FileFly 3.1 Administration Guide
- 1 1 Introduction
- 2 2 Deployment
- 3 3 Policy Operations
- 3.1 3.1 - Gather Statistics Operation
- 3.2 3.2 - Migrate Operation
- 3.3 3.3 - Quick-Remigrate Operation
- 3.4 3.4 - Scrub Destination Operation
- 3.5 3.5 - Post-Restore Revalidate Operation
- 3.6 3.6 - Demigrate Operation
- 3.7 3.7 - Advanced Demigrate Operation
- 3.8 3.8 - Simple Premigrate Operation
- 3.9 3.9 - Create DrTool file From Source Operation
- 3.10 3.10 - Create DrTool file From Destination Operation
- 3.11 3.11 - Erase Cached Data Operation
- 4 4 Sources and Destinations
- 5 5 FileFly Admin Portal Reference
- 5.1 5.1 - Introduction
- 5.2 5.2 - Overview Tab
- 5.3 5.3 - Servers
- 5.4 5.4 - Sources
- 5.5 5.5 - Destinations
- 5.6 5.6 - Rules
- 5.7 5.7 - Policies
- 5.8 5.8 - Tasks
- 5.9 5.9 - Task Execution
- 5.10 5.10 - Settings Page
- 5.11 5.11 - About Page
- 5.12 5.12 - Service Probe
- 6 6 Configuration Backup
- 7 7 Storage Backup
- 8 8 System Upgrade
- 9 9 Disaster Recovery
- 10 A Network Ports
- 11 B file and Directory Exclusion Examples
- 12 C Admin Portal Security Configuration
- 13 D Advanced FileFly Agent Configuration
- 14 1 Introduction
- 15 2 Deployment
- 16 3 Policy Operations
- 16.1 3.1 - Gather Statistics Operation
- 16.2 3.2 - Migrate Operation
- 16.3 3.3 - Quick-Remigrate Operation
- 16.4 3.4 - Scrub Destination Operation
- 16.5 3.5 - Post-Restore Revalidate Operation
- 16.6 3.6 - Demigrate Operation
- 16.7 3.7 - Advanced Demigrate Operation
- 16.8 3.8 - Simple Premigrate Operation
- 16.9 3.9 - Create DrTool file From Source Operation
- 16.10 3.10 - Create DrTool file From Destination Operation
- 16.11 3.11 - Erase Cached Data Operation
- 17 4 Sources and Destinations
- 18 5 FileFly Admin Portal Reference
- 18.1 5.1 - Introduction
- 18.2 5.2 - Overview Tab
- 18.3 5.3 - Servers
- 18.4 5.4 - Sources
- 18.5 5.5 - Destinations
- 18.6 5.6 - Rules
- 18.7 5.7 - Policies
- 18.8 5.8 - Tasks
- 18.9 5.9 - Task Execution
- 18.10 5.10 - Settings Page
- 18.11 5.11 - About Page
- 18.12 5.12 - Service Probe
- 19 6 Configuration Backup
- 20 7 Storage Backup
- 21 8 System Upgrade
- 22 9 Disaster Recovery
- 23 A Network Ports
- 24 B file and Directory Exclusion Examples
- 25 C Admin Portal Security Configuration
- 26 D Advanced FileFly Agent Configuration
- 27 E Troubleshooting
1 Introduction
1.1 - What is DataCore FileFly™?
DataCore FileFly is a heterogeneous Data Management System. It automates and manages the movement of data from primary storage locations to DataCore Swarm or CloudScaler object storage.
files are migrated from primary storage locations to the object store. files are demigrated transparently when accessed by a user or application. FileFly also provides a range of Disaster Recovery options.
What is Migration?
From a technical perspective, file migration can be summarized as follows: first, the file content and corresponding metadata are copied to secondary storage as an MWI file/object. Next, the original file is marked as a ‘stub’ and truncated to zero physical size (while retaining the original logical size for the benefit of users and the correct operation of applications). The resulting stub file will remain on primary storage in this state until such time as a user or application requests access to the file content, at which point the data will be automatically returned to primary storage.
Each stub encapsulates the location of the corresponding MWI data on secondary storage, without the need for a database or other centralized component.
1.2 - Conventions used in this Book
References to labels, values and literals in the software are in ‘quoted italics’.
References to actions, such as clicking buttons, are in bold.
References to commands and text typed in are in fixed font.
Notes are denoted: Note: This is a note.
Important notes are denoted: Important: Important point here.
figure 1.1: FileFly System Overview
1.3 - System Components
figure 1.1 provides an overview of a FileFly system. All communication between FileFly components is secured with Transport Layer Security (TLS). The individual components are described below.
DataCore FileFly Admin Portal
FileFly Admin Portal is the system’s policy manager. It provides a centralized web-based configuration interface, and is responsible for task scheduling, policy simulation, server monitoring and file reporting. It lies outside the data path for file transfers.
DataCore FileFly Agent
DataCore FileFly Agent performs file operations as directed by Admin Portal Policies. FileFly Agent is also responsible for retrieving file data from secondary storage upon user/application access.
file operations include migration and demigration, as well as a range of operations to assist disaster recovery. Data is streamed directly between agents and storage without any intermediary staging on disk.
When installed in a Gateway configuration, FileFly Agent does not allow migration of files from that server.
Optionally, Gateways can be configured for High-Availability (HA).
DataCore FileFly FPolicy Server
FileFly FPolicy Server provides migration support for NetApp Filers via the NetApp FPolicy protocol. This component is the equivalent of DataCore FileFly Agent for NetApp Filers.
FileFly FPolicy Server may also be configured for High-Availability (HA).
DataCore FileFly DrTool
DataCore FileFly DrTool is an additional application that assists in Disaster Recovery scenarios.
2 Deployment
This chapter will cover:
Installing DataCore FileFly Tools
Installing DataCore FileFly Agent on file servers
Installing DataCore FileFly Gateways as required
Getting started with FileFly policies
Production readiness
Refer to these instructions during initial deployment and when adding new components. For upgrade instructions, please refer to Chapter 8 instead.
For further details and usage instructions for each platform, refer to Chapter 4.
2.1 - DNS Best Practice
In a production deployment, Fully Qualified Domain Names (FQDNs) should always be used in preference to bare IP addresses.
Storage locations in DataCore FileFly are referred to by URI. Relationships between files must be maintained over a long period of time. It is advisable to take steps to verify the FQDNs used in these URIs are valid long-term, even as individual server roles are changed or consolidated.
Create DNS aliases for each logical storage role for each server. For example, use different DNS aliases when storing your finance department’s data as opposed to your engineering department’s data – even if they initially reside on the same server.
2.2 - Installing FileFly Tools
The DataCore FileFly Tools package consists of the FileFly Admin Portal and the FileFly DrTool application. The FileFly Admin Portal provides central management of policy execution while the FileFly DrTool is used in disaster recovery situations.
