celerra features and functions

43
Copyright © 2006 EMC Corporation. Do not Copy - All Rights Reserved. Celerra Feature and Functions - 1 © 2006 EMC Corporation. All rights reserved. Ce lerra Fe atures and Func ti ons Celerra Features and Functions Welcome to Celerra Feature and Functions. The AUDIO po rtion of thi s course is su pplemen tal to the materi al and is not a replaceme nt for the student not es accompanying this course . EMC recommends downloading the Student Resource Guide from the Supporting Materials tab, and reading the notes in their entirety. These materials may not be copied without EMC's written consent. EMC believes the information in this publicati on is accurate as of its publication date. The information is subject to change without notice. THE INFORMATION IN THIS PUBLI CATION IS PROVIDED “AS IS.” EMC CORPOR ATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Use, copying, and distribution of any EMC software described in this publication requires an applicable software license. EMC 2 , EMC, Symmetrix, Celerra, and CLARiiON are registered trademarks of EMC Corporation, and Celerra Replicator, ControlCente r, HighRoad, OnCourse, SnapSure, SRDF, and TimeFinder are trademarks of EMC Corporation. All other trademarks used herein are the property of their respective owners.

Upload: sri-brindha

Post on 19-Oct-2015

33 views

Category:

Documents


0 download

TRANSCRIPT

  • Copyright 2006 EMC Corporation. Do not Copy - All Rights Reserved.

    Celerra Feature and Functions - 1

    2006 EMC Corporation. All rights reserved.

    Celerra Features and FunctionsCelerra Features and Functions

    Welcome to Celerra Feature and Functions.

    The AUDIO portion of this course is supplemental to the material and is not a replacement for the student notes accompanying this course.

    EMC recommends downloading the Student Resource Guide from the Supporting Materials tab, and reading the notes in their entirety.

    These materials may not be copied without EMC's written consent.

    EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice.

    THE INFORMATION IN THIS PUBLICATION IS PROVIDED AS IS. EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

    Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.

    EMC2, EMC, Symmetrix, Celerra, and CLARiiON are registered trademarks of EMC Corporation, and Celerra Replicator, ControlCenter, HighRoad, OnCourse, SnapSure, SRDF, and TimeFinder are trademarks of EMC Corporation.

    All other trademarks used herein are the property of their respective owners.

  • Copyright 2006 EMC Corporation. Do not Copy - All Rights Reserved.

    Celerra Feature and Functions - 2

    2006 EMC Corporation. All rights reserved. Celerra Feature and Functions - 2

    Celerra Features and Functions

    Upon completion of this course, you should be able to:

    y Define how Celerra provides network compatibilityy Describe how Celerra offers high availability y Identify the features of Celerra which provide data

    replication and recovery

    y Describe Celerra's security featuresy Explain the different management options available to

    Celerra

    The objectives for this course are shown here. Please take a moment to read them.

  • Copyright 2006 EMC Corporation. Do not Copy - All Rights Reserved.

    Celerra Feature and Functions - 3

    2006 EMC Corporation. All rights reserved. Celerra Feature and Functions - 3

    Network Compatibility

    y Explain the network types used by Celerray Explain the network protocols used by Celerray Define VLANs in a Celerra environment

    This lesson will provide you with an understanding of EMC Celerra network infrastructure compatibility. Please take a moment to read the objectives.

  • Copyright 2006 EMC Corporation. Do not Copy - All Rights Reserved.

    Celerra Feature and Functions - 4

    2006 EMC Corporation. All rights reserved. Celerra Feature and Functions - 4

    Ethernet

    Celerra supports standard Ethernet networks for client access to Data Movers and management access to the Control Station.

    Celerra supports Ethernet networks that run at 10, 100, or 1000 megabyte speed and can use either copper or optical media connections. Multiple network interface ports and/or cards are provided for redundancy. The number of possible network connections and types will vary depending on the specific configuration and model.

  • Copyright 2006 EMC Corporation. Do not Copy - All Rights Reserved.

    Celerra Feature and Functions - 5

    2006 EMC Corporation. All rights reserved. Celerra Feature and Functions - 5

    NFS

    UNIX/Linux Client....

    .....

    UNIX/Linux Client

    UNIX/Linux Client

    Corporate Data

    Corporate Data

    The Network File System (NFS) protocol is typically used by UNIX computers. The Celerra supports Versions 2, 3, and 4 of NFS, both over TCP and UDP. The Celerra also supports the Network Information Service (NIS), which maintains consistent user and group information across multiple servers, and sometimes provides name services.

  • Copyright 2006 EMC Corporation. Do not Copy - All Rights Reserved.

