enable AFP over TCP/IP. Clear the check box to disable AFP over TCP/IP.

7. Select the Add Server Name to... to show both the server name and share name in the Select a File Server dialog box. Clear the check box to display only the share name.

8. Click Save.

Configuring FTP AccessWhen you allow anonymous login, FTP users employ an e-mail address as the password. When you disallow anonymous login, only FTP users who are configured as local Guardian users can access the server.

To configure FTP access

1. Navigate to the Network > FTP screen.

2. Select Yes to enable FTP access. Select No to disable FTP access.



3. Select the appropriate option from the pull-down menu:

• Read Only means users who log in through FTP anonymously have read-only privileges.

• Read/Write means users who log in through FTP anonymously have read/write privileges.

• No means users cannot log in anonymously, but must instead log in via their own local user name, password and access permissions.

4. Click Save.

Configuring a DHCP Server Dynamic Host Configuration Protocol (DHCP) is a communications protocol that lets network administrators centrally manage and automate the assignment of IP addresses in a computer network. Each system that connects to the Internet needs a unique IP address. When an organization sets up its computer users with a connection to the Internet, an IP address must be assigned to each system.

To Configure a DHCP Server

1. Navigate to the Network > DHCP screen.

Note: Ensure that the network has no other active DHCP servers. You might negatively impact the network if you enable this device as a DHCP server while another server on the network is performing this function.


Connecting from a Client

2. If the Guardian server does not have a static IP address, assign it one in the TCP/IP screen (Network > TCP/IP). You must reboot the server to activate the new TCP/IP address.

Note: When you enable the Guardian server as a DHCP server, it reports in-use IP addresses at the bottom of the screen under Current DHCP Status.

3. To enable this server as a DHCP server, select Yes from the Enable pull-down menu.

4. Enter the range of IP addresses for the server to provide. Enter values for DHCP Range Start and DHCP Range Stop. These are the first and last numbers of valid IP addresses that the server can give DHCP clients.

Warning: To configure the Guardian server as a DHCP server, it must have a static IP address. This static address must meet two conditions: (1) it must lie outside the DHCP range of IP addresses you specify on the DHCP screen; and, (2) it must be part of the same subnet on which the Guardian server is to assign IP addresses.

5. Click Save to save your changes.


A Guardian server, once installed, appears as a server with a shared folder. The default server name is QNTMnnnnnn, where nnnnnn is the server number. For example, a Guardian server number 610019 defaults to QNTM610019.

Note: The server number is located on the server label. To see it, open the front panel of the Guardian 14000 or remove the front bezel of the Guardian 4400.

The location of the server depends on whether you accepted the default configuration or specified a destination. The following instructions assume default settings. If you did not accept the default settings, use the same destination and server name that you specified when you configured the server.

Use NASManager to make sure that the client is connected.

Client Connection

Microsoft Windows 2000/Me/XP • Default Configuration: My Network Places > Workgroup

• Custom Configuration: Workgroup > Server location

• Use NASManager



Connecting from a Windows ClientWhen you connect from a Windows client, consider the following methods:

• Use the assigned server name.

• Use the IP address that is specified in the TCP/IP Settings screen.

• Use NASManager.

Connecting from an NFS ClientTo use an NFS mount to connect to the server:

1. From a command line, enter the following command:mount server_name:/share_name /local_mount

where server_name is the name or IP address of the server, share_name is the name of the share to which you want to mount, and local_mount is the name of the mount target directory.

2. Press Enter to connect to the specified share on the server.

Connecting from a MacintoshSome Guardian terms may cause confusion for those familiar with Apple terminology. For example, share terminology differs. Each Guardian share (or shared folder) appears as a

Microsoft Windows 95/98/NT • Default Configuration: Network Neighborhood > Workgroup

• Custom Configuration: Workgroup > Server location

• Use NASManager

Macintosh Use the Chooser, Network Browser, or Connect to Server to connect to the server.

Web browser Enter the server name or IP address in the Web browser’s location or address box.

NFS Mount the share using the server name or IP address.

FTP Enter the server name or IP address in a supported FTP client application.

Client Connection



Macintosh volume that can be accessed through the Chooser. Unlike standard AppleShare servers, the Guardian server allows nested shares (shared folders within shared folders). As a result, it is possible for some files or directories to appear in more than one shared folder.

Share names are also different. By default, the Chooser identifies Guardian shared folders using only the share name. To see both the share name and the server name, enable the Add Server Name to... checkbox on the Appletalk screen. This strategy allows Macintosh applications to differentiate between shared folders with the same share name on multiple servers. For example, “SHARE1 on QNTM30286” refers to the share named SHARE1 on the Guardian server named QNTM30286.

To Connect to the Guardian server from a Macintosh

1. Select the Network Browser, Chooser, or Connect to Server from the Apple or GO menu. In the Chooser, click the AppleShare icon.

2. If you use zones with AppleTalk, select the default zone in the AppleTalk Zones list.

3. Scroll through the list of servers in the Select a File Server list and select your server, then click OK. In Mac OS X, you may need to enter the IP address of the server.

4. When asked for a user name or password, enter them (or click Guest), then click OK.

5. In the server dialog box, select the shared folder you want to mount.

6. To mount the shared folder on your desktop, click OK.

For Mac OS X, you can also mount via NFS as described in “Connecting from an NFS Client” on page 53.

Connecting from FTP To connect to the server through FTP:

1. Enter the server’s name or IP address in the FTP Location or Address box.

• To connect via a command line, enter ftp server_name

• To connect via a Web browser, enter ftp://server_name

where server_name is the name or IP address of the server.

2. Enter a valid user name and password to login.

3. Press Enter to connect to the FTP root directory. All shares and subdirectories appear as folders.



If you restrict access to a network share, you must log in with the correct privileges to browse the contents of the share. You cannot manage files or folders in the FTP root directory.

Connecting from the InternetYou can view folders and files on the Guardian server from the Internet. To access a specific share, Internet users can append the share name to the server URL. Make sure that you separate the two with a forward slash. A user can attach a folder by appending another forward slash, followed by the folder’s name.

The following example shows the resulting URL:

http://QNTM140020/Share1/my_files

OR

http://10.10.5.23/Share1/my_files

To Connect from a Web Browser

1. Enter the server name or IP address in the location or address box of the browser.

2. Press Enter.

Note: To browse the contents of the server, click a network share link. If the administrator has restricted access to a network share, you must log in with the correct privileges to browse the contents of the share.

57

Chapter 4Storage Configuration

This chapter explains how to use the Storage Tool to configure the Guardian disk drives and volumes. It covers the following topics:

• Storage Menu displays the storage menu links.

• Viewing Devices explains the fields on the devices status screen.

• Creating and Managing RAIDs provides definitions of the three RAID configurations, the options for creating them, and instructions on recognizing and replacing failed drives.

• Creating and Managing Volumes provides instructions on creating and guidelines for managing volumes.

• Creating and Managing Shares provides instructions on creating shares.

• Creating and Managing Snapshots provides information you need to determine your Snapshot requirements and strategy, as well as instructions on creating and accessing Snapshots.

• Assigning and Managing Quotas provides instructions on assigning user quotas and NIS group quotas.

• Creating Directories provides instructions on creating and accessing directories.


Storage Menu

Storage Menu

Use the Storage menu to manage RAID Sets, volumes, shares, quotas, Snapshots, and directories. To access the Storage menu, click the Storage tab.

Storage Configuration • 59

Viewing Devices

Viewing Devices

Use the Storage > Devices screen to view the status of the disk drives installed on the server.

This screen displays a table that shows the current status of the selected disk drive:

Heading Definition

Location The name and position of the drive

Model The make and model name of the drive

Size The total capacity of the drive

Status The current condition of the drive:

Member of... — The RAID Set to which the drive is assigned

Unassigned — Not a member of any RAID

Hot Spare — The drive is reserved as a hot spare

Failed — The drive is offline or otherwise inaccessible

Empty — The drive slot does not contain a drive


Creating and Managing RAIDs

Note: In the Status column, you can click the name of a RAID to view its configuration settings.


RAID ConfigurationsRAID is a collection of disk drives that act as a single storage system. Guardian servers support the following RAID types:

RAID 0 (Striped)

RAID 0 stores equal portions of each file on each disk in the RAID. This technique, called data striping, is fast since it uses multiple physical devices to store the data. However, RAID 0 offers no redundancy. If a disk drive fails, every file in the RAID is unavailable.

RAID 1 (Mirrored)

RAID 1 uses mirroring, which stores data on one disk and copies it to other disks in the RAID Set, creating a redundant storage solution. RAID 1 is the most secure method for storing mission-critical data because there is no catastrophic data loss when a disk fails. However, RAID 1 is the most expensive and least efficient storage method.

RAID 5 (Striping with Parity)

RAID 5 stores equal portions of each file on each disk and distributes parity information (error correction data) for each file across all disks in the group. This distributed parity information allows the system to recover from a single disk drive failure. RAID 5 gives the best combination of performance, usability, capacity, and data protection.

The following table summarizes the benefits and drawbacks and requirements for each RAID type:

RAID 0 RAID 1 RAID 5

Data Loss Risk high low low

Write Access Speeds fast slow fast

Cost/MB low high low

Min. Disks Required 1 2 3



Hot SparesA hot spare is a disk drive that can automatically replace a damaged drive in a RAID 1 or 5. If one disk drive in a RAID fails, or is not operating properly, the RAID automatically uses the hot spare to rebuild itself without administrator intervention.

For the Guardian 14000, Quantum recommends that you have at least one hot spare configured to automatically rebuild a RAID in case a drive fails.

Default RAID Configurations

The Guardian 14000

By default, the Guardian 14000 is preconfigured as an 11-disk RAID 5 and one hot spare, with a single volume encompassing the entire RAID, and a single share pointing to the volume. The data space is preconfigured to allocate 20 percent to Snapshots on the single volume and the remainder of the RAID for the file system.

The Guardian 14000 supports a possible total of three RAID 5 configurations that each have a hot spare. The Guardian 4400 supports the creation of one RAID 5 configuration that consists of three drives and a hot spare.

The Guardian 4400

By default, the Guardian 4400 is configured with a 4-disk RAID 5. It is not preconfigured with a hot spare. The data space is preconfigured to allow 20 percent for Snapshots and 80 percent for the file system.

On the 4400, the decision whether to use a hot spare or not depends on the value you place on capacity vs. redundancy.

Using the Create RAID Set Wizard vs. the Storage Tool Use the Create RAID Set wizard or the series of screens in Create a RAID Set to create a RAID. The Wizard is the fastest way to create a RAID, but the Storage tools offer more choices and greater flexibility.

The wizard automatically progresses through five screens: Create, Confirm, Select Volume Capacity, Share Creation, and Done.

If you create a RAID with the Storage tool, you click RAID Sets on the Storage menu, and then click the Create RAID Sets button. You are initially guided through a series of four screens to create the RAID. When you complete the RAID, you can continue to create a Volume and a Share. The Create RAID Sets, Create a Volume, and Create a Share screens are linked.



Using the Creating RAID Sets Wizard

To create a RAID with the RAID Sets Wizard, click Storage > RAID Storage Wizard. The first page of the Wizard lists the three types of supported RAID levels and describes the strengths and weaknesses of each. To create a RAID, click on a RAID level.

The following section describes the five RAID Wizard screens. Each screen is described below.

Step 1: Create RAID Set

The Create RAID Set screen lists each available drive and its available space. It prompts you to specify the drives you want added to the RAID. You can configure as many drives as you want in a RAID. If you create a RAID 5 or RAID 1, you can configure one of the drives to be a hot spare. Make sure that you click the Add Hot Spare checkbox. The Wizard automatically configures one of the specified drives as a hot spare. If you create more than one RAID configuration and you want redundancy, you must specify one hot spare for each RAID set.

Warning: Changing the RAID format will delete data. Make sure to back up all data before you change RAID formats.

Step 2: Confirm RAID Set Configuration

The Confirm RAID Set Configuration is a read-only screen that shows the following details for this RAID configuration:

• RAID Name

• Storage Type (RAID 0, 1 or 5)

• Hard Drives

• Total Storage Space (in MB)

Step 3: Select Volume Capacity

Volume Capacity lets you select a capacity for the volume.

Step 4: Share Creation

Share Creation is a read-only screen that displays the names of the share and the share point.

Step 5: Done

Done is a read-only screen that displays the properties of the new RAID. Users can now access the new share. Make sure that all required network file access protocols are enabled on the Guardian server.



Assessing RAID Set Status Use the Storage > RAID Sets screen to assess the RAID status. You can use this screen to create, reconfigure, or repair a RAID.

RAID status is defined as follows:

Identifying a Degraded RAIDTo indicate a degraded RAID, the Guardian server displays the yellow highlighted text Degraded in the RAID Status field in the Storage > RAID Sets screen. You can set the E-mail Notification feature to alert you when a RAID degrades or has been replaced by a hot spare. See “Configuring E-mail Notification” on page 106.

Status Heading Description

Size Total capacity of the RAID.

Type Specifies RAID type (RAID 0, 1 or 5)

Unallocated space Total storage space not allocated to a volume.

Status Current condition of the RAID Set:

• OK — The RAID is functioning properly.

• Resync — A RAID repair operation in progress.

• Resyncing delayed — Another process is delaying a repair operation.

• Degraded — A drive has failed or been removed.



Replacing Disk Drives on a RAID This section describes how to safely remove and add drives to a degraded RAID. On Guardian servers, a drive must be removed logically from the RAID using the Administration Tool before it is removed physically from the server. Likewise, after a fresh drive is inserted into the drive slot, you must use the Administration Tool to add it to a RAID.

Summary

• RAID 0 (Nonredundant) Removing a disk drive from a RAID 0 causes the RAID to fail. This action renders any data residing on its drives inaccessible, and is therefore not recommended. Reinserting the drive should restore file access.

• RAID 1 or 5 (Redundant) Removing a disk drive from a RAID 1 or RAID 5 places the RAID into a degraded mode. While operating in a degraded mode, users can access or even update the data. However, the array loses its redundant characteristics until all drives of the array are available and operating properly.

Note: If you configure a RAID 1 or 5 with a hot spare, the array automatically starts rebuilding with the hot spare when one of the disk drives fails or is removed.

To remove a drive from an existing RAID using the Administration Tool

1. Navigate to the Storage > RAID Sets screen, and click the name of the RAID Set that contains the failed drive.The RAID Sets’ Edit screen appears.

