NETAPP在域用户下HOMEDIR的配置方法

NetApp存储设备配置说明修改记录目录1编写目的 (1)2专业名词和缩略语 (2)3组网方式和环境介绍 (3)4安装配置方法 (3)4.1N ET A PP硬件安装 (3)4.2设备初始化和系统设定 (4)4.2.1设备初始化 (4)4.2.2系统设定 (4)4.3操作系统安装 (6)4.3.1注册现有系统的cifs服务，将操作系统文件上传至FAS存储系统 (6)4.4应用配置 (8)4.4.1系统参数配置 (8)4.4.2注册需要使用的服务 (10)4.4.3创建一个卷并输出空间 (12)4.4.4创建一个Qtree并实施quota限制 (17)4.4.5配置autosupport (19)4.4.6配置snapshot策略及数据恢复方法 (19)4.4.7磁盘故障的数据恢复方法 (19)4.4.8配置Cluster (19)1 编写目的编写本文档的目的在于详细地说明NetApp FAS存储系统的安装、配置以及常用命令的介绍和可靠性维护、故障检查与恢复的方法，便于开发、测试、用服和工程维护人员安装、使用和维护NetApp FAS存储系统存储系统。

2 专业名词和缩略语3 组网方式和环境介绍NetAppFAS3240AESX ServerSWITCHESX Server图3.1 NetApp FAS存储系统组网结构NetApp FAS存储系统存储设备以NAS存储方式使用，通过万兆交换机与主机相连接。

4 安装配置方法4.1 NetApp硬件安装存储设备硬件的安装主要是各盘柜间线缆的连接、磁盘安装、盘柜上架、上电等，以上操作多由NetApp技术支持工程师完成。

使用存储设备随机携带的“DB－9 to RJ－45”转接线将FAS存储系统的CONSOLE端口和安装了WINDOWS操作系统的主机串口相连，在WINDOWS主机上安装SecureCRT软件，新建一个serial协议的连接，其中port参数根据所连接的是COM1还是COM2来进行选择，其余参数参考图4.1所示，通过串口连接登录到FAS存储系统。

目录1 设备信息 (2)2 硬件实施…………………………………………………………………………………错误！未定义书签。

3 存储系统配置过程………………………………………………………………………错误！未定义书签。

4 IBM NAS的存储配置 (7)4.1 增加卷 (7)4.2 建立Qtree .................................. (10)4.3 建立Share并配置权限.................................. (112)4.4 使用IBM实现用户homedir的配置 (14)4.5 创建新用户目录，并更改NTFS权限设置 (16)4.6 配置HOME目录.................................. . (27)4.7 检查共享权限.................................. (301)5 挂接HOME DIRECTORY.................................. (332)5.1 永久挂接.................................. (332)5.2 临时挂接.................................. (334)6 授权目录给其他用户.................................. (345)6.1 其他用户如何使用授权目录 (385)7 授权文件给其他用户.................................. (41)7.1 其他用户如何使用授权文件 (41)8 snapvault实施步骤 (48)1设备信息两台IBM N系列网络存储：N3300和N3600。

2硬件实施(1)拆箱验货。

(2)主机上架。

(3)存储加电自检。

(4)存储系统配置。

3存储系统配置过程一、两台主机已经预装操作系统，加电自检完毕。

网络需求所有需要执行SnapMirror数据复制的存储之间，需打开以下端口：NetApp FAS存储支持通过网络同步时钟。

如果存储和NTP服务器之间有防火墙，则打开以下端口：所有被管理的存储，必须通过IP网络与DFM服务器连通。

如果存储和DFM服务器之间有防火墙，则打开以下端口：如果有Windows机器需要管理（例如，客户端安装了OSSV备份软件），则Windows机器需要通过IP网络与DFM服务器连通。

如果Windows机器和DFM服务器之间有防火墙，则打开以下端口：启用DFM的autosupport功能，需要DFM服务器和邮件服务器连通；并且服务器需要一个不需密码验证的发送邮件的账号。

