About d.ecs storage manager
Prerequisites
Licensing
Open Documentation Menu
d.ecs storage manager NetApp
The NetApp module allows the d.ecs storage manager to store documents on a NetApp system. It supports the NetApp SnapLock technology protecting the documents from deletion or overwriting for a certain amount of time.
The NetApp module requires an installation of the Visual C++ 2013 Redistributable Package in the 32-bit version. This is installed during the installation of d.ecs storage manager.
Since the d.ecs storage manager access the storage area of the NetApp via the CIFS (Windows-network protocol), is necessary to activate the CIFS-protocol via a special license on the NetApp side.
Warning
In order to ensure audit-proof storage, the data must be written on a volume protected with the SnapLock technology.
Furthermore, a new user should be created in the Microsoft Windows structure. From the point of view of d.ecs storage manager, this user is the only one who needs the right Full Control to the SnapLock area on the Netapp. d.3 process manager, in which the d.ecs storage manager runs, is then started under this user.
If several users have Full Control access to the SnapLock volume, it could happen that documents are incorrectly written to the NetApp and are not extended when starting the d.ecs storage manager under a different user.
If other d.3 processes run in this d.3 process manager, you must also consider the rights required by these other processes.
A volume on the NetApp must not be set to read-only mode, as otherwise some processes of the d.ecs storage manager cannot work.
Warning
To store the documents with the d.ecs storage manager on a SnapLock volume, it is essential that the default, minimum, and maximum retention period for the SnapLock volume are set equivalent to the retention periods in the leading system (d.3/ecspand). Furthermore, the Autocommit option must not be activated for a volume, otherwise problems may occur when processing jobs.
Warning
The NetApp allows with the function privileged delete to remove documents from the NetApp before the configure lifetime expires. For this effect, the function must be licensed and enabled on the NetApp. Each such delete action is logged by the NetApp. The right Privileged delete must be assigned to the user in the Advanced properties.
Please note the respective information on the function and the vendor certification on audit-proof storage.
Configuration
 |
Objective: List of the target paths where the documents are stored and their properties.
Alias: Alias name of the volume.
Storage path: Target path where the documents are stored.
Volume: Volume path on the NetApp.
Upper storage limit: Specifies how much storage space may be used for storing data.
Rewritable: If this option is set, the data will be re-written as soon as the available storage space falls below the Lower storage limit.
Lower storage limit: Specify the percentage of disk space which may be occupied before documents can be stored again.
Volume ID: Every storage path gets a unique volume ID.
Autosize: Automatically resize the volume.
Force CAS creation: If this option is enabled, then the documents are stored in CAS containers. These containers have a unique ID which is used to verify the consistency of a document during restore. (During the retrieval it is checked, if the data in a CAS container are unchanged before a document is passed on to the d.3 server/d.3 gateway/API). This should only be enabled in connection with ecspand.
Validate data: If this option is enabled, a file comparison based on the RipeMD256 mechanism is performed after having copied a file to the NetApp-volume. This ensures that the file as completely transferred.
File name for HealthCheck: File name to be used during the system check by the HealthCheck process.
Volume configuration
 |
Alias: Alias name for the volume. If a name is specified here then this is used instead of the volume ID in the web interface. This is used for a better overview.
Storage path: Specify a path here where the documents are stored
Volume: Specify the volume-identifier of the NetApp-volume here. The directory must be located on the same directory level as the directory specified under Storage path. The volume-path always starts with /vol/ followed by the volume name as configured in the NetApp. The volume name can be found in FilerView for NetApp. The volume names are provided under the option Volumes > Manage in the FilerView. Note that the volume names in the NetApp are case-sensitive.
Automatically resize the volume: If the used volume is automatically extended by NetApp, this parameter must be enabled. Enable this to remove the storage limits.
Upper storage limit (in %): Here you can define a percentage of how much storage space may be used for the storage of data.
Lower storage limit (in %): Specify the percentage of hard disk space which may be occupied before documents can be stored again.
Upper storage limit (in MB): Here you can define in MB how much storage space may be used for the storage of data.
Lower storage limit (in MB): Specify the percentage of hard disk space which may be occupied before documents can be stored again.
Rewritable: This option is only available, if more than one volume is configured and specifies, if a volume should be rewritten as soon as the lower storage threshold of the volume is exceeded (e.g. by deleting old documents).
Minimum/maximum retention period (in months) Specifies the range in which the retention time passed by the delivering process may be located for a document. These values have to be set and must be equivalent to the settings of the NetApp volume. With a click on Load times it is attempted to retrieve the settings from the NetApp.
Automatically correct retention period: If a retention-period outside the specified range is passed by a delivering process, then the time is automatically set to the minimum or maximum, if this parameter is enabled. Else the job is blocked and the document is not written to the secondary storage.
Log in with the following user: If this parameter is enabled, the d.ecs storage manager automatically tries to log in to the respective volume. This parameter only has to be enabled, if the d.ecs storage manager is executed under a user account which does not have access to the volume.
User: User to be used for the login to the volume.
