HPE 3PAR File Persona User Guide€¦ · 2GettingStartedwiththeFilePersonaSoftware FilePersonaPrerequisites Toenable,configure,andusethefeaturesavailablewiththeFilePersonasoftwareonaStoreServ

HPE 3PAR File Persona User GuideHPE 3PAR OS 3.2.2

AbstractThis user guide introduces and provides instructions on how to configure, use and troubleshoot the HPE 3PAR File PersonaSoftware suite, a feature of the HPE 3PAR OS. The File Persona software allows the user to create a customized group ofstorage objects to manage file service requirements. This guide is for all levels of system and storage administrators.

Part Number: QL226-98190RPublished: November 2015

© Copyright 2015 Hewlett Packard Enterprise Development LP

The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and servicesare set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constitutingan additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.

Confidential computer software. Valid license from Hewlett Packard Enterprise required for possession, use, or copying. Consistent with FAR12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensedto the U.S. Government under vendor's standard commercial license.

Links to third-party websites take you outside the Hewlett Packard Enterprise website. Hewlett Packard Enterprise has no control over and is notresponsible for information outside the Hewlett Packard Enterprise website.

Acknowledgments

Intel®, Itanium®, Pentium®, Intel Inside®, and the Intel Inside logo are trademarks of Intel Corporation in the United States and other countries.

Microsoft® and Windows® are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

Adobe® and Acrobat® are trademarks of Adobe Systems Incorporated.

Java® and Oracle® are registered trademarks of Oracle and/or its affiliates.

UNIX® is a registered trademark of The Open Group.

Contents1 Overview..............................................................................................................62 Getting Started with the File Persona Software..................................................7

File Persona Prerequisites....................................................................................................................7System Support for the File Persona Software.....................................................................................7Licensing for the File Persona Software...............................................................................................8

Activating the File Persona Software License.................................................................................83 Enabling and Configuring File Persona...............................................................9

Considerations for Common Provisioning Groups Used for File Persona............................................9Enabling File Persona...........................................................................................................................9Configuring File Persona Network Settings........................................................................................10

Setting the Bond Mode for File Persona Nodes............................................................................10Setting the Maximum Transmission Unit Size...............................................................................11Configuring File Persona Node IP Addressing..............................................................................11Setting the LAN Gateway Address for File Persona.....................................................................12Configuring Static Routes for File Persona...................................................................................12Setting DNS Addresses and Domain Suffixes for File Persona....................................................14

Configuring File Persona Authentication Settings..............................................................................15Joining File Persona Nodes to an Active Directory Domain..........................................................15Removing File Persona Nodes from an Active Directory Domain.................................................15Enabling and Disabling the RFC2307 Setting for Active Directory Services.................................15Configuring LDAP Servers............................................................................................................16Removing LDAP Servers...............................................................................................................17Setting the Authentication Provider Stacking Order......................................................................17

Configuring NFSv4 Domain Names for File Persona.........................................................................19Configuring Global SMB Settings.......................................................................................................19Configuring Global Object Access Settings........................................................................................20Enabling File Persona on Additional Node Pairs................................................................................20Displaying File Persona Configuration Settings.................................................................................21Disabling File Persona........................................................................................................................21Reverting and Downgrading the 3PAR OS with File Persona............................................................22

4 Managing File Persona Components................................................................23Overview of File Persona Components..............................................................................................23Managing File Provisioning Groups....................................................................................................23

Creating File Provisioning Groups.................................................................................................23Activating and Deactivating File Provisioning Groups...................................................................24Displaying Information and Configuration Settings for File Provisioning Groups..........................25Setting the Primary Node for a File Provisioning Group................................................................26Failover Nodes for File Provisioning Groups.................................................................................26Increasing the Size of File Provisioning Groups............................................................................27Removing and Recovering File Provisioning Groups....................................................................27

Managing Virtual File Servers.............................................................................................................28Creating Virtual File Servers..........................................................................................................28Displaying Information and Configuration Settings for Virtual File Servers...................................30Modifying Settings for Virtual File Servers.....................................................................................30Backing up and Restoring Configuration Settings for Virtual File Servers....................................30Configuring Network Settings for Virtual File Servers...................................................................32

Displaying Network Settings for Virtual File Servers................................................................32Assigning IP Addresses to Virtual File Servers........................................................................32Modifying Network Settings of Virtual File Servers..................................................................33Removing Network Settings from Virtual File Servers.............................................................33

Deleting Virtual File Servers..........................................................................................................33

Contents 3

Managing File Stores..........................................................................................................................34Creating File Stores.......................................................................................................................34Displaying Information and Configuration Settings for File Stores................................................34Modifying File Stores.....................................................................................................................35Removing File Stores....................................................................................................................35

Managing File Store Snapshots..........................................................................................................36Creating File Store Snapshots.......................................................................................................36Scheduling the Creation of File Store Snapshots..........................................................................36Recovering File Store Snapshots..................................................................................................37Displaying File Store Snapshots...................................................................................................37Removing File Store Snapshots....................................................................................................37Reclaiming Storage Space from Deleted Snapshots....................................................................38Stopping a Snapshot Space Reclamation Task............................................................................39Displaying the Status of a Snapshot Space Reclamation Task.....................................................39

Managing Block Volume Snapshots...................................................................................................39Creating Block Volume Snapshots................................................................................................39

Creating Snapshots of Virtual Volumes....................................................................................40Creating snapshots of Virtual Volume Sets..............................................................................40

Displaying Block Volume Snapshots.............................................................................................40Modifying File Store Snapshots.....................................................................................................40

Managing File Shares.........................................................................................................................40Overview of Types of File Shares..................................................................................................40Creating File Shares......................................................................................................................42Modifying Configuration Settings for File Shares..........................................................................47Displaying Information and Configuration Settings of File Shares................................................53Removing File Shares...................................................................................................................53

5 File Persona Local Users and Groups..............................................................55Displaying Information and Settings for File Persona Local Users and Groups.................................55Creating File Persona Local Users.....................................................................................................55Modifying Settings for File Persona Local Users................................................................................56Removing File Persona Local Users..................................................................................................57Creating File Persona Local Groups...................................................................................................57Modifying Membership of File Persona Groups.................................................................................58Removing File Persona Groups..........................................................................................................59

6 Using Storage Quotas.......................................................................................60Setting Storage Usage Quotas for Users, Groups, and File Stores...................................................60Displaying Quota Settings..................................................................................................................61Archiving and Restoring Quota Settings.............................................................................................61

Archiving Usage Quotas................................................................................................................61Restoring and Importing Usage Quotas........................................................................................63

7 Antivirus Services..............................................................................................65Antivirus Scan Integration...................................................................................................................65Antivirus Scanning..............................................................................................................................65Installation and Configuration ............................................................................................................66Initiating an Antivirus Scan.................................................................................................................67Pausing and Stopping Antivirus Scans...............................................................................................68Displaying Status and Information for Antivirus Scans, Policies, and Quarantined Files...................68Configuring Antivirus Policies.............................................................................................................69Managing Quarantine Settings and Files............................................................................................70

Deleting Quarantined Files............................................................................................................70Exporting, Resetting, and Clearing the List of Quarantined Files..................................................70

Updating Virus Definitions..................................................................................................................72Enabling and Disabling Antivirus Services.........................................................................................72

4 Contents

8 Backup, Disaster Recovery for File Persona.....................................................73Backing Up and Restoring File Shares...............................................................................................73Using NDMP for File Persona Backup................................................................................................73Using NDMP for File Store Backup using Snapshots.........................................................................74Using Virtual Volume Snapshots for Local Disaster Recovery...........................................................74Using Remote Copy for Disaster Recovery........................................................................................75

9 Monitoring File Persona.....................................................................................76Checking Health of Hardware and Software Components.................................................................76Monitoring File Persona......................................................................................................................76

10 Troubleshooting File Persona..........................................................................77Possible Troubleshooting Scenarios..................................................................................................77

11 Support and other resources...........................................................................79Accessing Hewlett Packard Enterprise Support.................................................................................79Accessing updates..............................................................................................................................79Websites.............................................................................................................................................79Customer self repair...........................................................................................................................80Remote support..................................................................................................................................80Documentation feedback....................................................................................................................80

A List of Port Numbers and Protocols..................................................................81Index.....................................................................................................................82

Contents 5

1 OverviewThe HPE 3PAR File Persona Software allows you to create a customized group of storage objectsto manage your file service requirements. The File Persona software is a licensed feature of theHPE 3PAR OS that provides converged file and object access on the following HPE 3PARStoreServ Storage systems:• HPE 3PAR StoreServ 7000c

• HPE 3PAR StoreServ 8000

• HPE 3PAR StoreServ 20000The feature is installed on StoreServ Storage systems as a component of certain versions of3PAR OS software and requires a license for use. File Persona was first released in HPE 3PAROS 3.2.1 MU3, and is enabled as a software feature of 3PAR OS versions supported on respectiveplatforms.Primary use cases supported by the File Persona software include:

• Home directory consolidation

• Group, department, and corporate shares for users, accessible as directory and file pathsover the Server Message Block (SMB) or NFS protocol

• Access to files in object access shares by applications over HTTP using an Object AccessREST API.

NOTE: You cannot use File Persona until the correct hardware is installed, the File Personasoftware license is enabled, File Persona is started, and all network components are configuredto support File Persona.

• File Persona software allows file services to run on specified StoreServ Storage systemnode pairs.

• Specific Ethernet ports are configured to run File Persona exclusively.

• File Provisioning Groups (FPGs) are an instance of the File Persona software and is thehighest level File Persona object in the StoreServ file service hierarchy. FPGs control howfiles are stored and retrieved. Each FPG is transparently constructed from one or multipleVirtual Volumes (VVs) and is the unit for replication and disaster recovery for the File Personasoftware. There are up to 16 FPGs supported on a node pair. The FPGs contain the VirtualFile Servers (VFSs).

• Virtual File Servers (VFSs) act as virtual devices used to control many of the network policiesfor communications between the StoreServ file service objects and your network. A VFSpresents virtual IP addresses to clients, participates in user authentication services, and canenforce policies for user and group quota management and antivirus policies. There are upto 16 VFSs supported on a node pair, one for each FPG. Many management tasks andpolicy decisions can be performed at the VFS level. VFSs contain the File Stores.

• File Stores are created in VFSs. At the File Store level, you can take snapshots, managecapacity quotas, and customize antivirus scan service policies. Up to 256 File Stores aresupported on a node pair, 16 file stores are supported for each VFS.

• The File Shares provide data access to clients through the SMB and NFS protocol and theObject Access API. Multiple File Shares can be created for a File Store and at differentdirectory levels within a File Store.

NOTE: Access to all domains is required to run most File Persona commands.

6 Overview

2 Getting Started with the File Persona SoftwareFile Persona Prerequisites

To enable, configure, and use the features available with the File Persona software on a StoreServStorage system, certain prerequisites must be in place.

• Your StoreServ Storage system and 3PAR OS must support File Persona. See “SystemSupport for the File Persona Software” (page 7).

• You must have an active license for the File Persona software software on all StoreServStorage systems where File Persona will be enabled. For information about File Personalicensing on a system, see “Licensing for the File Persona Software” (page 8).

• Either the onboard port of the node or one or more add-in NICs (1GbE or 10GbE) must bededicated for use by the File Persona. In 3PAR OS version 3.2.2 or later, File Persona canbe enabled on controller nodes using the built-in (RCIP) port on a node or using add-in NICs.On a given system, File Persona can be enabled either on ports associated with installedNICs or on built-in ports, but not on both in the same configuration.

• File Persona must be enabled on pairs of controller nodes, for example, on nodes 0 and 1or on nodes 2 and 3 on a system.

• Each node in a node pair on which File Persona is to be enabled will require its own IPaddress and must be connected to your network.

• Each Virtual File Server (VFS) created after File Persona is enabled will also require its ownIP address.

System Support for the File Persona SoftwareThe File Persona software is available as a licensed feature of the 3PAR OS in version 3.2.1MU3 or later. Additional capabilities have been included in the File Persona software availablein 3PAR OS 3.2.2.File Persona is supported on the following StoreServ Storage systems and operating systems:

Operating SystemStorage System

HPE 3PAR OS 3.2.1 MU3HPE 3PAR StoreServ 7200cHPE 3PAR OS 3.2.2




HPE 3PAR OS 3.2.2HPE 3PAR StoreServ 8200





File Persona Prerequisites 7

Operating SystemStorage System



For more information about system support for the File Persona software, see the HPE SinglePoint of Connectivity Knowledge (SPOCK) website:SPOCK (http://www.hpe.com/storage/spock)

Licensing for the File Persona SoftwareThe File Persona software is enabled on an StoreServ Storage system as a licensed feature ofthe 3PAR OS, but it is available for use only if an HPE 3PAR File Persona license has beenactivated on the system. From the command line, you can view the currently activated licenseson an StoreServ Storage system by using the showlicense command.To view licenses for a system using the SSMC:1. On the main menu in the SSMC, select Storage Systems > Systems.2. Select a given system in the list pane.3. On the Views menu in the details pane for the system, select LicensesIn the SSMC, access to File Persona screens for configuring and working with File Personafeatures is available only when one or more connected storage systems have an active FilePersona license.

NOTE: You may need to contact your Hewlett Packard Enterprise representative in order toobtain a File Persona software license key.

Activating the File Persona Software LicenseIf a license for the File Persona software is not already activated on your system, you mustactivate the license before using File Persona features.To activate a license for a 3PAR OS software component from the command line, issue thefollowing command:setlicense -f <filename> -noconfirm

where:

• <filename> specifies the file from which the license key is to be read.

• -noconfirm specifies that the system will not prompt you for confirmation before activatingthe license.

Use the following procedure to activate a license for a feature using the SSMC:1. On the main menu in the SSMC, select Storage Systems > Systems.2. Select a given storage system in the list pane and then select Add license on the Actions

menu3. In the dialog box that opens, browse to a specific license file or enter a license key in the

available field.4. Click Add to activate the license.

8 Getting Started with the File Persona Software

http://www.hpe.com/storage/spock

3 Enabling and Configuring File PersonaSome options and configurations are not presented in the SSMC by default. You may need toenable the advanced mode to see these options.Select Settings > File Persona Management > Advanced file objects > Yes to enable theadvanced mode.

Considerations for Common Provisioning Groups Used for File PersonaFor Common Provision Groups(CPGs) intended to be used for File Persona, there are severalguidelines and requirements. The following are the required guidelines:

• When you enable File Persona, you can use an existing CPG or create a new CPG for yourFile Provisioning Group (FPG).

• If you do not use the -cpgname option when enabling File Persona with the startfscommand, a default CPG named fs_cpg is created for you.

• An existing CPG must be specified when creating an FPG using the createfpg command.

• It is not required that a CPG be dedicated only to usage in the context of File Persona. Youcan use the same CPG for both Block Persona and File Persona storage.

• You cannot use the startfs, createfpg, or createvfs command with a CPG thatbelongs to a domain.

Enabling File PersonaFile Persona can be enabled only on a pair of matched controller nodes. To initialize and startFile Persona on a given node pair in a StoreServ Storage System array from the command line,issue the following command:startfs [-cpgname <name>] [<node>:<slot>:<port> <node>:<slot>:<port>]...

where:

• <name> is the name of the CPG where the File Persona configuration information is to bestored. If a CPG designated by the specified name does not exist, a new CPG with thespecified name is created. If it is necessary to create a CPG in the execution of the startfscommand, the StoreServ Storage system attempts to create the CPG with the physical FCdisk type first. If that attempt fails for any reason, the system attempts to create a CPG ona NL disk type, and, failing that, on an SSD.

• <node>:<slot>:<port> specifies the node, slot, and port number on which File Personawill be enabled on the StoreServ Storage system. Node pairs must be specified. Only onevalid port for each network interface controller (NIC) needs to be specified to enable FilePersona on all of the ports on a NIC. If multiple NICs per node are to be used with FilePersona (where supported), include one <node>:<slot>:<port> specification from eachNIC intended for File Persona use.

NOTE: The type of network interface (whether the onboard interface or an add-on NIC) for theports used by File Persona must be the same. File Persona cannot be enabled using both theonboard port and an add-on NIC at the same time.

NOTE: When File Persona is enabled on a node pair, 150 GB of space is initially allocatedfrom the specified CPG per each node for use by File Persona for configuration data.

If File Persona is already enabled on a specified port, executing the startfs command shallgenerate an error message stating that the port is already reserved for File Persona. In thissituation, verify that File Persona is configured on the correct nodes with the showfs command.

Considerations for Common Provisioning Groups Used for File Persona 9

The showfs command displays the nodes on which File Persona is enabled, the status andversion of File Persona and more basic configuration information.To restart File Persona on all node pairs or on specified node pairs where File Persona had beenpreviously initialized and enabled, issue the following command:startfs -enable [<nodeid>[,<nodeid>]...]

where:

• -enable specifies that previously stopped File Persona will be re-enabled on the specifiednodes. If no nodes are specified, File Persona is restarted on all nodes on which File Personahad been previously enabled.

• <nodeid> specifies the node ID number on which File Persona will restart. Multiple nodeID numbers may be listed in the execution of the command.

Verify the changes with the showfs command. For more information about the startfs andshowfs commands, see the HPE 3PAR Command Line Interface Reference.Use the following procedure to enable File Persona in the SSMC:1. On the main menu in the SSMC, select File Persona > Persona Configuration.2. In the list pane, select the system, and then select Configure File Persona on the Actions

menu.3. In the Node Pairs section, configure a given node pair by clicking the edit icon ( ) next to

the node pair.4. Toggle the State value for the node pair to Configured.5. Select or add a NIC pair (a node:slot:port designation) and specify an IP address for each

node in the NIC pair and click OK.6. Specify a subnet mask and a gateway IP address.7. Click Configure.

Configuring File Persona Network SettingsAfter File Persona has been enabled on a node pair, configure the network settings related toFile Persona before using File Persona. The default values for some settings may be suitablefor your configuration and may require no modification. The following settings are available forconfiguration:1. The bond mode for File Persona ports2. The Maximum Transmission Unit (MTU) size3. The File Persona node IP addressing4. The LAN gateway address for File Persona

• Optional: Static Routes of the gateway for File Persona on a subnet or VLAN5. DNS addresses and suffixes for File Persona

NOTE: NTP is required for Active Directory and SMB Shares. Use the setnet commandto setup NTP. See the HPE 3PAR Command Line Interface Reference.

The following sections include instructions for configuring these settings using the setfs commandfrom the HPE 3PAR CLI and, where applicable, the HPE 3PAR StoreServ Management Console(SSMC).

Setting the Bond Mode for File Persona NodesA default value for the bond mode of File Persona nodes is set when the 3PAR OS is installed.For both 1 GbE and 10 GbE ports, acceptable bond mode values are 1 and 6 (the default).

10 Enabling and Configuring File Persona

To set the bond mode for all File Persona nodes on a StoreServ Storage system from thecommand line, issue the following command:setfs bond <bond_mode>

where:

• <bond_mode> indicates the bond mode used to aggregate File Persona ports on theStoreServ Storage system.

To set the bond mode for File Persona nodes on a given StoreServ Storage system in the SSMC:1. On the main menu in the SSMC, select File Persona > Persona Configuration.2. In the list pane, select the system, and then select Configure File Persona on the Actions

menu.3. Select the Advanced options checkbox to display advanced configuration options.4. In the Network Settings section, specify the bond mode.5. Click Configure.

Setting the Maximum Transmission Unit SizeTo set the maximum transmission unit (MTU) size for all File Persona nodes on a StoreServStorage system from the command line, issue the following command:setfs mtu <mtu_size>

where:

• <mtu_size> specifies the maximum size (in bytes) for individual protocol data unitstransferred through a File Persona port. If not specified, a port uses the default of 1,500bytes. The valid range is 1,500 – 9,000 bytes.

To set the MTU size for File Persona nodes using the SSMC:1. On the main menu in the SSMC, select File Persona > Persona Configuration.2. In the list pane, select the system, and then select Configure File Persona on the Actions

menu.3. Select the Advanced options checkbox to display advanced configuration options.4. In the Network Settings section, specify an MTU size.5. Click Configure.

Configuring File Persona Node IP AddressingTo configure IPv4 addressing for a File Persona node from the command line, issue the followingcommand:setfs nodeip -ipaddress <ipaddress> -subnet <subnet> -vlantag <vlanid><nodeid>

where:

• <ipaddress> specifies the IPv4 address to be used for the File Persona node.

• <subnet> specifies the subnet mask to be used for the File Persona node.

• <vlanid> specifies the VLAN ID (tag) used for the File Server IP address (FSIP).

• <nodeid> specifies the node ID number for a node in the File Persona node pair on theStoreServ Storage system.

To configure IPv4 addressing for File Persona nodes using the SSMC:1. On the main menu in the SSMC, select File Persona > Persona Configuration.2. In the list pane, select the system, and then select Configure File Persona on the Actions

menu.

Configuring File Persona Network Settings 11

3. Select the Advanced options checkbox to display advanced configuration options. (TheVLAN tag value is an advanced option.)

4. In the Node Pairs section, edit or specify an IP address for each node in the node pair byclicking the edit icon ( ).

5. In the Network Settings section, specify a subnet mask and, optionally, a VLAN tag value.6. Click Configure.

NOTE: If the VLAN tag used for the IP addresses of the File Persona nodes differs from theVLAN tag specified for the IP address of a Virtual File Server (VFS), clients of the VFS on adifferent VLAN must be in the same subnet as the VFS in order to access File Persona FileShares or appropriate static routes should be defined for that VLAN.

Setting the LAN Gateway Address for File PersonaTo set the IPv4 address of the LAN gateway for File Persona on the network from the commandline, issue the following command:setfs gw <ipaddress>

where,

• <ipaddress> specifies the IPv4 address of the gateway for File Persona on the LAN.If static routes are being defined for VFS access, the default gateway can be defined as a staticroute. Refer to section “Configuring Static Routes for File Persona” (page 12) for configuringstatic routes. Please note that the default gateway is a special case of a static route.

