OceanStor Dorado 6.1.x Initialization Guide

OceanStor Dorado
6.1.x
Initialization Guide
Issue 07
Date 2022-12-15
HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2022. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior
written consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and
the customer. All or part of the products, services and features described in this document may not be
within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements,
information, and recommendations in this document are provided "AS IS" without warranties, guarantees
or representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website: https://e.huawei.com
Issue 07 (2022-12-15) Copyright © Huawei Technologies Co., Ltd. i

OceanStor Dorado
Initialization Guide About This Document
About This Document
Purpose
This document describes how to initialize the storage system.
NOTE
OceanStor Dorado 2000 does not support file services, object services, RoCE networks,
HyperDetect, CloudBackup, SmartVirtualization, SmartDedupe, SmartMigration,
SmartCache, and SmartTier. For detailed product specifications, refer to Specifications
Query.
The following table lists the product models that this document is applicable to.
Product Model Product Version
OceanStor Dorado 3000 6.1.0

6.1.2
OceanStor Dorado 5000
6.1.3
NOTICE
This document is updated periodically with the software version. The operations
described in this document use the latest version as an example. Note that the
supported functions and features vary according to the software version. The
content in this document is for reference only.
Intended Audience
This document is intended for:
● Technical support engineers
Issue 07 (2022-12-15) Copyright © Huawei Technologies Co., Ltd. ii

OceanStor Dorado
● Maintenance engineers
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol Description
Indicates a hazard with a high level of risk which, if not

avoided, will result in death or serious injury.
Indicates a hazard with a medium level of risk which, if not

avoided, could result in death or serious injury.
Indicates a hazard with a low level of risk which, if not

avoided, could result in minor or moderate injury.
Indicates a potentially hazardous situation which, if not

avoided, could result in equipment damage, data loss,
performance deterioration, or unanticipated results.
NOTICE is used to address practices not related to personal
injury.
Supplements the important information in the main text.

NOTE is used to address information not related to personal
injury, equipment damage, and environment deterioration.
Change History
Changes between document issues are cumulative. The latest document issue
contains all the changes made in earlier issues.
Issue 07 (2022-12-15)
This issue is the seventh official release.
Issue 06 (2022-11-15)
This issue is the sixth official release. The updates are as follows:
Optimized descriptions about some operations.
Issue 05 (2022-10-20)
This issue is the fifth official release. The updates are as follows:
Issue 07 (2022-12-15) Copyright © Huawei Technologies Co., Ltd. iii

OceanStor Dorado
Added the product model OceanStor Dorado 2000.
Issue 04 (2022-08-25)
This issue is the fourth official release.
Issue 03 (2022-04-15)
This issue is the third official release.
Issue 02 (2022-01-25)
This is the second official release. The updates are as follows:
Optimized descriptions about some operations.
Issue 01 (2021-09-30)
This issue is the first official release.
Issue 07 (2022-12-15) Copyright © Huawei Technologies Co., Ltd. iv

OceanStor Dorado
Initialization Guide Contents
Contents
About This Document................................................................................................................ ii

1 Overview....................................................................................................................................1
2 Logging In and Starting Initialization................................................................................ 3
2.1 Changing IP Addresses of Management Network Ports........................................................................................... 3
2.1.1 Changing IP Addresses of Management Network Ports Using a Serial Port.................................................. 3
2.1.2 Changing IP Addresses of a Management Network Port Using DeviceManager......................................... 9
2.2 Applying for Licenses........................................................................................................................................................... 11
2.2.1 Preparations........................................................................................................................................................................ 11
2.2.2 Applying for a License......................................................................................................................................................14
2.2.2.1 Applying for a License in Entitlement Activation Mode................................................................................... 14
2.2.2.2 Applying for a License in Password Activation Mode........................................................................................17
2.3 Logging In to DeviceManager.......................................................................................................................................... 19
2.4 Initially Configuring a Storage Device........................................................................................................................... 23
2.4.1 Configuring Basic Information...................................................................................................................................... 23
2.4.2 Creating a Storage Pool.................................................................................................................................................. 32
2.4.2.1 Creating a Storage Pool (Applicable to 6.1.0)..................................................................................................... 32
2.4.2.2 Creating a Storage Pool (Applicable to 6.1.2 and Later)................................................................................. 39
2.4.3 Allocating Storage Resources........................................................................................................................................ 47
2.4.3.1 Configuring Storage Ports........................................................................................................................................... 47
2.4.3.2 Configuring Block Services.......................................................................................................................................... 51
2.4.3.2.1 Configuring Block Services (Applicable to 6.1.0)............................................................................................. 51
2.4.3.2.2 Configuring Block Services (Applicable to 6.1.2 and Later).........................................................................57
2.4.3.3 Configuring File Services............................................................................................................................................. 65
2.4.3.3.1 Configuring File Services (Applicable to 6.1.0)................................................................................................ 65
2.4.3.3.2 Configuring File Services (Applicable to 6.1.2)................................................................................................ 69
2.4.3.3.3 Configuring File Services (Applicable to 6.1.3 and Later)............................................................................ 79
3 Configuring Domain Authentication for a Storage System........................................ 91

3.1 Preparing Configuration Data of a Windows AD Domain..................................................................................... 91
3.2 Preparing Configuration Data of an LDAP Domain..................................................................................................92
3.3 Setting the Domain Authentication Server.................................................................................................................. 96
4 Configuring Alarm and Event Handling Policies......................................................... 100

4.1 Setting System Status Notification...............................................................................................................................100
Issue 07 (2022-12-15) Copyright © Huawei Technologies Co., Ltd. v

OceanStor Dorado
4.2 Setting Email Notification............................................................................................................................................... 101

4.2.1 Setting Email Notification (Applicable to 6.1.0 and 6.1.2)............................................................................... 101
4.2.2 Setting Email Notification (Applicable to 6.1.3 and Later).............................................................................. 105
4.3 Configuring SMS Notification........................................................................................................................................ 108
4.3.1 Setting the GSM Modem.............................................................................................................................................. 108
4.3.2 Enabling SMS Notification........................................................................................................................................... 112
4.4 Configuring the Syslog Notification............................................................................................................................. 113
4.4.1 Configuration Process.................................................................................................................................................... 113
4.4.2 Configuring the Syslog Server Certificate and CA Certificate..........................................................................114
4.4.3 Importing the CA Certificate....................................................................................................................................... 114
4.4.4 Enabling Syslog Notification....................................................................................................................................... 115
4.5 Configuring Trap Notification.........................................................................................................................................122
4.5.1 Configuration Process.................................................................................................................................................... 123
4.5.2 Configuring the SNMP Protocol................................................................................................................................. 123
4.5.3 Configuring an SNMP Security Policy...................................................................................................................... 128
4.5.4 Adding a Trap Server Address..................................................................................................................................... 130
4.6 Setting Alarm Dump......................................................................................................................................................... 134
4.7 Setting Alarm Masking..................................................................................................................................................... 138
4.8 Setting Event Notification............................................................................................................................................... 139
5 Enabling Prediction on the Trend of Effective Capacity Usage............................... 141

6 (Optional) Other Configurations.................................................................................... 142
7 Using SmartKit for Deployment Inspection..................................................................143
8 FAQs....................................................................................................................................... 147
8.1 How Can I Import the Windows AD Domain Server's CA Certificate to the Storage System?............... 147
8.2 How to Perform Remote Maintenance Using a Modem?.................................................................................... 149
8.3 How Do I Obtain and Import the Email Certificates?........................................................................................... 153
8.4 How Do I Obtain and Import the Email OTP Certificates?.................................................................................. 155
8.5 How Do I Remove the Privacy Warning Displayed When I Log In to DeviceManager?............................158
8.6 How Do I Log In to the Storage System Through Multi-Factor Authentication?........................................ 163
8.7 How Do I Initialize the Password of the Root Administrator? (Applicable to 6.1.2 and Later).............. 172
A Logging In to the CLI......................................................................................................... 175

A.1 Logging In to the CLI of the Storage System Using a Password....................................................................... 175
A.2 Logging In to the CLI of the Storage System Using a Public Key..................................................................... 183
A.2.1 Using PuTTY to Log In.................................................................................................................................................. 183
A.2.2 Using SUSE to Log In.....................................................................................................................................................190
B Configuring the NTP Service............................................................................................ 193

B.1 Configuring the NTP Service (Windows)................................................................................................................... 193
B.1.1 Configuring the NTP Service on the Server........................................................................................................... 193
B.1.2 Configuring NTP Parameters on the Storage System........................................................................................ 196
B.2 Configuring the NTP Service (Linux)........................................................................................................................... 198
Issue 07 (2022-12-15) Copyright © Huawei Technologies Co., Ltd. vi

OceanStor Dorado
B.2.1 Configuring the NTP Service on the Server........................................................................................................... 198

B.2.2 Configuring NTP Parameters on the Storage System........................................................................................ 201
C Using SmartKit to Install UltraPath............................................................................... 204

D Using SmartKit to Collect Storage and Host Compatibility Information............. 213
E LUN Scanning Methods in Different Operating Systems.......................................... 220
F How to Obtain Help........................................................................................................... 222
F.1 Preparations for Contacting Huawei............................................................................................................................ 222
F.1.1 Collecting Troubleshooting Information.................................................................................................................. 222
F.1.2 Making Debugging Preparations................................................................................................................................222
F.2 How to Use the Document.............................................................................................................................................. 223
F.3 How to Obtain Help from Website............................................................................................................................... 223
F.4 Ways to Contact Huawei.................................................................................................................................................. 223
G Glossary.................................................................................................................................224
H Acronyms and Abbreviations...........................................................................................240
Issue 07 (2022-12-15) Copyright © Huawei Technologies Co., Ltd. vii

OceanStor Dorado
Initialization Guide 1 Overview
1 Overview
This chapter provides the documents and tips that may be helpful for you when
initializing your storage system.
Related Documentation
The following documents provide you reference on certain basic configurations
and subsequent operations. Reading these documents will also help you better
understand the storage system:
● Product description
Refer to the product description specific to your storage system if you want to
understand its market positioning, basic functions, and specifications.
● Installation guide
Refer to the guide specific to your storage system when installing the system
hardware or connecting cables.
● Basic storage service configuration guide for block
Refer to the guide specific to your storage system when configuring basic
storage services such as creating storage resources and mappings.
● Basic storage service configuration guide for file
Refer to the guide specific to your storage system when configuring basic
storage services such as file system sharing.
● Administrator guide
Refer to the guide specific to your storage system when managing access
permissions.
● Command reference
Refer to the guide specific to your storage system when configuring storage
services using the command-line interface (CLI).
● Account list
Refer to the guide specific to your storage system if you want to understand
the functions, user names, and passwords of different management accounts.
Issue 07 (2022-12-15) Copyright © Huawei Technologies Co., Ltd. 1

OceanStor Dorado
Initialization Guide 1 Overview
Tips
GUIs may vary slightly according to product versions and models. The actual GUIs
prevail.

OceanStor Dorado
Initialization Guide 2 Logging In and Starting Initialization
2 Logging In and Starting Initialization
This chapter describes how to log in to and initialize the storage system after it is
powered on.
2.1 Changing IP Addresses of Management Network Ports
2.2 Applying for Licenses
2.3 Logging In to DeviceManager
2.4 Initially Configuring a Storage Device
2.1 Changing IP Addresses of Management Network

Ports
Before initialization, change the IP addresses of the management network ports
on the storage system.
2.1.1 Changing IP Addresses of Management Network Ports

Using a Serial Port
You can connect a maintenance terminal to the serial port of a storage device by
using a serial cable and then log in to the storage device over the serial port to
relocate IP addresses of its network management ports to the same network
segment as the maintenance terminal.
Prerequisites
A maintenance terminal is connected to the serial port on the storage device using
a serial cable.
Context
After connecting the storage device to the maintenance terminal by using a serial
cable, you can log in to the storage system by using remote login software, such
as PuTTY.

OceanStor Dorado
NOTE
● This section uses PuTTY as an example. You can download PuTTY from the chiark
website.
● You are advised to use the latest version of PuTTY. Otherwise, you may fail to log in to
the storage system.
Precautions
When changing the IP address of the management network port, note the
following:
● The maintenance terminal and storage device must be connected using a
serial port.
● For a 2 U controller enclosure, the default IP addresses of the management
network ports on controllers A and B are respectively 192.168.128.101 and
192.168.128.102, and the default subnet mask is 255.255.0.0.
● For a 4 U controller enclosure, the default IP address of network port 0 on
management module 0 is 192.168.128.101 and that of network port 0 on
management module 1 is 192.168.128.102. The default subnet mask is
255.255.0.0.
● The default IPv4 gateway address of the management network port is
192.168. 0.1.
● After the IP addresses of the management network ports are modified,
communication between the maintenance terminal and the storage device is
down. Therefore, you are advised to first modify the IP addresses of the
management network ports on the controllers that are not directly connected
to the maintenance terminal.
● The IP addresses of management network ports and internal heartbeat IP
addresses must be on different network segments. Otherwise, route conflicts
may occur.
For a 2 U controller enclosure, the default internal heartbeat IP addresses are
127.127.127.10 and 127.127.127.11, and the subnet mask is 255.255.255.0.
Therefore, you cannot use IP addresses that belong to the 127.127.127.XXX
network segment for the management network ports.
For a 4 U controller enclosure, The default internal heartbeat IP addresses are
127.127.127.10, 127.127.127.11, 127.127.127.12, and 127.127.127.13, and
the subnet mask is 255.255.255.0. Therefore, you cannot use IP addresses
that belong to the 127.127.127.XXX network segment for the management
network ports.
NOTE
● Heartbeats are packets transmitted between two devices for them to judge the
availability of the peer device. Heartbeats do not require acknowledgement. They are
usually used for node communication, fault diagnosis, and event triggering in an HA
system.
● Internal heartbeat links are established between controllers for these controllers to
detect each other's working status. You do not need to separately connect cables. In
addition, internal heartbeat IP addresses are configured before delivery, and cannot be
modified.
● When multiple controller enclosures are deployed, the default internal heartbeat IP
addresses of each controller enclosure are the same as those when a single controller
enclosure is deployed.

OceanStor Dorado
● The IP addresses of management network ports and those of maintenance

network ports must be on different network segments. Otherwise, route
conflicts may occur. The default IP addresses of maintenance network ports
are 172.31.128.101 and 172.31.128.102, and the subnet mask is 255.255.0.0.
Therefore, you cannot use IP addresses that belong to the 172.31.XXX.XXX
network segment. For this reason, connect only the management network
ports to the network.
● By default, IP addresses of the management network ports and those of the
service network ports are on different network segments. You are advised to
set them to different network segments.
Procedure
Step 1 Run the PuTTY software.
The PuTTY Configuration dialog box is displayed, as shown in Figure 2-1.
Figure 2-1 PuTTY Configuration dialog box
Step 2 Set Connection type to Serial. In the Serial line text box, enter the name of the
serial port that connects the maintenance terminal to the storage system, for
example, COM1. In Speed, enter 115200.
You can query the serial port that connects the maintenance terminal to the
storage system as follows (Windows 7 is used as an example):
1. Right-click the Computer icon on the desktop of the maintenance terminal

and choose Manage from the shortcut menu.

OceanStor Dorado
2. In the navigation tree of the Computer Manager dialog box, choose System
Tools > Device Manager.
3. Click Ports. The serial port that connects the maintenance terminal to the
storage system, for example, COM1, is displayed.
There may be multiple serial port names, such as COM1, COM2, and COM3,
on the maintenance terminal. Try these ports until you can successfully log in
to the storage system.
Step 3 Log in to the storage system using the serial port.
1. Click Open.
If the connectivity between the maintenance terminal and the controller is
normal, information similar to Figure 2-2 is displayed.
Figure 2-2 Successful connection between the controller and the maintenance
terminal
2. Initialize the password.

NOTE
● Log in to the storage system as the super administrator (admin by default) for the first
time. For details about user names and passwords, see the OceanStor Dorado Account
List.
● The super administrator does not have a default password for 6.1.2 and later versions.
During the first login, press Enter directly when the system prompts you to input the
password. Then follow the instructions to set a password. To avoid password leakage,
periodically change your login password. For details about how to change the password,
see the Administrator Guide.
● For security purposes, the password is not visible when it is being entered during login.
When you initialize or change the password, it will be displayed in * on the screen.
● If the storage system fails to start and attempts to enter the minisystem mode, the
system prompts you to set a password for the super administrator if it has not been set
for the storage system. If setting the password fails, the system prompts you to set the
password of the super administrator for the current controller. Read and confirm the
command output carefully and initialize the password of the current controller as
prompted. If the setting is successful, the system enters the minisystem mode. If the
setting fails, the system disconnects the session.
Authorized users only. All activities may be monitored and reported.
Storage login: admin

OceanStor Dorado
password:
WARNING: You have accessed the system.

You are required to have a personal authorisation from the system administrator before you use this
computer. Unauthorised access to or misuse of this system is prohibited.
In Passwd_init mode.
*****Please enter new password for admin:*****
*****Please re-enter new password for admin:*****
If the login is successful, the following message is displayed:

Last login: Tue Sep 10 21:40:53 XXXX from XXXXXX
System Name : XXXXXX

Health Status : Normal
Running Status : Normal
Total Capacity : 6.816TB
SN : XXXXXX
Location : XXXXXX
Product Model : XXXXXX
Product Version : XXXXXX
Time : XXXX-09-10/21:41:36 UTC+08:00
Patch Version :
NOTE
When you log in to different devices, System Name, Product Model and Product Version
display different values. Obtain the correct value based on actual conditions.
Step 4 Change the IP address of the management network port.
NOTICE
● Changing the IP address of a management network port may disconnect the

storage device from the maintenance terminal. Change the management
network port IP address only when necessary.
● Ensure that the IP addresses of the two management network ports are
changed.
Run the change system management_ip command to change the IP address of

the port, as described in Table 2-1.

OceanStor Dorado
Table 2-1 Command format and parameters

Command Format Description
change system ● eth_port_id=?: indicates the port ID. To obtain

management_ip the value, run show system management_ip.
eth_port_id=? ip_type=? The value contains 1 to 31 characters,
[ ipv4_address=? mask=? including letters, digits and periods (.). The
[ gateway_ipv4=? ] ] value cannot start with a digit or a period (.)
[ ipv6_address=? or end with a period (.).
prefix_length=? ● ip_type=?: indicates the IP address type. The
[ gateway_ipv6=? ] ] value can be ipv4_address or ipv6_address.
[ delete_gateway=? ]
● ipv4_address=?: indicates the IPv4 address. The
IPv4 address cannot start with 0 or an integer
from 224 to 255.
● mask=?: indicates the IPv4 subnet mask of the
management network port. The value must be
an IPv4 subnet mask.
● gateway_ipv4=?: indicates the IPv4 gateway.
The gateway cannot start with 0 or an integer
from 224 to 255.
● ipv6_address=?: indicates the IPv6 address of
the management network port. The value
must be an IPv6 address.
● prefix_length=?: indicates the IPv6 subnet
mask. The value must be an IPv6 subnet mask.
● gateway_ipv6=?: indicates the IPv6 gateway of
the management network port. The value
must be an IPv6 address.
● delete_gateway=?: indicates whether the
original gateway needs to be deleted when
configuring IP address for the management
network port. The value can be yes or no,
where:
– yes: The original gateway of the port will be
deleted.
– no: The original gateway of the port will not
be deleted.
NOTE
For details, see the command reference.
For example:
Set the IPv4 address of a specified management network port to 192.168.190.2,
the subnet mask to 255.255.0.0, and the gateway address to 192.168.0.1. The
command output varies depending on a specific product.
admin:/>change system management_ip eth_port_id=ENG0.MGMT0.0 ip_type=ipv4_address
ipv4_address=192.168.190.2 mask=255.255.0.0 gateway_ipv4=192.168.0.1

OceanStor Dorado
WARNING: You are about to change the IP address of management network port. If you enter an
unavailable IP address, the DeviceManager will become inaccessible.
Suggestion: Before performing this operation, ensure that the entered IP address is available .
Have you read warning message carefully?(y/n)
Are you sure you really want to perform the operation?(y/n)y
Command executed successfully.
----End
Follow-up Procedure
After changing the IP address of the management network port, you can run the
show system management_ip command to verify the IP address information.
2.1.2 Changing IP Addresses of a Management Network Port

Using DeviceManager
If the maintenance terminal has been connected to the management network
port of the storage device and the IP address of the maintenance terminal and the
default IP address of the management network port are on the same network
segment, you can log in to DeviceManager using the default IP address of the
network management port to modify its IP address. If you have changed IP
addresses of management network ports using a serial port, skip this section.
Prerequisites
The maintenance terminal has been connected to the management network port
of the storage device, and the IP address of the maintenance terminal and the
default IP address of the management network port are on the same network
segment.
Context
For a 2 U controller enclosure, the default IP addresses of the management
For a 4 U controller enclosure, the default IP address of network port 0 on
255.255.0.0.
Precautions
When changing the IP address of the management network port, note the
following:
● After the IP addresses of the management network ports are modified,
management network ports on the controllers that are not directly connected
to the maintenance terminal.
● The IP addresses of management network ports and internal heartbeat IP
addresses must be on different network segments. Otherwise, route conflicts
may occur.

OceanStor Dorado
For a 2 U controller enclosure, the default internal heartbeat IP addresses are

127.127.127.10 and 127.127.127.11, and the subnet mask is 255.255.255.0.
Therefore, you cannot use IP addresses that belong to the 127.127.127.XXX
network segment.
For a 4 U controller enclosure, The default internal heartbeat IP addresses are
127.127.127.10, 127.127.127.11, 127.127.127.12, and 127.127.127.13, and
the subnet mask is 255.255.255.0. Therefore, you cannot use IP addresses
that belong to the 127.127.127.XXX network segment.
NOTE
● Heartbeats are packets transmitted between two devices for them to judge the
availability of the peer device. Heartbeats do not require acknowledgement. They
are usually used for node communication, fault diagnosis, and event triggering in
an HA system.
● Internal heartbeat links are established between controllers for these controllers to
detect each other's working status. You do not need to separately connect cables.
In addition, internal heartbeat IP addresses are configured before delivery, and
cannot be modified.
● When multiple controller enclosures are deployed, the default internal heartbeat IP
addresses of each controller enclosure are the same as those when a single
controller enclosure is deployed.
● The default IPv4 gateway address of the management network port is
192.168. 0.1.
● The IP addresses of management network ports and those of maintenance
network ports must be on different network segments. Otherwise, route
conflicts may occur. The default IP addresses of maintenance network ports
are 172.31.128.101 and 172.31.128.102, and the subnet mask is 255.255.0.0.
Therefore, you cannot use IP addresses that belong to the 172.31.XXX.XXX
network segment. For this reason, connect only the management network
ports to the network.
● By default, IP addresses of the management network ports and those of the
service network ports are on different network segments. You are advised to
set them to different network segments.
Procedure
Step 1 Log in to DeviceManager.
NOTE
For details about how to log in to DeviceManager, see 2.3 Logging In to DeviceManager.
Step 2 Choose System > Hardware > Devices.

Step 3 Click the controller enclosure where the management network port resides.
Step 4 Click to switch to the rear view.

Step 5 Click the management network port whose information you want to view.

OceanStor Dorado
NOTICE
After the IP addresses of the management network ports are modified,

management network ports on the controllers that are not directly connected to
the maintenance terminal.
The Ethernet Port dialog box is displayed.

Step 6 Modify the IP address of the management network port.
1. Click Modify.
2. In the IPv4 Address or IPv6 Address text box, enter an IP address for the
management network port.
3. In the Subnet Mask or Prefix area, enter the subnet mask or prefix of the
4. In the IPv4 Gateway or IPv6 Gateway text box, enter a gateway of the IP
address for the management network port.
Step 7 Confirm IP address modification.
1. Click OK.
The security alert dialog box is displayed.
2. Confirm the information in the dialog box, and select I have read and
understand the consequences associated with performing this operation.
3. Click OK.
The Success dialog box is displayed, indicating that the operation succeeded.
4. Click OK.
Step 8 Perform Step 3 to Step 7 again to modify other management network port IP
addresses.
----End
2.2 Applying for Licenses

A license file is a credential that entitles you to use the basic or value-added
features. You can apply for licenses on the Electronic Software Delivery Platform
(ESDP).
2.2.1 Preparations
The following table describes the preparations for license application.

OceanStor Dorado
Table 2-2 Preparations for license application

Item Description
GTS permission for the ESDP Users who have the GTS permission can
(applicable to Huawei service apply for licenses as described in 2.2.2.1
engineers) Applying for a License in Entitlement
Activation Mode. If you do not have the
GTS permission, click Permission
Application in the left navigation tree of
the ESDP home page to apply for the
permission.
ASP or Guest permission for the Users who have the ASP or Guest
ESDP (applicable to Huawei permission can apply for licenses as
partners or customers) described in 2.2.2.2 Applying for a
License in Password Activation Mode.
Click Register Now on the ESDP home
page and fill in related registration
information. Then you are granted the ASP
or Guest permission.
Equipment serial number (ESN) An ESN is a unique character string that

identifies a device. It ensures that software
is licensed to the specified device. You can
obtain an ESN in the following ways:
● View the ESN on the information plate
on the controller enclosure.
● On the home page of DeviceManager,
view the ESN in the upper left area.
● Log in to the CLI. Then run the show
system general command and view
SN.
For details, see Querying the ESN on the
Information Plate, Querying the ESN on
DeviceManager, and Querying the ESN
on the CLI.
NOTE
For a multi-controller storage system that has
two or more controller enclosures, the ESN of
controller enclosure 0 is used as the ESN of the
storage system. The ESN of the multi-controller
storage system queried on DeviceManager or
the CLI through the management network port
of any controller enclosure is always the ESN of
controller enclosure 0. You are advised to use
DeviceManager or the CLI to query the ESN. If
you want to query the ESN on the information
plate, obtain the position of controller enclosure
0 on the system networking diagram used for
controller expansion and then check the ESN on
the information plate of controller enclosure 0.

OceanStor Dorado
NOTE
The license file covers all features purchased by the customer.
Querying the ESN on the Information Plate

The information plate is located on the right side of the front panel of a controller
enclosure. Pull out the information plate from the controller enclosure to query
the device information. The following figure is an example of the information
plate on OceanStor Dorado 5000 (SAS).
Figure 2-3 Information plate position of a 2 U controller enclosure (25 disk slots)
Querying the ESN on DeviceManager

NOTE
For details about how to log in to DeviceManager, see 2.3 Logging In to DeviceManager.
Step 2 On the navigation bar of DeviceManager, click Home.

Step 3 View the ESN in the left area.

OceanStor Dorado
NOTE
The GUI may vary with the product version.
----End
Querying the ESN on the CLI

Step 1 Log in to the CLI.
NOTE
For details about how to log in to the CLI, see A Logging In to the CLI.
Step 2 Run the show system general command to view the ESN, that is, the SN field in
the command output.
admin:/>show system general
System Name : Huawei.Storage

SN : XXXXXXXXXXXXXXXXXXXX
Location : Lab
Product Model : OceanStor XXXXXXXX
Product Version : XXXX
High Water Level(%) : 80
Low Water Level(%) : 20
WWN : XXXXXXXXXXXXXXXX
Time : XXXX-XX-XXXX/15:35:56 UTC+08:00
Patch Version :
Description :
OceanStor OS Kernel Version : X.X.X.X
admin:/>
----End
2.2.2 Applying for a License

There are two ways to apply for a license file: entitlement activation and password
activation. Choose a method based on your permission on the ESDP.
2.2.2.1 Applying for a License in Entitlement Activation Mode

This section describes how to apply for a license in entitlement activation mode.
The application method is suitable for users who have GTS permission.
Prerequisites
An applicant can log in to the ESDP (website: http://app.huawei.com/isdp) and
has the GTS permission.
If the applicant has ASP or Guest permission only, apply for a license in password
activation mode. For details, see 2.2.2.2 Applying for a License in Password
Activation Mode.
Context
1. Concepts related to license application on the ESDP include the following:

OceanStor Dorado
– Entitlement
Entitlement is a form of agreement between a software provider and a
customer, which entitles the customer to the scope, functions, and
validity period of the product purchased or sold.
– Entitlement ID
An entitlement ID is a unique ID that identifies entitlement.
– Entitlement Line
An entitlement line is a unit of entitlement that can be activated. An
entitlement contains one or multiple entitlement lines.
– Activation ID
An activation ID is a unique ID that identifies an entitlement line.
– Equipment (Node)
A piece of equipment or a node is a system device, entity, or node.
2. On the ESDP, entitlement is managed by equipment (node). License
application is also based on equipment (node).
Procedure
Step 1 Select entitlement.
1. On the home page of the ESDP, choose License Activation > Entitlement
Activation. The Step 1: Select Entitlement page is displayed.
2. In the Delivery Status field, select Ready and click Search & Refresh.
The results are listed, as shown in Figure 2-4.
Figure 2-4 Searching entitlement information
NOTE
To improve the accuracy of searching, you can input customer PO, product name,
version, and contract No. The ESDP supports fuzzy match.
3. Select one or more entitlement lines from the list (the Entitlement Status
must be Available). Click Next. The Step 2: Bind ESN page is displayed.

OceanStor Dorado
Step 2 Bind the ESN.

1. Set ESN and Equipment (Node) Name, as shown in Figure 2-5.
NOTICE
Ensure that you have input the correct ESN. An incorrect ESN will cause the
license to be unavailable.
Figure 2-5 Inputting equipment (node) information
2. Select the activation information you want to operate, and click Next.
If the entitlement information differs from the equipment (node) information,
the system displays an error and asks you to reset the information. If the
entitlement information is correct, the Step 3: Confirm Activation page is
displayed.
Step 3 Confirm all the information you have set.
If you find any information incorrect, click Back and rectify the information. If all
information is correct, click Activate License. The Step 4: Download License page
is displayed.
Step 4 Download the license.
The information displayed depends on the number of the entitlement lines.
● If only one entitlement line is activated, the system displays Activate

successfully. You can click Download to download the license.
● If multiple entitlement lines are activated, the system generates an activation
task and displays Volume activation process. You can click To view tasks to
check the status of the task. When the task status is Success, you can
download the license.
----End

OceanStor Dorado
Follow-up Procedure
After applying for a license, keep it properly for later use. For details, see 2.4.1
Configuring Basic Information.
2.2.2.2 Applying for a License in Password Activation Mode

This section describes how to apply for a license in password activation mode. The
application method is suitable for users who have ASP or Guest permission.
Prerequisites
An applicant can log in to the ESDP (website: http://app.huawei.com/isdp) and
has the ASP or Guest permission.
The applicant has a valid license certificate that contains the activation password.
NOTE
If the applicant does not have a valid license certificate, the applicant can send the contract
No. to the agent to obtain the license certificate.
Context
1. Concepts related to license application on the ESDP include the following:
– Entitlement
Entitlement is a form of agreement between a software provider and a
customer, which entitles the customer to the scope, functions, and
validity period of the product purchased or sold.
– Entitlement ID
An entitlement ID is a unique ID that identifies entitlement.
– Entitlement Line
An entitlement line is a unit of entitlement that can be activated. An
entitlement contains one or multiple entitlement lines.
– Activation ID
An activation ID is a unique ID that identifies an entitlement line.
– Equipment (Node)
A piece of equipment or a node is a system device, entity, or node.
2. On the ESDP, entitlement is managed by equipment (node). License
application is also based on equipment (node).
Procedure
Step 1 Enter your password for activation.
1. On the home page of the ESDP, choose License Activation > Password
Activation. The Step 1: Enter Password page is displayed, as shown in
Figure 2-6.

OceanStor Dorado
Figure 2-6 Entering the password
2. Confirm the information and select I have read the above carefully.
3. In the Password field, enter the password for activation.
NOTE
– Each activation password can be bound with the ESN only once. Therefore, ensure
that all information is correct to avoid unavailable licenses.
– To enter more activation passwords, click Add.
4. Select the activation password you want to bind, and click Next. The Step 2:
Enter ESN page is displayed.
Step 2 Bind the ESN.

1. In the ESN field, enter the ESN.
NOTICE
Ensure that you have input the correct ESN. An incorrect ESN will cause the
license to be unavailable.
2. Click Next. The Step 3: Confirm Activation page is displayed.
Step 3 Confirm all the information you have set.

1. If you find any information incorrect, click Back and rectify the information. If
all information is correct, enter a company name in the Company Name field
for the system to record and identify user information.
2. Click Activate to submit the activation task. The system displays the
Operation Record page.

OceanStor Dorado
For a password activation task, the name of the task generated by the system
is Activate License By Password.
Step 4 Download the license.
● Method 1: Check the task status in the task list of Operation Record. When
the status becomes Success, click Download to download the license.
● Method 2: After the task is successfully completed, the system automatically
sends an email to your registered email account. You can obtain the license
from the email.
----End
Follow-up Procedure
After applying for a license, keep it properly for later use. For details, see 2.4.1
2.3 Logging In to DeviceManager

DeviceManager is a device management program developed by Huawei.
DeviceManager has been loaded to storage systems before factory delivery. You
can log in to DeviceManager on a web browser on any maintenance terminal
connected to the storage system by using the management network port IP
address and the local or domain user name.
Prerequisites
Verify that the maintenance terminal meets the following requirements before you
use DeviceManager:
● The operating system and browser are compatible with DeviceManager.
DeviceManager supports multiple operating systems and browsers. You can
query the compatibility using Huawei Storage Interoperability Navigator.
● The maintenance terminal communicates with the storage system properly.
● The super administrator can log in to the storage system only as a local user.
● To use a lightweight directory access protocol (LDAP) domain user account to
log in to DeviceManager, you must first configure the LDAP domain server,
and then set the LDAP server parameters and create an LDAP domain user
account on the storage system.
Context
● The storage system supports the GUI and CLI for configuring storage services.
– GUI
Log in to DeviceManager and configure and manage basic storage
services on the GUI. The operation procedure described in this document
is based on the GUI.
– CLI
Use a terminal program, for example, PuTTY, to log in to the CLI of the
storage system and configure storage services using commands. For
details, see A Logging In to the CLI.

OceanStor Dorado
● DeviceManager supports only the TLS 1.2 and TLS 1.3 protocols.
● For a 2 U controller enclosure, the default IP addresses of the management
● For a 4 U controller enclosure, the default IP address of network port 0 on
255.255.0.0.
● This document uses Windows as an example to explain how to log in to
DeviceManager. The login operations on other operating systems need to be
adjusted accordingly.
● By default, DeviceManager allows 32 users to log in concurrently.
● If no operation is performed on DeviceManager for a period longer than the
timeout limit (the limit is 30 minutes by default and modifiable), the system
logs out automatically.
● If an account is not used to log in to the system for a certain period of time
(the period is 60 days by default and modifiable), it will be locked and can be
unlocked only by the super administrator.
● The storage system only supports secure OpenSSL cipher suites by default.
NOTE
If the client used by the user to access DeviceManager only supports insecure OpenSSL
cipher suites, the user may fail to log in to DeviceManager. To solve the problem, the
super administrator can run change devicemanager ciphersuite suite=compatible
(compatible is variable and can be changed to safe as required) to change the suite to
compatible mode and then run reboot storage service
service_name=DeviceManager to restart DeviceManager for the change to take
effect.
Procedure
Step 1 Open the browser on the maintenance terminal.
Step 2 Enter the IP address (https://XXX.XXX.XXX.XXX:8088) of the management network

port on the controller enclosure in the address box and press Enter.
The DeviceManager login page is displayed.

