DD OS 5.2 Command Reference Guide

EMC Data Domain Operating System 5.
2
Command Reference Guide
May 2012
THE INFORMATION IN THIS PUBLICATION IS PROVIDED AS IS. EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Using, copying, and distributing EMC software described in this publication requires an applicable software license. EMC2, EMC, Data Domain, and the EMC logo are registered trademarks or trademarks of EMC Corporation in the United States and other countries. All other trademarks used herein are the property of their respective owners. Copyright 2009-2012 EMC Corporation. All rights reserved. Published in the USA.
Reference: 762-0013-0006_Rev_A
Contents
About This Guide
Related Documents The EMC Data Domain Support Portal Knowledge Base and Reference Library Service and Support
19
19 20 20 20
adminaccess
Change History Guidelines and Restrictions Options add authentication certificate del disable enable reset show ssh telnet trust web Additional Topics Supported Certificate Formats Importing and Deleting Certificates Returning Command Output to a Remote Machine
21
21 22 22 22 23 24 26 26 27 27 27 28 29 30 30 31 31 31 32
alerts
Change History Guidelines and Restrictions Options clear notify-list show Keywords and Arguments
33
33 33 33 34 34 36 39
Additional Topics Output From alerts show Command Option Default Notification Group Alert Notice at Log In
40 40 41 42
alias
Change History Guidelines and Restrictions Options add del reset show Additional Topics Correspondence Table
43
43 43 43 43 44 44 44 44 44
archive
Change History Guidelines and Restrictions Options data-movement policy data-movement schedule data-movement start data-movement status data-movement stop data-movement watch disable enable option report show
47
47 48 48 48 49 50 50 50 50 50 51 51 51 51
authentication
Change History Guidelines and Restrictions Options disable domain enable
53
53 53 54 54 54 54
EMC DD OS 5.2 Command Reference Guide
groups reset servers show status
54 55 55 56 56
authorization
Change History Guidelines and Restrictions Options show Additional Topics Creating the First Security Officer Account Authorization Workflow Enabling Security Officer Authorization
57
57 57 58 58 59 59 59 59
autosupport
Change History Guidelines and Restrictions Options add del disable enable reset send set show test Keywords and Arguments Additional Topics Using autosupport in a GDA Navigating Message Logs
61
61 61 61 62 62 62 62 62 63 63 64 65 65 66 66 66
cifs
Change History Guidelines and Restrictions
67
67 68
Options add del disable enable hosts nb-lookup option reset set share show status troubleshooting Additional Topics Tips on Entering or Removing Client Lists
68 68 68 69 69 69 69 69 70 70 71 72 73 74 74 74
cluster
Change History Guidelines and Restrictions Options add create destroy run show status
75
75 75 76 76 76 76 76 77 77
config
Change History Guidelines and Restrictions Options reset set setup show
79
79 79 79 79 80 81 82
ddboost
Guidelines and Restrictions Change History Options access destroy disable enable file-replication ifgroup option reset set show status storage-unit Additional Topics Setting Low-Bandwidth Optimization Output from file-replication show
85
86 86 87 87 87 88 88 88 89 91 91 92 92 95 95 96 96 97
disk
Change History Guidelines and Restrictions Options beacon multipath port rescan reset set show status unfail Additional Topics Disk States More About Disks and Enclosures Invalid Commands When a Disk in a Tier Fails
99
99 99 99 100 100 101 101 101 102 102 106 107 108 108 109 109 110
Explicitly Failing a Disk Unfailing a Disk
110 110
enclosure
Change History Guidelines and Restrictions Options beacon show test
111
111 111 112 112 112 117
filesys
Change History Guidelines and Restrictions Options archive clean create destroy disable enable encryption expand fastcopy option restart show status sync Additional Topics More About Filesystem Cleaning How Data Values Are Calculated Error Messages Enabling Security Officer Authorization
119
120 120 121 121 121 124 124 125 125 125 130 130 131 133 133 138 139 139 139 139 140 140
help
141
141 141
ipmi
Change History Guidelines and Restrictions Options config disable enable remote console remote power reset show user Additional Topics Supported Models-IPMI Supported Models-SOL Viewing Serial Output of a Remote System Disconnecting from an SOL Session Disconnecting from the Initiator Setting Up IPMI Number of Supported IPMI Users
143
143 144 144 144 144 145 145 145 145 145 146 147 147 147 148 148 148 148 150
license
Change History Guidelines and Restrictions Options add delete reset show Additional Topics Required Licenses
151
151 151 151 151 152 152 152 153 153
log
Change History Guidelines and Restrictions Options host list
155
155 156 156 156 157
view watch Additional Topics Understanding a Log Message Archiving Log Files
159 159 159 159 160
migration
Change History Guidelines and Restrictions Options abort commit receive send show stats status watch Additional Topics Migration With Encryption-Enabled Source Migrating Between Source and Destination Migration During Directory Replication
161
161 161 162 162 162 163 163 165 165 166 166 166 167 167
mtree
Change History Guidelines and Restrictions Options create delete list rename retention-lock show compression undelete Additional Topics Supported Characters
169
170 170 171 171 172 172 174 175 177 179 179 179
ndmpd
181
181 181
10
Options disable enable option show status stop user
181 182 182 182 182 184 184 184
net
Change History Guidelines and Restrictions Options aggregate config congestion-check create ddns destroy disable enable failover hosts iperf lookup option ping reset set show tcdump troubleshooting Additional Topics New Support for IPv6 More About Ethernet Failover Number of Ports Number of Physical Interfaces More About the net aggregate Option
187
188 189 189 189 192 193 197 197 198 198 199 199 200 201 202 202 202 202 203 204 209 210 210 210 210 211 212 212
11
More About LACP More About Up/Down Arguments Linux/DD OS Equivalent Arguments for iperf Option Linux/DD OS Equivalent Arguments for tcdump Option Sample Failover Workflow Sample Aggregation Workflow Interface Naming Format
212 212 213 214 214 215 216 217
nfs
Change History Guidelines and Restrictions Options add del disable enable reset show status Additional Topics Add or Delete NFS Clients
219
219 219 219 220 221 221 221 221 221 223 224 224
ntp
Change History Guidelines and Restrictions Options add del disable enable reset show status
225
225 225 226 226 226 226 226 227 227 227
quota
229
229 230
12
Options disable enable reset set show status
230 230 230 230 231 232 233
replication
Change History Guidelines and Restrictions Options abort add break disable enable initialize modify option reauth recover resync show status sync throttle watch Additional Topics Collection Replication Collection Replication Key Management Directory Replication MTree Replication Pool Replication
235
235 236 236 236 237 237 237 237 237 238 239 240 240 240 240 244 244 244 246 246 246 247 247 247 247
route
249
249 250
13
Options add del reset set show trace Additional Topics Support for IPv6 Add a Route Delete a Route Set a Default Gateway
250 250 250 250 250 251 252 252 252 252 252 252
snapshot
Change History Guidelines and Restrictions Options create expire list rename schedule Additional Topics Naming Snapshots Created by a Schedule Supported Characters
253
253 253 254 254 255 255 256 256 258 258 258
snmp
Change History Guidelines and Restrictions Options add del disable enable reset set show status user
261
261 262 262 262 263 264 264 264 265 265 267 267
14
Additional Topics More about SNMP on a Data Domain System Changing Multiple Settings SNMP sysLocation and sysContact Variables
268 268 269 269
storage
Change History Guidelines and Restrictions Options add remove show Additional Topics Adding Storage to an Active Tier Viewing Disk and LUN States
271
271 271 272 272 272 272 274 274 274
support
Change History Guidelines and Restrictions Options upload
277
277 277 277 277
system
Change History Guidelines and Restrictions Options headswap option passphrase poweroff reboot retention-lock sanitize set show status upgrade
279
279 280 280 280 280 281 281 281 282 282 282 283 294 296
15
Additional Topics Output Changes for Multi-Thread Mode Configuring a System for Retention Lock Compliance Configuring an MTree for Retention Lock Compliance Setting a Log In Banner Ensuring System Sanitization Checking System Temperature and Power Supply
296 296 297 297 297 298 298
user
Change History Guidelines and Restrictions Options add change del disable enable password reset show Additional Topics The Role of the Security Officer RBAC and User Role Definitions Adding a Security Officer Adding a User Removing a User Changing a User Password Changing a Role
299
299 300 300 300 301 301 301 301 301 303 303 304 304 305 306 306 306 306 306
vtl
Change History Guidelines and Restrictions Options add cap debug del disable drive
307
308 309 309 309 309 309 310 310 310
16
enable export group import initiator option pool port port option readahead reset show slot status tape Keywords and Arguments Additional Topics More About vtl group Command Options Requirements for Group Naming Values for vtl option Commands Extended Retention and vtl tape show Command
311 311 312 313 313 314 315 317 318 319 319 319 320 320 320 322 328 328 329 329 329
Upgrading VTL Directory-Based Pools to MTree-Based Pools 328
17
18
About This Guide

This guide describes the EMC Data Domain operating system (DD OS) commands.
Related Documents
Product documentation is available from the EMC Data Domain Support portal at https://my.datadomain.com/US/en/documentation.jsp. For information on: New and obsolete commands, modified command options and output, latest features, enhancements, known issues, and workarounds. Setting up a Data Domain system for the first time. Administering Data Domain systems using the Web-based GUI, Enterprise Manager. Installing and administering controllers in a dual-node configuration. Administering two-tiered storage on a Data Domain system. See the document:
Release Notes
Initial Configuration Guide Administration Guide
Global Deduplication Array Administration Guide Extended Retention Administration Guide (formerly EMC Data Domain860 Archiver Administration Guide)
About This Guide
19
The EMC Data Domain Support Portal

The following information provides an overview of technical resources and references available to our customers.
Knowledge Base and Reference Library

In addition to product documentation, the Support portal offers a wide variety of frequently updated publications, including:

Technical advisories on late-breaking issues Upgrade procedures Offline diagnostic procedures Troubleshooting articles Integration guides for third-party applications Part installation guides Compatibility matrixes White papers
For details on a specific topic or issue, enter a search term into the Knowledge Base Search field or select a category such as How Tos. To browse the latest updates, click the Knowledge Articles tab.
Service and Support

For troubleshooting assistance with installing or administering your Data Domain system, go to https://my.datadomain.com/US/en/login.jsp or call 877.207.3282. Be prepared to describe your system setup and configuration, and the situation in which the problem occurred.
20
adminaccess
The adminaccess command manages the access control list configuration. Command options enable remote hosts to use the FTP, Telnet, HTTP, HTTPS, and SSH administrative protocols on the Data Domain system. SSH is open to the default user sysadmin and to users added by the administrator. Beginning in 5.2, options were added to this command to enhance the secure communication among two or more Data Domain systems, and between a Data Domain system and a Web browser; for example, systems running Enterprise Manager (EM). Options include:

add authentication certificate del disable enable reset show ssh telnet trust web
Change History
Click the command option for details on usage and functionality. See the EMC DD OS Release Notes of the corresponding version for details on modifications, including arguments, output, and permissions. Version Change 5.2 New command options: adminaccess certificate delete {imported-host | imported-ca | subject <subject-name> | fingerprint <fingerprint>} adminaccess certificate import {host password <password> | ca}
adminaccess
21
Modified command options: adminaccess certificate show [detailed] [host | imported-host | ca | imported-ca] adminaccess authentication show adminaccess reset ssh-keys [user <username>] adminaccess show
Guidelines and Restrictions
Unless otherwise noted, command options are available only to users with admin role permissions. FTP and Telnet are disabled by default.
Options
The following options are available with this command.
add
adminaccess add {ftp | telnet | ssh | http | https} <host-list> Add hosts to a protocol. To add multiple hosts, enter a list of entries separated by commas, spaces, or both. For FTP, Telnet, and SSH, a host is a fully qualified domain hostname, class-C IP address, IP address with either netmasks or length, or an asterisk (*) wildcard with a domain name, such as *.yourcompany.com. An asterisk (*) by itself means no restrictions.
For HTTP and HTTPS, the host-list can contain hostnames, class-C IP addresses, an IP address range, or the word all. For SSH, TCP wrappers are used and the /etc/hosts.allow and /etc/hosts.deny files are updated. For HTTP/HTTPS, Apaches mod_access is used for host-based access control and the /usr/local/apache2/conf/httpd-ddr.conf file is updated.
Example 1
To add the host srvr24 to the Telnet access list:

# adminaccess add telnet srvr24.yourcompany.com
22
Example 2
To add all hosts in a domain to the Telnet access list:

# adminaccess add telnet *.yourcompany.com Example 3
To add a range of IP addresses to the Telnet access list:

# adminaccess add telnet 10.24.20.0/24
adminaccess add ssh-keys [user <username>] Add an SSH public key, created on a UNIX-based remote machine, to the SSH authorized keys file on the Data Domain system. The operation allows users to log in without a password.
Example
1. On the remote machine, create the public and private SSH keys:
# jsmith > ssh-keygen -d
Generating public/private dsa key pair. Enter file in which to save the key (/home/jsmith/.ssh/id_dsa): .
2. Press Enter to accept the file location and other defaults. The public key created under /home/jsmith/.ssh (in this example) is id_dsa.pub.
Enter file in which to save the key (/home/jsmith/.ssh/id_dsa): .
3. On the remote machine, write the public key to the Data Domain system, dd10 in this example. The Data Domain system prompts the user for the password before accepting the key:
# jsmith > ssh -l sysadmin dd10 "adminaccess add ssh-keys user jsmith" \< ~/.ssh/id_dsa.pub
authentication
adminaccess authentication add {cifs} Allow Windows domain users with no local account on the Data Domain system to access the system through SSH, Telnet, and FTP using Windows domain group credentials. For administrative access, the user must be in the standard Windows Domain Admins group or in a group that you create named Data Domain. Users from both group names are always accepted as administrative users. The command also gives user-level access (no administrative operations allowed) to all other users from the domain. Users must be from the domain that includes the Data Domain system or a related, trusted domain.
adminaccess
23
The SSH, Telnet, or FTP command that accesses the Data Domain system must include the domain name, a backslash, and the user name in double quotation marks. note CIFS must be enabled and the Data Domain system must be part of a Windows domain.
adminaccess authentication del {cifs} Prevent authentication of a Windows domain. Allow admin role only for users with local user accounts on the Data Domain system. adminaccess authentication reset {cifs} Reset the Windows user access to the default of requiring a local account for administrative access to the Data Domain system. adminaccess authentication show Display settings that enable a Windows administrative user to access a Data Domain system when no local account exists. With the exception of users with data-access permissions only, all users may run this command option.
Example # adminaccess authentication show
CIFS authentication: disabled
certificate
adminaccess certificate delete {imported-host | imported-ca | subject <subject-name> | fingerprint <fingerprint>} Delete a user imported host or trusted CA certificate. Because one imported host or trusted CA certificate is maintained, specifying the certificate name is not required. You may also delete the certificates based on subject name or fingerprint. The system prompts you to confirm the deletion prior to removing the certificate. note Log out from the browser session before deleting a host certificate. Otherwise HTTPS browser sessions (using imported host certificates) will be brought down. After deleting the host certificate, refresh or restart the browser to proceed.
adminaccess certificate import {host password <password> | ca} Import host or trusted CA certificate via SSH on a remote system. The host certificate must be in PKCS12 format. The CA certificate must be in PEM format. Only one CA certificate or one host certificate may be imported. Importing an RKM auto-registered certificate directly, or bulk importing multiple certificates is not supported. You must include the <password> to decrypt PKCS12 file to import host certificates. Because of a limitation of SSH, this password is viewable on the terminal. For security
24
purposes, make sure the necessary precautions are in place when entering the command. The system passphrase of Data Domain system must be set prior to importing the host certificate. note If the certificates are used by Enterprise Manager (server extension), running this command will bring down the current browser session. Log out of the session prior to running this command.
Example 1 (Host Certificate)
If the host certificate is located on remote system client1 under /home/usr/host.p12, and the password to decrypt host.p12 is xyz, then the SSH command issued by sysadmin from client1 to import the host certificate to the Data Domain system ddr1 would be:
# ssh sysadmin@ddr1 adminaccess certificate import host password xyz < /home/usr/host.p12
This command option is followed by a prompt to enter the sysadmin password.

Example 2 (CA Certificate)
To import the CA certificate located at /home/usr/cacert.pem location, the SSH command issued by sysadmin would be:
# ssh sysadmin@host2 adminaccess certificate import ca < /home/usr/cacert.pem Example 3 (CA Certificate)
To import the CA certificate through ddsh, copy and paste the PEM-formatted CA certificate on the ddsh:
# adminaccess certificate import ca
Enter the certificate and press Control-D. Press Control-C to cancel. adminaccess certificate show [detailed] [host | imported-host | ca | imported-ca] Display the Data Domain system host, imported host, CA certificate or imported trusted CA certificate. All users may run this command option.
Example 1 # adminaccess certificate show host
Subject Type Valid From Valid Until Fingerprint
--------------------------------------------------------------------------------------------------------------------------------------sys1.datadomain.com host Sun Nov 21 08:04:13 2010 Wed Nov 13 16:04:13 2041 D2:C6:A0:8E:60:57:98: (truncated)
---------------------------------------------------------------------------------------------------------------------------------------
adminaccess
25
Example 2 # adminaccess certificate show detailed host

Type: Cert Type: Issued By: Valid From: Valid Until: Fingerprint: host Host Certificate sys2.datadomain.com Sun Nov 21 08:04:13 2010 Wed Nov 13 16:04:13 2041 D2:C6:A0:8E:60:57:98:1B:FA:4C:83:46:14:04:02:41:2F:78:AA:2A
Subject/Issued To: sys2.datadomain.com
del
adminaccess del ftp <host-list> Remove hosts (IP addresses, hostnames, or asterisk (*)) from the FTP list. Host entries may be separated by commas, spaces, or both. adminaccess del http <host-list> Remove hosts (IP addresses, hostnames, or asterisk (*)) from the HTTP/HTTPS list. Host entries may be separated by commas, spaces, or both. adminaccess del ssh <host-list> Remove hosts (IP addresses, hostnames, or asterisk (*)) from the SSH list. Host entries may be separated by commas, spaces, or both. adminaccess del ssh-keys <lineno> [user <username>] Delete an SSH key from the key file. Users may delete their own keys, and users in admin role may delete user keys. Run the command option adminaccess show ssh-keys to view line number values. adminaccess del telnet <host-list> Remove hosts (IP addresses, hostnames, or asterisk (*)) from Telnet list. Host entries may be separated by commas, spaces, or both.
disable
adminaccess disable {http | https | ftp | telnet | ssh | all} Disable administrative access on the Data Domain system. Disabling FTP or Telnet does not affect entries in the access lists. If all is access disabled, the Data Domain system is available only through a serial console or keyboard and monitor.
26
enable
adminaccess enable {http | https | ftp | telnet | ssh | all} Enable a protocol on the Data Domain system. By default, the SSH, HTTP, and HTTPS services are enabled and FTP and Telnet are disabled. HTTP and HTTPS allow users to log in from Enterprise Manager. To use FTP and Telnet, users with admin role permissions must add host machines to the access lists.
reset
adminaccess reset {ftp | telnet | ssh | http | all} Reset the FTP, HTTP, SSH, and Telnet protocols to their default states and clear the access lists of host entries. adminaccess reset ssh-keys [user <username>] Remove the authorized SSH keys file for a user specified user or for the operator account from the Data Domain system. After removing the file, every SSH connection requires password authentication.

Users may reset their own keys only. Users with admin role permissions may reset the keys of any user. Users with security role or data access permissions may not reset keys.
show
adminaccess show List the access services available on a Data Domain system and display option values for the access services that are enabled. With the exception of users with data-access permissions only, all users may run this command option.

N/A means that the service does not use an access list. A dash (-) means that the service can use an access list, but the access list does not contain host names. An asterisk (*) means that the service allows all hosts.
Example # adminaccess show

Service Enabled Allowed Hosts ------ssh telnet ftp ------yes yes no -------------------* -
adminaccess
27
http https ------Option
yes yes -------
-------------------Value ----80 443 20 -----
Web options: --------------http-port https-port session-timeout --------------Ssh options: Option --------------session-timeout --------------Telnet options: Option --------------session-timeout --------------Value --------------none (infinite) --------------Value --------------none (infinite) ---------------
adminaccess show ssh-keys [user <username>] Display the SSH key file with a line number for each entry. Users with admin role permissions can view the SSH key files of any user. Users in other roles can view their own SSH key file only.
ssh
adminaccess ssh option reset [server-port | session-timeout] Reset the SSH options to default values. This command may be run in a GDA. See the Global Deduplication Array Administration Guide for details. adminaccess ssh option set server-port <port-number> Set the SSH server port. adminaccess ssh option set session-timeout <timeout-in-secs> Set the SSH timeout options. This command may be run in a GDA. See the Global Deduplication Array Administration Guide for details.
28
Example
Set the SSH session timeout period to 10 minutes:

# adminaccess ssh option set session-timeout 600
adminaccess ssh option show Display the SSH options. This command may be run in a GDA. See the Global Deduplication Array Administration Guide for details. In the following example, the SSH client session timeout is set to the default value none.
Example # adminaccess ssh option show
Ssh options: Option -------------------session-timeout ---------------------Value -------------------none (infinite) --------------------
telnet
adminaccess telnet option reset [session-timeout] Reset the client session timeout period to the default value none to prevent client sessions from timing out.
Example
To reset the Telnet options to the default values:

# adminaccess telnet option reset session-timeout
adminaccess telnet option set session-timeout <timeout-in-secs> Set the client session timeout period to the specified number of seconds. If no data is received from a Telnet client within the timeout period, and if the client does not respond to a subsequent prompt message, the session terminates. The valid range is from 60 to 31536000. To configure the Data Domain system to prevent sessions from timing out, use the adminaccess telnet option reset command option.
Example
To set the SSH session timeout period to 10 minutes:

# adminaccess telnet option set session-timeout 600
adminaccess
29
adminaccess telnet option show Display the Telnet options.

Example
To set the Telnet client session timeout to the default value:

# adminaccess telnet option show
Option --------------session-timeout ----------------Value ------------------none (infinite) --------------------
trust
adminaccess trust add host <hostname> [type mutual] Show the list of trusted Certificate Authorities (CAs). The Type field shows the type of certificate. All users may run this command option.
Example # adminaccess trust show
Subject Type Valid From Valid Until Fingerprint
--------------------------------------------------------------------------------------------------------------------------------------sys3.datadomain.com trusted-ca Sun Nov 21 16:04:13 2010 Wed Nov 13 16:04:13 2041 4F:63:15:45:E7: F3: (truncated) jon-ddm.sqa.local trusted-ca Mon Nov 22 11:09:54 2010 Thu Nov 14 11:09:54 2041 2C:26:7C:OC:D2: 53: (truncated)
--------------------------------------------------------------------------------------------------------------------------------------adminaccess trust copy {source | destination} <hostname>} Copy the trust to or from the given host. adminaccess trust del host <hostname> [type mutual] Remove trust or, optionally, mutual trust from the specified host. adminaccess trust show <hostname> Show the list of trusted Certificate Authorities (CAs). All users may run this command option.
web
adminaccess web option reset [http-port | https-port | session timeout] Reset the Web options to default values.
30
adminaccess web option set http-port <port-number> Set the http access port for the Web client. Default is port 80. adminaccess web option set https-port <port-number> Set the https access port for the Web client. Default is port 443. adminaccess web option set session-timeout <timeout-in-secs> Set the Web client session timeout. Default is 10800 seconds.
Example
To set Web options to default values:

# adminaccess web option set
Option ---------------http-port https-port Value -------80 443
session-timeout 10800
adminaccess web option show Show the current values for the Web options.
Additional Topics
This section provides additional information on various topics and concepts.
Supported Certificate Formats

This version of DD OS supports host certificate PKCS12. Users must provide the PKCS12 file and password to decrypt the PKCS12 file. This version of DD OS also supports CA certificate PEM. User must provide the CA certificate PEM file used to sign the host certificate.
Importing and Deleting Certificates

Importing host certificates on a Data Domain system is not allowed if the filesystem is locked. When importing or deleting certificates on a Data Domain system on which the filesystem is unlocked and encryption is enabled or disabled, the following actions occur:
If Data Domain system passphrase is set, the imported host PKCS12 certificate is reencrypted using the system passphrase.
adminaccess
31
If the system passphrase is not set, an error is generated when importing the host certificate and a message displays on the console Set System passphrase to proceed. See system for instructions on setting the system passphrase.
Returning Command Output to a Remote Machine

With admin role permissions and using SSH, you can have output from Data Domain system commands return to a remote machine at login, and then log out automatically. For example, the following command connects with the machine dd10 as user admin, prompts for the password, and then returns output from the command option filesys status.
# ssh -l admin dd10 filesys status
admin@dd10s password: The filesystem is enabled
Additionally, you can create a file containing multiple Data Domain system commands, one command per line, and use the file as input to the login. Output from each command is returned.
Example
1. Create a file named cmds11 and include the commands filesys status, system show uptime, and NFS status. 2. Run the command as shown and read the output.
# ssh -l admin dd10 < cmds11
admin@dd10s password: The filesystem is enabled 3:00 pm up 14 days 10 hours 15 minutes 1 user, load average: 0.00, 0.00, 0.00 Filesystem has been up 14 days 10:13 The NFS system is currently active and running Total number of NFS requests handled = 314576
32
alerts
The alerts command manages current alerts, alert notification groups, and alerts history. Command options enable sending email to a designated recipient or notification group when an event occurs within the Data Domain system. Depending on the option, information includes alert type, date posted, and resulting action. More than three months of alert history is retained. Some event types, such as those in the environment class that pertain to temperature sensors within the chassis, are detected repeatedly if the underlying condition is not corrected. Options include:

clear notify-list show
Change History
Click the command option for details on usage and functionality. See the EMC DD OS Release Notes of the corresponding version for details on modifications, including arguments, output, and permissions. Version Change 5.2 Modified command options: alerts notify-list del <group-name> [class <class-list>] [emails <email-addrlist>] alerts notify-list destroy <group-name> alerts notify-list reset

Unless otherwise noted, command options are available only to users with admin role permissions.
Options
alerts
33
clear
alerts clear alert-id <alert-id-list> Clear an active alert or list of alerts.
notify-list
alerts notify-list add <group-name> [class <class-list> [severity <severity>]] [emails <email-addr-list>] Modify a notification group by adding an event class, severity level, or recipient email address.
Example # alerts add notify-list eng_lab emails mlee@urcompany.com, bob@urcompany.com
Notification list "eng_lab" Class Severity ------ -------syslog warning ------ -------Members -------------------mlee@urcompany.com bob@urcompany.com --------------------
alerts notify-list create <group-name> class <class-list> [severity <severity>] Create an alert notification group.
Example # alerts notify-list create eng_grp class hardwareFailure
Notification list "eng_grp" Class --------------Severity --------
hardwarefailure warning --------------Members --------------------
34
alerts notify-list del <group-name> [class <class-list>] [emails <email-addr-list>] Modify an alert notification group by deleting event classes, email recipients, or both. Security officer authorization is required only if the <group-name> has a severity level of Warning or above and the command is run on a Retention Lock Compliance system. See the EMC Data Domain Administration Guide for details on alerts.
Example # alerts notify-list del eng_grp class hardwareFailure
Notification list "eng_grp" Class Severity ----- ------------ -------Members -------------
alerts notify-list destroy <group-name> Delete an alert notification group. Note that the default alert notification group cannot be destroyed. See Default Notification Group for details. Security officer authorization is required only if the <group-name> has a severity level of Warning or above and the command is run on a Retention Lock Compliance system. See the EMC Data Domain Administration Guide for details on alerts.
Example # alerts notify-list destroy eng_grp
The 'alerts notify-list destroy' command will destroy this user-configured notification list. Are you sure? (yes|no|?) [no]: y ok, proceeding. Notification list "eng_grp" destroyed.
alerts notify-list reset Remove all user-created alert notification groups and restore the default notification group email list to autosupport-alert@autosupport.datadomain.com. Security officer authorization is required for systems with Retention Lock Compliance.
alerts
35
Example # alerts notify-list reset

The 'alerts notify-list reset' command will destroy all user-configured notification lists. Are you sure? (yes|no|?) [no]: y ok, proceeding. Notification lists reset to factory default.
alerts notify-list show [group <group-name> | email <email-addr>] Display all alert notification groups, a specific alert notification group, or alert notification groups that subscribe to a single email address.
Example # alerts notify-list show eng_lab mlee@yourcompany.com
alerts notify-list test {group <group-name> | email <email-addr>} Send a test notification to an alert notification group or email address.
Example # alerts notify-list test jsmith@yourcompany.com
OK: Message sent.
show
alerts show all [local] Display details on all alert notification groups.
Example # alerts show all
Notification Lists -----------------Notification list "default" Class ----------------cifs storage cluster network security filesystem environment Severity ---------warning warning warning warning warning warning warning
36
replication hardwarefailure systemmaintenance syslog ----------------Members ----------------auto backup bin boot data ddr Current Alerts -------------No active alerts. Alert History ------------Alert Id Time
warning warning warning warning ----------
Severity Class ---------NULL NULL INFO INFO INFO INFO -----
Object - -----NULL NULL
Status -------post post post clear post clear
Message ----------------------System rebooted System rebooted System rebooted System rebooted System rebooted System rebooted -----------------------
-------- -------------------------------NULL Tue Feb 8 16:08:21 2011 NULL Tue Feb 8 17:42:27 2011 1 1 2 2 Tue Feb 8 18:03:57 2011 Tue Feb 8 18:03:57 2011 Wed Feb 9 11:44:53 2011 Wed Feb 9 11:44:53 2011
NULL NULL Filesystem Filesystem Filesystem Filesystem
-------- -------------------------------There are 6 historic alerts.
---------- ------
------
--------
alerts show current [local] Display information about current alerts.

Example # alerts show current
No active alerts.
alerts show current-detailed [local] [alert-id <alert-id-list>] Display details on all current alerts or on a specific current alert. Output includes event information and an Additional Information field.
alerts
37
alerts show daily [local] Display daily alert report, including current alerts and 24-hour alert history. alerts show history [local] [last <n> {hours | days | weeks | months}] [start <MMDDhhmm> [[<CC>]<YY>] end <MMDDhhmm> [[<CC>]<YY>]] Display alert history.
Example # alerts show history last 100 days
Alert Id Time 1 1 2 2 Fri Dec 24 08:59:52 2010 Fri Dec 24 08:59:52 2010 Fri Dec 24 09:02:10 2010 Fri Dec 24 09:02:10 2010 Severity ALERT ALERT INFO INFO Class Object Status post clear post clear Message Historical database recovery failed. Historical database recovery failed. System rebooted. System rebooted.
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------SystemMaintenance SystemMaintenance Filesystem Filesystem
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
alerts show history-detailed [local] [last <n> {hours | days | weeks | months}] [start <MMDDhhmm> [[<CC>]<YY>] end <MMDDhhmm> [[<CC>]<YY>]] Display details of alert history including event information.
Example # alerts show history-detailed last 100 days
Alert Id 1 Time Fri Dec 24 08:59:52 2010
Severity ALERT Class Status SystemMaintenance post
Message Historical database recovery failed. Event Id EVT-HD-RDB-0001 Event Name HistoricalDatabaseRecoverError Description Historical database recovery failed. All existing historical data has been lost. Data in the historical database is used for some system reports, but it is not required for proper system functioning. This failure may occur during head swap processing if recovery to create the new head primary historical database from the shelf database files fails. The system successfully created a new historical database. Action Contact your contracted support provider or visit us online at https://my.datadomain.com to debug this problem and possibly attempt recovery of the lost historical data.
38
Keywords and Arguments

alert-id <alert-id-list> class <class-list> Identification number of alert. List of alert identification numbers. (Optional) List of event classes: cifs, storage, cluster, network, security, filesystem, environment, replication, hardwareFailure, systemMaintenance, and syslog. (Optional) Severity level of event class: emergency, alert, critical, error, warning, notice, info, and debug. Default is warning. (Optional) Email addresses of members in an alert notification group. Name of alert notification group. Use with show option to display alerts for most recent number of <n> (hours, days, weeks, months). Use with show option to display alerts for specific interval. MMDD indicates month and day of start date. hhmm indicates hours and minutes of start time(24-hour format). To specify midnight between Sunday night and Monday morning, use mon 0000. To specify noon on Monday , use mon 1200.
severity <severity>
emails <email-addr-list>
<group-name> last <n> {hours | days | weeks | months}
start <MMDDhhmm>
alerts
39
end <MMDDhhmm>
Use with show option to display alerts for specific interval. MMDD indicates month and day of end date. hhmm indicates hours and minutes of end time (24-hour format). To specify midnight between Sunday night and Monday morning, use mon 0000. To specify noon on Monday , use mon 1200.
<CC>
(Optional) Use with start or stop arguments to show option. Specify first two digits of year. Default is 20. (Optional) Use with start or stop arguments to show option. Specify last two digits of year.
<YY>
Additional Topics
Output From alerts show Command Option

Depending on arguments used with the alerts show command, output may include notification lists, the email address of members, alert history, and, if applicable, the number of current, active alerts. Output for a GDA may differ from single-node examples.
40
Output also includes the following categories: Alert ID Time Severity Class Object Identification number of alert. Date and time the alert was posted. Severity level of the event that triggered the alert. Event class of the event that triggered the alert. If applicable, basic information about the affected system component or element. Alert status. Brief description of the underlying event. (Detailed displays only.) If applicable, information about the affected system component or element. (Detailed displays only.) Alphanumeric identifier of the event that triggered the alert, as defined in the Message Catalog. (Detailed displays only.) Name of the associated SNMP trap notification as defined in the Message Catalog. (Detailed displays only.) Detailed description of the underlying event as defined in the Message Catalog. (Detailed displays only.) Suggested action to take to correct the event and clear the alert as defined in the Message Catalog.
Status Message Additional Information
Event ID
Event Name
Description
Action
Default Notification Group

The default alert notification group (default) is configured to send alerts for any event class with severity level of Warning or above. Email notifications are sent to Data Domain Support at autosupport alert@autosupport.datadomain.com. The default alert notification group can only be reset to default values: it cannot be destroyed.
alerts
41
Alert Notice at Log In

A message is shown at log in that indicates the presence of alerts and instructions on how to proceed. For example:
Welcome to Data Domain OS 5.2.0.0 ---------------------------------------------------** ** NOTICE: There is 1 outstanding alert. Run "alerts show current" ** to display outstanding alert(s). Severity Class Object Message --------------------------------------------been added to the system. -------- ------------------------ -------- ------- ----------- ---------------------------------------------------------------------------There is 1 active alert.
Alert Id Time
-------- ------------------------ -------- ------- ----------- ------------------------4 Fri Jan 21 16:25:51 2011
WARNING Storage Enclosure=3 Enclosure connected but has not
42
alias
The alias command creates, deletes, and displays command aliases. Command options enables users to add, delete, and display command aliases for the Data Domain system command set. Users can administer aliases only for commands for which they have permission. Options include:

add del reset show
Change History
Click the command option for details on usage and functionality. See the EMC DD OS Release Notes of the corresponding version for details on modifications, including arguments, output, and permissions. Version Change 5.2 No changes from previous version.