    Celerra Feature and Functions - 6

    2006 EMC Corporation. All rights reserved. Celerra Feature and Functions - 6

    Celerra Network Protocol Support

    WindowsMail Server

    iSCSI

    WindowsFile Server

    CIFS

    UNIX FTP

    Server

    UNIX File Server

    NFS

    UNIX Database

    Application

    WindowsManagement

    StationSNMP

    Tape Backup

    UNIX

    NDMP

    The Celerra supports many industry standard networking protocols which allows it to easily integrate into existing corporate TCP/IP networks. File transfers are supported with FTP (File Transfer Protocol). NDMP (Network Data Management Protocol) backup protocols are also supported on the Celerra, as well as SNMP (Simple Network Management Protocol) for network monitoring.

  • Copyright 2006 EMC Corporation. Do not Copy - All Rights Reserved.

    Celerra Feature and Functions - 7

    2006 EMC Corporation. All rights reserved. Celerra Feature and Functions - 7

    CIFS

    Windows

    Windows

    Windows Corporate Data

    Corporate Data

    Celerra

    The Common Internet File System (CIFS) protocol enables Microsoft Windows clients to map shared file systems on the Celerra as network drives. Each Data Mover can be configured as one or more virtual CIFS server. Each virtual CIFS server can have its own shares and can belong to a different Windows domain.

  • Copyright 2006 EMC Corporation. Do not Copy - All Rights Reserved.

    Celerra Feature and Functions - 8

    2006 EMC Corporation. All rights reserved. Celerra Feature and Functions - 8

    File Access Protocols

    The file access protocols supported include NFS, CIFS, and Multipath File Sharing Protocol (MPFS). Although these protocols share the common goal of enabling a client computer to read and write files over the network, the details of the protocols vary widely.

    These differences are especially important when configuring a single file system to be accessible by more than one protocol. The Celerra enables the transparent sharing of files over the network to the same files by UNIX (NFS) and Windows (CIFS) clients.

  • Copyright 2006 EMC Corporation. Do not Copy - All Rights Reserved.

    Celerra Feature and Functions - 9

    2006 EMC Corporation. All rights reserved. Celerra Feature and Functions - 9

    HighRoad

    B l a n k

    HighroadClient

    Celerra

    Storage System

    The name of the software solution that supports the MPFS protocol is HighRoad. HighRoad combines the best features of NAS and SAN to provide high-speed access to large amounts of data.

    In its normal configuration, the client makes a request for a file, and the Celerra gets the blocks that make up a file from the storage system and sends the file to a client over the network. In a HighRoad configuration, the Celerra sends the HighRoad client the list of blocks that make up a file (metadata), and the HighRoad client gets those blocks directly from the storage system.

    Because the HighRoad client connects to the storage using a fibre channel SAN connection, the data transfer can be much faster. The only data that travels over the IP network between the HighRoad client and the Celerra Data Mover is a small amount of metadata that describes the file to the client. HighRoad is most beneficial to applications moving very large files.

  • Copyright 2006 EMC Corporation. Do not Copy - All Rights Reserved.

    Celerra Feature and Functions - 10

    2006 EMC Corporation. All rights reserved. Celerra Feature and Functions - 10

    iSCSI

    Microsoft Initiatoron the client

    iSCSI Target Data Mover

    iSCSI (Internet Small Computer Systems Interface) is a transport protocol for sending SCSI packets over TCP/IP networks. iSCSI initiators and iSCSI targets are the key components in iSCSI architecture. Initiators and targets are software (or hardware) devices that package and transfer SCSI information over an IP network. An iSCSI initiator encapsulates SCSI commands, data, and status information in iSCSI packets and sends the packets over an IP Network to an iSCSI target residing on a storage device.

    The initiator resides on the client system and issues commands to the target, which resides on a storage device. It is the active component in iSCSI communications and initiates communication with the target. In almost all cases, the target merely responds to requests from the initiator and does not institute independent action.

    The target can either be a software device, such as a Celerra iSCSI target, or a hardware component on an iSCSI HBA. A target is identified by a unique iSCSI name, either in iSCSI Qualified Name (IQN) or Extended Unique Identifier (EUI) format. The Data Mover is the target on the Celerra

    iSCSI looks like a local disk to a windows machine. It will give a Windows admin a SAN like environment, without going through a switch.

  • Copyright 2006 EMC Corporation. Do not Copy - All Rights Reserved.

    Celerra Feature and Functions - 11

    2006 EMC Corporation. All rights reserved. Celerra Feature and Functions - 11

    VLANs

    VLAN 3

    VLAN 1

    VLAN 2

    VLANs are logical networks that function independently of the physical network configuration. A VLAN allows a group of devices to physically reside on different network segments while communicating as if they resided on the same network segment.

    For example, VLANs enable you to put all of a departments computers on the same logical subnet, which can increase security and reduce network broadcast traffic.

  • Copyright 2006 EMC Corporation. Do not Copy - All Rights Reserved.

    Celerra Feature and Functions - 12

    2006 EMC Corporation. All rights reserved. Celerra Feature and Functions - 12

    VLAN Tags

    VLANs require switches that support the VLAN protocol, IEEE 802.1q. The switches add tags to network packets that identify the VLAN to which the packets belong. Depending on the capabilities of the device connected to the switch, the switch either sends the VLAN tags to the device or removes them.

