March 18, 2012

Managing Storage Domains in Unisphere

What is a storage domain? EMC defines a domain as a collection of storage systems that can be centrally managed and monitored. What this means for us is simply that we can login to one Unisphere session to manage all our arrays. No more multiple logins for each array that we want to manage! 

So which Unisphere should you use for managing your storage domains?

Unisphere 1.0 was first introduced in FLARE 30 and DART 6.0 as a unified management GUI for Clariion and Celerra arrays.  

It supports Clariions with FLARE 19 onwards. Celerras must have a minimum of DART 6.0 onwards for Unisphere management. Arrays with older DART versions can be added, but Unisphere will launch Celerra Manager for management operations. 

March 17, 2012

VNX SP connection error: "Error processing connection request. Please verify and re-enter your connection information"

This was a weird error which I could not find any discussion online. But for reference sake, I will post this up in case anyone else comes across this issue.

All of us had no issue using Unisphere GUI login to a VNX box, except for one particular user. He had no login problems through the Control Station IP address, but when he tried the SPA/B IPs, he got the prompt "Error processing connection request. Please verify and re-enter your connection information."


VNX LDAP configuration error: "Domain Settings update failed"

While using Unisphere GUI to save the LDAP settings for File on a new VNX box for authenticating to Microsoft AD, we were hit with the error - "Domain Settings update failed"


March 4, 2012

Is the CAVA msrpcuser required?

When I first began working on CAVA, there was one section in the EMC documentation "Using Celerra Antivirus Agent" which confused me.

Under the section "Starting the VC Client", part of the "Prerequisites" says: 


"Before starting the virus-checking service:

◆ The administrator must issue the following command from the Control Station:


/nas/sbin/server_user server_2 -add -md5 -passwd <msrpcuser>


The administrator then must follow the prompts for entering information.


<msrpcuser> is the name assigned to either a simple user account or user account that is part of a domain that the EMC CAVA service is running under on the Celerra Event Enabler machine. For example, if the EMC CAVA service is running under a user called ceeuser, the viruschecker.conf file entry would be msrpcuser=ceeuser. If ceeuser is a member of a domain, the entry would be msrpcuser=domain.ceeuser.
"


Essentially it means that the user account used to run the CAVA service in your CAVA server should also be created locally in the Datamover that connects to the CAVA server for CAVA scanning.

Debugging EMC Celerra CAVA scanning in the logs

While exploring a CAVA issue with an EMC support guy, I had the opportunity to understand something more on this often under documented but important security feature of Celerra.

CAVA related actions are all recorded in the server logs. By default, only file writes are logged because it is assumed only write functions may introduce virus into the NAS storage. 

It is possible to have file reads be logged by turning on debugging for CAVA scanning. This is disabled by default (and EMC recommended) because of three impact to the Celerra system:
  1. The system resources (or overhead) for CAVA scanning operations will increase because every single CAVA scan operation will be logged
  2. Files can only be accessed after the CAVA scan entries are logged
  3. The server log size will also increase a lot as a result. This may cause other important log entries to get overwritten or missed by storage administrators

March 1, 2012

Access is denied error when using Celerra Management tool

I encountered an issue on customer's site when using Celerra Management tool. 

Symptoms

Working with one of the Wintel system admin on a server where the tool was installed, we tried connecting to one of the CIFS Servers, but were greeted with an error prompt "Access is denied. Extended Error. LDAP Provider 00000005.. (INSUFF_ACCESS RIGHTS)..."