NOTE: The IP address of the gateway must be in the same subnet as the IP addresses of theFile Persona nodes. If the VLAN tag specified for the IP address of any VFS subsequentlyconfigured differs from the VLAN tag specified for the File Persona nodes, clients of the VFS ona different VLAN must be in the same subnet as the VFS or there must be suitable static routesdefined for the VFS, because the gateway will not be reachable for those clients.

To delete a gateway IPv4 address (in order, for example, to configure File Persona nodes on adifferent subnet), issue the following command:setfs gw -delete

To set the IPv4 address of the LAN gateway for File Persona using the SSMC:1. On the main menu in the SSMC, select File Persona > Persona Configuration.2. In the list pane, select the system, and then select Configure File Persona on the Actions

menu.3. In the Network Settings section, specify a gateway IP address.4. Click Configure.

Configuring Static Routes for File PersonaIn order to configure a static route for File Persona from the command line, we need to set theIPv4 address of the gateway for File Persona on a subnet or VLAN.

NOTE: The static route definition feature is not yet available through SSMC.

Creating a File Persona Static RouteTo create a File Persona static route for a target (with non default gateway), issue thecreatefsroute CLI command:createfsroute [-vlan <vlantag>] <targetaddr> <subnet>|<prefixlen><gateway>


where the options are as follows:

• <vlantag> is the VLAN tag for the route (defaults to 0)

• <targetaddr> is the target IPv4/IPv6 address for which the gateway is to be assigned.

• <subnet>|<prefixlen> is the subnet or prefix length for the target IP address

• <gateway> is a new gateway to be assigned to the target IP address.The <subnet-mask> value can also be given as a prefix length, which is sometimes handy forsetting default routes for a VFS on a different VLAN from the node's own IP address, using thevalue 0, or for defining a "host route" (with a value of 32) for specific VFS client addresses whichare on other subnets from the VFS.Only a single default route (target address of "0.0.0.0" and a subnet mask of "0.0.0.0") can beconfigured per VLAN tag as required by the VFS definitions. Except for this, any given combinationof target subnet and its subnet mask must be unique across all VLAN tags. This restriction isrequired for the proper operation of the file and object sharing protocols.For any given route definition to be used, the associated gateway address must be in the sameVLAN and subnet as a local address on a file-serving node. That address can be the per-nodeIP address, or that of a VFS. As VFS addresses can be defined after setting up the routedefinitions, the createfsroute and setfsroute commands do not restrict the entry of routedefinitions with gateway addresses that do not yet meet this requirement for being used.

Modifying the Gateway of the RouteThe setfsroute command modifies the gateway of the route specified. The syntax for thecommand is as follows:setfsroute modifygw [-f]{<targetaddr>,{<subnet>|<prefixlen>},<vlantag>|<routeidentifier>}<gateway>


• -f suppresses confirmation from user before modifying the route

• <targetaddr> is the target IPv4/IPv6 address for which the route is to be modified


• <vlantag> is the vlan tag associated with route which needs to be modified

• <routeidentifier> is the route ID; instead of providing a combination of {targetaddr,subnet>|<prefixlen, vlantag} a route ID can be given. This value can be fetched fromshowfsroute -d command

• <gateway> is a new gateway to be assigned to the target IP address.

Displaying the RoutesThe showfsroute command displays all the routes including default and/or the routes createdwith the createfsroute command. The syntax for the showfsroute command is as follows:showfsroute [-d] [-target <targetaddr>] [-vlan <vlantag>] [-gateway<gatewayaddr>]

where the options are as below:

• -d displays the detailed information for each route

• -target <targetaddr> takes an IPv4/IPv6 address and lists all routes for this address

• -vlan <vlantag> takes an integer value and lists routes configured on this vlan

• -gateway <gatewayaddr> displays all routes within this gateway

Configuring File Persona Network Settings 13

When in doubt, check the health details displayed by the showfsroute -d command. "Routeis inactive" implies that there is no active local address that is enabling the use of that routedefinition

Removing Existing RouteUse the removefsroute command to remove an existing route for a target address. The syntaxfor the removefsroute command is as follows:removefsroute [-f]{<targetaddr>,{<subnetmask>|<prefixlen>},<vlantag>|<routeidentifier>}


• -f suppresses confirmation from user before removing the route

• <targetaddr> is the target IPv4/IPv6 address for which the route is to be removed


• <vlantag> is the vlan tag associated with route which needs to be removed

• <routeidentifier> is the route ID; instead of providing a combination of {targetaddr,subnet>|<prefixlen, vlantag} a route ID can be given. This value can be fetched from theshowfsroute -d command.

Setting DNS Addresses and Domain Suffixes for File PersonaTo specify the Domain Name System (DNS) servers used by File Persona (and, optionally,domain search suffixes) from the command line, issue the setfs dns <ipaddress-list>[<suffix-list>], where:

• <ipaddress-list> specifies the DNS addresses used by File Persona. For example,123.45.67.89,123.101.112.131.

• <suffix-list> specifies the DNS suffixes used by File Persona. These values can bethe same as your Active Directory Domain Services domain names or they can be othervalues. For example, company_name.com,group_name.company_name.com.

NOTE: The suffix-list must include the name of the domain the StoreServ will join. TheDNS provided must be able to resolve the domain name or the domain join will fail.

To configure DNS settings for File Persona using the SSMC:1. On the main menu in the SSMC, select File Persona > Persona Configuration.2. In the list pane, select the system, and then select Configure File Persona on the Actions

menu.3. In the DNS Settings section, specify IP addresses for up to three DNS servers and up to

three domain suffixes.4. Click Configure.


Configuring File Persona Authentication SettingsJoining File Persona Nodes to an Active Directory Domain

To join a File Persona node pair to a given Active Directory domain from the HPE 3PAR CLI,issue the setfs ad [-passwd <password>] <user> <domain>, where:

• <password> specifies the password of a user authorized to join the specified Active Directorydomain. If a password is not specified when the command is executed, you will be promptedfor the password.

• <user> specifies the name of a user authorized to join the specified Active Directory domain.

• <domain> specifies the name of the Active Directory domain that File Persona is to join.The system clock of the StoreServ Storage system should be synchronized with that of yournetwork and AD domain controller. If the system clocks are not synchronized, you may be unableto join the AD domain. Use the setnet ntp <server_address> command to configure theStoreServ Storage system to use the same NTP server as the Active Directory domain controlleron your network. For more information about the setnet command, see theHPE 3PARCommandLine Interface Reference, available at the following website:HPE Storage Library (http://www.hpe.com/info/storage/docs)

NOTE: File Persona cannot join another Active Directory domain if it has already been joinedto a domain in the Active Directory forest.

To join File Persona to a given AD domain using the SSMC:1. On the main menu in the SSMC, select File Persona > Persona Configuration.2. In the list pane, select a given system, and then select Configure File Persona on the

Actions menu.3. In the Authentication Settings section, click Active Directory Settings to display the AD

options.4. Specify an AD domain, a user name, and a password.5. Click Configure.

Removing File Persona Nodes from an Active Directory DomainTo remove File Persona from an AD domain from the command line, issue the setfs ad-leave [-f] command.To remove File Persona from a given AD domain using the SSMC:1. On the main menu in the SSMC, select File Persona > Persona Configuration.2. In the list pane, select a given system, and then select Configure File Persona on the

Actions menu.3. In the Authentication Settings section, click Active Directory Settings to display the AD

options.4. Clear any value specified in the AD Domain field.5. Click Configure.

Enabling and Disabling the RFC2307 Setting for Active Directory ServicesWhen the RFC2307 setting is disabled, File Persona automatically creates group identifiers(GIDs) and user identifiers (UIDs) for all AD users and groups based on their Security Identifier(SID). When the RFC2307 setting is enabled, the Active Directory (AD) service provides the GIDsand UIDs for use by File Persona. The RFC2307 setting is disabled by default. When the RFC2307setting is enabled, the File Persona will look in AD for UIDs and GIDs. These are stored in theUnix attributes of AD users and groups and they are not defined by default. If the RFC2307 settingis enabled and a given user does not have a configured UID or GID in AD, the user is not given

Configuring File Persona Authentication Settings 15

http://www.hpe.com/info/storage/docs

write access even if granted access through an Access Control List (ACL). RFC2307 is a globalsetting, all users and groups requiring access to SMB shares must have UIDs and GIDs definedin AD if RFC2307 support is enabled for the File Persona.

WARNING! In most scenarios, the RFC2307 setting should only be set during your initialnetwork configuration. Changing the setting by enabling or disabling RFC2307 after the networkis in use will affect user and group access to data. If changing the setting is required after fileshave been written to the system, an administrator will likely need to reassign permissions to thefiles to match the new user mapping.

To enable or disable RFC2307 for Active Directory services from the command line, issue thesetfs rfc2307 [-f] {disable | enable} command.To enable or disable the RFC2307 setting in the SSMC:1. On the main menu in the SSMC, select File Persona > Persona Configuration.2. In the list pane, select the system, and then select Configure File Persona on the Actions

menu.3. Select the Advanced options checkbox to display advanced configuration options.4. In the Authentication Settings section, click Identity Mapping Settings to display the

UID/GID mapping option.5. Toggle the option to enable or disable it and click Configure.

Configuring LDAP ServersThe LDAP configuration for the HPE 3PAR array and the LDAP configuration for File Personaare different configurations. The setfs ldap command is used to configure settings forauthenticating data path users connecting to File Shares using File Persona. The LDAPconfiguration set with the setauthparam command is used for authenticating managementinterface administrators for the HPE 3PAR array. Before LDAP can start authenticating usersand groups it must be added to the authentication provider stacking order.To configure, from the command line, how File Persona communicates with an LDAP server,issue the setfs ldap [-passwd <binddnpwd>] [-schema <schema>][{-usetls |-usessl} {-certfile <file_name> | -certdata <data>} -certcn <certcn>]<server> <binddn> <searchbase> <netbios> command, where:

• -passwd <binddnpwd> specifies the password associated with the Bind DistinguishedName (DN) supplied by the <binddn> option. When File Persona needs to read LDAP data,it uses the <binddn> with the <binddnpwd> to authenticate. If you do not specify thepassword with this command, you will be prompted for the password.

• -schema <schema> specifies the name of the schema used to create user and groupaccounts on the LDAP server. Valid options are posix and samba; the default is posix.The schema provides an interface for software compatibility across various operating systems.

• -usetls/-usessl specifies the type of secure connection between File Persona and theLDAP server. Use -usetls to specify a TLS connection. The -usessl option (notrecommended) specifies an SSL connection. If neither of these options are specified, theconnection between File Persona nodes and the LDAP server is not encrypted, and thecertificate specified by the -certfile option or the -certdata option is ignored.

• {-certfile <file_name> | -certdata <data>} specifies how to establish encryptedconnections between File Persona and the LDAP server. Use the -certfile option tospecify a certificate file name. Use the -certdata option to specify the certificate attributes.When either the -usetls option or the -usessl option is used, you must specify how toestablish encrypted connections with -certfile or -certdata.


• -certcn <certcn> specifies the Common Name (CN) used when the certificate isgenerated. The CN must be the fully qualified hostname of the LDAP server. When eitherthe -usetls option or the -usessl option is used, you must specify this option.

• <server> specifies the fully qualified hostname or IPv4 address of the LDAP server youwant to configure. If the port used for the LDAP server is not 389 or 636, the port numbermust be specified with the server in the format <server>:<port>.

• <binddn> binds File Persona to the LDAP server, allowing File Persona to read data fromthe LDAP server (such as user or group accounts configured in LDAP). This account musthave privileges to read the subtree specified by the value supplied for the <searchbase>option. Write permissions are not required.

• <searchbase> specifies the DN of the search base object that defines where to begin thesearch for user and group accounts.

• <netbios> specifies the NetBIOS name of the LDAP server host. It can be up to 15alphanumeric characters with no spaces. The name must be unique on the network. Toaccess an SMB share, specify <netbios>\<ldap username> as the username.

To configure an LDAP server for File Persona using the SSMC:1. On the main menu in the SSMC, select File Persona > Persona Configuration.2. In the list pane, select the system, and then select Configure File Persona on the Actions

menu.3. Select the Advanced options checkbox to display advanced configuration options.4. In the Authentication Settings section, click LDAP Configuration Settings to display

options for LDAP configuration.5. Specify the appropriate settings for your LDAP configuration, including an LDAP server host

name, a Bind DN, a NetBIOS name, and any other necessary settings.6. Click Configure certificate if you are using secure communications (SSL or TLS) in

connections with the LDAP server.7. Click Configure.

Removing LDAP ServersTo remove the LDAP configuration from the File Persona from the command line, issue thesetfs ldap -delete [-f] command.

NOTE: If you are not using LDAP to authenticate users and groups, LDAP should be removedfrom the authentication provider stacking order.

To remove the LDAP configuration from File Persona using the SSMC:1. On the main menu in the SSMC, select File Persona > Persona Configuration.2. In the list pane, select the system, and then select Delete LDAP configuration on the

Actions menu.3. Click Delete.

Setting the Authentication Provider Stacking OrderThe order in which user and group name authentication providers process requests should becustomized for your environment. The most commonly used authentication provider servicesshould be first in the stacking order to optimize the speed of looking up names. When the firstauthentication provider in the order cannot authenticate a name, a search is performed by thenext authentication provider in the stacking order. A complete search is performed by eachprovider in the stacking order until the user is authenticated, passed to the next provider forauthentication, or denied access.

Configuring File Persona Authentication Settings 17

There are three valid authentication service providers:• Active Directory

• Local

• LDAPThe providers can be listed in any order. The Active Directory and LDAP authentication providersare optional and should be removed from the stack if they are not used in your network. Thelocal provider must always appear somewhere in the stack order because BUILTIN names areresolved by the local provider. If the user authentication environment allows duplicate names,the preferred authentication provider should be first in the stacking order. Allowing duplicatenames is not recommended because it increases search times. If you allow duplicate names youmust optimize the stacking order.The default stacking order is:1. Active Directory2. LocalFully qualified user and group names are recommended to assure the request is processed bythe first provider in the stacking order capable of authenticating the user. The local and LDAPauthentication providers resolve user and group names without a domain prefix or suffix. In orderfor names that will be processed by both providers to be unique, names should be fully qualifiedby including their associated domain. For example, for local names:

• User1@LOCAL_CLUSTER

• LOCAL_CLUSTER\User1

Examples of LDAP names:

• User1@[ldap NetBIOS]

• [ldap NetBIOS]\User1

When hosts establish connections to SMB File Shares, only the configured File Persona SMBname services are queried to authenticate the user or group. StoreServ Storage system SMBFile Share user and group names are handled by the host as if they were case-insensitive, butthey are reported to the host in the same case in which they were entered into the system.Domain names should include prefixes when using both LDAP and the local authenticationprovider for groups. Both LDAP and the local provider normally resolve names with no domainprefix. When the Local provider is stacked with LDAP, the first provider in the stacking orderresolves the name unless the domain prefix is included. Not including the domain name prefixwhen using multiple authentication providers can cause faulty name resolution or otherwiseunexpected results.To specify the user and group name authentication provider stacking order, issue the setfsauth <provider> command, where:

• <provider> is a list of authentication providers separated by spaces. The list must includethe Local provider. For example: ActiveDirectory Ldap Local. Any providers notbeing used should be removed from the stacking order. To remove a provider issue thesetfs auth <provider> command and omit the provider name from the list. The validprovider values are: ActiveDirectory, Ldap, and Local.

To display the user and group name authentication provider stacking order, issue the showfsauth command.


Configuring NFSv4 Domain Names for File PersonaTo use NFSv4 with File Persona, you must configure an NFSv4 domain name for ID mapping.To specify an NFSv4 domain name, issue the setfs idmap <nfsv4domain> command,where:

• <nfsv4domain> specifies the NFSv4 domain name for ID mapping. For NFSv4 to workcorrectly, the NFSv4 client and the NFSv4 server must be in the same NFSv4 domain.

To delete a specified NFSv4 domain name, issue the setfs idmap -delete <nfsv4domain>command.

Configuring Global SMB SettingsTo configure various parameters related to the functionality of SMB in the context of File Persona,use the smb sub-command of the setfs command. The smb sub-command accepts the followingconfiguration options:

NOTE: In general, most of these settings can remain at their default settings for commoninstallations. Only in special situations will these settings need to be tuned to a particularenvironment.

• -enableoplocks {true | false}: Enables or disables opportunistic locks (oplocks)on SMB files. Default is true.

• -signingenabled {true | false}: Enables or disables SMB signing (securitysignatures). Default is true.

• -signingrequired {true | false}: Specifies whether SMB signing is required ornot. Default is false.

• -ignorewritethroughrequests {true | false}: Specifies whether write-throughrequests are ignored or not. Default is true.

• -supportpersistenthandles {true | false}: Enables or disables support forpersistent file handles. Default is true.

• -smb3dialectenable {true | false}: Enables or disables the SMB3 dialect. Defaultis true.

• -enablesmb2ad {true | false}: Enables or disables SMB2 connections to ActiveDirectory servers only. Default is true.

• -enablesmbleases {true | false}: Specifies whether SMB leases are enabled ordisabled. Default is true.

• -enabledirleases {true | false}: Specifies whether or not directory leases areavailable to clients. Default is true.

• -enablesmb2 {true | false}: Enables or disables SMB2 globally for client connections.Default is true.

Multiple configuration options can be specified at the same time for the setfs smb commandand at least one of the configuration options must be supplied to the command for it to execute.In addition to the configuration options, the command can be executed with the -f option tosuppress confirmation to proceed.

NOTE: Changing Global SMB Settings will result in a restart of the services and cause atemporary disruption in client access.

Configuring NFSv4 Domain Names for File Persona 19

Configuring Global Object Access SettingsTo configure object File Share global access parameters, issue the setfs obj [-keepalive{true | false}] [-timeout <secs>] [-maxclients <num>] [-rblksize <size>][-wblksize <size>] command, where:

• -keepalive {true | false} specifies if persistent connections are allowed or not forthe default object profile. The default value is true, persistent connections are allowed.

• -timeout <secs> specifies the timeout value in seconds for the persistent connectionsfor the default object profile. The valid range is from 1 to 2592000. The default value is 5seconds.

• -maxclients <num> specifies the maximum number of simultaneous connections for thedefault object profile. The valid range is from 1 to 128. The default value is 50 connections.

• -rblksize <size> specifies the socket read block size for the default object profile. Thesize can be specified with a K or M to indicate the value is in kilobytes or megabytes, forexample, -rblksize 10K. The valid range is from 8 KB to 2048 MB. The default value is8K.

• -wblksize <size> specifies the file write block size for the default object profile. The sizecan be specified with a K or M to indicate the value is in kilobytes or megabytes, for example,-wblksize 1M. The valid range is from 8 KB to 2047 MB. The default value is 8K.

CAUTION: Modifying the object File Share global parameters automatically initiates a restartof the object service daemon. Restarting the object service daemon disrupts any active filetransfers.

Enabling File Persona on Additional Node PairsYou can enable File Persona on additional nodes after you have initially configured File Personaon a given node pair on a StoreServ Storage system. For example, on an HPE 3PAR array withfour nodes, you may have initially configured File Persona on a node pair comprising nodes 0and 1. You can subsequently enable File Persona on the node pair comprising nodes 2 and 3.After enabling File Persona on the additional nodes with the startfs command, proceed throughthe following steps to maintain a consistent File Persona configuration across all nodes in thesystem:1. Set a consistent bond mode for all File Persona enabled nodes by using the setfs bond

command or the SSMC. For information on setting the bond mode, see “Setting the BondMode for File Persona Nodes” (page 10).

2. Establish a consistent MTU setting for all File Persona enabled node by using the setfsmtu command or the SSMC. For information on the MTU setting, see “Setting the MaximumTransmission Unit Size” (page 11).

3. Add IP addresses to the newly enabled nodes by using the setfs nodeip command orthe SSMC. Use the same subnet mask and VLAN values for all the nodes running FilePersona. For information on configuring IP addresses for File Persona nodes, see“Configuring File Persona Node IP Addressing” (page 11).

4. If Active Directory is in use on the original File Persona nodes, join the additional nodes tothe relevant AD domain by using the setfs ad command or the SSMC. For informationabout joining File Persona to AD domains, see “Joining File Persona Nodes to an ActiveDirectory Domain” (page 15).

5. Optionally, use the setfpg -primarynode command to migrate a subset of the FPGsfrom the original nodes to the additional nodes in order to balance the load across all of thenodes. For information about setting the primary node for an FPG, see “Setting the PrimaryNode for a File Provisioning Group” (page 26)


Displaying File Persona Configuration SettingsTo display the configuration information for all File Persona nodes in a StoreServ Storage systemfrom the command line, choose your options and issue the following command:showfs [-obj] [-net] [-ad] [-ldap] [-auth] [-idmap] [-rfc2307] [-smb]


• -obj displays the port configuration information for the File Persona nodes.

• -net displays the network configuration information for the File Persona nodes.

• -ad displays the Active Directory configuration information for the File Persona nodes .

• -ldap displays the LDAP configuration information for the File Persona nodes.

• -auth displays the authentication provider stacking order.

• -idmap displays the NFSv4 domain name.

• -rfc2307 displays the RFC2307 setting.

• -smb displays the configured parameters for the SMB protocol.

NOTE: The showfs [-net] command displays only the default gateway for thenode-specific IP addresses.

To display the static route configuration for File Persona issue the following command:showfsroute

The command displays the "default gateway" for the node-specific IP addresses. That value,along with any other static route definitions (such as those for VFS VLANs) are displayed usingshowfsroute command.For more information about the showfs command, see the HPE 3PAR Command Line InterfaceReference.To display the configuration information for File Persona nodes using the SSMC:1. On the main menu in the SSMC, select File Persona > Persona Configuration.2. In the list pane, select the system, and then select Configure File Persona on the Actions

menu.3. Select the Advanced options checkbox to display advanced configuration options.

Disabling File PersonaTo stop or disable File Persona from running on a node pair by using the command line, issuethe stopfs [<nodeid>,<nodeid>...] command, where:

• <nodeid> specifies the node on which to stop File Persona.To stop and remove File Persona from a node pair, issue the stopfs -remove<node>:<slot>:<port> <node>:<slot>:<port> [{<node>:<slot>:<port><node>:<slot>:<port>}...] command, where:

• -remove specifies File Persona will be stopped and removed from the specified nodes. Ifno nodes are specified you will receive an error.

