Data ONTAP 7.2 Admin Guide
Uploaded by
ab.kiran201Data ONTAP 7.2 Admin Guide
Uploaded by
ab.kiran201Release Candidate Documentation—Updated 22 May 2006
Data ONTAP® 7.2
System Administration Guide
Network Appliance, Inc.
495 East Java Drive
Sunnyvale, CA 94089 USA
Telephone: +1 (408) 822-6000
Fax: +1 (408) 822-4501
Support telephone: +1 (888) 4-NETAPP
Documentation comments: doccomments@[Link]
Information Web: [Link]
Part number 210-02004_A0
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Copyright and trademark information
Copyright Copyright © 1994–2006 Network Appliance, Inc. All rights reserved. Printed in the U.S.A.
information No part of this document covered by copyright may be reproduced in any form or by any means—
graphic, electronic, or mechanical, including photocopying, recording, taping, or storage in an
electronic retrieval system—without prior written permission of the copyright owner.
Portions of this product are derived from the Berkeley Net2 release and the 4.4-Lite-2 release, which
are copyrighted and publicly distributed by The Regents of the University of California.
Copyright © 1980–1995 The Regents of the University of California. All rights reserved.
Portions of this product are derived from NetBSD, copyright © Carnegie Mellon University.
Copyright © 1994, 1995 Carnegie Mellon University. All rights reserved. Author Chris G. Demetriou.
Permission to use, copy, modify, and distribute this software and its documentation is hereby granted,
provided that both the copyright notice and its permission notice appear in all copies of the software,
derivative works or modified versions, and any portions thereof, and that both notices appear in
supporting documentation.
CARNEGIE MELLON ALLOWS FREE USE OF THIS SOFTWARE IN ITS “AS IS” CONDITION.
CARNEGIE MELLON DISCLAIMS ANY LIABILITY OF ANY KIND FOR ANY DAMAGES
WHATSOEVER RESULTING FROM THE USE OF THIS SOFTWARE.
Software derived from copyrighted material of The Regents of the University of California and
Carnegie Mellon University is subject to the following license and disclaimer:
Redistribution and use in source and binary forms, with or without modification, are permitted
provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notices, this list of conditions,
and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notices, this list of
conditions, and the following disclaimer in the documentation and/or other materials provided
with the distribution.
3. All advertising materials mentioning features or use of this software must display this text:
This product includes software developed by the University of California, Berkeley and its
contributors.
4. Neither the name of the University nor the names of its contributors may be used to endorse or
promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS “AS IS” AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS
BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
ii Copyright and trademark information
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
This software contains materials from third parties licensed to Network Appliance Inc. which is
sublicensed, and not sold, and title to such material is not passed to the end user. All rights reserved
by the licensors. You shall not sublicense or permit timesharing, rental, facility management or
service bureau usage of the Software.
Portions developed by the Apache Software Foundation ([Link] Copyright © 1999
The Apache Software Foundation.
Portions Copyright © 1995–1998, Jean-loup Gailly and Mark Adler
Portions Copyright © 2001, Sitraka Inc.
Portions Copyright © 2001, iAnywhere Solutions
Portions Copyright © 2001, i-net software GmbH
Portions Copyright © 1995 University of Southern California. All rights reserved.
Redistribution and use in source and binary forms are permitted provided that the above copyright
notice and this paragraph are duplicated in all such forms and that any documentation, advertising
materials, and other materials related to such distribution and use acknowledge that the software was
developed by the University of Southern California, Information Sciences Institute. The name of the
University may not be used to endorse or promote products derived from this software without
specific prior written permission.
Portions of this product are derived from version 2.4.11 of the libxml2 library, which is copyrighted
by the World Wide Web Consortium.
Network Appliance modified the libxml2 software on December 6, 2001, to enable it to compile
cleanly on Windows, Solaris, and Linux. The changes have been sent to the maintainers of libxml2.
The unmodified libxml2 software can be downloaded from [Link]
Copyright © 1994–2002 World Wide Web Consortium, (Massachusetts Institute of Technology,
Institut National de Recherche en Informatique et en Automatique, Keio University). All Rights
Reserved. [Link]
Software derived from copyrighted material of the World Wide Web Consortium is subject to the
following license and disclaimer:
Permission to use, copy, modify, and distribute this software and its documentation, with or without
modification, for any purpose and without fee or royalty is hereby granted, provided that you include
the following on ALL copies of the software and documentation or portions thereof, including
modifications, that you make:
The full text of this NOTICE in a location viewable to users of the redistributed or derivative work.
Any pre-existing intellectual property disclaimers, notices, or terms and conditions. If none exist, a
short notice of the following form (hypertext is preferred, text is permitted) should be used within the
body of any redistributed or derivative code: “Copyright © [$date-of-software] World Wide Web
Consortium, (Massachusetts Institute of Technology, Institut National de Recherche en Informatique
et en Automatique, Keio University). All Rights Reserved. [Link]
Notice of any changes or modifications to the W3C files, including the date changes were made.
THIS SOFTWARE AND DOCUMENTATION IS PROVIDED “AS IS,” AND COPYRIGHT
HOLDERS MAKE NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY OR FITNESS
FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF THE SOFTWARE OR
DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY PATENTS, COPYRIGHTS,
TRADEMARKS OR OTHER RIGHTS.
Copyright and trademark information iii
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
COPYRIGHT HOLDERS WILL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL OR
CONSEQUENTIAL DAMAGES ARISING OUT OF ANY USE OF THE SOFTWARE OR
DOCUMENTATION.
The name and trademarks of copyright holders may NOT be used in advertising or publicity
pertaining to the software without specific, written prior permission. Title to copyright in this
software and any associated documentation will at all times remain with copyright holders.
Software derived from copyrighted material of Network Appliance, Inc. is subject to the following
license and disclaimer:
Network Appliance reserves the right to change any products described herein at any time, and
without notice. Network Appliance assumes no responsibility or liability arising from the use of
products described herein, except as expressly agreed to in writing by Network Appliance. The use or
purchase of this product does not convey a license under any patent rights, trademark rights, or any
other intellectual property rights of Network Appliance.
The product described in this manual may be protected by one or more U.S. patents, foreign patents,
or pending applications.
RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to
restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer
Software clause at DFARS 252.277-7103 (October 1988) and FAR 52-227-19 (June 1987).
Trademark NetApp, the Network Appliance logo, the bolt design, NetApp–the Network Appliance Company,
information DataFabric, Data ONTAP, FAServer, FilerView, MultiStore, NearStore, NetCache, SecureShare,
SnapDrive, SnapLock, SnapManager, SnapMirror, SnapMover, SnapRestore, SnapVault, Spinnaker
Networks, the Spinnaker Networks logo, SpinAccess, SpinCluster, SpinFS, SpinHA, SpinMove,
SpinServer, SyncMirror, and WAFL are registered trademarks of Network Appliance, Inc. in the
U.S.A. and/or other countries. gFiler, Network Appliance, SnapCopy, Snapshot, and The Evolution of
Storage are trademarks of Network Appliance, Inc. in the U.S.A. and/or other countries and registered
trademarks in some other countries. ApplianceWatch, BareMetal, Camera-to-Viewer,
ComplianceClock, ComplianceJournal, ContentDirector, ContentFabric, EdgeFiler, FlexClone,
FlexVol, FPolicy, HyperSAN, InfoFabric, LockVault, Manage ONTAP, NOW, NOW NetApp on the
Web, ONTAPI, RAID-DP, RoboCache, RoboFiler, SecureAdmin, Serving Data by Design,
SharedStorage, Simulate ONTAP, Smart SAN, SnapCache, SnapDirector, SnapFilter, SnapMigrator,
SnapSuite, SnapValidator, SohoFiler, SpinAV, SpinManager, SpinMirror, SpinRestore, SpinShot,
SpinStor, vFiler, VFM, VFM (Virtual File Manager), VPolicy, and Web Filer are trademarks of
Network Appliance, Inc. in the United States and other countries. NetApp Availability Assurance and
NetApp ProTech Expert are service marks of Network Appliance, Inc. in the U.S.A.
Apple is a registered trademark and QuickTime is a trademark of Apple Computer, Inc. in the United
States and/or other countries. Microsoft is a registered trademark and Windows Media is a trademark
of Microsoft Corporation in the United States and/or other countries. RealAudio, RealNetworks,
RealPlayer, RealSystem, RealText, and RealVideo are registered trademarks and RealMedia,
RealProxy, and SureStream are trademarks of RealNetworks, Inc. in the United States and/or other
countries.
All other brands or products are trademarks or registered trademarks of their respective holders and
should be treated as such.
Network Appliance is a licensee of the CompactFlash and CF Logo trademarks.
Network Appliance NetCache is certified RealSystem compatible.
iv Copyright and trademark information
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Table of Contents
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .ix
Chapter 1 Introducing NetApp Storage Systems . . . . . . . . . . . . . . . . . . . . . 1
About storage systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
About storage system components . . . . . . . . . . . . . . . . . . . . . . . . 4
About Data ONTAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Chapter 2 Interfacing with Data ONTAP . . . . . . . . . . . . . . . . . . . . . . . . 15
How you administer a storage system . . . . . . . . . . . . . . . . . . . . . 16
Using the command line interface . . . . . . . . . . . . . . . . . . . . . . . 19
Using Data ONTAP commands at different privilege levels. . . . . . . . . . 22
Chapter 3 Accessing the Storage System. . . . . . . . . . . . . . . . . . . . . . . . . 25
Access methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Accessing a storage system from the console . . . . . . . . . . . . . . . . . 29
Accessing a storage system using a Telnet session. . . . . . . . . . . . . . . 33
Accessing a storage system using a Remote Shell connection . . . . . . . . . 37
Accessing a storage system using the HTTP/Web interface, FilerView . . . . 40
Managing access from administration hosts . . . . . . . . . . . . . . . . . . 45
Controlling storage system access . . . . . . . . . . . . . . . . . . . . . . . 49
Chapter 4 Understanding the Root Volume . . . . . . . . . . . . . . . . . . . . . . . 55
Root volume size and space guarantee requirements. . . . . . . . . . . . . . 56
Default directories in the root volume . . . . . . . . . . . . . . . . . . . . . 58
Contents of the /etc directory . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Accessing the default directories on the storage system . . . . . . . . . . . . 61
Editing configuration files . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Changing the root volume . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Table of Contents v
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Chapter 5 Starting and Stopping the Storage System . . . . . . . . . . . . . . . . . 67
Booting the storage system . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Booting the FAS200, FAS3000, and FAS6000 series storage systems . 70
Booting the FAS900 series storage systems . . . . . . . . . . . . . . . 81
Using storage systems as netboot servers . . . . . . . . . . . . . . . . . . . 84
Rebooting the storage system. . . . . . . . . . . . . . . . . . . . . . . . . . 87
Halting the storage system . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Chapter 6 Managing Administrator Access . . . . . . . . . . . . . . . . . . . . . . . 91
Using administrator accounts to control administrative access . . . . . . . . 92
About managing administrator access . . . . . . . . . . . . . . . . . . 93
Managing users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Managing groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . .101
Managing roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105
Listing and deleting users, groups and roles . . . . . . . . . . . . . . .111
Administrative user creation examples. . . . . . . . . . . . . . . . . .117
Managing passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .119
Managing passwords for security . . . . . . . . . . . . . . . . . . . .120
Changing passwords . . . . . . . . . . . . . . . . . . . . . . . . . . .122
Managing password rules . . . . . . . . . . . . . . . . . . . . . . . .124
Chapter 7 Performing General System Maintenance. . . . . . . . . . . . . . . . . .127
Aggregate Snapshot copy management . . . . . . . . . . . . . . . . . . . .128
Managing licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .132
Setting the system date and time . . . . . . . . . . . . . . . . . . . . . . . .134
Synchronizing the system time . . . . . . . . . . . . . . . . . . . . . . . . .137
Understanding core files . . . . . . . . . . . . . . . . . . . . . . . . . . . .140
Configuring message logging. . . . . . . . . . . . . . . . . . . . . . . . . .142
Configuring audit logging . . . . . . . . . . . . . . . . . . . . . . . . . . .146
Configuring storage system startup. . . . . . . . . . . . . . . . . . . . . . .148
About the /etc/rc file . . . . . . . . . . . . . . . . . . . . . . . . . . .149
Editing the storage system’s boot configuration file . . . . . . . . . . .151
Recovering from /etc/rc errors . . . . . . . . . . . . . . . . . . . . . .152
Storage system configuration backup and cloning . . . . . . . . . . . . . . .153
UPS management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .156
vi Table of Contents
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Chapter 8 Using AutoSupport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159
Learning about AutoSupport . . . . . . . . . . . . . . . . . . . . . . . . . .160
Configuring AutoSupport. . . . . . . . . . . . . . . . . . . . . . . . . . . .162
Troubleshooting AutoSupport . . . . . . . . . . . . . . . . . . . . . . . . .168
Interpreting AutoSupport messages . . . . . . . . . . . . . . . . . . . . . .171
About AutoSupport events . . . . . . . . . . . . . . . . . . . . . . . .172
Contents of AutoSupport messages . . . . . . . . . . . . . . . . . . .173
Chapter 9 Using SecureAdmin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .177
Learning about SecureAdmin. . . . . . . . . . . . . . . . . . . . . . . . . .178
How SecureAdmin uses SSH . . . . . . . . . . . . . . . . . . . . . .179
How SecureAdmin uses SSL. . . . . . . . . . . . . . . . . . . . . . .182
Managing SSH for SecureAdmin. . . . . . . . . . . . . . . . . . . . . . . .183
Setting up and starting SSH . . . . . . . . . . . . . . . . . . . . . . .184
Reinitializing SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . .186
Stopping or starting SSH service. . . . . . . . . . . . . . . . . . . . .188
Setting up public key-based authentication . . . . . . . . . . . . . . .189
Managing SSL for SecureAdmin . . . . . . . . . . . . . . . . . . . . . . . .193
General SecureAdmin administration . . . . . . . . . . . . . . . . . . . . .198
Chapter 10 Managing Remotely with the RLM . . . . . . . . . . . . . . . . . . . . .199
About the Remote LAN Module (RLM) . . . . . . . . . . . . . . . . . . . .200
Configuring the RLM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .203
Managing the RLM with Data ONTAP . . . . . . . . . . . . . . . . . . . .209
Logging in to the RLM . . . . . . . . . . . . . . . . . . . . . . . . . . . . .211
Managing the storage system with the RLM . . . . . . . . . . . . . . . . . .215
Displaying storage system and RLM information . . . . . . . . . . . . . . .221
Comparing Data ONTAP and RLM commands . . . . . . . . . . . . . . . .228
Troubleshooting the storage system with the RLM . . . . . . . . . . . . . .231
Updating the RLM firmware . . . . . . . . . . . . . . . . . . . . . . . . . .232
Troubleshooting RLM problems . . . . . . . . . . . . . . . . . . . . . . . .236
Table of Contents vii
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Chapter 11 System Information and Performance . . . . . . . . . . . . . . . . . . . .243
Managing filer performance using FlexShare . . . . . . . . . . . . . . . . .244
Understanding FlexShare . . . . . . . . . . . . . . . . . . . . . . . .245
Using FlexShare to assign priorities to volume data access . . . . . . .249
Storage system configuration information . . . . . . . . . . . . . . . . . . .256
Storage information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .259
Aggregate information . . . . . . . . . . . . . . . . . . . . . . . . . . . . .261
Volume information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .263
File statistics for volumes. . . . . . . . . . . . . . . . . . . . . . . . . . . .265
About the filestats command . . . . . . . . . . . . . . . . . . . . . . .266
Options for the filestats command . . . . . . . . . . . . . . . . . . . .269
Environmental status information . . . . . . . . . . . . . . . . . . . . . . .272
Fibre Channel information . . . . . . . . . . . . . . . . . . . . . . . . . . .275
Getting storage system information using the stats command . . . . . . . . .276
Getting system information using perfmon. . . . . . . . . . . . . . . . . . .287
Getting system information using perfstat . . . . . . . . . . . . . . . . . . .288
Improving storage system performance . . . . . . . . . . . . . . . . . . . .289
Chapter 12 Troubleshooting Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . .293
Storage system panics . . . . . . . . . . . . . . . . . . . . . . . . . . . . .294
Error messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .295
Other troubleshooting resources . . . . . . . . . . . . . . . . . . . . . . . .297
Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .299
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .309
viii Table of Contents
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Preface
Introduction This guide describes how to configure, operate, and manage Network
Appliance™ storage systems that run Data ONTAP® 7.2 software. It covers all
models.
Audience This guide is for system administrators who are familiar with operating systems,
such as the UNIX®, Windows NT®, Windows 2000®, Windows Server 2003®,
or Windows XP® operating systems, that run on the storage system’s clients. It
also assumes that you are familiar with how to configure the storage system and
how Network File System (NFS), Common Internet File System (CIFS), and
Hypertext Transport Protocol (HTTP) are used for file sharing or transfers. This
guide doesn’t cover basic system or network administration topics, such as IP
addressing, routing, and network topology.
Terminology NetApp® storage products (filers, FAS storage systems, and NearStore®
systems) are all storage systems—also sometimes called filers or storage
appliances.
An active/active configuration is a pair of storage systems configured to serve
data for each other if one of the two systems becomes impaired. In Data ONTAP
documentation and other information resources, active/active configurations are
sometimes also referred to as clusters or active/active pairs.
This guide uses the term type to mean pressing one or more keys on the keyboard.
It uses the term enter to mean pressing one or more keys and then pressing the
Enter key.
Command You can enter Data ONTAP commands on the system console or from any client
conventions computer that can access the storage system through a session using Telnet, rsh,
HTTP, Secure Socket Shell (SSH), or PuTTY.
In examples that illustrate commands executed on a UNIX workstation, the
command syntax and output might differ, depending on your version of UNIX.
Preface ix
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Keyboard When describing key combinations, this guide uses the hyphen (-) to separate
conventions individual keys. For example, Ctrl-D means pressing the Control and D keys
simultaneously. Also, this guide uses the term enter to refer to the key that
generates a carriage return, although the key is named “Return” on some
keyboards.
Typographic The following table describes typographic conventions used in this guide.
conventions
Convention Type of information
Italic font Words or characters that require special attention.
Placeholders for information you must supply. For
example, if the guide says to enter the arp -d
hostname command, you enter the characters arp
-d followed by the actual name of the host.
Book titles in cross-references.
Monospaced font Command and daemon names.
Information displayed on the system console or
other computer monitors.
The contents of files.
Bold monospaced font Words or characters you type. What you type is
always shown in lowercase letters, unless you
must type it in uppercase letters.
Special messages This guide contains special messages that are described as follows:
Note
A note contains important information that helps you install or operate the
storage system efficiently.
Attention
An attention note contains instructions that you must follow to avoid damage to
the equipment, a system crash, or loss of data.
x Preface
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Introducing NetApp Storage Systems 1
About this chapter This chapter provides a brief overview of what a NetApp® storage system is and
what features it provides. It includes concepts that are described in detail in other
guides in the Data ONTAP library, such as an aggregate, a FlexVol™ volume (a
flexible volume), a FlexClone™ volume (a flexible volume clone), and a
traditional volume. For detailed information about these topics, see the Storage
Management Guide.
Topics in this This chapter discusses the following topics:
chapter ◆ “About storage systems” on page 2
◆ “About storage system components” on page 4
◆ “About Data ONTAP” on page 7
Chapter 1: Introducing NetApp Storage Systems 1
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
About storage systems
What a storage A storage system is a hardware- and software-based data storage and retrieval
system is system. It responds to network requests from clients and fulfills them by writing
data to or retrieving data from its disk array. Storage systems provide a modular
hardware architecture running the Data ONTAP® operating system and WAFL®
(Write Anywhere File Layout) software. For information about all of the models
of NetApp storage systems, see [Link]
Note
Backend storage subsystems such as IBM®, Hitachi Data Systems®, and HP®
for V-Series systems provide storage for data. NetApp V-Series systems fulfill
client requests from Logical Unit Numbers (LUNs) on the backend storage
subsystems. For more information about V-Series systems, see the V-Series
Software Setup, Installation, and Management Guide.
Data ONTAP is the operating system for all NetApp storage systems. It provides
a complete set of storage management tools through its command-line interface,
through the FilerView® interface, through the DataFabric® Manager interface
(which requires a license), and for storage systems with a Remote LAN Module
(RLM) installed, through the RLM Ethernet connection to the system console.
For more information about Data ONTAP, see “About Data ONTAP” on page 7.
2 About storage systems
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Components of a A storage system consists of the following components.
storage system
Component Function
Storage system The hardware device that receives and sends data.
main unit, or
This unit also houses the storage system components
chassis, also known
and detects and gathers information about the hardware
as the storage
and the hardware configuration, the storage system
engine
components, operational status, hardware failures, and
error conditions. For information about how to view
this information, see “Environmental status
information” on page 272. For information about
environmental error codes, see the Diagnostics Guide
on the NetApp on the Web™ (NOW) site at
[Link]
Disk shelves Containers, or device carriers, that hold disks and
associated hardware (such as power supplies,
connectivity, and cabling) that are connected to the
main unit of the storage systems. For more
information, see “Disk shelves and disks” on page 6.
Note
For V-Series systems, see the documentation for your
storage subsystem for information about disks.
Chapter 1: Introducing NetApp Storage Systems 3
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
About storage system components
Types of The storage system has the following components:
components ◆ Internal components that enable the storage system to function
◆ Slots and ports that connect the storage system to networks
◆ Disk shelves that contain the disks
Internal The following internal components enable the storage system to function.
components
Component Description
System board The system board is also referred to
as the main board of the storage
system. It has upgradable firmware.
All components are connected to the
system board.
System memory System memory stores information
temporarily.
NVRAM (Nonvolatile RAM) Data ONTAP uses NVRAM to log
network transactions as a data
integrity measure. In case of a system
or power failure, Data ONTAP uses
the contents of NVRAM to restore
network data to disk.
CompactFlash™ card (not available The storage system automatically
on all models) boots from a Data ONTAP release
stored on the CompactFlash card.
The CompactFlash card also stores a
backup version of Data ONTAP from
which to boot the storage system in
an emergency.
LCD and LEDs The storage system displays status
information on the LCD and LEDs.
4 About storage system components
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Component Description
Environmental adapter The environmental adapter performs
the following functions:
◆ Monitors the storage system’s
temperature and fans
◆ Sends critical information to the
storage system’s LCD
◆ Logs information
◆ Shuts down the storage system if
its temperature is beyond a
critical range or the fans cease
operating
Remote Management Controller The RMC provides enhanced
(RMC) AutoSupport, such as “down filer”
(not available with all storage notification. For information on how
systems) to configure RMC, see the Software
Setup Guide.
RLM (Remote LAN Module) The RLM provides remote platform
(not available with all storage management capabilities for the
systems) storage system. It allows you to
remotely access the storage system
console over a network, and turn the
storage system power on or off
regardless of the operating state of
the storage system. The RLM
monitors and maintains hardware
event logs for the storage system, and
it generate alerts based on system
status. For more information, see
“About the Remote LAN Module
(RLM)” on page 200.
Slots and ports The storage system has slots for external connections and ports for a console and
diagnostic hardware. For information on how to configure host adapters for your
storage system, see the System Configuration Guide.
Chapter 1: Introducing NetApp Storage Systems 5
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Component Description
Slots The storage system contains expansion slots for the following
host adapters:
◆ Network interface cards (NICs)
◆ Disk shelf adapters
◆ Tape drive adapters
Serial ports The two serial ports are as follows:
◆ The console port connects the storage system to a serial
terminal that you can use as a console.
◆ The diagnostics port connects diagnostic equipment,
such as the environmental monitor unit (EMU) of a
StorageShelf 2 storage shelf.
Disk shelves and Disk shelves collect information about the presence of disks, fan status, power
disks supply status, and temperature. Disk shelves send messages to the console if
parameters exceed permissible operating conditions. For detailed information
about disk shelves see the appropriate hardware service guide for your specific
disk shelf. For detailed information about managing disks, see the Storage
Management Guide.
Note
For information about disk shelves connected to V-Series systems, see the
appropriate V-Series integration guide, the V-Series Planning Guide, and disk
shelf guide.
6 About storage system components
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
About Data ONTAP
Data ONTAP Data ONTAP provides the following features:
features ◆ Network file service
◆ Multiprotocol file and block sharing
◆ Data storage management
◆ Data organization management
◆ Data access management
◆ Data migration management
◆ Data protection
◆ System management
◆ AutoSupport
Network file service: Data ONTAP enables users on client workstations (or
hosts) to create, delete, modify, and access files or blocks stored on the storage
system.
Storage systems can be deployed in network attached storage (NAS) and storage
area network (SAN) environments for accessing a full range of enterprise data for
users on a variety of platforms. Storage systems can be fabric-attached, network-
attached, or direct-attached to support NFS, CIFS, HTTP, and FTP (File Transfer
Protocol) for file access, and Internet SCSI (iSCSI) for block-storage access, all
over TCP/IP, as well as SCSI over Fibre Channel Protocol (FCP) for block-
storage access, depending on your specific data storage and data management
needs.
Client workstations are connected to the storage system through direct-attached
or TCP/IP network-attached connections, or through FCP, fabric-attached
connections. For information about configuring a storage system in a network-
attached storage (NAS) network, see the System Configuration Guide and the
Network Management Guide. For information about configuring a storage system
in a storage area network (SAN) fabric, see the Compatibility and Configuration
Guide for NetApp’s FCP and iSCSI Products and your Block Access
Management Guide.
Multiprotocol file and block sharing: Clients can use the following
protocols to access data on the storage system:
◆ NFS (Network File System)—used by UNIX systems
◆ (PC)NFS (Personal Computer NFS)—used by PCs to access NFS
Chapter 1: Introducing NetApp Storage Systems 7
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
◆ CIFS (Common Internet File System)—used by Windows clients
◆ FTP (File Transfer Protocol)—used for file access and retrieval
◆ HTTP (HyperText Transmission Protocol)—used by the World Wide Web
and corporate intranets
◆ WebDAV (Web-based Distributed Authoring and Versioning)— used by
HTTP clients for distributed web content authoring operations
◆ FCP (Fibre Channel Protocol)—used for block access in storage area
networks
◆ iSCSI (Internet Small Computer System Interface)—used for block access in
storage area networks
Files written using one protocol are accessible to clients of any protocol,
provided that system licenses and permissions allow it. For example, an NFS
client can access a file created by a CIFS client, and a CIFS client can access a
file created by an NFS client. Blocks written using one protocol can also be
accessed by clients using the other protocol.
For information about NAS file access protocols, see the File Access and
Protocols Management Guide.
For information about SAN block access protocols, see the Block Access
Management Guide.
Data storage management: Data ONTAP stores data on disks in disk
shelves connected to storage systems. Disks are organized into redundant array of
independent disks (RAID) groups. RAID groups are organized into plexes, and
plexes are organized into aggregates. These topics are explained in detail in the
Storage Management Guide.
For SharedStorage™ storage systems, you can attach two to four systems to a
common set of disk drives. For information, see the Storage Management Guide.
Note
For information about managing disks connected to V-Series systems, see the V-
Series Software Setup, Installation, and Management Guide.
Data organization management: Data ONTAP organizes the data in user-
and system-files, and directories, in file systems called volumes, optionally in
qtrees, and optionally, in LUNs (Logical Unit Numbers) in SAN environments.
Aggregates provide the physical storage to contain volumes. These topics are
explained in detail in the Storage Management Guide. LUNs are described in
detail in the Block Access Management Guide for your protocol.
8 About Data ONTAP
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
When Data ONTAP is installed on an storage system at the factory, a root volume
is configured as /vol/vol0, which contains system files in the /etc directory. For
more information about the root volume, see “Understanding the Root Volume”
on page 55.
Data access management: Data ONTAP manages access to data by
performing the following operations:
◆ Checks file access permissions against file access requests.
◆ Checks write operations against file and disk usage quotas that you set.
These topics are explained in detail in the File Access and Protocols
Management Guide.
◆ Takes Snapshot™ copies and makes them available so that users can access
deleted or overwritten files. Snapshot copies are read-only copies of the
entire file system.
Snapshot copies are explained in detail in the Data Protection Online
Backup and Recovery Guide.
Data migration management: Data ONTAP manages data migration by
means of the following features:
◆ Snapshot copies
◆ Asynchronous mirroring
◆ Synchronous mirroring
◆ Backup to tape
◆ Aggregate copy
◆ Volume copy
◆ FlexClone
Data protection: Storage systems provide a wide range of data protection
features, as described in the following table.
Feature Description
aggr copy This is fast block copy of data stored in aggregates;
it enables you to copy blocks of stored system data
from one aggregate to another. For information
about aggregates and aggr copy, see the Storage
Management Guide.
Chapter 1: Introducing NetApp Storage Systems 9
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Feature Description
MetroCluster MetroCluster enhances SyncMirror® functionality
for disaster recovery by providing continuous
volume mirroring over 500-meter to 30-kilometer
distances. For information about disaster
protection using MetroCluster, see the Cluster
Installation and Management Guide.
NDMP (Network Data NDMP support enables third-party applications
Management Protocol) that use NDMP to manage tape backup operations
of system data. The ndmpcopy command carries
out NDMP-compliant backups and restores.
Security login restricts access to NDMP
operations. For information about NDMP, see the
Data Protection Tape Backup and Recovery Guide.
NVFAIL The nvfail option provides protection against data
corruption by nonvolatile RAM (NVRAM)
failures. For information about NVFAIL, see the
Data Protection Online Backup and Recovery
Guide.
SnapLock® software SnapLock provides an alternative to traditional
(license required) optical WORM (write-once-read-many) storage
systems for nonrewritable data. For information
about SnapLock, see the Data Protection Online
Backup and Recovery Guide.
SnapMirror® software System-to-system Snapshot mirroring enables you
(license required) to mirror Snapshot copies on one storage system to
a partner system. Should the original storage
system be disabled, this ensures quick restoration
of data from the point of the last Snapshot copy.
For information about SnapMirror, see the Data
Protection Online Backup and Recovery Guide.
SnapRestore® software The SnapRestore feature performs fast restoration
(license required) of backed-up data on request from Snapshot copies
on an entire volume. For information about
SnapRestore, see the Data Protection Online
Backup and Recovery Guide.
10 About Data ONTAP
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Feature Description
Snapshot™ software Manual or automatically scheduled multiple
backups (or Snapshot copies) of data using a
minimal amount of additional disk space at no
performance cost. For information about how Data
ONTAP organizes and manages data, see the
chapters on aggregate management and volume
management in the Storage Management Guide.
For information about Snapshot copies, see the
Data Protection Online Backup and Recovery
Guide.
SnapVault® software SnapVault combines Snapshot schedules and Qtree
(license required) SnapMirror to provide disk-based data protection
for NetApp storage systems. You can also install
the Open Systems SnapVault agent on non-NetApp
systems. This allows SnapVault to back up and
restore data to those systems also.
Using SnapVault, you can periodically replicate
selected Snapshot copies from multiple client
NetApp storage systems to a common Snapshot
copy on the SnapVault server. The Snapshot copies
on the server become the backups. You decide
when to dump data from the SnapVault server to
tape. As a result, you avoid the bandwidth
limitations of tape drives, you restore data faster,
and you don’t need to perform full dumps from
primary storage, so you don’t need to schedule a
backup window. For information about SnapVault,
see the Data Protection Online Backup and
Recovery Guide.
Chapter 1: Introducing NetApp Storage Systems 11
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Feature Description
SyncMirror® The SyncMirror software performs real-time
(cluster configuration RAID-level—that is, RAID4 or RAID-DP™
required) (RAID double-parity)—mirroring of data to two
separate plexes that are physically connected to the
same storage system head. If there is an
unrecoverable disk error on one plex, the storage
system automatically switches access to the
mirrored plex. For information about supported
RAID levels and plexes, see the Storage
Management Guide. For information about
SyncMirror, see the Data Protection Online
Backup and Recovery Guide.
Tape backup and Tape backup dump and restore commands enable
restore you to back up system or SnapVault Snapshot
copies to tape. Because the Snapshot copy, rather
than the active file system, is backed up to tape, the
storage system can continue its normal functions
while the tape backup is occurring. For
information about tape backup, see the Data
Protection Tape Backup and Recovery Guide.
Virus scan support Data ONTAP provides support for third-party-
scanning software for files accessed by CIFS
clients. For information about virus protection for
CIFS, see the Data Protection Online Backup and
Recovery Guide.
vol copy This is fast block copy of data stored in volumes; it
enables you to copy blocks of stored system data
from one volume to another. For information about
volumes and vol copy, see the Data Protection
Online Backup and Recovery Guide.
System management: Data ONTAP provides a full suite of system
management commands that allows you to monitor storage system activities and
performance. You can use Data ONTAP to
◆ Manage network connections
◆ Manage adapters
12 About Data ONTAP
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
◆ Manage protocols
◆ Configure pairs of storage systems into clusters for failover
◆ Configure SharedStorage storage systems into a community
◆ Manage storage
◆ Dump data to tape and restore it to the storage system
◆ Mirror volumes (synchronously and asynchronously)
◆ Create vFiler™ units. For information about vFiler units, see the MultiStore
Management Guide
For information about all Data ONTAP commands, see the Commands: Manual
Page Reference, Volume 1 and Commands: Manual Page Reference, Volume 2.
AutoSupport: Data ONTAP provides the AutoSupport feature, which
automatically sends AutoSupport Mail notifications about storage system
problems to technical support and up to five designated recipients. For more
information about AutoSupport, see “Using AutoSupport” on page 159.
Chapter 1: Introducing NetApp Storage Systems 13
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
14 About Data ONTAP
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Interfacing with Data ONTAP 2
About this chapter This chapter describes all of the ways you can execute Data ONTAP commands,
including the Manage ONTAP™ Developer SDK software.
Topics in this This chapter discusses the following topics:
chapter ◆ “How you administer a storage system” on page 16
◆ “Using the command line interface” on page 19
◆ “Using Data ONTAP commands at different privilege levels” on page 22
Chapter 2: Interfacing with Data ONTAP 15
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
How you administer a storage system
Ways to administer You can use the following methods of administering a storage system with Data
a storage system ONTAP:
◆ Command execution through the storage system’s command line interface
(CLI)
◆ Command execution through the RLM redirection feature (not available on
all platforms)
◆ Command execution through Windows network management tools
◆ Configuration file editing
◆ Command execution through the FilerView interface
◆ Command execution through DataFabric Manager software
◆ Programmatic execution through Manage ONTAP Developer SDK software
Command You can use the storage system’s CLI to execute all Data ONTAP administrative
execution through commands, with the exception of some Windows server administrative
the storage commands.
system’s CLI
You can access the storage system’s command line from
◆ A serial terminal connected to the console port of the storage system
◆ An Ethernet connection to an RLM installed in the storage system (not
available for all platforms)
◆ A Telnet session to the storage system
◆ A remote shell program, such as the UNIX rsh utility (provides access for a
limited set of commands)
◆ A secure shell application program, such as SSH, OpenSSH for UNIX
Command You can use the redirection feature of the RLM to remotely execute all Data
execution through ONTAP administrative commands. For more information about this feature, see
the RLM Chapter 10, “Managing Remotely with the RLM,” on page 199.
16 How you administer a storage system
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Command You can use Windows commands to perform system administrative tasks related
execution through to Windows network operations. You can also use a secure shell application
Windows program, such as PuTTY.
You can execute Windows commands that affect the storage system using native
Windows administration tools such as Server Manager and User Manager.
Configuration file You edit configuration files to supply information that Data ONTAP needs to
editing perform certain tasks.
You can access configuration files by mounting the root directory of the storage
system on a UNIX client or by mapping the administrative share (C$) to a drive
on a Windows client, then editing the file from the client. For more information
about the root volume, /vol/vol0, and the configuration file in its root directory,
/etc, see “Default directories in the root volume” on page 58.
Command You use FilerView to perform most administrative tasks from a Web-based
execution through interface. You can use FilerView whether or not you purchased a license for the
FilerView HTTP protocol.
DataFabric Manager DataFabric Manager is a simple, centralized administration tool that enables
software comprehensive management of enterprise storage and content delivery
infrastructure. This suite of tools, which runs on a management server,
consolidates tasks that would otherwise require separate steps and allows for a set
of optional modules that provides specific additional functionality.
You must purchase the DataFabric Manager license to use this product. For more
information about DataFabric Manager, see the DataFabric Manager Information
Library at
[Link]
Manage ONTAP The Manage ONTAP SDK contains resources necessary to develop third-party
Developer SDK applications which monitor and manage storage systems. The kit contains
software libraries, code samples and bindings in Java, C, and Perl for the new ONTAPI™
programming interface set. A NetApp storage system simulator which runs on
Linux or Solaris, that simulates the NetApp storage system to a very low level, is
Chapter 2: Interfacing with Data ONTAP 17
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
also available as a separate distribution. For more information, read about the
Network Appliance Advantage Developer Program at
[Link]
18 How you administer a storage system
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Using the command line interface
Features for editing Data ONTAP provides the following features to help you when you enter
commands commands on the command line:
◆ History
◆ Command-line editor
◆ Online command-line help
◆ Online Data ONTAP command-line manual (man) pages
Using the history The history feature enables you to scroll through recently entered commands, as
feature described in the following table.
If you want to... With the cursor keys With a key-combination
Scroll back through Press the Up arrow key. Press Ctrl-P.
commands
Scroll forward Press the Down arrow Press Ctrl-N.
through commands key.
Using the The command-line editor enables you to position the cursor anywhere in a
command-line partially typed command and insert characters at the cursor position. You can use
editor various key combinations to move the cursor within the same line and edit the
command, as shown in the following table.
If you want to... Then...
Move the cursor right one position Press Ctrl-F or the Right arrow key.
Move the cursor left one position Press Ctrl-B or the Left arrow key.
Move the cursor to the end of the line Press Ctrl-E.
Move the cursor to the beginning of Press Ctrl-A.
the line
Chapter 2: Interfacing with Data ONTAP 19
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
If you want to... Then...
Delete all characters from the cursor Press Ctrl-K.
to the end of the line
Delete the character to the left of the Press Ctrl-H.
cursor and move the cursor left one
position
Delete the line Press Ctrl-U.
Delete a word Press Ctrl-W.
Reprint the line Press Ctrl-R.
Online command- When using the command line, you can get command-line syntax help from the
line help command line by entering the name of the command followed by help or the
question mark (?). The fonts or symbols used in syntax help are as follows:
keyword specifies the name of a command or an option that must be entered
as shown.
< > (less than, greater than symbols) specify that you must replace the
variable identified inside the symbols with a value.
| (pipe) indicates you must choose one of elements on either side of the pipe.
[ ] (brackets) indicate that the element inside the brackets is optional.
{ } (braces) indicate that the element inside the braces is required.
The following example show the result of entering the environment help
command at the storage system command line:
toaster> environment help
Usage: environment status |
[status] [shelf [<adapter>] ] |
[status] [chassis [all | Fans | Power |
Temperature | PS1 | PS2 | RTC battery]]
You can also type the question mark at the command line for a list of all the
commands that are available at the current level of administration (administrative
or advanced). For information about administration levels, see “Using Data
ONTAP commands at different privilege levels” on page 22.
20 Using the command line interface
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Command line man Data ONTAP provides online manual (man) pages for the following types of
pages information. They are grouped into sections according to standard UNIX naming
conventions.
Types of information Man page section
Commands 1
Special files 4
File formats and conventions 5
System management and services 8
Man pages can be viewed in the following ways:
◆ At the storage system command line, by entering
man command_or_file_name
◆ From the FilerView main navigational page
◆ In the following documents:
❖ Commands: Manual Page Reference, Volume 1
❖ Commands: Manual Page Reference, Volume 2
Note
All man pages are stored on the storage system in files whose names are prefixed
with the string “na_” to distinguish them from client man pages. The prefixed
names are used to refer to storage system man pages from other man pages and
sometimes appear in the NAME field of the man page, but the prefixes are not
part of the command, file, or services.
For more information, see the man(1) man page.
Chapter 2: Interfacing with Data ONTAP 21
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Using Data ONTAP commands at different privilege levels
About privilege Data ONTAP provides two sets of commands, depending on the privilege level,
levels which can be administrative or advanced. You can set the privilege level by using
the priv command.
At the administrative level, you have access to commands that are sufficient for
managing your storage system. At the advanced level, in addition to all the
commands available at the administrative level, you have access to commands for
troubleshooting. Commands accessible only at the advanced level should be used
under the guidance of technical support.
Attention
Using advanced commands can be dangerous. Using some advanced commands
without consulting technical support might result in data loss.
How different Sessions opened through the console, Telnet, and secure shell applications share
privilege settings the same privilege setting. For example, if you set the privilege level to advanced
apply to different at the console, the advanced commands also become available to an administrator
sessions who is connected to the storage system using Telnet.
