**This is an old revision of the document!**
Warning: Undefined array key 2 in /var/www/lib/plugins/markdowku/syntax/ulists.php on line 79
Enterprise File Fabric Admin Guide
1 Software Stack
The File Fabric is built using open Internet technologies. The base operating system used s hardened Linux CentOS. HTTPD Apache Server is used for serving http requests and for temporary caching memcached is used. File Metadata is stored using a MySQL database.
The web interface is written in PHP / HTML / Ajax, and protocol adapters are written using Perl / Python.
By using standard components the File Fabric can easily be adopted and customized to a wide variety of deployments and can be scaled up as well as out.
A standard firewall friendly secure protocol, HTTPS, is used for communicating with clients.
The basic premises of the File Fabric is to unify content, whether stored on-cloud and/or on-premises, and provide a single audit, control and encryption point. All files continue to reside in the storage provider with the File Fabric only caching metadata e.g. file name, size (if available), security permissions.
The Apache server is stateless and can run on a separate host from the MySQL DB Server. This allows flexibility in deployment topologies for scalability and high availability using proven deployment configurations supported by Apache web server (e.g. multiple web servers behind a load balancer) and MySQL DB (replication, data sharding).
2 Components
The File Fabric is built as an open modular platform. All the functionality is available via the File Fabric API and major components have hook points to integrate external system .e.g authentication , a new storage provider, payment gateway etc.
Details of the File Fabric API can be found at:
https://storagemadeeasy.com/?p=apidoc
Protocol Adaptors
At the top of the File Fabric Architecture diagram are protocol adapters These allow to access data using multiple protocols and work with any configured storage provider.
Out of the box the File Fabric supports:
- REST/XML and REST/JSON: File Fasbric proprietary API. This is used by all the File Fabric tools, is fully documented and can be used to develop custom applications.
- WebDav/HTTPS: Standard WebDav is protocol especially useful for integrating into user desktops without an Appl deployment
- FTP/FTPS: Standard FTP and FTP Secure protocol
Provider Sync Engine
The provider Sync Engine s used to discover new data which has been added to the storage provider outside of the File Fabric. This can run in realtime, scheduled and manual mode.
- Real-time: new data is checked every time a storage provider is accessed by and end-user. For optimum performance only relevant subset of data is checked for new data.
- Scheduled: storage provider is accessed at a set scheduled interval.
- Manual: File Fabric Administrator initiates a sync
Multi-Site Backup and Archive Engine
Used to backup files updated through the File Fabric to another storage provider for disaster recovery, and availability in the event of lost or damaged files and/or Ransomware attacks. Recovery can easily be facilitated by the Forever File feature.
Access Control Module
The ACL module is responsible for applying permissions. Every operation is verified by the access control module to ascertain that the user has permission to perform the operation.
Audit Manager
The Audit module is used by all components to generate audit records for all file interactions. The granularity of this can be controlled at a per Organization tenant level.
Encryption Engine
The Encryption engine s used to encrypt data before sending to a remote cloud provider. It uses 256 bit encryption to encrypt data at rest. Further details on how this works and security can be referenced in the File Fabric Security white paper.
Payment Gateway
The Payment Gateway is available in the ISP edition of the product and it enables Integration with external billing system and out of the box supports PayPal.
Custom payment gateways can also be integrated.
Storage Connectors
The File Fabric supports more that 60 cloud storage providers including Amazon S3, S3 compatible storage, OpenStack, MS Azure, Google Storage, WebDav and FTP.
Additional storage providers can be easily developed using a storage providers native API
Protocol Adaptors
The protocol adaptors are the front end adaptors that are additional to the File FabricAPI. They enable access from a compatible S3 API, FTP/S, or Secure WebDav.
3 Administration
For these commands you will need to su as root
$ ssh smeconfiguser@appliance IP address # after login su as root// -bash-3.2$ su - root Password: root@appliance:~ #
Security Enhanced Linux (selinux)
selinux is enabled by default.
Check Status of selinx
sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy versions: 28
Temporarily Disable selinux
You can temporarily disable sexlinux by running the following command.
echo 0 >/selinux/enforce
Enable selinux
To enable selinux run the command
echo 1 >/selinux/enforce
Cloud FTP
CloudFTP is an FTP implementation on top of Clouds that do not natively support FTP. Once a Cloud has been added to an account, you can access it from any FTP Client.
