FAQ | This is a LIVE service | Changelog

Changes

Page history
Update Institutional File Store User Guide authored by Ishan Mahajan's avatar Ishan Mahajan
Show whitespace changes
Inline Side-by-side
Institutional-File-Store-User-Guide.md
View page @ 7b49b2c1
## Table of contents ## Table of contents
[[_TOC_]] [[_TOC_]]
## Introduction ## Introduction
### About the Institutional File Storage service ### About the Institutional File Storage service
The Institutional File Storage (IFS) service allows institutions to store and share everyday documents with colleagues. This is aimed at desktop and laptop users who will have access to the storage via a mapped drive on their computer. The data is safely stored on an industry-standard hardware platform in the University's central data centres to protect against data loss. For more information, see [https://help.uis.cam.ac.uk/institutional-file-storage](https://help.uis.cam.ac.uk/institutional-file-storage). The Institutional File Storage (IFS) service allows institutions to store and share everyday documents with colleagues. This is aimed at desktop and laptop users who will have access to the storage via a mapped drive on their computer. The data is safely stored on an industry-standard hardware platform in the University's central data centres to protect against data loss. For more information, see https://help.uis.cam.ac.uk/institutional-file-storage.
### About this user guide ### About this user guide
...@@ -33,8 +34,8 @@ Institutional IFS administrators may have one of three roles: ...@@ -33,8 +34,8 @@ Institutional IFS administrators may have one of three roles:
* Data Project Manager: Responsible for the day-to-day management of the data at the project level. This role is not applicable to NFS shares as full control permissions cannot be set at the NFS share level. The DO or DM, which have full control permission, can give access and set permissions to DPMs manually. * Data Project Manager: Responsible for the day-to-day management of the data at the project level. This role is not applicable to NFS shares as full control permissions cannot be set at the NFS share level. The DO or DM, which have full control permission, can give access and set permissions to DPMs manually.
| | DO | DM | DPM | | | DO | DM | DPM |
|---------------------------------------------------------------------------------------------------------|-----|-----|---------------------------| |--|----|----|-----|
| **Responsibilities** | | **Responsibilities** | | | |
| Can enable and disable user access | :heavy_check_mark: | :heavy_check_mark: | | | Can enable and disable user access | :heavy_check_mark: | :heavy_check_mark: | |
| Appoints Data Owner, Data Managers and Data Project Managers | :heavy_check_mark: | :heavy_check_mark: | | | Appoints Data Owner, Data Managers and Data Project Managers | :heavy_check_mark: | :heavy_check_mark: | |
| Sets up initial free spaces for institutions | :heavy_check_mark: | | | | Sets up initial free spaces for institutions | :heavy_check_mark: | | |
...@@ -46,7 +47,7 @@ Institutional IFS administrators may have one of three roles: ...@@ -46,7 +47,7 @@ Institutional IFS administrators may have one of three roles:
| Maintains compliance with the information management guidelines and requirements that apply to the data | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | | Maintains compliance with the information management guidelines and requirements that apply to the data | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| Remove the project data after the storage licence expires | :heavy_check_mark: | :heavy_check_mark: | | | Remove the project data after the storage licence expires | :heavy_check_mark: | :heavy_check_mark: | |
| Antivirus scanning of the data stored on IFS | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | | Antivirus scanning of the data stored on IFS | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| **Permissions** | | **Permissions** | | | |
| Full control permissions on all the storage projects (i.e. SMB/NFS shares) | :heavy_check_mark: | :heavy_check_mark: | | | Full control permissions on all the storage projects (i.e. SMB/NFS shares) | :heavy_check_mark: | :heavy_check_mark: | |
| Can be given full control permissions at the project level | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: (only for SMB shares) | | Can be given full control permissions at the project level | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: (only for SMB shares) |
...@@ -58,13 +59,13 @@ As a DO, to delete a DM, go to **Configure the licence** page, then delete the D ...@@ -58,13 +59,13 @@ As a DO, to delete a DM, go to **Configure the licence** page, then delete the D
Example: delete the DM wh997. Example: delete the DM wh997.
<kbd><img src="uploads/d2cc08b1c5331a60e74e5df97e15de10/image031.png"></kbd> <kbd>![](uploads/d2cc08b1c5331a60e74e5df97e15de10/image031.png)</kbd>
As a DO, to change the DO (themselves), go to **Configure the license** page, delete the DO wh330 and assign a new one, e.g., wh998\. Then, click **Save** As a DO, to change the DO (themselves), go to **Configure the license** page, delete the DO wh330 and assign a new one, e.g., wh998. Then, click **Save**
<kbd><img src="uploads/8da500ede96539449f0be95e6f787c46/image032.png"></kbd> <kbd>![](uploads/8da500ede96539449f0be95e6f787c46/image032.png)</kbd>
<kbd><img src="uploads/071da10deafeb92c5d6d38970a92ac2d/image033.PNG"></kbd> <kbd>![](uploads/071da10deafeb92c5d6d38970a92ac2d/image033.PNG)</kbd>
Also, as a DM, I can add Data Project Managers (DPM) to the existing projects. Also, as a DM, I can add Data Project Managers (DPM) to the existing projects.
