Prepare EMC file servers

Collectors for EMC file servers

Collectors for EMC file servers are dedicated Windows servers with the collector service running. We strongly recommend that you use a Collector server within the same network segment as the EMC file server, otherwise performance and routing problems may occur. The Collector service should preferably be installed on the same Windows server on which the EMC Common Event Enabler (CEE) is installed.

The FS Logga for EMC file servers does not require a filter driver installation like on Windows file servers.

 

Set EMC Celerra/VNX file servers findable

In Active Directory registered EMC file servers have a set operatingSystem attribute. This attribute is used by the collector to detect EMC file servers and mark it as EMC file server type in the FS Logga configuration.

By default, the operating systems of the EMC file servers are set to "EMC File Server" and "EMC Celerra File Server" in the collector configuration file. If your EMC file servers use different values for the operatingSystem property, you can adjust the search parameters.

 

Configuration file

pnCollector.config.xml

 

Computer

Collector server which is configured for the EMC file server.

 

Path

%ProgramData%\Protected Networks\8MAN\cfg

If the file does not exist, copy the "template" from the following path:

old: %ProgramFiles%\Protected Networks\8MAN\etc

new: %ProgramFiles%\solarwinds\ARM\etc

 

Code

<?xml version="1.0" encoding="utf-8"?>

<config>

<tracer>

<emc>

<EmcOperatingSystems>EMC File Server,EMC Celerra File Server</EmcOperatingSystems>

</emc>

</tracer>

</config>

 

Possible Values

Add your operatingSystem values comma-separated.

If your EMC file servers have different values for the property “operatingSystem” then insert all these values separated by comma. If no or not all EMC file servers register the property “operatingSystem” in the Active Directory leave the entry empty in the collectors configuration file. With an empty entry you will get all non-NetApp or non-Windows computer accounts from Active Directory visible for the used account.

 

Set EMC Isilon file servers findable

The Isilon cluster does not register the CIFS file server in Active Directory. If the FS Logga searches for resources to be monitored, it will not find any EMC resource. You must use the cluster name as a resource name or manually add a computer account to Active Directory that is used as a CIFS server to access the shares on Isilon. In this case, you must also add a corresponding DNS record for routing.

Set for the manually created computer account the operatingSystem attribute for example to "EMC Isilon" and modify the configuration file to find the computer accounts with the special operatingSystem attribute as shown below.

 

Configuration file

pnCollector.config.xml

 

Computer

Collector server which is configured for the EMC file server.

 

Path

%ProgramData%\protected-networks.com\8MAN\cfg

If the file does not exist, copy the "template" from the following path:

old: %ProgramFiles%\Protected Networks\8MAN\etc

new: %ProgramFiles%\solarwinds\ARM\etc

 

Code

<?xml version="1.0" encoding="utf-8"?>

<config>

<tracer>

<emc>

<EmcOperatingSystems>EMC Isilon</EmcOperatingSystems>

</emc>

</tracer>

</config>

 

Possible Values

Set the value to the same value as the operatingSystem attribute in Active Directory.

Alternatively, you can leave the EmcOperatingSystems value empty. With the empty EmcOperatingSystems entry, the logga displays all available AD all non-NetApp or non-Windows computer accounts so that you can select the manually created ones.

 

Common Event Enabler (CEE)

The Common Event Enabler (CEE) for Windows, is a necessary component provided by EMC to enable monitoring. We recommend that you install both the CEE and the collector on the same Windows server.

The Common Event Enabler (CEE) must be published to EMC®, enable EMC® to forward the events. We recommend to install and start the CEE before configuring the EMC®. This way you can check immediately if these components are connected.

 

Installation of the CEE

The collector installation needs another EMC® specific framework installation. This framework called “CEE” covers the communication between EMC Data Mover and EMC® CEE framework. The actual installation documents can be found in the EMC documentation center (https://community.emc.com). ARM supports the CEE up to version 6.6 or 8.6.1 or higher.

 

ARM specific changes for the CEE

For optimal performance, the collector and CEE should run on the same server.

The connection between collector and CEE framework client is controlled by Windows registry entries. To apply these changes you need administrator rights. In registry editor navigate to:

[HKEY_LOCAL_MACHINE\SOFTWARE\EMC\CEE\CEPP]

 

Create or change the following entries.

