[ppt]title slide with picture · web viewcontrolpoint retention of business records with hpe...

Copyright 2016 Hewlett Packard Enterprise Development LP

HPE 3PAR File Persona v1.3Delta Training

July 2016

3PAR StoreServ Management Console

SMB NFS REST

File Persona

Confidential – For Training Purposes Only 2

Learning objectives

After completing this course, you should be able to:

– List the new features of HPE 3PAR File Persona Software v1.3

– Describe how the new features improve the functionality of HPE File Persona Software 1.3

– Identify command and menu or pane changes caused by the new features.

– Describe how the new features affect the StoreServ system management.


Agenda

– HPE 3PAR File Persona v1.3 overview and changes– Expanded ISV solutions

– Larger File system size (64 TB FPG)

– FTP support

– Updated On-Disk Version

– Backup/Restore ACL Preservation

– Cross Protocol Access

– File Lock Enterprise Mode

– Online FSCK

– Antivirus Enhancements.

– Object Access API Enhancements

HPE 3PAR File Persona v1.3 overview and changes



HPE 3PAR File Persona v1.3 Overview and changes

– HPE File Persona v1.3 is part of 3PAR OS 3.2.2 MU3 patch

– The 3.2.2 MU3 patch is supported on all platforms supporting File Persona– 7000c Family

– 8000 Family

– 20000 Family

– Closes some gaps in customer expected features and behaviors

– Improved cross-protocol access and locking behavior for a multi-protocol environment

– Expands the green zone with data preservation and governance use case

– Provides general quality improvements and enhancements in the area of FSCK, Antivirus and Object Access API.


HPE 3PAR File Persona v1.3 overview and changesList of enhancements in File Persona v1.3

– Resolution of a number of bugs and change requests

– Expanded ISV solutions

– Larger File system size (64 TB FPG)

– FTP support

– On Disk Upgrade to support the new functionality

– Configuration Backup/Restore ACL Preservation


HPE 3PAR File Persona v1.3 overview and changesList of enhancements in File Persona v1.3

Enhancements covered in separate sections

– NTFS security mode File Stores to allow cross-protocol access with multiple writers and User Mapping support

– New feature File Lock Enterprise Mode

– Online File System Check

– Sophos Endpoint Protection Antivirus support

– Antivirus Bulk-Quarantine

– Object Access API enhancements


HPE 3PAR File Persona v1.3 overview and changesSpectrum of workloads and uses

File Persona

Block Persona

Home directories and user/group shares

Content management and collaboration

Data preservation and governance

Virtualization Databases Applications

SMB, NFS, FTP, REST

FC, FCoE, iSCSI


HPE 3PAR File Persona v1.3 overview and changesExpanded green zone

Expanded green zone with three new validated solutions

Home directories & user shares

- User and group/corporate shares

- Home directory consolidation for physical desktops and VMware Horizon virtual desktops

Content management & collaboration- Content management and collaboration for

SharePoint with AvePoint DocAve

- Enterprise file sync and share with Citrix ShareFile

Data preservation & governance- Structured data optimization with HPE Structured Data

Manager

- Unstructured data governance with HPE Storage Optimizer and HPE ControlPoint

- Retention of business records with HPE Records Manager

- Enterprise information archiving with Commvault & Veritas Enterprise Vault

- Video surveillance with Genetec Omnicast and Milestone Xprotect, Verint Nextiva

- Real time business analytics for scale-out SAP HANA TDI shared infrastructure

Not to be used for anything not listed as green zone, for example:- Databases- Virtualization

- HPC applications- Video editing and media streaming


HPE 3PAR File Persona v1.3 overview and changesLarger file system size

Larger file system size – 64TiB FPG for simpler scaling of large data sets within a single file share

3.2.1 MU1 3.2.2 3.2.2 MU2 3.2.2 MU3 Patch

32 32 326464

128 128 128128

256

512 512

FPG size (TiB)Per node pair capacity (TiB)Max system capacity (TiB)

NewJan 2015

Aug 2015

2X

Feb 2016

4X

2X


HPE 3PAR File Persona v1.3 overview and changesFTP support

– FTP File Share support in addition to SMB, NFS, HPE 3PAR AccessAPI File Share support.

– FTP File Share supported features include:– Upload, download, append, rename, and delete files

– Create, rename, and delete directories

– Enumerate files

– Get current working directory.

– FTP File Share defined parameters are:– Access permissions

– Enabling/disabling local/anonymous users

– FTPS related SSL options

– HPE recommends using secure FTP (FTPS) for security reasons


HPE 3PAR File Persona v1.3 overview and changesFTP support

– The FTP protocol can be used to perform the following tasks over a file system storage share:– FTP in both non-secure and secure mode

– SMB (AD, LDAP, Local Auth) and anonymous user access

– Read-only mode

– FTP File Share with one or more VIF IP address

– VFS IP for one FTP share only

– Add/delete IP in FTP File Share

– Modification of configuration options (like disable SSL, enable anonymous)

– Home directory based on UNIX user names

– The following options are specific to the createfshare ftp [options <arg>] subcommand:

-ssl {true|false} specifies if SSL is enabled. The default is false.NOTE: To enable SSL, the VFS must have a valid certificate configured.

HPE 3PAR File Persona v1.3 overview and changesOn-Disk Version - Update

– On-disk version is used to distinguish the set of functionality available on File Provisioning Groups (FPGs) from different software versions

– On-disk version history:– On-disk version in previous releases was 11.0

– On-disk version in 3.2.2 MU2 was 12.0

– On-disk version in 3.2.2 MU3 patch for new FPGs is 12.1

– Newer software versions will support older FPG versions.

– Older software versions will not support newer on-disk versions.

– On-disk minor-version upgrade capability is provided for 11.0 to 11.1 and 12.0 to 12.1

– On-disk major-version upgrade capability will be provided in software version 3.2.3



HPE 3PAR File Persona v1.3 overview and changesNew features requiring new On-Disk Version

3.2.1MU1 3.2.2 3.2.2 MU2 3.2.2 MU3 Patch

FPG v11.0 FPG v11.0

FPG v11.0

FPG v12.0 FPG v12.1

FPG v11.0

FPG v11.1

FPG v12.0Only OS upgrade path

Default for new FPGs

Base feature set introduced for File

Persona

Base feature set introduced for File

Persona

Quota accounting excluding

snapshots;Pre-enablement for Online FSCK and

File Lock

Online FSCK;File Lock;

Dedicated security modes;

Cross-protocol locking

FPG v11.0 FPG v11.0 FPG v12.0 FPG v12.1

upgrade FPG v11.0 to FPG v11.1 to enable Quota accounting excluding

snapshots;

On-disk upgrade path

Only OS upgrade path


HPE 3PAR File Persona v1.3 overview and changesFeatures requiring new On-Disk version

FPGs with newer on-disk versions cannot be activated on older software versions

– Need to account for this is Remote Copy of VVs making up FPGs

– Remote Copy and failover will continue to operate with mixed software versions, as long as on-disk version stays at a level compatible to both

– Until both sites have been upgraded to the new software, do not use newer on-disk version

HPE 3PAR File Persona v1.3 overview and changesRemote Copy On-Disk version upgrade sequence


Site 1A

B’

Site 2A’

B

2. Upgrade Site 1 to 3.2.2 MU3 patch

Site 1A

B’

Site 2A’

B

3. Upgrade Site 2 to 3.2.2 MU3 patch

Site 1A

B’

Site 2A’

B

C C’

4. Create new FPG with ODV 12.1 Upgrade others to 11.1

Site 1A

B’

Site 2A’

B

1. Cross Replication on 3.2.2

Software – 3.2.2

Software – 3.2.2 MU3 patch

On Disk – 11.0

On Disk – 11.1

On Disk – 12.0

HPE 3PAR File Persona v1.3 overview and changesOn-Disk version verification7450_25_8_6 cli% showfpg ------(GB)-------FPG -Mountpath- -Size-- Available ActiveStates -DefaultCpg- ---------VVs--------- State VersiontestFpg0 /testFpg0 1024.00 1023.35 ACTIVATED SSD_r6 testFpg0.1 degraded 12.0*----------------------------------------------------------------------------------------------------- 2 total 1026.00 1025.19

7450_25_8_6 cli% showfpg -d testFpg0------------------File Provisioning Group---------------------File Provisioning Group : testFpg0…Upgrade State : UPGRADABLEVersion : 12.0…SegmentNumber FSCKState FSCKPhaseRequired 1 NOT_REQUIRED NONE


HPE 3PAR File Persona v1.3 overview and changesOn-Disk Version Health7450_25_8_6 cli% showfpg ------(GB)-------FPG -Mountpath- -Size-- Available ActiveStates -DefaultCpg- ---------VVs--------- State VersiontestFpg0 /testFpg0 1024.00 1023.35 ACTIVATED SSD_r6 testFpg0.1 degraded 12.0*----------------------------------------------------------------------------------------------------- 2 total 1026.00 1025.19

7450_25_8_6 cli% checkhealth -detail fsChecking fsComponent ------Description------- Qtyfs File Services FPG issues 1 Component -Identifier- --------------------------Description--------------------------fs testFpg0 testFpg0 : On-disk version for segment is not up to date. Some features may not be available in the current on-disk version. Corrective Action: Upgrade segment to the newest supported on-Disk version.


HPE 3PAR File Persona v1.3 overview and changesOn-Disk Version Upgrade7450_25_8_6 cli% setfpg -upgrade testFpg0This action will upgrade the current on disk version of the FPG to the latest supported version.select y=yes n=no : y8778



HPE 3PAR File Persona v1.3 overview and changesOn-Disk Version Upgrade & Downgrade Considerations

– No On-Disk version upgrade from 11.x to 12.x in this release

– Before attempting a software revert, usage of the following items would need to first be removed from the system:– FPGs with on-disk version 12.1

– If reverting to a version before 3.2.2 MU2, additionally:– FPGs with on-disk version 11.1

– Configuration backups taken with 3.2.2 MU3 can only be restored on 3.2.2 MU3 or newer software


HPE 3PAR File Persona v1.3 overview and changesOn-Disk Upgrade Troubleshooting – Error Messages

– Could not perform ODU for FPG {0} because segment has the latest supported version

– FPG {0} has to be mounted, not frozen, and not isolated to run ODU

– ODU task already running for FPG {0} on segment(s) {1}

– Segment(s) number {0} is not valid

– Could not perform ODU for FPG {0} because segment has the latest supported version

– Target on-Disk version {0} is not valid

– ODU cannot start during software upgrade/revert

– ODU cannot start on FPG {0} because there is no sufficient disk space.


