Skip to main content

We've Moved!

Product Documentation has moved to docs.hitachivantara.com
Hitachi Vantara Knowledge

Hitachi Data Ingestor 6.4.4-00 Release Notes

 


About this document

This document (RN-90HDI011-79, July 2018) provides late-breaking information about Hitachi Data Ingestor 6.4.4-00. It includes information that was not available at the time the technical documentation for this product was published, as well as a list of known problems and solutions.

Intended audience

This document is intended for customers and Hitachi Vantara partners who license and use Hitachi Data Ingestor.

Accessing product downloads

Product software, drivers, and firmware downloads are available on Hitachi Vantara Support Connect: https://support.hitachivantara.com/.

Log in and select Product Downloads to access the most current downloads, including important updates that may have been made after the release of the product.

About this release

This release is a major release that adds a new feature (no fixed bugs).

Product package contents

Medium

Product Name

Revision

DVD-R

Hitachi Data Ingestor

6.4.4-00

Documents

In addition to the online help provided in the management console, the following documents are provided for Hitachi Data Ingestor:

·       Hitachi Data Ingestor Installation and Configuration Guide

·       Hitachi Data Ingestor Cluster Getting Started Guide

·       Hitachi Data Ingestor Cluster Administrator's Guide

·       Hitachi Data Ingestor CLI Administrator's Guide

·       Hitachi Data Ingestor Error Codes

·       Hitachi Data Ingestor File System Protocols (CIFS/NFS) Administrator's Guide

·       Hitachi Data Ingestor Single Node Administrator's Guide

·       Hitachi Data Ingestor Enterprise Array Features Administrator's Guide

·       Hitachi Data Ingestor Modular Array Features Administrator's Guide

·       Hitachi Data Ingestor API References

·       Hitachi Data Ingestor Single Node Getting Started Guide

·       Hitachi Data Ingestor Cluster Troubleshooting Guide

·       Hitachi Data Ingestor Single Node Troubleshooting Guide

License keys

Hitachi Data Ingestor is a licensed product. Hitachi Data Ingestor includes a License Key.

New features and enhancements

No

Contents

Revision

1

Trend Micro InterScan Web Security Virtual Appliance is supported as a scanner server of Virus Scanning.

6.4.4-00

Documentation errata

This section lists the information in the product documentation that has been identified as incorrect, incomplete, or missing.  The listed corrections were not made to the product documentation provided for version 6.4.4 of Hitachi Data Ingestor.

Hitachi Data Ingestor Installation and Configuration Guide (MK-90HDICOM002)

·       The section Environment settings for the scan server (page 3-38), the following information is missing under “When using Trend Micro InterScan Web Security Virtual Appliance”:

If an access to a file is blocked because of the scan server settings, HDI will take the action configured for dealing with infected files. This is set in the Method of dealing with infected file in the Scan Conditions screen in the Virus Scan Server Configuration dialog box. Operation results will vary depending on the selected action. For more information about operation results for creating, viewing, and updating files, refer to Hitachi Data Ingestor Cluster Administration Guide or Hitachi Data Ingestor Single Node Administration Guide.

·       Table 4-8 (page 4-72) showing the information output in an antivirus_report.csv is missing the description on blocked file access.  When access to a file from a client is blocked due to inappropriate scan server settings, Access to a file from a client was blocked is output in the report.

·       The description for the Action in the AdditionalInfo in Table 4-8 (page 4-72) should read that the action taken when a virus infected file is detected or an access from a client to a file is blocked due to inappropriate scan server settings.

·       Table 4-10 (page 4-74) is missing the following information:

o   When a file is blocked due to deleted scan settings, the report will indicate that the blocked file has been deleted.

o   When a file is blocked because the scan server setting was reverted the report will indicate that the blocked file has been rolled back.

o   When access to a file from a client is blocked due to inappropriate scan server settings, the same recommended actions for blocked access due to an infected file apply.

Hitachi Data Ingestor Single Node Administrator's Guide (MK-90HDI038)

·       Table C-152 Items displayed on the Scan Condition page (page C-192) is missing the information about the software behavior you set for dealing with blocked files. For Trend Micro InterScan Web Security Virtual Appliance, the software behavior configured for infected files is the same for dealing with blocked file access due to scan server settings.

Hitachi Data Ingestor CLI Administrator's Guide (MK-90HDI034)

·       Table 2-75 should add that, for InfectedAction, if a file is blocked due to the scan server settings, the software behavior configured for infected files is the same for dealing with blocked file access due to scan server settings when Trend Micro InterScan Web Security Virtual Appliance is used.

Hitachi Data Ingestor Error Codes (MK-90HDI005)

·       The description for KAQV10027-W in Table 7-1 KAQV (Page 7-6) should read that “Scanning fails or the file access from the client is blocked due to the scan server settings”.

·       The description for KAQV10028-W in Table 7-1 KAQV (Page 7-6) should read that “A virus scan for the file fails, the file cannot be scanned due to the scan condition setting, or the file access from the client is blocked.
 

·       The description for KAQV10029-W in Table 7-1 KAQV (Page 7-6) should read that “A scan target file is virus infected, a scan for the file fails, the file cannot be scanned due to the scan condition setting, or an access from a client to the file is blocked.

