Eyeglass Isilon Edition Quick Start Guide for Eyeglass
Introduction to this Guide
Use this document to get your new Eyeglass installation up and running fast with all the best options.
For planning DR and understanding design choices with Eyeglass use the Eyeglass Start Here First Guide
vSphere 5.0 or higher or hyper-v with vhdx appliance appliance requires:
- 4 vCPU
- 16 GB RAM
- 80 GB disk
Chrome Browser (preferred), Browser must support Websockets, Internet Explorer is not supported.
Eyeglass Port Requirements: Eyeglass-Ports-Requirements
NOTE: For release 2.5.3 and later, you must use SSIP in subnet with pool in the System Access zone to add Isilon clusters to Eyeglass (typically the management subnet). Using SmartConnect Zones is no longer supported due to Isilon CSRF patch which disabled basic authentication and does not share session token between Isilon nodes. For more details please refer to Technical Advisory #15 and Technical Advisory #17.
Supported OneFS releases
Please refer to the Release Notes for the Eyeglass Isilon Edition version that you are installing.
Feature Release Compatibility
Please refer to the Release Notes for the Eyeglass Isilon Edition version that you are installing.
Eyeglass Scalability Limits
Please refer to the Eyeglass Admin Guide Scalability limits.
Video Tutorial - Installing Eyeglass for Isilon
The following link provides a video tutorial outlining how to install Eyeglass for Isilon, add clusters and an overview of features.
New Eyeglass Installation
For a new Eyeglass installation, complete the following steps:
- Download Eyeglass OVF, VHDX , Redhat/CENTOS (separate license required for this installer) from Superna web site Latest Appliance Download
- Download process starts.
- Unpack Superna_Eyeglass.x86_64-latest.zip
Appliance HA Options
Two options below, outline how to configure HA option.
NOTE: Follow the install instructions below but consult HA options before deploying the Active appliance at a Data Center location.
- Warm Standby (Single Licence Option)
- Location: Warm Standby at DR site , Prod site for Warm Standby
- Pro: Lower cost - Single Licence
- Con: Longer RTO to restore Warm Standby appliance from backup archive
- Active Active (Requires double the license count)
- Pro: Lower RTO
- Con: Double the licensing cost- Requires 2nd set for each managed cluster
Deploy the Eyeglass Appliance
Eyeglass is delivered in an OVF format for easy deployment in your vCenter environment. Deploy the OVF and then follow the wizard to setup networking for this Linux appliance. You will need to know:
- subnet and network required so that appliance will have IP connectivity to the Isilon clusters that it’s managing, and the users that are using it
- IP address for the appliance
- (Optional) SmartConnect Zone for management access to the cluster
- DNS server
IMPORTANT: If you are using hostname or FQDN for the target cluster in your SyncIQ policies or SmartConnect Zone for adding clusters to Eyeglass, the DNS information entered here must be able to resolve back to a discovered cluster IP Address (should resolve to a SyncIQ SmartConnect Zone IP pool IP address), in order for Eyeglass to perform configuration replication. If the hostname cannot be resolved, Eyeglass will not create the associated configuration replication Job.
Steps to Deploy the OVF with vSphere (skip these steps if familiar with OVF deployments)
OVF Deployment steps :
Step 1 : Download an OVF zip file from Latest Appliance Download.
Step 2 : Unzip the contents of the zip file from Step 1 onto a computer with vSphere web or Windows client installed.
Step 3 : Login to the Vcenter with appropriate login credentials.
Step 4 : Single click on VMware vSphere client on the Desktop. Login with appropriate login credentials.
Step 5 : Once logged in to VMware vSphere client, you can see different Menus on the top left of the application. Next, go to the File menu and select Deploy OVF Template.
Step 6 : Browse to the location of OVF files you’ve downloaded and unzipped in step 1 and 2. Select OK and then Next.
Next, You will see the OVF template details. Verify the details and proceed by selecting Next. Notice download size to be under allocated disk size limit.
Step 7 : Choose a unique name for the virtual machine and select Inventory location for the deployed template. Once done, select Next.
Step 8 : Select the host/cluster where you want to run the deployed template and then Next.
Step 9 : Select the Resource pool within which you wish to deploy the template.
Step 10 : Select a destination storage for virtual machine files, select Next
Step 11 : Select Disk Format for the datastore you selected in previous step.
Step 12 : Enter the networking properties for the Eyeglass appliance VM in the window displayed. Example below. Replace with correct settings for your environment.
Step 13 : When done, click Next and you will see your deployment settings as you provisioned it to be. Verify the settings and if everything's ok, hit Finish. You will see a Message Box that says "Deploying [name you gave for your virtual machine]". You can put a checkmark on "close this dialog when completed".
When the deployment process reaches 100 % the message box disappears which means the deployment has been completed.
Now, we should be able to see our virtual machine listed in vSphere client
Step 1 : Right click on the virtual machine you just created. Select "Power On". That will power on your VM.
Step 2 : Right click again on your VM and Select "Open Console" to access your machine.
Step 3: Login at the prompt
The Eyeglass appliance is deployed with following default admin user password:
admin/3y3gl4ss >> can also be used to login to the Eyeglass UI
! It is highly recommended to reset the default password after the appliance is deployed.
Step 4: sudo su - to root
Root user password is unique to the appliance and has no default. Use the “sudo su” command to change to root user if desired.
Step 5: Type yast2 lan at the prompt.
Now follow steps to setup IP information on the appliance.
Notes on Using yast2
The yast2 interface is a generic text based user interface (TUI) that predates modern mouse and windows desktop environments. The downside of TUI’s are that they can be tricky to navigate if you’ve never used them before - the benefit of TUI’s is that they are widely compatible across platforms and do not require any graphical user interface to be deployed.
yast2 navigation Tips
Use the TAB)key to move from one field to the next.
Use SHIFT TAB) key combination to move backwards
Use the (ARROW) keys to move around within a field
Use the ALT) key, along with the bold letter in the interface to select that specific field, tab or option
Eyeglass Appliance Networking Configuration (yast)
Note: if you need to update the configuration at any time, ssh to the appliance admin user and then sudo su - to root and use the yast2 command to open the wizard.
- The Network Devices / Network Settings window is open.
- In Network Settings screen open second tab: Hostname/DNS.
- Type Hostname for your Eyeglass appliance
- Type DNS server IP. In this example: 192.168.1.250
IMPORTANT: If you are using hostname for the target in your SyncIQ policies, the DNS information entered here must be able to resolve this host back to the Cluster IP Address in order for Eyeglass to perform configuration replication. If the hostname cannot be resolved, Eyeglass will not create the associated configuration replication Job.
IMPORTANT: DNS reverse lookup must be configured to correctly resolve the cluster SSIP used for management and added to Eyeglass . Failure to correctly configure reverse lookup will lead to unexpected failures in Eyeglass discovery, configuration replication and assisted failovers as the reverse lookup DNS response is used by Eyeglass to communicate with the Isilon clusters over the tls protocol . The SSIP for cluster management should resolve with a forward and reverse lookup that match. This can be tested with nslookup x.x.x.x where the ip is the SSIP for cluster management followed by nslookup hostname assigned to SSIP in DNS.
- In Network Settings screen open first tab: Overview. Choose Edit.
- In Network Card Setup screen, choose 2nd tab: Address. Type the same Hostname you entered when deploying the Eyeglass OVF..
- Next - OK - Next
Setup Time zone and NTP
NOTE: 1.9.2 OVF and greater has suse NTP server set automatically on deployment. Use this process to change to alternate NTP example internal NTP server versus Internet.
- Setup NTP server (published online list here)
- Setup Timezone for log time alignment and SyncIQ operations.
- Follow Animated GIF below to set using YAST
- ssh as admin user
- sudo -s
- Enter admin password
Eyeglass Initial Configuration
Your Eyeglass initial configuration steps are:
- Login to the Eyeglass UI
- Install License
- Create Eyeglass service account first for each Isilon cluster with Minimum Privileges (if not done configure Clusters in Eyeglass using root user)
- Add Clusters
Login to the Eyeglass UI
To login to the Eyeglass web UI, enter the following URL into your browser (Chrome preferred) replacing <Eyeglass IP address> with the real IP address assigned to the appliance:
https://<Eyeglass IP address>
You have 2 options for login authentication:
- Login with appliance credentials - use the admin user and password configured on the appliance
- Default user/password: admin / 3y3gl4ss
- Proxy authentication to managed device - enter IP address of an Isilon that Eyeglass has network connectivity with and a valid user and password configured for that Isilon Cluster.
