Eyeglass Isilon Edition Quick Start Guide for Eyeglass Installation

Eyeglass Isilon Edition Quick Start Guide for Eyeglass

Product Name - Superna Eyeglass Isilon Edition

Revision Changes to this Document- Updated to include Release 1.9.3



Introduction to this Guide

Use this document to get your new Eyeglass installation up and running fast with all the best options.

For planning DR and understanding design choices with Eyeglass use the Eyeglass Start Here First Guide

System Requirements

vSphere 5.0 or higher or hyper-v with vhdx appliance appliance requires:

  •      4 vCPU

  • 8 GB RAM (if large number of objects shares, quota,exports > than 10000 use 16G (Note: requires shutting down the VM and editing RAM and restart)

  •      80 GB disk

Chrome Browser (preferred), Browser must support Websockets, Internet Explorer is not supported.

Eyeglass Port Requirements: Eyeglass-Ports-Requirements

NOTE: For release 1.6 and later, using SmartConnect Zones will load balance API calls across the cluster which will increase Eyeglass performance of all operations.   

  • SmartConnect Zone name for management in the system access zone is reserved for management applications

  • Existing deployments cannot switch to FQDN SmartConnect Zone unless Superna support provides instructions

Supported OneFS releases

Please refer to the Release Notes for the Eyeglass Isilon Edition version that you are installing.

Feature Release Compatibility

Please refer to the Release Notes for the Eyeglass Isilon Edition version that you are installing.

Eyeglass Scalability Limits

Please refer to the Eyeglass Admin Guide Scalability limits.

Help

This document is designed as a Quick Start Guide for Superna Eyeglass Isilon Edition, should you have any issues that are not addressed in this guide, Superna offers support in several forms; on line, voicemail, Email, or live on line chat.

  1. The support site provides online ticket submission and case tracking.  Support Site link - support.superna.net 

  2. Leave a voicemail at 1 (855) 336-1580

In order to provide service you must have an account in our system. When calling in leave; customer name, email, description of question or issue, and primary contact for your company. We will  assign the case to primary contact for email followup.

  1. Email eyeglasssupport@superna.net

  2. To download license keys please go to the following  license keys.

  3. You can also raise a case right from in Eyeglass desktop using the help button, search for your issue and if want to raise a case or get a question answered, click the “leave us a message”  with your name, email and appliance ID and a case is opened directly from Eyeglass.

 http://site.superna.net/_/rsrc/1472870726155/support/LeaveUsAMessage.png?height=200&width=167

  1. Or get Support Using Chat M-F 9-5 EDT  (empty box?  we are not online yet)

  2. Eyeglass Live Chat 

  3. You should also review our Support Agreement here

Video Tutorial - Installing Eyeglass for Isilon

The following link provides a video tutorial outlining how to install Eyeglass for Isilon, add clusters and an  overview of features.

Superna Eyeglass Install, Config and product Intro and knowledge Transfer

New Eyeglass 1.9 Installation

For a new Eyeglass installation, complete the following steps::

Download Eyeglass

  1. Download Eyeglass OVF, VHDX  (separate license required for this installer) from Superna web site Latest Appliance Download

  2. Download process starts.

  3. Unpack Superna_Eyeglass.x86_64-latest.zip

Appliance HA Options

Two options below, outline how to configure HA option.  

NOTE: Follow the install instructions below but consult HA options before deploying the Active appliance at a Data Center location.

  1. Warm Standby (Single Licence Option)

    1. Location: Warm Standby at DR site , Prod site for Warm Standby

    2. Pro: Lower cost - Single Licence

    3. Con: Longer RTO to restore Warm Standby appliance from backup archive

  2. Active Active (Requires double the license count)

    1. Pro: Lower RTO

    2. Con: Double the licensing cost-  Requires 2nd set for each managed cluster

Deploy the Eyeglass Appliance

Eyeglass is delivered in an  OVF format for easy deployment in your vCenter environment.  Deploy the OVF and then follow the wizard to setup networking for this Linux appliance.  You will need to know:

  • subnet and network required so that appliance will have IP connectivity to the Isilon clusters that it’s managing, and the users that are using it

  • IP address for the appliance

  • (Optional) SmartConnect Zone for management access to the cluster

  • Gateway

  • DNS server

IMPORTANT: If you are using hostname or FQDN for the target cluster in your SyncIQ policies or SmartConnect Zone for adding clusters to Eyeglass, the DNS information entered here must be able to resolve back to a discovered cluster IP Address (should resolve to a SyncIQ SmartConnect Zone IP pool IP address), in order for Eyeglass to perform configuration replication.  If the hostname cannot be resolved, Eyeglass will not create the associated configuration replication Job.

Steps to Deploy the OVF with vSphere (skip these steps if familiar with OVF deployments)

OVF Deployment steps :

Step 1 : Download an OVF zip file from Latest Appliance Download.

Step 2 :  Unzip the contents of the zip file from Step 1 onto a computer with vSphere web or Windows client installed.

Step 3 : Login to the Vcenter with appropriate login credentials.

Step 4 : Single click on VMware vSphere client on the Desktop. Login with appropriate login credentials.

Step 5 : Once logged in to VMware vSphere client, you can see different Menus on the top left of the application. Next, go to the File menu and select Deploy OVF Template.


Eyeglass Isilon Edition Quick Start Guide for R1.1 1.png

Figure 1

Step 6 : Browse to the location of OVF files you’ve downloaded and unzipped in step 1 and 2. Select OK and then Next.




Eyeglass Isilon Edition Quick Start Guide for R1.1 2.png

Figure 2

Next, You will see the OVF template details. Verify the details and proceed by selecting Next. Notice download size to be under allocated disk size limit.

Step 7 : Choose a unique name for the virtual machine and select Inventory location for the deployed template. Once done, select Next.

Step 8 : Select the host/cluster where you want to run the deployed template and then Next.

Step 9 : Select the Resource pool within which you wish to deploy the template.

Step 10 : Select a destination storage for virtual machine files, select Next

Step 11 : Select Disk Format for the datastore you selected in previous step.

Step 12 : Enter the networking properties for the Eyeglass appliance VM in the window displayed.  Example below.  Replace with correct settings for your environment.

Step 13 : When done, click Next and you will see your deployment settings as you provisioned it to be. Verify the settings and if everything's ok, hit Finish. You will see a Message Box that says "Deploying [name you gave for your virtual machine]". You can put a checkmark on "close this dialog when completed".

When the deployment process reaches 100 % the message box disappears which means the deployment has been completed.   

Now, we should be able to see our virtual machine listed in vSphere client

After deployment:

Step 1 : Right click on the virtual machine you just created. Select "Power On".  That will power on your VM.

Step 2 : Right click again on your VM and Select "Open Console" to access your machine.

Step 3:  Login at the prompt

The Eyeglass appliance is deployed with following default admin user password:

   admin/3y3gl4ss       >> can also be used to login to the Eyeglass UI

! It is highly recommended to reset the default password after the appliance is deployed.

Step 4:  sudo su - to root

Root user password is unique to the appliance and has no default. Use the “sudo su” command to change to root user if desired.

Step 5:  Type yast2 lan at the prompt.

Now follow steps to setup IP information on the appliance.


Notes on Using yast2

The yast2 interface is a generic text based user interface (TUI) that predates modern mouse and windows desktop environments.  The downside of TUI’s are that they can be tricky to navigate if you’ve never used them before  - the benefit of TUI’s is that they are widely compatible across platforms and do not require any graphical user interface to be deployed.  


yast2 navigation Tips

Use the (TAB)key to move from one field to the next.

Use + (SHIFT TAB) key combination to move backwards

Use the (ARROW) keys to move around within a field

Use the (ALT) key, along with the bold letter in the interface to select that specific field, tab or option


Eyeglass Appliance Networking Configuration (yast)

Note: if you need to update the configuration at any time, ssh to the appliance admin user and then  sudo su - to root and use the yast2 command to open the wizard.

  1. The Network Devices / Network Settings window is open.

  2. In Network Settings screen open second tab: Hostname/DNS.

  3. Type Hostname for your Eyeglass appliance

  4. Type DNS server IP. In this example: 192.168.1.250

IMPORTANT: If you are using hostname for the target in your SyncIQ policies, the DNS information entered here must be able to resolve this host back to the Cluster IP Address in order for Eyeglass to perform configuration replication.  If the hostname cannot be resolved, Eyeglass will not create the associated configuration replication Job.

IMPORTANT: DNS reverse lookup must be configured to correctly resolve the cluster SSIP  used for management and added to Eyeglass .  Failure to correctly configure reverse lookup will lead to unexpected failures in Eyeglass discovery, configuration replication and assisted failovers as the reverse lookup DNS response is used by Eyeglass to communicate with the Isilon clusters over the tls protocol .  The SSIP for cluster management should resolve with a forward and reverse lookup that match. This can be tested with nslookup x.x.x.x where the ip is the SSIP for cluster management followed by nslookup hostname assigned to SSIP in DNS.

For a private DNS solution that does not rely on external DNS servers and offers high availability, please refer to the Eyeglass FAQ here.



07-5.JPG


  1. In Network Settings screen open first tab: Overview. Choose Edit.

07-7.JPG

  1. In Network Card Setup screen, choose 2nd tab: Address. Type the same Hostname you entered when deploying the Eyeglass OVF..

