We have currently have two new VNX5600's as well as 2 old Celerra NS40G's.
Anyone please advise as to the best configuration for user mapper for this configuration? The old Celarra's will eventually get decommissioned so i'm not sure if the Primary database needs migrating to the new Celarra on the VNX or if we should leave the configuration as it is now with each pair of Celerras having a primary user mapper database?
In this case, it's best to ask the customer "what's your eventual expectation?" If the customer wants to configure replication between the VNX5600s, with the expectation of failing over from one VNX5600 to the other VNX5600, then you'll certainly want a matching usermapper database on both sides. That means, one side would be configured as primary, and the other as a secondary.
Then, you have to ask the customer "is the expectation to continue 'business-as-usual' while failed over?" In that case, you'd also have to consider which side is primary and which side is secondary. Let's assume production is the primary usermapper and the DR site is the secondary. That means, we can create new Windows users on the primary side regardless of what's happening at DR. If the primary side goes down, we can failover to DR and serve existing users. However, the DR array will not be able to create new usermapper entries (that is, assign more Windows users on the VNX) while the primary usermapper is down/unavailable. To avoid this, you might consider making the DR VNX the primary Usermapper and the production VNX the secondary usermapper. In this case, if you failover to DR, you can continue to add new Windows users, since the primary usermapper (DR VNX) is still accessible. Sounds good, huh? The only problem is, network issues at DR may now prevent the production VNX from accessing the DR usermapper. I've seen cases where unexpected outages or upgrades at DR manifest as being unable to create new users on the production VNX.
So, it seems like your customer has to make a decision about what scenario you're trying to protect against and what problems you want to solve.
Let us know if that helps!
Thanks for this Karl
The main issue they see is that the current Celerra (NS40g’s) having a different user mapper database to the new VNX5600’s that are being installed. There is a slight chance of a user having different access permissions across these that could cause the issue, if the databases aren’t in sync.
Yes, that's absolutely correct. Depending on what the customer agrees to as the final configuration, you have several options. In one setup, you can make the VNX a secondary usermapper to one of the NS40s, then start a replication. At the end, you can cutover and switch one of the VNX to be a primary and the other to be a secondary. This is the most common approach, especially if you have all of the answers to questions above.
Another approach would be to simply export the usermapper databases from the NS40s, then import them on the VNX. This is not as common and has its own pitfalls, but is an alternative "for the right reasons".
Again, you have to understand what the end-goal is to make a decision - or any decision - really. There's no best way to deal with this, without knowing how it should behave at the end.