FileFly Tools must be installed before any other components.
2.2.1 - System Requirements
A dedicated server with a supported operating system:
Windows Server 2016
Windows Server 2012 R2 (Apr 2014 update rollup)
Windows Server 2012
Windows Server 2008 R2 SP1
Minimum 4GB RAM
Minimum 2GB disk space for log files
Active clock synchronization (e.g. via NTP)
Internet Explorer 11 or higher (possibly on a separate workstation) will be required to access the FileFly Admin Portal web interface.
2.2.2 - Setup
Run Caringo FileFly Tools.exe
Follow the instructions on screen
After completing the installation process, FileFly Tools must be configured via the Admin Portal web interface. The FileFly Admin Portal will be opened automatically and can be found later via the Start Menu.
The interface will lead you through the process for installing your license.
For production licensed installations, a ‘Backup & Scrub Grace Period’ setup page will be displayed. Please read the text carefully and set the minimum grace period as appropriate and after consulting with your backup plan – see also §7.2. This value may be revised later via the ‘Settings’ page.
2.3 - Installing FileFly Agents
Once FileFly Tools installation is complete, proceed to install DataCore FileFly Agents as described below. FileFly Agents perform file operations as directed by Admin Portal Policies. Also, in the case of user/application initiated demigration, agents retrieve the file data from secondary storage autonomously.
2.3.1 - FileFly Agent Server Roles
Each FileFly Agent server may fulfill one of two roles, selected at installation time.
In the ‘FileFly Agent for migration’ role, an agent assists the operating system to migrate and demigrate files. It is essential for the agent to be installed on all machines from which files will be migrated.
In the Gateway role, the agent provides access to CloudScaler and Swarm destinations.
2.3.2 - High-Availability Gateway Configuration
A high-availability gateway configuration is recommended. Such FileFly Gateways must be activated as ‘High-Availability FileFly Gateways’.
High-Availability Gateway DNS Setup
At least two FileFly Gateways are required for High-Availability.
Add each FileFly Gateway server to DNS
Create a single alias that maps to each of the IP addresses
Use this alias in FileFly destination URIs, never individual nodes Example:
gw-1.example.com→168.0.1
gw-2.example.com→168.0.2
example.com→192.168.0.1, 192.168.0.2
Note: The servers that form the High-Availability Gateway cluster must NOT be members of a Windows failover cluster.
For further DNS recommendations, refer to §2.1.
2.3.3 - Installing FileFly Agent for Windows Servers
System Requirements
Supported Windows Server operating system:
Windows Server 2016
Windows Server 2012 R2 (Apr 2014 update rollup)
Windows Server 2012
Windows Server 2008 R2 SP1
Minimum 4GB RAM
Minimum 2GB disk space for log files
Active clock synchronization (e.g. via NTP)
Note: When installed in the Gateway role, a dedicated server is required, unless it is to be co-located on the FileFly Tools server. When co-locating, create separate DNS aliases to refer to the Gateway and the FileFly Admin Portal web interface.
Setup
Run the Caringo FileFly Agent.exe
Select install location
Select migration or Gateway role as appropriate, refer to 2.3.1
If installing a FileFly Gateway, select the desired plugins
Follow the instructions to activate the agent via FileFly Admin Portal
Activation
If no clustering is required, activate as a ‘Standalone Server’
If installing the FileFly Gateway for High-Availability, activate as a High-Availability FileFly Gateway
If the server is part of a Windows failover cluster, and this clustered resource is to be used as a FileFly Source, activate as a Windows failover cluster node
For further information see §5.3.1.
Important: Verify FileFly Agent for Windows is installed on ALL cluster nodes if any type of clustering is used.
2.3.4 - Installing DataCore FileFly FPolicy Server for NetApp Filers
A DataCore FileFly FPolicy Server provides migration support for one or more NetApp Filers through the FPolicy protocol. This component is the equivalent of DataCore FileFly Agent for NetApp Filers. Typically FileFly FPolicy Servers are installed in a high-availability configuration.
System Requirements
A dedicated server with a supported operating system:
Windows Server 2016
Windows Server 2012 R2 (Apr 2014 update rollup)
Windows Server 2012
Windows Server 2008 R2 SP1
Minimum 4GB RAM
Minimum 2GB disk space for log files
Active clock synchronization (e.g. via NTP)
Setup
Installation of the FileFly FPolicy Server software requires careful preparation of the NetApp Filer and the FileFly FPolicy Server machines. Instructions are provided in §4.2.
Note: Legacy 7-Mode filers require a different procedure at FileFly FPolicy Server installation time – see §4.3.
2.4 - Installing Config Tools
In addition to the components described above, it may also be necessary to install one or more Config Tools. Full details are provided where required for each storage platform in Chapter 4.
2.5 - Getting Started
2.5.1 - Analyzing Volumes
Once the software has been installed, the first step in any new DataCore deployment is to analyze the characteristics of the primary storage volumes. The following steps describe how to generate file statistics reports for each volume.
In the FileFly Admin Portal web interface (see Chapter 5 for full documentation):
Create Sources for each volume to analyze
Create a ‘Gather Statistics’ Policy and select all defined Sources
Create a Task for the ‘Gather Statistics’ Policy 4. On the ‘Overview’ tab, click Quick Run
Click on the Task’s name to run it immediately
When the Task has finished, expand the details by clicking on the Task name under ‘Recent Task History’
Click Go to Task to go to the ‘Task Details’ page
Access the report by clicking on View Last Stats
Pay particular attention to the ‘Last Modified % by size’ graph. This graph will help identify how much data would be affected by a migration policy based on the age of files.
Examine ‘file types by size’ to see if the data profile matches the expected usage of the volume.
2.5.2 - Preparing for Migration
Using the information from the reports, create tasks to migrate files:
Prepare a destination for migrated files – see Create a Destination in FileFly Admin Portal
Create a Rule and a Migration Policy
A typical rule might limit migrations to files modified more than six months ago – do not use an ‘all files’ rule
To avoid unnecessary migration of active files, be conservative with your first Migration Policy
Create a Task for the new Policy
For now, disable the schedule
Save the task, then click on its name to open the ‘Task Details’ page
Click Simulate Now to run a Task simulation
Examine the resultant reports (view the Task and click View Last Stats)
If the results of simulation differ from expectations, it may be necessary to modify the rules and re-run the simulation.
Note: The simulation reports created above show details of the subset of files matched by the rules in the policies only.
Note: Reports are generated for simulations only – a real Task run will log each file operation, but will not generate a statistics report.
2.5.3 - Running and Scheduling Migration
Use Quick Run on the ‘Overview’ tab to run the migration Task immediately.
Migration is typically performed periodically: configure a schedule on the migration Task’s details page.