07-8.JPG


  1. Next -  OK - Next


Setup Time zone and NTP

NOTE: 1.9.2 OVF and greater has suse NTP server set automatically on deployment.  Use this process to change to alternate NTP example internal NTP server versus Internet.

  1. Setup NTP server (published online list here)

  2. Setup Timezone for log time alignment and SyncIQ operations.

  3. Follow Animated GIF below to set using YAST

  4. ssh as admin user

  5. sudo -s

  6. Enter admin password

  7. YAST


ntp and timezone.gif


Eyeglass Initial Configuration

Your Eyeglass initial configuration steps are:

  1. Login to the Eyeglass UI

  2. Install License

  3. Create Eyeglass service account first for each Isilon cluster with Minimum Privileges (if not done configure Clusters in Eyeglass using root user)

  4. Add Clusters

Login to the Eyeglass UI

To login to the Eyeglass web UI, enter the following URL into your browser (Chrome preferred) replacing <Eyeglass IP address> with the real IP address assigned to the appliance:

https://<Eyeglass IP address>

You have 2 options for login authentication:

  • Login with appliance credentials -  use the admin user and password configured on the appliance

    • Default user/password:   admin / 3y3gl4ss

  • Proxy authentication to managed device -  enter IP address of an Isilon that Eyeglass has network connectivity with and a valid user and password configured for that Isilon Cluster.

Install License

Retrieve your Eyeglass License keys (instructions provided here).

Upload the license zip file provided to you by Superna:

IMPORTANT: Do not unzip the license file.  Upload the zip file.



IMPORTANT: You will be asked to accept the Eyeglass EULA and Phone Home after selecting the Upload button.  License will not be loaded unless EULA is accepted.



Add Isilon Clusters

NOTE: No Auto Refresh Inventory View

This window does not auto refresh after adding a cluster. You must click the refresh button bottom right to verify when a cluster has finished discovery.  This process can take 5-10 minutes typically.

NOTE: Cluster DNS Setup and Add Cluster to Inventory:

If discovery takes a very long time to complete (> 10 minutes), then to check to make sure that  cluster configuration data can resolve external URL.  Cloud pools use a URL to a storage bucket, and if this URL can not complete a DNS lookup to an IP address, then API calls that discover cloud pools will take too long to complete and will timeout the cluster discovery.   Make Sure all URL and DNS resolution is functioning on the cluster.

IMPORTANT: After Discovery of a  Cluster’s SyncIQ policies all Eyeglass configuration jobs are disabled automatically

Configuration Replication Jobs for zones, shares, exports and NFS alias protected by SyncIQ Policy are automatically created and in the USERDISABLED state after successful provisioning in Eyeglass.  Enabling these Jobs will be part of the installation steps.  

IMPORTANT: Clusters on source target must be in the support feature matrix

Isilon cluster replication pairs must be running a supported OneFS version as documented in the System Requirements / Feature Release Compatibility matrix.

IMPORTANT: Before you add a Cluster to Eyeglass verify SyncIQ FQDN Name resolution

This step is important to allow Eyeglass to automatically build configuration replication jobs correctly. Eyeglass will resolve the FQDN of the SyncIQ policy and then compare the returned ip address to all Isilon clusters added to the Eyeglass appliance.  If no match is found, Config Sync jobs will fail to be added to the jobs window, until name resolution works correctly.  A system alarm is also raised that  indicates no matching clusters found for the SyncIQ policies on Cluster named X.

Adding FQDN Clusters for Eyeglass version 1.6.0 and Greater

The FQDN cluster add device can accelerate performance, in some cases by the number of nodes in the IP pool, and allows Eyeglass parallel API execution to use multiple nodes in parallel.

  1. Login to Eyeglass

  2. Open Eyeglass shell from the Eyeglass main menu (bottom left)

  3. Login as admin with default password 3y3gl4ss

  4. Get list of SyncIQ policies from the source cluster you are adding and record the FQDN target host value used in the policy

  5. Validate that the FQDN of SyncIQ policy targets AND SmartConnect Zone for managing clusters (if planning to add clusters with FQDN)  will resolve correctly on Eyeglass

    1. nslookup <FQDN>   

      1. If adding clusters with FQDN versus Subnet service IP, and an IP address does not return, you will need to fix this by adding DNS to Eyeglass.  Use the YAST utility to add DNS to Eyeglass (see Eyeglass Admin Guide  for instructions) in order to resolve the SmartConnect Zones used by SyncIQ policies and the management zone name.

      2. OR you must sudo to root with sudo -s (enter admin password)

      3. vi /etc/hosts  and add an entry for the FQDN value that does not resolve correctly

      4. NOTE: DNS is the preferred solution to resolve entries, hosts file can be used as a work around on the appliance for each SmartConnect Zone that does not resolve to an IP address

  6. Repeat nslookup step for each FQDN used on each cluster you want to add to Eyeglass for DR management

From the Eyeglass UI add the Isilon Clusters between which Eyeglass will be replicating the share and export configuration data.