System requirements for the management console

The following sections describe the system requirements for the HDI management console for single node configurations.

Operating system requirement for management console

Operating Systems

Windows® 7 Service Pack 1

·       Windows 7 Professional

·       Windows 7 Ultimate

·       Windows 7 Enterprise

Windows 7 x64 Editions Service Pack 1

·       Windows 7 Professional

·       Windows 7 Ultimate

·       Windows 7 Enterprise

Windows® 8.1

·       Windows 8.1

·       Windows 8.1 Enterprise

·       Windows 8.1 Pro

Windows 8.1 x64 Editions

·       Windows 8.1

·       Windows 8.1 Enterprise

·       Windows 8.1 Pro

Windows Server 2008 x64 Editions Service Pack 2 1

·       Windows Server 2008, Standard x64 Edition

·       Windows Server 2008, Enterprise x64 Edition

·       Windows Server 2008, Datacenter x64 Edition

Windows Server 2008 Service Pack 2 1

·       Windows Server 2008, Standard Edition

·       Windows Server 2008, Enterprise Edition

·       Windows Server 2008, Datacenter Edition

Windows Server 2008 R2 Service Pack 1

·       Windows Server 2008 R2, Standard Edition

·       Windows Server 2008 R2, Enterprise Edition

·       Windows Server 2008 R2, Datacenter Edition

Windows Server 2012

·       Windows Server 2012, Standard Edition

·       Windows Server 2012, Datacenter Edition

Windows Server 2012 R2

·       Windows Server 2012 R2, Standard Edition

·       Windows Server 2012 R2, Datacenter Edition

Windows 10

·       Windows 10 Home

·       Windows 10 Enterprise

·       Windows 10 Pro

·       Windows 10 Education

Windows 10 x64 Edition

·       Windows 10 Home

·       Windows 10 Enterprise

·       Windows 10 Pro

·       Windows 10 Education

Red Hat Enterprise Linux 6.4 1

Note:

1.     OS that does not support TLS1.1 and TLS1.2.

Required Web browser for management console

Web browser

Remark

Internet Explorer 10.0 4

32-bit version

Internet Explorer 11.0 3

32-bit version

Mozilla Firefox ESR 38.0.x 1, 2

x86 version

Mozilla Firefox ESR 45.x 1, 5

x86 version

Mozilla Firefox ESR 52.x 1, 5

x86 version

Notes:

2.     x means that it does not depend on the version x.

3.     Supported platforms for management console is only Red Hat Enterprise Linux.

4.     If an operation to open a different window or tab is performed, an unnecessary window may be opened concurrently. For the case, see the usage precaution.

5.     By changing the option setting of browser, TLS1.1 and TLS1.2 can be supported.

6.     Supported platforms for management console is only Windows.

Required programs for management console

Adobe® Flash® Player 10.1 or later is required.

Managing migration tasks

When "Manage Migration Task" is executed during HDI maintenance, the KAQM23810-E message might be displayed. The error might be caused by the resource group had been stopped at that time. Please retry the operation after confirming resource group status is Online. If problem persists, acquire all log data and contact maintenance personnel.

Prerequisites

To use the virus scan function, Symantec Protection Engine 7.8, Trend Micro ServerProtect 5.8 or McAfee VirusScan Enterprise 88 is required.

·       To scan virus using Trend Micro ServerProtect, Hitachi Server Protect Agent (HSPA) need to be installed on a scan server. HSPA supports the OS below.

o   Windows Server 2012 R2

o   Windows Server 2012

o   Windows Server 2008 R2 SP1

o   Windows Server 2008 SP2

Port numbers

The following port numbers are used by the product by default. When firewall is designed, please refer the port numbers below.

Port numbers

Single node model 

Cluster

model

Service

20(TCP)

X

X

FTP

21(TCP)

X

X

FTP

22(TCP)

X

X

SSH, SFTP

69(UDP)

X

X

TFTP

111(TCP/UDP)

X

X

The services related to NFS

137(UDP)

X

X

NetBIOS over TCP/IP for CIFS service

138(UDP)

X

X

NetBIOS over TCP/IP for CIFS service

139(TCP)

X

X

NetBIOS over TCP/IP for CIFS service

161(UDP)

X

X

SNMP

443(TCP)

X

X

Management server and management console

445(TCP)

X

X

Direct Hosting of SMB for CIFS service

4045(TCP/UDP)

X

X

Region lock on file share for NFS

2049(TCP/UDP)

X

X

File share for NFS

9090(TCP)

X

X

Management API

10000(TCP)

X

X

NDMP

17001(UDP)

X

Internal communication between nodes

17002(UDP)

X

Internal communication between nodes

17003(UDP)

X

Internal communication between nodes

20048(TCP/UDP)

X

X

NFS file sharing for when fixed port is selected and NFS version is not v4

20265(TCP)

X

X

Maintenance interface

29997(TCP/UDP)

X

X

NFS file sharing for when fixed port is selected and NFS version is not v4

29998(TCP/UDP)

X

X

NFS file sharing for when fixed port is selected

Dynamically assigned

X

X

NFS file sharing for when dynamic port is selected

When the product is connected to HCP or HCP Anywhere, the product uses the following ports to those products.