2.5.4 - Next Steps
Chapter 3 describes all FileFly Policy Operations in detail and will help you to get the most out of FileFly.
The remainder of this chapter gives guidance on using FileFly in a production environment.
2.6 - Production Readiness Checklist
Backup
Refer to Chapter 6 for details of how to backup FileFly configuration.
Next, be sure to test that your backup and restore software respects stubs appropriately.
Specifically:
Review the backup and restore procedures described in Check backup software can backup stubs without triggering demigration
Check backup software restores stubs and that they can be demigrated
As an additional measure to increase the range of available restore options, schedule regular ‘Create DrTool file From Source’ Policies on your migration sources.
Antivirus
Generally, antivirus software will not cause demigrations during normal file access. However, some antivirus software will demigrate files when performing scheduled file system scans.
Prior to production deployment, always check that installed antivirus software does not cause unwanted demigrations. Some software must be configured to skip offline files in order to avoid these inappropriate demigrations. Consult the antivirus software documentation for further details.
If the antivirus software does not provide an option to skip offline files during a scan, DataCore FileFly Agent may be configured to deny demigration rights to the antivirus software. Refer to §D.5 for more information.
It may be necessary for some antivirus products to exempt the DataCore FileFly Agent process from real-time protection (scan-on-access). For example, using Microsoft Security Essentials (MSE), it is necessary to add e.g. C:\Program files\Caringo FileFly\ FileFly Agent\<version>\mwi clmb.exe to the ‘Excluded Processes’ list. Be sure to update the exclusion whenever FileFly is upgraded.
Other System-wide Applications
Check for other applications that open all the files on the whole volume. Audit scheduled processes on the file server – if such processes cause unwanted demigration, it may be possible to block them (see §D.5).
Monitoring and Notification
To facilitate proactive monitoring, Best practice is to configure one or both of the following mechanisms:
Configure email notifications to monitor system health and Task activity – see 5.10
Enable syslog on agents – see D.1
Platform Considerations
For further information on platform-specific interoperability considerations, please refer to the appropriates sections of Chapter 4.
2.7 - Policy Tuning
Periodically reassess file distribution and access behavior:
Run ‘Gather Statistics’ Policies
Examine reports
Examine Server statistics – see 5.3
For more detail, examine demigrates in file server agent.log files
Consider:
Are there unexpected peaks in demigration activity?
Are there any file types that should not be migrated?
Should different rules be applied to different file types?
Is the Migration Policy migrating data that is regularly accessed?
Are the Rules aggressive enough or too aggressive?
What is the data growth rate on primary and secondary storage?
Are there subtrees on the source file system that should be addressed by separate policies or excluded from the source entirely?
3 Policy Operations
This chapter describes the various operations that may be performed on selected files by FileFly Admin Portal policies.
User interface operation is further detailed in Chapter 5.
3.1 - Gather Statistics Operation
Requires: Source(s)
Included in Community Edition: yes
Generate statistics report(s) for file sets at the selected Source(s). Optionally include statistics by file owner. By default, owner statistics are omitted which generally results in a faster policy run. Additionally, rules may be used to specify a subset of files on which to report rather than the whole source.
Statistics reports can be retrieved from FileFly Admin Portal – see §5.8.6.
3.2 - Migrate Operation
Requires: Source(s), Rule(s), Destination
Included in Community Edition: yes
Migrate file data from selected Sources(s) to a Destination. Stub files remain at the Source location as placeholders until files are demigrated. file content will be transparently demigrated (returned to primary storage) when accessed by a user or application. Stub files retain the original logical size and file metadata. files containing no data will not be migrated.
Each Migrate operation will be logged as a Migrate, Remigrate, or Quick-Remigrate.
A Remigrate is the same as a Migrate except it explicitly recognizes that a previous version of the file had been migrated in the past and that stored data pertaining to that previous version is no longer required and so is eligible for removal via a Scrub policy.
A Quick-Remigrate occurs when a file has been demigrated and NOT modified. In this case it is not necessary to retransfer the data to secondary storage so the operation can be performed very quickly. Quick-remigration does not change the secondary storage location of the migrated data.
Optionally, quick-remigration of files demigrated within a specified number of days may be skipped. This option can be used to avoid quick-remigrations occurring in an overly aggressive fashion.
Additionally, this policy may be configured to pause during the globally configured work hours.
3.3 - Quick-Remigrate Operation
Requires: Source(s), Rule(s)
Included in Community Edition: yes
Quick-Remigrate demigrated files that do not require data transfer, enabling space to be reclaimed quickly. This operation acts only on files that have not been altered since the last migration.
Optionally, files demigrated within a specified number of days may be skipped. This option can be used to avoid quick-remigrations occurring in an overly aggressive fashion.
Additionally, this policy may be configured to pause during the globally configured work hours.
3.4 - Scrub Destination Operation
Requires: Destination (non-WORM)
Included in Community Edition: yes
Remove unnecessary stored file content from a migration destination. This is a maintenance policy that should be scheduled regularly to reclaim space.
A grace period must be specified which is sufficient to cover the time from when a backup is taken to when the restore and corresponding Post-Restore Revalidate policy would complete. The grace period effectively delays the removal of data sufficiently to accommodate the effects of restoring primary storage from backup to an earlier state.
Use of scrub is usually desirable to maximize storage efficiency. In order to also maximize performance benefits from quick-remigration, it is advisable to schedule migration / quick-remigration policies more frequently than the grace period.
To avoid interactions with migration policies, Scrub tasks are automatically paused while migration-related tasks are in progress.
Important: Source(s) MUST be backed up within the grace period.
3.5 - Post-Restore Revalidate Operation
Requires: Source(s)
Included in Community Edition: yes
Scan all stubs present on a given Source, revalidating the relationship between the stubs and the corresponding files on secondary storage. This operation is required following a restore from backup and should be performed on the root of the restored source volume.
If only Write Once Read Many (WORM) destinations are in use, this policy is not required.
Important: This revalidation operation MUST be integrated into backup/restore procedures, see §7.2.
3.6 - Demigrate Operation
Requires: Source(s), Rule(s)
Included in Community Edition: yes
Demigrate file data back to the selected Source(s). This is useful when a large batch of files must be demigrated in advance.
Prior to running a Demigrate policy, be sure that there is sufficient primary storage available to accommodate the demigrated data.
3.7 - Advanced Demigrate Operation
Requires: Source(s), Rule(s)
Included in Community Edition: yes
Demigrates files with advanced options:
Disconnect files from destination – remove destination information from demigrated files (both files demigrated by this policy and files that have already been demigrated); it will no longer be possible to quick-remigrate these files
A Destination filter may optionally be specified in order to demigrate/disconnect only files that were migrated to a particular destination
It is recommended that this operation be used only after consultation with a DataCore engineer.
