Cisco NSS2000 - Gigabit Storage System Chassis, NSS2000 SERIES Administration Manual

Page 1
Cisco Small Business
NSS2000 Series Network Storage System
ADMINISTRATION
GUIDE
Page 2
8^hXdHnhiZbh!>cX# HVc?dhZ!86
6h^VEVX^[^X=ZVYfjVgiZgh
8^hXdHnhiZbhJH6EiZ#AiY# H^c\VedgZ
:jgdeZ=ZVYfjVgiZgh
8^hXdHnhiZbh>ciZgcVi^dcVa7K 6bhiZgYVb!I]ZCZi]ZgaVcYh
8^hXd]VhbdgZi]Vc '%%d[[^XZhldgaYl^YZ#6YYgZhhZh! e]dcZcjbWZgh!VcY [VmcjbWZghVgZa^hiZYdc i]Z8^hXdLZWh^iZVilll#X^hXd#Xdb$\d$d[[^XZh#
889:!88:CI!8^hXd:dh!8^hXdAjb^c!8^hXdCZmjh!8^hXdHiVY^jbK^h^dc!8^hXdIZaZEgZhZcXZ!8^hXdLZW:m!i]Z8^hXdad\d!98:!VcYLZaXdbZidi]Z=jbVcCZildg`VgZigVYZbVg`h08]Vc\^c\i]ZLVnLZLdg` !
8^hXdHnhiZbh!>cX# HVc?dhZ!86
6h^VEVX^[^X=ZVYfjVgiZgh
8^hXdHnhiZbhJH6EiZ#AiY# H^c\VedgZ
:jgdeZ=ZVYfjVgiZgh
8^hXdHnhiZbh>ciZgcVi^dcVa7K 6bhiZgYVb!I]ZCZi]ZgaVcYh
8^hXd]VhbdgZi]Vc '%%d[[^XZhldgaYl^YZ#6YYgZhhZh! e]dcZcjbWZgh!VcY [VmcjbWZghVgZa^hiZYdc i]Z8^hXdLZWh^iZVilll#X^hXd#Xdb$\d$d[[^XZh#
889:!88:CI!8^hXd:dh!8^hXdAjb^c!8^hXdCZmjh!8^hXdHiVY^jbK^h^dc!8^hXdIZaZEgZhZcXZ!8^hXdLZW:m!i]Z8^hXdad\d!98:!VcYLZaXdbZidi]Z=jbVcCZildg`VgZigVYZbVg`h08]Vc\^c\i]ZLVnLZLdg` !
A^kZ!EaVn!VcYAZVgcVcY8^hXdHidgZVgZh Zgk^XZbVg`h0VcY6XX ZhhGZ\^higVg!6^gdcZi!6hncXDH!7g^c\^c\i]ZBZZi^c\IdNdj!8ViVanhi!8896!889E!88>:!88>E!88C6 !88CE!88HE!88KE!8^hXd!i]Z8^hXd8Zg i^[^ZY >ciZgcZildg`:meZgiad\d!8^hXd>DH!8^hXdEgZhh!8^hXdHnhiZbh!8^hXdHnhiZbh8Ve^iVa!i]Z8^hXdHnhiZbhad\d!8^hX dJc^in!8daaVWdgVi^dcL^i]djiA^b^iVi^dc!:i]Zg;Vhi!:i]ZgHl^iX]!:kZci8ZciZg!;VhiHiZe!;daadlBZ 7gdlh^c\!;dgbH]VgZ!<^\V9g^kZ!=dbZA^c`!>ciZgcZiFjdi^Zci!>DH!^E]dcZ!^Fj^X`HijYn!>gdcEdgi!i]Z>gdcEdgiad\d!A^\]iHigZVb!A^c`hnh!BZY^VIdcZ!BZZi^c\EaVXZ!BZZi^c\EaVXZ8]^bZHdjcY!B<M!CZildg`Zgh!CZildg`^c\ 6XVYZbn!CZildg`GZ \^higVg!E8Cdl!E>M!EdlZgEVcZah!Egd8dccZXi!HXg^eiH]VgZ!HZcYZg7VhZ!HB6GIcZi!HeZ Xigjb:meZgi!HiVX`L^hZ!I]Z;VhiZhiLVnid>cXgZVhZNdjg>ciZgcZiFjdi^Zci!IgVchEVi]!LZW:m!VcYi]ZLZW:m ad\dVgZgZ\^hiZgZYigVYZbVg`hd[8^hXdHnhiZbh!>cX#VcY$dg^ihV[ [^a^ViZh^ci]ZJc^iZYHiViZhVcYXZgiV^cdi]ZgXdjcig^Zh#
6aadi]ZgigVYZbVg`hbZci^dcZY^ci]^hYdXjbZcidglZWh^iZVgZi]ZegdeZgind[i]Z^ggZheZ Xi^kZdlcZgh#I]ZjhZd[i]ZldgYeVgicZgYdZhcdi^beanVeVg icZgh]^egZaVi^dch]^eWZilZZc8^hXdVcYVcndi]ZgXdbeVcn#%-%.G
8^hXdHnhiZbh!>cX# HVc?dhZ!86
6h^VEVX^[^X=ZVYfjVgiZgh
8^hXdHnhiZbhJH6EiZ#AiY# H^c\VedgZ
:jgdeZ=ZVYfjVgiZgh
8^hXdHnhiZbh>ciZgcVi^dcVa7K 6bhiZgYVb!I]ZCZi]ZgaVcYh
© 2008 Cisco Systems, Inc. All rights reserved. OL-17960-01
Page 3
Contents
Chapter 1: Introduction 1
Benefits 1
Using the Help 2
Audience 2
About the NSS Configuration Interface 2
Getting Help 2
Refreshing the GUI Pages 3
Using the Quick Setup Wizards 4
Approved Vendor List for Drives 5
Chapter 2: Managing the System 6
System Alerts 7
Storage Status 7
Network Status 8
Shares Status 8
Backup Status 8
Power Status 9
System Status 9
Viewing the Hardware Monitor 10
Viewing and Managing the System Logs 11
Configuring the System for UPS Support 13
NSS-supported UPS Product Families 14
Chapter 3: Adding the NSS to your Network 15
Physical Interfaces 15
Virtual Interfaces 16
Viewing the Network Settings 17
Configuring the Network Link IP 18
Resetting the DHCP Lease on a Link 20
Viewing VLANs Configured on the NSS 21
Allowing a VLAN Access to the NSS 22
Cisco Small Business NSS2000 Series Administration Guide 1
Page 4
Contents
Changing a VLAN Configuration 24
Removing a VLAN’s Access to the NSS 25
Configuring the NSS Network Identification 27
Configuring DNS or WINS for Name Resolution 30
Joining the NSS to a Network Information System (NIS) Domain 32
Editing Access Control Lists (ACLs) from Windows Explorer: Restrictions 33
Running Diagnostics of your Physical Link 33
Configuring the Network Ports 34
Setting up the Ethernet Frame Size & Advertising Modes 36
Chapter 4: Configuring your Storage 38
Disk Status Table 38
RAID Arrays Table 39
Volumes Table 40
USB Storage Status 41
Managing RAID Arrays 42
About the RAID Arrays Page 42
Choosing a RAID Array Level 42
Creating a RAID Array 45
Deleting an Array 46
Migrating a RAID Array to another Storage Device 48
Virtualizing Storage within your Network 49
Currently Exported Storage 49
Exporting Storage to your Network 50
Creating Virtualized Storage 51
Unexporting Storage 53
Volume Management 54
Creating a Volume 55
Expanding a Volume 57
Cisco Small Business NSS2000 Series Administration Guide 2
Page 5
Contents
Deleting a Volume 59
Volume Encryption Overview 60
Locking an Encrypted Volume 61
Unlocking a Locked Volume 62
Changing the Password for an Encrypted Volume 63
Storage Options 65
Chapter 5: Setting up End-User Access 67
Managing your NSS Users 68
Creating a User Profile 68
Editing a User Profile 71
Integrating Users from an ADS, NTv4, or NIS Domain 72
Logging into the NSS as a Local User 73
Deleting a User Profile 73
Working with Groups 74
Creating a Group 74
Changing the Users Assigned to a Group 76
Integrating Groups from an Active Directory, NTv4, or NIS Domain 77
Deleting a Group 78
Managing Volume Quotas 79
Changing the User’s Primary Group 79
About the Volume Quota Page 80
Creating Volume Quota for a User or Group 80
Setting up the Grace Period for a Volume Quota 83
Changing a Volume Quota for a User or Group 84
Clearing a Quota 86
Network Filters Overview 87
Defining the Default Network Policy 88
Creating a Network Filter 89
Available Access Filters 91
Cisco Small Business NSS2000 Series Administration Guide 3
Page 6
Contents
Deleting a Network Filter 93
Configuring the User/Group Ranges and Home Directory Location94
Chapter 6: Managing the Shares 96
Creating a Share 97
Editing an Existing Share 102
Adding a DFS Shared Folder 105
Restrictions using Microsoft DFS from the NSS 107
Setting up CIFS Access 108
Setting up Network Filesystem (NFS) Access 109
Configuring the NSS for FTP Access 110
Creating or Running a Backup of a Share 114
Creating a Scheduled Backup for a Share 115
Initiating a Backup for a Share 117
Deleting Backup Images 118
Configuring the Connection Profile 119
Chapter 7: Maintaining the NSS 120
Rebooting or Shutting Down the NSS 121
Upgrading the NSS Firmware 122
Restoring the Factory Default Configuration 125
Managing the NSS Configuration 126
Saving the Current Configuration 127
Restoring a Configuration File 130
Deleting a Configuration File 133
Configuring the Timing Settings 134
Configuring the Email Alerts for a Recipient 135
Changing the Email Alerts for a Recipient 137
Deleting an Email Alert Recipient Profile 138
Configuring SNMP Alerts 139
Cisco Small Business NSS2000 Series Administration Guide 4
Page 7
Contents
Changing the Administrator Password 141
Chapter 8: Instructing your End-Users 142
Logging into the CIFS Shares with Administrator Privileges 142
Windows Users: Accessing the NSS Storage using CIFS/SMB 143
Windows Users: Accessing the NSS Storage through FTP 144
Mac Users: Accessing Storage through CIFS/SMB 144
Mac Users: Accessing Storage through FTP 145
UNIX/Linux Users: Accessing Storage through NFS 146
UNIX/Linux Users: Accessing Storage through FTP 147
Appendix A: Troubleshooting 148
Power LED/Button (Front Panel) 148
System LED (Front Panel) 149
Reset Button (Front Panel) 149
LAN LED (Front Panel) 150
Hard Disk Drive LEDs (Front Panel) 150
UPS LED (Back Panel) 151
Repairing a Degraded Array 151
Working with a Failed Array 153
Drive Error LED Remains On 154
Firmware Upgrade Failed 154
Free Bound Virtualized Storage when the Master System Fails 155
All CIFS Connections were Unexpectedly Ended 155
Hotplugging the Ethernet Link doesn’t Reset IP or Link Rate 156
Unable to Create a Share or Quota for a Volume 156
Cannot Access the NSS through FTP 157
Cannot Rename a Folder through FTP 157
Configuration Page does not Appear in Internet Explorer 158
Handling an Unexpected (Unclean) Shutdown 158
Cisco Small Business NSS2000 Series Administration Guide 5
Page 8
Contents
Boosting the Performance of NFS Transfers 159
Appendix B: Glossary of Storage-Related Terms & Acronyms 160
Appendix C: Environmental Specifications 176
Appendix D: Additional Information 177
Regulatory Compliance and Safety Information 177
Warranty 177
End User License Agreement (EULA) 177
Appendix E: Support Contacts 178
Cisco Small Business NSS2000 Series Administration Guide 6
Page 9
Introduction
Thank you for choosing the Cisco Small Business Network Storage System (NSS).