2. In the Actions column, click the failed drive’s Remove link.

3. On the confirmation screens, click Continue.You return to the RAID Set Edit screen. The RAID Status now reads “degraded.”

4. Physically remove the failed drive, and insert a new drive in its place. On the Storage > Devices screen, the status of the new drive is “unassigned.” (See page 112 for detailed instructions on physically replacing a drive in the server.)

To add a drive to a degraded RAID 1 or 5 using the Administration Tool

When you add a new drive to a Guardian server, it is considered “unassigned.” To incorporate the new drive into an existing RAID Set, you must manually do so using the Administration Tool. The following procedure assumes that you are installing a new out-of-the-box disk drive as a replacement for a failed drive.



1. Navigate to the Storage > RAID Sets screen, and click the name of the RAID Set that contains the failed drive.The RAID Sets’ Edit screen appears.

2. Click Repair.

3. Select a drive to add to the RAID Set, and click Continue.

4. On the Confirmation screen, click Continue, then click Continue on the second confirmation screen.You return to the RAID Set Edit screen. The status of the RAID now reads “resyncing,” and the status of the newly added drive shows as “Hot Spare.”

Adding Disk Drives to a RAID This section describes how to safely add drives to an existing RAID. On Guardian servers, after a fresh drive is inserted into a drive slot, you must use the Administration Tool to add it to a RAID.

Summary

• RAID 0 (Non Redundant) You cannot add a drive to a RAID 0. To reconfigure a RAID 0, you must delete the RAID and recreate it.

• RAID 1 (Redundant) You can add a new drive to a RAID 1 as either a hot spare or as a new member.

• RAID 5 (Redundant) You can only add a hot spare to a RAID 5; you cannot add a new drive as a new member to an existing RAID 5.

To add a drive to an existing RAID 1 or 5 using the Administration Tool

1. Navigate to the Storage > RAID Sets screen, and click the name of the RAID 1 or 5 to which you want to add a drive.

2. Click Add.

3. If you are adding to a RAID 1, select either Hot Spare or Member at the top of the screen.

4. Select one or more drives to add to the configuration.

5. On the Confirmation screens, click Continue.


Creating and Managing Volumes

To reintegrate orphaned disk drives

An orphan disk drive occurs in the following circumstances: (1) a good drive from a working RAID is accidentally removed from the server; or, (2) a drive in a RAID intermittently fails, then appears to work again. The server cannot distinguish between the accidental removal and the intermittent failure. In either case, drive is suspect and is considered an orphan. To remedy the problem, add the drive using the procedure just described.


A volume is a logical portion of a RAID Set that enables you to create storage areas within a RAID. Use the Configure Volumes screen to create, access, edit, and delete volumes.

Naming VolumesUse any alphanumeric sequence to name a volume. The Guardian Server supports extended characters, but does not support character sets outside of extended ASCII, such as Cyrillic.

Default Settings for a New VolumeBy default, the volume size equals the available space of the RAID. The volume default name is VOL0 and increases by one for each subsequent volume.

Creating a Volume

1. Navigate to the Storage > Volumes screen.

2. Enter a unique Volume Name. Use up to 20 alphanumeric characters, including a hyphen, starting with an alpha-numeric character.



3. Select the appropriate RAID Set from the pull-down menu.

4. Enter the Capacity (in MB, GB, or TB). This field defaults to the total remaining capacity on the RAID Set.

5. Click Exit to return to the Storage > Volumes screen.

Assessing Volume Status Use the Storage > Volumes screen to view information on existing volumes.

Managing VolumesVolumes overcome the physical restrictions imposed by disk drives. You can dynamically grow and manipulate logical volumes without rebooting the server. Use the following features to manage volume size and usage:

• E-mail Notification Use the System > E-Mail Notification screen to set up alarms to notify you when a volume is full.

• Volume Usage Use the Monitoring > Volume Usage screen to view the current utilization totals for each volume.

• Quotas Use the Storage > Quotas screen to limit the amount of storage space that specific users or groups can consume on a volume. Group Quotas are only available for NIS groups.

Status Heading Definition

Name Name of the volume

RAID RAID to which the volume belongs

Size The current total capacity of the volume

Mount Point The path to the volume

Status The current condition of the volume:

• Active — Currently online and accessible.

• Inactive — The volume is offline.

Quotas If you enabled quotas, the volume has been formatted to limit the available user space.


Creating and Managing Shares


A share is an access point to a designated segment of a volume’s directory structure. When you create a share to a directory and assign it access rights, you control user access to the files within the directory and to any of its subdirectories. Use this screen to create, edit, and delete shares.

Creating a New Share Creating a share involves selecting the volume and directory path for the share and then defining share name and network access protocols. The Create Share wizard contains the following screens:

• Select Volume Parameters

• Select a Path

• Configure Share Parameters

• Confirm Share Creation

Select a Volume and Path

1. User the Storage > Shares > Create Share command to launch the Create Share wizard.

2. Select the volume on which to create the share and then click Continue.

3. Next, select the path to the shared directory. You must create a directory before you can create a share to it.

• To create a share to the entire volume, click Use Current Path. The Current Path field defaults to the root path of the volume.

• To create a share to a top-level directory, select the directory in the Select a Different Path area, then click Use Current Path.



• To create a share to a subdirectory, select a directory in the Select a Different Path area to display its next level of subdirectories. Continue to drill down the directory structure until you reach the desired level. Select the directory to display its path in the Current Path field. Click Use Current Path.

Configure Share Parameters

Use this screen to enter a unique share name, a description of the share, and to select protocols for clients to access this share. The path is the one you entered on the previous screen.

1. Enter a unique share name in this field.

2. To create a Snapshot share, select Create Snapshot Share and enter a Snapshot share name.

3. Select the protocols you want to share from the list: Windows (SMB), Web View (HTTP), NFS, AppleTalk, and FTP.

Confirmation

The last step is to confirm your share settings. Review the share settings, then click Continue. The Done screen appears when the share has been created.

Click the Set Share Access button to go to the Share Access screen. See “Defining a Share and Share Access” on page 91.


Creating and Managing Snapshots

Mounting Shares from NFS ClientsA share on a Guardian server is equivalent to an exported file system on an NFS server. NFS users can mount Guardian shares or mount a subdirectory of a share. Guardian shares use dynamic mounting (with auto-mount) or static mounting (with automatic remount when the server restarts after shutdown).

You must have sufficient privileges to mount a share from an NFS client. Mount a Guardian exported file system with the following commands:

1. Log in as a valid user.

2. Use the mount command to enter the full path to a share, directory, or file in the command line: mount QNTM30286:/SHARE1 /local_path

mount 192.168.1.1:/SHARE1 /local_path


A Snapshot creates a consistent, stable, point-in-time view of a volume. The Snapshot records any changes made in the volume to which it is linked. Once a Snapshot is taken, it filters out the changes that have been made to the volume since the Snapshot was taken. The Snapshot may be copied, stored, or backed up. You may take multiple Snapshots to provide images of the volume at different points in time.

Snapshots can satisfy minor, short-term backup situations such as recovering a file deleted in error, without resorting to tape. Snapshots can also be used to in major backup operations to ensure that all data in every operation is consistent. For more information on using Snapshots for backup purposes, “Using Snapshots to Optimize Data Backup” on page 96.

Accessing SnapshotsSnapshots are accessed via a Snapshot share. Just as a share provides access to a portion of a live volume (or file system), a Snapshot share provides access to the same portion of the file system on an archived Snapshot of the volume. You create a Snapshot share by selecting the “Create Snapshot Share” option in the course of creating a live-volume share. For example, assume you create a share to a directory called “sales,” and you select the Create Snapshot Share option. Web View will display two shares as follows:

SALESSALES_SNAP

The first share provides access to the live volume, and the second share provides access to any archived Snapshots. Other than read-write settings (Snapshots are read-only), a Snapshot share inherits access privileges from its associated live-volume share.



How Snapshots Impact PerformanceFile access performance is affected by the use of Snapshots because a second write to disk is made for every Snapshot that is active. This second write is performed after the original write to the volume, so one can anticipate a drop in write performance when a Snapshot is used. For example, if a typical Windows 2000 users runs on a 100Mbps network and writes files to the server without a Snapshot enabled, the rate of transfer will be about 664MB per minute. When a Snapshot is enabled, the same transfer might result in a transfer rate of 628MB per minute. Additional Snapshots may cause a further reduction in write performance.

Shared Snapshot PoolA Snapshot Storage Pool is provided for each RAID. Therefore, every Snapshot associated with a share/volume on a RAID allocates space from the same Snapshot pool.

The pool allows each Snapshot to grow dynamically up to the amount allocated for the RAID. Snapshots are deleted dynamically when they expire or if they do not have sufficient space. The system deletes Snapshots according to their persistence value: high, medium, or low. You can also manually delete a Snapshot on the Snapshots screen.

Estimating Snapshot Space RequirementsSince Snapshot storage requirements grow over time, it is necessary to invalidate Snapshots when storage becomes unavailable. The number of Snapshots that can be supported is a function of the space reserved for the Snapshots and the amount of changes to the volume since the Snapshot was created.

On the Guardian 14000, a limit of 250 GB has been established for Snapshot space to accommodate up to 10 concurrent Snapshots. Snapshot reserved space is located within the RAID Set.

The Guardian 4400 ships with a four-disk RAID 5 array. This RAID has one volume and one share. Within this volume, 80 percent is allocated to the live file and 20 percent is allocated to Snapshots.

Space required for Snapshots depends on levels and patterns of write activity coupled with the duration of the Snapshot. The following table describes minimum and maximum allocation cases:

Minimum Allocation — 10% of Volume

Maximum Allocation — Up to 250 GB and up to 10 Snapshots

If activity is read-heavy If activity is write-heavy

If the write access pattern is concentrated in a few places in the volume

If the write access pattern is randomized across the volume

If the Snapshot doesn’t need to be active for a long time

If the Snapshots must be active for a long time



Redefining Space for Snapshots on a VolumeSnapshots have a fixed pool of space reserved on each volume. You can increase or decrease the pool size if the RAID has available space.

1. Navigate to the Storage > Snapshots screen.

2. Click the adjust snapshot space link in the introductory text.

3. In the screen that appears, type a new number for the volume for which you want to increase or decrease Snapshot space.

4. Click Save.

Creating a Snapshot The following steps describe how to create a Snapshot.

1. Navigate to the Storage > Snapshots screen.

2. Click Create Snapshot.

3. In the screen that appears, complete the following information to define the Snapshot:

• Name the Snapshot.

• Identify the source volume.

• Specify the duration of the Snapshot (in whole numbers) and choose the unit of measurement from the pull-down menu (hours, days, weeks, or months).

• Choose a persistence priority from the pull-down menu. If the server reaches the limit of space you allocated for Snapshots, it overwrites lower priority Snapshots before high priority Snapshots. Choose Low, Medium or High according to the importance of the files.

• If you plan to create a tape backup from the Snapshot, choose Yes from the Create Recovery File pull-down menu.

4. Click Continue.

Scheduling a SnapshotYou can schedule the creation and removal of Snapshots. You specify the Snapshot share name at the time that you create the Snapshot schedule.

1. In the scheduling screen, determine when you want the server to create the Snapshot.


Assigning and Managing Quotas

• Specify the start time as Now (the default) or choose Later and select a date and time.

• To schedule only a single instance of a Snapshot, select One Time.

• To repeat a Snapshot periodically, select Recurring and specify the elapsed time between each Snapshot.

• If you select Recurring in the text box, enter the Repeat Interval and specify hours, days, weeks or months.

2. Click Create. This saves the Snapshot you identified and scheduled.

3. Click Save Changes. The Snapshot appears in the Scheduled Snapshots list with your changes.

Note: You can delete a scheduled Snapshot from this same screen. Click Delete Schedules and make the appropriate selections.


A quota limits the amount of storage space on a volume that a user or group can use. Typically, the storage space for the group is greater than the sum of its users. The purpose of a quota is to prevent a user or group of users from consuming more space on a volume than permitted by the administrator.

Note: Group quotas are available only for NIS groups.

First, enable quotas for a volume, then assign the quotas to the individual users or groups. You can assign access privileges to quotas for users and groups.

To Enable Quotas for a Volume

1. Navigate to the Storage > Quotas screen.



2. Select or clear a volume’s Enabled check box. A check in the enabled column indicates the quotas for the volume are enabled.

3. Click Save.

Assigning User QuotasYou can assign each user storage space on a volume. You must first assign a quota to the user. All files are owned by the user and the group. The size of each file is applied to both the user and the group quota. You must assign quotas for each user independently.

To Assign a Quota to a User


2. In the screen that appears, click the Volume Name for which you want to create user quotas. The screen that appears lists any users that have already been assigned a quota.

3. To add users, click Add Users.A screen that displays a list of unassigned users appears.

4. Locate the users you want to add via one of the following methods:

• Search: Enter a user name and click Search.

• Browse Buttons: Use the double-arrow buttons to jump to the beginning or end of the list of unassigned users. Use the single-arrow buttons to browse page-by-page.

5. Select one or more users.



6. Click Add Checked.The screen refreshes, and the checked user(s) are transferred to the User Quotas table.


• To add more users, repeat steps 1 through 3.

• To return to the User Quotas table, click Return.

8. Enter a limit for each newly added user.

9. Click Save.

To Edit User Quotas


2. Click the name of a quota-enabled volume.

3. Use the Limit field to change the limit set for each user.

4. Click Save.

5. Click Exit.



Assigning NIS Group QuotasYou can define and add NIS group quotas.

To Add Groups and Define NIS Group Quotas


2. In the screen that appears, click the name of the volume for which you want to create group quotas.

3. Click the NIS Groups link in the introductory text.

4. In the screen that appears, click the Add Groups button.

5. Select the name of each group you want to create a quota for. You can search for additional groups on other servers in the network.

6. Click Add Checked.

7. After the list refreshes, click Return.

8. In the Group Quotas screen, enter a quota limit for each group you added.

9. Click Save.

To Edit Existing Group Quotas


2. Click a volume name.

3. Click the NIS Groups link in the introductory text.

4. In the Limit field, change the limit set for each group.

5. Click Save.


Creating Directories

Creating Directories

To create a new top-level directory

1. Navigate to the Storage > Directories screen.

2. Select a volume from the pull-down menu to view its top-level directories.

3. Click Create Directory.

4. Enter a directory name.

5. Click Continue.

To Create a New Subdirectory

1. Navigate to the Storage > Directories screen.

2. Select a volume from the pull-down menu to view its top-level directories.

3. Click the top level directory for which you want to create a subdirectory.

4. Click Create Directory.

5. Enter the subdirectory name.

6. Click Continue.

78

Chapter 5Security Management

This chapter covers how to manage file permissions and ownership by users and groups. As the number of users in your environment grows, so do your file security requirements. The need to manage increasingly complex configurations of file and group ownership and permissions grows exponentially. This chapter discusses the following security issues:

• Security Overview discusses general issues in Guardian security, including relevant terminology, understanding multiplatform security issues, changing the server name and admin password, and using UIDs and GIDs with the guardian server

• Creating Local Users and Groups describes procedures for creating local users and groups.

