advertisement
EMC
®
VNXe
®
Series
Version 3.1
Configuring Hosts to Access CIFS File
Systems
P/N 302-000-191 REV. 03
Copyright
©
2014-2015 EMC Corporation. All rights reserved. Published in USA.
Published June, 2015
EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice.
The information in this publication is provided as is. EMC Corporation makes no representations or warranties of any kind with respect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for a particular purpose. Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.
EMC², EMC, and the EMC logo are registered trademarks or trademarks of EMC Corporation in the United States and other countries. All other trademarks used herein are the property of their respective owners.
For the most up-to-date regulatory document for your product line, go to EMC Online Support ( https://support.emc.com
).
EMC Corporation
Hopkinton, Massachusetts 01748-9103
1-508-435-1000 In North America 1-866-464-7381 www.EMC.com
2
EMC VNXe Series 3.1 Configuring Hosts to Access CIFS File Systems
CONTENTS
Chapter 1
Chapter 2
Chapter 3
Setting up a host for CIFS storage
5
VNXe system requirements.................................................................6
Network requirements........................................................................6
CIFS NAS server in a Windows domain................................................7
Stand-alone CIFS NAS server.............................................................. 7
Host software in a CIFS environment................................................................7
VNX Common Event Enabler Common Antivirus Agent ....................... 7
Management snap-ins........................................................................8
Installing host software for CIFS......................................................... 9
Using Windows Continuous Availability.........................................................10
Link aggregations.............................................................................10
Configuring a link aggregation..........................................................11
Configuring user access to the CIFS share......................................................13
Migrating CIFS Data to the VNXe
15
Migration environment and limitations..........................................................16
Setting up access to a VNXe share for the CIFS host......................... 17
Migrating the data with a manual copy.............................................17
Managing CIFS File System Storage with Windows Tools
19
Opening Computer Management MMC.......................................................... 20
Setting ACLs on an existing share.....................................................20
Creating a share and setting its ACLs................................................21
Home directory restrictions.............................................................. 21
Adding a home directory to the Active Directory................................22
Adding a home directory with expressions....................................... 22
GPO support on a VNXe NAS server.................................................. 24
Supported GPO settings................................................................... 24
Monitoring NAS server connections and resource usage................................26
Monitoring users on a NAS server.....................................................26
Monitoring access to shares on the NAS server................................ 26
Monitoring file use on the NAS server...............................................27
Enabling auditing on a NAS server....................................................28
Viewing the audit events.................................................................. 30
Disabling auditing............................................................................30
Accessing the security log for a NAS server....................................................31
EMC VNXe Series 3.1 Configuring Hosts to Access CIFS File Systems
3
CONTENTS
Chapter 4
Chapter 5
Using FLR with VNXe
33
FLR terminology................................................................................34
Basic FLR concepts...........................................................................34
How FLR works................................................................................. 35
FLR restrictions.................................................................................36
Windows .NET Framework requirement.............................................37
Window requirements for FLR Monitor.............................................. 37
Committing a read-only file to the FLR state......................................39
Creating FLR queries.........................................................................40
Using CEE CAVA with VNXe
41
VNXe NAS servers............................................................................ 42
CEE CAVA virus-checking client........................................................ 42
Third-party antivirus software support.............................................. 42
CEE CAVA software........................................................................... 43
VNX CIFS Management snap-in.........................................................43
System requirements and limitations............................................................ 43
File-level retention........................................................................... 43
Non-CIFS protocols...........................................................................43
Setting up CEE CAVA for VNXe NAS servers.................................................... 43
Configuring the domain user account............................................... 44
Configuring virus checker parameters.............................................. 46
Installing third-party antivirus software............................................ 48
Installing CEE CAVA..........................................................................48
Starting the CEE AV engine............................................................... 49
4
EMC VNXe Series 3.1 Configuring Hosts to Access CIFS File Systems
CHAPTER 1
Setting up a host for CIFS storage
This chapter contains the following topics.
l l l l l l l l
Requirements for setting up a host
.......................................................................... 6
Host software in a CIFS environment
........................................................................7
Using Windows Continuous Availability
.................................................................10
Using network high availability
..............................................................................10
............................................................................................13
Configuring CIFS file system storage
...................................................................... 13
Configuring user access to the CIFS share
..............................................................13
.........................................................................................14
Setting up a host for CIFS storage
5
Setting up a host for CIFS storage
6
Requirements for setting up a host
This topic describes the system and network requirements for setting up a host to use
VNXe storage.
Before you can set up a host to use VNXe storage, these VNXe system and network requirements must be met.
Overview
This topic describes the purpose of this document, its intended audience, and provides a list of related documentation.
This document is part of the EMC VNXe documentation set. It describes how to set up the
Windows hosts with clients that need to access Common Internet File System (CIFS) file system storage on a VNXe system with VNXe Operating Environment version 3.0 or later.
This document is intended for the person or persons who are responsible for setting up the hosts to access the VNXe storage.
Readers of this document a should be familiar with VNXe CIFS file system storage and the
Windows operating system running on hosts with clients that will access VNXe CIFS file system storage.
Other VNXe documents include: l l l l l l
Installation Guide
Hardware Information Guide
Parts Location Guide
Configuring Hosts to Access NFS File Systems
Configuring Hosts to Access Fibre Channel (FC) or iSCSI LUNs
Configuring Hosts to Access VMware NFS or VMware VMFS Datastores l
Unisphere CLI User Guide
EMC Unisphere help provides specific information about the VNXe storage, features, and functionality. The Unisphere help and a complete set of VNXe customer documentation are located on the EMC Online Support website: http://www.emc.com/vnxesupport .
VNXe system requirements
This topic lists the system requirements for the VNXe.
l l
You have installed and configured the VNXe system using the Configuration Wizard, as described in the Installation Guide for your storage system.
You have used Unisphere or the VNXe CLI to perform basic configuration of one or more NAS servers on the storage system.
Network requirements
This topic lists the network requirements for a host attaching to a VNXe system.
Ensure that you observe these network requirements: l l
The host (client) must be in a LAN environment with the VNXe NAS server.
The VNXe NAS server can be either a member of a Windows Active Directory domain or operate independently of any Windows domain as a stand-alone CIFS server.
EMC VNXe Series 3.1 Configuring Hosts to Access CIFS File Systems
Setting up a host for CIFS storage l l l l
For CIFS shares that are in a Windows Active Directory domain, you must also configure DNS and NTP.
If the NAS server is enabled for multiprotocol (CIFS and NFS), you must connect it to an NIS server or an LDAP server.
Unisphere online help describes how to configure Unix Directory Service (either NIS or
LDAP) on the VNXe.
Users can store files on a VNXe NAS server in a Network Information Service (NIS) environment, but you cannot configure a VNXe NAS server as an NIS client.
CIFS NAS server in a Windows domain
This topic describes a CIFS NAS server in a Windows Active Directory domain.
A CIFS NAS server with Active Directory enabled: l l l
Uses domain-based Kerberos authentication
Maintains its own identity (computer account) in the domain
Leverages domain site information to locate services, such as domain controllers.
Associating a CIFS NAS server with a Windows domain allows any users in the domain to connect to the CIFS server. In addition, authentication and authorization settings maintained on the Active Directory server apply to the files and folders on the CIFS file system.
A CIFS NAS server with Active Directory enabled requires a Windows domain with an
Active Directory (AD) server and a DNS server. You must also configure NTP.
Stand-alone CIFS NAS server
This topic describes a stand-alone CIFS NAS server.
A stand-alone CIFS NAS server does not have access to a Windows domain or its associates services. Only users with local user accounts created and managed on the stand-alone CIFS NAS server can access the server, and the CIFS server performs user authentication.
A stand-alone CIFS NAS server requires a Windows workgroup.
Host software in a CIFS environment
This topic provides an overview of the EMC host software for a VNXe system in a CIFS environment.
This section describes the EMC host software that is available for a VNXe system in a CIFS environment and describes how to install this software on a host that will use VNXe CIFS file system storage.
VNX Common Event Enabler Common Antivirus Agent
This topic describes the antivirus solution for CIFS clients using VNXe systems.
The VNX Common Event Enabler (CEE) Common AntiVirus Agent (CAVA) provides an antivirus solution for CIFS clients using EMC systems. It uses third-party antivirus software to identify and eliminate known viruses before they infect files on the system.
CAVA is part of the VNX Common Event Enabler (CEE) software package. The VNXe support matrix on the EMC Online Support website ( http://www.emc.com/vnxesupport )
CIFS NAS server in a Windows domain
7
Setting up a host for CIFS storage provides information about the third-party antivirus software that CAVA supports. Using
VNX Event Enabler describes how to install the enabler.
Management snap-ins
This topic lists the management snap-ins that a VNXe NAS server supports.
A VNXe NAS server supports the EMC VNX CIFS Management snap-ins, which consist of the following Microsoft Management Console (MMC) snap-ins that you can use to manage home directories, security settings, and virus-checking on a NAS server from a
Windows Server 2003, Windows Server 2008, Windows Server 2012, or Windows 8 computer: l l l
Home Directory Management snap-in
Data Mover Management snap-in
AntiVirus Management snap-in
Home Directory Management snap-in
This topic describes how the home directory feature simplifies administration of personal shares.
You can use the Home Directory Management snap-in to associate a username with a directory; that directory then acts as the user’s home directory. The home directory feature simplifies the administration of personal shares and the process of connecting to them because it lets you use a single share name, called HOME, to which all users can connect.
Data Mover Management snap-in
This topic describes how to use the audit policy and user rights assignment nodes of the
Data Mover Management snap-in.