Prior to running an Advanced Demigrate policy, be sure that there is sufficient primary storage available to accommodate the demigrated data.
3.8 - Simple Premigrate Operation
Requires: Source(s), Rule(s), Destination
Included in Community Edition: yes
Premigrate file data from selected Source(s) to a Destination in preparation for migration. files on primary storage will not be converted to stubs until a Migrate or QuickRemigrate Policy is run. files containing no data will not be premigrated.
This can assist with:
a requirement to delay the stubbing process until secondary storage backup or replication has occurred
reduction of excessive demigrations while still allowing an aggressive Migration Policy.
Premigration is, as the name suggests, intended to be followed by full migration/quickremigration. If this is not done, a large number of files in the premigrated state may slow down further premigration policies, as the same files are rechecked each time.
By default, files already premigrated to another destination will be skipped when encountered during a premigrate policy.
This policy may also be configured to pause during the globally configured work hours.
Note: Most deployments will not use this operation, but will use a combination of Migrate and Quick-Remigrate instead.
3.9 - Create DrTool file From Source Operation
Requires: Source(s), Rule(s)
Included in Community Edition: no
Generate a disaster recovery file for DataCore FileFly DrTool by analyzing files at the selected Source(s). FileFly DrTool can use the generated file(s) to recreate stubs or update source files.
Note: DrTool files generated from Source will account for stub renames.
DrTool files can be retrieved from FileFly Admin Portal – see §5.8.7.
3.10 - Create DrTool file From Destination Operation
Requires: Destination
Included in Community Edition: no
Generate a disaster recovery file for DataCore FileFly DrTool by reading the index and analyzing files at the selected Destination without reference to the associated stub files. Note: DrTool files from Destination may not account for stub renames.
Important: It is strongly recommended to use ‘Create DrTool file From Source’ in preference where possible.
3.11 - Erase Cached Data Operation
Requires: Source(s), Rule(s)
Included in Community Edition: yes
Erases cached data associated with files by the Partial Demigrate feature (NetAppSources only).
Important: The Erase Cached Data operation is not enabled by default. It must be enabled in the advanced section on the Admin Portal ‘Settings’ page.
4 Sources and Destinations
The following pages describe the characteristics of the Sources and Destinations supported by DataCore FileFly. Planning, setup, usage and maintenance considerations are outlined for each storage platform.
IMPORTANT: Read any relevant sections of this chapter prior to deploying FileFly in a production environment.
4.1 - Microsoft Windows
4.1.1 - Migration Support
Windows NTFS volumes may be used as migration sources. On Windows Server 2016, ReFS volumes are supported as migration sources.
Windows stub files can be identified by the ‘O’ (Offline) attribute in Explorer. Depending on the version of Windows, files with this flag may be displayed with an overlay icon.
4.1.2 - Planning
Prerequisites
A license that includes an appropriate entitlement for Windows
When creating a production deployment plan, please refer to §2.6.
Cluster Support
Clustered volumes managed by Windows failover clusters are supported. However, the
Cluster Shared Volume (CSVFS) feature is NOT supported. On Windows Server 2012 and above, when configuring a ‘file Server’ role in the Failover Cluster Manager, ‘file Server for general use’ is the only supported file Server Type. The ‘Scale-Out file Server for application data’ file Server Type is NOT supported.
When using clustered volumes in FileFly URIs, verify the resource FQDN appropriate to the volume is specified rather than the FQDN of any individual node.
4.1.3 - Setup
Installation
See Installing FileFly Agent for Windows §2.3.3
4.1.4 - Usage
URI Format
win://{servername}/{drive letter}/[{path}]
Where:
servername – Server FQDN or Windows Failover file Server Resource FQDN
drive letter – Windows volume drive letter
Examples:
win://fs1.example.com/d/projects win://fs2.example.com/e/
Note: Share names and mapped drives are not supported.
4.1.5 - Interoperability
This section describes Windows-specific considerations only and should be read in conjunction with §2.6.
Microsoft DFS Namespaces (DFSN)
DFSN is supported. FileFly Sources must be configured to access volumes on individual servers directly rather than through a DFS namespace. Users and applications may continue to access files and stubs via DFS namespaces as normal.
Microsoft DFS Replication (DFSR)
DFSR is supported for:
Windows Server 2016
Windows Server 2012 R2
Windows Server 2008 R2
FileFly Agents must be installed (selecting the migration role during installation) on EACH member server of a DFS Replication Group prior to running migration tasks on any of the group’s Replication Folders.
If adding a new member server to an existing Replication Group where FileFly is already in use, FileFly Agent must be installed on the new server first.
When running policies on a Replicated Folder, sources should be defined such that each policy acts upon only one replica. DFSR will replicate the changes to the other members as usual.
Read-only (one-way) replicated folders are NOT supported. However, read-only CIFS shares can be used to prevent users from writing to a particular replica as an alternative.
Due to the way DFSR is implemented, care should be taken to avoid writing to stub files that are being concurrently accessed from another replica.
In the rare event that DFSR-replicated data is restored to a member from backup, verify DFSR services on all members are running and that replication is fully up-to-date (check for the DFSR ‘finished initial replication’ Windows Event Log message), then run a Post-Restore Revalidate Policy using the same source used for migration.
Retiring a DFSR Replica
Retiring a replica effectively creates two independent copies of each stub, without updating secondary storage. To avoid any potential loss of data:
Delete the contents of the retired replica (preferably by formatting the disk, or at least disable Stub Deletion Monitoring during the deletion)
Run a Post-Restore Revalidate Policy on the remaining copy of the data
If it is strictly necessary to keep both, now independent, copies of the data and stubs, then run a Post-Restore Revalidate Policy on both copies separately (not concurrently).
Preseeding a DFSR Replicated Folder Using Robocopy
The most common use of Robocopy with FileFly stubs is to preseed or stage initial synchronization. When performing such a preseeding operation:
for new Replicated Folders, verify that the ‘Primary member’ is set to be the original server, not the preseeded copy
both servers must have FileFly Agent installed before preseeding
add a “Process Exclusion” to Windows Defender for robocopy.exe (allow a while for the setting to take effect)
on the source server, preseed by running robocopy with the /b flag (to copy stubs as-is to the new server)
once preseeding is complete and replication is fully up-to-date (check for the DFSR ‘finished initial replication’ Windows Event Log message), Best practice is to run a Post-Restore Revalidate Policy on the original FileFly Source
Note: If the process above is aborted, be sure to delete all preseeded files and stubs (preferably by formatting the disk, or at least disable Stub Deletion Monitoring during the deletion) and then run a Post-Restore Revalidate Policy on the original FileFly Source.
Robocopy (Other Uses)
Robocopy will, by default, demigrate stubs as they are copied. This is the same behavior as Explorer copy-paste, xcopy etc..
