Professional Documents
Culture Documents
CIFS Administration on
Data ONTAP 7.3
Exercise Guide
NETAPP UNIVERSITY
ATTENTION
The information contained in this guide is intended for training use only. This guide contains information
and activities that, while beneficial for the purposes of training in a closed, non-production environment,
can result in downtime or other severe consequences and therefore are not intended as a reference guide.
This guide is not a technical reference and should not, under any circumstances, be used in production
environments. To obtain reference materials, please refer to the NetApp product documentation located
at www.now.com for product information.
COPYRIGHT
2008 NetApp. All rights reserved. Printed in the U.S.A. Specifications subject to change
without notice.
No part of this book covered by copyright may be reproduced in any form or by any meansgraphic,
electronic, or mechanical, including photocopying, recording, taping, or storage in an electronic retrieval
systemwithout prior written permission of the copyright owner.
NetApp reserves the right to change any products described herein at any time and without notice.
NetApp assumes no responsibility or liability arising from the use of products or materials described
herein, except as expressly agreed to in writing by NetApp. The use or purchase of this product or
materials does not convey a license under any patent rights, trademark rights, or any other intellectual
property rights of NetApp.
The product described in this manual may be protected by one or more U.S. patents, foreign patents,
or pending applications.
TRADEMARK INFORMATION
NetApp, the NetApp logo, and Go further, faster, FAServer, NearStore, NetCache, WAFL, DataFabric,
FilerView, SecureShare, SnapManager, SnapMirror, SnapRestore, SnapVault, Spinnaker Networks,
the Spinnaker Networks logo, SpinAccess, SpinCluster, SpinFS, SpinHA, SpinMove, SpinServer, and
SpinStor are registered trademarks of Network Appliance, Inc. in the United States and other countries.
Network Appliance, Data ONTAP, ApplianceWatch, BareMetal, Center-to-Edge, ContentDirector, gFiler,
MultiStore, SecureAdmin, Smart SAN, SnapCache, SnapDrive, SnapMover, Snapshot, vFiler, Web Filer,
SpinAV, SpinManager, SpinMirror, and SpinShot are trademarks of NetApp, Inc. in the United States and/or
other countries.
Apple is a registered trademark and QuickTime is a trademark of Apple Computer, Inc. in the United States
and/or other countries.
Microsoft is a registered trademark and Windows Media is a trademark of Microsoft Corporation in the
United States and/or other countries.
RealAudio, RealNetworks, RealPlayer, RealSystem, RealText, and RealVideo are registered trademarks
and RealMedia, RealProxy, and SureStream are trademarks of RealNetworks, Inc. in the United States
and/or other countries.
All other brands or products are trademarks or registered trademarks of their respective holders and should
be treated as such.
NetApp is a licensee of the CompactFlash and CF Logo trademarks.
E0-2
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
E0-3
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
Overview
MODULE 1: OVERVIEW
Exercise
Module 1: CIFS Overview
Estimated Time: 15-60 minutes
EXERCISE
NOTE: This lab normally takes only 15 minutes. However, if you dont have an appropriate
storage system environment, the lab will refer you to Appendix B for instructions on how to set
up a Data ONTAP simulator. Setting up the simulator may take up to 60 minutes.
The goal of this exercise is to give you an opportunity to explore the current exercise environment
with the instructors assistance. If you do not have a storage system environment, you will then be
redirected to Appendix B for the simulator setup.
OBJECTIVES
TIME ESTIMATE
15 Minutes
E1-1
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
E1-2
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
37
E1-3
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
38
STEP
ACTION
1.
With the assistance of your instructor, identify the following essential equipment:
Windows Workstation
Name: ______________________________
IP address: _________________________
Domain
Administrator
Password: __________________________
Local
Administrator
Password: __________________________
Domain Controller
E1-4
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
Storage System
Name: ___________________________________
Type: ___________________________________
Internal
IP address: _______________________________
Terminal
IP address: _______________________________
Root
Password: _______________________________
2.
Task complete.
END OF EXERCISE
E1-5
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
Workgroup
MODULE 2: WORKGROUPS
Exercise
Module 2: Workgroups
Estimated Time: 45 minutes
The goal of this lab is to give you an opportunity to configure a storage system for a Windows
workgroup environment. In a future exercise, you will repurpose the storage system for an Active
Directory Domain environment.
OBJECTIVES
TIME ESTIMATE
45 minutes
Please refer to your Exercise Guide for more instruction.
E2-1
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
E2-2
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
36
In this lab, you run cifs setup to join your storage system to a Windows workgroup. The
commands in the lab are entered at the storage system prompt.
START OF EXERCISE
STEP
ACTION
1.
b) Log in as root with no password. NOTE: Verify with the instructor the
password for root.
2.
Type license at the storage systems command prompt to view the current list of
licenses registered.
License CIFS by entering the following command and using the CIFS license code
provided by your instructor:
system>license add {license_code_provided_by_instructor}
Confirm the license was successfully added by reissuing the license command at
the prompt.
3.
E2-3
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
4.
Before configuring the CIFS services, at the storage system prompt (in your Telnet
session), enter the following command and view the default storage system security
style and NT administrator privileges:
system>options wafl
What is the volume (and all qtrees on the volume) default security style?
______________
Look at the wafl.default_security_style option.
Does the NT (Windows) administrator have privileges to map to the UNIX root
user? ___________________
Look at the wafl.nt_admin_priv_map_to_root option.
5
Enter the following command and view the security style of the root volume:
system>qtree status
What is the security style of your root volume? _________
6.
Press the Enter key twice for root password (meaning no password).
Press Enter to keep default CIFS server (storage system) name. (Obtain the storage system
name from your instructor.)
Choose 3 for Windows workgroup authentication using the storage systems local user
accounts.
Press Enter to keep the default name for the workgroup [WORKGROUP].
Enter the password twice for the local administrator password. (Obtain the password from
your instructor.)
NOTE: The name and password for the local administrator on the storage system must
match the Windows workstation administrator and password for pass-through
authentication to work.
Example:
system > cifs setup
This process will enable CIFS access to the filer from a Windows system.
Use "?" for help at any prompt and Ctrl-C to exit without committing changes.
Your filer does not have WINS configured and is visible only to clients on the
same subnet.
E2-4
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
Do you want to make the system visible via WINS? [n]:
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
7.
After configuring the CIFS services, enter the following command and view the
default storage system security style and NT administrator privileges:
system>options wafl
What is the volume (and all qtrees on the volume) default security style?
___________________
Does the NT (Windows) administrator have privileges to map to the UNIX root user?
_______________
8.
Enter the following command and view the security style of the root volume:
system>qtree status
After configuring the CIFS services, what is the security style of your root volume?
__________________
9.
Task complete.
10.
E2-6
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
1.
At the storage system prompt, review the cifs configuration file with the
rdfile command by typing:
system>rdfile /etc/cifsconfig_setup.cfg
Notice how this file holds all the configurations entered during the wizard
questions of the cifs setup command.
2.
At the storage system prompt, review the following files with the rdfile
command:
/etc/usermap.cfg
/etc/passwd
/etc/nsswitch.conf
/etc/cifsconfig_share.cfg
4.
Task complete.
5.
E2-7
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
1.
Determine if aggr0 (root volume) is configured for RAID type raid4 by entering
the following command at the storage system prompt:
system>aggr status
If aggr0 is raid4, then go to Step 3.
2.
3.
4.
5.
Create a traditional volume tradvol1 with RAID type raid4 and 2 disks using
the aggr command:
system>aggr create tradvol1 -v t raid4 2
Verify that the newly created tradvol1 exists:
system>vol status tradvol1
Verify that the newly created aggregate (also called tradvol1) is raid4 and has
2 disks (-d option):
system>aggr status
system>aggr status tradvol1 -d
6.
E2-8
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
7.
Create a qtree named datatree1_ntfs with NTFS security style on the volume
flexvol1 by entering the following command:
system>qtree create /vol/flexvol1/datatree1_ntfs
Verify that the newly created qtree datatree1_ntfs exists:
system>qtree status
What is the security style on the new qtree? __________________
Why is this the security style? ____________________________________
____________________________________________________________
8.
Create a qtree named datatree2_unix with UNIX security style on the volume
flexvol1 by entering the following command:
system>qtree create /vol/flexvol1/datatree2_unix
Verify that the newly created qtree datatree2_unix exists:
system>qtree status
What is the security style on the new qtree? __________________
Change the security style to UNIX by entering the following command:
system>
qtree security /vol/flexvol1/datatree2_unix unix
Verify that the security style for qtree datatree2_unix is UNIX:
system>qtree status
9.
Create a qtree named datatree3_mixed with mixed security style on the volume
flexvol1 by entering the following command:
system>qtree create /vol/flexvol1/datatree3_mixed
Change the security style to mixed by entering the following command:
system>
qtree security /vol/flexvol1/datatree3_mixed mixed
Verify that the security style for qtree datatree3_mixed is mixed:
system>qtree status
10.