All users may run this command. A new alias is available only to the user who created it on the Data Domain system.
Options
add
alias add <alias-name> "<command>" Add a command alias. Enter the alias name and command, and enclose the command name in quotation marks. The new alias is available only to the user who created it.
alias
43
del
alias del <alias-name> Delete an alias by name.
reset
alias reset Remove user-created aliases and restore defaults.
show
alias show Display all aliases and command definitions.
Additional Topics
Correspondence Table
Aliases for various command options include:. date df hostname ifconfig iostat netstat nfsstat passwd ping poweroff reboot sysstat system show date filesys show space net show hostname net config system show stats net show stats nfs show stats user change password net ping system poweroff system reboot system show stats
44
traceroute uname uptime who
route trace system show version system show uptime user show active
alias
45
46
archive
The archive command is used only on systems licensed to run the EMC Data Domain Extended Retention software option (formerly DD860 Archiver). Archive command options enable the feature and configure policies. See the DD Extended Retention Administration Guide for details on functionality, installation, and configuration. Options include:

data-movement policy data-movement schedule data-movement start data-movement status data-movement stop data-movement watch disable enable option report show
Change History
Click the command option for details on usage and functionality. See the EMC DD OS Release Notes of the corresponding version for details on modifications, including arguments, output, and permissions. Version Change 5.2 Modified command options: archive data-movement policy set age-threshold {<days> | none} mtrees <mtree-list> archive data-movement policy set default-age-threshold {<days> | none} archive option show [local-compression-type | data-movement-packing]
archive
47
Unless otherwise noted, command options are available only to users with admin role permissions. Supported configurations:
Controllers: DD860 (72G memory and three SAS cards) and DD990 (with 256G memory and 4 SAS2 Cards) Storage: ES20 and ES30. A system may contain a mix of ES20 and ES30 shelves; however, each shelf chain must contain ES20 shelves only or ES30 shelves only. Shelves within a chain cannot be mixed.
Options
data-movement policy
archive data-movement policy reset age-threshold mtrees <mtree-list> Reset the age threshold for specified MTrees. Files modified only in the past (beyond the age threshold) are moved to the archive tier during the next data movement. archive data-movement policy reset default-age-threshold Reset the age threshold to the default value of none. The default age threshold applies to MTrees for which the age threshold has not been set.
Example # archive data-movement policy reset default-age-threshold
The default-age-threshold value is set to none.
archive data-movement policy set age-threshold {<days> | none} mtrees <mtree-list> Set the age threshold for specific MTrees. Default is none. archive data-movement policy set default-age-threshold {<days> | none} Set the default age threshold.
Argument Definitions
<days> A number from 0 to 18250 (50 years). The number 0 means migrate when data movement runs. none Never migrate. This is the default for new MTrees and for the default-age-threshold.
48
archive data-movement policy show [mtrees <mtree-list>] View the data-movement policy for the specified MTrees.
data-movement schedule
archive data-movement schedule reset Reset the data-movement schedule.
Example
To reset the schedule to default values:

# archive data-movement schedule reset
The Archive data-movement schedule has been reset. Archive data movement is scheduled to run on day(s) "Tue" at "06:00"
archive data-movement schedule set days <days> time <time> [no-clean] Set the schedule for data movement. Note that the days argument checks two ranges:

Weekday (MondaySunday) Day of the month (131, regardless of month, plus last and first)
Any value outside of the two ranges returns a message:

**** Invalid day of the week:
note
For days, last is converted to the value 31. DD OS adds a cron job based on the schedule entered. If a schedule is set for the 31st of every month at 10:00 PM, it is not executed on months with fewer that 31 days. This is a known issue with crontab.
archive data-movement schedule set never Set the schedule for data movement to begin. Unless you specify no-clean, the filesystem is cleaned after data movement is completed. Acceptable values include: days sun time 00:00 days mon,tue time 00:00 days 2 time 10:00 days 2,15 time 10:00 days last time 10:00 - last day of the month archive data-movement schedule show Display the data-movement schedule. All users may run this command option.
archive
49
data-movement start
archive data-movement start Start data movement from the active tier to the archive tier. All files that satisfy the age-threshold value are moved to the archive tier.
Example # archive data-movement start
Waiting for data movement to start... Data movement has started. Run "filesys data-movement watch" to monitor the progress.
data-movement status
archive data-movement status Display data-movement status. All users may run this command option.
data-movement stop
archive data-movement stop Stop data movement to the archive tier.
Example # archive data-movement stop
Waiting for data movement to stop... Data movement has stopped.
data-movement watch
archive data-movement watch Display data-movement progress, including progress of the fourth phase of the file migration process packing. All users may run this command option.
disable
archive disable Disable the archive feature.
50
enable
archive enable Enable the archive feature.
option
archive option reset local-compression-type Reset the local compression algorithm to default value gz for subsequent data movement to the archive tier.
Example # archive option reset local-compression-type
The local compression for archive tier is reset. The file system must be restarted to effect this change.
archive option set local-compression-type {none | lz | gzfast | gz} Set the local compression algorithm for subsequent data movement to the archive tier.
Example # archive option set local-compression-type lz
The local compression will be set to lz. The file system must be restarted to effect this change.
archive option show [local-compression-type | data-movement-packing] Display the local compression algorithm for the archive tier and the progress of the fourth phase of the file migration process packing. All users may run this command option.
report
archive report generate file-location Create a report showing the name and location of each file in the system; for example, archive unit ar1. An asterisk (*) is appended to the archive unit name if the file spans the active tier and the archive unit. Press Ctrl-C to stop generating the report.
show
archive show config Display archive configuration. Output also shows if packing is enabled or disabled. All users may run this command option.
archive
51
52
authentication
The authentication command manages NIS users, domains, groups and servers. Command options enable the Data Domain system to participate in an active Network Information Service (NIS) domain, which keeps a centralized repository of users, groups, and server names. NIS adds a global directory that authenticates users from any host on the network. Options include:

disable domain enable groups reset servers show status
Change History
Click the command option for details on usage and functionality. See the EMC DD OS Release Notes of the corresponding version for details on modifications, including arguments, output, and permissions. Version Change 5.2 Modified command options: authentication nis groups add <group-list> role {user | admin | backupoperator} authentication nis groups del <group-list> role {user | admin | backupoperator}

authentication
53
Options
disable
authentication nis disable Disable the NIS client.
domain
authentication nis domain reset Reset the NIS domain name. authentication nis domain set domain [servers <server-list>] Set the NIS domain name and optionally to add NIS servers to the <server-list>. authentication nis domain show Display the NIS domain name.
Example # authentication nis domain show
NIS domain is "datadomain.com".
enable
authentication nis enable Enable the NIS client.
groups
authentication nis groups add <group-list> role {user | admin | backup-operator} Delete a role-based access control (RBAC) role for NIS users in the <group-list>. See user for role definitions. authentication nis groups del <group-list> role {user | admin | backup-operator} Delete a role-based access control (RBAC) role for NIS users in the <group-list>. See user for role definitions. authentication nis groups reset Delete all added NIS groups.
54
authentication nis groups show Display lists of NIS user groups and NIS admin groups.
reset
authentication nis reset Delete the NIS configuration and set it to the default.
servers
authentication nis servers add <server-list> Add NIS servers to the <server-list>. authentication nis servers del <server-list> Delete NIS servers from the <server-list>. authentication nis servers reset Reset the NIS servers to their default settings. authentication nis servers show Display a list of NIS servers.
Example
# authentication nis servers show

NIS Servers: 10.111.123.12
authentication
55
show
authentication nis show Display the NIS configuration.
Example # authentication nis servers show
NIS Summary: Domain: datadomain.com Servers: 10.110.188.12 Admin Groups: User Groups: Backup Operator Groups: Enabled: No Status: N/A (NIS Disabled)
status
authentication nis status Display the NIS status.
56
authorization
The authorization command establishes or modifies runtime authorization policy. Command options enable security-based functions such as managing filesystem encryption and enabling or disabling authorization policy. All authorization tasks are logged automatically. The log file includes a timestamp, the identities of the security officer and administrative user, and the Data Domain system on which the task was performed. This log file serves as the audit trail, or authorization history, for each action. Options include:

policy show
Change History
Click the command option for details on usage and functionality. See the EMC DD OS Release Notes of the corresponding version for details on modifications, including arguments, output, and permissions. Version Change 5.2 Modified command options: authorization policy reset security-officer authorization policy set security-officer {enabled | disabled}
Only the sysadmin user (the default user created after the DD OS installation) can create the first security role, after which the privilege to create security officers is removed from the sysadmin role. Only security officers can create other security officers. Separation of privilege and duty apply. Users in the role of admin cannot perform security officer tasks, and vice versa. Procedures requiring authorization must be dual-authenticated by the security officer and the user in the admin role. For example, to set encryption, the admin enables the feature and the security officer enables runtime authorization. See Authorization Workflow. This command is not supported in Global Depduplication Arrays.
authorization
57
Options
policy
authorization policy reset security-officer Reset runtime authorization policy to defaults. Resetting authorization policy is not allowed on Retention Lock Compliance systems. authorization policy set security-officer {enabled | disabled} Enable and disable runtime authorization policy. Setting authorization policy is not allowed on Retention Lock Compliance systems. authorization policy show Show status of authorization policy. Status may be enabled or disabled.
show
authorization show history [last <n> { hours | days | weeks }] View or audit past authorizations according to the interval specified.
Example # authorization show history
Id Date User Security Officer ------------------------------------------------------------------------------------------------------------------------------------------------------------------1 2 3 4 5 6 7 04/12/2011 14:44:14 04/12/2011 15:50:08 04/12/2011 15:50:20 04/14/2011 12:36:24 04/14/2011 13:06:46 04/14/2011 16:03:26 04/15/2011 18:41:12 sysadmin sysadmin sysadmin sec-off sec-off sec-off sec-off secsec s123ec345sec sec-off sec-off sec-off sec-off sms_unittest for authorization user add sec-off priv security sms_unittest for authorization user add boom1 priv security user del boom1 authorization policy set security-officer enabled authorization policy set security-officer disabled Operation
------------------------------------------------------------------------------------------------------------------------------------------------------------------7 authorized operations found.
58
Additional Topics
Creating the First Security Officer Account

The user with the role of sysadmin must create and enable the first security officer account. 1. Enter:
# user add sec_off password <password> role security
2. The new security user must log in as the security office and enable the security officer authorization policy. Enter:
# authorization policy set security-officer enabled
Authorization Workflow
A user in the role of admin interacts with the security officer to perform a command that requires security officer sign off. In a typical scenario, the admin issues the command and the system displays a message that security officer authorizations must be enabled. To proceed with the sign-off, the security officer must enter his or her credentials on the same console at which the command option was run. If the system recognizes the credentials, the procedure is authorized. If not, a Security alert is generated. The authorization log records the details of each transaction.
Enabling Security Officer Authorization

Filesystem encryption, decryption, and managing systems enabled for Retention Lock Compliance require admin role permissions and security officer authorization.
To enable security officer authorization:
1. Log in as a security role. If necessary, create a security officer role. See user for details about the role. 2. Run the command option authorization policy set security-officer enabled.
authorization
59
60
autosupport
The autosupport command manages system reports. Command options enable administrative users to manage two reports that describe the state of a Data Domain system: the Autosupport Report and the Daily Alert Summary. By default, both reports are emailed to the Data Domain Support address only, but users with admin role permissions may configure additional addresses. For details on configuring autosupport notifications, see the EMC Data Domain Initial Configuration Guide. Options include:

add del disable enable reset send set show test
Change History
Unless otherwise noted, command options are available only to users with admin role permissions. User role may view address lists only.
Options
autosupport
61
add
autosupport add { alert-summary | asup-detailed } emails <email-list> Add entries to the email list for the Daily Alert Summary or the Autosupport Report.
Example # autosupport add asup-detailed emails djones@yourcompany.com
del
autosupport del { alert-summary | asup-detailed } emails <email-list> Delete entries from the email list for the Daily Alert Summary or the Autosupport Report. In a Global Deduplication Array, this command is run on the master controller only, and values configured on the master controller are propagated to the worker controllers.
Example # autosupport del asup-detailed emails jsmith@yourcompany.com
disable
autosupport disable support-notify Disable the sending of the Daily Alert Summary and the Autosupport Report to Data Domain support.
enable
autosupport enable support-notify Enable the sending of the Daily Alert Summary and the Autosupport Report to Data Domain support. By default, the Data Domain support email address is autosupport@autosupport.datadomain.com. This setting is non-configurable.
reset
autosupport reset { alert-summary | asup-detailed | support-notify } Reset an autosupport command option to the default value. See Keywords and Arguments. autosupport reset all Reset all autosupport command option to the default values.
62
autosupport reset schedule [ alert-summary | asup-detailed ] Reset the schedules of the Daily Alert Summary and the Autosupport Report to the default values.
By default, the schedule for the Daily Alert Summary is configured with the daily 0600 options. By default, the schedule for the Autosupport Report is configured with the daily 0800 options.
send
autosupport send [<email-addr>] [cmd "<cmd>"] Email a report or command description to the Autosupport Report email list or to the address specified. You must enclose the command option name in double quotation marks.
Example 1
To run the Autosupport Report and emai the completed report:

# autosupport send Example 2
To run the Autosupport Report and email the completed report to djones@yourcompany.com only:
# autosupport send djones@yourcompany.com Example 3
To run the net show stats command and email the results to djones@yourcompany.com:
# autosupport send djones@yourcompany.com cmd "net show stats" Example 4
To send a copy of the log file messages.1 to the Data Domain support address:
# autosupport send support@datadomain.com cmd "log view messages.1"
set
autosupport set schedule { alert-summary | asup-detailed } { [ { daily | <day(s)> } <time> ] | never } Schedule the Daily Alert Summary or the Autosupport Report. For either report, the most recently configured schedule overrides the previously configured schedule.
autosupport
63
Example 1
To schedule the Daily Alert Summary for 2 p.m. Monday and Friday:
# autosupport set schedule alert-summary mon,fri 1400 Example 2
To schedule the Autosupport Report for Tuesday at 4 a.m:

# autosupport set schedule asup-detailed tue 0400 Example 3
To schedule the Autosupport Report for Tuesday at 3 p.m.:

# autosupport set schedule asup-detailed tue 1500
show
autosupport show { all | alert-summary | asup-detailed | support-notify } Display autosupport configuration.
Example # autosupport show alert-summary
Alert summary email: usera@yourcompany.com userb@yourcompany.com userc@yourcompany.com
autosupport show history Display the event history file, which includes the date for each Autosupport Report. Message system logs are retained for ten weeks.
Example
To display entries from all of the messages system logs:

# autosupport show history
Nov 10 03:00:19 scheduled autosupport Nov 11 03:00:19 scheduled autosupport Nov 12 03:00:19 scheduled autosupport
Use the up and down arrow keys to move through the log. Use the q key to exit. Enter a forward slash (/) and a pattern to search for dates. autosupport show report Generate an Autosupport Report without sending the results to the Autosupport Report email list.
64
autosupport show schedule [ alert-summary | asup-detailed ] Display the schedules for the Daily Alert Summary and the Autosupport Report.
test
autosupport test { alert-summary | asup-detailed | support-notify| email <email-addr> } Send a test email to all lists, or to a specific address.

alert-summary Addresses in email list for the Daily Alert Summary. Addresses in the email list for the Autosupport Report. Run the specified DD OS command. Enclose the command in double quotation marks. Default setting for Daily Alert Summary and the Autosupport Report. Run the specified report automatically on specific days of the month or week. To specify a day of the month, use the one- or twonumeral string. For example: 1. To specify a day of the week, use the first three letters of that day. For example: thu. To specify a list of days, separate the items in the list with commas, spaces, or both. For example: mon wed fri. To specify a range of days, separate the first and last items in the range with a dash (-). For example: tue-fri. Individual email addresses to add to the specified list. Separate the items in the list with commas, spaces, or both. Reset the sending of the Daily Alert Summary and Autosupport Report to the Data Domain support email address to the default value. By default, the option is enabled.
asup-detailed
"cmd"
daily
<days>
<email-list>
support-notify
autosupport
65
<time>
Time at which the specified report is to be run, specified in 24-hours. Note that 2400 is not a valid time. To specify midnight between Sunday night and Monday morning, for example, use mon 0000. Do not run the specified report automatically.
never
Additional Topics
Using autosupport in a GDA

In a Global Deduplication Array, this command is run on the master controller only. Values configured on the master controller are propagated to the worker controllers.
Navigating Message Logs

Use the up and down arrow keys to move through the log. Press q to exit. Enter a forward slash (/) and a pattern to search for specific dates or other details.
66
cifs
The cifs command manages CIFS (Common Internet File System) data access between a Data Domain system and Windows clients. Command options enable and disable access to a Data Domain system from media servers and other Windows clients that use the CIFS protocol. The cifs command sets the authentication mode and CIFS options, and displays status and statistics for CIFS clients. Options include:

add del disable enable hosts nb-lookup option reset set share show status troubleshooting
Change History
Click the command option for details on usage and functionality. See the EMC DD OS Release Notes of the corresponding version for details on modifications, including arguments, output, and permissions. Version Change 5.2 Modified command option: cifs set authentication active-directory <realm> { [<dc1> [<dc2> ...]] | * } Deprecated command: cifs set authentication nt4 <domain> { [<pdc> [<bdc>]] | * }
cifs
67
Unless otherwise noted, command options are available only to users with admin role permissions. After a CIFS client name has been added, it must be configured for access to the Data Domain system. Configuration instructions are provided in the Integration Documentation on the Data Domain Support portal. Select the vendor for the clients operating system and then select the appropriate tuning document. CIFS must be enabled on the Data Domain system. See cifs enable. The /backup subdirectory is not supported in a GDA.
Options
add
cifs add /backup <client-list> Specify the CIFS backup client that can access a Data Domain system /backup directory. The /backup directory is the target directory for compressed backup server data. note If adding multiple clients, Data Domain recommends using the cifs share add command instead. See Tips on Entering or Removing Client Lists.
cifs add /ddvar <client-list> Specify administrative clients that can access a Data Domain system /ddvar directory. The /ddvar directory contains Data Domain system core and log files.
del
cifs del /backup <client-list> Remove a client from the list of CIFS backup clients that can access a Data Domain system /backup directory. note If removing multiple clients, Data Domain recommends using the cifs share destroy command instead. See cifs disable.
cifs del /ddvar <client-list> Specify administrative clients that cannot access a Data Domain system /ddvar directory.
68
disable
cifs disable Disable the CIFS service and prevent CIFS clients from connecting to the Data Domain system.
enable
cifs enable Enable the CIFS service and allow CIFS clients to connect to the Data Domain system.
hosts
cifs hosts add <ipaddr> <host-list> Add lmhosts mapping. The lmhosts file is a local text file that maps IP addresses to NetBIOS names. A single IP address can contain multiple hostnames. cifs hosts del <ipaddr> Remove lmhosts mapping for the specified IP address. cifs hosts reset Reset lmhosts mapping to the default. This option removes all IP address and NetBIOS hostnames from the lmhosts file. cifs hosts show Display lmhosts mappings. All users may run this command option.
nb-lookup
cifs nb-lookup <netbios-name> Display the IP address for the specified NetBIOS name.
option
cifs option reset <name> Reset a CIFS option to default value. cifs option set <name> <value> Set a CIFS option. cifs option show Display CIFS options.
cifs 69
reset
cifs reset authentication Reset the CIFs authentication to the default: workgroup. cifs reset clients Reset the CIFS client access list for /backup and / ddvar shares to the default: no client access. The backup and ddvar shares are also removed. cifs reset nb-hostname Reset the NetBIOS hostname to the default: none. cifs reset wins-server Set the WINS server IP address to the default: none.
set
cifs set authentication active-directory <realm> { [<dc1> [<dc2> ...]] | * } Set authentication to the Active Directory. The realm must be a fully qualified name. Use commas, spaces, or both to separate entries in the domain controller list. Security officer authorization is required for systems with Retention Lock Compliance. note Data Domain recommends using the asterisk to set all controllers instead of entering them individually.
When prompted, enter a name for a user account. The type and format of the name depend on if the user is inside or outside the company domain.
For user Administrator inside the company domain, enter the name only: administrator. For user Jane Doe in a non-local, trusted domain, enter the user name and domain: jane.doe@trusteddomain.com. The account in the trusted domain must have permission to join the Data Domain system to your company domain.
The Data Domain system automatically adds a host entry to the DNS server. It is not necessary to create the entry manually. If you set the NetBIOS hostname using the command cifs set nb-hostname, the entry is created for NetBIOS hostname only, not the system hostname. Otherwise, the system hostname is used. cifs set authentication workgroup <workgroup> Set the authentication mode to workgroup for the specified workgroup name. cifs set nb-hostname <nb-hostname> Set the NetBIOS hostname.
70
cifs set wins-server <ipaddr> Set the WINS server IP address. If CIFS clients are using NetBIOS, a WINS server may be required to resolve NetBIOS names to IP addresses.
share
cifs share create <share> path <path> {max-connections <max connections> | clients <clients> | browsing {enabled | disabled} | writeable {enabled | disabled} | users <users> | comment <comment>} Create a new share. In GDA configurations, only /ddvar is exported. The export of /data shares is not supported.
share A descriptive name for the share. path The path to the target directory. max-connections The maximum number of connections to the share allowed at one time. clients A comma-separated list of clients allowed to access the share. Specify the clients by hostname or IP address. No spaces or tabs allowed. browsing The share is seen (enabled, default), or not (disabled) by Web browsers. writeable The share is writable (enabled, default), or not (disabled). By default, administrative users have write privileges even if the argument writable is disabled. users A comma-separated list of user names. Other than the comma delimiter, spaces (blank or tab) are treated as part of the user name because a Windows user name can have a space in the name.
cifs
71
The user names list can include group names, which must be proceeded by the at (@) symbol, such as @group1. All users in the client list can access the share unless one or more user names are specified, in which case only the listed names can access the share. Separate group and user names by commas, not spaces. There can be spaces inside the name of a group, but no spaces are allowed between groups. comment A descriptive comment about the share. cifs share destroy <share> Delete a share. cifs share disable <share> Disable a share. cifs share enable <share> Enable a share. cifs share modify <share> {max-connections <max connections> | clients <clients> | browsing {enabled | disabled} | writeable {enabled | disabled} | users <users> | comment <comment>} Modify a share configuration with the same configuration options as the cifs share create option, except for its path. You cannot change the path for an existing share. Modifications apply to new connections only. See the share create command option for a description of the command variables. To remove a user list for the share, specify <users>. In GDA configurations, only /ddvar is exported. The export of /data shares is not supported. cifs share show [<share>] Display share configurations for all shares, or for a specified or custom share.
show
cifs show active Display all active CIFS clients. cifs show clients Display all allowed CIFS clients for the default /ddvar administrative share and the default /backup data share. cifs show config Display the CIFS configuration.
72
cifs show detailed-stats Display statistics for every individual type of SMB operation, display CIFS client statistics, and print a list of operating systems with their client counts. The list counts the number of different IP addresses connected from each operating system. In some cases the same client may use multiple IP addresses. Output for CIFS Client Type shows Miscellaneous clients, where Yes means the displayed list of clients is incomplete. No means the list is complete, and Maximum connections, where the value is the maximum number of connections since the last reset.
Example # cifs show detailed-stats
Name smb SMBmkdir SMBrmdir SMBopen SMBcreate SMBclose SMBflush SMBunlink SMBmv SMBgetatr ... -------------------------------------------------------------------Miscellaneous clients Maximum connections Windows Server 2003 3790 Service Pack 2 nt : No :1 :1 :1 : : : : : : : : : : : Count 2947 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.0 % 0.0 % 0.0 % 0.0 % 0.0 % 0.0 % 0.0 % 0.0 % 0.0 % Time (ms) Time %
Windows Server 2003 R2 3790 Service Pack 2 : 1
...
Output truncated.
cifs show stats Show CIFS statistics.
status
cifs status Show status of CIFS: enable or disabled.
cifs
73
troubleshooting
cifs troubleshooting domaininfo Report domain information; for example, to check the connectivity between the Data Domain system and the domain. Also to confirm if authentication issues are due to domain connectivity. cifs troubleshooting group <groupname> | <gid> | <SID> List details for a specified group. cifs troubleshooting list-groups List all CIFS groups. cifs troubleshooting list-users List all CIFS users. cifs troubleshooting performance Collect tcpdump and ddfs traces for CIFS performance analysis. Example To troubleshoot performance problems:
# cifs troubleshooting performance
Please start CIFS traffic on all active interfaces, if not already started Waiting up to 2 minutes for network capture processes to exit ...
# support upload bundle
cifs troubleshooting user <username> | <uid> | <SID> Display details on a specified user.
Additional Topics
Tips on Entering or Removing Client Lists

When adding or removing clients on the Data Domain system /backup directory:
Separate clients in the list by a comma, a space, or both. The client-list can contain class-C IP addresses, IP addresses with either netmasks or length, hostnames, or an asterisk (*) followed by a domain name, such as *.yourcompany.com. Enter an asterisk (*) to add or remove all clients on the network.
74
cluster
The cluster command manages a Data Domain Global Deduplication Array (GDA). A standard GDA comprises two controllers: the master and the worker. The master controller manages the worker controller. For more information on this command, see the Global Deduplication Array Administration Guide. Options include:

add create destroy run show status
Change History
Unless otherwise noted, command options are available only to users with admin role permissions. GDA is a licensed software option. Each controller requires a GDA license. See the Global Deduplication Array Administration Guide for details. Use the cluster create command to add the first controller of a GDA. Only two cluster command options are allowed on the worker controller: cluster destroy and cluster show config.
cluster
75
Options
add
cluster add <node-name> [license <license-code>] After creating a GDA, enter the cluster add command option on the master controller to add the second controller to the GDA. The filesystem must be disabled on the master controller. The second controller must match the master controller in terms of DD OS software, storage capacity, and hardware model. The second controller must have a pristine filesystem.
create
cluster create <cluster-name> Create a new GDA. The name you assign is the name by which the GDA is identified within the CLI and Enterprise Manager. This command must be executed on the master controller. The filesystem must be in a pristine state.
destroy
cluster destroy [<cluster-name>] Destroy the filesystem on the GDA controllers and separate the controllers from the array. After running this command option, each controller reverts to single-controller functionality. This command can be entered on any controller in the GDA.
run
cluster run [host {<host-list> | all | worker}] cmd <command> Run cluster CLI commands for specific controllers locally. Global commands apply to the entire array.
host-list List of hosts, represented by IP addresses or hostnames. Separate entries by commas. command Local commands to run on one or more controllers.
76
show
cluster show config Display array membership information. All users may run this command option.
Example
Information shown for each controller:

Name: for example, dd880-1.company.com Serial Number Role: Master or Worker Management Interface: the IP address of the management interface for the controller. Replication Interface: the IP address of the replication interface. Global Deduplication Array Interface: the IP address of the GDA interconnect between the arrays controllers. Number: the number assigned to the controller; for example, 1, 2.
status
cluster status [node <node-name> | all] Show the status of a specific controller or for all controllers in the GDA. You can run this command on the master controller only. All users may run this command option. If you enter cluster status without options, a summary of the arrays status is displayed for each controller, such as:

The filesystem status is enabled and running. Name: For example, dd880-1.company.com Role: Master or Worker Interface Status, such as:

Master: 3 up, 3 down Worker: 3 up, 3 down
Filesystem Status, such as:

Filesystem up and running (Up) Filesystem has encountered a problem (Down)
Alerts: the number of alerts for each controller
cluster
77
If you enter the cluster status command for a specified controller, only that controllers status is displayed. To show the status of all controllers in the GDA, enter:
# cluster status all
78
config
The config command manages Data Domain system configuration settings. Command options include changing individual configuration parameters and viewing the configuration setup. For information on how to configure the system, see the EMC DD OS Initial Configuration Guide and the EMC Data Domain Administration Guide. Options include:

reset set setup show
Change History
Click the command option for details on usage and functionality. See the EMC DD OS Release Notes of the corresponding version for details on modifications, including arguments, output, and permissions. Version Change 5.2 Modified command options: config reset timezone config set timezone <zonename> config setup

Options
reset
config reset location Reset the location description to the default Null.
config
79
config reset mailserver Reset the mail server to the default mail server. config reset timezone Reset the time zone to the default US/Pacific. This command option requires security officer authorization if Retention Lock Compliance is enabled on any MTrees.
set
config set admin-email <email-addr> Set recipient addresses for alerts and autosupport emails. The system requires one administrative email address. Use the autosupport and alerts commands to add other email addresses. To check the current setting, use config show admin-email.
Example # config set admin-email jsmith@company.com
The Admin Email is: jsmith@company.com
config set admin-host <host> Set the machine from which you can log in to the Data Domain system to view system logs and use system commands. The hostname can be simple, fully qualified, or an IP address. The host is also added to the FTP and Telnet listslicensed software options onlyand to the CIFS and NFS lists for access to /ddvar and /backup. This command provides a quick way to add authentication privileges. To check the current setting, use config show admin-host.
Example # config set admin-host admin12.yourcompany.com
The System Admin host is admin12.yourcompany.com
config set location "<location>" Change the description of a Data Domain systems location. A description of a physical location helps identify the machine when viewing alerts and autosupport emails. If the description contains one or more spaces, the description must be in double quotation marks. To check the current setting, use config show location.
Example # config set location "row2-num4-room221"
The system location is row2-num4-room221
80
config set mailserver <host> Change the SMTP mail server used by the Data Domain system. To check the current setting, use config show mailserver.
Example # config set mailserver mail.yourcompany.com
The Mail (SMTP) server is: mail.yourcompany.com
config set timezone <zonename> Set the system clock to a specific time zone. The default setting is US/Pacific. Changes to the time zone require a system reboot. This command option requires security officer authorization if any MTrees are enabled with Retention Lock Compliance.
Example # config set timezone Los_Angeles
To display time zones, enter a category or a partial zone name. The categories are Africa, America, Asia, Atlantic, Australia, Brazil, Canada, Chile, Europe, Indian, Mexico, Mideast, Pacific, and US.
Example # config set timezone us
Ambiguous timezone name; matching... US/Alaska US/Eastern US/Michigan US/Aleutian US/East-Indiana US/Mountain US/Arizona US/Hawaii US/Pacific US/Central US/Indiana-Starke US/Samoa
setup
config setup Use this command on a single node or in a GDA to change configuration settings for the system, network, filesystem, CIFS, NFS, and licenses. Press Enter to cycle through the selections. You will be prompted to confirm any changes. Choices include Save, Cancel, and Retry. This command option is unavailable on Retention Lock Compliance systems. Use Enterprise Manager to change configuration settings.
config
81
show
config show admin-email Display the administrative email address the Data Domain system uses for email from the alerts and autosupport commands. All users may run this command option.
Example # config show admin-email
The Admin Email is: rjones@yourcompany.com
config show admin-host Display the administrative host from which you can log into the Data Domain system to view system logs and use system commands. All users may run this command option.
Example # config show admin-host
The Admin Host is: admin12.yourcompany.com
config show all Display all config command settings. All users may run this command option. config show location Display the Data Domain system location description, if you set one. All users may run this command option.
Example # config show location
The System Location is: bldg12 rm 120 rack8
config show mailserver Display the name of the mail server that the Data Domain system uses to send email. All users may run this command option.
Example # config show mailserver
The Mail (SMTP) server is: mail.yourcompany.com
config show timezone Display the time zone used by the system clock. All users may run this command option.
Example # config show timezone
The Timezone name is: US/Pacific
82
config
83
84
ddboost
The ddboost command manages the integration of Data Domain systems and disk backup devices. Command options create and delete storage units on the storage server, and display the disk space usage of each storage unit. DD Boost also supports advanced load balancing and failover, distributed segment processing, encryption, and low-bandwidth optimization. See the DD Boost Administration Guide for details on functionality. Beginning in 5.2, users can now use quotas to provision Data Domain system storage among different backup applications. Quotas restrict the logical (uncompressed and undeduplicated) storage capacity for each storage unit. DDBoost storage unit quota limits (hard or soft) can be set or removed dynamically. Quotas may also be used to provision various DDBoost storage units with different sizes, enabling an administrative user to monitor the usage of a particular storage unit over time. Note that it is possible to configure quotas on a system and run out of storage before quota limits are reached. Like MTree quota limits, the ddboost storage-unit create command includes new, optional parameters to specify quota limits at the time the storage unit is created. Output of the ddboost storage-unit show command indicates if a quota is defined for the storage unit. See quota and mtree for details on the quota feature, including definitions of hard and soft limits. Options include:

access destroy disable enable file-replication ifgroup option reset set show status storage-unit
ddboost
85
Unless otherwise noted, command options are available only to users with admin role permissions. DD Boost is a licensed software option. If basic options do not work, verify that the proper licensing has been implemented on your Data Domain system. Quota limits are enforced only if MTree quotas are enabled. A message displays in the output notifying users if the quota feature is disabled. When a storage unit is created, quota limits are set to the default MTree quota size. If MTree quotas are enabled, backups are stopped if a hard limit is reached. Enabling quotas may cause OpenStorage backup applications to report non-intuitive sizes and capacities. See Knowledge Base article 85210, available on the Support portal, for details.
Change History
Click the command option for details on usage and functionality. See the EMC DD OS Release Notes of the corresponding version for details on modifications, including arguments, output, and permissions. Version Change 5.2 New command options: ddboost ifgroup create <group-name> ddboost ifgroup destroy <group-name> ddboost ifgroup rename <source-group-name> <destination-group-name> ddboost option reset [virtual-synthetics] ddboost option set virtual-synthetics {enabled | disabled} ddboost option show [virtual-synthetics] Modified command options: ddboost ifgroup add <group_name> {interface <ipaddr> | client <host>} ddboost ifgroup del <group_name> {interface <ipaddr> | client <host>} ddboost ifgroup disable <group-name> ddboost ifgroup enable <group-name> ddboost ifgroup reset <group-name>
86
ddboost ifgroup show config {interfaces | clients | groups | all} <groupname> ddboost ifgroup status <group-name> ddboost show histogram ddboost show stats [ interval <seconds> ] [count <count>] ddboost storage-unit create <storage-unit-name> [quota-soft-limit <n> {MiB|GiB|TiB|PiB}] [quota-hard-limit <n> {MiB|GiB|TiB|PiB}]
Options
access
ddboost access add clients <client-list> Add clients to DD Boost access list. The access list must be the hostname, not IP address.
Example # ddboost access add clients host1 host2 host3
host1 : Access already exists host2 : Invalid host host3 : Added
ddboost access del clients <client-list> Delete clients from DD Boost access list. ddboost access reset Reset DD Boost client access list to factory default. ddboost access show Show DD Boost client access list.
destroy
ddboost destroy Delete all storage units from the Data Domain system. The command permanently removes all data (files) contained in the storage units. You must also manually remove (expire) corresponding catalog entries in the backup software.
ddboost
87
disable
ddboost disable Disable DD Boost.
enable
ddboost enable Enable DD Boost. If the user, user ID (UID), or group ID (GID) changes, the Data Domain system updates all files and storage units the next time this command is run.
file-replication
ddboost file-replication option reset {low-bw-optim | encryption} Reset low-bandwidth optimization and encryption to the default value (disabled). ddboost file-replication option set encryption {enabled | disabled} This command must be entered on the source system and the destination (target) system to enable or disable encrypted data transfer for DD Boost file replication. ddboost file-replication option set low-bw-optim {enabled | disabled} This command must be entered on the source system and the destination (target) system to enable or disable low-bandwidth optimization. Default setting is disabled. ddboost file-replication option show [low-bw-optim] Show state of low-bandwidth optimization: enabled or disabled. ddboost file-replication option show [encryption] Show state of encryption: enabled or disabled. ddboost file-replication reset stats Reset file-replication statistics when DD Boost is enabled. ddboost file-replication show active Show the status of a DD Boost file-replication transfer to a destination Data Domain system. Output for low-bandwidth optimization shows the function as enabled and running, or as enabled with a configuration mismatch. ddboost file-replication show detailed-file-history [duration <duration> {day | hr}] Show a detailed, file-based replication history. You must specify a duration. Data for each file name is organized by date, time, and direction (outbound or inbound).
88
ddboost file-replication show detailed-history [duration <duration> {day | hr}] [interval <interval> {hr}] Display a detailed, cumulative view of file-replication history. Data is organized by date, time, and direction (outbound or inbound). See Output from file-replication show. ddboost file-replication show file-history [duration <duration> {day | hr}] Show the data-transfer history of inbound and outbound traffic for files in the Data Domain system /backup directory. See Output from file-replication show for details. ddboost file-replication show history [duration <duration> {day | hr}] [interval <interval> {hr}] Show the data transfer history between the source and destination Data Domain systems. ddboost file-replication show performance [interval <sec>] [count <count>] Display in real time the amount of pre-compressed outbound and inbound data compared to network throughput or post-compressed data. The count displays the number of lines equal to the count value. Output is shown for the specified interval. ddboost file-replication show stats Monitor outbound and inbound traffic on a Data Domain system during replication. Note the compression ratio increases when low-bandwidth optimization is enabled. See Output from file-replication show.
ifgroup
ddboost ifgroup add <group_name> {interface <ipaddr> | client <host>} Add an interface, client, or both to <group-name> or default group. Prior to adding an interface you must create the <group_name> unless the group name is the default group. See ddboost ifgroup create <group-name>. note The group-name default is created during an upgrade of a fresh install and is always used if <group_name> is not specified.
Additionally, the IP address must be configured on the Data Domain system and its interface must be enabled. You can add public or private IP addresses for data transfer connections. After adding an IP address as an interface, you must enable advanced load balancing and link failover. See ddboost ifgroup enable <group-name>. See the DD Boost Administration Guide and the EMC Data Domain Administration Guide for more information on interface groups. ddboost ifgroup create <group-name> Create a group with the name <group-name> for the interface. This command option may be run on a single node and on a master node in a Global Deduplication Array (GDA).
ddboost
89
The <group-name> may contain characters ^, [0-9, a-z, A-Z],* $, underscore(_), and hyphen (-). Hostnames and fully qualified hostnames may be used. Wildcard hostnames, indicated by an asterisk (*) may be used. Reserved group names that cannot be used are: default, all, and none. ddboost ifgroup del <group_name> {interface <ipaddr> | client <host>} Remove an interface, client, or both from <group-name> or default group. Deleting the last IP address interface disables the ifgroup. If this is the case, you have the option of terminating this command option. ddboost ifgroup destroy <group-name> Destroy the group name. Only empty groups can be destroyed. Interfaces or clients cannot be destroyed but may be removed sequentially or by running the command option ddboost ifgroup reset group-name. note The group-name default cannot be destroyed.
ddboost ifgroup disable <group-name> Disable a specific group by entering the <group-name>. If <group-name> is not specified, the command applies to the default group. ddboost ifgroup enable <group-name> Enable a specific group by entering the <group-name>. If <group-name> is not specified, the command applies to the default group. ddboost ifgroup rename <source-group-name> <destination-group-name> Rename the ifgroup <source-group-name> to <destination-group-name>. This command option does not require disabling the group. ddboost ifgroup reset <group-name> Reset a specific group by entering the <group-name>. If <group-name> is not specified, the command applies to the default group. ddboost ifgroup show config {interfaces | clients | groups | all} <group-name> Display selected configuration options. If no selection is made, all information about the specified <group-name> is shown. If <group-name> is not specified, all information about the default group is displayed. Select the all argument to view configuration options of all groups. All users may run this command option. ddboost ifgroup status <group-name> Show status of link aggregation: enabled or disabled. Status is displayed for all groups unless <group-name> is specified. All users may run this command option.
90
Example 1 # ddboost ifgroup status

Status of ifgroup default is "enabled".
Example 2 # ddboost ifgroup status local_1

Status of ifgroup local_1 is "disabled"
option
ddboost option reset [distributed-segment-processing] Reset distributed segment processing to the default option (enabled). Distributed segment processing must be enabled in GDA configurations. ddboost option set distributed-segment-processing {enabled | disabled} Enable or disable the distributed segment processing feature on the DD OS. Distributed segment processing must be enabled in GDA configurations. ddboost option show [distributed-segment-processing] Show status of distributed segment processing: enabled or disabled. Distributed segment processing must be enabled in GDA configurations. All users may run this command. ddboost option reset [virtual-synthetics] Reset virtual synthetics to the default option (disabled). Virtual synthetics is supported on single-node configurations and DD Extended Retention systems only. ddboost option set virtual-synthetics {enabled | disabled} Enable or disable the virtual synthetics feature on the DD OS. Virtual synthetics is supported on single-node configurations and DD Extended Retention systems only. ddboost option show [virtual-synthetics] Show status of virtual synthetics: enabled or disabled. All users may run this command.
reset
ddboost reset stats Reset statistics when DD Boost is enabled, or as a network recovery procedure to clear job connections after the network connection is lost. ddboost reset user-name Delete and reset the DD Boost user name.
ddboost
91
set
ddboost set user-name <user-name> Set the DD Boost user name when DD Boost is enabled.
show
ddboost ifgroup show config <group-name> Show a specific group by entering the <group-name>. Otherwise show all groups.
Example # ddboost ifgroup show config ifgroup default: enabled
-----------------------------------------------------------------------Interfaces: 10.6.109.140, 10.6.109.141, 10.6.109.142 Clients: * ifgroup local_1: enabled -----------------------------------------------------------------------Interfaces: 192.168.1.220, 192.168.1.221 Clients: *.b-domain.com
ddboost show connections Show the number of DD Boost connections. All users may run this command. note When an Archive Train restore image file spans multiple partitions, it uses multiple concurrent RSS connections for a single job. Therefore, output may show two restore connections and one control connection. This is expected behavior, as shown in Example 2.
Example 1 (Single Node) # ddboost show connections

Active Clients: 2
Clients: Client Idle CPUs Memory(MiB) Plugin Version OS Version Application Version -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------cmpnyx NO 8 8,190 2.2.2.0-200818 Microsoft Windows Server 2008 SP 2 (build 6002), 64-bit NetBackup: 7.1 client1.datadomain.com NO 8 7,984 2.4.0.0Linux 2.6.17-1.2142_FC4smp x86_64 NetBackup: 6.5.4 ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Client Connections: Max Client Connections: 314 ---------------------- ifgroup ------------------------- --------------------- Connections ---------------------------------------Group Name none Status Interfaces 10.6.109.38 Backup Restore Src-repl 0 0 0 Dst-repl Control 0 0 Total 0 ---------------------------------------------------------------------------------------------------------------------------------------------
92
none default default external lab10G
10.6.109.244 enabled 10.6.109.141 enabled 10.6.109.41 enabled 10.6.109.140 enabled 192.168.1.220
0 0 0 0 0 0
0 0 0 0 0 0
0 0 0 0 0 0
0 0 0 0 0 0
0 0 0 0 0 0
0 0 0 0 0 0
---------------------------------------------------------------------------------------------------------------------------------------------Total Connections: * Control connections for image operations -------------------------------------------------- ------------------------------------------------------------------------------------------
Example 2 (Master:1) # ddboost show connection

...
---------------------- ifgroup ------------------------- --------------------- Connections ---------------------------------------Group Name none none Total Connections: Status Interfaces 10.6.109.38 10.6.109.39 Backup Restore Src-repl 0 0 0 0 2 0 0 0 0 Dst-repl Control 0 0 0 0 1 0 Total 0 0 0 ---------------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ------------------------------------------------------------------------------------------
ddboost show histogram Display a DD Boost histogram for the Data Domain system.
Output Definitions
mean-ms The mathematical mean time for completion of the operations. stddev The standard deviation for time to complete operations, derived from the mean time. max-s The maximum time taken for a single operation. 2, 4, 6, 8, or 10ms The number of operations that took less than the specified number of milliseconds (ms). 100ms The number of operations that took between 10 ms and 100 ms. 1s The number of operations that took between 100 ms and one second.
ddboost
93
10s The number of operations that took between 1 second and 10 seconds. >10s The number of operations that took over 10 seconds. ddboost show stats [ interval <seconds> ] [count <count>] Show DD Boost statistics.
Example # ddboost show stats
01/09 03:56:56 DD Boost statistics: DDP_GETATTR DDP_LOOKUP DDP_ACCESS DDP_READ DDP_WRITE DDP_CREATE DDP_REMOVE DDP_READDIR DDP_FSSTAT DDP_REPL_START DDP_REPL_STOP DDP_REPL_STATUS DDP_QUERY DDP_GETPROPERTY DDP_BOOST_INFO DDP_STREAM_INFO (Output truncated.) Count Image creates Image deletes Bytes after filtering Bytes after local compression Network bytes received Compression ratio Total bytes read 0 0 56 56 Errors 0 0 68,613,529,600 23,043,860,318 23,397,851,198 23,400,598,921 2.9 ---------------------------------------------------------------------------------------: : : : : : : : : : : : : : : : 36954 45572 115 0 3 56 56 0 36155 9 9 840 218569 87377 95234 0 [0] [8036] [0] [0] [0] [0] [0] [0] [0] [0] [0] [0] [0] [0] [0] [0]
Pre-compressed bytes received
----------------------------------------------------------------------------------------
94
ddboost show user-name Display the current DD Boost user.
status
ddboost status Display status of DD Boost: enabled or disabled.
storage-unit
ddboost storage-unit create <storage-unit-name> [quota-soft-limit <n> {MiB|GiB|TiB|PiB}] [quotahard-limit <n> {MiB|GiB|TiB|PiB}] Create a storage unit and set limits. See mtree for details on quota limits. Note that if the quota feature is not enabled, the quota is created but a message appears stating the feature is disabled and limits are not enforced, as shown in Example 2. See quota for details. Quotas may cause OpenStorage backup applications to report non-intuitive sizes and capacities. See Knowledge Base article 85210, available on the Support portal, for details.
Example 1 # ddboost storage-unit create SU_1 quota-soft-limit 793 GiB quota-hard-limit 1078 GiB
Created storage-unit SU_1 quota-soft-limit: 793 GiB, quota-hard-limit: 1078 GiB
Example 2 # ddboost storage-unit create SU_2 quota-soft-limit 1586 GiB

** Quota is disabled. Quota limits are not enforced. Created storage-unit SU_2 quota-soft-limit: 1586 GiB, quota-hard-limit: N/A
ddboost storage-unit delete <storage-unit-name> Delete a specified storage unit and contents. You must also manually remove (expire) corresponding catalog entries from the backup application. ddboost storage-unit show [compression] [<storage-unit-name>] Display the compression for all storage units (the original byte size, global and local compression) or the filenames in a specified storage unit. The list of files in a storage unit is shown in the output only if a storage unit name is specified. See Example 2.
ddboost
95
Example 1 # ddboost storage-unit show

Name DDBOOST_STRESS_SU abcd abcd2 D : Deleted RO : Read Only RW : Read Write Pre-Comp (GiB) 1.0 0.0 0.0 Status RW RW RW ---------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------
Example 2 # ddboost storage-unit show DDBOOST_STRESS_SU

Name DDBOOST_STRESS_SU D : Deleted RO : Read Only RW : Read Write List of files in DDBOOST_STRESS_SU: write_000 -------------Pre-Comp (GiB) 1.0 Status RW ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Additional Topics
Setting Low-Bandwidth Optimization

Low-bandwidth optimization is for networks with less than 6 Mbps aggregate bandwidth. Do not use this option if maximum filesystem write performance is required. After enabling low-bandwidth optimization on the source and target systems, both systems must undergo a full cleaning cycle to prepare the existing data. Enter the command option filesys clean start on both systems. The duration of the cleaning cycle depends on the amount of data on the Data Domain system.
96
Output from file-replication show

Arguments for the command option ddboost file-replication show display the following data:

amount of pre-compressed data in KB amount of post-compressed data in KB network transfer data in KB low-bandwidth optimization factor number of errors
ddboost
97
98
disk
The disk command manages disks and displays disk locations, logical (RAID) layout, usage, and reliability statistics. Each Data Domain system reports on the number of disks in the system. For a Data Domain system with one or more Data Domain external disk shelves, commands also include entries for enclosures and disks. For details on disks in external shelves, see the Expansion Shelf Hardware Guide. Options include:

beacon multipath port rescan reset set show status unfail
Change History
Click the command option for details on usage and functionality. See the EMC DD OS Release Notes of the corresponding version for details on modifications, including arguments, output, and permissions. Version Change 5.2 Modified command option: disk unfail <enclosure-id>.<disk-id>

Options
disk
99
beacon
disk beacon <enclosure-id>.<disk-id> Cause the LED that signals normal operation to flash on the target disk. Press Ctrl-C to stop the flash. To check all disks in an enclosure, use the enclosure beacon command option.
multipath
disk multipath failback Manually force all disks to use the primary path. This command works on gateway models only. disk multipath option reset {monitor | auto-failback} Disable multipath configuration monitoring. When disabled, failures in paths to disk devices do not generate alerts. Multipath configuration monitoring is disabled by default. To perform auto-failback, use this command to switch over to the primary path when it becomes available, even if the secondary path remains usable. The auto-failback option is enabled by default and supported on gateway systems only. disk multipath option set auto-failback {enabled | disabled} Enable or disable auto-failback policy. Enabling auto-failback means the primary path is used when it is available. Disabling auto-failback means the user must manually fail back to the primary path when the path becomes available. This command is supported on gateway models only. disk multipath option set monitor {enabled | disabled} Enable multipath configuration monitoring. When enabled, failures in paths to disk devices generate alerts and log multipath events. If monitoring is disabled, multipath event logging is not performed, meaning disk multipath show history is not updated. Multipath configuration monitoring is disabled by default. disk multipath option show Show status of multipath configuration monitoring and auto-failback: disabled or enabled. Auto-failback is supported on gateway systems only. disk multipath reset stats Clear statistics of all disk paths in expansion shelves. disk multipath resume port <port> Allow I/O on specified initiator port.
100
disk multipath show history Show history of multipath events. disk multipath show stats [enclosure <enc-id>] Show statistics for all disk paths by default, or for the specified enclosure only. disk multipath status [<port-id>] Show multipath configurations and runtime status. disk multipath suspend port <port> Disallow I/O on specified initiator port, and stop traffic on particular ports during scheduled maintenance of the SAN, storage array, or system. This command does not drop the Fibre Channel link.
port
disk port enable <port-id> Enable the specified initiator port. disk port show {stats | summary} Show disk port information.
rescan
disk rescan [<enclosure-id>.<disk-id>] Rescan all disks to search for newly removed or inserted disks or LUNS, or power on a drive.
reset
disk reset performance Reset disk performance statistics to zero.
disk
101
set
disk set dev<disk-id> spindle-group <1-16> Assign a LUN group to the disk.
Example # disk set dev1 spindle-group 8
The 'disk set' command assigns a lun-group to the disk/lun. Are you sure? (yes|no|?) [no]: y ok, proceeding. Please enter sysadmin password to confirm 'disk set': This command may take several minutes to complete; please wait. Disk dev1 has been added to spindle-group 8. The result will be effective after the filesystem is restarted.
show
disk show failure-history Display list of serial numbers of failed disks in the Data Domain system. disk show hardware Display disk hardware information.
Example # disk show hardware
Disk (enc/disk) ---------------------------------------------------------------------------------------------------------------------------------------------------------1.1 1.2 1.3 Hitachi HDP725025GLA380 Hitachi HDP725025GLA380 Hitachi HDP725025GLA380 GM2OA52A GM2OA52A GM2OA52A GEL230RB0DMU8B GEL230RB0DRTSB GEL230RB0DTH8B 232.88 GiB 232.88 GiB 232.88 GiB Manufacturer/Model Firmware Serial No. Capacity
---------------------------------------------------------------------------------------------------------------------------------------------------------3 drives present.
Output Definitions (Disk Information)

Disk (enc/disk) Manufacturer/Model Firmware Serial No. The enclosure and disk numbers. The manufacturers model designation. The firmware revision on each disk. The manufacturers serial number for the disk.
102
Capacity
The data storage capacity of the disk when used in a Data Domain system. The Data Domain convention for computing disk space defines one gigabyte as 230 bytes, giving a different disk capacity than the manufacturers rating.
Output Definitions (System Information)

Disk LUN Port WWN
Each LUN accessed by the Data Domain system as a disk.

