The Quest KACE K2000 Deployment Appliance, beginning with version 3.4, allows more storage by substituting an external Network Attached Storage (NAS) device for the appliance's internal storage. It also expands the virtual K2000/RSA storage by using an additional virtual disk. When external storage is enabled, all deployment data will be pulled from the external store and internal storage will not be available for use.
Quest| KACE supports NFS-based storage solutions for offboard storage on physical K2000 appliances.
Please review the Offboard storage best practices document (185637) before going forward.
We have tested and confirmed at least one configuration for each of the following devices:
- Synology DSM (3.4.54256 and higher)
- NETGEAR ReadyNAS (3.4.54256 and higher)
- Dell Equalogic FS7500 (3.5.76460 and higher)
- Windows 2008 Storage Server R2 (3.4.63129 and higher)
- Windows 2012 Foundation Server (3.5.76460 and higher)
- Virtual disk (3.4.54256 and higher)
NOTE: This list is not exclusive. Quest | KACE will continue to certify NFS-based solutions on an ongoing basis. Utilizing a consumer or small office (SOHO) level NAS device will not provide the same level of stability and performance as an enterprise level device, and is not recommended.
The process to make this happen is quite simple, the deployment data from the internal drive, such as images, pre/post install tasks, usmt, media, boot environments, and drivers, are copied to the offboard storage location, leaving the internal deployment data untouched and unused. Everything on the K2000 then points to this offboard storage location, which can be seen under Settings and Maintenance | Control Panel | Storage. This process does not “expand” the current drive as some expect.
Enabling offboard storage on the K2000 appliance
We recommend all users upgrade to the latest KACE SDA version prior to enabling offboard storage. Version 3.5 and higher allows this process to be performed by the user in the KACE SDA web interface. This option can be found under Settings and Maintenance | Data Storage. One may refer to the KACE SDA Administrator Guide for more detailed instructions.
Using the Network File System (NFS) protocol for the physical NAS device
Test the network access to your NAS device and confirm its configuration settings to provide the name of the NAS, such as NETGEAR ReadyNAS and the IP address of the device.
If using a physical NAS, the NAS device should be connected to the 2nd NIC of the KACE SDA. To do this, you can assign the 2nd NIC on the KACE SDA an IP on a private network, such as 10.0.0.2. Then assign the 2nd NIC (if it has one) on the NAS as 10.0.0.3. This will allow the device to be separate of your network and boost performance.
The storage server must provide exclusively NFS3 services to the KACE SDA. The KACE SDA will not work with NFS4 or a hybrid of both services.
Note: If unusual configuration problems occur with your NAS, Quest KACE may require that you engage Professional Services for assistance.
Configurations for supported NAS devices
- Enable Asynchronous Transfer if this setting is available on your device. This might improve the expandable storage performance.
- Disable Root squash if this setting is available on your device, for example set no_root_squash for the NFS share.
- If given the option to use NFS v3 and/or NSF v4, configure the share to use NFS v3 only.
Synology DSM settings > NFS privileges
- Privilege: Read/Write.
- Root squash: No mapping.
- Select the Enable asynchronous check box.
NETGEAR ReadyNAS settings In the Share Access Restrictions section:
- Enable Root privilege-enabled hosts.
- Specify the IP address of the KACE SDAn the text field (specifically the 2nd NIC if you have connected your device directly to the KACE SDA).
In the Advanced Share Permission section:
- Share folder owner: root
- Share folder group: root
- Share folder group rights: Read/Write
- Share folder everyone rights: Read/Write
Note: The share path for NETGEAR ReadyNAS devices typically begin with '/data'. So, if your path shows as /Netgear-Storage/data/K2000, use /data/K2000 in the Share path field.
Dell EqualLogic FS7500
- Under "Client Access Permissions" section
- Choose "Limit access to IP address(asterisks allowed)" and specify K2000 IP address or a specific network eg.188.8.131.52
- Under "Access type" section
- Under "Trusted Users" section
- Under "Access permissions"
- File Security Style: UNIX
- UNIX Permissions of Windows Files: "Owner=Read, Write, Execute", "Group=Read", "Others=Read", "Numeric value=744"
- UNIX Permissions of Windows directories: "Owner=Read, Write, Execute", "Group=Read, Execute", "Others=Read, Execute", "Numeric value=755"
- NFS Export needs to be created with "no_root_squash" option
Windows 2008 Storage Server R2
- Set up the Windows Storage Server 2008 R2
- Disable the firewall.
- Set up the NFS service on the server: Start|Administrative Tools|Server Manager|Roles|File Services|Add Role Services|Services for Network File System (NFS).
- Create a directory for the NFS share, for example e:\mynfs.
- Disable any anti-virus software to prevent it from scanning this shared folder.
- Go to Start > Share and Storage Management and from the Actions drop-down list, select Provision Share.
- Browse to the newly created NFS share directory.
- Ensure that the No, do not change NTFS permissions check box is selected. This retains the default NTFS permissions.
- Under Share Protocols, select NFS and provide the appropriate NFS share name.
- For NFS Authentication, select "allow anonymous access and change the UID and GID to 0 and save
- then open NFS authentication again and select Enable unmapped user access and Allow unmapped user Unix access.and save.