• Authentication discusses the types of available authentication, including local authentication, Windows NT or Active Directory domain authentication, and NIS authentication.

• Joining a Windows Domain describes procedures for joining a Workgroup, Windows Domain, or Active Directory Domain.

• Network File System Security shows the commands NFS users can use to mount Guardian shares and subdirectories.

• Joining an NIS Domain Discusses the rationale and procedures for joining a Network Information Service domain.

• Defining HTTP Security Discusses how to require users to log in to the Web View screen, and how to enable HTTPS to encrypt user names and passwords.

• Configuring a Secure Shell (SSH) discusses when and how to enable SSH on a Guardian server.

• Access Control Lists defined Guardian support for Extended POSIX ACLs and provides guidelines for assigning the access permissions to specific files and folders Guardian server using a Windows client

• Defining a Share and Share Access provides instructions on creating shares and Snapshot shares.

Security Management • 79

Security Overview

Security Overview

Overview of Directory, Group, User, and Share AccessThe Guardian server defines Directory, Group, User, and Share Access as follows:

Understanding Multiplatform Security Issues NFS and CIFS/SMB behave very differently with regard to file system security, which can make file system administration for a heterogeneous environment challenging.

Error Recovery

NFS is known for its statelessness and can repeat operations with consistency. Clients are oblivious to a server reboot if the system is restored quickly. More importantly, the NFS protocol emphasizes error recovery over locking.

In contrast, a CIFS/SMB file server is not stateless. This implementation emphasizes locking over error recovery because personal computers rely on strict locking. This type of strict locking requires a sustained connection.

SecurityYou can control the following types of permissions on the Guardian server:

• Set user and group access to shares and quotas

• Create, edit, and delete local users and groups

• Configure the server to use UNIX NIS user and group security

• Configure the server to use Windows domain user and group security

Directory A subset of a volume comprised of files and folders. Use the Storage screen to create a directory or subdirectory and to delete directories.

Local User A user name and unique ID on the local server. Local users have primary membership in the AllLocalUsers Group.

Local Group A collection of users. The Guardian server automatically adds all local, Windows domain, and NIS users to the AllUsers group.

Share and Share Access A share is a virtual folder that maps to a directory on the server. A share is equivalent to a Microsoft networking share, a Macintosh networking shared folder, and NFS exported file systems.


Security Overview

Changing the Server Name and Admin PasswordTo change the server name or the Admin password, use the General screen on the System menu.

1. Navigate to the System > General screen.

2. Enter a unique server name in the field provided.

Note: The default server name is QNTM followed by a series of digits based on your server number, such as QNTM610019.

3. Enter an administrative password, then confirm the password. The administrative password is case sensitive. The default administrative password is admin.

If you have not yet changed your password, you should do so immediately. To set the password, enter it and re-enter it in the next text box.

4. Click Save.

Using UIDs and GIDs with the Guardian ServerThe Guardian server supports multiple protocols. It is based on the Linux operating system. Linux uses the POSIX standard system to assign group and user IDs. POSIX requires each user and group to have a unique UID and GID. This requirement applies to all users and groups on the Guardian server, including NIS and Windows users and groups.

If you use an NIS server, you can set up the system to join the NIS domain and import the users and groups. The NIS UIDs and GIDs must be within the range of 101-17999. The


Creating Local Users and Groups

Guardian server does not recognize users or groups who have identification numbers outside of this range. Each UID or GID must be unique. You should not define a UID or GID that has been previously assigned. You cannot define a UID or GID that is currently assigned.

Note: If you use a Windows Domain server, the Guardian server will automatically assign unique IDs.


Each local user is a member of the AllLocalUsers group. Therefore, if you assign the AllLocalUsers group access to a share, then every user that you create locally can access that share. The AllLocalUsers group is automatically created and maintained by the system, although you can also assign local users to other groups.

Use the User and Group screens under the Security menu to create and administer user and group accounts.

Defining a Local UserUse the Security > Users > Create User command to create a new user. A second screen opens for you to define users and user passwords.

To create a user, complete the fields as follows:

• The login name must be unique and is required.

• The user’s full name is optional.

• The password should contain a unique mixture of alphanumeric characters.

• The system assigns a default UID. You may accept this UID or change it. If you change the UID, make sure it is unique within the system.



Defining a Local Group To define a local group, you must first create the group, name the group, and then add members to it. The Guardian server assigns a default Group Identification Number (GID), however you may customize this GID on the screen where you add members.

To Define a Local Group

1. Navigate to the Security > Groups screen.

2. Click Create Group.

3. Type a unique name for the group you want to create.

4. Change the GID if you wish. See “Using UIDs and GIDs with the Guardian Server” on page 80.

5. Click Create.

6. Select or Clear a user's check box to add or remove the user from the group.

7. Click Save.


Authentication

Choosing Group Membership for a User

1. Navigate to the Security > Groups screen.

2. Click a Group name. A screen opens with a list of all possible users who can belong to that group.

3. To add a user to a group, click the check box next to the user’s name.

4. Click Save.

Authentication

Authentication validates a user’s identity by requiring the user to provide a registered login name and corresponding password. In NFS, it is the client that performs authentication, not the server. In CIFS/SMB, the server performs the authentication.

The Guardian server can be configured for the following types of authentication:

• Local authentication

• Windows NT or Active Directory domain authentication

• NIS authentication

Local AuthenticationCreate local users and groups in the Security menu in the Users and Groups screens. When a network user attempts to connect to a share, the Guardian server uses the same credentials as those supplied by the user login.

Windows Domain AuthenticationWindows networks use a domain controller to store user credentials. The domain controller can validate all authentication requests on behalf of other systems in the domain. The domain controller can also generate encrypted challenges to test the validity of user credentials. Other systems use encrypted challenges to respond to CIFS/SMB clients that request access to a share.

You cannot modify domain user or group information locally on the Guardian server, therefore domain users and groups are not visible on the Users and Groups screens. You must use the domain controller to make modifications. Changes you make on the domain controller appear automatically on the server.

If the server authenticates against a trusted domain, then you can also assign quotas, share access, and ACLs on files and directories to users and groups in that domain.


Authentication

Active Directory AuthenticationActive Directory is the preferred authentication method for Windows XP, Windows 2000, and Windows 2000 Advanced Server network users. This authentication allows Active Directory users to connect to shares on the Guardian server.

The server supports the Microsoft Windows 2000/XP servers that run in native ADS mode or in mixed NT/ADS mode.

Kerberos Authentication

The Guardian server supports the Microsoft Windows 2000/XP implementation of Kerberos. In Windows 2000/XP, the domain controller is also the directory server, the Kerberos key distribution center (KDC), and the origin of group policies that are applied to the domain.

Kerberos is a secure method for authenticating a request for a service in a network. Kerberos lets a user request an encrypted “ticket” from an authentication process that can then be used to request a service from a server. The user credentials are always encrypted before they are transmitted over the network.

The Guardian server supports both of the Microsoft name resolution services: Windows Internet Naming Service and Dynamic Domain Name Server. However, when you use a dynamic domain server or a domain name server with an ADS server, make sure that the forward and reverse name lookup is correctly set up.

NIS AuthenticationNetwork File System (NFS) provides a maximum amount of client control at the mount point or file system. To simplify administration of multiple systems in large NFS configurations, the Guardian server can join an NIS domain.

You cannot modify NIS user or group information locally on the server, therefore NIS users and groups are not displayed on the Users and Groups screens. You must use the NIS server to make modifications.

The server does not immediately reflect changes made on the NIS server. It may take up to 30 minutes for changes to be replicated.


Joining a Windows Domain

Joining a Windows Domain

Windows or Active Directory domains resolve user authentication and group membership through the domain controller.

To Join a Workgroup or Domain

1. Navigate to the Security > Windows screen.

2. Member of: Select from the pull-down menu to join a Workgroup, Windows Domain, or Active Directory Domain.

The choice you make here determines where the Guardian server can be found in the network neighborhood on the client's desktop, and determines the type of security that will be utilized on the Guardian server for CIFS/SMB clients.

3. Workgroup/Domain Name: Enter the name of the workgroup or domain you want to join.

4. If you are joining an Active Directory Domain, complete the following fields:

• Organizational Unit: (Required) Enter the name of the organizational unit the Guardian server will appear within the Active Directory tree. By default, the server will appear within the computer’s container.


Network File System Security

• Disable NetBIOS over TCP/IP: (Optional) You have the option to disable NetBIOS. Select the check box to disable to NetBIOS; clear the check box to leave NetBIOS enabled.

Note: If you disable NetBIOS, you must enter the domain name as a fully qualified domain name (e.g., ActDirDomName.quantum.com). A short form (e.g., ActDirDomName) will not work.

5. Administrator: If you are joining a Windows or an Active Directory domain, enter a user name and password with sufficient administrative privileges to allow a remote computer to join the domain.

6. Admin Password: Enter the password for a user name entered in step 5.

7. Click Save.

Disengaging Windows Domain Users and Groups

You must remove a user or group from a share to delete access privileges. When you remove a user or group from the domain, the Guardian server may require a few minutes to update the changes. Wait a few minutes and view the lists again.

Network File System Security

UNIX clients use Network File System (NFS) for remote file service. A share on a Guardian is equivalent to an exported file system on an NFS server. NFS users can mount Guardian shares and subdirectories. Users can use dynamic mounting with automount or static mounting with automatic remount when the server restarts after it has shut down.

To Perform a Static Mount

To perform a static mount, mount an exported file system with the following command:

mount QNTM30286:/SHARE1/ /local_dir

OR

mount 192.168.1.1:/SHARE1/ /local_dir.

Joining an NIS Domain

The Network Information Service (NIS) addresses the problems of distributed computing. NIS is a distributed database system that stores user IDs (UIDs), user passwords, group IDs


Joining an NIS Domain

(GIDs), and group membership. A central server maintains the database files, which alleviates the need for each server to manage its own list of users and groups.

NFS relies on the client to authenticate the user. It also allows the user to specify global permissions on systems that can access the mount point. For example, a list of NFS clients or group of clients might have full read-write access, while another might have read-only privileges. NIS resolves these issues by allowing a system administrator to maintain a common file in one location on a network and to propagate changes to that instance throughout the network.

The Guardian server functions as an NIS client. It joins the NIS domain, and can then read the groups and users maintained by the NIS domain.

Working with UNIX NIS Domain

Use the UNIX NIS screen to set NIS security and to integrate NIS groups and users. You must enable NIS security and enter an NIS domain to integrate NIS users.

NIS identifies users by UID, not user name, so it is possible to have duplicate user names. However, this configuration is not recommended.

1. Navigate to the Security > UNIX NIS screen.

2. In the Enable NIS pull-down menu, select Yes. The default is No.

3. Enter the NIS domain name.

4. Enter valid NIS server IP addresses separated by commas, or leave this field blank to bind to any available NIS server.


Defining HTTP Security

5. Click Save to join to the NIS domain.

Disengaging an NIS domain

In the Enable field, select No to disable NIS Security. Click Save.

Defining HTTP Security

When a user connects to a Guardian server via the HTTP protocol, the Web View screen displays a list of all shares (and Snapshot shares). Web View supports Netscape Navigator 4.7 and above and Microsoft Internet Explorer 4.0 and above. You can require users to log in to the Web View screen, and you can use HTTPS to encrypt user names and passwords.

Web View Authentication

You can control whether to restrict the Web View screen only to users known to the Guardian server, or to allow unrestricted access.

To require Web View Authentication

1. Navigate to the Network > Web screen.

2. In the Require Web View Authentication field, Select Yes.

3. Click Save.

Enabling Secure HTTPS

Secure (HTTPS) is HTTP using a Secure Socket Layer (SSL). SSL provides data encryption, server authentication, message integrity, and client authentication for any TCP/IP connection. SSL is supported by all major browsers. Web pages that use SSL begin with https.

To Enable HTTPS

1. Navigate to the Network > Web screen.

2. In the Secure HTTP (HTTPS) field, Select Yes.

3. Click Save. You will be redirected to a secure HTTPS connection.


Configuring a Secure Shell (SSH)

Configuring a Secure Shell (SSH)

Secure Shell (SSH) provides a secure remote console for special system administration and customer support access. SSH is similar to telnet, but more secure, providing stronger encryption so that no passwords or data cross the network in clear text. The Quantum SSH implementation is compatible with both SSH1 and SSH2.

On the Guardian server, SSH is disabled by default. With SSH disabled, you can avoid many potential security problems. You should enable SSH only under one of the following conditions:

• You need to install or start a supported backup agent.

• You are acting under the direction of a technical support representative.

To Enable SSH

1. Navigate to the System > SSH screen.

2. In the Enable SSH pull-down menu, select Yes.

3. Click OK. Secure Shell is immediately available.

To Connect to the Server using SSH

1. Make sure your remote machine has an SSH client application installed. Free or low-cost SSH applications are available over the Internet.

2. Connect to the server using its IP address, and log in as a user with admin rights.

Access Control Lists

Access Control Lists (ACLs) consist of a list of access control entries (ACEs). Each ACE is stored on the file system and determines the access parameters for a specific user or group.

Extended ACLs provide the ability to control access to files and directories with a higher degree of precision than the standard UNIX permission scheme. The Guardian server fully supports Extended POSIX ACLs; it provides partial support for NT 4.0 ACLs and Windows 2000 ACLs. Extended ACLs offer the following advantages:

• You can set detailed permission on objects (files and folders) for all users on the system, including any Active Directory or NT 4.0 server users.

• You can set the default inheritance on a directory so that subordinate objects inherit permissions from their parent directory.


Access Control Lists

General GuidelinesThe Extended POSIX ACLs allow the administrator to set access control entries (ACE) for the following types of users:

• The user or group who owns the file or directory

• A user or group who does not own the file or directory

• A user who meets none of the above definitions (equivalent to the UNIX concept World)

You can also set inheritance for directories, so that any file or subdirectory created under the directory with a default ACL inherits its ACLs. This inheritance should propagate to subordinate objects once the default behavior is set.

