Isilon Module 2
A Gen 6 node has _____ front-end ports. The external adapters are labeled ext-<#>, 10gige-<#> and can consist 1 GigE, 10 GigE, and 40 GigE ports
2
what is the max number of dns server ip addresses when configuring groupnets
3
An Isilon Gen 5 node can have up to ____ front-end or external networking adapters depending on the configuration of the node
4
what is the maximum number of groupnets
50
what is the zone limit
50
what is the max number of dns search domains when configuring groupnets
6
with onefs ____ and later releases, groupnets can contain individual dns settings, whereas prior onefs versions had a single global entry
8.0
The allocation of IPv6 addresses and their format is more complex than IPv4. In an IPv6 environment use the ______ record in DNS, and consult with the network administrator to ensure that you are representing the IPv6 addresses correctly.
AAAA
The cluster acts as a DNS client. SmartConnect serves _____ information to inbound queries and as such acts as a DNS server. DNS, is a hierarchical distributed database. The names in a DNS hierarchy form a tree, which is called the DNS namespace.
DNS
_______, or FEC, is a static aggregation method. FEC accepts all incoming traffic and balances outgoing traffic over aggregated interfaces that is based on hashed protocol header information that includes source and destination addresses.
Fast Ethernet Channel
A set of protocols specific to DNS allows for name resolution, more specifically, a _________, or FQDN, to IP Address resolution.
Fully Qualified Domain Name
____, or IANA, manages domain names. IANA manages the top of the DNS tree by administrating the data in the root name servers.
Internet Assigned Numbers Authority
what is the default aggregation mode?
LACP
_______, or LACP, is a dynamic aggregation mode that supports the IEEE 802.3ad. You can configure LACP at the switch level, which enables the node to negotiate interface aggregation with the switch. LACP balances outgoing traffic across the interfaces based on the hashed protocol header information that includes the source and destination address, and the VLAN tag, if available
Link Aggregation Control Protocol
______, or LNI, numbering corresponds to the physical positioning of the NIC ports as found on the back of the node
Logical network interface
SmartConnect advanced enables multiple network pools within each subnet, and it supports dynamic IP allocation and _______. The advanced license also enables multiple SmartConnect zones to be defined to support multiple subnets, NFS failover, and rebalancing of IP addresses across the cluster. Multiple SmartConnect zones enable the storage administrator to decide which nodes should participate in a specific connection balancing configuration strategy. In other words, any specific node can be selected to be excluded or included from any or all balancing schemes for each Isilon cluster.
NFS failover
The __________ Record, or NS Records, indicate which name servers are authoritative for the zone or domain. Companies that want to divide their domain into sub domains use NS records. Sub domains indicate a delegation of a portion of the domain name to a different group of name servers. You create NS records to point the name of this delegated sub domain to different name servers.
Name Server
the system access zone is configured by _____
OneFS
MTDNS features are available to customers in ________ and later version
OneFS 8.0
Network interfaces added to an IP address pool as an aggregated interface are included when viewing a list of network interfaces on a node. Aggregated LNIs are listed in the interface in the order in which they are created. NIC names correspond to the network interface name as shown in command-line interface, such as ifconfig and netstat. For more information about NIC and LNI mapping, see the __________ of the appropriate version of your cluster.
OneFS Administration guide
______ selects the next available node on a rotating basis. If no policy is selected, _________ is the default policy.
Round Robin
The SmartConnect _________ (SSIP or SIP) is an IP address that is pulled out of the subnet. This IP address is never put into a pool, the same way you would not put a static server IP address into a DHCP scope. The SIP is a virtual IP within the Isilon configuration, it is not bound to any of the external interfaces. It resides on the node with the lowest logical number. If that node goes down, the SIP would seamlessly move to the next lowest logical node number.
Service IP
For this approach, create the ___________ (SPN) records in Active Directory or in MIT Kerberos for the SmartConnect zone names, as a component of the cluster's machine account. To create the SPN records, use the CLI isi auth command after you add the zone alias, similar to the following: isi auth ads spn check --domain=<domain.com> --repair.
Service Principal Name
best practices for dns delegation Use one name server record for each _________ zone name or alias. Isilon recommends creating one delegation for each SmartConnect zone name or for each SmartConnect zone alias on a cluster. This method permits failover of only a portion of the workflow—one SmartConnect zone—without affecting any other zones. This method is useful for scenarios such as testing disaster recovery failover and moving workflows between data centers.