• <node>:<slot>:<port> specifies the nodes on which to stop and remove File Persona.The node pairs indicated must match the node pairs used when File Persona was enabled.

Verify the changes with the showfs command. For more information about the stopfs andshowfs commands, see the HPE 3PAR Command Line Interface Reference.

Displaying File Persona Configuration Settings 21

NOTE: File Persona cannot be removed from a node pair until all associated FPGs are assignedto a different node pair or removed. You can use the setfpg command to assign FPGs to adifferent node pair. You can use the removefpg command to remove FPGs. To avoid permanentlydestroying the data associated with an FPG, you can execute the removefpg command withthe -forget option. FPGs removed with the -forget option can subsequently be recoveredwith the createfpg -recover command.

To stop or disable File Persona from running on a node pair using the SSMC:

NOTE: If File Persona is stopped and removed from all nodes, global configurations (as seenin the showfs subcommands) will be lost. Hewlett Packard Enterprise recommends making anote of all such configurations if you plan to re-enable the File Persona in the future.

1. On the main menu in the SSMC, select File Persona > Persona Configuration.2. In the list pane, select the system, and then select Pause File Persona node on theActions

menu.3. Follow the instructions in the dialog box that opens.

Reverting and Downgrading the 3PAR OS with File PersonaReverting or downgrading to a version of the 3PAR OS earlier than 3.2.2 that still supports FilePersona (for example, 3.2.1 MU3) is possible. Downgrading from 3.2.2 to an earlier version ofthe OS is not supported, however, in the following circumstances:

• File Persona was enabled on the StoreServ Storage system after the OS was upgraded toversion 3.2.2.

• Any existing FPGs were created using thinly deduplicated volumes.

• File Persona was expanded to use additional nodes after the OS was upgraded to version3.2.2.

• Any 10 GbE NICs used for File Persona are configured with a bond mode setting of 6.

• Any non-default static routes are configured.

• Any virus scan engines of type Trend Micro are configured.


4 Managing File Persona ComponentsOverview of File Persona Components

The following diagram shows the hierarchy and relationships of the File Persona components:

Figure 1 File Persona Components

Managing File Provisioning GroupsFile Provisioning Groups (FPGs) represent the highest level component in the File Personahierarchy. FPGs are logical containers on a storage system that hold VFSs. Each FPG cansupport one Virtual File Server (VFS).

NOTE: Direct management of FPGs through the SSMC is only available in the advanced modefor File Persona configuration. When advanced mode is not enabled, an FPG is created as partof the creation of a VFS.

Creating File Provisioning GroupsTo create an FPG on a StoreServ Storage system from the command line, issue thecreatefpg [{-full | -tdvv}] <nodeid> <cpgname> <fpg_name> <size>{t|T}-comment <comment_string> command, where:

• -full specifies that the FPG will be created using fully provisioned volumes.

• -tdvv specifies that the FPG will be created using thinly deduplicated volumes.

NOTE: If neither -full nor -tdvv is specified when creating the FPG, the underlyingvolumes will be thinly provisioned by default. Tuning the underlying volumes between thesesettings is accomplished with the tunevv command. For more information on the tunevvcommand, see the HPE 3PAR Command Line Interface Administrator Guide.

• <cpgname> specifies the name of the CPG used to contain the volumes associated withthe file system.

• <fpg_name> specifies the name of the FPG to be created.

• <size>{t|T} specifies the size of the FPG to be created. The minimum FPG size is 1TiB,and the maximum file system size is 32 TiB. For example: 16T.

Overview of File Persona Components 23

NOTE: Filling a file system beyond 90% of its defined capacity can result in seriousthroughput degradation. The degree of degradation may vary depending on the amount ofFS fragmentation and the write request sizes and patterns.

• <nodeid> binds the created FPG to the specified node.

NOTE: For information on balancing client access to File Persona across the availablenodes, see “Setting the Primary Node for a File Provisioning Group” (page 26).

• <comment_string> is the text added to create a description for the FPG that is displayedwhen the showfpg -d command is used.

The FPG is activated by the createfpg command. You can verify that the FPG was createdwith the showfpg command. For more information about the createfpg and showfpgcommands, see the HPE 3PAR Command Line Interface Reference. You can also create anFPG with a more limited set of options in a combined step with the creation of a VFS. For moredetails, see "“Creating Virtual File Servers” (page 28)".To add a description for the FPG that is to be displayed when the showfpg -d command isused, issue the setfpg -comment <comment_string> <fpg_name> command, where:

• <comment_string> is the text you are adding to the description of the FPG.

• <fpg_name> specifies the name of the FPG.To create an FPG using the SSMC:1. On the main menu in the SSMC, select File Persona > File Provisioning Groups.2. Click + Create File Provisioning Group or select Create on the Actions menu.3. Follow the instructions in the dialog box that opens and click Create.

NOTE: File Provisioning Group (FPG) names must be unique across all systems even whenusing Remote Copy for replication of the FPGs. Using duplicate names across systems will resultin NFS and Object File shares being unavailable upon recovery on the target system.

Activating and Deactivating File Provisioning GroupsTo make an FPG and all of its resources available or unavailable by using the command line,issue thesetfpg -forced [-activate | -deactivate] <fpg_name> command, where:

• -activate activates the FPG and makes its resources available.

• -deactivate deactivates the FPG, making its resources unavailable.

• <fpg_name> specifies the name of the FPG you are activating or deactivating.

• -forced specifies that in the event that a graceful failover is not possible, the failoveroperation will be forced. If this option is used, it may be necessary to stop and start FilePersona on the node before the FPG can be activated again.

To activate an FPG using the SSMC, follow these steps:1. On the main menu in the SSMC, select File Persona, and then select File Provisioning

Groups.2. To activate a File Provisioning Group, select the group, select the Actions menu, select

Edit, and then click Activate.To deactivate a File Provisioning Group using the SSMC, follow these steps:1. On the main menu in the SSMC, select File Persona, and then select File Provisioning

Groups

24 Managing File Persona Components

2. To deactivate a File Provisioning Group, select the group, select the Actions menu, selectEdit, and then click Deactivate.

Displaying Information and Configuration Settings for File Provisioning GroupsTo display information about an FPG, issue the showfpg -d <fpg_name> command, where:

• -d displays a verbose listing of details about the specified FPG.

• <fpg_name> specifies the name of the FPG you want to investigate.

Example 1 This example displays the output from the showfpg -d command:

CLI% showfpg -d testFpg0

------------------File Provisioning Group---------------------File Provisioning Group : testFpg0Active path : /testFpg0Active State : ACTIVATEDFreeze State : NOT_FROZENIsolation State : ACCESSIBLEUpgrade State : OKVersion : 12.0FsGeneration : 1UUID : cee32ce9-76b3-4538-bbea-fb76ed4998b4Filesystem Number : 3Size (GB) : 1024.00Free (GB) : 1023.32Available (GB) : 1023.32Used (GB) : 0.68Files : 43Files Free : 2216786133Default CPG : SSD_r6VVs : testFpg0.1Primary Node : 0Alternate Node : 1Current Node : 0Comment : -State : normal

SegmentNumber FSCKState FSCKPhaseRequired 1 NOT_REQUIRED NONE

Domain Owner FsName Filesets VVIDs Nodes IpFsTypea2747b11-697e-4a88-870a-1ef8a0528384 0 testFpg0 fileset1 43 1,0 ADE

Volume VVID Nodes Capacity(GB)testFpg0.1 43 1,0 1024.00

The following is the description of some of the key fields:• Active State : Indicates whether the FPG is currently activated. If the state is not ACTIVATED,

shares will be unavailable.• Freeze / Isolation State: If the reported state is not NOT_FROZEN / ACCESSIBLE, File

Persona may need to be restarted on a node using the stopfs and startfs -enablecommands.

• Files: Indicates how many files and folders are currently stored in the FPG. Each FPG cansupport up to 100 million files and folders.

• Files Free: Indicates the number of small files could be stored in the remaining space of theFPG, without regard for the supported limit stated above.

• Default CPG: If the FPG is grown, the additional storage will be consumed from this CPG.

• Current Node: The node where the FPG is currently activated. If this is not the primarynode, the FPG should be failed back to its primary node using the setfpg -failovercommand to reestablish proper balance.

Managing File Provisioning Groups 25

Setting the Primary Node for a File Provisioning GroupWhen a File Provisioning Group (FPG) is initialized, File Persona will assign it a default primarynode with the objective of balancing File Persona services across the available nodes. Dependingon the network configuration and traffic, the default primary node assignment for a given FPGmay not provide an ideal balance. If an imbalance exists, it may be worthwhile to set the primarynode for an FPG to a specific node in order to create a better balance. This operation may resultin a short disruption of client connections.When you specify the primary node for an FPG, the other node in the node pair becomes thedefault alternate node. For example, in a node pair constituted by nodes 2 and 3 on a system,if you set node 2 to be the primary node for the FPG, then node 3 is automatically the defaultalternate node in the node pair.To assign an FPG to use a specific primary node, issue the following command:setfpg -primarynode <nodeid> <fpg_name> ,where:

• <nodeid> specifies the ID number of the node to be used as the primary node for the FPG.

• <fpg_name> specifies the name of the FPG for which the primary node is to be set.The -primarynode option cannot be used with the -failover option in the execution of thesetfpg command.

NOTE: Although NFS clients are able to enumerate exports from all VFSs through any of theVFS IP addresses active on a node, it is important to connect only to the exports through the IPaddress specifically associated with a given export's VFS. Failure to do so may lead to failuresin migration of FPGs from one node in a node pair to another using the setfpg -primarynodecommand or the setfpg -failover command.

NOTE: When using setfpg -primarynode there is a momentary loss (less than 90 seconds)of access to the share while the FPG is unmounted and mounted.

Failover Nodes for File Provisioning GroupsAn FPG can be moved back and forth between the primary and failover nodes in the node pair.The FPG can be moved manually when servicing a node. An FPG is automatically moved to thefailover node during an online upgrade, a hardware failure, or when the stopfs command isissued for the node. If a failover operation is attempted for an FPG and the secondary (failover)node is unavailable, the operation is retried using the primary node. If reverting to the primarynode is not possible, then access to the FPG and its File Shares is terminated.If an attempt to switch to the failover node is unsuccessful it is possible to force the operation.To force an FPG to move to the failover node in the node pair, issue the setfpg -failover-forced <fpg_name> command, where:

• -failover indicates that if the FPG is currently hosted on the primary node, the FPG ismoved to the failover node. If the FPG is currently hosted on the failover node, the FPG ismoved back to the primary node.

• -forced specifies that in the event that a graceful failover is not possible, the failoveroperation will be forced. The isolation/freeze state results displayed from the showfpg -dcommand may indicate the need to force a failover. If the -forced option is used, it maybe necessary to stop and start File Persona on the node before the FPG can be activatedagain.

• <fpg_name> specifies the name of the FPG.The -primarynode option cannot be used with the -failover option in the execution of thesetfpg command.


Increasing the Size of File Provisioning GroupsTo increase the size of an FPG by a specified amount, issue the growfpg <fpg_name><size>{t|T} command, where:

• <fpg_name> specifies the name of the FPG targeted for resizing.

• <size>{t|T} specifies the amount of additional space to add to the FPG. The minimumgrowth increment is 1 TiB and the maximum FPG size is 32 TiB. The specified additionalspace will be added via the creation of 1 additional VV up to 16TiB, or 2 additional VVs forsize greater than 16TiB.For example, if an FPG was initially created with 4TiB, it has 1 VV with 4TiB size, if its sizeis increased to 10TiB, then another VV is added for 6TiB to make a total of 10TiB.

NOTE: Since there can be, at most, 160 VVs associated with FPGs on a system, it is notpractical to start at 1TiB and grow in 1TiB increments.

You can verify changes by using the showfpg command. For more information about the growfpgand showfpg commands, see the HPE 3PAR Command Line Interface Reference.

Removing and Recovering File Provisioning GroupsYou can remove an FPG and its associated components by using the removefpg command.(Note that you must remove any File Shares on an FPG before removing the FPG itself.)

CAUTION: If the removefpg command is executed without the -forget option, the FPG ispermanently deleted and cannot be recovered.

To remove an FPG, issue the removefpg [-forget] [-wait] [-pat] [-f] <fpg_name| pattern> ... command, where:

• -forget specifies the FPG is removed, but can be restored with the createfpg -recovercommand, keeping the virtual volumes intact.

• -wait specifies that the removal task waits until the associated task is completed beforeproceeding. This option produces verbose task information.

• -pat stipulates that glob-style patterns for names of FPGs are to be used and any FPGswith names matching the specified pattern are removed. By default, confirmation is requiredto proceed with the command unless the -f option is specified. This option must be includedin order to supply glob-style name patterns to the command using the <pattern> specifier.

• -f specifies that the command is forced. If this option is not used, the command requiresconfirmation before proceeding with the operation.

• <fpg_name> specifies the name of the FPG to be removed. This specifier can be repeatedto remove multiple FPGs.

• <pattern> specifies a glob-style pattern to match the names of multiple FPGs. This specifiercan be repeated to remove multiple FPGs. If this specifier is not used, the <fpg_name>specifier must be used.

To recover an FPG that was removed with the removefpg -forget <fpg_name> command,issue the createfpg -recover [-wait] {[<vv_1> <vv_2>...] | [set:<setname>]}command, where:

• -recover specifies that an FPG removed with the removefpg -forget command is tobe restored.

• -wait specifies that the recover task waits until the associated task is completed beforeproceeding. This option produces verbose task information.

Managing File Provisioning Groups 27

• <vv_1> <vv_2> specifies a list of virtual volumes to be attached. Any FPGs on them willbe discovered.

• set:<setname> as an alternative to specifying a list of VVs, specifies a VV set whichcontains the set of VVs to be recovered. A VV set is automatically created for each FPG,so this syntax is often simpler.

You can verify that an FPG was removed or recovered by using the showfpg command. Formore information about the removefpg and showfpg commands, see theHPE 3PARCommandLine Interface Reference.

IMPORTANT: Attempting to recover an FPG with a newer on-disk version than what issupported by the running version of software will be rejected. Make sure not to try replication ofFPGs with a newer on-disk version until the target array has had its software upgraded to supportthe new on-disk version. The following are the supported on-disk versions based on the softwareversion:HPE 3PAR OS 3.2.2 MU2 <= 12.0HPE 3PAR OS 3.2.2 MU1 and earlier <= 11.0

Managing Virtual File ServersVirtual File Servers (VFSs) act as a virtual device used to control many of the network policiesfor communications between the StoreServ file service objects and your network. Manymanagement tasks and policy decisions can be performed at the VFS level. The VFSs belongto File Provisioning Groups (FPGs), and contain the File Stores. After creating your VFS, createyour File Stores.

Creating Virtual File ServersTo create a VFS use the createvfs CLI command. The syntax for the command is as follows:createvfs [options] <ipaddr> <subnet> <vfsname>

• [options] are:

-bgrace <time> specifies the block grace time in seconds for quotas within the VFS.◦◦ -igrace <time> specifies the inode grace time in seconds for quotas within the VFS.

◦ -snapquota {enable | disable}

If the snapquota is enabled, then the snapshot blocks are included for quotasaccounting. If disabled, then the snapshot blocks are excluded for quotas accounting.

NOTE: Modification or switching the snapquota setting is not permitted.

◦ One of the following certificate options can be specified.-nocert does not create a self signed certificate associated with the VFS.–

– -certfile <certfile> specifies the file containing the certificate data you wantto use.

– -certdata <certificate string> specifies the string containing the certificatedata you want to use.


◦ -fpg <fpg_name> specifies the name of an existing FPG in which the VFS shouldbe created.When creating a new FPG as part of creating a VFS, the following options can bespecified:

– -cpg <cpgname> specifies the CPG in which the FPG should be created.

– -size <size> specifies the size of the FPG to be created.

– -tdvv creates the FPG with tdvv volumes.

– -full creates the FPG with fully provisioned volumes.

– -node <nodeid> specifies the node to which the FPG should be assigned. Thiscan only be used when creating the FPG with the -cpg option.

◦ -vlan <vlanid> specifies the VLAN ID associated with the VFSIP.

NOTE: When selecting a VLAN ID, it should match the node IP. If the VLAN ID doesnot match the VLAN ID associated with the gateway, only clients on the same subnetwill be able to access shares for the VFS, unless additional static routes are defined forthe VFS or its VLAN. The showfs -net command displays node and VLAN IDs.

◦ -wait waits until the associated task is completed before proceeding. This option willproduce verbose task information.

◦ -comment specifies any additional textual information.

• <ipaddr> specifies the IP address to which the VFS should be assigned.

• <subnet> specifies the subnet for the IP address.

• <vfsname> specifies the name of the VFS to be created.See the HPE 3PAR Command Line Interface Reference for additional information.To create a VFS using the SSMC, follow these steps:

Creating a Virtual File Server from a File Persona Configuration screen1. On the main menu in the SSMC, select File Persona > File Persona Configuration >

Virtual File Servers.2. Select Actions, and then select Create Virtual File Server.3. Follow the instructions on the dialog that opens.

Creating a Virtual File Server from a File Provisioning Groups screen

NOTE: This path is only available in advanced mode of File Persona configuration in SSMC.

1. On the main menu in the SSMC, select File Persona > File Provisioning Groups > VirtualFile Servers.

2. Select Actions, and then select Create Virtual File Server.3. Follow the instructions on the dialog that opens.

Creating a Virtual File Server from a Virtual File Servers screen1. On the main menu in the SSMC, select File Persona > Virtual File Servers.2. Select Actions, and then select Create.3. Follow the instructions on the dialog that opens.

Managing Virtual File Servers 29

Displaying Information and Configuration Settings for Virtual File ServersTo display information and configuration settings for a VFS using the CLI, issue the followingcommand:showvfs [-d] [-fpg <fpg_name>] [-vfs <vfs>]

where,• -d displays detailed output.

• <fpg_name> limits the displayed output to VFS contained within the specified FPG.

• <vfs> limits the displayed output to the specified VFS name.

NOTE: Be sure to note the "Certificate Valid Until" field in the displayed output. This servesas a reminder to update the certificate before the indicated date, to avoid interruption of servicefor clients of Object Access.

To display information and configuration settings for Virtual File Servers using the SSMC, selectFile Persona > Virtual File Servers. A list of VFSs, detail views, and an Actions menu aredisplayed.

Modifying Settings for Virtual File ServersYou can specify the parameters of a VFS when you create the VFS, and modify the parametersafter the VFS is created.To modify configuration settings for a VFS using the CLI, choose your options and issue thesetvfs [{-certfile <cert_file>|-certdata <cert_string>|-certgen|-rmcert<cert_name>}] [-comment "<comment string>"] [-bgrace <bgrace_time>][-igrace <igrace_time>] <fpg_name> <vfs> command, where:

• [-certfile <certfile>] specifies the file containing the certificate data you want touse.

• -certdata <certificate string> specifies the string containing the certificate datayou want to use.

• -certgen generates and sets a certificate for the VFS.

• -rmcert removes the certificate from the VFS.

• <comment_string> specifies any additional textual information.

• -bgrace <time> specifies the block grace time in seconds for quotas within the VFS.

• -igrace <time> specifies the inode grace time in seconds for quotas within the VFS.

• <fpg_name> specifies the name of an existing FPG in which the VFS should be modified.

• <vfs> specifies the name of the VFS to be modified.To modify settings for Virtual File Servers with the SSMC, follow these steps:1. On the main menu in the SSMC, select File Persona > Virtual File Servers.2. In the list pane, select the VFS, and then select Edit on the Actions menu.3. Follow the instructions on the dialog that opens.

Backing up and Restoring Configuration Settings for Virtual File ServersThe backupfsconf command creates a configuration backup for a VFS. A configuration backupfile is created with a standard name in the .admin File Store under the VFS in a directory namedconfigbackup. One backup file is created for each VFS. Any subsequent backups overwritethe backup file.


NOTE: The backup process does not cover settings made outside the VFS. Those settingsshould be recorded for further reference using the showfs subcommands and the showfsavcommand. The settings made at a higher level than the VFS with setfs and setfsav are notincluded in this restoration process and should be configured before attempting the VFSrestoration.

The restorefsconf command restores a configuration backup for a VFS. The FPG and VFSnames must match before a restore can be done. The restorefsconf command will restorethe configuration defined by the configbackup file located in the .admin File Store under theVFS in a directory named configbackup.

WARNING! Generally, configuration backups for a VFS cannot be restored on older versionsof software. If you revert the software to a previous version, you should run a new configurationbackup to ensure that it will be able to be restored in that version of software.

When a File Share is restored, it has the default permissions used for newly created File Shares.The permissions that were in place when the source FPG was backed-up with the backupfsconfcommand are not restored. You must back up the share folder permissions as part of backingup the files with a backup application, or you will need to reconfigure the share folder permissionsmanually after the restore operation.To back up configuration settings for a VFS using the CLI, issue the following command:backupfsconf [-fpg <fpg_name>] <vfs>

where,• <fpg_name> specifies the name of an existing FPG in which the VFS should be backed

up.• <vfs> specifies the name of the VFS to be backed up.Do the following to complete the configuration backup:1. Create a share of the source .admin File Store with no sharedir specified. After the

.adminshare is created and exported, copy the configbackupfile contents off or have it backedup over share access using a supported backup application.

2. Once the share is configured, the process of executing the backupfsconf command andbacking up the generated contents using a supported backup application should be repeatedperiodically.

When a restoring a VFS from a backup, you must do the following before running therestorefsconf command:1. If this is a system level restore, manually reconfigure any global settings.2. Create a share of the target .admin File Store with no sharedir specified. After the .admin

share is created and exported, copy the previously backed up configbackupfile contentsback to the share, or have it restored over share access using a supported backup application.