如果邮件服务器和DFM服务器之间有防火墙，则打开以下端口：附录：DOT 7.2使用的IP端口IP port usage on a storage systemAbout this appendixThis appendix describes the Data ONTAP services file that is available in the /etc directory. The /etc/services file is in the same format as its corresponding UNIX systems /etc/services file. Although this file is it not used by Data ONTAP, it is provided in this appendix as information useful to system administrators. Host identificationAlthough some port scanners are able to identify storage systems as storage systems, others port scanners report storage systems as unknown types, UNIX systems because of their NFS support, or Windows systems because of their CIFS support. There are several services that are not currently listed in the /etc/services file.Below is an example of a complete list of the file contents./etc/services NNTP and TTCP portsThe nntp and ttcp ports are unused by your storage system and should never be detected by a port scanner.Ports found in a block starting around 600The following ports are found on the storage system with NFS enabled:On other systems, the ports appear as follows:Enter the following command on UNIX systems to obtain the correct information by querying the port mapper on port 111:toaster# rpcinfo -p .or.ip.address program vers proto port service100011 1 udp 608 rquotad100021 4 tcp 607 nlockmgr100021 3 tcp 607 nlockmgr100021 1 tcp 607 nlockmgr100021 4 udp 606 nlockmgr100021 3 udp 606 nlockmgr100021 1 udp 606 nlockmgr100024 1 tcp 605 status100024 1 udp 604 status100005 3 tcp 603 mountd100005 2 tcp 603 mountd100005 1 tcp 603 mountd100005 3 udp 602 mountd100005 2 udp 602 mountd100005 1 udp 602 mountd100003 3 udp 2049 nfs100003 2 udp 2049 nfs100000 2 tcp 111 rpcbind100000 2 udp 111 rpcbindNoteThe port numbers listed for mountd, statd, lockd, and quotad are not committed port numbers. Storage systems can have these services running on other port numbers. Because the system selects these port numbers at random when it boots, they are not listed in the /etc/services file.Other ports not listed in /etc/servicesThe following ports appear in a port scan but are not listed in /etc/services file.NoteDisable open ports that you do not need.FTP•ftp-data•ftpFile transfer protocol (FTP) uses TCP ports 20 and 21. For a detailed description of the FTP support for your storage system, see the Data ONTAP File Access and Protocols Management Guide. If you use FTP to transfer filesto and from your storage system, the FTP port is required; otherwise, use FilerView or the following CLI command to disable the FTP port:options ftpd.enable offFTP is not a secure protocol for two reasons:•When users log in to the system, user names and passwords are transmitted over the network in clear text format that can easily be read by a packet sniffer program.These user names and passwords can then be used to access data and other network resources. You should establish and enforce policies that prevent the use of the same passwords to access storage systems and other network resources.•FTP server software used on platforms other than storage systems contains serious security-related flaws that allow unauthorized users to gain administrative (root) access and control over the host.SSH•sshSecure Shell (SSH) protocol is a secure replacement for RSH and runs on TCP port 22. This only appears in a port scan if the SecureAdmin TM software is installed on your storage system.There are three commonly deployed versions of the SSH protocol:•SSH version 1--is much more secure than RSH or Telnet, but is vulnerable to TCP session attacks.This vulnerability to attack lies in the SSH protocol version 1 itself andnot in the associated storage system products.•SSH version 2--has a number of feature improvements over SSH version 1 and is less vulnerable to attacks.•SSH version 1.5--is used to identify clients or servers that support both SSH versions 1 and 2.To disable SSH support or to close TCP port 22, use the following CLI command:secureadmin disable sshTelnet•telnetTelnet is used for administrative control of your storage system and uses TCP connections on port 23. Telnet is more secure than RSH, as secure as FTP, and less secure than SSH or Secure Socket Layer (SSL).Telnet is not secure because:•When users log into a system, such as your storage system, user names and passwords are transmitted over the network in clear text format.Clear text format can be read by an attacker using a packet snifferprogram. The attacker can use these user names and passwords to log in to your storage system and execute unauthorized administrativefunctions, including destruction of data on the system. If theadministrators use the same passwords on your storage system as they do on other network devices, the attacker can use these passwords toaccess those resources as well.NoteTo reduce the potential for attack, establish and enforce policiespreventing administrators from using the same passwords on yourstorage system that they use for access to other network resources.•Telnet server software used on other platforms (typically in UNIX environments) have serious security-related flaws that allow unauthorized users to gain administrative (root) control over the host.Telnet is also vulnerable to the same type of TCP session attacks as SSH protocol version 1, but because a packet sniffing attack is easier, TCP session attacks are less common.To disable Telnet, set options telnet.enable to off.SMTP•smtpThe Simple Mail Transport Protocol (SMTP) uses TCP port 25. Your storage system does not listen on this port but makes outgoing connections to mail servers using this protocol when sending AutoSupport e-mail.Time service•time•ntpYour storage system supports two different time service protocols:•TIME protocol (also known as rdate) is specified in the RFC 868 standard. This standard allows for time services to be provided on TCP or UDP port 37. Your storage systemuses only UDP port 37.•Simple network time protocol (NTP) is specified in the RFC 2030 standard and is provided only on UDP port 123.When your storage system has option timed.enable set to On and a remote protocol (rdate or ntp) is specified, the storage system synchronizes to a network time server.If the timed.enable option is set to Off, your storage system is unable to synchronize with the network time server using NTP. The rdate time protocol can still be used by manually issuing the rdate command from your storage system console.You should set the timed.enable option to On in a cluster configuration. DNS•domainThe Domain Name Service (DNS) uses UDP port 53 and TCP port 53. Your storage system does not typically listen on these ports because it does not run a domain name server. However, if DNS is enabled on your storage system, it makes outgoing connections using UDP port 53 for host name and IP address lookups. Your storage system never uses TCP port 53 because this port is used explicitly for communication between DNS servers. Outgoing DNS queries by your storage system are disabled by turning off DNS support. Turning off DNS support protects against receiving bad information from another DNS server.Because your storage system does not run a domain name server, the name service must be provided by one of the following:•Network information service (NIS)•An/etc/hosts file•Replacement of host names in the configuration files (such as /etc/exports, /etc/usermap.cfg, and so on) with IP addressesDNS must be enabled for participation in an Active Directory domain. DHCP•dhcpsClients broadcast messages to the entire network on UDP port 67 and receive responses from the Dynamic Host Configuration Protocol (DHCP) server on UDP port 68. The same ports are used for the BOOTP protocol.DHCP is used only for the first-time setup of your storage system. Detection of DHCP activity on your storage system by a port scan other than the activity during the first-time setup indicates a serious configuration or software error. TFTP•tftpTrivial File Transfer Protocol (TFTP) uses TCP port 69. It is used mostly for booting UNIX or UNIX-like systems that do not have a local disk (this process is also known as netbooting) and for storing and retrieving configuration files for devices such as Cisco routers and switches.Transfers are not secure on TFTP because it does not require authentication for clients to connect and transfer files.Your storage system's TFTP server is not enabled by default. When TFTP is enabled, the administrator must specify a directory to be used by TFTP clients, and these clients cannot access other directories. Even within the TFTP directory, access is read-only. TFTP should be enabled only if necessary. Disable TFTP using the following option:options tftpd.enable offHTTP•httpHypertext Transport Protocol (HTTP) runs on TCP port 80 and is the protocol used by web browsers to access web pages. Your storage system uses HTTP to access•Files when the HTTP protocol is enabled•FilerView for Graphical User Interface (GUI) administration•Secure FilerView when SecureAdmin is installedThe SecureAdmin SSL interface accepts connections on TCP port 443. SecureAdmin manages the details of the SSL network protocol, encrypts the connection, and then passes this traffic through to the normal HTTP FilerView interface through a loopback connection. This loopback connection does not use a physical network interface. HTTP communication takes place inside your storage system, and no clear text packets are transmitted.The HTTP protocol is not vulnerable to security attacks because it provides read-only access to documents by unauthenticated clients. Although authentication is not typically used for file access, it is frequently used for access to restricted documents or for administration purposes, such as FilerView administration. The only authentication methods defined by the HTTP protocol send credentials, such as user names and passwords, over the network without encryption. The SecureAdmin product is provided with SSL support to overcome this shortcoming.NoteIn versions of Data ONTAP earlier than 7.0, your storage system listens for new connections (by default, set to TCP port 80) even when the HTTP protocol is not licensed and FilerView is disabled. However, starting with Data ONTAP 7.0, you can stop your storage system from listening for new connections by setting the options httpd.enable and httpd.admin.enable to Off. If either of the options is set to On, your storage system will continue to listen for new connections.Kerberos•kerberos•kerberos-secThere are four Kerberos ports in the /etc/services file: TCP port 88, UDP port 88, TCP port 750, and UDP port 750. These ports are used only for outbound connections from your storage system. Your storage system does not run Kerberos servers or services and does not listen on these ports.Kerberos is used by your storage system to communicate with the Microsoft Active Directory servers for both CIFS authentication and, if configured, NFS authentication.NFS•portmap•nfsdThe Network File System (NFS) is used by UNIX clients for file access. NFS uses port 2049.NFSv3 and NFSv2 use the portmapper service on TCP or UDP port 111. The portmapper service is consulted to get the port numbers for services used with NFSv3 or NFSv2 protocols such as mountd, statd, and nlm. NFSv4 does not require the portmapper service.NFSv4 provides the delegation feature that enables your storage system to grant local file access to clients. To delegate, your storage system sets up a separate connection to the client and sends callbacks on it. To communicate with the client, your storage system uses one of the reserved ports (port numbers less than 1024). To initiate the connection, the client registers the callback program on a random port and informs the server about it.With delegations enabled, NFSv4 is not firewall friendly because several other ports need to be opened up as well.You can disable the TCP and UDP ports by setting the nfs.tcp.enable and nfs.udp.enable options to Off.To disable NFS, use the nfs off command.CIFS•netbios-name•netbios-dg•netbios-ssn•cifs-tcpThe Common Internet File Service (CIFS) is the successor to the server message block (SMB) protocol. CIFS is the primary protocol used by Windows systems for file sharing.CIFS uses UDP ports 137 and 138, and TCP ports 139 and 445. Your storage system sends and receives data on these ports while providing CIFS service. If it is a member of an Active Directory domain, your storage system also must make outbound connections destined for DNS and Kerberos.CIFS is required for Windows file service. You can disable CIFS using FilerView or by issuing the cifs terminate command on your storage system console.NoteIf you disable CIFS, be aware that your storage system's /etc/rc file can be set up to automatically enable CIFS again after a reboot.SSL•sslThe Secure Sockets Layer (SSL) protocol provides encryption and authentication of TCP connections.When SecureAdmin is installed and configured on your storage system, it listens for SSL connections on TCP port 443. It receives secure web browser connections on this port and uses unencrypted HTTP through a loopback connection to pass the traffic to FilerView, running on TCP port 80. This loopback connection is contained within your storage system and no unencrypted data is transmitted over the network.TCP port 443 can be disabled using FilerView or with the following command: secureadmin disable sslSNMP•snmpSimple Network Management Protocol (SNMP) is an industry-standard protocol used for remote monitoring and management of network devices over UDP port 161.SNMP is not secure because•Instead of using encryption keys or a user name and password pair, SNMP uses a community string for authentication. The community string is transmitted in clear textformat over the network, making it easy to capture with a packet sniffer.Within the industry, devices are typically configured at the factory to use public as the default community string. The public password allowsusers to make queries and read values but does not allow users toinvoke commands or change values. Some devices are configured atthe factory to use private as the default community string, allowingusers full read-write access.•Even if you change the read and write community string on a device to something other than private, an attacker can easily learn the new string by using the read-only publiccommunity string and asking the router for the read-write string.There are three versions of SNMP:•SNMPv1 is the original protocol and is not commonly used.•SNMPv2 is identical to SNMPv1 from a network protocol standpoint and is vulnerable to the same security problems. The only differences between the twoversions are in the messages sent, messages received, and the type ofinformation that is available. These differences are not important from a securitypoint of view. This version of SNMP is currently used on your storage systems.•SNMPv3 is the latest protocol version and includes security improvements but is difficult to implement and many vendors do not yet support it. SNMPv3 supportsseveral different types of network encryption and authentication schemes. Itallows for multiple users, each with different permissions, and solves SNMPv1security problems while maintaining an important level of compatibility withSNMPv2.SNMP is required if you want to monitor a storage system through an SNMP monitoring tool, such as DataFabric® Manager. Your storage system's SNMP implementation allows read-only access. Regardless of the community string used, the user cannot issue commands or change variables using SNMP on your storage system.You should use the snmp.access option to restrict SNMP access to a named set of trusted hosts.Set the snmp.enable option to Off to disable SNMP entirely.The snmp community delete and snmp community add commands are used to change the community string to something other than the default value.RSH•shellRemote shell protocol (RSH) is used for remote command execution and is the only protocol supported on your storage system. It is even less secure than TFTP and uses TCP port 514.RSH is not secure because passwords are not required for login and commands are easy to misconfigure. If possible, RSH should be disabled by setting the rsh.enable option to off.You should use the SSH supplied with SecureAdmin for remote command execution and login. If this is not possible, Telnet is preferred to RSH.If RSH is the only alternative, follow these guidelines when using RSH:•Specify only secure, trusted hosts in the /etc/hosts.equiv file.•Always use IP addresses rather than host names in the /etc/hosts.equiv file.•Always specify a single IP address with a single user name on each line in /etc/hosts.equiv file.•Use the rsh.access option instead of the trusted.hosts option for access control.•Make sure the ip.match_any_ifaddr option is set to off.Syslog•syslogYour storage system sends messages to hosts specified by the user in the/etc/syslog.conf file using the syslog protocol on UDP port 514. It does not listen on this port, nor does it act as a syslog server.Routed•routedThe route daemon, routed, listens on UDP port 520. It receives broadcast messages from routers or other hosts using the Routing Information Protocol (RIP). These messages are used by your storage system to update its internal routing tables to determine which network interfaces are optimal for each destination.Your storage system never broadcasts RIP messages containing routes because Data ONTAP is not capable of acting as a router.RIP is not secure because an attacker can easily send artificial RIP messages and cause hosts running the routed daemon (such as your storage system) toredirect network traffic to the attacker. The attacker can then receive and sift this traffic for passwords and other information and send it on to the actual destination, where the intrusion is undetected. This method can also be used as a starting point for TCP session attacks.Because of these security issues, use static routes (those set up using the route command on your storage system) instead of using the routed daemon. NDMP•ndmp•ndmp-localNetwork Data Management Protocol (NDMP) runs on TCP port 10000 and is used primarily for backup of network-attached storage (NAS) devices, such as your storage systems.The protocol defines three authentication methods:•NONE--allows authentication without restriction•TEXT--sends a clear text password over the network, similar to Telnet or FTP•MD5--uses the MD5 message digest algorithm along with a challenge-response message exchange to implement a secure login mechanismYour storage systems support both the TEXT and MD5 authentication methods. Most NDMP-enabled backup software uses MD5 by default.To entirely disable the TEXT authentication method, set thendmpd.authtype option to challenge.To restrict NDMP commands to certain authorized backup hosts, use the ndmp.access option.Regardless of the authentication method used, NDMP sends backup data in unencrypted format over the network, as does most other backup software. A separate network optimized for backup is a common means to increase performance while retaining data security.To disable NDMP, set the ndmp.enable option to off.SnapMirror and SnapVault•snapmirrorSnapMirror and SnapVault use TCP port 10566 for data transfer. Network connections are always initiated by the destination system; that is, SnapMirror and SnapVault pull data rather than push data.Authentication is minimal with both SnapMirror and SnapVault. To restrict inbound TCP connections on port 10566 to a list of authorized hosts or IP addresses, configure the snapmirror.access or snapvault.access option. Once a connection is established, the destination storage system communicates its host name to the source storage system, which then uses this host name to determine if a transfer is allowed. You should confirm a match between the host name and its IP address. To confirm that the host name and the IP address match, set the snapmirror.checkip.enable option to On.To disable SnapMirror, set the snapmirror.enable option to Off. To disable SnapVault, set the snapvault.enable option to Off.。

