Home

1. Conducts Isilon Onsite Verification Test (OVT) to verify that the hardware is operating within specifications. Configuration of the cluster as agreed on the configuration guide. Validation that clients can access data from the Isilon cluster. EMC Isilon cluster functional overview.
2. The Isilon NL 400 is cost effective, but it also offers incredible performance in an easy to manage package. Built on a solid foundation of affordability, performance, and simplicity, the Isilon NL 400 is an innovative solution for any business’s storage needs.

Isilon – Scale-out Dell EMC clustered storage platform. Isi – The Isilon command line interface. OneFS – The operating system of an Isilon cluster. SMB/CIFS – The Server Message Block (SMB) Protocol is a network file-sharing protocol; it supersedes Common Internet File System (CIFS), an earlier protocol. SMB is used in this document to.

Introduction to this Guide

Use this document to get your new Eyeglass installation up and running fast with all the best options.

For planning DR and understanding design choices with Eyeglass use the Eyeglass Start Here First Guide

System Requirements

1. vSphere 6.0 or higher or hyper-v with vhdx appliance appliance requires
   1. vcenter tested deployment requirements
      1. vcenter 6.5 Flex or html5
      2. vcenter 6.7 Flex client (vmware bug broke OVF with html webUI)
      3. vcenter 6.0 Flex or html, Windows client
2. 4 vCPU
3. 16 GB RAM (RAM must be upgraded based on the scalability table here)
4. 30G OS partition plus 80 GB disk Total disk size in VMware 110G
5. Latency from admin PC to Eyeglass VM GUI < 15 ms ping times
6. Chrome Browser (Required), Browser must support Websockets, Internet Explorer is not supported.
7. Eyeglass Port Requirements:

IMPORTANT INFORMATION REGARDING ADDING CLUSTERS TO EYEGLASS READ-ME FIRST

1. ONEFS 8.2 - This release disabled API and SSH access to the SSIP and introduces a range of SSIP addresses in a subnet. IF YOU ARE CURRENTLY USING AN SSIP THE BELOW STEPS ARE MANDATORY. NOTE: Requires Release 2.5.5 or later
   1. Upgrade to release 2.5.5 using this guide.
   2. Best Practise is to have an dynamic smartconnect IP pool in system zone for the IP used by Eyeglass to provide an HA connection to the cluster
   3. Login to Eyeglass open the Inventory Icon
   4. Right click the 8.2 cluster and select the Edit option
   5. Enter any IP in the dynamic pool range
   6. Re-enter the password for the eyeglass service account
   7. Click submit
   8. Repeat for each 8.2 cluster in the inventory tree.
   9. Done.
   10. NOTE: Dynamic IP pools will fail the IP address to a new node if the node fails or is taken down for maintenance.
   11. NOTE: CSRF patch referenced below still applies to 8.2 clusters, that do not support session based authentication across the cluster and this blocks use for smartconnect for load balancing Eyeglass API's.
2. NOTE: For release 2.5.5 and later, you must use a node IP with dynamic IP allocation in subnet with pool in the System Access zone to add PowerScale clusters to Eyeglass (typically the management subnet). Using SmartConnect Zones is no longer supported due to PowerScale CSRF patch which disabled basic authentication and does not share session token between PowerScale nodes. For more details please refer to Technical Advisory #15 and Technical Advisory #17.

Supported OneFS releases

1. Please refer to the Release Notes for the Eyeglass PowerScale Edition version that you are installing.

Feature Release Compatibility

1. Please refer to the Release Notes for the Eyeglass PowerScale Edition version that you are installing.

Eyeglass Scalability Limits

1. Please refer to the Eyeglass Admin Guide Scalability limits.
   

The following link provides a video tutorial outlining how to install Eyeglass for PowerScale, add clusters and an overview of features.

