Follow

System

To access the System page, click the Configuration menu, and then click the System tab.
The System page contains the following tabs:

Network

The Network page allows you to view and change network configuration information for the InfiniGuard. The InfiniGuard uses this information to connect to the network.
Network configuration information is entered during initial setup of each InfiniGuard DEE. You should consult your network administrator before making any changes to the network settings.

Caution

Changing the network configuration requires a system reboot to allow all system services to function correctly. Changing the network configuration requires a system reboot immediately after the changes are applied.

Additional Information

Rebooting the system can take several minutes. After the new network configuration is saved, close your Web browser and wait 15 minutes before logging in again. If you change the IP address that you use to log in to the system, you will temporarily lose your connection to the remote management console. Because of this, you might not see a confirmation page informing you that the new settings have been saved.

To access the Network page, on the System page, click the Network tab.

Configuring the Network

Using the Network page, each physical Ethernet port in the InfiniGuard DDE can be configured as a separate device. In addition, you can create bonded devices (logical ports) consisting of two or more physical ports of the same link speed (1GbE or 10GbE). For each port or device, you can specify the MTU (Maximum Transmission Unit) frame size.

After you define devices (single port or bonded), you can create up to ten network interfaces for each device. Each interface has its own IP address information. In addition, you can configure the following options for each interface:

  • Assign the interface to a VLAN (Virtual Local Area Network).
  • Indicate whether the interface IP address will be used to externally identify the system (external host IP address).
  • Specify the types of traffic allowed on the interface (management, replication, or data).
  • Specify the NAT address that the interface is mapped to if it is used for replication through a NAT firewall.
  • Add routing information for an interface to enable connectivity with devices on different subnets.

Note

You can choose to allow any traffic type (management, replication, or data) on an interface. In this case, the routing of different traffic types, as well as firewall capability, must be controlled using the network infrastructure (routers and switches) that the InfiniGuard DDE is connected to.

Configuring the network includes the following major steps:

Note

Before configuring the network, work with your network administrator to determine the network settings that will be required to properly integrate the InfiniGuard with your company's network.

Configuring General Network Settings

Under General, enter the following network information as provided by your network administrator:

Network: General page 

Hostname

The hostname of the InfiniGuard DDE.

The Hostname cannot be blank and must contain only letters [ A–Z, a–z ], numbers [ 0–9 ], and hyphens [ - ].

Default Gateway

The default gateway IP address.

Specifying a default gateway is optional if all access is local to a particular subnet. For example, if the DDE and all of its clients are on the same subnet, you do not need to specify a default gateway.

Caution: Specifying a default gateway is required to enable connectivity with all subnets other than those that the DDE is directly connected to. For example, if the DDE and its clients are on different subnets, or you are using an external NTP server, you must specify a default gateway.

DNS Suffix Search List

(Optional) The domain list to search when resolving domain names.

The list may be either a single domain name or a comma-separated list of up to 6 domain names. The first domain name listed is used as the local domain. Domain names must contain only letters [ A–Z, a–z ], numbers [ 0– 9 ], dots [ . ], and hyphens [ - ].

Primary, Secondary, and Tertiary DNS IP Address

(Optional) The IP addresses of up to three DNS servers used to resolve domain names and translate them into IP addresses.

Note: You must specify a DNS IP address if you plan to use hostname format when configuring an NTP time server, outgoing e-mail server, replication sources and targets, and other information.

Configuring Bonding Details

Scroll down Under IP Address Configuration > Bonding Details, configure bonded devices:

Network: Bonding Details page

  1. If necessary, click the Show link to show the bonding details table.
  2. For each available bonded device (bond0, bond1, and so on), select two or more Ethernet ports with the same link speed to assign to the bond. Or select Not Bonded to leave a port unassigned to any bond.

If no ports are assigned to a bond, the bond cannot be configured. That is, settings cannot be entered for the bond in the Interface Details or IP Address tables because no Ethernet ports are assigned to the device.

All ports assigned to the same device are bonded together into a single logical port. For example, if you select bond0 for port eth0 and port eth1, both ports are bonded together in the bond0 device. A bonded device can contain two or more ports.

All ports associated with a bond must have the same link speed (1GbE or 10GbE).