The LUN number given to a LUN on the third-party physical disk storage system. The world-wide number of the port on the storage array through which data is sent to the Data Domain system. A label that identifies the manufacturer. The display may include a model ID, RAID type, or other information depending on the vendor string sent by the storage array. The firmware level used by the third-party physical disk storage controller. The serial number from the third-party physical disk storage system for a volume that is sent to the Data Domain system. The amount of data in a volume sent to the Data Domain system. GiB = Gibibytes, the base-2 equivalent of Gigabytes. MiB = Mebibytes, the base-2 equivalent of Megabytes. TiB = Tebibytes, the base-2 equivalent of Terabytes. The spindle-group for this LUN. (Available on gateway systems only.)
Manufacturer/Model
Firmware Serial No.
Capacity
Spindle-Group
disk show performance Display disk performance statistics for each disk. Each column displays statistics averaged since the last disk reset performance command or the last system power cycle. Command output from a gateway Data Domain system lists each LUN accessed by the Data Domain system as a disk.
disk
103
Example # disk show performance

Disk (enc/disk) 1.1 1.2 1.3 Cumulative Read sects/s 56 57 57 0.111 MiB/s, Write sects/s 20 20 20 0 % busy Cumul. MiBytes/s 0.037 0.037 0.037 0% 0% 0% Busy
-------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------
Output Definitions
Disk (enc/disk) Read sects/s Write sect/s Cumul. MiBytes/s The enclosure and disk numbers. The average number of sectors per second written to each disk. The average number of sectors per second written to each disk. The average number of megabytes per second written to each disk. MiBytes = MiB = Mebibytes, the base-2 equivalent of Megabytes. The average percent of time that each disk has at least one command queued.
Busy
disk show reliability-data View details of the hardware state of each disk. The information is typically used by Data Domain Support for troubleshooting assistance.
Example # disk show reliability-data
Disk (enc/disk) 1.1 1.2 1.3 ATA Bus CRC Err 0 0 0 Reallocated Sectors 0 0 0 25 C 77 F 23 C 73 F 23 C 73 F Temperature
-------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------3 drives operating normally.
104
Output Definitions
Disk ATA Bus CRC Err Reallocated Sectors Temperature The <enclosure.disk-id> disk identifier. The uncorrected raw UDMA CRC errors. The number of mapped-out defective sectors. The current temperature of each disk in Celsius and Fahrenheit. The allowable case temperature range for disks is from 5 degrees centigrade to 55 degrees centigrade.
disk show state Display state information about all disks in an enclosure (a Data Domain system or an attached expansion shelf), or LUNs in a Data Domain gateway system using storage area network (SAN) storage. Columns in the output display the disk state for each slot number by enclosure ID, the total number of disks by disk state, and the total number of disks. If a RAID disk group reconstruction is underway, columns for the disk identifier, progress, and time remaining are also shown.
Example
To display a system containing shelf disks:

# disk show state
Enclosure Disk 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 ----------------------------------------------------------------------------1 2 Legend . s D s . . . v v v v v v v v v v v v v v D State In Use Disks Spare Disks Disabled Disks Count 3 1 1
--------------------------------------------------------------------------------------------------------------------------
---------------------------------------------Output Legend s - spare R - reconstruction v - available K - Known U - Unknown
disk
105
O - Foreign F - Failed A - Absent D - Disabled
status
disk status View details on the Data Domain system disk status. Output includes the number of disks in use and failed, the number of spare disks available, and if a RAID disk group reconstruction is underway. note The RAID portion of the display could show one or more disks as Failed while the Operational portion of the display could show all drives operating nominally. A disk can be physically functional and available, but not in use by RAID, possibly because of operator intervention.
On a gateway Data Domain system, the display shows only the number and state of the LUNs accessed by the Data Domain system. The remainder of the display is invalid for a gateway system. Reconstruction is done per disk. If more than one disk is to be reconstructed, the disks queued for reconstruction show as spare or hot spare until reconstruction begins. In the first line of output, disk status is indicated by one of the following, high-level states. Normal Error System is operational and all disks are available and ready for use. A new head unit is in this state when Foreign storage is present. For a system configured with some storage, Error indicates that some or all of its own storage is missing. See the definitions for Foreign and Failed in Disk States. A special case of a system that would have been Normal if the system had none of the following conditions that require user action: RAID system degraded

Warning
Foreign storage Failed or Absent disks See Disk States for details.
106
Example 1
Output shows status of disks:

# disk status
Normal - Storage operational Disk States ----------In Use TOTAL DISKS ----------Active tier ----------3 3 -----------
Example 2
Output shows overall status of disks in a DD Extended Retention system with RAID disk group reconstruction underway:
# disk status
Normal - system operational Disk reconstruction detail Disk (%) 3.15 Progress (minutes) 40 125 Active tier 27 3 16 47 Archive tier 28 4 32 Head unit 3 1 4 Other 15 1 1 17 Remaining
----------------------------------------------------------------------------------------Disk states In-Use Spare Available Unknown Fail Absent TOTAL DISKS ----------------------------------------------------------------------------------------------------
Spare (Reconstructing) 1
----------------------------------------------------------------------------------------------------
unfail
disk unfail <enclosure-id>.<disk-id> This command option makes a disk previously marked Failed or Foreign usable to the system.
disk
107
Additional Topics
Disk States
Output from various disk show command options includes details on disk states. Some states require assistance from Data Domain Support.
In Use
Disk state In Use indicates the disk is working properly. In Use is the normal state of a drive in an active data array.
Spare
Disk state Spare is the normal state of a Data Domain disk serving as the hot standby for the active RAID set. This state also appears when disks are undergoing reconstruction.
Unknown
Disk state Unknown indicates the disk may be newly introduced to the system.
Foreign
Disk state Foreign indicates the disk is not reporting the proper identification information in the RAID group. This state commonly appears after a chassis swap or after new enclosures are connected to an active system. If disks remain in this state after the chassis swap, run the system headswap command option. This option transmits to the drives the serial number of the main board, which allows the system to recognize the drives and use them accordingly. caution! Do not run the disk unfail command option on a disk in the Foreign state after a chassis swap. Doing so destroys the filesystem and all data will be lost.
Failed
Disk state Failed indicates the system took the disk offline because of a hardware error and that the system has started reconstruction on the spare. This state generates an alert to Data Domain Support and a case is created and a replacement drive is sent.
108
Absent
Disk state Absent indicates the disk is disconnected from the bus and is inaccessible (the condition is the same as a drive being pulled from the system). Disks in the Absent state cannot be failed or unfailed. This state generates an alert to Data Domain Support and a case is created. To verify the drive is available, run the command option disk show hardware. Output for the suspected drive should be blank or show as Absent. To reset the disk state, remove the disk, wait five minutes, and then reinsert the disk. Following the system rescan, output typically shows the disk state as Spare. However, if the problem persists, there may be a bad slot on the enclosure or the head unit. Contact Data Domain Support for assistance.
More About Disks and Enclosures

The number of disks a Data Domain system has depends on the model. Each disk has two LEDs. A green or blue LED indicates disk activity, and an amber or red LED indicates a failure or attention condition. Each disk in an external shelf has two LEDs at the right edge of the disk carrier. The top LED is green and flashes when the disk is accessed or when the disk is the target of a beacon operation. The bottom LED is amber and glows steadily when the disk has failed. The disk-identifying variable used in disk commands (except gateway-specific commands) is <enclosure-id>.<disk-id>. An enclosure may be a Data Domain system or an external disk shelf, and a Data Domain system is always enclosure 1. For example, disk 12 in a Data Domain system is labeled 1.12. Disk 12 in the first external shelf is labeled 2.12.
Invalid Commands
The following disk command options are invalid on gateway Data Domain systems using third-party physical storage disk arrays rather than Data Domain external disk shelves: disk beacon disk expand disk fail disk unfail disk show failure-history disk show reliability-data
disk
109
When a Disk in a Tier Fails

When a disk belonging to a tier fails, the disk subsystem automatically changes the state of that disk to Failed and removes that storage from the tier. Always replace a failed disk as soon as possible. Spare disks are supplied in a carrier for a Data Domain system or a carrier for an expansion shelf. Do not move a disk from one carrier to another.
Explicitly Failing a Disk

Use the disk fail command to explicitly change the state of a single disk on a specific tier; for example, to change a disk in the Available, Spare, or In Use state to Failed on the active tier. You can then remove the storage from the tier, unless doing so would result in data loss, in which case a warning appears. To proceed, enter y when prompted to confirm the operation. Note that the command stops if failing the specified disk would cause a triple disk failure in a disk group. If the Failed disk belonged to a tier with an available spare disk, the disk subsystem automatically replaces the Failed disk with the spare. To list available spare disks, use the disk show state command option. A maximum of two disks in the head unit can be failed concurrently in most Data Domain systems, with the exception of DD120 and DD140 systems. In DD120 and DD140 systems, which have three disks and no spare disk, only one disk can be failed.
Unfailing a Disk
The state at which the disk unfail command moves the Failed or Foreign disk and adds it to a tier depends on how other disks in the enclosure are tiered. Typically, the disk is in an enclosure with other disks belonging to the tier. In this case, the command reformats the disk to a spare in the same tier as the other tiered disk in the shelf. Less frequently, the disk is in an enclosure with other disks belong to the tier, but not to the disk group. In this case, the disk unfail command changes the disk to Available in the same tier. Occasionally the disk is in an enclosure with no disks belonging to tiers, or disks belonging to two or more tiers. In this case, the disk unfail command changes the disk state to Unknown, and does not add the disk to a tier.
110
enclosure
The enclosure command identifies and displays information about expansion shelves. An enclosure is a Data Domain system or an attached expansion shelf. Options include:

beacon show test
Change History
Click the command option for details on usage and functionality. See the EMC DD OS Release Notes of the corresponding version for details on modifications, including arguments, output, and permissions. Version Change 5.2 Modified command (output only): enclosure show summary
Unless otherwise noted, command options are available only to users with admin role permissions. Enclosure numbers are not static and may change when the system is rebooted. (Numbers are generated according to when the shelves are detected during system startup.) To determine enclosure numbering, see the World Wide Name (WWN) of each enclosure in the output of the enclosure show topology command option. Enclosure commands do not include adding a shelf. See Adding Storage to an Active Tier for instructions. If a Data Domain system or a previously installed shelf, or both, require spare disks and none are available, disks from a newly installed shelf are allocated to the existing RAID groups (disk groups) when the new shelf is recognized with the disk rescan command. The shelf allocating the disks must have at least 14 disks available for its own RAID group.
enclosure
111
Options
beacon
enclosure beacon <enclosure> Confirm that the DD OS and hardware recognize an enclosure. This command option causes the LED on each disk in an enclosure to flash green, indicating activity. Press Ctrl-C to halt the command.
show
enclosure show all [<enclosure>] Display the temperatures and status of fans and power supplies. enclosure show controllers <enclosure> Display information and status for an enclosure and shelf controller systems.
Example # enclosure show controllers
Model Capacity WWN Serial # ES30 15 Slots US1V4102300094 US1V4102300094
Number of Controllers 2 Controller A WWN Firmware Serial # Status HOST port EXP'N port Controller B WWN Firmware Serial # Status HOST port EXP'N port 50060480A810143F 08E0 US1V2102000135 OK 12.0 Gbps 24.0 Gbps 50060480A810F0BF 08E0 US1V2102000741 OK 24.0 Gbps 0.0 Gbps
112
Output Definitions (Physical Enclosure Shell)

Enclosure The number listed here is the enclosure number assigned by the Data Domain OS. This number is the argument that is passed to the command. Model The product name of the enclosure. In this example, the enclosure is an ES20. Capacity The number of usable drive slots in the enclosure. WWN The World Wide Name of the physical ES20 enclosure. This identifier describes the enclosure itself and will not change when components within the enclosure are swapped. This number matches the label located on the enclosure OPS Panel. Serial # The serial number of the physical enclosure. As with the WWN, this describes the enclosure and will not change if components are swapped. Depending on when the enclosure was manufactured, this may be the same value as the WWN. This value matches the serial number printed on the label on the back of the enclosure. Number of Controllers The number of shelf controllers currently inserted into the enclosure.
Output Definitions (Shelf Controller Modules)

Controller A Identifies which shelf controller module the block of information is for. If this enclosure has both shelf controllers installed, there are blocks for Controller A and Controller B. WWN The World Wide Name for the shelf controller. The WWN is different for each controller and differs from the WWN for the enclosure. Firmware The revision level of the firmware that resides on the shelf controller. This value can be different for each shelf controller. Serial # The serial number for the shelf controller. The serial number is different for each shelf controller and differs from the enclosure Serial # value. Status The current status for the shelf controller. HOST port The link speed of the HOST port of the shelf controller. A controller connects to the Data Domain system or shelf controller of the previous enclosure through the HOST port.
enclosure 113
EXP'N port The link speed of the EXP'N port of the shelf controller. A controller connects to the shelf controller of the next enclosure in the chain through the EXP'N port. enclosure show fans [<enclosure>] Display the current status of fans in all enclosures, or in a specific enclosure.
Example # enclosure show fans
Enclosure Description --------1 ---------------------FAN 1 FAN 2 FAN 3 FAN 4 FAN 5 FAN 6 FAN 7 FAN 8 2 Power module #1 fan #2 Power module #2 fan #1 Power module #2 fan #2 Level -----medium medium medium medium medium medium medium medium low low low Status -----OK OK OK OK OK OK OK OK OK OK OK OK
Power module #1 fan #1 low
Output Definitions
Enclosure The enclosure number, starting from 1, for the Data Domain system. Description The fan description for each power or cooling unit. Level The fan speed. This value depends on the internal temperature and amount of cooling required. Status The fan status: OK or Failed.
114
enclosure show powersupply [<enclosure>] Display the status USAF power supplies in all enclosures or in a specific enclosure.
Example # enclosure show powersupply
Enclosure --------1 1 2 2 --------Description --------------Power Module #1 Power Module #2 Power Module #1 Power Module #2 --------------Status -----OK OK OK OK ------
Output Definitions (Status)

OK The power supply is operating normally. Degraded The power supply is manifesting a fault or not installed. Unavailable The system cannot determine the status of the power supply. enclosure show summary List enclosures, model and serial numbers, state, OEM names and values, and capacity (number of disks in the enclosure). The serial number for an expansion shelf is the same as the chassis serial number, which is the same as the enclosure WWN and the OPS panel WWN.
Example # enclosure show summary
Enclosure Model No. Serial No. State OEM Name OEM Value Capacity
------------------------------------------------------------------------------------------------------------------------1 2 3 DD690 ES20 ES30 8F46927218 US1V4100500053 Online Online 15 Slots 16 Slots 15 Slots 50050CC100100D4E Online
------------------------------------------------------------------------------------------------------------------------3 enclosures present.
enclosure
115
Enclosure states may be one of the following: Offline No connectivity to shelf. Shelf was connected previously. Also occurs if there is no power to the enclosure (after startup). Online Operating as expected. No problems detected. Fault Applies to ES20 only. Indicates no communication with firmware. Found Transient state. Enclosure detected (though not seen by user) and will transition to other states. Error Hardware or software error. Software Error Typically means busy. Try again later. enclosure show temperature-sensors [<enclosure>] List the internal and CPU chassis temperatures for a system, and the internal temperature for expansion shelves. CPU temperatures may be shown in relative or ambient readings. The CPU numbers depend on the Data Domain system model. With newer models, the numbers are negative when the status is OK and move toward zero as CPU temperature increases. If a CPU temperature reaches 0 Celsius, the Data Domain system shuts down. With older models, the numbers are positive. If the CPU temperature reaches 80 Celsius, the Data Domain system shuts down. A status of Critical indicates that the temperature is above the shutdown threshold.
Example # enclosure show temperature-sensors
Enclosure --------2 --------Description ---------------Internal ambient ---------------C/F ----25/77 ----Status -----OK ------
116
enclosure show topology Show the layout of the SAS enclosures attached to a system.
Port 1a 1b 1c 1d 2a 2b 2c 2d 3a 3b 3c 3d ------------------------------------------------------------------------------------------------Encl ---2 3 4 ---WWN -------------------------US1V4102300094 US1V4101700116 US1V4102300042 -------------------------Serial # --------------------------US1V4102300094 US1V4101700116 US1V4102300042 -------------------------3.A.H: 3.A.E 4.A.H: 4.A.E 2.A.H: 2.A.E 2.B.H: 2.B.E 4.B.H: 4.B.E 3.B.H: 3.B.E enc.ctrl.port enc.ctrl.port enc.ctrl.port -------------------------------------------------------------------------------------------------
Error Message: -----------------------No error detected ----------------------Enclosure rear view: CONTROLLER-B | | | | | | H E | | | E CONTROLLER-A H | | | OP-PANEL | | | +--------------------------------------------------------------------------------------------+
+--------------------------------------------------------------------------------------------+
test
enclosure test topology <port> duration <minutes> Test the connections in the enclosure topology.
enclosure
117
118
filesys
The filesys command displays statistics, capacity, status, and utilization of the filesystem. Command options also clear the statistics file, and start and stop filesystem processes. The filesys clean command options reclaim physical storage within the filesystem. Command output for disk space or the amount of data on disks is computed using base-2 calculations. See How Data Values Are Calculated for details. Options include:

archive clean create destroy disable enable encryption expand fastcopy option restart show status sync
filesys
119
Change History
Click the command option for details on usage and functionality. See the EMC DD OS Release Notes of the corresponding version for details on modifications, including arguments, output, and permissions. Version Change 5.2 New command options: filesys encryption key-manager disable filesys encryption key-manager enable filesys encryption key-manager reset filesys encryption key-manager set {server <server-name> | port <portnumber> | fips-mode {enabled | disabled} | key-class <key-class> | server <server-name> port <port-number> fips-mode {enabled | disabled} key-class <key-class>} filesys encryption key-manager show filesys encryption keys delete <keyid> filesys encryption keys destroy <keyid> filesys encryption keys show [<keyid>] filesys encryption keys sync Deprecated command option: filesys encryption keys detailed show filesys encryption passphrase change (See system passphrase change.)
Unless otherwise noted, command options are available only to users with admin role permissions. In addition to admin permissions, command options for encryption require security officer authorization. See Enabling Security Officer Authorization for instructions.
120
Options
archive
The filesys archive command option is specific to a DD Extended Retention system. It enables administrative users to provision the filesystem with tiered storage. See the DD Extended Retention Administration Guide (formerly DD860 Archiver Administration Guide) for details on command usage and examples. filesys archive unit add Create an archive unit from the archive tier of the filesystem, change the state of disks or LUNs from available to in-use, and add the new archive unit to the filesystem. Also view the list of archive unit sizes available in the archive tier. filesys archive unit del <archive-unit> Delete a specific archive unit and change the state of disks or LUNs to available. An archive unit can be deleted from the tier only when the Data Domain system filesystem is disabled. Disabling the filesystem stops all Data Domain system operations, including filesys clean. This command destroys all data in the archive unit. Files within the archive unit must be deleted to remove them from the namespace. note This command option is not available on a Retention Lock Compliance system.
filesys archive unit expand <archive-unit> Expand the size of the specified archive unit. filesys archive unit list [<archive-unit> | all] List all archive units or a specific archive unit.
clean
filesys clean reset {schedule | throttle | all} Reset the clean schedule to the default of Tuesday at 6 a.m. (tue 0600), the default throttle of 50 percent, or both. filesys clean set schedule [daily | monthly | never] <day(s)> <time> Set schedule for the clean operation to run automatically. Default is Tuesday at 6 a.m. (tue 0600).
filesys
121
Data Domain recommends running the clean operation once a week to maintain optimal availability of the filesystem. However, if there is no shortage of disk space you may clean less often.
daily Runs command every day at the set time. monthly Starts command on a the day or days specified at the set time. Days are entered as integers ranging from 1 to 31. never Turns off the clean schedule. day(s) Runs on the day or days specified. Days are entered as integers ranging from 1 to 31. time Time is 24-hour format. 2400 is not a valid time. The time mon 0000 is midnight between Sunday night and Monday morning. A new set schedule command cancels the previous setting.
Example 1
To run the clean operation automatically every Tuesday at 4 p.m.:

# filesys clean set schedule tue 1600 Example 2
To run the operation more than once in a month, set multiple days in a single command. For example, to clean the filesystem on the first and fifteenth day of the month at 4 p.m., enter:
# filesys clean set schedule monthly 1,15 1600
filesys clean set throttle <percent> Set clean operations to use a lower level of system resources when the Data Domain system is busy. At zero percent, cleaning runs slowly or not at all, depending on how busy the system is. At 100 percent, cleaning uses system resources in the standard way. Default is 50 percent. When the Data Domain system is not running backup or restore operations, cleaning runs at 100 percent.
122
Example
To set the clean operation to run at 30 percent of its potential speed:

# filesys clean set throttle 30
filesys clean show config Display settings for filesystem cleaning. All users may run this command option.
Example # filesys clean show config
50 Percent Throttle Filesystem cleaning is scheduled to run "Tue" at "0600".
filesys clean show schedule Display current date and time for the clean schedule. All users may run this command option.
Example # filesys clean show schedule
Filesystem cleaning is scheduled to run "Tue" at "0600".
filesys clean show throttle Display throttle setting for cleaning. All users may run this command option.
Example # filesys clean show throttle
100 Percent Throttle
filesys clean start Start clean process manually. When the process finishes, a message is sent to the system log citing the percentage of available storage space. filesys clean status Display status of the clean process. All users may run this command option.
Example # filesys clean status
Cleaning started at 2009/02/06 10:21:51: phase 6 of 10 64.6% complete, 2496 GiB free; time: phase 1:06:32, total 8:53:21
filesys clean stop Stop the clean process. Stopping the process means all progress is lost. Restarting the process means starting from the beginning.
filesys
123
If the clean process slows down the system, run the filesys clean set throttle command to change the amount of system resources used by the clean process. Changes to system resource usage take effect immediately. filesys clean watch Monitor the filesys clean process. Output of this command continuously updates as the filesys clean operation progresses. For example, output of verification phase shows the actual number of files moved to the target. Reporting concludes after the final phase. Press Ctrl-C to stop monitoring. Note the filesys clean process continues to run. All users may run this command. note Because some files may be dropped during verification, output of the percent completion phase may not reach 100%. This is expected behavior.
create
filesys create Create a filesystem or associated RAID disk group with available and spare storage in the active tier. Change the state from Available to In Use.
Example # filesys create
The filesystem of size 2TiB will be created. Are you sure? (yes|no?) [no]: y . . . You now have a freshly initialized filesystem. Enable the filesystem using 'filesys enable'
destroy
filesys destroy [and-zero] Delete all data in the Data Domain system filesystem including data configured with Retention Lock Governance, remove Replicator configuration settings, and return filesystem settings to defaults. When this process is finished, NFS clients connected to the Data Domain system may require a remount. note This command option is not available on a Retention Lock Compliance system.
124
By default, this command only marks the filesystem data as deleted. Disks are not overwritten with zeroes unless you specify the and-zero option. Filesystem data marked deleted cannot be recovered, even if the disks have not been overwritten with zeroes. The and-zero option adds several hours to the destroy operation. It is not supported on Data Domain gateway systems.
disable
filesys disable Stop filesystem operations.
enable
filesys enable Start the filesystem operations. Security officer authorization is required if there is time skew in the system clock. See the section on Retention Lock Compliance in the EMC Data Domain Administration Guide for details.
encryption
filesys encryption algorithm reset Reset the algorithm to the default: aes_256_cbc. After running this command, you must restart the filesystem with the filesys restart command option. filesys encryption algorithm set {aes_128_cbc | aes_256_cbc | aes_128_gcm | aes_256_gcm} Select the encryption algorithm. After running this command, you must restart the filesystem with the filesys restart command option. The aes_256_gcm option (AES in the Galois/Counter mode), is the most secure algorithm, but is significantly slower than Cipher Block Chaining (CBC) mode. filesys encryption algorithm show Display encryption algorithm. Output indicates changes are pending, if applicable. filesys encryption apply-changes Update filesystem with current encryption configuration. Encryption changes are applied to all data in the Data Domain system during the next cleaning cycle. filesys encryption disable Deactivate encryption. Before you run this command, you must run filesys disable and enter security officer credentials. See Enabling Security Officer Authorization for details. This requirement provides an audit trail for changes to data encryption status.
filesys
125
Example # filesys encryption disable

This command requires authorization by a user having a 'security' role. Please present credentials for such a user below. Username: so_user1 Password: The encryption feature is now disabled. The filesystem must be restarted to effect this change.
filesys encryption enable Activate encryption for new data written to the filesystem and specify a new passphrase. After running this command, you must restart the filesystem with the filesys restart command. filesys encryption key-manager disable Key rotation policy is disabled. The filesystem continues to use the latest Activated-RW key for encrypting the data. This command option requires security-officer authorization. filesys encryption key-manager enable Beginning with version 5.2, the RSA Data Protection Manager (DPM) key manager is available for external encryption key management. The local encryption key administration method is also available. As in previous releases, the local key manager provides a single encryption key for each Data Domain system. The RSA DPM Key Manager enables the use of multiple, rotating keys on a Data Domain system. DPM supports a maximum of 254 keys. See the section on key management in the EMC Data Domain Administration Guide for additional information. filesys encryption key-manager reset Clear the attributes of the key-manager. filesys encryption key-manager set {server <server-name> | port <port-number> | fips-mode {enabled | disabled} | key-class <key-class> | server <server-name> port <port-number> fips-mode {enabled | disabled} key-class <key-class>} Specify the attributes of the key-manager. RSA Data Protection Manager (DPM) supports three attributes of a Key Class Cipher including Algorithm, Key Size, and Mode. When setting up a Key Class in RSA DPM for use with a Data Domain system, the key size must be 256 bits, otherwise the DPM configuration will fail. Additionally, Data Domain does not use the attributes Algorithm and Mode from RSA DPM. These attributes are configured using the command option: filesys encryption algorithm set {aes_128_cbc | aes_256_cbc | aes_128_gcm | aes_256_gcm}.
126
note
A Data Domain system retrieves a key from RSA DPM by Key Class. Choices for the RSA DPM attribute Get Key Behavior of a Key Class are New Key Each Time or Use Current Key. In this release, Data Domain supports the Key Class Use Current Key only. An error message is not issued if the Key Class is incorrectly configured to generate a new key each time; however, the Data Domain system does not receive the correct key to encrypt the data.
server The name of the RSA key manager server or IP address. port The port number of the RSA server on which the key manager is listening. fips-mode Use the argument disabled if the imported certificate for key management is not in FIPS mode. Default is enabled. key-class The key class configured on the key manager for the Data Domain system. filesys encryption key-manager show Display details about the key manager. See the EMC Data Domain Administration Guide for descriptions of key states.
Example # filesys encryption key-manager show
Key Manager: Enabled Server: testmachine.scmc.local Port: 38443 Fips-mode: enabled Status: Online Key-class: qa_gui_2
filesys encryption keys delete <keyid> Delete the key from the filesystem after the number of keys has exceeded 254. Only a Destroyed-Compromised key or a Destroyed key can be deleted. This command option requires security officer authorization. See Enabling Security Officer Authorization. filesys encryption keys destroy <keyid> Destroy the specified encryption key if all data encrypted with the key requires re-encryption. After the key is destroyed, the key is no longer used for reading or writing. This command option requires security officer authorization.
filesys
127
filesys encryption keys show [<keyid>] Display the key-manager attributes.

Example 1 # filesys encryption keys show
Key Id Key MUID State Size post-comp
--------------------------------------------------------------------------------------------------------------------------------------1 e03a6b9fff773c3a67167a9e0ec700260a0592d1662d0633416ae0f1785f9131 Activated-RW -
--------------------------------------------------------------------------------------------------------------------------------------* Post-comp size will be updated after next cleaning cycle.
Example 2 # filesys encryption keys show 1

Key Id Key MUID State Type Start Date End Date 1 e03a6b9fff773c3a67167a9e0ec700260a0592d1662d0633416ae0f1785f9131 Activated-RW RKM Tue Nov 22 11:32:03 2011 Never
Create Date Tue Nov 22 11:32:03 2011
filesys encryption keys sync Synchronize the key manager encryption keys. If a new key is detected, an alert is generated. When the filesystem is restarted, the new key is used for reading and writing. A key that is destroyed in RSA DPM will not be marked for destroyed on the Data Domain system. See the EMC Data Domain Administrators Guide Managing Encryption of Data at Rest for details on how to destroy a key. note A Data Domain system retrieves a key from RSA DPM by Key Class. Choices for the RSA DPM attribute Get Key Behavior of a Key Class are New Key Each Time or Use Current Key. In this release, Data Domain supports the Key Class Use Current Key only. An error message is not issued if the Key Class is incorrectly configured to generate a new key each time; however, the Data Domain system does not receive the correct key to encrypt the data.
128
filesys encryption lock Lock the system by creating a new passphrase and destroying the cached copy of the current passphrase. Before you run this command, you must run filesys disable and enter security officer credentials. See Enabling Security Officer Authorization for instructions. Before locking the system, verify there are no keys in a compromised state. For security purposes, Data Domain recommends performing a filesystem clean procedure prior to locking the system. After running this command, the system encryption keys are unrecoverable until the system is unlocked with the system passphrase. This command is useful when preparing a Data Domain system and its external storage devices for shipment. New passphrases are not stored and can be forgotten. Data Domain recommends keeping a record of the passphrase in a safe location. Data cannot be recovered without the new passphrase.
Example # filesys disable
Please wait.......... The filesystem is now disabled.
# filesys encryption lock

This command requires authorization by a user having a 'security' role. Please present credentials for such a user below. Username: so_user2 Password: Enter the current passphrase: Enter new passphrase: Re-enter new passphrase: Passphrases matched. The filesystem is now locked.
filesys encryption show Check the status of the encryption feature. Output indicates changes are pending, if applicable.
Example # filesys encryption show
Encryption is enabled (Encryption 'disable' change is pending*) Algorithm: aes_256_cbc (Algorithm 'aes_128_cbc' change is pending*) The filesystem is unlocked * The filesystem must be restarted to effect this change.
filesys
129
filesys encryption unlock The filesystem is locked automatically after a headswap or chassis swap. Use this command option to unlock the filesystem.
expand
filesys expand Increase the filesystem by using all space in the active tier.
fastcopy
filesys fastcopy source <src> destination <dest> Copy a file or directory tree from a Data Domain system source directory to another destination on the Data Domain system. Source names <src> that include spaces or special characters must be entered according to the following conventions.
Enclose the entire source pathname with double quotation marks:

filesys fastcopy "/data/col1/backup/.snapshot/fast copy" destination /data/col1/backup/dir
OR
Enter a backslash before the space. Do not add quotation marks:

filesys fastcopy /data/col1/backup/.snapshot/fast\ copy destination /data/col1/backup/dir2
source <src> The location of the directory or file to copy. The first part of the path must be /backup. Snapshots always reside in /backup/.snapshot. Use the snapshot list command to list existing snapshots. destination <dest> The destination for the directory or file being copied. The destination cannot already exist.
130
option
filesys option disable report-replica-as-writable Set the reported read/write status of a replication destination filesystem to read-only. Use the filesys disable command before changing this option and use the filesys enable command after changing the option. With CIFS, use the cifs disable command before changing the option and use the cifs enable command after changing the option. filesys option enable report-replica-as-writable Set the reported read/write status of a replication destination filesystem to read/write. Use the filesys disable command before changing this option and use the filesys enable command after changing the option. With CIFS, use the cifs disable command before changing the option and use the cifs enable command after changing the option. filesys option reset {local-compression-type | low-bw-optim | marker-type | report-replica-aswritable | global-compression-type} | staging-reserve | staging-clean | staging-delete-suspend | compute-segfeatures} Return filesystem compression to the default settings on the destination Data Domain system. Low-bandwidth optimization is not supported in Global Deduplication arrays.
local-compression-type Reset the compression algorithm to the default of lz. low-bw-optim Display if low-bandwidth optimization is enabled. marker-type Return the marker setting to the default of auto. report-replica-as-writable Reset the filesystem to read-only. global-compression-type Remove a manually set global compression type. The filesystem continues to use the current type. Only when a filesys destroy command is entered does the type used change to the default of 9. staging-reserve Set staging reserve percentage from 0 to 90.
filesys
131
filesys option set global-compression-type {1 | 9} Set the global compression of data to type 9 (new type) or type 1 (previous type). Enter the filesys disable and filesys enable commands for the change to take effect. If the filesystem is over 40 percent full, the command fails with an error message. Compression type must be the same on each side of a directory replication pair. If not, replication stops.
Example # filesys option set global-compression-type 1 # filesys disable # filesys enable
filesys option set local-compression-type {none | lz | gzfast | gz} Set compression algorithm. To enable the new setting, use the filesys disable and filesys enable command options. If local compression is changed from the default value of lz, the change is applied only to new data and data accessed during subsequent clean operations. The system transitions to the new compression type as backups expire. This behavior reduces overhead of the cleaning process.
none No data compression occurs. lz The default algorithm that gives the best throughput. Data Domain recommends the lz option. gzfast A zip-style compression that uses less space for compressed data, but more CPU cycles. gzfast is the recommended alternative for sites that want more compression at the cost of lower performance. gz A zip-style compression that uses the least amount of space for data storage (10% to 20% less than lz), but also uses the most CPU cycles (up to twice as many as lz). filesys option set staging-reserve <percent> Reserve a percentage of total disk space for disk staging.
132
filesys option show [{local-compression-type | low-bw-optim | marker-type | report-replica-aswritable | global-compression-type | staging-reserve | staging-clean | staging-delete-suspend | compute-segfeatures} Show the filesystem option settings. By default, all filesystem options are displayed. To limit the output to a single system option, specify one of the system options.
local-compression-type Display the current compression algorithm. low-bw-optim Display if low-bandwidth optimization is enabled. marker-type Display the current marker setting. report-replica-as-writable Display the current reported setting on the destination Data Domain system. global-compression-type Display the current global compression type. staging-reserve Set staging reserve percentage from 0 to 90.
restart
filesys restart Disable and enable the filesystem in a single operation.
show
filesys show compression [<filename>] [last <n> {hours | days}] [no-sync] filesys show compression [tier {active | archive}] summary | daily | daily-detailed {[last <n> { hours | days | weeks | months }] | [start <date> [end <date>]]} Display the space used by, and compression achieved for, files and directories in the filesystem. When used on a DD Extended Retention system, information is also shown for the active or archive tiers. See the DD Extended Retention Administration Guide for details. Values are reported in Gigibytes (GiB). See How Data Values Are Calculated for details.
filesys
133
In general, the more often a backup procedure is run on a file or filesystem, the higher the compression. The output does not include global and local compression factors for the Currently Used table, but uses a dash instead. Note that the display on a busy system may not return for several hours, depending on the number of files. Other factors may influence the display. Running the command without arguments generates default output that displays a summary of compression statistics for all files and directories in the filesystem for the last 7 days and the last 24 hours. Output includes details on active and archive tiers for the DD Extended Retention system only.
<filename> filename (Optional) Synchronize all modified files to disk and then display compression statistics for the specified file or directory only. To display compression statistics for a specific file or directory without first synchronizing all modified files to disk, include the no-sync option. Depending on the number of files in the filesystem, specifying a file name could cause this command to process for several hours before completing. last <n> {hours | days | weeks | months} (Optional) In the summary portion of the output, display filesystem compression statistics for the specified time frame instead of for the past 7 hours. The statistics for the last 24 hours remain in the summary output. If you specify a file or directory name, you cannot use this option with the weeks keyword or the months keyword. no-sync (Optional) Display compression statistics for a specific file or directory without first synchronizing all modified files to disk. summary (Optional) Display all compression statistics, summarized in the following categories: Storage currently used. Data written in the last 7 days. By including the last <n> option or the start <date> option, you can display statistics for a time frame other than the last 7 days. Data written in the last 24 hours.
134
daily (Optional) In addition to the summary output, display the following information for each day, over the previous four full weeks, plus the current partial week. This option is not available if you specify a file or directory name. daily-detailed (Optional) Display the daily output, but also include the following information for each day. This option is not available if you specify a file or directory name. start <date> (Optional) In the summary portion of the output, display filesystem compression statistics for the time frame that begins on the specified day instead of the past 7 hours. The statistics for the last 24 hours will remain in the summary output. If you specify a time frame less than the previous four weeks, plus the current full week, the daily or daily-detailed output (if specified) is truncated to the shorter time frame. Specify <date> in the format <yyyy>-<mm>-<dd> (for example, 2011-04-07). By default, the last day of the time frame specified with this argument is the most recent, full day elapsed. end <date> (Optional) Valid only if the start option is used. In the summary portion of the output, display filesystem compression statistics for the time frame that ends on the specified day. In general, the more often a backup is done for a particular file or filesystem, the higher the compression. On a busy system, this process may not complete for several hours, depending on the number of files. Other factors may also affect results.
Example
The following example shows sample output from a DD Extended Retention system. It includes summary information for active and archive tiers, and a table of currently used storage. On a standard Data Domain system, output includes information on active tier only.
# filesys show compression
Active Tier: Pre-Comp (GiB) Post-Comp (GiB) Global-Comp Factor Local-Comp Factor Total-Comp Factor (Reduction %) -------------------------------------------------------------------------------------------------------------------------------------------------------------Written: Last 33 days Last 24 hrs 122518.6 127.9 32314.9 0.0 2.5x 17828639.6x 1.5x 2.8x 3.8x (73.6) 49159570.3x (100.0)
-------------------------------------------------------------------------------------------------------------------------------------------------------------* Does not include the effects of pre-comp file deletes/truncates since the last cleaning on 2011/04/07 13:56:59.
filesys
135
Archive Tier: Pre-Comp (GiB) Post-Comp (GiB) Global-Comp Factor Local-Comp Factor Total-Comp Factor (Reduction %) -------------------------------------------------------------------------------------------------------------------------------------------------------------Written:* Last 33 days Last 24 hrs 122518.6 127.9 32314.9 0.0 2.5x 17828639.6x 1.5x 2.8x 3.8x (73.6) 49159570.3x (100.0)
--------------- -------- --------- ----------- ---------- ------------------* Does not include the effects of pre-comp file deletes/truncates since the last cleaning on 2011/04/07 13:56:59. Currently Used: Pre-Comp (GiB) Post-Comp (GiB) Global-Comp Factor Local-Comp Factor Total-Comp Factor (Reduction %) -------------------------------------------------------------------------------------------------------------------------------------------------------------Active Archive Total 86625.9 86625.9 ******* 18365.6 18365.6 ******* 4.7x (78.8 4.7x (78.8
--------------------------------------------------------------------------------------------------------------------------------------------------------------
Output Definitions
Pre-Comp Data written before compression. Post-Comp Storage used after compression. Global-Comp Factor Ratio of Pre-Comp / (size after global compression). Not applicable to the storage currently used. Local-Comp Factor Ratio of (size after global compression)/Post-Comp. Not applicable to the storage currently used. Total-Comp Factor Ratio of Pre-Comp / Post-Comp. Reduction % Percentage value (Pre-Comp - Post-Comp) / Pre-Comp) * 100. This is the default output format.
136
filesys show file-info <filename> Display detailed information about the specified file. Specify the fully qualified path to the file. filesys show space Display the space available to and used by filesystem resources. Values are reported in Gigibytes (GiB). See How Data Values Are Calculated for details. The following example shows filesystem space on a standard Data Domain system:
# filesys show space
Active Tier: Resource /data: pre-comp /data: post-comp /ddvar Size GiB 21563.9 132.9 Used GiB 8805.7 495.5 58.5 Avail GiB 21068.4 67.6 Use% 2% 46% Cleanable GiB 83.0 -------------------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------------------------
Output Definitions
Size GiB Total storage capacity of a filesystem resource. Used GiB Amount of data stored on a filesystem resource. Avail GiB Amount of free space on a filesystem resource. Use% Ratio of data stored to total capacity, multiplied by 100. Cleanable GiB Estimated amount of recoverable free space. Command output displays space availability and usage information for the following filesystem components: /data: pre-comp Amount of virtual data stored on the Data Domain system. Virtual data is the amount of data sent to the Data Domain system from backup servers.
filesys
137
/data: post-comp Amount of total physical disk space available for data, actual physical space used for compressed data, and physical space still available for data storage. Warning messages go to the system log and an email alert is generated when the Use% figure reaches 90%, 95%, and 100%. At 100%, the Data Domain system stops accepting data from backup servers. /ddvar Approximate amount of space used by and available to the log and core files. To free space in this area, remove old logs and core files. The total amount of space available for data storage can change because an internal index may expand as the Data Domain system fills with data. The index expansion takes space from the Avail GiB amount. If Use% is always high, use the command option filesys clean show-schedule to see how often the cleaning operation is scheduled to run automatically. Use filesys clean schedule to run the operation more often. filesys show uptime Display the amount of time passed since the filesystem was last enabled. The display is in days, hours, and minutes.
Example # filesys show uptime
Filesys has been up 47 days, 23:28
status
filesys status Display the state of the filesystem process.
Example # filesys status The filesystem is enabled and running
If the filesystem was shut down with a Data Domain system command, such as filesys disable, the display includes the command.
Example # filesys status
The filesystem is disabled and shutdown. [filesys disable]
138
sync
filesys sync Synchronize modified files to disk.
Additional Topics
More About Filesystem Cleaning

