Managing Cloud Settings

Cloud administrators can use Command Center to configure global cloud settings.
Cloud settings can be reached by clicking the image111 icon on the upper right corner of the screen and selecting the Settings option on the drop down menu.

Cloud setting managed by command center are divided into 5 categories:

Category

Description

General

General Cloud level setting

Security

Cloud level security settings

Network

Cloud networking parameters

VPSA

Settings effecting VPSA instances defined on the cloud

Object Storage

Settings effecting VPSA Object Storage instances defined on the cloud

Management

Management protocols settings

General Cloud Settings

image112

Cloud Name Allows to change the Cloud name

Note

Cloud name can be set only if the cloud does not contain
any VPSA/VPSA Object Storage entities

Domain Name

Sets the domain name that will be used for sender address in emails sent from the cloud.

Internet Access Toggles between Online and Offline Cloud. An Offline cloud is defined as a Cloud that has no internet access for management. Users of offline clouds are required to provide local SMTP , FTP and NTP services and to configure support ticket and Zsnap methods accordingly. In offline clouds license management is also performed manually as there is availability of a remote licensing server.

Note

MAG files will be created and upload only in clouds with internet access

Support ticket method Toggles support tickets sending on/off and to select the ticket transmission method. Valid options for support ticket transmissions are Zendesk or SMTP

Settings for Zendsesk ticket transmission:

image113

Parameter

Description

Zendesk URL

URL for the Zendesk Application

Zendesk user

User id used for Zendesk login

ZenDesk Password

Zendesk users password

Settings for SMTP ticket transmission:

image114

Parameter

Description

Server

SMTP server address

Login

SMTP server login required?

Login User

SMTP User id

AUTH method

SMTP Authentication method to be used (PLAIN or LOGIN supported)

Password

Password for SMTP user

Port

TCP port number for SMTP service

Port SSL

TCP port number for SMTP service is SSL is used

Secure

Force secure SMTP(via TLS)

From user

Email sender address

To User

Email recipient address

Emails sending method

Allows the cloud admin to configure a personalized email account from which customer emails will be issued. The cloud admin can also define the support email address which will refenced in the emails body as the support contact email.

Note

In case emails sending method is not defined and the cloud has internet connectivity customer emails will be issued from Zadara’s AWS SES email account.
In case emails sending method is not defined and the cloud does not have internet connectivity customer emails will be issued from the SMTP account defined in the Support ticket method section.

Settings for personalized SMTP account

image254

Parameter

Description

Server

SMTP server address

Login

SMTP server login required?

Login User

SMTP User id

AUTH method

SMTP Authentication method to be used (PLAIN or LOGIN supported)

Password

Password for SMTP user

Port

TCP port number for SMTP service

Port SSL

TCP port number for SMTP service is SSL is used

Secure

Force secure SMTP(via TLS)

From user

Email sender address

To User

Email recipient address

Upload endpoints settings

Allows the cloud administrator to configure alternate endpoints for upload of cloud Zsnaps, Mag and configuration information

Upload endpoints can be of the following types:

  • AWS S3 endpoint

  • VPSA Object Storage endpoint

  • FTP target

Upon entry this section will display details on the clouds configured endpoints.

image278

The Cloud administrator can configure additional upload endpoints by clicking on the New button on the top left corner of this section.

image279

Upload endpoint configuration requires the following input:

Parameter

Description

Endpoint name

A name for this upload endpoint

Method

Endpoint type(AWS S3/VPSA Object Storage/FTP

Access Key

in case of AWS S3/VPSA Object Storage a valid access key for this endpoint

Secret Key

in case of AWS S3/VPSA Object Storage a valid secret key for this endpoint

Server

in case of FTP the FTP server address

User

in case of FTP the FTP FTP user

Password

in case of FTP the FTP FTP password

Use Proxy

in case of FTP wether to use a proxy for FTP connection

To configure the new upload endpoint provide all required details and click on Save, your endpoint will be created. User configured endpoints can also be updated or deleted.

ZSNAP upload settings

Sets upload target used for the cloud zSnaps upload.

Note

Only one upload endpoint can be specified for zSnap upload.

Settings for zSnap upload to an AWS S3/VPSA Object Storage endpoint:

image115

Parameter

Description

Bucket

bucket for ZSANP upload

Settings for zSnap upload to an FTP endpoint

image116

Parameter

Description

Max-allowed-mb

When using CCmaster FTP server. maximum ZSNAP capacity threshold

Max-retain-mb

When using CCmaster FTP server. minimum ZSNAP capacity retained

Settings for metering data upload

Sets the target endpoints to which metering data can be uploaded. Up to 3 AWS S3 endpoints can be configured for metering data upload. To add additional upload endpoints click on the Add Another button. Additional endpoints can also be removed by clicking on the Discard button.

image118

Parameter

Description

Bucket

bucket for metering data upload

Settings for configuration data upload

Sets the target endpoints to which configuration data can be uploaded. Up to 3 AWS S3 endpoints can be configured for metering data upload. To add additional upload endpoints click on the Add Another button. Additional endpoints can also be removed by clicking on the Discard button.

image280

Parameter

Description

Bucket

bucket for configuration data upload

Upload period (seconds)

Sets the configuration data upload interval

Cache/AFA-Meta drives settings

Configures the behavior of the cloud when provisioning VPSA all flash and whether to allow the use of cloud solid state drives as AFA cache instead of Optane drives.