N e t A p p存储系统配置手册2011NetAppAll rights reserved本文档包含NetApp公司的商业及技术机密。

未经NetApp公司许可，不得向第三方泄漏或使用。

目录1配置指南 (2)1.1NetApp Filer快速入门 (2)1.2开关机 (2)1.2.1开机顺序： (2)1.2.2关机顺序： (2)2NetApp FAS3050/F3050C 系列 (3)2.1机架指示灯 (4)3设备管理 (7)3.1FILERVIEW 图形管理接口 (7)3.2命令行管理接口(CLI) (10)3.3空间管理：Aggr, V olume和qtree的介绍 (10)3.3.1命令行 (11)3.3.2图形界面 (11)3.3.3Qtree security styles的意义 (13)3.4NFS exports (13)3.4.1命令行 (14)3.4.2图形界面 (14)3.5CIFS Shares (15)3.5.1命令行 (15)3.5.2图形界面 (16)3.5.3用windows 2003或windows 2008管理 (17)3.6Snapshot 管理 (17)3.7Lun create (18)3.7.1命令行 (18)3.7.2图形界面 (19)3.8NetApp Filer常用命令 (21)1 配置指南1.1 NetApp Filer快速入门本指南是为初次使用NetApp存储系统的人员编写的，详细的系统描述和管理命令参见随机手册,在线帮助及/. 特别请您访问NOW (NetApp On the Web) site (), 您可从上面获得几乎所有得产品支持信息，如：电子版手册，知识库，软件下载，等等。

1.2 开关机1.2.1 开机顺序：1、先按照磁盘架编号顺序加电磁盘架的双电源；2、10秒钟后加电控制器。

1.2.2 关机顺序：1、确认所有连接的应用程序已经关闭；2、通过串口或TELNET登陆到系统。

NETAPP存储系统安装、配置和维护手册文档信息本安装和维护手册为 XXX 定制，为NetApp标准文档之补充。

目录1作业规划步骤 (1)2配置步骤 (3)2.1设置磁盘归属，创建ROOT卷 (3)2.2检查并更新各部件的firmware系统版本 (15)2.3检查并更新存储操作系统版本 (19)2.4输入软件许可 (23)2.5执行SETUP进行初始化设置 (23)2.6调整ROOT卷的大小 (29)2.7配置VLAN (29)2.8修改HOSTS文件 (31)2.9修改/etc/rc文件 (32)2.10配置AutoSupport服务 (33)2.11配置SSH (34)2.12配置SNMP (35)2.13配置NTP (36)2.14配置MTA (37)2.15配置IPspace (37)2.16配置MultiStore (37)2.17配置CIFS (41)2.18配置ISCSI (44)2.19配置FCP (45)2.20配置NFS (46)2.21配置重复数据删除 (47)2.22配置Snaprestore (48)2.23容灾实现Snapmirror (52)3日常维护 (55)3.1正常开关机 (55)3.2维护手段 (55)3.2.1Filerview 图形管理接口 (55)3.2.2命令行(CLI) (57)3.3空间管理：Aggr, Volume和lun的介绍 (57)3.4常用命令基本应用 (58)3.5日常系统检查 (58)3.5.1目测 (58)3.5.2例行系统检查 (58)3.6autosupport功能简介和配置 (59)4故障处理流程 (61)Page II4.1支持方式 (61)4.1.1NetApp on the web (NOW) site和服务 (61)4.1.2GSC( Global Support Center 全球支持中心) (61)4.2案例开立流程 (62)4.3损坏部件更换流程 (62)Page III1 作业规划步骤Page 22 配置步骤配置参数表2.1 设置磁盘归属，创建ROOT卷Page 3Page 4Page 5Page 6Page 7Page 8Page 9Page 10Page 11Page 12Page 13Page 142.2 检查并更新各部件的firmware系统版本Page 15Page 16Page 17Page 182.3 检查并更新存储操作系统版本Page 19Page 20Page 21Page 222.4 输入软件许可使用license add XXXXXXX命令添加许可，全部输入后，使用license命令进行检查。

NetApp FAS系列存储器操作手册目录App存储系统 (3)2.系统基本维护指南 (5)2.1.进入管理界面 (5)2.2.系统基本信息 (6)2.3.系统LOG信息 (7)2.4.配置Autosupport (8)2.5.设置时区、时间和日期 (8)2.6.杂项设置 (9)2.7.停机及重新启动 (10)2.8.管理及创建卷 (11)2.9.管理及创建Qtree (12)2.10.磁盘配额 (13)2.11.SnapShot的配置和管理 (15)2.12.CIFS的相关信息 (17)2.13.CIFS共享 (19)2.14.启用home directory功能 (20)2.15.ISCSI连接Windows (21)2.16.网络端口的管理 (33)2.16.1.VIF Multiple方式绑定,对应Cisco 交换机端配置命令 (34)2.17.其他网络参数 (35)2.18.更改root用户密码 (36)2.19.系统实时状态监控 (37)附录一：磁盘更换步骤 (39)附录二：时间同步服务器的设置 (40)App存储系统NetApp 系统为各种不同平台上的用户提供了对全部企业数据的无缝访问。

NetApp全系列光纤网络存储系统在文件访问方面支持NFS 和CIFS，在块存储访问方面支持FCP 和iSCSI，确保您可以非常方便地将NetApp 存储系统集成到NAS 或SAN 环境中，并且保护原来的信息。

NetApp 的设计为专用访问环境中的应用程序服务器和服务器集群以及多用户环境中的用户提供了经过优化和整合的高性能数据访问方式。

NetApp 存储系统提供了经过实践考验的、超过99.998% 的数据可用性，减少了代价高昂的停机时间（无论是计划内的还是计划外的），最大限度地保障了对关键数据的访问。

它们在一个简单、易用的环境中实现了数据的可管理性、可扩展性、互操作性和可用性，从而降低了您的总拥有成本，加强了竞争优势。

1、安装SANtricity Storage Management软件1) 进入安装页面后，会出现安装目录选择页面，根据需要选择安装目录并点击“Next”，如图所示。

2) 根据用户的环境配置选择安装方式。

推荐使用“Typical”安装模式，单击“Next”进入下一步安装步骤，如图所示。

3)选择自动启动系统监控器，点击“Next”进入下一步安装，如图所示。

4)点击“Next”进入下一步安装，如图所示。

5)点击“Done”完成安装，如图所示。

2、添加磁盘阵列点击“开始”->“程序”->“SANtricity Storage Manager Clinet”,选择“Automatic”，如图所示。

存储阵列出厂默认的双控制器两个网口的IP设置为：192.168.128.101和 192.168.128.102，需要将主机服务器和控制器IP地址设置成同一个网段，通过Out-of-Band以太网带外管理方式，这样才能检测出磁盘阵列。

3、配置卷组和卷单击存储阵列进入Array Management界面，点击菜单项“Storage &Copy Services”，在Total Unconfigured Capacity上右键点击“Create Volume Group”，如图所示。

点击next，输入Volume Group name，如图所示点击next，选择RAID5，如图所示点击Finish，自动进入Create Volume界面，按如图所示进行设置初始化卷，大概需要16分钟左右，如图所示4、定义主机组和主机点击菜单项“Host Mappings”，在Default Group上右键点击Define->Host Group,如图所示输入host group name ，如图所示右键点击Host Group 1->Define->Host，如图所示输入主机名，如图所示点击next，添加wwn号，按如图所示进行设置点击next，选择操作系统，如图所示点击next，单击Finish,选择“No”，如图所示5、添加磁盘阵列映射右键点击Host test1->Add LUN Mapping，如图所示点击Add，按如图所示进行设置完成以上操作后，查看服务管理器中是否能看到新的磁盘，如图所示。