The filesys clean command reclaims physical storage on the Data Domain system. It is the only command that reclaims physical storage used by files that are deleted and not present in a snapshot. During the clean operation, the Data Domain system is available for backup (write) and restore (read) operations. Cleaning is a self-throttling process that gives up system resources in the presence of user traffic. Data Domain recommends running a clean operation after the first full backup to a Data Domain system. The initial local compression on a full backup is typically a factor of 1.5 to 2.5. An immediate clean operation increases compression by another factor of 1.15 to 1.2 and reclaims a corresponding amount of disk space. Any operation that shuts down the Data Domain system, such as disabling the filesystem or performing a power-off or reboot, stops the clean operation. The clean does not restart when the system and filesystem restart. You must restart the clean manually or wait until the next scheduled clean operation. Replication between Data Domain systems can affect filesys clean operations. If a source Data Domain system receives large amounts of new or changed data while replication is disabled or disconnected, resuming replication may significantly delay filesys clean operations. Cleaning becomes inefficient during a large replication process because what is not replicated is not cleaned.
How Data Values Are Calculated

1 KiB = 210 bytes = 1024 bytes 1 MiB = 220 bytes = 1,048,576 bytes 1 GiB = 230 bytes = 1,073,741,824 bytes 1 TiB = 240 bytes = 1,099,511,627,776 bytes
filesys
139
Error Messages
Occasionally, error messages may be generated when creating a filesystem.
Error creating filesystem. Log stored in /ddr/var/log/debug/create.<number>
This is a general error message. See the log file reference in the error message.
A filesystem already exists.
The filesystem was not destroyed before the filesys create command was run. Run the filesys destroy command, and then retry the filesys create command.
There is no storage available for creation.
No storage was added to the active tier before the filesys create command option was run. Use the storage add command option to add disks or LUNs to the tier, and then retry creating the filesystem.
Enabling Security Officer Authorization

Filesystem encryption, decryption, and managing systems enabled for Retention Lock Compliance require admin role permissions and security officer authorization.
To enable security officer authorization:
1. Log in as a security role. If necessary, create a security officer role. See user for instructions on creating the role and for details about the role. 2. Run the command option authorization policy set security-officer enabled.
140
help
The help command displays Help files for Data Domain system commands. Entering the help command without an object displays the complete list of Data Domain system commands. For a description of a single command, including syntax, options, and for most commands, sample output, include the command name as the object; for example, help filesys. You can also search for command options using keywords. If the keyword is the same as a command name, the entire Help page for the command displays. Typically, information that does not appear in the Help files is available in the EMC Data Domain Administration Guide.
Change History

All users may run this command option. Use the up and down arrow keys to move through a help page. Press Tab to complete an entry. Use the q key to exit. Enter a slash (/) to move forward and a question mark (?) with a pattern to search for and highlight lines of interest.
help
141
142
ipmi
The ipmi command monitors and manages a Data Domain system deployed remotely. Command options enable administrators to monitor remote systems and to power the systems on or off as required. The Serial-Over-LAN (SOL) feature is used to view the serial output of a remote system boot sequence. For more information, see the EMC Data Domain Operating System Offline Diagnostics Suite Users Guide. Options include:

config disable enable remote console remote power reset show user
Change History
ipmi
143
Unless otherwise noted, command options are available only to users with admin role permissions. Users cannot log in to IPMI via SSH. See the EMC Data Domain Administration Guide for instructions on managing remote systems. IPMI (on/off/cycle/status) is not supported on the following models:

DD140 DD610 DD630
SOL (serial-over-LAN) is not supported on the following models:

DD120 DD140 DD5xx DD610 DD630 DD660 DD690/g
See Additional Topics for the lists of models that support IPMI and SOL.
Options
config
ipmi config <port> {dhcp | ipaddress <ipaddr> netmask <mask> gateway <ipaddr>} Configure the IPMI static or dynamic IP address of a BMC. If configuring a static IP, you must provide the BMC IP address, netmask, and gateway address. See Setting Up IPMI for details.
disable
ipmi disable {<port> | all} Disable IPMI remote access to a single system, or all systems.
144
enable
ipmi enable {<port> | all} Enable IPMI remote access to a single system, or to all systems.
remote console
ipmi remote console ipmi-target <ipaddr | hostname> user <user> [password <password>] Activate SOL mode to view serial console of a remote Data Domain system. See Viewing Serial Output of a Remote System for instructions.
remote power
ipmi remote power {on | off | cycle | status} ipmi-target <ipaddr | hostname> user <user> [password <password>] Power on, power off, or power cycle a remote target system from an initiator system.
Example # ipmi remote power cycle ipmi-target 10.25.220.197 user sysadmin
The 'ipmi remote power cycle' command turns off the power without shutting down the system gracefully and file access will be interrupted. Are you sure? (yes|no|?) [no]: yes ok, proceeding. Remote target 10.25.220.197 has been power CYCLED. Please use serial-over-lan or serial console to view boot status.
reset
ipmi reset Reset LAN and SOL configuration and clear all IPMI users.
show
ipmi show config View the configuration of local IPMI interfaces. Output includes the dynamic or static IP address, gateway, netmask, and MAC address.
ipmi
145
Example # ipmi show config Console: serial

Port -----bmc0a -----Enabled ------- ---yes ------- ---DHCP -------yes -------IP address ------------------192.168.11.165* ------------------Netmask -----------255.255.252.0* -----------Gateway ----------------192.168.10.1* -----------------
* Value from DHCP
ipmi show hardware View the port names and firmware version of the local BMC. Output also includes the IPMI version, manufacturer, MAC addresses. The Link Status column shows if the LAN cable is connected to the LAN-IPMI shared port. Link status cannot be determined on Data Domain systems with a dedicated IPMI port. These include models DD640, DD670, DD860, and DD890.
Example # ipmi show hardware
Firmware Revision: 0.59 IPMI Version Port ------------bmc-eth0 bmc-eth1 -------- ----: 2.0 MAC Address -------------------------00:15:17:30:2d:72 00:15:17:30:2d:73 --------------------------Link Status ----------yes no ----------Manufacturer Name: Intel Corporation
user
ipmi user add <user> [password <password>] Add new IPMI user. ipmi user change <user> [password <password>] Change the password of an IPMI user. ipmi user del <user> Delete an IPMI user. ipmi user list View a list of IPMI users, including names, IDs, and permissions.
146
ipmi user reset Clear all IPMI users. If this is the first time using IPMI, we recommend running this command to clear IPMI users who may be out of synch between two ports, and to disable default users.
Additional Topics
Supported Models-IPMI

DD120 DD160 DD510/530/565/580/580g DD620 DD640 DD660 DD670 DD690 DD860 DD880/g DD890
Supported Models-SOL

DD160 DD620 DD880/g DD640 DD670 DD860 DD890
ipmi
147
Viewing Serial Output of a Remote System

The Serial-Over-Lan (SOL) feature enables viewing text-based serial output without a serial server. It is used in combination with the remote power cycle command to view the remote systems boot sequence. The following example shows how to enter SOL mode and view the serial output of a remote Data Domain system:
# ipmi remote console ipmi-target 10.25.220.197 user sysadmin
Please enter user password: [SOL Session operational. Use @? for help] Data Domain OS 0.86.0.0-191797 localhost.localdomain login:
Disconnecting from an SOL Session

Enter the symbol @ to disconnect from a session and return to the command line.
Disconnecting from the Initiator

Enter the symbol ~ to disconnect from the initiator system completely.
Setting Up IPMI
How you set up IPMI on a Data Domain system varies depending on model number. 1. Connect LAN cable to LAN port. Note the following exceptions:
For models DD860, DD890, DD640, and DD670, connect LAN to maintenance port. For models DD160 and DD620, connect LAN cable to upper port (eth0a), which is shared by LAN and BMC.
2. Adjust the BIOS settings according to model.
Model DD640, DD670, DD860, DD880g, DD890
BIOS Settings Use default settings.
148
Model DD160, DD620
BIOS Settings Press F2 to go to BIOS. Server > Set AST1000/2000 LAN Configuration > BMC LAN Enable
Server > Remote Access Configuration
Remote Access = enable Serial Port = com2 Serial port mode = 9600 Flow control = none Redirection = always Terminal type = vt100 Server Management > Console Redirection > Serial Port B > Baud Rate 9.6K DD120, DD510, DD530, DD565, DD580, DD580g, DD660, DD690 Press F2 to go to BIOS. Advanced > Serial Port Configuration > Serial B Enable [Enabled].
Server Management > Console Redirection > Serial Port B > Baud Rate 9.6K
3. Run ipmi show config to get the port name. 4. Run ipmi config port { dhcp | ipaddress <ipaddr> netmask <mask> gateway <ipaddr> } to configure an IPMI port. 5. If this is the first time using IPMI, run ipmi user reset to clear IPMI users that may be out of synch between two ports, and to disable default users. 6. To add a new IPMI user, run the command option ipmi user add user [password <password>]. 7. To set up SOL, run the command option system option set console lan. 8. When prompted, enter y to reboot the system.
ipmi
149
Number of Supported IPMI Users

Model DD880g Number of Users Maximum user IDs = 15. Default user = 1 (NULL). Net maximum available for use = 14. Maximum user IDs = 10. Default user = 2 (NULL, root). Net maximum available for use = 8. Maximum user IDs = 10. Default user = 1 (root) Net maximum available for use = 9. Maximum user IDs = 10. Default user = 1 (root). Net maximum available for use = 9.
DD640, DD670, DD860, DD890
DD160, DD630
DD120, DD5xx, DD660, DD690
150
license
The license command adds, deletes, and resets keys for licensed features and storage capacity. Options include:

add delete reset show
Change History
Click the command option for details on usage and functionality. See the EMC DD OS Release Notes of the corresponding version for details on modifications, including arguments, output, and permissions. Version Change 5.2 Licenses for Retention Lock Compliance and Retention Lock Governance added. See the EMC Data Domain Administration Guide for details on Retention Lock software options.
Unless otherwise noted, command options are available only to users with admin role permissions. License codes are case-insensitive. Include the hyphens when entering codes.
Options
add
license add <license-code> [<license-code> ...] Add one or more licenses for features and storage capacity. Include dashes when entering the license code. This command option may run on a standalone Data Domain system or on the master controller of a Global Deduplication Array.
license
151
Example # license add ABCD-DCBA-AABB-CCDD BBCC-DDAA-CCAB-AADD-DCCB- BDAC-E5

Added "ABCD-DCBA-AABB-CCDD" : REPLICATION feature Added "BBCC-DDAA-CCAB-AADD-DCCB- BDAC-E5" : CAPACITY-ARCHIVE feature for 6TiB capacity ES20
delete
license del <license-feature> [<license-feature> ...] | <license-code> [<license-code> ...] Delete one or more software option licenses. In a GDA configuration, run this command on the master controller. Security officer authorization is required to delete licenses from Retention Lock Compliance systems only.
Example # license del EEFF-GGHH-JJII-LLKK MMNN-OOQP-NMPQ-PMNM STXZ-ZDYSGSSG-BBAA
License code "EEFF-GGHH-JJII-LLKK" deleted. License code "MMNN-OOQP-NMPQ-PMNM" deleted. License code "STXZ-ZDYS-GSSG-BBAA" deleted.
reset
license reset Remove all licenses. This command option requires security officer authorization if removing licenses from Retention Lock Compliance systems. Licenses cannot be reset on a Global Deduplication Array.
show
license show [local] View license keys and features. If the local argument is included in the option, output includes details on local node only.
152
Additional Topics
Required Licenses
The following software options require separate licenses. See the Data Domain documentation set or visit the Support portal for details.

DD Boost Extended Retention (formerly Archiver) Encryption Expanded Storage Global Deduplication Array (GDA) I/OS Replication Retention Lock Compliance Retention Lock Governance Shelf Capacity Virtual Tape Library (VTL)
license
153
154
log
The log command manages and displays the Data Domain system log file. Messages from the alerts feature, the autosupport reports, and general system messages are sent to the log directory (/ddvar/log). A log entry appears for each Data Domain system command given on the system. Data Domain systems can send network log messages to other systems enabled to listen. The Data Domain system sends the log in the standard syslog format. When remote logging is enabled, all messages in the messages and kern.info files are exported. Message selectors include: *.notice Send all messages at the notice priority and higher. *.alert Send all messages at the alert priority and higher (alerts are included in *.notice). kern.* Send all kernel messages (kern.info log files). local7.* Send all messages from system startups (boot.log files). See the vendor-supplied documentation for details on managing the selectors and receiving messages on a third-party system. Options include:

host list view watch
Change History
log
155

Options
host
log host add <host-name> Add a system to the list that receives Data Domain system log messages.
Example
To add the system log-server to the hosts that receive log messages:
# log host add log-server
log host del <host-name> Remove a system from the list of systems that receive Data Domain system log messages.
Example
To remove the system log-server from the hosts that receive log messages:
# log host del log-server
log host disable Disable sending log messages to other systems. log host enable Enable sending log messages to other systems. log host reset Reset the log sending feature to the defaults of disabled and an empty list. log host show Display the list of systems that receive log messages and are in the state of enabled or disabled.
156
Example # log host show

Remote logging is enabled. Remote logging hosts log-server
list
log list [debug] List the files in the log directory with the date each file was last modified and the size of each file.
Output Definitions (Without Debug Option)

messages The system log, generated from Data Domain system actions and general system operations. space.log Messages about disk space usage by Data Domain system components and data storage, and messages from the clean process. A space use message is generated every hour. Each time the clean process runs, it creates approximately 100 messages. All messages are in comma-separated-value format with tags you can use to separate the disk space or messages from the clean process. You can use third-party software to analyze either set of messages. The tags are: CLEAN for data lines from clean operations. CLEAN_HEADER for lines that contain headers for the clean operations data lines. SPACE for disk space data lines. SPACE_HEADER for lines that contain headers for the disk space data lines.
Output Definitions (With Debug Option)

access Track users of the Data Domain Enterprise Manager graphical user interface. boot.log Kernel diagnostic messages generated during the boot process. ddfs.info Debugging information created by the filesystem processes. ddfs.memstat Memory debugging information for filesystem processes.
log
157
destroy.id_number.log All actions taken by an instance of the filesys destroy command. Each instance produces a log with a unique ID number. disk-error-log Disk error messages. error List errors generated by the Data Domain Enterprise Manager operations. kern.error Kernel error messages. kern.info Kernel information messages. network Messages from network connection requests and operations. perf.log Performance statistics used by Data Domain Support for system tuning. secure Messages from unsuccessful logins and changes to user accounts. ssi_request Messages from the Data Domain Enterprise Manager when users connect with HTTPS. windows Messages about CIFS-related activity from CIFS clients attempting to connect to the Data Domain system.
Example
To list all of the files in the log directory:

# log list
Last modified -----------------------Thu Jul 29 16:37:47 2011 Thu Jul 29 16:00:02 2011 Size ------716 KB 9931 KB File ---------messages space.log messages.1 messages.2 messages.3 messages.4 ----------
Sun Jul 25 00:00:02 2011 541 KB Sun Jul 18 00:00:02 2011 450 KB Sun Jul 11 01:29:58 2011 Sun Jul 4 00:00:01 2011 -----------------------447 KB 179 KB -------
KiB = Kibibytes = the binary equivalent of Kilobytes.
158
view
log view [<filename>] View the log files. When viewing the log, use the up and down arrows to scroll through the file. Use the q key to quit. Enter a slash (/) to search forward or a question mark (?) to search backward for a pattern such as a date. If filename is not included, the command displays the current messages file.
watch
log watch [<filename>] View new message entries as they occur. Use Ctrl-C to stop the display. If a filename is not included, the command displays the current messages file.
Additional Topics
Understanding a Log Message

1. View the log file by entering the command options log view message, or log view. Output resembles:
July 27 10:28:11 syrah19 bootbin: NOTICE: MSG-SMTOOL-00006: No replication throttle schedules found: setting throttle to unlimited.
2. Look for the file of log messages. Descriptions of log messages are available on the Data Domain Support portal in the Error Message Catalog. 3. In the Web page of log messages, search for the message MSG-SMTOOL-00006. The following information displays:
ID: MSG-SMTOOL-00006 - Severity: NOTICE - Audience: customer Message: No replication throttle schedules found: setting throttle to unlimited. Description: The restorer cannot find a replication throttle schedule. Replication is running with throttle set to unlimited. Action: To set a replication throttle schedule, run the replication throttle add command.
4. Follow the instructions indicated by Action: to correct the error.
log
159
Archiving Log Files

To archive log files, use NFS, CIFS mount, or FTP to copy the files to another machine. If using CIFS or NFS, mount /ddvar to your desktop and copy the files from the mount point. If using FTP: 1. On the Data Domain system, use the adminaccess show command to verify that the FTP service is enabled. If the service is not enabled, use the command adminaccess enable ftp. 2. On the Data Domain system, enter adminaccess show to see that the FTP access list includes the IP or class-C address of your remote machine. If not in the list, enter adminaccess add ftp ipaddr to add the address. 3. Open a Web browser on the remote machine. 4. In the Address box, use FTP to access the Data Domain system:
ftp://<Data_Domain_system_name>.yourcompany.com/
5. Some Web browsers do not request a login if a system does not accept anonymous logins. In that case, add a user name and password to the FTP line:
ftp://sysadmin:your-pw@ <Data_Domain_system_name>.yourcompany.com/
6. Log in to the Data Domain system as sysadmin. 7. On the Data Domain system, you are in the directory just above the log directory. Open the log directory to list the messages files. 8. Copy the file to save. Right-click on the file icon and select Copy To Folder from the menu. Choose a location for the file copy. 9. To disable the FTP service on the Data Domain system, use SSH to log in to the Data Domain system as sysadmin and run the command option adminaccess disable ftp.
160
migration
The migration command copies all data from one Data Domain system to another. Use the command when upgrading to a larger capacity Data Domain system. Migration is typically performed in a LAN environment. Migration may also be used to copy replication configurations, known as contexts. See the EMC DD OS Administration Guide for instructions. Options include:

abort commit receive send show stats status watch
Change History
Unless otherwise noted, command options are available only to users with admin role permissions. All data under /backup is migrated and exists on both systems after migration. After migrating replication contexts, the contexts remain on the source. You must break replication contexts on the migration source after the process is completed. See Migration During Directory Replication for details. For best results, avoid backup operations to a migration source during a migration operation. A migration destination does not require a Replication license or Encryption license unless the source system is licensed for those software options.
migration
161
With the exception of collection replication, the migration destination must have equal or larger capacity than the used space on the migration source. The migration destination must have an empty filesystem. Any setting of the systems replication throttle also applies to migration. If the migration source has throttle settings, use the replication throttle set override command to set the throttle to the maximum (unlimited) before starting migration. The procedure for migrating from an encryption-enabled source requires additional steps. See Migration With Encryption-Enabled Source in Additional Topics for instructions.
Options
abort
migration abort Stop a migration process and return the Data Domain system to its previous state. If the migration source is part of a replication pair, replication is restarted. Run the command option on the migration source and destination. Using the migration abort command option on a destination system requires running the filesys destroy command option on the destination before the filesystem can be reenabled. Following a migration abort procedure the password on the destination system is the same as the password on the migration source.
commit
migration commit Limit migration to data received by the source at the time the command is entered. You can enter the command and limit the migration of new data any time after entering the migration send command. All data on the source Data Domain system at the time of the commit command. After the commit operation, including new data for contexts migrated to the destination, is sent only to the destination Write access to the source is blocked after you enter the migration commit command and during the time required to complete migration. After the migration process is finished, the source is opened for write access, but new data is no longer migrated to the destination.
162
receive
migration receive source-host <src-hostname> Prepare a Data Domain system to be a migration destination. When preparing the destination, do not run the filesys enable command. Run this option under the following conditions:

On the migration destination only. Before entering the migration send command on the migration source. After running the filesys destroy and filesys create operations on the destination.
Example
To prepare a destination for migration from the source hostA:

# filesys destroy # filesys create # migration receive source-host hostA
send
migration send {<obj-spec-list> | all} destination-host <dst-hostname> Start migration. Use the command option under the following conditions:

Only on the migration source. Only when no backup data is being sent to the migration source. After entering the migration receive command on the destination.
The <obj-spec-list> is /backup for systems that do not have a replication license. With replication, this argument represents one or more contexts from the migration source. After you migrate a context, all data from the context remains on the source system, but the context configuration is moved to the migration destination. A context in the obj-spec-list can be:
The destination string, as defined when setting up replication. For example: dir://hostB/backup/dir2 col://hostB pool://hostB/pool2
migration
163
The context number, such as rctx://2, as shown in output from the replication status command option. The keyword all, which migrates all contexts from the migration source to the destination.
New data written to the source is marked for migration until you enter the migration commit command. New data written to the source after a migration commit command is not migrated. Note that write access to the source is blocked from the time a migration commit command is given until the migration process concludes. The migration send command stays open until a migration commit command is entered. Enter the migration commit command on the migration source first, and then on the destination. With the exception of licenses and key-manager settings, all data on the migration source is always migrated, even when a single directory replication context is specified in the command option.
Example 1
To start migration of data only (excluding replication contexts, even if replication contexts are configured) to a migration destination named hostC:
# migration send /backup destination-host hostC Example 2
To start a migration that includes a collection replication context (replication destination string) of col://hostB:
# migration send col://hostB destination-host hostC Example 3
To start migration with a directory replication context of dir://hostB/backup/dir2:

# migration send dir://hostB/backup/dir2 destination-host hostC Example 4
To start migration with two replication contexts using context numbers 2 and 3:
# migration send rctx://2 rctx://3 destination-host hostC Example 5
To migrate all replication contexts:

# migration send all destination-host hostC
164
show stats
migration show stats Display migration statistics during the migration process.
Example # migration show stats
-------------------------------------------------------------------------------------------------------------Destination Bytes Sent Bytes Received hostB 153687473704 1974621040 Received Time Mon March 29 14 09:37
-------------------------------------------------------------------------------------------------------------Processed Time ----------------------------------Mon March 29 14 09:37 ------------------------------------
Output Definitions
Bytes Sent The total number of bytes sent from the migration source. The value includes backup data, overhead, and network overhead. On the destination, the value includes overhead and network overhead. Use the value (and the next value, Bytes Received) to estimate network traffic generated by migration. Bytes Received The total number of bytes received at the destination. On the destination, the value includes data, overhead, and network overhead. On the source, the value includes overhead and network overhead. Use the value (and the previous value) to estimate network traffic generated by migration. Received Time The date and time when the most recent records were received. Processed Time The date and time when the most recent records were processed.
status
migration status Display the current status of migration.
migration
165
Example # migration status

CTX: Mode: Destination: Enabled: Local file system status Connection State: Error: Destination lag: Current throttle: Contexts under migration: 0 migration source hostB yes enabled connected since Tue Jul 17 15:20:09 migrating 3/3 60% no error 0 unlimited dir://hostA/backup/dir2
watch
migration watch Track the initial phase of migration (when write access is blocked). The command output shows the percentage of the migration process that has been completed.
Additional Topics
Migration With Encryption-Enabled Source

If the migration source has encryption enabled, you must perform the following tasks on the destination before starting the migration process. 1. Add the Encryption license:
# license add <license-code>
2. Enable encryption. This command prompts you for a passphrase. Use the same passphrase as the migration source:
# filesys encryption enable
3. After running the encryption enable command, restart the filesystem:

# filesys restart
If the migration source has DPM key manager configured and enabled, clear the DPM attributes on the destination:
# filesys disable # filesys encryption key-manager reset # filesys restart
166
After migration concludes, configure the DPM attributes on the destination to be the same as the DPM attributes on the migration source, and then enable the DPM key manager. See the commands filesys encryption key-manager enable and filesys encryption key-manager set in filesys for more information.
Migrating Between Source and Destination

To migrate data from hostA, to a destination, hostB (steps do not apply to replication contexts): 1. On hostB (the destination), enter:
# filesys disable # filesys destroy # filesys create # migration receive source-host hostA
2. On hostA (the source), enter:

# migration send /backup destination-host hostB
3. On either host, enter:

# migration watch
4. At the appropriate time for your site, create a migration end point. Note that three phases of migration may take many hours. During that time, new data sent to the source is also marked for migration. 5. After the three migration phases are finished, enter the following command on hostA first, and then on the destination, hostB:
# migration commit
Migration During Directory Replication

The following example describes how to migrate data and a context from a source, hostA, to a destination, hostC, when hostA is also a directory replication source for hostB. 1. On hostC (the migration destination), enter:
# filesys disable # filesys destroy # filesys create # migration receive source-host hostA
migration
167
2. On hostA (the migration and replication source), enter:

# migration send dir://hostB/backup/dir2 destination-host hostC
Note that this command also disables the filesystem. 3. On the source migration host, enter:
# migration watch
4. First on hostA and then on hostC, enter:

# migration commit
Note that this command also disables the filesystem. 5. On hostB (the replication destination), enter the following command options to change the replication source to hostC:
# filesys disable # replication modify dir://hostB/backup/dir2 source-host hostC # filesys enable
168
mtree
The mtree command enables operations on a single managed tree (MTree) of a filesystem. An MTree is a logical partition of the namespace in the filesystem that can group together a set of files for management purposes; for example, snapshot schedules, replication, or retention locking. An MTree can be a directory subtree or a VTL tape pool, and the files of an MTree can span the collection of active and archive storage tiers in a DD Extended Retention system. Previously, users could not manage the amount of storage space for an MTree. If a Data Domain system had several MTrees, a single MTree could use all of the storage space on the system, depleting the storage space for other MTrees. Users can now restrict storage space for MTrees by setting quota limits during the creation of MTrees. See quota for additional information. Options include:

create delete list rename retention-lock show compression undelete
mtree
169
Change History
Click the command option for details on usage and functionality. See the EMC DD OS Release Notes of the corresponding version for details on modifications, including arguments, output, and permissions. Version Change 5.2 Modified command options: mtree create <mtree-path> [quota-soft-limit <n> {MiB|GiB|TiB|PiB}] [quotahard-limit <n> {MiB|GiB|TiB|PiB}] mtree retention-lock enable mode {compliance | governance} mtree <mtreepath> mtree list [<mtree-path>]
Unless otherwise noted, command options are available only to users with admin role permissions. A single controller supports a maximum of 100 MTrees; however, system performance may degrade if the number of MTrees simultaneously engaged in read or write streams exceeds 14. For best results, limit the number of active MTrees to 14, and, when possible, consolidate operations on the same MTree into one operation. MTrees cannot be created if the maximum of 100 has been reached or if there is no available space. MTree quotas cannot be set on the /data/col1/backup directory. The maximum quota value is 4096 PiB. Quota limits are pre-compressed values. The default setting for MTree quota limits is disabled. On a DD Extended Retention system (previously DD860 Archiver), MTree quota limits are set for the active tier only. See Additional Topics for the list of characters supported for naming MTrees.
170
Options
create
mtree create <mtree-path> [quota-soft-limit <n> {MiB|GiB|TiB|PiB}] [quota-hard-limit <n> {MiB|GiB|TiB|PiB}] Create an MTree under the specified path. The format of the <mtree-path> is /data/col1/<mtree-name>. An error message notifies you to enter a different name if another MTree with the same name exists, if the new name is formatted incorrectly, or if the destination MTree does not exist. Quotas can only be set during the creation of MTrees. If no quota option specified, the default is unlimited for both soft and hard limits, meaning there are no quota limits. When setting quota limits, a warning appears if the new limit is lower than the current space usage of the MTree. The command does not fail, but subsequent writes to the MTree are rejected. An error message appears if you are setting a soft limit that is greater than or equal to the hard limit. When the hard limit is reached for an MTree quota, write operations stop and the MTree becomes read-only.
Example 1
To create MTree /data/col1/backup1 with no quota limits:

# mtree create /data/col1/backup1
MTree "/data/col1/backup1" created successfully Quota soft limit: none, hard limit: none Note: Quota is disabled. Quota limits not enforced.
Example 2
To set a soft limit quota of 10 GiB on MTree /data/col1/backup1:

# mtree create /data/col1/backup1 quota-soft-limit 10 GiB
MTree "/data/col1/backup1" created successfully. /data/col1/backup1: Quota soft limit: 10240 MiB, hard limit: unlimited
Example 3
To set a hard limit quota of 10 TiB on MTree /data/col1/backup2:

# mtree create /data/col1/backup2 quota-hard-limit 10 TiB
MTree "/data/col1/backup2" created successfully. /data/col1/backup2: Quota soft limit: none, hard limit: 1048576 MiB
mtree
171
Example 4
To set a soft limit quota of 100GiB and a hard limit quota of 1TiB on MTree /data/col1/backup3:
# mtree create /data/col1/backup3 quota-soft-limit 100 GiB quota-hard-limit 1 TiB
MTree "/data/col1/backup3" created successfully. /data/col1/backup3: Quota soft limit: 102400 MiB , hard limit: 1048576 MiB
delete
mtree delete <mtree-path> Delete the specified MTree (denoted by the pathname). MTrees marked for deletion remain in the filesystem until the filesys clean command is run. You can revert the marked-for-deletion state of that MTree by running the mtree undelete command. See undelete for details. This command option is allowed on Retention Lock Compliance systems and on Retention Lock Governance MTrees only. It is not allowed on Retention Lock Compliance MTrees. See the EMC Data Domain Administrators Guide for details on Retention Lock Compliance and Governance. Effects of deleting an MTree include:
The MTree appears in the output of the mtree list command option and is marked with the status value D. File service to a deleted MTree is rejected. Deleted MTrees are not visible through NFS or CIFS clients. When an MTree is removed from the filesystem, snapshots associated with that MTree are also deleted from the /data/col1/<mtree-name>/.snapshot/ directory or the /backup/.snapshot/ directory.
Example # mtree delete /data/col1/myMTree

MTree "/data/col1/myMTree" has been deleted.
list
mtree list [<mtree-path>] Display the list of MTrees.
172
<mtree-path> (Optional) Display MTrees under the specified path only. This command supports the asterisk (*) wildcard character in the MTree pathname. Values include: /data/col1/mtree1 /data/col1/mtree* *mtree*
Example # mtree list
Name /data/col1/backup /data/col1/backup1 /data/col1/backup2 Pre-Comp (GiB) 7.7 9.5 0.0 Status RW/Q/RLGE RW RW ----------------------------------------------------------------------------
----------------------------------------------------------------------------
Output Definitions
Output includes the MTree pathname, precompression, and status. Status is based on pre-defined values: D Marked for deletion. MTree will be removed from the filesystem by the filesys clean command. Can be unmarked for deletion by using the mtree undelete command only if the filesys clean command has not been run. Q Quota defined. RO Read-only access. RW Read/write access. RD Replication destination. RLCE Retention Lock Compliance enabled.
mtree
173
RLGE Retention Lock Governance enabled. RLGD Retention Lock Governance disabled.
rename
mtree rename <mtree-path> <new-mtree-path> Rename the specified MTree. Note that /data/col1/backup cannot be renamed. Retention Lock Governance or Retention Lock Compliance MTrees can only be renamed if they are empty. This command option requires security officer authorization if Retention Lock Compliance is enabled on the specified MTree.
Example 1
To rename the MTree from /data/col1/gov_1 to /data/col1/gov_1x, enter:

# mtree rename /data/col1/gov_1 /data/col1/gov_1x
If there are any NFS exports, CIFS shares, VTL tapes, DDBOOST storage-units or Replication Contexts configured for this MTree, they need to be manually edited to reflect the new MTree name. Do you wish to continue? Are you sure? (yes|no|?) [no]: yes ok, proceeding. **** MTree "/data/col1/gov_1" has retention-lock configuration, can be renamed only if it is empty.
Example 2 # mtree rename /data/col1/com_1 /data/col1/com_1x

This command requires authorization by a user having a 'security' role. Please present credentials for such a user below. Username: sec Password: If there are any NFS exports, CIFS shares, VTL tapes, DDBOOST storage-units or Replication Contexts configured for this MTree, they need to be manually edited to reflect the new MTree name. DO you wish to continue? Are you sure? (yes|no|?) [no]: yes ok, proceeding. **** MTree "/data/col1/com_1" has retention-lock configuration, can be renamed only if it is empty.
174
retention-lock
mtree retention-lock disable mtree <mtree-path> Disable Retention Lock for the specified MTree. This command option is allowed on Retention Lock Governance MTrees only. It is not allowed on Retention Lock Compliance MTrees. See the EMC Data Domain Administrators Guide for details on Retention Lock Compliance and Governance. mtree retention-lock enable mode {compliance | governance} mtree <mtree-path> Enable Retention Lock for the specified MTree. Use the compliance argument to meet the strictest data permanence regulatory standards, such as those of SEC17a-4f. Enabling Retention Lock Compliance requires security officer authorization. Use the governance argument to propagate the same protection provided in the previous release of DD OS. The level of security protection is lower than Retention Lock Compliance. When Retention Lock is enabled on an MTree, any file in the MTree may become locked by setting its <atime> to the future. Additionally, renaming a non-empty directory in the MTree is disabled. See the EMC Data Domain Administration Guide for details Retention Lock Compliance and Governance, and for instructions on setting retention time. mtree retention-lock reset {min-retention-period | max-retention-period} mtree <mtree-path> Reset the minimum or maximum retention period for the specified MTree to its default value. The command option is allowed on systems with Retention Lock Compliance enabled, and on MTrees with Retention Lock Governance enabled. However, users cannot reset the minimum (12 hours) or maximum (5 years) retention periods on MTrees enabled with Retention Lock Compliance. See the EMC Data Domain Administrators Guide for details on Retention Lock Compliance and Governance and for instructions on setting retention time. mtree retention-lock revert <path> Revert all Retention Lock files in a specified path to non-Retention Lock files. Note that directories and files within Retention Lock Compliance Mtrees cannot be reverted. The base of the path must be /data/col1/<mtree-name>/ or /backup/. Reverting Retention Lock Compliance or Governance generates a Data Domain system alert (at the Alert severity level) and logs the names of the reset files. Data Domain recommends when a recipient receives the alert, he or she confirms the reset operation was intended.
mtree
175
mtree retention-lock set {min-retention-period | max-retention-period} <period> mtree <mtreepath> Set the minimum or maximum retention period for the specified MTree. This command option requires security officer authorization if Retention Lock Compliance is enabled on the specified MTree. Users cannot set the minimum retention period to fewer than 12 hours (shown in output as 720 minutes). Doing so generates a message notifying the user that the entry was invalid and stating the minimum retention period allowed. When setting the lock period for Retention Lock Compliance MTrees, users cannot set the period to be less than the minimum or maximum period allowed. Doing so generates a message notifying the user that the entry was invalid and stating the minimum or maximum retention period allowed. The retention period is specified in the format [number] [unit]. Possible unit values are: min hr day mo year The period cannot be more than 70 years. Specifying a value greater than 70 years results in an error. By default, the min-retention-period is 12 hours and the max-retention-period is 5 years.
Example
To set the min-retention-period to 24 months for mtree1:

# mtree retention-lock set min-retention-period 24mo mtree /data/col1/mtree1
mtree retention-lock show {min-retention-period | max-retention-period} mtree <mtree-path> Show the minimum or maximum retention period for the specified MTree. mtree retention-lock status mtree <mtree-path> Show Retention Lock status for the specified MTree. Possible values are enabled, disabled, previously enabled, and MTree Retention Lock mode: Compliance or Governance.
176
show compression
mtree show compression <mtree-path> [tier {active | archive}] [summary | daily | daily-detailed] {[last <n> { hours | days | weeks | months }] | [start <date> [end <date>]]} Display compression statistics for a specific MTree. Values are reported in Gigibytes (GiB). Running the command without arguments generates default output that displays a summary of compression statistics for all files and directories in the filesystem for the last 7 days and the last 24 hours.
<mtree-path> The pathname of the MTree for which to display compression statistics. tier {active | archive} Display results for the specified tier. summary (Optional) Display all compression statistics, summarized as:
Data written in the last 7 days. By including the last <n> option or the start <date> option, you can display statistics for a time frame other than the last 7 days. Data written in the last 24 hours.
daily (Optional) In addition to the summary output, display detailed information for each day, over the previous four full weeks, plus the current partial week. This option is not available if you specify a file or directory name.
daily-detailed (Optional) Display the daily output and include the following information for each day. This option is not available if you specify a file or directory name.
last <n> {hours | days | weeks | months} (Optional) In the summary portion of the output, display filesystem compression statistics for the specified time frame instead of for the past 7 hours. The statistics for the last 24 hours remain in the summary output. If you specify a file or directory name, you cannot use this option with the weeks keyword or the months keyword.
start <date> (Optional) In the summary portion of the output, display filesystem compression statistics for the time frame that begins on the specified day instead of the past 7 hours. The statistics for the last 24 hours remain in the summary output. If you specify a time frame less than the previous four weeks, plus the current full week, the daily or daily-detailed output (if specified) is truncated to the shorter time frame.
mtree
177
Specify <date> in the format <yyyy>-<mm>-<dd> (for example, 2011-04-07). By default, the last day of the time frame specified with this argument is the most recent, full day elapsed. end <date> (Optional) Valid only if the start option is used. In the summary portion of the output, display filesystem compression statistics for the time frame that ends on the specified day.
Example # mtree show compression /data/col1/backup
Active Tier: Pre-Comp (GiB) Post-Comp (GiB) Global-Comp Local-Comp Factor Factor Total-Comp Factor (Reduction %) ----------------------------------------------------------------------------------------------------------------------------------Written: Last 7 days Last 24 hrs ----------------------------------------------------------------------------------------------------------------------------------Archive Tier: Pre-Comp (GiB) Post-Comp (GiB) Global-Comp Local-Comp Factor Factor Total-Comp Factor (Reduction %) ----------------------------------------------------------------------------------------------------------------------------------Written: Last 7 days Last 24 hrs ----------------------------------------------------------------------------------------------------------------------------------Key: Pre-Comp = Data written before compression Post-Comp = Storage used after compression Global-Comp Factor = Pre-Comp / (size after de-dupe) Local-Comp Factor = (Size after de-dupe) / Post-Comp Total-Comp Factor = Pre-Comp / Post-Comp Reduction % = (Pre-Comp - Post-Comp) / Pre-Comp) * 100 15.2 7.1 1.0x 2.2x 2.2x (53.6) 20.3 9.4 1.0x 2.2x 2.2x (53.6)
178
undelete
mtree undelete <mtree-path> Mark as not deleted any marked-for-deletion MTrees under the specified path. This command reverses a previous mtree delete command.
Example
To reverse a previous mtree delete command request that included the MTree at /data/col1/myMTree:
# mtree undelete /data/col1/myMTree
MTree "/data/col1/myMTree" has been undeleted.
Additional Topics
Supported Characters
In addition to letters AZ, az, numbers 09, and a single embedded space (non-leading), characters supported for creating MTree names include: ! # $ % & @ ^ ~ ( ) [ ] { exclamation point number sign dollar sign percentage ampersand at symbol caret tilde left parenthesis right parenthesis left bracket right bracket left curly brace
mtree
179
} . , ; ' + =
right curly brace period comma semicolon single quotation mark (slanted) single quotation mark (unslanted) plus sign equal sign
180
ndmpd
The ndmpd command is the top-level command for the NDMP daemon running on the Data Domain system. The NDMP daemon provides access to VTL-created devices via the NDMP version 4 protocol. Options include:

disable enable option show status stop user
Change History
Unless otherwise noted, command options are available only to users with admin role permissions. This command is not supported on Extended Retention (formerly DD860 Archiver) systems.
Options
ndmpd
181
disable
ndmpd disable Disable the NDMP daemon.
enable
ndmpd enable Enable the NDMP daemon.
option
ndmpd option reset <option name> | all Reset all NDMP daemon options or a specific option.
set
ndmpd option set <option name> <value> Set NDMP daemon options.
show
ndmpd option show <option name> <value> View all NDMP daemon options or a specific option.
Example # ndmpd option show all
Name -------------debug port preferred-ip ----------------------Value ---------disabled 10000
authentication text
ndmpd show devicenames View the device name, VTL virtual name, SCSI vendor and product code, and the serial numbers of devices controlled by the NDMP daemon. Typically, this information is displayed during device discovery and configuration. However, you can use this command to verify the VTL TapeServer group configuration and perform a manual configuration, if required.
182
No output in the NDMP Device column indicates the VTL service is not running, or that no devices are registered with the VTL TapeServer. A series of hyphens in the NDMP Device column indicates the VTL service is running on the system but has not registered the devices. Restart the VTL service to correct this behavior. If the problem persists, contact Data Domain Support.
Example # ndmpd show devicenames
NDMP Device /dev/dd_ch_c0t0l0 /dev/dd_st_c0t1l0 /dev/dd_st_c0t2l0 /dev/dd_st_c0t3l0 Virtual Name dd660-16 changer dd660-16 drive 1 dd660-16 drive 2 dd660-16 drive 3 Vendor STK IBM IBM IBM Product L180 ULTRIUM-TD3 ULTRIUM-TD3 ULTRIUM-TD3 Serial Number 6290820000 6290820001 6290820002 6290820003 -------------------------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------------------------------
ndmpd show sessions View active sessions.