Port numbers

Service

Target

443(TCP)

All Communication between HDI and HCP Anywhere

HCP Anywhere

80(TCP)

Data migration to HCP

HCP

443(TCP)

Data migration to HCP

HCP

9090(TCP)

HCP MAPI communication

HCP

Resource limitations

Upper limit (recommended value) for each resource of HDI is as follows.

No

Resource

Upper limit

(Recommended value)

Note

1

Number of migration target file systems

Content Sharing OFF

Content Sharing ON (Read-Only)

8

If file systems exceeding the recommended value are created, memory usage and CPU utilization increase, giving impact on the system performance.

To create file systems exceeding the value, it is recommended to use separate systems.

2

3

Content Sharing ON (Home directory , Read/Write)

1

4

5

Number of threads (for migration, for others)

90 for each

- If the number of CPU cores or memory size is small, do not increase the number of threads.

- If client I/O performance degrades during migration, reduce the number of threads, which can mitigate the impact on client I/Os.

6

File system size

Active File Migration function is enabled

Less than 32TB

If the size exceeds the value, to disable the AFM function or to divide file systems is recommended.

HDI Remote Server

Less than 17TB

If the size exceeds the value, to divide file systems is recommended.

7

Number of files or directories per file system

Less than 1 hundred million

Increase in the number of files or directories causes the file system performance to degrade or a recovery operation at a failure to take a long time. If the number of files or directories exceeds the value, to divide file systems is recommended.

8

File size

Up to 2TB

The upper limit of file size on HCP is 2TB.

9

Number of ACEs

700 for each file/directory

Setting over 700 ACEs causes an error.

10

Number of past version directories

Per system

4000

Tune Custom schedule so that the total sum of the number of past version directories per share does not exceed the value. If the number of past version directories exceeds the value, stopping resource groups takes a long time and Failover may fail.

Per file system

60

Tune Custom schedule so that the number of past version directories in last one week does not exceed the value. If the number of past version directories exceeds the value, CIFS clients cannot refer the past version data on the [Previous Versions] tab from the property of folder or file.

11

Network with HCP

Bandwidth:

10Mbps or higher

Delay:

100msec or shorter

If network bandwidth is not sufficient, migration operation takes a longer time and it may turn to time-out. Tune the time-out value.

12

Maximum number of CIFS to be connected

6000 or less

The upper limit varies depending on the memory size and auto-reload setting.

Restrictions

·       While a file path that is a data import target contains special characters, if a file or directory being imported is migrated from HDI to HCP, a message KAQM37094-E may be output. If "Invalid XML in custom metadata" is reported as detailed information of the above message, the migration can succeed by disabling the setting of "Check on ingestion that XML in custom meta data file is well-formed" in HCP name space. Ask the HCP administrator to disable the above setting until the data import is complete.

·       If the file path accessed by a CIFS client contains special characters, real-time scanning may not be complete normally. For such files that the real-time scanning is not complete normally, change the file path so as not to contain any special characters and then retry the scanning where necessary.

·       Some part of the graph might not be displayed, if the file system was unmounted during the time period where the request result or the cache hit ratio is displayed in the Monitor tab on the file-system-name window in a single node GUI.

·       For CIFS share with SMB3.0 encryption enabled, the client cache is disabled regardless of settings of CIFS service and CIFS share.

·       If you go back to edit screen without finishing Service Configuration Wizard because an error occurs, you might not be able to change password even if [Change password] of tenant administrator is checked on HCP settings. If you want to change password, uncheck the checkbox of [Change password] and then check it again.

·       When you are using Roaming Home Directory feature enabled file system, and CIFS retry feature enabled, please stop the file access from CIFS clients before restarting CIFS services. When you restart CIFS service in a state that CIFS users still access to the CIFS share, below message will be displayed in HDI GUI and CLI, and there may be a case that HDI out puts the core file. In such an occasion, please make sure there is no CIFS user access, restart the CIFS service once again, obtain the core file, and contact the maintenance personnel.

KAQG62001-W: smbd ended abnormally, and the core file was generated.

·       When VSP Fx00 series is connected with HDI, the HDI recognizes the model name of the storage system as VSP Gx00, so that there are the following restrictions.

o   When the storage information is referred using HFSM or fpstatus, fslist, lumaplist, lulist, vgrlist, clstatus, or horcdevlist command, the model name is displayed as [VSP Gx00]. Therefore, identify the connected storage system using the serial number.

o   When specifying a model of storage system using fpoffline, fponline, lumapadd, lumapdelete, or lumaplist command, use [VSP_Gx00] but do not use [VSP Fx00].

·       On the page of Task Management dialog, some keyboard operations may not be available. For example, choosing items from pull-down menu cannot be done from keyboard.

·       In case user set the migration interval for 4 weeks with either of arcmigset or arcmigedit command, the operation you have done through [Edit Task] in migration task window will not be reflected to the settings.

·       User cannot specify a character which consists of 4 bytes code in UTF-8 to following field.

1)     [Task Comment] field in [Add Task] and [Edit Task]

2)     [File name] field and [Directory path] field in policy information

3)     Arguments of arcmigset and arcmigedit commands

·       The Service Configuration Wizard appears needlessly when the provisioning process complete successfully. Please close the Service Configuration Wizard.

·       When combining with HCP, set a user name or password of HCP tenant administrator using 64 or less one-byte alphanumeric characters.

