From the 'vscan' man page: 'To remove all secondary scanners from the list, use a pair of double quotes ("") as the argument.' I hope this response has been helpful to you. At your service, Eugene E. Kashpureff ekashp@kashpureff.org Senior Systems Architect / NetApp Certified Instructor http://www.linkedin.com/in/eugenekashpureff (P.S. I appreciate points for helpful or correct answers.)
... View more
Is it NOT working for you in 8.0.1 7 mode ? I haven't tried it out yet, but it's in the man pages.: https://now.netapp.com/NOW/knowledge/docs/ontap/rel801rc3/html/ontap/cmdref/man1/na_fpolicy.1.htm There wasn't anything I saw in the release notes on it not working. I hope this response has been helpful to you. At your service, Eugene E. Kashpureff ekashp@kashpureff.org Senior Systems Architect / NetApp Certified Instructor http://www.linkedin.com/in/eugenekashpureff (P.S. I appreciate points for helpful or correct answers.)
... View more
Hmm, intersting. A copy paste just worked fine for me on a 7.3.1 system: Netapp01> useradmin user add my_user -g Users New password: Invalid password. Error: Password must have at least 8 characters New password: Retype new password: User <my_user> added. Netapp01> ? ? ? I hope this response has been helpful to you. At your service, Eugene E. Kashpureff ekashp@kashpureff.org Senior Systems Architect / NetApp Certified Instructor http://www.linkedin.com/in/eugenekashpureff (P.S. I appreciate points for helpful or correct answers.)
... View more
Underscore is valid for a username. It's probably that your new group has no roles assigned to it. Try using one of the existing groups - the group 'Users' is probably what you want. See also 'useradmin group list' I hope this response has been helpful to you. At your service, Eugene E. Kashpureff ekashp@kashpureff.org Senior Systems Architect / NetApp Certified Instructor http://www.linkedin.com/in/eugenekashpureff (P.S. I appreciate points for helpful or correct answers.)
... View more
Grant - Yes, it's a valid authentication model. You need to include '-g groupname' with your user add command. I hope this response has been helpful to you. At your service, Eugene E. Kashpureff ekashp@kashpureff.org Senior Systems Architect / NetApp Certified Instructor http://www.linkedin.com/in/eugenekashpureff (P.S. I appreciate points for helpful or correct answers.)
... View more
You could edit the config file without bringing down services, but you'd need to take a hit at some point when you reconfigure the interfaces. An interface must be configured in a down state before it can be added to a vif. You don't have to re-boot to test your new /etc/rc file. You can use the 'source' command - 'source /etc/rc'. I hope this response has been helpful to you. At your service, Eugene E. Kashpureff ekashp@kashpureff.org Senior Systems Architect / NetApp Certified Instructor http://www.linkedin.com/in/eugenekashpureff (P.S. I appreciate points for helpful or correct answers.)
... View more
On the NetApp side it is the 'vif' command ( or ifgrp in 8.0 ) to configure, along with 'ifconfig'. All interface configuration commands need to be included in /etc/rc to reconfigure at reboot time. I hope this response has been helpful to you. At your service, Eugene E. Kashpureff ekashp@kashpureff.org Senior Systems Architect / NetApp Certified Instructor http://www.linkedin.com/in/eugenekashpureff (P.S. I appreciate points for helpful or correct answers.)
... View more
There's no way I know of to throttle an ndmpcopy. options replication.throttle sez it only limits snapmirror/snapvault transfers. Your snapmirror then copy plan sounds good, given enough disk to create both aggrs on the destination. I hope this response has been helpful to you. At your service, Eugene E. Kashpureff ekashp@kashpureff.org Senior Systems Architect / NetApp Certified Instructor http://www.linkedin.com/in/eugenekashpureff (P.S. I appreciate points for helpful or correct answers.)
... View more
Ron - I haven't used a StoreVault system, but am familiar with the product. It's running Data ONTAP, but a simplified version of it. You don't get CLI or FilerView access. Autosupport can be configured from StoreVault Manager to send email alerts to an admin. These emails would notify of the failures you're looking for - NIC, drives, etc. There is support for Kerberos encryption in an NFS environ. I don't see IPsec or other encryption mentioned. I hope this response has been helpful to you. At your service, Eugene E. Kashpureff ekashp@kashpureff.org Senior Systems Architect / NetApp Certified Instructor http://www.linkedin.com/in/eugenekashpureff (P.S. I appreciate points for helpful or correct answers.)