You can, however, set a different privilege level for each invocation of rsh.
Suppose your privilege level at the console is administrative and, through rsh,
another administrator sets the privilege level to advanced. Your privilege level at
the console remains unchanged.
Initial privilege level The initial privilege level for the console and for each rsh session is
administrative.
Data ONTAP resets the privilege level to administrative for each rsh session. If
you have a script invoking multiple rsh connections and you want to execute
advanced commands in each connection, you must set the privilege level
accordingly for each rsh session. If you set the privilege level for the first rsh
session only, Data ONTAP fails to execute the advanced commands through the
subsequent rsh sessions, because the privilege level for each subsequent session
is reset to administrative.
22 Using Data ONTAP commands at different privilege levels
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Setting the privilege To set the privilege level, complete the following step.
level
Step Action
1 Enter the following command:
priv set [-q] [admin | advanced]
admin sets the privilege level to administrative.
advanced sets the privilege level to advanced.
-q enables quiet mode. It suppresses the warning that normally
appears when you set the privilege level to advanced.
Note
If no argument is given, the default, admin, is applied.
Example: Assuming the name of the storage system is sys1, the
storage system prompt is sys1>, as shown in the following example.
sys1> priv set advanced
Result: The following message is displayed, followed by the
advanced mode storage system prompt.
Warning: These advanced commands are potentially
dangerous; use them only when directed to do so by
Network Appliance personnel.
sys1*>
Chapter 2: Interfacing with Data ONTAP 23
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
24 Using Data ONTAP commands at different privilege levels
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Accessing the Storage System 3
About this chapter This chapter describes the methods you can use to access the storage system,
what you need to know about those methods, and how you manage access to the
storage system from administration hosts.
Topics in this This chapter discusses the following topics:
chapter ◆ “Access methods” on page 26
◆ “Accessing a storage system from the console” on page 29
◆ “Accessing a storage system using a Telnet session” on page 33
◆ “Accessing a storage system using a Remote Shell connection” on page 37
◆ “Accessing a storage system using the HTTP/Web interface, FilerView” on
page 40
◆ “Managing access from administration hosts” on page 45
◆ “Controlling storage system access” on page 49
Chapter 3: Accessing the Storage System 25
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Access methods
What type of access The ways to access the storage system depend on the tasks you intend to perform.
is needed You can
◆ Administer the storage system—To access the storage system to administer
it, you only need network connectivity to the storage system and
authentication privileges. No licenses are required to access the storage
system to administer it.
◆ Store data on the storage system—To store and retrieve data on the storage
system, you must have an NFS or a CIFS license installed to access the
storage system, mount system directories, and store data and retrieve data.
Administering the You can directly access a storage system to administer it using one of the
system following methods:
(no licenses are ◆ From a console that is attached by a cable to the storage system’s serial port
required)
◆ From the Ethernet network interface card (NIC) that is preinstalled in the
storage system. Use this card to connect to a TCP/IP network to administer
the storage system:
❖ From any client by using a Telnet session
❖ From any client by using a Remote Shell connection
❖ From any client by using a Web browser and the FilerView interface
❖ From any client by using a secure shell client application, such as SSH,
OpenSSH for UNIX hosts or PuTTY for Windows hosts (required for
connecting the host to storage systems with an RLM installed)
Storing and You can directly access a storage system to administer it, and to store and retrieve
retrieving data data, using one of the following methods:
(licenses are ◆ From a console that is attached by a cable to the storage system’s serial port
required)
◆ From the Ethernet network interface card (NIC) that is preinstalled in the
storage system. Use this card to connect to a TCP/IP network to administer
the storage system, as well as to store and retrieve data:
❖ From an NFS client or CIFS client by using a Telnet session
❖ From an NFS client or CIFS client by using a Remote Shell connection
26 Access methods
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
❖ From an NFS client or CIFS client by using a Web browser and the
FilerView interface
❖ From an NFS or CIFS client by using a secure shell client application,
such as SSH, OpenSSH for UNIX hosts or PuTTY for Windows hosts
(required for connecting the host to storage systems with an RLM
installed and using the console redirection feature)
❖ From an NFS client or CIFS client by using a Web browser and the
DataFabric Manager interface (a DataFabric Manager license is also
required)
❖ From a CIFS client to provide support for the SnapDrive® feature in a
Windows environment
❖ From an NFS client or CIFS client to manage Fibre Channel switches
(in a SAN environment)
Sharing a console You use the [Link] option to control whether the console
session session is shared with a Telnet or an SSH-interactive session at the same time or
the console session is a distinct user environment separate from Telnet and SSH-
interactive sessions. However, if you have the RLM installed in your storage
system, the console session is always shared with the RLM session, regardless of
the [Link] option setting.
The default setting for the [Link] option is Off. This causes
the console session to share a Telnet or SSH-interactive session. The
[Link] option also determines when the autologout program
logs you out of a Telnet session.
Note
An SSH-interactive session is initiated by opening the session without entering a
command. For example, you would enter the following command: ssh toaster
-l root:"" (instead of ssh filer -l root:"" command, which initiates a non-
interactive session).
Rules that apply to The following rules apply to console, Telnet, and SSH-interactive sessions
console, Telnet, and regardless of the [Link] option setting:
SSH-interactive ◆ You cannot open more than one Telnet or SSH-interactive session at a time.
sessions
◆ You cannot open a Telnet and an SSH-interactive session at the same time.
Chapter 3: Accessing the Storage System 27
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Note
You can prevent commands from being aborted at the console or through a Telnet
or SSH session by using the rsh command to initiate commands from an
administration host.
Sharing the console session: If the [Link] option is set
to Off, the console shares a session with a Telnet or SSH-interactive session, and
the following rules apply:
◆ Commands typed at either the console or the Telnet or SSH-interactive
session are echoed to the other location.
◆ Pressing Ctrl-C aborts the current command regardless of where the
command was entered.
◆ Messages are displayed at both locations.
◆ Auditlog entries identify all console commands as “console shell,” as shown
in the following example:
Fri Feb 18 12:51:13 GMT [toaster: rc:debug]: root:IN:console
shell:df
◆ Auditlog entries identify all Telnet and SSH-interactive commands as “telnet
shell.”
◆ The autologout program logs the user out of the Telnet session after the
number of minutes specified by the [Link] option
has elapsed. The timeout counter starts after the Enter or Return key is
pressed. For example, if the [Link] option is set to
ten minutes, every time you press the Enter key, the timeout counter starts
counting. If ten minutes elapse before you press the Enter key again, the
autologout program logs you out.
Not sharing the console session: If the [Link] option
is On, the console session has a distinct user environment and the following rules
apply:
◆ Commands that are typed at one location are not echoed to the other
location.
◆ Messages are not displayed at both locations.
◆ User privileges are not shared between console and Telnet sessions.
◆ Auditlog entries identify all console, Telnet, and SSH-interactive commands
as “console shell.”
◆ The autologout program logs the user out of the Telnet session after the
number of minutes specified by the [Link] option
has elapsed. The timeout counter starts after the command is executed.
28 Access methods
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Accessing a storage system from the console
Using the serial To access a storage system from a console that is attached by a cable to the
port system’s serial port, complete the following steps.
Step Action
1 At the console, press Enter.
Result: The storage system responds with the login or password
prompt.
2 If the storage system displays the login prompt, do one of the
following:
◆ To access the storage system with the system account, enter the
following account name:
root
◆ To access the storage system with an alternative administrative
user account, enter the following:
username
username is the administrative user account.
Result: The storage system responds with the password prompt.
3 Enter the password for the root or administrative user account.
Note
If no password is defined for the account, press Enter.
Chapter 3: Accessing the Storage System 29
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Step Action
4 When you see the system prompt followed by a system message,
press Enter to get to the system prompt.
Example:
toaster> Thu Aug 5 15:19:39 PDI [filer: telnet_0:info]:
root logged in from host: unix_host12.[Link]
Press Enter.
toaster>
Note
You can abort commands entered at the console by pressing Ctrl-C.
Using the RLM to The RLM is not available on all storage systems. For information about the
remotely access the RLM, see Chapter 10, “Managing Remotely with the RLM,” on page 199.
system console
You must use an account that has an assigned role as admin or root to access a
system with the RLM.
To remotely access a system console by using the RLM system console
redirection feature, complete the following steps.
Step Action
1 From a UNIX or Windows administration host, log in to the RLM
console. For information about the procedure, see “Logging in to the
RLM” on page 211.
Result: The storage system responds with the RLM prompt.
30 Accessing a storage system from the console
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Step Action
2 Enter the following command:
RLM toaster> system console
If the storage system displays the login prompt, do one of the
following:
◆ To access the storage system with the system root account, enter
the following account name:
naroot
◆ To access the storage system with an alternative administrative
user account, enter the following account name:
username
username is the administrative user account.
Result: If the account requires a password, you are prompted for it.
3 Enter the password for the root or administrative user account.
If no password is defined for the account, press Enter.
4 When you see the storage system prompt followed by a system
message, press Enter to get to the storage system prompt.
Example:
toaster> Tue Mar 1 15:19:39 PDI [toaster: ssh_0:info]:
root logged in from host: unix_host12.[Link]
Press Enter.
toaster>
Note
You can abort commands entered at the console by pressing Ctrl-C.
5 To exit the console redirection session and return to the RLM
prompt, press Ctrl-D.
When options A console session must be reestablished before any of the following options
command values command values take effect:
take effect ◆ [Link]
◆ [Link]
Chapter 3: Accessing the Storage System 31
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
◆ [Link]
◆ [Link]
For more information about these options, see the online na_options page or the
Commands: Manual Reference Page, Volume 1.
32 Accessing a storage system from the console
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Accessing a storage system using a Telnet session
Requirements for The following requirements must be met before you can connect to a storage
using a Telnet system using a Telnet session.
session ◆ The [Link] option must be set to On, which is the default setting.
You verify the option is on by entering the options telnet command. You
set the option to On by entering the options [Link] on command.
For more information, see the Options man page.
◆ The [Link] option must be set so that the protocol access control
defined for the storage system allows Telnet access. For more information,
see the na_options(1) and na_protocolaccess(1) man pages.
Number of active Only one Telnet session can be active at a time. You can, however, open a console
Telnet sessions session at the same time a Telnet session is open. For more information, see
allowed “Sharing the console session” on page 28.
Using a Telnet To access a storage system from a client through a Telnet session, complete the
session following steps.
Step Action
1 Open a Telnet session on a client.
2 Connect to the storage system using its name.
3 If the storage system displays the login prompt, do one of the
following:
◆ To access the storage system with the system account, enter the
following account name:
root
◆ To access the storage system with an alternative administrative
user account, enter the following:
username
username is the administrative user account.
Result: The storage system responds with the password prompt.
Chapter 3: Accessing the Storage System 33
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Step Action
4 Enter the password for the root or administrative user account.
Note
If no password is defined for the account, press Enter.
5 When you see the storage system prompt followed by a system
message, press Return to get to the storage system prompt.
Example:
toaster> Thu Aug 5 15:19:39 PDI [toaster: telnet_0:info]:
root logged in from host: unix_host12.[Link]
Press Enter.
toaster>
Note
You can abort commands entered through a Telnet session by
pressing Ctrl-C.
Terminating a Telnet You can terminate a Telnet session from the Telnet session, from a console
session session, or from a Remote Shell connection.
To terminate a Telnet session with a storage system, complete the following step.
Step Action
1 Press Ctrl-] or enter the following command to log out of the storage
system at the system prompt or at the console:
logout telnet
or press Ctrl-D to close the Telnet session.
Note
If you are at a Remote Shell connection, enter the following
command:
rsh -l username:password hostname logout telnet
34 Accessing a storage system using a Telnet session
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
What you can You can configure the following behavior for Telnet sessions:
configure ◆ A banner message appearing above the Telnet login prompt
◆ A timeout period
Configuring a You can configure a banner message to appear at the beginning of a Telnet
banner message session to a storage system by creating a file called issue in the /etc directory of
the administration host’s root volume. The message only appears at the beginning
of the session. It is not repeated if there are multiple failures when attempting to
log in. The following example shows how the message in /etc/issue appears,
assuming the contents of the issue file is “This system is for demonstrations
only.”
admin_host% telnet toaster
Trying [Link].49...
Connected to [Link]
Escape character is ‘^]’.
This system is for demonstrations only.
Data ONTAP <[Link]>
Login:
Configuring the You can configure the timeout period for Telnet sessions. By default, Telnet
timeout period sessions have timeout periods of 60 minutes.
Changing the To change the timeout period for Telnet sessions, complete the following step.
timeout period
Step Action
1 Enter the following command:
options [Link] minutes
minutes is the length of the timeout period.
The range of minutes is 1 to 35,791. The maximum number is equal
to approximately 596 hours, or slightly less than 25 days.
Chapter 3: Accessing the Storage System 35
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Disabling the To disable the timeout period for Telnet sessions, complete the following step.
timeout period
Step Action
1 Enter the following command:
options [Link] off
When options A Telnet session must be reestablished before any of the following options
command values command values take effect:
take effect ◆ [Link]
◆ [Link]
◆ [Link]
◆ [Link]
For more information about these options, see the online na_options(1) man page
or the Commands: Manual Reference Page, Volume 1.
36 Accessing a storage system using a Telnet session
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Accessing a storage system using a Remote Shell connection
Remote Shell with The storage system supports a Remote Shell with trusted remote hosts. Trusted
trusted remote remote hosts are hosts listed in /etc/[Link] on the root volume.
hosts supported
Use of rsh Under some circumstances, you might need to supply a user name and a
command with user password when using the rsh protocol to run a command on the storage system.
names and The following table describes the circumstances under which a user name and
passwords password are required.
If you are logged in ... Then...
As root on a UNIX host that is listed You do not need to supply a user
in the storage system’s name or a password.
/etc/[Link] file
As a user other than root on a UNIX You need to supply a user name and a
host that is listed in the storage password. The user name can be root
system’s /etc/[Link] file or the name of an administrative user
that has been defined on the storage
system.
Note
To issue commands from a Remote Shell on a PC, you must always supply a
user name for the PC in the storage system’s /etc/[Link] file. For more
information, see the na_hosts.equiv(5) man page.
Maximum number You can have up to 24 concurrent rsh sessions running on a storage system, and
of rsh sessions you can have up to 4 concurrent rsh sessions running on each vFiler.
allowed
Chapter 3: Accessing the Storage System 37
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Format for rsh The format for rsh commands that include a user name and, optionally, a
commands with password is as follows:
user name and rsh -l username [:password] host_command
password
Example: The following example illustrates an rsh command entered with a
user name and a password:
rsh -l root:figby cifs shares
Attention
Passing a password in this manner is a security risk, especially for UNIX clients.
On many UNIX clients, this command can be visible to other users on the storage
system who run the ps program at the same time the command is executed.
On any client, the password is visible in plaintext over the network. Any program
that is capturing network traffic when the password is sent will record the
password. To avoid exposing the password, log in as root on a client listed in the
storage system’s /etc/[Link] file and issue the command.
If you want to take advantage of role-based user authentication, use SSH. For
more information, see “Setting up public key-based authentication” on page 189.
Commands not You cannot execute the following commands by using the rsh command:
accepted from rsh arp
orouted
ping
routed
savecore
setup
traceroute
Accessing a To access a storage system from a UNIX client by using the rsh command,
storage system complete the following step.
from a UNIX client
by using an rsh Step Action
command
1 Enter the rsh command, replacing command and arguments with the
desired command and arguments:
rsh filername command arguments
Example: rsh filer12 sysstat 1
38 Accessing a storage system using a Remote Shell connection
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Accessing a To access a storage system from a Windows client by using a Remote Shell
storage system application, complete the following steps.
from a Windows
client by using a Step Action
Remote Shell
application 1 Run the Remote Shell application on the CIFS client.
2 Enter the client in the /etc/[Link] file.
3 Enter the rsh command, replacing command and arguments with the
desired command and arguments:
rsh filername command arguments
Example: rsh filer12 sysstat 1
Resetting options If you want to reset options to their default values from rsh, you must precede
to default values the quotation characters (") with the escape character, which is the backslash (\).
from rsh For example, if you want to reset the CIFS home directory path from a Windows
host using a console session, you would enter the following command:
c:\> toaster options cifs.home_dir ""
However, from an rsh session, you must enter the following command:
c:\> rsh toaster options cifs.home_dir \"\"
Chapter 3: Accessing the Storage System 39
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Accessing a storage system using the HTTP/Web interface,
FilerView
What FilerView is FilerView is an HTTP/Web-based graphical management interface that enables
you to manage most storage system functions from a Web browser rather than by
entering commands at the console, through a Telnet session, the rsh command,
or by using scripts or configuration files.
You can also use FilerView to view information about the storage system, its
physical storage units, such as adapters, disks and RAID groups, and its data
storage units, such as aggregates, volumes, and LUNs. You can also view
statistics about network traffic.
FilerView is easy to use, and you can access online Help, which explains Data
ONTAP features and how to use them.
FilerView requires a FilerView requires a Netscape Navigator® 4.51 or later or Microsoft® Internet
Web browser and Explorer™ 4.0 or later browser. The browser must have Java and JavaScript
Java support enabled.
If your system has a newer version of Microsoft Windows, and it does not include
Java support, you must download a Java run-time environment separately to
ensure FilerView functions properly.
Note
Other browsers that support Java and JavaScript might also be compatible with
FilerView.
Client platforms The following platforms support FilerView:
that support ◆ Windows 95
FilerView
◆ Windows 98
◆ Windows 2000
◆ Windows Server 2003
◆ Windows NT
◆ Windows XP
◆ UNIX
40 Accessing a storage system using the HTTP/Web interface, FilerView
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
◆ Solaris
◆ Linux
◆ HPUX
Options that control The following options control access to FilerView. For information about how to
access to FilerView use these options, see the na_options man pages:
◆ [Link]
◆ [Link]
◆ [Link]
Accessing a To access a storage system from a client by using FilerView, complete the
storage system following steps.
from a client by
using FilerView Steps Action
1 Start your Web browser.
2 Enter the following URL, replacing filername with the name of your
storage system:
[Link]
filername is either the fully qualified name or the short name of the
storage system or the IP address of the storage system.
Result: The online administrative window appears.
Chapter 3: Accessing the Storage System 41
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Steps Action
3 Click FilerView.
Result:
◆ If the storage system is password protected, you are prompted
for a user name and password.
◆ Otherwise, FilerView is launched, and a screen appears with a
list of categories in the left panel and the System Status
information in the main panel.
Note
To access FilerView securely, set up the SecureAdmin™ feature and
enable it for Secure Sockets Layer (SSL) by using the secureadmin
command. Then access the Web site using
[Link] For more information about
SecureAdmin, see Chapter 9, “Using SecureAdmin,” on page 177
and the na_secureadmin(1) man page.
Using the interface The FilerView interface consists of three main frames: a left frame, a right frame,
and a title frame.
Left frame: The left frame contains an expandable list of topics:
◆ Most of the categories represent management functions.
◆ The Real Time Status category contains choices that launch separate tools
that monitor system performance.
◆ The Wizards category contains choices that launch separate wizards for
system setup, CIFS setup, and vFiler setup.
42 Accessing a storage system using the HTTP/Web interface, FilerView
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Selecting a function To select a function or wizard, complete the following step.
or wizard
Step Action
1 Click the function name or wizard.
Result:
◆ If you click a function name, the category expands and you can
select a specific task.
◆ If you click a wizard, you are prompted to enter data or make
selections.
Viewing the real- To view the real-time displays, complete the following steps.
time displays
Step Action
1 Click Real Time Status.
2 Click the display you want to view.
Note
If you select Health Monitor, a Java applet is launched, which may
take several seconds to load.
Right frame: If you select the add function from the left frame for volumes or
aggregates, a wizard is launched. If you select manage, configure or report
functions from the left frame, the right frame changes to display forms that
provide information about the system configuration. You can change the system
configuration by entering data in the fields or by making selections from lists.
To change the system configuration, complete the following steps.
Step Action
1 Change information that is displayed in the right frame.
2 Save the information by pressing the Add button.
Chapter 3: Accessing the Storage System 43
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Title frame: The title frame contains the name of the function you select from
the left frame, followed by the path to the function. For example, if you select
Report in the Volumes category, the title frame shows the path as
Volumes > Report.
Help buttons: Help buttons are situated next to the categories in the left frame
and in the title frame. Help provides a description of the function, descriptions of
the fields that the function uses, and procedures for tasks you can perform with
the function.
To view Help, complete the following steps.
Step Action
1 Click the Help button next to a category.
Result: A two-frame Help screen appears. The left frame displays
an expandable table of contents, with additional tabs at the top
labeled Index and Search. As you select topics from the left frame,
the right frame displays a page with tabs at the top labeled Concepts,
Procedures, and More Information, which relate to the topic you
selected. The tabs only appear when the topic in left frame
specifically cover procedures, and More Information is not available
for all topics.
2 To view tasks, click the Procedures tab when it appears at the top of
the right frame.
3 To view additional information about a topic, when available, click
the More Information tab when it appears at the top of the right
frame.
4 To view descriptions of fields, click the Help icon next to the
appropriate field in the left FilerView frame.
44 Accessing a storage system using the HTTP/Web interface, FilerView
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Managing access from administration hosts
What an An administration host can be any workstation that is either an NFS or a CIFS
administration host client on the network. You designate a workstation as an administration host for
is the following purposes:
◆ To limit access to the storage system’s root file system
◆ To provide a text editor to edit configuration files
◆ To provide the ability to administer a storage system remotely
When you During the setup process, you are prompted to designate a workstation on the
designate a network as an administration host. For more information about the setup process,
workstation as an see the Software Setup Guide.
administrative host
When you designate a workstation as an administration host, the storage system’s
root file system (/vol/vol0 by default) is accessible only to the specified
workstation in the following ways:
◆ As a share named C$, if the storage system is licensed for the CIFS protocol
◆ By NFS mounting, if the storage system is licensed for the NFS protocol
If you do not designate a workstation as an administration host, the storage
system’s root file systems are available to all workstations on the network. As a
result, any user can gain access to the storage system’s root file system and
change or remove storage system configuration files in the /etc directory.
You can designate additional administration hosts after setup by modifying the
storage system’s NFS exports and CIFS shares.
Chapter 3: Accessing the Storage System 45
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Administration host The storage system grants root permissions to the administration host after the
privileges setup procedure is completed. The following table describes the administration
host’s privileges.
If the administration host is... You can...
An NFS client ◆ Mount the storage system root
directory and edit configuration
files from the administration
host.
◆ Enter Data ONTAP commands
by using a Remote Shell
connection.
A CIFS client Edit configuration files from any
CIFS client as long as you connect to
the storage system as root or
“Administrator.”
Requirements for If you plan to use an NFS client to manage the storage system, the NFS client
using an NFS client must
◆ Support a text editor that can display and edit text files containing lines
ending with the newline character
◆ Support the telnet and rsh commands
◆ Be able to mount directories by using the NFS protocol
Requirements for If you plan to use a CIFS client to manage the storage system, the CIFS client
using a CIFS client must support the telnet and rsh commands.
Where and how Administration hosts are specified in the /etc/[Link] file in the following
administration format:
hosts are specified hostname [username] or hostname ["user name"]
Examples:
client1 peter
client1 "joe smith"
46 Managing access from administration hosts
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Note
If you access the storage system using rsh from an administration host listed in
the /etc/[Link] file, you have root privileges because this access method
bypasses user authentication mechanisms. In addition, the /etc/auditlog program
displays the user running the commands as root.
Rules for The following rules apply to entries in the /etc/[Link] file:
/etc/[Link] file ◆ If multiple users on the same host require access to the storage system
entries through a Remote Shell, you must specify each user’s entry as in the
following example:
client1 anna
client1 carl
client1 peter
client2 leann
client2 sue
client2 tony
◆ If hostname specifies an NFS client, the user name is optional. If you do not
specify a user name, you must be the root user on that NFS client to execute
a Data ONTAP command through the rsh command.
◆ If hostname specifies a CIFS client, you must enter the user name for that
CIFS client.
The following is an example of the contents of an /etc/[Link] file:
nfsclient1
client2 lena
client2 root
client3 fred
client3 root
Adding To designate additional NFS clients or CIFS clients as administration hosts,
administration complete the following steps.
hosts
Step Action
1 Open the /etc/[Link] configuration file with an editor.
2 Add the host names and user names of the clients that you want
designated as administration hosts.
Chapter 3: Accessing the Storage System 47
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Step Action
3 Save the /etc/[Link] file.
Removing To remove an NFS client or CIFS client from the administration hosts list,
administration complete the following steps.
hosts
Step Action
1 Open the /etc/[Link] configuration file with an editor.
2 Locate and delete the entries for the host names and user names you
want to remove.
3 Save the /etc/[Link] file.
48 Managing access from administration hosts
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Controlling storage system access
About this section Data ONTAP enables you to control how administrators can access the storage
system. By limiting how, and from where, administrations can log on, you can
increase the security of your storage system.
This section contains the following topics:
◆ “Controlling Telnet access using host names” on page 49
◆ “Controlling Telnet access using host names, IP addresses, and network
interface names” on page 50
◆ “Controlling Remote Shell access” on page 50
◆ “Controlling mount privilege” on page 51
◆ “Controlling file ownership change privileges” on page 52
◆ “Controlling anonymous CIFS share lookups” on page 52
◆ “Options that help maintain security” on page 53
Controlling Telnet To limit Telnet access to specific hosts, complete the following steps.
access using host
names Step Action
1 Access the storage system command line through the console or
through a Telnet session.
2 If... Then...
You want to disable Telnet Enter the following command:
access for all hosts options [Link] -
You want to restrict Telnet Enter the following command:
access to up to five hosts options [Link] host1[,
..., host5]
You want to allow Telnet Enter the following command:
access for all hosts options [Link] *
Chapter 3: Accessing the Storage System 49
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Controlling Telnet To limit Telnet access to specific host names, IP addresses, and network interface
access using host names, complete the following steps.
names, IP
addresses, and Step Action
network interface
names 1 Access the storage system command line through the console or
through a Telnet session.
2 Enter the following command:
options [Link] host=[hostname | IP_address |
interface_name]
hostname is the name of the host to which you want to allow Telnet
access.
IP_address is the IP address of the host to which you want to allow
Telnet access.
interface_name is the network interface name of the host to which
you want to allow Telnet access.
Note
If this option is set, the [Link] option is ignored for Telnet.
Note
For more information on controlling Telnet access to a storage system using
multiple host names, IP addresses, and network interfaces, see the
na_protocolaccess(8) man page.
Controlling Remote To allow Remote Shell access to a storage system from a single host, complete
Shell access the following steps.
Step Action
1 Access the storage system command line through the console or
through a Telnet session.
50 Controlling storage system access
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Step Action
2 Enter the following command:
options [Link] host=hostname
hostname is the name of the host to which you want to allow Remote
Shell access.
Note
For information on controlling Remote Shell access to a storage system from
multiple hosts using the host name, IP address or network interface name, see the
na_protocolaccess(8) man page.
Controlling mount To control the NFS mount privilege for the storage system’s volumes, complete
privilege the following steps.
Note
Some PC clients and some older implementations of NFS on UNIX workstations
use nonprivileged ports to send requests. If you have these clients at your site,
disable the mount_rootonly option or upgrade the client software.
Step Action
1 Access the storage system command line through the console or
through a Telnet session.
2 If... Then...
You want to restrict the mount Enter the following command:
privilege to only the root user options nfs.mount_rootonly on
using privileged ports (ports 1
through 1,024)
You want to allow the mount Enter the following command:
privilege for all users on all options nfs.mount_rootonly
ports off
Chapter 3: Accessing the Storage System 51
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Controlling file To control who has privileges to change directory and file ownership, complete
ownership change the following steps.
privileges
Note
The following behaviors apply to ownership changes:
◆ When a user without root privileges changes the owner of a file, the
set-user-id and set-group-id bits are cleared.
◆ If a user without root privileges tries to change the owner of a file but the
change causes the file’s recipient to exceed the quota, the attempt fails.
Step Action
1 Access the storage system command line through the console or
through a Telnet session.
2 If... Then...
You want to restrict the Enter the following command:
privilege of changing options wafl.root_only_chown on
directory and file
ownership to the root user
You want to allow the Enter the following command:
privilege of changing options wafl.root_only_chown off
directory and file
ownership to all users
Controlling To control whether anonymous CIFS users can look up CIFS shares, users, or
anonymous CIFS groups on a storage system, complete the following steps.
share lookups
Step Action
1 Access the storage system command line through the console or
through a Telnet session.
52 Controlling storage system access
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Step Action
2 If... Then...
You want to restrict Enter the following command:
anonymous share options
lookups cifs.restrict_anonymous.enable on
You want to allow Enter the following command:
anonymous share options
lookups cifs.restrict_anonymous.enable off
Options that help The following table describes options that help you to maintain storage system
maintain security security. For information about valid values for the [Link],
[Link], and [Link] options, see the na_protocolaccess man page.
Option Description
[Link] Specifies up to five hosts that are allowed Telnet, RSH and
administrative HTTP (FilerView) access to the storage system for
administrative purposes. The default is set to an asterisk (*), which
allows access to all storage systems. This value is ignored for Telnet
access if the [Link] option is set. It is also ignored for
administrative HTTP access if the [Link] option is set.
[Link] Controls which hosts can access the storage system through a Telnet
session for administrative purposes. You can restrict Remote Shell
access to the storage system by specifying host names, IP addresses, or
network interface names. If this value is set, the [Link] option
is ignored for Telnet.
[Link] Controls which hosts can access the storage system through a Remote
Shell session for administrative purposes. You can restrict Remote Shell
access to the storage system by specifying host names, IP addresses, or
network interface names.
nfs.mount_rootonly Controls whether the storage system’s volumes can be mounted from
NFS clients only by the root user on privileged ports (ports 1 through
1,023) or by all users on all ports. This option is applicable only if the
NFS protocol is licensed.
Chapter 3: Accessing the Storage System 53
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Option Description
wafl.root_only_chown Controls whether all users or only the root user can change directory and
file ownership. This option is applicable only if the NFS protocol is
licensed.
cifs.restrict_anonymous. Controls whether anonymous CIFS users can look up CIFS shares,
enable users, or groups on a storage system. This option is applicable only if the
CIFS protocol is licensed.
Note
For more information about the options in this table, see the na_protocolaccess(8) man page.
54 Controlling storage system access
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Understanding the Root Volume 4
About this chapter This chapter introduces you to the storage system’s root volume, which contains
special directories and configuration files that help you administer your storage
system.
About the root The storage system contains a root volume that was created when the storage
volume system was initially set up at the factory. Unless the installer selected a unique
volume name during setup, the default root volume name, /vol/vol0, is used.
For storage systems that have Data ONTAP 7.0 or later installed at the factory,
the root volume is a FlexVol volume. Systems installed with earlier versions of
Data ONTAP have a traditional root volume.
For more information about traditional and FlexVol volumes, see the Storage
Management Guide.
Topics in this This chapter discusses the following topics:
chapter ◆ “Root volume size and space guarantee requirements” on page 56
◆ “Default directories in the root volume” on page 58
◆ “Contents of the /etc directory” on page 59
◆ “Accessing the default directories on the storage system” on page 61
◆ “Editing configuration files” on page 63
◆ “Changing the root volume” on page 65
Chapter 4: Understanding the Root Volume 55
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Root volume size and space guarantee requirements
About the size In contrast with traditional volumes, it is possible to create a FlexVol volume that
requirement for root is too small to be used as the root volume. The root volume must have enough
FlexVol volumes space to contain system files, log files, and core files. If a system problem occurs,
these files are needed to provide technical support.
Data ONTAP prevents you from setting the root option on a FlexVol volume that
is smaller than the minimum root volume size for your storage system model, and
prevents you from resizing the root volume below the minimum allowed size.
Minimum size for The minimum size for a root FlexVol volume depends on your storage system
root FlexVol model. The following table lists the minimum allowed size for root volumes.
volumes
Storage system model Minimum root FlexVol volume size
FAS250 9 GB
FAS270 10 GB
FAS920 12 GB
FAS940 14 GB
FAS960 19 GB
FAS980 23 GB
FAS3020 12 GB
FAS3050 16 GB
FAS6030 37 GB
FAS6070 69 GB
R100-12TB 13 GB
R100-24TB 19 GB
R100-48TB 30 GB
R100-96TB 53 GB
56 Root volume size and space guarantee requirements
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Storage system model Minimum root FlexVol volume size
R150 19 GB
R200 19 GB
Root FlexVol A root FlexVol volume must have a space guarantee of volume. Data ONTAP
volumes and space prevents you from setting the root option on a FlexVol volume that does not have
guarantees a space guarantee of volume, and prevents you from changing the space
guarantee for the root volume.
Chapter 4: Understanding the Root Volume 57
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Default directories in the root volume
What the default The root volume contains the following directories that were created when the
directories are storage system was set up:
◆ The /etc directory, which contains configuration files that the storage system
needs in order to operate
◆ The /home directory, which is a default location you can use to store data
Permissions for the The following table shows the permissions that are assigned to the default
default directories directories when setup finishes.
From
This this
directory... client... Has these permissions
The /etc NFS ◆ Full permissions for the root user on the
directory administration host (-rwx)
◆ No permissions for any other user or host
CIFS ◆ Read and write permissions to all files for
the administrative user when logged in to
the storage system by use of the root
password
(Full Control)
◆ No permissions for other users
The /home NFS Permissions associated with individual users
directory and with groups through a UNIX security
database
CIFS Permissions for the HOME$ share are Full
Control for Everyone
58 Default directories in the root volume
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Contents of the /etc directory
The /etc directory The root directory contains an /etc directory, which stores storage system
contents configuration files, executables required to boot the system, and some log files.
Attention
Do not delete any directories from the /etc directory unless instructed to do so by
technical support personnel.
About the Some of the configuration files in the /etc directory can be edited to affect the
configuration files behavior of the storage system. If a configuration file can be edited by the system
administrator, it is described in Section 5 of the man pages for your storage
system. To edit a configuration file, use an editor on your administration host.
For more information about the /etc/rc file, see “Configuring storage system
startup” on page 148. For more information about the quotas file, see the chapter
on quotas in the Storage Administration Guide. For more information about other
editable configuration files, see the man pages.
About By default, all system messages of level INFO and higher are sent to the console
/etc/messages and to the /etc/messages file. This way, you can see a record of events on your
storage system, as well as use scripts to parse for particular events if needed.
The /etc/messages file is rotated once a week, and six weeks of messages are
retained.
You can use the logger command to create and send a system message explicitly.
For more information about the logger command, see the na_logger(1) man
page.
If you would like to change the level of messages that are sent to /etc/messages,
you can edit /etc/[Link]. For more information about message levels and the
/etc/[Link] file, see the na_syslog.conf(5) man file.
Character coding of The /etc/[Link] and /etc/quotas files support two types of encoding:
/etc/[Link] Unicode and root volume UNIX encoding. As a result, you can edit the files from
and /etc/quotas either a PC or a UNIX workstation. Data ONTAP can detect whether a file was
Chapter 4: Understanding the Root Volume 59
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
edited and saved by a Unicode-capable editor, such as Notepad. If so, Data
ONTAP considers all entries in the file to be in Unicode. Otherwise, Data
ONTAP considers the entries to be in the root volume UNIX encoding. Standard
Generalized Markup Language (SGML) entities are allowed only in the root
volume UNIX encoding.
60 Contents of the /etc directory
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Accessing the default directories on the storage system
Accessing the /etc To access the /etc directory from an NFS client, complete the following steps.
directory from an
NFS client Step Action
1 Mount the following path:
filer:/vol/vol0
filer is the name of your storage system.
Result: You have access to the storage system root directory.
2 Change directories to the /etc directory, using the following
command:
cd etc
Accessing the /etc To access the root directory from a CIFS client, complete the following steps.
directory from a
CIFS client Step Action
1 Map a drive to the following path:
\\filer\C$
filer is the name of your storage system.
Result: You have access to the storage system root directory.
2 Double-click the /etc folder.
Chapter 4: Understanding the Root Volume 61
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Accessing the To access the home directory from an NFS client, complete the following step.
home directory
from an NFS client Step Action
1 Mount the following path:
filer:/vol/vol0/home
filer is the name of your storage system.
Accessing the To access the home directory from a CIFS client, complete the following step.
home directory
from a CIFS client Step Action
1 Map a drive to the following path:
\\filer\HOME
filer is the name of your storage system.
Note
You can also browse the Network Neighborhood to locate the storage
system and the HOME directory.
Accessing log files To access your log files using HTTP, complete the following step.
using HTTP
Step Action
1 Point your browser to the following location:
[Link]
system_name is the name of your storage system.
62 Accessing the default directories on the storage system
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Editing configuration files
Configuration files Data ONTAP does not include an editor. You cannot edit files by using the
must be edited from system console or by establishing a Telnet session to the storage system. You
clients must use an editor from an NFS client or a CIFS client to edit storage system
configuration files.
Enabling an NFS For an NFS client to edit configuration files, the client must be authorized to
client to edit access the root file system.
configuration files
If the NFS client was specified as the administration host during setup or added
as an administration host after setup was completed, it is already authorized to
access the root file system.
If the NFS client is not specified as an administration host, complete the
following steps to authorize access to the root file system.
Step Action
1 Mount the storage system root volume on the administration host.
2 From the administration host, edit the /etc/exports file on the root
volume to grant root permission to the client.
3 Use the storage system console, a Telnet client, or the rsh command
to issue the following command to the storage system:
exportfs
4 Mount the storage system root volume on the client.
5 From the client, use a text editor to edit the files in the /etc directory.
Editing After setup finishes, the default /etc/passwd and /etc/group files on the root
configuration files volume are set up to enable you to share files on the storage system as
from a CIFS client Administrator. The storage system root directory is shared automatically as C$.
The Administrator account has read, write, and execute rights to the share.
Chapter 4: Understanding the Root Volume 63
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Note
The C$ share is a “hidden” share; you can get to it only by specifying the path
manually (for example, as \\filer\C$), rather than accessing it through the
Network Neighborhood icon.
To edit configuration files from a CIFS client, complete the following steps.
Step Action
1 Connect from a CIFS client to the storage system as Administrator.
2 Display the contents of the storage system’s C$ share, and select a
file to edit.
Configuration files Data ONTAP requires that the following configuration files be terminated with a
that require a carriage return:
carriage return after ◆ /etc/passwd
the last entry
◆ /etc/group
◆ /etc/netgroup
◆ /etc/shadow
When you edit these files, be sure to insert a carriage return after the last entry.
Configuration files When you configure Data ONTAP, it creates some files that you should not edit.
that should not be The following configuration files should not be edited.
edited ◆ [Link]
◆ [Link]
◆ [Link]
◆ [Link]
◆ sysconfigtab
◆ registry.*
64 Editing configuration files
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Changing the root volume
About changing the You might want to change the storage system’s root volume, perhaps to migrate
root volume your root volume from a traditional volume to a FlexVol volume. Every storage
system must have a root volume; therefore, you must always have one volume
designated as the root volume.
Changing the root You can change which volume on your storage system is used as the root volume.
volume of a storage
system Note
To change your root volume from a traditional volume to a FlexVol volume or
from a FlexVol volume to a traditional volume, use the procedure outlined in the
chapter about volumes in the Storage Management Guide.
To change the root volume of a storage system, complete the following steps.
Step Action
1 Identify an existing volume to use as the new root volume, or create
the new root volume using the vol create command.
For more information about creating volumes, see the Storage
Management Guide.
Note
The required minimum size for the root volume varies depending on
the storage system model. If the volume is too small to become the
new root volume, you are prevented from setting the root option.
For more information, see “Root volume size and space guarantee
requirements” on page 56.
2 Using ndmpcopy, copy the /etc directory and all of its subdirectories
from the current root volume to the new root volume. For more
information about ndmpcopy, see the Data Protection Tape Backup
and Recovery Guide.
Chapter 4: Understanding the Root Volume 65
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Step Action
3 Enter the following command:
vol options vol_name root
vol_name is the name of the new root volume.
Note
After a volume is designated to become the root volume, it cannot be
brought offline or restricted.
4 Enter the following command to reboot the storage system:
reboot
Result: When the storage system finishes rebooting, the root
volume is changed to the specified volume.
5 Update the [Link] option to point to the new root volume.
About the root Besides the volume root option that you use to determine which volume will be
option for the root volume after the next storage system reboot, there is also an aggregate
aggregates root option. The aggregate root option is used only when, for some reason, the
storage system cannot determine which volume to use as the root volume.
Note
You are advised not to change the value of the root option for any aggregate
unless instructed to do so by technical support.
66 Changing the root volume
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Starting and Stopping the Storage System 5
About this chapter This chapter describes how to boot a storage system from the PC CompactFlash
card and from remote images on supported systems.
