Archive for February, 2011

In the last couple of months I’ve deployed two Celerra NS120’s and a Celerra VG2 gateway for which I experienced the same problem preventing anyone from being to login to Unisphere post install.

The symptoms with the NS120’s was quite different to that of the gateway, the NS120’s gave a clear blatant certificate error which let you know the certificate was not valid and basically stated to please come back 3 hours in the future for then the certificate would be valid and accepted.

The VG2 gateway install was completely different and manifested its self to look more like a browser compatibility issue. When launching Unisphere the pop up window would launch but the login prompt would not appear.

The NS120’s were deployed in the afternoon and I didn’t have the need to login immediately so I packed up and left it for the next day. The next day I turned up and logged in without an issue as the certificate was now valid.

The VG2 gateway was more like a day out of sync and I thought id login, correct the time on the control station and try to re-generate the SSL certificates using the command /nas/sbin/nas_config -ssl but this unfortunately did not work.

I did some searching in PowerLink hoping to find something related and found the following knowledge base article;

emc257320 “After NAS 6.0 fresh installation, unable to log in to Unisphere”

While searching PowerLink I found another article related to the Clariion, but almost identical in nature. The fix for the Clariion was nicer as it allowed you to put your clock forward, login, then generate a new certificate and then put your time/date back to the corect time.

emc247504 “Certificate date and time error prevents access to CX4 storage system after upgrade to Release 30.”

The problem seems to be present in both FLARE 30 and DART 6.0 and can show up during install or upgrade.

Hopefully anyone with the same problem might find this post before spending hours thinking it’s a browser or java issue.

Hope this helps.

I was talking to a friend last week who asked me two provocative yet valid questions, and I thought It would be worth posting about because at the end of our conversation he had opened his mind to a few concepts he had not considered.

Question #1   “Whats all this Unified Storage Hooey about?” 

Probably a good place to start for people who are not overly familiar with the term “Unified Storage” is to define it. In my own words “Unified Storage” is about being able to present and manage storage using multiple protocols e.g. BLOCK (FC), NFS, iSCSI and CIFS from the same storage array.

It’s no secret that most of us (myself included) have adopted the mind-set “Virtualize Everything” and with that I don’t need to explain where BLOCK, NFS and iSCSI have a place in the virtualization world as they are all widely used and proven.

You might say that typically people tend to pick one protocol and stick with it and you wouldn’t be wrong, but think about being able to tier storage by protocol rather than how you normally associate tiering in the storage world which tends to centered around disk type e.g EFD, FC, SATA. If you look at the cost of FC switch ports and HBA’s compared to Ethernet ports and adapters, it makes total sence that you might consider putting tier 1 production systems on FC storage while placing your test and development systems on IP storage such as NFS or iSCSI.

Question #2   “What good is CIFS to me in a predominantly Virtual world”

When virtualization started taking off years ago we all went mad, it was all about server consolidation and In most cases we virtualized anything that responded to a ping request. What happened often was people virtualized file servers and ended up with virtual machines with huge .vmdk or rdm’s which generally did two things.

  • Used huge amounts of valuable storage
  • Caused huge bottle necks and backup windows blew out

 So I’ll address those two points and try to also cover some other key points which in my mind, make putting file data on the Celerra a no brainer.

De-Duplication: This feature is actually single instance plus compression. People are always sceptical about the figures which storage vendors put out in the market as they are often not achievable, but I can tell you that I have personally seen 1TB file systems reduce by 50% and in some cases 60% with Celerra De-Duplication enabled.

NDMP Backup: File systems containing user data tend to be quite dense, typically this causes traditional backup systems grief and a full backup window can end up being 4-5 days with large amounts of data. NDMP backups using EMC NetWorker can be configured to pull the data over the network or directly to a fibre connected device (tape or VTL drive) for LAN free backup. Celerra NVB (block based backup) handles dense file systems really well, Ive seen backup windows shrink from days to hours.

Snapshots: If you’ve ever been a backup administrator for a large organization you’ll know that on a bad week you can end up spending way to much time recovering user data. Celerra allows you to configure scheduled snapshots of file systems which are then available via the windows previous version tab built into XP service pack 3 and above operating systems.

Archiving: How much of that user data has actually been accessed in the last 6 months ? Introduce EMC’s File Management Appliance (Rainfinity) and you have the ability to move data from expensive FC disk to cheaper SATA storage while being transparent to users accessing the data.

I could go on and on about the other features such as High Availability, Replication, File Level retention, File Filtering, etc, etc but I think this post might end being too much of a mammoth read so I might pick some of these and elaborate more in up coming posts.

I’m not saying it’s a mistake to virtualize file servers because in certain cases there are advantages e.g. being able to replicate and protect using VMware Site Recovery Manager is a good example where its advantageous, but I am saying the larger the amount of data, the more beneficial it is to consider moving to the Celerra.

I’ve been deploying Celerra’s for a while now and with technology changing as fast as it does, you really need to be across the applied practice, best practice and NAS Matrix documents found in PowerLink to validate your storage design.