Audit Policy node
You can use the Celerra Audit Policy node to determine which NAS server security events are logged in the security log. You can then view the security log by using the Windows
Event Viewer. You can log successful attempts, failed attempts, both, or neither. The audit policies that appear in the Audit Policy node are a subset of the policies available as group policy objects (GPOs) in Active Domain Users and Computers. Audit policies are local policies and apply to the selected NAS server. You cannot use the Audit Policy node to manage GPO audit policies.
User Rights Assignment node
You can use the User Rights Assignment node to manage which users and groups have login and task privileges to a NAS server. The user rights assignments that appear in the
User Rights Assignment node are a subset of the user rights assignments available as
GPOs in Active Domain Users and Computers. User rights assignments are local policies and apply to the selected NAS server. You cannot use the User Rights Assignment node to manage GPO policies.
Common AntiVirus Management snap-in
You can use the Common AntiVirus Management snap-in to manage the virus-checking parameters (viruschecker.conf file) used with Common AntiVirus Agent (CAVA) and thirdparty antivirus programs.
8
EMC VNXe Series 3.1 Configuring Hosts to Access CIFS File Systems
Setting up a host for CIFS storage
Installing host software for CIFS
This topic provides a list of the host software that you can install for VNXe CIFS environments, the purpose of each software package, the systems on which you can install the packages, and the installation steps.
Refer to
Table 1 on page 9 for information about the host software to install.
Table 1 Host software for VNXe CIFS environments
Software Install software if you want to
Install on
Home Directory
Management snapin
Data Mover
Management snapin
CEE AntiVirus
Management snapin
Manage user home directories.
Manage virus checking parameters used in conjunction with CAVA and third-party antivirus programs.
The Windows Server 2003, Windows Server
2008, Windows Server 2012, or Windows 8 system from which you will manage the VNXe
NAS servers in the domain.
Audit NAS server security events in the security log and manage user and group access and task privileges for a NAS server.
The Windows Server 2003, Windows Server
2008, Windows Server 2012, or Window 8 system from which you will manage the VNXe
NAS servers in the domain.
The 32-bit Windows Server 2003, Windows
Server 2008, Windows Server 2012, or
Windows 8 host (client) that uses VNXe storage. Requires one or more Windows hosts that are AntiVirus (AV) servers. These
AV servers can also be hosts that use VNXe storage.
To install the host software for a CIFS environment on a VNXe host:
Procedure
1. Log in to the host through an account with administrator privileges.
2. Download the software package that you want to install as follows: a. Navigate to the software download section on the EMC Online Support website
( http://www.emc.com/vnxesupport ).
b. Choose the software package that you want to install, and select the option to save the software to the host.
3. In the directory where you saved the software, double-click the executable file to start the installation wizard.
4. On the Product Installation page, select the software package that you want to install on the host.
5. Either accept the default location for the program files by clicking Next, or specify a different location by typing the path to the folder or by clicking Change to browse for the folder and clicking Next when you are finished.
6. On the Welcome page, click Next.
7. On the License Agreement page, click Yes.
8. On the Select Installation Folder page, verify that the displayed folder name is where you want to install the program files, and click Next.
To select a different folder, click Browse, locate the folder, and click Next.
Installing host software for CIFS
9
Setting up a host for CIFS storage
9. On the Select Components page, select the software package (component) that you want to install, clear the components you do not want to install, and click Next.
10.On the Start Copying Files page, click Next.
11.On the InstallShield Wizard Complete page, click Finish.
12.When the installation is complete, restart the host.
Using Windows Continuous Availability
Windows 8 and Windows 2012 SMB3 environments provide the ability to add highavailability functionality to CIFS resources. Windows CA allows applications running on hosts connected to shares with this property to support transparent server failover. Other features such as larger I/O size, offload copy, parallel I/O on same session, and directory leasing provide improvements to performance and user experience.
With CA enabled, you can achieve a transparent server failover for implementations where the failover time is no longer than the application timeout. In such implementations, hosts can continue to access a CIFS resource without the loss of a CIFS session state, following a failover event.
Using network high availability
This topic describes how to use link aggregation for high availability configurations.
The VNXe system supports link aggregations that allow up to four Ethernet ports connected to the same physical or logical switch to be combined into a single logical link.
This behavior is called link aggregation. To configure link aggregation on a VNXe system, each storage processor (SP) must have the same type and number of Ethernet ports because configuring link aggregation actually creates two link aggregations — one on each SP. This provides high availability as follows. If one of the ports in the link aggregation fails, the system directs the network traffic to one of the other ports in the aggregation. If you add an Ethernet I/O module to each SP in a VNXe system, you can create one additional link aggregation group on the set of ports in the I/O module.
For additional information on data availability in your VNXe system and your connectivity infrastructure, refer to EMC VNXe3200 High Availability, A Detailed Review white paper.
Link aggregations
10
This topic describes the advantages and function of link aggregations.
Link aggregations use the Link Aggregation Control Protocol (LACP) IEEE 802.3ad
standard. A link aggregation appears as a single Ethernet link with these advantages: l l
High availability of network paths to and from the VNXe system — If one physical port in a link aggregation fails, the system does not lose connectivity.
Possible increased overall throughput — Because multiple physical ports are bonded into one logical port with network traffic distributed between the multiple physical ports.
Although link aggregations can provide more overall bandwidth than a single port, the connection to any single client runs through one physical port and is therefore limited by the port’s bandwidth. If the connection to one port fails, the switch automatically switches traffic to the remaining ports in the group. When the connection is restored, the switch automatically resumes using the port as part of the group.
On the VNXe system, you can configure up to four ports in a link aggregation. When you configure a link aggregation, you are configuring two link aggregations — one on each SP.
EMC VNXe Series 3.1 Configuring Hosts to Access CIFS File Systems
Setting up a host for CIFS storage
If one of the ports in an aggregation fails, the system directs network traffic to one of the other ports in the group.
Switch requirements
This topic describes switch requirements when using link aggregation.
If the VNXe ports are connected to different network switches, you should configure all switch ports connected to the VNXe ports to immediately switch from blocking mode to forwarding mode and not pass through spanning tree states of listening and learning when an interface comes up. On Cisco switches, this means that you must enable the portfast capability for each switch port connected to a VNXe port to guarantee that the switch forwards the Ethernet frame that the VNXe system generates when a physical link is enabled. You enable the portfast capability on a port-to-port basis. When enabled, the portfast variable causes the port to immediately switch from blocking to forwarding mode. Do not use portfast on switch-to-switch connections.
For link aggregation, network switches must have IEEE 802.3ad protocol support and guarantee that packets from a single TCP connection always go through the same link in a single direction.
Configuring a link aggregation
This topic describes link aggregation configuration and lists the required configuration tasks.
Note
Windows 7 and Windows Server 2003 do not provide link aggregation (NIC teaming) support. Some NIC vendors provide drivers that support NIC teaming. For more information, contact your NIC vendor. Windows Server 2008 does support NIC teaming.
For link aggregation, you have at least one 802.3ad-compliant switch, each with an available port for each switch port you want to connect to a VNXe port in the aggregation.
The term NIC teaming refers to all NIC redundancy schemes, including link aggregation with 802.3ad.
For link aggregation, you need to perform two sets of configuration tasks: l l
Configure a link aggregation from the switch to the VNXe
Configure a link aggregation from the host to the switch
Configuring link aggregation from switch to VNXe
This topic describes how to configure the switch ports and join them into a link aggregation.
Procedure
1. Configure the switch ports, which are connected to the VNXe, for LACP in active mode.
Refer to the documentation provided with your switch.
2. Join the VNXe ports into a link aggregation using the Unisphere Advanced
Configuration option Settings
>
More configuration
>
Port Settings. For information on using the Advanced Configuration option, refer to the Unisphere online help.
Results
Two link aggregations are created with the same ports — one aggregation on each SP.
Configuring a link aggregation
11
Setting up a host for CIFS storage
Configuring link aggregation from host to switch
This topic describes how to configure link aggregation from host to switch. Steps involve configuring switch ports for link aggregation and NIC teaming on the host. These steps are for an Intel network interface driver.
Procedure
1. Configure the switch ports, which are connected to the host, for link aggregation.
2. Configure NIC teaming on the Windows Server 2008, Windows Server 2012, or
Windows 8 host.
Note
Windows Server 2008, Windows Server 2012, and Windows 8 hosts refers to link aggregation as NIC teaming. Windows 8 automatically detects NIC teaming on the
VNXe, and configures the host to use the same interfaces as the VNXe. Manual configuration is not necessary.
12 a. In the Control Panel, select Network and Internet
>
Network Connections.
b. In the Network Connections dialog box, right-click one NIC you want in the team and click Properties.
c. Click Configure.
d. In the Properties dialog box, select the Teaming tab.
3. In the Teaming tab: a. Select Team this adapter with other adapters.
b. Click New Team.
The New Team Wizard opens.
4. In the New Team Wizard: a. Specify the name for the team and click Next.
b. Select the other NICs that you want in the team and click Next.
c. Select the team type and click Next. For information on a type, select the type and read the information below the selection box.
d. Click Finish.
5. If you selected Adaptive Load Balancing as the team type and you want to use the new NIC team for Hyper-V virtual machines, disable Receive Load Balancing: a. Click the Advanced tab.
b. Under Settings, select Receive Load Balancing.
c. Under Values, select Disabled.
d. Click OK.
The new team shows in the Network Connections dialog box as a Local Area
Network Connection.
6. To use the new NIC team for a virtual machine: a. In the Hyper-V Manager, under Virtual Machines, select the virtual machine.
b. Under Actions, select Virtual Network Manager.