You can assign the following access permissions to specific files and folders on the Guardian server using a Windows client.

Assigning File OwnershipThe person who creates a file is the registered owner of that file. Owners always have full access to files, regardless of file level access settings, but the files are still subject to share permissions. The Guardian server uses file ownership information to calculate disk space usage for quotas.

No Access User/group is denied access to the file/folder.

Read User/group can only read the contents of the files or folders.

Add User/group can create files and folders but not read or modify them.

Write User/group can create files but not read them.

Add & Read User/group can create and read files and folders but not modify them.

Read & Write User/group can read and write files but not delete them.

Change User/group can create, read, modify and delete files and folders, but cannot take ownership.

Full Access Control

User/group has full access privileges.


Defining a Share and Share Access


A share is a virtual folder that maps to a directory on the server. A share is equivalent to a Microsoft networking share, a Macintosh networking shared folder, and NFS exported file systems.

The Guardian server is factory-configured with one share for the RAID 5 disk array. You can create additional shares that represent either an entire disk array or a subdirectory within the disk array.

You can also set the following access permissions to shares for users or groups: full access, read only, or access denied. These access permissions apply to all files and folders in the share.

You can assign shares to the following groups and users:

• The AllUsers group (all users for whom no other access has been specified)

• The admin group (users who have been granted administrative permission)

• The AllLocalUsers group (all users created through the Security > Groups screen)

• Local Users (created through the Security > Users screen)

• Windows domain and Active Directory users (in the Windows NT 4.0 database or in the Active Directory)

• NIS users

When you restrict access to a share, consider the following:

• If you leave a share configured with full access to AllUsers, all users can still read and write to its files and folders.

• A change to a share may not take effect until users log off and then log back on. Restart the server if you want the security changes to be effective immediately.

Creating a Snapshot ShareA Snapshot captures a static image of a volume at a specific point in time. Initially the Snapshot creates a block map of all blocks in the target volume. A Share Snapshot allows you to access a specific Snapshot, and thus previous versions of your files.

Snapshot folders have the same security as the share had at the time the Snapshot was taken (except that it is read only). As ACLs are stored in the volume, all ACLs will remain in the state when the Snapshot was taken.

A Snapshot share contains a series of folders. Each folder corresponds to a Snapshot and is named by a date and time stamp. The most recent stamp links to the most recent Snapshot. The contents of the Snapshot folders within the Snapshot share use the identical path to the Snapshot as the original share’s path to the volume. The content of each folder points to a



current Snapshot. Therefore, you can view the contents of folder 20020401.2300 with the path \public\Eng\dev\builds through its Snapshot. A user may view an individual file as it existed at a previous point in time or even roll back to a previous version of the file by creating a file copy to the current live volume.

Defining Share AccessShare access determines which users or groups can access a share and the access permissions for that user or group.

To define Share Access

1. Navigate to the Security > Share Access screen. You will see any shares that you have created, including the description, path, and share attributes for each.

2. Click a share name to view the Edit Share screen.

3. Use the Edit Share screen to edit shares for the following attributes:

• Hidden Select this option to restrict the display of the share via the Windows (SMB), Web View (HTTP/HTTPS), and AppleTalk (AFP) protocols. For example, assume SHARE1 is set as hidden. Windows users will not see the share when viewing the



server through Network Neighborhood, or when performing a net view\\servername on the Guardian.

Note: Users who have access rights to a hidden share can still access the share by entering the path to the share directly into their browser. For example, Window users would enter an address of the format \\server_name\hidden_ share_name to access a hidden share.

• Read Only allows users to open and read, but not modify or create files.

4. To add or delete users, click the Set Share Users button. The Set Share Users screen appears.

5. Find the users you want using one of these methods:

• Search: Enter a user name and click Search.

• Browse Buttons: Use the double-arrow buttons to jump to the beginning or end of the user lists. Use the single-arrow buttons to browse page-by-page. The browse buttons appear only when the number of users exceeds the display limit of the screen.

6. Select the users who need access to the share, and clear the users who do not.

7. Click OK to return to the Edit Share screen.

8. To add or delete groups, click the Set Share Groups button. Use this screen to set share access for groups.

9. Use the Search function or Browse button to find groups:

• Search: Enter a group name and click Search.

• Browse Buttons: Use the double-arrow buttons to jump to the beginning or end of the group lists. Use the single-arrow buttons to browse page by page. The browse buttons appear only when the number of groups exceeds the display limit of the screen.

10. Select the groups that need access to the share, and clear the groups that do not need share access.

11. Click OK to return to the Edit Share screen.

12. Click Save.


Physical Security

Physical Security

Place your Guardian server in a secured area with restricted access. Anyone who has access to the server could potentially reset the server or remove any hot swappable component. The security of your data is only as good as the physical security of the server.

95

Chapter 6Data Backup and Disaster Recovery

This chapter covers backup and disaster recovery procedures that can ensure your company’s data is secured and accessible at all times. The Guardian server supports a variety of native as well as third-party technologies that you can use to implement a disaster recovery strategy appropriate to your environment and current practices. The first two sections of this chapter discuss backup options and procedures you must perform before disaster strikes; the final section describes how to use these files to restore any Guardian server to its original state.

• Backing Up Data focuses on how you can use Guardian Snapshot technology in conjunction with Backup Express for Guardian to optimize and streamline your data protection procedures. Supported third-party backup solutions are outlined. (Details on installing these solutions are provided in the appendices.) An additional backup option, Server-to-Server synchronization (S2S), is also discussed.

• Backing Up Server and Volume Configurations explains how to create the files you need to recover a Guardian server’s configuration information, such as network and RAID configurations, as well as volume-specific information, such as ACLs and quota settings.

• Disaster Recovery Procedures discusses what to do if all access to the data on a Guardian server is cut off due to a hardware or software failure. Focus is placed on the procedures for: (1) reinstalling the Guardian operating system; and, (2) restoring the to its original configuration with data intact.


Backing Up Data

Backing Up Data

The larger the number of file systems that must be backed up, the more complex and time-consuming it becomes to administer the process. Quantum provides three native features—Backup Express for Guardian, Snapshots, and Server-to-Server Synchronization—you can use to enhance your backup procedures. Backup Express for Guardian provides native tape backup support, Snapshots ensure that the file system you back up is internally consistent, and S2S provides and alternative way to back up user data to disk.

Backup Express for GuardianBackup Express for Guardian is included with your server to support backup and restore operations to a local tape drive. The Backup Express for Guardian CD contains the client application as well as the documentation for using Backup Express for Guardian. The CD will not install any software on the Guardian server; your server has been preconfigured to work with the client application. For more information on using Backup Express for Guardian, refer to Appendix C, “Backup Express.”

Using Snapshots to Optimize Data Backup Snapshots can satisfy minor, short-term backup situations such as recovering a file deleted in error, without resorting to tape. Snapshots can also be used in major backup operations to ensure that all data in every operation is consistent.

Using Snapshots for temporary backup needs

In Web View, a Snapshot share (see page 70) provides users with direct access to archived version of their files. Users who wish to view or recover an earlier version of a file can retrieve it on-demand without administrator intervention.

Using Snapshots to optimize data backup

When you back up a live volume directly, there is a chance that the internal consistency of the file system may be compromised; that is, files that reference other files in the system may become out of sync. In addition, the backup software may skip some files due to file-sharing conflicts with certain applications. The more time is required for the backup operation, the more likely these events are to occur.

Snapshots provide a consistent view of the file system at a particular point in time. By backing up the Snapshot rather than the volume itself, you greatly reduce the risk of archiving inconsistent data. In addition, Snapshots capture the current ACL and quota information on the volume, useful for disaster recovery purposes.

Data Backup and Disaster Recovery • 97

Backing Up Data

Coordinating Snapshot and Backup Operations

Like backups, Snapshots can be scheduled to recur at a designated time and interval. In addition to synchronizing the backup and Snapshot schedules, you must create a share (and Snapshot share) to the volume so that the backup software can access the Snapshot. Use the following procedure for each volume you intend to back up.

1. Create a Snapshot for each volume you want to back up.In the Administration Tool, begin by clicking the Storage > Snapshots > Create Snapshot button. When defining and scheduling the Snapshot, consider the following:

• Select the Create Recovery File check box to ensure that the ACL and quota information current at the time the Snapshot is captured is appended to the Snapshot. Should a system failure ever require you to reconstruct the volume on a different machine, this information will be needed.

• Offset the Snapshot and backup schedules such that the backup does not occur until you are sure that the Snapshot has been created. (The Snapshot itself does not require much time, but creating the recovery file may take up to 30 minutes, depending on the number of files in the volume.) For example, assuming you schedule nightly backups for a heavily used volume at 3 a.m., you might schedule the Snapshot of the volume to run every day at 2:30 a.m., allowing one half hour for the Snapshot to run to completion.

2. Create a share for each volume with Snapshot Share enabled.In the Administration Tool, begin by clicking the Security > Shares > Create Share button. Select the volume and click Continue. Then, to create a share to the volume itself (on the root), simply accept the default path by clicking the Use Current Path button. Finally, be sure to select the Create Snapshot Share check box.

3. Set the backup software to archive the latest version of the Snapshot.The Guardian server makes it easy to configure your backup software to automatically archive the most recent Snapshot. Simply configure your backup software to copy the contents of the latest directory within the Snapshot share you created at the root of the volume. For example, assume the Snapshot share named SHARE1_SNAP contains the following four directories:

latest 20021225.1200 20030101.0001 20030107.0201

Each directory inside the Snapshot share represents a different Snapshot. The directory names reflect the date and time the Snapshot was created. However, the latest directory always points to the latest Snapshot (in this case, 20030107.0201, or January 7th 2003 at 2:01a.m. In this case, configuring the backup software to copy from

\SHARE1_SNAP\latest


Backing Up Data

ensures that the most recently created Snapshot is always archived.

Using Server-to-Server Synchronization to Back Up DataServer-to-Server Synchronization (S2S) is a NASXtension that copies the contents of a share from one Quantum server to another share on a different Quantum server. S2S is designed to work with Guardian servers and other Quantum Network Attached Solutions.

Any Quantum NAS server can be used as either a source or a destination for replicated content. Once you set up a synchronization task, the source server sends messages advising all destination servers to begin synchronizing data. The files on the source server are compared with the same files on the destination server. Files that have been modified are replicated to the destination server, overwriting the previous copy.

S2S can be used as an alternative or as an addition to tape backup. As long as you create a share to the root of the volume (as described in the previous section), you can copy the entire contents of a volume from one Quantum NAS server to another. Like most tape backup solutions, open files are not replicated. For this reason, we recommend that you back up Snapshots as described in the previous section.

S2S configuration screens are accessed through the NASXtensions button on the Administration Tool Home screen. Refer to the online documentation for detailed configuration procedures.

Supported Third-Party Backup PackagesThe Guardian server supports the following popular backup packages and utilities for Microsoft Windows, Linux, and UNIX.

• BrightStor ARCServe 2000 v7.0 Workgroup Edition/Advanced Edition

• VERITAS NetBackup DataCenter and BusinessServer v3.4

• VERITAS Backup Exec v8.6

• Legato NetWorker v6.1.1

• UNIX backup utilities, such as tar and cpio, that support remote volumes.

Note: On a Macintosh computer, you must mount the appropriate shares (volumes) on the desktop so that the Macintosh backup programs can operate without a remote agent.

Warning: The backup packages may or may not support the backup of extended POSIX ACLs. If the backup package you choose does not offer this functionality, Quantum strongly recommends you create a Guardian Disaster Recovery Image (GuardianDRImage file) (as described on page 100) before you perform a backup.


Backing Up Data

Configuring the Guardian server to support third-party backup solutions

To configure a Guardian server to work with one of the supported backup solutions, you must install the backup agent software on the Guardian server, and inform the Guardian server of the IP addresses of each backup master server. Instructions for installing the backup agent on a Guardian server for each of the supported packages is given in Appendix B, “Third-Party Backup Applications.” Instructions for using the Host Editor feature to specify the name-to-IP-address mapping of the backup server are given below:

To Specify the IP Address of a Backup Server

Most backup agents need to know the IP address of the backup server system. Use this screen to supply a host name or IP address mapping that will be persistent across system reboots.

1. Navigate to the Maintenance > Host Editor screen.

2. Click Add.

3. Enter one or both of the following forms as specified by your backup software:

• Long Form: Enter the fully qualified address for the backup server using the myserver.mydomain.com format.

• Short form: Enter an abbreviated address for the backup server using the myserver format.

4. Click Save.


Backing Up Server and Volume Settings

Backing Up Server and Volume Settings

In addition to backing up the data on the Guardian server, you must also back up its system and volume settings. The Disaster Recovery screen allows you to create the files you need to recover the Guardian server’s configuration settings, and then later, to apply the files in the course of a recovery operation to restore system-wide configuration information, such as network and RAID configurations, as well as volume extended attributes, such as ACLs and quota information.

The Disaster Recovery FilesDetails on the Guardian Disaster recovery files and the information they contain are as follows:

• GuardianDRImage This file saves server-specific settings such as server name, network, RAID, volume and share configuration, local user and group lists, and Snapshot schedules. There is one GuardianDRImage file per server, residing on the root directory of the first volume.

The GuardianDRImage is in binary form and can be safely used only with the Guardian Disaster Recovery tool. Other tools will not work and may compromise the integrity of the file.

• Volume-specific files: backup.acl, backup.qta.groups, and backup.qta.users These files preserve volume-specific settings such as extended ACLs and quota settings. There is one set of these files per volume, residing in the hidden .os_Private directory of the EVERY public file system within each volume.


Disaster Recovery Procedures

The Create Recovery Files check box in the Snapshot feature automatically updates the volume-specific files at the time the Snapshot is taken. If you do not use Snapshots to back up a volume to tape as described in the previous section, you must manually regenerate these files whenever you change ACL or quota information to ensure that you are backing up the most current volume settings.

Creating the GuardianDRImage and Volume FilesBefore you create the disaster recovery files, make sure you have completed the following activities:

• You have completely configured the Guardian server. If you subsequently make any major changes to the configuration, the procedures described in this section will have to be repeated.

• You have recorded, in an off-server location, the following information about the configuration: (1) the server name; (2) the number of RAID Sets; (3) the number of volumes; and, (4) the size of each volume. You may need to enter this information later as part of a disaster recovery operation.

