Information required before starting initial configuration of your system
Identify the information needed to configure your system using the management GUI.
About this task
![Here are examples of IP addresses, machine names, and so forth.](ifs00053.gif)
Legend for Figure 1:
- 1 File storage path
- 2 Block storage path
- 3 Remote support services via internet
- A DNS server
- B NTP server
- C Email server
- D Authentication server
- E 10 Gbps Ethernet switch
- F Client machine
- G Client machine
- H Fibre Channel switch
- AA 1 Gbps Ethernet direct connection between the file modules
- BB 10 Gbps Ethernet network
- CC Fibre Channel network
- DD 1 Gbps Ethernet
- EE Fibre Channel direct connection from file modules to node canisters
Fill out all the information in the following tables in order to navigate through the initial configuration wizard in the management GUI. Your chances of completing the initial configuration successfully are greatly increased if you have carefully planed and completed these tables before you start the initial setup and initial configuration of the system.
Field | Value | Notes |
---|---|---|
System name | The name of the Storwize® V7000 Unified system. It is best if this is also the IP name for the management IP address (For example : myfilesystem1) | |
NetBIOS name | Name used for NetBIOS access to the system. Note: To change the NetBIOS name after the initial configuration, use the cfgcluster CLI command.
|
|
Time zone | Refer to Time zone list. Example: If the machine is being installed in Tucson, Arizona, USA, the best match for the time zone is America/Phoenix. You will match this to a drop down menu located in the management GUI. | |
Network Time Protocol (NTP) Server | Site NTP server address (for example, 123.123.123.103) | |
Alternate NTP server | Alternate NTP server if applicable | |
VLAN ID |
|
|
Domain name | This name is the public network domain name.
Example: company.com The system name and domain name are typically used in combination. Example: myfilesytem1.company.com |
|
DNS servers | Numerical address of user Domain Name Server (for example, 123.123.123.102) can be multiple server addresses | |
DNS search domain | Additional domain names to be used with primary domain name (for example, a.company.com or us.company.com) | |
Authentication method for network access to file systems | Refer to Table 5, Table 6, Table 7, Table 8 to set up your authentication method. When done, return here to continue. | |
Public subnet or subnets | Where subnet is the numeric IP address of the
public network (data path). It is used for all of the Ethernet data
path connections. Note: The Subnet is entered as the subnet address
followed by the CIDR equivalent of the subnet mask (for example 99.99.99.0/24).
You may have more than one public network to access the file systems
and file sets shared by this system.
|
|
Public subnet mask or subnet masks | This is the subnet mask or subnet masks associated with the public subnet or subnets (for example, 255.255.255.0). | |
CIDR equivalent of the subnet mask | This is the CIDR (/XX) equivalent of the subnet mask that was specified previously. Look up the subnet mask (specified previously) then refer to the Table 4 and find the CIDR equivalent and record it on this line. It must be between /0 and /32 (for example, /24). | |
Default gateway IP address | This is the numeric gateway IP address. It is used for all network access to the file systems. For example, 99.99.99.1 | |
Public IP addresses | The public IP addresses are the data path connections to your network. They are used for all of the Ethernet data path connections the file modules. At least 2 addresses are recommended (1 per node). The data path connections use Ethernet bonding, so a single IP address (along with a subnet mask and gateway) is used for all available Ethernet ports on a single file module. The system automatically load balances between the physical ports on a single file module. (For example, 99.99.99.100, 99.99.99.101,99.99.99.102,99.99.103) | |
Additional public gateway IP addresses | Additional gateways IP addresses for access to the file systems across each of the public networks. | |
Email server IP address | The IP address of your email server for outgoing mail (for example, 123.123.123.104) |
Field | Value | Note |
---|---|---|
Company Name | The name of your company | |
Address | This is the address where the machines are located. Example: Bldg. 123, Room 456, 789 N Data Center Rd, City, State | |
Your Contact Phone Number | This is the primary phone number that IBM® Remote Technical Support will call, if the system calls home to report a problem. | |