[HKEY_LOCAL_MACHINE\SOFTWARE\EMC\CEE\CEPP\Audit\Configuration] Enabled=(REG_DWORD) 0x00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\EMC\CEE\CEPP\Audit\Configuration] EndPoint=(REG_SZ) "pnTracer"

The new values will be active after restarting the CEE service “emc cava”.

 

Creating and editing cepp.conf file

Create a file named cepp.conf with following content:

cifsserver=

surveytime=10

ft level=0

msrpcuser=<the account the CEE service is running under>

pool name=pool1 \

servers=<IP Addresse oder Hostname des Windows Servers auf dem der CEE Service läuft> \

postevents=* \

option=ignore \

reqtimeout=1000 \ retrytimeout=500

 

Copy this file to the root directory of the EMC® Data Mover:

$ server_file <movername> -put cepp.conf cepp.conf

 

Administer rights of the account of CEE service

For verification of the account the CEE service is running under, on the EMC® you have to administer the rights of this account accordingly.

Procedure according document on https://www.emc.com/collateral/TechnicalDocument/docu48055.pdf:

  1. Click Start and select Settings > Control Panel > Administrative Tools > EMC VNX File CIFS Management. The EMC VNX File CIFS Management window appears.
  2. Perform one of the following:
    1. If a Data Mover is already selected (name appears after Data Mover Management), go to step 4.
    2. If a Data Mover is not selected:
      – Right-click Data Mover Management and select Connect to Data Mover.
      – In the Select Data Mover dialog box, select a Data Mover by using one of the following methods:
      1. In the Look in: list box, select the domain in which the Data Mover that youwant to manage is located and select the Data Mover from the list. Or
      1. In the Name box, type the computer name, IP address, or the NetBIOS name of the Data Mover.
  3. Double-click Data Mover Management, and double-click Data Mover Security Settings.
  4. Click User Rights Assignment. The assignable rights appear in the right pane.
  5. Double-click EMC Event Notification Bypass. The Security Policy Setting dialog box appears.
  6. Click Add. The Select Users or Groups dialog box appears.
  7. If necessary, choose the server from the Look in drop-down list. Select the user from the list box.
  8. Click Add, and then click OK to close the Select Users or Groups dialog box.
  9. Click OK to close the Security Policy Setting dialog box.
  10. In the User Rights Assignment list, double-click EMC Virus Checking. The Security Policy Setting dialog box appears.
  11. Click Add. The Select Users or Groups window appears.
  12. If necessary, choose the server from the Look in drop-down list. Select the user from the list box.
  13. Click Add, and then click OK to close the Select Users or Groups dialog box.
  14. Click OK to close the Security Policy Setting dialog box.
  15. Close the EMC VNX File CIFS Management window.

 

Starting the Common Event Publishing Agent (CEPA)

The last step is starting and checking CEPA on EMC®.

  • Start
    $ server_cepp <movername> -service –start
    in which:
    <movername> = name of the Data Mover
    result:
    <movername> : done
  • Check CEPA status:
    $ server_cepp <movername> -service –status
    result:
    <movername>: CEPP Started
  • Detailed info:
    $ server_cepp <movername> -pool –info
    result:
    <movername>:
    pool_name = <pool name>
    server_required = no
    access_checks_ignored = 0
    req_timeout = 500 ms
    retry_timeout = 50 ms
    pre_events =
    post_events = CreateFile,DeleteFile, RenameFile, FileRead ….
    post_err_events =
    CEPP Servers:
    IP = <CEE IP>, state = ONLINE, vendor = Unknown

 

Configure Isilon file servers

Configuration of auditing for Isilon is done via CLI.

 

Set the necessary event types

isi audit settings modify --audit-success create,delete,read,rename,set_security,write

 

Set the <hostname>

Use the server name that is used to access the shares on the Isilon. This name must be identical to the resource name selected in the ARM configuration for logging.

isi audit settings global modify --hostname=<hostname>

 

Set the CEE URI

isi audit settings global modify --add-cee-server-uris=<CEE_server_URI>

The CEE URI looks like http://cee.example.com:12228/cee. Port 12228 is the CEE default port.

 

Set zones to monitor

Zones define the shares or directories for which the Isilon sends the events to CEE (and finally to the Logga).

These zones defines which directories to configure in the ARM configuration (see chapter 3.4). If you select directories in the FS Logga configuration which are not within the configured zones, then you will not get events for these directories.

isi audit settings global modify --audited-zones <zone>

 

Enable auditing

isi audit settings global modify --protocol-auditing-enabled on