4.1 Disk management
In order to use the storage space, the first thing to configure is to define the "RAID" profile, i.e. to configure the ZFS pool available.
The first 2 discs are reserved for the system, they are configured in mirror mode and are hosting Solaris (SunOS Release 5.11 Version ak/generic@2008.10.23,1-0 64-bit)
We can choose between 5 profiles: ( the profile will use 14 of our 146 GB disks):
- Double parity RAID
13 disks used for the data and parities, 1.45 TB are usable, 1 disk is reserved for replacement (spare)
- Double parity RAID, wide stripes
13 disks used for the data and parities, 1.45 TB are usable,
1 disk is reserved for replacement (spare)
- Mirrored
12 disks used for the data and parities, 808 GB are usable,
2 disks are reserved for replacement (spare)
- Single parity RAID, narrow stripes
12 disks used for the data and parities, 1.18 TB are usable,
2 disks are reserved for replacement (spare)
- Striped
14 disks used for the dat, 1.84 TB are usable
Sun provides a rating from 1 to 5 for the availability, the performance and the capacity of the various profiles as well as a text of explanation.
The announced differences in index of capacity between the first 2 modes being suspect, we preferred to test the various profiles ourselves (see section 5)
4.2 Share management
Protocols are managed by shares; accessibility is granted (or not) for each protocol : CIFS, FTP, NFS and HTTP.
Being accustomed
to manage shares by services, we were a bit surprised but at the end we found it very practical.
Quotas, compression, access and snapshots are managed by share too. Acess rights are managed by user and group, in relation to a domain controller, LDAP, NIS or are manually managed. Quotas, compression, integrity check, and data replication are modifiable on the fly. ZFS reveals all its power in dynamic configuration.
The shares are groupable by “projects” in order to define default values. If you have a second Sun Storage at your disposal, the projects can synchronized automatically as a background task (through a SSL encrypted connection) guaranteeing a very high availability and perenniality of your data.
Shares
For NFS, options are :
- sharing disabled, read only sharing, read and write sharing
- activation or deactivation (recommanded) of privileges elevation (setuid/setgid)
- the user associated to the anonymous connection
- read/write exceptions for one or more computers
For CIFS, your only choice:
- the name of the share (name it 'off' to disable it).
And if you wonder how you could name it 'off', don't ask us. Supporters of Samba will be quickly disapointed.
For FTP and HTTP
- sharing disabled, read only sharing, read and write sharing
Secutity
Security is managed in the 'Access' section, owners and permissions are defined via ACL.
By group and by user, permissions can be defined as:
Read: Read Data/List Directory (r),
Execute File/Traverse Directory (x),
Append Data/Add Subdirectory (p),
Read Attributes (a),
Read Extended Attributes (R)
(Surprising, Append Data/Add Subdirectory are classified 'Read')
Write: Write Data/Add File (w),
Delete (d),
Delete Child (D),
Write Attributes (A),
Write Extended Attributes (W)
Admininistration: Read ACL/Permissions (c),
Write ACL/Permissions (C),
Change Owner (o)
Inheritance: Apply to Files (f),
Apply to Directories (d),
Do not apply to self (i),
Do not apply past children (n)
Snapshots
A snapshot of a share can be manually started or planned. These instantaneous snapshots are particularly optimized under ZFS, they consume few resources and are very fast.
It is possible to restore the files of a share from a snapshot or to explore this “copy” in order to find a specific file. Unfortunately snapshot configuration is simplistic, the only available available option is the visibility of the snapshot in the share.
4.3 Backups
The serveur implements NDMP, an open protocol, used by backup tools in order to backup a complete share (data and and metadata). The most known NDMP solutions are NetBackup, BackupExpress and Netvault. Being not equipped with an NDMP compatible software, we could not test this feature.
4.4 Status and Analytics
Toolbox of the perfect spy, Analytics will help you to finely analyse the activities of the server:
- protocols activity: CIFS, HTTP, ISCSI, NFS
- backup : NDMP
- processor: usage
- memory : caches
- disks : number of IO operations , bandwidth
- network
Each statistics is represented in the form of a graph which one will be able to explore and split by category. We would have liked to be able to monitor temperatures and voltages, two roots of many concerns…
With Analytics, you will be able to visualize the number of bytes transferred, read/write activity by disk, or the processor usage in the time and divided by number of process…
Fun at first, one realizes quickly the administrator of the server has only little utility of the results, the knowledge of reaching a critical level of 134 546 IO operations / sec will not improve your capacity to improve the responsiveness of the server. If there are too much IO operations, you will not be able to solve it at the server level, you only have 2 choices:
-
buy a new server or
-
ask your users to reduce their usage of your shares
We would have preferred a monitoring focused on the hotspots, for example, the list of files or share that are the most used, the “greedy” users … these data are more useful and allow to treat the causes of overloads quickly.
4.5 Command line
The server administration can be done in command line (CLI) via SSH, the interface provided is close to the one provided in network appliance.
The CLI and the BUI are dependent in their operation, we saw that if the BUI block in an operation the CLI is blocked too. To get a shell in order to restart manualy the services, just type “shell” in the CLI once connected with SSH, it will give you access to the command line tools of Solaris.
Commands are hierarchically organized:
+---> configuration
| +---> net
| | +---> datalinks
| | +---> devices
| | +---> interfaces
| +---> services
| | +---> ad
| | +---> cifs
| | +---> dns
| | +---> ftp
| | +---> http
| | +---> identity
| | +---> idmap
| | +---> ipmp
| | +---> iscsi
| | | +---> initiators
| | +---> ldap
| | +---> ndmp
| | +---> nfs
| | +---> nis
| | +---> ntp
| | +---> routing
| | +---> scrk
| | +---> snmp
| | +---> ssh
| | +---> tags
| | +---> vscan
| | +---> directory
| | | +---> nis
| | | +---> ldap
| | | +---> ad
| | +---> support
| | +---> tags
| | +---> scrk
| +---> version
| +---> users
| +---> roles
| +---> preferences
| +---> alerts
| | +---> actions
| | +---> thresholds
| +---> storage
+---> maintenance
| +---> system
| | +---> updates
| | +---> disks
| +---> hardware
| +---> logs
+---> test
| +---> tasks
| +---> test1
| | +---> test1_1
| | +---> test1_2
| +---> freq
+---> raw
+---> utask
+---> analytics
| +---> worksheets
| +---> datasets
+---> status
| +---> storage
| +---> memory
| +---> services
| +---> hardware
| +---> activity
| +---> alerts
+---> shares