...@@ -90,7 +91,7 @@ Voucher value and validity can be verified using [Voucher tool](https://rjw57.gi ...@@ -90,7 +91,7 @@ Voucher value and validity can be verified using [Voucher tool](https://rjw57.gi
The steps to set up a storage account requires work by the DO/DM as well as the UIS Networks team. The steps are as follows: The steps to set up a storage account requires work by the DO/DM as well as the UIS Networks team. The steps are as follows:
| Action | Responsible party | | Action | Responsible party |
|----------------------------------------------------|--------------------------------------| |--------|-------------------|
| Obtain the space via the IFS portal (see [Obtain the space via the IFS portal](#get-space)) | Institution | | Obtain the space via the IFS portal (see [Obtain the space via the IFS portal](#get-space)) | Institution |
| Configure local institution firewall (see [Firewall rules configuration](#firewall-config)) | Institution | | Configure local institution firewall (see [Firewall rules configuration](#firewall-config)) | Institution |
| Port block removal (see [Firewall rules configuration](#firewall-config)) | UIS Networks team and/or Institution | | Port block removal (see [Firewall rules configuration](#firewall-config)) | UIS Networks team and/or Institution |
...@@ -98,81 +99,80 @@ The steps to set up a storage account requires work by the DO/DM as well as the ...@@ -98,81 +99,80 @@ The steps to set up a storage account requires work by the DO/DM as well as the
## Provisioning your IFS storage space ## Provisioning your IFS storage space
### <a name="firewall-config"></a> Firewall rules configuration ### Firewall rules configuration
Before you can provision storage projects, you will need to configure DNS, SMB/CIFS, NFS and Kerberos services that are needed to access and use your storage space. The Self-Service Gateway portal provides you with features to do so, but as a prerequisite, you will need to make sure that the IFS service can communicate with your local DNS Name Servers, Active Directory and Kerberos services by applying the firewall rules on your institutional firewall. Before you can provision storage projects, you will need to configure DNS, SMB/CIFS, NFS and Kerberos services that are needed to access and use your storage space. The Self-Service Gateway portal provides you with features to do so, but as a prerequisite, you will need to make sure that the IFS service can communicate with your local DNS Name Servers, Active Directory and Kerberos services by applying the firewall rules on your institutional firewall.
| Service | Firewall rules | | Service | Firewall rules |
|-------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------| |---------|----------------|
| [DNS](https://library.netapp.com/ecmdocs/ECMP1155586/html/GUID-D052D155-EF55-4D19-A70F-B9A8FA86A6D3.html) | Required by SMB/NFS shares.<br>Connections from IFS LIF subnet 10.128.2.0/23 on ports: 53 (TCP/UDP) | | [DNS](https://library.netapp.com/ecmdocs/ECMP1155586/html/GUID-D052D155-EF55-4D19-A70F-B9A8FA86A6D3.html) | Required by SMB/NFS shares.<br>Connections from IFS LIF subnet 10.128.2.0/23 on ports: 53 (TCP/UDP) |
| [Kerberos and LDAP](https://library.netapp.com/ecmdocs/ECMP1155586/html/GUID-9165F61F-5B4E-4955-ACFF-6D919F238255.html) | Required by NFS and SMB shares.<br>Connections from IFS LIF subnet 10.128.2.0/23 on ports: 88 (TCP/UDP), 750 (TCP/UDP), and 389 and 636 (TCP) | | [Kerberos and LDAP](https://library.netapp.com/ecmdocs/ECMP1155586/html/GUID-9165F61F-5B4E-4955-ACFF-6D919F238255.html) | Required by NFS and SMB shares.<br>Connections from IFS LIF subnet 10.128.2.0/23 on ports: 88 (TCP/UDP), 750 (TCP/UDP), and 389 and 636 (TCP) |
| [SMB/CIFS](https://library.netapp.com/ecmdocs/ECMP1368834/html/GUID-4645E16A-6CB1-4A71-8420-05749894E857.html) | Required by SMB/CIFS shares.<br>Connections to/from IFS LIF subnet 10.128.2.0/23 on ports: 137 and 138 (UDP), and 139 and 445 (TCP) | | [SMB/CIFS](https://library.netapp.com/ecmdocs/ECMP1368834/html/GUID-4645E16A-6CB1-4A71-8420-05749894E857.html) | Required by SMB/CIFS shares.<br>Connections to/from IFS LIF subnet 10.128.2.0/23 on ports: 137 and 138 (UDP), and 139 and 445 (TCP) |
| [NFS](https://library.netapp.com/ecmdocs/ECMP1155586/html/GUID-C764CE34-6F5B-42BC-B04B-7001744A44A3.html) | Required by NFS shares.<br>Connections to IFS LIF subnet 10.128.2.0/23 on ports: 111 (TCP/UDP) and 2049 (TCP/UDP) | | [NFS](https://library.netapp.com/ecmdocs/ECMP1155586/html/GUID-C764CE34-6F5B-42BC-B04B-7001744A44A3.html) | Required by NFS shares.<br>Connections to IFS LIF subnet 10.128.2.0/23 on ports: 111 (TCP/UDP) and 2049 (TCP/UDP) |
There are ACL blocks on switches into some institutions blocking traffic on port 445. To remove this block from your institutions for the IFS, please raise a ticket with the UIS Service Desk ([service-desk@uis.cam.ac.uk](mailto:service-desk@uis.cam.ac.uk)). There are ACL blocks on switches into some institutions blocking traffic on port 445. To remove this block from your institutions for the IFS, please raise a ticket with the UIS Service Desk (service-desk@uis.cam.ac.uk).