Topics in this This chapter discusses the following topics:
chapter ◆ “Booting the storage system” on page 68
◆ “Using storage systems as netboot servers” on page 84
◆ “Rebooting the storage system” on page 87
◆ “Halting the storage system” on page 89
Chapter 5: Starting and Stopping the Storage System 67
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Booting the storage system
Where the storage Storage systems boot from a PC CompactFlash Card or from disk. Your system
system boots from has a PC CompactFlash card, shipped with the current Data ONTAP release and a
diagnostic kernel in a single File Allocation Table (FAT) partition. The
CompactFlash card contains sufficient space for an upgrade kernel.
Note
Single partitions were introduced in Data ONTAP 6.5. Prior to that,
CompactFlash cards had four partitions. If you are upgrading your storage
system from a version of Data ONTAP earlier than 7.0, your storage system will
repartition the CompactFlash card. This allows the existing 32-MB
CompactFlash to accommodate the size of the new kernel. Support for single
partitions also includes support for larger 256-MB cards. For information about
how to upgrade the CompactFlash card in your storage system, see the Upgrade
Guide.
Booting the storage You can boot the storage system if it is on and displaying one of the following
system from the prompts:
system or firmware ◆ The system prompt (toaster>); if so, see “Rebooting the storage system” on
prompt page 87.”
◆ The boot environment prompt (ok>, CFE>, or LOADER>, depending on your
system)
To boot the storage system, complete the following step.
Step Action
1 Enter the following command:
boot
Platform-specific The following sections describe how to boot specific storage systems. For
booting information information about how your storage system boots, see the hardware and service
guide for your storage system.
◆ “Booting the FAS200, FAS3000, and FAS6000 series storage systems” on
page 70
68 Booting the storage system
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
◆ “Booting the FAS900 series storage systems” on page 81
Chapter 5: Starting and Stopping the Storage System 69
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Booting the storage system
Booting the FAS200, FAS3000, and FAS6000 series storage
systems
Boot options The FAS200 series, FAS3000 series, and FAS6000 storage systems automatically
boot Data ONTAP from a PC CompactFlash card. They do not boot from a set of
diskettes or from disk. The CompactFlash card ships with the most current Data
ONTAP release and a diagnostic kernel in a single FAT partition. The
CompactFlash card contains sufficient space for an upgrade kernel.
Note
FAS200 and FAS3000 series systems can be upgraded to the most recent Data
ONTAP release. When you install new software, the download command copies
a boot kernel to the CompactFlash card—not to a boot block on disk, as in some
prior system models. For more information, see the Data ONTAP Upgrade
Guide.
You can also enter one of the following boot options at the boot environment
prompt (CFE> for FAS200 and FAS3000 series systems and LOADER> for
FAS6000 systems):
◆ boot_ontap
Boots the current Data ONTAP software release stored on the CompactFlash
card. By default, the storage system automatically boots this release if you
do not select another option from the basic menu.
◆ boot_primary
Boots the Data ONTAP release stored on the CompactFlash card as the
primary kernel. This option overrides the firmware AUTOBOOT_FROM
environment variable if it is set to a value other than PRIMARY. By default,
the boot_ontap and boot_primary commands load the same kernel.
◆ boot_backup
Boots the backup Data ONTAP release from the CompactFlash card. The
backup release is created during the first software upgrade to preserve the
kernel that shipped with the storage system. It provides a “known good”
release from which you can boot the storage system if it fails to
automatically boot the primary image.
◆ netboot
Boots from a Data ONTAP version stored on a remote HTTP or TFTP
(Trivial File Transfer Protocol) server. Netboot enables you to
70 Booting the storage system
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
❖ Boot an alternative kernel if the CompactFlash card becomes damaged
❖ Upgrade the boot kernel for several devices from a single server
To enable netboot, you must configure networking for the storage system
(using DHCP or static IP address) and place the boot image on a configured
server.
Note
To protect against data loss in the event of PC CompactFlash card
corruption, enable netboot immediately for your storage system by placing a
boot image on a local server. For more information, see “Preparing a storage
system for netboot startup” on page 78.
◆ boot_diags
Boots a Data ONTAP diagnostic kernel. For more information, see the
Diagnostics Guide.
Note
Other boot options should be used only under the direction of technical staff.
Booting Data You can boot the current release of Data ONTAP or the backup release at the boot
ONTAP at the boot environment prompt, by completing the following steps.
environment
prompt Step Action
1 At the storage system console, enter the following command:
halt
Result: The storage system console displays the boot environment
prompt.
Note
Even though the prompt is different on a FAS6000 system, the
commands are identical to the CFE commands.
2 Enter one of the following commands:
◆ boot_ontap—Boots the current release of Data ONTAP.
◆ boot_primary—Boots the Data ONTAP primary kernel.
◆ boot_secondary—Boots the Data ONTAP backup kernel.
Chapter 5: Starting and Stopping the Storage System 71
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Note
For more information about commands available from the boot prompt, enter
help at the firmware prompt for a list of commands or help command for
command details.
Booting the The FAS3000 series and FAS6000 storage systems are configured to boot from
FAS3000 series and 256-MB PC CompactFlash cards. If you have an RLM installed, you can boot or
FAS6000 storage reboot the storage system remotely.
systems
If you reboot your storage system, it will reboot by default in normal mode. You
can also invoke a boot menu that allows you to reboot in alternative modes for the
following reasons:
◆ To correct configuration problems
◆ To recover from a lost password
◆ To correct certain disk configuration problems
To boot or reboot an FAS3000 series storage system, complete the following
steps.
Step Action
If... Without RLM, then... With RLM, then...
1 Your storage system is turned From the storage system Open two RLM sessions.
on console, enter the following From one session, enter the
command: following commands:
reboot system console
reboot
Result: The storage system
begins the boot process. Result: The storage system
begins the boot process.
Your storage system is turned Turn on your storage system. From the RLM session that is
off still running, enter the
Result: The storage system following command:
begins the boot process.
system power on
Result: The storage system
begins the boot process.
72 Booting the storage system
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Step Action
If... Without RLM, then... With RLM, then...
2 You want the storage system Allow the storage system to reboot uninterrupted until the
to boot automatically in following prompt appears:
normal mode root logged in from console
You are done.
3 You want to select from a When prompted to do so, press Ctrl-C to display the boot
menu of alternative boot menu.
modes
Result: The storage system displays the following boot menu:
1) Normal Boot
2) Boot without /etc/rc
3) Change Password
4) Initialize all disks
4a) Same as option 4, but create a flexible root
volume.
5) Maintenance mode boot
Selection (1-5)?
4 Choose one of the boot types shown in the following table by entering the corresponding
number.
Task Boot type
Boot the storage system Normal boot (1)
normally.
Chapter 5: Starting and Stopping the Storage System 73
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Step Action
If... Without RLM, then... With RLM, then...
Troubleshoot and repair Boot without /etc/rc (2)
configuration problems.
Note
Booting without /etc/rc
causes the storage system to
use only default options
settings; disregard all options
settings you put in /etc/rc; and
disable some services, such as
syslog.
.
Change the password of the Change password (3)
storage system
Initialize all the disks and Initialize all disks (4)
create a traditional root
volume
Initialize all the disks and Same as option 4, but create a flexible root volume. (4a)
create a flexible root volume
74 Booting the storage system
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Step Action
If... Without RLM, then... With RLM, then...
Perform some aggregate and Maintenance mode boot (5)
disk operations and get
detailed aggregate and disk
information.
Maintenance mode is special
for the following reasons:
◆ Most normal functions,
including file system
operations, are disabled.
◆ A limited set of
commands is available
for diagnosing and
repairing disk and
aggregate/volume
problems.
◆ You exit Maintenance
mode with the halt
command. To reboot the
storage system, enter
boot after the firmware
ok prompt.
Booting Data For FAS3000 series systems with an RLM installed and FAS6000 storage
ONTAP remotely systems, you can boot Data ONTAP remotely. For more information about the
RLM, see Chapter 10, “Managing Remotely with the RLM,” on page 199.
Chapter 5: Starting and Stopping the Storage System 75
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
To boot Data ONTAP, complete the following steps.
Step Action
1 Log in to the RLM by entering the following command at any UNIX
or Windows host connected to the storage system (assuming the
appropriate secure shell protocol application is installed). For
example:
UNIX_host> ssh username@RLM_IP_address
or
Windows host: Open a Windows session with PuTTY with the ssh
setting selected, and the username and the RLM IP address in the
appropriate fields.
Result: The RLM prompt appears.
Example: RLM toaster>
2 At the RLM prompt, enter the following command:
RLM toaster> system console
Result: The storage system prompt appears.
Example: toaster>
3 At the storage system prompt, enter the following command:
toaster> halt
Result: The storage system console displays the boot environment
prompt.
4 Enter one of the following commands:
◆ boot_ontap—Boots the current release of Data ONTAP.
◆ boot_primary—Boots the Data ONTAP primary kernel.
◆ boot_secondary—Boots the Data ONTAP backup kernel.
76 Booting the storage system
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Recovering from a To recover from a corrupted CompactFlash image for a FAS3000 series storage
corrupted system with RLM installed, complete the following steps.
CompactFlash
image Step Action
1 Log in to the RLM by entering the following command at the
administration host.
admin_host> ssh username@RLM_IP_address
Result: The RLM prompt appears.
Example: RLM toaster>
2 Enter the following command:
RLM toaster> system reboot backup
Result: The following prompt is displayed:
This will cause a dirty shutdown of your appliance.
Continue? [y/n]
3 Enter y to continue.
Result: The storage system shuts down abruptly. If the NVRAM
contains data, the RED internal LED (seen through the face plate of
the system) blinks. When the system is rebooted, the NVRAM
automatically and transparently replays the data transactions.
Checking available By default, an FAS200 series storage system boots the current Data ONTAP
Data ONTAP release from the primary kernel. You might need to check the current booted
versions kernel and other kernels available on the CompactFlash card if the storage system
was started via netboot from an unfamiliar system, if an upgrade was
unsuccessful, or if you need to run kernel diagnostics.
To determine... At the storage system console, enter...
The current booted Data version
ONTAP version
Result: The console displays the version
number of Data ONTAP that is currently
running.
Chapter 5: Starting and Stopping the Storage System 77
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
To determine... At the storage system console, enter...
Data ONTAP versions available version -b
on the CompactFlash card
Result: The console displays the contents
of the CompactFlash FAT file system,
including name and version information
for the primary, secondary (if present), and
diagnostic kernels, and the firmware.
For more information, see the na_version(1) manual page.
Preparing a storage To use the netboot option to start your storage system, you must have
system for netboot ◆ An HTTP or TFTP server available on your network.
startup
◆ A boot image on a server. The boot image can be copied from the system
boot directory, /etc/boot/netapp-mips, or downloaded from the NetApp on
the Web (NOW) site at [Link]
Note
You can also store the boot image on another storage system.
◆ Networking configured in the FAS200 series or FAS3000 firmware
environment. You can use a Dynamic Host Configuration Protocol (DHCP)
server to obtain an IP address, or you can configure the network connection
manually.
Note
Network interfaces configured in the firmware environment are not
persistent across system halts and reboots. You must configure the network
interface each time you use the netboot option.
Two network interfaces, e0a and e0b, are available in the firmware
environment. Only one can be configured at a time.
‘
78 Booting the storage system
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Starting storage To boot Data ONTAP from a remote image for FAS200 or FAS3000 series
system through the systems, complete the following steps.
netboot option
Step Action
1 At the storage system console, enter the following command:
halt
2 If you are... Then...
Configuring DHCP Enter the following command at the boot
environment prompt:
ifconfig e0a -auto
Configuring Enter the following command at the boot
manual connections environment prompt:
ifconfig e0a -addr=filer_addr
-mask=netmask -gw=gateway -dns=dns_addr
-domain=dns_domain
filer_addr is the IP address of the storage
system.
netmask is the network mask of the storage
system.
gateway is the gateway for the storage system.
dns_addr is the IP address of a name server on
your network.
dns_domain is the Domain Name Service
(DNS) domain name. If you use this optional
parameter, you do not need a fully qualified
domain name in the netboot server URL; you
need only the server’s host name).
Note
Other parameters might be necessary for your
interface. Enter help ifconfig at the firmware
prompt for details.
Chapter 5: Starting and Stopping the Storage System 79
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Step Action
3 At the boot environment prompt, enter the following command:
netboot URL
URL is the location of the remote boot image. It can be either an HTTP
or a TFTP network path.
Examples:
netboot [Link]
netboot t[Link]
Note
The location and availability of boot images depend on the correct
configuration of your netboot server.
80 Booting the storage system
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Booting the storage system
Booting the FAS900 series storage systems
Booting FAS900 FAS900 series storage systems are configured to boot from 32-MB or 256-MB
storage systems PC CompactFlash cards. If you have upgraded your FAS900 storage systems to
with CompactFlash Data ONTAP 6.5 or higher, either your 32-MB CompactFlash boot cards have
cards been repartitioned as described in the Data ONTAP Upgrade Guide, or you have
upgraded to 256-MB CompactFlash boot cards.
If you reboot your storage system, it will reboot by default in normal mode. You
can also invoke a boot menu that allows you to reboot in alternative modes for the
following reasons:
◆ To correct configuration problems
◆ To recover from a lost password
◆ To correct certain disk configuration problems
To boot or reboot an upgraded FAS900 series storage system, complete the
following steps.
Step Action
1 If.... Then...
Your storage system is turned on From the storage system console, enter the
following command:
reboot
Result: The storage system begins the boot
process.
Your storage system is turned off Turn on your storage system.
Result: The storage system begins the boot
process.
Chapter 5: Starting and Stopping the Storage System 81
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Step Action
2 If.... Then...
You want the storage system to boot Allow the storage system to reboot
automatically in normal mode uninterrupted until the following prompt
appears:
root logged in from console
You are done.
You want to select from a menu of alternative When prompted to do so, press Ctrl-C to
boot modes display the boot menu.
Result: The storage system displays the
following boot menu:
1) Normal Boot
2) Boot without /etc/rc
3) Change Password
4) Initialize all disks
4a) Same as option 4, but create a
flexible root volume.
5) Maintenance mode boot
Selection (1-5)?
82 Booting the storage system
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Step Action
3 Choose one of the boot types shown in the following table by entering the corresponding
number.
Task Boot type
Boot the storage system normally. Normal boot (1)
Troubleshoot and repair configuration Boot without /etc/rc (2)
problems.
Note
Booting without /etc/rc causes the storage
system to use only default options settings;
disregard all options settings you put in /etc/rc;
and disable some services, such as syslog.
.
Change the password of the storage system Change password (3)
Initialize all the disks and create a traditional Initialize all disks (4)
root volume
Initialize all the disks and create a flexible root Same as option 4, but create a flexible root
volume volume. (4a)
Perform some aggregate and disk operations Maintenance mode boot (5)
and get detailed aggregate and disk
information.
Maintenance mode is special for the following
reasons:
◆ Most normal functions, including file
system operations, are disabled.
◆ A limited set of commands is available for
diagnosing and repairing disk and
aggregate/volume problems.
◆ You exit Maintenance mode with the halt
command. To reboot the storage system,
enter boot after the firmware ok prompt.
Chapter 5: Starting and Stopping the Storage System 83
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Using storage systems as netboot servers
Netboot server You can configure a storage system to serve boot images to other NetApp devices
requirements that support netboot. To do so, you must configure
◆ HTTP services, TFTP services, or both on the storage system.
◆ The rest of your netboot-using environment to access the storage system as
the netboot source. For example, you might configure BOOTP, DHCP,
bootparamd, and/or rarpd, depending on the specific procedure you are
using.
Serving boot images from the system /etc/http directory: You can also
serve netboot images from your storage system by placing them in the /etc/http
directory. The contents of this directory are served by default to enable the
FilerView graphical management interface. For example, if you create an
/etc/http/boot directory and place a boot image called custom-mips in that
directory, the boot image will be available for netboot startup at the following
URL:
[Link]
Configuring HTTP To configure a storage system as an HTTP netboot server, complete the following
services steps.
Step Action
1 Place boot programs in the storage system’s /etc/http directory.
2 At the command line of the source system, enter the following
command:
options [Link] on
84 Using storage systems as netboot servers
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Configuring TFTP To configure a storage system as a TFTP netboot server, complete the following
services steps.
Step Action
1 Place boot programs in the system /etc/tftpboot directory.
Note
Boot programs are not required to be in the /etc/tftpboot directory,
but they must be in the directory that is set to be [Link].
2 On the command line of the source system, enter the following
command:
options [Link] on
Specifying the TFTP Any path name specified on the TFTP command line is considered to be relative
root directory to the TFTP root directory. TFTP access using absolute path names succeeds
only if the specified files are located in the file system under this directory. The
default value of the [Link] option is /etc/tftpboot.
To specify a TFTP root directory other than /etc/tftpboot, complete the following
step.
Step Action
1 On the command line of the source system, enter the following
command:
options [Link] pathname
Note
A valid value for pathname is a fully qualified path name to a valid,
existing directory on any volume on the storage system.
Chapter 5: Starting and Stopping the Storage System 85
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Enabling console To enable console logging of files accessed with TFTP, complete the following
logging of TFTP step.
accessed files
Step Action
1 On the command line of the source system, enter the following
command:
options [Link] on
86 Using storage systems as netboot servers
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Rebooting the storage system
About rebooting Rebooting the storage system is equivalent to halting and booting the storage
system. During a reboot, the contents of the storage system’s NVRAM are
flushed to disk, and the storage system sends a warning message to CIFS clients.
Rebooting the You can reboot the storage system if the system console is displaying the
storage system command prompt. To reboot the storage system, complete the following steps.
from the system
console Step Action
1 Send an advance warning to CIFS users to alert them to save their
files and close any applications.
Attention
Never interrupt CIFS service by halting the storage system without
giving advance warning to CIFS users. Halting the CIFS service
without giving CIFS users enough time to save their changes can
cause data loss.
2 At the storage system prompt, enter the following command:
toaster> reboot [-t minutes]
-t minutes is the amount of time that elapses before the reboot
occurs.
Rebooting the You can reboot a FAS3000 or FAS6000 series storage system remotely if you are
storage system able to log in to the RLM installed in the storage system. To reboot the storage
remotely system remotely from the RLM, complete the following steps.
Step Action
1 From the administration host, log in to the RLM. For more
information, see “Logging in to the RLM” on page 211.
Chapter 5: Starting and Stopping the Storage System 87
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Step Action
2 From the RLM prompt, enter the following command.
RLM toaster> system console
3 From the storage system console prompt, enter the following
command:
toaster> reboot
88 Rebooting the storage system
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Halting the storage system
Command to use Use the halt command to perform an orderly shutdown that flushes file system
updates to disk and clears the NVRAM.
Reasons to use the The storage system stores requests it receives in nonvolatile random-access
halt command memory (NVRAM). For the following reasons, you should always execute the
halt command before turning the storage system off:
◆ The halt command flushes all data from memory to disk, eliminating a
potential point of failure.
◆ The halt command avoids potential data loss on CIFS clients.
If a CIFS client is disconnected from the storage system, the users’
applications are terminated and changes made to open files since the last
save are lost.
Attention
Never interrupt CIFS service by halting the storage system without giving
advance warning to CIFS users. Halting the CIFS service without giving
CIFS users enough time to save their changes can cause data loss.
Note
Clients using Windows 95 or Windows for Workgroups can display the CIFS
shutdown messages only when the clients’ WinPopup program is configured
to receive messages. The ability to display messages from the storage system
is built into Windows NT and Windows XP.
Chapter 5: Starting and Stopping the Storage System 89
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Halting the storage To halt the storage system, complete the following step.
system
Step Action
1 Enter the following command:
halt [-d] [-t interval] [-f]
-d causes the storage system to perform a core dump before
halting.
-t interval causes the storage system to halt after the number of
minutes specified by interval.
-f prevents one partner in a clustered storage system pair from
taking over the other after the storage system halts.
Result: The storage system displays the following prompt:
ok
When you see this prompt, you can turn the power off.
90 Halting the storage system
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Managing Administrator Access 6
About this chapter This chapter describes how to control administrator access to your storage system
to provide increased security and auditing capability.
Topics in this This chapter discusses the following topics:
chapter ◆ “Using administrator accounts to control administrative access” on page 92
◆ “Managing passwords” on page 119
Chapter 6: Managing Administrator Access 91
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Using administrator accounts to control administrative access
About this section This section contains the following topics:
◆ “About managing administrator access” on page 93
◆ “Managing users” on page 96
◆ “Managing groups” on page 101
◆ “Managing roles” on page 105
◆ “Listing and deleting users, groups and roles” on page 111
◆ “Administrative user creation examples” on page 117
92 Using administrator accounts to control administrative access
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Using administrator accounts to control administrative access
About managing administrator access
Reasons for You can use the default system administration account, or root, for managing a
creating storage system. You can also create additional administrator user accounts, using
administrator the useradmin command. You might want to create administrator accounts for
accounts the following reasons:
◆ You can specify administrators and groups of administrators to have
differing degrees of administrative access to your storage systems.
◆ You can limit an administrator’s access to specific storage systems by giving
him or her an administrative account on only those systems.
◆ Having different administrative users allows you to display information
about who is performing what commands on the storage system.
The auditlog file keeps a record of all administrator operations performed on
the storage system and the administrator who performed it, as well as any
operations that failed due to insufficient capabilities.
◆ You assign each administrator to one or more groups whose assigned roles
(sets of capabilities) determine what operations that administrator is
authorized to carry out on the storage system.
◆ If a storage system running CIFS is a member of a domain or a Windows
workgroup, domainuser accounts authenticated on the Windows domain can
access the storage system using any available method.
For more information about authenticating users using Windows domains,
see the section on user accounts in the CIFS chapter of the File Access and
Protocols Management Guide.
What users, groups, You can grant different levels of administrative access to users of a storage
roles, and system. Terms used in this section include the following:
capabilities are
user: An account that is authenticated on the storage system. Users can be
placed into storage system groups to grant them capabilities on the storage
system.
domainuser: A nonlocal user who belongs to a Windows domain and is
authenticated by the domain. This type of user can be put into storage system
groups, thereby being granted capabilities on the storage system. This only works
if CIFS has been set up on the storage system.
Chapter 6: Managing Administrator Access 93
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
group: A collection of users and domainusers that can be granted one or more
roles. Groups can be predefined, created, or modified. When CIFS is enabled,
groups act as Windows groups.
role: A set of capabilities that can be assigned to a group. Roles can be
predefined, created, or modified.
capability: The privilege granted to a role to execute commands or take other
specified actions. Types of capabilities include:
◆ Login rights
◆ Data ONTAP CLI (command-line interface) rights
◆ Data ONTAP API (application programming interface) rights
◆ Security rights
How users are You cannot assign administrative roles or capabilities directly to administrative
assigned users or domainusers. Instead, you assign users to groups whose assigned roles
capabilities match the capabilities that you want those users to be able to exercise.
◆ You can assign a set of capabilities to a role, then assign that role to a group.
You then add an administrative user to the group that has the administrative
role and capabilities that you want that user to have.
◆ You can also assign users and domainusers to some predefined groups whose
default roles match the roles that you want the users in question to exercise.
Naming When you name your users, groups and roles, you must meet these naming
requirements for requirements:
users, groups and ◆ Names are case insensitive.
roles
◆ Names can contain any alphanumeric character, a space, or a symbol that is
not one of the following characters:
" * + , / \: ; < = > ? |[ ]
Note
If the name contains spaces or special characters, enclose the name in double
quotes ("") when you use it in a command.
◆ You cannot give a user and a group the same name.
94 Using administrator accounts to control administrative access
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Windows special Windows has some special groups it uses for security and administration
groups purposes. Do not create administrative groups on your storage system with the
same name as a Windows special group. The special Windows group names
include the following names:
◆ System
◆ Everyone
◆ Interactive
◆ Network
◆ Creator/Owner
◆ Creator Group
◆ Anonymous Logon
◆ Authenticated Users
◆ Batch
◆ Dialup
◆ Service
◆ Terminal User
Changing If you are an administrator assigned to a group with capabilities that are equal to
capabilities of other or greater than another group, you can make the following changes to that other
groups and roles group:
◆ Change the capabilities of the other group
◆ Change the capabilities of the roles within the other group
◆ Change the membership of the other group
Chapter 6: Managing Administrator Access 95
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Using administrator accounts to control administrative access
Managing users
Creating users and You can use the useradmin user add or useradmin user modify commands to
assigning them to create or modify a user and assign that user to one or more predefined or
groups customized groups. This gives that user the roles and capabilities associated with
those groups.
Note
When you use the useradmin user modify command to modify the groups an
existing user is assigned to, whatever groups the user was previously assigned to
are replaced with the group or groups you supply in the command.
User names are case insensitive. This means that you cannot create a user named
“fred” if you already have a user named “Fred.”
You can have a maximum of 96 administrative users on a storage system.
96 Using administrator accounts to control administrative access
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
To create a new user or assign an existing user to a custom group or predefined
group, complete the following steps.
Step Action
1 Use useradmin user add to create a new user. Or, use useradmin
user modify to modify the attributes of an existing user.
useradmin user {add|modify} user_name [-c comments]
[-n full_name] [-p password] -g group1[,group2,group3,..]
[-m password_min_age] [-M password_max_age]
user_name is the user whose name you want to assign to a
customized or predefined group.
The user name is case insensitive and can be up to 32 characters long.
For more information about naming requirements, see “Naming
requirements for users, groups and roles” on page 94.
comments specifies a maximum 128-character comment which can
be viewed through the useradmin list command. Comments
cannot contain a colon character (:).
full_name specifies the full name for the user.
password is the password required of the specified administrative
user (used only for rsh access). If the
[Link] option is set to On, the password
must conform to the rules specified by the
[Link].* options.
group is a predefined or customized group with roles assigned
through the useradmin group command.
password_min_age specifies the minimum number of days that users
must have a password before they can change it. The default value is
0. If you specify a value larger than 4,294,967,295, the value is set to
4,294,967,295.
password_max_age specifies the maximum number of days users can
have a password before they are required to change it. The default
value is 4,294,967,295. If you specify a value larger than
4,294,967,295, the value is set to 4,294,967,295.
Chapter 6: Managing Administrator Access 97
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Step Action
2 To verify the success of your operation, enter the following
command.
useradmin user list user_name
The specified user is listed along with the groups, roles, and
capabilities that the user has inherited.
Example: The following command uses the predefined Administrators group
and role definitions to create the user mollymulberry and grant her rights to
invoke every type of administrative capability (login, CLI, API, and security).
useradmin user add molly -n "Molly Mulberry" -c “Filer
administrator in Corp IT” -g Administrators
Granting access to You can specify nonlocal administrative users to have administrative access to the
Windows domain storage system after authentication by a Windows Domain Controller, rather than
users by the storage system itself.
Note
By default, the domain administrator account has full access to the system. To
access this account, log in as domain\administrator, using the appropriate
password.
98 Using administrator accounts to control administrative access
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
To grant a Windows domain user administrative access to an storage system,
complete the following steps.
Step Action
1 Use the useradmin domainuser add to assign a Windows domain
user to a custom or predefinedgroup.
useradmin domainuser add win_user_name -g
{custom_group|Administrators|"Backup
Operators"|Guests|"Power Users"|Users}[,...]
win_user_name is the Windows domain user whose name or Security
ID (SID) you want to assign to a customized or predefined group.
This value can be in one of the following formats:
◆ name
Note
If you do not specify the domain name, the domain is the storage
system, and the user is considered distinct from any user in the
Windows domain with the same user name.
◆ domain\name
◆ textual_sid_S-x-y-z
For more information about these formats, see the na_cifs_lookup(1)
man page.
custom_group is a customized group with roles assigned through the
useradmin group command. For more information about creating
customized groups, see “Predefined groups” on page 101.
Administrators | "Backup Operators" | Guests | "Power
Users" | Users are groups predefined by Data ONTAP with default
roles and capabilities. For a description of the predefined groups see
“Using administrator accounts to control administrative access” on
page 96.
Example: The following command adds the user userjoe in the
MyDomain domain to the Power Users group and effectively grants
MyDomain\userjoe all administrator capabilities that are granted to
the Power Users group through the roles that have been assigned to it.
useradmin domainuser add MyDomain\userjoe -g "Power
Users"
Chapter 6: Managing Administrator Access 99
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Step Action
2 To verify the success of your operation, enter the following
command.
useradmin domainuser list -g
{custom_group|Administrators|"Backup
Operators"|Guests|"Power Users"|Users}
The SID of the user in question is among those listed in the output of
this command.
Changing another You must be an administrator and your user account must be assigned to a group
user’s capabilities that has greater capabilities than the group the user is assigned to if you want to
perform any of the following tasks:
◆ Change the capabilities of a user
◆ Change the comment about a user
◆ Change the full name of a user
◆ Change the ageing characteristics of a user’s password
◆ Change the name of a group
Note
You cannot create or change a group, a user, or a role, to have more capabilities
than you have.
If you want to change the password of another user, your account must also be
assigned to a group that has the security-password-change-others capability.
100 Using administrator accounts to control administrative access
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Using administrator accounts to control administrative access
Managing groups
Predefined groups If you want to, you can assign a user or domainuser to a predefined set of groups
and roles provided by Data ONTAP. The predefined groups and roles are
described in the following table:
Predefined Default
Group roles Default privileges
Administrators admin Grants all CLI, API, login, and security
capabilities.
Power Users power Grants the ability to
◆ Invoke all cifs, exportfs, nfs,
useradmin CLI commands
◆ Make all cifs and nfs API calls
◆ Log in to Telnet, HTTP, rsh, and ssh
sessions
Backup Operators none None
Users audit Grants the ability to make snmp-get and
snmp-get-next API calls.
Guests none None
Everyone none None
Chapter 6: Managing Administrator Access 101
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Assigning roles to To create or modify a group, giving that group the capabilities associated with
groups by creating one or more predefined or customized roles, complete the following steps.
or modifying a
group Note
When you use the useradmin group modify command to modify an existing
group, whatever roles were previously assigned to that group are replaced with
the roles you supply in the command.
Step Action
1 Use the useradmin group add command to create a new group or
the useradmin group modify command modify a group.
useradmin group {add|modify} group_name [-c comments] [-r
{custom_role|root|admin|power|audit}[,...]]
group_name is the group that you want to create or to which you
want to assign one or more roles. Group names are case insensitive
and can be up to 256 characters. For more information about naming
requirements, see “Naming requirements for users, groups and roles”
on page 94.
Note
Do not create groups with the same name as any of the Windows
special groups or any existing users. For a list of the Windows special
groups, see “Windows special groups” on page 95.
custom_role is a customized role with capabilities assigned through
the useradmin role add command.
root | admin | power | audit are roles predefined by Data
ONTAP with default capabilities. For a description of the predefined
roles see “Predefined roles” on page 105.
Example: The following command gives the group “admin users”
capabilities associated with the admin role, and removes any roles
previously assigned to the admin_users group.
useradmin group modify "admin users" -r admin
102 Using administrator accounts to control administrative access
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Step Action
2 Enter the following command to verify the success of your operation.
useradmin group list group_name
The roles and capabilities assigned to the group in question are listed
in the output of this command.
Renaming a group You can rename a group using the useradmin group modify command. To
rename a group, complete the following step.
Step Action
1 Enter the following command:
useradmin group modify group_name -g new_group_name
group_name is the name of the group you want to change.
new_group_name is the name you want the group to have after the
change.
Note
Do not attempt to rename a group with the same name as any of the
Windows special groups. For a list of the Windows special groups,
see “Windows special groups” on page 95.
Loading groups When groups are created, they are placed in the [Link] file. Normally, this
from the file is for administrative reference only; it is not used to reload groups into the
[Link] file system memory. However, sometimes you need Data ONTAP to reload this file;
for example, when you are migrating a storage system or a vFiler unit.
Chapter 6: Managing Administrator Access 103
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Note
Using this procedure unloads the current groups from memory before loading the
new file; currently configured groups will no longer be available unless they are
also configured in the new file.
To perform this operation, the user must belong to a group that has the security-
load-lclgroups capability.
Do not edit the [Link] file directly to add or remove groups. Use the
useradmin group command to administer groups.
To cause Data ONTAP to reload the [Link] file, perform the following
steps.
Step Action
1 Using a client, copy the new [Link] file to the /etc directory,
giving it a different name.
2 Enter the following command:
useradmin domainuser load new_lclgroups.cfg_filename
lclgroups.cfg_filename is the name of the new [Link] file you
created in Step 1.
Result: The groups in the current [Link] file are unloaded
from memory and the groups in the new [Link] file are loaded
into memory. In addition, the current [Link] file is moved to
[Link], and a new [Link] file is created from the file
you specified.
104 Using administrator accounts to control administrative access
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Using administrator accounts to control administrative access
Managing roles
Predefined roles Data ONTAP provides the following predefined roles.
Default capability Summary of default granted
Role assignments capabilities
root -a * Grants all possible capabilities.
admin -a cli-*, api-*, login- Grants all CLI, API, login, and
*, security-* security capabilities.
power -a cli-cifs*, cli- Grants the ability to
exportfs*, cli-nfs*, ◆ Invoke all cifs, exportfs,
cli-useradmin*, api- nfs, useradmin CLI
cifs-*, api-nfs-*, commands
login-telnet, login- ◆ Make all cifs and nfs API
http-admin, login-rsh, calls
login-ssh ◆ Log in using telnet, HTTP,
rsh, and ssh sessions
audit -a api-snmp-get, api- Grants the ability to make snmp-
snmp-get-next get and snmp-get-next API calls.
none None Grants no administrative
capabilities.
Chapter 6: Managing Administrator Access 105
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Assigning You use the useradmin role add or useradmin role modify commands to
capabilities to roles define and modify the capabilities of roles that can be assigned to a group.
Supported Data ONTAP supports four capability types, as described in the following table.
capability types
Capability
Type Description
login Grants the specified role telnet, console, rsh, ssh, or http-
admin login capabilities.
login-* gives the specified role the ability to log in through all
supported protocols.
login-protocol gives the specified role capability to log in
through a specified protocol. Supported protocols include:
◆ login-telnet—gives the specified role the ability to log
in to the storage system using Telnet.
◆ login-console—gives the specified role the ability to log
in to the storage system using the console.
◆ login-rsh—gives the specified role the ability to log in to
the storage system using rsh.
◆ login-ssh—gives the specified role the ability to log in to
the storage system using SSH.
◆ login-http-admin—gives the specified role the ability to
log in to the storage system using HTTP.
106 Using administrator accounts to control administrative access
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Capability
Type Description
cli Grants the specified role the ability to execute one or more
Data ONTAP command line interface (CLI) commands.
cli-* grants the specified role the capability to execute all
supported CLI commands.
cli-cmd* gives the specified role the capability to execute all
commands associated with the CLI command cmd.
For example, the following command gives the specified role
the capability to execute all vol commands:
useradmin role modify status_gatherer -a cli-vol*
Note
Users with cli capability also require at least one login
capability to execute CLI commands.
security Grants the specified role security-related capabilities, such as
the ability to change other users’ passwords or to invoke the
CLI priv set advanced command.
security-* grants the specified role all security capabilities.
security-capability grants the specified role one of the
following specific security capabilities:
◆ security-passwd-change-others gives the specified role
the capability to change the passwords of all users with
equal or less capabilities.
For information about comparing capabilities, see
“Changing another user’s capabilities” on page 100.
◆ security-priv-advanced gives the specified role the
capability to access the advanced CLI commands.
◆ security-load-lclgroups gives the specified role the
capability to reload the [Link] file.
For more information, see “Loading groups from the
[Link] file” on page 103.
◆ security-complete-user-control gives the specified
role the capability to create, modify, and delete users,
groups, and roles with greater capabilities.
Chapter 6: Managing Administrator Access 107
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Capability
Type Description
api Grants the specified role the capability to execute Data ONTAP
API calls.
api-* grants the specified role all api capabilities.
api-api_call_family-* grants the specified role the capability to
call all API routine in the family api_call_family.
api-api_call grants the specified role the capability to call the
API routine api_call.
Note
You have more fine-grained control of the command set with
the api capabilities because you can give subcommand
capabilities as well.
Users with api capability also require the login-http-admin
capability to execute API calls.
Creating a new role To create a new role, complete the following steps:
Step Action
1 Enter the following command:
useradmin role add role_name [-c comments] -a
capability1[,capability2...]
role_name is the name of the role you want to create. Role names are
case insensitive and can be 1-32 characters. For more information
about naming requirements, see “Naming requirements for users,
groups and roles” on page 94.
comments is a short string you can use to document this role.
The capability parameters are the capabilities you want to grant to
this new role.
108 Using administrator accounts to control administrative access
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Step Action
2 To verify the success of the operation, enter the following command.
useradmin role list role_name
Result: The capabilities allowed for the specified role are listed.
Modifying an To modify the capabilities of an existing role, you use the useradmin role
existing role modify command.
Note
When you use the useradmin role modify command to modify an existing role,
whatever capabilities were previously assigned to that role are replaced with the
capabilities you supply in the command.
To modify an existing role, complete the following steps.
Step Description
1 Enter the following command:
useradmin role modify role_name [-c comments] -a
capability1[,capability2...]
role_name is the name of the role that you want to modify.
comments is a short string you can use to document this role.
The capability parameters are the capabilities you want to grant to
this role.
Example: The following command line assigns the role
“class2loginrights” telnet capabilities, console login capabilities, and
all CLI capabilities, while removing any other capabilities that the
role was granted previously.
useradmin role modify class2loginrights -c “This role is
for telnet and console logins” -a login-telnet,login-
console,cli-*
2 To verify the success of the operation, enter the following command.
useradmin role list role_name
Result: The capabilities allowed for the specified role are listed.
Chapter 6: Managing Administrator Access 109
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Example of granting You can grant API capabilities for API command families. For example, to grant
API command the myrole role only the capability to run CIFS commands, you use the following
families command:
useradmin role add myrole -a api-cifs-*
110 Using administrator accounts to control administrative access
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Using administrator accounts to control administrative access
Listing and deleting users, groups and roles
Listing users, Use the following useradmin commands to display information for users,
domainusers, domainusers, groups, or roles.
groups, or roles
Command Description
useradmin user list Lists all administrative users configured for this storage system.
Each user entry includes the user name, comment information, a
Data ONTAP-generated user ID number, and groups that each user
belongs to. For example:
> useradmin user list
Name: root
Info: Default system administrator.
Rid: 0
Groups:
Name: administrator
Info: Built-in account for administering the filer
Rid: 500
Groups: Administrators
Name: fred
Info: This is a comment for fred.
Rid: 131343
Groups: Users
...
Chapter 6: Managing Administrator Access 111
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Command Description
useradmin user list Lists the extended information for a specific administrator. The
user_name extended information includes the user name, comment
information, the groups that the user belongs to, a Windows-based
name if the user has one, a Data ONTAP-generated user ID number,
and effective allowed capabilities. For example:
>useradmin user list fred
Name: fred
Info: This is a comment for fred
Rid: 131343
Groups: Users
Full Name:
Allowed Capabilities: login-http-admin,api-snmp-
get,api-snmp-get-next
Password min/max age in days: 0/4294967295
Status: enabled
useradmin user list -g Lists information for all users assigned to a specified group. For
grp_name example:
> useradmin user list -g Admistrators
Name: administrator
Info: Built-in account for administering the filer
Rid: 500
Groups: Administrators
Name: marshall
Info:
Rid: 131454
Groups: Administrators
...
112 Using administrator accounts to control administrative access
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Command Description
useradmin domainuser list -g Lists the SIDs of all Windows domain administrative users assigned
group_name to a specified group.
To list the user name, comment information, and the groups that
each user belongs to, follow up with cifs lookup and useradmin
user list commands. For example:
>useradmin domainuser list -g administrators
List of SIDS in administrators
S-1-7-24-1214340929-620487827-8395249115-512
S-1-7-24-1838915891-154599588-1081798244-500
For more information about a user, use the 'cifs lookup'
and 'useradmin user list' commands.
>cifs lookup S-1-7-24-1214340929-620487827-8395249115-
512
name = MBS-LAB\Domain Admins
>cifs lookup S-1-7-24-1838915891-154599588-1081798244-
500
name = ZND\Administrator
>useradmin user list Administrator
Name: Administrator
Info: Built-in account for administering the filer
Rid: 500
Groups: Administrators
Full Name:
Allowed Capabilities: login-*,cli-*,api-*,security-*
Note
The Rid value of 500 for the Administrator user corresponds to the
last number in the Administrator user’s SID.
Chapter 6: Managing Administrator Access 113
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Command Description
useradmin group list Lists all the administrative user groups configured for this storage
system. Each group entry includes the group name, comment
information, Data ONTAP-generated user ID number, and every
role associated with that group. For example:
> useradmin group list
Name: Administrators
Info: Members can fully administer the filer
Rid: 544
Roles: admin
Name: Backup Operators
Info: Members can bypass file security to backup files
Rid: 551
Roles: none
...
useradmin group list Lists the extended details for a specified single group. An extended
group_name entry for a single group includes the group name, comment
information, roles assigned to that group, and allowed capabilities.
