Information required before starting initial configuration of your system

Identify the information needed to configure your system using the management GUI.

About this task

You must enter specific information into the management GUI. The tables help you record the key values needed before the initial set up and initial configuration.

Figure 1. Example of IP addresses and connectivity

Here are examples of IP addresses, machine names, and so forth.

Legend for Figure 1:

1 File storage path
2 Block storage path
3 Remote support services via internet
A DNS server
B NTP server
C Email server
D Authentication server
E 10 Gbps Ethernet switch
F Client machine
G Client machine
H Fibre Channel switch
AA 1 Gbps Ethernet direct connection between the file modules
BB 10 Gbps Ethernet network
CC Fibre Channel network
DD 1 Gbps Ethernet
EE Fibre Channel direct connection from file modules to node canisters

Required information:

Fill out all the information in the following tables in order to navigate through the initial configuration wizard in the management GUI. Your chances of completing the initial configuration successfully are greatly increased if you have carefully planed and completed these tables before you start the initial setup and initial configuration of the system.

Table 1. Information required for the initial configuration wizard in the management GUI. The table entries serve as a guide only. Use the Value column to record your system information.
Field	Value	Notes
System name		The name of the Storwize® V7000 Unified system. It is best if this is also the IP name for the management IP address (For example : myfilesystem1)
NetBIOS name		Name used for NetBIOS access to the system. Note: To change the NetBIOS name after the initial configuration, use the cfgcluster CLI command.
Time zone		Refer to Time zone list. Example: If the machine is being installed in Tucson, Arizona, USA, the best match for the time zone is America/Phoenix. You will match this to a drop down menu located in the management GUI.
Network Time Protocol (NTP) Server		Site NTP server address (for example, 123.123.123.103)
Alternate NTP server		Alternate NTP server if applicable
VLAN ID		If the file modules connect to an Ethernet Switch module configured in "access" mode, then no action is required. If the file modules connect to an Ethernet Switch module configured in "trunk" mode, then enter a VLAN ID in the range of 2 to 4094. The Ethernet Switch must also be configured to allow this VLAN ID. 0-4095 are valid VLAN IDs, but 0, 1, and 4095 are reserved. Do not use 0, 1, and 4095 as VLAN IDs.
Domain name		This name is the public network domain name. Example: company.com The system name and domain name are typically used in combination. Example: myfilesytem1.company.com
DNS servers		Numerical address of user Domain Name Server (for example, 123.123.123.102) can be multiple server addresses
DNS search domain		Additional domain names to be used with primary domain name (for example, a.company.com or us.company.com)
Authentication method for network access to file systems		Refer to Table 5, Table 6, Table 7, Table 8 to set up your authentication method. When done, return here to continue.
Public subnet or subnets		Where subnet is the numeric IP address of the public network (data path). It is used for all of the Ethernet data path connections. Note: The Subnet is entered as the subnet address followed by the CIDR equivalent of the subnet mask (for example 99.99.99.0/24). You may have more than one public network to access the file systems and file sets shared by this system.
Public subnet mask or subnet masks		This is the subnet mask or subnet masks associated with the public subnet or subnets (for example, 255.255.255.0).
CIDR equivalent of the subnet mask		This is the CIDR (/XX) equivalent of the subnet mask that was specified previously. Look up the subnet mask (specified previously) then refer to the Table 4 and find the CIDR equivalent and record it on this line. It must be between /0 and /32 (for example, /24).
Default gateway IP address		This is the numeric gateway IP address. It is used for all network access to the file systems. For example, 99.99.99.1
Public IP addresses		The public IP addresses are the data path connections to your network. They are used for all of the Ethernet data path connections the file modules. At least 2 addresses are recommended (1 per node). The data path connections use Ethernet bonding, so a single IP address (along with a subnet mask and gateway) is used for all available Ethernet ports on a single file module. The system automatically load balances between the physical ports on a single file module. (For example, 99.99.99.100, 99.99.99.101,99.99.99.102,99.99.103)
Additional public gateway IP addresses		Additional gateways IP addresses for access to the file systems across each of the public networks.
Email server IP address		The IP address of your email server for outgoing mail (for example, 123.123.123.104)