    VLANs are especially useful when configuring standby Data Movers. Because different Data Movers often service different VLANs, the standby would need to be connected to all subnets it might need to serve. Using VLANs, the production and standby Data Movers can all be physically connected to the same few switches, and then use VLAN tagging to connect to the appropriate individual VLANs they serve.

  • Copyright 2006 EMC Corporation. Do not Copy - All Rights Reserved.

    Celerra Feature and Functions - 13

    2006 EMC Corporation. All rights reserved. Celerra Feature and Functions - 13

    y Identify and articulate some of the methodologies used by the Celerra family to provide high availability and data integrity

    Celerra High Availability Options

    The objectives for this lesson are shown here. Please take a moment to review them.

  • Copyright 2006 EMC Corporation. Do not Copy - All Rights Reserved.

    Celerra Feature and Functions - 14

    2006 EMC Corporation. All rights reserved. Celerra Feature and Functions - 14

    Media Protection and Hardware Redundancy

    y Celerra media protection: Ensures uninterrupted access to data Is transparent to the base operations of the Celerra

    y Media protection methodologies include: Parity based RAID technology to protect data storage volumes Policy configuration redundant hardware components Data Mover

    failover policies Redundant hardware system configurationDual internal communication paths between the Control Station(s) and

    Data Mover(s)Multiple paths to back-end storage

    Media protection and hardware redundancy play a key role in ensuring high Celerra availability. A media protection solution safeguards against the loss of data in the event of a disk failure. Hardware redundancy protects against the failure of specific components by providing a second one.

    Depending on the particular Celerra model, data resides on either a Symmetrix or CLARiiON back-end storage. On these platforms, media protection options ensure uninterrupted access to data in the event of disk failure. These media protection options are transparent to the Celerra.

    Both the Symmetrix and CLARiiON offer mirroring and parity based RAID technology to protect data at the drive level. A mirroring solution writes I/O to two disks to protect against a failure of one of them. A parity solution typically uses a set of disks where data is striped across, and a parity calculation stored. The parity data is used to rebuild data in case of failure.

    The Celerra uses redundant hardware components throughout the system to achieve high availability. All Celerra critical components have backup or standby components. Data Movers are configured with redundant connections to back-end storage for data access redundancy.

    The Control Station communicates to the Data Mover via an internal LAN on some Celerra models. A redundant LAN is provided. In addition, redundant Network Interface Cards are included on each Data Mover for multiple external network interfaces.

  • Copyright 2006 EMC Corporation. Do not Copy - All Rights Reserved.

    Celerra Feature and Functions - 15

    2006 EMC Corporation. All rights reserved. Celerra Feature and Functions - 15

    y Group of physical ports that act as a single logical link y Uses one IP addressy Ethernet switch should support the FastEtherChannel of CISCO

    Network High Availability Features -FastEtherChannel

    The Celerra also provides network high availability solutions. Three methods are available: CISCO FastEtherChannel, support for Link Aggregation Control Protocol, and FailSafeNetworks (FSN).

    A FastEtherChannel consists of a group of physical ports that act as a single logical link with one IP address. EtherChannels provide fault tolerance for individual ports. FastEtherChannel, on a Data Mover, works with Ethernet switches that support the FastEtherChannel paradigm developed by Cisco Systems.

    Although FastEtherChannels provide more overall bandwidth than a single port, the connection to any single client consists of only one physical port. The client bandwidth is therefore restricted to the bandwidth of any one individual port. An increase in bandwidth for a single client would require multiple network interface cards with incrementally differentiated MAC addresses, and an Application that could take advantage of those multiple interfaces by multiplexing network communication across them.

    In this solution, the switch is responsible for the packet distribution across the ports that make up the channel. If the connection to one port fails, the switch automatically directs traffic to one of the remaining ports. When the connection is restored, the switch automatically resumes usage of the port as part of the channel.

  • Copyright 2006 EMC Corporation. Do not Copy - All Rights Reserved.

    Celerra Feature and Functions - 16

    2006 EMC Corporation. All rights reserved. Celerra Feature and Functions - 16

    Link Aggregation Control Protocol (LACP)y Link Aggregation

    Combining links for improved availability If one port fails, other ports take over

    Industry standard IEEE 802.3ad Combines 212 Ethernet ports

    into a single virtual link Automatic configuration Deterministic behavior Statistical load balancing on IP

    address, TCP port number or MAC address

    Does not increase single client throughput

    LINK

    Switch

    Celerra

    A Link Aggregation resembles a FastEtherChannel, but it uses the Link Aggregation Control Protocol (LACP), part of the IEEE 802.3ad standard. Unlike FastEtherChannel, Link Aggregation can use any number of ports between 2 and 12. The choice of FastEtherChannel or Link Aggregation will be determined by support of either standard by the network infrastructure. Not all network hardware supports the CISCO standards.

