Knowledge Base

Panzura CloudFS

CloudFS Administration Guide

Panzura Filer Quick Start Guide

This quick start guide is an abbreviated version of the Installation Guide. For additional information, see the Installation Guide for your filer platform.

Only pertains to those running Panzura Cloud FS Version 8.

Web Browser Requirement: The Panzura Filer’s WebUI and setup wizard are supported only on Google Chrome version 59.03071 or above.

Deployment Mode: One-arm or Inline

The filer can be deployed in either of the following modes:

One-arm mode: Client and cloud traffic pass through the same interface. Connect LAN1 to clients and to your Cloud Storage Provider (CSP).
Inline: Client and cloud traffic use separate interfaces. Connect LAN1 to clients and WAN1 to your CSP. The LAN and WAN ports must be on different subnets.

One-arm Mode

Inline Mode

The following diagrams show the features on the front and back control panels of physical Panzura Filers.

Pre‐installation Checklist

Before you log onto the filer for initial setup using the wizard, see the tables in Gather Information. Filling in a copy of the tables prior to starting the setup wizard on the filer can help make the initial deployment process easier and quicker.

The following table lists the information items you will need to enter or select when using the setup wizard. To simplify deployment, you may want to fill out the table before you log onto the filer for initial setup using the wizard.

Deployment Setting	Enter Your Values Here
End User License Agreement (EULA) and Admin Info
You will need to agree to the EULA, and enter the following contact information: Name Email Title
Login Credentials for the Filer(s)
Administrator username and password for the Master Filer. Default: admin, admin Note: For AWS AMI and Microsoft Azure VM platforms, the filer does not have a default password. Instead, the initial password for the admin login comes from one of the following sources: AMI: The initial admin password is dynamically generated by encrypting the key file (.pem). Azure: The password is entered by the user during Azure VM deployment. Note:* After initial deployment using the setup wizard, all filers within the CloudFS require the Master Filer's admin username and password for login.
Operational Mode
Function that the filer will serve: Master: The managing filer for a group of distributed filers deployed as a CloudFS. All licenses and configuration settings are added to the Master Filer and automatically propagate to the Subordinate Filers. Subordinate: By default, all filers are set as Subordinates, and are managed by the designated Master. HA‐Local: The filer will be a standby for another, active filer. The HA-Local filer is a dedicated backup for only one other filer, and both filers must be in the same IP subnet. HA‐Global: The filer will be a backup for n active filers. The active filers can be located remotely or in the same subnet as the HA-Global filer.
Type of network deployment (one‐arm or inline): Inline: If the cloud traffic and client traffic are on different networks, then this is the recommended deployment option. In an inline deployment, the filer is connected to the network by separate LAN and WAN interfaces. One‐arm: In a one‐arm deployment, the filer is connected to the network through a single interface (LAN). The filer is not directly in the traffic path between the internal and external networks. Use this method only if the cloud and client traffic are on the same network.
LAN (Client-side) Addresses
The filer's IP address can be assigned by DHCP or statically. Tip Best practice is to use static addressing. For static addressing, gather the following information: Filer IP address and subnet mask Default gateway Primary DNS Secondary (backup) DNS
WAN (Cloud) Addresses
For inline deployment only: Host IP address and subnet mask of filer Default gateway
General Filer Settings
Filer hostname
File system name
Filer domain name
NTP server address
Master Filer information (used when setting up non-Master filers): Master Filer's hostname Login username and password for Master Filer's WebUI
Hostname/IP address and filesystem name of the active filer, if this filer is an HA‐Local standby.
Licenses
You can install Panzura licenses using a license token or individual license files. License Token: A single license token contains the license to operate, along with licenses for additional storage services. During setup, the wizard communicates with the license server to validate the token. This is the simpler method and is recommended for new deployments. Individual License Files: License files apply to individual features. A typical installation requires multiple license files. To obtain a license token or individual license files for your filer, please contact Panzura or your Panzura representative.
Cache Sizing
Cloud Storage To Allocate: Estimate how much storage will be moved to the cloud. The default is 1 TB.
Percentage of Cache: Estimate the percentage of cloud-stored data to keep in the filer's cache for local access. This depends upon the use case typically 10% is a good starting point.
Virtual Disk Settings (VM Filers only)
For VM platforms, you will need information to assign disk capacity for metadata and cache. Amazon: You will need the private key file, AWS access key and AWS secret key. Azure: Make sure that you added disk capacity when setting up the VM. For information on setting up a VM in Azure, see the installation guide for your Panzura Filer platform. VMware: You will need the ESX host IP address or hostname, username and password to access the host. The ESX host must be managed by a vCenter/vSphere. The username and password ESX credentials are required to access the vCenter/vSphere server to provide and choose a list of datastores. They are not used to access the host (through SSH).
Cloud Storage Provider (CSP)
Gather the information required for your cloud provider. (See the Panzura Administration Guide.) (Cloud Provider Information.)