Your Off Shift Contact Phone Number | This is the alternate phone number that IBM Remote Technical Support will call, if the system calls home to report a problem. | |
IP address of proxy server (for call home) | _____._____._____._____ | Optional. If a proxy server is needed to access the internet for Call Home from the file modules, this is the IP address of that server. If no proxy server is used, leave this field blank. |
Port Of Proxy Server (For Call Home) | Optional. If a proxy server is needed, this is the port corresponding to the IP address listed previously. If no proxy server is used, leave this field blank. | |
Userid For Proxy Server (For Call Home) | Optional. If a proxy server is needed, and the proxy server requires a user ID and password, record the user ID here. If no proxy server is used, or no user ID and password are used, leave this field blank. | |
Password For Proxy Server (For Call Home) | Optional. If a proxy server is needed, and the proxy server requires a user ID and password, record the password here. If no proxy server is used, or no user ID and password are used, leave this field blank. | |
IBM Support email address | callhome1@de.ibm.com callhome0@de.ibm.com |
|
Host Name | IP Address | Port | Description |
---|---|---|---|
eccgw01.boulder.ibm.com | 207.25.252.197 | 443 | ECC transaction gateway |
eccgw02.rochester.ibm.com | 129.42.160.51 | 443 | ECC transaction gateway |
ftp.ecurep.ibm.com | 192.109.81.7 | 20, 21 | File upload for status reporting and problem reporting through FTP |
www6.software.ibm.com | 170.225.15.41 | 443 | File upload for status reporting and problem reporting. Proxy to testcase.boulder.ibm.com |
www-945.ibm.com | 129.42.26.224 | 443 | Problem reporting server v4 |
www-945.ibm.com | 129.42.34.224 | 443 | Problem reporting server v4 |
www-945.ibm.com | 129.42.42.224 | 443 | Problem reporting server v4 |
www.ibm.com | 129.42.56.216 | 80, 443 | Service provider file (CCF) download |
esupport.ibm.com | 129.42.56.189, 129.42.60.189, 129.42.54.189 | 443, 80 (optional) | For the Edge ECC v4 connectivity, it is recommended that customers open 129.42.0.0/18 (EI IPv4 address range) to minimize any issues in the future. |
www.ibm.com | 129.42.58.216 | 80, 443 | Service provider file (CCF) download |
www.ibm.com | 129.42.60.216 | 80, 443 | Service provider file (CCF) download |
www-03.ibm.com | 204.146.30.17 | 80, 443 | Service provider file (CCF) download |
Subnet Mask | CIDR Equivalent | Note |
---|---|---|
255.255.255.255 | /32 | Host (single address) |
255.255.255.254 | /31 | Unusable |
255.255.255.252 | /30 | 2 usable |
255.255.255.248 | /29 | 6 usable |
255.255.255.240 | /28 | 14 usable |
255.255.255.224 | /27 | 30 usable |
255.255.255.192 | /26 | 62 usable |
255.255.255.128 | /25 | 126 usable |
255.255.255.0 | /24 | Class C 254 usable |
255.255.254.0 | /23 | 2 Class Cs |
255.255.252.0 | /22 | 4 Class Cs |
255.255.248.0 | /21 | 8 Class Cs |
255.255.240.0 | /20 | 16 Class Cs |
255.255.224.0 | /19 | 32 Class Cs |
255.255.192.0 | /18 | 64 Class Cs |
255.255.128.0 | /17 | 128 Class Cs |
255.255.0.0 | /16 | Class B |
255.254.0.0 | /15 | 2 Class Bs |
255.252.0.0 | /14 | 4 Class Bs |
255.248.0.0 | /13 | 8 Class Bs |
255.240.0.0 | /12 | 16 Class Bs |
255.224.0.0 | /11 | 32 Class Bs |
255.192.0.0 | /10 | 64 Class Bs |
255.128.0.0 | /9 | 128 Class Bs |
255.0.0.0 | /8 | Class A |
254.0.0.0 | /7 | 2 Class As |
254.0.0.0 | /6 | 4 Class As |
252.0.0.0 | /5 | 2 Class As |
248.0.0.0 | /4 | 8 Class As |
224.0.0.0 | /3 | 16 Class As |
192.0.0.0 | /2 | 32 Class As |
128.0.0.0 | /1 | 64 Class As |
0.0.0.0 | /0 | IP space |
- Microsoft Active Directory - with or without SUA / SFU
- Lightweight Directory Access Protocol (LDAP)
- Network Information Service (NIS
A local LDAP server can also be used which runs on the file modules, but this is limited. For example it does not support asynchronous filesystem replication to another Storwize V7000 Unified system. Refer to Managing authentication and ID mapping.
Use the flow chart in Figure 2 to assist in deciding which authentication method is right for you. The factors that influence the decision are the types of client hosts, the existing authentication infrastructure (if any), and if asynchronous file system replication is to be utilized.
![Flow chart for planning an authentication method.](ifs00059.gif)
Internally, the Storwize V7000 Unified system uses IBM General Parallel File System (GPFS). GPFS is a UNIX file system that uses UNIX-style user IDs (UID) and group IDs (GID) to manage file permissions.
