Creating an OST or RDS connection type container
To create an OST or RDS connection type container, follow these steps:
- In the navigation menu, click Containers. The Containers page is displayed.
- Click Add Container.
- For Protocol, select Rapid Data Storage (RDS) or Veritas OpenStorage (OST) as appropriate.
- For the container Name, type the name of the container, and then click Next.
Container names cannot exceed 32 characters in length, must start with a letter, and can be composed of any combination of the following characters:
- A-Z (uppercase letters)
- a-z (lowercase letters)
- 0-9 (numbers). Do not start a container name with a number.
- dash (-) or underscore (_) special characters
|
NOTE: QoreStor does not support the use of the following special characters in container names: /, #, or @. |
- In the Storage Group drop-down, select the Storage Group for this container.
- Click Next.
- On the User Access Control page, select the appropriate permissions for the displayed user accounts. Refer to Configuring User Access Controls for more information.
- If you selected RDS, LSU Capacity is set to Unlimited by default. If you selected Veritas OpenStorage (OST), for LSU Capacity select one of the following options allowed per container:
- Unlimited — To define the allowed amount of incoming raw data per container (based on the physical capacity of the container).
- Quota: To define a set limit in Gibibytes (GiB) for incoming raw data allowed per container.
- Click Next.
- Optionally, select Recycle Bin, and then enter the number of days you want files to remain in the Recycle Bin before deleting. For more information, see Managing containers.
|
NOTE: Enabling the Recycle Bin is an irreversible step. Once it is enabled, you cannot disable it on a container.
For information about which versions of NetVault support the Recycle Bin and RDA immutability, see the Quest QoreStor Interoperability Guide. |
- Click Next.
- Click Finish.
|
NOTE: To add a container through the command line, use the command: container --add --name <name> [--group_name <name>]
Refer to the QoreStor Command Line Reference Guide for more information. |
Configuring User Access Controls
QoreStor allows you to specify user access controls for individual RDA containers. User access controls allows for multiple containers of the same type while ensuring that access to each container is isolated to specific users. User access controls (UACs) can be set at the container level to assign RWD (read-write-delete) or RW (read-write) permissions on that container to individual user accounts.Data within the containers can be access or deleted by users with both permission types, but the container can only be deleted by a user with RWD permissions.
The backup_user account is assigned by default to RDA containers, and is granted RWD permissions. Additional user access can be configured through the GUI or CLI.
|
NOTE: User Access Controls is currently only supported on RDA containers. |
Requirements for using User Access Controls
- The user account to which access is going to be assigned should be created before creating the container or configuring UAC.
To configure User Access Controls
- In the navigation menu, click Containers. The Containers page is displayed.
- In the list of containers, find the container for which you add user access controls, and then click User Access Control.
- The backup_user account is listed by default. To configure other accounts with permissions, user the Search field to find the account. Click the desired account to add it to the users list.
- For each listed account, select the appropriate permissions. Options are:
- Read/Write - gives the account read and write permissions on the container.
- Read/Write/Delete - gives the account read, write, and delete permissions on the container.
- Click Finish.
|
NOTE: To add user access controls to a container through the command line, use the command: container --add --name <name> [--group_name <name>]container --add_uac --name <name> --user <user name> --mode <RW|RWD>
Refer to the QoreStor Command Line Reference Guide for more information. |
Adding an NFS or CIFS connection type container
To add an NFS or a CIFS connection type container, complete the following steps:
- In the navigation menu, click Containers. The Containers page is displayed.
- Click Add Container.
- For Protocol, select NAS (NFS, CIFS)..
- For the container Name, type the name of the container, and then click Next.
Container names cannot exceed 32 characters in length, must start with a letter, and can be composed of any combination of the following characters:
- A-Z (uppercase letters)
- a-z (lowercase letters)
- 0-9 (numbers). Do not start a container name with a number.
- dash (-) or underscore (_) special characters
|
NOTE:QoreStor does not support the use of the following special characters in container names: /, #, or @. |
- In the Storage Group drop-down, select the Storage Group for this container.
- Click Next.
- For Marker Type, select the appropriate marker that supports your Data Management Application (DMA).
- Auto — Automatically detects CommVault, Tivoli Storage Manager (TSM), ARCserve, and HP Data Protector marker types. In addition, select this option if you need to support EMC Networker 2.0.
- ARCserve—Supports the ARCserve marker.
- BridgeHead — Supports the BridgeHead HDM marker.
- CommVault—Supports the CommVault marker.
- HP DataProtector—Supports the HP Data Protector marker.
- Networker — Supports EMC Networker 3.0. If you need to support EMC Networker 2.0, select Auto.
- Time Navigator—Supports the Time Navigator marker.
- TSM—Supports the TSM marker.
- Unix Dump — Supports the Amanda marker, among others.
|
IMPORTANT: Improper marker selection can result in non-optimal savings. As a best practice, if you have only one type of DMA with traffic directed to a container, it is best to select the marker type that supports your DMA (for example, BridgeHead, Auto, or another). Conversely, as a best practice, if you have traffic from a DMA that is not one of the supported marker types, it is best to disable marker detection for the container by selecting the None marker type. |
- For Access Protocols, select NFS and CIFS as appropriate.
