立即与支持人员聊天
与支持团队交流

QoreStor 7.3.0 - User Guide

Introducing QoreStor Accessing QoreStor Configuring QoreStor settings
Licensing QoreStor Configuring SAML Configuring an SSL Certificate for your QoreStor System Configuring Active Directory settings Understanding system operation scheduling Configuring Secure Connect Enabling MultiConnect Configuring and using Rapid NFS and Rapid CIFS Configuring and using VTL Configuring and Using Encryption at Rest Configuring and using the Recycle Bin Configuring Cloud Reader Configuring RDA immutability
Managing containers Managing local storage Managing cloud storage Managing replications Managing users Monitoring the QoreStor system Managing QoreStor remotely Support, maintenance, and troubleshooting Security recommendations guide About us

Configuring User Access Controls

QoreStor allows you to specify user access controls for individual RDA containers. User access controls allows for multiple containers of the same type while ensuring that access to each container is isolated to specific users. User access controls (UACs) can be set at the container level to assign RWD (read-write-delete) or RW (read-write) permissions on that container to individual user accounts.Data within the containers can be access or deleted by users with both permission types, but the container can only be deleted by a user with RWD permissions.

The backup_user account is assigned by default to RDA containers, and is granted RWD permissions. Additional user access can be configured through the GUI or CLI.

NOTE: User Access Controls is currently only supported on RDA containers.

Requirements for using User Access Controls

  • The user account to which access is going to be assigned should be created before creating the container or configuring UAC.

To configure User Access Controls

  1. In the navigation menu, click Containers. The Containers page is displayed.
  2. In the list of containers, find the container for which you add user access controls, and then click User Access Control.
  3. The backup_user account is listed by default. To configure other accounts with permissions, user the Search field to find the account. Click the desired account to add it to the users list.
  4.  For each listed account, select the appropriate permissions. Options are:
    • Read/Write - gives the account read and write permissions on the container.
    • Read/Write/Delete - gives the account read, write, and delete permissions on the container.
  5. Click Finish.

NOTE: To add user access controls to a container through the command line, use the command:

container --add --name <name> [--group_name <name>]container --add_uac --name <name> --user <user name> --mode <RW|RWD>

Refer to the QoreStor Command Line Reference Guide for more information.

Adding an NFS or CIFS connection type container

To add an NFS or a CIFS connection type container, complete the following steps:

  1. In the navigation menu, click Containers. The Containers page is displayed.
  2. Click Add Container.
  3. For Protocol, select NAS (NFS, CIFS)..
  4. For the container Name, type the name of the container, and then click Next.

    Container names cannot exceed 32 characters in length, must start with a letter, and can be composed of any combination of the following characters:

    • A-Z (uppercase letters)
    • a-z (lowercase letters)
    • 0-9 (numbers). Do not start a container name with a number.
    • dash (-) or underscore (_) special characters

    NOTE:QoreStor does not support the use of the following special characters in container names: /, #, or @.

  5. In the Storage Group drop-down, select the Storage Group for this container.
  6. Click Next.
  7. For Marker Type, select the appropriate marker that supports your Data Management Application (DMA).
    • Auto — Automatically detects CommVault, Tivoli Storage Manager (TSM), ARCserve, and HP Data Protector marker types. In addition, select this option if you need to support EMC Networker 2.0.
    • ARCserve—Supports the ARCserve marker.
    • BridgeHead — Supports the BridgeHead HDM marker.
    • CommVault—Supports the CommVault marker.
    • HP DataProtector—Supports the HP Data Protector marker.
    • Networker — Supports EMC Networker 3.0. If you need to support EMC Networker 2.0, select Auto.
    • Time Navigator—Supports the Time Navigator marker.
    • TSM—Supports the TSM marker.
    • Unix Dump — Supports the Amanda marker, among others.

    IMPORTANT: Improper marker selection can result in non-optimal savings. As a best practice, if you have only one type of DMA with traffic directed to a container, it is best to select the marker type that supports your DMA (for example, BridgeHead, Auto, or another). Conversely, as a best practice, if you have traffic from a DMA that is not one of the supported marker types, it is best to disable marker detection for the container by selecting the None marker type.

  8. For Access Protocols, select NFS and CIFS as appropriate.

    (Use NFS to back up UNIX or LINUX clients. Use CIFS to back up Windows clients.)

