CTERA Portal Installation Guide CentOS Edition Over VMWare

Installation Guide
CTERA Portal
CentOS Edition over
VMWare
August 2015
Version 5.0
Copyright 2009-2015 CTERA Networks Ltd.

All rights reserved. No part of this document may be reproduced in any form or by any
means without written permission from CTERA Network Ltd.
Information in this document is subject to change without notice and does not represent a
commitment on part of CTERA Networks Ltd.
CTERA, C200, C400, C800, P1200, CloudPlug, NEXT3, Cloud Attached Storage, and Virtual
Cloud Drive are trademarks, service marks, or registered trademarks of CTERA Networks Ltd.
All other product names mentioned herein are trademarks or registered trademarks of their
respective owners.
The products described in this document are protected by U.S. patents, foreign patents, or
pending applications.
Contents
About this Guide ---------------------------------------------------------------------------------------- 3
How to Use this Guide----------------------------------------------------------------------------------- 3
Planning Your Installation ---------------------------------------------------------------------------- 5

Server Topology ------------------------------------------------------------------------------------------- 5
Scalability and Load Balancing ------------------------------------------------------------------------ 6
Data Replication and Failover ------------------------------------------------------------------------- 6
Security ----------------------------------------------------------------------------------------------------- 6
Requirements --------------------------------------------------------------------------------------------- 6
Installing CTERA Portal -------------------------------------------------------------------------------- 9

Installation Workflow ----------------------------------------------------------------------------------- 9
Importing the CTERA Portal Virtual Appliance OVF File --------------------------------------- 10
Preparing for Production Deployment ------------------------------------------------------------ 20
Logging In to the CTERA Portal Server------------------------------------------------------------- 20
Configuring Network Settings ----------------------------------------------------------------------- 20
Setting Up the Time Zone ---------------------------------------------------------------------------- 34
Initializing the Storage Pool -------------------------------------------------------------------------- 35
Configuring the CTERA Portal Master Server -------------------------------------------------- 37

Performing Initial CTERA Portal Setup------------------------------------------------------------- 37
Installing an SSL Certificate -------------------------------------------------------------------------- 42
Creating DNS Records --------------------------------------------------------------------------------- 56
Configuring a Public NAT Address ------------------------------------------------------------------ 56
Installing the License Key ----------------------------------------------------------------------------- 57
Configuring Additional CTERA Portal Servers ------------------------------------------------- 59

Managing CTERA Portal Servers ------------------------------------------------------------------ 63
Enabling/Disabling Remote Support --------------------------------------------------------------- 63
Extending the CTERA Main Database or Catalog Node Storage Pool ---------------------- 64
Upgrading the CTERA Portal Software ---------------------------------------------------------- 69

Index ----------------------------------------------------------------------------------------------------- 71
CTERA Portal
CentOS Edition over VMWare Installation Guide
1
About this Guide
This guide explains how to install the CTERA Portal Datacenter Edition, how to set it up for
initial use, and how to perform a minor upgrade.
If you require assistance in installing your CTERA Portal, contact technical support. It is
recommended to enable remote support as described in Enabling/Disabling Remote Support
(on page 63), in order to enable technical support to remotely access CTERA Portal.
In This Chapter
How to Use this Guide -----------------------------------------------------------------------------------------------3
How to Use this Guide

If you are installing CTERA Portal for the first time:
1 Begin by reading Planning Your Installation (on page 5). Read this section to understand
the installation requirements and options and to plan the number of servers and the
distribution of services.
2 Follow the Installation Workflow (on page 9) for each server that you need to install,
beginning with the master server.
If you are upgrading an existing CTERA Portal 5.0.x installation to a later minor release
version, follow the instructions in Upgrading the CTERA Portal Software (on page 69). If you
are upgrading from CTERA Portal 4.1 to 5.0, please request the relevant guide from CTERA
Support.
CTERA Portal
2
Planning Your Installation
In This Chapter
Server Topology -------------------------------------------------------------------------------------------------------5
Scalability and Load Balancing -------------------------------------------------------------------------------------6
Data Replication and Failover -------------------------------------------------------------------------------------6
Security ------------------------------------------------------------------------------------------------------------------6
Requirements ----------------------------------------------------------------------------------------------------------6
Server Topology
A CTERA Portal installation comprises a cluster of one or more servers. Each server can host
any combination of the following services:
Main database Only one server can host the main database. The server that hosts the
main database is called the master server.
Catalog node A database service that stores file metadata. It can be hosted together
with the main database or on a separate server.
Application service - This service accepts connections and handles requests from Web
and CTTP clients.
Database replication server A passive database service set to replicate an active
database server (main database or a catalog node). During server installation, you can
turn on the replication service and select the database server from which to replicate.
Document preview server This service is in charge of processing document preview
requests. It is mandatory to launch a dedicated document preview server. The document
preview service supports high availability. You can install one or more servers, in order to
ensure uninterrupted document preview generation and redundancy in the event of a
server failure.
By default, the first installed server is a master server, hosting the main database, application
server, and catalog node. In the simplest topology, there are two servers: one server that
includes a main database, catalog node, and application service, and a second server that
provides document preview services. Optionally, you can install any number of additional
servers, for scalability and load balancing (see Scalability and Load Balancing (on page 6))
and for data replication (see Data Replication and Failover (on page 6)).
CTERA Portal
Scalability and Load Balancing

