Home > Storage > PowerStore > Storage Admin > Dell PowerStore Manager Overview > Settings menu
The Settings icon (gear symbol near the top menu bar) leads to the Settings menu. The Settings menu (Figure 50) enables administrators to set or configure many settings that are important to the cluster but are less frequently used. The menu lets you upgrade system software, configure support connectivity, configure infrastructure services, and enable SSH, among other actions.
The following table shows all available settings in the Settings menu.
Category | Settings | General description |
Cluster | Properties, Upgrades, Licensing, Power Down, Recycle Bin | Update cluster-friendly name, manage system upgrades, manage system licensing, power down the system, and manage the expiration duration of the Recycle Bin. |
Security | Authentication, Users, Service Account, ISCSI CHAP, Certificates, Signed Cluster Certificate, Encryption, KMIP, Audit Logs, Remote Logging, SSH Management, Compliance, Login Message, HTTP Redirect, VASA Certificate | Manage system settings related to security topics including authentication, authorization, encryption, and managing SSH access. |
Networking | Cluster MTU, Network IPs, Infrastructure Services, SMTP Server, SNMP, Metro Node | Configure various system settings related to networking including system IPs, MTU size, DNS, NTP, physical switches, and metro node connection. |
Support | Metric Collection Configuration, Support Connectivity, Gather Support Materials, Metrics Archives, General Support, Disable Support Notifications, Email Notifications | Configure Support Connectivity, support contacts, generate support materials for troubleshooting, and configure email addresses to which to send system alerts. |
A Power Down Cluster Wizard is available in PowerStoreOS version 4.0 and later. The wizard validates that the system is ready to be powered down, identifies any active storage objects on the system, and confirms with the administrator prior to proceeding.
The Settings menu > Support > Support Connectivity category enables you to configure and manage Support Connectivity. The Support Connectivity feature provides an IP-based connection that enables Dell Support to receive error files and alerts from your appliance, and to perform remote troubleshooting that results in a fast and efficient time-to-resolution. Dell Technologies recommends that you enable the Support Connectivity feature to accelerate problem diagnosis, perform troubleshooting, and help speed time to resolution. PowerStore offers the ability to connect directly or by using the Secure Connect Gateway. The ability to connect PowerStore to CloudIQ and enable remote support is also available to be enabled in this section. If you do not enable the Support Connectivity and remote support features, you may need to collect appliance information manually to assist Dell Support with troubleshooting and resolving problems with your appliance.
For more information about Support Connectivity and options for remote troubleshooting, see the PowerStore Security Configuration Guide.
From the Settings menu > Cluster > Upgrades page, users can manage, upload, and deploy various Non-Disruptive Upgrade (NDU) packages for the PowerStore cluster. Generally, NDU packages consist of two categories: Software Releases and Thin Packages. Software Releases are PowerStoreOS upgrades which contain the full operating system image or patch or hotfix images for a specific operating system version. Thin Packages contain a smaller and more targeted amount of functionality than regular PowerStoreOS packages. These packages may also consist of different package types such as Disk Firmware or Health Check updates. Thin Packages are smaller in size, take less time to apply, and often do not require node reboots.
Since Health Check packages can be upgraded outside of the PowerStoreOS upgrade path, PowerStoreOS 2.1 provides users the ability to run an Upgrade Extensions System Check before a PowerStore NDU. When any PowerStore NDU package file besides a Health Check is selected with PowerStoreOS below version 3.0, the UPGRADE button is disabled (see Figure 52).
The button is enabled if the Upgrade Extensions have run within 60 minutes before and no further System Checks are performed after the Upgrade Extensions job completes. If any of these conditions are not met, a tooltip providing instructions to run Upgrade Extensions from Monitoring > System Checks is displayed as seen in Figure 52. The run Upgrade Extensions job runs any off-cycle Health Check packages that have been installed on the system. PowerStoreOS versions 3.0 and later do not require you to run the Upgrade Extensions job before running an NDU.
PowerStoreOS versions 3.0 and later offer the ability to automatically download software packages if support connectivity is enabled. Click on the Download Settings button in the Upgrades page to enable automatic download.
When enabling automatic download in PowerStoreOS versions 4.0 and later, users can select their Software Release Package Preference. Target is selected by default, which indicates the release has achieved runtime and stability requirements to make it the current target code. Latest provides the most recent software release with the latest and greatest feature set. Users with this guidance can directly download target or latest software packages to achieve specific requirements in their environment without having to download from a separate support site.
Note: Users can manually check for software package updates even if automatic download is not enabled.
PowerStoreOS versions 3.0 and later supports the use of language packages within the upgrades menu of PowerStore Manager. The purpose of this feature is to adapt PowerStore to make it easier to use for users around the world. This involves translations of texts and adding specific local components for different regions. You can download language packs for supported languages from the Dell website and upload the package to PowerStore. After you complete this step, you can select your wanted language, date, and time format options from the user preferences menu item under the user icon (Figure 55).
From the Settings menu > Networking category, you can configure and manage the system’s Network IPs. Each network consists of its own VLAN, Netmask, Gateway, and MTU size. Table 8 shows the various networks and a brief description of their function.
Network | Function | General description |
Management | Connects PowerStore cluster to management services | Connectivity to DNS, NTP, and vCenter, and enables external clients to access your cluster for management purposes |
Storage | Connects PowerStore cluster to an external storage network or creates a Storage network | Provides external clients or hosts network connectivity to the storage in your cluster |
File Mobility | Connects traffic between PowerStore file clusters in replication and file import environments | Provides infrastructure needed for exchange of control traffic for file environments |
Intra-cluster Management (ICM) | Internal management network | Provides continuous management connectivity between appliances within the PowerStore cluster |
Intra-cluster Data (ICD) | Internal data network | Provides continuous storage connectivity between appliances within the PowerStore cluster |
PowerStoreOS 2.0 added multitenancy and traffic isolation support to Storage networks. You can configure up to eight storage networks per interface, with up to a total of 256 different storage networks using IPv4 addresses, IPv6 addresses, or both in PowerStoreOS versions 4.0 and later. PowerStoreOS versions 3.0 and later added the File Mobility network to the Network IPs section of settings. The file mobility network is the pre-requisite infrastructure required for the exchange of control traffic between file clusters in replication and file import environments. It uses the same management network VLAN and subnet settings.
In PowerStoreOS 4.0, an enhancement to storage networks allows uses to create multiple storage networks with defined purposes. These purposes include Storage (iSCSI), Storage (NVMe/TCP), and Replication. This feature allows storage networks for host connectivity, and dedicated networks for replication. When configuring a network for replication, PowerProtect DD integration, and import, consult the Import, Protecting Your Data, and Best Practices guides for specific guidance.
Besides email notification settings, the Settings menu > Users section enables you to manage local users and set up Active Directory or OpenLDAP Directory Services to authenticate users and map them to PowerStore roles. PowerStoreOS 1.0.3 and later support external user directories for authentication and authorization. Managing users in a centralized directory reduces the tasks to set up accounts on each system individually and might be a requirement to meet company rules and compliance.
Role-Based Access Control (RBAC) allows for users to have different privileges, which provides a means to separate administration roles to better align with skill sets and responsibilities. To ensure an end-to-end secure environment, PowerStore systems have various roles that are assigned specific privileges to perform different tasks. These roles include, but are not limited to: Operator, VM Administrator, and Storage Admin. Dell Technologies recommends giving users the fewest privileges possible while still enabling them to meet their responsibilities. As an example, it is sufficient to give only Operator privileges to an account which is only responsible for monitoring instead of giving full privileges with the Administrator role. To get a more compressive list of the PowerStore roles and privileges, see the PowerStore Security Configuration Guide at: dell.com/powerstoredocs.
By default, PowerStore has an integrated admin user which is assigned to the Administrator role to manage a PowerStore cluster. You can set up more users under Settings > Users > Users > Local tab. Security Administrators or Administrators can also reset a password, and lock or unlock existing users on the system.
For more information about local user management, see the PowerStore Security Configuration Guide at: dell.com/powerstoredocs.
The Active Directory/OpenLDAP feature requires PowerStoreOS 1.0.3 or later. You can manage the directory server settings in Settings > Security > Authentication . To individually map AD/LDAP users or groups to a role in PowerStore, go to Settings > Security> Users > LDAP tab. PowerStore supports one instance of a directory connection with one or multiple servers for redundancy.
The directory structure of Active Directory and OpenLDAP is similar, but the implementation of each directory server may use a different naming scheme and structure. A directory service is based on a hierarchical database that is referenced as a tree. Some implementations may represent the geographical structure of an organization, and other implementations show the organizational structure. Like a tree, the structure starts with a root which usually represents domain components (DC) of a computer network or organization and splits into multiple branches. Each branch starts with a structural object-like organizational unit (OU) or common name (CN). The tree can continue with more branches or end in leaf objects. Leaf objects can stand for individual items like a user, a group, or a computer. Within the tree, each leaf object is identified by a concatenated string of individual elements that are separated by commas and is called a distinguished name (DN). Each DN is unique in a directory. For example, a user and group can have the same leaf name, but the path to the object makes the leaf instance a unique DN. To find the right leaf object for a user or group that is used for authentication, you can limit a lookup to certain parts of the tree by using a search path. A search path is useful when the directory represents a company structure, when using a filter for attributes, or when using a combination of both.
Figure 56 shows the LDAP structure which is used for the following examples.
An example of a user object in a directory structured by the organization may look like this:
dn: cn=PowerStore User, ou=users, ou=Storage, dc=dell, dc=com
cn: PowerStore User
objectClass: person
sn: PowerStore
uid: pstuser
uidNumber: 1234
home: /home/pstuser
In this example, if the PowerStore users are only in the storage department, a good choice for the user search path would be: ou=users, ou=storage, dc=dell, dc=com. In the example, more information is used to narrow down the type of the object with a filter where objectClass is person.
The structure of groups is similar to users. The group might be as follows:
dn: cn=PowerStore Users, ou=groups, ou=Storage, dc=dell, dc=com
objectClass: Group
cn: PowerStore Users
member: cn=Powerstore User A, ou=users, ou=Storage, dc=dell, dc=com
member: cn=Powerstore User B, ou=users, ou=Storage, dc=dell, dc=com
member: cn=Powerstore User C, ou=users, ou=Storage, dc=dell, dc=com
Similar to the user object above, it is possible in that structure to limit the lookup only to the branch: ou=groups, ou=storage, dc=dell, dc=com, and filter for the objectClass Group to search for a group. The group example shows member attributes containing the distinguished name of each individual user. Other implementations may use the memberUid attribute where only the user UID is listed. In that case, the directory must ensure that UIDs are unique.
For security reasons, anonymous lookups are not allowed by the LDAP administrator, and an authentication against the directory server is required beforehand. PowerStore uses Bind DN and Bind DN Password to establish the directory server connection for initial lookups and role mapping.
To set up AD/LDAP authentication, request the following information from the directory administrator for PowerStore if not already known:
Note: When enabling SSL, it is mandatory that the server IP is configured as subjectAlternateName (SAN) in the directory server certificate.
You can set up an AD or OpenLDAP server connection in PowerStore Manager > Settings > Users > Directory services. When you select the Server Type in PowerStore Manager, the advanced settings use common default settings for the selected type. When the default values do not match your environment, you can change them accordingly. When a directory server connection is set up, PowerStore provides a Verify connection button to check if PowerStore Manager can access the directory server.
After a directory connection is established, you can start mapping individual users or groups to a role in PowerStore. To perform this task, click Settings > Users > Users in LDAP tab. When you start to set up a mapping, PowerStore Manager requests the mapping type of User or Group, the Domain, and the Account Name that is used in AD/LDAP. The role is located in the drop-down menu for Account Role. This role selects one of the PowerStore roles mapped to the AD/LDAP object after applying the Add Account dialog. When PowerStore is not able to look up the given Account Name, the system cannot look up the given name with the ID attribute as given in the directory connection configuration. The error message Account does not exist in LDAP server! appears in PowerStore Manager and requires a validation of the current configuration. For remediation, you must check if the Account Name matches with a corresponding user object or group object in AD/LDAP. It is also possible that a wrong attribute setting for Directory Service prevents the lookup.
A Login Message provides the ability for storage administrators to create, enable, and disable a customizable login message starting in PowerStoreOS 2.1. The Login Message is displayed whenever you go to the PowerStore Manager login page from your browser. You can use Login Messages for a wide variety of use cases, such as informing you what system you are logged into or even provide a security warning. You can easily configure the Login message from PowerStore Manager through Settings > Security > Login Message. Here, you can enable the message, enter your text up to 2000 characters, and click the Apply button (Figure 57). After you enable the message, it is seen by all users from the PowerStore Manager login page as shown in Figure 58. You can also enable and configure Login Messages through REST API and PowerStore CLI. Only the Storage Administrator or Security Administrator roles can edit, enable, and disable Login Messages.