3. Execute the restorefsconf command.4. Copy the configbackup directory and contents from the source server to the destination

server .admin directory with the same FPG and VFS name.The backed-up VFS IP address is recreated during restore. It will fail if there is any IP addressalready assigned to the VFS. Before using the restorefsconf command, use the removefsipcommand to remove any IP address previously assigned to the VFS . If any IP address existsin a VFS, then the restorefsconf command might fail.To restore configuration settings for a VFS using the CLI, issue the following command:restorefsconf [-fpg <fpg_name>] <vfs>


where,• <fpg_name> specifies the name of an existing FPG in which the VFS should be restored.

• <vfs> specifies the name of the VFS to be restored.After the restore operation completes successfully, verify the restore operation by examining thedirectory structure under the VFS. For more information about the restorefsconf command.See the HPE 3PAR Command Line Interface Reference.

Configuring Network Settings for Virtual File Servers

Displaying Network Settings for Virtual File ServersTo display network settings for a VFS using the CLI, issue the following command:showvfs [options]

where,

• -d displays detailed output.

• -fpg <fpg> limits the display to VFSs contained within the FPG.

• -vfs <vfs> limits the display to the specified VFS name.

• You also can use the display the network configuration of a VFS with the showfsip [-fpg<fpg>] <vfs> command, where:

◦ -fpg <fpg> specifies the FPG in which the VFS was created.

◦ <vfs> specifies the VFS name to which the display is limited.

Network settings for a VFS are available in the Overview pane when a VFS is selected in theSSMC.

Assigning IP Addresses to Virtual File ServersTo assign an IP address to a VFS using the CLI, issue the following command:createfsip [-vlantag <tag>] <ipaddr> <subnet> <vfs>

where,

• <tag> specifies the VLAN tag used for the VFS IP address (VFSIP).

NOTE: If the selected VLAN tag does not match that of the node IP, clients must be onthe same subnet to access shares, unless at least one relevant static route is defined.

• <fpg_name> specifies the name of the FPG to which the VFS belongs.

• <ipaddr> specifies the IPv4 address assigned to the VFS.

NOTE: IPv6 is not supported.

• <subnet> specifies the subnet for the IP address used in the <ipaddr> variable.

• <vfs> specifies the name of the VFS you are creating.Multiple IP addresses can be used in disaster recovery solutions. An alternate IP address canbe configured for a VFS when using Remote Copy to replicate an FPG to another array. Whenthe FPG and VFS are activated on the other array, the IP address will be ready for use.Verify changes with the showfsip command. For more information about the createfsip andshowfsip commands, see the HPE 3PAR Command Line Interface Reference.Use the following procedure to assign an IP address to a VFS using the SSMC:1. On the main menu, select File Persona > Virtual File Servers.


2. In the list pane, select the VFS, and then select Edit on the Actions menu.3. In the Networking panel on the dialog that opens, click Add.4. Follow the instructions on the dialog that opens.

Modifying Network Settings of Virtual File ServersTo modify an IP address for a VFS using the CLI, issue the following command:setfsip [options] <vfs> <id>

where,<tag> specifies the VLAN Tag to be used.<ipaddr> specifies the new IP address.<subnet> specifies the new subnet mask.<fpg_name> specifies the FPG in which the VFS was created.-f specifies that the operation is forced. If this option is not used, the command requiresconfirmation before proceeding with its operation.<vfs> specifies the VFS which is to have its network configuration modified.<id> specifies the ID for the network configuration.Use the following procedure on the SSMC to add and edit the virtual IP addresses of VFSs forthe File Persona on a storage system:1. On the main menu in the SSMC, select File Persona > Virtual File Servers.2. In the list pane, select the VFS, and then select Edit on the Actions menu.3. In the Networking panel on the dialog that opens, click the edit icon ( ).4. Follow the instructions on the dialog that opens.

Removing Network Settings from Virtual File ServersTo remove an IP address to a VFS using the CLI, issue the following command:removefsip [options] <vfs> <id|ip>

where,<fpg_name> specifies the FPG name in which the VFS was created.-f specifies that the operation is forced. If this option is not used, the command requiresconfirmation before proceeding with its operation.<id|ip> specifies the ID/IP for the network configuration.<vfs> specifies the VFS which is to have its network configuration removed.Use the following procedure to remove an IP address to a VFS using the SSMC:1. On the main menu in the SSMC, select File Persona > Virtual File Servers.2. In the list pane, select the VFS, select the Actions menu, and then select Edit.3. Click the X next to the IP address you want to remove.

Deleting Virtual File ServersOnly an empty VFS can be deleted. If the VFS contains File Stores that are not prepared fordeletion, you must first prepare the File Stores for deletion, or remove them. See Removing FileStores.To delete an empty VFS (after removing the File Stores) and its underlying components fromthe system using the CLI, issue the following command:removevfs [-f] [-fpg <fpg_name>] <vfs>

where,


-f specifies that the command is forced. If this option is not used, the command requiresconfirmation before proceeding with its operation.<fpg_name> specifies the name of the parent FPG.<vfs> specifies the name of the containing VFS.1. On the main menu in the SSMC, select File Persona > Virtual File Servers.2. In the list pane, select the VFS, select the Actions menu, and then select Delete.3. If you are not sure that this VFS should be deleted, click Cancel; otherwise, click Delete to

start the action and close the dialog.

Managing File StoresHPE 3PAR SSMC can automatically create File Stores whenever you create File Shares. Youcan specify the properties and settings of File Stores on a storage system. For example, you canspecify File Store names, the parent VFS, and additional settings such as antivirus scan policiesand quotas for file sizes and number of files.

Tip: Tasks for working directly with File Stores are considered advanced tasks.If the File Stores screen is not listed in the SSMC main menu, you can add it fromthe Global Settings screen.When a VFS is created, a File Store with the name .admin also is automaticallycreated. The .admin File Store is used as part of the Antivirus, Quotas, andConfiguration Backup features. See the following sections for more details:“Managing Quarantine Settings and Files” (page 70).“Archiving and Restoring Quota Settings” (page 61).“Backing up and Restoring Configuration Settings for Virtual File Servers”(page 30).

Creating File StoresTo create a File Store and its underlying components from the system using the CLI, issue thefollowing command:createfstore [-comment <comment>] [-fpg <fpg_name>] <vfs> <fstore>

where,<fpg_name> specifies the name of the FPG.<comment> specifies the textual description of the fstore.<vfs> specifies the name of the VFS.<fstore> specifies the name of the File Store to be created.To create a File Store using the SSMC, follow these steps:1. On the main menu in the SSMC, select File Persona > File Stores.2. Click + Create File Store or select Create on the Actions menu.3. Follow the instructions on the dialog that opens.

Displaying Information and Configuration Settings for File StoresTo display information and configuration settings for File Stores and their underlying componentsusing the CLI, issue the following command:showfstore [-fpg <fpg_name>] [-vfs <vfs>] [-fstore <fstore>]]]

where<fpg_name> limits the display to a VFS contained within the specified FPG.<vfs> limits the display to the specified VFS.


<fstore> limits the display to the specified File Store.To display information and configuration settings for File Stores using the SSMC, select FilePersona > File Stores.

Modifying File StoresTo modify configuration settings for File Stores and their underlying components using the CLI,issue the following command:setfstore [-comment] [-fpg <fpg_name>] <vfs> <fstore>

where,<comment> specifies any addition textual information.<fpg_name> specifies the name of the parent FPG.<vfs> specifies the name of the containing VFS.<fstore> specifies the name of the File Store to be modified.To create a File Store using the SSMC, follow these steps:1. On the main menu in the SSMC, select File Persona > File Stores.2. In the list pane, select the File Store, and then select Edit on the Actions menu.3. Follow the instructions on the dialog that opens.

Removing File StoresYou must prepare the File Stores for deletion before removing them. To prepare File Stores fordeletion:1. Remove all snapshots.2. Remove all files and folders from the File Store, from the share of the root of the File Store.3. Remove all shares.

IMPORTANT: Once the File Store removal operation has started, if it has to completesuccessfully in order to have all the corresponding snapshots be removed successfully, otherwisethere might be some snapshots that may still exist and therefore the result would be unpredictable.

To remove a File Store and its underlying components from the system using the CLI, issue thefollowing command:removefstore [-f] [-fpg <fpg_name>] <vfs> <fstore>

where,-f specifies that the command is forced. If this option is not used, the command requiresconfirmation before proceeding with its operation.<fpg_name> specifies the name of the parent FPG.<vfs> specifies the name of the containing VFS.<fstore> specifies the name of the File Store to be removed.Verify changes with the showfstore command. For more information about the removefstoreand showfstore commands, see the HPE 3PAR Command Line Interface Reference.Use the following procedure to remove a File Store using the SSMC:1. On the main menu in the SSMC, select File Persona > File Stores.2. In the list pane, select the File Store, and then select Delete on the Actions menu.3. Follow the instructions on the dialog that opens.

Managing File Stores 35

Managing File Store SnapshotsIMPORTANT: Snapshots of HPE 3PAR File Stores are not the same as snapshots of virtualvolumes. File Store snapshots are redirect-on-write (ROW) instantaneous snapshots, which donot require any space reservations. There are 1024 snapshots supported per File Store.

Creating File Store SnapshotsTo create a snapshot of a File Store on a VFS using the CLI, issue the createfsnap [-retain<retain_count>] [-f] [-fpg <fpg_name>] <vfs> <fstore> <tag> command,where:

• <retain_count> is the number of snapshots to retain for the specified File Store with thespecified <tag>. Snapshots exceeding the count will be deleted beginning with the oldestsnapshot. The valid range of snapshots to retain is from 1 to 1024. If the -retain optionwith a given <retain_count> value is included in the execution of the command and thecount value for the specified tag has already been reached, the oldest snapshot is deletedbefore the new snapshot is created. If the command fails to create the new snapshot, thedeleted snapshot will not be restored.

• -f specifies not to ask for confirmation before creating a snapshot with retention count(<retain_count>). This option is ignored if option -retain is not specified.

• <fpg_name> specifies the name of the FPG to which the VFS belongs. If the FPG name isnot specified, the command discovers the name based on the specified VFS. If the VFSname exists in multiple FPGs, the FPG name must be specified.

• <vfs> specifies the VFS to which the File Store belongs.

• <fstore> specifies the name of the File Store of which you are creating the snapshot.

• <tag> specifies a suffix to be appended to the timestamp of snapshot creation to form asnapshot name in the format <timestamp>_<tag>. The timestamp is in ISO8601 dateand time format.If “snapshot1” is specified as the value of <tag>, the snapshot name will be, for example,2015–12–17T215020_snapshot1.

Verify changes with the showfsnap command.To create a File Store snapshot using the SSMC, follow these steps:1. On the main menu in the SSMC, select File Persona -> Virtual File Servers -> Actions ->

Create file snapshot.2. Follow the instructions on the dialog that opens.

Scheduling the Creation of File Store SnapshotsTo schedule the creation of File Store snapshot using the CLI, issue the createsched[options] <cmd> <taskschedule> <schedname> command, where:-run_once specifies that the task will only run once at the specified time.-no_alert specifies that tasks will not generate alerts if the task fails.-f does not detect when a new scheduled task exceeds the recommended number of scheduledtask starts per minute. Also does not ask for confirmation to create the new scheduled task.<cmd> specifies that it is either a CLI command or script that has been distributed by HPE 3PAR.Can be up to 127 characters in length.<taskschedule> specifies the use of a crontab-style schedule. Each field can be up to 127characters in length.


<schedname> specifies the name given to the schedule. The name can be up to 31 charactersin length.See the HPE 3PAR Command Line Interface Reference for additional details.

Recovering File Store SnapshotsTo recover a snapshot on Windows, use the Previous Versions tab to recover the files.To recover a snapshot on any platform:1. Navigate into the .snapshot directory at the top of the FStore directory. The .snapshot

directory exists in the File Store so you can access the File Store through an export shareof NFS ,SMB, or Object access then navigate to the /FPG/VFS/FStore/.snapshotdirectory to verify the snapshot file to restore.

2. Open a snapshot folder matching the date of the file you want to recover.3. Locate the file and copy it to the original directory.

NOTE: Since File Store snapshots are read only, moving files from a snapshot back to theoriginal folder is not supported, and should not be attempted. Always use a copy operation whenrecovering files from a snapshot.

For example, if a file is accidently deleted in /FPG1/VFS_X/FStore_Y/user_one/photos/the snapshot of the file is located in/FPG1/VFS_X/FStore_Y/.snapshot/Monday-10-01-2014/user_one/photos/.

Displaying File Store SnapshotsTo display the snapshots of a File Store on a VFS, issue the showfsnap [-fpg <fpg_name>][-vfs <vfs>] [-fstore <fstore>] [-pat <pattern>|<snapname>] command,where:

• <fpg_name> specifies the name of the FPG. This option limits the display of snapshots tothose associated with the specified FPG.

• <vfs> specifies the VFS to which the File Store belongs. This option limits the snapshotoutput to those snapshots associated with the specified VFS.

• <fstore> specifies the name of the File Store for which you are displaying snapshots. Thisoption limits the display to snapshots associated with the specified File Store.

• <pattern>|<snapname> displays those snapshots with names matching a glob-stylepattern, or displays a specified snapshot. Use the -pat option with a given <pattern>value to specify a glob-style pattern or the <snapname> specifier to display a given snapshotby name. The -pat option must be used in order to specify patterns with the <pattern>value. Patterns can be repeated using a comma-separated list.

For more information about the showfsnap command, see the HPE 3PAR Command LineInterface Reference.You can search for and display snapshots with specific tag names with the SSMC in the FileSnapshots detail pane of the Virtual File Server or File Store screens.

Removing File Store SnapshotsTo delete or remove a File Store snapshot from a VFS using the CLI, issue the removefsnap[-f] [-fpg <fpg_name>] [-snapname <snapname>] <vfs> <fstore> command,where:

• -f specifies not to ask for confirmation before removing a snapshot.

• <fpg_name> specifies the name of the FPG to which the VFS belongs. If the FPG name isnot specified, the command discovers the name based on the specified VFS. If the VFSname exists in multiple FPGs, the FPG name must be specified.

Managing File Store Snapshots 37

• [-snapname <snapname>] specifies the name of the snapshot you are removing. If thisis not specified, all snapshots of the File Store specified by <fstore> will be removed.

• <vfs> specifies the VFS to which the File Store belongs.

• <fstore> specifies the name of the File Store of which you are removing the snapshot.

NOTE: If the name of the snapshot is not specified, all of the snapshots of the File Store areremoved.

Verify changes with the showfsnap command. For more information about the removefsnapand showfsnap commands, see the HPE 3PAR Command Line Interface Reference.You can also search for and delete snapshots with specific tag names using the SSMC to displaymatching snapshots in the File Snapshots detail pane of the Virtual File Server or File Storescreens. You can then select the displayed snapshots and delete them.

Reclaiming Storage Space from Deleted SnapshotsUse the startfsnapclean command to start a snapshot space reclamation task on an FPG.Any space from snapshots which are marked as deleted is reclaimed and made available to theFPG.

NOTE: Only one snapshot space reclamation task can be run on an FPG at one time.

To reclaim space from deleted snapshots of a File Store using the CLI, issue thestartfsnapclean [-resume] [-reclaimStrategy {<maxspeed>|<maxspace>}]<fpg_name> command, where:

• <fpg_name> specifies the name of the FPG from which the File Store snapshots will beremoved.

• -resume starts a previously paused snapshot space reclamation task.

• -reclaimStrategy <maxspeed>|<maxspace> specifies the strategy or preference forthe reclamation task. The <maxspeed> option specifies the task is optimized for speed. The<maxspace> option specifies the task is optimized for reclaiming the maximum amount ofspace.

NOTE: Use the stopfsnapclean command to stop or pause a File Store snapshot reclamationtask started with the startfsnapclean command.

View the status of snapshot reclamation tasks with the showfsnapclean command. For moreinformation about the startfsnapclean and showfsnapclean commands, see the HPE3PAR Command Line Interface Reference.To reclaim file snapshot space using the SSMC, follow these steps:

Reclaiming file snapshot space from a File Provisioning Groups screen1. On the main menu in the SSMC, select File Persona > File Provisioning Groups.2. In the list pane, select the File Provisioning Group, and then select Manage file snapshot

reclaim tasks, or Reclaim file snapshot space on the Actions menu.3. Follow the instructions on the dialog that opens.

Reclaiming file snapshot space from a Virtual File Servers screen1. On the main menu in the SSMC, select File Persona > Virtual File Servers.2. In the list pane, select the VFS, and then selectReclaim file snapshot space on theActions

menu.3. Follow the instructions on the dialog that opens.


Stopping a Snapshot Space Reclamation TaskUse the stopfsnapclean command to stop or pause a snapshot space reclamation task onan FPG.To stop or pause a File Store snapshot reclamation task for an FPG using the CLI, issue thestopfsnapclean [-pause]<fpg_name> command, where:

• <fpg_name> specifies the name of the FPG for which the File Store snapshot reclamationtask will be paused or stopped.

• -pause specifies the snapshot space reclamation task is temporarily paused until it is startedagain. If this option is not specified, the snapshot space reclamation task is permanentlystopped.

NOTE: Use the startfsnapclean command to resume a paused task.

View the status of a snapshot reclamation task with the showfsnapclean command. For moreinformation about the stopfsnapclean and showfsnapclean commands, see theHPE 3PARCommand Line Interface Reference.To stop a snapshot space reclamation task using the SSMC, follow these steps:1. On the main menu in the SSMC, select File Persona > File Provisioning Groups screen

> Manage File Snapshots Reclaim Tasks.A list of file snapshot reclaim tasks is displayed.

2. To specify that a running task is to be stopped, click Stop. In the Task State column, thestate will change to stop.

3. Click OK to start the stop action and close the dialog.

Displaying the Status of a Snapshot Space Reclamation TaskTo display the status of a File Store snapshot reclamation task on an FPG using the CLI, issuethe showfsnapclean <fpg_name> command, where:

• <fpg_name> specifies the name of the FPG for which the File Store snapshot reclamationtask will be paused or stopped.

View the status of a snapshot reclamation task with the showfsnapclean command. Thecommand displays active snap reclamation tasks as well as historical tasks that were completedor stopped earlier. It restricts the records to the last 20 to 22 tasks or maintains a history up to30 days (whichever is a smaller set). For more information about the stopfsnapclean andshowfsnapclean commands, see the HPE 3PAR Command Line Interface Reference.To display the status of a snapshot space reclamation task using the SSMC, follow these steps:1. On the main menu in the SSMC, select File Persona > File Provisioning Groups screen

> Manage File Snapshots Reclaim Tasks.A list of file snapshot reclaim tasks is displayed.You can filter the list by entering text in the Search box. When filtered, the list shows onlythe items that contain the search text in the list columns.

2. When you have completed your choices, click OK to start any action and close the dialog.

Managing Block Volume SnapshotsCreating Block Volume Snapshots

You can create snapshots of virtual volumes and of virtual volume sets.

Managing Block Volume Snapshots 39

Creating Snapshots of Virtual VolumesTo create snapshot of a virtual volume, follow these steps:1. On the main menu in the SSMC, select Block Persona > Virtual Volumes.2. In the list pane, select the virtual volume, and then select Create snapshot on the Actions

menu.3. Follow the instructions on the dialog that opens.

Creating snapshots of Virtual Volume SetsTo create snapshot of a virtual volume set, follow these steps:1. On the main menu in the SSMC, select Block Persona > Virtual Volume Sets.2. In the list pane, select the virtual volume set, and then select Create snapshot on the

Actions menu.3. Follow the instructions on the dialog that opens.

Displaying Block Volume Snapshots

Modifying File Store SnapshotsTo edit a file store snapshot, follow these steps:1. On the main menu in the SSMC, select Block Persona > Virtual Volumes.2. In the list pane, select the snapshot and then select Edit on the Actions menu.3. Follow the instructions on the dialog that opens.

Managing File SharesFile Persona File Shares are the logical containers on a storage system that hold the files thatusers and groups can access over a network. A File Share can be thought of as a folder, forexample, a folder named home.NFS, SMB, and Object share types are supported. Properties and settings for File Shares includeshare type, share path, client filters list, read/write permissions, and access privileges. Each FileShare has a share path that specifies the File Store for the File Share and the VFS.

NOTE: SMB shares also can be managed from a Windows client via the Microsoft ManagementConsole (MMC).

Overview of Types of File SharesThe File Persona software supports access by clients through the SMB, NFS, and HPE 3PARObject Access API protocol. The different share types are managed through a common set ofcommands, with some unique parameters to support the specific features of each protocol.Windows and Linux NFSv3 use significantly different methods to process permissions. Windowscombines access from all of the ACEs on the file to determine if the user has the requestedaccess. In NFSv3, Linux proceeds through a hierarchy and determines the user’s permissionsfrom one of the mode bit fields (user, group, or other). In the NFSv3 Linux behavior, it is possibleto get inverted priorities – where others have more permissions than the owner. In Windows’ACL implementation, it is not possible to get such an inversion.

SMB Protocol SupportThe SMB protocol is the default protocol used by the Windows clients, but there are also Mac,Linux, and Samba clients, which use the SMB protocol to connect to an SMB file server.The File Persona software supports SMB 3.0, 2.1, 2.0, or 1.0.


Features and Limitations of SMB

• SMB 3.0 Offloaded Data Transfer (ODX) is supported to minimize network bandwidth forfile copies between two locations of the storage array. Offloaded data transfers are notpersistent across failover operations. If a file copy using ODX is interrupted during a failover,or assignment of an FPG to a new primary node, retry the data transfer.

• NTFS-style alternate data streams (ADS) are supported via SMB shares for associatingadditional data with files. The File Persona represents file streams internally as independentfiles, which require some overhead to manage. Having antivirus enabled may further reducethe performance of stream based operations.

• While an NTFS-based file system allows groups to be owners of files and folders, thePOSIX-compatible nature of the FPG means that groups are not supported as owners offiles. Be sure to assign users as the owners of files and folders.

• You can use the Shared Folders Microsoft Management Console (MMC) snap-in to manageFile Shares for a Virtual File Server. Shared Folders enables you to create File Shares andset permissions, as well as view and manage open files and users connected to File Shareson the Virtual File Server. The following functionality is supported by the File Persona viathe MMC:

◦ Share a Folder

◦ Stop Sharing a Folder

◦ Close an Open File

◦ Disconnect a User

◦ Set Permissions for Shared Folders

◦ Configure Offline Availability for a Shared Folder

NOTE: Functionality to limit the number of users of a shared folder is not supported bythe File Persona.