(Use NFS to back up UNIX or LINUX clients. Use CIFS to back up Windows clients.)
- Click Next.
- If you selected NFS as the connection type, configure NFS access as follows. For CIFS connections, proceed to step 11.
- NFS Options — Defines the type of access to the container. Select one of the following options.
- Read Write Access — To allow read-write access to the container.
- Read Only Access — To allow read-only access.
- Root Mapping— Select one of the following options from the drop-down list to define the user level you want mapped to this container.
- Root — to specify a remote user with root access to read, write, and access files on the system.
- Nobody — to specify a user on the system without root access permissions.
- Administrator — to specify the system administrator.
- NFS Client Access — Define the NFS client(s) that can access the NFS container or manage the clients that can access this container by selecting one of the following options.
- Open (allow all clients) — To allow open access for all clients to the NFS container you create. (Select this option only if you want to enable access for all clients to this NFS container.)
- Create Client Access List — To define specific clients that can access the NFS container. In the Client FQDN or IP text box, type the IP address (or FQDN hostname) and click the Add icon. The “added” client appears in the Allow Clients list box. (To delete an existing client from this list box, select the IP address (or FQDN hostname) of the client you want to delete, and click the Delete icon. The “deleted” client disappears from the list box.)
- If you selected CIFS as the connection type, configure CIFS access as follows.
- Client Access — Define the CIFS client(s) that can access the container or manage the clients that can access this container by selecting one of the following options.
- Open (allow all clients) — To allow open access for all clients to the container you create. (Select this option only if you want to enable access for all clients to this container.)
- Create Client Access List — To define specific clients that can access the container. In the Client FQDN or IP text box, type the IP address (or FQDN hostname) and click the Add icon. The “added” client appears in the Allow Clients list box. (To delete an existing client from this list box, select the IP address (or FQDN hostname) of the client you want to delete, and click the Delete icon. The “deleted” client disappears from the list box.)
|
NOTE: The QoreStor administrator that manages the system has a different set of privileges than does the CIFS administrator user. Only the QoreStor administrator can change the password for the CIFS administrator user. To change the password that allows access for the CIFS administrator user, use the authenticate --set --user administrator commands. For more information, see the QoreStor Command Line Reference Guide. |
- Click Next.
- Optionally, select Recycle Bin, and then enter the number of days you want files to remain in the Recycle Bin before deleting. For more information, see Managing containers.
|
NOTE: Enabling the Recycle Bin is an irreversible step. Once it is enabled, you cannot disable it on a container. |
- Click Next.
A Configuration Summary of the options you selected for creating the container appears.
- Click Finish.
Creating an Object Container
Adding an object container can be accomplished through the QoreStor UI or via the object_container command in the QoreStor CLI. Refer to the QoreStor Command Line Reference Guide for more information on the object_container command.
|
NOTE: QoreStor object container does not support object lifecycle management, which means transitioning storage classes or server side expiration of objects is not supported. User policies are limited to predefined readwrite, writeonly, and readonly. |
To create an object container
- In the navigation menu, click Containers.
- On the Containers pane, click Add Container. The Add Container dialog will be displayed.
- In the Protocol field, select Object (S3 Compatible).
- In the Storage Group drop-down, select the required storage group for this container.
- Click Next.
- Optionally, select Use HTTP instead of HTTPS. To use an HTTP connection, you must also follow the steps below:
-
On the QoreStor server, copy the aws.conf file to a new location:
|
NOTE: The QoreStor implementation of object storage uses a self-signed certificate. If your data management application requires third party certificates, you must use HTTP to connect to the object container. |
- Click Next.
- Review the summary and click Finish.
When the process is completed the object container is added to the QoreStor. For Object container created prior to QoreStor release 7.2.1 you will see the storage group ObjectContainer and the container ObjectStorageGroup added to the Storage Groups and Container pages, respectively. See the topics below for information on working with object storage.
Adding an object container through the command line
To add an object container, complete the following steps.
- Access the QoreStor CLI. Refer to Accessing the CLI commands for more information.
- Add a Object container:
object_container --add --name <container name> [--group <storage group name>]
Refer to the QoreStor Command LIne Reference Guide for more information.
- Get end-point details of it:
object_container --show --name <container name>
- Create user for this container. This user name is used as Access key and user’s password is used as Secret key while accessing Object container from the client systems (backup clients):
object_container --user-add --name <name> --user-name <user name>
|
IMPORTANT:The User’s name is used as Access Key and the user’s password is used as Secret Key while connecting to QoreStor from the S3 clients.
To see the S3 endpoint, use the command object_container --show --endpoint --name <name of container>
The endpoint is displayed in the format https://<QoreStor IP address>:<port>
Make sure the port is allowed for access through the firewall. |
- Set access policy for the user. Use <Policy name> as “readwrite” to allow the user to backup and restore data.
object_container --policy-set --name <name> --policy-name <Policy name> --user-name <user name>
- Create bucket for use in the backup application. Optionally add locking support:
object_container --bkt-add --name <name> --bkt-name <bucket name> [--enable-object-lock] [--enable-object-versioning]
- Configure the backup application with the endpoint, access key, secret key, and bucket name.