Administering a network can be a difficult job. Finding low-cost ways to simplify your data-management tasks means that you have more resources to dedicate elsewhere. The NSS is a Network Attached Storage (NAS) unit that appears as a native file server for the various clients within your network, including Windows, Apple Macintosh, UNIX, and Linux platforms. The biggest benefit to your users is that they can now access data that might be stored across different physical platforms as simply as if it were on their own computers. The NSS provides a single repository that is completely dedicated to storage, ensuring the integrity, reliability, and accessibility of your data for a relatively low cost.
The NSS lets you install up to two physical disk drives. The NSS uses the most common file-based protocols such as NFS, CIFS, and FTP for file sharing.
1
Benefits
The NSS offers the following main advantages to your business:
Cross-platform File Sharing: Share files easily and inexpensively across
heterogeneous platforms over a cost-effective Ethernet and IP network.
Easy Installation and Administration: With a basic understanding of
networking, the NSS is easily configured, managed, and made available to all of your networked users.
Data Consolidation: Centralize data to reduce management costs and
maximize your investment in existing hardware. This also means better data security.
The NSS2000 Series includes the NSS2000 and NSS2050 models. Check www.cisco.com/go/smallbiz for additional information.
Cisco Small Business NSS2000 Series Administration Guide 1
Page 10
Introduction
Using the Help
Using the Help
1
The NSS (Network Storage System) help file provides information about using the configuration interface to configure the NSS.
Audience
The information contained in these help pages is intended for use by network administrators. It assumes a basic understanding of storage-related concepts, including RAID, filesystems, and networking.
About the NSS Configuration Interface
The NSS configuration interface contains some basic navigation features to help you as you configure the NSS.
Manager Menu: The Manager Menu forms the left side of the configuration
interface window. It contains the menu options that represent the major configuration areas for the NSS. For example, System, Network, Share, Storage. When you click an option, a sub-menu of related options appears. Clicking a topic opens the associated topic in the To p i c page in the right side of the window.
To p ic Pa g e: When you select a topic from the Manager Menu, the
configuration page for that topic appears in the right side of the window.
Getting Help
There are two buttons on the NSS configuration interface window that you can click to access help:
From the Manager Menu click Help to display the full online Administrator
Guide. Use the navigation tools within the help to find information for your chosen topic.
Cisco Small Business NSS2000 Series Administration Guide 2
Page 11
Introduction
Using the Help
1
A context-sensitive help button appears in the upper-right corner of the
topic page. Click it to display help on the specific configuration area. For example, if the current configuration topic is about the status of your system, click the Help button for information about the details that appear on the System Status page.
Refreshing the GUI Pages
Although certain GUI pages automatically refresh at a preselected time interval, some pages do not refresh until they are reselected. The best way to manually refresh a GUI page is to reselect it through the options in the Manager Menu on the left side of the GUI window. For example, to refresh the NTP Configuration page, from the Manager Menu, click Admin and then click Tim e. We recommend you do not use the Refresh button on the Web browser toolbar as this can cause data issues.
Cisco Small Business NSS2000 Series Administration Guide 3
Page 12
Introduction
Using the Quick Setup Wizards
Using the Quick Setup Wizards
There are three wizards available from the Manager Menu of the configuration interface:
Initial Setup: This wizard automatically appears when you log into the
configuration interface for the first time. Although you can access it at any time from the Manager Menu, if you have saved any configuration settings before you run the wizard, note that running the wizard will erase any saved data. For example, if you configure a RAID and then run the wizard, the RAID will be deleted. This wizard steps you through the basic configuration to create a RAID, volume, share, user, to set the Home Directory location, set the time, and so on. (For detailed help on the full set of configuration options, refer to the online help or to the Administrator’s Guide which you can download from the Cisco website.)
1
IP Camera Options: The following wizards let you set up the NSS to store
videos from IP surveillance cameras. The type of wizard you should choose depends on the way the camera transfers the video clips. Note that you only need to run the wizard once and then you must configure each the camera to output the video to the configured share. To run either of the following wizards, make sure you have created a RAID array, a volume, and any users that you want to grant access to the surveillance videos. After running this wizard, you must map a network drive to the share on the PC running the camera utility and configure the camera utility to save the video to this mapped network drive
- FTP: Run this wizard if the cameras are set up to transfer motion-
triggered clips. Running the wizard creates a single user and FTP share for the cameras. The videos are then saved within an FTP folder which contains a subfolder for each camera.
- CIFS: Run this wizard if the cameras have a Windows utility program that
lets you save the streaming video to a local drive (or in this case, the NSS) and then view the video from its saved location. The wizard creates a single user and share for all cameras that are configured to output to the Windows Utility program. After you run the wizard, you must map the network drive from the PC that runs the Windows utility program to the CIFS share.
Cisco Small Business NSS2000 Series Administration Guide 4
Page 13
Introduction
Approved Vendor List for Drives
Approved Vendor List for Drives
If you are purchasing disk drives to install in the NSS, refer to the product support information offered on the Cisco website (www.cisco.com) for a list of recommended disk drives.
When you select a disk drive, consider the type of RAID levels required to service your business needs. For example, if you are creating a RAID (versus a JBOD), make sure that each of the disks used in the array have the same disk capacity. The RAID is built using the capacity of the smallest disk in the array.
1
Cisco Small Business NSS2000 Series Administration Guide 5
Page 14
Managing the System
The System Status page provides an overview of the current operating condition of the NSS. For example, you can view system alert messages such as if a disk drive is failing or has failed, if a volume is approaching its full capacity, and if an array rebuild is complete. You can also view the current status of any of the following: storage, shares, backups, network, power, and system details. Status pages like the System Status page automatically refresh on a regular interval and are helpful for monitoring the progress of certain processes such as building a RAID.
2
The following sections provide a detailed explanation of the information that appears on the System Status page.
Cisco Small Business NSS2000 Series Administration Guide 6
Page 15
Managing the System
2
System Alerts
The System Alerts section shows any system messages issued since the last time they were cleared. Messages can range in severity from informational to immediate action required.
There are three type of alerts that can appear in this area of the System Status page:
Error: These types of messages indicate the most severe types of
problems with the NSS. They require immediate action. For example, if a disk drive or RAID array is in a failed condition.
Warning: These types of messages indicate there is a problem with the
NSS that requires eventual action. For example, if the amount of storage used for a volume is over 90%.
Notification: These types of messages are simply to advise of changes to
the NSS. For example, the RAID rebuild is complete.
Storage Status
The Storage area displays details about the configured storage on the NSS, including:
Drives: The number of physical disk drives installed.
RAID Arrays: The number of configured RAID arrays.
Volumes: The number of configured volumes.
To t al C on fi gu re d Ca pa ci t y : The total aggregate size of all configured
volumes.
Percent Used: The total amount of the configured capacity used.
Cisco Small Business NSS2000 Series Administration Guide 7
Page 16
Managing the System
2
Network Status
The Network area displays the following:
Link: The current status of the Ethernet link. The only status that is visible is if
the link is up. If the link is down, you cannot access the Configuration Manager.
VLANs: The number of VLANs configured on the NSS.
Link IP: The IP address of the Ethernet link.
Shares Status
The Shares area displays the status of the following:
Shares: The number of configured shares.
Connected Users: The total number of user sessions currently connected to
the NSS.
FTP: The FTP access state (enabled or disabled).
NFS: The NFS access state (enabled or disabled).
Backup Status
The Backup area displays the following:
Last Backup: The date and time of the last backup run. If a backup has never
been run on the system, the word "never" appears.
Cisco Small Business NSS2000 Series Administration Guide 8
Page 17
Managing the System
2
Power Status
The Power area displays the following:
UPS: The following options are available depending on the current
operating condition of the UPS. For more information about the functioning of the UPS, refer to the UPS documentation.
- Disabled: A UPS is not currently connected to the NSS or is not enabled.
- Online: A UPS is connected to the NSS and is enabled. The NSS is
deriving power from the mains power.
- On Battery (%): The NSS is currently deriving its power from the UPS
battery. The percentage of power still available is also listed.
System Status
The System area displays the following:
Serial Number: The serial number of the NSS.
Firmware Version: The current version and date of the firmware installed on
the NSS.
Uptime: The number of days the NSS has been running since it was last
rebooted.
Last Boot: The date when the NSS was last rebooted.
Cisco Small Business NSS2000 Series Administration Guide 9
Page 18
Managing the System
Viewing the Hardware Monitor
Viewing the Hardware Monitor
The Hardware Monitor page displays details about the following physical conditions related to the NSS:
2
Voltages : The current voltage reading for all voltage rails in the system. The
reading is color-coded depending on if the voltage level is within specification (green) or out of specification and in need of attention (red).
Fans: The fan speed for each chassis fan. If the fan has stalled, the reading is
color-coded red. Normal fan operation is color-coded green.
Te m p e r a t u r e s : The NSS has temperature sensors located at various parts
of the chassis. Temperature readings are done from these sensors as well as from any installed disks (if the disk has an internal temperature sensor). If a disk does not have a temperature sensor, the reading appears as "unavailable". If the temperature of the system or disks is over or under the ideal temperature, the temperature is color-coded red. When the temperature is within the normal range the color-coding is green.
Cisco Small Business NSS2000 Series Administration Guide 10
Page 19
Managing the System
Viewing and Managing the System Logs
Viewing and Managing the System Logs
The NSS captures various types of information into log files, such as user access details. You can store the logs locally or on a remote server on the network. Since local space allocated for log files is limited, the logs are overwritten once the space is filled.
To work with the log files:
STEP 1 From the Manager Menu, click System Logs.
The System Logs page appears.
2
STEP 2 You can view, download, or delete any of the following types of log files:
Admin: A full list of time-stamped actions that were initiated through the
NSS configuration interface.
Web Access: This log displays IP addresses of the systems that accessed
the NSS configuration interface and the date and time of the authentication requests. This information helps you detect unauthorized attempts to access the NSS configuration interface.
Cisco Small Business NSS2000 Series Administration Guide 11
Page 20
2
CIFS Sharing: A time-stamped event log of events initiated by users
accessing shares through CIFS.
FTP Access: A time-stamped log of FTP actions, including user logins, file
transfers, and user logouts.
All Logs: A concatenation of all the log files. You can download and save this
file.
The following screenshot is an example of the Administrator Log:
STEP 3 Choose where you want to store the log files:
Locally: To store the log files on the NSS, select Store Logs Locally, and then
select the volume to which you want to store the logs from the options in the Store Logs to drop-down menu.
Remotely: To store the log files on a remote server, select Forward Log
Messages, and then enter the hostname or IP address of the server in one or both of the Remote Log Host fields. (If you set up two remote hosts, the log file is sent to both servers.) Note that the remote server must be running a syslog server.
STEP 4 Click Update.
Cisco Small Business NSS2000 Series Administration Guide 12
Page 21
Managing the System
Configuring the System for UPS Support
Configuring the System for UPS Support
The Power Status page provides an overview of the current power condition of the NSS. You can set up the NSS to use an uninterruptible power supply (UPS) if one is connected directly to the UPS port on the NSS.
NOTE: When the UPS power goes to low battery, a signal is sent via the USB port on the NSS and a shutdown of the NSS is initiated. Make sure that the UPS has enough reserve power at this point to sustain the NSS through the shutdown (approximately 5 minutes).
The Power area displays the following:
2
AC Status: The following options are available depending on the current
operating condition of the UPS. For more information about the functioning of the UPS, refer to the UPS documentation.