• You have devised and implemented a data backup strategy as described in the previous section.

Steps in creating and managing the Disaster Recovery Image and Files

1. Create the Disaster Recovery files.Using the Maintenance > Disaster Recovery > Create Recovery Image command, create the GuardianDRImage file and the volume files in a single operation.

2. Copy the GuardianDRImage to a safe place off the server.Copy the file to a safe location on another server or backup medium. This strategy ensures that if the file system on the Guardian server is corrupted, the image file will be available to restore server settings.

3. Take no action regarding the volume-specific files.These files will be copied to tape as part of your regular volume backup procedures.


This section describes a worst-case scenario: (1) the operating system has failed, perhaps due to a malicious attack to the root file system, and you cannot access the server; and, (2) the data has been corrupted, and must be restored from tape. When you attempt to connect to the server, the Administration Tool does not appear; instead, the maintenance mode page appears.



Note: Recovery from hardware failures is discussed on page 104.

About Maintenance Mode

You will encounter the Guardian maintenance mode only when the Guardian OS has been compromised and is in need of repair or reinstallation. Maintenance mode consists of a series of HTML screens that allow you to perform the following functions:

• Repair— Applies the GuardianOSImage but preserves system settings

• Upgrade—Upgrades the OS from one version to another

• Reinstall—Reinstalls the OS, overwriting any previous configurations, and prompts for GuardianDRImage

• Fresh Install—Reinstalls the OS, overwriting any previous configurations

Before You Begin

To install the Guardian OS, you must obtain the appropriate GuardianOSImage file. This file should be available from the Quantum Web site or from the Guardian User CD.

The procedures described in this section for responding to a catastrophic event are general in nature. Should such an event actually occur, the exact procedure to follow will vary according to environmental conditions. Quantum strongly recommends you contact a technical service representative before proceeding.

Performing a Fresh Install from Maintenance ModeIf the Guardian OS has been compromised, the initial maintenance mode screen will appear when you attempt to connect to the server. Use the following procedure to perform reinstall the operating system.

1. Download the GuardianOSImage using one of the following methods:

• Click Browse to locate and select the file locally.

• Enter a remote path (FTP, HTTP, etc) to the file.

2. Select the Fresh Install option, and click OK.This operation may take a few minutes. As the operation progresses, the screen reports the progress of the operation. When the operation is finished, scroll to the bottom of the screen, and click Continue. The “Continuing Fresh Install” operation screen appears.

3. When the Fresh Install operation is finished, click Reboot.Rebooting takes about three minutes, after which you can refresh the screen by clicking the Home button in the upper right corner of the screen. The login dialog box appears.



4. Log in to the Guardian server as usual.The Setup Wizard appears.

5. Complete the Setup Wizard as usual.Complete the Setup Wizard, making sure to enter the original server name, then reboot the server.

Manually Creating the Original RAID Sets and VolumesBefore you can restore data from tape, you must manually create the same number of volumes as in the original configuration, and each volume must have the same or more space as the originals.

1. Recreate the original RAID Sets by using the Storage > RAID Sets > Create RAID Set command in the Administration Tool.

2. Recreate the original Volumes by using the Storage > Volumes > Create Volume command in the Administration Tool.

3. Create a share to each volume by using the Storage > Shares > Create Share command in the Administration Tool.

Restoring the Data from TapeIf you are using Backup Express for Guardian, you must restore the Catalog to the first volume before proceeding restoring data from tape. Users of other backup software packages may require variations in this procedure.

1. Determine the restoration procedure for your backup software.Refer to your backup software’s documentation for details on the appropriate restoration procedure.

2. Restore only to individual shares within the /shares directory.If you restore to the /shares directory itself (or to any other place on the root file system), you will compromise the Guardian OS, and you will have to reinstall the OS again.

3. Restart the server.

Recovering the Original Server and Volume ConfigurationsUse the Maintenance > Disaster Recovery screen in the Administration Tool to restore the original configurations to the server. Two separate operations are required. They must be run sequentially.



To restore server configuration

Restore server settings first.

1. Click Recover Server. The Server Recovery screen opens.

2. Click Browse to locate the GuardianDRImage file.

3. Click Recover and Reboot to start the operation.

Note: After you start any of the recovery processes, you will see the Disaster Recovery Status screen. Do not try to navigate back from this screen during the recovery process. You are restricted to this screen so that you will not interrupt the recovery.

To restore volume ACL and quota configurations

Once the server configuration recovery operation is complete, you can start the volume configuration recovery operation.

1. Click Recover Volume.The Server Recovery screen opens.

2. Select all volumes.Volumes that do not have a recovery file attached will appear as unavailable and the corresponding check box is removed. The creation date of the recovery file on a volume indicates when the recovery image was generated.

3. Click Recover.

Recovering from Hardware FailuresTwo of the most common hardware failures and their resolution are described below.

Component Failure

Occasionally, a hard drive, power supply or fan unit may fail. To recover from this type of failure, hot swap the failed device within the unit. For more information, see “Hot Swapping Components” on page 112.

Chassis failure (Guardian 14000 only)

The chassis includes the motherboard and backplane. In the unlikely event the chassis of your Guardian 14000 fails, you can transfer its drives to another Guardian server. Only a qualified Quantum service technician can replace a failed chassis.

105

Chapter 7Monitoring and Maintaining the Server

This chapter covers how to use the Monitoring and Maintenance screens. It includes information on the following tasks:

• Configuring E-mail Notification

• Using the Guardian 14000 LCD

• Viewing System Status Information

• Viewing SCSI Status Information

• Reviewing Volume Usage

• Simple Network Management Protocol (SNMP)

• Viewing the Event Log

• Resetting the Guardian Server to Factory Defaults

• Hot Swapping Components


Configuring E-mail Notification

Configuring E-mail Notification

Access the E-mail Notification screen from the System menu. This screen sets up the system to e-mail you in response to the following types of events:

• When the server reboots due to an automatic or manual process

• When RAID 1 or 5 experiences a disk drive failure or a disk drive is removed

• When a RAID 1 or 5 configures a spare or a new disk drive as a member

• When storage space on a volume reaches 95% utilization

• When the internal temperature for the server exceeds its maximum operating temperature

To Configure E-mail Notification

1. Navigate to the System > E-mail screen.

2. E-mail Notification: Select Yes to enable, No to disable e-mail alerts.

3. Specify the SMTP server’s IP address.

4. Recipient(s): Enter the e-mail address of each recipient. Use a semicolon to separate multiple addresses.

Monitoring and Maintaining the Server • 107

Using the Guardian 14000 LCD

5. Select Yes to enable, No to disable the following notifying events.

• Server Reboots: The server reboots due to an automatic or manual process.

• RAID Set Degraded: RAID 1 or 5 Set experiences a disk drive failure or has a disk drive removed.

• RAID Set Rebuilds: RAID 1 or 5 Set configures a spare or a new disk drive as a member of the set.

• Volume is Full: Storage space on a volume reaches 95% utilization.

• Server Overheats: The server's internal temperature rises above its maximum operating temperature.

6. Click Save.

7. Click Send a Test Alert to verify your settings.

Using the Guardian 14000 LCD

The LCD provides status information and event logs. When the Guardian 14000 is powered up, the LCD displays the server name, IP address, and the workgroup or domain.

Observe the three buttons below the LCD. To view details on any event, press the center button. Use the right button to scroll down the events. Press the left button to return to the status information.

Note: The Guardian 4400 does not have an LCD.

Viewing System Status Information

Status information provides data on the Guardian server. This is a read-only screen.

To view system status information, navigate to the System > Status screen.

Viewing SCSI Status Information

The SCSI Monitoring page displays a list of all SCSI devices found attached to the Guardian server. This is an information-only page. To add or remove SCSI devices for use as a local backup device, use the included Backup Express for Guardian application.

To view SCSI information, navigate to the System > SCSI screen.


Reviewing Volume Usage

Reviewing Volume Usage

Use the Volume Usage screen to view summary information about each volume, including name, RAID level, capacity, free space, utilization, and status, where:

• Capacity indicates the total storage capability of the volume

• Free Space indicates a percentage of unused space remaining on the volume

• Utilization indicates free space divided by capacity

• Status indicates whether the volume is active or off-line

The Volume Usage screen is read-only. To see this screen, navigate to the Monitoring > Volume screen.

Simple Network Management Protocol (SNMP)

SNMP views a network as a collection of cooperating, communicating devices that consists of managers and agents. The Simple Network Management Protocol monitors and manages network devices, such as computers, routers, bridges, and hubs.

The Guardian server can act as an SNMP agent. SNMP managers collect data from agents and configure the data. Agents respond to managers and may also send traps, which are alerts that indicate error conditions. The server communicates with SNMP managers in the same community.

A community name is a password that authorizes managers and agents to interact. The server only responds to managers that belong to the same public or private community.

You can configure E-mail Notification to notify you when the syslog daemon reaches a specified error level.

TrapsThe Guardian server supports the following traps:

• coldStart — An SNMP agent has restarted

• linkDown — An Ethernet interface has gone off-line

• linkUp — An Ethernet interface has come online

• authenticationFailure — An attempt to query the SNMP agent using an incorrect public or private community string was made, and resulted in a failure

• enterpriseSpecific — Guardian-generated traps that correspond to the error-level, warning-level, and fatal-error-level traps of the Guardian OS. These traps contain a descriptive message that helps to diagnose a problem.


Simple Network Management Protocol (SNMP)

Supported Network Manager ApplicationsYou can use any network manager application that adheres to the SNMP V2 protocol with the Guardian server. The following products have been successfully tested with the server: CA Unicenter TNg, HP Open View, and Tivoli NetView.

Configuring SNMP Alerts Use this screen to configure the Guardian server as an SNMP agent. Once enabled, SNMP managers can access MIB-II and Host Resources MIBs management data on the server.

1. Navigate to the System > SNMP screen.

2. To configure this server as an SNMP agent, complete the screen parameters as follows:

• Enable SNMP: Select Yes to enable the SNMP agent. Select No to disable this server an SNMP agent.

• Allow Read/Write Access: Select No to allow SNMP managers to collect data from the server. Select Yes to allow SNMP managers to collect data and to configure MIB variables on the server.


Viewing the Event Log

• Public Community: To enable SNMP managers to read data from this server, enter the name of one or more public communities, or accept the default “public.”

• Private Community: To enable SNMP managers to remotely configure this server, enter the name of one or more private communities, or accept the default “private.” Create unique public and private names. As a precaution against unauthorized access, Quantum recommends that you create your own public and private community names.

• Server Location: Enter information that helps a user identify the physical location of the server. For example, you might include a street address for a small business, a room location such as Floor 37, Room 308, or a position in a rack, such as rack slot 12.

• Contact Person: Enter information that helps a user report problems with the server. For example, you might include the name and title of the system administrator, a telephone number, pager number, or e-mail address.

3. To configure the traps, complete the screen parameters as follows:

• Select Yes to enable traps. Select No to disable traps.

• Enter the IP address of at least one SNMP manager in the first field as a trap destination. You can enter up to three additional IP addresses.

• To verify your settings, select Yes in the Send a Test Trap pull-down menu.

• Click Save.

Viewing the Event Log

Use this screen to view a summary of all operations performed on the server. A yellow icon indicates cautionary information and a red icon indicates an error.

1. Navigate to the Monitoring > Event Log screen.

2. Enter the following information to define how you want to filter the data in the log:

• Select the Severity level for the events you want to monitor.

• Enter how many days prior to today that you want to view. For example, if you wanted to view the events for yesterday and today, you would enter a 2 in this box.

• Check this box if you want to view the most recent events first. If you check the box, you will see today’s events first followed by yesterday’s events. Clear the box to reverse the events order.

3. Click Refresh to update the Event Log.


Resetting the Guardian Server to Factory Defaults

4. Click Clear the Event Log to erase all log entries.

Resetting the Guardian Server to Factory Defaults

Use the Defaults screen on the Maintenance menu to reset system components to the factory default settings. You can find a complete list of default settings in the online help.

1. Navigate to the Monitoring > Event Log screen.

2. Select one of the following options.

• The Reset Network Configuration to Factory Defaults option returns TCP/IP and other protocol settings set in the Network tab to factory defaults. It does not affect your RAID configuration.

• The Reset System Settings, Network and Admin Passwords to Factory Defaults option returns the admin and root passwords to the default value, returns TCP/IP and other protocol settings set in the Network tab to factory defaults, and returns settings for server name, date and time, users, and groups to factory default values.

3. Click Save.When the server reboots, the Initial Setup screen appears, and allows you to reset these options.


Hot Swapping Components


The term hot swap refers to the ability to remove and add components to a system without the need to power down the server or interrupt client access to file systems. The Guardian 14000 permits hot swapping for drives, fans, and power supplies. The Guardian 4400 permits hot swapping only for disk drives.

When to Hot Swap Disk DrivesMost administrators prefer to configure a RAID Set with a hot spare that automatically takes the place of a failed drive. This solution assures that client access to file systems is not interrupted. In environments where configuring a hot spare is not possible, or in the unlikely event that more than one drive fails, you may need to hot swap a drive.

Hot Swapping Disk DrivesYou can hot swap disk drives on Guardian RAIDs 1 or 5 by following the three basic steps outlined below.

1. Using the Administration Tool, remove the failed drive from the RAID Set.Navigate to the Storage > RAID Sets screen, and click the name of the RAID Set that contains the failed drive. In the Actions column, click the failed drive’s Remove link, then follow the onscreen instructions. This procedure is discussed in detail on page 64.

2. Physically remove the failed drive from its bed, and insert the new drive.The procedures for the physical removal and replacement of a disk drive for the Guardian 14000 and 4400 are explained below.

3. Configure the new drive as part of the RAID Set.When you remove a drive from a Guardian server, the affected RAID Set will transition to degraded mode. It will remain in degraded mode until the newly inserted drive is configured as a member of the RAID Set via the Administration Tool. This procedure is discussed in detail on page 64.

Physically Replacing a Disk Drive on the Guardian 4400

When the power LED is amber and the activity LED is off, the disk drive is installed, but not working correctly.

To Replace a Failed Drive

1. Remove the front bezel. With a hand on each latch, slide both latches on the front bezel toward the center. While holding the latch in the release position, pull the bezel away from the chassis.



2. On the closed handle of the failed disk drive, press the latch to the right.

3. To remove the failed disk drive, pull its handle.

4. Release the latch on the new disk drive and open its handle. If the handle is closed, you cannot insert the disk drive completely into the bay.