For example:
>useradmin group list Administrators
Name: Administrators
Info: Members can fully administer the filer.
Rid: 544
Roles: admin
Allowed Capabilities: login-*,cli-*,api-*,security-*
114 Using administrator accounts to control administrative access
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Command Description
useradmin role list Lists all the roles configured for this storage system. Each role
entry lists the role name, comment information, and allowed
capabilities. For example:
>useradmin role list
Name: admin
Info:
Allowed Capabilities: login-*,cli-*,api-*,security-*
Name: audit
Info:
Allowed Capabilities: login-http-admin,api-snmp-
get,api-snmp-get-next
Name: none
Info:
Allowed Capabilities:
...
useradmin role list Lists the information for a single specified role name. For example:
role_name
> useradmin role list admin
Name: admin
Info: Default role for administrator privileges.
Allowed Capabilities: login-*,cli-*,api-*,security-*
Chapter 6: Managing Administrator Access 115
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Deleting users, Use the following commands to delete users, domainusers, groups, or roles.
domainusers,
groups, or roles
Command Description
useradmin user delete user_name Deletes the specified user from the storage system.
The useradmin user delete command deletes any local user
except for “root” and “snmp”. The “snmp” administrative user
can be disabled by modifying the audit role or “User” group.
Note
You cannot delete or modify a user with greater capabilities than
you have. For more information about comparing capabilities,
see “Changing another user’s capabilities” on page 100.
useradmin domainuser delete Removes the specified user from the specified group or groups.
win_user_name -g
group1,[group2,...] This command does not delete the user from the domain.
Note
If you want to completely delete a user from the storage system,
use the useradmin user delete command instead.
useradmin group delete Deletes the specified group from the storage system.
group_name
Note
All users must be removed from a group before the group itself
can be deleted.
useradmin role delete role_name Deletes the specified role from the storage system.
Note
A role that is still assigned to a group cannot be deleted.
116 Using administrator accounts to control administrative access
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Using administrator accounts to control administrative access
Administrative user creation examples
Example creation of The following useradmin commands create a user with a limited and specialized
a user with custom set of administrator capabilities. The commands carry out the following
capabilities operations:
◆ Create the following roles:
❖ “only_ssh” is allowed to log in only via ssh
❖ “qtree_commands” can run any qtree command in the CLI.
◆ Create the following group:
❖ “ssh_qtree_admins” is allowed to log in only via ssh and run the qtree
commands in the CLI, using the two roles created in the previous step.
◆ Create a user, “wilma” and assign that user to the ssh_qtree_admins group.
As a member of the ssh_qtree_admins group, user wilma now inherits the
capabilities from the roles assigned to that group.
◆ Display the details and capabilities inherited by the new user wilma.
> useradmin role add only_ssh -a login-ssh
Role <only_ssh> added.
> Thu Apr 22 10:50:05 PDT [tpubs-cf1:
[Link]:info]: The role 'only_ssh' has been added.
>useradmin role add qtree_commands -a cli-qtree*,api-qtree-*
Role <qtree_commands> added.
> Thu Apr 22 10:51:51 PDT [tpubs-cf1:
[Link]:info]: The role 'qtree_commands' has been
added.
>useradmin group add ssh_qtree_admins -r only_ssh,qtree_commands
Group <rsh_qtree_admins> added.
> Thu Apr 22 10:53:07 PDT [tpubs-cf1:
[Link]:info]: The group 'ssh_qtree_admins' has
been added.
>useradmin user add wilma -g ssh_qtree_admins
New password:
Retype new password:
User <wilma> added.
> Thu Apr 22 10:54:43 PDT [tpubs-cf1:
[Link]:info]: The user 'wilma' has been added.
> useradmin user list wilma
Name: wilma
Info:
Rid: 131074
Chapter 6: Managing Administrator Access 117
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Groups: ssh_qtree_admins
Full Name:
Allowed Capabilities: login-ssh,cli-qtree*,api-qtree-*
Example creation of In a CIFS environment, you might want to create users on the storage system that
a user with no are in local groups but do not have console access or any administrative
administrative capabilities on the storage system. These users would still have the file access
capabilities permissions granted by the local groups.
To add a user with no console access or administrative capabilities to a storage
system, complete the following steps.
Step Action
1 Enter the following command:
useradmin user add user_name -g "Guests"
user_name is the user name for the new user.
2 Enter the user’s password when prompted.
3 To verify that you have created the user with no capabilities, enter the
following command:
useradmin user list user_name
Result: “Allowed Capabilities” should be blank.
118 Using administrator accounts to control administrative access
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Managing passwords
About this section This section describes managing passwords on the storage system. The following
topics are included:
◆ “Managing passwords for security” on page 120
◆ “Changing passwords” on page 122
◆ “Managing password rules” on page 124
Chapter 6: Managing Administrator Access 119
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Managing passwords
Managing passwords for security
How you can Data ONTAP provides several methods you can use to ensure the password
manage passwords policies for your storage systems meet your company’s security requirements.
for security The following list outlines these methods:
◆ Password rules
Password rules enable you to specify rules for valid passwords. You use the
[Link] options to specify password rules.
For more information, see “Managing passwords” on page 124 or the
na_options(1) man page.
◆ Password history
Password history enables you to require users to rotate through a specified
number of passwords, rather than simply using the same password every
time. You use the [Link] option to specify
password history. The default value is 0, which does not enforce this rule.
For more information, see the na_options(1) man page.
◆ Password expiration (maximum age)
Password expiration enables you to require that users change their passwords
before they are a specified number of days old. You use the useradmin user
add or modify commands to set this value for individual users. The default
value is 4,294,967,295.
Note
Before using password expiration, make sure your storage system time is set
correctly. If you use password expiration before the date is set correctly,
accounts could expire before or after the desired expiration date.
For more information, see the na_useradmin(1) man page.
◆ Password minimum age
Password minimum age prevents users from changing their passwords too
quickly, thus cycling through their previous passwords too quickly. You use
the useradmin user add or modify commands to set this value for
individual users. The default value is 0, which does not enforce a minimum
password age.
120 Managing passwords
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Note
Before using password minimum ages, make sure your storage system time
is set correctly. Changing the system time after password minimum ages
have been set can lead to unexpected results.
For more information, see the na_useradmin(1) man page.
◆ Password lockout
Password lockout enables you to lock users out after a specified number of
unsuccessful login attempts. This is to prevent an unauthorized user from
attempting to guess a password. You use the
[Link] option to specify password lockout.
The default value is 0, which does not enforce this rule.
For more information, see the na_options(1) man page.
◆ Password reset requirement
The password reset requirement enables you to require that all new users
(except for root) reset their passwords when they log in for the first time.
Users must also reset their passwords the first time they log in after another
user has changed their password.
You set the [Link] option to On to enable
this requirement. The default value is Off.
For more information, see the na_options(1) man page.
Chapter 6: Managing Administrator Access 121
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Managing passwords
Changing passwords
Changing the To change the storage system password, which is also the password for the root
storage system user account, complete the following step.
password
Step Action
1 If you are using a... Then...
Telnet session or the 1. Enter the following command:
console to administer passwd
the storage system
2. Enter the storage system account
name:
root
3. Enter the existing storage system
password (not required if you are root
or have the security-passwd-
change-others capability).
4. Enter a new password, and then enter it
a second time to confirm it.
Remote Shell Enter the following command:
connection to rsh filer_name passwd old_password
administer the storage new_password root
system
122 Managing passwords
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Changing a local To change a local user account password, complete the following step.
user account
password Step Action
1 If you are using a... Then...
Telnet session or the 1. Enter the following command:
console to administer the passwd
storage system
2. When Data ONTAP prompts you,
enter the name of the local user
whose password you want to
change.
3. When Data ONTAP prompts you,
enter the new password.
4. Enter the new password again.
Remote Shell connection Enter the following command:
to administer the storage rsh filer_name passwd
system new_password username
Chapter 6: Managing Administrator Access 123
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Managing passwords
Managing password rules
Managing password Data ONTAP provides the following set of options to control password rules:
rules
Password rule option Description
[Link] Specifies whether new users, and users logging in for the
{on|off} first time after another user has changed their password,
must change their password.
The default value for this option is Off.
Note
If you enable this option, you must ensure that all groups
have the login-telnet and cli-passwd* capabilities.
Users in groups that do not have these capabilities cannot
log in to the storage system.
[Link] Specifies the number of allowable login attempts before a
num user’s account is disabled.
The default value for this option is 4,294,967,295.
[Link] Specifies whether a check for password composition is
{on|off} performed when new passwords are specified.
If this option is set to On, passwords are checked against
the rules specified in this table, and the password is
rejected if it doesn’t pass the check.
If this option is set to Off, the check is not performed.
The default value for this option is On.
By default, this option does not apply to the users “root”
or “Administrator” (the NT Administrator account).
124 Managing passwords
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Password rule option Description
[Link] Specifies whether a check for password composition is
{on|off} performed for the “root” and “Administrator” users.
If the [Link] option is set to
Off, this option does not apply.
The default value for this option is Off.
[Link] num Specifies the number of previous passwords that are
checked against a new password to disallow repeats.
The default value for this option is 0, which means that
repeat passwords are allowed.
[Link] Specifies the maximum number of characters a password
max_num can have.
Note
This option can be set to a value greater than 16, but a
maximum of 16 characters are used to match the
password.
Users with passwords longer than 14 characters will not
be able to log in via the Windows interfaces, so if you are
using Windows, do not set this option higher than 14.
The default value for this option is 256.
[Link] Specifies the minimum number of characters a password
min_num must have.
The default value for this option is 8.
[Link]. Specifies the minimum number of alphabetic characters a
alphabetic min_num password must have.
The default value for this option is 2.
[Link] Specifies the minimum number of digit characters a
min_num password must have. These are numbers from 0 to 9.
The default value for this option is 1.
Chapter 6: Managing Administrator Access 125
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Password rule option Description
[Link]. Specifies the minimum number of symbol characters
symbol min_num (white space and punctuation characters) a password must
have.
The default value for this option is 0.
126 Managing passwords
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Performing General System Maintenance 7
About this chapter This chapter describes some general maintenance tasks you might need to
perform to manage your storage system.
Topics in this This chapter discusses the following topics:
chapter ◆ “Aggregate Snapshot copy management” on page 128
◆ “Managing licenses” on page 132
◆ “Setting the system date and time” on page 134
◆ “Synchronizing the system time” on page 137
◆ “Understanding core files” on page 140
◆ “Configuring message logging” on page 142
◆ “Configuring audit logging” on page 146
◆ “Configuring storage system startup” on page 148
◆ “Storage system configuration backup and cloning” on page 153
◆ “UPS management” on page 156
Chapter 7: Performing General System Maintenance 127
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Aggregate Snapshot copy management
What an aggregate An aggregate Snapshot copy is a point-in-time, read-only image of an aggregate.
Snapshot copy is It is similar to a volume Snapshot copy, except that it captures the contents of the
entire aggregate, rather than any particular volume.
For more information about Snapshot copies, see the Data Protection Online
Backup and Recovery Guide.
What you can do You use aggregate Snapshot copies when the contents of an entire aggregate need
with aggregate to be recorded. However, you do not restore data directly from an aggregate
Snapshot copies Snapshot copy. To restore data, you use a volume Snapshot copy.
You use aggregate Snapshot copies in the following situations:
◆ If you are using MetroCluster or RAID SyncMirror and you need to break
your mirror, you take an aggregate Snapshot copy before breaking the mirror
to decrease the time it takes to resync the mirror later.
◆ If you are making a global change to your storage system, and you want to
be able to restore the entire system state if the change produces unexpected
results, you take an aggregate Snapshot copy before making the change.
◆ If the aggregate file system becomes inconsistent, aggregate Snapshot copies
can be used by technical support to restore the file system to a consistent
state.
How you manage The commands you use to manage aggregate Snapshot copies are the same as the
aggregate Snapshot ones you use to manage volume Snapshot copies, with the -A flag added.
copies However, be sure to read the rest of this section to understand how to manage
your aggregate Snapshot copies.
How you create Usually, you do not need to create aggregate Snapshot copies manually. A
aggregate Snapshot schedule is automatically set up to generate new aggregate Snapshot copies
copies periodically. In most cases, you should not need to change the aggregate
Snapshot copy schedule.
128 Aggregate Snapshot copy management
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
If you do need to create an aggregate Snapshot copy manually, you use the same
command as you would for a volume Snapshot copy, except that you add the -A
flag. For more information on creating Snapshot copies, see the Data Protection
Online Backup and Recovery Guide.
About the Just as there is space reserved for volume Snapshot copies in their volume (the
aggregate Snapshot volume Snapshot reserve), there is space reserved for aggregate Snapshot copies
reserve in the aggregate. This space is called the aggregate Snapshot reserve.
The default size of the aggregate Snapshot reserve is 5 percent of the aggregate
size. For example, if the size of your aggregate is 500 GB, then 25 GB is set aside
for aggregate Snapshot copies.
Note
Unlike volume Snapshot copies, aggregate Snapshot copies cannot consume any
space outside of their Snapshot reserve.
About automatic As more and more data blocks in the aggregate are changed, the aggregate
aggregate Snapshot Snapshot reserve gradually becomes full. Because aggregate Snapshot copies
copy deletion usually do not need to be preserved for long periods of time (you usually need
only the most recent aggregate Snapshot copy), Data ONTAP automatically
deletes the oldest aggregate Snapshot copies to recover space in the aggregate
Snapshot reserve.
When an aggregate Snapshot copy is automatically deleted, a message similar to
this one is logged:
Sun May 23 15:10:16 EST [[Link]:info]: Deleting
snapshot ‘nightly.0’ in aggregate ‘aggr1’ to recover storage
Chapter 7: Performing General System Maintenance 129
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
How you manage Usually, the default aggregate Snapshot reserve of 5 percent is sufficient.
your aggregate However, if you find that aggregate Snapshot copies are being created and
Snapshot reserve deleted often enough to affect system performance, then you should increase the
aggregate Snapshot reserve.
Note
If you have automatic aggregate Snapshot copy creation enabled, you should not
decrease the size of the aggregate Snapshot reserve below the default of 5
percent. If you need to reclaim the space being used for the aggregate Snapshot
reserve, disable automatic aggregate Snapshot copy creation using the procedure
outlined in “About disabling automatic aggregate Snapshot copy creation” on
page 131.
How you manage In most cases you should leave automatic aggregate Snapshot copy deletion
automatic enabled. If this option is turned off for a particular aggregate, then every volume
aggregate Snapshot in that aggregate requires up to two times its size in order to satisfy a space
copy deletion guarantee of volume.
However, in some specific situations, you may need to disable automatic
aggregate Snapshot copy deletion temporarily. For example, if you want to create
an aggregate Snapshot copy before breaking your RAID SyncMirror, you would
want to make sure that Snapshot copy is not automatically deleted. To disable
automatic aggregate Snapshot copy deletion, you use the aggregate option
command.
For example, to turn off automatic aggregate Snapshot copy deletion for the
aggregate myAggr, you would use the following command:
aggr options myAggr snapshot_autodelete off
Note
If you do not have sufficient free space in your aggregate to satisfy the new space
requirements when you turn off automatic aggregate Snapshot copy deletion,
then space guarantees will be disabled for one or more of your volumes. For this
reason, you should plan to reenable automatic aggregate Snapshot copy deletion
as quickly as possible.
130 Aggregate Snapshot copy management
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
About disabling You can turn off automatic aggregate Snapshot copy creation for a particular
automatic aggregate, using the same nosnap option that you would for volume Snapshot
aggregate Snapshot copy. However, you are advised to leave automatic aggregate Snapshot copy
copy creation creation enabled, in case you need any low-level file system repair.
Attention
Do not disable automatic aggregate Snapshot copy creation if you have a
MetroCluster configuration, or if you are using RAID SyncMirror. Aggregate
Snapshot copies are required for those configurations for correct system
operation.
Disabling automatic To disable automatic aggregate Snapshot copy creation and reclaim the free space
aggregate Snapshot being used for the aggregate Snapshot reserve, complete the following steps.
copy creation
Step Action
1 Disable automatic aggregate Snapshot copy creation by entering the
following command:
aggr options aggr_name nosnap on
aggr_name is the name of the aggregate for which you want to
disable automatic Snapshot copy creation.
2 Delete all Snapshot copies in the aggregate by entering the following
command:
snap delete -A -a aggr_name
3 Set the aggregate Snapshot reserve to 0 percent by entering the
following command:
snap reserve -A aggr_name 0
Chapter 7: Performing General System Maintenance 131
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Managing licenses
About license A license code is a string of characters, such as ABCDEFG, that is unique to a
codes particular service. You receive license codes for every protocol and option, or
service, that you purchase. Not all purchased license codes are installed on a
storage system before it is shipped from the factory; some must be installed after
the system is set up. You can purchase license codes to enable additional services
at any time.
License code If you misplace a license code, you can contact technical support to obtain a
replacement copy.
License You can perform the following tasks to manage licenses:
management tasks ◆ Add licenses
◆ Display all services, including which licenses have been installed
◆ Delete licenses
Adding a license To add the license for a service, complete the following step.
Step Action
1 Enter the following command:
license add <code1> <code2>...
code is the license code provided to you by your sales person or
technical support.
132 Managing licenses
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Displaying current To display licensing information for all services, complete the following step.
license codes
Step Action
1 Enter the following command without parameters:
license
Result: Data ONTAP displays a list of the licenses that are enabled
and their codes.
Disabling a license To disable a license for a service, complete the following step.
Note
You cannot disable licenses for the disk sanitization or SnapLock features after
you enable them.
Step Action
1 Enter the following command:
license delete service
service is one of the list of possible services.
Note
To display the complete list of services, use the license command
with no parameters.
Chapter 7: Performing General System Maintenance 133
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Setting the system date and time
Setting the date and To set the date and time using the date command, complete the following steps.
time with the date
command Note
Keeping the system date and time correct is important to ensure that the storage
system can service requests correctly. To keep your storage system’s date and
time correct automatically, see “Synchronizing the system time” on page 137.
Step Action
1 Access the storage system command line through the console or
through a Telnet session.
134 Setting the system date and time
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Step Action
2 Enter the following command, substituting the current date and time
for the number string:
date [-u] [[[CC]yy]mmddhhmm[.ss]]
-u sets the date and time to Greenwich Mean Time instead of the
local time.
CC is the first two digits of the current year.
yy is the second two digits of the current year.
mm is the current month. If the month is omitted, the default is the
current month.
dd is the current day. If the day is omitted, the default is the current
day.
hh is the current hour, using a 24-hour clock.
mm is the current minute.
ss is the current second. If the seconds are omitted, the default is 0.
Example: The following command sets the date and time to 22 May
2002 at 9:25 a.m.
date 200205220925
Note
If the first two digits of the year are omitted, they default to 20; if all
four digits are omitted, they default to the current year. Time changes
for daylight saving and standard time, and for leap seconds and
years, are handled automatically.
Chapter 7: Performing General System Maintenance 135
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Setting the date If you use the date or rdate command to set a storage system’s date earlier when
while running SnapMirror is running, Snapshot copies can appear out of sequence. When this
SnapMirror occurs, SnapMirror assumes that the Snapshot copy with the earlier date was
created before the one with the later date, and asks for a new, complete transfer
before proceeding with any incremental transfers. You can avoid this problem in
the following ways:
◆ Turn SnapMirror off until the storage system completes the changes.
◆ Change the date prior to the next scheduled SnapMirror transfer.
136 Setting the system date and time
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Synchronizing the system time
About You can use the timed daemon to automatically keep the system time for your
synchronizing storage system synchronized with a time server. Using this feature is advised,
system time because problems can occur when the storage system clock is inaccurate.
About time servers To automatically keep your storage system time synchronized, you need the
name of at least one time server. For best results, supply the name of more than
one time server in case one becomes unavailable.
About the protocols There are two protocols you can use for time synchronization: SNTP and rdate.
SNTP (Simple Network Time Protocol) is more accurate; therefore, it is the
preferred protocol. You can get a list of public NTP (Network Time Protocol)
time servers (used for SNTP) from the [Link] Web at
[Link]
If you can’t access an SNTP server, you can use rdate. Many Unix servers can
function as an rdate server; see your system administrator to set up or identify an
rdate server in your environment.
Synchronizing To set the timed daemon to keep the storage system time synchronized with the
system time time server, complete the following steps.
Step Action
1 If the current time for the storage system is not fairly close to the
actual time, use the date command to set the system time to the
correct time.
For more information about setting the system clock, see “Setting the
system date and time” on page 134.
Chapter 7: Performing General System Maintenance 137
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Step Action
2 At the command line, set the appropriate timed options using the
options command.
At a minimum, you must set the proto option to use either sntp or
rdate (sntp is the preferred protocol), and set the servers option to
at least one valid time server for the protocol you select.
For more information about the protocols, see “About the protocols”
on page 137. For more information about the timed options, see the
na_options(1) man page or “About the timed options” on page 138.
3 Enter the following command to enable the timed daemon:
options [Link] on
About the timed The following table summarizes the available timed options and their default
options value. For more detailed information on the timed options, see the na_options(1)
man page.
Timed Default
option Function Allowable values value
enable Enables time ◆ on on
synchronization. ◆ off
log Specifies whether time ◆ on off
changes should be logged to ◆ off
the console.
max_skew Specifies the maximum ◆ ns 30m
allowable skew between the ◆ nm
system time and the time ◆ nh
server time. If the skew
exceeds this value,
synchronization does not
occur.
138 Synchronizing the system time
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Timed Default
option Function Allowable values value
proto Specifies the protocol used ◆ rtc rtc
to synchronize the time. (internal Real-
Time Clock)
◆ rdate
RFC 868
◆ sntp
RFC 2030
(preferred)
sched Specifies the timed ◆ hourly 1h
synchronization schedule. ◆ multihourly (hourly)
◆ daily
◆ custom
servers Specifies up to five time Example: null
servers used by the timed times1,[Link] string
daemon. [Link],10.15.46.
92
window Specifies a window of time ◆ ns 0s
around the synchronization ◆ nm
time when the
synchronization can occur.
Example clock The following example configures timed to use the SNTP protocol with the
synchronization default hourly synchronization schedule.
filer1> date
Thu Dec 9 13:49:10 PST 2004
filer1> options [Link] ntp
filer1> options [Link] [Link],[Link]
filer1> options [Link] on
Chapter 7: Performing General System Maintenance 139
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Understanding core files
About core files When a hardware or software failure causes the storage system to panic, the
system creates a core file that technical support can use to troubleshoot the
problem. The storage system stores the core file in the /etc/crash directory on the
root volume.
What the savecore The savecore command, which is included in the default /etc/rc file on the root
command does volume, performs the following tasks:
◆ Produces a [Link] file. The n in the file name is a number. The string nz
indicates that the file is compressed.
◆ Displays a message on the system console.
◆ Logs a message in /etc/messages on the root volume.
Core dump writing A core dump file contains the contents of memory and NVRAM. Core dumps are
written over reserved sections of any working disk owned by the local storage
system. When a core dump is created, it is stored in uncompressed format if
sufficient space is available; otherwise, it is stored in compressed format. If there
is insufficient space to store a complete core dump in compressed format, the
core dump is canceled.
Note
If the failed storage system belongs to a cluster and options
[Link].on_panic is enabled, a core dump file is written to a spare disk on
that system.
Core dump files are not compatible between Data ONTAP releases because
where the core starts on disks depends on the release. Because of this
incompatibility, Data ONTAP might fail to find a core dump file dumped by
another release.
140 Understanding core files
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Options that control There are two options you can use to control core dump file creation, as listed in
core dump file the following table:
creation
Option Description Default value
[Link] Controls how many attempts 2
are made to create a core
dump file.
coredump.metadata_only Specifies whether the buffers on
containing user data are
(user data
dumped.
buffers are not
dumped)
For more information about these options, see the na_options(1) man page.
Automatic technical Your storage system sends e-mail automatically to technical support upon each
support notification system reboot, if the AutoSupport feature is enabled and configured correctly.
Technical support uses the AutoSupport message and the core file to troubleshoot
the problem.
Note
If you have disabled AutoSupport e-mail, you should contact technical support
when your system creates a core file.
Chapter 7: Performing General System Maintenance 141
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Configuring message logging
What message The storage system maintains messages in the /etc/messages file on its root
logging is volume.
The level of information that the storage system records in the /etc/messages file
is configurable in the /etc/[Link] file.
Note
You should check the /etc/messages file once a day for important messages. You
can automate the checking of this file by creating a script on the administration
host that periodically searches /etc/messages and then alerts you of important
events.
Where messages Message logging is done by a syslogd daemon. The /etc/[Link]
are sent configuration file on the storage system’s root volume determines how system
messages are logged. Depending on their severity and origin, messages can be
sent to
◆ The console
◆ A file
◆ A remote system
By default, all system messages (except those with debug-level severity) are sent
to the console and logged in the /etc/messages file.
Accessing your You can access the /etc/messages files using your NFS or CIFS client, or using
message log files HTTP. For more information, see “Accessing the default directories on the
storage system” on page 61.
The /etc/messages Every Sunday at midnight, the /etc/messages file is copied to /etc/messages.0, the
file restart schedule /etc/messages.0 file is copied to /etc/messages.1, and so on. The system saves
messages for up to six weeks; therefore, you can have up to seven message files
(/etc/messages.0 through /etc/messages.5 and the current /etc/messages file).
142 Configuring message logging
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
The /etc/[Link] The /etc/[Link] file consists of lines with two tab-separated (not space-
file separated) fields of the following form:
[Link] action
The facility parameter: The facility parameter specifies the subsystem
from which the message originated. The following table describes the facility
parameter keywords.
Keyword Description
auth Messages from the authentication system, such as login
cron Messages from the internal cron facility
daemon Messages from storage system daemons, such as rshd
kern Messages from the storage system kernel
* Messages from all facilities
The level parameter: The level parameter describes the severity of the
message. The following table describes the level parameter keywords arranged
in order from most to least severe.
Level Description
emerg Panic condition that causes a disruption of normal service
alert Condition that you should correct immediately, such as a
failed disk
crit Critical conditions, such as disk errors
err Errors, such as those caused by a bad configuration file
warning Conditions that might become errors if not corrected
notice Conditions that are not errors, but might require special
handling
info Information, such as the hourly uptime message
debug Used for diagnostic purposes
* All levels of errors
Chapter 7: Performing General System Maintenance 143
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
The action parameter: The action parameter specifies where to send
messages. Messages for the specified level or higher are sent to the message
destination. The following table describes the possible actions and gives
examples of each action.
Action Example
Send messages to a file specified by a /etc/messages
path.
Send messages to a host name @adminhost
preceded by an @ sign.
Send messages to the console. /dev/console
or
*
Sample The following example shows a customized /etc/[Link] file:
/etc/[Link] file
# Log anything of level info or higher to /etc/messages.
*.info /etc/messages
# Log all kernel messages of levels emerg, alert, crit,
# and err to /etc/messages.
[Link] /etc/messages
# Log all kernel messages, and anything of level err or
# higher to the console.
*.err;kern.* /dev/console
# Log all kernel messages and anything of level err or
# higher to a remote loghost system called adminhost.
*.err;kern.* @adminhost
# Log messages from the authentication system of level notice
# or higher to the /etc/[Link] file. This file has
# restricted access.
[Link] /etc/[Link]
144 Configuring message logging
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Configuring To configure message logging, complete the following steps.
message logging
Step Action
1 Open the /etc/[Link] file with an editor from a client.
2 Add one or more lines using the following format:
[Link] <tab> action
For more information about these parameters, see “The
/etc/[Link] file” on page 143.
3 Save and close the /etc/[Link] file.
Result: The changes you made to the [Link] file are read
automatically and are reflected in the message logging.
For more For more information about the [Link] file, see the na_syslog.conf(5) man
information page.
Chapter 7: Performing General System Maintenance 145
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Configuring audit logging
About the audit log An audit log is a record of commands executed at the console, through a Telnet
shell, an SSH shell, or by using the rsh command. The audit log data is logged in
the /etc/log directory in a file called auditlog. Administrative HTTP operations,
such as those resulting from the use of FilerView, are also logged. The maximum
size of the auditlog file is specified by the auditlog.max_file_size option. By
default, Data ONTAP is configured to save an audit log.
Note
You can also configure auditing specific to your file access protocol. For more
information, see the File Access and Protocols Management Guide.
Accessing your You can access the auditlog files using your NFS or CIFS client, or using HTTP.
audit log files For more information, see “Accessing the default directories on the storage
system” on page 61.
The Every Saturday at midnight, the /etc/log/auditlog file is copied to
/etc/log/auditlog file /etc/log/auditlog.0, /etc/log/auditlog.0 is copied to /etc/log/auditlog.1, and so on.
restart schedule This also occurs if the auditlog file reaches the maximum size specified by
auditlog.max_file_size.
The system saves auditlog files for six weeks, unless any auditlog file reaches the
maximum size, in which case the oldest auditlog file is discarded.
Configuring audit To configure audit logging, complete the following steps.
logging
Step Action
1 If audit logging is turned off, enter the following command to turn
audit logging on:
options [Link] on
Otherwise, go to Step 2.
146 Configuring audit logging
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Step Action
2 To change the maximum size of the audit log file, enter the following
command:
options auditlog.max_file_size value
value is the maximum size in bytes. The default value is 10,000,000
(about 10 MB).
Chapter 7: Performing General System Maintenance 147
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Configuring storage system startup
About this section This section describes how to customize your system startup by changing the
/etc/rc file. It contains the following information:
◆ “About the /etc/rc file” on page 149
◆ “Editing the storage system’s boot configuration file” on page 151
◆ “Recovering from /etc/rc errors” on page 152
148 Configuring storage system startup
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Configuring storage system startup
About the /etc/rc file
Startup commands The /etc/rc file contains commands that the storage system executes at boot time
are stored in /etc/rc to configure the system.
file
What startup Startup commands are placed into the /etc/rc file automatically after you run the
commands do setup command or the Setup Wizard.
Commands in the /etc/rc file configure the storage system to
◆ Communicate on your network
◆ Use the NIS and DNS services
◆ Save the core dump that might exist if the storage system panicked before it
was booted
Some commands Some commands cannot be stored in the /etc/rc/file. This includes commands
cannot be stored in that are executed by subsystems that are not yet available when the /etc/rc file is
the /etc/rc file executed. For example, you cannot include iscsi commands in the /etc/rc file.
Doing so prevents your storage system from booting successfully.
Default /etc/rc file To understand the commands used in the /etc/rc file on the root volume, examine
contents the following sample /etc/rc file, which contains default startup commands:
#Auto-generated /etc/rc Tue May 30 14:51:36 PST 2000
hostname toaster
ifconfig e0 `hostname`-0
ifconfig e1 `hostname`-1
ifconfig f0 `hostname`-f0
ifconfig a5 `hostname`-a5
route add default MyRouterBox
routed on
savecore
Chapter 7: Performing General System Maintenance 149
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Explanation of This section explains the sample /etc/rc file:
default /etc/rc
contents Description: hostname toaster
Sets the storage system host name to “toaster.”
Description:
ifconfig e0 `hostname`-0
ifconfig e1 `hostname`-1
ifconfig f0 `hostname`-f0
ifconfig a5 `hostname`-a5
Sets the IP addresses for the storage system network interfaces with a default
network mask.
The arguments in single backquotes expand to “toaster” if you specify “toaster”
as the host name during setup. The actual IP addresses are obtained from the
/etc/hosts file on the storage system root volume. If you prefer to have the actual
IP addresses in the /etc/rc file, you can enter IP addresses directly in /etc/rc on the
root volume.
For more information about the ifconfig command, see the Network
Management Guide.
Description: route add default MyRouterBox
Specifies the default router.
You can set static routes for the storage system by adding route commands to the
/etc/rc file. The network address for MyRouterBox must be in /etc/hosts on the
root volume.
For more information about routing, see the Network Management Guide.
Description: routed on
Starts the routing daemon.
For more information about routing, see the Network Management Guide.
Description: savecore
Saves the core file from a system panic, if any, in the /etc/crash directory on the
root volume. Core files are created only during the first boot after a system panic.
For more information about core files, see “About core files” on page 140.
150 Configuring storage system startup
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Configuring storage system startup
Editing the storage system’s boot configuration file
What the storage The storage system’s boot configuration file contains commands that are run
system’s boot automatically whenever you boot the system. The configuration file is named rc
configuration file and is in the /etc directory of its default volume (the default is /vol/vol0/etc/rc).
contains
Editing the storage To edit the storage system’s boot configuration file, complete the following steps.
system’s boot
configuration file Step Action
1 Make a backup copy of the /etc/rc file.
2 Edit the /etc/rc file.
Note
Do not add CIFS commands to /etc/rc. Doing so can cause problems
when the storage system boots if CIFS is not fully initialized or the
commands cause deadlocks between the /etc/rc file and CIFS.
3 Save the edited file.
4 Reboot the storage system to test the new configuration.
If the new configuration does not work as you want, repeat Step 2
through Step 4.
Chapter 7: Performing General System Maintenance 151
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Configuring storage system startup
Recovering from /etc/rc errors
Why the storage The storage system can become inaccessible to the administration host if you
system becomes introduce one of the following errors into the /etc/rc file when you edit it:
inaccessible to the ◆ You specify an incorrect network address, using the ifconfig command.
administration host The storage system is inaccessible because it is not on the network.
◆ You improperly export storage system directories to the NFS client that is
the administration host. The storage system is inaccessible because you
cannot mount the system root directory on the NFS client.
Recovering from To recover from the error, complete the following steps.
/etc/rc errors
Step Action
1 Enter commands on the console to configure the interface with the
correct address.
If you are in... Then...
An NFS environment Enter the exportfs command to
export the storage system root
directory to the administration
host.
A CIFS environment Add a share to the storage
system root directory.
2 Edit the storage system /etc/rc file from the administration host.
3 Reboot the storage system.
4 If the changes do not correct the problem, repeat Step 1 through Step
3.
152 Configuring storage system startup
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Storage system configuration backup and cloning
About storage Storage system configuration backup and cloning is performed using the config
system command. The configuration backup operation stores the system’s configuration
configuration information in a single file with a name you specify. The configuration backup
backup and cloning file enables you to restore the storage system configuration in case of disasters or
emergencies. Configuration cloning enables you to clone the configuration of an
existing storage system to a new system.
Backing up a When you use the config command to back up a storage system configuration,
storage system the system configuration is saved in a single file with a file name that you specify.
configuration By default, backup configuration files are created in the /etc/configs directory.
To back up a storage system configuration, complete the following step.
Step Action
1 Enter the following command:
config dump [-f] [-v] config_file
-f forces the new file to override an existing backup.
-v causes Data ONTAP to also back up a volume-specific
configuration.
config_file is the name or the path and name of the backup file you
are creating.
Example 1: The following is an example of the config dump
command using the default directory to back up a storage system-
specific configuration to the file /etc/configs/08_02_2004.
config dump 08_02_2004
Example 2: The following is an example of the config dump
command with a directory that you specify.
config dump /home/users/08_02_2004
Chapter 7: Performing General System Maintenance 153
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Cloning a storage To clone the configuration of one storage system to another, complete the
system following step.
configuration
Step Action
1 Enter the following command:
config clone filer username:password
filer is the name of the remote storage system from which you want
to clone the configuration.
username is the login name of an administrative user on the remote
storage system.
password is the remote user password.
Example: The following is an example of the config clone
command cloning the tpubs-dot configuration to the storage system
toaster.
toaster> config clone tpubs-dot root:hello
About restoring a You can restore a storage system configuration using the backup configuration
storage system files you created with the config dump command.
configuration
Restoring a storage To restore storage system configuration information from a backup configuration
system file, complete the following steps.
configuration
Step Action
1 Enter the following command:
config restore [-v] config_file
-v enables you to restore volume-specific configuration files, as well
as storage system-specific configuration files.
Example: The following is an example of the config restore
command restoring the backup configuration file from the default
/etc/configs directory.
config restore 08_02_2004
154 Storage system configuration backup and cloning
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Step Action
2 Reboot the system to run commands in the /etc/rc file.
Comparing storage To compare a storage system’s current configuration with a backup configuration
system file, or to compare differences between two backup configuration files, complete
configurations and the following step.
backup
configuration files Step Action
1 Enter the following command:
config diff [-o output_file] config_file1 [config_file2]
output_file is the name of the file to contain the differences. If you
omit this parameter, the output of the command is printed to the
console.
config_file1 is the name of the first configuration file you want to
compare.
config_file2 is the name of the second configuration file you want to
compare.
Example 1: The following example compares the storage system’s
current configuration with the configuration information in the
backup file.
config diff 11_15_2004
Example 2: The following example compares the configuration
information in two backup files.
config diff -o [Link] 11_05_2004 11_15_2004
Chapter 7: Performing General System Maintenance 155
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
UPS management
About UPS Data ONTAP enables you to register and monitor the status of UPS
management (Uninterruptible Power Supply) devices you are using with your storage system.
In addition, you can configure the timing of certain Data ONTAP events when a
power loss occurs.
About registering, You use the ups command to register UPS devices with Data ONTAP, and to
enabling and review their status. For more information about the ups command, see the
disabling UPS na_ups(1) man page.
devices
About the UPS Data ONTAP provides two configurable values to help you manage your storage
shutdown options system in case of a power outage:
◆ warningtime
The warningtime option specifies when Data ONTAP generates a warning
SNMP trap, AutoSupport message and log message.
The default value of the warningtime option is 300 seconds (5 minutes).
◆ criticaltime
The criticaltime option specifies when Data ONTAP generates another
SNMP trap, AutoSupport message and log message, and then starts shutting
down the storage system.
The default value of the criticaltime option is 60 seconds (1 minute).
About the shutdown When a power loss occurs, the UPS device begins supplying power to your
process storage system from its batteries. The UPS can only supply power as long as its
batteries still have enough charge; the UPS is there to give you time to shut down
your storage system cleanly.
The shutdown process is outlined in the following tasks.
Note
If you do not have AutoSupport enabled, the AutoSupport messages will not be
generated.
156 UPS management
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Step Task
1 When the power loss occurs, an SNMP trap, AutoSupport message,
and log messages are generated alerting you that the power loss has
occurred.
2 When the UPS has warningtime seconds of battery life remaining,
Data ONTAP generates another SNMP trap, AutoSupport message,
and log message.
3 When the UPS has criticaltime seconds of battery life remaining,
Data ONTAP generates another SNMP trap, AutoSupport message,
and log message and starts shutting down the storage system.
Note
The criticaltime notifications may not be sent, depending on
system load.
About using the For many environments, you can simply use the default values of five minutes for
default shutdown warningtime and one minute for criticaltime. However, you are advised to
event timings make sure that these values are set appropriately for your environment to avoid
any data loss in case of a power outage. The warningtime value should give you
enough time to do whatever manual processes you need to do prior to system
shutdown, and criticaltime should provide enough time for the system to shut
down cleanly.
Factors that might Factors that can affect the optimal value of these options for your environment
influence shutdown include:
event timing for ◆ UPS battery availability
your environment
If your UPS cannot support the default timing values, then your storage
system will not be able to shut down cleanly.
◆ Storage system workload
If you have a large number of users, a large number of CIFS sessions, or any
other workload factors that require a longer time to shut down, you need to
increase the warning and critical time values to ensure that the system has
sufficient time to shut down cleanly.
Chapter 7: Performing General System Maintenance 157
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
◆ Company policies and procedures
You may need to change the shutdown event timings to adhere to a protocol
or requirement in place at your company.
Configuring the If, after reviewing this documentation, you decide that you need to change these
shutdown event values, you can do so using the registry command.
timings
Note
You are strongly advised to contact technical support before changing the
shutdown event timing values.
158 UPS management
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Using AutoSupport 8
About this chapter This chapter discusses the AutoSupport feature that enables Data ONTAP to
automatically send information about your storage system to technical support
and to other recipients you specify. This feature provides you with customized
real-time support to monitor the performance of your system.
Topics in this This chapter discusses the following topics:
chapter ◆ “Learning about AutoSupport” on page 160
◆ “Configuring AutoSupport” on page 162
◆ “Troubleshooting AutoSupport” on page 168
◆ “Interpreting AutoSupport messages” on page 171
Chapter 8: Using AutoSupport 159
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Learning about AutoSupport
About AutoSupport The autosupport daemon monitors the storage system’s operations and sends
automatic messages to technical support to alert it to potential system problems.
If necessary, technical support contacts you at the e-mail address that you specify
to help resolve a potential system problem.
The following list outlines facts you should know about AutoSupport:
◆ The autosupport daemon is enabled by default on the storage system.
