Quantum DLC/Fiber on 10.11 El Capitan

osbalde
New Contributor II

I was recently tasked with enabling DLC on 10.11 El Capitan iMacs in lieu of connecting them via Fiber. Since I found very little information about how to do this from JAMF, Quantum, or Apple, I thought I would share my solution. Distributed LAN Client (DLC) is basically a Fiber over ethernet connection Xsan can use. It doesn't have the same level of throughput, but it is an excellent solution for users who historically have needed Xsan access but who aren't doing real-time rendering.

Reference Material:
- Quantum | StorNext 5 Link: Here
- Apple Xsan Reference: Here

Benefit of using JSS:
Without a JSS the setup is more difficult. Quantum server can provide a Configuration Profile (unsigned). If you manually load the unsigned profile, Apple's SIP security blocks it from running, and if you turn off SIP (which I don't recommend) you still have to work out a script to map the drive if it doesn't initially map at login. If the profile is pushed via JSS the profile is signed, SIP doesn't stop it, and a script isn't necessary, it will remount volumes when they are available. 

Setup through JSS:
In version 9.81 of JSS under Configuration Profile you can add an Xsan payload. Generate a .configprofile from the Quantum server (see reference link), open it in a text editor, and copy the following info into the Xsan payload:
Xsan Name = sanName
Populate the IPs under fsnameservers in the server field
Populate the sharedSecret in Authentication Secret

For us the DLC sanName and Fiber sanName were different, so I created 2 configuration profiles: 1 for fiber, and 1 for DLC. Thus, keys like denyDLC, preferDLC, and useDLC were unnecessary as the profile determined if Xsan was connecting through DLC or Fiber. But if your sanName is the same they can be used in a script deployed via a policy.

To specify conditions like denyMount, onlyMount I did the following:

  • I added an Extension Attribute to detect if the computer had the DLC or Fiber configuration profile present. Link to EA: https://jamfnation.jamfsoftware.com/viewProductFile.html?fid=659 Thanks - benjamin.michael

  • I then created a smart group that contained those computers who had the configuration profile present.

  • That smart group was scoped to a policy that ran the following command:
sudo defaults write /Library/Preferences/com.apple.Xsan.plist denyMount 'volumeName'

The .plist created by the configuration profile can be modified by defaults write command to include the commands to customize the connection. For more complicated customization a script triggered by the policy would be suggested. 

Hope this helps others,

Edmund

1 REPLY 1

jaymie
New Contributor
A few updates, if this helps anyone.
Fibre/DLC in Sonoma/Sequoia
 
Reference links:
Apple | XSAN  (no longer supported/updated but still relevant)
 
Updated EA - in our environment, we have multiples types of connections but the same Volume Name.  To separate, we have an updated extension attribute like this:
 
SANmounted=$(ls /Volumes | grep "MediaSAN")
XSANPresent=$(/usr/sbin/diskutil list | grep "MediaSAN")
Fibre=$(fibreconfig -l | grep NodeWWN)
 
if [ "$SANmounted" != "" ]; then
if [ "$XSANPresent" != "" ]; then
    if [ "$Fibre" != "" ]; then
   echo "<result>Enabled via Fibre</result>"
    else
   echo "<result>Enabled via DLC</result>"
    fi
    else
    echo "<result>Mounted via SMB</result>"
fi
else
echo "<result>Unmounted</result>"
fi
 
Updated Config Profile - use case of fibre vs DLC and the main difference on the profiles is the following key
<key>denyDLC</key>
vs
<key>useDLC</key>
 
if there are multiple volumes, you can use <key>onlyMount</key>
 
e.g.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>useDLC</key>
    <true/>
    <key>onlyMount</key>
    <array>
      <string>XSANvolume</string>
    </array>
  </dict>
</plist>