Managing Cloud Settings

Cloud administrators can use Command Center to configure global cloud settings.
Cloud settings can be reached by clicking the image111 icon on the upper right corner of the screen and selecting the Settings option on the drop down menu.

Cloud setting managed by command center are divided into 5 categories:

Category

Description

General

General Cloud level setting

Security

Cloud level security settings

Network

Cloud networking parameters

VPSA

Settings effecting VPSA instances defined on the cloud

Object Storage

Settings effecting VPSA Object Storage instances defined on the cloud

Management

Management protocols settings

General Cloud Settings

image112

Cloud Name Allows to change the Cloud name

Note

Cloud name can be set only if the cloud does not contain
any VPSA/VPSA Object Storage entities

Domain Name

Sets the domain name that will be used for sender address in emails sent from the cloud.

Internet Access Toggles between Online and Offline Cloud. An Offline cloud is defined as a Cloud that has no internet access for management. Users of offline clouds are required to provide local SMTP , FTP and NTP services and to configure support ticket and Zsnap methods accordingly. In offline clouds license management is also performed manually as there is availability of a remote licensing server.

Note

MAG files will be created and upload only in clouds with internet access

Support ticket method Toggles support tickets sending on/off and to select the ticket transmission method. Valid options for support ticket transmissions are Zendesk or SMTP

Settings for Zendsesk ticket transmission:

image113

Parameter

Description

Zendesk URL

URL for the Zendesk Application

Zendesk user

User id used for Zendesk login

ZenDesk Password

Zendesk users password

Settings for SMTP ticket transmission:

image114

Parameter

Description

Server

SMTP server address

Login

SMTP server login required?

Login User

SMTP User id

AUTH method

SMTP Authentication method to be used (PLAIN or LOGIN supported)

Password

Password for SMTP user

Port

TCP port number for SMTP service

Port SSL

TCP port number for SMTP service is SSL is used

Secure

Force secure SMTP(via TLS)

From user

Email sender address

To User

Email recipient address

Emails sending method

Allows the cloud admin to configure a personalized email account from which customer emails will be issued. The cloud admin can also define the support email address which will refenced in the emails body as the support contact email.

Note

In case emails sending method is not defined and the cloud has internet connectivity customer emails will be issued from Zadara’s AWS SES email account.
In case emails sending method is not defined and the cloud does not have internet connectivity customer emails will be issued from the SMTP account defined in the Support ticket method section.

Settings for personalized SMTP account

image254

Parameter

Description

Server

SMTP server address

Login

SMTP server login required?

Login User

SMTP User id

AUTH method

SMTP Authentication method to be used (PLAIN or LOGIN supported)

Password

Password for SMTP user

Port

TCP port number for SMTP service

Port SSL

TCP port number for SMTP service is SSL is used

Secure

Force secure SMTP(via TLS)

From user

Email sender address

To User

Email recipient address

ZSNAP upload settings

Sets the target and upload method of Zadara ZSNAPs.

Settings for AWS S3 ZSNAP upload:

image115

Parameter

Description

Access key

AWS S3 access key

Secret key

AWS S3 secret key

Bucket

AWS S3 bucket for ZSANP upload

Region

AWS Region for the specified bucket

Settings for VPSA Object Storage ZSNAP upload:

image116

Parameter

Description

Access key

VPSA Object Storage S3 access key

Secret key

VPSA Object Storage S3 secret key

Bucket

AWS S3 bucket for ZSANP upload

EndPoint

VPSA Object Storage FQDN

Region

VPSA Object Storage Region for the specified bucket

Settings for FTP ZSNAP upload:

image117

Parameter

Description

Server

FTP server address

User

FTP login user id

Password

Password for FTP login user id

Max-allowed-mb

When using CCmaster FTP server. maximum ZSNAP capacity threshold

Max-retain-mb

When using CCmaster FTP server. minimum ZSNAP capacity retained

Zadara MAG upload settings

Sets the target and upload method of Zadara MAGs.