·       When restoring system LU using the system setting information that is stored while a read-write-content-sharing file system exists, if Background is specified for the method of data restoring interactively for syslurestore command, KAQM37483-E message is displayed as a system message and is notified via an SNMP, but no action is required to take for the message. The data of the file system is recovered without any problem.

·       Under the following conditions, even if then KAQM37751-E message is displayed and is notified via an SNMP during stopping OS, the OS is stopped successfully. The action for this message is not needed.

o   Single node configuration.

o   There are file systems which the Active File Migration function is used.

·       When a user who belongs to an external server (Active Directory, NIS, LDAP) is used as an FTP user, the user cannot access data with permission of non-primary group defined in external authentication server.

·       When data is migrated to HCP using Active File Migration functionality, if the capacity of work space is insufficient, the recommended size of work space displayed in message KAQM37753-W is smaller than the actually required capacity. If the message appears, verify the status of work space, refer Installation and Configuration Guide, and calculate the recommended size corresponding to the work space status. After that, expand the capacity of work space to be larger than the recommended size.

·       While a file system that uses Active File Migration functionality exists, if a system LU is restored using stored system setting information and the used size of work space exceeds 80% after that, KAQS19001-W message is displayed as a system message and it is reported using SNMP.

No actions are required for the message.

·       When data is shared between HDIs by using the read-write-content-sharing function or the home-directory-roaming function, if a file is deleted or renamed at a site, KAQM37780-E message may be output at a different site. If the message is output in an environment where the read-write-content-sharing or home-directory-roaming function is used, take the actions below.

1.  Download all log data.

2.  Check the target file from the file path output in hsmarc_stub.err included in /enas/log/ufmras.tar.gz of all log data.

3.  Verify whether the target file has been deleted or renamed at a different site. If it cannot be confirmed, verify whether removing the file is OK or not. If the file has been deleted or renamed at a different site, or the file is the one that can be deleted, take step 4. If whether the file is deleted or renamed is unknown, or the file is the one that should not be deleted, take step 5.

4.  Open the folder/directory of the target file. If message KAQM37780-E is still output continuously after opening the folder or directory, contact the maintenance personnel in accordance with the action in the message.

5.  Contact maintenance personnel in accordance with the action in the message KAQM37780-E.

Update installation

General cautions for upgrade installation

·       It was revised to display a confirmation message at the time of command practice for the following commands which involves a stop of the service.
Therefore when you perform an update installation from a version former than 02-02-01-00-00, confirm whether you are using a command listed below in a script, and if there is a point being used, specify a -y option, and suppress the output of the execution confirmation message.

o   clstop

o   ndstop

o   rgstop

o   rgmove

·       With the introduction of the SMB3.0 feature in 6.0.0-00, HDI consumes more memory than it used to do. We recommend to install additional memory for the HDI models on CR servers as such with CR upgrade kit, and for HDI VM model, we recommend to add virtual memory to 8GB and more as instructed in (Link:http://hdsnet.hds.com/techpub/hdi/mk...hdicom0310.pdf).

·       "VNDB_LVM", "VNDB_Filesystem" and "VNDB_NFS" are unavailable as HDI cluster name and node name.
To update from a version earlier than 5.0.0-01, verify if "VNDB_LVM", "VNDB_Filesystem", and "VNDB_NFS" are not used as a cluster name and node name before the update installation.
If any of the above names are used, change the cluster name and node name before the update installation.

·       Do not perform HDI node software update installation concurrently with an operation to delete LUN assigned to HDI or to change configuration, such as size change, running on a storage sub-system connected to HDI. If the operations are performed at the same time, the node software update installation may fail.

·       In cluster configuration where the version of a node (node1) is 6.0.2-00 or later and that of the other node (node2) is earlier than 6.0.2-00, when failover or failback is performed from node1 to node2, the option value of service performance statistics collection function of CIFS service is taken over from node1 to node2. If the value taken over needs to be turned back to the previous, run perfmonctl (managing the service performance statistics) command for the resource group on the node2 side.

·       When SHA-1 signed public key certificate issued by Certificate Authority is used, obtain a SHA-2 signed certificate from Certificate Authority and then set it after update installation. If a public key certificate issued by Certificate Authority is not used before the update installation, set SHA-2 self-signed public key certificate in the same way as new installation.

·       When a character string consisting of 65 or more characters is specified for --key-passwd as a password of private key for public key certificate prepared by administrator, access from a browser is disabled at update installation. For this, run the certctl command with --reset option specified to initialize the set certificate before the update installation to a version 6.1.1-00 or later.
During the course of update installation, below anomalies occur on HDI Single node and Cluster model in case the certificate is NOT initialized. For Single node model, log in screen for the management UI is not available after the update installation. For Cluster model, after the completion of node0 update installation, node restart fails then HFSM access to the nodes becomes unavailable with spitting out KAQM20046-E message on HFSM screen.
Please perform below procedure for Single Node and Cluster Models respectively, for the recovery.