CTERA Portal is horizontally scalable. Additional servers can be added:
As catalog node servers, to increase metadata storage handling capacity and
performance.
As application servers, to increase client handling capacity. Any servers that are enabled
as application servers automatically balance the connected clients between them,
allowing for maximized capacity and availability.
As document preview servers.
Data Replication and Failover

The main database and catalog node services are stateful and any servers hosting these
services contain critical data. It is important to replicate all such servers to maintain the
availability of critical data. The application service is stateless, and therefore, any dedicated
application servers do not require replication or backup. Failover between application servers
is automatic.
The CentOS edition CTERA Portal OS includes a built-in replication function for achieving
higher level of availability. For more information, please refer to "Configuring PostgresSQL
Backup and Streaming Replication".
Replication can be achieved using other platform dependent replication methods (such as
SAN or VMWare-level replication).
Security
All internal communications between CTERA Portal servers is authenticated to prevent
unauthorized access. Nevertheless, to follow the defense in-depth security philosophy, the
master and catalog node servers, which store sensitive data, should be placed in their own
firewalled, isolated network, and only the application server should be allowed to face the
internet.
Requirements
Requirements for the VMWare Virtual Appliance platform:
CTERA Portal must be installed on a machine that meets the following requirements:
VMware ESXi Server 5.0 or later
64-bit virtual machine with minimum 16GB RAM, 2 CPU Cores and 110GB local hard disk
drive
6
CTERA Portal
Access from the virtual machine to a Storage Area Network (SAN) or directly attached
hard drives
Preview servers require at least 16 GB of RAM, 4 CPU cores, and 60 GB of magnetic drive.
The VMDK attached to the CTERA VMs running the CTERA database (applicable for main
database or catalog node) must yield a minimum of 700 TPS (transactions per second). In
order test the TPS on your installation, please contact CTERA support at
http://support.ctera.com.
Requirements for administrator PC:
Web browser
SSH and SCP clients (for example, the freeware PuTTY)
Other Requirements:
Prepare the following:
A public DNS name for the CTERA Portal installation.
An SMTP mail server for sending notifications
Open the following ports on the firewall on each machine that will operate as an application
server, to allow access from/to the Internet:
Table 1: Ports to Open
Port
Direction
Notes
TCP 80
Both
HTTP
TCP 443
Both
HTTPS
TCP 995
Inbound
CTTP. Communications with CTERA appliances

and agents.
TCP 22
Both
SSH
TCP 53
Both
DNS
TCP 25
Outbound
SMTP
UDP 123
Outbound
NTP
TCP 1191
Outbound
GPFS. Required for accessing GPFS nodes.
CTERA Portal
If you are running a separated environment that consists of multiple CTERA servers residing
on separate, firewalled network segments, open the following additional ports between the
CTERA servers (these ports do not need to be accessible from the Internet).
Table 2: Ports to Open Between CTERA Servers
Port
Direction
Notes
TCP 5432
Inbound
PostgreSQL. Applicable for master server and

catalog nodes only.
TCP 443
Both
Updates between the servers.
TCP 22
Both
SSH management between the servers.
TCP 18682
Inbound
Applicable for document preview servers only.
If CTERA Portal will be connected to Active Directory, open the following ports towards the
Active Directory servers.
Table 3: Ports to Open Towards Active Directory Servers
Port
Direction
Notes
TCP 389, 3268,53
Outbound
non-kerberos/ssl
TCP 389, 53, 88
Outbound
Only if Kerberos is used
TCP 636, 3269
Outbound
If SSL is used
UDP 53
Outbound
UDP 88
Outbound
Only if Kerberos is used
Warning
CTERA Portal assumes it operates behind a firewall, and it is important to leave all
other ports closed.
8
CTERA Portal
3
Installing CTERA Portal
In This Chapter
Installation Workflow ------------------------------------------------------------------------------------------------9
Importing the CTERA Portal Virtual Appliance OVF File --------------------------------------------------- 10
Preparing for Production Deployment ------------------------------------------------------------------------ 20
Logging In to the CTERA Portal Server ------------------------------------------------------------------------- 20
Configuring Network Settings ----------------------------------------------------------------------------------- 20
Setting Up the Time Zone ----------------------------------------------------------------------------------------- 34
Initializing the Storage Pool -------------------------------------------------------------------------------------- 35
Installation Workflow
Use this workflow to install CTERA Portal on each server.
1 Import the CTERA Portal virtual appliance OVF file (see Importing the CTERA Portal
Virtual Appliance OVF File (on page 10)).
2 Prepare for production deployment (see Preparing for Production Deployment (on page
20)).
3 Log in to the CTERA Portal server and change the password (see Logging In to the CTERA
Portal Server (on page 20)).
4 Configure network settings (see Configuring Network Settings (on page 20)).
5 Set up the CTERA Portal server's time zone (see Setting Up the Time Zone (on page 34)).
6 Initialize the storage pool (see Initializing the Storage Pool (on page 35)).
7 For the first server you install, follow all of the steps in Configuring the CTERA Portal
Master Server (on page 37).
8 For any additional servers beside the master server, configure the server as an additional
server as described in Configuring Additional CTERA Portal Servers (on page 59).
CTERA Portal
Importing the CTERA Portal Virtual Appliance OVF File

To install the CTERA Portal Server as a virtual appliance on VMWare vSphere
1 Open the vSphere Client.
2 Click File > Deploy OVF Template.
10
CTERA Portal
The Deploy OVF Template window opens displaying the Source dialog box.
3 Click Browse, and browse to the CTERA Portal OVF file.