3. For each bonded device, specify the bonding mode:

Note

To maintain network connectivity, the switch connected to the InfiniGuard DDE must be configured to use the same bonding mode. The best time to change the bonding mode on the switch is during the next reboot of your system, after saving the new network settings. Changing the bonding mode on the switch before saving these settings and rebooting may result in the loss of network connectivity to the system.

Bonding Mode

Description

Round Robin (Mode 0)

This option sends Ethernet frames using the bonded Ethernet ports with a valid MII link. Frames are sent in a round-robin fashion, starting with the first slave device and then the rest of the devices. This only applies to the traffic sent from the InfiniGuard DDE. The Ethernet switch needs to aggregate the ports, so the connected ports are treated as a logical port. The DDE frame reception is completely dependent on the transmission algorithm of the Ethernet switch. The bonding mechanism does not balance the frame reception.

LACP (Mode 4)

This option (Link Aggregation Control Protocol) is based on the 802.3ad IEEE standard for aggregating Ethernet ports. If the bonding algorithm is set to LACP, the Ethernet switch ports must be configured in a 802.3ad based Link Aggregation group (LAG) in LACP mode. The InfiniGuard DDE frame reception and transmission is controlled by the LACP between the bonded ports and the Ethernet switch ports.

Active Backup (Mode 1)

This option does not require switch configuration but may not provide the same level of load balancing and performance as other bonding modes. Only one port in the bond is active at a time. If the active port fails, another port becomes active to take its place. Because only the MAC address of the active port is visible to the Ethernet switch, the switch does not require additional configuration.

4. Click Update to save the changes you made to the Bonding Details table. (Clicking Update does not yet apply the new network settings to the DDE.)

5. Click Undo to revert to all current Bonding Details changes to the last update.

Configuring Interface Details

Scroll down under IP Address Configuration > Interface Details, configure jumbo Ethernet frame settings for each port or device:

Network: Interface Details page

  1. If necessary, click the Show link to show the interface details table.
  2. For each device, select the MTU (Maximum Transmission Unit) frame size in the Jumbo Frame MTU Size drop-down box.

    1500 MTU

    (Default) The standard (STD) MTU frame size of 1,500 bytes is used.

    9000 MTU

    The jumbo MTU frame size of 9,000 bytes is used. (For best performance, make sure the entire network path to the DDE is configured to use 9000 MTU.)

  3. Click Update to save the changes you made to the Interface Details table. (Clicking Update does not yet apply the new network settings to the DDE.)
  4. Click Undo to revert to all current Interface Details changes to the last update.

Configuring Interface IP Addresses

Under IP Address Configuration > IP Address Table, configure one or more network interfaces for each port or device (physical Ethernet port or bonded device):

Network: IP Address Table page

  1. Click Add IP to add a network interface to a device.

Or select an interface to edit the IP address, netmask, gateway and traffic type. (To select an interface, click the radio button next to the interface index name, for example, bond0:2.)

Note

A maximum of 10 IP addresses are allowed per device. All IP addresses in the IP Address Table (added or modified) must be valid and unique, and must have a valid gateway and netmask.

2. In the VLAN ID column, select the check box to enable VLAN tagging for the interface. (Or clear the check box to disable VLAN tagging for the interface.)

VLAN tagging allows you to assign an interface to a virtual local area network (VLAN). With VLAN tagging, you can route different traffic types (management, data, and replication) over different VLANs, making sure traffic types do not mix.

If VLAN tagging is enabled, enter the VLAN Tag ID for the interface. (Valid values are 2 to 4094. You can assign only one tag ID to an interface.)


Additional Information

  • The maximum allowed number of VLAN tag IDs is 64. If you attempt to add more than 64 VLAN tag IDs, an error displays.
  • To maintain connectivity, the switch ports connected to the DDE must be configured to accept the correct VLAN tag ID.

Caution

If VLAN tagging is enabled for an interface, DDE Advanced Reporting is unable to collect and record statistics for traffic moving over the VLAN interface (for example, eth1.400). Statistics are still collected for the base device (for example, eth1.)

3. In the External Host IP column, select the check box to designate the interface as an external host IP. This associates the interface IP address with the host name of the InfiniGuard DDE, and the InfiniGuard DDE is externally identified by the host IP. The following restrictions apply:

  • You can designate only one external host IP for the network configuration.
  • You must specify a traffic type of Mgmt (management) or Any for the external host IP interface.
  • You must specify a valid Default Gateway in the General section. In addition, the external host IP must be on the same subnet as the Default Gateway to ensure external communication.