- Disconnected: A UPS is not currently connected to the NSS or has not
yet been enabled.
- Online: A UPS is connected to the NSS and is enabled. The NSS is
deriving power from the mains power.
- On Battery: The NSS is currently deriving its power from the UPS
battery.
Battery Status: The percentage of power still available is also listed and is
color-coded according to the amount of battery remaining.
Cisco Small Business NSS2000 Series Administration Guide 13
Page 22
Managing the System
Configuring the System for UPS Support
To enable the UPS:
STEP 1 From the Manager Menu, click System Power.
The System Power page appears.
2
STEP 2 Select Enable UPS support.
STEP 3 Click Update.
NSS-supported UPS Product Families
The NSS supports the following UPS product families:
APC Back-UPS Pro USB
APC Back-UPS RS USB
APC Back-UPS USB
APC Back-UPS LS USB
APC Back-UPS ES/CyberFort 350
APC Smart-UPS USB
Cisco Small Business NSS2000 Series Administration Guide 14
Page 23
Adding the NSS to your Network
The Network Device Settings page displays the current status of the NSS’s physical and virtual network interfaces.
3
Physical Interfaces
The Network Device Status table displays the current status of the physical Ethernet link connected to the NSS.
Link: The number of the physical link attached to the NSS. The number
appears as 1.
Status: The status of the physical link. Options include:
- Up: The link is up (color-coded green) and operational.
- Down: The link is down (color-coded red) and not operational. If a cable
Cisco Small Business NSS2000 Series Administration Guide 15
is connected to the Ethernet port, check the cable integrity and the status of the device (switch, router, or computer) at the other end of the cable. You can use the NSS’s cable diagnostic feature to assist you (see
Page 24
Adding the NSS to your Network
Speed: The configured speed, in Mbps, of the physical link. Options include:
10 Mbps, 100 Mbps, 1000 Mbps.
MAC Address: The Ethernet MAC address for the link.
MTU: The Maximum Transmission Unit (MTU) in bytes defined for the link.
This is set either manually from the Network Properties page or via the DHCP server.
Rx Pkts: The total number of IP packets received since the last boot.
Tx P k t s : The total number of IP packets transmitted since the last boot.
Dropped Pkts: The total number of IP packets dropped since the last boot.
3
”Running Diagnostics of your Physical Link” section on page 33). This
status is not visible as you cannot access the Configuration Manager when the link has failed.
Virtual Interfaces
The VLAN Status area of the Network Status page displays the current status and details regarding each configured VLAN.
Link: The number that appears in this column identifies the physical link on
which the VLAN is configured.
VLAN: The VLAN number.
Priority: The 802.1p priority set for the VLAN. Options include 0 through 7 (0
being best effort data and 7 being network critical data).
Label: The text description defined for the VLAN.
Rx Pkts: The total number of IP packets received on the VLAN interface
since the last boot.
Tx P k t s : The total number of IP packets transmitted on the VLAN interface
since the last boot.
Dropped Pkts: The total number of IP packets dropped on the VLAN
interface since the last boot.
Cisco Small Business NSS2000 Series Administration Guide 16
Page 25
Adding the NSS to your Network
Viewing the Network Settings
Viewing the Network Settings
The Network Device Settings page displays information about the physical and virtual interfaces currently configured on the NSS.
NOTE: If you hotplug the Ethernet link after the initial installation of the NSS, make sure you wait 15 seconds between the time you unplug the cable and then plug it back in. The NSS displays the correct new settings within 10 seconds.
3
To display the Network Device Settings page, from the Manager Menu, click Network
Link: The number of the physical link attached to the NSS. It appears as 1.
VLAN: The ID assigned to the virtual interface. For physical interfaces, this
column is blank.
Cisco Small Business NSS2000 Series Administration Guide 17
IP. The Network Device Settings table displays the following:
Page 26
Adding the NSS to your Network
Configuring the Network Link IP
Assign Via: The method used to assign an IP configuration to the physical or
virtual interface. Options include:
- DHCP: The IP configuration was assigned by a DHCP server. Or, if the
- Static: A static IP configuration was manually entered through the NSS
IP Address: The IP address for the physical or virtual interface.
Netmask: The netmask for the physical or virtual interface.
Gateway: The address of the gateway for the physical or virtual interface.
3
interface was configured to use DHCP for IP configuration but no DHCP server was found, the IP address was assigned by the AutoIP protocol.
configuration interface.
Configuring the Network Link IP
You need to configure the method for assigning an IP configuration to each interface connected to the NSS.
NOTE: If you hotplug the Ethernet link after the initial installation of the NSS, make sure you wait 15 seconds between the time you unplug the cable and then plug it back in. The NSS displays the correct new settings within 10 seconds.
To set the IP address allocation method for an interface:
STEP 1 From the Manager Menu, click Network IP.
The Network IP page appears listing each interface.
Cisco Small Business NSS2000 Series Administration Guide 18
Page 27
Adding the NSS to your Network
Configuring the Network Link IP
STEP 2 Click Edit on the row of the interface you want to configure.
The Network Link Configuration page appears.
3
STEP 3 Select one of the following:
Obtain IP Address Automatically: Use a DHCP server to retrieve the IP
address, netmask, and gateway address for the interface.
Use the Following IP Address: Enter the IP configuration details manually for
the IP address, netmask, and gateway, in dotted-quad notation (i.e., set of four digits separated by periods where each digit is in the range of 0-255).
STEP 4 Click Update.
Cisco Small Business NSS2000 Series Administration Guide 19
Page 28
Adding the NSS to your Network
Resetting the DHCP Lease on a Link
Resetting the DHCP Lease on a Link
You can force a renewal of the DHCP lease on the physical link or VLAN that is configured for DHCP:
STEP 1 From the Manager Menu, click Network IP.
The Network IP page appears listing each physical and virtual interface.
STEP 2 Click Edit on the row of the link IP you want to reset.
The Network Link Configuration page appears.
3
STEP 3 Click Update.
Cisco Small Business NSS2000 Series Administration Guide 20
Page 29
Adding the NSS to your Network
Viewing VLANs Configured on the NSS
Viewing VLANs Configured on the NSS
When you first display the Network VLAN page, the currently configured VLANs appear. Configuring a VLAN to connect to the NSS depends if it is trunk-based or port-based. To configure a trunk-based VLAN, follow the steps to allow a VLAN to access the NSS; see ”Allowing a VLAN Access to the NSS” section on page 22. To configure a port-based VLAN, configure the switch to assign the port to which the NSS is connected to the desired VLAN. In this case, no NSS configuration changes are required.
To view the VLANs currently configured on the NSS:
STEP 1 From the Manager Menu, click Network VLAN.
The VLAN Configuration page appears.
3
STEP 2 View the following details for each existing VLAN that appears in the VLAN
Configuration table:
Link: The physical link attached to the NSS. The number appears as 1.
VLAN: The ID of the VLAN. This is configured when the VLAN is added to
the NSS and should match the ID of the VLAN as it is configured in your network. The range of valid VLAN IDs is from 1 to 4095.
Cisco Small Business NSS2000 Series Administration Guide 21
Page 30
Adding the NSS to your Network
Allowing a VLAN Access to the NSS
Priority: The quality of service (QoS) as defined in the IEEE 802.1p standard
for the VLAN traffic. VLAN Ethernet frames contain a three-bit priority tag ranging from 0 to 7 (where 0 is best effort and 7 is network-critical traffic).
Label: A text description for the VLAN (for example, "Data," "Voice," "Video,"
and so on). This description is used solely as a reference within the NSS interface and does not affect its operation.
Allowing a VLAN Access to the NSS
Configuring a VLAN to connect to the NSS depends if it is trunk-based or port­based. To configure a trunk-based VLAN, follow the steps described next. To configure a port-based VLAN, configure the switch to assign the port to which the NSS is connected to the desired VLAN. In this case, no NSS configuration changes are required.
3
To set up a network VLAN to access the NSS:
STEP 1 From the Manager Menu, click Network VLAN.
The VLAN Configuration page appears.
STEP 2 In the New VLAN area of the page, set up the following fields:
Cisco Small Business NSS2000 Series Administration Guide 22
Page 31
Adding the NSS to your Network
Allowing a VLAN Access to the NSS
Link: This shows as "1" for the Ethernet link.
VLAN: Enter the ID of the VLAN as it is defined within your network. The
range of valid VLAN IDs is from 1 to 4095.
Priority: Select the QoS priority for the VLAN traffic as it is defined for your
network. Valid options range from 0 to 7 (as defined by the IEEE 802.1p standard). VLAN Ethernet frames contain a three-bit priority tag ranging from 0 to 7 (where 0 is best effort and 7 is network-critical traffic).
Label: Enter a text description for the VLAN (for example, "Data", "Voice",
"Video", etc.). It can be made up of alphanumeric characters. Note that this description is used solely as a reference within the NSS interface and does not affect its operation.
STEP 3 Click Add.
The newly added VLAN appears in the VLAN Configuration table. A message appears to advise that the VLAN does not take effect until you configure the IP address.
3
STEP 4 Click OK.
The Network IP page appears. The newly added VLAN appears in the list.
STEP 5 Click Edit for the VLAN you need to configure.
The Network Configuration page appears.
Cisco Small Business NSS2000 Series Administration Guide 23
Page 32
Adding the NSS to your Network
Changing a VLAN Configuration
STEP 6 Click one of the following, depending on how you want to assign the VLAN IP
addressing:
Obtain IP Address Automatically: Use a DHCP server to retrieve the IP
address, netmask address, and gateway address for the VLAN.
Use the Following IP address: Enter the IP configuration details manually.
STEP 7 Click Update.
Changing a VLAN Configuration
After you set up a VLAN to access the NSS, you can change its configuration details.
3
To edit a VLAN configuration:
STEP 1 From the Manager Menu, click Network VLAN.
The VLAN Configuration page appears.
STEP 2 Click Edit for the VLAN you want to change.
Cisco Small Business NSS2000 Series Administration Guide 24
Page 33
Adding the NSS to your Network
Removing a VLAN’s Access to the NSS
The Edit VLAN page appears.
STEP 3 Make changes to any of the VLAN configuration fields as required.
3
STEP 4 Click Update.
Removing a VLAN’s Access to the NSS
All connected VLANs appear when you first display the VLAN Configuration page. You can delete the connection between a VLAN and the NSS. Note that deleting the VLAN only affects the VLAN’s ability to access the NSS. It does not impact the VLANs operation within your network.
To disconnect a VLAN’s access to the NSS:
Cisco Small Business NSS2000 Series Administration Guide 25
Page 34
Adding the NSS to your Network
Removing a VLAN’s Access to the NSS
STEP 1 From the Manager Menu, click Network VLAN.
The VLAN Configuration page appears.
3
STEP 2 From the VLAN Configuration table, click Delete for the VLAN you want to remove.
The VLAN disappears from the VLAN Configuration table and can no longer access the NSS.
Cisco Small Business NSS2000 Series Administration Guide 26
Page 35
Adding the NSS to your Network
Configuring the NSS Network Identification
Configuring the NSS Network Identification
The Network Identification page is where you configure the network identity of the NSS, including the hostname and domain membership.
NOTE Before you join the NSS to an NTv4 or Active Directory Service (ADS) domain, do
the following:
— Configure the IP and DNS information.
— Set up your user and group ID ranges on the User/Group Settings page (from the Manager Menu, click Access and then Options). If you make a change to the range after the domain is joined you must rejoin the NSS to the domain after the change is made.
3
— Set up the Home Directory Location on the User/Group Settings page. This is used for any domain users as well as local users.
