EDR HA configuration, Backup and restore

I need a solution

Hi I have a requirement to setup EDR 4 all in one virtual appliance in HA mode and also need to have DR setup build. Request your help to understand below requirements.

1. How to configure two All in one virtual applince in HA mode?

2. Do we need a physical interface from Switch tagged to Virtual appliance if plan is to configure in TAP mode only?

3. How to configure EDR all in one virtual appliance as DR failover and fallback setup?

4. If EDR backup is configured, what will be the size of backup file and what is the content of a backup file.

0

Related:

How To Change the Unidesk(2.x and 3.x) / App Layering(4.x) appliance IP addresses

Connect to the appliance from either the hypervisor’s console or through SSH. Login with the following credentials (please note this password can be changed by the user):

User: administrator

Password: Unidesk1

On an App Layering ELM you will see the following menu:

########################################

# App layering appliance configuration #

########################################

# (S)how current config

# (C)onfigure networking

# (P)assword change

# (T)imezone change

# (N)TP servers change

# (Q)uit

########################################

Action (c/n/q/p/s/t):


Unidesk Management Appliance:

#############################

# Unidesk virtual appliance

# static networking config

#############################

# (S)how current config

# (C)onfigure networking

# (P)assword change

# (Q)uit

#############################

Action ? (S/C/P/Q):


Unidesk Cachepoint Appliance:

#############################

# Unidesk virtual appliance

# static networking config

#############################

# (S)how current config

# (C)onfigure networking

# (P)assword change

# (M)odify MA IP Address

# (Q)uit

#############################

Action ? (S/C/P/M/Q):


NOTE: The cachepoints have an additional option to set the management appliance IP address. Each cachepoint needs to know which IP to talk to when they first power on. If the IP address is changed on the management appliance then each cachepoint needs to be updated with this IP as well under option M.

Related:

App Layering : Unable to create an image

Check to see if you have hosts in maintenance mode or otherwise in trouble.

And

Add the following permissions to the service account either at the DataCenter level or the vSphere level.

Basically, the service account doesn’t have enough vSphere account permissions, or user doesn’t have them set at the right level.

Virtual Machine / Interaction / Device Connection

Virtual Machine / Interaction / VMware Tools install

Virtual Machine / Provisioning / Clone template

Virtual Machine / Provisioning / Clone virtual machine

For required permissions refer :

https://docs.citrix.com/en-us/citrix-app-layering/4/install-appliance/vmware-vsphere.html

Related:

Re: Re: unity migration vdm,usermapper,multiprotocol questions

castleknock wrote:

This differs from VNX behaviour as secmap created a local UID reference to ‘hide’ the lack of a unix account rather than simple deny SMB access Is this a correct read ? and it so explains the lack of any references to secmap import during VNX migration.

the different isnt in secmap

secmap is not a mapping method – its merely a cache so that we dont have to do repeated do calls to external mapping source which can take time

The difference is with usermapper

usermapper was only every meant to as a mapping method for CIFS only file systems but on VNX/Celerra this wasnt enforced.

The manuals told you clearly to disable usermapper if you are doing multi-protocol but many customers didnt do that – either because they didnt know of out of convinience

So they are using a config where some users were mapped through the AD/NIS/ntxmap and the ones that couldnt got a uid from usermapper

In Unity we improved this:

usermapper is per NAS server – and not globally per data mover

by default usermapper is disabled for multi-protocol NAS server

instead we add options for default Unix/Windows user that get used if AD/NIS/ntxmap are unable to map the user – which didnt exist in VNX/Celerra

So if you use the default on a multi-protocol NAS server and we cannot map a user then access is denied

You an then either:

– make sure this user is covered by the mapping sources

– configure the default Unix user

– enable automatic user mapping (usermapper)

this is explained in detail with flowcharts in the multi-protocol manual that I mentioned

keep in mind though that just enabling usermapper like on VNX is convinient but it also makes changes and troubleshooting more difficult

This is because secmap entries never expire or get updated

For example if a user connects to a NAS server before you have configured its account in AD/NIS/ntxmap mappings he will get a UID from usermapper

Then if later the admin adds the account to AD/NIS/ntxmap this account will still use the uid from usermapper for this NAS server but on a new NAS server the uid from the mapping source

Also since usermapper is now per NAS server the same user will get different uid’s on different NAS servers

bottom line – if you want full multi-protocol then use a deterministic mapping method and not usermapper

Related:

Dell EMC Unity: CIFS server is in Degraded mode and not fully functioning (Customer Correctable)

Article Number: 524889 Article Version: 2 Article Type: Break Fix



Dell EMC Unity Family

The CIFS server is in Degraded mode and not fully functioning.