• Members of local Administrators group for the File Persona (as seen in "showfsgroup -dAdministrators") are able to manage shares through the MMC. Users or groups from thelocal, LDAP, or Active Directory authentication providers can be added to this group to enablesuch management.

NOTE: To successfully manage shares on the File Persona, the user who manages sharesthrough MMC also should be a member of the local Administrators group on the client runningthe MMC.

NFS Protocol SupportThe NFS protocol is the default protocol used by the Linux/UNIX clients designed to beindependent of machine architecture, OS, network architecture, and transport protocol by usingremote procedure call (RPC) calls.The File Persona software supports NFSv4.0 and v3.0, and supports variety of Linux/UNIX clientoperating system.For more information about interoperability, see the SPOCK website:SPOCK (http://www.hpe.com/storage/spock)

Managing File Shares 41


HPE 3PAR Object Access API SupportThe File Persona software also supports access to directories and files using the HPE 3PARObject Access API. Using the HTTP protocol, you can integrate direct file access into applications.The object access API supports the following operations:

• Creating, replacing, renaming, downloading, retrieving information about, and deleting a file

• Creating, retrieving content and information about, and deleting a directory

• Changing owner and user permissions

• Changing groups

• Setting, retrieving, and removing extended attributes

• Committing data to a diskFor more information, see the HPE 3PARObject Access API Reference, available at the followingwebsite:HPE Storage Library (http://www.hpe.com/info/storage/docs)

Creating File SharesFile shares can be created for multiple supported protocols. However, creating shares allowingwrite access from multiple protocols to the same file store is generally not supported. Seehttp://www.hpe.com/info/3par/filepersona/shareconfig for details on configuring cross-protocolaccess to a File Store in a supported configuration.To create a file share for cross-protocol support using the CLI, issue the following command:createfshare {smb|nfs|obj} [options <arg>] <vfs> <sharename>

where,

• smb creates an SMB File Share.

• nfs creates an NFS File Share.

• obj creates an object File Share.

• -fpg <fpg_name> specifies the FPG the <vfs> belongs to. If this is not specified, thecommand will find out the FPG based on the specified <vfs>. However, if the <vfs> existsunder multiple FPGs, -fpg must be specified.

• -fstore <fstore> specifies the file store under which the share will be created. Ifthis is not specified, the command uses the <sharename> as the file store name. Thefile store will be created if it does not exist.

• -sharedir <sharedir> specifies the directory path to share. It can be a full path startingfrom "/", or a relative path under the File Store. If this is not specified, the share created willbe rooted at the file store. If a relative path is specified, option -fstore must bespecified.

• -comment <comment> specifies any comments or additional information for the share.The comment can be up to 255 characters long. Unprintable characters are not allowed.

• -f specifies that the command is forced. When creating a share of a second protocol typefor a given File Store, if this option is not used, the command requires confirmation beforeproceeding with its operation.


http://www.hpe.com/info/storage/docs

http://www.hpe.com/info/3par/filepersona/shareconfig

Creating SMB File SharesThe command createfshare smb is used to create SMB file shares:createfshare smb [options <arg>] <vfs> <sharename>

The list below provides the possible options for the createfshare command:

• -abe {true|false}

Access Based Enumeration — Specifies whether users can see only the files and directoriesto which they have been allowed access on the shares. The default is false.

• -allowip <iplist>

A list of all the client IP addresses that are allowed access to the share should be includedhere. Use commas to separate the IP addresses. The default is "", which allows all IPaddresses (i.e. empty means all are allowed).

• -denyip <iplist>

A list of all client IP addresses that are denied access to the share should be included here.Use commas to separate the IP addresses. The default is "", which denies none of IPaddresses (that is, empty means none is denied).

• -allowperm <permlist>

specifies a list of permission(s) that a user or a group is allowed in order to access the share.<permlist> must be specified in following format:<user1>:<perm1>, <user2>:<perm2>,.... The <user> is a user or a group name.<perm> must be either "fullcontrol", "read", or "change".

NOTE: The allowperm option controls the share permissions. In addition, a user needsto have access to the folder associated with the share in order to be granted access. Usethe acl/mode/owner/group option in the setfshare command to control the folderpermissions.

• -denyperm <permlist> specifies the permission(s) that a user or group is denied toaccess the share. <permlist> must be specified in the following format:"<user1>:<perm1>,<user2>:<perm2>,...The specification of <user> for deny permissions uses the same rules as allow permissionsshown above.

• -cache {off|manual|optimized|auto} specifies client-side caching for offline files.Valid values are:

◦ off: The client must not cache any files from this share. The share is configured todisallow caching.

◦ manual: The client must allow only manual caching for the files open from this share.

◦ optimized: The client may cache every file that it opens from this share. Also, theclient may satisfy the file requests from its local cache. The share is configured to allowautomatic caching of programs and documents.

◦ auto: The client may cache every file that it opens from this share. The share isconfigured to allow automatic caching of documents. If this is not specified, the defaultis "manual".

• -ca {true|false} specifies whether the SMB continuous availability featuresshould be enabled for this share. If nothing is specified, the default is "true". Having thecontinuous availability feature enabled allows transparent migration of shares


between nodes during software upgrades, or when otherwise migrating an FPG betweenthe nodes of a node pair. There is some performance impact when having this featureenabled due to write caching being disabled for the share.

Configuring a UserA user can be configured using one of the following methods:

• To configure a user locally use the following command:createfsuser,where the <user> option specifies the particular user.Example: -allowperm user1:fullcontrol.

• A user on Active Directory should to be configured using the following command:setfs ad

where the <domain> option should be used to specify the Active Directory domain. Theformat for specifying the domain is "<domain>\\<user>" or "<ad-netbios>\\<user>".Example: -allowperm example.com\\aduser:fullcontrol.

• A user on an LDAP server should be configured using the following command:setfs ldap

where the <ldap-netbios> option is used to create an LDAP configuration. The formatfor specifying the LDAP configuration is <ldap-netbios>\\<user>Example: -allowperm ldaphost\\ldapuser:read.

Difference between “Everyone” and “All Users”"Everyone" is a special user for all users and groups. Granting “Everyone” access from SMBdoes not allow all Active Directory static users the ability to read from NFS.“Everyone” can be granted access to files or folders from the SMB share, but some users maystill be denied access over NFS. If a user attempts access to an NFS file or folder and “Everyone"is part of a group that does not have access to the file or folder, then the user will be deniedaccess because NFS checks the "user" and "group" access permissions before checking the"other" access permissions which is where "Everyone" is mapped to. This is how “Everyone”(SMB) and “other” (NFS) differ from "all users".

IMPORTANT:In order to grant "all users" access to the NFS files or folders from SMB, grant the userand/or group the same permissions that are granted to “Everyone” in order to allow “allusers” access to an NFS target file or folder.

NOTE:Windows 2012 SMB/NFS shares does not have this NFS access issue. Windows Sharesautomatically applies the additional user/group permission(s) when access to ”Everyone” isadded.If not specified, no default permissions will be allowed for the new shares, which sets the samedefault as a Windows Server 2012 R2 server would. This is to avoid a system administratorinadvertently allowing any non explicitly specified user to access the SMB share.


Granting SMB Administrators the Required Share Access PermissionsThere could be a situation when the Administrator is assumed to have access permissions tofiles and/or folders in a share but in actuality the Administrator does not have them. If only asingle user is setup in the Share Permissions, e.g., Jimmy:fullcontrol, then an SMBAdministrator will not be able to access the files and/or folders in the share. Only the configureduser (Jimmy in this example) would have access. An attempt to map the share as an Administratorshall fail.Administrators cannot overrule the Share Permissions for a share. If the Share Permissions listdoes not include the administrator (or a group containing the Administrator, such as "Everyone"or "Builtin\Administrators") then the Administrator is denied access to the files and/or folders inthe share.File Persona SMB shares operate slightly differently than Windows SMB shares:

• On a File Persona SMB share, if an Administrator is not granted access in the SharePermissions for a share, the net use command attempting to map the share fails; thuspreventing access to the files and/or folders in the share.

• On a Windows SMB share, if an Administrator is not granted access in the Share Permissionsfor share, the net use command attempting to map the share shall succeed, but theAdministrator will not be permitted to read or write any files and/or folders in the share.

In both the cases, the Administrator does not have access to the files and folders in the share.

NOTE: Although the Administrator in this situation cannot access the share, the Administratorcan somehow still get access to the share within the SMB protocol if needed. The Administratorcan use the MMC console to change the share's settings, including the Share Permissions forthe share. The Administrator still has the required authority to access the files and/or folders inthe share if needed by changing the permission list to grant the Admin access.

Solution to Granting the Administrator the Required AccessThe following is the recommended solution for cases where a single user has access to a sharebut the Administrator does not and is expected to have access to the files and/or folders in theshare:Include a Share Permissions for Builtin\Administrators:fullcontrol in additionto the user who is supposed to get access to the files and/or folders. TheBuiltin\Administrators group includes the Domain Administrator and Local Administratorby default.

• To specify Builtin\Administrators from SSMC GUI/CLI, use the string"B-LOCAL_CLUSTER\Administrators".

• To specify Builtin\Administrators from Windows MMC, use the IP address of the VFS of theshare instead of "B-LOCAL_CLUSTER". Example: "11.22.33.44\Administrators"

Creating a Share from MMC ConsoleAdding Active Directory users to the B-LOCAL_CLUSTER\Administrators group of server isnot sufficient for a Windows client (in the same Active Directory domain) to allow them to createa share from the MMC console. To allow a user to create a share, the Active Directory user mustbe added to the Local Administrators group of the Windows client first. Then the user must logout from all sessions connected to the client and log in again. This will allow the user to createshare from MMC.Another way is to disable the UAC settings of the Windows client. Refer to the following links forchanging UAC settings:https://technet.microsoft.com/en-us/library/cc709691%28v=ws.10%29.aspx


https://technet.microsoft.com/en-us/library/cc709691%28v=ws.10%29.aspx

https://gallery.technet.microsoft.com/Registry-Key-to-Disable-UAC-45d0df25

WARNING! Disabling UAC may make the system vulnerable and should be avoided.

Creating NFS File SharesTo create an NFS file share issue the following command:createfshare nfs [options <arg>] <vfs> <sharename>


• -fpg <fpgname> specifies the file provisioning group (FPG) that the <vfs> belongs. If thisis not specified, the command will find out the FPG based on the specified <vfs>. However,if <vfs> exists under multiple FPGs, -fpg must be specified.

• -fstore specifies the file store under which the share will be created. If this is not specified,the command uses the <sharename> as the file store name. The file store will be createdif it does not exist. If you specify this option to create a file share, you will have to specify itwhen you set or remove the share using setfshare/removefshare.

• -sharedir <sharedir> specifies the directory path to share. It can be a full path startingfrom "/", or a relative path under the file store. If this is not specified, the share created willbe rooted at the file store. If this option is specified, option -fstore must be specified.

• -f specifies that the command is forced.The nfs is a subcommand of the createfshare command. The following options are specificto the nfs subcommand.

• -options <options> specifies options to use for the share to be created. Standard NFSexport options except "no_subtree_check" are supported.Do not enter option "fsid", whichis provided. If not specified, the following options will be automatically set: sync, auth_nlm,wdelay, sec=sys, no_all_squash, crossmnt, secure, subtree_check,hide, root_squash, ro.

• -clientip <clientlist> specifies the clients that can access the share. The NFS clientcan be specified three ways:

◦ Specify the nameExample: sys1.hpe.com

◦ Specify the name with a wildcardExample: *.hpe.com

◦ Specify the IP address. Use comma to separate the IP addresses. If this is not specified,the default is "*"

NOTE: When restricting access to domain NFS shares, a fully qualified domain name(FQDN) of the host has to be specified. If the wildcard option is used when specifying theclient IP there might be an issue. Reverse lookup needs to be setup to allow clients onthe domain access to mount the share. When configuring Reverse lookup configure theFQDN and not an alias.Example: sys1.hpe.comDo not use an alias: sys1

Creating Object File SharesThe following options are specific to the createfshare obj [options <arg>] <vfs><sharename> subcommand:


https://gallery.technet.microsoft.com/Registry-Key-to-Disable-UAC-45d0df25

-ssl {true|false} specifies if SSL is enabled. The default is false.

NOTE: To enable SSL, the VFS must have a valid certificate configured.

-urlpath <urlpath> specifies the URL that clients will use to access the share. If this is notspecified, the command uses <sharename> as <urlpath>.<vfs> specifies the VFS under which the File Store, if it does not exist, and the share will becreated.<sharename> specifies the share name to be created.

Creating a File Share Using the SSMCUsing the SSMC, open the File Persona screens and select the File Shares screen to createand manage one or more File Shares on each of the VFSs. You can also open the File Storesscreen or the Virtual File Servers screen and select Create File Share.To create a File Share using the SSMC, follow these steps:

Creating a File Share from a File Shares screen1. On the main menu in the SSMC, select File Persona > File Shares.2. Click + Create File Share or select Create on the Actions menu.3. Follow the instructions on the dialog that opens.

Creating a File Share from a Virtual File Servers screen1. On the main menu in the SSMC, select File Persona > Virtual File Servers.2. Click Create File Share.3. Follow the instructions on the dialog that opens.

Modifying Configuration Settings for File SharesTo modify File Share settings for cross-protocol support using the CLI, issue the followingcommand:setfshare {smb|nfs|obj} [options <arg>] <vfs> <sharename>

where,smb sets File Share options for SMB.nfs sets File Share options for NFS.obj sets File Share options for Object.The following options are available for all subcommands:

• -acl [+|-]<permlist> specifies the access control list (ACL) permissions that areallowed on a share directory. This option cannot be used when -mode is used. Setting ACLpermissions can break cross-protocol functionality if used improperly, and may cause lossof modebits information. A warning prompt is displayed to the users asking if they wish toproceed.

NOTE: Caution is required when using the -acl, -mode, -user, and -group commandsto ensure the resulting settings are appropriate for the protocol through which file writes anddirectory creations are going to occur. See http://www.hpe.com/info/3par/filepersona/shareconfig for details on configuration of permissions for proper behavior. Generally, the-acl option should be used for shares with SMB based writers and the -mode option shouldbe used with NFS/OBJ based writers.

The <permlist> contains the list of access control entries (ACEs). Use commas to separateACEs. Each ACE contains four values named type, flag, principal, and permissions. Thesefour values should be separated by a ":".




NOTE: The format of the ACE corresponds to the NFSv4 ACL format. See linux nfs4_acl(5) man page for additional information.

For example: A:fd:OWNER@:rwax,A:fdg:GROUP@:rwaxIf <permlist> has a prefix (for example: +A:fd:OWNER@:rwa,A:g:GROUP@:rwxa), themeaning is as follows:

◦ + Add <permlist> to the existing permlist. The ACEs in <permlist>must not alreadybe in the existing list.

◦ - Remove <permlist> from the existing list. The ACEs in <permlist> must be inthe existing list.

If specified, the prefix will be applied to the entire <permlist>. If <permlist> has noprefix, the information will be used to create a new permlist.The values for <permlist> fields type:flag:principal:permissions will be asfollows:The type field can take only one of the following values:

◦ A — allow

◦ D — deny

◦ U — audit

◦ L — alarmThe flags field is optional and can take one or more of the following values:

◦ f — file-inherit

◦ d — directory-inherit

◦ p — no-propagate-inherit

◦ i — inherit-only

◦ S — successful-access

◦ F — failed-access

◦ g — group (denotes that <principal> is a group)The principal field can be any named user or group or one of the following values:

◦ OWNER@

◦ GROUP@

◦ EVERYONE@

The permissions field can take one or more of the following values:

◦ r — read-data | list-directory

◦ w — write-data | create-file

◦ a — append-data | create-subdirectory

◦ x — execute

◦ d — delete


◦ D — delete-child (directories only)

◦ t — read-attrs

◦ T — write-attrs

◦ n — read-named-attrs

◦ N — write-named-attrs

◦ c — read-ACL

◦ C — write-ACL

◦ o — write-owner

◦ y — synchronize

• -mode <modebits> specifies the modebits permissions that are allowed on a sharedirectory. This option cannot be used when -acl is used. Setting mode bits may breakcross-protocol functionality if used improperly, and may cause loss of ACL information. Awarning prompt is displayed to the users asking if they wish to proceed.

• -owner <name> specifies the name of the owner to whom the share directory belongs.The format of <name> is the same as with the allowperm option above.

• -group <name> specifies the name of the group to which the share directory belongs. Theformat of <name> is the same as with the allowperm option above.

• -f specifies that the command is forced. When setting ACL permissions or modebits of ashare directory, if this option is not used, the command requires confirmation beforeproceeding with its operation.

• -fpg <fpgname> specifies the FPG to which <vfs> belongs. If this option is not specified,the command will find out the FPG based on the specified <vfs>. However, if <vfs> existsunder multiple FPGs, -fpg must be specified.

• -fstore <fstore> specifies the File Store that the share to be modified belongs. If thisis not specified, the <sharename> will be used as the File Store name to identify the share.

• -comment <comment> specifies any comments or additional information for the share.The comment can be up to 256 characters long. Unprintable characters are not allowed.

File Share Options for SMBThe following options are specific to the setfshare smb [options <arg>] <vfs><sharename> subcommand:-abe {true|false} Access Based Enumeration. Specifies if users can see only the files anddirectories to which they have been allowed access on the shares.


-allowip [+|-]<iplist> specifies client IP addresses that are allowed access to the share.Use commas to separate the IP addresses. If <iplist> has a prefix (for example:+1.1.1.0,2.2.2.0), the meaning is as follows:

• + Add <iplist> to the existing allowed list. The IP addresses in <iplist>must not alreadybe in the existing allowed list.

• - Remove <iplist> from the existing allowed list. The IP addresses in <iplist> mustbe in the existing allowed list.

• If specified, the prefix will be applied to the entire <iplist>. If <iplist> has no prefix,<iplist> will be used to create the new allowed list.-denyip [+|-]<iplist>

Specifies client IP addresses that are denied access to the share. Use commas to separatethe IP addresses. If <iplist> has a prefix (for example: +1.1.1.0,2.2.2.0), the meaningis as follows:

◦ + Add <iplist> to the existing denied list. The IP addresses in <iplist> must notalready be in the existing denied list.

◦ — Remove <iplist> from the existing denied list. The IP addresses in <iplist>must be in the existing denied list.

If specified, the prefix will be applied to the entire <iplist>. If <iplist> has no prefix,<iplist> will be used to create the new denied list.-allowperm [+|-|=]<permlist> specifies the permissions that users or groups areallowed to access the share. <permlist> must be specified in the format of:"<user1>:<perm1>,<user2>:<perm2>,...". The <user> can be a user or group namespecified using the same format as described in createfshare. <perm> must be"fullcontrol", "read", or "change".If <permlist> has a prefix (for example: +Everyone:read), the meaning is as follows:

◦ + Add <permlist> to the existing allowed list. Users/groups in <permlist> must notalready be in the existing allowed list.

◦ - Remove <permlist> from the existing allowed list. Users/groups in <permlist>must be in the existing allowed list.

◦ = Modify the existing allowed list with <permlist>. Users/groups in <permlist>mustalready be in the existing allowed list.

If specified, the prefix will be applied to the entire <permlist>. If <permlist> has noprefix, <permlist> will be used to create the new allowed list.-denyperm [+|-|=]<permlist> specifies the permissions that users/groups are deniedto access the share. <permlist> must be specified in the format of:"<user1>:<perm1>,<user2>:<perm2>,...". The <user> can be a user or group namespecified using the same format as described in createfshare. <perm> must be"fullcontrol", "read", or "change".If <permlist> has a prefix (for example, +Everyone:read), the meaning is as follows:

◦ + Add <permlist> to the existing denied list. Users/groups in <permlist> must notalready be in the existing denied list.

◦ - Remove <permlist> from the existing denied list. Users/groups in <permlist>must be in the existing denied list.

◦ = Modify the existing denied list with <permlist>. Users/groups set in <permlist>must already be in the existing denied list.


If specified, the prefix will be applied to the entire <permlist>. If <permlist> has noprefix, <permlist> will be used to create the new denied list.-cache {off|manual|optimized|auto} specifies client-side caching for offline files.Valid values are:

◦ off — The client must not cache any files from this share. The share is configured todisallow caching.

◦ manual — The client must allow only manual caching for the files open from this share.

◦ optimized — The client may cache every file that it opens from this share. Also, theclient may satisfy the file requests from its local cache. The share is configured to allowautomatic caching of programs and documents.

◦ auto — The client may cache every file that it opens from this share. The share isconfigured to allow automatic caching of documents.

-ca {true|false} specifies if SMB3 continuous availability features should be enabledfor this share.

File Share Options for NFSThe following options are specific to the setfshare nfs [options <arg>] <vfs><sharename> subcommand:-options <options> specifies the new options to use for the share. This completely overwritesthe options you set previously. Standard NFS export options except "no_subtree_check" aresupported. Do not enter option "fsid", which is provided. If not specified, the following optionswill be automatically set: sync, auth_nlm, wdelay, sec=sys, no_all_squash,crossmnt, secure, subtree_check, hide, root_squash, ro.See linux exports(5) man page for detailed information on valid options.-clientip [+|-]<iplist> specifies the clients that can access the share. The NFS clientcan be specified by the name (for example, sys1.hpe.com), the name with a wildcard (forexample, *.example.com), or by its IP address. Use a comma to separate the IP addresses.If <iplist> has a prefix (for example, +1.1.1.0,2.2.2.0), the meaning is as follows:

• + Add <iplist> to the existing list. IP addresses in <iplist> must not already be in theexisting list.

• -Remove <iplist> from the existing list. IP addresses in <iplist>must be in the existinglist.

• If specified, the prefix will be applied to the entire <iplist>. If <iplist> has no prefix,<iplist> will be used as the new list.