Task complete.
END OF EXERCISE
E2-9
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
Shares
MODULE 3: SHARES
Exercise
Module 3: Shares
Estimated Time: 15 minutes
EXERCISE: SHARES
OVERVIEW
The purpose of this activity is to perform routine CIFS administration procedures on your storage
system in a Windows Workgroup environment. You will view the current list of shares, add a new
share, verify access to the share, and display session information.
OBJECTIVES
View current shares, add a new share and verify share access
TIME ESTIMATE
15 minutes
E3-1
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
E3-2
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
48
STEP
ACTION
1.
If you are not already, use the Remote Desktop connection to log in to your Windows
workstation as Administrator.
NOTE: Use the IP address and password provided by the instructor.
2.
3.
In the address bar of the Web browser, change the address to the following:
\\IP_Address_of _Your_Storage_System\C$
What folder(s) display? __________________________
4.
At your storage system prompt, view the CIFS sessions by entering the following
command:
system>cifs sessions
What user currently has a session with the storage system?
__________________________________________________
What account is the user mapped to? _______________________
E3-3
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
5.
At the storage system prompt, verify the user mapping by entering the following
command:
system>options wafl.nt_admin_priv_map_to_root
Is this option set to on? _________________
If wafl.nt_admin_priv_map_to_root is on, then the local administrators
user mapping is root.
Verify the default UNIX user name by entering the following command:
system>options wafl.default_unix_user
Is there a default UNIX user? If yes, what is the user name?
________________________________
If the wafl.default_unix_user is set to a user name (for example, pcuser),
then this is the default user mapping for any Windows user that is not explicitly
mapped.
Verify that the default UNIX user name is in the /etc/passwd file by entering the
following command:
system>rdfile /etc/passwd
Is the default UNIX user name in the /etc/passwd file? _____________
6.
Task complete.
7.
STEP
ACTION
1.
Create a new share called datatree1 ntfs (for the qtree datatree1_ntfs) on the storage
system by entering the following command at the storage system prompt:
system>
cifs shares add datatree1_ntfs /vol/flexvol1/datatree1_ntfs
Answer yes if you are asked whether you want to use this share name.
2.
View the newly created datatree1_ntfs share by entering the following command at the
storage system prompt:
3.
E3-4
On the Windows workstation, open Windows Explorer and, as the administrator, map
CIFS Administration on Data ONTAP 7.3: M03_Shares_Exercise.doc
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
a network drive to the new share datatree1_ntfs.
4.
5.
On the Windows workstation, create a text file with WordPad and save the file to the
new share datatree1_ntfs.
c) Go to Start
Programs
Accessories
WordPad.
d) Open WordPad and type something to create a text document.
e) Save the file to the datatree1_ntfs share.
6.
7.
Task complete.
END OF EXERCISE
E3-5
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
Access Control
Exercise
Module 4: Access Control
Estimated Time: 30 minutes
The purpose of this activity is to perform routine CIFS administration procedures on your storage
system in a Windows workgroup environment. You will create a local user account and
administer user access, add a new share, map a network drive to the new share and verify access
to the share, and create a local group.
OBJECTIVES
Add a new share, map a network drive to the new share and verify share access, add a file to the share,
and access the file on the share
Remove a share
TIME ESTIMATE
30 minutes
E4-1
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
E4-2
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
50
STEP
ACTION
1.
2.
Recall that the storage system currently is in a Windows workgroup. To verify that the
storage system is a server in a Windows workgroup, enter the following command:
system>cifs sessions
Is the storage system in a Windows workgroup? ________________
3.
Before adding a local user to the storage system, check the current security options to
determine password rules by entering the following command:
system>options security
What is the value for the security.passwd.rules.enable? _________
If the security.passwd.rules.enable option is on, then in order to create
a local user, you will need to come up with a password using the following rules:
It must be at least 8 characters long
It must contain at least 2 alphabetic characters
It must contain at least 1 digit
If security.passwd.rules.enable.option is off, then the restrictions
will not be enforced when you create a password.
4.
Add a local user (your name) in the predefined Guests group to the storage system by
entering the following command:
User names are case insensitive.
system>useradmin user add your_name g Guests
Remember your password._________________________
E4-3
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
5.
Verify that the local user (you) was added to the storage system by entering the
following command:
system>useradmin user list your_name
6.
Check the allowed capabilities for the local administrator account by entering the
following command:
View the list of all local storage system users by entering the following command:
system>useradmin user list
7.
8.
Task complete.
9.
STEP
ACTION
1.
2.
E4-4
At the storage system prompt in your Telnet session, view the CIFS sessions by
entering the following command:
system>cifs sessions
From your Windows workstation, who has a session with the storage system?
CIFS Administration on Data ONTAP 7.3: M04_AccessControl_Exercise
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
__________________________________________________
You logged in to the Windows workstation as Administrator with a password. This
Administrator was authenticated locally on the storage system with the local
Administrator account (note that the user names match). The local Administrator
account has the same password as the Windows Administrator.
This is called pass-through user authentication, and it works only if the
names and passwords match on both the storage system and Windows
workstation.
The Administrator account has permission to view the hidden C$ share.
3.
On the Windows workstation, open Windows Explorer and disconnect the network
drive that you just mapped in the browser by going to ToolsDisconnect Network
Drive.
a) Select the network drive to disconnect.
4.
On the Windows workstation, log off as the Administrator and then log back in as the
Administrator to clear the share cache.
a) Go to StartLog Off administrator and click the Log off button when
you are asked if you are sure that you want to log off.
b) Use the Remote Desktop connection to log back in to your Windows
workstation as the Administrator with the Administrator password.
5.
On your Windows workstation, map a drive to a storage system share for a different
local user (your name) by opening Windows Explorer and going to ToolsMap
Network Drive. The Map Network Drive window appears.
a) In the Drive list box, select any unused letter.
b) In the Folder list box, enter the following:
\\IP_Address_of _Your_Storage_System\C$
c) Click Connect using a different user name.
d) The Connect As...window appears.
e) Enter your User name.
(Name_of _Your_Storage_System \your_name).
f) Enter your Password. (password for your_name).
g) Click the OK button.
h) Click the Finish button.
E4-5
i)
j)
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
Name_of _Your_Storage_System \your_name.
k) In the password text box, enter your password.
l)
If not, go to this step, 5 b), and in the Folder list box, enter
\\IP_Address_of _Your_Storage_System\Home and proceed again to
map the network drive to the share.
The Guests group has no capabilities and, therefore, you cannot access the C$ share,
but you can access the Home share since it is available to
the Everyone group.
At the storage system prompt, view the CIFS sessions by entering the following
command:
system> cifs sessions
6.
From your Windows workstation, who has a session with the storage system?
__________________________________________________
You now have successfully mapped a network drive to the Home share on the
storage system as a local user (your name) on the storage system that is a member
of the Guests group.
You were authenticated locally on the storage system with your name and
password.
7.
Task complete.
8.
STEP
ACTION
1.
Before creating a new local group on your storage system, view the current groups on
the storage system by entering the following command at the storage system prompt:
System>useradmin group list
2.
At the storage system prompt, create a local group on the storage system called
friends with the Data ONTAP predefined role power by entering the following
command:
system>useradmin group add friends r power
3.
At the storage system prompt, verify the newly created group by entering the following
command:
system>useradmin group list friends
E4-6
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
How many capabilities are assigned to the power role for the friends group?
__________________________
The Data ONTAP predefined power role grants the ability to:
4.
On the Windows workstation, change the security properties of the text file on the
datatree1_ntfs share.
a) Open Windows Explorer and go to the mapped datatree1_ntfs drive to view
the text file.
b) Right-click the text file and choose Properties.
c) Select the Security tab and under Group or user names, click the Add
button.
d) In the Enter the object names to select text box, enter friends.
e) Click the OK button.
f) Click the friends group. What permissions are displayed for the friends group?
g) Click the Everyone group. How do the friends permissions differ from the
permissions in the Everyone group?
___________________________________________________
h) Now, click the Apply button on the Security tab, and then click the OK
button.
5.
At the storage system prompt, modify the local user (your name) and add the friends
group to the user by entering the following command:
system>
useradmin user modify your_name g Guests,friends
6.
At the storage system prompt, verify the groups and capabilities of the newly changed
local user (your name) by entering the following command:
system>useradmin user list your_name
To which groups does the local user (your name) now belong?________________
Have the local user (your name) capabilities changed? If yes, how?
________________________________________________
7.
Task complete.
8.
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
In this lab, you will configure the storage system for multiprotocol access, and then view file
permissions for files in an NTFS qtree, UNIX qtree, and mixed qtree.
STEP
ACTION
1.