  • Copyright 2006 EMC Corporation. Do not Copy - All Rights Reserved.

    Celerra Feature and Functions - 17

    2006 EMC Corporation. All rights reserved. Celerra Feature and Functions - 17

    Network High Availability Features FailSafeNetwork (FSN) Device

    y Maintain full bandwidth when failed overy Dont require any special switch configurationy Only one connection in an FSN is active at a time

    Unlike EtherChannel and Link Aggregation, FailSafe Networks can maintain full bandwidth when failed over, assuming like bandwidth on both the active and passive configurations. FailSafe Networks do not require any special switch configuration.

    FailSafe Networks (FSN) are configured as sets of ports, FastEtherChannels, Link Aggregations, or combinations of all.

    Only one connection in an FSN is active at a time. If the FailSafe device detects that the active connection has failed, the Data Mover automatically switches to the surviving partner in the FSN, with the same identity of the failed connections. However, in the Celerra implementation, it is not recommended that the FSN be configured with an Active and Passive relationship, but that the links are just grouped together in the FSN. One of them will be the passive, dependant upon order of configuration, but when automatic failover occurs in the event of a failure, and when it is restored, automatic failback does NOT occur. This recommended configuration will prevent a flip flop effect if intermittent network failures occur.

    There is no requirement that the connections that make up an FSN be the same, or that the connections be made to the same network switch. For example, an FSN could have one connection that is a single Gigabit Ethernet port and another connection that is a FastEtherChannel made up of four 100 megabit Ethernet ports. This having been said, care must be taken to ensure that environmental expectations are set correctly. It must be understood that a single Gigabit link might not be able to support client performance and response times as the FastEtherChannel link.

  • Copyright 2006 EMC Corporation. Do not Copy - All Rights Reserved.

    Celerra Feature and Functions - 18

    2006 EMC Corporation. All rights reserved. Celerra Feature and Functions - 18

    Data Mover Failover How Does it Work?

    y Standby component takes over for a failed primary componenty Some Celerra models operate with a single Data Mover or Control

    station, making failover impossible

    y Control station is responsible for Data mover monitoring

    Another method of achieving high availability on the Celerra is Data Mover failover. Failover occurs when a standby component takes over for a failed primary component. Data Movers and Control Stations have failover capability on some Celerra models.Some Celerra models operate with a single Data Mover or Control Station, making failover impossible.How does a Data Mover failover work? Through constant Data Mover monitoring by the Control Station. This is a policy driven solution and the automatic failover setting of the policy works in the following fashion:y The Control Station detects a Data Mover problemy The failing Data Mover is taken offline, andy The pre-defined standby Data Mover assumes the network identity of the failed Data Mover,

    including the MAC and IP addresses This process takes seconds to minutes to complete. The standby Data Mover continues serving files to the failed Data Mover's NFS and CIFS clients. Once the failed Data Mover is replaced, it will resume its role as the active Data Mover with administrator managed failback, and the standby Data Mover will resume its standby role.A single Celerra Data Mover can be configured to act as a standby for several Data Movers. There can also be many standby Data Movers in a single Celerra cabinet, each backing up their own group of Data Movers. The number of standbys configured depends on how critical the application is and how much risk can be tolerated.The secondary Control Station is not a hot spare, but is online and active with the primary Control Station. If configured, when the primary Control Station fails, the secondary Control Station will resume all Control Station operations.

  • Copyright 2006 EMC Corporation. Do not Copy - All Rights Reserved.

    Celerra Feature and Functions - 19

    2006 EMC Corporation. All rights reserved. Celerra Feature and Functions - 19

    Scalability

    y As the environment changes the Celerra can grow to accommodate change: Expand Network Storage Increase performance No loss of service during upgrades on some models Upgradeable Increase client access File system realignment

    A scalable Celerra solution allows for seamless and economic growth to accommodate changing network storage, performance, and connectivity needs, with no loss of service to clients. Each member of the Celerra family offers different configuration and scalability options.

    Celerra models allow for non-disruptive modular Data Mover upgrades to provide for near linear performance increases and additional network connectivity within the same footprint.

    For example, with Data Mover scalability, the initial Celerra can be configured with four Data Movers and 16 Network Interface cards, and later be upgraded with two additional Data Movers to provide additional processing capability, and to serve more network clients.

    With storage scalability, since the Celerra architecture separates the front-end from the back-end, there is the flexibility to consume storage as needed. As the data capacity needs increase, additional storage can be added to the Symmetrix or CLARiiON back-end on some Celerra models. This leads to improved disk utilization.

    Additional scalability and flexibility is offered when managing Celerra file systems. The Celerra has the ability to expand file systems online. In addition, since all Data Movers can "see" the entire file space, file systems can be realigned to balance the load.

  • Copyright 2006 EMC Corporation. Do not Copy - All Rights Reserved.