File Share Options for ObjectThe following options are specific to the setfshare obj [options <arg>] <vfs><sharename> subcommand:-ssl {true|false} specifies whether to enable or disable SSL.<vfs> specifies the VFS that the share to be modified belongs.<sharename> specifies the name of the share to be modified.

Use the following section when Configuring settings for File Shares with the SSMCUsing the SSMC, you can specify the properties and settings of File Shares on a storage system.For example, you can specify File Share names, share type (SMB, NFS, or Object), share path(parent File Store and VFS), and additional settings such as client filters and access permissions.To configure access settings for a File Share, follow these steps:


Modifying Configuration Settings for File Shares with the SSMC1. On the main menu in the SSMC, select File Persona > File Shares.2. Do one of the following:

• Click + Create File Share or select Create on the Actions menu.

• In the list pane, select the File Share, and then select Edit or Delete on the Actionsmenu.

3. Follow the instructions on the dialog that opens.To modify an SMB File Share using the SSMC, follow these steps:1. On the main menu in the SSMC, select File Persona > File Shares.2. Select Edit File Share (SMB).

You can edit Comments on the General panel and make changes on the AdditionalSettings panel.To specify other settings, select the Advanced options check box.

To see more choices, click the expand icons ( ) on the Additional Settings panel.Additional Settings

Client List displays a list of available clients. To add a client, click Add Clientand follow the instructions on the dialog that opens. To edit a client, select theclient in the list and click its edit icon ( ). Follow the instructions on the dialogthat opens.Permissions displays a list of SMB clients that are available. To add a client,click Add and follow the instructions on the dialog that opens. To edit a client,select the client in the list and click its edit icon ( ). Follow the instructions on thedialog that opens.Settings provides more settings for access control.

3. When you have completed your choices, click OK to start the action and close the dialog.To modify an NFS File Share using the SSMC, follow these steps:1. On the main menu in the SSMC, select File Persona > File Shares.2. Select Edit File Share (NFS).

You can edit Comments on the General panel and make changes on the AdditionalSettings panel.To specify other settings, select the Advanced options check box.

To see more choices, click the expand icons ( ) on the Additional Settings panel.Additional Settings

Client List displays a list of available clients. To add a client, click Add Clientand follow the instructions on the dialog that opens. To change a client, select theclient in the list and click its edit icon ( ). Follow the instructions on the dialogthat opens.Permissions displays File Share permissions and privileges.Settings provides more settings for access control.

3. When you have completed your choices, click OK to start the action and close the dialog.To modify an Object File Share using the SSMC, follow these steps:1. On the main menu in the SSMC, select File Persona > File Shares.


2. Select Edit File Share (Object).You can edit Comments on the General panel and make changes on the AdditionalSettings panel.

3. When you have completed your choices, click OK to start the action and close the dialog.

Displaying Information and Configuration Settings of File SharesTo display File Share settings using the CLI, issue the showfshare -d command. Other syntaxcan be showfshare {smb|nfs|obj} [options <arg>] [<sharename>|<pattern>]orshowfshare {smb|nfs|obj} -dirperm [-fpg <fpgname>] -vfs <vfs> -fstore<fstorename> <sharename>, where:smb displays File Shares information for SMB.nfs displays File Shares information for NFS.obj displays File Shares information for Object.If none of the above subcommands are specified, this command displays File Shares for allprotocols.-d option shows share attributes that are not displayed by other options. Shows details of allshares or a single share-dirperm displays ACL permissions, UNIX permissions, and owner group permissions of ashare directory. If this option is used, -fstore and <sharename> must also be specified.-fpg <fpg_name> specifies the FPG name. This limits the share output to those sharesassociated with the specified FPG.-vfs <vfs> specifies the VFS name. This limits the share output to those shares associatedwith the specified VFS. If this option is specified, but -fpg is not specified, the command willfind out the FPG based on <vfs>. However, if <vfs> exists under multiple FPGs, -fpg mustbe specified.-fstore <fstorename> specifies the File Store name. This limits the share output to onlythose shares associated with the specified File Store. If this is specified, option -vfs must bespecified.-pat option specifies the File Share names using the glob-style pattern. Shares which have thename matching any of the specified glob-style patterns will be displayed. The -pat option canspecify a list of patterns.<pattern|sharename> displays only shares with names matching the specified <sharename>or one of the glob-style patterns.To display information about File Share configuration using the SSMC, follow these steps:1. On the main menu in the SSMC, select File Persona.2. Select File Persona Configuration.

The File Persona Configuration screen displays a list of storage systems that have FilePersona capabilities, detail views, and an Actions menu.

Removing File Shares

NOTE: Removing a File Share only removes access to files and folders. It does not physicallyremove any files or folders.

To remove a File Share using the CLI, issue the following command:removefshare {smb|nfs|obj} [options <arg>] <vfs> <sharename>

where,


smb removes an SMB File Share.nfs removes an NFS File Share.obj removes an object File Share.-f option specifies that the command is forced. If this option is not used, the command requiresconfirmation before proceeding with its operation.-fpg <fpg_name> option specifies the FPG that <vfs> belongs. If this is not specified, thecommand will find out the FPG based on the specified <vfs>. However, if <vfs> exists undermultiple FPGs, -fpg must be specified.-fstore <fstore> option specifies the File Store that the File Share to be removed belongs.If this is not specified, the <sharename> will be used as <fstore>.<vfs> specifies the VFS name.<sharename> specifies the name of the share to be removed.To remove a File Share using the SSMC, follow these steps:1. On the main menu in the SSMC, select File Persona > File Shares.2. Select the File Share you want to delete, and then select the Actions menu.3. Select Delete.


5 File Persona Local Users and GroupsDisplaying Information and Settings for File Persona Local Users andGroups

To display information for a given File Persona local user from the HPE 3PAR CLI, issue thefollowing command:showfsuser [<username>]

where,

• <username> specifies the name of the user for which information is to be displayed.To display information for a File Persona group from the command line, issue the showfsgroup[<groupname>] command, where:

• <groupname> specifies the name of the group for which the information is displayed. If no<groupname> is specified, all File Persona groups will be displayed.

For more information about the showfsuser and showfsgroup commands, see theHPE 3PARCommand Line Interface Reference.To display local File Persona users using the SSMC:1. On the main menu in the SSMC, select File Persona > Persona Configuration.2. In the list pane, select the system, and then select Configure local users on the Actions

menu.3. In the Local users section, available local users are displayed.To display File Persona groups using the SSMC:1. On the main menu in the SSMC, select File Persona > Persona Configuration.2. In the list pane, select the relevant system, and then select Configure local groups on the

Actions menu.3. In the Local groups section, available local groups are displayed.4. Click the edit icon ( ) next to a given group to display the name, GID, and the member list

for the group.

Creating File Persona Local UsersTo create a File Persona local user from the command line, choose your options and issue thefollowing command:createfsuser [-passwd <password>] [-primarygroup <groupname>] [-enable{true | false}] [-uid <userid>] [-grplist <grouplist>] <username>

where,

• <password> specifies the password to allow the user to access File Shares in a File Store.If a password is not supplied when the command is executed, you will be prompted to enterone.

• <groupname> specifies the name of the local group to which the user will belong.

• -enable {true | false} specifies whether access is enabled or disabled after the useris created. If you specify a value of false, the user is disabled after being created and willnot be able to access File Shares. If not specified, the default is enabled (true).

• <userid> specifies the user ID. If not specified, -uid will be given a default value. The-uid option can accept any value between 1000 and 65533.

Displaying Information and Settings for File Persona Local Users and Groups 55

• <grouplist> specifies a list of local groups of which the user will be a member. Usecommas to separate the group names.

• <username> specifies the name of the user to be created. A user name may be up to 20characters in length. Valid characters are alphanumeric characters, periods, dashes (exceptas the first character), and underscores. (The ^ special character cannot be used for SMBFile Share user names. The ! special character can be used in SMB File Share user namesbut the resulting name must be enclosed in single quotes, for example 'abc!123'.)

NOTE: Using BUILTIN groups as the primary group for local users is not supported.

Verify changes with the showfsuser command. For more information about the createfsuserand showfsuser commands, see the HPE 3PAR Command Line Interface Reference.To add a File Persona user using the SSMC:1. On the main menu in the SSMC, select File Persona > Persona Configuration.2. In the list pane, select the relevant storage system, and then select Configure local users

on the Actions menu.3. Below the list of any current local users, click Add.4. In the Add Local User dialog box, specify a user name, a password, a group to which the

new user will belong, and whether the user will be enabled or disabled.5. Click Add and then click Configure.

Modifying Settings for File Persona Local UsersTo modify the settings of a File Persona local user, such as the password for a user or the user'sgroup membership, choose your options and issue the following command:setfsuser [-passwd <password>] [-passprompt] [-primarygroup <groupname>][-enable {true | false}] [-grplist [+|-] <grouplist>] <username>

where,

• <password> specifies the password to allow the user to access File Shares in a File Store.

• -passprompt prompts for a new password.

• <groupname> specifies the name of the group to which the user belongs.

• -enable {true | false} specifies whether access is enabled or disabled for the user.If you specify a value of false, the user is disabled and will not be able to access FileShares. If not specified, the default is enabled (true).

• -grplist [+|-] <grouplist> specifies a list of groups of which the user is a member.Use commas to separate group names.

◦ If specified, the prefix is applied to the entire <grouplist>. If the value for<grouplist> is specified without a prefix, <grouplist> will be used as the new listof allowed group names.

◦ If <grouplist> has a + prefix, for example +group_1, the <grouplist> is addedto the existing list of allowed group names. The group names specified in <grouplist>must not be in the existing list of allowed group names.

◦ If <grouplist> has a - prefix, the <grouplist> is removed from the existing list ofallowed group names. The group names specified in <grouplist> must already bein the existing list of allowed group names.

• <username> specifies the name of the user to be modified.Verify changes with the showfsuser command. For more information about the setfsusercommand, see the HPE 3PAR Command Line Interface Reference.

56 File Persona Local Users and Groups

To modify settings for a File Persona user using the SSMC:1. On the main menu in the SSMC, select File Persona > Persona Configuration.2. In the list pane, select the relevant storage system, and then select Configure local users

on the Actions menu.3. In the list of current local users, click the edit icon ( ) next to a given user.4. In the dialog box that appears, specify a different password for the user or a different primary

group or disable or enable the user and click OK.5. Click Configure.

Removing File Persona Local UsersNOTE: Removing a user who is still referenced in file/folder permissions, share permissions,or quotas may create additional complexity in managing those objects. Disabling users with thesetfsuser command is often preferred to avoid these concerns.

To remove a File Persona local user from the command line, issue the following command:removefsuser <username | uid>

where,

• <username | uid> specifies either the name or the UID of the user to be removed.Verify changes with the showfsuser command. For more information about the removefsusercommand, see the HPE 3PAR Command Line Interface Reference.To remove a File Persona local user or users using the SSMC:1. On the main menu in the SSMC, select File Persona > Persona Configuration.2. In the list pane, select the relevant storage system, and then select Configure local users

on the Actions menu.3. Click the delete icon ( ) next to a given user in the list of local users or, below the list of

current users, click Remove, select the users to be removed in the dialog box and clickRemove.

4. Click Configure.

Creating File Persona Local GroupsTo create a File Persona local group from the command line, issue the following command:createfsgroup [-gid <number>] [-memberlist <list>] <groupname>

where,

• <number> specifies the ID number to be used for the group. This value can be any numberbetween 1000 and 65533.

• <list> specifies the names of the users in the group, as a comma-separated list.

• <groupname> specifies the name of the group to be created. The group name may be upto 20 characters in length. Valid characters are alphanumeric characters, periods, dashes(except for the first character), and underscores. The ^ special character cannot be used inSMB File Share group names. The ! special character can be used in File Share groupnames but must be used in single quotes, for example 'abc!123'.

Verify changes with the showfsgroup command. For more information about thecreatefsgroup and showfsgroup commands, see the HPE 3PAR Command Line InterfaceReference.To create a File Persona group using the SSMC:1. On the main menu in the SSMC, select File Persona > Persona Configuration.

Removing File Persona Local Users 57

2. In the list pane, select the relevant storage system, and then selectConfigure local groupson the Actions menu.

3. Below the list of any current local groups on the system, click Add.4. Specify a group name.5. Optionally, select the Advanced options checkbox to display a field for specifying a GID

for the new group.6. Specify members to be included in the new group, if necessary.7. Click Add and then click Configure.

Modifying Membership of File Persona GroupsTo modify the list of members of a File Persona group, issue the following command:setfsgroup [-memberlist [+|-] <list>] <groupname>

where,

• -memberlist [+|-] <list> specifies the members of the group. Use commas toseparate user names in the <list> specification.

◦ If specified, the prefix is applied to the entire member list. If the member list has noprefix, the <list> specification will be used as the new list of allowed user names.

◦ If the member list has a + prefix, for example +username_1, the user name is addedto the existing list of allowed user names. The user names specified in the member listmust not be in the existing list of allowed user names.

◦ If the member list has a - prefix, the user names are removed from the existing list ofallowed user names. The user names specified in the member list must already be inthe existing list of allowed user names.

• <groupname> specifies the name of the group to be modified.Verify changes with the showfsgroup command. For more information about the setfsgroupcommand, see the HPE 3PAR Command Line Interface Reference.To add members to a File Persona group using the SSMC:1. On the main menu in the SSMC, select File Persona > Persona Configuration.2. In the list pane, select the relevant storage system, and then selectConfigure local groups

on the Actions menu.3. In the list of current local groups, click the edit icon ( ) next to a given group.4. In the dialog box that appears, expand the Members section.5. Click Add.6. Specify the name of local user, an LDAP user, an LDAP group, an Active Directory user, or

an Active Directory group in the Name field.7. Click Add to add the member to the group. (Or click Add + to add the member to the group

and to clear the Name field for the specification of another member.)8. Click OK and then click Configure.To remove members from a File Persona group using the SSMC:1. On the main menu in the SSMC, select File Persona > Persona Configuration.2. In the list pane, select the relevant storage system, and then selectConfigure local groups

on the Actions menu.3. In the list of current local groups, click the edit icon ( ) next to a given group.4. In the dialog box that appears, expand the Members section.5. Below the list of current members of the group, click Remove.

58 File Persona Local Users and Groups

6. Select the names of users to remove from the group and click Remove. Note that only theusers that can be removed from the group will be listed.

7. Click OK and then click Configure.

NOTE: Local users for whom the specified group serves as the primary group cannot beremoved from the specified group.

Removing File Persona GroupsNOTE: Removing a group that is still referenced in file/folder permissions, share permissions,or quotas may create additional complexity in managing those objects. Removing all users froma group with the setfsgroup command is often preferred to avoid these concerns.

To remove a File Persona group using the command line, issue the following command:removefsgroup <groupname>

where,

• <groupname> specifies the name of the group to be removed.Verify changes with the showfsgroup command. For more information about theremovefsgroup command, see the HPE 3PAR Command Line Interface Reference.To remove File Persona groups using the SSMC:1. On the main menu in the SSMC, select File Persona > Persona Configuration.2. In the list pane, select the relevant storage system, and then selectConfigure local groups

on the Actions menu.3. In the list of current local groups, click the delete icon ( ) next to a given group in the list of

local groups or, below the list of current groups, click Remove, select the groups to beremoved in the dialog box and click Remove.

4. Click Configure.

Removing File Persona Groups 59

6 Using Storage QuotasUse the setfsquota command to set the usage quotas for users, groups, or File Stores. Userand group quotas are set at the VFS level, File Store quotas are set at the File Store level. Themaximum number of quotas that can be set for a VFS is 2,000. Use the showfsquota commandto display the usage quotas for users, groups, or File Stores.Hard quotas are enforced immediately and halt any additional writes. Soft quotas have a graceperiod, which is a time that they are allowed to be exceeded before they are enforced. The graceperiod associated with soft quotas can be specified with the igrace and bgrace parametersin the VFS, as described in “Creating Virtual File Servers” (page 28).

Setting Storage Usage Quotas for Users, Groups, and File Stores

WARNING! Setting hard storage usage limit for a roaming profile user, and then exceedingthe quota might lead to a loss of data synchronization between the Windows client and the SMBshare.

To set the usage quotas for users, groups, or File Stores using the CLI, choose your options andissue the following command:setfsquota [-fpg <fpg_name>] [-username <username>] [-groupname<groupname>] [-fstore <fstore>] [-scapacity <soft_capacity_limit>][-hcapacity <hard_capacity_limit>] [-sfile <soft_file_limit>] [-hfile<hard_file_limit>] [-clear] [-uid <uid>] [-gid <gid>] <vfs>

where,


• <username> specifies the name of the user for which you are setting the quota.

• <groupname> specifies the name of the group for which you are setting the quota.

• <fstore> specifies the name of the File Store for which you are setting the quotas.

• <soft_capacity_limit> specifies an integer value in MB for the soft capacity storagequota. The maximum value is 32,000,000. A value of 0 specifies there is no quota.

• <hard_capacity_limit> specifies an integer value in MB for the hard capacity storagequota. The maximum value is 32,000,000. A value of 0 specifies there is no quota.

• <soft_file_limit> specifies the soft limit for the number of stored files. The maximumvalue is 100,000,000. A value of 0 specifies there is no limit.

• <hard_file_limit> specifies the hard limit for the number of stored files. The maximumvalue is 100,000,000. A value of 0 specifies there is no limit.

• -clear clears the quotas for the specified objects.

-uid <uid> option specifies the user id of the quotas to be deleted. This is supportedonly with -clear.

◦

◦ -gid <gid> option specifies the group id of the quotas to be deleted. This is supportedonly with -clear.

NOTE: Options -uid, -gid, -username and groupname are mutually exclusive.

• <vfs> specifies the name of the VFS associated with the objects for which you are settingthe quotas.

60 Using Storage Quotas

Displaying Quota SettingsTo display usage quotas for Users, Groups, or File Stores, issue the following CLI command:showfsquota [-username <username>] [-groupname <gname>] [-fstore<fstore>] [-vfs <vfs>] [-fpg <fpg_name>]

where,

• <username> specifies the name of the user for which you are displaying quota information.

• <gname> specifies the name of the group for which you are displaying quota information.

• <fstore> specifies the name of the File Store for which you are displaying quotasinformation.

• <vfs> specifies the name of the VFS associated with the objects for which you are displayingquota information.


Archiving and Restoring Quota SettingsQuota settings can be archived to make bulk edits to the settings and then imported again. Thismay be a more efficient alternative than using the setfsquota command for modifying a largenumber of quotas at once.

Archiving Usage QuotasTo archive the quotas for a VFS, issue the following command:setfsquota [-fpg <fpg_name>] -archive [-vfs <vfs>]

where,


• -archive stores the quota information associated with the VFS in a file in the .admin FileStore.

• <vfs> specifies the name of the VFS associated with the quotas you are archiving.The exported archive file is located in the following directory:/examplefpg/examplevfs/.admin/Quotas

If you wish to import quota settings from an FPG and a VFS and apply them to another FPG andVFS, the export file must use the following format:V,{major version},{minor version}K,{type},{block_hardlimit},{block_softlimit},{inode_hardlimit},{inode_softlimit}, {block_grace_time},{inode_grace_time},{FPG_id},{generation_id},{id},{over_limits},{VFS_id}F,{FPG_id},{FPG_name},{block_grace_time},{inode_grace_time},{VFS_id}

Displaying Quota Settings 61

Example 2 Importing Quota Settings

Example of K format file output:V,1,0K,0,2048,1024,12,10,0,0,bd436b92-e919-41b8-95ec-b0211258202a,1,4001,0,3K,1,2048,1024,12,10,0,0,bd436b92-e919-41b8-95ec-b0211258202a,1,5001,0,3K,2,2048,1024,12,10,0,0,bd436b92-e919-41b8-95ec-b0211258202a,1,5,0,3F,bd436b92-e919-41b8-95ec-b0211258202a,examplefpg,700,300,3

The V format specifies the version number.The K format appears for each User, Group, or File Store that are assigned a quota.The F format is created only when the default grace period is changed to some other value.

File FormatsWhen the quota entities are set for the first time, the import format A and B should be used. TheK format should be used when the quota entities need to be displayed in greater detail, not whenimporting quotas. The K format should be used to import a modified quota only when the{FPG_id},{generation_id},{id},{VFS_id} information is specified correctly. K formatfiles can be converted to an A or B format file.When you import quota settings from a file, the import file must use one of the following formats:

• A format specifies settings based on a User, Group, or File Store ID value:A,{type},{block_hardlimit},{block_softlimit},{inode_hardlimit},{inode_softlimit},{id}

• B format specifies settings based on a User, Group, or File Store name value:B,{type},{block_hardlimit},{block_softlimit},{inode_hardlimit},{inode_softlimit},{name}

NOTE: All three formats; A, B and K, have three values for the type field: 0, 1, and 2. Thevalues 0, 1, and 2 indicate User, Group, and File Store respectively.