N e t A p p存储系统配置手册2011NetAppAll rights reserved本文档包含NetApp公司的商业及技术机密。

未经NetApp公司许可，不得向第三方泄漏或使用。

目录1配置指南 (2)1.1NetApp Filer快速入门 (2)1.2开关机 (2)1.2.1开机顺序： (2)1.2.2关机顺序： (2)2NetApp FAS3050/F3050C 系列 (3)2.1机架指示灯 (4)3设备管理 (7)3.1FILERVIEW 图形管理接口 (7)3.2命令行管理接口(CLI) (10)3.3空间管理：Aggr, V olume和qtree的介绍 (10)3.3.1命令行 (11)3.3.2图形界面 (11)3.3.3Qtree security styles的意义 (13)3.4NFS exports (13)3.4.1命令行 (14)3.4.2图形界面 (14)3.5CIFS Shares (15)3.5.1命令行 (15)3.5.2图形界面 (16)3.5.3用windows 2003或windows 2008管理 (17)3.6Snapshot 管理 (17)3.7Lun create (18)3.7.1命令行 (18)3.7.2图形界面 (19)3.8NetApp Filer常用命令 (21)1 配置指南1.1 NetApp Filer快速入门本指南是为初次使用NetApp存储系统的人员编写的，详细的系统描述和管理命令参见随机手册,在线帮助及/. 特别请您访问NOW (NetApp On the Web) site (), 您可从上面获得几乎所有得产品支持信息，如：电子版手册，知识库，软件下载，等等。

1.2 开关机1.2.1 开机顺序：1、先按照磁盘架编号顺序加电磁盘架的双电源；2、10秒钟后加电控制器。

1.2.2 关机顺序：1、确认所有连接的应用程序已经关闭；2、通过串口或TELNET登陆到系统。

目录一、安装客户管理软件 (2)二、磁盘阵列配置 (2)三、Volumes的规划配置 (4)四、luns的规划配置 (5)五、配置重删时间 (8)六、Snapmirror配置 (8)七、Netapp v3220的licenses (11)八、Netapp fas2240的licenses (12)九、网络接口配置 (12)一、硬件介绍二、安装客户管理软件1、先安装jdk1.6或以上版本。

2、安装netapp提供的客户端管理软件（sysmgr-setup-2-1-win），按提示下一步安装即可。

sysmgr-setup-2-1-win.exe三、磁盘阵列配置1、通过管户端管理软件，添加需要管理的netapp设备，只需输入被管理端的ip地址。

2、进入客户端管理界面，进行磁盘阵列划分，由于netapp v3220 使用sata磁盘，划分阵列时有最大的磁盘个数限制（每个阵列不超过20个磁盘），所以规划阵列时，将24块磁盘划分如下：12个划分为aggr0，11个划分为aggr1，另一个作为全局的热备盘。

3、创建阵列4、修改阵列的名称以及阵列的类型，先raid-dp，这是netapp独有的阵列，相当于RAID6，便读写的性能更好。

5、根椐提示进入下一步，按规划选择要做阵列aggr0数量为12个硬盘，并进入下一步配置完阵列，另一个阵列选aggr1需要11个硬盘配置完成阵列，还剩下一个硬盘，netapp 会自动配置作为全局热备盘。

四、Volumes的规划配置根椐规划，会划分四个volume，aggr0会划分三个volume，aggr1会划分为一个volume，每个volume都会开启活动volume功能，最大限度的利用volume的容易，每个volume划分的大小为每个阵列的最大容量的95%，另个5%作为netapp的快照功能，这是netapp公司建议的容量分配方式，虽有小许的容量损失，但能发挥netapp最佳的优能。

NetApp磁盘阵列安装手册一、磁盘阵列的系统安装1.1初始化磁盘阵列NetApp FAS是NetApp产品中一款有双机头的磁盘阵列，在出厂时预先会安装好Data OnTap 操作系统，需要先在每个机头中配置好操作系统，才能正常使用。

配置步骤如下：1，通过笔记本电脑或其它Windows平台PC机的串口，连接到机头上的串口上；2，通过超级终端，以默认值连接来进行操作，进入配置画面。

Please enter the new hostname []: NetappFileA输入这个机头的主机名，这里举例为NetappFileA；Do you want to configure virtual network interfaces? [n]: y问是否要配置虚拟网卡，如果要创建的话，输入y；Number of virtual interfaces to configure? [0] 1输入要配置几块虚拟网卡，如配置1块虚拟网卡，就输入1；Name of virtual interface #1 []: vif0输入虚拟网卡的名称，这里举例为vif0；Is vif1 a single [s] or multi [m] virtual interface? [m] m选择虚拟网卡的类型是single还是multi，这里选择m；Number of links for vif1? [0] 2虚拟网卡所包含真实网卡的数量，如果用两块网卡绑定成一块虚拟网卡就输入2；Name of link #1 for vif1 []: e1a输入用于绑定的真实网卡的设备名，可以从阵列设备后面的网络接口上看到；Name of link #2 for vif1 []: e1b输入用于绑定的真实网卡的设备名，可以从阵列设备后面的网络接口上看到；Please enter the IP address for Network Interface vif1 []: XX.61输入虚拟网卡的IP地址；Please enter the netmask for Network Interface vif1 [255.255.255.0]:输入虚拟网卡的掩码，默认就直接回车；Should virtual interface vif1 take over a partner virtual interface during failover? [n]: y是否允许虚拟网卡在故障时切换到另一个机头上，输入y；The clustered failover software is not yet licensed. To enablenetwork failover, you should run the 'license' command forclustered failover.会提示说没有输入Clustered failover功能的license，需要输入才能实现网络切换功能；Please enter the partner virtual interface name to be taken over by vif1 []: vif0输入另一个机头上的会被切换过来的虚拟网卡的名字；Please enter media type for vif1 {100tx-fd, tp-fd, 100tx, tp, auto (10/100/1000)} [auto]:输入虚拟网卡的类型，一般是自适应，选默认auto；Please enter the IP address for Network Interface e0c []:输入网卡e0c的IP地址，不设置就直接回车；Should interface e0c take over a partner IP address during failover? [n]: n是否允许网卡e0c在故障时切换到另一个机头上，这里不配置就输入n；Please enter the IP address for Network Interface e0d []:输入网卡e0d的IP地址，不设置就直接回车；Should interface e0d take over a partner IP address during failover? [n]: n是否允许网卡e0d在故障时切换到另一个机头上，这里不配置就输入n；Would you like to continue setup through the web interface? [n]: n问是否通过web方式来进行继续的安装，输入n，不需要；Please enter the name or IP address of the default gateway: 问客户要网关输入默认网关的名字和IP地址，无须输入就直接回车；The administration host is given root access to the filer's/etc files for system administration. To allow /etc root accessto all NFS clients enter RETURN below.Please enter the name or IP address of the administration host:输入超级管理主机的主机名或IP地址，没有就直接回车；Where is the filer located? []: shanghai问磁盘阵列设备的位置，可以随便写，比如shanghai，就输入shanghai；Do you want to run DNS resolver? [n]:是否配置DNS，输入n，不配置；Do you want to run NIS client? [n]:是否配置NIS，输入n，不配置；Do you want to configure the Shelf Alternate Control path Management interface for SAS shelves [n]:按提示创建root密码1.2输入license序列号1，通过超级终端登录，可以先执行sysconfig命令查看一下磁盘阵列的配置情况，如下；filer1> sysconfig -aNetApp Release 8.1X47 7-Mode: Fri Mar 23 16:56:50 PDT 2012System ID: 4060371308 (filer1)System Serial Number: 4060371-30-8 (filer1)System Storage Configuration: Multi-PathSystem ACP Connectivity: NAslot 0: System Board 2.5 GHz (NetApp VSim)Model Name: SIMBOXSerial Number: 999999Loader version: 1.0Processors: 2Processor ID: 0x1067aMicrocode Version: 0xa0bMemory Size: 1599 MBMemory Attributes: NoneVirtual NVRAM Size: 32 MBslot 0: 10/100/1000 Ethernet Controller Ve0a MAC Address: 00:0c:29:3f:1a:73 (auto-1000t-fd-up)e0b MAC Address: 00:0c:29:3f:1a:7d (auto-1000t-fd-up)e0c MAC Address: 00:0c:29:3f:1a:87 (auto-1000t-fd-up)e0d MAC Address: 00:0c:29:3f:1a:91 (auto-1000t-fd-up)Device Type: Rev 1memory mapped I/O base 0xd8040000, size 0x20000memory mapped I/O base 0xd8000000, size 0x10000I/O base 0x00000000000010c0, size 0x40memory mapped I/O base 0xd8060000, size 0x20000memory mapped I/O base 0xd8010000, size 0x10000I/O base 0x0000000000001400, size 0x40memory mapped I/O base 0xd8080000, size 0x20000memory mapped I/O base 0xd8020000, size 0x10000I/O base 0x0000000000001440, size 0x40memory mapped I/O base 0xd80a0000, size 0x20000memory mapped I/O base 0xd8030000, size 0x10000I/O base 0x0000000000001480, size 0x402，使用license命令来添加所有已购买的license，如下；filer1> license add DZDACHDA cifs site license has been installed.Run cifs setup to enable cifs.filer1> Mon Jul 30 11:05:53 CST [telnet_0:notice]: cifs licensedfiler1> license add BQOEAZLA nfs site license has been installed.nfs enabled.filer1> Mon Jul 30 11:06:09 CST [telnet_0:notice]: nfs licensedfiler1> license add BKHEXNBA fcp site license has been installed.Run 'fcp start' to start the FCP service.Also run 'lun setup' if necessary to configure LUNs.FCP enabled.filer1> Mon Jul 30 11:06:29 CST [telnet_0:notice]: fcp licensed二、 NetApp存储管理系统System Manager安装及连接2.1System Manger 安装无需存储专业知识即可管理NetApp 存储系统。