    Celerra Feature and Functions - 20

    2006 EMC Corporation. All rights reserved. Celerra Feature and Functions - 20

    Celerra Data Replication and Recovery Options

    y Identify and articulate some of the methodologies used by the Celerra family to provide data replication and recovery

    The objectives for this lesson are shown here. Please take a moment to review them.

  • Copyright 2006 EMC Corporation. Do not Copy - All Rights Reserved.

    Celerra Feature and Functions - 21

    2006 EMC Corporation. All rights reserved. Celerra Feature and Functions - 21

    SnapSure and SnapSure Checkpoints

    Production FileSystem

    CheckpointFile System SavVol

    Client Write toProduction File SystemCelerra

    SnapSure enables the creation of a file system point-in-time view with minimal interruption to the file system being copied.

    These point-in-time views, called checkpoints, are not complete copies of the file system. Instead, the checkpoint contains only the original data for blocks that have changed since the checkpoint was created. A checkpoint can use considerably less storage than a complete copy.

  • Copyright 2006 EMC Corporation. Do not Copy - All Rights Reserved.

    Celerra Feature and Functions - 22

    2006 EMC Corporation. All rights reserved. Celerra Feature and Functions - 22

    SnapSure Checkpoints and SavVols

    Each production file system can have many checkpoints, each representing the exact state of the file system at a different time. The data for all checkpoints of a file system is stored in a single volume called the SavVol. The SavVol can be configured to automatically expand if it runs out of space.

    A checkpoint can be shared or exported. Checkpoints are always read-only. Users can recover accidentally deleted or corrupted files by copying them from the checkpoint back to the production file system. Checkpoints are also useful for testing applications and for making tape backups of file systems.

  • Copyright 2006 EMC Corporation. Do not Copy - All Rights Reserved.

    Celerra Feature and Functions - 23

    2006 EMC Corporation. All rights reserved. Celerra Feature and Functions - 23

    TimeFinder/FS

    Another method of data replication provided by the Celerra is TimeFinder/FS. Like SnapSure, TimeFinder/FS enables you to create a point-in-time view of a file system.

    Different than SnapSure, TimeFinder/FS creates a mirror image of the file system and is therefore equal in size to the original. If TimeFinder/FS is dynamically mirroring the original file system, the copy cannot be exported or shared without first stopping the mirroring.

    If not dynamically mirroring the file system, the copy is independent of the original file system, and can be exported and shared read / write on another Data Mover in the Celerra.

    A TimeFinder/FS copy can be used for backing up a consistent image to tape while the original file system continues to change.This is of great value when the backup window is small, or non-existent.

    TimeFinder/FS can also be used to restore a deleted or corrupted file, or file system. Lastly, the copy can be used for testing new applications with real data before putting the applications into production.

  • Copyright 2006 EMC Corporation. Do not Copy - All Rights Reserved.

    Celerra Feature and Functions - 24

    2006 EMC Corporation. All rights reserved. Celerra Feature and Functions - 24

    Replication - Local

    SavVol

    Another method of data replication available is Celerra Replicator. The Celerra Replicator option produces a read-only copy of a production file system.

    Local replication produces a read-only copy of the production file system using a shared SavVol for use by two Data Movers in the same cabinet. The primary Data Mover processes the reads and writes from the network clients and the secondary Data Mover exports the read-only copy of the file system for backup and application testing.

    This copy can be used by a Data Mover in the same cabinet or a Data Mover at a remote site. Because the copy is only periodically synchronized to the source file system, Celerra Replicator is not a disaster recovery solution. This is a DART based feature and will work with any Celerra model.

  • Copyright 2006 EMC Corporation. Do not Copy - All Rights Reserved.

    Celerra Feature and Functions - 25

    2006 EMC Corporation. All rights reserved. Celerra Feature and Functions - 25

    Replication - Remote

    Remote replication creates a read-only copy of the production file system at the remote site. This is done by transferring changes made to a file system from a local site to a file system at a remote site over an IP network. Automatic or manual data transfer can be configured using commands entered at the Control Station.

    Celerra Replicator can be used to distribute content to remote sites for Web serving, distance learning, and similar uses. It can also be used for backup and application testing.

    Replication is done over an IP network, without distance limitations. In planning replication, the network implications need to be understood at the primary site in order to correctly size the network connection between the primary and secondary sites. In addition, bandwidth, transfer rate, and affect on network are considered.

  • Copyright 2006 EMC Corporation. Do not Copy - All Rights Reserved.

    Celerra Feature and Functions - 26

    2006 EMC Corporation. All rights reserved. Celerra Feature and Functions - 26

    OnCourse

    Another method of replicating data from the Celerra to remote servers is available with OnCourse software. OnCourse is a data movement product that enables secure, automated distribution of data between Celerra and other systems across IP networks.

    The OnCourse data transfer system consists of the Transfer Manager, and a collection of Transfer Agents. The Transfer Manager coordinates and logs the data transfer activities carried out by the distributed Transfer Agents. The Transfer Agents are installed on remote computer systems and are responsible for the actual transfer of data.