For a new Eyeglass installation, complete the following steps:

Download Eyeglass (Mandatory)

1. Download Eyeglass OVF, VHDX from Superna web site following instructions here Latest Appliance Download

Deploy the Eyeglass Appliance (Mandatory)

Eyeglass is delivered in an OVF format for easy deployment in your vCenter environment. Deploy the OVF and then follow the wizard to setup networking for this Linux appliance. You will need to know:

1. subnet and network required so that appliance will have IP connectivity to the PowerScale clusters that it’s managing, and the users that are using it
2. IP address for the appliance
3. (Optional) SmartConnect Zone for management access to the cluster
4. Gateway
5. DNS server
6. NTP Server

IMPORTANT: If you are using hostname or FQDN for the target cluster in your SyncIQ policies or SmartConnect Zone for adding clusters to Eyeglass, the DNS information entered here must be able to resolve back to a discovered cluster IP Address (should resolve to a SyncIQ SmartConnect Zone IP pool IP address), in order for Eyeglass to perform configuration replication. If the hostname cannot be resolved, Eyeglass will not create the associated configuration replication Job.

Steps to Deploy the OVF with vSphere Client (Mandatory)

OVF Deployment steps :

Step 1 : Download an OVF zip file from Latest Appliance Download.

Step 2 : Unzip the contents of the zip file from Step 1 onto a computer with vSphere web or Windows client installed.

Step 3 : Login to the Vcenter with appropriate login credentials.

Step 4 : Single click on VMware vSphere client on the Desktop. Login with appropriate login credentials.

Step 5 : Once logged in to VMware client, you can see different Menus on the top left of the application. Next, go to the File menu and select Deploy OVF Template.

Step 6 : Browse to the location of OVF files you’ve downloaded and unzipped in step 1 and 2. Select OK and then Next.

Next, You will see the OVF template details. Verify the details and proceed by selecting Next. Notice download size to be under allocated disk size limit.

Step 7 : Choose a unique name for the virtual machine and select Inventory location for the deployed template. Once done, select Next.

Step 8 : Select the host/cluster where you want to run the deployed template and then Next.

Step 9 : Select the Resource pool within which you wish to deploy the template.

Step 10 : Select a destination storage for virtual machine files, select Next

Step 11 : Select Disk Format for the datastore you selected in previous step.

Step 12 : Enter the networking properties for the Eyeglass appliance VM in the OVF properties display. Replace with correct settings for your environment.

IMPORTANT: If you are using hostname for the target in your SyncIQ policies, the DNS information entered here must be able to resolve this host back to the Cluster IP Address in order for Eyeglass to perform configuration replication. If the hostname cannot be resolved, Eyeglass will not create the associated configuration replication Job.

Step 13 : When done, verify your settings and deploy the OVF

After deployment:

Step 1 : Power On the virtual machine.

1. The Eyeglass appliance is deployed with following default admin user password:
2. admin/3y3gl4ss >> can also be used to login to the Eyeglass UI or SSH
3. NOTE: It is highly recommended to reset the default password after the appliance is deployed.

Isilon Nl410 Manual

Setup Time zone and NTP (Mandatory)

1. Setup NTP server (published online list here)
2. Setup Timezone for log time alignment and SyncIQ operations.
3. Follow Animated GIF below to set using YAST
4. ssh as admin user,
5. sudo -s
6. Enter admin password
7. yast

Eyeglass Initial Configuration (Mandatory)

Your Eyeglass initial configuration steps are:

1. Login to the Eyeglass UI
2. Install License
3. Create Eyeglass service account first for each PowerScale cluster with Minimum Privileges (if not done configure Clusters in Eyeglass using root user)
4. Add Clusters

Login to the Eyeglass UI (Mandatory)

To login to the Eyeglass web UI, enter the following URL into your browser (Chrome preferred) replacing <Eyeglass IP address> with the real IP address assigned to the appliance:

1. https://<Eyeglass IP address>
2. You have 2 options for login authentication:
3. Login with appliance credentials - use the admin user and password configured on the appliance
4. Default user/password: admin / 3y3gl4ss

Install License (Mandatory)

1. Retrieve your Eyeglass License keys (instructions provided here).
2. Upload the license zip file provided to you by Superna:
3. IMPORTANT: Do not unzip the license file. Upload the zip file.
4. IMPORTANT: You will be asked to accept the Eyeglass EULA and Phone Home after selecting the Upload button. License will not be loaded unless EULA is accepted.
5. Done

Add PowerScale Clusters (Mandatory)

1. NOTE: No Auto Refresh Inventory View use the refresh button bottom right of the GUI
2. This window does not auto refresh after adding a cluster. You must click the refresh button bottom right to verify when a cluster has finished discovery. This process can take 5-10 minutes typically.