OceanStor Dorado
NOTE
● If a firewall is configured, you must enable port 8088 for the system to provide web
services.
● The web browser may prompt that the website has a security certificate issue. If the IP
address is correct, you can neglect the prompt and continue accessing the storage
system.
● If you have an available security certificate, run the import certificate ip=? user=?
password=? type=? command to import the security certificate to improve system
security. For details about this command, see the Command Reference.
● The GUI may vary slightly depending on the product version and model.
Step 3 Set the login mode, language, and background animation.

1. Select a login mode in the Authentication Mode list.
– Local user: You will log in to the storage system in local authentication
mode. The super administrator can log in to the storage system only as a
local user.
– LDAP user: You will log in to the storage system in LDAP domain
authentication mode.
You can log in to the storage system in LDAP domain authentication
mode only after an LDAP server is properly configured.
2. You can switch the language in the upper right corner. DeviceManager
supports simplified Chinese and English.
3. You can enable or disable the background animation of the login page using
the Background Animation switch in the upper right corner.
NOTE
– Background animation is disabled by default.

– Background animation can be set only in 6.1.3 and later versions.
Step 4 Type your username and password.

NOTE
● If Verification Code is displayed, enter the correct verification code.

● If LDAP user is selected, type a domain user name and password.
● You must set an initial password for the super administrator during the first login. To
avoid password leakage, periodically change your login password. For details about how
to change the password, see the Administrator Guide.
● If you forget the password of an administrator account, the super administrator can run
change user to reset the password. If you forget the password of a super administrator
account, use the root administrator account to log in to the CLI through a serial port
and run initpasswd to reset the password. For details, see "Managing Users" in the
Administrator Guide.
● If login authentication is Login password + email one-time password, email
authentication is required. For details, see 8.6 How Do I Log In to the Storage System
Through Multi-Factor Authentication?. If you fail to receive the email due to a mail
server fault, contact the super administrator to change the login authentication method
to Login password by following instructions in "Modifying the Login Authentication
Method" in the Administrator Guide. If the super administrator fails to receive the email,
initialize the login authentication method by following instructions in "Initializing the
Login Authentication Method" in the Administrator Guide.
Step 5 Click Log In.

OceanStor Dorado
The DeviceManager home page is displayed.
Figure 2-7 DeviceManager home page (for a 2 U device)
2 4 5 6 7 8
Figure 2-8 DeviceManager home page (for a 4 U device)
2 3 4 5 6 10 7 8
NOTE
● The GUI may vary slightly depending on the product version and model.
● To learn details about each step and operation, click to view online help.
● To log out of DeviceManager, click in the upper right corner and choose Log Out.
Table 2-3 describes the elements on DeviceManager.
Table 2-3 DeviceManager elements

No. Name Description
1 Function pane Displays the operations you can

perform.
2 Navigation bar Lists the logical functional modules of

the storage system.

OceanStor Dorado
No. Name Description
3 SmartGUI Mines users' historical operation data

and builds a configuration parameter
recommendation model to recommend
configuration parameters for the block
and file services.
4 Global search (applicable Allows you to search for object pages

to 6.1.2 and later and operation entries.
versions)
5 Alarm and task statistics The alarm statistics area displays the
area number of alarms by severity and helps
you learn about the running status of
the system.
The task statistics area displays all
executed tasks and helps you learn
whether the tasks are executed
successfully.
6 Device management Allows you to view and modify device

area information, and power off or restart
devices.
7 Logout and language Provides buttons of logout and

area language. DeviceManager supports
simplified Chinese and English.
8 Help and technical Provides links to the online help and

support technical support websites.
9 eService Provides the QR code for querying

device information and eService
settings.
----End
2.4 Initially Configuring a Storage Device

You can initialize a storage device using the initial configuration wizard.
2.4.1 Configuring Basic Information

This section describes how to configure the device information, time, license, and
alarm notification for the storage system.
Context
GUIs may vary slightly according to product versions and models. The actual GUIs
prevail.

OceanStor Dorado
Procedure
Step 1 Log in to DeviceManager. The Configure Basic Information page is displayed.
To access the initial configuration wizard, enter https://XXX.XXX.XXX.XXX:8088/
initialize in the web browser on your maintenance terminal. In this address,
XXX.XXX.XXX.XXX indicates the IP address of the management network port.
NOTE
The screenshot is for reference only and the actual GUI may vary.
Step 2 In the Device Information area, view and configure the basic information of the
storage device.
1. For 6.1.3 and later versions, click Query Recommended Version at the
Version field, and scan the QR code that is displayed using a mobile device to
view the recommended version and maintenance information of the device.
You can also download the eService app as prompted and complete the
device information to obtain more services.
2. In Name, enter a name for the storage device.
– The name must contain 1 to 127 characters.
– The name can contain only letters, digits, underscores (_), periods (.), and
hyphens (-).
3. In Location, enter the geographical location of the storage device.
The location must contain 1 to 511 characters.
Step 3 In the Device Time area, set the device time.
NOTICE
Changing the device time may have the following impacts on the system:
● If the changed device time exceeds the license validity period, the license may
be invalid.
● If the changed device time exceeds the certificate validity period, the certificate
may expire.
● If the changed device time exceeds the password validity period set by a user,
the system may force the user to change the login password.

OceanStor Dorado
Set the correct time zone and time. Otherwise, the time recorded in alarms or logs
may be different from the actual time, which affects fault locating.
You can set the device time using any of the following methods:
● Synchronize with the client time.
a. Select Synchronize with client time.
b. Specify Client Time Zone, which is the time zone where the client
resides.
● Change the time manually.
a. Select Change manually.
b. In Time After Change, set the device time and time zone.
● Set automatic NTP synchronization.
a. Select Synchronize with NTP server time.
b. Click Configure.
The Configure Auto NTP Sync page is displayed on the right.
c. In NTP Server Address, enter the IPv4 address, IPv6 address, or domain
name of the NTP server.
NOTE
▪ A maximum of two NTP servers can be added. If the system cannot

synchronize the time from one NTP server, it synchronizes the time from the
other one.
▪ Ensure that the time of the two NTP servers is consistent.

d. (Optional) Click Test to query the status of the NTP server.
e. (Optional) Select Enable next to NTP Authentication. Import the NTP
CA certificate to CA Certificate.
NOTE
NTP authentication can be enabled only when NTPv4 or later is used. After
authentication, the NTP server automatically synchronizes the time to the
storage device.
f. Select the time zone where the device is located from the Client Time
Zone drop-down list box.
g. Click OK.
Step 4 In the License Management area, import, activate, or update the license.
NOTE
● Depending on whether a license has been imported or activated, the license operation
displayed in the License Management area can be Import License, Activate License,
or Update License.
● You can also choose Settings > License Management on DeviceManager to access the
License Management page to import, activate, or update the license.
● For OceanStor Dorado 3000 of 6.1.2 and later, you must activate the file service to use it
after importing the NAS Foundation license. Activating the file service will cause all
controllers to restart. Ensure that you accept the impact. Choose Settings > File Service
> Activate Now, read the dialog box that is displayed, enter the password of the current
login user, and activate the file service as prompted.

OceanStor Dorado
1. Import the license.

If a license file has not been imported, Import License is displayed in the
License Management area.
a. Click Import License.
The Import License page is displayed.
b. Import the license file.
i. Click .
ii. Select the license file, and click Open.
The button for file upload varies depending on browsers.
iii. Click Upload.
c. View Feature, Total Capacity, and Invalid Date of the imported license
in the information display area.
d. Click Activate.
Follow the prompts that appear to activate the license.
2. Activate the license.
If a license file has been imported but not activated, Activate License is
displayed in the License Management area.
Click Activate License, and follow the prompts that appear to activate the
license.
3. Update the license.
If a license file has been imported and activated, Update License is displayed
in the License Management area. Update the license as needed.
a. Click Update License.
The Update License page is displayed.
b. Import the license file.
i. Click .
ii. Select the license file, and click Open.
The button for file upload varies depending on browsers.
iii. Click Upload.
c. In the information displayed area, check the differences between active
and inactive license files.
Table 2-4 Differences between license files
Parameter Description
Feature Value-added feature supported by the license file.
Invalid Date of Expiration date of the active license file.

Active License

OceanStor Dorado
Invalid Date of Expiration date of the inactive license file.

Inactive If the expiration date of the inactive license is later
License than that of the active license, the inactive license can
be used.
Capacity of Total capacity of the active license file.

Active License
Capacity of Total capacity of the inactive license file.

Inactive If the capacity of the inactive license is greater than
License that of the active license, the inactive license can be
used.
d. Export the license differences as needed.

i. Click Save Differences.
A file download dialog box is displayed. This example is based on
Internet Explorer 11.
ii. Click Save As.
The Save As dialog box is displayed.
iii. Set the save path and file name.
iv. Click Save.
e. Click Activate.
Follow the prompts that appear to activate the license.
Step 5 Configures the domain name system (DNS) service.
Configure an IP address for the active or standby DNS service for system
management.
NOTE
On the Initialize Configuration page, this parameter is available only in 6.1.2 and later
versions. You can also choose Settings > Basic Information > DNS Service to configure the
DNS service. For details, see "Connecting a Storage System to the DNS Server" in
1. Click Configure.
The Configure DNS Service page is displayed on the right.
2. Set Active DNS IP Address.
3. (Optional) Set Standby DNS IP Address 1.
4. (Optional) Set Standby DNS IP Address 2.
NOTE
Set Standby DNS IP Address 1 first and then Standby DNS IP Address 2.
5. (Optional) Test the connection between the DNS server and the storage
system.
– You can click Test next to a DNS IP address to test its availability.

OceanStor Dorado
– You can click Test All to test the connection between the DNS server and
the storage system.
6. Click OK.
Step 6 In the Alarm Settings area, configure email notification and SMS notification.
● Configure email notification.
For the prerequisites and precautions for configuring email notification, see
4.2.2 Setting Email Notification (Applicable to 6.1.3 and Later).
a. Click next to Email Notification.

The Email Notification page is displayed on the right.
b. Set email notification parameters of the sender in the Sender Settings
area. Table 2-5 describes the parameters.
Table 2-5 Email notification parameters of the sender

SMTP Server IP address or domain name of the SMTP server.

This is an SMTP-compliant email-sending server. By
using the SMTP server, you can send emails
containing alarm and event messages to specific
email addresses.
NOTE
▪ A maximum of two SMTP servers can be added. If

one of them cannot send email notifications, the
system uses the other.
▪ Configure the SMTP server in standard mode.

[Example]
192.168.1.100
SMTP Port Port number of SMTP. The default value is 25, and
the value of this parameter ranges from 1 to
65535.
The SMTP port number configured on a storage
system must be consistent with that configured on
the SMTP server.
[Example]
3

OceanStor Dorado
Encryption Mode Indicates whether to encrypt the communication

between the storage system and the email server.
▪ Not encrypted: Data is not encrypted during

transmission. For security purposes, you are
advised to select an encryption mode.
▪ SSL/TLS: SSL and TLS are two different security

protocols used to ensure the security and data
integrity during network communication. If you
select SSL/TLS, the system automatically selects
one of them for encryption according to the
email server type.
▪ STARTTLS: After the STARTTLS command is

executed, TLS is encrypted. Communication
data is not encrypted before the STARTTLS
command is executed.
NOTE
▪ If you select SSL/TLS or STARTTLS, you can

determine whether to enable the email CA certificate.
▪ The encryption mode configured on the storage

system must be consistent with that configured on
the SMTP server.
[Example]
STARTTLS
Authenticate Indicates whether the SMTP server authenticates a

SMTP Server sender's identity. If this option is not selected,
Username and Password are unavailable.
Select this option if the SMTP server requires
authentication. Otherwise, leave it unselected.
Username SMTP account name of the sender. When sending

emails through the SMTP server, the sender must
type the SMTP account name and password for
authentication.
NOTE
The value contains 1 to 63 characters.
[Example]
testuser

OceanStor Dorado
Password Password of the SMTP account. When sending

emails through the SMTP server, the sender must
type the SMTP account name and password for
authentication.
NOTE
▪ The value contains 1 to 63 characters.
▪ The password cannot contain extended ASCII

characters or Unicode characters. Otherwise, the
password is invalid. It is recommended that the
password contain characters from the following
categories:
○ Base 10 digits (0-9)
○ English uppercase characters (A-Z)
○ English lowercase characters (a-z)
○ Space
○ Special characters such as [\]^_{|}~`@!"#$%&'()*
+-./:;<=>?
[Example]
aJ1p23dySQ
Email Title Prefix Sender-defined email title field. If there are too
many emails, users can search for desired emails
using this field.
NOTE
▪ The value contains 0 to 511 characters and cannot

contain single quotation marks (').
▪ In addition to sender-defined fields, you can select

Device name, Alarm ID, Alarm severity, or Alarm
description. After you select this option, the selected
information is displayed in the title of the alarm
email notification.
Sender Email Email address of the sender.

Address To ensure that email notifications can be sent
properly, the sender email address must match the
SMTP server address and can send emails to the
recipient email address. For example, if a Gmail
SMTP server is used, the sender email address
must be a Gmail address.
[Example]
zhangsan@163.com
c. Set email notification parameters of the recipient in the Recipient

Settings area.
i. Click Add.

OceanStor Dorado
ii. Set Recipient Email Address, Alarm Severity, and Event

Notification.
NOTE
○ The recipient email address contains 1 to 255 characters.

○ The value of Alarm Severity can be Critical, Major, or Warning.
○ You can modify the notification of specific events. For details, see
"Managing Alarms and Events" in the Administrator Guide.
iii. Click .
d. (Optional) Click Test to verify the connectivity between the storage
system and the SMTP server.
e. Click OK.
● Configure SMS notification.
For the prerequisites for configuring SMS notification, see 4.3 Configuring
SMS Notification.
a. Enable SMS Notification .
The Configure SMS Notification page is displayed on the right.
b. Set SMS Center Phone Number.
The value starts with a country code followed by digits.
c. Set a recipient phone number.
▪ Add a recipient phone number.

1) Click Add.
2) Enter the desired recipient phone number in the text box of
Recipient Phone Number.
This value can contain only 3 to 31 digits. For an international
number, the value must start with a country code followed by
digits.
3) In Alarm Severity, select the desired alarm severity.
4) Select whether to enable Event Notification.
5) Click .
▪ Modify a recipient phone number.
1) Click on the right of the desired recipient.

2) Enter the desired recipient phone number in the text box of
Recipient Phone Number.
This value can contain only 3 to 31 digits. For an international
number, the value must start with a country code followed by
digits.
3) In Alarm Severity, select the desired alarm severity.
4) Select whether to enable Event Notification.
5) Click .
▪ Delete a recipient phone number.

OceanStor Dorado
Click on the right of the desired recipient number.

d. (Optional) Click Test.
e. Click OK.
Step 7 Click Next. The system saves the configuration and continues with storage pool
creation. For details, see 2.4.2.2 Creating a Storage Pool (Applicable to 6.1.2
and Later).
----End
2.4.2 Creating a Storage Pool
2.4.2.1 Creating a Storage Pool (Applicable to 6.1.0)

Create a storage pool in recommended or custom mode.
Context
● When you create a storage pool, the default and recommended hot spare
policy is Low (1 disk). Possible options are None, Low (1 disk), High (2
disks), Custom (3 disks), Custom (4 disks), Custom (5 disks), Custom (6
disks), Custom (7 disks), and Custom (8 disks).
NOTE
● The storage system uses RAID 2.0+ virtualization technology, so hot spare capacity
is provided by all member disks in each storage pool. For ease of understanding,
the hot spare capacity is expressed in the number of hot spare disks on
DeviceManager.
● Even if the hot spare space is used up, the system can use the free space of the
storage pool to reconstruct data, ensuring storage system reliability.
● For details about storage resource planning, see "Planning Storage Resources"
in the Basic Storage Service Configuration Guide for Block.
You can log in to Huawei's technical support website (https://
support.huawei.com/enterprise/) and enter the product model + document
name in the search box to search for, browse, and download documents. You
can use the same method to search for and download other Huawei
documents referenced in this document.

OceanStor Dorado
Creating a Storage Pool in Recommended Mode
NOTE
The information displayed on the interface is only for reference and is subject to the actual
situation.
Step 1 Select Recommended to create a storage pool with default settings.

NOTE
To modify parameter settings, click . In the displayed Modify Storage Pool dialog box,
set the storage pool parameters.
Step 2 Determine whether to select Retain historical monitoring data. If you select this
option, historical monitoring data will be saved to the created storage pool.
Step 3 Click Next. The system creates the storage pool.
----End
NOTE
● The Provision page is displayed and the result of creating the storage pool is displayed.
● If you want to modify the properties of the created storage pool, click Previous to
return to the Create Storage Pool page and click .
● For details, see "Modifying the Properties of a Storage Pool" in the Basic Storage Service
Configuration Guide for Block.

OceanStor Dorado
Creating a Storage Pool in Custom Mode
NOTE
situation.
Step 1 Select Custom and click .

The Create Storage Pool page is displayed.
Step 2 Set the storage pool parameters.
Table 2-6 describes the parameters.
Table 2-6 Storage pool parameters

Name Name of the storage pool.

[Value range]
● The name must be unique.
● The name contains only letters, digits, periods (.),
underscores (_), and hyphens (-).
● The name contains 1 to 255 characters.
Description Description of the storage pool.

OceanStor Dorado
Data Encryption Indicates whether to enable data encryption for all self-
encrypting disks (SEDs) in the storage pool.
● If this function is disabled, the storage pool is not
encrypted.
● If this function is enabled, the storage pool is encrypted.
Ensure that you select only SEDs.
NOTE
If this function is enabled, the system automatically checks whether
the key service has been configured. If the key service has not been
configured, the system will prompt you to configure the key service.
For details, see the Disk Encryption User Guide specific to your
product model and version.
Redundancy Redundancy policy of the storage pool. Possible options are

Policy Disk redundancy and Enclosure redundancy.
● Disk redundancy: Chunks in a chunk group come from
different SSDs. With this redundancy policy used, the
system can tolerate disk failures within the RAID
redundancy.
● Enclosure redundancy: Chunks in a chunk group come
from different SSDs and are distributed in different
enclosures. In addition, the number of chunk columns in
each enclosure does not exceed the RAID redundancy.
With this redundancy policy used, the system can tolerate
a single disk enclosure failure without service
interruption and data loss.
NOTE
● The redundancy policy of a storage pool cannot be changed
once being specified during storage pool creation.
● If Enclosure redundancy is selected, select the controller
enclosures and disk enclosures to which the storage pool
belongs.
[Default value]
Disk redundancy

OceanStor Dorado
RAID Policy RAID policy of the storage pool. Dynamic RAID is used.
Dynamic RAID reconstruction uses the erasure coding (EC)
algorithm, which dynamically adjusts the number of chunks
in a chunk group under all-SSD configurations to ensure
system reliability and capacity. If a chunk is faulty and no
chunk is available from disks outside the storage pool, the
system dynamically reconstructs the original N+M chunks to
(N-1)+M chunks. When a new SSD is inserted, the system
migrates data from the (N-1)+M chunks to the newly
constructed N+M chunks for efficient disk usage.
The RAID levels are defined as follows:
● RAID 5: Parity data is distributed on different chunks. In
each chunk group, the parity data occupies the space of
one chunk. RAID 5 is able to tolerate the failure on only
one chunk. If two or more chunks fail, data in the chunk
group cannot be recovered.
● RAID 6: Parity data is distributed on different chunks. In
two chunks. RAID 6 is able to tolerate simultaneous
failures on two chunks. If three or more chunks fail, data
in the chunk group cannot be recovered.
● RAID-TP: Parity data is distributed on different chunks. In
three chunks. RAID-TP is able to tolerate simultaneous
failures on three chunks. If four or more chunks fail, data
in the chunk group cannot be recovered.
NOTE
● When Redundancy Policy is set to Disk redundancy, possible
options for this parameter are RAID 5, RAID 6, and RAID-TP.
● When Redundancy Policy is set to Enclosure redundancy,
possible options for this parameter are RAID 6 and RAID-TP.
[Default value]
RAID 6 for disk redundancy and RAID-TP for enclosure
redundancy
Controller Select the controller enclosures to which the storage pool

Enclosure belongs.
NOTE
This parameter is available only when Redundancy Policy is set to
Disk redundancy.

OceanStor Dorado
Controller Click Select. On the Select Controller Enclosure and Disk

Enclosure and Enclosure page that is displayed, select the controller
Disk Enclosure enclosures and disk enclosures to which the storage pool
belongs and click OK.
When Redundancy Policy is set to Enclosure redundancy,
disks in the storage pool must come from at least four
enclosures (including controller enclosures and disk
enclosures). That is:
● For a 2 U device, disks in the storage pool must come
from at least one controller enclosure and three disk
enclosures or at least four disk enclosures.
from at least four disk enclosures.
NOTE
Enclosure redundancy.
SmartTier Manually select drives of the SCM and SSD types to activate
SmartTier.
SCM drive types include SCM drives.
SSD drive types include SSDs and NVMe SSDs.
NOTE
Disk redundancy and the selected controller enclosure contains
SCM drives.
Storage Pool Set the capacity of the storage pool.

Capacity When Redundancy Policy is set to Disk redundancy,
parameters, including Capacity per Disk, Type, Available
Disks, and Selectable Disks per Controller Enclosure, are
displayed in the function pane of Storage Pool Capacity. In
the text box of Required Disks, enter the number of disks in
each controller enclosure used to create the storage pool.
Disks, and Selectable Disks per Disk Enclosure, are
each disk enclosure used to create the storage pool. Select
at least three disks from each disk enclosure.
NOTE
You can click Select to manually select disks.

OceanStor Dorado
Hot Spare Policy Hot spare policy of the storage pool. Hot spare space stores
data from the failed member disks to ensure system
continuity and reliability.
[Value range]
None, Low (1 disk), High (2 disks), Custom (3 disks),
Custom (4 disks), Custom (5 disks), Custom (6 disks),
Custom (7 disks), and Custom (8 disks)
[Default value]
Low (1 disk)
NOTE
● Hot spare capacity is provided by all member disks in each
storage pool because the storage system uses RAID 2.0+
virtualization technology. For ease of understanding, the hot
spare capacity is expressed in the number of hot spare disks on
DeviceManager.
● Even if the hot spare space is used up, the system can use the
free space of the storage pool to reconstruct data, ensuring
storage system reliability.
Capacity Alarm When the percentage of the storage pool's allocated

Threshold (%) capacity to its total capacity reaches this threshold, the
system generates a capacity alarm.
A proper capacity alarm threshold helps you monitor the
capacity usage of a storage pool.
[Value range]
1 to 95
[Default value]
80
Capacity Used When the percentage of the storage pool's allocated

Up Alarm capacity to its total capacity reaches this threshold, the
Threshold (%) system generates an alarm indicating that the capacity is
being used up. The severity of this alarm is higher than that
of the capacity alarm.
[Value range]
2 to 99
[Default value]
90
NOTE
The value of Capacity Used Up Alarm Threshold (%) must be
greater than that of Capacity Alarm Threshold (%).
Protection Data Indicates whether to automatically delete earliest scheduled

Auto Deletion HyperCDP objects when the percentage of the protection
capacity to the storage pool's total capacity reaches
Protection Capacity Upper Limit (%). The automatic
deletion stops when the percentage becomes less than
Protection Capacity Lower Limit (%).

OceanStor Dorado
Protection Lower limit for the percentage of the protection capacity to

Capacity Lower the storage pool's total capacity for the system to stop
Limit (%) deleting earliest scheduled HyperCDP objects.
NOTE
This parameter is available only when Protection Data Auto
Deletion is enabled.
[Value range]
1 to 95
[Default value]
20
Protection Maximum allowable percentage of the protection capacity

Capacity Upper to the storage pool's total capacity. After this threshold is
Limit (%) reached, the system automatically deletes earliest scheduled
HyperCDP objects.
NOTE
● This parameter is available only when Protection Data Auto
● The value of Protection Capacity Upper Limit (%) must be
greater than that of Protection Capacity Lower Limit (%).
[Value range]
2 to 99
[Default value]
30
NOTE
Parameters including Description, Data Encryption, RAID Policy, Capacity Alarm

Threshold (%), Capacity Used Up Alarm Threshold (%), and Protection Data Auto
Deletion are hidden. You can click Advanced to display them.
Step 4 Click OK and follow the prompts that appear.
Step 5 Click Next.
----End
2.4.2.2 Creating a Storage Pool (Applicable to 6.1.2 and Later)

Create a storage pool in recommended or custom mode.
Context
● When you create a storage pool, the default and recommended hot spare
policy is Low (1 disk). Possible options are None, Low (1 disk), High (2

OceanStor Dorado
disks), Custom (3 disks), Custom (4 disks), Custom (5 disks), Custom (6

disks), Custom (7 disks), and Custom (8 disks).
NOTE
● The storage system uses RAID 2.0+ virtualization technology, so hot spare capacity
is provided by all member disks in each storage pool. For ease of understanding,
the hot spare capacity is expressed in the number of hot spare disks on
DeviceManager.
● Even if the hot spare space is used up, the system can use the free space of the
storage pool to reconstruct data, ensuring storage system reliability.
● For details about storage resource planning, see "Planning Storage Resources"
in the Basic Storage Service Configuration Guide for Block.
Creating a Storage Pool in Recommended Mode
NOTE
situation.
Step 1 Select Recommended to create a storage pool with default settings.

NOTE
To modify parameter settings, click . In the displayed Modify Storage Pool dialog box,
set the storage pool parameters.
Step 3 Click Next.
----End
NOTE
● The Provision page is displayed and the result of creating the storage pool is displayed.
● If you want to modify the properties of the created storage pool, click Previous to
return to the Create Storage Pool page and click .
● For details, see "Modifying the Properties of a Storage Pool" in the Basic Storage Service
Configuration Guide for Block.

OceanStor Dorado
Creating a Storage Pool in Custom Mode
NOTE
situation.
Step 1 Select Custom and click .

The Create Storage Pool page is displayed.
Step 2 Set the storage pool parameters.
Table 2-7 Advanced storage pool parameters

Name Name of the storage pool.

[Value range]
● The name contains only letters, digits, periods (.),
underscores (_), and hyphens (-).
Description Description of the storage pool.

OceanStor Dorado
Data Encryption Indicates whether to enable data encryption

● If this function is disabled, the storage pool is not
encrypted.
● If this function is enabled, the storage pool is encrypted.
NOTE
● If this function is enabled, the system automatically checks
whether the key service has been configured. If the key service
has not been configured, the system will prompt you to
configure the key service. For details, see the Disk Encryption
User Guide specific to your product model and version.
● The data encryption attribute cannot be changed once being
specified during storage pool creation.
Encryption For non-SEDs, the storage system uses DEKs to encrypt data
Algorithm and then writes the encrypted data to disks. When data is
read, the storage system uses the DEKs to decrypt the data.
If only non-SEDs are used, you must select an encryption
algorithm after data encryption is enabled. Possible values
are SM4 and AES.
If both SEDs and non-SEDs are used, after data encryption is
enabled, the system uses the same algorithm as that used
by the SEDs to encrypt data on the non-SEDs by default.
NOTE
● This parameter is available only when Data Encryption is
enabled and the HyperEncryption license has been imported.
● Only the Sansec KMIP key server supports the SM4 encryption
algorithm.
● The SM4 encryption algorithm is supported only in the Chinese
Mainland.
● The encryption algorithm cannot be changed once being
specified during storage pool creation.
● Only 6.1.5 and later versions support this parameter.

OceanStor Dorado
Redundancy Redundancy policy of the storage pool. Possible options are

Policy Disk redundancy and Enclosure redundancy.
● Disk redundancy: Chunks in a chunk group come from
different SSDs. With this redundancy policy used, the
system can tolerate disk failures within the RAID
redundancy.
● Enclosure redundancy: Chunks in a chunk group come
from different SSDs and are distributed in different
enclosures. In addition, the number of chunk columns in
each enclosure does not exceed the RAID redundancy.
With this redundancy policy used, the system can tolerate
a single disk enclosure failure without service
interruption and data loss.
NOTE
● The redundancy policy of a storage pool cannot be changed
once being specified during storage pool creation.
● If Enclosure redundancy is selected, select the controller
enclosures and disk enclosures to which the storage pool
belongs.
[Default value]
Disk redundancy

OceanStor Dorado
RAID Policy RAID policy of the storage pool. Dynamic RAID is used.
Dynamic RAID reconstruction uses the erasure coding (EC)
algorithm, which dynamically adjusts the number of chunks
in a chunk group under all-SSD configurations to ensure
system reliability and capacity. If a chunk is faulty and no
chunk is available from disks outside the storage pool, the
system dynamically reconstructs the original N+M chunks to
(N-1)+M chunks. When a new SSD is inserted, the system
migrates data from the (N-1)+M chunks to the newly
constructed N+M chunks for efficient disk usage.
The RAID levels are defined as follows:
● RAID 5: The parity data in each chunk group occupies the
space of one chunk. The failure on any one chunk can be
tolerated. If two or more chunks fail, data in the chunk
● RAID 10: Failures on any two chunks can be tolerated. If
three or more chunks fail, data in the chunk group
cannot be recovered.
● RAID 6: In each chunk group, the parity data occupies the
space of two chunks. Failures on any two chunks can be
tolerated. If three or more chunks fail, data in the chunk
● RAID-TP: In each chunk group, the parity data occupies
the space of three chunks. Failures on any three chunks
can be tolerated. If four or more chunks fail, data in the
chunk group cannot be recovered.
NOTE
● For 6.1.2 and later versions, RAID 5 can be configured only in CLI
mode.
● When Redundancy Policy is set to Disk redundancy, possible
options for this parameter are RAID 6 and RAID-TP.
● When Redundancy Policy is set to Enclosure redundancy,
possible options for this parameter are RAID 10, RAID 6 and
RAID-TP.
[Default value]
RAID 6 for disk redundancy and RAID-TP for enclosure
redundancy
Controller Controller enclosure to which the storage pool belongs.

Enclosure NOTE
Disk redundancy.

OceanStor Dorado
Controller Click Select. On the Select Controller Enclosure and Disk

Enclosure and Enclosure page that is displayed, select the controller
Disk Enclosure enclosures and disk enclosures to which the storage pool
belongs and click OK.
disks in the storage pool must come from at least four
enclosures (including controller enclosures and disk
enclosures). That is:
from at least one controller enclosure and three disk
enclosures or at least four disk enclosures.
from at least four disk enclosures.
NOTE
Enclosure redundancy.
SmartTier Manually select drives of the SCM and SSD types to activate
SmartTier.
SCM drive types include SCM drives.
SSD drive types include SSDs and NVMe SSDs.
NOTE
Disk redundancy and the selected controller enclosure contains
SCM drives.
Storage Pool Set the capacity of the storage pool.

Capacity When Redundancy Policy is set to Disk redundancy,
Disks, and Selectable Disks per Controller Enclosure, are
each controller enclosure used to create the storage pool.
Disks, and Selectable Disks per Disk Enclosure, are
each enclosure used to create the storage pool. Select at
least three disks from each disk enclosure.
NOTE
You can click Select to manually select disks.

OceanStor Dorado
Hot Spare Policy Hot spare policy of the storage pool. Hot spare space stores
data from the failed member disks to ensure system
continuity and reliability.
[Value range]
None, Low (1 disk), High (2 disks), Custom (3 disks),
Custom (4 disks), Custom (5 disks), Custom (6 disks),
Custom (7 disks), and Custom (8 disks)
[Default value]
Low (1 disk)
NOTE
● Hot spare capacity is provided by all member disks in each
storage pool because the storage system uses RAID 2.0+
virtualization technology. For ease of understanding, the hot
spare capacity is expressed in the number of hot spare disks on
DeviceManager.
● Even if the hot spare space is used up, the system can use the
free space of the storage pool to reconstruct data, ensuring
storage system reliability.
Capacity Alarm When the percentage of the storage pool's allocated

Threshold (%) capacity to its total capacity reaches this threshold, the
system generates a capacity alarm.
A proper capacity alarm threshold helps you monitor the
capacity usage of a storage pool.
[Value range]
1 to 95
[Default value]
80
Capacity Used When the percentage of the storage pool's allocated

Up Alarm capacity to its total capacity reaches this threshold, the
Threshold (%) system generates an alarm indicating that the capacity is
being used up. The severity of this alarm is higher than that
of the capacity alarm.
[Value range]
2 to 99
[Default value]
90
NOTE
The value of Capacity Used Up Alarm Threshold (%) must be
greater than that of Capacity Alarm Threshold (%).
Protection Data Indicates whether to automatically delete earliest scheduled

Auto Deletion HyperCDP objects when the percentage of the protection
capacity or used capacity to the storage pool's total capacity
reaches Protection Capacity Upper Limit (%). The
automatic deletion stops when the percentage becomes less
than Protection Capacity Lower Limit (%).

OceanStor Dorado
Protection Lower limit for the percentage of the protection capacity to

Capacity Lower the storage pool's total capacity for the system to stop
Limit (%) deleting earliest scheduled HyperCDP objects.
NOTE
This parameter is available only when Protection Data Auto
[Value range]
1 to 95
[Default value]
20
Protection Maximum allowable percentage of the protection capacity

Capacity Upper to the storage pool's total capacity.
Limit (%) NOTE
● This parameter is available only when Protection Data Auto
● The value of Protection Capacity Upper Limit (%) must be
greater than that of Protection Capacity Lower Limit (%).
[Value range]
2 to 99
[Default value]
30
NOTE
Parameters including Description, Data Encryption, RAID Policy, Capacity Alarm

Threshold (%), Capacity Used Up Alarm Threshold (%), and Protection Data Auto
Deletion are hidden. You can click Advanced to display them.
Step 4 Click OK and follow the prompts that appear.
Step 5 Click Next.
----End
2.4.3 Allocating Storage Resources

After creating a storage pool, you can allocate storage resources by creating LUN
groups or file systems.
2.4.3.1 Configuring Storage Ports

● If the storage system is connected to your host over a Fibre Channel network,
skip Configure Storage Port.
● If the storage system is connected to your host over an iSCSI network, click
the Configure button next to ETH.

OceanStor Dorado
The Manage Logical Port page is displayed.

– To create a logical port:
i. Click Create.
The Create Logical Port page is displayed.
ii. Configure the logical port parameters. Table 2-8 describes the
parameters.
Table 2-8 Logical port parameters
Name Name of the logical port.

The name must meet the following requirements:
● The name can contain only letters, digits,
underscores (_), hyphens (-), and periods (.).
Role Role of the logical port. The roles include the

following:
Management: A port of this role is used by a vStore
administrator to log in to the system for
management.
Service: A port of this role is used to access services.
Management + service: A port of this role is used to
access services or for a vStore administrator to log in
to the storage system for system management.
Replication: A port of this role is used for replication
link connection in remote replication or HyperMetro,
or for quorum link connection in HyperMetro.
NOTE
● For iSCSI connections, select Service.
● Only 6.1.3 and later versions support role types of
Management and Management + service.
Data Data protocol of the logical port. Possible values are

Protocol NFS, CIFS, NFS + CIFS, iSCSI, and NVMe over RoCE.
NOTE
● NFS, CIFS, and NFS + CIFS are applicable to file service
configuration. iSCSI and NVMe over RoCE are
applicable to block service configuration.
● For iSCSI connections, select iSCSI.
● This parameter is available only when Role is set to
Service or Management + service.
Owning vStore to which the logical port belongs.

vStore NOTE
This parameter is displayed only when Role is set to
Service, Management, or Management + service.

OceanStor Dorado
IP Address IP address type of the logical port, which can be IPv4

Type or IPv6.
IP Address IPv4 or IPv6 address of the logical port.
Subnet Subnet mask of the logical port's IPv4 address.

Mask NOTE
This parameter is available only when IP Address Type is
set to IPv4.
Prefix Prefix length of the logical port's IPv6 address.

