13.1 Home Tab

13.1.1 Status

The Status page provides status information on the Engine and the database.

If you are not seeing Storage Manager enact actions after events in Active Directory take place, viewing whether the Engine is processing and accepting events through this page is a good first step in troubleshooting.

Details pertaining to events are indicated in different regions of the page. The Agents region enumerates events enacted by the Agents. The Event Monitors region enumerates events enacted as a result of Active Directory events. By holding down the Control key and selecting table cells, you can specify what parameters are graphed over a selected number of days. The Engine region provides a summary of details pertaining to the Engine.

Figure 13-1 Status Page

13.1.2 Configure

This page lets you view and set Engine configuration settings.

General

The General tab includes proxy and management access settings. Each of the fields is described below.

Figure 13-2 The General Tab of the Configure Page

Proxy Rights Group: Displays the Proxy Rights Group that you established when you installed Storage Manager.

Admin Users Group: Displays the Admin Users Group that you established during the installation of Storage Manager.

HTTPS Port: Displays the HTTPS port that you chose when you installed Storage Manager.

HTTP Port: If you chose to use an HTTP port during the installation of Storage Manager, the HTTP port is displayed here.

User Session Timeout: Indicates the number of minutes SMAdmin can be left dormant before you need to reauthenticate.

Proxy Home Path: This path was established during the installation of SMAdmin. If you need to, you can change the path by using the Browse button.

Reapply Rights: Clicking this button reestablishes the ability of the proxy rights group to manage the Proxy home share. It also reestablishes the group Everyone with the Read right so that its members can read contents. The Read right is needed in case the Proxy home share is being used as the managed path attribute while storage is being moved.

Copy Template: Clicking this button recopies files located in C:ProgramData\Micro Focus\Storage Manager\Engine\data\ProxyHome to the location specified by the share. If the proxy home is not located on the server hosting the Engine, this makes it so you can recopy the template files without having to do it manually.

Log Management

The Log Management tab includes settings specific to log files. Log files are accessible only from the server hosting the Engine at C:\ProgramData\Micro Focus\Storage Manager\Engine\log.

Each of the fields is described below.

Figure 13-3 The Log Tab of the Configure Page

Default Logging Level: By default, the log records warning level details. You can change the log to record the level you want. Be aware that some settings, such as debug or verbose, record much more information and can potentially make the log file much larger.

Log File Retention Limit: This field appears only when you select Size from the Log Rollover Type field. You need to enter the size limit in MB for the log file before it creates a new file.

Log Rollover Type: You can choose whether to have log files roll over daily, hourly, when the log has reached a set size limit, or have no rollover setting. If you select None, the same log file is opened each time you start the Engine, and log entries are appended to it.

NOTE:If you delete the log file while the Engine is not running, a new log file is created the next time you start the Engine.

Log File Retention Count: By default, Storage Manager retains the 10 most recent log files, according to the Log Rollover Type setting. For example, if the Log Rollover Type setting is set to Daily, the retained log files are from the last 10 days.

Enable Advanced Logging: Selecting this check box activates the Advanced Logging region of the page. This region allows you to specify the output of the log file according to the setting you indicate in each of 13 categories.

Advanced Options

The Advanced Options tab lets you view or reconfigure the thread count settings allocated for the actions that Storage Manager performs.

Figure 13-4 The Advanced Options Tab of the Configure Page

Work Queue: These settings are optimized for a normal Storage Manager workload.

Process Group Moves: Click this box to enable Storage Manager to move collaborative storage.

Event Cache Log Purge: By default, Storage Manager keeps the most recent 30 days of event entries in cache. You can adjust the setting in the Days field.

The event cache can be helpful in providing you a recent history of all of the events that were sent from the Event Monitor.

13.1.3 Objects

The Objects page lets you manage the associations between Storage Manager policies and Active Directory objects such as organizational units, groups and users. This management includes creating organizational units, setting context, viewing properties, performing Management Actions, and assigning policies.

Figure 13-5 Objects Page

Left Pane

Use the left pane to browse and select organizational units in the directory. Right-clicking an organizational unit in the left pane lets you take additional actions:

  • Create an organizational unit (OU)

  • Set the directory context in the left pane to display the hierarchy from the root or from the selected organizational unit

Right Pane

Use the right pane to view the objects within a selected organizational unit as well as view properties, perform Management Actions, and assign policies. The right pane displays containers (organizational units), groups, and users, according to what you have selected in the Filter check boxes.

IMPORTANT:When you perform actions in the right pane, it is important that you know whether you are performing management specific to users, groups, or organizational units (containers).

Assign Policy

Right-clicking a User, Group, or Organizational Unit object and selecting Assign Policy lets you easily assign any of these objects a policy while you are in the Objects page. If an effective policy is already assigned to one of these objects, you can assign a new policy, replacing the effective policy with an assigned policy.

Figure 13-6 Policy Selector Dialog Box

Properties

You can easily view an expanded set of object properties in the Objects page by right-clicking an object in the right pane and selecting Object Properties.

The five tabs display the following information:

Properties: Displays Active Directory values and Engine database values. If you are working with a Micro Focus Support representative to resolve a problem, you might need to provide information from this page.

Effective Policies: Lists all of the effective policies for the selected object. An effective policy is a policy that affects a user either directly through association or inheritance by membership in a domain, container, group, or domain.

Associated Policies: Lists all of the associated policies for an object. An associated policy is an explicitly assigned policy associated with a domain, container, group, or user.

Transactions: Shows pending events for the selected object. If there are many pending events, but you only want to see those pertaining to a particular user, you can see the pending events for the User object.

History: The GSR Collector maintains multiple histories for an object in Active Directory.

The FDN History records the FDN and SAM Account name of an object, when applicable (e.g. organization unit objects do not have a sAMAccount attribute). When an object gets renamed or moved, on the next run, it will catalog the new location or new name and the corresponding timestamp when the change was recorded.

The Path History records the location of paths that are commonly associated to users. When the Active Directory schema is extended to support user auxiliary storage and collaborative storage, the managed path attributes for user auxiliary, groups, and containers can be cataloged as well. The Path History consists of path types that are managed by Storage Manager. The possible recorded path types are:

  • User Home folder

  • User Profile path

  • User Remote Desktop Services Home Folder

  • User Remote Desktop Services Profile Path

  • User Auxiliary (ccx-FSFAuxiliaryStorage)

  • Collaborative – Groups (ccx-FSFManagedPath)

  • Collaborative – Container (ccx-FSFManagedPath)

The granularity of the historical data is only as fine as the frequency at which you schedule the GSR Collector to run. For more information, see Section 13.1.13, GSR Collector.

If you schedule it to run once a week and you have objects that move several times over the course of a week between the runs, you’ll lose the interim historical move data.

The GSR Collector's historical data can be especially useful when managed paths are moved based on policy.

To view the history of an object, from the Objects page, display a User object in the right pane and then double-click it.

In the Object Properties dialog box, click the History tab.

The example below shows an unmanaged user without a cataloged path.

Figure 13-7 Example of an Unmanaged User without a Cataloged Path

The FDN column is the LDAP formatted location of the object. The SAM Account Name column is the sAMAccount attribute value. The Date/Time column is based on the local time of the Engine when the history record was cataloged.

The example below shows the same unmanaged user that was moved from one organizational unit to another. This example demonstrates a change in the FDN and the date when the new value was cataloged by the GSR Collector when it was run.

Figure 13-8 Example of a Moved Unmanaged User

The example below shows an unmanaged user that has a home folder. The Policy column is empty because this user has not been managed. The Date/Time column for the path indicates the time at which the GSR Collector recorded the path.

Figure 13-9 Example of an Unmanaged User with a Home Folder

The example below shows the same user that has now been managed. The path now contains two entries. The first path reflects when the user was originally cataloged. The second path reflects that the user is now managed and the policy that is managing it. This is useful because the Date/Time for Policy “History” indicates when the object became managed.