    With OnCourse, data can be replicated between two or more systems, aggregated from many systems to a central node, or distributed to many nodes from a central system. Data can be pushed or pulled among these systems.

  • Copyright 2006 EMC Corporation. Do not Copy - All Rights Reserved.

    Celerra Feature and Functions - 27

    2006 EMC Corporation. All rights reserved. Celerra Feature and Functions - 27

    SRDF Disaster Solution

    Campus distance 60 km (network distance)

    SRDF ensures that the file systems on a Data Mover remain available to users on the network even if the Celerra at the primary site is unavailable. SRDF provides a mirror copy of data.

    Both synchronous and asynchronous SRDF are available. Synchronous SRDF may be chosen for mission critical applications with a zero fault tolerance. Asynchronous SRDF may be chosen in cases where a minimal loss of data is acceptable.

  • Copyright 2006 EMC Corporation. Do not Copy - All Rights Reserved.

    Celerra Feature and Functions - 28

    2006 EMC Corporation. All rights reserved. Celerra Feature and Functions - 28

    SRDF Failover

    If a disaster were to occur at the local site, a failover would be manually activated. The SRDF standby Data Movers would assume the network addresses of the Data Movers at the disaster site. Clients would then resume service. The entire disaster site would failover to the remote Celerra site.

    A more complex configuration uses two production sites, each acting as the standby for the other. Each Symmetrix is partitioned into production and backup volumes. Likewise, each Celerra has both production and SRDF standby Data Movers. If one site fails, the other site takes over and serves the clients of both sites.

    Synchronous SRDF cannot tolerate network delays. Therefore, careful planning is required to assure that the distance between the sites is appropriate, and that network latencies are minimized. For this reason, it is recommended that the two sites be within one millisecond round trip transit time (usually approximately 60 kilometers) of each other.

  • Copyright 2006 EMC Corporation. Do not Copy - All Rights Reserved.

    Celerra Feature and Functions - 29

    2006 EMC Corporation. All rights reserved. Celerra Feature and Functions - 29

    Celerra Backup

    Tape Library UnitBackup Server

    Celerra Storage

    The Celerra not only provides solutions for data replication to disk, but also provides tape backup solutions. The options available include network backup and NDMP backup. Each will be described.

    With a network backup configuration, the tape device is attached to a backup server running software for scheduling, cataloging, and Tape Library Unit support. Data flows from the storage system to the Data Mover and then across the network to a backup server with an attached tape device. This solution is best suited for medium-capacity backups with no multi-protocol support. Since significant amounts of data are traversing the network, a dedicated backup network is commonly used.

  • Copyright 2006 EMC Corporation. Do not Copy - All Rights Reserved.

    Celerra Feature and Functions - 30

    2006 EMC Corporation. All rights reserved. Celerra Feature and Functions - 30

    NDMP Backup

    Tape Library Unit

    The second backup option for the Celerra is NDMP backup. The NDMP architecture uses a client/server model in which the backup software is the NDMP client to the NDMP server (Data Mover). Backup data flows from the storage system to the Data Mover to an attached tape library backup device, without traversing the network. Only the backup software's control information travels across the network, therefore minimizing traffic.

    An NDMP three-way backup involves three hosts: the NDMP client, the Data Mover acting as the NDMP server, and the Data Mover running the tape service. The NDMP client communicates to the Data Mover owning the data to be backed up. The Data Mover retrieves the data from disk and passes it to the Data Mover with the tape library attached. Both file system and control data travel across the network.

    Celerra can also write data backups to a Virtual Tape Library. A Virtual Tape Library, or VTLU, is a device you can configure within the Celerra, typically utilizing a low cost storage are disk drive.

  • Copyright 2006 EMC Corporation. Do not Copy - All Rights Reserved.

    Celerra Feature and Functions - 31

    2006 EMC Corporation. All rights reserved. Celerra Feature and Functions - 31

    Securing User Access to Data

    y Identify and articulate some of the methodologies used by the Celerra family to integrate with existing user access security environments and maintaining data integrity between them

    The objectives for this lesson are shown here. Please take a moment to review them.

  • Copyright 2006 EMC Corporation. Do not Copy - All Rights Reserved.

    Celerra Feature and Functions - 32

    2006 EMC Corporation. All rights reserved. Celerra Feature and Functions - 32

    User Authentication

    y Process to determine the level of access of each usery Share Level allows access to File System without any

    password

    y User authentication is used both in Unix and Windows environment

    y Celerra provides four authentication options: Share level UNIX Authentication Windows NT/2000/2003 authentication Authenticate as a local user

    Authentication is the process of determining whether someone is, in fact, who they are declared to be. In computer networks, authentication is commonly done through the use of logon passwords. Celerra provides three user authentication options. They are share level authentication, UNIX authentication, and NT/2000/2003 authentication.

