Pre-Installation Network Provisioning Firewalls

Published on sepusa.com (http://sepusa.com)
Home > Administer > Content > Pre-Installation
Pre-Installation
Pre-Installation
Network Provisioning
Using all lower case names is highly recommended and required by multiple specifications.
Be very careful changing these settings as it could create problems such as services failing to start.
Host Name: sesamserver
Should be One word
Should not contain a period or space
test with the command "hostname"
(hostname sesamserver)
reboot required after changing hostname
Fully Qualified Domain Name / FQDN: sesamserver.example.com
Must end with a period and valid tld (.com)
test with command "ping $HOST_NAME"
(ping sesamserver)
test with command "ping $HOST_NAME.$DOMAIN_NAME"
(ping sesamserver.example.com)
Reverse dns or PTR record required for servers and remote media pools
Hosts File: /etc/hosts or c:\windows\system32\drivers\etc\hosts
Must start with and contain only "127.0.0.1 localhost"
Deprecated - Emulation of DNS with hosts files
Must start with "127.0.0.1 localhost"
Next entry must be "IP HOST_NAME.DOMAIN_NAME HOST_NAME"
ex. (192.168.1.2 sesamserver.sepusa.com sesamserver)
if there are entries for other interfaces, use unique host names
ex. (192.168.2.2 backupinterface-sesamserver.sepusa.com backupinterface-sesamserver)
If there are duplicate entries only the first will be used
Products
All Versions
Firewalls
Ports used by SEP Sesam
When using the standard configuration for SEP Sesam the following TCP ports must be open:
Server:
stpd 11001
remote-gui 11401
Client:
ctrl 11301
data 1024-65535 (can be limited with the custom ports option below)
1
Standard Connection Process:
1. The Sesam server opens a connection to port 11301 on client
2. The Sesam client opens a connection to port 11001 on Sesam server (or remote device server).
3. The Sesam server opens a connection to a random port above 1024 on the client.
Custom Ports for firewalled/nat/wan/vpn clients:
1.
2.
3.
4.
Edit the properties of the client (Components > Topology)
Switch to the "Options" tab
Add 11003-11010 to specify a port range, 2 ports are required for each stream, these reduce your "data" ports above
Enable access to these ports from the sesam server to the client in the client and/or edge firewall(s)
SSH Alternative:
1. Use ssh-genkey (as root on the backup server) to create a key pair, don't use a password. They will be saved by default as
/root/.ssh/id.[dr]sa.[prv|pub]
2. To "allow" this key to access the server you will have to transfer it to /root/.ssh/authorized_keys on the server.
3. Transfer the file with the following command, twice
4. The server ssh client (/etc/ssh/ssh_config) should consider Compression=Yes and CompressionLevel=6 for optimal
VPN/CPU performance
root@SEP_SERVER# scp -v /root/.ssh/id.rsa.pub root@SEP_CLIENT:/root/.ssh/authorized_keys.
You can use multiple keys in the authorized_keys file, one on each line.
After this setup you should be able to login to the sep server as root and ssh to the client as root without using a password, set the
client properties connection method to ssh and the access option "-s".
"If you are asked for the password on the second attempt there is a problem which may be located in /etc/ssh/sshd_config as
AuthorizedKeysFile=[/dev/null|/any/empty/file]"
Products
3.6
4.0
Performance
Modern systems aggregate network channel bandwidth is limited by system bus interfaces only in the case of systems of large
scale or clound/shared environment.
The following charts describe the theoretical maximum channel performance for common network media types.
Ethernet
Theoretical Maximums for common devices (Hard Limits)
The below limits are based on the assumption of managed switching infrastructure and server grade network interface
cards.
32MB is generally the lower memory limit for server grade managed 1GB switches.
1GB network cards typically built into servers are consumer grade and/or contain < 1MB of cache.