Figure 13-10 Example of a Managed User

The example below shows the same user has now been moved from one container to another that is managed by a different policy. The user’s new FDN has been recorded as well as the new location of the path.

Figure 13-11 Example of a Moved Managed User

The example below shows the same user has now been moved to a container that is not managed by policy. The Policy column now shows that the path is no longer managed by an effective policy.

Figure 13-12 Example of a Moved User to a Container Not Managed by a Policy

The History data also tracks the rename of objects and the relevant paths. The example below shows a managed user before it has been renamed.

Figure 13-13 Example of a Managed User Before Being Renamed

The example below shows the new FDN, SAM > Account Name, and Path after having been renamed.

Figure 13-14 Example of a Managed User After Being Renamed

13.1.4 Policies

The Policies page displays all policies, along with a summary of policy details. When you select a policy, applicable tools in the toolbar are activated. A summary of the toolbar follows.

NOTE:All of these tools are also accessible by right-clicking a selected policy.

Manage: Lets you create any of the following policies:

  • User Home Folder policy

  • User Profile Path policy

  • User Remote Desktop Services Home Folder policy

  • User Remote Desktop Services Profile Path policy

  • Group policy

  • Container policy

  • Auxiliary policy

Edit: Brings up the Policy Editor, where you can edit the selected policy.

Rename: Lets you rename the selected policy.

Delete: Lets you delete the selected policy.

Auxiliary Purpose Mappings: Selecting this brings up the Auxiliary Purpose Mappings page, where you can establish or edit and Auxiliary Purpose Mappings.

Auxiliary policy mappings give you the ability to specify a purpose or classification for auxiliary storage policies. For example, you might want to create an HR purpose for all of the auxiliary storage policies that create HR folders for employees. With each of the auxiliary storage policies that create HR folder assigned the same purpose, it makes it possible for Storage Manager to make intelligent decisions for auxiliary storage when a user is moved.

For example, if a user in the Detroit office transfers to the Dallas office, and the user has a home folder and an auxiliary storage folder in the Detroit office’s HR department, you want to migrate both the home folder and the auxiliary storage folder to correct locations in Dallas. Having the Detroit auxiliary storage policy and the Dallas auxiliary storage policy identified with the same HR purpose, ensures that the user moved from Detroit to Dallas, will have his auxiliary storage properly established with the move. For procedures on establishing Auxiliary Purpose Mappings, seeSection 6.11.4, Establishing Auxiliary Purpose Mappings.

Import: Provides the ability to import policies that were previously exported through the Export menu option.

NOTE:Policy associations are not imported. After policies are imported, you need to associate the policies to containers or groups.

For more information on importing policies, see Section 6.13, Importing Policies.

Export: Provides the ability to export policies so that they can be imported later. For example, many customers first evaluate Storage Manager in a lab environment and create a large number of policies in the process. You can export these policies and later import them into the production environment. All exported policies are saved in a single XML file. For more information, see Section 6.12, Exporting Policies.

Actions: Provides menu options that are applicable to Auxiliary policies. To activate this menu, click an Auxiliary policy. Menu options include Manage, Groom, > Apply Attributes, Apply Quota, Apply Rights, and Assign Auxiliary Attributes.

Redistribute: Allows you to define additional target paths in the policy and then redistribute or load-balance the data among the various paths.

Figure 13-15 Redistribute Policy Paths Dialog Box

Using the Redistribute Paths dialog box, you can redistribute the user and collaborative storage across the target paths associated with a policy.

NOTE:The data displayed in the dialog box is taken from the most recent report from the GSR Collector.

Use the Distribution Type drop-down menu to view your data distribution according data size, directory count, and quota commitment.

Click Next to view the current locations of the home folders and collaborative storage folders, and the location where Storage Manager proposes to redistribute the folders. If you want, you can deselect a folder for distribution by deselecting the check box corresponding to the folder. You can also indicate a new target path for the folder by clicking in the Target Policy Path column and selecting a new target path.

Clicking Submit begins the process of redistributing the folders.

Search: Provides a search field for locating policies.

Refresh: Refreshes the list of policies.

NOTE:Refreshing locks the database during the refresh operation. For best performance, do not refresh more than is necessary.

Reload: Reloads your policies from the database. You can use this tool, for example, if you have a new policy that is not displayed in the list.

Check Boxes: SMAdmin shows only the policy types that are checked.

13.1.5 Action Blocks

This page lets you create Action Blocks that can be linked to a policy or that can be associated with a Groom operation not associated with a policy.

Overview

Action Blocks allow the sharing of specific policy options between multiple policies. The design goal behind Action Blocks is to provide a framework where the sharing of options between policies can be achieved in a straightforward and easy to understand manner.

Figure 13-16 Action Block Overview

Action Blocks do not introduce a new policy type. Rather, they are extensions of policies in that the set of options they represent are not contained within the policy itself. This eliminates the need for policies to inherit from each other and promotes the sharing of general and often-repeated policy options such as groom and vault rules. Existing User, Group, and Collaborative policy types remain as they previously did with the exception that they have been extended to support a relationship value providing the necessary link for a given Action Block.

An Action Block can have a many-to-one relationship. This means that any number of policies can share any particular Action Block for a given policy option. Action Block inheritance cannot be chained. That is to say, “Policy A” cannot inherit the Filter rules from “Groom Block A” and “Groom Block B”. “Policy A” can only be to linked to one of the two Action Blocks and they do not inherit from each other. When changes are made to an Action Block, those changes are implicitly taken up by every linked policy. Thus, before making changes to an Action Block, it is important to understand the impact of those changes. As with normal event processing and policy editing, if a change is made to an Action Block while an event is in-flight for its given options, those changes may not be reflected in the outcome of the event.

Private Versus Shared

Regardless of an Action Block’s type, it is either Private or Shared.

A Private Action Block represents a set of policy options that aren’t shared, yet have been migrated to the Action Block architecture. Private Action Blocks are also created and associated to a policy when the policy is upgraded as new Action Block types are supported. Below is an example of the relationships between policies and their Private Action Blocks for Filters. Any of these might be the result of creating a new policy with Groom Rules or an upgrade from the legacy policy architecture.

Figure 13-17 Relationships Between Policies and their Private Action Blocks for Filters

When you create an Action Block, it is automatically marked as Shared and is available for being shared with other policies. However, if you edit a policy that does not derive a particular policy option from an Action Block, a Private Action Block is created and associated to the policy when the policy is saved. If you change a policy that has a Private Action Block to use a Shared Action Block, the policy’s Action Block reference is updated to that of the Shared Action Block and the Private Action Block is deleted.

Figure 13-18 Shared and Private Action Block Associations

By default, a Private Action Block is not viewable in the list of Shared Action Blocks.

Creating a Filter Action Block

  1. In SMAdmin, click the Home tab.

  2. Click Action Blocks.

  3. Select Manage > New> Filter.

  4. In the Name field, give the new Action Block a name and click OK.

    The following dialog box appears:

    Rules: Rules are composed of the standard Storage Manager rule options. Rules cans be added, deleted, edited, promoted, and demoted. Once a Filter Action Block is saved, those settings will be effective immediately.

    Options: The Description option can be used to provide detailed context for the usage and implementation of the Filter Action Block.

    Linked Policies: Linked Policies is a read-only view of which policies are linked to the Filter Action Block.

  5. Click Add.

  6. In the Rule Editor, specify the parameters for the Action Block Filter and click OK.

    For procedures on entering settings in the Rule Editor, see Section 6.5.8, Setting Vault Rules.

  7. Click OK to close the Action Block Editor dialog box.

Linking Filter Action Blocks

Filter Action Blocks can be linked to the following:

  • Policy-based Vault

  • Policy-based Groom

  • Groom Operations

Linking a Filter Action Block to a Policy

These procedures specify how to link a Filter Action Block to an existing policy. You can also link a Filter Action Block to a new policy as you create one.