For the last couple of years the majority of the Celerra’s Ive deployed have been shipped with DART 5.6 code and the backend Clariion flare version has typically been what we refer to as 28,29 and most recently flare 30.

One of the first things you learn when deploying Celerra’s is you need to read the NAS Matrix guide to determine which RAID configurations are supported because although you may be able to create certain RAID types with x number of disks on the backend Clariion, It doesn’t mean the Celerra will let you use it… this is typically where people sit for 20-30 mins performing multiple “rescan storage” operations hoping that storage will magically appear.

One of the biggest changes in Flare 30 was the introduction of storage Pools which is quite different to the traditional “Raid Group” concept which has been around for donkeys years. If you want to read a bit more in-depth information about Storage Pools, then check out Matt Hensleys post here.

What I couldnt find in the latest NAS Matrix guide or in any of the documentation I found was conformation that I could present storage from the Clariion storage pool to the Celerra, so after carving a LUN from the storage pool made up of 10 FC disks, I presented it through to the Celerra and performed a rescan…… rescan…… and one more for good luck…..rescan, but unfortunately no luck and no LUN.

At this stage I remembered often performing tasks from the command line on the control station often spits out more debug information so I thought id give it a shot.

And that confirmed it. ” Fully provisioned CLARIION pool device was not marked because it is not supported in this realease”

The answer to this problem in the end was “thin provisioning”. I created a thin provisioned LUN from the Clariion Pool, added the LUN to the Celerra storage group and performed a rescan and there was my LUN.

In the end I found the following primus solution EMC241591 which outlines 3 conditions that will cause this error, fully provisioned LUNs was one of them along with Auto Tier and Compression being enabled.

Cause : Certain new CLARiiON FLARE Release 30 features are not supported by Celerra and the initial 6.0 NAS code release.  CLARiiON LUNs containing the following features will not be diskmarked by the Celerra, resulting in diskmark failures similar to those described in the previous Symptom statements:

  • CLARiiON FAST Auto-Tiering is not supported on LUNs used by Celerra.
  • CLARiiON Fully Provisioned Pool-based LUNs (DLUs) are not supported on LUNs used by Celerra.
  • CLARiiON LUN Compression is not supported on LUNs used by Celerra.

 

I recently needed to log into a CLARIION for which the admin password was unknown. I did a search on PowerLink and found an article which was fairly vague so I thought id quickly post showing the steps needed to get this sorted.

You will need the service cable which come with your CLARIION, it’s a serial to micro DB9 which connects your workstation or laptop to the management port on the Storage Processor.

My first challenge was my laptop did not have a serial port so I had to go out and purchase a USB to Serial cable.

My second challenge was the instructions on Powerlink talked about Dial Up Networking which is something I remembered from the dark ages (pre Windows XP). I mucked around for about 30-40 minutes with Windows 7 trying to get a PPP connection setup but in the end it was just easier to power on a XP virtual machine  and pass the USB to Serial adapter through to the XP virtual machine.

Pass the USB to Serial Adapter through to the Virtual Machine

Goto Control Panel and select Network Connections

Select the option to create a new connection

Select “Setup an Advanced Connection”

Select “Connect directly to another computer”

Select “Guest”

Name the connection

Select the device

Check the box to add a shortcut on the desktop and select finish

Now launch the connection using the shortcut and edit the properties, you need to change the speed to 115200 otherwise the connection will fail. Then enter Username and Password (see below for details) and connect.

Once a connection has been established, Launch your web browser and connect to the following URL http://192.168.1.1/setup

Now what you need to do is select the option  “Destroy Security and Domain information“, before you do this, just note it does exactly what it says its going to do.

While your waiting for the management service to restart you can disconnect the service cable and patch your laptop back into the network and browse to the Storage Processor as you normally would. When Navisphere loads you’ll be notified that global security is not enabled and prompted to supply a new password for the admin account.

<Username and Password>

Im not going to give out the username and password for the PPP connection as the purpose of the post is to demonstrate the procedure.

If you do need to perform these steps then I suspect you will be able to either find the support article I found which lists the 3 passwords which have typically been used over the years or you could raise a service request with EMC support, Im sure if you give them a valid CLARIION serial number they will give you the passwords.

 *Update*

If you look at the comments below you’ll see Scott Lowe reminded me there is also a service Lan port on each SP which can be used to access the <ipaddress>/setup page.

I’ve used the LAN port a number of times before (typically to change Storage Processor IP’s) as it allows me to connect my laptop directly rather than having to plug my laptop in the customer corporate network, but what I wanted to test was if you could login using the same username/password which you use for the PPP connection.

After testing this using the username/password used for the PPP connection, It seems in order to connect to the <ipaddress>/setup page via the LAN service port, you actually need to know the admin (or other global account with admin privileges) which means at this stage you’ll be stopped in your lost password tracks. I’m pretty sure now the only way to reset the password is using the PPP connection over the serial cable.

If you’re wondering what IP Address you should assign to your laptop, and what address to substitute <ipaddress> for, then check out Dan’s post here which covers exactly what you need to know.