  9. Click Next.
  10. If you selected NFS as the connection type, configure NFS access as follows. For CIFS connections, proceed to step 11.
    • NFS Options — Defines the type of access to the container. Select one of the following options.
      • Read Write Access — To allow read-write access to the container.
      • Read Only Access — To allow read-only access.
    • Root Mapping— Select one of the following options from the drop-down list to define the user level you want mapped to this container.
      • Root — to specify a remote user with root access to read, write, and access files on the system.
      • Nobody — to specify a user on the system without root access permissions.
      • Administrator — to specify the system administrator.
    • NFS Client Access — Define the NFS client(s) that can access the NFS container or manage the clients that can access this container by selecting one of the following options.
      • Open (allow all clients) — To allow open access for all clients to the NFS container you create. (Select this option only if you want to enable access for all clients to this NFS container.)
      • Create Client Access List — To define specific clients that can access the NFS container. In the Client FQDN or IP text box, type the IP address (or FQDN hostname) and click the Add icon. The “added” client appears in the Allow Clients list box. (To delete an existing client from this list box, select the IP address (or FQDN hostname) of the client you want to delete, and click the Delete icon. The “deleted” client disappears from the list box.)
  11. If you selected CIFS as the connection type, configure CIFS access as follows.
    • Client Access — Define the CIFS client(s) that can access the container or manage the clients that can access this container by selecting one of the following options.
      • Open (allow all clients) — To allow open access for all clients to the container you create. (Select this option only if you want to enable access for all clients to this container.)
      • Create Client Access List — To define specific clients that can access the container. In the Client FQDN or IP text box, type the IP address (or FQDN hostname) and click the Add icon. The “added” client appears in the Allow Clients list box. (To delete an existing client from this list box, select the IP address (or FQDN hostname) of the client you want to delete, and click the Delete icon. The “deleted” client disappears from the list box.)

      NOTE: The QoreStor administrator that manages the system has a different set of privileges than does the CIFS administrator user. Only the QoreStor administrator can change the password for the CIFS administrator user. To change the password that allows access for the CIFS administrator user, use the authenticate --set --user administrator commands. For more information, see the QoreStor Command Line Reference Guide.

  12. Click Next.
  13. Optionally, select Recycle Bin, and then enter the number of days you want files to remain in the Recycle Bin before deleting. For more information, see Managing containers.

    NOTE: Enabling the Recycle Bin is an irreversible step. Once it is enabled, you cannot disable it on a container.

  14. Click Next.

    A Configuration Summary of the options you selected for creating the container appears.

  15. Click Finish.

Creating an Object Container

Adding an object container can be accomplished through the QoreStor UI or via the object_container command in the QoreStor CLI. Refer to the QoreStor Command Line Reference Guide for more information on the object_container command.

NOTE: QoreStor object container does not support object lifecycle management, which means transitioning storage classes or server side expiration of objects is not supported. User policies are limited to predefined readwrite, writeonly, and readonly.

To create an object container

  1. In the navigation menu, click Containers.
  2. On the Containers pane, click Add Container. The Add Container dialog will be displayed.
  3. In the Protocol field, select Object (S3 Compatible).
  4. In the Storage Group drop-down, select the required storage group for this container.
  5. Click Next.
  6. Optionally, select Use HTTP instead of HTTPS. To use an HTTP connection, you must also follow the steps below:
    1. On the QoreStor server, copy the aws.conf file to a new location:

    NOTE: The QoreStor implementation of object storage uses a self-signed certificate. If your data management application requires third party certificates, you must use HTTP to connect to the object container.

  7. Click Next.
  8. Review the summary and click Finish.

When the process is completed the object container is added to the QoreStor. For Object container created prior to QoreStor release 7.2.1 you will see the storage group ObjectContainer and the container ObjectStorageGroup added to the Storage Groups and Container pages, respectively.  See the topics below for information on working with object storage.

Adding an object container through the command line

To add an object container, complete the following steps.

  1. Access the QoreStor CLI. Refer to Accessing the CLI commands for more information.
  2. Add a Object container:

    object_container --add --name <container name> [--group <storage group name>]

    Refer to the QoreStor Command LIne Reference Guide for more information.

  3. Get end-point details of it:

    object_container --show --name <container name>

  4. Create user for this container. This user name is used as Access key and user’s password is used as Secret key while accessing Object container from the client systems (backup clients):

    object_container --user-add --name <name> --user-name <user name>

    IMPORTANT:The User’s name is used as Access Key and the user’s password is used as Secret Key while connecting to QoreStor from the S3 clients.

    To see the S3 endpoint, use the command object_container --show --endpoint --name <name of container>

    The endpoint is displayed in the format https://<QoreStor IP address>:<port>

    Make sure the port is allowed for access through the firewall.