3. NOTE: Password special characters and length.

   1. These characters cannot be used [ { (any bracket open) , } ] ) (any bracket close), ~ (tilde), ` (back quote), (back slash), / (forward Slash), & , *, $ this is not a full list and more special characters may not work. Password length should be < = 20 characters.

4. NOTE: Cluster DNS Setup and Add Cluster to Inventory:

   1. If discovery takes a very long time to complete (> 10 minutes), then to check to make sure that cluster configuration data can resolve external URL. Cloud pools use a URL to a storage bucket, and if this URL can not complete a DNS lookup to an IP address, then API calls that discover cloud pools will take too long to complete and will timeout the cluster discovery. Make Sure all URL and DNS resolution is functioning on the cluster.

5. IMPORTANT: After Discovery of a Cluster’s SyncIQ policies all Eyeglass configuration jobs are disabled automatically

   1. Configuration Replication Jobs for zones, shares, exports and NFS alias protected by SyncIQ Policy are automatically created and in the USERDISABLED state after successful provisioning in Eyeglass. Enabling these Jobs will be part of the installation steps.

6. IMPORTANT: Clusters on source target must be in the support feature matrix

   1. PowerScale cluster replication pairs must be running a supported OneFS version as documented in the System Requirements / Feature Release Compatibility matrix.

7. IMPORTANT: Before you add a Cluster to Eyeglass verify SyncIQ FQDN Name resolution

   1. This step is important to allow Eyeglass to automatically build configuration replication jobs correctly. Eyeglass will resolve the FQDN of the SyncIQ policy and then compare the returned ip address to all PowerScale clusters added to the Eyeglass appliance. If no match is found, Config Sync jobs will fail to be added to the jobs window, until name resolution works correctly. A system alarm is also raised that indicates no matching clusters found for the SyncIQ policies on Cluster named X.

8. Adding Clusters for Eyeglass

   1. PowerScale clusters must be added to Eyeglass using a node IP from an IP pool in the System Access Zone. Do not use the SSIP.
   2. Create the eyeglass service account: To create an Eyeglass service account with minimum privileges follow the instructions provided in Eyeglass Service Account Minimum Privileges.
   3. To verify SyncIQ target host FQDN:
      1. Login to Eyeglass via ssh
      2. Validate that the FQDN of SyncIQ policy targets will resolve correctly on Eyeglass
      3. nslookup <FQDN>
      4. NOTE: If it does not resolve validate DNS and make sure DNS can resolve this FQDN or Eyeglass will not auto detect SyncIQ replication relationships
   4. From the Eyeglass UI add the PowerScale Clusters between which Eyeglass will be replicating the share and export configuration data
   5. Note:
      1. If you get authentication failure when clicking submit. It can be one of these issues:
      2. Bad password (make sure before looking at next causes)
      3. SmartConnect Service must be IP address format. Also it must be an IP pool from System Access zone for PAPI API calls to be supported.
      4. If your cluster is running original 7.2.x.x, 8.0.0.0, 8.0.0.1, 8.0.0.2 the TLS security protocols allowed weaker security algorithms and key sizes. Eyeglass 1.9 OVF and later has hardened security settings. In this case you may need to edit /opt/superna/java/jre1.8.0_05/lib/security/java.security and comment out the line “jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048, SSLv2Hello, SSLv3, TLSv1, TLSv1.1”
         1. After editing this file an Eyeglass sca service restart is required
         2. systemctl restart sca
   6. Maximum RPO Value is the Recovery Point Objective for the cluster in minutes. If you are using the RPO feature, this target is used during RPO analysis. More information about Eyeglass RPO analysis can be found in Feature Overview - RPO Trending and Reporting.
9. After the cluster(s) are added successfully passing the authentication validation verify Inventory collection

10. Inventory Collection After Clusters are added

    1. Once the PowerScale is added, Eyeglass will automatically run an inventory task to discover the PowerScale components. When completed, the discovered inventory can be seen in the Inventory View.
    2. Click the Inventory Icon and verify the inventory completes as per below