NOTE
This parameter is available only when IP Address Type is
set to IPv6.
Gateway Gateway of the logical port's IP address.
Port Type Type of the port to which the logical port belongs.
Possible values are Ethernet port, Bond port, VLAN,
and RoCE port.
NOTE
● When Data Protocol is NFS, CIFS, NFS + CIFS, or iSCSI,
you can select an Ethernet port, bond port, or VLAN.
● When Data Protocol is NVMe over RoCE, you can
select a VLAN or RoCE port.
● Only 6.1.5 and later versions support RoCE ports.
Home Port Ethernet port, bond port, VLAN, or RoCE port to

which the logical port belongs.
NOTE
If Port Type is set to RoCE port, you can only select the
RoCE port whose Trust Mode is DSCP.
NOTE
● When NFS, CIFS, or NFS + CIFS is used, advanced parameter

configuration is supported. For details, see section "Creating a Logical
Port" in the Basic Storage Service Configuration Guide for File.
● For details about how to modify or delete logical ports, see section
"Managing Logical Ports" in the Basic Storage Service Configuration
Guide for File.
iii. Click OK.
– To manage routes:
i. Select the desired logical port and click Manage Route.
The Manage Route page is displayed.
NOTE
You can also click More on the right of the logical port and select Manage
Route.

OceanStor Dorado
ii. In the IP Address drop-down list, select the IP address of the

Ethernet port for which you want to add a route.
iii. Click Add.
iv. Set the parameters listed in Table 2-9.
Table 2-9 Route parameters
Paramet Description
er
Type Three types of routes are available:

● Default route
A route through which data is forwarded by default
if no preferred route is available. The destination
address and mask (IPv4) or prefix (IPv6) of the
default route are automatically set to 0. To use this
option, you only need to add a gateway.
● Host route
A route to a host. The destination mask (IPv4) or
prefix (IPv6) of the host route are automatically set
to 255.255.255.255 or 128. To use this option, you
only need to add the destination address and
gateway.
● Network segment route
A route to a network segment. You must add the
destination address, destination mask (IPv4) or
prefix (IPv6), and gateway.
Destinati IPv4 address, IPv6 address, or network segment of the

on destination service network port on the application
Address server or destination logical port on another storage
system.
Subnet Subnet mask of the IPv4 address or prefix of the IPv6

Mask/ address for the destination service network port on the
Prefix application server or destination logical port on another
storage system.
Gateway Gateway where the local logical port's IP address

resides.
NOTE
The IP address of the gateway must be different from all
internal heartbeat IP addresses. Otherwise, routing will fail.
v. Click . The route information is added to the list.

NOTE
To delete a route, select it and click .

vi. Click Close.
After the configuration is complete, click Close.

OceanStor Dorado
2.4.3.2 Configuring Block Services
2.4.3.2.1 Configuring Block Services (Applicable to 6.1.0)

If the host uses Huawei UltraPath, you can scan the UltraPath host in the
initialization wizard and create LUN groups to allocate storage resources to the
host.
Specifying Whether to Use UltraPath on Your Host
NOTICE
This function requires Huawei's UltraPath multipathing software on the host side.
NOTE
● If the host uses Huawei UltraPath, enable Use UltraPath Host. After this
function is enabled:
– The storage system automatically detects the host.
– Configure UltraPath on the host as prompted. For details, see
Configuring UltraPath on Your Host.
● If the host uses the native multipathing software of the operating system,
disable Use Ultrapath Host and exit the initialization wizard.
Configuring UltraPath on Your Host

Step 1 Configure connectivity between the storage system and your host. For details, see
"Configuring Connectivity" in the Host Connectivity Guide.
● If the storage system is connected to your host over an iSCSI network,
configure connectivity between the host initiator and the storage system.

OceanStor Dorado
query WWN information of the HBA on your host. If switches are used,
categorize HBA ports on your host and ports on the storage system into zones
based on the network planning.

name in the search box to search for, browse, and download documents.
Step 2 Install UltraPath on your host in either of the following ways:

● Installing UltraPath manually: Follow instructions in the OceanStor UltraPath
for XXX User Guide. XXX indicates the operating system, such as Windows.
● Installing UltraPath using SmartKit: Follow the instructions in C Using
SmartKit to Install UltraPath.
NOTE
– The Scan for Host function of the storage system is applicable only when Huawei
UltraPath has been installed on the host.
– The UltraPath and SmartKit versions must match the storage system version. For
details, refer to the version mapping table. To obtain the version mapping table,
log in to https://support.huawei.com/enterprise/, enter your storage model in
the search box, and select the associated path to the product documentation page.
Then find and download the version mapping table.
– During manual installation, run the install.sh script on Linux.
Step 3 Run the command for scanning LUNs on your host and ensure that the host
information is registered on the storage system.
NOTE
● The purpose of this operation is to register host information on the storage system
instead of discovering storage resources.
● The LUN scanning method varies with operating system. For common scanning
methods, see E LUN Scanning Methods in Different Operating Systems. For more
details, see the Host Connectivity Guide.
● If your host has not been mapped to a LUN, a 16 KB virtual disk will be displayed on
your operating system. This virtual disk will disappear if you map your host to a LUN.
Step 4 After UltraPath has been installed and LUN scanning is completed on the host,
select Installing UltraPath and scanning for LUNs are complete on
DeviceManager.
----End
Scanning for Hosts Running UltraPath

Step 1 Click Scan. The storage system will discover the hosts connected to it.
Step 2 Click the number of discovered hosts. The Hosts page is displayed.
Step 3 View the host list for information about the scanned hosts. Table 2-10 describes
the related parameters.

OceanStor Dorado
Table 2-10 Host parameters

Name Name of the host.
IP Address IP address of the host.
OS Operating system of the host.
----End
If a host running UltraPath has been scanned, click Create LUN Group to allocate
storage resources to the host.
Creating LUN Groups

Allocation of block storage resources is implemented by mapping LUN groups to
UltraPath hosts.
For details about basic storage service configuration, such as creating storage
resources and setting up mappings, see the Basic Storage Service Configuration
Guide for Block.
name in the search box to search for, browse, and download documents.
Step 1 Click Create LUN Group.

The Create LUN Group page is displayed on the right.

OceanStor Dorado
NOTE
Step 2 Set LUN group information.

1. Specify the Name for the LUN group.
NOTE
– The name must be unique.

– The name can contain only letters, digits, periods (.), underscores (_), and hyphens
(-).
– The name must contain 1 to 31 characters.
2. Input necessary information about the LUN group in Description to help you
identify the LUN group.
NOTE
Description is hidden. You can click Advanced to display it.

3. Select LUNs.
– If you select New LUN:
i. Specify the Storage Pool to which the new LUN belongs.
ii. Specify Application Type based on the I/O model of your services.
NOTE
In block service scenarios, the following preset application types are

provided for typical applications: Default, Oracle_OLAP, Oracle_OLTP,
Oracle_OLAP&OLTP, SQL_Server_OLAP, SQL_Server_OLTP,
SQL_Server_OLAP&OLTP, SAP_HANA, Vmware_VDI, Hyper-V_VDI, and
FusionAccess_VDI.
○ The preset application types specify the application request sizes. When
SmartCompression and SmartDedupe licenses are imported to the
system, the preset application types also display whether
SmartCompression and SmartDedupe are enabled. For details, refer to
the SmartDedupe and SmartCompression Feature Guide for Block.
○ After you have set an application type for a LUN, you are unable to
change it in follow-up operations.
○ If the application type configured for a LUN does not match the actual
I/O model, the LUN performance may deteriorate.
○ If none of the preset application types matches the actual I/O model,
you can run the create lun_workload_type general command to create
one. For details on this command, refer to the command reference.
iii. Specify the LUN name prefix, capacity per LUN, and quantity. Table
2-11 describes the parameters.
Table 2-11 LUN parameters
Name Prefix Name prefix of the LUN. The names of the new
LUNs are numbered in sequence based on the
name prefix.

OceanStor Dorado
Capacity per Maximum capacity that will be allocated to a thin

LUN LUN. The total storage resources dynamically
allocated to the thin LUN must not exceed the
value of this parameter.
NOTE
○ The maximum capacity of the LUN must not exceed
the system specifications.
○ You can set the capacity unit to Blocks to create
LUNs by block. A block is equal to 512 bytes. The
LUN capacity must not be smaller than 1024 blocks
(that is, 512 KB).
○ Storage system capacity equation: 1 PB = 1,024 TB, 1
TB = 1,024 GB, 1 GB = 1,024 MB, 1 MB = 1,024 KB, 1
KB = 1,024 bytes.
Quantity Number of LUNs created in a batch. Set this

parameter based on site requirements.
[Value range]
1 to 500
NOTE
○ LUNs created in a batch have the same capacity.
○ When LUNs are created in a batch, the system
automatically adds suffixes to the names based on
the number of LUNs for distinction. You can click
to manually specify the start number for the suffixes.
iv. (Optional) When creating LUNs in batches, click and specify Start
Number, from which the system incrementally adds a suffix number
to the name of each LUN for distinction.
NOTE
○ Start Number ranges from 0 to (10000 – Number of LUNs created in

batches).
○ For example, if you want to create 300 LUNs, the value range of Start
Number is 0 to 9700.
v. (Optional) Click to add more LUNs.

vi. (Optional) Click to remove LUNs.
– If you select Existing LUN:
Select one or more LUNs from Available LUNs and add them to
Selected LUNs.
NOTE
You can select Only show the LUNs that do not belong to any LUN group to
view LUNs that do not belong to any LUN group.
4. (Optional) Select a host group or host from Map To.

OceanStor Dorado
NOTE
If no host or host group exists in the system, click Create to create one.
5. (Optional) Select a Port Group.
NOTE
– To display this option, select the host or host group to which the LUN group is to
be mapped.
– If no port group exists in the system, click Create to create one.
6. (Optional) In the Host LUN ID area, select a method of setting the IDs.
– Automatic: The system assigns a host LUN ID to each LUN mapped to a
host.
– Start ID: Set a start ID ranging from 0 to 4095. The system assigns a host
LUN ID to each LUN mapped to a host, starting from Start ID.
– Specified ID: Manually assign a host LUN ID to each LUN mapped to a
host.
NOTE
Parameter Host LUN ID is hidden. To display it, click Advanced and select the host or
host group to which the LUN group is to be mapped.
Step 3 Click OK.

Confirm your operation as prompted.
----End
Follow-up Procedure
After allocating storage resources to a host, update and query the allocated LUNs
on your host.
● If your host is running Huawei UltraPath, see the OceanStor UltraPath for XXX
User Guide for the LUN management commands. (XXX indicates the
operating system.)
For example, on Linux, you can run upRescan or hot_add to update LUN
information and run upadmin show vlun to query the LUNs mapped to the
host.
linux:~ # upRescan
Begin to delete LUNs whose mappings do not exist
Begin to delete LUNs whose mappings are changed.
begin scan host1
begin scan host2
begin scan host3
begin scan host4
begin scan host5
begin scan host6
begin scan host7
begin scan host8
begin scan host9
The device scanning is complete.
linux:~ # upadmin show vlun
-----------------------------------------------------------------------------------------------------------------------
---------------------------------------------------------
Vlun ID Disk Name Lun WWN Status Capacity Ctrl(Own/Work)
Array Name Dev Lun ID No. of Paths(Available/Total)
0 sdb LUNGroup001_0000000 6203db2100d7b78b00668c2700000000 Normal 100.00GB

OceanStor Dorado
--/-- Huawei.Storage.testhy 0 2/2

1 sdd LUNGroup001_0000001 6203db2100d7b78b00668ca700000001 Normal 100.00GB
2 sdf LUNGroup001_0000002 6203db2100d7b78b00668d2500000002 Normal 100.00GB
3 sdg LUNGroup001_0000003 6203db2100d7b78b00668da500000003 Normal 100.00GB
4 sdh LUNGroup001_0000004 6203db2100d7b78b00668e2000000004 Normal 100.00GB
-----------------------------------------------------------------------------------------------------------------------
---------------------------------------------------------
● If your host is running the native multipathing software of the operating

system, see the Host Connectivity Guide.
2.4.3.2.2 Configuring Block Services (Applicable to 6.1.2 and Later)

If the host uses Huawei UltraPath, you can scan the UltraPath host in the
initialization wizard and create LUN groups to allocate storage resources to the
host.
Specifying Whether to Use UltraPath Host (Applicable to 6.1.2 and 6.1.3)
NOTICE
This function requires Huawei's UltraPath multipathing software on the host side.
NOTE
● If the host uses Huawei UltraPath, enable Use UltraPath Host. After this
function is enabled:
disable Use Ultrapath Host and exit the initialization wizard.

OceanStor Dorado
Selecting Whether to Enable UltraPath Host Auto Scan (Applicable to 6.1.5

and Later)
NOTICE
● This function requires Huawei's UltraPath multipathing software on the host

side.
● UltraPath hosts that use the NVMe over RoCE or iSCSI protocol do not support
this function.
NOTE
● If the host uses Huawei UltraPath, enable UltraPath Host Auto Scan. After
this function is enabled:
disable UltraPath Host Auto Scan and exit the initialization wizard.
Configuring UltraPath on Your Host

Step 1 Configure connectivity between the storage system and your host. For details, see
"Configuring Connectivity" in the Host Connectivity Guide.
● If the storage system is connected to your host over an iSCSI network,
configure connectivity between the host initiator and the storage system.
query WWN information of the HBA on your host. If switches are used,
categorize HBA ports on your host and ports on the storage system into zones
based on the network planning.

OceanStor Dorado
Step 2 Install UltraPath on your host in either of the following ways:

● Installing UltraPath manually: Follow instructions in the OceanStor UltraPath
for XXX User Guide. XXX indicates the operating system, such as Windows.
● Installing UltraPath using SmartKit: Follow the instructions in C Using
SmartKit to Install UltraPath.
NOTE
– The Scan for Host function of the storage system is applicable only when Huawei
UltraPath has been installed on the host.
– The UltraPath and SmartKit versions must match the storage system version. For
details, refer to the version mapping table. To obtain the version mapping table,
log in to https://support.huawei.com/enterprise/, enter your storage model in
Then find and download the version mapping table.
– During manual installation, run the install.sh script on Linux.
Step 3 Run the command for scanning LUNs on your host and ensure that the host
information is registered on the storage system.
NOTE
● The purpose of this operation is to register host information on the storage system
instead of discovering storage resources.
● The LUN scanning method varies with operating system. For common scanning
methods, see E LUN Scanning Methods in Different Operating Systems. For more
details, see the Host Connectivity Guide.
● If your host has not been mapped to a LUN, a 16 KB virtual disk will be displayed on
your operating system. This virtual disk will disappear if you map your host to a LUN.
Step 4 After UltraPath has been installed and LUN scanning is completed on the host,
select Installing UltraPath and scanning for LUNs are complete on
DeviceManager.
NOTE
This step applies only to 6.1.2 and 6.1.3.
----End
Scanning for Hosts Running UltraPath

Step 1 Click Scan. The storage system will discover the hosts connected to it.
Step 2 Click the number of discovered hosts. The Hosts page is displayed.
Step 3 View the host list for information about the scanned hosts. Table 2-12 describes
the related parameters.
Table 2-12 Host parameters
Name Name of the host.
IP Address IP address of the host.

OceanStor Dorado
OS Operating system of the host.
Initiators Number of initiators on the host.
Owning vStore Name of the vStore to which the host

belongs.
NOTE
Only 6.1.3 and later versions support this
parameter.
vStore ID ID of the vStore to which the host

belongs.
NOTE
Only 6.1.3 and later versions support this
parameter.
----End
If a host running UltraPath has been scanned, click Create LUN Group to allocate
storage resources to the host.
Creating LUN Groups

Allocation of block storage resources is implemented by mapping LUN groups to
UltraPath hosts.
For details about basic storage service configuration, such as creating storage
resources and setting up mappings, see the Basic Storage Service Configuration
Guide for Block.
Step 1 Click Create LUN Group.
The Create LUN Group page is displayed on the right.

OceanStor Dorado
NOTE
Step 2 Set LUN group information.

1. Set the name of the new LUN group.
NOTE

– The name can contain only letters, digits, periods (.), underscores (_), and hyphens
(-).
– The name contains 1 to 255 characters.
2. In the Owning vStore drop-down list, select the vStore to which the newly
created LUN belongs.
3. Input necessary information about the LUN group in Description to help you
identify the LUN group.
NOTE
Description is hidden. You can click Advanced to display it.

4. Select LUNs.
– If you select New LUN:
i. Select the storage pool to which the LUN belongs and set
Application Type for the LUNs.

OceanStor Dorado
NOTE
The following preset application types are provided for typical applications:
Default, Oracle_OLAP, Oracle_OLTP, Oracle_OLAP&OLTP,
SQL_Server_OLAP, SQL_Server_OLTP, SQL_Server_OLAP&OLTP,
SAP_HANA, Vmware_VDI, Hyper-V_VDI, Others, and FusionAccess_VDI.
○ The preset application types specify the application request sizes. When
SmartCompression and SmartDedupe licenses are imported to the
system, the preset application types also display whether
SmartCompression and SmartDedupe are enabled. For details, see
SmartDedupe and SmartCompression Feature Guide for Block of the
desired product model and version.
○ After you have set an application type for a LUN, you are unable to
change it in follow-up operations.
○ If the application type configured for a LUN does not match the actual
I/O model, the LUN performance may deteriorate.
○ If none of the preset application types matches the actual I/O model,
you can run the create lun_workload_type general command to create
one. For details on this command, refer to the Command Reference.
○ Only 6.1.3 and later versions support Others.
ii. Specify the LUN name prefix, capacity per LUN, and quantity. Table
2-13 describes the parameters.
Table 2-13 LUN parameters

Name Prefix Name prefix of the LUN. The names of the new
LUNs are numbered in sequence based on the
name prefix.
Capacity per Maximum capacity that will be allocated to a thin

LUN LUN. The total storage resources dynamically
allocated to the thin LUN must not exceed the
value of this parameter.
NOTE
○ The maximum capacity of the LUN must not exceed
the system specifications.
○ You can set the capacity unit to Blocks to create
LUNs by block. A block is equal to 512 bytes. The
LUN capacity must not be smaller than 1024 blocks
(that is, 512 KB).
○ The storage system uses the following capacity
algorithms defined by Windows: 1 PB = 1,024 TB, 1
TB = 1,024 GB, 1 GB = 1,024 MB, 1 MB = 1,024 KB,
and 1 KB = 1,024 bytes.

OceanStor Dorado
Quantity Number of LUNs created in a batch. Set this

parameter based on site requirements.
[Value range]
1 to 500
NOTE
○ LUNs created in a batch have the same capacity.
○ When LUNs are created in a batch, the system
automatically adds suffixes to the names based on
the number of LUNs for distinction. You can click
to manually specify the suffixes.
iii. (Optional) When creating LUNs in a batch, click and set the
suffixes of the LUNs. Related parameters include Suffix Digits and
Suffix (start number of the suffixes). The system adds a suffix to the
end of each LUN name in ascending order based on the specified
start suffix number.
NOTE
○ The value range of Suffix is 0 to (10000 – Quantity).

○ For example, if you want to create 300 LUNs, the value range of Suffix is
0 to 9700.
iv. (Optional) Click to add more LUNs.

v. (Optional) Click to remove LUNs.
– If you select Existing LUN:
Select one or more LUNs from Available LUNs to add them to Selected
LUNs.
NOTE
You can select Only show the LUNs that do not belong to any LUN group to
view LUNs that do not belong to any LUN group.
5. (Optional) Configure a mapping for the LUN group.
a. Select a host or host group.
NOTE
If no host or host group exists in the system, click Create to create one.
b. Select a port group.
NOTE
▪ To display this option, select the host or host group to which the LUN group is
to be mapped.
▪ If no port group exists in the system, click Create to create one.
c. Select Advanced in the upper right corner and set how to assign host
LUN IDs.

OceanStor Dorado
▪ Automatic: The system assigns a host LUN ID to each LUN mapped

to a host.
▪ Start ID: Set a start ID ranging from 0 to 4095. The system assigns a
host LUN ID to each LUN mapped to a host, starting from Start ID.
▪ Specified ID: Manually assign a host LUN ID to each LUN mapped to

a host.
d. If HyperMetro pairs have been created for the selected LUNs, determine
whether to select Same Host LUN ID. If you select it, the system forcibly
ensures that the host LUN IDs of the local and remote LUNs in the same
HyperMetro pairs are the same. In SAN-based HyperMetro scenarios
involving ESX hosts, if the host LUN IDs of the local and remote LUNs in
the same HyperMetro pairs are different, data may be inconsistent.
Step 3 Click OK.
----End
Follow-up Procedure
After allocating storage resources to a host, update and query the allocated LUNs
on your host.
● If your host is running Huawei UltraPath, see the OceanStor UltraPath for XXX
User Guide for the LUN management commands. (XXX indicates the
operating system.)
For example, on Linux, you can run upRescan or hot_add to update LUN
information and run upadmin show vlun to query the LUNs mapped to the
host.
linux:~ # upRescan
Begin to delete LUNs whose mappings do not exist
Begin to delete LUNs whose mappings are changed.
begin scan host1
begin scan host2
begin scan host3
begin scan host4
begin scan host5
begin scan host6
begin scan host7
begin scan host8
begin scan host9
The device scanning is complete.
linux:~ # upadmin show vlun
-----------------------------------------------------------------------------------------------------------------------
---------------------------------------------------------
Vlun ID Disk Name Lun WWN Status Capacity Ctrl(Own/Work)
Array Name Dev Lun ID No. of Paths(Available/Total)
0 sdb LUNGroup001_0000000 6203db2100d7b78b00668c2700000000 Normal 100.00GB
1 sdd LUNGroup001_0000001 6203db2100d7b78b00668ca700000001 Normal 100.00GB
2 sdf LUNGroup001_0000002 6203db2100d7b78b00668d2500000002 Normal 100.00GB
3 sdg LUNGroup001_0000003 6203db2100d7b78b00668da500000003 Normal 100.00GB
4 sdh LUNGroup001_0000004 6203db2100d7b78b00668e2000000004 Normal 100.00GB

OceanStor Dorado
-----------------------------------------------------------------------------------------------------------------------
---------------------------------------------------------
● If your host is running the native multipathing software of the operating

system, see the Host Connectivity Guide.
2.4.3.3 Configuring File Services
2.4.3.3.1 Configuring File Services (Applicable to 6.1.0)

In the wizard, you can create file systems in the storage pool for configuring file
service.
Procedure
Step 1 Click Create File System.
The Create File System page is displayed on the right.
NOTE
Information in the preceding figure is only an example.
Step 2 Set file system parameters.

OceanStor Dorado
Table 2-14 File system parameters

Name Name of the file system.

[Value range]
● The name can contain only letters, digits, underscores (_),
hyphens (-), and periods (.).
Owning vStore vStore to which the file system belongs.
Description Description of the file system.

[Value range]
The description can be left blank or contain up to 255
characters.
Owning Storage Owning storage pool of the file system.

Pool
Security Style Select a security style based on service requirements. It is

used to set the access control style of the file system in
multi-protocol mode.
● NTFS
Controls CIFS users' permissions with Windows NT ACLs.
NOTE
– If NTFS is selected, you are advised to enable user mapping
and set Mapping Mode to Support only user mapping in
the current system in Services > File Service >
Authentication Users > User Mappings > Set Mapping
Parameter.
– In addition, you are advised to configure a default Windows
user for the NFS service in Services > File Service >
Authentication Users > User Mappings > Windows Users.
The default Windows user must be an existing local
authentication user or AD domain user.
● UNIX
Controls NFS users' permissions with UNIX mode bits,
NFSv3 ACLs, or NFSv4 ACLs.
NOTE
– If UNIX is selected, you are advised to enable user mapping
Parameter.
– In addition, you are advised to configure a default UNIX user
for the CIFS service in Services > File Service >
Authentication Users > User Mappings > UNIX Users. The
default UNIX user must be an existing local authentication
user or NIS/LDAP domain user.

OceanStor Dorado
Capacity Capacity of the file system, which indicates the maximum

capacity allocated to the thin file system. That is, the total
capacity dynamically allocated to the thin file system cannot
exceed this value.
NOTE
● The maximum capacity of the file system cannot exceed the
system specifications. For details about the specifications, visit
Specifications Query.
● Storage system capacity equation: 1 PB = 1,024 TB, 1 TB = 1,024
GB, 1 GB = 1,024 MB, 1 MB = 1,024 KB, 1 KB = 1,024 bytes
Capacity Alarm Alarm threshold of the file system capacity. An alarm will be
Threshold (%) generated when the threshold is reached.
Application Type Application type of the file system. Preset application types
are provided for typical applications. In file service scenarios,
possible options are NAS_Default, NAS_Virtual_Machine,
NAS_Database, NAS_Large_File, Office_Automation, and
NAS_EDA.
NOTE
● The Application Request Size and File System Distribution
Algorithm parameters are set for preset application types. The
value of Application Request Size is 16 KB for NAS_Default,
NAS_Virtual_Machine, Office_Automation, and NAS_EDA, 8
KB for NAS_Database, and 32 KB for NAS_Large_File. If
Application Type is set to NAS_Default, NAS_Large_File, or
Office_Automation, File System Distribution Algorithm is
Directory balance mode. In this mode, directories are evenly
allocated to each controller by quantity. If Application Type is
set to NAS_Virtual_Machine, NAS_Database, or NAS_EDA, File
System Distribution Algorithm is Performance mode. In this
mode, directories and files are allocated to the access controller
preferentially to improve access performance of directories and
files.
● When SmartCompression and SmartDedupe licenses are
imported to the system, the preset application types also display
whether SmartCompression and SmartDedupe are enabled. For
details, see SmartDedupe and SmartCompression Feature Guide
for File specific to your product model and version.
● Application Type cannot be changed once being configured. You
are advised to set the value based on the service I/O model.
● To create an application type, run the create workload_type
general name=? io_size=? command. For details, see the
Command Reference specific to your product model and version.
● You can also run the create file_system general or change
file_system general command to create or modify a file system
respectively. For details, see the Command Reference specific to
your product model and version.

OceanStor Dorado
SmartCache Indicates whether to add the file system to a SmartCache

Partition partition. Adding a file system to a SmartCache partition
shortens the response time for reading the file system.
NOTE
This parameter is available only when SCM drives have been added
to the controller enclosure where the file system resides and a
SmartCache partition has been created. For details, see the
SmartCache Feature Guide specific to your product model and
version.
NFS Sets NFS shares for the file system.

1. Enable NFS.
2. Set Creation Mode. Possible values are From template
or New.
– From template
Select a share template from the drop-down list box.
The system presets the description and permission of
the created share based on the selected template. You
can click Modify on the right of Share to modify the
share information.
– New
The system presets the read and write permissions of
all clients. You can click Modify on the right of Share
to modify the share information.
NOTE
For details about how to configure an NFS share, see the
Basic Storage Service Configuration Guide for File specific to
your product model and version.
CIFS Sets CIFS shares for the file system.

1. Enable CIFS.
2. Set Creation Mode. Possible values are From template
or New.
– From template
Select a share template from the drop-down list box.
The system presets the description and permission of
the created share based on the selected template. You
can click Modify on the right of Share to modify the
share information.
– New
The system presets the full control permission for
everyone. You can click Modify on the right of Share
to modify the share information.
NOTE
For details about how to configure a CIFS share, see the Basic
Storage Service Configuration Guide for File specific to your
product model and version.

OceanStor Dorado
Snapshot Indicates whether to visualize the directory of the file

Directory system snapshots.
Visibility
Auto Atime Indicates whether to enable Auto Atime Update. Atime

Update indicates the last file system access time. After this function
is enabled, Atime is updated every time data in the file
system is accessed.
NOTE
Enabling Auto Atime Update compromises the system
performance.
NOTE
Description, Capacity Alarm Threshold (%), SmartCache Partition, Snapshot Directory

Visibility, and Auto Atime Update are hidden parameters. To display hidden parameters,
click Advanced. For details, see the Basic Storage Service Configuration Guide for File
specific to your product model and version.
Step 3 Click OK.

----End
2.4.3.3.2 Configuring File Services (Applicable to 6.1.2)

service.
File Service Domain Authentication Configuration
NOTE
Information in the preceding figure is only an example.
If LDAP, NIS, or AD domain servers for file services are deployed on the user
network, set required domain environment parameters on DeviceManager to add

OceanStor Dorado
the storage system to the corresponding domain environment. In this way, NAS
clients can access the shared storage space through authentication.
● To add the storage system to an LDAP domain, click Configure next to LDAP,
and set parameters on the Configure File Service LDAP Domain page that is
displayed.
● To add the storage system to an NIS domain, click Configure next to NIS, and
set parameters on the Configure File Service NIS Domain page that is
displayed.
● To add the storage system to an AD domain, click Configure next to AD, and
set parameters on the Configure File Service AD Domain page that is
displayed.
NOTE
● You can click on the configuration page to view the parameter description from the
online help, or see sections "Configuring LDAP Domain Authentication Parameters",
"Configuring NIS Domain Authentication Parameters", and "Configuring AD Domain
Authentication Parameters" in the Basic Storage Service Configuration Guide for File.
● The initial configuration wizard provides a quick entry for domain authentication. You
can skip domain authentication as required, and configure it when needed by referring
to the Basic Storage Service Configuration Guide for File.
Creating a File System

NOTE
Step 2 Set the basic information about the file system.


OceanStor Dorado


[Value range]
● The name can contain only letters, digits, periods (.),
underscores (_), hyphens (-), and characters of different
languages.

NOTE
Description is hidden. To display hidden parameters, click
Advanced.
[Value range]
characters.

Pool

OceanStor Dorado

● NTFS
NOTE
Parameter.
Parameter. The default Windows user must be an existing
local authentication user or AD domain user.
● UNIX
Controls NFS users' permissions with UNIX mode bits or
NFSv4 ACLs.
NOTE
Parameter.
Parameter. The default UNIX user must be an existing local
authentication user or NIS/LDAP domain user.
– In this mode, the default UNIX permission of the file system
root directory is 755. If you need to change the value, run the
change file_system general file_system_id=?
unix_permissions=? command. For details about this
command, refer to the Command Reference.
Step 3 Set the capacity and tuning information of the file system.

OceanStor Dorado
Table 2-16 Capacity and tuning parameters


capacity dynamically allocated to the thin file system
cannot exceed this value.
NOTE
system specifications. For details about the specifications, see
the Specifications Query.
● Storage system capacity equation: 1 PB = 1,024 TB, 1 TB = 1,024
GB, 1 GB = 1,024 MB, 1 MB = 1,024 KB, 1 KB = 1,024 bytes
NOTE
● Capacity Alarm Threshold (%) is hidden. To display hidden
parameters, click Advanced.
● The alarm is cleared only when the used capacity of the file
system is smaller than Max {90% of the threshold capacity,
threshold capacity - 1 GB}.

OceanStor Dorado
NAS_Database, NAS_Large_File, Office_Automation, and
NAS_EDA.
NOTE
NAS_Virtual_Machine, Office_Automation, and NAS_EDA, 8
KB for NAS_Database, and 32 KB for NAS_Large_File. If
Application Type is set to NAS_Default, NAS_Large_File,
Office_Automation, or NAS_EDA, File System Distribution
Algorithm is Directory balance mode. In this mode, directories
are evenly allocated to each controller by quantity. If
Application Type is set to NAS_Virtual_Machine or
NAS_Database, File System Distribution Algorithm is
Performance mode. In this mode, directories and files are
allocated to the access controller preferentially to improve
access performance of directories and files.
for File specific to your product model and version.
● Application Type cannot be changed once being configured.
You are advised to set the value based on the service I/O model.
Command Reference of the desired model and version.
respectively. For details, see the Command Reference of the
desired model and version.

NOTE
● SmartCache Partition is hidden. To display hidden parameters,
click Advanced.
● This parameter is available only when SCM drives have been
added to the controller enclosure where the file system resides
and a SmartCache partition has been created. For details, see
SmartCache Feature Guide specific to your product model and
version.
Step 4 If a HyperMetro vStore pair has been created for the selected vStore, you need to
configure HyperMetro for the newly created file system.
Specify Remote Storage Pool for creating a remote file system. The system will
create a remote file system on the remote device of the HyperMetro vStore pair
and add the local and remote file systems to a HyperMetro pair.

OceanStor Dorado
For details about HyperMetro, see HyperMetro Feature Guide (File Service) of the
corresponding version.
Step 5 Configure shares for the file system.
● Set NFS shares for the file system.
a. Enable NFS.
b. Set Creation Mode. Possible values are From template or New.
▪ From template
Select a share template from the drop-down list box. The system
presets the description and permission of the created share based on
the selected template. You can click Modify on the right of Share to
modify the share information.
▪ New
The system presets the read and write permissions of all clients. You
can click Modify on the right of Share to modify the share
information.
● Set CIFS shares for the file system.
a. Enable CIFS.
b. Set Creation Mode. Possible values are From template or New.
▪ From template
▪ New
The system presets the full control permission for everyone. You can
click Modify on the right of Share to modify the share information.
Step 6 Set a quota for the file system.
NOTE
Quota is a hidden option. To display hidden parameters, click Advanced.
1. Enable Quota.
2. Click Create.
The Create Quota page is displayed on the right.
3. Specify Quota Type. Possible options are Directory quota, User quota, and
User group quota.
– Directory quota
NOTE
The directory quota takes effect for all dtrees in the file system.
– User quota
i. Click Select.
The Select User page is displayed.

OceanStor Dorado
ii. Select the users for which you want to create a quota.
○ If you select All users, the quota limits the space usage or file
quantity of each user in the system.
○ If you select Specified users, click Add. On the Add User page
that is displayed, select the UNIX Users or Windows Users tab,
and select one or more desired users. Then click OK.
NOTE
If you set User Type to Local authentication user, select the desired
users in the list below.
If you set User Type to LDAP domain user, NIS domain user, or AD
domain user, enter the user names in the Name text box.
To remove added users, click Remove on the right of a desired user, or
select one or more desired users and click Remove.
○ If you select Specified user groups, the quota limits the space
usage or file quantity of each specified user group. To add a user
group, click Add. On the Add User Group page that is displayed,
select a user group type and select the desired user groups. Then
click OK.
NOTE
If you set User Group Type to Local authentication user group,

select the desired user groups in the list below.
If you set User Group Type to LDAP domain user group or NIS
domain user group, enter the user group names in the Name text
box.
To remove added user groups, click Remove on the right of a desired
user group, or select one or more desired user groups and click
Remove.
iii. Click OK.
– User group quota
i. Click Select.
The Select User Group page is displayed.
ii. Select the user groups for which you want to create a quota.
○ If you select All user groups, the quota limits the space usage
or file quantity of each user group in the system.
click OK.

OceanStor Dorado
NOTE

box.
Remove.
iii. Click OK.
4. Set space quotas.
Table 2-17 Space quota parameters

Hard Quota Space hard quota. If the quota is reached, the system
immediately forbids writes.
[Value range]
1 KB to 256 PB
The value must be larger than that of Soft Quota.
Soft Quota Space soft quota. If the quota is reached, the system
generates an alarm but still allows writes. After the hard
quota is reached, the system immediately forbids writes.
[Value range]
1 KB to 256 PB
The value must be smaller than that of Hard Quota.
5. Set file quantity quotas.

Table 2-18 File quantity quota parameters

Hard Quota File quantity hard quota. If the quota is reached, new
files cannot be added. Operations on existing files are
not affected.
[Value range]
1 file to 2 billion files

OceanStor Dorado
Soft Quota File quantity soft quota. If the quota is reached, the
system generates an alarm but new files can still be
added. After the hard quota is reached, new files cannot
be added.
[Value range]
1 file to 2 billion files
NOTE
– If you do not set the space quota or file quantity quota, the storage system only
collects statistics on but does not control the space usage or file quantity. To view
the statistics about used space quota and used file quantity quota, choose Services
> File Service > Quotas > Quota Reports, and select the desired file system.
– To modify a quota, click More on the right of the quota and select Modify.
– To delete a quota, select the quota and click Delete above the list or click More on
the right of the quota.
– The parameters for creating a quota are preset. A quota is created for a file system
only after the file system has been created.
Step 7 Configure data protection for the file system.