EMC VNXe Series 3.1 Configuring Hosts to Access CIFS File Systems
Setting up a host for CIFS storage c. In the Virtual Network Manager, under Virtual Networks, select VM NIC - Virtual
Machine Network.
d. Under Connection type, select the network type and the NIC team.
e. Click Apply.
f. When the changes have been appled, click OK.
Using CIFS encryption
Windows 8 and Windows 12 SMB3 environments provide the ability to encrypt data stored on VNXe CIFS file systems as that data moves between the VNXe and the Windows host.
Encryption at the share level is enabled on the particular share and enforced when the share is accessed. Optionally, encryption can be enforced at the system level (where encryption is set in the registry of the NAS server), and all share access would require encryption. Client-level configuration is not needed.
CIFS encryption is set at the CIFS server level in Unisphere (first) and by modifying the registry settings of the Windows host.
For more information about SMB 3.0 and CIFS encryption, see EMC VNX Series:
Introduction to SMB 3.0 Support on the EMC Online Support website ( http:// support.emc.com
).
Configuring CIFS file system storage
Procedure
1. Use Unisphere or the VNXe CLI to create VNXe CIFS file system storage for the host
(client).
2. For information on performing these tasks, refer to the Unisphere online help.
Configuring user access to the CIFS share
This task describes how to configure user access to the CIFS share from the host. You will need the name or IP address of the VNXe NAS server.
User access to the share is configured per file using the Active Directory:
Procedure
1. Log in to the Windows host with the Active Directory from a domain administrator account.
Note
The Windows host must have access to the domain with the VNXe NAS server for the
CIFS share.
2. Open the Computer Management window: a. For Windows Server 2003 — Right-click My Computer or Computer and select
Manage.
b. For Windows Server 2008, Windows Server 2012, Windows 7, or Windows 8— Click
Start and select Control Panel
>
Administrative Tools
>
Computer Management.
Using CIFS encryption
13
Setting up a host for CIFS storage
3. In the Computer Management tree, right-click Computer Management (local).
4. Select Connect to another computer.
The Select Computer dialog opens.
5. In the Select Computer dialog box, enter the name or IP address of the VNXe NAS server to provide the client CIFS shares.
6. In the Computer Management tree, select System Tools
>
File Systems
>
Shares.
The available shares appear on the right. If the VNXe shares do not appear, make sure that you are logged in to the correct domain.
7. Right-click the share whose permissions you want to change and select Properties.
8. Click the Share Permissions tab.
9. Select the user or group and the permissions for the selected user or group.
10.Click OK.
Mapping the CIFS share
This task directs you to connect the host to the CIFS share. It also describes how to get the export path for the share.
You will need the export path for the share (\\NASServer\share), which you can find in the VNXe configuration report for the file system with the share. To access this report, use EMC Unisphere software.
Procedure
1. On the Windows host, use the Windows Map Network Drive function to connect the host to the CIFS share and optionally to reconnect to the share whenever you log in to the host.
2. If you need the export path for the share, access the VNXe configuration report for the file system: a. In EMC Unisphere, select Storage
>
File Systems.
b. Select the CIFS file system with the share and click Details.
c. Click View Access Details.
If you have read/write access to the share, you can create directories on the share and store files in the directories (after the share is mapped).
14
EMC VNXe Series 3.1 Configuring Hosts to Access CIFS File Systems
CHAPTER 2
Migrating CIFS Data to the VNXe
You can migrate CIFS data to the VNXe system using a manual copy. A manual copy operation disrupts access to the data and may not preserve the ACLs and permissions within the file structure.
This chapter contains the following topics.
l l
Migration environment and limitations
..................................................................16
.......................................................................................................16
Migrating CIFS Data to the VNXe
15
Migrating CIFS Data to the VNXe
Migration environment and limitations
This topic describes requirements and limitations for data migration.
You can migrate data to the VNXe system with either a manual copy or an applicationspecific tool, if one is available.
If the NFS configuration that you want to migrate has any of the following, contact your
VNXe service provider: l l l
More shares than you want to migrate.
Permissions that you do not want to manually reassign to the VNXe shares.
Any share that you want to divide between VNXe shares.
l
Any share that you want to combine with other shares on the same VNXe share.
Table 2 on page 16 outlines the environment required for data migration. Table 3 on page 16
lists the characteristics of a manual copy migration.
Table 2 Environment for data migration
Component Requirement
VNXe storage File system with share sized to accommodate the data in the share that you want to migrate and to allow for data growth
Host Host with read access to the share containing the data to be migrated and with write access to the VNXe share for the migrated data
Share Share that you migrate in its entirety to the VNXe share
Table 3 Characteristics of manual copy migration
Component Characteristic
Permissions May not be preserved
Downtime Downtime is relative to the time required for: l l
Copying the share contents to the VNXe share
Reconfiguring the hosts to connect to the VNXe share
For both a manual copy migration and a migration with an application, the downtime is relative to the time required for: l l
Copying the share contents to the VNXe share
Reconfiguring the hosts to connect to the VNXe share
Migrating data
This topic lists the tasks for migrating data to a VNXe share.
To migrate data to a VNXe share, set up access to the share. Then migrate the data.
16
EMC VNXe Series 3.1 Configuring Hosts to Access CIFS File Systems
Migrating CIFS Data to the VNXe
Setting up access to a VNXe share for the CIFS host
This topic lists the steps to configure user access to the new share in the Active Directory and then map the share.
On the host that you want to use for the data migration:
Procedure
1. Configure user access to the new share in the Active Directory.
For detailed steps, refer to
Configuring user access to the CIFS share on page 13 .
2. Map the new share.
For detailed steps, refer to
Mapping the CIFS share on page 14
.
Migrating the data with a manual copy
This topic provides the steps to manually copy data one share at a time (instead of using an application-specific tool).
A manual copy minimizes the time during which a host cannot access a share being migrated.
Procedure
1. If any clients are actively using the share, disconnect these clients and any other clients that could access the data you are migrating.
2. Use the method that you think is best for copying data from the current storage location to the new VNXe share.
This method can be a cut-and-paste or drag-and-drop operation. Ensure that the method you choose preserves metadata such as file attributes, timestamps, and access rights that you need to preserve.
3. When the copy operation is complete, reconnect the clients to the new share exported by the VNXe system and map a drive to this share as needed.
Setting up access to a VNXe share for the CIFS host
17
Migrating CIFS Data to the VNXe
18
EMC VNXe Series 3.1 Configuring Hosts to Access CIFS File Systems
CHAPTER 3
Managing CIFS File System Storage with Windows
Tools
This chapter contains the following topics.
l l l l l l l l l l
Opening Computer Management MMC
.................................................................. 20
Creating shares and setting ACLs
.......................................................................... 20
Using the home directory feature
...........................................................................21
.................................................................................... 23
................................................................................................ 26
Monitoring NAS server connections and resource usage
........................................26
Auditing CIFS users and objects
............................................................................ 27
Accessing the security log for a NAS server
............................................................31
..................................................................................... 31
................................................................................... 31
Managing CIFS File System Storage with Windows Tools
19
Managing CIFS File System Storage with Windows Tools
Opening Computer Management MMC
This topic describes how to open the Computer Management Microsoft Management
Console (MMC) for a specific NAS server.
Procedure
1. Login to the Windows host that is part of the Active Directory with domain administrator account.
The Windows host must have access to the domain with the VNXe NAS server.
2. Open the Computer Management page: l l
For Windows Server 2003, right-click My Computer or Computer and select
Manage.
For Windows Server 2008, Windows Server 2012, and Windows 8, click Start and select Administrative Tools
>
Computer Management.
3. Right-click Computer Management (local).
4. Select Connect to another computer.
5. Enter the name of the VNXe NAS server, and click OK.
Log in as the Administrator with Administrator rights to use the MMC snap-ins.
Creating shares and setting ACLs
EMC recommends that you use Unisphere to create CIFS shares, as described in
Unisphere help, and then use the MMC to set access (ACLs) for the shares. As an alternative to using Unisphere, after you create a CIFS file system on the VNXe system, you can use the MMC to create shares within that folder.
To create a Windows share with the MMC, you must: l l l
Have assigned global identifiers (GIDs) to CIFS users
Have mounted the VNXe share of the root directory of the file system and created the directories you want to share in it
Be a VNXe administrator
Setting ACLs on an existing share
This topic describes how to set ACLs on an existing share by using the Computer
Management MMC.
Procedure
1. Open the Computer Management MMC as described in Opening Computer
2. In the console tree, select File Systems
>
Shares.
The current shares in use appear on the right.
3. Right-click the share whose permissions you want to change and select Properties.
4. Click the Share Permissions tab.
5. Select the user or group and the permissions for the selected user or group.
6. Click OK.
20
EMC VNXe Series 3.1 Configuring Hosts to Access CIFS File Systems
Managing CIFS File System Storage with Windows Tools
Creating a share and setting its ACLs
This topic provides the steps to create a share and set its ACLs by using the Computer
Management MMC.
Procedure
1. Open the Computer Management MMC as described in Opening Computer
2. In the console tree, click File Systems
>
Shares.
The current shares in use appear on the right.
3. Right-click Shares, and select New File Share from the shortcut menu.
The Share a Folder Wizard appears.
4. Enter the name of the folder to share, share name for the folder, and share description. Then click Next.
The wizard prompts you for share permissions.
5. Set permissions by choosing one of the options.
With the Customize Share and Folder Permissions or Customize Permissions option, you can assign permissions to individual groups and users.
6. Click Finish.
Using the home directory feature
The home directory feature, which is provided by the Home Directory snap-in, lets you create a single share, called HOME, to which all users connect. You do not have to create individual shares for each user.