4 Click Next.
CTERA Portal
11
The OVF Template Details dialog box appear with the CTERA Portal OVF file's details.
5 Click Next.
12
CTERA Portal
The Name and Location dialog box appear.
6 In the Name field, type name for the portal instance.

The name can be up to 80 characters long.
7 Click Next.
CTERA Portal
13
The Host / Cluster dialog box appears.
8 Select the host or cluster on which you want to run the deployed template.
9 Click Next.
14
CTERA Portal
The Resource Pool dialog box appears.
10 Select the resource pool within which you want to deploy CTERA Portal.
11 Click Next.
CTERA Portal
15
The Storage dialog box appears.
12 Select the VMWare data-store in which to store the CTERA Portal virtual machine.
13 Click Next.
16
CTERA Portal
The Disk Format dialog box appears.
14 Select either Thick Provision Eager Zeroed or Thick Provision Lazy Zeroed according to
your preference.
15 Click Next.
CTERA Portal
17
The Network Mapping dialog box appears.
16 Map the networks used in the OVF template to networks in your inventory.
17 Click Next.
18
CTERA Portal
The Ready to Complete dialog box appear.
18 Click Finish.
The Deploying dialog box appears, and CTERA Portal is installed as a virtual appliance.
When installation is complete, a success message appears.

19 Click Close.
20 Start the CTERA Portal virtual machine.
CTERA Portal
19
Preparing for Production Deployment

When deploying a main database server or a catalog node to production: It is
recommended to remove the default 50GB and 60GB VMDKs included in the CTERA
Portal virtual appliance OVF, and attach a VMDK sized 2% of the overall cloud storage you
intend to allocate for the service. Prior to going to production, contact CTERA Support to
evaluate whether the attached drive's performance meets CTERA's main database and
catalog node performance requirements.
When deploying an application server to production: It is recommended to remove the
default 60GB VMDK included in the CTERA Portal virtual appliance OVF.
When deploying a document preview server to production: You may keep the existing
drives included in the CTERA Portal virtual appliance OVF.
Logging In to the CTERA Portal Server

To log in to the portal server
Log in as root, using SSH or through the console.
The default password is "ctera321". You will be prompted to change the password on
your first login.
Configuring Network Settings

By default, the CTERA Portal server obtains an IP address using DHCP.
You can configure network settings by using nmtui, the CentOS built-in network text editor.
To use nmtui
1 Log in as root, using SSH or through the console.
2 Run the following command:
nmtui
The NetworkManager TUI screen appears.
20
CTERA Portal
3 Use your keyboard arrows or the TAB key to navigate between options.
Changing the CTERA Portal Server's Hostname

To change the CTERA Portal server's hostname
1 In nmtui, navigate to Set system hostname and press Enter.
The Set Hostname screen appears displaying the current portal hostname.
2 In the field provided, type the server hostname.

3 Navigate to OK and press Enter.
A confirmation message appears.

The new hostname is configured.
5 Reboot the system by running the following command:
reboot
The changes take effect.
Configuring a Network Interface

Listing a Network Interface
To list all network interfaces
Run the following command:
ifconfig
To list a single network interface
Run the following command:
ifconfig interface_name
CTERA Portal
21
Where interface_name is the name of the network interface you would like to list.
For example, the command ifconfig ens160 will list the network interface named
ens160.
Configuring a Static IP Address for a Network Interface

To configure a static IP address for a network interface
1 In nmtui, navigate to Edit a connection and press Enter.
The following screen appears displaying all network adapters attached to the CTERA
Portal server.
2 Navigate to the network adapter for which you would like to set a static IP address and
press Enter.
22
CTERA Portal
The Edit connection screen appears.
3 Navigate to Automatic next to IPv4 CONFIGURATION, and press Enter, and select
Manual.
4 Navigate to Show next to IPv4 CONFIGURATION, and press Enter.
CTERA Portal
23
Additional fields appear.
5 Navigate to Add next to Addresses, and press Enter.

6 Type the static IP address.
To specify a subnet mask, use the classless inter-domain routing (CIDR) notation. For
example:
To set a class C subnet mask [255.255.255.0], use: 192.168.93.204/24
To set a class B subnet mask [255.255.0.0], use: 192.168.93.204/16
24
CTERA Portal
You can refer to the following link for a full IPv4 CIDR reference:
https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#IPv4_C
IDR_blocks
7 To configure a default gateway for the current network interface, navigate to Gateway,
and type the IP address of the default gateway.
8 To configure a DNS server, navigate to Add next to DNS servers, press Enter, then type
the IP address of the DNS server.
CTERA Portal
25
Tip
You can add multiple DNS servers if desired, by repeating this step.
In the following example, the network interface named ens160 has the static IP address
192.168.93.204, the default gateway address 192.168.90.1, and the two DNS servers
192.168.88.20 and 192.168.88.21.

10 Navigate to Quit and press Enter.
11 Restart the network service, by running the following command:
service network restart
Your changes take effect.
26
CTERA Portal
Enabling DHCP for a Network Interface

To enable DHCP for a network interface
Portal server.
2 Navigate to the network adapter for which you would like to enable DHCP and press
Enter.
CTERA Portal
27
3 Navigate to Manual next to IPv4 CONFIGURATION, and press Enter, and select
Automatic.
28
CTERA Portal
4 Navigate to Remove next to the IP address, and press Enter.