1. Enable Add to HyperCDP Schedule.
2. Select a HyperCDP schedule to create a HyperCDP object for the file system.
NOTE
● HyperCDP is a high-density snapshot technology that provides continuous data

protection for file systems. For details about the HyperCDP feature, see HyperCDP
Feature Guide for File of the desired version.
● The system has a built-in HyperCDP schedule NAS_DEFAULT_BUILDIN. The schedule is
executed once an hour (retains the latest three copies), once at 00:05 every day (retains
the latest two copies), and once at 00:10 every Sunday (retains the latest two copies).
● When you create a file system, the system selects the built-in HyperCDP schedule
NAS_DEFAULT_BUILDIN by default.
● A file system can be added to only one HyperCDP schedule. For a file system that has
been added to a HyperCDP schedule, if you want to change its owning HyperCDP
schedule, you need to remove the file system from the original HyperCDP schedule first.
● If a file system has not been added to a HyperCDP schedule during the file system
creation, you can add it to a HyperCDP schedule after the file system is created.
Step 8 Set advanced attributes of the file system.

NOTE
Advanced attributes are hidden options. To display hidden parameters, click Advanced.

OceanStor Dorado
Table 2-19 Advanced file system parameters

Snapshot Indicates whether the directory of the file system snapshots

Directory is visible.
Visibility

Update indicates the last file system access time. After this function
is enabled, Atime is updated every time data in the file
system is accessed.
NOTE
performance.
Step 9 Click OK.

----End
2.4.3.3.3 Configuring File Services (Applicable to 6.1.3 and Later)

service.
File Service Domain Authentication Configuration
Figure 2-9 File service domain authentication configuration (applicable to 6.1.3)

OceanStor Dorado
Figure 2-10 File service domain authentication configuration (applicable to 6.1.5

and later)
NOTE
If LDAP, NIS, or AD domain servers for file services are deployed on the user
network, set required domain environment parameters on DeviceManager to add
the storage system to the corresponding domain environment. In this way, NAS
clients can access the shared storage space through authentication.
● To add the storage system to an LDAP domain, click Configure next to LDAP,
and set parameters on the Configure File Service LDAP Domain page that is
displayed.
● To add the storage system to an NIS domain, click Configure next to NIS, and
set parameters on the Configure File Service NIS Domain page that is
displayed.
● To add the storage system to an AD domain, click Configure next to AD, and
set parameters on the Configure File Service AD Domain page that is
displayed.
NOTE
● You can click on the configuration page to view the parameter description from the
online help, or see sections "Configuring LDAP Domain Authentication Parameters",
"Configuring NIS Domain Authentication Parameters", and "Configuring AD Domain
Authentication Parameters" in the Basic Storage Service Configuration Guide for File.
● The initial configuration wizard provides a quick entry for domain authentication. You
can skip domain authentication as required, and configure it when needed by referring
to the Basic Storage Service Configuration Guide for File.
Creating a File System


OceanStor Dorado
NOTE
Step 2 Set the basic information about the file system.



[Value range]
● The name can contain only letters, digits, periods (.),
underscores (_), hyphens (-), and characters of different
languages.

OceanStor Dorado

NOTE
Description is hidden. To display hidden parameters, click
Advanced.
[Value range]
characters.

Pool

● NTFS
NOTE
Parameter.
Parameter. The default Windows user must be an existing
local authentication user or AD domain user.
● UNIX
Controls NFS users' permissions with UNIX mode bits or
NFSv4 ACLs.
NOTE
Parameter.
Parameter. The default UNIX user must be an existing local
authentication user or NIS/LDAP domain user.
– In this mode, the default UNIX permission of the file system
root directory is 755. If you need to change the value, run the
change file_system general file_system_id=?
unix_permissions=? command. For details about this
command, refer to the Command Reference.
Step 3 Set the capacity and tuning information of the file system.

OceanStor Dorado
Table 2-21 Capacity and tuning parameters


capacity dynamically allocated to the thin file system
cannot exceed this value.
NOTE
system specifications. For details about the specifications, see
the Specifications Query tool.
● The storage system uses the following capacity algorithms
defined by Windows: 1 PB = 1,024 TB, 1 TB = 1,024 GB, 1 GB =
1,024 MB, 1 MB = 1,024 KB, and 1 KB = 1,024 bytes.
NOTE
● Capacity Alarm Threshold (%) is hidden. To display hidden
parameters, select Advanced.
● Capacity threshold = File system capacity x (1 - Reserved
snapshot space ratio (%)) x Capacity alarm threshold (%)
● The alarm is cleared only when the used capacity of the file
system is smaller than Max {90% of the threshold capacity,
threshold capacity - 1 GB}.
Reserved Percentage of the file system snapshot space to the file

Snapshot Space system capacity.
Ratio (%) NOTE
● The file system space must not occupy the space reserved for
snapshots. For example, if the capacity of a file system is 100 GB
and the reserved snapshot space ratio is 20%, the used capacity
of the file system cannot exceed 80 GB.
● Snapshots can be created when the file system space is full but
the space reserved for snapshots is not full.
Delete Obsolete Indicates whether to delete obsolete read-only snapshots. If

Read-Only used space of the file system reaches the capacity alarm
Snapshot threshold and used space of snapshots is larger than space
reserved for snapshots (source file system capacity x
reserved snapshot space ratio), the system automatically
deletes the oldest non-secure read-only snapshots.
NOTE
● Delete Obsolete Read-Only Snapshot is a hidden parameter.
To display hidden parameters, click Advanced.
● If both Delete Obsolete Read-Only Snapshot and Capacity
Auto-negotiation Policy are enabled, the capacity auto-
negotiation policy is executed first.

OceanStor Dorado
Capacity Auto- The available capacity auto-negotiation policies are as

negotiation follows:
Policy ● Not used: The storage capacity used by a file system is
fixed and is not flexibly adjusted by the storage system.
● Auto expansion: The file system capacity is
automatically increased to meet user needs for more
data writes, when the available space of a file system is
about to run out and the storage pool has available
space.
● Auto expansion/reduction: The storage system
automatically adjusts the file system capacity based on
file system space usage. When the available space of a
file system is about to run out and the storage pool has
available space, automatic capacity expansion will be
used to increase file system capacity. When the file
system's storage space is released, it can be reclaimed
into a storage pool and used by other file systems in
data write requests.
NOTE
● Capacity Auto-negotiation Policy is a hidden parameter. To
display hidden parameters, click Advanced.
● If both Delete Obsolete Read-Only Snapshot and Capacity
Auto-negotiation Policy are enabled, the capacity auto-
negotiation policy is executed first.
Auto Expansion When the ratio of the used capacity to the total capacity of
Trigger Threshold a file system is greater than this threshold, the storage
(%) system automatically triggers file system capacity
expansion.
NOTE
● This parameter is displayed only when Capacity Auto-
negotiation Policy is set to Auto expansion or Auto
expansion/reduction.
● The value of Auto Expansion Trigger Threshold (%) must be
greater than that of Auto Reduction Trigger Threshold (%).
Auto Reduction When the ratio of the used capacity to the total capacity of
Trigger Threshold a file system is smaller than this threshold, the storage
(%) system automatically triggers space reclamation to reduce
the file system capacity.
NOTE
negotiation Policy is set to Auto expansion/reduction.

OceanStor Dorado
Auto Expansion Upper limit of automatic capacity expansion.

Upper Limit NOTE
negotiation Policy is set to Auto expansion or Auto
expansion/reduction.
Auto Reduction Lower limit of automatic capacity reduction.

Lower Limit NOTE
negotiation Policy is set to Auto expansion/reduction.
NAS_Database, NAS_Large_File, Office_Automation,
NAS_Others, and NAS_EDA.
NOTE
NAS_Virtual_Machine, Office_Automation, NAS_Others, and
NAS_EDA, 8 KB for NAS_Database, and 32 KB for
NAS_Large_File. If Application Type is set to NAS_Default,
NAS_Large_File, Office_Automation, NAS_Others, or
NAS_EDA, File System Distribution Algorithm is Directory
balance mode. In this mode, directories are evenly allocated to
each controller by quantity. If Application Type is set to
NAS_Virtual_Machine or NAS_Database, File System
Distribution Algorithm is Performance mode. In this mode,
directories are preferentially allocated to the controller to which
the shared IP address belongs, improving access performance of
directories and files.
for File of the desired product model and version.
● Application Type cannot be changed once being configured.
You are advised to set the value based on the service I/O model.
Command Reference of the desired model and version.
respectively. For details, see the Command Reference of the
desired model and version.

OceanStor Dorado

NOTE
● SmartCache Partition is hidden. To display hidden parameters,
click Advanced.
● This parameter is available only when SCM drives have been
added to the controller enclosure where the file system resides
and a SmartCache partition has been created. For details, see
SmartCache Feature Guide of the desired model and version.
Step 4 If a HyperMetro vStore pair has been created for the selected vStore, you need to
configure HyperMetro for the newly created file system.
Specify Remote Storage Pool for creating a remote file system. The system will
create a remote file system on the remote device of the HyperMetro vStore pair
and add the local and remote file systems to a HyperMetro pair.
For details about HyperMetro, see HyperMetro Feature Guide (File Service) of the
corresponding version.
Step 5 Configure shares for the file system.
● Set NFS shares for the file system.
a. Enable NFS.
b. Set Create From. Possible values are Template or New.
▪ Template
▪ New
The read/write permission of all clients is preset in the system, and
the default root permission of clients is root_squash. You can click
Modify on the right of Share to modify the share information.
● Set CIFS shares for the file system.
a. Enable CIFS.
b. Set Create From. Possible values are Template or New.
▪ Template
▪ New
The system presets the full control permission for everyone. You can
click Modify on the right of Share to modify the share information.

OceanStor Dorado
Step 6 Set a quota for the file system.

NOTE
Quota is a hidden parameter. To display hidden parameters, click Advanced.
1. Enable Quota.
NOTE
– The quota switch is disabled by default.

– When the Quota function is disabled, the system does not collect statistics on
quota usage. In this case, hard and soft quotas do not take effect.
2. Click Create.
The Create Quota page is displayed on the right.
3. Specify Quota Type. Possible options are Directory quota, User quota, and
User group quota.
– Directory quota
The directory quota of a file system limits the space usage or file quantity
used by all dtrees in the file system.
NOTE
The directory quota of a file system takes effect only for dtrees whose quota
function is enabled. In addition, the quota of each dtree is limited separately.
– User quota
User quota: limits the space usage or file quantity used by a single user.
i. Click Select.
The Select User page is displayed.
ii. Select the users for which you want to create a quota.
○ If you select All users, the quota limits the space usage or file
quantity of each user in the system.
○ If you select Specified users, click Add. On the Add User page
that is displayed, select the UNIX Users or Windows Users tab,
and select one or more desired users. Then click OK.
NOTE
If you set User Type to Local authentication user, select the desired
users in the list below.
If you set User Type to LDAP domain user, NIS domain user, or AD
domain user, enter the user names in the Name text box.
To remove added users, click Remove on the right of a desired user, or
select one or more desired users and click Remove.
click OK.

OceanStor Dorado
NOTE

box.
Remove.
iii. Click OK.
– User group quota
User group quota: limits the space usage or file quantity used by a single
user group.
i. Click Select.
The Select User Group page is displayed.
ii. Select the user groups for which you want to create a quota.
○ If you select All user groups, the quota limits the space usage
or file quantity of each user group in the system.
click OK.
NOTE

box.
Remove.
iii. Click OK.
4. Set space quotas.
Table 2-22 Space quota parameters
Hard Quota Space hard quota. If the quota is reached, the system
immediately forbids writes.
[Value range]
1 KB to 256 PB

OceanStor Dorado
Soft Quota Space soft quota. If the quota is reached, the system
generates an alarm but still allows writes. After the hard
quota is reached, the system immediately forbids writes.
[Value range]
1 KB to 256 PB
5. Set file quantity quotas.

Table 2-23 File quantity quota parameters
Hard Quota File quantity hard quota. If the quota is reached, new
files cannot be added. Operations on existing files are
not affected.
[Value range]
1 to 2 billion
Soft Quota File quantity soft quota. If the quota is reached, the
system generates an alarm but new files can still be
added. After the hard quota is reached, new files cannot
be added.
[Value range]
1 to 2 billion
NOTE
– If you do not set the space quota or file quantity quota, the storage system only
collects statistics on but does not control the space usage or file quantity. To view
the statistics about used space quota and used file quantity quota, choose Services
> File Service > Quotas > Quota Reports, and select the desired file system.
– To modify a quota, click More on the right of the quota and select Modify.
– To delete a quota, select the quota and click Delete above the list or click More on
the right of the quota.
– The parameters for creating a quota are preset. A quota is created for a file system
only after the file system has been created.
Step 7 Configure data protection for the file system.

1. Enable Add to HyperCDP Schedule.
2. Select a HyperCDP schedule to create a HyperCDP object for the file system.

OceanStor Dorado
NOTE
● HyperCDP is a high-density snapshot technology that provides continuous data

protection for file systems. For details about the HyperCDP feature, see HyperCDP
Feature Guide for File of the desired version.
● The system has a built-in HyperCDP schedule NAS_DEFAULT_BUILDIN. The schedule is
executed once an hour (retains the latest three copies), once at 00:05 every day (retains
the latest two copies), and once at 00:10 every Sunday (retains the latest two copies).
● When you create a file system, the system selects the built-in HyperCDP schedule
NAS_DEFAULT_BUILDIN by default.
● A file system can be added to only one HyperCDP schedule. For a file system that has
been added to a HyperCDP schedule, if you want to change its owning HyperCDP
schedule, you need to remove the file system from the original HyperCDP schedule first.
● If a file system has not been added to a HyperCDP schedule during the file system
creation, you can add it to a HyperCDP schedule after the file system is created.
Step 8 Set advanced attributes of the file system.

Table 2-24 Advanced file system parameters

Snapshot Indicates whether to visualize the directory of the file

Directory system snapshots.
Visibility

Update indicates the time when a namespace is accessed. After this
function is enabled, the system updates the Atime based on
the value of Atime Update Frequency.
NOTE
performance.
Atime Update Indicates the Atime update frequency. The options can be
Frequency Hourly and Daily.
Step 9 Click OK.

----End

OceanStor Dorado 3 Configuring Domain Authentication for a Storage
Initialization Guide System
3 Configuring Domain Authentication for

a Storage System
Configure domain authentication for a storage system if it is in a domain

environment.
3.1 Preparing Configuration Data of a Windows AD Domain
3.2 Preparing Configuration Data of an LDAP Domain
3.3 Setting the Domain Authentication Server
3.1 Preparing Configuration Data of a Windows AD

Domain
Collect the configuration data of a Windows AD domain server in advance to add
storage systems to the AD domain.
1. In the Windows AD domain server, open Active Directory Users and
Computers.
2. View parameters in the window. This section uses the following figure as an
example.

● icp.com corresponds to Base DN on the storage configuration page. That is,

dc=icp,dc=com.
● The user in the Users folder under icp.com corresponds to Bind DN on the
storage configuration page. For example, if Administrator is bound, the value
of Bind DN is cn=Administrator,cn=Users,dc=icp,dc=com.
● The Users folder corresponds to User Directory and Group Directory on the
storage configuration page. That is, cn=Users,dc=icp,dc=com.
● To obtain the binding password, contact the Windows AD domain server
administrator.
3.2 Preparing Configuration Data of an LDAP Domain

Collect the configuration data of an LDAP domain server in advance to add
storage systems to the LDAP domain.
LDAP Domain Parameters

LDAP data is organized in a tree structure that clearly lays out organizational
information. A node on this tree is called as Entry. Each Entry has a distinguished
name (DN). The DN of an Entry is composed of the Base DN and RDN. The Base
DN refers to the position of the parent node where the Entry resides on the tree,
and the RDN refers to an attribute that distinguishes the Entry from others such
as UID or CN.
LDAP directories function as file system directories. For example, directory
dc=redmond,dc=wa,dc=microsoft,dc=com can be regarded as the following path
of a file system directory: com\microsoft\wa\redmond. In another example of

directory cn=user1,ou=user,dc=example,dc=com, cn=user1 indicates a user name

and ou=user indicates the organization unit of an Active Directory (AD), that is,
user1 is in the user organization unit of the example.com domain.
The following figure shows data structure of an LDAP server.
Table 3-1 describes meanings of LDAP entry acronyms.
Table 3-1 Meanings of LDAP entry acronyms

Acronym Meaning
o Organization
ou Organization Unit
c Country Name
dc Domain Component
sn Surname
cn Common Name
OpenLDAP Introduction
OpenLDAP is a free and open implementation of LDAP that is now widely used in
various popular Linux releases. OpenLDAP requires licenses.
OpenLDAP mainly consists of the following four components:
● slapd: an independent LDAP daemon
● slurpd: an independent LDAP update and replication daemon
● Library implementing LDAP
● Tool software and illustration client

NOTE
No OpenLDAP installation packages that support the Windows operating system are
provided on the OpenLDAP official website. The Userbooster website provides an open-
source OpenLDAP installation package that supports the following Windows operating
systems: Windows XP, Windows Server 2003, Windows Server 2008, Windows Vista,
Windows 7, Windows 8, and Windows Server 2012.
Obtaining LDAP Configuration Data on Windows

Using OpenLDAP as an example, the following steps describe how to obtain LDAP
configuration data.
1. Open the OpenLDAP installation directory.
2. Find the slapd.conf system configuration file.
3. Use the text editing software to open the configuration file and search for the
following fields:
suffix "dc=example,dc=com"
rootdn "cn=Manager,dc=example,dc=com"
rootpw XXXXXXXXXXXX
– dc=example,dc=com corresponds to Base DN on the storage system
configuration page.
– cn=Manager,dc=example,dc=com corresponds to Bind DN on the
storage system configuration page.
– XXXXXXXXXXXX corresponds to Bind Password on the storage system
configuration page. If the password is in cipher text, contact LDAP server
administrators to obtain the password.
4. Find configuration files (with .ldif as the file name extension) of users and
user groups that need to access storage systems.
NOTE
LDAP Interchange Format (LDIF) is one of the most common file formats for LDAP
applications. It is a standard mechanism that represents directories in the text format,
and it allows users to import data to and export data from the directory server. LDIF
files store LDAP configurations and directory contents, and you can obtain parameter
information from LDIF files.
5. Use text editing software to open the configuration file and find the DNs of a
user and a user group that correspond to User Directory and Group
Directory respectively on the storage system configuration page.
#root on the top
dn: dc=example,dc=com
dc: example
objectClass: domain
objectClass: top
#First organization unit name: user
dn: ou=user,dc=example,dc=com
ou: user
objectClass: organizationalUnit
objectClass: top
#Second organization unit name: groups
dn: ou=group,dc=example,dc=com
ou: group
objectClass: organizationalUnit
objectClass: top
#The first user represents user1 that belongs to organization unit user in the organizational structure
topology.
dn: cn=user1,ou=user,dc=example,dc=com

cn: user1
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
sn: user1
uid: user1
uidNumber: 2882
gidNumber: 888
homeDirectory: /export/home/ldapuser
loginShell: /bin/bash
userPassword: {ssha}eoWxtWNl8YbqsulnwFwKMw90Cx5BSU9DRA==xxxxxx
#The second user represents user2 that belongs to organization unit user in the organizational
structure topology.
dn: cn=user2,ou=user,dc=example,dc=com
cn: user2
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
sn: client
uid: client
uidNumber: 2883
gidNumber: 888
homeDirectory: /export/home/client
loginShell: /bin/bash
userPassword: {ssha}eoWxtWNl8YbqsulnwFwKMw90Cx5BSU9DRA==xxxxxx
#The first user group represents group1 that belongs to organization unit group in the organizational
structure topology. The group contains user1 and user2.
dn: cn=group1,ou=group,dc=example,dc=com
cn: group1
gidNumber: 888
memberUid: user1#Belongs to the group.
memberUid: user2#Belongs to the group.
objectClass: posixGroup
Obtaining LDAP Configuration Data on Linux

Using OpenLDAP as an example, the following steps describe how to obtain LDAP
configuration data.
1. Log in to an LDAP server as user root.
2. Run the cd /etc/openldap command to go to the /etc/openldap directory.
linux-ldap:~ # cd /etc/openldap
linux-ldap:/etc/openldap #
3. Run the ls command to view system configuration file slapd.conf and the
configuration file (with .ldif as the file name extension) of users and user
groups who want to access storage systems.
linux-ldap:/etc/openldap #ls
example.ldif ldap.conf schema slap.conf slap.con slapd.conf
4. Run the cat command to open system configuration file slapd.conf where
you can view related parameters.
linux-ldap:/etc/openldap #cat slapd.conf
suffix "dc=example,dc=com"
rootdn "cn=Manager,dc=example,dc=com"
rootpw XXXXXXXXXXXX
– dc=example,dc=com corresponds to Base DN on the storage system

configuration page.
– cn=Manager,dc=example,dc=com corresponds to Bind DN on the
storage system configuration page.

– XXXXXXXXXXXX corresponds to Bind Password on the storage system

configuration page. If the password is in cipher text, contact LDAP server
administrators to obtain the password.
5. Run the cat command to open the example.ldif file. Find the DNs of a user
and a user group that correspond to User Directory and Group Directory
respectively on the storage system configuration page. For details about
description of parameters, see the example of LDIF files in Windows.
3.3 Setting the Domain Authentication Server

To centrally manage user information, DeviceManager allows users to log in to
the storage system in Lightweight Directory Access Protocol (LDAP) server
Prerequisites
The LDAP domain server or Windows AD domain server has been deployed.
Context
LDAP is a TCP/IP network protocol that enables users to access directory system
agents (DSAs). LDAP functionalities are reduced from X.500 Directory Access
Protocol (DAP).
The complexity of network management, especially user management, increases

as the number of network applications grows. Most systems that provide a single
service implement username-password authentication. However, each user has
different permissions on various applications, which means that each user requires
a different username and password for each application. In this condition, users
must enter different user names and passwords to access different applications.
LDAP provides directory services to address this issue.
The purpose of LDAP-based authentication is to set up a directory-oriented user

authentication system, specifically, an LDAP environment. When a client attempts
to access applications in the LDAP environment, the LDAP server compares the
username and password sent by the client with the authentication information in
the directory database for identity verification.
For storage applications, client hierarchy information is stored on the LDAP server,
and users are authenticated by the LDAP server when accessing the storage
system.
LDAP over SSL (LDAPS) is used for communication between clients and the LDAP
server if the server supports SSL.
NOTE
● If Windows AD domain authentication is used, import the CA certificate of the AD

domain server to the storage system before selecting LDAPS. For details, see 8.1 How
Can I Import the Windows AD Domain Server's CA Certificate to the Storage
System?
● If LDAP domain authentication is used, import the CA certificate of the LDAP domain
server to the storage system before selecting LDAPS. Apply for a CA certificate that
matches the LDAP domain server's certificate from a third-party certificate authority.

Procedure
Step 1 Choose Settings > User and Security > Domain Authentication > Management
LDAP Domain.
Step 2 Enable LDAP Service.
NOTE
If LDAP Service is enabled, click Modify in the upper right corner.
Step 3 Set the LDAP binding parameters listed in Table 3-2.
Table 3-2 LDAP binding parameters

Server Type Indicates the type of a server. Possible values are Windows
AD domain server and LDAP server.
Client hierarchy information is stored on a domain
authentication server. Users are authenticated by the domain
authentication server when they attempt to access shared
resources.
Protocol Indicates the encryption protocol used for domain

authentication. The value can be LDAP or LDAPS.
NOTE
LDAP is vulnerable to security risks. LDAPS is recommended.
CA Certificate Indicates the CA certificate for the domain authentication

server.
Bind DN Indicates the binding directory on the server.

Binding is a process that a client initiates a connection request
to establish a session to the LDAP server. During binding, the
client specifies accounts to access directories on the server.
You must search the binding directory for desired contents.
[Example]
cn=My Application,ou=applications,dc=bigcorp,dc=com
NOTE
The default access account is the administrator account. If you use
another account, ensure that it has the access permission to the
domain service on the LDAP server.
For versions 6.1.0 and 6.1.2, when you enter the bind DN, keep LDAP
entry name dc in lowercase.
Bind Password Indicates the password for accessing the directory

corresponding to the bind DN. The value is a string of 1 to 63
characters.
Address Type The LDAP domain server of the management plane can be
configured by IP address or domain name.

IP Address Indicates IPv4 or IPv6 addresses to be added to the LDAP

server. Enter an IP address and click Add.
NOTE
● To remove an IP address, click on its right.
● You can enter a maximum of four IP addresses.
● This parameter is available only when Address Type is set to IP
address.
Port Port ID of a server. The value ranges from 1 to 65,535.

The default port number of the LDAP server is 389, and that
of the LDAPS server is 636.
NOTE
This parameter is available only when Address Type is set to IP
address.
Domain Name The storage system automatically generates a domain name

based on the bind DN and interacts with the LDAP domain
server by using the management plane DNS service.
NOTE
This parameter is available only when Address Type is set to Domain
name.
Step 4 Set LDAP user parameters. Table 3-3 describes related parameters.
Table 3-3 LDAP user parameters
Path Indicates the path of a created domain user.
Name Attribute Indicates the name attribute of a user. This parameter defines
the name of a user object and allows the query of a specific
user based on the given name.
[Default value]
● uid (LDAP server)
● sAMAccountName (Windows AD server)
Object Class Class of a user object. Each entry under the LDAP directory is
associated with one or more object types, including user,
group, email, and maintenance terminal.
[Default value]
● posixAccount (LDAP server)
● user (Windows AD server)
Step 5 Enable LDAP Groups and set related parameters. Table 3-4 describes related
parameters.

Table 3-4 LDAP user group parameters
Path Indicates the path of a created domain user group.
Name Attribute Indicates the name attribute of a group. This parameter

defines the name of a group object and allows the query of a
specific group based on the given name.
[Default value]
● gidNumber (LDAP server)
● sAMAccountName (AD server)
Member Indicates the group member attribute. This parameter defines

Attribute members of a group.
[Default value]
● uniqueMember (LDAP server)
● member (AD server)
Object Class Indicates the class of a group object. Each entry under the
LDAP directory is associated with one or more object types,
including user, group, email, and maintenance terminal.
[Default value]
● groupOfUniqueNames (LDAP server)
● group (AD server)
Step 6 (Optional) Click Test in the upper right corner to test the availability of the
domain authentication server.
NOTE
When Protocol is set to LDAPS, you need to import and save the CA certificate before
performing the test.
Step 7 Click Save. Confirm your operation as prompted.
----End
Follow-up Procedure
● If you want to create an LDAP user or LDAP user group, see "Creating a
Domain User" in the Administrator Guide.
NOTE
After you have configured the LDAP server on the storage system, you must use an
LDAP user name or LDAP user group name when logging in to the storage system.
Therefore, you must create the LDAP user name or LDAP user group name on the
storage system.
● If you want to configure security policies, accessible IP addresses, and user
permissions, see "Managing Access Permissions of a Storage System" in the

OceanStor Dorado
Initialization Guide 4 Configuring Alarm and Event Handling Policies
4 Configuring Alarm and Event Handling

Policies
This chapter describes how to configure alarm and event log policies.
4.1 Setting System Status Notification
4.2 Setting Email Notification
4.3 Configuring SMS Notification
4.4 Configuring the Syslog Notification
4.5 Configuring Trap Notification
4.6 Setting Alarm Dump
4.7 Setting Alarm Masking
4.8 Setting Event Notification
4.1 Setting System Status Notification

This operation enables you to configure a cycle for sending email, SMS, and Syslog
notifications to a remote maintenance center for remote monitoring of system
status.
Prerequisites
● The email, SMS, and Syslog notification services have been correctly
configured.
● The system notification function has been enabled.
Procedure
Step 1 Choose Settings > Alarm Settings > Alarm Notification.
Step 2 Enable System Notification.
NOTE
If System Notification is enabled, click Modify in the upper right corner.

OceanStor Dorado
Step 3 Set Sending Cycle (h). This value is an integer ranging from 1 to 168 by hour.
Step 4 In Custom Info, enter correct customer information, including the customer name
and contact information, helping maintenance engineers search and locate faults.
NOTE
In Custom Info, 1 to 511 characters can be entered and a single quotation mark (') cannot
be contained.
Step 5 Click Save.
----End
4.2 Setting Email Notification
4.2.1 Setting Email Notification (Applicable to 6.1.0 and 6.1.2)

The email notification function enables the storage system to send alarm and
event information to specific email addresses for fault troubleshooting. If email
notification has been enabled using the initialization wizard, skip this section.
Prerequisites
● The connectivity between each Simple Mail Transfer Protocol (SMTP) server
and each controller is normal.
● SMTP servers are available. Otherwise, the specified email addresses will not
be able to receive any alarm or event messages.
● The alarm and event email notification function supports PLAIN and LOGIN
authentication mechanisms. Otherwise, the email notification function for
alarms and events is unavailable.
● You have logged in to DeviceManager as an administrator or a super
administrator.
● A storage system sends only the alarms and events generated after the email
notification function is configured to the SMTP server.
● Before configuring a domain name for a server, ensure that the DNS server
can communicate normally with the storage system or the server.
● You are advised to deploy only one SMTP server on a host; otherwise you may
not receive email notification due to port conflict.
● The server certificate has been imported to the SMTP server. If the encryption
mode is SSL/TLS or STARTTLS, the email client CA certificate should have
been imported to the storage system. For details, see 8.3 How Do I Obtain
and Import the Email Certificates?.
Precautions
● To ensure that email notifications can be sent properly, the sender email
address must match the SMTP server address and can send emails to the
recipient email address.
For example, if a Gmail SMTP server is used, the sender email address must
be a Gmail address.

OceanStor Dorado
● When two SMTP servers are configured, the sender email address must match
the two SMTP server addresses and can send emails to the recipient email
address.
For example, if the sender email address is a Gmail address, the two SMTP
server addresses must be SMTP server addresses provided by the Gmail
supplier.
Procedure
NOTE
If Email Notification is enabled, click Modify in the upper right corner.
Step 2 Enable Email Notification.

Step 3 Set email notification parameters. Table 4-1 describes the parameters.
NOTE
SMTP server configurations take effect for both eService and alarm email notification.
Table 4-1 Email notification parameters

SMTP Server IP address or domain name of the SMTP server. This is an

SMTP-compliant email-sending server. The emails
containing alarm information can be sent to specified
email boxes through the SMTP server.
NOTE
A maximum of two SMTP servers can be added. If one of the SMTP
servers cannot send notification emails, the other SMTP server will
be used to send notification emails again.
SMTP Port SMTP port number. The value ranges from 1 to 65535, and
the default value is 25.
NOTE
The SMTP port number configured on the storage system must be
the same as that configured on the SMTP server.

OceanStor Dorado
Encryption Mode Indicates whether to encrypt the communication between

the storage system and the email server.
● Not encrypted: Data transfer is not encrypted.
NOTE
If data transfer is not encrypted, there are security risks. You are
advised to select SSL/TLS or STARTTLS to improve data
transfer security.
● SSL/TLS: SSL and TLS are security protocols to ensure
security and data integrity during network
communication. After this option is selected, the system
automatically selects one between the two security
protocols according to the email server type to encrypt
data.
● STARTTLS: TLS encryption is implemented after this
option is selected. The communication data before this
option is selected will not be encrypted using this
encryption mode.
NOTE
– If you select SSL/TLS or STARTTLS, you can determine
whether to enable the email CA certificate.
– The encryption mode configured on the storage system
must be the same as that configured on the SMTP server.
Authenticate Indicates whether the SMTP server authenticates a sender's

SMTP Server identity.
Username Sender's SMTP user name. If a sender attempts to send

alarm notification emails through an SMTP server, the
server requires the sender to enter the SMTP user name
and password for authentication.
NOTE
The value cannot be empty and must contain 1 to 63 characters.
Password Sender's SMTP user password. If a sender attempts to send

alarm notification emails through an SMTP server, the
server requires the sender to enter the SMTP user name
and password for authentication.
NOTE
● The value cannot be empty and must contain 1 to 63
characters.
● A valid password cannot contain extended ASCII characters or
Unicode characters. It is recommended that a password contain
characters in the following categories: base 10 digits (0 to 9),
English characters (a to z and A to Z), spaces, and
[]^_{|}~`@!"#$%&'()*+,-./:;<=>?.

OceanStor Dorado
Email Title Prefix Sender-defined email title field. If there are too many
emails, users can search for desired emails using this field.
NOTE
● The length ranges from 0 to 511 bytes and cannot contain
single quotation marks (').
● In addition to user-defined fields, you can also select Device
name, Alarm ID, Alarm severity, or Alarm description. After
an option is selected, the selected information is displayed in
the title of the alarm email notification.
Sender Email Sender's email address.

Address NOTE
The sender email address must match the SMTP server address.
For example, if a Gmail SMTP server is used, the sender email
address must be a Gmail address.
Step 4 Set a recipient email address.

● Add a recipient email address.
NOTE
– The recipient email address contains 1 to 255 characters.

– Alarm Severity includes Warning, Major, and Critical.
– After the event notification function is enabled, you can modify the notification
modes of some events by referring to Managing Alarms and Events in
a. Click Add.
b. Enter the recipient email address in the text box of Recipient Email
Address.
c. In Alarm Severity, select the desired alarm severity.
d. In Event Notification, select whether to enable event notification.
e. Click .
● Modify a recipient email address.
a. Click to the right of the desired recipient email address.

b. Enter the recipient email address in the text box of Recipient Email
Address.
e. Click .
● Delete a recipient email address.
Click to the right of the desired recipient email address.
Step 5 (Optional) Click Test.
Step 6 Click Save.
----End

OceanStor Dorado
4.2.2 Setting Email Notification (Applicable to 6.1.3 and

Later)
The email notification function enables the storage system to send alarm and
event information to specific email addresses for fault troubleshooting. If email
notification has been enabled using the initialization wizard, skip this section.
Prerequisites
● The connectivity between each Simple Mail Transfer Protocol (SMTP) server
and each controller is normal.
● SMTP servers are available. Otherwise, the specified email addresses will not
be able to receive any alarm or event messages.
● The alarm and event email notification function supports PLAIN and LOGIN
authentication mechanisms. Otherwise, the email notification function for
alarms and events is unavailable.
administrator.
● A storage system sends only the alarms and events generated after the email
notification function is configured to the SMTP server.
● You are advised to deploy only one SMTP server on a host; otherwise you may
not receive email notification due to port conflict.
● The server certificate has been imported to the SMTP server. If the encryption
mode is SSL/TLS or STARTTLS, the email client CA certificate should have
been imported to the storage system. For details, see 8.3 How Do I Obtain
and Import the Email Certificates?.
Precautions
● To ensure that email notifications can be sent properly, the sender email
address must match the SMTP server address and can send emails to the
recipient email address.
For example, if a Gmail SMTP server is used, the sender email address must
be a Gmail address.
● When two SMTP servers are configured, the sender email address must match
the two SMTP server addresses and can send emails to the recipient email
address.
For example, if the sender email address is a Gmail address, the two SMTP
server addresses must be SMTP server addresses provided by the Gmail
supplier.
Setting Email Service

Step 1 Choose Settings > Basic Information > Email Service.
NOTE
If Email Notification is enabled, click Modify in the upper right corner.

OceanStor Dorado
Step 2 Enable Email Notification.

