1 / 32

Troubleshooting StorageSecure Appliance

Troubleshooting StorageSecure Appliance. Module 3: Lesson 6 SafeNet StorageSecure Storage Security Course. Lesson Objectives. By the end of this lesson, you should be able to: Identify the field replaceable units (FRUs) in SafeNet® StorageSecure appliance

ghita
Download Presentation

Troubleshooting StorageSecure Appliance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Troubleshooting StorageSecure Appliance Module 3: Lesson 6 SafeNet StorageSecure Storage Security Course

  2. Lesson Objectives • By the end of this lesson, you should be able to: • Identify the field replaceable units (FRUs) in SafeNet® StorageSecure appliance • Decode SafeNet StorageSecure appliance LED error messages • Troubleshoot SafeNet StorageSecure appliance

  3. SafeNet StorageSecure FRUs • The Field Replaceable Units within the SafeNet StorageSecure appliance are: • Power supplies • SFP/SFP+ • All other components requires an RMA

  4. Front Panel LEDs

  5. StorageSecure LEDs • See StorageSecure LEDs for information about the appliance: • PWR – Power Condition • SEC – Ability to provide encryption services • MGT – Management interface network link • CLIENT – Client interface network link • NAS – Storage interface network link • ALM – Appliance alarm • ENV – Temperature alarm • SCR – Smartcard activity

  6. Logging Functions • Log messages are stored in one of multiple appliance logs, depending on the reason and severity of the logged event • View the content of the various appliance logs depending on the log storage location • To access the SafeNet StorageSecure logs in temporary storage locations use the sys util command; for example: • sys util cat /var/log/performance • To view the database logs: • In the SafeNet StorageSecure Management Console, select Diagnostics -> View System Log

  7. Troubleshooting - General • Console issue • Issue: When connecting to the StorageSecure using the USB to Serial cable, wrong characters are displayed on the screen. • Suggested Solution: Connecting to the StorageSecure using a different USB cable / directly to a serial port ; In certain scenario’s reboot to the StorageSecure may be required. • NFS Storage Vault creation • Issue: A problem to create a Storage Vault when using NFS on Linux Server. • Suggested Solution: Restart NFS service on the NFS Server /sbin/service nfsrestart (Command may differ depending on the Linux distribution)

  8. Troubleshooting – General – Cont. • Problem to add a CIFS domain • Issue: A message that the time between the StorageSecure and the AD is not correct appears when trying to add a CIFS domain, even though the date and time are set correctly. • Suggested Solution: Uncheck the Auto Daylight Saving option on the Domain Controller and adjust the time

  9. StorageSecure and Anti Virus software • Anti Virus running directly on the encrypted storage is not useful ; Because the virus signatures are also encrypted, the Anti Virus will not be able to detect them. • If the storage needs to be checked with an Anti-Virus software, permit access from the Anti Virus server to the storage vaults through StorageSecure.

  10. Troubleshooting Smart Cards 1/4 • Management station does not detect Admin Card • Reset Admin Card • Reload card reader software • Reset System Card • The appliance needs a new or reset System Card in order to complete the Setup Wizard. • If the System Card was not inserted into the appliance chassis during zeroization or if it was not properly reset during zeroization, manually reset it. • Lost System Card • Zeroize, insert a new System Card and run the Setup Wizard.

  11. Troubleshooting Smart Cards 2/4 • Card not recognized • The reader may incorrectly identify the type of smart card. Pull out and reinsert the card. Wait a few seconds for the card reader to detect card insertion (indicated by the status light turning green on the smart card reader) before clicking OK. • Disconnect and reconnect the smart card reader. • Do not open the WebUI for more than one SafeNet StorageSecure appliance at a time on a single Management Station.

  12. Troubleshooting Smart Cards 3/4 • Lost Admin Card when Secure SSMC is enabled • Log in with a different Admin Card and associate a replacement Admin Card with an existing or new administrator. • If all Admin Cards are lost and Secure command-line interface is not enabled, log in to the command-line interface and disable Secure SSMC by running the CLI command: system property set sys.security.web.usesmartcard0. Then log in to SSMC and associate a replacement Admin Card with an existing or new administrator. • If both CLI and SSMC login are smart card enabled and all Admin Cards are lost, zeroize the appliance using the serial console.

  13. Troubleshooting Smart Cards 4/4 • Problem with multiple smart card readers • Multiple card readers are not supported for Cluster Recovery operations. • Lost Recovery Card • Assemble a quorum of Recovery Officers and replace the Recovery Card. • Smart card errors appear • Use an eraser to clean the metal contact on the smart card.

  14. Useful Troubleshooting Commands • Show recent log messages: • system log list • system util cat /var/log/operation • Show recent activities: • system utilstacklog

  15. Network Troubleshooting Commands • Display high-level network status: • net status • Translate hostnames to IP addresses: • net util host • Use Ping in order to verify that network packets can reach the destination host • net util ping • Display information about network interfaces: • net utilifconfig • Display network status and/or statistics: • net utilnetstat

  16. Hostname Lookup • Use net util host to verify the hostname-to-IP-address translations • Sends a query to the DNS server to convert hostnames to IP addresses, and IP addresses to hostnames • net util host <hostname> • net util host <IP address>

  17. Display Network Interfaces • Use net utilifconfig [option] to display information about network interfaces • -a Display all interfaces • -u Only display interfaces that are up • -d Only display interfaces that are down • -m Show acceptable media types • For example: net utilifconfig –u • Verify that the correct IP addresses are assigned • Verify that correct speed was negotiated