Copper Ethernet:
Interface Type
Shared T1
Bandwidth Megabits Theoretical Maximum Gigabytes per Hour GB Per 24 Hour Period
1
0.44
10.55
T1
1.5
0.66
15.82
E1
2
0.88
21.09
MultiLink T1
3
1.32
31.64
MultiLink T1
4
1.76
42.19
MultiLink T1
5
2.20
52.73
2
MultiLink T1
6
2.64
63.28
MultiLink T1
7
3.08
73.83
MultiLink T1
8
3.52
84.38
MultiLink T1
9
3.96
94.92
Fast Ethernet
10
4.39
105.47
Cable Modem / DSL
11
4.83
116.02
Cable Modem / DSL
12
5.27
126.56
Cable Modem / DSL
13
5.71
137.11
Cable Modem / DSL
14
6.15
147.66
Cable Modem / DSL
15
6.59
158.20
Cable Modem / DSL
16
7.03
168.75
Cable Modem / DSL
17
7.47
179.30
Cable Modem / DSL
18
7.91
189.84
Cable Modem / DSL
19
8.35
200.39
Cable Modem / DSL
20
8.79
210.94
Cable Modem / DSL
21
9.23
221.48
Cable Modem / DSL
22
9.67
232.03
Cable Modem / DSL
23
10.11
242.58
Cable Modem / DSL
24
10.55
253.13
Cable Modem / DSL
25
10.99
263.67
Cable Modem / DSL
26
11.43
274.22
Cable Modem / DSL
27
11.87
284.77
Cable Modem / DSL
28
12.30
295.31
Cable Modem / DSL
29
12.74
305.86
Cable Modem / DSL
30
13.18
316.41
Cable Modem / DSL
40
17.58
421.88
WAN
45
19.78
474.61
WAN
50
21.97
527.34
WAN
55
24.17
580.08
100 Mbt
100
43.95
1,054.69
Bonded / Trunked 100 Mbt
200
87.89
2,109.38
Bonded / Trunked 100 Mbt
300
131.84
3,164.06
Bonded / Trunked 100 Mbt
400
175.78
4,218.75
Bonded / Trunked 100 Mbt
500
219.73
5,273.44
Bonded / Trunked 100 Mbt
600
263.67
6,328.13
Bonded / Trunked 100 Mbt
700
307.62
7,382.81
Bonded / Trunked 100 Mbt
800
351.56
8,437.50
Bonded / Trunked 100 Mbt
900
395.51
9,492.19
1GB Ethernet
1000
125.56
3,013.39
Bonded / Trunked 1GB Ethernet
2000
199.57
4,789.68
Bonded / Trunked 1GB Ethernet
3000
299.35
7,184.52
Bonded / Trunked 1GB Ethernet
4000
399.14
9,579.36
Bonded / Trunked 1GB Ethernet
5000
498.92
11,974.20
Bonded / Trunked 1GB Ethernet
6000
598.71
14,369.04
Bonded / Trunked 1GB Ethernet
7000
698.49
16,763.88
Bonded / Trunked 1GB Ethernet
8000
798.28
19,158.72
Bonded / Trunked 1GB Ethernet
9000
898.06
21,553.56
3
10GB Ethernet
10000
1,255.58
30,133.93
Special Considerations:
Jumbo frame support os,nic,switches,vm?
Offloading support in os,nic,vm?
Often bonding more than 1 or 2, 1GB interface(s) per core is actually slower
For best results bond at maximum 8 1GB channels
Products
All Versions
Fibre Channel
Spec
Medium Maximum Performance
Fibre Channel - 2GB 2GFC
212.5 MB/s
4GB
4GFC
425 MB/s
8GB
8GFC
850 MB/s
FC over 10GbE
FCoE
1250 MB/s
SEP sesam Servers
All Versions
10GbE and Infiniband 4x
Spec Medium
Maximum Performance
AOE
10GbE
1250 MB/s
iSCSI 10GbE
1250 MB/s
FCoE 10GbE
1250 MB/s
iSCSI InfiniBand 4x 5000 MB/s
Bonded Ethernet
Linux has built-in support for automatic independent bidirectional load balancing using Ethernet devices of any link speed without
switch support.
Cisco Switches prefer the following settings:
Linux bonding mode 802.3ad with xmit_hash_policy=layer3+4
Switch trunking mode etherchannel/lacp-slow with layer3+4
Link speed must be the same on all 'enslaved' interfaces
Each interface should have no ip address configured
Each interface should show very similar (TX+RX) values.
Cisco Config Details [1]
The only commonly available mode which provides bidirectional support is mode 6 (balance-alb).
Do not use the modes other then 6 (balance-alb) if you plan to enhance performance of the system without sacrificing reliability or
requiring a specific switch configuration.
Bond devices and their 'slave(s)' usually can't be members of bridges that run stp.
Bond devices can sometimes use significant (Multi-MB) amounts of memory.
Special considerations need to be made when using devices of different link speeds (10/100Mbt+1000Mbt)
Your specific Linux distribution most likely provides a tool to configure bonding so you won't need and shouldn't use the command
line example and background information below.
SLES [2]
SLES XEN [3]
Other/Generic [4]
4
Example driver setup for one bond interface.
Configure the /etc/modules(.conf) or /etc/modprobe.conf(.local) as follows:
alias bond0 bonding
options bond0 -o bond0 mode=6 miimon=100
Start Script for 2 ethernet interfaces (startbond0.sh)
#!/bin/sh
##modprobe bond0
ifconfig bond0 192.168.0.10 netmask 255.255.255.0 up
route add default gw 192.168.0.1
ifconfig eth0 0.0.0.0 up
ifconfig eth1 0.0.0.0 up
ifenslave bond0 eth0 eth1
Bonding in (mode=balance-alb), Adaptive load balancing includes balance-tlb plus receive load balancing (rlb) for IPV4 traffic,
and does not require any special switch support. The receive load balancing is achieved by ARP negotiation. The bonding driver
intercepts the ARP Replies sent by the local system and overwrites the source hardware address with the unique hardware
address of one of the "enslaved Ethernet devices" in the bond such that different peers use different hardware addresses for the
server, the algorithm layer3+4 and based on "ip:port". This bonding can enable a single tcp connection to saturate multiple gigabit
ethernet links with full fault tolerance without connection drops under single or sometimes multiple port/cable/switch and/or gateway
failures.