Site Preparation

Panzura Filers use certain protocol ports as part of its normal operation. The firewall through which traffic to or from the filer will pass may need to be configured to allow this traffic. The table below lists the protocol ports that Panzura Filers use.

The table in Required Ports lists the protocol ports that Panzura Filers use.

Table Notes

For each protocol port, the table lists the filer's physical port (LAN or WAN) on which the traffic is expected, and whether sessions are initiated by the filer or by another device:

In: Session traffic is initiated by another device and received by the filer on the indicated port.
Out: Session traffic is initiated by the filer and sent out the indicated port.
Both: Session traffic may be initiated locally or remotely.

In One-arm mode, local traffic (LAN) and cloud traffic (WAN) uses the LAN port. For this reason, the LAN column applies to both LAN and WAN traffic.

Port	Inline		One-Arm	Description
Port	LAN	WAN	LAN	Description
22/TCP	Both		Both	SSH (used for management traffic between filers)
80/TCP 443/TCP	In		In	WebUI
22/TCP 80/TCP 443/TCP		Out	Out	Support Assistance (SA) SA access requires at least 1 of these ports. Note: SA is optional but recommended. To use SA, the following also is required: A route from the filer to the Internet. Access to DNS. SA is located at the following URL: saconnect.panzura.com
53/TCP 53/UDP	Out		Out	DNS
80/TCP 443/TCP		Out	Out	HTTP/HTTPS access to object store in cloud
88/TCP 88/UDP	Out		Out	Kerberos
111/TCP 111/UDP 2049/TCP 2049/UDP 4045/TCP 4045/UDP	In		In	Network File System (NFS) protocols: RPC, NFS, and lockd Note: Required only if NFS support will be enabled on the filer(s).
123/UDP	Out		Out	Network Time Protocol (NTP)
137/UDP 138/UDP 139/UDP	Out		Out	NetBIOS (WINS)
161/TCP 161/UDP 162/TCP 162/UDP	Both		Both	SNMP SNMP traps
389/TCP 389/UDP	Both		Both	LDAP Active Directory (AD)
445/TCP 445/UDP	In		In	SMB file protocol
514/TCP 514/UDP	Out		Out	Syslog Note: Optional. Needed only if the filer will send its logs to a remote syslog server.
35357/TCP		Out	Out	HP Cloud object store Note: Required only if HP Cloud object store is used.
ICMP	In		In	Ping replies

Cloud Storage Provider Requirements

Check with your CSP or Panzura Support. Or see the Panzura Administration Guide.) Cloud Provider Information.

Filer IP Address

You will need to navigate to the filer's IP address to start the setup wizard. The LAN1 port on physical platform filers is configured for DHCP by default. If a DHCP server is not available, the filer uses the following default addresses:

Management (WebUI, CLI, API): 192.168.88.88
iDRAC interface: 192.168.88.89

VM platform filers receive their IP settings from the VM host.

Finding the Filer IP Address

On a physical filer, do any of the following:

Connect to the iDRAC port and log in (admin, admin). Java is required.
Connect to the CLI console on the Serial port, log in (admin, admin), and enter the following command: show mgmt-if-addr

On a VM filer, see the VM host or VM manager.

Changing the Filer IP Address (using the CLI)

If you plan to change the IP address when using the setup wizard, skip this section. Otherwise, to change the filer IP address using the CLI:

Power on the filer.
Attach a laptop PC to the filer:

To use iDRAC, attach a laptop PC to the iDRAC port and open a terminal emulator. Enter console com2 followed by the commands shown in step 3.
To use the CLI, attach a laptop PC to the Serial port. Open a terminal emulator and enter the commands shown in step

3.Enter the following commands:

cloudfs> enable

Password: enable

cloudfs# configure terminal

cloudfs(config)# mgmt-if-mode Static

cloudfs(config)# mgmt-if-addr <filer-ip> <subnet-mask> <gateway-ip>

cloudfs(config)# exit

cloudfs# write memory

cloudfs# logout

Running the Setup Wizard

Browser Requirement: The Panzura Filer’s WebUI is supported only on Google Chrome version 59.03071 or above.