Password/Confirm password: Password of the user to be used for the login to the volume.
Status: One of three possible values of the volume is displayed. Use the Reset volume status button to reset the status of a volume to Waiting.
Waiting: There is currently no writing on the volume.
Writing: Currently writing on the volume.
Full: The volume was written on until it exceeded the configured memory limits. The volume cannot and will no longer be written to.
Connection
The NetApp module checks the settings of the SnapLock volume on the NetApp when starting d.ecs storage manager. To be able to determine this information, the module requires a user defined on the NetApp with the appropriate permissions for access.
API mode: Defines which API mode should be used. From OnTAP version 9.10.1, select REST as the API mode. In this mode, the setting of the retention periods has been adapted to the changes in the OnTAP version. Note that the specified users have access to the REST interface.
Filer IP: Host name or IP of the NetApp.
Note
Enter the IP of the management interface of the corresponding storage VM here.
User: User who is allowed to log on to the NetApp and has the appropriate rights to query the volume information.
Password/Confirm password: Password of the user.
Use HTTPS: If HTTPS is to be used for the connection, enable this switch. This requires that HTTPS is enabled on the NetApp. Privileged Delete always requires an HTTPS connection.
User (Privileged Delete): User who has the right to delete files privileged.
Password/Repeat passwort (Privileged Delete): Password of the user.
Note
The Privileged Delete options will be visible only if you have purchased the Privileged Delete license.
Create the required users on the NetApp (console)
To create a user with the necessary rights in the NetApp, open the console and follow these steps.
API-user for querying the volume-information
OnTAP Version >= version 9
Create a user for the application ontapi, specify a password and assign the role vsadmin-readonly.
OnTAP version >= version 9
Create the role r_decsapi with the specific rights login-http-admin, api-volume-list-info and api-volume-options-list-info for the API access on the NetApp:
useradmin role add r_decsapi -c "d.ecs storage manager API access role" -a login-http-admin,api-volume-list-info,api-volume-options-list-info
Create a local group g_decsapi on the NetApp and assign the role r_decsapi:
useradmin group add g_decsapi -c "group for d.ecs storage manager API access" -r r_decsapi
Create a local user decsapiaccess on the NetApp and assign the role g_decsapi:
Note
When creating the user decsapiaccess you must define a password. The password should be configured not to expire.
useradmin user add decsapiaccess -c "d.ecs storage manager API access user" -g g_decsapi
Check the user settings:
useradmin user list decsapiaccess
The following should be displayed:
---------------------------------------------------------------------------------------- Name: decsapiaccess Info: d.ecs storage manager API access user Rid: 131079 Groups: g_decsapi Full Name: Allowed Capabilities: login-http-admin,api-volume-list-info,api-volume-options-list-info Password min/max age in days: 0/4294967295 Status: enabled ----------------------------------------------------------------------------------------
API-user for privileged deletion
OnTAP Version >= version 9
Create a user for the application ontapi, specify a password and assign the role vsadmin-snaplock.
OnTAP version >= version 9
useradmin user add decsprivdel -c "d.ecs storage manager privdel" -g "Compliance Administrators"
Check the user settings:
useradmin user list decsprivdel
The following should be displayed:
---------------------------------------------------------------------------------------- Name: decsprivdel Info: d.ecs storage manager privdel Rid: 131080 Groups: Compliance Administrators Full Name: Allowed Capabilities: cli-cifs*,cli-exportfs*,cli-nfs*,cli-useradmin*,api-cifs-*,api-nfs-*,login-telnet,login-http-admin,login-rsh,login-ssh,api-system-api-*,cli-snaplock*,api-snaplock-*,api-file-*,compliance-* Password min/max age in days: 0/4294967295 Status: enabled ----------------------------------------------------------------------------------------
Create REST API users for the Storage VM
With the release of version 3.9.0, d.ecs storage manager supports the new REST API of NetApp systems.
To use the REST API, users with different roles are required.
Creating users for REST API - This is how it works
Create a user with the vsadmin role in the appropriate storage VM on the NetApp.
Assign the login method HTTP with the authentication method Password to the user.
Optional for Privileged Delete:
To use the Privileged Delete function, create a separate user.
Creating users for Privileged deletion - This is how it works
Create a user with the vsadmin-snaplock role in the appropriate storage VM on the NetApp.
Assign the login method HTTP with the authentication method Password to the user.
Usage with OnTAP
If the d.ecs storage manager is operated with the OnTAP version 8 and the function Privileged Delete is used, the option tls.enable on the NetApp must be set to "on". This can be done via the command line of the NetApp. The command looks like this:
options tls.enable on
Index recovery
The d.ecs storage manager NetApp module allows to recover the internal document index after a loss. For this effect, it browses the specified target directory for documents and thus rebuilds the index. This type of index recovery should only be used, if no index-recovery-files (*.IR) exist to restore the index (also see Tab Database logging).
 |
NetApp Directory: Directory on the NetApp to be searched for documents.
Index Directory: Directory where the index of the documents for the NetApp system is to be stored.