The ShellShock vulnerability (CVE-2014-6271 & CVE-2014-7169) affects GNU Bash in a way that could allow an unauthenticated remote attacker to inject arbitrary commands on a targeted system. Following the release of this vulnerability, EMC immediately initiated a review of EMC Information Infrastructure products to assess any potential impact.
For the most up-to-date information about the impact of the ShellShock vulnerability and EMC Isilon OneFS and other EMC products, see the following knowledgebase article:
The Offer & Enablement (O&E) team within the EMC® Isilon® Professional Services department is a well-oiled machine when it comes to making videos. In the past year, they’ve played a key role in conceptualizing and collaborating to develop almost a third of the videos published to the Isilon Support YouTube playlist—from whiteboard videos to technical demos—that demonstrate how features of the OneFS® operating system work.
Principal Solutions Architect Amol Choukekar describes the story behind the origin and production of their latest video, Technical Demo: Access Zones in OneFS 7.1.1. In this interview, you’ll learn how frequently asked questions from customers about Access Zone configuration and directory layouts inspired the O&E team to create this video.
Q: Tell us about your team and why you produce these videos?
A: Our team is comprised of solutions architects and technical program managers who all contribute to making these videos. There is a lot of effort that goes into these projects. Specifically, creating and revising the script and setting up the demo environments that we use to create these videos.
Our main objective in producing these videos is to demonstrate OneFS features in a simple-to-follow format. The value for our customers and partners is to use the knowledge gained in the video and then apply that to their EMC Isilon solution.
Q: Why was Access Zones selected as a topic for a technical demo?
A: Access Zones was initially introduced in the OneFS 7.0 release. The OneFS 7.1.1 release includes interesting changes to the Access Zones feature, such as the concept of a zone-base directory. Other feature changes include zone-specific SMB shares, which eliminate the duplicate share name issue that existed in previous versions of OneFS (login is required to view Isilon OneFS 7.1.1 Release Notes). Also, our HDFS support is now zone-aware, which is becoming very popular. These changes represent another step in the evolution of our scale out multi-tenancy story in OneFS. The purpose of the video is to make our customers aware of these important changes.
Q: What were some frequently asked questions about Access Zones that helped you develop the script?
A: One of the criteria in configuring Access Zones is the zone-base directory, because a main criteria in configuring a OneFS cluster is to correctly lay out the directory structure. Our field teams were frequently asked questions about directory layout. For example, when we configure Access Zones or our cluster, where should we base our zone directory considering the various workflows and data segregation needs? This is an important design decision when deploying a scale-out network attached storage (NAS) solution such as EMC Isilon.
One of the objectives of the video was to demonstrate the proper use of the OneFS directory path convention. For example, with /ifs as the cluster root path, the best practices we’ve seen in the field for creating the directory layout is to use a /ifs/clustername/zonename/ structure. That can become your Access Zone rule, and then you can create SMB shares under that directory.
Zone-base directories in OneFS 7.1.1
Q: What were some of the other goals when making this video?
A: The other goals for the video were to demonstrate the new Access Zone feature in a simplistic way without using any technical jargon. We really wanted the audience to easily grasp the concepts because these are the building blocks for the OneFS solution.And we wanted to demonstrate the feature in a workflow format to help the viewer understand the concepts related to Access Zones.
Q: What were some of the challenges when making this video?
A: While the content of the video is introductory, there was a lot of effort put in by our technical program managers to create the environment and make sure that the technical steps were complete and easily reproducible. Although it was a bit time consuming, it was not difficult at all because OneFS is one of the easiest NAS operating systems that I have ever worked with.
Q: What else would you like to add?
A: We hope all of our viewers find this useful. If you do find it useful, we highly encourage you to share it with your peers, customers, or anybody that uses OneFS and needs to configure Access Zones. And provide us with feedback on this video or existing videos, or suggestions for new topics.
[Editor’s note: please provide your feedback and suggestions by sending an email to firstname.lastname@example.org]
With EMC® Isilon® scale-out storage, it’s easy to add performance and capacity to your cluster simply by adding new nodes. For example, after you acquire a new node, a certified technician locates an open space in a rack (either 2U or 4U, depending on the node size), installs rails, installs the node into the rack, connects the network and InfiniBand cables, and then joins the node to the cluster. After joining the node, you’ll have more space and performance capacity right away.
The node installation process is simple and fast; but be sure to take the time to check that the nodes are safely secured to the rails and rack to minimize the risk of personal injury and damage to equipment.
Check out the following videos, which show the proper procedures for racking EMC Isilon 2U and 4U nodes, including both node installation and node removal from a rack.
Installing a node into a rack
Isilon nodes mount in a standard 19-inch wide rack and use a sliding rail system. Watch the following videos to learn how to install 2U and 4U nodes into a standard rack with 3/8-inch square holes.