Robocopy with the /b flag (backup mode – must be performed as an administrator) will copy stubs as-is.
Robocopy /b is not recommended. If stubs are copied in this fashion, the following must be considered:
for a copy from one server to another, both servers must have DataCore FileFly Agent installed
this operation is essentially a backup and restore in one step, and thus inappropriately duplicates stubs which are intended to be unique
after the duplication, one copy of the stubs should be deleted immediately
run a Post-Restore Revalidate policy on the remaining copy
this process will render the corresponding secondary storage files unscrubbable, even after they are demigrated
to prevent Windows Defender triggering demigrations when the stubs are accessed in this fashion:
always run the robocopy from the source end (the file server with the stubs)
add a “Process Exclusion” to Windows Defender for robocopy.exe (allow a while for the setting to take effect)
Windows Data Deduplication
If a Windows source server is configured to use migration policies and Windows Data Deduplication, it should be noted that a given file can either be deduplicated or migrated, but not both at the same time. FileFly migration policies will automatically skip files that are already deduplicated. Windows skips FileFly stubs when deduplicating.
When using both technologies, Best practice is to configure Data Deduplication and Migration based on file type such that the most efficacious strategy is chosen for each type of file.
Note: Microsoft’s legacy Single Instance Storage (SIS) feature is not supported. Do not use SIS on the same server as DataCore FileFly Agent.
Windows Shadow Copy
Windows Shadow Copy – also known as Volume Snapshot Service (VSS) – allows previous versions of files to be restored, e.g. from Windows Explorer. This mechanism cannot be used to restore a stub. Restore stubs from backup instead – see Chapter 7.
4.1.6 - Behavioral Notes
Junction Points & Symlinks
With the exception of volume mount points, junction points will be skipped during traversal of the file system. Symlinks are also skipped. This guarantees files are not seen – and thus acted upon – multiple times during a single execution of a given policy. If it is intended that a policy should apply to files within a directory referred to by a junction point, either verify the Source encompasses the real location at the junction point’s destination, or specify the junction point itself as the Source.
Mount-DiskImage
On Windows 8 or above, VHD and ISO images may be mounted as normal drives using the PowerShell Mount-DiskImage cmdlet. This functionality can also be accessed via the Explorer context menu for an image file.
A known limitation of this cmdlet is that it does not permit sparse files to be mounted (see Microsoft KB2993573). Since migrated image files are always sparse, they must be demigrated prior to mounting. This can be achieved either by copying the file or by removing the sparse flag with the following command:
fsutil sparse setflag <file name> 0
4.1.7 - Stub Deletion Monitoring
On Windows, the FileFly Agent can monitor stub deletions to identify secondary storage files that are no longer referenced in order to maximize the usefulness of Scrub Policies. This feature extends not only to stubs that are directly deleted by the user, but also to other cases of stub file destruction such as overwriting a stub or renaming a different file over the top of a stub.
Stub Deletion Monitoring is disabled by default. To enable it, please refer to §D.2.
4.2 - NetApp Filer (Cluster-mode)
This section describes support for ‘Cluster-mode’ NetApp Filers. For ‘7-mode’ filers (that is, 7.x filers and 8.x filers operating in ‘7-mode’), see §4.3.
4.2.1 - Migration Support
Migration support for sources on NetApp Vservers (Storage Virtual Machines) is provided via NetApp FPolicy. This requires the use of a DataCore FileFly FPolicy Server. Client demigrations can be triggered via CIFS or NFS client access.
Please note that NetApp Filers currently support FPolicy for Vservers with FlexVol volumes but not Infinite volumes.
When accessed via CIFS on a Windows client, NetApp stub files can be identified by the ‘O’ (Offline) attribute in Explorer. files with this flag may be displayed with an overlay icon. The icon may vary depending on the version of Windows on the client workstation.
4.2.2 - Planning
Prerequisites
NetApp Filer(s) must be licensed for the particular protocol(s) to be used (FPolicy requires a CIFS license)
A FileFly license that includes an entitlement for FileFly NetApp FPolicy Server
DataCore FileFly FPolicy Servers require EXCLUSIVE use of CIFS connections to their associated NetApp Vservers. This means Explorer windows must not be opened, drives must not be mapped, nor should any UNC paths to the filer be accessed from the FileFly FPolicy Server machine. Failure to observe this restriction will result in unpredictable FPolicy disconnections and interrupted service.
When creating a production deployment plan, please refer to §2.6.
filer System Requirements
DataCore FileFly FPolicy Server requires that the filer is running:
Data ONTAP version 9.0 – 9.4
Network
Each FileFly FPolicy Server should have exactly one IP address.
Place the FPolicy Servers on the same subnet and same switch as their corresponding Vservers to minimize latency.
Antivirus Considerations
Verify Windows Defender or any other antivirus product installed on FileFly FPolicy Server machines is configured to omit scanning/screening NetApp shares.
Antivirus access to NetApp files will interfere with the correct operation of the FileFly FPolicy Server software. Antivirus protection should still be provided on client machines and/or the NetApp Vservers themselves as normal.
High-Availability for FileFly FPolicy Servers
It is strongly recommended to install DataCore FileFly FPolicy Servers in a High-Availability configuration. This configuration requires the installation of DataCore FileFly FPolicy Server on a group of machines which are addressed by a single FQDN. This provides High-Availability for migration and demigration operations on the associated Vservers.
Typically a pair of FileFly FPolicy Servers operating in HA will service all of the Vservers on a NetApp cluster.
Note: The servers that form the High-Availability FileFly FPolicy Server configuration must not be members of a Windows failover cluster.
DNS Configuration
All Active Directory Servers, DataCore FileFly FPolicy Servers, and NetApp Filers, must have both forward and reverse records in DNS.
All hostnames used in filer and FileFly FPolicy Server configuration must be FQDNs.
4.2.3 - Setup
Setup Parameters
Before starting the installation the following parameters must be considered:
Management LIF IP Address: the address for management access to the Vserver
(not to be confused with cluster or node management addresses)
CIFS Privileged User: a domain user for the exclusive use of FPolicy
Preparing Vserver Management Access
For each Vserver, verify ‘Management Access’ is allowed for at least one LIF. Check the LIF in OnCommand System Manager - if Management Access is not enabled, either add access to an existing LIF or create a new LIF just for Management Access.
Management authentication may be configured to use either passwords or client certificates. Management connections may be secured via TLS – this is mandatory when using certificate-based authentication.