The home directory feature simplifies the administration of personal shares and the process of connecting to them by letting you associate a username with a directory that then acts as the user’s home directory. The home directory is mapped in a user’s profile so that upon login, the home directory is automatically connected to a network drive.
If a client system (such as Citrix Metaframe or Windows Terminal Server) supports more than one Windows user concurrently and caches file access information, the VNXe home directory feature might not function as desired. With the VNXe home directory capability, a VNXe client sees the same path to the home directory for each user. For example, if a user writes to a file in the home directory, and then another user reads a file in the home directory, the second user's request is completed using the cached data from the first user's home directory. Because the files have the same pathname, the client system assumes they are the same file.
The home directory feature is disabled by default. You must have created a CIFS NAS server on the VNXe system before you can enable the home directory. On Windows Server
2003, Windows Server 2008, Windows Server 2012, or WIndows 8 systems, you can enable and manage home directories through the Home Directory snap-in for MMC. The snap-in online help describes the procedures for enabling and managing home directories.
Home directory restrictions
A special share name, HOME, is reserved for the home directory. The following restrictions apply. If you have:
Creating a share and setting its ACLs
21
Managing CIFS File System Storage with Windows Tools l
Created a share called HOME, you cannot enable the home directory feature.
l
Enabled the home directory feature, you cannot create a share called HOME.
A home directory is configured in a user’s Windows user profile by using the Universal
Naming Convention (UNC) path: \\NAS_server\HOME where NAS_server is the IP address, computer name, or NetBIOS name of the VNXe NAS server.
HOME is a special share that is reserved for the home directory feature. When HOME is used in the path for a user’s home directory and the user logs in, the user’s home directory is automatically mapped to a network drive and the HOMEDRIVE, HOMEPATH, and HOMESHARE environment variables are automatically set.
Adding a home directory to the Active Directory
This topic lists the steps to add a home directory to the Windows Active Directory. A
Windows server and domain administrator account are required.
Procedure
1. Log in to the Windows server from a domain administrator account.
2. Click Start and select Programs or All Programs
>
Administrative Tools
>
Active
Directory Users and Computers.
3. Click Users to display the users in the right pane.
4. Right-click a user and select Properties.
The user’s User Properties window appears.
5. Click the Profile tab and under Home folder: a. Select Connect.
b. Select the drive letter you want to map to the home directory.
c. In To, type:
\\NAS_server\HOME
where NAS_server is the IP address, computer name, or NetBIOS name of the VNXe NAS server.
6. Click OK.
Adding a home directory with expressions
This topic lists the steps for adding a home directory by using expressions. This procedure requires a domain administrator account.
Procedure
1. Log in to the Windows server from a domain administrator account.
2. Click Start and select Programs or All Programs
>
Administrative Tools
>
Celerra
Management.
3. Right-click the HomeDir folder icon and select New
> home directory entry.
The home directory property page appears.
4. Enter the following information: a. In Domain, type the name of the user’s domain using the NetBIOS name.
22
NOTICE
Do not use the fully qualified domain name.
For example, if the domain name is Company.local, you can type one of the following:
company
,
comp
, or
.*
(regular expressions must be true for this option to work).
EMC VNXe Series 3.1 Configuring Hosts to Access CIFS File Systems
Managing CIFS File System Storage with Windows Tools b. In User, type the name of the user or the wildcard string.
For example, if the username is Tom, you can type one of the following:
T*
for usernames starting with T,
*
for any username, or
[r-v].*
for usernames starting with r, s, t, u, or v (regular expressions must be true for this option to work).
c. In the Path, type the pathname using one of the following methods:
Type the path of the folder, for example, \HomeDirShare\dir1.
Click Browse and either select the folder or create one.
If you want to automatically create the folder, select Auto Create Directory.
Examples of directories are: l
\HomeDirShare\dir1\User1 l
HomeDirShare\<d>\<u>, which creates a folder with the domain name d and a directory with the user name u.
5. Click OK.
Table 4 on page 23 provides examples of expression formats for adding a home
directory.
Domain
*
*
* comp
User
*
*a
*
[a-d].*
Table 4 Examples of expression formats
Path
\HomeDirShare\
\HomeDirShare\
\HomeDirShare
\<d>\<u>\
\HomeDirShare
\FolksA-D\<d>
\<u>\
Options
None
None
Auto Create
Directory = True
Auto Create
Directory = True
Regexp=True
Results
All the users have
\HomeDirShare as their home directory.
Users whose username starting with ‘a’ have
\HomeDirShare as their home directory.
All the users have their own directories. For example, user
Bob in domain company has
\HomeDirShare\company
\Bob as his home directory.
Users whose username start with a, b, c or d in domain company have
\HomeDirShare\FolksA-
D\company\ as their home directory, where u is their username.
Using Group Policy objects
In Windows Server 2003, administrators can use Group Policy to define configuration options for groups of users and computers. Windows GPO can control elements such as
Using Group Policy objects
23
Managing CIFS File System Storage with Windows Tools local, domain, and network security settings. The Group Policy settings are stored in
GPOs that are linked to the site, domain, and organizational unit (OU) containers in the
Active Directory. The domain controller replicates GPOs on all domain controllers within the domain.
Audit Policy is a component of the Data Mover Management snap-in, which is installed as a Microsoft Management Console (MMC) snap-in into the Management Console on a
Windows Server 2003, Windows Server 2008,Windows Server 2012, or Windows 8 system.
You can use audit policies to determine which NAS server security events are logged in the security log. You can choose to log successful attempts, failed attempts, both, or neither. Audited events are viewed in the security log of the Windows Event Viewer.
The audit policies that appear in the Audit Policy node are a subset of the policies available as GPO in Active Directory Users and Computers (ADUC). These audit policies are local policies and apply only to the selected NAS server. You cannot use the Audit
Policy node to manage GPO audit policies.
If an audit policy is defined as a GPO in ADUC, the GPO setting overrides the local setting.
When the domain administrator changes an audit policy on the domain controller, that change is reflected on the NAS server and you can view it by using the Audit Policy node.
You can change the local audit policy, but it is not in effect until the GPO for that audit policy is disabled. If auditing is disabled, the GPO setting remains in the Effective setting column.
You cannot use Microsoft’s Windows Local Policy Setting tools to manage audit policies on a NAS server because in Windows Server 2003 and Windows XP, the Windows Local
Policy Setting tools do not allow you to manage audit policies remotely.
GPO support on a VNXe NAS server
A VNXe NAS server provides support for GPOs by retrieving and storing a copy of the GPO settings for each NAS server joined to a Windows Server 2003 domain. A VNXe NAS server stores the GPO settings in its GPO cache.
When the VNXe system powers up, it reads the settings stored in the GPO cache, and then retrieves the most recent GPO settings from the Windows domain controller. After retrieving the GPO settings, a VNXe NAS server automatically updates the settings based on the domain’s refresh interval.
Supported GPO settings
A VNXe NAS server currently supports the following GPO Security settings:
Kerberos l l
Maximum tolerance for computer clock synchronization (clock skew). Time synchronization is done per NAS server.
Maximum lifetime for user ticket
Audit policy l l l l l
Audit account logon events
Audit account management
Audit directory service access
Audit logon events
Audit object access
24
EMC VNXe Series 3.1 Configuring Hosts to Access CIFS File Systems
Managing CIFS File System Storage with Windows Tools l l l
Audit policy change
Audit privilege use
Audit process tracking l
Audit system events
Auditing CIFS users and objects on page 27 provides more information.
User rights l l l l l l l l l
Access this computer from the network
Back up files and directories
Bypass traverse checking
Deny access to this computer from the network
EMC virus checking
Generate security audits
Manage auditing and security log
Restore files and directories
Take ownership of files or other objects
Security options l l l l l
Digitally sign client communication (always)
Digitally sign client communication (when possible)
Digitally sign server communication (always)
Digitally sign server communication (when possible)
LAN Manager Authentication Level
Event logs l l l l l l l l l l l l
Maximum application log size
Maximum security log size
Maximum system log size
Restrict guest access to application log
Restrict guest access to security log
Restrict guest access to system log
Retain application log
Retain security log
Retain system log
Retention method for application log
Retention method for security log
Retention method for system log
Group policy l l
Disable background refresh of Group Policy
Group Policy refresh interval for computers
Supported GPO settings
25
Managing CIFS File System Storage with Windows Tools
Using SMB signing
SMB signing ensures that a packet has not been intercepted, changed, or replayed. The signing guarantees that a third party has not changed the packet. Signing adds a signature to every packet. The client and VNXe NAS servers use this signature to verify the integrity of the packet. The VNXe NAS servers support SMB1, SMB2, and SMB3.
For SMB signing to work, the client and the server in a transaction must have SMB signing enabled. SMB signing is always enabled on the VNXe NAS servers, but is not required. As a result, if SMB signing is enabled on the client, signing is used, and if SMB signing is disabled on the client, no signing is used.
Monitoring NAS server connections and resource usage
You can use Windows administrative tools to monitor users, share access, and file use on
NAS servers.
Monitoring users on a NAS server
This topic lists the steps to monitor the number of users connected to a NAS server.
Procedure
1. Open the Computer Management MMC for the NAS server you want to monitor as described in
Opening Computer Management MMC on page 20
.
2. In the console tree, click File Systems
>
Sessions.
The current users connected to the NAS server appear on the right.
3. Optionally: l l
To force disconnections from the NAS server, right-click the username, and select
Close Session from the shortcut menu.
To force all users to disconnect, right-click Sessions, and select Disconnect All
Sessions from the shortcut menu.
Monitoring access to shares on the NAS server
This topics lists the steps to monitor access to shares on a NAS server.
