Installation

Introduction

The Superna Disaster Recovery (DR) Edition installation guide provides instructions for successfully deploy the Superna DR solution.

This page gives an high-level overview of the full installation process and the phases it includes, such as reviewing system requirements, deploying a Superna virtual appliance, configuring hardware clusters, and the initial setup of the Superna DR Solution environment.

Requirements

Platform support

note

As of version 2.11.0, Cyberstorage for Dell includes support for Dell PowerScale OneFS 9.10.

Coming Soon

Up-to-date platform support documentation for Superna software is under development.

In the meantime, previously available information—including Dell Release Compatibility and Dell DR Edition Feature Release Compatibility—is still available in the document linked below.

Platform Support

Certified hypervisors, supported storage platforms, and compatibility matrices across solutions.

See more

System requirements

System resources

The 2.11.0 release updates the default requirements for system resources.

• vCPUs: 4
• Cores per vCPU: 4
• Memory: 24 GB RAM (Memory may need to be upgraded based on scalability requirements. Refer to the Scalability Limits and Memory Requirements document for more information.)
• Disk Space:
  • Disk 1 - Operating System Partition: 32GB
  • Disk 2 - Additional Disk Space: 140GB
• Swap: 18GB

For requirements from earlier versions, refer to previous versions of the documentation.

Scalability limits and appliance memory minimum requirements

• Requirements: Refer to the Scalability Limits and Memory Requirements document for more information.

  info

  Each release of the software may adjust memory requirements, and the alarm code (SCA0094) will recommend memory for the supported configuration. The recommendation from Alarm Code SCA0094 takes priority over this documentation.

Ports requirements

• Requirements: Refer to the Port Requirements document for more information.

Network requirements

• Latency: The latency between the administration PC and the Eyeglass VM GUI must be less than 15 ms (measured by ping).

Authentication and user management

• Active Directory (AD) Authentication: An AD authentication provider must be available in the system zone for Role-Based Access Control (RBAC) and SID-to-user resolution API requirements.

Browser requirements

• Supported Browser: Google Chrome is required. The browser must support WebSockets.
• Unsupported Browsers: Internet Explorer is not supported.
• Cookie Settings: Third-party cookies must not be disabled, as they are required for authentication sessions and file downloads.

Download and deploy virtual appliance

Download virtual appliance

Use the following guide to download Superna software installers from the Superna Support portal:

Download Superna Software

Learn how to access and download installation packages for your licensed Superna solution.

See more

Deploy virtual appliance

Deploy on VMware

Deploy Superna appliances using vSphere and an OVF template.

See more

Deploy on Nutanix

Deploy Superna appliances on Nutanix AHV using qcow2 images and Prism. Certified Nutanix Ready.

See more

Post-deployment hardware setup

Setup time zone and NTP

The virtual machines that make up the Superna solution are required to be time synchronized with the PowerScale OneFS clusters in the environment. Please make sure the Eyeglass appliance and the ECA nodes are connected to the same NTP server as the PowerScale OneFS clusters, and that the timezone is appropriately set on all.

Create Eyeglass user and assign roles and privileges

1. Log into the PowerScale OneFS cluster using the root user.

   This provides the necessary administrative privileges to create new user accounts.

2. Run the following command to create the eyeglass service account:

   isi auth users create eyeglass --enabled yes --password 3y3gl4ss

   This command sets up the account with an initial password and enables it for immediate use.

   warning

   • Restricted Characters: Ensure your password does not include restricted characters such as brackets, tilde, back quote, forward slash, ampersand, asterisk, and dollar sign. These characters can cause issues in scripting and command execution within the PowerScale OneFS environment.
   • Password Length: Ensure the password is no longer than 20 characters.

3. Update the sudoers file

   Some critical administrative commands required for managing PowerScale OneFS clusters are not accessible through the PowerScale OneFS Platform API and must be executed directly via the command-line interface with root privileges.

   To allow the eyeglass account to run these commands, update the sudoers file as shown below.

   1. Use the isi_visudo command to safely open and edit the sudoers file.

      isi_visudo

   2. Add the following lines to the sudoers file.

      These entries allow the eyeglass user to execute specific administrative commands without requiring a password:

      eyeglass ALL=(ALL) NOPASSWD: /usr/bin/isi_classic auth ads*
      eyeglass ALL=(ALL) NOPASSWD: /usr/bin/isi_classic domain info*

   3. Add the following lines to the sudoers file. These entries allow the eyeglass service account to manage SMB file operations without requiring a password:

      eyeglass ALL=(ALL) NOPASSWD: /usr/bin/isi_for_array -s isi_run -z ?* isi_classic smb file*
      eyeglass ALL=(ALL) NOPASSWD: /usr/bin/isi_for_array isi_run -z ?* isi_classic smb file*

      eyeglass ALL=(ALL) NOPASSWD: /usr/bin/isi_for_array -s isi smb openfiles list *
      eyeglass ALL=(ALL) NOPASSWD: /usr/bin/isi_for_array isi smb openfiles close *