For password-based authentication:
Select the Vserver in OnCommand System Manager and go to Configuration → Security → Users
Add a user for Application ‘ontapi’ with Role ‘vsadmin’
Record the username and password for later use on the ‘Management’ tab in DataCore FileFly NetApp Cluster-mode Config
Alternatively, for certificate-based authentication:
Create a client certificate with common name <Username>
Open a command line session to the cluster management address
Upload the CA Certificate (or the client certificate itself if self-signed):
security certificate install -type client-ca -vserver <vserver-name>
Paste the contents of the CA Certificate at the prompt
security login create -username <Username> -application ontapi -authmethod cert -role vsadmin -vserver <vserver-name>
Configuring CIFS Privileged Data Access
If it has not already been created, create the CIFS Privileged User on the domain. Each FileFly FPolicy Server will use the same CIFS Privileged User for all Vservers that it will manage.
In OnCommand System Manager:
Navigate to the Vserver
Create a new local ‘Windows’ group with ALL available privileges
Add the CIFS Privileged User to this group
Allow a few minutes for the change to take effect (or FileFly FPolicy Server operations may fail with access denied errors)
Installation
On each FileFly FPolicy Server machine:
Close any CIFS sessions open to Vserver(s) before proceeding
Verify the CIFS Privileged User has the ‘Log on as a service’ privilege
Run the Caringo FileFly NetApp FPolicy Server.exe
Follow the prompts to complete the installation
Follow the instructions to activate the installation as either a standalone server or High-Availability DataCore FileFly FPolicy Server
Installing ‘DataCore FileFly NetApp Cluster-mode Config’
Run the installer:
Configuring Components
Run DataCore FileFly NetApp Cluster-mode Config.
On the ‘FPolicy Config’ tab:
Enter the FQDN used to register the FileFly FPolicy Server(s) in FileFly Admin Portal
Enter the CIFS Privileged User
On the ‘Management’ tab:
Provide the credentials for management access (see above)
On the ‘Vservers’ tab:
Click ..
Enter the FQDN of the Vserver’s Data Access LIF
Optionally, enter the FQDN of a different LIF for Vserver Management
If using TLS for Management, click Get Server CA
Click Apply to filer
Once configuration is complete, click Save.
Apply Configuration to FileFly FPolicy Servers
Verify the netapp clustered.cfg file has been copied to the correct location on all FileFly FPolicy Server machines:
C:\Program files\Caringo FileFly\data\FileFly Agent\ netapp clustered.cfg
Restart the DataCore FileFly Agent service on each machine
4.2.4 - Usage
URI Format
Where:
FPolicy Server – FQDN alias that points to all FileFly FileFly FPolicy Servers for the given Vserver
NetApp Vserver – FQDN of the Vserver’s Data Access LIF
CIFS Share – NetApp CIFS share name
Example:
Note: The chosen CIFS share must be configured to Hide symbolic links. If symbolic link support is required for other CIFS clients, create a separate share just for FileFly traversal that does hide links.
4.2.5 - Snapshot Restore
Volume Restore
After an entire volume containing stubs is restored from snapshot, a Post-Restore Revalidate Policy must be run, as per the restore procedure described in Chapter 7.
Individual Stub Restore
Users cannot perform self-service restoration of stubs. However, an administrator may restore specific stubs or sets of stubs from snapshots by following the procedure outlined below. Be sure to provide this procedure to all administrators.
IMPORTANT: The following instructions mandate the use of Robocopy specifically. Other tools, such as Windows Explorer copy or the ‘Restore’ function in the Previous versions dialog, WILL NOT correctly restore stubs.
To restore one or more stubs from a snapshot-folder like:
\\<filer>\<share>\~snapshot\<snapshot-name>\<path>
to a restore folder on the same filer like:
\\<filer>\<share>\<restore-path>
perform the following steps:
Go to an FileFly FPolicy Server machine
Open a command window
robocopy <snapshot-folder><folder> [<filename>...] [/b]
On a client machine (NOT the FileFly FPolicy Server), open all of the restored file(s) or demigrate them using a Demigrate Policy
Check that the file(s) have demigrated correctly
IMPORTANT: Until the demigration above is performed, the restored stub(s) may occupy space for the full size of the file.
As with any other FileFly restore procedure, be sure to run a Post-Restore Revalidate Policy across the volume before the next Scrub – see Chapter 7.
4.2.6 - Interoperability
NDMP Backup
NDMP Backup products require ONTAP 9.2+ for interoperability with FileFly.
Robocopy
Except when following the procedure in §4.2.5, Robocopy must not be used with the /b (backup mode) switch when copying FileFly NetApp stubs.
When in backup mode, robocopy attempts to copy stub files as-is rather than demigrating them as they are read. This behavior is not supported.
Note: The /b switch requires Administrator privilege – it is not available to normal users.
4.2.7 - Behavioral Notes
Unix Symbolic Links
Unix Symbolic links (also known as symlinks or softlinks) may be created on a filer via an NFS mount. Symbolic links will not be seen during FileFly Policy traversal of a NetApp file system (since only shares which hide symbolic links are supported for traversal). If it is intended that a policy should apply to files within a folder referred to by a symbolic link, verify the Source encompasses the real location at the link’s destination. A Source URI may NOT point to a symbolic link – use the real folder that the link points to instead.
Client-initiated demigrations via symbolic links will operate as expected.
QTree and User Quotas
NetApp QTree and user quotas are measured in terms of logical file size. Thus, migrating files has no effect on quota usage.
Snapshot Traversal
FileFly will automatically skip snapshot directories when traversing shares using the netapp scheme.
4.2.8 - Skipping Sparse files
It is often undesirable to migrate files that are highly sparse since sparseness is not preserved by the migration process.
To enable sparse files to be skipped during migration policies, go to the Admin Portal ‘Settings Page’ and tick ‘Enable sparse file skipping’.
Skipping sparse files may then be configured per migration policy. On the ‘Policy Details’ page for Migrate and Simple Premigrate operations, tick ‘skip files more than 0% sparse’ and adjust the percentage as required using the drop-down box.
4.2.9 - Advanced Configuration
Alternative Engine IP Addresses
Alternative engine IP addresses may be provided on the FileFly NetApp Cluster-mode Config ‘Advanced’ tab if filer communication is to be performed on a different IP address than that used for Admin Portal to FPolicy Server communication. This allows each node to have two IP addresses. Care must be taken that ALL communication – in both directions – between filer and FileFly FPolicy Server node occurs using the engine address.
Ordinarily, one IP address per server is sufficient. Contact DataCore Support if an advanced network configuration is required.
Cache first Block
When migrating files, the first block of the file may optionally be cached. This allows small reads to file headers to be completed immediately, without accessing secondary storage. By default this feature is disabled. This feature may be enabled on the ‘Advanced’ tab. The ‘Prefix size’ field allows the amount cached on disk after a migration to be tuned.