  5. Set access policy for the user. Use <Policy name> as “readwrite” to allow the user to backup and restore data.
    object_container --policy-set --name <name> --policy-name <Policy name>  --user-name <user name>
  6. Create bucket for use in the backup application. Optionally add locking support:
    object_container --bkt-add --name <name> --bkt-name <bucket name>  [--enable-object-lock]  [--enable-object-versioning]
  7. Configure the backup application with the endpoint, access key, secret key, and bucket name.

Creating a VTL type container

NOTE: For more information on using VTL containers, see Configuring and using VTL.

To create a virtual tape library (VTL) type container, complete the following steps.

NOTE: The number of supported VTL containers varies depending on the QoreStor installation mode. Refer to the QoreStor Interoperability Guide for more information.

  1. In the navigation menu, click Containers. The Containers page is displayed.
  2. Click Add Container.
  3. For Name, type the name of the container.

    NOTE: QoreStor does not support spaces or the following special characters in container names: /, #, or @. VTL container names cannot exceed 32 characters in length, must start with a letter, and can be composed of any combination of the following characters:

    • A-Z (uppercase letters)
    • a-z (lowercase letters)
    • 0-9 (numbers). (Do not start a container name with a number.)
    • underscore (_) special characters
    • hyphen (-) special character

    NOTE: iSCSI VTL containers do not support the following characters:

    • ASCII CONTROL CHARACTERS and SPACE through ,
    • ASCII /
    • ASCII ; through @
    • ASCII [ through `
    • ASCII { through DEL
  4. For Protocol, select Virtual Tape Library (VTL).
  5. Click Next.
  6. For Robot Model, select the type of virtual tape library for the VTL container.
    • STK L700—This is the standard emulation of the StorageTek L700 library.
    • QUEST DR_L700 - This is a Quest OEM version of StorageTek L700 library.

    NOTE: The Quest version of the VTL issupported only with Symantec Backup Exec and Netbackup data management applications (DMAs).

  7. For Tape Size, select the size of the tapes for your tape library from one of the following options.
    • 800 GB
    • 400 GB
    • 200 GB
    • 100 GB
    • 50 GB
    • 10 GB

    NOTE: Creating a VTL container type creates a tape library of type Storage Tek L700 with 10 tape drives of type IBM Ultrium LTO-4 and 60 tape slots holding 60 tapes. Additional tapes can be added as required. For more information, see VTL and QoreStor specifications.

  8. For Access Protocol, select one of the following options. Each protocol has different configuration requirements, as listed below.
    • NDMP
      • Enter DMA’s FQDN or IP address that will access the VTL container.
      • For Marker Type, select the appropriate marker that supports your DMA from the options below:
        • None — Disables marker detection for the container.
        • Auto — Automatically detects CommVault, Tivoli Storage Manager (TSM), ARCserve, and HP Data Protector marker types. In addition, select this option if you need to support EMC Networker 2.0.
        • ARCserve—Supports the ARCserve marker.
        • BridgeHead — Supports the BridgeHead HDM marker.
        • CommVault—Supports the CommVault marker.
        • HP DataProtector—Supports the HP Data Protector marker.
        • Acronis —Supports the Acronis marker
        • Networker — Supports EMC Networker 3.0. If you need to support EMC Networker 2.0, select Auto.
        • TSM—Supports the TSM marker.
        • Unix Dump — Supports the Amanda marker, among others.
    • iSCSI
      • Enter the FQDN, IQN, or IP address of the iSCSI initiator that can access the VTL container.
      • For Marker Type, select the appropriate marker that supports your DMA from one of the following options:

        NOTE: Improper marker selection can result in non-optimal savings. As a best practice, if you have only one type of DMA with traffic directed to a container, it is best to select the marker type that supports your DMA. Conversely, as a best practice, if you have traffic from a DMA that is not one of the supported marker types, it is best to disable marker detection for the container by selecting the None marker type.

        • None — Disables marker detection for the container.
        • Auto — Automatically detects CommVault, Tivoli Storage Manager (TSM), ARCserve, and HP Data Protector marker types. In addition, select this option if you need to support EMC Networker 2.0.
        • ARCserve—Supports the ARCserve marker.
        • BridgeHead — Supports the BridgeHead HDM marker.
        • CommVault—Supports the CommVault marker.
        • HP DataProtector—Supports the HP Data Protector marker.
        • Acronis —Supports the Acronis marker
        • Networker — Supports EMC Networker 3.0. If you need to support EMC Networker 2.0, select Auto.
        • TSM—Supports the TSM marker.
        • Unix Dump — Supports the Amanda marker, among others.
    • No Access.

    NOTE: QoreStor allows you to create a VTL container type without configuring it with a specific protocol (that is, by selecting No Access). You can configure the container at a later date.

  9. Click Next.

    A summary of the options you selected for creating the container appears.

  10. Click Finish.
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级