Note

VPSA All Flash architecture was designed to utilize Optane drives to optimize overall system performance.
The use of Solid state drives as AFA cache should be limited for testing purposes only and coordinated with Zadara support.

Parameter

Description

Allow temporarily setting SSDs as AFA-Meta Drive

Enables setting SSDs as AFA cache

SSD Cache Max usable capacity

Sets the Maximum capacity that will be used for an SSD drive designated as AFA cache

Mount Capacity Threshold

Sets the Clouds /mnt/Nova folder capacity threshold. an alert will be issued in case this capacity threshold is exceeded.

Parameter

Description

Mount Capacity Alert Threshold (GiB)

Capacity treshold in GiB

Ticket threshold

Sets timed thresholds for specific events to be considered for support ticket generation:

Parameter

Description

Failed drive ticket time

Allowed Failure time before user ticket generation

Failed drive support ticket time

Allowed Failure time before support ticket generation

Failed heartbeat ticket time

Allowed Failure time before user ticket generation

CCVM Engine size

Sets the CCVM configuration in terms of CPU and memory.

Engine size

Number of CPUs

Ram(Gib)

Small

1

2

Medium

2

4

Large

4

8

Automatic drive replacement

Configuration for the cloud automatic drive replacement feature. When Automatic drive replacement is enabled replacement will be triggered for a failed drive reported in any cloud resident VPSA. The Drive replacement will be performed after a user provided monitoring interval. Failed drives will be replace by drives from similar model an similar capacity ( given that spares from this drive types exist in the cloud).

image232

Parameter

Description

Enable Automatic Drive Replacement

Is auto replace enabled

Failed drive support ticket time

The time (in minutes) after which replacement will be triggered for a drive presumed to be failed

Note

The recommended value for automatic drive replacement timeout is 30 minutes.
Automatic drive replacement will not occur for drives which are members in a RAID group with dedicated hot spare drive defined.
Automatic drive replacement will not occur when more then 4 drives fail at the same time.

Security Settings

image120

Password expiration

Settings to determine the managed entities password expiration and replacement policy.

Parameter

Description

Enforce Password Expiration

ON - User Password expires and replacement is required after the specified period

Password Expire After

Number of days a certain password is valid

Password history

Number password replacement cycles in which a password cannot be repeated

VPSA API Passthrough

Allows VPSA instances running in the cloud to be managed using Command Center as an API endpoint. This option should be used when an application requires management access to VPSAs from a dedicated network outside of the Zadara cloud.

Custom Certificate for Command Center & Provisioning Portal

Allows replacement of the default certificate used in Command Center and Provisioning Portal to a user provided certificate. Users are required to upload their .crt and .key files to perform the certificate replacement.

Note

The provided user certificate must be compatible with NGINX HTTP server.

Trusted CAs

Allows for adding certificate authorities to the VPSACommand Center Trusted CA lists by uploading Certificates signed by them bundled in a .zip file.

Dual Factor Turns on dual factor authentication for all local command center users.

Network Settings

image121

MTU Size

Allows user to increase their Cloud Networks MTU.

Parameter

Description

FE MTU size

MTU size for the VPSA network (Front-End

Public MTU size

MTU size for the public network

Note

FE MTU setting effect all custom networks defined in the cloud.

Protection Zones backend connectivity

Allows to configure the use of the iSCSI protocol instead of the iSER protocol in multizone clouds. Protection Zones backend connectivity settings modifies the backend protocol used for inter-zone connectivity only (in-zone requests will still use iSER). Inter-Zone Backend connectivity should be switched to iSCSI only in cases where iSER connectivity cannot be established between zones ( for example due to the network setup).

image244

To configure iSCSI Inter-Zone Backend connectivity first make sure that no multizone VPSA\Object storage is already configured in the cloud . Set Remote region backend protocol to iSCSI and click on the Update button to apply settings.

When Remote region backend protocol is set to iSCSI a warning message will be displayed on Command center Protection Zone tab.

image242

Warning

switching inter-region connectivity protocol to iSCSI might impact VPSA/Object storage performance

VPSA Settings

image122

Domain name

Sets the domain name to be used for VPSA entities defined on the cloud.

Recycle bin

Sets the period (in days) in which deleted VPSA entities remain in the recycle bin before being purged from the system therefore becoming unrecoverable.

Certificate

Allows replacement of the default certificate used in VPSA web management application to a user provided certificate. Users are required to upload their .crt and .key files to perform the certificate replacement.

Note

The provided user certificate must be compatible with NGINX HTTP server.

Object Storage Settings

image123

Certificate

Allows replacement of the default certificate used for newly VPSA Object storage web management application to a user provided certificate. Users are required to upload their .crt and .key files to perform the certificate replacement.