If you use the UIS Managed Firewall Service, please contact the UIS Service Desk ([service-desk@uis.cam.ac.uk](mailto:service-desk@uis.cam.ac.uk)) to ensure the appropriate firewall rules are put in place. This must be done by the DO.
### <a name="get-space"></a> Obtain the space via the IFS portal If you use the UIS Managed Firewall Service, please contact the UIS Service Desk (service-desk@uis.cam.ac.uk) to ensure the appropriate firewall rules are put in place. This must be done by the DO.
1. Go to the Self-Service Gateway portal: [https://selfservice.uis.cam.ac.uk/](https://selfservice.uis.cam.ac.uk/) ### Obtain the space via the IFS portal
1. Go to the Self-Service Gateway portal: https://selfservice.uis.cam.ac.uk/
2. In the **Institutional File Store** section (bottom left) click the **Choose** button: 2. In the **Institutional File Store** section (bottom left) click the **Choose** button:
<kbd><img src="uploads/687a58af96e851f4de3b13cf349e02e3/image004.png"></kbd> <kbd>![](uploads/687a58af96e851f4de3b13cf349e02e3/image004.png)</kbd>
3. Enter how many terabytes you want and click the **Get Quote** button. You will be redirected to the payment page: 3. Enter how many terabytes you want and click the **Get Quote** button. You will be redirected to the payment page:
<kbd><img src="uploads/687030863771ec5bbf2dfaae07069770/image005.png"></kbd> <kbd>![](uploads/687030863771ec5bbf2dfaae07069770/image005.png)</kbd>
4. [_Example demonstrates payment by UIS-provided voucher – you can also pay by Purchase Order_] Click the **Voucher** tab: 4. \[_Example demonstrates payment by UIS-provided voucher – you can also pay by Purchase Order_\] Click the **Voucher** tab:
<kbd><img src="uploads/1062d587aa13c769c553f2b96708a2cb/image006.png"></kbd> <kbd>![](uploads/1062d587aa13c769c553f2b96708a2cb/image006.png)</kbd>
5. Paste in your voucher code and click the **Submit** button: 5. Paste in your voucher code and click the **Submit** button:
<kbd><img src="uploads/2277b27eaa7dff647eb43e07899720be/image007.png"></kbd> <kbd>![](uploads/2277b27eaa7dff647eb43e07899720be/image007.png)</kbd>
6. The voucher is validated and you will be redirected to the confirmation page. Click the **Continue** button: 6. The voucher is validated and you will be redirected to the confirmation page. Click the **Continue** button:
<kbd><img src="uploads/82a9df8e9999bcffabdec395c7859196/image008.png"></kbd> <kbd>![](uploads/82a9df8e9999bcffabdec395c7859196/image008.png)</kbd>
You will be redirected to _Configure the licence_ page to set the DO and DM(s). The DO will receive a confirmation email containing a link to accept the Terms & Conditions: You will be redirected to _Configure the licence_ page to set the DO and DM(s). The DO will receive a confirmation email containing a link to accept the Terms & Conditions:
<kbd><img src="uploads/f62747df447c7bbbc5b0e76d645b75b3/image009.png"></kbd> <kbd>![](uploads/f62747df447c7bbbc5b0e76d645b75b3/image009.png)</kbd>
Click the **I agree** button to accept the Terms & Conditions: Click the **I agree** button to accept the Terms & Conditions:
<kbd><img src="uploads/2fcceb467e75341e8caa9f10164ccbeb/image010.png"></kbd> <kbd>![](uploads/2fcceb467e75341e8caa9f10164ccbeb/image010.png)</kbd>
You can also add a **Data Manager** by visiting the **Licence page** by clicking **View Licence**: You can also add a **Data Manager** by visiting the **Licence page** by clicking **View Licence**:
<kbd><img src="uploads/3e92ece5c6d965adf510d4f13d235f7a/image011.png"></kbd> <kbd>![](uploads/3e92ece5c6d965adf510d4f13d235f7a/image011.png)</kbd>
Click **Save**. Then the DM should accept the T&Cs so that their state moves to **Ready**: Click **Save**. Then the DM should accept the T&Cs so that their state moves to **Ready**:
<kbd><img src="uploads/c4a19c22f4f6dce0a822a0cb3493c0c9/image012.png"></kbd> <kbd>![](uploads/c4a19c22f4f6dce0a822a0cb3493c0c9/image012.png)</kbd>
Meanwhile, the DO and DM(s) will receive a confirmation email containing a link to accept the Terms & Conditions. See the email below as an example: Meanwhile, the DO and DM(s) will receive a confirmation email containing a link to accept the Terms & Conditions. See the email below as an example:
<kbd><img src="uploads/cd201754ba4d9970629aa41804bab7f5/image013.png"></kbd> <kbd>![](uploads/cd201754ba4d9970629aa41804bab7f5/image013.png)</kbd>
## <a name="svc-config"></a> Services configuration ## Services configuration
The IFS needs to be aware of a number of services in order to provide shares to your institution. In order to create storage projects, the DO or DM should start with the Vserver Configuration. The [Vserver](https://library.netapp.com/ecmdocs/ECMP1136871/html/GUID-E643017F-041B-4ECC-BEA1-E4D80E26A47E.html) is a virtual storage server that resides in our storage backend and is associated with your storage account. The IFS needs to be aware of a number of services in order to provide shares to your institution. In order to create storage projects, the DO or DM should start with the Vserver Configuration. The [Vserver](https://library.netapp.com/ecmdocs/ECMP1136871/html/GUID-E643017F-041B-4ECC-BEA1-E4D80E26A47E.html) is a virtual storage server that resides in our storage backend and is associated with your storage account.
