Cloud Volumes Service for AWS Common Questions Flashcards

1
Q

What ports need to be open to create the CIFS server?

A

If you use Windows Active Directory (AD) servers with cloud volumes, you should familiarize yourself with the guidance on AWS security group settings. The settings enable cloud volumes to integrate with AD correctly.

By default, the AWS security group applied to an EC2 Windows instance does not contain inbound rules for any protocol except RDP. You must add rules to the security groups that are attached to each Windows AD instance to enable inbound communication from Cloud Volumes Service. The required ports are as follows:

Service	Port	Protocol
AD Web Services
9389
TCP
DNS
53
TCP
DNS
53
UDP
ICMPv4
N/A
Echo Reply
Kerberos
464
TCP
Kerberos
464
UDP
Kerberos
88
TCP
Kerberos
88
UDP
LDAP
389
TCP
LDAP
389
UDP
LDAP
3268
TCP
NetBIOS name
138
UDP
SAM/LSA
445
TCP
SAM/LSA
445
UDP
Secure LDAP
636
TCP
Secure LDAP
3269
TCP
w32time
123
UDP
If you are deploying and managing your AD installation domain controllers and member servers on an AWS EC2 instance, you will require several security group rules to allow traffic for the Cloud Volumes Service. Below is an example of how to implement these rules for AD applications as part of the AWS CloudFormation template.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How are Share ACLs modified?

A

An account in the Domain Administrator’s group is required to change share permissions

Access Control Entries (ACEs) can be added to CIFS/SMB shares via the Computer Management console.

From the “Run” prompt on a Windows device, in the “open” field type compmgmt.msc and select “ok”. Once loaded, select “Action” > Connect to Another Computer. Input the IP or hostname of the storage device and click “ok”.

Select System Tools > Shared Folders > Shares to view the list of shares on the storage device. Right-click the share to be changed and select “Properties” > “Share Permissions”. Adjust the share permissions as necessary and then click “OK” to apply the changes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The cifs share is inaccessible via the hostname. An nslookup against hostname reports that the hostname is unresolvable.

A

In some circumstances, the A record for the CIFS server isn’t added to DNS on CIFS server creation. This causes subsequent CIFS server hostname lookups to fail. To remedy this, manually create the A record using the name in the UI for the CIFS server. To find the IP needed for the A record, create a small, temporary NFS volume if one doesn’t exist. The IP listed below the NFS volume in the ‘Volumes’ tab is the IP needed for creating the A record.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How do I change my DNS server?

A

Select the “Active directory” tab. Click the ‘Actions’ dropdown on the row that corresponds to the Active Directory settings that are being modified. Select “Update active directory”. This will bring up the “Update active directory” pane. Replace entries in the ‘DNS server’ field with the required DNS server(s) and clickthe “Update active directory” button.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How many DNS servers can be configured?

A

Up to three DNS servers can be configured.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Can the cifs server machine account be resynchronized if it was deleted or modified in AD?

A

Yes. Select the “Active directory” tab. Click the ‘Actions’ dropdown on the row that corresponds to the Active Directory settings that are being modified. Select “Update active directory”. This will bring up the “Update active directory” pane. Change the NetBIOS name to a different, available name. Click “Update active directory”. After this finishes, repeat the process with the original name. ‘klist purge’ any clients that may have a stale kerberos ticket from their CLI.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the ‘NetBIOS’ field used for in the “Create active directory” and “Active directory” forms?

A

This value is the CIFS Server machine account name that will be created in Active Directory for the CIFS Server. This machine account name should not be pre-provisioned.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Why is the Previous Version tab not available?

A

Some shares have been created without the flag that allows for Previous Versions access. Please open a case with NetApp support if you are unable to access the Previous Versions tab.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Why is the ~snapshot/.snapshot directory inaccessible?

A

The supported method for snapshot access is via Previous Versions. If the Previous Versions tab is unavailable/doesn’t work, please open a case with NetApp support.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

“Create New Volume” fails when SMB protocol is specified along with Active Directory settings:
ERROR 1: Reason: SecD Error: no server available

A

SOLUTION 1: DNS port 53 (TCP or UDP) may be blocked. Verify if those ports are reachable from the dns server and cloud volume IP.

SOLUTION 2: Verify that DNS srv (Service Location) records exist for kerberos and ldap on the DNS server.

SOLUTION 3: Kerberos port 88 (TCP) may be blocked. Verify if those ports are reachable from the KDC server and cloud volume IP.

SOLUTION 4: LDAP port 389 (TCP or UDP) may be blocked. Verify if those ports are reachable from the LDAP server and cloud volume IP.

SOLUTION 5: Verify SMB2 protocol version is enabled on the Domain Controller.

SOLUTION 6: Verify the account password specified in the Active Directory configuration is correct.

SOLUTION 7: Verify the account has permissions in Active Directory to join computer objects.

SOLUTION 8: Disable LDAP Server Signing Requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Can the Microsoft Client for NFS be used with Cloud Volumes?

A

The Microsoft Client for NFS is not compatible with Cloud Volumes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Does Cloud Volumes Service Sync support a data broker per region?

A

At this time, only one data broker is allowed across all regions. If multiple brokers are required in different regions, utilize the Cloud Sync standalone interface

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How are the data broker logs accessed?

A

Allow SSH in the security group to the data broker
SSH to the data broker
Log files are located in /opt/netapp/databroker/logs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Problem: Access Denied seen on transfer

A

Use the following checklist to assist with resolution
Confirm that the data broker has access to both source and destination
If using CIFS for the transfer protocol, ensure that share ACLs on both source/destination allow the user chosen to transfer the data
If using NFS for the transfer protocol, ensure that the export policy allow the IP of the data broker to mount with root/superuser access
Test access to both sides by mounting the exports manually from the data broker and attempt a test write to the destination
If the volume is specified as ‘Dual-protocol’ with NTFS security style and NFS as the transferring protocol
Consider whether manipulation of NT DACLs or unix mode bits will be the preferred method for permissions management
If unix mode bits managment is desired, change the volume to ‘unix’ security style
If NT DACLs will be used, a usermapping will be required for root to \root
This will require that \root be created in the AD domain that the CVS volume is joined to

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What maximum bandwidth should be expected from a Cloud Volumes Service volume?

A

A Cloud Volumes Service volume’s maximum bandwidth is a function of both the service level assigned to the volume as well as the volume’s allocated capacity. This matrix displays the maximum bandwidth given the service level and allocated capacity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What restore options do I have if files are overwritten or deleted within the Cloud Volumes?

A

Ensure that you have setup a snapshot policy when the volume was provisioned. The only natively available backup copies of data in Cloud Volumes are via these point-in-time references in snapshots.
Follow the AWS documentation on How to Restore Data from a Snapshot Copy.