Active IQ Unified Manager Discussions

clustered Data ONTAP with OCUM

edgel
8,492 Views

Thank you for the great post.   Too bad we do not have any clustered Data ONTAP collateral in that list.   I now have several customers struggling to get their OnCommand Unified Manager servers set up in a least privilege, best practices mode with polling intervals and alerting relevant/friendly to clustered Data ONTAP.   I know version 5.1 will be superseded by 6.0 soon, but we still need a guide for leveraging the reporting we have today and also for getting it set up as a datasource for OnCommand Workflow Automation.   Before I go off and struggle through producing this on my own for my customers, I thought I would check to see if anyone else has started such a report.

3 REPLIES 3

adaikkap
8,492 Views

Hi Todd,

     The OCUM 5.2 is supported only with cluster admin users. There is no tested or certified user with least privileges.

Also the default polling interval is already pre shipped with the product. Alerts are up to the customer to create what they like to be alerted or they consider critial.

Regards

adai

edgel
8,492 Views

Thanks again!  I am a bit confused as to why admin privileges would be needed in the cDOT product, given that it performs only read activities.   So far, here is the list of things I cannot do in cDOT that might have required admin privileges (in addition to SSH access):

*dfm run cmd

Anything else I am missing?  My customer and I are both running OCUM 5.x with a read-only custom user/role and seem to be able to perform all necessary reporting/alerting.  We are planning to use WFA custom workflows for all provisioning and data protection activities (since no such capability exists in OCUM 5.x for cDOT).   We also cannot do configuration management, so this tool strikes us as a read-only interface not needing admin privileges/role on the filer for ONTAPI or SNMP.   I do see some possible use cases for admin privilege for dfm run cmd but if this is not required, I really cannot see a reason to provide such elevated permissions now that OCUM has effectively become a view only reporting tool with its current feature set.  So, I will continue to steer my customer toward the supported configuration (full cluster admin rights), but at the moment I do not see what they will miss out on without them and agree that a read-only role seems sufficient based on my current lab investigation.    

Regarding polling, we used to be able to tune the polling/retention intervals for 7-Mode with 'dfm perf data list' and 'dfm perf data modify' commands.  DFM perf data list still works, but dfm perf data modify does not.   Is there another easy way to increase the retention time and decrease the polling interval to something more WAN friendly under cDOT? 

Here is an example of some settings I have used in the past on 7-Mode. 

REM WAN Settings

for %%r in (netappdr, netappdr2) do (

dfm perf data modify -G system  -o %%r -s 30m -r 12week -f

dfm perf data modify -G disk  -o %%r -s 30m -r 12week -f

dfm perf data modify -G aggregate  -o %%r -s 30m -r 12week -f

dfm perf data modify -G ifnet  -o %%r -s 5m -r 12week -f

dfm perf data modify -G nfsv3  -o %%r -s 30m -r 12week -f

dfm perf data modify -G nfsv4  -o %%r -s 30m -r 12week -f

dfm perf data modify -G prisched  -o %%r -s 30m -r 12week -f

dfm perf data modify -G target  -o %%r -s 30m -r 12week -f

dfm perf data modify -G lun  -o %%r -s 30m -r 12week -f

dfm perf data modify -G volume  -o %%r -s 30m -r 12week -f

dfm perf data modify -G cifs  -o %%r -s 30m -r 52week -f

dfm perf data modify -G fcp  -o %%r -s 30m -r 12week -f

dfm perf data modify -G iscsi  -o %%r -s 30m -r 52week -f

dfm perf data modify -G vfiler  -o %%r -s 30m -r 12week -f

dfm perf data modify -G processor  -o %%r -s 5m -r 12week -f

dfm perf data modify -G perf -o %%r -s 30m -r 52week -f

dfm perf data modify -G priorityqueue  -o %%r -s305m -r 12week -f                

dfm perf data modify -G wafl  -o %%r -s 30m -r 12week -f

dfm perf data modify -G qtree  -o %%r -s 30m -r 12week -f

)

dfm perf data list

They no longer work in cDOT.   Any suggestions appreciated:

Regards,

-Todd

adaikkap
8,492 Views

Hi Todd,

Thanks again!  I am a bit confused as to why admin privileges would be needed in the cDOT product, given that it performs only read activities.   So far, here is the list of things I cannot do in cDOT that might have required admin privileges (in addition to SSH access):

*dfm run cmd

You are right. I did not say you would need admin privileges, all I said way we  haven't tested with a limited capability user or there is no certified/minimum set of capabilities.