SmartConnect
by default all cluster ip addresses connect to the ____
System zone
When creating a groupnet with access zones and providers in the same zone, you need to create them in the proper order. First, create the groupnet. Then create the __________ and assign to the groupnet. Next, create the subnet and pool. Then add the authentication provider and associate them with the groupnet. Finally, associate the authentication providers with the access zone.
access zone
a good practice is to create unique base directories for each _____
access zone
separate the function of the system zone from other _______ reserve the system zone for config access, and create more zones for data access
access zones
to isolate data access for different clients or users, create _____
access zones
if connecting the cluster to multiple ____ environments (untrusted), only one of these ____ providers can exist in a zone at a one time
ad
The SmartConnect service IP on an Isilon cluster must be created in DNS as an _________, also called a host entry. An A-record maps the hostname to a specific IP address to which the user would be sent for each domain or subdomain. It is simple name-to-IP resolutiion. For example, a server that is named server7 would have an A record that mapped the hostname server7 to the IP address assigned to it: server7.support.emc.com A 192.168.15.12 Where server7 is the hostname, support.emc.com is the domain name, and server7.support.emc.com is the FQDN.
address (A) record
best practices for dns delegation Delegate to _______, not to IP addresses. The SmartConnect service IP on an Isilon cluster must be created in DNS as an address (A) record. Delegating to an A record means that if you failover the entire cluster, you can do so by changing one DNS A record. All other name server delegations can be left alone. In many enterprises, it is easier to update an A record than a name server record, because of the perceived complexity of the process.
address (A) records
only an ____ who is connected through the System access zone can configure access zones
administrator
A SmartConnect zone _______ is useful when consolidating legacy servers to the Isilon cluster when clients require the original server names. SmartConnect zone aliases enable you to view all the DNS names that a cluster answers for.
alias
A dynamic aggregation mode enables nodes with aggregated interfaces to communicate with the switch so that the switch can use an ______ mode. Static modes do not facilitate _______
analogous, communication between nodes and the switch.
as one of the best practices for link agg _____ typer per aggregation pair
as one of the best practices for link agg
ad manages trusts within the same forest, and joining them could enable unwanted _______ between zones
authentication
with access zones you are also able to authenticate through a different _____ provider in each access zone
authentication
each access zone has their own _____ configured
authentication providers
onefs creates a /ifs/data directory, but ____ as a base dirctory
avoid it
base directory paths should not overlap or be nested inside the ____ of another access zone
base directory
When discussing Domain Name System, or DNS, on an Isilon cluster, there are two facets to differentiate, DNS _______ and DNS server. DNS serves the cluster with names and numbers for various reasons, notably _______
client authentication
what are the access zone best practices
create base directories isolate data for different clients by creating zones one ad authentication provider per zone avoid overlapping uid/gid ranges for providers in same zone -potential for UID/GID conflicts
creating an access zone, automatically ________ which enables you to configure each access zone with a list of local users and groups
creates a local provider,
_____ client settings, such as name servers and a _____ search list are properties of the groupnet
dns
if the cluster communicates to another customer's authentication domain, your cluster needs to find that domain, to find another authentication domain, you need a _____ setting to route to that domain
dns
the mtdns, in part, handles resolution against ______
dns name servers
what modes of nic aggregation do onefs support
dynamic and static
because there is no ownership, other zones c an include an authentication source that may be in use by an _________
existing zone
Active/Passive ______ is a static aggregation mode that switches to the next active interface when the primary interface becomes unavailable. The primary interface handles traffic until there is an interruption in communication. At that point, one of the secondary interfaces takes over the work of the primary.
failover
OneFS 8.2 provides multiple SSIPs for each subnet. As the cluster scales, it would need multiple SSIPs to serve the requests. Multiple SSIPs are for _________ and not intended for DNS server load balancing. Each node requests all the SSIP in its subnet. A node may own more than one SSIP but should not own all the SSIPs. If a node owns many SSIPs, a integrated function called "bullying" is used to auto release the SSIPs.
failover
best practices for dns delegation Isilon does not recommend creating a single delegation for each cluster and then creating the SmartConnect zones as sub records of that delegation. Using this method would enable Isilon administrators to change, create, or modify the SmartConnect zones and zone names as needed without involving a DNS team, but causes______ to involve the entire cluster and affects the entire workflow, not just the affected SmartConnect zone.
failover operations
when joining ad domains, only join domains that are not in the same ____
forest
Each _________ on the node can answer the client-based requests or administrator function calls
front-end adapter
The port nomenclature and type depends on the node configuration and the node _____.
generation
When the cluster joins an Active Directory server, the cluster must know which network to use for external communication to the external AD domain. Because of this, if you have a groupnet, both the access zone and authentication provider must exist within same ______
groupnet
access zones, and authentication providers only exist in one _____
groupnet
every subnet is assigned to a single ______
groupnet
what is the default groupnet for each cluster
groupnet0
_____ are how the cluster communicates with the world
groupnets
_______ reside at the top tier of the networking hierarchy and are the configuration level for managing multiple tenants on your external network
groupnets
SmartConnect is available in a basic and advanced version. The SmartConnect Basic version of the application manages client connections using a simple round robin client connection balancing policy within a single management zone. Even in the basic implementation, SmartConnect removes nodes that ____________. SmartConnect basic is limited to using static IP addresses and one IP address pool for each external network subnet. The basic license limits only one zone per subnet, so only one name can be assigned. OneFS includes the basic version as a standard feature at no additional cost or licensing.