Deactivating a Network Interface

To deactivate a network interface
1 In nmtui, navigate to Activate a connection and press Enter.
CTERA Portal
29
The following screen appears displaying all network adapters attached to the portal
server:
The asterisk (*) to the left of a network adapter's name indicates that the network
adapter is activated.
2 Navigate to an activated network adapter (one with an asterisk) you would like to
deactivate, and press Enter.
The network adapter is deactivated.
Activating a Network Interface

To activate a network interface
1 In nmtui, navigate to Activate a connection and press Enter.
30
CTERA Portal
The following screen appears displaying all network adapters attached to the portal
server:
The asterisk (*) to the left of a network adapter's name indicates that the network
adapter is activated.
2 Navigate to a deactivated network adapter (one without an asterisk) you would like to
activate, and press Enter.
The network adapter is activated.
Configuring Static Routes

To configure a static route for a network interface
CTERA Portal
31
Portal server.
2 Navigate to the network interface for which you would like to set a static route and press
Enter.
3 Navigate to Edit next to Routing, press Enter, and select Add.

The following screen appears.
32
CTERA Portal
4 In the fields provided, type the network destination/prefix, the next hop, and the route
metric.
5 To add additional static routes, navigate to Add and press Enter.

6 To remove existing routes, navigate to Remove next to the static route you would like to
remove and press Enter.
7 When done configuring static routes, navigate to OK and press Enter.

11 To view the list of static routes, run the following command:
CTERA Portal
33
netstat rn
Configuring a Default Gateway

To set a default gateway for the CTERA Portal server
echo "GATEWAY={$default_gateway_ip_address}" > /etc/sysconfig/network
Where {$default_gateway_ip_address} is your default gateway IP address.
For example:
echo "GATEWAY=192.168.90.1" > /etc/sysconfig/network

Setting Up the Time Zone

To configure the CTERA Portal server's time zone
1 Log in as root, using SSH or through the console.
ctera-timezone.sh your-time-zone
For example:
ctera-timezone.sh US/Eastern
ctera-timezone.sh Europe/London
ctera-timezone.sh Asia/Hong_Kong
Tip
For a list of all time zones, run the following command: timedatectl
list-timezones
34
CTERA Portal
Initializing the Storage Pool

To create a new LVM storage pool
1 Run the command fdisk l. In the output, copy the name of the second disk displayed. In
the following example, the second disk is named xvdf.
[root]# fdisk -l
Disk /dev/xvde: 6442 MB, 6442450944 bytes

255 heads, 63 sectors/track, 783 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal) : 512 bytes / 512 bytes
Disk identifier: 0xaae7682d
Device Boot
/dev/xvde1
Start
1
End
Blocks
Id
System
783
6289416
83
Linux
Disk /deve/xvdf: 107.4 GB, 107374182400 bytes

255 heads, 63 sectors/track, 13054 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal) : 512 bytes / 512 bytes
Disk identifier: 0x00000000
Disk /dev/xvdf doesn't contain a valid partition table

[root]#

ctera-storage-util.sh create_storage second_volume_name,
Where second_volume_name is the name of the volume copied in the previous step.
CTERA Portal
35
For example:
ctera-storage-util.sh create_ storage xvdf
3 Restart the portal, by running the following command:
ctera-portal-manage.sh restart.
4 Run the following command to ensure the volume is ok:
ctera-portal-manage.sh status.
The following lines appear in the output:
CTERA Portal: Starting
...
Database Data Directory: Ready
The LVM storage pool is now initialized. For the master server, proceed with Configuring
the CTERA Portal Master Server (on page 37). For an additional server, proceed with
Configuring Additional CTERA Portal Servers (on page 59).
36
CTERA Portal
4
Configuring the CTERA Portal
Master Server
When installing the master server, perform the steps in this chapter after performing the
steps in Installing CTERA Portal (on page 9).
These steps are performed only once, while installing the master server. If you are installing
an additional server, skip this chapter and proceed with Configuring Additional CTERA Portal
Servers (on page 59).
In This Chapter
Performing Initial CTERA Portal Setup ------------------------------------------------------------------------- 37
Installing an SSL Certificate --------------------------------------------------------------------------------------- 42
Creating DNS Records --------------------------------------------------------------------------------------------- 56
Configuring a Public NAT Address ------------------------------------------------------------------------------ 56
Installing the License Key ----------------------------------------------------------------------------------------- 57
Performing Initial CTERA Portal Setup

This procedure is performed only once, on the master server.
Tip
After running the setup wizard, it is possible to reset the setup wizard in order to
run it again. To reset the setup wizard, open the file /etc/ctera/portal.cfg and
change CTERA-INIT-REQUIRED to yes and restart the portal.
To perform initial CTERA Portal setup of the master server
1 Using a Web browser, browse to the CTERA Portal machine's elastic IP address or public
DNS.
CTERA Portal
37
Configuring the CTERA Portal Master Server
The Setup Wizard opens displaying the Select Server operation mode dialog box.
2 Choose This is the Master Server.