Power on the filer (if not already on).
Use a browser to navigate to the filer's management address (WebUI address).
Follow the instructions on the wizard screens. (Make sure to click Help to display the help text!)

The Panzura Filer’s WebUI is supported only on Google Chrome version 59.03071 or above.
Depending on the filer model, the LAN1 interface may have any of the following names: LAN1, bge0, ix0. Likewise, the WAN1 interface may have any of the following names: WAN1, bge1, ix1.
If the filer includes the optional 10GB NIC, the 10BG ports are used for LAN1 and WAN1 instead of the 1GB ports.
If NIC teaming is used, the teamed ports (GB1 and GB2) can both be LAN ports or WAN ports, based on configuration.
In inline deployment mode, the LAN and WAN ports must be on different subnets.
The capitalization used when first configuring the filer host name persists for all CloudFS configuration operations. You cannot change the capitalization at a later time. However, you can change to a different host name.
If you are using SMB/CIFS, make sure your AD Server hostname is resolved by your DNS server and reachable on the LAN1 network.
Either static or DHCP address assignment is supported. However, for all filer platforms, Panzura recommends using a static address.
Setup of a physical platform filer's IP address requires either a direct Ethernet connection to the filer (to the iDRAC port or serial console), or access to the IP subnet of the WebUI IP address.
When you deploy an AMI or Azure filer, a private IP address is required to access the filer's setup wizard. This is because Secure Private Network Mode, which is enabled by default, blocks public IP access. After you disable Private Secure Network Mode from within the wizard, you can change to a public IP address.
All WAN accelerators, such as the Riverbed Steelhead and Cisco WAAS, must bypass all Panzura network traffic. This includes all of the following.
- WAN accelerators must not be in the network path between Panzura filers.
- WAN accelerators must not be in the network path between Panzura filers and the cloud.
- WAN accelerators must not be in the network path between Panzura filers and clients.
For SMB, the filer needs to join the AD domain that enforces the RBAC policies. Enabling a storage device to join the AD domain can be delegated to any user with this privilege. Panzura has found that in most cases, AD administrators tend to manage the devices that can join the AD domain. For this reason, AD administrator credentials are required during initial setup of a filer.

The Panzura Filer’s WebUI is supported only on Google Chrome version 59.03071 or above.
Depending on the filer model, the LAN1 interface may have any of the following names: LAN1, bge0, ix0. Likewise, the WAN1 interface may have any of the following names: WAN1, bge1, ix1.
If the filer includes the optional 10GB NIC, the 10BG ports are used for LAN1 and WAN1 instead of the 1GB ports.
If NIC teaming is used, the teamed ports (GB1 and GB2) can both be LAN ports or WAN ports, based on configuration.
In inline deployment mode, the LAN and WAN ports must be on different subnets.
The capitalization used when first configuring the filer host name persists for all CloudFS configuration operations. You cannot change the capitalization at a later time. However, you can change to a different host name.
If you are using SMB/CIFS, make sure your AD Server hostname is resolved by your DNS server and reachable on the LAN1 network.
Either static or DHCP address assignment is supported. However, for all filer platforms, Panzura recommends using a static address.
Setup of a physical platform filer's IP address requires either a direct Ethernet connection to the filer (to the iDRAC port or serial console), or access to the IP subnet of the WebUI IP address.
When you deploy an AMI or Azure filer, a private IP address is required to access the filer's setup wizard. This is because Secure Private Network Mode, which is enabled by default, blocks public IP access. After you disable Private Secure Network Mode from within the wizard, you can change to a public IP address.
All WAN accelerators, such as the Riverbed Steelhead and Cisco WAAS, must bypass all Panzura network traffic. This includes all of the following.
- WAN accelerators must not be in the network path between Panzura filers.
- WAN accelerators must not be in the network path between Panzura filers and the cloud.
- WAN accelerators must not be in the network path between Panzura filers and clients.
For SMB, the filer needs to join the AD domain that enforces the RBAC policies. Enabling a storage device to join the AD domain can be delegated to any user with this privilege. Panzura has found that in most cases, AD administrators tend to manage the devices that can join the AD domain. For this reason, AD administrator credentials are required during initial setup of a filer.