  18. Sample ifconfig Output > net utilifconfig -u bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500inet 10.254.133.153 netmask 0xfffffc00 broadcast 10.254.135.255 inet 10.254.133.182 netmask 0xffffffff broadcast 10.254.133.182 inet 10.254.133.183 netmask 0xffffffff broadcast 10.254.133.183 ether 00:10:18:14:bb:64 media: Ethernet autoselect (1000baseTX <full-duplex>)status: active bge1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet 10.254.133.154 netmask 0xfffffc00 broadcast 10.254.135.255 ether 00:10:18:14:bb:62 media: Ethernet autoselect (1000baseTX <full-duplex>) status: active lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 inet 127.0.0.1 netmask 0xff000000

  19. Display Network Status and Statistics • Use net utilnetstat [option] to display network status and statistics • By default reports on network connections • -a Display all sockets • -I Display statistics for all interfaces • -I Display statistics for specific interface • -r Display routing table • -m Display network buffer (mbuf) statistics • -p Display protocol-specific statistics • -s Display statistics for all protocols • -n Display IP address instead of hostname • For example: net utilnetstat -r

  20. Display Network Interface Statistics • > net utilnetstat –I Name Mtu Network Address IpktsIerrsOpktsOerrsColl Bge0 1500.10.254.132/2210.254.133.153 1631969 2450168 - bge0 1500.10.254.133.18 10.254.133.182 9875 - 24 Bge0 1500.10.254.133.18 10.254.133.183 9840 - 24 Bge1 1500.10.254.132/22 10.254.133.154 1083007 0 - lo0 16384 127 127.0.0.1 17424 - 17424

  21. Display the Routing Table • net utilnetstat -r Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 10.254.132.1 UGSc 2 31615 bge0 10.254.132/22 link#3 UC 6 0 bge0 10.254.132.1 0:0:5e:0:1:8c UHLW 3 21 bge0 242 10.254.132.2 0:a0:8e:33:80:13 UHLW 0 0 bge0 1199 10.254.132.10 0:50:56:61:3:fc UHLW 0 5363 bge0 1195 10.254.133.151 0:10:18:14:b4:55 UHLW 2 795221 bge0 206 10.254.133.182/32 link#3 UC 0 0 bge0 10.254.133.183/32 link#3 UC 0 0 bge0 10.254.134.6 0:4:96:18:40:f0 UHLW 0 0 bge0 1175 10.254.135.255 ff:ff:ff:ff:ff:ffUHLWb 2 3700 bge0 127.0.0.1 127.0.0.1 UH 1 16032 lo0

  22. Networking Properties • There are two sets of network interface-related properties • Display the properties that control the behavior of the client interface • net.client.* properties • Display the properties that control the behavior of the storage interface • net.server.* properties • After changing property values, run net apply, otherwise the changes do not take effect

  23. Ethernet Frame Size • Jumbo frames supported • Maximum frame size is 9578 (NetAppDatafort E-Series had support of up to 8998 bytes) • The current frame size is reported in the net utilifconfigand net utilnetstat –ioutput as Maximum Transmission Unit (MTU) • Change the MTU value with the properties settings net.client.mtunet.server.mtu

  24. Interface Settings • Duplex mode and speed are negotiated • Interface speeds can be hard set with: net.*.media • Valid values: 1000baseTx, 100baseTx, auto • Duplex mode can be hard set with: net.*.mediaopt • Valid values: half-duplex, full-duplex

  25. Trace Network Traffic • Run a packet analyzer tool on a machine connected between the Storage Client and the StorageSecure , or between the StorageSecure to the Storage in order to trace the network traffic. • Packet analyzer tools can include wireshark, tcpdump and others.

  26. NAS-Specific Troubleshooting • Diagnosing privilege problems • Users unable to access Storage Vaults and/or files • Active Directory® or Kerberos issues? • Analyze TCP/IP traffic • Trace TCP/IP I/O to diagnose NAS errors

  27. NAS Privilege Problems • Many access errors are caused by Kerberos • Most Kerberos errors are really DNS errors • Verify that DNS is properly configured • Confirm hostname  IP address translations • Client hosts • SafeNet StorageSecure real and virtual server • File servers • Domain controllers • Use net util host

  28. Diagnosing NAS Privilege Problems • Enable NAS audit logging • Through the SafeNet StorageSecure Management Console • From the command-line interfacesys prop set <property-name> enable • NAS Audit logging properties • sys.proc.syslogd.conf.nas_auth • sys.proc.syslogd.conf.nas_acl • sys.proc.syslogd.conf.nas_file_access • sys.proc.syslogd.conf.nas_cry_access

  29. Tech Dump Commands • Prepare a report about the domains in the configuration database:system utiltechdump domain • Prepare a report about the operating system: system utiltechdumpos • Prepare a report about the servers in the configuration database: system utiltechdump server • Prepare a report about the users in the configuration database: system utiltechdump user

  30. Stack Traces • StorageSecureOperating System creates an execution stack trace if the kernel panics • View the stack trace:system utilstacklog • SafeNet believes that trace does not expose user or critical data • Disable stack trace creation:system property set sys.stacktrace.enabled 0

  31. Technical Support • Technical Support requests the following information: • Audit logs • Reproduce the problem behavior • Capture a tech dump

  32. Lesson Summary • In this lesson, you should have learned to: • Identify the FRUs in SafeNet StorageSecure appliance • Decode SafeNet StorageSecure appliance LED error messages • Troubleshoot SafeNet StorageSecure appliance

More Related