To configure the NSS network identity:
Cisco Small Business NSS2000 Series Administration Guide 27
Page 36
Adding the NSS to your Network
!
Configuring the NSS Network Identification
STEP 1 From the Manager Menu, click Network Identification.
The Network Identification page appears.
3
STEP 2 In the Hostname field, enter the name you want to use for the NSS. Note any
special naming restrictions or conventions enforced by the domain(s) into which the NSS is being joined.
CAUTION: If you change the hostname, any current CIFS connections to shares on the NSS are disconnected.
STEP 3 To assign the hostname for the NSS using the DHCP server, select Assign
automatically via DHCP. If the DHCP server is not available or if it is not configured to supply a hostname, the NSS hostname is assigned using the information entered in the Hostname field.
STEP 4 In the Description field, enter the textual description for the NSS as you want it to
appear in the file manager window for your users.
STEP 5 Select the type of network into which you are making the NSS a member from the
following options:
Cisco Small Business NSS2000 Series Administration Guide 28
Page 37
Adding the NSS to your Network
Configuring the NSS Network Identification
Workgroup: Make the NSS part of a peer-to-peer network.
NTv4 Domain: Make the NSS a part of a pre-Windows 2000 domain. If you
select this option, set up the following fields:
- NTv4 Domain: Enter the domain name.
- Domain Controller: Enter the hostname or IP address of the domain
controller.
- Username: Enter the username of an account that has administrator
privileges for this domain. Note: The username cannot contain the "%" character.
- Password: Enter the password for the administrator account. This
password is cleared each time you click Update. You must re-enter the password each time you edit the fields on this page to ensure the rejoin of the domain is successful.
3
Member of Active Directory domain: Make the NSS part of an Active
Directory (ADS) domain. If you select this option, set up the following fields:
- Active Directory Domain: Enter the domain name. Note that you might
have to use the DNS fully qualified domain name. For example, "domain.com" versus just "domain."
- Kerberos Realm: Enter the name of your Kerberos realm. If you are not
sure what to enter here, enter the domain name. In most standard Windows domain installations, this is the correct value. Note that you might have to use the fully qualified domain name for the Kerberos Realm fields. For example, "domain.com" versus just "domain".
- Domain Controller: Enter the hostname or IP address of the domain
controller.
- Username: Enter the username of an account that has administrator
privileges for this domain. Note: The username cannot contain the "%" character.
- Password: Enter the password for the administrator account. This
password is cleared each time you click Update. You must re-enter the domain password each time you edit fields on this page to ensure the rejoin of the domain is successful.
Cisco Small Business NSS2000 Series Administration Guide 29
Page 38
Adding the NSS to your Network
Configuring DNS or WINS for Name Resolution
STEP 6 Click Update.
If you configured the NSS to join a domain, when you click Update, the domain join occurs. The NSS configuration interface displays the status of the domain join (that is, successful or not successful). Note: If you are joined to a domain and make changes to the fields on this page, make sure you re-enter the domain password as the NSS automatically rejoins the domain when you click Update.
Configuring DNS or WINS for Name Resolution
Within a network, DNS and WINS are used to translate hostnames into IP addresses. For example, the hostname "myserver" might translate to 172.1.135.6. Configuring how the NSS works with name resolution depends on what type of servers exist within your network.
3
To configure the DNS or WINS server addresses for your network:
STEP 1 From the Manager Menu, click Network DNS/WINS.
The Network Name Resolution page appears.
Cisco Small Business NSS2000 Series Administration Guide 30
Page 39
Adding the NSS to your Network
Configuring DNS or WINS for Name Resolution
STEP 2 Based on your network setup, configure the following fields:
Search Domain: Enter the address of the DNS search domain accessible by
the NSS. For example, "mycompany.com".
Primary DNS Server: Enter the IP address of the primary DNS server on
your network.
Alternate DNS Server: Enter the IP address of a second DNS server to be
used should the primary DNS server become unavailable. This field is optional.
Assign automatically via DHCP: Select this to assign the IP address for the
DNS server using the DHCP server. If the DHCP server cannot be found or times out, the DNS server IP address is assigned the IP address manually entered in the Primary or Alternate DNS Server fields.
Primary WINS server: If your network has a WINS server, enter its address
or hostname. This field is optional.
3
Alternate WINS server: If your network has a secondary WINS server, enter
its address or hostname. This field is optional.
Assign automatically via DHCP: Select this to assign the IP address or
hostname for the WINS server using the DHCP server. If the DHCP server cannot be found or times out, the DNS server IP address is assigned the IP address manually entered in the Primary or Alternate WINS Server fields.
STEP 3 Click Update.
Cisco Small Business NSS2000 Series Administration Guide 31
Page 40
Adding the NSS to your Network
Joining the NSS to a Network Information System (NIS) Domain
Joining the NSS to a Network Information System (NIS) Domain
To join the NSS to a NIS domain, you need to configure and enable it.
NOTE: Before you join a NIS domain, make sure you set up or make changes to the NIS domain users and groups ID range on the User/ Groups Settings page. This minimizes the risk of collisions of user or group IDs within your network.
To configure the NSS for NIS:
3
STEP 1 From the Manager Menu, click Network NIS.
The NIS Configuration page appears.
STEP 2 Select Enable NIS.
STEP 3 Enter the NIS domain name in the NIS Domain Name field.
STEP 4 Set the bind state by clicking one of the following:
Cisco Small Business NSS2000 Series Administration Guide 32
Page 41
Adding the NSS to your Network
Running Diagnostics of your Physical Link
Broadcast for NIS Server: Click this option to have the NSS search until it
finds the NIS server on the network.
Use the following NIS Servers: To manually identify the NIS server you want
the NSS to use, click this option, and then enter the address of up to three different NIS servers.
The Bind State field shows the current bind status of the NSS. Options include: "Invalid" (the NSS is not joined to an NIS domain), or "Enabled" (the NSS is successfully joined to a NIS domain).
STEP 5 Click Update.
Editing Access Control Lists (ACLs) from Windows Explorer: Restrictions
3
Access Control Lists (ACLs) are used to set user and group access privileges for specific files and folders stored on the NSS. There are certain restrictions to be aware of as you work with ACLs through Windows Explorer:
Group versus User ACLs: You can only set up an ACL for individual users.
You cannot set up a group ACL.
NIS domain: You cannot create or edit ACLs for NIS domain users; they do
not appear in the Security tab in Windows Explorer.
Running Diagnostics of your Physical Link
The NSS lets you test the physical network cable attached to the Ethernet link for certain fault conditions. The test automatically runs each time you display the Network Diagnostics page. Running this test does not affect the use of the link in any way.
NOTE: The diagnostics test is only supported when the NSS is connected to a Gigabit switch.
To test the physical link:
Cisco Small Business NSS2000 Series Administration Guide 33
Page 42
Adding the NSS to your Network
Configuring the Network Ports
STEP 1 From the Manager Menu, click Network Diagnostics.
The Network Diagnostics page appears.
3
STEP 2 View the Link Status area for the test result. If the link is down, you cannot access
the Configuration Manager.
Configuring the Network Ports
By default the NSS runs network services on their well known (IETF defined) port numbers. You can change the port on which any particular service runs. When you disable WAN access for a given service, only hosts on the same subnet as the NSS may connect to that service. This is in essence a shortcut to manually defining an equivalent network filter.
Cisco Small Business NSS2000 Series Administration Guide 34
Page 43
Adding the NSS to your Network
Configuring the Network Ports
To set up the network services:
STEP 1 From the Manager Menu, click Network Ports.
The Network Ports Configuration page appears.
3
STEP 2 Change the port assignment for any of the following service types:
FTP/FTPS Port: The well-known port setting is 21. Select Disable WAN
Access to disallow FTP and FTPS protocol access to the NSS from a WAN.
Web Server Port: The well-known port setting is 80. Note that to access the
NSS configuration interface, you must have either the HTTP port or HTTPS port enabled. Select Disable WAN Access to disallow HTTP protocol access to the NSS from a WAN.
SSL Web Server Port: The well-known port setting is 443. Select Disable
WAN Access to disallow HTTPS protocol access to the NSS from a WAN.
STEP 3 Click Update.
Cisco Small Business NSS2000 Series Administration Guide 35
Page 44
Adding the NSS to your Network
Setting up the Ethernet Frame Size & Advertising Modes
Setting up the Ethernet Frame Size & Advertising Modes
The Network Properties page lets you set the Ethernet frame size and determine how you want to advertise the presence of the NSS within your network.
To configure the network properties:
STEP 1 From the Manager Menu, click Network Properties.
The Network Properties page appears.
3
STEP 2 Set the Maximum Transmission Unit (MTU), in bytes, in the MTU field. This is the
largest Ethernet frame that your network can handle. The default MTU size is 1500 bytes. MTU sizes greater than 1500 bytes are considered "jumbo frames".
STEP 3 To assign the link MTU size automatically using the DHCP server, click Assign
automatically via DHCP. In this case, the value entered in the MTU field is used as a backup if the DHCP server does not provide an MTU value or if the server cannot be reached.
STEP 4 Based on your network requirements, enable any of the following:
Advertise using UPnP: The NSS is advertised within the network using
UPnP.
Advertise using Zeroconf/Bonjour: The NSS is advertised within the
network using Zeroconf/Bonjour.
Cisco Small Business NSS2000 Series Administration Guide 36
Page 45
Adding the NSS to your Network
Setting up the Ethernet Frame Size & Advertising Modes
STEP 5 Click Update.
3
Cisco Small Business NSS2000 Series Administration Guide 37
Page 46
Configuring your Storage
The Storage Status page shows the current state of the disk drives, arrays, and volumes currently installed or exported to the NSS. You can also view the S.M.A.R.T. health report for each physical disk. To display the Storage Status page, from the Manager Menu, click Storage Status page automatically refresh on a regular interval and are helpful for monitoring the progress of certain processes such as checking the condition of a drive.
4
Status. Status pages like the Storage
Disk Status Table
The Disk Status table lists each of the physical disks installed in the NSS. The table is made up of the following columns:
Port: The port number on the NSS in which the disk is installed.
Cisco Small Business NSS2000 Series Administration Guide 38
Page 47
Configuring your Storage
4
Model: The model of the disk drive. This information is read from the disk
drive.
Size: The size of the disk drive.
Health: The system monitors each disk drive and reports the condition of
the disk drive. Options include:
- Passed: The disk drive has passed the S.M.A.R.T. test and is considered
fully operational. The Error LED on the disk drive is off.
- Failing: The disk drive has failed the S.M.A.R.T. test and is predicated to
fail. The red Error LED on the disk drive is blinking.
- Failed: The disk drive is not operational (has failed). The red Error LED on
the disk drive is on solid.
Status: The state of use for the disk drive. Options include:
- Online: The disk drive is spun up.
- Standby: The disk drive is idle and is spun down.
- Offline: The disk drive is failed.
Action: There are available action buttons associated with each installed
disk drive:
- Get Details: View the current, detailed S.M.A.R.T. report for the disk drive.
RAID Arrays Table
The RAID Arrays table lists each array (either RAID or JBOD) currently configured. The table is made up of the following:
Label: The name assigned to the array.
RAID Level: The configured RAID level.
Spare: Indicates if the RAID has a spare or not.
Size: The size allocated for the array. The amount of available storage for an
array depends on the number of drives in the array, the size of the smallest drive, as well as the RAID level assigned.
Status: The current condition of the RAID array. Options include:
- Clean: The array is in a normal state. The status is color-coded green.
Cisco Small Business NSS2000 Series Administration Guide 39
Page 48
Configuring your Storage
4
- Degraded: For RAID arrays with redundancy (i.e., RAID levels 1), one or
more of the redundant disk drives is removed from the system or is failed. In this state, the array is fully recoverable. The status is color­coded orange.