3 Click Next.
The Welcome to CTERA Portal dialog box appears.
4 Complete the fields using the relevant information in the following table.
5 Click Next.
38
CTERA Portal
The Email Settings dialog box appears.
6 Complete the fields using the relevant information in the following table.
7 Click Next.
The DNS Domain dialog box appears.
8 In the DNS Suffix field, type the DNS suffix that should be appended to each virtual
portal's name, in order to create the virtual portal's DNS name.
CTERA Portal
39
For example, if a virtual portal's name is "myportal", and the DNS suffix is "acme.com",
then the virtual portal's DNS name will be "myportal.acme.com".
9 Click Next.
The Wizard Completed dialog box appears.
10 Click Finish.
A success message appears.
11 Click OK.
40
CTERA Portal
CTERA Portal opens displaying the Administrator Login page.
12 In the fields provided, type the user name and password you specified in the Setup
Wizard.
13 Click SIGN IN.
The Global Administration View appears displaying the Main > Dashboard page.
By default, CTERA Portal creates a team portal called "portal". For information about how
to rename, view and edit this portal, or create additional reseller or team portals, see the
CTERA Portal Administration Guide.
CTERA Portal
41
Table 4: Setup Wizard Fields

In this field...
Do this...
Username
Type a user name for your CTERA Portal administrator account.
First Name
Type your first name.
Last Name
Type your last name.
Email Address
Type your email address.
Password / Retype Password
Type a password for your CTERA Portal administrator account.
SMTP Server
Type the outgoing mail server address for sending email

messages from CTERA Portal to users.
SMTP Port
Type the port number for sending email messages from CTERA
Portal to users. This port is usually TCP 25.
Sender Email
Type the email address that should appear in the From field of
notifications.
For example: "CTERA Customer Service <support@ctera.com>".
Enable TLS
Select this option to use Transport Layer Security (TLS)

encryption for sending email messages from CTERA Portal to
users.
Server requires authentication
Select this option if the SMTP server requires authentication.
User Name
Type the user name that CTERA Portal should use when
authenticating to the SMTP server.
Password
Type the password that CTERA Portal should use when

authenticating to the SMTP server.
Installing an SSL Certificate

Perform the following steps to install a certificate on CTERA Portal:
1 Note your Portal's DNS Suffix (on page 43)
2 Obtain an SSL Certificate (on page 43)
3 Generate a Certificate Signing Request (on page 45)
4 Sign the Certificate Request (on page 50)
5 Validate and Prepare Certificates for Upload (on page 52)
6 Install the Signed Certificate on CTERA Portal (on page 53)
42
CTERA Portal
Note your Portal's DNS Suffix

Note your CTERA Portal's DNS suffix so that you have it for later steps.
To view your portal's DNS suffix
1 In the navigation pane of the Global Administration View, click Settings > Global Settings.
The Settings > Global Settings page appears.
2 The DNS Suffix field displays the CTERA Portal's DNS suffix.
Obtain an SSL Certificate

It is necessary to obtain a valid certificate signed either by a well-known certificate authority,
or by your own internal certificate authority.
Tip
If you intend to generate a signed certificate using your own internal certificate
authority, please contact CTERA Support at http://www.ctera.com/support
beforehand.
The SSL certificate can be either of the following:
A wildcard certificate
A wildcard SSL certificate secures your website's URL and an unlimited number of its
subdomains. For example, a single wildcard certificate for *.acme.com can secure both
company01.acme.com and company02.acme.com.
CTERA Portal
43
A wildcard certificate is mandatory if you plan for your service to consist of more than
one virtual portal.
A domain certificate
A domain certificate secures a single domain or subdomain only. For example:
company01.acme.com.
This option is relevant if you are planning to provision a single virtual portal only.
44
CTERA Portal
Tip
To obtain a self-signed certificate for testing and evaluation purposes only,

contact CTERA Support at http://www.ctera.com/support and specify your
CTERA Portal's DNS suffix see Obtain your Portal's DNS Suffix (see Note your
Portal's DNS Suffix). CTERA will generate a self-signed certificate for your DNS
suffix and provide you with a ZIP file that you can upload to your CTERA Portal
environment.
Tip
CTERA Portal also supports certificates with Subject Alternative Names (SAN
certificates). This option enables you to secure multiple domain names with a
single certificate.
Generate a Certificate Signing Request

The next step is to generate a certificate signing request (CSR) for your domain using CTERA
Portal. This requires a CTERA Portal Administrator account.
To generate a certificate signing request for your domain
1 In the navigation pane of the Global Administration View, click Settings > SSL Certificate.
The Settings > SSL Certificate page appears.
2 Click Request Certificate.
CTERA Portal
45
The Create a Certificate Request Wizard opens.
3 In the Domain Name field, type the domain name for which you would like to request a
certificate.
The value entered must match the type of certificate you chose to use. For example, if
you chose a wildcard certificate, the domain name might be *.ctera.com.
46
CTERA Portal
In contrast, if you chose a domain certificate, the domain name might be

company01.acme.com, where company01 is the name of your virtual portal.
4 Complete the rest of the fields using the information in the following table.
These fields are optional
5 Click Generate.
A key pair is generated and stored on the portal.
CTERA Portal
47
The Download a certificate request screen appears.
6 Click Download.
The certificate request file certificate.req is downloaded to your computer.
The Settings > SSL Certificate page's Certificate Request area indicates that the certificate
request is pending.
If you issued a wildcard certificate request, the area appears as follows:
If you issued a domain certificate request, the area appears as follows:
48
CTERA Portal
Warning
When you generated the CSR, a private.key file was registered in the CTERA
Portal. If you now generate a new CSR, it will override the existing private.key
file, and signing the old CSR will result in an error message indicating that the CSR
does not match the private.key file. Therefore, do not generate a new CSR
before installing the signed certificate.
Table 5: Create a Certificate Request Wizard Fields
In this field...
Do this...
Domain Name
Type the domain name for which you would like to request a
certificate.
If multiple virtual portals are configured, each virtual portal has
its own DNS name. In this case, the SSL certificate should be a
wildcard certificate, that is, the DNS name embedded in the
certificate should start with "*".
If you have only one portal, and do not intended to configure
multiple virtual portals, then it is sufficient to purchase a
regular SSL certificate (not a wildcard certificate).
To request a certificate that specifies multiple alternative
names, type the multiple names in this field, separated by
semicolons. The certificate will include the subjectAltName
certificate extension.
Organizational Unit
Type the name of your organizational unit.