Example # ndmpd show sessions
Session ID --------------1 3 250 23041 Remote IP:Port ----------------------------10.24.28.18:32000 192.168.200.100:1123 172.16.254.1:666 137.69.76.212:1904
ndmpd show stats <session-id> | all Use this command to view statistics of a a single session or all sessions. Session numbers are obtained from the command ndmpd show sessions.
Example # ndmpd show stats 23041
Key ---------------------------Session ID Remote IP:Port Time connected Authorized SCSI device SCSI Controller Value ------------------23041 137.69.76.212:1904 00:00:06 True no device opened -1
ndmpd
183
SCSI target id SCSI LUN Tape device Tape file number Tape soft errors Tape block size Tape block number Tape total space Tape space remaining Mover mode Mover state Mover pause reason ... -----------------------------
-1 -1 /dev/dd_st_c0t5l0 0 0 0 0 0 0 noaction idle n/a ------------------
Output truncated.
status
ndmpd status Display the NDMP daemon status.
Example # ndmpd status
NDMP daemon admin_state: enabled, process_state: running, vtl licensed
stop
ndmpd stop session <session-id> | all Stop all sessions or a single session.
user
ndmpd user add <user name> [ password <password> ] Add one (only) user name and password for the NDMP daemon md5 authentication. Passwords are optional but a prompt appears if a password is not provided. ndmpd user del <user name> Delete the configured NDMP daemon user.
184
ndmpd user modify <user name> [ password <password> ] Modify the password for the NDMP daemon md5 user. Passwords are optional but a prompt appears if a password is not provided. ndmpd user show View the NDMP daemon user, but not the password.
ndmpd
185
186
net
The net command manages the use of virtual interfaces, DHCP, DNS, and IP addresses, and displays network information and status. Options include:

aggregate config congestion-check create ddns destroy disable enable failover hosts iperf lookup option ping reset set show tcdump troubleshooting
net
187
Change History
Click the command option for details on usage and functionality. See the EMC DD OS Release Notes of the corresponding version for details on modifications, including arguments, output, and permissions. Version Change 5.2 New command options: net congestion-check modify net congestion-check run net congestion-check start net congestion-check status net congestion-check stop net iperf server start [port {<port> | congestion_check-port}] [ipversion {ipv4 | ipv6}] [window-size <bytes>] net iperf server status net iperf server stop Modified command options: net config <ifname> net create interface {<physical-ifname> | <virtual-ifname>} {vlan <vlan-id> | alias <alias-id>} net hosts add {<ipaddr> | <ipv6addr>} <host-list> net hosts del {<ipaddr> | <ipv6addr>} net iperf client {<ipaddr> | ipv6addr> | <hostname> [ipversion {ipv4 | ipv6]} } [port <port>] [window-size <bytes>] [data {random|default}] [interval <secs>] [{transmit-size <bytes> | duration <secs>}] [connections <count>] [nodelay] net iperf server [run] [ipversion {ipv4 | ipv6}] [port {<port> | congestion_check-port}] [window-size <bytes>]] net lookup {<ipaddr> | <ipv6addr> | <hostname>} net ping {<ipadddr> | <ipv6addr>| <hostname> [ipversion {ipv4 | ipv6}]} [broadcast] [count <n>] [interface <ifname>]
188
net show stats [ipversion {ipv4 | ipv6}] [all | interfaces | listening | route | statistics] net tcpdump capture <filename> [interface <iface>] [{host <host> [ipversion {ipv4 | ipv6] | net {<ipaddr> [mask <mask>] | <ipv6addr>[/<prefixlength>]}}] [port <port>] [snaplen <bytes>]
Unless otherwise noted, command options are available only to users with admin role permissions. Changes made by the net command to disabled Ethernet interfaces flush the routing table. Data Domain recommends making interface changes only during scheduled downtime. After making interface changes, you must reconfigure all routing rules and gateways. Command options on a Global Deduplication Array (GDA) must be run on the master controller. IPv4 is the default IP version.
Options
aggregate
net aggregate add <virtual-ifname> mode {roundrobin | balanced hash {xor-L2 | xor-L3L4| xor-L2L3} | lacp hash {xor-L2 | xor-L3L4 | xor-L2L3} [rate {fast | slow} ] } [up {<time> | default} ] [down {<time> | default} ] interfaces <physical-ifname-list> Enable aggregation on a virtual interface by specifying the physical interfaces and mode. Choose the mode compatible with the requirements of the system to which the ports are attached. Balanced and lacp modes require a hash.
round robin Packets are transmitted sequentially, beginning with the first available link and ending with the last link in the aggregated group.
net
189
balanced
Data is sent over interfaces as determined by the hash method selected. This requires the associated interfaces on the switch to be grouped into an Etherchannel (trunk). Requires a hash. A link aggregation mode based on the Link Aggregation Control Protocol (IEEE 802.3ad). From a switch perspective this configuration is always an active LACP configuration. It cannot be set to passive. Communicates with the other end to coordinate which links within the bond are available. When the this mode is selected, both ends must be configured with lacp. Requires a hash. See More About LACP for additional information. Specifies how often an LACP message is sent to the switch or system that is connected to the Data Domain system. The message identifies the aggregated interface. This acts as a type of heartbeat. Slow sends the message once every 30 seconds. It is the default. Fast sends the message every second. The rate determines how fast the lacp will recognize when an interface cannot be used and when it can. If 30 seconds is too long it can be set to fast (1 second), but fast means there is more traffic comprised of small packets (about the size of a TCP ACK packet) across all aggregated lacp interfaces. With 10 Gb speed consider the potential for losing connections with a rate of 30 seconds.
lacp
rate
xor-L2
Transmission of packets on a specific slave interface is based on static balanced mode or LACP mode aggregation with an XOR hash of Layer 2 (inbound and outbound MAC addresses). Transmission of packets on a specific slave interface is based on static balanced and LACP mode aggregation with an XOR hash of Layer 2 (inbound and outbound MAC addresses) and Layer 3 (inbound and outbound IP addresses). Transmission of packets on a specific slave interface is based on static balanced and LACP mode aggregation with an XOR hash of Layer 3 (inbound and outbound IP addresses) and Layer 4 (inbound and outbound port numbers). The length of delay allowed before the link is considered up or down. See More About Up/Down Arguments.
xor-L2L3
xor-L3L4
up, down
190
Example
To enable link aggregation on virtual interface veth1 to physical interfaces eth1a and eth2a in mode lacp hash xor-L2:
# net aggregate add veth1 mode lacp hash xor-L2 interfaces eth2a eth3a
net aggregate del <virtual-ifname> interfaces <physical-ifname-list> Delete slave interfaces from the list of the aggregate virtual interface.
Example
To delete physical interfaces eth2a and eth3a from the aggregate virtual interface veth1:
# net aggregate del veth1 interfaces eth2a,eth3a
net aggregate modify <virtual-ifname> mode {roundrobin | balanced hash {xor-L2 | xor-L3L4| xor-L2L3} | lacp hash {xor-L2 | xor-L3L4 | xor-L2L3} [rate {fast | slow} ] } [up {<time> | default} ] [down {<time> | default} ] interfaces <physical-ifname-list> Change the aggregation configuration on a virtual interface by specifying the slave interfaces, up delay, down delay, and rate if the mode is lacp. When modify is used the specified slave interfaces are added to the virtual interface. If a slave interface is already present but not listed in the modify command, it remains a slave.
Example
Use the following command to change link aggregation on virtual interface veth1 to physical interfaces eth2a and eth3a in mode xor-L2. Stating the previous condition is not required. The listed conditions replace the previous settings except on the current slave interfaces, which remain slaves to the virtual interface.
# net aggregate modify veth1 mode xor-L2 interfaces eth2a eth3a
net aggregate reset <virtual-ifname> Remove all physical interfaces and IP addresses from an aggregate virtual interface.
Example # net aggregate reset veth1
Interfaces "eth2a, eth3a" and associated IP addresses have been removed from "veth1".
note
This command option also removes the addresses on any associated VLAN and alias, but will leave the interfaces.
net
191
net aggregate show Display basic information on the aggregate setup.

Example # net aggregate show
Ifname veth1 Hardware Address 00:15:17:0f:63:fc Aggregation Mode balance hash xor-L2 Configured Interfaces eth4a,eth5a Up Delay 29700 Down Delay 29700 ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
config
net config <ifname> {[[<ipaddr>] [netmask <mask>] [dhcp {yes | no}]] | [<ipv6addr>]} {[autoneg] | [duplex {full | half} speed {10|100|1000|10000}] [up | down] [mtu {<size> | default}] Configure an Ethernet interface. Note the following guidelines:

An IP address or a DHCP may be used, but not both. The IP address can be IPv4 or IPv6. If IPv4, it must have a netmask different from the default netmask. The netmask must be specified when the address is specified. If an IPv6 address is specified there is no associated netmask. Instead, a prefix length is used to determine the subnet. The default prefix length is 0. To use a prefix length different from 0, it must be specified with the address by adding a forward slash (/) followed by a number. For example, if the prefix length is 52, the notation would be: 2026:3456:cafe::f00d:1/52. Anywhere a netmask can be used for IPv4, a prefix length can be used for IPv6. The limit of the MTU size is 512 - 9014 unless it is an IPv6 address. For IPv6 addresses the minimum size is 1280. Use the up argument to bring up an interface without an IP address. Using enable will fail if no IP address is given. If no address is given the up option may fail because there is no registry entry for an IP address. This typically occurs after a fresh install. If this occurs, specify an address of 0 to allow a registry location to be created.
note
net config <ifname> type {none | management | replication | cluster} Configure or set the type of Ethernet interface.
192
congestion-check
net congestion-check modify [sample-interval <secs>] [capture-window <secs>] [every <mins>] [detailed {on | off}] [logfile <filename>] [{ iperf_client {none | { <iperf-server-host> | <iperf-server-ipaddr>} [nodelay <on | off>] [port {<port> | default} ] [window-size <bytes>] [connections <count>] } } ] Modify options for the congestion monitor whether or not the monitor program is activated. (The congestion monitor is activated by the net congestion-check start command.) The modify command option sets the registry information. If the congestion monitor is scheduled, the new registry values are used when it runs. If the monitor is not scheduled, the values are used as defaults when it is scheduled. Typically this command option is used after the monitor is scheduled to run and the user does not want to stop and restart the monitor. Values for rates and error numbers are added together. Values that may go up or down, such as the capture-window, are averaged over time. net congestion-check modify sample-interval <secs> Specify the time that statistic information is collected. There are multiple intervals during the capture window that data is collected and the sample-interval argument determines how often this is. For example, the initial default capture-window is 60 seconds and the default sample-interval is 4 seconds. Data is collected every 4 seconds data for 60 seconds. The data collecting then stops and the information is output to the screen if the run argument is specified, or to a logfile if the start argument is specified. If the every argument is non-zero the capture window is run again after the number of minutes specified in the every argument. The value of the sample-interval argument must be less than the value of the capture-window argument. The run argument default is always 4 seconds. For start and modify arguments, the initial default is 4 seconds. net congestion-check modify capture-window <secs> Congestion data is collected only during the capture window. Outside the capture widow the program is in sleep mode or terminated depending on whether the argument every is non-zero. During the capture window data is collected during each sample interval. For example, if the capture window is 60 seconds and the sample value is 5 seconds, data is collected every 5 seconds for 60 seconds and collection stops. The output is done at the end of the 60 seconds and is one line per external IP address.
net
193
The run argument default for the capture window is always 60 seconds. The initial value for the start and modify arguments is 60 seconds. After that, the default for the start argument is whatever is in the registry as with every argument. The capture-window argument must be less than the argument every and greater than the argument sample-interval. net congestion-check modify every <mins> Determine how often to run the capture window. If set to zero the capture window is run once only. The default for the run argument is zero, which means if the every argument is not specified only one capture window is run. For the start argument, the value of the every argument must be greater than zero because start is a monitor and must run repeatedly. The default for the initial every argument is 60 minutes, which is put into the registry. After that the default for the start argument is whatever is in the registry. When set to non-zero, the value for the argument every must be greater than the value of the capture-window argument. The default value for the run argument is always zero. For start and modify arguments the initial default is 60 minutes. net congestion-check modify detailed {on | off} Typically, only basic information is saved, but setting the parameter to on causes more data to be saved. The basic setting is mainly for replication on the source system and focuses on congestion conditions between the source and destination. The detailed on argument adds receive information and other entries useful for the general network environments of the Data Domain system. For the run argument the default is always off. For start and modify arguments the initial default is off. net congestion-check modify logfile <filename> Set the logfile used to save the data collected. This command option is not available with the run argument because the output goes to the screen. For start and modify arguments the initial default is /ddr/var/log/default/congestion.log. The file name should not be changed unless absolutely required. The main concern is the default file name is on a rotation system where the file size cannot exceed 10 MB and up to 10 files only are saved for a maximum of 100 MB of disk space. Changing the file name voids the space restrictions, meaning there is no limit to the space that may be taken. net congestion-check modify iperf-client none This command option allows iperf to run during the capture window congestion data collection. For the run argument the default value is none. For start and modify arguments the initial default is none, but if iperf is used when data is being collected, the destination name or address argument must be specified. The iperf operation is started only at the beginning for each capture window. The remote system must have an iperf server <iperf-server-host> and specified port <port>.
194
The iperf function is typically used to determine the maximum throughput. It is disruptive of the network and should not be left on for a long time, especially if there is other traffic using the network. Alternatives include starting iperf manually before the congestion check is performed. The advantage of letting the congestion-check handle the iperf is that the iperf is only run when the congestion-check requires it. Otherwise iperf is not running. The none argument must be specified to tell the congestion monitor to not use iperf if iperf was previously enabled and is no longer needed. Options for modifying or starting iperf during the capture window are: nodelay <on | off> On equals do not wait for ACK. Off equals wait for each buffer to be sent before sending the next. <port | default> The port number to use with iperf. Default is 5002. [window-size <bytes> The size of the socket buffer to use. Default is 32000. connections <count> The number of connections to use. Must be greater than zero. net congestion-check run [sample-interval <secs>] [capture-window <secs>] [every <mins>] [detailed {on | off}] [logfile <filename>] [{ iperf_client {none | { <iperf-server-host> | <iperf-server-ipaddr>} [nodelay <on | off>] [port {<port> | default} ] [window-size <bytes>] [connections <count>] } } ] Run the congestion check program and display the results as screen output when the capture-window time is complete. When the command option is entered with no arguments the defaults are used. When the command option includes arguments, the arguments override the defaults during the procedure but return to the configured defaults after the procedure concludes. Default values for the run command are always the same and are not affected by the net congestion-check modify or the net congestion-check start commands. The run option default for iperf is always none. If iperf address is given the default iperf options are: nodelay = off, port = 5002, window-size = 32000, connections = 1.
net
195
net congestion-check start [sample-interval <secs>] [capture-window <secs>] [every <mins>] [detailed {on | off}] [logfile <filename>] [{ iperf_client {none | { <iperf-server-host> | <iperf-server-ipaddr>} [nodelay <on | off>] [port {<port> | default} ] [window-size <bytes>] [connections <count>] } } ] Start the congestion monitor and schedule when it is to be run using the time arguments: sample-interval, capture-window, and every. When the command option is run with arguments, the arguments override the defaults and become the default by being placed in the registry. The remaining arguments of net congestion-check start command are used to further configure how the monitor is run. The start option default for iperf is always none. note After entering the command, there is a slight delay during which the process (netmon) actually starts the monitor. After the monitor is started the specified time arguments take over. To get information immediately, use the net congestion-check run command instead.
Output is one line per external destination. All connections to and from an external address are merged into a single line of data. Value types from the output vary. Amounts of data or packets increase. These amounts are added together across all connections to a specific IP address to give the total value to, or from, the external location. Rates are relatively constant but are also added together to give the total flow rate to the pipe at the remote location. Other values are relatively static across all connections, such as the mss, rtt, window scale factor, or congestion window. These are given as an average with the minimum and maximum. Errors and loses are treated the same as rates and are added across all interfaces. net congestion-check status Display the state of the congestion monitor. The congestion monitor is started when the net congestion-check start command option is issued. The status argument displays the configured timings, the level of logging, the log file, the monitored connections, if the monitor is actually running or scheduled to run, and if iperf is specified to run. It also shows if iperf is currently running and which connections are being monitored.
196
net congestion-check stop The congestion monitor is run when the net congestion-check start command is issued. If it is not scheduled, a message displays indicating that information to the user and no other action occurs. If the congestion monitor is scheduled, this command option unschedules the procedure. If the congestion monitor is running, this command option stops the procedure and unschedules it.
create
net create interface {<physical-ifname> | <virtual-ifname>} {vlan <vlan-id> | alias <alias-id>} Create a VLAN interface or an IP alias interface. The VLAN is created immediately in the kernel, but the alias is not created in the kernel until an IP address is specified. The number given must be between 1 and 4094 inclusive. For the VLAN there must be a matching number on the switch or other systems to transfer packets to the interface. There is no such requirement for the alias, however it must be unique for the interface. net create virtual veth<id> Create a virtual interface. The virtual interface name <vlan-id> must begin with veth. The remainder of the name is a decimal. Interface names must be unique. There are no restrictions except for the size and the number. The maximum size for an interface name is 15 characters, which includes VLAN, alias names, and the associated dot (.) and colon (:). The virtual interface name must be kept at a minimum. Even though the maximum is 9999, EMC recommends that the number used be in the range of 0 to 99. The number of virtual interfaces cannot exceed the number of physical interfaces. For example, if there are 10 physical interfaces there can be no more than 10 virtual interfaces.
Example
To create a virtual interface named veth12:

# net create virtual veth12
ddns
net ddns add <ifname-list | all> Add interfaces to Dynamic DNS registration list. net ddns del <ifname-list | all> Remove interfaces from Dynamic DNS registration list.
net
197
net ddns disable Disable Dynamic DNS updates. net ddns enable Enable Dynamic DNS updates. net ddns register Register configured interfaces with DNS. net ddns reset Reset Dynamic DNS registration list to auto and disable registration. net ddns show Show interfaces in Dynamic DNS registration list. net ddns status Check status of dynamic DNS registration: enabled or disabled.
destroy
net destroy {<virtual-ifname> | <vlan-ifname> | <ipalias-ifname> } Remove a VLAN, IP alias, or virtual interface. If a virtual interface has associated VLANs and aliases, or if a VLAN has associated aliases, the associated interfaces are also destroyed when the virtual interface or VLAN interface is destroyed.
Example
To remove a VLAN named eth1a.35 and a virtual interface named veth23:2:

# net destroy eth1a.35 # net destroy veth23
disable
net disable <ifname> Disable an Ethernet interface on the Data Domain system and bring down the interface in the kernel.
Example
To disable the interface eth0a:

# net disable eth0a
198
enable
net enable <ifname> Enable or reenable an Ethernet interface on the Data Domain system, where <ifname> is the name of an interface. This includes bringing up the interface to the RUNNING state and requires the interface to have an IP address. The address may already be saved in the registry or may come from DHCP. If the interface does not go into the RUNNING state, the command will fail and the interface goes to the DOWN state and set to disabled.
failover
net failover add <virtual-ifname> interfaces <ifname-list> [primary <ifname>] [up {<time> | default}] [down {<time> | default} Add network interfaces to a failover interface. Allow one failover to be set as the primary and allow the up and down delays to be set. net failover del <virtual-ifname> interfaces <ifname-list> Delete network interfaces from a failover interface. The freed interface remains disabled after being removed from the virtual interface. Use commas, spaces, or both to separate list entries. To delete a primary interface specify another interface as primary or set the primary be none.
Example
To remove eth2a from the virtual interface veth1, which has eth2a and eth3a as slaves and eth3a as the primary interface:
# net failover del veth1 interfaces eth2a
Interfaces "eth2a" have been removed from "veth1". Current interfaces for veth1: eth3a, primary: eth3a
net failover modify <virtual-ifname> primary {<ifname> | none} [up {<time> | default}] [down {<time> | default}] Modify the primary network interface, the up /down times for a failover interface, or both. A down interface must be up for the amount of <time> to be designated up. An up interface must be down for the amount of <time> to be designated down. The up and down time is given in milliseconds and is adjusted internally to increments of 900. For example, if the time you want is 10 seconds and 10000 is specified, the actual value would be 9900. The default value is 30 seconds but the actual 29.7 seconds. A primary interface cannot be removed from failover. To remove a primary use primary <physical-ifname> none.
Example # net failover modify veth1 up 5000 down 10000
net
199
The up time value used would be 4500 (4.5 seconds) and the down time value would be 9900 (9.9 seconds). net failover reset <virtual-ifname> Reset a failover interface by removing associated slave interfaces. This command also removes the addresses from the virtual interfaces and the addresses of any associated interfaces such as VLANs and aliases.
Example
Use the following command to remove virtual interface veth1 and release associated physical interfaces. (The physical interfaces remain disabled and must be reenabled for any other use than as part of another virtual interface.)
# net failover reset veth1
After the virtual interface has been reset, the physical interfaces remain disabled. Use the net enable command to reenable the interfaces. If there are no IP addresses associated with these interfaces these commands will fail and using the command net config <ifname> up may be required.
# net enable eth2a # net enable eth3a
net failover show Display all failover interfaces. This command shows what is configured at the bonding driver. To see what is in the registry, use the net show settings command. The registry settings may be different from the bonding configuration. After creation, when interfaces are added to the virtual interface, the information is not sent to the bonding module until the virtual interface is brought up. Until that time the registry and the bonding driver configuration differ.
hosts
net hosts add {<ipaddr> | <ipv6addr>} <host-list> Add a host list entry. Associate an IP address with a hostname. The address can be a IPv4 or an IPv6. The hostname is a fully qualified domain name, a hostname, or an alias. The entry is added to the /etc/hosts file. Entries in the list can be separated by commas, spaces, or both.
Example
To associate the fully qualified domain name bkup20.yourcompany.com and the hostname of bkup20 with an IP address of 192.168.3.3:
# net hosts add 192.168.3.3 bkup20.yourcompany.com bkup20
200
net hosts del {<ipaddr> | <ipv6addr>} Delete a host list entry from the /etc/hosts file.
Example # net hosts del 192.168.3.3
net hosts reset Clear the hosts list from the /etc/hosts file. net hosts show Display hostnames and IP addresses from the /etc/hosts file. All users may run this command option.
Example # net hosts show
Hostname Mappings: 192.168.3.3 -> bkup20 bkup20.yourcompany.com
iperf
net iperf client {<ipaddr> | ipv6addr> | <hostname> [ipversion {ipv4 | ipv6]} } [port <port>] [windowsize <bytes>] [data {random|default}] [interval <secs>] [{transmit-size <bytes> | duration <secs>}] [connections <count>] [nodelay] Run iperf in client mode. If an IPv6 address is specified for the hostname, the ipversion argument must also be specified. The default is an IPv4 address. net iperf server [run] [ipversion {ipv4 | ipv6}] [port {<port> | congestion_check-port}] [window-size <bytes>]] Run iperf in server mode. See Linux/DD OS Equivalent Arguments for iperf Option to compare Linux iperf options with DD OS options. The ipversion argument may be used to specify the type of addressing. net iperf server start [port {<port> | congestion_check-port}] [ipversion {ipv4 | ipv6}] [window-size <bytes>] Run the iperf in the background in server (-s) mode. The ipversion argument may be used to specify the type of addressing. net iperf server status Display information about the iperf server running in the background as invoked by net_server start. This command option provides the status on if the iperf server is running and what connections it has. net iperf server stop Stop iperf invoked by net_server start.
net
201
lookup
net lookup {<ipaddr> | <ipv6addr> | <hostname>} Search DNS entries. This command may be used with IPv4 or IPv6 addresses. All users may run this command option.
option
net option show Display settings for network options.
ping
net ping {<ipadddr> | <ipv6addr>| <hostname> [ipversion {ipv4 | ipv6}]} [broadcast] [count <n>] [interface <ifname>] Verify the Data Domain system can communicate with a remote host.
ipaddr ipv6addr hostname An IPv4 address is specified. An IPv6 address is specified. Can be converted into an IPv4 or Ipv6 depending on the ipversion argument. If ipversion argument is not specified, IPv4 is used. Enable pinging a broadcast address (available for IPv4 only). Number of pings to issue. Name of interface to ping.
broadcast
count <n> interface <ifname>

Example
To verify communication is possible with the host srvr24:

# net ping srvr24
reset
net reset {domainname | searchdomains} Reset Data Domain system DNS servers, domain names, or host names to default settings. Requires system reboot for changes to take effect.
202
Example # net reset domainname

The Domainname is: yourcompanydomain.com
# net reset searchdomains

The Searchdomains is: yourcompanydomain.com (local domain)
net reset dns Reset DNS list to default values. Requires system reboot for changes to take effect. net reset hostname Reset hostname to default values. Requires system reboot for changes to take effect.
set
net set {domainname <local-domain-name> | searchdomains <search-domain-list>} Set the domainname or searchdomains used by the Data Domain system. The default for domainname is the return from DHCP, or what is set by net set hostname command. The default for searchdomain is the domainname name, which is always included in the list of searchdomains.
Example # net set domainname yourcompany-ny.com # net set searchdomains yourcompany2.com, yourcompany3.com
The searchdomains list is yourcompany-ny.com, yourcompany2.com and yourcompany3.com. If the domain names provided cannot be resolved, a warning is displayed:
Warning: Following domains are not resolvable; please check the names and DNS configuration.
net set dns <ipv4-ipv6-addr-list> Set the DNS server list using IP version 4 or IP version 6. This command overwrites the current list of DNS servers. Only servers included in the most recently issued command are available to a Data Domain system. net set hostname <host> Set the hostname of the Data Domain system. Note that some browsers may prevent logins to the host if the hostname contains an underscore. Data Domain recommends using hostnames without underscores to ensure the GUI can recognize and manage the host.
net
203
note
If the Data Domain system is using CIFS with Active Directory authentication, changing the hostname causes the Data Domain system to drop out of the domain. Use the cifs set authentication command option to rejoin the Active Directory domain.
net set portnaming {slot-based | legacy} Change the port naming scheme.
show
net show all Display all networking information, including IPv4 and IPv6 addresses. Some IPv6 addresses are automatically assigned to interfaces, either linklocal or router-generated addresses. Auto-assigned addresses are displayed with the kernel information but not with the registry settings, as in the net show settings command, because they do not exist in the registry. This type of address cannot be changed or modified.
Example # net show all
Active Network Configuration: eth0 Link encap:Ethernet HWaddr 00:15:17:A3:9F:98 inet addr:192.168.8.175 Bcast:192.168.11.255 Mask:255.255.252.0 UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1 RX packets:339424667 errors:0 dropped:8563092 overruns:0 frame:0 TX packets:25770836 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:52040424455 (48.4 GiB) TX bytes:2155985162 (2.0 GiB) eth1 Link encap:Ethernet HWaddr 00:15:17:A3:9F:99 BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
204
Network Settings: port enabled DHCP IP address netmask type additional setting
--------------------------------------------------------------------------------------------------------------eth0 yes eth1 yes yes yes 192.168.8.175* 255.255.252.0* n/a (not specified)* (not specified)* n/a
--------------------------------------------------------------------------------------------------------------* Value from DHCP Domainname: The Domainname is: datadomain.com Searchdomains: # Searchdomains - ----------------------------1 datadomain.com (local domain) - ----------------------------The Hostname is: dd120-19.datadomain.com DNS: # Server -------------------------1 10.24.255.146 2 10.24.255.150 -------------------------Showing DNS servers configured by DHCP. Network Hardware: Port Speed Duplex Supp Speeds Hardware Address Physical Link Status
-----------------------------------------------------------------------------------------------------------------eth0 1000Mb/s eth1 unknown full unknown 10/100/1000 10/100/1000 00:15:17:a3:9f:98 00:15:17:a3:9f:99 Copper Copper yes no
-----------------------------------------------------------------------------------------------------------------Network Stats: Active Internet connections (w/o servers) Proto Recv-Q tcp tcp tcp tcp tcp tcp 0 0 0 0 0 0 Send-Q 0 0 0 0 0 0 Local Address 127.0.0.1:55373 127.0.0.1:56883 127.0.0.1:7995 127.0.0.1:53578 127.0.0.1:33092 127.0.0.1:57064 Foreign Address 127.0.0.1:3006 127.0.0.1:3006 127.0.0.1:33092 127.0.0.1:3006 127.0.0.1:7995 127.0.0.1:8002 State TIME_WAIT TIME_WAIT ESTABLISHED TIME_WAIT ESTABLISHED ESTABLISHED
Output truncated.
net
205
net show config [<ifname>] Display the configuration for a specific Ethernet interface. Exclude the keyword <ifname> to view the configuration for all Ethernet interfaces. This command shows auto-generated IPv6 addresses. In the example, the interface eth0a shows a statically assigned IPv6 address; however, because the interface cannot come up to the RUNNING state the link local and router-generated address are not available. Interface eth0b shows a IPv4 static address and two auto-generated IPv6 addresses.
Example (IPv6) # net show config
eth0a Link encap:Ethernet HWaddr 00:A0:D1:EC:F7:41 inet6 addr: 2003:deaf::beef:face:cafe/52 Scope:Global UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
eth0b
Link encap:Ethernet HWaddr 00:A0:D1:EC:F7:40
inet addr:10.25.130.165 Bcast:10.25.143.255 Mask:255.255.240.0 inet6 addr: 2620:0:170:1106:2a0:d1ff:feec:f740/64 Scope:Global inet6 addr: fe80::2a0:d1ff:feec:f740/64 Scope:Link UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1 RX packets:5130625 errors:0 dropped:0 overruns:0 frame:0 TX packets:7345 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:362880422 (346.0 MiB) TX bytes:2831694 (2.7 MiB)
net show {domainname | searchdomains} Display the domain name or search domains used for email sent by a Data Domain system. net show dns Display a list of DNS servers used by the Data Domain system. The final line in the output shows if the servers were configured manually or by DHCP.
206
net show hardware Display Ethernet port hardware information.

Example # net show hardware
Network Hardware: Port Speed Duplex Supp Speeds Hardware Address Physical Link Status
-----------------------------------------------------------------------------------------------------------------eth0 1000Mb/s eth1 unknown full unknown 10/100/1000 10/100/1000 00:15:17:a3:9f:98 00:15:17:a3:9f:99 Copper Copper yes no
------------------------------------------------------------------------------------------------------------------
Output Definitions
Port The Ethernet interfaces on the system (for example, eth3 or eth3a, depending on the port naming convention the system uses). Speed The actual speed at which the port processes data. Duplex Full or half duplex protocol. Supp Speeds Lists speeds the port is capable of using. Hardware Address The MAC address. The IPv6 addressing scheme uses colons to separate values. IPv4 uses periods. Physical Copper or fibre. net show hostname Display the hostname of the Data Domain system. net show settings Display the configured Ethernet interface settings, not the status of each interface. For example, if an interface on the Data Domain system does not have a live Ethernet connection, the interface is not enabled.
net
207
Example (IPv4) # net show settings

port enabled DHCP eth0 eth1 eth2 eth3 eth4 eth5 eth6 yes no no yes yes no no yes n/a n/a n/a n/a n/a n/a n/a n/a no IP address 192.168.9.142* n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a netmask 255.255.252.0* n/a n/a n/a n/a n/a n/a n/a n/a bonded to veth2 / balance hash xor-L3L4: eth3 bonded to veth2 / balance hash xor-L3L4: eth4 type n/a n/a n/a bonded to veth0 bonded to veth1 additional setting/prefix length -------------------------------------------------------------------------------------------------------------------------------------------------------------------
veth0 yes veth1 yes veth2 yes
30.30.30.30
255.255.255.0 n/a failover: veth0,veth1
------------------------------------------------------------------------------------------------------------------------------------------------------------------* Value from DHCP
Example (IPv6) # net show settings

port enabled DHCP IP address netmask /prefix length -----------------------------------------------------------------------------------------------------------------------------------------------eth0a yes eth0b yes no 2003:deaf::beef:face:cafe /52 255.255.240.0* n/a n/a yes 10.25.130.165* * Value from DHCP type additional setting
------------------------------------------------------------------------------------------------------------------------------------------------
208
net show stats [ipversion {ipv4 | ipv6}] [all | interfaces | listening | route | statistics] Display network statistics. The ipversion argument shows information on IPv4 or IPv6 addresses only. The default shows all statistics, including IPv4 and IPv6 addresses.
Example 1 # net show stats all
Active Internet connections (w/o servers) Proto Recv-Q Send-Q tcp tcp tcp tcp tcp tcp tcp 0 0 0 0 0 0 38 0 0 0 0 0 0 0 Local Address 127.0.0.1:53968 127.0.0.1:38008 127.0.0.1:60344 192.168.8.175:601 127.0.0.1:42791 127.0.0.1:7995 Foreign Address 127.0.0.1:3006 127.0.0.1:3006 127.0.0.1:3006 10.25.209.6:940 127.0.0.1:3006 127.0.0.1:33092 State TIME_WAIT ESTABLISHED TIME_WAIT TIME_WAIT TIME_WAIT ESTABLISHED
::ffff:127.0.0.1:38401 ::ffff:127.0.0.1:3009 CLOSE_WAIT
Example 2 # net show stats listening

Active Internet connections (only servers) Proto Recv-Q Send-Q tcp tcp tcp tcp tcp 0 0 0 0 0 0 0 0 0 0 Local Address *:nfs *:pxc-ntfy localhost.lo:teradataordbms *:epnsdp localhost.localdomain:8003 Foreign Address *:* *:* *:* *:* *:* State LISTEN LISTEN LISTEN LISTEN LISTEN
tcdump
net tcpdump capture <filename> [interface <iface>] [{host <host> [ipversion {ipv4 | ipv6] | net {<ipaddr> [mask <mask>] | <ipv6addr>[/<prefixlength>]}}] [port <port>] [snaplen <bytes>] Capture data, and then copy the output file to another system for analysis. This command converts the options from the command line to equivalent tcpdump options. Output files are placed in /ddvar/traces where you can upload them to autosupport. A maximum of 10 output files may be retained on the system. If this limit is reached, you are prompted to delete some of the files. net tcpdump del {<filename> | all} Delete output files created by the net tcpdump capture command. Specify a <filename> to delete files matching the pattern /ddvar/traces/tcpdump_<filename> *. Specify all to remove all net tcpdump output files.
net
209
troubleshooting
net troubleshooting duplicate-ip Detect duplicate IP in network.
Example # net troubleshooting duplicate-ip
Port ----eth1a IP Address Details -------------- ----------11.2.1.2 duplicate ip from MAC address 00:15:17:32:33:32
eth2a.100:1 11.2.1.3 duplicate ip from MAC address 00:15:17:32:33:33
Additional Topics
New Support for IPv6

Federal certification requirements state that the DD OS must be IPv6-capable and that interoperability with IPv4 be maintained in an heterogeneous environment. As a result, several net command options now include arguments for both versions of Internet Protocol. EMC Data Domain customers select which version to use, based on the type of configuration. If you do not specify an IP version, the default is IPv4 to maintain compatibility with the previous DD OS versions. The exception is show commands. If the version is not specified in the show command option (as in route show table), both address versions are displayed. To view the IPv4 routes only, you must specify the IPv4 argument. If a command cannot determine the IP version of an address; for example, when a hostname is provided, you must enter IPv6 in the command option if the host is to be accessed using its IPv6 address. note IPv6 addresses are not supported for replication, NFS, OST, DD Boost, and CIFS.
More About Ethernet Failover

Ethernet failover provides improved network stability and performance, and is implemented with the net failover command. The failover-enabled virtual interface represents a group of secondary physical interfaces, one of which can be specified as the primary. The system makes the primary interface the active interface when the primary interface is operational.
210
A failover from one physical interface to another can take up to 30 seconds. The delay is to guard against multiple failovers when a network is unstable.
Guidelines
Consider the following guidelines when planning an interface failover:
For best results, a primary interface should be part of the failover. This provides a way of determining which interface is active. A primary slave cannot be removed from the bonding except in the case of net failover reset command, during which all slaves are removed. A primary interface must be explicitly specified as the primary, and must also be a slave, to the virtual interface. To designate a physical interface as the primary failover interface, use the optional primary argument. If the primary interface goes down and multiple interfaces are available, the next interface is selected at random. The virtual interface must be present on the system. Use the net show settings command option to confirm the presence of a virtual interface. Enable failover on the existing virtual interface name in the form vethx, where x is a unique string (typically one or two digits). A typical full virtual interface name with and associated VLAN and alias is veth56.3999:199. The maximum name length is 15 characters, which typically limits the name string x to two characters. Special characters are not supported. Use commas, spaces, or both to separate list entries. If a primary interface is part of the failover, it cannot be deleted from the failover while it is the primary interface. Use the net failover modify command to change the primary interface. To remove the slave from an interface, set another interface to primary or none. For example, to associate a failover virtual interface named veth1 with the physical interfaces eth2a and eth3a, and to designate eth2a as the primary:
# net failover add veth1 interfaces eth2a eth3a primary eth2a
Current interfaces for veth1: eth2a, eth3a, primary eth2a
Number of Ports
The number of ports depends on the number and type of Ethernet cards, and on the system type. A system with two Ethernet cards has a maximum of six ports: eth0a, eth1a, eth2a, eth3a, eth4a, and eth5a. If one of the cards is a 1-port 10 GbE fiber, the maximum is five ports (eth0a-eth4a). A system with two quad-port NICs has a maximum 10 ports, and a system with three cards, such as DD670, has a maximum of 14 ports. If the system allows it, five network cards can be added to the system, but the absolute maximum number of physical port allowed is 20.
net
211
Number of Physical Interfaces