On the **My Account** page click **Vserver Configuration** to choose which service you wish to configure: On the **My Account** page click **Vserver Configuration** to choose which service you wish to configure:
<kbd><img src="uploads/6a4876a192b1bf9c0bb05ab1ebd679fd/image014.png"></kbd> <kbd>![](uploads/6a4876a192b1bf9c0bb05ab1ebd679fd/image014.png)</kbd>
Each tab in the screenshot below presents a form for a service configuration. You can also click on [**Configure All Services**](#sh-6-7) to configure all the services with BLUE Active Directory settings: Each tab in the screenshot below presents a form for a service configuration. You can also click on [**Configure All Services**](#sh-6-7) to configure all the services with BLUE Active Directory settings:
<kbd><img src="uploads/eda4b7d7a476d907bacc79ca164e90f1/image015.png"></kbd> <kbd>![](uploads/eda4b7d7a476d907bacc79ca164e90f1/image015.png)</kbd>
The services to be configured are illustrated in the following table. The services to be configured are illustrated in the following table.
| Service | Notes | | Service | Notes |
|--------------------------------------|-----| |---------|-------|
| DNS (see [DNS Service](#dns-service)) | Required for NFS and SMB shares. | | DNS (see [DNS Service](#dns-service)) | Required for NFS and SMB shares. |
| CIFS Server (see [CIFS Server](#cifs-server)) | Required for NFS and SMB shares. Note that CIFS server must be configured if you want to bind the LDAP Client using the CIFS server credentials. | | CIFS Server (see [CIFS Server](#cifs-server)) | Required for NFS and SMB shares. Note that CIFS server must be configured if you want to bind the LDAP Client using the CIFS server credentials. |
| NFS Service (see [NFS Service](#nfs-service)) | To configure the NFS server running on the Vserver. Required for NFS and SMB shares (NFS service is required to create export policy on the CIFS shares). | | NFS Service (see [NFS Service](#nfs-service)) | To configure the NFS server running on the Vserver. Required for NFS and SMB shares (NFS service is required to create export policy on the CIFS shares). |
...@@ -180,7 +180,7 @@ The services to be configured are illustrated in the following table. ...@@ -180,7 +180,7 @@ The services to be configured are illustrated in the following table.
| LDAP Client (see [LDAP Client](#ldap-client)) | To enable access the external LDAP servers. Only required for NFS shares. | | LDAP Client (see [LDAP Client](#ldap-client)) | To enable access the external LDAP servers. Only required for NFS shares. |
| Kerberos NFS Interface (see [Kerberos NFS Interface](#krb-nfs-iface)) | To enable Kerberos authentification for NFS. Only required for NFS shares. | | Kerberos NFS Interface (see [Kerberos NFS Interface](#krb-nfs-iface)) | To enable Kerberos authentification for NFS. Only required for NFS shares. |
### <a name="dns-service"></a> DNS Service ### DNS Service
This form allows you to create or modify the DNS configuration of the Vserver associated with your storage account. This form allows you to create or modify the DNS configuration of the Vserver associated with your storage account.
...@@ -195,13 +195,13 @@ Configuration parameters: ...@@ -195,13 +195,13 @@ Configuration parameters:
For instance, to configure the DNS service, click the **DNS Service** tab and choose between using the BLUE settings your own settings and click **Configure DNS Service**. The following screenshot shows what you see if you use BLUE settings. For instance, to configure the DNS service, click the **DNS Service** tab and choose between using the BLUE settings your own settings and click **Configure DNS Service**. The following screenshot shows what you see if you use BLUE settings.
<kbd><img src="uploads/a2d49d0391c58f4aaa5ca47a054cdcc2/image016.png"></kbd> <kbd>![](uploads/a2d49d0391c58f4aaa5ca47a054cdcc2/image016.png)</kbd>
After a few seconds, a message should be displayed to indicate that the configuration has succeeded. Otherwise, you will need to check your input or contact us. After a few seconds, a message should be displayed to indicate that the configuration has succeeded. Otherwise, you will need to check your input or contact us.