NetApp存储系统安装、配置和维护手册网存文档信息本安装和维护手册为 XXX 定制，为NetApp标准文档之补充。

目录1作业规划步骤 (1)2配置步骤 (3)2.1设置磁盘归属，创建ROOT卷 (3)2.2检查并更新各部件的firmware系统版本 (15)2.3检查并更新存储操作系统版本 (19)2.4输入软件许可 (23)2.5执行SETUP进行初始化设置 (23)2.6调整ROOT卷的大小 (29)2.7配置VLAN (29)2.8修改HOSTS文件 (31)2.9修改/etc/rc文件 (32)2.10配置AutoSupport服务 (33)2.11配置SSH (34)2.12配置SNMP (35)2.13配置NTP (36)2.14配置MTA (36)2.15配置IPspace (37)2.16配置MultiStore (37)2.17配置CIFS (41)2.18配置ISCSI (44)2.19配置FCP (45)2.20配置NFS (46)2.21配置重复数据删除 (47)2.22配置Snaprestore (48)2.23容灾实现Snapmirror (52)3日常维护 (55)3.1正常开关机 (55)3.2维护手段 (55)3.2.1Filerview 图形管理接口 (55)3.2.2命令行(CLI) (57)3.3空间管理：Aggr, Volume和lun的介绍 (57)3.4常用命令基本应用 (58)3.5日常系统检查 (58)3.5.1目测 (58)3.5.2例行系统检查 (58)3.6autosupport功能简介和配置 (59)4故障处理流程 (61)4.1支持方式 (61)4.1.1NetApp on the web (NOW) site和服务 (61)4.1.2GSC( Global Support Center 全球支持中心) (61)4.2案例开立流程 (62)4.3损坏部件更换流程 (62)1 作业规划步骤2 配置步骤配置参数表2.1 设置磁盘归属，创建ROOT卷2.2 检查并更新各部件的firmware系统版本2.3 检查并更新存储操作系统版本2.4 输入软件许可使用license add XXXXXXX命令添加许可，全部输入后，使用license命令进行检查。

NetApp FAS系列基本操作配置目录App存储系统 (3)2.系统基本操作维护指南 (5)2.1. 存储初始化配置 (5)2.2. 进入管理界面 (7)2.3. 系统基本信息 (8)2.4. 系统LOG信息 (9)2.5. 配置Autosupport (10)2.6. 设置时区、时间和日期 (10)2.7. 杂项设置 (11)2.8. 停机及重新启动 (12)2.9. 管理创建AGGR及卷 (13)2.10. 管理及创建Qtree (15)2.11. 磁盘配额 (16)2.12. SnapShot的配置和管理 (18)2.13. CIFS的相关信息 (20)2.14. CIFS共享 (23)2.15. ISCSI配置 (25)2.16. FC SAN配置 (29)2.17. 网络端口的管理 (32)2.18. 其他网络参数 (33)2.19. 更改root用户密码 (35)2.20. 系统实时状态监控 (35)附录一：磁盘更换步骤 (37)附录二：时间同步服务器的设置 (38)App存储系统NetApp 系统为各种不同平台上的用户提供了对全部企业数据的无缝访问。

NetApp全系列光纤网络存储系统在文件访问方面支持NFS 和CIFS，在块存储访问方面支持FCP 和iSCSI，确保您可以非常方便地将NetApp 存储系统集成到NAS 或SAN 环境中，并且保护原来的信息。

NetApp 的设计为专用访问环境中的应用程序服务器和服务器集群以及多用户环境中的用户提供了经过优化和整合的高性能数据访问方式。

NetApp 存储系统提供了经过实践考验的、超过99.998% 的数据可用性，减少了代价高昂的停机时间（无论是计划内的还是计划外的），最大限度地保障了对关键数据的访问。

它们在一个简单、易用的环境中实现了数据的可管理性、可扩展性、互操作性和可用性，从而降低了您的总拥有成本，加强了竞争优势。

NetApp系列产品具备真正的“统一引擎”功能，使您可以同时支持文件级和块级数据访问—而以前需要有多个系统才能完成这些过程。

华为数据中心N E T A P P存储基本安装配置指导书©2005 Network ApplianceAll rights reserved本文档介绍NetApp公司存储在华为数据中心安装，配置，测试功能的相关步骤及方法。

一、前言Network Appliance公司1992年成立于美国的Sunnyvale, 是一家跨国性高科技公司，专业从事网络存储设备和CDN设备的生产、开发及销售业务，现今在全球拥有超过100家分支机构，员工超过3,900余人。

公司是网络数据存储解决方案的市场领导者，其统一网络存储设备及网络缓存解决方案（NetCache）提供高效、简捷、可靠的数据存取。

自1992年成立至今，全球已安装了超过60000台，连续8年以每年营业额和利润翻番的速度高速增长，其销售和利润增长率均位居全美高科技企业前列。

1999及2000年度，网域存储技术公司连续两年被美国财富杂志（Fortune）评为美国100家增长速度最快公司中的第4位, 是有史以来纳斯达克（NASDAQ）100强和S&P500强中最年轻的公司，而我们的首席执行官Dan Warmenhoven先生也以其杰出的管理才能被美国商业周刊（Business Week）评为2000年度全球25名管理精英之一。

在2005年, 被全美评为最适合人工作的IT公司第5位。

NetApp的存储产品在维护管理上的简便性是世界公认的，其管理成本非常低，真正体现了Appliance的设计理念。

著名的研究机构INPUT的调查结果表明，NetApp的整体拥有成本在数据库的应用环境下，是众多厂商中最低的。

大约只有EMC的Symmetrics的25%。

而管理维护成本只有主机厂商的存储产品的管理维护成本的不到十分之一。

二、 NetApp存储安装如果安装一个全新的NetApp存储，首先将Console线连接到存储上，加电存储并进入存储console, 具体步骤如下所示：CFE version 1.2.0 based on Broadcom CFE: 1.0.35Copyright (C) 2000,2001,2002,2003 Broadcom Corporation.Portions Copyright (C) 2002,2003 Network Appliance Corporation.CPU type 0x1040102: 650MHzTotal memory: 0x40000000 bytes (1024MB)Starting AUTOBOOT press any key to abort...Loading: 0xffffffff80001000/21632 0xffffffff80006480/9820318 Entry at 0xffffffff80001000Starting program at 0xffffffff80001000Press CTRL-C for special boot menu ....................................................................................................................................... ....................................................................................................................................... ................Interconnect based upon M-VIA ERing SupportCopyright (c) 1998-2001 Berkeley Lab/research/FTG/viaThu Sep 1 02:09:51 GMT [cf.nm.nicTransitionUp:info]: Interconnect link 0 is UPThu Sep 1 02:09:51 GMT [cf.nm.nicTransitionDown:warning]: Interconnect link 0 is DOWNSpecial boot options menu will be available.ispfc: Fibre Channel adapter 0c appears to be unattached/disconnected.If adapter is in use, check cabling and if connected to diskshelves, also check seating of LRC cards.Thu Sep 1 02:10:16 GMT [fci.initialization.failed:error]: Initialization failed on Fibre Channel adapter 0c.NetApp Release 7.0.1R1: Wed May 18 23:02:49 PDT 2005Copyright (c) 1992-2005 Network Appliance, Inc.Starting boot on Thu Sep 1 02:09:50 GMT 2005Thu Sep 1 02:10:19 GMT [diskown.isEnabled:info]: software ownership has been enabled for this system(1) Normal boot.(2) Boot without /etc/rc.(3) Change password.(4) Assign ownership and initialize disks for root volume.(4a) Same as option 4, but create a flexible root volume.(5)Maintenance mode boot.Selection (1-5)? 4aZero disks and install a new file system? yThis will erase all the data on the disks, are you sure? yZeroing disks takes about 23 minutes..........................................................................................................................................................................................................................................................................................对于启动的菜单提示(1) Normal boot. ---- 正常启动, 效果如启动时候不输入“Ctrl+C”一样。

华为数据中心N E T A P P存储基本安装配置指导书©2005 Network ApplianceAll rights reserved本文档介绍NetApp公司存储在华为数据中心安装，配置，测试功能的相关步骤及方法。

一、前言Network Appliance公司1992年成立于美国的Sunnyvale, 是一家跨国性高科技公司，专业从事网络存储设备和CDN设备的生产、开发及销售业务，现今在全球拥有超过100家分支机构，员工超过3,900余人。