1. The Security tab of file properties shows SID instead of names.

2. The CIFS server may become inaccessible.

3. EMCC4Corelogc4_safe_ktrace.log shows errors like below:

2018/08/16-20:53:04.961645 41K 7F1390BE9709 sade:KERBEROS: 3:[vdm] acquire_accept_cred: Failed to get keytab entry for principal CIFS/xxx.xxx

2018/08/16-20:53:04.961648 ~~~~ 7F1390BE9709 sade:KERBEROS: 3:[vdm] xx.xxx@xx.xxx – error No principal inkeytab matches desired name (39756033)

2018/08/16-20:53:05.477279 ~~~~ 7F1390BE9709 sade:SMB: 4:[vdm] Unsupported authentication mode: authMethod:4,kerberosSupport:1, negoMethod:0

The Host (A) entry in DNS is different from the computer name of the CIFS server, and was not added in the keytab or SPN list. For example, the computer name of the CIFS server is “example.dell.com”, but it is configured like this in DNS:

Name Type Data

example_alias Host (A) 5.6.7.8

example Alias (CNAME) example_alias.dell.com

In the output of “/nas/bin/server_cifs <vdm> -setspn -list -compname <comp_name>”, there is no SPN called “example_alias”.

There are two options;

Option 1. Make sure the Host (A) entry is identical to the computer name of the CIFS server. If the users want to access via other names, configured them as Alias (CNAME):

Name Type Data

example Host (A) 5.6.7.8

example_alias Alias (CNAME) example.dell.com

Option 2. Run “/nas/bin/server_cifs <vdm> -setspn -add <SPN> -compname <comp_name> -domain <full_domain_name> -admin <admin_name>” to add the Host (A) entry in SPN.

Related:

Re: NAS Proxy functionality

Additionally, over SMB, snapshots can frequently be seen by using either:

a) the previous versions tab (from a windows box)

or

b) by changing your path from \proxyrepodoc to \proxyrepodoc.ckpt .Different NAS systems call this different things. VNX/Celerra was always .ckpt, Isilon + NetApp use .snapshot, and so-forth, however in some cases it’s hidden over SMB. Of course confirming that the snapshots are there in the first place is where I would start.

~Chris

Related:

Re: EMC Unity – Remove Tenant from a File System

First, let’s get some terms straight:

Unity, and other NAS systems don’t have tenants, they have CIFS/SMB or NFS Servers, which have filesystems which contain data. Those are made accessible to users using NFS exports or SMB shares, or in some cases both. The access to the data is controlled by filesystem permissions, either POSIX permission bits, NTFS ACLs or both in some cases.

Now:

In most M&A situations you’re going to do a few things.

1. You’re going to do a directory services migration, moving users from AQUIREDCOMPANYjsmith to PARENTCORPJoe.smith, or something along those lines.

2. You’re going to consolidate datacenters and hardware where it makes sense.

3. You’ll eventually end up likely merging File services together, which I assume is what you’re asking about.

When you merge together 2 CIFS servers, let’s say CIFS01.AQUIREDCOMPANY.NET into NAS05.PARENTCORP.NET you’ll need to first check to see if there are any overlapping share names. Is there a share called Legal on the source, and another one called Legal on the target? If so, that’ll be a problem for login scripts, manual drive mappings, etc. Unless you’re able to say that they both now belong to the same team, so it’s OK to collapse the 2 together. But then you have to be really careful, and use a tool to do the migration that’s capable of doing so.

Goals:

The end goal of a consolidation is to simplify long-term administration of file services. But as you can hopefully start to pick up on above, it’s a rough road to traverse, and it’s not as easy as a technical Q&A, many of the questions are about your organizational structure, you’re security standards, your authentication configuration, and a number of other variables.

But that’s not to say that you can’t run multiple NAS servers on the same unity box, you certainly can. You could even keep the network configuration the same if you can trunk in both VLANs to the target device, and make it all look pretty seamless. You’re left with a mess long-term, but if we’re just talking about a couple of NAS Servers / CIFS Servers, sometimes the consolidation isn’t worth the hassle.

In Summary:

Hope this makes sense, and FWIW shameless plug, my company Datadobi, does make the best file migration software on the market, that is API Integrated with DellEMC Unity and other systems, can re-permission data like this during the migration, and consolidate top-level directory structures together, like the 2 legal shares example I mentioned above. Anyway reach out if you’d like to explore how it may be helpful in such a situation.

~Chris Klosterman

Principal SE, Datadobi

chris.klosterman@datadobi.com

Related:

ATP queries & requirement

I need a solution

Dear All,

with regards to ATP Endpoint i have few queries in my mind. it would be great help if anyone can address.

EDR support upto how many clients on physcial (8840) and virtual form factor.

Does ATP virtual appliance compatible with vmware Vshpere essential as well.

do we have ATP Endpoind on Linux.

ATP Endpoint EDR can be configured on 8840 appliance

Appreciate your comment.

0

Related:

How To Downgrade Citrix SD-WAN SE/EE Appliances From Version 10.0.x to Version 9.3.x

You can follow these next steps to downgrade from version 10.0.x to version 9.3.x:

IMPORTANT: This procedure will only change the VW software. Rest of the components like WO will still be running with 9.3.x build specifics.

1) On MCN (currently running with 10.0.x) navigate to:

Configuration >> System Maintenance >> Update Software >> Re-image Virtual WAN Appliance Software (It is just the software re-image from UI and not the factory reset process)

User-added image

2) Upload the MCN hardware specific .tar file for release 9.3.x build and proceed with the installation (re-image). This step will clear the configuration from the appliance.

3) In the config editor, import the backed-up config from 9.3.x release and proceed with the staging and activation on MCN.

4) Perform Local Change Management for each branch.

Related: