Posts Tagged ‘access zones’

Top 3 operational differences in EMC Isilon OneFS 7.1.1

Kirsten Gantenbein

Kirsten Gantenbein

Principal Content Strategist at EMC Isilon Storage Division
Kirsten Gantenbein
Kirsten Gantenbein

As EMC Isilon OneFS 6.5 and OneFS 7.0 reach their end-of-service life (EOSL) this year, many EMC Isilon customers will be upgrading to OneFS 7.1.1. If you plan to upgrade to OneFS 7.1.1, there are several new features, enhancements, and operational changes that may affect your day-to-day administration tasks. We want you to be aware of some the differences that impact upgrade planning, because they may require pre-upgrade tasks. You can find detailed information in the OneFS 7.1.1 Behavioral and Operational Differences and New Features document on the Isilon Community and OneFS 7.1.1 release notes on the EMC Online Support site.

Meanwhile, here are the top three changes for you to prepare for:

  • Access zones: directory configuration and NFS access
  • SmartPools®: node pool configuration
  • Role-based access controls

Access zones

In OneFS 6.5, access to cluster resources was controlled by authentication providers such as SMB, NFS, and SSH. Beginning in OneFS 7.0, user access to the cluster is controlled through access zones. With access zones, you can partition the cluster configuration into self-contained units, and configure a subset of parameters as a virtual cluster with its own set of authentication providers, user mapping rules, and SMB shares. The built-in access zone is the System zone, which, by default provides the same behavior as OneFS 6.5. You can connect to access zones using all available authentication providers, NFS exports, and SMB shares.

In OneFS 7.1.1, however, you cannot configure NFS exports in multiple access zones. NFS access is restricted to the System zone only. (In OneFS 7.2, NFS is zone-aware for access to multiple access zones.)

Also, access zones require a unique top-level root directory in OneFS 7.1.1. The root directories, or base paths, for multiple access zones in OneFS 7.1.1 cannot overlap with each other.

An important note!

If you currently use multiple access zones in your OneFS 7.0 or OneFS 7.1 cluster, you must check your access zone configuration for overlapping directories. If base paths overlap before you upgrade to OneFS 7.1.1, all previously created access zones will be assigned a base path of /ifs. Refer to OneFS 7.1.1 and Later: Best Practices for Upgrading Clusters Configured with Access Zones before upgrading to prevent a scenario where directories are assigned a new base path to accommodate access zones in OneFS 7.1.1.

SmartPools

In OneFS 6.5, a group of nodes is called a disk pool. Different types of drives could be assigned to a disk pool. There are several changes in SmartPools since 7.0. Beginning in OneFS 7.0, a group of nodes is called a node pool, and a group of disks in a node pool is called a disk pool. Also beginning in OneFS 7.0, nodes are automatically assigned to node pools in the cluster based on the node type. This is called autoprovisioning. Node pools can only include drives of the same equivalence class (review the equivalence class of nodes in the Isilon Supportability & Compatibility Guide). However, you can include multiple node pools into a higher level grouping called tiers. Finally, in the web administration interface of OneFS 7.1.1, SmartPools is located as a tab within Storage Pools.

Disk pools can no longer be viewed or targeted directly through the OneFS 7.1.1 web administration interface or the command-line interface. Instead, the smallest unit of storage that can be administered in OneFS 7.0 is a node pool. Disk pools are managed exclusively by the system through autoprovisioning.

An important note!

If you are running OneFS 6.5 or OneFS 6.5.5 and have node pools of mixed node types, you must configure disk pools into supported OneFS 7.0 and later node pool configurations well in advance of upgrading to OneFS 7.1.1. Supported node pool configurations must contain nodes of the same type, according to their node equivalence class.

Role-based access control (RBAC)

In OneFS 6.5, you can grant web and SSH login and configuration access to non-root users by adding them to the administrator group. In OneFS 7.0 and later, the admin group is replaced with the administrator role using role-based access control (RBAC). RBAC enables you to create and configure additional roles. A role is a collection of OneFS privileges that are granted to members of that role as they log in to the cluster. Only root and admin user accounts can perform administrative tasks and add members to roles. OneFS comes pre-loaded with built-in roles for security, auditing, and system administration, and you can create custom roles with their own sets of privileges.

