Panzura Quick Start Guide

 

Only pertains to those running Panzura Cloud FS Version 8. 

Web Browser Requirement: The Panzura node's WebUI and setup wizard are supported only on Google Chrome version 59.03071 or above.

Deployment Mode: One-arm or Inline

The node can be deployed in either of the following modes:

  • One-arm mode: Client and cloud traffic pass through the same interface. Connect LAN1 to clients and to your Cloud Storage Provider (CSP).
  • Inline: Client and cloud traffic use separate interfaces. Connect LAN1 to clients and WAN1 to your CSP. The LAN and WAN ports must be on different subnets.

Pre‐installation Checklist

Before you log onto the node for initial setup using the wizard, see the tables in Gather Information. Filling in a copy of the tables prior to starting the setup wizard on the node can help make the initial deployment process easier and quicker.

The following table lists the information items you will need to enter or select when using the setup wizard. To simplify deployment, you may want to fill out the table before you log onto the node for initial setup using the wizard.

Deployment Setting Enter Your Values Here 
End User License Agreement (EULA) and Admin Info

You will need to agree to the EULA, and enter the following contact information:

  • Name
  • Email
  • Title
 
Login Credentials for the node(s)

Administrator username and password for the Master node.

Default: adminadmin

Note: For AWS AMI and Microsoft Azure VM platforms, the node does not have a default password. Instead, the initial password for the admin login comes from one of the following sources:

  • AMI: The initial admin password is dynamically generated by encrypting the key file (*.pem).
  • Azure: The password is entered by the user during Azure VM deployment.

Note: After initial deployment using the setup wizard, all nodes within the CloudFS require the Master node's admin username and password for login.

 
Operational Mode

Function that the node will serve:

  • Master: The managing node for a group of distributed nodes deployed as a CloudFS. All licenses and configuration settings are added to the Master node and automatically propagate to the Subordinate nodes.
  • Subordinate: By default, all nodes are set as Subordinates, and are managed by the designated Master.
  • HA‐Local: The node will be a standby for another, active node. The HA-Local node is a dedicated backup for only one other node, and both nodes must be in the same IP subnet.
  • HA‐Global: The node will be a backup for n active nodes. The active nodes can be located remotely or in the same subnet as the HA-Global node.
 

Type of network deployment (one‐arm or inline):

  • Inline: If the cloud traffic and client traffic are on different networks, then this is the recommended deployment option. In an inline deployment, the node is connected to the network by separate LAN and WAN interfaces.
  • One‐arm: In a one‐arm deployment, the node is connected to the network through a single interface (LAN). The node is not directly in the traffic path between the internal and external networks. Use this method only if the cloud and client traffic are on the same network.
 
LAN (Client-side) Addresses

The node's IP address can be assigned by DHCP or statically.

Tip Best practice is to use static addressing. For static addressing, gather the following information:

  • node IP address and subnet mask
  • Default gateway
  • Primary DNS
  • Secondary (backup) DNS

 

 
WAN (Cloud) Addresses

For inline deployment only:

  • Host IP address and subnet mask of node
  • Default gateway
 
General node Settings
node hostname  
File system name  
node domain name  
NTP server address  

Master node information (used when setting up non-Master nodes):

  • Master node's hostname
  • Login username and password for Master node's WebUI
 
Hostname/IP address and filesystem name of the active node, if this node is an HA‐Local standby.  
Licenses

You can install Panzura licenses using a license token or individual license files.

  • License Token: A single license token contains the license to operate, along with licenses for additional storage services. During setup, the wizard communicates with the license server to validate the token. This is the simpler method and is recommended for new deployments.
  • Individual License Files: License files apply to individual features. A typical installation requires multiple license files.

To obtain a license token or individual license files for your node, please contact Panzura or your Panzura representative.

 

Cache Sizing

Cloud Storage To Allocate: Estimate how much storage will be moved to the cloud. The default is 1 TB.  
Percentage of Cache: Estimate the percentage of cloud-stored data to keep in the node's cache for local access. This depends upon the use case typically 10% is a good starting point.  
Virtual Disk Settings (VM nodes only)

For VM platforms, you will need information to assign disk capacity for metadata and cache.