  1. In SMAdmin, click the Home tab.

  2. Click Policies.

  3. Right-click a selected policy and select Edit.

  4. Click either Vault or Groom.

  5. Click Link Action Block.

  6. From the Action Block Selector dialog box, select the Filter Action Block you want to link.

  7. Click OK.

    The link is specified in the Groom Rules or Vault on Delete Rules header.

    When a policy's Vault or Groom Rules are linked to a Filter Action Block, the rules displayed in the policy editor are read-only. To edit the Filter Action Block, click the name as it appears in the header.

  8. Click OK to save the link.

Linking a Filter Action Block to a Groom Operation

Non-policy based Groom Operations require a linked Filter Action Block. For procedures on linking a Filter Action Block with a Groom Operation, see Performing a Groom Operation.

Creating a Managed Path Naming Attribute Action Block

You can use a Managed Path Naming Attribute Action Block to specify the naming attribute and its corresponding definition, to an existing policy.

For specifications pertaining to Managed Path Naming Attribute, see Section F.0, Managed Path Naming Attribute Specifications.

  1. In SMAdmin, click the Home tab.

  2. Click Action Blocks.

  3. Select Manage > New> Managed Path Naming Attribute.

  4. In the Name field, give the new Action Block a name and click OK.

    The following dialog box appears:

    Managed Path Naming Attribute: Displays the Policy Type and Attribute drop-down menus.

    Options: The Description option can be used to provide detailed context for the usage and implementation of the Managed Path Naming Attribute Action Block.

    Linked Policies: Linked Policies is a read-only view of which policies are linked to the Managed Path Naming Attribute Action Block.

  5. From the Policy Type drop-down menu, specify whether the Managed Path Naming Attribute Action Block will be linked to a User/User Auxiliary policy or a Group Collaborative storage policy.

    The attributes types that you can select vary based on the selected policy type.

  6. From the Attribute drop-down list, select one of the single-valued Active Directory attributes for the user of group object.

    With the introduction of Storage Manager for Active Directory 5.1, you have the ability to specify an attribute other than sAMAccountName. This ability was added to provide network administrators the ability to give provisioned folders a more descriptive name.

    Once you select a different attribute, you can then use an account provisioning system such as NetIQ Identity Manager to automatically populate the selected attribute with a desired folder name and then Storage Manager will automatically provision the home folder based on this attribute setting.

    For more information, see Section 6.5.4, Setting Target Paths.

  7. Click Apply.

Linking a Managed Path Naming Attribute Action Block to a Policy

These procedures specify how to link a Managed Path Naming Attribute Action Block to an existing policy. You can also link a Managed Path Naming Attribute Action Block to a new policy as you create one.

  1. In SMAdmin, click the Home tab.

  2. Click Policies.

  3. Right-click a selected policy and select Edit.

  4. In the Policy Editor, click Target Paths.

  5. Click Link Action Block.

  6. Select the Action Block you want to link.

  7. Click OK.

Creating a Move Schedule Action Block

Use Move Schedule Action Blocks to standardize when data can be moved during data movement operations.

  1. In SMAdmin, click the Home tab.

  2. Click Action Blocks.

  3. From the Manage menu, select New > Move Schedule.

  4. Enter a descriptive name for the new Action Block and click OK.

    The following page appears:

    By default, all days and times are available for data movement. If data movement during regular business hours creates unacceptable network performance, you can choose to move data after regular business hours.

  5. In the Move Schedule grid, click the squares for the day and hour you want to disable for data movement.

  6. Click Apply to save your settings.

  7. Click OK to close the page.

Linking a Move Schedule Action Block to a Policy

These procedures specify how to link a Move Schedule Action Block to an existing policy. You can also link a Move Schedule Action Block to a new policy as you create one.

  1. In SMAdmin, click the Home tab.

  2. Click Policies.

  3. Right-click a selected policy and select Edit.

  4. In the Policy Editor, click Move Schedule.

  5. Click Link Action Block.

  6. Select the Action Block you want to link.

  7. Click OK.

Creating a Multi-Principal Suffix Mapping Action Block

Use Multi-Principal Suffix Mapping Action Blocks to standardize the groups and their associated permissions for the collaborative storage folders that are provisioned by Storage Manager.

  1. In SMAdmin, click the Home tab.

  2. Click Action Blocks.

  3. From the Manage menu, select New > Multi-Principal Suffix Mapping.

  4. Enter a descriptive name for the new Action Block and click OK.

    The following page appears:

  5. Click Add.

  6. In the Security Suffix column, highlight SampleSecuritySuffix and edit it to a more descriptive name of a group that will access the collaborative storage folder.

  7. Click the Full Control setting to access a drop-down menu of access permissions.

  8. Specify the permissions for the particular group and click OK.

  9. Repeat Step 5 through Step 8 to create all groups and permissions to the collaborative storage folder.

  10. Click Apply.

  11. Click OK.

Linking a Multi-Principal Suffix Mapping Action Block to a Policy

These procedures specify how to link a Multi-Principal Suffix Mapping Action Block to an existing policy. You can also link a Multi-Principal Suffix Mapping Action Block to a new policy as you create one.

  1. In SMAdmin, click the Home tab.

  2. Click Policies.

  3. Right-click a selected Group Multi-Principal Collaborative policy and select Edit.

  4. In the Policy Editor, click Provisioning Options.

  5. Click Link Action Block.

  6. Select the Action Block you want to link.

  7. Click OK.

Creating a Target Paths Action Block

Use Target Paths Action Blocks to standardize the placement rules for the managed path, as well as the paths to the shares where managed paths will be hosted.

  1. In SMAdmin, click the Home tab.

  2. Click Action Blocks.

  3. From the Manage menu, select New > Target Paths.

  4. Enter a descriptive name for the new Action Block and click OK.

    The following page appears:

  5. Click Add to access the Path Browser.

  6. Browse to the location of the target path you want and click Add to add the target path to the Selected Paths pane.

  7. Click OK to close the Path Browser.

  8. In the Placement Rules region, specify a Distribution field setting and if you choose, Leveling parameters.

    For more information on target path distribution and leveling, see Section 6.5.4, Setting Target Paths.

  9. Click Apply.

  10. Click OK.

Linking a Target Paths Action Block to a Policy

These procedures specify how to link a Target Paths Action Block to an existing policy. You can also link a Target Paths Action Block to a new policy as you create one.

  1. In SMAdmin, click the Home tab.

  2. Click Policies.

  3. Right-click a selected policy and select Edit.

  4. In the Policy Editor, click Target Path Options.

  5. Click Link Action Block.

  6. Select the Action Block you want to link.

  7. Click OK.

13.1.6 Actions

In managing user and collaborative storage with Storage Manager, there are cases when you need to retroactively apply policies, rights, attributes, and quotas to existing user storage, or perform some administrative corrective action or operation on a large set of users, groups, or containers.

In Storage Manager, performing these types of operations is collectively referred to as performing a Management Action and is done through the Take Action page.

You can perform a Management Action on an organizational unit, a Group object, or a User object. Management Action operations on a Group object apply to users who are members of the group. Management Action operations on an organizational unit apply to users in the organizational unit, and optionally to all subordinate organizational units.

IMPORTANT:The Management Actions vary based on whether the selected mode is User, Group, or Container. For example, if Group mode is selected, the Management Action will be performed for collaborative storage processing using Dynamic Template processing. If Collaborative mode is selected, the Management Action will be performed for container based collaborative storage.

Storage Manager analyzes each User object independently, regardless of whether the Management Action is initiated via organizational unit, Group objects, or User objects.

Management Actions Dialog Box

Whenever you initiate a Management Action, you work in a dialog box similar to the one below. A description of the components follows the graphic.

Figure 13-19 Management Action Dialog Box

Execute: Clicking this button executes the management action.

Mode: This drop-down menu lets you indicate if the Management Action is to apply to a User, Group, or Container policy.