Step 3 Set email notification. Table 4-2 describes the parameters.
NOTE
The SMTP server configuration takes effect for eService, report email notification, and
alarm email notification at the same time.
Table 4-2 Email notification parameters

SMTP Server IP address or domain name of the SMTP server. An SMTP

server is an SMTP-compliant email-sending server. The
emails containing alarm information can be sent to the
recipient email box through the SMTP server.
NOTE
● A maximum of two SMTP servers can be added. If one of the
SMTP servers cannot send notification emails, the other SMTP
server will be used to send notification emails again.
● To test whether the server is available, choose Settings >
Alarm Settings > Alarm Notification, add a recipient email
address, and click Test.
SMTP Port SMTP port number. The value ranges from 1 to 65535, and
the default value is 25.
NOTE
The SMTP port number configured on a storage system must be
consistent with that configured on the SMTP server.
Encryption Mode Indicates whether to encrypt the communication between

the system and the email server.
● Not encrypted: Data during transference is not
encrypted.
NOTE
Security risks arise from the absence of encryption. Therefore,
you are advised to select another encryption mode.
● SSL/TLS: SSL and TLS are two different security
protocols used to ensure network communication
security and data integrity. After this mode is enabled,
the system will automatically select an encryption mode
according to your mail server.
● STARTTLS: TLS encryption is implemented after this
option is selected. The communication data before this
option is selected will not be encrypted using this
encryption mode.
NOTE
● If you select SSL/TLS or STARTTLS, you can determine whether
to enable the email CA certificate.
● The encryption mode configured on the storage system must
be the same as that configured on the SMTP server.

OceanStor Dorado
Authenticate Indicates whether an SMTP server authenticates a sender's

SMTP Server identity.
Username Name of the sender's SMTP account. If a sender attempts

to send alarm notification emails through an SMTP server,
the server requires the sender to enter the SMTP user
name and password for authentication.
NOTE
The name cannot be empty and must contain 1 to 63 characters.
Password Password of the sender's SMTP account. If a sender

attempts to send alarm notification emails through an
SMTP server, the server requires the sender to enter the
SMTP user name and password for authentication.
NOTE
● The password cannot be empty and must contain 1 to 63
characters.
● A valid password cannot contain extended ASCII characters or
Unicode characters. It is recommended that a password contain
characters in the following categories: base 10 digits (0 to 9),
letters (a to z and A to Z), spaces, and special characters
([]^_{|}~`@!"#$%&'()*+,-./:;<=>?).
Sender Email Sender's email address.

Address NOTE
The sender email address must match the SMTP server address.
For example, if a Gmail SMTP server is added, the sender email
address must be a Gmail address.
Max. Size of Email Maximum size of an email attachment. The value ranges
Attachment from 1 MB to 100 MB.
Step 4 Click Save.
----End
Setting Email Notification

Step 2 Click Modify.

NOTE
If Email Service is disabled, click Configure Email Service to complete the SMTP server
configuration. For details, see Setting Email Service.
Step 3 Set the email title prefix.
Email title prefix is a sender-defined email title field. If there are too many emails,
users can search for desired emails using this field.

OceanStor Dorado
NOTE
● The value contains 0 to 511 characters and cannot contain single quotation marks (').
● In addition to sender-defined fields, you can select Device name, Alarm ID, Alarm
severity, or Alarm description. After you select this option, the selected information is
displayed in the title of the alarm email notification.
Step 4 Set a recipient email address.

● Add a recipient email address.
NOTE
– The recipient email address contains 1 to 255 characters.

– Alarm Severity includes Warning, Major, and Critical.
– You can modify the notification of specific events. For details, see "Managing
Alarms and Events" in the Administrator Guide.
a. Click Add.
b. Specify Recipient Email Address.
d. Select whether to enable Event Notification.
e. Click .
● Modify a recipient email address.
a. Click on the right of the desired recipient email address.

b. Specify Recipient Email Address.
d. Select whether to enable Event Notification.
e. Click .
● Delete a recipient email address.
Click on the right of the desired recipient email address.
Step 5 (Optional) Click Test to verify the connectivity between the storage system and
the SMTP server.
Step 6 Click Save.
----End
4.3 Configuring SMS Notification

This operation allows the storage system to send alarms and events of specific
severities to the specified recipient by SMS.
4.3.1 Setting the GSM Modem

After setting the GSM modem, you can configure short message notification in
management software. The storage system will send alarm information to a
specified mobile phone. You can learn about storage system exceptions and solve
them in a timely manner.

OceanStor Dorado
Prerequisites
You need to connect the storage device with a GSM modem. Make sure you have
installed a GSM modem.
Context
To demonstrate how to configure a GSM modem, the COM1 serial port (baud rate
= 115200 bit/s) on the host and the DB9 serial port on the GSM modem (default
baud rate = 9600 bit/s) are used as an example.
NOTICE
● If the GSM modem is not hot-swappable, do not insert or remove it when it is

running.
● If the storage system is enabled with short message notification, the serial port
on the controller enclosure serves only the GSM modem.
● For a 2 U controller enclosure, you are advised to connect the GSM modem to
the serial port of controller A. If the serial port of controller A fails, connect the
GSM modem to the serial port of controller B.
● For a 4 U controller enclosure, you are advised to connect the GSM modem to
the serial port of management module 0. If the serial port of management
module 0 fails, connect the GSM modem to the serial port of management
module 1.
Procedure
Step 1 Insert a SIM card into the GSM modem.
Step 2 Connect GSM modem to the maintenance terminal serial port through a DB9
serial cable.
Step 3 Insert the power cable of the GSM modem into the power supply outlet, and then
power on the GSM modem.
If the red indicator blinks, the GSM modem is successfully installed.
Step 4 Run the PuTTY software on the maintenance terminal. In the Category navigation
tree, choose Connection > Serial. The Options controlling local serial lines page
for configuring the GSM modem is displayed, as shown in Figure 4-1.

OceanStor Dorado
Figure 4-1 Options controlling local serial lines
Step 5 Click Open.

Step 6 Run the at command on COM1-PuTTY, and OK appears in the output if the GSM
modem has been connected to the host through the serial port. In this case, go to
Step 9. If running that command responds with nothing, the GSM modem has
been disconnected from the serial port. In this case, go to Step 7.
Step 7 Re-log in to the page for configuring the GSM modem, as shown in Figure 4-2.

OceanStor Dorado
Figure 4-2 Page for configuring the GSM modem
Step 8 Reset the baud rate of the GSM modem until running the at command responds
with OK.
NOTE
● If the baud rate of the GSM modem is not known, reconfigure it to ensure that the baud
rate of the GSM modem and that of the serial port are consistent. In this condition,
PuTTY can be used to configure the GSM modem.
● The baud rate can be configured using the at+ipr=115200 command.
Step 9 Configure other parameters, for example, whether to reply automatically.

Step 10 Click OK to save the settings and exit. Run the related commands to verify the
configuration. The following is an example.
at
OK
at+ipr=115200
OK
ats0=1
OK
at&w
OK
Step 11 Upon successful configuration, connect the GSM modem to the serial port of the
storage system for use.

OceanStor Dorado
NOTE
For details about configuring the GSM modem, see the manual supplied with the GSM
modem.
----End
4.3.2 Enabling SMS Notification

This operation allows the storage system to send alarms and events of specific
severities to the specified recipient by SMS. If SMS notification has been enabled
in the initialization wizard, skip this section.
Prerequisites
administrator.
● An SMS modem has been installed for the system or maintenance terminal.
The COM port of the SMS modem has been configured to send short
messages.
● A storage system sends only the alarms and events generated after the SMS
notification function is configured to the SMS modem.
Procedure
Step 2 Enable SMS Notification.
NOTE
If SMS Notification is enabled, click Modify in the upper right corner.
Step 3 Set SMS Center Phone Number.

NOTE
The value starts with a country code followed by digits.
Step 4 Set a recipient phone number.

● Add a recipient phone number.
a. Click Add.
b. In Recipient Phone Number, enter the desired recipient number.
This value can contain only 3 to 31 digits. For an international number,
the value must start with a country code followed by digits.
c. In Alarm Severity, select the desired alarm severity. Alarm Severity
includes Warning, Major, and Critical.
d. In Event Notification, select whether to enable event notification. After
the event notification function is enabled, you can modify the notification
modes of some events by referring to Managing Alarms and Events in
e. Click .
● Modify a recipient phone number.

OceanStor Dorado
a. Click to the right of the desired recipient.

b. In Recipient Phone Number, enter the desired recipient number.
This value can contain only 3 to 31 digits. For an international number,
the value must start with a country code followed by digits.
e. Click .
● Delete a recipient phone number.
Click to the right of the desired recipient number.
Step 5 (Optional) Click Test.
Step 6 Click Save.
----End
4.4 Configuring the Syslog Notification

Configuring the Syslog notification allows users to view storage system logs on
the Syslog server.
4.4.1 Configuration Process

The Syslog notification supports the UDP, TCP, and TCP+SSL/TLS protocols. When
alarms are reported using UDP and TCP protocols, certificate verification is not
required. When alarms are reported using the TCP+SSL/TLS protocol, certificate
verification is used to enhance the security of storage system logs. Figure 4-3
shows how to configure the Syslog notification.

OceanStor Dorado
Figure 4-3 Configuring the Syslog notification
Start
Is the TCP+SSL/TLS No
protocal used?
Yes
No Is certificate verification
configured?
Yes
Export the certificate and
CA certificate on the Syslog
server.
Import the CA certificate

Enable the Syslog notification

End
4.4.2 Configuring the Syslog Server Certificate and CA

Certificate
The certificate on the Syslog server can be generated by third-party devices (such
as OpenSSL). The certificate must be signed by a third-party signature server, and
the CA certificate must be exported from the signature server.
4.4.3 Importing the CA Certificate

This section introduces how to import the CA certificate on the storage system to
activate the Syslog certificate.
Prerequisites
The signed CA certificate already exists.
Procedure
Step 1 Choose Settings > Certificates > Certificate Management.

OceanStor Dorado
NOTE
In 6.1.0, choose Settings > Certificate Management.
Step 2 Click Syslog certificate in the Scenario column.

The Certificate Details page is displayed.
Step 3 Click CA Certificates and choose Import Certificate from the Operation drop-
down list.
The Import Certificate page is displayed. Set the certificate import parameters.
Table 4-3 describes the related parameters.
Table 4-3 Certificate import parameters

Parameter Description Example Value
CA Certificate File Certificate file of the -

server.
Step 4 Click OK.

The Warning dialog box is displayed.
Step 5 Confirm the information in the dialog box, and select I have read and
understand the consequences associated with performing this operation. Click
OK.
The Success dialog box is displayed.
Step 6 Click OK.
----End
4.4.4 Enabling Syslog Notification

This operation enables a Syslog server to receive alarms and events of specific
severities from devices with specified IP addresses.
Prerequisites
administrator.
● A storage system sends only the alarms generated after Syslog notification
has been configured to the Syslog server.
● You are advised to configure only one Syslog server on a host to prevent
failure in receiving syslog notifications caused by port conflict.
Context
In 6.1.3 and later versions, Syslog content can be displayed in the default format
or CEF format.

OceanStor Dorado
NOTE
● You can check the log display format in the Format Type field in the output of the
show notification syslog command.
● You can run the change notification syslog format_type=? command to change the
log display format. In the command, the value of format_type can be default or cef.
● In versions earlier than 6.1.3, Syslog content can be displayed only in the default format.
Procedure
Step 2 Enable Syslog Notification.
NOTE
If Syslog Notification is enabled, click Modify in the upper right corner.
Step 3 Set Syslog notification parameters. Table 4-4 describes the parameters.
Table 4-4 Syslog notification parameters

Port Syslog port number. The value ranges from 1 to 65535,

and the default value is 514.
NOTE
The port number configured on the storage system must be
consistent with that configured on the Syslog server.
Protocol Protocol through which the Syslog notification is sent.

Possible options are UDP, TCP, and TCP+SSL/TLS. The
default value is TCP+SSL/TLS.
NOTE
● Ensure that the UDP, TCP, and TCP+SSL/TLS protocols have
been configured on the Syslog server. Security risks arise if
Protocol is set to UDP or TCP. You are advised to select TCP
+SSL/TLS.
● The protocol configured on the storage system must be
consistent with that configured on the Syslog server.
● If you select UDP, ensure that the Syslog servers can properly
respond to ping packets.
– If all configured servers fail to respond to ping packets, the
storage system will not send Syslog notifications.
– If any server responds to the ping packets, the storage
system sends Syslog notifications to all servers in
sequence.
Alarm Severity The lowest severity of a Syslog alarm that can be sent.
Possible options are Info, Warning, Major, and Critical.
Notification Type Possible values are Alarm, Alarm recovery, Event,

eService collection log, and Security log.

OceanStor Dorado
Send Device Name Indicates whether the device name needs to be sent to
the Syslog server.
NOTE
If Send Device Name is enabled, the system sends the device
name to the Syslog server. You can choose > Device

Information to view the device name.
Recipient Server Server IP address or domain name address.

Address [Value range]
● In the event of using an IPv4 address:
– A 32-bit IPv4 address is divided into four 8-bit fields
that are expressed in dotted decimal notation.
– Each field of the IPv4 address must be an integer.
– The value of the first field ranges from 1 to 223
(excluding 127).
– The values of the other fields range from 0 to 255.
– The IP address must not be a special address such
as the broadcast address.
– A 128-bit IPv6 address is divided into eight 16-bit
fields. Each 16-bit field consists of four colon-
separated hexadecimal numbers.
– In each 16-bit field, leading zeros can be omitted
for simplicity. However, at least one digit must be
reserved in each field.
– To achieve further simplicity, you can use a double
colon (::) in place of a series of zeros. A double
colon (::) can be used only once in an IPv6 address.
It can also represent the neighboring consecutive
zeros at the beginning or end of an IPv6 address.
– An IPv6 address cannot be set to a special one, such
as a network address, loopback address, or
multicast address.
● In the event of using a domain name:
– A domain name is case-insensitive and must use the
English alphabet.
– A domain name contains 1 to 255 characters.
– A domain name can only contain letters (a to z and
A to Z), digits (0 to 9), periods (.), and hyphens (-),
and cannot start or end with a hyphen (-).
Step 4 Set a recipient server address.

● Add a recipient server address.

OceanStor Dorado
a. Enter the desired recipient server address in the text box.

b. Click Add.
● Delete a recipient server address.
Click to the right of the desired recipient server.
Step 5 Click Save.
----End
Follow-up Procedure
After Syslog notification has been configured, alarms will be sent to a specified
application server or maintenance terminal.
● A Syslog alarm displayed in the default format is as follows:
Info Receive Time | IP Address | Facility | Severity | Info
2021/10/26 15:39:29 | 192.168.2.6 | Local7 | Info | alarm: <189>2021-10-26 15:39:29 x.x.x.x
Huawei.Storage 6384 0x200F00CA0005 Informational(0): admin:x.x.x.x succeeded in switching from
the user view to developer view.
The fields are described as follows:

Field Meaning Description
Info Receive Time when the -

Time Syslog server
receives the alarm
information.
IP Address Management port IP -

address of the
storage system.
Facility Information source. The Facility field indicates the

type of an IP address, which can
be IPv4 or IPv6. The value of
this field is Local7 or Local6.
Severity Information severity. The Severity field indicates the

severity of an alarm, which can
be Emerg, Error, Warn, or Info.

OceanStor Dorado
Info Information content. The Info fields have a fixed

pattern in content. The first
field is the name of the process
that sends the message. This
field varies with Syslog protocol
version and may be blank.
Information in <> represents
the prefix of the Syslog
protocol, which is stipulated by
the Syslog protocol and
indicates the severity level and
source.
Info contains the array alarm
information.
● Time when an alarm
occurred, for example,
2015-06-19 10:57:50.
● IP address or SN of the
storage device that
generates an alarm.
● Alarm SN. It represents the
SN generated within the
storage device. The value
ranges from 1 to
4294967295, for example,
240788.
● Alarm ID. It represents a type
of alarm in hexadecimal
format, for example,
0xF00A000C.
● Alarm severity, which
includes info, warning, major,
and critical.
● Alarm type, which includes
event (0), fault (1), and
recovery (2).
● Alarm content. For example:
The license feature (xxx) is
going to expire on
2015-08-14.
NOTE
If an alarm is a recovery alarm, the
time when an alarm was cleared
will be displayed after the time
when the alarm occurred, for
example, 2015-06-19 10:57:50.

OceanStor Dorado
NOTE
Info Receive Time, IP Address, Facility, and Severity are defined by the Syslog server.
The parsing result may vary with tools.
● A Syslog alarm displayed in the CEF format is as follows:
NOTE
The CEF log display format is supported in 6.1.3 and later versions.
Info Receive Time | IP Address | Facility | Severity | Info
2021/11/9 19:44:07 | 192.168.2.6 | Local7 | Info | CEF:0|huawei|OceanStor Dorado 5300 V6|
6.1.3RC2|0x200F00310069|Succeeded In Testing The Connectivity Of The Syslog Server|2|
dst=192.168.2.6 src=192.168.10.9 duser=admin msg=admin:192.168.10.9 succeeded in testing the
connectivity of the syslog server (receiving address 192.168.15.7, server port 514, channel UDP).
cs1Label=AlarmCsn cs1=2562 cs2Label=AlarmType cs2=OperationLog cs3Label=AlarmLevel
cs3=Informational
The fields are described as follows:

Info Receive Time when the -

Time Syslog server
receives the alarm
information.
IP Address Management port Example: 192.168.2.6

IP address of the
storage system.
Facility Information The Facility field indicates the type of

source. an IP address, which can be IPv4 or
IPv6. The value of this field is Local7
or Local6.
Severity Information The Severity field indicates the

severity. severity of an alarm, which can be
Emerg, Error, Warn, or Info.

OceanStor Dorado
Info Information Info contains the array alarm

content. information.
● CEF version. Example: CEF:0
● Device vendor. Example: huawei
● Device model. Example: OceanStor
Dorado 3000
● Device version. Example: 6.1.3RC2
● Event alarm ID. Example:
0x200F00310069
● Event name. Readable description
of an event. Example: Succeeded
In Testing The Connectivity Of
The Syslog Server
● Event level. An integer that reflects
the importance of the event.
Example: 2
– 2: informational, indicating that
the importance of the event is
Low.
– 5: warning, indicating that the
importance of the event is
Medium.
– 7: major, indicating that the
High.
– 9: critical, indicating that the
Very-High.
● Extended fields
– dst: Identifies the destination
address that the event refers to
in an IP network. That is, the IP
address of the management
network port of the storage
system. Example: 192.168.2.6
– src: Identifies the source that
generates an event in an IP
network.
– duser: Identifies the destination
user by name. This is the user
associated with the event's
destination.
– msg: Gives more details about
the event. The format is
msg=duser:src xxxxxx, where

OceanStor Dorado
xxxxxx indicates the event

details.
Example:
msg=admin:192.168.10.9
succeeded in testing the
connectivity of the syslog server
(receiving address 192.168.15.7,
server port 514, channel UDP).
– cs1Label=AlarmCsn cs1=Alarm
serial number.
Example: cs1Label=AlarmCsn
cs1=2562
– cs2Label=AlarmType cs2=Alarm
type. The values are as follows:
OperationLog: operation logs
RunLog: run logs
CurrentAlarm: fault alarms of
the current device
RecoveredAlarm: cleared fault
alarms, indicating that the fault
alarms described have been
cleared.
SecurityLog: security logs
– cs3Label=AlarmLevel cs3=Alarm
severity. The values are as
follows:
Informational
Warning
Major
Critical
NOTE
Info Receive Time, IP Address, Facility, and Severity are defined by the Syslog server.
The parsing result may vary with tools.
4.5 Configuring Trap Notification

Trap is a type of Simple Network Management Protocol (SNMP) message that
indicates the occurrence of an event. To send alarm notifications by SNMP, you
must configure a trap server IP address. After the trap server IP address has been
configured, alarms of the storage device will be sent to the specified application
server or maintenance terminal.

OceanStor Dorado
After configuring SNMP, you can query and configure storage system information
and receive alarms from the storage system. There are SNMPv1, SNMPv2c, and
SNMPv3 protocols. This section describes how to configure them.
A third-party network management tool must meet the following configuration
requirements:
● If SNMPv1 or SNMPv2c is used, the community strings used by the tool must
be the same as those configured on the storage system.
● If SNMPv3 is used, the SNMPv3 user name, authentication protocol, and
encryption protocol used by the tool must be the same as those configured
4.5.1 Configuration Process

Figure 4-4 shows the SNMP configuration flowchart.
Figure 4-4 SNMP configuration flowchart
4.5.2 Configuring the SNMP Protocol

This section describes how to configure SNMP to query and configure storage
system information and receive storage alarms.

OceanStor Dorado
Context
● SNMP supports SNMPv1, SNMPv2c, and SNMPv3.
● When SNMPv1 or SNMPv2c is used, you need to configure SNMP
communities on the storage system for interconnection with a third-party
network management system. For details, see Step 3.
● When SNMPv3 is used, you need to configure a USM user on the storage
system for logging in to the upper-level external network management
system (such as the SNMP network management system). For details, see
Step 4.
Procedure
Step 1 Choose Settings > SNMP Management > SNMP Protocol.
Step 2 Click Modify in the upper right corner of the SNMP Protocol Settings area.
Step 3 Configure SNMP.
Set the basic information of SNMP. Table 4-5 describes the parameters.
Table 4-5 SNMP parameters

Port SNMP port number. The value is 161 or ranges from

20000 to 20100.
[Default value]
161
Context Name When the SNMP protocol is used for connection, the
entered context name must be the same as this
name.
The value is fixed to Array and cannot be changed.
SNMPv1 and SNMPv2c Indicates whether to enable the SNMPv1 and

SNMPv2c protocols.
NOTE
● Enabling SNMPv1 and SNMPv2c has security risks. You
are advised to use SNMPv3.
● The storage system does not have default communities.
After SNMPv1 and SNMPv2c is enabled, you need to set
communities.

OceanStor Dorado
Read Community Community that has read permission.

[Default rules]
A password:
● Contains 8 to 32 characters.
● Must contain special characters. Special characters
include !"#$%&'()*+,-./:;<=>?@[\]^`{_|}~ and
spaces.
● Must contain any two types of uppercase letters,
lowercase letters, and digits.
NOTE
● In the default SNMP service security policy, the read
community must be different from the write community.
You can run the show snmp safe_strategy and change
snmp safe_strategy commands to query or modify the
SNMP service security policy.
● This parameter is displayed only when SNMPv1 and
SNMPv2c is enabled and you have clicked Modify in
Community.
[Example]
usmuser@123
Confirm Read Enter the read community again for confirmation.

Community
Write Community Community that has write permission.

[Default rules]
A password:
● Contains 8 to 32 characters.
● Must contain special characters. Special characters
include !"#$%&'()*+,-./:;<=>?@[\]^`{_|}~ and
spaces.
● Must contain any two types of uppercase letters,
lowercase letters, and digits.
NOTE
● In the default SNMP service security policy, the write
community must be different from the read community.
You can run the show snmp safe_strategy and change
snmp safe_strategy commands to query or modify the
SNMP service security policy.
● This parameter is displayed only when SNMPv1 and
SNMPv2c is enabled and you have clicked Modify in
Community.
Confirm Write Enter the write community again for confirmation.

Community
Step 4 Manage USM users.

OceanStor Dorado
● Create a USM user.

a. Click Create.
The Create USM User page is displayed on the right.
b. Set the USM user parameters listed in Table 4-6.
Table 4-6 USM user parameters

Username Name of the USM user.

[Value range]
The name contains 4 to 32 characters, which can be
only letters, digits, underscores (_), and hyphens (-).
The name must start with a letter.
[Example]
usm001
User Permission Permission of the USM user.

[Value range]
▪ Read-only
▪ Read and write

[Default value]
Read-only
User Indicates whether to enable user authentication

Authentication (enabled by default).
Authentication Authentication protocol of the USM user, which can

Algorithm be MD5, SHA, SHA224, SHA256, SHA384, or
SHA512.
[Default value]
SHA256
NOTE
The security performance order of the authentication
protocols is as follows: SHA512 > SHA384 > SHA256 >
SHA224 > SHA > MD5. For security purposes, you are
advised to use a more secure authentication protocol.

OceanStor Dorado
Authentication Authentication password of the USM user. You can

Password set the password rules in Settings > SNMP
Management > SNMP Security Policy.
[Default rules]
▪ The password contains 8 to 32 characters.
▪ The password must contain special characters.

Special characters include !"#$%&'()*+,-./:;<=>?
@[\]^`{_|}~ and spaces.
▪ The password must contain any two types of

uppercase letters, lowercase letters, and digits.
▪ The password cannot be the same as the user

name or the user name written backwards.
[Example]
usmuser@123
Confirm Enter the authentication password again for

Authentication confirmation.
Password [Example]
usmuser@123
Data Encryption Indicates whether to enable data encryption

(enabled by default).
Encryption Encryption algorithm of the USM user, which can be

Algorithm 3DES, DES, AES, AES192, or AES256.
[Default value]
AES256
NOTE
The security performance order of the encryption
algorithms is as follows: AES256 > AES192 > AES > 3DES >
DES. For security purposes, you are advised to use a more
secure encryption algorithm.

OceanStor Dorado
Data Encryption Data encryption password of the USM user. You can
Password set the password rules in Settings > SNMP
Management > SNMP Security Policy.
[Default rules]
▪ The password contains 8 to 32 characters.
▪ The password must contain special characters.

Special characters include !"#$%&'()*+,-./:;<=>?
@[\]^`{_|}~ and spaces.
▪ The password must contain any two types of

uppercase letters, lowercase letters, and digits.
▪ The password cannot be the same as the user

name or the user name written backwards.
[Example]
dataencrypt@123
Confirm Data Enter the data encryption password again for

Encryption confirmation.
Password
c. Click OK.
● Delete a USM user.
a. Select the desired user and click Delete User.
b. Confirm your operation as prompted.
● Modify USM user information.
a. Select the desired user and click Modify.
b. The Modify USM User page is displayed on the right. For details about
the parameters, see Table 4-6.
----End
4.5.3 Configuring an SNMP Security Policy

This section describes how to configure an SNMP security policy.
Procedure
Step 1 Choose Settings > SNMP Management > SNMP Security Policy.
Step 2 Click Modify in the upper right corner of the page.
Step 3 Set the parameters listed in Table 4-7.

OceanStor Dorado
Table 4-7 SNMP security policy parameters

Min. Password Length Minimum length of the community and USM user
password.
[Value range]
The value must be an integer from 8 to 32.
Max. Password Length Maximum length of the community and USM user
password.
[Value range]
Password Complexity Complexity requirements on the community and

USM user password.
[Value range]
● High: containing at least one special character
(!"#$%&'()*+,-./:;<=>?@[\]^`{_|}~ and space),
uppercase letter, lowercase letter, and digit
● Medium: containing at least one special
character (!"#$%&'()*+,-./:;<=>?@[\]^`{_|}~ and
space) and two of the following types:
uppercase letter, lowercase letter, and digit
● Low: containing at least one of the following
types: special character (!"#$%&'()*+,-./:;<=>?
@[\]^`{_|}~ and space), uppercase letter,
lowercase letter, and digit
Allow the authentication When this parameter is selected, the

password and data authentication password and data encryption
encryption password to be password of a USM user can be the same.
the same
Allow the USM user name When this parameter is selected, the password of a
and password to be the USM user can be the same as the USM user name
same or the reverse of the USM user name.
Set different read and When this parameter is selected, the read and
write community strings write communities must be different.
Statistic Collection Interval Interval for counting consecutive authentication

of Authentication Failures failures.
[Value range]
The value must be an integer from 1 to 600. The
unit is second.
Allowed Consecutive Count of consecutive authentication failures

Authentication Failures allowed by the system.
[Value range]

OceanStor Dorado
IP Address Lockout Time Lockout time for the IP address of the network
management software.
[Value range]
The value must be an integer from 10 to 3600. The
unit is second.
Step 4 Click Save.
----End
4.5.4 Adding a Trap Server Address

After a trap server IP address is configured, alarm information about a storage
device will be sent to the specified application server or maintenance terminal.
Prerequisites
● The SNMP service has been enabled on the storage system.
● The SNMP service has been enabled on the application server.
● If SNMPv3 is used, a USM user should have been created. For details, see
4.5.2 Configuring the SNMP Protocol.
● The storage system sends only the alarms and events generated after the trap
server address has been configured.
Context
Trap is a type of Simple Network Management Protocol (SNMP) message that
indicates the occurrence of an event. These types of messages are sent using User
Datagram Protocol (UDP) and are not reliable.
DeviceManager provides the trap function to send the alarm and event messages
of managed storage devices to another network management system or to a
device at a specific server address. If alarm and event messages are reported using
SNMP, you must configure a trap server address.
NOTE
● To enable the trap function, install the associated software on application servers. For
example, you must install MIB interface software on the application servers that run
Windows 2003. To download the software, click this (Link), and see MIB Interface Files
of the corresponding product model to download software.
● After the IP address of the trap server is set, the storage system reports the generated
alarms. You can modify the notification of specific events. For details, see "Managing
Alarms and Events" in the Administrator Guide.

OceanStor Dorado
Procedure
Step 2 View trap server information. Table 4-8 describes the parameters.

OceanStor Dorado
Table 4-8 Trap server parameters

Server Address Address of a network management system or storage device

for receiving alarm and event messages.
[Value range]
The value can be an IP address or a domain name.
– A 32-bit IPv4 address is divided into four 8-bit fields
that are expressed in dotted decimal notation.
– Each field of the IP address cannot be blank and must
be an integer.
– The value of the leftmost field ranges from 1 to 223
(excluding 127).
– The values of the other fields range from 0 to 255.
– The IP address cannot be set to a special address such
as a network address or broadcast address.
– A 128-bit IPv6 address is divided into eight 16-bit fields.
Each 16-bit field consists of four colon-separated
hexadecimal numbers.
– In each 16-bit field, leading zeros can be omitted for
simplicity. However, at least one digit must be reserved
in each field.
– To achieve further simplicity, you can use a double
colon (::) in place of a series of zeros. A double colon
(::) can be used only once in an IPv6 address. It can also
represent the neighboring consecutive zeros at the
beginning or end of an IPv6 address.
– An IPv6 address cannot be set to a special one, such as
a network address, loopback address, or multicast
address.
● In the event of using a domain name:
– A domain name is case-insensitive and must use the
English alphabet.
– A domain name contains 1 to 255 characters.
– A domain name can only contain letters (a to z and A
to Z), digits (0 to 9), periods (.), and hyphens (-), and
cannot start or end with a hyphen (-).
[Example]
192.168.100.11
fc00::1234
domain.com
Port Port number of a trap server IP address.

OceanStor Dorado
Version SNMP version used by the Trap server. Possible options are
SNMPv1, SNMPv2c, and SNMPv3.
NOTE
● SNMPv1 and SNMPv2c use communities for authentication.
● SNMPv3 supports the authentication and encryption of data. USM
users need to be configured to implement data authentication
and encryption.
● For security concerns, SNMPv3 is recommended.
Type Type of alarms sent by the storage device to the Trap server.
Possible options are:
● Parsed: The storage device sends parsed alarms to the
Trap server.
● Original: The storage device sends original alarms that are
not parsed to the Trap server.
● Parsed time string: The storage device sends parsed
alarms to the Trap server. All alarm IDs correspond to the
same OID. The data type of event fields generated by
alarms is OCTET STRING.
● Original time string: The storage device sends original
alarms that are not parsed to the Trap server. The data
type of alarm occurrence time (character string) and
alarm clearing time (character string) is OCTET STRING.
● All: The storage device sends all types of alarms to the
Trap server including Parsed, Original, Parsed time
string, and Original time string.
USM User User who reports alarms using SNMP.
Step 3 Manage a Trap server.

● Add a Trap server.
a. Click Add.
The Add Trap Server page is displayed.
b. Set the trap server information. Table 4-8 describes the parameters.
c. Click OK.
● Delete a Trap server.
a. Select the desired Trap server and click Delete.
A warning dialog box is displayed.
b. Confirm your operation and click OK.
● Test a Trap server.
a. Select the desired Trap server and click Test.
A warning dialog box is displayed.
b. Confirm your operation and click OK.
----End

OceanStor Dorado
Follow-up Procedure
A storage system can send multiple types of alarms and events to the trap server,
and each alarm or event has its own push format. For details, click this (Link), and
see MIB Interface Files of the corresponding product model to download software.
4.6 Setting Alarm Dump

After you enable alarm dump, alarms will be dumped automatically to a specific
FTP or SFTP server when their number exceeds the system threshold.
Prerequisites
● If events and cleared alarms are stored on an FTP server, communication
between the FTP server and the storage system is normal. To enhance
communication reliability, you are advised to configure the FTP server and
storage system on the same LAN and their IP addresses on the same network
segment.
● If events and cleared alarms are stored on an SFTP server, communication
between the SFTP server and the storage system is normal. To enhance
communication reliability, you are advised to configure the SFTP server and
storage system on the same LAN and their IP addresses on the same network
segment.
● If events and cleared alarms are stored on an FTP server and a firewall is
configured on the network, port 21 is enabled.
● If events and cleared alarms are stored on an SFTP server and a firewall is
configured on the network, port 22 is enabled.
● Before configuring a domain name for the server, ensure that the DNS server
can communicate normally with the storage system or third-party server.
Context
● The storage system is not configured with the alarm dump and operation log
storage policies.
– When the number of generated alarms, operation logs, or run logs
reaches 45,000, alarm The Space That Stores Event Logs Is To Be Used
Up will be triggered.
– When the number of generated alarms, operation logs, or running logs
reaches the upper limit (50,000), the first 10,000 alarms, operation logs,
or running logs are deleted automatically. When the number of
generated login/logout logs reaches the upper limit (20,000), the first
10,000 login/logout logs are deleted automatically.
● The storage system is configured with alarm dump and but not configured
with operation log storage policies.
Up will not be triggered. When the number of generated alarms,
operation logs, or run logs reaches the upper limit (50,000), the first
10,000 alarms, operation logs, or run logs are dumped automatically to
the specified FTP server or SFTP server.

OceanStor Dorado
– When the number of generated login/logout logs reaches the upper limit
(20,000), the first 10,000 login/logout logs are automatically dumped to
● The storage system is not configured with alarm dump and but configured
with operation log storage policies.
Up will be triggered.
– When the number of generated alarms or run logs reaches the upper
limit (50,000), the first 10,000 alarms or run logs are deleted
automatically. When the number of generated login/logout logs reaches
the upper limit (20,000), the first 10,000 login/logout logs are deleted
automatically. When the number of generated operation logs reaches the
upper limit (50,000) or their retention period reaches the preset
threshold, the first 10,000 operation logs or the operation logs whose
retention period reaches the preset threshold are deleted automatically.
● The storage system is configured with alarm dump and operation log storage
policies.
– When the number of generated alarms or run logs reaches 45,000, alarm
The Space That Stores Event Logs Is To Be Used Up will not be
triggered. When the number of generated alarms or run logs reaches the
upper limit (50,000), the first 10,000 alarms or run logs are dumped
automatically to the specified FTP server or SFTP server.
– When the number of generated operation logs reaches 45,000, alarm The
Space That Stores Event Logs Is To Be Used Up will not be triggered.
When the number of generated operation logs reaches the upper limit
(50,000) or their retention period reaches the preset threshold, the first
10,000 operation logs or the operation logs whose retention period
reaches the preset threshold are dumped automatically to the specified
FTP server or SFTP server.
– When the number of generated login/logout logs reaches the upper limit
(20,000), the first 10,000 login/logout logs are automatically dumped to
NOTE
● The generated alarms refer to the events generated and the alarms cleared by the
storage system.
● To ensure that the information recorded by the storage system is complete, you are
advised to configure alarm dump and operation log storage policies.
Procedure
Step 1 Choose Settings > Alarm Settings > Alarm Dump.
Step 2 Configure alarm dump.
1. Enable the alarm dump function.
NOTE
If alarm dump is enabled, click Modify in the upper right corner.