Table 2. Information that the system provides to IBM Remote Technical Support
Field	Value	Note
Company Name		The name of your company
Address		This is the address where the machines are located. Example: Bldg. 123, Room 456, 789 N Data Center Rd, City, State
Your Contact Phone Number		This is the primary phone number that IBM® Remote Technical Support will call, if the system calls home to report a problem.
Your Off Shift Contact Phone Number		This is the alternate phone number that IBM Remote Technical Support will call, if the system calls home to report a problem.
IP address of proxy server (for call home)	_____._____._____._____	Optional. If a proxy server is needed to access the internet for Call Home from the file modules, this is the IP address of that server. If no proxy server is used, leave this field blank.
Port Of Proxy Server (For Call Home)		Optional. If a proxy server is needed, this is the port corresponding to the IP address listed previously. If no proxy server is used, leave this field blank.
Userid For Proxy Server (For Call Home)		Optional. If a proxy server is needed, and the proxy server requires a user ID and password, record the user ID here. If no proxy server is used, or no user ID and password are used, leave this field blank.
Password For Proxy Server (For Call Home)		Optional. If a proxy server is needed, and the proxy server requires a user ID and password, record the password here. If no proxy server is used, or no user ID and password are used, leave this field blank.
IBM Support email address	`callhome1@de.ibm.com` `callhome0@de.ibm.com`	`callhome1@de.ibm.com`: For Storwize V7000 Unified systems located in North America, Latin America, South America or the Caribbean Islands. `callhome0@de.ibm.com`: For Storwize V7000 Unified systems located anywhere else in the world.

If a proxy server is not used, your network must provide access to the following addresses and ports to facilitate call home from each of the file module service IP addresses. Note that call home from one of the storage enclosures is done using email.

Table 3. Required information
Host Name	IP Address	Port	Description
eccgw01.boulder.ibm.com	207.25.252.197	443	ECC transaction gateway
eccgw02.rochester.ibm.com	129.42.160.51	443	ECC transaction gateway
ftp.ecurep.ibm.com	192.109.81.7	20, 21	File upload for status reporting and problem reporting through FTP
www6.software.ibm.com	170.225.15.41	443	File upload for status reporting and problem reporting. Proxy to testcase.boulder.ibm.com
www-945.ibm.com	129.42.26.224	443	Problem reporting server v4
www-945.ibm.com	129.42.34.224	443	Problem reporting server v4
www-945.ibm.com	129.42.42.224	443	Problem reporting server v4
www.ibm.com	129.42.56.216	80, 443	Service provider file (CCF) download
esupport.ibm.com	129.42.56.189, 129.42.60.189, 129.42.54.189	443, 80 (optional)	For the Edge ECC v4 connectivity, it is recommended that customers open 129.42.0.0/18 (EI IPv4 address range) to minimize any issues in the future.
www.ibm.com	129.42.58.216	80, 443	Service provider file (CCF) download
www.ibm.com	129.42.60.216	80, 443	Service provider file (CCF) download
www-03.ibm.com	204.146.30.17	80, 443	Service provider file (CCF) download

Table 4. CIDR subnet mask information
Subnet Mask	CIDR Equivalent	Note
255.255.255.255	/32	Host (single address)
255.255.255.254	/31	Unusable
255.255.255.252	/30	2 usable
255.255.255.248	/29	6 usable
255.255.255.240	/28	14 usable
255.255.255.224	/27	30 usable
255.255.255.192	/26	62 usable
255.255.255.128	/25	126 usable
255.255.255.0	/24	Class C 254 usable
255.255.254.0	/23	2 Class Cs
255.255.252.0	/22	4 Class Cs
255.255.248.0	/21	8 Class Cs
255.255.240.0	/20	16 Class Cs
255.255.224.0	/19	32 Class Cs
255.255.192.0	/18	64 Class Cs
255.255.128.0	/17	128 Class Cs
255.255.0.0	/16	Class B
255.254.0.0	/15	2 Class Bs
255.252.0.0	/14	4 Class Bs
255.248.0.0	/13	8 Class Bs
255.240.0.0	/12	16 Class Bs
255.224.0.0	/11	32 Class Bs
255.192.0.0	/10	64 Class Bs
255.128.0.0	/9	128 Class Bs
255.0.0.0	/8	Class A
254.0.0.0	/7	2 Class As
254.0.0.0	/6	4 Class As
252.0.0.0	/5	2 Class As
248.0.0.0	/4	8 Class As
224.0.0.0	/3	16 Class As
192.0.0.0	/2	32 Class As
128.0.0.0	/1	64 Class As
0.0.0.0	/0	IP space

Authentication Method Decision Tree:

The Storwize V7000 Unified systems require one, and only one, authentication system to allow network users to access file systems or file sets exported (shared) by the Storwize V7000 Unified system. The authentication system may also be used to provide User ID mapping. Several authentication methods are supported. They are:

Microsoft Active Directory - with or without SUA / SFU
Lightweight Directory Access Protocol (LDAP)
Network Information Service (NIS

A local LDAP server can also be used which runs on the file modules, but this is limited. For example it does not support asynchronous filesystem replication to another Storwize V7000 Unified system. Refer to Managing authentication and ID mapping.

Use the flow chart in Figure 2 to assist in deciding which authentication method is right for you. The factors that influence the decision are the types of client hosts, the existing authentication infrastructure (if any), and if asynchronous file system replication is to be utilized.

Figure 2. Planning chart for determining an authentication method

Flow chart for planning an authentication method.

Internally, the Storwize V7000 Unified system uses IBM General Parallel File System (GPFS). GPFS is a UNIX file system that uses UNIX-style user IDs (UID) and group IDs (GID) to manage file permissions.

For Windows (CIFS) users to access files, there must be some sort of User ID Mapping, such as some way to map the Windows user and group objects to Unix UIDs and GIDs. The Storwize V7000 Unified system supports user ID mapping either internally or externally. While external user ID mapping is preferred, internal mapping can be done using a table local to the Storwize V7000 Unified system to map Windows user and group objects to arbitrary Unix UIDs and GIDs. That table is not accessible externally, even to another Storwize V7000 Unified system for asynchronous file system replication.

Asynchronous replication thus requires external user ID mapping, specifically Windows Active Directory with the Subsystem for Unix (SUA) enabled and populated. Mixed client access, which is having both UNIX and Windows clients access the same files (using NFS and CIFS), requires external user mapping using either Active Directory with SUA/SFU or LDAP with Samba extensions.

Table 5. Authentication method information
Field	Value	Note
Authentication Method	[ ] Microsoft Active Directory [ ] Lightweight Directory Access Protocol (LDAP) [ ] Samba Primary Domain Controller (PDC) - NT4 [ ] None (requires configuring Network information Service (NIS) for NFS NetGroup support)	Check one of the options. If you check None, do not select either of the following NIS options.
Options	[ ] Kerberos, compatible with authentication method of LDAP only [ ] Services For UNIX (SFU) - compatible with authentication method of Active Directory only [ ] Network Information Service (NIS) - NFS NetGroup support without User ID Mapping - compatible with authentication method of Active Directory or PDC only. [ ] Network Information Service (NIS) - NFS NetGroup support authentication method with User ID Mapping - compatible with authentication method of Active Directory or PDC only.	One or more of these optional capabilities may be used to extend the capabilities of the authentication method selected previously. If none of these options are needed then leave this row blank.

If you checked Microsoft Active Directory in the Authentication Method field of Table 5, you must complete Table 6.