have gone offline from the request queue
why would you configure another groupnet
if different dns settings are required
when would you not want to isolate data for different clients by creating zones?
if workflow requires shared data
The names are commonly located with Internet Service Providers (ISPs), or __________ that are used to respond to a user request to resolve a domain name
institutional networks
a cluster can have more than one instance of ______, NIS, file, local
ldap
SmartConnect _______ client connections across the front-end ports based on the choice of the balancing option that is selected by the administrator for the cluster. The options are different depending on whether SmartConnect is licensed or not. If a cluster is licensed, the administrator has four options to load balance: Round-robin, Connection count, Throughput, and CPU usage. If the cluster does not have SmartConnect licensed, it uses Round-robin only.
load balances
what is another name for the multi-tenant resolver?
mtdns
though it is not best practice ______ of the same provider can occur in different access zones
multiple instances
having multiple groupnets on the cluster means that you are configuring access to separate and different ______
networks
Using the isi network interfaces list -v command, you can see both the interface name and its associated ________ name For example, ext-1 would be an interface name and em1 would be a ____ name
nic
as one of the best practices for link agg enable _____on cluster before enabling on switch as per the isilon admin guide recommendations
nic agg
as one of the best practices for link agg link agg is primarily used for _____ purposes
nic failover purposes
only configure ____ active directory provider per access zone
one
Understand that more than ______ can identify Ethernet ports.
one name
when were groupnets introduced
onefs 8.0
Round robin balances ___________ across all active ports in the aggregated link and accepts inbound traffic on any port
outbound traffic
LACP enables a network device to negotiate and identify any LACP enabled devices and create a link. LACP monitors the link status and if a link fails, fails traffic over. LACP accepts incoming traffic from any active port. Isilon is _______ in the LACP conversation and listens to the switch to dictate the conversation parameters.
passive
Link aggregation modes are ________ and apply to all aggregated network interfaces in the IP address pool.
per-pool
It is a good practice to verify the external adapter configuration by _______ from the web administrator interface, or by connecting to a share.
pinging it
what is nested within subnets
pools
_______ is a static aggregation mode that rotates connections through the nodes in a first-in , first-out sequence, handling all processes without priority
round robin
what are nested within pools
rules
as one of the best practices for link agg each nic serves _____. do not mix agg and single interface in same pool. also, you cannot agg across nodes
separate streams
overlapping of zones should only happen if
shared data is required
access zones limit data access to specific directory structures by access zone and _____ zone
smart connect
SMB shares bound to an access zone are only accessible to users connecting to the ____________ zone and ip pool that aligns to the access zone
smartconnect
enable appending node dns search lists to client dns inquiries directed at ________ service ips
smartconnect
you can configure each access zone with its own authentication providers, zone aware protocols, such as _____, ftp, and http, and associated smartconnect ip address pools
smb
with access zones you can configure authentication providers and provision protocol directories, such as ____ shares and _____ exports, on a zone-by zone basis
smb, nfs
what is the initial subnet in groupnet0, the initial ip address pool, and initial provisioning rule?
subnet0, pool0, rule0
what is nested under groupnets
subnets
the _____ automatically references groupnet0 on the cluster
system zone
NIC names are required if you want to do a _____ and it may be required for more command syntax
tcpdump
what is the default access zone within the cluster
the system access zone
The root domain, represented by a single "." dot, is the top level of the DNS architecture. Below the root domain are the ____. Top-level domains represent companies, educational facilities, nonprofits, and country codes such as *.com, *.edu, *.org, *.us, *.uk, *.ca, and so on. A name registration authority manages the top-level domains. The secondary domain represents the unique name of the company or entity, such as EMC, Isilon, Harvard, MIT. The last record in the tree is the hosts record, which indicates an individual computer or server.
top-level domains
what are access zones
virtual containers, they enable you to isolate data and control who can access data in each zone. they support configuration settings for authentication and identity management services on a cluster.
is multitenancy available due to groupnets??
yes
The SmartConnect service IP answers queries from DNS. There can be multiple SIPs per cluster and they reside on the node with the lowest array ID for their node pool. For a large cluster that contains multiple node pools with multiple subnets, the SIP for each subnet resides on the node with the lowest array ID for that subnet. If you know the IP address of the SIP and want to know only the zone name, use isi_f or_array ifconfig -a | grep <IP of SIP>. The command shows the _________ that the SIP is residing within.
zone
joined authentication sources do not belong to any _____, meaning the zone does not own the authentication source
zone