SEP sesam Servers
All Versions
Storage
Storage
Calculating Needs
This page shows an example calculation
( assuming 5 daily full backups, 1 weekly full and 1 monthly full)
Example:
Smaller Servers: 27*4TB=96
Larger Servers: 8*8TB=64
Total TB = 160 for site/backup day
for daily(5 days) , weekly and monthly:
size=160TB
(size*5)+(size*1)+(size*1)
800+160+160=1120TB Site wide Pool Size
For smaller servers:
size=4TB
(size*7)=28TB Pool size
For larger servers:
size=8TB
(size*7)=56TB Pool size
SEP sesam Servers
All Versions
Rotation Example
This article details the setup of a standard GFS tape rotation scheme, while trying to keep each day's data on it's own tape if there
is room.
Phase 1 is to create the media pools and set the lock date / EOL, Phase 2 is to setup media initialization tasks to do the actual
rotation. By default Sesam will append all days at the tape daily00001 until it’s full.
5
Requirements:
SEP Sesam with a valid license
20 tapes (assuming an entire network wide full backup fits on one tape)
Phase 1: Create 3 New media pools:
1. Daily - Initialize 4 Tapes and set lock time / EOL to 4 days
Daily00001 for Monday
Daily00002 for Tuesday
Daily00003 for Wednesday
Daily00004 for Thursday
2. Weekly - Initialize also 4 Tapes and set lock time / EOL to 27 days
Weekly00001 for First Friday
Weekly00002 for Second Friday
Weekly00003 for Third Friday
Weekly00004 for Fourth Friday
3. Monthly - Initialize 12 Tapes and set lock time / EOL to 360 days.
Monthly00001 for January
Monthly00002 for February
Monthly00003 for March
Monthly00004 for April
Monthly00005 for May
Monthly00006 for June
Monthly00007 for July
Monthly00008 for August
Monthly00009 for September
Monthly00010 for October
Monthly00011 for November
Monthly00012 for December
Phase 2: Create 2 Media Events for media initialization (closing tapes)
1. Set up a scheduled mediainit for MON,TUE,WED,THU with the media pool “Daily” at e.g. 12 pm.
2. Set up a scheduled mediainit for FRIDAY with the media pool “Weekly” at e.g. 12 pm.
SEP sesam Servers
All Versions
EOL/EOM Restrictions
All Media EOM means that all media are full of data within the EOL retention period.
If we do have enough space in the media pool for a full of each task plus incremental tasks until another full is complete it's likely
one or more of the tasks didn't get a successful full backup before the incremental tasks ran.
Working Example:
10GB full (Last Sunday)
1GB INC each 6 other days
10GB full (This Sunday)
Total space required in media pool: 26GB
Broken Example:
no full yet, 10G INC (Last Sunday)
10GB inc each 6 other days
10GB (this sunday)
Total space required in media pool: 80G
All Media EOL means that the retention period on the media pool is holding back the media from being writable.
Check your media pool lock period in the media pool properties. If you reduce the lock time on the media pool make sure to adjust
the lock dates on the individual media as well.
Reformating a tape
To "Re Format" a tape in the GUI:
Open Components
6
Open Media
Select the media you wish to re-format
Select Properties
edit the lock date if it is listed in the future
Select Properties again
Click Delete
You are now ready to re-initialize the media, remember to check the overwrite box if you are using tape media.
SEP sesam Servers
All Versions
A/V Excludes
Backups can often be enhanced for higher reliability and performance by excluding the following files and folders from anti-virus
and anti-malware scanners:
Linux:
/opt/sesam/bin/sesam/sbc (sesam-client)
/opt/sesam/bin/sesam
/var/opt/sesam/var
/var/opt/sesam/var/work
/var/opt/sesam/var/log
/var/opt/sesam/var/tmp
Windows:
C:\Program Files\SEPsesam\bin\sesam\sbc (sesam-client)
C:\Program Files\SEPsesam\bin\sesam
C:\Program Files\SEPsesam\var
C:\Program Files\SEPsesam\var\work
C:\Program Files\SEPsesam\var\log
C:\Program Files\SEPsesam\var\tmp
SEP sesam Clients
All Versions
© all content copyright by SEP Software Corp. 2003-2012
Hosted By: JuniperBeach.Net
Source URL (retrieved on Mar 6 2012 - 4:38pm): http://sepusa.com/node/3727
Links:
[1] http://www.cisco.com/en/US/docs/ios/12_2sb/feature/guide/sbcelacp.html
[2] http://www.novell.com/support/search.do?
cmd=displayKC&amp;docType=kc&amp;externalId=3815448&amp;sliceId=1&amp;docTypeID=DT_TID_1_1&amp;dialogID=65200162&amp;stateId=0%200%20120650689
[3] http://www.novell.com/coolsolutions/feature/19955.html
[4] http://www.linuxfoundation.org/collaborate/workgroups/networking/bonding
7
Download PDF
Similar pages