Procedure
1. Open the Computer Management MMC for the NAS server as described in
Computer Management MMC on page 20
.
2. In the console tree, click File Systems
>
Shares.
The current shares in use appear on the right.
3. Optionally, to force disconnections from a share, right-click the share name, and select Stop Sharing from the shortcut menu.
26
EMC VNXe Series 3.1 Configuring Hosts to Access CIFS File Systems
Managing CIFS File System Storage with Windows Tools
Monitoring file use on the NAS server
This topic lists the steps to monitor file use on a NAS server by using the Computer
Management MMC.
Procedure
1. Open the Computer Management MMC for the NAS server as described in
Computer Management MMC on page 20
.
2. In the console tree, click File Systems
>
Open Files.
The files in use appear on the right.
3. Optionally, to close an open file, right-click the file, and select Close Open File from the shortcut menu.
4. To close all open files, right-click the Open Files folder, and select Disconnect All
Open Files from the shortcut menu.
Auditing CIFS users and objects
To audit a NAS server, use the Data Mover Management, which is an MMC snap-in.
Installing host software for CIFS on page 9
provides information about installing MMC snap-ins.
By default, auditing is disabled for all Windows object classes. To enable auditing, you must explicitly turn it on for specific events on a specific NAS server. After it is enabled, auditing is initiated on the relevant NAS server. The Data Mover Management snap-in online help provides information about setting audit policies.
If the Group Policy Object (GPO) is configured and enabled on the NAS server, then the
GPO configuration of the audit settings is used.
Auditing is available only on the specific object classes and events listed in Table 5 on page 27
. Only a VNXe advanced administrator can set auditing on a NAS server.
Table 5 Auditing object classes
Object class
Logon/logoff
File and object access
Event
CIFS user login
CIFS guest login
Domain controller returned a password authentication error
Domain controller returned an unprocessed error code
No reply from DC (insufficient resources or bad protocol)
Object open: l l
File and directory access; if system access control list
(SACL) set, for read, write, delete, execute, set permissions, take ownership
Security Access Manager (SAM) local group modification
Close handle:
Audited for success failure success
Monitoring file use on the NAS server
27
Managing CIFS File System Storage with Windows Tools
Table 5 Auditing object classes (continued)
Object class Event l l
File and directory access; if SACL set for read, write, delete, execute, set permissions, take ownership
SAM database closed
Object open for delete:
File and directory access (if SACL set)
Delete object:
File and directory access (if SACL set)
SAM database access (lookup)
Audited for
Process tracking
System restart/ shutdown
Security policies
Use of user rights
User and group management
Not supported
Restart: l l l
CIFS service startup
CIFS service shutdown
Audit log cleared
Session privileges: l l
List user privileges
User rights assigned l
User rights deleted
Policy change:
List policy categories and associated audit state
Not supported
Create local group
Delete local group
Add member to local group
Remove member from local group success and failure
N/A success success
N/A success
When auditing is enabled, the Event Viewer creates a Security log with the default settings shown in
Table 6 Default log settings
Log type Maximum file size Retention
Security 512 KB 10 days
The VNXe NAS servers support auditing on individual folders and files.
Enabling auditing on a NAS server
Complete the following steps to enable auditing on a NAS server:
28
EMC VNXe Series 3.1 Configuring Hosts to Access CIFS File Systems
Managing CIFS File System Storage with Windows Tools l l
Specifying the audit policy on page 29
Setting the audit log parameters on page 29
Specifying the audit policy
This topic lists the steps to access the Security Management snap-in and specify audit policies.
After the Celerra Management Console is installed:
Procedure
1. Open the Computer Management MMC for the NAS server as described in
Computer Management MMC on page 20
.
2. Click Start, and select Programs or All Programs
>
Administrative Tools
>
EMC Celerra
Management.
3. In the Celerra Management window, do one of the following: l l
If a NAS server is selected (a name appears after Data Mover Management), go to step 4.
If a NAS server is not selected: a. Right-click Data Mover Management, and select Connect to Data Mover from the shortcut menu.
b. In the Select Data Mover box, select a NAS server using one of the following methods: n n
In the Look in list, select the domain where the NAS server you want to manage is located, and then select the NAS server from the list.
In the Name field, type the network name or IP address of the NAS server.
4. Double-click Data Mover Management, and double-click Data Mover Security
Settings.
5. Select Audit Policy.
The audit policies appear in the right panel.
6. Right-click Audit Policy, and select Enable Auditing from the shortcut menu.
7. Double-click an audit object in the right panel to define the audit policy for that object.
The Data Mover Management snap-in online help provides more information about audit policy.
Setting the audit log parameters
This topic lists the steps to set the audit log parameters by using the Computer
Management MMC for the NAS server.
Procedure
1. Open the Computer Management MMC for the NAS server as described in
Computer Management MMC on page 20
.
2. Double-click Event Viewer and, for Windows Server 2008 or Windows Server 2012, select Windows Logs.
The specific log files are displayed.
3. Right-click the log file, and select Properties from the shortcut menu.
The property sheet for the log appears. Normally, the Maximum log size field is locked.
Enabling auditing on a NAS server
29
Managing CIFS File System Storage with Windows Tools
4. After you have completed the procedure, return to the Application Properties dialog box for the log and click the arrows to increase or decrease the size of the log.
5. In the Log size area of the dialog box, specify what happens when the maximum log size is reached: l l
Overwrite events as needed: Specifies whether all new events are written to the log, even if the log is full. When the log is full, each new event replaces the oldest event.
Overwrite events older than ( n ) days: Overwrites events older than the number of days specified. Use the arrows to specify the limit, or click the field to enter the limit. The log file size specified in step 4 is not exceeded. New events are not added if the maximum log size is reached and there are no events older than this period.
l
Do not overwrite events: Fills the log up to the limit specified in step 4. When the log is full, no new events are written to it until you clear the log.
6. Click OK to save the settings.
Viewing the audit events
This topic lists the steps to view the audit events.
Procedure
1. Click Start, and select All Programs
>
Administrative Tools
>
Event Viewer.
2. Right-click the Event Viewer icon in the right panel, and select Connect to Another
Computer from the shortcut menu.
The Select Computer dialog box appears.
3. In the Select Computer dialogue, directly enter the name or IP of the NAS server. You may also select Browse to find the NAS server.
4. For Windows Server 2008 or Windows Server 2012, click Windows Logs.
5. Click the log.
The log entries appear in the right panel.
6. Double-click the log entry to view the event detail.
The Event Properties window opens.
Disabling auditing
30
This topic lists the steps to disable auditing.
Procedure
1. Log in to a Windows Server 2003, Windows Server 2008, or Windows Server 2012 domain controller with domain administrator privileges.
2. Click Start, and select Programs or All Programs
>
Administrative Tools
>
EMC Celerra
Management.
3. Do one of the following: l l
If a NAS server is already selected (name appears after Data Mover Management), go to step 4.
If a NAS server is not selected: a. Right-click Data Mover Management, and select Connect to Data Mover from the shortcut menu.
EMC VNXe Series 3.1 Configuring Hosts to Access CIFS File Systems
Managing CIFS File System Storage with Windows Tools b. In the Select Data Mover dialog box, select a NAS server using one of the following methods: n
In the Look in list, select the domain in which the NAS server you want to manage is located, and select the NAS server from the list.
n
In the Name field, type the network name or IP address of the NAS server.
4. Double-click Data Mover Management, and double-click Data Mover Security
Settings.
5. Right-click Audit Policy, and select Disable Auditing from the shortcut menu.
Accessing the security log for a NAS server
By default, each NAS server stores its Windows security log at c:\security.evt, which has a size limit of 512 KB. You can directly access this security log through the C$ share of each NAS server with:
\\storage_server_netbios_name\C$\security.evt
where storage_server_netbios_name is the NetBIOS name of the NAS server.
Copying a share snapshot
This topic lists the steps to copy a share snapshot by using Windows Explorer.
Procedure
1. Access the NAS server that has the share that you want to copy by one of these methods: l
Browse to the NAS server in Windows Explorer.
l
Select Start
>
Run
>
\\ NAS_server_name .
2. In the NAS server, right-click the share with the snapshot that you want to copy, select
Properties.
3. Click the Previous Versions tab.
4. Select the snapshot (previous version) that you want to copy and click Copy.
A writeable copy of the snapshot is created in the location that you specify.
Restoring a share snapshot
This topic lists the steps to restore a share snapshot.
Restoring a storage resource to a snapshot returns (rolls back) the storage resource to the previous state captured by the snapshot. During the restore, the entire storage resource, including all files and data stored on it, is replaced with the contents of the snapshot.
NOTICE
To prevent data loss, ensure that all clients have completed all read and write operations to the storage resource that you want to restore.
Procedure
1. Access the NAS server that has the share that you want to copy by one of these methods:
Accessing the security log for a NAS server
31
Managing CIFS File System Storage with Windows Tools l
Browse to the NAS server in Windows Explorer.
l
Select Start
>
Run
>
\\ NAS_server_name .
2. In the NAS server, right-click the share with the snapshot that you want to copy, select
Properties.
3. Click the Previous Versions tab.
4. Select the snapshot (previous version) that you want to restore and click Restore.
Results
The restore operation does the following: l l l
For files that are in the current version, but not in the previous version being restored
— Leaves these files unchanged on the share.
For files that are in both the previous version being restored and the current version
— Overwrites the files on the share with the contents of these files from the previous version.
For files that are in the previous version being restored, but not in the current version
— Adds these files to the share.
For example, suppose the following: l l
The current version has files a, b, and f.
The previous version being restored has files a, f, and g.