Stopping CloudFTP
service cloudftp stop stopping cloud ftp...
Starting CloudFTP
service cloudftp start starting cloud ftp... starting cloud ftps... starting cloud sftp...
Apache HTTP Server
Start HTTP Server
service httpd start
Stop HTTP Server
service httpd stop
HTTPD Logs
Httpd server logs are located at /etc/httpd/logs
HTTPD Configuration
HTTPD server configuration files are located in the following 2 directories
/etc/httpd/conf /etc/httpd/conf.d
MySQL Database
Start MySQL
service mysqld start
Stop MySQL
service mysqld stop
MySQL Data Files
/var/lib/mysql
MySQL Configuration
/etc/my.cnf
Backup MySQL Database
You can backup the meta-data database using the following command
mysqldump -p smestorage >smestorage.sql
Memcached
Start Memcached
service memcached start
Stop Memcached
service memcached stop
Memcached Config File
/etc/sysconfig/memcached
FTP Server
Start FTP Server
service vsftpd start
Stop FTP Server
service vsftpd stop
FTP Server Configuration
/etc/vsftpd
Application Log Location
The SME appliacation logs are located at
/var/www/smestorage/sitelogs
A brief description below
* allmails.txt all sent mails to address and subject are logged here * errorlogs.txt Any application error is logged here * errorlogs_trace.txt Contains full trace of errors in errorlogs.txt * logits.txt All general application logging
4 Monitoring
You can use any tool that support monitoring CentOS 7.
We recommend monitoring the following parameters
Base OS
vmstat Procs r: The number of processes waiting for run time. b: The number of processes in uninterruptible sleep. Memory swpd: the amount of virtual memory used. free: the amount of idle memory. active: the amount of active memory. Swap si: Amount of memory swapped in from disk (/s). so: Amount of memory swapped to disk (/s). IO bi: Blocks received from a block device (blocks/s). bo: Blocks sent to a block device (blocks/s). CPU us: Time spent running non-kernel code. (user time, including nice time) sy: Time spent running kernel code. (system time) id: Time spent idle. st: Time stolen from a virtual machine.%%''
Disk Space
df -k Filesystem 1K-blocks Used Available Use% Mounted on/dev/mapper/VolGroup00-LogVol00 18187836 2903080 14345956 17% //dev/sda1 101086 20047 75820 21% /boottmpfs 512468 0 512468 0% /dev/shm%%'
MySQL
Number of connections
SHOW STATUS LIKE "Connections"
Network Usage
Monitor the network traffic using your monitoring system. Or you can get the information from
cat /proc/net/dev
Total Number of Processes
ps -e|sed 1d|wc -l
Recipes
Increasing Disk Space
To increase the disk space please follow the instructions at the following vmware kb article
Attaching a new Disk to The Appliance
To add a new disk to the appliance please follow the instructions at the following vmware kb article
Using a New Disk as Local Storage
The appliance is already configured with an FTP server listening on ip address 127.0.0.1 and port 2001.
- Add a new user with user home directory located on the newly attached disk mounted at newdisk
adduser -b /newdisk -s /sbin/nologin localstorage#change the
passwd localstorage
- Set home directory context for /newdisk/localstorage
chcon -R -t userhomedir_t /newdisk/localstorage
- Now you can add the a FTP provider to your SME account using the credentials
- account login:localstorage
- account password: the password you entered for localstorage user
- server host:ftp://127.0.0.1
- server port:2001
- server home directory:/
Production CheckList
- [ ] SSL certificate Installed
- [ ]Once you have installed SSL certificates enable https only in the configuration
- [ ] Only have inbound port 443 open. If you are using CloudFTP then also open port 21 and 990
- [ ] Permanent IP address Configured
- [ ] DNS Names Configured. Make sure webdav DNS is configured as webdav<DomaninName> e.g. if domain name is sme.yourdomain.com then webdav url should be webdavsme.yourdomain.com.
- [ ] Passwords changed for default users
- [ ] The date and time is set correctly in the appliance and not drifting.