2. Set alarm dump parameters. Table 4-9 describes the parameters.

OceanStor Dorado
Table 4-9 Alarm dump parameters

Transport Transport protocol for alarm dump. Possible options are

Protocol SFTP and FTP.
NOTE
The storage systems support FTP for compatibility concerns.
SFTP is recommended for security purposes.
Username User name for logging in to the SFTP or FTP server.

[Value range]
– The name contains 1 to 63 characters.
– The name cannot contain the following special
characters: !':;|`$<>&-()#?"\*
Password Password for logging in to the server.

[Value range]
– The password contains 1 to 63 characters.
– A valid password cannot contain extended ASCII
characters or Unicode characters. It is recommended
that a password contain the following characters:
digits (0 to 9), letters (a to z and A to Z), spaces, and
special characters ([]^_{|}~`@!"#$%&'()*+,-./:;<=>?).

OceanStor Dorado
Server IP Address IP address of the server.

[Value range]
– In the event of using an IPv4 address:
▪ A 32-bit IPv4 address is divided into four 8-bit

fields that are expressed in dotted decimal
notation.
▪ Each field of the IPv4 address must be an integer.
▪ The value of the leftmost field ranges from 1 to

223 (excluding 127).
▪ The values of the other fields range from 0 to

255.
▪ An IPv4 address cannot be set to a special address

such as a broadcast address.
– In the event of using an IPv6 address:
▪ A 128-bit IPv6 address is divided into eight 16-bit

fields. Each 16-bit field consists of four colon-
separated hexadecimal numbers.
▪ In each 16-bit field, leading zeros can be omitted

for simplicity. However, at least one digit must be
reserved in each field.
▪ To achieve further simplicity, you can use a double

colon (::) in place of a series of zeros. A double
colon (::) can be used only once in an IPv6
address. It can also represent the neighboring
consecutive zeros at the beginning or end of an
IPv6 address.
▪ An IPv6 address cannot be set to a special one,

such as a network address, loopback address, or
multicast address.
File Save Path Path for storing the dumped storage system
information. A save path has been set on the SFTP or
FTP software. You must create a folder in the save path
and enter the folder name in File Save Path on
DeviceManager.
[Value range]
– The value can contain 1 to 255 characters.
– The value cannot contain the following special
characters: !':;|`$<>&-()#?"\*. The first character
cannot be a period (.). The first and last characters
cannot be spaces. The first character after a slash (/)
in the path cannot be a period (.).

OceanStor Dorado
3. (Optional) Click Test.

– If an error dialog box is displayed, at least one parameter value is
incorrect. Modify the parameter and retry.
– If a success dialog box is displayed, the alarm dump parameters have
been configured correctly.
4. Click Save.
Step 3 Configure operation log storage policies.
1. Enable operation log storage policies.
NOTE
If operation log storage policies are enabled, click Modify in the upper right corner.
2. Set the retention days of operation logs.
NOTE
– If the value is set to 0, the number retention days is not limited.

– If no SFTP server or FTP server is configured, operation logs that have been stored
for more than the specified number of retention days will be deleted. If an SFTP
server or FTP server is configured, operation logs that have been stored for more
than the specified number of retention days will be dumped to the specified SFTP
server or FTP server.
3. Click Save.
----End
4.7 Setting Alarm Masking

After alarm masking is enabled, DeviceManager does not monitor alarms of
specified objects or unimportant alarms, improving fault locating efficiency. The
masked alarms will not be reported to upper-layer (third-party) network
management systems connected to the storage system.
Procedure
Step 2 Choose Settings > Alarm Settings > Alarm Masking.
Step 3 View all alarms in the system. Table 4-10 describes the parameters.

OceanStor Dorado
Table 4-10 Alarm masking parameters
Name Name of an alarm.

NOTE
Some alarms have the same name but different IDs. When setting
alarm masking, set all alarms with the same name.
Alarm ID ID of an alarm.
Object Type of the object for which the alarm is generated.
Severity Alarm severity. Possible values are Critical, Major, Warning,

and Info.
Alarm Masking Whether alarm masking is enabled.
Unhandled Indicates whether an alarm is unhandled.

Alarms
NOTE
● Select one or more alarms and click Enable. The system will not report the selected
alarms.
● Select one or more alarms and click Disable. The system will not mask the selected
alarms.
----End
4.8 Setting Event Notification

Configuring email, SMS, or trap notification enables the system to send event
information to specified personnel or devices through email, SMS, or trap.
Procedure
Step 1 Choose Settings > Alarm Settings > Event Notification.
Step 2 View system events. Table 4-11 describes the parameters.
Table 4-11 Event parameters
Name Name of an enabled event.

NOTE
Some events have the same name but different IDs. When setting
event notification, set all events with the same name.
Alarm ID ID of an enabled event.
Object System type of an enabled event.

OceanStor Dorado
Severity Severity of an enabled event. Possible values are Critical,

Major, Warning, and Info.
Email Notification Indicates whether to enable email notification. After email

notification is enabled, the system will send event
information to recipient email addresses configured in the
Email Notification area on the Alarm Notification page.
NOTE
You can click to enable email notification. If email notification
is enabled but recipient email addresses enabled with event
notification are not configured in the Email Notification area on
the Alarm Notification page, the system will not send the event
information.
SMS Notification Indicates whether to enable SMS notification. After SMS

information to recipient phone numbers configured in the
SMS Notification area on the Alarm Notification page.
NOTE
You can click to enable SMS notification. If SMS notification is
enabled but recipient phone numbers enabled with event
notification are not configured in the SMS Notification area on the
Alarm Notification page, the system will not send the event
information.
Trap Notification Indicates whether to enable Trap notification. After trap

information to trap servers through server addresses
configured in the Trap area on the Alarm Notification
page using SNMP Trap mode.
NOTE
You can click to enable Trap notification.
NOTE
A maximum of 512 events can be enabled with event notification.
----End

OceanStor Dorado 5 Enabling Prediction on the Trend of Effective
Initialization Guide Capacity Usage
5 Enabling Prediction on the Trend of

Effective Capacity Usage
You can enable this function if you have purchased the effective capacity license
and want to predict the trend of the effective capacity usage.
Procedure
Step 1 Choose Settings > Monitoring Settings.
Step 2 On the Retention Settings page, select Retain historical monitoring data and
set the Retention Period and Data Storage Location.
NOTE
● The Data Storage Location can be an existing storage pool in the storage system.
● The historical performance data occupies at most 200 GB space of the storage pool.
Step 3 After Retain historical performance data has been enabled for seven days, you
can query the effective capacity trend on the DeviceManager home page or by
choosing Insight > Forecast on DeviceManager.
NOTE
● One half of the capacity usage trend chart shows the historical capacity usage (green
solid line) and the other half shows the predicted capacity usage trend (green dotted
line).
● When the predicted capacity usage trend (green dotted line) reaches 80% and 100%,
you can query the predicted time when the effective capacity usage will reach 80% and
100%.
● You can choose Insight > Forecast > Storage Pool to query the capacity usage trend of
each single storage pool.
----End

OceanStor Dorado
Initialization Guide 6 (Optional) Other Configurations
6 (Optional) Other Configurations
After completing initial configuration, you may need to continue with other
configurations based on your service requirement.
Table 6-1 Other configurations

Configuration Description
Configuring storage system See "Managing Access Permissions of a

security policies, accessible IP Storage System" in the Administrator Guide.
addresses, and user permissions
Modifying the alarm or event See "Managing Alarms and Events" in the
notification mode Administrator Guide.
Configuring the eService See "Enabling and Managing the eService" in
the Administrator Guide.
Configuring basic storage See "Configuring Basic Storage Services" in

services such as creating storage the Basic Storage Service Configuration Guide
resources and mapping for Block.
Configuring file system sharing See "Configuring Basic Storage Services" in
the Basic Storage Service Configuration Guide
for File.
Configuring value-added See the feature guide for your product model
features and version.
For example, to configure the SmartQoS
feature, see the SmartQoS Feature Guide.
Installing host software See the software user guide for specific
installation and configuration.
For example:
● Third-party multipathing software
See Host Connectivity Guide.

OceanStor Dorado
Initialization Guide 7 Using SmartKit for Deployment Inspection
7 Using SmartKit for Deployment

Inspection
During site deployment, you can use SmartKit on your maintenance terminal to
inspect the software and hardware status, value-added services, and alarms of the
storage system.
Prerequisites
● SmartKit of a correct version has been installed on the maintenance terminal.
You can check the version information in the version mapping table. To obtain
the version mapping table, log in to https://support.huawei.com/
enterprise/, enter your storage model in the search box, and select the
associated path to the product documentation page. Then find and download
the version mapping table.
● You have obtained the IP address of the management network port and the
login username and password.
Procedure
Step 1 Log in to SmartKit. On the Storage tab, select Site Deployment Quality
Inspection in Site Deployment Delivery.

OceanStor Dorado
NOTE
Step 2 Click Device Selection.
The Select Devices dialog box is displayed.

Step 3 Click Add Device, and add a device as instructed.
1. Specify basic information of the storage device, such as management IP

address.
2. Enter the login username, password, and port.
3. Click Finish. After successful verification, the storage device is added to the
device list.
4. Select the storage device on the device list, click Browse to specify Result
Folder, and click OK(L).
Step 4 Click Deployment Inspection.

OceanStor Dorado
The deployment inspection wizard is displayed.
Step 5 On the Inspection Wizard Step 2-1: Select Check Items page, select the device
and check items as required.
NOTE
situation.
1. Select the inspection device in the left pane.

2. Select the check items in the right pane.
NOTE
You can click to expand the check items under a category.

3. Click Next. The system starts inspection.

OceanStor Dorado
Step 6 On the Inspection Wizard Step 2-2: Start Inspection page, check the task status
and inspection result.
NOTE
● After the inspection is complete, the inspection results are automatically saved and an
inspection report is generated. You can:
– Click Open the result directory to view the inspection result data.
– Click View the report to view the inspection report.
● If any check item has failed, rectify the fault according to the handling suggestions.
----End

OceanStor Dorado
Initialization Guide 8 FAQs
8 FAQs
This chapter describes frequently asked questions (FAQs) about initializing a

storage system.
8.1 How Can I Import the Windows AD Domain Server's CA Certificate to the
Storage System?
8.2 How to Perform Remote Maintenance Using a Modem?
8.3 How Do I Obtain and Import the Email Certificates?
8.4 How Do I Obtain and Import the Email OTP Certificates?
8.5 How Do I Remove the Privacy Warning Displayed When I Log In to
DeviceManager?
8.6 How Do I Log In to the Storage System Through Multi-Factor Authentication?
8.7 How Do I Initialize the Password of the Root Administrator? (Applicable to
6.1.2 and Later)
8.1 How Can I Import the Windows AD Domain

Server's CA Certificate to the Storage System?
When you set domain authentication for a storage system, you must import the
CA certificate of the AD domain server to the storage system before selecting
LDAPS.
Prerequisites
The web service has been enabled for the Windows AD domain server.
Procedure
Step 1 Access http://localhost/certsrv/ on the Internet Explorer.
Step 2 Click Download a CA certificate, certificate chain, or CRL.

OceanStor Dorado
Step 3 Select the CA certificate you want to export, set the encoding mode to DER, and
click Download CA certificate.
Step 4 Click Save to save the CA certificate to a specified directory.
Step 5 Convert the CA certificate format.
The exported CA certificate uses the default format of Windows. You must convert
it to the pem format before importing it to the storage system.
NOTE
To convert the format, copy the CA certificate to a Linux server and run the openssl x509 -
in ./XXX.cer -inform DER -out YYY.pem -outform PEM command in the directory where
the CA certificate is saved.
In the preceding command, XXX represents the name of the CA certificate before
conversion, and YYY represents the name after conversion.
Step 6 After the CA certificate is converted, import it to the storage system.

OceanStor Dorado
1. Log in to DeviceManager.
2. Choose Settings > Certificates > Certificate Management.
NOTE

3. Select a scenario, and import and activate the CA certificate.
----End
8.2 How to Perform Remote Maintenance Using a

Modem?
After connecting to a storage system using a modem, you can remotely manage
and maintain the storage system.
Prerequisites
● Before building a remote maintenance environment, ensure that PSTN phones
and external modems are configured in equipment rooms.
● Each controller is configured with one serial port connected to one modem.
Select the external modem based on your requirements.
Context
You can log in to the CLI through a storage system serial port to perform remote
management and maintenance. This document uses 56K modems that remotely
access the storage system in PSTN dialup mode (on Windows) as an example to
describe configuring modems for remote maintenance.
NOTE
The PSTN ensures enhanced data security as its data is not transmitted over the Internet.
Meanwhile, you are advised to power off the modem to further ensure security when you
do not need to perform remote maintenance.
To implement remote maintenance, one remote modem and one local modem are
required.
Figure 8-1 shows the network topology.

OceanStor Dorado
Figure 8-1 Remote maintenance network topology
In Figure 8-1, note the following information:
● Remote modem
The remote modem is connected to the serial port of the storage system as
an answer end.
● Local modem
The local modem is connected to the serial port of the maintenance terminal
as a call end.
On this network, a remote maintenance request is handled in this sequence: serial

port of the maintenance terminal > local modem > PSTN > remote modem >
serial port of the storage system.
Procedure
Step 1 Configure a remote modem.
NOTE
To configure the remote modem, connect the remote modem to a maintenance terminal
temporarily.
Configure a remote modem as the answer end. The configuration steps are as
follows:
1. Connect the remote modem to the power supply, connect the serial port of
the remote modem to that of the maintenance terminal using a serial cable,
and connect the LINE port of the remote modem to the PSTN with a
telephone cable.
2. Run the PuTTY software.

OceanStor Dorado
3. In Connection type, select Serial. In Speed, enter 115200.

4. Click Open.
5. Type at and press Enter. The screen displays:
OK!
6. Run the following AT commands in sequence:

Type ats0=1 and press Enter. The screen displays:
OK!
Type at&d0 and press Enter. The screen displays:

OK!
Type at&k0 and press Enter. The screen displays:

OK!
Type at&w and press Enter. The screen displays:

OK!
Step 2 Configure a local modem.
Configure a local modem as the call end. The configuration steps are as follows:
1. Connect the modem to the nearest power supply. Connect the local modem
serial port to the maintenance terminal serial port with a serial cable. Connect
the local modem LINE port to the PSTN with a telephone cable.

OceanStor Dorado
2. Run the PuTTY software, and repeat Step 1.2 to Step 1.4 in Step 1.
OK!
4. Set initial parameters for the local modem.
Type at&f&w and press Enter. The screen displays:
OK!
Step 3 Set up the connection.
NOTICE
Before setting up the connection, ensure that the remote modem is disconnected
from the storage device. Otherwise, the storage system serial port will stop
responding because a large amount of data is sent from the remote modem
during modem dialup. When both the remote modem and the local modem have
dialed up to the network, connect the remote modem to the storage device with a
serial cable.
1. Run the PuTTY software on the maintenance terminal, and repeat Step 1.2 to
Step 1.4 in Step 1.
OK!
3. Type atdt XXX-YYYYYYYYY and press Enter for dialup.
When both the remote modem and the local modem have been dialed up to
the network, the baud rate is CONNECT. (For modems of different
manufacturers, the screen displays vary.)
NOTE
– XXX-YYYYYYYYY (area code+phone number) indicates the telephone number of the

remote site. This phone number must allow direct dialup.
– During dialup, the OH indicator of the local modem is steady on.
– If error messages are displayed, such as NO CARRIER, BUSY, NO ANSWER, and
ERROR, after the atdt command is executed, check the remote modem
configurations and then retry the dialup.
4. After the local modem is connected to the remote modem, connect the
remote modem to the storage device with a serial cable. Then press any key
to go to the CLI.
5. Enter the user name and password as prompted.
NOTE
– For security purposes, the password is not visible when it is being entered during
login. When you initialize or change the password, it will be displayed in * on the
screen.
– You must set an initial password for the super administrator during the first login.
To avoid password leakage, you are advised to change your login password
periodically by using the change user_password command.
6. The CLI login succeeds.
The storage device can now be remotely managed and maintained.
----End

OceanStor Dorado
8.3 How Do I Obtain and Import the Email Certificates?

Before enabling email notification, you must obtain the email client CA certificate
and server certificate, and import the client CA certificate to the storage system
and the server certificate to the SMTP server.
Procedure
Step 1 Obtain the client CA certificate and server certificate using either of the following
methods:
● Download the client CA certificate from the third-party CA center. After it is
signed, export the server certificate.
● Obtain the CA certificates using the certificate management software. The
following uses OpenSSL as an example. For details on how to use OpenSSL,
refer to its documentation.
a. Run the openssl command to generate the self-signed client CA
certificate.
b. Run the openssl command to generate the server certificate using the
client CA.
Step 2 Import the CA certificate of the client to the storage system.

NOTE

3. Select Email certificate and click Import Certificate.
4. Import the CA certificate file and click OK.
NOTE
The information displayed on the interface is only for reference and is subject to the
actual situation.

OceanStor Dorado
Step 3 Import the server certificate to the SMTP server.

NOTE
The following uses the hMailServer as an example.
1. Log in to the hMailServer.

2. Choose Settings > Advanced > SSL certificates.
3. Click Add and import the certificate.
4. Click Save.
5. Choose Settings > Advanced > TCP/IP ports.

6. Select the port of the mail server, set Connection security to SSL/TLS, and
select the imported certificate in SSL Certificate.

OceanStor Dorado
7. Click Save.
----End
8.4 How Do I Obtain and Import the Email OTP

Certificates?
Multi-factor authentication is controlled by the Email OTP certificates. Users must
obtain the Email OTP CA client and server certificates, and import the client CA
certificate to the storage system and the server certificate to the SMTP server.
Procedure
Step 1 Obtain the client CA certificate and server certificate using either of the following
methods:
● Download the client CA certificate from the third-party CA center. After it is
signed, export the server certificate.
● Obtain the CA certificates using the certificate management software. The
following uses OpenSSL as an example. For details on how to use OpenSSL,
refer to its documentation.
a. Run the openssl command to generate the self-signed client CA
certificate.
b. Run the openssl command to generate the server certificate using the
client CA.
Step 2 Import the CA certificate of the client to the storage system.


OceanStor Dorado
NOTE

3. Select Email OTP certificate and click Import Certificate.
4. Import the CA certificate file and click OK.
NOTE
The information displayed on the interface is only for reference and is subject to the
actual situation.
Step 3 Import the server certificate to the SMTP server.

NOTE
The following uses the hMailServer as an example.
1. Log in to the hMailServer.

2. Choose Settings > Advanced > SSL certificates.
3. Click Add and import the certificate.
4. Click Save.

OceanStor Dorado
5. Choose Settings > Advanced > TCP/IP ports.

6. Select the port of the mail server, set Connection security to SSL/TLS, and
select the imported certificate in SSL Certificate.
7. Click Save.
----End

OceanStor Dorado
8.5 How Do I Remove the Privacy Warning Displayed

When I Log In to DeviceManager?
Context
When you access a website using HTTPS, the server of this website uses a
certificate to prove its identity to the browser. To ensure connection security, the
browser requires the website to use a certificate issued by a trusted Certificate
Authority (CA). Figure 8-3 shows the certificate authentication process.
Figure 8-3 Certificate authentication process for website access using HTTPS
1. First, the CA provides its own CA root certificate to the browser developer, and
the browser developer adds the CA root certificate to the trusted list of the
browser. After users download and install the browser, the browser will trust
the certificates signed by this CA by default.
2. If a website is accessed using HTTPS, the website must send an authentication
request to the CA. The CA approves and signs the certificate of the website.
3. When a user accesses the website on the browser, the browser requests the
server to provide the signed certificate of the website. Then the browser
checks whether the website's root certificate is in its trusted list, and verifies
whether the signature is correct. If the verification is successful, the browser
sets up an HTTPS connection with the server.
If the website certificate is not signed by the CA, the browser prompts a privacy
warning when the user accesses the website, stating that the security certificate of
the website is not trusted and asking the user whether to continue accessing the
website.

OceanStor Dorado
You can use either of the following methods to remove the privacy warning when
you log in to DeviceManager:
● Method 1: Use a signed certificate issued by the CA.

● Method 2: Use self-signed certificates.
The signed certificate issued by the CA is recommended for better security.
Using a Signed Certificate Issued by the CA

1. Generate a private key and a certificate request file, and apply for
authentication from the CA.
The OpenSSL tool is used as an example.
a. Generate a private key file. Keep the private key file on your local PC. You
do not need to submit it to the CA.
openssl genrsa -out device_manager_ca.key 2048
b. Generate a certificate signing request (CSR) file and submit it to the CA

for certification.
openssl req -new -key device_manager_ca.key -out device_manager_ca.csr –config ssl.conf -subj
"/C=cn/ST=sc/L=cd/O=huawei/OU=storage/CN=xx.xx.xx.xx"
Replace xx.xx.xx.xx in the preceding information with the management

IP address or domain name of the storage system. The preceding
information is only an example. Use your actual information. If there are
multiple management IP addresses or domain names, subjectAltName is
required.
Contact the CA for instructions on the application.
2. The CA signs the CSR file and generates a digital certificate file.
The CA uses its private key to sign the CSR file and generate a digital
certificate file, and sends the digital certificate file to the applicant.
3. Import the certificate to the storage system.
a. Log in to DeviceManager.
b. Choose Settings > Certificates > Certificate Management.

OceanStor Dorado
NOTE

c. Select DeviceManager certificate and click Import Certificate.
The Import Certificate page is displayed.
d. For a certificate signed by the CA, you only need to import the certificate
file in .crt format in Certificate File and import the private key file
in .key format in Private Key File.
e. Click OK.
f. Log in to the storage system again. No privacy warning is prompted.
Using Self-Signed Certificates

In specific scenarios, you can use self-signed certificates to remove the privacy
warning.
You can replace the default security certificates of DeviceManager and your
browser with self-signed security certificates and private key files to remove the
privacy warning. The configuration procedure is as follows:
1. Prepare the OpenSSL environment.
a. Prepare a Linux-based device where the OpenSSL tool is installed
(generally, the OpenSSL tool has been pre-installed in a CentOS or
Ubuntu system). Run the openssl version command to verify that the
OpenSSL tool version is 1.0.2a or later.
# openssl version
OpenSSL 1.0.2k-fips 26 Jan 2017
b. Create a temporary directory, for example, /tmp/cert, and go to the

directory.
c. Create and edit the ssl.conf file.
# vi ssl.conf
Copy the following content to the ssl.conf file:

[ req ]
default_bits = 4096
distinguished_name = req_distinguished_name
req_extensions = req_ext
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = CN
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = SC

OceanStor Dorado
localityName = Locality Name (eg, city)

localityName_default = CD
organizationName = Organization Name (eg, company)
organizationName_default = Huawei
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = Storage
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_max = 64
commonName_default = xx.xx.xx.xx
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
IP.1 = xx.xx.xx.xx
IP.2 = yy.yy.yy.yy
DNS.1 = aaa.bbb
DNS.2 = ccc.ddd
[ x509_ext ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
basicConstraints = CA:true
Replace xx.xx.xx.xx and yy.yy.yy.yy in the preceding information with the

management IP addresses of the storage system, and aaa.bbb and
ccc.ddd with the domain names to be changed. All management IP
addresses or domain names are required.
2. Use the OpenSSL tool to generate CA private key and CA certificate files.
a. Create directories and files related to certificate files.
# touch /etc/pki/CA/index.txt
# touch /etc/pki/CA/serial
# echo 00 > /etc/pki/CA/serial
b. Generate a CA private key file.

openssl genrsa -out device_manager_ca.key 2048
c. Generate a CA certificate request.

openssl req -new -key device_manager_ca.key -out device_manager_ca.csr –config ssl.conf -subj
"/C=cn/ST=sc/L=cd/O=huawei/OU=storage/CN=xx.xx.xx.xx"
Replace xx.xx.xx.xx in the preceding information with the management

IP address or domain name of the storage system. If there are multiple
management IP addresses or domain names, choose one.
d. Generate a CA certificate file.
openssl x509 -req -days 3650 -in device_manager_ca.csr -signkey device_manager_ca.key -out
device_manager_ca.crt -extensions x509_ext -extfile ssl.conf
3. Generate the certificate file for DeviceManager.

a. Generate a private key of DeviceManager.
openssl genrsa -out device_manager_plain.key 2048
b. Generate a certificate request file of DeviceManager.

openssl req -new -key device_manager_plain.key -out device_manager.csr -config ssl.conf -subj "/
C=cn/ST=sc/L=cd/O=huawei/OU=storage/CN=xx.xx.xx.xx"
In the command, CN indicates the common name of the DeviceManager

certificate. Set it to the management IP address or domain name of the
storage system to prevent alarms. If there are multiple management IP
addresses or domain names, choose one.
c. Use the CA certificate to sign the certificate request file.

OceanStor Dorado
openssl ca -in device_manager.csr -out device_manager.crt -cert device_manager_ca.crt -keyfile

device_manager_ca.key -extfile ssl.conf -extensions req_ext
4. Replace the certificates.

a. Use an FTP tool (such as FileZilla) to connect to the Linux environment
where the OpenSSL tool is installed and transfer the generated
certificates and key file to the local PC.
In this example, you must transfer the following files:
▪ device_manager.crt
▪ device_manager_ca.crt
▪ device_manager_plain.key
b. Import the generated self-signed certificates to the storage system.
i. Log in to DeviceManager.
ii. Choose Settings > Certificates > Certificate Management.
NOTE

iii. Select DeviceManager certificate and click Import Certificate.
The Import Certificate page is displayed.
iv. Import device_manager.crt in Certificate File,

device_manager_ca.crt in CA Certificate File, and
device_manager_plain.key in Private Key File.
v. Click OK.
c. Import the CA certificate file to the browser. The following uses Chrome
(79.0) as an example.
i. Open Chrome and choose Settings > Advanced > Manage
Certificate > Trusted Root Certification Authorities > Import. The
Certificate Import Wizard dialog box is displayed.
ii. Select and import the certificate file (device_manager_ca.crt in this
example) as prompted.
iii. Restart the browser after the certificate is successfully imported.
iv. Log in to the storage system again. No privacy warning is prompted.

OceanStor Dorado
8.6 How Do I Log In to the Storage System Through

Multi-Factor Authentication?
The storage system supports multi-factor authentication. The configuration
procedure is as follows:
1. Enable multi-factor authentication on the storage system.

2. Modify login authentication on the storage system.
3. Log in to the storage system.
a. Log in to the storage system on DeviceManager.
b. Log in to the storage system using the CLI.
Enabling Multi-Factor Authentication on the Storage System

After enabling multi-factor authentication, you can set the login authentication
method to Login password + email one-time password when creating or
modifying a user account.
NOTICE
● The connections between the Simple Mail Transfer Protocol (SMTP) server and
all primary and secondary controllers must be working properly.
● The SMTP server must have been configured and is running properly.
Otherwise, specified email addresses cannot receive any authentication
messages.
● Before configuring a domain name for a server, ensure that the DNS server can
communicate normally with the storage system or the server.
Step 2 Choose Settings > User and Security > Multi-Factor Authentication.
Step 3 Set email authentication.

1. Enable Email Authentication.
2. Set email authentication parameters listed in Table 8-1.

OceanStor Dorado
Table 8-1 Email authentication parameters

SMTP Server IP address or domain name of the SMTP server. This is

an SMTP-compliant email-sending server. By using the
SMTP server, you can send authentication emails to
specified email addresses.
SMTP Port Port number of the SMTP server. The default value is
25.
Encryption Mode Indicates whether to encrypt the communication

between the storage system and the email server.
– Not encrypted: Data is not encrypted during
transmission.
– SSL/TLS: SSL and TLS are security protocols for
data security and integrity during network
communication. After this option is selected, the
system selects between the two security protocols
according to the email server type to encrypt data.
– STARTTLS: After this option is selected, TLS
encryption will be implemented. Previous
communication data will not be retroactively
encrypted using this mode.
NOTE
▪ For security purposes, you are advised to select an

encryption mode.
▪ The encryption mode configured on the storage

system must be consistent with that configured on the
SMTP server.
▪ If you choose the SSL/TLS or STARTTLS encryption

mode, you can also enable the CA certificate. For
details on how to obtain the CA certificate, see 8.4
How Do I Obtain and Import the Email OTP
Certificates?
CA Certificate
Email OTP certificate. Click , select a CA certificate
file, and click OK.
NOTE
You can click Re-upload to upload a new CA certificate file.
Authenticate Indicates whether the SMTP server authenticates a

SMTP Server sender's identity. If this option is not selected,
Username and Password are unavailable.
Username SMTP account name of the sender. When sending

authentication emails through the SMTP server, the
sender must type the SMTP account name and
password for authentication.

OceanStor Dorado
Password Password of the SMTP account. When sending

authentication emails through the SMTP server, the
sender must type the SMTP account name and
password for authentication.
Sender Email Email address of the sender.

Address
3. Click Save.
NOTE
You can click Test to test the connectivity between the storage system and SMTP
server.
----End
Modifying Login Authentication on the Storage System

Super administrators can set the login authentication method of other users to
Login password + email one-time password. The following example modifies the
login authentication method of an existing user.

Step 2 Choose Settings > User and Security > Users and Roles.
The user management page is displayed.
Step 3 On the Users page, click More on the right side of the desired user account and
choose Modify from the drop-down list.
The Modify User dialog box is displayed.

OceanStor Dorado
Step 4 Select Login password + email one-time password, specify the Recipient Email
Address to which a one-time password will be sent upon a login attempt.
NOTE
● To use Login password + email one-time password, you must first enable multi-factor
authentication.
● After you select Login password + email one-time password, you need only password
authentication if your login method is RESTful or SFTP.
Step 5 Click OK.
----End
Logging In to the Storage System on DeviceManager

Step 1 Open the web browser on the maintenance terminal.
Step 2 Enter the IP address (https://XXX.XXX.XXX.XXX:8088) of the management network
port on the controller enclosure in the address box and press Enter.
The DeviceManager login page is displayed.
Step 3 (Optional) Set the authentication mode and language.
1. Select a login mode in the Authentication Mode list.
– Local user: You will log in to the storage system in local authentication
mode.

OceanStor Dorado
– LDAP user: You will log in to the storage system in LDAP domain
You can log in to the storage system in LDAP domain authentication
mode only after an LDAP server is properly configured.
2. Choose a language in the upper right corner. DeviceManager supports English
and simplified Chinese.
Step 4 Enter the username and password of the administrator account that uses multi-
factor authentication.
Step 5 Click Log In.

The system prompts you to input the one-time password.
Step 6 Log in to your email box and find the one-time password.

OceanStor Dorado
NOTE
If you have not received the email after a long time, try to manually refresh your inbox.
Step 7 Return to the DeviceManager login page and input the one-time password found
in your email box. Then click Log In.
Step 8 Change the initial password as prompted.

OceanStor Dorado
Step 9 Click Modify.
The password is changed successfully. The system prompts you to log in again.
Step 10 Input your username and new password, and click Log In.
The system sends another one-time password to your email box again.
NOTE

OceanStor Dorado
Step 12 Return to the DeviceManager login page and input the one-time password found
in your email box. Then click Log In.
You have successfully logged in to DeviceManager.
----End
Logging In to the Storage System Using the CLI

NOTE
website.
the storage system.

Step 2 Select Session. Type the IP address of the management network port in the Host
Name (or IP address) text box in the Specify the destination you want to
connect to area. The IP address 192.168.6.96 is used as an example. Set
Connection type to SSH.
Step 3 Click Open. The CLI prompts you to input the login information.
login as:

OceanStor Dorado
Step 4 Enter the username (using testuser1 as an example) and password of the
administrator account that uses multi-factor authentication.
The system sends the one-time password to your email box.
login as: testuser1
Pre-authentication banner message from server:
|
| Authorized users only. All activities may be monitored and reported.
End of banner message from server
testuser1@X.XX.XX.XXX's password:

please input one time password.

email otp:
NOTE
Step 6 Input the one-time password. Upon the first login, change the initial password as
prompted for better system security.
email otp:******
For security purposes, please change the initial password and log in to the syst em using the new
password.
Old password:*********
New password:***********
Reenter password:***********
Step 7 The system sends the one-time password again.

please input one time password.
email otp:
NOTE
Step 9 Input the one-time password to log in to the system.

email otp:******

Total Capacity : --
Location :

OceanStor Dorado
Product Version : X.X.X

Time : 2020-04-28/17:26:36 UTC+08:00
Patch Version :
testuser1:/>
NOTE
Product Model and Product Version vary with the actual device you have logged in to.
----End
8.7 How Do I Initialize the Password of the Root

Administrator? (Applicable to 6.1.2 and Later)
Context
● For 6.1.2, if the password of the root administrator (_super_admin) is not
initialized, the system displays an alarm indicating that the password of the
root administrator has not been initialized after you log in to the storage
system.
● After connecting the storage device to the maintenance terminal by using a
serial cable, you can log in to the storage system by using remote login
software, such as PuTTY.
NOTE
website.
● You are advised to use the latest version of PuTTY. Otherwise, you may fail to log
in to the storage system.
Precautions
After initializing the password of the root administrator (_super_admin), ensure
that you will remember the password. If you forget the password, you cannot
perform operations that require the corresponding permissions. For example, if the
password of the root administrator (_super_admin) is lost, you cannot reset the
password of the super administrator admin. If you want to retrieve the password
of the root administrator (_super_admin), you must return the storage device to
the factory.
Procedure

OceanStor Dorado
Step 2 Set Connection type to Serial. In the Serial line text box, enter the name of the
serial port that connects the maintenance terminal to the storage system, for
example, COM1. In Speed, enter 115200.
You can query the serial port that connects the maintenance terminal to the
storage system as follows (Windows 7 is used as an example):
1. Right-click the Computer icon on the desktop of the maintenance terminal
and choose Manage from the shortcut menu.
2. In the navigation tree of the Computer Manager dialog box, choose System
Tools > Device Manager.
3. Click Ports. The serial port that connects the maintenance terminal to the
storage system, for example, COM1, is displayed.
There may be multiple serial port names, such as COM1, COM2, and COM3,
on the maintenance terminal. Try these ports until you can successfully log in
Step 3 Log in to the storage system using the serial port.
1. Click Open.
If the connectivity between the maintenance terminal and the controller is
normal, information similar to Figure 8-6 is displayed.

