C H A P T E R 2 - Initial Network Configuration

This chapter describes configuring your system for communication on your network. It includes the following sections:

The Web Administrator graphical user interface (GUI) enables you to configure your system for communication on your network. After you configure network communication and services, you need to configure your file system, user access rights, any other features, and any options that you purchased.

This chapter follows the same sequence as the configuration wizard. It does not cover all of the features you might want to set up. If you want to set up a specific feature that is not covered in this chapter, look it up in the index to find the instructions.

In order to configure your system for communication, you must set up a server name that identifies the NAS server on the network.

The server name identifies the system or identifies the server unit, for dual-server high-availability (HA) systems on the network. The server name begins with a letter of the alphabet (a-z, A-Z) or number 0-9 and can include up to 30 characters: a-z, A-Z, 0-9, hyphens (-), underscores (_), and periods (.).

The system includes this information in any diagnostic email messages that it sends. For more information about diagnostic email messages, see Sending a Diagnostic Email Message.

This section provides information about logical unit numbers (LUNs) and how to set and restore LUN paths. The following subsections are included:

About Setting LUN Paths

A logical unit number (LUN) path is a designation that describes how a file volume in a LUN is accessed by which NAS server and controller. To every file volume there are two LUN paths from the NAS server controllers to the disk array controllers: primary and alternate. If one fails, the system uses the other available LUN path to access the desired file volume. The number of LUN paths and their implementations depend on the model and configuration of the system. In a cluster configuration, a server (head) induces a head failover (see Enabling Server Failover) if both the primary and alternate paths fail.

About LUN Paths in Single-Server Systems

The primary logical unit number (LUN) path to a file volume in L0 (:LUN 0) is C0-L0, and the alternate path is C1-L0. The primary LUN path to a volume in L1 is C1-L1, and the alternate path is C0-L1. As illustrated above, the system has the following LUN paths.

Paths	LUN 0	LUN 1
Primary	C0-L0	C1-L1
Alternate	C1-L0	C0-L1

About LUN Paths in Dual-Server Systems

The primary logical unit number (LUN) path to L0 (LUN 0) path on server H1 is C0-L0; the alternate path is C0-L1. The primary L0 path on server 2 is C1-L0 and the alternate path is C1-L0.

File volumes are normally accessed through the primary LUN path designated for the LUN to which the file volumes belong. In a cluster configuration, a server induces a failover if its primary and alternate paths fail (see Enabling Server Failover).

Setting LUN Paths

By setting a logical unit number (LUN) path, you designate the current active LUN path. The current active LUN path can be either the primary or alternate path. For optimal performance, set the active path to the primary path. A LUN can be reassigned only if there are no file systems on that LUN. On a cluster appliance, only the server that "owns" a LUN can reassign it to another server.

Note: When you first start a cluster appliance, all LUNs are assigned to one server (H1). Use server H1 to reassign some LUNs to server H2 for even distribution of data. The global limit (for both servers, combined) is 255 LUNs. This limit can be divided between the two servers in any way. For example, you might have 200 LUNs on one server, and 56 on the partner server.

You use the Set LUN Path panel to set active paths. For a cluster appliance, you can set an unassigned path from either server.

You can specify the primary and alternate path for each LUN, or you can have the paths assigned automatically by clicking the Auto-assign LUN paths button in the Set LUN Paths window.

Note: The Sun StorEdge 5310 NAS Appliance Version 4.5 documentation set does not show the graphic user interface's change from Fault Tolerance to High Availability. When a procedure in that documentation instructs you to select Fault Tolerance, select High Availability.

Note: LUNs that have no LUN path assigned might initially appear multiple times in the Set LUN Path panel, as their presence is advertised by multiple controllers over multiple paths. After a LUN has a path assigned, it is displayed one time, on its current path.

Example: The drop-down option "1/0" assigns the selected LUN to controller 0 (C0). The option value is X/Y, where X is the HBA and Y is the controller ID (SID) through which the LUN is seen by the NAS server.

4. Evenly divide LUN assignments to the two available paths. For example, the first and third LUN to 1/0 and the second and fourth LUN to 1/1.

Restoring a LUN Path

The current active path of a logical unit number (LUN) can be different from its primary path. The Restore option on the Set LUN Panel enables you to restore a current active path of a LUN to its primary LUN path.

Note: Restoring a LUN path does not recover any data; it is not a disaster recovery function. Instead, for optimal performance, the active path must be the primary path for a LUN.

If you are restoring the primary LUN path because of a physical path failure, scan the disks to make the alternate path available again. To rescan the disks, use the Web Administrator to navigate to Volume Operations > Create File Volumes and then click Scan for New Disks.

This section provides information about enabling server failover on Sun StorageTek 5310 and Sun StorageTek 5320 cluster appliances and cluster gateway systems. The following subsections are included:

About Enabling Failover

Note: Failover processing is only available on Sun StorageTek 5310 and Sun StorageTek 5320 cluster appliances and cluster gateway systems. It does not apply for Sun StorageTek 5210 NAS appliances.

A cluster appliance or gateway system includes a pair of active-active servers, sometimes called heads, that share access to the redundant array of independent disks (RAID) controllers and several different networks. The RAID controllers are connected to each server through Fibre Channel controllers. A dedicated heartbeat cable connects the first network interface card (NIC) between the two servers and lets each server monitor the other's health status.

In normal operation, each server operates independently, with responsibility for a subset of logical unit numbers (LUNs). If one server suffers a hardware failure that renders a data path unavailable, the working server automatically takes ownership of Internet Protocol (IP) addresses and LUNs formerly managed by the failed server. All operations of the failed server, including RAID volume ownership and network interface addressing, are transferred to the working server. This is known as head failover.

Note: Volume names must be unique in a cluster configuration. If two volumes in a cluster have the same name and a failover occurs, an `x' is appended to the name of the file system on the failed server to avoid a conflict with the working server.

Following a cluster failover, client operations using Network File System/user datagram protocol (NFS/UDP) transfer immediately, while Network File System/transmission control portal (NFS/TCP) requires a reconnect. This is performed transparently in the context of an NFS retry. Common Internet File System (CIFS) also requires a reconnect, although different applications might do so transparently, notify the user, or require user confirmation before proceeding.

You can initiate the recovery process, known as "failback," when the failed server is repaired and brought back online. This is described under Initiating Recovery.

Note: A power cycle (or power failure) of a single controller unit in a cluster configuration causes both servers to reset. This is expected behavior because each server is designed to protect against partial volume loss.

Caution:In a cluster configuration, do not configure both heads to be in the same switch zone as the tape device. In the event of a head failover during a backup, data on the media is lost. Configure one of the heads to be in the same zone as the tape device.

Enabling Server Failover

In the event of a server failure, failover causes the working server to take temporary ownership of the Internet Protocol (IP) addresses and logical unit numbers (LUNs) formerly managed by the failed server.

Note: When you enable head (server) failover, Dynamic Host Configuration Protocol (DHCP) is disabled.

Enabling link failover ensures that head failover occurs when any network interface that is assigned a "primary" role fails. This type of failure is referred to as a "link down" condition. If the partner's network link is down, the server that wants to induce the failover must wait the specified amount of time after the partner server reestablishes its network link.

This section provides information about manually initiating failback (recovery) for a cluster appliance or cluster gateway system, in the event that a failed server is brought back online. It applies for Sun StorageTek 5310 and Sun StorageTek 5320 cluster appliances and cluster gateway systems, and includes the following subsections:

About Initiating Recovery

After a failed server is brought back online and fully functional, you must manually initiate recovery (failback) of your cluster appliance or gateway system. This allows the server that originally failed to "recover" ownership of its original file volumes.

For example, if volume A was assigned to server H1, which failed, server H2 would take ownership of volume A during the failover process. When server H1 is fully functional again, you can log in to server H2 and return ownership of volume A to server H1.

Caution:Make sure that the failed server is fully functional before attempting recovery.

Initiating Recovery

After a cluster appliance or cluster gateway system has undergone head failover, and the failed server is brought back online, you must manually initiate recovery (failback) of the server that was brought back up.

1. Log in to Web Administrator on the server that took over for the failed server.

Note: You cannot initiate recovery from the failed (and now, recovered) server.

3. Click Recover. (Ignore the redundant array of independent disks (RAID) lists at the center of the screen; they are not used during server recovery.)

Under a heavy processing load, some LUNs might not be fully restored. Repeat the procedure if any LUN remains in the failover state.

This section provides information about configuring appliance and gateway-system network ports and adapters. The following subsections are included:

About Configuring Network Ports

Each network port on your NAS appliance or gateway system must have an assigned role. Take either of the following actions to configure network ports on your NAS appliance or gateway system:

You can bond two or more ports together to create a port bond. A port bond has higher bandwidth than the component ports assigned to it. More information and instructions for bonding network ports are provided in About Port Bonding.

About Network Port Locations

The NAS appliance and gateway-system ports are identified based on their type, and their physical and logical location on the server. To identify the network port locations, see Back Panel Ports and LEDs and the NAS appliance and gateway system Getting Started Guide. Note that configurations vary, and those shown are examples.

