Posts Tagged ‘features’

EMC Isilon OneFS 7.2.1 is available!

Risa Galant

Risa Galant

Principal Technical Writer at EMC Isilon Storage Division
Risa Galant

Latest posts by Risa Galant (see all)

EMC Isilon OneFS 7.2.1 release has some great new and updated features that provide benefits on both the hardware and software side, including:

  • Security Technical Implementation Guide (STIG) configuration support
  • FIPS OpenSSL support
  • CAC/PIV authentication
  • Enhanced IPv6 support
  • Enhanced Swift support
  • Global namespace acceleration and L3 cache interaction
  • New node and SSD class compatibility support

In addition, the upgrade requirements for OneFS 7.2.1 differ from previous releases. This post highlights some of the new capabilities and upgrade requirements.

For more technical information about all of the new OneFS 7.2.1 features and enhancements, refer to the following documents:

New features

The following new features are included in OneFS 7.2.1.

Hardened profiles: Security Technical Implementation Guide (STIG)

If your site requires compliance with the Defense Information Systems Agency (DISA) STIG configuration standards, you’re in luck! OneFS 7.2.1 introduces a license-based security hardening feature through which you can apply and revert a hardening policy on the EMC Isilon cluster to meet DISA STIG configuration standards.

Networking:  enhanced IPv6 support

You can configure your cluster to accept client connections through both IPv4 and IPv6. OneFS adds dual-stack support to enable your cluster to support IPv4 and IPv6 client connections concurrently. And, OneFS 7.2.1 also supports IPv6-only environments.

Note that HDFS, InsightIQ 3.1 and earlier, MMC, NIS, and Swift are not supported over IPv6.

OneFS API: enhanced Swift support

Isilon Swift is now supported with the HTTP and secure HTTP (HTTPS) protocols over IPv4.

Isilon Swift supports the HTTP protocol with IPv6, but does not support HTTPS with IPv6. Isilon Swift also supports the HTTP protocol with IPv4 if STIG hardening is disabled.

File system: Global namespace acceleration (GNA) and L3 cache interaction

OneFS 7.2.1 includes some changes to how storage space calculations work when GNA and L3 cache are both enabled in the same cluster.

In OneFS, you can use solid-state drives (SSDs) for strategies such as GNA mirroring or for L3 cache. GNA mirroring enables data on node pools that do not have SSDs to have additional metadata mirrors on SSDs elsewhere in the cluster. The additional SSD metadata mirroring can improve file system performance by accelerating metadata read operations.

In OneFS 7.2.1, GNA requires that at least 20 percent of the nodes in the cluster contain at least one SSD, and that at least 1.5 percent of the total cluster storage is SSD-based. Any SSDs that are used for L3 cache are not counted against the GNA requirements: with GNA enabled and with L3 cache configured for a pool, the nodes in the pool with L3 cache configured become invisible to the GNA calculations. This change helps to ensure equitable and fair calculations when L3 cache and GNA are enabled in the same cluster.  For more information, see the OneFS 7.2.1 Release Notes and the OneFS 7.2.1 CLI Administration Guide.

Hardware: Node class compatibility

You can deploy a newer-generation node to a cluster that contains nodes from an earlier generation of the same class. For example, if your cluster already has a node pool that consists of Isilon X200 nodes, you can define a compatibility that enables you to add an X210 node to the same node pool. OneFS 7.2.1 supports compatibilities for S200/S210, X200/X210, X400/X410, and NL400/NL410 nodes. Compatible node generations must have identical HDD and SSD layouts and must have a compatible memory configuration. See the OneFS 7.2.1 Release Notes for details.

SSD compatibility

SSD compatibility enables you to add nodes with different capacity SSDs to the same node pool. For example, if your cluster has a node pool that consists of Isilon S200 nodes with 100 GB SSDs and you purchase new S200 nodes with 200 GB SSDs, you can create an SSD compatibility so that the new S200 nodes can be provisioned into the existing S200 node pool. For nodes of different generations—for example, S200 and S210 nodes – you might have to create a node class compatibility and an SSD compatibility to enable the S210 nodes to be provisioned into an S200 node pool.

Support for new platforms

OneFS 7.2.1 provides support for two new platforms: the X210 and the NL410. These nodes support node class compatibility. X210 nodes can be added to existing X200 node pools, and NL410 nodes can be added to existing NL400 node pools.

How to upgrade to OneFS 7.2.1

You can upgrade directly to OneFS 7.2.1 only from OneFS 7.1.1.4 or later, or from OneFS 7.2.0.2 or later. For more information, see Upgrade Paths to OneFS 7.2.1.0.

If you want to upgrade to this new release, explore your upgrade options by reviewing the Isilon Supportability and Compatibility GuideThen, prepare for the upgrade process by reviewing the following documents:

When you’re ready to upgrade, download the OneFS 7.2.1.0 installation file from the Download section of the EMC Online Support site.

InsightIQ 3.2.1: Cool new stuff

Patrick Kreuch

Patrick Kreuch

Sr. Technical Writer at EMC Isilon Storage Division
Patrick Kreuch

Latest posts by Patrick Kreuch (see all)

[Editor’s note: We updated the title from InsightIQ 3.2 to InsightIQ 3.2.1, changed mentions of 3.2 to 3.2.1, and removed the original photo on 8/5/2015. InsightIQ 3.2 is replaced by InsightIQ 3.2.1. All the cool new features mentioned in this blog are available in InsightIQ 3.2.1, including a fix for an upgrade issue. For more information, refer to InsightIQ 3.2.1 release notes. And while we originally featured the “Deal with It” meme photo because it showcased the ultimate symbol of cool (wearing sunglasses indoors), we no longer considered it a good fit for this blog post. Call it a case of revenge of the meme. For questions or concerns about this blog post, please send an email to isi.knowledge@emc.com.]

Being cool isn’t just about expensive clothes and wearing sunglasses indoors. Being cool is about attitude, speed, and efficiency. Slow is never cool. InsightIQ 3.2.1 is easily the coolest release of InsightIQ yet. If you want to know why, keep reading.

New, faster, lighter PostgreSQL database

InsightIQ 3.2.1 has a sweet new PostgreSQL database instead of the old SQLite database. PostgreSQL offers the monitoring experience you’ve been waiting for. With the new PostgreSQL datastore, InsightIQ runs faster and requires less space to store the same amount of information. It’s the best of both worlds, and nothing is better than the best of both worlds, except maybe the best of three or four worlds. But really, how many worlds do you need?

Configurable stat collection

While earlier versions of InsightIQ were obsessed with collecting every single cluster statistic, InsightIQ 3.2.1 is a little more laid back. InsightIQ 3.2.1 enables you to specify which statistics you want to collect, so you have more room on your hard drive for videogames. If you just don’t care about CPU usage, InsightIQ is right there with you.

Datastore export

In previous versions of InsightIQ, if you wanted to transfer cluster data from one InsightIQ instance to another, you had to connect the two instances and keep them connected while the data was migrated. Those were the rules; that’s just the way things were. But InsightIQ 3.2.1 doesn’t play by the rules. It’s a lone wolf that stays up past midnight and drinks milk from the carton. InsightIQ 3.2.1 lets you export your datastore to a .tar file that you can later import to any number of other InsightIQ instances, and it lets you do it on your own time.

SmartPools support

InsightIQ 3.2.1 also enables you to break out performance data by node pools and tiers, which is more useful than cool, but does everything have to be cool? The answer is yes… and no. Because there are no definitive answers in life, only questions. And thinking like that makes you really cool.

Learn more

At this point, you probably can’t wait to start working with InsightIQ’s new database, move some datastores around, and apply a few node-pool breakouts. And the great thing is: you don’t have to! Follow the link below to start right now. The 1,000,000th user to click wins a free skateboard!*

https://community.emc.com/docs/DOC-42096

*I lied. There is no skateboard.

[display_rating_result]

Ask EMC Isilon experts about video surveillance

Kirsten Gantenbein

Kirsten Gantenbein

Principal Content Strategist at EMC Isilon Storage Division
Kirsten Gantenbein
Kirsten Gantenbein

Do you have a question about EMC® Isilon® products that you’d like an expert to answer? You have the opportunity to get your questions answered in the Ask the Expert forum on the Isilon Community.

Ask the Expert forums are regularly scheduled events on the EMC Community Network (ECN), which cover many topics and products. For example, previous Isilon Ask the Expert forums covered topics such as scale-out data lakes and SMB protocol support. Next week, you can connect directly with experts about video surveillance solutions (VSS) and Isilon products.

About this month’s ATE topics

Video surveillance technology has been evolving in leaps and bounds. However, this evolution brings challenges, such as complexity and staggering storage demands. For example, if a company uses 100 cameras and decides to retain the footage captured at a high definition resolution (1080p) for 30 days, they might need up to 190 terabytes of storage.

Video also consumes a lot of network bandwidth. Depending on where cameras are located and how they’re used, a company needs to tailor their IT infrastructure to support streaming video feeds and archiving video data. Additionally, companies need to consider how to deploy a VSS within an existing IT infrastructure, and then integrate video management software (VMS) applications into their current operating environments to process the video data. This is a big shift from closed surveillance systems of the past. These days, repurposing IT assets and approaches is commonplace for video surveillance.

EMC Isilon OneFS configured as a tier 2 target for archiving video data.

EMC Isilon OneFS configured as a tier 2 target for archiving video data.

What’s the bottom line about how EMC Isilon helps with video surveillance? “It’s about simplicity at scale,” says Bryan Berezdivin, Chief Solutions Architect for the EMC Emerging Technologies Division of EMC. When more cameras are added, camera technology changes, or camera configurations are changed to provide higher resolutions or higher frame rates, more storage is needed. Isilon enables customers to easily add more storage and handle these frequent changes in the system with no modifications on the VMS applications.

Last week, EMC announced Isilon as a core solution for video surveillance. You can use the ATE forum to ask questions about deploying Isilon as a core solution, migrating your data, or configuring your Isilon cluster to support specific VSS workflows and architectures.

How to submit your questions to the forum

RSVP today for next week’s Ask the Expert discussions to get email updates about the event.  Questions will be answered between October 13 -27, 2014 by Frank McCarthy (Director of Video Surveillance Solutions within the Global Corporate Practice at EMC), Bryan Berezdivin, Ken Mills (Senior Manager, Business Development for Isilon products), and Joe Catalanotti (Product Marketing Manager with EMC). You can submit your questions to the Ask the Expert forum on the Isilon Online Community.

These experts have extensive experience in the video surveillance industry and with Isilon products. They can answer questions about Isilon topics such as configuration, data protection, disaster recovery, and VSS architectures. Or you can ask about the latest video technology and trends. Learn more about these experts on the Isilon Community site.

If you’re interested in more ATE forums, keep visiting the Isilon Community or ECN event page for upcoming events.

Start a conversation about Isilon content

Have a question or feedback about Isilon content? Visit the online EMC Isilon Community to start a discussion. If you have questions or feedback about this blog, contact us at isi.knowledge@emc.com. To provide documentation feedback or request new content, contact isicontent@emc.com.

[display_rating_result]

How to secure a Hadoop data lake with EMC Isilon

Kirsten Gantenbein

Kirsten Gantenbein

Principal Content Strategist at EMC Isilon Storage Division
Kirsten Gantenbein
Kirsten Gantenbein

Apache™ Hadoop®, open-source software for analyzing huge amounts of data, is a powerful tool for companies that want to analyze information for valuable insights.

Hadoop redefines how data is stored and processed. A key advantage of Hadoop is that it enables analytics on any type of data. Some organizations are beginning to build data lakes—essentially large repositories for unstructured data—on the Hadoop Distributed File System (HDFS) so they can easily store data collected from a variety of sources, and then run compute jobs on data in its original file format. There’s no need to load data into the HDFS for analysis, saving data scientists time and money. They can then survey their Hadoop data lake and discover big data intelligence to drive their business.

However, the Hadoop data lake also presents challenges for organizations that want to protect sensitive information stored in these data repositories. For example, organizations might need to follow internal enterprise security policies or external compliance regulations, such as the Health Insurance Portability and Accountability Act (HIPAA) or the Sarbanes-Oxley Act (SOX). A Hadoop data lake is difficult to secure because HDFS was neither designed nor intended to be an enterprise-class file system. It is a complex, distributed file system of many client computers with a dual purpose: data storage and computational analysis. HDFS has many nodes, each of which presents a point of access to the entire system. Layers of security can be added to a Hadoop data lake, but managing each layer adds to complexity and overhead.

Best of both worlds

The EMC® Isilon® scale-out data lake offers the best of both worlds for organizations using Hadoop: enterprise-level security and easy implementation of Hadoop for data analytics.securing a hadoop data lake

The new white paper, Security and Compliance for Scale-Out Hadoop Data Lakes, describes how Hadoop data is stored on Isilon scale-out network-attached storage (NAS), and how the OneFS® operating system helps to secure that data.

An Isilon cluster separates data from compute clients in which the Isilon cluster becomes the HDFS file system. All data is stored on an Isilon cluster and secured by using access control lists, access zones, self-encrypting drives, and other security features. OneFS implements the server-side operations of HDFS as a native protocol. Therefore, Hadoop clients access data on the cluster through HDFS and standard protocols such as SMB and NFS.

For more information about how Hadoop is implemented on an Isilon cluster, see EMC Isilon Scale-Out NAS for In-Place Hadoop Data Analytics.

Isilon security capabilities

OneFS can facilitate your efforts to comply with regulations such as HIPAA, SOC, SEC 17a-4, the Federal Information Security Management Act (FISMA), and the Payment Card Industry Data Security Standard (PCI DSS). The table below summarizes some of the challenges of securing a Hadoop data lake, and how the capabilities of an Isilon cluster can help to address these issues. For full descriptions of these capabilities, see Security and Compliance for Scale-Out Hadoop Data Lakes.

 Hadoop data lakes: security challenges and Isilon capabilities

Security challenges Isilon capabilities Description
A Hadoop data lake can contain sensitive data—intellectual property, confidential customer information, and company records. Any client connected to the data lake can access or alter this sensitive data.
  • Compliance mode and write-once, read-many (WORM) storage
  • Auditing
The SEC 17a-4 regulation requires that data is protected from malicious, accidental, or premature alteration. Isilon SmartLock™ is a OneFS feature that locks down directories through WORM storage. Use compliance mode only for scenarios where you need to comply with SEC 17a-4 regulations. In addition, auditing can help detect fraud, unauthorized access attempts, or other threats to security.
ACL policies help to ensure compliance. However, clients may be connecting to the Hadoop cluster by using different protocols, such as NFS or HTTP.
  • Authentication and cross-protocol permissions
OneFS authenticates users and groups connecting to the cluster through different protocols by using POSIX mode bits, NTFS, and ACL policies. By managing ACL policies in OneFS, you can address compliance requirements for environments that mix NFS, SMB, and HDFS.
Applying restricted access to directories and files in HDFS requires adding layers to your file system.
  • Role-based access control for system administration (RBAC)
  • Identity management
  • User mapping
  • Access zones
The PCI DSS Requirement 7.1.2 specifies that access must be restricted to privileged user IDs. RBAC, a OneFS feature, lets you manage administrative access by role, and assign privileges to a role. You can associate one user with one ID through identity management and user mapping, and then assign that ID to a role. In OneFS, access zones are a virtual security context in which OneFS connects to directory services, authenticates users, and controls access to a segment of the file system.
FISMA and HIPAA and other compliance regulations might require protection for data at rest. Encryption of data at rest Isilon self-encrypting drives are FIPS 140-2 Level 3 validated. The drives automatically apply AES-256 encryption to all data stored in the drives without requiring additional equipment. You can enable a WORM state on directories for data at rest.

To learn how to implement Hadoop on your Isilon cluster, see 7 best practices for setting up Hadoop on an EMC Isilon cluster.

Start a conversation about Isilon content

Have a question or feedback about Isilon content? Visit the online EMC Isilon Community to start a discussion. If you have questions or feedback about this blog, contact isi.knowledge@emc.com. To provide documentation feedback or request new content, contact isicontent@emc.com.

 

[display_rating_result]

EMC Isilon OneFS 7.1.1 is now available!

Kirsten Gantenbein

Kirsten Gantenbein

Principal Content Strategist at EMC Isilon Storage Division
Kirsten Gantenbein
Kirsten Gantenbein

The latest release of the EMC® Isilon® OneFS operating system is now available!

This blog post summarizes noteworthy new features of OneFS 7.1.1, highlights new OneFS 7.1.1 documentation, and provides steps for upgrading to OneFS 7.1.1.

New OneFS 7.1.1 features and enhancements

High-level technical overviews for several OneFS 7.1.1 new features and enhancements are provided below. They’re grouped together by the types of benefits they provide, such as performance improvement and security. Refer to OneFS 7.1.1 Release Notes and Technical Overview of New and Improved Features of EMC Isilon OneFS 7.1.1 for additional details.

Performance improvements

The following new features and enhancements help improve performance for most OneFS workflows:

  • SMB Multichannel support
    OneFS 7.1.1 supports the Multichannel feature of SMB 3.0, which establishes a single SMB session over multiple network connections. SMB Multichannel enables increased throughput, connection failure tolerance, and automatic discovery. To take advantage of this new feature, client computers must be configured with Microsoft Windows 8 or later, or Microsoft Windows Server 2012 or later with supported network interface cards (NICs). For more information, see the SMB Multichannel section of the OneFS 7.1.1 Web Administration Guide and OneFS 7.1.1 CLI Administration Guide.
  • SmartFlash caching
    In OneFS, level 1 (L1) cache uses random access memory (RAM) to store copies of system metadata and files requested from front-end networks. Level 2 (L2) cache uses RAM to store copies of file system metadata for files that are stored on the node that owns the data. SmartFlash, or level 3 (L3) cache, uses solid-state drives (SSDs) to hold file data and metadata released from L2 cache, increasing the total size of cache memory available in a cluster as well as the speed that you can retrieve data. In OneFS 7.1.1, SmartFlash is enabled by default for new node pools.
  • NDMP backup performance improvements
    OneFS 7.1.1 uses multiple threads to restore files, making data transfer occur as fast as the tape backup device can deliver it. Additional operational enhancements improve throughput when transferring small files.
  • SyncIQ® performance enhancements
    To allow multiple SyncIQ workers to replicate a single file simultaneously, SyncIQ now allows for file splitting, where a large file is split into segments, each of which is processed in parallel by a different thread.

Security and access zone enhancements

The following enhancements have been made to increase security and support Hadoop workflows:

  • Access zone enhancements
    Access zones have been restructured to enforce best practices and improve security. In OneFS 7.1.1, a root or a base directory must be designated for each access zone. SMB shares must subscribe to a single access zone, and access zones can no longer be used to share data. OneFS 7.1.1 also prevents access to non-system zones through NFS, SSH, and the OneFS web administration interface.To support security for Hadoop workflows and enable multiple unstructured datasets to be hosted on a single cluster, access zones now support an HDFS namespace per access zone. This means that you can now run multiple separate HDFS namespaces on the same cluster. Stay tuned for an upcoming ISI Knowledge blog post on this topic.
  • Self-encrypting drive enhancements
    This release of OneFS expands the availability of self-encrypting drives (SEDs) to provide data at-rest encryption capabilities across the entire node family. In addition to the 3TB and 4TB SEDs, OneFS 7.1.1 introduces a 900GB SAS SED HDD for S-Series nodes and an 800GB SED SSD for all supported nodes. For details, see the Isilon Product Availability Guide.
  • Auditing enhancements
    In OneFS 7.1.1, audit system configuration information can be forwarded to the audit log file for storage and analysis.
  • Role based access control enhancements
    New privileges have been added to the role based access control (RBAC) feature in OneFS 7.1.1, such as ISI_PRIV_IFS_BACKUP and ISI_PRIV_IFS_RESTORE. These privileges can be assigned to roles that enable users to back up and restore files that they don’t have explicit permissions to.

Manageability and drive firmware updates

The following OneFS 7.1.1 features make it easier to manage your Isilon cluster and obtain the latest drive firmware:

  • MMC integration
    Microsoft Windows administrators with the correct privileges can remotely administer a share through the MMC shared folders snap-in feature. This enables an administrator to connect to an access zone and directly manage all shares within that zone. To take advantage of this functionality, the Isilon cluster must be joined to an Active Directory domain from which the MMC console can be invoked.
  • Drive Support Package for non-disruptive drive firmware updates
    Drive support packages determine and apply updates for the drive’s firmware automatically, and eliminate the need to apply a patch and reboot the node when you replace or add drives. You can also configure alerts to indicate when you need to update your drive firmware. Review the Isilon Drive Support Package 1.0 release notes for information about system requirements and installation instructions.

For complete details about all of the OneFS 7.1.1 features and enhancements, including changes in functionality, fixed issues, and known issues in this release, refer to the OneFS 7.1.1 Release Notes.

OneFS 7.1.1 documentation and new guides available

A full list of OneFS 7.1.1 documents is available in the OneFS 7.1.1 Release Notes, on the Isilon online community and on the EMC Online Support site (login is required for the EMC Online Support site). This release also features two new guides:

  • OneFS Migration Tools Guide
    This guide describes how to migrate data from NetApp filers and EMC VNX storage systems to EMC Isilon clusters using the isi_vol_copy and isi_vol_copy_vnx tools.
  • OneFS API Reference 
    This guide—combining the former Platform and RAN API References—describes how the Isilon OneFS application programming interface (API) provides access to configure the cluster and access the data on the cluster. This guide also provides a list of all available API resource URLs, HTTP methods, and parameter and object descriptions.

How to upgrade to OneFS 7.1.1

If you want to upgrade to this new release, explore your upgrade options by reviewing the Isilon Supportability and Compatibility Guide and the OneFS Upgrade Planning and Process Guide.

Then, prepare for the upgrade process by reviewing the following documents:

After reviewing these documents, read the knowledge base article, “How to download OneFS 7.1.1 (172492)” (login to EMC Online Support is required).

Start a conversation about Isilon content

Have a question or feedback about Isilon content? Visit the online EMC Isilon Community to start a discussion. If you have questions or feedback about this blog, send an email to isi.knowledge@emc.com. To provide documentation feedback or request new content, send an email to isicontent@emc.com.

[display_rating_result]

Understanding Global Namespace Acceleration (GNA)

Colin Torretta

Colin Torretta

Senior Technical Writer
Colin Torretta

Latest posts by Colin Torretta (see all)

With the proliferation of solid state drives (SSDs) in data centers across the world, companies are finding more and more ways to take advantage of the high speed and low latency of SSDs in unique and exciting ways. Within the EMC® Isilon® OneFS® operating system, one of the innovative ways Isilon is using SSDs is for Global Namespace Acceleration (GNA). GNA is a feature of OneFS that increases performance across your entire cluster by using SSDs to store file metadata for read-only purposes, even in node pools that don’t contain dedicated SSDs.

GNA is managed through the SmartPools™ software module of the OneFS web administration interface. SmartPools enables storage tiering and the ability to aggregate different type of drives (such as SSDs and HDDs) into node pools. When GNA is enabled, all SSDs in the cluster are used to accelerate metadata reads across the entire cluster. Isilon recommends one SSD per node as a best practice, with two SSDs per node being preferred. However, customers with a mix of drive types can benefit from the metadata read acceleration with GNA regardless of how SSDs are placed across the cluster. When possible, GNA stores metadata in the same node pool containing the associated data. If there are no dedicated SSDs in the node pool, however, a random selection is made to any node pool containing SSDs. This means as long as SSDs are available somewhere in the cluster, a node pool can benefit from GNA.

For more information about GNA, see the “Storage Pools” section of the OneFS web administration and CLI administration guides.

Important considerations when using GNA

Here are some important considerations to keep in mind when determining whether GNA can benefit your workflow.

  • Use GNA for cold data workflows. Certain workflows benefit more from the performance gains that GNA provides. For example, workflows that require heavy indexing of “cold data”—which is archive data on stored on disks that is left unmodified for extended periods of time—benefit the most from the increased speed of metadata read acceleration. GNA does not provide any additional benefit to customers who already have solely SSD clusters, because all metadata is already stored on SSDs.
  • SSDs must account for a minimum of 1.5% of the total space on your cluster. To use GNA, 20% of the nodes in your cluster must contain SSDs, and SSDs must account for a minimum of 1.5% of the total space on your cluster, with 2% being strongly recommended. This ensures that GNA does not overwhelm the SSDs on your cluster. Failure to maintain these requirements will result in GNA being disabled and metadata read acceleration being lost. To enable GNA again, metadata copies will have to be rebuilt, which can take time.
  • Consider how new nodes affect the total cluster space. Adding new nodes to your cluster affects the percentage of nodes with SSDs and total available space on SSDs. Keep this in mind whenever you add new nodes to avoid GNA being disabled and the metadata copy being immediately deleted. SSDs must account for a minimum of 1.5% of total space on your cluster.
  • Do not remove the extra metadata mirror. When GNA is enabled, an SSD is set aside as an additional metadata mirror, in addition to the existing mirrors set by your requested protection, which is determined in SmartPools settings. A common misunderstanding is that the SSD is an “extra” mirror and it can be safely removed without affecting your cluster. In reality, this extra metadata mirror is critical to the functionality of GNA, and removing it causes OneFS to rebuild the mirror on another drive. See the graphic below for information on the number of metadata mirrors per requested protection when using GNA. For more information about requested protection, see the “Storage Pools” section of the OneFS Web Administration Guide.
The number of metadata mirrors required by GNA per requested protection level in OneFS.

The number of metadata copies required by GNA to achieve read acceleration per requested protection level in OneFS.

 

[display_rating_result]

Get your hands on EMC Isilon OneFS 7.1 at EMC World 2014

Kirsten Gantenbein

Kirsten Gantenbein

Principal Content Strategist at EMC Isilon Storage Division
Kirsten Gantenbein
Kirsten Gantenbein

13181494_s

EMC World 2014 is around the corner. If you plan to be in Las Vegas, Nevada on May 5-8 for this event, you have the opportunity to try out the EMC® Isilon® OneFS operating system in person.

There will be three labs hosted by EMC Isilon that are available throughout the conference, where you can test drive new features and functionality in OneFS using real data.

  • Isilon Cluster Setup, Configuration, and Management (HOL 29)
    An introductory lab that demonstrates how to create a storage cluster, join the cluster to an Active Directory domain, navigate the OneFS web administration interface, and create and manage directories or shares.
  • Isilon OneFS 7.1 Enhancements (HOL 30)
    An intermediate lab that explores the enterprise-ready enhancements built into OneFS 7.1.
  • Deploying Hadoop with EMC Isilon and VMware (HOL 28)
    An advanced lab that walks you through the process of deploying and using your first Hadoop cluster. Learn how to use VMware Big Data Extensions to deploy a small Hadoop cluster with an EMC Isilon NAS storage cluster.

Anyone can sign up for the labs and attend at any time. All labs are self-paced and Isilon representatives will be available to answer any questions you might have. For lab hours and information about how to register, visit the EMC World vPass website.

Take a test drive with OneFS 7.1

This blog has covered several of the enhancements and features included in OneFS 7.1. If you’re curious about OneFS 7.1 and want to take it for a test drive, visit the OneFS 7.1 Enhancements (HOL 30) lab. Here’s a closer look at the following features will be covered in this lab session:

  • Role based access control
  • EMC Isilon SmartDedupe™
  • EMC Isilon SyncIQ™
  • Audting

Role Based Access Control

Role based access control (RBAC) in OneFS 7.1 enables you to control configuration-level access of your Isilon cluster through roles and privileges. OneFS 7.1 comes with built-in administrator roles: SecurityAdmin, SystemAdmin, AuditAdmin, and VMwareAdmin. You can also create custom roles with assigned privileges and add users and groups to those roles.

In this lab, you will learn how to:

  • View built-in roles
  • Create a custom role
  • Add privileges to a role
  • Add a user to a role

If you are unable to attend EMC World, but would like an RBAC demonstration, watch the following video, “Technical Demo: Role Based Access Control.”

EMC Isilon SmartDedupe™

When you want to save space on your EMC Isilon cluster, use EMC Isilon SmartDedupe™ to remove, or deduplicate, redundant data. SmartDedupe deduplicates data by scanning an Isilon cluster for identical data blocks. When it finds redundant data blocks, it moves one data block to a shadow store. It then deletes the duplicate block from the original file and replaces it with a pointer to the shadow store. For more information, watch the video, “Enterprise Features of EMC Isilon OneFS 7.1: SmartDedupe.”

dedupe assessment report

Figure 1: A DedupeAssessment report. Space that can be recovered after deduplication is circled in red.

The deduplication process is performed through jobs that are managed in the same way you manage other cluster maintenance jobs. It is recommended that you run deduplication jobs when clients are not modifying data on the cluster. This maximizes the amount of space you can save. It is also recommended that you run a deduplication job every ten days.

To begin the deduplication process, first determine how much space you can save on specified directories by running a DedupeAssessment job and viewing a DedupeAssessment report (Figure 1). You can then run a Dedupe job on those directories to then remove redundant data and place it in the shadow store.

In the OneFS 7.1 Enhancements (HOL 30) lab, you will learn how to:

  1. Start a DedupeAssessment job
  2. View active jobs
  3. View the deduplication assessment report
  4. Activate the SmartDedupe license
  5. Start a Dedupe job
  6. View the deduplication report

EMC Isilon SyncIQ™

For data protection and disaster recovery, EMC Isilon SyncIQ™ replicates data from one Isilon cluster to another. In the event of disaster scenario where your original cluster goes down, you can retrieve replicated data stored on your backup cluster.

synciq_7-1

Figure 2: A new option (circled in red) for SyncIQ policies, which is available in OneFS 7.1

To replicate data using SyncIQ, first create a SyncIQ policy in OneFS. The policy specifies the source directory and backup/target cluster, and when to run the replication job. In OneFS 7.1, there is a new policy option available that enables OneFS to replicate data whenever the source directory is modified (Figure 2). This enhancement ensures that data is replicated as soon as a change occurs, independent of the replication job schedule.

In the OneFS 7.1 Enhancements (HOL 30) lab, you will learn how to:

  1. Activate a SyncIQ license
  2. Configure a SyncIQ policy
  3. Verify that the SyncIQ policy successfully synchronized between a source and target cluster

Auditing

OneFS 7.1 can audit system configuration and SMB protocol access events on your Isilon cluster. To start collecting auditing information, simply enable configuration change auditing or SMB protocol access auditing in either the OneFS web administration interface or the OneFS command-line interface (Figure 3). System configuration changes and changes performed on files and folders through the SMB protocol are recorded in an auditing log. Protocol auditing logs can be exported to Varonis DatAdvantage® or other third-party vendors that support the EMC Common Event Enabler (CEE) framework. For more information, watch the video, “Enterprise Features of EMC Isilon OneFS 7.1: Auditing”.

Figure 3: How to enable auditing (circled in red) in OneFS 7.1 web administration interface.

Figure 3: How to enable auditing (circled in red) in OneFS 7.1 web administration interface.

In the OneFS 7.1 Enhancements (HOL 30) lab, you will learn how to:

  1. Enable auditing
  2. Make an access zone into an audited zone
  3. Add an audit event, which will modify the audited zone to audit different events
  4. Generate an event
  5. View and locate audit logs
  6. View event forwarding
  7. View the AuditAdmin role
  8. Open DatAdvantage and view user statistics and event details

For more information

For more details about these features, refer to OneFS 7.1 release notes, OneFS 7.1 Web Administration Guide, and the OneFS 7.1 CLI Administration Guide.

For more information about Isilon sessions and labs at EMC World, visit the EMC World 2014 vPass website to browse the EMC World Session Catalog for more information.

Role-based access control in EMC Isilon OneFS 7.1: An overview

Kirsten Gantenbein

Kirsten Gantenbein

Principal Content Strategist at EMC Isilon Storage Division
Kirsten Gantenbein
Kirsten Gantenbein

In EMC® Isilon® OneFS® 7.0 and 7.1, you can use role-based access control (RBAC) for administration tasks in place of a root or administrator account. A role is a collection of OneFS privileges that are limited to an area of administration. For example, you can create custom roles for security, auditing, storage, or backup tasks. Privileges are assigned to roles. As a user logs in to the cluster through the Platform API, the OneFS command-line interface, or the OneFS web administration interface, they’re granted privileges based on their role membership.

For information on how to create and manage roles through the OneFS command-line interface, see the OneFS 7.1 CLI Administration Guide – page 252 (requires login to the EMC Online Support site).

For an overview about RBAC in OneFS 7.1, watch the following video, “Enterprise Features in OneFS 7.1: Role Based Access Control.”

If you have questions or feedback, send an email to isi.knowledge@emc.com. To provide documentation feedback or request new content, send an email to isicontent@emc.com.

Video Transcript

Hello, I’m Andrey Tychkin with EMC Isilon.

In this video, we’ll talk about Role Based Access Control or RBAC, a feature of OneFS 7.1.

Role Based Access Control allows us to delegate specific administration tasks to users of the OneFS cluster.

Let’s take an example.

Let’s say I’m a NAS administrator and I want my Windows team to manage SMB administration on the cluster separate from, say, my UNIX team.

I’ll start by creating a role and giving it a meaningful name, such as SMB-ADMIN.

Once the role is created, I can add some privileges to it.

Privileges are sets of allowable actions.

They can be read-only for monitoring, or they can be read-write for actual configuration changes.

For SMB administration, I’ll need an SMB setting privilege and a WEB UI log in privilege.

We can also choose from one of the four predefined roles in OneFS which already have privileges assigned to them.

They are SecurityAdmin for RBAC administration, SystemAdmin for general system administration tasks, VMwareAdmin for managing backups of virtual machines, and AuditAdmin for Auditing.

Once we have our roles and privileges set up, all we need to do is add some members to it.

Members can be any users from authentication providers such as AD, LDAP, or NIS.

In our case, it’s our friend Mike from AD who, once he’s added to this role, he’s able to administer SMB on this cluster.

Role based access control is managed from the CLI by using the isi auth roles command.

Detailed information on RBAC is available in the OneFS Administration Guide.

If you have questions or want to implement OneFS 7.1 features in your environment, please contact your account team.

Thank you for watching.

A closer look at EMC Isilon SmartDedupe and the Isilon OneFS 7.1 Job Engine

Kirsten Gantenbein

Kirsten Gantenbein

Principal Content Strategist at EMC Isilon Storage Division
Kirsten Gantenbein
Kirsten Gantenbein

We recently learned that our blog readers are most interested in the new EMC Isilon SmartDedupe software offering and the Job Engine enhancements incorporated into in the recently released EMC Isilon OneFS 7.1.

In this video, we take a closer look at these features. First, we cover basic concepts about SmartDedupe and Job Engine performance enhancements in OneFS 7.1. Next, we provide brief demonstrations of how to use these features in the OneFS web administration interface. This video also highlights details about data at rest encryption in OneFS 7.1.

Download the EMC Isilon OneFS 7.1 release notes for more information. You can also review the video transcript below.

Video Transcript

Hello, I’m André Morrissen, a Senior Technical Writer with the Information Development team.

Version 7.1 of OneFS contains numerous enhancements that will improve the performance of your Isilon cluster.

In this video, we’ll take a look at a SmartDedupe, job engine improvements, and data at rest encryption and find out how they can improve your workflow.

SmartDedupe is a new licensed feature of OneFS which enables you to save storage space on your cluster by reducing redundant data—in other words, by deduplicating that data.

SmartDedupe is most beneficial for workflows that incorporate large amounts of duplicate data, such as archiving or when a large amount of virtual machines are stored on a cluster.

As you write files to the cluster, some of those files or blocks of data in the files might be duplicates. You can run a deduplication job that scans the file system to see if that data already exists. If it does, OneFS moves that data to a hidden file called a shadow store and replaces the duplicate data in the files with a pointer to the shadow store.

Deduplication is applied at the subdirectory level and targets all files and directories underneath one or more root directories.

The deduplication job is set to run at low priority by default, so impact to your workflow should be minimal. However, it’s a good idea to wait until users have finished modifying their files on the cluster before you run the job.

You can perform the following deduplication tasks from the OneFS web administration interface.

Assign specific subdirectories for deduplication.

Run an assessment job to determine how much space you might save in a given directory.

And view detailed reports of deduplication jobs.

OneFS 7.1 includes major improvements to the job engine, the system that helps you schedule and manage maintenance jobs on your cluster.

As with previous versions of OneFS, the job engine can adjust jobs based on the amount of cluster resources available. For example, if clients require more system resources, threads allocated to the job engine are decreased.

However, now you can run up to three jobs simultaneously, with a few exceptions that keep similar types of jobs from colliding. For example, you can run an AutoBalance, IntegrityScan, and DedupeAssessment job all at the same time.

OneFS 7.1 also introduces support for Data at Rest Encryption.  With this feature, you’ll be able to create a cluster of nodes that contain self-encrypting drives or SEDs. Data at Rest Encryption provides data security that meets specific regulatory requirements for financial and governmental workflows.

Isilon’s use of hardware-based encryption provides the following benefits:

Less consumption of system resources.

Removed drives remain encrypted, which prevents data theft.

The data encryption is performed at the drive level using special processors on each SED that provide 256-bit AES encryption protection. The encryption has less than 1% impact on the performance of the drives themselves.

If you’re interested in creating a cluster with SEDs and using Data at Rest Encryption, contact your account representative.

For more information about the features in this videos, see the OneFS Web Administration.

For a full list of new features, see the OneFS 7.1 Release Notes.

Thanks for watching.

Poll: Which EMC Isilon OneFS 7.1 features do you want to know more about?

Kirsten Gantenbein

Kirsten Gantenbein

Principal Content Strategist at EMC Isilon Storage Division
Kirsten Gantenbein
Kirsten Gantenbein

EMC Isilon OneFS 7.1 is now available. This release includes several new features and enhancements, and we want to know what you’re most interested in learning more about.

Your answers to our community poll will help us develop support-related content to publish on our blog and EMC Online Support.