Table 6. Active Directory configuration information
Field	Value	Note
Active Directory Server Ip Address	_____._____._____._____ _____._____._____._____	This is the numeric IP address of the remote Active Directory server (domain controller) on your network.
Active Directory Userid		This is the user ID that must be provided when communicating with the remote Active Directory server. The following user ID and the password are used to authenticate to the Active Directory server.
Active Directory Password		This is the password that must be provided when communicating with the remote Active Directory server.
SFU DOMAIN NAME		If you checked Services For Unix (SFU) in the Options field of Table 5, then you must complete this field. If you did not check SFU, leave this field blank. This field is used to specify the Trusted Domain Name for the Active Directory server.
SFU RANGE	Upper range: ________________ Lower range: ________________	If you checked Services For Unix (Sfu) in the Options field of Table 5, then you must complete this field. If you did not check SFU, leave this field blank. This field is used to specify the Lower and Upper bounds of the User Identifier (UID) and Group Identifier (GID) ranges for the storage system. Use the format Lower-Upper (for example, 25-37). The SFU Range must contain the UNIX UID/GID numbers corresponding to users/groups who need to access the system with SFU. The primary group assigned to the SFU users must be an existing Active Directory group with a valid UNIX GID assigned to it. The SFU users must have the same UNIX Attribute primary group and Windows primary group. The UNIX UID/GID that are assigned to such users/groups must be in the ID range provided with -cp parameter of the cfgsfu command. The range for UID/GID must not intersect with 10000000-11000000, this range is used by Scale Out Network Attached Storage internally for other UID/GID mapping
SFU SCHEMA MODE	[ ] SFU [ ] rfc2307	If you checked Services For Unix (Sfu) in the Options field of Table 5, then you must complete this field. If you did not check SFU, leave this field blank. This field is used to specify the schema Mode. The schema Mode can be either sfu or rfc2307depending on the operating system of the Active Directory domain server. If the operating system of the domain server is Microsoft Windows 2008 or Windows 2003 with SP2R2 packages use the schemaMode of rfc2307 for Windows 2000 and Windows 2003 with SP1, use sfu.

If you checked LDAP in the Authentication Method field of Table 5, you must complete Table 7.

Table 7. LDAP configuration information
Field	Value	Note
LDAP SERVER IP ADDRESS	_____._____._____._____ _____._____._____._____	This is the numeric IP address of the remote LDAP server on your network.
SECURITY METHOD	[ ] Off [ ] SSL (Secure Sockets Layer) [ ] TLS (Transport Layer Security)	The communications link between the Storwize V7000 Unified system and your LDAP server may be open (unencrypted), or may be secured (encrypted). If secured, one of two methods is used: SSL or TLS. Note: When SSL or TLS is used, a security certificate file must be copied from your LDAP server to the Storwize V7000 Unified Management Node.
Certificate Path		If the SSL method is Off, leave this field blank. If the SSL method is SSL or TLS, record the path on the Storwize V7000 Unified Management Node where you copy the Certificate file. As an example, if the Certificate File is cacert.pem and you store it in a directory called /certificates, then record /certificates/cacert.pem.
User Suffix		Specifies the LDAP user suffix to be used.
Group Suffix		Specifies the LDAP group suffix to be used.
Bind Distinguished Name		This is the bind distinguished name from the /etc/openldap/slapd.conf file on your LDAP server. In the example following note 1 below, the bind distinguished name is cn=Manager,dc=v7kuldap,dc=com
Bind Password		This is the bind password from the /etc/openldap/slapd.conf file on your LDAP server. In the example following note 1 below, the bind password is secret.
Kerberos Server Name		If you checked Kerberos in the Options field of Table 5, you must complete this field. If you did not check Kerberos, leave this field blank. This field is the name of the Kerberos server used with your LDAP environment.
Kerberos Realm		If you checked Kerberos in the Options field of Table 5, then you must complete this field. If you did not check Kerberos, leave this field blank. This field is the Realm for the Kerberos server used with your LDAP environment.
Kerberos Keytab File		If you checked Kerberos in the Options field of Table 5, then you must complete this field. If you did not check Kerberos, leave this field blank. This field is the file name for the Kerberos KeyTab file.