Example 3 A Format

A,0,2048,1024,12,10,10604A,1,2048,1024,12,10,10802A,2,2048,1024,12,10,3

Example 4 B Format

B,0,2048,1024,12,10,"u1"B,1,2048,1024,12,10,"g1"B,2,2048,1024,12,10,"s1"

The following two procedures describe the steps required to convert a K format file to an A or aB format file respectively.Converting a K format file to an A format file1. Replace the letter K with the letter A.2. Remove all the values after inode_softlimit from the K format line except the quota

entity id {user/group/file_store id}.Refer to the following examples and apply the changes as suggested:


Example 5 Use Case 1K,2,10485760000,9437184000,100000000,80000000,0,0,7eac25c4-4b1d-4d79-8b13-9fce65fe5026,1,3,0,2

to:A,2,10485760000,9437184000,100000000,80000000,3

Example 6 User Case 2K,0,104857600,94371840,1000000,800000,0,0,7eac25c4-4b1d-4d79-8b13-9fce65fe5026,1,204605,0,2

to:A,0,104857600,94371840,1000000,800000,204605

Example 7 Use Case 3K,1,1048576000,943718400,10000000,8000000,0,0,7eac25c4-4b1d-4d79-8b13-9fce65fe5026,4,100001,0,2

to:A,1,1048576000,943718400,10000000,8000000,100001

Converting a K format file to a B format file1. Replace the letter K with the letter B.2. Remove all the values after inode_softlimit from the K format line and write the quota

entity name {user/group/file_store name}. Replace the entity id with entity name{user/group/file_store name}.Refer to the following examples and apply the changes as suggested:

Example 8 File StoreK,2,10485760000,9437184000,100000000,80000000,0,0,7eac25c4-4b1d-4d79-8b13-9fce65fe5026,1,3,0,2

to:B,2,10485760000,9437184000,100000000,80000000,"<fstore_id_name>"

Example 9 User IDK,0,104857600,94371840,1000000,800000,0,0,7eac25c4-4b1d-4d79-8b13-9fce65fe5026,1,204605,0,2

to:B,0,104857600,94371840,1000000,800000,"<user_id_name>"

Example 10 Group IDK,1,1048576000,943718400,10000000,8000000,0,0,7eac25c4-4b1d-4d79-8b13-9fce65fe5026,4,100001,0,2

to:B,1,1048576000,943718400,10000000,8000000,"<group_id_name>"

Restoring and Importing Usage QuotasYou can manage User and Group quotas for the File Persona on a storage system.To restore the quotas for a VFS using the CLI, issue the following command:setfsquota -restore <file> <fpg_name> <vfs_name> .

Archiving and Restoring Quota Settings 63

where,

• <file> stores the quota information from the FPG and VFS.


• <vfs> specifies the name of the VFS associated from which you are restoring the quotas.This restores the quota settings located in /<fpg_name>/<vfs_name>/.admin/Quotas

To import the quotas from one VFS and apply them to another VFS issue the following command:setfsquota -restore <import_file> <fpg_name> <vfs_name>

where,

• <import_file> applies the quota information stored in the specified archive file to theFPG and VFS.


• <vfs> specifies the name of the VFS associated to which you are applying the quotas.Follow the instructions below for navigating through SSMC:1. On the main menu in the SSMC, select File Persona > Virtual File Servers.2. In the list pane, select the Virtual File Server, and then select Manage user/group quotas

on the Actions menu.3. Click the Import button to import the usage quotas or the Export button to export usage

quotas.Follow the instructions on the dialog that opens.


7 Antivirus ServicesHPE 3PAR File Persona provides easy and centralized management of user data for homedirectory consolidation and group or corporate shares on HPE 3PAR StoreServ storage system.Most storage vendors implement an external dedicated server for running a Virus Scan Engine(VSE) to scan the files stored on the system, and to offload the virus scanning task to an externalserver. File Persona also integrates with external antivirus servers running a Virus Scan Engine(VSE) to provide the on-access or on-demand scanning of the files stored in the HPE 3PARStoreServ array.HPE 3PAR StoreServ storage system can be managed via a truly converged streamlinedmanagement interface called HPE 3PAR StoreServ Management Console (SSMC) to manageblock and file together, as well as a powerful scriptable HPE 3PAR OS CLI.The CLI command setfsav is used to manage Antivirus functions for HPE StoreServ FilePersonas. The HPE StoreServ Storage system supports external Virus Scan Engines (VSEs)running McAfee, TrendMicro, and Symantec antivirus software.

Antivirus Scan IntegrationAntivirus software cannot be installed natively on enterprise-class storage running anon-Microsoft® operating system. Any files accessed by the users that require virus scanningare sent over the network to external servers running Microsoft Windows® and a third-partyvendor’s antivirus software designed to offer virus scanning services to storage systems. Theseservers are referred to as Virus Scan Engines, or simply VSEs.Antivirus scanning on File Persona can use the VSEs to scan files dynamically as they are openedor closed. This scan is called an on-access scan. It can also provide scheduled or on-demandscans for a given file store or virtual file server (VFS). In general, both of these optional approachescan and should be used.File Persona running on the HPE 3PAR StoreServ system determines which files need to bescanned through scheduled tasks or user actions such as on file open and file close from SMBclients as well as on file read from NFS and Object Access application programming interface(API) clients. It will also record the results of the scan and quarantine any infected files forsubsequent review and action by the administrator. Any file changes and file scans are trackedby the antivirus function of File Persona. After a file has been scanned, it is not scanned againuntil it is modified or until the virus definitions have been updated. If no VSEs are available toperform the scan, HPE 3PAR StoreServ can allow or deny access to the files based on the policyconfigured for VSE availability.

Antivirus ScanningThe following figure describes the antivirus scanning process:

Figure 2 Antivirus Scanning

The following are the steps to describe the scanning process:1. The client requests an open (read) or close (write) of an SMB file or read for an NFS or

HTTP file.2. The storage system determines if the file needs to be scanned based on the policies that

have been set and notifies the AV Scan Server.

Antivirus Scan Integration 65

3. The VSE scans the file and reports the scan results back to the StoreServ system.4. If no virus is found, then access will be allowed to the file. If a virus found, then there will be

an “Access Denied” to an SMB client, a “Permission Denied” to an NFS client, or “transferclosed” to an HTTP client. Then the file is quarantined and the scan messages are loggedin /var/log/ade.

Installation and ConfigurationThe minimum system requirements for installing and running the Virus Scan Engines (VSEs) areset by the third-party antivirus vendors. Consult the vendor-specific documentation for theirsystem requirements.Virtualized VSEs may be used. Consult the vendor-specific documentation for the systemrequirements when running virtualized scan engines. The recommendations in this documentapply to both physical and virtualized VSEs

Antivirus Software Vendor ConfigurationA single antivirus vendor type can be associated with each HP 3PAR StoreServ system (2-nodeor 4-node system). The vendor type can be managed using the SSMC or through the HP 3PARCLI by issuing the command setfsav pol -scan enable -vendor <VENDOR>. The vendor typeconfiguration is the first step to configure antivirus scanning with the HP 3PAR StoreServ system,followed by the configuration for the VSE.

Changing the Antivirus Vendor TypeTo change a vendor type on the HP 3PAR StoreServ system, the following steps need to befollowed in an order:1. Set the vendor type to NA using the command setfsav pol -scan enable -vendor

NA.2. Remove all the configured VSEs using the command setfsav pol vse.3. Add the first VSE for the new vendor type before setting the new vendor type. Use the

command setfsav vse +<IP address>:<port>.

4. Set the new vendor type using the command setfsav pol -scan enable -vendor<VENDOR>.

The HPE 3PAR CLI command setfsav can be used to add or delete a VSE. Below is the syntaxof the command:setfsav vse +/- <IP_address>:<port>

where,

• +/- adds (+) or removes (–) the specified VSE.

• vse specifies the virus scan engine.

• <port> specifies the IP address and port number of an external virus scan engine (VSE).The default port number for a VSE is 1344, since it uses ICAP protocol.

To add or edit an Antivirus server using the SSMC, follow these steps1. On the main SSMC menu, select File Persona > Persona Configuration.2. In the list pane, select the File Persona, and then select Configure File Persona on the

Actions menu.3. On the dialog that opens, select the Advanced options check box.4. On the Antivirus Settings panel, under Antivirus Servers, click Add or click its edit icon

( ), as appropriate.5. Follow the instructions on the dialog that opens.

66 Antivirus Services

Initiating an Antivirus ScanIt is not enough to use on-access scanning only. Infrequently accessed files are infrequentlyscanned, which increases the chances of becoming infected. To avoid this risk, a scan of thevirtual file server can be scheduled to run instantly or scheduled to recur over time. Use theSSMC or the HP 3PAR CLI to schedule this on-demand scanning.

NOTE: Antivirus scans are a background process that may take some time to run. Whenrunning an on-demand or scheduled virus scan of a large set of files, the expected processingrate is no greater than 2 million files per day, depending on load. If an unscanned file is read bya user before the scan has completed, it is automatically scanned on access before the data isreturned to the user.Antivirus scans can be scheduled using the createsched command. See the HPE 3PARCommand Line Interface Reference.

TIP: Schedule virus scan tasks periodically in addition to dynamic scans (on-access scans)to increase the antivirus protection. It’s recommended to schedule the scan tasks outside of peakusage times.

To initiate a scan on a Virtual File Server (VFS) or File Store, issue the following CLI command:startfsav scan [-fpg <fpgname>] [-fstore <fstore> [-path <path_name>]]<vfs>

where,

• scan starts or resumes a paused antivirus scan.

• -fpg <fpg_name> specifies the name of the File Provisioning Group in which the VFSwas created.

• -fstore <fstore_name> specifies the File Store name, using up to 31 characters.

• -path <path_name> specifies the path, on the containing File Store, on which the scanshould be initiated. (Currently not supported.)

• -resume <scan_id> when the specified scan_id corresponds to an ongoing scan in thepaused state, will cause the scan to resume.

• <vfs_name> specifies the Virtual File Server (VFS) name (using up to 31 characters) onwhich scan is to Start/Resume.

To stop antivirus services using the HPE 3PAR CLI, issue the stopfsav svc command. Theantivirus services are automatically stopped when the last VSE is removed.To initiate an antivirus scan using the SSMC, follow these steps:

Initiating an Antivirus Scan from a File Stores screen1. On the main menu in the SSMC, select File Persona > File Stores.2. Select Actions, and then select Create antivirus scan.3. Follow the instructions on the dialog that opens.

Initiating an Antivirus Scan from a Virtual Files Servers screen1. On the main menu in the SSMC, select File Persona > Virtual Files Servers.2. Select Actions, and then select Create antivirus scan.3. Follow the instructions on the dialog that opens.

Initiating an Antivirus Scan 67

Pausing and Stopping Antivirus ScansStopping or pausing an Antivirus Scan from the HPE 3PAR CLITo stop or pause a scan on a Virtual File Server (VFS) or File Store, issue the following CLIcommand:stopfsav scan [-pause] [-fpg fpgname] [-fstore fstore] <vfs> <scan_id>

where,

• -pause pauses, rather than stop, the specified scan.

• -fpg <fpgname> specifies the name of the File Provisioning Group in which the VFS wascreated.

• -fstore <fstore> specifies the File Store name, using up to 31 characters.

• <vfs_name> specifies the Virtual File Server (VFS) name, scan to be stopped/paused.

• <scan_id> specifies the scan task identifier, as provided by startfsav scan command,and displayed by the showfsav -scancommand.

• NOTE: The startfsav scan [-resume <scan_id>] [-fpg <fpgname>][-fstore <fstore>] <vfs> command resumes a paused scan.

NOTE: The startfsav scan [-resume <scan_id>] [-fpg <fpgname>] [-fstore<fstore>] <vfs> command resumes a paused scan.

Stopping an Antivirus Scan from the VFS screen with the SSMC1. On the main menu in the SSMC, select File Persona > Virtual File Servers.2. In the list pane, select the Virtual File Server, and then select Manage existing antivirus

scans on the Actions menu.3. To specify that a running task is to be stopped, click Stop. In the Task State column, the

state will change to stop.4. Click OK to start the action and close the dialog.

Stopping an Antivirus Scan from the File Store screen with the SSMCTip: Tasks for working with File Stores are considered advanced tasks. If the FileStores screen is not listed in the main menu, you can add it from the GlobalSettings screen.

1. On the main menu in the SSMC, select File Persona > File Stores.2. In the list pane, select the File Store, and then select Manage existing antivirus scans on

the Actions menu.3. To specify that a running task is to be stopped, click Stop. In the Task State column, the

state will change to stop.4. Click OK to start the action and close the dialog.

Displaying Status and Information for Antivirus Scans, Policies, andQuarantined Files

To display a list of existing virus scanning engines by IP addresses, including their port numbers,using the 3PAR OS CLI, issue the showfsav command (without any additional options).

CAUTION: Do not use the setfsav vse command without any options to display virus scanengines. Doing so will clear the list of virus scanning engines.


To display the status of antivirus services using the SSMC, follow these steps:1. On the main menu in the SSMC, select File Persona > File Persona Configuration.2. Select Antivirus Settings.

Configuring Antivirus PoliciesTo configure antivirus policies using the HPE 3PAR CLI, issue the setfsav pol command,with the following options:

• [-fileop {open|openclose|inherit}] [-unavail {allow|deny|inherit}]

• [-excludesize {<size>|inherit}] [-excludeext{<ext>[,<ext>...]|inherit}]

• [-inheritall] [-fstore <fstore_name>] [-fpg <fpg_name>] <vfs_name>

-fstore <fstore_name> specifies the File Store name, using up to 31 characters.-fpg <fpg_name> specifies the name of the FPG in which the VFS was created.-inheritall inherits all the settings from the VFS for the specified File Store, overriding anyprevious settings in File Store. Only valid when -fstore option is specified.-fileop {open|openclose|inherit} specifies the policy that determines which fileoperations trigger antivirus scans. The policies are:

• open scans on file open.

• openclose scans on file open and file close.

CAUTION: When selecting the AV scan policy -filop openclose can cause file openfailures for files reopened shortly after the files are closed.

• inherit inherits the fileop setting from VFS.If a policy is not specified, the default is "open" when applied to a VFS, and "inherit" whenapplied to a File Store.-unavail {allow|deny|inherit} specifies the scan policy to determine how targeted fileoperations are handled when an external virus scan engine is not available.The policies are:• “allow” allows all operations triggering scans to run to completion.

• “deny” blocks all operations triggering scans and returned with an error.

• “inherit” inherits the unavail setting from VFS.If a policy is not specified, the default is "allow" when applied to a VFS, and "inherit" whenapplied to a File Store.-excludesize {<size>|inherit} excludes all files larger than the specified size (MB). Thevalue of size is an integer from 0 to 2147483647.If this option is not specified or size is 0, all files will be included in antivirus scan. If "inherit"is specified, the "excludesize" setting will be inherited from VFS.

NOTE: When using Symantec VSEs, attempting to scan files larger than 2GB may cause thescan engine to be reported as DOWN. To avoid this issue, a policy can be set to exclude scanningfiles larger than 2GB with the excludesize option of the setfsav pol command.

-excludeext {<ext>[,<ext>,...]|inherit} excludes all files having the specifiedextension. If this option is not specified or ext is '', all files will be included in antivirus scan. If"inherit" is specified, the "excludeext" setting will be inherited from VFS.<vfs_name> specifies the VFS name, using up to 31 characters.

Configuring Antivirus Policies 69

To configure antivirus policies using the SSMC:1. On the main SSMC menu, select File Persona > Virtual File Servers screen> Antivirus.2. Select the Actions menu, and then select Modify antivirus policy.3. Follow the instructions on the dialog that opens.You also can configure File Store policies with the SSMC. See “Updating Virus Definitions”(page 72)

Managing Quarantine Settings and FilesWhen a virus is detected in a file by the VSE, the HPE 3PAR StoreServ modifies an extendedattribute of the infected file and marks it as quarantined. It will also prevent access to the file untilthe storage administrator moves, deletes or resets the file. The file quarantine can be managedusing the HP 3PAR CLI or with the SSMC.Several actions can be taken with the quarantined files such as clean, move, or delete. Allquarantine operations are performed at either the VFS or the file store level. The quarantinedfiles only can be moved to a default location with a timestamp in the .admin folder of the virtualfile server or the files can be deleted altogether. Additionally, the quarantine flag can be resetfrom all of the quarantined files on the virtual file server. Other actions can be taken as well, suchas to clear the quarantined file count and to export a list of quarantined files.The HPE 3PAR CLI command setfsav quar exportlist can only export 3,000 quarantinedfiles at a time. The list of 3,000 quarantined files is located at /<fpg>/<vfs>/.admin/AV/Quarantine/quar_ifs1_AV.txt. You must reset, move, or delete the set of 3,000 filesfrom any previous exports before exporting another set of 3,000 files.

Deleting Quarantined FilesTo delete quarantined files on the StoreServ, issue the following CLI command:setfsav quar delete [-fpg <fpg_name>] [-fstore <fstore>] <vfs>

where,

• quar specifies the management of quarantined files.

• delete specifies the quarantined files under specified in the specified VFS and File Storeare deleted.


• <fstore> specifies the name of the File Store.

• <vfs> specifies the name of the Virtual File Server.

• Verify changes with the showfsav command. For more information about the setfsavand showfsav commands, see the HPE 3PAR Command Line Interface Reference.

To delete quarantined files using the SSMC, follow these steps:1. On the main SSMC menu, select File Persona > File Stores screen > Manage Antivirus

Quarantine.2. Select the Actions menu, and then select Delete Quarantined Files.3. The Delete Quarantined Files dialog opens.4. If you are not sure that these quarantined files should be deleted, click Cancel; otherwise,

click Delete to start the action and close the dialog.

Exporting, Resetting, and Clearing the List of Quarantined FilesTo export, reset, or clear quarantined files using the HPE 3PAR CLI, choose your options andissue the following command:


setfsav quar {exportlist|reset|delete|clearcount} [-fpg <fpg_name>][-fstore <fstore>] <vfs>

where,

• quar specifies the management of quarantined files.

• {exportlist|move|reset|delete|clearcount} specifies:

The exportlist specifies the list of quarantined files is exported to the default locationin the VFS to which the specified File Store belongs,/fpgname/vfsname/.admin/AV/Quarantine.

◦

◦ The move specifies the quarantined files are moved to the default location in the VFSto which the specified File Store belongs,/fpgname/vfsname/.admin/AV/Quarantine. You can identify the files with thetimestamp.

◦ The reset option specifies the quarantined files in the specified VFS and File Storeare reset. It removes an extended attribute from each of the infected files. The attributeis set on scan when the VSE indicates that a file is infected. It does not move the file.

◦ The delete option specifies the quarantined files under specified in the specified VFSand File Store are deleted.

◦ The clearcount option deletes the AV statistics for the specified VFS.


• <fstore> specifies the name of the File Store.

• <vfs> specifies the name of the Virtual File Server.Verify changes with the showfsav command. For more information about the setfsav andshowfsav commands, see the HPE 3PAR Command Line Interface Reference.To clear the statistics for quarantined files, follow these steps:1. On the main SSMC menu, select File Persona > Virtual File Servers screen > Manage

Antivirus Quarantine.2. Select the Actions menu, and then select Clear Total Quarantined Counter.3. The Clear Total Quarantined Counter dialog opens.4. Review the clearing information. If you are not sure that this total quarantine counter should

be cleared, click Cancel; otherwise, click Yes, clear to start the action and close the dialog.To export quarantined files with the SSMC, follow these steps:1. On the main SSMC menu, select File Persona > Virtual File Servers screen > Manage

Antivirus Quarantine.2. Select the Actions menu, and then select Export.To reset quarantined files with the SSMC, follow these steps:Manage Antivirus Quarantine ->Reset1. On the main SSMC menu, select File Persona > Virtual File Servers screen > Manage

Antivirus Quarantine.2. Select the Actions menu, and then select Reset.To move quarantined files with the SSMC, follow these steps:Manage Antivirus Quarantine ->Reset1. On the main SSMC menu, select File Persona > Virtual File Servers screen > Manage

Antivirus Quarantine.2. Select the Actions menu, and then select Move.

Managing Quarantine Settings and Files 71

Updating Virus DefinitionsIf the virus definitions on the VSE are not in sync with the virus definitions on the StoreServStorage system, files already scanned may not have been scanned based on the updated virusdefinitions. When a new file is read on the StoreServ Storage system, the virus definitions areautomatically updated with the definitions from the VSE.Issue the startfsav update command to update virus definitions using the HPE 3PAR CLI.To update virus definitions using the SSMC, follow these steps:1. On the main SSMC menu, select File Persona > File Persona Configuration screen >

Antivirus Settings.2. Select the Actions menu, and then select Update virus definition.3. Follow the instructions on the dialog that opens.

Enabling and Disabling Antivirus ServicesTo enable antivirus services using the HPE 3PAR CLI, issue the startfsav svc command.To disable antivirus services using the HPE 3PAR CLI, issue the stopfsav svc command.See the HPE 3PAR Command Line Interface Reference.To enable or disable the antivirus service for the File Persona using the SSMC:1. On the main menu, select File Persona > Persona Configuration.2. In the list pane, select the File Persona, and then select Configure File Persona on the

Actions menu.3. On the dialog that opens, select the Advanced options check box.4. On the Antivirus Settings panel, enable or disable the Antivirus service, as appropriate.


8 Backup, Disaster Recovery for File PersonaFor more information see the Replication and Disaster Recovery for HPE 3PAR File Personawhite paper

Backing Up and Restoring File SharesThe specific process for backing up File Persona File Shares depends on the particular backupsoftware in use in your configuration. The general approach to backing up File Shares is asfollows:1. Backup the configuration settings for the VFS associated with the File Store containing the

File Shares you intend to backup. For information on backing up VFS configuration settings,see “Backing up and Restoring Configuration Settings for Virtual File Servers” (page 30).

2. Configure your backup software to backup the top-level shares in each File Store on theVFS, including the File Shares in the .admin File Store.

3. Initiate a backup operation in your backup software.In order to restore a VFS and its associated File Stores that have been backed up in this manner,follow these steps:1. If necessary, re-create a VFS having the same name as that of the VFS previously backed

up. For information on creating a VFS, see “Creating Virtual File Servers” (page 28).2. If the creation of a VFS was necessary, create a top-level File Share in the .admin File

Store.3. Restore the configuration settings previously backed up. For information on restoring VFS

configuration settings, see “Backing up and Restoring Configuration Settings for Virtual FileServers” (page 30).

4. Re-create any necessary top-level File Shares in each File Store.5. Initiate a restoration operation in your backup software to restore the contents of those File

Shares.

Using NDMP for File Persona BackupThe Network Data Management Protocol (NDMP) is an open standard for backing upnetwork-attached storage systems. In order to use NDMP with File Persona, the NDMP servicemust be started and configured on the HPE 3PAR system.1. Ensure that File Persona node networking is configured and working properly. The NDMP

backup software will require network connectivity in order to access File Persona objects.2. Start the NDMP service for File Persona by using the startfsndmp command:

cli% startfsndmp

3. Verify that the service has started and obtain the auto-generated cluster iSCSI QualifiedName (IQN) by using the showfsndmp command:

cli% showfsndmpGlobalServiceStatus --------ClusterIqn------------------STARTED iqn.1994-05.com.redhat:ce331a3b2568;

4. Create a Virtual Tape Library (VTL) in your storage appliance (for example, an HPE StoreEverTape Library) using the generated IQN.