1. Newly discovered SyncIQ policies will now appear as unconfigured in the Jobs Icon. You must set the job type as auto (mirrors configuration data between clusters) DFS (only used for DFS mounted SMB shares), and Skip config (special case when no configuration sync is required). NOTE: Once you set the type they will be userdisabled and must be enbled for production use.
2. Enable the jobs in the auto or DFS sections of the jobs icon with check box and bulk action menu to enable them. See section below on the steps.
3. Optional:
   1. Enable File system job to sync snapshot schedules to DR
   2. Zone job to sync access zones to DR (consult support before enabling not required in most cases)
   3. Zone and Pool Failover Readiness job is disabled and only enabled if you plan to use IP Pool or Access Zone failover feature. Consult the Getting started guide to decide on the failover mode.
   4. NOTE: Do not enable or run quota jobs, these are managed automatically by the failover process. These jobs should not be enabled or run.

Pre-requisite for Enabling Configuration Replication

1. If you have an Active - Active Replication Topology (for data), confirm that you do not have an unsupported share or NFS Alias environment described in the diagram below:
2. Review Eyeglass Admin Guide Jobs description to understand what the Configuration Replication Jobs will do
3. Review Eyeglass Admin Guide for Configuration Replication Pre-requisites
4. Review how Eyeglass determines uniquenessfor configuration items and what properties are replicated.

Enable Jobs for Configuration Replication (Mandatory)

1. Next step is to enable your Share, Export, NFS Alias (AUTO) Jobs for Configuration Replication. This can be done on a Job by Job basis by following these steps:
2. Select the Configuration Replication Job to be enabled.
3. Select a bulk action and then select the Enable/Disable option.
4. On the next Configuration Replication cycle, the enabled Job will be run.

Isilon Manual Model

1. Configure SMTP
2. Configure Email Recipients

Configure SMTP (Mandatory)

1. Enter the information for your email server in the Notification Center / Configure SMTP tab.
2. Host name: Enter the host name for your email server
3. Port: Enter the port which should be used for sending email
4. From: Enter the email address of the sender of the email. Typically this is required to be a valid email address recognized by the email server.
5. Use Authentication: Select if email server requires an authenticated login
6. User: User or email address for authentication
7. Password: Password for authentication
8. Enable TLS: Select the Enable TLS check box if your email server expects TLS communication.
9. Alarm Severity Filter: Select level of alarms for which you would like to receive email.
10. Use the Test Email Setting button to check that the email server information added is correct. If an error occurs, you will get error codes from the SMTP connection. The 'no error' response indicates successful connection. If an error is returned the debug response should be sent to support.superna.net.
11. Save your changes.

Configure Email Recipients (Mandatory)

1. Enter the information for your email server in the Notification Center / Manage Recipients tab.
2. Email Recipient: Enter the email address that emails will be sent to.
3. Select the report type this user receipt
   1. All
   2. Reports (RPO, cluster configuration)
   3. Easy Auditor product (All reports and email notifiaitons)
   4. Cluster Storage Monitor product reports (quota usage)
   5. Cluster Storage Monitor product Data recovery portal emails)
4. Select the Add button.
5. For other Notification center configuration options see the admin guide topic.
   

How to Change Eyeglass Appliance Networking Configuration (yast network utility) after OVA deployment (Optional)

Note: if you need to update the configuration at any time, ssh to the appliance admin user and then sudo su - to root and use the yast2 command to open the wizard.

Step 1: sudo su - to root

Root user password is unique to the appliance and has no default. Use the “sudo su” command to change to root user if desired.

Step 2: Type yast2 lan at the prompt.

Now follow steps to setup IP information on the appliance.

Notes on Using yast2

The yast2 interface is a generic text based user interface (TUI) that predates modern mouse and windows desktop environments. The downside of TUI’s are that they can be tricky to navigate if you’ve never used them before - the benefit of TUI’s is that they are widely compatible across platforms and do not require any graphical user interface to be deployed.

yast2 navigation Tips

Use the (TAB)key to move from one field to the next.

Use + (SHIFT TAB) key combination to move backwards

Use the (ARROW) keys to move around within a field

Use the (ALT) key, along with the bold letter in the interface to select that specific field, tab or option

1. The Network Devices / Network Settings window is open.
2. In Network Settings screen open second tab: Hostname/DNS.
3. Type Hostname for your Eyeglass appliance
4. Type DNS server IP. In this example: 192.168.1.250

IMPORTANT: If you are using hostname for the target in your SyncIQ policies, the DNS information entered here must be able to resolve this host back to the Cluster IP Address in order for Eyeglass to perform configuration replication. If the hostname cannot be resolved, Eyeglass will not create the associated configuration replication Job.