4.2.10 - Troubleshooting
Troubleshooting Management Login
Open a command line session to the cluster management address
security login show -vserver <vserver-name>
There should be an entry for the expected user for application ‘ontapi’ with role ‘vsadmin’
Troubleshooting TLS Management Access
Open a command line session to the cluster management address:
vserver context -vserver <vserver-name>
security certificate show
There should be a ‘server’ certificate for the Vserver management FQDN (NOT the bare hostname)
If using certificate-based authentication, there should be a ‘client-ca’ entry
security ssl show
There should be an enabled entry for the Vserver management FQDN (NOT the bare hostname)
Troubleshooting Vserver Configuration
Vserver configuration can be validated using DataCore FileFly NetApp Cluster-mode Config.
Open the netapp clustered.cfg in FileFly NetApp Cluster-mode Config
Go to the ‘Vservers’ tab Select a Vserver
Click ..
Click Verify
Troubleshooting ‘ERR ADD PRIVILEGED SHARE NOT FOUND’
If the FileFly FPolicy Server reports privileged share not found, there is a misconfiguration or CIFS issue. Please attempt the following steps:
Check all configuration using troubleshooting steps described above
Verify the FileFly FPolicy Server has no other CIFS sessions to Vservers
run net use from Windows Command Prompt
remove all mapped drives
Reboot the server
Retry the failed operation
Check for new errors in agent.log
4.3 - NetApp Filer (7-mode)
This section describes support for NetApp Filers 7.3 and above including 8.x filers operating in ‘7-mode’. For version 9.x filers and 8.x filers running in ‘Cluster-mode’, see §4.2.
4.3.1 - Migration Support
Migration support for sources on NetApp Filers is provided via NetApp FPolicy. This requires the use of a DataCore FileFly FPolicy Server. FileFly supports the use of both physical filers and vfilers as migration sources. Client demigrations can be triggered via CIFS or NFS client access.
When accessed via CIFS on a Windows client, NetApp stub files can be identified by the ‘O’ (Offline) attribute in Explorer. files with this flag will be displayed with an overlay icon. The icon may vary depending on the version of Windows on the client workstation.
4.3.2 - Planning
Prerequisites
NetApp Filer(s) must be licensed for the particular protocol(s) to be used (FPolicy requires a CIFS license)
A FileFly license that includes an entitlement for NetApp Filers
DataCore FileFly FPolicy Servers require EXCLUSIVE use of CIFS connections to their associated NetApp Filers/vfilers. This means Explorer windows must not be opened, drives must not be mapped, nor should any UNC paths to the filer be accessed from the FileFly FPolicy Server machine.
Demigrations cannot be triggered by applications running locally on the FileFly FPolicy Servers since the filer ignores these requests. This is an FPolicy restriction.
When creating a production deployment plan, please refer to §2.6.
filer System Requirements
DataCore FileFly FPolicy Server requires that the filer is running Data ONTAP version 7.3 or above. DataCore recommends 7.3.6 or above.
Important: Place the FileFly FPolicy Servers on the same subnet and same switch as the filers that they will serve to minimize latency.
Using the filer on a Domain
If the NetApp Filer is joined to an Active Directory domain, check the following:
All AD servers that the filer will communicate with are also DNS servers
DNS contains the msdcs.<exampleDomain> subdomain (created automatically if DNS is set up as part of the Active Directory installation)
Only the Active Directory DNS servers should be provided to the filer (check /etc/resolv.conf on the filer to confirm)
High-Availability for FPolicy Servers
It is strongly recommended to install DataCore FileFly FPolicy Servers in a High-Availability configuration. This configuration requires the installation of DataCore FileFly FPolicy Server on a group of machines which are all addressed by a single FQDN. This provides High-Availability for migration and demigration operations on the associated filers.
DNS Configuration
All Active Directory Servers, DataCore FileFly FPolicy Servers, and NetApp Filers, must have both forward and reverse records in DNS.
All hostnames used in filer and FileFly FPolicy Server configuration must be FQDNs.
Incorrect DNS configuration or use of bare hostnames may lead to FileFly FPolicy Servers failing to register or disconnecting shortly after registration.
Using SMB2
If the target filer is configured to use the SMB2 protocol:
Verify both the following NetApp options are enabled:
smb2.enable
smb2.client.enable
Using Local User Accounts to authenticate with the filer may cause connection issues, Active Directory domain authentication should be used instead
Unicode filename Support
It is recommended that all volumes have UTF-8 support enabled (i.e. the volume language should be set to <lang>.UTF-8). files with Unicode (non-ASCII) filenames cannot be accessed via NFS unless the UTF-8 option is enabled. To guarantee maximal data accessibility, FileFly will mark any file that would not be demigratable via both NFS and CIFS clients as ‘Do Not Migrate’.
4.3.3 - Setup
Preinstallation Steps – NetApp Filers and vfilers
Enable HTTP servers
From the console on each NetApp Filer/vfiler:
options httpd.admin.enable on
Create and enable FPolicy FileFly on each NetApp Filer/vfiler Note: The name FileFly must be used for the FPolicy
On the NetApp Filer console:
netapp> options fpolicy.enable on
netapp> fpolicy create FileFly screen
netapp> fpolicy options FileFly required on
netapp> fpolicy enable FileFly
Create a NetApp administrator account:
From the console on each NetApp Filer/vfiler:
netapp> useradmin domainuser add <username> -g administrators
Note: If the filer is not on a domain, then a local user account may be created instead.
Preinstallation Steps – FileFly FPolicy Server Machine(s)
Verify NetBIOS over TCP/IP is enabled to allow connections to and from the NetApp for FPolicy:
Determine which network interface(s) will be used to contact the filer(s)
Navigate to each Network interface’s Properties dialog box
Select Internet Protocol Version 4 (TCP/IPv4) → Properties → . .
On the ‘WINS’ tab, select ‘Enable NetBIOS over TCP/IP’
Verify the server firewall is configured to allow incoming NetBIOS traffic from the filer – e.g. enable the ‘file and Printer Sharing (NB-Session-In)’ rule in Windows firewall
Installing Components
On each FileFly FPolicy Server machine:
Run the Caringo FileFly NetApp FPolicy Server.exe
Select install location
Enter the login credentials for an administrator user with the ‘Log on as a service’ privilege – this account MUST have the same username and password as an administrator level account on the filer
Follow the instructions to activate the installation as either a ‘Standalone Server’ or High-Availability DataCore FileFly FPolicy Server
Configuring Components
Edit netapp.cfg in the DataCore FileFly FPolicy Server data directory (e.g. C:\
Program files\Caringo FileFly\data\FileFly Agent):
Set the netapp.filers property to a comma-delimited list of NetApp Filer/vfiler FQDNs
Open Services → Caringo FileFly Agent
Restart the service
When using a High-Availability configuration, be sure to use the same netapp.cfg across all nodes and restart each node’s service.
Cache first Block
When migrating files, the first block of the file may optionally be cached. This allows small reads to file headers to be completed immediately, without triggering a demigration from secondary storage. By default this feature is disabled. To enable it, set netapp.cachefirstBlock to true in netapp.cfg.
