Create NAS servers

Network-attached storage is a file-level storage architecture that makes stored data more accessible to networked devices.

Prerequisites

Be sure to have your NAS network information (Network port, IP Address, Subnet Mask/Prefix Length, Gateway information for the NAS Server) available.

If you are configuring a stand-alone NAS server, obtain the workgroup and NetBIOS name. Then define what to use for the stand-alone local administrator of the SMB server account.

Before configuring NAS servers with SMB protocol:

  • Configure one or more DNS servers
  • If you are joining the NAS server to the Active Directory (AD), configure at least one NTP server on the storage system to synchronize the date and time. It is recommended that you set up a minimum of two NTP servers per domain to avoid a single point of failure.
    NOTE: During AD creation, NTP is configured.
  • Obtain the SMB computer name (used to access SMB shares), Windows domain name, and the username and password of a domain administrator or domain user who has a sufficient domain access level to join the AD.
  • Create a domain account in Active Directory.

About this task

See Understanding PowerMax File for storage systems for an overview of PowerMax File.

Before you can provision file storage on the storage system, a NAS server must be running on the system. A NAS server is a file server that uses the SMB protocol, NFS protocol, or both to share data with network hosts. It also catalogs, organizes, and optimizes read and write operations to the associated file systems. You must create NAS servers before creating file systems.

The NAS Server and File Interfaces can be configured without having a defined subnet on the physical ports.

Steps

  1. Select a storage system that supports PowerMax File.
  2. Select Storage > File.
  3. Select the NAS SERVERS tab.
  4. Click Create.
  5. Select the General section. Type the Name of the new NAS server (a unique name) and select the Primary Node, Backup Node, and the Storage Resource Pool. Click NEXT.
    All the nodes are listed and it is your responsibility to choose the appropriate backup node.
    NOTE: The Primary and Backup node cannot be the same.
  6. Select the File Interface section. Select the network device on primary node, and select the network device on backup node. Type the IP Address and the Gateway IP address. Click NEXT.
  7. Select the Protocol section. NAS Servers can also be configured for mixed protocol support. For NFS server, select NFSv3 or NFSv4 or both.
    • For NFS server, do the following:
      • Select NFSv3 or NFSv4 or both.
      • Optionally, disable, or enable Secure NFS.Extended UNIX credentials are also enabled.
      • Select Enable or disable Extend Unix credentials.
        NOTE: Secure NFS supports NFS credentials with more than 16 groups, which is equivalent to the extended UNIX credentials option.If this field is selected, the NAS server uses the User ID (UID) to obtain the primary Group ID (GID) and all group GIDs to which it belongs. The NAS server obtains the GIDs from the local password file or UDS.If this field is cleared, the UNIX credential of the NFS request is directly unzipped from the network information that is contained in the frame. This method has better performance, but it is limited to including up to only 16 group GIDs.
      • In the Credential Cache Retention field, enter a time period (in minutes) for which access credentials are retained in the cache.
      • Click Apply,
    • For SMB server, do one of the following:
      • Click Join to the Active Directory Domain
        • Type the SMB system name, SMB server description, Windows Domain, Domain privileged username, and password.
        • Click Advanced Options. Type the NetBios name and select the organizational unit. Click OK.
      • Click Standalone
        • Type the NetBios name, SMB server description, workgroup, Administrator Password. Retype the password.
    NOTE: NAS Servers can also be configured for mixed protocol support. In this case, the NAS Server exposes both NFS and SMB access for its File Systems.
  8. Select the DNS section. Select the Enable DNS checkbox. If multiprotocol is selected, the DNS Domain is automatically filled in, otherwise enter a value for DNS Domain. Type in the server IP address or addresses. Click NEXT.
    NOTE: DNS server information is mandatory when:
    • Joining an AD domain, but optional for a stand-alone NAS server.
    • Configuring Secure NFS.
    DNS can also be used to resolve hosts defined on NFS export access lists. DNS can be disabled buut you cannot disable DNS for NAS servers that are configured with:
    • Multiprotocol file sharing
    • SMB file sharing that is joined to an Active Directory (AD)
    • Secure NFS
  9. You can configure the naming services with a combination of Local Files, NIS, or LDAP. Select the Unix Directory Service section.
    • Select Enable a Unix Directory service using Local Files checkbox and choose a password file to be uploaded to the NAS server. To use local files for FTP access, the passwd file must include an encrypted password for the users. This password is used for FTP access only. The passwd file uses the same format and syntax as a standard UNIX system, so you can apply the password to generate the local passwd file. On a UNIX system, use useradd to add a user and passwd to set the password for that user. Then, copy the hashed password from the /etc/shadow file, add it to the second field in the /etc/passwd file, and upload the /etc/passwd file to the NAS server.
    • Select Enable a Unix Directory Service using NIS or LDAP checkbox. Enter the NIS domain and add the IP addresses for the NIS servers.
    • Select Enable a Unix Directory Service using NIS or LDAP checkbox. LDAP must adhere to the IDMU, RFC2307, or RFC2307bis schemas. Some examples include AD LDAP with IDMU, iPlanet,and OpenLDAP. The LDAP server must be configured properly to provide UIDs for each user. For example, on IDMU, theadministrator must go into the properties of each user and add a UID to the UNIX Attributes tab.You can configure LDAP to use anonymous, simple, and Kerberos authentication. If using Kerberos authentication, you must configure the following before you continue to configure LDAP with Kerberos: From the Naming Services card, configure the DNS server that is used to join and unjoin a Kerberos server to a realm. From the Security tab, add the Kerberos Realm.
      • Optionally modify the port number (By default, LDAP uses port 389, and LDAP over SSL (LDAPS) uses port 636).
      • Add the IP addresses for the LDAP servers. The NAS server can be configured to use the DNS service discovery to automatically obtain LDAP server IP addresses.
        NOTE: For this discovery process to work, the DNS server must contain pointers to the LDAP servers, and the LDAP servers must share the same authentication settings.
      • Configure the LDAP authentication as follows:
        • Anonymous - Specify the Base DN, and the Profile DN for the iPlanet/OpenLDAP server.
        • Simple - specify the following:
          • If using AD, LDAP/IDMU
            • Bind DN in LDAP notation format; for example, cn=administrator,cn=users,dc=svt,dc=lab,dc=com.
            • Base DN, which is the same as the Fully Qualified Domain Name (for example, svt.lab.com).
            • Profile DN.
          • If using the iPlanet/OpenLDAP server:
            • Bind DN in LDAP notation format; for example, cn=administrator,cn=users,dc=svt,dc=lab,dc=com.
            • Password
            • Base DN. For example, if using svt.lab.com, the Base DN would be DC=svt,DC=lab,DC=com
            • Profile DN for the iPlanet/OpenLDAP server.
        • Kerberos - Configure a custom realm to hover over any type of Kerberos realm (Windows, MIT, Heimdal). With thisoption, the NAS Server uses the custom Kerberos realm that is defined in the Kerberos subsection of the NAS server Security tab.
          NOTE: If you use NFS secure with a custom realm, you have to upload a keytab file.
  10. View the summary.
  11. Do one of the following:
    • Click Run In The Background to perform the operation in the background.
    • Expand Run in the Background and click Add to Job List to add this task to the job list, from which you can schedule or run the task at your convenience. For more information, see Schedule jobs and Preview jobs

Next steps

Once you have created the NAS server for NFS, you can continue to configure the server settings.

If you enabled Secure NFS, you must continue to configure Kerberos.

Select the NAS server to continue to configure, or edit the VIEW ALL DETAILS of the NAS server settings.