8. In Network Settings screen open first tab: Overview. Choose Edit.

2. In Network Card Setup screen, choose 2nd tab: Address. Type the same Hostname you entered when deploying the Eyeglass OVF..

3. Next - OK - Next

Read Me First

1. SyncIQ Domain Mark for fast fail back - checks both clusters to verify if SyncIQ domain mark exists and will raise warning if not found (NOTE: it will raise warning if you did not apply sudo update on step #1)
2. SPN Delegation for Access zone and IP pool failover - This check AD Delegation was completed to the cluster AD objects and the opposite cluster (cross test). If any test fails it will raise a warning with exactly which delegation permission is missing.
3. DNS Dual Delegation - This ensures automatic DNS resolution is in place before a failover. This validation will inspect your DNS configuration to determine if the Delegation is correct, A records resolve to subnet service ip's in the correct subnet. If you use Infoblox this validation must be disabled. It only supports standards based Name server delegations and not DNS forwarding.

Before Executing Upgrade Steps

1. The upgrade will disrupt Eyeglass services for less than 10 minutes
2. A VM level snapshot should be taken before upgrade to allow rollback to the previous version of the appliance

Inplace Upgrades

Scenario #1 - Appliances running Open Suse 42.3 OS to the latest release

This option allows customers to upgrade to the latest release without deploying a new OVF to get the latest operating system. NOTE: OS verson 42.3 no longer recieves security updates and is customers choice to stay on this OS of the appliance. NOTE: The OS is not covered by the support contract. NOTE: Release 2.5.6 is the last release to provide 42.3 installer files.

1. To check the OS version
2. ssh as admin user to Eyeglass
3. type cat /etc/os-release
4. The OS version is displayed
5. If Running 42.3 and you wish to stay on this OS version without using new OVF upgrade path, then continue with steps here.

Scenario #2 - Appliances running Open Suse 15.1 OS to the latest release

1. No special steps
2. Continue to upgrade instructions here.

Inplace Upgrade - Installer Download and Upgrade Procedures

1. To complete an offline upgrade:
2. Login to support site with a registered support account https://support.superna.net
3. Scroll down on page after login to locate the software download validation form.
4. Get the appliance ID from the about window of the Eyeglass desktop
   
5. Enter the appliance ID and click download button to retrieve the offline installer. NOTE: This command checks for an active support contract, and will only download software if support contract validation is successful.
   
6. Use winscp tool (google winscp download) to copy the offline package onto the appliance with the admin user and password.
   
7. ssh to the Eyeglass appliance and sudo to root command: sudo su - (you will be prompted for the admin password again)
   
8. Make the offline package executable: chmod 755 <filename>
   
9. Run the installer: ./<filename>
   
10. You may be prompted for Phone Home Agreement if not previously set. Enter ‘y’ or ‘n’ to continue. Phone Home allows remote monitoring and faster support that allows remote log collection.
    
11. Once the update is completed, login to the Eyeglass web page.
12. IMPORTANT: Refresh any open Eyeglass window to ensure that you have latest changes.
13. Check the About Eyeglass window and verify version shows the version you downloaded. The full list of releases can be found here.
14. Complete
15. Check Post upgrade steps here

Isilon Manual Guide

Upgrade to A New Appliance from an Old Appliance

1. Follow the steps in the next sections to complete the backup and restore process from an old appliance to a new appliance

Isilon Manual

Step 1 - Upgrade Path From Old Appliance Versions to Open Suse 15.1 OS with the latest Release - Backup/Restore Method

All Appliance versions prior to latest version are using Open Suse OS versions that no longer have security patches available (13.1, 13.2 , 42.1, 42.3). Use this upgrade option to get upgraded to the latest Eyeglass release and get the latest Open Suse 15.1 OS that includes automatic security patch updates. NOTE: If you are using an older version appliance backup file some settings are not retained depending on the backup file release version. The table in this document outlines settings that are migrated.