For Windows (CIFS) users to access files, there must be some sort of User ID Mapping, such as some way to map the Windows user and group objects to Unix UIDs and GIDs. The Storwize V7000 Unified system supports user ID mapping either internally or externally. While external user ID mapping is preferred, internal mapping can be done using a table local to the Storwize V7000 Unified system to map Windows user and group objects to arbitrary Unix UIDs and GIDs. That table is not accessible externally, even to another Storwize V7000 Unified system for asynchronous file system replication.
Asynchronous replication thus requires external user ID mapping, specifically Windows Active Directory with the Subsystem for Unix (SUA) enabled and populated. Mixed client access, which is having both UNIX and Windows clients access the same files (using NFS and CIFS), requires external user mapping using either Active Directory with SUA/SFU or LDAP with Samba extensions.
Field | Value | Note |
---|---|---|
Authentication Method | [ ] Microsoft Active Directory [ ] Lightweight Directory Access Protocol (LDAP) [ ] Samba Primary Domain Controller (PDC) - NT4 [ ] None (requires configuring Network information Service (NIS) for NFS NetGroup support) |
Check one of the options. If you check None, do not select either of the following NIS options. |
Options | [ ] Kerberos, compatible with authentication method of LDAP only [ ] Services For UNIX (SFU) - compatible with authentication method of Active Directory only [ ] Network Information Service (NIS) - NFS NetGroup support without User ID Mapping - compatible with authentication method of Active Directory or PDC only. [ ] Network Information Service (NIS) - NFS NetGroup support authentication method with User ID Mapping - compatible with authentication method of Active Directory or PDC only. |
One or more of these optional capabilities may be used to extend the capabilities of the authentication method selected previously. If none of these options are needed then leave this row blank. |
If you checked Microsoft Active Directory in the Authentication Method field of Table 5, you must complete Table 6.
Field | Value | Note |
---|---|---|
Active Directory Server Ip Address |
_____._____._____._____
_____._____._____._____ |
This is the numeric IP address of the remote Active Directory server (domain controller) on your network. |
Active Directory Userid | This is the user ID that must be provided when communicating with the remote Active Directory server. The following user ID and the password are used to authenticate to the Active Directory server. | |
Active Directory Password | This is the password that must be provided when communicating with the remote Active Directory server. | |
SFU DOMAIN NAME | If you checked Services For Unix
(SFU) in the Options field of Table 5, then you must complete this field. If you did not check
SFU, leave this field blank. This field is used to specify the Trusted Domain Name for the Active Directory server. |
|
SFU RANGE | Upper range: ________________ Lower range: ________________ |
If you checked Services For Unix
(Sfu) in the Options field of Table 5, then you must complete this field. If you did not check
SFU, leave this field blank. This field is used to specify the Lower and Upper bounds of the User Identifier (UID) and Group Identifier (GID) ranges for the storage system. Use the format Lower-Upper (for example, 25-37). The SFU Range must contain the UNIX UID/GID numbers corresponding to users/groups who need to access the system with SFU. The primary group assigned to the SFU users must be an existing Active Directory group with a valid UNIX GID assigned to it. The SFU users must have the same UNIX Attribute primary group and Windows primary group. The UNIX UID/GID that are assigned to such users/groups must be in the ID range provided with -cp parameter of the cfgsfu command. The range for UID/GID must not intersect with 10000000-11000000, this range is used by Scale Out Network Attached Storage internally for other UID/GID mapping |
SFU SCHEMA MODE | [ ] SFU [ ] rfc2307 |
If you checked Services For Unix
(Sfu) in the Options field of Table 5, then you must complete this field. If you did not check
SFU, leave this field blank. This field is used to specify the schema Mode. The schema Mode can be either sfu or rfc2307depending on the operating system of the Active Directory domain server. If the operating system of the domain server is Microsoft Windows 2008 or Windows 2003 with SP2R2 packages use the schemaMode of rfc2307 for Windows 2000 and Windows 2003 with SP1, use sfu. |
If you checked LDAP in the Authentication Method field of Table 5, you must complete Table 7.