4.3.4 - Usage
URI Format
netapp://{FPolicy Server}/{NetApp Filer}/{CIFS Share}/[{path}]
Where:
FPolicy Server – FQDN alias that points to all FileFly FileFly FPolicy Servers for the given filer
NetApp Filer – FQDN of the filer/vfiler
CIFS Share – NetApp CIFS share name (FPolicy requires the use of CIFS)
Example:
netapp://fpol-svrs.example.com/netapp1.example.com/data/
4.3.5 - Interoperability
Robocopy
Robocopy must not be used with the /b (backup mode) switch when copying FileFly NetApp stubs.
When in backup mode, robocopy attempts to copy stub files as-is rather than demigrating them as they are read. This behavior is not supported.
Note: The /b switch requires Administrator privilege – it is not available to normal users.
4.3.6 - Behavioral Notes
Unix Symbolic Links
Unix Symbolic links (also known as symlinks or softlinks) may be created on a filer via an NFS mount. Symbolic links will be skipped during traversal of a NetApp file system. This guarantees files are not seen – and thus acted upon – multiple times during a single execution of a given policy. If it is intended that a policy should apply to files within a folder referred to by a symbolic link, verify the Source encompasses the real location at the link’s destination. A Source URI may NOT point to a symbolic link – use the real folder that the link points to instead.
QTree and User Quotas
NetApp QTree and user quotas are measured in terms of logical file size. Thus, migrating files has no effect on quota usage.
Snapshots
FileFly will automatically skip snapshot directories when traversing NetApp Filer volumes using the netapp scheme.
CIFS Usage
DataCore FileFly FPolicy Servers require EXCLUSIVE use of CIFS connections to their associated NetApp Filers/vfilers. This means Explorer windows must not be opened, drives must not be mapped, nor should any UNC paths to the filer be accessed from the FileFly FPolicy Server machine. Failure to observe this restriction will result in unpredictable FPolicy disconnections and interrupted service.
Demigrations cannot be triggered by applications running directly on the FileFly FPolicy Servers since the filer ignores these requests. This is an FPolicy restriction.
4.3.7 - Skipping Sparse files
It is often undesirable to migrate files that are highly sparse since sparseness is not preserved by the migration process.
To enable sparse files to be skipped during migration policies, go to the Admin Portal ‘Settings Page’ and tick ‘Enable sparse file skipping’. The sparse file skipping option for migration policies requires at least Data ONTAP version 7.3.6.
Skipping sparse files may then be configured per migration policy. On the ‘Policy Details’ page for Migrate and Simple Premigrate operations, tick ‘skip files more than 0% sparse’ and adjust the percentage as required using the drop-down box.
4.3.8 - Debug Status Monitoring
By default DataCore FileFly FPolicy Servers provide status information and statistics via a webpage located at http://127.0.0.1:8000 (accessible only from the FPolicy Server machine).
To run the webserver on a different TCP port, set netapp.web.port in netapp.cfg to the desired port number. To disable the webserver, set netapp.web.enable to false.
4.4 - DataCore Swarm
4.4.1 - Introduction
The swarm scheme should only be used when accessing Swarm storage nodes directly.
If accessing Swarm storage via a CloudScaler Gateway, the cloudscaler scheme must be used instead, see §4.5.
Note: FileFly software does not support access to storage nodes via an SCSP Proxy.
4.4.2 - Planning
Before proceeding with the installation, the following will be required:
Swarm 8 or above
a license that includes an entitlement for Swarm
firewall
The Swarm storage node port (TCP port 80 by default) must be allowed by any firewalls between the DataCore FileFly Swarm Plugin on the DataCore FileFly Gateway and the Swarm storage nodes. For further information regarding firewall configuration see Appendix A.
Domains and Endpoints
Swarm storage locations are accessed via a configured endpoint FQDN. Add several Swarm storage node IP addresses to DNS under a single endpoint FQDN (4-8 addresses are recommended). If Swarm domains are in use, the FQDN must be the name of the domain in which the FileFly data will be stored. If domains are NOT in use (i.e. data will be stored in the default cluster domain), it is strongly recommended that the FQDN be the name of the cluster for best Swarm performance.
When using multiple Swarm domains, verify each domain FQDN is added to DNS as described above.
Buckets
Migrated files may be stored as either unnamed objects (accessed by UUID), or as named objects residing in a bucket. Bucket creation must be performed ahead of time, prior to configuring FileFly.
FileFly Swarm Config will be used to create Destination URIs for use in the FileFly Admin Portal.
4.4.3 - Setup
Installation
To perform a fresh installation:
Run the Caringo FileFly Agent.exe, select the FileFly Gateway role (see 2.3.3) and select FileFly Swarm Plugin on the ‘Components’ page
Follow the prompts to complete the installation
Or, to add the FileFly Swarm Plugin to an existing FileFly Gateway or Agent:
Run the installer for the DataCore FileFly Swarm Plugin:
Caringo FileFly Swarm Plugin.exeFollow the prompts to complete the installation
Installing ‘DataCore FileFly Swarm Config’
Run the installer for DataCore FileFly Swarm Config: Caringo FileFly Swarm Config.exe
4.4.4 - Plugin Configuration
Open ‘DataCore FileFly Swarm Config’ and complete the following configuration steps.
Create a FileFly Encryption Key
If encryption-at-rest is to be used to protect FileFly data on the destination, check ‘Enable encryption’. An encryption key must be generated before FileFly can be used to store encrypted data on a Swarm migration destination. FileFly will encrypt all data migrated using the specified encryption key.
During the encryption key creation process, a copy of the information entered will be printed and it will be strongly recommended that a copy of the swarm.cfg file is stored in a safe location.
Click .. in the ‘FileFly Encryption’ section
Read the User Confirmation notice and click Yes to continue
Keep the suggested Key ID
Enter a passphrase from which to generate a new encryption key, and click OK
an Encryption Key Details page will be printedWhen prompted, enter the ‘Validation Code’ from the printed page
Set Metadata Options
Tick ‘Include metadata HTTP headers’ to store per-file metadata with the destination objects, such as original filename and location, content-type, owner and timestamps – see §4.4.7 for details. file extension to content-type mappings may be customized by editing the swarm-mimetypes file, found in C:\Program files\Caringo FileFly\data\ swarm.data\.
Also tick ‘Include Content-Disposition’ to include original filename for use when downloading the target objects directly using a web browser.
Create an Index
Swarm Destinations require an index to be created prior to use.
In FileFly Swarm Config:
Click Create Index...
Follow the instructions
Use the resultant URI to create a Destination in the FileFly Admin Portal
Additional indexes can be added at a later date to further subdivide storage if required.
Important: Each FileFly Admin Portal must have its own destination indexes; DO NOT share indexes across multiple FileFly implementations.