<kbd><img src="uploads/a4dc9824d42fe7969f21f5445124eff9/image017.png"></kbd> <kbd>![](uploads/a4dc9824d42fe7969f21f5445124eff9/image017.png)</kbd>
### <a name="cifs-server"></a> CIFS Server ### CIFS Server
This form allows you to configure and setup CIFS services on the Vserver associated with your storage account. This form allows you to configure and setup CIFS services on the Vserver associated with your storage account.
...@@ -212,7 +212,7 @@ Configuration parameters: ...@@ -212,7 +212,7 @@ Configuration parameters:
* Active Directory Account Username: The username of the account used to add the CIFS server to the Directory. This part of the credential only needs to be supplied if the domain is being modified. * Active Directory Account Username: The username of the account used to add the CIFS server to the Directory. This part of the credential only needs to be supplied if the domain is being modified.
* Active Directory Account Password: The password for the account used to add the CIFS server to the Active Directory. This part of the credential only needs to be supplied if the domain is being modified. * Active Directory Account Password: The password for the account used to add the CIFS server to the Active Directory. This part of the credential only needs to be supplied if the domain is being modified.
### <a name="nfs-service"></a> NFS Service ### NFS Service
This form allows you to create and modify an NFS configuration on the Vserver associated with your storage account. This form allows you to create and modify an NFS configuration on the Vserver associated with your storage account.
...@@ -221,7 +221,7 @@ Configuration parameters: ...@@ -221,7 +221,7 @@ Configuration parameters:
* NFSv4 ID domain: NFSv4 ID mapping domain. * NFSv4 ID domain: NFSv4 ID mapping domain.
* Permitted Encryption Types: List of permitted encryption types for Kerberos over NFS. * Permitted Encryption Types: List of permitted encryption types for Kerberos over NFS.
### <a name="krb-realm"></a> Kerberos Realm ### Kerberos Realm
This form allows modifying a Kerberos Realm configuration on a Vserver. This form allows modifying a Kerberos Realm configuration on a Vserver.
...@@ -236,7 +236,7 @@ Configuration parameters: ...@@ -236,7 +236,7 @@ Configuration parameters:
* AD Server Name: Hostname of the Active Directory Domain Controller (DC). This is a mandatory parameter if the KDC Vendor is "Microsoft". * AD Server Name: Hostname of the Active Directory Domain Controller (DC). This is a mandatory parameter if the KDC Vendor is "Microsoft".
* AD Server IP: IP Address of the Active Directory Domain Controller (DC). This is a mandatory parameter if the kdc-vendor is "Microsoft". * AD Server IP: IP Address of the Active Directory Domain Controller (DC). This is a mandatory parameter if the kdc-vendor is "Microsoft".
### <a name="ldap-client"></a> LDAP Client ### LDAP Client
This form allows you to create or modify a Lightweight Directory Access Protocol (LDAP) client configuration on the Vserver associated with your storage account. This form allows you to create or modify a Lightweight Directory Access Protocol (LDAP) client configuration on the Vserver associated with your storage account.
...@@ -258,7 +258,7 @@ Configuration parameters: ...@@ -258,7 +258,7 @@ Configuration parameters:
* LDAP schema: LDAP schema to use for this configuration. * LDAP schema: LDAP schema to use for this configuration.
* Base DN: Indicates the starting point for searches within the LDAP directory tree. * Base DN: Indicates the starting point for searches within the LDAP directory tree.
### <a name="krb-nfs-iface"></a> Kerberos NFS Interface ### Kerberos NFS Interface
This form allows you to create and modify Kerberos configuration information for the NFS Logical Network Interface on the Vserver associated with your storage account. This form allows you to create and modify Kerberos configuration information for the NFS Logical Network Interface on the Vserver associated with your storage account.
...@@ -273,11 +273,11 @@ Configuration parameters: ...@@ -273,11 +273,11 @@ Configuration parameters:
To configure all services at once with the Default Settings of BLUE Active Directory, click **Configure All Services** and **Confirm** in the **Vserver Configuration** page. To configure all services at once with the Default Settings of BLUE Active Directory, click **Configure All Services** and **Confirm** in the **Vserver Configuration** page.
<kbd><img src="uploads/e42b00029d8d5c0ae2689fee0d132920/image018.png"></kbd> <kbd>![](uploads/e42b00029d8d5c0ae2689fee0d132920/image018.png)</kbd>
All services have been configured successfully as shown below. All services have been configured successfully as shown below.
<kbd><img src="uploads/5577f64521e0bfc64b23cac8872edf11/image019.png"></kbd> <kbd>![](uploads/5577f64521e0bfc64b23cac8872edf11/image019.png)</kbd>
## Creating a Storage Project ## Creating a Storage Project
...@@ -287,7 +287,7 @@ Storage projects may either be SMB or NFS. This can be performed by the DO or DM ...@@ -287,7 +287,7 @@ Storage projects may either be SMB or NFS. This can be performed by the DO or DM
To create a project, on **My Account** page, click **Unallocated**. To create a project, on **My Account** page, click **Unallocated**.