Before configuring your storage system for multiprotocol access, perform the
following from your Windows workstation:
a) Create a share on the storage system called datatree2_unix (for your
datatree2_unix qtree on flexvol1) and map a network drive to the share.
b) Create a share on the storage system called datatree3_mixed (for your
datatree3_mixed qtree on flexvol1) and map a network drive to the share.
Follow the steps outlined in Task 2 from the previous lab and Task 2 of this lab
respectively to create and map a share.
Note: You might need to disconnect all map drives, log out, and log back in to the
Windows machine to clear the security cache. Windows does not allow you to map
two separate shares with different security accounts.
2.
At the storage system prompt, view the current default security style by entering the
following command:
system>options wafl.default_security_style
What is the current default security style? ______________________
3.
4.
To change the storage system from NTFS-only to multiprotocol access without using
cifs setup, enter the following command at the storage system prompt:
system>options wafl.default_security_style unix
1)
2)
3)
4)
5.
E4-8
NOTE: Even though the default security style is set to UNIX, the administrator can
manually change the default to a different security style (NTFS or mixed).
At the storage system prompt, enter the following command to view the security style
for each qtree on flexvol1:
system>qtree status flexvol1
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
6.
7.
Recall that the datatree1_ntfs qtree has a designated security style of NTFS. This means
that files have Windows NTFS ACLs (permissions).
E4-9
Recall that the datatree2_unix qtree has a designated security style of UNIX, and that files
and directories have UNIX permissions.
You are a Windows user accessing a UNIX qtree and a UNIX file. The Properties window
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
(in Microsoft Windows) is not designed to interpret the UNIX permissions on the share and
file and hence the Security tabs are missing. However, starting with Data ONTAP 7.2,
changes have been made to the multiprotocol functionality. Now administrators can both
display and change UNIX permissions from the Windows Security tab.
E4-10
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
8.
9.
Recall that the datatree3_mixed qtree has a designated security style of mixed. This means
that the default security style of a file is the style most recently used to set permission on
that file. With mixed security style, the volume or qtree can have UNIX or NTFS file
security in play.
Since the mixed qtree was created when the storage system was NTFS-only and the parent
volume was NTFS, the mixed qtree inherited the effective security style of the parent
volume that was created with NTFS.
To view the UNIX permissions on the files in this multiprotocol environment, enter the
following option at the storage system prompt:
system>options cifs.preserve_unix_security on
10.
Enabling this option allows you to manipulate a files UNIX permissions using the
Security tab on a Windows client, or using any application that can query or set Windows
ACLs. When enabled, this option causes UNIX qtrees to appear as NTFS volumes. The
default for this option is off.
E4-11
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
c) Click the Cancel button.
11.
12.
You are a Windows user accessing this UNIX file with your mapped UNIX credentials.
Your UNIX credentials are used when evaluating your access requests by comparing your
credentials against the file or folder UNIX access permissions.
13.
E4-12
Recall that the mixed qtree was created when the storage system was NTFS-only and the
parent volume was NTFS, so the mixed qtree inherited the effective security style of the
parent volume that was created with NTFS.
The effective Windows NTFS ACLs (permissions) are shown in the Security tab. The
effective security style of the qtree, folders with the qtree, or files may be changed if a
UNIX administrator sets permissions on the qtree, subfolders, or files by issuing the
chmod (to change file permissions) or chown (to change the file or group ownership)
command from a UNIX host.
Task complete.
CIFS Administration on Data ONTAP 7.3: M04_AccessControl_Exercise
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
14.
ACTION
1.
On the Windows workstation, open Windows Explorer and disconnect the network
drive that you just mapped in the browser by going to ToolsDisconnect Network
Drive.
a) Select the network drive associated with datatree3_mixed to disconnect.
Click the OK button.
2.
3.
4.
Do you think when you remove a share that you delete the underlying qtree?
_____________
Go check. Do you remember the command to view the current qtrees and volumes?
_____________
5.
Task complete.
END OF EXERCISE
E4-13
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
Domains
MODULE 5: DOMAINS
Exercise
Module 5: Domains
Estimated Time: 60 minutes
EXERCISE: DOMAINS
OVERVIEW
The purpose of this activity is to reconfigure the storage systems CIFS server for an Active
Directory environment. You will then create a domain user, create shares, and administrate those
shares.
OBJECTIVES
Reconfigure the CIFS services using FilerView to join your storage system to a Windows Active
Directory domain.
TIME ESTIMATE
60 Minutes
E5-1
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
E5-2
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
42
STEP
ACTION
1.
2.
E5-3
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
The following example demonstrates the steps for joining your storage system to a
Windows Active Directory (Windows 2000 or later) domain:
c) In the Filer Name text box, enter the name of your storage system.
d) In the Description text box, enter Windows Server and click the Next
button.
E5-4
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
e) Under Domain, click the Windows 2000 radio button and then click the Next
button.
f) In the Domain Name text box, enter the fully qualified domain name.
g)
h)
i)
E5-5
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
j)
For Security Style, click the NTFS Only radio button and then click the Next
button.
k) Review the summary of your changes and, if correct, click the Commit button.
E5-6
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
l)
3.
Congratulations. Your storage system has now joined a Windows 2000 (or
later) Active Directory domain. Click the Close button.
system>cifs testdc
The cifs testdc command tests the FilerView's ability to connect with
Windows NT domain controllers. The output of the cifs testdc command
is useful in the diagnosis of CIFS-related network problems.
system> cifs domaininfo
The cifs domainfo command determines whether the storage system is
associated with a NT4 or Windows Active Directory domain. When CIFS is
running, additional information about current domain controller connections
and known domain controller addresses for the specified domain are displayed.
In addition, the current Active Directory LDAP server connection and known
Active Directory LDAP servers are also displayed for the specified domain.
4.
Task complete.
5.
E5-7
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
1.
2.
a) In the Active Directory Users and Computers window, create a new domain
user using the following user name format: user_<first_initial><last_name>.
For example, the user name for Jane Doe is user_jdoe. This creates a unique
user name for you in the domain.
NOTE: For this lab, enter the new domain user name in the First name text
box and in the User logon name text box.
b) In the console tree on the left, beneath the Domain_name folder, click the
Users folder.
c) In the right windowpane, look for the domain user name that you just created.
d) Right-click on your new user and select Properties.
e) Select the Member Of tab. In a future lab, we are going to need to log in as
this user. If you are using a remote desktop application, you need to add this
user to the Domain Admins group. To do this:
f) Select Add.
g) Type Domain Admins in the object name textbox and click OK.
3.
Task complete.
4.
E5-8
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
1.
You are currently logged in to your Windows workstation as the administrator. Before
viewing the shares using the Windows workstation Computer Management, disconnect
any mapped network drives.
a) Open Windows Explorer and disconnect any mapped network drives by
going to ToolsDisconnect Network Drive.
b) Select the network drive to disconnect.
c) Click the OK button.
d) On the Windows workstation, log off as the administrator and then log back in
as the administrator to clear the share cache.
e) Go to StartLog Off administrator and click the Log off button when
you are asked if you are sure that you want to log off.
f)
2.
E5-9
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
3.
____________________________________________________________
Computer Management enables you to view shares that you have permission to
view. You cannot see the folders or files in the share from this GUI.
4.
To view the share permission for the datatree1_ntfs share, right-click the
datatree1_ntfs share, choose Properties, and then click the Share Permissions tab.
Which group has access to see this share? ________________________
5.
Give the new domain user (that you created in the previous lab
user_<first_initial><last_name>) access to the datatree1_ntfs share by performing the
following:
a) In the datatree1_ntfs Properties window, on the Share Permissions tab, click
the Add button.
b) In the Enter the object names to select text box, enter the new domain user
name.
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
The CLI equivalent entered at the storage system prompt that modifies share-level
access control to Full Control is demonstrated in the following example, for which
datatree1_ntfs is the name of the share:
system>
cifs access datatree1_ntfs domain_user_name Full Control
6.
Click the Sessions folder (beneath the Shares folder in the console tree) to view the
current sessions.
Which user or users have current session(s) with the storage system?
_________________________________________
7.
Click the Local Users and Groups folder in the console tree.
a) Click the Users folder. Who are the local users in your storage system?
________________________________________________________
b) Click the Groups folder. Which group is not a predefined group?
__________________________________________________
8.
With the Groups folder open, right-click the Guests account and choose Properties to
view the Guests properties.
Which users are members of the Guests group?
___________________________________________________
Click the Cancel button.
NOTE: The Guests account has domain and local storage system users.
9.
With the Groups folder open, right-click the friends account and choose Properties to
view the friends group properties.
Which user or users are members of the friends group?
_________________________
Click the Cancel button.
10.
With the Groups folder open, right-click the friends account and choose Add to
Group to add the new domain user to the friends local group by performing the
following:
a) In the friends Properties window, click the Add button.
b) In the Enter the object names to select text box, type the new domain user
(user_<first_initial><last_name>).
c) Click the Check Names button.
d) Click the OK button.
E5-11
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
e) In the friends Properties window, view the newly added domain user to the
Members list for the friends share.
f) Click the Apply button.
With the Groups folder open, right-click the Administrators account and choose
Properties to view the Administrators properties.
Which members can fully administer the storage system?
________________________________________________
Click the Cancel button.
12.
Task complete.
13.
TASK IV: VIEWING SHARES AND SESSIONS AND ADDING A NEW SHARE
USING FILERVIEW
In this lab, you display the current shares and sessions on your storage system and create a new
share using FilerView.
STEP
ACTION
1.
Use an Internet browser to open FilerView and log in as root with no password. Note:
Verify the password with the instructor.
2.
3.
E5-12
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
4.
5.
Add a new share called datatree4_ntfs (for the qtree datatree4_ntfs) on volume vol0 by
performing the following:
a) Go to FilerViewCIFSSharesAdd.
b) For Share Name, type datatree4_ntfs.
c) For Mount Point, type /vol/vol0/datatree4_ntfs.
d) For Share Description, type NTFS Qtree on Traditional Volume.
e) Leave Max. Users and Force Group blank.
f) Click the Add button.
You receive a caution message that the share name datatree4_ntfs will not be
accessible from some MS-DOS workstations.
6.
7.
Task complete.
8.
E5-13
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
1.
E5-14
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
E5-15
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
g) For Permissions, click the Use custom share and folder permissions radio
button.
h) Click the Customize button.
i)
E5-16
For the Everyone group, mark the Allow check boxes for Full Control,
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
Change, and Read.
Note: The Windows default is Everyone to Read only when the storage
system default is Everyone to Full Control.
j) Click the OK button.
k) Click the Finish button on the Permissions page.
l)
3.
4.
Task complete.
5.
E5-17
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
1.
2.
3.
E5-18
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
Report.
4.
Task complete.
END OF EXERCISE
E5-19
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
Advanced Administration
Exercise
Module 6: Advanced Administration
Estimate Time: 90 minutes
The purpose of this activity is to set up event logging, configure a storage system for Auto Home
Shares, and to configure a Group Policy Object to automatically map the Auto Home Share to a
network drive. Then we will configure the native file blocking to prevent users from saving a
MP3 file on the storage system.
OBJECTIVES
Define a Group Policy Object to automatically map the Auto Home Share to a network drive
Define a Group Policy Object to apply a security policy to a directory structure on a storage system
TIME ESTIMATE
90 minutes
E6-1
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
E6-2
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
60
STEP
ACTION
1.
At the storage system prompt, enter the following command to view the current
cifs.audit options:
system>options cifs.audit
What is your cifs.audit.autosave.onsize.enable setting?
____________________________
off
What is your cifs.audit.enable setting? ___________
off
If cifs.audit.enable is set to off, then enable auditing by entering the
following command at the storage system prompt:
system> options cifs.audit.enable on
What is your cifs.audit.autosave.ontime.interval setting? ___________
2.
3.
At the storage system prompt, check the status of the login events by entering the
following command:
NetApp> options cifs.audit.logon_events.enable
If the option is off, turn it on.
4.
Change the name of the audit log file by entering the following command:
system> options cifs.audit.saveas
/etc/log/storage_system_your_initials.evt
NOTE: Use your initials to make your .evt file different from your partner. The file
name is the complete path name of the file where Data ONTAP logs audit event
information. Use .evt as the file extension.
5.
E6-3
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
for file /etc/log/cifsaudit.alf: the audit log is empty
6.
Task complete.
7.
STEP
ACTION
1.
Map a drive to the C$ share of your storage system and log in to this share as the
administrator.
2.
Access the C$ share and create a test text file in the home directory named
access_test_your_name.txt.
NOTE: Your file name should be different from your partner.
3.
Right-click the file and select Properties. The file Properties window appears.
4.
Click the Security tab, and then click the Advanced button. The Advanced Security
Settings window appears.
5.
Click the Auditing tab, and then click the Add button. The Select User, Computer, or
Group window appears.
To add the Everyone group in the Enter the object name to select text box, type
Everyone, and then click the OK button. The Auditing Entry window for the text file
appears.
6.
For the Everyone group in the Access list box, mark a few events to audit and click the
OK button.
NOTE: Checks in the boxes indicate what events are to be audited. Both failures and
successes can be audited.
E6-4
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
7.
The Advanced Security Settings window for the text file appears.
Click the Apply button and then the OK button.
E6-5
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
8.
9.
Task complete.
10.
STEP
ACTION
1.
At the storage system prompt, enter the following command to save the audit log via a
timer:
system>
options cifs.audit.autosave.ontime.interval 1m
system> options cifs.audit.autosave.ontime.enable on
2.
E6-6
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
3.
____________________
______
4.
Task complete.
5.
STEP
ACTION
1.
Open the access_test_your_name.txt file that you created, and leave it open for two to
three minutes. Make some changes to the file by adding some text. Now, save the file.
2.
3.
To open the event logs stored on the storage system, perform the following:
a) On your Windows workstation, go to the Computer Management GUI and
connect to your storage system.
b) In the Computer Management GUI console tree go to System Tools
Event
Viewer.
c) Right-click Event Viewer and choose Open Log File.
d) In the Open window, choose My Computer and go to the mapped C$ drive.
Open the etc folder and log folder to view the event logs.
e) Select one of the event (.evt) files and in the Log Type list box, select
Security. Click the Open button to display the audit files.
f) Double-click the first audit file and read a description of the event. You can
continue to read all the audit files.
4.
5.
E6-7
Task complete.
Please proceed to the next task.
CIFS Administration on Data ONTAP 7.3: M06_AdvancedAdmin_Exercise
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
At the storage system prompt, enter the following command:
1.
2.
3.
Note the system time and now open the access_test_your_name.txt file that you
created. Make some changes to the file by adding some text. Now, save the file.
4.
Go back to the Computer Management GUI and refresh the Security Event Viewer.
Do you see new audit records?
If not, wait a minute and then refresh it again. If you are still having difficultly, make
sure you are performing an action that you designated in the System ACL to be
auditing.
Turn off CIFS auditing by entering the following command at the storage system
prompt:
5.
6.
7.
STEP
ACTION
1.
Before setting up the home directories for users, view the contents of the
/etc/cifs_homedir.cfg file by entering the following command at the storage system
prompt:
system>rdfile /etc/cifs_homedir.cfg
2.
E6-8
Go to FilerView
Volumes
Qtrees
Add and by performing the following, create
the qtree called users_home on flexvol1 with security style NTFS that stores the CIFS
CIFS Administration on Data ONTAP 7.3: M06_AdvancedAdmin_Exercise
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
user home directories:
3.
4.
5.
Map a network drive to the users_home share. Task VI of the Domains Module
describes how to map a network drive to a share.
In the mapped users_home share, create a folder with the domain user name.
a) In Windows Explorer, click on the users_home share.
b) In the right window pane, right-click and choose NewFolder.
c) Make the folder name the domain user name that follows the format
user_<first_initial><last_name>. An example is user_jdoe.
The folder name for the user is determined by your choice in the
cifs.home_dir_name_dir_namestyle option.
NOTE: Make sure that the user (user_first_initial+last_name) has Full Control.
6.
Go to FilerView
Volumes
Qtrees
Manage to view the new user_home qtree.
7.
8.
At the storage system prompt, view the CIFS home-directory paths by entering the
following command:
system>rdfile /etc/cifs_homedir.cfg
Which CIFS home-directory path displays? __________________________
/vol/flexvol1/users_home
E6-9
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
9.
At the storage system prompt, view the CIFS home-directory paths by entering the
following command:
system>cifs homedir
Which CIFS home-directory path displays? __________________________
/vol/flexvol1/users_home
At the storage system prompt, force the storage system to process the new homedirectory path entry by entering the following command:
10.
11.
In the next task, we will configure this share to automatically be mapped to a network
drive by a Group Policy Object.
Task complete.
12.
13.
STEP
ACTION
1.
2.
E6-10
On the Windows workstation, start the Active Directory Users and Computers.
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
Directory objects. This tool enables you to administer and publish
information in the directory.)
b) Select the domain icon from the tree pane. Your domain might be named
netappu.com.
c) From the menu bar, choose ActionNewOrganizational Unit.
d) In the New Object User window, create a new organization unit in the
domain using the following name format: ou_<first_initial + last_name>. An
example OU name for Jane Doe is ou_jdoe. This creates a unique user name
for your OU in the domain.
e) Click the OK button.
3.
E6-11
In the Active Directory Users and Computers window, right-click on the new OU
and select Properties from the drop-down menu. Navigate to the Group Policy tab as
shown.
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
4.
5.
E6-12
ACTION
Select the New button to create a new Group Policy Object. Give it the name
user_logonscript_gpo.
Make sure the user_logonscript_gpo object is selected and press the Edit button.
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
6.
Navigate to the logon scripts by selecting User Configuration > Windows Settings >
Scripts (Logon/Logoff).
Select the Logon script in the main panel. Right-click on it and select Properties.
7.
E6-13
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
In the Add a Script dialog box, add the script name: user_logonscript.cmd and press
the OK button.
8.
Now, select the Show Files button from the Logon Properties. A new explorer should
open to the location where the script needs to be created.
9.
Right-click in the new Explorer window and select New and then Text Document
from the drop-down menus. Name the file user_logonscript.cmd and confirm that you
want to change its extension from txt to cmd.
10.
Right-click on the new cmd file and choose Edit. Confirm the Open File Security
Warning dialog box if it appears by clicking the Run button.
11.
Within Notepad, type in the following line, substituting your own storage appliance
name within the path:
net use o: \\<storage_system>\%username%
NOTE: There is a space between the o: and the \\<storage_system>\%username%
This will create an O drive that is mapped to the users Auto Home Share.
NOTE: The storage system name must be properly resolved within DNS for this to
work.
E6-14
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
Save the file and close it.
Close the Windows Explorer window and close the Logon Properties dialog box by
clicking the OK button. Close the Group Policy Object Editor as well. Finally, close
the OU Properties dialog box by clicking the Close button.
12.
One final step associates our domain user with the OU:
13.
Within Active Directory Users and Computers, select the Users node from the tree
pane.
Find your user account and drag-and-drop it to the OU you just created. Confirm any
warning messages that might appear.
Close the Active Directory User and Computers utility.
14.
Now from a Windows machine, log in with your user account. Open up Windows
Explorer. You should see a mapped drive O that is associated with the Auto Home
Share.
15.
16.
Is it successful? ________________
Yes.
Task complete.
17.
18.
STEP
ACTION
1.
Use the Remote Desktop connection to log in to your Windows workstation as your
user account (user_<first_initial><last_name>) that you created in the last module.
Map a drive to the HOME share on your assigned storage system.
You should have Full Control over this directory structure. Create a test file to verify
that you have Write access to the location. If you dont see the Security tab, you are
probably working on a storage system that has the qtree or volume set to unix or mixed
with an effective security of unix. You must have an NTFS file system to create a
filesystem security GPO. Use qtree status to verify your filesystem on vol0 and
if it is not ntfs, use qtree security command to set it.
E6-15
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
Now, we will create a Security Setting GPO that will grant only Read permission to
this user in this directory.
2.
3.
On the Windows workstation, start the Active Directory Users and Computers.
Go to StartProgramsAdministrative ToolsActive Directory Users and
Computers. (The Active Directory Users and Computers allows management of users,
groups, organizational units, and all other Active Directory objects. This tool enables
you to administer and publish information in the directory.)
Select the domain icon from the tree pane. Your domain might be named netappu.com.
Select the organization unit that you created in the previous task. If you followed
procedure in the previous task, the name of the organization unit is ou_<first_initial +
last_name>. Right-click on this OU and select Properties from the drop-down menu.
4.
Select the New button to create a new Group Policy Object. Give it the name
security_gpo.
5.
Make sure the security_gpo object is selected and press the Edit button.
The Group Policy Object Editor should appear.
6.
E6-16
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
7.
E6-17
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
In the folder field, enter the storage system path on which to apply the GPO
(/vol/vol0/home), then click OK.
8.
E6-18
The Database Security window opens. We will set the permissions for the user account
(user_<first_initial><last_name>) so that this user only has Read permission of the
/vol/vol0/home share.
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
Click OK. Next select Propagate inheritable permissions to all subfolders and files
and click OK.
9.
E6-19
The new security group policy object is now complete. Close the Group Policy Editor.
We now must make sure that your assigned storage system is in this OU.
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
Click on Computers. Find your storage system and drag and drop its computer icon
into your designated OU as shown below.
10.
options cifs.gpo.enable on
This turns on the GPO services on the storage system. Now apply the new GPO:
system>
cifs gpupdate
NOTE: If you do not explicitly apply the new GPO with the cifs gpupdate
command, the storage system applies the new GPO the next time it queries the Active
Directory server (usually every 90 minutes).
11.
cifs gpresult
12.
E6-20
Use the Remote Desktop connection to log back into your Windows workstation as
your user account (user_<first_initial><last_name>) that you created in the last
module. Map a drive to the home directory on your assigned storage system.
CIFS Administration on Data ONTAP 7.3: M06_AdvancedAdmin_Exercise
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
What are your permissions?
Your new GPO should be applied to restrict this user to Read Only.
NOTE: You might still be able to have Full Control. In most lab environments, you
might logged in to the domain controller using a terminal server. Microsoft only allows
Administrators to log in via a terminal server without the licensing server. The GPO
permissions have been applied, but your user might also belong to another group that
overrides the Read Only setting.
Now, let us place the storage system back in the main OU. Log back in as the
Administrator and move your storage systems object back into the Computers folder
of the main domain OU.
13.
You might want to run cifs gpupdate and verify that your security_gpo is no
longer applied to your storage system.
NOTE: If you go back and look, the security permission has not changed. Your user
still has Read only in the ACL. Removing the GPO from the storage system does not
change the ACLs back to the way they were before we applied the GPO.
14.
Task complete.
15.
STEP
ACTION
1.
2.
On the Windows workstation, start the Active Directory Users and Computers.
a) Go to Start
Programs
Administrative Tools
Active Directory Users
and Computers.
b) Open your organization unit folder (beneath the domain folder) in the console
tree.
c) In the right windowpane, locate the domain user that you created with the
format user_<first_initial><last_name>.
d) Right-click the domain user name and choose Delete. Confirm the warning
box.
The result is that the domain user is deleted.
3.
4.
Task complete.
END OF EXERCISE
E6-21
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
Performance
MODULE 7: PERFORMANCE
Exercise
Module 7: Performance
Estimated Time: 60 minutes
EXERCISE: PERFORMANCE
OVERVIEW
The purpose of this exercise is to familiarize you with generating and collecting performance
information on the storage system and the Windows host.
OBJECTIVES
Utilize the sio utility to generate load for CIFS and sysstat to display, monitor, and collect
performance data.
TIME ESTIMATE
60 Minutes
E7-1
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
E7-2
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
32
STEP ACTION
1.
Begin data collection. From the Windows host command prompt, type the following
commands:
rsh <storagesystemX> -l root priv set advanced;
wafl_susp z
rsh <storagesystemX> -l root priv set advanced; statit
b
2.
3.
4.
5.
__________________________________________________________________
__________________________________________________________________
__________________________________________________________________
E7-3
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP ACTION
6.
7.
____________________________________
_____________________________
_____________________________
8.
Task complete.
9.
STEP ACTION
1.
From the storage system prompt, enter the following command to view statistics:
system>sysstat 1
2.
From your Windows desktop copy a 30 MB file to your storage systems vol0.
Rename and copy the file two more times. The files should be named or renamed
testfile1, testfile2, and testfile3. View the performance based on
the output.
3.
Copy those files from your vol0 to your flexvol1 with the same name.
Did you notice anything different in the copy operations?
E7-4
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP ACTION
4.
Click Start, then select Run and type cmd and press Enter.
5.
6.
Enter the following at the command prompt to display the sio_ntap_win32 help
file:
C:\>sio_ntap_win32
Read the output and view the sample command.
7.
Note which of the mapped drives are which and add the letters below:
_______ 2-disk vol0
_______ Flexible flexvol1
You will use these drive letters to read from and write to the storage system. When
you encounter a command like <flex>:\testfile1, insert your mapped drive
letter: for example, F:\testfile1
8.
9.
10.
11.
E7-5
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
12.
Task complete.
13.
STEP ACTION
1.
From the storage system prompt, enter the following command to view statistics:
system> sysstat x 1
2.
3.
4.
At the storage system prompt, enter CRTL-C to stop the sysstat output.
Are there any differences in the two outputs?
5.
6.
From the storage system prompt, enter the following command to view statistics:
system> sysstat 1
E7-6
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP ACTION
7.
Let us see the effect of changing the randomness of the writes. Enter the following
command at the Windows command prompt:
C:\>sio_ntap_win32 0 100 4K 25M 10 2 <2D>:\testfile1
This command is going to perform 100% writes, 100% random, with a 4 kB
blocksize, start at the 0 byte and go to 25 MB/sec, run for 10 seconds, use two
threads, and write to testfile1 on the two-disk volume.
8.
9.
Let us now see what effect the block size has on writes. Enter the following command
at the Windows command prompt:
C:\>sio_ntap_win32 0 100 64K 25M 10 2 <2D>:\testfile1
This command is going to perform 100% writes, 100% random, with a 64 kB
blocksize, start at the 0 byte and go to 25 MB/sec, run for 10 seconds, use two
threads, and write to testfile1 on the two-disk volume.