Backing Up and Restoring File Shares 73

http://h20195.www2.hpe.com/v2/GetPDF.aspx%2F4AA5-8027ENW.pdf

http://h20195.www2.hpe.com/v2/GetPDF.aspx%2F4AA5-8027ENW.pdf

5. Configure the VTL for use with File Persona by using the setfsndmp command, as in thefollowing example (with an IP address of 10.10.0.1 for the VTL):

cli% setfsndmp vtl +10.10.0.1

You can display configured VTLs by using the showfsndmp -vtl {vtldevices |vtltapes} command.

6. Configure the NDMP with basic settings such as the DMA address, user name, and password,as in the following example:

cli% setfsndmp conf -dma +10.10.0.2 -username ndmpuser -password ndmppw -enable_sessions trueNDMP configuration has been modified successfully

7. Perform any necessary additional steps to configure your NDMP backup software (forexample, Symantec NetBackup). Consult the administrative documentation for your NDMPbackup software for configuration details.

Using NDMP for File Store Backup using SnapshotsThe Network Data Management Protocol (NDMP) is an open protocol used to control data backupand recovery communications. It restores a list of directories as directed by the DMA. Each node’spermission, timestamp, mode, and all extended attributes get restored. The Backup and RecoverModule will restore each node’s Data Alternate data stream (if any), permission, timestamp,mode and all extended attributes.The .snapshot directory is a hidden directory created during the creation of a File Store.Whenever a snapshot of the File Store is created, the snapshots will be available in the.snapshot directory.In general, the user should not try to back up the whole .snapshot directory using the backupmechanism, since the user will be backing up the same files over and over again repeatedly. Soit is recommended to do a backup of a specific snapshot from the .snapshot directory.

NOTE: Once the snapshot is backed up under the .snapshot directory using NDMP, therestore (NDMP) needs to be targeted to the live view and NOT the .snapshot directory. The.snapshot directory is read only.

Using Virtual Volume Snapshots for Local Disaster RecoveryLocal recovery of an FPG uses snapshots of the virtual volumes associated with the FPG. Localrecovery can be used to recover from file system corruption or from a change to the file systemthat needs to be rolled back. In preparation for using virtual volume snapshots for local recovery,take snapshots of the relevant virtual volumes:1. Identify the virtual volumes associated with a given File Provisioning Group (FPG) by using

the showvvset command, specifying an FPG by name, as in the following example:

cli% showvvset myfpgId Name Members 3 myfpg myfpg.0 myfpg.1--------------––– 1 total 2

74 Backup, Disaster Recovery for File Persona

2. Make a group virtual copy of the members of the virtual volume set associated with the FPG:

cli% creategroupsv -ro myfpg.0 myfpg.1CopyOfVV SnapshotVV myfpg.0 myfpg.0.ro myfpg.1 myfpg.1.ro

Using creategroupsv ensures that the virtual volumes are consistent with each other withrespect to the time that the snapshots were taken.

To use these snapshots to recover the virtual volumes for a given FPG, perform the followingprocedure:1. Remove the FPG by using the removefpg command and specifying the -forget option,

as in the following example:

cli% removefpg -f -forget myfpgRemoving fpg: myfpg

2. Promote the virtual copies (snapshots):

cli% promotegroupsv myfpg.0.ro myfpg.1.ro

3. Recover the FPG using the promoted volumes:

cli% createfpg -recover set:myfpg

Using Remote Copy for Disaster RecoveryTo perform disaster recovery on remote copy groups, follow these steps:1. On the main menu in the SSMC, select Replication > Remote Copy Groups.2. In the list pane, select the remote copy group, and then select Failover, Revert failover,

Recover, or Restore on the Actions menu.3. Follow the instructions on the dialog that opens.See also “Removing and Recovering File Provisioning Groups” (page 27)

Using Remote Copy for Disaster Recovery 75

9 Monitoring File PersonaChecking Health of Hardware and Software Components

The HPE 3PAR checkhealthCLI command checks the status of system hardware and softwarecomponents, and reports the issues if any.From the CLI issue the checkhealth command. The syntax is as follows:checkhealth [<options> | <component>...]

where,

• -lite option performs a minimal health check.

• -svc option performs a thorough health check. This is the default option.

• -full option performs the maximum health check. This option cannot be used with the-lite option.

• –list option lists all components that will be checked.

• –quiet option will not display which component is currently being checked. Does not displaythe footnote with the -list option.

• –detail option displays detailed information regarding the status of the system.

• <component> indicates the component to check. For example, fs for File Persona. Usethe -list option to get the list of components.

Monitoring File PersonaIn order to monitor File Persona’s Performance, use the srstatfs CLI command.The following table summarizes the HPE 3PAR CLI System Reporter commands. See the HPE3PAR Command Line Interface Reference for details about each command.

DescriptionCommand

Displays system reporter performance reports for File Persona anti-virus.srstatfsav

Displays System reporter performance reports for File Persona block devices.srstatfsblock

Displays system reporter performance reports for File Persona CPU usage.srstatfscpu

Displays system reporter performance reports for File Persona file provisioning groups.srstatfsfpg

Displays system reporter performance reports for File Persona memory usage.srstatfsmem

Displays system reporter performance reports for File Persona Ethernet interfaces.srstatfsnet

Displays system reporter performance reports for File Persona NFS.srstatfsnfs

Displays system reporter performance reports for File Persona SMB.srstatfssmb

Displays system reporter performance reports for File Persona snapshots.srstatfssnapshot

To monitor File Persona using the System Reporter in the SSMC, follow these steps:1. On the main menu in the SSMC, select Storage Systems > Systems.2. Select the System Reporter.3. Follow the instructions on the dialog that opens.

NOTE: SMB read and write statistics reported by statfs -smb or srstatfssmb commandswill not account for data transferred via ODX.

76 Monitoring File Persona

10 Troubleshooting File PersonaPossible Troubleshooting Scenarios

Refer to the following list of possible troubleshooting scenarios that could arise when using FilePersona.1. Problem:

SMB Notification (DCN) handling of NFS updated files for Windows 2012 clients not beinghandled correctlyCause:Directory Change Notification (DCN) is a feature that enables a Windows userto see new files appear on the Windows Explorer window without having to refresh thewindow; whenever something new is written by other clients. In Windows Server 2012the user cannot see the new files appear on the window even if the other clients have writtensomething new.Solution:This is a Windows Server 2012 (without R2) specific Microsoft Windows bug. Thereare two ways to counter this issue: Either upgrade to Windows Server 2012 R2 or usethe function key F5 to refresh the window if there is a file you expect to see but is not beingshown.

2. Problem:Performance of directory listing on File Persona NFS share with NFSv4 client slow whenusing LDAPCause:There are known performance issues when NFSv4 and LDAP are paired that result in slowdirectory listing.Solution:There is no solution that exists from the File Persona side as this is an NFSv4 related issue.On the other hand, NFSv3 performs better.

3. Problem:NFS and HTTP Users don’t have folder access if permissions are given with the built-in“Domain Users” groupCause:This is an Active Directory behavior with System Security Services Daemon(SSSD)(SSSD) being used on a client in RFC2307 provisioned mode. The SSSD does not resolvethe “Domain Users” group in an Active Directory.Solution:This is not a File Persona related issue. To resolve this, opt for BeyondTrust’sPowerBroker Identity Services Open instead of SSSD. BeyondTrust’sPowerBroker Identity Services Open will result in resolving the "Domain Users"group in both provisioned (RFC2307 is on) and non-provisioned (RFC2307 is off) modes.This product is an acceptable alternative Active Directory product for Linux clients incomparison to SSSD.

4. Problem:Setting LSASS provisioned mode fails to provide NFSv4 ID mapping

Possible Troubleshooting Scenarios 77

Cause:Setting the Local Security Authority Subsystem Service (LSASS) in provisioned mode willfail to provide NFSv4 ID mapping without the Schmmgmt.dll file installed. This is only seenin RFC2307mode, and only on Active Directory servers that do not have the Schmmgmt.dllfile loaded.Solution:Load the Schmmgmt.dll provided by Microsoft Windows. Windows Server 2012 R2has the Schmmgmt.dll loaded by default. Windows Server 2008 doesn't load it bydefault. To load the Schmmgmt.dll on the Windows Server 2008 run the command:regsvr32 schmmgmt.dll

5. Problem:When restricting access to Domain NFS shares if wildcard option is used to specify the ClientIP an error is generatedCause:When restricting access to domain NFS shares, a Fully Qualified Domain Name (FQDN) ofthe host should be specified. If the wildcard option is used when specifying the client IP theremight be an issue.Solution:Reverse lookup allows clients on the domain access to mount an NFS share. Whenrestricting access to domain NFS shares, an FQDN of the host should to be specified. If thewildcard option is used when specifying the client IP there might be an issue. Whenconfiguring Reverse lookup configure the FQDN and not an alias. Example: Do not usean alias like sys1. Use the FQDN: sys1.hpe.com

78 Troubleshooting File Persona

11 Support and other resourcesAccessing Hewlett Packard Enterprise Support

• For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website:www.hpe.com/assistance

• To access documentation and support services, go to the Hewlett Packard Enterprise SupportCenter website:www.hpe.com/support/hpesc

Information to collect• Technical support registration number (if applicable)

• Product name, model or version, and serial number

• Operating system name and version

• Firmware version

• Error messages

• Product-specific reports and logs

• Add-on products or components

• Third-party products or components

Accessing updates• Some software products provide a mechanism for accessing software updates through the

product interface. Review your product documentation to identify the recommended softwareupdate method.

• To download product updates, go to either of the following:

Hewlett Packard Enterprise Support Center Get connected with updates page:www.hpe.com/support/e-updates

◦

◦ Software Depot website:www.hpe.com/support/softwaredepot

• To view and update your entitlements, and to link your contracts and warranties with yourprofile, go to the Hewlett Packard Enterprise Support Center More Information on Accessto Support Materials page:www.hpe.com/support/AccessToSupportMaterials

IMPORTANT: Access to some updates might require product entitlement when accessedthrough the Hewlett Packard Enterprise Support Center. You must have an HP Passportset up with relevant entitlements.

Websites

LinkWebsite

www.hpe.com/info/enterprise/docsHewlett Packard Enterprise Information Library

www.hpe.com/support/hpescHewlett Packard Enterprise Support Center

Accessing Hewlett Packard Enterprise Support 79

http://www.hpe.com/assistance

http://www.hpe.com/support/hpesc

www.hpe.com/support/e-updates

http://www.hpe.com/support/softwaredepot

http://www.hpe.com/support/AccessToSupportMaterials

http://www.hpe.com/info/enterprise/docs

http://www.hpe.com/support/hpesc

LinkWebsite

www.hpe.com/assistanceContact Hewlett Packard Enterprise Worldwide

www.hpe.com/support/e-updatesSubscription Service/Support Alerts

www.hpe.com/support/softwaredepotSoftware Depot

www.hpe.com/support/selfrepairCustomer Self Repair

www.hpe.com/info/insightremotesupport/docsInsight Remote Support

www.hpe.com/info/hpux-serviceguard-docsServiceguard Solutions for HP-UX

www.hpe.com/storage/spockSingle Point of Connectivity Knowledge (SPOCK)nl

Storage compatibility matrix

www.hpe.com/storage/whitepapersStorage white papers and analyst reports

Customer self repairHewlett Packard Enterprise customer self repair (CSR) programs allow you to repair your product.If a CSR part needs to be replaced, it will be shipped directly to you so that you can install it atyour convenience. Some parts do not qualify for CSR. Your Hewlett Packard Enterprise authorizedservice provider will determine whether a repair can be accomplished by CSR.For more information about CSR, contact your local service provider or go to the CSR website:www.hpe.com/support/selfrepair

Remote supportRemote support is available with supported devices as part of your warranty or contractual supportagreement. It provides intelligent event diagnosis, and automatic, secure submission of hardwareevent notifications to Hewlett Packard Enterprise, which will initiate a fast and accurate resolutionbased on your product’s service level. Hewlett Packard Enterprise strongly recommends thatyou register your device for remote support.For more information and device support details, go to the following website:www.hpe.com/info/insightremotesupport/docs

Documentation feedbackHewlett Packard Enterprise is committed to providing documentation that meets your needs. Tohelp us improve the documentation, send any errors, suggestions, or comments to DocumentationFeedback ([email protected]). When submitting your feedback, include the documenttitle, part number, edition, and publication date located on the front cover of the document. Foronline help content, include the product name, product version, help edition, and publication datelocated on the legal notices page.

80 Support and other resources

http://www.hpe.com/assistance

http://www.hpe.com/support/e-updates

http://www.hpe.com/support/softwaredepot

http://www.hpe.com/support/selfrepair

http://www.hpe.com/info/insightremotesupport/docs

http://www.hpe.com/info/hpux-serviceguard-docs


http://www.hpe.com/storage/whitepapers

http://www.hpe.com/support/selfrepair

http://www.hpe.com/info/insightremotesupport/docs

mailto:[email protected]

A List of Port Numbers and ProtocolsBelow is a list of port numbers and protocols that need to be open for the File Persona featureto function properly. Open the port(s) as and when needed.

Flow of TrafficUsageTCP/UDPPort NumberSourceProtocol

OutboundDNSUDP/TCP53Node IPDNS

OutboundSMB: Kerberos VAuthentication

UDP/TCP88Node IPSMB

IncomingNetBIOS NameService

UDP137Node IPSMB

IncomingNetBios datagramservice

UDP138Node IPSMB

IncomingNetBIOS Sessionservice

TCP139Node IPSMB

OutboundKerberos VChange & Set

464Node IPSMB

Password(SET_CHANGE)

OutboundKerberos VChange & Set

749Node IPSMB

Password(RPCSEC_GSS)

OutboundLDAPTCP389Node IPLDAP

IncomingSMB over IPTCP445Node IPSMB

OutboundLDAP overTLS/SSL

TCP636Node IPLDAP

OutboundiSCIS for NDMPbackups

TCP3260Node IPISCSI

IncomingNDMPTCP10000Node IPNDMP

IncomingNon-SSL ObjectPort

TCP80VFS IPObject

Incomingrpcbind/sunrpcUDP/TCP111VFS IPNFS

IncomingSSL Object PortTCP443VFS IPObject

IncomingSMB File sharingTCP445VFS IPSMB

IncomingNFS statdUDP/TCP662VFS IPNFS

IncomingNFS quotaUDP/TCP875VFS IPNFS

IncomingNFS mountdUDP/TCP892VFS IPNFS

OutboundLCAP - AVUDP/TCP1344VFS IPAnti-Virus

OutboundNFS stat outgoingUDP/TCP2020VFS IPNFS

IncomingNFSv4UDP/TCP2049VFS IPNFS

IncomingNFS LockManager

UDP32769VFS IPNFS

IncomingNFS LockManager

TCP32803VFS IPNFS

81

Index

Aaccessing

updates, 79activate

File Persona software license, 8FPG, 24

active directory domainjoining File Persona nodes, 15removing File Persona nodes, 15

addantivirus server, 66

antivirusadd server, 66configuring policies, 69edit server, 66enabling, disabling, 72initiate scan, 67manage services, 65manage settings, 65pause scan, 68remove server, 66servers, 66stop scan, 68update definitions, 72view policy information, 68view quarantined file information, 68view scan information, 68view status, 68

antivirus servers (File Persona)adding, editing, 66

assignVFS IP addresses, 32

authentication providersetting stacking order, 17

Bback up

File Shares, 73using NDMP, 73VFS configuration settings, 30

Cclear

quarantined file list, 70Common Provisioning Groups

considerations, 9configure

File Persona, 9File Persona authentication settings, 15global object access settings, 20global SMB settings, 19LDAP server, 16network settings, 10NFS domain names, 19node IP address, 11VFS network settings, 32

considerationsCPG, 9

contacting Hewlett Packard Enterprise, 79create

File Shares, 42File Store, 34File Store snapshots, 36FPG, 23NFS File Shares, 43, 46object File Shares, 46VFS, 28

create File Shares, 42creating

local groups, 57local users, 55

customer self repair, 80

Ddeactivate

FPG, 24delete

quarantined files, 70VFS, 33

deleted snapshotreclaiming storage space, 38

disableFile Persona, 21RFC2307 setting for AD services, 15

disaster RecoveryFile Shares, 73

disaster recoveryFile Persona, 73using Remote Copy, 75using VV snapshots, 74

DNS addressessetting, 14

documentationproviding feedback on, 80

domain namesconfigure for NFS, 19

domain suffixessetting, 14

downgradeHPE 3PAR OS, 22

Eedit

antivirus server, 66enable

File Persona, 9File Persona on additional node pairs, 20RFC2307 setting for AD services, 15

exportquarantined file list, 70

Ffailover

82 Index

node, 26failover node

for FPG, 26File Persona

activating software license, 8component overview, 23configuring, 9disabling, 21disaster recovery, 73enabling, 9enabling on additional node pairs, 20getting started, 7managing components, 23monitoring, 76prerequisites, 7software licensing, 8software overview, 6system support, 7viewing configuration settings, 21

File Persona authentication settingsconfiguring, 15

File Persona Nodesjoin to active directory domain, 15remove from active directory domain, 15

File Provisioning Groups, 6activating, 24creating, 23deactivating, 24failover node, 26increasing size, 27managing, 23recovering, 27removing, 27set primary node, 26viewing configuration settings, 25

File Sharesettings, 47

File Share optionsNFS, 51object, 51SMB, 49

File Shares, 6back up, 73create, 42disaster recovery, 73managing, 40overview, 40removing, 53viewing configuration settings, 53

file snapshot space (File Persona)reclaiming, 38

File Storecreating, 34creating snapshots, 36managing, 34managing snapshots, 36modifying, 35recovering snapshots, 37remove, 34

removing, 35removing snapshots, 37scheduling snapshots, 36viewing configuration settings, 34viewing snapshots, 37

File Stores, 6

Ggetting started

with File Persona, 7groups

creating local, 57modifying membership, 58removing, 59view settings, 55

HHPE 3PAR OS

downgrading with File Persona, 22reverting with File Persona, 22

Iimporting

usage quotas, 63increase

FPG size, 27initiate

antivirus scan, 67IP addresses

assign to VFS, 32

Jjoin

File Persona nodes to AD domain, 15

LLAN gateway address

setting, 12LDAP servers

configuring, 16removing, 17

licensingFile Persona, 8

limitationsSMB, 41

localgroups, 55users, 55

local usersview settings, 55

Mmanage

antivirus services, 65antivirus settings, 65File Persona components, 23File Shares, 40File Store, 34File Store snapshots, 36

83

FPG, 23VFS, 28

modifyFile Share, 47File Store, 35VFS configuration settings, 30

modify network settingsof VFS, 33

modifyinggroup memberships, 58local user settings, 56

monitoringFile Persona, 76

MTU sizesetting, 11

NNDMP

backups, 73network settings

configuring, 10NFS

, 51configuring domain names, 19

NFS File Sharescreating, 46

nodefailover, 26primary, 26

node bond modesetting, 10

node IP addressconfiguring, 11

Oobject

, 51object access

configuring global settings, 20object File Shares

creating, 46overview

File Persona components, 23File Shares, 40

Ppolicies

configuring antivirus, 69prerequisites

File Persona, 7primary

node, 26primary node

for FPG, 26

Qquarantine

managing files, 70managing settings, 70

quarantined file listclearing, 70exporting, 70resetting, 70

quarantined filesdeleting, 70

quotasarchive settings, 61restore settings, 61usage, 60, 63using, 60view settings, 61

Rreclaim storage space

deleted snapshot, 38recover

File Store snapshots, 37FPG, 27

remote copy groupsdisaster recovery operations, 75

remote support, 80remove

antivirus server, 66File Persona nodes from AD domain, 15File Shares, 53File Store, 34, 35File Store snapshots, 37FPG, 27LDAP server, 17

remove a File Store, 34remove network settings

from VFS, 33removing

groups, 59local users, 57

resetquarantined file list, 70

restoreVFS configuration settings, 30

restoringusage quotas, 63

revertHPE 3PAR OS, 22

RFC2307disabling setting for AD services, 15enabling setting for AD services, 15

Sschedule

File Store snapshots, 36servers

antivirus, 66set

authentication provider stacking order, 17DNS addresses, 14domain suffixes, 14LAN gateway address, 12MTU size, 11

84 Index

node bond mode, 10settings

File Share, 47SMB

, 49configuring global settings, 19Features, 41Limitations, 41protocol support, 40

SMB File Sharescreating, 43

snapshotdeleted, 38viewing status, 39

snapshot space reclamationstopping, 39

snapshotscreating, 40editing, deleting, 40

software licenseactivating, 8

software overviewFile Persona, 6

stacking orderauthentication provider, 17

statusview antivirus, 68

stopsnapshot space reclamation, 39

supportHewlett Packard Enterprise, 79

system supportFile Persona, 7

Ttroubleshooting, 77

Uupdates

accessing, 79usage quotas

importing, 63restoring, 63setting for File Stores, 60setting for groups, 60setting for users, 60

userscreating, 55modifying settings, 56removing local, 57

Vview

File Persona configuration settings, 21File Store configuration settings, 34File Store snapshots, 37FPG configuration settings, 25group settings, 55local users, 55

snapshot status, 39VFS configuration settings, 30

view configuration settingsFile Shares, 53

viewing network settingsVirtual File Server, 32

Virtual File Servers, 6, 28assigning IP addresses, 32backing up configuration settings, 30configuring network settings, 32creating, 28deleting, 33managing, 28modifying network settings, 33modifying settings, 30remove network settings, 33restoring configuration settings, 30viewing network settings, 32viewing settings, 30

virtual IP addresses (File Persona)adding, 32editing, 33

virtual volume set snapshotscreating, 40

Wwebsites, 79

customer self repair, 80

85

Documents

HPE 3PAR File Persona User Guide€¦ · 2GettingStartedwiththeFilePersonaSoftware FilePersonaPrerequisites Toenable,configure,andusethefeaturesavailablewiththeFilePersonasoftwareonaStoreServ