For information about role-based access, including a description of roles and privileges, see Isilon OneFS 7.0: Role-Based Access Control.

An important note!

For OneFS 6.5 and OneFS 6.5.5 users upgrading to OneFS 7.1.1, make sure you add existing administrators to an administrator role.

For more information about OneFS 7.1.1

Visit these links for more information about:

Start a conversation about Isilon content

Have a question or feedback about Isilon content? Visit the online EMC Isilon Community to start a discussion. If you have questions or feedback about this blog, or comments about the video specifically, contact us at isi.knowledge@emc.com. To provide documentation feedback or request new content, contact isicontent@emc.com.

[display_rating_result]

Multitenancy for Hadoop data on an EMC Isilon cluster

Kirsten Gantenbein

Kirsten Gantenbein

Principal Content Strategist at EMC Isilon Storage Division
Kirsten Gantenbein
Kirsten Gantenbein

The process of analyzing big data within big organizations can be complicated. There can be many data sets to analyze, some which are stored in silos or contain secure information. And there can be many different Hadoop users accessing these data sets, each with different permissions and credentials. So how can organizations effectively manage multiple data sets and Hadoop users?

In EMC® Isilon® OneFS®, you can take advantage of multitenancy to tackle this issue. Multitenancy creates secure, separate namespaces on a shared infrastructure so that different Hadoop users (or tenants) can connect to an Isilon cluster, run Hadoop jobs concurrently, and consolidate their Hadoop workflows onto a single cluster. OneFS 7.2 supports several Hadoop distributions and HDFS 2.2, 2.3, and 2.4. The OneFS HDFS implementation also works with Ambari for management and monitoring, Kerberos authentication, and Kerberos impersonation.

The white paper, “EMC Isilon Multitenancy for Hadoop Big Data Analytics,” highlights how to set up access zones for multitenancy and manage Hadoop data in an Isilon cluster.

How Hadoop works in Isilon

The Apache Hadoop analytics platform comprises the Hadoop Distributed File System, or HDFS, a storage system for vast amount of data, and MapReduce, a processing paradigm for data-intensive computation analysis.

EMC Isilon serves as the file system for Hadoop clients. This enables Hadoop clients to directly access their datasets on the Isilon storage system and run data analysis jobs on their compute clients. OneFS implements server-side operations of the HDFS protocol on each node in the Isilon cluster to handle calls to the NameNode and to manage read/write requests to DataNodes.

EMC Isilon Hadoop Deployment

To configure an Isilon cluster for Hadoop, you first need to activate a HDFS license in OneFS. Contact your account team for more information. Then visit our EMC Hadoop Starter Kits to learn how to deploy multiple Hadoop distributions, such as Pivotal, Cloudera, or HortonWorks, on your Isilon cluster.

Access zones for multitenancy

Access zones lay the foundation for multitenancy in OneFS. Access zones provide a virtual security context that segregates tenants and creates a virtual region that isolates data sets. Each access zone encapsulates a namespace, HDFS directory, directory services, authentication, and auditing. An access zone also isolates system connections for further security.

The following procedures for managing and securing data sets are covered in “EMC Isilon Multitenancy for Hadoop Big Data Analytics.”

  • Provide multiprotocol support – Learn how you can store data by using existing workflows on your Isilon cluster and access it through SMB, NFS, OpenStack Swift, and HDFS protocols, instead of running HDFS copy operations to move data to Hadoop clients.
  • Manage different data sets – Learn how you can use SmartPools for managing different data sets based on customized policies.
  • Associate network resources with access zones – Understand how virtual racking works in Isilon and how you can configure SmartConnect in OneFS to manage connections to data on your Isilon cluster.
  • Secure access zones – Review how role-based access control and directory services with access zones in OneFS are used to authenticate users assigned to each zone.