<Single Node Model>

1. Login to node via ssh

2. Confirm the HDI version is updated by versionlist command.

3. Confirm resource group is up and running by rgstatus command.

4. Initialize certificate by certctl command with reset option (--reset).

5. Confirm log in screen is available on Browser.

<Cluster Model>

1. Login to node1 via ssh and execute following steps.

1) Confirm the cluster node and resource group status as below by clstatus

 command.

a) Node status: node 0 is "INNACTIVE", node1 is "UP"

b) Resource Group status: Resource groups of both nodes are running on

node1 and show status "Online"

2) Confirm the HDI version is NOT updated, by versionlist command.

3) Initialize certificate by certctl command with reset option (--reset).

2. Login to node0 via ssh and execute following steps.

1) Confirm the HDI version is updated, by versionlist command.

2) Initialize certificate by certctl command with reset option (--reset).

3) Start node0 by ndstart command.

4) Confirm node0 status is "UP" by clstatus command.

3. Login to HFSM to perform following steps.

1) Execute "Refresh Processing Node" to check connection error doesn't occur.

2) Failover both resource groups to node0 from "Cluster Management" screen.

3) Execute "Refresh Processing Node" to refresh the HFSM information.

4) Execute "Update Software" from "System Software" pane to update node1.

5) After the completion of update install, confirm HDI version of both nodes are up

 to date

6) Both resource groups are running on node0. Failback one of the resource group

 whose default host node is node1.

Caution for update installation from version earlier than 6.1.0-00

At update installation from a version earlier than 6.1.0-00, the migration task setting changes as follows. Record the task setting before update installation, and then apply the setting again after update installation.

Function

Interval

Duration

Policy

(Filter Condition)

Task Status

Content Sharing OFF (If Criteria condition is [File Is All])

1 hour

None

None

Enabled

Content Sharing OFF (If Criteria condition is not [File Is All])

1 hour

None

None

Disabled

Content Sharing ON (Home directory)

1 hour

None

None

Enabled

Content Sharing ON (Read/Write)

10 minutes

None

None

Enabled

With versions earlier than 6.1.0-00, there is a restriction that only 4 migration tasks can work concurrently, which is lifted from 6.1.0-00 so that multiple migration tasks can run concurrently, but it may cause CPU and memory to be depleted. Therefore, if there are 8 or more file systems, verify the schedule and pay attention so that 8 or more migration tasks are not performed simultaneously.

Usage precautions

Migration Management

·       Please configure the same time zone of HDI and the Management console. If these time zones are different, the different time zone is applied the configuration and display of the migration management time.

NFS Service

·       When stopping or restarting NFS service, please request the administrator using service of a client to suspend access to File Sharing.

·       When using the nfscacheflush command, please do not access from an NFS client to a file system. If the nfscacheflush command is used during accessing, an EIO error may occur.

·       When the file system is used and a file lock demand competes by the NFS protocol version 2 or the version 3, and the TCP protocol from the NFS client using a version higher than Red Hat software Enterprise Linux Advanced Platform v5.2 (Linux version 2.6.18-92.e15), file lock operation may become slow.

CIFS Service

·       The first CIFS access after failover or failback may fail. In this case, retry the operation.

·       When CIFS clients display a shortcut file with the offline attribute, the file's icon might not be displayed.
You can confirm whether the file is shortcut file or not from the line of type on the details expression of Explorer.

KAQG72016-E Message

·       Check the status of the cluster. If the status is DISABLE, contact maintenance personnel.

CIFS bypass traverse checking

·       The default setting of "CIFS bypass traverse checking" when creating a file system has been changed as Table 3 in 4.2.0-00 or later.

Table 3.  The default operation of creating a file system

No

Function

before 4.2.0-00

4.2.0-00 or later

1

CIFS bypass traverse checking function

Disable

(Not supported)

Enable

·       CIFS bypass traverse checking function has been setup as disable if the update installation from a version former than 4.2.0-00 is performed. Please change the setting when you use CIFS bypass traverse checking function

Integrating HCP

·       If the update installation from a version former than 3.2.1-00 is performed, then replica HCP setting is deactivated. Configure replica HCP again as necessary. If the file system refers to data in a file system on another HDI system, configure replica system again as necessary.

·       When update installation is performed from a version earlier than 3.2.0-00, perform one of the following operations.

o   Create a user account of tenant administrator with the name same as data access account in HCP.

o   After update installation of Hitachi File Services Manager, perform the setting of tenant administrator using HCP Settings of Configuration Wizard.

·       When a file of 200MB or larger is migrated with the HTTP compression enabled while other than "0" is set to the period for monitoring the transfer speed and the lowest transfer speed to the HCP system, the average speed of transfer may be lower than the limit and the migration may fail with time-out. Set "0" to the period for monitoring the transfer speed and the lowest transfer speed, so that a time-out does not occur until the time set to time-out of communication to HCP has passed even when the transfer speed to HCP is low.

·       When the priority of file stubbing is changed by arcconfedit command, if the priority of stubbing is high, the processing time of data reading/writing from a client and migration/recall may get longer. Do not keep the stubbing priority high but change it in the case that an increase in data writing from clients is expected.

·       When a failure occurs in the network between HDI and HCP or in HCP, a wait for a response from HCP continues, which may affect the performance of accesses from file share clients to HDI. In order to mitigate the effect on the access performance, set the wait time until reconnecting to HCP by arcconfedit command to be larger than --low-speed-time option. However, if a temporary communication errors frequently occur, such as a case where HDI is combined with HCP via network, as the wait status can be solved by the temporary communication error, set 60 or lower value. When an operation with communication to HCP, such as migration and recall, is performed under the condition that the communication error is detected but the wait time has not yet passed, a communication error is returned instead of connecting to HCP. If the wait time has passed, connecting to HCP is tried. Note that access to HCP is disabled until the wait time passes even when the error has been solved. Therefore, set the wait time to "0" and see if accesses to HCP are enabled. If the user can successfully access, restore the setting to the previous.

·       By the default setting, 5% (upper limit 40GB) of total capacity of the file system are secured as the reserved space that a system uses when creating a file system in 5.2.0-00 or later which links to HCP. This reserved space prevents that migration process and stubbing process are affected when the file system lacked the capacity. Because user cannot use reserved space, design total capacity of file system as total of user capacity and reserved space.

·       If the update installation from a version former than 5.2.0-00 is performed, reserved space is set as 0% to existing file systems. If necessary, set reserved space using arcresvset command.

·       When the reserved space is set in 5.2.0-00 or later, update management information process starts at 0:07 a.m. for stubbing process. This updating process takes up to an hour. While this process is running, the load of the system increases.

·       If KAQM55019-E message is reported at policy or schedule setting, the file system may be full. In this case, run arcresvget command and check the reservation capacity of the file system combined with HCP. If reservation capacity is not set, check the free capacity of the file system. If there is no free capacity, delete unnecessary files.

·       When user's operation to unmount the file system coincides with the migration event on the file system, there may be a case that KAQM04045-E displayed and the unmount operation fails. In above case is observed, please make sure that the migration completes and try to unmount the file system.

·       If user run arcmigstatus command while HDI runs migration, there might be chance to get KAQM37764-I message in output of the command. In the case, please re-run the command after a while.

·       If migration is performed using the Large File Transfer function during data import, the Large File Transfer processing fails and normal migration takes place. Set the Large File Transfer function to be disabled during data import.

CIFS Access Log

·       If the update installation from a version former than 4.0.0-03 is performed, "Rename items" (renaming files or folders) event of CIFS access log is not set in the Setting Events Logged to the CIFS Access Log page in GUI. If necessary, set the CIFS access log setting.

Negotiation Mode (4.1.0-02 or later)

·       With the negotiation mode having been added in 4.1.0-02, when the update installation from a version former than that is performed, the following negotiation mode name is changed. However, no action is required because the setting is not changed.

Before the change

(1) 1000Base Full Duplex

After the change

(1) 1000Base Full Duplex(Auto Negotiation)

·       In addition, when the update installation from a version former than 3.2.3-00 is performed, the following negotiation mode names are changed. However, no action is required because the settings are not changed.

Before the change

(1) 100Base Full Duplex

(2) 100Base Half Duplex

After the change

(1) 100Base Full Duplex(Auto Negotiation)

(2) 100Base Half Duplex(Auto Negotiation)

Internet Explorer 11.0 as Management console

·       An operation to open different window or tab by a click of anchor or button on the window may cause an unnecessary window (such as blank or in transition window) to be opened concurrently. In this case, close the unnecessary window. If this problem persists, create a new Windows user account and then operate the browser with the new user.

Subfolder monitoring

When the setting of subfolder monitoring function (a function to report any change in response to a request for "monitoring al files and folders under the specified folder" from a CIFS client) is changed from "Disable" to "Enable", if many CIFS clients are connected, HDI may be highly loaded. In this case, setting the subfolder monitoring function to "disable" can solve the high load status.

The SNMP manager

·       Hitachi-specific MIB object definition file is changed with the version 3.2.0-00. When update installation is performed from a version earlier than 3.2.0-00 to this version, the MIB definition file loaded in SNMP manager needs to be updated too. Load the MIB definition file from the following path of provided media.

\etc\snmp\STD-EX-MIB.txt

Editing link trunking

·       When link trunking information is edited, virtual IP addresses are reset. The time required to reset the virtual IP address is about 10 to 20 seconds per virtual IP address.
For this, if all the following conditions are met, editing link trunking may turn to time-out and fail. (Time-out time is 30 minutes.)

1)     Multiple VLAN interfaces are set to the link trunking port.

2)     90 or more virtual IP addresses in total are set to the set VLAN interfaces.

When the link trunking is edited under the above conditions, delete the interfaces set to the target link trunking port, reduce the number of virtual IP addresses to be less than that of (2), and then edit the link trunking. After editing link trunking is complete, set the interfaces again.

Using RID method user mapping

·       Make sure to set mapping for a domain registered to node.
If the above mapping is not set, access to share directory from a trusted domain user is disabled.

Subtree Quota monitoring

·       When the subtree Quota monitoring is set with versions earlier than 3.2.0-00, "the measure for the problem of CPU usage increase at subtree Quota monitoring" with versions 5.2.0-00 and later does not become effective.

·       To enable the measure, set the subtree Quota monitoring again to one of directories with the subtree Quota monitoring set in each file system.

 Read Write Content Sharing

·       If a file with a long name is migrated to a .conflict directory concurrently with an update in a different location, the file cannot be opened and copied to an arbitrary location other than .conflict directory. Therefore, set a file name to be 235 bytes or less in the case of NFS client.

