How to: Configure EMC & NSS

Summary

If the ambition is to set hard quotas or file blocks on VNX/Celerra target storage, additional configurations are necessary.  If the ambition is only to scan and use soft quotas (no locking), this configuration is not necessary. We still recommend on the other hand. Having the fundamentals ready and configured will allow you to do a smooth transition from soft quotas to hard quotas if the ambition should change.

Components

  • Celerra Event Enabler Framework (CEE)  - An agent software that contains the EMC CAVA service.  This provides the CEPA functionalities and is installed on a Windows host.  CEE is also known as VEE (VNX Event Eneabler Framework). 

  • Common Event Publishing Agent (CEPA) - Functionality contained within CEE that enables VNX / Celerra integration with selected CQM applications (NSS is a CQM application). CEPA functionalities are provided by the EMC CAVA service.  A Windows host with an active CAVA service is called a CEPA Server.  CEPA is also known as VEPA (VNX Event Publishing Agent).

  • EMC CAVA - A service running on the CEPA server. This is the main service for CEPA.

  • NSS installation - A standard installation of Northern Storage Suite.  This is a CQM (Content/Quota Management) application registered to CEPA.

  • CEPA Client - In our case, this is the Data Mover that hosts CIFS server registered to the CEPA server.

  • CEPP - A service running on the Celerra/VNX.

  • cepp.conf - A configuration file for the CEPP service that determines what kind of file operation events that the targeted CEPA-server(s) should receive.

Points of Configuration

There are four points of configuration that need to be made in order to successfully integrate NSS with the EMC Celerra/VNX:

  1. Preparation
  2. Configure the cepp.conf
  3. Install and configure the EMC CEE Framework
  4. Configure Quota Server

Step-by-Step

Preparation

  1. Define and configure a service account to be used by NSS and VEE / CEE
    • On the NSS Managing Host, this account should have Administrator rights.
    • On the CEPA server, the account running CQM applications (the NSS service account) should belong to the local Administrator group.
    • On the VNX/Celerra CIFS server, the NSS service account should belong to the Backup Operators, Power Users, and Administrator local groups.

  2. IP Addresses
    • Note IP address of each NSS Managing Host.
    • Note IP address of each CEPA Server.

Configure the cepp.conf

The cepp.conf configuration file contains information that is necessary to connect one or more Data Movers to the Windows computers that contain the EMC CEE/VEE software (CEPA).

The cepp.conf-file must be created and configured accurately on every Datamover managed by NSS  to ensure the appropriate events are being sent to the software. It's very important that the file is created according to the instructions below and that it's placed at the correct location on the Datamover(s).

  1. Login to EMC Control station (for example via PuTTy)

  2. Create a new cepp.conf file
    • Command: vi cepp.conf
  3. Add the configuration settings required for NSS Quota management in the file

      If the environment has multiple CEPA servers, each CEPA server ip or the FQDN (in case of look-up problems) should be listed separated by a |. For example: Servers=192.168.10.10|192.168.10.20|192.168.10.33\  or Servers=server1.domain.com|server2.domain.com|server3.domain.com\

      It is of utmost importance that the preevents are configured according to the table below:

      Ensure that the information in the cepp.conf-file follows this syntax

      Pool name=NSS\
      Servers=CEPA servers ip addr\
      Preevents=OpenFileWrite|CreateFile|RenameFile|DeleteFile|CloseModified|CreateDir|RenameDir|DeleteDir|SetAclFile\
      option=ignore\
      reqtimeout=5000\
      retrytimeout=1000\


  4. Save file as cepp.conf

  5. Move file to Datamover root
      Command: server_file <movername>  -put cepp.conf cepp.conf
      If you need to look at the cepp.conf file you can get it with command “server_file <movername> -get cepp.conf cepp.con
  6. Start the CEPA facility

      Command: server_cepp -service -start
      Example: $server_cepp Server_2 -service -start
  7. Verify CEPA status
      Command: server_cepp -service -status
      Server should return " : CEPP started"
  8. Verify Pool status
      Command: server_cepp datamover_name -pool -info

      Example:

      pool_name = NSS

      server_required = No
      access_checks_ignored = 0
      req_timeout = 5000ms
      retry_timeout = 1000ms
      pre_events = OpenFileWrite, CreateFile, RenameFile, DeleteFile, CloseModified, CreateDir, RenameDir, DeleteDir, SetAclFile
      post_events =
      post_err_events =
      CEPP Servers:
      IP = xx.xx.xx.xx, state = ONLINE, rpc = MS-RPC over SMB, cava version = 6.0.4.0, nt status = SUCCESS, server name = server.domain.com

Install and configure the EMC CEE Framework
The EMC CEE/VEE (Common Event Enabler) Framework is the framework that includes CEPA and the EMC CAVA service. This framework needs to be installed on the NSS Server or on one or several Windows servers dedicated to hosting the CEPA-features.

Quota Server communicates to the CEPA-server(s) and utilizes the features within the framework to distribute hard locking to quotas (and usage tracking in NSS version 9.6 or later).

  1. Install EMC_CEE_Pack.exe on the CEPA Server(s) that are to talk to NSS
  2. Go through installer selecting default settings

      No special considerations needed for NSS
  3. Configure the EMC CAVA service to run under <NSS_ServiceAccount>. The EMC CAVA service is the main service for CEPA.
  4. Set Endpoint in the Windows registry at HKEY_LOCAL_MACHINE\SOFTWARE\EMC\Celerra Event Enabler\CEPP\CQM\Configuration

      Endpoint name is "Northern@<ip address of NSS server>".  If the CEPA server is also the NSS host, the endpoint is simply "Northern".

      If the environment has multiple endpoints (meaning multiple NSS Managing Hosts) list each endpoint separated by a semicolon. For example, Northern@128.199.5.10;Northern@128.199.5.12;Northern@128.199.20.12.

Configure Quota Server

  1. Start Quota Server
  2. Click on the 'System'-button at the very bottom in the left-sided menu
  3. Click on 'Quota Servers'
  4. Right click your Quota Server in the list and select 'Modify'.
  5. This activates the menu at the bottom of the screen. Select the 'EMC Settings'-tab.
  6. Type in the name of the EMC filer and apply the changes.

    Note: If version 9.6 or later is used, it's possible to use the CEPA-framework instead of CIFS to track the quota usage in real time. In version 9.7 or later, new installlations of NSS will utilize the CEPA usage tracking instead of CIFS-tracking.

    This requires that the cepp.conf is configured according to the instructions in the Configure the cepp.conf-section and that the Windows Registry parameter NQS::USECHANGENOTIF_VNX at HKEY_LOCAL_MACHINE\Software\Northern\Settings is changed from 0 to 1 on the NSS Managing Host.

    A restart of the NSS Quota Server service and the EMC CAVA service is required for the usage tracking change to register.

Verify Results

Quota test

Create a quota that points to a path on the Celerra.  Initially set it as a soft quota (no locking actions).  Create or copy a file on that quota path and verify that the size is being updated within NSS Quota Server. 

Set the quota to a lock action (adjust the quota size or thresholds for this test if necessary) and create or copy another file (or files) that bring the quoa path over the threshold with the locking action.  Once the threshold has been crossed, addtiional files should not be able to be created.

Basic troubleshooting

The most common reason for the quotas not working is that the NSS Service Account does not have administrative rights on the Celerra CIFS server.  Check with the Celerra administrator to verify that this is or is not the case.

Ensure that the cepp.conf does not have any typos, lists all of the CEPA servers,  and has the correct preevents listed.

If it isn't working. Please make sure the cepp.conf file is configured correctly and that the endpoint in the registry has been set.'

On the CEPA servers, make sure that the endpoints are set correctly and include all of the NSS Managing hosts.

Theory & Additional Considerations

How events are managed

  1. User saves the file
  2. Event sent to the CEPA Server
  3. Event sent to the CQM applications (Northern Storage Suite)
  4. Policy check carried out by Northern Storage Suite to the CEPA server
  5. Policy enforced on NAS; quota locked/unlocked, file type blocked, etc.
  6. Policy effects and remedies communicated to user

Architecture

This example shows a single Data Mover, single CEPA Server, and a single NSS Managing Host.

 

Much more complex environments are possible.  CEPA has been designed with scalability and redundancy in mind, allowing the use of multiple CEPA servers.  For example:

 

It is important to understand that CEPP (the service running on the Celerra/VNX) uses a round-robin approach when sending pre/post events – for load-balancing. This means that, in an environment where multiple CEPA servers are running, CEPP will alternate the target of event messages between the CEPA servers.

The CEPA server(s) that make up the pool are defined in the cepp.conf file on the Celerrra/VNX. The CEPA server(s) themselves pass events from CEPP to consuming applications – these targets are defined in the Endpoint configuration (registry key) on the CEPA server(s).

In a scenario where there are multiple CEPA servers it is vital that the Endpoint on each CEPA server includes the IP address of all application servers where NSS, Varonis, etc is running.

In the environment above, the cepp.conf would list the ip of both CEPA server #1 and CEPA server #2.  On both of those CEPA servers, the endpoint of NSS#1 and NSS#2 would be listed.

NSS Managing host as CEPA server

It is quite possible and common that NSS can be installed on a CEPA server.  In this case, the endpoint within the regsitry should be set to "Northern" without the "@ip" portion of the name on just that server.  All other rules for multiple CEPA servers and NSS hosts apply.

NSS working in parallel with File Auditing applications

At first there may seem to be some conflicts with configuration of NSS and a file auditing application (such as Varonis) to work in parallel.  Each has endpoint requirements on the CEPA server and each has specific requirements in the cepp.conf.  The two applications can, however, use the same pool and function simultaneously without issue.

cepp.conf

  • Both applications may share the same pool.
  • All CEPA servers listed should have endpoints set for both NSS and the auditing software.
  • Make sure to list preevents for NSS.
  • Make sure to list postevents for the auditing applications.
  • Ensure that all other requirements for both NSS and the auditing application are in place.  If you have questions please contact the appropriate vendor.

Endpoints

  • Set the endpoints for NSS under CQM as listed above
  • Set the endpoints for the auditing application as instructed, likely under "Audit"
  • This will ensure that the appropraite events are sent to the appropraite application, allowing both to work in parallel.

ADDITIONAL RESOURCES

  • KB3035 How to: Troubleshoot EMC Celerra/VNX Integration
  • KB Article: 2884

    Updated: 12/7/2016

    • Category
      • Usage
    • Affected versions
      • Northern Storage Suite 8.7
      • NSS 9.0
      • NSS 9.5
      • NSS 9.6
      • NSS 9.7
      • NSS 9.8

    North America HQ

    NORTHERN Parklife, Inc.
    301Edgewater Place, Suite 100
    Wakefield, MA 01880
    USA

    Voice: 781.968.5424
    Fax: 781.968.5301

    salesUS@northern.net

     

    Additional Contact Information

    EMEA & APAC HQ

    NORTHERN Parklife AB
    St. Göransgatan 66
    112 33 Stockholm
    Sweden

    Voice: +46 8 457 50 00

    salesHQ@northern.net

    Northern Parklife



    ©2017 northern parklife

    privacy statement 
    terms of use