◆ AutoSupport messages are generated
❖ When events occur on the storage system that require corrective action
from the system administrator or technical support
❖ When the storage system reboots
❖ When you initiate a test message using the [Link] option
❖ Once a week, early Sunday morning, at approximately midnight
Two AutoSupport messages are generated at this time. One, the weekly
AutoSupport message, provides the same system information as regular
AutoSupport messages. The other, the performance AutoSupport
message, provides technical support with comprehensive performance
information about your storage system for the preceding week. The
performance message can be quite large, so by default it is sent only to
technical support.
◆ The system can send AutoSupport messages by SMTP, HTTP, or HTTPS
(the Secure Sockets Layer Internet transport protocol). HTTPS is the default.
◆ If an AutoSupport message cannot be sent successfully, an SNMP trap is
generated.
Note
For more information about AutoSupport, see the NOW site at
[Link]
AutoSupport is AutoSupport is enabled by default when you configure your storage system for
enabled by default the first time. After a grace period of 24 hours, AutoSupport messages start being
generated. You can disable AutoSupport at any time using the
160 Learning about AutoSupport
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
[Link] option, but you are strongly advised to leave it enabled.
Enabling AutoSupport can significantly speed problem determination and
resolution should a problem occur on your storage system.
AutoSupport AutoSupport supports the following type of transport protocols for delivering
transport protocols AutoSupport messages to technical support:
◆ HTTPS
◆ HTTP
◆ SMTP
The default transport protocol is HTTPS. Because SMTP can introduce
limitations on message length and line length, you are strongly advised to use
HTTPS or HTTP for your AutoSupport transport protocol.
AutoSupport HTTP uses port 80; HTTPS uses port 443. If the network connection does not
messages using allow HTTPS or HTTP, you must configure AutoSupport for SMTP.
HTTP/HTTPS
To use HTTP or HTTPS to send AutoSupport messages, you may need to
configure an HTTP or HTTPS proxy.
AutoSupport The storage system does not function as a mail host—it requires an external mail
daemon requires an host at your site to send mail. The mail host is a host that runs a mail server that
external mail host if listens on the SMTP port (25).
you use SMTP
Examples of mail servers include the following:
◆ A UNIX host running an SMTP server such as the sendmail program
◆ A Windows NT server running the Microsoft Exchange server
The storage system uses the mail host’s mail server to send periodic e-mail
messages automatically to technical support about the system’s status. You can
configure AutoSupport to use one or more mail hosts.
Note
Make sure that mailhosts in the AutoSupport email delivery pathway are
configured to send and receive the 8-bit Multipurpose Internet Mail Extensions
(MIME) encoding.
Chapter 8: Using AutoSupport 161
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Configuring AutoSupport
AutoSupport To configure AutoSupport, you specify AutoSupport options. The AutoSupport
options options are shown in the following table.
AutoSupport option Description
[Link] [on|off]
Enables and disables inclusion of CIFS session and
share information in AutoSupport messages. The
default is Off.
[Link] [complete|minimal]
Indicates the type of content that AutoSupport
messages should contain. The default is Complete.
Note
If this setting is changed from complete to minimal,
any complete content AutoSupport message not yet
sent is cleared from the outgoing message spool and
a message to that effect appears on the console.
162 Configuring AutoSupport
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
AutoSupport option Description
[Link] [message]
Tells the autosupport daemon to send an
AutoSupport notification immediately.
The message can be a single word or a string
enclosed in single quotation marks. The message is
included in the subject line of the AutoSupport
notification and should be used to explain the reason
for the notification.
You can verify that AutoSupport is working by using
the “Call Home Check” function, which sends an
[Link] message with a subject line
containing any variation of the word TEST or
TESTING. When such a message is sent to NetApp,
the mail handler sends an automated response to the
configured recipient addresses, indicating that the
test AutoSupport message was received
successfully.
If the message is not sent, perform the
troubleshooting procedure as outlined in
“Troubleshooting AutoSupport” on page 168.
[Link] [on|off]
Enables and disables AutoSupport notification. The
default is On.
[Link] sender
Defines the user to be designated as the sender of the
notification.
For example, postmaster@[Link].
[Link].performance_data.enable
Determines whether the weekly performance
AutoSupport message is sent to all of the recipients
designated by the [Link] option or only to
technical support. The default is Off.
Chapter 8: Using AutoSupport 163
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
AutoSupport option Description
[Link] host1[, ..., host5]
Defines up to five mail host names. The host names
should be entered as a comma-separated list with no
spaces in between. The default is an empty string.
[Link] [hostname|systemid]
Defines how the system is identified in the
AutoSupport message title if [Link]
is Minimal. The default is System ID.
[Link] address1[, ..., address5]
Defines the list of recipients for the AutoSupport
short note e-mail. Up to five e-mail addresses are
allowed. Enter the addresses as a comma-separated
list with no spaces in between. The default is an
empty list to disable short note e-mails.
autosupport.performance_data.enable
Enables the weekly performance AutoSupport
messages to technical support. This option should
always be set to On. If you do not want the weekly
performance AutoSupport message to be sent to all
recipients on the list defined in the [Link]
option, disable the
[Link].performance_data.enable
option. The default is On.
[Link] #retries
Defines the number of times the storage system will
try to resend the AutoSupport notification before
giving up, if previous attempts have failed. Retries
can be between 5 and 4,294,967,295. The default is
15.
164 Configuring AutoSupport
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
AutoSupport option Description
[Link] interval
Defines the time to wait before trying to resend a
failed AutoSupport notification. The values can end
with s, m, or h to indicate seconds, minutes, or hours,
respectively. If no units are specified, the value is
assumed to be in seconds. Values can range from 30
seconds to 24 hours. The default is 4m (4 minutes).
[Link] [on|off]
Enables and disables the AutoSupport notification.
The default is On.
[Link]
Allows you to set an HTTP proxy if necessary. This
is useful only if [Link]
is http or https. The default value for this option is
the empty string.
Note
The value you use for this option is site-specific; see
your IT department for the correct value for your
site.
[Link]
Indicates where AutoSupport notifications are sent if
[Link] is smtp. This
option is read-only and is shown for informational
purposes only.
[Link] [http|https|smtp]
Defines the type of delivery for AutoSupport
notifications. The default is https.
Chapter 8: Using AutoSupport 165
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
AutoSupport option Description
[Link]
Indicates where AutoSupport notifications are sent if
[Link] is http or
https. This option is read-only and is shown for
informational purposes only.
[Link] [on|off]
Drops additional messages when too many
AutoSupport messages of the same type are sent in
too short a time. The default is On.
[Link] address1[, ..., address5]
Defines the list of recipients for the AutoSupport
e-mail notification. Up to five e-mail addresses are
allowed, or the list can be left empty.
Enter the addresses as a comma-separated list with
no spaces in between. The default is no list.
Configuring the To configure AutoSupport, complete the following step.
AutoSupport
feature Note
All AutoSupport options except the [Link] option are persistent
between reboots.
Step Action
1 Enter the following command, using any of the AutoSupport option
commands shown in “AutoSupport options” on page 162:
options [Link] arguments
[Link] is one of the options shown in the table.
arguments refers to any required or optional arguments shown in the
table.
166 Configuring AutoSupport
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Testing To test AutoSupport, complete the following step.
AutoSupport
Step Action
1 Enter the following command:
options [Link] message
message is the subject line for the test AutoSupport e-mail.
Note
If you use the keyword TEST in the message, you receive a return message
indicating that the AutoSupport process is working correctly. For more details,
see the information on the [Link] command in “AutoSupport
options” on page 162.
Chapter 8: Using AutoSupport 167
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Troubleshooting AutoSupport
Troubleshooting If the AutoSupport test message is not being sent, and you are using HTTP or
AutoSupport over HTTPS, try to resolve the problem by completing the following steps.
HTTP or HTTPS
Step Action
1 Ensure that DNS is enabled and configured correctly on your system
by entering the following command on the storage system:
dns info
2 Ensure that the system is routing out to the Internet successfully by
entering the following command:
traceroute -p port [Link]
Generally, port is 80 if you are using HTTP, or 443 if you are using
HTTPS.
Troubleshooting If the AutoSupport test message is not being sent, and you are using SMTP, try to
AutoSupport over resolve the problem by completing the following steps.
SMTP
Step Action
1 Set debug level in the [Link] file by creating the following line
in the /etc/[Link] file:
*.debug /etc/messages
2 Initiate AutoSupport by using the doit option.
Result: An AutoSupport error message is displayed.
3 Check that the mail host specified in the options is a host that the
storage system can talk to by entering the following command on the
storage system:
ping mailhost_name
mailhost_name is the name of the mail host specified in the
AutoSupport options.
168 Troubleshooting AutoSupport
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Step Action
4 Log on to the host designated as the mail host and make sure that it
can serve SMTP requests by entering the following command (25 is
the listener SMTP port number):
netstat -aAn|grep 25
Result: A message will appear, similar to the following text:
ff64878c tcp 0 0 *.25 *.* LISTEN.
5 Telnet to the SMTP port from some other host by entering the
following command:
telnet mailhost 25
Result: A message will appear, similar to the following text:
Trying [Link] ...
Connected to filer.
Escape character is '^]'.
220 [Link] Sendmail 4.1/SMI-4.1 ready at Thu,
30 Nov 95 10:49:04 PST
6 If you are still experiencing problems, use a local area network
(LAN) trace.
If the AutoSupport The AutoSupport message contains the /etc/messages file. If that file becomes
message is too too large, the size of the AutoSupport message can cause problems, especially if
large you are using the SMTP transport protocol.
To keep the size of AutoSupport messages down, complete the following steps.
Step Action
1 Make sure that the /etc/messages file is being rotated on a weekly
basis as expected. If necessary, rotate the file manually.
2 Make sure you have your /etc/[Link] file to capture only system
messages of level WARNING or above in the /etc/messages file.
For more information about editing the /etc/[Link] file, see the
na_syslog.conf(5) man page.
Chapter 8: Using AutoSupport 169
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Step Action
3 Consider using HTTP or HTTPS for your AutoSupport transport
protocol.
4 If the above steps do not resolve the problem, you can set the
[Link] option to minimal.
Note
Using this setting is not advised, as it may impact the quality of your
technical support.
170 Troubleshooting AutoSupport
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Interpreting AutoSupport messages
About AutoSupport AutoSupport messages can help you understand the status and operations of your
messages storage system. This section helps you understand and interpret the AutoSupport
messages generated by your system.
Detailed This section contains the following topics:
information ◆ “About AutoSupport events” on page 172
◆ “Contents of AutoSupport messages” on page 173
Chapter 8: Using AutoSupport 171
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Interpreting AutoSupport messages
About AutoSupport events
Event and log-level The storage system sends AutoSupport messages to technical support about your
descriptions system after any of several events. The AutoSupport message includes a log level
that indicates the priority assignment from technical support:
◆ CRITICAL—Priority 1
◆ ERROR—Priority 2
◆ WARNING—Priority 3
◆ NOTICE—Informational, no response expected
◆ INFO—Informational, no response expected
◆ DEBUG—Informational, no response expected
Where to get If you are using AutoSupport locally, you will see the log levels in the subject
AutoSupport lines of the AutoSupport e-mail that you receive.
message
descriptions To read descriptions of the AutoSupport messages that you might receive,
complete the following steps.
Step Action
1 Go to the NOW site and find the Message Matrices page.
2 On the Message Matrices page under Select a Release, select your
version of Data ONTAP and click View Matrix.
Result: All AutoSupport message descriptions are listed
alphabetically by subject line.
172 Interpreting AutoSupport messages
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Interpreting AutoSupport messages
Contents of AutoSupport messages
Contents of AutoSupport messages contain various kinds of information, such as dates,
AutoSupport event version numbers, and serial numbers. The contents shown here are represented as
messages and follows:
weekly reports ◆ Items marked with an asterisk (*) are suppressed in the
[Link] Minimal format.
◆ Items marked with two asterisks (**) are partially displayed in the
[Link] Minimal format.
◆ Commands marked with a dagger (†) are advanced commands. It you want
more information about the output of these commands, call technical
support.
◆ Commands marked with a double dagger (‡) print as shown if the verbose
option is not set for them.
Commands that show both verbose and regular options print as verbose if the
verbose option is set for that command.
Each AutoSupport message contains the following types of information.
◆ Date and timestamp of the message
◆ Data ONTAP software version
◆ Serial number of the storage system
◆ Encrypted software licenses*
◆ Host name of the storage system*
◆ SNMP contact name and location (if specified)*
◆ Console encoding type
Chapter 8: Using AutoSupport 173
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
◆ Output of the following commands (some are applicable only to the licensed
protocols, and some are advanced commands):
aggr status fpolicy snapvault destinations
aggr status -v httpstat snapvault snap sched
availtime ic stats error -v† snapvault status -c
cf monitor all† ic stats performance† snapvault status -l
cf rsrctbl† ifconfig -a* snet status -v†
cf timers† ifstat -a** storage show adapter -a
cifs domaininfo * igroup show storage show disk -a
cifs sessions*‡ iscsi config storage show fabric
cifs sessions -t -c‡ iscsi show adapter storage show hub -a
cifs shares*‡ iscsi show initiator storage show initiators -a
cifs shares -t‡ iscsi stats storage show port
cifs stat iscsi status storage show switch
df license sysconfig -a**
df -A lun config_check -s† sysconfig -c
df -i lun show‡ sysconfig -d
df -r lun show -v‡ sysconfig -D
disk show -u lun stats -a -o sysconfig -r
disk shm_stats ata† nbtstat -c * version -b
dns info netstat -s vfiler status -a
ems event status** nfsstat -c viadmin list -v†
ems log status* nfsstat -d vif status*
environment status all nis info* vlan stat*
fcp config options** vol media_scrub status -v
fcp show adapter‡ perf report -t† vol scrub status -v
fcp show adapter -v‡ qtree status -i -v vol status
fcp show initiator‡ raid_config info showfdr† vol status -c
fcp show initiator -v‡ snap list -n -A vol status -l*
fcp stats snap reserve vol status -v
fcp status -v snap reserve -A vscan
fcstat device_map snap sched vscan scanners *
fcstat fcal_stats snapmirror destinations -s vscan options
fcstat link_stats snapmirror status -l wafl catalog stats -lp†
wafl swarmstats†
◆ Checksum status
◆ Error-Correcting Code (ECC) memory scrubber statistics
◆ The following information if clustering is licensed:**
❖ System ID of the cluster partner
❖ Host name of the cluster partner
❖ Cluster node status, including cluster monitor and cluster interconnect
statistics
174 Interpreting AutoSupport messages
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
◆ Contents of the following /etc directory files
❖ /etc/messages (to last WEEKLY_LOG event)**
❖ /etc/log/ems files (to last WEEKLY_LOG event) (optional)**
❖ /etc/serialnum file
❖ /etc/rc file*
❖ /etc/[Link] file*
❖ /etc/exports file*
❖ /etc/[Link] file (if the SnapMirror license is enabled)*
❖ /etc/[Link] file (if the SnapMirror license is enabled)*
❖ /etc/[Link] file*
❖ /etc/hosts file*
◆ Registry information
◆ Usage information*
◆ Service statistics
◆ Boot time statistics*
◆ NVLOG statistics*
◆ WAFL check log
◆ Modified configurations
◆ X-header information
◆ FlashCard information
Using the options command, you can specify the value of
[Link] as complete or minimal to control the detail level of
event messages and weekly reports. Complete AutoSupport messages are
required for normal technical support. Minimal AutoSupport messages omit
sections and values that might be considered sensitive information and reduce the
amount of information sent. Choosing minimal greatly affects the level of
support you can receive.
Note
For more information about setting AutoSupport options, see “AutoSupport
options” on page 162. You can also find information about AutoSupport features
and functions on the NOW site at [Link]
Chapter 8: Using AutoSupport 175
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
176 Interpreting AutoSupport messages
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Using SecureAdmin 9
About this chapter This chapter describes how to configure the SecureAdmin feature on your
storage system.
Topics in this This chapter discusses the following topics:
chapter ◆ “Learning about SecureAdmin” on page 178
◆ “Managing SSH for SecureAdmin” on page 183
◆ “Managing SSL for SecureAdmin” on page 193
◆ “General SecureAdmin administration” on page 198
Chapter 9: Using SecureAdmin 177
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Learning about SecureAdmin
How SecureAdmin SecureAdmin makes it very difficult for someone to intercept a storage system
improves security administrator’s password over the network, because the password and all
administrative communication are encrypted. SecureAdmin also provides a
secure communication channel between a client and the storage system by using
one or both of the following protocols:
◆ Secure Shell (SSH) protocol
SSH provides a secure remote shell and interactive network session.
SecureAdmin supports SSH 1.x clients and SSH 2.0 clients.
◆ Secure Sockets Layer (SSL) protocol
SSL provides secure web access for FilerView and Data ONTAP APIs.
For detailed The following sections discuss how the SSH and SSL protocols improve security:
information ◆ “How SecureAdmin uses SSH” on page 179
◆ “How SecureAdmin uses SSL” on page 182
178 Learning about SecureAdmin
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Learning about SecureAdmin
How SecureAdmin uses SSH
How SSH improves SSH improves security by providing a means for a storage system to authenticate
security the client and by generating a session key that encrypts data sent between the
client and storage system. SSH performs public-key encryption using a host key
and a server key.
Note
SecureAdmin supports password authentication and public-key-based
authentication. SecureAdmin does not support the use of a .rhosts file or the use
of a .rhosts file with RSA host authentication.
Supported SecureAdmin supports the following encryption algorithms:
encryption ◆ RSA/DSA 1024 bit
algorithms
◆ 3DES in CBC mode
◆ HMAC-SHA1
◆ HMAC-MD5
Supported SSH SecureAdmin supports the following SSH clients:
clients ◆ OpenSSH client version 3.4 on UNIX platforms
◆ SSH Communications Security client version 3.2.0 on Windows and UNIX
platforms
◆ Vandyke SecureCRT version 3.4.6 on Windows platforms
◆ PuTTY version 0.52 beta on Windows platforms
About keys used to SSH uses three keys to improve security:
improve security ◆ Host key
◆ Server key
◆ Session key
Chapter 9: Using SecureAdmin 179
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Host key: SSH uses the host key to encrypt and decrypt the session key. You
determine the size of the host key, and Data ONTAP generates the host key when
you configure SecureAdmin.
Server key: SSH uses the server key to encrypt and decrypt the session key.
You determine the size of the server key when you configure SecureAdmin. If
SSH is enabled, Data ONTAP generates the server key when any of the following
events occur:
◆ You start SecureAdmin
◆ An hour elapses
◆ The storage system reboots
Session key: SSH uses the session key to encrypt data sent between the client
and storage system. The session key is created by the client. To use the session
key, the client encrypts the session key using the host and server keys and sends
the encrypted session key to the storage system, where it is decrypted using the
host and server keys. After the session key is decrypted, the client and storage
system can exchange encrypted data.
How SecureAdmin The following table shows how SecureAdmin creates a secure session between
creates a secure the storage system and client.
session using SSH
Stage What the client does What the storage system does
1 The client sends an SSH request The storage system receives the
to the storage system. SSH request from the client.
2 The storage system sends the
public portion of the host key,
and the server key if SSH 1.x is
used, to the client.
3 The client stores the public
portion of the host key for future
host authentication.
4 The client generates a random
session key.
180 Learning about SecureAdmin
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Stage What the client does What the storage system does
5 The client encrypts the session
key by using the public portion
of the host key, and the server
key if SSH 1.x is used, and sends
it to the storage system.
6 The storage system decrypts the
session key using the private
portions of the host key, and the
server key if SSH 1.x is used.
7 The storage system and the client exchange information that they
encrypt and decrypt using the session key.
Chapter 9: Using SecureAdmin 181
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Learning about SecureAdmin
How SecureAdmin uses SSL
How the SSL Secure Sockets Layer (SSL) improves security by providing a digital certificate
protocol improves that authenticates storage systems and allows encrypted data to pass between the
security system and a browser. SSL is built into all major browsers; therefore, installing a
digital certificate on the storage system enables the SSL capabilities between
system and browser.
Unlike using FilerView to send the storage system password in plain text, using
SSL and Secure FilerView improves security by encrypting the administrator’s
password and all administrative communication when you manage your system
from a browser.
182 Learning about SecureAdmin
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Managing SSH for SecureAdmin
Options that affect SecureAdmin uses the following options to enable secure sessions using SSH:
SSH operation ◆ options ssh.passwd_auth.enable—Controls password-based
authentication.
◆ options ssh.pubkey_auth.enable—Controls public key authentication.
◆ options [Link]—Controls access to a storage system.
Note
The default value for ssh.passwd_auth.enable and ssh.pubkey_auth.enable
is On. The default value for [Link] allows everyone to access the storage
system.
Ways to manage You can manage the SSH portion of SecureAdmin in the following ways:
SSH ◆ “Setting up and starting SSH” on page 184
◆ “Reinitializing SSH” on page 186
◆ “Stopping or starting SSH service” on page 188
◆ “Setting up public key-based authentication” on page 189
Chapter 9: Using SecureAdmin 183
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Managing SSH for SecureAdmin
Setting up and starting SSH
Guidelines for The setup process involves creating host and server keys. You can determine the
determining host size of the host and server keys by using the following guidelines:
and server key ◆ If you are using the SSH 1.x protocol, the size of the host and server keys can
sizes range from 384 bits to 2,048 bits.
◆ If you are using the SSH 2.0 protocol, the size of the host and server keys can
range from 768 to 2,048 bits.
◆ As the size increases, the security increases; however, initiating a new
SecureAdmin session takes longer and storage system performance might
decrease.
◆ The size of the host key must differ from the size of the server key by at least
128 bits. It does not matter which key is larger.
Files where host If you are using the SSH 1.x protocol, the host key is stored in the
keys are saved /etc/sshd/ssh_host_key file.
If you are using the SSH 2.0 protocol, the RSA host key is stored in the
/etc/sshd/ssh_host_rsa_key file and the DSA host key is stored in the
/etc/sshd/ssh_host_dsa_key file.
Setting up and To set up and start SSH, complete the following steps.
starting SSH
Note
The setup procedure requires you to enter key sizes for the SSH 1.x and SSH 2.0
protocols, regardless of the protocol you use. For example, if you plan to use the
SSH 2.0 protocol, you still must enter values for the SSH 1.x host key and server
key sizes. You can accept the default value for keys that you do not use.
Step Action
1 Enter the following command:
secureadmin setup ssh
184 Managing SSH for SecureAdmin
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Step Action
2 When prompted, enter a size for the host key if you are using the
SSH 1.x protocol.
Note
The default size for the host key is 768 bits.
3 When prompted, enter a size for the server key if you are using
the SSH 1.x protocol.
Note
The default size for the server key is 512 bits.
4 When prompted, enter a size for the host keys if you are using
the SSH 2.0 protocol.
Note
The default size for the host key is 768 bits.
5 When prompted, confirm the parameters that you specified.
Result: SecureAdmin generates the host key in the
background, and, after a minute or two, the setup program
sends a syslog message announcing that SSH is set up.
6 After the syslog message is generated, activate the host and
server keys by entering the following command:
secureadmin enable {ssh1|ssh2}
Use ssh1 to enable SSH service for SSH 1.x clients or ssh2 to
enable SSH service for SSH 2.0 clients.
Chapter 9: Using SecureAdmin 185
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Managing SSH for SecureAdmin
Reinitializing SSH
Changing key sizes Reinitializing SSH enables you to change the sizes of existing host and server
by reinitializing SSH keys. To reinitialize SSH, complete the following steps.
Step Action
1 Cancel the existing host and server keys by stopping the SSH
daemon with the following command:
secureadmin disable {ssh1|ssh2}
Use ssh1 to disable SSH service for SSH 1.x clients or use ssh2
to disable SSH service for SSH 2.0 clients.
2 Enter the following command:
secureadmin setup -f ssh
3 When prompted, enter a size for the host key if you are using the
SSH 1.x protocol.
4 When prompted, enter a size for the server key if you are using
the SSH 1.x protocol.
5 When prompted, enter a size for the host key if you are using the
SSH 2.0 protocol.
6 Activate the new host and server key sizes by entering the
following command:
secureadmin enable {ssh1|ssh2}
Use ssh1 to enable SSH service for SSH 1.x clients or use ssh2
to enable SSH service for SSH 2.0 clients.
186 Managing SSH for SecureAdmin
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Result: Clients that have a copy of the old host key give the following warning
after they receive a new key from the storage system:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle
attack)!
It is also possible that the host key has just been changed.
Please contact your system administrator.
Add correct host key in /u/sisa/.ssh/known_hosts to get rid of this
message.
Agent forwarding is disabled to avoid attacks by corrupted servers.
Are you sure you want to continue connecting (yes/no)?
Chapter 9: Using SecureAdmin 187
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Managing SSH for SecureAdmin
Stopping or starting SSH service
Disabling or You disable or enable SSH to stop or start SSH service, respectively. To disable
enabling SSH or enable SSH, complete the following step.
Step Action
1 Enter the following command:
secureadmin {disable|enable} {ssh1|ssh2}
Use disable to stop SSH service or enable to restart SSH
service.
Use ssh1 to support SSH 1.x clients or ssh2 to support SSH 2.0
clients.
Example: The following command enables SSH service for
SSH 2.0 clients:
secureadmin enable ssh2
188 Managing SSH for SecureAdmin
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Managing SSH for SecureAdmin
Setting up public key-based authentication
RSA key pair Setting up key-based authentication requires an RSA key pair (a private and
requirement public key) in addition to the host and server keys. Public-key-based
authentication differs between the two versions of SSH; SSH 1.x uses an RSA
key pair and SSH 2.0 uses a DSA key pair in addition to an RSA key pair. For
both versions of SSH, you must generate the key pairs and copy the public key to
the storage system.
Generating a key To generate an RSA key pair for SSH 1.x and then copy it to the storage system,
pair for SSH 1.x complete the following steps.
Step Action
1 Using your SSH 1.x client, generate an RSA key pair.
Result: Your client generates the RSA key pair, a public key and a
private key, and stores them on the client.
2 Copy the generated public key to the storage system root volume and
append it to the /etc/sshd/user_name/.ssh/authorized_keys file.
Example: The following is an example of generating an RSA key pair with an
OpenSSH UNIX client:
% ssh-keygen -t rsa1 -b 1024
Generating public/private rsa1 key pair.
Enter file in which to save the key (/u/john/.ssh/identity):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /u/john/.ssh/identity
Your public key has been saved in /u/john/.ssh/[Link]
The key fingerprint is:
6a:c7:93:7c:b5:f4:12:87:81:56:5e:a2:62:40:07:8a john@unix1
Chapter 9: Using SecureAdmin 189
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
In this example, the [Link] file is the public-key file that you copy to the
storage system root volume.
The following commands append the public key to the
/etc/sshd/user_name/.ssh/authorized_keys file on storage system sys1:
% mount sys1:/ /mnt_sys1
% cat [Link] >> /mnt_sys1/etc/sshd/john/.ssh/authorized_keys
Generating key Generating key pairs for SSH 2.0 requires generating an RSA key pair and a DSA
pairs for SSH 2.0 key pair. If you use SSH 2.0 clients other than OpenSSH, you might have to edit
the public key before you can use it. See “Public keys generated by SecureCRT
and [Link] clients” on page 191 for more information.
To generate key pairs for SSH 2.0, complete the following steps.
Step Action
1 Using your SSH 2.0 client, generate an RSA key pair.
Result: Your client generates the RSA key pair, a public key and a
private key, and stores them on the client.
2 Using your SSH 2.0 client, generate a DSA key pair.
Result: Your client generates the DSA key pair, a public key and a
private key, and stores them on the client.
3 Copy the generated public key to the storage system default directory
and append it to the /etc/sshd/user_name/.ssh/authorized_keys file.
Example: The following is an example of generating RSA and DSA key pairs
with an OpenSSH UNIX client.
% ssh-keygen -t rsa -b 1024
Generating public/private rsa key pair.
Enter file in which to save the key (/u/john/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /u/john/.ssh/id_rsa
Your public key has been saved in /u/john/.ssh/id_rsa.pub
% ssh-keygen -t dsa -b 1024
Generating public/private dsa key pair.
190 Managing SSH for SecureAdmin
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Enter file in which to save the key (/u/john/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /u/john/.ssh/id_dsa
Your public key has been saved in /u/john/.ssh/id_dsa.pub
In this example, the id_rsa.pub and id_dsa.pub files are the public-key files that
you copy to the storage system root volume.
The following commands append the public keys to the
/etc/sshd/user_name/.ssh/authorized_keys file on storage system sys1:
% mount sys1:/ /mnt_sys1
% cat id_rsa.pub >> /mnt_sys1/etc/sshd/john/.ssh/authorized_keys
% cat id_dsa.pub >> /mnt_sys1/etc/sshd/john/.ssh/authorized_keys
Public keys SSH 2.0 public keys generated by SecureCRT and [Link] clients contain
generated by comments and line breaks that make the public keys useless. You must make the
SecureCRT and following edits to the generated public keys before SecureAdmin can use them:
[Link] clients ◆ Remove any text that is not part of the public key.
◆ Remove line breaks and spaces to make the public key one continuous string
of characters.
◆ Before the first character of the public key, add ssh-rsa followed by a space.
Example: The following is an example of an SSH 2.0 public key generated by a
SecureCRT client. The generated public key contains extra text and line breaks at
the end of each line.
---- BEGIN SSH2 PUBLIC KEY ----
Subject: john
Comment: "john@johnnt"
AAAAB3NzaC1yc2EAAAADAQABAAAAgQDJhJ6nk+2hm5iZnx737ZqxFgksPl3+OY1cP8
0s
1amXuUrwBp3/MUODEP5E51lzqjO0w5kyJlvPjCiLg9UqS7JeY5yd/6xyGarsde26De
1E
rbVJ1uqnxyAOlV9A1hjBE8TbI+lyYBH+WezT0nySix6VBQTAWhv43r9lSudswYV80Q
==
---- END SSH2 PUBLIC KEY ----
Chapter 9: Using SecureAdmin 191
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
The following is the public key after removing text that is not part of the public
key, removing line breaks at the end of each line, and adding ssh-rsa at the
beginning of the public key.
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDJhJ6nk+2hm5iZnx737ZqxFgksPl
3+OY1cP80s1amXuUrwBp3/MUODEP5E51lzqjO0w5kyJlvPjCiLg9UqS7JeY5yd/6xy
Garsde26De1ErbVJ1uqnxyAOlV9A1hjBE8TbI+lyYBH+WezT0nySix6VBQTAWhv43r
9lSudswYV80Q==
192 Managing SSH for SecureAdmin
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Managing SSL for SecureAdmin
Ways to manage You can manage the SSL portion of SecureAdmin in the following ways:
SSL ◆ Set up and start SSL
◆ Reinitialize SSL
◆ Disable and enable SSL
About the SSL uses a certificate to provide a secure connection between the storage system
certificate used by and a Web browser. SecureAdmin allows two types of certificates:
SSL ◆ Self-signed certificate
A certificate generated by Data ONTAP. Self-signed certificates can be used
as is, but they are less secure than certificate-authority signed certificates,
because the browser has no way of verifying the signer of the certificate.
This means the system could be spoofed by an unauthorized server.
◆ Certificate-authority signed certificate
A certificate-authority signed certificate is a self-signed certificate that is
sent to a certificate authority to be signed. The advantage of a certificate-
authority signed certificate is that it verifies to the browser that the system is
the system to which the client intended to connect.
Setting up and To set up SSL, complete the following steps.
starting SSL
Step Action
1 Enter the following command:
secureadmin setup ssl
2 Enter information when Data ONTAP prompts you.
Note
To use the default settings, press Enter at each of the prompts.
Result: Data ONTAP generates a self-signed certificate and keys,
and places them in the /etc/keymgr directory.
Chapter 9: Using SecureAdmin 193
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Step Action
3 Enter y if the information is correct or n if any of the information is
incorrect.
Result: If you enter y, Data ONTAP generates two files and saves
them in the /etc/keymgr directory:
◆ A self-signed certificate called [Link]
◆ A certificate signing request called [Link]
If you enter n, Data ONTAP repeats the prompts.
4 If... Then...
You want to use a You have successfully installed your
self-signed certificate. Perform the steps described in
certificate “Testing your certificate” on page 196 to test
your certificate.
You want to use a Perform the steps in “Installing a certificate-
certificate- authority-signed certificate” on page 195 to
authority-signed install a certificate-authority-signed
certificate certificate.
Note
You can use the self-signed-certificate Data
ONTAP has already installed until you can
install your certificate-authority-signed
certificate.
194 Managing SSL for SecureAdmin
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Installing a To install a certificate-authority-signed certificate, complete the following steps.
certificate-
authority-signed Step Action
certificate
1 Send the certificate signing request, [Link], to the
certificate authority.
This file is found in the /etc/keymgr/cert directory on the storage
system.
Note
This process might take a few days.
2 Back up the [Link] file by making a copy.
3 When the certificate authority returns the signed certificate, copy the
signed certificate into a temporary location on the storage system.
4 Install the certificate by entering the following command:
secureadmin addcert ssl directory_path
directory_path is the full path to the certificate.
Example: The following command installs a certificate called
[Link], currently located in the tempdir directory, into the
/etc/keymgr directory:
secureadmin addcert ssl /etc/tempdir/[Link]
5 Disable SSL by entering the following command:
secureadmin disable ssl
6 Enable SSL by entering the following command:
secureadmin enable ssl
7 Perform the steps described in “Testing your certificate” on page 196
to test your certificate.
Chapter 9: Using SecureAdmin 195
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Testing your To verify that your certificate is installed correctly, complete the following steps.
certificate
Note
These steps can verify either a self-signed certificate or a certificate-authority-
signed certificate.
Step Action
1 Start your Web browser.
2 Enter the following URL:
[Link]
systemname is the name of your storage system.
3 Click Secure FilerView.
Secure FilerView starts up in a new browser window.
4 Check your browser to verify that you have made a secure
connection.
Note
Most browsers show a small padlock icon in their status bar when
they have successfully made a secure connection to the server. If the
padlock icon is not displayed, you do not have a secure connection,
even if you clicked Secure FilerView.
Reason for You should reinitialize SSL if you change the domain name of the storage
reinitializing SSL system, because the domain name recorded in the certificate becomes obsolete.
The result is that the connection is still encrypted, but the storage system is not
authenticated. The next time you connect to the system, the browser issues a
warning that the domain name of the system does not match the record on the
certificate.
Note
Changing the domain name for a storage system that is using SSL can cost time
and money because you must have the new certificate signed by a certificate
authority.
196 Managing SSL for SecureAdmin
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Reinitializing SSL To reinitialize SSL, complete the following steps.
Step Description
1 Disable SecureAdmin by entering the following command:
secureadmin disable ssl
2 Run setup to reinitialize SSL by following the steps in “Setting up
and starting SSL” on page 193.
Disabling or To disable or enable SSL, complete the following step.
enabling SSL
Note
When you disable SSL, you disallow all administrative requests over HTTPS.
Enabling SSL allows administrative requests over HTTPS to succeed.
Step Action
1 Enter the following command:
secureadmin {disable|enable} ssl
Use disable to disable SSL or use enable to restart SSL.
Chapter 9: Using SecureAdmin 197
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
General SecureAdmin administration
Enabling or To enable or disable SecureAdmin for both SSH and SSL, complete the
disabling both following step.
protocols used by
SecureAdmin Step Action
1 Enter the following command:
secureadmin {enable|disable} all
Use enable all to start SSH and SSL or use disable all to
stop SSH and SSL.
Determining To determine whether SecureAdmin is running, and, therefore, whether
whether administrative transactions between the storage system and a client are being
SecureAdmin is encrypted, complete the following step.
running
Step Action
1 Enter the following command:
secureadmin status
Result: Information similar to the following is displayed:
ssh2 - active
ssh1 - inactive
ssl - inactive
198 General SecureAdmin administration
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Managing Remotely with the RLM 10
About this chapter This chapter describes what the Remote LAN Module (RLM) is, what it does,
and how to remotely manage a storage system with it.
Topics in this This chapter discusses the following topics:
chapter ◆ “About the Remote LAN Module (RLM)” on page 200
◆ “Configuring the RLM” on page 203
◆ “Managing the RLM with Data ONTAP” on page 209
◆ “Logging in to the RLM” on page 211
◆ “Managing the storage system with the RLM” on page 215
◆ “Displaying storage system and RLM information” on page 221
◆ “Comparing Data ONTAP and RLM commands” on page 228
◆ “Troubleshooting the storage system with the RLM” on page 231
◆ “Updating the RLM firmware” on page 232
◆ “Troubleshooting RLM problems” on page 236
Chapter 10: Managing Remotely with the RLM 199
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
About the Remote LAN Module (RLM)
What the RLM is The RLM is a remote management card that is included in FAS6000 storage
systems and can be installed in FAS3000 series systems. It provides remote
platform management capabilities, including remote access, monitoring,
troubleshooting, logging, and alerting features.
The RLM stays operational regardless of the operating state of the storage
system. It is powered by a standby voltage, which is available as long as the
storage system has input power to at least one of the storage system’s power
supplies.
The RLM has a single temperature sensor to detect ambient temperature around
the RLM board. Data generated by this sensor is not used for any system or RLM
environmental policies. It is only used as a reference point that might help you
troubleshoot storage system issues. For example, it might help a remote system
administrator determine if a system was shut down due to an extreme
temperature change in the system.
The FAS3000 series and FAS6000 storage systems provide an Ethernet interface
for connecting to the RLM. If the RLM is not pre-installed in your FAS3000
series storage system, see the Installing or Replacing a Remote LAN Module
flyer for instructions on how to cable your storage system to the RLM. The flyer
is shipped with the RLM and is also available on the NOW™ Web site at
[Link]
The following diagram illustrates how you can access the storage system and the
RLM.
Storage system
"toaster"
serial
COM1 console Data
Ontap
Data Ontap CLI RLM
Local Admin
"la_host" RLM CLI (SSH)
Ethernet
All storage system
supported network
interfaces (Ethernet) Ethernet
Network
Remote Admin
"ra_host"
200 About the Remote LAN Module (RLM)
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
◆ Without the RLM, you can locally access the storage system through the
serial console or from an Ethernet connection using any supported network
interface. You use the Data ONTAP CLI to administer the storage system.
◆ With the RLM, you can remotely access the storage system through the serial
console. The RLM is directly connected to the storage system through the
serial console. You use the Data ONTAP CLI to administer the storage
system and the RLM.
◆ With the RLM, you can also access the storage system through an Ethernet
connection using a secure shell client application. You use the RLM CLI to
monitor and troubleshoot the storage system.
If you have a data center configuration where management traffic and data traffic
are on separate networks, you can configure the RLM on the management
network.
What the RLM does The RLM provides the following remote management capabilities for the storage
system. You use the RLM command line interface (CLI) commands to perform
the following tasks:
◆ Remotely administer the storage system using the Data ONTAP CLI by
using the RLM’s system console redirection feature
◆ Remotely access the storage system and diagnose error conditions, even if
the storage system has failed, by performing the following tasks:
❖ View the storage system console messages, captured in the RLM's
console log
❖ View storage system events, captured in the RLM's System Event Log
❖ Initiate a storage system core dump
❖ Power-cycle the storage system (or turn it on or off)
❖ Reset the storage system
❖ Reboot the storage system
For more information, see “Troubleshooting the storage system with the
RLM” on page 231.
The RLM extends AutoSupport capabilities by sending alerts and “down system”
or “down filer” notifications through an AutoSupport message when the storage
system goes down, regardless of whether the storage system can send
AutoSupport messages. Other than generating these messages on behalf of a
system that is down, and attaching additional diagnostic information to
AutoSupport messages, the RLM has no effect on the storage system’s
AutoSupport functionality. The system’s AutoSupport behavior is the same as it
would be without RLM installed. The AutoSupport configuration settings and
Chapter 10: Managing Remotely with the RLM 201
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
message content behavior of the RLM are inherited from Data ONTAP. For
information about AutoSupport, see Chapter 8, “Using AutoSupport,” on
page 159.
202 About the Remote LAN Module (RLM)
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Configuring the RLM
Supported The RLM supports the SSH protocol for CLI access from UNIX clients and
protocols for clients PuTTY for CLI access from PC clients.
Telnet and RSH are not supported. These protocols are not available on the RLM,
and system options to enable or disable them have no effect on the RLM.
System options The RLM ignores the [Link] option and the [Link]
ignored by RLM option. The settings for these options do not have any effect on the RLM.
Configuring the Before using the RLM, you must configure it for your storage system and
RLM for your network. You can configure the RLM at the following times:
storage system and ◆ When setting up a new storage system with RLM already installed
network
◆ After setting up a new storage system with RLM already installed
◆ When you add an RLM to an existing storage system
Prerequisites for Before you configure the RLM, you need to gather the following information:
configuring the ◆ Network information
RLM
◆ AutoSupport information
Network information: You can configure the RLM using DHCP or static
addressing.
◆ If you are using DHCP addressing, you need the RLM’s MAC address. You
can obtain it by using the rlm status command or from the MAC address
label on the RLM.