Consistency Check: This button lets you perform a consistency check before determining what Management Actions to perform. You can also use the Consistency Check button to view the results after you perform a Management Action.

A consistency check notifies you of inconsistencies or potential problems pertaining to user and group storage being managed through Storage Manager. These potential problems might be missing storage quotas, inconsistent directory attributes, missing and inconsistent managed paths, and more.

In addition to reporting on storage issues, consistency check reports let you review current quota assignments and can help you with the design and planning of storage policies. In Section 5.3, Running Consistency Check Reports on Existing Storage, you ran a consistency check before creating your first primary user policy to help you determine how to configure the policy.

Management Action: This drop-down menu lets you change from one Management Action to another while you are in the dialog box.

Refresh Results: This button refreshes the results displayed in the bottom pane of the dialog box.

Top Left Pane: The fields, options, and check boxes in this region vary based on the Management Action you are performing. In some cases, there is nothing in this region, because there are no settings to create. This region includes some powerful options for Management Actions, including the following:

  • Process Subcontainers

  • Mask

When you perform a Management Action on an organizational unit, Storage Manager applies the action to all subcontainers. If you do not want the action applied to subcontainers, you can deselect the Process Subcontainers check box.

For Management Actions performed on organizational units or Group objects, you can enter a search filter in the Mask field to limit the number of objects that Storage Manager analyzes. You can enter standard wildcard characters with multiple strings separated by the “|” character.

Top Right Pane: This part of the dialog box lets you add, delete, or select objects to which the Management Action applies.

Bottom Pane: This part of the dialog box displays the results after the Management Action has taken place. To expand the viewable area, click the ^.

Available Management Actions

Manage

This Management Action catalogs objects in Storage Manager, putting them in a managed state.

If the existing objects already have established managed paths, attributes, and rights, Storage Manager does not change these settings, nor does it enforce policy paths, grooming, and quota management. If you need to change attributes and rights, or enforce policy paths, grooming, and quotas, you can do so through the specific Management Actions.

If these existing objects do not have established managed paths, Manage creates the managed paths and sets the rights, attributes, quotas, etc. according to the policies that apply to the objects.

Enforce Policy Path

This Management Action moves data to where the policy’s target path specifies. If you decide to move your user home folders from one location to another, you can simply change the target path in the policy and then select Enforce Policy Path to move the home folders.

The Enable pre-stage data copy option lets you copy data without alerting you to failures if there are files open. When a user is moved in Active Directory and the policy dictates that the home folder is to be moved to a new target path, this option allows for all closed files to be moved. At a later time, you can go back and run an Enforce Policy Path Management Action without the Enable pre-stage data copy check box selected, to move the files that were previously open.

Groom

This Management Action carries out file grooming according to the file grooming specifications in the applied policy.

Apply Attributes

This Management Action lets you apply file system attributes. If you decide to modify the file system attributes in a policy, you can select Apply Attributes to immediately apply the new attributes for all of the affected objects.

If you cataloged existing objects with existing managed paths through Manage, the attributes for the managed path are not modified once the object’s managed path attribute is cataloged (see Manage above). If you want to modify the original attributes of the managed path, you can do so through the settings in the in the left pane of the Apply Attributes dialog box.

Apply Home Drive

When the Home Folder check box is selected, this Management Action changes the home drive letter for the user that is assigned under Active Directory, to the drive letter that is specified in the Storage Manager policy.

If you have a Storage Manager Remote Desktop Services home folder policy and you want to apply the drive letter that is established in that policy, you can select the Remote Desktop Services Home Folder check box.

NOTE:The new drive letter does not take effect until the user logs out and then logs in again.

Apply Members

This Management Action is included to create the owner folder and personal folders in a collaborative storage area, where these folders did not exist previously. You must first modify the collaborative storage template in the policy to include -OWNER- and -MEMBER-. For more information, see Section 8.0, Managing Collaborative Storage.

If you do have personal folders in the collaborative storage area and you later change the rights on -MEMBER-, you use the Apply Members Management Action to enforce the new rights.

Apply Owner

This Management Action lets you set ownership of the home folder and home folder contents.

Figure 13-20 Apply Ownership Management Action Page

NOTE:The ownership specifications you make on the page shown above are applied to folders and files that exist at the time the Management Action takes place. The ownership of files and folders that are created later is not affected by this action. For example, if a user's home folder is moved due to an Enforce Policy Path action, the ownership of the user’s home folder will be determined by the settings in the policy.

Set Target Folder Owner: Select this check box to specify that the ownership applies only to the home folder and not to any subfolders.

Use policy-defined ownership: This option sets the home folder owner according to the specified owner in the Path Owner field of the policy.

Set to target object: When this option is selected, each of the selected users’ home folders is set to have that user object as the owner.

Set to explicit object: This option lets you browse to select a specific owner for the home folder.

Set Contents Owner: Select this check box to specify that the ownership applies to the subfolders and files contained in the home folder.

Use policy-defined ownership: This option sets the home folder contents owner according to the specified owner in the Path Owner field of the policy.

Set to target object: When this option is selected, each of the selected users’ home folders is set to have that user object as the owner.

Set to explicit object: This option lets you browse to select a specific owner for the contents of the home folder.

Specify the policy types you want this Management Action to apply to by selecting from the policy type check boxes.

Process Subcontainers: Selecting this option specifies that you want the settings on this page to apply to users that reside in the subcontainers within the container where this policy is applied.

Mask: For Management Actions performed on organizational units or Group objects, you can enter a search filter in the Mask field to limit the number of objects that Storage Manager analyzes. You can enter standard wildcard characters with multiple strings separated by the “|” character.

Apply Quota

This Management Action lets you apply managed path quotas. If you decide to modify the quota settings in a policy, you can select Apply Quota to immediately apply the new quota setting to all of the affected users.

If you cataloged existing network users with existing home folders through Manage, there might be no quota settings for the user home folders. Or, the quota settings might be inconsistent with those specified in the policy. If you want to establish or reset the quota for the home folder, you can do so through the settings in the left pane of the Apply Quota dialog box.

Apply Permissions

This Management Action lets you apply NTFS file system permissions. If you decide to modify the file system permissions in a policy, you can select Apply Permissions to immediately apply the new permissions for all of the affected users.

Apply Template

This Management Action lets you apply a template specifying how to provision user or collaborative storage. If you decide to modify the template in a policy, you can select Apply Template to immediately apply the new template structure to all of the affected users. This can be especially useful if you need to quickly provision a new subfolder with a document, such as a new health benefits document for all employees. All you need to do is modify the template to include the new subfolder and document inside the subfolder and then use Apply Template to provision it to everyone.

If you cataloged existing network users with existing home folders through Manage, the file structure created by the template is not modified after the user and his or her associated home folder are cataloged (see Manage above). If you want to modify the original file structure for the home folder, you can do so through the settings in the in the left pane of the Apply Template dialog box.

Clear Managed Path Attribute

This Management Action removes the managed path attribute so you can create a new one. Administrators might find this useful when users have invalid values for their home folder attributes and want to start over by creating new ones.

Recover Managed Path Attribute

If the attribute for a user home folder, profile path, Remote Desktop Services home folder, or Remote Desktop Services profile path ever becomes corrupted, this Management Action can be used to recover an uncorrupted version of the attribute from the Storage Manager database.

Assign Managed Path

You can use this Management Action to assign an attribute to a user folder, profile path, Remote Desktop Services home folder, or Remote Desktop Services profile path.

Directory Merge

This Management Action lets you merge contents of one home folder with those of another. This is especially useful if a user leaves an organization and you want to transition the files from the former user to another user. Another example might be if a user has two home folders and you want to merge the contents into one.

Remove from Engine Database

This Management Action removes objects from the Storage Manager database and makes the object unmanaged.

13.1.7 Events

This page displays a list of pending events for the Engine. All of the pending events are listed with details on the status of those events. Some events process very quickly and might actually be completed before they can be viewed in the list. Other events might remain in the queue for a long time, waiting for some condition to be met before they can be completed.