10.
11.
Experiment on your own with different random percentages, blocksize values, and
numbers of threads. Run these tests and change only one parameter at a time.
See if you can determine the performance impacts.
12.
Now use some tests that you are familiar with and change multiple files:
C:\>sio_ntap_win32 value value <flex>:\testfile1
<2D>:\testfile1
C:\>sio_ntap_win32 value value <2D>:\testfile
<2D>:\testfile1 <2D>:\testfile2 <flex>:\testfile1
<flex>:\testfile2 <flex>:\testfile3
13.
Task complete.
14.
E7-7
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP ACTION
1.
You may experience some client caching. If you run a read command for 10 seconds,
and the sysstat output shows reads on the storage system for only 5 seconds, this
usually means the client is caching the data.
From the storage system prompt, enter the following command to view statistics:
system>sysstat 1 or sysstat x 1
2.
3.
4.
At the storage system prompt, enter CRTL-C to stop the sysstat output.
Are there any differences in the two outputs?
5.
6.
From the storage system prompt, enter the following command to view statistics:
system>sysstat 1 or sysstat x 1
7.
To view the effects of sequential versus random reads, enter the following command
at the Windows command prompt:
C:\>sio_ntap_win32 100 0 4K 25M 10 2 <2D>:\testfile1
This command is going to perform 100% read, 100% sequential, with a 4 kB
blocksize, start at the 0 byte and go to 25 MB/sec, run for 10 seconds, use two
threads, and write to testfile1 on the two-disk volume.
E7-8
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP ACTION
8.
9.
Lets now see what effect the block size has on reads. Enter the following command
at the Windows command prompt:
C:\>sio_ntap_win32 100 0 64K 25M 10 2 <2D>:\testfile1
This command is going to perform 100% read, 100% sequential, with a 64 kB
blocksize, start at the 0 byte and go to 25 MB/sec, run for 10 seconds, use two
threads, and write to testfile1 on the two-disk volume.
10.
11.
Experiment on your own with different random percentages, blocksize values, and
numbers of threads. Run these tests and change only one parameter at a time.
See if you can detect and determine the performance impacts.
12.
Now use some tests that you are familiar with and change multiple files:
C:\>sio_ntap_win32 value value <flex>:\testfile1
<2D>:\testfile1
C:\>sio_ntap_win32 value value <2D>:\testfile1
<2D>:\testfile2 <2D>:\testfile3 <flex>:\testfile1
<flex>:\testfile2 <flex>:\testfile3
13.
Task complete.
14.
E7-9
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP ACTION
1.
From the storage system prompt, enter the following command to view statistics:
system> sysstat 1 or sysstat x 1
2.
3.
4.
At the storage system prompt, enter CRTL-C to stop the sysstat output.
Are there any differences in the two outputs?
5.
6.
From the storage system prompt, enter the following command to view statistics:
system>sysstat 1 or sysstat x 1
7.
Lets see what effect changing the randomness of the writes has. Enter the following
command at the Windows command prompt:
C:\>sio_ntap_win32 50 50 4K 0 25M 10 2 <2D>:\testfile1
This command is going to perform 50% writes, 50% reads, 50% random, 50%
sequential, with a 4 kB blocksize, start at the 0 byte and go to 25 MB/sec, run for 10
seconds, use two threads, and write to testfile1 on the two-disk volume.
E7-10
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
NOTE: If using the 0 byte fails, use a nonzero value; make sure there is a comma
between the nonzero value and the 25 MB value.
8.
9.
Lets now see what effect the block size has on writes. Enter the following command
at the Windows command prompt:
C:\>sio_ntap_win32 50 50 64K
0 25M 10 2 <2D>:\testfile1
This command is going to perform 50% writes, 50% reads, 50% random, 50%
sequential, with a 64 kB blocksize, start at the 0 byte and go to 25 MB/sec, run for 10
seconds, use two threads, and write to testfile1 on the two-disk volume.
10.
0 25M 10 2
<flex>:\testfile1
This command is going to perform 50% writes, 50% reads, 50% random, 50%
sequential, with a 64 kB blocksize, start at the 0 byte and go to 25 MB/sec, run for 10
seconds, use two threads, and write to testfile1 on the flexible volume.
11.
Experiment on your own with different random percentages, blocksize values, and
numbers of threads. Run these tests and change only one parameter at a time.
See if you can detect and determine the performance impacts.
12.
Now use some tests that you are familiar with and change multiple files:
Task complete.
END OF EXERCISE
E7-11
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
Troubleshooting
MODULE 8: TROUBLESHOOTING
Exercise
Module 8: Troubleshooting
EXERCISE
E5-1
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
E5-2
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
50
E5-3
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
51
Answers
Module 8: Troubleshooting
ANSWERS
E5-4
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
E5-5
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
53 53
E5-6
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
54 54
E5-7
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
55 55
E5-8
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
56 56
E5-9
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
57 57
Appendix A
NETAPP UNIVERSITY
E9-2
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
MODULE 1: OVERVIEW
Answers
Module 1: CIFS Overview
E9-3
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
40
41
Machine accounts
User names/passwords/rights
Group membership info
Group policies
E9-4
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
42
E9-5
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
43
MODULE 2: WORKGROUPS
Answers
Module 2: Workgroups
NTFS-only
Multiprotocol
During the initial questions in CLI cifs setup,
for which root user can you enter a password?
E9-6
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
38
cifs_nbalias.cfg
39
Action
4.
Before configuring the CIFS services, at the storage system prompt (in your Telnet
session), enter the following command and view the default storage system security
style and NT administrator privileges:
system>options wafl
What is the volume (and all qtrees on the volume) default security style?
______________
unix
Look at the wafl.default_security_style option.
Does the NT (Windows) administrator have privileges to map to the UNIX root user?
___________________
on
Look at the wafl.nt_admin_priv_map_to_root option.
Enter the following command and view the security style of the root volume:
system>qtree status
What is the security style of your root volume? _________
unix
E9-7
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
7.
After configuring the CIFS services, enter the following command and view the
default storage system security style and NT administrator privileges:
system>options wafl
What is the volume (and all qtrees on the volume) default security style?
___________________
ntfs
Does the NT (Windows) administrator have privileges to map to the UNIX root user?
_______________
Enter the following command and view the security style of the root volume:
system>qtree status
After configuring the CIFS services, what is the security style of your root volume?
__________________
ntfs
TASK III: CREATING NEW VOLUMES AND QTREES
5.
Create a qtree named datatree1_ntfs with NTFS security style on the volume flexvol1
by entering the following command:
ntfs
Why is this the security style? ____________________________________
____________________________________________________________
Because this is the default security which was set to the ntfs by cifs setup.
6.
Create a qtree named datatree2_unix with UNIX security style on the volume flexvol1
by entering the following command:
ntfs
Change the security style to UNIX by entering the following command:
system>
qtree security /vol/flexvol1/datatree2_unix unix
Verify that the security style for qtree datatree2_unix is UNIX:
system>qtree status
E9-8
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
Answers
Module 3: Shares
E9-9
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
50
\\IP_Address_of _Your_Storage_System
What share(s) display? _________________________
In the address bar of the Web browser, change the address to the following:
\\IP_Address_of _Your_Storage_System\C$
What folder(s) display? __________________________
At your storage system prompt, view the CIFS sessions by entering the following
command:
system>cifs sessions
What user currently has a session with the storage system?
__________________________________________________
Storage Systems local administrator account.
What account is the user mapped to? _______________________
5.
E9-10
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
system>rdfile /etc/passwd
Is the default UNIX user name in the /etc/passwd file? _____________
Yes.
View the newly created datatree1_ntfs share by entering the following command at
the storage system prompt:
system>cifs shares datatree1_ntfs
Which group has access to this share? _______________________
The Everyone is the default.
What are the share permissions? _______________________
The Everyone group has Full Control.
6.
E9-11
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
Answers
Module 4: Access Control
E9-12
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
52
Verify that the local user (you) was added to the storage system by entering the
following command:
system>useradmin user list your_name
What are your allowed capabilities? __________________________
None, because this user is a guest.
6.
Check the allowed capabilities for the local administrator account by entering the
following command:
system>useradmin user list administrator
What are the capabilities of the local administrator?
_______________________________________________
7.
The administrator has all (*) the login, cli, api and security capabilities by default
because the administrator is part of the Administrators group.
View the list of all local storage system users by entering the following command:
system>useradmin user list
What local users are listed? _____________________________________
Answers may vary.
At the storage system prompt in your Telnet session, view the CIFS sessions by
entering the following command:
system>cifs sessions
From your Windows workstation, who has a session with the storage system?
__________________________________________________
Administrator
You logged in to the Windows workstation as Administrator with a password. This
Administrator was authenticated locally on the storage system with the local
Administrator account (note that the user names match). The local Administrator
account has the same password as the Windows Administrator.
This is called pass-through user authentication, and it works only if the
names and passwords match on both the storage system and Windows
workstation.
The Administrator account has permission to view the hidden C$ share.
5.
On your Windows workstation, map a drive to a storage system share for a different
local user (your name) by opening Windows Explorer and going to ToolsMap
Network Drive. The Map Network Drive window appears.
a) In the Drive list box, select any unused letter.
b) In the Folder list box, enter the following:
\\IP_Address_of _Your_Storage_System\C$
E9-13
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
j)
6.
From your Windows workstation, who has a session with the storage system?
__________________________________________________
The account you created with your name is the current session.
You now have successfully mapped a network drive to the Home share on the storage
system as a local user (your name) on the storage system that is a member of the
Guests group.
You were authenticated locally on the storage system with your name and password.
At the storage system prompt, verify the newly created group by entering the following
command:
system>useradmin group list friends
How many capabilities are assigned to the power role for the friends group?
__________________________
Eleven capabilities or capability families (i.e., cli-cifs*) are listed.
The Data ONTAP predefined power role grants the ability to:
E9-14
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
4.
On the Windows workstation, change the security properties of the text file on the
datatree1_ntfs share.
Open Windows Explorer and go to the mapped datatree1_ntfs drive to view the
text file.
Right-click the text file and choose Properties.
Select the Security tab and under Group or user names, click the Add button.
In the Enter the object names to select text box, enter friends.
Click the OK button.
Click the friends group. What permissions are displayed for the friends group?
_____________________________________________________
Default for friends group is Read & Execute and Read.
k) Click the Everyone group. How do the friends permissions differ from the
permissions in the Everyone group?
___________________________________________________
Everyone has more allowed permissions.
l)
Now, click the Apply button on the Security tab, and then click the OK
button.
5.
At the storage system prompt, modify the local user (your name) and add the friends
group to the user by entering the following command:
system>
useradmin user modify your_name g Guests,friends
6.
At the storage system prompt, verify the groups and capabilities of the newly changed
local user (your name) by entering the following command:
system>useradmin user list your_name
To which groups does the local user (your name) now belong?
Guests and friends
How have the local user (your name) capabilities changed?
________________________________________________
Yes. Now your user account has all the allowed capabilities of both groups.
E9-15
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
At the storage system prompt, view the current default security style by entering the
following command:
system>options wafl.default_security_style
What is the current default security style? ______________________
ntfs
6.
7.
E9-16
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
8.
E9-17
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
9.
To view the UNIX permissions on the files in this multiprotocol environment, enter the
following option at the storage system prompt:
system>options cifs.preserve_unix_security on
Enabling this option allows you to manipulate a files UNIX permissions
using the Security tab on a Windows client, or using any application that
can query or set Windows ACLs. When enabled, this option causes UNIX
qtrees to appear as NTFS volumes. The default for this option is off.
10.
11.
E9-18
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
You are a Windows user accessing this UNIX file with your mapped UNIX
credentials. Your UNIX credentials are used when evaluating your access requests by
comparing your credentials against the file or folder UNIX access permissions.
3.
4.
Do you think when you remove a share that you delete the underlying qtree?
_____________
The qtree is not deleted.
Go check. Do you remember the command to view the current qtrees and volumes?
_____________
qtree status
E9-19
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
MODULE 5: DOMAINS
Answers
Module 5: Domains
E9-20
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
44
4.
5.
To view the share permission the datatree1_ntfs share, right-click the datatree1_ntfs
share, choose Properties, and then click the Share Permissions tab.
Which group has access to see this share? ________________________
Everyone
Give the new domain user (that you created in the previous lab
user_<first_initial>_+_<last_name>) access to the datatree1_ntfs share by performing
the following:
a. In the datatree1_ntfs Properties window, in the Share Permissions tab,
click the Add button.
b. In the Enter the object names to select text box, enter the new domain user
name.
c. Click the OK button.
What are the share permissions for the new domain user? _______________
Read & Execute and Read
d. In the Share Permissions tab, modify the share permissions for the new
domain user to Full Control by marking the Full Control check box in the
Allow column.
e. Click the Apply button.
f.
The CLI equivalent entered at the storage system prompt that modifies share-level
access control to Full Control is demonstrated in the following example, where
datatree1_ntfs is the name of the share:
NetApp>
cifs access datatree1_ntfs domain_user_name Full Control
6.
7.
E9-21
Click the Sessions folder (beneath the Shares folder in the console tree) to view the
current sessions.
Which user or users have current session(s) with the storage system?
_________________________________________
Administrator
Click the Local Users and Groups folder in the console tree.
CIFS Administration on Data ONTAP 7.3: M09_AppendixA_Exercise
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
a. Click the Users folder. Who are the local users in your storage system?
________________________________________________________
Answers may vary. The local user created earlier is here.
b. Click the Groups folder. Which group is not a predefined group?
__________________________________________________
Answers may vary. The local group friends created earlier is here.
8.
With the Groups folder open, right-click the Guests account and choose Properties to
view the Guests properties.
Which users are members of the Guests group?
___________________________________________________
The local user that was added earlier as well as Domain Guests
Click the Cancel button.
NOTE: The Guests account has domain and local storage system users.
9.
With the Groups folder open, right-click the friends account and choose Properties to
view the friends group properties.
Which user or users are members of the friends group?
_________________________
The local user that was added earlier.
Click the Cancel button.
10.
With the Groups folder open, right-click the friends account and choose Add to
Group to add the new domain user to the friends local group by performing the
following:
a. In the friends Properties window, click the Add button.
b. In the Enter the object names to select text box, type the new domain user
(user_<first_initial>_+_<last_name>).
c. Click the Check Names button.
d. Click the OK button.
e. In the friends Properties window, view the newly added domain user to the
Members list for the friends share.
f.
11.
With the Groups folder open, right-click the Administrators account and choose
Properties to view the Administrators properties.
Which members can fully administer the storage system?
________________________________________________
Administrator and Domain Admins are here.
Click the Cancel button.
E9-22
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
TASK IV: VIEWING SHARES AND SESSIONS AND ADDING A NEW SHARE
USING FILERVIEW
2.
3.
E9-23
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
Answers
Module 6: Advanced Administration
E9-24
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
62
63
At the storage system prompt, enter the following command to view the current
cifs.audit options:
system>options cifs.audit
What is your cifs.audit.autosave.onsize.enable setting?
____________________________
off
What is your cifs.audit.enable setting? ___________
off
If cifs.audit.enable is set to off, then enable auditing by entering the following
command at the storage system prompt:
NetApp> options cifs.audit.enable on
What is your cifs.audit.autosave.ontime.interval setting?
___________
Not set.
E9-25
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
____________________
______
At the storage system prompt, view the CIFS home-directory paths by entering the
following command:
NetApp>rdfile /etc/cifs homedir
Which CIFS home-directory path displays? __________________________
/vol/flexvol1/users_home
9.
At the storage system prompt, view the CIFS home-directory paths by entering the
following command:
system>cifs homedir
Which CIFS home-directory path displays? __________________________
/vol/flexvol1/users_home
E9-26
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
MODULE 7: PERFORMANCE
Answers
Module 7: Performance
E9-27
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
34
TASK I-V:
Results will vary.
MODULE 8. TROUBLESHOOTING
Answers
Module 8: Troubleshooting
E9-28
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
59 59
60 60
E9-29
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
61 61
62 62
E9-30
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
63 63
Appendix B
NETAPP UNIVERSITY
The goal of this lab is to give you an opportunity to install and set up the Data ONTAP
simulator. The simulator environment will allow you to test commands and functionality before
deploying in a production environment.
OBJECTIVES
Configure a Linux virtual machine to work with the Data ONTAP simulator
TIME ESTIMATE
60 Minutes
E9-2
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
1.
Log in to your Windows environment with the user name and password provide by
your instructor.
Your instructor will inform you whether the Windows environment is local or remote.
If it is remote, your instructor will explain how to access the remote machine.
Locate the VMware Workstation icon on your desktop and double-click it. You should
see the VMware Workstation interface.
You now are going to launch a Red Hat Linux virtual machine, which is going to host
your Data ONTAP simulator. A Red Hat Linux tab may appear within the VMware
Workstation window. If it does, go to the next step. If the Red Hat Linux tab does not
appear, select File from the menu and then Open and then browse to the location of the
.vmx file.
The path might be C:\Red Hat Linux\Red Hat Linux\redhat.vmx. If you cant find it,
ask your instructor.
2.
3.
4.
Once the Red Hat Linux tab appears within VMware Workstation, locate the
Commands section within the main page and click the Start this virtual machine link.
Answer OK to any pop-up message box that might appear. Your virtual machine
should launch. This could take five minutes or longer depending on your environment.
5.
Once the graphical interface is displayed, single-click your mouse in the virtual
machine environment. Notice that your mouse gets trapped within the virtual machine.