◆ If you are using a static IP address, you need the following information:
❖ An available static IP address
❖ The netmask of your network
❖ The gateway of your network
AutoSupport information: The RLM sends event notifications based on the
following AutoSupport settings:
◆ [Link] e-mail_addresses
Chapter 10: Managing Remotely with the RLM 203
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
◆ [Link] { name | IP_address_of_outbound_SMTP }
Ensure the [Link] option has been set properly before configuring the
RLM. You must enter the name or the IP address of the AutoSupport mail host
when you configure the RLM. For more information about AutoSupport options,
see “Configuring AutoSupport” on page 162.
Note
The RLM does not rely on the storage system’s
[Link] option to send notifications. The RLM uses
the Simple Mail Transport Protocol (SMTP).
Configuring the You can configure the RLM by using one of the following methods:
RLM ◆ Initializing a storage system that has the RLM pre-installed
When the storage system setup process is complete, the rlm setup
command runs automatically. For more information about the entire setup
process, see the Software Setup Guide.
◆ Running the Data ONTAP setup script
The setup script ends by initiating the rlm setup command.
◆ Running the Data ONTAP rlm setup command
When the rlm setup script is initiated, you are prompted to enter network and
mail host information. To configure the RLM, refer to the information you
gathered in the section “Prerequisites for configuring the RLM” on page 203 and
complete the steps in “RLM configuration at power-up or with the setup
command” on page 204.
RLM configuration To configure the RLM when you first apply power to a storage system with a pre-
at power-up or with installed RLM or when you run the Data ONTAP setup command, complete the
the setup command following steps.
Step Action
1 Verify AutoSupport is configured properly.
2 At the storage system prompt, enter the following command:
toaster> setup
204 Configuring the RLM
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Step Action
Example of using setup for with a static IP address:
The following output is displayed:
The Remote LAN Module(RLM) provides remote management capabilities
including console redirection, logging and power control.
It also extends autosupport by sending
additional system alerts. Your autosupport settings are used
for sending these alerts via email over the RLM LAN interface.
Would you like to configure the RLM? y
Would you like to enable DHCP on the RLM LAN interface? n
Please enter the IP address for the RLM []: [Link]
Please enter the netmask for the RLM []: [Link]
Please enter the IP address for the RLM gateway []: [Link]
The mail host is required by your system to send RLM
alerts and local autosupport email.
Please enter the name or IP address of the mail host []:
Please enter the IP adcress for [Link] []:[Link]
Example for using setup with a DHCP server:
The following output is displayed:
The Remote LAN Module(RLM) provides remote management capabilities
including console redirection, logging and power control.
It also extends autosupport by sending
additional system alerts. Your autosupport settings are used
for sending these alerts via email over the RLM LAN interface.
Would you like to configure the RLM? y
Would you like to enable DHCP on the RLM LAN interface? y
The mail host is required by your system to send RLM
alerts and local autosupport email.
Please enter the name or IP address of the mail host []:
Please enter the IP adcress for [Link] []:[Link]
Chapter 10: Managing Remotely with the RLM 205
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Step Action
3 At the storage system prompt, enter the following command to verify the RLM’s network
configuration is correct or to display the MAC address of the RLM.
toaster> rlm status
Example: The following output is displayed if you used the static IP address in Step 2:
Remote LAN Manager
Part Number: 111-00001
Revision: 30
Serial Number: 123456
Firmware Version: 3.12
Mgmt MAC Address: 00:AA:BB:CC:DD:EE
Using DHCP: no
IP Address: [Link]
Netmask: [Link]
Gateway: [Link]
4 Verify that the RLM AutoSupport function is working properly by entering the following
command.
toaster> rlm test autosupport
Note
You must ensure the [Link] option has been set properly before issuing this command.
206 Configuring the RLM
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
RLM configuration To configure the RLM after running the Data ONTAP setup command, complete
with the rlm setup the following steps.
command
Step Action
1 Verify that AutoSupport is configured properly (refer to “Prerequisites for configuring the RLM”
on page 203).
2 At the storage system prompt, enter the following command:
toaster> rlm setup
After the setup command runs, the rlm setup script starts automatically. Follow the appropriate
example below to configure your RLM.
Example for setting up the RLM with a static IP address:
The following output is displayed:
The Remote LAN Module(RLM) provides remote management capabilities
including console redirection, logging and power control.
It also extends autosupport by sending
additional system alerts. Your autosupport settings are used
for sending these alerts via email over the RLM LAN interface.
Would you like to configure the RLM? y
Would you like to enable DHCP on the RLM LAN interface? n
Please enter the IP address for the RLM []: [Link]
Please enter the netmask for the RLM []: [Link]
Please enter the IP address for the RLM gateway []: [Link]
Example for setting up the RLM with a DHCP server:
The following output is displayed:
The Remote LAN Module(RLM) provides remote management capabilities
including console redirection, logging and power control.
It also extends autosupport by sending
additional system alerts. Your autosupport settings are used
for sending these alerts via email over the RLM LAN interface.
Would you like to configure the RLM? y
Would you like to enable DHCP on the RLM LAN interface? y
Chapter 10: Managing Remotely with the RLM 207
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Step Action
3 At the storage system prompt, enter the following command to verify that the RLM’s network
configuration is correct or to display the MAC address of the RLM.
toaster> rlm status
Example: The following output is displayed if you used the static IP address in Step 2:
Remote LAN Manager
Part Number: 111-00001
Revision: 30
Serial Number: 123456
Firmware Version: 3.12
Mgmt MAC Address: 00:AA:BB:CC:DD:EE
Using DHCP: no
IP Address: [Link]
Netmask: [Link]
Gateway: [Link]
4 Verify that the RLM AutoSupport function is working properly by entering the following
command.
toaster> rlm test autosupport
Note
You must ensure the [Link] option has been set properly before issuing this command.
208 Configuring the RLM
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Managing the RLM with Data ONTAP
Data ONTAP You manage the RLM from the storage system by using the Data ONTAP rlm
commands and commands and by changing the AutoSupport settings that are used by the RLM.
AutoSupport
options
Data ONTAP rlm The following table describes the Data ONTAP rlm commands. These
commands commands are also described in the na_rlm man page.
Note
When you enter some of these commands, there might be a pause of a few
seconds while the storage system queries the RLM. This is normal behavior.
Command Description
toaster> rlm help Displays the list of rlm commands available
with the current release of Data ONTAP.
toaster> rlm reboot Reboots the RLM and causes the RLM to
perform a self-test. Any console connection
through the RLM is lost.
toaster> rlm setup Initiates the interactive RLM setup program. For
more information, see “Configuring the RLM”
on page 204.
toaster> rlm status Displays the current status of the RLM.
toaster> rlm test Sends a test e-mail to all recipients specified
autosupport with the [Link] option.
toaster> rlm update Updates the RLM firmware. For more
information, see “The ways you can update the
RLM firmware” on page 232.
Chapter 10: Managing Remotely with the RLM 209
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
AutoSupport You use the following options to manage AutoSupport event messages and alerts:
options ◆ [Link] e-mail_addresses
◆ [Link] e-mail_addresses
◆ [Link] {name | IP_address_of_outbound_SMTP}
You use the following option to change the amount of information displayed by
Data ONTAP and RLM AutoSupport commands:
◆ [Link]
For more information, see the entry for [Link] in “AutoSupport
options” on page 162 and the section “Contents of AutoSupport messages” on
page 173.
210 Managing the RLM with Data ONTAP
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Logging in to the RLM
Prerequisite for Before logging in to the RLM, you must perform the following tasks:
logging in to the ◆ Install a secure shell client application that is appropriate for your
RLM administration host, such as SSH, OpenSSH for UNIX hosts, or PuTTY for
Windows hosts.
◆ Ensure you have a user account and password with administrative privileges
on the storage system. For information about storage system administrator
accounts, see “About managing administrator access” on page 93.
The RLM uses the same user credentials as the storage system. Changes to
user account information on the storage system are updated to the RLM.
User accounts cannot be created on the RLM.
Logging in as The RLM does not allow you to log in with the system administration account
“naroot” name of root. If you want to log in to the root account, use the name naroot.
Then, if you are prompted for a password, enter the storage system root
password.
To provide additional security against unauthorized access to the storage system,
create a unique password for the system administration account (root) for storage
systems with an RLM installed.
Using the naroot password provides an additional layer of security by:
◆ Preventing probe or hack attacks using a known login name
◆ Disallowing any special firmware privileges for a user logged into the RLM
When you use the naroot password, the RLM firmware disables root logins on
the RLM. The Data ONTAP root account is mapped to a user named naroot.
Additional administrative users can be created using Data ONTAP’s useradmin
commands.
For more information about how to create system administration accounts on a
storage system, see “About managing administrator access” on page 93.
For more information about configuring your storage system to use SSH with
SecureAdmin, see Chapter 9, “Using SecureAdmin,” on page 177 and the
na_secureadmin(1) man page.
Chapter 10: Managing Remotely with the RLM 211
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
RLM access Only Data ONTAP users identified as root and users belonging to the group
“Administrators” can log in to the RLM. These users have access to all
commands available on the RLM.
Logging in to the To log in to the RLM from a UNIX host, complete the following steps.
RLM from a UNIX
host Step Action
1 Ensure a secure shell application is installed on the UNIX host.
2 Enter the following command:
ra_host> secure_shell_app username@RLM_IP_address
Example:
Logging in as root: ra_host> ssh naroot@[Link]
Logging in as root: ra_host> ssh joe@[Link]
Logging in to the To log in to RLM from a Windows host, complete the following steps.
RLM from a
Windows host Step Action
1 Ensure that a secure shell application for Windows, such as PuTTY,
is installed, and configure the IP address of the RLM.
212 Logging in to the RLM
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Step Action
2 Open a Windows session to log in to the RLM and make the
appropriate selections.
Example:
RLM CLI sessions Only one administrator can be logged in to an active RLM CLI session at a time.
However, you can open a separate console session while the RLM CLI session is
active. In addition, you can open two SSH sessions through the console session.
If you have an RLM CLI session open, you or another administrator with
privileges to log in to the RLM can close your RLM CLI session and open a new
one. This is convenient if you logged into the RLM from one computer and
forgot to close the session before moving to another computer, or if another
administrator wants to take over the administration tasks from a different
computer.
If a session is already initiated, you will see the following message:
User username has an active CLI session.
Would you like to disconnect that session, and start yours [y/n]?
If you enter y, the session owned by username is disconnected and your session is
initiated. This action is recorded in the RLM’s system event log.
Chapter 10: Managing Remotely with the RLM 213
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
If the username account for the storage system is password protected, you are
prompted for the password. Enter the storage system password. When you are
successfully connected, you see the RLM prompt.
The RLM prompt is created by adding “RLM” in front of the hostname of the
storage system. For example, if your storage system is named toaster, the storage
system prompt is toaster> and the prompt for the RLM session becomes RLM
toaster>.
Note
The RLM does not allow more than one RLM CLI session or more than one
system console session at a time.
RLM CLI and The RLM allows you to have one CLI session and a separate console session.
system console When you use the RLM CLI to start a system console session, the RLM CLI
sessions closes its open session and a system console session is started. When you exit the
system console session, a new RLM CLI session is automatically opened. There
is no input history for the new CLI session.
Concurrent SSH You can use SSH to log in to the RLM CLI and start a system console session to
sessions Data ONTAP. You can then start a second SSH session with the RLM CLI,
leaving the system console session active. This allows you to simultaneously
interact with the RLM while you are logged in to the Data ONTAP console using
the console redirection feature of the RLM.
214 Logging in to the RLM
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Managing the storage system with the RLM
Using the RLM You manage the storage system with the RLM by using the RLM CLI, which has
command line the same features available in the Data ONTAP CLI:
interface ◆ History
◆ Command-line editor
◆ Online command-line help
These CLI features are described in the section “Using the command line
interface” on page 19.
Like the Data ONTAP CLI, the RLM CLI provides two privilege levels, admin
and advanced, with different command sets. For more information about
privilege levels, see “Using Data ONTAP commands at different privilege levels”
on page 22.
Note
The RLM CLI commands are not documented in online command line manual
(man) pages.
Using online help at You can display all the available commands by entering the question mark (?) or
the RLM CLI help, as shown in the following example.
RLM toaster> ?
date
exit
events
help
priv
rlm
system
version
If a command has subcommands, you can see them by entering the command
name after the help command, as shown in the following example:
RLM toaster> help events
events all
events info
events newest
events oldest
Chapter 10: Managing Remotely with the RLM 215
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
events search
For detailed help, enter the command followed by the question mark (-?) or -h
option. Help is displayed if the command does not have subcommands. The
following example shows the result of entering -h as an option for a command
that has subcommands.
RLM toaster> events -h
events all - print all system events
events info - print system event log information
events newest - print newest system events
events oldest - print oldest system events
events search - search for and print system events
What you can do in In admin mode, you can use the RLM commands to perform the following tasks:
RLM admin mode ◆ Connect to the storage system console (system console)
◆ Control the storage system power (system power)
◆ Display the following information:
❖ Available commands (help or ?)
❖ Events that occur on the storage system (events subcommand)
❖ Storage system console logs (system log)
❖ Storage system power status (system power status)
❖ Privilege level (priv show)
❖ RLM status (rlm status)
❖ RLM version (version)
❖ Syntax usage for a specific command (help command)
◆ Dump the storage system core and reset the storage system (system core)
◆ Exit from the RLM CLI (exit)
◆ Reset the storage system with the firmware you specify (primary, backup, or
current) (system reset firmware)
◆ Reboot the RLM (rlm reboot)
◆ Set the user mode privilege level (priv set level)
◆ Update RLM firmware (rlm update path)
Connecting to the After you use the system console command to log in to the storage system, you
storage system must log in to the system. (For detailed information, see “Using the RLM to
console remotely access the system console” on page 30). When you are logged in to the
216 Managing the storage system with the RLM
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
storage system console, you use the Data ONTAP CLI to administer the storage
system. You can enter commands at the storage system prompt or the boot
environment prompt. Use Ctrl-D to exit from the storage system console and
return to the RLM CLI (for information, see “Using the RLM to remotely access
the system console” on page 30. The following example shows the result of
entering the system console command. Notice that the message “Type Ctrl-D to
exit” appears and you must press the Enter key to see the storage system prompt.
Once the prompt appears, you can enter Data ONTAP commands. In the
following example, the vol status command is entered, followed by Ctrl-D,
which returns you to the RLM prompt.
RLM toaster> system console
Type Ctrl-D to exit.
(Press the Enter key to see the storage system prompt.)
toaster>
toaster> vol status
(information about all of the existing volumes is displayed)
toaster> Ctrl-D
RLM toaster>
Controlling storage Use the system power command to turn the power on or off or to power-cycle
system power the storage system, which automatically turns system power off and then back
on. The power supplies provide a standby voltage that is always present, even
when the storage system is off. This keeps the RLM running without interruption.
However, turning the power off or power-cycling the storage system may cause
an improper shutdown of the storage system (also called a dirty shutdown). A
warning message indicates that issuing the system power command is not a
substitute for a graceful shutdown using the Data ONTAP halt command.
RLM toaster> system power cycle
This will cause a dirty shutdown of your appliance. Continue? [y/n]
If you enter y, the storage system is turned off. Five seconds later, the storage
system is turned back on, and the boot environment prompt appears.
In the meantime, the RLM prompt awaits your next command.
RLM toaster>
Chapter 10: Managing Remotely with the RLM 217
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Syntax summary for The following table provides a quick reference of the command syntax for the
admin mode RLM RLM commands you can use in admin mode. For information on how to change
CLI commands the privilege level, see “Setting the privilege level” on page 23.
Command syntax Description
RLM toaster> events {all | Displays storage system events logged
information | newest | by the RLM.
oldest | search string}
RLM toaster> exit Exits from the RLM command line
interface.
RLM toaster> help [command] Displays a list of available commands.
If a command is specified, displays the
subcommands available for that
command or its syntax usage.
RLM toaster> priv set {admin Sets the privilege level to access the
| advanced | diag} specified mode.
RLM toaster> priv show Displays the current privilege level.
RLM toaster> rlm reboot Reboots the RLM. This action takes
approximately one minute.
RLM toaster> rlm sensors Displays the RLM environmental sensor
[-c] status. The -c option, which takes a few
seconds to display, shows current
values, rather than cached values.
RLM toaster> rlm status Displays RLM status.
Note
The Data ONTAP sysconfig command
displays both the storage system and
RLM status.
RLM toaster> rlm update Updates the RLM firmware.
[Link]
218 Managing the storage system with the RLM
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Command syntax Description
RLM toaster> system console Logs in to Data ONTAP CLI. Use Ctrl-
D to exit.
Result: The following prompt is
displayed.
toaster>
To exit, enter Ctrl-D.
Result: The following prompt is
displayed.
RLM toaster>
RLM toaster> system core Dumps the storage system core and
resets the storage system. This
command has the same effect as
pressing the Non-maskable Interrupt
(NMI) button on a storage system.
Note
The RLM stays operational as long as
input power to the storage system is not
interrupted.
RLM toaster> system power Turns the storage system on or off, or
{on | off | cycle} performs a power cycle. Standby power
stays on. Using the system power
command may cause an improper
shutdown of the storage system. When
power-cycling, there is a 5-second pause
before power is turned back on.
RLM toaster> system power Displays status for each power supply,
status such as presence, input power, and
output power.
Chapter 10: Managing Remotely with the RLM 219
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Command syntax Description
RLM toaster> system reset Resets the storage system using the
{primary | backup | current} specified firmware image.
Note
The RLM stays operational as long as
input power to the storage system is not
interrupted.
RLM toaster> version Displays the RLM version information,
including hardware and firmware
information.
What you can The RLM advanced commands display more information than is available in
display in RLM administrative mode:
advanced mode ◆ Debug log file (rlm log debug)
◆ RLM command history (rlm log audit)
◆ RLM environmental sensor status (system sensors)
◆ RLM messages file (rlm log messages)
◆ RLM statistics (rlm status -v)
Syntax summary for The following table provides a quick reference of the command syntax for the
advanced mode RLM commands you can use in advanced mode. For information on how to
commands change the privilege level to advanced mode, see “Setting the privilege level” on
page 23.
Command Description
RLM toaster*> rlm log audit Displays the RLM command history.
RLM toaster*> rlm log debug Displays the RLM debug file.
RLM toaster*> rlm log Dumps the RLM messages file.
messages
RLM toaster*> system sensors Displays a list of environmental sensors,
their states, and their current values.
220 Managing the storage system with the RLM
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Displaying storage system and RLM information
About displaying The RLM provides several ways to display information about the storage system
information and the RLM itself. You can display real-time information using the commands
in admin or advanced mode, or you can display information stored in the RLM’s
System Event Log (SEL) or Console Log.
You can also view the information displayed in the AutoSupport messages
generated by the RLM. Most of the information is stored in the SEL or in
captured console messages.
All log entries are recorded with Coordinated Universal Time (UTC) for the time
format.
Note
The RLM does not use the time zone setting from the storage system.
Displaying real-time RLM CLI in admin mode: Using the RLM CLI commands in admin mode,
information you can view the following information:
◆ The storage system power status (system power status)
◆ The status of the RLM (rlm status)
◆ The version of the RLM (version)
The following examples show how information is displayed using commands at
the RLM admin mode prompt:
RLM toaster> system power status
Power supply1 status:
Present: yes
Turned on by Agent: yes
Output power: yes
Input power: yes
Fault: no
Power supply 2 status:
Present: yes
Turned on by Agent: yes
Output power: yes
Input power: yes
Fault: no
RLM toaster> rlm status
Chapter 10: Managing Remotely with the RLM 221
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
eth0 Link encap:Ethernet HWaddr 00:A0:98:01:9C:4B
inet addr:[Link].231 Bcast:[Link]
Mask:[Link]
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8972 errors:0 dropped:0 overruns:0 frame:0
TX packets:72 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:622724 (608.1 kb) TX bytes:8765 (8.5 kb)
Interrupt:15
RLM toaster> version
serial#=123456
part#110-00030
rev#12
Agent revision: 12
Primary-
RLM_version=x.y (date)
Backup-
RLM_version=x.y (date)
Booted primary image
The RLM CLI in advanced mode: Using the RLM CLI commands in
advanced mode, you can view the following information:
◆ Internal RLM statistics (rlm status -v)
◆ The RLM environmental sensor (rlm sensors)
The following examples show how information is displayed using commands at
the RLM admin mode prompt (note that the characters “...” indicate details
have been omitted):
RLM toaster*> rlm status -v
eth0 Link encap:Ethernet HWaddr 00:A0:98:01:9C:4B
inet addr:[Link].231 Bcast:[Link]
Mask:[Link]
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8972 errors:0 dropped:0 overruns:0 frame:0
TX packets:72 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:622724 (608.1 kb) TX bytes:8765 (8.5 kb)
Interrupt:15
packet reader daemon
----------------------------------
restarts 1
port config errors 0
222 Displaying storage system and RLM information
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
...
packet writer daemon
----------------------------------
restarts 0
port config errors 0
...
console logger daemon
----------------------------------
logger restarts 0
logger input packets 0
...
downbeat daemon
----------------------------------
Downbeat restarts 0
Downbeat packets 0
...
upbeat daemon
----------------------------------
Upbeat restarts 1
Upbeat packets 93
ECC memory
----------------------------------
total corrections 0
totat uncorrectable errors 0
...
Watcher daemon
----------------------------------
watcher restarts 0
agentd restarts 0
...
RLM toaster*> rlm sensors
Sensor Sensor Sensor Critical Warning Warning Critical
Name State Reading Low Low High High
======== ===== ====== ====== ====== ====== =====
Temperature Normal 19C N/A 0C 45C 60C
Monitoring the When you power-cycle the storage system, no real-time messages regarding the
storage system boot progress appear in the RLM console. To monitor the storage system during a
during a power power cycle, use SSH to log in to the RLM CLI and start a system console
cycle session with Data ONTAP. Leave this system console session active and start a
second SSH session with the RLM CLI. You can then simultaneously interact
with the RLM CLI and access the storage system with the system console. When
Chapter 10: Managing Remotely with the RLM 223
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
you power-cycle the storage system using the RLM, the active session to the
system console provides real-time output from the system, including the progress
of the system boot.
System Event Log The RLM has a non-volatile memory buffer that stores up to 4,000 system events
in a System Event Log (SEL). The SEL is stored in onboard flash memory on the
RLM. When the buffer is full, the oldest records are overwritten by the newest
records.
The SEL stores each audit log entry as an audit event. You can view these audit
log entries, along with other stored events, by entering the events command. You
can also use the rlm log audit command to perform a quick search for audit
logs from the SEL events log. However, the debug logs and message logs are
stored separately on the RLM in its RAM and provide debug data for RLM
firmware.
The SEL stores platform-specific events. This log is self-contained and does not
support the Syslog Translator.
The primary purpose of this log is to help you diagnose system issues. The event
list from the log is automatically sent by the RLM to NetApp and other recipients
as an attachment to AutoSupport e-mails. The log can also be manually
downloaded using the RLM events all command. In addition, you can use
DataFabric Manager to view logs from the RLMs of systems managed through
DataFabric Manager.
The records contain the following data:
◆ Hardware events detected by the RLM—for example, system sensor status
about power supplies, voltage, or other components
◆ Errors (generated by the storage system or the RLM) detected by the RLM—
for example, a communication error, a fan failure, a memory or CPU error,
or a “boot image not found” message
◆ Critical software events sent to the RLM by the storage system—for
example, a system panic, a communication failure, an unexpected boot
loader prompt, a boot failure, or a user-triggered “down system” as a result
of issuing the system reset or system power cycle command
Note
The SEL uses the RLM’s clock to time-stamp events. RLM begins synchronizing
its clock with the system clock as soon as the storage system boots up. However,
synchronizing takes a few seconds. If events occur during these few seconds, they
are time-stamped January 1, 1970.
224 Displaying storage system and RLM information
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Recent records from the SEL are attached to the AutoSupport messages sent by
the RLM.
You access the SEL by using the RLM events command, as shown in the
following examples.
RLM toaster> events info
SEL version: 4
Maximum number of records: 4000
Number of records: 180
Record size: 64 Bytes
Oldest record’s id: 1
Latest records’s id: 180
RLM toaster> events oldest 1
Record 1: Wed Mar 30 20:17:38 2005 [RLM [Link]]: “log in”
RLM toaster> events all
(displays all events)
RLM toaster> events newest 2
Record 179: Wed Mar 30 10:32:49 2005 [Agent [Link]]: FIFO
0x001A - Agent XYZ, PS2_PRSNT easserted.
Record 180: Wed Mar 30 10:32:50 2005 [Agent [Link]]: FIFO
0x8017 - Agent XYZ, FAN_ALERT2 easserted
RLM toaster> events search WD
Record 5: Tue Mar 29 07:39:40 2005 [Agent [Link]]: FIFO
0x8FFF - Agent XYZ, L1_WD_TIMEOUT asserted.
Record 6: Tue Mar 29 07:39:42 2005 [Agent [Link]]: FIFO
0x8FFE - Agent XYZ, L2_WD_TIMEOUT asserted
Console log The RLM monitors the storage system console regardless of whether
administrators are logged in or connected to the console. When storage system
messages are sent to the console, the RLM stores them in the console log, which
resides in a 96-KB buffer in its main memory. The console log can store
approximately 2,000 lines of system console messages. When the buffer is full,
the oldest messages are overwritten by the newest messages.
The console log persists as long as the RLM has power from either of the storage
system’s power supplies. Since the RLM operates with standby power, it remains
available even when the storage system is power-cycled or turned off.
Chapter 10: Managing Remotely with the RLM 225
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
If the [Link] option is set to complete, and a “down filer,” a
system hang, or a reboot loop condition occurs, the console logs are attached to
the AutoSupport messages sent by the RLM.
You display the contents of the console log with the system log command, as
shown in the following example.
RLM toaster> system log
toaster> Wed Mar 30 10:32:49 GMT
[[Link]:EMERGENCY] : SYS 2 FAN 2 is spinning
below the tolerable speed. Replace it immediately to avoid
overheating.
toaster> Wed Mar 30 10:33:10 GMT
[[Link]:EMERGENCY] : current speed is 82 RPM,
critical low is 400 RPM
AutoSupport For storage systems with RLM, there are two additional types of AutoSupport
messages messages:
◆ RLM-generated AutoSupport messages about the storage system
◆ Storage system-generated AutoSupport messages about the RLM
For information about how to interpret AutoSupport messages, see “Contents of
AutoSupport messages” on page 173.
RLM-generated AutoSupport messages: These messages include the
following information:
◆ In the subject line—A system notification from the RLM of the storage
system, listing the system condition or event that caused the AutoSupport
message, and the log level (for information about log level, see “Event and
log-level descriptions” on page 172)
◆ In the message body—The RLM configuration and version information, the
storage system ID, serial number, model and host name
◆ In the gzipped attachments—the System Event Logs, the system sensor state
as determined by the RLM, and console logs. (Console logs can be omitted
by setting the [Link] option to minimal.)
Typical RLM-generated AutoSupport messages occur in the following
conditions:
◆ The storage system reboots unexpectedly.
◆ The storage system stops communicating with the RLM.
◆ A watchdog reset occurs.
226 Displaying storage system and RLM information
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
The watchdog is a built-in NetApp hardware sensor that monitors the storage
system for a hung or unresponsive condition. If the watchdog detects this
condition, it resets the storage system so the system can automatically reboot
and begin functioning. This feature is sometimes called automatic server
restart.
When the RLM detects a watchdog-generated event occurs on the storage
system, it logs this event and, if needed, sends an AutoSupport alert for this
event.
◆ The storage system is power-cycled.
◆ Firmware POST errors occur.
◆ A user-initiated AutoSupport message occurs.
Storage system-generated AutoSupport messages: These messages
include the following information:
◆ In the subject line—A system notification from the name of the storage
system with the RLM, a description of the RLM condition or event that
caused the AutoSupport message, and the log level (for information about
log level, see “Event and log-level descriptions” on page 172)
◆ In the message body—A time stamp, the system software version and
storage system ID, host name, and output from the sysconfig -a command
◆ In the gzipped attachments—messages from EMS, rc, exports, hosts,
resolv_conf, nsswitch_conf, and cm_stats
Typical storage system AutoSupport messages about the RLM occur in the
following conditions:
◆ The RLM stops communication with the storage system.
◆ The RLM software fails.
◆ The RLM hardware fails.
Chapter 10: Managing Remotely with the RLM 227
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Comparing Data ONTAP and RLM commands
The following table shows the Data ONTAP commands that are used to manage
the RLM and the RLM commands that are used to manage the storage system.
Data ONTAP Command or
Action Procedure RLM Command
Set up RLM in a new Turn on the new storage system. N/A
storage system
During bootup, press Ctrl-C.
From the menu, select 4 or 4a to
initialize disks and set up a root
volume.
Result: After the Data ONTAP
setup script is completed, the RLM
rlm setup script is initiated.
Reconfigure an RLM toaster> setup N/A
in an existing storage
Result: After the Data ONTAP
system
setup script is completed, the rlm
setup script is initiated.
Initiate the rlm toaster> rlm setup N/A
setup script to
configure RLM
Test the RLM’s toaster> rlm test autosupport N/A
AutoSupport setting
Display Data ONTAP toaster> rlm help N/A
rlm commands help setup test update
reboot status
Log in to the RLM ra_host> ssh naroot@RLM_IP_addr
ra_host> ssh user@RLM_IP_addr
RLM toaster>
228 Comparing Data ONTAP and RLM commands
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Data ONTAP Command or
Action Procedure RLM Command
Display RLM CLI RLM toaster> ?
commands date
exit
events
help
priv
rlm
system
Display the twenty RLM toaster> events newest 20
most recent events
logged by RLM
Display a summary RLM toaster> events info
of information about
the records in the
events log
Display the RLM toaster> rlm status RLM toaster> rlm status
configuration toaster*> sysconfig -v
Requires advanced mode.
Display statistics toaster*> rlm status -v RLM toaster*> rlm status -v
gathered by RLM Requires advanced mode. Requires advanced mode.
Display the system RLM toaster*> system sensors
hardware sensor list
Requires advanced mode.
Log in to the system RLM toaster> system console
to manage storage
toaster>
system resources
(Use Ctrl-D to exit).
Dump the system RLM toaster> system core
core and reset the
storage system
Reset the RLM toaster> rlm reboot RLM toaster> rlm reboot
Chapter 10: Managing Remotely with the RLM 229
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Data ONTAP Command or
Action Procedure RLM Command
Update the RLM toaster> software install RLM toaster> rlm update
firmware [Link] -f [Link]
toaster> rlm update
230 Comparing Data ONTAP and RLM commands
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Troubleshooting the storage system with the RLM
About When you become aware of a problem with the storage system, you can use the
troubleshooting RLM to display information about the problem, dump a system core, and reboot
the storage system, even if the storage system’s firmware is corrupted. Use the
following table as a guideline for troubleshooting a storage system.
Note
If you configure the AutoSupport feature, the RLM sends you status messages
about both the storage system and the RLM.
Enter this command at the
If this condition occurs... And you want to... RLM CLI prompt...
The storage system is not Access the storage system console system console
responding properly
You receive an AutoSupport Display what has occurred at the system log
message for an event that is storage system console
occurring or has occurred,
Display all events, starting with most events all
such as the failure of a
recent
hardware component or a
storage system that has Display a specific number of recent events newest number
panicked and is down. events
Search for specific events in the SEL events search string
The storage system is Dump the system core and reboot the system core
hanging storage system
Power-cycle the storage system system power cycle
The storage system firmware Boot using a backup copy of the system reset backup
is corrupted storage system firmware
Chapter 10: Managing Remotely with the RLM 231
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Updating the RLM firmware
The ways you can You can download and update the RLM firmware from the Data ONTAP
update the RLM command line interface (CLI) or the RLM CLI.
firmware ◆ To update with the Data ONTAP CLI, use the .zip file.
Note
Before you can upgrade the RLM firmware from the Data ONTAP CLI, you
must run the software install command to download the appropriate
software. For information about the software command and its
subcommands, see the Upgrade Guide and the na_software (1) man page.
◆ To update with the RLM CLI, use the .[Link].
When you download the RLM firmware from the NOW site at
[Link] you can save the file on any web server that is accessible
from the storage system.
Note
After the firmware is updated, you are prompted to reboot the RLM. If your
console connection to the storage system is being redirected through the RLM,
you lose your connection. In approximately one minute, the RLM reboots and
automatically re-establishes your console connection.
Prerequisites You must have the following items to download and update the firmware:
◆ Access to a web server on a network accessible to your storage system
◆ The name and IP address of the web server
◆ Access to the storage system’s serial console
232 Updating the RLM firmware
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Using the Data ONTAP CLI: To update the RLM firmware at the storage
system prompt, complete the following steps:
Step Action
1 Go to Firmware Instructions for the Remote LAN Module at the
NOW site at [Link]
2 Click on the RLM_FM.zip link to download the file from the web
site to the web server on a network that is accessible to your storage
appliance.
3 Enter the following command:
toaster> software install [Link] -f
web_server is the name of the web server on a network accessible to
your storage appliance.
Result: The following messages are displayed.
software: copying to /etc/software/RLM_FM.zip
software: 100% file read from location.
software: /etc/software/RLM_FM.zip has been copied.
software: installing software, this could take a few
minutes...
4 Enter the following command:
toaster> rlm update
Result: The following messages are displayed.
Updating the RLM firmware.
DO NOT reset this system during this process.
New RLM version : x.x.x
Sending file to RLM. . .
Current RLM version : x.x.x
Installing package on RLM. . .
RLM: Firmware updated successfully!
Chapter 10: Managing Remotely with the RLM 233
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Step Action
5 When the system prompts you to update the RLM, enter y to
continue.
Result: The RLM is updated and you are prompted to reboot the
RLM. Wait 60 seconds to allow the RLM to reboot.
Note
If your console connection is not through the RLM, it stays active
during reboot.
Using the RLM CLI: To update the RLM firmware at the RLM prompt,
complete the following steps.
Step Action
1 Go to Firmware Instructions for the Remote LAN Module at the
NOW site at [Link]
2 Click on the RLM_FM.[Link] link to download the file from the web
site to the web server on a network that is accessible to your storage
appliance.
3 Log in to the RLM by entering the following command at the
administration host.
admin_host> ssh username@RLM_IP_address
4 Enter the following command:
RLM toaster> rlm update
[Link]
web_server_addr is the IP address of the web server on a network
accessible to your storage system.
Result: The following messages are displayed.
Downloading package. . .
Uncompressing package. . .
Unarchiving package. . .
Installing package. . .
Reprocessing configuration state. . .
Cleaning up. ..
RLM FW Update Successful.
234 Updating the RLM firmware
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Step Action
5 When you are prompted to reboot the RLM, enter the following
command:
RLM toaster> rlm reboot
Note
If your console connection is through the RLM, you lose your
console connection to the storage system. In approximately one
minute, the RLM reboots and automatically re-establishes the
connection.
For the latest For the latest information about updating RLM firmware, see the NOW site at
information [Link]
Chapter 10: Managing Remotely with the RLM 235
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Troubleshooting RLM problems
Communication If there is a communication failure between the storage system and the RLM,
problems search for EMS events titled:
[[Link]:warning]: RLM communication error, (reason)
Configuration If you are having difficulty configuring the RLM, view detailed configuration
problems information and assign a new IP address by completing the following steps.
Step Action
1 Verify the RLM is online and the IP configuration is correct by
entering the following command:
toaster*> rlm status
2 If the RLM is configured using DHCP, reconfigure the RLM using a
static IP address by entering the following command:
toaster*> rlm setup
236 Troubleshooting RLM problems
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Connection If you are having difficulty connecting to the RLM, check the connection by
problems completing the following steps.
Step Action
1 Verify that you are using a secure shell client to connect to the RLM.
For information on secure shell client applications, see “Prerequisite
for logging in to the RLM” on page 211.
2 From the storage system, verify the RLM is online and the IP
configuration is correct by entering the following command:
toaster> rlm status
3 From the administration host, test the network connection for the
RLM by entering the following command:
ra_host> ping rlm_IP_address
If the ping fails:
◆ Verify that the RLM network port on the back of the storage
system is cabled and active. For more information, see the
Installation and Setup Instructions for your storage system.
◆ Verify that the RLM has a valid IP address. (At the storage
system, enter the rlm setup command to use the DHCP server
or assign a valid IP address.).
◆ Verify that the administration host has a route to the RLM.
4 From the storage system, reboot the RLM by entering the following
command:
toaster> rlm reboot
Note
It takes approximately one minute for the RLM to reboot.
5 If the RLM does not reboot, repeat Steps 2 through 4. If the RLM
still does not reboot, contact technical support for assistance.
RLM failures An RLM failure can occur for one of the following reasons:
◆ A communication link between the RLM and the storage system is broken.
◆ A hardware failure has occurred on the RLM.
Chapter 10: Managing Remotely with the RLM 237
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
If the RLM fails, search for EMS events titled:
[[Link]:warning]: Have not received a Heartbeat from
the Remote LAN Module in the last n seconds, (reason)
To troubleshoot an RLM failure, complete the following steps.
Step Action
1 Run diagnostics by entering the following command from the boot
environment prompt (CFE> in a FAS3000 series system and LOADER>
in a FAS6000 system):
CFE> boot_diags
Result: The diagnostics main menu appears.
Copyright (c) 1992-2005 Network Appliance, Inc.
Diagnostic Monitor v-4. 4x67
------------------------------------------------
all Run all system diagnostics
mb FAS3020 motherboard diagnostic
mem main memory diagnostic
agent agent & rlm diagnostic
cf-card CompactFlash controller diagnostic
fcal FCAL controller diagnostic
stress System wide stress diagnostic
Commands:
Config (print a list of configured PCI devices)
Default (restore all options to default settings)
Exit (exit diagnostics and return to firmware OK
prompt)
238 Troubleshooting RLM problems
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Step Action
2 From the main menu, enter the following option:
Enter Diag, Command or Option: agent
Result: The following RLM diagnostic menu appears.
Agent Diagnostic
--------------------------
1: Comprehensive test
2: Appl-Agent interface test
3: Appl PS On-Off test 70: Show Agent ring
buffer info
4: RLM Memory test 71: Show RLM info
5: RLM Sensor test 72: Show Restart reason
6: RLM-Agent interface test
7: RLM IRQ test
8: RLM NMI test 91: Enable/disable looping
92: Stop/continue on
error
11: RLM PS On-OFf test 93: Extended/Normal test
99: Exit
Select test or feature by number [0]:
3 From the RLM diagnostic prompt, enter test number 1 as shown:
Select test or feature by number [0]: 1
Note
It takes approximately ten minutes to complete this test.
Result: This initiates a comprehensive test that includes running
tests 2 through 8 and 11. The results of each test are displayed.
4 Based on the results of Step 3, diagnose the problem. If the problem
persists, reseat the RLM and repeat Steps 1 to 4.
If the problem still persists, replace the RLM.
Chapter 10: Managing Remotely with the RLM 239
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
RLM firmware A firmware update failure can occur for one of the following reasons:
update problems ◆ The firmware image is incorrect or corrupted.
◆ A communication error occurred while sending firmware to the RLM.
◆ The update failed when you attempted to install the new firmware at the
RLM.
◆ The storage system was reset during the update.
◆ There was a power loss during update.
To troubleshoot a firmware failure, search for EMS events titled:
[[Link]:warning]: RLM firmware update failed, (reason)
Example: [[Link]:warning]: RLM firmware update failed:
ORFTP couldn’t send [Link] to RLM.
This error message indicates that the firmware update failed due to a
communication error.
Troubleshooting with the Data ONTAP CLI: To troubleshoot a firmware
update using the Data ONTAP CLI, complete the following steps.
Step Action
1 Verify the RLM is online by entering the following command:
toaster> rlm status
2 Update the firmware by entering the commands described at “Using
the Data ONTAP CLI” on page 233.
Note
Verify you are using the correct filename ([Link]) of the RLM
firmware.
3 Reboot RLM by entering the following command:
toaster> rlm reboot
Note
It takes approximately one minute for the RLM to reboot.
4 If the RLM does not reboot, repeat Steps 1 through 3. If the RLM
still does not reboot, contact technical support for assistance.
240 Troubleshooting RLM problems
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Troubleshooting with the RLM CLI: To troubleshoot a firmware update
using the RLM CLI, complete the following steps.
Step Action
1 Verify the RLM is online by entering the following command:
toaster> rlm status
2 From a browser, access the RLM firmware file on your Web server.
Note
Verify you are using the correct filename ([Link]) of the
RLM firmware.
3 Update the firmware by entering the following command.
RLM toaster> rlm update
[Link]
If this command fails, replace the path_hostname with the correct IP
address.
4 Reboot the RLM by entering the following command:
toaster> rlm reboot
Chapter 10: Managing Remotely with the RLM 241
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
242 Troubleshooting RLM problems
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
System Information and Performance 11
About this chapter This chapter describes commands that give you information about the storage
system and how it is performing. It also describes some tips for improving
storage system performance.