The restored version will have file b with the contents from the current version and files a, f, and g with the contents from the previous version.
32
EMC VNXe Series 3.1 Configuring Hosts to Access CIFS File Systems
CHAPTER 4
Using FLR with VNXe
This chapter contains the following topics.
l l l l l
............................................................................... 34
................................................................................ 36
Installing the FLR Toolkit on a host
........................................................................ 38
...................................................................................39
............................................................................................39
Using FLR with VNXe
33
Using FLR with VNXe
FLR terminology and concepts
This topic defines terminology and describes concepts that are important in understanding how file-level retention (FLR) works for file system storage.
The VNXe NAS server supports file-level retention (FLR) for file system storage. FLR allows you to set file-based permissions on a file system to limit write access for a specified retention period. An FLR-enabled file system: l l l
Safeguards data while ensuring its integrity and accessibility by letting you create a permanent set of files and directories that users cannot alter through CIFS or FTP.
Simplifies the task of archiving data on standard rewriteable magnetic disks through standard CIFS operations.
Improves storage management flexibility.
NOTICE
Once you enable FLR for a file system, you cannot disable it. When FLR is enabled, you can get into situations where you may not be able to delete files that you need to delete.
Do not enable FLR unless you are certain that you want to use it and you know what you are doing.
NOTICE
Do not use Windows Explorer to lock files in an FLR-enabled file system. Windows
Explorer sets the time of the file to the current date and time before making it read-only, which causes the file to be locked forever. If you want to use Windows Explorer to set or manage retention dates or to lock files in an FLR-enabled file system, you must install the
FLR toolkit.
FLR terminology
CLEAN state
Initial state of a file when it is created. You treat a CLEAN file in the same manner as any file in a file system not enabled for file-level retention. This means that clients and users can rename, modify, and delete a CLEAN file until it is committed to FLR.
EXPIRED state
State of a file when its retention period expires. Clients and users can revert a file in the EXPIRED state back to the FLR state or delete a file in the EXPIRED state from the
FLR file system.
FLR state
State of a file when its read/write permission is changed to read-only in a file system enabled for file-level retention. Clients and users cannot delete files committed to the FLR state until their retention period expires.
Basic FLR concepts
34
This topic describes basic FLR concepts including enabling a file system for FLR, FLR states, and managing an FLR file system.
You can enable file-level retention on a specified file system only at creation time. When you create a new file system with file-level retention enabled, the file system is persistently marked as an FLR file system and clients and users can apply FLR protection on a per-file basis only.
EMC VNXe Series 3.1 Configuring Hosts to Access CIFS File Systems
How FLR works
Using FLR with VNXe
A file in an FLR file system is in one of these possible states: CLEAN, FLR, or EXPIRED. You manage files in the FLR state by setting retention by directory or batch process, which means you manage the file archives on a file system basis, or by running a script to locate and delete files in the expired state.
You can delete an FLR file system, but you cannot delete or modify files that are in the FLR state. The path to a file in the FLR state is also protected from modification, which means that you cannot rename or delete a directory on an FLR file system unless it is empty.
This topic describes FLR state transitions for FLR-enabled file systems.
A file in an FLR file system transitions between these possible states: CLEAN, FLR, or
EXPIRED. The transition between these states is based on the file's last access time (LAT) and read-only permission.
When a file is created, it is in the CLEAN state. A CLEAN file is treated exactly like a file in a file system that is not enabled for file-level retention; clients and users can rename, modify, or delete the file.
Note
The file's current state is not visible to the user. Also, access to a file in the CLEAN state causes the file's LAT to change. For example, antivirus scanning, backing up, or searching file contents modifies the LAT on a file.
When you change the permissions on a CLEAN file from read/write to read-only, the file transitions from the CLEAN state to the FLR state, and is committed to FLR. Clients and users cannot modify or delete a file in the FLR state. Also, the path to any file in the FLR state is protected from modification. This means that clients and users of a directory on an FLR file system cannot rename or delete the directory unless it is empty, and they can delete FLR files only after their retention date has passed.
A retention date specifies the date and time when a file's FLR protection expires. EMC suggests specifying a retention period before you lock a file to FLR. Otherwise, the system defaults to a infinite retention period. In this case, you can explicitly set a shorter retention period. You can set a file's retention date by modifying the file's last access time to a future expiration date and time. This future date and time represents the end of the file's retention date.
A file transitions from the FLR state to the EXPIRED state when its reaches its retention date. Only a file’s owner or administrator can delete a file in the EXPIRED state. File-level retention does not perform automatic deletion of files in an EXPIRED state. You must delete expired files explicitly by using the FLR Toolkit.
If necessary, you can revert a file from the EXPIRED state back to the FLR state by extending its retention period to a date beyond the expiration date of the original retention date. To extend a retention period, change the file's LAT to a time beyond the original expiration date. Although you can extend a file's retention period, you cannot shorten it. If you specify a new access time that is before the current access time for the file, the VNXe NAS server rejects the command. With the exceptions of extending a file's retention period and modifying a user or group's read permissions to the file, you cannot edit the file's metadata during the retention period.
When you copy a read-only file from a regular file system to a FLR file system, the file is not committed to the FLR state. When the copy is complete, the file is in the CLEAN state.
How FLR works
35
Using FLR with VNXe
FLR restrictions
This topic describes the FLR restrictions that you must observe when using FLR to manage file systems.
l l l l l
You must set the level of file-level retention when you create the file system and you cannot change it after file system creation.
VNXe clients or users cannot modify or delete Files that are in the FLR state. The path to a file in the locked state is also protected from modification, which means that a directory on an FLR-enable file system cannot be renamed or deleted unless it does not contain any protected files.
If you are using the EMC Common AntiVirus Agent (CAVA), EMC strongly recommends that you update all the virus definition files on all resident antivirus (AV) engines in the CAVA pools, and periodically run a full scan of the file system to detect infected
FLR files. When an infected locked file is discovered, the resident AV cannot repair or remove an infected file. Although you can delete the file only after its retention date has passed, you can change the file’s permission bits to restrict read access to make the file unavailable to users. CAVA’s scan-on-first read functionality does not detect a virus in a locked file. The CAVA documentation on the EMC Online Support website
( http://www.emc.com/vnxesupport ) provides information about CAVA.
Although file-level retention supports all backup functionality, the FLR attribute is not preserved in a Network Data Management Protocol (NDMP) backup. As a result, when you use NDMP backup, you must make sure that the files are restored to a VNXe file system with file-level retention enabled. If you restore a file from an NDMP backup whose retention date has expired, the file system has an infinite retention date after it is restored. If you want to protect the file, but do not want it to have an infinite retention date, restore the file to a non-FLR file system, and then copy it back into an
FLR system.
The root file system of a nested mount cannot be a file system with file-level retention enabled.
System requirements for FLR
This topic describes the software, hardware, network, and storage configurations required for using file-level retention with the VNXe NAS server.
Table 7 on page 36 lists the FLR system requirements.
Table 7 FLR system requirements
Component Requirement
Software
Hardware
Network
Storage
FLR Toolkit (latest version)
Host running a Windows operating system supported by the FLR Toolkit. The support matrix on the EMC Online Support website ( http://www.emc.com/ vnxesupport ) provides information about the supported operating systems.
No specific network requirements.
No specific network requirements.
36
EMC VNXe Series 3.1 Configuring Hosts to Access CIFS File Systems
Using FLR with VNXe
Windows .NET Framework requirement
The Windows .NET Framework 2.0 must be installed on the host for the FLR Toolkit installation to be successful.
Window requirements for FLR Monitor
Table 8 on page 37 lists the scenarios for the FLR Monitor service account and domain
trust relationships. Each scenario describes the required privilege actions that you should perform to ensure that the Monitor can run as a service on the Windows host. In
Windows domain trust relationships, the direction of trust is very important. The terms
“trusted” and “trusting” and their defined directions in the table are used in the same way that Microsoft describes them.
Table 8 Scenarios and required privilege-granting actions
Is the service account a member of its domain’s
Domain
Admins group?
Yes
Is the host a member of a domain that is trusted by the service account’s domain?
Yes
Is the host a member of the same domain as the service account?
Actions required
No
Yes
Yes
No
No
No
No
Yes
No
Yes
No
Yes
No
Add either the Domain Admins group or the service account to the host’s local administrators group. For example, if the server account is domain A\someuser, add either domainA/Domain Admins or domainA
\someuser.
Add either the Domain Admins group or the service account to the host’s local administrators group. For example, if the server account is domain A\someuser, add either domainA/Domain Admins or domainA
\someuser.
Add the service account to the server’s local administrators group. The Domain Admins group is not sufficient. For example, if the service account is domainA\someuser, add domainA\someuser.
Add the service account to the server’s local administrators group. For example, if the service account is domainA\someuser, add domainA\someuser.
Add the service account to the server’s local administrators group. The Domain Admins group is not sufficient. For example, if the
Windows .NET Framework requirement
37
Using FLR with VNXe
Table 8 Scenarios and required privilege-granting actions (continued)
Is the service account a member of its domain’s
Domain
Admins group?
Is the host a member of a domain that is trusted by the service account’s domain?
Is the host a member of the same domain as the service account?
Actions required service account is domainA\someuser, add domainA\someuser.
Installing the FLR Toolkit on a host
This topic lists the steps to install the FLR Toolkit on a host. You can install the FLR Toolkit on any Windows host that is running in the network that has access to the VNXe NAS server with the files that you want to retain.
Procedure
1. Log in to the Windows host through an account with administrator privileges.
2. Download the software package that you want to install as follows: a. Navigate to the software download section on the EMC Online Support website
( http://www.emc.com/vnxesupport ).
b. Choose the software package that you want to install, and select the option to save the software to the host.
