Archive for February, 2014

Role-based access control in EMC Isilon OneFS 7.1: An overview

Kirsten Gantenbein

Kirsten Gantenbein

Principal Content Strategist at EMC Isilon Storage Division
Kirsten Gantenbein
Kirsten Gantenbein

In EMC® Isilon® OneFS® 7.0 and 7.1, you can use role-based access control (RBAC) for administration tasks in place of a root or administrator account. A role is a collection of OneFS privileges that are limited to an area of administration. For example, you can create custom roles for security, auditing, storage, or backup tasks. Privileges are assigned to roles. As a user logs in to the cluster through the Platform API, the OneFS command-line interface, or the OneFS web administration interface, they’re granted privileges based on their role membership.

For information on how to create and manage roles through the OneFS command-line interface, see the OneFS 7.1 CLI Administration Guide – page 252 (requires login to the EMC Online Support site).

For an overview about RBAC in OneFS 7.1, watch the following video, “Enterprise Features in OneFS 7.1: Role Based Access Control.”

If you have questions or feedback, send an email to isi.knowledge@emc.com. To provide documentation feedback or request new content, send an email to isicontent@emc.com.

Video Transcript

Hello, I’m Andrey Tychkin with EMC Isilon.

In this video, we’ll talk about Role Based Access Control or RBAC, a feature of OneFS 7.1.

Role Based Access Control allows us to delegate specific administration tasks to users of the OneFS cluster.

Let’s take an example.

Let’s say I’m a NAS administrator and I want my Windows team to manage SMB administration on the cluster separate from, say, my UNIX team.

I’ll start by creating a role and giving it a meaningful name, such as SMB-ADMIN.

Once the role is created, I can add some privileges to it.

Privileges are sets of allowable actions.

They can be read-only for monitoring, or they can be read-write for actual configuration changes.

For SMB administration, I’ll need an SMB setting privilege and a WEB UI log in privilege.

We can also choose from one of the four predefined roles in OneFS which already have privileges assigned to them.

They are SecurityAdmin for RBAC administration, SystemAdmin for general system administration tasks, VMwareAdmin for managing backups of virtual machines, and AuditAdmin for Auditing.

Once we have our roles and privileges set up, all we need to do is add some members to it.

Members can be any users from authentication providers such as AD, LDAP, or NIS.

In our case, it’s our friend Mike from AD who, once he’s added to this role, he’s able to administer SMB on this cluster.

Role based access control is managed from the CLI by using the isi auth roles command.

Detailed information on RBAC is available in the OneFS Administration Guide.

If you have questions or want to implement OneFS 7.1 features in your environment, please contact your account team.

Thank you for watching.

Locating serial numbers for EMC Isilon nodes

Kirsten Gantenbein

Kirsten Gantenbein

Principal Content Strategist at EMC Isilon Storage Division
Kirsten Gantenbein
Kirsten Gantenbein
The serial number for an EMC Isilon X200 node.

The serial number for an EMC Isilon X200 node.

To open a service request for EMC® Isilon® Technical Support, you’ll need to provide a node serial number. You can easily retrieve this information from the back of the node (or the front of A100 nodes), from the OneFS web administration interface, or from the OneFS command-line interface.

For a demonstration of the OneFS web administration or command-line interface procedures, or to see what the serial number for a particular node looks like, watch the following video, “How to Find Serial Numbers for EMC Isilon Nodes.” Or, read the related knowledgebase article, “How to find serial numbers for EMC Isilon nodes,” for a written description of these procedures (requires login to the EMC Online Support site).

If you have questions or feedback about this blog or videos, email isi.knowledge@emc.com. To provide documentation feedback or request new content, email isicontent@emc.com.

Video Transcript

Hello. I’m André Morrissen, a Senior Technical Writer at EMC.

Before you can log a case with EMC Isilon Technical Support, you’ll need to obtain the serial number of the affected nodes.

In this video, we’ll show you how to obtain a serial number from the physical node, using the EMC Isilon OneFS web administration interface, or using the OneFS command-line interface.

First, let’s look at how the format of serial numbers depends on the type of node.

For the current generation of EMC Isilon storage nodes, which include the S200, X200, X400,

NL400, serial numbers begin with the letter “S”, followed by the family code, the chassis code, the generation, and lastly, a ten-digit number.

The following example illustrates a serial number for an X200 node.

The serial number for an A100 performance or backup accelerator node starts with FC61S, followed by 9 digits, as seen in the following example.

For legacy Isilon IQ-Series nodes, the serial number format depends on the age of the node.

For newer IQ-Series 2U nodes with 12 drives and 4U nodes with 36 drives, serial numbers start with a letter that designates the node type:

“A” for accelerator nodes

“D” for EX storage expansion nodes

And “G”, “K”, “M”, or “R” for standard storage nodes

Nine digits follow the letter and the serial number ends with an “L”, as seen in the following example.

Serial numbers for older IQ-Series 2U nodes with 12 drives start with eight digits and end with the letter “S”.

Now let’s look at the three ways to find your node’s serial number.

If you have access to the physical node, the serial number is printed on a sticker.

For most nodes, the sticker is on the back of the node.

For A100 accelerator nodes, first remove the face plate from the front of the node.

Press both latches in simultaneously until they click, then remove the face plate.

Locate the black plastic tab on the top left of the node and slide it out.

The serial number is printed on the blue label.

When you’re done, slide the tab back in and replace the face plate.

First, log in to the OneFS web administration interface.

The Cluster Status page displays by default. If you’re on a different page, you’ll need to navigate there.

If you’re running OneFS 6.5 or earlier, click Status, then click Cluster Status.