4. Modify user account properties and create roles:

   1. Disable the password expiration for the eyeglass account to ensure continuous access without the need for periodic password updates.

      isi auth users modify eyeglass --password-expires no

   2. Establish a role named EyeglassAdmin to centralize administrative privileges for managing the cluster.

      isi auth roles create --name EyeglassAdmin --description "EyeglassAdmin role"

   3. Add the eyeglass user to the EyeglassAdmin role to grant necessary administrative permissions.

      isi auth roles modify EyeglassAdmin --add-user eyeglass

5. Assign necessary privileges to the EyeglassAdmin role.

   • General Administrative Privileges: Provide broad administrative capabilities such as authentication, role management, and configuration oversight:

     isi auth roles modify EyeglassAdmin --add-priv ISI_PRIV_AUTH
     isi auth roles modify EyeglassAdmin --add-priv ISI_PRIV_ROLE
     isi auth roles modify EyeglassAdmin --add-priv ISI_PRIV_CONFIGURATION

   • System and Network Management: Grant permissions related to network settings, NFS, SMB, and system quotas:

     isi auth roles modify EyeglassAdmin --add-priv ISI_PRIV_NFS
     isi auth roles modify EyeglassAdmin --add-priv ISI_PRIV_SMB
     isi auth roles modify EyeglassAdmin --add-priv ISI_PRIV_NETWORK
     isi auth roles modify EyeglassAdmin --add-priv ISI_PRIV_QUOTA

   • Security and Compliance: Enable privileges related to security measures, audit capabilities, and compliance:

     isi auth roles modify EyeglassAdmin --add-priv ISI_PRIV_AUDIT
     isi auth roles modify EyeglassAdmin --add-priv ISI_PRIV_HARDENING
     isi auth roles modify EyeglassAdmin --add-priv ISI_PRIV_WORM

   • Data Protection and Recovery: Add privileges for managing snapshots, disaster recovery, and data replication:

     isi auth roles modify EyeglassAdmin --add-priv ISI_PRIV_SNAPSHOT
     isi auth roles modify EyeglassAdmin --add-priv ISI_PRIV_SYNCIQ
     isi auth roles modify EyeglassAdmin --add-priv-ro ISI_PRIV_REMOTE_SUPPORT

   • Storage Optimization: Enhance the role with capabilities to manage storage pools, devices, and file filtering:

     isi auth roles modify EyeglassAdmin --add-priv-ro ISI_PRIV_SMARTPOOLS
     isi auth roles modify EyeglassAdmin --add-priv-ro ISI_PRIV_CLOUDPOOLS
     isi auth roles modify EyeglassAdmin --add-priv-ro ISI_PRIV_DEVICES
     isi auth roles modify EyeglassAdmin --add-priv-ro ISI_PRIV_FILE_FILTER

   • Monitoring and Statistics: Provide read-only access for monitoring and statistics to support performance analysis:

     isi auth roles modify EyeglassAdmin --add-priv-ro ISI_PRIV_STATISTICS
     isi auth roles modify EyeglassAdmin --add-priv-ro ISI_PRIV_MONITORING
     isi auth roles modify EyeglassAdmin --add-priv-ro ISI_PRIV_HTTP
     isi auth roles modify EyeglassAdmin --add-priv-ro ISI_PRIV_NTP
     isi auth roles modify EyeglassAdmin --add-priv-ro ISI_PRIV_EVENT
     isi auth roles modify EyeglassAdmin --add-priv-ro ISI_PRIV_ANTIVIRUS

   • Specialized Access: Enable specialized access for system features such as HDFS and NDMP:

     isi auth roles modify EyeglassAdmin --add-priv-ro ISI_PRIV_HDFS
     isi auth roles modify EyeglassAdmin --add-priv-ro ISI_PRIV_NDMP

Post-deployment environment setup

Register Superna licenses

Retrieve the Superna Disaster Recovery Edition license keys from the Zendesk case by following these steps:

1. Login to the Superna Support Desk.

   note

   Ensure a valid support account is logged in to access the license key download dialog box.

   Submit the license request by entering the Appliance ID and Transaction Token as provided in the license email.

   note

   The Appliance ID and Transaction Token must be entered exactly as shown on the license email, with all dashes and without any leading or trailing spaces.

   Ex. EMC-xxx-xxx-xxx-xxx

2. Download the provided zipped license file.

   warning

   Do not unzip the license file; the .zip file will be uploaded in the next step.