  • Amazon: You will need the private key file, AWS access key and AWS secret key.
  • Azure: Make sure that you added disk capacity when setting up the VM. For information on setting up a VM in Azure, see the installation guide for your Panzura node platform.
  • VMware: You will need the ESX host IP address or hostname, username and password to access the host. The ESX host must be managed by a vCenter/vSphere. The username and password ESX credentials are required to access the vCenter/vSphere server to provide and choose a list of datastores. They are not used to access the host (through SSH).
 
Cloud Storage Provider (CSP)
Gather the information required for your cloud provider. (See the Panzura Administration Guide.) (Cloud Provider Information.)  

Site Preparation

Panzura nodes use certain protocol ports as part of its normal operation. The firewall through which traffic to or from the node will pass may need to be configured to allow this traffic. The table below lists the protocol ports that Panzura nodes use.

The table in Required Ports lists the protocol ports that Panzura nodes use.

Table Notes

For each protocol port, the table lists the node's physical port (LAN or WAN) on which the traffic is expected, and whether sessions are initiated by the node or by another device:

  • In: Session traffic is initiated by another device and received by the node on the indicated port.
  • Out: Session traffic is initiated by the node and sent out the indicated port.
  • Both: Session traffic may be initiated locally or remotely.

In One-arm mode, local traffic (LAN) and cloud traffic (WAN) uses the LAN port. For this reason, the LAN column applies to both LAN and WAN traffic.

Port Inline One-Arm Description
LAN WAN LAN
22/TCP Both   Both SSH (used for management traffic between nodes)
80/TCP
443/TCP
In   In WebUI

22/TCP
80/TCP
443/TCP

  Out Out

Support Assistance (SA)

SA access requires at least 1 of these ports.

Note: SA is optional but recommended. To use SA, the following also is required:

  • A route from the node to the Internet.
  • Access to DNS. SA is located at the following URL: saconnect.panzura.com

53/TCP
53/UDP

Out   Out DNS

80/TCP
443/TCP

  Out Out HTTP/HTTPS access to object store in cloud

88/TCP
88/UDP

Out   Out Kerberos

111/TCP
111/UDP
2049/TCP
2049/UDP
4045/TCP
4045/UDP

In   In

Network File System (NFS) protocols: RPC, NFS, and lockd

Note: Required only if NFS support will be enabled on the node(s).

123/UDP Out   Out Network Time Protocol (NTP)

137/UDP
138/UDP
139/UDP

Out   Out NetBIOS (WINS)

161/TCP
161/UDP
162/TCP
162/UDP

Both   Both

SNMP

SNMP traps

389/TCP
389/UDP

Both   Both

LDAP

Active Directory (AD)

445/TCP
445/UDP

In   In SMB file protocol

514/TCP
514/UDP

Out   Out

Syslog

Note: Optional. Needed only if the node will send its logs to a remote syslog server.

35357/TCP   Out Out

HP Cloud object store

Note: Required only if HP Cloud object store is used.

ICMP In   In Ping replies

Cloud Storage Provider Requirements

Check with your CSP or Panzura Support. Or see the Panzura Administration Guide.) Cloud Provider Information.

node IP Address

You will need to navigate to the node's IP address to start the setup wizard. The LAN1 port on physical platform nodes is configured for DHCP by default. If a DHCP server is not available, the node uses the following default addresses:

  • Management (WebUI, CLI, API): 192.168.88.88
  • iDRAC interface: 192.168.88.89

VM platform nodes receive their IP settings from the VM host.

Finding the node IP Address

On a physical node, do any of the following:

  • Connect to the iDRAC port and log in (adminadmin). Java is required.
  • Connect to the CLI console on the Serial port, log in (adminadmin), and enter the following command: show mgmt-if-addr

On a VM node, see the VM host or VM manager.

Changing the node IP Address (using the CLI)

If you plan to change the IP address when using the setup wizard, skip this section. Otherwise, to change the node IP address using the CLI:

  1. Power on the node.
  2. Attach a laptop PC to the node:
  • To use iDRAC, attach a laptop PC to the iDRAC port and open a terminal emulator. Enter console com2 followed by the commands shown in step 3.
  • To use the CLI, attach a laptop PC to the Serial port. Open a terminal emulator and enter the commands shown in step
3.Enter the following commands:

    cloudfs> enable

    Password: enable

    cloudfs# configure terminal

    cloudfs(config)# mgmt-if-mode Static

    cloudfs(config)# mgmt-if-addr <node-ip> <subnet-mask> <gateway-ip>

    cloudfs(config)# exit

    cloudfs# write memory

    cloudfs# logout

    Running the Setup Wizard

    Browser Requirement: The Panzura node’s WebUI is supported only on Google Chrome version 59.03071 or above.

    1. Power on the node (if not already on).
    2. Use a browser to navigate to the node's management address (WebUI address).
    3. Follow the instructions on the wizard screens. (Make sure to click Help to display the help text!)
    • The Panzura node’s WebUI is supported only on Google Chrome version 59.03071 or above.
    • Depending on the node model, the LAN1 interface may have any of the following names: LAN1, bge0, ix0. Likewise, the WAN1 interface may have any of the following names: WAN1, bge1, ix1.
    • If the node includes the optional 10GB NIC, the 10BG ports are used for LAN1 and WAN1 instead of the 1GB ports.
    • If NIC teaming is used, the teamed ports (GB1 and GB2) can both be LAN ports or WAN ports, based on configuration.
    • In inline deployment mode, the LAN and WAN ports must be on different subnets.
    • The capitalization used when first configuring the node host name persists for all CloudFS configuration operations. You cannot change the capitalization at a later time. However, you can change to a different host name.
    • If you are using SMB/CIFS, make sure your AD Server hostname is resolved by your DNS server and reachable on the LAN1 network.
    • Either static or DHCP address assignment is supported. However, for all node platforms, Panzura recommends using a static address.
    • Setup of a physical platform node's IP address requires either a direct Ethernet connection to the node (to the iDRAC port or serial console), or access to the IP subnet of the WebUI IP address.
    • When you deploy an AMI or Azure node, a private IP address is required to access the node's setup wizard. This is because Secure Private Network Mode, which is enabled by default, blocks public IP access. After you disable Private Secure Network Mode from within the wizard, you can change to a public IP address.
    • All WAN accelerators, such as the Riverbed Steelhead and Cisco WAAS, must bypass all Panzura network traffic. This includes all of the following.
      • WAN accelerators must not be in the network path between Panzura nodes.
      • WAN accelerators must not be in the network path between Panzura nodes and the cloud.
      • WAN accelerators must not be in the network path between Panzura nodes and clients.
    • For SMB, the node needs to join the AD domain that enforces the RBAC policies. Enabling a storage device to join the AD domain can be delegated to any user with this privilege. Panzura has found that in most cases, AD administrators tend to manage the devices that can join the AD domain. For this reason, AD administrator credentials are required during initial setup of a node.

    • The Panzura node’s WebUI is supported only on Google Chrome version 59.03071 or above.
    • Depending on the node model, the LAN1 interface may have any of the following names: LAN1, bge0, ix0. Likewise, the WAN1 interface may have any of the following names: WAN1, bge1, ix1.
    • If the node includes the optional 10GB NIC, the 10BG ports are used for LAN1 and WAN1 instead of the 1GB ports.
    • If NIC teaming is used, the teamed ports (GB1 and GB2) can both be LAN ports or WAN ports, based on configuration.
    • In inline deployment mode, the LAN and WAN ports must be on different subnets.
    • The capitalization used when first configuring the node host name persists for all CloudFS configuration operations. You cannot change the capitalization at a later time. However, you can change to a different host name.
    • If you are using SMB/CIFS, make sure your AD Server hostname is resolved by your DNS server and reachable on the LAN1 network.
    • Either static or DHCP address assignment is supported. However, for all node platforms, Panzura recommends using a static address.
    • Setup of a physical platform node's IP address requires either a direct Ethernet connection to the node (to the iDRAC port or serial console), or access to the IP subnet of the WebUI IP address.
    • When you deploy an AMI or Azure node, a private IP address is required to access the node's setup wizard. This is because Secure Private Network Mode, which is enabled by default, blocks public IP access. After you disable Private Secure Network Mode from within the wizard, you can change to a public IP address.
    • All WAN accelerators, such as the Riverbed Steelhead and Cisco WAAS, must bypass all Panzura network traffic. This includes all of the following.
      • WAN accelerators must not be in the network path between Panzura nodes.
      • WAN accelerators must not be in the network path between Panzura nodes and the cloud.
      • WAN accelerators must not be in the network path between Panzura nodes and clients.
    • For SMB, the node needs to join the AD domain that enforces the RBAC policies. Enabling a storage device to join the AD domain can be delegated to any user with this privilege. Panzura has found that in most cases, AD administrators tend to manage the devices that can join the AD domain. For this reason, AD administrator credentials are required during initial setup of a node.