Clicking a listed event or events activates the toolbar. The toolbar has the following options:

Properties: Displays event properties such as FDN, ID, Action, and Current Status.

Make Eligible: If an event is deferred, you can click this option to make the event eligible immediately.

Defer: If an event is eligible, you can click this option to manually defer it to a specific date. The chosen deferral date is displayed in a Notes field. You can also enter any notes explaining the reason you are deferring the event. Text from the Notes field is also displayed in the Deferred Notes field of the Properties dialog box.

Configure: Lets you adjust the time parameter for making pending events eligible for display as deferred events.

The default setting is one hour, meaning that any pending events scheduled to be addressed within one hour will be displayed when the Active Only menu option is selected. Those events scheduled to be addressed later than one hour will be displayed when the Deferred Only menu option is selected.

Figure 13-21 Configure Pending Event Defer Time Dialog Box

Bypass: Lets you bypass the status that is holding up the event.

Abort: Lets you terminate the selected event or events.

Refresh: Refreshes the event list.

View Events: Lets you filter the displayed events by displaying All, Active, or Deferred pending events.

NOTE:These settings are persisted across Engine restarts. Therefore, if you stop processing and restart the Engine or the server hosting the Engine reboots for some reason, event processing will remain off until you turn it back on.

  • Accepting: A green check mark indicates that Storage Manager is accepting events to process. You can stop accepting events to process by clicking this button. You are prompted to enter text in a field indicating your reason for stopping the acceptance of events. The text you enter is recorded on the Engine Status page.

  • Processing: A green check mark indicates that Storage Manager is processing events. You can stop processing events by clicking this button. You are prompted to enter text in a field indicating your reason for stopping the processing of events. The text you enter is recorded on the Engine Status page.

13.1.8 Path Analysis

The Path Analysis page shows a tree view of your network storage and provides various storage reports. These reports are a quick way to determine the trustees of a share or folder, the number of files and file types in a given folder, whether a quota is assigned to a folder and if so, how much, and the permissions assigned to individual files.

NOTE:Whether managed by Storage Manager or not, all of the storage visible in the left panel is eligible for path analysis.

Use the left pane to browse and select network shares and folders. Use the right pane to view the files within a selected folder.

Clicking a share or folder in the left pane activates the toolbar. The toolbar has the following options:

Information: Lets you view a variety of information pertaining to a selected share or folder.

  • Quota: Specifies if quota is set for a folder, the quota size, and the amount of free space remaining in the folder.

  • File Types: Categorizes the content of the selected folder by displaying the various file types, the total number of each file type, and the total size of each file type. For example, to know if a user is storing non-work related files in his or her home folder and the total size of these files, you could use this feature to quickly determine this information.

  • Permissions: Opens the View Permissions dialog box, which lists all users and objects that have any type of rights to the selected share, folder, or file. The View Permissions dialog box also indicates the permissions that each of these users and objects have as well as how these rights are obtained.

Tools: Lets you create, rename, and delete folders within the network file system.

Rebuild: Rebuilds your storage resource list. You might need to do this to display the storage resource list structure after it has been modified.

Refresh: Refreshes the view within the Path Analysis page.

File Permissions: This opens a dialog box displaying all the objects that have permissions to a selected folder, the specific permissions, and how those permissions were obtained.

Filter: This lets you filter the view of the subfolders for a specified folder.

13.1.9 Operations

The Operations page provides you the ability to perform operations outside of policy-based managed storage. The available Operation types are:

  • Copy: A copy operation can be used to copy the data of any arbitrary path to another.

  • Groom: A groom operation can be used to vault data from any arbitrary path to a vault location.

Operations can be run once, scheduled to run once in the future, or can be run on a regular occurrence. Each operation has a specific event and their status can be monitored via Events. Multiple operations can be created and run in parallel. Likewise, any number of scheduled operations can be created and run in parallel.

Unless an operation is scheduled, the copy or groom operation takes place immediately. To check on its status, click Events.

Performing a Copy Operation

Copy operations copy folders and their contents to a target parent folder. If the parent folder does not have a subfolder with the name of the folder being copied, it will create a new subfolder with that name. If it already has a subfolder with the same name, it will merge the contents of the folder into the existing subfolder with the same name and then, based on your overwrite settings, either overwrite the same named files or not copy the same named files.

NOTE:In previous versions of Storage Manager, this operation was called a “Data Management” operation. If you have previously scheduled Data Management tasks, they will still continue to work. They have just been renamed to Copy Operation.

  1. In SMAdmin, click the Home tab.

  2. Click Operations > Copy.

  3. Click the Browse button to select a folder for the Source Path field.

  4. Click the Browse button to select a folder for the Target Parent Path field.

    This is the parent folder where the copied folder will be structured as a subfolder.

  5. (Conditional) If you want to overwrite the existing data in the target folder, select the Overwrite existing data check box, and then specify either the Always or Only if newer option.

    • Always: Duplicate named files on the target will always be overwritten by the source file.

    • Only if newer: Duplicate named files on the target will only be overwritten if the modification timestamp on the source is newer than the timestamp of the file on the target.

    If no option is selected, all duplicate named files will not be copied.

  6. Select from the following options:

    • Copy Security: Maintains the file permissions from the source location to the destination location.

    • Copy Quota: If the target supports quota management, maintains the disk quota settings from the source location to the destination location.

    • Remove Source after copy: Removes the folder from its original location in the file system after it has been copied.

    • Skip open files: Skips all of the files that are opened from the source folder.

      With copy operations, Storage Manager does not attempt to copy skipped files later. You might want to therefore schedule a copy operation during a time when users are logged out. For procedures on scheduling a copy operation, see Section 13.1.11, Scheduled Tasks.

Performing a Groom Operation

Groom operations remove files from any arbitrary path to a vault location. The files that are groomed are in accordance to the specifications that you establish in an Action Block. For more information on Action Blocks, see Section 13.1.5, Action Blocks.

  1. In SMAdmin, click the Home tab.

  2. Click Operations > Groom.

  3. Click Choose Filter, select an Action Block, and click OK.

  4. Click the Browse button to select a folder for the Source Path field.

  5. Click the Browse button to select the vault location for the Target Path field.

  6. (Conditional) If you want you users to be able to continue to access groomed files from the new vault location, select the Copy Security check box and choose one of the following options:

    • Merge Permissions: Merges permissions from the source to the target if the target contains permissions that are not present in the source. This applies to all folders and files in the source folder structure.

    • Overwrite Permissions: Overwrites permissions in the target with those found in the source. This applies to all folders and files in the target folder structure.

  7. Click Submit.

Scheduling Operations

Operations are scheduled through the Scheduled Tasks page. For information on scheduling copy and groom operations see Section 13.1.11, Scheduled Tasks.

13.1.10 Cross-Empire Data Migrations

For customers who have purchased either the eDirectory to Active Directory Cross-Empire Data Migration Solution Pack, or the Active Directory to Active Directory Cross-Empire Data Migration Solution Pack, this page is the means of launching either Cross-Empire Data Migration project.

13.1.11 Scheduled Tasks

Use the Scheduled Tasks page to schedule storage resources discoveries and database cleanup tasks as well as schedule copy and groom operations.

Schedule a Storage Resources Discovery

This task initiates a search within the entire forest domain for any new shares or DFS namespaces. Depending on the size, configuration, and topology of your network, this can take a significant amount of time.

  1. In SMAdmin, click the Home tab.

  2. Click Scheduled Tasks.

  3. From the list of scheduled tasks, double-click Storage Resources Discovery.

  4. In the Schedule Start region, set the time and data parameters when you want the storage resources discovery to take place.

  5. In the Schedule Recurrence region, specify the frequency of the storage resources discovery.

  6. Click OK.

Run a Storage Resources Discovery

In addition to scheduling a storage resources discovery, you can run the storage resources discovery immediately.

