How to configure NDMP authentication, in the ‘Vserver-scope’ in Cluster Mode Netapp
Today we will see, How to configure NDMP authentication, in the ‘Vserver-scope’ in Cluster Mode Netapp. Note that if backup application is enabled for Cluster Aware Backup then only we can use Vserver-scope NDMP authentication, else we need to consider Node-Scope-NDMP Configuration.
While using NDMP in the 'Vserver-scope' mode, we can configure authentication either through the Vserver or Cluster. This means that we can use a single cluster-wide user to manage all of the Vservers in the entire cluster or a separate user to manage each Vserver individually.
Below is an Demo Video For the Same.
login as: admin
Using keyboard-interactive authentication.
Password:
Cluster1::> vserver services ndmp show
VServer Enabled Authentication type
------------- --------- -------------------
Cluster1 false challenge
vs1cifs false challenge
2 entries were displayed.
Before enabling the NDMP Services, for Cluster wide and for individual Vserver, we need to make sure that the NDMP protocol, is listed under Allowed Protocols for individual Vserver. Execute the command "vserver show" , to see the listed Allowed protocol for a Vserver.
Cluster1::> vserver show -vserver vs1cifs -protocols
Vserver Allowed Protocols Disallowed Protocols
----------- ----------------------- -----------------------
vs1cifs cifs, ndmp nfs, fcp, iscsi
As ndmp is under the allowed protocol, we can enable the NDMP services on each vserver. By default, all Protocol are allowed for the Vserver Cluster. Execute the below command to enable, the NDMP services for entire cluster.
Cluster1::> vserver services ndmp on -vserver Cluster1
Similarly to enable ndmp services for individual Vserver, Execute the below command.
Cluster1::> vserver services ndmp on -vserver vs1cifs
After enabling the NDMP services, we need to generate password using which, backup application can authenticate for NDMP operation. By default, there is a cluster-wide administrator level account created called ‘admin’, which can be used for entire cluster. To generate an NDMP password for the entire cluster, execute the below command with username admin.
Cluster1::> vserver services ndmp generate-password -vserver Cluster1 -user admin
Vserver: Cluster1
User: admin
Password: IBMEsh2en2aBSglU
The NDMP credentials for the entire cluster named ‘cluster1’, backup application will use this password to authenticate for NDMP.
Similarly for Each Vserver that gets created, also has a default admin account created, called ‘vsadmin’ which we can use for, NDMP operation for respective Vserver. To generate an NDMP password for the Vserver, execute the shown command, with username "vsadmin" and the respective
Vserver name.
Cluster1::> vserver services ndmp generate-password -vserver vs1cifs -user vsadmin
Vserver: vs1cifs
User: vsadmin
Password: arEmMmxHCpPwjetu
Now we can use NDMP credentials for the Vserver ‘vs1cifs’, from the Backup Application to authenticate for NDMP operation. To see the current status of the NDMP services execute the below command.
Cluster1::> vserver services ndmp show
VServer Enabled Authentication type
------------- --------- -------------------
Cluster1 true challenge
vs1cifs true challenge
2 entries were displayed.
To modify any available parameter, for Vserver-Scope NDMP we can use the "vserver services ndmp modify" command. We can also use the same command to modify Authentication type. To modify the Authentication Type, from Challenge to Plaintext, execute the below command.
Cluster1::> vserver services ndmp modify -authtype plaintext -vserver vs1cifs
Cluster1::> vserver services ndmp show
VServer Enabled Authentication type
------------- --------- -------------------
Cluster1 true challenge
vs1cifs true plaintext
2 entries were displayed.
This Concludes the Demonstration On "How to configure NDMP authentication, in the ‘Vserver scope’