- Failed: One or more disk drives have been removed or are
unrecoverable from a RAID0 or a JBOD array. For RAID level 1, it indicates a loss of the redundant disk in the array. In this state, the array is unrecoverable.
- Rebuilding: A RAID level with redundancy is being rebuilt. Note that
during a rebuild, the RAID array is still fully usable. The status is color­coded orange. During the rebuild, the disk drive LED slowly blinks green.
- Stopped: A RAID array has been stopped by the system (through
degraded mode management) due to it being in degraded mode for the amount of time configured in the Storage Options page. Volumes associated with a stopped array are unmounted and unusable. To start the RAID array, click the Start button.
Volumes Table
The Volumes table provides a list of the existing volumes. The table is made up of the following:
Location: The name of the RAID array on which the volume is configured.
Volume: The name assigned to the volume.
To t al S p a ce : The amount of space configured for the volume.
Used Space: The amount of space used on the volume.
Avail. Space: The amount of unused space on the volume.
% Used: The percentage of available space that is used.
Encrypted: Whether the volume is encrypted or unencrypted.
Locked: The encrypted volume is locked and is not accessible. To make the
volume accessible, the volume must be unlocked.
Cisco Small Business NSS2000 Series Administration Guide 40
Page 49
Configuring your Storage
USB Storage Status
If you mount a USB flash device by inserting it into the AUX-1 port on the back of the chassis, the USB Storage Status table appears. If there is no USB flash device mounted, the USB Storage Status table does not appear. You can use the USB flash device to save a backup of the configuration file. When you finish using the USB flash device, click Unmount before you remove it from the AUX-1 port. (The AUX-1 LED on the back of the chassis must be off before you can safely remove the USB flash device.) If you remove the USB flash device in a mounted state, you risk corrupting the files or filesystem.
The USB Storage Status table provides the following details about the mounted USB flash device:
4
Disk: The type of disk in this case is the USB flash.
To t al S p a ce : The total amount of space (both used and available) on the
USB flash device.
Used Space: The amount of space taken up on the USB flash device.
Available Space: The amount of unused space on the USB flash device.
%Used: The percentage of space used on the USB flash device.
Action: The Unmount button unmounts the USB flash device so that it can be
safely removed from the AUX-1 port.
Cisco Small Business NSS2000 Series Administration Guide 41
Page 50
Configuring your Storage
Managing RAID Arrays
Managing RAID Arrays
RAID is an acronym for Redundant Array of Inexpensive Disks. In storage environments, a RAID array uses multiple physical disk drives to create a single logical unit from which data can be shared or replicated between the drives. A RAID array also simplifies the data management as the data appears in one logical unit. Choosing to store your data using a RAID array gives you the benefit of speed and performance; storage capacity; decreased downtime costs and increased availability; fault tolerance; and higher data security.
About the RAID Arrays Page
The RAID Arrays page is where you manage the local RAID and JBOD arrays. To display the RAID Arrays page, from the Manager Menu, click Storage
4
RAID.
Choosing a RAID Array Level
RAID (Redundant Array of Inexpensive Disks) is a technology that enables multiple low-cost hard drives to be used together in a way that increases performance and/or reliability compared to that of a single drive. The component devices in a RAID array appear as a single logical storage device. There are various types of
Cisco Small Business NSS2000 Series Administration Guide 42
Page 51
Configuring your Storage
Choosing a RAID Array Level
RAID, referred to as RAID levels. Some RAID levels increase the performance of the array, some increase the reliability, and others do a mixture of both. The NSS supports the following RAID levels: 0 and 1. The NSS also supports JBOD (Just a Bunch of Disks), which is technically not a RAID level.
The following variables are used in the formulas used to calculate the total capacity of each RAID level:
Stripe (RAID0): RAID0 stripes the data written to the array across the component disks. The data is broken into chunks and each chunk is written to a different disk. Reads and writes to each disk occur in parallel, speeding up the total read and write performance of the array.
4
m – capacity of the smallest disk in the array
n – number of disks in the array
Minimum Number of Disks: 2
Total capacity: m * n
Advantages: Increased read and write performance.
Disadvantages: Decreased reliability. A failure of any component disk in the
array causes the entire array to fail.
Mirror (RAID1): RAID1 writes the same data to each disk in the array. The disks are referred to as "mirrors" because each one mirrors the data stored on the others. As long as one disk in the array is intact, all data can be read back from the array. If a disk fails in the array and is then replaced, the array must copy the entire contents of a good disk to the new disk. This process is referred to as “resyncing”. During a resync, the array continues to be available for reads and writes. When an array contains a failed disk, it is said to be operating in “degraded” mode. This reflects the decreased performance and reliability of the array when it is missing disks.
Minimum Number of Disks: 2
Total capacity: m
Advantages: Increased reliability. The array can sustain the loss of all but
one disk without any data loss. Each mirror disk added to the array increases the reliability (for example, a two-disk RAID1 is half as likely to fail, a three-disk RAID1 is one-third as likely to fail, and so on). Increased read performance.
Disadvantages: Decreased aggregate storage capacity (each mirror disk
does not contribute to the total capacity of the array). Decreased write performance. I/O intensive when resyncing mirrors.
Cisco Small Business NSS2000 Series Administration Guide 43
Page 52
Configuring your Storage
Choosing a RAID Array Level
JBOD: JBOD lets you combine multiple disks of mixed capacities into a single logical storage device. The capacity of the JBOD array is the sum of the total capacities of the individual component disks (that is, it does not have the limitation of RAID0 where you lose some capacity when using mixed sized disks). JBOD offers no performance increase compared to the component disks. It has lower reliability than the component disks, as the failure of a single disk results, in general, in the failure of the whole array. Depending on how you create volumes on the JBOD array, you may be able to recover data when one or more disks in the JBOD fail. This, however, is not guaranteed.
4
Minimum Number of Disks: 1
Total capacity: sum of capacities of component disks.
Advantages: Maximal storage capacity, especially when using mixed size
disks.
Disadvantages: Decreased reliability.
Cisco Small Business NSS2000 Series Administration Guide 44
Page 53
Configuring your Storage
Creating a RAID Array
Creating a RAID Array
After you install the physical disks, you can create the RAID arrays. Before you create a RAID array, either for the first time, or when you are rebuilding it as a result of failed disks in the array, it is a good idea to set the Rebuild Priority (see ”Storage
Options” section on page 65) to determine how you want to allocate the system
resources for the rebuild.
4
NOTE: When adding disks to an array, we
recommend you use the same model of disk with the same capacity. With the exception of a JBOD, RAIDs are configured to use the maximum of the smallest disk capacity in the array for each additional disk in the array. For example, if you install one, 250 GB disk and one 500 GB disk in a RAID0 array, the total capacity is only 500 GB.
To create an array:
STEP 1 From the Manager Menu, click Storage RAID.
The RAID page appears:
Cisco Small Business NSS2000 Series Administration Guide 45
Page 54
Configuring your Storage
Deleting an Array
STEP 2 The available disks appear in the New RAID Device table. Select each disk that
you want to include in the array.
STEP 3 From the RAID Level drop-down menu, click the RAID level of the RAID array you
want to create.
STEP 4 Click Add.
4
The RAID creation can take some time to complete (depending on the size of the disks and the selected RAID level). You can monitor the progress of the RAID build from the Storage Status page. When the build is finished, the array appears in the RAID Arrays table. The disks used in the array are no longer available for creating additional arrays.
Deleting an Array
You can remove an existing array and release the disks used in the array back into available storage. Note that deleting an array also deletes any existing data on the array (including the volumes, shares, and quotas). If you delete an array that contains the volume that is used as the location of your users’ Home Directories, note that you must assign a new volume as the Home Directory location.
Cisco Small Business NSS2000 Series Administration Guide 46
Page 55
Configuring your Storage
Deleting an Array
To delete an existing array:
STEP 1 From the Manager Menu, click Storage RAID.
4
STEP 2 Click Delete in the row of the RAID array that you want to delete.
A warning message appears.
STEP 3 To continue, click OK.
The deleted array disappears from the list of existing arrays. The disks used in the array are released back into available storage and appear in the New RAID Device table.
Cisco Small Business NSS2000 Series Administration Guide 47
Page 56
Configuring your Storage
Migrating a RAID Array to another Storage Device
Migrating a RAID Array to another Storage Device
After you build a RAID array, you can migrate it to a different NSS as required. Note that you cannot migrate a RAID to or from the NSS4000. You can migrate a RAID array to or from any of the other NSS models. If you are migrating a RAID array from the NSS to another network NSS, ensure that you coldplug the RAID array (versus hotplug it) into the new system as per the following:
STEP 1 Power down the NSS (from which you are removing the RAID array).
STEP 2 Remove each of the disk drives that make up the RAID array to be moved.
STEP 3 Power down the NSS to which you are migrating the RAID array.
STEP 4 Insert each of the disk drives in the RAID array into the new NSS.
4
NOTE: You can install the drives into the new
NSS in any order (that is, you do not need to install them in the same order or slots that they were installed in the original NSS).
STEP 5 When all the disk drives are installed, power up the NSS.
STEP 6 If any local users were assigned permissions to shares on the RAID array, you
must either save the configuration from the original RAID array device and then upload it to the new NSS, or manually reconfigure the users and their share permissions.
Cisco Small Business NSS2000 Series Administration Guide 48
Page 57
Configuring your Storage
Virtualizing Storage within your Network
Virtualizing Storage within your Network
NOTE: After you configure a virtual RAID, you
cannot migrate the disks used for that RAID to another NSS. You also cannot export storage from a device that uses imported storage.
Currently Exported Storage
When you display the Storage Virtualization page, the Currently Exported Storage table appears. It shows the details for any exported disks or arrays:
Device: The name of the exported disk or array.
4
Size: The size of the exported storage.
Exported As: The serial number of the exported NSS.
Imported by: The serial number of the NSS that has imported the storage. If
the exported disk or array has not yet been imported by the master NSS, "None" appears in this column.
Action: Click the Unexport button to stop the NSS from exporting the
associated drive or array. This frees up the drive or array for use in local RAID arrays.
Cisco Small Business NSS2000 Series Administration Guide 49
Page 58
Configuring your Storage
!
Exporting Storage to your Network
Exporting Storage to your Network
If you have multiple NSS units in your network, you can easily export the storage to form a large, logical storage unit that can be managed from the master NSS. The first step in creating virtualized storage is to export the disk(s) or array to the network. Note that when you export storage, you need to consider how things like rebooting an NSS might impact users of the virtualized storage. While the logical storage is controlled from the master NSS, the physical device (including the disk drives) is still controlled through the slave’s configuration interface and is affected by the conditions of the physical unit.
CAUTION: After you configure a virtual RAID, you cannot migrate the disks used for that RAID to another NSS. You also cannot export storage from a device that uses imported storage.
4
To export storage to the network:
STEP 1 Log into the configuration interface for the device from which you are exporting
storage.
STEP 2 From the Manager Menu, click Storage Virtualization.
The Storage Virtualization page appears.
Cisco Small Business NSS2000 Series Administration Guide 50
Page 59
Configuring your Storage
Creating Virtualized Storage
STEP 3 From the Export a device area, select each device that you want to expor t from the
list of available devices.
STEP 4 From the Link field, select the physical link that you want to use to export the
storage.
STEP 5 Click Export.
The selected disk(s) disappear from the available list of arrays and appear in the Currently Exported Storage table at the top of the page. Follow the steps to create a JBOD from virtualized storage to use the exported storage.
Creating Virtualized Storage
4
After you export storage from a slave storage unit, it becomes available to other storage units in your network. The recommended way to use virtualized storage is to assign a master storage unit (the master must be an NSS6000 series model). The designated master unit then becomes the configuration point for all your storage-related management. Exported storage can be used to create a JBOD, which can then be used to set up volumes and shares. Keep in mind that although the storage is managed through the master unit, the physical device that contains the exported storage is still managed through the applicable slave unit. If you affect the physical disk drives (e.g., shut down the power to the unit), this affects any logical storage built using those disk drives.
NOTE: After you configure a virtual RAID, you cannot migrate the disks used for that RAID to another NSS. You also cannot export storage from a device that uses imported storage.
To create a JBOD with exported disks:
STEP 1 Log in to the configuration interface from the master NSS6000 series unit.
STEP 2 From the Manager Menu, click Storage RAID.
Cisco Small Business NSS2000 Series Administration Guide 51
Page 60
Configuring your Storage
Creating Virtualized Storage
4
The RAID page appears
Exported disks from other NSS units in the network appear in the New RAID Device table.
STEP 3 From the New RAID Device table, click the disks or arrays that you want to include
in the JBOD.
STEP 4 Select JBOD as the RAID level.
STEP 5 Click Add.
The JBOD appears in the RAID Arrays listing. You can now create volumes from the virtualized JBOD.
Cisco Small Business NSS2000 Series Administration Guide 52
Page 61
Configuring your Storage
Unexporting Storage
Unexporting Storage
You can choose to unexport pieces of the storage currently exported to the network. Note that you can only unexport storage that has not yet been used.
To unexport a piece of storage:
STEP 1 From the Master device, delete any RAID arrays (see the ”Deleting an Array”
section on page 46) associated with the storage you want to unexport.
STEP 2 Display the Configuration Interface for the slave device that contains the storage
you want to unexport.
STEP 3 From the Manager Menu, click Storage Virtualization.
The Storage Virtualization page appears.
4
STEP 4 Click Unexport for the device you want to release from the network.
The disk drive(s) or array no longer appears in the Currently Exported Storage list. It now appears in the Export a device list and is again available for use.
Cisco Small Business NSS2000 Series Administration Guide 53
Page 62
Configuring your Storage
Volume Management
Volume Management
A volume is a way to partition storage space available on an array. The Storage Volumes page shows the following details about configured volumes or create additional volumes.
4
The Volumes table displays the following:
Volume: The name of the volume.
Location: The array on which the volume is located.
To t al S p a ce : The amount of space allocated for the volume (in MB, GB, or
TB).
% Used: The amount of space, as a percentage, that is currently used.
Crypto: Whether the volume is encrypted or not. Note that file transfer
performance to encrypted volumes is generally lower than to non­encrypted volumes.
Action: Click Edit to make changes to the current volume. Click Delete to
remove the volume (and any saved data on the volume) from the array. If the volume is encrypted, you can either click Unlock to unlock it and make it usable, or click Lock to manually lock it.
Cisco Small Business NSS2000 Series Administration Guide 54
Page 63
Configuring your Storage
Creating a Volume
Creating a Volume
After you define at least one RAID array, you can create a volume. You need to create at least one volume before you can create users, groups, or shares.
To c re a te a v o l u m e :
STEP 1 From the Manager Menu, click Storage Volumes.
The Storage Volumes page appears.
4
STEP 2 From the New Volume area, set up the following fields:
Array: Click the drop-down menu to select the array on which you want to
create the volume.
Name: Enter the name you want to give the volume. The volume name must
consist of at least one alphanumeric character, must begin with a letter, but cannot contain any spaces.
Size: Enter the size for the volume, and then select the unit from the drop-
down menu. The final size of the shared volume is less than the size you
Cisco Small Business NSS2000 Series Administration Guide 55
Page 64
Configuring your Storage
!
Creating a Volume
STEP 3 To encrypt the volume, select Encrypted. To create an unencrypted volume, go to
step 6.
4
enter in this field due to filesystem overhead. The minimum volume size is 32 MB. Volume sizes are rounded down to the nearest 32 MB increment.
NOTE: Once the volume is created, you can expand the volume but you cannot reduce its size.
NOTE: You can encrypt the volume only when the volume is first created. After a volume is created, you cannot change whether it is encrypted or unencrypted. File transfer performance to encrypted volumes is generally lower than to non-encrypted volumes.
STEP 4 Enter a password in the Password field. The password must be entered to unlock
an encrypted volume when the NSS is started up following a power interruption, shutdown, or rebooted, or, if the volume was manually locked through the NSS configuration interface. The password can be any alphanumeric characters (with the exception of the ";" |", and "&"). It cannot contain any spaces and must be a minimum of one character (no maximum).
CAUTION: Because you need the password to decrypt a locked volume, keep a secure backup of the password to ensure that it is accessible when required. There is no way to unlock the volume without the password. (If the password is forgotten, the only way to unlock the volume is if a known password was saved in a configuration file. You can then restore the configuration, and then use that password to unlock the volume. See Restoring the Configuration for help on this.)
STEP 5 Re-enter the password in the Confirm Password field.
STEP 6 Click Add.
Cisco Small Business NSS2000 Series Administration Guide 56
Page 65
Configuring your Storage
Expanding a Volume
Expanding a Volume
After a volume is created, you can increase its size, provided there is available space on the array.
To increase the size of a volume:
STEP 1 From the Manager Menu, click Storage Volumes.
The Volumes page appears.
4
STEP 2 Click Edit for the volume you want to expand.
Cisco Small Business NSS2000 Series Administration Guide 57
Page 66
The Grow File System page appears for the selected volume.
4
STEP 3 In the Resize by field, select one of the following:
Grow By: Select this option to add the space allocated in the Size field to
the existing space for the volume. For example, if the volume currently has 224 MB of space and you want to add another 224 MB, select "Grow By", then enter 224 in the Size field, and then set the unit field to MB. Note: The system rounds up the total space to the nearest 32 MB boundary.
Resulting Size: Select this option to resize the volume to the space entered
in the Size field. For example, if the volume currently has 224 MB of space and you want it to have 928 MB, select "Resulting Size" and then enter 928 in the Size field. Note: The system rounds up the total space to the nearest 32 MB boundary.
STEP 4 Depending on your choice in the previous step, enter the new number in the Size
field, and then select the unit from the drop-down menu. If you selected "Grow By", the new number is added to the existing volume size. If you selected "Resulting Size", the new number becomes the total size for the volume.
STEP 5 Click OK.
Cisco Small Business NSS2000 Series Administration Guide 58
Page 67
Configuring your Storage
!
Deleting a Volume
Deleting a Volume
You can choose to delete a volume at any time.
To delete a volume:
STEP 1 From the Manager Menu, click Storage Volumes.
The Storage Volumes page appears.
4
CAUTION: Deleting the volume removes any
shares or data currently saved to that volume. If the volume was assigned as the users’ Home Directory Location, you must reassign the Home Directory Location to another volume.
STEP 2 From the Volumes area, click Delete for the volume you want to delete.
Cisco Small Business NSS2000 Series Administration Guide 59
Page 68
Configuring your Storage
Volume Encryption Overview
Volume Encryption Overview
The Volumes page lists both the encrypted and unencrypted volumes and lets you create a volume, and lock, unlock, or change the password for encrypted volumes.
4
NOTE: File transfer performance to encrypted
volumes is generally lower than non-encrypted volumes.
Cisco Small Business NSS2000 Series Administration Guide 60
Page 69
Configuring your Storage
Locking an Encrypted Volume
Locking an Encrypted Volume
You can manually lock an encrypted volume at any time. Locking a volume means that it becomes unmounted and is unusable (you cannot create or use shares stored on the locked volume). This provides an extra layer of security against the theft of data.
To l oc k a v ol um e :
STEP 1 From the Manager Menu, click Storage Volumes.
The Volumes page appears.
4
The Crypto column displays whether the volume is encrypted (Yes) or not encrypted (No).
STEP 2 Click Lock to lock the volume.
Cisco Small Business NSS2000 Series Administration Guide 61
Page 70
Configuring your Storage
Unlocking a Locked Volume
Unlocking a Locked Volume
When an encrypted volume is locked, either automatically as a result of the NSS being rebooted or manually locked through the configuration interface, you must unlock it before it can be used for tasks such as creating shares or quotas.
To unlock a volume:
STEP 1 From the Manager Menu, click Storage Volumes.
The Volumes page appears.
4
STEP 2 Click Unlock for the volume you want to unlock.
The Unlock Volume page appears.
Cisco Small Business NSS2000 Series Administration Guide 62
Page 71
Configuring your Storage
!
Changing the Password for an Encrypted Volume
STEP 3 Enter the password for the volume in the Password field.
4
STEP 4 Click OK.
The Volume Encryption page appears. The volume is now unlocked.
Changing the Password for an Encrypted Volume
A password must be set up when you create an encrypted volume. After the volume is created, you can change the password at any time. The password must be entered under two conditions: when the NSS is started up after a power interruption, or, the volume has been manually locked.
CAUTION: Because the password is required to de-crypt a locked volume, keep a backup of the password to ensure that it is accessible when required. There is no way to unlock the volume without the password. (If the password is forgotten, the only way to unlock the volume is if there is a known password saved in a configuration file. See Restoring the Configuration for help on this.)
To change the password on an existing encrypted volume:
Cisco Small Business NSS2000 Series Administration Guide 63
Page 72
Configuring your Storage
Changing the Password for an Encrypted Volume
STEP 1 From the Manager Menu, click Storage Volumes.
The Volumes page appears.
4
STEP 2 Click Edit for the volume you want to change.
The Edit Volume page appears.
Cisco Small Business NSS2000 Series Administration Guide 64
Page 73
Configuring your Storage
Storage Options
STEP 3 In Current Password field, enter the password.
STEP 4 In the New Password field, enter the new password. The password can be any
alphanumeric characters (with the exception of the ";" |", and "&"). It cannot contain any spaces and must be a minimum of one character (no maximum).
STEP 5 Re-enter the new password in the Confirm Password field.
STEP 6 Click Update.
Storage Options
The Storage Options page lets you define the following:
4
Idle Drive Spin Down: Configure the NSS to spin down the disk drives after
a predefined time of inactivity. Select the period of time that the disk drive must be idle before it is spun down.
RAID Rebuild Priority: During normal operation, the CPU switches between
tasks to service all active tasks on the system. Creating a RAID array or rebuilding an existing array can take up a significant amount of the available percentage of CPU processing power. You can control how the system prioritizes the rebuild and allocates the system’s resources based on your system’s current workload and need for responsiveness. To set the RAID rebuild priority, choose one of the following from the RAID Rebuild Priority field:
- High: The CPU focuses on the RAID rebuilding process. This setting
allows for the fastest possible RAID rebuild at the expense of other system tasks. File-sharing throughput is adversely affected during a RAID rebuild when this setting is chosen.
- Medium: This option gives a balance between the rebuild process and
other system tasks. The rebuild process takes longer than if it was set to High.
- Low: The CPU focuses on other tasks versus the RAID rebuild process.
This results in a longer rebuild time on a busy system. However, if the workload on the system is low, the CPU services the rebuild process well. Note that if you are repairing an array, this option leaves the array the most vulnerable of all the options as it takes the longest for the rebuild to complete.
Cisco Small Business NSS2000 Series Administration Guide 65
Page 74
Configuring your Storage
Storage Options
4
Degraded Mode Grace Period: Set the period of time after which the
system automatically shuts down degraded arrays. You can manually restart a RAID array that has been automatically stopped by the degraded mode management feature. Warning messages are sent out periodically while the RAID array is degraded.