  1. In SMAdmin, click the Home tab.

  2. Click Scheduled Tasks.

  3. From the list of scheduled tasks, right-click Storage Resources Discovery and select Run.

  4. Click Yes in the confirmation dialog box.

Schedule a Database Cleanup

A database cleanup reduces database bloat that can affect Storage Manager performance. A database cleanup does the following:

  • Removes old scan entries

  • Removes deleted path history entries

  • Removes deleted object entries

  • Removes events that are marked as completed

  • Cleans up DS objects based on their delete time

  • Removes orphaned action blocks

While the database cleanup is in process, event processing is turned off. Once the cleanup finishes, event processing is turned on.

  1. In SMAdmin, click the Home tab.

  2. Click Scheduled Tasks.

  3. From the list of scheduled tasks, double-click Database Cleanup.

  4. In the Schedule Start region, set the time and data parameters when you want the database cleanup to take place.

  5. In the Schedule Recurrence region, specify the frequency of the database cleanup.

  6. Click OK.

Run a Database Cleanup

In addition to scheduling a database cleanup, you can run a database cleanup immediately.

  1. In SMAdmin, click the Home tab.

  2. Click Scheduled Tasks.

  3. From the list of scheduled tasks, right-click Database Cleanup and select Run.

  4. Click Yes in the confirmation dialog box.

Schedule an Operation

  1. In SMAdmin, click the Home tab.

  2. Click Scheduled Tasks.

  3. Click Add.

  4. From the Task Name drop-down menu, select an operation.

  5. Click Options to access the task-specific dialog box.

  6. Enter the settings in the dialog box and click Save or OK.

  7. In the Description field, enter a description of the operation.

  8. In the Schedule Start region, set the time and data parameters when you want the operation to take place.

  9. In the Schedule Recurrence region, specify the frequency of the operation.

  10. Click OK.

13.1.12 Storage Resources

This page lets you rebuild the storage resource cache used in Storage Manager. Because Storage Manager uses the storage resource cache to accelerate operations, there might be times when you need to use this page to populate the cache with new shares.

Figure 13-22 Storage Resources Page

Rebuild: Clicking this button initiates a search within the entire forest domain for all available shares or DFS namespaces. When you create or edit a policy, you might need to rebuild the list if the share or DFS namespace you need does not appear in the storage resource list. Depending on the size, configuration, and topology of your network, this can take a significant amount of time.

Set Schedule: Allows you to set the schedule for rebuilding the storage resource cache.

Path Analysis: Clicking this button opens the path analysis page for the selected share, allowing you to browse it and do path analysis on any folder you select.

Search: Provides a search field for storage resources.

Last Rebuild Time: Displays the last date and time that the storage resource list was rebuilt.

Last Rebuild Duration: Displays the length of time it took to generate the new storage resource list.

Next Rebuild Time: Displays the date and time when Storage Manager next rebuilds the storage resource list. Unless rebuilt through the Rebuild button, the storage resource list is rebuilt automatically at midnight each day.

Displaying Windows Server Clusters

If a Windows Cluster File Server Resource is not displayed in the Storage Resource List, verify that the Description field of the cluster file server resource includes the words cluster and virtual. If these two words are not included in the description, Storage Manager cannot see it as a storage resource.

Once you modify the description in the Description field, you can perform a storage resources discovery from the Scheduled Tasks page to add the resource to the Storage Resource List. For more information, see Run a Storage Resources Discovery.

13.1.13 GSR Collector

The Global Statistics Report (GSR) Collector is a multi-purpose mechanism that collects data for storage usage statistics and policy-based storage redistribution, generates reports on anomalies such as a user with a non-existent home folder, and catalogs objects and their paths for historical purposes.

The data collected by the GSR Collector has four primary uses:

  • GSR Collector Anomaly Analysis

  • Global Statistics

  • History

  • Policy-based Path Redistribution

Your usage of the GSR Collector data may be specific to all of these or some subset. You should analyze your needs of the feature set it provides and weigh them with the frequency and scope that best suits your needs.

For example, Anomaly Analysis may be an important tool for helping you determine the state of your unmanaged data when you have no configured policies or when you’re initially implementing Storage Manager. Thereafter, you may not need to examine the reports on a daily basis. In this case, after your policies are configured and users are managed, you might opt to change the schedule of the GSR Collector to run weekly.

NOTE:GSR Anomaly Analysis is discussed in Section 13.2.3, GSR Anomaly.

The Global Statistics provided by the GSR Collector offer insight into how your storage is being consumed by the supported categories of objects (e.g. user and collaborative) but it comes at a price. It can be expensive to run if you do not have quotas enabled via File Storage Resource Manager (FSRM) or your managed storage resources primarily consist of NAS devices.

Alternatively, you might find that the Global Statistics are less important in lieu of your need for a finer granularity of historical data. The same size data used for the Global Statistics is also used for Policy-based Path Redistribution. Depending on the policies for which you plan to redistribute data, you might configure the GSR Collector to perform a Complete Inspection on the paths for a specific policy. Thus eliminating the need to wait for Complete Inspection to be performed needlessly against all storage resources.

The GSR Collector is designed to be run on a scheduled interval so that you can collect the appropriate data to provide the necessary granularity for your needs. By default, the GSR Collector will not run unless you run it manually or configure it to run based on a schedule.

Performance Caveats

Due to the number of objects, amount of data to scan, and your configuration, the GSR Collector can be resource intensive and long running. By default, it will collect data on all objects and accessible shares in Active Directory. This default configuration is not ideal for most Storage Manager deployments. However, the configuration of the GSR Collector allows you to scope it according to your needs. You are encouraged to scope it according to the objects and shares that will be managed by Storage Manager. You should be careful when running the GSR Collector during peak traffic load on the Engine.

GSR Collector Configuration

The default configuration of the GSR Collector forces it to behave in a manner consistent with legacy versions of the product. However, it is not optimal for most deployments. The GSR Collector can be scoped by File System and Directory Service parameters.

Figure 13-23 File System Configuration Settings for the GSR Collector

File System

Scope: The file system scope provides the means for you to determine which shares should be scanned by the GSR Collector. The file system scopes are:

  • All Storage Resources: This is the default option and mutually exclusive of Policy Target Paths and User Specified Storage Resources. This will cause the GSR Collector to scan the root of all shares that appear in Storage Resources for size and anomaly data. This can take a significant amount of time to complete depending on the share type, contents, and the chosen Size Gathering option. In large environments, this is not the recommended configuration.

  • Policy Target Paths: This option can be checked separately or combined with User Specified Storage Resources for greater flexibility. This will cause the GSR Collector to only scan paths defined as policy target paths for size and anomaly data. After you have your storage managed by policy, use this option to limit the scope and provide meaningful size and anomaly analysis data for the storage resources that matter most.

  • User Specified Resources: This option can be checked separately or combined with Policy Target Paths for greater flexibility. This will cause the GSR Collector to only scan paths defined by you for size and anomaly data. When running the GSR Collector for the first time, this option serves as the best choice because it allows you to target specific paths and storage resources.

Size Gathering: The size gathering options allow you to control the method by which aggregate size data for global statistics and policy-based path redistribution is collected.

  • Complete Inspection: This is the default option. To collect size data, folders are checked for quota. If quota is determined to be supported by the hosting server and the folder has a quota, FSRM is queried to obtain the relevant data. In the case where the folder does not have a quota managed by FSRM or it simply has no quota at all, the folder is traversed to collect size data of all files.

  • Limit to Storage Resources that have quota enabled: If quota is determined to be supported by the hosting server and the folder has a quota, FSRM is queried to obtain the relevant data. The folder must have a quota set to eliminate brute force enumeration to collect size data.

  • No Size Collection: No size data collection is attempted.

Anomaly Analysis: The file system anomaly analysis provides the means for you to determine the level of anomaly analysis. The options are:

  • None: Anomaly analysis will not be performed.