5. Insert the new disk drive. Make sure that you push it forward completely before you press the handle into place.

6. Replace the front bezel.

Physically Replacing a Disk Drive on the Guardian 14000

If a drive fails, a drive light on the front of the server flashes amber and indicates which drive has failed. The front LCD status display also indicates which drive has failed.

To replace a failed drive:

1. Open the front panel door.

2. To pull out the failed drive, unlatch the handle and pull gently.

3. To insert the new drive, push the drive all the way forward and then push the handle until the drive is seated.

4. Close the front panel door.



Hot Swapping FansYou can hot swap a fan on the Guardian 14000. If a fan fails, the fan indicator light will turn amber and indicate which fan has failed. The front LCD status display also indicates that a fan has failed.

To replace a failed fan

1. Unscrew the thumbscrews on the fan.

2. To remove the failed fan, use the small tab handle to pull the fan out.

3. Insert the new fan and tighten the thumbscrews.

Hot Swapping Power Supplies (Guardian 14000 only)You can hot swap a power supply on the Guardian 14000. If a power supply fails, an indicator light will turn amber to identify which power supply has failed. The front LCD status display also indicates that a power supply has failed.

Note: The Guardian 144000 power supplies are fully redundant. Powering down a single supply will not interrupt system availability.

Warning: Never remove a power supply while it is still running. Removing the power supply while it is still running may crash your system. Always turn the power supply off before swapping it.

To Replace a Failed Power Supply

1. Turn the on/off switch to the Off position.

2. Unscrew the thumbscrews on each side of the power supply.

3. Pull on the handle to remove the failed power supply.

4. Turn the on/off switch to the Off position on the replacement power supply.



5. Insert the new power supply and fasten the thumbscrews.

6. Turn the on/off switch to the On position on the replacement power supply. The indicator light should be green.

A second set of power supply indicator lights is located below the two power supplies: a green light and an amber light. The green light is continuously lit when the power supplies are active and working properly. When this green light blinks, it indicates that one of the power supplies is not active. When the power supplies experience problems, such as failing, the amber light will come on to indicate a problem.

Note: You can configure the server to send an e-mail or an SNMP failure notification if one of the drives, fans, or power supplies fails. See “Configuring E-mail Notification” on page 106.

117

Chapter 8Troubleshooting

This chapter describes common troubleshooting issues. The chapter is divided into the following sections:

• “Installation Issues”

• “Networking Issues”

• “Security Issues”

• “Disaster Recovery and Maintenance Issues”

Installation Issues

Problem: I installed NASManager on a Windows 2000 client and it hangs at 99 percent.

Solution: Be patient. Wait two or three minutes, and the installation program should finish.

Networking Issues

Problem: I cannot access the server’s network IP address.

Solution: Verify that there is a link light on the primary Ethernet port. If there isn’t a link light, verify that the port settings on the hub or switch match the settings on the primary port. In addition, make sure you have the correct the IP address of the server.

Problem: I do not see a link light for the Ethernet port. What can I do?

Answer: Normally, the failure of the link light to light up is caused by a mismatch between the switch hub and the Ethernet port. To resolve the problem, verify that both settings on the switch hub match the setting on the Guardian server. The default setting for the Ethernet ports is Autonegotiate. Make sure the switch hub is set to the Autonegotiate setting when you try to initially connect the Guardian server.

Problem: We are installing a new network system. I only need to change the network settings on the server.


Security Issues

Solution: Use the Administration Tool to set change the network settings.

Problem: My network switch runs Gigabit-full. Can the Guardian server also run Gigabit?

Answer: Yes. For Gigabit Ethernet to operate properly, please verify that the switch is set to Auto-Negotiate. Any other setting may result in a failure to get the proper link and consequently will not work.

Problem: I cannot obtain an IP address from my DHCP server.

Answer: Verify that the Guardian server has a link. See the previous problem and answer set to resolve this problem.

Problem: I don’t have a DHCP server and I can’t connect to my Guardian server.

Answer: Install NASManager from the Guardian User CD onto a workstation. You can then use the use the utility to assign a static IP address to your Guardian server.

Security Issues

Problem: One of the Guardian server clients downloaded a file that had a virus. I thought the server was protected from viruses.

Solution: The Guardian server cannot execute a virus, but it can store a virus-infected file. The virus becomes active when a user opens or downloads the file. One way to protect the server from a possible virus attack is to remove the default guest account, since it is a common entry for viruses that attack open shares. To remove an existing virus, make the server a share on a client. Then, scan the server using the same virus protection software you use on the client.

Problem: My Apple users cannot log on to the Guardian server as Windows users.

Solution: Create equivalent, local-user profiles on the server for your Apple users.

Troubleshooting • 119

Disaster Recovery and Maintenance Issues


Common Guardian Maintenance IssuesThis section provides common Guardian 4400 and Guardian 14000 maintenance issues.

Problem: I backed up my Snapshot share and I am now attempting to restore it, but I cannot.

Solution: A Snapshot share is read only. You can restore the data to a read/write accessible share.

Problem: We had a spontaneous power outage. What should I do?

Solution: First, Quantum recommends that you use an Uninterruptible Power Supply (UPS) with the Guardian server. A UPS is the best way to protect your data from unforeseen power outages. Guardian servers are compatible with network-based, APC®-brand uninterruptible power supplies that allow you to take advantage of the automatic shutdown capability. If you do not have a UPS attached at the time of the power outage, turn off both power supplies until the power situation stabilizes. Once the power is restored and stabilized, turn the power supplies back on and reboot the Guardian server. Once the Guardian server boots, it resynchronizes the RAID. You can use the server during the resynchronization, although it will be a little slower than normal. Once the RAID resynchronization is complete, the system’s performance will return to its state before the power outage.

Warning: Do not remove drives while the server is resynchronizing the RAID.

Problem: The server is not responding, and I have tried everything!

Solution: Call your Quantum technical support representative.

Guardian 14000 Maintenance IssuesThis section provides solutions to Guardian 14000 maintenance issues.

To run the Guardian server in Maintenance mode:

1. Shut down the server.

2. Hold down the middle button (under the LCD panel) and restart the server.



3. The LCD should display Maintenance Mode 1. Use the buttons to scroll to the desired Maintenance Mode.

Problem: My system administrator went on vacation and neglected to leave his admin password.

Solution: Use Maintenance Mode 2 to clear the administrative password, then use the Administration Tool to set a new password.

Problem: I am located in corporate headquarters where I used the server for several months. Recently, I sent the server to a satellite office. I forgot to clear the system settings.

Solution: You can resolve this problem in several ways:

• Install NASManager and the Administration Tool in the new location. Change the IP address and set a new administration password. You can then use the Administration Tool to set up new preferences.

• Use Maintenance Mode 4 to clear all the system settings. Run the Administration Tool to set up new preferences.

Problem: The Guardian 14000 LCD is flashing rapidly.

Solution: A rapidly flashing LCD indicates a server panic. In some cases, rebooting the server may solve the problem. However, if this condition occurs more than once, call your Quantum technical support representative.

121

Appendix AGuardian Specifications

This Appendix contains specifications for the Guardian 4400 and the Guardian 14000.

Guardian Operating System Specifications

Specifications subject to change without notice. Always check the Web site at www.quantum.com for the latest information.

Network Transport ProtocolsTCP/IP

AppleTalk

Network File ProtocolsMicrosoft (CIFS/SMB)

UNIX (NFS)

Apple (AFP)

Internet (HTTP 1.1)

File Transport Protocol (FTP)

Network Client TypesMicrosoft Windows 95/98/NT 4.0/2000/Me/XP

Macintosh Systems OS 8.x, 9.x, X v10.x

Sun Solaris 7, 8, 9

HP-UX 11

AIX 4.3.3

UnixWare 7.1.1

Red Hat Linux 6.2, 7.2

http://www.quantum.com



Server EmulationWindows 2000

Windows NT 4.0

AppleShare 6.0

NFS 2.0/3.0

DHCP

Network SecurityMicrosoft Active Directory Service (ADS)

Microsoft Dynamic DNS

Microsoft Dynamic DNS

Microsoft Lightweight Directory Access Protocol (LDAP v3) Client

Windows Domain Controller

UNIX Network Information Service (NIS)

File and Folder Access Control List (ACL) Security for Users and Groups

Secure Sockets Layer (SSL v3) 128-bit Encryption

Secure Shell (SSH)

System ManagementBrowser-based user interface for remote system administration

NASManager utility (platform independent)

SNMP (MIB II and Host Resource MIB)

User disk space quotas for Windows, UNIX/Linux and Macintosh

Group disk quotas for Unix/Linux

Environmental monitoring

E-mail Alerts

Automatic IP Address AssignmentSupports DHCP for automatic assignment of IP address

Appendix A• 123


Multiple File System OptionsGuardian servers can be configured for enhanced performance or maximum file protection. Options include:

• RAID 5 (striping with parity): For each array, the capacity of one disk is reserved for parity checking (default configuration)

• RAID 1 (mirroring): One or more drives duplicate the first drive for maximum data protection

• RAID 0 (striping): Large, virtual drive with data striped across all drives of the array; no loss in usable capacity

Java Application EnvironmentEnables the development of applications based on embedded Java technology

Data ProtectionSnapshots: Snapshot technology enables immediate or scheduled point-in-time imaging of a file system.

Network Backup: Compatible with VERITAS NetBackup/Backup Exec, CA BrightStor ARCserve, Legato NetWorker, Microsoft backup software for Windows, and Dantz Retrospect for Macintosh.

Backup Agents: Support for VERITAS NetBackup/BackupExec, Legato NetWorker and CA BrightStor ARCserve

Local Backup: Guardian Backup Express Management Utility. Ultra160 SCSI 68-pin LVD (Optional on 480GB)

Client Backup: PowerQuest DataKeeper Software (unlimited user license) included for Client Backup of Windows Files

Replication: Server-to-Server (S2S) Synchronization software copies the contents of one or more source Guardian servers to one or more destination Guardian servers for near-line backup or content distribution.

UPS Support: APC PowerChute for graceful system shutdown.

Agency CertificationsUL, cUL, CE, CB, FCC Class A, C-Tick, Nemko, TuV, BSMI

North American WarrantyThree-year Rapid Exchange


Guardian 4400 Specifications


Network ConnectionAuto-sensing 10/100/1000Base-T, dual RJ-45 network connectors, with support for load-balancing and failover.

Physical SpecificationsDimensions

Width .....................16.7 in (42.5 cm)

Depth .....................18.4 in (46.8 cm)

Height ....................1.65 in (4.2 cm), 1U

Weight ...................20.5 lbs (9.3 kg)

PowerPower Rating: 100-240 VAC, 50-60Hz, auto-sensing

Input Current: 3.0A (RMS) for 115VAC, 1.5A (RMS) for 230VAC

Power Consumption: 90W (steady state), 162W (maximum)

Heat Dissipation: 307 BTUs/hr

Operating Environment50° F to 95° F (10° C to 35° C)

15% to 90% humidity (non-condensing)

Vibration: .25G at 5-500Hz for 120 minutes

Shock: 6 pulses of 33G for up to 2ms

Altitude: 0 ft to 8,000 ft (0m to 2,438m)

Non-operating Environment14° F to 140° F (-10° C to 60° C)


Vibration: 2G at 5-500Hz for 90 minutes


Appendix A• 125



Network ConnectionAuto-sensing 10/100/1000Base-T, dual RJ-45 network connectors, with support for load-balancing and failover.

Physical SpecificationsDimensions

Width.....................17.0 in (43.2 cm)

Depth.....................23.0 in (58.4 cm)

Height....................5.0 in (12.7 cm), 3U

Weight....................75.0 lbs (34.1 kg)

PowerPower Rating: 100-240 VAC, 50-60Hz, auto-sensing

Input Current: 5.0A (RMS) for 115VAC, 2.5A (RMS) for 230VAC

Power Consumption: 210W (steady state), 300W (maximum)

IT Power Systems

The Guardian server is also designed for IT power systems with phase-to-phase voltage 230 V.

Operating Environment50° F to 95° F (10° C to 35° C)


Vibration: .5G at 5-500Hz for 120 minutes

Shock: 6 pulses of 33G for up to 2ms


Non-operating Environment14° F to 140° F (-10° C to 60° C)


Vibration: 2G at 5-500Hz for 90 minutes

• Altitude: 0 ft to 35,000 ft (0m to 10,668m)

127

Appendix BThird-Party Backup Applications

This appendix covers how to install the following popular back up agents and clients on the Guardian server from a Linux or a Windows backup host system:

• CABrightStor ARCServe 2000 v7.0 Workgroup Edition/Advanced Edition

• VERITAS NetBackup DataCenter and BusinesServer v3.4

• VERITAS Backup Exec v8.6

• Legato NetWorker v6.1.1

Using a Secure Shell Client to Install Backup Agents

To remotely install any agent on the Guardian server, you must use a secure shell client. You must have administrative and super user privileges to use an SSH client to install backup agents.

Backup servers often request the path for backup and restore on the Guardian server. Use the following path: /hd/vol_mntX/shares/ where X can be any number. To obtain the correct volume mount number, look at the Storage page and note the Path for the share where you copied the agent. Then look at the Volumes status page and note the Mount Point for the Path. The mount point uses the format: /hd/vol_mntX. Use this in the path directory as follows: cd /hd/vol_mnt0/shares/agent.

Note: When you configure a backup server to see the agent or client running on the Guardian server, assume that the server is a UNIX or Linux client.

1. Use the Administration Tool to add a host file. Go to Maintenance > Host Editor. Click Add, and add each backup server and/or media server that you need to perform backup and restore jobs.

2. Create a directory, such as “agent,” on the root of a share on the Guardian server.

3. Copy the agent/client file(s) to this created directory on the Guardian server.

4. Enable SSH and connect to the Guardian server with SSH client software. For example, Putty is a popular Windows SSH client program. Log on to the SSH client as admin.


5. Use the SSH client to switch the user to root. Enter “su” and press ENTER. The program prompts you to enter the admin password. Type the admin password and press ENTER again.

Use the following instructions to install the agent/client for each backup application.

Installing a BrightStor ARCserve AgentThis section explains how to install the BrightStorARCserve UNIX/Linux agent.

1. Connect to the Guardian server over SSH, then use the cd command to change to the directory in the share:cd /hd/vol_mntX/shares/agent

where X can be any number. To obtain the correct volume mount number, look at the Storage page and note the Path for the share where you copied the agent. Then look at the Volumes status page and note the Mount Point for the Path. The mount point uses the format: /hd/vol_mnt. Use this in the path directory as follows: cd /hd/vol_mntX/shares/agent.

