Manage storage administration

Stay organized with collections Save and categorize content based on your preferences.

Storage Administration and Data Protection Administration features are available from the PowerScale Cluster Details page. Selecting Storage Administration and Data Protection Administration options opens a new window that provides access to in-depth features.

Storage Administration

Dell PowerScale Storage Administration functions provide flexibility by letting administrators manage authentication-provider settings and protocol settings based on business requirements. The following features are managed in Storage Administration:

  • File system explorer: View and manage the directories under your access zone path.
  • Access:
    • Access zones: View and modify settings of your access zone. Additional access zones aren't supported. Don't modify the access zone name. Doing so causes file-share creation in Google Cloud console to fail.
    • Authentication providers: Manage the authentication providers for your access zone.

You can manage authentication settings for your cluster, including authentication providers, Active Directory domains, LDAP, NIS, and Kerberos authentication, file and local providers, multi-factor authentication, and more.

Membership and roles

User and group management

User and group management enables you to do the following:

  • View and manage the users in your access zone
  • Manage user mapping for multiprotocol access
  • View the ACL policy and on-disk identity settings

Add a user

To add a user through the Google Cloud console, follow these instructions:

  1. Click Access > Membership & Roles > Users.
  2. From the Current Access Zone list, select an access zone.
  3. From the Providers list, select the local provider for the zone.
  4. Click Create User.
  5. In the Username field, type a username for the account.
  6. In the Password field, type a password for the account.
  7. Optional: Configure additional settings as needed.
  8. Click Create.

Modify a user

To modify a user through the Google Cloud console, follow these instructions:

  1. Click Access > Membership & Roles > Users.
  2. From the Current Access Zone list, select an access zone.
  3. From the Users list, select the local provider for the access zone.
  4. In the list of users, locate the user, and click View/Edit.
  5. Click Edit User.
  6. Update the settings that you want to configure.
  7. Click Save Changes.
  8. Click Close.

Delete a user

To delete a user through the Google Cloud console, follow these instructions:

  1. Click Access > Membership & Roles > Users.
  2. From the Current Access Zone list, select an access zone.
  3. From the Providers list, select the local provider for the access zone.
  4. In the list of users, locate the user, and click More > Delete. The Confirm Delete dialog appears.
  5. Click Delete.

View a group

To view a group of any authentication provider, follow these instructions:

  1. Click Access > Membership & Roles.
  2. Click the group you want to view.
  3. From the Current Access Zone list, select an access zone.
  4. Select the local provider in the Providers list.

Add or remove group members

To add or remove group members, follow these instructions:

  1. Click Access > Membership & Roles > Groups.
  2. From the Current Access Zone list, select an access zone.
  3. In the list of groups, locate the group, and click View/Edit.
  4. Click Edit Group.
  5. In the Members area, click Add Members to add users to the group, or click Delete next to a username to remove the user from the group.
  6. Click Save Changes.
  7. Click Close.

SMB protocol management

View and modify the SMB share settings. The SMB global setting is read-only. You can also create, modify, or delete SMB shares within the WebUI.

Create an SMB share

To create SMB shares, you must first create access zones. To create access zones and then create SMB shares, follow these instructions:

  1. Click Protocols > Windows Sharing (SMB) > SMB Shares.
  2. From the Current Access Zone drop-down list, select the access zone to create the share.
  3. Click Create an SMB Share.
  4. In the Name field, enter the name that you want use to create the share.

Modify an SMB share

You can modify the permissions, performance, and access settings for individual SMB shares. To modify settings, follow these instructions:

  1. Click Protocols > Windows Sharing (SMB) > SMB Shares.
  2. From the Current Access Zone drop-down list, select the access zone that contains the share you want to edit.
  3. From the list of SMB shares, locate the share that you want to modify and then click View/Edit. The settings for the share display.
  4. Click Edit SMB Share.
  5. Modify the settings for the selected SMB share.
  6. Optional: To modify the settings for file and directory permissions, performance, or security, click Show Advanced Settings.
  7. Click Save Changes.

Delete an SMB share

You can delete SMB shares that are no longer needed. To delete SMB shares, follow these instructions:

  1. Click Protocols > Windows Sharing (SMB) > SMB Shares.
  2. From the Current Access Zone drop-down list, select the access zone that contains the share that you want to delete.
  3. From the list of SMB shares, select the shares that you want to delete.
  4. In the confirmation dialog, click Delete.

NFS protocol management

View and modify the NFS settings for your access zone. The NFS global settings are read-only. You can also create, modify, or delete NFS exports and aliases from within the WebUI.

For more details, see the PowerScale OneFS Web Administration Guide.

Change access zone ownership

PowerScale for Google Cloud creates an access zone named customer-az in the cluster. The user can create fileshares, authentication providers, users, and groups in this cluster. The access zone is rooted at /ifs/<base_directory>.