  • Simple: This is the default option and sufficient for most purposes. The following anomalies are reported:

    • Attribute Value Missing: The respective path attribute (e.g. home folder) does not have a value.

    • Path Missing On Disk: The respective path attribute value cannot be found on disk.

    • Path Validation Issue: Attempting to retrieve or verify the existence of the respective path attribute value failed.

    • Name Mismatch: The respective leaf path value does not match the object’s name value.

    • Path Mismatch: The respective path attribute value does not match the last known managed path database entry.

    • DS Path Duplicate Value: Two or more objects have been detected that contain the same path for the respective path attribute.

    • DS Path Crosstalk Parent: The object’s respective path attribute has been detected as being the parent of another object’s path attribute.

    • DS Path Crosstalk Child: The object’s respective path attribute has been detected as being the subordinate of another object’s path attribute.

    • Orphan Path Candidate: The path is directly subordinate to a path at which other DS-associated paths have been found, but has not been detected as being associated with any DS object via a path attribute.

  • Full: Reports additional policy related anomalies.

    • Policy Not Found: The respective auxiliary policy attribute entry references an auxiliary policy that was not found in the database.

    • Policy Object Not Managed: Effective policy calculations indicate that a policy is effective for the respective object and path type, but the object is not known to be managed.

    • Policy Mismatch: The respective path is indicated as being managed in the database, but the policy under which it is currently managed does not match what effective policy calculation indicates it should be.

    • Policy Validation: An error occurred while attempting to calculate effective policy for the object and respective path type.

Directory Service

Container Scope: The directory service container scope provides the means for you to determine which containers should be enumerated by the GSR Collector for Anomaly Analysis, Global Statistics, and History. The container scopes are:

  • All Containers: This is the default option and mutually exclusive of Policy Associated Objects and User Specified Containers. This will cause the GSR Collector to enumerate all object types specified by the Object Scope for size and anomaly data.

  • Policy Associated Objects: This option can be checked separately or combined with User Specified Containers for greater flexibility. This will cause the GSR Collector to only enumerate and evaluate objects that are associated to policies. After you have your objects managed by policy, use this option to limit the scope and provide meaningful anomaly analysis data for the objects that matter most.

  • User Specified Containers: This option can be checked separately or combined with Policy Associated Objects for greater flexibility. This will cause the GSR Collector to only enumerate and evaluate objects defined by you for size and anomaly data. When running the GSR Collector for the first time, this option serves as the best choice because it allows you to target specific objects for analysis.

The containers specified in the container scope are searched recursively for object types configured in the Object Scope.

Object Scope: The directory service object scope provides the means for you to determine which object types and path types should be enumerated by the GSR Collector for Anomaly Analysis, Global Statistics, and History. The object scopes and path types are:

  • Users

    • Home Folder

    • Profile Path

    • Remote Desktop Services Home Folder

    • Remote Desktop Services Profile Path

    • Auxiliary (ccx-FSFAuxiliaryStorage)

  • Groups – Collaborative managed path (ccx-FSFManagedPath)

  • Containers – Collaborative managed path (ccx-FSFManagedPath)

GSR Collector Configuration Scenarios

All Storage Resources + Complete Inspection

This default configuration will cause the GSR Collector to enumerate all shares found in Storage Resources. During the enumeration, child folders at the root of shares are inspected for anomaly analysis and checked to determine if they have a quota applied to them via File Server Resource Manager (FSRM). If they have a quota, FSRM is queried to obtain it. In the case where a server hosting a share does not support quota (e.g. FSRM is not installed, the server is a NAS device) a brute force enumeration of the child directories is performed to collect size data for statistics and policy-based storage redistribution. Depending on the number of directories and their contents, this is a time consuming and resource intensive operation. While it ensures that all of the available shares are scanned, it is not the most efficient use of the GSR Collector.

Figure 13-24 All Storage Resources + Complete Inspection

All Storage Resources + Limited to Storage Resources that Have Quota Enabled

This configuration will cause the GSR Collector to enumerate all shares found in Storage Resources. During the enumeration, child folders at the root of shares are inspected for anomaly analysis and checked to determine if they have a quota applied to them via FSRM. If they have a quota, FSRM is queried to obtain it. This configuration is more efficient than Complete Inspection. However, if you have folders that do not have quota, there will be size data missing from Global Statistics and Policy-based Path Redistribution that would skew your results.

Figure 13-25 All Storage Resources + Limited to Storage Resources that Have Quota Enabled

All Storage Resources + No Size Collection

This configuration will cause the GSR Collector to skip enumeration of all shares found in Storage Resources for size related data. If Global Statistics are not needed on a regular basis or you have a need for finer granularity in your historical data, this option may be best suited for your goals. However, if you choose this option, there will be no size data to drive Global Statistics and Policy-based Path Redistribution.

Figure 13-26 All Storage Resources + No Size Collection

13.1.14 Forest Trusts

Forest trust relationships provide security across multiple Active Directory forests. Before you can authenticate across trusts and migrate folders from one forest to another, Windows must first establish a trust path between the forests.

Overview

Storage Manager has limited support for forest trusts for Active Directory to Active Directory Cross-Empire Data Migration and for managing storage resources in another forest. The trust cannot be leveraged to monitor for events in another forest.

To configure a supported forest trust, see Configuring a Forest Trust. After a forest trust is configured for use, you will need to set the appropriate permissions on shares so that they can be made available for access and management.

After a supported forest trust is established, SMAdmin can be used to enable it for use. Multiple forest trusts can be established and configured for use.To enable an established forest trust for use, refer to Managing Forest Trusts.

Table 13-1 Supported Trusts

Trust Type

Direction

Scope of Authentication

Supported

External

One-way or two-way

Selective or Forest-wide

No

Realm

One-way or two-way

Selective or Forest-wide

No

Forest

One-way or two-way

Selective

No

Forest

One-way incoming or two-way

Forest-wide

Yes

Shortcut

One-way or two-way

Selective

No

Active Directory Cross-Empire Data Migration Trust Scenarios

One-way Incoming

In this scenario, a one-way incoming trust has been established between Forest A and Forest B. Here, Storage Manager will copy data and permissions from storage resources in Forest B to Forest A.

Figure 13-27 One-way: Incoming Forest Trust

Two-way

In this scenario, a two-way trust has been established between Forest A and Forest B. Here, Storage Manager will copy data and permissions from storage resources in Forest B to Forest A.

Figure 13-28 Two-way Forest Trust

Trusted Resource Management Scenario

In this scenario, a one-way incoming trust has been established between Forest A and Forest B. Here, Storage Manager will monitor for events in Forest A account forest and manage data in the Forest B resource forest.

Figure 13-29 One-way: Incoming Trust

For more information on Active Directory Domains and Trusts, see https://technet.microsoft.com/en-us/library/cc770299.aspx.

Configuring a Forest Trust

  1. On a server in the target forest in which Storage Manager is installed, open Active Directory Domains and Trusts.

  2. Right click the target forest in which Storage Manager is installed and click Properties.

  3. In the properties dialog box, click New Trust.

  4. In the New Trust Wizard dialog box, enter the DNS name for the incoming forest trust and click Next.

  5. For the Trust Type, select Forest trust and click Next.

  6. Unless you need a two-way trust, select One-way: incoming and click Next.

    Storage Manager supports Two-way or One-way: incoming directional trusts.

  7. (Conditional) If you have the necessary permissions, specify Both this domain and the specified domain and click Next.

    Depending on the appropriate permissions that you have as the user you're logged in as, you can create both sides of the trust relationship.

  8. Enter credentials for the specified source domain and click Next.

  9. Specify Forest-wide authentication and click Next

    Storage Manager requires Forest-wide authentication.