The relationship of network interface cards (NICs) to ports is also shown in the Getting Started Guide for your NAS appliance or gateway system.

Configuring Network Adapters

1. From the navigation panel, choose Network Configuration > Configure TCP/IP > Configure Network Adapters.

2. If your network uses a Dynamic Host Configuration Protocol (DHCP) server to assign Internet Protocol (IP) addresses and you want to enable it, select the Enable DHCP checkbox.

Enabling DHCP allows the system to dynamically acquire an IP address from the DHCP server. Clear this checkbox to manually specify a static IP address and netmask. If you do not enable DHCP, the netmask is still disabled if the port is a member of an aggregate port. See About Port Bonding for more information on creating and setting up aggregate ports.

Note: On cluster appliances and gateway systems, you cannot enable DHCP unless you have disabled head failover. Instead, you must assign static IP addresses to ports so that they remain consistent in the event of a failover.

If you have already created a port bond and want to add alias IP addresses to it, select the port bond from this list. (See About Port Bonding for more information on creating port bonds.) Independent ports are labelled PORTx and port bonds are labelled BONDx.

After you create a port bond, you cannot add alias IP addresses to the individual ports, only to the bond.

The subnet mask indicates which portion of an IP address identifies the network address and which portion identifies the host address.

The read-only Broadcast field is filled automatically when you enter the IP address and netmask. The broadcast address is the IP address used to send broadcast messages to the subnet.

Roles	Description of the Port
Primary	Active network port. At least one port must be assigned a primary role.
Independent	Active network port used for purposes other than serving data, such as backups.
Mirror	Port that connects the server to another server for purposes of mirroring file volumes (applicable only with the Sun StorageTek File Replicator option is licensed and enabled).
Private	Port reserved for the heartbeat: a dedicated network link that constantly monitors the status of the other server in a cluster configuration (applicable only in dual-server configurations). Each server in a cluster configuration has one and only one private port.

7. To add an alias IP address to the selected port, specify that address in the IP-Aliases field. Then click the Add button to add it to the IP-Aliases list.

Typically aliases specify the IP addresses of obsolete systems that have been replaced by NAS storage.

You can have up to nine aliases per interface for single-server systems and up to four aliases for dual-server systems. To remove an alias from the list, select it and click the Trash button. Changes are not saved until you click Apply.

The default gateway address is the Internet Protocol (IP) address of the gateway or router on the local subnet that is used by default to connect to other subnets. A gateway or a router is a device that sends data to remote destinations. You must specify the default gateway address for the system.

1. From the navigation panel, choose Network Configuration > Configure TCP/IP > Set Gateway Address.

This section provides information about setting up Windows security so that name services can be used, and provides information about setting up various name services. For more detailed information about name services, see Active Directory Service and Authentication. The following subsections are included:

Configuring Windows Security

To use name services in a Windows environment, you must configure Windows security. Configuring the domain, workgroup, or Active Directory Service (ADS) is a Windows function. If you are running a pure UNIX network, you do not need to configure either Windows Domains or Windows Workgroups.

Note: In a cluster configuration, Windows security changes made on one server are propagated immediately to the other server.

Changing the security mode requires a server reboot. Therefore, perform this procedure during a scheduled maintenance period.

Enable Windows Workgroup, NT Domain security, or ADS through the Configure Domains and Workgroups panel. By default, your system is configured in Windows Workgroup mode, with a workgroup name of "workgroup."

Note: Domain security and Workgroup security settings are mutually exclusive. Changes made to Domain security will negate Workgroup security and vice versa.

1. From the navigation panel, choose Windows Configuration > Configure Domains and Workgroups.

2. To enable Windows domain security, select the Domain option, and fill in the Domain, User Name, and Password fields to create an account on the domain for this server.

You must specify a user account with rights to add servers to the specified domain. For more information about these fields, see Configure Domains and Workgroups Panel.

3. To enable Windows workgroup security, select the Workgroup option, and type the name of the workgroup in the Name field.

4. (Optional) In the Comments field, type a description of the NAS appliance or gateway system.

5. To enable ADS, select the Enable ADS checkbox and fill in the ADS-related fields. For more information about these fields, see Configure Domains and Workgroups Panel.

Note: Prior to enabling ADS, you must verify that the system time is within five minutes of any ADS Windows domain controller. To verify the time, choose System Operations > Set Time and Date from the navigation panel.

If you change the security mode from workgroup to NT domain, or from NT domain to workgroup, the server reboots when you click Apply.

Setting Up WINS

Windows Internet Naming Service (WINS) is a Windows function. If you are running a pure UNIX network, you do not need to set up WINS.