Hadoop information hubs

You can find a rich array of information about Isilon and Hadoop. Visit our online Isilon Community on the EMC Community Network for InfoHubs, which serves as a single location for all of our Hadoop-related content. The Hadoop InfoHub contains links to general information about Isilon and Hadoop. The Cloudera with Isilon InfoHub contains links to information about deploying the Cloudera distribution for Isilon.

Start a conversation about Isilon content

Have a question or feedback about Isilon content? Visit the online EMC Isilon Community to start a discussion. If you have questions or feedback about this blog, contact us at isi.knowledge@emc.com. To provide documentation feedback or request new content, contact isicontent@emc.com.

[display_rating_result]

The top 3 operational differences between EMC Isilon OneFS 6.5 and OneFS 7.0

Kirsten Gantenbein

Kirsten Gantenbein

Principal Content Strategist at EMC Isilon Storage Division
Kirsten Gantenbein
Kirsten Gantenbein

isilon-onefs-7-0Attention all current EMC® Isilon® OneFS 6.5 users: OneFS 6.5 will reach its end of service life (EOSL) on June 30, 2015. OneFS 7.0 introduces several new features, enhancements, and operational changes. If you need to upgrade to OneFS 7.0, you might be wondering what’s different about this version and how these differences will affect your day-to-day administrative tasks. You can learn more by looking at the Administrative Differences in OneFS 7.0 white paper.

The top three changes that OneFS 6.5 users should prepare for are:

  • Administration using role-based access control (RBAC)
  • Authentication using access zones
  • Managing groups of nodes in SmartPools

Role-based access control

In OneFS 6.5, you can grant web and SSH login and configuration access to non-root users by adding them to the admin group. The admin group is replaced with the administrator role in OneFS 7.0 using RBAC. A role is a collection of OneFS privileges, usually associated with a configuration subsystem, that are granted to members of that role as they log in to the cluster.

For information about role-based access, including a description of roles and privileges, see Isilon OneFS 7.0: Role-Based Access Control.

An important note!

After you upgrade to OneFS 7.0, make sure you add existing administrators to an administrator role.

Access Zones

In OneFS 7.0, all user access to the cluster is controlled through access zones. With access zones, you can partition the cluster configuration into self-contained units and configure a subset of parameters as a virtual cluster with its own set of authentication providers, user mapping rules, and SMB shares. The built-in access zone is the “System” zone, which by default provides the same behavior as OneFS 6.5, using all available authentication providers, NFS exports, and SMB shares.

For information about access zones, see the OneFS 7.0.2 Administration Guide.

SmartPools

In OneFS 6.5, a group of nodes is called a disk pool. In OneFS 7.0, a group of nodes is called a node pool, and a group of disks in a node pool is called a disk pool. Also, Isilon nodes are automatically assigned to node pools in the cluster based on the node type. This is called autoprovisioning. Disk pools can no longer be viewed or targeted directly through the OneFS 7.0 web administration interface or the command-line interface. Instead, the smallest unit of storage that can be administered in OneFS 7.0 is a node pool. Disk pools are managed exclusively by the system through autoprovisioning.

An important note!

Before you upgrade to OneFS 7.0, you must configure disk pools into a supported node pool configuration. Disk pools must contain nodes of the same type, according to their node equivalence class. Disk pools that contain a mixture of node types must be reconfigured.

For information about how to prepare your Isilon cluster for upgrade to OneFS 7.0, see the Isilon OneFS 7.0.1 – 7.0.2 Upgrade Readiness Checklist.

For more information about OneFS 7.0

Visit these links for more information about:

Start a conversation about Isilon content

Have a question or feedback about Isilon content? Visit the online EMC Isilon Community to start a discussion. If you have questions or feedback about this blog, contact us at isi.knowledge@emc.com. To provide documentation feedback or request new content, contact isicontent@emc.com.