<kbd><img src="uploads/1482b89ca7a1932bece339f97745c56e/image020.png"></kbd> <kbd>![](uploads/1482b89ca7a1932bece339f97745c56e/image020.png)</kbd>
### SMB shares ### SMB shares
...@@ -303,38 +303,37 @@ Define the following attributes on that page and click the **Save** button: ...@@ -303,38 +303,37 @@ Define the following attributes on that page and click the **Save** button:
Once the Storage Project has been created you will see a confirmation message. Once the Storage Project has been created you will see a confirmation message.
<kbd><img src="uploads/2d8851c5fd681a9554c559f900f35a06/image022.png"></kbd> <kbd>![](uploads/2d8851c5fd681a9554c559f900f35a06/image022.png)</kbd>
The DO and DM will receive a confirmation email containing a link to access the storage. The DO and DM will receive a confirmation email containing a link to access the storage.
<kbd><img src="uploads/8da03bd385e8753a77af06e1b95d8890/image023.png"></kbd> <kbd>![](uploads/8da03bd385e8753a77af06e1b95d8890/image023.png)</kbd>
The **Configure the storage** page is updated with the Storage Project details. The **Configure the storage** page is updated with the Storage Project details.
You can also add a Data Project Manager as shown below. You can also add a Data Project Manager as shown below.
<kbd><img src="uploads/f93b3850db8a8bd13563cc166855888a/image025.png"></kbd> <kbd>![](uploads/f93b3850db8a8bd13563cc166855888a/image025.png)</kbd>
### NFS share ### NFS share
You can also create an NFS project by setting the **Project type** to **NFS**. You can also create an NFS project by setting the **Project type** to **NFS**.
<kbd><img src="uploads/9d2c19ee1f9dcb3275c701956c9acf29/image026.png"></kbd> <kbd>![](uploads/9d2c19ee1f9dcb3275c701956c9acf29/image026.png)</kbd>
The project has been created. Note that a Data Project Manager does not exist in NFS projects. The project has been created. Note that a Data Project Manager does not exist in NFS projects.
<kbd><img src="uploads/c6df48582a72df3800413fd1dfde04f4/image027.png"></kbd> <kbd>![](uploads/c6df48582a72df3800413fd1dfde04f4/image027.png)</kbd>
To access the NFS share from your client, please follow the instructions in [NFSv4 / Kerberos Client configuration](#h-11). To access the NFS share from your client, please follow the instructions in [NFSv4 / Kerberos Client configuration](#h-11).
On the **My account** page, DOs and DMs are able to see all the projects. On the **My account** page, DOs and DMs are able to see all the projects.
<kbd><img src="uploads/b2a83e24bf7bbe61b319cf909a1857a2/image028.png"></kbd> <kbd>![](uploads/b2a83e24bf7bbe61b319cf909a1857a2/image028.png)</kbd>
However, DPMs can only view the projects that only belong to them. However, DPMs can only view the projects that only belong to them.
<kbd><img src="uploads/69bd441c2b98f111218e531840d176f5/image029.png"></kbd> <kbd>![](uploads/69bd441c2b98f111218e531840d176f5/image029.png)</kbd>
Please remember to lock down the permissions on the projects you have created. Please remember to lock down the permissions on the projects you have created.
...@@ -346,7 +345,7 @@ On the **My Account** page, click the link to the Storage Project you want to de ...@@ -346,7 +345,7 @@ On the **My Account** page, click the link to the Storage Project you want to de
Click the **red cross icon** next to the Project name. Then type the **Project name** into the text field in the confirmation form to confirm and finally click the **Delete Project** button. Click the **red cross icon** next to the Project name. Then type the **Project name** into the text field in the confirmation form to confirm and finally click the **Delete Project** button.
<kbd><img src="uploads/2f604f26f40c0b2bb1a5c55db34f4b56/image030.png"></kbd> <kbd>![](uploads/2f604f26f40c0b2bb1a5c55db34f4b56/image030.png)</kbd>
## Managing storage capacity and duration ## Managing storage capacity and duration
...@@ -360,21 +359,21 @@ This is done by the DO or DM(s). ...@@ -360,21 +359,21 @@ This is done by the DO or DM(s).
Go to **Configure the licence** page and click the **Increase My Storage Size** button: Go to **Configure the licence** page and click the **Increase My Storage Size** button:
<kbd><img src="uploads/cff6f36f95ec88fa76498e555bbdaf29/image037.png"></kbd> <kbd>![](uploads/cff6f36f95ec88fa76498e555bbdaf29/image037.png)</kbd>
In the pop-up dialogue box, enter how many additional TB you want, select an activation date from the date drop-down menu, and click the **Get Quote** button: In the pop-up dialogue box, enter how many additional TB you want, select an activation date from the date drop-down menu, and click the **Get Quote** button:
<kbd><img src="uploads/50f269976ab697f0ccf1b0bfa56bdc8d/image040.png"></kbd> <kbd>![](uploads/50f269976ab697f0ccf1b0bfa56bdc8d/image040.png)</kbd>
You will be redirected to the payment page. Enter your purchase order number (or click the **Voucher** link to enter a voucher code, tick the checkbox to accept the Terms & Conditions, and click the **Pay** button: You will be redirected to the payment page. Enter your purchase order number (or click the **Voucher** link to enter a voucher code, tick the checkbox to accept the Terms & Conditions, and click the **Pay** button:
<kbd><img src="uploads/b1c78be260333640aac687b9b1c2019b/image042.png"></kbd> <kbd>![](uploads/b1c78be260333640aac687b9b1c2019b/image042.png)</kbd>
When the payment is processed, you will see the payment confirmation page. When the payment is processed, you will see the payment confirmation page.