To release it and work with your Windows environment, press Ctrl and Alt buttons at
the same time. Please type in your user name and password provided by your
instructor.
Red Hat Linux user name: _________________ (usually root)
Red Hat Linux user password: _____________ (usually netapp)
Once logged in, you should see the Red Hat desktop.
E9-3
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
6.
There are now some preliminary configurations you need to do before you launch your
Data ONTAP simulator. The Data ONTAP simulator gets its time from its hosted
operating system in this case, Red Hat Linux. You are going to ensure that your
virtual machine is in sync with your Windows environment.
Right-click on the date and time in the lower right-hand corner and select Adjust Data
& Time from the pop-up menu.
7.
8.
9.
The Data/Time Properties box should appear. Within the Date/Time tab, notice that
you can synchronize Red Hats clock with a remote time server. Check the Enable
Network Time Protocol in the IP address of your Windows domain controller. Then
select the Time Zone tab at the top of the Date/Time Properties and make sure that the
configured time zone is the same as the Windows environment. Select OK to commit
any changes.
Next, right-click on the Red Hat desktop and select New Terminal from the pop-up
menu.
You will need to be familiar with the new Red Hat environment, particularly the
interfaces, before you install the Data ONTAP simulator.
Type ifconfig -a and press Enter.
Notice that there are at least three interfaces: eth0, eth1, and the loopback called
lo.
You will use the eth0 interface for the Data ONTAP simulator.
The Red Hat virtual machine will use the eth1 interface.
10.
Task complete.
11.
E9-4
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
1.
Go to the Red Hat virtual machine. A terminal window should be open. If not, right
click on the Red Hat desktop and select New Terminal from the pop-up menu.
In your lab environment, the Data ONTAP simulator should already be downloaded
and the tar file extracted in the Red Hat environment. If you were setting up the
simulator in your own environment, you would need to download the simulator and
extract the file yourself. The simulator can be downloaded at http://now.netapp.com.
2.
3.
4.
The first question that pops up is Where to install to? Press Enter to accept the
default unless your instructor tells you otherwise.
5.
For Would you like to install as a cluster?, press Enter to accept the default.
6.
7.
For Continue with installation?, type in Yes and press Enter. At this time, the
simulator will be installed into the new local Red Hat directory.
8.
9.
For Ask for floppy boot?, press Enter to accept the default.
10.
For Which network interface should the simulator use?, verify that the default is
eth0 and press Enter.
11.
For How much memory would you like the simulator to use?, press Enter to accept
the default.
12.
For Create a new log for each session?, press Enter to accept the default.
13.
For Overwrite the single log each time?, press Enter to accept the default.
14.
Note that the simulator installs only three disks by default. You need to increase this
amount so you have plenty of disks to work with in future labs. For How many more
would you like to add?, type in 11 and press Enter. Notice your will have a total of
14 disks that you will add to a single shelf, which is just like having a full DS14 shelf
in the real world.
15.
In the What disk size would you like to use? question, select e and press Enter.
Notice that each disk will only have 450 MB of disk space. This will limit the size of
E9-5
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
the files you will work with during the labs.
16.
For Disk adapter to put disks on?, press Enter to accept the default. The disks will
be created.
17.
The setup.sh script now is completed and you have successfully set up the Data
ONTAP simulator. Keep the simulator running if you dont have a FAS system
assigned. This is will be your controller for the subsequent exercises.
18.
Task completed.
19.
STEP
ACTION
1.
Your instructor should have provided a completed configuration worksheet for your
particular environment. If not, please ask the instructor for it now.
Now that you have all the relevant information that is needed to configure your new
Data ONTAP simulator, type in the following command /sim/runsim.sh in the
Red Hat terminal window and press Enter. Notice as the simulator boots that there are
11 broken disks with bad labels. You will fix this in a future step.
2.
3.
When your storage system boots the first time, it immediately will go into the setup
command. If you make any mistakes, you can also run the setup command again
and enter the correct value.
The first question is the new host name of your storage system.
Please enter the value you recorded in the Configuration Worksheet and then press
Enter.
4.
The next question is whether you will configure any virtual network interfaces. As
you might recall, you will not be using VIFS at this time.
Press Enter to access the default.
5.
The next question is the IP address for ns0. Remember, this is the IP address of eth0
on the Linux simulator.
Please enter the value you recorded in the Configuration Worksheet and then press
Enter.
6.
The next question is the netmask for ns0. Remember, this is the netmask address of
E9-6
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
eth0 on the Linux simulator.
Please enter the value you recorded in the Configuration Worksheet and then press
Enter.
7.
8.
For Would you like to continue setup through the Web interface?, press Enter to
accept the default.
9.
10.
11.
The next question is the IP of the administration host. If you recall, the Linux virtual
machine has at least two main interfaces: eth0 and eth1.
The interface eth0 is used for the Data ONTAP simulator, which you recorded in
Step 5.
The interface eth1 is used for the Linux virtual machine itself. This is the value you
will record here. The Linux virtual machine will become your administration host.
Please enter the value you recorded in the Configuration Worksheet and then press
Enter.
12.
13.
The next question is the system location. This is just a text field. Type in any value
you wish.
14.
The next question is the systems language. You will not be configuring the language
for thtis simulator.
Press Enter to not set the language.
15.
16.
17.
18.
The next question is Do you want another nameserver? Press Enter to accept the
default value.
E9-7
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
19.
The next question is Do you want to run NIS client? Press Enter to accept the
default value.
20.
The next question is for the new password for root. Type in netapp and press Enter.
21.
22.
Setup is now complete. Because the simulator already has CIFS licensed, it will go
into the cifs setup command.
23.
The first question is whether you are using WINS. Press Enter to accept the default
value because you are not using WINS.
24.
The next question is whether you are using multiprotocol (NTFS and Unix File
System) or Windows NTFS only.
Press Enter to accept the default value because you are going to use multiprotocol.
25.
The next two questions are asking for the roots password.
Please type netapp and press Enter twice.
26.
Next, the system defaults the CIFS server name to the hostname of the system. The
question then asks you whether you would like to change this.
Press Enter to accept the default.
27.
The next question concerns how you are going to authenticate users. You are going to
use Active Directory domain authentications in this environment.
Press Enter to accept the default.
28.
The next question concerns the name of the Active Directory domain. This is the
same as your DNS domain.
Press Enter to accept the default.
29.
You then need to configure the time services, so press Enter to accept the default.
30.
The name of the time server should be the IP address of your Windows domain
controller.
Type in the IP address of the Windows domain controller and press Enter.
31.
You only have one time server, so press Enter to accept the default.
32.
33.
Type in the password of the domain administrator as provided by your instructor and
press Enter.
34.
The question concerns how you are going to identify the system with Active
Directory.
Press Enter to accept the default of CN=computers.
35.
The next question is whether the simulator should create the Windows local
E9-8
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
administrator account in the local /etc/passwd file.
Press Enter to accept the default.
36.
37.
You will not be using any other users or groups to administrate your system so press
Enter to accept the default.
38.
The CIFS server should be running now and the simulator should be requesting a
login.
Log in using root with the password netapp.
You should now be at the systems prompt. You have successfully set up the Data
ONTAP simulator.
39.
Task complete.
40.
E9-9
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
STEP
ACTION
Preparing additional disks
1.
2.
Notice the broken disks that have bad labels. The names of the broken disks are
displayed in the second column and begin with v. For example, v4.19 all the way
through v4.29. These are the disks you added when you installed the simulator.
At the prompt, type in priv set advanced and press Enter.
3.
You are going to use the disk unfail command along with the disk name to fix
the disks.
Type in disk unfail s <disk name> and press Enter.
For example, disk unfail s v4.19
4.
Repeat this for all disk names that you identified in Step 1.
Type in sysconfig -r and press Enter and verify that all the broken disks are now
spares that are not zeroed.
5.
At the prompt, type in priv set admin and press Enter to take the system out of
advanced mode.
6.
Now type disk zero spares at the prompt and press Enter so that these disks
will be available for use in future labs.
7.
8.
Task complete.
END OF EXERCISE
E9-10
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
CONFIGURATION WORKSHEET
TYPES OF INFORMATION
Storage system
YOUR VALUES
Administration host
Host name
IP address
Virtual interfaces
Ethernet interfaces
Interface name
IP address
Subnet mask
Partner IP address
Media type (network type)
Are jumbo frames supported?
MTU size for jumbo frames
Gateway name
IP address
E9-11
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
Domain name
Server address 1
Server address 2
Server address 3
NIS
Domain name
Server name 1
Server name 2
Server name 3
Windows domain
WINS servers
1
2
3
MAC address
IP address
Network mask (subnet mask)
Gateway
Media type
Mail host
RLM
MAC address
IP address
E9-12
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
E9-13
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.
E9-14
2008 NetApp. This material is intended for training use only. Not authorized for re-production purposes.