公司是网络数据存储解决方案的市场领导者，其统一网络存储设备及网络缓存解决方案（NetCache）提供高效、简捷、可靠的数据存取。

自1992年成立至今，全球已安装了超过60000台，连续8年以每年营业额和利润翻番的速度高速增长，其销售和利润增长率均位居全美高科技企业前列。

1999及2000年度，网域存储技术公司连续两年被美国财富杂志（Fortune）评为美国100家增长速度最快公司中的第4位, 是有史以来纳斯达克（NASDAQ）100强和S&P500强中最年轻的公司，而我们的首席执行官Dan Warmenhoven先生也以其杰出的管理才能被美国商业周刊（Business Week）评为2000年度全球25名管理精英之一。

在2005年, 被全美评为最适合人工作的IT公司第5位。

NetApp的存储产品在维护管理上的简便性是世界公认的，其管理成本非常低，真正体现了Appliance的设计理念。

著名的研究机构INPUT的调查结果表明，NetApp的整体拥有成本在数据库的应用环境下，是众多厂商中最低的。

大约只有EMC的Symmetrics的25%。

而管理维护成本只有主机厂商的存储产品的管理维护成本的不到十分之一。

二、 NetApp存储安装如果安装一个全新的NetApp存储，首先将Console线连接到存储上，加电存储并进入存储console, 具体步骤如下所示：CFE version 1.2.0 based on Broadcom CFE: 1.0.35Copyright (C) 2000,2001,2002,2003 Broadcom Corporation.Portions Copyright (C) 2002,2003 Network Appliance Corporation.CPU type 0x1040102: 650MHzTotal memory: 0x40000000 bytes (1024MB)Starting AUTOBOOT press any key to abort...Loading: 0xffffffff80001000/21632 0xffffffff80006480/9820318 Entry at 0xffffffff80001000Starting program at 0xffffffff80001000Press CTRL-C for special boot menu ....................................................................................................................................... ....................................................................................................................................... ................Interconnect based upon M-VIA ERing SupportCopyright (c) 1998-2001 Berkeley Lab/research/FTG/viaThu Sep 1 02:09:51 GMT [cf.nm.nicTransitionUp:info]: Interconnect link 0 is UPThu Sep 1 02:09:51 GMT [cf.nm.nicTransitionDown:warning]: Interconnect link 0 is DOWNSpecial boot options menu will be available.ispfc: Fibre Channel adapter 0c appears to be unattached/disconnected.If adapter is in use, check cabling and if connected to diskshelves, also check seating of LRC cards.Thu Sep 1 02:10:16 GMT [fci.initialization.failed:error]: Initialization failed on Fibre Channel adapter 0c.NetApp Release 7.0.1R1: Wed May 18 23:02:49 PDT 2005Copyright (c) 1992-2005 Network Appliance, Inc.Starting boot on Thu Sep 1 02:09:50 GMT 2005Thu Sep 1 02:10:19 GMT [diskown.isEnabled:info]: software ownership has been enabled for this system(1) Normal boot.(2) Boot without /etc/rc.(3) Change password.(4) Assign ownership and initialize disks for root volume.(4a) Same as option 4, but create a flexible root volume.(5)Maintenance mode boot.Selection (1-5)? 4aZero disks and install a new file system? yThis will erase all the data on the disks, are you sure? yZeroing disks takes about 23 minutes..........................................................................................................................................................................................................................................................................................对于启动的菜单提示(1) Normal boot. ---- 正常启动, 效果如启动时候不输入“Ctrl+C”一样。

客户服务指南NETAPP存储系统Version 1.02010-10目录一、介绍 (3)二、NetApp常用硬件设备说明 (4)2.1NetApp FAS6000系列硬件设备说明 (4)2.2NetApp FAS3000系列硬件设备说明 (6)2.3NetApp FAS2000系列硬件设备说明 (8)2.4NetApp FAS200系列硬件设备说明 (10)2.5NetApp磁盘柜硬件设备说明 (11)三、NetApp设备日常管理 (14)3.1FILERVIEW 图形管理接口 (14)3.2命令行(CLI) (17)四、NetApp设备日常维护 (19)五、NetApp Autosupport (21)5.1 NetApp Autosupport (21)5.2 NetApp Premium Autosupport (23)六、NetApp设备故障报修 (29)七、NetApp培训和认证 (30)7.1NetApp 认证数据管理员 (NCDA) (32)7.2NetApp认证实施工程师 (NCIE) (33)7.3NetApp授权培训伙伴(ALP) (33)一、介绍感谢您选择中建电子工程有限公司作为服务提供商。

作为支持程序的一部分，我们将最大限度的提高贵单位的NetApp存储系统在线时间，并提供高水平的个性化支持。

在这个客户支持指南内，您会发现有关如何最好地利用我们的支持计划，以减轻您的商业风险和提高您的NetApp系统使用经验。

这个客户支持指南包含以下内容:✓NetApp常见硬件说明✓NetApp设备日常管理✓NetApp设备日常维护✓NetApp设备故障处理流程✓NetApp培训和认证中建电子工程有限公司争取充分了解您的业务和服务的需要，以使您满意对NetApp产品和我们的支持服务上投资所带来的益处。

二、NetApp常用硬件设备说明2.1 NetApp FAS6000系列硬件设备说明NETAPP FAS6000前面板显示NetApp FAS6000后面板显示2.2 NetApp FAS3000系列硬件设备说明NetApp FAS3000系列前面板显示液晶板显示存储系统状态信息。

NetApp存储设备配置说明修改记录目录1编写目的 (1)2专业名词和缩略语 (2)3组网方式和环境介绍 (3)4安装配置方法 (3)4.1N ET A PP硬件安装 (3)4.2设备初始化和系统设定 (4)4.2.1设备初始化 (4)4.2.2系统设定 (4)4.3操作系统安装 (6)4.3.1注册现有系统的cifs服务，将操作系统文件上传至FAS存储系统 (6)4.4应用配置 (8)4.4.1系统参数配置 (8)4.4.2注册需要使用的服务 (10)4.4.3创建一个卷并输出空间 (12)4.4.4创建一个Qtree并实施quota限制 (17)4.4.5配置autosupport (19)4.4.6配置snapshot策略及数据恢复方法 (19)4.4.7磁盘故障的数据恢复方法 (19)4.4.8配置Cluster (19)1 编写目的编写本文档的目的在于详细地说明NetApp FAS存储系统的安装、配置以及常用命令的介绍和可靠性维护、故障检查与恢复的方法，便于开发、测试、用服和工程维护人员安装、使用和维护NetApp FAS存储系统存储系统。

2 专业名词和缩略语3 组网方式和环境介绍NetAppFAS3240AESX ServerSWITCHESX Server图3.1 NetApp FAS存储系统组网结构NetApp FAS存储系统存储设备以NAS存储方式使用，通过万兆交换机与主机相连接。

4 安装配置方法4.1 NetApp硬件安装存储设备硬件的安装主要是各盘柜间线缆的连接、磁盘安装、盘柜上架、上电等，以上操作多由NetApp技术支持工程师完成。

使用存储设备随机携带的“DB－9 to RJ－45”转接线将FAS存储系统的CONSOLE端口和安装了WINDOWS操作系统的主机串口相连，在WINDOWS主机上安装SecureCRT软件，新建一个serial协议的连接，其中port参数根据所连接的是COM1还是COM2来进行选择，其余参数参考图4.1所示，通过串口连接登录到FAS存储系统。

NetApp磁盘阵列安装手册目录目录 (1)一、磁盘阵列的系统安装 (2)1.1初始化磁盘阵列 (2)1.2输入license序列号 (8)1.3配置CIFS (9)1.4在机头中安装阵列操作系统 (11)二、磁盘阵列的SSL安全认证配置 (13)2.1通过浏览器来管理磁盘阵列 (13)2.2配置SSL安全认证 (15)三、磁盘阵列的空间配置和分配 (18)3.1在aggr0中添加新的磁盘 (18)3.2消除磁盘Aggregate的快照预留空间 (22)3.3缩小卷vol0的磁盘空间 (22)3.4创建新的Volume (27)3.5消除Volume的快照预留空间 (31)3.6在新建卷上的参数修改 (33)3.7在IBM主机上安装NetApp磁盘路径管理软件 (34)3.8创建LUN存储单元 (36)3.8.1开启FCP功能 (36)3.8.2创建一个Qtree (38)3.8.3创建一个Lun存储单元 (39)3.8.4在主机上使用LUN来存储数据 (44)一、磁盘阵列的系统安装1.1初始化磁盘阵列NetApp FAS3020C是NetApp产品中一款有双机头的磁盘阵列，需要先在每个机头中安装好操作系统，才能正常使用。