[display_rating_result]

Behind the scenes: Making the Access Zones technical demo video

Kirsten Gantenbein

Kirsten Gantenbein

Principal Content Strategist at EMC Isilon Storage Division
Kirsten Gantenbein
Kirsten Gantenbein
Amol Choukekar

Amol Choukekar

The Offer & Enablement (O&E) team within the EMC® Isilon® Professional Services department is a well-oiled machine when it comes to making videos. In the past year, they’ve played a key role in conceptualizing and collaborating to develop almost a third of the videos published to the Isilon Support YouTube playlist—from whiteboard videos to technical demos—that demonstrate how features of the OneFS® operating system work.

Principal Solutions Architect Amol Choukekar describes the story behind the origin and production of their latest video, Technical Demo: Access Zones in OneFS 7.1.1. In this interview, you’ll learn how frequently asked questions from customers about Access Zone configuration and directory layouts inspired the O&E team to create this video.

Q: Tell us about your team and why you produce these videos?

A: Our team is comprised of solutions architects and technical program managers who all contribute to making these videos. There is a lot of effort that goes into these projects. Specifically, creating and revising the script and setting up the demo environments that we use to create these videos.

Our main objective in producing these videos is to demonstrate OneFS features in a simple-to-follow format. The value for our customers and partners is to use the knowledge gained in the video and then apply that to their EMC Isilon solution.

Q: Why was Access Zones selected as a topic for a technical demo?

A: Access Zones was initially introduced in the OneFS 7.0 release. The OneFS 7.1.1 release includes interesting changes to the Access Zones feature, such as the concept of a zone-base directory. Other feature changes include zone-specific SMB shares, which eliminate the duplicate share name issue that existed in previous versions of OneFS (login is required to view Isilon OneFS 7.1.1 Release Notes). Also, our HDFS support is now zone-aware, which is becoming very popular. These changes represent another step in the evolution of our scale out multi-tenancy story in OneFS. The purpose of the video is to make our customers aware of these important changes.

Q: What were some frequently asked questions about Access Zones that helped you develop the script?

A: One of the criteria in configuring Access Zones is the zone-base directory, because a main criteria in configuring a OneFS cluster is to correctly lay out the directory structure. Our field teams were frequently asked questions about directory layout. For example, when we configure Access Zones or our cluster, where should we base our zone directory considering the various workflows and data segregation needs? This is an important design decision when deploying a scale-out network attached storage (NAS) solution such as EMC Isilon.

One of the objectives of the video was to demonstrate the proper use of the OneFS directory path convention. For example, with /ifs as the cluster root path, the best practices we’ve seen in the field for creating the directory layout is to use a /ifs/clustername/zonename/ structure. That can become your Access Zone rule, and then you can create SMB shares under that directory.

Zone-based directories in OneFS 7.1.1

Zone-base directories in OneFS 7.1.1

Q: What were some of the other goals when making this video?

A: The other goals for the video were to demonstrate the new Access Zone feature in a simplistic way without using any technical jargon. We really wanted the audience to easily grasp the concepts because these are the building blocks for the OneFS solution.And we wanted to demonstrate the feature in a workflow format to help the viewer understand the concepts related to Access Zones.

Q: What were some of the challenges when making this video?

A: While the content of the video is introductory, there was a lot of effort put in by our technical program managers to create the environment and make sure that the technical steps were complete and easily reproducible. Although it was a bit time consuming, it was not difficult at all because OneFS is one of the easiest NAS operating systems that I have ever worked with.

Q: What else would you like to add?

A: We hope all of our viewers find this useful. If you do find it useful, we highly encourage you to share it with your peers, customers, or anybody that uses OneFS and needs to configure Access Zones. And provide us with feedback on this video or existing videos, or suggestions for new topics.

[Editor’s note: please provide your feedback and suggestions by sending an email to isicontent@emc.com]

Start a conversation about Isilon content

Have a question or feedback about Isilon content? Visit the online EMC Isilon Community to start a discussion. If you have questions or feedback about this blog, contact us at isi.knowledge@emc.com. To provide documentation feedback or request new content, contact isicontent@emc.com.

[display_rating_result]