    Configurations with few security requirements use share level authentication. This option allows access to file systems without any password. Optionally, with passwords enabled, any CIFS or NFS user presenting a valid password receives access to the data. This option is not often used.

    User authentication is more commonly used both in UNIX and Windows environments. In a UNIX environment, the authentication of NFS users is assumed to be performed by the NFS client machine when the user logs on, using the local authentication method.

  • Copyright 2006 EMC Corporation. Do not Copy - All Rights Reserved.

    Celerra Feature and Functions - 33

    2006 EMC Corporation. All rights reserved. Celerra Feature and Functions - 33

    Windows 2000/2003/NT Authentication

    y Uses the native W2K methodology with LDAP and Kerberosy Users must be mapped to UIDs and GIDsy Windows NT users are authenticated using the Security Account

    Manager

    In a Windows 2000/2003/NT environment, user authentication is accomplished using the native Windows 2000/2003 methodology with LDAP (Lightweight Data Access Protocol) and Kerberos. The Active Directory contains all of the domain objects and their attributes. Kerberos is the security mechanism used. Because the Celerra uses UNIX - style user IDs and group IDs for user authentication, Windows 2000/2003/NT users must be mapped to UIDs and GIDs.

    In a Windows NT environment, the NT LAN Manager (NTLM) methodology is used in the same way as with any NT authentication. Users are authenticated at the Domain Controller using the Security Account Manager (SAM). In a mixed NT/2000 or NT/2003 environment, all Windows NT users must be mapped to UNIX-like User IDs and Group IDs at the Data Mover.

  • Copyright 2006 EMC Corporation. Do not Copy - All Rights Reserved.

    Celerra Feature and Functions - 34

    2006 EMC Corporation. All rights reserved. Celerra Feature and Functions - 34

    Access Checking Policy

    y Determine which users have permission to access a fileyWindows environment use ACLs to control object accessy UNIX environment access classes called owner and

    group

    y The access mode in a UNIX environment are read, write and execute

    Once the user is authenticated, security at the file or directory level must also be checked. Access checking policies determine which users have permission to access a file, and what action those users can perform against the file.

    Access checking policies are different in UNIX and Windows environments. In a Windows environment, Access Control Lists, or ACLs, control object access. ACLs list the users and groups that can access an object, and specify what those users can do with the object. ACLs are supported on the Celerra.

    In a UNIX environment, access classes called owner, group, and other are used in conjunction with access modes. The access modes are read, write, and execute. These are also supported on the Celerra.

    Because UNIX and Windows implement access checking differently, the Celerra defines four access checking policies to accommodate these differences. The policies provide administrative flexibility in controlling how objects are accessed in a mixed NFS and CIFS environment, where both protocols require access to the same data.

  • Copyright 2006 EMC Corporation. Do not Copy - All Rights Reserved.

    Celerra Feature and Functions - 35

    2006 EMC Corporation. All rights reserved. Celerra Feature and Functions - 35

    File Locking

    y Provides file integrity when more than one user might access thesame filey Manage attempts to read, write, or lock a file that is held by another

    usery Different locking mechanism between the Unix and Windows

    Environments

    File locking offers another level of security. File locking provides a mechanism for ensuring file integrity when more than one user might access the same file. File locks manage attempts to read, write, or lock a file that is held by another user. The file locking option selected depends on business requirements and whether the network environment is CIFS only, or NFS and CIFS.

    The locking mechanisms are handled differently in UNIX and Windows environments. CIFS locks are generally more restrictive than NFS. For example, no other users can access a locked file with CIFS. NFS offers cooperative access in that other users can access a locked file.

  • Copyright 2006 EMC Corporation. Do not Copy - All Rights Reserved.

    Celerra Feature and Functions - 36

    2006 EMC Corporation. All rights reserved. Celerra Feature and Functions - 36

    Celerra Lock Policies

    Celerra Network Server provides three different locking policies: nolock, wlock, and rwlock. File locking provides a mechanism for ensuring file integrity when more than one user tries to access the same file. File locks manage attempts to read, write, or lock a file that is in use by another user. These locks on files behave differently if being accessed by an NFS verses a CIFS client.

  • Copyright 2006 EMC Corporation. Do not Copy - All Rights Reserved.

    Celerra Feature and Functions - 37

    2006 EMC Corporation. All rights reserved. Celerra Feature and Functions - 37

    Data Protection Anti-Virus Solution

    y Celerra AntiVirus Agent along with third party antivirus software both running on separate server

    y Virus Checking client agent runs on the Data Movery When virus is detected the VC client instructs the virus checking server

    to perform a configured action

    Another form of security is that of protection against viruses. Because Data Movers run DART, they are not vulnerable to viruses themselves. However, if a file containing a virus is stored on the file server, any Windows client that accesses the file is vulnerable to the virus.

    The Celerra solution is CAVA, or Celerra AntiVirus Agent, along with third party antivirus software, both running on a separate server. A Virus Checking (VC) client agent runs on the Data Mover.