The recommended number of physical interfaces for failover is two so as not to waste interfaces in a passive mode. However, you can configure one primary interface and five failover interfaces. Exceptions are 10 Gb CX4 Ethernet cards, which are restricted to one active interface and one standby interface (both slaves must be on same card), and 10 Gb optical, single-port Ethernet cards, which cannot be used in failover or aggregation. Note that the SFP+ 10 Gb interfaces do not have these restrictions.
More About the net aggregate Option

The net aggregate commands control link aggregation, which provides improved network performance and resilience by using two or more network ports in parallel. Note that link aggregation and Ethernet trunking are synonymous. The recommended and supported maximum is four ports, but there are no restrictions on the Data Domain system for having more aggregate slaves.
More About LACP

LACP uses a control protocol to determine which interfaces can be used. An interface must not only have carrier up, but also must be able to communicate with its directly attached partner. This provides a better port fail recovery than failover bonding; however, the LACP port must reside on a single switch except for special cases of virtual switch ports. Therefore to fail across switches failover bonding must be used.
More About Up/Down Arguments

A down interface must be up for interval configured in <time> to be considered up. An up interface must be down for the interval configured in <time> to be considered down and not available. If a link is up, the interface carrier must be missing for the amount of time specified by the down argument before the link is designated down. Default for up/down times is 29.7 seconds. Up/down times are rounded down to a multiple of 0.9 seconds. For example if 10 seconds is configured, 9.9 seconds is used. When the link is down:

Data is no longer sent to the interface. For an aggregation bonding, aggregation is recalculated. For a failover bonding, if the affected interface is the active interface, then the active interface is switched to another interface that is up.
212
The interface carrier must be present for the amount of time specified by the up argument before the link is designated up. When the link is up:

Data can be sent over it. For an aggregation bonding, the aggregation is recalculated to include the up link. For a failover bonding, nothing more is done; however, if the up interface is the primary or sole, up slave interface, then it is also marked as the active interface.
Linux/DD OS Equivalent Arguments for iperf Option

The iperf Linux command measures the quality and bandwidth of network connections. The DD OS net iperf command provides equivalent capabilities. Values for <bytes> may be followed by the K, M, or G suffice for to scaling the value. DD OS net iperf Option <server-host> <port> window-size <bytes> transmit-size <bytes> duration <secs> interval <secs> data random Linux iperf Option -c <server-host> -p <port> -w <iperf-bytes> -n <iperf-bytes> -t <secs> -i <secs> (Data Domain version of iperf) or -F /dev/urandom-R -N -p <number> -X (Data Domain version of iperf)
no delay connections <count> none
net
213
Linux/DD OS Equivalent Arguments for tcdump Option

The DD OS tcdump command dumps network traffic output as does the Linux tcdump command. Values for <bytes> may be followed by the K, M, or G suffice for to scaling the value. DD OS net tcdump Option <filename> Linux tcdump Option -w /ddvar/traces/tcpdump_<filename> -C 100M -W 5 -i <iface> -w <iperf-bytes> net <net> mask <mask> -i <secs> -s <bytes>
interface <iface> host <host> net <net> mask <mask> port <port> snaplen <bytes>
Sample Failover Workflow

1. Disable the interfaces eth2a, eth3a, and eth4a for use as failover interfaces:
# net disable eth2a # net disable eth3a # net disable eth4a
2. If virtual interface veth1 does not exist on the system, create it:
3. Create a failover virtual interface named veth1 using the physical interfaces eth2a and eth3a:
# net failover add veth1 interfaces eth2a, eth3a
Current interfaces for veth1: eth2a, eth3a
4. Enable virtual interface veth1:

# net config veth1 10.20.199.41 netmask 255.255.0.0
214
5. Show configured failover virtual interfaces:

# net failover show
Ifname -----veth1 -----Hardware Address Configured Interfaces ----------------- --------------------00:04:23:d4:f1:27 eth2a,eth3a, active: none, primary: None ----------------- ---------------------
To add the physical interface eth4a to failover virtual interface veth1:

# net failover add veth1 interfaces eth4a
Current interfaces for veth1: eth2a, eth3a, eth4a
To remove eth2a from the virtual interface veth1:

# net failover del veth1 interfaces eth2a
Interfaces "eth2a" have been removed from "veth1". Configuration of "veth1" is reset.
To clear the virtual interface veth1 of the IP address and release the associated physical interfaces:
# net failover reset veth1
Interfaces "eth3a, eth4a" have been removed from "veth1". Configuration of "veth1" is reset.
To reenable the physical interfaces:

# net enable eth2a # net enable eth3a # net enable eth4a
Sample Aggregation Workflow

1. Disable the interfaces eth2a, eth3a, and eth4a to use as aggregation interfaces:
# net disable eth2a # net disable eth3a # net disable eth4a
2. If virtual interface veth1 does not exist on the system, create it:
net
215
3. Enable link aggregation on virtual interface veth1 for physical interfaces eth2a and eth3a in xor-L2 mode:
# net aggregate add veth1 mode balanced hash xor-L2 interfaces eth2a eth3a
4. Enable the virtual interface:

# net config veth1 192.168.45.119 netmask 255.255.248.0
5. Show the aggregate setup:

# net aggregate show
Ifname Hardware Address Aggregation Mode Configured Interfaces Up Delay Down Delay ------------------------------------------------------------------------------------------------------------------------------------------------------veth10 00:15:17:0f:63:fc balance hash xor-L2 eth2a, eth3a 29700 29700
-------------------------------------------------------------------------------------------------------------------------------------------------------
To delete physical interface eth3a from the aggregate virtual interface veth1:
# net aggregate del veth1 interfaces eth3a
To add link physical interface eth4a on virtual interface veth1:

# net aggregate add veth1 mode xor-L2 interfaces eth4a
To remove all interfaces from veth1:

# net aggregate reset veth1
Interfaces "eth2a, eth4a" have been removed from "veth1". Configuration of "veth1" is reset.
To reenable the physical interfaces:

# net enable eth2a # net enable eth3a # net enable eth4a
Interface Naming Format

The interface naming format is eth<slot #><a-d>. Letters are sequential without gaps. For onboard NIC vertical interfaces, the top or left interface is eth0a and the bottom or right interface is eth0b. For onboard NIC horizontal interfaces, the left interface, as viewed from the rear, is eth0a and the right is eth0b. In configurations of four onboard interfaces, the top left interface is eth0a, the top right interface is eth0b, the bottom left interface is eth0c, and the bottom right interface is
216
eth0d. For optional cards installed vertical or horizontal, the interface at the top of the card is ethxa, the next is ethxb, the next is ethxc, and so on, until the bottom of the card where x is the slot number. This ensures:

A method for identify the correct physical link from the logical link. That the interface names do not change if cards are added or removed. That the interface name is not dependent on the type of cards in the system.
When interface names prior to 4.9 are changed to the current naming structure, the associated configuration names are also changed. For example, eth1.236 becomes eth0b.236, eth1 and eth0 bonded to veth1 becomes eth0a and eth0b bonded to veth1. Note that the revised naming format is not required for virtual interfaces; however, slaves are renamed. Virtual interfaces can be removed from interface list by running the destroy option.
net
217
218
nfs
The nfs command enables you to add NFS clients and manage access to a Data Domain system. It also enables you to display status information, such as verifying that the NFS system is active, and the time required for specific NFS operations. Options include:

add del disable enable reset show status
Change History
Unless otherwise noted, command options are available only to users with admin role permissions. The subdirectory /backup subdirectory is not supported in Global Deduplication Arrays (GDAs). Separate list entries by commas, spaces, or both.
Options
nfs
219
add
nfs add <path > <client-list> [(<option-list>)] Add NFS clients that can access the Data Domain system. A client can be a fully qualified domain hostname, class-C IP addresses, IP addresses with netmasks or length, an NIS netgroup name with the prefix @, or an asterisk wildcard for the domain name, such as *.yourcompany.com. An asterisk by itself means no restrictions. A client added to a subdirectory under /backup has access only to that subdirectory. The <options-list> is comma or space separated, enclosed by parentheses. If no option is specified, the default options are rw, root_squash, no_all_squash, and secure. In GDA configurations, only /ddvar is exported. The export of /data shares is not supported.
NFS Options
ro Enable read-only permission. rw Enable read and write permissions (default value). root_squash Map requests from uid or gid 0 to the anonymous uid/gid. no_root_squash Turn off root squashing (default value). all_squash Map all user requests to the anonymous uid/gid. no_all_squash Turn off the mapping of all user requests to the anonymous uid/gid (default value). secure Require that requests originate on an Internet port that is less than IPPORT_RESERVED (1024) (default value). insecure Turn off the secure option.
220
anonuid=<id> Set an explicit user ID for the anonymous account. The ID is an integer bounded from 0 to 65635. anongid=<id> Set an explicit group ID for the anonymous account. The ID is an integer bounded from 0 to 65635.
del
nfs del <path><client-list> Delete specific directories, including a backup subdirectory, for one or more clients. The <client-list> can contain IP addresses, hostnames, or an asterisk that represents all clients. In GDA configurations, only /ddvar is exported. The export of /data shares is not supported.
disable
nfs disable Disable all NFS clients.
enable
nfs enable Allow all NFS-defined clients to access the Data Domain system.
reset
nfs reset clients Reset client list to the factory default empty. NFS clients can access the Data Domain system when the list is empty. nfs reset stats Clear the NFS statistics.
show
nfs show active List clients active in the past 15 minutes and the mount path for each.
nfs
221
nfs show clients List NFS clients allowed to access the Data Domain system and the mount path and NFS options for each. nfs show detailed-stats Display NFS cache entries and status to facilitate troubleshooting. nfs show histogram Display NFS operations in a histogram. Users with user role permissions may run this command.
Example # nfs show histogram
Op NULL GETATTR SETATTR LOOKUP ACCESS READLINK READ WRITE CREATE MKDIR SYMLINK MKNOD REMOVE RMDIR RENAME LINK READDIR READDIRPLUS mean-ms stddev max-s 2ms 4ms 6ms 0.0 0.0 0.1 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 1 3 1 20 3 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 8ms 10ms 100ms 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1s 10s >10s 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 -------------------------------------------------------------------------------------------------------------------------------------------
...
-------------------------------------------------------------------------------------------------------------------------------------------
Output truncated.
222
Output Definitions
mean-ms The mathematical mean time for completion of the operations. stddev The standard deviation for time to complete operations, derived from the mean time. max-s The maximum time taken for a single operation. 2ms The number of operations that took 2 ms or less. 4ms The number of operations that took between 2ms and 4ms. 6ms The number of operations that took between 4ms and 6ms. 8ms The number of operations that took between 6ms and 8ms. 10ms The number of operations that took between 8ms and 10ms. 100ms The number of operations that took between 10ms and 100ms. 1s The number of operations that took between 100ms and 1 second. 10s The number of operations that took between 1 second and 10 seconds. >10s The number of operations that took over 10 seconds. nfs show port Display NFS port information. Users with user role permissions may run this command. nfs show stats Display NFS statistics.
status
nfs status Enter this option to determine if the NFS system is operational. When the filesystem is active and running, the output shows the total number of NFS requests since the filesystem started, or since the last time that the NFS statistics were reset.
nfs
223
Additional Topics
Add or Delete NFS Clients

To add an NFS client with an IP address of 192.168.1.02 and read/write access to /backup with the secure option, enter:
# nfs add /backup 192.168.1.02
To add a subnet client using its IP address followed by a length and a netmask, enter:
# nfs add /backup 192.168.1.02/24 # nfs add /backup 192.168.1.02/255.255.255.0
To delete an NFS client with an IP address of 192.168.1.02 from the /ddvar directory, enter:
# nfs del /ddvar 192.168.1.02
224
ntp
The ntp command synchronizes a Data Domain system with an NTP time server, manages the NTP service, or turns off the local NTP server. A Data Domain system can use a time server supplied through the default multicast operation, received from Dynamic Host Configuration Protocol (DHCP), or set manually with the Data Domain system ntp add command. Options include:

add del disable enable reset show status
Change History
Click the command option for details on usage and functionality. See the EMC DD OS Release Notes of the corresponding version for details on modifications, including arguments, output, and permissions. Version Change 5.2 With the exception of ntp show and ntp status, ntp command options require security officer authorization when run on Retention Lock Compliance systems.
Unless otherwise noted, command options are available only to users with admin role permissions. Default system settings for NTP service are enabled and multicast. Time servers set with the ntp add command override time servers from DHCP and from multicast operations. Time servers from DHCP override time servers from multicast operations.
ntp
225
The Data Domain system ntp del and ntp reset commands act only on manually added time servers, not on DHCP-supplied time servers. You cannot delete DHCP time servers or reset to multicast when DHCP time servers are supplied.
Options
add
ntp add timeserver <server-name> Add a remote time server to NTP list. This command option requires security officer authorization for Retention Lock Compliance systems.
Example
To add an NTP time server named srvr26.yourcompany.com to the list, enter:

# ntp add timeserver srvr26.yourcompany.com
del
ntp del timeserver <server-name> Delete a manually added time server from the list. This command option requires security officer authorization for Retention Lock Compliance systems.
Example
To delete an NTP time server named srvr26.yourcompany.com from the list, enter:
# ntp del timeserver srvr26.yourcompany.com
disable
ntp disable Disable NTP service on a Data Domain system. This command option requires security officer authorization for Retention Lock Compliance systems.
enable
ntp enable Enable NTP service on a Data Domain system. This command option requires security officer authorization for Retention Lock Compliance systems.
226
reset
ntp reset Reset the NTP configuration to the default settings. This command option requires security officer authorization for Retention Lock Compliance systems. ntp reset timeservers Reset the time server list from manually entered time servers to DHCP time servers (if supplied) or to the multicast mode (if no DHCP time servers supplied). This command option requires security officer authorization for Retention Lock Compliance systems.
show
ntp show config Display status of NTP: enabled or disabled, and show the time server list.
Example # ntp show config
NTP is currently enabled. # 1 2 Server 192.168.244.208 192.168.244.214 eth0a X X eth1a -----------------------------------------------------------------
----------------------------------------------------------------Showing NTP servers configured by DHCP.
status
ntp status Display the local NTP service status, time, and synchronization information. If running the command in a GDA, the output includes information about the master and worker controllers.
Example # ntp status
Status Current Clock Time Clock Last Synchronized Clock Last Synchronized With Time Server Enabled Thu April 12 19:27:57.676 2011 Thu Feb 26 19:12:05.729 2010 192.168.244.208
ntp
227
228
quota
The quota command enables users to modify the amount of storage space for MTrees and for VTL and DD Boost storage units. There are two quota limits: hard and soft. The hard limit prevents writes from exceeding the quota. Users receive an error message if the hard limit is exceeded. The soft limit allows writes to exceed the quota; however, an alert is generated. The soft value must be less than the hard value. Quota limits must be specified as integers. You can set hard, soft, or both, depending on your requirements. For example, an administrator may choose to enforce only a soft limit to prevent backup jobs running overnight from failing when the quota limit is reached. Or, he or she may choose to enforce only a hard limit to block a user from writing when the quota limit is reached. Snapshots capture quota information at a precise point in time. Usage tracking in the active filesystem does not account for the space of snapshot, so quota limits are not enforced on snapshots. For information on establishing quotas when creating MTrees, and DD Boost and VTL storage units, see mtree, ddboost, and vtl, respectively. Options include:

disable enable reset set show status
Change History
Click the command option for details on usage and functionality. See the EMC DD OS Release Notes of the corresponding version for details on modifications, including arguments, output, and permissions. Version Change 5.2 Quota command and options introduced.
quota
229
Unless otherwise noted, command options are available only to users with admin role permissions. MTree quotas with a hard limit cannot be set on the /data/col1/backup directory. The maximum MTree quota value is 4096 PiB. See mtree for details.
Options
disable
quota disable Disable quota support. This command option also disables MTree quota limits and restores the limits to the default state (unlimited).
enable
quota enable Enable quota support.
reset
quota reset { all | mtrees <mtree-list> | storage-units <storage-unit-list> } [soft-limit] [hard-limit] Reset quota limits. If hard or soft limits are not entered, both are reset to the default state (unlimited).
Example 1
To reset hard and soft limits for an MTree:

# quota reset mtrees /data/col1/backup1
Quota soft limit: none, hard limit: none Note: Quota is disabled. Quota limits not enforced.
Example 2
To reset soft limit only for an MTree:

# quota reset mtrees /data/col1/backup1 soft limit
/data/col1/backup1: Quota soft limit: none, hard limit: 1048576 MiB
230
Example 3
To reset hard limit only for an MTree:

# quota reset mtrees /data/col1/backup3 hard limit
/data/col1/backup3: Quota soft limit: 102400 MiB, hard limit: none
Example 4
To reset hard and soft limits for a storage-unit:

# quota reset storage-units DDBOOST_STRESS_SU
Quota soft limit: none, hard limit: none
set
quota set {all | mtrees <mtree-list> | storage-units <storage-unit-list>} {soft-limit <n> {MiB|GiB|TiB|PiB} | hard-limit <n> {MiB|GiB|TiB|PiB} | soft-limit <n> {MiB|GiB|TiB|PiB} hard-limit <n> {MiB|GiB|TiB|PiB}} Set quota limits during runtime for multiple MTrees. When used for storage units, this command option sets limits only after the storage unit is created. Note that the quota feature must be enabled, otherwise limits are not enforced. Setting quotas does not require disabling the filesystem and therefore does not affect system performance. See ddboost for instructions on how to set quotas during the creation of a storage unit.
Example 1
To set a soft limit quota of 10 GiB on MTree /data/col1/backup1 when the quota feature is disabled:
# quota set mtrees /data/col1/backup1 quota-soft-limit 10 GiB
/data/col1/backup1: Quota soft limit: 10240 MiB, hard limit: none Note: Quota is disabled. Quota limits not enforced
Example 2
To set a hard limit quota of 10 TiB on MTree /data/col1/backup1:

# quota set mtrees /data/col1/backup1 hard-limit 10 GiB
/data/col1/backup1: Quota soft limit: n/a, hard limit: 1048576 MiB
Example 3
To set a soft limit quota of 100GiB and a hard limit quota of 1TiB on MTree /data/col1/backup1:
# quota set mtrees /data/col1/backup1 soft-limit 10 GiB hard-limit 10 TiB
/data/col1/backup1: Quota soft limit: 10240 MiB, hard limit: 1048576 MiB
quota
231
Example 4
To set a soft limit quota of 100 GiB and a hard limit quota of 1 TiB on storage-unit DDBOOST_STRESS_SU:
# quota set storage-units DDBOOST_STRESS_SU soft-limit 100 GiB hard-limit 1 TiB
DDBOOST_STRESS_SU: Quota soft limit: 10240 MiB, hard limit: 1048576 MiB
show
quota show {all | mtrees <mtree-list> | storage-units <storage-unit-list>} List the quota limits and usage of a particular mtree or storage unit, all mtrees or storage units, or all of both. The unit of display for usage and limits is MiB.
Example 1 # quota show /data/col1/backup
Mtree /data/col1/backup Pre-Comp (MiB) 1000 Soft-Limit (MiB) none Hard-Limit (MiB) none --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Note: Quota is disabled. Quota limits not enforced.
Example 2 # quota show all

Name /data/col1/backup /data/col1/DDBOOST_STRESS_SU /data/col1/temp /data/col1/.deleted-1310058450572152676 /data/col1/abcd /data/col1/abcd2 Note: Quota is disabled. Quota limits not enforced. Pre-Comp 0 KiB 1 GiB 0 KiB 0 KiB 0 KiB 0 KiB Soft-Limit unlimited 10 GiB unlimited unlimited unlimited 100 GiB Hard-Limit unlimited 20 GiB unlimited unlimited unlimited 200 GiB -------------------------------------------------------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
232
Example 3 # quota show storage units

Name DDBOOST_STRESS_SU temp abcd2 Note: Quota is disabled. Quota limits not enforced. Pre-Comp 1GiB 0 KiB 0 KiB Soft-Limit unlimited unlimited 100 GiB Hard-Limit unlimited unlimited 200 GiB -------------------------------------------------------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Example 4 # quota show storage-units abcd2 temp

Name temp abcd2 Note: Quota is disabled. Quota limits not enforced. Pre-Comp 0 KiB 0 KiB Soft-Limit unlimited 100 GiB Hard-Limit unlimited 200 GiB -------------------------------------------------------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
status
quota status Display status of quota enforcement: enabled or disabled. If output includes a note stating status as disabled, quota limits are not being enforced and are therefore unlimited.
quota
233
234
replication
The replication command enables you to replicate data (copy and synchronize), between two Data Domain systems: a source and a destination. Source and destination configurations, or pairs, are also known as contexts. Depending on your objective, you can replicate entire sites, specific directories, MTrees, or files within a virtual tape library. Replication is a licensed software option. See the EMC DD OS Administration Guide for details on replication practices and procedures. Options include:

abort add break disable enable initialize modify option reauth recover resync show status sync throttle watch
Change History
Click the command option for details on usage and functionality. See the EMC DD OS Release Notes of the corresponding version for details on modifications, including arguments, output, and permissions. Version Change 5.2 Modified command options: replication break {<destination> | all}
replication
235
replication disable {<destination> | all} replication sync [<destination>]
Unless otherwise noted, command options are available only to users with admin role permissions. Ensure adequate storage is available on the source and destination. With the exception of collection replication, the destination must have more space than the source. With the exception of collection replication, the destination directory is overwritten during replication. Before starting, verify the destination directory is empty or that its contents are not required. A source subdirectory cannot be in another directory replication context. A directory can be in only one context at a time. Command options may take several seconds to conclude when a Data Domain system is at, or near, capacity. If the source or destination hostnames do not correspond to the Data Domain network names, modify the name by running the command option replication modify connection-host on the source system. Source names <source> that include spaces or special characters must be entered according to specific conventions or the command will fail. Either enclose the entire source pathname with double quotation marks, or enter a backslash before the space. Do not use both. Retention Lock Compliance is supported for collection replication only.
Options
abort
replication abort recover <destination> Stop a recover process. Run this command option on the destination Data Domain system only. Then, reconfigure replication on the source Data Domain system and restart the recover process. replication abort resync <destination> Stop a resync operation. Run this command option on the source or destination Data Domain system.
236
add
replication add source <source> destination <destination> [low-bw-optim {enabled | disabled}] [encryption {enabled | disabled}] [propagate-retention-lock {enabled | disabled}] Create a replication pair. Use low-bw-optim enabled to enable delta replication. Low bandwidth optimization is active only when enabled on the source and destination and cannot be used for collection replication. note Directory replication is not supported in GDA configurations.
break
replication break {<destination> | all} Remove the source or destination Data Domain system from a replication pair, or remove all Replicator configurations from a Data Domain system. This command option requires security officer authorization for Retention Lock Compliance systems.
disable
replication disable {<destination> | all} Run this command on the source or destination system to halt data replication temporarily. If run on the source, the operation stops sending data to the destination. If run on the destination, the operation stops serving the active connection from the source. This command option requires security officer authorization for Retention Lock Compliance systems.
enable
replication enable {<destination> | all} Restart replication. If run on the source, the operation resumes sending data to the destination. If run on the destination, the operation resumes serving the active connection from the source.
initialize
replication initialize <destination> Run this command option on the source to start replication between a source and destination. This command option verifies the configuration and connections are correct and returns error messages if problems appear.
replication
237
The initialize operation can take several hours, or days, depending on the amount of data in the source. As an alternative, consider placing both Data Domain systems of the replicator pair in the same location with a direct link to reduce initialization time. The <destination> variable is required.
modify
replication modify <destination> connection-host <new-host-name> [port <port>] Run this command option if the destination hostname does not resolve for the connection. Use the modify connection-host option to correct the name or IP address. An optional port number may also be used. The connection-host option may be required when a connection passes through a firewall, and is required when connecting to an alternate listen-port on the destination. It may also be required after adding a new source and destination pair, or after renaming a source or a destination. replication modify <destination> {source-host | destination-host} <new-host-name> Assign a new hostname to a replacement system in a replication pair. The <new-hostname> must be the name returned by the hostname command on the system receiving the new host. Run this command option on the destination system to change the hostname on a source system. Do not use the command to change the hostname on the destination. Contact Data Domain Support before changing the hostname on a destination system. When using the replication modify command option, always run the filesys disable command first, and conclude with the filesys enable command.
Example
If the local destination dest-orig.ca.company.com is moved from California to New York, enter the following command options on the source and destination:
# filesys disable # replication modify dir://ca.company.com/backup/dir2 destination-host ny.company.com # filesys enable
replication modify <destination> encryption {enabled | disabled} Modify the destination hostname and set the state of encryption. replication modify <destination> low-bw-optim {enabled | disabled} Enable delta replication on a replication context. This option is active only when enabled on the source and destination. This option does not apply to collection replication.
238
option
replication option reset {bandwidth | delay | listen-port} Reset system bandwidth to default unlimited, or delay to default none, or listen port to 2051. When using the replication option reset command options, always run the filesys disable command first, and conclude with the filesys enable command. replication option set bandwidth <rate> Set the network bandwidth rate for the Data Domain system. You must set the bandwidth and network-delay on each side of the connection. replication option set delay <value> Set the network delay in milliseconds for the Data Domain system.You must set the bandwidth and network-delay on each side of the connection. replication option set listen-port <value> Set the listen port for the Data Domain system. On a destination Data Domain system, set the port from which the destination receives data from replication sources (default is 2051). A destination can have only one listen-port that must be used by all sources. The connection-host port used by a source must match the listen-port used by the destination. For DD Boost managed file replication, the listen-port is used on the source Data Domain system and on the destination Data Domain system to specify the connection-host port. For directory replication, the replication modify connection-host command option is used on the source Data Domain system. replication option show Display the current bandwidth and network-delay settings. If these settings are at the default of none, the operation returns a command prompt with no setting information. All users may run this command.
replication
239
reauth
replication reauth <destination> Use this command on the source and the destination systems to reset authentication. A destination variable is required. Messages similar to Authentication keys out of sync or Key out of sync indicate a reset is required. Reauthorization is primarily used when replacing a source Data Domain system.
recover
replication recover <destination> Run this command option on a new source to move data from a destination system. If configuring collection replication, this option must be run on the new source only. A destination argument is required. This command is not available for MTree replication. When using the replication recover command option, always run the filesys disable command option first, and conclude with the filesys enable command option. If the replication break command was previously run, the destination cannot be used to recover a source. If configuring directory replication, the target directory on the source must be empty. See Additional Topics for information on how recovery affects collection replication.
resync
replication resync <destination> Synchronize replication when directory replication is broken between a source and destination. Note that the source and the destination must be configured and the context initialized. This command option cannot be used with collection replication. Also, this command fails if you try to replicate to a Retention Lock system and the destination is not empty.
show
replication show config [<destination> | all] Show replication configuration. All users may run this command option. replication show detailed-history {<obj-spec-list> | all} [duration <duration> {hr | min}] [interval <interval> {hr | min}] Show details of replication performance history. All users may run this command option.
240
Output Definitions
CTX The context number for directory replication or a zero (0) for collection replication. Source The Data Domain system that receives data from backup applications. Destination The Data Domain system that receives data from the replication source Data Domain system. Connection Host and Port A source system connects to the destination system using the name returned by the hostname command on the destination. It may also connect using a destination name or IP address and port designated by replication modify connection-host command. The destination hostname may not resolve to the correct IP address when connecting to an alternate interface on the destination, or when passing through a firewall. Low-bw-optim The status of low-bw-optim: enabled, disabled, or configuration mismatch. Enabled The replication process is enabled and available to replicate data (yes) or disabled and not available to replicate data (no). replication show detailed-stats [<destination> | all] Display cumulative statistics beginning with when the context was created. This command option provides byte-count statistics related to identity-filtering, delta-compression, and local-compression. The ratio of the values Bytes after filtering by destination to Bytes after low bandwidth optimization gives additional compression ratio supplied by delta compression. All users may run this command option. replication show history {<obj-spec-list> | all} Show replication performance history. Statistics are generated hourly. All users may run this command option.
replication
241
Output Definitions
Pre-Comp (KB) Remaining The amount of pre-compression data not replicated. Replicated (KB) Pre-Comp The amount of pre-compressed data replicated. Replicated (KB) Network The amount of compressed data sent over the network. Synced-as-of Time The time when the most recently replicated data on the destination was generated on the source. A value of unknown appears during replication initialization. Low-bw-optim The additional compression ratio supplied by delta compression. replication show performance {<obj-spec-list> | all} [interval <sec>] [count <count>] Display current replication activity. Default interval is two seconds. All users may run this command option. If a single source context is specified, four additional columns are presented. These columns show the relative amounts of time spent working on, or waiting for, replication sender threads for the specified context. Values are calculated by the amount of time spent for the activity, multiplying the time by 100, and dividing the time by the duration of the reporting interval. Values can exceed 100 due to the presence of multiple threads working on behalf of the specified replication context.
Output Definitions
Pre-comp (KB/s) The size value before compression is applied. Sometimes referred to as logical size. Network (KB/s) The amount of compressed data transferred over the network per second. Streams An internal system resource associated with reads and writes. One replication context can use multiple streams for better performance. Reading The time spent reading filesystem data from the local filesystem. Typically this number is the second highest number after Network. On a deployment with high network bandwidth, Reading may be the largest column.
242
Meta The time spent on miscellaneous bookkeeping activities and replicating filesystem namespace operations. Typically this value is under 50. If this value exceeds 50 on a sustained basis, it may indicate an unusual workload (a large number of file attribute updates, for example). Dest The time spent waiting due to the receiver not providing the sender enough information on what data to send. Typically this value is low. Exceptions include systems on high-speed networks where the sender is a more powerful Data Domain system than the replica, or where the replica has a higher workload than the sender because the replica is the destination for a multiple replication contexts. Network The time spent sending file data and metadata and waiting for replies from the server on what data needs to be sent. Typically this is the highest of the four values. This value exceeds 100 regularly if the sender is able to replicate multiple files in parallel. note If the Network column has the highest time values among Reading, Meta, Waiting, and Network, and if the Network KB/sec value is lower than expected, a network problem may be present. For example, packet loss may be causing reduced throughput.
replication show stats [<destination> | all] Display statistics for all replication pairs or a specific destination pair. Output format is is based on replication type. All users may run this command option. Note that in collection replication, the difference in values between Post-comp Bytes Sent and Post-comp Bytes Received is expected behavior.
Example 1 # repl show stats
CTX Destination Post-comp Bytes Sent Post-comp Bytes Received Sync'ed-as-of Time Post-comp Bytes Remaining
---------------------------------------------------------------------------------------------------------------------------------------------------------------------0 col://127.2.0.2 91,173,608 9,264 Mon Apr 9 15:54 0
---------------------------------------------------------------------------------------------------------------------------------------------------------------------CTX Destination Post-comp Bytes Sent Pre-comp Bytes Sent Post-comp Bytes Received Sync'ed-as-of Time Pre-comp Bytes Remaining
---------------------------------------------------------------------------------------------------------------------------------------------------------------------1 dir://127.2.0.2/backup 0 0 0 0
----------------------------------------------------------------------------------------------------------------------------------------------------------------------
replication
243
Output Definitions
CTX The context number for replication. The number zero (0) indicates collection replication. Destination The replication destination. Post-comp Bytes Sent Network data sent by the source to the destination. Post-comp Bytes Received The number of bytes received by the source, including logical bytes associated with the file being replicated. Synced-as-of-Time The time when the most recently replicated data on the destination was generated on the source. A value of Unknown appears during replication initialization. Pre-comp Bytes Remaining Directory replication only: The sum of file sizes remaining to be replicated for the context. Output includes the entire logical size of the current file being replicated. If a large file is being replicated, this number may take some time to change. The number changes only after the current file finishes.
status
replication status [<destination> | all] [detailed] Show status replication status. All users may run this command option.
sync
replication sync [<destination>] Synchronize replication between the source and destination. You must first configure the source and destination and initialize the context.
throttle
replication throttle add <sched-spec> <rate> Change the rate of network bandwidth used by replication. By default, the network bandwidth use is unlimited, meaning it continuously runs as fast as possible. Replication runs at the given rate until the next scheduled change, or until new throttle commands force a change. The system enforces a minimum rate of 98,304 bits per second (12 KiB).
244
<sched-spec> Specifies one or more three-letter days of the week (such as mon, tue, or wed), or the word daily (to set the schedule every day). This argument can also specify a time of day in 24-hour format. <rate> Includes a number or the word unlimited. Rate can also be zero, disable, or disabled (each stops replication until the next rate change). If you set <rate> to zero, new contexts are also throttled to zero. The number can include a tag for bits or bytes per second. Do not use a space between the number and the bits or bytes specification. The default rate is bits per second. In the rate variable:

bps or b equals raw bits per second Kibps, Kib, or K equals 1024 bits per second Bps or B equals bytes per second KiBps or KiB equals 1024 bytes per second
Kib = Kibibits, the base-2 equivalent of Kb or Kilobits. KiB = Kibibytes, the base-2 equivalent of KB or Kilobytes.
Example
To limit replication to 20 kibibytes per second starting on Mondays and Thursdays at 6:00 a.m., enter:
# replication throttle add mon thu 0600 20KiB
replication throttle del <sched-spec> Remove one or more throttle schedule entries. The sched-spec variable must include one or more three-letter days of the week (such as mon, tue, or wed), or the word daily (to set the schedule every day), and a time in 24-hour format.
Example
To remove an entry for Mondays at 1:00 p.m., enter:

# replication throttle del mon 1300
replication throttle reset {current | override | schedule | all} Reset a throttling schedule.
replication
245
current Remove and reset the rate designated by the command option replication throttle set current. override Remove and reset the rate designated by the command option replication throttle set override. schedule Remove and reset scheduled changes. all Remove and reset current or override settings and remove all scheduled changes. This option returns the system to the default settings. replication throttle set current <rate> Set the throttle rate until the next scheduled change or until a system reboot. Setting the throttle to current cannot be done if the throttle set override command option is in effect. replication throttle set override <rate> Set the throttle rate until another override command option is run. Throttle override cannot be set if the throttle set current command option is in effect. replication throttle show [KiB]> Show throttle configuration. All users may run this command option.
watch
replication watch <destination> Display the progress of a replication initialization, resynchronization process, or recovery operation. All users may run this command option.
Additional Topics
Collection Replication
The entire /backup directory is replicated. This replication type is typically used to back up an entire site. When the replication has concluded, the license must be added and key manager settings configured on the destination system. Retention Lock Compliance is supported for collection replication only.
246
Collection Replication Key Management

Key-manager settings on a destination are ignored when users set up and initialize a collection replication pair. The keys are copied to the replica, but key-manager settings are not. If the destination is configured with key-manager settings prior to becoming the replication destination, the settings remain on the system but are not used. If a collection replication breaks, you must reconfigure the destination to use the correct key-manager settings and key class. EMC recommends resetting the key-manager on the destination prior to collection replication, and then configuring the destination with the correct key manager-server and key class after a collection replication is broken. See migration for instructions (Additional Topics > Migration With Encryption-Enabled Source).
Directory Replication
Specific subdirectories under /backup are replicated. This replication type is used when only a portion of /backup is required, or if specific directories are replicated to different destinations.
MTree Replication
An entire MTree is replicated. Note that you cannot replicate directories located under an MTree. See mtree for more information.
Pool Replication
A set of files or tapes within a virtual tape library (VTL) is replicated.
replication
247
248
route
The route command manages routing between a Data Domain system and backup hosts. An additional routing rule appears in the Kernel IP routing table and in the Data Domain system Route Config list, which is a list of static routes reapplied at each system boot. Options include:

add del reset set show trace
Change History
Click the command option for details on usage and functionality. See the EMC DD OS Release Notes of the corresponding version for details on modifications, including arguments, output, and permissions. Version Change 5.2 Modified command options: route add [ipversion {ipv4 | ipv6}] <route spec> route del [<ipaddr> | <ipv6addr]> route reset gateway [ipversion {ipv4 | ipv6}] route set gateway {<ipaddr> | <ipv6addr>} route show gateway [ipversion {ipv4 | ipv6}] route show table [ipversion {ipv4 | ipv6}] route trace [ipversion {ipv4 | ipv6}] <host>
route
249
Unless otherwise noted, command options are available only to users with admin role permissions. Changes to Ethernet interfaces made with net command options flush the routing table. All routing information is lost and data movement using routing is cut off immediately. Data Domain recommends making interface changes only during scheduled downtime. You must reconfigure routing rules and gateways after making interface changes
Options
add
route add [ipversion {ipv4 | ipv6}] <route spec> Add a routing rule.
del
route del [<ipaddr> | <ipv6addr]> Remove a routing rule.
reset
route reset gateway [ipversion {ipv4 | ipv6}] Reset the default routing gateway to the default value (empty).
set
route set gateway {<ipaddr> | <ipv6addr>} Change the routing default gateway.
Example
To set the default routing gateway to the IP address of 192.168.1.2:

# route set gateway 192.168.1.2
250
show
route show config Display the configured static routes that are in the Route Config list.
Example
The display looks similar to the following (each line in the example wraps):
# route show config
The Route Config list is: -host user24 gw srvr12 -net 192.168.1.0 netmask 255.255.255.0 gw srvr12
route show gateway [ipversion {ipv4 | ipv6}] Display the configured or DHCP-supplied routing gateways used by a Data Domain system.
Example # route show gateway
Default Gateways 192.168.1.2 192.168.3.4
route show table [ipversion {ipv4 | ipv6}] Display all entries in the Kernel IP routing table.
Example # route show table
Kernel IP routing table Destination 192.168.8.0 127.0.0.0 0.0.0.0 Gateway 0.0.0.0 0.0.0.0 10.25.128.1 Genmask 255.0.0.0 0.0.0.0 Flags U UG Metric 0 0 0 Ref Use Iface 0 0 0 0 0 0 eth0 lo eth0 255.255.252.0 U
Kernel IPv6 routing table

Destination 2620:0:170:1a04::/64 fe80::/64 ::/0 ::1/128 fe80::215:17ff:fe30:2d70/128 Next Hop :: :: fe80::5:73ff:fea0:804 :: :: Flags UA U UGDA U U Metric 256 256 1024 0 0 Ref 1489 0 1 597 31 Use Iface 0 0 0 3 1 eth0 eth0 eth0 lo lo
route
251
trace
route trace [ipversion {ipv4 | ipv6}] <host> Display a route used by a Data Domain system to connect with a particular destination.
Example
To trace the route to srvr24, enter:

# route trace srvr24
Traceroute to srvr24.yourcompany.com (192.168.1.6), 30 hops max, 38 byte packets 1 srvr24 (192.168.1.6) 0.163 ms 0.178 ms 0.147 ms
Additional Topics
Support for IPv6

Federal certification requirements state that the DD OS must be IPv6-capable and that interoperability with IPv4 be maintained in an heterogeneous environment. As a result, several net command options now include arguments for both versions of Internet Protocol. EMC Data Domain customers select which version to use, based on the type of configuration.
Add a Route
To add a route with a route specification of 192.168.1.x, a netmask, and a gateway of srvr12, enter:
# route add -net 192.168.1.0 netmask 255.255.255.0 gw srvr12
To add a route for host user24 with a gateway of srvr12, enter:

# route add -host user24 gw srvr12
Delete a Route
To delete a route; for example, 192.168.1.0 and a netmask of 255.255.255.0, enter:
# route del -net 192.168.1.0 netmask 255.255.255.0
Set a Default Gateway

To give a default gateway when no other route matches, enter:
# route set gateway 192.168.10.1
252
snapshot
The snapshot command manages MTrees snapshots. MTrees add granularity to filesystem-type operations, allowing operations to be performed on a specific MTree instead of the entire filesystem. Snapshots are useful for avoiding version skew when backing up volatile data sets, such as tables in a busy database, and for restoring previous versions of a deleted directory or file. A snapshot is a read-only copy of the Data Domain MTree from the top of each MTree: /data/col1/<mtree-name>.The MTree /data/col1/backup is the default directory created in the system during installation. It is also the MTree that is refreshed during an upgrade procedure. The directory /backup points to the default MTree. Snapshots can be accessed from the directories /backup/.snapshot or /data/col1/<mtree-name>/.snapshot. Options include:

create expire list rename schedule
Change History
Unless otherwise noted, command options are available only to users with admin role permissions. If the Data Domain system is a source for collection replication, snapshots are replicated. If the Data Domain system is a source for directory replication, snapshots are not replicated. Snapshots must be created separately on a directory replication destination.
snapshot
253
The .snapshot directory is a virtual directory. It can be referenced in any directory, but it does not show up as a directory listing except at export points (for example, a CIFS share or NFS mount point). The maximum number of snapshots allowed to be stored on a system is 750. If the maximum number is reached, the system generates an alert. You can resolve this by expiring snapshots and then running the command option filesys clean. See Additional Topics for the list of characters supported for snapshot naming.
Options
create
snapshot create <snapshot> mtree <mtree-path> [retention {<date> | <period>}] Create a snapshot.
<snapshot> A name for the snapshot. mtree <mtree-path> The pathname of the MTree for which the snapshot is being created. The base of the path must be /data/col1/<mtree_name> or /backup. retention <date> A four-digit year, two-digit month, and two-digit day separated by dots ( . ), slashes ( / ), or hyphens ( - ). For example, 2011.03.22. The snapshot is retained until midnight (00:00, the first minute of the day) of the designated date. retention <period> Number of days, weeks (wks), or months (mos) to retain a snapshot. Note there is no space between the number and time period; for example, 4wks. Also, one month equals 30 days. The snapshot is retained until the same time of day it was created.
Example
If a snapshot was created at 8:48 a.m. on March 1, 2011 with a retention period of one month, it would be retained for 30 days.
# snapshot create test22 mtree /backup retention 1mos
Snapshot "test22" created and will be retained until March 31 2011 08:48.
254
expire
snapshot expire <snapshot> mtree <mtree-path> [retention {<date> | <period> | forever}] Set or reset the retention time of a snapshot. To expire a snapshot immediately, use the snapshot expire operation with no options. An expired snapshot remains available until the next filesystem clean operation.
<snapshot> The name of the snapshot. mtree <mtree-path> The pathname of the MTree for which the snapshot is being created. retention <date> A four-digit year, two-digit month, and two-digit day separated by dots ( . ), slashes ( / ), or hyphens ( - ). With a retention <date>, the snapshot is retained until midnight (00:00, the first minute of the day) of the designated date. retention <period> Number of days, weeks (wks), or months (mos) to retain snapshot. Note there is no space between the number and time period; for example, 4wks. Also, one month equals 30 days. The snapshot is retained until the same time of day it was created. forever The snapshot does not expire.
list
snapshot list mtree <mtree-path> View a list of snapshots of a specific MTree. The display shows the snapshot name, the amount of pre-compression data, the creation date, the retention date, and the status. The status may be blank or expired.
snapshot
255
Example # snapshot list mtree /data/col1/ddmtree1

Snapshot Information for MTree: /data/col1/ddmtree1 ------------------------------------------------------------------------------------------------------------------------------------------------Name new-snap1 Pre-Comp (GiB) 0.0 Create Date April 12 2011 11:59 Retain Until April 12 2011 12:04 Status expired -------------------------------------------------------------------------------------------------------------------------------------------------
Snapshot Summary --------------------------Total: Not expired: Expired: 1 0 1
rename
snapshot rename <snapshot> <new-name> mtree <mtree-path> Rename a snapshot for a specific MTree.
Example
To change the name from snap1 to new-snap1 for an MTree named /newMTree, enter:
# snapshot rename snap1 new-snap1 mtree /backup
Snapshot "snap1" renamed to "new-snap1" for MTree "/newMTree".
schedule
snapshot schedule add <name> mtrees <mtree-list> Add multiple MTrees to a single snapshot schedule. snapshot schedule create <name> [mtrees <mtree-list>] [days <days>] time <time> [,<time> ...] [retention <period>] [snap-name-pattern <pattern>] snapshot schedule create <name> [mtrees <mtree-list>] [days <days>] time <time> every <mins> [retention <period>] [snap-name-pattern <pattern>] snapshot schedule create <name> [mtrees <mtree-list>] [days <days>] time <time>-<time> [every <hrs | mins>] [retention <period>] [snap-name-pattern <pattern>] Use these commands to create a snapshot schedule for multiple MTrees. Command arguments determine the duration of the schedule. snapshot schedule del <name> mtrees <mtree-list> Remove a list of MTrees from a schedule.
256
snapshot schedule destroy [<name> | all] Remove the name of a schedule. snapshot schedule modify <name> [mtrees <mtree-list>] [days <days>] time <time> [,<time> ...] [retention <period>] [snap-name-pattern <pattern>] snapshot schedule modify <name> [mtrees <mtree-list>] [days <days>] time <time> every <mins> [retention <period>] [snap-name-pattern <pattern>] snapshot schedule modify <name> [mtrees <mtree-list>] [days <days>] time <time>-<time> every <hrs | mins>] [retention <period>] [snap-name-pattern <pattern>] Use these commands to modify a snapshot schedule. Command arguments determine the duration of the schedule. snapshot schedule reset Reset a snapshot schedule and delete all snapshot schedules. caution! This command deletes the previous schedule without prompting the user.
snapshot schedule show [ {<name> | mtrees <mtree-list>} ] Show a specific schedule and show schedules associated with a specific MTree. To show a list of schedules, enter the command with no options.
Example 1
To view all schedules, enter:

# snapshot schedule show
Name sched_am1 sched_am2 sched_pm1 sched_pm2 Days daily daily daily daily Time 02:00,03:00,05:00... 09:15,10:15,11:15... 13:00,14:00,15:00... 17:00,18:00,19:00... Retention (days) Snap-name Pattern 14 14 14 14 scheduled-%Y-%m-%d-%H-%M scheduled-%Y-%m-%d-%H-%M scheduled-%Y-%m-%d-%H-%M scheduled-%Y-%m-%d-%H-%M
Example 2
To view a schedule associated with MTrees, include the schedule name.