... View more
Jeff - Not that I know about... If there was a best case for joint support it would have been the NetApp/Oracle team, but I've heard stories from customers with frustrations there recently. In my new role at a VAR it's one of those areas where I can see us delivering on the 'Value Add' peice of the puzzle. We have our own support that will manage joint escalation cases with our vendors for our clients. Good news - you have the community here to help ! What is the problem your client is having ? There are those here who'd like to try to solve your puzzle ... I hope this response has been helpful to you. At your service, Eugene E. Kashpureff ekashp@kashpureff.org Senior Systems Architect / NetApp Certified Instructor http://www.linkedin.com/in/eugenekashpureff (P.S. I appreciate points for helpful or correct answers.)
... View more
Thom - You mention you're using the latest version of the Host Utilities Kit. There's a known bug with the mbralign tool in the 5.2 HUK, you want to use the one included with the 5.1 version of the HUK. I hope this response has been helpful to you. At your service, Eugene E. Kashpureff ekashp@kashpureff.org Senior Systems Architect / NetApp Certified Instructor http://www.linkedin.com/in/eugenekashpureff (P.S. I appreciate points for helpful or correct answers.)
... View more
Yes - It could be. The other IPs you described as 'public'. You might not want to for security resons. From the Snapdive Best Practice Guide: Q. How can I ensure that SnapDrive traffic is routed to the correct interface on the storage system? A. Configure each network interface on the storage system by IP address rather than by host name. You can use SnapDrive to set the preferred IP address. Using a host name might work (SnapDrive will try to resolve it to an IP address), but there is no guarantee that it will: SnapDrive might not be able to discover the IP address and, if it does and there is more than one NIC, there still might not be a way to know which was intended. As of SnapDrive 3.1, configuring the interface by IP address ensures that SnapDrive traffic is routed correctly. Note: There is an additional consideration if you are using the iSCSI protocol. By default, any IP interface on the storage system, including the storage system's 10/100 e0 interface, will accept iSCSI commands, and this might not be what you want. To ensure that all iSCSI commands are processed by the storage system's GbE or Fast Internet interface, disable iSCSI processing on e0 by means of the following command: iswt interface disable e0 Caution: Do not allow this command to complete while there are active iSCSI sessions connected to the e0 interface (the storage system warns you when you issue the command if this is the case). You must first disconnect those sessions from the host, and that might entail scheduled downtime to allow you to shut down the applications using the affected LUNs. I hope this response has been helpful to you. At your service, Eugene E. Kashpureff ekashp@kashpureff.org NetApp Instructor and Independent Consultant http://www.linkedin.com/in/eugenekashpureff (P.S. I appreciate points for helpful or correct answers.)
... View more
It's my understanding that the 'Preferred Interface' is the interface used for Snapdrive to exeute API commands on the filer. This may be a different address than used for iSCSI data. You might want to use a different interface to keep your command traffic out of band from your data traffic, as it would be in a FC SAN environment. I hope this response has been helpful to you. At your service, Eugene E. Kashpureff ekashp@kashpureff.org NetApp Instructor and Independent Consultant http://www.linkedin.com/in/eugenekashpureff (P.S. I appreciate points for helpful or correct answers.)
