Monthly Archives: November 2012

Creating LUN in NetApp Using CLI

If you want to create a LUN (Logical Unit Number) on a vfiler in NetApp, you will be forced to use CLI commands.  There is no wizard GUI tool for vfilers at least for now.

To carve up a storage space in NetApp to be presented to a SPARC Solaris machine using iSCSI HBA, I used the following steps:

1. Configure iSCSI HBA on Solaris (i.e., configure IP address, netmask, gateway, vlan tagging [it if its on a separate vlan], etc)

2. Login through NetApp console or remote session.

3. Go to the vfiler

nas3240> vfiler context vfiler-iscsi

4. Determine which volume to create the LUN. Make sure it has enough space.

nas3240@vfiler-iscsi> vol status

nas3240@vfiler-iscsi> df -h

5. Create qtree. I usually create the LUN on qtree level instead of volume. This makes my structure cleaner.

nas3240@vfiler-iscsi> qtree create /vol/iscsi_apps/solaris

6. Create the LUN using this syntax: lun create -s size -t ostype lun_path

nas3240@vfiler-iscsi> lun create -s 200g -t solaris /vol/iscsi_apps/solaris/lun0

Successful execution of this command wil create LUN “/vol/iscsi_apps/solaris/lun0” with a size of 200GB, and space-reserved.  For LUN, the best practice is to thick provision (space-reserved), so you won’t have problems when the storage runs out of space.

7. Create initiator group or igroup which contain the IQN for the solaris host. Initiate a iscsi login command from solaris host, and NetApp will see the IQN number.  This IQN number will appear on the console and you can cut and paste that number. Use this syntax to create igroup: igroup create -i -t ostype initiator_group iqn_from_host

nas3240@vfiler-iscsi> igroup create -i -t solaris solaris_group iqn.2000-04.com.qlogic.gs2342345.2

8. Map the LUN to the host using igroup you created. Use this syntax: lun map lun_path initiator_group [lun_id] where: lun_path is the path name of the LUN you created, initiator_group is the name of the igroup you created, and lun_id is the identification number that the initiator uses when the LUN is mapped to it. If you do not enter a number, Data ONTAP generates the next available LUN ID number.

nas3240@vfiler-iscsi> lun map /vol/iscsi_apps/solaris/lun0 solaris_group

9. Verify LUN list and their mapping.

nas3240@vfiler-iscsi> lun show -m

LUN path                                    Mapped to              LUN ID    Protocol
——————————————————————————————
vol/iscsi_apps/solaris/lun0      solaris_group        2                   iSCSI

10.  Go to solaris box, and do iSCSI refresh.  Check that it can see the LUN disk that has been provisioned.

CISSP

A couple of days ago, I got the official renewal of my CISSP (Certified Information Systems Security Professional) certification from ISC2.  My certification is valid again for another three years, until October 2015.

CISSP certification is one of the certifications I make sure to maintain because of its usefulness. No question every IT professional should be aware of security implications in any system he/she develops, build, or maintain.  Security breaches are becoming the norm and IT professionals should be prepared to face these challenges.  CISSP certification greatly help IT professionals like me in creating and enforcing security policies and procedures, and in designing and maintaining secure systems.

When I first obtained the certification six years ago, in Oct 2006, I remembered it was one of the toughest exam I ever took.  And passing the exam is just one of the requirements.  One should have at least five years information security experience, and should be endorsed by another CISSP professional.  In addition, one should abide by the ISC2 code of ethics.

To maintain certification, one should obtain Continuing Professional Education (CPE) credits of 120 points within three years, and pay the annual maintenance fee.   The requirement to obtain CPE credits keeps my security skills current.  There are many ways to obtain CPE credits.  My favorites are the security seminars and conferences such as Secure Boston, Source Boston, and IANS.  One can also get points by reviewing security books, reading and writing security articles, and speaking about security in seminars and conferences, among others.

To learn more about CISSP and how to get certified, go to the ISC2 website.