  10. Review the selected trust settings. If everything is correct, click Next.

  11. Once the trust is successfully created, click Next.

  12. To validate the trust, specify Yes, confirm the incoming trust and click Next.

  13. View the updated status of changes and click Finish.

  14. In the Properties dialog box, view the new Transitive Forest Trust.

  15. In the Properties dialog box, examine the properties of the trust by selecting the trust and clicking Properties.

  16. Click OK to close the trust properties dialog box.

  17. Click OK to close the domain properties dialog box.

    Storage Manager can now be configured to use the trust for Active Directory to Active Directory Cross-Empire Data Migrations.

Managing Forest Trusts

Once a supported forest trust is established, SMAdmin can be used to enable it for use. Forest trusts are primarily used for Active Directory to Active Directory Cross-Empire Data Migrations. However, they can also be used in a scenario where a storage resource resides in a trusted forest.

After a forest trust is configured for use, you will need to set the appropriate permissions on shares so that they can be made available for access and management.

Multiple forest trusts can be established and configured for use.

Example 1

  1. In SMAdmin, click the Home tab.

  2. Click Forest Trusts.

    If you have configured forest trusts, they will appear in the list of Forest Trusts.

    Supported forest trusts will have a check mark next to them. Unsupported forest trusts will be designated with an exclamation point. The Status column provides descriptive text as to why the forest trust is unsupported. If you select the check box to enable an unsupported forest trust, you will receive an error dialog indicating that the forest trust cannot be managed.

    The properties for the chronicle.local forest are shown below.

    In the example above, ephemeris.local is supported.

    It is supported because it is a one-way incoming trust.

    In the example below, lambda.local is not supported.

    While it is a two-way transitive trust, it is configured for selective authentication.

    Selective authentication is an unsupported authentication scope.

Example 2

  1. In SMAdmin, click the Home tab.

  2. Click Forest Trusts.

    If you have configured forest trusts, they will appear in the list of Forest Trusts.

    Supported forest trusts will have a check mark next to them. Unsupported forest trusts will be designated with an exclamation point. The Status column provides descriptive text as to why the forest trust is unsupported. If you select the check box to enable an unsupported forest trust, you will receive an error dialog indicating that the forest trust cannot be managed.

    The properties for the chronicle.local forest are shown below.

    In the example above, ephemeris.local is supported.

    It is supported because it is a one-way incoming trust.

    In the example below, lambda.local is not supported because it is configured as a one-way outgoing trust.

Cross-Forest Data Management

After you have established a trust relationship, you can manage data in a secondary forest. The User and Group objects must reside in the primary forest, but these objects’ data can be managed in the secondary forest’s network file system.

For example, a User Home Folder policy assigned to User objects in Forest A can be set to a target path in Forest B. Similarly, data residing in the file system of Forest A can me moved, copied, or vaulted to Forest B through an operation.

Figure 13-30 Target Path on a Secondary Forest

13.1.15 Scope

Rather than burdening the Storage Manager Event Monitor in observing all events in the Active Directory forest or domain, this feature lets you “scope” the segments of the forest or domain that the Event Monitor will monitor. A scoped segment of the forest or domain might include specific containers or groups.

For procedures on how to use this feature, see Section 4.0, Configure the Event Monitor Scope. For a complete discussion of the Scope feature, including Include and Exclude behaviors, see Section G.0, Event Monitor Scope.

13.1.16 Agents

Agents perform copying, moving, grooming, and vaulting through directives from the Engine. Storage Manager determines which Agent to use based on the target destination of the data or via proxy configuration.

For optimum performance, Agents should be installed on all servers with storage managed by Storage Manager. Agents run as a native service on Windows.

The Agent page lets you:

  • Authorize an Agent

  • Verify that Agents are authorized

  • View Agents software versions installed

  • View Agent statistics

  • Remove an Agent

  • Configure a Proxy Agent

The Agent page also indicates:

  • Whether the Agent is capable of being utilized in a Cross-Empire Data Migration

  • Whether the Agent is functioning as a Proxy Agent and for which server and share

Procedures for authorizing an Agent are located in Authorizing the Agents in the Micro Focus Storage Manager 5.2 for Active Directory Installation Guide.

Deleting an Agent

Within SMAdmin, you can delete a deauthorized Agent. Only deauthorized Agents can be deleted. If you want to remove an Agent, you must deauthorize it first.

NOTE:If an Agent is deauthorized and it hasn't successfully sent a heartbeat within 7 days, it will automatically be removed.

Proxy Agents

For storage resources that do not or cannot host an Agent, for example a NAS (Network Attached Storage) device, Storage Manager can utilize an Agent running on another server to perform the copying, moving, grooming, and vaulting on the server or NAS device. In this type of scenario, the Agent is serving as a “Proxy Agent.”

A Proxy Agent can also be set up to reduce the workload on the Engine. For example, a Proxy Agent can be configured for a server on one side of a WAN environment to move data from one server to another on the same side of the WAN link. This keeps the data from crossing the WAN link only to cross back again.

Configuring an Agent to be a Proxy Agent

  1. In SMAdmin, click the Home tab.

  2. Click Agents.

  3. Select the Agent you want to authorize to be a Proxy Agent and click Proxy.

    The left side of the Proxy Agent Configuration dialog box shows the list of servers without Agents installed. The right side shows the servers with Agents installed. In the example below, the Agent on Windows 2012 R2 - DAL could be set up to be the Proxy Agent for the Windows 2012 - DET server.

  4. Click the Target Server View tab.

  5. From the drop-down list, select the Agent server you want to serve as the Proxy Agent for the server on the left.

  6. Click OK to save and close the proxy setting association.

13.1.17 Event Monitors

The Event Monitor monitors changes to Active Directory based on create, move, rename, and delete events.

You install one Event Monitor per domain, and it can run on a domain controller or a member server. If you install the Event Monitor on a domain controller, the Event Monitor always monitors the local server for changes in the domain. If you install the Event Monitor on a member server, the Event Monitor identifies the closest available domain controller and monitors it for changes in the domain. The Event Monitor runs as a native service on Windows.

In the Event Monitors page, you can:

  • Authorize an Event Monitor

  • Verify that an Event Monitor is authorized

  • View the Event Monitor software version installed

  • View Event Monitor statistics

  • Remove an Event Monitor

The Event Count number indicates the total number of events sent from the Event Monitor to the Engine.

Procedures for authorizing the Event Monitor are located in Authorizing the Event Monitor in the Micro Focus Storage Manager 5.2 for Active Directory Installation Guide.

Deleting an Event Monitor

Within SMAdmin, you can delete a deauthorized Event Monitor. Only deauthorized Event Monitors can be deleted. If you want to remove an Event Monitor, you must deauthorize it first.

13.1.18 Client

This page lets you configure various settings within SMAdmin.

An overview of settings specific to the General tab follows the graphic.

Figure 13-31 The General Tab of the Client Page

Enable Logging: Selecting this check box enables logging the operations of SMAdmin and lets you specify the logging level and whether to roll the log or close the old log and start a new log.

Logging Level: This drop-down menu lets you select the classification of entry you want logged.

View Log: Clicking this button opens the log file.

Roll Log File: Clicking this button discontinues entries in the current log file and begins a new log file.

Enable Caching: Selecting this check box enables SMAdmin to maintain the area of the directory tree that is visible in the right pane of the Objects page, if you move from the Objects page to another. For example, if you locate a Group object in a container and then need to move to another page, when you return to the Objects page, you do not need to navigate the directory tree to locate the Group object again.

Check for Updates after Login: Selecting this check box allows SMAdmin to notify you of the availability of newer Micro Focus Storage Manager components.

Check for Confirmation When Closing: Selecting this check box prompts you with a confirmation of your choice when you close SMAdmin.

Default Data Path: This field specifies the location where all exported reports are stored. Fro example, if you were to export a Consistency Check report as a CSV or HTML file, it would be saved in this location.

NOTE:As stated on the Advanced tab page, the configuration settings on this page should be adjusted only under the direction of a Micro Focus Support representative during a support instance.

13.1.19 Check Updates

This page compares the version numbers of Storage Manager components that you have installed with the latest versions available. It also provides links for downloading the latest versions of each of the components.