3. Upload License File

   Select License Management > Manage Licenses > Browse

   Upload the zipped file downloaded in the previous step.

   note

   After selecting Upload, the Eyeglass EULA must be accepted to continue the process.

Add clusters

warning

Ensure that both the source and target clusters comply with the support feature matrix. Additionally, all PowerScale OneFS cluster replication pairs should operate on a PowerScale OneFS version that is listed and supported as per the Platform Support guide.

1. Open the Eyeglass UI to get started.

2. In the Eyeglass Main Menu, select Add Managed Device to start adding cluster configurations.

3. Provide the cluster details as prompted by the interface.

   PowerScale OneFS

   • Node IP in System Zone (not SSIP): Provide an IP address allocated for the System Access Zone. Avoid using SSIP, as it is unsuitable for administrative connections.

     note

     Starting from release 2.5.5, it is mandatory to use a node IP with dynamic IP allocation within a subnet that is part of the System Access Zone. This requirement is due to a CSRF security patch that disables basic authentication and prevents session tokens from being shared between PowerScale OneFS nodes. For further details, refer to the associated technical documentation.

   • Port: Default to 8080 unless there is a requirement for a different port number.

   • Username and Password: Input the username and password of the Eyeglass service account.

   • Maximum RPO Value: (Optional) Define the recovery point objective in minutes, if desired.

   • Active Directory Username and Password for Runbook Robot: (Optional) Enter if you're using AD credentials for Runbook automation.

4. Submit the form to add the cluster to Eyeglass.

5. Verify Inventory Collection

   After adding a cluster, Superna DR Edition initiates an automatic inventory task to identify and catalog the cluster's components.

   note

   The inventory discovery process typically takes between 5 to 10 minutes.

   Once this inventory task completes, the results are displayed in the Inventory View.

   To access this, select the Inventory View icon.

   This will open the Inventory View window, showing a list of all managed devices.

   note

   The Inventory View does not auto-refresh. To view the most up-to-date information, manually refresh the page by selecting the Refresh button located at the bottom right corner of the GUI.

   Remember: The inventory discovery process typically takes between 5 to 10 minutes.

   Monitor this process and verify that all components have been correctly added and displayed.

Enable/disable jobs

This section will walk you through the process of enabling or disabling jobs, including bulk actions for managing multiple jobs at once.

1. Open the Eyeglass Main Menu

   From the main dashboard, locate and select the Jobs icon.

   

2. View the Jobs List

   Once the Jobs window is open, you'll see a list of available jobs. You can view details such as the job name, policy, type, last run date, and the current state.

3. Select Jobs to enable or disable

   Check the box next to the jobs you want to enable or disable.

   info

   You can select more than one job at the same time by checking multiple boxes.

4. Use the Bulk Action to enable or disable jobs

   After selecting the jobs, look at the bottom right of the window for the dropdown button labeled Select a bulk action. Select on this button and choose either Enable or Disable based on the action you want to perform.

   

5. Effect of Enabling the Job

   info

   On the next Configuration Replication cycle, the enabled Job will run.

   This process allows you to manage multiple jobs efficiently by enabling or disabling them in bulk.

Setup notifications

Configure SMTP

Enter the information for an email server by selecting Notification Center > Configure SMTP in the Eyeglass Main Menu:

To continue the configuration of SMTP:

• In the Host name: textbox enter the host name for the email server.

• In the Port textbox, type the port which should be used for sending email.

• In the From: textbox, enter the email address of the sender of the email. Any String before and after @ is accepted:

  Syntax: xx@y, xx@y.z E.g.: alerts@eyeglass, alerts@eyeglass.com, etc.

• Tick the Use Authentication: checkbox if email server requires an authenticated login.

• In the User: textbox, provide the user or email address required for authentication.

• In the Password: textbox, provide the password for authentication.

• Tick Enable TLS: checkbox if the email server expects TLS communication.

• Alarm Severity Filter: Select level of alarms to receive emails for. Note that alarms more severe than the selected filter are also emailed.

  • Use the Test Email Setting button to check that the email server information added is correct. If an error occurs, there are error codes from the SMTP connection. The "no error" response indicates a successful connection. If an error is returned the debug response should be sent to https://support.superna.net.

Save the changes.

Configure Email Recipients

Enter the information for email recipients by selecting Eyeglass Main Menu > Notification Center > Manage Recipients.

• Enter the email address in the Email Recipient: textbox.

• Select the report type for this user to receive. The following options are available:

  • All (All Reports & Alerts)

  • Reports (RPO, cluster configuration)

  • Auditor Only Reports (All reports and email notifications for Easy Auditor)

  • Quota Management (Quota Usage reports for Cluster Storage Monitor solution)

  • Data recovery+ (Cluster Storage Monitor product Data Recovery portal emails)

  • Select the Add/Edit button.