Note
Some options for different commands can gather the same information. For
example, the aggr status -r command and sysconfig -r command gather the
same RAID information and present it in the same format.
For more information about any of the commands described in this chapter, see
the corresponding man page.
Topics in this This chapter discusses the following topics:
chapter ◆ “Managing filer performance using FlexShare” on page 244
◆ “Storage system configuration information” on page 256
◆ “Storage information” on page 259
◆ “Aggregate information” on page 261
◆ “Volume information” on page 263
◆ “File statistics for volumes” on page 265
◆ “Environmental status information” on page 272
◆ “Fibre Channel information” on page 275
◆ “Getting storage system information using the stats command” on page 276
◆ “Getting system information using perfmon” on page 287
◆ “Getting system information using perfstat” on page 288
◆ “Improving storage system performance” on page 289
Chapter 11: System Information and Performance 243
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Managing filer performance using FlexShare
About this section This section covers the following topics:
◆ “Understanding FlexShare” on page 245
◆ “Using FlexShare to assign priorities to volume data access” on page 249
244 Managing filer performance using FlexShare
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Managing filer performance using FlexShare
Understanding FlexShare
What FlexShare is FlexShare is a tool provided by Data ONTAP that enables you to use priorities
and hints to increase your control over how your storage system resources are
used, using the following methods:
◆ Priorities are assigned to volumes, to assign relative priorities between:
❖ Different volumes
For example, you could specify that operations on /vol/db are more
important than operations on /vol/test.
❖ Client data accesses and system operations
For example, you could specify that client accesses are more important
than SnapMirror operations.
◆ Hints are used to affect the way cache buffers are handled for a given
volume.
When to use If your storage system consistently provides the performance required for your
FlexShare environment, then you do not need FlexShare. If, however, your storage system
sometimes does not deliver sufficient performance to some of its users, you can
use FlexShare to increase your control over storage system resources to ensure
that those resources are being used most effectively for your environment.
The following sample scenarios describe how FlexShare could be used to set
priorities for the use of system resources:
◆ You have different applications on the same storage system; for example,
you have a mission-critical database on the same storage system as user
home directories. You can use FlexShare to ensure that database accesses are
assigned a higher priority than accesses to home directories.
For more information, see “Assigning priority to a volume relative to other
volumes” on page 249.
◆ You want to reduce the impact of system operations (for example,
SnapMirror operations) on client data accesses. You can use FlexShare to
ensure that client accesses are assigned a higher priority than system
operations.
For more information, see “Assigning priority to system operations relative
to user operations” on page 250.
Chapter 11: System Information and Performance 245
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
◆ You have volumes with different caching requirements; for example, if you
have a database log volume that does not need to be cached after writing, or
a heavily accessed volume that should remain cached as much as possible,
you can use the cache buffer policy hint to help Data ONTAP determine how
to manage the cache buffers for those volumes.
For more information, see “About the buffer cache policy values” on
page 252.
FlexShare does not FlexShare enables you to construct a priority policy that helps Data ONTAP
provide manage system resources optimally for your application environment. FlexShare
performance does not provide any performance guarantees.
guarantees
Priority levels are When you set the priority level of a volume or operation, you are not giving that
relative volume or operation an absolute priority level. Instead, you are providing a hint
to Data ONTAP about how to set priorities for accesses to that volume or
operations of that type relative to other accesses or operations. For example,
setting the priority level of each of your volumes to the highest level will not
improve the performance of your system; in fact, doing so would not result in any
performance change.
About using If you use FlexShare on active/active storage systems, you must ensure that
FlexShare in FlexShare is enabled or disabled on both nodes. Otherwise, a takeover can cause
active/active unexpected results.
storage systems
After a takeover occurs, the FlexShare priorities you have set for volumes on the
node that was taken over are still operational, and the takeover node creates a new
priority policy by merging the policies configured on each individual node. For
this reason, make sure that the priorities you configure on each node will work
well together.
Note
You can use the partner command to make changes to FlexShare priorities on a
node that has been taken over.
246 Managing filer performance using FlexShare
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
How volume The following table outlines how the listed volume operations affect FlexShare
operations affect settings.
FlexShare priorities
Volume operation Effect on FlexShare settings
Deletion FlexShare settings removed
Rename FlexShare settings unchanged
FlexClone volume creation Parent volume settings unchanged
FlexShare settings for new FlexClone volume
unset (as for a newly created volume)
Copy Source volume settings unchanged
FlexShare settings for destination volume unset
(as for a newly created volume)
Offline/online FlexShare settings preserved
Understanding how To create the optimal priority policy for your storage system, you need to
the default queue understand how the default priority is used.
works
Any volume that does not have a priority assigned is in the default queue. If you
have not assigned a priority to any volume on your system, then all of your
volumes are in the default queue, and requests to all volumes are given equal
priority.
When you assign a priority to any volume, it is removed from the default queue.
Now, requests to that volume are assigned priorities relative to requests for the
default queue. But all of the volumes in the default queue share the resources
allocated to the default queue. So if you assign priorities to a few volumes and
leave the rest in the default queue, the results may not be as you expect.
For this reason, once you assign a priority to any volume, you should assign a
priority to all volumes whose relative performance you want to control.
Example: You have 30 volumes on your system. You have one volume, highvol,
that you would like to have faster access to, and one volume, lowvol, for which
fast access time is not important. You assign a priority of VeryHigh to highvol
and VeryLow to lowvol.
Chapter 11: System Information and Performance 247
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
The result of these changes for the highvol volume is as expected: when the
system is under load, accesses to the highvol volume are given a higher priority
than for any other volume. However, accesses to the lowvol volume may still get
a higher priority than accesses to the volumes that remain in the default queue
(which has a Medium priority). This is because all of the 28 volumes remaining
in the default queue are sharing the resources allocated to the default queue.
About the global Disks have a maximum number of concurrent I/O operations they can support;
io_concurrency the limit varies according to the disk type. FlexShare limits the number of
option concurrent I/O operations per volume based on various values including the
volume priority and the disk type.
For most customers, the default io_concurrency value is correct and should not
be changed. If you have nonstandard disks or load, your system performance
might be improved by changing the value of the io_concurrency option.
For more information about this option, see the na_priority(1) man page or
contact technical support.
Attention
This option takes effect across the entire system; use caution when changing its
value and monitor system performance to ensure that performance is improved.
For more For more information about FlexShare, see the na_priority(1) man page and the
information NetApp On the Web (NOW) site at [Link]
248 Managing filer performance using FlexShare
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Managing filer performance using FlexShare
Using FlexShare to assign priorities to volume data access
Assigning priority You can use FlexShare to assign a relative priority to a volume to cause accesses
to a volume relative to that volume to receive a priority that is higher or lower than that of other
to other volumes volumes on your storage system.
Note
For best results, when you set the priority of any volume, set the priority of all
volumes on the system.
For more information, see “Understanding how the default queue works” on
page 247.
To assign a priority to a volume relative to other volumes, complete the following
steps.
Step Action
1 If you haven’t already done so, ensure that FlexShare is enabled for
your storage system by entering the following command:
priority on
Chapter 11: System Information and Performance 249
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Step Action
2 Specify the priority for the volume by entering the following
command:
priority set volume vol_name level=priority_level
vol_name is the name of the volume for which you want to set the
priority.
priority_level is one of the following values:
◆ VeryHigh
◆ High
◆ Medium
◆ Low
◆ VeryLow
Example: The following command sets the priority level for the
dbvol volume as high as possible. This causes accesses to the dbvol
volume to receive a higher priority than accesses to volumes with a
lower priority.
filer> priority set volume dbvol level=VeryHigh system=30
Note
Setting the priority of system operations to 30 does not mean that 30
percent of storage system resources are devoted to system operations.
Rather, when both user and system operations are requested, the
system operations are selected over the user operations 30 percent of
the time, and the other 70 percent of the time the user operation is
selected.
3 You can optionally verify the priority level of the volume by entering
the following command:
priority show volume [-v] vol_name
Assigning priority If system operations (for example, SnapMirror transfers or ndmpcopy operations)
to system are negatively affecting the performance of user accesses to the storage system,
operations relative you can use FlexShare to assign the priority of system operations to be lower than
to user operations that of user operations for any volume.
250 Managing filer performance using FlexShare
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Note
Synchronous SnapMirror updates are not considered system operations, because
they are performed from NVRAM when the primary operation is initiated.
Therefore, synchronous SnapMirror updates are affected by the volume priority
of the target volume, but not by the relative priority of system operations for that
volume.
To assign a priority to system operations relative to user operations for a specific
volume, complete the following steps.
Step Action
1 If you haven’t already done so, ensure that FlexShare is enabled for
your storage system by entering the following command:
priority on
Chapter 11: System Information and Performance 251
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Step Action
2 Specify the priority for system operations for the volume by entering
the following command:
priority set volume vol_name system=priority_level
Where vol_name is the name of the volume for which you want to set
the priority of system operations, and priority_level is one of the
following values:
◆ VeryHigh
◆ High
◆ Medium
◆ Low
◆ VeryLow
◆ A number from 1 to 100
Example: The following command sets the priority level for the
dbvol volume as high as possible while setting system operations for
that volume to 30.
filer> priority set volume dbvol level=VeryHigh system=30
Note
Setting the priority of system operations to 30 does not mean that 30
percent of storage system resources are devoted to system operations.
Rather, when both user and system operations are requested, the
system operations will be selected over the user operations 30
percent of the time, and the other 70 percent of the time the user
operation is selected.
3 You can optionally verify the priority levels of the volume by
entering the following command:
priority show volume -v vol_name
About the buffer You can use FlexShare to give Data ONTAP a hint about how to manage the
cache policy values buffer cache for that volume.
252 Managing filer performance using FlexShare
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Note
This capability only provides a hint to Data ONTAP. Ultimately, Data ONTAP
makes the final determination about buffer reuse, based on multiple factors
including your input.
The buffer cache policy can be one of the following values:
◆ keep
This value tells Data ONTAP to wait as long as possible before reusing the
cache buffers. This value can improve performance for a volume that is
accessed frequently, with a high incidence of multiple accesses to the same
cache buffers.
◆ reuse
This values tells Data ONTAP to make buffers from this volume available
for reuse quickly. You can use this value for volumes that are written but
rarely read, such as database log volumes, or volumes for which the data set
is so large that keeping the cache buffers will probably not increase the hit
rate.
◆ default
This value tells Data ONTAP to use the default system cache buffer policy
for this volume.
Setting the volume You can use FlexShare to influence how Data ONTAP determines when to reuse
buffer cache policy buffers.
To set the buffer cache policy for a specific volume, complete the following steps.
Step Action
1 If you haven’t already done so, ensure that FlexShare is enabled for
your storage system by entering the following command:
priority on
Chapter 11: System Information and Performance 253
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Step Action
2 Specify the cache buffer policy for the volume by entering the
following command:
priority set volume vol_name cache=policy
Where policy is the policy value, as described in “About the buffer
cache policy values” on page 252.
Example: The following command sets the cache buffer policy for
the testvol1 volume to keep, which instructs Data ONTAP not to
reuse the buffers for this volume when possible.
filer1> priority set volume testvol1 cache=keep
3 You can optionally verify the priority levels of the volume by
entering the following command:
priority show volume -v vol_name
Removing You can temporarily disable the FlexShare priority for a particular volume, or
FlexShare priority you can remove the priority completely.
from a volume
Temporarily disabling FlexShare priority: To temporarily disable
FlexShare priority for a specific volume, you can set the service option for that
volume to Off. Doing so causes that volume to be put back into the default queue.
Example: The following command temporarily disables FlexShare priority for
the testvol1 volume:
filer1> priority set volume testvol1 service=off
Removing FlexShare priority: To completely remove the FlexShare priority
settings from a specific volume, you can use the priority delete command.
Doing so causes that volume to be put back into the default queue.
Example : The following command completely removes the FlexShare priority
settings for the testvol1 volume:
filer1> priority delete volume testvol1
254 Managing filer performance using FlexShare
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Modifying the If you have not assigned a priority to a volume, then that volume is given the
default priority default priority for your storage system. The default value for the default priority
is Medium. To change the value of the default priority, you can use the following
procedure.
Note
The default priority is also used for all aggregate operations. Changing the
default priority to be very high or very low may have unintended consequences.
To change the default volume priority, complete the following step.
Step Action
1 Specify the default volume priority by entering the following
command:
priority set default option=value [option=value]
Where option is either level or system, and the possible values for
these options are the same as for assigning priorities for a specific
volume.
Example: The following command sets the default priority level for
volumes to Medium, while setting the default system operations
priority to Low.
priority set default level=Medium system=Low
Chapter 11: System Information and Performance 255
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Storage system configuration information
Version information The version command displays the version of Data ONTAP currently running
on a storage system.
Hardware The sysconfig command displays information about the storage system’s
configuration hardware configuration. The exact types of information displayed depend on the
command options.
For more information about the sysconfig command, see the na_sysconfig(1)
man page.
Expansion cards The sysconfig -c command checks that expansion cards are in the appropriate
slots and reports any configuration errors. If there are no configuration errors, the
sysconfig -c command reports the following:
sysconfig: There are no configuration errors.
Disk information The sysconfig -d command displays product information about each disk in the
storage system.
RAID and checksum The sysconfig -r command displays the status of plexes and aggregates; the
information RAID configuration; and checksum information about the parity disks, data
disks, and hot spare disks, if any. This information is useful for the following
purposes:
◆ Locating a disk referenced in a console message
◆ Determining how much space on each disk is available to the storage system
◆ Determining the status of disk operations, such as RAID scrubbing,
reconstruction, parity verification, adding a hot spare, and disk failure
◆ Determining the number of spare disks
◆ Determining a checksum type for an aggregate
256 Storage system configuration information
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Note
You can also obtain the information displayed by sysconfig -r from SNMP,
using the custom Management Information Base (MIB). For information about
SNMP, see the Network Management Guide.
Tape drive The sysconfig -t command displays device and configuration information for
information each tape drive on the system. You can use this command to determine the
capacity of the tape drive and the device name before you use the dump and
restore commands.
Traditional volume The sysconfig -V command displays RAID group and disk information about
and aggregate each traditional volume and aggregate.
information
Tape library The sysconfig -m command displays tape library information. Before you use
information this option, ensure that the storage system was booted with the autoload setting of
the tape library off.
Overall storage The sysconfig -v command displays the system’s RAM size, NVRAM size,
system information and information about devices in all expansion slots. This information varies
according to the devices on the storage system. You can specify a slot number to
display information about a particular slot. Slot numbers start at 0, where slot 0 is
the system board.
The sysconfig -a command displays the same information as the -v option, but
the information is more detailed.
Note
If you enter sysconfig without any options, information similar to what you get
with sysconfig -v is displayed, but the information is abbreviated. When you
report a problem to technical support, provide the information displayed by
sysconfig -v. This information is useful for diagnosing system problems.
Chapter 11: System Information and Performance 257
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Comprehensive The sysconfig -A command displays storage system information gathered by
storage system the following commands, one after the other:
information ◆ sysconfig
◆ sysconfig -c
◆ sysconfig -d
◆ sysconfig -V
◆ sysconfig -r
◆ sysconfig -m
Therefore, when you use the sysconfig -A command, Data ONTAP lists
information about configuration errors, disk drives, medium changers, RAID
details, tape devices, and aggregates.
Getting system You can also get system information, either interactively or with a script, using
information using the stats command. For more information about the stats command, see
the stats command “Getting storage system information using the stats command” on page 276.
258 Storage system configuration information
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Storage information
Command for You use the storage show command to display information about storage
displaying storage components for a storage system, including information about all disks and
information adapters.
For more information on the storage command, see the na_storage(1) man page
and the chapter on disks in the Storage Management Guide.
Adapter information The storage show adapter command displays information about all storage
adapters currently in your storage system. The storage show adapter name
command displays information only for the adapter specified.
Hub information The storage show hub command displays information about all hubs attached to
your storage system. The storage show hub name command displays
information only for the hub specified.
Disk information The storage show disk command displays information about all disks currently
attached to your storage system. The storage show adapter -p command
displays the primary and secondary paths to a disk device.
Medium changer The storage show mc command displays information about all medium
information changers (tape libraries) attached to your storage system. The storage show mc
name command displays information for only the medium changer specified.
Switch port The storage show port command displays information about all ports on all
information switches attached to your storage system. The storage show port name
command displays information only for the port specified.
Switch information The storage show switch command displays information about all switches
attached to your storage system. The storage show switch name command
displays information only for the switch specified.
Chapter 11: System Information and Performance 259
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Tape information The storage show tape command displays information about all tape devices
attached to your storage system. The storage show tape name command
displays information only for the tape drive specified.
Tape statistics The storage stats tape name command displays statistics about the tape drive
specified. You must specify the tape drive name.
Reset tape drive The storage stats tape zero name command resets all statistics for the tape
statistics drive specified. You must specify the tape drive name.
260 Storage information
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Aggregate information
Command for You use the aggr status command to display information about aggregate
displaying configurations. The types of information displayed depend on the command
aggregate options. When you specify an aggregate, such as aggr status aggr0, the
information information for that aggregate is displayed; when you do not specify an
aggregate, the status of all aggregates and traditional volumes in the storage
system is displayed.
The aggregate status commands work for aggregates that were created explicitly,
as well as for the aggregates created automatically when traditional volumes
were created. Because a traditional volumes is tightly coupled with its containing
aggregate, the aggregate status commands return information for both aggregates
and traditional volumes. In both cases, it is the aggregate information that is
returned.
For more information about aggregates, see the chapter on aggregates in the
Storage Administration Guide. For more information about the aggr command,
see the na_aggr(1) man page.
Aggregate state With no options, the aggr status command displays a concise synopsis of
information aggregate states. This includes the name of the aggregate, whether it is an
aggregate or traditional volume, whether it is online, offline, or restricted,
whether its RAID type is RAID4 or RAID-DP, and other states, such as partial or
degraded, and any options that are enabled, either by default or through the aggr
options or vol options command.
Disk information The aggr status -d command displays information about disks. The disk
information is the same as the information from the sysconfig -d command.
RAID and checksum The aggr status -r command displays RAID, plex, and checksum information
information for an aggregate. The display is the same as the sysconfig -r display.
Chapter 11: System Information and Performance 261
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
RAID information The aggr status -v command displays information about each RAID group
for each group within an aggregate or traditional volume, and the settings of the aggregate
options.
Getting aggregate You can also get aggregate information, either interactively or with a script, using
information using the stats command. For more information about the stats command, see
the stats command “Getting storage system information using the stats command” on page 276.
262 Aggregate information
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Volume information
Command for You use the vol status command to display information about volume
displaying volume configurations. The types of information displayed depend on the command
information options. When you specify a volume, such as vol status vol0, the information
for that volume is displayed; when you do not specify a volume, the status of all
volumes in the storage system is displayed.
For more information about volumes, see the chapter on volumes in the Storage
Management Guide. For more information about the vol command, see the
na_vol(1) man page.
Volume state With no options, the vol status command displays a concise synopsis of
information volume states. This includes the volume name; whether it is a FlexVol or
traditional volume; whether it is online, offline, or restricted; other status, such as
partial and degraded; and what, if any, options are enabled for the volume or its
containing aggregate (through the aggr options or vol options command).
The vol command also displays RAID information for the volume’s containing
aggregate.
Disk information The vol status -d command displays information about the volume’s
containing aggregate’s disks. The information displayed is the same as for the
sysconfig -d command.
RAID and checksum The vol status -r command displays RAID, plex, and checksum information
information for the volume’s containing aggregate. The information displayed is the same as
for the sysconfig -r command.
Volume options and The vol status -v command displays the state of all per-volume options and
RAID information information about each plex and RAID group within the volume’s containing
aggregate.
Chapter 11: System Information and Performance 263
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Volume language The vol status -l command displays the language used by each volume.
Getting volume You can also get volume information, either interactively or with a script, using
information using the stats command. For more information about the stats command, see
the stats command “Getting storage system information using the stats command” on page 276.
264 Volume information
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
File statistics for volumes
About file statistics The filestats command displays a summary of file statistics within a volume
on a storage system by reading file information from a Snapshot copy that you
specify. File statistics help you determine when to schedule Snapshot copies by
enabling you to see when most file activity takes place on a volume. Using the
filestats command also helps you determine Snapshot copy disk consumption.
Detailed This section contains the following topics:
information ◆ “About the filestats command” on page 266
◆ “Options for the filestats command” on page 269
Chapter 11: System Information and Performance 265
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
File statistics for volumes
About the filestats command
Information The output from the filestats command gives you a list containing the
obtained by the following information about files from a Snapshot copy in a volume:
filestats command ◆ Size
◆ Creation time
◆ Modification time
◆ Owner
The filestats The filestats command has the following syntax:
command syntax filestats [-g] [-u] [async] [ages ages] [timetype {a,m,c,cr}]
[sizes sizes] snapshot snapshot_name [volume volume_name] [style
style] [file output_file]
The snapshot argument is required; if the volume name is not specified, vol0 is
assumed.
volume_name is the name of the volume.
snapshot_name is the name of the Snapshot copy.
Use the ages, timetype, sizes, and style options when you want to list specific
file information from a volume. For more information about filestats options,
see “Options for the filestats command” on page 269.
Getting a file To use the filestats command, complete the following step.
statistics summary
Step Action
1 Enter the following command:
filestats volume volume_name snapshot snapshot_name
volume_name is the name of the volume.
snapshot_name is the name of the Snapshot copy.
266 File statistics for volumes
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Example with no The following example shows sample output from the filestats command,
options specified without any options, for the hourly.1 Snapshot copy on vol0. Output of this
option includes a breakdown of files by size, age, user ID, and group ID, and the
cumulative number of inodes for each value:
tpubs-cf2> filestats volume vol0 snapshot hourly.1
VOL=vol0 SNAPSHOT=hourly.1
INODES=274528 COUNTED_INODES=875 TOTAL_BYTES=458354190
TOTAL_KB=143556
FILE SIZE CUMULATIVE COUNT CUMULATIVE TOTAL KB
1K 465 1576
10K 832 3356
100K 853 3980
1M 856 4660
10M 864 32808
100M 875 143524
1G 875 143254
MAX 875 143254
AGE(ATIME) CUMULATIVE COUNT CUMULATIVE TOTAL KB
0 0 0
30D 841 132780
60D 850 132932
90D 859 143464
120D 875 143528
MAX 875 143528
UID COUNT TOTAL KB
#0 873 143528
#20041 2 0
GID COUNT TOTAL KB
#0 851 41556
#30 21 1972
#1 3 0
Note
The # character preceding user IDs or group IDs in the UID and GID sections of
the filestats command output indicates that the IDs cannot be found in the
/etc/passwd and /etc/hosts files on the storage system.
Chapter 11: System Information and Performance 267
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Example with ages Enter the filestats command with the ages option to display a daily
option specified breakdown of file changes in a volume, as shown in the following example:
filestats ages 1D,2D,3D,4D,5D,6D,7D,8D,9D,10D,11D,12D,
13D,14D volume vol0 snapshot hourly.0
◆ Use the daily age breakdown displayed in the Cumulative Total KB column
of the Age output to determine the average change in data per day.
◆ Divide the amount of disk space you want to reserve for Snapshot copies by
the daily change average. For example, if you find that the average daily
change rate is 3 GB and you have a 200-GB volume, 40 GB (or 20 percent)
of which you want to reserve for Snapshot copies, divide 40 by 3 to
determine the number of daily Snapshot copies you can have before
exceeding your space limit. In this example, 13 daily Snapshot copies is your
limit.
Example of You can also use the filestats command to determine when the most activity
determining volume occurs on a volume during a given day so that you can effectively schedule
capacity hourly Snapshot copies.
The following example shows how you can use the filestats command to
determine when the most file changes occur in a volume within a 24-hour period:
filestats ages 1H,2H,3H,4H,5H,6H,7H,8H,9H,10H,11H,12H,
13H,14H,15H,16H,17H,18H,19H,20H,21H,22H,23H,24H volume vol0
snapshot hourly.0
If hourly.0 was taken at 8 a.m. and most file changes took place between 7H and
9H, which corresponds to 3 p.m. and 5 p.m. in this example, you can schedule
more Snapshot copies during these hours and fewer throughout the rest of the
day. Scheduling more Snapshot copies before or during increased file activity
decreases the time between file changes and Snapshot copies.
For information about managing Snapshot copies, see the Data Protection Online
Backup and Recovery Guide.
268 File statistics for volumes
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
File statistics for volumes
Options for the filestats command
Options to use with You can use the following options with the filestats command:
the filestats ◆ -g
command ◆ -u
◆ ages
◆ timetype
◆ sizes
◆ style
◆ file
◆ async
About the group list The -g option of the filestats command enables you to generate separate file
option usage summaries for each group ID. For each group ID, a separate table
containing information about file sizes and ages is listed.
About the user list The -u option of the filestats command enables you to generate separate file
option usage summaries for each user ID. For each user ID, a separate table containing
information about file sizes and ages is listed.
About the ages The ages option of the filestats command enables you to see when files have
option been accessed. You can specify file ages in seconds, hours, and days, using a
comma to separate each value. By default, file ages are broken down by days, in
30-day increments.
Example of the ages To display files with ages under 900 seconds (15 minutes), under 4 hours, and
option under 7 days, enter the following command:
filestats ages 900,4H,7D volume vol0 snapshot hourly.1
Chapter 11: System Information and Performance 269
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
The age section of the output looks like the following:
AGE(ATIME) CUMULATIVE COUNT CUMULATIVE TOTAL KB
900 0 0
4H 0 0
7D 785 21568
MAX 882 146000
For an example of the entire filestats command output, see “Example with no
options specified” on page 267.
About the timetype The timetype option enables you to specify the time types that you want to list in
option the age comparison.
The following table describes the valid timetype values you can use with the
timetype option.
Value Definition
a Access time
m Modification time
c File change time (last size/status
change)
cr File creation time
About the sizes The sizes option enables you to specify the breakdown of sizes, using a comma
option to separate each value. Default values are in bytes, but you can also use the
following suffixes at the end of a number you specify:
◆ K (kilobytes).
◆ M (megabytes).
◆ G (gigabytes).
◆ * (a special value for listing all unique file sizes, one line per unique size).
Note
Using the * suffix can result in output of several thousands of lines.
270 File statistics for volumes
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Example of the To display file sizes in four categories—files with less than 500 kilobytes, files
sizes option with less than 2 megabytes, files with less than 1 gigabyte, and all other files—
enter the following command:
filestats sizes 500K,2M,1G volume vol0 snapshot hourly.1
The file size section of the output looks like the following:
FILE SIZE CUMULATIVE COUNT CUMULATIVE TOTAL KB
500K 862 4969
2M 866 10748
1G 882 146000
MAX 882 146000
For an example of the entire filestats command output, see “Example with no
options specified” on page 267.
About the style The style option controls the output style. The three style option arguments are
option as follows:
◆ readable—This is the default and is what you see when you use the
filestats command with no style option.
◆ table—Use the table argument when the filestats output will be used by
processing programs.
◆ html—Use the html argument for output that will be read by a Web browser.
About the file The file option prints the results of the filestats command to the specified
option output file, rather than the console. The output file is created in the /etc/log
directory.
About the async The async option causes the filestats command to run independently of the
option console. This option is designed for use with the file option.
Note
Running more than one asynchronous filestats command simultaneously can
adversely affect system performance.
Chapter 11: System Information and Performance 271
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Environmental status information
Command for You use the environment command to display information about the storage
displaying system environment. The exact types of information displayed depend on the
environmental command options.
status
For more information about the environment command, see the
na_environment(1) man page.
Information The environment command displays the following types of information about
provided by the the storage system environment:
environment ◆ Shelf status and temperature
command
◆ Storage system component information
◆ Storage system temperature
◆ Devices attached to the storage system
You can query information about the following items:
◆ Disk shelves
◆ The storage system power supply
◆ The storage system temperature
When the Data ONTAP runs the environment command under the following conditions:
environment ◆ Once every hour. In this case, no output is displayed or logged unless
command is run abnormal conditions exist.
◆ Whenever an environment threshold in the storage system is crossed.
◆ When you enter the command from the command line.
You run this command manually to monitor the storage system subsystems,
especially when you suspect a problem and when reporting abnormal
conditions to technical support.
All environment The environment status command with no options displays all storage system
information environment information.
272 Environmental status information
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Shelf environment The environment status shelf command displays the shelf environmental
status status for all shelves. The environment status shelf adapter command
displays shelf information for shelves attached to a specific adapter.
Chassis The environment chassis command displays the environmental status of all
environment status chassis components.
Detailed chassis The environment chassis list-sensors command displays detailed
environment status information from all chassis sensors.
Command for You can add UPS devices to be monitored, enable or disable monitoring of UPS
monitoring UPS devices, or display the status of UPS devices. The ups status command displays
devices the status of all UPS devices.
Specifying a UPS To specifying a UPS device to be monitored by the storage system’s
device to be environmental monitoring software, complete the following step.
monitored
Step Action
1 Enter the following command:
ups add [-c community] IP_address
Use -c community if you want to specify the community for the UPS
device.
IP_address is the IP address of the UPS device.
Chapter 11: System Information and Performance 273
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Enabling or To enable or disable monitoring of one or more UPS devices, complete the
disabling following step.
monitoring of UPS
devices Step Action
1 ups {disable|enable} [{all|IP_address}]
IP_address is the IP address of a specific UPS device you want to
disable or enable.
Example: The following command disables monitoring of all UPS
devices.
ups disable all
Note
The ups enable all command does not enable previously disabled
UPS devices.
274 Environmental status information
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Fibre Channel information
Command for You use the fcstat command to display the following types of information:
displaying Fibre ◆ Link statistics for all disks on a loop
Channel
◆ Internal statistics kept by the Fibre Channel driver
information
◆ Information showing the correlation of disks with disk shelves and the
relative physical positions of drives on a loop
For more information about the fcstat command, see the na_fcstat(1) man page.
Link statistics for all The fcstat link_stats command displays link statistics for disks on a loop.
disks on a loop This display includes the link failure count, the loss of sync count, the loss of
signal count, the invalid cyclic redundancy check (CRC) count, the frame in
count, and the frame out count.
Internal Fibre The fcstat fcal_stats command displays internal statistics kept by the Fibre
Channel driver Channel driver. The Fibre Channel driver maintains statistics about various error
statistics conditions, exception conditions, and handler code paths executed.
Relative physical The fcstat device_map command displays the relative physical positions of
drive position drives on a loop and the mapping of devices to disk shelves.
Getting Fibre You can also get Fiber Channel information, either interactively or with a script,
Channel using the fcp object for the stats command. For more information about the
information using stats command, see “Getting storage system information using the stats
the stats command command” on page 276.
Chapter 11: System Information and Performance 275
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Getting storage system information using the stats command
About the stats The stats command provides access, through the command line or scripts, to a
command set of predefined data collection tools in Data ONTAP called counters. These
counters provide you with information about your storage system, either
instantaneously or over a period of time.
About objects, Stats counters are grouped by what object they provide data for. Stats objects can
instances, and be physical entities such as system, processor or disk; logical entities such as
counters volume or aggregate; protocols such as iscsi or fcp, or other modules on your
storage system. To see a complete list of the stat objects, you can use the stats
list objects command.
Each object can have zero or more instances on your storage system, depending
on your system configuration. Each instance of an object has its own name. For
example, for a system with two processors, the instance names are processor0
and processor1.
Counters have an associated privilege mode; if you are not currently running with
sufficient privilege for a particular counter, it is not recognized as a valid counter.
How you use the When you use the stats command to get information about your storage system,
stats command you need to make the following decisions:
◆ What counters do you want to collect information from, on what object
instances?
For more information, see “About objects, instances, and counters” on
page 276.
◆ Do you want to specify the counters on the command line or do you want to
use a predetermined set of counters called a preset file?
Some preset files are provided with Data ONTAP. You can also create your
own.
For more information, see “About the stats preset files” on page 286.
◆ How do you want the information to be returned and formatted?
You can control where the information is returned (to the console or to a file)
and how it is formatted.
276 Getting storage system information using the stats command
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
For more information, see “Changing the output of a stats command” on
page 284.
◆ How do you want to invoke the stats command?
You can invoke the stats command using the following methods:
❖ A single invocation
This method retrieves information from the specified counters once and
stops.
For more information, see “Using the stats command interactively in
singleton mode” on page 281.
❖ A periodic invocation
For this method, information is retrieved from the specified counters
repeatedly, at a time interval of your choice. You can specify a number
of iterations to be performed, or the stats command can run until you
stop it explicitly.
For more information, see “Using the stats command interactively in
repeat mode” on page 282.
❖ As a background process
This method enables you to initiate a stats command process that runs
in the background until you terminate it explicitly, when the average
values for the specified counters are returned.
For more information, see “Using the stats command in background
mode” on page 283.
Viewing the list of To display the list of counters for a particular object on the command line,
available counters complete the following step.
Step Action
1 Enter the following command:
stats list counters object_name
object_name is the name of the object you want to list the available
counters for.
Chapter 11: System Information and Performance 277
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Example:
cli> stats list counters system
Counters for object name: system
nfs_ops
cifs_ops
http_ops
dafs_ops
fcp_ops
iscsi_ops
net_data_recv
net_data_sent
disk_data_read
disk_data_written
cpu_busy
avg_processor_busy
total_processor_busy
num_processors
278 Getting storage system information using the stats command
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Getting more If you are planning to process the information you get from a stats command,
details about a you might want to understand how a counter presents its information. Or, you
counter might want to get more details about the information that counter collects. To get
more details about a specific counter, complete the following step.
Step Action
1 Enter the following command:
stats explain counters object_name [counter_name]
object_name is the name of the object the counter is associated with.
counter_name is the name of the counter you want more details
about. If counter_name is omitted, information about all counters on
the specified object is returned.
Result: The following fields are returned for every specified
counter:
◆ Name
◆ Description
◆ Properties
The Properties field describes the type of information that is
returned by this counter. Properties include the following types:
❖ percent for values that are a percentage value, such as
cpu_busy
❖ rate for values that describe a value per time, such as
disk_data_read
❖ average for values that return an average, such as
write_latency
❖ raw for simple values that have no type, such as
num_processors
◆ Unit
The Unit field describes how value returned by this counter can
be interpreted. The Unit field can be in one of the following
groups of values:
❖ percent for counters with a Properties of percent
❖ The unit per time period for counters with a Properties of
rate, such as kb_per_sec or per_sec.
❖ The time unit for counters that return timing values, such as
write_latency
Chapter 11: System Information and Performance 279
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Example:
cli> stats explain counters system cpu_busy
Counters for object name: system
Name: cpu_busy
Description: Percentage of time one or more processors is busy in
the system
Properties: percent
Unit: percent
280 Getting storage system information using the stats command
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Using the stats When you want to see a set of information about the system’s current state at the
command command line, you can use the stats command in singleton mode. To do so,
interactively in complete the following step.
singleton mode
Step Action
1 Enter the following command:
stats show object_def [object_def...]
object_def is one of the following values:
◆ An object name (object_name)
Example: stats show system
This returns statistics from all counters provided for all instances
of the specified object.
◆ The name of a specific instance (object_name:instance_name)
Example: stats show processor:processor0
This returns statistics from all counters provided for the
specified instance of the specified object.
◆ The name of a specific counter
(object_name:instance_name:counter_name)
Example: stats show system:*:net_data_recv
Note
To see the statistic for all instances of the object, use an asterisk
(*) for the instance name.
To specify an instance name that includes spaces, enclose the
name in double quotes (“name with spaces”).
To specify an instance name that contains a colon (:), repeat the
colon (disk:20::00::00::20::37::de::4a::8e).
◆ An asterisk (*)
This returns statistics for all instances of all objects.
Chapter 11: System Information and Performance 281
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Example: The following command shows all current statistics for a volume
named myvol.
cli> stats show volume:myvol
volume:myvol:total_ops:132/s
volume:myvol:avg_latency:13ms
volume:myvol:read_ops:5/s
volume:myvol:read_data:1923b/s
volume:myvol:read_latency:23ms
volume:myvol:write_ops:186/s
volume:myvol:write_data:1876b/s
volume:myvol:write_latency:6ms
volume:myvol:other_ops:0/s
volume:myvol:other_latency:0ms
Using the stats If you want to see a statistic every few seconds, you can invoke the stats
command command in repeat mode. To do so, complete the following step:
interactively in
repeat mode Step Action
1 Enter the following command:
stats show [-n num] [-i interval] object_def
[object_def...]
num specifies the number of times you want the command to be run.
If this parameter is omitted, the command is repeated until you issue
a break.
interval specified the interval between the iterations of the stats
command. The default value is one second.
object_def is specified as described in “Using the stats command
interactively in singleton mode” on page 281.
282 Getting storage system information using the stats command
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Example: You could use the following command to display how your processor
usage is changing over time:
stats show -i 1 processor:*:processor_busy
Instance processor_busy
%
processor0 32
processor1 1
processor0 68
processor1 10
processor0 54
processor1 29
processor0 51
...
Using the stats You can collect information from a specified set of counters over time in the
command in background using the stats start and stats stop commands. The information
background mode collected is averaged over the period and displayed when the stats stop
command is issued. You can initiate multiple stats commands in background
mode, giving each of them a name so you can control them individually.
Note
Each instance of a stats command consumes a small amount of system
resources. If you start a large number of stats commands in background mode,
you could affect overall storage system performance. To avoid this issue, Data
ONTAP does not allow you to start more than 50 background stats commands,
to keep stats commands from consuming too many system resources. If you
already have 50 background stats commands running, you must stop at least
one before you can start more. To stop all currently running stats commands,
you can use the stats stop -a command.
To collect system information over time, complete the following steps:
Chapter 11: System Information and Performance 283
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Step Action
1 To start collecting the information, enter the following command:
stats start [-I identifier] object_def [object_def...]
identifier names this instance of the stats command so you can refer
to it later to show results. If you are running only one background
stats command, you can omit this parameter.
object_def is specified as described in “Using the stats command
interactively in singleton mode” on page 281.
2 If you want to display interim results without stopping the
background stats command, enter the following command:
stats show [-I identifier]
identifier names the instance of the stats command you want to
display interim results for. If you are running only one background
stats command, you can omit this parameter.
3 To stop data collection and output the final results, enter the
following command:
stats stop [-I identifier]
identifier names the instance of the stats command you want to stop
and display results for. If you are running only one background
stats command, you can omit this parameter.
Changing the Data ONTAP enables you to control the format and destination of the output of
output of a stats the stats command. This could be useful if you are processing the information
command with another tool or script, or if you want to store the output in a file so you can
process it at a later time.
There are three ways you can affect the format and destination of the output of a
stats command:
◆ You can send the output to a file rather than the console.
◆ You can determine whether the output appears in columns or rows.
◆ You can specify a delimiter.
284 Getting storage system information using the stats command
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Sending stats output to a file: To send stats output to a file, you add -o
filename to your stats show or stats stop command line, where filename is the
pathname to the file you want to receive the stats output. The file does not need
to exist, although any directory in the path must already exist.
Using rows and columns: To determine whether the output is formatted in
rows or columns, you add the -r or -c option to your stats show or stats stop
command line.
The -r option formats the output in rows, and is the default if the -i option is not
specified.
Example output in rows:
cli> stats show qtree:*:nfs_ops
qtree:vol1/proj1:nfs_ops:186/s
qtree:vol3/proj2:nfs_ops:208/s
The -c option formats the output in columns, and is the default only if the -i
option is specified.
Example output in columns:
cli> stats show -c qtree:*:nfs_ops
Instance nfs_ops
/s
vol1/proj1 143
vol3/proj2 408
Note
The “/s” line shows the unit for the applicable column. In this example, there is
one column, and it is number of operations per second.
If you are displaying multiple objects that have different counters, the column
format may be difficult to read. In this case, use the row format.
Specifying a delimiter: You might need to specify a delimiter so that your
output can be imported into a database or spreadsheet. To add a delimiter, you use
the -d delimiter option to your stats show or stats stop command line. The -
d option only has effect if your output is in column format.
Example output with specified delimiter: In the following example, the
same counter is listed as for the column output example, except that it is comma-
delimited.
cli> stats show -d , -c qtree:*:nfs_ops
Chapter 11: System Information and Performance 285
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Instance nfs_ops
/s
vol1/proj1,265
vol3/proj2,12
About the stats Data ONTAP provides some XML files that output a predetermined set of
preset files statistics that you can use without having to construct a script or type in a
complicated command on the command line. The preset files are located in the
/etc/stats/preset directory.
Using the preset To use a preset file, you add -p filename to your stats show or stats stop
files command line. You can also add counters on the command line. If any options
you specify on the command line conflict with the preset file, your command line
options take precedence.
You can also create your own preset files.
For more information about preset files, see the na_stats_preset(5) man page.