OceanStor Dorado
Figure 8-6 Successful connection between the controller and the maintenance
terminal
2. Initialize the password of the root administrator (_super_admin).
NOTE
● For 6.1.0, see the OceanStor Dorado Account List for details about user names and
passwords.
● For 6.1.2 and later versions, the root administrator does not have a default password.
During the first login, press Enter directly when the system prompts you to input the
password. Then follow the instructions to set a password. To avoid password leakage,
periodically change your login password. For details about how to change the password,
see the Administrator Guide.
● For security purposes, the password is not visible when it is being entered during login.
When you initialize or change the password, it will be displayed in * on the screen.
● After initializing the password of the root administrator (_super_admin), ensure that
you will remember the password.
Storage login: _super_admin
password:

*****Please enter new password for _super_admin:*****
*****Please re-enter new password for _super_admin:*****
----End

OceanStor Dorado
Initialization Guide A Logging In to the CLI
A Logging In to the CLI
After logging in to the CLI of a storage system, you can query, set, manage, and
maintain the storage system. On any maintenance terminal connected to a
storage system, you can log in to the CLI by using PuTTY to access the IP address
of the management network port on the controller of a storage system. The
authentication modes for the SSH protocol are Password and Public key. This
section describes how to use the authentication modes to log in to the CLI.
NOTE
● Before using SSH to connect to the storage system, use tools that support encryption
algorithms to ensure communication security. For details about encryption algorithms
supported by the storage system, see "Encryption Algorithm Suite" in the Security
Configuration Guide of the specific version.
A.1 Logging In to the CLI of the Storage System Using

a Password
This section describes how to log in to the CLI of the storage system using a
password.
You can use either of the following methods to log in to the storage system:
● Through the serial port
After connecting the controller enclosure to the maintenance terminal
through a serial cable, you can log in to the CLI of a storage system by using
login software (This section uses the PuTTY software as an example).
● Through the management network port
After connecting the controller enclosure to the maintenance terminal by
using a network cable, you can log in to the CLI of a storage system by using
remote login software that supports SSH (for example, PuTTY).
– For a 2 U controller enclosure, the default IP addresses of the
management network ports on controllers A and B are respectively
192.168.128.101 and 192.168.128.102, and the default subnet mask is
255.255.0.0.
– For a 4 U controller enclosure, the default IP address of network port 0
on management module 0 is 192.168.128.101 and that of network port

OceanStor Dorado
0 on management module 1 is 192.168.128.102. The default subnet

mask is 255.255.0.0.
– Ensure that the IP address of the controller enclosure's management
network port is on the same network segment as that of the
maintenance terminal. Otherwise, you can modify the IP address of the
management network port through a serial port by running the change
system management_ip command. For details, see 2.1.1 Changing IP
Addresses of Management Network Ports Using a Serial Port.
Context
● For details about CLI commands, see the Command Reference of the
corresponding product model and version.
● The operation procedure varies depending on the operating system. This
section uses the Windows and Linux operating systems as an example.
● GUIs may vary with software versions. The actual GUIs prevail.
● If login authentication is Login password + email one-time password, email
authentication is required. For details, see 8.6 How Do I Log In to the
Storage System Through Multi-Factor Authentication?.
Logging In to the CLI Using the Serial Port (Windows)

NOTE
website.
the storage system.

The PuTTY Configuration dialog box is displayed, as shown in Figure A-1.

OceanStor Dorado
Figure A-1 PuTTY Configuration dialog box
2. In Connection type, select Serial. In Speed, enter 115200.

3. Click Open. When the connection succeeds, the following output is displayed.
Storage login:
4. Enter the user name and password as prompted. The super administrator
(admin by default) does not have a default password for 6.1.2 and later
versions. During the first login, press Enter directly when the system prompts
you to input the password. Then follow the instructions to set a password.
password:


OceanStor Dorado
NOTE
● To reduce the risk of password leakage, you are advised to change your login password
● For a domain authentication user, the method for logging in to the storage system
varies according to the software used for login:
● If PuTTY is used, the user can log in to the storage system by entering domain/
Domain user name and the domain user's password. For example, the login page
for domain user storage37 is as follows:
login as: domain/storage37

ssh domain/storage37@xxx.xxx.xxx.xxx's password:
● If another software (such as Xshell) is used, the user can log in to the storage
system by entering ssh domain/Domain user name and the domain user's
password. For example, the login page for domain user storage37 is as follows:
[c:\~]$ ssh domain/storage37@xxx.xxx.xxx.xxx
Connecting to xxx.xxx.xxx.xxx:xxx...
Logging In to the CLI Using the Serial Port (Linux)

NOTE
● This document uses the Minicom software as an example. You can download Minicom
from its official website.
● This document uses SSH Secure Shell Client to upload the Minicom installation package
to the Linux host. You can download SSH Secure Shell Client from its official website.
● You must enable SSH on the Linux host. The default port ID is 22.
1. Check whether Minicom has been installed on the Linux host.

Log in to the Linux client and run the rpm -qa | grep minicom command.
– If Minicom has been installed, its version is returned, for example:
[root@localhost ~]# rpm -qa |grep minicom
[root@localhost ~]# minicom-2.3-27.24.4.1
Go to 5 to configure Minicom.
– If Minicom is not installed, no information will be returned. Perform 2 to
4 to install it.
2. Upload the Minicom and rzsz installation packages to the Linux host. This
document uses SSH Secure Shell Client on a Windows host to upload the
packages to the Linux host.
a. Install SSH Secure Shell Client on a Windows host. Double-click the
Secure File Transfer Client shortcut to run the software.
b. Click Quick Connect on the menu bar. Input the Host Name, User
Name, Port, and Authentication of the Linux host and click Connect.
Then enter the password to access the Linux host.

OceanStor Dorado
NOTE
The default port ID is 22.
c. Click on the menu bar. The file transfer page is displayed.

By default, Local Name is the file directory on the Windows host and
Remote Name is the file directory on the Linux host.
d. Select the Minicom and rzsz installation packages on the Windows host,
right-click on them, and select upload to upload the installation
packages to the Linux host.
3. Install the rzsz software.
On the Linux client, run the rpm -ivh Installation package name command.
[root@localhost minicom]# rpm -ivh rzsz-0.12.20-853.2.i586.rpm
Preparing... #############################################[100%]
1:rzsz #############################################[100%]
4. Install the Minicom software.

On the Linux client, run the rpm -ivh Installation package name command.
[root@localhost minicom]# rpm -ivh minicom-2.3-27.24.4.1.x86_64.rpm
Preparing... #############################################[100%]
1:minicom #############################################[100%]
5. Configure Minicom.
After Minicom has been installed, configure Minicom to connect the Linux
host to the storage system.

OceanStor Dorado
a. Log in to the Linux client and run the minicom -s command. The
configuration page is displayed.
b. Select Serial port setup and press Enter.
c. Configure serial port parameters.

6. Configure the serial port device.
Press A. Input /dev/ttS0 in Serial Device and press Enter.
7. Configure the baud rate for the serial port.
Press E. The Comm Parameters page is displayed. Generally, the baud rate of
the storage system is 115200. Press E and select 115200. Then press Enter to
return to the configuration page.
a. On the configuration page, click Save setup as dfl to save the

configurations and then exit.
b. After configuring Minicom, run the minicom command on the Linux
client. The following message is returned:
Storage login:

OceanStor Dorado
c. Enter the user name and password as prompted. The super administrator
(admin by default) does not have a default password for 6.1.2 and later
versions. During the first login, press Enter directly when the system
prompts you to input the password. Then follow the instructions to set a
password.
password:

You are required to have a personal authorisation from the system administrator before you use
this computer. Unauthorised access to or misuse of this system is prohibited.
NOTE
● To reduce the risk of password leakage, you are advised to change your login
password periodically by using the change user_password command.
● If you forget the password of an administrator account, the super
administrator can run change user to reset the password. If you forget the
password of a super administrator account, use the root administrator
account to log in to the CLI through a serial port and run initpasswd to reset
the password. For details, see "Managing Users" in the Administrator Guide.
● For a domain authentication user, the method for logging in to the storage
system varies according to the software used for login:
● If PuTTY is used, the user can log in to the storage system by entering
domain/Domain user name and the domain user's password. For
example, the login page for domain user storage37 is as follows:

● If another software (such as Xshell) is used, the user can log in to the
storage system by entering ssh domain/Domain user name and the
domain user's password. For example, the login page for domain user
storage37 is as follows:
Logging In to the CLI Through the Management Network Port (Windows)

NOTE
website.
the storage system.

Run the PuTTY software. The PuTTY Configuration dialog box is displayed, as
shown in Figure A-2.

OceanStor Dorado
Figure A-2 PuTTY Configuration
2. Select Session. Type the IP address of the management network port in the
Host Name (or IP address) text box in the Specify the destination you
want to connect to area. The IP address 192.168.6.96 is used as an example.
Set Connection type to SSH.
3. Click Open, and the interface is displayed, and the following output is
displayed.
login as:
4. Enter the user name and password as prompted.

login as: admin

New password:*********
Reenter password:*********

SN : ST000000000000000108
Location :
Product Model : XXXX XXXX XX
Product Version : X.X.X
Time : XXXX-01-08/16:14:53 UTC+08:00
Patch Version :

OceanStor Dorado
NOTE
● Log in to the storage system as the super administrator (admin by default) for the first
time. Then follow the instructions to set a password. For details about user names and
passwords, see the OceanStor Dorado Account List.
● Product Model and Product Version vary with the actual device you have logged in to.
● To reduce the risk of password leakage, you are advised to change your login password
● For a domain authentication user, the method for logging in to the storage system
varies according to the software used for login:
● If PuTTY is used, the user can log in to the storage system by entering domain/
Domain user name and the domain user's password. For example, the login page
for domain user storage37 is as follows:

● If another software (such as Xshell) is used, the user can log in to the storage
system by entering ssh domain/Domain user name and the domain user's
password. For example, the login page for domain user storage37 is as follows:
A.2 Logging In to the CLI of the Storage System Using

a Public Key
This section uses PuTTY and SUSE as an example to describe how to generate
public and private keys as well as configure public key authentication to log in to
the CLI.
A.2.1 Using PuTTY to Log In

This section uses PuTTY as an example to describe how to generate public and
private keys as well as configure public key authentication to log in to the CLI.
Prerequisites
● Only a super administrator has the permission to modify users' authentication
mode for logging in to the CLI.
● Public key authentication for logging in to the CLI is configured for local users
only, not for domain users.
Precautions
● After a private key is generated, keep it secure.
● Change the public key periodically. Use the new private-public key pair for
login authentication to improve system security.

OceanStor Dorado
Context
GUIs may vary with software versions. The actual GUIs prevail.
Procedure
Step 1 The super administrator generates a private-public key pair for a local user.
1. Run the puttygen.exe file.
Go to the PuTTY Key Generator main window, as shown in Figure A-3.
Figure A-3 Main window of the generator for a private-public key pair
2. Click Key, and set Key to SSH-2 RSA key or SSH-2 DSA key, and set Number
of bits in a generated key to an integer in the range from 2048 to 8192.

OceanStor Dorado
Figure A-4 Type of key to generate
NOTE
GUIs may vary with software versions. The actual GUIs prevail.
3. Click Generate and move the cursor over the blank area in the lower part of
the Key area to generate a public key.
The public key will be displayed in the area, as shown in Figure A-5.

OceanStor Dorado
Figure A-5 Generating the public key
4. Copy and save the public key to the local path.

5. (Optional) In Key passphrase, enter a password to encrypt the private key. In
Confirm passphrase, enter the password again.
NOTE
For the security of the private key file, you are advised to configure a secure password
to encrypt the private key file.
6. The method to generate the private key file varies with the tool used to log in
to the CLI.
a. If you use PuTTY to log in to the CLI, click Save private key and save the
private key file to the local path, as shown in Figure A-6.

OceanStor Dorado
Figure A-6 Generating the private key
b. If you use the other tools to log in to the CLI, choose Conversions >
Export OpenSSH key and save the private key file to the local path, as
shown in Figure A-7.

OceanStor Dorado
Figure A-7 Generating the private key
Step 2 The super administrator modifies the login authentication mode of local users.
1. Log in to the CLI of a storage system as the super administrator.
2. Run the change user_ssh_auth_info general user_name=testuser1
auth_mode=publickey command to change the user authentication mode to
public key. user_name indicates the user name of the login authentication
mode to be modified.
3. Copy the locally saved public key to Public key on the CLI as instructed, and
press Enter.
After executing the command successfully, users map the private key to the
public key to log in to the CLI.
admin:/>change user_ssh_auth_info general user_name=testuser1 auth_mode=publickey
CAUTION: Only public keys generated using the SSH-2 RSA/DSA encryption algorithm and using keys
whose lengths range from 2048 to 8192 bits are supported.
Public Key:ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAgQvrzP1a5QZjOts
+VVaqu0KaEx7ssZdsZ766laRo0sBJuF7NHcVE2/azu0HZN8gg0f0iYHFeqkiMYPN4DBD3DKcOB
+Hno6TYK2dqhYKzj+M0cs/hwi2dq0yZQNqvZDAT
+6LjRzPhN5xYKFEvOBDY8gEABXzNaWQGDNgH6GQp+fhtu2I486Hz
+3034QmAYBdVjUuajRd4vO71tABgB8ykhgJfFkSffRRS5njQyRrFNQOin
+y5ug5vCOeHngVtzoBqRpRRjaQOiYAL/BvoYiWaJuGjlAOZUTIzLYfyx3GX/
lLZy2MYGsUaq63j2tb8823yEs1TTKHMmQscBz5/kNEEHQ== rsa-key-20191024
admin:/>
Step 3 Local users configure PuTTY and log in to the storage system.
1. Start PuTTY.
Go to the PuTTY Configuration window.

OceanStor Dorado
2. Click Session. In the right pane, type the IP address of a storage system's
management network port in the Host Name (or IP address) text box. Set
Port and Connection type to 22 and SSH respectively.
3. Choose Connection > Data. In the Login details text box in the right pane,
type the user name of the login authentication mode to be modified.
4. Choose Connection > SSH > Auth. In the right pane, click Browse. Select and
open the locally saved private key file.
5. Click Open to log in to the CLI.
NOTE
If the password of the private key is encrypted in Step 1.5, type the password when logging
in to the CLI, and then press Enter.
Using username "testuser1".
Pre-authentication banner message from server:
|
| Authorized users only. All activities may be monitored and reported.
End of banner message from server
Authenticating with public key "rsa-key-20191024"
Passphrase for key "rsa-key-20191024":
Last login: Thu Oct 24 15:05:32 XXXX from 192.168.6.96


Total Capacity : X.XXXTB

OceanStor Dorado
Location : XXXXXX
Time : XXXX-XX-XX/15:07:22 UTC+08:00
Patch Version :
testuser1:/>
----End
Follow-up Procedure
To modify a user's login authentication mode to Password, run the change
user_ssh_auth_info general user_name=testuser1 auth_mode=password
command and use the original password to log in to the CLI of a storage system.
A.2.2 Using SUSE to Log In

This section uses SUSE as an example to describe how to generate public and
private keys as well as configure public key authentication to log in to the CLI.
Prerequisites
● Only a super administrator has the permission to modify users' authentication
mode for logging in to the CLI.
● Public key authentication for logging in to the CLI is configured for local users
only, not for domain users.
Precautions
● After a private key is generated, keep it secure.
● Change the public key periodically. Use the new private-public key pair for
login authentication to improve system security.
Procedure
Step 1 Log in to the SUSE application server.
Step 2 Run the ssh-keygen -t rsa command to generate a private key file and a public
key file.
linux:~ # ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): //Enter the path for saving the key files. Alternatively,
you can directly press Enter to save the files to the default path in the brackets.
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y //If key files have been generated, this step is displayed. You can enter n to use the
existing key files or enter y to regenerate key files.
Enter passphrase (empty for no passphrase): //Enter the password. You can also press Enter without setting
a password.
Enter same passphrase again: //Enter the password again. You can also press Enter without setting a
password.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
f5:7f:c5:db:da:0f:37:69:ba:ac:fe:23:ad:98:70:51 [MD5] root@linux
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| .E |

OceanStor Dorado
| ... . |
| S. . o|
| . . =|
| . . . o=+|
| o o..oo*.|
| o.+==+ +|
+--[MD5]----------+
linux:~ #
Step 3 After the command is successfully executed, go to the save path of the key files
and view the public key information. Copy and save the public key information for
authentication on the storage system.
NOTE
In this example, the public key file is /root/.ssh/id_rsa.pub, and the private key file is /
root/.ssh/id_rsa.
linux:~ # cat /root/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1SmSBfUoo4esGZIot6wldLIjD+T46WJp3l1G3Isppd+YH2qD
+TlluisR7UW9oAWwYkeSrvEBMDVxhmKHSmh2rGmbV8SnKVAj5t5MpFTyPr0eMh2hoUC3BbSuJhmo066K8Vm
NYq3OeIPAuHqj9SFSOCYtnfxzaKM5mSatqDZJWvxIDO0oK6nbFiiFGsQXkIsB3wdNbMN7rZA3pWmWAlPbw1ox
CUm5WeHclt+OUX0soFK4c6OSxr0JD9dYGvZx2kazUO0lIvWE9+el0GVqrmByK2Tq2NTUcp6OmDeGH/
GQTeO2rXpOgiE8/IKnEQog20RucCLJ1zO+lRKw+DHCZj8UX root@linux
linux:~ #
Step 4 The super administrator modifies the login authentication mode of local users.
1. Log in to the CLI of a storage system as the super administrator.
2. Run the change user_ssh_auth_info general user_name=auto_user
auth_mode=publickey command to change the user authentication mode to
public key. user_name indicates the user name of the login authentication
mode to be modified.
3. Copy the locally saved public key to Public key on the CLI as instructed, and
press Enter.
After executing the command successfully, users map the private key to the
public key to log in to the CLI.
admin:/>change user_ssh_auth_info general user_name=auto_user auth_mode=publickey
CAUTION: Only public keys generated using the SSH-2 RSA/DSA encryption algorithm and using keys
whose lengths range from 2048 to 8192 bits are supported.
Public Key:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1SmSBfUoo4esGZIot6wldLIjD
+T46WJp3l1G3Isppd+YH2qD
+TlluisR7UW9oAWwYkeSrvEBMDVxhmKHSmh2rGmbV8SnKVAj5t5MpFTyPr0eMh2hoUC3BbSuJhmo066
K8VmNYq3OeIPAuHqj9SFSOCYtnfxzaKM5mSatqDZJWvxIDO0oK6nbFiiFGsQXkIsB3wdNbMN7rZA3pWm
WAlPbw1oxCUm5WeHclt
+OUX0soFK4c6OSxr0JD9dYGvZx2kazUO0lIvWE9+el0GVqrmByK2Tq2NTUcp6OmDeGH/
GQTeO2rXpOgiE8/IKnEQog20RucCLJ1zO+lRKw+DHCZj8UX root@linux
admin:/>
Step 5 Use the auto_user on the server to log in to the storage system.
1. Log in to the SUSE application server.
2. Run ssh auto_user@Management IP address of the storage system to log in
linux:~ # ssh auto_user@xxx.xxx.xxx.xxx

Last login: Mon Dec 19 20:27:07 2022 from xxx.xxx.xxx.xxx

OceanStor Dorado

Location : XXXXXX
Time : XXXX-XX-XX/20:29:27 UTC+08:00
Patch Version :
auto_user:/>
----End
Follow-up Procedure
To modify a user's login authentication mode to Password, run the change
user_ssh_auth_info general user_name=auto_user auth_mode=password
command and use the original password to log in to the CLI of a storage system.

OceanStor Dorado
Initialization Guide B Configuring the NTP Service
B Configuring the NTP Service
The NTP service allows you to obtain the NTP server certificate and related private
keys while synchronizing the NTP server time to the storage system. It can be
deployed on a Windows or Linux operating system.
NOTE
On DeviceManager, you can synchronize NTP server time to the storage system using either
of the following ways:
● Configure basic information on the initialization wizard. For details, see 2.4.1
● Choose Settings > Basic Information > Device Time.
B.1 Configuring the NTP Service (Windows)

This section describes how to configure the NTP service on a Windows server, and
import the NTP certificate and configure NTP parameters on DeviceManager to
allow the storage system to synchronize time.
B.1.1 Configuring the NTP Service on the Server

This section describes how to generate an NTP certificate and key file on a
Windows server.
Prerequisites
● You have logged in to the Windows server through the management network
port.
● The NTP server has been set up on the Windows server. You can download
the NTP software from the Meinberg website.
NOTE
● Before installation, run the net stop w32Time command to disable the Windows Time
(w32Time) service.
● In this section, NTP is installed in C:\Tools\ as an example.

OceanStor Dorado
Procedure
Step 1 Remotely log in to the Windows server from the maintenance terminal.
1. Choose Start > All Programs > Accessories > Remote Desktop Connection.
The Remote Desktop Connection dialog box is displayed.
2. In Computer, enter the IP address of the management network port on the
Windows server and press Enter.
3. Enter the user name and password, and press Enter.
The main interface of the server is displayed.
Step 2 On the Windows desktop, double-click Computer, select a suitable drive, and
create a directory for saving the certificate and key file.
For example, create an ntp_config directory in drive D.
Step 3 Generate the certificate and key file.
1. Open the Command Prompt.
a. Press Windows+R to open the Run dialog box.
b. Type cmd and press Enter.
The Command Prompt is displayed.
2. Run d: to enter drive D.
3. Run the cd ntp_config command to open the ntp_config directory.
4. Run the ntp-keygen -c RSA-SHA256 -m 2048 -p server_password -T -H -l
3650 command to generate the key file.
server_password is the key encryption password used for generating the
certificate; 3650 indicates the validity period of the certificate and is variable.
The execution result is as follows:
C:\Users\xxx>D:
D:\>cd ntp_config
D:\ntp_config>ntp-keygen -c RSA-SHA256 -m 2048 -p server_password -T -H -l 3650
Unable to initialize .rnd file
Using OpenSSL version OpenSSL 1.0.2k 26 Jan 2017
Using host ctuy5y002941131 group ctuy5y002941131
Generating RSA keys (2048 bits)...
RSA 312
Generating new host file and link
ntpkey_host_ctuy5y002941131->ntpkey_RSAhost_ctuy5y002941131.3707467127
Using host key as sign key
Generating new certificate ctuy5y002941131 RSA-SHA256
X509v3 Basic Constraints: critical,CA:TRUE
X509v3 Key Usage: digitalSignature,keyCertSign
X509v3 Extended Key Usage: trustRoot
Generating new cert file and link
ntpkey_cert_ctuy5y002941131->ntpkey_RSA-SHA256cert_ctuy5y002941131.3707467127

OceanStor Dorado
NOTICE
The NTP server on the Windows operating system has a problem. When the
certificate length is set to 2048, the generated certificate fails to be signed,
causing the storage system synchronization time to be slow. In addition, an alarm
indicating that the time server cannot be used is reported. If the certificate length
is set to 1024, such problem will not occur but the certificate security decreases. If
a certificate with higher security level is required, you are advised to use the NTP
server on the Linux operating system and generate related certificates on this
server.
Step 4 Run the hostname command to obtain the host name.
This section uses host name Storage as an example.
Step 5 Modify the NTP configuration file.
Enter C:\Tools\NTP\etc\, open the ntp.conf file in a text editor, and add the
following information at the beginning and end of the file:
● Add the following information at the beginning of the file:

crypto pw server_password host Storage ident Storage
keysdir "D:\ntp_config"
● Add the following information at the end of the file:
server 127.127.1.0
fudge 127.127.1.0 stratum 10
NOTE
server_password is the key encryption password used for generating the certificate (which
can be specified by the user), Storage is the host name, and D:\ntp_config is the directory
where the certificate and key file are saved.
Step 6 On the Command Prompt, run the net stop ntp and net start ntp commands to
restart the NTP service.
NOTE
If multiple NTP servers need to be configured, you can copy the ntpkey_cert_Storage and
ntpkey_host_Storage files generated in Step 3 to the corresponding directories on other
NTP servers and change the file permission to be the same as on the original server.
Configure the ntp.conf file under this server and restart the NTP service.
Step 7 Share the ntp_config directory.

1. In Windows, navigate to D:\. Right-click on the ntp_config folder and choose
Properties from the shortcut menu.
2. In the displayed dialog box, click the Sharing tab.
3. Click Share.... The File Sharing dialog box is displayed.
4. In the drop box, select Everyone or enter the user name to whom the folder
is shared, and click Add.
5. Click Share, and wait about 10 seconds. Then Your folder is shared is
displayed.

OceanStor Dorado
6. Click Done and click Close in the Properties dialog box. The ntp_config
folder has been shared.
----End
B.1.2 Configuring NTP Parameters on the Storage System

An accurate time on the storage system helps determine the alarm generation
time based on alarm logs. This section describes how to set the NTP service on the
storage system to synchronize time from the NTP server.
Prerequisites
● The IP address of an NTP server has been obtained.
● The user name and password for logging in to the NTP server have been
obtained.
● You have prepared a Windows maintenance terminal.
● The communication between the NTP server IP address and the management
IP address of the storage system is normal.
Procedure
Step 1 Obtain the certificate from the NTP server and copy it to the maintenance
terminal.
1. On the maintenance terminal, press Win+R.
The Run dialog box is displayed.
2. Enter \\NTP server IP address and click OK.
The maintenance terminal attempts to remotely access the NTP server.
3. Enter Username and Password of the NTP server and click OK to enter the
shared folder.
4. Enter the ntp_config folder, select the NTP certificate that contains the
ntpkey_cert field, and press Ctrl+C to copy the certificate.
5. Go back to the maintenance terminal desktop and press Ctrl+V to copy the
NTP certificate to the maintenance terminal.
6. Right-click the NTP certificate file and select Rename from the shortcut
menu. Add the .crt extension to the file name and press Enter.
Step 2 Log in to DeviceManager through the maintenance terminal.
Step 3 Import the NTP certificate.

NOTE

2. Click NTP certificate in the Scenario column.
3. Choose Import Certificate from the Operation drop-down list.

OceanStor Dorado
The Import Certificate page is displayed. Select the NTP certificate and click
Open.
4. Click OK.
5. Confirm the information in the dialog box and select I have read and
Then click OK.
The Execution Result dialog box is displayed.
6. Click OK.
The imported certificate is displayed on the certificate list.
Step 4 Configure NTP parameters.
1. Choose Settings > Basic Information > Device Time.
2. Click next to NTP Synchronization.

3. Type the IPv4 address, IPv6 address, or domain name of the NTP server in
NTP Server Address.
NOTE
– A maximum of two NTP servers can be added. If the system cannot synchronize
the time from one NTP server, it synchronizes the time from the other one.
– Ensure that the time of the two NTP servers is consistent.
5. (Optional) Select Enable next to NTP Authentication.
NOTE
– NTP authentication can be enabled only when NTPv4 or later is used. After
authentication, the NTP server automatically synchronizes the time to the storage
device.
– You must import a CA certificate after enabling NTP authentication.
6. (Optional) Check the CA certificate status. If the status is invalid, upload a
new CA certificate.
Step 5 Confirm the NTP configuration.
1. Click Save.
3. Click OK.
The Execution Result dialog box is displayed, indicating that the operation
succeeded.
----End

OceanStor Dorado
B.2 Configuring the NTP Service (Linux)

Configure the NTP service on the Linux server, import the NTP certificate and
configure NTP parameters on DeviceManager, and enable the storage system to
normally synchronize time.
B.2.1 Configuring the NTP Service on the Server

This section describes how to generate an NTP certificate and key file on a Linux
server.
Prerequisites
● The NTP server has been enabled.
● The maintenance terminal has been connected to the Linux server through a
● GNU Compiler Collection (GCC) has been installed on the server running
Linux.
Context
This section uses PuTTY as an example. You can download PuTTY from the chiark
website.
Procedure
Step 1 Start PuTTY.
The PuTTY Configuration dialog box is displayed, as shown in Figure B-1.

OceanStor Dorado
Figure B-1 PuTTY Configuration
Step 2 Select Session. In Host Name (or IP address) of the Specify the destination you
want to connect to area, enter the IP address of the Linux server's management
network port that connects to the maintenance terminal and set Connection type
to SSH.
Step 3 Click Open. The CLI login page is displayed, as shown in the following:
login as:
Step 4 Enter the user name and password of the Linux server as prompted. The following
figure shows the result of a successful login.
Last login: Mon Apr 10 10:38:06 2017 from XXX.XXX.XXX.XXX
[storage ~]#
Step 5 Create the directory for saving certificate and private key files.
1. Run the cd /etc command to open the etc directory.
2. Run the mkdir ntp_config command to create the ntp_config directory.
Storage:~ # cd /etc/
Storage:/etc # mkdir ntp_config
Step 6 Generate the NTP certificate and key file.

1. Run the cd ntp_config command to open the ntp_config directory.
2. Run the ntp-keygen -c RSA-SHA256 -m 2048 -p server_password -T -H -l
3650 command to generate the NTP certificate and private key file.

OceanStor Dorado
server_password is the key encryption password used for generating the

certificate; 3650 indicates the validity period of the certificate and is variable.
Storage:/etc # cd ntp_config
Storage:/etc/ntp_config # ntp-keygen -c RSA-SHA256 -m 2048 -p server_password -T -H -l 3650
Using OpenSSL version OpenSSL 0.9.8j-fips 07 Jan 2009
Using host Storage group Storage
Generating RSA keys (2048 bits)...
RSA 0 100 191 1 2 6 3 1 2
Generating new host file and link
ntpkey_host_Storage->ntpkey_RSAhost_Storage.3707466522
Using host key as sign key
Generating new certificate Storage RSA-SHA256
X509v3 Basic Constraints: critical,CA:TRUE
X509v3 Key Usage: digitalSignature,keyCertSign
X509v3 Extended Key Usage: trustRoot
Generating new cert file and link
ntpkey_cert_Storage->ntpkey_RSA-SHA256cert_Storage.3707466522
Storage:/etc/ntp_config #
NOTE
If a message shows that the parameter -l is not supported, upgrade the NTP on the server
to a version later than 4.2.8.
Step 7 Run the ls command to check the generated file.

Storage:/etc/ntp_config # ls
ntpkey_RSA-SHA256cert_Storage.3707466522
ntpkey_RSAhost_Storage.3707466522
ntpkey_cert_Storage
ntpkey_host_Storage
Step 8 Run the hostname command to obtain the host name.
This section uses host name Storage as an example.
Step 9 Run the vi /etc/ntp.conf command to modify the NTP configuration file.
Add the following information at the beginning of the ntp.conf file:
crypto pw server_password host Storage ident Storage
keysdir /etc/ntp_config
NOTE
server_password is the private key encryption password used in generating the certificate
(which can be specified by the user), Storage is the host name, and /etc/ntp_config is the
directory where the certificate and private key files are saved.
Step 10 Restart the NTP service.

● For the SUSE operating system, run the /etc/init.d/ntp restart command.
● For the Red Hat operating system, run the systemctl restart ntpd.service
command.

OceanStor Dorado
NOTE
If multiple NTP servers need to be configured, you can copy the ntpkey_cert_Storage and
ntpkey_host_Storage files generated in Step 6 to the corresponding directories on other
NTP servers and change the file permission to be the same as on the original server.
Configure the ntp.conf file under this server and restart the NTP service.
Step 11 Configure the samba user.

1. Input the cd /etc/init.d command and press Enter to enter the etc/init.d
directory.
2. Input the ./smb start command and press Enter to enable the SMB service.
3. Add the samba user and set a password. The following figure uses user root
as an example. Run the smbpasswd -a root command to add user root.
4. Run the vi /etc/samba/smb.conf command and press Enter. In the opened
file, add the following codes to change the user samba permission.
[ntp_config]
public=no
path=/etc/ntp_config
write list=@root root
writable=yes
NOTE
In write list=@root root, the root and root are the account and password of the samba
user that were just added. Set the codes as required.
----End
B.2.2 Configuring NTP Parameters on the Storage System

An accurate time on the storage system helps determine the alarm generation
time based on alarm logs. This section describes how to set the NTP service on the
storage system to synchronize time from the NTP server.
Prerequisites
● The IP address of an NTP server has been obtained.
● You have obtained the samba user name and password for logging in to the
NTP server.
● You have prepared a Windows maintenance terminal.
● The communication between the NTP server IP address and the management
IP address of the storage system is normal.
Procedure
Step 1 Obtain the certificate from the NTP server and copy it to the maintenance
terminal.
1. On the maintenance terminal, press Win+R.
The Run dialog box is displayed.
2. Enter \\NTP server IP address and click OK.
The maintenance terminal attempts to remotely access the NTP server.

OceanStor Dorado
3. Enter the samba Username and Password for logging to the NTP server and
click OK to enter the shared directory.
4. Enter the ntp_config folder, select the NTP certificate that contains the
ntpkey_cert field, and press Ctrl+C to copy the certificate.
5. Go back to the maintenance terminal desktop and press Ctrl+V to copy the
NTP certificate to the maintenance terminal.
6. Right-click the NTP certificate file and select Rename from the shortcut
menu. Add the .crt extension to the file name and press Enter.
Step 2 Log in to DeviceManager through the maintenance terminal.
Step 3 Import the NTP certificate.
NOTE

2. Click NTP certificate in the Scenario column.
3. Choose Import Certificate from the Operation drop-down list.
The Import Certificate page is displayed. Select the NTP certificate and click
Open.
4. Click OK.
5. Confirm the information in the dialog box and select I have read and
Then click OK.
The Execution Result dialog box is displayed.
6. Click OK.
The imported certificate is displayed on the certificate list.
Step 4 Configure NTP parameters.
1. Choose Settings > Basic Information > Device Time.
2. Click next to NTP Synchronization.

3. Type the IPv4 address, IPv6 address, or domain name of the NTP server in
NTP Server Address.
NOTE
– A maximum of two NTP servers can be added. If the system cannot synchronize
the time from one NTP server, it synchronizes the time from the other one.
– Ensure that the time of the two NTP servers is consistent.
5. (Optional) Select Enable next to NTP Authentication.

OceanStor Dorado
NOTE
– NTP authentication can be enabled only when NTPv4 or later is used. After
authentication, the NTP server automatically synchronizes the time to the storage
device.
– You must import a CA certificate after enabling NTP authentication.
6. (Optional) Check the CA certificate status. If the status is invalid, upload a
new CA certificate.
Step 5 Confirm the NTP configuration.
1. Click Save.
3. Click OK.
The Execution Result dialog box is displayed, indicating that the operation
succeeded.
----End

OceanStor Dorado
Initialization Guide C Using SmartKit to Install UltraPath
C Using SmartKit to Install UltraPath
SmartKit allows you to install UltraPath on multiple hosts in a batch. It

significantly improves the installation efficiency with automatic software package
verification and uploading, pre-installation check, software installation, and post-
installation check.
Prerequisites
● The UltraPath and SmartKit versions match the storage system version.
NOTE
You can query the version information in the version mapping table:
1. Log in to https://support.huawei.com/enterprise/, enter your storage model in
2. Find and download the version mapping table.
3. Query the UltraPath and SmartKit versions in the version mapping table.
● You have used PGP Verify to check the integrity of the UltraPath software
package. (If the check fails, ensure that you have obtained the correct
UltraPath software package.)
● You have obtained the management IP address, and login username and
password of the host and verified that the host hardware and software meet
the software installation requirements. For details, see "Environment
Requirements" in the OceanStor UltraPath for XXX User Guide.
NOTE
To obtain the UltraPath user guide, log in to Huawei's technical support website
(https://support.huawei.com/enterprise/), enter UltraPath in the search box, and
select the associated path to the documentation page. Then find and download the
desired document. To download software, click the Software Download tab and find
the desired software.
Context
The GUI may vary slightly with the tool version.

OceanStor Dorado
Procedure
Step 1 Start and log in to SmartKit. Click the Storage tab. In the Site Deployment
Delivery area, select UltraPath Installation.
If the following dialog box is displayed, click OK.
Step 2 In the UltraPath installation wizard, select Check before UltraPath Installation.

OceanStor Dorado
Step 3 In the displayed Installation Preparation dialog box, complete the following
preparations as prompted:
1. Click download the UltraPath software package. On the support website,
download the corresponding UltraPath software package. In addition, download
the signature verification tool and verify the digital signature. If the UltraPath
software package has been obtained, skip this step.
2. Select the operating systems of the hosts on which UltraPath is to be installed.
3. Manually complete a pre-installation check for all hosts and select Confirmed
from the Operation drop-down list box on the right.
4. Click Finish.
Step 4 In the UltraPath installation wizard, select UltraPath Software Installation.

OceanStor Dorado
Step 5 Add devices.