Field | Value | Note |
---|---|---|
LDAP SERVER IP ADDRESS |
_____._____._____._____
_____._____._____._____ |
This is the numeric IP address of the remote LDAP server on your network. |
SECURITY METHOD | [ ] Off [ ] SSL (Secure Sockets Layer) [ ] TLS (Transport Layer Security) |
The communications link between the Storwize V7000 Unified system and your LDAP server may be open (unencrypted), or may
be secured (encrypted). If secured, one of two methods is used: SSL
or TLS. Note: When SSL or TLS is used, a security certificate file
must be copied from your LDAP server to the Storwize V7000 Unified Management Node.
|
Certificate Path | If the SSL method is Off, leave this field blank. If the SSL method is SSL or TLS, record the path on the Storwize V7000 Unified Management Node where you copy the Certificate file. As an example, if the Certificate File is cacert.pem and you store it in a directory called /certificates, then record /certificates/cacert.pem. | |
User Suffix | Specifies the LDAP user suffix to be used. | |
Group Suffix | Specifies the LDAP group suffix to be used. | |
Bind Distinguished Name | This is the bind distinguished name from the /etc/openldap/slapd.conf file on your LDAP server. In the example following note 1 below, the bind distinguished name is cn=Manager,dc=v7kuldap,dc=com | |
Bind Password | This is the bind password from the /etc/openldap/slapd.conf file on your LDAP server. In the example following note 1 below, the bind password is secret. | |
Kerberos Server Name | If you checked Kerberos in the Options field of Table 5, you must complete this field. If you did not check Kerberos, leave this field blank. This field is the name of the Kerberos server used with your LDAP environment. | |
Kerberos Realm | If you checked Kerberos in the Options field of Table 5, then you must complete this field. If you did not check Kerberos, leave this field blank. This field is the Realm for the Kerberos server used with your LDAP environment. | |
Kerberos Keytab File | If you checked Kerberos in the Options field of Table 5, then you must complete this field. If you did not check Kerberos, leave this field blank. This field is the file name for the Kerberos KeyTab file. |
Field | Value | Note |
---|---|---|
NIS MODE | [ ] Basic - NIS is used (to provide NFS NetGroup support) in an environment without Active Directory, LDAP, or Samba Primary Domain Controller (PDC). [ ] Extended - NIS is used (to provide NFS NetGroup support or to map UNIX IDs to Windows IDs) for an environment where Active Directory or Samba Primary Domain Controller (PDC) is used for Authentication. |
NIS is typically used for one of the following
purposes:
If you checked None in the Authentication Method field of Table 5, then select Basic. If you checked either of the NIS items in the Options field of Table 5, then select Extended. |
Domain Map | If the NIS Mode is Basic, leave this field blank. If the NIS mode is Extended, this field is optional. This field can be used to specify the mapping between Active Directory domains and different NIS domains. When specifying a domain map, use a colon between the Active Directory domain and the NIS domain or domains. Example: ad_domain:nis_domain1 If more than one NIS domain is specified, use a comma-separated list. Example: ad_domain:nis_domain1,nis_domain2 To specify more than one Active Directory domain, use a semicolon. Example: ad_domain1:nis_domain1,nis_domain2; ad_domain2:nis_domain3,nis_domain4 |
|
Server Map | This field must be used to specify the mapping between NIS servers and NIS domains. When specifying a server map, use a colon between the NIS server and the NIS domain or domains. Example: nis_server:nis_domain1 If more than one NIS domain is specified, use a comma-separated list. Example: nis_server:nis_domain1,nis_domain2 To specify more than one NIS server, use a semicolon. Example: nis_server1:nis_domain1,nis_domain2; nis_server2:nis_domain3,nis_domain4 |
|
User Map | If the NIS Mode is Basic, leave this field blank. This optional field can be used to specify the handling for a user who is not known to the NIS server. Only one rule can be specified for each Active Directory or PDC domain. The handling
is specified using one of the following keywords:
To specify rules for multiple Active Directory or PDC domains, separate the rules with a semicolon. Example: ad_domain1:DENY_ACCESS; ad_domain2:AUTO; ad_domain3:DEFAULT:ad_domain3\guest |
|
NIS DOMAIN | This field must be used to specify the NIS Domain that is stored in the registry. |
|
Use Id Map | [ ] Use ID Map - NIS is used to map UNIX IDs to Windows IDs for an environment where Active Directory or Samba Primary Domain Controller (PDC) is used for Authentication. |
If the NIS Mode is Basic, leave this field blank. If you checked NIS - NFS NetGroup support without User ID Mapping in the Options field of Table 5, leave this field blank.If you checked NIS - NFS NetGroup support with User ID Mapping in the Options field of Table 5, then check the Use ID Map field. |
ID MAP USER RANGE | If the Use ID Map field is blank, leave this field blank. If the Use ID Map field is checked AND at least one User Map rule is AUTO then you must specify a User Range and/or a Group Range. Example: 10000-20000. Note: The User Range values
must be a minimum of 1024.
|
|
ID MAP GROUP RANGE | If the Use ID Map field is blank, leave this field blank. If the Use ID Map field is checked AND at least one User Map rule is AUTO then you must specify a User Range and/or a Group Range. Example: 30000-40000. Note: The Group Range values
must be a minimum of 1024.
|