    How does CAVA work? A network client attempts to write to, or close, a network file. The VC client on the Data Mover notifies the CAVA of the names of files that need to be scanned for viruses. For most files, the CAVA passes the files signature to the antivirus program, which checks the signature against its virus definitions. File access is blocked until the file is checked by the third party virus checking server. If a virus is not detected, access to the file will be allowed. If a virus is detected, the VC client instructs the virus checking server to perform certain actions as specified in the configuration parameters. These actions include such things as repair the file, rename the file, change the file extension, move the file, or delete the file.

  • Copyright 2006 EMC Corporation. Do not Copy - All Rights Reserved.

    Celerra Feature and Functions - 38

    2006 EMC Corporation. All rights reserved. Celerra Feature and Functions - 38

    Celerra Management Interface Options

    y Identify and articulate some of the methodologies used by the Celerra family to provide a management infrastructure

    The objectives for this lesson are shown here. Please take a moment to review them.

  • Copyright 2006 EMC Corporation. Do not Copy - All Rights Reserved.

    Celerra Feature and Functions - 39

    2006 EMC Corporation. All rights reserved. Celerra Feature and Functions - 39

    Command Line Interface

    server_mount server_2 o rw fs1 /mnt1server_export server_2 o annon=0, /mnt1

    Celerra

    The Celerra Command Line Interface, or CLI, is the original Celerra management tool and one of the most versatile. Using the CLI, the administrator can configure file systems, failover, disaster recovery solutions, virus checking, network interfaces, network topologies, replications requirements, and mounting and export file systems.

    Most administrative tasks can be completed using the CLI on the Control Station. Note that the Data Movers do not have a CLI.

    Commands are entered at the Control Station which, in turn, sends the necessary commands to the Data Movers and storage systems. The administrator can use either local or remote access to the Control Station.

    The Control Station runs an EMC-customized version of Linux. The standard Linux scripting and scheduling tools can be used with the Celerra CLI. For those administrators who prefer a Graphical User Interface, the options will be discussed next.

    The command line can be accessed on the Control Station via SSH interface (i.e. PuTTy) or telnet.

  • Copyright 2006 EMC Corporation. Do not Copy - All Rights Reserved.

    Celerra Feature and Functions - 40

    2006 EMC Corporation. All rights reserved. Celerra Feature and Functions - 40

    Celerra Graphical User Interface

    The Celerra offers two Graphical User Interface management tools for administrators who prefer a graphical view rather than a command line. They are Celerra Manager and Celerra Monitor. Celerra Monitor is launched from Celerra Manager.

  • Copyright 2006 EMC Corporation. Do not Copy - All Rights Reserved.

    Celerra Feature and Functions - 41

    2006 EMC Corporation. All rights reserved. Celerra Feature and Functions - 41

    EMC ControlCenter Support

    ControlCenter has device management support for Celerra. The ControlCenter Celerra Agent runs on Windows and has enhanced discovery and monitoring capabilities. The user can view properties information regarding Data Movers, devices, network adapters and interfaces, mount points, exports, file systems, and volumes from the ControlCenter Console. Health alerting information can also be viewed.

  • Copyright 2006 EMC Corporation. Do not Copy - All Rights Reserved.

    Celerra Feature and Functions - 42

    2006 EMC Corporation. All rights reserved. Celerra Feature and Functions - 42

    Microsoft Management Console Snap-ins

    The Microsoft Management Console (MMC) is an application that provides a GUI in which consoles can be created, saved, and opened. It does not provide management, but rather a framework in which management tools can operate. Consoles are used to manage computer components, and include such items as wizards, tasks, and snap-ins. EMC provides Celerra specific snap-ins, which can be used to manage specific aspects of the Celerra.

    An anti-virus snap-in is available to manage the virus-checking parameters used with Celerra AntiVirus Agent and third-party antivirus programs. A Home Directory snap-in is also available to associate a user name with a directory. This feature simplifies the administration of personal shares and the process of connecting to them.

    The audit policy snap-in can be used to determine which Data Mover security events are logged in the Security log. The log can then be viewed with the Windows Event Viewer. The User Rights assignment snap-in can be used to manage which users and groups have task privileges to a Data Mover.

    Unix User Management allows Windows users who have Unix accounts to have those user IDs in a local directory.

  • Copyright 2006 EMC Corporation. Do not Copy - All Rights Reserved.

    Celerra Feature and Functions - 43

    2006 EMC Corporation. All rights reserved. Celerra Feature and Functions - 43

    Course Summary

    y Define how Celerra provides network compatibilityy Describe how Celerra offers high availability y Define the features of Celerra which provide Data

    Replication and Recovery

    y Explain Celerra security featuresy Describe the different Management options available to

    Celerra

    These are the key points covered in this training. Please take a moment to review them.

    This concludes the training. Please proceed to the Course Completion slide to access the Assessment.