安装步骤如下：1，通过笔记本电脑或其它Windows平台PC机的串口，连接到机头上的串口上；2，通过超级终端，以默认值连接来进行操作；操作过程如下：CFE version 3.0.0 based on Broadcom CFE: 1.0.40Copyright (C) 2000,2001,2002,2003 Broadcom Corporation.Portions Copyright (c) 2002-2005 Network Appliance, Inc.CPU type 0xF29: 2800MHzTotal memory: 0x80000000 bytes (2048MB)CFE> bye输入bye 后，开始启动；CFE version 3.0.0 based on Broadcom CFE: 1.0.40Copyright (C) 2000,2001,2002,2003 Broadcom Corporation.Portions Copyright (c) 2002-2005 Network Appliance, Inc.CPU type 0xF29: 2800MHzTotal memory: 0x80000000 bytes (2048MB)Starting AUTOBOOT press any key to abort...Loading: 0x200000/24732624 0x19963d0/33360796 0x3966f70/1995456 Entry at 0x00200000 Starting program at 0x00200000Press CTRL-C for special boot menu提示按CTRL-C后弹出启动菜单；Special boot options menu will be available.Mon Mar 20 07:54:25 GMT [cf.nm.nicTransitionUp:info]: Interconnect link 0 is UPNetApp Release 7.0.3: Fri Dec 2 06:00:21 PST 2005Copyright (c) 1992-2005 Network Appliance, Inc.Starting boot on Mon Mar 20 07:54:14 GMT 2006(1) Normal boot.(2) Boot without /etc/rc.(3) Change password.(4) Initialize all disks.(4a) Same as option 4, but create a flexible root volume.(5) Maintenance mode boot.Selection (1-5)?4a这里选择4a，初始化所有的磁盘，并且创建一个root卷，此卷将用于操作系统的安装；Zero disks and install a new file system? y选择y，确认将所有的磁盘零化，并且安装新的文件系统；This will erase all the data on the disks, are you sure? Y选择y，确认将删除磁盘上的所有数据；Zeroing disks takes about 80 minutes. .................................................................................................................................................................... .................................................................................................................................................................... .................................................................................................................................................................... .................................................................................................................................................................... .................................................................................................................................................................... .................................................................................................................................................................... .................................................................................................................................................................... ..................................................................Mon Mar 20 09:15:30 GMT [raid.disk.zero.done:notice]: Disk 0a.23 Shelf ? Bay ? [NETAPP X276_S10K7288F10 NA01] S/N [3KR16HQC00007617E7VE] : disk zeroing complete...............Mon Mar 20 09:15:34 GMT [raid.disk.zero.done:notice]: Disk 0a.18 Shelf ? Bay ? [NETAPP X276_S10K7288F10 NA01] S/N [3KR18YGC000076187JGK] : disk zeroing complete ....................Mon Mar 20 09:15:40 GMT [raid.disk.zero.done:notice]: Disk 0a.20 Shelf ? Bay ? [NETAPP X276_S10K7288F10 NA01] S/N [3KR18MYR0000761769S1] : disk zeroing complete .............Mon Mar 20 09:15:43 GMT [raid.disk.zero.done:notice]: Disk 0a.22 Shelf ? Bay ? [NETAPP X276_S10K7288F10 NA01] S/N [3KR18QV900007617LZY3] : disk zeroing complete ..................Mon Mar 20 09:15:48 GMT [raid.disk.zero.done:notice]: Disk 0a.16 Shelf ? Bay ? [NETAPP X276_S10K7288F10 NA01] S/N [3KR18PE1000076187KXZ] : disk zeroing complete ...............Mon Mar 20 09:15:52 GMT [raid.disk.zero.done:notice]: Disk 0a.21 Shelf ? Bay ? [NETAPP X276_S10K7288F10 NA01] S/N [3KR17PT300007617M1P2] : disk zeroing complete .................................................................................................................................................................... ...............Mon Mar 20 09:16:42 GMT [raid.disk.zero.done:notice]: Disk 0a.17 Shelf ? Bay ? [NETAPP X276_S10K7288F10 NA01] S/N [3KR18Y6700007617695Y] : disk zeroing complete .................................................................................................................................................................... .............Mon Mar 20 09:18:44 GMT [raid.disk.zero.done:notice]: Disk 0a.19 Shelf ? Bay ? [NETAPP X276_S10K7288F10 NA01] S/N [3KR1911Z0000761769R8] : disk zeroing completeMon Mar 20 09:18:45 GMT [raid.vol.disk.add.done:notice]: Addition of Disk /aggr0/plex0/rg0/0a.18 Shelf 1 Bay 2 [NETAPP X276_S10K7288F10 NA01] S/N [3KR18YGC000076187JGK] to aggregate aggr0 has completed successfullyMon Mar 20 09:18:45 GMT [raid.vol.disk.add.done:notice]: Addition of Disk /aggr0/plex0/rg0/0a.17 Shelf 1 Bay 1 [NETAPP X276_S10K7288F10 NA01] S/N [3KR18Y6700007617695Y] to aggregate aggr0 has completed successfullyMon Mar 20 09:18:45 GMT [raid.vol.disk.add.done:notice]: Addition of Disk /aggr0/plex0/rg0/0a.16 Shelf 1 Bay 0 [NETAPP X276_S10K7288F10 NA01] S/N [3KR18PE1000076187KXZ] to aggregate aggr0 has completed successfullyMon Mar 20 09:18:45 GMT [wafl.vol.add:notice]: Aggregate aggr0 has been added to the system. Mon Mar 20 09:18:46 GMT [fmmbx_instanceWorke:info]: no mailbox instance on primary sideMon Mar 20 09:18:47 GMT [fmmbx_instanceWorke:info]: Disk 0a.18 is a primary mailbox disk Mon Mar 20 09:18:47 GMT [fmmbx_instanceWorke:info]: Disk 0a.17 is a primary mailbox disk Mon Mar 20 09:18:47 GMT [fmmbx_instanceWorke:info]: normal mailbox instance on primary side Mon Mar 20 09:18:47 GMT [fmmbx_instanceWorke:info]: Disk 0b.18 is a backup mailbox diskMon Mar 20 09:18:47 GMT [fmmbx_instanceWorke:info]: Disk 0b.17 is a backup mailbox diskMon Mar 20 09:18:47 GMT [fmmbx_instanceWorke:info]: normal mailbox instance on backup sideMon Mar 20 09:18:48 GMT [lun.metafile.dirCreateFailed:error]: Couldn't create vdisk metafile directory /vol/vol0/vdisk.DBG: Set filer.serialnum to: 1071155ifconfig e0a mediatype autoConfiguring onboard ethernet e0a.Contacting DHCP server.Ctrl-C to skip DHCP search ...Mon Mar 20 09:18:48 GMT [rc:info]: Contacting DHCP serverMon Mar 20 09:18:52 GMT [rc:info]: DHCP config failedConfiguring e0a using DHCP failed.NetApp Release 7.0.3: Fri Dec 2 06:00:21 PST 2005System ID: 010******* (); partner ID: <unknown> ()System Serial Number: 1071155 ()System Rev: E0slot 0: System BoardProcessors: 1Memory Size: 2048 MBslot 0: Dual 10/100/1000 Ethernet Controller VIe0a MAC Address: 00:a0:98:03:88:13 (auto-unknown-cfg_down)e0c MAC Address: 00:a0:98:03:88:10 (auto-unknown-cfg_down)e0d MAC Address: 00:a0:98:03:88:11 (auto-unknown-cfg_down) slot 0: FC Host Adapter 0a8 Disks: 2176.0GB1 shelf with ESH2slot 0: FC Host Adapter 0b8 Disks: 2176.0GB1 shelf with ESH2slot 0: Fibre Channel Target Host Adapter 0cslot 0: Fibre Channel Target Host Adapter 0dslot 0: SCSI Host Adapter 0eslot 0: NetApp ATA/IDE Adapter 0f (0x000001f0)0f.0 245MBslot 3: NVRAMMemory Size: 512 MBPlease enter the new hostname []: headb输入这个机头的主机名，这里举例为headb；Do you want to configure virtual network interfaces? [n]: y问是否要配置虚拟网卡，如果要创建的话，输入y；Number of virtual interfaces to configure? [0] 1输入要配置几块虚拟网卡，如配置1块虚拟网卡，就输入1；Name of virtual interface #1 []: vif1输入虚拟网卡的名称，这里举例为vif1；Is vif1 a single [s] or multi [m] virtual interface? [m] s选择虚拟网卡的类型是single还是multi，这里选择s；Number of links for vif1? [0] 2虚拟网卡所包含真实网卡的数量，如果用两块网卡绑定成一块虚拟网卡就输入2；Name of link #1 for vif1 []: e0a输入用于绑定的真实网卡的设备名，可以从阵列设备后面的网络接口上看到；Name of link #2 for vif1 []: e0b输入用于绑定的真实网卡的设备名，可以从阵列设备后面的网络接口上看到；Please enter the IP address for Network Interface vif1 []: 192.168.0.88输入虚拟网卡的IP地址；Please enter the netmask for Network Interface vif1 [255.255.255.0]:输入虚拟网卡的掩码，默认就直接回车；Should virtual interface vif1 take over a partner virtual interface during failover? [n]: y是否允许虚拟网卡在故障时切换到另一个机头上，输入y；The clustered failover software is not yet licensed. To enablenetwork failover, you should run the 'license' command forclustered failover.会提示说没有输入Clustered failover功能的license，需要输入才能实现网络切换功能；Please enter the partner virtual interface name to be taken over by vif1 []: vif1输入另一个机头上的会被切换过来的虚拟网卡的名字；Please enter media type for vif1 {100tx-fd, tp-fd, 100tx, tp, auto (10/100/1000)} [auto]:输入虚拟网卡的类型，一般是自适应，选默认auto；Please enter the IP address for Network Interface e0c []:输入网卡e0c的IP地址，不设置就直接回车；Should interface e0c take over a partner IP address during failover? [n]: n是否允许网卡e0c在故障时切换到另一个机头上，这里不配置就输入n；Please enter the IP address for Network Interface e0d []:输入网卡e0d的IP地址，不设置就直接回车；Should interface e0d take over a partner IP address during failover? [n]: n是否允许网卡e0d在故障时切换到另一个机头上，这里不配置就输入n；Would you like to continue setup through the web interface? [n]: n问是否通过web方式来进行继续的安装，输入n，不需要；Please enter the name or IP address of the default gateway:输入默认网关的名字和IP地址，无须输入就直接回车；The administration host is given root access to the filer's/etc files for system administration. To allow /etc root accessto all NFS clients enter RETURN below.Please enter the name or IP address of the administration host:输入超级管理主机的主机名或IP地址，没有就直接回车；Where is the filer located? []: nanjing问磁盘阵列设备的位置，可以随便写，比如南京，就输入nanjing；Do you want to run DNS resolver? [n]:是否配置DNS，输入n，不配置；Do you want to run NIS client? [n]:是否配置NIS，输入n，不配置；This system will send event messages and weekly reports to Network Appliance Technical Support. To disable this feature, enter "options autosupport.support.enable off" within 24 hours. Enabling Autosupport can significantly speed problem determination and resolution should a problem occur on your system. For further information on Autosupport, please see: /autosupport/ Press the return key to continue.提示说，阵列系统默认的自动发送事件日志和周报告功能是打开的，如果需要关闭，请输入options autosupport.support.enable off。