Table 8. NIS configuration information
Field	Value	Note
NIS MODE	[ ] Basic - NIS is used (to provide NFS NetGroup support) in an environment without Active Directory, LDAP, or Samba Primary Domain Controller (PDC). [ ] Extended - NIS is used (to provide NFS NetGroup support or to map UNIX IDs to Windows IDs) for an environment where Active Directory or Samba Primary Domain Controller (PDC) is used for Authentication.	NIS is typically used for one of the following purposes: NIS can be used to provide NFS Netgroup support in an environment without Active Directory, LDAP, or PDC. NIS can be used to provide NFS Netgroup support in an environment with Active Directory, or PDC. NIS can be used to provide NFS NetGroup support and map UNIX user IDs (which are numeric) to Windows user IDs (which are text strings), allowing UNIX servers to access Network Attached Storage devices that use Microsoft Active Directory or PDC to authenticate users. If you checked None in the Authentication Method field of Table 5, then select Basic. If you checked either of the NIS items in the Options field of Table 5, then select Extended.
Domain Map		If the NIS Mode is Basic, leave this field blank. If the NIS mode is Extended, this field is optional. This field can be used to specify the mapping between Active Directory domains and different NIS domains. When specifying a domain map, use a colon between the Active Directory domain and the NIS domain or domains. Example: ad_domain:nis_domain1 If more than one NIS domain is specified, use a comma-separated list. Example: ad_domain:nis_domain1,nis_domain2 To specify more than one Active Directory domain, use a semicolon. Example: ad_domain1:nis_domain1,nis_domain2; ad_domain2:nis_domain3,nis_domain4
Server Map		This field must be used to specify the mapping between NIS servers and NIS domains. When specifying a server map, use a colon between the NIS server and the NIS domain or domains. Example: nis_server:nis_domain1 If more than one NIS domain is specified, use a comma-separated list. Example: nis_server:nis_domain1,nis_domain2 To specify more than one NIS server, use a semicolon. Example: nis_server1:nis_domain1,nis_domain2; nis_server2:nis_domain3,nis_domain4
User Map		If the NIS Mode is Basic, leave this field blank. This optional field can be used to specify the handling for a user who is not known to the NIS server. Only one rule can be specified for each Active Directory or PDC domain. The handling is specified using one of the following keywords: DENY_ACCESS - denies any user from the specified domain access if they do not have a mapping entry in the NIS. Example: ad_domain1:DENY_ACCESS AUTO - a new ID for the user is generated from the specific domain which does not have an entry in the NIS. This ID is generated from a pre-specified ID range and is auto-incremented. The administrator must make sure that existing NIS IDs do not fall in this provided ID range. This mapping is kept in Scale Out Network Attached Storage and NIS is not aware of this ID mapping. The ID range can be specified using the ID Map User Range and ID Map Group Range options. Example: ad_domain1:AUTO DEFAULT - any user from the specified domain who does not have a mapping entry in the NIS server is mapped to a specified user (typically a guest user). Example: ad_domain1:DEFAULT:ad_domain\guest To specify rules for multiple Active Directory or PDC domains, separate the rules with a semicolon. Example: ad_domain1:DENY_ACCESS; ad_domain2:AUTO; ad_domain3:DEFAULT:ad_domain3\guest
NIS DOMAIN		This field must be used to specify the NIS Domain that is stored in the registry.
Use Id Map	[ ] Use ID Map - NIS is used to map UNIX IDs to Windows IDs for an environment where Active Directory or Samba Primary Domain Controller (PDC) is used for Authentication.	If the NIS Mode is Basic, leave this field blank. If you checked NIS - NFS NetGroup support without User ID Mapping in the Options field of Table 5, leave this field blank.If you checked NIS - NFS NetGroup support with User ID Mapping in the Options field of Table 5, then check the Use ID Map field.
ID MAP USER RANGE		If the Use ID Map field is blank, leave this field blank. If the Use ID Map field is checked AND at least one User Map rule is AUTO then you must specify a User Range and/or a Group Range. Example: 10000-20000. Note: The User Range values must be a minimum of 1024.
ID MAP GROUP RANGE		If the Use ID Map field is blank, leave this field blank. If the Use ID Map field is checked AND at least one User Map rule is AUTO then you must specify a User Range and/or a Group Range. Example: 30000-40000. Note: The Group Range values must be a minimum of 1024.