You will be redirected to the **Configure the licence** page where you will see the original **Full licence** and the newly purchased **Size Extension** licence: You will be redirected to the **Configure the licence** page where you will see the original **Full licence** and the newly purchased **Size Extension** licence:
<kbd><img src="uploads/7c60abe24c868527ecc6dfbe599df101/image044.png"></kbd> <kbd>![](uploads/7c60abe24c868527ecc6dfbe599df101/image044.png)</kbd>
### Extending storage duration ### Extending storage duration
...@@ -382,19 +381,19 @@ This is done by the DO or DM. ...@@ -382,19 +381,19 @@ This is done by the DO or DM.
Go to the **Configure the licence** page and click the **Extend My Storage Duration** button: Go to the **Configure the licence** page and click the **Extend My Storage Duration** button:
<kbd><img src="uploads/3e5dcf36ef215d1d125a8e475621733e/image045.png"></kbd> <kbd>![](uploads/3e5dcf36ef215d1d125a8e475621733e/image045.png)</kbd>
In the pop-up dialogue box, you will see your storage capacity shown. Use the drop-down menu to select how long you wish to extend it for, and click the **Get Quote** button: In the pop-up dialogue box, you will see your storage capacity shown. Use the drop-down menu to select how long you wish to extend it for, and click the **Get Quote** button:
<kbd><img src="uploads/6547419e685b65ce76ff5de2923f1239/image046.png"></kbd> <kbd>![](uploads/6547419e685b65ce76ff5de2923f1239/image046.png)</kbd>
You will be redirected to the payment page. Enter your purchase order number (or click the **Voucher** link to enter a voucher code – see page 9), click the checkbox to accept the Terms & Conditions, and click the **Pay** button: You will be redirected to the payment page. Enter your purchase order number (or click the **Voucher** link to enter a voucher code – see page 9), click the checkbox to accept the Terms & Conditions, and click the **Pay** button:
<kbd><img src="uploads/bcc3b0c05cb01eace5bdd6ac1203a9fc/image047.png"></kbd> <kbd>![](uploads/bcc3b0c05cb01eace5bdd6ac1203a9fc/image047.png)</kbd>
After the payment process passed you will be redirected to the **Configure the licence** page, where you will see the **Duration Extension** license listed: After the payment process passed you will be redirected to the **Configure the licence** page, where you will see the **Duration Extension** license listed:
<kbd><img src="uploads/291725d64974677be89042660330cdab/image048.png"></kbd> <kbd>![](uploads/291725d64974677be89042660330cdab/image048.png)</kbd>
### Increasing the size of a Storage Project ### Increasing the size of a Storage Project
...@@ -404,32 +403,82 @@ From the **My Account** page, click the name of the Storage Project you want to ...@@ -404,32 +403,82 @@ From the **My Account** page, click the name of the Storage Project you want to
Adjust the **Project size** slider to show the number of TB you want to increase to: Adjust the **Project size** slider to show the number of TB you want to increase to:
<kbd><img src="uploads/13a158400a6b21f283f904fe36b125a2/image050.png"></kbd> <kbd>![](uploads/13a158400a6b21f283f904fe36b125a2/image050.png)</kbd>
Click the **Save** button. You will see a confirmation message on the screen: Click the **Save** button. You will see a confirmation message on the screen:
<kbd><img src="uploads/39d4c6e5a6da63327ed7a01d936bf0f5/image051.png"></kbd> <kbd>![](uploads/39d4c6e5a6da63327ed7a01d936bf0f5/image051.png)</kbd>
A few seconds later, the DO receives an email confirming that the project size has been increased: A few seconds later, the DO receives an email confirming that the project size has been increased:
<kbd><img src="uploads/5d93d9606114af41b845b8d8191ebb13/image052.png"></kbd> <kbd>![](uploads/5d93d9606114af41b845b8d8191ebb13/image052.png)</kbd>
The DO, DM or DPM can now enable or disable the SMB encryption for accessing the Storage Project by ticking the **SMB encryption** checkbox and clicking the **Save** button: The DO, DM or DPM can now enable or disable the SMB encryption for accessing the Storage Project by ticking the **SMB encryption** checkbox and clicking the **Save** button:
<kbd><img src="uploads/be8de847e0f2dc26c34d36f7daf08ae5/image053.png"></kbd> <kbd>![](uploads/be8de847e0f2dc26c34d36f7daf08ae5/image053.png)</kbd>
SMB encryption will be enabled/disabled and a confirmation message will appear on the screen, e.g.: SMB encryption will be enabled/disabled and a confirmation message will appear on the screen, e.g.:
<kbd><img src="uploads/7cca996d50213703cd7e9e8ce0f31deb/image054.png"></kbd> <kbd>![](uploads/7cca996d50213703cd7e9e8ce0f31deb/image054.png)</kbd>
### Graphical representation of the the Space Utilization
1. Utilization of the License
![image](uploads/eec5d9bc16d0cf4eaf4122808d529324/image.png)
- Volume Total Space – Total amount of space for which the user requested a License.