·       If power supply of node stops during migration, all end users who use Read Write Content Sharing cannot operate directories.
At the time, the message below is output in hsmarc.log of each node.

KAQM37038-E Migration failed because a file of the same name exists on the HCP system. (file path = /system/namespace-name/mig_results/sync_list.number)

Also, the size of the following object referred from HCP namespace browser is 0.

https://rwcs-system.tenant-name.host-name/rest/system/namespace-name/mig_results/sync_list.maximum-number

To restore the status, contact HCP administrator and ask to download and upload the latest version of "sync_list.maximum-number" displayed on [Show versions] of HCP namespace browser.

·       When an RWCS file system that has not been mounted for a long period of time (default: 7 or more days) is mounted again, KAQM37021-E error may be reported. In this case, inconsistency of file system occurs so that run arcrestore command to ensure the consistency of file system.

Linking with HCP Anywhere

·       When you stop a power supply of HCP Anywhere or HCP in environment linking with HCP Anywhere, please stop a power supply of the HDI earlier.
If you stop a power supply of HCP Anywhere or HCP without stopping a power supply of the HDI, reporting from HDI to HCP Anywhere might fail in KAQM71018-E (authentication error) and service of the HDI might stop.
If KAQM71018-E (authentication error) occurs, please start HCP Anywhere and HCP, ask a manager of HCP Anywhere to reissue the password for the authentication, and perform [Update HCP Anywhere Credentials] in GUI of the HDI.

Access from Windows Server 2008 or Windows Vista

·       When accessing a CIFS share from Windows Server 2008 or Windows Vista using SMB2, a measure described in Microsoft Knowledge Base 978625 is required. Check Knowledge Base and contact Microsoft Windows support.
If the measure is not taken, Windows client becomes STOP error and error messages; "STOP: 0x00000027 (parameter1, parameter2, parameter3, parameter4)", and "mrxsmb20.sys - Address parameter1 base at parameter2, Datestamp parameter3", may appear on the blue screen.

SMB 3.0 encryption

·       A CIFS client supporting SMB3.0 can access CIFS share with SMB3.0 encryption enabled.
For the setting on HDI when the encryption is used, see the table below.

No

Encryption setting

CIFS service

[SMB encryption] value

CIFS share

[SMB Encryption] value

1

Encryption

Mandatory

Inherit CIFS service default

2

Non-encryption

Disabled

Inherit CIFS service default

3

Encryption and non-encryption

Auto

Encryption [Mandatory]

Non-encryption [Disable]

ACL for the shared directory

All of the information regarding ACL for the shared directory are stored in share_info.tdb. Maximum size of share_info.tdb is 64 Mbyte. CIFS service failure may be caused due to the disk space shortage if the size is more than 64 Mbyte. Size of share_info.tdb depends on "the number of CIFS share" and "total of the number of ACE for the shared directory of each share". For this reason, set "the number of CIFS share" and "total of the number of ACE for the shared directory of each share" so that the size of share_info.tdb does not exceed 64 Mbyte. The following is the example of setting.

#

the number of CIFS share

total of the number of ACE for the shared directory of each share

Size of share_info.tdb

1

21

1820

16 Mbyte

2

1000

1820

64 Mbyte

3

7500

210

60 Mbyte


You can see the size of share_info.tdb by collecting node log files and checking the share_info.tdb size shown below.

·       Cluster Model

(node 0)

/enassys/hifailsafe/CHN1/share_info.tdb

(node 1)

/enassys/hifailsafe/CHN5/share_info.tdb

·       Non-Cluster Model

/etc/cifs/CHN/CHN1/share_info.tdb

Deny setting of ACL

In versions earlier than 5.0.1-00, deny setting of ACL does not take priority as intended due to the problem that has been fixed with 5.0.1-00. The priority order of deny setting incorrectly may be higher caused by this problem. As a solution, set the ACL order again by the following resetting procedures after update installation.

To reset, perform one of the following operations.

·       Resetting procedure from Windows command.

1)     Run icacls command for the topmost directory (*1) of the resetting target file.

Record all of ACLs under the specified directories displayed.

2)     Make the setting from the topmost directory (*1) to all of subordinate directories/files by icacls command based on the ACLs recorded in (1).

Example)

o   ACL displayed in (1).

file-path userA:(OI)(CI)(W)

o   For the command of the setting in (2), change options according to the ACLs displayed in (1).

icacls file-path /grant userA:(OI)(CI)(W)

·       Resetting procedure from Windows Properties window.

1)     From the topmost directory (*1) of resetting target to all of subordinate directories/files, display ACLs by selecting [Properties], [Security], and then [Detailed setting] and record all ACLs.

2)     From the topmost directory (*1) to all subordinate directories/files, delete entries of deny access setting by selecting [Properties], [Security], [Detailed setting] and then [Change access permission], and then set the access permission in an arbitrary order based on the ACLs recorded in (1).

*1: The topmost directory means the following.

o   In case of setting recursively the ACL to the directory tree, it means the top of the directory of the tree.

o   In case of setting the ACL only to specific directory, it means the directory.

o   In case of setting the ACL only to specific file, it means the directory in which the file belongs.

NFS share creation

For a host that is allowed to access the NFS share, specify a host name that starts with an alphabet and consists of alphanumeric, hyphen (-) and underscore (_).