This field is optional.
Organization
Type the name of your organization.

City
Type your city.

State
Type your state.

Country
Select your country.

CTERA Portal
49
Sign the Certificate Request

The next step is to sign the certificate request.
To sign the certificate request
1 Send the certificate.req file you generated to your certificate authority for signing.
If the request is successful, the certificate authority will send back an identity certificate
that is digitally signed with the certificate authority's private key.
Tip
The certificate authority should return a base-64 encoded identity certificate.

2 Open the identity certificate and verify that the Issued to field includes the DNS suffix you
provided upon creating the certificate request.
3 Build a certification chain from your identity certificate to your trusted root certificate.
In order to do this, you will need to obtain all of the intermediate certificates, as well as
your root certificate authority's self-signed certificate.
50
CTERA Portal
If you are using a well-known certificate authority, the intermediate certificates and the
root certificate authority's self-signed certificate can be downloaded from your certificate
authority website. If you are using your own internal certificate authority, contact the
necessary entity to provide you with the required intermediate and self-signed certificate.
In the above example, the certificate was issued by "Go Daddy Secure Certification
Authority" to "*.ctera.com". In order to build the certification chain, it is necessary to
obtain a certificate issued to "Go Daddy Secure Certification Authority".
CTERA Portal
51
This certificate was issued by "Go Daddy Class 2 Certification Authority" to "Go Daddy
Secure Certification Authority". In order to continue the certification chain, it is necessary
to obtain a certificate issued to "Go Daddy Class 2 Certification Authority".
Since this last certificate is a self-signed certificate, (that is, it was issued to and by the
same entity), the certification chain is complete.
Validate and Prepare Certificates for Upload

The next step is to validate and prepare certificates for upload.
To validate and prepare certificates for upload
1 Verify that none of the certificates in the certificate chain are corrupted or using invalid
encoding.
To do so, open each certificate in a program such as Notepad or Word, and verify that it
contains the following:
-------- BEGIN CERTIFICATE ------<CERTIFICATE CONTENT>
-------- END CERTIFICATE -------
2 Rename the identity certificate issued to "*.ctera.com" to certificate.crt.
52
CTERA Portal
3 Change the file extension of the other certificates in the certificate chain to "crt".
For example, certificate-name.crt.
4 Archive all of the certificates (the identity certificate, the intermediary certificates, and
the root self-signed certificate) in a ZIP file called certificate.zip.
For example:
Install the Signed Certificate on CTERA Portal

Once you have obtained an SSL certificate you must install it on CTERA Portal. The certificate
must match the pending certificate request and keypair.
To install an SSL certificate
1 In the navigation pane of the Global Administration View, click Settings > SSL Certificate.
The Settings > SSL Certificate page appears.
2 Click Install Signed Certificate.
CTERA Portal
53
The Upload Certificate Wizard opens.
3 Click Upload and browse to the the certificate.zip file you created. All the
certificates in the certificate chain must be present in the ZIP file in X.509 format, and
each file must have a ".crt" extension.
The certificate is installed on CTERA Portal.
4 Click Finish.
5 Restart all the CTERA Portal servers.
See Restarting Servers.
6 Verify that the certificate updated successfully, by browsing to your CTERA Portal.
54
CTERA Portal
You should receive no security exception messages.
Restarting Servers
CTERA Portal servers can be restarted from the CTERA Portal web page.
To restart a server
1 Access the CTERA Portal's Global Administration View.
2 In the navigation pane, click Main > Servers.
The Main > Servers page appears.
3 Select the server you want to restart.
4 Click Restart.
The server is restarted.
CTERA Portal
55
Creating DNS Records

The CTERA Portal includes a built-in DNS server. This server automatically resolves the
domain names of all the defined virtual portals, as well as names of devices using the remote
access service. In order for this DNS server to work, you must register it using an NS (Name
Server) record on your DNS server.
The procedure used for configuring the DNS for remote access depends on the whether you
have purchased a dedicated domain (i.e. the DNS suffix includes only records for the CTERA
Portal) or not (i.e. the DNS suffix includes records that are unrelated to the CTERA Portal).
If you have a dedicated domain
If you have a dedicated domain for the CTERA Portal, (i.e. a dedicated zone with no other
servers other than the CTERA Portal), then the NS record can be created just once, in that
zone.
For example, for a DNS suffix called storage.acme.com and two CTERA Portal servers with IPs
192.168.0.3 (master) and 192.168.0.4 (secondary), you would register:
A
srv1.acme.com
192.168.0.3
srv2.acme.com
192.168.0.4
Next, you would create an NS record for each server to the zone acme.com:
NS
storage.acme.com
srv1.acme.com
NS
storage.acme.com
srv2.acme.com
Configuring a Public NAT Address

Immediately after deploying a CTERA Portal instance, the CTERA Portal server will respond to
DNS requests with its private internal IP address. In order to make the CTERA Portal available
via the Internet, and to enable the CTERA Portal to respond to DNS queries with the public IP
address, you must configure the CTERA Portal's public NAT address.
To configure a Public NAT address
3 Click on the server.
56
CTERA Portal
The Server Manager opens displaying the General Settings tab.
4 Select the Public NAT Address check box.

5 In the Public NAT Address fields, type the public IP address.
6 Click Save.
Installing the License Key

Your CTERA Portal includes a default license for 30 days. If you have a permanent license,
install it using the following procedure.
To install the new license key
1 Browse your CTERA Portal and log in as the administrator.
2 Select Administration from the Portal drop-down list to navigate to the Global
Administration View.
3 In the navigation pane, click Settings > License.
The Settings > License page appears.
4 Click Add license key.
CTERA Portal
57
The Add License Keys dialog box opens.
5 Copy the license key you received from CTERA, and paste it into the text box.
The system verifies and activates the license key by contacting the CTERA Activation
service. When the license key is activated, it is associated with this installation of CTERA
Portal.
6 (Optional) In the Comment field, add a comment.
The comment will be displayed in the License page. You can use this comment to
document the purchase order number associated with the license, and the like.
7 Click Save.
58
CTERA Portal
5
Configuring Additional CTERA
Portal Servers
When installing an additional server, follow this procedure after performing the steps in
Installing CTERA Portal (on page 9). (All servers except the master server are additional
servers.)
By default, the server will be an application server running no other service. After initial
setup, the application service and catalog node service can each be enabled or disabled
through the CTERA Portal web interface (see the CTERA Portal Administration Guide for
details).
Tip
For document previews to work, it is necessary to install at least one document

preview server.
To configure an additional server
1 Using a Web browser, browse to the CTERA Portal machine's IP address.
The Setup Wizard opens displaying the Select Server operation mode screen.
2 Choose Master Server details.
CTERA Portal
59
Configuring Additional CTERA Portal Servers
3 Enter the address of the master server in the Address field, and then either enter the
private key in the Insert key field, or select Upload file and use the Select button to
browse for the private key file.
4 Click Next.
The Replication dialog box appears.
5 To configure this server as a replica of the main database or a catalog node, select the
Replicate the following server check box, then select the server you want to replicate in
the drop-down list.
6 Click Next.
60
CTERA Portal
The Wizard Completed dialog box appears.
7 Click Finish.
A success message appears.
8 Click OK.
CTERA Portal opens displaying the Administrator Login page.
9 In the fields provided, type the user name and password you specified in the Setup
Wizard for the master server.
CTERA Portal
61
10 Click Log In.

The Global Administration View appears displaying the Main > Dashboard page.
The Main > Servers page appears, displaying all servers.
12 Select the desired server's row and click View.
The Server Manager opens displaying the General Settings tab.
13 Select the check boxes next to the services to be provided by this server.
The server can act as an application server, catalog node, or a document preview server.
14 Click Save.
62
CTERA Portal
6
Managing CTERA Portal Servers
In This Chapter
Enabling/Disabling Remote Support --------------------------------------------------------------------------- 63
Extending the CTERA Main Database or Catalog Node Storage Pool ---------------------------------- 64
Enabling/Disabling Remote Support

You can enable remote assistance by the CTERA support team, by using the
ctera-support.sh script. This script adds a user called "support", which the CTERA
Support Team can uses to remotely access and log in to your CTERA Portal. In addition, see
the details at http://www.ctera.com/supportaccess.
To enable remote support
1 Log in as root.
2 In the command line, enter the following command:
ctera-support.sh enable
The "support" user is created.
To disable remote support
1 Log in as root.
2 In the command line, enter the following command:
ctera-support.sh disable
The "support" user is deleted.
CTERA Portal
63
Extending the CTERA Main Database or Catalog Node

Storage Pool
To extend the CTERA main database or catalog node storage pool
1 For each CTERA Portal instance you have installed on AWS, stop CTERA services, by doing
the following:
a Open a SSH session to the CTERA Portal instance.
b Log in as the root user.
c Stop the CTERA Portal services, by running the command:
ctera-portal-manage.sh stop
2 Attach a VMDK drive to the CTERA Portal server, by doing the following:
a In your VMware management console, edit the relevant portal server settings.
b
c Click Add.
64
CTERA Portal
The Add Hardware Wizard opens displaying the Device Type dialog box.
d Choose Hard Disk.

e Click Next.
The Select a Disk dialog box appears.
Choose Create a new virtual disk.
g Click Next.
CTERA Portal
65
The Create a Disk dialog box appears.
Tip
By default, the VMDK will be stored with the virtual machine. If you prefer to
store the VMDK on an alternate datastore, choose Specify a datastore or a
datastore cluster, click Browse, and select the relevant datastore.
h Click Next.
The Advanced Options dialog box appears.
Click Next.
66
CTERA Portal
The Ready to Complete screen appears.
Click Finish.
The new hard disk is added.
Tip
In certain cases, you may be required to reboot the CTERA Portal server, in order
for the VMDK drive you attached to be identified.
3 Extend the CTERA Storage Pool, by doing the following:
a Log in as root to your CTERA Portal server over SSH.
b Identify the name of the device you attached, by running the following command:
fdisk l
Locate the device name according to its size and usage information.
c Run the following command to extend the CTERA Storage Pool:
ctera-storage-util.sh extend_storage device_name
Where device_name is the device name copied in the previous step.
The main database or catalog node storage pool is extended.
4 To view the storage pool size, run the following command:
df h /usr/local/lib/ctera
5 For each CTERA Portal instance you installed on AWS, starting from the CTERA Portal
main database and catalog node and proceeding to the application servers, start CTERA
Portal services by doing the following:
CTERA Portal
67
a Open an SSH session to the CTERA Portal instance.