# snapshot schedule show sched_pm2
Name sched_pm2 MTree list ---------------/data/col1/backup /data/col1/mtree1 /data/col1/mtree2 Days daily Time 17:00,18:00,19:00... Retention (days) Snap-name Pattern 14 scheduled-%Y-%m-%d-%H-%M
snapshot
257
Additional Topics
Naming Snapshots Created by a Schedule

The naming convention for scheduled snapshots is the word scheduled followed by a four-digit year, a two-digit month, a two-digit day, a two-digit hour, and a two-digit minute. All elements of the name are separated by hyphens( - ). For example, scheduled-2011-04-27-13-41. The name every_day_8_7 is the name of a snapshot schedule. Snapshots generated by that schedule might have the names scheduled-2011-03-24-20-00, scheduled-2011-03-25-20-00, and so forth.
Example
To schedule a snapshot every Monday and Thursday at 2:00 a.m. with a retention of two months, enter:
# snapshot add schedule mon thu 02:00 retention 2mos
Snapshots are scheduled to run "Mon, Thu" at "0200". Snapshots are retained for "60" days.
Supported Characters
In addition to letters AZ, az, and numbers 09, and a single embedded space (nonleading), characters supported for creating snapshot names include: ! # $ % & @ ^ ~ ( ) exclamation point number sign dollar sign percentage ampersand at symbol caret tilde left parenthesis right parenthesis
258
[ ] { } . , ; ' + =
left bracket right bracket left curly brace right curly brace period comma semicolon single quotation mark (slanted) single quotation mark (unslanted) plus sign equal sign
snapshot
259
260
snmp
The snmp command enables or disables SNMP access to a Data Domain system, adds community strings, gives contact and location information, and displays configuration settings. SNMP management requires two primary elements: an SNMP manager and an SNMP agent. See More about SNMP on a Data Domain System for details. Options include:

add del disable enable reset set show status user
Change History
Click the command option for details on usage and functionality. See the EMC DD OS Release Notes of the corresponding version for details on modifications, including arguments, output, and permissions. Version Change 5.2 Modified command options: snmp user add <user-name> <access {read-only | read-write}> [[authentication-protocol {MD5 | SHA1}] [authentication-key <auth-key>] [privacy-protocol {AES | DES}] [privacy-key <priv-key>]] snmp user modify <user-name> <access {read-only | read-write}> [[authentication-protocol {MD5 | SHA1}] authentication-key <auth-key> [privacy-protocol {AES | DES}] privacy-key <priv-key>]
snmp
261
Unless otherwise noted, command options are available only to users with admin role permissions. Data Domain systems support SNMPv1, v2C, and v3. Default port 161 is used for inbound/outbound, read/write SNMP access. Default port 162 is used for outbound traffic for SNMP traps. In addition to blank spaces, the following characters cannot be used in community strings: \t : ; $ \n
Options
add
snmp add ro-community <community-string-list> [hosts <host-list>] Add one or more community strings for read-only access to the Data Domain system. A common string for read-only access is public. To grant access to specific hosts, enter the names in <host-list>. A valid host list can include the host name or the host IP address. For example:
hostnameA,hostNameB 10.10.1.2,10.10.1.3 10.* *
Example
To add a community string of public with read-only permissions:

# snmp add ro-community public hosts host.datadomain.com
snmp add rw-community <community-string-list> [hosts <host-list>] Add one or more community strings for read/write access to the Data Domain system. A common string for read/write access is private. To grant access to specific hosts, enter the names in <host-list>. A valid host-list can include the host name or the host IP address. For example:
hostnameA,hostNameB 10.10.1.2,10.10.1.3 10.* *
262
Example
To add a community string of private with read/write permissions:

# snmp add rw-community private hosts host.datadomain.com
snmp add trap-host <host-name-list>[:port] [version {v2c | v3}] [{community <community> | user <user>}] Add one or more trap hosts (host name or IP address) to receive the SNMP traps generated by the Data Domain system. Note that alerts are also sent as traps, even when the local SNMP agent is disabled. By default, port 162 is used to send traps, but another port may be assigned. SNMP trap-host supports SNMPv2c and v3. For SNMPv1 and v2c specify the version and the pre-existing community. For SNMPv3 specify the SNMPv3 user name. Make sure to include trap-host in the community string hosts.
Example
To add a trap host admin12:

# snmp add trap-host admin12 version v2c community public
del
snmp del ro-community <community-string-list> [hosts <host-list>] Delete one or more community strings for read-only access to the Data Domain system.
Example
To delete the host myhost.datadomain.com from public community list:

# snmp del ro-community public hosts myhost.datadomain.com
To delete the community public and all hosts associated with public:
# snmp del rw-community public
snmp del rw-community <community-string-list> [hosts <host-list>] Delete one or more community strings for read-write access to the Data Domain system.
Example
To delete the community string private with read/write permissions:

# snmp del rw-community private hosts myhost.datadomain.com
To delete the community private and all hosts associated with private:
# snmp del rw-community private
snmp
263
snmp del trap-host <host-name-list> Delete one or more trap hosts from the list of hosts receiving SNMP traps generated by the Data Domain system.
Example
To delete trap host admin12:

# snmp del trap-host admin12
disable
snmp disable Disable SNMP and close port 161.
enable
snmp enable Enable SNMP and open port 161.
reset
snmp reset Reset SNMP agent configuration to default values. snmp reset ro-communities Reset list of read-only community strings to default values. snmp reset rw-communities Reset list of read-write community strings to default values. snmp reset sysContact Reset the system contact to the value displayed by the command system show admin-email, or to an empty string if the system value is empty (default). snmp reset sysLocation Reset the system location to the system value displayed by the command system show location, or to an empty string if the system value is empty (default). snmp reset trap-hosts Reset list of SNMP trap receiver hosts to default values.
264
set
snmp set sysContact <sysContact> Set the SNMP administrative contact MIB variable.
Example
To set administrative contact to jane-smith:

# snmp set sysContact jane-smith
snmp set sysLocation <sysLocation> Set the SNMP physical location MIB variable.
Example
To set building location to bldg3-rm222:

# snmp set sysLocation bldg3-rm222
show
snmp show config Use this command to display all SNMP parameters.
Example # snmp show config
SNMP sysLocation SNMP sysContact Read-only Communities Communities -----------public Read-write Communities Communities -----------------private private1 SNMPv2 Trap Hosts: ---------------------------Hosts -------------- --127.0.0.1 Communities -------------------: Hosts --------myhost.datadomain.com myhost.datadomain.com,10.10.* : Hosts -------
snmp
265
SNMPv3 Trap Hosts: ----------------------------Hosts -------------- ---localhost 137.69.76.131 SNMP v3 Configuration --------------------------------User --------snmpv3user --------Access --------read-only --------Authentication Protocol Privacy Protocol ----------------------MD5 -------------------------------------AES ---------------Users -----------------snmpv3user snmpv3user
snmp show ro-communities Show the SNMP read-only community strings. snmp show rw-communities Show the SNMP read/write community strings.
Example # snmp show rw-communities
Read-write Communities Communities -----------------private private1 : Hosts ---------myhost.datadomain.com myhost.datadomain.com,10.10.*
snmp show sysContact Show the SNMP administrative contact MIB variable. snmp show sysLocation Show the SNMP physical location MIB variable.
266
snmp show trap-hosts Display the trap host list on a Data Domain system.
Example # snmp show trap-hosts
SNMPv2 Trap Hosts: ----------------------------Hosts -------------127.0.0.1 SNMPv3 Trap Hosts: Communities ------------------
-------------------------Hosts -------------localhost 137.69.76.131 Users -------------------snmpv3user snmpv3user
status
snmp status Show SNMP status.
user
snmp user add <user-name> <access {read-only | read-write}> [[authentication-protocol {MD5 | SHA1}] [authentication-key <auth-key>] [privacy-protocol {AES | DES}] [privacy-key <priv-key>]] Add an SNMPv3 user to the system specifying the access rights, authentication protocol, and privacy protocol. The authentication key is used when calculating the digest for the authentication protocol. The privacy key is used as input for the privacy protocol.
Example # snmp user add snmpv3user access read-only authenticationprotocol MD5 authentication-key auth-key privacy-protocol DES privacy-key priv-key
User snmpv3user successfully added.
snmp user del <user-name> Delete an SNMPv3 user.
snmp
267
snmp user modify <user-name> <access {read-only | read-write}> [[authentication-protocol {MD5 | SHA1}] authentication-key <auth-key> [privacy-protocol {AES | DES}] privacy-key <priv-key>] Modify an SNMPv3 user settings such as access rights, authentication protocol, and privacy key. snmp user reset Reset list of SNMPv3 users to default values. snmp user show <user-name> Display a SNMPv3 user.
Example # snmp user show
User --------jane123 snmpv3user --------Access --------read-only read-only --------Authentication Protocol Privacy Protocol ----------------------Not Defined MD5 -------------------------------------Not Defined AES ----------------
Additional Topics
More about SNMP on a Data Domain System

An SNMP manager is software running on a workstation from which an administrator monitors and controls the different hardware and software systems on a network. These devices include, but are not limited to, storage systems, routers, and switches. An SNMP agent is software running on equipment that implements the SNMP protocol. SNMP defines how an SNMP manager communicates with an SNMP agent. For example, SNMP defines the format of requests that an SNMP manager sends to an agent and the format of replies the agent returns. From an SNMP perspective a Data Domain system is a read-only device, with one exception: A remote machine can set the SNMP location, contact, and system name on a Data Domain system. The snmp command enables administrative users to configure community strings, hosts, and other SNMP variables on the Data Domain system. With one or more trap hosts defined, a Data Domain system takes the additional action of sending alert messages as SNMP traps, even when the SNMP agent is disabled.
268
Changing Multiple Settings

To change multiple settings quickly, run the snmp disable command, change the settings, and the run snmp enable. Changing multiple settings while SNMP is enabled requires restarting SNMP, which adds time.
SNMP sysLocation and sysContact Variables

The SNMP sysLocation and sysContact variables are not the same as those set with the config set location and config set admin-email commands. However, if the SNMP variables are not set with the SNMP commands, the variables default to the system values given with the config set commands.
snmp
269
270
storage
The storage command adds, removes, and displays disks and LUNs belonging to active and archive storage tiers. Tiered storage enables the Data Domain system to use different types of storage devices. A storage tier can contain two types of storage: whole disks in an enclosure, such as a Data Domain system or attached expansion shelf, or LUNs in a Data Domain gateway system that uses a SAN. System storage for a filesystem or associated RAID disk group consists of two storage tiers: one active and one archive. The active tier has one active unit of storage, and the archive tier has one or more archive units of storage. Options include:

add remove show
Change History
Unless otherwise noted, command options are available only to users with admin role permissions. After adding disks or LUNs to storage tiers, the storage must be provisioned by creating or expanding the filesystem. See Adding Storage to an Active Tier. Available LUNs may be removed from a tier to use as a RAID hot spare.
storage
271
Options
add
storage add [tier {active | archive}] {enclosure <enclosure-id> | dev<disk-id> [spindle-group <1-16>] | disk <enclosure-id>.<disk-id> } Add storage devices to a tier. Device types include all disks in an enclosure, a single disk, or a LUN in a gateway system. Disks or LUNs must be in the Unknown state to be added to the designated tier, after which the state changes to Available. This command cannot be used on dataless head (DLH) units. Default spindle group is 1. note The storage add dev<disk-id> command option is allowed only after running the command option storage add enclosure <enclosure-id> to add the shelf.
remove
storage remove {enclosure <enclosure-id> | dev<disk-id> | disk <enclosure_id>.<disk-id>} Remove storage devices from the tier, including all disks in an enclosure, a single disk, or a LUN in a gateway system. You can also remove a disk from a DLH unit. When a device is removed the state changes to Unknown. This command cannot remove an In Use disk if doing so exceeds the minimum number allowed by the RAID scheme. This command also cannot remove a disk if the disk is a spare or an In Use LUN.
show
storage show {all | summary | tier {active | archive}} Display information about filesystem storage. All users may run this command option. Output includes the number of disk groups working normally and the number of degraded disk groups. Details on disk groups undergoing, or queued for, reconstruction, are also shown when applicable. The abbreviation N/A in the column Shelf Capacity License Needed indicates the enclosure does not require a capacity license, or that part of the enclosure is within a tier and the required capacity license for the entire enclosure has been accounted for.
272
Example 1
On a Data Domain system: # storage show all

Active tier details: Disk Group Disks Count Disk Size Additional Information
-------------------------------------------------------------------------------------------dg1 (spare) 2.1-2.14 2.15 1 1.8 TiB 14 1.8 TiB
-------------------------------------------------------------------------------------------Archive tier details: Disk Group Disks Count Disk Size Additional Information
-------------------------------------------------------------------------------------------dg2 3.1-3.14 14 1.8 TiB (spare) 3.15 1 1.8 TiB
-------------------------------------------------------------------------------------------Storage addable disks:

Disk Type Disks Count Disk Size Enclosure Mode Shelf Capacity License Needed Additional Information
---------------------------------------------------------------------------------------------------------------------(unknown) 4.1-4.15 15 1.8 TiB ES30 21.8 TiB
---------------------------------------------------------------------------------------------------------------------Shelf Capacity License: License CAPACITY-ACTIVE CAPACITY-ACTIVE CAPACITY-ARCHIVE CAPACITY-ARCHIVE Model ES20 ES30 ES20 ES30 Total 916.7 TiB 785.8 TiB 916.7 TiB 774.8 TiB Used 0.0 TiB 21.8 TiB 0.0 TiB 21.8 TiB Remaining 916.7 TiB 763.9 TiB 916.7 TiB 753.0 TiB --------------------------------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------------------------------
storage
273
Example 2
Output for disk groups undergoing, or queued for, reconstruction:

Diskgroup --------dg4 dg4 --------Disk Reconstruction -------------4.12 (pending) ----------------------40 ------------------------------125 -------------------Progress (%) Remaining (minutes)
1 disk is under resconstruction. 1 disk is pending reconstruction.
Additional Topics
Adding Storage to an Active Tier

1. Add disks in two different enclosures to the active tier:
# storage add enclosure 2 # storage add enclosure 5
2. Destroy the filesystem:

# filesys destroy
3. Create a new filesystem with the storage in the active tier:

# filesys create
Viewing Disk and LUN States

To view the state of a disk or LUN on an active or archive tier, use the storage show summary command option.
Example # storage show summary
Disk States ----------In Use Spare TOTAL DISKS ----------Active tier ----------14 1 15 ----------Archive tier -----------14 1 15 ------------
274
Output Definitions
absent No disk is in the disk slot. unknown A blank disk inserted into the disk slot, or a disk failed by a RAID system. available Any of the following:
A previously unknown disk or LUN added to a tier by the storage add enclosure command option. DD Extended Retention system only: a previously In Use disk or LUN deleted from an archive unit by the filesys archive unit del command option. This operation reverts the disk or LUN to available storage in the archive tier. A previously failed disk in an expansion shelf populated with other disks belonging to a tier that is not primarily composed of disk group disks, and whose partition was destroyed by the disk unfail command.
In Use Storage that is part of an active filesystem or associated RAID disk group. Spare A disk that can be used as a RAID hot spare through RAID reconstruction. Spare disks can be used to create or expand the filesystem. Spare (reconstruction) A spare disk that is pending or undergoing RAID reconstruction, which puts filesystem data into what the formerly spare disk and then makes the disk an integral part of a disk group. After RAID reconstruction of a spare disk completes, the disk is part of a RAID disk group. Failed Tiered storage (Available, Spare, or In Use) removed from the tier automatically by the disk subsystem, or explicitly by an administrative user. Failed may also indicate unknown or foreign storage explicitly changed to the Failed state. Foreign A disk belonging to a third-party vendor.
storage
275
276
support
The support command uploads files from a customer Data Domain system to the Support portal for troubleshooting. The selected files are compressed into a tar. gzip folder with a README file that includes identifying autosupport headers. Options include:
upload
Change History

Options
The following option is available with this command.
upload
support upload {bundle [<file-list>] | traces | <file-list>} Upload files to Support. If using this command option on a master controller in a Global Deduplication Array, information for all nodes is included.
bundle Send various Data Domain system log files required by Support. <file-list> Contains file names available under /ddvar. File names in a list must be separated by one space.
support
277
traces Send multiple perf.log (performance log) files to Support.
278
system
The system command enables administrative users to perform standard tasks on Data Domain systems, configure a system for Retention Lock Compliance, and view system-level information. Options include:

headswap option passphrase poweroff reboot retention-lock sanitize set show status upgrade
Change History
Click the command option for details on usage and functionality. See the EMC DD OS Release Notes of the corresponding version for details on modifications, including arguments, output, and permissions. Version Change 5.2 New command options: system passphrase change system passphrase set system retention-lock compliance configure system retention-lock compliance enable system retention-lock compliance status system upgrade status
system
279
Modified command options: system show stats [view {nfs | cifs | repl | net | iostat | sysstat | vtl},...] [custom-view <view-spec>,...] [{local | gda-display {row | column}}] [interval <nsecs>] [count <count>] system show performance [local] [raw | fsop] [<duration> {hr | min} [<interval> {hr | min}]] Modified output (see Additional Topics for details.) system show performance [local] [raw | fsop] [<duration> {hr | min} [<interval> {hr | min}]] system show stats [view {nfs | cifs | repl | net | iostat | sysstat | vtl},...] [custom-view <view-spec>,...] [{local | gda-display {row | column}}] [interval <nsecs>] [count <count>]
Unless otherwise noted, command options are available only to users with admin role permissions. The battery entry for NVRAM cards should show as 100 percent charged, enabled. Exceptions are if the system is new or the card is a replacement. In both cases the charge may be less than100 percent initially; however, if it does not reach 100 percent within three days, or if a battery is not enabled, the card must be replaced.
Options
headswap
system headswap Restore the configuration to a system after a head unit replacement. This command is available only when you swap to DD690, DD690g, DD880, DD880g, and DD990models. For specific instructions, see the Chassis Replacement FRU document for the system.
option
system option reset {login-banner} Reset the login banner to the default of no banner.
280
system option set console { serial | lan | monitor } Set the active console option. This command is required for IPMI usage. See ipmi for details. system option set login-banner <file> Set the login banner file. See Setting a Log In Banner for instructions. system option show View system options.
passphrase
system passphrase change Change the passphrase used to access the system. This command option requires security officer authorization. system passphrase set For fresh installations, set the passphrase used to access the system. Passphrase length cannot exceed 255 characters.
poweroff
system poweroff Shut down the Data Domain system. The command performs an orderly shutdown of filesystem processes. This command does not power off external storage.
Example # system poweroff
The 'system poweroff' command shuts down the system and turns off the power. Are you sure? (yes|no|?) [no]: y
reboot
system reboot Shut down and reboot a Data Domain system. The command automatically performs an orderly shutdown of filesystem processes.
Example # system reboot
The 'system reboot' command reboots the system. File access is interrupted during the reboot. Are you sure? (yes|no|?) [no]: y
system
281
retention-lock
system retention-lock compliance configure Configure Retention Lock Compliance on the Data Domain system. This command option requires security officer authorization. See Configuring a System for Retention Lock Compliance for instructions. system retention-lock compliance enable Enable Retention Lock Compliance on the Data Domain system. This command option requires security officer authorization. system retention-lock compliance status Display status of the Retention Lock Compliance policy on the system. This command option requires security officer authorization.
sanitize
system sanitize abort Stop the system sanitization process. system sanitize start Start the system sanitization process. Note that prior to running sanitization, snapshots created during a previous replication process by another user may continue to hold deleted data. To ensure data is removed from replication snapshots during system sanitization, synchronize all replication contexts prior to beginning the procedure. See Ensuring System Sanitization for details. system sanitize status Check system sanitization process status. system sanitize watch Monitor the progress of system sanitization.
set
system set date <MMDDhhmm>[[<CC>]<YY>] Set the system date and time. Do not use this command if Network Time Protocol (NTP) is enabled. This command option requires security officer authorization if the system is enabled for Retention Lock Compliance. The format for the data and time is: Two digits for the month, <MM> (01 through 12).
282
Two digits for the day of the month, <DD> (01 through 31). Two digits for the hour, <hh> (00 through 23). Two digits for minutes, <mm> (00 through 59). Optional: Two digits for the century <CC> and two digits for the year <YY>. The hour <hh> and minute <mm> variables are entered in 24-hour format with no colon between the hours and minutes. 2400 is an invalid entry. The entry 0000 equals midnight.
Example
Use one of the following commands to set the date and time to April 23, 2012, at 9:24 a.m., enter one of the following commands (two- or four-digit year):
# system set date 0423152412 # system set date 042315242012
show
system show all Show all system information. system show date Display the system clock. system show detailed-version Show the version number and release information.
Example # system show detailed-version
Data Domain OS 5.2.0.0-273063 /auto/home/lsbuild/desktop-272152 //prod/main/app/...@273063 273063 //prod/main/platform/os/...@273002 //prod/main/platform/os/linux-2.6.12/arch/x86_64/...@61933 //prod/main/platform/os/linux-2.6.12/arch/i386/...@76935 //prod/main/platform/os/linux-2.6.12/arch/ia64/...@25442 //prod/main/platform/os/debugrpm/...@146377 Distribution: /auto/builds64i/distro/272152/root 272152 //prod/main/platform/user/samba/...@272001
system
283
Version info from ddfs executable: dd_version_timestamp=Mon Nov 7 21:21:42 2011 GMT dd_version_checksum=4eeb0cb786c783252e1c85b2f7696e26 dd_version_build_level=nightly dd_version_change_level=//prod/main/app/...@273063 dd_version_client=//ddfab:273063/app/... dd_version_opened_files= dd_version_release=5.2.0.0-273063 Version info from kernel: kernel_version_release=2.6.23-ddr273063 kernel_build_level=SMP
system show eula View the End User License Agreement (EULA). Note if the user is not present during system installation, the Data Domain Technical Consultant can temporarily bypass license acceptance and continue with the installation by pressing Ctrl-C. Otherwise, the user must press Enter to accept the license, which is displayed the first time he or she logs in to the system. See the DVD Installation Guide for details.
Example # system show eula
SOFTWARE LICENSE AND MAINTENANCE AGREEMENT

*** IMPORTANT INFORMATION - PLEASE READ CAREFULLY *** This Software contains computer programs and other proprietary material and information, the use of which is subject to and expressly conditioned upon acceptance of this Software License and Maintenance Agreement (the "Agreement").
Output truncated.
system show hardware Display information about slots and vendors and other hardware in a Data Domain system.
Example # system show hardware
Slot 0 1 2 3 4 Vendor Intel (empty) LSI Logic LSI Logic Device 80003ES2LAN GigE (empty) SAS3442E SAS3442E 3a 4a Ports 0a, 0b -----------------------------------------------------------------------------Micro Memory 5425CN NVRAM Card
284
5 6
Chelsio (empty)
T320 10GbE Dual Port 5a, 5b (empty)
------------------------------------------------------------------------------
system show meminfo Display summary of system memory usage.

Example # system show meminfo
Memory Usage Summary Total memory:7987 MiB Free memory:1102 MiB Total swap:12287 MiB Free swap:12287 MiB
system show modelno Display the hardware model number of a Data Domain system. system show nvram Display information about NVRAM cards. If output indicates one or more component errors, an alerts notification is sent to the designated group and the Daily Alert Summary email includes an entry citing details of problem.
Example # system show nvram
Card 1 Component Slot Memory size Number of batteries Errors Battery 1 Battery 2 Battery 3 Value 6 1024.00 MiB 3 0 PCI, 0 memory 100% charged, enabled 100% charged, enabled 100% charged, enabled --------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------
system
285
system show oemid [name | value] Show details of system OEM. On systems with head units and shelves, the OEM identifier of the head unit is displayed first. Output includes IDs for connected enclosures only.
Example # system show oemid
Enclosure --------1 2 3 4 ---------Model No. -------------DD890 ES30 ES30 ES30 ----------------------------------------OEM Name --------------DELL DELL DELL OEM Value -------------72345CC 72345CC 72345CC
system show performance [local] [raw | fsop] [<duration> {hr | min} [<interval> {hr | min}]] Display summary of system performance for designated interval.
local Display local statistics. raw Show unformatted statistics. fsop Display the number of each filesystem operation performed per minute. <duration> The hours or minutes prior to the current time for which to show data. <interval> The time between each line in the display. To specify the interval, you must also specify the duration.
Example 1
To show performance figures of the prior 30-minute duration only, enter:

# system show performance 30 min
286
Example 2
To show performance figures of the prior 30-minute duration with an interval of 5 minutes between each set of figures, enter:
# system show performance 30 min 5 min Example 3
To show system performance, enter:

# system show performance
------------------------Throughput (MB/s)----------- -----------------------------------------Protocol------------------------------------------------------... Date Time Read Write Repl Network Repl Pre-comp ops/s load data (MB/s) wait (ms/MB) ...
---------- -------- ----- ----- ---------------------------------in/out--- ---------in/out--- ----- ----- --------------------in/out---- ------------in/out-----... 2011/12/03 2011/12/03 16:58:00 17:08:00 0.0 0.0 0.0 0.0 0.00/ 0.00 0.00/ 0.00 0.00/ 0.00 0.00/ 0.00 12 10 0% 0% 13.00/ 2.00 10.00/ 2.00 22.2/ 50.0
Output truncated.
Output Definitions
Throughput (MB/s) Date The date system performance is being viewed. Time The time system performance is being viewed. Read The read throughput data from the Data Domain system. Write The write throughput data to the Data Domain system. note Throughput Read and Write data includes NFS, CIFS, DD Boost over IP, VTL, NDMP, Replication, DD Boost-managed replication and optimized duplication.
Protocol Repl Network (in/out) NetworkReplication throughput into and out of the Data Domain system. Repl Pre-comp (in/out) Replication pre-compressed (logical) throughput into and out of the Data Domain system. The value is always zero for collection replication.
system
287
note
Protocol data includes NFS, CIFS, DD Boost over IP, and DD Boost-managed replication and optimized duplication. Data does not include Replication, VTL over Fibre Channel, or DD Boost over Fibre Channel.
ops/s Operations per second. load Load percentage (pending ops/total RPC ops *100). data (MB/s in/out) Protocol throughput. Amount of data the filesystem can read from and write to the kernel socket buffer. wait (ms/MB in/out) Time taken to send and receive 1MB of data from the filesystem to kernel socket buffer. Compression gcomp Global compression rate. lcomp Local compression rate. thra Percent of compression units that have been read and discarded without being used. A high percent indicates cache thrashing. unus Percent of compression unit data that is unused. Because a compression unit contains multiple segments, not all segments in a compression region may be used. A high percent indicates poor data locality. ovhd Percent of a compression unit cache block that is unused. Compression regions are stored in fixed size (128 KB) blocks. A high ovhd relative to unus indicates space is being wasted due to cache block fragmentation. In the ideal case, ovhd should exactly equal unus. Cache Miss data Percent of data segment lookups that miss in the cache. A high percent indicates poor data prefetching.
288
meta Percent of metadata segment lookups that miss in the cache. For each data access, first perform a metadata lookup followed by a data lookup. A high percent indicates poor metadata prefetching. Streams rd The number of active read streams. wr The number of active write streams. r+ The number of reopened read file streams in the past 30 seconds. w+ The number of reopened write file streams in the past 30 seconds. State C Cleaning D Disk reconstruction B GDA (also known as multinode cluster [MNC] balancing) V Verification running (data or container) M Fingerprint merge F Archive data movement (active to archive) S Summary vector checkpoint I Data integrity
system
289
Utilization cpu The average and maximum CPU utilization. The CPU ID of the most loaded CPU is shown in brackets. disk The maximum (highest) disk utilization across all disks. The disk ID of the most loaded disk is shown in brackets. Note that this value may differ from the ID used by disk show commands. Latency avg/sdev The average and standard deviation of the response time for ddfs to service all protocol requests, excluding the time to receive or send the request or reply. SS Load Balance (user/repl) Indicates the relative load balance across segment storage (segstore) instances. Information under (user/repl) denotes all user-plus-Replicator traffic. stream The number of open streams. prefetch The number/percentage of prefetch requests. rd The number of read requests. wr The number of write requests. tot The total number of requests. SS Load Balance (gc) Denotes type and number of expunge (gc) processes. prefetch Prefetch processes. rd Read processes. wr Write processes.
290
tot The total number of gc processes. system show ports Display information about ports. VTL-related ports do not display unless VTL is enabled.
Example # system show ports
Port Connection Type 0a 0b 1a 1b 1c 1d 2a 2b 2c 2d Enet Enet SAS SAS SAS SAS SAS SAS SAS SAS 12.0 Gbps 01.27.10.00 01.27.10.00 01.27.10.00 01.27.10.00 01.27.10.00 01.27.10.00 01.27.10.00 01.27.10.00 Link Speed 1.0 Gbps Firmware Hardware Address 00:26:6c:fa:7d:5d (eth0a) 00:26:6c:fa:7d:5c (eth0b) 50:06:02:b0:02:ad:d8:00 50:06:02:b0:02:ad:d8:04 50:06:02:b0:02:ad:e7:00 50:06:02:b0:02:ad:e7:04 50:06:02:b0:02:b3:80:10 50:06:02:b0:02:b3:80:14 50:06:02:b0:02:b3:e0:50 50:06:02:b0:02:b3:e0:54
--------------------------------------------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------------------------------------------------
Output truncated.
Output Definitions
Port The port number. See the model-specific installation and setup guide to match a slot to a port number. Connection Type The type of connection, such as Ethernet, SAS, VTL, etc. Link Speed The speed in Gbps (Gigabits per second). Firmware The Data Domain system HBA firmware version. Hardware Address A MAC address, a WWN, or a WWPN/WWNN. An address followed by an Ethernet port number is a MAC address. WWN is the world-wide name of the Data Domain system SAS HBA on a system with expansion shelves. WWPN/WWNN is the world-wide port name or node name from the Data Domain system Fibre Channel HBA on gateway systems.
system
291
system show serialno Display the system serial number. For example:
# system show serialno
Serial number: 8F46942007
system show stats [view {nfs | cifs | repl | net | iostat | sysstat | vtl},...] [custom-view <viewspec>,...] [{local | gda-display {row | column}}] [interval <nsecs>] [count <count>] Display system statistics to evaluate the performance level of the Data Domain system since the last reboot. If the system is too busy to determine a value, the column shows a dash ( - ) instead of a number. If there is a performance issue, this command option can determine if the problem is on the server, client, or network.
local Displays local values on the master system. Valid on the master node of a cluster only. gda-display Displays values of cluster nodes on the master system in a row or column format. Valid on the master node of a cluster only. row If local or gda arguments are not specified on a GDA master, the argument <gda-display> is the default. Output for each node is in row format, displayed as a single line for each interval. column Displays output of for each node in column format. Column headings indicate type of stat value. interval When specifying intervals for collecting statistics, the first report is for current activity. Subsequent reports show activity performed during [interval <nsecs>]. The default interval is five seconds. See also system show performance command. count Specifies how many times to display the results. The default count is one. If interval is specified and count is omitted, the count is set to infinite, or until the user presses Ctrl-C.
292
Example # system show stats view nfs interval 2

-------------------------------------------------------------------------------------------------------------------------------------------------------------------CPU |State |NFS | ops/s | load % data in MB/s data out wait in MB/s ms/MB | Net wait out | aggr in aggr out ms/MB | MB/s MB/s |... |... |...
aggr busy aggr max |CDBVMSF % % |
-------------------------------------------------------------------------------------------------------------------------------------------------------------------28 28 12 0 13 2.0 22.2 50.0 13.87 0 ...
Output truncated.
Output Definitions
CPU aggr busy % Average of busy percentage of all CPUs. aggr max % Amount of data sent through all interfaces. State Indicates system state. See State described in show system performance command for details on what each letter represents. NFS Indicates protocol type specified in <view> argument. ops/s I/O operations. load % Load percentage (pending ops/total RPC ops *100).x.) data in % MB/s Protocol throughput. Amount of data the filesystem can read from and write to the kernel socket buffer. data out % MB/s Protocol throughput. Amount of data the filesystem can write to the kernel socket buffer. wait in ms/MB Average amount of time spent in ms to receive the amount of data.
system
293
wait out ms/MB Average amount of time spent in ms to send the amount of data. Net aggr in MB/s Amount of data received through all interfaces. aggr out MB/s Amount of data sent through all interfaces. system show uptime Display the filesystem uptime, the time since the last reboot, the number of users, and the average load.
Example # system show uptime
13:39:53 up 1 day, 19:28, 2 users, load average: 1.00, 1.00, 1.00 Filesystem has been up 1 days, 19:18.
system show version Display the Data Domain OS version and build identification number.
Example # system show version
Data Domain OS 5.2.0.0-273063
status
system status Display status of fans, internal temperatures, and power supplies. Information is grouped separately for the Data Domain system and each expansion shelf connected to the system. See Checking System Temperature and Power Supply, for details.
Example # system status
Enclosure 1 Fans Description Level ----------FAN 1 FAN 2 FAN 3 -----------medium medium medium Status -----OK OK OK
294
FAN 4 FAN 5 FAN 6 FAN 7 FAN 8 ----------Temperature Description -------------MLB TEMP 1 MLB TEMP 2 FP TEMP
medium medium medium medium medium ------------
OK OK OK OK OK -----C/F -----38/100 26/79 23/73 27/81 27/81 22/72 40/104 42/108 37/99 38/100 -----Status -----OK OK OK OK OK OK OK OK OK OK ------
BP LEFT TEMP BP MIDDLE TEMP BP RIGHT TEMP LP TEMP FHFL TEMP CPU 0 TEMP CPU 1 TEMP -------------Power Supply Description --------------Power Module #1 Power Module #2 --------------Enclosure 2 Fans Description ----------------------
Status -----OK OK ------
Level ----low low low low ----C/F --------Status -----------
Status -----OK OK OK OK ------
Power module #1 fan #1 Power module #1 fan #2 Power module #2 fan #1 Power module #2 fan #2 ---------------------Temperature Description ---------------Internal ambient ----------------
25/77 OK
system
295
Power Supply Description ---------------Power Module #1 Power Module #2 --------------Status ----OK OK ------
upgrade
system upgrade <file> Upgrade the Data Domain system software from the <file> specified in the /ddr/var/releases directory. The upgrade command shuts down the filesystem and reboots the Data Domain system. The upgrade command may require over an hour, depending on the amount of data on the system. See the Release Notes for instructions on upgrading Data Domain systems. DD OS release notes are available from the Support portal at https://my.datadomain.com. system upgrade continue If upgrading a multi-node cluster, run this command option on the master controller to complete the second phase of the upgrade procedure. system upgrade status Display current status of upgrade procedure. This command option shows only the current status and then terminates. It is not equivalent to a watch command. For best results, run this command option after the system reboots following the system upgrade command option. When the upgrade is finished, a message displays the time of completion. If the upgrade is in progress, the command shows the status of upgrade and the phase of the procedure.
Additional Topics
Output Changes for Multi-Thread Mode

NFS server in DD OS 5.2 now runs in a multi-thread safe mode instead of the single-threaded mode in DD OS 5.1. Therefore, output of system show performance command has changed. New columns for utilization statistics are ops/s, load, data, and wait. Columns proc, recv, send, idle are no longer available.
296
Configuring a System for Retention Lock Compliance

There are two prerequisites for configuring a system for Retention Lock Compliance:

Installing the license for the feature. See license for instructions. Setting up security office authorization. See user for instructions.
To configure the system:
1. Log in to the system as sysadmin. 2. Configure Retention Lock Compliance by entering:

# system retention-lock compliance configure
If the configuration is successful, the system reboots and file access is interrupted during this time. 3. When the reboot has concluded, log in to the system as sysadmin. See the EMC Data Domain Administration Guide for more information on Retention Lock Compliance and Governance.
Configuring an MTree for Retention Lock Compliance