Outputting system operation information

When operation information of the system is output to a directory on a file system by running sysinfoget command, if the directory name contains any multi-byte characters, extracting the archive file output by sysinfoget command may fail depending on the OS environment where the operation information is transferred.

To output operation information to a directory on the file system, output the information to a directory whose name does not contain multi-byte characters, or convert the character code of the archive file to the one that is used in the OS environment where the information is transferred by using an application for conversion.

Creating keytab file for Kerberos authentication

Do not use space, quotation mark ("), and colon (:) for a name of keytab file for Kerberos authentication.

File system setting information display

If a failure occurs on a file system, the setting information of the file system may not be displayed correctly on single node GUI.
Restore the failure condition, perform refresh processing, and then refer the file system setting information.

ACL setting for authenticated users and network accounts

Access control by ACL setting for Authenticated Users and Network accounts which are Windows built-in accounts is not supported for Classic ACL type file system.
The function can be applied to Advanced ACL type file systems only.

The Windows version tab

When past versions are displayed on the [Previous Versions] tab, if available past versions are not displayed, close the tab, wait for a while, and then open the tab again.
The above phenomenon may occur when the [Previous Versions] tab is displayed while a migration operation is in process.

Filesystem

Do not mount filesystem as Read-Only.

Connecting Mac OSX 10.10/10.11 as CIFS client

The following notes applies when connecting Mac OSX 10.10 and 10.11 as a CIFS client because only SMB2.0 is supported.

1)     Specify SMB2.0 for SMB protocol that is used for accesses from the CIFS client on HDI.
For detailed settings, refer to "Hitachi Data Ingestor Cluster Administrator's Guide" or "Hitachi Data Ingestor Single Node Administrator's Guide".
On the setting of the client with Mac OSX 10.10/10.11, minor versions, such as SMB2.0/2.1, cannot be specified. In this case, make the setting on HDI.

2)     With Mac OSX 10.9 or earlier, only SMB1.0 is supported as a CIFS client. To have both versions; Mac OSX 10.9 or earlier and Mac OSX 10.10/10.11, as CIFS clients, confine the connecting SMB version for the client with Mac OSX 10.9 or earlier to 1.0 by the setting on each client.
For detailed settings, refer to "Hitachi Data Ingestor File System Protocols (CIFS/NFS) Administrator's Guide".
If the Mac OSX is upgraded from a version 10.9 or earlier to 10.10/10.11, apply the setting of (1) and then release the restriction of (2) (to confine the SMB version to 1.0).

3)     If any multi-byte characters are used for CIFS share name with Mac OSX 10.11, because of a matter of Mac client, connection from the Mac client to CIFS may be disabled.
Avoid the use of multi-byte characters for share names.

Connecting Mac OSX as CIFS client

Notes applied to Mac OSX regardless of version are as follows.

1)     Even when having write permission, an operation to write on a file may fail with Mac OSX depending on the behavior of application running on the Mac OSX.
For this, make sure to apply the settings below in advance when performing an operation with file update on Mac OSX.

a)     For users who operate or groups to which the users belong, set Full control permission for folders with extension of .TemporaryItems and all files and folders in the folders directly under a CIFS share.

b)     For users, set "Delete" permission for the operation target files or "Delete subfolders and files" permission for parent folders of the operation target files.

c)     Set access permission for the upper folder of operation target files for users who operate and groups to which the users belong so that the access permission can be inherited from the upper folder.

2)     While only the user who is operating a file has access permission for the file, if access permission for the file is set for a different user on "Sharing & Permissions" panel of Mac OSX Finder, all ACLs may be deleted.
To avoid the above, set access permission for the upper folder of the file for both users who operate and groups to which the users belong so that the access permission can be inherited from the upper folder.

3)     When writing on a read-only file from Mac OSX standard TextEdit, an error for having no permission is displayed and the writing may fail.
For users who release the read-only attribute of the file, add "Change Permissions" permission for the file.

SMB signing

If you use SMB signing for communication with a CIFS client, you can prevent man-in-the-middle attacks that tamper with SMB packets being transferred. Note, however, that the security improvements granted by SMB signing will also degrade file access performance.

Before you can use SMB signing, the necessary settings must be specified for both the client and the HDI system. The HDI system always uses SMB signing when the client requests SMB signing for communication via the SMB 2.0, SMB 2.1, or SMB 3.0 protocol. In addition, you can use the cifsoptset command to specify whether to use SMB signing for SMB 1.0 communication. With the initial settings, the HDI system does not use SMB signing for SMB 1.0 communication.

Selecting time zone

If you choose a time zone where daylight-saving time is introduced or abolished in 2009 or later, time on HDI may differ from current local time.
To use such a time zone, use Greenwich Mean Time (GMT).

Using offline files with Guest account

When CIFS Client that HDI treats as a guest account accesses a file in the offline state, it may not be accessible.
When referring to a file in the offline state, do not perform CIFS access with the guest account.
As for the guest account, see the Hitachi Data Ingestor Cluster Administrator's Guide or the Hitachi Data Ingestor Single Node Administrator's Guide.

WWW browser security setting

On the security setting in the Advanced tab on WWW browser connected to HDI or management server, clear check boxes for Use SSL2.0 and Use SSL3.0.

Copyrights and licenses

 

  • Was this article helpful?