Retrieve your Eyeglass License keys (instructions provided here).
Upload the license zip file provided to you by Superna:
IMPORTANT: Do not unzip the license file. Upload the zip file.
IMPORTANT: You will be asked to accept the Eyeglass EULA and Phone Home after selecting the Upload button. License will not be loaded unless EULA is accepted.
Add Isilon Clusters
NOTE: No Auto Refresh Inventory View
This window does not auto refresh after adding a cluster. You must click the refresh button bottom right to verify when a cluster has finished discovery. This process can take 5-10 minutes typically.
NOTE: Cluster DNS Setup and Add Cluster to Inventory:
If discovery takes a very long time to complete (> 10 minutes), then to check to make sure that cluster configuration data can resolve external URL. Cloud pools use a URL to a storage bucket, and if this URL can not complete a DNS lookup to an IP address, then API calls that discover cloud pools will take too long to complete and will timeout the cluster discovery. Make Sure all URL and DNS resolution is functioning on the cluster.
IMPORTANT: After Discovery of a Cluster’s SyncIQ policies all Eyeglass configuration jobs are disabled automatically
Configuration Replication Jobs for zones, shares, exports and NFS alias protected by SyncIQ Policy are automatically created and in the USERDISABLED state after successful provisioning in Eyeglass. Enabling these Jobs will be part of the installation steps.
IMPORTANT: Clusters on source target must be in the support feature matrix
Isilon cluster replication pairs must be running a supported OneFS version as documented in the System Requirements / Feature Release Compatibility matrix.
IMPORTANT: Before you add a Cluster to Eyeglass verify SyncIQ FQDN Name resolution
This step is important to allow Eyeglass to automatically build configuration replication jobs correctly. Eyeglass will resolve the FQDN of the SyncIQ policy and then compare the returned ip address to all Isilon clusters added to the Eyeglass appliance. If no match is found, Config Sync jobs will fail to be added to the jobs window, until name resolution works correctly. A system alarm is also raised that indicates no matching clusters found for the SyncIQ policies on Cluster named X.
Adding Clusters for Eyeglass version 2.5.3 and Greater
Isilon clusters must be added to Eyeglass using SSIP from subnet with pool in the System Access Zone.
To verify SyncIQ target host FQDN:
- Login to Eyeglass
- Open Eyeglass shell from the Eyeglass main menu (bottom left)
- Login as admin with default password 3y3gl4ss
- Get list of SyncIQ policies from the source cluster you are adding and record the FQDN target host value used in the policy
- Validate that the FQDN of SyncIQ policy targets will resolve correctly on Eyeglass
- nslookup <FQDN>
- If an IP address does not return, you will need to fix this by adding DNS to Eyeglass. Use the YAST utility to add DNS to Eyeglass (see Eyeglass Admin Guide for instructions) in order to resolve the SmartConnect Zones used by SyncIQ policies.
- OR you must sudo to root with sudo -s (enter admin password)
- vi /etc/hosts and add an entry for the FQDN value that does not resolve correctly
- NOTE: DNS is the preferred solution to resolve entries, hosts file can be used as a work around on the appliance for each SmartConnect Zone that does not resolve to an IP address
- Repeat nslookup step for each FQDN used on each cluster you want to add to Eyeglass for DR management
From the Eyeglass UI add the Isilon Clusters between which Eyeglass will be replicating the share and export configuration data.
- If you get authentication failure when clicking submit. It can be one of these issues:
- Bad password (make sure before looking at next causes)
- If your cluster is running original 7.2.x.x, 220.127.116.11, 18.104.22.168, 22.214.171.124 the TLS security protocols allowed weaker security algorithms and key sizes. Eyeglass 1.9 OVF and later has hardened security settings. In this case you may need to edit /opt/superna/java/jre1.8.0_05/lib/security/java.security and comment out the line “jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048, SSLv2Hello, SSLv3, TLSv1, TLSv1.1”
- After editing this file an Eyeglass sca service restart is required
systemctl restart sca
- SmartConnect Service must be IP address format. Also it must be an IP pool from System Access zone for PAPI API calls to be supported.
- Maximum RPO Value is the Recovery Point Objective for the cluster in minutes. If you are using the RPO feature, this target is used during RPO analysis. More information about Eyeglass RPO analysis can be found in Feature Overview - RPO Trending and Reporting.
- To create an Eyeglass service account with minimum privileges follow the instructions provided in Isilon Cluster User Minimum Privileges for Eyeglass.
Once the Isilon is added, Eyeglass will automatically run an inventory task to discover the Isilon components. When completed, the discovered inventory can be seen in the Inventory View.
Enable Eyeglass Jobs
Once you have configured your Isilon cluster pair and the Inventory task has completed, 3 Eyeglass Jobs are automatically created per SyncIQ Policy to replicate between the SyncIQ Policy defined source and target.
In addition to the Configuration Replication Jobs, Failover Readiness Jobs are created between replicating clusters that monitor the configuration and readiness of Access Zones.
Note: These jobs are disabled by default (see Eyeglass Admin Guide on how to change default to enable via the CLI). Once enabled they will raise alarms if all configuration for Access Zones is not created or prerequisites completed.
Pre-requisite for Enabling Configuration Replication
- If you have an Active - Active Replication Topology (for data), confirm that you do not have an unsupported share or NFS Alias environment described in the diagram below:
- Review Eyeglass Admin Guide Jobs description to understand what the Configuration Replication Jobs will do.
- Review Eyeglass Admin Guide for Configuration Replication Pre-requisites
- Review how Eyeglass determines uniqueness for configuration items and what properties are replicated.
Enable Jobs for Configuration Replication
Next step is to enable your Share, Export, NFS Alias (AUTO) Jobs for Configuration Replication. This can be done on a Job by Job basis by following these steps:
- Select the Configuration Replication Job to be enabled.
- Select a bulk action and then select the Enable/Disable option.
On the next Configuration Replication cycle, the enabled Job will be run.
Initial state for Jobs
You can change the default behaviour so that these Jobs are enabled by default using this igls adv initialstate command.
Setup Eyeglass for Email Notification
- Configure SMTP
- Configure Email Recipients
- Enter the information for your email server in the Notification Center / Configure SMTP tab.
- Host name: Enter the host name for your email server
- Port: Enter the port which should be used for sending email
- From: Enter the email address of the sender of the email. Typically this is required to be a valid email address recognized by the email server.
- Use Authentication: Select if email server requires an authenticated login
- User: User or email address for authentication
- Password: Password for authentication
- Enable TLS: Select the Enable TLS check box if your email server expects TLS communication.
- Alarm Severity Filter: Select level of alarms for which you would like to receive email.
2. Use the Test Email Setting button to check that the email server information added is correct. If an error occurs, you will get error codes from the SMTP connection. The "no error" response indicates successful connection. If an error is returned the debug response should be sent to support.superna.net.
3. Save your changes.
Configure Email Recipients
- Enter the information for your email server in the Notification Center / Manage Recipients tab.
- Email Recipient: Enter the email address that emails will be sent to.
- Select the report type this user receipt
- Reports (RPO, cluster configuration)
- Easy Auditor product (All reports and email notifiaitons)
- Cluster Storage Monitor product reports (quota usage)
- Cluster Storage Monitor product Data recovery portal emails)
- Select the Add button.
For other Notification center configuration options see the admin guide topic.
Setup Eyeglass for Fast Failover
It is recommended to change to fast failover mode which takes advantage of parallel threads. This mode switches to parallel policy with up to 10 threads for make writeable step and resync prep step.
- ssh to the Eyeglass appliance and login as admin (default password 3y3gl4ss).
- Type the following command
igls adv failovermode set --parallel=true
Protecting the Eyeglass appliance options
See How to Configure Active Active
See How to configure warm standby
Copyright Superna LLC