To enable Retention Lock Compliance on an MTree, enter:
# mtree retention-lock enable mode compliance mtree /data/col1/<mtree_name>
Note that /backup cannot be configured for Retention Lock Compliance. See mtree for details.
Setting a Log In Banner

1. Mount the Data Domain system directory /ddvar from another system. 2. Create a text file with your login message as the text on the other system. 3. From the Data Domain system, enter system option set login-banner with the path and file name of the text file you created. For example, to use text from a file named banner, enter:
# system option set login-banner /ddvar/banner
system
297
Ensuring System Sanitization

If you discover data remains within a snapshot after the system is sanitized, delete the contaminated files and synchronize the replication contexts. When synchronization concludes, reissue the system sanitize start command option. System sanitization was designed to remove all traces of deleted files and restore the system to the state in which the files never existed. The primary use of this command is to resolve Classified Message Incidents (CMIs) that occur when classified data is copied inadvertently onto a non-secure system. System sanitization is typically required in government installations.
Checking System Temperature and Power Supply

If the overall temperature for a Data Domain system reaches 50 degrees Celsius (122 degrees Fahrenheit), a warning message is generated. If the temperature reaches 60 degrees Celsius (140 degrees Fahrenheit), the Data Domain system shuts down. A Status of Critical indicates that the temperature is above the shutdown threshold. The CPU temperature values depend on the Data Domain system model. With newer models, the numbers are negative when the status is OK and move toward 0 (zero) as CPU temperature increases. If a CPU temperature reaches 0 Celsius, the Data Domain system shuts down. With older models, the numbers are positive. If the CPU temperature reaches 80 Celsius (176 degrees Fahrenheit), the Data Domain system shuts down. The Power Supply section reports that all power supplies are operating normally or that one or more are operating abnormally. The message does not identify which power supply or supplies are not functioning (except by enclosure). Look at the back panel of the enclosure and check the LED for each power supply to identify those requiring replacement.
298
user
The user command adds and deletes users, changes passwords, manages password aging and strength policies, and displays user roles. A role determines the type of operations a user can perform on the Data Domain system. See RBAC and User Role Definitions for details. The default administrative account is sysadmin. You can change the sysadmin password but cannot delete the account. See the Installation and Setup Guide for details on sysadmin. Options include:

add change del disable enable password reset show
Change History
Click the command option for details on usage and functionality. See the EMC DD OS Release Notes of the corresponding version for details on modifications, including arguments, output, and permissions. Version Change 5.2 New command options: user change role <user> {admin | user | backup-operator | data-access} Modified command option: user add user-name [password <password>] [role {admin | security | user}] [min-days-between-change <days>] [max-days-between-change <days>] {warn-days-before-expire <days>] [disable-days-after-expire <days>] [disable-date <date>]
user
299

Options
add
user add user-name [password <password>] [role {admin | security | user}] [min-days-betweenchange <days>] [max-days-between-change <days>] {warn-days-before-expire <days>] [disabledays-after-expire <days>] [disable-date <date>] Add a new user. If password is not specified, the system prompts for one. The default role is user. A user name must start with a number or a letter. Special characters cannot be used. The user names root and test are default names on each Data Domain system and are not available for general use. Users in the sysadmin role create the first security officer role by adding a user and designating the role security. After a user is added as the initial security officer, only security officers can add or delete other security officers. See Adding a Security Officer for instructions.
password Password must be at least six characters. role The type of user permissions allowed. See RBAC and User Role Definitions for details. min-days-between-change Minimum number of days allowed before the password can be changed again. max-days-between-change Maximum number of days before password expires. warn-days-before-expire Number of days of warning before a password expires. disable-days-after-expire Account is disabled if inactive for the specified number of days past expiration. disable-date Account is disabled on this date. If not specified, account never expires.
300
change
user change password [<user>] Change a users password. The admin user can change any users password by using the user-name option. Users with the user role can change only their own passwords. Passwords must comply with the password strength policy, which you can check with the command option user password strength show. user change role <user> {admin | user | backup-operator | data-access} Change the role of a user. See RBAC and User Role Definitions for details on roles.
del
user del <user> Remove a user. Note that sysadmin cannot be deleted.
disable
user disable <user> Disable the specified user account. This prevents the user from logging on to the Data Domain system.
enable
user enable <user> [disable-date <date>] Enable a specified user account with an optional disable date. The account must already exist on the system. If not specified, the disable date previously assigned to the account is used.
password
user password aging option reset {all | [min-days-between-change] [max-days-between-change] [warn-days-before-expire] [disable-days-after-expire]} Reset one or more rules in the default password aging policy to the current default values. New accounts inherit the policy in effect at the time they are created, unless you set different aging options with the user add command. user password aging option set [min-days-between-change <days>] [max-days-between-change <days>] [warn-days-before-expire <days>] [disable-days-after-expire <days>] Set the default values for the password aging policy. This command option does not require security officer authorization.
user
301
user password aging option show Display the default password aging policy. user password aging reset <user> {all | [min-days-between-change] [max-days-between-change] [warn-days-before-expire] [disable-days-after-expire]} Reset one or more rules in the password aging policy for the specified <user> to the current default values. user password aging set <user> [min-days-between-change <days>] [max-days-between-change <days>] [warn-days-before-expire <days>] [disable-days-after-expire <days>] Set the password aging policy for the specified <user>. user password aging show [<user>] Show the password aging policy for all users, or for a specified <user>. Users can check the password aging policy for their own account. Users in the admin role can check the policies for all users.
Example
# user password aging show joe

User Password Last Changed joe1 March 28, 2011 Minimum Days Maximum Days Warn Days Disable Days Status Between Change Between Change Before Expire After Expire 0 0 99999 99999 7 7 never never enabled enabled
----------------------------------------------------------------------------------------------------------------------------------------------------------sysadmin Mar 16, 2006
-----------------------------------------------------------------------------------------------------------------------------------------------------------
user password strength reset {all | min-length |min-char-classes <num_classes>} Reset the password strength policy to the default values.
all Reset both the minimum length and minimum number of character classes to 1. min-length Reset the minimum number of characters in the password to 1. min-char-classes Reset the minimum number of character classes to 1. user password strength set {[min-length <length>] [min-char-classes <num_classes>} Set the password strength policy. Specify either min-length or min-char-classes, or both.
302
min-length The minimum number of characters in the password. min-char-classes The minimum number of character classes. Specify 1, 2, 3, or 4. Valid passwords must contain at least one character from the specified number of classes. The four character classes are lowercase letters, uppercase letters, digits, and special characters. When DD OS counts the number of character classes, an uppercase letter at the beginning of the password does not count as an uppercase letter. Similarly, a digit at the end of the password does not count as a digit. user password strength show Show the current password strength policy. All users may run this command option.
# user password strength show
Minimum length of password: 7 Minimum number of character classes required in the password: 2
reset
user reset Reset the user account list, password-aging options, and password-strength parameters to default values. note This command option is not allowed on Retention Lock Compliance systems.
show
user show active Display list of users currently logged in. user show detailed [<user>] Show detailed information for a specified user or for all users. user show list Display list of system users.
user
303
Additional Topics
The Role of the Security Officer

The role of Security Officer was created to comply with the Write Once Read-Many (WORM) regulation. This regulation requires electronically stored corporate data be kept in an unaltered, original state for purposes such as eDiscovery. EMC Data Domain added auditing and logging capabilities to enhance the function, most of which are transparent to the user. As a result of compliance regulations, most command options for administering sensitive operations, such as encryption, Retention Lock Compliance, and archiving now require security officer interaction. The type of interaction varies, depending on the use case. The role of security officer is also associated with the feature Role-Based Security Access (RBAC), another federal requirement to which Data Domain adheres. RBAC introduces various new user roles, each with designated permissions. See user for a description of roles and permissions. There are three types of security officer interaction:
Security Officer Sign Off The security officer has approved the operation to be performed by the admin. To achieve sign off, the security officer must provide the proper credentials (username and security officer password) when prompted by the admin. Sign-offs occur per-command. They do not persist.
Security Officer Authorization Synonymous with security officer sign off. The admin has the permission from the security officer to run a command, and the admin has received the security officer credentials.
Security Officer Oversight Security officer oversight applies when Retention Lock Compliance is enabled on an MTree. However, some commands such as filesys encrypt are always under the purview of the security officer, even in the absence of MTrees enabled with Retention Lock Compliance.
304
RBAC and User Role Definitions

Role-based access control (RBAC) is an authentication policy that controls the type of operations a user can perform on a Data Domain system. System access and operations are allowed or restricted based on the permissions associated with each role. In accordance with RBAC policy, the following roles are available for administering and managing the Data Domain operating system. admin A user can configure and monitor the entire Data Domain system. Most command options are available to the admin role only. user A user can monitor Data Domain systems and perform the fastcopy operation. The user role is for standard users who have access to a limited number of command options. For example, most show command options are available at this level. security (security officer) Some DD OS procedures require additional security and therefore must be authorized, or signed off, by the security officer. During authorization, the admin and the security officer are required to participate when issuing a command. See the section on authorization workflow in authorization for details. In addition to authorizing procedures, only the security officer can create and manage additional security officers. The security role is assigned to local users only. Users in the security role cannot be assigned additional roles. During an upgrade, if the system contains security officers, a sec-off-defaults permission is created that includes a list of all current security officers. The user role security and security officer are synonymous and the terms are used interchangeably in this document. backup-operator In addition to user role permissions, allows a user to create snapshots, import and export tapes to a VTL library, and move tapes within a VTL library. data-access For DD Boost authentication only. A user with this role can log in to a system and can change his or her password, but cannot monitor, manage, or configure a Data Domain system.
user
305
Adding a Security Officer

The user in the default role of sysadmin must create the first security officer. After the first security officer role is created, only users with security role permissions can add another security officer. To add a user with security role permissions, enter:
# user add sec_off password <password> role security
The new security user must log in as the security office and enable the security officer authorization policy by entering:
# authorization policy set security-officer enabled
Adding a User
To add a user named jeff, password xyz1, and role admin, enter:
# user add jeff password xyz1 role admin
user "jeff" added.
Removing a User
To delete the user named jeff, enter:
# user del jeff
deleted user "jeff".
Changing a User Password

To change the password for the user named jane, enter:
# user change password jane
Enter new password: Re-enter new password: Passwords matched Password changed for user "jane".
Changing a Role
To change the role to admin for the user named jane, enter:
# user change jane admin
Role changed for user "jane".
306
vtl
EMC Data Domain VTL is a licensed software option that enables backup applications to connect to and manage a Data Domain system as a virtual tape library. Beginning with version 5.2, new VTL pools are MTree-based. Additionally, multiple MTrees enable the user to more closely configure DD OS for data management needs. MTree-based pools allow MTree replication to be used instead of directory replication. Existing pools are backward compatible. Users may also create additional backward-compatible pools as needed. VTL pool-based replication is performed using MTree replication for MTree pools, and directory replication for backward-compatible pools. MTree-specific attributes can be applied to each VTL pool individually instead of inheriting a common set of attributes from the default backup MTree. These attributes include snaphots and snapshot schedules, retention lock policy, and compression information. In previous versions, access to VTL data in /backup (/data/col1/backup), typically through NFS or CIFS mount of /backup, was relatively unconstrained. This led to issues where VTL data was changed beneath the VTL process; for example, when manually deleting a pool or copying files, and resulted in unexpected behavior or inconsistencies. By using MTrees for pools VTL data is relocated from /backup. With MTrees, users may continue to use and manage VTL with little or no difference when compared to versions 5.0 and earlier. Options include:

add cap debug del disable drive enable export group import initiator option
vtl
307
pool port port option readahead reset show slot status tape
Change History
Click the command option for details on usage and functionality. See the EMC DD OS Release Notes of the corresponding version for details on modifications, including arguments, output, and permissions. Version Change 5.2 New command options: vtl drive show {serial-number <serial-number> | vtl <vtl> [drive {<drive-list>}]} vtl pool upgrade-to-mtree {<pool-list> | all} [check-only] Modified command options: vtl pool add <pool> [backwards-compatibility-mode] vtl show stats <vtl> [drive {<drive-list> | changer | all}] [port {<port-list> | all}] [interval <secs>] [count <count>] vtl tape modify <barcode> [count <count>] [pool <pool>] retention-lock {<date> | <period>} vtl tape move <vtl> source {slot | drive | cap} <src-address-list> destination {slot | drive | cap} <dst-address-list> vtl tape show {all | pool <pool> | vault | <vtl>} [summary] [count <count>] [barcode <barcode>] [time-display {modification | creation | retention}] [sortby {barcode | pool | location | state | capacity | usage | percentfull | compression | time | modtime} [{ascending | descending}]]
308
Unless otherwise noted, command options are available only to users with admin role permissions. Verify that a Fibre Channel (FC) interface card is installed in the PCI card array. The VTL feature communicates between a backup server and a Data Domain system through a Fibre Channel interface. Set the backup software minimum record (block) size. For best results, use 64 KiB or larger. Changing block size after the initial configuration renders data written in the original size unreadable. The recommended number of concurrent virtual tape drive instances is platform-dependent, as is the recommended number of streams between a Data Domain system and a backup server. This number is system-wide and includes streams from all sources, such as VTL, NFS, and CIFS. For details on the number of tape drives and data streams, see the EMC Data Domain Administration Guide. Data Domain VTL does not protect virtual tapes from a Data Domain system filesys destroy command. The destroy command deletes all virtual tapes.
Options
add
vtl add <vtl> [model <model>] [slots <num-slots>] [caps <num-caps>] Add a tape library. Data Domain VTL supports a maximum of 64 library instances.
cap
vtl cap add <vtl> [count <num-caps>] Add cartridge access ports (CAPs) to a virtual tape library. The total number of CAPs cannot exceed 100 per library or 1000 per system. vtl cap del <vtl> [count <num-to-del>] Delete <num-to-del> CAPs from a virtual tape library. The CAPs are deleted from the end.
debug
vtl debug disable [component {all | user | kernel | default | <component-list>}] Disable debug functionality of the specified components. This command is supported on both nodes of a cluster.
vtl
309
vtl debug enable [component { all | user | kernel | default | <component-list>}] [level {all | high | medium | low | none}] [timeout {never | timeout (mins)}] Enable debug functionality for the specified components in persistent mode or a specified timeout period at the specified debug level. The unit of timeout is minutes. This command is supported on both nodes of a cluster. vtl debug show [component {all | user | kernel | default | <component-list>}] Show specified components, or all components, running debug functionality. This command is supported on both nodes of a cluster.
del
vtl del <vtl> Recycle (remove) an existing virtual tape library. Any tapes loaded into the library when the library is deleted are not destroyed. Instead, tapes are placed back into the virtual tape vault. When a VTL pool is deleted, the associated MTree is first renamed before deletion. This allows a new pool with the same name to be created.
disable
vtl disable Close all libraries and shut down the VTL process.
drive
vtl drive add <vtl> [count <num-drives>] [model <model>] Add drives to a virtual tape library. Drives are added by starting with drive number 1 and scanning for any holes left by the vtl drive del command. When the holes are filled, the drives are appended to the end of the library. The number of slots within a library cannot be fewer than the number of drives in the library. If an attempt is made to add more drives than the current number of slots, the system automatically adds the additional slots required. note You cannot mix drive models within the same library.
vtl drive del <vtl> drive <drive number> [count <num-to-del>] Delete virtual drives from a VTL. Any drive can be deleted, which means there can be holes in the drive list. This may cause issues with some applications. vtl drive show {serial-number <serial-number> | vtl <vtl> [drive {<drive-list>}]} View details of VTL drives.
310
Output Definitions
Location Standard format location of library or drive. Serial # Drive serial number. Vendor Drive vendor identification. Product Drive product identification. Product revision Drive product revision. Status Drive status. Barcode Barcode of loaded tape. Pool Pool of loaded tape. Previous Slot Previous slot of loaded tape. Device SCSI device ID. Persistent Reservation Persistent reservation information. Access Groups Fibre Channel access groups for device.
enable
vtl enable Enable VTL subsystem.
export
vtl export <vtl> {slot | drive | cap} <address> [count <count>] Remove tapes from a slot, drive, or cartridge-access port (CAP) and send them to the vault.
vtl
311
group
vtl group add <group-name> initiator <initiator-alias-or -WWPN> Add an initiator alias or World Wide Port Name to the specified VTL access group. vtl group add <group-name> vtl <vtl name> {all | changer | drive <drive-list>} [lun <lun>] [primaryport {all | none | <port-list>}] [secondary-port {all | none | <port-list>}] Add a changer or drives to the specified VTL access group. You can add a changer or drive, optionally starting at a given LUN. You can optionally specify primary and secondary Data Domain system VTL port lists. By default, the port lists contain all Data Domain system VTL ports. vtl group create <group-name> Create a VTL access group with the specified group name. Each Data Domain system device (changer or drive) and initiators may then be added to the VTL access group. vtl group del <group-name> initiator <initiator-alias-or-WWPN> Remove an initiator alias or World Wide Port Name from the specified VTL access group. vtl group del <group-name> vtl <vtl name> {all | changer | drive <drive-list>} Remove a device from a group. This command immediately removes access from the specified initiator to the VTL devices within the group. vtl group destroy <group-name> Remove the specified empty VTL access group. Before you destroy a group, use the vtl group del command to remove the initiators and devices from the group. vtl group modify <group-name> vtl <vtl name> {all | changer [lun <lun>] | drive <drive> [lun <lun>]} [primary-port {all | none | <port-list>}] secondary-port {all | none | <port-list>}] Modify a group without removing and replacing devices or initiators in the group. You can use this command to change LUN assignments and primary and secondary port assignments. The main purpose of this command is to change group port assignments. vtl group rename <src-group-name> <dst-group-name> Rename a VTL access group. The <dst-group-name> must not already exist. See Requirements for Group Naming for name rules. Note that this command does not interrupt active sessions. vtl group show [ all | vtl <vtl> | <group-name> ] Show information about VTL access groups. All users may run this command option. vtl group use <group-name> [vtl <vtl name> {all | changer | drive <drive-list>} {primary | secondary} Switch ports in use for the specified changer in a group or library to the primary or secondary port list for the specified changer or drives. Immediately change the access
312
path to the primary or secondary port for the selected VTL components in an access group. When the path is restored, you can use this command to return the group to its primary port list. After you apply a group to new VTL ports, a rescan of media servers SCSI bus may be necessary. Also, a backup application may need to rescan available SCSI devices. This command interrupts any current access to the specified group and is intended to be used during path failures. See More About vtl group Command Options for additional tips and guidelines.
import
vtl import <vtl> barcode <barcode> [count <count>] [pool <pool>] [element {drive | cap | slot}] [address <addr>] Move tapes from the vault into a slot, drive, or cartridge access port. Use the command vtl tape show <vtl name> to display the total number of slots for a VTL and to view which slots are currently used. Use backup software commands from the backup server to move VTL tapes to and from drives. The following two commands are equivalent:
# vtl import VTL1 barcode TST010L1 count 5 # vtl import VTL1 barcode TST010L1 count 5 element slot address 1
Default address is 1. Default element is slot. Default pool is Default.
initiator
vtl initiator reset address-method initiator <initiator-alias-or-WWPN> Reset the address method to the default. Reset the address method used by SCSI REPORT LUNS back to the default (auto). vtl initiator reset alias <alias name> Remove an initiator alias. Reset (delete) the initiator alias from the system. Deleting the alias does not affect any VTL access from the specified initiator. To remove an initiator from a group, use the vtl group del command instead. vtl initiator set address-method {auto | vsa} initiator <initiator-alias-or-WWPN> Set the device address method used when responding to a SCSI REPORT LUNS command from the specified initiator. With most platforms, you do not need to specify a device address method. Use this command to work around any platform-specific limitations you may encounter.
vtl
313
vtl initiator set alias <alias name> wwpn <wwpn> Add an initiator alias. This command sets an alias for an initiators WWPN. An initiator is any Data Domain system client HBAs world-wide port names (WWPN). This command does not interrupt traffic or VTL group access. Use the vtl initiator show command on the Data Domain system to list the client WWPNs detected by the Data Domain system. You must match the WWPNs in the command output to the clients HBA WWPN, including colon delimiters. The alias must be unique, must not be longer than 256 characters, and can contain only the characters 0-9, a-z, A-Z, underscore(_), and hyphen (-). You can create up to 128 aliases.
Example
The following example uses the client name and port number as the alias to avoid confusion with multiple clients that may have multiple ports:
# vtl initiator set alias client22_2a
wwpn 21:00:00:e0:8c:11:33:04
vtl initiator show [initiator <initiator-alias-or-WWPN> | port <port-list>] Display information about one or all Fibre Channel devices. Not all devices shown are initiators. All users may run this command option.
option
vtl option disable <option name> Disable a VTL option. Options include loop-id, auto-eject, and auto-offline. See Values for vtl option Commands for definitions. vtl option enable <option name> Enable a VTL option. Options include loop-id, auto-eject, and auto-offline. See Values for vtl option Commands for definitions.
Example # vtl option enable auto-offline
If enabled tapes being moved from a drive are automatically taken offline and unloaded unless the prevent bit is set for the drive. vtl option reset <option name> Reset a VTL option to its default value. Options include loop-id, auto-eject, and auto-offline. See Values for vtl option Commands for definitions.
314
vtl option set <option name> <value> Set an option and value. Options include loop-id, auto-eject, and auto-offline. See Values for vtl option Commands for definitions.
Example # vtl option set loop-id 5
The Fibre Channel loop ID is 1 to 126. vtl option show {<option name> | all} Show settings for a specific option or all VTL options.
Example # vtl option show all
Name -----------loop-id auto-eject auto-offline -----------Value ------------1 disabled disabled -------------
pool
vtl pool add <pool> [backwards-compatibility-mode] A pool created with backwards compatibility mode will exist in the default directory (/backup). Replication of backwards-compatibility-mode pools is done using directory-based replication, as in previous releases. EMC does not recommend creating backwards-compatibility-mode pools unless users have specific requirements; for example, replication with a pre-5.2 DD OS system. vtl pool del <pool> Delete a tape pool. You must first use the vtl tape del command to remove all of the tapes from the pool. vtl pool rename <src-pool> <dst-pool> Rename a pool. Note that a pool can be renamed only if none of its tapes are in libraries. vtl pool show {all | <pool>} List tall tape pools or the contents of a specific <pool>. If the argument all is used, a summary of all tape pools is provided, including the state of each pool, the number of tapes, the total usage and compression for each pool, whether or not a pool is a replication destination, the Retention Lock status of the pool, read/write properties, and the number of tapes in the pool:
vtl
315
Output Definitions
RW Pool has normal read/write properties. RD Pool is a replication destination. RO Pool is read-only. RLCE Pool is Retention Lock Compliance Enabled. RLGE Pool is Retention Lock Governance Enabled. RLGD Pool is Retention Lock Governance Disabled. BCM Pool is in backward-compatibility mode. vtl pool upgrade-to-mtree {<pool-list> | all} [check-only] If a <pool-list> is specified, those pools are candidates for upgrade. If the argument all is specified, backward-compatibility mode pools are upgraded. If no arguments are provided, a precheck confirms that an upgrade is necessary (or possible). If so, the upgrade is performed, converting the specified backward-compatibility mode pools to MTree-based pools. note An upgrade may only be run when VTL is disabled.
This command option does not convert the pool to MTree under the following conditions:

The pool is a replication source or destination. The filesystem is full. The pool collides with an MTree with same name.
Example 1 # vtl pool upgrade-to-mtree all

Checking for VTL upgrade... Upgrading VTL pools... VTL upgrade completed successfully.
If the check-only argument is used, the precheck is run, but no upgrade is performed. This allows planning for any necessary changes prior to the upgrade.
316
Example 2 # vtl pool upgrade-to-mtree old-pool check-only

Checking for VTL upgrade... **** Upgrade 'old-pool' cannot be performed, <reason stated here>.
See Upgrading VTL Directory-Based Pools to MTree-Based Pools for details.
port
vtl port disable {all | <port-list>} Disable a single Fibre Channel port or all Fibre Channel ports in the list. vtl port enable {all | <port-list>} Enable a single Fibre Channel port or all Fibre Channel ports in the list. vtl port show detailed-stats Show the following information about Fibre Channel ports. All users may run this command option.

Control commands Write commands Read commands In (number of MiB written--the binary equivalent of MB) Out (number of MiB read) Link failures LIP count Sync losses Signal losses Error count in primitive sequence protocol Number of invalid tx words Number of frames received with a bad CRC
vtl
317
vtl port show hardware Show Fibre Channel ports hardware, including:

Model Firmware WWNN WWPN
All users may run this command option. vtl port show stats [port {<port-list> | all}] [interval <secs>] [count <count>] Show VTL I/O stats on Fibre Channel ports. All users may run this command option. vtl port show summary Show the following information about Fibre Channel ports. All users may run this command option.

Port HBA slot HBA port Connection type Link speed Port ID Enabled Status
port option
vtl port option reset [{fcp2-retry | topology} [port {<port-list> | all}]] Reset options on VTL Fibre Channel ports. vtl port option set fcp2-retry {disable | enable} [port {<port-list> | all}] Set FCP2 retry on VTL Fibre Channel ports. Use this command only if FCP2 retry connectivity problems occur. vtl port option set topology {loop-preferred | loop-only | point-to-point} [port {<port-list> | all}] Set topology on VTL Fibre Channel ports. vtl port option show [{fcp2-retry | topology} [port {<port-list> | all}]] Show options on VTL Fibre Channel ports.
318
readahead
vtl readahead reset {stats | summary} Reset VTL readahead information. When VTL reads a tape file it improves performance by reading ahead information from tape files and caching the information until needed. vtl readahead show {stats | detailed-stats | summary} Display readahead information about each open tape file that has been read.
stats Overview of information about each open tape file that has been read. detailed-stats Detailed information each open tape file that has been read. summary Summary of readahead information on all tape files since the statistics were last reset.
reset
vtl reset hba Reset the hba. Broadcast new VTLs and VTL changes to clients. Avoid using the vtl reset hba command during an active backup or restore job. Changes may cause an active job to fail, depending on the backup application and host type.
show
vtl show config [<vtl>] Show the library name and model and tape drive model for a single VTL or all VTLs. All users may run this command option. vtl show element-address [<vtl>] Show the following information for all VTLs, or a single VTL. All users may run this command option.

Starting element address Slot count and starting address CAP count and starting address Drive count and starting address Changer count and starting address
vtl
319
vtl show stats <vtl> [drive {<drive-list> | changer | all}] [port {<port-list> | all}] [interval <secs>] [count <count>] Show VTL I/O stats. Show detailed traffic statistics for devices belonging to the specified VTL. Statistics include speed of read/writes in KiB per second, per VTL drive. All users may run this command option.
slot
vtl slot add <vtl> [count <num-slots>] Add slots to a virtual tape library. Add one or more slots to the end of the specified virtual tape library. The maximum is 32,000 slots per library, with a maximum of 64,000 slots per system. vtl slot del <vtl> [count <num-to-del>] Delete one or more slots from a virtual tape library.
status
vtl status Show the state of the VTL process. All users may run this command option.
tape
vtl tape add <barcode> [capacity <capacity>] [count <count>] [pool <pool>] Add one or more virtual tapes and insert them into the vault. Optionally, associate the tapes to the specified pool. vtl tape copy barcode <barcode> [count <count>] source <src-pool> [snapshot <src-snapshot>] destination <dst-pool> Copy tapes between VTL pools. Note that an opened writable tape in a tape drive may not be copied. Additionally, source and destination pools cannot be the same unless copying from a snapshot. If the snapshot argument is specified in the command option, tapes are copied from the snapshot of the source pool. In this case the destination pool can be the same as the source pool. A tape that is in the vault or library slot/cap, or is opened read-only in a tape drive can be copied. A tape that is opened writable in a tape drive may not be copied.
Example # vtl tape copy barcode AA0000LC count 100 source replica-dest destination daily-restores
320
vtl tape del <barcode> [count <count>] [pool <pool>] Delete the specified tape or one or more tapes. You cannot delete tapes that are in a VTL. See export to remove tapes from a VTL. caution! This command deletes all data on tapes.
vtl tape modify <barcode> [count <count>] [pool <pool>] retention-lock {<date> | <period>} Modify the state of retention lock of a specified tape or tapes. Change the amount of time to maintain the retention lock on the specified tape or tapes. If the volume is not mounted, the change is made immediately. Otherwise, data is synchronized first. The command fails if the filesystem is read-only. vtl tape modify <barcode> [count <count>] [pool <pool>] writeprotect {on | off} Set the write protect state of a specified tape. If the volume is not mounted, the tape file permission is changed immediately. Otherwise, outstanding writes are synchronized first. vtl tape move <vtl> source {slot | drive | cap} <src-address-list> destination {slot | drive | cap} <dst-address-list> Move one or more tapes between elements in a VTL. Values for <src-address-list> include: all, 1, 2-14, 3-5, 7-10. Values for <dst-address-list> include: 1, 2-14, 3-5, 7-10, and auto. You may specify the auto keyword only if moving from tapes from drives to slots. If auto is selected, VTL finds the previous slot the tape was in and moves it to that slot. If the slot is not empty, it moves the next available slot. See vtl tape move barcode <barcode> [count <count>] source <src-pool> destination <dst-pool> Move a tape between VTL pools if it is in the vault, or in a library slot or CAP. It may not be moved between VTL pools if the tape is open in a drive. You cannot move the following kinds of tapes:

Tapes open in a drive Tapes on a replica Tapes configured with Retention Lock
vtl tape show {all | pool <pool> | vault | <vtl>} [summary] [count <count>] [barcode <barcode>] [timedisplay {modification | creation | retention}] [sort-by {barcode | pool | location | state | capacity | usage | percentfull | compression | time | modtime} [{ascending | descending}]] Display information about tapes, including modification, creation, or retention times. If time-display argument is omitted, the default is modification time for backwards-compatibility-mode VTL pools. If you are using Extended Retention (formerly Archiver), see Extended Retention and vtl tape show Command for information on modification time.
vtl
321
Example # vtl tape show vault time-display retention

Processing tapes.... Barcode Pool Location vault vault vault vault State RO/RL RO/RL RO/RL RO/RL Size 5 GiB 5 GiB 5 GiB 5 GiB Used (%) 0.0 GiB ( 0.00%) 0.0 GiB ( 0.00%) 0.0 GiB ( 0.00%) 0.0 GiB ( 0.00%) Comp 0x 0x 0x 0x Retention Time 2011/01/01 12:00:00 2011/04/08 00:00:00 2011/04/08 00:00:00 2011/04/08 00:00:00 ---------------------------------------------------------------------------------------------------------------------------------------------A00150LC Default A00151LC Default A00152LC Default A00153LC Default

<addr> <alias or WWPN> all Abbreviation for address. Initiator alias or world-wide port name (WWPN). Show all information about the object specified by the command option. Sort a report in the order specified. The device address method chosen based on the numeric LUN range being reported: 0 - 255, peripheral device addressing is used, 256 16383, flat device addressing is used (default).
ascending | descending auto
322
<barcode>
An eight-character virtual tape identifier. Barcodes must start with six numbers or uppercase letters (0-9, A-Z), and end in a two-character tag of L1, L2, L3, LA, LB, or LC for the supported LT0-1, LT0-2, and LT0-3 tape types. Default sizes are used if you do not specify the <capacity> argument when creating the tape cartridge. Defaults are: L1=100 GiB capacity tape, L2 = 200 GiB, and L3 = 400 GiB. LA =50 GiB capacity tape, LB = 30 GiB, and LC =10 GiB. Specified values override the two-character tag. Show information about tapes that match the specified <barcode>. When using count and barcode together, use a wild card character in the barcode to have the count be valid. An asterisk (*) matches any character in that position and all further positions. A question mark (?) matches any character in that position. Abbreviation for cartridge access ports. The number of gibibytes (GiB) for each tape created. This value overrides default barcode capacities. The upper limit is 4,000 GiB. For best results, when data becomes obsolete (and the Data Domain system cleaning process marks data for removal) set capacity to 100 or less for efficient reuse of Data Domain system disk space. GiBs equal the base-2 value of Gigabytes (GB). Device type. Optional argument for vtl pool upgrade-to-mtree command to check if specified pool can be upgraded to an MTree. Required argument for vtl debug commands.
caps <capacity>
changer check-only
component
vtl
323
<component-list>
List of vtl debugging components. One or more may be specified. vhba scst fc ddcl vtc vmc vtlprocess group vscsi vtlsm vtc_readahead info_cache persistent_reservations master_client master_server worker_client worker_server vdev_thread registry misc The number of objects on which to perform the action, as specified by the command option. Retention-lock date stamp for vtl tape modify command. Displays details of statistics. New tape location. Address is indicated by keywords, slot, drive, or cap. Similar to a typical drive list, such as 1-10, 2,3 etc. In the vtl tape move <vtl> source command, the number of elements must match the number of elements in the <src-address-list>. The arguments any and all denote any empty element of the given type can be used. If the source is drive and destination is slot, then the previous slot is tried first.
<count>
<date>
detailed-stats <dest-address>
dst-address-list
drive <drive number>
Number of VTL drive.
324
<drive-list> <dst-group-name> <dst-pool> <element> fcp2-retry <group-name>
List of drives in group. Name of the destination group. Name of new VTL pool. Destination element. Port option. VTL access group. TapeServer is a reserved group and cannot contain initiators. Alias for an initiator. Time interval in seconds. All kernel (low-level) vtl debugging components. Degree of vtl debugging verbosity to enable (all | high | medium | low | none). Port topology option. Port topology option. A device address to pass to the initiator. The maximum logical unit number (LUN) is 16383. A LUN must be unique within a group, but need not be unique across the system. LUNs for VTL devices within a group must start with zero (0) and be contiguous numbers. A tape library model name. See the Data Domain technical note for the model name that corresponds with your backup software. Optional argument for vtl tape show command to display tapes sorted by modification time. The number of cartridge-access ports. The default is zero (0), and the maximum is 100 per library or 1000 per system. The number of drives to add. The maximum number of drives across all VTLs is 64 to 540, depending on the memory installed in your Data Domain system.
<initiator-alias> interval <secs> kernel level
loop-only loop-preferred <lun>
<model>
modtime
<num-caps>
<num-drives>
vtl
325
<num slots>
The number of slots in the library. You cannot add more drives than the number of configured slots. The maximum number of slots for all VTLs on a Data Domain system is 32,000. Default is 20 slots. The number of objects to delete. Name of specific option. Time interval. Optional argument for vtl tape show command to display tapes sorted by how full each tape is. Port topology option. The primary VTL ports on which the devices are visible. By default, or if you specify all, the VTL devices are visible on all ports. Specify none if the devices should not be visible on any ports. Name of pool. The argument is required if tapes are in a pool. List of pools. A comma-separated list of Data Domain system VTL ports. You can specify port names as a range separated by a hyphen (-). The ports must already exist. note For multiple ports, separate each name with a comma and enclose the list with quotation marks (" "). Enable Retention Lock Compliance or Governance. Seconds between each display refresh. The secondary VTL ports on which the devices are visible to the vtl group use secondary command. By default, the devices are visible on all ports. The secondary port list supports path redundancy. VTL element. Keyword for vtl tape copy command.
<num-to-del> <option name> <period> percentfull
point-to-point primary
<pool name>
<pool-list> <port-list>
retention-lock <sec> secondary
slot snapshot
326
sort-by
Sort the report on the specified column: barcode, pool, location, state, capacity, usage (number of bytes used on the tape), percentfull, compression, or modtime (modification time). Current tape location. Address is indicated by keywords, slot, drive, or cap. List of source addresses. Name of source group. Name of the current VTL pool. Option for vtl tape copy command describing a specific snapshot within a source pool. Display statistics. Show a summary of all tapes and tape usage. Optional argument for vtl tape show command. Optional argument for vtl debug enable command describing how long debugging should remain enabled for the specified components. Port option. Volume set addressing (VSA). This method is used primarily for addressing virtual buses, targets, and LUNs. The HP-UX operating system selects the volume set addressing method based on inquiry data and LUN information returned by the SCSI-3 REPORT LUNS command. Name of library. Enable or disable write-protection for a tape.
<src-address>
<src-address-list> <src-group-name> <src-pool> <src-snapshot>
stats summary time-display timeout
topology vsa
<vtl> write-protect
vtl
327
Additional Topics
Upgrading VTL Directory-Based Pools to MTree-Based Pools

After a system upgrade, existing VTL directory-based pools are available as backwards compatibility mode pools. These pools are identified in the output of the command option vtl pool show all. Existing directory replication contexts continue to function for backwards compatibility mode pools. After the primary system upgrade is complete, a user can upgrade backwards compatibility mode VTL pools to MTree-based pools using the vtl pool upgrade-to-mtree UI at an appropriate time in the customer's upgrade cycle. This separate step allows interoperability of Data Domain systems at different revision levels; specifically, those using directory replication (which is not available to MTreebased pools.) Under certain conditions, constraints apply when upgrading VTL directory-based backwards compatibility mode pools to MTree-based pools. Workarounds are included in parentheses.
The filesystem is a collection replication destination. (The replication source must be upgraded.) A pool has a name that is invalid as an MTree. (The pool must be renamed before upgrade.) A pool has a name that duplicates an existing MTree name. (The pool or MTree must be renamed before upgrade.) An insufficient number of MTrees is available to convert pools. (Some pools or MTrees must be merged or deleted before upgrade.) A pool is referenced in a directory replication context. (The context must be broken before upgrade.)
More About vtl group Command Options
The VTL group feature allows clients to access only selected LUNs from a Data Domain system. VTL group changes may require the media server to rescan the SCSI bus, or you can use the vtl reset hba command to reset the link. For troubleshooting purposes, run the command vtl group use to switch between the primary and secondary port lists in the event of path failure. Enter the command vtl group use primary to return the group to the primary port list after the path is repaired.
328
Requirements for Group Naming

A VTL group name must be unique, and can only contain the characters 0-9, a-z, A-Z, underscore(_), and hyphen (-). Group names cannot exceed 256 characters. A maximum of 128 groups is allowed. Reserved group names that cannot be used are: TapeServer, default, all, and summary.
Values for vtl option Commands

Values for commands vtl option disable, vtl option enable, vtl option reset, and vtl option set are: loop-id The Fibre Channel loop ID: 1 to 126. auto-eject If enabled, tapes placed into CAPs are automatically ejected to the vault. auto-offline If enabled, tapes being moved from a drive are automatically taken offline and unloaded unless the prevent bit is set for the drive.
Extended Retention and vtl tape show Command

Modification times used by the system for age-based policies may differ from the last modified time displayed in the tape information sections of the GUI and CLI. This is expected behavior.
vtl
329
330

DD OS 5.2 Command Reference Guide

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

DD OS 5.2 Command Reference Guide

Uploaded by

Copyright:

Available Formats

EMC Data Domain Operating System 5.

EMC DD OS 5.2 Command Reference Guide

groups reset servers show status

EMC DD OS 5.2 Command Reference Guide

Explicitly Failing a Disk Unfailing a Disk

EMC DD OS 5.2 Command Reference Guide

159 159 159 159 160

EMC DD OS 5.2 Command Reference Guide

Options disable enable option show status stop user

181 182 182 182 182 184 184 184

212 212 213 214 214 215 216 217

EMC DD OS 5.2 Command Reference Guide

Options disable enable reset set show status

230 230 230 230 231 232 233

EMC DD OS 5.2 Command Reference Guide

268 268 269 269

296 296 297 297 297 298 298

EMC DD OS 5.2 Command Reference Guide

Upgrading VTL Directory-Based Pools to MTree-Based Pools 328

EMC DD OS 5.2 Command Reference Guide

About This Guide

Initial Configuration Guide Administration Guide

About This Guide

The EMC Data Domain Support Portal

Knowledge Base and Reference Library

Service and Support

EMC DD OS 5.2 Command Reference Guide

Guidelines and Restrictions

To add the host srvr24 to the Telnet access list:

EMC DD OS 5.2 Command Reference Guide

To add all hosts in a domain to the Telnet access list:

To add a range of IP addresses to the Telnet access list:

EMC DD OS 5.2 Command Reference Guide

Example 1 (Host Certificate)

This command option is followed by a prompt to enter the sysadmin password.

Example 2 # adminaccess certificate show detailed host

Subject/Issued To: sys2.datadomain.com

EMC DD OS 5.2 Command Reference Guide

Example # adminaccess show

http https ------Option

yes yes -------

-------------------Value ----80 443 20 -----

EMC DD OS 5.2 Command Reference Guide

Set the SSH session timeout period to 10 minutes:

To reset the Telnet options to the default values:

To set the SSH session timeout period to 10 minutes:

adminaccess telnet option show Display the Telnet options.

To set the Telnet client session timeout to the default value:

EMC DD OS 5.2 Command Reference Guide

To set Web options to default values:

Supported Certificate Formats

Importing and Deleting Certificates

Returning Command Output to a Remote Machine

EMC DD OS 5.2 Command Reference Guide

clear notify-list show

Guidelines and Restrictions

hardwarefailure warning --------------Members --------------------

EMC DD OS 5.2 Command Reference Guide

Example # alerts notify-list reset

EMC DD OS 5.2 Command Reference Guide

warning warning warning warning ----------

Severity Class ---------NULL NULL INFO INFO INFO INFO -----

Object - -----NULL NULL

Status -------post post post clear post clear