- Total Available Space – Total amount of space available for users will be able to write data.
- Volume Used Space – Total amount of space utilized by the user in the license. It will be the sum of space utilized by number of projects within the license.
- Volume Snapshot reserve - 5% of the total requested license space will be reserved for the snapshot which will be beneficial in the scenario of file corruption.
- Snapshot overflow space – Amount of space overflow from the reserved space.
**Formula: (Licensed space) Volume Total Space = Volume Used Space + Total Available Space + Snapshot space**
Snapshot space:
- 5% of the total requested space is reserved for snapshot
- **NOTE**: _If the rate of change of data is high for a large amount of space and greater than reserved space then the snapshot will overflow from the reserved space to available space._
2. Utilization of the Projects within the Licence.
![image](uploads/0fbd15108699d3f67b917460d4c10fe0/image.png)
### Change the snapshot policy
This feature is beneficial for the snapshot scenario, If the users are aware that the much older data wouldn’t be relevant because of a higher rate of change of data then the user could use the policy which will change the retention period of the snapshot and free up the older snapshot.
From the combo box, the user can use the following options:-
1. ifs-snapshot-policy [ DEFAULT ] – Monthly Count:12, Daily Count 30 and hourly:24
- This policy will retain snapshots of the last 12 months’
2. ifs-snapshot-policy-moderate– Monthly Count: 6, Daily Count 30 and hourly:24
- This policy will retain snapshots of the last 6 months’
3. ifs-snapshot-policy- relax– Monthly Count:3, Daily Count 30 and hourly:24
- This policy will retain snapshots of the last 3 months’
**>>Select the "My account" in Home page**
![image](uploads/9dac498d93c353fcd5096f57951ffc22/image.png)
**>>Select the vserver configuration of IFS account**
![image](uploads/1da94ed7d3ac21f9a2da35b8fd7c2908/image.png)
**>>Select the snapshot policy tab**
![image](uploads/84fc8952767bb32d767772ed530802b1/image.png)
**>>Select the desire policy from the listed combo box.**
![image](uploads/ab3331e5315c0144882602c752eb9456/image.png)
**>>Apply the desired snapshot policy**
## Enable Kerberos authentication for CIFS shares ## Enable Kerberos authentication for CIFS shares
In order to access your shares with Kerberos authentication, you have to add the CIFS service principal name in the `servicePrincipalName` field of the CIFS server machine account created in your AD. In order to access your shares with Kerberos authentication, you have to add the CIFS service principal name in the `servicePrincipalName` field of the CIFS server machine account created in your AD.
The CIFS service principal name would usually have the format `cifs/<DNS Name of your CIFS network interface>`. For instance, for the CIFS interface `ifs-prod-381-cifs.ifs.uis.private.cam.ac.uk`, the CIFS principal name would be `cifs/ifs-prod-381-cifs.ifs.uis.private.cam.ac.uk`. The CIFS service principal name would usually have the format `cifs/<DNS Name of your CIFS network interface>`. For instance, for the CIFS interface `ifs-prod-381-cifs.ifs.uis.private.cam.ac.uk`, the CIFS principal name would be `cifs/ifs-prod-381-cifs.ifs.uis.private.cam.ac.uk`.
The `servicePrincipalName` would eventually look like the following: The `servicePrincipalName` would eventually look like the following:
<kbd><img src="uploads/2e0c8b7b5339639b6fc9d2ff093e69b1/cifs-spn.PNG"></kbd> <kbd>![](uploads/2e0c8b7b5339639b6fc9d2ff093e69b1/cifs-spn.PNG)</kbd>
If you are using `BLUE` AD, please contact us to update your CIFS server machine account. If you are using `BLUE` AD, please contact us to update your CIFS server machine account.
...@@ -464,7 +513,7 @@ Only Kerberos 5, Kerberos 5i, and Kerberos 5p are allowed as authentication meth ...@@ -464,7 +513,7 @@ Only Kerberos 5, Kerberos 5i, and Kerberos 5p are allowed as authentication meth
### Mounting the NFS share ### Mounting the NFS share
We've set up an NFS share in a test Vserver called **ifs_dev_4**. The share path is **/ifs_dev_4_vol/ifs_dev_4_vol_44 and is** accessible through the NFS interface **[ifs-dev-4-nfs.ifs.uis.private.cam.ac.uk](http://ifs-dev-4-nfs.ifs.uis.private.cam.ac.uk)**. We've set up an NFS share in a test Vserver called **ifs_dev_4**. The share path is **/ifs_dev_4_vol/ifs_dev_4_vol_44 and is** accessible through the NFS interface **ifs-dev-4-nfs.ifs.uis.private.cam.ac.uk**.
The following configuration has been tested on Ubuntu 18.04 LTS and RHEL 7.7 (Maipo). Note that it could be slightly different on other OS versions. The following configuration has been tested on Ubuntu 18.04 LTS and RHEL 7.7 (Maipo). Note that it could be slightly different on other OS versions.
... ...
......