data still in cache would be lost.
This risk can be minimized by following industry-standard security precautions such as keeping servers in a secured location and connecting power supplies to the mains using a network-based UPS. In most environments, taking these simple precautions virtually eliminates the risk of serious data loss from sudden and unexpected power outages.
Of course, the physical conditions and company policies that guide IT decisions vary widely. Power outages are a common occurrence in some areas, and data protection procedures vary from company to company. Administrators who determine that the risk of data loss, even with security cautions in place, outweighs the significant increase in write performance that write-cache provides, can disable this feature for individual iSCSI Disks.
Tips (1) Write-cache can be disabled on an iSCSI Disk-by-iSCSI Disk basis.
Disabling write-cache for an iSCSI Disk does not disable write-cache for any other iSCSI Disk or any other resources on the Snap Server; (2) The opportunity to enable/disable write-cache for an iSCSI Disk occurs only when the disk is created; it cannot be toggled at a later date; (3) Disabling write-cache for an iSCSI Disk does not eliminate all potential risk of data loss due to an unexpected loss of power as each disk drive contains its own internal cache of 8MB or more.
Disconnect iSCSI Disk Initiators before Shutting Down the Server
Shutting down the server while a client initiator is connected to an iSCSI Disk appears to the client initiator software as a disk failure and may result in data loss or corruption. Make sure any initiators connected to iSCSI Disks are disconnected before shutting down the server.
Ignore the Volume is Full Message
When an iSCSI Disk is created, the volume allocates the specified capacity to the disk. If all volume capacity is allocated to the iSCSI Disk and e-mail notification is enabled, the Snap Server may generate a Volume is Full message. This message indicates only that the volume capacity is fully allocated to the iSCSI Disk and is not available to other resources. To determine the status of iSCSI Disk storage
utilization, use the tools provided on the client machine.
iSCSI Disk Management and Usage
To Configure iSNS
Click the Configure iSCSI link in the upper right of the screen to jump to the Network
> iSCSI screen, from which you can configure iSNS.
To Edit an iSCSI Disk
Click an iSCSI Disk name. You can increase (but not decrease) its size.
To Delete an iSCSI Disk
The system will not allow the deletion of an iSCSI Disk when clients are connected.
After disconnecting all client initiators, click Delete, and then follow the onscreen instructions to delete one or more iSCSI disks.
Label Description
iSCSI Disk Name The name of each iSCSI disk
Volume The volume on which the iSCSI disk was created Device The path of the iSCSI disk file
Authentication CHAP or none
Size The size of the iSCSI disk
Status Current condition of the iSCSI disk:
• OK — The iSCSI disk is online and accessible.
• Not Mounted — The iSCSI disk is offline.
Snap Server Administrator Guide 45 Snap Server Administrator Guide 45
Chapter 6
Share and File Access
Snap Appliance has implemented features to accommodate the disparate methods used by the SMB and NFS protocols for sharing data. At the share level, administrators can assign read-write or read-only share access to individual Windows (and local) users and groups. Administrators can also edit the NFS exports file to control how shares are exported to NFS client machines.
The SMB and NFS protocols also part ways in their handling of file-level permissions. Administrators can choose to apply Windows or UNIX-style file-level permissions to entire volumes or to directories at the root of a volume (aka SnapTree directories). These security-based directory structures are referred to as SnapTrees. Files permissions in a Windows SnapTree are set from a Windows client; in a UNIX SnapTree, they are set from an NFS client.
Topics in Share Access and File Permissions
• Components and Options
• SnapTrees & Security Models
• Creating Shares
• Share-Level Access Permissions
• Setting File and Folder Permissions (Windows)
Components and Options
Components and Options
Shares are created and share access is granted using the Administration Tool. File-level permissions are configured from a Windows or UNIX/Linux workstation. The following table summarizes the components, options, and tools available for setting up share and file security on Snap Servers.
Component Options Security Models
(SnapTrees)
Directories created on the root of a Snap Server volume are assigned one of two security models: Windows or UNIX. The security model determines the file-level security scheme that will apply to files, folders, and subdirectories within the directory (aka SnapTree directory). This security-based directory structure is referred to as a SnapTree.
Shares Shares are created on the Storage > Shares screen. When creating a share, you must set the following options:
• Share Mount Point: In the course of creating a share, you can either select an existing directory or create a new one.
• Security Model: If you create a share pointing to a volume or a SnapTree directory, a security model must be selected.
• Protocol Access: Client access to the share can be restricted to specific protocols. As a security precaution, disable any protocols not needed by users of the share.
Share Access Share-level access allows users/groups/clients to connect to a share and is configured from the Security > Share Access screen.
• User and Group Access: Users and groups known to the system can be given read-write or read-only access to the share.
• NFS Client Access: The Administration Tool provides a window into the exports file for defining how a share is exported to NFS clients.
• Hidden Shares: The Hidden option allows you to hide a share from clients connecting from the SMB, HTTP, AFP, FTP (but not NFS) protocols.
File Permissions File-level permissions define what actions users and groups can perform on files and directories, and are set from a Windows client for a Windows SnapTree; and from a UNIX/Linux client for a UNIX SnapTree.
SnapTrees & Security Models