1. Follow steps to download the new OVF here
2. Deploy new Eyeglass VM using the install guide as a reference.
3. NOTE: The new appliance ip address can be different than the old appliance IP.
4. Reference the table of settings that are migrated in the next section.
5. After the new appliance is deployed and you can login to the webUI and ssh then continue with the steps below.

Step 1a - Review Table of Migrated Settings if Backup File Version Matches New Appliance Version

Step 1b - Review Historical Eyeglass Data & Settings that are Not Restored before continuing

Isilon Manual User

1. All existing Eyeglass databases are removed, no backup is made.
2. NOTE: This will delete databases and they will be rediscovered on startup. DO NOT USE this method if you have Cluster Storage Monitor or Ransomware Defender historical events or RPO Report data that you need to retain. Contact support if this applies to you scenario.

Isilon A200 Manual

Step 2 - Information to Record before Upgrading

1. Take a screenshot of the Eyeglass Jobs window prior to upgrade. This can be used as a reference to verify Job state and type. Example auto type or dfs type.
2. (if IP pool mode configured) Take a screenshot of the IP Pool failover policy to pool mappings

Step 3 - Restore Zip File (old appliance) and Restore to New Appliance Procedures

1. Take an Eyeglass Restore backup from your old Eyeglass appliance.
2. Download the Restore backup locally and then copy the zip file backup using scp or winscp to the newly deployed Eyeglass Appliance. It should be placed in /tmp folder .
3. See Restore Backup button that is required versus support backup. The Restore backup includes SSL private keys, the support backup does not. This applies to Releases > 2.5.3
4. Power off the old Eyeglass appliance. It is not supported to have multiple Eyeglass appliances managing the same clusters.
5. SSH to new Eyeglass appliance and login as admin (default password 3y3gl4ss). Issue “sudo su -” to enter in root mode (default password 3y3gl4ss).
6. 1. igls app restore /tmp/<eyeglass_backup.xxxx.zip> --anyrelease
      
   2. Replacing /tmp/<eyeglass_backup.xxxx.zip> with the name of the Eyeglass Archive file always including full path.
      
   3. You will be prompted to continue. Enter “y” to continue.
      
   4. 1. igls app restore /tmp/eyeglass_backup_17-07-05_20-42-08.zip --anyrelease
         
      2. Do you want to revert to the archive at /tmp/eyeglass_backup_17-07-05_20-42-08.zip? [y/N]: y
7. Check Post upgrade steps here
1. 
   

Post-Upgrade Steps (All Upgrade Paths)

Validate - Service account permissions, Eyeglass Job Status, Pool Mappings, Licenses and Cluster Inventory

1. Mandatory Step - Check minimum permissions sudo section in this document are all in place for your release. This will generate errors if permissions are not correct. Use this guide to review sudo permissions.
2. Login to the new Eyeglass appliance and check:
   
   1. Open Jobs window and verify all jobs modes are set correctly and appear in either config sync or DFS section. The screenshot taken before should be used to check the jobs are in the correct mode.
      1. If the jobs are in the wrong mode please set the mode correctly with the bulk actions menu.
3. (only If IP Pool failover Mode is configured otherwise skip) use the sceenshot taken above to verify the synciq pool mappings using the DR Dashboard​ mapping screen to verfiy they look correct.
4. Open License Manager Icon and verify Licences are visible.
   
5. Open Inventory Icon and verifyClusters are displayed.
6. Log in to the Eyeglass web page and open the Eyeglass Main Menu -> Notification Center and verify that the Alarm Severity Filter is correctly set
7. And verify that the Email Recipients are correctly set with the correct Email Type.
   
8. done

Validate - Ransomware Defender, Easy Auditor, Performance Auditor License Assignment

1. This step is mandatory to ensure licenses are assigned to the correct cluster. This release no longer supports auto assigned license mode to clusters
2. Login to Eyeglass
3. Open License Manager
4. Click on Licensed Devices tab
   1. 
      
5. First STEP: Set each cluster that should NOT be licensed to Unlicensed status using the drop down menu.
6. 2nd STEP: Set each cluster listed to User Licensed for the product(s) that should be assigned to this cluster. Example the production writeable clusters should be set to User Licensed for Ransomware Defender or Easy Auditor.
7. Click the submit button to save.