4. Enter the following network information as provided by your network administrator (all fields are required):

IP AddressThe IP address of the interface.
NetmaskThe network mask of the interface.
GatewayThe gateway of the InfiniGuard DDE. (This is usually not the same as the default gateway.)

5. If necessary, specify NAT (Network Address Translation) settings for the interface:

Note

If the DDE is a replication target and is behind a NAT router, you must configure a NAT IP Address
NATedSelect the check box if the IP address of the InfiniGuard DDE is translated by a firewall to a NAT IP address when the DDE communicates to the outside world.
NAT IP Address
The IP address used to access the InfiniGuard DDE from the public network. The router that connects the DDE to the Internet performs Network Address Translation that maps the IP address of the DDE to the NAT IP address, providing a valid replication interface for a source DDE.

6. Select the check box for each type of network traffic allowed on the interface (segmentation):

At least one interface must allow management traffic.

MgmtSelect to allow management traffic.
ReplSelect to allow replication traffic.
DataSelect to allow data traffic.
AnySelect to allow all types of traffic (management, replication, and data).

Additional Information

At least one interface must allow management traffic.

If the InfiniGuard DDE is configured for source or target replication, you should configure at least one interface to allow replication traffic (select Repl or Any) before applying changes to network settings.

If you configure segmentation for non-bonded interfaces (Ethernet ports) that are on the same subnet, all traffic will use the lowest numbered Ethernet port first, no matter how segmentation is configured. To avoid this issue, create bonded interfaces, and then select the desired traffic type for each bonded interface.


7. Click Update to save the changes you made to the IP Address table. (Clicking Update does not yet apply the new network settings to the InfiniGuard DDE.)

8. Click Delete to remove IP address information for the selected interface. Or click Undo to revert all current IP Address Table changes to the last update.

Note

When you add a network interface, a default route (via the default gateway) is automatically created for the interface after network settings are applied and the InfiniGuard DDE reboots. For example, if you add an interface with IP address 10.20.185.172, a route with the destination IP address
10.20.185.0 is automatically added. If you delete the default route, it is automatically added again the next time network settings are applied and the DDE reboots. For more information about interface routing, see Network.

Configuring Interface Routing

Some network configurations require that you specify routing details for an interface. You need to specify routing details if the host or client the interface connects to is on a different subnet that is not reachable using the default gateway. You also need to specify routing details if you have configured multiple network segments (replication, data, or management) on the same subnet. For more information and examples, see Network.

Under IP Address Configuration > Routing Details, enter routing information for one or more interfaces:

Network: Routing Details page

In the IP Address Table (above routing details), select an interface to add or modify routing data. (To select an interface, click the radio button next to the interface index name, for example, bond0:2.)

After selecting an interface in the IP Address Table, the Routing Details table below expands to display available routes (if any). 

Note

A maximum of 8 routes per interface are allowed.

2. If necessary, click the Show link to show the routing details table.

3. Click Add Route to add a route to the selected interface.

Or select a route to edit its settings.

4. Enter the following network information as provided by your network administrator:

Destination

The destination network for the route.

Dest Netmask

The network mask for the route.

Dest Gateway

The gateway IP address used for outgoing traffic sent from the interface to a host or client. (This is usually not the same as the default gateway.)

Additional Information

The destination gateway of each route must match the subnet of at least one configured IP address listed in the IP Address Table. If no match is found, an error displays stating that the route's destination gateway is not reachable.

In the example shown below, to reach a host on the 10.50.50.x subnet, you would enter 10.50.50.0 for destination network, 255.255.255.0 for the destination netmask, and 10.20.20.1 as the destination gateway.

5. Click Update to save the changes you made to the Routing Details table. (Clicking Update does not yet apply the new network settings to the InfiniGuard DDE.)

6. Click Delete to remove IP routing information for the selected interface. Or click Undo to revert all current Routing Details changes to the last update.

Applying Network Settings

For network changes to take effect, you must apply the changes, finalize the confirmation, and reboot the system. To apply all changed settings on the Network page to the InfiniGuard DDE, click Apply at the bottom of the page. Follow the prompts to confirm the changes and reboot the system.