If you make changes to any of the storage options, click Update.
Cisco Small Business NSS2000 Series Administration Guide 66
Page 75
Setting up End-User Access
The Access Status page shows the current end-user connections to the NSS, grouped by the file-sharing protocol used. The page displays the username, the name of the host from which the user is currently connected, and the share or path that the user is accessing. Status pages like the Access Status page automatically refresh on a regular interval and are very helpful for monitoring the progress of certain processes such as the current end-user connections to the NSS.
5
Cisco Small Business NSS2000 Series Administration Guide 67
Page 76
Setting up End-User Access
Managing your NSS Users
Managing your NSS Users
You can create, view, and maintain the list of users who can access the NSS. The Configured Users page displays the Configured Users table. This table lists each defined user whether the user was created locally via the NSS configuration interface or imported from an NTv4, Active Directory, or NIS domain. Note that users not created locally via the NSS are read-only with the exception of the email address field which you can update directly through the NSS Configuration Manager. Once a user profile is created, you cannot rename the username. To rename an existing user profile, delete the user profile and then create a new one. User profiles are maintained by the administrator. Users cannot make changes to their passwords.
5
Creating a User Profile
Depending on your network setup, you might administer users and groups locally or via the domain controller. The NSS configuration interface gives you read-only access to users provided by NTv4, Active Directory, or NIS domains (with the exception of being able to edit the email address). You can also create and manage local users from the NSS configuration interface. Before you can create a user profile, you must configure the volume you want to use as the home directory location for your users on the Access Options page (from the Manager Menu, click Access
To add a local user:
Cisco Small Business NSS2000 Series Administration Guide 68
Options).
Page 77
Setting up End-User Access
Creating a User Profile
STEP 1 From the Manager Menu, click Access Users.
STEP 2 Click Add to create a user.
5
The Configured Users page appears. Users created from the NSS configuration interface and provided by the ADS, NTv4, or NIS domain appear in the Configured Users table.
The New User page appears.
STEP 3 In the Username field, type the username. The name must be made up of
alphanumeric characters (that is, a-z, 0-9), any case, to a maximum of 32 characters. This field is required.
STEP 4 Select the group you want to assign as the user’s primary group from the Primary
Group field. If there are no groups configured, the only available choice is the default group "nasusers". This field is required.
NOTE: Although you can assign the user to multiple groups (through the Add Group or Edit Group page), the primary group is the group against which quota charges for the user’s storage usage are made and is the group that defines the group ownership for all files created by the user. The primary group applies to users set up locally on the NSS. A domain user’s primary group is set up from the domain and is not derived from the Primary Group field in the NSS user profile.
Cisco Small Business NSS2000 Series Administration Guide 69
Page 78
Setting up End-User Access
Creating a User Profile
STEP 5 Assign a password by entering any valid (ASCII table) characters in the Password
field. The password is required.
STEP 6 To verify the password, re-enter it in the Confirm Password field.
STEP 7 To record the user’s full name, enter it in the Real Name field. This field is optional.
Note that you cannot enter the "/" character in this field.
STEP 8 To record the user’s email address, enter it in the Email Address field. This field is
optional.
STEP 9 Click OK to create the user and exit the New User page. Click Apply to create the
user and then add another new user.
5
NOTE: All password changes to end-user
accounts set up through the NSS configuration pages must be made by the administrator.
Cisco Small Business NSS2000 Series Administration Guide 70
Page 79
Setting up End-User Access
Editing a User Profile
Editing a User Profile
You can change certain aspects of the user’s profile. Note that once you create a username, the only way to "rename" that user is to delete the existing user profile and then create a new one. Domain user profiles are read-only with the exception of their email address which you can add or edit directly from the NSS Configuration Manager. All password changes for end-user accounts set up directly through the NSS configuration pages must be done by the Administrator.
To edit an existing user profile:
STEP 1 From the Manager Menu, click Access Users.
The Configured Users page appears.
5
The existing users appear in the Configured Users table.
STEP 2 Select the user from the list, and then click Edit.
Cisco Small Business NSS2000 Series Administration Guide 71
Page 80
Setting up End-User Access
Integrating Users from an ADS, NTv4, or NIS Domain
The end user’s profile appears in the Edit User page.
5
STEP 3 The username is read-only. You can make changes to any of the other fields in the
user’s profile.
STEP 4 Click Update.
Integrating Users from an ADS, NTv4, or NIS Domain
When the NSS is joined to an ADS, NTv4, or NIS domain, a list of existing domain users is imported into the Configured Users list. You can view the entire user list from the Configured Users page but can only edit or delete locally created users (not domain users). (The one exception to this is that you can edit the email address directly from the Configuration Manager.) The naming conventions use the NetBIOS format with the domain name as a prefix of the username. The primary group for users set up within the ADS, NTv4 or NIS domain is taken from the user’s domain profile versus the Primary Group field in the NSS user profile.
NOTE: It is important to set up your User and Group ID ranges before you join the NSS to an ADS, NTv4, or NIS domain. After you join the NSS to a domain, you should not make changes to the range as this might lead to an ID collision.
Cisco Small Business NSS2000 Series Administration Guide 72
Page 81
Setting up End-User Access
Deleting a User Profile
Logging into the NSS as a Local User
When the NSS is joined to an NTv4 or ADS domain, local users must prefix their username with the hostname of the NSS. Users who log in without the hostname prefix are automatically assumed to be domain users. For example, if the NSS hostname is "NASadmin" and the local username is "bob", the user would need to log in as "NASadmin\bob" in the login dialog.
Deleting a User Profile
You can delete user profiles that were created via the NSS. Note: When you delete a user profile, the user’s home directory and any files or folders created by the user on the various shares are not deleted. As an administrator, you can log into CIFS using the administrator account to delete the user’s data as required.
5
To delete an existing user profile:
STEP 1 From the Manager Menu, click Access Users.
The Configured Users page appears.
STEP 2 Click the username and then click Delete. To delete multiple users, use the
following mouse-key combinations:
Cisco Small Business NSS2000 Series Administration Guide 73
Page 82
Setting up End-User Access
Working with Groups
Shift-click: To select a contiguous group of users that you want to delete,
hold down the Shift key, then click the first user, and then the last user in the series. Click Delete to delete the highlighted users.
Ctrl-click: To select a non-contiguous group of users that you want to delete,
hold down the Ctrl key, and then click each user from the list. Click Delete to delete the highlighted users.
The selected user(s) disappear from the list of available users.
Working with Groups
Groups are an easy way to manage users with the same storage needs and privileges. A group consists of one or more users. You can add or remove users from a group at any time. The user’s primary group (the group to which quota charges for storage usage are applied) is set up in the Primary Group field of the user’s profile.
5
A group called "nasusers" is automatically created when you first install the NSS. This group is the default primary group when you create new users.
Creating a Group
Groups let you specify the share access privileges for a set of users. After you create a group, you can define the group’s access privileges on a per-share basis. You can add or remove users to and from the group at any time. Note that users are assigned a primary group within their user profile. When users create a file, the group ownership is automatically set to their primary group. The storage usage is charged to their primary group for the purposes of volume quota accounting. Group membership, other than the primary group, is defined in either the Add Group or Edit Group page and is used only to control access to shares and files.
NOTE: You cannot grant security privileges to a group for a CIFS share through ACL.
To create a group:
Cisco Small Business NSS2000 Series Administration Guide 74
Page 83
Setting up End-User Access
Creating a Group
STEP 1 From the Manager Menu, click Access Groups.
5
The Configured Groups page appears.
STEP 2 Click Add.
The New Group page appears.
STEP 3 In the Group Name field, type the name you want to assign to the group. The name
can only contain lower-case alphanumeric characters and underscores (i.e., a-z, 0­9, _) to a maximum of 32 characters.
Cisco Small Business NSS2000 Series Administration Guide 75
Page 84
Setting up End-User Access
Changing the Users Assigned to a Group
STEP 4 Move the users you want to assign to the group from the Users Available list to the
Users in Group list. Note that a user can be assigned to multiple groups. (The single angled bracket "<" or ">" moves the selection in the direction of the bracket. The double angled bracket "<<" or ">>" moves the entire list in the direction of the bracket.)
STEP 5 Click OK to save the current group and display the Configured Groups page. Click
Apply to save the current group and remain in the New Group page to add another group.
Changing the Users Assigned to a Group
After you create a group, you can delete or add to the list of users that belong to that group.
5
NOTE: When you delete an end user from a
group, the end user must log out of their client machine before the change takes effect. This means that users no longer assigned to a group maintain full group privileges (i.e., access to shares) until they log off/log on to their computer.
To change the group membership:
STEP 1 From the Manager Menu, click Access Groups.
The Configured Groups page appears.
STEP 2 From the list of configured groups, select the group that you want to change.
Cisco Small Business NSS2000 Series Administration Guide 76
Page 85
Setting up End-User Access
Integrating Groups from an Active Directory, NTv4, or NIS Domain
STEP 3 Click Edit.
The Edit Group page appears.
5
STEP 4 Set up the Users in Group list as required. (The single angled bracket "<" or ">"
moves the selection in the direction of the bracket. The double angled bracket "<<" or ">>" moves the entire list in the direction of the bracket.)
STEP 5 Click Update.
Integrating Groups from an Active Directory, NTv4, or NIS Domain
When the NSS is joined to an Active Directory, NTv4, or NIS domain, domain groups only appear on the Shares page (they do not appear in the list of configured groups). Group membership for imported domain groups are read­only. The naming conventions use the NetBIOS format with the domain name as a prefix of the group name. For example, "DOMAINNAME\GroupName".
NOTE: It is important to set up your User and Group ID ranges before you join the NSS to an ADS, NTv4, or NIS domain. After you join the NSS to a domain, you should not make changes to the range as this might lead to an ID collision.
Cisco Small Business NSS2000 Series Administration Guide 77
Page 86
Setting up End-User Access
Deleting a Group
Deleting a Group
When you delete a group, the group is automatically removed from having access to any configured shares.
To delete a group:
STEP 1 From the Manager Menu, click Access Groups.
5
The Configured Groups page appears.
STEP 2 Before you can delete a group, you must remove any assigned users.
STEP 3 You can delete a group from two locations in the NSS configuration interface:
Groups page: Highlight the group you want to delete from the Configured
Groups table, and then click Delete. To delete multiple groups, use the following key-mouse combination:
- Shift-click: To select a contiguous list of groups that you want to delete,
hold down the Shift key, then click the first group, and then the last group in the series. Click Delete to delete the highlighted groups.
- Ctrl-click: To select a non-contiguous set of groups that you want to
delete, hold down the Ctrl key, and then click each group from the list. Click Delete to delete the highlighted groups.
Edit Groups page: Select the group you want to edit, and then click Edit. The
Edit Groups page appears. Click Delete to remove the group.
Cisco Small Business NSS2000 Series Administration Guide 78
Page 87
Setting up End-User Access
Managing Volume Quotas
Managing Volume Quotas
You can set up specific space limits for each user or group who has write access to a volume. Defining a user or group’s quota means that you can set a space limit (referred to as a soft quota) that, when reached, sends a warning to the administrator and initiates a countdown of the defined grace period. The user has the amount of time in the grace period to reduce the amount of space used to under the soft quota limit. Users who do not reduce the space in the allotted grace period, or who reach their hard quota limit, no longer have write access to the volume until they reduce their usage to under their soft quota limit.
When a user creates, modifies or deletes a file on a volume, note that there is a small delay before the usage is updated on the Filesystem Quota page. This delay is due to the caching in the filesystem used to provide high performance.