... View more
Ken - You're correct with this thinking... The consideration is storage utilization versus the very small risk of corrupting the aggregate WAFL file system. From the Data ONTAP 'Storage Management Guide' (p 164): The following are additional facts and considerations if the root volume is on a disk shelf: • Data ONTAP supports two levels of RAID protection, RAID4 and RAID-DP. RAID4 requires a minimum of two disks and can protect against single-disk failures. RAID-DP requires a minimum of three disks and can protect against double-disk failures. The root volume can exist as the traditional stand-alone two-disk volume (RAID4) or three-disk volume (RAID-DP). Alternatively, the root volume can exist as a FlexVol volume that is part of a larger hosting aggregate. • Smaller stand-alone root volumes offer fault isolation from general application storage. On the other hand, FlexVol volumes have less impact on overall storage utilization, because they do not require two or three disks to be dedicated to the root volume and its small storage requirements. • If a FlexVol volume is used for the root volume, file system consistency checks and recovery operations could take longer to finish than with the two- or three-disk traditional root volume. FlexVol recovery commands work at the aggregate level, so all of the aggregate's disks are targeted by the operation. One way to mitigate this effect is to use a smaller aggregate with only a few disks to house the FlexVol volume containing the root volume. • In practice, having the root volume on a FlexVol volume makes a bigger difference with smaller capacity storage systems than with very large ones, in which dedicating two disks for the root volume has little impact. • For higher resiliency, use a separate two-disk root volume. Note: You should convert a two-disk root volume to a RAID-DP volume when performing a disk firmware update, because RAID-DP is required for disk firmware updates to be nondisruptive. When all disk firmware and Data ONTAP updates have been completed, you can convert the root volume back to RAID4. For Data ONTAP 7.3 and later, the default RAID type for traditional root volume is RAID-DP. If you want to use RAID4 as the raid type for your traditional root volume to minimize the number of disks required, you can change the RAID type from RAID-DP to RAID4 by using vol options vol0 raidtype raid4. Given the larger drive sizes we have these days and max sized aggregates as the norm I'd be more worried about my data being unavailable than the root volume. An alternative I've discussed in classes is to create an alternative root on a second aggregate that could be booted off of... For protection against a wafl_iron scenario being painful you may also wish to review an earlier discussion regarding aggregate snap shots and snap reserve: http://communities.netapp.com/message/41806 I hope this response has been helpful to you. At your service, Eugene E. Kashpureff ekashp@kashpureff.org NetApp Instructor and Independent Consultant http://www.linkedin.com/in/eugenekashpureff (P.S. I appreciate points for helpful or correct answers.)
... View more
Jim - What an interesting question. It's one I haven't been able to find the answer to ! They've got to be stored somewhere, but I can't find a file changing as I create/destroy an igroup on my sim, nor can I grep the igroup from any files. ? ? ? Best suggestion for a backup would be to write up a script to parse out an 'igroup show' command output. I hope this response has been helpful to you. At your service, Eugene E. Kashpureff ekashp@kashpureff.org NetApp Instructor and Independent Consultant http://www.linkedin.com/in/eugenekashpureff (P.S. I appreciate points for helpful or correct answers.)
... View more
Rodrigo - An aggregate is the physical storage. It is made up of one or more raid groups of disks. You can see the Data ONTAP 'Storage Management Guide' for documentation. A LUN is a logical representaion of storage. It looks like a hard disk to the client. It looks like a file inside of a volume. You can see the Data ONTAP 'Block Access Management Guide for iSCSI and FC' for documentation. I hope this response has been helpful to you. At your service, Eugene E. Kashpureff ekashp@kashpureff.org NetApp Instructor and Independent Consultant http://www.linkedin.com/in/eugenekashpureff (P.S. I appreciate points for helpful or correct answers.)
... View more
Sounds like a very reasonable plan to me... I hope this response has been helpful to you. At your service, Eugene E. Kashpureff ekashp@kashpureff.org NetApp Instructor and Independent Consultant http://www.linkedin.com/in/eugenekashpureff (P.S. I appreciate points for helpful or correct answers.)
... View more
B - Yes, you should combine aggr0 and aggr1. It makes no sense at all to me that some techs will deploy a dedicated aggr0 for vol0. It's a waste of disk space. I hope this response has been helpful to you. At your service, Eugene E. Kashpureff ekashp@kashpureff.org NetApp Instructor and Independent Consultant http://www.linkedin.com/in/eugenekashpureff (P.S. I appreciate points for helpful or correct answers.)
... View more
Yes - you can clone from FilerView as well as the command line. No - you don't want to split the clone from the parent. You'd miss out on space savings and performance gains. There's the 'igroup create' and 'lun map' steps I wrote of in my earlier post you will still need to take care of ... I hope this response has been helpful to you. At your service, Eugene E. Kashpureff ekashp@kashpureff.org NetApp Instructor and Independent Consultant http://www.linkedin.com/in/eugenekashpureff (P.S. I appreciate points for helpful or correct answers.)