Note: In a cluster configuration, WINS changes made on one server are propagated immediately to the other server.

3. Type the Internet Protocol (IP) address of the Primary WINS server in the space provided.

The primary WINS server is the server consulted first for NetBIOS name resolution.

If the primary WINS server does not respond, the system consults the secondary WINS server.

Defining a scope prevents this computer from communicating with any systems that do not have the same scope configured. Therefore, use caution with this setting. The scope is useful if you want to divide a large Windows workgroup into smaller groups. If you use a scope, the scope ID must follow NetBIOS name conventions or domain name conventions and is limited to 16 characters.

Setting Up DNS

Domain Name Service (DNS) software resolves host names to Internet Protocol (IP) addresses for your NAS appliance or gateway system.

Note: If you are using DNS without Dynamic DNS, add the host name and IP address of the server to your DNS database. If you are using Dynamic DNS, you do not need to manually update the DNS database. See your DNS documentation for more information.

Note: In a cluster configuration, DNS changes made on one server are propagated immediately to the other server.

1. From the navigation panel, choose Network Configuration > Configure TCP/IP > Set Up DNS.

4. Type the IP address of a DNS server you want to make available to the network, and then click the Add button to add the server to the Server List.

Repeat this step for each DNS server you want to add. You can add a maximum of two DNS servers to this list.

The system first queries the DNS server at the top of the server list for domain name resolution. If that server cannot resolve the request, the query goes to the next server on the list.

5. To rearrange the search order of the DNS servers in the list, click the server you want to move and click the Up or Down button.

To remove a server from the list, select the server IP address and click the Trash button.

6. Select the Enable Dynamic DNS checkbox to let a Dynamic DNS client add the NAS appliance or gateway system into the DNS namespace.

Do not enable this option if your DNS server does not accept dynamic updates. You must also configure the Kerberos realm and KDC server in Configuring Windows Security. If you enable Dynamic DNS by selecting this checkbox, non-secure dynamic updates occur automatically if they are allowed by the DNS server.

7. To enable secure Dynamic DNS updates, select the Enable Dynamic DNS checkbox and fill in the DynDNS User Name and DynDNS Password fields. For more information about these fields, see Set Up DNS Panel.

Setting Up NIS

Network information service (NIS) is a name service that enables the distribution of system configuration data, such as user and host names, between computers in a computer network. This is a UNIX function so if you are running a pure Windows network, you do not need to set up NIS.

Use the Set Up NIS panel to enable NIS and specify the domain name and server Internet Protocol (IP) address.

Note: In a cluster configuration, NIS changes made on one server are propagated immediately to the other server.

Enabling NIS configures the system to import the NIS database for host, user, and group information.

3. Type the name of the domain you want to use for NIS services in the Domain Name field.

Leave the Server field blank if you do not know the server IP address. However, if you leave the Server field blank, you must select the Use Broadcast checkbox so that the appropriate IP address can be acquired from the NIS server.

5. Type the frequency rate, in minutes, at which you want NIS information to be refreshed. The default is set to 5 minutes.

7. Select the Update Hosts checkbox to download host information from the NIS server to the system.

8. Select the Update Users checkbox to download user information from the NIS server to the system.

9. Select the Update Groups checkbox to download group information from the NIS server to the system.

10. Select the Update Netgroups checkbox to download netgroup information from the NIS server to the system.

Setting Up NIS+

Network information services plus (NIS+) is a name service that provides the same functionality as NIS, but with added security that ensures a secure environment. This is a UNIX function, so if you are running a pure Windows network, do not set up NIS+.

Note: In a cluster configuration, NIS+ changes made on one server are propagated immediately to the other server.

To add an appliance or gateway system to the host credential file on the NIS + server:

where server is the name of the NAS server, and domain is the name of the NIS+ domain that the appliance or gateway system is joining.

Note: Include a period at the end of the domain name only after the -P argument.

For example, if a NAS appliance is named SS1, and its NIS+ domain is sun.com, enter:

3. At the prompt, enter a password. This password will be used again later in this procedure.

1. From a remote client, open a web browser window to the system and log in to Web Administrator.

4. In the Home Domain Server field, type the NIS+ home domain server IP address.

If you don't know the home domain server IP address, leave this field blank and select the Use Broadcast checkbox. When this option is selected, the system acquires the appropriate IP address for the home domain server.

The search path identifies the domains that NIS+ searches through when looking for information. Leave this space empty to search only the home domain and its parents.