If you’re running OneFS 7.0 or 7.1, click Dashboard, Cluster Overview, then click Cluster Status.

We’ll continue this demonstration using OneFS 7.1.

The Status section lists all the nodes in your cluster and their node numbers.

Locate the number for the affected node in the ID column and click it to view the information for that node.

The Node Status tab identifies the serial number along with other information for that node.

First, open an SSH connection on any node in the cluster and log in using the “root” account.

Then, run the following command to display information for all nodes in your cluster: isi_for_array -s isi_hw_status -i

Each line of output starts with the cluster name, followed by the node number. The output is displayed per node in numerical order.

For example, this block of output is for node 3 in the cluster.

Locate the serial number for the affected node.

For a written description of how to find node serial numbers, see the following knowledgebase article.

If you need assistance with this procedure, contact EMC Isilon Technical Support.

Thanks for watching.

EMC Isilon SnapshotIQ: An overview and best practices

Kirsten Gantenbein

Kirsten Gantenbein

Principal Content Strategist at EMC Isilon Storage Division
Kirsten Gantenbein
Kirsten Gantenbein

If you want to capture a moment in time with a camera, you snap a picture. When you want to capture the data on your cluster at a moment in time with the EMC® Isilon® OneFS® operating system, you take a snapshot.

EMC Isilon SnapshotIQ™ is a licensed software module that lets you create new snapshots and manage snapshot schedules. In this blog post, you’ll learn about SnapshotIQ basics and best practices.

SnapshotIQ overview

A snapshot is taken at a directory-level. The snapshot maintains an image of data that existed in that directory at that moment when the snapshot was created, even if the data changes. Taking a snapshot is an instantaneous operation. Rather than create a redundant copy of the data blocks, snapshots use pointers to reference current blocks on the cluster. Because of this, snapshots do not consume additional disk space unless the data referenced by the snapshot is modified. If the files are modified, the snapshot stores read-only copies of the original blocks.

Image provided by Patrick Kreuch

Image provided by Patrick Kreuch

Snapshots are the foundation for data protection strategies in OneFS. Snapshots are also used by the EMC Isilon SyncIQ™ software module to replicate a consistent point-in-time image of a directory from one cluster to another.

Watch the following video, “Data Protection and Disaster Recovery with Isilon SnapshotIQ,” to learn how to manage snapshots with the SnapshotIQ module. EMC Isilon Senior Solutions Architect, Chris Klosterman, answers the following frequently asked questions:

  • What is a snapshot and why do I need it?
  • How does SnapshotIQ work?
  • Where does OneFS store snapshots?
  • What are some example schedules?
  • How is data restored?
  • When do OneFS snapshots expire and how is the snapshot space reclaimed?
  • Can I modify data in a snapshot?

SnapshotIQ best practices

You may find that working with a large number of snapshots can become challenging to manage. Consider the following best practices to improve snapshot management and avoid cluster performance degradation.

  • Do not create more than 1,000 snapshots of a single directory.
  • Consider the depth of the directory path when creating snapshots. If the path is too high on the directory tree, it will cost more cluster resources to modify data referenced by the snapshot. If the path is too deep, you may need to create more snapshot schedules, which can be difficult to manage.
  • Create an alias name for your snapshot schedules in the OneFS web administration interface. Use the alias name to help you look up the most recent snapshot generated from a schedule.
  • Do not disable the snapshot delete job in the OneFS Job Engine.

For additional best practices and details about SnapshotIQ, see the “Snapshots” section in the OneFS Administration Guide.

If you have questions or feedback about this blog or these videos, email isi.knowledge@emc.com. To provide documentation feedback or request new content, email isicontent@emc.com.

The top 20 EMC Isilon support documents in January 2014

Kirsten Gantenbein

Kirsten Gantenbein

Principal Content Strategist at EMC Isilon Storage Division
Kirsten Gantenbein
Kirsten Gantenbein

One of the goals of this blog is to share the most useful EMC Isilon support-related content that we have to offer. In this post, we’re highlighting 20 of the most viewed knowledgebase (KB) articles and product documents from the month of January.

We hope these documents will help you to quickly find an answer to a common question or resolve an issue.

Top 10 KB articles

To access these KB articles, log in to the EMC Online Support site. Articles in bold are new to the top 10 list this month.

  1. How to download OneFS 7.1 (172492)
  2. Best practices for NFS client settings (90041)
  3. OneFS 7.0.2 SMB Rollup Patch (172623)
  4. How to create a bootable image of OneFS on a USB flash drive (16691)
  5. How to reset a node to factory defaults (16696)
  6. Matrix of patches available for Isilon OneFS (88538)
  7. How to connect to the management port of a node (16744)
  8. OneFS 6.5.5 SMB Rollup Patch (172742)
  9. How to reimage a node using a USB flash drive (16582)
  10. Troubleshooting performance issues (88844)

 

Top 10 product documents

To access these PDF documents, log in to the EMC Online Support site. Documents in bold are new to the top 10 list this month.

  1. Current Isilon Software Releases
  2. OneFS 7.1 CLI Administration Guide
  3. Isilon Supportability and Compatibility Guide
  4. OneFS 7.0.2.5 Release Notes
  5. OneFS 7.0.1 Administration Guide
  6. OneFS 7.1 Web Administration Guide
  7. OneFS 7.1 Release Notes
  8. OneFS 7.0.2 Administration Guide
  9. OneFS 6.5.5.27 Release Notes
  10. Isilon Node Firmware Package 8.3 Release Notes

 

If you have questions or feedback about this blog, email isi.knowledge@emc.com. To provide documentation feedback or request new content, email isicontent@emc.com.