Ontap 9 Snaplock Configuration

NetApp SnapLock Configuration

Introduction:

SnapLock is an alternative to the traditional optical "write once, read many" (WORM) data. SnapLock is used for the storage of read-only WORM data.

SnapLock is a license-based, disk-based, open-protocol feature that works with application software to administer non-rewritable storage of data. The primary objective of this Data ONTAP feature is to provide storage-enforced WORM and retention functionality by using open file protocols such as CIFS and NFS. SnapLock can be deployed for protecting data in strict regulatory environments in such a way that even the storage administrator is considered an untrusted party.

SnapLock provides special purpose volumes in which files can be stored and committed to a non-erasable, non-rewritable state either forever or for a designated retention period. SnapLock allows this retention to be performed at the granularity of individual files through standard open file protocols such as CIFS and NFS.

NetApp SnapLock compliance software helps you meet strict data retention regulations and internal IT governance rules.

SnapLock is available in tow version: SnapLock compliance for strict regulatory environment, and SnapLock Enterprise, for more flexible environments.

SnapLock can integrates with the snap Mirror and snap vault, and snap mirror allows the SnapLock volumes to be replicated to another storage system and Lock vault backs up SnapLock volumes to a secondary storage system to ensure that if the original data is destroyed than the data can be restored or accessed from another location.

Once the data is created in the SnapLock volume they comes under the retention period and these files get treated as WORM, so that nobody can delete or modify the data until and unless it reach to its retention period, the SnapLock volumes cannot be deleted by the user, administrator nor by the application, the retention date on a WORM file is set when the file is committed to WORM state, but it can be extended at any time. The retention period can never be shortened for any WORM file.

SnapLock Compliance 

SnapLock Compliance is used in strictly regulated environment, where data is retained for longer period of time and these data are accessed frequently only for readable purpose.

SnapLock Compliance even does not allow the storage administrator’s to perform any operations that might modify the file, it uses the feature called “ComplianceClock” to enforce the retention periods. SnapLock Compliance requires the SnapLock license to enable the SnapLock features and to restrict the administration access to the file.

SnapLock Enterprise 

SnapLock Enterprise allows the administrator to destroy the SnapLock volume before all the file on the volume reach their expiration date. However no one else can delete or modify the files.

It requires the SnapLock _enterprise license

Configuration Steps:

1. Check the licenses or else add the snaplock licenses.

 2. Check and initialize the snaplock time.

Manages ComplianceClock of nodes

The snaplock compliance-clock manages the ComplianceClock of the system. ComplianceClock determines the expiry time of the SnapLock objects in the system. ComplianceClock can be initialized only once by the user and once it is set, it cannot be changed or altered by the user. There are two types of ComplianceClocks in the system:

• System ComplianceClock
• Volume ComplianceClock

System ComplianceClock (SCC) is maintained per node. SCC is used to update the Volume ComplianceClock and to provide a base value for Volume ComplianceClock for new SnapLock volumes. The SCC is initialized once by the user and takes the initial base value from the system clock. snaplock compliance-clock show can be used to check the value of the System ComplianceClock.

Volume ComplianceClock (VCC) is maintained per volume and is used as the time reference to calculate the expiry time of SnapLock objects in the SnapLock volume, such as files and the expiry date of the volume. volume snaplock show can be used to check the value of the Volume ComplianceClock.

3. Initialize the snaplock time stamp to the node.

4. Now create an aggregate with snaplock type is Enterprise or Compliance.

5. Now create a volume using an aggregate.

6. Modify the retention period as per your requirement either using CLI or GUI.

ONTAP 9 Domain Tunnel Configuration

Enabling Active Directory domain users to access the cluster

To enable Active Directory domain users to access the cluster, you must set up an authentication tunnel through a CIFS-enabled Vserver. You must also create cluster user accounts for the domain users. This functionality requires that CIFS is licensed on the cluster.

1. CIFS license is required.

2. Configure the cifs server for an existing vserver.

1. First create a security domain tunnel.

2. Create a cluster user, to access via ssh, http and ontapi.

3. Login with the new user, now authentication is done by the domain server.

4. Now create a role, to access the vserver vs1 only the paritcular volume called vol1.

5. Create a new user with using this role.

6. Login with the new user and now you see, you can access only volume command directory.

7. If you try with access the vol2 then it through an error.

8. If you login as a admin role user, you can access all the command directory.

NetBackup 7.7.2 Log Management

NetBackup 7.7.2 Log Management Tutorial:

Netbackup has two types of logs.

1. Legacy Logs

2. Unified Logs (PBX Process)

Unified logs are stored in /usr/openv/logs location by default.

Legacy logs are stored in /usr/openv/netbackup/logs location by default.

For each process it has unique directory.

For example nbemm, Enterprise Media Management server log are stored in /usr/openv/logs/nbemm.


Format of the file:

Productid-Originatorid-hostid-dateand timestamp-logrotation.log

To list the installed netbackup productid and originator's id.

To list the configuration parameters of any originator.

To change the configuration parameter.

To list the log files.

List the nbemm log files of last two days and copy the logs to another location.

Last 12 hours.

Using begin and end time.

To delete the log file.

To list the content of the log file.

For legacy logging, run mklogdir script to create a dir.

Sto and start the netbackup services.

Now you can see the logs of bpdbm.

NetBackup 7.7.2 Catalog Administration

NetBackup 7.7.2 Catalog Administration Tutorial:




1. To check the catalog database run the following command.

nbdb_ping

 2. To list all the database files and config files run the following command.

nbdb_admin -list

3. To check the database service, run bpps command.

4. Always, the catalog backup, first stored in staging folder then it will be send to the catalogbackup volume pool.

5. To check the database consistency run the following command.

bpdbm -consistency

6. To set database password.

7. Run NbDbAdmin command to open the db manager in GUI.

Using tools we can change these parameters.

Using the Add space button, you can increase the size of database.

Netbackup has a catalog consistency check utility by using nbcc command.

In unix, use the bpdbm command to do the administration.

Create a netbackup catalog policy using wizard or CLI.

Specify the policy name and policy type as NBUCatalog.

Select the backup type.

Select the schedule and retention level.

Select the path for the disaster recovery file.

Specify the email id send the disaster recovery file.

Now run one manual backup.

Backup got initiated.

The catalog backup image is storing in staging folder.

Now the catalog backup successfully completed.

You can able to see the catalog disaster recovery file.

For lab test, delete few storage units and policies.

Now go for the catalog recovery wizard.

Select your catalog disaster recovery file.

Catalog recovered successfully.

Now you can see all the policies and storage units.