HPE 3PAR File Persona v1.3 overview and changesSystem Configuration backup/restore

– System configuration contains info for all the File Stores and File Shares within a VFS

– Backup and restore using backupfsconf and restorefsconf CLI utilities

– System configuration backup is done separately from the data backup

– Backup/restore process varies based on backup software

– MD5 checksum for configuration backup data integrity

– Share folder permissions are not restored in version 1.2

File Provisioning

Group

Hive/Config Store

Virtual File Servers

Hive/Config Store .admin File Store 1 File Store 2

Files

Config-backup

Files

Share1 (Http)

Share1 (NFS)

fpg_vfs_configbackup.tar

Share2 (CIFS)

Files

Security Mode

OwnershipACL (share

folder)


HPE 3PAR File Persona v1.3 overview and changesConfiguration Backup/Restore ACL Preservation

– Previously, when backing up share configuration for a VFS using “backupfsconf”, only the share configuration was backed up, not the ACL on the underlying folder

– During restore, an administrator would need to manually configure the ACLs again

– In 3.2.2 MU3 patch, the backup will now contain the ACLs for the underlying folders supporting the shares

– The syntax from the CLI is unchanged, so no updates to the usage are required

• Security mode (Cross Protocol) for File Store• ACL’s for Share folders• POSIX attributes for share folders

New data backed up and restored


HPE 3PAR File Persona v1.3 overview and changesACL Backup Internals

• Security mode for each File Store

Cross protocol

• Listing all File Stores and collecting the security mode set on each File Store

• Listing all shares including HTTP, NFS and CIFS• Collecting ACLs for every share path

• # getfattr --absolute-names -n system.ade_acl <sharepath>

ACL changes

• Ownership details for each share folder• # stat --printf='%U:%G' /fpg/vfs/fstore/share5

POSIX attributes


HPE 3PAR File Persona v1.3 overview and changesACL Restore Internals

• Set Security mode for each File Store

Cross protocol

• Modify/Set ACLs on Restore.• # setfattr -n system.ade_acl –v <shareACL> <sharepath>

ACL changes

• Modify Ownership.• # chown user2:Administrators <sharepath>

POSIX attributes


Cross-protocol access


Cross-protocol accessBenefit

– Most NAS customers want multi-protocol access for common data on the storage controller allowing simultaneous Read/Write access ensuring data integrity.

– Prior to v1.3, multi-protocol access in File Persona was limited to one protocol with read/write access and the secondary protocols with read only access due to lack of cross-protocol locking.

– File Persona v1.3 allows customers to access data from more than one protocol with read/write access using cross-protocol locking ensuring NFS clients can access the files opened by SMB clients through share mode locks.

– File Persona v1.3 provides dedicated security mode for a preferred protocol avoiding other protocols to overwrite the permissions on the files in a specific File Store.

Primary protocol Access Secondary protocol Access

SMB RW NFS RO

NFS RW SMB RO

HTTP RW SMB/NFS RO


Cross-protocol accessChallenge

– Lack of preferred access for a specific protocol for simplifying cross-protocol management– Allowing different protocols to overwrite directory permissions at share level complicates predicting

permissions.– Allowing both SMB and UNIX Protocol clients change permissions could cause fidelity loss and

inconsistency with preferred protocol semantics.– Lack of cross protocol locking support leaves data vulnerable for data loss.Solution:– Configurable security mode per File Store to provide near native user experience for preferred protocol

based on security mode.– Default ACL is consistent and predictable.– Restriction on permission changes from non-preferred clients to prevent fidelity loss.– SMB share mode locks are honored across all protocols to prevent data loss for SMB shares– The Default ACL for share folders is security mode-specific, irrespective of the share protocol


Cross-protocol accessImplementation

Two different security modes configurable at file-store level:

– LEGACY – Backward compatibility with file stores created with File Persona v1.2 or earlier. Only one protocol can Read/Write and others can Read-only. Access permission change are allowed from both Windows and UNIX clients.

– NTFS – Preferred access mode for Windows clients. UNIX clients may see surprises. Read/Write access is allowed for both Windows and UNIX clients. No restrictions apply for Windows clients. Windows inheritance rules apply. UNIX clients cannot perform permission-setting operations.

Legacy mode

FPG

NTFS mode

FPG

All File Stores in Legacy mode File Stores with different security mode co-exist

UpgradeFSt1 FSt2FSt1 FSt2 Legacy mode

FPG version 12.0 and prior

FSt3

FPG version 12.0 and 12.1

Cross-protocol accessLEGACY security mode

– Files/folders will have the precedence for either NTFS ACLs or POSIX ACLs, based on permissions last applied– If permissions last applied are from SMB clients, then NTFS ACLs are

dominant and NFS clients are presented the translated POSIX ACLs for security checks and vice-versa.

– Default permissions for new files follow Windows rules for SMB clients and POSIX rules for NFS clients

– R/W access for one protocol and R/O for others for a share

– Permission changing allowed from both SMB and NFS clients– chances of overwriting NTFS ACLs from NFS

– File names can be case insensitive for SMB clients and case sensitive for NFS clients – chances of overwriting files if file names in the same directory differ only in

case


Best practice:

– Use the Legacy mode for backwards compatibility only or for single protocol share for NFS/Object access


Cross-protocol accessLEGACY security mode behavior

Unexpected ACL behavior on Windows side if the directories created from Linux clients

– Everyone group appearing on the dir created from NFS– Group1 now allowed on the dir created from NFS

31

ACLs on directory created from Linux client

ACLs on shared File Store with Legacy security mode

Unpredictable behavior from NFS clients

ACLs on directory created from Windows client


Cross-protocol accessNTFS Security Mode

– Enforces NTFS style security behavior on files/folders in a File Store

– Files/folders will maintain full fidelity NTFS ACLs

– Default permissions for new files will follow Windows inheritance rules always

– RW access allowed for both SMB and NFS clients via shared mode locks

– Permission changing not allowed from NFS clients

– File names can be case insensitive as expected by SMB clients

– For SMB clients the ACLs and enforcement will match 100% to the permissions expected from Windows.

– For NFS clients the translated POSIX ACLs for security checks are presented

Best practice:

– Use NTFS security mode for a Windows dominant environment


Cross-protocol accessNTFS security mode behavior

ACLs on shared File Store with NTFS security mode

Expected ACL inheritance on Windows side even if the directories created from Linux clients

– No change on the inherited ACLs

ACLs on directory created from Linux client

ACLs on directory created from Windows client

Same behavior as Windows


Cross-protocol accessNTFS Security Mode: Permissions Enforcement

Permissions and ownership of file objects can only be modified via one of the following methods:

– The Windows ACL from a Windows clients, if the user has the required permissions to modify Windows ACLs

– The system’s Converged ACL via the HPE 3PAR CLI, but only for directories in the root of a share (share folders)

The system’s Converged ACL will preserve the fidelity of:

– The ACL visible/modified from the Windows Client

– The ACL visible/modified via the HPE 3PAR CLI

When a new file object (file or directory) is created, Windows inheritance rules get applied to determine the object’s new ownership and permissions. Therefore, when accessing the file system via an SMB share from a Windows Client, the ACLs and enforcement will match 100% to the permissions expected from Windows.


Cross-protocol accessNTFS Security Mode: Permissions Enforcement

When accessing the file system via a UNIX interface, like an NFS share, the server synthesizes the on-disk ACL to a UNIX ACL.

– The server translates the higher fidelity ACL to its best approximation of UNIX ACLs.

– The resulting granted permissions could be more restrictive than the Windows ACL permissions.

– Permissions that users can grant when accessing files on an NTFS File Store via an NFS or HTTP client should be understood when crafting an ACL in the root folder of the share.

The following table describes the mapping of the system converged ACL permissions bits to Windows and UNIX ACLs.


Cross-protocol accessMapping of Converged ACLs to NTFS and POSIX ACLs

Converged ACL (3PAR CLI and GUI) NTFS ACLs POSIX ACLs (perm bits)

r ReadData/ListDirectories ReadData/List Folders r: ReadFile/ListDirn ReadNamedAttributes ReadExtendedAttributesx ExecuteFile/TraverseDirectory ExecuteFile/TraverseFolder x: ExecuteFile/TraverseDirectory

w WriteData /CreateFiles WriteData/CreateFiles w: Write file object (all 4 “waTN” required to have ‘w’ for write on directory)

a AppendData /CreateDirectories AppendData/CreateFolders

T WriteAttributes WriteAttributesN WriteNamedAttributes WriteExtendedAttributesD DeleteChild (dirs only) DeleteSubfoldersAndFiles (all 5 “waTND” required to have ‘w’ for write on

directory)o ChangeOwnership (of file/dir) TakeOwnership - Ignored - t ReadAttributes ReadAttributesc ReadACLs ReadPermissionsC Write ACLs ChangePermissionsd Delete object Delete

Cross-protocol accessShare Folder Permissions

– The Default Permissions in the Share Folder are specific to the security mode, independent of the protocol flavor of the share.

– The Default Permissions at the Share Folder might be different or more restrictive than in previous releases, but the administrators now have the option to modify the permissions at the share folder via the HPE 3PAR administration Command Line Interface (CLI).


Cross-protocol accessDefault Share Folder Permissions

A default share can be created either in the root of a File Store or in a subdirectory below the File Store root. If a share is created in a sub-directory, the directory permissions are inherited from the parent directory. Assuming that the administrator has done no modifications to the Share Folder permissions, the default Share Folder permissions logic is as a follows:

If a Default Share is created in the root of a File Store:

– From a Windows Client:– Everyone has permissions to mount and traverse to the mount point from a Windows client (non-inheritable

permissions)

– Only SYSTEM@NT_AUTHORITY (equivalent to root in Windows), and members of the Administrators group in the Windows domain have additional permissions such as full-control and inheritable permissions.

– From an NFS Client (or any UNIX client):– Everyone has permissions to traverse to the mount point (non-inheritable permissions)

– Only members of the Administrators group (if client has joined the same domain as server node) have additional permissions such as full-control and inheritable permissions


Cross-protocol accessDefault Share Folder Permissions

If a Default Share is created in a subdirectory below the File Store root, share directory permissions are inherited from the parent directory:

– From a Windows Client:– Only SYSTEM@NT_AUTHORITY (equivalent to root in Windows), and members of the Administrators group in the

Windows domain have full-control and inheritable permissions

– From an NFS Client (or any UNIX client):– Only members of the Administrators group (if same domain as server node) have full-control and inheritable

permissions

Note: NFS Clients cannot change permissions (independent of default ACL – by definition of the NTFS Security Mode)


Cross-protocol accessCross Protocol Locking


SMB user NFS user

Shared locksR/W access

R/W access

NTFS security mode

– Allows simultaneous read/write access to the same file using shared mode locks in NTFS security mode

– SMB client opens a file for RW access, other protocols are denied for write/delete/rename access

– NFSv4 opens a file for RW access – SMB clients are denied write access, but can rename/delete

Restrictions for cross-protocols:

– Cross-protocol locking not HA aware

– Advisory locks for NFSv3

– Support for SMB only operations– Byte range locks– SMB oplocks and leases must be disabled (default) – Windows Alternate Data Streams (ADS)


Cross-protocol accessExample open( , )access requested access granted to others

open(rw, r) open(ro, r)

open(rw, r) write(…) close


client1

client2

open(rw, r) write(…)


closedata loss: client2 still thinks its data is

stored, but it was overwritten.

client1

client2

WITH LOCKING

NO LOCKING

data consistent: client2 can only write after reading

the latest changes from client1.


Cross-protocol accessAdministration - CLI for security mode management

– Set the security mode while creating a file store. createfstore [–secmode {ntfs | legacy} [-secop_errsuppress {true | false}]] [-comment <comment>] [-fpg <fpgname>] <vfs> <fstore>

– Modify file store attribute to suppress errors during permission changes from UNIX: setfstore [-fpg <fpgname>] [-secop_errsuppress {true|false}] [-comment <comment>] <vfs> <fstore>

– Display file store attributes related to security modeshowfstore [-fpg <fpgname> [-vfs <vfs> [-fstore <fstore>]]] [-securityoptions]

– Cross Protocol Locking does not require any explicit configuration.


Cross-protocol accessExample: Managing Share Directory Permissions in the NTFS security mode

– Create a file store in the NTFS Security Mode:

createfstore –secmode ntfs –fpg fpg0 vfs0 ntfs_fstore

– Create an SMB share in the same directory or any directory below the file store:createfshare smb –fstore ntfs_fstore –allowperm Everyone:fullcontrol –

sharedir my_shared_dir smb_share0

– The resulting permissions on the share directory will be based on Windows permissions inheritance rules, default:

showfshare smb –dirperm –vfs vfs0 –fstore ntfs_filestore smb_share0 Share Name : smb_sare0 Sharepath : /fpg0/vfs0/ntfs_filestore/ my_shared_dir Owner : root Group : Administrators Modebits : 770 --------------------------ACL--------------------------- Type Flags Principal Permissions A I OWNER@ rwaDdxtTnNcCoy A fdI OWNER@ rwaDdxtTnNcCoy A fdgI GROUP@ rwaDdxtTnNcCoy A fdiI CREATOR^OWNER@ rwaDdxtTnNcCoy

Note: The –allowpmerm Everyone:fullontrol in the createfshare command refers to smb share permissions, and NOT to the directory ALCs


Cross-protocol accessManaging Share Directory Permissions in the NTFS security mode

– If desired, change owner/ group of the share directory using the CLI, for example:

setfshare smb -owner AD_domain\\share_owner -group AD_domain\\admin_group -fstore ntfs_fstore smb_share0

– If desired, change ACL of the share directory using the CLI, for example:

setfshare smb –acl +A:g:home_dir_group@AD_domain:raxtnc -fstore ntfs_fstore smb_share0

– If desired, create additional shares on the same directory. For cross-protocol access, can create a different protocol export, for example:

createfshare nfs –fstore ntfs_fstore –options rw,nohide –sharedir my_shared_dir nfs_share

NOTE: Unlike previous releases, the order of protocol share creation, or content in the directory, is no longer a concern. The ACL on the existing (shared) folder WILL NOT be overwritten with creation of new shares.


Cross-protocol accessConfiguration rules, installation, upgrade and downgrade considerations

– With On disk version 12.1, new file stores created will have explicit security mode.

– File Stores created prior to upgrade are in LEGACY security mode implicitly.

– When creating file store with an earlier version of SSMC:– No option to select security mode

– File stores would be created in LEGACY security mode.

Note: If NTFS security mode is desired this must be set with setfstore command before creating any data.


Cross-protocol accessSupported authentication providers

To ensure coherent cross-protocol access, each protocol’s client and server should resolve names to the same IDs and SIDs. Supported authentication providers are:

– Active Directory (AD) configured using one of the following two modes– Un-provisioned Mode

• Users UID/GID get synthesized.

– RFC2307 Mode• Each user and group object in active directory has UID and GID in Unix attributes.• Adoption requires configuring each object in active directory with UNIX attributes – Risky and not a user-friendly option.

– LDAP– POSIX Schema

• Users SID get synthesized

– Samba Schema• User and group object in LDAP has corresponding SID in LDAP.• Adaption requires configuring each object in LDAP with SID as required. – Risky and not a user-friendly option.

Cross-protocol accessFile Persona-supported authentication providers

Best practice:

– For Legacy security mode– Use Active Directory authentication with RFC2307 for cross-protocol access

– Unless cross-protocol access by same user is required, keep RFC 2307 disabled

– For NTFS security mode– Use Active Directory authentication with RFC2307 for cross-protocol access

– Unless cross-protocol access by same user is required, keep RFC 2307 disabled

– If using LDAP authentication, use samba schema for cross-protocol access

The authorization and name service software used by the client should be able to synthesize IDs using the same logic as Local Security Authority Subsystem Service (LSASS) when an AD is in un-provisioned mode or LDAP is in POSIX schema.

To overcome this, File Persona adds a name-mapping capability.



Cross-protocol accessUser Mapping Modes overview

File Persona v1.3 adds a name-mapping capability with different Join and Replace rules to map an AD user to an LDAP user and create an account with all the necessary ID and SID attributes to provide expected access across SMB and POSIX protocol.

User mapping between providers maps a user from an authentication provider to another user in the same or different providers:

– Static Mapping - Explicit mapping of a user to another user through a rule.

– Dynamic Mapping - User from one provider is mapped to a user with the same name from another provider without an explicit mapping rule

Cross-protocol accessUser Mapping rules


Operator Description Notes

=> Unidirectional Replace rule for static mapping.

Once the “From” user is authenticated, the given operator Replaces the “From” user’s identity with the “To” user’s identity.If the “To” user is missing any part of the identity or if the AD provider is in RFC2307 mode and the UID or primary GID is missing a rule, a failure will be reported.If the “To” user is an LDAP user and LDAP is configured in a POSIX schema, the SID will be synthesized. If the “To” user is an AD user and the AD is configured to be in un-provisioned mode, UID/GID will be synthesized.This type of mapping consolidates cross-protocol access to the same AD or LDAP account. It consolidates common access across-protocols without duplicating accounts and group memberships across name services.

== Bidirectional Join rule for static and dynamic mapping.

The operator Joins the native IDs of the “From” user and the “To” user.There is no positional relationship based on the rule as it’s a bidirectional rule.If an AD user logs in, the user’s identity includes the SID for the AD user and UID/GID of the mapped LDAP user. If an LDAP user logs in, the user’s identity includes UID/GID of the LDAP user and SID of the mapped AD user.By using a wild card for both “From” and “To”, instead of a specific name this rule can be used to support dynamic mapping. For example, * == * would result in any user from a provider to be mapped to another user with the same name from another provider.


Cross-protocol accessUser Mapping modes

STATIC Mapping

– Rules– From User => To User – Replace the identity of the “From” user to “To” user. Missing ID is synthesized. Modeled

after Samba-style mapping. So, typically you would map an AD user to LDAP user. Not good for bi-directional mapping. Since it is an identity transformation, there is no need for group mapping.

– From User == To User – Joins “From” users identity to “To” user’s identity. Works well for bi-directional mapping. Synthesized IDs not used. Also needs an explicit mapping of primary group or any other supplemental group that needs to be mapped. Can be used with both user and group names.

– Use case– Map users with different names across providers

– Need to be placed first to override a dynamic-mapping entry


Cross-protocol accessUser Mapping modes

Dynamic Mapping

– Rules– *==* - Any name with the same characters is mapped to the same name from a different provider with no domain

component. Characters are treated as case-independent. Applies to both user and group names that are same across providers.

– Use case– Map users with same name across providers automatically without an explicit rule.


Cross-protocol accessUser Mapping rules

Example of when to use Dynamic-Mapping Rules, instead of Static-Mapping rules

DOM\user1 == LDAP\user1DOM\user2 == LDAP\user2DOM\priGroupUsers1-5 == LDAP\priGroupUsers1-5

In this example, there is static mapping between user 1 and user 2. This requires a mapping of the primary groups for user and user. The user names and group names are the same, so the following dynamic mapping rule can be used in place of the three static mapping rules:

* == *


Cross-protocol accessUser Mapping usability flow

To enable user mapping, the mapping configuration file must be first imported to the cluster.

– Mapping file must be created with valid mapping entries on the client storage area.

– Once this file is created, it can be imported to the cluster using “–importconf” option of the “usermap” subcommand.

– If the entries specified in the file are correct, then the file will be imported to the cluster.

– Once this is done we can enable user mapping by using the option –enable.– Enabling without importing the file will throw an error.

– Note that enabling and disabling user mapping includes restart of SMB server and may cause interruption to the SMB services.

– Once the mapping is enabled we can see the status of it using “showfs -usermap” command. We can also see the profile of the mapped user/group entries by providing the options to this subcommand.

– The “showfs -usermap” subcommand is also used to copy all the user/group entries of the given provider or mapping configuration to the client storage.


Cross-protocol accessUser Mapping file

– Rules are evaluated in the order in which they appear in the mapping file until there is a match.

– Once a rule is matched, the processing stops.

– The typical placement of rules in a mapping file will be as follows:

1. Static Mapping rules may need to be placed first. It could be either a uni-directional replace or bidirectional join/merge rule depending on the deployment scenario. This would allow for overriding subsequent dynamic rule.

2. Dynamic mapping rule to map users and groups with same name across providers.

In all the above rules, if a rule is matched, but the “To name” is not resolvable, it results in failure.


Cross-protocol accessUser and Group Enumeration Support

Support for enumerating user and group objects, to enable migration from unprovisioned mode.

– Enumerate users and groups by provider to a file.

– Enumerate a specific user or group including mapped user.

– Use case– Check the validity of a mapping by enumerating a specific user.

– Options to migrate from un-provisioned mode:

1. Enumerate the user and group objects to find the synthesized ID and configure another authentication provider with synthesized IDs and setup mapping between those users.

2. Enumerate the user and group objects to find the synthesized ID and change the ownership of the file/directory objects from synthesized IDs to the ones in Active Directory in RFC2307 mode or LDAP in Samba Schema.

– setfs usermap command initiates the enumeration process

– showfs usermap command can be used to exported enumerated data


Cross-protocol accessUser Mapping support in File Persona 1.3 - manageability

– Mapping file can be imported through setfs usermap command

– Mapping file has to be imported to enable user mapping.

– Imported mapping file can be exported to view the content or to modify and reimport.

– Any time a mapping file change is imported or when user mapping is enabled from disabled state, setfs auth clearcache must be issued to clear the name caches.

– If a specific user’s mapping is modified, and there is already a session established for that user, the user needs to disconnect the client session prior to applying the map and reconnect after applying the map once the cache is cleared.

– Enumeration of user and group objects by provider can be initiated by setfs export command.

– showfs export can be used to export the file containing the results.

– showfs command also supports displaying individual user/group objects.

Cross-protocol accessUser Mapping commands

A new subcommand “usermap” is added to “setfs”, “showfs”, command with options


CLI Commands Functionality

setfs usermap [-f] -importconf < filepath_on_client> Imports user mapping configuration from the file specified.

setfs usermap –export {users|groups} –provider <provider> Exports users/groups of the specified provider.

setfs usermap [-f] –enable {true|false} Enables/Disables user-mapping configuration.

showfs –usermap Displays user-mapping status

showfs -usermap [-username <username> | -groupname <groupname> | -userid <uid|sid> | -groupid <gid|sid>] [-d]

Displays mapped profiles of individual user/group entries.

showfs –usermap-export {users|groups} –provider <provider> -file <filepath_on_client>

Copies all exported users/groups entries of the given provider to the client storage.

showfs –usermap-exportconf -file <filepath_on_client>}

Exports and copies mapping configuration to the client storage.


File Lock Enterprise Mode

File Lock Enterprise ModeFile Lock for data retention


WORMLegal HoldRetention

• Administrators can only extend the retention period of a file and/or delete a retained file

• Retention profiles like autocommit period, and legal holds supported

• Ensures data integrity via checksum validation for WORM files

• Uses system clock to enforce retention policies

Configured and managed at VFS or File Store level

Protects against accidental, premature, or malicious deletion and modification of data

Provides data retention for any period of time as required by legal statute or internal policy

Enterprise mode

File Lock enterprise modeBenefit

– Retention of files for certain periods of time is a mandatory requirement in Health care, Banking, Finance etc. , where records must be retained to a period specified as per the Govt. or Industry regulatory requirements.

– Data retention is intended for sites that need to archive Read-only files for business purposes and to ensure that files can not be modified or deleted for a specific retention period.

– To ensure that WORM and retained files remain unchanged, it is important to run a data validation scan periodically.

– These features are qualified extensively with ISV partners like GE Healthcare, Genetech, AgFa, Commvault etc.



File Lock Enterprise ModeFeatures

– Snaplock Protocol – from NFS, CIFS and HTTP commands like chmod 444 (Posix) can be used to convert a normal file to WORM; set atime to a future value in order to set the retention period.

– Validation scans –Validation on an FStore or a VFS profile can be enabled. This allows the FS to generate checksum for retained files for periodic validation through a scheduled validation scan.

– Autocommit – An Autocommit period can be defined in the profile. This essentially means that once a file is not accessed (read\write) for a period greater than the Autocommit period then the file automatically transitions to a retained state.

– Legal Hold – A special admin commands can be used to place a “Hold” on a file. This essentially retains the file indefinitely until the “Hold” is “Cleared”.– Enables files to be retained indefinitely

– File cannot be moved, modified, or deleted regardless of the retention period

– File reverts to its original retention period when legal hold is revoked

– Multiple legal hold is not supported


File Lock Enterprise ModeRetention Policy

Note– If the default retention period is set to zero, the file automatically becomes WORM.

– If the default retention period is set to a value greater than zero, the files become WORM-retained.

Retention Period Description

Default If a specific retention period is not applied to a file

Minimum Shortest amount of time that a WORM file can be retained

Maximum Longest retention period a file can have once committed to WORM

Autocommit Any unchanged files automatically become WORM or WORM-retained when this period expires


File Lock Enterprise ModeThe State Diagram

File set to RO or autocommit timer expires

Retained until retention period expires

Apply legal hold

File on hold cannot be deleted regardless of retention period

File can be deleted from a WORM state

Apply legal hold

ImmutableNormal file WORM Retained

On hold


File Lock Enterprise ModeFile states

Files in a FileStore can be in any of the following states:

– ..

State DescriptionNormal A file is normal when it is created in read-only mode or read/write mode, and it can

be modified and deleted at any time.Write-Once Read-Many (WORM)

Once a file is created (written) it is converted into a read-only file with no writing permissions thereafter. This file is called a Write-Once Read-Many (WORM) file. A WORMed file’s content and Permissions/ACLs can NEVER be modified.

WORM-retained A WORM file becomes a WORM-Retained file when a specific retention period is applied to it. The file is a WORM file until the retention period expires. Throughout the duration of the retention period the file cannot be modified and deleted.

WORM-Held The administrator can apply a legal hold on a WORM file. This file is called a WORM-Held file. Once a WORM file is put on hold, the file cannot be modified or deleted until the hold is released or revoked


File Lock Enterprise ModeImplementation

– The archive features in File Persona supports WORM, Retention and Data Validation features at a filestore granularity

– These features are available through standard protocols, such as NFS, CIFS and HTTP – this is traditionally known as SnapLock protocol semantics (chmod 444 OR attrib –R like commands honored from protocols)

– Retention attributes or profiles can be set at an Fstore granularity and support the following attributes:– Min retention period– Max retention period,– Default retention period – Autocommit period (optional if Autocommit is required) – Validation.

– Validation scans can be run on a single fstore or even at a granularity of a directory or a share level

– Backup and Recovery options through Virtual XATTRs allow integration of both share based backup and NDMP based backups


File Lock Enterprise ModeAdministration (CLI)

The 3PAR CLI commands to support File Lock Enterprise Mode categorized into following groups:

– setfsarchive

– showfsarchive

– startfsarchive

– stopfsarchive

– removefsarchive

Various operations supported by the CLI are explained in the slides that follow.


File Lock Enterprise ModesetfsarchiveConfigures the retention policy– setfsarchive pol [-mode {enterprise} -defperiod <defaultperiod> -minperiod <minperiod> -maxperiod <maxperiod> -autocommperiod <retentionautocommitperiod>] [-retenvalidation {enable|disable}] [-fstore <fstorename>] [-fpg <fpgname>] <vfs>

Enable or disable the inheritance at the FSTORE level– setfsarchive pol_inherit -inheritance {enable|disable} -fstore <fstorename> [-fpg <fpgname>] <vfs>

Sets/releases legal hold for the file specified– setfsarchive legalhold {-set |-clear} [-basepath <basepath>] {-files <filepath>[,<filepath>]… | -inputfile <pathoffile>} [-fpg <fpgname>] <vfs>

Changes the retention expiration date for the specified retained file(s)– setfsarchive retention [-basepath <basepath>] {-files <filepath>[,<filepath>]… | -inputfile <pathoffile>} -expdate <expirydate> [-fpg <fpgname>] <vfs>


File Lock Enterprise ModeshowfsarchiveDisplays the retention policy for the files in the file provisioning group at the VFS or File Store level– showfsarchive pol [-fstore <fstorename>] [-fpg <fpgname>] [ <vfs>]

List the retention setting for the specified file at the given path or for all the files at the given path– showfsarchive files [-basepath <basepath>] {-files <filepath>[,<filepath>]… | -inputfile <pathoffile>} [-fpg <fpgname>] <vfs>

Displays the information of the data validation scan– showfsarchive scan [-exportsummary] -fstore <fstorename> [-jobid <jobid>] [-fpg <fpgname>] <vfs>

Displays if FPG is retention enabled or not– showfsarchive retention <fpgname>


File Lock Enterprise ModestartfsarchiveStarts the data validation scan on the file provisioning group at the File Store level on the path given:– startfsarchive scan [-path <path>] [-fpg <fpgname>] -fstore <fstorename> <vfs>

Resumes the halted data validation scan:– startfsarchive scan - resume <jobid> [-fpg <fpgname>] -fstore <fstorename> <vfs>


File Lock Enterprise ModestopfsarchiveStops the already running data validation scan:– stopfsarchive scan [-f] [-fpg <fpgname>] -fstore <fstorename> <vfs> <jobid>

Pauses the already running data validation scan:– stopfsarchive scan -pause [-fpg <fpgname>] -fstore <fstorename> <vfs> <jobid>


File Lock Enterprise ModeremovefsarchiveDeletes the specified retained/Wormed file(s):– removefsarchive files [-basepath <basepath>] {-files <filepath>[,<filepath>]… | -inputfile <pathoffile>} [-fpg <fpgname>] <vfs>

Removes the retention period for the file specified:– removefsarchive retention [-basepath <basepath>] {-files <filepath>[,<filepath>]… | -inputfile <pathoffile>} [-fpg <fpgname>] <vfs>

Removes the data validation scan job:– removefsarchive scan [-fpg <fpgname>] -fstore <fstorename> <vfs> <jobid>


File Lock Enterprise ModeUpgrade and downgrade considerations

– FilePersona releases are controlled by separate software versions and on-disk version(ODV).

– File Lock Enterprise Mode is new feature on FilePersona 1.3 release and any new FPG created on 1.3 version gets an ODV of 12.1.

– Any older version (like 1.2 with ODV 12.0) can be upgraded to 1.3. But the existing FPG will continue to have ODV 12.0 until a separate on-disk upgrade performed.

– File Lock Enterprise Mode profiles can be set on FPG which has an ODV version of 12.1.

– On-disk revert is not supported now on FilePersona; any of the software revert from 1.3 will be vetoed until deletion of FPGs with ODV 12.1


File Lock Enterprise ModeTroubleshooting

Enable WORM related logging from Filesystem ( Issue the command from VM which has FPG mounted)

– rtool debug trace 0x0400000000000000LL

Specifcy the debug output location

– rtool debug trace_destination

Enable debug mode for WORM admin commands (Issued the command from active node)

– pm_server_config -c com.hp.storage.pml.file.archiving.api.ArchivingLog -v debug -p

List of logs to check for admin commands

– /var//log/pml/HpArchivingPlugin.log

– /var//log/pml/master.log


File Lock Enterprise ModeTroubleshooting

Validation scan related logs will available under /var/log/ade.

– validation.dbg

– validation.err

– validation.info


Online FSCK


Online FSCKTo minimize downtime for FS consistency checking

• Adaptive File System delivers high data integrity by design and is proven robust

• In case a FSCK is ever needed, it is online• Minimal recovery downtime

– Offline checks limited to metadata necessary to mount file system

– Most consistency checks online with file system active and serving data

• Limited data unavailability – Most corruptions fixed in background or on access– Unavailability limited to corruptions that cannot be

fixed on access

Time

File system offline

Previously with offline FSCK

File system online

Now with online FSCKPre-

mount

Offline verification andcorrection of minimalmetadata to mount

Online verification with inline correction

of corruptions

Completely offlineverification and correction

of corruptions

Complements inherent robustness of the HPE Adaptive File System

Exe

cute

d by

sup

port

only


Online FSCKFeatures

– Online File system metadata validation and correction.

– Online FSCK will fix the metadata inconsistencies where possible. If there are certain corruptions that can't be fixed online, it would require offline FSCK

– Minimize Downtime for FS Consistency Checking

– Allow normal FS operations during Online FSCK

– Minimal Performance Impact on user File IO (open/read/write) operations

– Prevent propagation of corruption. Do not allow inconsistent object to be accessed!

– Ability re-construct lost+found name space entries for VFS and File Store.

– Dynamic Progress Reporting via 3PAR CLI

– Ability to restart after system crash or in case of FPG failover – Progress Check Pointing.


Online FSCKFunction

– An unverified and potentially inconsistent FS is made available for Online FSCK operations

– Validates and corrects any metadata required to bring the file system, i.e. mount, online.

– Local properties of objects and global properties of FS structures consistency checked and verified on demand or in background thread– VFS/FileStore checking happens on priority once FS is mounted.

– VFS/FileStore found consistent or are corrected inline made available.

– Object consistency is checked on-demand on access– Made available if found consistent

– Made available if it can be corrected inline (Most inconsistencies can be corrected inline immediately!)

– If it cannot be corrected inline, object denied access (EACCESS error)

– Correction carried out later during last phase of Online FSCK and object made available.

– Progress check pointing supports restart from where it left in case of node crash or FPG failover.


Online FSCKWhen to run FSCK?

– HPE Tech Support will run FSCK either in response to FSCK alert event generated by the file system itself or in case of certain FS errors.

– If a metadata inconsistency is detected by File system module in an active file system. File System services will send an FSCK event with ALERT level to 3PAR event system.– The event will show up in the “showalert” CLI command and the “Alerts” tab in the GUI.

– There are certain error scenarios, besides the ones where file system raises FSCK alert, such cases require FSCK. – For example, failure to activate the FPG either due to transaction log replay failure or due to metadata inconsistency

detected while activating the FPG or an internal error is received when doing some VFS(Mtree)/FileStore(Stree) admin operation.

– Repeated VM node crash while activating the FPG – crash due to in-consistent transaction log record.


Online FSCKHow to run Online FSCK?

Verify the state of the filesystemshowfpg -d hpe_fpg– If filesystem is DEACTIVATED, nothing needs to be done.

– If filesystem is ACTIVATED, it can be gracefully DEACTVATED using the following command

setfpg -deactivate hpe_fpg

– If graceful deactivation is not successful, perform a force deactivation of the filesystem. Filesystem will stay activated, but will be isolated and frozen.

setfpg -deactivate hpe_fpg -forced


Online FSCKHow to run Online FSCK?

Use 3PAR CLI command “cli startfsck online <fpg_name>” to start Online FSCK on required FPG.

– # cli startfsck online hpe_fpg

– This command returns the task id to the user.

– Using showtask –d <task id> command one can check the status of the online FSCK task.

– # cli showfsck -d <tasked> command should be used for detailed Online FSCK progress report,


Online FSCKAdministration

– When FS detects metadata inconsistency, FPG FSCKState will be set to FSCK_REQUIRED and further attempts to activate the FPG will fail with FSCK required.

root@1617507-1 Mon Dec 07 15:09:54:~# showfpg ------(GB)-------FPG -Mountpath- -Size-- Available ActiveStates -DefaultCpg- -VVs-- State Versionfpg1 /fpg1 4096.00 4093.60 FAILED_TO_MOUNT NL_r5 fpg1.1 failed 12.1------------------------------------------------------------------------------------- 1 total 4096.00 4093.60 root@1617507-1 Mon Dec 07 15:10:18:~# showfpg -d fpg1------------------File Provisioning Group---------------------File Provisioning Group : fpg1Active path : /fpg1Active State : FAILED_TO_MOUNTFreeze State : NOT_FROZENIsolation State : ACCESSIBLEUpgrade State : OKVersion : 12.1FsGeneration : 1UUID : cc584d78-ba20-49aa-9f14-8e6f7886ad94Filesystem Number : 1Size (GB) : 4096.00Free (GB) : 4093.60Available (GB) : 4093.60Used (GB) : 2.40Files : 320298Files Free : 8867822269Default CPG : NL_r5VVs : fpg1.1Primary Node : 0Alternate Node : 1Current Node : 0Comment : -State : failed SegmentNumber FSCKState FSCKPhaseRequired 1 FSCK_REQUIRED PHASE0_AND_PHASE1 Domain Owner FsName Filesets VVIDs Nodes IpFsTypecf9b4c81-3ebd-4699-9c57-6e6577c2fdd9 0 fpg1 fileset1 222 1,0 ADE Volume VVID Nodes Capacity(GB)fpg1.1 222 1,0 4096.00


Online FSCKFPG activation failures examplecli% showfpg ------(GB)-------FPG -Mountpath- -Size-- Available ActiveStates -DefaultCpg- -VVs-- Statefpg1 /fpg1 1024.00 1022.78 DEACTIVATED FC_r0 fpg1.1 failed

cli% showalertId : 81State : NewMessage Code: 0x0720001Catalog-Key : filesystem-event:filesystem.cmd.mount.failedTime : 2015-08-18 11:07:03 ISTSeverity : MajorType : File Provisioning GroupMessage : File Provisioning Group:3743175153205572185:fpg1 Failed (NEEDS_SERVICE)Details : FPG Event: FPG fpg1 mount failed on host node1fs. Reason: Verify storage health and run FSCK phase 0 and 1

cli% setfpg –f -activate fpg111901

3paravatar19-ganjihal cli% waittask -v 11901 Id Type Name Status Phase Step -------StartTime------- ------FinishTime------- -Priority- -User--11901 background_command setfpg_task failed --- --- 2015-08-18 12:07:35 IST 2015-08-18 12:07:36 IST n/a 3paradm Detailed status:2015-08-18 12:07:35 IST Created task.2015-08-18 12:07:35 IST Updated Executing "setfpg_task" as 1:101612015-08-18 12:07:36 IST Updated Activating FPG fpg12015-08-18 12:07:36 IST Error Failed to activate fpg1: FPG fpg1 has one or more unavailable segments. Verify storage health and run FSCK phase 0 and 12015-08-18 12:07:36 IST Error Task exited with status 12015-08-18 12:07:36 IST Failed Could not complete task.Task has failed

DEACTIVATEDFAILED_TO_MOUNT


Online FSCK

– Start Online FSCK via “cli startfsck online <fpg>”

# cli startfsck online fpg111856

Note down the above task id ‘11856’ returned.

– Now, FSCKState should be ONFSCK_RUNNING

– Use task id returned by “cli startfsck” for further checking Online FSCK progress details and task status.

root@1617507-1 Mon Dec 07 15:12:10:~# cli startfsck online fpg111856

root@1617507-1 Mon Dec 07 15:13:21:~# showfpg ------(GB)-------FPG -Mountpath- -Size-- Available ActiveStates -DefaultCpg- -VVs-- State Versionfpg1 /fpg1 4096.00 819.20 ACTIVATED NL_r5 fpg1.1 normal 12.1---------------------------------------------------------------------------------- 1 total 4096.00 819.20root@1617507-1 Mon Dec 07 15:13:25:~# showfpg -d fpg1------------------File Provisioning Group---------------------File Provisioning Group : fpg1Active path : /fpg1Active State : ACTIVATEDFreeze State : NOT_FROZENIsolation State : ACCESSIBLEUpgrade State : OKVersion : 12.1FsGeneration : 1UUID : cc584d78-ba20-49aa-9f14-8e6f7886ad94Filesystem Number : 1Size (GB) : 4096.00Free (GB) : 819.20Available (GB) : 819.20Used (GB) : 3276.80Files : 160155Files Free : 1774593746Default CPG : NL_r5VVs : fpg1.1Primary Node : 0Alternate Node : 1Current Node : 0Comment : -State : normal SegmentNumber FSCKState FSCKPhaseRequired 1 ONFSCK_RUNNING NONE Domain Owner FsName Filesets VVIDs Nodes IpFsTypecf9b4c81-3ebd-4699-9c57-6e6577c2fdd9 0 fpg1 fileset1 222 1,0 ADE


Online FSCKHow to check Online FSCK task status and progress details?– Use task id returned by # cli startfsck

for further checking Online FSCK progress details and task status.

– # cli showfsck [-d] <task_id> - Prints detailed Online FSCK progress report. Where “-d” option can be used to display more details regarding online FSCK phases, file and segment details.

root@1617507-1 Mon Dec 07 15:13:54:~# cli showfsck -d 11856-----------------FPG Online FSCK Status------------------FPG : fpg1UUID : cc584d78-ba20-49aa-9f14-8e6f7886ad94Active State : ACTIVATEDOnline FSCK Status : RUNNING 85%Start Time : 2015-12-07 15:11:12 ISTComment :----------------------Segment 1 Details----------------------- Quarantined/ Pending/Components Total Verified Discrepancies RemainingVFS Status 2 1 0 1File Store 16 8 0 8File Stats for Segment 163216 163214 0 2 -------------------VFS Phase Details-------------------Name Status CompletedVFS Metadata Validation Phase COMPLETED 100%VFS Namespace Validation - 1st Pass COMPLETED 100%VFS Namespace Validation - 2nd Pass PENDING 0%

-------------------FStore Phase Details-------------------Name Status CompletedFSTORE Metadata Validation Phase COMPLETED 100%FSTORE Namespace Validation - 1st Pass COMPLETED 100%FSTORE Namespace Validation - 2nd Pass PENDING 0% ------------------File Progress Details-------------------Name Status CompletedInitializing online fsck metadata COMPLETED 100%Checking mcells(inodes) COMPLETED 100%Checking orphan inodes COMPLETED 100%Checking inode corruption list COMPLETED 100%Checking tag free list COMPLETED 100%Checking orphan tag[s] COMPLETED 100%Checking namespace connectivity RUNNING 20% (32643/163217)Checking ACL's PENDING 0%Checking DDL entries PENDING 0%Sending notifications PENDING 0%

root@1617507-1 Mon Dec 07 15:11:48:~# cli showfsck 11856 -----------------FPG Online FSCK Status------------------FPG : fpg1UUID : cc584d78-ba20-49aa-9f14-8e6f7886ad94Active State : ACTIVATEDOnline FSCK Status : RUNNING 85%Start Time : 2015-12-07 15:11:12 ISTComment :


Online FSCKHow to check Online FSCK task status and progress details?

Once the Online FSCK completes, showfsck command will have following output

root@1617507-1 Mon Dec 07 15:13:56:~# cli showfsck -d 11856-----------------FPG Online FSCK Status------------------FPG : fpg1UUID : cc584d78-ba20-49aa-9f14-8e6f7886ad94Active State : ACTIVATEDOnline FSCK Status : COMPLETED 100%Start Time : 2015-12-07 15:11:12 ISTComment :

Once 3PAR startfsck task completes with status ‘done’ then showfsck states that task is already completed and FSCKState will move to not_required from onfsck_running that marks the completion of online fsck job.

root@1617507-1 Mon Dec 07 15:16:30:~# cli showfsck -d 11856Task 11856 is already completed. root@1617507-1 Mon Dec 07 15:16:44:~# showtask

Id Type Name Status Phase Step -------StartTime------- ------FinishTime------- -Priority- -User-- 11856 background_command startfsck_task done --- --- 2015-12-07 15:11:12 IST 2015-12-07 15:16:25 IST n/a 3parsvc


Online FSCKConfiguration rules, installation, upgrade and downgrade considerations

– Online FSCK can only be initiated on deactivated FPG

– Online FSCK is supported on File Persona Group with on-disk version 12.1 onwards.

– Online FSCK is not supported for File Persona Group (FPG) with on-disk version 11.0 and 12.0

This feature is supported on currently shipping 3PAR platforms running 3.2.2 MU3 release with File Persona Release v1.3.


Online FSCKPerformance impact

– File access might be faster, if the file being accessed is already checked by online FSCK and inode is still in page cache.

– There is a slight performance impact, if the file being accessed is checked on demand.

– There is a noticeable performance impact, if recursive files listing (ls -ltR) is performed on directory tree with millions of files.


Online FSCKGotchas

– Online FSCK can’t be initiated on FPG which is almost FULL i.e. 100% used.Id : 21State : NewMessage Code: 0x0720001Catalog-Key : filesystem-event:filesystem.notification.fs.fullTime : 2016-02-02 15:42:01 ISTSeverity : InformationalType : File Provisioning GroupMessage : File Provisioning Group:8903413616047350074:ofsck Normal (NEEDS_SERVICE)Details : FPG Event: FPG ofsck usage reaches 80% of its capacity. FPG performance may decrease significantly as it becomes increasingly full.

– Once Online FSCK is started, currently there is no way to abort Online FSCK, but it can be stopped by forced deactivation and then it is mandatory to run offline FSCK.

– While Online FSCK in progress following 3PAR level alert might be raised regarding FPG usage, this is normal and FPG usage comes back to normal once the Online FSCK completes storage bit map checking.

– Online FSCK will fix the metadata inconsistencies where possible. if there are certain corruptions that can't be fixed online, it would require offline FSCK.


Online FSCKTroubleshooting

– What files to gather (file name and path)– As part of Online FSCK execution following log file gets generated on Current Node which owns the FPG.

/var/log/ade/online_fsck.<domain_name>.log

– Commands to run and what output to collect“cli collectfs create <collect_name>”



– If online FSCK fails to start due to insufficient free space, then the following error will be displayed

root@1633434-1 Tue Jan 12 15:01:21:~# showtask -d 9045 Id Type Name Status Phase Step -------StartTime------- ------FinishTime------- -Priority- -User--9045 background_command startfsck_task done --- --- 2016-01-12 14:56:55 IST 2016-01-12 14:57:27 IST n/a 3parsvc Detailed status:2016-01-12 14:56:55 IST Created task.2016-01-12 14:56:55 IST Updated Executing "startfsck_task" as 1:305872016-01-12 14:56:56 IST Updated Executing online FSCK2016-01-12 14:56:56 IST Updated PML task: e09ab72d8e964168a0c427793e4633162016-01-12 14:57:27 IST Error FSCK execution failed: Unknown Task Status: state EXCEPTION startTime 2016-01-12T09:28:09.318Z endTime 2016-01-12T09:28:40.168Z status {FPG fpg1 mount failed. Error: Not enough free space to run Online FSCK.}2016-01-12 14:57:27 IST Completed scheduled task.

– What does each error message mean?– If online FSCK fails to start due to insufficient space, then offline FSCK should be run.



Online FSCK task states

‘fsckState’ for the given FPG will transition from one state to another during the lifecycle of FPG requiring FSCK. ‘showfpg –d <fpg>’ command can be used to check the current ‘fsckState’ as shown in following example.

root@1617507-1 Mon Dec 07 15:10:18:~# showfpg -d fpg1------------------File Provisioning Group---------------------File Provisioning Group : fpg1Active path : /fpg1Active State : FAILED_TO_MOUNTFreeze State : NOT_FROZENIsolation State : ACCESSIBLEUpgrade State : OKVersion : 12.1FsGeneration : 1UUID : cc584d78-ba20-49aa-9f14-8e6f7886ad94Filesystem Number : 1Size (GB) : 4096.00Free (GB) : 4093.60Available (GB) : 4093.60Used (GB) : 2.40Files : 320298Files Free : 8867822269Default CPG : NL_r5VVs : fpg1.1Primary Node : 0Alternate Node : 1Current Node : 0Comment : -State : failed SegmentNumber FSCKState FSCKPhaseRequired 1 FSCK_REQUIRED PHASE0_AND_PHASE1 Domain Owner FsName Filesets VVIDs Nodes IpFsTypecf9b4c81-3ebd-4699-9c57-6e6577c2fdd9 0 fpg1 fileset1 222 1,0 ADE Volume VVID Nodes Capacity(GB)fpg1.1 222 1,0 4096.00



Online FSCK task states

‘fsckState’: the FSCK state for the FPG segment in general.

Possible values include:– NOT_REQUIRED: the segment is healthy and therefore FSCK is not needed.

– FSCK_REQUIRED: the segment is unavailable. Admin must run Online or Offline FSCK on the segment to make the segment available.

– ONFSCK_RUNNING: the FPG is mounted and Online FSCK is running on the segment.

– ONFSCK_STOPPED: Online FSCK is stopped on the segment because the FPG was umounted while Online FSCK was still running.

– OFFLINE_FSCK_REQUIRED: the segment is unavailable. Online FSCK was run on the segment and failed. Admin must run Offline FSCK on the segment to make the segment available.

– OFFLINE_FSCK_RUNNING: the FPG is umounted and Offline FSCK is currently running on the segment.



‘fsckPhaseRequired’ (this field applies only to running Offline FSCK): the Offline FSCK phases that are currently required for the FPG segment. Possible values:

– NONE: the segment is available and therefore the FPG can be mounted. No Offline FSCK phase is required.

– PHASE0_AND_PHASE1: the segment is unavailable and therefore the FPG cannot be mounted. Offline FSCK phase 0 and phase 1 are required.