5
NOTE: Before you create or edit a quota
located on an encrypted volume, make sure the volume is unlocked. You also need to set up the Warn For time for each volume from the Filesystem Quota page. The Warn For time only affects individual quota that was created after the Warn For time was set.
Changing the User’s Primary Group
Quotas are charged to the group assigned as the user’s primary group at the time of file creation. If the user’s primary group changes, files created under the previous group continue to be charged against that group. Note that if the user’s primary group changes while the user is connected to the NSS, the previous primary group continues to be the group charged until the user’s connection is closed. The new primary group becomes the group charged only after the connection is re-opened.
NOTE: If the user is created within a domain, the primary group defined is in the user profile from the domain, not the Primary Group field in the NSS user profile.
Cisco Small Business NSS2000 Series Administration Guide 79
Page 88
Setting up End-User Access
Creating Volume Quota for a User or Group
About the Volume Quota Page
The Volume Quota page is where you manage user and group quotas for each volume. To display the Volume Quota page, from the Manager Menu, click Access
Quota.
5
Creating Volume Quota for a User or Group
You can set up a quota on a volume for each user or group. This quota limits the user or group to the allocated amount of space within the volume. To give certain users or groups assigned to a volume full access to the space on the volume, do not create a quota for that user or group.
NOTE: Before you can create quota on an encrypted volume, make sure it is unlocked. You also need to set up the Warn For time for each volume from the Filesystem Quota page. The Warn For time only affects individual quota that was created after the Warn For time was set.
Cisco Small Business NSS2000 Series Administration Guide 80
Page 89
Setting up End-User Access
Creating Volume Quota for a User or Group
To create a quota for a user or group:
STEP 1 From the Manager Menu, click Access Quota.
The Filesystem Quota page appears.
5
STEP 2 Click Create Quota.
The New Filesystem Quota page appears.
STEP 3 Select the volume on which you want to set the quota from the New Quota on FS
drop-down list.
Cisco Small Business NSS2000 Series Administration Guide 81
Page 90
Setting up End-User Access
Creating Volume Quota for a User or Group
STEP 4 Select the user or group for which you are creating the quota from the For User/
Group drop-down list.
STEP 5 In the Warning at field, enter the threshold of space that, when exceeded, triggers
a warning that the quota is close to being used up. Select the size unit from the drop-down menu. When the threshold is exceeded, the grace period set up for the volume begins. The user has the amount of time set in the grace period to reduce the amount of space used to under the space set in the Warning at field or they are not allowed to write further data to the volume. Another way to think about this field is as a "soft quota".
STEP 6 In the Space Limit field, enter the amount of space that the user or group has
available to use, and then select the size unit from the drop-down menu. Another way to think about this field is as the "hard quota". If the user reaches the space limit, the user can no longer write data to the volume until they either reduce the amount of space used to under the limit by deleting files or have the quota increased.
5
STEP 7 Click Update.
Cisco Small Business NSS2000 Series Administration Guide 82
Page 91
Setting up End-User Access
Setting up the Grace Period for a Volume Quota
Setting up the Grace Period for a Volume Quota
You can set up a limit on the amount of space available to your users or groups. This limit can be set as a soft quota and hard quota. When the users reach their "soft quota", a warning is issued and the grace period begins. Users then have the amount of time set in the grace period to either reduce the amount of spaced used by deleting files, or have the quota increased. If the amount of space is not reduced before the grace period expires or the user reaches the hard quota, the user is automatically denied write access to the volume.
NOTE: Before you create quotas for a user or group, make sure you set up the Warn For time for each volume from the Filesystem Quota page. The Warn For time only affects individual quota that was created after the Warn For time was set.
5
To set up the grace period for a volume:
STEP 1 From the Manager Menu, click Access Quota.
The Filesystem Quota page appears.
STEP 2 To set up the grace period, after which if the soft limit set for the user or group is
still exceeded, the user or group is denied write access, enter the time period in the Warn for <time period> before denying access field. Enter the number in the first part of the field, and the time unit in the second part of the field. For example,
Cisco Small Business NSS2000 Series Administration Guide 83
Page 92
Setting up End-User Access
Changing a Volume Quota for a User or Group
to warn the user or group that they have reached their soft limit and have three days to reduce it, enter "3" and then select "days". Normally, when the quota is under the limit, it appears in black type. When a user reaches their soft quota limit, the amount listed on Filesystem Quota page turns red.
STEP 3 Click Update.
STEP 4 Repeat steps 2 and 3 for each applicable volume.
Changing a Volume Quota for a User or Group
After a quota is created, you can increase or decrease it. You can also change the limit at which the user or group receives a warning message and the grace period begins.
5
To change the quota limit or warning limit:
STEP 1 From the Manager Menu, click Access Quota.
The Filesystem Quota page appears.
Cisco Small Business NSS2000 Series Administration Guide 84
Page 93
Setting up End-User Access
Changing a Volume Quota for a User or Group
STEP 2 Click Edit for the user or group for which you want to change the quota.
The Edit Quota page appears.
5
STEP 3 Make the required changes to the soft (warning) or hard quota (space limit) limits.
STEP 4 Click Update.
Cisco Small Business NSS2000 Series Administration Guide 85
Page 94
Setting up End-User Access
Clearing a Quota
Clearing a Quota
After a quota has been set up, you can clear it. Clearing a quota means that the user or group no longer has a space limitation on their use of the associated volume (other than the actual unused storage space on the volume).
To clear a quota for a user or group:
STEP 1 From the Manager Menu, click Access Quota.
5
The Filesystem Quota page appears.
Quotas are displayed according to their associated volume.
STEP 2 Click Clear for the user or group whose quota you want to remove.
Cisco Small Business NSS2000 Series Administration Guide 86
Page 95
Setting up End-User Access
Network Filters Overview
Network Filters Overview
In addition to providing storage for your data, the NSS provides a configurable firewall to protect that data. Defining network filters lets you specify which network hosts have access to the NSS via the various supported protocols.
To view the network filters:
STEP 1 From the Manager Menu, click Access Network.
The Network Filters page appears.
5
STEP 2 You can do any of the following:
Set the default network policy to control what happens to traffic not
explicitly covered by defined filters. See the ”Defining the Default Network
Policy” section on page 88.
View or delete the existing filters defined for the NSS from the Active
Network Access Filters table. See the ”Network Filters Overview” section
on page 87.
Create a new filter based on an IP or MAC address or a range of IP
addresses. See the ”Creating a Network Filter” section on page 89.
Cisco Small Business NSS2000 Series Administration Guide 87
Page 96
Setting up End-User Access
Defining the Default Network Policy
Defining the Default Network Policy
The default network policy is the overarching policy that defines the gateway for communication to the NSS. It specifies how traffic that is not covered by defined filters is handled. The default policy can be defined to either accept or reject such traffic.
To define the default network policy:
STEP 1 From the Manager Menu, click Access Network.
The Network Filters page appears.
5
STEP 2 From the Default Network Policy drop-down menu, click one of the following:
Accept Traffic: Allow the NSS to communicate with all initiating hosts.
Select this option if you have a limited number of systems that you want to disallow. When you set up your individual filters, select those filters that "disallow" (i.e., drop or reject) certain types of connections. For example, you might want to disallow CIFS connections but allow all other types.
Drop Traffic: Disallow the NSS from communicating with any initiating
systems. Select this option if you have a limited number of systems that you want to allow to communicate with the NSS. When you set up your filters,
Cisco Small Business NSS2000 Series Administration Guide 88
Page 97
Setting up End-User Access
Creating a Network Filter
STEP 3 Click Change Policy.
5
select those filters that "allow" certain types of connections. For example, you might only want to allow FTP connections.
NOTE: If you set the default policy to Drop and you want to enable FTP connections, make sure you set the FTP connection type on the host to "active". (If you set the connection type to "passive" you can connect to the NSS but are not able to list, transfer the data, and so on.)
Creating a Network Filter
The Active Network Access Filters table on the Network Filters page displays currently defined filters. These filters control if access to the NSS from specified hosts is granted or denied on a per-protocol basis. Each device in your network is assigned a fixed 48-bit MAC address and changeable 32-bit IP address. When you define a filter, it grants or denies access via the specified protocol from the specified IP/MAC address or range of IP addresses.
NOTE: When you define a new filter, any existing connections that would normally be denied by this rule remain in tact. These connections are denied during the next attempt to connect to the NSS.
Cisco Small Business NSS2000 Series Administration Guide 89
Page 98
Setting up End-User Access
Creating a Network Filter
To add a network filter:
STEP 1 From the Manager Menu, click Access Network.
5
The Network Filters page appears.
STEP 2 From the New Network Access Filter table, type the IP/MAC address to which you
are applying the filter, in the IP/MAC address field. You can also enter addresses for the following:
An IP Address Range: Type the range according to the following format:
address-last address
first, followed by a hyphen, and then the last IP address in the range.)
. (Where the first IP address in the range is entered
first
A Subnet: Enter the subnet to set a filter for all the addresses within the
subnet. The format should appear as shown in the following example:
192.168.1.0/24 (where the digits following the slash represent the number of bits in the network portion of the IP address).
STEP 3 From the Filter drop-down menu, select the type of filter you want to apply to the
IP/MAC address.
STEP 4 Click Add.
Any connections that apply to the new filter rule are affected by the rule during the next connection attempt.
Cisco Small Business NSS2000 Series Administration Guide 90
Page 99
Setting up End-User Access
Available Access Filters
Available Access Filters
When you configure network filters, determine which protocols can or cannot access the NSS. To display the list of available filters, click the drop-down arrow next to the Filter field on the Network Filters page.
5
Allow All: This is the default filter. It tells the NSS to accept traffic via all
supported protocols.
Allow CIFS: Allow CIFS filesharing access.
Cisco Small Business NSS2000 Series Administration Guide 91
NOTE: Rejecting versus Dropping Traffic: When incoming traffic matches a "reject" filter, the NSS drops the traffic and then sends a notice to the initiating system of the denial of service. When incoming traffic matches a "drop" filter, the NSS drops the traffic but no notice is sent to the initiating system
Page 100
Setting up End-User Access
Available Access Filters
5
Allow FTP: Allow FTP access.
Allow FTPS: Allow FTPS access.
Allow HTTP: Allow access to the NSS configuration interface via a Web
browser via HTTP.
Allow HTTPS: Allow access to the NSS configuration interface via a Web
browser via HTTPS.
Allow NFS: Allow NFS access.
Reject All: Reject traffic via all supported protocols.
Reject CIFS: Do not allow CIFS filesharing access. The NSS informs the
system initiating the connection about the denial of service.
Reject FTP: Do not allow FTP traffic. The NSS informs the system initiating
the connection about the denial of service.
Reject FTPS: Do not allow FTPS traffic. The NSS informs the system
initiating the connection about the denial of service.
Reject HTTP: Do not allow access to the NSS configuration interface via a
Web browser through HTTP. The NSS informs the system initiating the connection about the denial of service.
Reject HTTPS: Do not allow access to the NSS configuration interface via a
Web browser through HTTPS. The NSS informs the system initiating the connection about the denial of service.
Reject NFS: Do not allow NFS filesharing access. The NSS informs the
system initiating the connection about the denial of service.
Drop All: Do not allow access from any of the supported protocols. The NSS
does not inform the system initiating the connection about the denial of service.
Drop CIFS: Do not allow CIFS filesharing access. The NSS does not inform
the system initiating the connection about the denial of service.
Drop FTP: Do not allow FTP traffic. The NSS does not inform the system
initiating the connection about the denial of service.
Drop FTPS: Do not allow FTPS traffic. The NSS does not inform the system
initiating the connection about the denial of service.
Cisco Small Business NSS2000 Series Administration Guide 92
Loading...