Note

To revert all network settings to the initial state and undo all changes, click the Reset button.

Understanding Interface Routing

For a network on the interface to communicate with a host located on a different subnet, you must specify routing information in the Routing Details section. Routing is used to direct outgoing traffic from a network interface on the InfiniGuard DDE to an IP address in another subnet by means of a destination gateway. Responses from the destination are routed back to the InfiniGuard DDE using the gateway specified for the interface in the IP Address Table section.
In addition, when configuring segmented network interfaces, if the source InfiniGuard DDE replication, data, and management interfaces are on the same subnet, you must add a host route on the source InfiniGuard DDE to make sure the replication interface is correctly selected when replicating data to the target InfiniGuard DDE.
See the following examples for details:

Example 1: Segments and Target on Different Subnets

In the example below, the InfiniGuard DDE has two segmented interfaces, one for management traffic and one for data traffic:

  • The management interface is assigned to the 10.30.24.x subnet in the IP Address Table section. This subnet connects to the corporate network by means of the default gateway (10.30.24.1).
  • The data interface is assigned to the 10.20.20.x subnet in the IP Address Table section. This subnet connects to a gateway at 10.20.20.1.
  • Using the data interface, the InfiniGuard DDE needs to connect to a backup host that is on the 10.50.50.x subnet. Because this host is not on the same subnet as the data interface, the DDE cannot communicate with the host unless you specify routing information in the Routing Details section.

In this example, you would specify 10.50.50.0 for destination network, 255.255.255.0 for the destination netmask, and 10.20.20.1 as the destination gateway.
Note: The gateway specified in the IP Address Table section is for incoming traffic to the interface. The gateway specified in the Routing Details section is for outgoing traffic from the interface.



Example 2: Segments and Target on the Same Subnet

In the example below, the InfiniGuard DDE has two segmented interfaces, one for data and management traffic, and one for replication traffic:

  • The source InfiniGuard DDE management/data IP address, the source InfiniGuard DDE replication IP address, and the target InfiniGuard DDE IP address are all on the same subnet (192.168.10.x).
  • To make sure the replication segment is used when communicating with the target InfiniGuard DDE, you must add a host route in the Routing Details section on the source InfiniGuard.

In this example, you would specify the following routing details for the replication interface on the source InfiniGuard DDE:
Destination Use the IP address of the target InfiniGuard DDE (192.168.10.200).

Dest Netmask

Use 255.255.255.255.

Dest Gateway

Use the replication IP address of the source InfiniGuard DDE (192.168.10.100).



Example 3: Segments on the Same Subnet and Target on a Different Subnet

In the example below, the InfiniGuard DDE has two segmented interfaces, one for data and management traffic, and one for replication traffic:

  • The source InfiniGuard DDE management/data IP address and the source InfiniGuard DDE replication IP address are on the same subnet (192.168.10.x). The target InfiniGuard DDE IP address is on a different subnet (192.168.20.x)
  • To make sure the replication segment is used when communicating with the target InfiniGuard DDE, you must add a network route in the Routing Details section on the source InfiniGuard DDE.

In this example, you would specify the following routing details for the replication interface on the source InfiniGuard DDE:

Destination

Use the subnet of the target InfiniGuard DDE (192.168.20.0).

Dest Netmask

Use 255.255.255.0.

Dest Gateway

Use the IP address of the gateway (192.168.10.1).

  • In addition, to enable communication with the target InfiniGuard DDE by means of the gateway, you must add a second host route in the Routing Details section on the source InfiniGuard DDE.

In this example, you would specify a second set of routing details for the replication interface on the source InfiniGuard DDE:

Destination

Use the IP address of the gateway (192.168.10.1).

Dest Netmask

Use 255.255.255.255.

Dest Gateway

Use the replication IP address of the source InfiniGuard DDE (192.168.10.100).



Security

Data Encryption

The Data Encryption page allows you to select the type of encryption to use for Replication, OST, and NetBoost data transfers. Data sent from the media server (OST/NetBoost) or source InfiniGuard DDE (Replication) to the DDE can be encrypted using AES (Advanced Encryption Standard) encryption methods.

To access the Data Encryption page, click the Security tab 

Important Information

  • If TLS with AES 256 is selected, the factory installed certificates are inadequate for security. The factory installed certificates should be considered public domain and are provided only for convenience. You must install new certificates for secure encryption.
  • The InfiniGuard DDEs uses the TLS with AES 256 certificate authority as the arbiter of trust. To ensure the security of your data on the DDE blockpool, you must generate your own private certificate authority.
  • Installing new certificates requires a reboot of the system.


Data Encryption Page

To enable or disable data encryption:

1. Select an Encryption option in OST and NetBoost Data Transfer Encryption:

NoneData is not encrypted
Default AES 128OST and NetBoost data are encrypted using AES 128-bit encryption
Default AES 256OST and NetBoost data are encrypted using AES 256-bit encryption
TLS with AES 256

NetBoost and Replication data are encrypted using AES 256-bit encryption with Transport Layer Security (TLS)

For replication, you must specify encryption settings when configuring the replication or failback targets (see Replication)


2. If you selected the TLS with AES 256 encryption option, install the required TLS Certificate and key files on the DDE:

    • Certificate File
    • Private Key File
    • Certificate Authority File
    • Certificate Revocation List (Optional)

OST Media Server with TLS Encryption
The certificate and key files installed on the DDE system must match the files on the OST media server. For more information on certificate and key files, see the OST Plug-in Installation Instructions.

Replication with TLS Encryption

  • To successfully use replication with TLS encryption, you must do the following:
  • Configure target DDE with TLS Encryption.
  • Configure source DDE with TLS Encryption (system reboot required).
  • Select TLS with AES 256 when configuring the target DXi (see Adding a Replication Target).

The source DDE key and target DDE key do not need to match, but must meet the following criteria:

  • The target key must be signed by a certificate in the source key.
  • The source key must be signed by a certificate in the target key.

To install a file, click the Browse button to browse the system and locate the file, and then click Open.

Caution

Installing certificate files requires a system reboot immediately after the changes are applied. Wait for at least 15 minutes before logging back in.


Note

You can install new certificate and key files at any time, as long as there are no active network connections between the server and the DDE.

3. Click Apply.

Note

To clear all changes without saving them, click Reset. To remove user installed certificate and key files, click Restore Factory Defaults.


Manage Users

The Manage Users page allows you to create and manage local authenticated users for use with the OpenStorage (OST) and Oracle Recovery Manager (RMAN) capabilities.

OpenStorage (OST) and Oracle Recovery Manager (RMAN)
After you create OST or RMAN user credentials, enter them in the backup application to authenticate on the media (OST) or Oracle (RMAN) server.

Note: When using OST Automatic Image Replication (AIR), the remote user credentials specified on the source InfiniGuard DDE must match the local user credentials on the target (remote) InfiniGuard DDE.

To access the Manage Users page, on the System page, click the Manage Users tab.

Manage Users Page

Tasks

Use the Manage Users page to perform the following tasks:


Manage Authenticated Users List

The Manage Authenticated Users list displays the following information for all local authenticated users:

Name

The name of the local authenticated user.

Description

A brief description of the local authenticated user (if available).


Note

To update the list with the latest information, click Refresh

Adding an Authenticated User

Add an authenticated user to create local user credentials. The user credentials are required to authenticate devices on a media server. User credentials are also required to enable the InfiniGuard DDE to receive duplicated data using OST AIR.

To add an authenticated user:

Click Add.

The Add User Credential window displays. 

Add User Credential page

Enter information about the authenticated user:

User name

Enter the name of the authenticated user.

New Password

Enter the password for the authenticated user.

Confirm New Password

Enter the password again to confirm it.

Description

(Optional) Enter a brief description of the authenticated user.

Click Apply.

Editing an Authenticated User

Edit an authenticated user to change the user's password or description.

To edit an authenticated user:

1. Select the user and click Edit.

The Edit User Credentials window displays.

Edit User Credentials page

Enter information about the authenticated user:

Note

If you are editing an authenticated user, you cannot change the User name.


New Password

Enter the password for the authenticated user.

Confirm New Password

Enter the password again to confirm it.

Description

(Optional) Enter a brief description of the authenticated user.

2. Click Apply.

Deleting an Authenticated User

Delete an authenticated user if the user credentials are no longer needed to authenticate devices on a media server.

To delete an authenticated user, select the user and click Delete.

Note

You can select multiple users to delete at once.

FC Initiators and Targets

The FC Initiators & Targets page allows you to see all initiator and target ports and their associated World Wide Port Numbers (WWPNs). You can also change a Fibre Channel port to initiator or target mode.

To access the FC Initiators & Targets page, on the System page, click the FC Initiators & Targets tab.

FC Initiators and Targets Page

  • Tasks

Use the FC Initiators & Targets page to perform the following tasks:


Fibre Channel Initiators and Targets List

The Fibre Channel Initiators & Targets section displays the following information for all Fibre Channel ports:

Alias

The alias of the Fibre Channel port.

WWPN

The World Wide Port Number of the Fibre Channel Port.

Port Type

The current mode of the Fibre Channel port (Initiator or Target).


Note

Click Refresh to update the list with the latest port information.

Editing the Fibre Channel Port Type

Edit the port type to change the mode of a Fibre Channel port to initiator or target mode. You can change the port mode only on inactive connections:

Additional Information

  • Before changing a Fibre Channel port type from initiator to target, unplug the Fibre Channel port wire connection.
  • Before changing a Fibre Channel port type from target to initiator, un-map any host mapping on the Fibre Channel port and unplug the Fibre Channel port wire connection.

To edit the Fibre Channel Port type:

Select the port in the list and click Edit.

Select the new port mode (Initiator or Target) in the drop-down box,

Click Update.

Troubleshooting, help and support

Our focus is to make it better, faster, easier, while reducing cost and complexity. Our success will be measured by our clients.

Self Help

Before reaching out to Infinidat Storage Support the following should be understood by administrators and considered before calling.

How can I free up disk space on my DDE?

There are multiple ways you can remove data from your DDE:

  • Delete data from your NAS share or VTL partition. 
  • Erase or re-label tapes from your backup application. 
  • Delete the virtual media altogether.
  • If the DDE is a replication target system, delete replicated snapshots.

After you take one or more of the previous actions, and after space reclamation completes, space consumed will be returned to the system.

When should I schedule replication for best performance?

Optimize your performance by scheduling your backups, and replication to run at different times throughout the day.

How can I increase my deduplication ratio?

Optimize your deduplication ratio by disabling software compression, encryption, and multiplexing in the backup application. Space reduction rates are a combination of deduplication and compression and a direct result of the number of redundant backups of data over the life cycle of defined retention. Therefore, client that run more full backups with higher retention values tend to see greater reduction rates than clients that run frequent incremental backups with shorter retention rates.

What should I do when my backups fail?

Backup jobs may fail for some of these reasons:

  1. The DDE ran out of space during the backup window. 
  2. Your backup host lost network connectivity to the DDE.
  3. Your backup application may have crashed. Try re-running the backup
  4. Your client in backup or the data mover managing backup traffic is over-whelmed and unable to process the work at hand.
  5. A backup policy or resource configuration access is misconfigured.

Documentation

The complete InfiniGuard documentation set is available here: https://support.infinidat.com/hc/en-us/articles/360000491457-InfiniGuard-3-0-documentation

Scope of Support

Support Services shall be provided 24 hours per day, 7 days a week. As part of the Support Services, Infinidat shall provide Installation Services, Updates, Telephone Support, Online Support, Remote Support (if applicable), and Onsite Support (if applicable), solely with respect to a Supported Release of the Product.

Service Levels

Infinidat shall provide Telephone Support, Online Support and Error Correction services in accordance with the chart below, as long as access to the Product is granted to Infinidat.

Response time for acknowledgement by Infinidat

  • Infinidat will provide you with an acknowledgement of the Support Request within the following time periods:
    • Priority A - 1 hour
    • Priority B - 4 hours
    • Priority C - next business day Onsite Support Availability
  • Onsite support will be provided within the following time periods, after Infinidat deems Onsite Support is necessary:
    • Priority A - 4 hour
    • Priority B - next business day
    • Priority C - to be scheduled with you

Contacting Infinidat

See instructions here: https://support.infinidat.com/hc/en-us/sections/360000024169-How-to-contact-INFINIDAT-Support


Was this article helpful?
0 out of 0 found this helpful

0 out of 0 found this helpful

Comments