– PHASE1: the segment is unavailable and therefore the FPG cannot be mounted. Offline FSCK phase 1 is required.

root@1617507-1 Mon Dec 07 15:10:18:~# showfpg -d fpg1------------------File Provisioning Group---------------------File Provisioning Group : fpg1Active path : /fpg1Active State : FAILED_TO_MOUNTFreeze State : NOT_FROZENIsolation State : ACCESSIBLEUpgrade State : OKVersion : 12.1FsGeneration : 1UUID : cc584d78-ba20-49aa-9f14-8e6f7886ad94Filesystem Number : 1Size (GB) : 4096.00Free (GB) : 4093.60Available (GB) : 4093.60Used (GB) : 2.40Files : 320298Files Free : 8867822269Default CPG : NL_r5VVs : fpg1.1Primary Node : 0Alternate Node : 1Current Node : 0Comment : -State : failed SegmentNumber FSCKState FSCKPhaseRequrired 1 FSCK_REQUIRED PHASE0_AND_PHASE1 Domain Owner FsName Filesets VVIDs Nodes IpFsTypecf9b4c81-3ebd-4699-9c57-6e6577c2fdd9 0 fpg1 fileset1 222 1,0 ADE Volume VVID Nodes Capacity(GB)fpg1.1 222 1,0 4096.00


Antivirus Enhancements


Antivirus Overview

– Policy based antivirus scanning over SMB, NFS and HTTP (used by Object Access (REST) API) protocols– Exclusion AV policies at the VFS level and override policies at File Store level – Supports up to 50 virus scan servers for redundancy and improved throughput performance

– Antivirus software supported using iCAP integration– SYMANTEC, MCAFEE, TRENDMICRO or SOPHOS– single AV vendor solution at a time per system

– Supports on-access and on demand scanning – AV statistics (files scanned, files infected, files quarantined)

3PAR StoreServ

Request to access a file Notifies the AV servers

File is scanned and results sent back

Access granted or denied based on scan results

NFS/SMB/HTTP ICAP

Client PCs Antivirus Scan Servers


Antivirus EnhancementsWith File Persona v1.3

– New vendor support – Sophos VSE vendor (Virus Scan Engine)

– Works same as current vendors

– Need physical machine with internet connectivity

– Works across all platforms

– Selective quarantine bulk operation– Flexibility to operate on a subset of infected files in a VFS or File Store

– Choose infected files based on the exportlist(either VFS or File store specific)

– New field in quarantine command ”quar_file” to support the subset

– Exportlist has a limit of 3k files.

– Works across all platforms


Antivirus EnhancementsNew vendor - Sophos

– In Unity 1.2, vendor supported are SYMANTEC, MCAFEE and TRENDMICRO.

– In Unity 1.3, new vendor SOPHOS supported along with existing SYMANTEC, MCAFEE and TRENDMICRO.

setfsav pol [-scan {enable|disable|inherit}] [-vendor <vendor_name>] [-fileop {open|openclose|inherit}] [-unavail {allow|deny|inherit}] [-excludesize {<size>|inherit}] [-excludeext {<ext>[,<ext>...]|inherit}] [-inheritall] [-fpg <fpgname>] [-fstore <fstore>] <vfs>

-vendor <vendor_name> Specifies the antivirus vendor name. Valid values are SYMANTEC, MCAFEE, TRENDMICRO or SOPHOS. Only valid in VFS context.


Antivirus EnhancementsNew vendor - Sophos

Example using AV 3par console

root@1633429-0 Mon Feb 08 16:03:07:~# showfsav

Vendor IpAddress PortNum StatusSOPHOS 10.2.22.2 1344 UP------------------------------- 1 totalroot@1645431-1 Tue Sep 01 04:19:50:~# setfsav pol -scan enable -vendor SOPHOS -fileop open -unavail allow -excludesize 10 -excludeext htm,jpg vfs1root@1645431-1 Tue Sep 01 04:19:50:~# showfsav pol vfs1 -----Exclude------VFS FileStore - Vendor- Scan FileOp Unavail Size(MB) Extensionvfs1 - SOPHOS ON OPEN ALLOW 10 htm,jpg----------------------------------------------------------------------------------- 1 total

root@1645431-1 Tue Sep 01 04:19:50:~#


Antivirus enhancementsNew vendor - Sophos

For improved performance, tuning is needed for Sophos VSE

threadcount - 32 maxqueuedsessions – 1024 ~ 1280


Antivirus EnhancementsSelective quarantine bulk operation

Currently Quarantine operations (move/delete/reset/list) are performed on all the infected files within a VFS or file store.

CLI Enhancement - Flexibility to operate on a subset of infected files in a VFS or File Store.

– 3PAR CLI adds ‘quar_file’ option to supply a subset of quarantined files.– Movesetfsav quar move -fpg fpg1 -quar_file <quar_fpg1_vfs1_move.txt> vfs1

– Deletesetfsav quar delete -fpg fpg1 -quar_file <quar_fpg1_vfs1_delete.txt> vfs1

– Resetsetfsav quar reset -fpg fpg1 -quar_file <quar_fpg1_vfs1_reset.txt> vfs1



Flow Diagram



Syntax: setfsav quar {exportlist|move|reset|delete} [-fpg <fpgname>] [-fstore <fstore>] [-quar_file <filepath>] <vfs>

Option-quar_file <filepath> Takes full path of file, present in .admin store, which contains list of all

quarantined files to be operated upon for move, reset or delete. This option can only be used with move, reset and delete operations.

move Move each file contained in the file provided on the –quar_file option to default location (.admin/AV/Quarantine folder in specifed VFS) with timestamp.

reset Reset quarantined files listed in file provided under specified vfs/fstoredelete Delete quarantined files listed in file provided under specified vfs/fstore<vfs> Virtual file server name



Example – using AV 3par console

File system : fpg1 ; VFS name : vfs1 ; Fsstore : fstore1/fstore2

List of infected file in vfs1: setfsav quar exportlist vfs1

Make the container files in .admin share: \.admin\AV\Quarantine\quar_fpg1_vfs1_move.txt\.admin\AV\Quarantine\quar_fpg1_vfs1_reset.txt\.admin\AV\Quarantine\quar_fpg1_vfs1_delete.txt

Execute flexible bulk operation: setfsav quar move -fpg fpg1 -quar_file .admin/AV/Quarantine/quar_fpg1_vfs1_move.txt vfs1setfsav quar delete -fpg fpg1 -quar_file .admin/AV/Quarantine/quar_fpg1_vfs1_delete.txt vfs1setfsav quar reset -fpg fpg1 -quar_file .admin/AV/Quarantine/quar_fpg1_vfs1_reset.txt vfs1


Object Access API Enhancements


Object Access API Clients access through the SMB and NFS protocol and Object Access API

SMB 3.0, 2.1, 2.0, and 1.0 protocols for

Microsoft Windows and Apple OS X

NFSv4 and v3 protocols for Linux and UNIX

Object Access (REST) API for custom cloud apps


Object Access API HPE 3PAR Object Access API Support

The File Persona software also supports access to directories and files using the HPE 3PAR Object Access API. Using the HTTP protocol, you can integrate direct file access into applications.

The object access API supports the following operations (v1.2):

– Creating, replacing, renaming, downloading, retrieving information about, and deleting a file

– Creating, retrieving content and information about, and deleting a directory

– Changing owner and user permissions

– Changing groups

– Setting, retrieving, and removing extended attributes

– Committing data to a disk


Object Access API EnhancementsNew features

File Copy feature (includes directory) – Supports copying a file to another file and location in the share.– Supports copying a directory and all of its contents recursively (as in "cp -R …") to a new directory name

and location in the share.– Feature uses posix copy semantics.Partial File Access feature– Supports byte range operations allowing an application to retrieve a portion of the file without downloading

the entire file– Supports byte range operations allowing an application to modify a portion of the file without writing the

entire file.– Uses HTTP Range header to specify the bytes to be read/written to in a fileStatistics– Supports HTTP Daemon statistics collection to enable integration into the perf stat.– Uses apache mod_status to get the statistics which will be provided to perfmonitor.


Object Access API EnhancementsAdministration (File Copy)

Copying a file to another file and location. Uses PUT method.PUT http://IP/v1/shareurl/path/file?cmd=cp&destination=<string>&overwrite=<bool>&preserve=<bool>

– destination - is valid local path within the http share boundary (stree).

– overwrite - Causes file to be overwritten if already present. Default is false.

– preserve - Causes default file attributes (mode,ownership,timestamps ) to be preserved during copy. Default is false.

Copying a directory and all of its contents recursively. Uses PUT method.PUT http://IP/v1/shareurl/path/dir_to_be_copied?cmd=cp&destination=<string>&recursive=<bool> &overwrite=<bool> & preserve=<bool>

– destination - is valid local path within the http share boundary (stree).

– recursive - Causes files and sub-directories to be copied recursively. Default is false

– overwrite - Causes file to be overwritten if already present. Default is false.

– preserve - Causes default file attributes (mode,ownership,timestamps ) to be preserved during copy. Default is false.


Object Access API EnhancementsAdministration (Partial File Access)

Byte Range operations can be used to retrieve a portion of the file. Support Range header and uses GET Method.GET http://IP/v1/shareurl/path/file -u <user>:<pass> -H "Range: bytes=<start>-<end>“-k --verbose

Byte range specified in file retrieve request refers to offsets of file specified as part of resource URL. Doesn’t support multi byte ranges.

Examples of byte-ranges-specifier values:– The first 500 bytes (byte offsets 0-499, inclusive): bytes=0-499

– The second 500 bytes (byte offsets 500-999, inclusive): bytes=500-999

– The final 500 bytes (byte offsets 9500-9999, inclusive): bytes=-500 Or: bytes=9500-


Object Access API EnhancementsAdministration (Partial File Access)

Byte Range operations to modify a portion of the file. Uses PUT method

POST "http://IP/v1/shareurl/t1.txt" --data '----' -u <user>:<pass> -H "Range: bytes=<start>-<end>“ -H "Content-Type: text/xml“ -k --verbose

Assuming a file that has to be updated (t1.txt) contains following text 1234567890, and supplied chunk data is always 4 dashes(----)

1. Command will apply chunk data to file t1.txt, within offsets specified by byte rangePOST "http://10.21.14.13/v1/urlmyshare/t1.txt" --data '----' -k --verbose -u http_user1:hpinvent -H "Range: bytes=1-4" -H "Content-Type: text/xml“

– Contents of updated file: 1----67890

2. Command will apply chunk data to file t1.txt, starting at byte offset 2 in target file t1.txt specified by byte range.