Note

The provided user certificate must be compatible with NGINX HTTP server.
To replace certificates used in existing VPSA Object storage instances use the VPSA GUI.

Management Settings

image234

SNMP

The Zadara cloud ecosystem supports Cloud/VPSA/Object Storage administrator level infrastructure monitoring via SNMP Traps. Zadara Cloud SNMP traps are architecture to alert administrator on infrastructure events and are produced in parallel to Zendesk tickets.

SNMP traps can be sent from:

  • VPSA

  • VPSA Object Storage

  • Cloud Storage Nodes

  • CCVM

The Zadara cloud SNMP MIB is publicly available for downloading at the following link: https://zadarastorage-software.s3.amazonaws.com/snmp-mib/20.01/ZADARA-MIB.txt

Note

- The Zadara cloud currently supports a single trap recipient
- SNMP is supported for VPSA/VPSA Object Storage entities in version 20.01 and above
- Storage Node level SNMP traps are not supported for nodes running with trusty kernel

General SNMP Setting

image236

Parameter

Description

Enable SNMP

If checked - SNMP Traps will be sent from all the cloud monitored elements according to the specified configuration

Minimum ticket priority

Minimum priority set for a Zendesk ticket from which an SNMP trap will also be sent

Protocol Version

SNMP version to be used (supported versions are SNMPv2 and SNMPv3)

Note

SNMP Traps are not bound to any specific network. The network interface from which SNMP traps
will be sent will be determined according to the managed entity routing configuration

Settings for SNMPV2

image235

Parameter

Description

Community

SNMPv2 trap community to be used

Settings for SNMPV3

image237

Parameter

Description

Username

SNMPV3 username for sending traps

Minimum ticket priority

Minimum priority set for a Zendesk ticket from which an SNMP trap will also be sent

Auth Protocol

SNMPv3 Authentication protocol to use. Supported protocols are: none, MD5, SHA-1, SHA-2-224, SHA-2-256, SHA-2-384 and SHA-2-512.

Auth key

SNMPv3 authentication password (valid of Auth protocol is set to any value but none). Minimum Auth key lengths is 8 characters.

Privacy Protocol

SNMPv3 privacy(encryption) protocol to use. Supported protocols are: none, AES128 , AES192, AES256 and DES

Priv key

SNMPv3 privacy(encryption) key (valid of privacy protocol is set to any value but none) Minimum. Priv key lengths is 8 characters.

Note

SNMPv3 supported modes of operations are : NoAuthNoPriv, AuthNoPriv, AuthPriv

Testing SNMP Settings Cloud Administrator can test and validate their SNMP settings prior to applying then by sending a test trap. Test traps are produced by clicking on the Test button on the SNMP settings dialog, Test traps are produced and transmitted according to the specified settings.

Working with SNMPv3 Engine IDs Sending and receiving SNMPv3 Traps requires the usage of a managed element identifier known as SNMP Engine ID. Each managed element engine ID should be configured in the SNMP trap recipient to allow receival of traps from this entity. The Zadara cloud defines a different engine ID for :

  • The Zadara Cloud infrastructure(All Storage Node and the Cloud Controller VM)

  • Each VPSA/VPSA Object Storage entity

The Engine ID for the Zadara Cloud infrastructure is specified on the bottom right corner of the screen.

image238

The Engine ID for a VPSA/VPSA object Storage entity is specified in the entities property tab.

image239

Note

for VPSA/VPSA Object storage entities with versions lower then 20.01 - SNMPv3 Engine ID will not be displayed.

Ticket Settings

The Ticket Settings Section allows the cloud administrator to override the default attributes of the cloud infrastructure support tickets.

Ticket attributes can be configured in 2 different scopes:

  • Cloud level scope - performed from Command Center Settings management section

  • VPSA/VPSA Object Storage scope - performed from the virtual array settings tab

Note

In case of conflict between global and VPSA/VPSA Object Storage ticket settings
VPSA/VPSA Object storage setting are applied for tickets produced by the virtual array.

image267

Parameter

Description

Message ID

The Message Id of the ticket to be configured

Suppression expiration date (UTC)

Sets a ticket as suppressed until a given timestamp. Suppressed will not be sent into zendesk from this particular cloud

Zsnap

allows the user to configure weather a Zsnap will be created when this ticket is produced and what type of Zsnap will be created (full/light)

Send To Users

indicates weather tickets for the specific message id will be sent to cloud users that have enabled notifications.

rate limit(seconds)

The interval from the time a specific ticket is produced to the time in which another ticket with the same message id and concerning the monitored element can be produced again

comment

User Filled Comment explaining the reason for this attributes change

After creation of a custom ticket rule the initial dialog of the ticket settings section will be modified to display the rules currently applied on this cloud.

image268

Existing rules can also be edited or deleted by clicking on the appropriate button in the Actions column.

Note

The cloud level ticket rules display does not provide any visibility of rules defined in a single VPSA or VPSA Object Storage
Scope and vice versa.