286 Getting storage system information using the stats command
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Getting system information using perfmon
About using The perfmon performance monitoring tool is integrated with the Microsoft
perfmon to access Windows operating system. If you use storage systems in a Windows
system environment, you can use perfmon to access many of the counters and objects
performance available through the Data ONTAP stats command.
statistics
Using perfmon to To use perfmon to access storage system performance statistics, specify the name
access system or IP address of the storage system as the counter source. The lists of
performance performance objects and counters then reflect the objects and counters available
statistics from Data ONTAP.
Note
The default sample rate for perfmon is once every second. Depending on which
counters you choose to monitor, that sample rate could cause a small
performance degradation on the storage system. If you want to use perfmon to
monitor storage system performance, you are advised to change the sample rate
to once every ten seconds. You can do this using the System Monitor Properties.
Chapter 11: System Information and Performance 287
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Getting system information using perfstat
What perfstat is Perfstat is a NetApp tool that reports performance information for both the host
and the storage system. It can be run on either a UNIX or a Windows host. It
collects the performance information and writes it to a text file.
How to get perfstat To get more information about perfstat, or to download the tool, go to the NOW
site at [Link] and navigate to Software Downloads >
ToolChest.
288 Getting system information using perfstat
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Improving storage system performance
About this section This section describes configuration procedures that might improve your
system’s performance.
Balancing NFS Attach multiple interfaces on the storage system to the same physical network to
traffic on network balance network traffic among different interfaces. For example, if two Ethernet
interfaces interfaces on the system named toaster are attached to the same network where
four NFS clients reside, specify in /etc/fstab on client1 and client2 that these
clients mount from toaster-0:/home. Specify in /etc/fstab on client3 and client4
that these clients mount from toaster-1:/home. This scheme can balance the
traffic among interfaces if each of the clients generates about the same amount of
traffic.
The storage system always responds to an NFS request by sending its reply on
the interface on which the request was received.
Ensuring reliable With faster NICs and switches, you are advised to support NFSv2 or NFS v3
NFS traffic by using protocol over TCP rather than over UDP. NFS v4 is supported over TCP only.
TCP
Avoiding access If your applications do not depend on having the correct access time for files, you
time update for can disable the update of access time (atime) on an inode when a file is read. Set
inodes the no_atime_update option to On for each volume to prevent updates. For
example:
vol options vol2 no_atime_update on
Consider turning this option on if your storage system has extremely high read
traffic—for example, on a news server used by an Internet provider—because it
prevents inode updates from contending with reads from other files.
Attention
If you are not sure whether your storage system should maintain an accurate
access time on inodes, leave this option set at its default, Off, so that the access
time is updated.
Chapter 11: System Information and Performance 289
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Improving read- If the file access patterns of your clients are random (nonsequential) and the
ahead performance cache age is less than three, setting minimal read-ahead to On might improve
performance. By default, the storage system uses aggressive read-ahead, which
enhances sequential access, and is more commonly used by UNIX clients and
applications. Use the sysstat command to determine the cache age. Set the
minra option to On for each volume to specify minimal read-ahead. By default,
the option is set to Off and the storage system does very aggressive read-ahead.
Adding disks to a If you have a single traditional volume or single-aggregate storage system, use
disk-bound the sysstat -u command to determine the fraction of time that the busiest disk
aggregate is active. If the fraction is greater than 80 percent, add disks to the traditional
volume or aggregate using the aggr add command.
Sizing aggregates When creating an aggregate or a traditional volume, be sure to provide enough
appropriately data disks for its anticipated data access load. Performance problems due to
insufficient data disks are especially noticeable for single-data-disk aggregates
(two disks for RAID4 and three disks for RAID-DP).
Putting cards into At boot time or when you use the sysconfig -c command, you might see
the correct slots messages indicating that expansion cards must be in certain slots. To improve
performance, follow the recommendations in the message. See the System
Configuration Guide on the NOW site at
[Link] for information about
card placement.
Maintaining If free blocks or free inodes make up less than 10 percent of the space on any
adequate free volume, the performance of writes and creates can suffer. Check free blocks and
blocks and free inodes by using the df command and df -i command, respectively. If over 90
inodes percent of blocks are used, increase blocks by adding disks to the volume’s
containing aggregate or by deleting Snapshot copies. If fewer than 10 percent of
inodes are free, increase inodes by deleting files or using the maxfiles
command.
290 Improving storage system performance
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Optimizing file and If read performance on a particular large file or LUN degrades over time, use the
volume layout reallocate command to optimize its layout. If you add disks to an aggregate,
use reallocate to redistribute the data equally across all of the disks in the
aggregate.
Using oplocks for Oplocks allow CIFS clients to cache more data locally, reducing traffic to the
CIFS storage storage system. On a system running CIFS that is not in a database environment,
systems set oplocks to On by using the options [Link] on command. If
the system is in a database environment, ensure that the oplocks are not set.
Increasing the TCP Increasing the TCP receive window size to its maximum setting on both the
window size for system and a CIFS client can improve performance for large transfers, provided
CIFS that packet loss is not taking place and the client’s send window is large.
Attention
You are strongly advised to call technical support before changing this value.
The default is 17,520 bytes. The number of bytes must be between 2,920 and
64,240, in multiples of 1,460 bytes. The TCP window size controls the number of
TCP messages that can be transmitted between the storage system and the CIFS
client at one time.
Attention
If you are using DOS, enter an NT4 value of 8,760.
Use the options cifs.tcp_window_size 64240 command to maximize the
TCP window size on a storage system running CIFS. Use the options
[Link] 64240 command to maximize the TCP window size
on a system running NFS. Change the window size in the Windows registry on a
Windows NT client by adding the DWORD value
\\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
Tcpip\Parameters\TcpWindowSize and set it to 64,240 (0xFAF0 in
hexadecimal).
Note
The cifs.tcp_window_size and [Link] options are invisible
until you set them. After you set these invisible options, you can view them by
entering the options cifs or the options nfs command.
Chapter 11: System Information and Performance 291
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Backing up by If your storage system has multiple tape drives and a volume with two to four
using qtrees qtrees, you can improve backup rates by running multiple dump commands in
parallel, each reading a different qtree and writing to a different tape drive.
292 Improving storage system performance
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Troubleshooting Tools 12
About this chapter This chapter describes what to do when you experience serious problems with
your storage system, and lists some tools available to you to help you understand
and avoid problems.
Topics in this This chapter discusses the following topics:
chapter ◆ “Storage system panics” on page 294
◆ “Error messages” on page 295
◆ “Other troubleshooting resources” on page 297
Chapter 12: Troubleshooting Tools 293
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Storage system panics
About storage If your storage system has a serious problem, such as a problem with the
system panics hardware or a bug in the system software, it panics. When a system panics, it
performs the following actions:
◆ The system core is dumped into a core file, which is placed in /etc/crash.
◆ A panic message is output to the console and to /etc/messages.
◆ The storage system reboots.
The panic message contains important information that can help you and
technical support determine what happened, and how you can prevent the panic
from happening in the future.
What to do if your If your storage system panics, following these steps can help technical support
storage system troubleshoot the problem more quickly.
panics
Step Action
1 Access the panic message on the console messages or in the
/etc/messages file.
2 On the web site, navigate to the Panic Message Analyzer tool at
[Link]
3 Copy the panic message and Data ONTAP version number into the
Panic Message Analyzer tool to determine whether your panic was
caused by a known software issue.
4 If the panic is due to a known issue that was fixed in a later release,
and upgrading to that release is feasible, you can download the new
release from the web site and upgrade to resolve the issue.
5 Otherwise, call technical support.
Note
If you have AutoSupport enabled, AutoSupport automatically alerts technical
support when your system panics.
294 Storage system panics
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Error messages
About error If a hardware, software, or configuration problem exists on your system that is
message logging not severe enough to cause a panic, the storage system logs a message to alert you
to the problem. That message can be logged to the console, a file, or to a remote
system, depending on how you have configured message logging.
For more information, see “Configuring message logging” on page 142.
Note
You should check the /etc/messages file once a day for important messages. You
can automate the checking of this file by creating a script on the administration
host that periodically searches /etc/messages and then alerts you of important
events.
Using the Syslog Error messages need to be relatively brief to avoid clogging the error logging
Translator to get system. Some messages have more information available through the Syslog
more information Translator on the web site.
about error
messages To get more information about an error message using the Syslog Translator,
complete the following steps.
Step Action
1 Go the web site and select Technical Assistance & Documentation >
Syslog Translator.
2 In the Software field, select Data ONTAP.
Chapter 12: Troubleshooting Tools 295
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Step Action
3 Cut and paste the error message into the Search String field and click
Translate.
Result: If more information is available about the message you have
received, it is displayed, including the following information:
◆ Severity
◆ Description
◆ Corrective action
◆ Related information
◆ Data ONTAP versions this message applies to
◆ Details about the syslog message
◆ Details about the SNMP trap initiated by this message
Accessing the To access the Syslog Translator though FilerView, complete the following steps.
Syslog Translator
using FilerView Step Action
1 From FilerView, select Filer > Syslog Messages.
Result: The /etc/messages file is displayed.
2 Click on any message displayed as a hot link to access the Syslog
Translator for that message.
If a message is not listed as a hot link, no further information is
available from the Syslog Translator for that message.
296 Error messages
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Other troubleshooting resources
Using the NOW site The NOW site is a powerful resource to help you diagnose and solve problems
for help with errors with your storage system. The NOW site includes the following tools:
◆ Knowledgebase Solutions
A database of technical tips and articles to help with specific errors and
problems. To access this tool, select Service & Support to access the natural
language search tool. Make sure that the Knowledgebase Solutions check
box is selected.
You can also browse the Knowledgebase by selecting Browse the
Knowledgebase.
◆ Bugs Online
NetApp provides information about known issues and any workarounds
using this tool. To access Bugs Online, select Service & Support > Bugs
Online & Release Tools.
If you know the bug ID, you can view the information for that particular bug.
Otherwise, you can use either the Bugs Online search capabilities or the
natural language search as described for the Knowledgebase Solutions tool
to search for a bug that matches your issue.
Using RLM to If your storage system supports the Remote LAN Module (RLM), you can use it
troubleshoot to troubleshoot the system even if you are not in the same location as the system.
You can use the RLM to view system console messages, view system events,
dump the system core, and issue commands to power-cycle, reset, or reboot the
system. For more information, see “Troubleshooting the storage system with the
RLM” on page 231.
Chapter 12: Troubleshooting Tools 297
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
298 Other troubleshooting resources
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Glossary
ACL Access control list. A list that contains the users’ or groups’ access rights to
each share.
adapter card A SCSI card, network card, hot swap adapter card, serial adapter card, or
VGA adapter that plugs into an expansion slot. See expansion card.
address resolution The procedure for determining a media access control (MAC) address
corresponding to the address of a LAN or WAN destination.
administration host The client you specify during system setup for managing the system. The
setup program automatically configures the system to accept telnet and
rsh connections from this client, to give permission to this client for
mounting the / and /home directories, and to use this client as the mail host
for sending AutoSupport e-mail messages. At any time after you run the
setup program, you can configure the system to work with other clients in
the same way it does with the administration host.
aggregate A manageable unit of RAID-protected storage, consisting of one or two
plexes, that can contain one traditional volume or multiple FlexVol volumes.
For more information about aggregates, see the Storage Management Guide.
API Application Programming Interface. A software toolkit designed to provide
system access to external programs. Data ONTAP provides an API called
Manage ONTAP.
ATM Asynchronous Transfer Mode. A network technology that combines the
features of cell-switching and multiplexing to offer reliable and efficient
network services. ATM provides an interface between devices such as
workstations and routers, and the network.
Glossary 299
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
authentication A security step performed by a domain controller for the system’s domain, or by
the system itself, using its /etc/passwd file.
AutoSupport A system daemon that triggers messages from the customer site to NetApp or
another specified e-mail recipient when there is a potential system problem. For
more information about AutoSupport, see “Using AutoSupport” on page 159.
big-endian A binary data format for storage and transmission in which the most significant
bit or byte comes first.
CIFS Common Internet File System. A protocol for networking PCs.
CLI Command Line Interface. The Data ONTAP system prompt is an example of a
Command Line Interface.
client A computer that shares files on a storage system.
cluster A pair of storage systems connected so that one system can detect when the other
is not working and, if so, can serve the failed system data. When storage systems
are clustered, each system is also referred to as a node.
cluster interconnect Cables and adapters with which the two storage systems in a cluster are
connected and over which heartbeat and WAFL log information are transmitted
when both systems are running.
cluster monitor Software that administers the relationship of storage systems in the cluster
through the cf command.
community A name used as a password by the SNMP manager to communicate with the
storage system agent.
300 Glossary
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
console A terminal that is attached to a storage system’s serial port and is used to monitor
and manage storage system operation.
continuous media A background process that continuously scans for and scrubs media errors on the
scrub storage system disks.
copy-on-write The technique for creating Snapshot copies without consuming excess disk
space.
degraded mode The operating mode of a storage system when a disk is missing from a RAID4
array, when one or two disks are missing from a RAID-DP array, or when the
batteries on the NVRAM card are low.
disk ID number A number assigned by a storage system to each disk when it probes the disks at
boot time.
disk sanitization A multiple write process for physically obliterating existing data on specified
disks in such a manner that the obliterated data is no longer recoverable by
known means of data recovery.
disk shelf A shelf that contains disk drives and is attached to a storage system.
emulated storage A software copy of a failed storage system that is hosted by its takeover storage
system system. The emulated storage system appears to users and administrators to be a
functional version of the failed storage system. For example, it has the same
name as the failed storage system.
Ethernet adapter An Ethernet interface card.
expansion card A SCSI card, NVRAM card, network card, hot swap card, or console card that
plugs into a storage system expansion slot. See adapter card.
Glossary 301
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
expansion slot The slots on the storage system board into which you insert expansion cards.
failed storage A physical storage system that has ceased operating. In a clustered configuration,
system it remains the failed storage system until a giveback succeeds.
FDDI adapter A Fiber Distributed Data Interface (FDDI) interface card.
FDDI-fiber An FDDI adapter that supports a fiber-optic cable.
FDDI-TP An FDDI adapter that supports a twisted-pair cable.
GID Group identification number.
giveback The return of identity from the virtual storage system to the failed storage system,
resulting in a return to normal operation; the reverse of takeover.
group A group of users defined in the storage system’s /etc/group file.
heartbeat A repeating signal transmitted from one storage system to the other that indicates
that the storage system is in operation. Heartbeat information is also stored on
disk.
hot spare disk A disk installed in the storage system that can be used to substitute for a failed
disk. Before the disk failure, the hot spare disk is not part of the RAID disk array.
hot swap The process of adding, removing, or replacing a disk while the storage system is
running.
302 Glossary
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
hot swap adapter An expansion card that makes it possible to add or remove a hard disk with
minimal interruption to file system activity.
inode A data structure containing information about files on a storage system and in a
UNIX file system.
interrupt switch A switch on some storage system front panels used for debugging purposes.
LAN Emulation The architecture, protocols, and services that create an Emulated LAN using
(LANE) ATM as an underlying network topology. LANE enables ATM-connected end
systems to communicate with other LAN-based systems.
local storage The storage system you are logged in to.
system
magic directory A directory that can be accessed by name but does not show up in a directory
listing. The .snapshot directories, except for the one at the mount point or at the
root of the share, are magic directories.
mailbox disk One of a set of disks owned by each storage system that is used to store the
cluster state information of a storage system. If that system stops operating, the
takeover system uses the information in the mailbox disks in constructing a
virtual storage system. Mailbox disks are also used as file system disks.
maintenance mode An option when booting a storage system from a system boot disk. Maintenance
mode provides special commands for troubleshooting hardware and
configuration.
MultiStore® An optional software product that enables you to partition the storage and
network resources of a single storage system so that it appears as multiple storage
systems on the network.
Glossary 303
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
NDMP Network Data Management Protocol. A protocol that allows storage systems to
communicate with backup applications and provides capabilities for controlling
the robotics of multiple tape backup devices.
network adapter An Ethernet, FDDI, or ATM adapter card.
normal mode The state of a storage system when there is no takeover in the cluster.
NVRAM cache Nonvolatile RAM in a storage system, used for logging incoming write data and
NFS requests. Improves system performance and prevents loss of data in case of
a storage system or power failure.
NVRAM card An adapter card that contains the storage system’s NVRAM cache.
NVRAM mirror A synchronously updated copy of the contents of the storage system NVRAM
(nonvolatile random access memory) contents kept on the partner storage system.
panic A serious error condition causing the storage system to halt. Similar to a software
crash in the Windows system environment.
parity disk The disk on which parity information is stored for a RAID4 disk drive array. In
RAID groups using RAID-DP protection, two parity disks store the parity and
double-parity information. Used to reconstruct data in failed disk blocks or on a
failed disk.
partner From the point of view of a local storage system, the other storage system in a
cluster.
partner mode The method you use to communicate through the command-line interface with a
virtual storage system during a takeover.
304 Glossary
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
POST Power-on self-tests. The tests run by a storage system after the power is turned
on.
qtree A special subdirectory of the root of a volume that acts as a virtual subvolume
with special attributes. For more information about qtrees, see the Storage
Management Guide.
RAID Redundant array of independent disks. A technique that protects against disk
failure by computing parity information based on the contents of all the disks in
an array. storage systems use either RAID Level 4, which stores all parity
information on a single disk, or RAID-DP, which stores all parity information on
two disks.
RAID disk The process in which a system reads each disk in the RAID group and tries to fix
scrubbing media errors by rewriting the data to another disk area.
SCSI adapter An expansion card that supports SCSI disk drives and tape drives.
SCSI address The full address of a disk, consisting of the disk’s SCSI adapter number and the
disk’s SCSI ID, such as 9a.1.
SCSI ID The number of a disk drive on a SCSI chain (0 to 6).
serial adapter An expansion card for attaching a terminal as the console on some storage system
models.
serial console An ASCII or ANSI terminal attached to a storage system’s serial port. Used to
monitor and manage storage system operations.
share A directory or directory structure on the storage system that has been made
available to network users and can be mapped to a drive letter on a CIFS client.
Glossary 305
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
SID Security identifier used by the Windows operating system.
Snapshot copy An online, read-only copy of an entire file system that protects against accidental
deletions or modifications of files without duplicating file contents. Snapshot
copies enable users to restore files and to back up the storage system to tape
while the storage system is in use.
system board A printed circuit board that contains a storage system’s CPU, expansion bus slots,
and system memory.
takeover The emulation of the failed node identity by the takeover node in a cluster; the
opposite of giveback.
takeover storage A storage system that remains in operation after the other storage system stops
system working and that hosts a virtual storage system that manages access to the failed
node disk shelves and network connections. The takeover node maintains its own
identity and the virtual node maintains the failed node identity.
takeover mode The method you use to interact with a storage system while it has taken over its
partner. The console prompt indicates when the storage system is in takeover
mode.
trap An asynchronous, unsolicited message sent by an SNMP agent to an SNMP
manager indicating that an event has occurred on the storage system.
UID User identification number.
Unicode A 16-bit character set standard. It was designed and is maintained by the
nonprofit consortium Unicode Inc.
306 Glossary
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
vFiler A virtual storage system you create using MultiStore, which enables you to
partition the storage and network resources of a single storage system so that it
appears as multiple storage systems on the network.
volume A file system. For more information about volumes, see the Storage Management
Guide.
WAFL Write Anywhere File Layout. The WAFL file system was designed for the
storage system to optimize write performance.
WINS Windows Internet Name Service.
workgroup A collection of computers running Windows NT or Windows for Workgroups
that is grouped for browsing and sharing.
Glossary 307
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
308 Glossary
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
Index
Symbols aggregate state, displaying (aggr status) 261
/etc directory 9, 59 definition 299
/etc/[Link] file 47 disk statistics, displaying (aggr status) 261
/etc/log/auditlog file 146 performance improvements for disk-bound
/etc/messages file 59, 142 aggregates 290
/etc/rc file 149, 152 root option 66
/etc/[Link] file API 299
configuring message logging in 145 assigning priorities using FlexShare 249
file format and parameters of 143 ATM 299
/etc/[Link] file, character coding of 59 auditlog file 93, 146
/home file, contents of 58 authentication
/vol/vol0, root volume 55 definition of 300
public key-based 189
with SSH 179
Numerics with SSL 182
3DES, for SecureAdmin 179 AutoSupport
about 160
commands used 174
A configuring 166
access to storage system See storage system access contents of email 173
ACL 299 default transport protocol 160
adapter card 299 defined 160
address resolution 299 events that trigger e-mail 172
administration hosts mail host support for 161
adding 47 options 162
definition of 45, 299 options [Link] (configures
deletion of 48 AutoSupport) 166
reasons for using 45 reboots and 141
removing 48 requirements for 161
use of 45 technical support and 160
when you can add 45 testing 167
where they are specified 46 testing (options [Link]) 167
administrative level commands 22 transport protocols 161
administrator access, managing 93 troubleshooting 168
administrator accounts when system reboots 141
changing the password of (passwd) 123
reasons for creating 93
advanced level commands 22
B
aggregate Snapshot copy management 128 banner message for Telnet sessions 35
aggregates big-endian 300
aggr copy command 9 boot options
aggr status command, description of 261 FAS200 series storage systems 70
Index 309
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
booting NFS, requirements 46
FAS200 series systems 70 platforms supported by FilerView 40
from command prompt 68 SecureAdmin supported 179
from firmware prompt 68, 71 command line editing
remotely 75 with editing mechanism 19
browsers, improving security through 182 with history mechanism 19
Bugs Online 297 commands
administrative level 22
advanced level 22
C [Link] (sets AutoSupport
capabilities options) 166
assigning to roles 106 boot (boots the storage system) 68
assignment to users 94 date (sets system date and time) 134
definition of 94 halt (halts the storage system) 89, 90
list of supported types 106 license 132
modifying others’ 100 options [Link] (tests AutoSupport)
types of 106 167
cards, expansion, displaying information about 256 options wafl.root_only_chown (sets file
certificate-authority signed certificates 193 ownerships changes) 52
certificates passwd (changes administrative user
domain names and 196 password) 123
generating 193 passwd (changes storage system system
installing 193, 195, 197 password) 122
regenerating 197 priv 22
testing 196 privilege levels 22
types of 193 reboot (reboots the storage system) 87
used by SSL protocol 193 rsh command list 38
change privileges, file ownership 52 savecore, what it does 140
character coding for configuration files 59 See also rsh commands, statistics commands,
checksums, displaying information 261 stats command, status commands,
CIFS SSH (Secure Shell) commands, SSL
accessing /etc directory 61 (secure sockets layer) commands.
accessing home directory 62 stats 276
administrator accounts in 93 useradmin 93
client, requirements to manage storage system CompactFlash cards
46 booting FAS900 systems 81
client,increasing performance for 291 booting the FAS200 series storage systems 70
definition of 300 checking the Data ONTAP version of 77, 84
editing configuration files using 63 description of 4
CIFS share, definition of 305 recovering from corrupted image 77
CLI 300 configuration
client decryption 180 display, using sysconfig 256
clients message logging 142
CIFS, requirements 46 of AutoSupport (options [Link])
editing configuration file from 63 166
310 Index
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
configuration files with SSH 180
/etc 58 with SSL 182
about backup and cloning 153 encryption algoritims supported by SecureAdmin
accessing 17 179
backing up 153 environmental adapter (storage system main unit) 5
cloning 154 error message logging, about 295
comparing backups 155
editing from CIFS client 63
editing from NFS client-setup 63 F
restoring 154 FAS200 series systems
within /etc directory 59 booting 70
configuring preparing for Netboot startup 78
HTTP services 84 starting through netboot option 79
TFTP services 85 file ownership change privileges 52
core files 140 FilerView
criticaltime (UPS option) 156 accessing storage system through 17, 40
accessing Syslog Translator through 296
description 40
D Help system defined 44
data access management 9, 13 supported by client platforms 40
data migration management 9 using the interface 42
Data ONTAP, check version of 77 Web browser requirements 40
data organization management 8 files, configuration 58
data protection 9 filestats command
data storage management 7, 8 about 266
DataFabric Manager 2 options for 269
date, setting storage system time and 134 FlexShare
decryption, between client and storage system 180 about 245
default directories 58 active/active storage systems and 246
default root volume 55 buffer cache policy, about 252
deletion of administration hosts 48 buffer cache policy, setting 253
device carrier 3 default priority, modifying 255
directories, default permissions 58 default queue 247
disks, displaying statistical information for 256 io_concurrency options 248
domain names, changing storage system 196 priorities, assigning 249
domainusers priorities, removing 254
definition of 93 volume operations and 247
deleting 116 when to use 245
granting access to 98
listing 111
DSA key pair, for SSH 189 G
generating certificates 193
groups
E assigning roles to 102
editing mechanism, editing command line with 19 assigning users to 96
encryption definition of 94
311 Index
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
deleting 116 L
listing 111 LCD, on storage system chassis 4
naming requirements 94 [Link] file, reloading 103
predefined 101 level commands
reloading from [Link] file 103 administrative 22
renaming 103 advanced 22
Windows special 95 licenses 132, 133
log files, accessing using HTTP 62
H
history mechanism, editing command line with 19 M
HMAC, for SecureAdmin 179 mail host support for AutoSupport 161
host keys Manage ONTAP Developer SDK software 15, 16,
changing the size of 186 17
determining sizes 184 man-in-the-middle warning 187
setting 184 manual (man) pages 21
uses of 179 message files, accessing using HTTP 62
using with SSH 184 message logging, configuring 142
where stored 184 mount privileges, controlling of (options
host support for AutoSupport, mail 161 nfs.mount_rootonly) 51
hosts multiprotocol file and block sharing 7
definition of 45
deletion of administration 48
use of administration 45 N
when you can add 45 N5200 and N5500 systems, booting 87
HTTP access to log files 62 naming requirements for useradmin command 94
HTTP services, configuring 84 NDMP 10
Netboot startup
I preparing FAS200 series storage systems 78
server requirements 84
installing certificates 193, 195
starting FAS200 series systems 79
interface, use of FilerView 42
using storage systems as Netboot servers 84
Network file service 7
K NFS client
keys access to /etc directory 61
host. See host keys access to /etc/directory 62
private and public. See RSA key pair requirements to manage storage system 46
public-based authentication. See RSA key pair. non-local users, granting access to 98
server. See server keys NVFAIL 10
session 179 NVRAM
used by SSH protocol 179 description of 4
Knowledgebase Solutions 297 halt command to save data to disk 89
312 Index
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
O reinitialization
obsolete domain names, and SSL 196 of SSH 186
OpenSSH of SSL 197
for SecureAdmin 179 remote management 201
generating key pairs in 189 Remote Management Controller 5
ownership change privileges, file 52 Remote Shell access to storage system (rsh) 37
removing priorities using FlexShare 254
requirements
P for Web browser 40
panics 294 to manage storage system on NFS clients 46
password rules, changing 124 RLM
passwords admin mode command syntax 218
changing (passwd) 122 admin mode commands 216
managing security using 120 advanced command syntax 220
passwords, changing (passwd) 123 advanced mode commands 220
perfmon, using to monitor performance 287 AutoSupport messages 226
performance, monitoring with perfmon 287 booting N5200 and N5500 systems from 87
permissions of default directories (/etc, /home) 58 command line interface (CLI) 215
plexes, displaying information about 261 description of 200
priorities, assigning using FlexShare 249 displaying information in admin mode 221
priorities, removing using FlexShare 254 displaying information in advanced mode 220
private and public keys. See RSA key pair 189 features 201
privilege levels for Data ONTAP commands 22 firware update problems, troubleshooting 240
privileges, file ownership change 52 how to configure 204
protocols. See SSH (Secure Shell) protocol, SSL logging in to 212
(Secure Sockets Layer) protocol managing with Data ONTAP commands 204,
public-key encryption 179, 180 209
PuTTY for SecureAdmin 179 system console redirection feature 216
System Event Log 224
troubleshooting communication problems 236
Q troubleshooting configuration problems 236
qtrees 305 troubleshooting connection problems 237
quota file, character coding for 59 troubleshooting firmware update problems 240
using AutoSupport options 210
RMC 5
R roles
RAID 305 assigning capabilities to 106
displaying statistics (aggr status) 261 assigning to groups 102
displaying statistics (sysconfig -r) 256 creating 108
displaying statistics (vol status) 263 definition of 94
rebooting the system deleting 116
from the console 87 listing 111
remotely 87 modifying 109
using RLM 87 naming requirements 94
regeneration of certificates 197 predefined 105
313 Index
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
root option for aggregates 66 nfs.mount_rootonly) 51
root password, changing 122 improving using Secure FilerView 182
root volume improving using SecureAdmin 178
changing 65 improving using SSH 179
default name 55 limiting Remote Shell access 50
directories contained within 58 limiting Telnet access 49
minimum size 56 options 53
size requirement 56 password options 124
space guarantees and 57 passwords, managing 120
RSA key pair self-signed certificates 193
definition of 189 serial ports (storage system hardware) 6
generating for SSH 1.x 189 server keys
generating for SSH 2.0 190 changing the size of 186
where stored 189, 190 setting 184
RSA/DSA, for SecureAdmin 179 size guidelines for 184
rsh (Remote Shell) uses of 179
access to storage system 37 using with SSH 184
using with Windows 39 server requirements for netboot 84
rsh commands session keys, uses of 180
accessing storage system from a PC client 39 share, definition of 305
accessing storage system from a UNIX client single partitions 68
38 slots, expansion (storage system hardware) 6
format used with user name and password 38 SnapLock 10
list of 38 SnapMirror 10
privilege levels 22 SnapRestore 10
use with user names and passwords 37 Snapshot copy, aggregate 128
Snapshot copy, definition of 306
Snapshot software 11
S SnapVault 11
secure connection, testing 196 SSH (Secure Shell) commands
Secure FilerView, improving security using 182 secureadmin disable all 198
secure session, creating with SecureAdmin 180 secureadmin disable ssh 186, 188
SecureAdmin secureadmin enable all 198
authentication supported 179 secureadmin enable ssh 184, 186, 188
creating a secure session with 180 secureadmin setup -f ssh 186
displaying status of 198 secureadmin setup ssh 184
encryption algorithims supported 179 secureadmin status 198
improving security with SSH 179 SSH (Secure Shell) protocol
improving security with SSL 182 authentication with 179
managing SSH portion 183 creating a secure session with 180
managing SSL portion 193 determining host and server key size using 184
security disabling or enabling 184, 188
controlling file ownership changes (options encryption with 179
wafl.root_only_chown) 52 host keys. See host keys
controlling mount privileges (options improving security with 179
314 Index
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
keys used by 179 256, 261, 263
managing 183 displaying relative environment information
reinitializing 186 272
server keys. See server keys displaying relative physical drive position 275
session keys 180 displaying shelf environment status 273
setting up and starting 184 displaying tape drive information 257
SSH Communications Security client, for displaying tape information 260
SecureAdmin 179 displaying tape library information 257
SSL (Secure Sockets Layer) commands displaying volume
secureadmin addcert ssl 193, 197 information (sysconfig -v) 257
secureadmin disable all 198 language (vol status) 264
secureadmin disable ssl 197 displaying volume state statistics 263
secureadmin enable all 198 environment, description of 272
secureadmin enable ssl 193 Fibre Channel statistics, description of 275
secureadmin enable ssl (enables SSL) 197 storage command, description of 259
secureadmin setup -f ssl 197 sysconfig command, description of 256
secureadmin setup ssl 193 vol status command, description of 263
secureadmin status 198 stats command
SSL (Secure Sockets Layer) protocol about 276
authentication with 182 background mode 283
certificates used with 193 controlling output 284
disabling or enabling 197 counters 276
improving security with 182 instances 276
managing 193 objects 276
reinitializing 197 preset files 286
setting up and starting 193 repeat mode 282
startup commands in /etc/rc 149 singleton mode 281
statistics commands status commands
aggr status command, description of 261 aggr status (displays aggregate state) 261
checking expansion cards 256 aggr status -d (displays disk statistics) 261
displaying adapter information 259 aggr status -r (displays RAID statistics) 261
displaying aggregate state statistics 261 environment chassis (displays shelf
displaying chassis environment status 273 environment information) 273
displaying Data ONTAP version 256 environment command, description of 272
displaying disk information environment status (displays all storage system
aggr status 261 environment information) 272
storage show 259 environment status shelf (displays shelf
sysconfig -d 256 environment information) 273
vol status 263 fcstat device_map (displays relative physical
displaying Fibre Channel driver statistics 275 drive position) 275
displaying link statistics 275 fcstat fcal_stats (displays fibre channel driver
displaying medium changer information 259 statistics) 275
displaying overall storage system information fcstat link_stats (displays link statistics) 275
257 filestats command, description of 265
displaying RAID and checksum information storage command, description of 259
315 Index
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
storage hub (displays hub information) 259 components 4
storage show adapter (displays adapter environmental adapter 5
information) 259 expansion slots 6
storage show disk (displays disk information) LCD 4
259 memory 4
storage show mc (displays medium changer system board 4
information) 259 storage system, defined 2
storage show port (displays switch port storage systems
information) 259 booting 70
storage show switch (displays switch booting the system (boot) 68
information) 259 changing domain name of 196
storage show tape (displays tape information) decryption 180
260 disabling licenses for 133
storage stats tape (displays tape statistics) 260 displaying current licenses for (license) 133
sysconfig -c (checks expansion cards) 256 displaying overall statistics for 257
sysconfig -d (displays disk information) 256 displaying version of 256
sysconfig -m (displays tape drive information) editing boot configuration file in 151
257 enabling licenses for (license) 132
sysconfig -m (displays tape library statistics) halting (halt) 90
257 improving performance in 289
sysconfig -r (displays RAID information) 256 managing CIFS using FilerView 17
sysconfig -v (displays overall filr statistics) performance improvements
257 aggregate sizing 290
sysconfig -V (displays volume statistics) 257 avoiding inodes access time update 289
ups (displays UPS environment information) backup rate 292
273 balancing NFS traffic on interfaces 289
vol status (displays volume state) 263 caching client data to reduce traffic 291
vol status -d (displays disk statistics) 263 disk-bound volume 290
vol status -l (displays volume language) 264 large transfer 291
vol status -r (displays RAID statistics) 263 maintain adequate free blocks and inodes
status, displaying SecureAdmin 198 290
storage system 2, 3 read-ahead 290
storage system access 45 reallocate command 291
/etc directory, accessing from CIFS client 61 using TCP 289
/etc directory, accessing from NFS client 61 rebooting the system (reboot) 87
/home directory, accessing from CIFS client 62 rsh (Remote Shell) access to 37
/home directory, accessing from NFS client 62 savecore (saves the core file) 140
from the console 29, 30 security
inaccessiblility, reasons for 152 controlling file ownership changes
using FilerView 40 (options wafl.root_only_chown)
using rsh command from a PC client 39 52
using rsh command from a UNIX client 38 controlling mount privileges (options
with Remote Shell (rsh) 37 nfs.mount_rootonly) 51
with Telnet 33, 34 limiting Telnet access 49
storage system hardware options 53
316 Index
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
setting date and time (date) 134 shutdown process 156
support for AutoSupport, mail host 161 use of administration hosts 45
SyncMirror 12 use of FilerView interface 42
syncronizing system time 137 user account, changing password for 123
Syslog Translator useradmin
accessing through FilerView 296 examples 117
using 295 naming requirements 94
system usermap file, character coding for 59
board (storage system hardware) 4 users
date and time, setting 134 assigning to groups 96
management 12 capabilities and 94
memory (storage system main unit) 4 changing passwords 123
panics 294 creation examples 117
password, changing 122 definition of 93
rebooting, from the console 87 deleting 116
rebooting, remotely 87 examples of creating 117
listing 111
modifying capabilities of 100
T naming requirement 94
tape backup and restore 10, 12
tape drives, displaying statistics 257
tapes, displaying tape library statistics 257 V
TCP, increasing window size 291 Vandyke SecureCRT, for SecureAdmin 179
Telnet version checking, Data ONTAP 77
access to storage system 33 vol copy 12
configuring a timeout period 35 volumes
limiting access to 49 disk statistics, displaying (vol status) 263
termination of session with the storage system vol status command, description of 263
34 volume language, displaying (vol status) 264
TFTP volume state, displaying (vol status) 263
enabling console logging of accessed files 86 volume statistics, displaying 257
root directory, specifying 85
services, configuring 85
time W
setting storage system date and 134 WAFL 2
synchronizing 137 warnings
time servers, about 137 man-in-the-middle 187
timed, using 137 obsolete domain names 196
warningtime (UPS option) 156
Windows
U administrator accounts in 93
Uninterruptible Power Supply (UPS) domain users, granting access to 98
adding a device to be monitored 273 network commands 17
enabling or disabling monitoring of 274 special groups 95
UPS using rsh with 39
management 156
317 Index
Contents Subject to Change
Release Candidate Documentation—Updated 22 May 2006
318 Index
Contents Subject to Change
You might also like
- Data ONTAP 7.2 Storage Management GuideNo ratings yetData ONTAP 7.2 Storage Management Guide396 pages
- Data Ontap 7.2: ® Network Management GuideNo ratings yetData Ontap 7.2: ® Network Management Guide270 pages
- VSeries Systems Hardware Maintenance GuideNo ratings yetVSeries Systems Hardware Maintenance Guide202 pages
- IBM System Storage N Series: Data ONTAP 7.1 File Access and Protocols Management GuideNo ratings yetIBM System Storage N Series: Data ONTAP 7.1 File Access and Protocols Management Guide398 pages
- IBM System Storage N Series Data ONTAP DSM 3 0 For Windows MPIO Installation and Administration Guide100% (2)IBM System Storage N Series Data ONTAP DSM 3 0 For Windows MPIO Installation and Administration Guide74 pages
- Brocade 5000 Switch Configuration GuideNo ratings yetBrocade 5000 Switch Configuration Guide64 pages
- Acknowledgments: Carnegie Mellon University (If - PPP.C - Point-to-Point Protocol (PPP) Asynchronous Driver)No ratings yetAcknowledgments: Carnegie Mellon University (If - PPP.C - Point-to-Point Protocol (PPP) Asynchronous Driver)15 pages
- Acknowledgments: Broadcom (Common Firmware Environment)No ratings yetAcknowledgments: Broadcom (Common Firmware Environment)17 pages
- Términos de Uso del Software de TercerosNo ratings yetTérminos de Uso del Software de Terceros10 pages
- Feature Description-KEMP Web Application FirewallNo ratings yetFeature Description-KEMP Web Application Firewall24 pages
- Web Application Firewall (WAF) : Feature DescriptionNo ratings yetWeb Application Firewall (WAF) : Feature Description26 pages
- Licensing and Legal Information: Jump To LGPL Version 3No ratings yetLicensing and Legal Information: Jump To LGPL Version 3179 pages
- Feature Description-Application Firewall PackNo ratings yetFeature Description-Application Firewall Pack20 pages
- KEMP Configuration Guide-Web User Interface WUINo ratings yetKEMP Configuration Guide-Web User Interface WUI212 pages
- Novell Extend Composer Telnet Connect: User'S GuideNo ratings yetNovell Extend Composer Telnet Connect: User'S Guide146 pages
- Novell Extend Composer Telnet Connect: User'S GuideNo ratings yetNovell Extend Composer Telnet Connect: User'S Guide146 pages
- M-S1104 Firewall Enterprise Sidewinder Setup GuideNo ratings yetM-S1104 Firewall Enterprise Sidewinder Setup Guide744 pages
- Acknowledgements Filemaker Pro/ Pro 12 Advanced Advanced Software Engineering Limited (Chartdirector)No ratings yetAcknowledgements Filemaker Pro/ Pro 12 Advanced Advanced Software Engineering Limited (Chartdirector)9 pages
- Smart Parking Management System ProposalNo ratings yetSmart Parking Management System Proposal13 pages
- 2D Transformations Explained in Real LifeNo ratings yet2D Transformations Explained in Real Life13 pages
- Three-State TMA for Secure OFDM TransmissionNo ratings yetThree-State TMA for Secure OFDM Transmission8 pages
- Shell Scripting & CPU Scheduling ProjectNo ratings yetShell Scripting & CPU Scheduling Project25 pages
- Overview of ASIC Design and VLSI in IndiaNo ratings yetOverview of ASIC Design and VLSI in India463 pages
- Calculation Worksheet: Combustion Air, Standard Method: Step 1No ratings yetCalculation Worksheet: Combustion Air, Standard Method: Step 11 page
- Et200sp Ai Energymeter 400vac ST Manual en-US en-USNo ratings yetEt200sp Ai Energymeter 400vac ST Manual en-US en-US109 pages
- UC1901 Isolated Feedback Generator OverviewNo ratings yetUC1901 Isolated Feedback Generator Overview13 pages
- Optimizing Wind Turbine Performance TechniquesNo ratings yetOptimizing Wind Turbine Performance Techniques8 pages