One of the goals of this blog is to share the most useful EMC® Isilon® support-related content that we have to offer. In this post, we’re highlighting 20 of the most viewed knowledgebase (KB) articles and product documents from the month of August.
We hope these documents will help you to quickly find an answer to a common question or resolve an issue.
Top 10 KB articles
To access these KB articles, log in to the EMC Online Support site. Articles in bold are new to the top 10 list.
Apache™ Hadoop®, open-source software for analyzing huge amounts of data, is a powerful tool for companies that want to analyze information for valuable insights.
Hadoop redefines how data is stored and processed. A key advantage of Hadoop is that it enables analytics on any type of data. Some organizations are beginning to build data lakes—essentially large repositories for unstructured data—on the Hadoop Distributed File System (HDFS) so they can easily store data collected from a variety of sources, and then run compute jobs on data in its original file format. There’s no need to load data into the HDFS for analysis, saving data scientists time and money. They can then survey their Hadoop data lake and discover big data intelligence to drive their business.
However, the Hadoop data lake also presents challenges for organizations that want to protect sensitive information stored in these data repositories. For example, organizations might need to follow internal enterprise security policies or external compliance regulations, such as the Health Insurance Portability and Accountability Act (HIPAA) or the Sarbanes-Oxley Act (SOX). A Hadoop data lake is difficult to secure because HDFS was neither designed nor intended to be an enterprise-class file system. It is a complex, distributed file system of many client computers with a dual purpose: data storage and computational analysis. HDFS has many nodes, each of which presents a point of access to the entire system. Layers of security can be added to a Hadoop data lake, but managing each layer adds to complexity and overhead.
Best of both worlds
The EMC® Isilon® scale-out data lake offers the best of both worlds for organizations using Hadoop: enterprise-level security and easy implementation of Hadoop for data analytics.
An Isilon cluster separates data from compute clients in which the Isilon cluster becomes the HDFS file system. All data is stored on an Isilon cluster and secured by using access control lists, access zones, self-encrypting drives, and other security features. OneFS implements the server-side operations of HDFS as a native protocol. Therefore, Hadoop clients access data on the cluster through HDFS and standard protocols such as SMB and NFS.
OneFS can facilitate your efforts to comply with regulations such as HIPAA, SOC, SEC 17a-4, the Federal Information Security Management Act (FISMA), and the Payment Card Industry Data Security Standard (PCI DSS). The table below summarizes some of the challenges of securing a Hadoop data lake, and how the capabilities of an Isilon cluster can help to address these issues. For full descriptions of these capabilities, see Security and Compliance for Scale-Out Hadoop Data Lakes.
Hadoop data lakes: security challenges and Isilon capabilities
A Hadoop data lake can contain sensitive data—intellectual property, confidential customer information, and company records. Any client connected to the data lake can access or alter this sensitive data.
Compliance mode and write-once, read-many (WORM) storage
The SEC 17a-4 regulation requires that data is protected from malicious, accidental, or premature alteration. Isilon SmartLock™ is a OneFS feature that locks down directories through WORM storage. Use compliance mode only for scenarios where you need to comply with SEC 17a-4 regulations. In addition, auditing can help detect fraud, unauthorized access attempts, or other threats to security.
ACL policies help to ensure compliance. However, clients may be connecting to the Hadoop cluster by using different protocols, such as NFS or HTTP.
Authentication and cross-protocol permissions
OneFS authenticates users and groups connecting to the cluster through different protocols by using POSIX mode bits, NTFS, and ACL policies. By managing ACL policies in OneFS, you can address compliance requirements for environments that mix NFS, SMB, and HDFS.
Applying restricted access to directories and files in HDFS requires adding layers to your file system.
Role-based access control for system administration (RBAC)
The PCI DSS Requirement 7.1.2 specifies that access must be restricted to privileged user IDs. RBAC, a OneFS feature, lets you manage administrative access by role, and assign privileges to a role. You can associate one user with one ID through identity management and user mapping, and then assign that ID to a role. In OneFS, access zones are a virtual security context in which OneFS connects to directory services, authenticates users, and controls access to a segment of the file system.
FISMA and HIPAA and other compliance regulations might require protection for data at rest.
Encryption of data at rest
Isilon self-encrypting drives are FIPS 140-2 Level 3 validated. The drives automatically apply AES-256 encryption to all data stored in the drives without requiring additional equipment. You can enable a WORM state on directories for data at rest.
The opinions and interests expressed on Dell EMC employee blogs are the employees' own and do not necessarily represent Dell EMC's positions, strategies or views. Dell EMC makes no representation or warranties about employee blogs or the accuracy or reliability of such blogs. When you access employee blogs, even though they may contain the Dell EMC logo and content regarding Dell EMC products and services, employee blogs are independent of Dell EMC and Dell EMC does not control their content or operation. In addition, a link to a blog does not mean that EMC endorses that blog or has responsibility for its content or use.