3. In the directory where you saved the software, double-click the executable file to start the installation wizard.
4. On the Welcome page, click Next.
5. Read the License Agreement and accept the terms of License agreement by clicking
Next.
6. Enter the username and organization, and click Next.
7. Specify the destination folder for the installation of the FLR Toolkit, and click Next.
8. On the Setup type page, select Complete or Custom as the setup type, and click Next.
9. In the Logon information page, specify and/or browse for the domain credentials for the user logon account that will log on to the FLR Toolkit, and click Next.
These credentials are: l l
Username, which should be domain/Administrator, where domain is the domain name
Password for domain/Administrator
10.Review the installation settings and if they are correct, click Install.
11.Click Finish to complete the installation.
38
EMC VNXe Series 3.1 Configuring Hosts to Access CIFS File Systems
Using FLR with VNXe
Configuring the FLR monitor
This topic lists the steps to configure the FLR monitor that is included with the FLR Toolkit.
Procedure
1. Open the FLR monitor service, which is included with the FLR Toolkit.
2. On the FLR Connections tab, click Add.
3. On the Directory Options tab in the Retention Source Configuration page, click
Browse to select the retention source.
4. Select the CIFS share that was created over the FLR file system as the retention source.
5. In the Retention Source Configuration page, select the option to monitor subdirectories and click OK.
6. On the Monitoring Options tab, select the monitoring method: l l
Fast (event based) — The retention policy is applied as soon as the archive files are generated.
Polling (schedule-based) — The retention policy is applied according to a particular schedule.
7. On the FLR options tab, set retention to the required retention policy, and click OK.
Note
The incremental date and time policy applies the retention so that the retention date is applied incrementally for the archive files generated at different points of time.
8. In the FLR monitor service page, on the FLR Connections tab, select the connection entry and click Apply.
9. In the Confirmation page, click Yes to confirm the application of the retention policy, and click OK.
Using the FLR monitor
This topic describes using the FLR monitor. Tasks include: l l
Committing a read-only file to the FLR state on page 39
Creating FLR queries on page 40
Committing a read-only file to the FLR state
This topic lists the steps to commit a read-only file to the FLR state. This task is required after copying a file to a CIFS file system enabled for file-level retention.
Procedure
1. Change permission on the file to read/write.
2. Set a retention period.
3. Commit the file to the FLR state.
Additionally, file systems with file-level retention enabled always enforce synchronization of the DOS (CIFS) read-only bit.
Configuring the FLR monitor
39
Using FLR with VNXe
Creating FLR queries
This topic lists the steps to create an FLR query by using the FLR Explorer tool.
After the FLR monitor service is started, you can use the FLR Explorer tool, which is automatically installed with the FLR ToolKit, to create queries for viewing retained or expired files. You can execute queries on the retention source with the build a query feature of FLR Explorer. You can provide the following parameters for the query: l l l l
Type of files — Retained files, files in a non-WORM state, files in specific retention state
Retention source
Extension of files to include or exclude
Subdirectories also in the search path
Procedure
1. Open the FLR Explorer application from C:\Program Files (x86)\EMC\FLR
Toolkit\FLR Explorer.
2. In the FLR Explorer, select Build a Query.
3. In the Query Builder page, provide the type of file to search for, such as retained files, files in specific retention state, or files in non-WORM state.
4. Provide the retention source.
5. Optionally include or exclude files by specifying their extensions.
6. Click OK.
A list of expired files from the FLR Explorer is displayed. Similarly you can display the list of retained files by building another query using the FLR explorer.
40
EMC VNXe Series 3.1 Configuring Hosts to Access CIFS File Systems
CHAPTER 5
Using CEE CAVA with VNXe
This chapter contains the following topics: l l l
...................................................................................................... 42
System requirements and limitations
.................................................................... 43
Setting up CEE CAVA for VNXe NAS servers
............................................................ 43
Using CEE CAVA with VNXe
41
Using CEE CAVA with VNXe
CAVA overview
The VNX Common Event Enabler (CEE) provides an antivirus solution (Common Anti-Virus
Agent) for clients using the VNXe system. It uses industry-standard Common Internet File
System (CIFS) protocols in a Windows 8, Windows 7, Windows Server 2012, Windows
Server 2008, or Windows Server 2003. The Common Anti-Virus Agent (CAVA) uses thirdparty antivirus software to identify and eliminate known viruses before they infect files on the VNXe system. Although the VNXe NAS servers (Data Movers) are resistant to viruses,
Windows clients also require protection. The virus protection on the client reduces the chance that the client stores an infected file on the Storage Server and protects the client if it opens an infected file.
The CEE solution uses the following components: l l
VNXe NAS server running the CEE CAVA virus-checking client
Third-party antivirus (AV) engine l
CEE CAVA software
A third-party AV engine and the CEE CAVA software must be installed on at least one
Windows Server 2012, Windows Server 2008, or Windows Server 2003 or one Windows 7 or Windows 8 workstation in the domain with the VNXe system. Such a server is an AV server.
Note
If the third-party AV software runs on a Windows 7 or Windows 8 workstation, CEE CAVA can also run on the Windows 7 workstation.
VNXe NAS servers
The VNXe NAS servers manage operations for Windows file systems and shares (CIFS),
Linux/UNIX file systems and shares (NFS), or both. For a CEE CAVA solution, the VNXe system requires one or more NAS servers configured for CIFS shares or for both CIFS and
NFS shares.
CEE CAVA virus-checking client
The virus-checking (VC) client is a CEE CAVA agent that runs on the VNXe NAS server. The
VC client interacts with the AV engine, which processes requests from the VC client.
Scanning for viruses is supported only for CIFS access. While the scan or other related actions take place, access to the file from any CIFS client is blocked.
The VC client does the following: l l
Queues and communicates the names of the files to CEE CAVA for it to scan.
Provides and acknowledges event triggers for scans. Possible event triggers include: n n n
A file is renamed on the VNXe system.
A file is copied or saved to the VNXe system.
A file is modified and closed on the VNXe system.
Third-party antivirus software support
The CEE CAVA solution uses third-party antivirus software, called an AV engine, to identify and eliminate known viruses before they infect files on the VNXe system. For the AV
42
EMC VNXe Series 3.1 Configuring Hosts to Access CIFS File Systems
Using CEE CAVA with VNXe engines that EMC supports, refer to the VNXe support matrix on the EMC Online Support website ( http://www.emc.com/vnxesupport ).
CEE CAVA software
The CEE CAVA software is an application developed by EMC that runs on a Windows server (called an AV server). It communicates with a standard antivirus engine running on one or more servers to scan CIFS files stored on a VNXe or VNX system or Celerra Network
Server.
VNX CIFS Management snap-in
EMC VNX CIFS Management snap-in is an MMC snap-in to Unisphere. Use this snap-in to view or modify the CEE virus-checking parameters for the VNXe NAS servers.
System requirements and limitations
The CEE CAVA solution requires the following: l l l l l l
A VNXe system with a NAS server configured on the network.
Each VNXe NAS server should have a CAVA pool consisting of a minimum of two CAVA servers. This is specified in the NAS server's viruschecker.conf file.
EMC VNX CIFS Management snap-in installed on a client system that has access to the VNXe domain. For information about installing this snap-in, see
Installing host software for CIFS on page 9 .
If you are using Windows Server 2008, you must manually compile the cava.mof file while using the EMC cavamon sizing tool.
Third-party antivirus software running on one or more AV servers in the domain. CEE
CAVA supports 32-bit and 64-bit Windows environments and corresponding thirdparty AV engines. The version of the AV engine version that is required depends on the operating system. For the latest third-party software system requirements, consult the appropriate third-party vendor website or documentation.
CEE CAVA software installed on each AV server in the domain.
File-level retention
We strongly recommend that the antivirus (AV) administrator update the virus definition files on all resident AV engines in the CEE CAVA pools, and periodically run a full scan of the file system to detect infected file-level retention (FLR) files.
Non-CIFS protocols
The CEE CAVA solution is for clients running the CIFS protocol only. If clients use the NFS or FTP protocols to move or modify files, the CEE CAVA solution does not scan these files for viruses.
Setting up CEE CAVA for VNXe NAS servers
To implement a CEE CAVA solution for VNXe NAS servers, perform these tasks: l l
Configuring the domain user account on page 44
Configuring virus checker parameters on page 46
CEE CAVA software
43
Using CEE CAVA with VNXe l l l
Installing third-party antivirus software on page 48
Installing CEE CAVA on page 48
Starting the CEE AV engine on page 49
Configuring the domain user account
This topic lists the steps to configure the domain user account with virus-checking rights.
The CEE CAVA installation requires a Windows user account that the VNXe NAS servers recognize as having the EMC virus-checking privilege. This user account lets the NAS servers distinguish CEE CAVA requests from all other client requests.
Procedure
1. Create an Active Directory domain user account for the antivirus user: a. Log in to the Windows Server 2012, Windows Server 2008, or Windows Server
2003, as the Domain Administrator.
b. From the taskbar, click Start and select Settings
>
Control Panel
>
Administrative
Tools
>
Active Directory Users and Computers.
c. In the VNX Management Console tree, right-click Users, and select New
>
User d. In the New Object - User dialog box, specify the first name, last name, and user logon name for the new user, and click Next.
e. In the Password dialog box: a. Enter and confirm a password.
b. Select Password never expires.
c. Click Next, then click Finish.
The CEE CAVA service will run in the context of this account.