Settings for AWS S3 MAG upload:

image118

Parameter

Description

Access key

AWS S3 access key

Secret key

AWS S3 secret key

Bucket

AWS S3 bucket for MAG upload

Region

AWS Region for the specified bucket

Settings for VPSA Object Storage MAG upload:

image119

Parameter

Description

Access key

VPSA Object Storage S3 access key

Secret key

VPSA Object Storage S3 secret key

Bucket

AWS S3 bucket for MAG upload

EndPoint

VPSA Object Storage FQDN

Region

VPSA Object Storage Region for the specified bucket

Cache/AFA-Meta drives settings

Configures the behavior of the cloud when provisioning VPSA all flash and whether to allow the use of cloud solid state drives as AFA cache instead of Optane drives.

Note

VPSA All Flash architecture was designed to utilize Optane drives to optimize overall system performance.
The use of Solid state drives as AFA cache should be limited for testing purposes only and coordinated with Zadara support.

Parameter

Description

Allow temporarily setting SSDs as AFA-Meta Drive

Enables setting SSDs as AFA cache

SSD Cache Max usable capacity

Sets the Maximum capacity that will be used for an SSD drive designated as AFA cache

Ticket threshold

Sets timed thresholds for specific events to be considered for support ticket generation:

Parameter

Description

Failed drive ticket time

Allowed Failure time before user ticket generation

Failed drive support ticket time

Allowed Failure time before support ticket generation

Failed heartbeat ticket time

Allowed Failure time before user ticket generation

CCVM Engine size

Sets the CCVM configuration in terms of CPU and memory.

Engine size

Number of CPUs

Ram(Gib)

Small

1

2

Medium

2

4

Large

4

8

Automatic drive replacement

Configuration for the cloud automatic drive replacement feature. When Automatic drive replacement is enabled replacement will be triggered for a failed drive reported in any cloud resident VPSA. The Drive replacement will be performed after a user provided monitoring interval. Failed drives will be replace by drives from similar model an similar capacity ( given that spares from this drive types exist in the cloud).

image232

Parameter

Description

Enable Automatic Drive Replacement

Is auto replace enabled

Failed drive support ticket time

The time (in minutes) after which replacement will be triggered for a drive presumed to be failed

Note

The recommended value for automatic drive replacement timeout is 30 minutes.
Automatic drive replacement will not occur for drives which are members in a RAID group with dedicated hot spare drive defined.
Automatic drive replacement will not occur when more then 4 drives fail at the same time.

Security Settings

image120

Password expiration

Settings to determine the managed entities password expiration and replacement policy.

Parameter

Description

Enforce Password Expiration

ON - User Password expires and replacement is required after the specified period

Password Expire After

Number of days a certain password is valid

Password history

Number password replacement cycles in which a password cannot be repeated

VPSA API Passthrough

Allows VPSA instances running in the cloud to be managed using Command Center as an API endpoint. This option should be used when an application requires management access to VPSAs from a dedicated network outside of the Zadara cloud.

Custom Certificate for Command Center & Provisioning Portal

Allows replacement of the default certificate used in Command Center and Provisioning Portal to a user provided certificate. Users are required to upload their .crt and .key files to perform the certificate replacement.

Note

The provided user certificate must be compatible with NGINX HTTP server.

Trusted CAs

Allows for adding certificate authorities to the VPSACommand Center Trusted CA lists by uploading Certificates signed by them bundled in a .zip file.

Dual Factor Turns on dual factor authentication for all local command center users.

Network Settings

image121

MTU Size

Allows user to increase their Cloud Networks MTU.

Parameter

Description

FE MTU size

MTU size for the VPSA network (Front-End

Public MTU size

MTU size for the public network

Note

FE MTU setting effect all custom networks defined in the cloud.

Protection Zones backend connectivity

Allows to configure the use of the iSCSI protocol instead of the iSER protocol in multizone clouds. Protection Zones backend connectivity settings modifies the backend protocol used for inter-zone connectivity only (in-zone requests will still use iSER). Inter-Zone Backend connectivity should be switched to iSCSI only in cases where iSER connectivity cannot be established between zones ( for example due to the network setup).

image244

To configure iSCSI Inter-Zone Backend connectivity first make sure that no multizone VPSA\Object storage is already configured in the cloud . Set Remote region backend protocol to iSCSI and click on the Update button to apply settings.

