View Video. View Document. Datacenter infrastructure and networking security Customers can use ExpressRoute to establish a Read Full Source. Read News.
|Published (Last):||7 February 2009|
|PDF File Size:||15.23 Mb|
|ePub File Size:||15.83 Mb|
|Price:||Free* [*Free Regsitration Required]|
January All Rights Reserved. EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice. The information in this publication is provided as is. EMC Corporation makes no representations or warranties of any kind with respect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for a particular purpose.
Use, copying, and distribution of any EMC software described in this publication requires an applicable software license. All other trademarks used herein are the property of their respective owners. This document describes the best practices and solution-specific configuration steps for deployment of this solution. Best practices are presented for both basic and advanced deployments.
Basic best practices should be used for quick, easy, and straightforward deployments and use the minimum settings to get started. The advanced best practices identify opportunities to configure the system for performance, scalability, or highly secure environments that require a more optimized deployment model.
Advanced best practices require a high level of knowledge, support, and time to plan the deployment of all the components in advance. Throughout this document, product version specific information is indicated in parentheses to indicate which components or versions the best practice is applicable or relevant to. The assumed level of technical knowledge is high for the devices and technologies described in this document. Terminology The abbreviations used in this document are summarized in Table 1.
Abbreviations Solution components The following solution components are described in this document: Symantec Enterprise Vault V9. Figure 1. This account is primarily responsible for running the multiple services and tasks on the Enterprise Vault server, but it also has several other responsibilities and requirements.
VSA users should be granted the following rights on the Enterprise Vault server: Log on as a service Act as part of the operating system Debug programs Replace a process-level token Log on as a batch job The Enterprise Vault installation process automatically grants these rights during installation; however, ensure that these have been maintained in the event that some modifications have been made to the server or an Active Directory Group Policy is configured to limit these rights.
Ensure that this account has sufficient privileges on the Isilon targets intended to be the file servers and Vault Stores. Complete information about this requirement is available at Bandwidth As a rule of thumb, the more bandwidth available between services, the greater the potential for performance.
Other factors account for overall performance; however, bandwidth can be an important component. For a single Enterprise Vault server connected to a cluster of Isilon nodes, a Gigabit Ethernet connection is sufficient for most deployments.
Under most conditions, an Isilon cluster dedicated for archiving will not require highbandwidth connections from all nodes in the cluster. This is because the archive processing is heavily CPU limited versus network bandwidth limited to achieve highperformance archiving throughput.
The following are recommendations for a cost-effective network connection from an Isilon cluster for archiving: Connect at least two different nodes in the cluster to two different Ethernet switches to avoid a single point of failure.
Note that the remaining nodes in the cluster do not require a connection to the network to process archiving data because the Isilon cluster itself provides complete utilization via the InfiniBand connection. This means that all nodes in the cluster are utilized for archiving, but only two are connected to the network and receive data from Enterprise Vault.
This architecture minimizes costs by connecting the smallest number of nodes to the network. Latency In this solution, the Enterprise Vault server reads files marked archived from file servers and then writes those files to the Isilon cluster. Once written, the files on the file server are replaced by shortcuts.
These shortcuts point to a running web server on the Enterprise Vault server, which in turn reads the files from the Isilon cluster and serves these files to connected clients.
Application performance is directly tied to the latency between the Enterprise Vault server and the Isilon cluster. It is recommended that no more than a 25 ms latency exist between the Enterprise Vault server and the Isilon cluster.
Performance could be seriously limited if this latency is greater than 50 ms. For smaller deployments, 1 GbE connections to the network are adequate to handle the archive bandwidth from a single archiving server. This recommendation applies only to Isilon clusters that are dedicated to the archive function.
The advantage of a Bit operating system is the operating system s ability to address greater amounts of RAM. This is especially advantageous if many concurrent searches are expected. The practical effect is that files are copied faster between Windows servers. The transfer speed is not generally an issue when ingesting data, but retrievals may be faster. Processor In general, the more powerful the processor, the greater the Enterprise Vault archiving and retrieval rates.
Quad-core processors are recommended for Enterprise Vault because the software makes good use of multicore processors. Enterprise Vault compresses data before committing to archive, raising the importance of the processor in overall system performance. During intense Enterprise Vault performance testing it was found that Enterprise Vault was capable of saturating a 2.
With Enterprise Vault, there is no benefit to enabling hyper-threading. Deploying Enterprise Vault V Storage To optimize the performance of Enterprise Vault, it is recommended that users store Enterprise Vault indexes on separate disks from the software s installation and the disks containing data to be archived. In this case, the Isilon OneFS default retention setting should be set to match the Enterprise Vault retention policy.
The retention policy should be configured according to corporate policy. The sections that follow provide guidance on best practices or required settings for each step, where applicable. In this way, the storage type for partitions created in Enterprise Vault can simply be based on the UNC name. The operation mode controls not only how SmartLock directories function, but also how the cluster can be accessed by users.
To upgrade a cluster to SmartLock Compliance mode after the initial cluster configuration process, contact Isilon Technical Support.
For settings that are not mentioned in the text that follows, there is no specific recommendation for deployment with Enterprise Vault V9.
Only a Compliance mode cluster can create Compliance directories. Compliance mode enables you to protect your data in compliance with the regulations defined by U. Securities and Exchange Commission rule 17a It is important to note the following: OneFS can operate in either the default SmartLock mode, or it can be upgraded during the initial cluster configuration process to SmartLock Compliance mode to meet SEC 17a-4 compliance.
For Compliance mode, a compliance administrator account is required to log in to the cluster. The compliance administrator account must be created during the initial cluster configuration process. For Compliance mode, time-dependent operations such as file retention rely on a SmartLock compliance clock. The SmartLock compliance clock must be set before a SmartLock compliance directory is created.
The compliance clock time cannot be modified once it has been set initially, so ensure that the system clock on the cluster nodes is correct and that the Network Time Protocol NTP is set up to synchronize the system clock to an external source.
If used, after a file has been in a SmartLock directory without being modified for the specific autocommit time period, the file is automatically committed to a WORM state the next time that file is accessed by a user.
The retention period of a file begins when the autocommit time period expires, if the retention period is configured via the minimum, maximum, or default retention period on a SmartLock directory and a relative time period is configured for example, years, months, weeks, or days. In such a case, if changes are made to the autocommit time period and the file is not committed to a WORM state, because a user has not accessed the file yet, then the file s retention period will ultimately change with a new start date.
Therefore, it is recommended that SmartLock configuration settings not be modified after files are added to the SmartLock directory. The autocommit time period can be configured by specifying a number of months, weeks, days, hours, or minutes, or by not indicating any timeframe disable autocommit on the SmartLock directory. Privileged delete optional feature provides the Isilon root user with the ability to delete WORM committed files. If set to on allowed , the default setting is off not allowed ; this option is not available on SmartLock Compliance directories.
Symantec Enterprise Vault does not configure this feature. If your organizational policy requires you to prevent WORM committed files from being deleted from a SmartLock Enterprise directory, even manually by the root user, this option should be set to disable, which is a permanent setting. Default Retention Period optional configured on an Isilon SmartLock directory is applied to a file when it is committed in WORM state without specifying a retention period.
In the case where Enterprise Vault is committing files to an Isilon SmartLock directory, the default retention period will only be applicable if Enterprise Vault has not been configured with any retention policy. When a retention policy is configured in Enterprise Vault, any or no value can be assigned to the Isilon default retention period. The default retention period option can be configured by specifying a number of years, months, weeks, or days, or not indicating any timeframe expires immediately , or by selecting an infinite retain forever , minimum use minimum retention setting , or maximum use maximum retention setting setting on the SmartLock directory.
Note: To set default retention period to infinity, use --default inf. A minimum retention period will act as the default retention period, if a default retention period is not configured on a SmartLock directory. As long as the retention period that is configured in Enterprise Vault is within this range not shorter than the minimum and also not longer than the maximum , the Enterprise Vault retention period will be applied.
The Minimum Retention Period option can be configured by specifying a number of years, months, weeks, or days, or not indicating any timeframe expires immediately , or by selecting infinite retain forever on the SmartLock directory. The Maximum Retention Period option can be configured by specifying a number of years, months, weeks, or days, or not indicating any timeframe unbounded maximum the same as infinite , or by selecting infinite retain forever setting on the SmartLock directory.
For example, the following command provides an example for all options in the case of an Enterprise directory. Any combination of these options may be used to meet your organization s needs. When to delete the safety copy is dictated by the Vault Store.
The available options for WORM and non-worm are as follows: Never, After backup, After backup immediate for journaling , and Immediately after archiving. If you have selected the After backup or After backup immediate for journaling option when creating a new Vault Store, the method to determine whether a backup has occurred will depend on whether the directory being used is a standard directory or a SmartLock one.
This process is described in more detail in the Vault Store Partition Properties section. Figure 5. Enterprise Vault new Vault Store remove safety copies after backup immediate for journaling process Vault Store Partition Properties Isilon cluster using a standard directory When using a standard directory, instead of a SmartLock directory, the Vault Store Partition Backup Properties may be set to either the Use the archive attribute or Check for a trigger file option.
The option selected may depend on capabilities of the backup system that is being used. Vault Store Partition Properties with a standard directory Isilon cluster using a SmartLock directory When using a SmartLock directory with the Vault Store safety copy removal set to After backup or After backup immediate for journaling , the Vault Store Partition Backup Properties must be set to the Check for a trigger file option because modification cannot be made to the archive attribute of a file committed to a WORM state.
In this case, the backup system must be able to populate the root of the Vault Store Partition Properties with a special file on completion of each backup. For more details, see Enterprise Vault uses the presence of this file as an indicator that the backup has been successfully completed and that it can remove the safety copies that correspond with the secured saveset files created before the special file s creation date.
Enterprise Vault checks Vault Store Partitions for a trigger file when the storage service starts and when the backup mode is cleared, typically with a backup application. Optionally, you can enable the Scan partition every option to force additional scans at the defined interval, in minute increments. Enterprise Vault and provide non-worm Isilon support only.
New partition storage type for Enterprise Vault and later New partition storage settings for an Isilon cluster with a standard directory The location for the new Vault Store partition UNC path can be entered as an IP address or host name to the standard directory that was created in previous steps.
EMC Isilon Share Configuration for Symantec Enterprise Vault
January All Rights Reserved. EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice. The information in this publication is provided as is. EMC Corporation makes no representations or warranties of any kind with respect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for a particular purpose. Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.
FILE ARCHIVAL USING SYMANTEC ENTERPRISE VAULT WITH EMC ISILON
Symantec Cluster File System. Requires specific device. Additionally, the folder within the share must have the following file system ACLs:. Actually system and VSA. The credential should belong to the user in the domain of which the Data Insight Collector node and the Isilon cluster are part. Get Support Create Case. What could be the problem.
Manual zz. The method of creating the archive share will differ, depending on whether the directory will be a SmartLock WORM directory or not. To create a SmartLock directory continue below, skipping figures 5 and 6. To create a standard directory, start at figure 5. Regarding the warnings shown, the default retention period and autocommit time period is not needed since EV will set and commit files to a WORM state.