Note: When you unpack the agent files, errors regarding the bin group and bin user will appear. These errors will not affect installation or use of the agent.

2. Unpack the agent files. At the prompt, enter the following commands and press ENTER after each one. rpm -ivh --nodeps uagent.rpmPress Enter.

rpm -ivh --nodeps asagent.rpmPress Enter.

rpm -ivh --nodeps calicens.rpmPress Enter

3. To change to the agent directory, enter the following and press ENTER:cd /opt/uagent

4. To start the agent, enter the following command and press ENTER../uagentsetup

5. Close the SSH client. After reboot, the agent should starts.

The agent is now installed and running on the Guardian server.

Appendix B • 129

Installing a VERITAS Backup Exec AgentThis section describes how to install the VERITAS Backup Exec UNIX/Linux agent.

1. Once you are connected to the Guardian server over SSH, use the cd command to change to the directory in the share, for example:cd /hd/vol_mntX/share/agent

where X can be any number. To obtain the correct volume mount number, look at the Storage page and note the Path for the share where you copied the agent. Then look at the Volumes status page and note the Mount Point for the Path. The mount point uses the format: /hd/vol_mnt. Use this in the path directory as follows: cd /hd/vol_mntX/shares/agent.

2. Unpackage the agent files and type the following.

tar -v -xf be_agnt.tar

Press ENTER to list the files and directories that you are installing.

3. To run the Backup Exec agent installation type the following:

./INSTALL

Press ENTER. Follow the prompts, using the default install locations and default options. If the script requests the path for backup and restore on the Guardian server, use the following path:

/hd/vol_mntX/shares/.

4. To start the agent, type the following command and press ENTER./etc/rc.d/init.d/agent.init start

5. Close the SSH client. It will should start after a reboot.

The VERITAS Backup Exec Agent is now installed.

Installing a VERITAS NetBackup ClientThis section describes how to install the UNIX/Linux agent from VERITAS NetBackup. When you install the VERITAS NetBackup files, copy the NetBackup NBClients directory and the Linux directory from the root of the NetBackup CD to the directory on the Guardian server.


1. Once you are connected to the Guardian server over SSH, use the cd command to change to the directory in the share, for example:cd /hd/vol_mnt/shares/client

2. To run the client installation type the following:./NBClients/catalog/anb/client.inst

Press ENTER and follow the prompts on the screen. Choose Linux 2.4 for the operating system. If the script requests the path for backup and restore on the Guardian server, use the following path:

/hd/vol_mntX/shares/.

where X can be any number. To obtain the correct volume mount number, look at the Storage page and note the Path for the share where you copied the agent. Then look at the Volumes status page and note the Mount Point for the Path. The mount point uses the format: /hd/vol_mntX. Use this in the path directory as follows: cd /hd/vol_mnt/shares/agent.

Note: At the end of the installation process, an error will display that the installer cannot find the CD-ROM. This is caused by the installer attempting to unpackage the Java files. The required Java files are already on the Guardian server and are not a required component of the installation.

3. Close the SSH client.

4. Delete the “NBClients” and “Linux” directories from the Guardian server that were copied from the CD, as they are no longer needed.

5. Return to NASManager or the Administration Tool and reboot the Guardian server. This step starts the NetBackup Client services. In the future, the NetBackup Client will start each time you reboot the Guardian server.

The VERITAS NetBackup Client is now installed. After reboot, the client always starts.

Installing a Legato NetWorker ClientThis section describes how to install the Legato NetWorker UNIX/Linux client.

1. Once you are connected to the Guardian server over SSH, use the cd command to change to the directory in the share, for example:

cd /hd/vol_mnt0/shares/agent

Appendix B • 131

2. To unpackage the client files, enter the following command:tar xvfz nw_linux86.tar.gzcd LGTOclnt

rpm -ivh --nodeps lgtoclnt-x.x-x.i386.rpm

where x.x-x is the version number.

3. to start the Legato NetWorker daemon, enter the following command at the console:/etc/rc.d/init.d/networker start

4. Close the SSH client. The client should start upon reboot.

Recovering Backed Up Data with a Legato NetWorker ClientLegato NetWorker does not support data recovery from remote client. To recover data, you must execute commands with the command line in the SSH client.

1. Use the NetWorker Administrator application to add Guardian root user as one of the administrators: add root@Guardianname to the Administrator field in Set Up Server, where Guardianname is the name of the server.

2. Follow the SSH login instructions for all products at the beginning of this Appendix.

3. Enter the following command at the SSH console:recover -f -i R -d /hd/vol-mnt0/shares -s networkerservername -c Guardianname -R Guardianname

4. At recovery prompt, enter:

add (to add all entries)

recover (to start data recovery)

133

Appendix CBackup Express for Guardian

Overview

Backup Express for Guardian is a comprehensive backup solution from Syncsort Inc. The server component of the Backup Express software is preinstalled on the Guardian server. This appendix discusses the functionality that the backup software provides, describes the difference between the bundled and the full version of the product, summarizes the steps you need to take to get started, and outlines the upgrade procedure.

Feature HighlightsThe Backup Express for Guardian solution can be integrated across an entire enterprise (UNIX, Windows, Netware), is compliant with all major database APIs, and offers full SAN support. Backup Express for Guardian includes the following features:

• Backup of Extended POSIX ACLs—Complete backup and restore of all extended attributes of the Guardian server is supported.

• Tape Management—The single central database tracks all files and the tapes on which they reside.

• Jukebox Support—Robotic tape library support enables unattended, lights-out backup operations (upgrade required).

• Disaster Recovery—Duplicate tapes can be made and tracked for off-site storage for disaster recovery

Tape Drive SupportBackup Express for Guardian is compatible with all tape formats including DLT, LTO, and AIT. You can attach multiple standalone tape drives to a Guardian server, but to enable jukebox (robotic tape library) support, the purchase of an upgrade package is required. See “Upgrading Backup Express for Jukebox Support” on page 136 for more information.


Overview

Configuration OptionsBackup Express for Guardian supports the same tape libraries as the full Backup Express product; the only limitation is the jukebox support, which can be upgraded directly from Quantum. Some possible configurations are summarized below:

• Local Backup—Data is streamed from the Guardian server directly to a locally attached tape device.

• Three-Way Backup—In multi-server installations, data from a source Guardian server can be streamed over the IP network to a tape device connected to a destination Guardian server.

• Server to Guardian—Data from UNIX, Linux and/or Windows NT/2000/XP servers can be sent over the IP network to a Guardian server. In this case, all tape drives can be dedicated to the Guardian server, yet data can still be backed up over the IP network through the Guardian server. This configuration is very useful for environments with limited tape resources.

• Multi-Hosting of Tape Libraries—In multi-server configurations with a single, multi-drive tape library, Backup Express for Guardian supports multi-hosting of the tape library; that is, multiple Guardian servers can be directly connected to the individual drives in the tape library. Attaching each Guardian server directly to at least one drive in the tape library maximizes performance and reduces network traffic.

The Backup Express CDThe Guardian server ships with the Backup Express for Guardian CD. The CD contains a client application and will not install any software on your Guardian server. Use the installation CD for two purposes: (1) to install the Backup Express GUI software on a supported Windows or UNIX workstation; and, (2) to access the complete documentation set.

Note: On a Guardian 4400, the following conditions must be met for the Backup Express for Guardian CD to function properly: (1) a SCSI card must be installed on the Guardian server; and, (2) a tape drive must be attached to the SCSI card.

Appendix A• 135

Overview

Next StepsUse the steps outlined below to guide your decision on how to implement the Backup Express for Guardian solution in your network.

1. Plan your deployment.Refer to the documentation on the Backup Express for Guardian CD to determine the appropriate configuration for your environment. Quantum recommends that you get started with the following guides, found in the Manuals directory on the Backup Express for Guardian CD:

• The GUI Installation Guide (bexinstall.pdf)

• The Getting Started Guide (bexstart.pdf)

• The Operations Guide (bexoper.pdf)

• The Configuration Guide (bexconf.pdf)

2. Attach one or more tape device(s). The bundled software allows you to attach an unlimited number of standalone tape drives. Making sure that both the Guardian server and the tape device(s) are powered down, attach the tape device(s), then power up the server.

3. Install the GUI.Install the Backup Express GUI software on one or more supported client workstations, as defined in the following table:

For detailed installation instructions, refer to the Backup Express for Guardian GUI Installation Guide included in the CD case. You can also find a PDF version in the Manuals directory of the CD.

4. Use the GUI to configure and run Backup Express for Guardian.

• As part of the initial configuration process, you will be able to select your tape drive or library from a list of supported devices.

• If asked for specific SCSI device driver information while configuring the backup, refer to the Monitoring > SCSI Information screen of the Guardian server’s browser-based Administration Tool.

AIX4, AIX5 SGI IRIX 6.2, 6.5 Windows 95/Me, NT, 2000, XP

HP-UX 9.04, 10.x, 11

Sun OS 4.1.3, 4.1.4 Solaris 2.4 and higher

Tru64 OSF UNIX 3.2, 4.0, 5.x


Managing the Catalog

Managing the Catalog

The Catalog is a file stored on the master Guardian server that keeps track of the data you back up. The Catalog records the data’s original location on the network, the data’s current location on a media volume, and the date and time the backup was performed. Restore operations will fail if this file is deleted.

Backing up the Catalog

The Backup Express for Guardian Catalog resides in a hidden portion of the first volume. The Guardian server is preconfigured with a single volume. If your environment requires multiple volumes, and you plan to use Backup Express, use the following procedure to preserve the Catalog.

1. Using the Backup Express GUI, back up the Catalog to external media. See the Operations Guide (bexoper.pdf) for details.

2. Using the Administration Tool on the Guardian server, delete the original volume, and create the new volume configuration.

3. Using the Backup Express GUI, restore the catalog to the first volume you created in the new configuration.

Upgrading Backup Express for Jukebox Support

Jukebox (robotic tape library) support enables unattended, lights-out backup operations. Upgrade packages that offer various levels of Jukebox support are available from the Quantum Web site (www.quantum.com). When you purchase an upgrade, you receive a Proof of Purchase (PoP) number. The PoP number is used to obtain a license key that enables functions in your software. This license key is all you need to activate the upgrade on a Guardian server; no additional software installation is required.

Obtaining the license key

Once you receive the PoP number, use the following procedure to activate the upgrade. Make sure you have a valid server number on hand as well.

1. Go to Quantum’s Web site (www.quantum.com).

2. If you haven’t already done so, register your server.

Appendix A• 137


Your registration record lets you generate license keys to unlock features of Backup Express, and also records the keys you have purchased in case you need to reference them.

3. Using the PoP key and the Guardian server number, acquire a new license key for the Backup Express for Guardian product.

4. On the Guardian server, navigate to the Maintenance > Feature Licensing screen and enter the new key.

5. Click Save. The new features become active next time you use Backup Express.

139

Glossary

AAccess control list (ACL)

Access control lists control access to directories and files. Each list includes a set of access control entries, which contain the metadata that the system uses to determine access parameters.

AllLocalUsers GroupThe AllLocalUsers Group is the default group for all users on Guardian servers. Local users are set up by the Guardian administrator. Network users or Windows Domain users are not part of the AllLocalUsers group.

AllUsers GroupThe AllUsers Group is a collection of all users. The Guardian server automatically maintains the AllUsers group.

ArrayA series of objects all of which are the same size and type. In a server context, an array refers to the grouping of hard drives into a RAID Set.

AuthenticationAuthentication validates a user’s identity by requiring the user to provide a registered login name and corresponding password.

Auto-negotiationAn Ethernet feature that automatically negotiates the fastest Ethernet speed and duplex setting between a NIC and a hub or switch. This is the default setting and is recommended.

Auto-sensingAn Ethernet feature that automatically senses the current Ethernet speed setting.


B

C

DDisk striping

Disk striping stores equal portions of each file on each disk in a RAID 0 configuration. This technique, called data striping, provides fast access to data since it uses multiple physical devices to contain a single data set.

DomainIn Windows NT and Windows 2000, a domain is a set of network resources such as users and groups of users. A domain may also include multiple servers on the network. To gain access to these network resources, the user logs in to the domain.

Domain Name Server (DNS)The server that maintains a mapping of all host names and IP addresses. Normally this mapping is maintained by the system administrator, but some servers support dynamic mappings.

Dynamic Host Configuration Protocol (DHCP)Dynamic Host Configuration Protocol (DHCP) is a communications protocol that lets network administrators centrally manage and automate the assignment of Internet Protocol (IP) addresses on a computer network. Each system that connects to the Internet/intranet needs a unique IP address. The Guardian server can be configured to perform as a DHCP server and assign IP addresses with a single subnet.

EEthernet

Ethernet is the most widely-installed local area network technology. The most commonly installed Ethernet systems are called 10Base-T and provide transmission speeds up to 10 megabits per second (Mbps). Fast Ethernet or 100Base-T provides transmission speeds up to 100 Mbps and is typically used for LAN backbone systems, supporting workstations with 10Base-T cards. Gigabit Ethernet provides an even higher level of backbone support at 1000 Mbps (one Gigabit or one billion bits per second).

Ethernet PortThe Ethernet Port houses the network card to provide Ethernet access to the computer.

Appendix • 141

FFailover

Failover is a strategy that enables one Ethernet port to assume the role of another port if the first port fails. If a port fails on a Guardian server, the second port assumes its network identity (if the two Ethernet cards have been configured for failover). When the port comes back online, the original identities are restored. Failover is only possible in a dual-Ethernet configuration.

Full duplexWith Full duplex, an Ethernet port can transmit and receive data simultaneously.

File Transfer Protocol (FTP)File Transfer Protocol (FTP), a standard Internet protocol, is a way to exchange files between computers on the Internet. By default, a Guardian server is set up to be an FTP server.

GGateway

The network address of the gateway is the hardware or software that bridges the gap between two network subnets. It allows data to be transferred among computers that are on different subnets.

Group Identification (GID)Each group on a Guardian server has a unique ID for security purposes.

HHalf duplex

Half-duplex indicates two-way data flow, one way at a time.

Hot spareA hot spare is a disk drive that can automatically replace a damaged drive in a RAID 1 or 5. If one disk drive in a RAID fails, or is not operating properly, the RAID automatically uses the hot spare to rebuild itself without administrator intervention.

Hot-swappingThe ability to remove and add disk drives to a system without the need to power-down or interrupt client access to file systems.