When Remote region backend protocol is set to iSCSI a warning message will be displayed on Command center Protection Zone tab.

image242

Warning

switching inter-region connectivity protocol to iSCSI might impact VPSA/Object storage performance

VPSA Settings

image122

Domain name

Sets the domain name to be used for VPSA entities defined on the cloud.

Recycle bin

Sets the period (in days) in which deleted VPSA entities remain in the recycle bin before being purged from the system therefore becoming unrecoverable.

Certificate

Allows replacement of the default certificate used in VPSA web management application to a user provided certificate. Users are required to upload their .crt and .key files to perform the certificate replacement.

Note

The provided user certificate must be compatible with NGINX HTTP server.

Object Storage Settings

image123

Certificate

Allows replacement of the default certificate used for newly VPSA Object storage web management application to a user provided certificate. Users are required to upload their .crt and .key files to perform the certificate replacement.

Note

The provided user certificate must be compatible with NGINX HTTP server.
To replace certificates used in existing VPSA Object storage instances use the VPSA GUI.

Management Settings

image234

SNMP

The Zadara cloud ecosystem supports Cloud/VPSA/Object Storage administrator level infrastructure monitoring via SNMP Traps. Zadara Cloud SNMP traps are architecture to alert administrator on infrastructure events and are produced in parallel to Zendesk tickets.

SNMP traps can be sent from:

  • VPSA

  • VPSA Object Storage

  • Cloud Storage Nodes

  • CCVM

The Zadara cloud SNMP MIB is publicly available for downloading at the following link: https://zadarastorage-software.s3.amazonaws.com/snmp-mib/20.01/ZADARA-MIB.txt

Note

- The Zadara cloud currently supports a single trap recipient
- SNMP is supported for VPSA/VPSA Object Storage entities in version 20.01 and above
- Storage Node level SNMP traps are not supported for nodes running with trusty kernel

General SNMP Setting

image236

Parameter

Description

Enable SNMP

If checked - SNMP Traps will be sent from all the cloud monitored elements according to the specified configuration

Minimum ticket priority

Minimum priority set for a Zendesk ticket from which an SNMP trap will also be sent

Protocol Version

SNMP version to be used (supported versions are SNMPv2 and SNMPv3)

Note

SNMP Traps are not bound to any specific network. The network interface from which SNMP traps
will be sent will be determined according to the managed entity routing configuration

Settings for SNMPV2

image235

Parameter

Description

Community

SNMPv2 trap community to be used

Settings for SNMPV3

image237

Parameter

Description

Username

SNMPV3 username for sending traps

Minimum ticket priority

Minimum priority set for a Zendesk ticket from which an SNMP trap will also be sent

Auth Protocol

SNMPv3 Authentication protocol to use. Supported protocols are: none, MD5, SHA-1, SHA-2-224, SHA-2-256, SHA-2-384 and SHA-2-512.

Auth key

SNMPv3 authentication password (valid of Auth protocol is set to any value but none). Minimum Auth key lengths is 8 characters.

Privacy Protocol

SNMPv3 privacy(encryption) protocol to use. Supported protocols are: none, AES128 , AES192, AES256 and DES

Priv key

SNMPv3 privacy(encryption) key (valid of privacy protocol is set to any value but none) Minimum. Priv key lengths is 8 characters.

Note

SNMPv3 supported modes of operations are : NoAuthNoPriv, AuthNoPriv, AuthPriv

Testing SNMP Settings Cloud Administrator can test and validate their SNMP settings prior to applying then by sending a test trap. Test traps are produced by clicking on the Test button on the SNMP settings dialog, Test traps are produced and transmitted according to the specified settings.

Working with SNMPv3 Engine IDs Sending and receiving SNMPv3 Traps requires the usage of a managed element identifier known as SNMP Engine ID. Each managed element engine ID should be configured in the SNMP trap recipient to allow receival of traps from this entity. The Zadara cloud defines a different engine ID for :

  • The Zadara Cloud infrastructure(All Storage Node and the Cloud Controller VM)

  • Each VPSA/VPSA Object Storage entity

The Engine ID for the Zadara Cloud infrastructure is specified on the bottom right corner of the screen.

image238

The Engine ID for a VPSA/VPSA object Storage entity is specified in the entities property tab.

image239

Note

for VPSA/VPSA Object storage entities with versions lower then 20.01 - SNMPv3 Engine ID will not be displayed.