- check to make sure the anonymous access UID and GUI are both 0 after you save.
- For NFS Permissions, under Groups and host permissions, select Add. On the resulting dialog box, provide the K2000 server IP address as host and set the permission as Read/Write.
- Select the Allow root access check box. Click OK, then Next.
- Continue with the default settings and complete the NFS share configuration.
- Mount this share onto the K2000 server using the regular steps used for configuration of expandable storage.
- Reboot the K2000 appliance.
Setting for Microsoft Windows Server 2012 Foundation (3.5.76460 and higher)
- Install Network File System on Storage 2012
- To install Network File System on the server using Server Manager:
- From the Add Roles and Features Wizard, under Server Roles, select File and Storage Services if it has not already been installed.
- Under File and iSCSI Services, select File Server and Server for NFS. Click Add Features to include selected NFS features.
- Click Install to install the NFS components on the server.
- To Create NFS file share:
- Log on to the server as a member of the local Administrators group. Server Manager will start automatically. If it does not automatically start, click Start, type servermanager.exe, and then click Server Manager.
- On the left, click File and Storage Services, and then click Shares.
- Click To create a file share, start the New Share Wizard.
- On the Select Profile page, select either NFS Share – Quick or NFS Share - Advanced, and click Next.
- On the Share Location page, select a server and a volume, and click Next.
- On the Share Name page, specify a name for the new share, and click Next.
- On the Authentication page, specify the authentication method you want to use for this share.
- On the Share Permissions page, click Add, and then specify the host, client group or netgroup you want to grant permission to the share.
- In Permissions, configure the type of access control you want the users to have, and click OK.
- On the Confirmation page, review your configuration, and click Create to create the NFS file share.
Virtual disk settings(for Virtual KACE SDA)
The VK2000 and virtual disk communicate using the Internet Small Computer System Interface (iSCSI). VMware ESX and ESXi support this protocol.
- Power down the K2000/RSA virtual machine from the Settings and Maintenance | Appliance Maintenance page.
- Once powered off, create a new virtual disk the size you would like and add it to the SCSI controller of the K2000/RSA.
- Power the K2000/RSA virtual machine back on
- Navigate to Settings and Maintenance | Data Storage and click on 'Change to offboard storage' to start the Change Storage Type wizard
Please note that you will not be able to "resize" the original or secondary virtual disk to either free up space on the VMware datastore or to make more space available to the K2000. It is important to account for future needs when configuring your K2000 to use offboard storage.
Return to using the KACE SDA's internal storage
There are 2 ways to move back to using the internal KACE SDA(or RSA) storage. Both methods can be done using the Change Storage Type Wizard located in Settings and Maintenance | Data Storage.
Method 1 (Recommended) - Migrate the data from the external storage device to the K2000's internal storage
This method retains the database in it's current form and syncs the data from the external datastore to the internal datastore, overwriting the deployment data from before the initial offboard storage migration.
The data on the external storage device must be less than or equal to the amount of space on the appliance’s internal storage; otherwise, the external storage data cannot be migrated and the original data is retained.
If you do not have enough space on your K2000 internal storage, you will need to free up space by exporting items, moving the exported data off of the K2000, and deleting the items from the K2000 until you have reduced your disk utilization to be less than or equal to the amount of space on the appliance’s internal storage. The space may not completely free up until a purge is done manually (via Settings | Appliance Maintenance | Delete unused system image files) or automatically overnight.
If you are having any problems with your offboard storage device, please contact support before attempting to migrate your data
Method 2 - Revert to using the data on the K2000's internal storage from before the migration, discarding the deployment data on the external storage device
WARNING: This method is destructive! Any data added to the K2000 after the initial offboard storage migration will be unusable unless it was exported and moved off of the K2000.
Two steps are taken when leveraging this option:
- Reverts back to using the internal K2000 datastore. The only deployment data available is what existed before the initial offboard storage migration took place.
- Restores a backup of the database taken when the initial offboard storage migration took place.
If you have upgraded since migrating to offboard storage, please contact support before reverting to internal storage
Note: After reverting an RSA, you must sync the RSA with the K2000 manually at least once. You do this from the Choose Action drop-down list on the Deployments | Remote Sites page.
The KACE SDA data on external storage might be visible to other applications or users if the NFS share is not restricted for a particular network IP address by the NAS device. Restrict the share to allow only the K2000 and any management system(s) if the NAS device permits it. Alternately, put the NAS on a private network, or explicitly connect the device to a second Network Interface Card (NIC).
Please review the Offboard storage best practices document (185637)
For maximum performance, connect the external storage device directly to the second NIC of the K2000 appliance (see notes above under the enabling external storage on the K2000 appliance).
The K2000 is able to use all of the available space on the volume or partition on which the NFS share exists. You cannot restrict the size (quota) of the share on the storage server; the available space varies according to the space used by all of the shares. Quest KACE recommends using a dedicated partition for K2000 external storage.
If you are utilizing security or antivirus software on the NAS device, it is recommended that you add an exemption for the directories being used by the K2000 or disable the software altogether, as it can interfere with existing or new data as it is being uploaded or modified by the K2000, rendering it unreliable or unusable.