1. Click Add Host. The Select Device wizard is displayed.
2. Click Add Device. The Add Device dialog box is displayed.
3. To add one device, select Device Type and set IP Address.
4. To add devices in batches, click the Template link to obtain the corresponding
template, fill in the device information, click Path, select the template file, and
upload and parse the file. The system automatically adds the devices.
After the devices are added successfully, the tool displays the device information.
Click Next.

OceanStor Dorado
Step 6 Set an installation policy.

1. Select an UltraPath software package for all the selected devices.
2. For Linux hosts, you must manually specify an installation policy.
● Boot From SAN: If a host boots from the SAN storage, you must select this
policy. Otherwise, the host may fail to restart. If the number of disks mounted
to a host exceeds 500, you are advised to select this option.
● Boot From Local Disk: If a host boots from a local disk, you are advised to
select this option.
3. Click Finish. The configuration is complete and the main window is displayed.
Step 7 Click Start.

OceanStor Dorado
NOTE
● After hosts are added, they are displayed in the main window. If any host is incorrectly
added, select it and click Remove Host to delete the host.
● After all the selected hosts have executed the installation policy, the system
automatically generates a report. To specify a report directory, click Set Directory.
● To modify an installation policy, click Modify in the Installation Policy column.
Step 8 Confirm the precautions in the displayed dialog box, select I have read the
previous information and understood consequences of the operation, and click
OK.
Step 9 Start installing UltraPath.

1. The tool concurrently installs UltraPath on the selected hosts. You can select a
host in the host list to view the current installation status.

OceanStor Dorado
NOTE
The installation process consists of four steps. You can click each tab to view details about
the corresponding step.
● UltraPath Software Package Import: This step automatically uploads the software
package to a host.
● Pre-Install Check: This step checks that a host allows UltraPath to be installed on it.
● Install: This step installs the main program of the UltraPath software.
● Post-Install Verification: This step checks, activates, and validates the UltraPath
software.
2. If some check items are not passed or need to be optimized, the system will
suspend the installation and Paused will be displayed in the Operation column in
the upper pane. You can click View Details to view the current status. For a
specific check item or operation item, click Details in the Operation column in the
lower pane to view information.

OceanStor Dorado
3. The system provides a check method, check criteria, and recovery suggestion. If
a check item fails, you can handle the problem according to the check result.
NOTE
Each check item can be retried, ignored, or terminated according to the policy
requirements. If the current item does not support an operation, the corresponding button
is unavailable.
● Retry: After the fault is rectified, click Retry to check the current item again.
● Ignore: Ignore this item and proceed with subsequent operations if the current check
item or operation item can be ignored.
● Terminate: If you want to terminate the installation process, click this button. This may
cause UltraPath software exceptions on the host. Exercise caution when performing this
operation.
Step 10 After UltraPath has been installed on all the selected hosts, the system
automatically generates an installation report in Excel format. Click View Report
to view detailed information. Click Close to finish the installation.

OceanStor Dorado
NOTICE
Do not repeatedly install UltraPath on a host. If you need to upgrade UltraPath,

use the UltraPath upgrade tool.
Step 11 The main window is displayed, and the UltraPath software installation is complete.
----End

OceanStor Dorado D Using SmartKit to Collect Storage and Host
Initialization Guide Compatibility Information
D Using SmartKit to Collect Storage and

Host Compatibility Information
SmartKit provides one-stop collection and evaluation of storage compatibility

information, helping users quickly obtain such information.
Context
The GUI may vary with the version.
Procedure
Step 1 Run and log in to SmartKit. On the Storage tab page, click Compatibility
Evaluation for Site Deployment in the Site Deployment Delivery area.
Step 2 On the page that is displayed, choose Compatibility Information Collection for
Site Deployment.

Step 3 On the Compatibility Information Collection for Site Deployment page that is
displayed, perform the following operations as prompted:
1. Click Add. The Add Device dialog box is displayed.

– Add a storage device.

i. Set Device Type to Storage.
ii. Enter basic information, including the IP address and proxy. In the
Add Policy and Select Proxy areas, Specify IP Address (add a
device by the IP address) and No Proxy are selected by default.
NOTE
○ To add devices in batches by IP network segment, select Specify IP

Segment (add devices by the IP segment) and set Start IP Address
and End IP Address.
○ To add devices in batches, click the Template link to obtain the
corresponding template, enter the device information, click Path, select
the template file, and upload and parse the file. The system
automatically adds the devices.
Click Next.
iii. In the Login Information area, enter the user name, password, and
port number of the device to be added. The default port number is
22.

iv. Click Finish.

The newly added device is displayed in the device list.
– Add a host.
i. Set Device Type to Host and select an operating system.

ii. Enter basic information, including the IP address and proxy. In the
Add Policy and Select Proxy areas, Specify IP Address (add a
device by the IP address) and No Proxy are selected by default. You
can also specify an IP network segment or add devices in batches.
Click Next.
iii. In the Login Information area, enter the user name, password, and
port number of the device to be added. The default port number is
22.
iv. Click Finish.
The newly added device is displayed in the device list.
2. Select the devices to be evaluated and click Start Grab. The tool
automatically collects the compatibility information about the storage system
and host.

3. Click Open Directory to obtain the collected compatibility information. The

file is in *.xlsx format.
NOTE
Save the compatibility information file for follow-up operations.
4. Click to close the Compatibility Information Collection for Site

Deployment dialog box.
Step 4 Choose Compatibility Evaluation.
Step 5 On the Storage Compatibility Assessment page that is displayed, view the
compatibility information query result.

1. Click Access and select the preceding compatibility information file.

2. Check the compatibility evaluation result.
----End

OceanStor Dorado E LUN Scanning Methods in Different Operating
Initialization Guide Systems
E LUN Scanning Methods in Different

Operating Systems
This section provides examples of scanning LUNs in common operating systems.
Table E-1 Examples of LUN scanning methods

Operating LUN Scanning Method
System
Windows For example, on Windows Server 2012, choose File and Storage
Services > Disks in the Server Manager window and choose
Rescan Storage from TASKS.
VMware ● vSphere Client

For example, on VMware ESXi 5.0, choose Configuration >
Storage Adapters, and then right-click the HBA adapter and
choose Rescan.
● vSphere Web Client
For example, on vSphere Web Client 6.5, choose Manage >
Storage, and then click .
SUSE 1. Run the rpm -qa | grep sg3_utils command to check whether
the sg3_utils tool has been installed. The tool is usually installed
by default on SUSE.
● If the tool has been installed, go to 2.
● If the tool has not been installed, obtain the rpm package
from the iso image package for your operating system,
upload the rpm package, and run the rpm -ivh command to
install the tool.
2. Run the rescan-scsi-bus.sh command.
Solaris Run the cfgadm command.

OceanStor Dorado E LUN Scanning Methods in Different Operating
Initialization Guide Systems
Operating LUN Scanning Method

System
Red Hat 1. Run the rpm -qa | grep sg3_utils command to check whether
the sg3_utils tool has been installed.
● If the tool has been installed, go to 2.
● If the tool has not been installed, configure Yum following
the instructions in the Red Hat deployment guide. After
installing the tool, go to 2.
2. Run the rescan-scsi-bus.sh command.
HP-UX Run the ioscan command.
AIX Run the cfgmgr -v command.
NOTE
The LUN scanning methods are for reference only. For details, see the Host Connectivity
Guide.

OceanStor Dorado
Initialization Guide F How to Obtain Help
F How to Obtain Help
If a tough or critical problem persists in routine maintenance or troubleshooting,

contact Huawei for technical support.
F.1 Preparations for Contacting Huawei

To better solve the problem, you need to collect troubleshooting information and
make debugging preparations before contacting Huawei.
F.1.1 Collecting Troubleshooting Information

You need to collect troubleshooting information before troubleshooting.
You need to collect the following information:
● Name and address of the customer
● Contact person and telephone number
● Time when the fault occurred
● Description of the fault phenomena
● Device type and software version
● Measures taken after the fault occurs and the related results
● Troubleshooting level and required solution deadline
F.1.2 Making Debugging Preparations

When you contact Huawei for help, the technical support engineer of Huawei
might assist you to do certain operations to collect information about the fault or
rectify the fault directly.
Before contacting Huawei for help, you need to prepare the boards, port modules,
screwdrivers, screws, cables for serial ports, network cables, and other required
materials.

OceanStor Dorado
Initialization Guide F How to Obtain Help
F.2 How to Use the Document

Huawei provides guide documents shipped with the device. The guide documents
can be used to handle the common problems occurring in daily maintenance or
troubleshooting.
To better solve the problems, use the documents before you contact Huawei for
technical support.
F.3 How to Obtain Help from Website

Huawei provides users with timely and efficient technical support through the
regional offices, secondary technical support system, telephone technical support,
remote technical support, and onsite technical support.
Contents of the Huawei technical support system are as follows:
● Huawei headquarters technical support department
● Regional office technical support center
● Customer service center
● Technical support website: https://support.huawei.com/enterprise/
You can query how to contact the regional offices at https://
support.huawei.com/enterprise/.
F.4 Ways to Contact Huawei

Huawei Technologies Co., Ltd. provides customers with comprehensive technical
support and service. For any assistance, contact our local office or company
headquarters.
Huawei Technologies Co., Ltd.
Address: Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's
Republic of China
Website: https://e.huawei.com/

OceanStor Dorado
Initialization Guide G Glossary
G Glossary
A
AC power module The module that transfers the external AC power
supply into the power supply for internal use.
Application server A service processing node (a computer device) on the
network. Application programs of data services run
on the application server.
Asynchronous remote A kind of remote replication. When the data at the
replication primary site is updated, the data does not need to be
updated synchronously at the mirroring site to finish
the update. In this way, performance is not reduced
due to data mirroring.
Air baffle It optimizes the ventilation channels and improves
the heat dissipation capability of the system.
Audit log guarantee A mode for recording audit logs. This mode
mode preferentially ensures that the audit log function is
normal and no audit log is missing.
Audit log non- A mode for recording audit logs. In this mode,
guarantee mode services are running properly. Audit logs may be
missing.
B
Backup A collection of data stored on (usually removable)
non-volatile storage media for purposes of recovery
in case the original copy of data is lost or becomes
inaccessible; also called a backup copy. To be useful
for recovery, a backup must be made by copying the
source data image when it is in a consistent state.
The act of creating a backup.

OceanStor Dorado
Backup window An interval of time during which a set of data can be

backed up without seriously affecting applications
that use the data.
Bandwidth The numerical difference between the upper and
lower frequencies of a band of electromagnetic
radiation. A deprecated synonym for data transfer
capacity that is often incorrectly used to refer to
throughput.
Baud rate The maximum rate of signal state changes per
second on a communications circuit. If each signal
state change corresponds to a code bit, then the
baud rate and the bit rate are the same. It is also
possible for signal state changes to correspond to
more than one code bit, so the baud rate may be
lower than the code bit rate.
Bit error An incompatibility between a bit in a transmitted
digital signal and the corresponding bit in the
received digital signal.
Bit error rate The probability that a transmitted bit will be
erroneously received. The bit error rate (BER) is
measured by counting the number of bits in error at
the output of a receiver and dividing by the total
number of bits in the transmission. BER is typically
expressed as a negative power of 10.
Bonding Bonding of multiple independent physical network
ports into a logical port, which ensures the high
availability of server network connections and
improves network performance.
Boundary scan A test methodology that uses shift registers in the
output connections of integrated circuits (ICs). One IC
is often connected to the next IC. A data pattern is
passed through the chain and the observed returned
data stream affected by the circuit conditions gives
an indication of any faults present. The system is
defined under IEEE standard 1149.1 and is also
known as Joint Test Action Group (JTAG).
Browser/Server Architecture that defines the roles of the browser and
server. The browser is the service request party and
the server is the service provider.
Built-in FRU Alarm It indicates errors on the built-in FRUs of a controller,
indicator such as errors on fans or memory modules.

OceanStor Dorado
C
Cache hit ratio The ratio of the number of cache hits to the number
of all I/Os during a read task, usually expressed as a
percentage.
Captive screw Specially designed to lock into place on a parent
board or motherboard, allowing for easy installation
and removal of attached pieces without release of
the screw.
Challenge Handshake A password-based authentication protocol that uses a
Authentication challenge to verify that a user has access rights to a
Protocol system. A hash of the supplied password with the
challenge is sent for comparison so the cleartext
password is never sent over the connection.
Compliance mode A protection mode of WORM. In compliance mode,
files within their protection period cannot be changed
or deleted by either the file user or by the system
administrator. Files with expired protection periods
can be deleted but not changed by the file user or
the system administrator.
Controller The control logic in a disk or tape that performs
command decoding and execution, host data transfer,
serialization and deserialization of data, error
detection and correction, and overall management of
device operations. The control logic in a storage
subsystem that performs command transformation
and routing, aggregation (RAID, mirroring, striping, or
other), high-level error recovery, and performance
optimization for multiple storage devices.
Controller enclosure An enclosure that accommodates controllers and
provides storage services. It is the core component of
a storage system and generally consists of
components, such as controllers, power supplies, and
fans.
Copying A pair state. The state indicates that the source LUN
data is being synchronized to the target LUN.
Container root Space used to store the metadata for running
directory container images and container instances.
Container image An image is a special file system, which provides the
programs, libraries, resources, and configuration files
required for running containers. It also contains
configuration parameters, for example, for
anonymous disks, environment variables, and users.
The image does not contain dynamic data, and its
content will not be modified after construction.
Containerized An image can start multiple containers, and an
application application can contain one or a group of containers.

OceanStor Dorado
Container node Controller that runs the container service.

Configuration item list A series of modifiable configuration items defined in
the Helm chart of the container.
Container service Containerized application management service, which
manages the lifecycle of containerized applications.
D
Data compression The process of encoding data to reduce its size. Lossy
compression (i.e., compression using a technique in
which a portion of the original information is lost) is
acceptable for some forms of data (e.g., digital
images) in some applications, but for most IT
applications, lossless compression (i.e., compression
using a technique that preserves the entire content of
the original data, and from which the original data
can be reconstructed exactly) is required.
Data flow A process that involves processing data extracted
from the source system. These processes include:
filtering, integration, calculation, and summary,
finding and solving data inconsistency, and deleting
invalid data so that the processed data meets the
requirements of the destination system for the input
data.
Data migration A movement of data or information between
information systems, formats, or media. Migration is
performed for reasons such as possible decay of
storage media, obsolete hardware or software
(including obsolete data formats), changing
performance requirements, the need for cost
efficiencies etc.
Data source A system, database (database user; database
instance), or file that can make BOs persistent.
Deduplication The replacement of multiple copies of data — at
variable levels of granularity — with references to a
shared copy in order to save storage space and/or
bandwidth.
Dirty data Data that is stored temporarily on the cache and has
not been written onto disks.

OceanStor Dorado
Disaster recovery The recovery of data, access to data and associated

processing through a comprehensive process of
setting up a redundant site (equipment and work
space) with recovery of operational data to continue
business operations after a loss of use of all or part
of a data center. This involves not only an essential
set of data but also an essential set of all the
hardware and software to continue processing of that
data and business. Any disaster recovery may involve
some amount of down time.
Disk array A set of disks from one or more commonly accessible
disk subsystems, combined with a body of control
software. The control software presents the disks'
storage capacity to hosts as one or more virtual disks.
Control software is often called firmware or
microcode when it runs in a disk controller. Control
software that runs in a host computer is usually
called a volume manager.
Disk domain A disk domain consists of the same type or different
types of disks. Disk domains are isolated from each
other. Therefore, services carried by different disk
domains do not affect each other in terms of
performance and faults (if any).
Disk enclosure Consists of the following parts in redundancy:
expansion module, disk, power module, and fan
module. System capacity can be expanded by
cascading multiple disk enclosures.
Disk location The process of locating a disk in the storage system
by determining the enclosure ID and slot ID of the
disk.
Disk utilization The percentage of used capacity in the total available
capacity.
E
eDevLUN Logical storage array space created by a third-party
storage array.
Expansion module A component used for expansion.
Expansion Connects a storage system to more disk enclosures
through connection cables, expanding the capacity of
the storage system.

OceanStor Dorado
F
Field replaceable unit A unit or component of a system that is designed to
be replaced in the field, i.e., without returning the
system to a factory or repair depot. Field replaceable
units may either be customer-replaceable or their
replacement may require trained service personnel.
Firmware Low-level software for booting and operating an
intelligent device. Firmware generally resides in read-
only memory (ROM) on the device.
Flash Translation Layer Flash Translation Layer (FTL) organizes and manages
host data, enables host data to be allocated to NAND
flash chips of SSDs in an orderly manner, maintains
the mapping relationship between logical block
addresses (LBAs) and physical block addresses
(PBAs), and implements garbage collection, wear
leveling, and bad block management.
Front-end port The port that connects the controller enclosure to the
service side and transfers service data. Front-end port
types are Fibre Channel and iSCSI.
Front-end interconnect On a storage device, all controllers share the front-
I/O module (FIM) end interface modules.
G
Garbage collection The process of reclaiming resources that are no
longer in use. Garbage collection has uses in many
aspects of computing and storage. For example, in
flash storage, background garbage collection can
improve write performance by reducing the need to
perform whole block erasures prior to a write.
Gateway A device that receives data via one protocol and
transmits it via another.
Global garbage With a view to defragmentation of storage arrays
collection and garbage collection of disks, global garbage
collection reduces garbage of disks by enabling
storage arrays to inform disks of not implementing
invalid data relocation and of controlling space
release so that disks and controllers consume less
space, reducing costs and prolonging the useful life
of storage arrays.

OceanStor Dorado
Global system for The second-generation mobile networking standard

mobile defined by the European Telecommunications
communications Standards Institute (ETSI). It is aimed at designing a
standard for global mobile phone networks. GSM
consists of three main parts: mobile switching
subsystem (MSS), base station subsystem (BSS), and
mobile station (MS).
Global wear leveling With a view to individual characteristics of a single
disk, global wear leveling uses space allocation and
write algorithms to achieve wear leveling among
disks, preventing a disk from losing efficacy due to
excessive writes and prolonging the useful life of the
disk.
H
Hard disk tray The tray that bears the hard disk.
Heartbeat Heartbeat supports node communication, fault
diagnosis, and event triggering. Heartbeats are
protocols that require no acknowledgement. They are
transmitted between two devices. The device can
judge the validity status of the peer device.
Hit ratio The ratio of directly accessed I/Os from the cache to
all I/Os.
Hot swap The substitution of a replacement unit (RU) in a
system for a defective unit, where the substitution
can be performed while the system is performing its
normal functioning normally. Hot swaps are physical
operations typically performed by humans.
HyperMetro A value-added service of storage systems.
HyperMetro means two datasets (on two storage
systems) can provide storage services as one dataset
to achieve load balancing among applications and
failover without service interruption.
HyperMetro domain A HyperMetro configuration object generally; made
up of two storage arrays and one quorum server.
HyperMetro services can be created on a HyperMetro
domain.
HyperMetro vStore A HyperMetro vStore pair consists of two vStores,
pair that is, two tenants. After a HyperMetro relationship
is set up for a pair of vStores, the datasets in the two
vStores work in redundancy mode and provide
storage services in one dataset view, achieving hitless
service failover.

OceanStor Dorado
HyperMetro-Inner On an eight-controller network, with HyperMetro-

Inner, continuous mirroring, back-end global sharing,
and three-copy technologies, a storage system can
tolerate one-by-one failures of seven controllers
among eight controllers, concurrent failures of two
controllers, and failure of a controller enclosure.
HyperDetect HyperDetect is a feature that provides ransomware
detection.
Handle A handle resides on the structural part of a module. It
is used to insert or remove a module into or from a
chassis, not helpful in saving efforts.
Helm chart A Helm chart is in TAR format. It is similar to the deb
package of APT or the rpm package of Yum. It
contains a group of yaml files that define Kubernetes
resources.
I
In-band management The management control information of the network
and the carrier service information of the user
network are transferred through the same logical
channel. In-band management enables users to
manage storage arrays through commands.
Management commands are sent through service
channels, such as I/O write and read channels. The
advantages of in-band management include high
speed, stable transfer, and no additional
management network ports required.
Initiator The system component that originates an I/O
command over an I/O interconnect. The endpoint
that originates a SCSI I/O command sequence. I/O
adapters, network interface cards, and intelligent I/O
interconnect control ASICs are typical initiators.
I/O Shorthand for input/output. I/O is the process of
moving data between a computer system's main
memory and an external device or interface such as a
storage device, display, printer, or network connected
to other computer systems. This encompasses
reading, or moving data into a computer system's
memory, and writing, or moving data from a
computer system's memory to another location.

OceanStor Dorado
Intelligent ransomware The system detects known ransomware features to

detection identify whether the file systems are attacked by
ransomware. If no ransomware attack is identified,
the system analyzes and compares the changes in file
system snapshots, and uses machine learning
algorithms to further check whether the file systems
are infected by ransomware.
Interface module A replaceable field module that accommodates the
service or management ports.
L
Load balance A method of adjusting the system, application
components, and data to averagely distribute the
applied I/Os or computing requests to physical
resources of the system.
Logical unit The addressable entity within a SCSI target that
executes I/O commands.
Logical unit number The SCSI identifier of a logical unit within a target.
Industry shorthand, when phrased as "LUN", for the
logical unit indicated by the logical unit number.
LUN formatting The process of writing 0 bits in the data area of the
logical drive and generating related parity bits so that
the logical drive can be in the ready state.
LUN mapping A storage system maps LUNs to application servers
so that application servers can access storage
resources.
LUN migration A method for the LUN data to migrate between
different physical storage spaces while ensuring data
integrity and uninterrupted operation of host
services.
LUN snapshot A type of snapshot created for a LUN. This snapshot
is both readable and writable and is mainly used to
provide a snapshot LUN from point-in-time LUN
data.
Lever A lever resides on the structural part of a module. It
is used to insert or remove a module into or from a
chassis, saving efforts.
Local image repository A private repository used to store the container
images and Helm charts imported by users. It is
different from the standard image repository. The
imported images and Helm charts must meet the
compatibility requirements of the system.

OceanStor Dorado
M
Maintenance terminal A computer connected through a serial port or
management network port. It maintains the storage
system.
Management interface The module that integrates one or more
module management network ports.
Management network An entity that provides means to transmit and
process network management information.
Management network The network port on the controller enclosure
port connected to the maintenance terminal. It is provided
for the remote maintenance terminal. Its IP address
can be modified with the change of the customer's
environment.
N
NVM Express A host controller interface with a register interface
and command set designed for PCI Express-based
SSDs.
NVMe SSD A solid state disk (SSD) with a non-volatile memory
express (NVMe) interface. Compared with other
SSDs, such SSDs can deliver higher performance and
shorter latency.
O
Out-of-band A management mode used during out-of-band
management networking. The management and control
information of the network and the bearer service
information of the user network are transmitted
through different logical channels.
P
Power failure When an external power failure occurs, the AC PEM
protection depends on the battery for power supply. This
ensures the integrity of the dirty data in the cache.
Pre-copy When the system monitors a failing member disk in a
RAID group, the system copies the data from the disk
to a hot spare disk in advance.

OceanStor Dorado
Palm-sized NVMe SSD A palm-sized NVMe SSD is a type of NVMe SSD of

which the dimensions (H x W x D) are 160 mm x 79.8
mm x 9.5 mm (neither 3.5-inch nor 2.5-inch).
Q
Quorum server A server that can provide arbitration services for
clusters or HyperMetro to prevent the resource access
conflicts of multiple application servers.
Quorum Server Mode A HyperMetro arbitration mode. When a HyperMetro
arbitration occurs, the quorum server decides which
site wins the arbitration.
R
RAID level The application of different redundancy types to a
logical drive. A RAID level improves the fault
tolerance or performance of the logical drive but
reduces the available capacity of the logical drive.
You must specify a RAID level for each logical drive.
Ransomware file When launching attacks, ransomware usually
interception generates encrypted files with special file name
extensions. In light of this, the system intercepts the
write to files with specific file name extensions to
block the extortion from known ransomware and
protect file systems in the storage system.
Real-time ransomware Ransomware has similar I/O behavior characteristics.
detection By analyzing file I/O behavior characteristics, the
system quickly filters out abnormal files and
performs deep content analysis on the abnormal files
to detect files attacked by ransomware. Then, secure
snapshots are created for file systems where files
have been attacked, and alarms are reported to
notify the data protection administrator, limiting the
impact of ransomware and reducing losses.
Reconstruction The regeneration and writing onto one or more
replacement disks of all of the user data and check
data from a failed disk in a mirrored or RAID array. In
most arrays, a rebuild can occur while applications
are accessing data on the array's virtual disks.
Redundancy The inclusion of extra components of a given type in
a system (beyond those required by the system to
carry out its function) for the purpose of enabling
continued operation in the event of a component
failure.

OceanStor Dorado
Remote replication A core technology for disaster recovery and a

foundation that implements remote data
synchronization and disaster recovery. This
technology remotely maintains a set of data mirrors
through the remote data connection function of the
storage devices that are separated in different places.
Even when a disaster occurs, the data backup on the
remote storage device is not affected. Remote
replication can be divided into synchronous remote
replication and asynchronous remote replication.
Reverse The process of restoring data from the redundancy
synchronization machine (RM) when the services of the production
machine (PM) are recovering.
Route The path that network traffic takes from its source to
its destination. On a TCP/IP network, each IP packet
is routed independently. Routes can change
dynamically.
S
Script A parameterized list of primitive I/O interconnect
operations intended to be executed in sequence.
Often used with respect to ports, most of which are
able to execute scripts of I/O commands
autonomously (without policy processor assistance).
A sequence of instructions intended to be parsed and
carried out by a command line interpreter or other
scripting language. Perl, VBScript, JavaScript and Tcl
are all scripting languages.
Serial port An input/output location (channel) that sends and
receives data (one bit at a time) to and from the CPU
of a computer or a communications device. Serial
ports are used for serial data communication and as
interfaces for some peripheral devices, such as mouse
devices and printers.
Service data The user and/or network information required for the
normal functioning of services.
Service network port The network port that is used to store services.
Simple network An IETF protocol for monitoring and managing
management protocol systems and devices in a network. The data being
monitored and managed is defined by an MIB. The
functions supported by the protocol are the request
and retrieval of data, the setting or writing of data,
and traps that signal the occurrence of events.
Single point of failure One component or path in a system, the failure of
which would make the system inoperable.

OceanStor Dorado
Slot A position defined by an upper guide rail and the

corresponding lower guide rail in a frame. A slot
houses a board.
Small computer system A collection of ANSI standards and proposed
interface standards that define I/O interconnects primarily
intended for connecting storage subsystems or
devices to hosts through host bus adapters. Originally
intended primarily for use with small (desktop and
desk-side workstation) computers, SCSI has been
extended to serve most computing needs, and is
arguably the most widely implemented I/O
interconnect in use today.
Snapshot A point in time copy of a defined collection of data.
Clones and snapshots are full copies. Depending on
the system, snapshots may be of files, LUNs, file
systems, or any other type of container supported by
the system.
Snapshot copy A copy of a snapshot LUN.
Source LUN The LUN where the original data is located.
Static Priority Mode A HyperMetro arbitration mode. When a HyperMetro
arbitration occurs, the preferred site always wins the
arbitration.
Storage system An integrated system that consists of the following
parts: controller, storage array, host bus adapter,
physical connection between storage units, and all
control software.
Storage unit An abstract definition of backup storage media for
storing backup data. The storage unit is connected to
the actual storage media used to back up data.
Streaming media Streaming media is media continuously streamed
over the network. Combining technologies
concerning streaming media data collection,
compression, encoding, storage, transmission,
playback, and network communications, streaming
media can provide high-quality playback effects in
real time at low bandwidth.
Subnet A type of smaller network that forms a larger
network according to a rule, such as, forming a
network according to different districts. This
facilitates the management of a large network.

OceanStor Dorado
Smart disk enclosure Being compared with traditional disk enclosures, the
smart disk enclosures are equipped with Arm chips
and DDR memories or other computing modules to
achieve powerful computing capabilities. With such
capabilities, the smart disk enclosures can help
controllers to share some computing loads,
accelerating data processing.
Share authentication During vStore configuration synchronization, the
share authentication information (including the share
information and domain controller configuration) is
synchronized to the secondary end.
T
Target The endpoint that receives a SCSI I/O command
sequence.
Target LUN The LUN on which target data resides.
Thin LUN A logic disk that can be accessed by hosts. It
dynamically allocates storage resources from the thin
pool according to the actual capacity requirements of
users.
Topology The logical layout of the components of a computer
system or network and their interconnections.
Topology deals with questions of what components
are directly connected to other components from the
standpoint of being able to communicate. It does not
deal with questions of physical location of
components or interconnecting cables. The
communication infrastructure that provides Fibre
Channel communication among a set of PN_Ports
(e.g., a Fabric, an Arbitrated Loop, or a combination
of the two).
Trim A method by which the host operating system may
inform a storage device of data blocks that are no
longer in use and can be reclaimed. Many storage
protocols support this functionality via various
names, e.g., ATA TRIM and SCSI UNMAP.
U
User interface The space where users interact with a machine.

OceanStor Dorado
U-shaped bracket It is an optional structural part like letter "U". It is

located between the mounting ear of a chassis and
the mounting bar of a cabinet or bay and is used to
adjust the locations of the chassis and mounting bar
of the cabinet or bay.
W
Wear leveling A set of algorithms utilized by a flash controller to
distribute writes and erases across the cells in a flash
device. Cells in flash devices have a limited ability to
survive write cycles. The purpose of wear leveling is
to delay cell wear out and prolong the useful life of
the overall flash device.
Write amplification Increase in the number of write operations by the
device beyond the number of write operations
requested by hosts.
Write amplification The ratio of the number of write operations on the
factor device to the number of write operations requested
by the host.
Write back A caching technology in which the completion of a
write request is signaled as soon as the data is in the
cache. Actual writing to non-volatile media occurs at
a later time. Write back includes inherent risks: an
application will take action predicated on the write
completion signal, and a system failure before the
data is written to non-volatile media will cause
media contents to be inconsistent with that
subsequent action. For these reasons, sufficient write
back implementations include mechanisms to
preserve cache contents across system failures
(including power failures) and a flushed cache at
system restart time.
Write Once Read Many A type of storage, designed for fixed content, that
preserves what is written to it in an immutable
fashion. Optical disks are an example of WORM
storage.
Write through A caching technology in which the completion of a
write request is not signaled until data is safely
stored on non-volatile media. Write performance
equipped with the write through technology is
approximately that of a non-cached system. However,
if the written data is also held in a cache, subsequent
read performance may be dramatically improved.

OceanStor Dorado
Z
Zone A collection of Fibre Channel N_Ports and/or
NL_Ports (i.e., device ports) that are permitted to
communicate with each other via the fabric. Any two
N_Ports and/or NL_Ports that are not members of at
least one common zone are not permitted to
communicate via the fabric. Zone membership may
be specified by: 1) port location on a switch, (i.e.,
Domain_ID and port number); or, 2) the device's
N_Port_Name; or, 3) the device's address identifier;
or, 4) the device's Node_Name. Well-known
addresses are implicitly included in every zone.

OceanStor Dorado
Initialization Guide H Acronyms and Abbreviations
H Acronyms and Abbreviations
C
CHAP Challenge Handshake Authentication Protocol
CLI Command-Line Interface
F
FC Fiber Channel
G
GPT GUID Partition Table
GUI Graphical User Interface
H
HBA Host Bus Adapter
I
IE Internet Explorer
IP Internet Protocol
IQN iSCSI Qualified Name
iSCSI Internet Small Computer Systems Interface
iSNS Internet Storage Name Service
L
LDAP Lightweight Directory Access Protocol
LUN Logical Unit Number

OceanStor Dorado
Initialization Guide H Acronyms and Abbreviations
SAS Serial Attached SCSI

SCSI Small Computer System Interface
SSD Solid-State Drive
W
WWN World Wide Name
WWPN World Wide Port Name

OceanStor Dorado 6.1.x Initialization Guide

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

OceanStor Dorado 6.1.x Initialization Guide

Uploaded by

Copyright:

Available Formats

OceanStor Dorado

HUAWEI TECHNOLOGIES CO., LTD.

Trademarks and Permissions

Huawei Technologies Co., Ltd.

Issue 07 (2022-12-15) Copyright © Huawei Technologies Co., Ltd. i

About This Document

Product Model Product Version

OceanStor Dorado 3000 6.1.0

OceanStor Dorado 18000

OceanStor Dorado 2000 6.1.5

● Technical support engineers

Issue 07 (2022-12-15) Copyright © Huawei Technologies Co., Ltd. ii

Indicates a hazard with a high level of risk which, if not

Indicates a hazard with a medium level of risk which, if not

Indicates a hazard with a low level of risk which, if not

Indicates a potentially hazardous situation which, if not

Supplements the important information in the main text.

Issue 07 (2022-12-15) Copyright © Huawei Technologies Co., Ltd. iii

Added the product model OceanStor Dorado 2000.

Issue 07 (2022-12-15) Copyright © Huawei Technologies Co., Ltd. iv

About This Document................................................................................................................ ii

3 Configuring Domain Authentication for a Storage System........................................ 91

4 Configuring Alarm and Event Handling Policies......................................................... 100

Issue 07 (2022-12-15) Copyright © Huawei Technologies Co., Ltd. v

4.2 Setting Email Notification............................................................................................................................................... 101

5 Enabling Prediction on the Trend of Effective Capacity Usage............................... 141

A Logging In to the CLI......................................................................................................... 175

B Configuring the NTP Service............................................................................................ 193

Issue 07 (2022-12-15) Copyright © Huawei Technologies Co., Ltd. vi

B.2.1 Configuring the NTP Service on the Server........................................................................................................... 198

C Using SmartKit to Install UltraPath............................................................................... 204

Issue 07 (2022-12-15) Copyright © Huawei Technologies Co., Ltd. vii

Issue 07 (2022-12-15) Copyright © Huawei Technologies Co., Ltd. 1

Issue 07 (2022-12-15) Copyright © Huawei Technologies Co., Ltd. 2

2 Logging In and Starting Initialization

2.1 Changing IP Addresses of Management Network

2.1.1 Changing IP Addresses of Management Network Ports

Issue 07 (2022-12-15) Copyright © Huawei Technologies Co., Ltd. 3

Issue 07 (2022-12-15) Copyright © Huawei Technologies Co., Ltd. 4

● The IP addresses of management network ports and those of maintenance

The PuTTY Configuration dialog box is displayed, as shown in Figure 2-1.

Figure 2-1 PuTTY Configuration dialog box

1. Right-click the Computer icon on the desktop of the maintenance terminal

Issue 07 (2022-12-15) Copyright © Huawei Technologies Co., Ltd. 5

2. Initialize the password.

Issue 07 (2022-12-15) Copyright © Huawei Technologies Co., Ltd. 6

WARNING: You have accessed the system.

*****Please re-enter new password for admin:*****

If the login is successful, the following message is displayed:

Last login: Tue Sep 10 21:40:53 XXXX from XXXXXX

System Name : XXXXXX

Step 4 Change the IP address of the management network port.

● Changing the IP address of a management network port may disconnect the

Run the change system management_ip command to change the IP address of

Issue 07 (2022-12-15) Copyright © Huawei Technologies Co., Ltd. 7

Table 2-1 Command format and parameters

change system ● eth_port_id=?: indicates the port ID. To obtain

For details, see the command reference.

Issue 07 (2022-12-15) Copyright © Huawei Technologies Co., Ltd. 8

2.1.2 Changing IP Addresses of a Management Network Port

Issue 07 (2022-12-15) Copyright © Huawei Technologies Co., Ltd. 9

For a 2 U controller enclosure, the default internal heartbeat IP addresses are

Step 2 Choose System > Hardware > Devices.

Step 4 Click to switch to the rear view.

Please re-enter new password for admin: