User's GuideVersion 1 Release 0

Configuring Aperi Storage Manager

After installation you should define certain options for your Aperi Storage Manager environment. To display a list of these options, click Administrative Services -> Configuration. The following sections describe each of these options and begin the route you take in the navigation tree to get to them.

For details about fields in configuration windows, click F1 or Help -> Help for Displayed Panel
To display and edit information about a configuration option, click the option. For example, if you click Alert Disposition node, a window is displayed that lets you specify where to send SNMP traps or e-mail notifications that are generated when an event specified in an alert is detected.
To print the branch, right-click Configuration and click Print Branch.

You can perform the following configuration tasks:

Granting local administrative privileges to a domain account
Authorizing users
Specifying alert notifications and log retention
Setting the retention for log files
Assigning agents to perform probes
Adding NAS servers
Managing element managers
Managing data aggregation for reports
Setting retention periods for resources and resource histories

Granting local administrative privileges to a domain account

For Windows users, the user account which the Data server runs under requires local administrative rights. Because these rights are not necessarily guaranteed for domain users in a Windows domain environment, this topic provides information on how to grant local administrative rights for domain users. Using this procedure, you do not have to manually process each machine in the domain.

To use Group Policy to grant local administrative privileges to a domain account, complete the following steps:

On the domain controller, go to Administrative Tools > Active Directory Users and Computers (you must be running with Domain Administrator privileges).
Right-click on the Organizational Unit (OU) upon which you want to apply the Group Policy. Click Properties.
The Group Policy Properties panel is displayed. Select the Group Policy tab and click New to create a new Group Policy.
Designate a name for the new Group Policy. Select the new Group Policy and click Edit.
The Group Policy Object Editor panel is displayed. Go to New Group Policy Object > Computer Configuration > Windows Settings > Security Settings > Restricted Groups. Right-click on Restricted Groups. Click Add Group.
For example, name the new group "Administrators." Under "Properties", add the user "Administrator", and the domain accounts or groups upon which you want the Group Policy in effect for. For example, you can add "APERI\tapeadmin", "APERI\tapegroup", and "APERI\TestGroup". Click OK.
Add these user rights to the domain account:
- Act as part of the operating system
- Log on as a service
In the Group Policy Object Editor, go to New Group Policy Object > Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignments. In the right pane, select "Log on as a service" and double-click. Add the domain user for whom you are granting the user right for and click OK. Repeat this step for "Act as part of the operating system."
The group policy is now enforced for the Organizational Unit to include the domain accounts and groups specified under the local Administrators group on each computer in the Organizational Unit. In addition, the domain user has been granted the necessary rights. To verify this, log into a domain computer and open the Computer Management console. Select Groups, double-click on the Administrators group, and verify the membership of the domain users.

Authorizing users

Administrative Services -> Configuration -> Role-to-Group Mapping

One of the first tasks you should perform after installing Aperi Storage Manager is to assign roles to individuals who will use the product. From the Role-to-Group Mapping node you can map Aperi Storage Manager roles, such as Tape Operator or Fabric Administrator, to user groups that you create using tools available with your operating system. For example, on a Windows machine you can create user groups using the Administrative Tools control panel. When a user name is used to authenticate with Aperi Storage Manager, the user's group membership determines the authorization level

Role-based authorization

Operating system groups are associated with predefined roles. When a user ID is authenticated to Aperi Storage Manager through the GUI, CLI, or APIs, the user's operating system group membership determines the authorization level. Table 3 shows the association with roles and authorization level.

Table 3. Roles and authorization levels

Role	Authorization level
Superuser	Has full access to all Aperi Storage Manager functions.
Product Administrator	Has full access to operations in the Administration section of the GUI.
Tape Administrator	Has full access to Tape Manager functions.
Tape Operator	Has access to reports only for Tape Manager functions.
Fabric Administrator	Has full access to Aperi Storage Manager for Fabric functions.
Fabric Operator	Has access to reports only for Aperi Storage Manager for Fabric functions.
Disk Administrator	Has full access to Aperi Storage Manager disk functions.
Disk Operator	Has access to reports only for Aperi Storage Manager disk functions. This includes reports on tape devices.
Data Administrator	Has full access to Aperi Storage Manager for Data functions.
Data Operator	Has access to reports only for Data functions.

Notes:

If a user has multiple roles, the authorization level is a combination of the levels for each of the roles.
If a user is not a member of any of the roles listed, no access is granted to that user.

The superuser is the highest level role and can be used to install Aperi Storage Manager and to initially set up the product. The superuser has authority over all the other roles in Aperi Storage Manager:

Figure 4. User roles hierarchy

Chart shows the user roles hierarchy: Superuser at the top. Under superuser at the same level are Product administrator, Data administrator, Disk administrator, Fabric administrator, Tape administrator. Under each of the resource manager administrators, is the corresponding operator: Data operator, Disk operator, Fabric operator, Tape operator

Some nodes are present only when the user has the required authorization. Table 4 shows the GUI nodes that require special roles to view, edit, and act upon the services. The administrator or superuser is required for viewing configurations.

Table 4. GUI nodes that require special roles or licenses

GUI node	Special roles
Administrative Services	All roles can see this node but the user must be a Aperi Storage Manager administrator or superuser to edit and act upon the services (for example enable or disable tracing, shut down services, delete services, and so forth).
Administrative Services - Configuration - Role-to-Group Mappings	Only the Aperi Storage Manager administrator or superuser can see this node.
Aperi Storage Manager - My Reports - System Reports - Fabric	Requires the Fabric administrator or the Fabric operator role. This includes being able to view the fabric assets and port connections.
Aperi Storage Manager - My Reports - Batch Reports	Requires any administrator role to create the batch reports.
Aperi Storage Manager - Monitoring - Probes	Requires any administrator role to create or edit probes.
Aperi Storage Manager - Alerting - Alert log	Requires any administrator role to delete or clear alerts. The Storage subsystems node appears if any disk array is installed.
Data Manager	Requires the Data administrator or Data operator role.
Disk Manager	Requires the Disk administrator or Disk operator role.
Fabric Manager	Requires the Fabric administrator or Fabric operator role.
Tape Manager	Requires the Tape administrator or Tape operator role.

How to associate a user and group with an Aperi Storage Manager user role

Creating a system group on Windows

You must first create an operating system group on your computer, and then assign the users to the group. Then you can use the GUI to associate the group with the Aperi Storage Manager role.

For Windows, first create the users you want to have access to the various Aperi Storage Manager roles. Follow these steps:

Go to Start -> Settings -> Control Panel -> Administrative Tools -> Computer Management -> Local Users and Groups.
Right-click on Users and click New Users.
The New User panel is displayed. Enter a user name, description (optional), and password (twice). Click Create.
Repeat step 3 for each new user you want to create.

Then create a system group on Windows:

Go to Start -> Settings -> Control Panel -> Administrative Tools -> Computer Management -> Local Users and Groups.
Right-click on Groups and click New Group.
The New Group panel is displayed. Enter a Group Name and Description (optional). Click Add.
The Select Users or Groups panel is displayed. Enter or select the users or groups you want to add to the new group you have created. Click Add. Then click Create.

Creating a system group on UNIX or Linux

For UNIX or Linux, to add new users to the system, there are three things which must be done:

Create a new user's name.
The new user must have a home directory allocated for them.
That user must be placed in the group file.

Refer to your UNIX or Linux documentation for information on how to create a system group.

Associating the user groups to Aperi Storage Manager roles

After you have created the operating system group and assigned users to that group, follow these steps:

Open the Aperi Storage Manager GUI.
Go to Administrative Services -> Configuration -> Role-to-Group Mappings.
On the right pane, click Edit for the role you want to associate with the group you have created.
The Edit Group dialog is displayed. Enter the group you want to associate with the Aperi Storage Manager role. Click OK. This associates the operating system group with the Aperi Storage Manager role.
Click File -> Save to save the mappings.

Specifying alert notifications and log retention

Administrative Services -> Configuration -> Alert Disposition

Specify where to send SNMP traps or e-mail notifications that are generated when an event specified in an alert is detected. From this node you can also specify the number of days after which records in the alert log are deleted. To enable SNMP traps, consider the following:

SNMP traps: System administrators must set up their SNMP trap ringer with the provided MIB files in order to receive SNMP traps from Aperi Storage Manager.
- Fabric: device\snmp\fabric.mib
- Data: data\snmp\tivoliSRM.mib

Setting the retention for log files

Administrative Services -> Configuration -> Log-File Retention

Specify the number of runs and the length of time to maintain the log files generated by Data Manager.

Assigning agents to perform probes

Administrative Services -> Configuration -> Probe Agent Administration

Assign the agents that should perform probes against the following:

Filesystems within NAS filers
TotalStorage SAN File System (IBM SAN File System)

The window associated with this node provides a complete listing of the licensed NAS filers and TotalStorage SAN File Systems (IBM SAN File Systems) discovered by Data Manager.

Adding NAS servers

Administrative Services -> Configuration -> Manual NAS Server Entry

Use the window associated with this node to:

Manually enter information about the Network Attached Storage (NAS) servers that you want to monitor within your environment. After you enter information, you can assign agents to those servers using the Probe Agent Administration window.
View a list of the NAS filers whose information was manually entered into Data Manager
Delete NAS filers whose information was manually entered into Data Manager

You can manually set up individual NAS servers for monitoring by Data Manager using this window, or you can use a discovery method for automatically adding multiple servers at the same time.

Managing element managers

Administrative Services -> Configuration -> Manage Element Manager

Use the Manage Element Manager page to manage the element managers that are provided with the switches and storage devices in your enterprise.

Element managers are programs that allow you to configure and maintain your storage devices. The Manage Element Manager page shows a list of configured element managers and their IP addresses. These element managers can be deleted (individually or all) and they can be edited. You can set the element manager for a particular device by using the Set button on the Details page for that device. The Set button is positioned next to the Element Manager field on the respective Details page for the device.

To configure an element launcher, select the Manage Element Managers node, right-click and then select Configure from the menu.

Managing data aggregation for reports

Administrative Services -> Configuration -> History Aggregator

Use this window to control how Data Manager handles data aggregation for statistical reporting purposes. You have the option of turning aggregation off, although this is not recommended. To turn off aggregation, access the History Aggregator window, deselect Enabled, and select File > Save.

To perform any of the follow tasks associated with the History Aggregator, select the History Aggregator node, right-click and then select an item from the menu:

Refresh Job List
Update Job Status
History
Run Now

To display information about a job, click a job name.

Setting retention periods for resources and resource histories

Specifying how long to keep resource histories

Administrative Services -> Configuration -> Resource History Retention

Specify how long to keep a history of the statistical elements collected by the system. By specifying a number for days, weeks, or months for each element on this window, you can control the amount of data that will be retained and available for historical analysis and charting. The longer you keep the data, the more informative your analysis.

Specifying how long to keep information about missing resources

Administrative Services -> Configuration -> Removed Resource Retention

Specify the number of days to keep information about directories, filesystems, disks and so on that have been removed from the system and can no longer be found. Information is kept in the enterprise repository. If you do not specify a duration, information is kept in perpetuity. To clear the history record for a resource and activate a new period for resource retention, perform a discovery job on the resource.