Anything else I am missing?  My customer and I are both running OCUM 5.x with a read-only custom user/role and seem to be able to perform all necessary reporting/alerting.  We are planning to use WFA custom workflows for all provisioning and data protection activities (since no such capability exists in OCUM 5.x for cDOT).   We also cannot do configuration management, so this tool strikes us as a read-only interface not needing admin privileges/role on the filer for ONTAPI or SNMP.   I do see some possible use cases for admin privilege for dfm run cmd but if this is not required, I really cannot see a reason to provide such elevated permissions now that OCUM has effectively become a view only reporting tool with its current feature set.  So, I will continue to steer my customer toward the supported configuration (full cluster admin rights), but at the moment I do not see what they will miss out on without them and agree that a read-only role seems sufficient based on my current lab investigation.

Can you share your read only custom user, capabilities that you are using ?

Regarding polling, we used to be able to tune the polling/retention intervals for 7-Mode with 'dfm perf data list' and 'dfm perf data modify' commands.  DFM perf data list still works, but dfm perf data modify does not.   Is there another easy way to increase the retention time and decrease the polling interval to something more WAN friendly under cDOT? 

Here is an example of some settings I have used in the past on 7-Mode. 

REM WAN Settings

for %%r in (netappdr, netappdr2) do (

dfm perf data modify -G system  -o %%r -s 30m -r 12week -f

dfm perf data modify -G disk  -o %%r -s 30m -r 12week -f

dfm perf data modify -G aggregate  -o %%r -s 30m -r 12week -f

dfm perf data modify -G ifnet  -o %%r -s 5m -r 12week -f

dfm perf data modify -G nfsv3  -o %%r -s 30m -r 12week -f

dfm perf data modify -G nfsv4  -o %%r -s 30m -r 12week -f

dfm perf data modify -G prisched  -o %%r -s 30m -r 12week -f

dfm perf data modify -G target  -o %%r -s 30m -r 12week -f

dfm perf data modify -G lun  -o %%r -s 30m -r 12week -f

dfm perf data modify -G volume  -o %%r -s 30m -r 12week -f

dfm perf data modify -G cifs  -o %%r -s 30m -r 52week -f

dfm perf data modify -G fcp  -o %%r -s 30m -r 12week -f

dfm perf data modify -G iscsi  -o %%r -s 30m -r 52week -f

dfm perf data modify -G vfiler  -o %%r -s 30m -r 12week -f

dfm perf data modify -G processor  -o %%r -s 5m -r 12week -f

dfm perf data modify -G perf -o %%r -s 30m -r 52week -f

dfm perf data modify -G priorityqueue  -o %%r -s305m -r 12week -f                

dfm perf data modify -G wafl  -o %%r -s 30m -r 12week -f

dfm perf data modify -G qtree  -o %%r -s 30m -r 12week -f

)

dfm perf data list

They no longer work in cDOT.   Any suggestions appreciated:

Unfortunately the perf advisor capability in 5.1/5.2 for clustered data ontap is limited. When you meant customized polling I thought about general monitoring using API/SNMP like capacity, quota etc.

Pls take a look at this GSS video on what is the capabilites supported in Cluster-Mode of Performance Advisor.

Performance Advisor Features in OnCommand Unified Manager 5.1 for clustered Data ONTAP

Also take a look at this table on what is supported and not supported for cluster-Mode in 5.1

What's New in OnCommand Unified Manager 5.1 Release

Regards

adai

Public