For example, if the NIS+ domain is eng.sun.com. and the search path is blank, the system first searches eng.sun.com. then sun.com., and so on, when resolving names. Conversely, if you specify a search path like sun.com., the system searches only the domain sun.com when resolving names.

8. Select the Use Broadcast checkbox if you do not know the IP address of the home domain server (see Step 5).

Configuring Name Services

The name service (NS) lookup order controls the sequence in which the name services are searched to resolve a query. These name services can include LDAP, NIS, NIS+, DNS, and Local. You must enable the selected services to use them for name resolution.

Note: In a cluster configuration, changes made on one server to user, group, netgroup, and host look-up are propagated immediately to the other server.

1. From the navigation panel, choose Unix Configuration > Configure Name Services.

2. Select the order of user lookup in the Users Order tab by selecting a service from the Services Not Selected box and using the > and < buttons, and then use the Up and Down buttons in the Services Selected box.

3. Select the services used for group lock-up in the Groups Order tab, following the procedure in Step 2.

4. Select the services used for netgroup lock-up in the Netgroup Order tab, following the procedure in Step 2.

5. Select the services used for host lock-up in the Hosts Order tab, following the procedure in Step 2.

When the system detects an error, it sends a notification email message. To ensure name resolution, you must have either set up the SMTP server host name in the Configure Hosts panel (see About Configuring Hosts) or set up DNS (see Setting Up DNS).

Note: In a cluster configuration, SMTP changes made on one server are propagated immediately to the other server.

1. From the navigation panel, choose Monitoring and Notification > Set Up Email Notification.

3. In the Email Address field, type the address of the person to be notified of system errors.

4. Specify the types of email for this recipient. Select Notification, Diagnostics, or both.

6. Repeat Step 3 through Step 5 for all recipients. You can specify a maximum of four email addresses.

Enabling remote logging lets the system send its log to a designated server and/or save it to a local archive. The designated server must be a Unix server running syslogd. If you will be referring to the logging host by domain name, you must configure the Domain Name Service (DNS) settings on the system before you enable remote logging.

Caution:You must enable remote logging or create a log file on local disk to prevent the log from disappearing on system shutdown. Otherwise, the system will create a temporary log file in volatile memory during startup. This is sufficient to retain any errors that might occur during initial startup for later display, but will not persist through a power failure or system restart.

1. From the navigation panel, choose Monitoring and Notification > View System Events > Set Up Logging.

3. In the Server field, specify the DNS host name if you have configured the DNS settings. Otherwise, type the Internet Protocol (IP) address. This is where the system log is sent.

4. From the drop-down menu, select the facility code to be assigned to all NAS messages that are sent to the log.

5. Select the types of system events for which to generate log messages, by placing a check mark next to one or more facilities. Each type of event represents a different priority, or severity level, as described under About System Events.

7. Type the log file's path (the directory on the system where you want to store the log file) and file name in the Local File field.

Note: You cannot set up local logging to either the /cvol or /dvol directory.

9. Type the maximum file size in kilobytes for each archive file in the Size field.

The operating system supports Unicode, which enables you to set the local language for Network File System (NFS) and Common Internet File System (CIFS). Ordinarily, you assign the language when you run the wizard during initial system setup. However, if you need to reset the language at a later time, you can set it manually.

2. Select the local language for from the languages displayed in the drop-down menu.

Registering the System

You can register your Sun account and NAS server information with Sun Services online. If you do not have a Sun Account, you can create one during the registration.

To register the system:

1. From the navigation panel, choose System Operations > Online System Registration.

2. Read Sun's privacy policy and disclaimer. To continue, click the Agree button.

3. If you do not have a Sun Account, click on the here link at the bottom of the dialog. This opens the Sun Online Account Registration portal Click Register to begin to create the account.

4. If you have a Sun Account, type its ID in the Sun Account ID and enter its password.

5. Click Next to go to the Proxy Server tab.

6. Enter the name of the proxy server you want Sun Services to use and its port number. If the proxy server uses authentication, enter its user name and its password.

7. Click Next to go to the Options tab.

8. Select the type of information you want to send to Sun Services. The heartbeat data is a periodic check without regard to the type of event. The fault events are sent when a failure is occurring.

9. Click Apply to save your changes.

Backing Up Configuration Information

After you have completed the system configuration, back up the configuration information in the event of a system failure. For information about backing up configuration information, see Backing Up Configuration Information.

Where to Go From Here

At this point, your system is in full communication with the network. However, before your users can begin storing data, you must set up the file system and establish user access rights. For more information, see File-System Setup and Management.

To set up quotas, shares, exports, or other access controls, see Shares, Quotas, and Exports.

If there is a specific function you want to set up, look it up in the index to find the instructions.