The fileshares that you created using the Dell PowerScale for Google Cloud interface or the advanced interface are within the same /<base_directory>. To take control of the access zone base directory, delete all the permissions assigned to Dell PowerScale for Google Cloud and assign different levels of permissions to your domain user.

To change the ownership of the access zone base to a different user, create an NFS export or an SMB fileshare at the access zone base directory.

To use Dell PowerScale for Google Cloud to identify the access zone base directory, follow these instructions:

  1. Log in to the Advanced WebUI.
  2. Click Access > Access Zones.
  3. Click View/Edit next to the access zone that you want to modify. The Base Directory window appears.

    The path to the access zone base directory is displayed in the Base Directory window.

Use an NFS export to change who owns an access zone

This section describes how to use the console to change the ownership of the access zone base directory by creating an NFS export.

To import the file authentication provider to the access zone, follow these instructions:

  1. Log in to the Advanced WebUI.
  2. Click Access > Access Zones.
  3. Click View/Edit customer-az access zone. The View Access Zone Details window appears.
  4. Click Edit. The Edit Access Zone window appears.
  5. To allow Root user mapping, add a file authentication provider from system zone to the customer-az access zone.
  6. Click Save changes.

To create an NFS export, follow these instructions:

  1. Click Protocols > UNIX Sharing (NFS) > NFS Exports.
  2. Click Create an export. The Create an export window appears.
  3. In the Directory paths field, type the path to the access zone base directory.
  4. In the Root user mapping list, select Map root user. The Select a user window appears.
  5. In the Providers list, select FILE: System.
  6. Select the user name root.
  7. Click Create export. The new NFS export is created.

To change the ownership of the access zone base directory, perform the same steps provided in Change ownership of an NFS fileshare.

Use an SMB share to change who owns an access zone

To use the console to change the ownership of the access zone base directory by creating an SMB share, follow these instructions:

  1. Log in to the Advanced WebUI.
  2. Go to Protocols > Windows Sharing (SMB) > SMB Shares.
  3. Click Create an SMB share. The Create an SMB Share window appears.
  4. In the path field, type the path to the access zone base directory.
  5. In the Directory ACLs section, select Apply Windows default ACLs.
  6. Click Create Share. The system creates a new SMB fileshare.

To change the ownership of the access zone base directory, perform the same steps provided in Change ownership of an SMB fileshare.

Restoring permissions to the access zone

When the ownership of the access zone base directory changes, permissions to PowerScale for Google Cloud are lost.

When those permissions are lost, Google Cloud console users can't create and manage fileshares. To restore permissions back to PowerScale for Google Cloud, you import the local authentication provider, identify the UID of the console user, and identify the GID of the PowerScale API users group.

Import the local authentication provider

To import the local authentication provider from the system zone to the customer-az zone, run the following PAPI PUT request:

   {"auth_providers": ["lsa-local-provider:customer-az", "lsa-local-provider:system"]}
   

Identify the UID of the Google Cloud console user

To identify the UID of the Google Cloud console user, follow these instructions:

  1. Click Access > Membership and Roles. The Membership and Roles window appears.
  2. Click the Users tab.
  3. In the Providers list, select Local: System.
  4. Click the user name CloudConsole. The View user details window appears.
  5. Identify the UID.

Identify the GID of the PowerScale API users group

To identify the GID of the PowerScale API users group, follow these instructions:

  1. Click Access > Membership and Roles. The Membership and Roles window appears.
  2. Click the Groups tab.
  3. In the Providers list, select Local: System.
  4. Click the Group name PowerScale API Users. The View group details window appears.
  5. Identify the GID.

OneFS supports multiprotocol NAS access. OneFS files and directories can either be in POSIX or ACL mode. The access zone base directory is set to POSIX mode by default.

When an SMB share is created in the access zone base directory, it can be changed to an ACL mode. To find the mode of the base directory, run the following PAPI GET request:

   https://cluster_ip:8080/namespace/base_directory_absolutepath? acl
   

Restoring permissions of the access zone base directory in POSIX mode

To restore permissions of the access zone base directory in POSIX mode, follow these instructions:

  1. In the Google Cloud console, open the SSH web client, and log in as root in the Linux VM in your your Google Cloud project.
  2. Create an NFS export from the base directory.
  3. Mount the NFS export to a Linux VM.
  4. Change the ownership of the access zone base directory and restore the permissions.

    Sudo Chown UID of CloudConsole user:GID of PowerScale API Users group    /mnt/base_dir
    Sudo chmod 775 /mnt/base_dir
    

Now the console user and the PowerScale API Users group have permissions and ownership of the access zone base directory.

Restoring permissions of the access zone base directory in ACL mode

To use the console to restore permissions of the access zone base directory in ACL mode, open a support ticket with Google Cloud. For more information, see Get Dell PowerScale for Google Cloud support.

What's next