b Run the following command:
ctera-portal-manage.sh start
68
CTERA Portal
7
Upgrading the CTERA Portal
Software
A minor upgrade from an existing CTERA Portal 4.0 installation to a later minor release
version requires upgrade of the CTERA Portal software only.
To upgrade the CTERA Portal software
CTERA Portal
69
Upgrading the CTERA Portal Software
3 In the upper-right corner, click Install new version.
4 Upload the CTERA Portal minor version provided by CTERA.

All servers in your CTERA Portal installation are upgraded.
70
CTERA Portal
Index
A
About this Guide 3

Activating a Network Interface 30
Importing the CTERA Portal Virtual Appliance

OVF File 9, 10
Initializing the Storage Pool 9, 35
Install the Signed Certificate on CTERA Portal
42, 53
Installation Workflow 3, 9
Installing an SSL Certificate 42
Installing CTERA Portal 9, 37, 59
Installing the License Key 57
C
Changing the CTERA Portal Server's Hostname
21
Configuring a Default Gateway 34
Configuring a Network Interface 21
Configuring a Public NAT Address 56
Configuring a Static IP Address for a Network
Interface 22
9, 36, 37, 59
Configuring Network Settings 9, 20
Configuring Static Routes 31
9, 35, 36, 37
Creating DNS Records 56
L
Listing a Network Interface 21
Logging In to the CTERA Portal Server 9, 20
M
Managing CTERA Portal Servers 63
Miscellaneous Procedures 3
Note your Portal's DNS Suffix 42, 43
Data Replication and Failover 5, 6

Deactivating a Network Interface 29
E
Enabling DHCP for a Network Interface 27
Enabling/Disabling Remote Support 3, 63
Extending the CTERA Main Database or
Catalog Node Storage Pool 64
G
Generate a Certificate Signing Request 42,
45
H
How to Use this Guide 3
Obtain an SSL Certificate 42, 43
P
Performing Initial CTERA Portal Setup 37
Planning Your Installation 3, 5
Preparing for Production Deployment 9, 20
R
Requirements 6
Restarting Servers 53, 55
S
Scalability and Load Balancing 5, 6
Security 6
CTERA Portal
71
Index
Server Topology 5
Setting Up the Time Zone 9, 34
Sign the Certificate Request 42, 50
U
Upgrading the CTERA Portal Software 3, 69
V
Validate and Prepare Certificates for Upload
42, 52
72
CTERA Portal

CTERA Portal Installation Guide CentOS Edition Over VMWare

Caricato da

Informazioni sul documento

Descrizione originale:

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

CTERA Portal Installation Guide CentOS Edition Over VMWare

Caricato da

Copyright:

Formati disponibili

Installation Guide

Copyright 2009-2015 CTERA Networks Ltd.

Planning Your Installation ---------------------------------------------------------------------------- 5

Installing CTERA Portal -------------------------------------------------------------------------------- 9

Configuring the CTERA Portal Master Server -------------------------------------------------- 37

Configuring Additional CTERA Portal Servers ------------------------------------------------- 59

Upgrading the CTERA Portal Software ---------------------------------------------------------- 69

How to Use this Guide

Planning Your Installation

Scalability and Load Balancing

Data Replication and Failover

Planning Your Installation

CTTP. Communications with CTERA appliances

GPFS. Required for accessing GPFS nodes.

Planning Your Installation

PostgreSQL. Applicable for master server and

Updates between the servers.

SSH management between the servers.

Applicable for document preview servers only.

TCP 389, 3268,53

TCP 389, 53, 88

Only if Kerberos is used

TCP 636, 3269

Only if Kerberos is used

Installing CTERA Portal

Importing the CTERA Portal Virtual Appliance OVF File

2 Click File > Deploy OVF Template.

Installing CTERA Portal

3 Click Browse, and browse to the CTERA Portal OVF file.

Installing CTERA Portal

Installing CTERA Portal

The Name and Location dialog box appear.

6 In the Name field, type name for the portal instance.

Installing CTERA Portal

The Host / Cluster dialog box appears.

Installing CTERA Portal

The Resource Pool dialog box appears.

Installing CTERA Portal

The Storage dialog box appears.

Installing CTERA Portal

The Disk Format dialog box appears.

Installing CTERA Portal

The Network Mapping dialog box appears.

Installing CTERA Portal

The Ready to Complete dialog box appear.

When installation is complete, a success message appears.

Installing CTERA Portal

Preparing for Production Deployment

Logging In to the CTERA Portal Server

Configuring Network Settings

Installing CTERA Portal

Changing the CTERA Portal Server's Hostname

2 In the field provided, type the server hostname.

4 Navigate to OK and press Enter.

Configuring a Network Interface

Installing CTERA Portal

Configuring a Static IP Address for a Network Interface

Installing CTERA Portal

The Edit connection screen appears.

4 Navigate to Show next to IPv4 CONFIGURATION, and press Enter.

Installing CTERA Portal

Additional fields appear.

5 Navigate to Add next to Addresses, and press Enter.