... View more
They aren't config files - there's a few commands. For each clone - 'igroup create' to create a new igroup to map each LUN to it's server. 'lun map' to map each LUN to the each server. I hope this response has been helpful to you. At your service, Eugene E. Kashpureff ekashp@kashpureff.org NetApp Instructor and Independent Consultant http://www.linkedin.com/in/eugenekashpureff (P.S. I appreciate points for helpful or correct answers.)
... View more
A good boxing day to you, sir... Have you examined the syslog an auditlog records on the filer involved at the same time peiods ? I didn't see them in your included log mesgs ? I would want to correlate these when debugging. I hope this response has been helpful to you. At your service, Eugene E. Kashpureff ekashp@kashpureff.org NetApp Instructor and Independent Consultant http://www.linkedin.com/in/eugenekashpureff (P.S. I appreciate points for helpful or correct answers.)
... View more
Moncy - It is a manual operation to resync changes after recovery of the primary site, as is doing the 'snapmirror break' for failover. These operations could be scripted. There is some detail in the 'Data Protection Online Backup and Recovery Guide' portion of Data ONTAP documentation. I hope this response has been helpful to you. At your service, Eugene E. Kashpureff ekashp@kashpureff.org NetApp Instructor and Independent Consultant http://www.linkedin.com/in/eugenekashpureff (P.S. I appreciate points for helpful or correct answers.)
... View more
Jedd - You're not over thinking this. I've heard of issues ( recent ) with trying to do a multi-mode vif with 10g. Your second failover configuration using them seperate makes good sense. It's not a waste of pipe given 80% capacity on any given ether interface and bandwidth that will be used in failover. Aliasing IPs is common in VM implementations for load balance. Guarantees ? Failover and load balancing. See also: the ether storage guy vif survival guide... I hope this response has been helpful to you. At your service, Eugene E. Kashpureff ekashp@kashpureff.org NetApp Instructor and Independent Consultant http://www.linkedin.com/in/eugenekashpureff (P.S. I appreciate points for helpful or correct answers.)
... View more
Chris - Some clarification is needed here, I think. Authentication can be confusing in modern Data ONTAP. As far as I know ... There are two different sets of local users kept in Data ONTAP: RBAC users kept in the registry and managed with the 'useradmin' command. These are the users used for Workgroup type authentication. Passwords can be managed with the 'passwd' command /etc/passwd users. There is no shadow file - passwords are kept in /etc/passwd. /etc/passwd will be used for multiprotocol user mapping and for cifs authentication in a non-windows workgroup ( /etc/passwd ) cifs setup and FTP. These users are managed by editing the file. You generate a password hash for an /etc/password user with the 'cifs passwd' command, then paste it into the file. Here are some examples to illustrate: sim1> rdfile /etc/passwd root:_J9...crlrN3mwj5GjQs:0:1::/: ekashp:_J9..xJx4OWqsuoJFXps:1001:1001::/: pcuser::65534:65534::/: nobody::65535:65535::/: ftp::65533:65533:FTP Anonymous:/home/ftp: sim1> useradmin user list Name: root Info: Default system administrator. Rid: 0 Groups: Name: administrator Info: Built-in account for administering the filer Rid: 500 Groups: Administrators sim1> cifs passwd mynewpasswd password is _J9..VLG2fYad1gOEuKc root exists in both sets of users. administrator only exists in RBAC ekashp only exists in /etc/passwd I hope this response has been helpful to you. At your service, Eugene E. Kashpureff ekashp@kashpureff.org NetApp Instructor and Independent Consultant http://www.linkedin.com/in/eugenekashpureff (P.S. I appreciate points for helpful or correct answers.)
... View more
You can try running through CIFS setup again and select 'etc/passwd and/or NIS/LDAP authentication' to do a non-windows workgroup authentication. I hope this response has been helpful to you. At your service, Eugene E. Kashpureff ekashp@kashpureff.org NetApp Instructor and Independent Consultant http://www.linkedin.com/in/eugenekashpureff (P.S. I appreciate points for helpful or correct answers.)
... View more