Note:

  • If you get authentication failure when clicking submit.  It can be one of these issues:

    • Bad password (make sure before looking at next causes)

    • If your cluster is running original 7.2.x.x, 8.0.0.0, 8.0.0.1, 8.0.0.2 the TLS security protocols allowed weaker security algorithms and key sizes.  Eyeglass 1.9 OVF and later has hardened security settings.  In this case you may need to edit /opt/superna/java/jre1.8.0_05/lib/security/java.security and comment out the line “jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048, SSLv2Hello, SSLv3, TLSv1, TLSv1.1

      • After editing this file an Eyeglass sca service restart is required

systemctl restart sca

  • SmartConnect Service must be IP address format, OR FQDN (requires > 1.6.x ) of the SmartConnect Zone name used for cluster management. Also it must be an IP pool from System Access zone for PAPI API calls to be supported.  This is suggest for load balance and improvement performance of Eyeglass operations when PAPI REST API calls are used for inventory, sync and failover operations.

  • Maximum RPO Value is the Recovery Point Objective for the cluster in minutes.  If you are using the RPO feature, this target is used during RPO analysis.  More information about Eyeglass RPO analysis can be found in Feature Overview - RPO Trending and Reporting.

  • To create an Eyeglass service account with minimum privileges follow the instructions provided in Isilon Cluster User Minimum Privileges for Eyeglass.            

Once the Isilon is added, Eyeglass will automatically run an inventory task to discover the Isilon components.  When completed, the discovered inventory can be seen in the Inventory View.





Enable Eyeglass Jobs

Once you have configured your Isilon cluster pair and the Inventory task has completed, 3 Eyeglass Jobs are automatically created per SyncIQ Policy to replicate between the SyncIQ Policy defined source and target.  

In addition to the Configuration Replication Jobs, Failover Readiness Jobs are created between replicating clusters that monitor the configuration and readiness of Access Zones.

Note:  These jobs are disabled by default (see Eyeglass Admin Guide  on how to change default to enable via the CLI).  Once enabled they will raise alarms if all configuration for Access Zones is not created or prerequisites completed.

Pre-requisite for Enabling Configuration Replication

  1. If you have an Active - Active Replication Topology (for data), confirm that you do not have an unsupported share or NFS Alias environment described in the diagram below:

Hot Hot Un supported.png



  1. Review Eyeglass Admin Guide Jobs description to understand what the Configuration Replication Jobs will do.

  2. Review Eyeglass Admin Guide for Configuration Replication Pre-requisites

  3. Review how Eyeglass determines uniqueness for configuration items and what properties are replicated.

Enable Jobs for Configuration Replication

Next step is to enable your Share, Export, NFS Alias (AUTO) Jobs for Configuration Replication.  This can be done on a Job by Job basis by following these steps:



  1. Select the Configuration Replication Job to be enabled.

  1. Select a bulk action and then select the Enable/Disable option.


On the next Configuration Replication cycle, the enabled Job will be run.

Initial state for Jobs

You can change the default behaviour so that these Jobs are enabled by default using this igls adv initialstate command.


Setup Eyeglass for Email Notification

  1. Configure SMTP

  2. Configure Email Recipients

Configure SMTP

  1. Enter the information for your email server in the Notification Center / Configure SMTP tab.


  • Host name: Enter the host name for your email server

  • Port: Enter the port which should be used for sending email

  • From: Enter the email address of the sender of the email.  Typically this is required to be a valid email address recognized by the email server.

  • Use Authentication: Select if email server requires an authenticated login

    • User: User or email address for authentication

    • Password: Password for authentication

  • Enable TLS: Select the Enable TLS check box if your email server expects TLS communication.

  • Alarm Severity Filter: Select level of alarms for which you would like to receive email.

2. Use the Test Email Setting button to check that the email server information added is correct.  If an error occurs, you will get error codes from the SMTP connection. The "no error" response indicates successful connection.  If an error is returned the debug response should be sent to support.superna.net.

3. Save your changes.

Configure Email Recipients

  1. Enter the information for your email server in the Notification Center / Manage Recipients tab.

    • Email Recipient: Enter the email address that emails will be sent to.

  1. Select the Add button.

Screen Shot 2016-06-13 at 8.44.07 PM.png

See the Admin Guide for twitter or Slack configuration


Protecting the Eyeglass appliance options


http://documentation.superna.net/eyeglass-isilon-edition/igls-administration/how-to---setup-active-active-appliance-procedures



http://documentation.superna.net/eyeglass-isilon-edition/igls-administration/eyeglass-warm-standby-backup-procedure---tech-note