2. Create a local group for each NAS server in the domain, and add the new antivirus user (virususer), which you created in step 1.
a. In Active Directory Users and Computers, double-click EMC Celerra, and click
Computers.
b. In the Computer pane, right-click the NAS server, and select Manage.
c. In the Computer Management window, under System Tools, double-click Local
Users and Groups.
d. Right-click Groups and select New Group.
e. In the New Group dialog box, enter a group name (for example, viruscheckers) and a description of the group, and click Add.
f. In the Select Users, Computers, or Groups dialog box:
For Windows 8, Windows 7, Windows Server 2012, Windows Server 2008 or
Windows Server 2003: a. Enter the name of the AV user account that you created in step 1.
b. Click Check Names.
c. Click OK to close the Select Users, Computers, or Groups dialog box, and then click OK to return to the New Group dialog box.
g. Click Create, and click Close.
The group is created and added to the Groups list.
44
EMC VNXe Series 3.1 Configuring Hosts to Access CIFS File Systems
Using CEE CAVA with VNXe
3. Assign the EMC virus-checking rights to the new local group:
Note
You cannot use Microsoft Windows Local Policy Setting tools manage user rights assignments on a VNXe file system because these tools do not let you to manage user rights assignments remotely.
a. Click Start and select Settings
>
Control Panel
>
Administrative Tools
>
EMC VNX File
CIFS Management.
b. If the VNXe NAS server is already selected (name appears after Data Mover
Management), go to step 3e.
c. If the VNXe NAS server is not selected: a. In the VNX Management window, right-click Data Mover Management and select Connect to Data Mover.
b. In the Select Data Mover dialog box, select the VNXe NAS server either by selecting the domain in the Look in: list box and then selecting the NAS server from the list or by entering the computer name, IP address or NetBIOS name of the VNXe NAS server in the Name box.
d. Double-click Data Mover Management, and double-click Data Mover Security
Settings.
e. Click User Rights Assignment, and in the right pane, double-click EMC Virus
Checking.
f. In the Security Policy Setting dialog box, click Add.
g. In the Select Users or Groups window: a. Select the NAS server from the Look in: list box.
b. Select the antivirus group that you created in step 2.
c. Click Add, and then click OK to return to the Security Settings dialog box.
h. Click OK.
The EMC Virus Checking policy now shows the file systems local group. Although this right is a local privilege and not a domain privilege, it still distinguishes antivirus users from other domain users.
4. Assign local administrative rights to the antivirus user account on each host that will run antivirus engine software, that is, that will be an AntiVirus (AV) server.
Note
If the AntiVirus server is a domain controller, the virus-checking user account should join the domain administrator group instead of the local administrator group because the local administrator group is not managed on a domain controller.
For each AV server in the domain: a. Click Start and select Settings
>
Control Panel
>
Administrative Tools
>
Computer
Management b. In the Computer Management window, from the Action menu, select Connect to
Another Computer.
c. In the Select computer window, select the virus-checker (AV) server and click OK.
Configuring the domain user account
45
Using CEE CAVA with VNXe d. In the Computer Management window: a. Expand System Tools.
b. Expand Local Users and Groups.
c. Click Users.
e. Right-click the name of the AV user account that you created in step 1, and select
Properties.
f. In the Account Properties window, click the Members of tab, and click Add.
g. In the Select Groups dialog box, in the Enter the object names to select box, enter
Administrators, and click OK.
h. Click OK to close the Account Properties dialog box.
Configuring virus checker parameters
This topic lists the steps to configure virus checker parameters.
Procedure
1. From the taskbar, click Start and select Settings
>
Control Panel
>
Administrative Tools
>
EMC VNX File CIFS Management.
2. In the VNX Management Console tree, expand the Data Management node (for a VNXe system, the entries represent the NAS servers).
The AntiVirus mode appears in the console tree. The status of the AntiVirus service for the selected VNXe NAS server is either Stopped or Running.
Note
If you did not select a NAS server, you must select one before you can use the
AntiVirus Management snap-in. If a NAS server is selected, its name appears next to the Data Management node in the console tree.
3. Click the AntiVirus node.
The list of parameter settings appears in the details pane.
4. In the details pane: a. Right-click the parameter that you want to change, and select Properties.
The Properties dialog box for that parameter appears. For a description of the parameters, refer to
Configurable AntiVirus node parameters on page 46 .
b. If the parameter contains multiple settings, enter the values for the settings, click
Add, and then click OK.
c. If the parameter contains a single setting, enter the value for the setting, and click
OK.
Configurable AntiVirus node parameters
Table 9 on page 47 lists the configurable parameters for an AntiVirus node.
46
EMC VNXe Series 3.1 Configuring Hosts to Access CIFS File Systems
Using CEE CAVA with VNXe
Table 9 Configurable AntiVirus node parameters
Parameter masks=
Description
File extensions to scan.
Example
Scan all files:
*.*
Scan only .exe, .com, .doc, and .ppt files:
*.exe:*.com:*.doc:*.ppt
excl= addr=
Files or file extensions to exclude during scanning.
pagefile.sys:*.tmp
IP addresses of the AV servers. Single server:
192.16.20.29
Multiple servers:
192.16.20.15:192.16.20.16:192.16.20.17
CIFSserver Name of the NAS server. If you do not provide a name, the default NAS server is used.
cifsserver1 maxsize=n Maximum file size in hex that is checked. Files that exceed this size are not checked.
0x1000000
RPCRequestTimeout RPC request timeout in msec.
The default is 25000 msec.
RPCRetryTimeout
25000
RPC retry timeout in msec. If the AV server does not answer a request from the NAS server within the time specified in the
PRCRetryTImeout interval, the
NAS server retries sending the request until the
RPCRequestTimeout value is reached. The default
RPCRetryTimout is 5000 msec.
5000 surveyTime=n Time interval in seconds to scan for all known AV servers.
This parameter works with the shutdown parameter below. If an AV server does not answer a request, the selected shutdown parameter determines the action to take.
The minimum surveyTime is 1 second, the maximum is
4,294,967,295 seconds, and the default is 10 seconds.
10 highWaterMark=xxx When the number of requests in progress becomes greater than the highWaterMark, a log event is sent to the NAS server.
200
Configuring virus checker parameters
47
Using CEE CAVA with VNXe
Table 9 Configurable AntiVirus node parameters (continued)
Parameter Description Example lowWaterMark=xxx When the number of requests in progress becomes lower than the lowWaterMark, a log event is sent to the NAS server.
The default lowWaterMark value is 50.
50 shutdown
The default highWaterMark is
200.
Action taken when an AV server is not available.
For shutdown=no, continue retrying the list of AV servers if no AV server is available. Two watermarks exist: low and high. When each is reached, a log event is sent to the VNXe
NAS server.
For shutdown=cifs, stop CIFS if no AV server is available.
(Windows clients cannot access any VNXe shares.)
For shutdown=viruschecking, stop virus checking if no AV server is available. (Windows clients can access any VNXe shares without virus checking.)
Options include: shutdown=no shutdown=cifs shutdown=viruschecking
Installing third-party antivirus software
You must install a supported third-party antivirus software package (AV engine) on each host in the domain that will be an AV server. To ensure that file scanning is maintained if an AV server goes offline or cannot be reached by the VNXe NAS server, you must configure at least two AV servers in the domain. For the latest list of supported AV engines and versions, refer to the EMC E-Lab
™
Interoperability Navigator on the EMC
Online Support website ( http://support.emc.com
).
You must install any supported third-party antivirus software package, except for the
Trend MicroServerProtect package, on a host before installing CEE CAVA on a host. If you want to install Trend MicroServerProtect antivirus software on a host, install CEE CAVA
first as described in Installing CEE CAVA on page 48 .
Installing CEE CAVA
This topic provides important information that you should know before installing CAVA.
You must install CEE CAVA on each host in the domain that will be an AV server.
48
EMC VNXe Series 3.1 Configuring Hosts to Access CIFS File Systems
Using CEE CAVA with VNXe
Removing old versions of CEE CAVA
If an AV server has a previous version of CEE CAVA installed, remove that version of CEE
CAVA, reboot the server, and then install the new version of CEE CAVA. Use the Windows
Control Panel’s Add/Remove Programs window to remove old versions of CEE CAVA. You must have local administrative privileges to remove programs.
Note
If you do not remove the previous version of CEE CAVA before upgrading, you can choose the Remove option on the initial installation page to first remove the previous version, then continue with the installation.
Reinstallation of CEE CAVA
During a reinstallation of CEE CAVA, you may see an overwrite protection message if the installation files were previously unpacked to the temporary directory. If you see this message, from the Overwrite Protection message window, click Yes to All to overwrite the existing files. This process ensures that the latest version of the files exist in the temporary directory.
Install CEE CAVA software from the VNX Event Enabler CD as described in EMC VNX
Network Server - Using the CEE Common AntiVirus Agent .
Starting the CEE AV engine
This topic lists the steps to start the CEE AV engine (virus-checking agent) on the VNXe system.
Procedure
1. In the VNXe Unisphere, select Settings
>
NAS Server Settings.
2. In the Other Options section, click Start Antivirus.
Results
The Antivirus status changes to Antivirus is running.
Note
If the shutdown antivirus node parameter is set to no, the status "running" does not necessarily mean that the antivirus is working. Check System
>
System Alerts to verify that the antivirus servers are online. To avoid issues with client access, ensure that all the antivirus servers are accessible and there are no issues with the configuration. For more information on the shutdown antivirus node parameter or other related
parameters, refer to Configurable antivirus node parameters on page 47
.
Starting the CEE AV engine
49
Using CEE CAVA with VNXe
50
EMC VNXe Series 3.1 Configuring Hosts to Access CIFS File Systems
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project