POST "http://10.21.14.13/v1/urlmyshare/t1.txt" --data '----' -k --verbose -u http_user1:hpinvent -H "Range: bytes=2-" -H "Content-Type: text/xml"

– Contents of updated file: 12----7890


Object Access API EnhancementsAdministration (Statistics)

– perfmonitor executes runs every minute and provides fm_perfMonitor utility to display the stats for http to the user.

– CLI commands can be used to get the http statistics.– “statfs -http” continuously displays the statistics for each interval of 1 minute by default.

statfs –http [-item <number> -d <secs> -node <nodeid> [,<nodeid>]... -verbose]Option Description

-http Displays HTTP statistics.

-iter <number> Specifies that the statistics are to stop after the indicated number of iterations using an integer from 1 through 2147483647.

-d <secs>Specifies the interval in seconds that statistics are sampled from using an integer from 1 through 2147483. If no count is specified, the command defaults to 60 seconds. Information will only be updated every 6 seconds, times of less will redisplay same information.

-node <nodeid>[,<nodeid>]... Specifies the node on which to report statistics.

-verbose Specifies that all statistics will be displayed. Each statistic will be displayed on a line each.



– “srstatfshttp” gives a historical data. By default, the report for past 12 hours is displayed with a high sampling frequency of 5 minutes

srstatfshttp [-attime -btsecs <secs> -etsecs <secs> -hires –hourly –daily –groupby <node> -node <node>[,<node>...] -sortcol <col>[,<dir>][:<col>[,<dir>]...]]

-attimePerformance is shown at a particular time interval, specified by the -etsecs option, with one row per object group described by the -groupby option. Without this option performance is shown versus time, with a row per time interval.

-btsecs <secs> Select the begin time in seconds for the report.

-etsecs <secs> Select the end time in seconds for the report. If -attime is specified, select the time for the report.

-hires Select high resolution samples (5 minute intervals) for the report. This is the default.

-hourly Select hourly samples for the report.

-daily Select daily samples for the report.

-groupby <groupby>[,<groupby>...]For -attime reports, generate a separate row for each combination of <groupby> items. Each <groupby> must be different and one of the following: NODE The controller node

-node <node>[,<node>...] Limit the data to that corresponding to one of the specified nodes.

-sortcol <col>[,<dir>][:<col>[,<dir>]...] Sorts command output based on column number (<col



There are total of nine counters for http statistics. Currently there is no option to enable or disable specific counters.

CLI Output Name XML Tag name from PML DescriptionTotal accesses TotalAccess Total number of accesses to the Object shareTotal KBserved TotalkBytesServed Total number of bytes served in Kilo Bytes

Apache cpuload ApacheCPULoad CPU percentage used by the Apache(httpd) process

Server uptime ServerUptime Uptime since the last restart of the httpd server

Requests/sec RequestsPerSec Average umber of requests served per second

bytes/sec BytesPerSec Average number of Bytes per second

bytes/request BytesPerRequest Average number of Bytes per request

Worker_count Busy BusyWorkerCount Number of Busy httpd workers

Worker_count Idle IdleWorkerCount Number of idle httpd workers

Scoreboard ScoreboardRepresentation on the server's current state.It’s a bunch of 58 characters by default, it can go all the way to 128 characters.


Object Access API EnhancementsConfiguration rules, installation, upgrade and downgrade considerations

– Copy, partial file access and statistics features are available on installation of File Persona v1.3 or upgrade to File Persona v1.3. There is no configuration involved.

– These features doesn’t prevent upgrade/downgrade.

– There is no noticeable performance impact from having the copy, partial file access and statistics features.

– Partial File Access does not support multi-byte range.

– No provision to disable/enable counters of http in statistics


Object Access API EnhancementsTroubleshooting (Copy Feature)

– Errors are returned as appropriate HTTP errors codes with accompanying JSON error information in the response.

– If Copy is terminated in the middle of an operation due to an interrupt or error files or file hierarchies may be only partially copied and files and directories may have incorrect permissions or access and modification times.

– While using copy for a file, if there exists a file with same name as the source file in the destination, cp operation will overwrite the pre-existent file only if “overwrite=true” is specified in the request

– While using copy for directory and it’s contents (files & dir), if there exists a file with same name as the source file in the destination, cp operation will overwrite the pre-existent file only if “overwrite=true” is specified in the request.


Object Access API EnhancementsTroubleshooting (Partial File access Feature)

Errors are returned as appropriate HTTP errors codes with accompanying JSON error information in the response. Below are status codes.

HTTP Status Code Reason

200 or 204 When operation was successful

400 Invalid Range header

404 File not found

416 Request Range not satisfiable (end byte being lower than the start byte)


Object Access API EnhancementsTroubleshooting (Statistics)

– ‘statfs -http’ command will continuously display the performance report for each interval of 1 minute by default. This period can be changed by specifying the –d option.

– srstatfshttp command samples frequency and duration for report can be modified by using -hires/-hourly/-daily and -btsecs/-etsecs respectively.

Learning check


Learning check 1

What are the primary workloads addressed by File Persona? (Select three)

A. Home directories and user/group shares

B. Video editing and media streaming

C. Virtualization

D. Content management & collaboration

E. Data preservation & governance

F. Databases


?

Learning check 1

What are the primary workload addressed by File Persona? (Select three)

A. Home directories and user/group shares

B. Video editing and media streaming

C. Virtualization

D. Content management & collaboration

E. Data preservation & governance

F. Databases


Learning check 2

Which On-Disk version upgrade is possible in 3PAR OS 3.2.2 MU3 release? (Select two)

A. On-disk version 11 to 11.1

B. On-disk version 11 to 12

C. On-disk version 11.1 to 12.1

D. On-disk version 12 to 12.1


?

Learning check 2

Which On-Disk version upgrade is possible in 3PAR OS 3.2.2 MU3 release? (Select two)

A. On-disk version 11 to 11.1

B. On-disk version 11 to 12

C. On-disk version 11.1 to 12.1

D. On-disk version 12 to 12.1


Learning check 3

Which protocol can be used to get access to files or directories over the network? (Select all that apply)

A. SMB

B. NFS

C. FTP

D. FTPS

E. HTTP

F. iSCSI


?

Learning check 3

Which protocol can be used to get access to files or directories over the network? (Select all that apply)

A. SMB

B. NFS

C. FTP

D. FTPS

E. HTTP

F. iSCSI


Learning check 4

If LEGACY security mode is configured which of the following statements are true? (Select one)

A. File names are case insensitive, regardless of accessing protocol.

B. File names are case sensitive, regardless of accessing protocol.

C. File names are case insensitive when accessed from Windows clients and case sensitive when accessed from POSIX clients.

D. File names are case sensitive when accessed from Windows clients and case insensitive when accessed from POSIX clients.


?

Learning check 4

If LEGACY security mode is configured which of the following statements are true? (Select one)

A. File names are case insensitive, regardless of accessing protocol.

B. File names are case sensitive, regardless of accessing protocol.

C. File names are case insensitive when accessed from Windows clients and case sensitive when accessed from POSIX clients.

D. File names are case sensitive when accessed from Windows clients and case insensitive when accessed from POSIX clients.


Learning check 5

What are the possible states of a Files in a FileStore? (Select three)

A. Normal

B. Normal-retained

C. WORM

D. WORM-retained


?

Learning check 5

What are the possible states of a Files in a FileStore? (Select three)

A. Normal

B. Normal-retained

C. WORM

D. WORM-retained


Learning check 6

How to prevent a WORM file to be deleted? (Select two)

A. No action required.

B. Set retention period to a value greater than zero.

C. Use startfsarchive command.

D. Set legal hold for the file


?

Learning check 6

How to prevent a WORM file to be deleted? (Select two)

A. No action required.

B. Set retention period to a value greater than zero.

C. Use startfsarchive command.

D. Set legal hold for the file


Learning check 7

What are features of Online FSCK? (Select three)

A. Metadata validation and correction

B. User-data validation and correction

C. Normal FS operations are allowed during FSCK

D. Minimized Downtime for FS consistency checking


?

Learning check 7

What are features of Online FSCK? (Select three)

A. Metadata validation and correction

B. User-data validation and correction

C. Normal FS operations are allowed during FSCK

D. Minimized Downtime for FS consistency checking


Learning check 8

Who and when FSCK should run? (Select one)

A. User on a regular base.

B. Administrator before starting a full backup.

C. Administrator after creating a new FPG.

D. HPE Tech Support either in response to FSCK alert event generated by the file system itself or in case of certain FS errors.


?

Learning check 8

Who and when FSCK should run? (Select one)

A. User on a regular base.

B. Administrator before starting a full backup.

C. Administrator after creating a new FPG.

D. HPE Tech Support either in response to FSCK alert event generated by the file system itself or in case of certain FS errors.


Learning check 9

What is a function of User Mapping in File Persona? (Select one)

A. To join File Persona nodes to an Active Directory domain

B. To map an AD user to an LDAP user and create an account to provide access across SMB and POSIX protocols.

C. To use LDAP to authenticate File Persona users and groups.

D. To set the authentication provider stacking order.


?

Learning check 9

What is a function of User Mapping in File Persona? (Select one)

A. To join File Persona nodes to an Active Directory domain

B. To map an AD user to an LDAP user and create an account to provide access across SMB and POSIX protocols.

C. To use LDAP to authenticate File Persona users and groups.

D. To set the authentication provider stacking order.


Learning check 10

What are Static User Mapping characteristics? (Select two)

A. Maps users with different names across providers.

B. Maps users with same name across providers.

C. Need to be placed first in the mapping file to override a dynamic mapping entry.

D. Only bidirectional (==) operator can be used.


?

Learning check 10

What are Static User Mapping characteristics? (Select two)

A. Maps users with different names across providers.

B. Maps users with same name across providers.

C. Need to be placed first in the mapping file to override a dynamic mapping entry.

D. Only bidirectional (==) operator can be used.



Thank you

3PAR File Persona Software

[ppt]title slide with picture · web viewcontrolpoint retention of business records with hpe...

Documents