IInternet Protocol Address (IP address)

The unique 32-bit value that identifies the location of the server. This address consists of a network address, optional subnetwork address, and host address. It displays as four addresses ranging from 1 to 255 separated by periods.

JJava Virtual Machine (JVM)

Software that converts Java bytecode into machine language and executes it. A JVM allows an application such as NASManager written in Java to run on any operating system.

KKerberos

Kerberos is a secure method for authenticating a request for a service in a computer network. In Windows 2000/XP, the domain controller is the Kerberos server. The Kerberos key distribution center (KDC) and the origin of group policies are applied to the domain.

LLinux

The Guardian OS is based on the Linux OS. The Guardian OS is a UNIX-like OS that was designed to provide personal computer users a free or very low-cost operating system comparable to traditional and usually more expensive UNIX systems. The Guardian server is an efficient and fast-performing system.

Load BalancingLoad balancing is only available in dual-Ethernet configurations. The Ethernet port transmission load is distributed among two network ports (assuming the cards are configured for load balancing). An intelligent software adaptive agent repeatedly analyzes the traffic flow from the server and distributes the packets based on destination addresses.

Local group/Local userA local user is one created by using the Administration Tool and whose definition resides on the Guardian server itself. The local user is defined by the server administrator. Windows Domain, ADS, and NIS users are not considered local.

Appendix • 143

MMedia Access Control (MAC)

In the Open Systems Interconnection (OSI) model of communication, the Media Access Control layer is one of two sublayers of the Data Link Control layer and is concerned with sharing the physical connection to the network among several computers. Each Ethernet port has a unique MAC address. Guardian servers with dual Ethernet ports can respond to a request with either port and have two unique MAC addresses.

Management Information Base (MIB)A MIB is a formal description of a set of network objects that can be managed using the Simple Network Management Protocol (SNMP). The format of the MIB is defined as part of the SNMP.

MirroringRAID 1 uses mirroring, which stores data on one disk and copies it to a second disk, creating a redundant storage solution. RAID 1 is the most secure method of storing mission-critical data.

NNetwork Attached Storage (NAS)

Hard disk storage that is set up with its own network address as opposed to being attached to the department computer that is serving applications to a network's workstation users. By removing storage access and its management from the department server, both application programming and files can be served faster because they are not competing for the same processor resources. The NAS device is attached to a local area network (typically an Ethernet network) and assigned an IP address.

Network File System (NFS)A client/server application that allows a computer user to view and optionally store and update files on a remote computer as though they were on the user's own computer. The user's system needs to have an NFS client and the other computer needs the NFS server. The Guardian server is configured as an NFS server by default.

Network Information System (NIS)A network naming and administration system for smaller networks that was developed by Sun Microsystems. NIS+ is a later version that provides additional security and other facilities. The Guardian server accepts NIS users and groups.


O

PParity

Parity is error correction data. RAID 5 stores equal portions of each file on each disk and distributes parity information for each file across all disks in the group. This distributed parity allows the system to recover from a single disk drive failure.

Portable Operating System Interface (POSIX)A set of standard operating system interfaces based on the UNIX operating system. The need for standardization arose because enterprises using computers wanted to develop programs that could run on multiple platforms without the need to recode. The Guardian server uses Extended POSIX ACLs.

QQuota

A limit on the amount of storage space on a volume that a specific user or group can consume. The Guardian OS allows you to set quotas for NIS groups and any known user.

RRedundant Array of Independent Drives (RAID)

A collection of hard drives that act together as a single storage system. Different RAID types provide different levels of data protection. A RAID enables you to define a storage area that is larger than one hard drive.

SSecure Shell (SSH)

A service that provides a remote console for special system administration and customer support access to the server. SSH is similar to telnet, but more secure, providing strong encryption so that no passwords cross the network in clear text.

ShareA share is an access point to a specific segment of a volume’s directory structure. By creating a share to a directory and assigning it access rights, you control user access to the files within the directory and to any of its subdirectories.

Appendix • 145

Simple Network Management Protocol (SNMP)A system to monitor and manage network devices such as computers, routers, bridges, and hubs. SNMP views a network as a collection of cooperating, communicating devices, consisting of managers and agents.

SnapshotA point-in-time view of the files and folders on a volume. At a specified time, the system creates a copy of the volume contents for a specified duration.

Static IP AddressAn IP address defined by the system administrator rather than by an automated system, such as DHCP. The Guardian server allows administrators to use DHCP-assigned or statically assigned IP addresses.

T

UUninterrupted Power Supply (UPS)

A UPS device allows your computer to keep running for a short time when the primary power source is lost. It also provides protection from power surges. A UPS device contains a battery that starts when the device senses a loss of power from the primary source.

VVolume

A volume is a logical partition of a RAID

W

XYZ

147

Index

A Access control list. see ACL ACL

access control levels 90 extended POSIX 90 NT 4.0 89 POSIX 89 Windows 2000 89

Active directory authentication 84 organizational unit 85

Admin password changing 80 setting 26

Administration Tool 30 access through NASManager 23 architecture 32 Find icon 31 Home icon 31 introduction 5 open from NASManager 23 Tech icon 31

Administrator access 29 AIX 48 AllLocalUsers group

local group 79 local user and groups 81

APC Smart-UPS authentication phrase 35 user name 35

AppleTalk, enabling TCP/IP for 50 Authentication

about 83 Active Directory 84 domain controller 83 Kerberos 84 NFS 48, 83 NIS 84

B Backup

backing up data 96 backing up server and volume settings 100 Backup Express for Guardian 96 backup steps 100 configuring for third-party solutions 99 coordinating with Snapshots 97 identifying IP address of backup servers 99 server and volume settings 100 supported packages 98 using S2S to back up data 98 using Snapshots to optimize 96 volume and server settings 100

Backup Express for Guardian 96 configuration options 134 feature highlights 133 getting started 135 managing the catalog 136 overview 133 tape drive support 133 upgrading for jukebox support 136 User CD 134

BrightStor ARCserve 98, 127 Browser

connect via 54 Internet Explorer 88

C CA Unicenter TNg 109 Chassis failure (Guardian 14000 only) 104 Chooser (Macintosh) 53 Code page

Icelandic 47 Nordic/Europe 47 North America/Europe 47 United States 47


Compatible Linux applications 48 Component Failure 104 Configuring TCP/IP 41

D Data, backing up 96 Date, setting 26 Default gateway 40 Default server name 23, 52 Devices, viewing 59 DHCP server

configuring the Guardian server as 51 in dual-Ethernet 44 in setup wizard 27 IP addresses 42

Directory creating new 77 definition 79

Disaster Recovery backing up server and volume settings 100 creating recovery files 101 GuardianOSIMage 102 hardware failure 104 performing a fresh install 102 procedures 101 recovering server/volume configurations 103 recreating original RAIDs 103 restoring data from tape 103 restoring server configuration 104 restoring volume configurations 104

Discovering servers 24 Disengaging server 88 Disk drives

Guardian 4400 LEDs 11 identifying degraded 63 viewing 59

Domain joining 85 modifying 83

Domain controller, authentication 83 Domain name server

definition 40 in IP address 28

Domain name, definition 40 Dual-Ethernet

connect to Guardian 14000 18 load balancing 45 media access control 43

Duplex options auto negotiation 41 matching switch with 41 settings 42 status 40

E Error recovery, overview 79 Ethernet

address 40 configuring 41 configuring one port 41 DHCP server with 44 dual port configuration 18, 41 duplex options 41 full-duplex 41 half-duplex 41

Event log, reviewing 110

F Factory defaults, resetting 111 Failover

dual port function 45 overview 43

Fan 114 Find icon

Administration Tool 31 using the Find icon 33

FTP 50, 54 configuring access 50 root directory 54, 55

Full-duplex Ethernet 41

G Get Information screen 23 Groups

creating local groups 81 integrating NIS 86 modifying 83 NIS 84

Guardian accessing through Web View 29 changing admin password 80 changing server name 80 configuring SNMP alerts 109 connecting to via Web browser 55

Index • 149

default server name 23 default share configuration 91 displaying servers 22 locating with NASManager 24 NIS users and groups 84 physical specifications 124, 125 reboot 25 registering online 35, 36 viewing contents 55 viewing DHCP servers 52

Guardian 14000 connecting dual-Ethernet ports 18 connecting to UPS 19 features 3 hardware features 16 hot swapping power supplies 114 initialization process 20 LCD 16 package contents 15 power sources 19 rack installation 17 serial number label 16 setting up 15 turning on 20

Guardian 4400 connecting to network 12 connecting to power supply 13 disk drive LEDs 11 features 3 hardware features 9 initializing 14 LEDs 10 rack installation 10 setting up 8

GuardianOSImage 102

H Half-duplex Ethernet 41 Hardware failure 104 Hardware features, Guardian 4400 9 Help icon 31 Home icon 31 Hot swapping

fans 114 Guardian 14000 disk drives 113 power supplies 114

HP-UX 48 HTTP configuration 88

I Initial Setup screen

configure static IP 28 Initializing Guardian 14000 20 Internal temperature

e-mail notification 106 IP address

accessing Web View 29 configuration requirements 42 definition 40 enter in Web browser 53 from DHCP 42 in Setup Wizard 27 set domain name server 28 set from DHCP server 24 set or modify 23 setting in NASManager 21

K Kerberos authentication 84 Key Distribution Center 84 Knowledge Base, web address of 34

L Language support 47 LCD 16, 20

failed power supply 114 using 107

LEDs Guardian 4400 10 Guardian 4400 disk drive 11 Guardian 4400 network 11 Guardian 4400 power 10

Legato NetWorker 98, 127 Linux 48, 98 Load balancing

dual-Ethernet 45 bonded configuration 43

local group defining 82 definition 79 group IDs 82

Local user choosing group membership 83 creating and administering 81 definition 79


Login, Web View 29

M Macintosh

connecting to Guardian 53 launching NASManager 21 OS X 54 using with backup packages 98

Maintenance mode 102 Media access control 43 MG-Soft MIB Browser 109 Microsoft Windows 46 Monitoring

configuring SNMP alerts 109 e-mail notification 106 reset factory defaults 111 reviewing event log 110 reviewing status 107 using the LCD 107 volume usage 108

N NAS Finder 33 NASManager

accessing Administration Tools 23 add a server 24 displaying servers 22 Get Information screen 23 launching 21 open Admin Tool 23 overview 4 set refresh interval 25 tools 23 using 21 using NAS Finder 33

Network File System. See NFS Network Information screen, settings 40 Network Information Service (NIS) 88

assigning quotas 76 integrating groups 86 joining groups 87

Network LEDs Guardian 4400 10, 11

Network menu 38 Networking 41

auto configuration setting 41 duplex options 41

Network Information screen 40 reset to factory defaults 111 speed 40 switch considerations 41

NFS authentication 48, 83 connecting from NFS client 53 exported file 91 mount 53 mounting shares 78, 86 OS X 54 server configuration 48 supported versions 49 vs.SMB 79

NIS. See Network Information Service NT 4.0

client access levels 90 partial ACL support 89

O Online help 31

P Password

setting admin 26 Physical specifications 124, 125 POSIX

ACL guidelines 90 extended ACLs 89 users and groups 90

Power supply hot swapping 114 indicator light 114 LED indicator 115

Q Quotas

assigning and managing 73 assigning group for NIS volumes 76 assigning NIS groups 76 assigning users 74 edit groups 76 enabling for a volume 73

Index • 151

R Rack installation

Guardian 14000 17 Guardian 4400 10 in four-post rack 18

RAID assessing status 63 create 62 creating 60 disk striping 60 free space 63 identifying a degraded 63 RAID 0 (striped) 62 RAID 1 (mirrored) 60 RAID 5 (striping with parity) 60 size 63 spares 61 status 63 Wizard 61

Reboot Screen 25 Recovering from Hardware Failures 104 Red Hat Linux 48 Refresh interval, set 25 Registering

Guardian 36 online 35

S SCSI Monitoring 107 SCSI Status 107 Secure HTTP. See HTTPS Secure Shell. See SSH Secure Socket Layer. See SSL Security

changing server name 80 choosing group for users 83 multiplatform issues 79 setting permissions 79

Serial number label Guardian 14000 16

Server changing name 80 default name 52 refresh interval 25

Server-to-Server Synchronization. See S2S Settings, Backing Up Server and Volume 100 Setup Wizard

how to use 25 license agreement 28 reboot 28 rebooting 25 registration 28 set IP address 27

Share creating new 68 definition 79 mounting from UNIX clients 70 viewing contents of 55

Simple Network Management Protocol. See SNMP SMB

configuring 46 definition 46

Snapshot accessing 70 creating 72 definition 70 duration 72 estimating space requirements 71 impact on performance 72 redefining space on a volume 72, 73 shared pool 71 start time 72

SNMP agent 109 configuring alerts 109 overview 108 supported NMS applications 109 supported traps 108 test traps 110

SSH configuring 89 disabling 89 enabling 89

Static IP address 21 Initial Setup screen 28 set or modify 23

Static mounting, NFS clients 78, 86 Status LEDs

Guardian 4400 10 power 10

Storage menu 58 Subdirectory, creating 77 Subnet mask, definition 40 Subnet, finding Guardian server’s 33 Sun Solaris 48 System status, reviewing 107


T TCP/IP

assigning TCP/IP 52 configuring 41 enable for AppleTalk 50 TCP/IP screen 52

Tech icon 31, 34

U Uninterruptible Power Supply. See UPS UNIX

backup packages for 98 disengaging NIS server 88 native backup utilities 98 NIS groups 87 perform a static mount 86

Up Server and Volume Settings, Backing 100 UPS

connecting Guardian 14000 to 19 selecting a device 34 to enable support 34

Users creating local users 81 definition 79 NIS 84

V VERITAS Backup Exec 98, 127 VERITAS NetBackup BusinessServer 98 VERITAS NetBackup DataCenter 127 Volume

assessing status 67 backing up configuration 100 capacity 62 creating 66 creating and managing 66 default settings 66 managing 67 naming 66 usage 108

W Web security, HTTP configuration 88 Web View

accessing 29 login 29

Windows client access levels 90 connecting to Windows 95 53 defining a share 79 defining share for 91 disengaging domain groups 86 Kerberos authentication 84 managing domain workgroups 85 Me 52 supported backup packages for 98 XP 52

WINS server, definition 40 Workgroup, joining 85

Guardian Administrator Guide

Technology

Transcript of Guardian Administrator Guide