华为数据中心N E T A P P存储基本安装配置指导书©2005 Network ApplianceAll rights reserved本文档介绍NetApp公司存储在华为数据中心安装，配置，测试功能的相关步骤及方法。

一、前言Network Appliance公司1992年成立于美国的Sunnyvale, 是一家跨国性高科技公司，专业从事网络存储设备和CDN设备的生产、开发及销售业务，现今在全球拥有超过100家分支机构，员工超过3,900余人。

公司是网络数据存储解决方案的市场领导者，其统一网络存储设备及网络缓存解决方案（NetCache）提供高效、简捷、可靠的数据存取。

自1992年成立至今，全球已安装了超过60000台，连续8年以每年营业额和利润翻番的速度高速增长，其销售和利润增长率均位居全美高科技企业前列。

1999及2000年度，网域存储技术公司连续两年被美国财富杂志（Fortune）评为美国100家增长速度最快公司中的第4位, 是有史以来纳斯达克（NASDAQ）100强和S&P500强中最年轻的公司，而我们的首席执行官Dan Warmenhoven先生也以其杰出的管理才能被美国商业周刊（Business Week）评为2000年度全球25名管理精英之一。

在2005年, 被全美评为最适合人工作的IT公司第5位。

NetApp的存储产品在维护管理上的简便性是世界公认的，其管理成本非常低，真正体现了Appliance的设计理念。

著名的研究机构INPUT的调查结果表明，NetApp的整体拥有成本在数据库的应用环境下，是众多厂商中最低的。

大约只有EMC的Symmetrics的25%。

而管理维护成本只有主机厂商的存储产品的管理维护成本的不到十分之一。

二、 NetApp存储安装如果安装一个全新的NetApp存储，首先将Console线连接到存储上，加电存储并进入存储console, 具体步骤如下所示：CFE version 1.2.0 based on Broadcom CFE: 1.0.35Copyright (C) 2000,2001,2002,2003 Broadcom Corporation.Portions Copyright (C) 2002,2003 Network Appliance Corporation.CPU type 0x1040102: 650MHzTotal memory: 0x40000000 bytes (1024MB)Starting AUTOBOOT press any key to abort...Loading: 0xffffffff80001000/21632 0xffffffff80006480/9820318 Entry at 0xffffffff80001000Starting program at 0xffffffff80001000Press CTRL-C for special boot menu ....................................................................................................................................... ....................................................................................................................................... ................Interconnect based upon M-VIA ERing SupportCopyright (c) 1998-2001 Berkeley Lab/research/FTG/viaThu Sep 1 02:09:51 GMT [cf.nm.nicTransitionUp:info]: Interconnect link 0 is UPThu Sep 1 02:09:51 GMT [cf.nm.nicTransitionDown:warning]: Interconnect link 0 is DOWNSpecial boot options menu will be available.ispfc: Fibre Channel adapter 0c appears to be unattached/disconnected.If adapter is in use, check cabling and if connected to diskshelves, also check seating of LRC cards.Thu Sep 1 02:10:16 GMT [fci.initialization.failed:error]: Initialization failed on Fibre Channel adapter 0c.NetApp Release 7.0.1R1: Wed May 18 23:02:49 PDT 2005Copyright (c) 1992-2005 Network Appliance, Inc.Starting boot on Thu Sep 1 02:09:50 GMT 2005Thu Sep 1 02:10:19 GMT [diskown.isEnabled:info]: software ownership has been enabled for this system(1) Normal boot.(2) Boot without /etc/rc.(3) Change password.(4) Assign ownership and initialize disks for root volume.(4a) Same as option 4, but create a flexible root volume.(5)Maintenance mode boot.Selection (1-5)? 4aZero disks and install a new file system? yThis will erase all the data on the disks, are you sure? yZeroing disks takes about 23 minutes..........................................................................................................................................................................................................................................................................................对于启动的菜单提示(1) Normal boot. ---- 正常启动, 效果如启动时候不输入“Ctrl+C”一样。

⽤netuserdomain管理AD域⽤户（ActiveDirectory）（Window。

在Windows渗透测试过程中，最常⽤的要数net user 命令了，但是⾮常多的时候我们都是对Linux命令⾮常熟悉，对Windows命令⾮常熟悉或者了解⽤法的少只有少，为了以后⼯作⽅便，这⾥记录⼀下Windows系统中的 net user 命令的⽤法。

⼀、有问题找Help：1 2 3 4 5 6 7 8[c:\~]$ net user /?此命令的语法是:NET USER[username [password | *] [options]] [/DOMAIN]username {password | *} /ADD [options] [/DOMAIN] username [/DELETE] [/DOMAIN]username [/TIMES:{times | ALL}]⼆、详细解释：参数：username：指定⽤户名password：使⽤密码命令：/add 添加⽤户/delete 删除⽤户/domain 指定在域控中执⾏/active:{yes | no} 是否激活，默认是/comment:”text” 为账户设定描述信息/expires:{date | never} 设定过期时间/homedir:{directory} 指定⽤户的家⽬录/passwordchg:{yes | no} 是否允许⽤户⾃⼰更改密码，默认是/passwordreq:{yes | no} 指定⽤户是否必须设置密码，默认是/profilepath[:path] 指定⽤户配置⽂件路径/scriptpath:[:filename] ⽤户登录脚本位置/times:{times | all} 指定⽤户可以登录的时间/usercomment:”text” 使管理员可以更改此账户的描述信息/workstations:{computername[,…] | *} 指定主机名能够登录此账户net help user 输出帮助信息，详细帮助信息如下：1 2 3Microsoft Windows [版本 ]版权所有 (c) Microsoft Corporation。

域⽤户共享⽂件夹权限设置、共享⽬录给域⽤户权限、ad域共享⽂件夹权限设置⽅法现在公司局域⽹中，通过搭建Windows AD域控制器来实现⽹络管理的现象极为普遍。

同时，通过域环境来共享⽂件、设置域⽤户访问共享⽂件的情形⽐较多。

那么，域环境下如何有效设置共享⽂件访问权限、如何监控共享⽂件访问⽇志呢？可以通过以下两种⽅法来实现：⽅法⼀、按照操作系统的共享⽂件访问权限设置的⽅法来设置域⽤户访问共享⽂件夹的权限。

在有域控制器的局域⽹内，⽂件服务器的共享⽂件夹可以轻松的设置复杂的访问权限，来应对公司各种⽂件保密的需求，这⼀点是⼯作组的计算机很难做到的。

下⾯我们就以Windows Server 2003的⽂件服务器为例来简单的介绍共享⽂件夹权限的设置。

右击需要共享的⽂件夹，在弹出的快捷菜单中选择“属性”，在属性窗⼝中选择“共享”选项卡，然后选中“共享此⽂件夹”，这时我们就共享的⼀个⽂件夹，接下来的⼯作就是设置权限了。

关于权限的设置，主要有两种⽅法。

第⼀种就是在属性窗⼝的“共享”选项卡进⾏简单的权限设置，第⼆种⽅法是在属性窗⼝的“安全”选项卡进⾏详细的设置。

如果是对⼀个共享⽂件夹⾥⾯的⼦⽂件夹设置权限，就只能⽤到第⼆种⽅法了。

先来介绍⼀下简单的权限设置，在属性窗⼝的“共享”选项卡上，单击“权限”按钮。

这样就进⼊的简单权限的设置了。

单击添加，就出现查找⽤户名或安全组的窗⼝了。

接下来就是添加⼀个⽤户，然后再设置简单的权限，总共就三项：完全控制，更改，读取。

⾄少查找⽤户的⽅法，在第⼆种权限设置⽅法中介绍。

详细的权限设置，共享⽂件夹及其⼦⽂件夹都能依照此⽅法设置。

先在“共享”选项卡中，将Everyone设置为完全控制。

打开“安全”选项卡，点击“添加”，出现查找窗⼝单击查找窗⼝中的“⾼级”按钮，弹出 “选择⽤户、计算机或组”的窗⼝来。

点击“⽴即查找”就能查找到域控制器上所有能看到的⽤户双击选中某⼀⽤户。

接着就能为该⽤户详细的指定权限了。